apparmor-abstractions-2.12.2-lp151.3.2 >  A \/=„l$$M*rk/’ 9a]3id#nsh|YT?[T$U\oʘ~َ +zPExǤs*85`UR{_!K&ݢ?W>SE[>ZRq ;3~K?kV+c`c%>Ý8L6GiagL_*RK L^~BE;}D+N&YBcUǎ5Jۙ=h10eb283521f4b46e0c1fc5d8cd82b7fe4861f6bfcc3f7d6b87de4e21a1bed77a7a202462b8815b7caf3f7c1941fb97458b396f59(\/=„Z[\77Y Kuهk!gSf54j^6>s4 r`.f$HG +TW} v"ْ.Akg` Š1o## Vqf 2Rq#iΚ_\-[sh(_ M>VONcU֜3]f?(Ř $; j:b>&?K,\Zc\Ge7?IfpX>p=p?`d ) W * DZy{{ { { { %{ &{'{*S{,,{..//(/8/<90<:5<>FG{H{I{X8Y@\d{]P{^ bcjdeflu{vz\Capparmor-abstractions2.12.2lp151.3.2AppArmor abstractions and directory structureAppArmor abstractions (common parts used in various profiles) and the /etc/apparmor.d/ directory structure. AppArmor is a file and network mandatory access control mechanism. AppArmor confines processes to the resources allowed by the systems administrator and can constrain the scope of potential security vulnerabilities. This package is part of a suite of tools that used to be named SubDomain.\mlamb58RopenSUSE Leap 15.1openSUSEGPL-2.0 AND LGPL-2.1+https://bugs.opensuse.orgProductivity/Securityhttps://launchpad.net/apparmorlinuxnoarch#restart_on_update apparmor - but non-broken (bnc#853019) systemctl is-active -q apparmor && systemctl reload apparmor ||:pQR42Qv}~2 d$)OQ   ]hiR > nDN^cYS FW lEy`DIspx$zowzdAA큤A큤A큤AAA큤A큤A큤A큤\F\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\>\?\?\>\?\?\?\?\?\?\>\?\?\?\?\?\>\?\>\?\?d144174bbfea179784dc23fc68320158a8e0bc1a21d5b2d220d90dc0b6a7ba89a0a70aed7ec618eff6f91d8c536c9476bc4fa54a9d6d6fcf1d1e856c4205e9d4ebbcf81c9bbe73dfce2d50a43d31644446ef3c6f63b6ee555aa3bdd1f3afc3f2269a0c2b6f7d113f66e4b93b20e373d6cb3927cbd6a8646a6ab0ce28721c3dbf1659fc6e88cf1eb5ab1cc6e9f9f442607180c7aa11e153fc8dbe8b650f693bd4da34239e72f0e33e03bb44afda6b4d051551f88cfea9655bbe78e9960589930b836c912b260e71403d3b61ca25ffbf12a42462511f1dd0da1d1a51d73f777ff52f2b9b155fc5187fc919c00cad8f3594d08385888cc5e923e224786c4aee79f8b7d979db39fe97a09b46eafdc255c8b13eca5264575aa0c89ae26b52c587badc76655e92bc18f17f050ac218fba0cdc2de6d9b43069ef9a4f3159268cc8d531cf791398d72051f91a1cfcf98e6057c0c2f522218b5abb1d93d1cc06a65914ca7dbbc0312ef9f6e51e182777262dda336c0724c177a22716627d4b8a3a5ff7a0f6243625ec7d59bf1b5e026919ab955ffce80e6dd2930cfca0fdccb1e7262238e2f89f233ed63535fed305b05d8afd633948e30225c1320745656fbe59df4bcc03d48b8bc35e9323eaa5021c9a7daa78db1abcebda723c32b47f13652f3739a85eb8e6ae8ec37e2b184892f932126fa2c8b9c27cba66df7c07057be4321952f379a66de2fd2769fd2a46bc3561a79a6b21687cc7c80fe3d5419bd6c1e1d2688bfedc22bb2e548223e8bcf71c5a0ac46c71888ac7306f261b0479716465243a4f6f631e430031e05091139c9dd5a1699948274021a47d306bcbea3e6b5064844c48a776318a8a210c3c65638725de785fd65192cae0d484630efe167be45b38e2d1e4fc596a1c4a321f07b1d32f7d17b7fea22cc93b10b58f0138749ad9b3497dc58d04a189a336982c768aed85c7498cc044d38a4dc7cc2a4d787b0a06e7cb69096a3cbe159fbfe55e2a9275ad5879efd71847a7015b916ff10013d22ce87c0c8923f6127154b634ec13a4c428e724f0dc4cc50eea2d486753833444ee26b0e967344c9e679d9b4030766bcbfbafc6878cbdebc28e4a607129ad1c966f1d4172d39b9fffea2df3c3ce9886b81884d94d77e71df4b1ba2915fe32a08d4a53e87e4147e2f4acae952f717cc8607ee9ab7c14f318dc166bea803c5a7bd8e83c8b0d8b2fa0e5172ba650afd276244f66db309e01c353a35b749486f2c2220bae51998764fa2a3f644b908053978b37394f9ac5016dea51b52e24475de3230e761434be34ef823be38d74e1e2b6c412fb4c6dc9a78d2e20c7e04f12ec456db520e8f18adab2667e0f7109f82a83dc2d0881f65fb91c79d3435ae3367c33e07ed83aa2381a8c6002da4e622c3c58e24f172071bfc165a39712e6cfde04d9ee739d86d4b361542e0f4dfd83d61d8514a75a244f3550dfc9016adcffaaccd60ee551627030dc89202341465b0f818d7f99bfdf798b9b0b4de65a139d68fb09c7de8899477a17500e3bed30e2bff8d47bde1611a97b934250b50afd210ace375c30269349e0031c44351d9800811671aa8710eda7f55a5ec9ce676fddb3371daf4a7bdaf42048243eff22f6b82cce3988ece66ec1e1fbecfaa619414d9e2cf10d8e7e2615a9f8ab4cb7bd5d0935753686c2c32fc866ebd7286afc954263111b557344138ca778ff73c4903b6340541c599bbe7fd7b985b26de1b793a31587b8d829b1f7f8b03cea75dba91cf43001c95c78d2b7ae8094a20483db0df3dfc772dbcfedcd3b3be314b453e880458da0fd6cc02c3c5eac22c4f49b085a884a76a3963aefde6393df122eef2bfb7870a61c6fdaadbc2eb364ed3e385ef439a02fd70c14779c4184491a7c29ec2bd10a8ba442a34c0a09257d610af318801450882907cc7d04cdacdb1533095cc4757f9d09f4a8a92454bc129ac66c069f0ffd0b661d5dadbcf111587f7bce4cc94b57acac72e9b2a0166baa313efcfb32334370ddb5ad022186e3b3d8f3c89652b0221e4c90ef2a9b351967e8092852d37f7b3c3690333944b5aff5e0676c2516c3ddd371ee17f476e6aadcd36b7ac15831039fa35c644a08bcf2e6c8ca50f8b8ad0699188de039837b1c9af4f922a77ac1db23554410d0068fdd9b724ac204a0eb017c6dbec1276d7ac62d3d5162d3caa6d85821784b7e4fcbd561bac91f88ddcd213465c12d037fbfb75b1bc16c9e8621dece1e84e9e3aa0a88e33ebf55cefa778cbd6994727434be5652b1b841f666c1be96bdd60303ac433720054b9729e73da5bc64be996f339fc697af4315f3f6b057a29616bdcd1adb278d5679ca5be3526d828372eceb5596ed44a9adcb58777ad7eab76f58bde8763c1aa01f3b56b2eea7abd8556437d6b930558147b41583035c11437f1d83b9c1e8f26c024e2d6c611c8b06e1bf10bd81d92c578a1db79b706b5d16ab4684cd9723b34e1321aa09d96f3a1c0abaf256911f4fe1494b5e7fab1520c90d09175d9337d565b1ce37e3a2bcfc2195fba7cc62fd616cf0bc32ec45b976e095703d23923740cd6fa9954230505b33f2b62ed2570b1903d128e726ee9af859d131875596ef9ef4ee6b4677e4ad053b89fdded0ef5201d5f87aa4b7a385c1c2057a0fffceadce844bc4d3646041d3691dfcfab9554cc1320d113c710079ccd25cec195410ac95ea2b01f04e40001c121fb7412958df9775d03810968c9ed9a390aa9cc961ba9946443b5130aba13201a5531c798db6f6144da11caad66a36fe70853639a4e9dbab5524f1cbbb8a2eb7f8224ce26d3a50673476f0118574bf23f8563296b585ab9187ce7a5fd02455f295b637b164efa12ab8a6f8c6953c4ef94d95929cc0ecf51d0ad55a48d24b777dec6c7bd377c7b8f8b3a5eb38b99ea23e15e84df970704ae0e2efb6e3d501cb8e41ef6432fbbc257482f4c1c157b5221f9716a16253b3eb319054e8eb1fba28afd90084fa9cfd9fd9d8824556ae3f1d070af40d2c873a93d5eef98112f1f0d5eb32fc17bfe295c8d06601253dad5c0377148d48d6939ebae7f4734697b95b830e3cf9b544ddb0d31ee3dc821010a121607af3038c926d1e14218a0e429d6dc5d57128b5294ae88927bf1216fec3145021ac48992f5ee6f0f984f938c3ca3a384a408b2f91241a424af4c39b56d49235e6418fd504ef7b7a4c2026b7a364eb5a04755dced1643c57a7d5954305ee1e005c9a67800c45ad4141a55fde78ecd48d5fb8c50802094a1f8ec654c1e78ff8ca1ef5ba53d9da9b21a8a8fc96d42ffd680f74ca5ed2aa85d81e36a13b42a7d873b2cb4750b4adda32c2dccaa8f8194cc74d46d822357e15b10511c98cd94f31e3741999edde7ab0b60f00933ff96e863fac67426b72d79e3cbfd16bc77e7c5100b4c36d0b67c7f55f735a1dc8a6f08036325056fbe099e22144d0b4f3d123b0612a3ac03cff9f2eb9a31afc48ffa96929c8e724356b436c6f42cbce5f8c3ebb5654140bb0a399e1c18deda6d78d60e4494976a6d40fb27f87bd846dd9f8f7168903c0bdeb9e79519d4080ace51d5843bf1fbd512dbf96b983904d6a6c74786abcb06a393586dd663c0df40f37671aa54e40718715d3864174a223949c895ff8612105c74590e967e655f4069c86eda3ea8e865db38c107db01e59ee03b20dba7d998231c57d8b5b603ff1ac4a8b1d4dfe27eab76fc093a121cb47ec4bd7e163c3974ce58aa108d5d0f742caf52d48c31139d34d9955e8f64395995f5f7d9adb7efd0f40e00005bcd2c7e292556980373c235e4c7fe8aa165def311d1e07fd7d39037a4f64fe6b800df85bd131ac388c1a92213399ed489a7664e75abd83993d13da2ac1e3e4e7da28d019f0010e9a3e7c17b68f6bc7add313047dec835de109d0d8f750992466f40cf832d20a647b2dbf5187deab3a72e16a475ec173811c72ce393c960d264bc103c4d1555ab1155ce92ba3a35d9e7b73fbb004bcde63a9c313a8c13b636abcb02e360f6530dad12975c51c6b01a7027fd15ac2fa9cee97a684911981481b100e4cfb813af6a2cca1500b35ccfd1e8dc64923e558b37035a8ac1c95199dc4347eaa0a71b863e802cdb19ab2925631aeca1b30af509967168028b93f8389dfbcef41cacabe6e1dd101ea954da42a3bdfd4876099f2e6ebdd081d8733a2d2c83ebb85b49a632e5abc19139d1cd4a50402bf2dc83960f0a70c3b23178680c222962a4d228bfe5965c7ca3e39416c16309120c8fbb80abbe0a7da6a355c3a3fc6391a139703b709ddc8657f980d445d73abb9c66c3faeca85b93665a2594eb74898e089f792a83e6431c2104ec425e6196af7973f9463e7b36cb77d4db1a8e43b6705b8399e4b39b33138e3db3d18bb5a0b292b7928ffa5affb05b9b1355109e6d2f2787a21e0bf4a35a60ef853be4b0903780c220157398760b4e2bd39e55d051cb4fe2ee6db0143ac86e11783b766070a6e1fbd6e947abe42a86225e228b99f6eb6bf60549dc0ff14a67b7a8e1449697886ef5592e276656bdc8f3dec78755cc3bcd2d22615b91093385709b96ade57e4f9eb78c0d1752b2a8ec6e28354b543e8a19faa9b293f7a09370713d27a525612326cff6268ebcc6a21fc469f5cd46047af6f9d209f8015196f2e391ea02debcebecbf8022ececfee3a08e3973c3bb06d4d8b00539df6ef85035d475ccbb6aafbb88d4f2b5ca0e218aaf44dfa99b3c964ec7f9e28e94d9feaec30cbd38c5c067faef858fc75a15f0bb9f66a5af6e7ab8bc731ad52936633b9a0c738605a2a08aad2357df91ca8fbe3bd2c3427d7aac240bf61ec4278709d2ff0f5cd475805497cecedbee49450c218ff3f65e6a8b236254c30442e78fe6acc423dd26bf319230cfbf45481fca564c75968e4becbb5da4594c53660da20944a658a8a42984ef26c302767022864f80a0f53525ae60eb1c4b386ef113b736b14319fa1aad4f0b09f367147121072dd1ad354e528a16a588c5d270ef24f5749791fb2c961d230fb0119daf395b7462f375a21bfbfa380342cfd9705b1ab368e32f4cce94f2242c6947b8624985b9c6de2ab4ee01b398dc4703rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootapparmor-2.12.2-lp151.3.2.src.rpmapparmor-abstractionsconfig(apparmor-abstractions)    /bin/shapparmor-parser(CAP_SYSLOG)config(apparmor-abstractions)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.12.2-lp151.3.23.0.4-14.6.0-14.0-15.2-14.14.1\@\\v{\k\4\1\,\\[/[ZZ3@ZWQZN@Z@@ZZ@Y|YY{YǞ@Y@Yh@Yf@X[X~@X@X*XX6@XAXtX @Ww@W/@WDB@W@V @Ue@UU@UU~@U:0@U0U*^@UTgT!TܕTC@T6TT@T5ThTeT_W@TBV@Goldwyn Rodrigues Goldwyn Rodrigues rgoldwyn@suse.comrgoldwyn@suse.comrgoldwyn@suse.comChristian Boltz Christian Boltz mt@suse.deChristian Boltz Christian Boltz Petr Vorel rgoldwyn@suse.comrgoldwyn@suse.comkukuk@suse.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.dergoldwyn@suse.comsuse-beta@cboltz.desuse-beta@cboltz.dergoldwyn@suse.comcoolo@suse.comjmatejek@suse.comsuse-beta@cboltz.dergoldwyn@suse.comsuse-beta@cboltz.dekukuk@suse.comjmatejek@suse.comsuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decrrodriguez@opensuse.orgrguenther@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decbosdonnat@suse.comopensuse@cboltz.demeissner@suse.comopensuse@cboltz.dedimstar@opensuse.orgLed opensuse@cboltz.de- dovecot-align-pop3-managesieve-login-to-imap-login.patch allow network access and notify file creation/access (bsc#1120279)- identd-include-proc-tcp.patch: add /proc/pid/tcp readable (bsc#1125439)- add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)- Start apparmor after filesystem remount (bsc#1123820)- apparmor-lessopen-profile.patch: Change of path of rpm in lessopen.sh (boo#1082956, boo#1117354)- add apparmor-lessopen-nfs-workaround.diff: allow network access in lessopen.sh for reading files on NFS (workaround for boo#1119937 / lp#1784499)- add profile_filename_cornercase.diff: drop check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (boo#1120472)- netconfig: write resolv.conf to /run with link to /etc (fate#325872, boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]- update to AppArmor 2.12.2 - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (boo#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2 for the detailed upstream changelog- update to AppArmor 2.12.1 - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - add support for conditional includes ("include if exists") - ignore "abi" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including boo#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1 for detailed upstream release notes - remove upstream(ed) patches: - parser-write-cache-warn-only.diff - disable-cache-on-ro-fs.diff - add-dovecot-stats.patch - set-flags-for-profiles-represented-by-glob.patch - fix-regression-in-set-flags.patch - fix-samba-profiles.patch - dnsmasq-Add-permission-to-open-log-files.patch - refresh apparmor-enable-profile-cache.diff and apparmor-samba-include-permissions-for-shares.diff- Backport dnsmasq fix: 025c7dc6 ("dnsmasq: Add permission to open log files") dnsmasq-Add-permission-to-open-log-files.patch (bsc#1111345)- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099)- Set flags for profiles represented by glob set-flags-for-profiles-represented-by-glob.patch (bsc#1086154) fix-regression-in-set-flags.patch - Add dovecot stats in dovecot profiles add-dovecot-stats.patch (bsc#1089787)- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429)- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429) - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests" to avoid pulling in several Gnome packages on servers (boo#1067477)- update to AppArmor 2.12 - add support for 'owner' rules in aa-logprof and aa-genprof - add support for includes with absolute path in aa-logprof etc. (lp#1733700) - update aa-decode to also decode PROCTITLE (lp#1736841) - several profile and abstraction updates, including boo#1069470 - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12 for the detailed upstream changelog - drop upstreamed patches: - read_inactive_profile-exactly-once.patch - utils-fix-sorted-save_profiles-regression.diff - lessopen profile: change all 'rix' rules to 'mrix' - add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems- update to AppArmor 2.11.95 aka 2.12 beta1 - add JSON interface to aa-logprof and aa-genprof (used by YaST) - drop old YaST interface code - update audio, base and nameservice abstractions - allow @{pid} to match 7-digit pids - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95 for the detailed upstream changelog - drop upstreamed patches - apparmor-yast-cleanup.patch - apparmor-json-support.patch - nameservice-libtirpc.diff - drop obsolete perl modules (YaST no longer needs them) - drop patches that were only needed by the obsolete perl modules: - apparmor-utils-string-split - apparmor-abstractions-no-multiline.diff - drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in apparmor_parser - refresh utils-fix-sorted-save_profiles-regression.diff - add aa-teardown (new script to unload all profiles) - make ExecStop in apparmor.service a no-op (workaround for a systemd restriction, see boo#996520 and boo#853019 for details) - lessopen profile: allow capability dac_read_search and dac_override, allow groff to execute several helpers (boo#1065388)- read_inactive_profile-exactly-once.patch (bsc#1069346) Perform reading of inactive profiles exactly once.- update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of 'unix' rules (will be supported in kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog - remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff - refresh apparmor-yast-cleanup.patch - add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the "changed profiles" list in aa-logprof- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)- profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195)- add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26- do not require exact X.Y version of "python3" - require also matching python(abi) which is arguably more important- don't rely on implementation details for reload in %post- add JSON support. Required for FATE#323380. (apparmor-yast-cleanup.patch, apparmor-json-support.patch)- add upstream-changes-r3629..3648.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - update nvidia abstraction for newer nvidia drivers - don't enforce ordering of dbus rule attributes in utils (lp#1628286) - add --parser, --base and --Include option to aa-easyprof to allow non-standard paths (useful for tests) (lp#1521031) - move initialization code in apparmor.aa to init_aa(). This allows to run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser don't exist. - several improvements in the utils tests - drop upstreamed python3-drop-re-locale.patch - no longer delete/skip some of the utils tests (to allow this, add parser-tests-dbus-duplicated-conditionals.diff) - add var.mount dependeny to apparmor.service (boo#1016259#c34)- Cleanup spec file: - don't use insserv if we afterwards call systemd, this can have bad side effects - remove dead code - remove now obsolete 'distro' checks - Replace init.d script with new wrapper working with systemd- add python3-drop-re-locale.patch: remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766)- add upstream-changes-r3616..3628.diff: - update abstractions/base, abstractions/apache2-common and dovecot profiles - merge ask_the_questions() of aa-logprof and aa-mergeprof - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor - adjust deleting the cache in profiles %post to the new cache location - silence errors when deleting the cache (boo#976914)- split libapparmor into separate spec to get rid of build loop involving mariadb, systemd, apparmor, libapr and mariadb again (see the discussion in SR 448871 for details)- update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog - patches: - add sshd-profile-drop-local-include-r3615.diff to fix 'make check' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff - spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren't used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed'ing python3 into aa-* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in logparser.py - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition) - add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)- only install apparmor.service for openSUSE > 13.2- Add a native systemd unit which *at the moment* only wraps/masks the early boot script.- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage - drop upstreamed dnsmasq-profile-fixes.patch - update expired GPG key- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes - refresh dnsmasq-profile-fixes.patch- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- fix bashism in post script- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don't warn about rules not supported by the kernel - fix logging of "audit capability" (lp#1378091) - add support for the "hat" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 - update apparmor-abstractions-no-multiline.diff - remove upstreamed apparmor-profiles-ntpd-pid-location.diff/bin/shlamb58 1556412781  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{2.12.2-lp151.3.22.12.2-lp151.3.2apparmor.dabstractionsXapache2-commonapparmor_apichange_profileexaminefind_mountpointintrospectis_enabledaspellaudioauthenticationbasebashconsolescups-clientdbusdbus-accessibilitydbus-accessibility-strictdbus-sessiondbus-session-strictdbus-strictdconfdovecot-commonenchantfcitxfcitx-strictfontsfreedesktop.orggnomegnupgibuskdekerberosclientldapclientlibpam-systemdlikewisemdnsmirmozcmysqlnameservicenisnvidiaopensslorbit2p11-kitperlphpphp5postfix-commonprivate-filesprivate-files-strictpythonqt5qt5-compose-cache-writeqt5-settings-writerubysambasmbpassssl_certsssl_keyssvn-repositoriesubuntu-bittorrent-clientsubuntu-browsersubuntu-browsers.djavakdemailtomultimediaplugins-commonproductivitytext-editorsubuntu-integrationubuntu-integration-xuluser-filesubuntu-console-browsersubuntu-console-emailubuntu-emailubuntu-feed-readersubuntu-gnome-terminalubuntu-helpersubuntu-konsoleubuntu-media-playersubuntu-unity7-baseubuntu-unity7-launcherubuntu-unity7-messagingubuntu-xtermuser-downloaduser-mailuser-manpagesuser-tmpuser-writevideovulkanwaylandweb-datawinbindwutmpxadxdg-desktopdisablelocaltunablesaliasapparmorfsdovecotglobalhomehome.dsite.localkernelvarsmultiarchmultiarch.dsite.localntpdprocsecurityfssysxdg-user-dirsxdg-user-dirs.dsite.local/etc//etc/apparmor.d//etc/apparmor.d/abstractions//etc/apparmor.d/abstractions/apparmor_api//etc/apparmor.d/abstractions/ubuntu-browsers.d//etc/apparmor.d/tunables//etc/apparmor.d/tunables/home.d//etc/apparmor.d/tunables/multiarch.d//etc/apparmor.d/tunables/xdg-user-dirs.d/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.1/standard/f1d5c8f14a43b2ac898d50d4a052dea3-apparmorcpioxz5x86_64-suse-linuxdirectoryASCII textC source, ASCII text6U ((N#utf-868d2184f8ea3ba5936f2e29e0d6d3de4d4b64a0a691b9d72fb2a31806324ba56?07zXZ !t/WP}] crt:bLL "!8IM @4Iw&,Sm%8B7)x$-OYgj0)|72ƭ?`W,įd^W&FPSyaZ#v .;,Met}Rx2 ݖ:͑+AfEw~H?c,rڳl枻Q]B<: >8 > [ۮiQvݍ[O0zs1݌t(\+|!0)+Kvn3jrj/|޴8 ʴ eɟjàƠJINA6^%Xx5,CmgcR+pI55kYj؉^~c: +ή Zchǔν1q""$`vg[YWQHD+ުM~c*vi 5GzUklS5|xb4\87 ^K $ j_x.fv-EsўqetmYR ;uŝA"'<( '&Jy$KbzB p{'u lb˄-C{@ZeU|e;52g\l@2ɏy 6X܄(*}f 9'W^,h k>c{K̪$MDW7-r\u ! XܑJƵ)ɣrL@Y)eVu]WGc__Ŗޛ'%O dZޛ{3v"Y4{A%'T&(G"ۦL(6]hP

jnN7^1M;uv֦8PC؄gjOkݾ]r\ Dɉ'-#G Kwr:$GQ8 TFor4LǸZUd;jX㐔s"yxSݔR&yw)أWotK;'Ρ-{x[:&>=9i٦< s*XǼ2G'Hb9~ڇQFp, 1{j;,$W!_u? 3 p x8N._[̽n (*, sx$PJ*TlfcqNSE\ΣcŁ} 2y%mLd#:V jDU_M^8L+A̤ {? ))X Z %I%^{.\*y!*RDEAdэ?X]_CD27:bMcȸWc.7zƆ@4Ek };~(M+eվȻB*bx{&?tQrOQ8ujtwn}/ЍݏYV2؂>W aZJE5^ ϐqj<)#;== Mɉ4i7Ќ)|8ghO+Owr'O$}|hJb!`26ӎ006 v"@?qcKŔB,l&{ykblP=76orPA];#HB8Mx/x1Σ^.Mͣ'Jx=`cd*x+,Hp,+tl|8_|sCɐ̦dI҄ SU)sN'W;QϤ't#nu=M.u`OTX: koH^7ڿ?{o=HԉdD|* DH_ S!3?-}#XN'"%m66z͇{g!KB<hkXof}u ) '}sJh}q<2bu;X5]F7YbY3[۔VHF>(7tM`=0hNn_u&8bv2|[*N4-y"rb"ͤgerLz)d"wBGE0,+f":,AR8Fh*fMsB/Rsc%\g@M܆ɚLT8j[w\Ğ=>0!50'dd$'z1' ,0E~TAM^r k {z #k_rr=J$Gz?o}Iu)5TQY!{eWL)ҫw{C@;IZ mؖN3u$XdNgQv(p}nԼ#qfbq->ꉫh/TR58@]:~Uy>=V"_1(}B3w^jJRaԺRi]eR.eG|cfY9PnJ@N#n44vG\èy{0ӇSX>iQ*z=iY+lo_y׃tEyKAd_qѡXzl`+ yi ig#i1ӷ;$5-"/&yOI FMd (^vSzV|}:J&OsMHB H{)^Nw!Œ$P ϤVլlfi^|׋"4Ω[{pF;jƌ5W`KL㼐U;4W Ko t5Fqc?+ڢ e7`ᅝQ?t̅gstk I-7hXAvsfrh /O ͦUE$|i*pp- {7鸶12y tJ6Z.9,2Њ[5> - Dq0u(*}<ڞRLיE=Dg̮ߙc'a[Z$K ([mdf2k Pt5"X;ηgy>=OxK]W= iX+GJd 1mp鏮ee@×z68gH%DUt̐_Qw{VCZ%;fbҝGg ˅kJ HAa%}A\P:k^ )/)Pӥ+fܩBe  _0a$3w11@b.rS@\nauWXF5PZ!o%NnWLwĻc;r>`O:E`yce4W{ݜ.߃n8o,!#⯳[q6`Z6 NXMO/}|yChH2nɋA.態+An# hδv!OzcFO"hHQ; \{ci^fSkк x:Rbߡgڐ̪\]'u Ĭ٬'c&|)WyvL.53+!f)وփ0r7}7lh˦du_nD`lc[waoDL*P-KmTgR;~ [,դ/%qQc#kŜ[H <B r;KԇXdr+&+Er<(.m܄`-mËJ`ҷW&>ڒxTS)aKBԡioVԭD%VJK(Mҏ5A_εP$d[vP[ &W몺{PzA} Qxj,\uKE`' ةo5eswOccfM)焄OB6TP(e;v#9,X"JN9ӬE ɝl@}Lb?D8i¯{}B'9CˮJTbޫϮؙ@dܒ&>lІ'&cqSoفO]Rgnp' 2tYSmX Cg 2K[Aj'@p23B@\Qby'ot Wr.-rX7(;8$Տپ@V~}8x-, N2ޟ3"NZ.jgǥՆ] o B]袟f[g ˉzOcgߵضg0w`u*& Qfz;Aʃ{G¨KuiSiBFVN"k,wsue S,IaLʙbmW]oS2 087!Q񡶈Ԑ-MWq@C4 Es b0 XX)~@`}^#њA&3dxO|Xd<9պq{R'B Cmebȅzjj{;|V V8@L:@n o#$k(:ePc;KcYC@kTiqhZ>Pm \VBkDOICp9e, ji):4R9wRG8Df;T'.Ne:Mc*Vm1CuxWMgw\I>Nj:V",p<5c6EYAYrO%&Hg2b]`76C=|UCl{k> @]_N ^6Y#SJ(Jc/^"cD']0߷fYD$7k> z`kͻ$@8OMF@%%&(pp-]H~by!;0ObkdHn<,#iMq@06㔢ﰶC |5yBL]*j(zwQp 2).iUd^fH>Iyc睘I3AfIO2zKWQ@BKAA9UOwOrED"ӟvuyw#qhpوt4+Xi`ҬZݕdﲣ|؋ʳ (X_.AS[Y8ozfJ󛿨.V"0UfĮճ%͋~iT"ݳE'M68<3>Zuvz^Sf ;'hRj hMN^0>2cd &ZF2S#,ޝ71xc YF'm*̍Ver;#RR.BsV07 ΔR5Q 0(5'LM]L~ 0' !/˿%jcsc,S9t@Rzoِ{:^žxF*5:bDCx^{^sr8)g.$>c |wxq UvͶZrǧjX`6uW'?|- ԩ%g{59Iltl7>.`DNdm*<@̠)4rE>Dr17dJA\Q𢓑Ks r6D8#(~Ïa"WRbԊi~Zq2%gᄋ3Qd< ^\I)W=mQ֧h =Ց*KM ܘ"J̜fGI`013}J.fM $rT;Y;&i8j=,KKcb`ֲ"ə8/'fqPꡉT= mS\YoMT>TX 0UYZ]; XW3p0;r:cK=v#.Jr]=[eú)S}KQF[t:3_$Xn.޵K+?(SHҝ\+d!* ~ߊE-q:$P _эGwx5S-q Vy-[ 9-۾(xuQ iQٚ"*i\ׅDd?hRkr̎ D[s,=ݰ, ǍcS3ӟ8qfxݢ " -T6 ؂[,e*օ1ia/ppMlƏ fށ YyOF\ -ijt}qҒ.[^{tJ- +9IDO?ߟA$/=j.00 ƽaDEF45P ֐'笊73* _H˛Zì~7,IAR\<׈Uro$Z&Oo"m#1 *Xz-_ H %oP8BlD4(8HO5CwGy$w.8Y?y} 6Δl,JԹl\\ԧ2HݗPi(K,js$'jC= t[]t9f  BeY `RK?c{n"$A ^8զC&$;0|t) ޵G5^znl !{R @ {~RhX\mŝL=tseO) ["- ܷ;d&&|OA(>lZK!o;(@|{jWɀ|,w:LKQ_G5 g;k#1޽9Tє硾hf%$aǂB:~h5$8<._;\\B[l%#DB9@ QWg8Cugы3c{1 =d ;yZuch5zh\~!k:bgi! GmהX eZHdomzM?_qeyU(b9zv,.9uo:;F'$dp( }u5Xi#<Ƴ9U)ep~HY-w~#B $`\J?Dt@U·]ƧC6:'yiC6i[5D֜cƒ,{v¦]! 38>E^/-3:iRvb|x6Lkp#_u喷CtVh=̀r?XY#(͗it5C 'lk=+4[)\GvIMr:߲*e2:+R2xvF"@AVX!Q]jY[ |I%s{@UZ5w9K\ @yp^#s& g܀V7?$}'V\xqι,]`]_x'P,r"FZ_ݜd`ap7Jӻ֤0w C|^ԟiBh%rHkPx0 a*,ѿjGI T3cɺ;FD,`̦xѿ(0'^ GllhBb=q•t಑ѿzqEJ}c*Y 351bwy$)\~^\-Lpi2H¢xe;4;Yؼ#_ټ9>PN aW.=/6paV q *6m=?N;'& _W5FZ؜&l{5T#1"Y"$AOȈW;$Ik,omߎ%s1Vinéi6dIbjŅ-u;kjs̘ՠ8<GS}^/* 'b&u͈˳/ n![0}(J CZ|POd{MZEfIfW1wCK6If.,2anMS엄dBb+oo`RDrƕZ F}zϤ&0 \kP&-JHǓLa9"oa0mLz*҂z\CxUo oJBN$k_[Q]\Y\2j|^_5e2ȿr5(ldqvƉ~:vw땥fJҝk8K"Q`XkXW}VE=l$G~k7;taJS,YCj83jN8É iAF';֡'# _+s}70[$̟[+9{:{ˆHN<;Z !`%w|S}q 6?AI8LM>P˽/\M vTNMy.7WP׶Iϩ5]vao!cwPByD -#7'?;](Br֋Y1K1#E\| ;ng V 5Y^t)nTL(?C&|VDc^v&h*pg.f~ۧ]:?Z_!g*ay)ȭiЏqu9%FZg@rQf)ؠ4 P"?5>峿e2D{?U[84WANcn3ՍT.X(qIYK?<ܸɇ6/R4[{ix[5=>4Dv ~GUyӟxKxbwpgN&D8fa1SR4A=^OB y$iTeʼn!@O g;سgBJ,\q٥HfNΑa3HJ>¨no@6W.U[}-Ջ!܎aAW:cQ<5JMՇ<"{[0Ľi_a?I|cP2#[-& p [M`U)"PzMk.u!0?A9 W]-acrMCd G?2=56&h&}~dd/\z#,H-ED's'gFO]h2\v6.HiV#1w[V`^BS&2his0{o$KU]v? ў[+d2pxx/nbn]&*rQnH=ZĬyFRqk=a?v SF랄ԞyX9VC-I/Iw?XȈv)!jxqB/oFoR & o6ҁ1d+GVJG$qUPpњ-3zF+={ր&BSp\")FF C9UH>:)wRۿNsjegnk{^3p5tE-wqу$425_`"V,ҿ.:B$$P%/N[ U"(_v4 ]eG6w: PU3j% jWiF^EZԵ@uҐA3w{w,VӃ_bPe* G#k0h+Ӂ3+;bC kйtYBM VﮏAQub9 B\+Ja ݹNtYnIcVݝKs$U+(o@ wjHc!^ A)46 z\MǢ#hkLڰ;0^ ʒ͝g}mnRA~‡WUbڷVwsߟގ\R[+`;Nՙv =*%=g[8Jk/saĤKe0MF = {ڿF/qOEI{1fH[{+me| IIݳȰjXSZrgż<"/rC;".kaA=I;GՒ+g68xa;.#![3:xXA:l+߳^YyG/KucSlw(eЇóLJʡ| C4.D >8yUb1AQx(Ĩ#(h^v\7Td𙚁LD.Jd!CzTsJQo3Gym-L8D7FoTfE t,ez7xe+mRE)* 0Њ8 kۢqVC9,(fHNXTCU>h64Rǧ!=3$=30׮+"Fפ "PX )s,t idi}–=v7fI`:`e)bdmōEO=sാZT&zl4ex?r?3ndԀ*Gܱ};u,$⃸kﭹd/rG":6k|? ވgHx d(*i25 Y>3LO-=&[iJ ߏ_sK*6B&;H $bG@6*--Wp?q!n mJJ@,){eV]Cu +|\3]~GgkL*nUKB Wc}%``ӊ|,B(NĢh;9Y 7WlCw9Cghꔐ:8ihpDd #Ѝ"Nj.r+ũb\pJrf7UU0:fjPt Y뮰 & +J6)[!aAY: ]vc`v%aO,*^iUTu܅/n Ae"UCkǕ7-{=fl>ὀ za,k9j\fjRVrp}ȶx;SDwB,xΒ.;ϧvioƘ q./K?I=ԒTA^8 AOd7q_R- 01EX "ojظRnrgӷhu4#EY'^ᶹitc$p6m!5Tl:@a]>k_/SU G58: nJ&x{&> H?_ʀqeF0Wj=U]z!MZ(P^/p yQ\y ='Hz0u[cv~#UZSSTKnǵ'hHB[)P\]3R:{Mˏ 'K&熩%>8e"-;Wt)9ڙy-LH5PN]aMu^wQU%>n۷L׻t; ?FP?M(O|_\4^r6.mGD~K~+@ՀvEFb%>H$畐J܅Dj ʕrOȥ2;:w^ CyN> a3|ձkRVD["`"-튦Y8x9Ū R1XZp[vy5?ߥ&@.vkd@툿l4޶)dn2tfX&YK&2kѦ7p!~dYc O׏kdߋ߿(rE(H48{*YNYU 3I^^?wŚA2ʼnxw$XX@&  ,g 7s j דK,SR8SoTI"_"Zrb&(szL7F83RfqGx53+,!+b|+61{)9u-0Q>UkLM-; Eru9Xbe$t3D('=\}Ӿo|_uȫ4XFp) W%{r8ms5l?nz:@%Ǜoo;n8.1fiPV,RV*DRdBe[ȳ&QvRChH?+sBΈ)3-]FP!{bxgt+|kj)nD"pJhn: X,x´6uv\q3QtbNm tP_J%NI,hda"8׽.'4&tH^/}+61_T]E/d&ּT8A-.{[7jq;~j{1|g.nIkM:1F8;V ٗB;dY-^CX".l宗OtS3٣]ayN砻ڐ^4vѢ7hԩ Am#V|9;Ӡ:bo`#0__r3AP,llyod3]c+}Am7Y^jv EY c0[$2yD 9)!ahHFHA>~3W6}L{6[C^-)f]:." |[2;>[y t+W]Bhڍfs8öZcȣ\M#/a5Cl&\wv-ҲpL=!xAA]tpeBhoWoD&F7nU \(DUg! 6~Xkn @‘]K.O)s\].]hsD{X4$ϧ;$`_*~Ĵxh~[z}zFI@h!]T{缓F$ }|+<"!^2N2oޒC,S?`*NcY8rbfkXbYPqyTHշ!ώ}kAp1$~VoY)b UarN4vESc}!v8m9Y%#4 NAרZ%0͐+-xzфj&+ ǐfԳ7Gs!(K@)JIhFzꂪvG/^si~[]OWcpIerE`$}myDZyi>]~}H_d.,)߲LZrdlǟ{n@|ykgd~~J>olTطZ GgΤ)n.N\sxF$M ;;|!(s n(4j|J.  m9 ,jqe*f@b<+%P)в]ᩗɸzuoFd \m:C#4kvmdbmPM=JЃpj/B(`BiH?-|ˎBc;h^}ġR]s w4弄Hy˹%rtm~3GI4nMe=|@.d'qU%);qުq2MRɵyٝip>@2- a01H~M]`t0W4C%|]a:t&cؙ{e/i/`gl$q* IcjPA9r@ jC3ЫYjZS#V[ 5"cہVq*vSV:;UHXP<=nB\jbj`&ʅ)NdH)7 +5 /S*$&֧=}.*yv8b6+hGHTq&c I 8)׈8QC;uC0{L&XKφ(Ţ^uBABHB-_߶;$2/A#H%ӓ^eqE:.I j``uII}fQ+RH$TK2( Ag2ͷΝí7'e,5NYT K :eh#d0V:3I=Xy_h-$R&^V~p{B, X{Nl"3 zhXFJ23D \4Z%$ٝ|5r59v9W{㒁MӪoO.iDCSI*)UX|C`ևcOX螗_1U8(R6&HK<&s=1JWUbjt=܊ =횺K2nBqkK(D^:LZDx* | }Jvbn}#N-d1*T1ӄ+0q|p' YZ