qemu-tools-3.1.1.1-lp151.7.15.2<>,4`^/=„$+56ʫ;2kBe$kda>ٮ/Ϳ2s":HFPg/רG, )8&jUpn}{!Qݏ̼c*_APzG}7]P \`?tĹ-IwX\8~#K+e-}vs#b=粒 c &Lsa"+dtyhL/<,wɧqf]gfeT}>Gs?sd  " 1I bvL    ) <)L5 55(h7o89p:&8=b>bCbFbGbHcIcLXc`Ycp\c]c^dbe<cedfsefxff{lf}ufvfwoLxoyozss,s0s_sdspsvsCqemu-tools3.1.1.1lp151.7.15.2Tools for QEMUThis package contains various QEMU related tools, including a bridge helper, a virtfs helper, ivshmem, disk utilities and scripts for various purposes.^goat11popenSUSE Leap 15.1openSUSEBSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIThttp://bugs.opensuse.orgSystem/Emulators/PChttps://www.qemu.org/linuxx86_64/usr/bin/getent group kvm >/dev/null || /usr/sbin/groupadd -r kvm if [ -x /usr/bin/chkstat ]; then /usr/bin/chkstat -n --set --system /usr/lib/qemu-bridge-helper fiQBH@5@ p 4(i0>8@2 A큤聤^Q^Q^Q^^^^^^^^^^Q^^E^F^Eea1292bab8e65b4a0d7dde9cfc4d0360e15d491462ea32949fb08682c87b6462f8ddb467b8f0f776c61945d45e865dc7082a599aba13623d871f116b3104fcf6c7c793b7eae7b5acd7941e74ed12154dfce0f1faa33ff002ab5caa33ca326fbce7b868f01d395c51b95e85f1f8f23205d0c295f475c004ae66a5d92c4b688ed5169632872f4d65c243d863706d924ba1584d5ded82e1890635ac9c8e5bac67992937005c15775d4ec9c0bd9f8c88d79776217622f919db6beb0d2702a30fb135d548db60ed078fb0462fbf841b0b27f66403106aa81a01c5c170dd6671381f5502355b3971932d713bade79fca8c4cf87a9c63ff4b73f7f0e16a22f9a6c4a2bf0ae1def84cfb8695a3a1f5423765dc7d313c2e7dc0e7a6e6c62d2c1b03ee0c10084b58cd0571342c486cb5f5c8b36c49254e8fb2808ff0aa8830189a533a59fb6983267ba93141d4f14db1e9417d6185a3121af062a878f04c7fde0190e9613c5c20bf0a98b2ff2ea7e84cd3fc747165af0ed79bfe06047bdfbce703874e7e24e078646d20405402e3e6e17f811ebf6676ab14c0ecc499509695cbe3e73647cc36ce276a321695a0105290a6467ed3a67de34df1333da238e33192e0a708d7328a948437699aaa83a25d2319d0cd17073a4fc12cfc32c224bb3db8badeac0362c05beb0c7c82e5f1cf0dbfd6a50a94339ddc99338181c9b056e043630ce4098crootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootkvmrootrootrootqemu-3.1.1.1-lp151.7.15.2.src.rpmconfig(qemu-tools)qemu-toolsqemu-tools(x86-64)qemu:/usr/lib/qemu-bridge-helper!@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/bin/sh/usr/bin/python3config(qemu-tools)libaio.so.1()(64bit)libaio.so.1(LIBAIO_0.1)(64bit)libaio.so.1(LIBAIO_0.4)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.10)(64bit)libc.so.6(GLIBC_2.11)(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.2)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.6)(64bit)libc.so.6(GLIBC_2.7)(64bit)libc.so.6(GLIBC_2.9)(64bit)libcap-ng.so.0()(64bit)libcap.so.2()(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.4)(64bit)libgcrypt.so.20()(64bit)libgcrypt.so.20(GCRYPT_1.6)(64bit)libglib-2.0.so.0()(64bit)libgmodule-2.0.so.0()(64bit)libgnutls.so.30()(64bit)libgnutls.so.30(GNUTLS_3_4)(64bit)libm.so.6()(64bit)libm.so.6(GLIBC_2.2.5)(64bit)libmpathpersist.so.0()(64bit)libmultipath.so.0()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.12)(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libpthread.so.0(GLIBC_2.3.2)(64bit)libpthread.so.0(GLIBC_2.3.3)(64bit)librt.so.1()(64bit)librt.so.1(GLIBC_2.2.5)(64bit)libudev.so.1()(64bit)libudev.so.1(LIBUDEV_183)(64bit)libxkbcommon.so.0()(64bit)libxkbcommon.so.0(V_0.5.0)(64bit)libz.so.1()(64bit)permissionsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)shadow3.1.1.1-lp151.7.15.23.0.4-14.6.0-14.0-15.2-14.14.1 /usr/bin/chkstat -n --warn --system /usr/lib/qemu-bridge-helper 1>&2^@^@^@^%@^{G^p^oj@^oj@^Nt^AE^]@]d@]](]@]@]M`@]M`@]J@]J@]H@]>]9]9]$]\Q\"\P\-@\\\e\\Y@\o@\n\f\ac\T4\Q\J@\@n@\=@\@[>@[>@[o[@[[ @[ZnZ@ZZZ@ZZ̧@ZZZZZw@Z@ZX0>X%X lW_@WWv@WWίWW:WQWWWWW@W~W~WWzOWZWZWQq@WN@WN@WF@WEW!@W!@W@Wo@VbVV@V@V@VVuV]VQ@VQ@VMVMV0V&,VVZVZVZU6@U5@U(U@U@UUlI@Ud`@UT@UQ@U@U7@U4@U.RU-@U-@U) U'@U&iU&iU%@U%@UUU@U ]@U T@TTD@TZ@T@Bruce Rogers Bruce Rogers Bruce Rogers Liang Yan Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers ohering@suse.deLiang Yan Liang Yan Bruce Rogers Bruce Rogers Bruce Rogers Liang Yan Bruce Rogers Bruce Rogers Bruce Rogers Liang Yan Bruce Rogers Claudio Fontana Bruce Rogers Liang Yan Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Guillaume GARDET Guillaume GARDET Bruce Rogers Bruce Rogers Bruce Rogers Liang Yan Bruce Rogers Bruce Rogers Liang Yan Bruce Rogers Bruce Rogers olaf@aepfle.deBruce Rogers olaf@aepfle.delma@suse.comBruce Rogers olaf@aepfle.deBruce Rogers Bruce Rogers Larry Dewey Bruce Rogers Bruce Rogers Bruce Rogers brogers@suse.combrogers@suse.combrogers@suse.comldewey@suse.combrogers@suse.comldewey@suse.commatz@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlma@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlma@suse.comkwalter@suse.combrogers@suse.comlyan@suse.combrogers@suse.comlma@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comjfehlig@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comhenrik.kuhn@origenis.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comjfehlig@suse.combrogers@suse.combrogers@suse.comschwab@suse.debrogers@suse.comschwab@suse.debrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.combrogers@suse.comohering@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.comafaerber@suse.deafaerber@suse.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comagraf@suse.comafaerber@suse.debrogers@suse.comagraf@suse.combrogers@suse.comglin@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comagraf@suse.combrogers@suse.combrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deolaf@aepfle.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.destefan.bruens@rwth-aachen.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.detampakrap@opensuse.orgafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deagraf@suse.comcrrodriguez@opensuse.orgagraf@suse.comjslaby@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deagraf@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.dempluskal@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.de- Fix migration rate limiting when huge pages in use (bsc#1167816) 0125-migration-Rate-limit-inside-host-pa.patch- Misc. fixes to the in-package support documentation- Fix use after free in slirp (CVE-2020-1983 bsc#1170940) 0124-Fix-use-afte-free-in-ip_reass-CVE-2.patch Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Fix the issue that s390x could not read IPL channel program when using dasd as boot device (bsc#1158880) 0123-pc-bios-s390x-Save-iplb-location-in.patch- Fix 'ospke' error in certain vcpu models. It is causing issues on some Intel hosts, resulting in warnings or errors such as: (from qemu) warning: host doesn't support requested feature: CPUID.07H:ECX [bit 4] (from libvirt) error: operation failed: guest CPU doesn't match specification: missing features: ospke (bsc#1162729) 0120-Revert-i386-Add-CPUID-bit-for-PCONF.patch 0121-i386-Disable-OSPKE-on-CPU-model-def.patch 0122-i386-indicate-that-pconfig-feature-.patch Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Ever since the v3.1.1.1 update, some block-io tests fail because a common.filter no longer applies. Adjust filter accordingly 0119-tests-qemu-iotests-common.filter-ad.patch Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Fix potential OOB access in bosch display due to insufficient PCI config space allocation (CVE-2019-15034 bsc#1166379) 0116-display-bochs-fix-pcie-support.patch - Fix potential DoS due to memory leak in vnc disconnect (CVE-2019-20382 bsc#1165776) 0117-vnc-fix-memory-leak-when-vnc-discon.patch - Fix potential OOB access in iSCSI client code (CVE-2020-1711 bsc#1166240) 0118-iscsi-Cap-block-count-from-GET-LBA-.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 bsc#1161066 CVE-2020-7039) 0111-util-add-slirp_fmt-helpers.patch 0112-tcp_emu-Fix-oob-access.patch 0113-slirp-use-correct-size-while-emulat.patch 0114-slirp-use-correct-size-while-emulat.patch 0115-tcp_emu-fix-unsafe-snprintf-usages.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Add Obsoletes directive for qemu-audio-sdl and qemu-ui-sdl since for a qemu package upgrade from SLE12-SP5, support for SDL is dropped- Follow on patches for bsc#1123156. These patches are for fixing similar problems as for the original fix prompting this issue (CVE-2019-6778) 0108-slirp-fix-big-little-endian-convers.patch 0109-slirp-ensure-there-is-enough-space-.patch 0110-slirp-don-t-manipulate-so_rcv-in-tc.patch Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Fix migration failure with error message: "error while loading state section id 3(ram) (bsc#1154790) 0103-scsi-disk-pass-sense-correctly-for-.patch 0104-scsi-explicitly-list-guest-recovera.patch 0105-scsi-add-guest-recoverable-ZBC-erro.patch 0106-iscsi-fix-busy-timeout-task-set-ful.patch 0107-iscsi-base-all-handling-of-check-co.patch Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Fix recently introduced migration incompatibility, due to including a kernel header change which impacts qemu's expectations of the size of the virtio-balloon device config size. (bsc#1156642) 0102-include-revert-part-of-the-linux-he.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Update to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. (CVE-2018-20126 bsc#1119991, CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811 respectively) * Patches dropped (subsumed by stable update): 0043-pvrdma-release-ring-object-in-case-.patch 0062-Fix-heap-overflow-in-ip_reass-on-bi.patch - Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) 0043-lsi-use-enum-type-for-s-waiting.patch 0062-scsi-lsi-exit-infinite-loop-while-e.patch - Expose taa-no "feature", indicating CPU does not have the TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506) 0100-target-i386-Export-TAA_NO-bit-to-gu.patch - Expose pschange-mc-no "feature", indicating CPU does not have the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812) 0101-target-i386-Add-pschange-mc-no-feat.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Change how this bug gets fixed (bsc#1144087) * Patches dropped: 0063-target-i386-cpu.c-special-case-SEV-.patch * Patches added: 0063-include-hw-i386-pc.h-fix-v2.12-era-.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1 Disable file locking in the Xen PV disk backend to avoid locking issues with PV domUs during migration. The issues triggered by the locking can not be properly handled in libxl. The locking introduced in qemu-2.10 was removed again in qemu-4.0. (bsc#1079730, bsc#1098403, bsc#1111025, bsc#1145427, bsc#1145774) * Patches added: 0099-xen_disk-Disable-file-locking-for-t.patch- Feature support for vfio-ccw dasd ipl (bsc#1145379 jira-SLE-6132) 0082-pc-bios-s390-ccw-Use-proper-registe.patch 0083-s390-vfio-ccw-Add-bootindex-propert.patch 0084-s390-bios-decouple-cio-setup-from-v.patch 0085-s390-bios-decouple-common-boot-logi.patch 0086-s390-bios-Clean-up-cio.h.patch 0087-s390-bios-Decouple-channel-i-o-logi.patch 0088-s390-bios-Map-low-core-memory.patch 0089-s390-bios-ptr2u32-and-u32toptr.patch 0090-s390-bios-Support-for-running-forma.patch 0091-s390-bios-cio-error-handling.patch 0092-s390-bios-Extend-find_dev-for-non-v.patch 0093-s390-bios-Factor-finding-boot-devic.patch 0094-s390-bios-Refactor-virtio-to-run-ch.patch 0095-s390-bios-Use-control-unit-type-to-.patch 0096-s390-bios-Add-channel-command-codes.patch 0097-s390-bios-Support-booting-from-real.patch 0098-s390-bios-Use-control-unit-type-to-.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Additional hardware instruction support for s390, also update qemu linux headers to 5.2-rc1 (bsc#1145436 jira-SLE-6237) 0066-include-update-Linux-headers-to-4.2.patch 0067-linux-headers-add-linux-mman.h.patch 0068-linux-headers-update-against-Linux-.patch 0069-s390x-cpumodel-Miscellaneous-Instru.patch 0070-s390x-cpumodel-mepochptff-warn-when.patch 0071-s390x-cpumodel-msa9-facility.patch 0072-s390x-cpumodel-vector-enhancements.patch 0073-s390x-cpumodel-enhanced-sort-facili.patch 0074-s390x-cpumodel-add-Deflate-conversi.patch 0075-s390x-cpumodel-add-gen15-defintions.patch 0076-s390x-cpumodel-wire-up-8561-and-856.patch 0077-s390x-cpumodel-Rework-CPU-feature-d.patch 0078-s390-cpumodel-fix-description-for-t.patch 0079-s390x-cpumodel-also-change-name-of-.patch 0080-s390x-cpumodel-remove-esort-from-th.patch 0081-linux-user-fix-__NR_semtimedop-unde.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Add in documentation about md-clear feature (bsc#1138534) 0064-docs-recommend-use-of-md-clear-feat.patch - Another SEV fix from upstream 0065-target-i386-sev-Do-not-unpin-ram-de.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Since we build seabios, take advantage of ability to add our own identifying version info by changing SEABIOS_EXTRAVERSION from "-prebuilt.qemu.org" to "-rebuilt.suse.com" (or "-rebuilt.opensuse.org for openSUSE releases)- Fix SEV issue where older machine type is not processed correctly (bsc#1144087) 0063-target-i386-cpu.c-special-case-SEV-.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Security fix for heap overflow in ip_reass on big packet input (CVE-2019-14378, bsc#1143794) 0062-Fix-heap-overflow-in-ip_reass-on-bi.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Update to v3.1.1, a stable, bug-fix-only release * This update contains quite a number of bug fixes along with some security fixes. As shown below, it incorporates about 18 of the fixes that we already carried. Other areas that were touched include block layer, misc device models, tpm, ioapic, virtio-balloon, ioapic, acpi vhost, pflash, gluster, pvrdma, scsi, smbus, and IOMMUNotifiers * Also add in stibp support which was missed before somehow. * Patches dropped (subsumed by stable update): 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch 0049-pvrdma-add-uar_read-routine.patch 0050-pvrdma-check-number-of-pages-when-c.patch 0051-pvrdma-check-return-value-from-pvrd.patch 0052-pvrdma-release-ring-object-in-case-.patch 0053-block-Fix-hangs-in-synchronous-APIs.patch 0054-linux-user-make-pwrite64-pread64-fd.patch 0056-slirp-check-data-length-while-emula.patch 0057-s390x-Return-specification-exceptio.patch 0061-slirp-check-sscanf-result-when-emul.patch 0063-i2c-ddc-fix-oob-read.patch 0064-device_tree.c-Don-t-use-load_image.patch 0067-sun4u-add-power_mem_read-routine.patch 0068-s390x-cpumodel-ignore-csske-for-exp.patch 0077-qxl-check-release-info-object.patch 0078-qemu-bridge-helper-restrict-interfa.patch * Patches renamed: 0045-hw-usb-fix-mistaken-de-initializati.patch - > 0041-hw-usb-fix-mistaken-de-initializati.patch 0048-rdma-check-num_sge-does-not-exceed-.patch - > 0042-rdma-check-num_sge-does-not-exceed-.patch 0047-pvrdma-release-device-resources-in-.patch - > 0043-pvrdma-release-ring-object-in-case-.patch 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch - > 0044-xen-Add-xen-v4.12-based-xc_domain_c.patch 0058-Revert-target-i386-kvm-add-VMX-migr.patch - > 0045-Revert-target-i386-kvm-add-VMX-migr.patch 0059-memory-Fix-the-memory-region-type-a.patch - > 0046-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch - > 0047-target-i386-sev-Do-not-pin-the-ram-.patch 0062-ppc-add-host-serial-and-host-model-.patch - > 0048-ppc-add-host-serial-and-host-model-.patch 0065-spapr-Simplify-handling-of-host-ser.patch - > 0049-spapr-Simplify-handling-of-host-ser.patch 0066-target-i386-define-md-clear-bit.patch - > 0050-target-i386-define-md-clear-bit.patch 0069-s390x-cpumodel-add-z14-GA2-model.patch - > 0051-s390x-cpumodel-add-z14-GA2-model.patch 0070-i386-kvm-Disable-arch_capabilities-.patch - > 0052-i386-kvm-Disable-arch_capabilities-.patch 0071-i386-Make-arch_capabilities-migrata.patch - > 0053-i386-Make-arch_capabilities-migrata.patch 0072-target-i386-add-MDS-NO-feature.patch - > 0054-target-i386-add-MDS-NO-feature.patch 0073-x86-cpu-Enable-MOVDIRI-cpu-feature.patch - > 0055-x86-cpu-Enable-MOVDIRI-cpu-feature.patch 0074-x86-cpu-Enable-MOVDIR64B-cpu-featur.patch - > 0056-x86-cpu-Enable-MOVDIR64B-cpu-featur.patch 0075-target-i386-define-a-new-MSR-based-.patch - > 0058-target-i386-define-a-new-MSR-based-.patch 0076-i386-Introduce-SnowRidge-CPU-model.patch - > 0059-i386-Introduce-SnowRidge-CPU-model.patch 0079-pvusb-set-max-grants-only-in-initia.patch - > 0060-pvusb-set-max-grants-only-in-initia.patch 0080-i386-Fix-Snowridge-CPU-model-name-a.patch - > 0061-i386-Fix-Snowridge-CPU-model-name-a.patch * Patches added: 0057-i386-Add-stibp-flag-name.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Upstream tweaked SnowRidge-Server vcpu model to now be simply Snowridge (jira-SLE-4883) 0080-i386-Fix-Snowridge-CPU-model-name-a.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Fix case of a bad pointer in Xen PV usb support code (bsc#1128106) 0079-pvusb-set-max-grants-only-in-initia.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Security fix for null pointer dereference while releasing spice resources (CVE-2019-12155, bsc#1135902) 077-qxl-check-release-info-object.patch - Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (CVE-2019-13164, bsc#1140402) 0078-qemu-bridge-helper-restrict-interfa.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Add SnowRidge-Server vcpu model (jira-SLE-4883) 0075-target-i386-define-a-new-MSR-based-.patch 0076-i386-Introduce-SnowRidge-CPU-model.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- add Intel Direct store instructions for (jira SLE-6754), which skip cache hierarchy, using write combining (WC). MOVDIRI can be used as doorbell write, a 4/8 byte uncacheable MMIO op. MOVDIR64B performs a 64byte atomic uncacheable store using WC. Useful for offloading to high speed packet processing hardware. - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1 * Patches added: 0073-x86-cpu-Enable-MOVDIRI-cpu-feature.patch 0074-x86-cpu-Enable-MOVDIR64B-cpu-featur.patch- Add s390 z14 GA2 model (fate#327410) 0069-s390x-cpumodel-add-z14-GA2-model.patch - Further refine arch-capabilities handling to help with security and performance in Intel hosts (bsc#1134883, bsc#1135210) (fate#327764) 0070-i386-kvm-Disable-arch_capabilities-.patch 0071-i386-Make-arch_capabilities-migrata.patch - Add support for one more security/performance related vcpu feature (bsc#1136778) (fate#327796) 0072-target-i386-add-MDS-NO-feature.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Ignore csske for expanding the cpu model (bsc#1136540) 0068-s390x-cpumodel-ignore-csske-for-exp.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Fix DoS (NULL pointer dereference) in sparc64 virtual machine possible through guest device driver (CVE-2019-5008 bsc#1133031) 0067-sun4u-add-power_mem_read-routine.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Use a new approach to handling the file input to -smbios option, which accepts either legacy or per-spec formats regardless of the machine type. (patch renamed and reworked) 0033-smbios-Add-1-terminator-if-any-stri.patch - > 0033-hw-smbios-handle-both-file-formats-.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Add x86 cpu feature "md-clear" (CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 bsc#1111331) 0066-target-i386-define-md-clear-bit.patch - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15-SP1- Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream adjustments for the same. Basically now the security fix is to provide a dummy host-model and host-serial value, which overrides getting that value from the host 0065-spapr-Simplify-handling-of-host-ser.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Tweak last spec file change to guard new Requires with conditional - Fix DOS possibility in device tree processing (CVE-2018-20815 bsc#1130675) 0064-device_tree.c-Don-t-use-load_image.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Remove an unneeded BuildRequires which impacts bsc#1119414 fix Also add a corresponding Recommends for qemu-tools as part of this packaging adjustment (bsc#1130484) - Fix information leak in slirp (CVE-2019-9824 bsc#1129622) 0061-slirp-check-sscanf-result-when-emul.patch - Add method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (CVE-2019-8934 bsc#1126455) 0062-ppc-add-host-serial-and-host-model-.patch - Fix OOB memory access and information leak in virtual monitor interface (CVE-2019-03812 bsc#1125721) 0063-i2c-ddc-fix-oob-read.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Again address ipxe GCC 9 incompatibilities. Previously included patch to disable unneeded warning got muffed somehow (bsc#1121464)- Package and cross-build rom files for aarch64 from SLE15/Leap15.0 to fix boo#1125964 - Add patch to fix seabios cross-compilation: * seabios-fix_cross_compilation.patch - Add patch to fix sgabios cross-compilation: * sgabios-fix-cross-build.patch- Fix _constraints to include all architectures for disk size (fix aarch64)- Revert upstream patch which declares x86 vmx feature a migration blocker. Given the proliferation of using vm's with host features passed through and the general knowledge that nested virtualization has many usage caveats, but still gets put in use in restricted scenarios, this patch did more harm than good, I feel. So despite this relaxation, please consider yourself warned that nested virtualization is not yet a supportable feature. (bsc#1121604) 0058-Revert-target-i386-kvm-add-VMX-migr.patch - Fix SEV VM device assignment (bsc#1123205) 0059-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Remove 71-sev.rules, which modifies the default permissions of /dev/sev by adding the kvm group as reader/writer. Upstream decided to take a different approach for libvirt to manage SEV due to security concerns which I agree overrides the convenience of providing /dev/sev access to all the kvm group (bsc#1124842 bsc#1102604)- Increase memory needed to build qemu-testsuite for ppc* arch's in _constraints file- Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0057-s390x-Return-specification-exceptio.patch- Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156) 0056-slirp-check-data-length-while-emula.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Fix ipxe GCC 9 incompatibilities (bsc#1121464) ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch ipxe-build-Disable-gcc-address-of-packed-member-warning.patch- Tweak Xen interface to be compatible with upcoming v4.12 Xen 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0054-linux-user-make-pwrite64-pread64-fd.patch (bsc#1121600)- Clarify that move to include v3.1.0 in qemu package corresponds with fate#327089, which of course builds on v3.0.0 mentioned previously, and that among other patches which this change obsoletes (because functionality is included in base version) I will mention one pointed out by reviewers: 0094-s390x-cpumodels-add-z14-Model-ZR1.patch- include post v3.1.0 patches marked for next stable release: 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0045-hw-usb-fix-mistaken-de-initializati.patch - Address various security/stability issues * Fix host access vulnerability in usb-mtp infrastructure (CVE-2018-16872 bsc#1119493) 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch * Fix DoS in pvrdma interface (CVE-2018-20123 bsc#1119437) 0047-pvrdma-release-device-resources-in-.patch * Fix OOB access issue in rdma backend (CVE-2018-20124 bsc#1119840) 0048-rdma-check-num_sge-does-not-exceed-.patch * Fix NULL pointer reference in pvrdma emulation (CVE-2018-20191 bsc#1119979) 0049-pvrdma-add-uar_read-routine.patch * Fix DoS in pvrdma interface (CVE-2018-20125 bsc#1119989) 0050-pvrdma-check-number-of-pages-when-c.patch * Fix DoS in pvrdma interface (CVE-2018-20216 bsc#1119984) 0051-pvrdma-check-return-value-from-pvrd.patch * Fix DoS in pvrdma interface (CVE-2018-20126 bsc#1119991) 0052-pvrdma-release-ring-object-in-case-.patch - one more post v3.1.0 patches marked for next stable release: 0053-block-Fix-hangs-in-synchronous-APIs.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0040-xen-ignore-live-parameter-from-xen-.patch (bsc#1079730, bsc#1101982, bsc#1063993)- Follow up on ideas prompted by last change: clean up the patches generated by git workflow. There is no value to the first line (mbox From line), or [PATCH] on subject line. Get rid of those - Other minor fixes and improvements to update_git.sh- Modify update_git.sh script: pass --zero-commit to format-patch This removes needless noise in the buildservice when the same set of patches is imported/exported at different times by different users. pass --no-signature to format-patch Remove sed call which used to remove the signature, use mv instead- Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646)- fix memory leak in xen_disk (bsc#1100408) 0039-xen_disk-Avoid-repeated-memory-allo.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- building against xen-devel requires the XC_* compat macros to be set because this version of QEMU will be built against many versions of Xen. configure will decide on the appropriate function names it knows about today. To actually call these functions, future versions of Xen may require XC_* to be set. Furthermore, fix a bug in QEMU: xen_common.h undefines the XC_* macros unconditionally.- Update to v3.1.0: See http://wiki.qemu.org/ChangeLog/3.1 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * x86 IceLake-Server and IceLake-Client cpu models added * Document recommendations for choosing cpu modesl for x86 guests * Support for Hyper-V enlightened VMCS * stdvga and bochs-display devices can expose EDID information to the guest. stdvga xres and yres properties are exposed in the EDID information * s390 improvements: vfio-ap crypto device support, max-cpu model added, etoken support, huge page backing support * ARM: ARMv6M architecture and Cortex-M0 cpu host support added, Cortex-A72 cpu model added, GICv2 virtualization extensions, emulation of AArch32 virtualization, Scalable Vector Extension implemented * Support for AMD IOMMU interrupt remapping and guest virtual APIC mode * Multithreaded TCG on x86 is considered supportable * Add a patch to triple timeout of block io tests, since the obs environment is fickle * x86 save/restore and live migration is prohibited if Intel KVM nested virtualization is enabled * Patches dropped (upstream unless otherwise noted): 0033-migration-warn-about-inconsistent-s.patch (shouldn't be needed anymore) 0035-configure-Modify-python-used-for-io.patch (upstream now python3 friendly) 0039-tests-boot-serial-test-Bump-timeout.patch 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch 0047-linux-user-init_guest_space-Try-to-.patch 0048-ne2000-fix-possible-out-of-bound-ac.patch 0049-rtl8139-fix-possible-out-of-bound-a.patch 0050-pcnet-fix-possible-buffer-overflow.patch 0051-net-ignore-packet-size-greater-than.patch 0052-lsi53c895a-check-message-length-val.patch 0053-nvme-fix-oob-access-issue-CVE-2018-.patch (fixed differently upstream) * Patches renamed: 0034-smbios-Add-1-terminator-if-any-stri.patch - > 0033-smbios-Add-1-terminator-if-any-stri.patch 0036-qemu-io-tests-comment-out-problemat.patch - > 0034-qemu-io-tests-comment-out-problemat.patch 0037-tests-test-thread-pool-is-racy-add-.patch - > 0035-tests-test-thread-pool-is-racy-add-.patch 0038-xen-add-block-resize-support-for-xe.patch - > 0036-xen-add-block-resize-support-for-xe.patch * Patches added: 0037-tests-qemu-iotests-Triple-timeout-o.patch 0038-tests-block-io-test-130-needs-some-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Update includes the following bug fixes: bsc#1108474, bsc#1117615 - Update includes the following SLE requested functionality: FATE#324810, FATE#325875, FATE#326369, FATE#326378, FATE#326379, FATE#326401, FATE#326672, FATE#326829 - Make the following packaging changes related to the new release * Enable libpmem, pvrdma, vhost-crypto features and qemu-block-nfs subpackage * New roms available: vgabios-bochs-display.bin, vgabios-ramfb.bin * New binary tool included (qemu-edid) for testing the new qemu edid generator - Tweaked patches we carry to pass qemu's checkpatch checker - Modify update_git.sh script to enable packaging qemu from development time sources, not just at release time - Removed erroneous (and now useless) tests for tar and gzip formats - Don't exclude s390x anymore from building the qemu-testsuite - Based on current OBS building observations make changes to storage and memory requires specified in the _constraints file- Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2018-10839 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 * bsc#1110910 bsc#1111006 bsc#1111010 bsc#1111013 bsc#1114422 bsc#1114529 * Patches added: 0047-linux-user-init_guest_space-Try-to-.patch 0048-ne2000-fix-possible-out-of-bound-ac.patch 0049-rtl8139-fix-possible-out-of-bound-a.patch 0050-pcnet-fix-possible-buffer-overflow.patch 0051-net-ignore-packet-size-greater-than.patch 0052-lsi53c895a-check-message-length-val.patch 0053-nvme-fix-oob-access-issue-CVE-2018-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0* Adding changes to mitigate seccomp vulnerability (CVE-2018-15746 bsc#1106222) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 * Patches added: 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch- Do more misc spec file fixes: * Be explicit in spec file about Version used for all subpackages (again, to avoid subpackage ordering issues). Default Release tag is also brought in by obs format_spec_file service * Delete binary blob s390-netboot.img, which we rebuild * Don't provide separate Url for qemu-kvm package - the main qemu website provides easily findable link for kvm specifics * Associate petalogix-ml605.dtb with qemu-extra instead of qemu-ppc * More entry sorting- Correct some versioning as follows: * Accurately reflect the qemu-ipxe package version value by adding "+" at the end * Don't overwrite seabios .version file, since now (for quite some time actually) upstream tarball creation creates this file and the value we are writing to it is actually wrong - Make spec file improvements, including the following: * Add qemu.keyring to enable package source verification * Create srcname macro to identify source file name separately from package name * Create alternate to %version to avoid subpackage ordering causing inadvertantly wrong %version value at point of use * Sort some entries * Be more consistent with macro syntax usage * Minor file tweaks as done by osc format_spec_file service- Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746 * fate#325467 * bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735 bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489 * Patches added: * only enable glusterfs for openSUSE 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Increase timeout for boot-serial-test, since we've hit the timeout for armv7l arch in qemu-testsuite. 0039-tests-boot-serial-test-Bump-timeout.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Drop legacy kvm_stat script and man page. We'll rely on the kvm_stat package only going forward kvm_stat kvm_stat.1.gz - Update SLE support documentation to match v3.0.0 release- Update to v3.0.0: See http://wiki.qemu.org/ChangeLog/3.0 Don't read anything into the major version number update. It's been decided to increase the major version number each year. Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package. Some noteworthy changes: * Support for additional x86/AMD mitigations against Speculative Store Bypass (Spectre Variant 4, CVE-2018-3639) * Improved support for nested KVM guests running on Hyper-V * Block device support for active disk-mirroring, which avoids convergence issues which may arise when doing passive/background mirroring of busy devices * Improved support for AHCI emulation, SCSI emulation, and persistent reservations / cluster management * OpenGL ES support for SDL front-end, additional framebuffer device options for early boot display without using legacy VGA emulation * Live migration support for TPM TIS devices, capping bandwidth usage during post-copy migration, and recovering from a failed post-copy migration * Improved latency when using user-mode networking / SLIRP * ARM: support for SMMUv3 IOMMU when using 'virt' machine type * ARM: v8M extensions for VLLDM and VLSTM floating-point instructions, and improved support for AArch64 v8.2 FP16 extensions * ARM: support for Scalable Vector Extensions in linux-user mode * Microblaze: support for 64-bit address sizes and translation bug fixes * PowerPC: PMU support for mac99 machine type and improvements for Uninorth PCI host bridge emulation for Mac machine types * PowerPC: preliminary support for emulating POWER9 hash MMU mode when using powernv machine type * RISC-V: improvement for privileged ISA emulation * s390: support for z14 ZR1 CPU model * s390: bpb/ppa15 Spectre mitigations enabled by default for z196 and later CPU models * s390: support for configuring consoles via -serial options * Patches dropped (upstream unless otherwise noted): 0008-linux-user-fix-segfault-deadlock.patch (no longer needed) 0039-blockjob-Fix-assertion-in-block_job.patch 0041-seccomp-allow-sched_setscheduler-wi.patch Make-installed-scripts-explicitly-python3.patch (we now make python3 explicit in other patch) * Patches renamed: 0009-linux-user-binfmt-support-host-bina.patch - > 0008-linux-user-binfmt-support-host-bina.patch 0010-linux-user-Fake-proc-cpuinfo.patch - > 0009-linux-user-Fake-proc-cpuinfo.patch 0011-Remove-problematic-evdev-86-key-fro.patch - > 0010-Remove-problematic-evdev-86-key-fro.patch 0012-linux-user-use-target_ulong.patch - > 0011-linux-user-use-target_ulong.patch 0013-Make-char-muxer-more-robust-wrt-sma.patch - > 0012-Make-char-muxer-more-robust-wrt-sma.patch 0014-linux-user-lseek-explicitly-cast-no.patch - > 0013-linux-user-lseek-explicitly-cast-no.patch 0015-AIO-Reduce-number-of-threads-for-32.patch - > 0014-AIO-Reduce-number-of-threads-for-32.patch 0016-xen_disk-Add-suse-specific-flush-di.patch - > 0015-xen_disk-Add-suse-specific-flush-di.patch 0017-qemu-bridge-helper-reduce-security-.patch - > 0016-qemu-bridge-helper-reduce-security-.patch 0018-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0019-linux-user-properly-test-for-infini.patch - > 0018-linux-user-properly-test-for-infini.patch 0020-roms-Makefile-pass-a-packaging-time.patch - > 0019-roms-Makefile-pass-a-packaging-time.patch 0021-Raise-soft-address-space-limit-to-h.patch - > 0020-Raise-soft-address-space-limit-to-h.patch 0022-increase-x86_64-physical-bits-to-42.patch - > 0021-increase-x86_64-physical-bits-to-42.patch 0023-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0024-i8254-Fix-migration-from-SLE11-SP2.patch - > 0023-i8254-Fix-migration-from-SLE11-SP2.patch 0025-acpi_piix4-Fix-migration-from-SLE11.patch - > 0024-acpi_piix4-Fix-migration-from-SLE11.patch 0026-Fix-tigervnc-long-press-issue.patch - > 0025-Fix-tigervnc-long-press-issue.patch 0027-string-input-visitor-Fix-uint64-par.patch - > 0026-string-input-visitor-Fix-uint64-par.patch 0028-test-string-input-visitor-Add-int-t.patch - > 0027-test-string-input-visitor-Add-int-t.patch 0029-test-string-input-visitor-Add-uint6.patch - > 0028-test-string-input-visitor-Add-uint6.patch 0030-tests-Add-QOM-property-unit-tests.patch - > 0029-tests-Add-QOM-property-unit-tests.patch 0031-tests-Add-scsi-disk-test.patch - > 0030-tests-Add-scsi-disk-test.patch 0032-Switch-order-of-libraries-for-mpath.patch - > 0031-Switch-order-of-libraries-for-mpath.patch 0033-Make-installed-scripts-explicitly-p.patch - > 0032-Make-installed-scripts-explicitly-p.patch (python2->python3) 0034-migration-warn-about-inconsistent-s.patch - > 0033-migration-warn-about-inconsistent-s.patch 0035-smbios-Add-1-terminator-if-any-stri.patch - > 0034-smbios-Add-1-terminator-if-any-stri.patch 0036-configure-Modify-python-used-for-io.patch - > 0035-configure-Modify-python-used-for-io.patch 0037-qemu-io-tests-comment-out-problemat.patch - > 0036-qemu-io-tests-comment-out-problemat.patch 0038-tests-test-thread-pool-is-racy-add-.patch - > 0037-tests-test-thread-pool-is-racy-add-.patch 0040-xen-add-block-resize-support-for-xe.patch - > 0038-xen-add-block-resize-support-for-xe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Update QEMU to allow kvm group access to /dev/sev (bsc#1102604). 71-sev.rules- Update to v2.12.1, a stable, (mostly) bug-fix-only release * This update contains new mitigation functionality for CVE-2018-3639 (Speculative Store Bypass) in x86. There are also bug fixes for migration, Intel IOMMU emulation, block layer/image handling, ARM emulation, and various other areas. (Note that a number of 2.12.1 patches were already included by us previously) (CVE-2018-3639 bsc#1092885) * Patches dropped (subsumed by stable update): 0039-device_tree-Increase-FDT_MAX_SIZE-t.patch 0040-vnc-fix-use-after-free.patch 0041-ccid-Fix-dwProtocols-advertisement-.patch 0042-tcg-arm-Fix-memory-barrier-encoding.patch 0043-s390-ccw-force-diag-308-subcode-to-.patch 0044-nbd-client-fix-nbd_negotiate_simple.patch 0045-migration-block-dirty-bitmap-fix-me.patch 0046-nbd-client-Fix-error-messages-durin.patch 0047-nbd-client-Relax-handling-of-large-.patch 0048-qxl-fix-local-renderer-crash.patch 0049-tcg-Limit-the-number-of-ops-in-a-TB.patch 0050-target-arm-Clear-SVE-high-bits-for-.patch 0051-cpus-tcg-fix-never-exiting-loop-on-.patch 0052-s390x-css-disabled-subchannels-cann.patch 0053-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0054-virtio-ccw-common-reset-handler.patch 0055-s390x-ccw-make-sure-all-ccw-devices.patch 0056-blockjob-expose-error-string-via-qu.patch 0058-qemu-io-Use-purely-string-blockdev-.patch 0059-qemu-img-Use-only-string-options-in.patch 0060-nfs-Remove-processed-options-from-Q.patch 0061-i386-define-the-ssbd-CPUID-feature-.patch 0062-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch 0064-ahci-fix-PxCI-register-race.patch 0065-ccid-card-passthru-fix-regression-i.patch * Patches renamed: 0057-blockjob-Fix-assertion-in-block_job.patch - > 0039-blockjob-Fix-assertion-in-block_job.patch 0066-xen-add-block-resize-support-for-xe.patch - > 0040-xen-add-block-resize-support-for-xe.patch 0067-seccomp-allow-sched_setscheduler-wi.patch - > 0041-seccomp-allow-sched_setscheduler-wi.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fixing seccomp resourcecontrol defunct issue (bsc#1102627) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-seccomp-allow-sched_setscheduler-wi.patch- Add ipxe-fix-build.patch to not error out with binutils >= 2.31 .- Remove linux-user patch which is no longer needed (bsc#1098056) * Patches dropped: 0011-linux-user-XXX-disable-fiemap.patch * Patches renamed: 0036-Remove-problematic-evdev-86-key-fro.patch - > 0011-Remove-problematic-evdev-86-key-fro.patch 0037-configure-Modify-python-used-for-io.patch - > 0036-configure-Modify-python-used-for-io.patch 0038-qemu-io-tests-comment-out-problemat.patch - > 0037-qemu-io-tests-comment-out-problemat.patch 0039-tests-test-thread-pool-is-racy-add-.patch - > 0038-tests-test-thread-pool-is-racy-add-.patch 0040-device_tree-Increase-FDT_MAX_SIZE-t.patch - > 0039-device_tree-Increase-FDT_MAX_SIZE-t.patch 0041-vnc-fix-use-after-free.patch - > 0040-vnc-fix-use-after-free.patch 0042-ccid-Fix-dwProtocols-advertisement-.patch - > 0041-ccid-Fix-dwProtocols-advertisement-.patch 0043-tcg-arm-Fix-memory-barrier-encoding.patch - > 0042-tcg-arm-Fix-memory-barrier-encoding.patch 0044-s390-ccw-force-diag-308-subcode-to-.patch - > 0043-s390-ccw-force-diag-308-subcode-to-.patch 0045-nbd-client-fix-nbd_negotiate_simple.patch - > 0044-nbd-client-fix-nbd_negotiate_simple.patch 0046-migration-block-dirty-bitmap-fix-me.patch - > 0045-migration-block-dirty-bitmap-fix-me.patch 0047-nbd-client-Fix-error-messages-durin.patch - > 0046-nbd-client-Fix-error-messages-durin.patch 0048-nbd-client-Relax-handling-of-large-.patch - > 0047-nbd-client-Relax-handling-of-large-.patch 0049-qxl-fix-local-renderer-crash.patch - > 0048-qxl-fix-local-renderer-crash.patch 0050-tcg-Limit-the-number-of-ops-in-a-TB.patch - > 0049-tcg-Limit-the-number-of-ops-in-a-TB.patch 0051-target-arm-Clear-SVE-high-bits-for-.patch - > 0050-target-arm-Clear-SVE-high-bits-for-.patch 0052-cpus-tcg-fix-never-exiting-loop-on-.patch - > 0051-cpus-tcg-fix-never-exiting-loop-on-.patch 0053-s390x-css-disabled-subchannels-cann.patch - > 0052-s390x-css-disabled-subchannels-cann.patch 0054-pc-bios-s390-ccw-struct-tpi_info-mu.patch - > 0053-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0055-virtio-ccw-common-reset-handler.patch - > 0054-virtio-ccw-common-reset-handler.patch 0056-s390x-ccw-make-sure-all-ccw-devices.patch - > 0055-s390x-ccw-make-sure-all-ccw-devices.patch 0057-blockjob-expose-error-string-via-qu.patch - > 0056-blockjob-expose-error-string-via-qu.patch 0058-blockjob-Fix-assertion-in-block_job.patch - > 0057-blockjob-Fix-assertion-in-block_job.patch 0059-qemu-io-Use-purely-string-blockdev-.patch - > 0058-qemu-io-Use-purely-string-blockdev-.patch 0060-qemu-img-Use-only-string-options-in.patch - > 0059-qemu-img-Use-only-string-options-in.patch 0061-nfs-Remove-processed-options-from-Q.patch - > 0060-nfs-Remove-processed-options-from-Q.patch 0062-i386-define-the-ssbd-CPUID-feature-.patch - > 0061-i386-define-the-ssbd-CPUID-feature-.patch 0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch - > 0062-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0064-i386-define-the-AMD-virt-ssbd-CPUID.patch - > 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch 0065-ahci-fix-PxCI-register-race.patch - > 0064-ahci-fix-PxCI-register-race.patch 0066-ccid-card-passthru-fix-regression-i.patch - > 0065-ccid-card-passthru-fix-regression-i.patch 0067-xen-add-block-resize-support-for-xe.patch - > 0066-xen-add-block-resize-support-for-xe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix build failure of skiboot with gcc8 compiler skiboot-hdata-i2c.c-fix-building-with-gcc8.patch- Tweak build service constraints information to avoid failures- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-xen-add-block-resize-support-for-xe.patch- Tweak patch file generation to be more git version agnostic. Also change update_git.sh to not reformat spec file by default.- Looks like the right fix for the AHCI issue has been identified upstream. Turns out to also affect Linux guests as well. (bsc#1094406) * Patches dropped: 0065-Revert-replay-don-t-process-async-e.patch 0066-Revert-replay-avoid-recursive-call-.patch 0067-Revert-replay-check-return-values-o.patch 0068-Revert-replay-push-replay_mutex_loc.patch * Patches added: 0065-ahci-fix-PxCI-register-race.patch - Fix a regresssion introduced in v2.12.0 for ccid-card-passthrough (bsc#1095419) 0066-ccid-card-passthru-fix-regression-i.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix qemu-guest-agent service issue (bsc#1094898)- Spectre v4 vulnerability mitigation support for KVM guests. High level description of vulnerability: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This change permits the new x86 cpu feature flag named "ssbd" to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled, via adding it to the qemu commandline (eg: -cpu ,+spec-ctrl,+ssbd), so the guest OS can take advantage of the feature, spec-ctrl and ssbd support is also required in the host. Another new x86 cpu feature flag named "virt-ssbd" is also added to handle this vulnerability for AMD processors. (CVE-2018-3639 bsc#1092885) 0062-i386-define-the-ssbd-CPUID-feature-.patch 0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0064-i386-define-the-AMD-virt-ssbd-CPUID.patch - Replay code introduced an issue for AHCI emulation, where on Windows 10 I/O would stop randomly, and Windows would then reset the AHCI device. The issue is not yet fully identified, but reverting some of those changes is at least for now a workaround. (bsc#1094406) 0065-Revert-replay-don-t-process-async-e.patch 0066-Revert-replay-avoid-recursive-call-.patch 0067-Revert-replay-check-return-values-o.patch 0068-Revert-replay-push-replay_mutex_loc.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Add some upstream fixes targeted for the next stable release 0040-device_tree-Increase-FDT_MAX_SIZE-t.patch 0041-vnc-fix-use-after-free.patch 0042-ccid-Fix-dwProtocols-advertisement-.patch 0043-tcg-arm-Fix-memory-barrier-encoding.patch 0044-s390-ccw-force-diag-308-subcode-to-.patch 0045-nbd-client-fix-nbd_negotiate_simple.patch 0046-migration-block-dirty-bitmap-fix-me.patch 0047-nbd-client-Fix-error-messages-durin.patch 0048-nbd-client-Relax-handling-of-large-.patch 0049-qxl-fix-local-renderer-crash.patch 0050-tcg-Limit-the-number-of-ops-in-a-TB.patch 0051-target-arm-Clear-SVE-high-bits-for-.patch 0052-cpus-tcg-fix-never-exiting-loop-on-.patch 0053-s390x-css-disabled-subchannels-cann.patch 0054-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0055-virtio-ccw-common-reset-handler.patch 0056-s390x-ccw-make-sure-all-ccw-devices.patch 0057-blockjob-expose-error-string-via-qu.patch 0058-blockjob-Fix-assertion-in-block_job.patch 0059-qemu-io-Use-purely-string-blockdev-.patch 0060-qemu-img-Use-only-string-options-in.patch 0061-nfs-Remove-processed-options-from-Q.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix qemu-guest-agent uninstall (bsc#1093169) - Minor tweak to qemu spec file- Update to v2.12.0: See http://wiki.qemu.org/ChangeLog/2.12 Some noteworthy changes: CLI options removed: -tdf, -no-kvm-pit, -drive boot, -net channel, - net dump, -hdachs, -drive,if=scsi HMP commands removed: usb_add, usb_del, host_net_add, host_net_remove Q35 default nic now e1000e AMD SEV support - smbios supports setting data for type 11 tables audio and display support split out as modules - nic for simple creation of guest NIC and host back-end QMP monitor "out-of-band" capability lots of ARM and s390 improvements - Include more of upstream's in-tree tests in the qemu-testsuite package * Patches dropped: 0033-memfd-fix-configure-test.patch 0034-qapi-use-items-values-intead-of-ite.patch 0035-qapi-Use-OrderedDict-from-standard-.patch 0036-qapi-adapt-to-moved-location-of-Str.patch 0037-qapi-Adapt-to-moved-location-of-mak.patch 0038-qapi-remove-q-arg-to-diff-when-comp.patch 0039-qapi-ensure-stable-sort-ordering-wh.patch 0040-qapi-force-a-UTF-8-locale-for-runni.patch 0041-scripts-ensure-signrom-treats-data-.patch 0042-configure-allow-use-of-python-3.patch 0043-input-add-missing-JIS-keys-to-virti.patch 0045-pc-fail-memory-hot-plug-unplug-with.patch 0046-memattrs-add-debug-attribute.patch 0047-exec-add-ram_debug_ops-support.patch 0048-exec-add-debug-version-of-physical-.patch 0049-monitor-i386-use-debug-APIs-when-ac.patch 0050-machine-add-memory-encryption-prope.patch 0051-kvm-update-kvm.h-to-include-memory-.patch 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch 0053-target-i386-add-Secure-Encrypted-Vi.patch 0054-qmp-add-query-sev-command.patch 0055-sev-i386-add-command-to-initialize-.patch 0056-qmp-populate-SevInfo-fields-with-SE.patch 0057-sev-i386-register-the-guest-memory-.patch 0058-kvm-introduce-memory-encryption-API.patch 0059-hmp-add-info-sev-command.patch 0060-sev-i386-add-command-to-create-laun.patch 0061-sev-i386-add-command-to-encrypt-gue.patch 0062-target-i386-encrypt-bios-rom.patch 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch 0064-sev-i386-finalize-the-SEV-guest-lau.patch 0065-hw-i386-set-ram_debug_ops-when-memo.patch 0066-sev-i386-add-debug-encrypt-and-decr.patch 0067-target-i386-clear-C-bit-when-walkin.patch 0068-include-add-psp-sev.h-header-file.patch 0069-sev-i386-add-support-to-query-PLATF.patch 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch 0071-qmp-add-query-sev-launch-measure-co.patch 0072-tests-qmp-test-blacklist-query-sev-.patch 0073-sev-i386-add-migration-blocker.patch 0074-cpu-i386-populate-CPUID-0x8000_001F.patch 0075-migration-warn-about-inconsistent-s.patch 0076-smbios-support-setting-OEM-strings-.patch 0077-smbios-Add-1-terminator-if-any-stri.patch 0078-Remove-problematic-evdev-86-key-fro.patch 0079-tpm-lookup-cancel-path-under-tpm-de.patch 0080-vga-fix-region-calculation.patch skiboot-GCC7-fixes-for-Wimplicit-fallthr.patch skiboot-libc-stdio-vsnprintf.c-add-expli.patch skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch ui-keycodemapdb-Add-missing-QKeyCode-val.patch ui-keycodemapdb-Fix-compat-with-py3-dict.patch * Patches renamed: 0044-Make-installed-scripts-explicitly-p.patch - > 0033-Make-installed-scripts-explicitly-p.patch 0075-migration-warn-about-inconsistent-s.patch - > 0034-migration-warn-about-inconsistent-s.patch 0077-smbios-Add-1-terminator-if-any-stri.patch - > 0035-smbios-Add-1-terminator-if-any-stri.patch 0078-Remove-problematic-evdev-86-key-fro.patch - > 0036-Remove-problematic-evdev-86-key-fro.patch * Patches added: 0037-configure-Modify-python-used-for-io.patch 0038-qemu-io-tests-comment-out-problemat.patch 0039-tests-test-thread-pool-is-racy-add-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix autoinstall of qemu-guest-agent by getting the modalias string right (bsc#1091143)- Guard strncpy call with GCC pragma to disable warning about possible incorrect usage, when in fact it is correct. This is for gcc 8 compatibility (bsc#1090355) ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch- Add WantedBy for enable qemu-ga@.service auto start (bsc#1090369)- fix qemu-ga service file name (bsc#1089067)- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604) 0080-vga-fix-region-calculation.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Add new look up path "sys/class/tpm" for tpm cancel path based on Linux 4.0 change (commit 313d21eeab9282e)(bsc#1070615) 0079-tpm-lookup-cancel-path-under-tpm-de.patch- Fix issue with key codes in qemu v2.11 0078-Remove-problematic-evdev-86-key-fro.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 * Patches added: 0077-smbios-Add-1-terminator-if-any-stri.patch bsc#994082 and bsc#1084316- Add support for setting OEM strings table (fate#323624) 0076-smbios-support-setting-OEM-strings-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- SLE15 KVM (as targeted for RC1) now has the feature exposed. Drop the patch. (bsc#1082276) 0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Change example qemu-ifup script to not depend on bridge-utils. Also update the paths used for ip binary.- Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor.- Update to v2.11.1, a stable, (mostly) bug-fix-only release In addition to bug fixes, of necessity fixes are needed to address the Spectre v2 vulnerability by passing along to the guest new hardware features introduced by host microcode updates. A January 2018 release of qemu initially addressed this issue by exposing the feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on the upstream solution. This update instead defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) s390x guest vulnerability to Spectre v2 is also addressed in this update by including support for bpb and ppa/stfle.81 features. (CVE-2017-5715 bsc#1068032) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ - Unfortunately, it was found that our current KVM isn't correctly indicating support for the spec-ctrl feature, so I've added a patch to still detect that support within QEMU. This is of course a temporary kludge until KVM gets fixed. (bsc#1082276) - The SEV support patches are updated to the v9 series. - Fix incompatibility with recent glibc (boo#1081154) - Add Supplements tags for the guest agent package in an attempt to auto-install for QEMU and Xen SUSE Linux guests (fate#323570) * Patches dropped (subsumed by stable update, or reworked in v9): 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch 0050-target-i386-add-memory-encryption-f.patch 0054-accel-add-Secure-Encrypted-Virtuliz.patch 0072-sev-Fix-build-for-non-x86-hosts.patch * Patches added: 0033-memfd-fix-configure-test.patch 0053-target-i386-add-Secure-Encrypted-Vi.patch 0056-qmp-populate-SevInfo-fields-with-SE.patch 0072-tests-qmp-test-blacklist-query-sev-.patch 0073-sev-i386-add-migration-blocker.patch 0074-cpu-i386-populate-CPUID-0x8000_001F.patch 0075-migration-warn-about-inconsistent-s.patch 0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch * Patches renamed (plus some minor code changes): 0051-machine-add-memory-encryption-prope.patch - > 0050-machine-add-memory-encryption-prope.patch 0052-kvm-update-kvm.h-to-include-memory-.patch - > 0051-kvm-update-kvm.h-to-include-memory-.patch 0053-docs-add-AMD-Secure-Encrypted-Virtu.patch - > 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch 0055-sev-add-command-to-initialize-the-m.patch - > 0055-sev-i386-add-command-to-initialize-.patch 0056-sev-register-the-guest-memory-range.patch - > 0057-sev-i386-register-the-guest-memory-.patch 0057-kvm-introduce-memory-encryption-API.patch - > 0058-kvm-introduce-memory-encryption-API.patch 0058-qmp-add-query-sev-command.patch - > 0054-qmp-add-query-sev-command.patch 0060-sev-add-command-to-create-launch-me.patch - > 0060-sev-i386-add-command-to-create-laun.patch 0061-sev-add-command-to-encrypt-guest-me.patch - > 0061-sev-i386-add-command-to-encrypt-gue.patch 0063-sev-add-support-to-LAUNCH_MEASURE-c.patch - > 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch 0064-sev-Finalize-the-SEV-guest-launch-f.patch - > 0064-sev-i386-finalize-the-SEV-guest-lau.patch 0066-sev-add-debug-encrypt-and-decrypt-c.patch - > 0066-sev-i386-add-debug-encrypt-and-decr.patch 0069-sev-add-support-to-query-PLATFORM_S.patch - > 0069-sev-i386-add-support-to-query-PLATF.patch 0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch - > 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Add AMD SEV (Secure Encrypted Virtualization) support by taking the v7 series of the patches posted to qemu ml. (fate#322124) 0046-memattrs-add-debug-attribute.patch 0047-exec-add-ram_debug_ops-support.patch 0048-exec-add-debug-version-of-physical-.patch 0049-monitor-i386-use-debug-APIs-when-ac.patch 0050-target-i386-add-memory-encryption-f.patch 0051-machine-add-memory-encryption-prope.patch 0052-kvm-update-kvm.h-to-include-memory-.patch 0053-docs-add-AMD-Secure-Encrypted-Virtu.patch 0054-accel-add-Secure-Encrypted-Virtuliz.patch 0055-sev-add-command-to-initialize-the-m.patch 0056-sev-register-the-guest-memory-range.patch 0057-kvm-introduce-memory-encryption-API.patch 0058-qmp-add-query-sev-command.patch 0059-hmp-add-info-sev-command.patch 0060-sev-add-command-to-create-launch-me.patch 0061-sev-add-command-to-encrypt-guest-me.patch 0062-target-i386-encrypt-bios-rom.patch 0063-sev-add-support-to-LAUNCH_MEASURE-c.patch 0064-sev-Finalize-the-SEV-guest-launch-f.patch 0065-hw-i386-set-ram_debug_ops-when-memo.patch 0066-sev-add-debug-encrypt-and-decrypt-c.patch 0067-target-i386-clear-C-bit-when-walkin.patch 0068-include-add-psp-sev.h-header-file.patch 0069-sev-add-support-to-query-PLATFORM_S.patch 0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch 0071-qmp-add-query-sev-launch-measure-co.patch 0072-sev-Fix-build-for-non-x86-hosts.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Update python3 related patches now that they are upstream- guest agent: change service file to a template so it can be used by Xen as well. Adjust udev rule accordingly. FATE#324963- Fix machine inconsistency with -no-acpi and nvdimm (bsc#1077823) 0045-pc-fail-memory-hot-plug-unplug-with.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Modify BuildRequires python references - seabios also needed tweaks for python2 vs python3 * Patches added: seabios-use-python2-explicitly-as-needed.patch seabios-switch-to-python3-as-needed.patch- Try to get our story right wrt python2 vs python3 (bsc#1077564) * Get rid of use of #!/usr/bin/env python in scripts we install * include proposed upstream build system changes needed for building with python2 or python3 * Patches dropped: 0032-scripts-avoid-usr-bin-python-refere.patch * Patches renamed: 0033-Switch-order-of-libraries-for-mpath.patch - > 0032-Switch-order-of-libraries-for-mpath.patch 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch - > 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch * Patches added: 0034-qapi-use-items-values-intead-of-ite.patch 0035-qapi-Use-OrderedDict-from-standard-.patch 0036-qapi-adapt-to-moved-location-of-Str.patch 0037-qapi-Adapt-to-moved-location-of-mak.patch 0038-qapi-remove-q-arg-to-diff-when-comp.patch 0039-qapi-ensure-stable-sort-ordering-wh.patch 0040-qapi-force-a-UTF-8-locale-for-runni.patch 0041-scripts-ensure-signrom-treats-data-.patch 0042-configure-allow-use-of-python-3.patch 0043-input-add-missing-JIS-keys-to-virti.patch 0044-Make-installed-scripts-explicitly-p.patch Make-installed-scripts-explicitly-python3.patch ui-keycodemapdb-Add-missing-QKeyCode-val.patch ui-keycodemapdb-Fix-compat-with-py3-dict.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Fix packaging dependencies (coreutils) for qemu-ksm package (bsc#1040202)- Pass through to guest info related to x86 security vulnerability (CVE-2017-5715 bsc#1068032) 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Update to v2.11.0: See http://wiki.qemu.org/ChangeLog/2.11 Some noteworthy changes: - nodefconfig is now deprecated legacy pci-assignment code removed qemu-pr-helper added for handling guest persistant reservations (bsc#891066, bsc#910704, bsc#943807) qemu-keymap tool added for generating keymap files throttle block filter driver added support for a TPM emulator qcow2 image shrink support better support for >=64 vcpus for Windows guests nested KVM related improvements s390 pgste handling now done better EPYC cpu model added (bsc#1052825) improvements in qcow2 buffer handling vhost-user resume issue fixed migration hardening ARMv8-M security extension support more seccomp/sandboxing options available s390 cpu hot-plug improvements misc. virtfs improvements nbd improvements MTTCG improvements misc. TCG improvements scsi correctness improvements SEABIOS now has serial output option * Includes fixes for CVE-2017-15118 bsc#1070147, CVE-2017-15119 bsc#1070144 * Adds KASLR support (fate#323473, bsc#1070281) * Update SLE support docs to match this release * simplify spec file to expect at least sle_version >= 1315 * Patches dropped (upstream): 0013-console-add-question-mark-escape-op.patch 0020-configure-Fix-detection-of-seccomp-.patch 0034-target-i386-cpu-Add-new-EPYC-CPU-mo.patch 0035-chardev-baum-fix-baum-that-releases.patch 0036-io-fix-temp-directory-used-by-test-.patch 0037-io-fix-check-for-handshake-completi.patch 0038-crypto-fix-test-cert-generation-to-.patch 0039-vhost-user-disable-the-broken-subpr.patch 0040-io-monitor-encoutput-buffer-size-fr.patch 0041-cirrus-fix-oob-access-in-mode4and5-.patch 0042-9pfs-use-g_malloc0-to-allocate-spac.patch * Patches renamed: 0014-Make-char-muxer-more-robust-wrt-sma.patch - > 0013-Make-char-muxer-more-robust-wrt-sma.patch 0015-linux-user-lseek-explicitly-cast-no.patch - > 0014-linux-user-lseek-explicitly-cast-no.patch 0016-AIO-Reduce-number-of-threads-for-32.patch - > 0015-AIO-Reduce-number-of-threads-for-32.patch 0017-xen_disk-Add-suse-specific-flush-di.patch - > 0016-xen_disk-Add-suse-specific-flush-di.patch 0018-qemu-bridge-helper-reduce-security-.patch - > 0017-qemu-bridge-helper-reduce-security-.patch 0019-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0018-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0021-linux-user-properly-test-for-infini.patch - > 0019-linux-user-properly-test-for-infini.patch 0022-roms-Makefile-pass-a-packaging-time.patch - > 0020-roms-Makefile-pass-a-packaging-time.patch 0023-Raise-soft-address-space-limit-to-h.patch - > 0021-Raise-soft-address-space-limit-to-h.patch 0024-increase-x86_64-physical-bits-to-42.patch - > 0022-increase-x86_64-physical-bits-to-42.patch 0025-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0023-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0026-i8254-Fix-migration-from-SLE11-SP2.patch - > 0024-i8254-Fix-migration-from-SLE11-SP2.patch 0027-acpi_piix4-Fix-migration-from-SLE11.patch - > 0025-acpi_piix4-Fix-migration-from-SLE11.patch 0028-Fix-tigervnc-long-press-issue.patch - > 0026-Fix-tigervnc-long-press-issue.patch 0029-string-input-visitor-Fix-uint64-par.patch - > 0027-string-input-visitor-Fix-uint64-par.patch 0030-test-string-input-visitor-Add-int-t.patch - > 0028-test-string-input-visitor-Add-int-t.patch 0031-test-string-input-visitor-Add-uint6.patch - > 0029-test-string-input-visitor-Add-uint6.patch 0032-tests-Add-QOM-property-unit-tests.patch - > 0030-tests-Add-QOM-property-unit-tests.patch 0033-tests-Add-scsi-disk-test.patch - > 0031-tests-Add-scsi-disk-test.patch 0043-scripts-avoid-usr-bin-python-refere.patch - > 0032-scripts-avoid-usr-bin-python-refere.patch * We need the multipath libraries link order switched 0033-Switch-order-of-libraries-for-mpath.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Avoid ref to /usr/bin/python in vmstate-static-checker.py script 0043-scripts-avoid-usr-bin-python-refere.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- For SLE15, it's been decided to stop providing SDL based graphics due to packaging constraints. Long ago GTK became the default, and there is little benefit to providing both. For now, keep it enabled for openSUSE (Tumblweed and Leap), but consider it marked deprecated there and if no one complains it will be removed for openSUSE as well in the near future. (fate#324465) - Fix problem building skiboot.lid skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch- Wrap analyze-migration and vmstate-static-checker into tools from qemu scripts folder, also changed introduction of qemu-tools in spec file - Move supportplugin position in spec file- Add announcement in support docs about qed storage format no longer being supported in next major SLE release (SLE15) (fate#324200) - Address various security/stability issues * Fix DoS in I/O channel websockets (CVE-2017-15268 bsc#1062942) 0040-io-monitor-encoutput-buffer-size-fr.patch * Fix OOB access in cirrus vga device emulation (CVE-2017-15289 bsc#1063122) 0041-cirrus-fix-oob-access-in-mode4and5-.patch * Fix information leak in 9pfs interface (CVE-2017-15038 bsc#1062069) 0042-9pfs-use-g_malloc0-to-allocate-spac.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Don't tie glusterfs support to specific arch - Build skiboot firmware (OPAL), particularly since it's fairly easy to do so skiboot-GCC7-fixes-for-Wimplicit-fallthr.patch skiboot-libc-stdio-vsnprintf.c-add-expli.patch- Added the global macro 'with_glusterfs' in order to re-enable glusterfs support. The macro enable easier future adjustments for various ARCH/targets/requiremnets. At first glusterfs support is enabled for openSUSE Leap 42.x and Factory for ARCH x86_64.- Add dependencies on ovmf (uefi) for the qemu-x86 and qemu-arm packages - Fix s390-netboot.img to be included with qemu-s390 package, not qemu-ppc- Update to v2.10.1, a stable, bug-fix-only release * fixes bsc#1056386 CVE-2017-13673, bsc#1056334 CVE-2017-13672, bsc#1057585 CVE-2017-14167 * Patches dropped (upstream): 0034-slirp-fix-clearing-ifq_so-from-pend.patch 0035-s390-ccw-Fix-alignment-for-CCW1.patch 0038-s390x-ais-for-2.10-stable-disable-a.patch 0039-s390x-cpumodel-remove-ais-from-z14-.patch * Patches renamed: 0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch - > 0034-target-i386-cpu-Add-new-EPYC-CPU-mo.patch 0037-chardev-baum-fix-baum-that-releases.patch - > 0035-chardev-baum-fix-baum-that-releases.patch 0040-io-fix-temp-directory-used-by-test-.patch - > 0036-io-fix-temp-directory-used-by-test-.patch 0041-io-fix-check-for-handshake-completi.patch - > 0037-io-fix-check-for-handshake-completi.patch 0042-crypto-fix-test-cert-generation-to-.patch - > 0038-crypto-fix-test-cert-generation-to-.patch 0043-vhost-user-disable-the-broken-subpr.patch - > 0039-vhost-user-disable-the-broken-subpr.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix failures and potential failures in qemu-testsuite 0040-io-fix-temp-directory-used-by-test-.patch 0041-io-fix-check-for-handshake-completi.patch 0042-crypto-fix-test-cert-generation-to-.patch 0043-vhost-user-disable-the-broken-subpr.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix migration issue on s390 0038-s390x-ais-for-2.10-stable-disable-a.patch 0039-s390x-cpumodel-remove-ais-from-z14-.patch - Fix case of not being able to build from rpm sources due to undefined macro (boo#1057966) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix baum that release brlapi twice (bsc#1060045) 0037-chardev-baum-fix-baum-that-releases.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- For SLE15 pre-release testing, add support for the EPYC processor. This will be officially supported once it is included in the v2.11 release. (bsc#1052825) 0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch - Fix some support statements in our SLE support documents.- Update BuildRequires packages libibverbs-devel and librdmacm-devel to the more correct rdma-core-devel - Enable seccomp for s390x, aarch64, and ppc64le - Fix OOB issue (use after free) in slirp network stack (CVE-2017-13711 bsc#1056291) 0034-slirp-fix-clearing-ifq_so-from-pend.patch - Fix a misalignment in the s390 ccw firmware (bsc#1056680) 0035-s390-ccw-Fix-alignment-for-CCW1.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Add a supportconfig plugin qemu-supportconfig FATE#323661- Update to v2.10.0: See http://wiki.qemu.org/ChangeLog/2.10 - Dropped internal only patches used to support SUSE Studio Testdrive as well as other miscellaneous patches deemed unused and not worth carrying (bsc#1046783, bsc#1055125, bsc#1055127) - Update SLE support statements in anticipation of SLE15 - disable SAN boot capability from virtio pxe rom used in v1.4 and older pc machine types due to rom size requirements. Hopefully a better solution can be found which doesn't impact functionality * Patches added: ipxe-stub-out-the-SAN-req-s-in-int13.patch * Patches renamed: 0006-qemu-cvs-gettimeofday.patch -> 0003-qemu-cvs-gettimeofday.patch 0007-qemu-cvs-ioctl_debug.patch -> 0004-qemu-cvs-ioctl_debug.patch 0008-qemu-cvs-ioctl_nodirection.patch -> 0005-qemu-cvs-ioctl_nodirection.patch 0009-linux-user-add-binfmt-wrapper-for-a.patch -> 0006-linux-user-add-binfmt-wrapper-for-a.patch 0010-PPC-KVM-Disable-mmu-notifier-check.patch -> 0007-PPC-KVM-Disable-mmu-notifier-check.patch 0011-linux-user-fix-segfault-deadlock.patch -> 0008-linux-user-fix-segfault-deadlock.patch 0012-linux-user-binfmt-support-host-bina.patch -> 0009-linux-user-binfmt-support-host-bina.patch 0013-linux-user-Fake-proc-cpuinfo.patch -> 0010-linux-user-Fake-proc-cpuinfo.patch 0014-linux-user-XXX-disable-fiemap.patch -> 0011-linux-user-XXX-disable-fiemap.patch 0017-linux-user-use-target_ulong.patch -> 0012-linux-user-use-target_ulong.patch 0021-console-add-question-mark-escape-op.patch -> 0013-console-add-question-mark-escape-op.patch 0022-Make-char-muxer-more-robust-wrt-sma.patch -> 0014-Make-char-muxer-more-robust-wrt-sma.patch 0023-linux-user-lseek-explicitly-cast-no.patch -> 0015-linux-user-lseek-explicitly-cast-no.patch 0025-AIO-Reduce-number-of-threads-for-32.patch -> 0016-AIO-Reduce-number-of-threads-for-32.patch 0027-xen_disk-Add-suse-specific-flush-di.patch -> 0017-xen_disk-Add-suse-specific-flush-di.patch 0028-qemu-bridge-helper-reduce-security-.patch -> 0018-qemu-bridge-helper-reduce-security-.patch 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0019-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0030-configure-Fix-detection-of-seccomp-.patch -> 0020-configure-Fix-detection-of-seccomp-.patch 0031-linux-user-properly-test-for-infini.patch -> 0020-linux-user-properly-test-for-infini.patch 0033-roms-Makefile-pass-a-packaging-time.patch -> 0022-roms-Makefile-pass-a-packaging-time.patch 0034-Raise-soft-address-space-limit-to-h.patch -> 0023-Raise-soft-address-space-limit-to-h.patch 0035-increase-x86_64-physical-bits-to-42.patch -> 0024-increase-x86_64-physical-bits-to-42.patch 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0025-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0037-i8254-Fix-migration-from-SLE11-SP2.patch -> 0026-i8254-Fix-migration-from-SLE11-SP2.patch 0038-acpi_piix4-Fix-migration-from-SLE11.patch -> 0027-acpi_piix4-Fix-migration-from-SLE11.patch 0039-Fix-tigervnc-long-press-issue.patch -> 0028-Fix-tigervnc-long-press-issue.patch 0041-string-input-visitor-Fix-uint64-par.patch -> 0029-string-input-visitor-Fix-uint64-par.patch 0042-test-string-input-visitor-Add-int-t.patch -> 0030-test-string-input-visitor-Add-int-t.patch 0043-test-string-input-visitor-Add-uint6.patch -> 0031-test-string-input-visitor-Add-uint6.patch 0044-tests-Add-QOM-property-unit-tests.patch -> 0032-tests-Add-QOM-property-unit-tests.patch 0045-tests-Add-scsi-disk-test.patch -> 0033-tests-Add-scsi-disk-test.patch * Patches dropped (upstream unless otherwise noted): 0003-qemu-cvs-alsa_bitfield.patch (deemed not needed) 0004-qemu-cvs-alsa_ioctl.patch (deemed not needed) 0005-qemu-cvs-alsa_mmap.patch (deemed not needed) 0015-slirp-nooutgoing.patch (bsc#1055125) 0016-vnc-password-file-and-incoming-conn.patch (bsc#1055127) 0018-block-Add-support-for-DictZip-enabl.patch (bsc#1046783) 0019-block-Add-tar-container-format.patch (bsc#1046783) 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch (bsc#1046783) 0024-configure-Enable-PIE-for-ppc-and-pp.patch (obsolete) 0026-dictzip-Fix-on-big-endian-systems.patch (bsc#1046783) 0032-linux-user-remove-all-traces-of-qem.patch 0040-fix-xen-hvm-direct-kernel-boot.patch (bsc#970791) 0046-RFC-update-Linux-headers-from-irqs-.patch 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch 0048-input-Add-trace-event-for-empty-key.patch 0049-ACPI-don-t-call-acpi_pcihp_device_p.patch 0050-i386-Allow-cpuid-bit-override.patch (was for testing only) 0051-input-limit-kbd-queue-depth.patch 0052-audio-release-capture-buffers.patch 0053-scsi-avoid-an-off-by-one-error-in-m.patch 0054-vmw_pvscsi-check-message-ring-page-.patch 0055-9pfs-local-forbid-client-access-to-.patch 0056-jazz_led-fix-bad-snprintf.patch 0057-slirp-smb-Replace-constant-strings-.patch 0058-altera_timer-fix-incorrect-memset.patch 0059-Hacks-for-building-on-gcc-7-Fedora-.patch 0060-9pfs-local-fix-unlink-of-alien-file.patch 0061-megasas-do-not-read-DCMD-opcode-mor.patch 0062-megasas-always-store-SCSIRequest-in.patch 0063-nbd-Fully-initialize-client-in-case.patch 0064-9pfs-local-remove-use-correct-path-.patch 0065-hid-Reset-kbd-modifiers-on-reset.patch 0066-input-Decrement-queue-count-on-kbd-.patch 0067-xhci-only-update-dequeue-ptr-on-com.patch 0068-vnc-Set-default-kbd-delay-to-10ms.patch 0069-qemu-nbd-Ignore-SIGPIPE.patch 0070-usb-redir-fix-stack-overflow-in-usb.patch 0072-slirp-check-len-against-dhcp-option.patch 0071-exec-use-qemu_ram_ptr_length-to-acc.patch 0073-xen-mapcache-store-dma-information-.patch 0074-exec-Add-lock-parameter-to-qemu_ram.patch 0075-Replace-struct-ucontext-with-uconte.patch ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch ipxe-ath-Add-missing-break-statements.patch ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix package build failure as of glibc v2.26 update in Factory (boo#1055587) 0075-Replace-struct-ucontext-with-uconte.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Remove redundant prerequire for pwdutils- Postrequire acl for setfacl- Prerequire shadow for groupadd- The recent security fix for CVE-2017-11334 adversely affects Xen. Include two additional patches to make sure Xen is going to be OK. 0073-xen-mapcache-store-dma-information-.patch 0074-exec-Add-lock-parameter-to-qemu_ram.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Pre-add group kvm for qemu-tools (bsc#1011144)- Fixed a few more inaccuracies in the support docs.- Address various security/stability issues * Fix DOS vulnerability in qemu-nbd (bsc#1046636 CVE-2017-10664) 0069-qemu-nbd-Ignore-SIGPIPE.patch * Fix DOS from stack overflow in debug messages of usb redirection support (bsc#1047674 CVE-2017-10806) 0070-usb-redir-fix-stack-overflow-in-usb.patch * Fix OOB access during DMA operation (CVE-2017-11334 bsc#1048902) 0071-exec-use-qemu_ram_ptr_length-to-acc.patch * Fix OOB access parsing dhcp slirp options (CVE-2017-11434 bsc#1049381) 0072-slirp-check-len-against-dhcp-option.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12 SP3. Apply a few additional clarifications in the support docs. (bsc#1050268) - Adjust to libvdeplug-devel package naming changes.- Fix migration with xhci (bsc#1048296) 0067-xhci-only-update-dequeue-ptr-on-com.patch - Increase VNC delay to fix missing keyboard input events (bsc#1031692) 0068-vnc-Set-default-kbd-delay-to-10ms.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Remove build dependency package iasl used for seabios- Fixed stuck state during usb keyboard reset (bsc#1044936) 0065-hid-Reset-kbd-modifiers-on-reset.patch - Fixed keyboard events getting lost (bsc#1044936) 0066-input-Decrement-queue-count-on-kbd-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Use most recent compiler to build size-critical firmware, instead of hard-coding gcc6 for all target versions (bsc#1043390) * A few upstream ipxe patches were needed for gcc7 compatibility: ipxe-ath-Add-missing-break-statements.patch ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch - Add --no-renames to the git format-patch command in the git workflow script for better patch compatibility - Address various security/stability issues * Fix potential privilege escalation in virtfs (CVE-2016-9602 bsc#1020427) 0060-9pfs-local-fix-unlink-of-alien-file.patch * Fix DOS in megasas device emulation (CVE-2017-9503 bsc#1043296) 0061-megasas-do-not-read-DCMD-opcode-mor.patch 0062-megasas-always-store-SCSIRequest-in.patch * Fix DOS in qemu-nbd server (CVE-2017-9524 bsc#1043808) 0063-nbd-Fully-initialize-client-in-case.patch * Fix regression introduced by recent virtfs security fixes (bsc#1045035) 0064-9pfs-local-remove-use-correct-path-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Backport ipxe to support FirstBurstLength (bsc#1040476) ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch- Fixes for gcc7 compatability (bsc#1040228) (in behalf of Liang Yan) 0056-jazz_led-fix-bad-snprintf.patch 0057-slirp-smb-Replace-constant-strings-.patch 0058-altera_timer-fix-incorrect-memset.patch 0059-Hacks-for-building-on-gcc-7-Fedora-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Protect access to metadata in virtio-9pfs (CVE-2017-7493 bsc#1039495) 0055-9pfs-local-forbid-client-access-to-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Address various security/stability issues * Fix DOS potential in vnc interface (CVE-2017-8379 bsc#1037334) 0051-input-limit-kbd-queue-depth.patch * Fix DOS potential in vnc interface (CVE-2017-8309 bsc#1037242) 0052-audio-release-capture-buffers.patch * Fix OOB access in megasas device emulation (CVE-2017-8380 bsc#1037336) 0053-scsi-avoid-an-off-by-one-error-in-m.patch * Fix DOS in Vmware pv scsi emulation (CVE-2017-8112 bsc#1036211) 0054-vmw_pvscsi-check-message-ring-page-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Fix building packages for some older distros. - Further refine our handling of building firmware (or not) for the various arch's and distro versions we build for. Note that if we don't build x86 firmware, (eg: x86 Leap 42.1) the upstream binary blobs are used, which may have migration incompatibilities with previous versions of qemu provided.- Fix issue in shipping qemu v2.9.0, where pci-passthrough for Xen HVM guests got broken (bsc#1034131) 0049-ACPI-don-t-call-acpi_pcihp_device_p.patch - Include experimental, unsupported feature to assist in some performance analysis work. 0050-i386-Allow-cpuid-bit-override.patch- Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9 * Includes fix for CVE-2017-7471, a virtfs security issue. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Add empty keyboard queue tracepoint to help openQA testing work better (bsc#1031692) 0048-input-Add-trace-event-for-empty-key.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9 - Enable ceph/rbd support for s390x (bsc#1030068) - Enable ceph/rbd support for ppc* as available - Update ARM in-kernel-timers patch (bsc#1033416) * Patches renamed: 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch 0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch 0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch 0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch 0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch 0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch * Patches added (support patch): 0046-RFC-update-Linux-headers-from-irqs-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (included in upstream source archive): 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Added additional documentation provided with v2.9.0 - Fix build failure with gcc7 (bsc#1031340) ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch - Made miscellaneous spec file refinements- The support documents included are now fairly accurate for the arm and s390 world, and the x86 version also received a few tweaks. Also included in those docs is a url reference to upstream qemu deprecation plans and discussions. (fate#321146) - Add post v2.9.0-rc2 upstream patches which fix -cpu host and -cpu max feature overrides for libvirt compatability. 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9 * Includes fix for in guest privilege escalation when using TCG (bsc#1030624) * Patches dropped (equivalent included in upstream source archive): 0047-linux-user-exclude-cpu-model-code-w.patch - Fix failure booting SLE12-SP2 Aarch64 guest (bsc#1031384) 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (no longer needed based on what we now build for): 0024-virtfs-proxy-helper-Provide-__u64-f.patch * Patches dropped (included in upstream source archive): 0034-dma-rc4030-limit-interval-timer-rel.patch * Patches renamed: 0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch 0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch 0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch 0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch 0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch 0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch 0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch 0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch 0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch 0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch 0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch 0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch 0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch 0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch 0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch 0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch 0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch 0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch 0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9 * Updated version carries fixes for the following reported issues: CVE-2016-9602 bsc#1020427, CVE-2016-9923 bsc#1014703, CVE-2017-2630 bsc#1025396, CVE-2017-2633 bsc#1026612, CVE-2017-5579 bsc#1021741, CVE-2017-5931 bsc#1024114, CVE-2017-5973 bsc#1025109, CVE-2017-5987 bsc#1025311, CVE-2017-6058 bsc#1025837, CVE-2017-6505 bsc#1028184 * Patches dropped: seabios_128kb.patch (no longer required) * Patches dropped (included in upstream source archive): 0035-net-imx-limit-buffer-descriptor-cou.patch 0045-virtio-gpu-call-cleanup-mapping-fun.patch 0051-virtio-gpu-fix-information-leak-in-.patch 0052-display-cirrus-ignore-source-pitch-.patch 0053-s390x-kvm-fix-small-race-reboot-vs..patch 0054-target-s390x-use-qemu-cpu-model-in-.patch 0056-tests-check-path-to-avoid-a-failing.patch 0057-display-virtio-gpu-3d-check-virgl-c.patch 0058-watchdog-6300esb-add-exit-function.patch 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch 0060-virtio-gpu-fix-memory-leak-in-resou.patch 0061-virtio-fix-vq-inuse-recalc-after-mi.patch 0062-audio-es1370-add-exit-function.patch 0063-audio-ac97-add-exit-function.patch 0064-megasas-fix-guest-triggered-memory-.patch 0065-cirrus-handle-negative-pitch-in-cir.patch 0066-cirrus-fix-blit-address-mask-handli.patch 0067-cirrus-fix-oob-access-issue-CVE-201.patch 0068-usb-ccid-check-ccid-apdu-length.patch 0069-sd-sdhci-check-data-length-during-d.patch 0070-virtio-gpu-fix-resource-leak-in-vir.patch 0071-cirrus-fix-patterncopy-checks.patch 0072-cirrus-add-blit_is_unsafe-call-to-c.patch * Patches renamed: 0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch 0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch 0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch 0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch 0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch 0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch 0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch 0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch 0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch 0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch 0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch 0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Buildignore for the global gcc-PIE, as this package enables PIE on its own and has troubles if all use it. (meissner@suse.com)- Address various security/stability issues * Fix OOB access in virito-gpu-3d (CVE-2016-10028 bsc#1017084 bsc#1016503) 0057-display-virtio-gpu-3d-check-virgl-c.patch * Fix DOS in Intel 6300ESB device emulation (CVE-2016-10155 bsc#1021129) 0058-watchdog-6300esb-add-exit-function.patch * Fix DOS in virtio-gpu-3d (CVE-2017-5552 bsc#1021195) 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch * Fix DOS in virtio-gpu (CVE-2017-5578 bsc#1021481) 0060-virtio-gpu-fix-memory-leak-in-resou.patch * Fix cause of infrequent migration failures from bad virtio device state. (bsc#1020928) 0061-virtio-fix-vq-inuse-recalc-after-mi.patch * Fix DOS in es1370 emulated audio device (CVE-2017-5526 bsc#1020589) 0062-audio-es1370-add-exit-function.patch * Fix DOS in ac97 emulated audio device (CVE-2017-5525 bsc#1020491) 0063-audio-ac97-add-exit-function.patch * Fix DOS in megasas device emulation (CVE-2017-5856 bsc#1023053) 0064-megasas-fix-guest-triggered-memory-.patch * Fix various inaccuracies in cirrus vga device emulation 0065-cirrus-handle-negative-pitch-in-cir.patch 0066-cirrus-fix-blit-address-mask-handli.patch * Fix OOB access in cirrus vga emulation (CVE-2017-2615 bsc#1023004) 0067-cirrus-fix-oob-access-issue-CVE-201.patch * Fix DOS in usb CCID card device emulator (CVE-2017-5898 bsc#1023907) 0068-usb-ccid-check-ccid-apdu-length.patch * Fix OOB access in SDHCI device emulation (CVE-2017-5667 bsc#1022541) 0069-sd-sdhci-check-data-length-during-d.patch * Fix DOS in virtio-gpu-3d (CVE-2017-5857 bsc#1023073) 0070-virtio-gpu-fix-resource-leak-in-vir.patch * Fix cirrus patterncopy checks 0071-cirrus-fix-patterncopy-checks.patch * Fix OOB access in cirrus vga emulation (CVE-2017-2620 bsc#1024972) 0072-cirrus-add-blit_is_unsafe-call-to-c.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8- Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583)- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Check that sysfs path exists before running test which requires it. This allows qemu-testsuite to succeed in local build service chroot based package build. 0056-tests-check-path-to-avoid-a-failing.patch- Factory and SLE12-SP3 got a name change in the dtc devel package: libfdt1-devel -> libfdt-devel. Adjust our spec file accordingly.- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Patches added: 0055-linux-user-exclude-cpu-model-code-w.patch- Make sure qemu guest agent is usable as soon as qemu-guest-agent package is installed. The previous post script was still not doing the job. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Fix potential hang/crash rebooting s390x guest 0053-s390x-kvm-fix-small-race-reboot-vs..patch * Fix s390x linux-user failure since v2.8.0 update 0054-target-s390x-use-qemu-cpu-model-in-.patch- Merge qemu packages from openSUSE and SUSE SLE releases together for the v2.8 qemu update. The qemu.changes file is the openSUSE version with this entry providing CVE, FATE, and bugzilla references from the SUSE SLE qemu package to date (see below) - Updated to v2.8.0: See http://wiki.qemu-project.org/ChangeLog/2.8 * For SUSE SLE-12-SP3, update relates to fate#319684, fate#321331, fate#321335, fate#321339, fate#321349, fate#321857 * For best compatibility, qemu-ifup and kvm_stat scripts now owned by qemu package * Build ipxe roms with gcc6 to maintain SLE legacy migration compatibility requirements * qmp-commands.txt file removed, to resurface in future doc reorganization * qemu-tech.html file merged into other existing doc * trace-events renamed to trace-events-all - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Patches dropped (upstream): 0013-linux-user-lock-tcg.patch 0014-linux-user-Run-multi-threaded-code-.patch 0015-linux-user-lock-tb-flushing-too.patch 0017-linux-user-implement-FS_IOC_GETFLAG.patch 0018-linux-user-implement-FS_IOC_SETFLAG.patch 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch 0041-vmsvga-correct-bitmap-and-pixmap-si.patch 0042-scsi-mptconfig-fix-an-assert-expres.patch 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch 0046-scsi-mptsas-use-g_new0-to-allocate-.patch 0047-scsi-pvscsi-limit-process-IO-loop-t.patch 0048-virtio-add-check-for-descriptor-s-m.patch 0049-net-mcf-limit-buffer-descriptor-cou.patch 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch 0051-xhci-limit-the-number-of-link-trbs-.patch 0052-9pfs-allocate-space-for-guest-origi.patch 0053-9pfs-fix-memory-leak-in-v9fs_link.patch 0054-9pfs-fix-potential-host-memory-leak.patch 0055-9pfs-fix-information-leak-in-xattr-.patch 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch 0057-9pfs-fix-memory-leak-in-v9fs_write.patch 0058-char-serial-check-divider-value-aga.patch 0059-net-pcnet-check-rx-tx-descriptor-ri.patch 0060-net-eepro100-fix-memory-leak-in-dev.patch 0061-net-rocker-set-limit-to-DMA-buffer-.patch 0062-net-vmxnet-initialise-local-tx-desc.patch 0063-net-rtl8139-limit-processing-of-rin.patch 0064-audio-intel-hda-check-stream-entry-.patch 0065-virtio-gpu-fix-memory-leak-in-virti.patch 0066-9pfs-fix-integer-overflow-issue-in-.patch slof_xhci.patch * Patches renamed: 0016-linux-user-Fake-proc-cpuinfo.patch -> 0013-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-XXX-disable-fiemap.patch -> 0014-linux-user-XXX-disable-fiemap.patch 0020-slirp-nooutgoing.patch -> 0015-slirp-nooutgoing.patch 0021-vnc-password-file-and-incoming-conn.patch -> 0016-vnc-password-file-and-incoming-conn.patch 0022-linux-user-use-target_ulong.patch -> 0017-linux-user-use-target_ulong.patch 0023-block-Add-support-for-DictZip-enabl.patch -> 0018-block-Add-support-for-DictZip-enabl.patch 0024-block-Add-tar-container-format.patch -> 0019-block-Add-tar-container-format.patch 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0026-console-add-question-mark-escape-op.patch -> 0021-console-add-question-mark-escape-op.patch 0027-Make-char-muxer-more-robust-wrt-sma.patch -> 0022-Make-char-muxer-more-robust-wrt-sma.patch 0028-linux-user-lseek-explicitly-cast-no.patch -> 0023-linux-user-lseek-explicitly-cast-no.patch 0029-virtfs-proxy-helper-Provide-__u64-f.patch -> 0024-virtfs-proxy-helper-Provide-__u64-f.patch 0030-configure-Enable-PIE-for-ppc-and-pp.patch -> 0025-configure-Enable-PIE-for-ppc-and-pp.patch 0031-AIO-Reduce-number-of-threads-for-32.patch -> 0026-AIO-Reduce-number-of-threads-for-32.patch 0032-dictzip-Fix-on-big-endian-systems.patch -> 0027-dictzip-Fix-on-big-endian-systems.patch 0033-xen_disk-Add-suse-specific-flush-di.patch -> 0028-xen_disk-Add-suse-specific-flush-di.patch 0035-qemu-bridge-helper-reduce-security-.patch -> 0029-qemu-bridge-helper-reduce-security-.patch 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0037-configure-Fix-detection-of-seccomp-.patch -> 0031-configure-Fix-detection-of-seccomp-.patch 0038-linux-user-properly-test-for-infini.patch -> 0032-linux-user-properly-test-for-infini.patch 0040-linux-user-remove-all-traces-of-qem.patch -> 0033-linux-user-remove-all-traces-of-qem.patch 0067-dma-rc4030-limit-interval-timer-rel.patch -> 0034-dma-rc4030-limit-interval-timer-rel.patch 0068-net-imx-limit-buffer-descriptor-cou.patch -> 0035-net-imx-limit-buffer-descriptor-cou.patch 0069-roms-Makefile-pass-a-packaging-time.patch -> 0036-roms-Makefile-pass-a-packaging-time.patch * Patches added: 0037-Raise-soft-address-space-limit-to-h.patch 0038-increase-x86_64-physical-bits-to-42.patch 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0040-i8254-Fix-migration-from-SLE11-SP2.patch 0041-acpi_piix4-Fix-migration-from-SLE11.patch 0042-Fix-tigervnc-long-press-issue.patch 0043-fix-xen-hvm-direct-kernel-boot.patch 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch 0045-virtio-gpu-call-cleanup-mapping-fun.patch 0046-string-input-visitor-Fix-uint64-par.patch 0047-test-string-input-visitor-Add-int-t.patch 0048-test-string-input-visitor-Add-uint6.patch 0049-tests-Add-QOM-property-unit-tests.patch 0050-tests-Add-scsi-disk-test.patch 0051-virtio-gpu-fix-information-leak-in-.patch 0052-display-cirrus-ignore-source-pitch-.patch ipxe-use-gcc6-for-more-compact-code.patch * SLE patches dropped (accounted for in above listed changes): 0002-qemu-0.9.0.cvs-binfmt.patch 0009-block-vmdk-Support-creation-of-SCSI.patch 0010-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch 0014-linux-user-Ignore-broken-loop-ioctl.patch 0015-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch 0024-linux-user-add-more-blk-ioctls.patch 0025-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-_u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch 0034-Raise-soft-address-space-limit-to-h.patch 0035-increase-x86_64-physical-bits-to-42.patch 0036-vnc-provide-fake-color-map.patch 0037-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0038-i8254-Fix-migration-from-SLE11-SP2.patch 0039-acpi_piix4-Fix-migration-from-SLE11.patch 0040-qtest-Increase-socket-timeout-to-ac.patch 0041-dictzip-Fix-on-big-endian-systems.patch 0043-xen_disk-Add-suse-specific-flush-di.patch 0044-Split-large-discard-requests-from-b.patch 0045-fix-xen-hvm-direct-kernel-boot.patch 0046-xen-introduce-dummy-system-device.patch 0047-xen-write-information-about-support.patch 0048-xen-add-pvUSB-backend.patch 0049-xen-move-xen_sysdev-to-xen_backend..patch 0050-vnc-add-configurable-keyboard-delay.patch 0051-xen-SUSE-xenlinux-unplug-for-emulat.patch 0052-configure-add-echo_version-helper.patch 0053-configure-support-vte-2.91.patch 0054-scsi-esp-fix-migration.patch 0055-hw-arm-virt-mark-the-PCIe-host-cont.patch 0056-xen-when-removing-a-backend-don-t-r.patch 0057-xen-drain-submit-queue-in-xen-usb-b.patch 0058-qcow2-avoid-extra-flushes-in-qcow2.patch 0059-qemu-bridge-helper-reduce-security-.patch 0060-xen-use-a-common-function-for-pv-an.patch 0061-xen_platform-unplug-also-SCSI-disks.patch 0062-virtio-check-vring-descriptor-buffe.patch 0063-net-vmxnet3-check-for-device_active.patch 0064-net-vmxnet-initialise-local-tx-desc.patch 0065-scsi-pvscsi-avoid-infinite-loop-whi.patch 0066-ARM-KVM-Enable-in-kernel-timers-wit.patch 0067-hw-net-Fix-a-heap-overflow-in-xlnx..patch 0068-vmsvga-correct-bitmap-and-pixmap-si.patch 0069-usb-xhci-fix-memory-leak-in-usb_xhc.patch 0070-virtio-add-check-for-descriptor-s-m.patch 0071-net-mcf-limit-buffer-descriptor-cou.patch 0072-usb-ehci-fix-memory-leak-in-ehci_pr.patch 0073-xhci-limit-the-number-of-link-trbs-.patch 0074-9pfs-allocate-space-for-guest-origi.patch 0075-9pfs-fix-memory-leak-in-v9fs_link.patch 0076-9pfs-fix-potential-host-memory-leak.patch 0077-9pfs-fix-memory-leak-in-v9fs_write.patch 0078-char-serial-check-divider-value-aga.patch 0079-net-pcnet-check-rx-tx-descriptor-ri.patch 0080-net-eepro100-fix-memory-leak-in-dev.patch 0081-net-rocker-set-limit-to-DMA-buffer-.patch 0082-net-rtl8139-limit-processing-of-rin.patch 0083-audio-intel-hda-check-stream-entry-.patch 0084-virtio-gpu-fix-memory-leak-in-virti.patch 0085-9pfs-fix-integer-overflow-issue-in-.patch 0086-dma-rc4030-limit-interval-timer-rel.patch 0087-net-imx-limit-buffer-descriptor-cou.patch 0088-target-i386-Implement-CPUID-0xB-Ext.patch 0089-target-i386-present-virtual-L3-cach.patch 0090-migration-fix-inability-to-save-VM-.patch 0091-ui-gtk-Fix-a-runtime-warning-on-vte.patch 0092-gtk-don-t-leak-the-GtkBorder-with-V.patch 0093-xen-fix-ioreq-handling.patch 0094-macio-Use-blk_drain-instead-of-blk_.patch 0095-rbd-Switch-rbd_start_aio-to-byte-ba.patch 0096-virtio-blk-Release-s-rq-queue-at-sy.patch 0097-virtio-blk-Remove-stale-comment-abo.patch 0098-block-reintroduce-bdrv_flush_all.patch 0099-qemu-use-bdrv_flush_all-for-vm_stop.patch 0100-block-backend-remove-blkflush_all.patch 0101-char-fix-missing-return-in-error-pa.patch 0102-rbd-shift-byte-count-as-a-64-bit-va.patch 0103-mirror-use-bdrv_drained_begin-bdrv_.patch 0104-block-curl-Use-BDRV_SECTOR_SIZE.patch 0105-block-curl-Fix-return-value-from-cu.patch 0106-block-curl-Remember-all-sockets.patch 0107-block-curl-Do-not-wait-for-data-bey.patch 0108-virtio-allow-per-device-class-legac.patch 0109-virtio-net-mark-VIRTIO_NET_F_GSO-as.patch 0110-vhost-adapt-vhost_verify_ring_mappi.patch 0111-ivshmem-Fix-64-bit-memory-bar-confi.patch 0112-intel_iommu-fix-incorrect-device-in.patch 0113-9pfs-fix-information-leak-in-xattr-.patch 0114-9pfs-fix-memory-leak-in-v9fs_xattrc.patch 0115-net-mcf-check-receive-buffer-size-r.patch 0116-virtio-gpu-fix-memory-leak-in-updat.patch 0117-virtio-gpu-fix-information-leak-in-.patch 0118-9pfs-adjust-the-order-of-resource-c.patch 0119-9pfs-add-cleanup-operation-in-FileO.patch 0120-9pfs-add-cleanup-operation-for-hand.patch 0121-9pfs-add-cleanup-operation-for-prox.patch 0122-virtio-gpu-call-cleanup-mapping-fun.patch 0123-string-input-visitor-Fix-uint64-par.patch 0124-test-string-input-visitor-Add-int-t.patch 0125-test-string-input-visitor-Add-uint6.patch 0126-tests-Add-QOM-property-unit-tests.patch 0127-tests-Add-scsi-disk-test.patch 0128-usb-ehci-fix-memory-leak-in-ehci_in.patch 0129-usbredir-free-vm_change_state_handl.patch 0130-virtio-gpu-fix-information-leak-in-.patch ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch ipxe-legacy-Fix-building-with-GCC-6.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-util-v5.24-perl-errors-on-redeclare.patch - SLE CVE, FATE, and bugzilla references not otherwise listed in this changelog file. The intent of this list is to indicate that the fix or feature continues the line of inheritance in the development stream of this package. The list is intended to satisfy searches only - refer to the SLE-12-SP2 changelog file for additional details. * fate#314468 fate#314497 fate#315125 fate#315467 fate#317015 fate#317741 fate#317763 fate#318349 fate#319660 fate#319979 fate#321010 * bnc#812983 bnc#869026 bnc#869746 bnc#874413 bnc#875582 bnc#875870 bnc#877642 bnc#877645 bnc#878541 bsc#882405 bsc#886378 bnc#893339 bnc#893892 bnc#895369 bnc#896726 bnc#897654 bnc#905097 bnc#907805 bnc#908380 bnc#914521 bsc#924018 bsc#929339 bsc#932267 bsc#932770 bsc#933981 bsc#936537 bsc#937125 bsc#938344 bsc#940929 bsc#942845 bsc#943446 bsc#944697 bsc#945404 bsc#945987 bsc#945989 bsc#946020 bsc#947159 bnc#953518 bsc#954864 bsc#956829 bsc#957162 bsc#958491 bsc#958917 bsc#959005 bsc#959386 bsc#960334 bsc#960708 bsc#960725 bsc#960835 bsc#961333 bsc#961556 bsc#961691 bsc#962320 bsc#963782 bsc#964413 bsc#970791 bsc#974141 bsc#978158 bsc#979473 bsc#982365 bsc#989655 bsc#991466 bsc#994771 bsc#994774 bsc#996441 bsc#997858 bsc#999212 bsc#1001151 bsc#1002116 bsc#1005353 boo#1007263 bsc#1007769 bsc#1008519 bsc#1009109 bsc#1013285 bsc#1013341 bsc#1013764 bsc#1013767 bsc#1014109 bsc#1014110 bsc#1014111 bsc#1014112 bsc#1014256 bsc#1014514 bsc#1014702 bsc#1015169 bsc#1016779 * CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-6490 CVE-2016-6833 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7161 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922- Despite the previous entry about re-enabling ceph on Nov 19, 2016 the change wasn't actually done. Do it now.- sgabios-stable-buildid.patch: Use geeko@buildhost- slof_xhci.patch: XHCI fixes (boo#977027)- Recommend x86 ROMs for emulated PCI cards on ppc, arm, others (bsc#1005869, michals)- Tidy SLOF patch boilerplate (michals)- Build with spice on all archs. (boo#1009438, michals)- Refine the approach to producing stable builds in our ROM based packages. All built roms which have hostname or date calls now produce consistent results build to build via patch changes, so remove the hostname and date call workarounds. (bsc#1011213) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0069-roms-Makefile-pass-a-packaging-time.patch sgabios-stable-buildid.patch- Re-enable ceph (rbd) functionality in OBS builds as we've been told the issues which prompted us to disable it are resolved - Address various security/stability issues * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516) 0041-vmsvga-correct-bitmap-and-pixmap-si.patch * Fix DOS in LSI SAS1068 emulation (CVE-2016-7157 bsc#997860) 0042-scsi-mptconfig-fix-an-assert-expres.patch 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch * Fix DOS in Vmware pv scsi interface (CVE-2016-7156 bsc#997859) 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch * Fix DOS in USB xHCI emulation (CVE-2016-7466 bsc#1000345) 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch * Fix OOB access in LSI SAS1068 emulation (CVE-2016-7423 bsc#1000397) 0046-scsi-mptsas-use-g_new0-to-allocate-.patch * Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661) 0047-scsi-pvscsi-limit-process-IO-loop-t.patch * Fix NULL pointer dereference in virtio processing (CVE-2016-7422 bsc#1000346) 0048-virtio-add-check-for-descriptor-s-m.patch * Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550) 0049-net-mcf-limit-buffer-descriptor-cou.patch * Fix DOS in USB EHCI emulation (CVE-2016-7995 bsc#1003612) 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878) 0051-xhci-limit-the-number-of-link-trbs-.patch * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894) 0052-9pfs-allocate-space-for-guest-origi.patch * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494) 0053-9pfs-fix-memory-leak-in-v9fs_link.patch * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893) 0054-9pfs-fix-potential-host-memory-leak.patch * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454) 0055-9pfs-fix-information-leak-in-xattr-.patch * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450) 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495) 0057-9pfs-fix-memory-leak-in-v9fs_write.patch * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707) 0058-char-serial-check-divider-value-aga.patch * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557) 0059-net-pcnet-check-rx-tx-descriptor-ri.patch * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391) 0060-net-eepro100-fix-memory-leak-in-dev.patch * Fix OOB access in Rocker switch emulation (CVE-2016-8668 bsc#1004706) 0061-net-rocker-set-limit-to-DMA-buffer-.patch * Plug data leak in vmxnet3 emulation (CVE-2016-6836 bsc#994760) 0062-net-vmxnet-initialise-local-tx-desc.patch * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538) 0063-net-rtl8139-limit-processing-of-rin.patch * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536) 0064-audio-intel-hda-check-stream-entry-.patch * Fix DOS in virtio-gpu (CVE-2016-7994 bsc#1003613) 0065-virtio-gpu-fix-memory-leak-in-virti.patch * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493) 0066-9pfs-fix-integer-overflow-issue-in-.patch * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702) 0067-dma-rc4030-limit-interval-timer-rel.patch * Fix DOS in i.MX NIC emulation (CVE-2016-7907 bsc#1002549) 0068-net-imx-limit-buffer-descriptor-cou.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7- Use fixed timestamps and stable build_id in ipxe and other ROMs * Patches added: ipxe-stable-buildid.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patch updated: 0040-linux-user-skip-0-flag-from-proc-se.patch -> 0040-linux-user-remove-all-traces-of-qem.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0040-linux-user-skip-0-flag-from-proc-se.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch- Document two new options, but leave jemalloc disabled for now - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches dropped: 0034-build-link-with-libatomic-on-powerp.patch * Patches renamed: 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch 0036-qemu-bridge-helper-reduce-security-.patch -> 0035-qemu-bridge-helper-reduce-security-.patch 0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0038-configure-Fix-detection-of-seccomp-.patch -> 0037-configure-Fix-detection-of-seccomp-.patch 0039-linux-user-properly-test-for-infini.patch -> 0038-linux-user-properly-test-for-infini.patch- Updated to v2.7.0: See http://wiki.qemu-project.org/ChangeLog/2.7 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0039-linux-user-properly-test-for-infini.patch- Use new kvm_stat package where available, else provide updated kvm_stat script.- Update to v2.7.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.7- Updated to v2.7.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.7 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches dropped: 0002-qemu-0.9.0.cvs-binfmt.patch (script rewritten upstream) 0009-block-vmdk-Support-creation-of-SCSI.patch (deprecated) 0014-linux-user-Ignore-broken-loop-ioctl.patch (implemented upstream) 0024-linux-user-add-more-blk-ioctls.patch (more implemented upstream) 0034-qtest-Increase-socket-timeout.patch (increased further upstream) 0036-configure-Enable-libseccomp-for-ppc.patch (enabled upstream) 0038-block-split-large-discard-requests-.patch 0041-xen-introduce-dummy-system-device.patch 0042-xen-write-information-about-support.patch 0043-xen-add-pvUSB-backend.patch 0044-xen-move-xen_sysdev-to-xen_backend..patch 0045-vnc-add-configurable-keyboard-delay.patch 0046-configure-add-echo_version-helper.patch 0047-configure-support-vte-2.91.patch 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch 0050-scsi-esp-fix-migration.patch 0051-xen-when-removing-a-backend-don-t-r.patch 0052-xen-drain-submit-queue-in-xen-usb-b.patch 0053-qcow2-avoid-extra-flushes-in-qcow2.patch 0055-xen-use-a-common-function-for-pv-an.patch ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-legacy-Fix-building-with-GCC-6.patch ipxe-util-v5.24-perl-errors-on-redeclare.patch ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch * Patches renamed: 0010-linux-user-add-binfmt-wrapper-for-a.patch -> 0009-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch -> 0010-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch -> 0011-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch -> 0012-linux-user-binfmt-support-host-bina.patch 0015-linux-user-lock-tcg.patch -> 0013-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch -> 0014-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch -> 0015-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch -> 0016-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch -> 0017-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch -> 0018-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch -> 0019-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch -> 0020-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch -> 0021-vnc-password-file-and-incoming-conn.patch 0025-linux-user-use-target_ulong.patch -> 0022-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch -> 0023-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch -> 0024-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch -> 0026-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch -> 0027-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch -> 0028-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-__u64-f.patch -> 0029-virtfs-proxy-helper-Provide-__u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch -> 0030-configure-Enable-PIE-for-ppc-and-pp.patch 0035-AIO-Reduce-number-of-threads-for-32.patch -> 0031-AIO-Reduce-number-of-threads-for-32.patch 0037-dictzip-Fix-on-big-endian-systems.patch -> 0032-dictzip-Fix-on-big-endian-systems.patch 0039-xen_disk-Add-suse-specific-flush-di.patch -> 0033-xen_disk-Add-suse-specific-flush-di.patch 0040-build-link-with-libatomic-on-powerp.patch -> 0034-build-link-with-libatomic-on-powerp.patch 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch 0054-qemu-bridge-helper-reduce-security-.patch -> 0036-qemu-bridge-helper-reduce-security-.patch * Patches added: 0002-qemu-binfmt-conf-Modify-default-pat.patch 0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch * Package renamed trace-events-all file and linuxboot_dma.bin * Handle building and packaging roms for e1000e and vmxnet3 (Bruce) * Remove ipxe patches which are now enabled upstream (Bruce) * Enable seccomp for s390x (Mark Post): 0038-configure-Fix-detection-of-seccomp-.patch- Update to v2.6.1 a stable, bug-fix-only release (fate#316228) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped (upstreamed): 0041-net-mipsnet-check-packet-length-aga.patch 0042-i386-kvmvapic-initialise-imm32-vari.patch 0043-esp-check-command-buffer-length-bef.patch 0044-esp-check-dma-length-before-reading.patch 0045-scsi-pvscsi-check-command-descripto.patch 0046-scsi-mptsas-infinite-loop-while-fet.patch 0047-vga-add-sr_vbe-register-set.patch 0048-scsi-megasas-use-appropriate-proper.patch 0049-scsi-megasas-check-read_queue_head-.patch 0050-scsi-megasas-null-terminate-bios-ve.patch 0051-vmsvga-move-fifo-sanity-checks-to-v.patch 0052-vmsvga-don-t-process-more-than-1024.patch 0053-block-iscsi-avoid-potential-overflo.patch 0054-scsi-esp-check-TI-buffer-index-befo.patch 0060-scsi-megasas-initialise-local-confi.patch 0065-scsi-esp-check-buffer-length-before.patch 0066-scsi-esp-respect-FIFO-invariant-aft.patch 0067-pci-assign-Move-Invalid-ROM-error-m.patch 0068-Xen-PCI-passthrough-fix-passthrough.patch 0069-scsi-esp-make-cmdbuf-big-enough-for.patch 0071-virtio-error-out-if-guest-exceeds-v.patch * Patches renamed: 0055-xen-introduce-dummy-system-device.patch - > 0041-xen-introduce-dummy-system-device.patch 0056-xen-write-information-about-support.patch - > 0042-xen-write-information-about-support.patch 0057-xen-add-pvUSB-backend.patch - > 0043-xen-add-pvUSB-backend.patch 0058-xen-move-xen_sysdev-to-xen_backend..patch - > 0044-xen-move-xen_sysdev-to-xen_backend..patch 0059-vnc-add-configurable-keyboard-delay.patch - > 0045-vnc-add-configurable-keyboard-delay.patch 0061-configure-add-echo_version-helper.patch - > 0046-configure-add-echo_version-helper.patch 0062-configure-support-vte-2.91.patch - > 0047-configure-support-vte-2.91.patch 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch - > 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch - > 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch 0070-scsi-esp-fix-migration.patch - > 0050-scsi-esp-fix-migration.patch 0072-xen-when-removing-a-backend-don-t-r.patch - > 0051-xen-when-removing-a-backend-don-t-r.patch 0073-xen-drain-submit-queue-in-xen-usb-b.patch - > 0052-xen-drain-submit-queue-in-xen-usb-b.patch 0074-qcow2-avoid-extra-flushes-in-qcow2.patch - > 0053-qcow2-avoid-extra-flushes-in-qcow2.patch 0075-qemu-bridge-helper-reduce-security-.patch - > 0054-qemu-bridge-helper-reduce-security-.patch 0076-xen-use-a-common-function-for-pv-an.patch - > 0055-xen-use-a-common-function-for-pv-an.patch- Temporarily disable ceph (rbd) functionality in OBS due to staging issues.- use upstream solution for building xen-usb.c correctly - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped: 0058-usb-Fix-conditions-that-xen-usb.c-i.patch * Patches added: 0058-xen-move-xen_sysdev-to-xen_backend..patch- Incorporate patch carried in Xen's qemu to get same support as Xen switches to use the qemu package (bsc#953339, bsc#953362, bsc#953518, bsc#984981) 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch - Fix more potential OOB accesses in 53C9X emulation (CVE-2016-5238 bsc#982959) 0065-scsi-esp-check-buffer-length-before.patch 0066-scsi-esp-respect-FIFO-invariant-aft.patch - Avoid "Invalid ROM" error message when it is not appropriate (bsc#982927) 0067-pci-assign-Move-Invalid-ROM-error-m.patch - Fix failure in Xen HVM PCI passthrough (bsc#981925, bsc#989250) 0068-Xen-PCI-passthrough-fix-passthrough.patch - Fix OOB access in 53C9X emulation (CVE-2016-6351 bsc#990835) 0069-scsi-esp-make-cmdbuf-big-enough-for.patch 0070-scsi-esp-fix-migration.patch - Avoid potential for guest initiated OOM condition in qemu through virtio interface (CVE-2016-5403 bsc#991080) 0071-virtio-error-out-if-guest-exceeds-v.patch - Fix potential crashes in qemu from pvusb bugs (bsc#986156) 0072-xen-when-removing-a-backend-don-t-r.patch 0073-xen-drain-submit-queue-in-xen-usb-b.patch - Avoid unneeded flushes in qcow2 which impact performance (bsc#991296) 0074-qcow2-avoid-extra-flushes-in-qcow2.patch - Finally get qemu-bridge-helper the permissions it needs for non- root usage. The kvm group is leveraged to control access. (boo#988279) 0075-qemu-bridge-helper-reduce-security-.patch - Fix pvusb not working for HVM guests (bsc#991785) 0076-xen-use-a-common-function-for-pv-an.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 - Minor spec file formatting fixes- Fix ARM PCIe DMA coherency bug (bsc#991034) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches added: 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch- Clean up the udev ifdeffery to cover systemd as well (boo#860275) - Trigger udev rules also under systemd (boo#989655) - Suppress s390x sysctl in chroot - Ignore s390x sysctl failures (agraf)- Build SLOF for SLE12 now that we have gcc fix (bsc#949000) - Add script for loading kvm module on s390x - Enable seccomp and iscsi support in more configurations - Enable more support for virtio-gpu - Fix /dev/kvm permissions problem with package install and no reboot (bnc#867867) - Remove libtool dependency - Disable more aggressive stack protector for performance reasons - Enable vte to be used again in more configurations (bsc#988855) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches added: 0061-configure-add-echo_version-helper.patch 0062-configure-support-vte-2.91.patch- Remove deprecated patch "work-around-SA_RESTART-race" (boo#982208) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped: 0002-XXX-work-around-SA_RESTART-race-wit.patch 0003-qemu-0.9.0.cvs-binfmt.patch 0004-qemu-cvs-alsa_bitfield.patch 0005-qemu-cvs-alsa_ioctl.patch 0006-qemu-cvs-alsa_mmap.patch 0007-qemu-cvs-gettimeofday.patch 0008-qemu-cvs-ioctl_debug.patch 0009-qemu-cvs-ioctl_nodirection.patch 0010-block-vmdk-Support-creation-of-SCSI.patch 0011-linux-user-add-binfmt-wrapper-for-a.patch 0012-PPC-KVM-Disable-mmu-notifier-check.patch 0013-linux-user-fix-segfault-deadlock.patch 0014-linux-user-binfmt-support-host-bina.patch 0015-linux-user-Ignore-broken-loop-ioctl.patch 0016-linux-user-lock-tcg.patch 0017-linux-user-Run-multi-threaded-code-.patch 0018-linux-user-lock-tb-flushing-too.patch 0019-linux-user-Fake-proc-cpuinfo.patch 0020-linux-user-implement-FS_IOC_GETFLAG.patch 0021-linux-user-implement-FS_IOC_SETFLAG.patch 0022-linux-user-XXX-disable-fiemap.patch 0023-slirp-nooutgoing.patch 0024-vnc-password-file-and-incoming-conn.patch 0025-linux-user-add-more-blk-ioctls.patch 0026-linux-user-use-target_ulong.patch 0027-block-Add-support-for-DictZip-enabl.patch 0028-block-Add-tar-container-format.patch 0029-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0030-console-add-question-mark-escape-op.patch 0031-Make-char-muxer-more-robust-wrt-sma.patch 0032-linux-user-lseek-explicitly-cast-no.patch 0033-virtfs-proxy-helper-Provide-__u64-f.patch 0034-configure-Enable-PIE-for-ppc-and-pp.patch 0035-qtest-Increase-socket-timeout.patch 0036-AIO-Reduce-number-of-threads-for-32.patch 0037-configure-Enable-libseccomp-for-ppc.patch 0038-dictzip-Fix-on-big-endian-systems.patch 0039-block-split-large-discard-requests-.patch 0040-xen_disk-Add-suse-specific-flush-di.patch 0041-build-link-with-libatomic-on-powerp.patch 0042-net-mipsnet-check-packet-length-aga.patch 0043-i386-kvmvapic-initialise-imm32-vari.patch 0044-esp-check-command-buffer-length-bef.patch 0045-esp-check-dma-length-before-reading.patch 0046-scsi-pvscsi-check-command-descripto.patch 0047-scsi-mptsas-infinite-loop-while-fet.patch 0048-vga-add-sr_vbe-register-set.patch 0049-scsi-megasas-use-appropriate-proper.patch 0050-scsi-megasas-check-read_queue_head-.patch 0051-scsi-megasas-null-terminate-bios-ve.patch 0052-vmsvga-move-fifo-sanity-checks-to-v.patch 0053-vmsvga-don-t-process-more-than-1024.patch 0054-block-iscsi-avoid-potential-overflo.patch 0055-scsi-esp-check-TI-buffer-index-befo.patch 0056-xen-introduce-dummy-system-device.patch 0057-xen-write-information-about-support.patch 0058-xen-add-pvUSB-backend.patch 0059-usb-Fix-conditions-that-xen-usb.c-i.patch 0060-vnc-add-configurable-keyboard-delay.patch 0061-scsi-megasas-initialise-local-confi.patch * Patches added: 0002-qemu-0.9.0.cvs-binfmt.patch 0003-qemu-cvs-alsa_bitfield.patch 0004-qemu-cvs-alsa_ioctl.patch 0005-qemu-cvs-alsa_mmap.patch 0006-qemu-cvs-gettimeofday.patch 0007-qemu-cvs-ioctl_debug.patch 0008-qemu-cvs-ioctl_nodirection.patch 0009-block-vmdk-Support-creation-of-SCSI.patch 0010-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch 0014-linux-user-Ignore-broken-loop-ioctl.patch 0015-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch 0024-linux-user-add-more-blk-ioctls.patch 0025-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-__u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch 0034-qtest-Increase-socket-timeout.patch 0035-AIO-Reduce-number-of-threads-for-32.patch 0036-configure-Enable-libseccomp-for-ppc.patch 0037-dictzip-Fix-on-big-endian-systems.patch 0038-block-split-large-discard-requests-.patch 0039-xen_disk-Add-suse-specific-flush-di.patch 0040-build-link-with-libatomic-on-powerp.patch 0041-net-mipsnet-check-packet-length-aga.patch 0042-i386-kvmvapic-initialise-imm32-vari.patch 0043-esp-check-command-buffer-length-bef.patch 0044-esp-check-dma-length-before-reading.patch 0045-scsi-pvscsi-check-command-descripto.patch 0046-scsi-mptsas-infinite-loop-while-fet.patch 0047-vga-add-sr_vbe-register-set.patch 0048-scsi-megasas-use-appropriate-proper.patch 0049-scsi-megasas-check-read_queue_head-.patch 0050-scsi-megasas-null-terminate-bios-ve.patch 0051-vmsvga-move-fifo-sanity-checks-to-v.patch 0052-vmsvga-don-t-process-more-than-1024.patch 0053-block-iscsi-avoid-potential-overflo.patch 0054-scsi-esp-check-TI-buffer-index-befo.patch 0055-xen-introduce-dummy-system-device.patch 0056-xen-write-information-about-support.patch 0057-xen-add-pvUSB-backend.patch 0058-usb-Fix-conditions-that-xen-usb.c-i.patch 0059-vnc-add-configurable-keyboard-delay.patch 0060-scsi-megasas-initialise-local-confi.patch - Enable ceph (rbd) support for aarch64- Enable ceph (rbd) support- Fix OVMF iPXE network menu (bsc#986033, boo#987488) ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch- Fix host information leak to guest in MegaRAID SAS 8708EM2 Host Bus AdapterMegaRAID SAS 8708EM2 Host Bus Adapter emulation support (CVE-2016-5105 bsc#982017) * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 0061-scsi-megasas-initialise-local-confi.patch- Address various security/stability issues * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Fix OOB access in megasas emulated device (CVE-2016-5106 bsc#982018) 0049-scsi-megasas-use-appropriate-proper.patch * Fix OOB access in megasas emulated device (CVE-2016-5107 bsc#982019) 0050-scsi-megasas-check-read_queue_head-.patch * Fix OOB access in megasas emulated device (CVE-2016-5337 bsc#983961) 0051-scsi-megasas-null-terminate-bios-ve.patch * Correct the vmvga fifo access checks (CVE-2016-4454 bsc#982222) 0052-vmsvga-move-fifo-sanity-checks-to-v.patch * Fix potential DoS issue in vmvga processing (CVE-2016-4453 bsc#982223) 0053-vmsvga-don-t-process-more-than-1024.patch * Fix heap buffer overflow flaw when iscsi protocol is used (CVE-2016-5126 bsc#982285) 0054-block-iscsi-avoid-potential-overflo.patch * Fix OOB access in 53C9X emulation (CVE-2016-5338 bsc#983982) 0055-scsi-esp-check-TI-buffer-index-befo.patch - Add support to qemu for pv-usb under Xen (fate#316612) 0056-xen-introduce-dummy-system-device.patch 0057-xen-write-information-about-support.patch 0058-xen-add-pvUSB-backend.patch 0059-usb-Fix-conditions-that-xen-usb.c-i.patch - Provide ability to rate limit keyboard events from the vnc server. This is part of the solution to an issue affecting openQA testing, where characters are lost, resulting in unexpected failures (bsc#974914) 0060-vnc-add-configurable-keyboard-delay.patch- Adjust to parallel changes in virglrenderer packages - no longer "BuildRequires" virglrenderer directly, just the devel package.- Fix build compatibility with gcc6 wrt ipxe rom where compiler warnings are treated as errors. ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-legacy-Fix-building-with-GCC-6.patch - Fix ipxe build script which fails under perl v5.24 ipxe-util-v5.24-perl-errors-on-redeclare.patch - Specify build time disk space requirements for ppc64 and ppc64le- Add sysctl script and %post on s390x to allow kvm usage (bsc#975331)- Address various security/stability issues * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Fix OOB access in MIPSnet emulated controller CVE-2016-4002 (bsc#975136) 0042-net-mipsnet-check-packet-length-aga.patch * Fix possible host data leakage to guest from TPR access CVE-2016-4020 (bsc#975700) 0043-i386-kvmvapic-initialise-imm32-vari.patch * Avoid OOB access in 53C9X emulation CVE-2016-4439 (bsc#980711) 0044-esp-check-command-buffer-length-bef.patch * Avoid OOB access in 53C9X emulation CVE-2016-4441 (bsc#980723) 0045-esp-check-dma-length-before-reading.patch * Avoid OOB access in Vmware PV SCSI emulation CVE-2016-4952 (bsc#981266) 0046-scsi-pvscsi-check-command-descripto.patch * Avoid potential DoS in LSI SAS1068 emulation CVE-2016-4964 (bsc#981399) 0047-scsi-mptsas-infinite-loop-while-fet.patch * Fix regression in vga behavior - introduced in v2.6.0 CVE-2016-3712 (bsc#978160) 0048-vga-add-sr_vbe-register-set.patch- Update to v2.6.0: See http://wiki.qemu-project.org/ChangeLog/2.6 - Enable SDL2, virglrenderer (for use with virtio-gpu), xfsctl, and tracing using default log backend - Build efi pxe roms on x86_64- Check modules for conflicting release versions - Suggest recently added block modules- Bump copyright in qemu.spec.in - Enable libiscsi for Factory - Enable seccomp for ppc64le as well- Update to v2.6.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.6 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped (upstreamed): 0041-tests-Use-correct-config-param-for-.patch * Patches renamed: 0042-build-link-with-libatomic-on-powerp.patch -> 0041-build-link-with-libatomic-on-powerp.patch- Partially revert the last change's cleanup - Indicate SUSE version- Update to v2.6.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.6 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Accept every size in DISCARD request from a guest (bsc#964427) 0039-block-split-large-discard-requests-.patch * Recognize libxl flag to disable flush in block device (bsc#879425) 0040-xen_disk-Add-suse-specific-flush-di.patch * Use correct flag for crypto tests 0041-tests-Use-correct-config-param-for-.patch * Fix build on powerpc: 0042-build-link-with-libatomic-on-powerp.patch * Patches dropped (upstreamed): seabios_checkrom_typo.patch seabios_avoid_smbios_signature_string.patch- Disable vte for Leap, fixing build- Don't drop u-boot.e500 yet - breaks testsuite- Re-enable libcacard support - Clean up configured features- Clean up qemu-tools libcacard Provides/Obsoletes - separate again - Drop u-boot.e500 - being packaged as u-boot-ppce500- Update to v2.5.0: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Patches dropped (upstreamed): 0039-tests-Fix-check-report-qtest-target.patch- Fix build on openSUSE 13.2- Fix testsuite on 32bit systems (bsc#957379)- Update to v2.5.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Rebase libseccomp enablement: 0037-Revert-Revert-seccomp-tests-that-al.patch -> 0037-configure-Enable-libseccomp-for-ppc.patch * Provide qemu-ga and qemu-ipxe for qemu-testsuite - Clean up qemu-ksm recommendation- Fix SLE11 build by fixing systemd conditionalization (from olh)- Update to v2.5.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Patches dropped (upstream): 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch 0039-tests-Unique-test-path-for-string-v.patch gcc5-ipxe-add-missing-const-qualifiers.patch gcc5-ipxe-ath9k-Remove-confusing-logic-inversion-in-an-ANI-var.patch SLOF_ppc64le.patch * Patch renamed: 0040-dictzip-Fix-on-big-endian-systems.patch -> 0038-dictzip-Fix-on-big-endian-systems.patch * --enable-smartcard-nss -> --enable-smartcard Needs an external libcacard, so drop it for now. * Drop --enable-vnc-tls * Require xz-devel for ipxe build * Package qemu-ga(8) man page * Package ivshmem-{client,server} * Patches added: 0039-tests-Fix-check-report-qtest-target.patch- Add systemd unit file and udev rules for qemu guest agent - taken from the SLE12 / Leap package, see boo#955707- Add _constraints file (based on work by kenljohnson)- Enable SLOF build for ppc64le, too, now (bsc#949000, bsc#949016)- Allow building SLOF on ppc64le (bsc#949016) SLOF_ppc64le.patch - Add two checks for DictZip and tar qemu-img behavior (bsc#945778) * Clean up qemu-testsuite build/installation- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix endianness issues in DictZip block driver (bsc#937572, bsc#945778) 0027-block-Add-support-for-DictZip-enabl.patch 0028-block-Add-tar-container-format.patch 0040-dictzip-Fix-on-big-endian-systems.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix qemu-testsuite for glib2-2.46.0 by assuring uniqueness of paths 0039-tests-Unique-test-path-for-string-v.patch- Build SLOF on ppc64 (bsc#949016, thanks to k0da) * Simplify x86 fw logic while at it - No need to enable KVM for armv6hl - Add notice about pre_checkin.sh to update_git.sh- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix aarch64 TCG: 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch- Update to v2.4.0: See http://wiki.qemu-project.org/ChangeLog/2.4- Update to v2.4.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.4 * Provide qemu-img symlink instead of passing QTEST_QEMU_IMG- Update to v2.4.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.4 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches dropped: 0037-linux-user-Allocate-thunk-size-dyna.patch 0039-s390x-Fix-stoc-direction.patch 0040-s390x-Add-interlocked-access-facili.patch 0041-fdc-force-the-fifo-access-to-be-in-.patch 0042-rules.mak-Force-CFLAGS-for-all-obje.patch 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch 0044-hw-arm-boot-Increase-fdt-alignment.patch * Patches renamed: 0038-Revert-Revert-seccomp-tests-that-al.patch -> 0037-Revert-Revert-seccomp-tests-that-al.patch * Package new vgabios-virtio.bin * target-x86_64.conf was dropped * Add qemu-block-dmg module sub-package * Set QTEST_QEMU_IMG variable for ahci-test * --enable-quorum and --enable-vnc-ws are no longer available- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix -kernel boot for AArch64 * Patches added: 0044-hw-arm-boot-Increase-fdt-alignment.patch- Use libusb-1_0-devel as buildrequires, not the old unused compatibility layer in libusb-devel- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix qemu2 cow caching (bsc#933132) * Patches added: 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch- Patch queue updated from git://github.com/jirislaby/qemu.git opensuse-2.3 * Patches added: 0042-rules.mak-Force-CFLAGS-for-all-obje.patch gcc5-ipxe-add-missing-const-qualifiers.patch gcc5-ipxe-ath9k-Remove-confusing-logic-inversion-in-an-ANI-var.patch- Fix CVE-2015-3456 (boo#929339) 0041-fdc-force-the-fifo-access-to-be-in-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches added: 0040-s390x-Add-interlocked-access-facili.patch - Disable dependency on libnuma for s390x (not available in SLE12)- Update to v2.3.0: See http://wiki.qemu-project.org/ChangeLog/2.3 - Disable iotests for now- Update to v2.3.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.3- Update seabios_avoid_smbios_signature_string.patch with version applied upstream- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix s390x stoc instructions 0039-s390x-Fix-stoc-direction.patch- Update to v2.3.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (applied upstream): 0037-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch * Patches renamed: 0038-linux-user-Allocate-thunk-size-dyna.patch -> 0037-linux-user-Allocate-thunk-size-dyna.patch * Revert -rc3 change to disable seccomp on non-x86 architectures 0038-Revert-Revert-seccomp-tests-that-al.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix qemu-linux-user on powerpc * Patches added: 0038-linux-user-Allocate-thunk-size-dyna.patch- Split off qemu-testsuite.spec * Package check-report.html and check-report.xml * Enable quick iotests - Dropped 0030-net-Warn-about-default-MAC-address.patch The warning is relevant only for bridged setups, not for the default SLIRP based -net user / -netdev user setup, and it breaks output expectations of some iotests. * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches renamed: 0031-console-add-question-mark-escape-op.patch -> 0030-console-add-question-mark-escape-op.patch 0032-Make-char-muxer-more-robust-wrt-sma.patch -> 0031-Make-char-muxer-more-robust-wrt-sma.patch 0033-linux-user-lseek-explicitly-cast-no.patch -> 0032-linux-user-lseek-explicitly-cast-no.patch 0034-virtfs-proxy-helper-Provide-__u64-f.patch -> 0033-virtfs-proxy-helper-Provide-__u64-f.patch 0035-configure-Enable-PIE-for-ppc-and-pp.patch -> 0034-configure-Enable-PIE-for-ppc-and-pp.patch 0036-qtest-Increase-socket-timeout.patch -> 0035-qtest-Increase-socket-timeout.patch 0037-AIO-Reduce-number-of-threads-for-32.patch -> 0036-AIO-Reduce-number-of-threads-for-32.patch 0038-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch -> 0037-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch - Re-enable glusterfs on Factory (updated from v3.6.1 to v3.6.2) - Re-enable seccomp for armv7l (libseccomp submission pending)- Suppress seccomp for Factory armv7l (broken in libseccomp v2.2.0) - Disable glusterfs explicitly on Factory, SLE12 and before 13.1- Enable glusterfs and package as qemu-block-gluster glusterfs post-v3.5.3 and v3.6.1/v3.6.2 have switched the glusterfs-api.pc version incompatibly, so only 13.1+13.2 for now - Use macro for module Conflicts- Tidy configure options: * Move --enable-modules to build options * Sort libusb alphabetically * Explicitly enable attr, bluez, fdt, lzo, tpm, vhdx, vhost-net, vnc, xen-pci-passthrough * Enable bzip2 * Enable libssh2 where possible and package as qemu-block-ssh * Enable numa where a compatible numactl is available * Enable quorum where a compatible gnutls is available * Enable snappy where possible * Prepare to enable glusterfs * Explicitly enable the nop tracing backend (to be revisited) * Explicitly disable Archipelago, as we don't have libxseg and it's incompatibly GPL-3.0+ * Explicitly disable libiscsi, libnfs, netmap and rbd as we don't have packages * Drop deprecated --enable-virtio-blk-data-plane (now default)- Fix 64-bit TCG stores on 32-bit Big Endian hosts (ppc) 0038-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3- Update to v2.3.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (upstreamed): 0038-fw_cfg-test-Fix-test-path-to-includ.patch 0039-rcu-tests-fix-compilation-on-32-bit.patch- make check was failing due to a bogus SMBIOS signature being encountered within SeaBIOS. Avoid having that signature stored randomly within the SeaBIOS image. * seabios_avoid_smbios_signature_string.patch- Build x86 firmware only from 13.1 on (11.4 was broken, surpassing 128 KB) - Update to v2.3.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (upstreamed): 0038-linux-user-Fix-emulation-of-splice-.patch 0039-ide-fix-cmd_write_pio-when-nsectors.patch 0040-ide-fix-cmd_read_pio-when-nsectors-.patch 0041-ahci-Fix-sglist-offset-manipulation.patch 0042-ahci-test-improve-rw-buffer-pattern.patch 0045-linux-user-fix-broken-cpu_copy.patch * Patches renamed: 0043-fw_cfg-test-Fix-test-path-to-includ.patch -> 0038-fw_cfg-test-Fix-test-path-to-includ.patch 0044-rcu-tests-fix-compilation-on-32-bit.patch -> 0039-rcu-tests-fix-compilation-on-32-bit.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches added: 0045-linux-user-fix-broken-cpu_copy.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Make test path for fw_cfg-test unique (including architecture) 0043-fw_cfg-test-Fix-test-path-to-includ.patch * Fix rcu tests build on ppc (undefined reference to `__sync_fetch_and_add_8') 0044-rcu-tests-fix-compilation-on-32-bit.patch - Fix typo in SeaBIOS size check seabios_checkrom_typo.patch- Update to v2.3.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.3 * Updated update_git.sh accordingly * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * seabios_128kb.patch: Added patch to squeeze SeaBIOS into 128 KB with our gcc 4.8.3 (brogers@suse.com) - Renamed 0030-Legacy-Patch-kvm-qemu-preXX-report-.patch to 0030-net-Warn-about-default-MAC-address.patch: Suppress warning for accel=qtest, to sanitize make check results. - Added patches to fix ahci-test: 0039-ide-fix-cmd_write_pio-when-nsectors.patch 0040-ide-fix-cmd_read_pio-when-nsectors-.patch 0041-ahci-Fix-sglist-offset-manipulation.patch 0042-ahci-test-improve-rw-buffer-pattern.patch- Update company name in spec file templates - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches added: 0038-linux-user-Fix-emulation-of-splice-.patch- Add user kvm when installing guest-agent. - Use macro to update udev_rules when available- Fix packaging of e500 U-Boot - Don't rely on wildcard with explicit excludes- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches added: 0037-AIO-Reduce-number-of-threads-for-32.patch- Update to v2.2.0: See http://wiki.qemu-project.org/ChangeLog/2.2 * Updated DictZip and Tar block backends accordingly - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches dropped: 0015-target-arm-linux-user-no-tb_flush-o.patch (tb_flush() not called) 0037-tests-Don-t-run-qom-test-twice.patch (superseded) 0039-linux-user-Cast-validity-checks-on-.patch (helper function introduced) 0040-linux-user-Convert-blkpg-to-use-a-s.patch (upstreamed) * Patched renumbered: 0016-linux-user-Ignore-broken-loop-ioctl.patch -> 0015-linux-user-Ignore-broken-loop-ioctl.patch 0017-linux-user-lock-tcg.patch -> 0016-linux-user-lock-tcg.patch 0018-linux-user-Run-multi-threaded-code-.patch -> 0017-linux-user-Run-multi-threaded-code-.patch 0019-linux-user-lock-tb-flushing-too.patch -> 0018-linux-user-lock-tb-flushing-too.patch 0020-linux-user-Fake-proc-cpuinfo.patch -> 0019-linux-user-Fake-proc-cpuinfo.patch 0021-linux-user-implement-FS_IOC_GETFLAG.patch -> 0020-linux-user-implement-FS_IOC_GETFLAG.patch 0022-linux-user-implement-FS_IOC_SETFLAG.patch -> 0021-linux-user-implement-FS_IOC_SETFLAG.patch 0023-linux-user-XXX-disable-fiemap.patch -> 0022-linux-user-XXX-disable-fiemap.patch 0024-slirp-nooutgoing.patch -> 0023-slirp-nooutgoing.patch 0025-vnc-password-file-and-incoming-conn.patch -> 0024-vnc-password-file-and-incoming-conn.patch 0026-linux-user-add-more-blk-ioctls.patch -> 0025-linux-user-add-more-blk-ioctls.patch 0027-linux-user-use-target_ulong.patch -> 0026-linux-user-use-target_ulong.patch 0028-block-Add-support-for-DictZip-enabl.patch -> 0027-block-Add-support-for-DictZip-enabl.patch 0029-block-Add-tar-container-format.patch -> 0028-block-Add-tar-container-format.patch 0030-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0029-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0031-Legacy-Patch-kvm-qemu-preXX-report-.patch -> 0030-Legacy-Patch-kvm-qemu-preXX-report-.patch 0032-console-add-question-mark-escape-op.patch -> 0031-console-add-question-mark-escape-op.patch 0033-Make-char-muxer-more-robust-wrt-sma.patch -> 0032-Make-char-muxer-more-robust-wrt-sma.patch 0034-linux-user-lseek-explicitly-cast-no.patch -> 0033-linux-user-lseek-explicitly-cast-no.patch 0035-virtfs-proxy-helper-Provide-__u64-f.patch -> 0034-virtfs-proxy-helper-Provide-__u64-f.patch 0036-configure-Enable-PIE-for-ppc-and-pp.patch -> 0035-configure-Enable-PIE-for-ppc-and-pp.patch 0038-qtest-Increase-socket-timeout.patch -> 0036-qtest-Increase-socket-timeout.patch/bin/sh/bin/sh/bin/shgoat11 1590755262 3.1.1.1-lp151.7.15.23.1.1.1-lp151.7.15.23.1.1.1-lp151.7.15.2qemubridge.confanalyze-migration.pyivshmem-clientivshmem-serverqemu-edidqemu-imgqemu-ioqemu-keymapqemu-nbdqemu-pr-helpervirtfs-proxy-helpervmstate-static-checker.pyqemu-bridge-helperqemu-img.1.gzvirtfs-proxy-helper.1.gzqemu-nbd.8.gz/etc//etc/qemu//usr/bin//usr/lib//usr/share/man/man1//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:12771/openSUSE_Leap_15.1_Update/92f872becb1e270210e261f0b41a7efc-qemu.openSUSE_Leap_15.1_Updatedrpmxz5x86_64-suse-linux directoryASCII textPython script, ASCII text executableELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=fb34e26486e1234f1d567ea9b646976e0efcb8d2, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=f6edee7df47155af3550ab2695b7f6d8313c5004, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=6945c806aca5cf7055c72191b1dde2f7bbfec1cd, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=fdbabba086469e4911352f6f3f2cd682b5dc8289, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=5fe633559a6d56e0332aacbe1a0d12a50526afa7, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=712c050cfa6c17711f28a32bd3f21842a648bcf7, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=cde3a33a37815abbb80ebf0e9007942e5636b477, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=b40dedb3d1a4b202539e9bdd6e615a198e8e03a4, for GNU/Linux 3.2.0, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=c8155cec582c1a219563d6a91a106886a6b7214b, for GNU/Linux 3.2.0, strippedPython script, ASCII text executable, with very long linessetuid ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/l, BuildID[sha1]=1c0922f853cb835585784ee0c424ab836672a445, for GNU/Linux 3.2.0, strippedtroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix) *Jj~   RRR RR R%RR#RR R)R$R'R&R%RRR R R R RRR RRRR(RR#RR R%R RRR RRRR#RR)RRRRR R$R'R&R%RR R RRRRRR RR R.RRRR(RRRRR#RR)RRRRR R$R'R&R%RR R RRRRRR RR R.RRRR(RRRRR#RR R-R$R'R&R%RR R R RRR RRRR,RR#RR)RRRRR R$R'R&R%RR R RRRRRR RR R.RRRR(RRRRR#RR R)R+RRRR RR RR RRR RR'R$R&R%RRR(RRRR*R!R"RR#RR%RR RRRR RRRR#RRR%RRRR RR#Rg|.aZډyvmultipath-toolsqemu-block-curlqemu-block-rbdutf-836d66d7e1937b3444ffd97ba9111ca4f8831f8a48435a1de7b23ea787136b494?7zXZ !t/-]"k%w%RLR~ʊ&fzHQ9}(Ly#`?+oη~~531nث \6+lPnF3n=iohmY2\U='R~sֶPK#ԴEg|N`rٺdqR /h߾hp-+?lCpn,} L2Ն x]M 'ho? h>}Ro` o{d3ꖌvawNU;N0d|sWHGe{ A+߷h^>$ޥ=8_YAf ,4wwU:b͡.*1 ]:>9Q^u0woz|&qA!dewU(O.Rx1| _{8eG <j'~-.^P!QY~~Ml@, !{q€7(ȇb;)- Mu_6$Fֳ`{u85o#ҽ$=m)`oR So fd#j)f$V(ݑ@"Q-z-bwF f\o KLh0ŸwFa-NQ[aհr[\_&P!| wm$N2R*״Z:>n4*5yXYs~H~(V1RD>7XKh1/`"~xAJL*A 4xTd;F?l$\'^E&x)"U@!""Ũ3~v@D1xɧV > qѳddV$y(E`扰\@aЫD:tibCm%Ri@fۇ.aUH)>þŴlB(H-0;?d;}e;.ՊqIְ_=elDxP9b/PN&D@?u&R*Y3>j+K'R0. ͽݧQP-i̲ 4 ^qo5YDOWc|مmƕ?wW0 qا4zږhc{}P5^ \Sy?z&z@ G0|+G^)j48L~5}+g(mA XAnæGѡ\*d-:;; 8cyTej*4'\ =`13_ws}Y؋sb Hl R7x@!ߞ'fW(1% Ie*4?}:څ:/L|Jų3ߒ6 F #] j|{7ujz6boc[mkn@0w>0hUgjB 4KtvXT]m&^l_I9Kd5j JWiE4XfC P5V|PJ DoC<ƝzPwboI#Lx6dEvm7!SOG5j1)k`6!(mUK蹦LT-~al^XOJ:(.; +C˵ͮH.-_)5{ `z~!-R.D'0lC\$rV췙9\#`>:D*㢘U[.)p<ߴw 5%΂J~u3nf+u21 dQb /{ENJeU}Ҭ͔a:$M|XU+2NJe -b:Ru0!Ad%zwNO;9/L,Ua۬J^KYc$ o\"כ&ɼCuo.1nؤ^qtGaeXŐ#]vJy`aa}GבfZ Z""orU~ ο?j3ӼWfଫ-r-Cf?:%8zI`ocUX#=8P D#p`f邐=zv.cN5,KqТ==SĚbۿb@ln >125T&'PN܅RWz@%itϠg2!nh$(c@VsЦ}$)Z|`# A\ٳ=L-a=oHCzI\j<[[UB@#Vb=K3עǞOY$a w6~r(ٚt|ƛP_"tsd*a~w59ELnWie ߿ T_+^F)/|@{6cmi1 W0 K@8&׿ޱ)\pcaeM{7\;2V^fyϨxskr3;G[mc]ɶ;hqPͼT魧By'=TteZ>24$AC,b>´UM64vGcmy?m>,޺v)+t樥1/"0U֠Cً(k^bѳ̫2=6 }*ތ;z23{PtkъsqDMx-TIpv #4g˵/x_r#Ř|i&,j.E $F\\%"~`;Κ i 9I8p%M;']19ƌ7BA{oZ1L`ߺ˂.gǶ Bʏ&a2QJ /"}S\KȜAv{ZhxEVD_4%Ps[L 1Q$R'S6ӳ=U,pXb4bҦl4Fhj6`36MvF\M#*A/[Z#cɫ~e0m{g(x3CQ@,!e?,oC_tr=kL~$=7il'BpF:*BD\Sj"dP^UKVP0_zuLS;XR;}jR;nOV_YO+ Vn<݃uRƋ0Q} R$ЭK ŒmYM>DSoט XJ&r H&3st SCT\Ji|osb UhUAy(k\?Λ[κ ]@>Fo)%Jb>ŀu8us?9x#5Hlpu`{Jy (d#Ehr3N\Ǝ$Z?֪8 UcLDWH\fsh9qC.D#?[ BVcmo w66^+Tǯ&+)V#]h5ݬKhʁW Rg:U9\ɩ>=r%0, aX\™Xu!Ư[snH3tf%U<d7L УIoV1C):\${r`Q7EM i~Epd2Q?%gm+Yմ^8hVLm;H&~!zibh`k z.t[g已'G^;CS1;ɬi@M%["spoeUKþ+:QPw: md4 Yғ!W|W`Y:c.4N6FȖi0K?ڹgm8Zcnߛ"qoW {~ Yͣ3yS! zttO/_nÎ (8 APKiCSg#d]F5Ea̗Q5B0~bנ1uu3sqgX(;!6e!68OU2^;\Qp7a$(4ZJGh!,y0HP`9ey<x|ZO*U c&dS%sw`~{XsqQPPgIN; rM iSX9 s|7yzT,bbr{óūd37Q/0TnmPD73F@vCO8AS8| D*?K=Z/6#0H !2}_[l 3 @]$t+ Lŕ8y>gs5}ګ4;bK)tK>KHj0:lnpR4\qjV9h[s !>.bzbJXIv̦UXA[TPŸGNc`+M/z;Ω:ތNȸnא"Mّ&E Fq9mUez@Ew]MMiEdPw(6`{x&xE[Q1O3VX<ܔ4)9Y[y& 㬶5k !{4M~uk. Aj^94:Qzm nG ~@ BCQ,'RNSo0d8G/1{U=ZGpa꺣g ~J25ɡf7o.QNHQ07>K i7h4//x2 +8: J&G6Z"6 'p\e@aDy(2E8X _GXX򁕙.{iYQ< $a<*xCQ`%%!o(|b¾y/e+Ҿ ?mϢsbH]Wc"%fPysAˍz2O֓| 4\4H>bGXT,?-:Mp}.5<3iW_+ULE>28Ɯ+[5@ts>vƙͯq 4 -=|?%`oS"JU{F>\ 2 dP̀31w={X-Z-D7µR}{ 뛵/<)ь;>h~/ة ۩U_tsK97לuLߗM$z2er w9F*k:ڼ-:,B(TaiФ=A)zl0 P@J4wz'CVHP7?^DRhd"~M BnuqMoȈy j^C4 .rc}TijoYh":(#h  ұl/B[2Yi{X{kO u-a)ZKd2,4yK?_n:{3֬Nz2qFgH]%BI\=2-֢A?-ll ٖفh?'YW1j{d9eU&SirBήBO>?]HNZbX^{vڙe=I] w<31@jWoWG}9ہh9{*UX|'Tx* @n[WΗ<`3p k]1y  hz#'ck4n \Ca fwOsC< W}I߳1g19Mۢ|Ȕ=6W]@Ӯdm,fry+V:3M$`}`.ӠbYAsnd\EF;0Hb-Xtt#Vw:/*Ix"C*Y0m\xڭJy+wB/kX{/aL䊦&T=YkqXM̦zu鬼Q=;w$0s%ಟSISgXRKDA!bԥImIv330T @8\)X!`(ݮ'GtlN ~yҼ02>tV[T|ˏ!Ѕ R-BꐍuLo&ۏ `CZn4 }5*cbhFf2+?! {", OH֢W&" eբ% ꋪ-ɕ AN E X)S(rm-3 p %nRIQ1i1E}E»lC%dK>VLCy̐I ,vzxWY)`kd1نd6(DT~}!Y`xb⌳';h#EN0mnMU,ʌb: \jNF3">nժr˴`=tļS%oUGӲn.]W$3^ zrhzĸnX!i1@=7)9H"T`=c6?C7MHG!c8v)%`~,/ Yau? _ܛD`,n{5hTn=(5"-郎ǘCIsXр>6 FZB%v;)P-.9ҫ_%o]OWZ'C) zr?9$;!u{a_w,ب"+ GU~/ኮPXQ. BB7oqV 4[:lM"%5fQlt=c'nr0aXz`1rUfsﲹkI|T1S~v ~n<[Z+π/ϳbD:Jz0!ʶ[4-]~4E7tBx1~mQ*sQn$R;m@q?nҎ+NזC;u@0Xk7U.1m7 h' cSHuQSoBP۹q(PL~mƩ tnQeo±3/bbdyblDceJ\aP6hJE܆Z_7{䌭m1}D r|{H`; <ϣT@ ŸJɶv?\Wc 3h BJ/~4.o)v$K^-6u đU? E7DPR`X^6~3iygz !\/TW_`At޴D(e$mf7^b\FsI P.TÞRGuCPHޛBs:暝f'} i"՞\\յ.c2FȎM XWY^Qh ˽Mۺxr) vTtFa6/eբwr\c x\E8v7D>&tV+=<S`m)n־&]ZRG`=xrYtKD-PZ<zy&޳v3dYpy>XAW{y'e$Aaf8\Yi%+GT|`;v 'ȉ {T]gVq@Fن9&k+i{@sLh$RS*S+"^[r??!u: sh6fy -$t2==vK~#Idx'drkqq &d" &WŲ)-{Do)HOB^74XbAݥ9+nϥԸxM6G(ѮsqQerBX#?`!DE$hKz%I/S1&)zS;C*f- An ,#++23R=V_?7l'zon/&5hXv(ElI$&xG a}#EwyidI߰nv=P$S&LKnYBڈ7^y?@6JůG7`/-Ɂ燌v j P'Y8"uv\]'}%&^Kf +kz 1@ *O$S3?@Fƞ~cn\&##]Ye} 3fSk^ Y<[璣bPӭ ߮Be< Z yZYtI"moA5L?P<6-2ι8Fl)icuA]+1x ҉W| rUkrsUEW]tL G w_聴r?'*ܢ c S=sk sS/W}$\?zHh]!K=wnr|~ QM&ӎ"Pড4t<;6W20S0TRYqVtYzz ' aĠ< [DO@b74w]~nf>87_j5nqPQqA-$dP^9I|YtJ[[K2O7Hv79JؠNްLi΀ VH%iΜaFCwyQLܚu{#±qo3Z ?AL׳띖G,]ZTOEU#F)>Hkڲ +Է}}<فOEE6 ؛50Jx€r mջ+)̐-l^Rw.DFD pyzlLkfHhz'Z->  Bs|S-`e+X S+ J%+.yQ0ԧ1 -7U kD檂~ > m8om}wPO?wc&NG8/&Z\ z^ e_Nۣ2EO[ӱfS Wd4lI0v:e ]N>SZst";!3&Er;}j&).0}Mrڒ(ROGE+򝶕"&qu i_ V{JM jSڂE+#%I, ˝,.^0Q.hzϐЁ ރ6YLL;}9x~up.ua?'9wHgU028 pK@ECj˼d^ivN4;ɗG*݈lLk|Ի9|gV /_uZ|<!o U11dy{GqPC{yO9kS+RԼgf^0Ah?%cC'<8"_ѓ%Oݱ`XgW Jd[t;7679T?lg1B@]'lD΅X&;N-9wUOf,d )Nl #Hfzt7?Dq1){~,Ze? {C-1~'t8_lrp{9exܡ ޸c 5췧Hl1cTYvBa Db')MWy魖NZ@1ˌMhأs~^1( ѓ͌6iYElfJ ի -{q%4ʣ69K!Uf`MGs궃p Vpc&H< ;$v]ժ.<gG\76~R=Jjc^N5waWD. {1Boc"+Q.`q1S`y~cC-/GÕHyŒ SgPǧg(n-|0uŋ=Y" uIhf)|ۅ 1Χ'lM8?+= ם 3 ;ւc6 Zq7۰7qQw+Sύ *XSiCs'!RJ1xL#I) r@/S$ hӞ|>S+Ԙ́fY@#VQ DȏHSȁQæ!ll8 \͖ZaS+ )xğip9u/и&Vx_rt,YnqMjr/ ˈ〶 }\{U| W8:Qx(LjЁJ$rY~d't+&U h;#WH:sQKppDo7@9 s35LۼT&r/wz'X_&8\}ŭ.rگκVSuBָݘ 6E40:,X5a `hW=:5/Y@0\S&X|'XW,Mb&m.x-L/hhܦx>@nZ[P㨱c !+0N@?*& 0?Kae _xT5xKXQ^ !yroDo}% mma~ k㙜 >_X !q$/ ϧw/V̴ ?Lxb **x pY?VvvxǖKI]gU:<ؕWi!ʺV-dBl9p/J<&wUA+Aը]xO@6Fd^V\٢Tos,h)7'_,`7] VҺ76Uxe 0d؛ +Fb2unUwU; $ Tw3 =aP<kyO;{G2W/4z ""p$O5QhqpŸLy<G,Rxw*wPC u:熎}y߮ GYe*HFrFIu~yi)PL_(tH`nGWDh *^X®Ҽ~? Mƪw9K8 j86=mwfShxU_k;;h=w.$S|*dl3ʌ=se-XIϘ2>hf <*9niZ2 -pY?β('UFPǖLM/VOuq[AŶ[,̻.e * @g{jugv&C+5TR6ꇪhf^.GpO䳝 3-j7Bqdmcu |S[t"t2!J$q/dz>b`~nCE4L>kOe_ƒ5>|';@>!|CȖ I=Mbu16LkR&-L U!i(q'0ħntʈ9p2wOS|ܿ$$i9Q!p,9?v"3d QBu[kx _]zKC^4|kyYnt4 ?m@1UEg8mR.G7<ʶr3%4o!ՈTSie)Nx&HJ%ƨ"ueNaXyj˗5 3P5lc8t$ kO=VB$<\%lPldh=@Z P{xE"73-%q|ƝR@~6*La6$Bk !RBffVui >řbG/roRy+uACeH[f߻LqE,8R!sq,_ =X+B^ґ(7 }8d,`L>ed >h.< 2(S2cKڵ'G,dkvE!$-ft4RiHdotqnQooe4, y%?łk.>bU>t6%=gg_Ѹz|4eo +5:Q,f%+b-c~ TrMMz,̵,\#ͥ"Nf,dPdz@U,N@C/Jt aϖ"13g6լ #X}O2&Qۂ04Ur[g2'q4S%o) 3:^=Fs\U-пi0k㏮tJy)z(O*r mY"nV^E-I~&`,[1u4jOL6K`U5{G ǘDGmS=A/IQx;ƾK'%T81@$BF0]E'kF7e .e18:̍r &qOlvwWl ck^yZD<( CUIvt;V Z-_ 31XmT <XELh(?j+8UNMzOF wvRU[ ukG[G>ɫg@DWuE m! `RPDM삑ү}7_rU^wDgTOr9@]Uy'K̸)tTҼb!xʒme$DZP#q'9vBʵSؘoRL^#_WR7頥vʷQ>5ҤNyDP3UVTd1@Dy8#.C& JP kAs%RPоI՜[$H.8Us0)vgl?JoZu'y-/ 6hUKVϒ9b;%#B>!+͗LHI/( (T(9v{/GC]I %-fotAh>zM$5RKOTf&3\1 y8 {2Y԰Ӡ&gpASke3qT9;<0)_O*MgȠ=:{3/2D ;oOAEtd@a2ċK:*,91 iq 4q6ȴ n/m #"s\k3%(+[XA=Mg%v.B"B µQ\eҀXbT(4C=$XcFu"L_g/ZSGC JNh |)HʛWpfUˎW*)e Wž'mZ;N4~{s7S==I}߀ׁ;Ug $5bL> X ;Θ9}̻aML~*_B" ;\>7U!Ua(<3&Z OWY2ރʨfc 3Upg}%> 8?QԆ砜Fi"Uu?n`~ȗP~I=^di%Pe1Di/M7rea~A>W<O!A*NpdܵWk盯y<T#j!q;}S)q^IXs!˄(Mθ7D,T 6|7=W! 3tM6s"gS@>y5'SŨ6}|J?\q'/Y\ٲa15j*AL24e;7VXs+ލ;VK䧤Hs Re,'nQx4; 2g5 ?[RQL2B=cF `2݅,yi{bb V4f6In(ޡ_F b\9c/7QagCj#Rq pwu5#yl]kSQ*67׵wkQg^f  P:D%}kwڹDݏYdIW;穛}vivFJmi&z6PuSAr-A=dwxNlH!G+hdsM SO% GzI} 9_ ]3Z2P9*k-gCBMGzgIS3$ReUe##.W[Ԣ RKHC.(-wd3;g9PNX$H  BVtxDzJps!%:61lh HM/Ų/csݗ&`HG$Yd {@k '<3U*}ʰq8F4{R5=kۙ`3 VJNߠJkxRTFӿ]zni? ɇ$!JP|r!ĩBPf ^("!Srb҈ۼZqJ㵥Ԍ zȤJږ'IsFFCW>3$EȫoL`j>zٞo'H?D*ԋ@'T՞Z)QtK"deM2(4<}^̍E{t^`\)qUN񆫽 ˾8[ultff)77 ۴f-*Tad5eXKi Y {w7q:8>df5DD+aj=(jY'n*֏3$'׏CrETӺǗ)ک%¦|΍1Z*<EZ0ʞ0Oܱ~t0.h틚FrT[⍖.t@,خ /1^.Ì|rݝ+]ыx= wgSr37S> +)=ncR Dj$)ш%Rk[eqDDlhDѬQ6/AbqzQ 1= ߾H9]HF "!wo_;Toi1:dܶd @J{F~."~!5>( VpYش1PÜW}.K5=6).'FC~Q]\*g$yϞE* HWf"|㱮&>YP,/۵>lTgP{F 7MhDlح-E/Gsأv2@OǴU~\OIP@ZOT_ <5 ՟+ ?* ;dkfϗ!Q@\^WHZ^C#*2Jp> ;Nb G IN=k$2X;''ˎ([5Gۧz{C ʖ\-!%juXDJeaW:SʦFԷh|dNDqlm_qZlSHFfaKyfWxw#40lE齮@ BB ,vH. J,|uي}3NɀHLr%OuVά)ӣkZTcc+ZC @Rʎi^yѕmip[RuюE.]8Wgn˭̷Wޤҽ1i'r=jDL'Me;;V[r27ډ|!rQUmĽ;Yjɠ~BI`9^,koXxђs2Wa 3Kq-ovBYБk}i<7#[w{)Bl%8eT7PCBi8*@\[O[h40H2KOW=fO Cܚ7)}`27u L^9 ])ċACý7'A/#]bM>u۸m1i@A[?NbO`&W>> J!IbD]jNUs^njj 6f HZ- B\fVnLRr2zV`Kf}Lsȝp/e 3@%iuDI*B% hFd맯pD)*]bX.Yƽ674hOa2' NJg2% uxߣSh5Y(e\1U>7Kkg |ycMq9TouQ'OG#xVyyF0 Aڅ( >U>s!悁[!=.T'ae ef?jחɢ֙=O)hC6%4#59$iQ\eֳVsW%(>HA%Ctü!0L\:y}I# ک+ǪA$.ַ{bfVOlOڗs ZHgQ~ |MBS`Ay*D6!.'yis2CĐbuǭo\ړm&S;^6K|/3~lSz}||vL>Q&.-GF`0`Oo΅izT!Cf|rSlƚb[b{alR٥3S=jIB]b 4Ua!fM+_Up\Ք%]'sqA?}XfGɚ# `Y~'Ddbmw%8ƽf!>y"nz=#Gn_H,'g; XI~8؝:tS7k, >ৡu+!9NIkO?l8=E!ˑ ">ZN1M}&L}tHf[>FpQ<xpzHTFwrퟴ9>G}.M8') `4Z wk=@\ꍝ6] 0Q "p%rH%pߧ-t|>w%')E!2Փ{ޑŵXY|2ϻ!= [4p$l%pTe6bP0VipVYK)L{_pi /F\nZnlAd^?V'Xe?nSjRQfU,(O &-|ɀIH10kM5GX5?¹kƶQ|=p*ܻN!x4C_ )kZ0xm"_>~ 5(Ft\{I%}V`lJ``ʆS|b<2WŖuBϹZ>8:w h;jSM]y?#@`ZxPd6_bǂ8eܘx2 Ȟ~ޅ1m]B'{[,eiAϘ>)17:ܶmO{z/4׋Ul|Xo\vab;*a5FΕKuVםI`4~tѸߢ;G.#T_\MQ9s"MדR;-xsDܤfǣ +!8M!15PcФLRtpgk=[-׀γ2-$RYlO}MԌ/(h]=9f) ; {}qSp (usNdSڄ(-0j+bRnևTji vsӳm 5L4EH/*1ʡ '4].c%Sk.0ఊ;V *091 ."F`rqr8JL2yx-!nvظDw6)i$~H3ǗG'm*Tb;υFcd i:\rno2_y<.k`Co/HD2^6!P9p~.@S&X>n^ѝ{ōƆBޱi+kvP:۲m:n>J bxgy"n!R4^1~X{6tγle=N)mbV Qܟ w%"CoU83De&lp@^='M[r/4 !@pNM],dǻD˴#?M3NyL#0蝞W?W:QZ{#7ɂS~_Ga5,A#],̊% j._2úчU^LcCB4]k-qTlnv'H k^ p-Qq+70`b>@&7Jrw.`$: k4exД/#LT0i,\\kUW͇X9uT;ŠpqWO}T$֜w.hB`Uf]aƨ0R 7 uKhX4`M=8'`Qk2,[;AG*cALfROJ%W(̵NP(ZFχ;,m Aג65rcy'b>X-yJмJPR0\$' x7 6 ?>]qjnjQ*~9QڻH蘽X>'|qi \-ɚ:Sc*ysU4b2,; 9xD=mW Γ0JXm Å=qf,'5&HEA_Qm;{sJvL%V NfҋF. 2@&J`;n!!- LKV,i9/߈9t5~&O`źDO_#fyZ&^'ƕT-Xzd.?%pA[3Y11S[ 9 (N ۠N'܍X%HF/GxHި xqDe+[kVUGC.[dwBV])Lу-+= O`gUxNrRPo -]b ǦUj@" f}^mhkk`og؞ *_޵U-L"i #`JrNW4Ha%j.kNgɪ6_UXC<~e%L\rG}Ȑr_GT˽IѰ^˗CAA;ԧ6$' y,G5G"IR,#Qo/Qwa#hYj@]D n(SOQ9U1Q[{ P,0%tkF)m*@7Q˟_5>*ȶ m?'sv,VKTт"+ kDŽjYcF;:GUpDMԡȹ{s73z@Cw VjNN2eG-" =C/F}D|p2.n+`Z!5;UW%@}R+x| fxˇnEZx?cy= i.x፜1M@%ZVLbdM6(xmύ?g1nV#Egnԙa* M)mH)Du_7?븝?e1s#@5fZڪyX@|D 's.t%nVX݄'K@7A/ NqF-_)6E=]AbNYdH)FzENGui74 h%FE>DgTHŖg#`}8;x 0'l|BFڒIbsh+IWΕq> !HeVnl˧>5?m|).# [*FqDızUI&F\<&"`MVAoK(%C*VH&gk0 S隮1ց:Tgb]wN-6߲DMM):-@{\:~JU;OAU;%sȬE3"fXo ңFT!>um$@dec{|sܧ:w SDKYr@Z2.q2Luħ$)Uthy:2c$/pcIξt ɇ6KSc9LZCXѾCp 5,*9XBTD#52?ꍊA\?GLH(F `^Ť/k62_W2[bn3hcKɭA̿?6O<*Y|"jHkr@U:AG;0&h@gvH^6$MאdE`=w6| !K3)0<&hHzOu>$e{Uh(u/>ՙ;畂-]rPCrZ5A'qi*'XU_ "mE+3P@ӬՑAjA|oױ 0yY6ť#xQ4<|nZNIt&T?k@L`(sN 0D,O=k;w[[~߽{c6RW6 rI&xy_;pPwiF[`:B!Uh$ V^ح iq7#0mz?ذCrﰠ;2ZQs읰!,E_-K%ߝ3jOO!4aږ*ۃ[�^RO-T1oH/߯2uoE %2k,G}Uˍfh{0Dτv`JP_2"0o}[;/hf/rȴE{eC/x p].fMA~HMhK%efTdȜ[]>mPȬ Eo3-V1`Fk%ZON0.wEm :!᭞'4S-N͡WvQyCt~@A%Pei|s jul e}[z@WM;AРϘ("UwAǣgD\ I[GsNc ru{/Go2u^H^'2_ m;0Bβ۶] ^YCdjqI#Nŧ+eHroFՑPrύ۹*5wivX==@?)ELN{nIZ&41>Fp2_r|c5ERZ~E4G(z`!. Jq_2'~R!*=G@ZPev22I"|; ;jeЗ緶tgL ݿ͈+ϼN0|OCFI+H(F%G_s'Xp-DxS=X'ˊԘDQ&%hVFy]W$Bm4FGW%wp  ٛZ%m\ ,+3z!6 C#ΙPe-+.ZP!8U@ty7hzsG?tv9Mz]}3gPKhQ7wSvhܬЩěVE˶Ua)*ZA^С؟n*6WrwNvgǦ@ C !YNėIӳ#xb䖆!׷/oÉY6GɣU`q})#HD6{ [\J9D?GP"I_}v7#hR#FD&fKg )P҂|SG`HQȆ)P{܂r/IISF)5j0Y*fV6T'22_pn^/ЦЋXg Pvy=E_" {u^!U?c-`j 9qQR ЬNjZkҧڃF̢mɽ>AV\~Rȏ:CARX:Qy@nBI@ Afb؛r;t[+FB,SZ x.ԝ ',w ~޶zĜBA@Qbm|L# urVy5_-X)uy]ʡ&RYt2I ބ]M7[ qUA6St` ]|N;v޿`Cn=umJNR&wmTCR e*3 :w+tnIlJ=:U#E87Ft~>4UeW;i! f c}'sz?v8"y7Hij$iAXnc^it unp7R!0^`e>!>\l79#I0N3m,ss?}JQWY:A;5.h,z6BnuSs [@9yJApml$<xI):dV8}[CW\hvj"!R ;x 6G~j8_q,}a;{Tqa`dbJ7r^lXt=bz=<Tf%*p:Wتe9L<i+am#8(%n&QI7۠V,E%?h'tn/U0p l:@}P2559Ї|]17XK^D!hX!w򿪛Rj4W wtbMK& Ą[B`Dche]Y8w$2]74->}-~t22 dj\݂ޣl)H|0Z$S1mb˚@c۸YPD(L# q #CG:)0'9Co$.+^G'rȘ}3 z>7IŚDҰo: &aMJ{;MW@1=TTgX. }ZnU**'s >VEqvLGEߥ<xʥBƀ" ȶo)^* (90kj @OЉ|I6 =&o1[:칷4SSqw{lf8{qfa[{N2M{_!V&>I7CϦG2wd \ꯝG3Xy}1 j|nrl7ύvۖ^> rW"B>h=d_/ږbgpǮ719{8X c~, *Ƣ\܂׸O>^ɼ sl_3x7^_ ^vs$BfelhOoSFѨ:@⒠N◞ՅD˛8@R%UsLk玫w ҢaLab 5~{U yY,~.eGq0m:`gJˋՃ b5rȰ3j-fB7n%. A^i3"-ewZrLC бKc y\,ETP:YWd$hє^yG*I0؋լ'u4 1!\gyy-z%)CZľ5-#Tde6o1wDoi*ie[ĩmA[B].s(\GN$%y]vIFb[ jN´2Vx;Pb`Ree2 Cd"a/.\ @0IXYJVਸ਼|i/ ;N>kie[^G-89Bdu2$geC_4ƙK~0 VmCQlբXݍֻچҮz' )n|]n iz$-|縛7Xe6w}ݏb+ZdgRwf(RΌz`hD j)KPt +fW&Q &rbhc96OL u*x3KcdC3Ѯ7 `S;\X zY*wN&?cy&m uy߿RXMQ%xcĺnM.&Cb<үkHP&"u}~.A%s#j^7OցMt!毶'Jf-#O!<߮zM5w] 8MW kC0ZgP$mx> V՜k4?y(Ejo>Ɂ<]IySjE.gɿv ICXU|BLԅ-s8D|δ8G SC3-^5BBFMV2O,}cwJik5&;;{$ݞ%TpIx#">E5TzSV5=%1a>}L۝ F+Q1ephPq0~2$e+CkE3`\PC߶O^6Ep6{?-;jcjsk:nj"=q) 9Md٘7g!ߖwȽ+q.%l^L{[$  CCr#`4BҼ:8T:R S? WyW΄3buGE#h1(0qjGMZď"L)ߓ0hd yFp| ck} 8Nè[}]{8^6y)٣̝3XeYOF$'[(YR{eQZ ?i2~QXkPv c&PH]rri虒KS[^ŖTq詯kÄKGD; uXRJ&2iaVWB![ꞗg1t@ '2uRPjaI9ETnإPݐ\ 8¼Ѷo[Z,|QVaZimq" u}uu{&eNzE#&﹧uum#7ԔW,n涱v4;}2+VBHeDcRcjtNd*aX4t4ủaNm*&q!^$'y]̯mįKoF= r[śU4`zC =s1/n $~>%bJSoO ENhBZrH#̣XP0qSE;SEw)<,f>O@q 'pr1`Z\]MgIcD~T¾iseMžb*g2ζjJ\&L҄].J8]B15|D>ǺT#7eNcS-Ƿ>Fxs&{rM~;>GF`HD?ϷM(TK"Ac(` SAn6L@<`- Yy0I57Tj.>5iE4#'[z }ڑ(q4b6yܖ@'Lm':רMٰ`vKg5!wFx4{0O %k$Hl0-f0նԋs*'s8ht!T:ZI40'vGЗ"Ȋ:W À腏u%^p m]9\mz%.Ь 9V.&%GcVVäG"^b. pf(JhJBiݝ},X|l?ۖ2#u89=Z=ĀFĿ6H(L\ >|Ui,oNED.pR]f+(HMmM $wxqq-Gt SWU^m*9>*ZW>(@xoTõYw0~YҬ.,f6)UBi?4=0o&5=M$ʾhRJH"Š"Ozde >) x5uتY\' 5#+HMaܧb;NvkbS1A7Gi{΢~eZA-E܇v')ILb=M#6- R1jĴ,ۯlyFKK_ 43oW uIɐ7P̤-M:/SSH}$Vca7gְ?t ru-zb)K*rXι9R&Ѻm"8UlHHɨ|"%pmiVkeΖ&Iwvr71.+4F)98 \~26H+cDBycuLm@x AP>9]g}YYN4?Kߖ6̱IKglUQ^d"Eխ3٫ݱ{Ou/?۶ujxP[_sݕhoJ1MMt+ v<5Iw'ÒxKCUhFwI6sn jD6]p?GcuKvsV(\?b: @/?J )'["nL6X&IsA\$qJqt}sc@"2k62rqu^8fR>*{xwb=abdr Ӓ*CzYyQtD3N9PQ6%-ܒTxWaTxrZ.Kj!WJ5kCvYۢ('۝ =o˔~r< !:O Pݦ ?K ILe*ye%VJ!7!MҘEm'rTlpcpYIW* 6a@=s}/W=Mdc9]4^)h ^}z9;UtQIJD2Z{W~so1>OwSO ͅ4n,h\+w<-aG #E՛10meK?yS=!6mƘcF9I e\vRyV;z,=0(X"cQ`e> nRbj/q+}qݫT*Jt{"( k $Ɛ #P.}þ C sD}yzALGa0y Gޘ (8{=`|,9K! G~9v$y>c75E D Fn/Q_&lG6gDvvf,xiMe"ƾ)cّ&ZpK8ofB stƢ6.qnT;TP`!zJXrR꟣ /;tl.Ԋ/L= IKZl~:"ϴ;fB%H~`Wiqf#'+#hOrͫC9FSob396=lǮ6O/OZot5ła9vlEE^y05Ԑ'~x!qǭ`M_1FXDVYޭ.oUcr%6dFѝ Aԉnma NYf'ɄٓiNԆeL6Q;1({'TEn ޘ(3ܨ2 bbŢUȒgҾU#z،^6n}D,q8q7iKGMUk\1wV3% )Si^dnXvVR[*t"@3ު! f$>.ťS&?<#-{eu48Y)FU ;"ZHqN `Z~pɁWC\~x!Qp.뒸+1zH#' Qx4KkHCNS0LVAbf /.y<2j88:.tEҶ)q.NM]va(@hCE}#ޝp p\g/VWĮє%ARQDYMUFKN]}A5XlCQ&>icԥ*ı2SYX-鳿ʴSj W㷠+`0SG^oBߑudC@طynqrbeP2kՀb +c `&653Т(E|{+303|T a=C78 . pr60LJ ,4nqtZA+Qm8K^Aзt;P"a#VIv]=xOTg }#@'_. g%JK9ِy[۹լ"u%*VXm( u|uՆcaƵGYZ}ķQ0"cP 3Y{@JF%ѩD5}y MV/_BPo`T}hanLDɑ3RaGoP .;TN$tLaE? /8ET>?=R>bz-rTe[tlGUaOd@8s% 8L6jAY4~D ]m(3j#W}m:(4^!{0e[-oeES4S"@ٞ@-q\nI `+>ƍӻRQn:q}aR:RUOwk;SS3.CBC#6)zG}f/]ߋ&onNVcusȶ8oTl%J]Xqf#rRevRAd=\X]B) $O?'@M,%qYzdFSY ֚%;w#zh]OׄAX=V[{fT MKtKZ"hvAˊ7 FmaqM(#M6=|Ҹ_Ժ!~9+},OC+=F77m=eYN8D-D$/e 7Zq՚a¬!(6jGS)/yI~a+hh%\<} :+#2̀M 2wWZ.wSڸsӒ,e"KlEcO=A`nv.7 |0^us3SLvG|!vZE$_PšƏͼzyZ:7= X.yMRR/_ߺ;FW $i8*%n? Jv)@aq+YkH"'j#Z}m6II;EC8au2YUjΈh*X -㡇|+uIy,$2QpڗfX\ejc='=%eJ˱@ɷfݹЄW1dXaJu)]bg`* -NI@L$v!DG6lzBE i=R mEO5%EJޘH*QUXhR+0F|w)svP1p=Q6/ Xol @vҿ% r&홭[1H@\R'K !U}Mu\T.lۺ} PcQ%y~c=U 1\!߻i^`_Ջ?r؟h'Z_ `!>MSYlȆTf0<[A(o.ۥLqw LQ{6 ϢjCӶZPq6øi7n'f2׬P/=(]Nϛj{3,ƽQDw??;jJ(f3nBoA~PmM-rFt)@OZ^ s7(D= |Ҟ0(AϽDI D)D bi l/χ2 և  ;U/ê3j9h| S+^d*q.;w7mփ?Q"IO_`RrX08;rEwm|$W;׏}#{\z֋@4m''vCɆpDռ7z@Ev[J95c.a61 ZlI$(]VYn(JYвU gJK4jٓ <ꍅV3pRٿ?|&zb3dZV<4ֺT/] rX3pjx^VBk -C֤6p?4}gm:Oo@yR J}XR.He41΄*V&/=hר<'StEYlp_B[m4ӝ85$29/%szA?dy\ zPa5Jnffh^t&c5 Kː/oM) qڟ&ѹ\!<PlhCa4@M ( E-9Rv}bL<kTC}En;x.@0F y54.xy &qq 2_}֋zpu'^f;q棫Uܯ亽b`ɈV邶8K<#b<|t($%MiUEǁ$c-̋[NFÀAO䟒W#t q(#&8HۃTqUxXXAEÜXO~`]ut–ȝ9őfHG(xZ'Zzk݃"@)8<t(WyHZlyrϕ\Y * S1q8`"`^ ]Ǐd"L1C*Xtdg>bxn(w蓣47aqlw`L`tv,`Oٚ\k"jdkvVWTUf!4 qˈ:)WgM6=]Mˆ?8PDSzN4' x9ci^8v/5:cP>S6NJKDF̂Uh<$ ,,a(JPyf 2?;Ul9eFVThkưǀ W|Q H>-ߧYpkˡd=jIei9d1kvYTadF8î`[L6k=wmMD+ODfrtpzm[3G A) MhqoZ_`:NԚ3C8Dછ{WYٔwwpSGR! ^һbZſ\$[ 7mKp}PL1A3]{߫ ]E`ZH YmH\qP 2/.A4.2m/Pe[jةn dHo9.wWiLG=d%߂rŵ:#x:wCaI4io+JPnIjaP8[OFa9CZN8%K 9?[˰7|e@\qcQ ­|ʢM]`!ߙg$ vP7`CXM*( dA7B,R9We#Pk \|~ x62F]aErulxVI }үcJ8vph + L^^6,rFմ3`%6BU%"j\^Ly%7UH-P2Wߕ{e2 ^b5bZ%"[y4 u_!OTjJ_\z7MٲnnW6"x'_gx陒3g]?$^0կoQ3/V*k[:9;IRq5F.3M2; `e?RyF:\9[ژN뎳u\AvEv4:jWݨH;q}]2Ne(7 $BFZ`dWd>QX?Ya84+ccv'L> E90 'ΣMZ[ZKOmgw?uX/&Qx_NP˧7CH}o)'yTgѠIrmh1OޙB`!DrCHYZVY6 Ԯ!|yT;> QX]8 sZ;,[Ii.ePNpjyƐ hcKBSHX (%"b.͢%NR$ok`.Y,З]0aeyg}_$2P<$\`f,=A*JR}evNUۺc P}_Ķ8MY時 i09[z){ _+C`('5e'eIDGv*#xۡ3Ag?$ +'Y15!d ꑹ2a4"Ae9F4:ᯨvc/j20R7sPa:Ďh uG` a6` +(*a&a$; IqR pp%^=ҢK`O(ݵWކޜ{,6S5a֓05$q0Z) ?qjs kh8Hze+ zJz)d6]Eh^12'KYsZ2F N&y|8 F4@O'(C0 BHJu-Al"$_݈OA 6 Z3*ETP(D!ˬ@,uD,%}'[qC:$>$C`pvꞳzF yD}8m4ISrCR&/  \Ն*!tcSOQlNw y pM mk#91d( ' 1xDZ#PlDqw&9X*{k7SVy9ɨg]&\{V$XO\>~MkhAfR ;^ \f)>B0x{!a"kZ%o4$p뛸܆W@+$dKD&AD@%h5JA{Q wCF+$N$ s.5UU1nΦO"'0)L$W_ TVb䋠!{Si]~]z=#3+ٸT2'9r L;bCEoz_4n^5}!W^C deSoƳm1sMȓX aZe0o=Qm 8vVD/[S墸CuLܜx">:oo/x4890w̕ȗ/r_ee]sK(Яq}{⭸糜^G- f gFCMʹaPrR0a8pwGM<BD.?*nͫ*ó__Y7(ɽAP~ɴ?_X:zQ:|<%)e)okuGAͱ=6&; ZbF _ >ؽi>)$u4rO]ƞf}m<7+KUힴw葹Bh~$U6Ϙw&4DßS!w)B[PJ^ϒ/#q'l{.Yǡ īԪIJ.o5&Pk;Wz fj~ذoi%Y5k暊MNC%O?{1iĄ>gb.z 4WY(̑l* ?Uo# {ƅl2a+(g{X Wj]؛*k* u~ O N&_ ۅؚidM{b#4j9b+WM (%˲À 7WDFVCY~U #&VF7{S2?&aT{(}99ȣy',K9m}Pb{`w 1 0T'E>bE]v! 65-6xymER3e&ҷ/;[Igyu#x聟o] @43.,V3H)Var#LQ;;LgIûV;Иm}-x:uC"j 99x#N+a)f,Yrl}C1lvaO3(CAְo-d@;%kLHqI+aR/ %ZqEva5rGlO(Ȟ: GUm\bZl4 WJ@mM4UW^Oޔ9'A)nڼh&FxwYj薭;tvL+/a[kU$w#)Dgv8ʏƤke8&ȓ!=?Vy4'қ-O32r\Juo[Za rSDT;V^ZhU.6t*Fn`_U6H~>:_- cA#T}G'Apx[`uw II3$ur9PgYpϥjUʬJNWYhzĠhxTJplp~h'^۱8۹ff+( [{='G][B۬mPmaa(V`+{+/Ao5qmTOGds)V Ȥ牫*L on6A-;UߏihoC긘0bxλ{E `l/gPM,u{XbQUK9X< 3?E'^{R/аL2 #)PX=m_c?3[]I ~ Tae'HQ60OH̻o˃Ȇf3~W[ɢH,$۩?;/4 +WgČj5 2"X1_nOV=b*`Kib&벇mlWc8E`cP_.;cl3rAל۵Dмmnil ˲DAM,2x#yBüabko _b+[FGgMl"Q8o o+\\ͤ<\"j[%+ݘ j=LlkE8aP䛵5< D公>f!AP,lcM0 E0j>[z3g2-i"5J6 Gٓ#4E.7UOun:N ;N;caz4J O]΅3(L8jZG+) z?MDQx*q<|v [ݷ)2%xrߓql,F"+/MJɐab*SwƟu$ґ%@{ FF'k_c2^JQF-QSc-++2Z҇Q$sSv}J~q^ni% O_ѷPJsȔ[4r'YTsIP<,]p ۸-%%ٚPkQT)#RFjoҾg%UQ@IevPuCJচṷ=!R E B8rJ"r)Uj7Z>JҵA{&yh' :. X:6׳VyVPcYUdZb4iV;|3-.'JnoA. 6B 3I˴ە8ICu5oL.ddnx߆"lp_lIȰPMB{,$=󆩻guJIϡ\rCϓxS~b(ЩA*+tu{衢B_J6}z}hXQ#FkWn$E,șQNƨ 4uC%x]]co Գ'>UaTG6|ea h$+t;dE#F3uO5)`F[&}If6ж(Kz}~ ~9UrP eH52UNX(L^$zCߨ !R5&f|>|z&JH ɓ~{DջlE@ SϲCu'Mi9 "p ҡ)IK(PhMA-sdɎkB4dǍ,kOd(Ohlm#QrRtaqqC2ͺ"^!ܛ$>{ ӾjarF3P$lb<%ː|0YiH\6JRЧyAIw&V{b7@n;H BۅAo +y#mitr 9-՚W3`G`+Ր'@ٻ*қramf#JLti{gGzj`\'X"fjIS*J@zP a`}ĉʄ1rv&kUꎪdr+gͰZ5s9NE?P6AP&*|j(d d,-I\OeYB>f%L*(]a895OWt % *?o+E>_MT2` X&@`\QOΜ`_+nF/n2L"һ >= @("y[UXW`F*Uh|r'c.ZrZק ~SqԺSVQKdDxG=ڲnhc3+EM Nq… F=L SI;ϫO>>)QuA~Z op:'Nma f\19WQ =VnQ:<=1…=!F"68 bBZ4y;XsUJ^Z&<͞~_$oY/R:`,|YQ_i~b6n8)_.|g-sַdRR1͞ș#u8SaB&< <-.bű@./ 9eCrLG 24Yc{ J%&Qn@yE@~pWM*?2REz4NV$gR' ;S#ޫOWrmKRU(}&5\ihsڙ`` 8&bbX $w5u d uLdlj%'ȧ殳 ;\%6C(p5Wy 3 "7N ?U}Ǐ{kgw=}a]( FM`σ ;JOt)%b`jXEՠ8zvlkiS>16K|YrƧFfb5վVP&"2,=j(əDt翜*'z΋/H:J` cǮq&krW [@<;֒XgNKÙ_a1 W8ۥ}q{*\I@t8j0޲#)N?U  %vvӰ]؁5l[^Z8?^eu#9$ی磹pXaG]c_YG5Z|rBڎ8u -0Ki9kā-Lx}P,{SZiq{T_ÙFfYY7STNj>Ћ NfDol,c"Op|ʝ3kGpfl#QuTb+*6OR Z!8}=Ip\vv0S'M§8qs+Adӷĉ!y|nT FCyc;DKДo{۽ǔ8Z ^{0;%&m/)@;3~hШ!vj1ry͸pi.ܬB8Ґ2Q @ܾ֟ #׶4:[KK50v=ZE1ֿn-ؚDjX1K|ynʱFɏ,1Z gnL@^@zA , , bRRFqÖO6=_p 4Sվ㑉d9 RB2MA &8xNRL4cC,CyʝL ;VˊgmqtΦlh[FIqkԻʍ1Oj#4ň~TQeaj0y j ?@ܻD)t[v[n:?gqܹ,i()G_mcYPzMZW%Zuqݱ,XYCKm7c-fK;7 GJ&quTP-Fͮz0y@ jM]Ib+ui7#8y.v#ZgȋC\]? #N4n"=1C-Fu '1:,ݔ\$lmy7&o:m47=A]z Mqmݓ.{ּw!%ӋFu5+_/( <|񨲕8j%ާz 5^SE~PkԠ;$5}(y»Kr5=1= S0AGXH+̿TdmռRnt귭+Iq.+'C^{"O/o$bzBhr 8ulMTí7Y6*ʣybIK1[C<+=?q|"Lbhp$6~Ё'ήt4U ՍMOҫK?}f:|mBrX;HY%RG/4]ý<S]w0'` (8_jWNF۟ނ38OOWn p]A;"鯹tҮ6 l?55lǏU(,}!ȡ#21C$VcU %ajŢLjh^{T6}!6wxHC4 Omiq|_KE::>?Y LHY ]|;jFt1-cW. Y|co^Ry@}vUx2vę^bhn]4hMLJH2"x]UrJFf2K-0|ˏ%AJpծͿpn"cȰJSMogrJ!;4VNu\[Z5?> ËzgPkvB袃pX&ETw] Gh-f`Mb:tFDwb h$Ӡ<"29.xuctt2Өs _V{{kwt.$LNyP|`p ^dz(@g"n(W$~l>߿,( ARj-V=$%iQ 1D #,I{M]`iT|]wnqޠ<XQ:) t%ϲ@c}d}SՠF]5 @7/5Jy#Zz | -Wg-,NbiefEKVr BlA '4?|':ƋMnp%$ Qk9d`1UC(Rry}n㘀_DN/ O^ er*mkR fts&sxHSPT˼9fS" ;5HۀE92Ili$(js ҡËsq PErVIwjڭRUz ,5 ș9Cl0oehkg:4Jrʥ| %0W5᳇6"l60ݰnS[AgWk-yJ F=6dR@?N/fd>u;gDQ}HU3T4NNWICV2zq}^9y\g FLf^payzfNhMvVL%z-k9{:7o2i޶:UWͺWȸ1pMs\=eM[?^U"w}¬ hu7|ŔnWB桘xA?Ou[ʫ6'W\9X4oPt- 7!i*eey'"KIff\Y1$RB㎇ 3oe:6ř_[2ٞ 7'DQj 6Q}pe]+C˽WYBOWVY4=zQ}ӮF@S. ˁ{=&_X.=|y ƧX,&*sOvKfKL|8he_4`xL\.l9W䄠~ P}>}*r-.lWhSݲzKo*+s!Wmyo+k.YNi<$H~!\,8OXP|p3.#/л0DƏߖYwa\ r} @rc?n+X]r1ѿ6"[&3ۅ%Hhc=wT#UQbA(wTNxmh+u$"C|+صռ 贮`n/CflP̋8t Õ.pWwF7Yq> \7݃J76@6EϬ9B:1hy^{h5@n8n`!= p^}O'EtY5×1{`/M}X8cjAOht}\ %\+ϣE@wX[q/ߏ^SW/E K ~=93e%,%Fo(Hp*L16ӭC!>)>cx5JKB`w復9Z4࡭J_a`5nԎ Zk/ri[1dz( vK!q*VOpb5Y}2uRULIipc m9B^M~ڋgY}gmbbY#^f{վ!7YmL;x8&0 #&_N9  ɔmrtJѓCQ&QAInm:Z@t$vFA.oQ^/Q^#>MR^dڦ(60vm{͈{#ͲL}wKؿh?sL֦n{6XYI"?I.+j=}SEd¾(/2 X5J$區DUVԕ" Aǀ$ĸvgdGFۋÁJؾILv *iMh~/5nXx}$U\p3YtڟqVc_iʑIU?ȅZ< )kawM+f0 1h<R>UcxX`,b} 81_' ;Zܣ+M/t]`' Y}11.AuIa`j2O,y[5.wwWV<`3tz_o) ˔sx$" Du &rk Y3mft%~e6kNhiT4Rml8ngLξ+.1lkԕ톃6gt]^_0G[fryp~qsN"^yY׀3yGmKYQzѦ=1m,];t5vS]~;W9>We5GoRa=VS m{[7][}Vǎ/"Kr$!_a54P$䵉EUӋixlBQS6/"a$lï.bfe͜,|WW;W"ReR ׊D;$I)yU!:^M[AXʫ3$Ι2|\Z$_@A* 2 *xL "~tWHd!EU'T@a9@$&x`ٲW`T@tX$$;~ڏ~smp PE#$c$E\MLx_7/Mk=Iu"ӯVqHBy9/:m4w%Oy?_9 2RY] +9st6x@Ɉ6=jPv "19!4eὐc_S9TFLl? Nz-}WS[ w>zȕטVƁ\m2?Q}5.AH¨IJ [P[ACk, ̀l2[WgKv-~{mhR1:ǟ>m|k! =bIʷ.&XIhW_Ul},oE) IƴFDFqS#"_5tpgULC^炣.aR'!x1:zdud@+!|?}_ijߪ5oA=wbO9l=~sRwJj'Cv^[u5ɠa݁?#} x+ϣm:2y.^q5y|]1;D.ne :=!{u*8Gr nK+#Q4r?e nV 1CTRd_ !|pk)UvKtwf#'ƫ9شsjDӦg ]4OT%ݓUҹAmyR8v˗*,vQ\iOw|}@m'BR4gAN pe ,+D*_ ۨب B*#JDHKHbڣV-l4RT yyQ5*x9)Cxu"УJ#%NQB`(ChAJJvēTMTCx@"YԎF9e`Ƥ$!(,`AJ@M m`þƊHj.Ȇ'p+0 8k}![.BBR(h8E/B$ +`@& Z4bP"J5a,(wXwN5RjZ-~&>gZ̐IZ?Dh`k,Q.U *QG7ofc?xJP:z"8RjlO5arR1"d dBK2LA=9L2jrstY^E/ٰ!!!/d!y&ɱ]nS\(*YIBN~4%\wYmFBI"D}%6ќ *H0-lD+:|rh-mR544PXt?taPņ|hvJ)?kl'yut=JE Raʐ:U]yC39^HL6dޗ.v*ڧ .Г(t9l3FeA9eUSp @VCVsv9xx F` RmὟ8\}ۄ!%*!V<ٓ !(;i^PPdrT6$5(ޥ( &m%PZT@4+ByYLi@ 4TV(W+rV-A% 9oH:% bh\#k ӣq8ݪ`M&4kbŴhح&,di4KgǺ$^z$QlI!w"lk$<-9X@:a(&tIw]MZRmI@]38Oח&[ p`ŐrBʄB($6 DQh̪!TP W$RM_YXdJ䑪9JNE)EDM:VxȆ.MoLF9-Y#$ )؇hZCxدӅMY,V*-zmr嫜2|k[ޅ^w[趹2X2Cm$c.QF;{af[,^w3"C 7@QÖFF1:.IKJܠĨ-+BTUI wuh3Hp44EKj+<;!ckCLS`,@+ B!f8DC̑4JTtʍsUU&B%ZHcpĶ4rpš"%H2$ s<7 3 =K[B4*zsɲ)B'0Z%ӕ E [i!7Y g!FkH`pqa;A2] p+9Xθ^5 $n8 %|B"4JTWC\om[d=8E' BPY6T)GX@P< @|o j57<5E1Ta:'Qf<7`x?NUGT(8LGDR fq?4Ϻ~.] tsa"r7Q2L)WEJ*I$ι'obW߫a2Z+ugٹÙR$<QzB( [;AZHm2Uk33q~e7?k{j͒ u%6UYE[Z;!öpih^2d"׫߼ZM3jPTkZGM8z0x| +S8KvTyLeu@.3j)JhQfIG ML!0ȉmfha*yCؐU}KvxԴ*?>VbDt,J fڪj U 7WG _W=o 6Ah.AlC0mAw8)Hi wu͚ \22n2jHF,m&tQv{d2@]j޺/ ' vK0tU$VeՔJ݄R3 Ah گÌpǘ1 <XIo-0cke=W7!͘w?T}/T>rm{cv(5>9yWk5?ʽ ¨tc4DaP۝i:WMB*$߽vʊJ=W({<{G' T{_'} uxu~i nf>OL~ZЧ#X/>Js]m|/heWͱ#/yIJoGs2uaߌ1dn+-πb7}tb~4@8:lBp7p#Ta}zBUIv[Xz#xaX%o肶K@2Wd~E8(*ۄی~ dq C *jH@" > 3&@}zN{Mgd~ک/?uʹw?7#na5tQ?͇v% ܟY_ z[=axf@0f@)m3!@X(H ;ڍWd+b1Ь߻c{ۋcJb;^MTtx8oh9norFGs/⇞6Ԏ[|yMIbiݩiTel૗űE\a?txp#LVW7mx8֣r/tH?Rr~徭z`rUn/u;Lk3^9~'}qO[)fQ=T &hw[2‡~*Ȩ/SR\O$C"|B'6T(JU>wZM$`ҭ*B~k!_iw}i߬c]Nk_o#a~]ct[mSHzyO7>mPSg?r!A?v}oѶoq}6Pġ@#_0ʎa? Fi2!,|=@6jđ"@ۡpNcHp:O_Nfg0(=j?GN˳֛SU/Nދ?.&r[<_O3·6;[wLo2.!<؞n9j:F]5Y`7l!;({* J"~l^_ҏ,q5@.9_=x{ްOޥ3oNV¿~.Lmj*\G[ox}?mn*yzW<_2t:A_͸lYc=G-`^F 2 D0 %P I/ąRo/Cr)E.|Q|U<9ծ@'$/b2(5[y>VɞcU/~o}?u{xin vae;\^~ޢ45\=ϥZË ZkVsM`l`Ɛm`*zT}/|ԕ@OIR*o߈L8(| '<C""2""2!""6rY LbtT,_ҌԠX 1=\pmxl޹n5nqtVFX ?-n S.' ]]ZZy>͖皳;0x=XOj˗pZzhK{Ix&۱#Fv 9gܻ"m$˼U3Te\rtA˼Bmr[B7_YU?iG:皃g]ۢܲ MdUn)dW[vuB^W1Х \um\]S ;ED65rXg5Z8!{Bq*c<$NPe0 E#&FcmB2B,A! ~bo2$H=I<2PcJBh^ϫs4/ў>?b1vWrS~'C0DX n|>?s{]EeR޲װpK=m'eMx~mw31]}~7]y&ʩ ޾-Ew5I.~P9m_Kt=xvrCYMJ ڙT{Ms}泽.̖8]'ZG_7{ít~?|zq1sO%l?WWZۮ@CO[tبIn}vݪ{Ѫ1L0>-ҝ`K@D*!TdU zk{Q>QU=T(P4 yXPօ9AS䀩d*j?W9`PLz5X K0ԫ~8e-|H=~@3ߴcXP@geq~8t"*>};k"? @@+%?˰Pdg~OX䅫Lgsgd>,'AcWz2v[/Jnk=몮t=n=7Kߟ}k"S =\(/.733_ /T93Gv> :9~$lBD)$ _DN@d7~<"X}"hҨO+~/ D:& d`9@p`p B!&3#S9_q`]w\`0[Or<nRSEIKC_"d/by$T?]^B_H+D~@3j\{}S'8"vKo{1~}8L&xL%$w"M#=\ ?{Zf|!Un77TuoOGLqպ%^vH D`CRC-1d*|oͻ/ʌ*Xq|*&.f* (~ٰ%wMYVJr%WlJ S[CS h+TvM#r]R `Vo-MQNdzw̐dOȳN@`;V?3PU1 L,UK܅Y,](߉HwlI2(1Ndm,`R h  o[GPn&z2 J`Й#6vB)H!ũtD9'3$15D:5_b*]%()1/ĩ6 dENՖJWE ĭGl$T Y /FFs[d#r$ʼn5Se]p\d]>L7z*TJ^;?AEEHmѭʮU>;;2MTv)xY;1A[B TT̞֜n`J< 捇l㼒*P}Q.9хY%-Q0^V䤧zj(w-cyL g DTA ӡJY9tvTH61+r?;u "޳"+*x>r43ó=~0ǐ<8Rx+^1yfYrGY2c$Q?%XFiT=|Al1"!.Mn )\a%YxMР?30۠.?sDm|Ib<ƿrB.zBpI+쓦<0!7/'Qh,%foGԜ^ QF'N 01yLԫ?N+I UD@42E2;GeSIӯ|#33!2Aę&ziD$\*oP{7_.fj/;>O t;i9 2"Zf=|_7cPȁHV::OJɠ@)'Ս5H?jn5;_Yψ9TC= }+&yG?a!yO-𱗭?ރLv◤4]بevkm>ӧP Sy B%vxH{r{0!@bUN{ M*;K̃%@ɏsبٚgdiA,Q\iG^:U4t誷?nydrxxwC0gNlڎRW a8i "|~EVZ'3sr`5.Xlo&$">%Kߑl3%t!ϸw#ֱ-ÜjIRS{дsQ?"W9!1t4 Z]4ĭ-n<lDW襍dɆQeԳ2XEZD],@xyJDڮÿ2uJv0gɁ_9Qbޢv'LEt9I7y?Qɾae y*Kwl"?AhdN73%=VZKfjdefɸ3"GGNYs,VTj+_'frfgҫfv5bx*<ӿ]UІZ Tͣ7.{ =FW[/#ͭK831_J-[ P+"wN٣f&RSnH(~-:rS9eK ieZ_Ne,Ds<4|ģ63S7x9YmR]GLL0vY]Y;luETw)L "IaĞ9na>՝Gue7"nROS{ftp[e1Dr'^MWʚ?Z-թ]jZΉⶅ Q^i#6u|gHqYkPRB4 9'kNՓ|Q{G 9Cx87sV9 ]W)ƛd3b5V՛w W!x6$ضb2ma Ԁeٴ]JLH0c-uN6dس7sr UEajn$,Ǎ_`bO 4 JAm-&5}g1 V TQ{k܄5i+V-\:`,|:= iiYɮEjR839m{ z:(W+#2ɼZC"Sbw'ҽC_o{3H/j̕[dtٺ7afld$bلJm1ͭn%*:hoHe3Xx f+6fE= |31 rܥwڻeՃ 9d+l=ǘ˟ cױ)|\PJ3 XkT%fWPhHiW0&2:oI w.lOF\'F%6XU2سkc>)$^tݗr\? \FH73}m]-,?iPM劂H(`"}Aԣ&.6[}ZӲwV9Kl tOP`*]>ڪ1eؽ d묰HAjTD3Օ1V/M=GoߟW A$Z[Tڹ^_ٰvܸW8]w5>¯pgwy{N˗wVYU(t ~-S)NQqmМCD$ͷ'k_(ݒnν^^fd#ZOVaZ:vܮBP~9 FKG*EJQ$eʴp\QXجC`dD cf7+6><'\ĈLUhYL&fA DzshA:ybǚ=z+]#lxO= q*"OGÏ_>~fGnOOP[zsuY7$bR]Ucf7t͑qA Ͷ b~IQr0d<3sE!6`O8s4_G1\f;'փ@} ()("{CŰ>TwEO3lۙe]( 8[ixXh2V`X0{ "A Dx#d@GpDH bGͺ/|1w,̓y.^Nsv4*B/pT>Vyr;@}~m2NRB64JJaz 9=8TMyIڐW$d40'?04! P©D>{hUT9aN X,sV(_\%c4@xJ0  uQ@9<ee@y` ~ݑ_A&OCP$ k6 _wK\F3kK lc7n"vبQ +r0kSwpYj:I2`N&oRCf8hm1I:)ݠF>5ww[Q>`8r(UkPU'1˘Nj  HE0{Oӵ ^uP%ʧȝLm#pɻ*F#ko YI{l*a[JwUYIE{ue$SuQ {Cmvidsy0RLr:ޗ;ަieuR|kNSAe] |u?߶ƒKXvoYkM=UK4T^R%%&X::8lv.?^G|d~9ԝM>1fx zBogug⟓0+άJd@"3(ߙmDbffiR5z|;+X=9xôf@40 z ԵR J\\W*=vLϒiFB!f 9.50QO2 R_u= *nN.P*E>%u96Q m-9GWs4D1 HK w !zYcCc]V'9s+:V?5*:q+aڑ=W4B1z]7iѥ7P8)<;IH++zyi6wr^r7@@I( vϖoݏKy{3 @i,84AG \Cu1o _KM2I~#CݛAaxznE5j%$lCpږ  ,Uߩ`&<8kvy/,D@4#_D4p m  1рҴ .W8ԬLKh6BCJTLg.)tN_NHp PY;FCֿxWھEoEB,U@e$w]eEguqgзkI=3% =L#{'Og]sn"k7z=a ѲжUq+89 ng 8nOh)рoz>@2 ~N{܈O $S>s.ГI;*vJ^ܫ~FHuo=&5 hdFa9σZjb)AX-*` ͑F R`/`7hnfSg0e/>soףZꭙ%TsG55l1K aGU 1u{#WĕV"eɍ2FJfIa1XРkV6f25ح-J1gXN YT< tW_VS-NdYPKx(V̥|&ٜMa,^(5b:W9UKbQ6:D(9o `K_XPJNc|A(kjCGEdќ(Z z{{V\׌CF㣀$4v-P#4maniT5v&f־fa8"N瑍0bV,JlE2輆LUt`RՑeEdX$R$4;'1LP`8J!z뢓#75u67JlQBK 0A+[!X(PE -TZ^ao{,7FSa]L(XIb'աd"1V'j 7 U2]2FKrv+ ?}kz'իgNR:߭ZFqJ6!h kA\vx)"ۍ.ZJ$4(!%PE%].fyZ?wI-sT(nNkVU Aa]+ˏލA٦+ooJ&d!RMFKi7e u4$d☎oAH*!ttJ.v802N%jTTr{=>ӻQ}bZi{PlѣS6$v3g2gkRMnj$(L*`Œ!'W.Wq|e IH;|OUGx&#b$s}%[MpjΰTkД_naɦD% 1or u_]xvq/!Rx ̆ >j|3eGA4#0vwQolJm>$,_3PL wLVW:g]o2e=(: &f7cU͕s@]ӗyrQEiaT 1ary D<* 6)*P_Q:'{YC}D34;¹ZW$\ˣ7!W bѢfOahQTY&$];.AZta A4FStabVQ 3kĤr]%^+dZJp*aDKWqP!ՖYGēo=EX/tR@P:*:pL-=mQjga5FSj3OT):Cg:@Pf# s9oۨ!5*t5~̟TS>\OE\z v5;:^>ŌUMenQ)52~FvbhלS]-:TͶCY :6a01 70}9[Ga $Ʈ٦ˋJX|clӵ_ui= 3oZgWӛ8Eۤ0vmVx=%[G>zۆ#h>0ujuo:I -"Z3Y);7gmZbȄIV@`PV@V SÎ/:)-iUfdx#Uu]Ґ@9MOt:#3~̊~b $" B\P Ǚby4Rzc cI}_l Wښyh|B9{(iRH_=AUwᢣg=J*B<+ց%C|i>]~OD1)UMk LJ!GB}e_%XO-{SVYh+:*Yr7J}iDq0wtb TP1H~FN_os,q@)ݿUv>@!=o|?wVkܣȡ=KEKcTx9E*U4Vz+>u`qٝ+@i@6C!Mz_ea8ul&,ݽvi*():rh Kqe6vyn ; n¡!p`yR,tV*͞aӪX8,14)KL%PY6r]*d㫻>|>z%ny:HEx%Y=՜3J`DJEO}!U8~ Ǭ%/>}7x0aVZAIqYM>F[%/4W6yq;V.6VSY҆SX3Yzd,G=# 4 ;ޛ@z30\ބTOjN,%\+Kw3kvk@vˢڒ()l/ ߴܰ x0/ղ4@E߀}( jx*ʐ:*ni@T.C103^HQd6CYSDj D*az4tj(hZ?xάI k(ݲZ'I !1?_Un?6l1XbK*D[(xvZlg\ZHuU/o,B T~V$m-Ϥ ઘ?#ZRF?}~?W/k#gn'0ijCjIs46+8TG&`řA$yW D@;wxx}sF?<#OTOC>fQ^Lyivv>Xpp;@">FnUw-t!ĠX0 >}Dd_8$eݩ(GWr.'07cU궫Y,t,_?/n1JC~iWJh@,0 rǵ? ]mwy.n6ϷPF$cz!%]وBy/ x#{=F\W W-~o(23_PX eWkcd|'O3# ,v!U򂪥Z~Jd5P5vVBXʆ62  . 0dz{IrJAJZjZ0-LŌLɍgR3mzi#pˀXݖ %KGͪ! t5zU75a(˕ԃrq[1&r\$^F$Wt4E4 UM@b 5WЙrnѹBuizj/LFFr(לЖVvUcY!\ۗwMQii5#Ah귬 +M4Tq+IY j5)tzlܞ+ěI.NWWji Uec$D8-T`(iL6}M*!J#QɹUMD8Eئ%rJVf]Тj茒 ZKhU]笼] EZ5j%mq b&K|սf.ӓKECpF܌7":#[j-U%GSc720/TJ:5hZ6֜rjI##&nRҢmi c󕤬4u}6.sOe)4ƨčvV7rL[hIvFy]ČܫmI$mk!Ò~,TTBsX\h4]a*6jd/;^˞.d [;rF-uv mT$aj@v]2CxeDm#iD-+y(sq\ b53 S)5ZilAMWlM$ iҮKU ė "((\7$MʖI#liZ(+X]ܗF5%< ˁi#ͳb"(бw9%.4n@-Pv Id+W+i mL-ocF4tj[R5|Y35y"f)(ҢR*JE nV[Ƥ+'c5w G ELͮl9v##pAi\"TcPhj5f5(4r"҆Ƭ[71ZV6 Fд%ĭ\:4sˮ."]ze=ZL4G+mAܨZ m8h MB%sw#[q3ɥͩA ﯀s͟˻8;6JWZL @5‚INJX=^ )!aDNs_P`Rߛ |JU*޸ raR*!ŽQq6||[}lA~'֖eB]F [ir۪1*ߢK4LJ5z%ԕGQ㻮A_vyOCH[.UI8ZTe8ҷ#Dj\m ]ѩ(4eݱ Y.ISTjBT7b2R-A8bUrS0`â AR.9% hJ+4ET K2J-ԬjZ#DNmss.-++5ш5:TC]pH.EХFBǭ4p_>op'0ϥ"AGCaz(-y Wj5g^rmFLph@:d67p-@"uu&fDƪ1I*&\ i4[K2]Oeɕ_euP,*.P  J 7L~MO:TӶˀܡ$[z|mWg#zwW[ki[$wwv.nnTXn4;5$HsD Pqm!xs5IJQ1Lm-m]\ BB3WkYd)*?%KJ9 kD1~shrcXQć>P %W+o |Q B4WhEn2Jn4:i M15$V h$ԙ HNt 6زD.fK uK#/zY+4i-*\"7*@t\-+FH+ULD K;;l:rl"OaiOJI}>e Ÿ#krs<2B@wʒz6BHCrrX迷w}E')VrrUeB˾WRx,x0l+T90F;5y=zm,j%['эPh=sf&',&͊!{JetzW>qAz WɽJܭ14^n'WC>g}dP!;iEg4p$',/toώB~pp@Aܨ4[`5ijle$~ҏxyvaXyu0ӐN;& V-CU ymGY|r"N?0DDHE?6Ĩ?w"Rs f>{o }&t1px13 ުT2Fe""MPAЇJc]v|A}#_)}m{8ԐBy H{Es|'/d퇳9wz?~KQx1=i=se>mv:N): "3P9.%L7,d݄W|G6ASCuBLz/"d!K@&B&Kfb>sZ>=}`!ҟC,:~ـTݘ6D xðbW>8G%S|V?WOI6XKoMqy׿SO@ H FРE#|?͑~}4#؃9ޞ>.w'؄T?:OWg?:3O La秵szgZh#3g~=ⳇď7U'4K<G՞QQ68(<*?˟_ oߺ8l` vtrw6y.bTܜ(w׆\[:OY"al@tZ:L(%>ǻ?k ؛\[z1Rn-49Z$<瀄q[3COUFgЏ aTKIy䋇G̘h%$e3UVścX]K4OAeLWZi;. `ks=_u_pR"kFF+qȡo ㍳/!J(lg'9O~E?Ql͎=z[˟,y.r y+nyhBŪ?3ZIʪ̪Q3=N>Y?np5$ؓg[k%-PAiAW |k_6 i5!z̏1Nf!n,a]Xv\*ݠ ?ɨ05NWFfĵw5u AFe|@n?gbZ} /yc+Mʻ~|k A@HB"+>d_lv+l(}V))q vY$v[?Þ=Q:9C~e* \{^k:.yl;qhTUm%&Pr˷YMKec|cV~J; /}c2aUq.$҃,/ K>H|? ϱ2qMWE^;Avs\FZe )kxn#߯:و`ȫ;|FzfOeQFۆŢ3vj+ 4fD /}:r=Afgq[ibGthqjaYSN'WXnTT0ɅS^h5jd ,Qƞ:^ Ji~z?AYH*ji~C|UZsNbON5x=Ylb_~ϣ΃%K_B kfodzYx*XE 9T 6?g]s%":qRC* TP꘠b$0XݴLLe oHU×K]M p wXh%,ͽ(B|rgB|K3za5;-NM*';̩RU1lU h*C+U~D?K>A>~ގsaAb \TN)#ڣ^O  ͻO$>sV쨵SӮSI S8{ Y.R[e-^> YodLF)d3D)ڶVA*]%PxXT kƉ*jz('*zi[Pjɵb[p|.E֮nW QVŋvD/3 >(-'65VRU+Dz9ޫ;Ri9Dǚۯjk|I:܎'t\#x:_H~U=PANw|ޏU >:iFOAZ$o|nHdEiUG%$y{v3XwfN,$ <%UTU C0gm].5[|K%q'2بp#lXi-VgKZYIJ"{jջ^kو&f*Vwp r!璃hЖg%KItH>400H^Ik RJiP5 *7i9T{G[eQGjKrbptZ^g-cA8"@$-y>@; ڧ*GoRiY9w^JOkȽgqg![Z{׍8'WRmF U֭vǖ6{,kO1G5.NJZ d' IѠp矧!ʚmB/Pw-zz}ObXc$_<]#a'/'n’~mLq%+CRmb5䯬 3"pzݛOњ%gb 00A ,JCz2“Ċd>р8ʑڇWѱe(ģt_IM&M#BMdE* CQ;bFB£?it,v,/1bO}u{O?^k6i~p^ PD=K)3#2eYВBb>]7gqc.}_?scJj(g}УsK(,0,QpWw͝BZN Tgg=<܋ IeLpՍaQ 0`fHPgq*nZNf6GT{FE&$jjgt8[J*fD 3} Bb-lHV}/s?̈m^/9otnTvGNVa-&MVбs2(Q\ s. Ǹ ІYC; uoDQoϞkfj̣7lTfcd] ׋A%1:lEoYvKڜSt4Q H tl"G׹iߔ1,6" yYwh]CӮ)S&tcID0F2|}l f hKQXl稷pw薝Zʴ`$uTjH>祿oѹ͚w+TV}~ʢfl B =pXʨ1CjYO;nw%Kzpl&vk-MICݟG꜃WOݔȅZ8R֪Jn陋7Ѵ XRJPڎI%%mfݞ$FsCD6]EٓHUJqic VEk+?}&t+7Hm2UA石@4ZBbg8ͮR-k[H%r2Lpt x/ tVڈy._Ԏ쀩2o0b U1ɛ330d&QZ]" "!YiJ9iU!sY; <-J!w]Q* |];Td rx{J4~$nJ@Mv^_8U&eP=zp/P(Nz00ՖQEIo/Z-2\By??yN( 'HExUX6%J`DUPTł2-BFKX>BcsŴk駳JYs_ȭqPmI2$X~YEʨ%HZ/X3JWcajdlU 64TUBT;'7x$^ x^+ʅRc0$ق-oJ9l%6ʒ W!JNUBƢg2z"wp6 l2@jR|-W+ܤΪA<m`ggo[*dPw&'c&Y" C` T{Z9uP<ɜݧG F6:wrxO 9:i4DKA=" J"<#D@*e C"$ |o$m??~xd/zПW|caF(-*w JrA~oa˛I5=&}'A1E\ }M6#,@2 @9 va9_8ᶔ~M0)hu~Z ? w7;I 2?W l!2 fLR/#6 +4<_-d0Wj}ϙlNiI(ABz7/eO1pzm }_t'xIH1#Hٷo/h7AW _epy֮܀=k~C_҆"C GG: I{_s1N\fOjϞ>J 2|,zBufqZ@/p"O!閎QfĽϬbGO)FC Ur5_q; xՍnR-W`@$oYߟ$Ty[h$8oRt=ɪ'p{d <0 ܧKJL.v˱@vhb:yE~[;@IB`@ϰhCH*!CT*$>U2`*%Yik,GXj{}%teoҽB zr9-9 uohd0KtE?3|ҟ2{ l|Okq=W53{'WzVG4A|!_LrTaY2ۗ\%j~zC6YGOwa/+Q4CvўBMr*I^^Y=F` {g:OEt>9~cmGE“H1k#~G!<LOd;_]6Pcj+֠zWeZ}սt4nMVyB&{q(HMJ1콻q'zafByQҜ t3tvemR/!䞟5:,\ /8K)Kv~\:M{~Ǜfד#4J J-(POpσkqT֭Y<2e8q1BԕY6څٞ{ϥMˠN`NMg$ ~b+܇!ˏL@G4~_NCA"z"أ=Gwc5Wi-x3OĪ`cT[]h\4JXҘw cV" ¶"ĈLovZ-fH@/v+|)OBAG&εEK5(Ѧ50 1:Uh@ī^.%Froz!K,ZeIT| 4֍'\ "@NMpcoz ~B /V=e~vKiY\Z@Ij'-(@Q>}[ <\Vit5ZyW kac%lN#-ϧ(`N"2HҊEDjt4ȘX'8UHAnTq~g)P*Q˳m!mr]zdΌxu*\I(J96X,.,!.T6:Y MYZm\h1*')z] S/ fvʨFF 3EEw"{uI#$ %#BѩR_JMnhqqFq8 bA%@w.)܍(Qw1!8y6/TGF"r&400TGqLBAGlc $mTNIrښaQ hu-]v ۚŞu a% ila&TeQ֑k.Veխ I$hĶlLV%Dq \֬Cv EvGB;h(4UM{HKDC4'$ ՓiS@&YbJ4 bb"(#G$Jnq(-/[)L%$.Yh4)Jկ$7aÛCHĵ\X-YƩjc혈)TkP*Hdo.:Ϛ-*)$b4c\1t)ZDb֠KPKTchf|{up|Xtk WnW N rֈ㛾0GIS<]ClhJ@)@GTsZHʮRz.ZXǏs:#`D#|1i[t[Qhm@eK!VXNBXr H6Z)w Ѧq**Vn9Do\88Ц!hkUWKsqyu f^KQi#+mDh-*SVaCLԨmq]m)-iGmߚNg@ 5-a$9\E4p>bxaen˯1彇o{޽x C hIA J4y뀍vmTK"UPJHmL_WYڣY }/#A@\RURT9fZF}[=ǃ<(Q? j!,gI8X_* 3ḙ+igg\jGn}h3 BOd?ꄐW8On',':~/@υ62ȄTao@}i-76)w %mEH}h*gqw#v#7!hpaaԽ~vFa''ž3go>RwZgy@ ƨvvҊ#@0;aXO#>ܷ8HǤ$uއ}3[BG߾O(k }_@?ɰxX Op_Jlk# :06ـ=}  so=&Oǵ8!OOujO3R>u]Ý/4m({?2{Kʆ=wRRvj st7H`.#"22Avj(FQ^>z֒%x|cЈdE jzI^ȶoN"n@3~imh\ A\1Mw`.3WS?FYJV~sbBO'ݵusRX3x>?9'?-!$Oӄ;GV!س*kPPRz_Wmuۺ`g ]u$&G~i"X2THkWpuK{׈UH{^R9X  L $:D__+_w &tB{ŕsI<_1z5PTݫǚh{O[A>F нi_Uh_64/c;_Ʉ 7!>i?dz7/?mGzOyo?/@D>l3) OR{r!czCڟEQkM (ZEFݵXB džԃX*9' 2FhdjĐňA=)f($$5BESv>6]9" EH \9ON 23lFF>v~4YK"tM(2JBH PiM-zmǑ/C+WoX+ib6Rp .vM` XOTYb$A.._hSt:of#S^V7)m3EnU9O޷x8+<oFhhk[@p޶G-[CXQ 7zidye6H.zs*Nd7줏bgW[f7Q }}'-ƷzLeo^J2d7̫<'b D!YE5M _@f`LsN 3#"ZoUq-I=)Fay)=(LA>N嬭~:f_t_\RPTy>|lO]'_T̨cH ,dyfl? .^MX <̚2YeSjc׉odڢK^6ʶf)9- *jɐI$8:Zr7Wl{c4sCΔ!jAU #57T2 LwCD&BD mH m6 RQW寃ON$a\`EKU _bPJAD0" S Bau2r 05N`)xᰦg° G5P1 }t~sEvOeC`VH]U%w_wJOb'aVv7[>N?n$?~ .AZCAzW0's6<_%?*;hyL|8!jric_1yugeWK(>Tbz i'T7O~$&\ x<ߞyzz{/ PoY_fF\<^+рL/cRJM =;due\?s/@Nөp2L":$Q6!UD#.޻I'$>zp PAAm>\^}32R6JNŘ$?m k\IO\HNLRB_k %:[kUA%leKe]= zYAH\٦#X%֣:g~aZV"ŽQq+'Rb3zY:ؾƥ/1^ (}EyS󐜣ϩE>Vfj\lCIЮpUdee;/62ҹ2};".-8=ط+90WtZ '~uUG㎘ߕkIQUCzYfl;q%օ4D/Y 3L?4ti5V}c?U>go\J8kEP: QUKF_2ֲ8T*MK<Ӓʤ32ýrNv~UZ;vnU?@u*m;H.Io`jI },a ZJ`4T+?^Я- 2ޮkP ڲrlUU֬kh6MJk6q;pNս>r;{۾[up/ywTP~9gatv3mϹ]ӝi ^QNZLMGs$C"$nU 9wJ3mi6/n0Wvedَ6D>޼P x-l>ԲuE7"qT>_.>_#ťyDڟ@}~[[+l iQ\@ɿr`@Ś*`X5{:ԧ59oC~]99qσ* Xrc|ṱ`.]gMWsy>O9<6hNRE.s:/~7DR8N\*=6cUݯ(~z ¶Y&aEؗ]Kcee,&)Bwm-V: 9ܣ&l?K^/'Gxɩ+|Q su+*-pAλ]UzZ6:*ikw8C;f珍 ift~fW^ĂT.d@}c*(2C*5 ۭ$kX5vݔj, 9 L_g|T mj֐PS ݛ 7 u?ҕߛWA)Z 1 )}7/Cݕ'EII%z҉%=͐v1hg}?nû<t:HJZI Y!79[ /A;xkRKʓQA@wM‹9)ԏ`jcqN4(&"ŒG::z8iH-gI'NfSCIahBj5#FLEQX睮k]]kJZ(⫖ ^=<*P"OSNM˟[  BI!H2a%@ZUq8O?-tv{ERs}gɐd+^ nsKIL}wx=oώw}g @8qu7&r=q!H8.!IAy#_7ƶ@)K3"vK{igLGl_@ͻԼ+`10ѩM*]_$Pi5So%-0bj5na|{.|P q-D }g:ku * !=_znpՏ'B0o8;aUW}1eL5Ic$IdU\.``Ȁ=RUdtu,QPM˂֙32l`HAX5#JVX$$Ax$d +\(dS35Wjf ~0_dx[,npOBjt Eh։,fL{yRwX}Ov67S`n>0oR{%%0ح]bC5M84dWvGj~ϵ ;uG~Q!fS1NH6UNˍv-Bv`{;Y;?&?N$ =uq.ߢlQ2V$E0# HRT%_.r  Muh}L:M!Cߜ}_QrzԍaaC.HX{ v?'Xv/cѣ0NG/oCR!dQ4mN]ա/Ͼ;˥l >vz6mVC5Aՙr dKK&Fe0#2պDQ֫3ϡPOK$9Ux8bla{~/]Ԙ l= uB* <+{'K<vxYA`90Wh5ҕRN;_5'ΡiC(2ІҢۃceJ,WHv#4𐕙'? M){61΢w4Ej-D/_Y$skKi_srI.3WhVka2&f**z3W&z3 1)gf\I,iU,QVϩ6ECR8-_oW}lv2:rv=Ҩ%`sktkH*[ԚA:!oH})(4g5t:ʖ<p .))={.r.J(g<[zX* lB[ a+(#y71'M=&"2qI2sCW̧gJ;{ѲEӚ ȫ?ҷ*av 4j|~o?F tǣB+pTR]6Ũ ŷ@sK@bC5`$bτ"Og<;j.B z'O0,Ccû| h{.Pںe:ͣN(V 7ε/;Թ gjf!^.@K^zu4p޿V^vWs4:t7OߝC%K2qe)Xx,FR]5z,Qb<{;+972(Vfåޚ0ޙf#Y\O,GESD(޾r,dPΚcoRf"bݭ68WظrS "'%f*>%NmG}vS=u%Z3/흡lO=KAY"j{G#&uM `$(U%-?*  ben) X4Io`nU`fdFg|S,D 'f9+Q6Ʈ"@yVKZ`^ O>KO*4Z~ w3Զ"XEƚyX].ƺI1dңC'k'Nߙı83]`J#3pT/wV8 -^U[.iXHáfe-i+/SYwo,]!\kX@9hdV9C1W3]M@ꂁh̤s9̛&W ]bʰpgՁ,吋@ץܲ L2Nba2qq=6WfZƯͻW9U]SPY^);GmeE6ʒZϻ+3) ~ZmS{&<xTV, ,O>囵:U4AavfAJ4T)wĩLaE`η{<ڑHN"t}>ݵ(4.k.ư]&TwH'p%hԌt3%Pa4AnY9&qEQ0*zBd c~#dLM,ZUG} 궜uC~!SnO4~7Ύ&o~g-{pGwo&geq*A?_ ~>\I QH ;K|>U>GVQ&荎eоjx-MYU1Pԫ3۵Q Ɲ}I5퉮…FZ|= ZL`"C7R$e X޳Vυ%$:Lqhnj wvX*,xֲki bBͬh̍J?gUO܇Wx:{ʼ 6qҪ1Z80:8!Ci{*b s96f'OB4oLl9c'i:NROV훻 Ju4q.g-U$5S^70rYgBtHz0nJI)4SJ,b/m|Q؊ 2yiࣲ kB1=9,FvS=7p2j'tW3ڪVXv\gVɓIV!hן-*PJdR [S4C"[ YiQ+z]XL:؎|_(f6y>7>M4U~ TMQabq3bJdEBVYcrIf74k@s]uO>a?N0-: IFAcZDbģ^фI$02n+ѣN6W|~eL%{x5mϫ4yhjmi4dRVR;BC/P`8qqjVq2Y¡ĸЯUdѬuf]q:7G|{mO[Nw_xz޷u6yUh?%u>FA֫}Xpth5||ؾ$,L>~MȐ!WQ%mڠ%R2\%D$a>zί&D^^?0 mˁ${1=m17nW Iڳ;=c$ɭ {)tBV@2>on-W ~ypkHivGCFD?2'n9BBJ*duO(uG˰ [(BZ&Mc`ЫkZފQFU H@ qD>O)UH䔚xdeV3Lⶒï99o/gԲ:DY6;ScMǂ \8o.!sz6}Wvg`ޏCT0ɑE*sTaG!čYg=o'_el̊j[`#;]2)9߽h12~>kj4(|i_=Yc䋟2!2%Qk+ARdRs]@4Ԩ-ӖeZ>-AUd_',5NLVkՀxfX-FemQQxK U32Kn 꿵}awIDi /qgK9dNġIޙ"MD)RVy|`2o+5Oې EL 4xuvP6߻ "Upx2`̩aF7=#\.=Bׯ4%hUaV,y^, "FI1 ^͒+aԈVDŽD__+zXti;]p:f'òVTA$\{ѺE=oIYݷ[VƚJfmVb=y͞Vr2iR^W=-ZĵXUVW08Uŋ<.s|eI a+iT]DYv =u?l8=b9W~uGJSn}4_b֬7W= iVI<8ˠP8V,sjra1+Ͻƚ] ٢իﲎx\YW<_&FγAЭzǩLCdžuvǽA9@#X2 1hj0%!f>Cf l`{r@IvL~C_WP[p3Y)j}y^0wxa9*2j,l=kcY\qck%+d,!ffTOɗw诚?֜?f'7ZBSC]uO_jǰk#RJAQ%xI7 ssm+O, F^YxVu\s3L%RUaVٳi@JԵ۬O0M՚Z*,ޛ#L\9A'48ckN;Chh.ZuZ<^U\9\̂;a xfKl22#f%8wOÇ$^UfN8仗ˈv3#N5_ ,rm30x2̀-BGf qҾnwv"1w$3]MR"'_dn:evN]&|NU8Ä__*Du,o W[nDdhǖޯN]W9YwoKne^q񼼓{[5fqۼo\vN,ě^mVy&:ͤ7jcp3foN5s\oNcݰ02A`6Ykp&uS7ĭn-p).UBhoְױM$@hSeDtE1EF1Ar*D P$kR퍵(Dвa$D! .mFԔƢȲ5cڍ\2V\lK"(7{/[H {v\a(-H_,ow,ԢBKnlUD%[#W6\HܒnN]hwyFFTeH. ~>[D4dmx $y#N8ɒ['*ni hPwO(=29AW30:%3tL96op u.ɱrHdDʧ1*'+VgBw) v xРWnٵ(Paɠ6Z|enϣvoH$*TSĔ*3C͢o2QZVhKK9h̶B億KыtG'7u^=@MNjb @E$ADAaiQ 73-?:#'uC=mVЦÀ=3<܈239C0R*\@a엣{Tʈ;ߌ>׮"sGpy |-BB2r3m93=^~y<ȎN,HROkX$S$)H.Uy`ZƬ%GȽ@ERm"ȋ0+>؁Q) j>9Sע lQsbGaN9Gg(ғHUH^;'$s̹924eh߹ZVJvokN`S*7,=FK |!B  H$M>Qq1B3f){KfUbY/TDJĂUUHCv|vx ݏWcED[5ԓv*ڹV5KtoOUvs-AeT'.Sn}wտ+ٷ( ^=i6+ ɽtfb~#ʽQK)j32(z90%egfg_M'HYh+*+^ٞr5T`TpdjCa.x87 Sۚꛭ2켄ݲɓZT,qs..y{k%B[w%%E2I.&Z[ֳmM=\`b|7SkX:,i^*N/-rMG.F]n^f:n7|=_%YqJ>zެ?s S\Q%kʞ<;ʒm#_O#a% bVe%55Ytk3Z7qc y5l;Dj`38xL ٨:'9W$n+zyd/{.ഗwm%֜0Kݬx/V5{5R5:"~m}bUhѢ!pՍ,.zaM%n *,x2B9q2՗7Q6z{Ĵ&m2Z Y l/ S"@Й ӑTA@_r]9=q"jc2OmQ*wln&Y1vQ˫Qaq# 0]K?Gwʤd7}=j|+['ZɃu#wC?yh@J Trl`RS<j?(yH#7\]G#a9Q;Z}40oՐ.۪ :4뫁nÜ+4Po!!2Z?YT d/#P,Mِ=X:5)i}OmdYZo;ȷ%όݥR xˑ;ڡC mkAF}2>>{t`J!C!U(T,Gw~Ҷ䴺7|VJ|I8 A S19HW9GqȬ M&vr/·nD>htkUy됐UoqG4LƪĢ\YOj$QQS\ oGE**qY2n.ĤYT@36'Vr/JuJd @o"Iwir>롫m+c1j0\J:*>uL׶ 7x"%9]%%Oj!Ẅ́%C p2'( &6'T46}-WlL})MҡМQ<:D]sO5.fff6Q9STsXzladM$\Md$ N|YdK[J[Z{i{t0x78ࡩ?t}|5\ PW iw}V~""4Ҁ~YS#ѩf!.~/M4{Xa_y.K#~_9^%&{(!ɝ\r;fWb:-1"Id%`] P4Czw̜hiIMi8?!csQjиil[?UT'Ļ  7HӠHh׋R`Blgj^|J Lכ=5NXs&C4Qݭx^s߈?W;%ViN˾~Pդ|"ڰ0%/؊X͖w,=UIT%T! J#(ӿH/tGDZ,#F\z;Kt81܏E{dɞ>(KJXi@ }:W<|T޼HaߡHpU?Ͻ8}'&/ 3}=vB֚R:ōO}Aj*wK'ɂZ]ǣB?Ic', MDVG v=ɊО {6P9Ro a#=^z p(5 y|?4f /sIs֞XI  xG)^Ya]0aNj|}00QO&qTMp_lqR,e2Je8rNY@E!U W!>VZǞJ;Kv͘z? K# k$ ;NaQ^}mklfY; VIk5dSIFOi4y:8 *QUTJ,kZ~iZ(Q"8ү7Dg;xK4ϸFx/вl?fJ֝:Ǝ0>yԪN[:j9dzkhx'f!i{/W#T3s_DmlF?u/cACQ$.odL=]H!3O&kRG6RYEܛt~$6XϼR`М(fHBId6swγS0֡v{Y1eUR hڡȖ%,UQjJ෿k҇~ 8ś[s9$&HGQ>']49ij0@7e] ]ô2!mO)Z N&y+7(if=}APgZش%!Zrq*gqTTXqLY(Ǻ#!$  PP ez9d~sәԜ ^iGCS\E?xǦ"' AUx$PW$4;DIRe?a@-ȩrk_ ,EaK.Cjk3 TR$P&d P @AvIip\kݳ[gct>KM) n>R¼3zfC-?uĺb0bD綨3nlڀu`0SX$xrJ(3\E ],Xsqp7ӿaHq*ʆHE֧V%ID O*0 bY57WtXZTĭ`"P|GiѨ jQ ݛ%Wz;U\/vNǖhݙ1=iVe2ys+D`Y?A]F*;uCd@!'^*pI=A(fdދE*zo q_]~Ro 1J jc\QW'w=VYPMI 3'#JOB`j 句Q^6"^'[ߵ(߽0?%|!92r6\ލ^:O5tɦƵIa]f;1Z]b֭3ɂCi-g&ޯ:gpW )\ъ8&G^ G;%)vFQ;AIV׾ziT{|%zZl>m,P:i e)>mZHNQ9wa@} =+Jcw=E95"[i2W`﵌>q픵\tZu,:MIZ|O^NaULirGhĶ7YZ `fnYԯ>ݾ b<*lUY;z#H$S)6;Q\\$ݬ94^Tխ`d18Zx~1!jtPa7w)LBF7OޝBZE@R6szL3NiTl1)?MKͫ>͸UY"gjWnn T ȐB:$Ai^1D_+Q ywȚ#EFp^b"U̩OR?x5b<ۖM2TVkSWpڍU 햨H_mukG*hyyWUVn[kU(βҫ1&YFїS D]K&Uu(d5u Ɗ뼁tV hq< 4X6Z-4<֗ 뭘KNT$|փL.[urZIQ32ٺZ EZ5(z[l6zve/"Ui0)GUb0Q ,ꦑj2C qW'sf}l -1!UT! ϲw wzhw Efx,;I ($Q1dSÞ0t|?(IESYuhSc'r07? $96SVm]^, A12@ld Jd*f`UR(;BH3j*Tb{ˁk_Ì]찲Y?ɵ}A !NjVFר\WgX`4<^rdd!]l w\^E̍t; |Jo`u?SAҷT4^}/+dA0c> h\RBŇ!s< ?:5, 'ΦPC3Hr4fe[~5~'z(~nMqqsX_K"R!<*4:J~V+T/lx`֨"dLʔIƵ+qq"fE;ܵ4 }[Dx-1J26,!֋XҨDih@0NxT Um. vtvmZfջ6p>=/}v%MtƭD<8:8vHSPp^b%̉qX9=K$ 7kwCxS:c$0D:z᲌AfTwﲴ(?cTwy7 I  &KK-߫O؃/Tre^j #I5,dPlH5\C"W&xmhw6&jrJdzxlv^~pudܛ|^ZqtWMfl*\OYtJ  CA.c[DE]E&oz FG0mA@$ƣdzn덨7eٶoS_r?)^k)ew xZ2{ Be?~{zc[4эHp!WZ sVB<6R]̓0>juL <̛!(BB:@"ga_+f"pw*077DZJm0$I*)-k9 FfHCuFfR+O,:8jjqz:IlCt#1:< 3uΎNmn*"js ź)6<ơ ?k\=8[X"4:K8xK־NT 2H7_ew׃"}%E} ;#sRDF eZ(ծь|6Iϡ?UYf  , ! 3t 2 DP~JԔ➁⡭zV.!AǓQ$Ns,.%x\Rhf?ppf W~w^˸z" ݒYdsTy1/լhqY2 J1 q|7e# D$pgXGߜ g+ PT$@aUҡb6tɔ A6aIII!DˠZ`jD fõ(Ss(/-v+!c\oK"TG U G!(˜U/lWizlCZ.qw.|o7+?ty mg~0V(* "CjghSY6O$X͗v<ʁ6[7MNƶ~w?͕mh([W!J$63FbһwV=@8I[B* QܾmX8h=:3FPUyOj!:&'Tg{wDJ1,G j'9$6QEdIp$ߴibm߿EsY ! \}?T׶f\jGc`')U_?m]{yG:H$ATRX)4`֗R"qꚶ.n6Lᾇ$].ixFo -ƆKUSZh24,R F#CcX``+cSX/Ke}HRUj8&EIJC=ZIL( or+]Xj Qe ՊwhLb0eF7MG%z:i9&(n'hKv}N.CBpQFQ۳ ®RWbƄ﷥j_c?jtդ>Zq.#: ŴRV];9Lni1T(]T`Sډ1-^LBn!|XPB a4/']aDLmZj2h<(,Υ _=׌E9NS M][#>(!NgT)$:; ! [/cV'CAbl\T] Ph0y$g."nUOM RlgF,?bŨX;Ib&`j;X[s[~%ឋbY1<0S]07#t`nEx-XJ ~Y?)5v7;V6&z\SmI\n)(<70-4`v(º^K1-pDT)u qq͞9r c,+ boOyBܹ I V01N"^:r|i)$Dh_3v4􏵖lי"t7, 7FgϬD@: b $DH@;sݩVhf ,7$^dp-8nLW5{DsW V{fV%ӝ\cz@' ]UM<"~YH_˕![Ґ0c*jy wt0eddD (LA3 ѱ'&Q.HuGDpfڷF10BӋL.h-v˚dy>{TBx`MbS=l#_i Cuo?2Ϻ$6Sܧ ho?S2|Q/ח:B,,VםȦp6x㭗-2 &{8ʓJ񱯹'ac&Ks94C+ǩU&B+D6e]q&nDiD"vHѹ?޿-_T&"2wˋeeB<6,ӂ\ZRy+`U5lTQ,X e {*,+Fl2Na$? -#<]093$9R?$S3tin>P@+AQ8iM>7qzu@?Pm oa$ /KS)7'eWHAO950 ^ȬZgR; K+Zn%R4p+ EKlJ /P~&pܡWOl%]6wQ&xYPP׷8}nb}C5s',{?d]f:AyNXDh;qN K$\=+&\f9l(#r5䗂\t֝w?})\-Yqt+/[xSK-DA#=3"'`w.b296CG׋:E _p$. [Yݓ@ɒVcWst)1JuFp8 iĚ@.8ĀQ}/=(PNZznoΘyCQaDCvDp2˹J/9RKWUp.rt;Dy<7kmL~]rFd [u[ s%%_69\ J&Sλ'>1IUfg%@}w옧q7M0a*֤:UM&IA.!Xr# -t<u.>NKe) FMCs[!v-.?s7[u#UFEA7nUb_*qR1{2;{l2b9 |os8_.Ns'+4>0ü/{p0!wiw:JTUH[NŁS0o"͑"\74뢊Ժf ^tp"&Z%G8͔<S D05"OA(rqd)+q +A0ő H =~AQD g~ӧISji4F! &$Gz=~y%+Cpy_DJ ,@Ue~ty,;Im DU*Ъ6w>_/qw}3*,&咆)h([,MfR۪Fg|MP{jZ2(k,¯ vH`PTt9nXQ/19P&FUϐq5|)VQ>i}\ٶnbc9 `REB%6:L Ĕq?˾`QunM3MQ bT0Ο/%~mMfQ"+jc`DaSAApK/+D ԰a+;_Ҳ<+104oEz"򿼹$5ޠ=jͱmNh=qԅ'e_bjݤ=ř]]9|ǧǹj4' ,1vhmr(<ڭ18b |}@SsVВX"1Cm=Qr,,?z>a^`gR}5=11R At<ݪ _oM]C^CP*x~.,(F\ǸdA ;:2~t)b3'2 |2"t_LuAC,H!.˜FfU/ƨيIυ" >CR`y44T-U艹̼uxS[WIZO:4n]DRRm!QݬJ) G'j] v |Jh(k?Ce(oIz-~-BfQC-Čĭ4)4Ҡfh=LZk\m;gu|D*{#ˮt&w^|4|[뙚Zl~n+3WmQ7٬% ݓQ(h&y7~O>473'G.8iWFY,ܭ$@VdlJnV 7(\L/ UtM 1n/z6*6aºP{W"i; ) ( A_}#a_;6;h)ɡI5k{'ǣ .!wlJLrE:.owa3(p~ō;RzV]^a Y@Xę-5p62cjʃ v{ I0!-_g֧vJ]y~7Atx2JW"%MRR =txjfo+yR'nQ> {I$]xpЖ鰟qG&)G|Tt괁Ĝ 4+9=_u^ğ4%^m.qKMJKmuY8~t?RN?rRP%Jz/r| 5+Iޕ*N\,Rs"(dO}[dlшaV^]֚ #! Ѓ]$KӠ4zՑ2vS)z 1PAS&Y(>.&M EI@]&멒*OCuiM*:Hw0[Nd'UǕѷ$#GYEJƓ4u>_S%$TO5T-QȻVZIz:JSt)<^08sZXjO- 4rMعNfur-Zw;a,HJ]bR=Yi]+CsY5sPq[Ɩʵh7_o5~?Uvl ;VB&q{oO~;Gs𚝌3TΖ9H w WU+&ȼv]*Z<#s]9ive }淭M,v}w*! Yj+jnYYJ S:7'Vh 9xhikO9?TeHK;Pci [L(9EJ4g@om͔ ]4Ωn^VğtMrW%0/*[%:kI]V𩯟ȂS3z1֕qI%Q49S9zgN|ɞ\-O.U&v iiE $TB,,Yd GJ`S=|D52^YǦHJ )`EKP&moNY50 B}Z/L i&2{Wm@DNfGaah* WQV9o"'V5o*)g2As M]{vӋ䱖mm0wV+ a5;nWLe*̮;Yk R&敐B7[UL U[:R ȀUXw0^A7кs 3oPDbu襭Rcw^ɭcрgC)9Y1@؃G׼u{0/ {)̵xUUA 2[sV;$Z<= a?0swQBPz]:׌{CU~1'{glmQRXaL؄ɳt 36.'uo6y/N_mDzk{m|MX¹{Qۊa3d\2=ZJv.^aMTU 鉕^lH}6JVE_DVƼE]DZTA*BDKZ+:$Im%/.JTL~JCh rȠ>`,?ZUǫd,0HugU'N[wdܰuy#*A@S.^`T%D1?cEYiZSv{RmN +SL)̔W/iw?mp ̌4C|4+^ۛj; b˥ҖQYNH횜t|w>݋{L;d$M3^楛D0.Y%\ O Jyv"X@ִT e//ڿYD"n*L3lx ۡWѿ_p~, `^lI@)Yd'͔LY Suԍy5KlggG:JK}@^}sH3'Z(ժVf4>H,@n2ˌ?L߳7俁;eaFbܑ_wdj␋OS94ߺ̋.馡GC>hpMXVW?|}Kϑ5Z3y5GG#!kVsm'{;n^vy踚X(^m A'JV|^}lS}ni E/irH>'I7%T{V<ܖ`augrH?ƲNEDc; ʈ-@4}Vq~V!>?{wn04 J=8h ^Dp0S.I_S:4B@>yϾ~2te7q)eD3[n 3!5_o7dDCWzl_> ? 룸pzyj/qW4,EwOX3s'eTB`˟: <1c-2?sVFi]CLdZX @Bv]n]Z v 9S` G؍ }i| 0E½BtP@pxZ!޳]@0&2,5}[h^>ozLĸ81Ɛ٪K~}l"of!~dyԬ.E%i-gg㬷X~Sw["UQ I:cBMftwne# R6)Z ACE1P=ȓryl5f=iuL^F]~狥q]C.S-2יB*ьS"A[(˜H .:Q@nJ5QN0<ݤ"5)pTxi`FGw^ˑ'W<7b?"3]d !'g&FN U==I23 d{RײGf$2Ɩ(+aUwC:g&jtuәb ѵډR hUk|8́ #mB@>Mδ'[}y;n*ʣn8+&cUWCB Y_pM^eMKHTWZ`{+RɩWmsZtŝG駸7ze7"qc(o]-&Tcҿ]+:& M%-h+V`ϣf^ ][g^&HwZ2,Lgtp ~*[j|[,0ֆ:<(BHJbn@-EnJCMEimeF?Z}'/~>/E 8Z}s:GƫEʥ-F7eCI*Bf=ynjllccj(&؄37#Ѕ<"x$55he|B!W[+Ա=/svCwg,ǚN~ ~2hIew,ЌJi'P0~o/ןNt3n-K`fR1ՌJVWVKNI<%}CLN`;7J @ ύ &BϮ0rSٓ%+Ҫ@H6|| băo;糉T3ĤC2wLCD,r.EhbD ɻd +dFh9rP#qHWVJּۜ%)dq]Dsi(W_aOM{sS\?mL{{^5#=Vç;5GHS=(K x⧰cx rg(%Uzj=DH$J"X 7LO<ل1*K$C|06!59km5Rpzzm˦UL;6D1(@Q(&-G[HWSuǒ+oQ/m{\KiMqWI#Y *"؟VtqEdTQU@ZO b]K!lbD Jʙ-)EqLdiSc"(25ZEB4Y pQQNIr{$r!cɻSMIY!CQN$kLr#[ci*+ZҬMQ1#Bդxȷ% QD]\S~-pf)!Jd^B.Kh2ȴMfZZJ֡ifhKnVdԍ CCL SW #r*Q5 kY0bܠ);VqeIlƒ ND`P9>xL]zk809v3T"R#_ CyPRI_|I`D-injEȤ'Ɨmݰ^dĦU/Eؖ+7XNky,"IF'Y$JyJ$[Tճ& 2m^] w5(*IE,9gg!:4MYX=kn-"+@aQ8zDqFU H"^1>| EJ:[7 3& \.pY,Pp%C-^Y WLY Nm?a1/)[w餧ϓRN mVM Kcn};WV͛yc\{tne Pq(uuQ=z@Ó"$AJ4nQn *9G.Ner T:;N?+0\b,۵q\̟a6aT2d%Q(J[==w~N{w,Q@ ~^dҪ>I R!>67z^N=b_`[bU3%l]o]fh8_y!zH2q>K.|g̹ ^-r] b}.8Աs[R˸vv)e&䠰=k~]yJQt'ŨHB*[]\O90`PK'av ̱?o^c}\ocz*啤hթU#Lc0'L3"^_p2 S/ @D?-ZR* [C%~ qpS7y ElYYaIߦe3ȍh3f@J k@ ZT27--t]XӱEьɊ :+d ֛F[9;BP H4Iw{;LJ ^iv*qvӱ.*kԈ$D)H3-m:oc@(g>=f0Dng~O=>TmL'/kxK+jnD3<$˘E4ywGm4=? ]!D<}J#U,O)@e6ӎ2lOglb% [O5tU,zQPBg^ ,Kv1f/ɚ+Q˧x90PT ݋O7ְx.'w5lAccMD<' f<LyX]I̔%i 4Ym&d〝E}.Î~;9MOk29R :c0Aۂp33IcJBCגw=}u1*r]iYסuhz.,߽'8[,oqˏ޻ǒ{>;wbuCAD4"35it0 D`054c.!y/`D:Y P }& {lǑ'ޟg'O#QeT(1t]k;de}0B, [?󞇹瞹Lxs=wz}i{miqpsrsː cQը(HAL=|YߚZDCTyۦ$S:O%z }?F g.GF$94c$p{2[< Ѐ{W#εiI0[Pe9a3X*ISL(Gm6K8H|a1i'((e>1<>wɒvGn¡RH`#HZLu: Oܢx, PP.BRnEpFĕp-A"1b_BlUIܖm/#U~?rϥ99 J;/3X=iE&VRȱ}3sD{{>4HA9M%Cɓ@sJZ6эe.L^P:}|þ"Ph4)WQYAѓ&$fl. Άt0 EXF[ϫ_oCd /R,ԕ4WKޔ SK ҭV]:oW!*n.yyfI`o>ݏ̌vW'lw 06Bp@vͳw79bIH"AQ;$lEnF׶ [DG4/YuC`:9p+F!RkĐU)(`QU.䃛Yb#DLJԨBMp@9s$7quqC: * IBVwֻ79t[UJ/TwIֽfZmJ<Bs5\c}S|EWSҬj v$J!$2$ ggxfuUL\}z6KKTVP6J)K̳hRNĻM%-E(h 0QhFIʹ//V;۱R/&TʟS'\s};{֢89+8H:J?2p)25ee?yZUmϡpS|2T-вZl2䜀SCjR@ܶi1csW1KbD4Y|Yh[AlR4ȣĪtY1ƌB(cFHrc\!R#SVq-GhozbH brZ7PqX^A@ةbQEFWH6ʪ}|rà[SƤ퐈D_~IF%tf.UUJ]J3[TZQmPkMs˒5y(n$p8K PMP d*FH0˵"ƪ( u!#R :r)RB(0ci8\yB%-PJen=Z䷷|[W &DR oBCobNpVf̷r^SO{=k+̤Z=JDKF_2"U|:f˿)TxN]Óc2!ytaͧz㢢72^ٓQW`Щ͇ e)Sr"'vFioK@Qswo)i7&9l% eO ~oӢB4ȧuPOF ';ΦW*UpC | q{9\::ƋjCԵe<1MgGtQ@8w_}(CdbNz+~kY <{m-WWbΎ~u}97Ysk5K+,uJ?_jP8sw-ģ߳٥̝'?PO! Q*٠Uvn5XaR!|d :@Nm7ӗٴ3tL}QM) hsST7]r"rm܍La?mk}7o (NNQPPB.y|^߬\důPMEϗ~?V7zyyF}y[RxuQuWjFo]iVdO^RT"iگho<^|ϵ MfP&8G4T| %( +KQ;1bplN9?M#H.6! E*۸V.ܲjX,% δZ42hN eYJ35EW *KJ?By.X*7fYժR0`1 ?SǟڍGc#{͊=rNWNed|j$:$iӮAell2:Uxvp1;A.3Q|PݜWK0t՜t^/_~=`/e"|$dUE"ȶ%Q5Hy>=ŕeɠA I>ˍ ́_6fde?z}/  쿞N0GSkvo!Ul߄v͐dg `e龻eCs> PuCM7XZv955f'wx^;֡o-}>4ܬ|>F8UTRfuP@~6챶GZ<܊LpܗFo][Wz!= S n>1Kj0wXw@ϨHsHUDjDeGjiʨ2COc9i񜾻 X)gǘ2Hýpdm}q2Ӈ~Qz< vYT "eԷҹߥ5F4ި Lؗ)dTg9"AEc/O1`\$Owԕ(y6ј6(!(%ү>{*OpYYmC ![Tɚ vV`7ĽAhۡuxx%xTX#œ_5b_N  ge*+n8g`evq"":1a|75D`B\ yj6$z[!pApkVb ZaYx7\ޜ e_YD{l^H1L8SRވW۪! VG4 |'L!;=WB<PkY^{N9Ixzq@zdAg{T|:#3984,` }uuchBS !j~J#+j5v|5"Iɰ`vP"Yw!R.A]ƌ;T~'>вQ e uEAŞJUU$b™&Fddvˆ$;OBNzwhɞU7:~J"D^3X̊ NP&LNBT0PŃ+spZ HtaYQ=6*չWOApq,aiDuFNŠA.M zo/4= S^~sqE0` kR ?Q{pp3eD&kBreQ˻f٦.ѤT$h)Io՛|:ȿ-(6ni1)}1mM2`Ks9ӕ6;6UlP+ 8|G/ &]ɮ)4Y\~$mVSäl !W{[KevS'y@0,DZ#Ң|Q\!$W:$Ic.DQH5Kf[z #Px}Ͼu ,9ya??7x|(B{J`;Qe7-5=ƽy)2Yh ֈ]T+W/Hs|"$6 OJTO hDH6=BHa8k * 2(@9?RX-ŽV;§MAR̙I'C]wчG}Ҡ1iD3i&gӁ@DՄ]Yd+xlfs!aO{gZ5_'}&,vQ9<88}>,vrػ +O-ye9o hC~j dva+jbp|w3S|*J{顠u_'&ݲzE,YW_lZ 3[G+ٟt$R2Իe%w#nq"_qގ ǝGȗ>zƻP6"od1K^o*Q;_,?G[fG=[KHtaڷ`2Jo[fxTpxd @$Ȑ'0UN`)£@>ROApT>F)z_YgN(JFJP?_?o·a\۟r\BrO|~߰wU_#>ևY)jy:_Ѝ <-R2fW5B~ CFOvQƣ©Syoɂ(q02Lw,6A_E}u:o{؞m{ss\6J^aLǣW ukNo[>jS?躞Iُk//i>oz tv{Wrz:\zD. MŌYLt憩.dOqރ)=kt @@>D2% /r{o.X/enS gx3)}o \8'YtR<+k}jُ_{~EOS w>X? ^3kvq:Dwo3ˁR7@ZC<4fY=J5lpRߟsZkoe\i|~fj)`qKk~64-m଎u}7zּz=m{%ok! 71T ogGy#Wfm9GoMMdJr*e YSLVOͼ0Q+$f"_k"^]U?l-È}qI(̂']Rv]Y" }gB`R;OI>lG[|O1xC#c+,~FtB'f6g4ӵ$=}6]izSwo_o='ZﭶR=}7MϳUvo19{ޖ;/@A'߂WE(D@0duA~jm}_^hpwG+=} of)^vnm6#uә.S™yasDD2r^s!#Q "َúGٺzG ()^OO*֣a 0Ԓb#oed}(kXhTar+ldt/nPkԌ˽뾦DuAwK,H $b+ S,dHH)TmDbFN\w^\;_I瓡7wr"3G:݅kZk־%Z4vo|?[~?Tyuw*s7? s_Ȩ5|};gn|]5H/y\}>,goܭc>"ƀ AMNϫAr k}/;Y+]pOg_e]\|躿if~E-:+K{ز:?o_ގY FQ i^ g2H2ABU%U5TI=PC@ަ&_[)񉆠jPىN%{0M>Y$i8o!ߓD7 ]$2nG=yf?DNIW#c;;?r -Z֬,_?;Z.>Oo3+,ނb kGJȐufFOG`èLԜR(-J'/ Ow=mnrZ=@W\,DB?YOz>:]#啞>s,5Dݤ+~߹Nؖ^hS}]ȱ=/k#ѕ׺oyݶ{WL}|&n~;}7y'ׯ#}&k7Jc3?w>Ox9c(plY_uב|ow6o-L>oo m\H> s%̇b ׀F:H1dY?&(.BX$FTl'CU,g!XN/|+4y+G$' Nx}D'}Wk-f "~55%푧i*f08&I бau|^ގ:~N7^cm󊔛Ov/ij=XwKO=4?_?Ys_q4^՝U7j~vqoNJQߓ}[b܏ޏ|,cavK~[*k[ҷ/}ںf|f>!ϥ:1A(Y?-9<9=>u蓘,ȡw3(R@U `;>rscb|pL:ыݟ:۳cR7fg}=Is-<@wq[ R3o^WC%j*^Quzya߫J~5vna}1'V{U/}`u3Xbհ Xuc yZ~:i;?4G/ck1r|u&2S?O;~q;=T=æȢ6#efoOaꯃ3@nqH0 fG)$oӝ1V7]'?N=a?;or_)Ww^༌'bz-a1ַנӦVw,78ʕT82OYTz-<>#yS35/H۸26@by:J urBk Z[KƎ%+m/*%7At}¼!r2i@]BP*jDAE)D(Uxlbu07|gG漯O:jw/z*q˟F6;QtRKO_!ٱV2_x4rOG|~i["00v${ƊaKZNJ|uhdFlN;3/KA_1_LP1NO-1n2J^@1SGMEQ{x꿑1lZ-)1f>_{)KDuwoQIJ0FjBŹ12pdI?Y&]0Y>Qf\i[P[w]ג|꽟'=^ow]cq,Y9(=$].LͱKAW]CpGe}o]n~=o>Ȍ,8БD LFm4'; u.5AupN?VK'ߛ%ݎrp,X]io>ݑZS޼ l6j;/rKI8 a?s3}"p>E [?C3OUǣVSR{tRק턍ǰڠ}?Tb33A "gbbSj⯞cb5T?i+~Fh;5)|q$lYȥ~+ -ހ7IvLB,TKF=^,kMO\O@xWt~'wUu>''x6$q⪇C(D>~?mۥxo/\ Fϻ}o,Wr'!dL! ;v^|BX<&؏Ûfu:S P0Ή.$ !^$ͦ%HGdFW.Ph9Cf|W^qx`UEy[ImyT"MsIZ ]WV6F+=mQY*dMJ{SQ6Ikѱkbڂp&Һr[7(JLH3*dDʙZLS0F),jecP Xluxݖ4a*4=ho┴E T&.3E!3ݢ;!b7J))B52;_ʼ,T@Qb!WHfkZݙEdѷk"`.לZ1$ (ZEf)Hh*m6h-byMr"suqD0U@P\CW)1(BcA%/:8jeDмَl#Pn}*r$mvۭXyPU͠3S4rFm CE;yty)( -q-yb0L((T֔hg^{ɢb޼" cbyH͋z+)]^&[EHW:9(*%h,1 hy7k^&pį+75t#:im-5IbyIyN$:b52GNramДE$1J]J"vfTZBUXQן:+EWI+Q"]oͻ˚䓯2G0s#sA4:xYP 쪻{,5;ނp`KA%!FiukT)eƀI(LDZҸC: s9ya*xV">tqqECsK:] *P)˹T%0T%,Q,:iTl 㨲{BګZF/I!Mn14pœw4tі Քv"6]) Z]^F7Y4YCCCtB(8Gi).KjFwO+(l ] &hU m+ C%Po{7i*\!mڕ GE]%\e{I8畣T+w iTr˕w 㶀gbBXx֚4 )mYetF]d`Da6`̒I8eԺ ]f*4a . "d$̻-ifR;djZY3) $$m8$ȩR,YRVbwdQIpZ52a4Y`Ewr]imܫiiiU<]$0~wl몽ҚA5ֈڤ) $>}]EDN ߗhKK6Wmd-ji˭k[n6[o{.-]&$G'( ߨކWiYӲ "'l]kDDd|&gOh G?yk+6ICV /" a:~h?p^mUo猀5.yU|KX+Ca4^̅D&.CW HMmda]M_"Vɋ,@Wn}>KFyW;\=(]Po\L[([z~(ܰlgqm3eGީ3?w)'z@`oQy#҃5'W-7`x^擇az9Xkq 'r׿Nץ{C[:{SJʋҠE߼N6oh2ݠٮgQc!K~Zz۵P2l13כQ`ɕ\G-Ms۞^+۬V ^li&i5:J*ҥ\/c冗R~ׁ+;%m_r ?x 8 @Y$7 1ڀ:p@n/= T·ol(p9uԑ!w칚IOqp(KV5@SܯgFV 0~ >0_Yz2=J֠wmd]ag ޾_QSܝ6/W325fLF20ʊns0 h1oxTc_mq5%AV]/Rf[\*TK/='讞~39}]owM"]P`Gyg8,7w}9σUykx EDB:pd ^% f`AyMqHxO[b8:T?[ &`'~W.rfdFdFpWѲ<Zrm>Ⱥigǰ ,Akݏ8ȴh:Χhw^egǓ{m2v^݁d twۊܶveL}.hIfT-VWzާ+G]/\ۇcwͻ龛YӉ}qf4*pǍ3_Gg]܉?-ewY$ qk?uYX}b:v[l[;(fM Z` TFv ḱ 72(&/k9~yHRBa{tT sYCAT(j_{ςbL x'IZh0sn_zlMoє! oT'WP!k,'*?_WYAv7p Q(iU,WBr!+>%֊oW#U&Q_aAKk-l i Y,tCiKri 1Ϋf5UF&cAAfs.T̙k.rPV*վuY;Ob T9xE_S ^ajW)FZ3寤V+T Z(Cln&w\4$)IZ/;,* ϝØEsD|̆be z{e A&{tR2'ZM댚ˀ>h6V:[BKWDYIm@.fH"5hL U˓Kf@c,Q Bџ?Xf`H vdʴ&@un롔 p6nQi# jbYR#H2P1K+%'&A£op}D3CUXX ƒ# '80(5aAm#A茁FDqp~ s`3hFм:.qKFdlj/B7ղط1H a80kb燽lĹm0wq{.3}]':yQspq*7s=Z*[0qP.rJt·ـ"3\AP ;aziF4qPݽ a֪n״[j:]Zʐz?hm7ִ5!ayBJ%P&o#c6îxmA*" Ri?$`φ_ɋu\-l^f`WhXg$3 f.C_qZ~~;Wc6M*u>)`%pbb^ "Õӻj,6#pdy7X>y| <L^ "@+ e$27g*>3z,LN"̕ +!&ATM8?_Gj4__s%;o=Σ t'{ P͒(K ԲEQL4gPldÕ" vþn%5a^ʟu߻Qrpكa!A^c^L'5#o}xM m 3G6E馫.sYVc~:5\sﶽwТF`j-S$<-f~]K+6;m{݇ LaXjdL0XA$ecGN$JH9Y+osΓ P2%M2ZvsATć+^6g4p(pvq?1AHA6~oσsWٜї{MA]X ~8LWGо7'Ud5ThF-S4Ժo!ʣ'Z+$vM  1A$e)1 ?4n ץ*0K}m-^X̵Ӳ65b/G~={Yid}A0Ӎ=Lݦ y{{PyCV)l3ߍ}-#~9}'?h=CYK>P? b 8fb"(fuv)#JAb _K26Q=נ~gzhq۽Vbz/^<Uu_iuy/;ojA\ 'UaԒP;Ϸc~X Ӿͼ֞2( 2:Z)v`|dD@:Ҫ 9 AqB   69(gt(+$k-`SO#=o}y!PTK&*e.zb9};y^{b &*#3`mbwb[}Ǣۂ@ i4Vtv\ ڭjZu[ΨH:t 0JҗnثpY(h:㳧C̪lJPhu訥$(.ҷ\k7˰h$mZe ֖{ucFmk(PY lFݝ˹WCqTZP8vF=_8TQΣwHoﳢO*_vvsP(zo#ݮ۾qϡ颩 l =⮰> bL`3[0+UHCv{Oe`4 (o!x|@}砼* Gջҟ^[΀ԾPU3ϼ EW=7$U9f Mz >M> m5t(BPvh(q-΀"h@`FdhL&M2a 1jc@<4MhhLB40M4CLdyde#Se6fzMdi6i螦F'dC JzDd45?P M&b=&M=FM02#`@#`j44OU$BL jm2iFOM@bzi='h14ddi#Lj0L4iC @D&i4ѣ Ȟ0m& M0A&MO@4Ih G~F<2'652$@ &a2h2=lOS'~iQᢃG54d6&F3 hzGm& 2="|{Je}:rf J6NwC{{9,[8\ h%Aa/5DJB)+S`euuiڄQ5?jO.-o6Jcom3YP` F0!?k\Ryv (l Q{qGnN~r|#Y`o3]?g ̀iEak[ҁYz}u7K]ku{t&xx/o}>&` aHH b֖]T*DQcLuF2\]n_m\(Ѷ.Im&X$"+P G{L/PHoi߅J 6M#7E<|͇|ݩu2i7~s_kt bmA Emoܛ\\[<:]`ؤrZ=Lu˕rcQTF6MB5ElAihb,(bqqrllF7x% "Fu856hbB&ֵ +AZAVcv{~oxsW[mn4i,5j'?<)UP)E$6(""yG?= Fgcv[ i&ey8EkBҁ%1uch4SFMGn-i !4YHE87mұ +ۣPWDFYvUԂTq!R~V7V-4FNQ0j**@$Y(*5Be ARLԑ UdDA γ1z1iظْ3|ߴxnFF2KJ(5[|5yIN?>_5&[W%>P~ߒV }eҀ(B #$ HI N][}/cMR}Ց+[QjKyZJ"C?8z駼PH{ _ܙ%ٳ PJ7ȯۦ2??Ggol9흖Aޠ$KT}"0*ȬT#z=oO,n> "Q/ M?/=@oܣ@Yw; '&(ĩBF$Pw{2> '<gwf^U(PPJ$ H7;*(>9ۅq@CQ(._JOδDAy#sFr9^aSzwG} 'Z@9(˥ǻJ\fӐ0J FJ$e2-4O4(A*˱jJI%( MEH]X|vTbo<$EiTQ"̬@7A˘H _=-hq/x\rM֑dR,@Q 5$J#RGjz$Ox<$GU]~rʋJ**]usn.J(8F5J(dRm(𝳥'gպp!#q~zL,(=^g馏~Nܺ.st}~S>)M!Ť`5U$NԈX9.WJhӮkqA0ܹ(H0u2Pmhj+%IR`ahe1((ZZ*ɢ %4$)AF0IKd"Y`|]?D-="w繻|otBJGz 9G>pA]׃rsTU\Vs+Ƌ+.kHw1p)Q -Do+cdP`ı<'$ҹFsq\@Th9'R8DuWk Ukyxhy%{̄6\=s{=ԣ /PP. ܴ @ #KJ&FF|c .WnE*9!vť{q:| )C:] #a%MϩE*ڮ۴qa.SZZ𻯙G""ѧSkބe)DQ\d>iHjI$b)Pa|vyf&ki(8X_8sJ-EϪ0:9 tn߳X{d85MZ{ln6v+ހo/O처Hގp '$uݮ۴$#%Zc=َqNx?_8gu *ˆ€zAZ7K^WpC 5h]دx[=FӖdϫa36my UZ=o?~g{帇q|eϝ~סk \\s&dux϶)~wNx0%Ԓa$Y$B E)ɍeъsQ˫Q q=5^jܘu/nw lfEvD52Ұ ۻ,@2<ਘz b!$a U_5[f֋Ekln,Mk%-ӥI64my.R*3bam-mEHH2J(T`Z#flUFĊ"2$qzypC~gv^ԡ"t H hN7;y}sۙ2 "'M|+Yti O{vTcɸ@ƉPcԋ% J( -hF+>yƈlpo2菣Yer4U$*"%XW$Q1-Qf/KiETzD*eZ]D!mLnܰo_r@|< /z*]݆ć,~C'$d&@L|HD #QL1o/ΣoOGG0xG `**zڣڐc tƅ{Y!7eV-2f"{s[.x@r.aq @$gU12}DHR7]ai6J:zo-̻nUxƶ3HhY%p vpڧnurI.9d~p ݎ[Xnq0LμYn{&HK]Qo.1})J*5"Q׀}W%C4 ;_/gZZdRPIl"E0DkyBeZÆߣ{yhق+ڄpO bVEBF{=6M[65d_&V T{[fYOy،E%DP`ԛ%Db5d(Fɩ#lFE*ƂM Rl ERcbJ dFFX4RƨAThaF,lC*DhY4ß2]z<켮/z7erV$XBŌmRZ5cZ5F6-FX6fejFcf@I4np׿&ϳ=x(Ѻ.j2xpG/v7w9gq& K+L0BPZbQcɽ~|k:lɍ'k4)((5" WWQUl]u͍}@BWR- #PYtZ1\xL -;Fc;rH$C3ުޝD1JsCӦa7|*DI#a280]-o]z5+rSKS|tc1ʠ$ B,D@-σBqSV0]煂RRKׇ|H`nI,ۼE ]bGr6 L!#w$⩿Hyp:t7JePHF #Vԗ1~G͙|1*QL*g<^"$I.Fa47_jOo[7uכ Gk !<}q$$O),J"?jձFb&~jo[qTb*:m 0jo@o!݌Bj"OՎN!cGddJjOU-GUފm$i5EQKIE^6 ;_L ۭ[ET`TY9[)O]*;(Ϙ; 4g NdoÝϙg۫x7LXMbƊcKJR#<]Ʊ[嫬uJH2V[VOwz;Ǻ-n Hܦ--7'ZAJ@3.a4}QUrM|[]6v˜.!_. #F]C*_IA2GmZTNo;cH-==-zƅPUM=ؗ$H-}/B#o^М?q_(6 "l-3v}?sn [4,aK3K:5Ǫl}<- ׷2&'\V!4m8I)r`;mDG`U^ޅuYl`m6UE1{DD̜8I\jHIEGqy1e٧Z-}J1F* aA6(i! S%1&Vd+5jbF0PY%Ms}xx9zIv}RNDF`J}}R|`RQ!W_IErދJv`D `ȱb%!vHqgS08.3BHN-ۓ]iw%q<j1φvtFd)w8,*+5z I$T$V7JΝ{ԥN~͸u K:84J66!iϞG[l!aٴƢJE3DlCEUub9av}q\@s&Y|=:Z>o9fhB2 E8&݆WY:+nj-0rswn\}(AEA,En$7iY:U*d_ZSՓ ozTTw##w,C鞻8{.iA< n;ѳ6.fUa󁎓YVMC.# ZECY]^pn6޷FVE2^*@"00=if'S +l`Qyw4=  wx'J=)^gm;(,00lj$w'DLtL!$^|7뺫FF޵.W$*0b-AE!%EHa,hd$McFIAQ Й,D%)xwNmj~=Ɔq/,tJ\{/HP& >\r|^DU bRU"JEcڈShK%ʏi7fop8f>$!;^bg[o8) H$?fO ;:ewf B@t J-KJ:!m j>݃x/|?oXrTF)C[& yg[TZhɈƍ+5豯*:K:˴lg~ؽGm2焲46~o K "73{%׋a9_/MR8TTqAiJN\X^yhZ1iZ6I3i<"XNX;9) *P]gu.-ºq̈́kJ9X5Ғ<& $YD97@f**X"U 1[ ّ"7T ojQiPPq&uѭ(DFƊh6$¹^lXǪEd4k&߽ʹz7()n0C` atbdm-S_{{mշ}=ހ2|9*ܦwt,/AV7J{g1S6"c#T-{JVkc RҦj6}h ny^UHѪWWF2WENVĈj{,1O 5- Fwp*D'!RӚk<.HA˭QQ ==yQun@ fAKD$V#s!9Q}% f"00 h*"ǝGh0 JnM&Ț4[9If92e\|Pf@#;lہuVPI7{"UJ Y=69Vs\'^A3ϛ_[(`a ͙":`!84 Y)80YfuBcdu5 (ቹu&VboT|hm͋lȜO$)c"3!TYa d g KEFc5Ѡd[Zո\RAU µU[dѤI8|eD %"R .x̯:؆dc<߾HF\?&&ݒN;{6'L2w\o/٢߄HawfH_kL YH饱K]щ(]Z%d#]"M 7ǍGэ K,.`nw[sbk Ö|ϋzoN$*:vڜۊlIF;6J" DM'6J`UBA,qëu34 b$ ow.-pa"|Vry;$Lj1^vJ(PVi&YZ|{=۱tIެ#":(4EN(cm3Qu/UQ WHl qfb0Xw`$d`9z,83XcP׮Ǝ&Iҝ02L- Vѳ hQ_;w-&%]1 Hұhє"P+s䐓,5жQE h4P m**d/P, i1$A!hk\rCYֳC(TYf 8ә찠x1*aee`oMA^6H׀xf^x0Sacb6"[*Yhھ H*1JMGZ:6)J u X  5Y 0lY*0EQGYRgy3%+k L).4clRՃGК%f$wmՅ &jڛ\\{r_FjN 4I[x&65XP"¼;F4 !sYM/0.fcS\MNo$wL *4cc {[cОTjL1Hʪ \X@,lpXNJ( ,cS\])H$YD'kӖDD/  .R$!TbQdш)Ԝ͊($1"5a T\D$HFE3 vuA$c"TupÁ{ӃJY]IaG D /b檒[t )[J5J%hr(7>&JQ )x*&i# Dw\xL(ZKSC-N,$`P#8^ 78  ȅY3hNX DG:cJkJ!#8@5"罩ޝ\Î-:Ey(v\ Ar[pEb%eԼ否X[JÖ0_uerڠ* 8򚮍r{3yƕe ECW=^i;zٹlʒ[Ĵ֛̽oex>YS?;Bi7 t[’B+BI(HTOvfRoÁ-+MѺ*DalY.c,%P% HF:aln6𐴆ވ]>vfPiO!sʽKځ{C€pMдO:T}xK꒷R@XXڷkoU^T@022 ` FAI VY@ q}AO1@ cBQr;%D CarQRNQ@ Q; `KBZ *DZj EKBXBPAW6B*!((3٭~?9XfQQ~-"!@ÂP Dr(Y ۞6 {s+0t`zR 5|m*nr|;7Fs* I1;[/ "P:olF"IM%4)ٹAE޹X5 e~0EzZ7EW C1ٕ܍RD1#T"ӸwV)SouF hҼsTa)59Oʧ|t7?* M1oz<]mqJCN欴dڈ0 He6ʋN 7.`+on3b=V'xЌ&JJܢc$w  7;zǖS2)Cqq~ve_S0$k"enntߏ OY:kEl_aaWYZwƝ2ܥ;q d=lN]\A@:a1Exx{>=;Mx(>yӒR 9Bt?jIM)K"ZdVHԄcMH QH"$O>Ǔ>_ D4z<3<-~j-1:[h  ][0ϹS/e ˜i\Ȉ^QuC΄F ed9ytjRD"syN,ZcJ e-M0a_]]1cCpR@< ~?=4b_G{mj;ӡ.>}gd5߅OǷ,zw*'"'괔> 9wd l6tz@]>38q_+9,}$J?ß#:AP;8.3zxa>ݨS}N|*T8A T8wupu%SnSwpx[rlۆٸM64d3YLHGE51zJ˻j@;]Al&G?E5dPD.yA#m cF4kRhE[(H Fd @ b4nr*fHQEƍ5'99ʹR HƑH)f BkqA!b q@uiAŗ\H1 ҹ'>j嶍E1Qb) "%(g\h ([*AGA@n{mlݜTi\pP$RH HJ$@ $HܽH w@zR L\\k *o"I(舕7ojn[KS &ќqntt@ڍQ#EU4fh&ɱ%X64mkF-TV"B&QTcKbѪ-RFhm*-lV6Z6fѤmQb1bV"Ij,ljQTTTTd1bTQEƃQQmQ"QXIEd,TQE0FƬF"1Qlk2TTUEcd1m(UF#bj,XUҹʽj뫷.V(-XɺWMmy A[eIـ(dB)R]@r6P0Q7+8=]U-أEX$)6ia,l4Q"HEF%b4LI(%K %ֿbDE @*0UCdAR5ґ H(ȍ Tb$l! URTJed{ieN:- ӤClj "Hԕ 2PFQ뜺x8-ڸ2TbCt !/DD5(izǕ`K)I#!RTERo+PQRq^ɼLG89reQTb5b5$Zűhѭѵ6ƫ"Ѫ(-j-bآѲZ+chFحV-EXձb*TU"m%cQTTm5FɵM-T[*9Z-ڍXFbEkm^{mMƊ5JD FF؍Ec"YjaiMAcb*a(hLYj65hFѣQb)12"ōu:#p .tJFB5pb-T:b]TrZ m@-Ff)ArtuwVZ T6ڮ-F6 j@du *l U$oE'78(wcUTZG}UZ!0h4ԃb@s=h1\U((d&.RCvԲw.J^fA[bAnvkՉ$2օC-A=D\39gL&򠞯=I\Y$؉|q&$s9jm]\Wz?WzwtR$QDB*TDt dU@庀S6Ib4pF^PP12t5䄖 .*ln69C{,(لB&Pٍold8EU%auӍǪtNzDY1f٭ǎyT\`Vf47ȄEbZ.]5ŷMQ@$Q!B[A8aH.ٗEN(UTwWW6kOK5.^/A]14btiHMl[ 7UUFP} T9ލIvwuCjz=j5h"+WZޯ߫P{v^+|FJBZp`$"LN1ƃf?'nrґ;dW 1<72⡲(*7ɪҔ(Z njS*=QR%DVEŸ[lE۬QA$QI2^1FT :}syUD떔jnV5Fژ?@|$?qݭi nNq *d4_`lФdWl+ DB'(uؼP-0 7`S΋( Mq|)8#ށ{Ю8[f (|HG$?]tRFEdvs+-+_΀bS)Q6舢⤂( AQU*Q A@.PEEn-RUwKE$HDښ[qjIUQ"D(" QAQC0D T2 l(rEk9Qp y?lU- ɠfQEV=L8Bj(P<΁H`@b; <N'AzoǀzHnӦ-t1>EO:x-?veXo᧢zJ`}tA5_T}~6hz=qØ 2|7މAAwObEEBc A'>S>'U o(/ߨ% Mg|LFmM+5y jan;v6e_,Ы.O\ P >)L7#rsx(xes[+x:~`bp5sD7bIUFQ"T>NҶ(rxLg620(a7?]Bjy HCC?b.mEW> Ytnzs_Ng IAn]q 5MfC&k"gkig})ݵi˷fiFJȒ)"#&m7rMЭݙ(ӎ:,S{'3/+`=<L[1yvhjnn68"|bLez/W+C"iZ/{vq\`N|;&ӲpMJw(=8MAUHYwf~(RG,'Qdo)w:p0=[E8S<4 B_`4[^u $3]g"/zgfi% w,]m_g}[ G<}\_9G&G\َ3:jY!z{h٭F*5;}o$nhPl^N{z5sPx5}\ɘZ Z0&aJn=9z3kfz  s U?b+y A*# MK>.u[|oeWndnfKCw=L48 jEdb ǁfr?jxs:'o.-"*h9 BClcn4uz> Ϛ6 %gH"" @JDO [5A w\jMp#ӆE_Cf r\7aA JR (IotJDX#u7B*U]N864#nyssweຶ2Fז`Nt;j3gwnճɆwf1uRiٝx`j-|TgFIP c8]`z|4>>}vcOG}@ߌD~Л<au'3:N!!r/A/AfE1|Q <ɥ`2̦E/I :C?fe}#m3oLvl,fNrĔRl븑4zBN +{]Fa'q9|@H&.t2!Khr X&-2>Ff#jCdFUe=d)K0[th$rq%SEUTPX`Q#` E`6Ps`J܉Iz+b:t/w *oRv7җ C<>EUIijAQ!Iv @^$|˰$d Ra{ 1lEn}ibYoYNR-@mev 4 A?ab1Au=!(¾DfIuF|_/ܯL-7cC/?M#Pe`Ֆo8\)b:q)JI#B ~՜> ר1"={mE֊bz?Vu;٬xס7ڝN[{Lf !(<\ojȵ!'ݩM>u:pY)6sfǑ%SSR f>#iv^6A=qS6%PD_WC&k8?8oaNnt(w^4*A?iAQ1~ma{ !J[h}NU<  /'jq<ݞmW7ïעD>玹|}2Z,`HƻD$ H$I1_0kx>wnse(ϳWn^gY5F^58ef ) ٪~sJ._ t %"AH)Cl5k:t:e0)q@~-xF$ wm^P3Q*jctY?j:2QwgȂ % .`! yxZ'&Bi!7?;"k;مGMp!C`M"G@pTLmhceʊ'XKޭY;7 Qa"%(̝I>jU8 `1 f-m= Gpv&I$.JSo = %Fx^W|/A; Jw~cDΎl+:Y8?rcj+jjB K)I?FEUD#_bж4EhS H&Iwilӹ\ԩX8͘7 b Gimn:ovR~J6֥GmD쟉:.]?8\RO;pxo0ǣw#z- F42RmE♶Y|6M-4F7նijSI22mmP5b~Wpƈ*ID(P-A}fJ,c"(%‹jڿ^&-9i..6Ƭn..7J4Dj P0as:Q0 b\B;78wOW%;40Bb>wbtX/$ YqPا'2o B7j%A FAP eB?a݈Ȼ.}'& ~=G5CSObE:[˚iuo AϏC)A%?~#NJ1C-T~3 f!?J"Glv % vqjEI!c o\{ӌeGGWDJ.BCjfDmV U^ b5XvbN Rە +W64+*п{mJkdk"yvj\Ƣm2Dߧ }C(`m7K%>d$X]}*#h-6.W~ >oma H.Cڷe5Cx5vϖ'qF^ s%;ɀ"rd Jܱ0RHAp wXDtPň=5 7`p>ֺ |.f=Q.Q^"TDA8 #m^y 2eύ|#w4ϙ?Wb[TKq0ǂ =*9x_Gk"*"ANJPUSCTM̊N5{;ζz'DL)snx>~v7x9'?A?N(ߪw$!Hw<>/\9*xI 7Ov〽/;$$ HN\O]Y?vpkm躢Ƃ-[m7ː\@D ?ȿ 8ߙ\˙l6rz}\wcn^e?4$P3cRAdWC]oB@d;PZ,!2] mtoLkJſunѶU~+o6RB4U̷%&s\k_xm|bN;4칬{=bz?b߿굾e~O_~(KC"(8#r<.Vs/5Xg_ "'=%{hB@ v1b?-$Yv$H2k܎7oOW7%xcp~QDCnb/Ȃ&D],{UuNW"\@*&6'/l:Ҁ\S@#|93~ݮ_5]Oe:6?k!!???az*:wSa/PA1 'NOpNI\{}Iy]7?w,ݥjlc-?ܑ[u>[d'Y3{.[p> }OX=oy]$ AJP a#l}^?'q|dٮi!Ћ2'iDDQw9XcZϗl8v ]Q@o@4*C\E+gp}J Eض0;c=:Ku¢}"G#("eA K rpPwD{}€0>dT8ZT`fMRkˈ'-!;Yrt=rdsDC׏aƱH* u'>r+G?nKVu ɽF'J&(*T@VW>+a#"Tq].G7soz\[FTsŵ;?cj@tŷq]CF?%E␁=W;dWN(%1vbCp >-5;s~gf-K R֕'1t_XE$EF] GV# suh~ Z:Rddz|?]z^?˸f{Rv_:aVDE|rg-H-GGHqQ~mb=S|EC1Ph-91NwZJ1~oCvِYk BL_W@#!iC{aaJ=E)dI+DyU^pao*yUnm&藹nGe]4(!cV|Z]SAXpRn( ܭ\u1ҹs^IfC]6 0u V(W05İacNo٭*8 Lx>u0b)8$X֡^fc+ CCӆlpǣyAolTU`VPF)?,4 'j!v a<[Aa5gF`B-Eսkk@ s0CHL9X 4)wC c5$kk|>LS`i3Ilt5UeƠɑf2NP"\DӍ!'܆=ά*x.糃X PSʨ.ɛ1(Ml+:{ys# I=H,5IF{ ms(Vk3ˏNdı Q FBTU% k1⭗f"kqRS2U GnѲS5x3$Y "[3߽Fz9>p߳Ujnn|)p}7I6QkjJZI|4 9H Q sZ޲eB}krf6$w\e7R_9a1@zJ7Z[-tW \ݽPaӶ4r LSUTk @ıhՊh#ɞxgucj̾y&m;`DD^L]o\Q/1Yx^XL7"Q4z{XӻJ~6  SOPez}*7r:DZx]ijQ#(ʸҲ3qrjCp1ϡŜl);̊BVD*BV#  {.ޤ {CyQs% ȅ2Qg&  zEdВ "LU6YFa\oL,)uf8.ϲD >z}nq:"P/%`"rVtȀ5U>rQA\G{/jkEwh|tE]# ?Au:z֗XrA.Ibtc'G [D\G,};.~nyj&Ƀy,+;awVt ԡX3 C,\S9NmvHg2 H(fVz".myyS~D1; &]QK.Due&ېa$b[wB(B.h,9;6Iw;dQa5Vv)񒉹|GDiWrPC :!Qn!G2b3%=b ScP,^ B} EE@f(T®)-gH;cKF wB$QUO5g5ʧ@dשew魯3אk[KAӭ)q5q6,;T=?L]/ lĹaV 'Ob2j8h"xѐ qې q` +`GksVv {yvo2["?ș3/#klVpa3_즁^ri>pB:'fmiINRm+;&2 1#|T'O4ɞ#oI 9jb̧͊;>y.g&i!D8%?&fxR 5fLc`8coGxS)-v;k{MUj^K|U,ނEL!T$fN7W4$fh˅CG[_5L=ջZsnL? l$GK1ٹREia x~~5dᚖ'(gEv_e(T#a#F& Md.  \ܑ.uHs.z lhsH)T, ٔ UT!~@ua?;5<=">'UpC$XHZ<bgȟ[C/p/MFs [&oڭmwT\~Ql02+UJ͔{[xvZq~ZVKeFvVC^nMJtQ^`3it=ltf1QߚǽR'wuQU7XRH-ǃ2e0@s]I:nC)n,2t=IꕱLn7[-=A8(9S5A}wˀϲ,m!VSdC/R,ڼH!͋# D 9sY'`GNPL :3J$(N?8 |-؁$ߵ8aVzKKeyoɌƾ[7p*r ;Vs)%pǢ'Acc{' gYi-#@ĤF4}`FߵgŞ?M5bAp:)ğO+3MϏ8L -bfB4(5UUYaM &쌵Mb]e&#D*V;6vvET&3XکYwib-.;00qz43Pٚ 5JYlD `ԩ \=Iݦ,BO]! LԓwX̌|Q;"ޝTFRVvDaTpX aɚ|Y|3Qtǿ U5C{) p-Bj3 9A0QD^bSjv3R^a_@`o4>У*&jDZ蚶  *M,^B!Ɗ,\E_c#9!jzT}ar!BNGdSUJ?|nQ-oYnWDJ`B<$(| vE"4*f? !6{?/$7E$4wݝDhvQ# >(x~W y p갊`΁% ב! sicYtYV} ?r-1js8dC 1YLw0ǝWNsY3Z,ע=+ӊQ[N#{,##\j2n/ )cz#մ56[8+3ʪ./&d$?]cDh<N~O^xȂu)=T M'՞Cw`Q/bÉr=Rx0;;QvôX~fL՗kS_b>5RsFWvǗ9mV#T yF~x$vWHk]]jWF1#kL5ܿ0"i2])ɐYCrUάTXɴo!K$--Z#_o̓\x{.qEܤgWKeLu||ˤ>9pzRxKYvW̸hِo%֯4pw[τQTm^h|cx& azu$U֫I_J-(oΟ0iطe-hh=bd~}Ȓ<<ZWH5/ M5fj2tPH$:"Lo˧~/#D |Cwڋ,aDw=].RNz KUT)ȑ*O>suc*OLkA4ΏŤq4ȯt oPOgj7j7c/'s_4IKc*x7lS~EƒB%M읫< ;F[g,j32=\DC>8`ٽZZUWsta)f(J^ x_Gn%@{,%ℋJQ=;X|i:wja4 DA<4h^#ppWlyA}QIN<:V[Y¾XM!TuԷƩK+6%($*Gh4|q@v78A#6iJf^ WeHZML3V́ ׆3͋ -$鱚b3Fk@`-{8tCڅo]}ML H/egKE|ͿM4[ 5U 9:ݶe&7yH!+X55(CJd?'WGpBl8CF1>[zI8xz0Wss-:?ĝ)@ln_8.s0 -16%.!0#MG2φLyuoYEz%ܹa:O"BWC~Sf#:Ÿ=Rƍ{RgIEnmݠў Y{sf2GbE>Զ<W78. jԤ 7l3/j[b7tWm@"\ EGEM!|e5@ů${2G0Ƙ#%a=} ^2䣔6"EO1-k7$? "{iIk 7DB[H{k7XŮwPO 4 *M)j1Oqds~X8ش]U radž Am iDž+Af.KieKX أ;>k"j{>͜cO?d,tb$O0DŽxi?U6 o.emTqGda&) Ԯ(L!;Lw<|F'ȒuPJ3D-#Af|d F%y&"\ע7.IS'g  ?P%(E(΁;'`#_@ دʘ@&;JPEwK^X*e^o6 |/-Kx]%2xI hb xfrJ8D<+)T[)Okcea=4z0ikbXo!eUյ]= B0}lr|1F+>Ki[Tv9hxӔh`=¤fn_qznAɒ%͜D"׫ w{ I@ZBȁ.ίT8^i.s~a-lO0/A i@Ŝ%d:ZRg6Is3&ݡ{}Ma7@(N:z^SGTbU68>"o騮:{+xn"Fæ?˄S^.EtSJ =* >@"@؈CR[(ŕ?+ LhcERnAVѻG K 2IeL cnx7 Lu2g_ IaOАN;%JƳȣX D@64MM)R U_fp jJ SZZf(+u*8򬵺/CPVtK!IcyHnEQ;G /p]10VB)#J`gg̜C0oɴBֈ<P!v2WaÐy{Q;%g%ċ{4L %pDR5^*BoC]~ey Rԃ'^kSa{k޿%1|VpVVv;P&S_Yԇy67*{oHUZ@m= 'N).Z8=&m}%tjqNHls5*NL{)y;Qz YkRuħ^kk!ƅR7B? qA#[mQEĨ#S9ͨo3i*!zRCAiqY jVsU_ < Sf;BgSa^p07=.hr-8!-2oL7̪UϒIέ]9ܪqb=J M#' =g8$Ctg֠V)FKH׵-ÿ W6y`m$!#5bTmpVra t`i^g0u6&^AiFÀ;o3_@H8?[x)ce/i6^^`՚Hs /ゐp8S^hSe!j4y6lZqsб-geIW-" 2] ?mN7n=zm1zm]Rb^)58i1-ń`8\) ̵8@K@=ܰ5@5y n=M!v=ycQE,|Hmݏ%K-D*D\w*g8wR挆k@5;j4v Iwf]B8 YhCrs`Tsf {m *5Lf .ڑlӺ Y7~0mH;rh1e8D%BDZ@,kjF]@?34c&K]n=;//~cva Ӳ,Xύ4aNc.EAqihMH E|kaƛQ8;ɕ/ElSr&Xru@]?L52x L&֩%2b f8x DJjhb1pAD5{Ic0,nR"fEE*A@n0X{b%={3?agJ w:nAM~cZ 0=?B|XfNOlmq`cKSGקx6P9=ٖ,AG6n4+$gO;-Qu+)#MZ\=Rrl #뺚tƳ:Soũ~ejWXuQc(rKW9,(J|J@m}ۉъC|DSvZ~hڊˇ%;0u{K5gr3#e^Ѥ6dr G oEUb;l]%I{O3Z}W4IH k8#(;I_~)mV1%duCP3_P+楆Ef5S 7?YpН~b?k͛{'"N w$N !b`XfQʽƁl/khj6E'&YEbbc :D'FrS[]1QäBƿ \_WXUhq9.RrKfvW,ucq8 ?TLG Vjd~-WUY4f9kRe7;6Ia본\x\A 2]tCһQ9 ,on:G&5zVTw"}_50Ϋvzf>ϒjPڷ&y.9vUa\V9Eus?kE\׮7֌ ezIoUܟQYY " wE^}/T"Mp{G8ㄔ pY[n&JY$q~<,(`ӳL)2ΓtsN~a=C3f^ #!(4ݢ8~_+/!% |(xXA6MP%弬fx:>Úe3PmCDO[S(`=@y(T^T,#-#K {ǼR>ʍ)ck*/aڳ쏸GdmFZc n`fA<wx7u᱁QfM^9'_h{yp 8!$NdeJ^׎/EK4!%3pHI΍zJN4,- e, ORȁ C,D_1qo$K R?a~ѤIcmP3ʨPs-à ȹ"us v:LX=ݺDi֡+cYX-MX+Ǔ__|ʬÙc-#TZe| ]M|!}wP:14EՔCe2m,0-#.S!ET 3x܄0ss{*7FTE)Z-cu*=L)*xbѺj_A_d ӿu7@Uŷ`ըH2'K 8&3,%F-߰%_V`{!iF㧕/Y2/magR>1+UZ5< 'P<2k>)e83ı?e({]{[k"XoEyE*Έ9@Y _q;ѭDZRWiKss#YcshX6]xZzYoVpIuʋ2MX( Y9`N$tm"Ufz U~C;"6vgծ> 87eSAJ JkA8ϳ'U"?4RB:;^A^ndsg|C6Š2i 届SYyWm{ʺŮ}uooN)߈z/h2 Uz$J{Yadahsy M.ÑQB6Ь/-*?و=Q+TG7=z% O\jJX֛1417nxR`id ɸӻ| !zMƜJvdD Nt!hjɪ_ >#uk<P /l}l%;4~;0TyJ+|+nOKs-gs 4^ۖ@A#,:f$״`^gŗ37qL1sXɾ}Xc?"CYя[4L~hY+٘4TGݽKQE5X64q<=Qh$_c3Δ&4>CHP5^<涉C 0B,GH" Uµ A, I Λ{ӜG_-Iu| <s|õf in/3K\0e1fql#x2|Dl~J;A's/E䶇\i;xK<->WD5xtSJ?NE:G\ H!/Y ygoN&*[xT\+} E^ҬA<s*C*D<%j@n.7r,Ld؆,^Siϓ~J;kpVS\F2 wЦx;74w.*3Bs5}u#L\. Z [xIrz!+g?mQdw#2x J,:'5P] $A卑J,ZK񴀲nh+Y|?7f&~k5-Dj`0B<,Xo~$d@tU!=NߖB9qx@|ىU %& O0mkWKu(/#%r'rѿ;5E7u|OŁvK>hf30;idŠXRKi7T~S-IcC[V~7_ԞIWY7EBD?{V9djR4DK7iW (!#9ܡL3k),Hkq^CGПV&(I;꟣/[0ˍW(9<ȱ-\vRTNO@z9n _bZBƄ7n\Qfj${Gd(c>8<؛&gΌ5UUײہ'FL)V <LY+Ex/с@|Kپ;uGH6}#D_~ nrJ&|FX ~:BpRh}>9ԗMD2i_TJǤ`N#1&NT=ffoeӅ&dl]Q #01Q0N5u{s{OADatn_JU\]FUd-ǣK SVC|>x|~ hX|m{EC<~!z΃C8hScd00niv>*BMٝky"164s6qL:dѴyW۲ N{?~>dWŏ`FԜnhuԳbx+{a.Ny(EƔbLd/!aB. #QI68-5gW 5/čgaQ]\8l' \| OGL%3V'"L'S?/ g$iTqΓI,(؟i) <\I~??<˜ pXu ttidԭ`4t1X`rF)@ (+TшSZ*Ƅwu狈|}.tu'xpx9IŠ݁štQY_*BEhGh3>sî7(b+X>FDoY``L54>u%|Bq4hGaDݯPI{Xd@齍W% y n P s7[ei_omAi5~ 0CJ͜u*z+6۹.w? #5> oR+aQ*9!HXgdA$gځJ ƥcq6UXGZLNѫy^%gl[ T!T7丼IϿh6wQ_?ck,'eJ浽zPEa5>՗r%$Cޔ5TRmkc Y3H@[ϑ[ Ϙ;88J!Tגq[KVƲ;ֽCq YhJ zmmJ%b!u6$W?]AW5L:I;83'sUȸWAJsWݺrP RGZ婏b?;#k*h7)x-LukC7fS4gU˨۵:N=f©T뀡Sl0wn-$)VۙGGFOFF.i +?,㘝&j/3j"Yڀ&$IJq2ZWɻW VG+(oc:@w 6fHy9B <nqTc¤>|.87Tg,)uZH?`IavֹBc:ıa[w95$OnTS15{#֛ F91 y ;F{ [QsYW3"E]7nl(_Yl}>taN~$i=rG:u!EY辛+q1m aYKyԪ7o$<Ĩl f`=X[gWO{mUAr$,i.h|Nr(;JWg(kI\^zce|k7?)0saZiFbdkбQel8cOh4pL!2'Li5G䯻6{0'IJK!H1;vVpOh0%5CyIG9j˹ȶI2NɤےR0۔- F8]-~OIrE[WU-7e:CA9鋢#g2ޟ{8+#Dpǟ,5+>69պ ѳeٚ0a$lö)fp,ec!v{T`@*wk,XFp4,fjjXs]xE|Jir8)X2|{zE {ǁtM{!G2B;J8l 2JPQ0/n=2aSS$RNDm?''0ߔ!Ϛ\ކXVldLL؎|lź)n4 m^l쩭ơĔ( YD}d-HO(S&BDˌwF{Lۑvd_P ).),dTKtbr}<A1!]a\m%WFmml4"';{cBY(VSyca?˷m^yA}3l\UMmu\)5բ*TTUUT,0P{Q?зSYAr8$2,I@\&!0.C67aj1oVnCWEY`b1C4c 𹶔}I+ͯ8%2&)PDx}l۹mlD[k5Vuni eUfڍ"Y.OH=s+Ve,D  3Ji"ΝGOS4d*\cvT*(m26q׌e{;(`NҮ06WrQtDuO߫sN@ V܃_{ܮߖvl_dp "[W n\ l}VӉw!@nw3m.{G&D8lM2y#yiꇈc6Qd-Ld3ujYl&;@h[1KY Sꔉ~=Dq#yҞkvmG%+Yðv1t$'@5$3"P~1~457m6!dl ɸm]1>1YS,v[οR!Eay[E+evtr.0m-$񘿞nyGT=͘Uk}<c2D곏_ٌ(<;J"XUG4,V ߛ}g^^E')jD;Mx潎9κxبwe Dn~θ7) .IV|R'I?>Lk 7ܿWK8[/\/O$6e>zP a'ӓk7YIZ)d:@4?pMpѤ#֠_vZ,\] mk"q1IElo0E3XJ0ΞJ\~L]2f?Lh؆(4ӯ2/P1]Įw'0L/0,bd~Vk#5*ϵJh8؉R:rWEםHFc1!Rx&w!:2x_`Ws6Ccn٥7{\n*~D fbk#JtJʟy|F okRg_6PIGvշ,;X2J,EpK ׸=z}"^r}4 [ x4 ?u~ZUv.EӛFDps~z5Esr( (rj3wpz.֒ e%5#w,[^Km1PmI)|0O\ %hLJePY$F @MX#AJ_ڇkcC&-@NFFfU8!J8Z ] 4󳊷evȀ)~ArVUYX@=nghY&ӑtkPnݔ*}8z7{~>q+") K2S?U$˾]%QPDB3Y?BOE謠5*[UUc4b̹)Wk2]0c~=i[ }{%0s>EaS$t!?, eVe${! C_0vO"'ӊYshCZR)8q]<ڻ+rOvzlsh[6+b%]d#)O2ӣL3FG00]U#k{R?)tsx4#dԩηٽ2iQHYݽ0io@ B}~mNPQ?G CVQ)c \2a*N|uzqFȼI6܄I!ax\\uC@xJlZ3hbDfʡw`sit+;/aprA!zB hAnx X4Ӑ~WJabpEwq#(c"M.,^b_F3TsQ-$ H Il=7,cl)',K*5xVݫ哐0Vo5WiJoq(ݛ^5/~ Ա9 p(L.`hWG#O6BȽSJhlyE潬v/o' up& } b-;v}ҧLdXP@=ʂ*޴݀f-"pMyЏ# 6ЯHA!'rco#_8Ïr@5-.(趔/q& XXyC' rx-]$  z[ieؒ2So~he>@d\1v͈LJ ҳz\jB>u0n&<ﱐ.PZ抏s^5 ;\MOn!*,ďN~5]V煩KqǕD,l;~JbO#zAvq&o-uH v** +kvuf.!W՟f%ك2ƼVr@/RlEfJ# 2,-}'$Sz2eW%raxؖA `bT 6(e!RAsS~ϗrx4886i} d8D5qɓлKhO%ŶeY)U1Mz7Ouؑe^@Ce m13z^Ҋ\NkCGgԦk9MHrt עMM%ENo@P _&8Y@H ^K퐅>'l99=V!Yv} v`M<`ȁm:(th!5#ikK֙ 5:5w+4qpYhg.wim 5x#qc ~aP+4)Lj*$ LՊ gsja5s5axtU>1^q'j%j=r+\%5E[];/<zynYb7`=`M$"pr+j3P:rPl-b!1`ɉ y>iNx2(vJR>N~ ߟNp ަD&„)#aeYjM܂'_du?us١{v*ꕕ‹^m\ ˳#oTmOw%Ÿd4['l=UmXpԻO׊&7ve ԰!!FuijA,x.Юa2wbC&kg6(7}6p.O|o&UN; h1٥ZW?5w_q-Gi|%젍Q,`7{24 `Ho`Fmi,x J D״؂ K&hlTpPGuvWfF[zN*]^,~꘷^k-- cupUX0w*/Zm[ՇSSͶf2qBLJumYO DZS.-gsμC<ĭmۻeyx N&k}k'݋zYk7&)>e~^QJ&Oc 臌 L,Mʚ{ Rs 4#g dh爦)by7qjsUZր<ߺ&]40 ʇ|)Z+ؿ͋Jۓ_- &.By_ $,|!N-pBrEUEW`DŽ=ǩCaII|f͛t#P{M%Ujh`0 m9Vb< (Np o8"~CSfʦ6cs!/IgU>b&&FN!'vVy;;Zf[ p P|v~ (g|Y|Ԋ $Hw{V#RBݫy:@O=L @B|8ohs-5BG#Q ajLA^#ulZG T \DŽ8Ǎ}y` l9s.ܻE7`'hACTM:^D2l1mxkD^59_GCM^ZB:HXV[2SªL-`',eDFET:ҋm@AOg#ı ( Kʾ76\sYObe&(ʒPi8ZѴɮ#b5+{( TFCbxOEi#x ~_c ?sv?IzH/H`w셢8C\Le4XgA" V66/Cٻ^u i,|kj0,YRŋ\<D їgW%=Ļ0x YŪhӤP g9%_2=A1aS XobFZ"pW_.2S,"w lɗg6 i^=sn[f=Y |7-ب>`ƙ~#m)69<#d SJ|J=]fxۆ!uKq*}(6Nesw˿d]I7;MxQ=,:Pd-~(i Ӏ 2r)OUKs|yHodžY:\kC B%EKW^|X: AleTV*ɫF7CGf/uu= Yy|l-y:W d-e# n ~A1zd H͗ 7yy4@~*][URJ<#HV:x{6mIÏ6 k 墵L(mYu%|mEËqXV Z?oԿhN?p-J,gj<pYWYl|L8aG}_1JO_)[h4P=nU4<.95X!FzZ(.rҋ2ڻj1?N\3͖wl3MFң!z*_Å5%17y_! >ͪq bOHY+K$+\*WbygxlŜw^ء>ZOVgBT }~!wf(oBww8lv\&ʅEyU"7a#sn m.xxBYc^Ҫڝǖ=(l$"lUMkM@'/VlNBH " hY"^uF HڒݑZLy@Wj֞dKP11b)RqY+vTE9N?? /d ڌEi}r]bw`On_^C"wb2&Zf\|P4 ԜŬlO^8LlF3ό)Yi $- JKZp^ 8),RyvF J%|ɤJY.kV?~,sW^苊Z5`(WָAlȱqns麖5/3,Yt؂rZՓ WϹxh-&,Ԕ/pW2)&޴Z3M51sm0dZ?Gy.pkN)@yc&;J"ךx:iXf.%FIm!fA(P*ޕZkqҴ [N^~a7?WYPOD%f 1\w:!|QQ\|LQ2n?c&]fy, K(1ʗa-R VI7ۙ؄ E&߷Y^Pھ[ZtQg3D5rVBuǀj#Sr86gd-5*ZGʔvi\.̄?zVr )AթCH^fEj2-& dެ֑@'9$8VDQ^B{r5>vkV*uÔBLa)NW&EX)i=Bġ{.:[ Ũ .ڬvѿէWǮqQ=\_Q|xI0q0ʶ1f1w{z^b7uc1 Q'_ᯇ_в+&Zf89RyL| A9Lk)X yٙ܉u (,L[d0"ZJv߹~yj@.VHkw, ~?bmm"-?}6Uf0gWH=Z4]kEEnoYhno0RMtƨ2ȤQ xv`ib^O;ۡ-Q:OA36Ln78.ae8/{ua HOK#qU%#"o J/ ͮ5M1Q>.X?[ eG!k݄}%K3i䄉 ,X&غap"jJld4ʰYRCt8{'] sfIJTCeJco~q"%Ϲ fyֽ=:d{b.[ sldbǀW[N}cGX~-=2UAT3Ph6+aDc&wSb / F !qKQT_LCDX&s2zK-|H.T#'5m5j@^w|{̔Da)‱cΊbTssHſ3pi#/gT)^2A8W0hI't7%t $;˖X x)JQfJxRm.)Tefڡߌ_V䚌<6C5 uu:v&`1PThm"lB88٫iS (-LWWW B"!Y`i1ȗ8RdԭN}l4EVL =%EqvcAN츖:t;ԴrBMPaiy&c鑻gu]_Ǐw! Z ~6jMgˮHԍ(HSө8gk#t!\dw#TǘG" ͘k>LlqyETO,j)Dzl7H&+4Q?38M%lzн0&+5Rv(';4 qzYGi)tAhL ݇εS<.U}P'<CE޲Aڿ'vVl!LV3:$0M@߄[/vC6$i~UC n$`xݓ-+MI٭"tkw>^=A'w qc[5c?*Y"BXշAu[ 7k[jep^OIAYu1;t~djfjuwNBMIf^Hf-9x#:bV>xo2oeUYPݡ XG͚^ &~Q;->>zPVW;v*b3,YmJOqVetiк?MZ^;>s(ӿ-,ΐ_u+>— rTHɛi :C6'8Sc<};yT,n$J&A'br! v(FU/Ug(`v*ȯui8U,f jY3>)`"``\6 T^1z'do\dÊƚIqFYG< *+.?i$”-&¸z9q wKiר$drn)KS"js u૭ 8H.>!,N^hY8|v)(9cH>C|m܀5곖gk%!D xτli^^;[Ja]X'/:Cp R}Owb>m^AC0+߀g s{%Bd[EJT+@(@Ш$~$+;>|)tE9K>xޑ+(p;e'&[G5W:բ҈OM>y:UTGk`ϫK% ,*WQEU{6/O v15&cfaKߦ a4f?MV@_G)( \`0DpZbZ`z-2y8<}lm>8m؀ݕGԍn4uWr@&%N֔U@UdcyWNU2q |Ig dw czJ6O?[h\<-j%>ӑ/nnQyR1S5stECs};+ 9{Y%uf 5Kre&*o1KaefNZc ؝5]X!%vFNnvZ?~p\Wi;sYEEJx^Kf?aaR0Zuo-Ouq@tar!%Wx:4Y0K)BͯnaՖk#r~nfbrm Iը)Ǥن+gBx^I?2ZBpz~)UY=Ùe=Qr3c1ٛ}{ztF\rk>dJy_>җޜØ9Eª:=4藠;'b#Ԗfݏdg*禙y\W-܉.U]d:9~w{U{  ]US:Ya}mo7̒Ob߇/O($$ep|&t vEPeFBR1#J`S;bG, 9,PrJ*R'3yUOǴ,R3F=YQӜb^iq1eJq@/4}oQ3}8kKϏ[#PrDI=0|QBT~z1:Nڮ Z\s.: `%]+ s>5ly2S`|] ǚ N'_\ȂOzqc?դix2TS4#MV9}#Kw6clJl8_ ,7~Pp Dh A~~ptࣼC1z_f~V&AOcG H|>Z?&LWC Ӵ}-{TSJHlDX}YE/J+w{w< ڇ3޷CpeWFٝ#PIENnSeeqŧ9E4G8 xa0y0!t'6ݨ*Ğr HY)`jZ]+cC*~Û =5r aeZVJ`I*&侺@j:`shO#3j\ `$gT//)($Vy4)>߱cBΣbm']cOZBu3Æu`d< ሚET%s ޶`Q 츚yy<@1!W- NB5j)ē* T:*Cy;ݑgs-j@26!|L';k g~gy63CUszgZ*aR|s _kKo$ٜO{I|#/z8]c/zp|xKsllM^J.,w&YaS:"=[)Gt:X1C1/ĢcƒB(8DsR˶rTTF"D|vH_UR+MeV$'n3k1&3roF.sΡ 8tI6k߰T>6K(mewnP|IIo>,,y,1:M FRo,Ź% N5m@_`dU #;ۨA;eb2u,rwޠE_" &4J]+]'sOД"57 CU>Ҫv란j1=NxJV$N8MsB:Ln-+>'P$l8k:ZTr^6cDۖUz'GWʖf ;"Qe2`;g~BF*]0kO("B @kޛQr.А<{ӷo}ũ<UW[(pQ@WٳF?ym)?Lnz DcSoJ_+Ɔ{lXmBʗDﴵ.qg K'RHqKYgr~cku"I[ *f ʘڡb\Я"1i"H_b) KѦYC]G.-8$kOb}c V*2iⷷ.v< q EԱyS:V}jm&?R*Wr਽T5dFT /N=BD{я`ôW:jm4Yǥ $4=t%xf8 ڗEH%! /^nJ+YgZ%'i5}24Xe03(uR{5y+WA:ӞAqb{k$xHy+BVet&t>%:<`̿hHux-i\"ؔ/زXa{Brl}X,Ě$rg<2@&OP.W @`0٪cffijXfQ>=3ۭ QDQb ;? =<3TM,pp~p½Mt q7&3*`O͸BK:qAj.'0EaF }f2$[6t2鹂>HFJ9Q5NL\aCAbז^T\gx:pP.:ǘJj6 CTެfpf" NWKR-nMi(Ok;w/WOa0H4R,21A)z}m)^wujvk=z}[gIta1Sjx͙1mXp pthG xIqPsZF1RPp L"Tio5-C3^~ӶN#j!Ȝfy: XibQX yY~`^ٞ9^a+,J|Zfb{VUw3l'ߥaOϾpjZyb^1*jr tQ,8[XT䌿6b:,5m@eQ K5얎UOĩY w1p!ndѹNW"S&l<c'#z+gђgcd-o ً>II F-7} }u6`;%Wu6mjٷ&,ȗZBM*Q#iEٜ Hق|8I3 vg%:&C$%&Zj #2C|;~QԸ\ ItC37ECocUt\v[ӟVhK]#]e:aD1вƆmCn2_SG.+5-ЙP]כˊ kw`'Jᄋa Fb39rJ뿖>`|BC$FU{VEO˯/_LAwz`󐋮*|ޞ=ߔtsʖyHa5CZуF!GqdcڹvHDN._%`cPZo{H  D;$BGA,r[u#/.?}aZ~XFxx SkgM$ ՌiGAk!̂ҫJxl/(Ջ[Ň}l0|&$%ro䓛}f~Tz햼-tWy %F[*IΪ-ǔV_Tî.,`5Sk%Ej%A7[7:~>d,9-=lQN0IMLw5ơ} h%⧑S56˱`](U"ntE6z"sD[q=1JcԹH i?bk@{>/e_ IfZ+&.?9e-YD6,Х{AwB&\ZQTFq a>]ξwa-~@gI%L'׽,f}>"%v RD>"iOo,$;{K?z86ُ_.ЎECvjj7Sp$9xPVL}6bcO@\) !g@@3!oj"Ϟf6](hHACZf @F?|"oEE)eoF!v;MZ[-DILu08tW{ssdzD=zhIJ=X\Z1Mm4S5\`LIHW;VTS\@`ӳ}MysZ]zS3"e 1=)]?onۻj#> 0@Wٓ v~E^6\_{G7b6PR|]Ӳ5кMDR9*j+:7h07iitc;l8G ->t?!OX}HٶlTZ>Ȅ~j,ykEJG?OﵱۮF",Jg߅b>%PFpW=VHP;F]^6i?-2]E=a츊<;৒<"5rɘb42 }N:K&de(h?~]dۼx˳=dtI>Sj8yܨG\>2qIwn(jg,y>@Wz9ɯ{Ob̋` @-S\dC$W9;#Knd\~=3F7wMF\7iT!KMzXM/.<:y4̀4$KgV yA;P(|rYj p[Ao 3bxC}ax]t<Ԁ#\^xugQ&}uP?YA=a-#"-Og;&S>;$d!nf}']=ħ#.B[ {Bz.i޿~b.l?﮸Mŗ9PxM0kD4%?AzOEK)ᨆP'%9CSi :FpHtJDYRxInry۸ XșptlyHyo5ġB !ioBryEoJ8c*k~#b4U|&qP)OeȢu\[2 =אkC˘镹_ FtdBnM!s#5^Lj@pd:P0p"FoD& Q5mvK`\DBL tv=(l )E^MjP"* ׊~3.yJ`aՑ7A(JgoObM::wƟl1J)-s_S՟B70`1)BkvML&k!PCRJMf,z:3?Pkԭ5 x[ 9B"`}{wUTMy}ѿKټ֑g1GA~/:2+RBEO%_w@mի_PRKPPGuȚpGr&3Rs xT ?NxYloa_dAr@b .g^HMkP],͇##nqj HO1.)Jrג =P\}`%5 TMK‰53;,L52Be@*oH!ny1jh~t[W C&ޙS1J)0Op{#jô |CYmeZ=I@JX b\o6,rPThY\Tsin-[]uEo7`Jֻ"Yi2\l*dߵ_)_•WX:f,2M+Oͮ,p M'XȊ:y8"8S1z-BqHd3f{,Pdtc<[fWD2adϕJ|Y 7K_mi"규Hyt y؆_VIwQHG]@L,b[OaƊӉ6llfiH JhP+ ȤwFWu/a2!*g@+# Hn쳽E2pbVc#GtBM'5 ?-AH%S4jzxDg=C=$h3yGD X5~ QI*q.\Րc9|R, Tph'3\iݾc9oHjp/^U sxꠙu+;D/o9Θ pwpYP_ .Jc@ߎ\U_Ǟ7)L)PBŚe,Ѓ@٥2x$+NZm3m؅_{اTPnf$Zƻc) 3iwwSS BU pl MqizFBI˃1VL3<>5ΑLð|H(&C,D?> <}!t"Ј5Qw)gF%2=VM?,1"a102 qOCW :WsQѴVsRcՓl& āw#!4/Sx"Ot^0 b%̿3efzVp0sD߇-DLzfŰah2+PjI-L9T@$\ӄ &\FiWJMrOښH!DYQvuyn;tvuOyLx&=z Y#ֈEndRgo,:Y%‹D>Xm,>`kRL]J0]a8 s.w s"qԫ>ejf gmu:yqMDr&A<L]g y*{ 2/ \y )$4/}̹;=g+, yWqn#g4)II voQ]0lj:Dn>o rLN3_vFc^w q8+y4^0\^3 9@,Rψy2Ƶ]fqjmZ̲[P]X(b,hhA׫7(X=~H/C,~\VA0{ ݳNG!M@WZe8,9@26fʮ\ywVI˛[UZEMa~. :3 Xf?Q꼋)`l"%QⵏvU`Y0~2x'ٖs!&\Zhl[SÎg"! ]Q{s!ryz`Xh=^Z ̢UP opHMאO *!u-wRN,[-~+z%CՁЛ̡UQvc3:П"B/Ca 7TY{SaEU׺`\~R{u*:)g]vt6P*"{hTELKg- `N›H$m_;b49떜럪sդU<k*ܼJ-JOLi;~*zU{Tʧƞi_D tWKаl)jAkMͺRcȠɹrk)ɍ2mV4˖r_4=msGPf߂,6j>H"%#vB fj2 .[gOⲘ?j 4FBBBM5&g| d[RoNpL@2-/4Cy\o'T._iyw<{mUٍ!t(~>"r%F0W}'fG!i76PRtcɌ??MָYDQ؊jEYb0y yX{;ڃph݌ T}2IJ0EHY͆J4#e͝1N U#݋Q;81.ؗZsu,-:n؁IZԓTDUF ˂H(;zl2jhcƏۑ׫uAP'>flGy'䍥\I̗Ґ/dׇ xc 2@U dI{h6h%grO@]{K`ޞiJe8xyf3~2̴dJCU{Wan\'^>TYf}S6`6#7:pNgdCF (Klc"h&sdž,U£$FRf'seX͑Is v[ωMӺ[Ah5bVG0D/į 7IOSĦ`c{}^Lt*r['jJW>- V5Rٹv~*((_KyHg5#cL 5vw>ex`3=z#`ƇvR0|gCzOGUfKy (h;-"u=lLb+o#k=%F.Q2`C1?}}cR% ";k;n7* xBW`X8J/Uua5TXV3T0+( 0Z8=(A?cV"EѮDJr|w{2IN%MŜ >){a{0.3v.X=t%Rp>G|u1#raq/:e*0A_ߚ` -ǖQ U D9 B*CHHjUn4>b"1mckY<-@>65\lN>fWrZ2Ga{94қFT7Kno٫cyz^ܙZ6NuN^>>ki騹 MڃZ:bjG 4y"@ W *u4262Sצ:'i,t*RE`: B.5[NoBpm)yFRjmy|Ev}];?jދ-Tvwg)!I.o4}ɉf(cOq-3=#TWCEAP`ƩNXbH~jO/_u8 >Z4B![$Z|1H(yu'ܑ{OBY Ý ~RryrcTYBӟ3 94*,F tLg~hyl`Le*ߐI(I"rj윙{EGݮ?o{aj\Tkڐ]WF]\}CDn{*?Iq%c:EFZQ4b 6'N7~@ LcD}ȼ/U FE/4P!-ay2),yHX90Z]^~2oql(̽ W1 j ވ|3 Q퐾Ch_ 3G\K[ _h{+@yZdj._-Y{MM `gZ0P ;=Q@jeBkrs )֋GʹRޝͤd}& bwQͮl.llO'Lj2Z9na7#C0Ri3ȗ mEYZU6=AuvanO򧊂r9?T Lb>,*Mdo'*v *ַ3q3!&P -919Al PS*WqDy ?AaL18ݬkr,U;1[G24`֦IziY\`˼P1Yw:m#_Kvr¢cK!? 0.d @MLs'>HBǴո= o[.`uƱ*{Ebn}Þr6oQ3|& 1~3 .t"zFdv -:CfWf2""Ǽ&slwr!S//ɼMb~V WeݐbtFV~۝tYvuČ$J.ۣQh@/5\(P2MO0r '.Xj {S|z THOD^}5m/c!GݙLd~WT1U'/jTfr !;چգE#QI-$ <2[ujb6+ZWy{64;h妔sY#>j:n BBgI? %i`y1yqd @ծ^BMϮ܊d6lQwᆖrg@l%q>{YT L=79^A} r]䆬D*.pM&ʱݥiu hQZI;5{ǿv˳ ]cF,GQ ,?ȁ7J~oӿDKmkAE)SYffI "YfأAӟeZ*RF \Zr;k^le؇dz mK ҮϢTRE^CFOWr4. o w7/n?l9 է_!ۅrA,4vtW:o6de$-!(0[D8a(odjỡ%Zy;b>arss; 0{!h.ֻ=j@тpLwi]O='GWt3Sgm :LG*"P<26[E9Q@њqb+,gfF&U) $ҐGI#xe=2vtl^.{*۾ m rVsTΔVyyI-Im&kGQ3˥nxFPmʊ`@,-} P0ЧC'-{mΚPֹQvYxv!߬g@jܢ!gR))p!ah1yjm&g CwtG\MVS)"vtV^KNi_d!tVxn\5bvd~mSCPrJ O)/cf{&h.]Y@0IWJoi /D_K.z<|F1[sK Ujg y.mgK ޚG4샋UaRdJԥuuRc1DdTby[/ ^Rࣻs -Mh9G쇫_F%he~zE j5yY̦$9t`jF/&{rvKN7cB94a&P37ɨe WKyL+?j X Hʻp1D-:JJ'\ZmJcX&.(y2y Y#)%UhPMkBFCG(*B/թ O(8 "^Ȧ [5ZS3Π#2q 3f% s:ߙ'p8q8 ','ۏFֳ(yCFYڡQ XjNKŬy}%[c .jKpo=>7SĖb}K]$*Mիn^8#lO+,8֐-ցٰg(kYKl%ܰѝ18iAԕ" ! y}a-9oW{QUnIs?,w6N'( @|Z(eC،T Z%C0m`Gi:1uI٥MgCl$, =6 d$_Q;-pȩO$o3}|2OS0#-KW"/{$.o|RRJ8fnӟ]#ƒ n@M x] PTu ҟ.L}|,<NvA%2S62N7i7I\|.yJ 8({WplJOο`<\$jr;Q8g3"PiZΥM6NB-;r{ȇY!X2 S`:Mfh$~pM! 5T?FL *vDة'4dUCOUfⅿn%=goxi{]~ a%M]hd06N@Uƣ]y|\x(Z 2bFe4]Ej>id,Hc|Nm<`Vmb>.K*oB:ҡ+ڬd N $ڋz;(S516 Ax||Y/.N`Ȥ)Al)(ſOрAd%zF5.=丶%Ԛ? "@-΂F>"#nZm+!# :F|x,ZK3:m~j2 ~.GM6;./|,N2FsrW2'HrF3OF1s Je f׮P(ӡ^ T4 bP,3CŨ,CXΤ Z;(ȪR\N9|U]x. RҺ!e+W"솤P^*xIkWsMݴ+$e^ dchx޵'kvkm74ST?2a3KH '(do-f'ml۱g}$dt@R! y\@(𨁛nBMz0?M(ɋڱ̟giO @@g`.?ʥV]x2mpձʦ: M}3fL̸ڑ2^koQ4iULoEF{F!sT*^Jpd(F DHRN@~u#G*YaF(5:JXywАߵAw"F5\tO>c%`A*ϑꜫ> ׁV;S9[9lWg '؊ӯz`\FZ)[us=neۢo'sVGfJF_ШU@x)6Rb֒+ !G%>{NtL(_&W&Lm`Xo%xJe2*ņWܮ69 ̛ᬣt*+K)ZT)`x'C8GkOh`:AUj+M.kϖT0$`G(4ߍ /qټsu)2k"_(KBRZFlR˹2'^[Z1\ˎ73o6!i=O<+J 0'9UE~/\>D8Y4bx OopGT<" N8nEysP%OCm9ъ?UYQ qps $R$s1f(z0o~QC{!4aW\׮N#"G03(9E% MsE'~`kjDhF]ryD2}`ͪd2PÜ 5_({\E۽-#xǼy:dW^IO  (ox+O?Wܪ EWx ^i9.[ 춼2!qB(>BA pju}To^7|@Xe{PdXB- E)҉ -Vsֵn}0g=]YJhzx'-M"_1rfHcwzOo2;tJJ`uB,Jgcp uķ4تCAk# U7kp΅# 26kǢƿjxm z S7* 琪,N@9z6C Ti7\椣k2U3ψKw9TM|GUvb$l#hoiu~.!N j 60+lG92骾@{} <{'Sg咘 c% }RTNVhDmOE-U{gUlч>K =r'ZTvf,aАZKЫEQR;vܣn,vaS}Eܡ_^R1|ã/8 ΎCD9czM=0iW 7h6`T?-4<Y׹zD;UEsX6˓ێPl6l[ O%!e`lIPKGW@sͦx}㯞M}H1v8y$Ѝ-V|W T\6' L^ GX"ieI 3ø6V4;]}DYQz;u,2a w1 Ԏ7\/aQK}1|M Ofdk{:/xT?F^4huGE 8'Vz_}Z+c:&\f,_Z__[_pأ9>0lX¾ wM2mϵ Vևӽ(V/x8dci􆎘<:$6TϞ҉@v*>$^\e1nJZ ]3X iœd) у,ׄwon:c5@pӾO+lPL7=J^8 {Zwx_ ,k~ţC_,T[0:zӛZĔT#wk,H)q6nK K-h#GdĨj/ZAK 0w{i/J?'sYbBS<)@r,[i{݋;Aњ`˲DX˞R"l!i_h*X1Iu>\)7mS xrږr?G8pa{a誙/" wih]np _ \r,S @2R1"wr&3)bVнZ܋(z]J/iE%P{|)Cz- 2߳ILSeúלYI@4ʵ|fy%2ɷ)n}VP|=@*QLcY]f *'ëD$^ (tSe9>ILW (/I[qA_uȥ5fwqPd Xj-sLƗ-`Zxw{@ ɞZB!Ke_zp@l]$IXd&˳R$T.\MApR6G0'AlJ '1u9YV>!Cդ]ݠ޲I~´c(;6l:3o %l 3D6*X:U%FvPK%P_%Uܼg}|_ޓ.MZ&߂麉#`f~B4-O "yC'ҏatKk~e1ȏu-Lbϡ61 38;:4ʛ|E@Yt'nG՜#^yS/&cjsߐfSo@&RQBt sMBҭ631DŨ˽ Z 0l/EFeӝoiùbj[ª /"^M.Wd˳<$!cь8$ك#pИ7Il2S=aRZ?o],FBj1QF Ug%]m'=%_{I]IO_ iQڿዊ׋\H)YeLd ܜ&sqdgM _ w8ZeIovv:0nc9FO $bib;E1F4JBbhEM뱊_GѧQx%~y+Ii5 !%Qe1asI vt# Сlrُ%gUkbZЅpZ (w3;!w2pXϬj/V3kR|$Oh4vn"!MJ$'d |\` $je9F|ſ w;xF1mJ͐ 1^ߙ9p BﳘT)QfmzE*gr!;aI(VYBb ] "xM5dZ`nƉ2*FVdl%dZ΄SqleIqft!tw[mLՔDa!K+,Aҏh]<+MDc4q&r7 Qi˃H{` ld1Ihm^H~jKg(7r9]!s6h"MFAXm^?륕IAy\L8E?TF3U 0_8ٺH%{ST&#n:WS!Mڐ,Cq5Dߠ3x{ PHmڂ$7_sn%~IsE#aQh !4BC)׊'N1 z~v{Xʥi>]dOb|q+@&g2siP k=2\Gf;_RZ{ fI!PZ߈D$6xn2#SAC4Cz z)>bsBF{C/59S]-/p:Su`m2mA@v J ϡ2*C5Ɇ1債 p!fJ#Ʌr*u ,Ej jG5f^yp݉xI9yv^媰Svnvg _lOڠ< zFYEv(޵OWOM$m [fgDF.o Ҩ.7܀ޡ(InYZ7 _'u8)w{x $aX yqZ~CJ-(х9reCs1,f!4,H3Wu4E9%kl}aMf]T@5n*PKQ%l;9:}Fhn;6}H2#A5TЕ".׶K=9<ئ25AR9~JJ(51'p=.ҼDQ Ws=67JK+S1wD|v!4-p%f4A_j})՟GLQi}J o|V]n ިUm*v0:SܒX a˞U.F ;^msa-.=cYS(R桧dLZfkN׏'^4Xz" =/w%Wtf4EҼCZ%6+brLl(!BO}-Rb_hɁz;Eܣ mEԀ'SD )6Fց2iHn:>' P9Fi oO+,GR~_>ً1D&W^> 8i hv6QR$Q%UNy$jw H8r.h7.}vӵ-t(1Gmx}_B6?5R3MWSbv=.{ըzYRĬN=d}G> ,AGPLKh`#,4MWd>-{Ʀ cZ5ļZu^SD 鐚'bߢ_Q@L(m'Ide xy e{]!a5ND 23qGK[~1`s,T W;aNßaS26:z6tLl쑵mNqSϯ=V\q^;z'quTU]_ ' 8k%җԽ"'79=sV/YGXRkbBomN$yd}-{;|̇Bm>F8Mc؉fdNyaS^!4w 3(7.FҠxɝ{TGqSFvϳizpyl@1lnݍiz._z85((@u' 1äus}#I`Нrc%d~"XLe8E{>)FQ:docl?( Ί2F2x SY=j oxAuh"%#coNl?Ry.)rwi/T]i?4`BMNm<iCysKOqLDɚcn %2ؤf\3s!S{mI`h!iCroΨmx7Վy8b2`-Fd6t4Xm ` cPA?s3mI>l'.X5&vRx ߠ/e1>h8KQ9|d`"SB9\NHJU~s$mj"I v`]x&\)s V8i?'-bnhH^$Ӻm |~D3 IIf8c0ON5ahf"5\0 Hx|Y|o]D(VfglfFcơB":A_ml2z_PКq+)m+@/4- }7 GRc~ BWDRӣDfQ ezfmtSЮY9S47R^nFfѰj%hX)%UT2)PZ@?i&l>$lc#)n(񇈼g>XiV=lejq~&w=\YgBm3<ǟUvsM-P19;@u)bi*QiLj>GZQn0FyWYo( YZ