xen-4.17.0_06-150500.1.10 >  A dd3p9|yEnEoFE_~Z o_' .P&])YP048092d60c57a400c3a6cb8f7b9867b53c13c3aab8efddf46b7681f181347bb48f9e804733473877d1768f1bb411bc008a8d092edd3p9|<CxE.gL ^7?c\G Ɛ2;sn.qZ@/+ ?6;g)W_PITAYZG~YZ#hGD1. %{;'Q *\9AkM>"ؓBƂ`MU~(x|!<2eKi d;+l6@ `L H&9ʐSlT.j jƦ/N@YfEvT$3'4>p=V?V d  UPT`d}  h    k <x0l  { (89:,>Q`FQhGQHQIQXRYR\RD]R^SVbScTVdTeTfTlTuTvUzUUUUVCxen4.17.0_06150500.1.10Xen Virtualization: Hypervisor (aka VMM aka Microkernel)Xen is a virtual machine monitor for x86 that supports execution of multiple guest operating systems with unprecedented levels of performance and resource isolation. This package contains the Xen Hypervisor. (tm) [Hypervisor is a trademark of IBM]ddGPL-2.0-onlyhttps://www.suse.com/System/Kernelhttp://www.cl.cam.ac.uk/Research/SRG/netos/xen/linuxaarch64if [ -x /sbin/update-bootloader ]; then /sbin/update-bootloader --refresh; exit 0 fi fP2AAA큤dd dd dd dd dd dddd dd(dd(dd dd dd dd dd dd ee1aa4d32d110336e255ae27a8c1cd3db9d6fd7e0086c20c234df0c9b41e117cb3ec566543719063a76432a96b1fbdccadceeb4219676fe3098088f247dbc0fc7794da24c9e49251ad08cb13f2fe50c318c3b8c5b56539cdc07ce0191c83e38893eeb227fc8a95f3c1afcb0c517c826ca226a9817d2b6bfc01f6888abf467758ee1aa4d32d110336e255ae27a8c1cd3db9d6fd7e0086c20c234df0c9b41e117cxen-4.17.0_06-150500.1xen-4.17.0_06-150500.1xen-4.17.0_06-150500.1../../share/efi/aarch64/xen-4.17.0_06-150500.1.efixen-4.17.0_06-150500.1.efixen-4.17.0_06-150500.1.efixen-4.17.0_06-150500.1.efirootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootxen-4.17.0_06-150500.1.10.src.rpminstallhint(reboot-needed)xenxen(aarch-64)     /bin/shcoreutilsdiffutilsfillupgreprpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)systemdsystemdsystemdsystemd3.0.4-14.6.0-14.0-15.2-14.14.3d'@c@c@cccccc[@cWcOcOc47@c @c@b)bz@bγbγbb@b@b@b@bzSbV@bP#bJb/.@b b D@a@aaq@aa6a@aaca@@a7T@a,@aGa $@a @`@` @`@`E` @`` @`!@`@`7@`7@``}p`\{@`KW`F`B@`8`4@`.V`#`>` l___@_H@__إ@_إ@_S_$_______@_"__E@_i@_h_d@_cO_[f_X_O@_N7_*@_'@_@_{_^)@^^@^3^ϧ^x^@^@^^^{G^r @^j$@^g@^_@^Nt^K^=Q@^:@^0"@^@^@]]]N@]@]ʞ])]c@]@]@]@]]fl]fl]M`@]B@]/ ],j] ]@]@] ] ] #]]@\\ޢ@\ڭ\\@\@\@\,@\7\\N\@\\+@\\M\M\\\@\}@\k\X)@\J@\I\A\?\=@\9\73\4\$\l@[H[k@[@[^[^[/[@[@[9@[v[W[CN@[<[6@[0@[0@['[!@[5@Z@ZnZ@ZZZ@ZmZԐ@ZZZ@ZZ}@Z}@Z}@Z}@Zz@Zz@Zo Zk@ZV@ZS]@ZOhZ:PZ1@Z.s@Z&@ZOZOZ Z Z Z@Z@Z }ZC@ZYYYY|Y@Y{Y*@Y5YA@Y4YYYbYY@Y3Y@YJYJY@YYV@Y@Ym@Yw2Yp@YlYh@Yh@YS@YJ_YI@Y5GY0Y-^Y(Y"YY;@YYY@YtY.X@XQ@X@XۡXg@X@XƉX@X @X@X@X@X@XXX@XXXwoXs{@XlXWXRXQ4@XEVX43@X.@X*X lX&X@XX@W@W֘W֘W^@WiW:Wt@W.@W9WW@Wk@Wi,@WbWZWZWZWYZ@WV@WEWBW=W;W3W1@W1@W,@W(W(W(W(W(W#LWVbV(@V3VJVxV'@VV2V͛@VŲ@V`VwVVV=@VV@VHV@VvV%@VV<@V@VS@VV@V^VwVqR@Vn@VXEVUVTQ@VMVMVMVA@V;DV9@V7P@V0V*!@V V@VCVVVf@VqV@UYU@U@UUݪ@U@UnU4@UUK@UU@UU>U@Ux&Un@U\w@U[%UUUPUKSU>$U6;U%@UU@UUU.@TgT-@TT@TZ@TZ@T@TT@T5T@TLTLT~@Tl@Ti@Ta@THT?@T=@carnold@suse.comcarnold@suse.comcarnold@suse.comjbeulich@suse.comjbeulich@suse.comcarnold@suse.comjbeulich@suse.comcarnold@suse.comcarnold@suse.comjbeulich@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comjbeulich@suse.comcarnold@suse.comschubi@suse.comjbeulich@suse.comjbeulich@suse.comdmueller@suse.comcarnold@suse.comjbeulich@suse.comcarnold@suse.comjbeulich@suse.comcarnold@suse.comjbeulich@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comjbeulich@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.dejbeulich@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.dejbeulich@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comjbeulich@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comguillaume.gardet@opensuse.orgcallumjfarmer13@gmail.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcallumjfarmer13@gmail.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comdimstar@opensuse.orgcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.commcepl@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comjfehlig@suse.comohering@suse.demliska@suse.czohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comjengelh@inai.deguillaume.gardet@opensuse.orgguillaume.gardet@opensuse.orgbwiedemann@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.debwiedemann@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comtrenn@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.dejfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.deohering@suse.derbrown@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comjfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.dejfehlig@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comohering@suse.dejfehlig@suse.comcarnold@suse.comjfehlig@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.commlatimer@suse.comcarnold@suse.comcyliu@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.derguenther@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comrguenther@suse.comcarnold@suse.commeissner@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.com- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus log-dirty mode use-after-free (XSA-427) xsa427.patch - bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM pinned cache attributes mis-handling (XSA-428) xsa428-1.patch xsa428-2.patch - bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative vulnerability in 32bit SYSCALL path (XSA-429) xsa429.patch- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return Address Predictions (XSA-426) 63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch- bsc#1205792 - Partner-L3: launch-xenstore error messages show in SLES15 SP4 xen kernel. 63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch- bsc#1026236 - tidy/modernize patch xen.bug1026236.suse_vtsc_tolerance.patch- Upstream bug fixes (bsc#1027519) 63c05478-VMX-calculate-model-specific-LBRs-once.patch 63c05478-VMX-support-CPUs-without-model-specific-LBR.patch - bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause Xenstore crash via soft reset (XSA-425) xsa425.patch -> 63d24e91-tools-xenstore-revert-simplify-loop-handling.patch- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause Xenstore crash via soft reset (XSA-425) xsa425.patch- Upstream bug fixes (bsc#1027519) 63a03e28-x86-high-freq-TSC-overflow.patch- Update to Xen 4.17.0 FCS release (jsc#PED-1858) xen-4.17.0-testing-src.tar.bz2 * On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen. * The "gnttab" option now has a new command line sub-option for disabling the GNTTABOP_transfer functionality. * The x86 MCE command line option info is now updated. * Out-of-tree builds for the hypervisor now supported. * __ro_after_init support, for marking data as immutable after boot. * The project has officially adopted 4 directives and 24 rules of MISRA-C, added MISRA-C checker build integration, and defined how to document deviations. * IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones when they don't share page tables with the CPU (HAP / EPT / NPT). * Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD. * Improved TSC, CPU, and APIC clock frequency calibration on x86. * Support for Xen using x86 Control Flow Enforcement technology for its own protection. Both Shadow Stacks (ROP protection) and Indirect Branch Tracking (COP/JOP protection). * Add mwait-idle support for SPR and ADL on x86. * Extend security support for hosts to 12 TiB of memory on x86. * Add command line option to set cpuid parameters for dom0 at boot time on x86. * Improved static configuration options on Arm. * cpupools can be specified at boot using device tree on Arm. * It is possible to use PV drivers with dom0less guests, allowing statically booted dom0less guests with PV devices. * On Arm, p2m structures are now allocated out of a pool of memory set aside at domain creation. * Improved mitigations against Spectre-BHB on Arm. * Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm. * Allow setting the number of CPUs to activate at runtime from command line option on Arm. * Grant-table support on Arm was improved and hardened by implementing "simplified M2P-like approach for the xenheap pages" * Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm. * Add i.MX lpuart and i.MX8QM support on Arm. * Improved toolstack build system. * Add Xue - console over USB 3 Debug Capability. * gitlab-ci automation: Fixes and improvements together with new tests. * dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options - Drop patches contained in new tarball or invalid 62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch 6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch 631b5ba6-gnttab-acquire-resource-vaddrs.patch 63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch 63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch 63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch 63455fe4-x86-HAP-monitor-table-error-handling.patch 63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch 6345601d-x86-tolerate-shadow_prealloc-failure.patch 6345603a-x86-P2M-refuse-new-alloc-for-dying.patch 63456057-x86-P2M-truly-free-paging-pool-for-dying.patch 63456075-x86-P2M-free-paging-pool-preemptively.patch 63456090-x86-p2m_teardown-preemption.patch 63456175-libxl-per-arch-extra-default-paging-memory.patch 63456177-Arm-construct-P2M-pool-for-guests.patch 6345617a-Arm-XEN_DOMCTL_shadow_op.patch 6345617c-Arm-take-P2M-pages-P2M-pool.patch 634561aa-gnttab-locking-on-transitive-copy-error-path.patch 634561f1-x86emul-respect-NSCB.patch 6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch 6351095c-Arm-rework-p2m_init.patch 6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch 635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch 635665fb-sched-fix-restore_vcpu_affinity.patch 63569723-x86-shadow-replace-bogus-assertions.patch 61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch xsa326-01.patch xsa326-02.patch xsa326-03.patch xsa326-04.patch xsa326-05.patch xsa326-06.patch xsa326-07.patch xsa326-08.patch xsa326-09.patch xsa326-10.patch xsa326-11.patch xsa326-12.patch xsa326-13.patch xsa326-14.patch xsa326-15.patch xsa326-16.patch xsa412.patch xsa414.patch xsa415.patch xsa416.patch xsa417.patch xsa418-01.patch xsa418-02.patch xsa418-03.patch xsa418-04.patch xsa418-05.patch xsa418-06.patch xsa418-07.patch xsa419-01.patch xsa419-02.patch xsa419-03.patch xsa421-01.patch xsa421-02.patch- bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends (XSA-376) 61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may take excessively long (XSA-410) 63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch 63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch 63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch 63455fe4-x86-HAP-monitor-table-error-handling.patch 63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch 6345601d-x86-tolerate-shadow_prealloc-failure.patch 6345603a-x86-P2M-refuse-new-alloc-for-dying.patch 63456057-x86-P2M-truly-free-paging-pool-for-dying.patch 63456075-x86-P2M-free-paging-pool-preemptively.patch 63456090-x86-p2m_teardown-preemption.patch - bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption for 2nd-level page tables on ARM systems (XSA-409) 63456175-libxl-per-arch-extra-default-paging-memory.patch 63456177-Arm-construct-P2M-pool-for-guests.patch 6345617a-Arm-XEN_DOMCTL_shadow_op.patch 6345617c-Arm-take-P2M-pages-P2M-pool.patch - bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in transitive grant copy handling (XSA-411) 634561aa-gnttab-locking-on-transitive-copy-error-path.patch - Upstream bug fixes (bsc#1027519) 6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch 631b5ba6-gnttab-acquire-resource-vaddrs.patch 634561f1-x86emul-respect-NSCB.patch 6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch 6351095c-Arm-rework-p2m_init.patch 6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch 635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch 635665fb-sched-fix-restore_vcpu_affinity.patch 63569723-x86-shadow-replace-bogus-assertions.patch - Drop patches replaced by upstream versions: xsa410-01.patch xsa410-02.patch xsa410-03.patch xsa410-04.patch xsa410-05.patch xsa410-06.patch xsa410-07.patch xsa410-08.patch xsa410-09.patch xsa410-10.patch xsa411.patch- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (XSA-326) xsa326-01.patch xsa326-02.patch xsa326-03.patch xsa326-04.patch xsa326-05.patch xsa326-06.patch xsa326-07.patch xsa326-08.patch xsa326-09.patch xsa326-10.patch xsa326-11.patch xsa326-12.patch xsa326-13.patch xsa326-14.patch xsa326-15.patch xsa326-16.patch - bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (XSA-414) xsa414.patch - bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (XSA-415) xsa415.patch - bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (XSA-416) xsa416.patch - bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (XSA-417) xsa417.patch - bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (XSA-418) xsa418-01.patch xsa418-02.patch xsa418-03.patch xsa418-04.patch xsa418-05.patch xsa418-06.patch xsa418-07.patch - bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (XSA-419) xsa419-01.patch xsa419-02.patch xsa419-03.patch - bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitray number of nodes via transactions (XSA-421) xsa421-01.patch xsa421-02.patch- bsc#1204483 - VUL-0: CVE-2022-42327: xen: x86: unintended memory sharing between guests (XSA-412) xsa412.patch- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may take excessively long (XSA-410) xsa410-01.patch xsa410-02.patch xsa410-03.patch xsa410-04.patch xsa410-05.patch xsa410-06.patch xsa410-07.patch xsa410-08.patch xsa410-09.patch xsa410-10.patch - bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in transitive grant copy handling (XSA-411) xsa411.patch- bsc#1201994 - Xen DomU unable to emulate audio device 62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch- Things are compiling fine now with gcc12. Drop gcc12-fixes.patch- Update to Xen 4.16.2 bug fix release (bsc#1027519) xen-4.16.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - Drop patches contained in new tarball 625fca42-VT-d-reserved-CAP-ND.patch 626f7ee8-x86-MSR-handle-P5-MC-reads.patch 627549d6-IO-shutdown-race.patch 62a1e594-x86-clean-up-_get_page_type.patch 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch 62a1e649-x86-track-and-flush-non-coherent.patch 62a99614-IOMMU-x86-gcc12.patch 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch 62c56cc0-libxc-fix-compilation-error-with-gcc13.patch 62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch 62cc31ee-cmdline-extend-parse_boolean.patch 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch 62cd91d0-x86-spec-ctrl-rework-context-switching.patch 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch 62cd91d5-x86-cpuid-BTC_NO-enum.patch 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch xsa408.patch- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels A previous change to the built-in default had a logic error, effectively restoring the upstream limit of 1023 channels per domU. Fix the logic to calculate the default based on the number of vcpus. adjust libxl.max_event_channels.patch- Added --disable-pvshim when running configure in xen.spec. We have never shipped the shim and don't need to build it.- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition in typeref acquisition 62a1e594-x86-clean-up-_get_page_type.patch 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch - bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch 62a1e649-x86-track-and-flush-non-coherent.patch - bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166: xen: x86: MMIO Stale Data vulnerabilities (XSA-404) 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch - bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900: xen: retbleed - arbitrary speculative code execution with return instructions (XSA-407) 62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch 62cc31ee-cmdline-extend-parse_boolean.patch 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch 62cd91d0-x86-spec-ctrl-rework-context-switching.patch 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch 62cd91d5-x86-cpuid-BTC_NO-enum.patch 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch - Upstream bug fixes (bsc#1027519) 62a99614-IOMMU-x86-gcc12.patch 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch - Drop patches replaced by upstream versions xsa401-1.patch xsa401-2.patch xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) xsa408.patch - Fix gcc13 compilation error 62c56cc0-libxc-fix-compilation-error-with-gcc13.patch- Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings fix xsa402-5.patch- Upstream bug fixes (bsc#1027519) 625fca42-VT-d-reserved-CAP-ND.patch 626f7ee8-x86-MSR-handle-P5-MC-reads.patch 627549d6-IO-shutdown-race.patch - bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition in typeref acquisition xsa401-1.patch xsa401-2.patch - bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch- fix python3 >= 3.10 version detection- Update to Xen 4.16.1 bug fix release (bsc#1027519) xen-4.16.1-testing-src.tar.bz2 - Drop patches contained in new tarball 61b31d5c-x86-restrict-all-but-self-IPI.patch 61b88e78-x86-CPUID-TSXLDTRK-definition.patch 61bc429f-revert-hvmloader-PA-range-should-be-UC.patch 61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch 61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch 61e0296a-x86-time-calibration-relative-counts.patch 61e029c8-x86-time-TSC-freq-calibration-accuracy.patch 61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch 61e98e88-x86-introduce-get-set-reg-infra.patch 61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch 61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch 61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch 61eaaa23-x86-get-set-reg-infra-build.patch 61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch 61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch 61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch 61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch 61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch 61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch 61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch 61f933a4-x86-cpuid-advertise-SSB_NO.patch 61f933a5-x86-drop-use_spec_ctrl-boolean.patch 61f933a6-x86-new-has_spec_ctrl-boolean.patch 61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch 61f933a8-x86-SPEC_CTRL-record-last-write.patch 61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch 61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch 61f933ab-x86-AMD-SPEC_CTRL-infra.patch 61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch 61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch 6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch 6202afa4-x86-TSX-move-has_rtm_always_abort.patch 6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch 6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch 6202afa8-x86-Intel-PSFD-for-guests.patch 62278667-Arm-introduce-new-processors.patch 62278668-Arm-move-errata-CSV2-check-earlier.patch 62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch 6227866a-Arm-Spectre-BHB-handling.patch 6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch 6227866c-x86-AMD-cease-using-thunk-lfence.patch 6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch 624ebcef-VT-d-dont-needlessly-look-up-DID.patch 624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch 624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch xsa397.patch xsa399.patch xsa400-01.patch xsa400-02.patch xsa400-03.patch xsa400-04.patch xsa400-05.patch xsa400-06.patch xsa400-07.patch xsa400-08.patch xsa400-09.patch xsa400-10.patch xsa400-11.patch xsa400-12.patch- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) 624ebcef-VT-d-dont-needlessly-look-up-DID.patch 624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch 624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions between dirty vram tracking and paging log dirty hypercalls (XSA-397) xsa397.patch - bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID cleanup (XSA-399) xsa399.patch - bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) xsa400-01.patch xsa400-02.patch xsa400-03.patch xsa400-04.patch xsa400-05.patch xsa400-06.patch xsa400-07.patch xsa400-08.patch xsa400-09.patch xsa400-10.patch xsa400-11.patch xsa400-12.patch - Additional upstream bug fixes for XSA-400 (bsc#1027519) 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch 61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch 6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401: xen: BHB speculation issues (XSA-398) 62278667-Arm-introduce-new-processors.patch 62278668-Arm-move-errata-CSV2-check-earlier.patch 62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch 6227866a-Arm-Spectre-BHB-handling.patch 6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch 6227866c-x86-AMD-cease-using-thunk-lfence.patch- bsc#1196545 - GCC 12: xen package fails gcc12-fixes.patch- Upstream bug fixes (bsc#1027519) 61e0296a-x86-time-calibration-relative-counts.patch 61e029c8-x86-time-TSC-freq-calibration-accuracy.patch 61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch 61e98e88-x86-introduce-get-set-reg-infra.patch 61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch 61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch 61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch 61eaaa23-x86-get-set-reg-infra-build.patch 61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch 61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch 61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch 61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch 61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch 61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch 61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch 61f933a4-x86-cpuid-advertise-SSB_NO.patch 61f933a5-x86-drop-use_spec_ctrl-boolean.patch 61f933a6-x86-new-has_spec_ctrl-boolean.patch 61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch 61f933a8-x86-SPEC_CTRL-record-last-write.patch 61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch 61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch 61f933ab-x86-AMD-SPEC_CTRL-infra.patch 61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch 61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch 6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch 6202afa4-x86-TSX-move-has_rtm_always_abort.patch 6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch 6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch 6202afa8-x86-Intel-PSFD-for-guests.patch - Drop patches replaced by the above: xsa393.patch xsa394.patch xsa395.patch libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm: guest_physmap_remove_page not removing the p2m mappings (XSA-393) xsa393.patch - bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS Xen while unmapping a grant (XSA-394) xsa394.patch - bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of passed-through device IRQs (XSA-395) xsa395.patch- bsc#1191668 - L3: issue around xl and virsh operation - virsh list not giving any output libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch- bsc#1193307 - pci backend does not exist when attach a vf to a pv guest libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch Drop libxl-PCI-defer-backend-wait.patch- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains an sriov device 61bc429f-revert-hvmloader-PA-range-should-be-UC.patch - Upstream bug fixes (bsc#1027519) 61b31d5c-x86-restrict-all-but-self-IPI.patch 61b88e78-x86-CPUID-TSXLDTRK-definition.patch 61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch- Collect active VM config files in the supportconfig plugin xen-supportconfig- Now that the ovmf package has been updated, reset the configure script to use ovmf-x86_64-xen-4m.bin from ovmf-x86_64-ms.bin References bsc#1194105, bsc#1193274 xen.spec- bsc#1193307 - pci backend does not exist when attach a vf to a pv guest libxl-PCI-defer-backend-wait.patch- Update to Xen 4.16.0 FCS release xen-4.16.0-testing-src.tar.bz2 * Miscellaneous fixes to the TPM manager software in preparation for TPM 2.0 support. * Increased reliance on the PV shim as 32-bit PV guests will only be supported in shim mode going forward. This change reduces the attack surface in the hypervisor. * Increased hardware support by allowing Xen to boot on Intel devices that lack a Programmable Interval Timer. * Cleanup of legacy components by no longer building QEMU Traditional or PV-Grub by default. Note both projects have upstream Xen support merged now, so it is no longer recommended to use the Xen specific forks. * Initial support for guest virtualized Performance Monitor Counters on Arm. * Improved support for dom0less mode by allowing the usage on Arm 64bit hardware with EFI firmware. * Improved support for Arm 64-bit heterogeneous systems by leveling the CPU features across all to improve big.LITTLE support. - bsc#1193274 - [Build67.2][Xen][uefi] xen fullvirt uefi guest can not be created with default 'type=plash' in virt-manager xen.spec- Update to Xen 4.16.0 RC4 release (jsc#SLE-18467) xen-4.16.0-testing-src.tar.bz2 * Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0. * Xen now supports Viridian enlightenments for guests with more than 64 vcpus. * Xenstored and oxenstored both now support LiveUpdate (tech preview). * Unified boot images * Switched x86 MSR accesses to deny by default policy. * Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format. * Support for zstd-compressed dom0 (x86) and domU kernels. * Reduce ACPI verbosity by default. * Add ucode=allow-same option to test late microcode loading path. * Library improvements from NetBSD ports upstreamed. * x86: Allow domains to use AVX-VNNI instructions. * Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts. * xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend. * On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging. * Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests. - Drop iPXE sources and patches. iPXE is only used by QEMU traditional which has never shipped with SLE15. ipxe.tar.bz2 ipxe-enable-nics.patch ipxe-no-error-logical-not-parentheses.patch ipxe-use-rpm-opt-flags.patch - Drop building ocaml xenstored in the spec file. There are no plans or need to support this version. - Drop patches contained in new tarball or no longer required 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch 5ffc58c4-ACPI-reduce-verbosity-by-default.patch 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch 608676f2-VT-d-register-based-invalidation-optional.patch 60a27288-x86emul-gas-2-36-test-harness-build.patch 60af933d-x86-gcc11-hypervisor-build.patch 60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch 60afe617-x86-TSX-minor-cleanup-and-improvements.patch 60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch 60ba695e-tools-libs-ctrl-fix-xc_core_arch_map_p2m-to-support.patch 60be0e24-credit2-pick-runnable-unit.patch 60be0e42-credit2-per-entity-load-tracking-when-continuing.patch 60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch 60bf9e19-Arm-create-dom0less-domUs-earlier.patch 60bf9e1a-Arm-boot-modules-scrubbing.patch 60bf9e1b-VT-d-size-qinval-queue-dynamically.patch 60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch 60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch 60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch 60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch 60bfa904-AMD-IOMMU-wait-for-command-slot.patch 60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch 60c0bf86-x86-TSX-cope-with-deprecation.patch 60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch 60c8de6e-osdep_xenforeignmemory_map-prototype.patch 60d49689-VT-d-undo-device-mappings-upon-error.patch 60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch 60d496d6-VT-d-clear_fault_bits-should-clear-all.patch 60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch 60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch 61001231-x86-work-around-GNU-ld-2-37-issue.patch 61122ac6-credit2-avoid-spuriously-picking-idle.patch 611a7e38-x86-CET-shstk-WARN-manipulation.patch 611cba4e-VT-d-Tylersburg-errata-more-steppings.patch 611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch 6126339d-AMD-IOMMU-global-ER-extending.patch 6126344f-AMD-IOMMU-unity-map-handling.patch 61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch 6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch 6126349a-AMD-IOMMU-rearrange-reassignment.patch 612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch 612634c3-x86-p2m-introduce-p2m_is_special.patch 612634dc-x86-p2m-guard-identity-mappings.patch 612634f4-x86-mm-widen-locked-region-in-xatp1.patch 6126350a-gnttab-release-mappings-preemption.patch 6126351f-gnttab-replace-mapkind.patch 6126353d-gnttab-get-status-frames-array-capacity.patch 61263553-Arm-restrict-maxmem-for-dom0less.patch 6128a856-gnttab-radix-tree-node-init.patch init.xen_loop libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch libxc-bitmap-longs.patch libxc.migrate_tracking.patch libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch libxc-sr-add-xc_is_known_page_type.patch libxc-sr-arrays.patch libxc-sr-batch_pfns.patch libxc-sr-page_type_has_stream_data.patch libxc.sr.superpage.patch libxc-sr-use-xc_is_known_page_type.patch libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch libxl-85760c03d664400368a3f76ae0225307c25049a7.patch libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch libxl.fix-libacpi-dependency.patch libxl-qemu6-scsi.patch libxl-qemu6-vnc-password.patch libxl.set-migration-constraints-from-cmdline.patch reproducible.patch stubdom-have-iovec.patch x86-cpufreq-report.patch xenstore-launch.patch xenwatchdogd-options.patch xsa384.patch- bsc#1189632 - VUL-0: CVE-2021-28701: xen: Another race in XENMAPSPACE_grant_table handling (XSA-384) xsa384.patch - Upstream bug fixes (bsc#1027519) 61001231-x86-work-around-GNU-ld-2-37-issue.patch 611a7e38-x86-CET-shstk-WARN-manipulation.patch 611cba4e-VT-d-Tylersburg-errata-more-steppings.patch 611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch 6128a856-gnttab-radix-tree-node-init.patch 61122ac6-credit2-avoid-spuriously-picking-idle.patch (Replaces credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch) 6126339d-AMD-IOMMU-global-ER-extending.patch (Replaces xsa378-1.patch) 6126344f-AMD-IOMMU-unity-map-handling.patch (Replaces xsa378-2.patch) 61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch (Replaces xsa378-3.patch) 6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch (Replaces xsa378-4.patch) 6126349a-AMD-IOMMU-rearrange-reassignment.patch (Replaces xsa378-5.patch) 612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch (Replaces xsa378-6.patch) 612634c3-x86-p2m-introduce-p2m_is_special.patch (Replaces xsa378-7.patch) 612634dc-x86-p2m-guard-identity-mappings.patch (Replaces xsa378-8.patch) 612634f4-x86-mm-widen-locked-region-in-xatp1.patch (Replaces xsa379.patch) 6126350a-gnttab-release-mappings-preemption.patch (Replaces xsa380-1.patch 6126351f-gnttab-replace-mapkind.patch (Replaces xsa380-2.patch) 6126353d-gnttab-get-status-frames-array-capacity.patch (Replaces xsa382.patch) 61263553-Arm-restrict-maxmem-for-dom0less.patch (Replaces xsa383.patch)- bsc#1189882 - refresh libxc.sr.superpage.patch prevent superpage allocation in the LAPIC and ACPI_INFO range- bsc#1189373 - VUL-0: CVE-2021-28694,CVE-2021-28695, CVE-2021-28696: xen: IOMMU page mapping issues on x86 (XSA-378) xsa378-1.patch xsa378-2.patch xsa378-3.patch xsa378-4.patch xsa378-5.patch xsa378-6.patch xsa378-7.patch xsa378-8.patch - bsc#1189376 - VUL-0: CVE-2021-28697: xen: grant table v2 status pages may remain accessible after de-allocation. (XSA-379) xsa379.patch - bsc#1189378 - VUL-0: CVE-2021-28698: xen: long running loops in grant table handling. (XSA-380) xsa380-1.patch xsa380-2.patch - bsc#1189380 - VUL-0: CVE-2021-28699: xen: inadequate grant-v2 status frames array bounds check. (XSA-382) xsa382.patch - bsc#1189381 - VUL-0: CVE-2021-28700: xen: xen/arm: No memory limit for dom0less domUs. (XSA-383) xsa383.patch- bsc#1188050 - L3: Xen guest yval1a80 SLES11SP4 hangs on cluster See also bsc#1179246. credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch- Drop aarch64-maybe-uninitialized.patch as the fix is in tarball.- refresh the migration patches to state v20210713 removed libxc-sr-add-xc_is_known_page_type.patch removed libxc-sr-arrays.patch removed libxc-sr-batch_pfns.patch removed libxc-sr-page_type_has_stream_data.patch removed libxc-sr-use-xc_is_known_page_type.patch removed libxc.migrate_tracking.patch removed libxc.sr.superpage.patch removed libxl.set-migration-constraints-from-cmdline.patch added libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch added libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch added libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch added libxc-sr-LIBXL_HAVE_DOMAIN_SUSPEND_PROPS.patch added libxc-sr-abort_if_busy.patch added libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch added libxc-sr-max_iters.patch added libxc-sr-min_remaining.patch added libxc-sr-number-of-iterations.patch added libxc-sr-precopy_policy.patch added libxc-sr-restore-hvm-legacy-superpage.patch added libxc-sr-track-migration-time.patch added libxc-sr-xg_sr_bitmap-populated_pfns.patch added libxc-sr-xg_sr_bitmap.patch added libxc-sr-xl-migration-debug.patch- bsc#1176189 - xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown xl-save-pc.patch- bsc#1179246 - Dom0 hangs when pinning CPUs for dom0 with HVM guest 60be0e24-credit2-pick-runnable-unit.patch 60be0e42-credit2-per-entity-load-tracking-when-continuing.patch - Upstream bug fixes (bsc#1027519) 60bf9e19-Arm-create-dom0less-domUs-earlier.patch (Replaces xsa372-1.patch) 60bf9e1a-Arm-boot-modules-scrubbing.patch (Replaces xsa372-2.patch) 60bf9e1b-VT-d-size-qinval-queue-dynamically.patch (Replaces xsa373-1.patch) 60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch (Replaces xsa373-2.patch) 60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch (Replaces xsa373-2.patch) 60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch (Replaces xsa375.patch) 60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch (Replaces xsa377.patch) 60bfa904-AMD-IOMMU-wait-for-command-slot.patch (Replaces xsa373-4.patch) 60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch (Replaces xsa373-5.patch) 60afe617-x86-TSX-minor-cleanup-and-improvements.patch 60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch 60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch 60c0bf86-x86-TSX-cope-with-deprecation.patch 60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch 60c8de6e-osdep_xenforeignmemory_map-prototype.patch 60d49689-VT-d-undo-device-mappings-upon-error.patch 60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch 60d496d6-VT-d-clear_fault_bits-should-clear-all.patch 60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch 60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch - Dropped gcc11-fixes.patch- bsc#1183243 - L3: Core cannot be opened when using xl dump-core of VM with PTF 60ba695e-tools-libs-ctrl-fix-xc_core_arch_map_p2m-to-support.patch- bsc#1180350 - some long deprecated commands were finally removed in qemu6. Adjust libxl to use supported commands. libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch libxl-85760c03d664400368a3f76ae0225307c25049a7.patch libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch libxl-qemu6-vnc-password.patch libxl-qemu6-scsi.patch- Update logrotate.conf, move global options into per-file sections to prevent globbering of global state (bsc#1187406)- Fix shell macro expansion in xen.spec, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877)- bsc#1186428 - VUL-0: CVE-2021-28693: xen: xen/arm: Boot modules are not scrubbed (XSA-372) xsa372-1.patch xsa372-2.patch - bsc#1186429 - VUL-0: CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (XSA-373) xsa373-1.patch xsa373-2.patch xsa373-3.patch xsa373-4.patch xsa373-5.patch - bsc#1186433 - VUL-0: CVE-2021-0089: xen: Speculative Code Store Bypass (XSA-375) xsa375.patch - bsc#1186434 - VUL-0: CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (XSA-377) xsa377.patch - Upstream bug fixes (bsc#1027519) 60a27288-x86emul-gas-2-36-test-harness-build.patch 60af933d-x86-gcc11-hypervisor-build.patch 60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch- Upstream bug fix (bsc#1027519) 608676f2-VT-d-register-based-invalidation-optional.patch- Add xen.sysconfig-fillup.patch to make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update- Refresh xenstore-launch.patch to cover also daemon case- Update to Xen 4.14.2 bug fix release (bsc#1027519) xen-4.14.2-testing-src.tar.bz2 - Drop patches contained in new tarball 5fedf9f4-x86-hpet_setup-fix-retval.patch 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch 5ff71655-x86-dpci-EOI-regardless-of-masking.patch 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch 600999ad-x86-dpci-do-not-remove-pirqs-from.patch 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch 6011bbc7-x86-timer-fix-boot-without-PIT.patch 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch 6013e546-x86-HVM-reorder-domain-init-error-path.patch 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch 602bd768-page_alloc-only-flush-after-scrubbing.patch 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch 60410127-gcc11-adjust-rijndaelEncrypt.patch 60422428-x86-shadow-avoid-fast-fault-path.patch 604b9070-VT-d-disable-QI-IR-before-init.patch 60535c11-libxl-domain-soft-reset.patch 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch 60787714-x86-HPET-avoid-legacy-replacement-mode.patch- bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!" 60787714-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch - Upstream bug fixes (bsc#1027519) 60410127-gcc11-adjust-rijndaelEncrypt.patch 60422428-x86-shadow-avoid-fast-fault-path.patch 604b9070-VT-d-disable-QI-IR-before-init.patch 60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch) 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch- bsc#1137251 - Restore changes for xen-dom0-modules.service which were silently removed on 2019-10-17- bsc#1177112 - Fix libxc.sr.superpage.patch The receiving side did detect holes in a to-be-allocated superpage, but allocated a superpage anyway. This resulted to over-allocation.- bsc#1167608 - adjust limit for max_event_channels A previous change allowed an unbound number of event channels to make sure even large domUs can start of of the box. This may have a bad side effect in the light of XSA-344. Adjust the built-in limit based on the number of vcpus. In case this is not enough, max_event_channels=/maxEventChannels= has to be used to set the limit as needed for large domUs adjust libxl.max_event_channels.patch- bsc#1183072 - VUL-0: CVE-2021-28687: xen: HVM soft-reset crashes toolstack (XSA-368). Also resolves, bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl bsc#1181989 - openQA job causes libvirtd to dump core when running kdump inside domain xsa368.patch- bsc#1177204 - L3-Question: conring size for XEN HV's with huge memory to small. Inital Xen logs cut 5ffc58c4-ACPI-reduce-verbosity-by-default.patch - Upstream bug fixes (bsc#1027519) 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch 602bd768-page_alloc-only-flush-after-scrubbing.patch 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch - bsc#1181921 - GCC 11: xen package fails gcc11-fixes.patch- bsc#1182576 - L3: XEN domU crashed on resume when using the xl unpause command 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch- Start using the %autosetup macro to simplify patch management xen.spec- bsc#1181921 - GCC 11: xen package fails gcc11-fixes.patch - Drop gcc10-fixes.patch- Upstream bug fixes (bsc#1027519) 5fedf9f4-x86-hpet_setup-fix-retval.patch 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch 5ff71655-x86-dpci-EOI-regardless-of-masking.patch 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch 600999ad-x86-dpci-do-not-remove-pirqs-from.patch (Replaces xsa360.patch) 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch 6013e546-x86-HVM-reorder-domain-init-error-path.patch - bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!" 6011bbc7-x86-timer-fix-boot-without-PIT.patch- bsc#1181254 - VUL-0: xen: IRQ vector leak on x86 (XSA-360) xsa360.patch- bsc#1180794 - bogus qemu binary path used when creating fv guest under xen xen.spec- bsc#1180690 - L3-Question: xen: no needsreboot flag set Add Provides: installhint(reboot-needed) in xen.spec for libzypp- Update libxl.set-migration-constraints-from-cmdline.patch Remove code which handled --max_factor. The total amount of transferred data is no indicator to trigger the final stop+copy. This should have been removed during upgrade to Xen 4.7. Fix off-by-one in --max_iters, it caused one additional copy cycle. Reduce default value of --max_iters from 5 to 2. The workload within domU will continue to produce dirty pages. It is unreasonable to expect any slowdown during migration. Now there is one initial copy of all memory, one instead of four iteration for dirty memory, and a final copy iteration prior move.- Update to Xen 4.14.1 bug fix release (bsc#1027519) xen-4.14.1-testing-src.tar.bz2 Contains the following recent security fixes bsc#1179516 XSA-359 - CVE-2020-29571 bsc#1179514 XSA-358 - CVE-2020-29570 bsc#1179513 XSA-356 - CVE-2020-29567 bsc#1178963 XSA-355 - CVE-2020-29040 bsc#1178591 XSA-351 - CVE-2020-28368 bsc#1179506 XSA-348 - CVE-2020-29566 bsc#1179502 XSA-325 - CVE-2020-29483 bsc#1179501 XSA-324 - CVE-2020-29484 bsc#1179498 XSA-322 - CVE-2020-29481 bsc#1179496 XSA-115 - CVE-2020-29480 - Dropped patches contained in new tarball 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch 5f560c42-x86-PV-64bit-segbase-consistency.patch 5f560c42-x86-PV-rewrite-segment-ctxt-switch.patch 5f5b6b7a-hypfs-fix-custom-param-writes.patch 5f607915-x86-HVM-more-consistent-IO-completion.patch 5f6a002d-x86-PV-handle-MSR_MISC_ENABLE-correctly.patch 5f6a0049-memory-dont-skip-RCU-unlock-in-acquire_resource.patch 5f6a0067-x86-vPT-fix-race-when-migrating-timers.patch 5f6a008e-x86-MSI-drop-read_msi_msg.patch 5f6a00aa-x86-MSI-X-restrict-reading-of-PBA-bases.patch 5f6a00c4-evtchn-relax-port_is_valid.patch 5f6a00df-x86-PV-avoid-double-exception-injection.patch 5f6a00f4-evtchn-add-missing-barriers.patch 5f6a0111-evtchn-x86-enforce-correct-upper-limit.patch 5f6a013f-evtchn_reset-shouldnt-succeed-with.patch 5f6a0160-evtchn-IRQ-safe-per-channel-lock.patch 5f6a0178-evtchn-address-races-with-evtchn_reset.patch 5f6a01a4-evtchn-preempt-in-evtchn_destroy.patch 5f6a01c6-evtchn-preempt-in-evtchn_reset.patch 5f6cfb5b-x86-PV-dont-GP-for-SYSENTER-with-NT-set.patch 5f6cfb5b-x86-PV-dont-clobber-NT-on-return-to-guest.patch 5f71a21e-x86-S3-fix-shadow-stack-resume.patch 5f76ca65-evtchn-Flask-prealloc-for-send.patch 5f76caaf-evtchn-FIFO-use-stable-fields.patch 5f897c25-x86-traps-fix-read_registers-for-DF.patch 5f897c7b-x86-smpboot-restrict-memguard_guard_stack.patch 5f8ed5d3-x86-mm-map_pages_to_xen-single-exit-path.patch 5f8ed5eb-x86-mm-modify_xen_mappings-one-exit-path.patch 5f8ed603-x86-mm-prevent-races-in-mapping-updates.patch 5f8ed635-IOMMU-suppress-iommu_dont_flush_iotlb-when.patch 5f8ed64c-IOMMU-hold-page-ref-until-TLB-flush.patch 5f8ed682-AMD-IOMMU-convert-amd_iommu_pte.patch 5f8ed69c-AMD-IOMMU-update-live-PTEs-atomically.patch 5f8ed6b0-AMD-IOMMU-suitably-order-DTE-mods.patch xsa286-1.patch xsa286-2.patch xsa286-3.patch xsa286-4.patch xsa286-5.patch xsa286-6.patch xsa351-1.patch xsa351-2.patch xsa351-3.patch xsa355.patch- Pass --with-rundir to configure to get rid of /var/run- bsc#1178736 - allow restart of xenwatchdogd, enable tuning of keep-alive interval and timeout options via XENWATCHDOGD_ARGS= add xenwatchdogd-options.patch add xenwatchdogd-restart.patch- bsc#1177112 - Fix libxc.sr.superpage.patch The receiving side may punch holes incorrectly into optimistically allocated superpages. Also reduce overhead in bitmap handling. add libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch add libxc-bitmap-long.patch add libxc-bitmap-longs.patch- boo#1029961 - Move files in xen-tools-domU to /usr/bin from /bin xen-destdir.patch Drop tmp_build.patch- bsc#1176782 - L3: xl dump-core shows missing nr_pages during core. If maxmem and current are the same the issue doesn't happen 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) xsa355.patch- Fix build error with libxl.fix-libacpi-dependency.patch- Enhance libxc.migrate_tracking.patch Hide SUSEINFO messages from pause/unpause/resume from xl command. They are intended for libvirt logging, but lacked info about execution context. Remove extra logging about dirty pages in each iteration, the number of transferred pages + protocol overhead is already reported elsewhere.- Remove libxl.libxl__domain_pvcontrol.patch It is already part of 4.14.0-rc1- bsc#1178591 - VUL-0: CVE-2020-28368: xen: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 xsa351-1.patch xsa351-2.patch xsa351-3.patch- bsc#1177950 - adjust help for --max_iters, default is 5 libxl.set-migration-constraints-from-cmdline.patch- jsc#SLE-16899 - improve performance of live migration remove allocations and memcpy from hotpaths on sending and receiving side to get more throughput on 10Gbs+ connections libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch libxc-sr-add-xc_is_known_page_type.patch libxc-sr-arrays.patch libxc-sr-batch_pfns.patch libxc-sr-page_type_has_stream_data.patch libxc-sr-readv_exact.patch libxc-sr-restore-handle_buffered_page_data.patch libxc-sr-restore-handle_incoming_page_data.patch libxc-sr-restore-map_errs.patch libxc-sr-restore-mfns.patch libxc-sr-restore-pfns.patch libxc-sr-restore-populate_pfns-mfns.patch libxc-sr-restore-populate_pfns-pfns.patch libxc-sr-restore-read_record.patch libxc-sr-restore-types.patch libxc-sr-save-errors.patch libxc-sr-save-guest_data.patch libxc-sr-save-iov.patch libxc-sr-save-local_pages.patch libxc-sr-save-mfns.patch libxc-sr-save-rec_pfns.patch libxc-sr-save-show_transfer_rate.patch libxc-sr-save-types.patch libxc-sr-use-xc_is_known_page_type.patch adjust libxc.sr.superpage.patch adjust libxc.migrate_tracking.patch- Upstream bug fixes (bsc#1027519) 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch 5f560c42-x86-PV-rewrite-segment-ctxt-switch.patch 5f5b6b7a-hypfs-fix-custom-param-writes.patch 5f607915-x86-HVM-more-consistent-IO-completion.patch 5f6cfb5b-x86-PV-dont-GP-for-SYSENTER-with-NT-set.patch 5f6cfb5b-x86-PV-dont-clobber-NT-on-return-to-guest.patch 5f71a21e-x86-S3-fix-shadow-stack-resume.patch 5f76ca65-evtchn-Flask-prealloc-for-send.patch 5f76caaf-evtchn-FIFO-use-stable-fields.patch 5f897c25-x86-traps-fix-read_registers-for-DF.patch 5f897c7b-x86-smpboot-restrict-memguard_guard_stack.patch - Renamed patches 5f560c42-x86-PV-64bit-segbase-consistency.patch Replaces 5f5b6951-x86-PV-64bit-segbase-consistency.patch 5f6a002d-x86-PV-handle-MSR_MISC_ENABLE-correctly.patch Replaces 5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch 5f6a0049-memory-dont-skip-RCU-unlock-in-acquire_resource.patch Replaces 5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch 5f6a0067-x86-vPT-fix-race-when-migrating-timers.patch Replaces 5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch 5f6a008e-x86-MSI-drop-read_msi_msg.patch Replaces 5f6a05fa-msi-get-rid-of-read_msi_msg.patch 5f6a00aa-x86-MSI-X-restrict-reading-of-PBA-bases.patch Replaces 5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch 5f6a00c4-evtchn-relax-port_is_valid.patch Replaces 5f6a062c-evtchn-relax-port_is_valid.patch 5f6a00df-x86-PV-avoid-double-exception-injection.patch Replaces 5f6a065c-pv-Avoid-double-exception-injection.patch 5f6a00f4-evtchn-add-missing-barriers.patch Replaces 5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch 5f6a0111-evtchn-x86-enforce-correct-upper-limit.patch Replaces 5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch 5f6a013f-evtchn_reset-shouldnt-succeed-with.patch Replaces 5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch 5f6a0160-evtchn-IRQ-safe-per-channel-lock.patch Replaces 5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch 5f6a0178-evtchn-address-races-with-evtchn_reset.patch Replaces 5f6a06f2-evtchn-address-races-with-evtchn_reset.patch 5f6a01a4-evtchn-preempt-in-evtchn_destroy.patch Replaces 5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch 5f6a01c6-evtchn-preempt-in-evtchn_reset.patch Replaces 5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch- bsc#1177409 - VUL-0: CVE-2020-27674: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) xsa286-1.patch xsa286-2.patch xsa286-3.patch xsa286-4.patch xsa286-5.patch xsa286-6.patch - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) 5f8ed5d3-x86-mm-map_pages_to_xen-single-exit-path.patch 5f8ed5eb-x86-mm-modify_xen_mappings-one-exit-path.patch 5f8ed603-x86-mm-prevent-races-in-mapping-updates.patch - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) 5f8ed635-IOMMU-suppress-iommu_dont_flush_iotlb-when.patch 5f8ed64c-IOMMU-hold-page-ref-until-TLB-flush.patch - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) 5f8ed682-AMD-IOMMU-convert-amd_iommu_pte.patch 5f8ed69c-AMD-IOMMU-update-live-PTEs-atomically.patch 5f8ed6b0-AMD-IOMMU-suitably-order-DTE-mods.patch- Update libxc.sr.superpage.patch set errno in x86_hvm_alloc_4k (bsc#1177112)- bsc#1176339 - VUL-0: CVE-2020-25602: xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333) 5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch - bsc#1176341 - VUL-0: CVE-2020-25598: xen: Missing unlock in XENMEM_acquire_resource error path (XSA-334) 5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch - bsc#1176343 - VUL-0: CVE-2020-25604: xen: race when migrating timers between x86 HVM vCPU-s (XSA-336) 5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch - bsc#1176344 - VUL-0: CVE-2020-25595: xen: PCI passthrough code reading back hardware registers (XSA-337) 5f6a05fa-msi-get-rid-of-read_msi_msg.patch 5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch - bsc#1176346 - VUL-0: CVE-2020-25597: xen: once valid event channels may not turn invalid (XSA-338) 5f6a062c-evtchn-relax-port_is_valid.patch - bsc#1176345 - VUL-0: CVE-2020-25596: xen: x86 pv guest kernel DoS via SYSENTER (XSA-339) 5f6a065c-pv-Avoid-double-exception-injection.patch - bsc#1176347 - VUL-0: CVE-2020-25603: xen: Missing barrier barriers when accessing/allocating an event channel (XSA-340) 5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch - bsc#1176348 - VUL-0: CVE-2020-25600: xen: out of bounds event channels available to 32-bit x86 domains (XSA-342) 5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch - bsc#1176349 - VUL-0: CVE-2020-25599: xen: races with evtchn_reset() (XSA-343) 5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch 5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch 5f6a06f2-evtchn-address-races-with-evtchn_reset.patch - bsc#1176350 - VUL-0: CVE-2020-25601: xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344) 5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch 5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch - Upstream bug fix (bsc#1027519) 5f5b6951-x86-PV-64bit-segbase-consistency.patch- Fix problems in xen.spec with building on aarch64- Make use of %service_del_postun_without_restart while preserving the old behavior for older distros. - In %post tools, remove unnecessary qemu symlinks.- Fix error in xen-tools %post when linking pvgrub64.bin - Make paths below libexec more explicit - Create symlink also for pvgrub32.bin- Revert previous libexec change for qemu compat wrapper The path is used in existing domU.xml files in the emulator field - Escape some % chars in xen.spec, they have to appear verbatim- Enhance libxc.migrate_tracking.patch Print number of allocated pages on sending side, this is more accurate than p2m_size.- jsc#SLE-15926 - Dev: XEN: drop netware support Dropped the following patches pygrub-netware-xnloader.patch xnloader.py Refreshed pygrub-boot-legacy-sles.patch- Fix build on aarch64 with gcc10 - Package xenhypfs for aarch64- Correct license name * GPL-3.0+ is now GPL-3.0-or-later- Upstream bug fixes (bsc#1027519) 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch- Update to Xen 4.14.0 FCS release xen-4.14.0-testing-src.tar.bz2 * Linux stubdomains (contributed by QUBES OS) * Control-flow Enforcement Technology (CET) Shadow Stack support (contributed by Citrix) * Lightweight VM fork for fuzzing / introspection. (contributed by Intel) * Livepatch: buildid and hotpatch stack requirements * CONFIG_PV32 * Hypervisor FS support * Running Xen as a Hyper-V Guest * Domain ID randomization, persistence across save / restore * Golang binding autogeneration * KDD support for Windows 7, 8.x and 10 - Dropped patches contained in new tarball 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch xsa317.patch xsa319.patch xsa321-1.patch xsa321-2.patch xsa321-3.patch xsa321-4.patch xsa321-5.patch xsa321-6.patch xsa321-7.patch xsa328-1.patch xsa328-2.patch- bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached ignore-ip-command-script-errors.patch- Enhance libxc.migrate_tracking.patch After transfer of domU memory, the target host has to assemble the backend devices. Track the time prior xc_domain_unpause.- Add libxc.migrate_tracking.patch to track live migrations unconditionally in logfiles, especially in libvirt. This will track how long a domU was suspended during transit.- bsc#1173376 - VUL-0: CVE-2020-15566: xen: XSA-317 - Incorrect error handling in event channel port allocation xsa317.patch - bsc#1173377 - VUL-0: CVE-2020-15563: xen: XSA-319 - inverted code paths in x86 dirty VRAM tracking xsa319.patch - bsc#1173378 - VUL-0: CVE-2020-15565: xen: XSA-321 - insufficient cache write- back under VT-d xsa321-1.patch xsa321-2.patch xsa321-3.patch xsa321-4.patch xsa321-5.patch xsa321-6.patch xsa321-7.patch - bsc#1173380 - VUL-0: CVE-2020-15567: xen: XSA-328 - non-atomic modification of live EPT PTE xsa328-1.patch xsa328-2.patch- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch (Replaces xsa320-1.patch) 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch (Replaces xsa320-2.patch) - Upstream bug fixes (bsc#1027519) 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch- Fixes for %_libexecdir changing to /usr/libexec- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) xsa320-1.patch xsa320-2.patch- Update to Xen 4.13.1 bug fix release (bsc#1027519) xen-4.13.1-testing-src.tar.bz2 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch - Drop patches contained in new tarball 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch- spec: Remove invocation of autogen.sh - spec: Recommend qemu-ovmf-x86_64 to provide UEFI firmwares- bsc#1170968 - GCC 10: xen build fails on i586 gcc10-fixes.patch- bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation handling in GNTTABOP_copy (XSA-318) 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch- bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch - bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing memory barriers in read-write unlock paths 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch - bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error path in GNTTABOP_map_grant 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch - bsc#1167152 - L3: Xenstored Crashed during VM install Need Core analyzed 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch - bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch - Drop for upstream solution (bsc#1165206) 01-xen-credit2-avoid-vcpus-to.patch default-to-credit1-scheduler.patch - Upstream bug fixes (bsc#1027519) 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch- bsc#1167608 - unbound limit for max_event_channels domUs with many vcpus and/or resources fail to start libxl.max_event_channels.patch- bsc#1161480 - Fix xl shutdown for HVM without PV drivers add libxl.libxl__domain_pvcontrol.patch- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 01-xen-credit2-avoid-vcpus-to.patch- bsc#1158414 - GCC 10: xen build fails gcc10-fixes.patch- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 default-to-credit1-scheduler.patch- bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate past the ERET instruction 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch - bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch hardening 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch - Upstream bug fixes (bsc#1027519) 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch- bsc#1159755 - use fixed qemu-3.1 machine type for HVM This must be done in qemu to preserve PCI layout remove libxl.lock-qemu-machine-for-hvm.patch- jsc#SLE-10183 - script to calculate cpuid= mask add helper script from https://github.com/twizted/xen_maskcalc domUs may be migrated between different cpus from the same vendor if their visible cpuid value has incompatible feature bits masked.- jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains add helper script and systemd service from https://github.com/luizluca/xen-tools-xendomains-wait-disk in new sub package xen-tools-xendomains-wait-disk See included README for usage instructions xendomains-wait-disks.LICENSE xendomains-wait-disks.README.md xendomains-wait-disks.sh- bsc#1159755 - use fixed qemu-3.1 machine type for HVM qemu4 introduced incompatible changes in pc-i440fx, which revealed a design bug in 'xenfv'. Live migration from domUs started with qemu versions prior qemu4 can not be received with qemu4+. libxl.lock-qemu-machine-for-hvm.patch- Upstream bug fixes (bsc#1027519) 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: Allow OBS to shortcut through the -mini flavors.- bsc#1159320 - Xen logrotate file needs updated logrotate.conf- Update to Xen 4.13.0 FCS release xen-4.13.0-testing-src.tar.bz2 * Core Scheduling (contributed by SUSE) * Branch hardening to mitigate against Spectre v1 (contributed by Citrix) * Late uCode loading (contributed by Intel) * Improved live-patching build tools (contributed by AWS) * OP-TEE support (contributed by EPAM) * Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM) * Dom0-less passthrough and ImageBuilder (contributed by XILINX) * Support for new Hardware- Update to Xen 4.13.0 RC4 release xen-4.13.0-testing-src.tar.bz2 - Rebase libxl.pvscsi.patch- Update to Xen 4.13.0 RC3 release xen-4.13.0-testing-src.tar.bz2 - Drop python38-build.patch- Update to Xen 4.13.0 RC2 release xen-4.13.0-testing-src.tar.bz2- Add python38-build.patch fixing build with Python 3.8 (add - -embed to python-config call)- Update to Xen 4.13.0 RC1 release xen-4.13.0-testing-src.tar.bz2 - Drop patches contained in new tarball or invalid 5ca7660f-x86-entry-drop-unused-includes.patch 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch 5cab2ab7-x86-IOMMU-introduce-init-ops.patch 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch 5d358508-x86-IRQ-desc-affinity-represents-request.patch 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch 5d417813-AMD-IOMMU-bitfield-extended-features.patch 5d417838-AMD-IOMMU-bitfield-control-reg.patch 5d41785b-AMD-IOMMU-bitfield-IRTE.patch 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch 5d419d49-x86-spec-ctrl-report-proper-status.patch 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch 5d4afa7a-credit2-fix-memory-leak.patch 5d4d850a-introduce-bss-percpu-page-aligned.patch 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch 5d6524ca-x86-mm-correctly-init-M2P-entries.patch 5d67ceaf-x86-properly-gate-PKU-clearing.patch 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch 5d80ea13-vpci-honor-read-only-devices.patch 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch blktap2-no-uninit.patch libxl.prepare-environment-for-domcreate_stream_done.patch pygrub-python3-conversion.patch fix-xenpvnetboot.patch- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch- bsc#1120095 - add code to change LIBXL_HOTPLUG_TIMEOUT at runtime The included README has details about the impact of this change libxl.LIBXL_HOTPLUG_TIMEOUT.patch- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines 5ca7660f-x86-entry-drop-unused-includes.patch 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch 5cab2ab7-x86-IOMMU-introduce-init-ops.patch 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch 5d358508-x86-IRQ-desc-affinity-represents-request.patch 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch 5d417813-AMD-IOMMU-bitfield-extended-features.patch 5d417838-AMD-IOMMU-bitfield-control-reg.patch 5d41785b-AMD-IOMMU-bitfield-IRTE.patch 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch - bsc#1145240 - [Migration]Can't pre-allocate 1 shadow pages 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch - bsc#1137717 - [HPS Bug] Unable to install Windows Server 2016 with 2 CPUs setting (or above) under SLES12 SP4 Xen Server on AMD ROME platform 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch - Upstream bug fixes (bsc#1027519) 5d67ceaf-x86-properly-gate-PKU-clearing.patch 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch 5d80ea13-vpci-honor-read-only-devices.patch 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch- bsc#1145774 - Libivrtd segfaults when trying to live migrate a VM Fix crash in an error path of libxl_domain_suspend with libxl.helper_done-crash.patch- Upstream bug fixes (bsc#1027519) 5d419d49-x86-spec-ctrl-report-proper-status.patch 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch 5d4afa7a-credit2-fix-memory-leak.patch 5d4d850a-introduce-bss-percpu-page-aligned.patch 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch 5d6524ca-x86-mm-correctly-init-M2P-entries.patch - Drop 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch- Preserve modified files which used to be marked as %config, rename file.rpmsave to file- Update to Xen 4.12.1 bug fix release (bsc#1027519) xen-4.12.1-testing-src.tar.bz2 - Drop patches contained in new tarball 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch 5c87b6c8-drop-arch_evtchn_inject.patch 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch 5c8f752c-x86-e820-build-with-gcc9.patch 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch 5c9e63c5-credit2-SMT-idle-handling.patch 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch 5cd921fb-trace-fix-build-with-gcc9.patch 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch 5cd926d0-bitmap_fill-zero-sized.patch 5cd92724-drivers-video-drop-constraints.patch 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch 5d03a0c4-6-Arm64-cmpxchg-simplify.patch 5d03a0c4-7-Arm32-cmpxchg-simplify.patch 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch 5d03a0c4-B-bitops-guest-helpers.patch 5d03a0c4-C-cmpxchg-guest-helpers.patch 5d03a0c4-D-use-guest-atomics-helpers.patch 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch - Refreshed patches libxl.pvscsi.patch- bsc#1143563 - Speculative mitigation facilities report wrong status 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch- Update xen-dom0-modules.service (bsc#1137251) Map backend module names from pvops and xenlinux kernels to a module alias. This avoids errors from modprobe about unknown modules. Ignore a few xenlinux modules that lack aliases.- Gcc9 warnings seem to be cleared up with upstream fixes. Drop gcc9-ignore-warnings.patch- bsc#1138563 - L3: xenpvnetboot improperly ported to Python 3 fix-xenpvnetboot.patch- Move /etc/modprobe.d/xen_loop.conf to /lib/modprobe.d/xen_loop.conf- Remove /etc/xen/xenapiusers and /etc/pam.d/xen-api- Remove all upstream provided files in /etc/xen They are not required at runtime. The host admin is now responsible if he really needs anything in this subdirectory.- In our effort to make /etc fully admin controlled, move /etc/xen/scripts to libexec/xen/scripts with xen-tools.etc_pollution.patch- Move /etc/bash_completion.d/xl.sh to %{_datadir}/bash-completion/completions- bsc#1138294 - VUL-0: CVE-2019-17349: XSA-295: Unlimited Arm Atomics Operations 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch 5d03a0c4-6-Arm64-cmpxchg-simplify.patch 5d03a0c4-7-Arm32-cmpxchg-simplify.patch 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch 5d03a0c4-B-bitops-guest-helpers.patch 5d03a0c4-C-cmpxchg-guest-helpers.patch 5d03a0c4-D-use-guest-atomics-helpers.patch 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch - Upstream bug fixes (bsc#1027519) 5c87b6c8-drop-arch_evtchn_inject.patch 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch 5cd921fb-trace-fix-build-with-gcc9.patch 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch 5cd926d0-bitmap_fill-zero-sized.patch 5cd92724-drivers-video-drop-constraints.patch 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch (Replaces xsa297-0a.patch) 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch (Replaces xsa297-0b.patch) 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch (Replaces xsa297-0c.patch) 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch (Replaces xsa297-0d.patch) 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch (Replaces xsa297-1.patch) 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch (Replaces xsa297-2.patch) 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch (Replaces xsa297-3.patch) 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch- Fix some outdated information in the readme README.SUSE- spec: xen-tools: require matching version of xen package bsc#1137471- Remove two stale patches xen.build-compare.man.patch xenpaging.doc.patch- Disable LTO (boo#1133296).- Remove arm32 from ExclusiveArch to fix build- bsc#1111331 - VUL-0: CPU issues Q2 2019 aka "Group 4". CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 xsa297-0a.patch xsa297-0b.patch xsa297-0c.patch xsa297-0d.patch xsa297-1.patch xsa297-2.patch xsa297-3.patch - Update 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch and drop 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch Refresh 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch- bsc#1131811 - [XEN] internal error: libxenlight failed to create new domain. This patch is a workaround for a systemd issue. See patch header for additional comments. xenstore-launch.patch- bsc#1125378 - [xen][pygrub] Can not restore sle11sp4 pv guest after upgrading host from sle11sp4 to sle15sp1 pygrub-python3-conversion.patch - Fix "TypeError: virDomainDefineXML() argument 2 must be str or None, not bytes" when converting VMs from using the xm/xend toolstack to the libxl/libvirt toolstack. (bsc#1123378) xen2libvirt.py- bsc#1124560 - Fully virtualized guests crash on boot 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch - bsc#1121391 - GCC 9: xen build fails 5c8f752c-x86-e820-build-with-gcc9.patch - Upstream bug fixes (bsc#1027519) 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch 5c9e63c5-credit2-SMT-idle-handling.patch 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch- Install pkgconfig files into libdir instead of datadir- Update to Xen 4.12.0 FCS release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 * HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates the HVM/PVH and PV code paths in Xen and provides KCONFIG options to build a PV only or HVM/PVH only hypervisor. * QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has been vastly improved. * Argo - Hypervisor-Mediated data eXchange: Argo is a new inter- domain communication mechanism. * Improvements to Virtual Machine Introspection: The VMI subsystem which allows detection of 0-day vulnerabilities has seen many functional and performance improvements. * Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project default scheduler. * PVH Support: Grub2 boot support has been added to Xen and Grub2. * PVH Dom0: PVH Dom0 support has now been upgraded from experimental to tech preview. * The Xen 4.12 upgrade also includes improved IOMMU mapping code, which is designed to significantly improve the startup times of AMD EPYC based systems. * The upgrade also features Automatic Dom0 Sizing which allows the setting of Dom0 memory size as a percentage of host memory (e.g. 10%) or with an offset (e.g. 1G+10%).- bsc#1130485 - Please drop Requires on multipath-tools in xen-tools. Now using Recommends multipath-tools. xen.spec- Update to Xen 4.12.0 RC7 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- Update to Xen 4.12.0 RC6 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- bsc#1026236 - add Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation for HVM domUs if their expected frequency does not match exactly the frequency of the receiving host xen.bug1026236.suse_vtsc_tolerance.patch- Update to Xen 4.12.0 RC5 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- jsc#SLE-3059 - Disable Xen auto-ballooning - Add CONFIG_DOM0_MEM to the spec file for managing dom0 memory. xen.spec - Disable autoballooning in xl.con xl-conf-disable-autoballoon.patch- Update gcc9-ignore-warnings.patch to fix build in SLE12- bsc#1126325 - fix crash in libxl in error path Setup of grant_tables and other variables may fail libxl.prepare-environment-for-domcreate_stream_done.patch- bsc#1127620 - Documentation for the xl configuration file allows for firmware=pvgrub64 but we don't ship pvgrub64. Create a link from grub.xen to pvgrub64 xen.spec- Update to Xen 4.12.0 RC4 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 - Tarball also contains additional post RC4 security fixes for Xen Security Advisories 287, 288, and 290 through 294.- Update to Xen 4.12.0 RC3 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- Update to Xen 4.12.0 RC2 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- bsc#1121391 - GCC 9: xen build fails gcc9-ignore-warnings.patch- bsc#1122563 - Virtualization/xen: Bug no Xen on boot, missing /proc/xen, after 4.11 -> 4.12 upgrade on X86_64/efi. Keep xen.efi in /usr/lib64/efi for booting older distros. xen.spec- fate#326960: Package grub2 as noarch. As part of the effort to have a unified bootloader across architectures, modify the xen.spec file to move the Xen efi files to /usr/share/efi/$(uname -m) from /usr/lib64/efi.- Update to Xen 4.12.0 RC1 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 - Drop 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch 5b9784d2-x86-HVM-add-known_gla-helper.patch 5b9784f2-x86-HVM-split-page-straddling-accesses.patch 5bdc31d5-VMX-fix-vmx_handle_eoi.patch gcc8-fix-array-warning-on-i586.patch gcc8-fix-format-warning-on-i586.patch gcc8-inlining-failed.patch xen.bug1079730.patch- bsc#1121960 - xen: sync with Factory xen.spec xen.changes- Replace old $RPM_* shell vars. - Run fdupes for all architectures, and not crossing subvolume boundaries.- Do not run %fdupes on aarch64 to avoid the hardlink-across-partition rpmlint error- Require qemu-seabios only on x86* as it is not available on non-x86 systems- Avoid creating dangling symlinks (bsc#1116524) This reverts the revert of tmp_build.patch- Update to Xen 4.11.1 bug fix release (bsc#1027519) xen-4.11.1-testing-src.tar.bz2 - 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch replaces xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch - 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch replaces xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch - Drop the following patches contained in the new tarball 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch 5b3f8fa5-port-array_index_nospec-from-Linux.patch 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch 5b4488e7-x86-spec-ctrl-cmdline-handling.patch 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch 5b4db308-SVM-fix-cleanup-svm_inject_event.patch 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch 5b505fe5-VMX-fix-find-msr-build.patch 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch 5b508775-2-x86-possibly-bring-up-all-CPUs.patch 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch 5b62ca93-VMX-avoid-hitting-BUG_ON.patch 5b6d84ac-x86-fix-improve-vlapic-read-write.patch 5b6d8ce2-x86-XPTI-parsing.patch 5b72fbbe-ARM-disable-grant-table-v2.patch 5b72fbbe-oxenstored-eval-order.patch 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch 5b72fbbf-xl.conf-Add-global-affinity-masks.patch 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch 5b8d5832-x86-assorted-array_index_nospec-insertions.patch 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch 5bacae4b-x86-boot-allocate-extra-module-slot.patch 5bae44ce-x86-silence-false-log-messages.patch 5bb60c12-x86-split-opt_xpti.patch 5bb60c4f-x86-split-opt_pv_l1tf.patch 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch 5bcf0722-x86-boot-enable-NMIs.patch 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch 5bd076e9-x86-boot-init-debug-regs-correctly.patch 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch 5be2a308-x86-extend-get_platform_badpages.patch 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch xsa275-1.patch xsa275-2.patch xsa276-1.patch xsa276-2.patch xsa277.patch xsa279.patch xsa280-1.patch xsa280-2.patch- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken: Missing /bin/domu-xenstore. This was broken because "make package build reproducible" change. (boo#1047218, boo#1062303) This fix reverses the change to this patch. tmp_build.patch- bsc#1115040 - VUL-0: CVE-2018-19961 CVE-2018-19962: xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275) xsa275-1.patch xsa275-2.patch - bsc#1115043 - VUL-0: CVE-2018-19963: xen: resource accounting issues in x86 IOREQ server handling (XSA-276) xsa276-1.patch xsa276-2.patch - bsc#1115044 - VUL-0: CVE-2018-19964: xen: x86: incorrect error handling for guest p2m page removals (XSA-277) xsa277.patch - bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even when disabled (XSA-278) 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch - bsc#1115045 - VUL-0: xen: CVE-2018-19965: x86: DoS from attempting to use INVPCID with a non-canonical addresses (XSA-279) xsa279.patch - bsc#1115047 - VUL-0: CVE-2018-19966: xen: Fix for XSA-240 conflicts with shadow paging (XSA-280) xsa280-1.patch xsa280-2.patch - bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE constructs may lock up host (XSA-282) 5be2a308-x86-extend-get_platform_badpages.patch 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch - bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV 5bdc31d5-VMX-fix-vmx_handle_eoi.patch - Upstream bug fixes (bsc#1027519) 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch 5bacae4b-x86-boot-allocate-extra-module-slot.patch 5bae44ce-x86-silence-false-log-messages.patch 5bb60c12-x86-split-opt_xpti.patch 5bb60c4f-x86-split-opt_pv_l1tf.patch 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch 5bcf0722-x86-boot-enable-NMIs.patch 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch 5bd076e9-x86-boot-init-debug-regs-correctly.patch 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even when disabled (XSA-278) 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch- Use SMBIOS_REL_DATE instead of SMBIOS_DATE for reproducible binaries- make package build reproducible (boo#1047218, boo#1062303) * Set SMBIOS_REL_DATE * Update tmp_build.patch to use SHA instead of random build-id * Add reproducible.patch to use --no-insert-timestamp- Building with ncurses 6.1 will fail without xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch - Building libxl acpi support on aarch64 with gcc 8.2 will fail without xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch- bsc#1106263 - L3: The affinity reporting via 'xl vcpu-list' is apparently broken 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch- bsc#1094508 - L3: Kernel oops in fs/dcache.c called by d_materialise_unique() 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch 5b9784d2-x86-HVM-add-known_gla-helper.patch 5b9784f2-x86-HVM-split-page-straddling-accesses.patch - bsc#1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen: oxenstored does not apply quota-maxentity (XSA-272) 5b72fbbe-oxenstored-eval-order.patch - bsc#1103275 - (CVE-2018-15469) VUL-0: CVE-2018-15469: xen: Use of v2 grant tables may cause crash on ARM (XSA-268) 5b72fbbe-ARM-disable-grant-table-v2.patch - Upstream patches from Jan (bsc#1027519) 5b6d84ac-x86-fix-improve-vlapic-read-write.patch 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch 5b8d5832-x86-assorted-array_index_nospec-insertions.patch - Drop 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch- bsc#1078292 - rpmbuild -ba SPECS/xen.spec with xen-4.9.1 failed xen.spec- bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM (XSA-273) 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch - bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS (XSA-269) 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch - Upstream prereq patches for XSA-273 and other upstream fixes (bsc#1027519) 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch 5b505fe5-VMX-fix-find-msr-build.patch 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch 5b62ca93-VMX-avoid-hitting-BUG_ON.patch 5b6d8ce2-x86-XPTI-parsing.patch 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch 5b72fbbf-xl.conf-Add-global-affinity-masks.patch 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch- Upstream patches from Jan (bsc#1027519) 5b3f8fa5-port-array_index_nospec-from-Linux.patch 5b4488e7-x86-spec-ctrl-cmdline-handling.patch 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch 5b4db308-SVM-fix-cleanup-svm_inject_event.patch 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch 5b508775-2-x86-possibly-bring-up-all-CPUs.patch 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch gcc8-fix-format-warning-on-i586.patch gcc8-fix-array-warning-on-i586.patch - Drop xen.fuzz-_FORTIFY_SOURCE.patch gcc8-fix-warning-on-i586.patch- Update to Xen 4.11.0 FCS (fate#325202, fate#325123) xen-4.11.0-testing-src.tar.bz2 disable-building-pv-shim.patch - Dropped patches 5a33a12f-domctl-improve-locking-during-domain-destruction.patch 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch 5a9985bd-x86-invpcid-support.patch 5ac72a48-gcc8.patch 5ac72a5f-gcc8.patch 5ac72a64-gcc8.patch 5ac72a69-gcc8.patch 5ac72a6e-gcc8.patch 5ac72a74-gcc8.patch 5ac72a7b-gcc8.patch 5ad4923e-x86-correct-S3-resume-ordering.patch 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch 5adde9ed-xpti-fix-double-fault-handling.patch 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch 5ae31917-x86-cpuidle-init-stats-lock-once.patch 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch 5aec7393-1-x86-xpti-avoid-copy.patch 5aec7393-2-x86-xpti-write-cr3.patch 5aec744a-3-x86-xpti-per-domain-flag.patch 5aec744a-4-x86-xpti-use-invpcid.patch 5aec744a-5-x86-xpti-no-global-pages.patch 5aec744a-6-x86-xpti-cr3-valid-flag.patch 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch 5aec744b-8-x86-xpti-cr3-helpers.patch 5aec74a8-9-x86-xpti-use-pcid.patch 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch 5af1daa9-3-x86-traps-use-IST-for-DB.patch 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch 5af97999-viridian-cpuid-leaf-40000003.patch 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch 5b0bc9da-x86-XPTI-fix-S3-resume.patch 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b34882d-x86-mm-dont-bypass-preemption-checks.patch 5b348874-x86-refine-checks-in-DB-handler.patch 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch 5b348954-x86-guard-against-NM.patch libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch libxl.LIBXL_DESTROY_TIMEOUT.patch libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch xen_fix_build_with_acpica_20180427_and_new_packages.patch- Submit upstream patch libacpi: fixes for iasl >= 20180427 git commit 858dbaaeda33b05c1ac80aea0ba9a03924e09005 xen_fix_build_with_acpica_20180427_and_new_packages.patch This is needed for acpica package to get updated in our build service- Upstream patches from Jan (bsc#1027519) 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch) 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch) 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch) 5b0bc9da-x86-XPTI-fix-S3-resume.patch 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces xsa267-1.patch) 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces xsa267-2.patch) 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch) 5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch) 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces xsa266-1-<>.patch) 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces xsa266-2-<>.patch) 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch 5b348954-x86-guard-against-NM.patch- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch- bsc#1098403 - fix regression introduced by changes for bsc#1079730 a PV domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen. xen.bug1079730.patch- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks bypassed in x86 PV MM handling (XSA-264) xsa264.patch - bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception safety check can be triggered by a guest (XSA-265) xsa265.patch - bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour readonly flag on HVM emulated SCSI disks (XSA-266) xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore (XSA-267) xsa267-1.patch xsa267-2.patch- bsc#1092543 - GCC 8: xen build fails gcc8-fix-warning-on-i586.patch- bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 – Speculative Store Bypass aka "Memory Disambiguation" (XSA-263) 5ad4923e-x86-correct-S3-resume-ordering.patch 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch Spectre-v4-1.patch Spectre-v4-2.patch Spectre-v4-3.patch- Always call qemus xen-save-devices-state in suspend/resume to fix migration with qcow2 images (bsc#1079730) libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch xen.bug1079730.patch- bsc#1087289 - L3: Xen BUG at sched_credit.c:1663 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch - Upstream patches from Jan (bsc#1027519) 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch 5ae31917-x86-cpuidle-init-stats-lock-once.patch 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch) 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch) 5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch) 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch) 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch) 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch) 5af97999-viridian-cpuid-leaf-40000003.patch- Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch 5a9985bd-x86-invpcid-support.patch 5adde9ed-xpti-fix-double-fault-handling.patch 5aec7393-1-x86-xpti-avoid-copy.patch 5aec7393-2-x86-xpti-write-cr3.patch 5aec744a-3-x86-xpti-per-domain-flag.patch 5aec744a-4-x86-xpti-use-invpcid.patch 5aec744a-5-x86-xpti-no-global-pages.patch 5aec744a-6-x86-xpti-cr3-valid-flag.patch 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch 5aec744b-8-x86-xpti-cr3-helpers.patch 5aec74a8-9-x86-xpti-use-pcid.patch- bsc#1092543 - GCC 8: xen build fails 5ac72a48-gcc8.patch 5ac72a5f-gcc8.patch 5ac72a64-gcc8.patch 5ac72a69-gcc8.patch 5ac72a6e-gcc8.patch 5ac72a74-gcc8.patch 5ac72a7b-gcc8.patch gcc8-inlining-failed.patch- Update to Xen 4.10.1 bug fix release (bsc#1027519) xen-4.10.1-testing-src.tar.bz2 disable-building-pv-shim.patch - Drop the following patches contained in the new tarball 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch 5a4caa8c-x86-E820-don-t-overrun-array.patch 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch 5a4fd894-4-clarifications-to-wait-infrastructure.patch 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch 5a5e2cff-x86-Meltdown-band-aid.patch 5a5e2d73-x86-Meltdown-band-aid-conditional.patch 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch 5a5e459c-2-x86-report-domain-id-on-CPUID.patch 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch 5a69c0b9-x86-fix-GET_STACK_END.patch 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch 5a6b36cd-9-x86-issue-speculation-barrier.patch 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch xsa258.patch xsa259.patch- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of debug exceptions (XSA-260) xsa260-1.patch xsa260-2.patch xsa260-3.patch xsa260-4.patch - bsc#1090822 - VUL-0: CVE-2018-10982: xen: x86 vHPET interrupt injection errors (XSA-261) xsa261.patch - bsc#1090823 - VUL-0: CVE-2018-10981: xen: qemu may drive Xen into unbounded loop (XSA-262) xsa262.patch- bsc#1089152 - VUL-0: CVE-2018-10472: xen: Information leak via crafted user-supplied CDROM (XSA-258) xsa258.patch - bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash Xen with XPTI (XSA-259) xsa259.patch- Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) (bsc#1087251)- Upstream patches from Jan (bsc#1027519) and fixes related to Page Table Isolation (XPTI). See also bsc#1074562 XSA-254 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch- bsc#1072834 - Xen HVM: unchecked MSR access error: RDMSR from 0xc90 at rIP: 0xffffffff93061456 (native_read_msr+0x6/0x30) 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch - Upstream patches from Jan (bsc#1027519) 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch (Replaces xsa252.patch) 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch (Replaces xsa255-1.patch) 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch (Replaces xsa255-2.patch) 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch (Replaces xsa256.patch) - Drop xsa252.patch xsa255-1.patch xsa255-2.patch xsa256.patch- bsc#1080635 - VUL-0: CVE-2018-7540: xen: DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) xsa252.patch - bsc#1080662 - VUL-0: CVE-2018-7541: xen: grant table v2 -> v1 transition may crash Xen (XSA-255) xsa255-1.patch xsa255-2.patch - bsc#1080634 - VUL-0: CVE-2018-7542: xen: x86 PVH guest without LAPIC may DoS the host (XSA-256) xsa256.patch- Remove stale systemd presets code for 13.2 and older- fate#324965 - add script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU They are triggered via xl vcpu-set domU N- Replace hardcoded xen with Name tag when refering to subpkgs- Make sure tools and tools-domU require libs from the very same build- tools-domU: Add support for qemu guest agent. New files 80-xen-channel-setup.rules and xen-channel-setup.sh configure a xen-pv-channel for use by the guest agent FATE#324963- Remove outdated /etc/xen/README*- bsc#1073961 - VUL-0: CVE-2018-5244: xen: x86: memory leak with MSR emulation (XSA-253) 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch - bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 xen: Information leak via side effects of speculative execution (XSA-254). Includes Spectre v2 mitigation. 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch 5a4caa8c-x86-E820-don-t-overrun-array.patch 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch 5a4fd894-4-clarifications-to-wait-infrastructure.patch 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch 5a5e2cff-x86-Meltdown-band-aid.patch 5a5e2d73-x86-Meltdown-band-aid-conditional.patch 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch 5a5e459c-2-x86-report-domain-id-on-CPUID.patch 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch 5a69c0b9-x86-fix-GET_STACK_END.patch 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch 5a6b36cd-9-x86-issue-speculation-barrier.patch 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch- Fix python3 deprecated atoi call (bsc#1067224) pygrub-python3-conversion.patch - Drop xenmon-python3-conversion.patch- bsc#1067317 - pass cache=writeback|unsafe|directsync to qemu, depending on the libxl disk settings libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch- Remove libxl.LIBXL_DESTROY_TIMEOUT.debug.patch- bsc#1067224 - xen-tools have hard dependency on Python 2 build-python3-conversion.patch bin-python3-conversion.patch- bsc#1070165 - xen crashes after aborted localhost migration 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch - bsc#1035442 - L3: libxl: error: libxl.c:1676:devices_destroy_cb: libxl__devices_destroy failed 5a33a12f-domctl-improve-locking-during-domain-destruction.patch - Upstream patches from Jan (bsc#1027519) 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch- Update to Xen 4.10.0 FCS (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Rebuild initrd if xen-tools-domU is updated- Update to Xen 4.10.0-rc8 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds If many domUs shutdown in parallel the backends can not keep up Add some debug output to track how long backend shutdown takes (bsc#1035442) libxl.LIBXL_DESTROY_TIMEOUT.patch libxl.LIBXL_DESTROY_TIMEOUT.debug.patch- Adjust xenstore-run-in-studomain.patch to change the defaults in the code instead of changing the sysconfig template, to also cover the upgrade case- Update to Xen 4.10.0-rc6 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Since xen switched to Kconfig, building a debug hypervisor was done by default. Adjust make logic to build a non-debug hypervisor by default, and continue to provide one as xen-dbg.gz- fate#316614: set migration constraints from cmdline fix libxl.set-migration-constraints-from-cmdline.patch for xen-4.10- Document the suse-diskcache-disable-flush option in xl-disk-configuration(5) (bsc#879425,bsc#1067317)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Update to Xen 4.10.0-rc5 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - fate#323663 - Run Xenstore in stubdomain xenstore-run-in-studomain.patch- bsc#1067224 - xen-tools have hard dependency on Python 2 pygrub-python3-conversion.patch xenmon-python3-conversion.patch migration-python3-conversion.patch xnloader.py xen2libvirt.py- Remove xendriverdomain.service (bsc#1065185) Driver domains must be configured manually with custom .service file- Update to Xen 4.10.0-rc3 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - Drop 59f31268-libxc-remove-stale-error-check-for-domain-size.patch- Adjust xen-dom0-modules.service to ignore errors (bsc#1065187)- fate#324052 Support migration of Xen HVM domains larger than 1TB 59f31268-libxc-remove-stale-error-check-for-domain-size.patch- Update to Xen 4.10.0-rc2 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Update to Xen 4.10.0-rc1 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - Drop patches included in new tarball 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch 596f257e-x86-fix-hvmemul_insn_fetch.patch 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch 59958ebf-gnttab-fix-transitive-grant-handling.patch 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch gcc7-arm.patch gcc7-mini-os.patch- bsc#1061084 - VUL-0: xen: page type reference leak on x86 (XSA-242) xsa242.patch - bsc#1061086 - VUL-0: xen: x86: Incorrect handling of self-linear shadow mappings with translated guests (XSA-243) xsa243.patch - bsc#1061087 - VUL-0: xen: x86: Incorrect handling of IST settings during CPU hotplug (XSA-244) xsa244.patch- bsc#1061077 - VUL-0: xen: DMOP map/unmap missing argument checks (XSA-238) xsa238.patch - bsc#1061080 - VUL-0: xen: hypervisor stack leak in x86 I/O intercept code (XSA-239) xsa239.patch - bsc#1061081 - VUL-0: xen: Unlimited recursion in linear pagetable de-typing (XSA-240) xsa240-1.patch xsa240-2.patch - bsc#1061082 - VUL-0: xen: Stale TLB entry due to page type release race (XSA-241) xsa241.patch- bsc#1061075 - VUL-0: xen: pin count / page reference race in grant table code (XSA-236) xsa236.patch - bsc#1061076 - VUL-0: xen: multiple MSI mapping issues on x86 (XSA-237) xsa237-1.patch xsa237-2.patch xsa237-3.patch xsa237-4.patch xsa237-5.patch- bsc#1056278 - VUL-0: xen: Missing NUMA node parameter verification (XSA-231) 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch - bsc#1056280 - VUL-0: xen: Missing check for grant table (XSA-232) 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch - bsc#1056281 - VUL-0: xen: cxenstored: Race in domain cleanup (XSA-233) 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch - bsc#1056282 - VUL-0: xen: insufficient grant unmapping checks for x86 PV guests (XSA-234) 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch - bsc#1055321 - VUL-0: xen: add-to-physmap error paths fail to release lock on ARM (XSA-235) 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch - Upstream patches from Jan (bsc#1027519) 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch - Dropped gcc7-xen.patch- bsc#1057358 - Cannot Boot into SLES12.3 with Xen hypervisor when Secure Boot is Enabled xen.spec- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored update from v6 to v9 to cover more cases for ballooned domUs libxc.sr.superpage.patch- bsc#1026236 - remove suse_vtsc_tolerance= cmdline option for Xen drop the patch because it is not upstream acceptable remove xen.suse_vtsc_tolerance.patch- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored after the save using xl stack libxc.sr.superpage.patch- Unignore gcc-PIE the toolstack disables PIE for firmware builds as needed- Upstream patches from Jan (bsc#1027519) 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch 596f257e-x86-fix-hvmemul_insn_fetch.patch 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch (Replaces xsa227.patch) 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch (Replaces xsa228.patch) 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch (Replaces xsa230.patch) 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch (Replaces xsa226-1.patch) 59958ebf-gnttab-fix-transitive-grant-handling.patch (Replaces xsa226-2.patch) 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch- bsc#1044974 - xen-tools require python-pam xen.spec- Clean up spec file errors and a few warnings. (bsc#1027519) - Removed conditional 'with_systemd' and some old deprecated 'sles_version' checks. xen.spec- Remove use of brctl utiltiy from supportconfig plugin FATE#323639- Use upstream variant of mini-os __udivmoddi4 change gcc7-mini-os.patch- fate#323639 Move bridge-utils to legacy replace-obsolete-network-configuration-commands-in-s.patch- bsc#1052686 - VUL-0: xen: grant_table: possibly premature clearing of GTF_writing / GTF_reading (XSA-230) xsa230.patch- bsc#1035231 - migration of HVM domU does not use superpages on destination dom0 libxc.sr.superpage.patch- bsc#1051787 - VUL-0: CVE-2017-12135: xen: possibly unbounded recursion in grant table code (XSA-226) xsa226-1.patch xsa226-2.patch - bsc#1051788 - VUL-0: CVE-2017-12137: xen: x86: PV privilege escalation via map_grant_ref (XSA-227) xsa227.patch - bsc#1051789 - VUL-0: CVE-2017-12136: xen: grant_table: Race conditions with maptrack free list handling (XSA-228) xsa228.patch- Add a supportconfig plugin xen-supportconfig FATE#323661- bsc#1026236 - add suse_vtsc_tolerance= cmdline option for Xen To avoid emulation of TSC access from a domU after live migration add a global tolerance for the measured host kHz xen.suse_vtsc_tolerance.patch- fate#323662 Drop qemu-dm from xen-tools package The following tarball and patches have been removed qemu-xen-traditional-dir-remote.tar.bz2 VNC-Support-for-ExtendedKeyEvent-client-message.patch 0001-net-move-the-tap-buffer-into-TAPState.patch 0002-net-increase-tap-buffer-size.patch 0003-e1000-fix-access-4-bytes-beyond-buffer-end.patch 0004-e1000-secrc-support.patch 0005-e1000-multi-buffer-packet-support.patch 0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch 0007-e1000-verify-we-have-buffers-upfront.patch 0008-e1000-check-buffer-availability.patch CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch CVE-2015-4037-qemut-smb-config-dir-name.patch CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch blktap.patch cdrom-removable.patch xen-qemu-iscsi-fix.patch qemu-security-etch1.patch xen-disable-qemu-monitor.patch xen-hvm-default-bridge.patch qemu-ifup-set-mtu.patch ioemu-vnc-resize.patch capslock_enable.patch altgr_2.patch log-guest-console.patch bdrv_open2_fix_flags.patch bdrv_open2_flags_2.patch ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch qemu-dm-segfault.patch bdrv_default_rwflag.patch kernel-boot-hvm.patch ioemu-watchdog-support.patch ioemu-watchdog-linkage.patch ioemu-watchdog-ib700-timer.patch ioemu-hvm-pv-support.patch pvdrv_emulation_control.patch ioemu-disable-scsi.patch ioemu-disable-emulated-ide-if-pv.patch xenpaging.qemu.flush-cache.patch ioemu-devicemodel-include.patch - Cleanup spec file and remove unused KMP patches kmp_filelist supported_module.patch xen_pvonhvm.xen_emul_unplug.patch- bsc#1002573 - Optimize LVM functions in block-dmmd block-dmmd- Record initial Xen dmesg in /var/log/xen/xen-boot.log for supportconfig. Keep previous log in /var/log/xen/xen-boot.prev.log- Remove storytelling from description in xen.rpm- Update to Xen 4.9.0 FCS (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update block-dmmd script (bsc#1002573) block-dmmd- Update to Xen 4.9.0-rc8+ (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 gcc7-arm.patch - Drop gcc7-error-xenpmd.patch- Update to Xen 4.9.0-rc8 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop due to incorrect return value CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory leakage via capture buffer CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1031343 - xen fails to build with GCC 7 gcc7-mini-os.patch gcc7-xen.patch- bsc#1031343 - xen fails to build with GCC 7 gcc7-error-xenpmd.patch- Update to Xen 4.9.0-rc5 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 - Drop xen-tools-pkgconfig-xenlight.patch- bsc#1037779 - xen breaks kexec-tools build xen-tools-pkgconfig-xenlight.patch- Update to Xen 4.9.0-rc4 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1036146 - sles12sp2 xen VM dumps core to wrong path xen.spec- Update to Xen 4.9.0-rc3 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 aarch64-maybe-uninitialized.patch- Update to Xen 4.9.0-rc2 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update to Xen 4.9.0-rc1 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 ioemu-devicemodel-include.patch - Dropped patches contained in new tarball xen-4.8.0-testing-src.tar.bz2 0001-xenstore-let-write_node-and-some-callers-return-errn.patch 0002-xenstore-undo-function-rename.patch 0003-xenstore-rework-of-transaction-handling.patch 584806ce-x86emul-correct-PUSHF-POPF.patch 584fc649-fix-determining-when-domain-creation-is-complete.patch 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch 5853ed37-VT-d-correct-dma_msi_set_affinity.patch 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch 5882129d-x86emul-LOCK-check-adjustments.patch 58821300-x86-segment-attribute-handling.patch 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch 58a44771-IOMMU-always-call-teardown-callback.patch 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch glibc-2.25-compatibility-fix.patch xs-09-add_change_node-params.patch xs-10-call-add_change_node.patch xs-11-tdb-record-header.patch xs-12-node-gen-count.patch xs-13-read-directory-part-support.patch xs-14-command-array.patch xs-15-command-return-val.patch xs-16-function-static.patch xs-17-arg-parsing.patch xs-18-default-buffer.patch xs-19-handle-alloc-failures.patch xs-20-tdb-version.patch xs-21-empty-tdb-database.patch xs-22-reopen_log-fix.patch xs-23-XS_DEBUG-rename.patch xs-24-xenstored_control.patch xs-25-control-enhance.patch xs-26-log-control.patch xs-27-memory-report.patch xs-28-remove-talloc-report.patch xs-29-define-off_t.patch xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch- bsc#1022703 - Xen HVM guest with OVMF hangs with unattached CDRom 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch- bsc#1015348 - L3: libvirtd does not start during boot suse-xendomains-service.patch- bsc#1014136 - Partner-L3: kdump can't dump a kernel on SLES12-SP2 with Xen hypervisor. 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch - bsc#1026236 - L3: Paravirtualized vs. fully virtualized migration - latter one much faster 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch - Upstream patch from Jan 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch- bsc#1022555 - L3: Timeout in "execution of /etc/xen/scripts/block add" 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch 0001-xenstore-let-write_node-and-some-callers-return-errn.patch 0002-xenstore-undo-function-rename.patch 0003-xenstore-rework-of-transaction-handling.patch - bsc#1030144 - VUL-0: xen: xenstore denial of service via repeated update (XSA-206) xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch - bsc#1029827 - Forward port xenstored xs-09-add_change_node-params.patch xs-10-call-add_change_node.patch xs-11-tdb-record-header.patch xs-12-node-gen-count.patch xs-13-read-directory-part-support.patch xs-14-command-array.patch xs-15-command-return-val.patch xs-16-function-static.patch xs-17-arg-parsing.patch xs-18-default-buffer.patch xs-19-handle-alloc-failures.patch xs-20-tdb-version.patch xs-21-empty-tdb-database.patch xs-22-reopen_log-fix.patch xs-23-XS_DEBUG-rename.patch xs-24-xenstored_control.patch xs-25-control-enhance.patch xs-26-log-control.patch xs-27-memory-report.patch xs-28-remove-talloc-report.patch xs-29-define-off_t.patch- bsc#1029128 - fix make xen to really produce xen.efi with gcc48- bsc#1028235 - VUL-0: CVE-2017-6505: xen: qemu: usb: an infinite loop issue in ohci_service_ed_list CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch - Upstream patches from Jan (bsc#1027519) 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch 58a44771-IOMMU-always-call-teardown-callback.patch 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch- bsc#1027654 - XEN fails to build against glibc 2.25 glibc-2.25-compatibility-fix.patch libxl.pvscsi.patch- fate#316613: Refresh and enable libxl.pvscsi.patch- bsc#1024834 - VUL-0: CVE-2017-2620: xen: cirrus_bitblt_cputovideo does not check if memory region is safe (XSA-209) CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch- bsc#1023948 - [pvusb][sles12sp3][openqa] Segmentation fault happened when adding usbctrl devices via xl 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch- Upstream patches from Jan (bsc#1027519) 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch 5882129d-x86emul-LOCK-check-adjustments.patch 58821300-x86-segment-attribute-handling.patch 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch- bsc#1023004 - VUL-0: CVE-2017-2615: qemu: display: cirrus: oob access while doing bitblt copy backward mode CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch- fate#322313 and fate#322150 require the acpica package ported to aarch64 which Xen 4.8 needs to build. Temporarily disable aarch64 until these fates are complete. xen.spec- bsc#1021952 - Virutalization/xen: Bug xen-tools missing /usr/bin/domu-xenstore; guests fail to launch tmp_build.patch xen.spec- No systemd presets for 42.3+ and SLE12SP3+ (bsc#1012842)- bsc#1007224 - broken symlinks in /usr/share/doc/packages/xen/misc/ xen.spec- 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch Replaces xsa202.patch (bsc#1014298) - 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch Replaces xsa203.patch (bsc#1014300) - 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch Replaces xsa204.patch (bsc#1016340) - Upstream patches from Jan 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch 5853ed37-VT-d-correct-dma_msi_set_affinity.patch 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch- bsc#1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch- bsc#1016340 - VUL-0: CVE-2016-10013: xen: x86: Mishandling of SYSCALL singlestep during emulation (XSA-204) xsa204.patch- bsc#1012651 - VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation fails to ignore operand size override (XSA-200) 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch- bsc#1014298 - VUL-0: CVE-2016-10024: xen: x86 PV guests may be able to mask interrupts (XSA-202) xsa202.patch - bsc#1014300 - VUL-0: CVE-2016-10025: xen: x86: missing NULL pointer check in VMFUNC emulation (XSA-203) xsa203.patch - Upstream patches from Jan 584806ce-x86emul-correct-PUSHF-POPF.patch 584fc649-fix-determining-when-domain-creation-is-complete.patch 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch- Update to Xen 4.8 FCS xen-4.8.0-testing-src.tar.bz2 - Dropped xen-4.7.1-testing-src.tar.bz2 0001-libxc-Rework-extra-module-initialisation.patch 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch 0004-firmware-makefile-install-BIOS-blob.patch 0005-libxl-Load-guest-BIOS-from-file.patch 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch 0008-hvmloader-Locate-the-BIOS-blob.patch 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch 0011-hvmloader-Load-OVMF-from-modules.patch 0012-hvmloader-Specific-bios_load-function-required.patch 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch 5769106e-x86-generate-assembler-equates-for-synthesized.patch 57a1e603-x86-time-adjust-local-system-time-initialization.patch 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch 57a30261-x86-support-newer-Intel-CPU-models.patch 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch 58343ec2-x86emul-fix-huge-bit-offset-handling.patch 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch 58343f44-x86-svm-fix-injection-of-software-interrupts.patch 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch CVE-2016-9381-xsa197-qemut.patch CVE-2016-9637-xsa199-qemut.patch- bsc#1011652 - VUL-0: xen: qemu ioport array overflow CVE-2016-9637-xsa199-qemut.patch- bsc#1009100 - VUL-0: CVE-2016-9386: XSA-191: xen: x86 null segments not always treated as unusable 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch - bsc#1009103 - VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch to VM86 mode mis-handled 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch - bsc#1009104 - VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base write emulation lacking canonical address checks 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch - bsc#1009105 - VUL-0: CVE-2016-9384: XSA-194: xen: guest 32-bit ELF symbol table load leaking host data 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch - bsc#1009107 - VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit test instruction emulation broken 58343ec2-x86emul-fix-huge-bit-offset-handling.patch - bsc#1009108 - VUL-0: CVE-2016-9377,CVE-2016-9378: XSA-196: xen: x86 software interrupt injection mis-handled 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch 58343f44-x86-svm-fix-injection-of-software-interrupts.patch - bsc#1009109 - VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious about shared ring processing CVE-2016-9381-xsa197-qemut.patch - bsc#1009111 - VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen: delimiter injection vulnerabilities in pygrub 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch - Upstream patches from Jan 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch- Update to Xen Version 4.7.1 xen-4.7.1-testing-src.tar.bz2 - Dropped patches contained in new tarball xen-4.7.0-testing-src.tar.bz2 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch 57973099-have-schedulers-revise-initial-placement.patch 579730e6-remove-buggy-initial-placement-algorithm.patch 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch 57c82be2-x86-32on64-adjust-call-gate-emulation.patch 57c93e52-fix-error-in-libxl_device_usbdev_list.patch 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch 57c96e2c-x86-correct-PT_NOTE-file-position.patch 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch 57e93e1d-x86emul-correct-loading-of-ss.patch 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch 57e93e89-x86-AMD-apply-erratum-665-workaround.patch 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch 57fb6a91-x86-defer-not-present-segment-checks.patch 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch 5800caec-x86emul-fix-pushing-of-selector-registers.patch 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch- bsc#1004981 - Xen RPM doesn't contain debug hypervisor for EFI systems xen.spec- bsc#1000106 - VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190) 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch - bsc#996191 - [XEN][acpi]residency -n 88 -c will cause xen panic on broadwell-ep 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch - Upstream patches from Jan 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch 57e93e1d-x86emul-correct-loading-of-ss.patch 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch 57e93e89-x86-AMD-apply-erratum-665-workaround.patch 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch 57fb6a91-x86-defer-not-present-segment-checks.patch 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch 5800caec-x86emul-fix-pushing-of-selector-registers.patch 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch- bsc#1007941 - Xen tools limit the number of vcpus to 256 when the system has 384 xen-arch-kconfig-nr_cpus.patch- bsc#1007157 - VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite loop while transmit in C+ mode CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch- bsc#1005004 - CVE-2016-8667: xen: dma: rc4030 divide by zero error in set_next_tick CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch - bsc#1005005 - VUL-0: CVE-2016-8669: xen: char: divide by zero error in serial_update_parameters CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch- bsc#1003030 - VUL-0: CVE-2016-7908: xen: net: Infinite loop in mcf_fec_do_tx CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch - bsc#1003032 - VUL-0: CVE-2016-7909: xen: net: pcnet: infinite loop in pcnet_rdra_addr CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch- bsc#995785 - VUL-0: CVE-2016-7092: xen: x86: Disallow L3 recursive pagetable for 32-bit PV guests (XSA-185) 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch - bsc#995789 - VUL-0: CVE-2016-7093: xen: x86: Mishandling of instruction pointer truncation during emulation (XSA-186) 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch - bsc#995792 - VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of sh_ctxt->seg_reg[] (XSA-187) 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch - bsc#991934 - xen hypervisor crash in csched_acct 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch - Upstream patches from Jan 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch 57c82be2-x86-32on64-adjust-call-gate-emulation.patch 57c96e2c-x86-correct-PT_NOTE-file-position.patch 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch- bsc#979002 - add 60-persistent-xvd.rules and helper script also to initrd, add the relevant dracut helper- bnc#953518 - unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol- bsc#989679 - [pvusb feature] USB device not found when 'virsh detach-device guest usb.xml' 57c93e52-fix-error-in-libxl_device_usbdev_list.patch- bsc#992224 - [HPS Bug] During boot of Xen Hypervisor, Failed to get contiguous memory for DMA from Xen 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch - bsc#978755 - xen uefi systems fail to boot - bsc#983697 - SLES12 SP2 Xen UEFI mode cannot boot 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch - Upstream patch from Jan 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch- spec: to stay compatible with the in-tree qemu-xen binary, use /usr/bin/qemu-system-i386 instead of /usr/bin/qemu-system-x86_64 bsc#986164- bsc#970135 - new virtualization project clock test randomly fails on Xen 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch 5769106e-x86-generate-assembler-equates-for-synthesized.patch 57a1e603-x86-time-adjust-local-system-time-initialization.patch 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch - bsc#991934 - xen hypervisor crash in csched_acct 57973099-have-schedulers-revise-initial-placement.patch 579730e6-remove-buggy-initial-placement-algorithm.patch - bsc#988675 - VUL-0: CVE-2016-6258: xen: x86: Privilege escalation in PV guests (XSA-182) 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch - bsc#988676 - VUL-0: CVE-2016-6259: xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183) 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch - Upstream patches from Jan 57a30261-x86-support-newer-Intel-CPU-models.patch- bsc#985503 - vif-route broken vif-route.patch- bsc#978413 - PV guest upgrade from sles11sp4 to sles12sp2 alpha3 failed on sles11sp4 xen host. pygrub-handle-one-line-menu-entries.patch- bsc#990843 - VUL-1: CVE-2016-6351: xen: qemu: scsi: esp: OOB write access in esp_do_dma CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch- bsc#900418 - Dump cannot be performed on SLES12 XEN 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch - Upstream patches from Jan 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch- fate#319989 - Update to Xen 4.7 FCS xen-4.7.0-testing-src.tar.bz2 - Drop CVE-2014-3672-qemut-xsa180.patch- bsc#954872 - script block-dmmd not working as expected - libxl: error: libxl_dm.c (Additional fixes) block-dmmd- Convert with_stubdom into build_conditional to allow adjusting via prjconf - Convert with_debug into build_conditional to allow adjusting via prjconf- bsc#979002 - add 60-persistent-xvd.rules and helper script to xen-tools-domU to simplify transition to pvops based kernels- Convert with_oxenstored into build_conditional to allow adjusting via prjconf (fate#320836)- bsc#983984 - VUL-0: CVE-2016-5338: xen: qemu: scsi: esp: OOB r/w access while processing ESP_FIFO CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch - bsc#982960 - VUL-0: CVE-2016-5238: xen: qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch- fate#319989 - Update to Xen 4.7 RC5 xen-4.7.0-testing-src.tar.bz2- fate#319989 - Update to Xen 4.7 RC4 xen-4.7.0-testing-src.tar.bz2 - Dropped xen.pkgconfig-4.7.patch xsa164.patch- bsc#981264 - VUL-0: CVE-2014-3672: xen: Unrestricted qemu logging (XSA-180) CVE-2014-3672-qemut-xsa180.patch- bsc#980724 - VUL-0: CVE-2016-4441: Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in get_cmd CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch - bsc#980716 - VUL-0: CVE-2016-4439: xen: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch- fate#319989 - Update to Xen 4.7 RC3 xen-4.7.0-testing-src.tar.bz2 - Dropped libxl-remove-cdrom-cachemode.patch x86-PoD-only-reclaim-if-needed.patch gcc6-warnings-as-errors.patch- bsc#954872 - script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) block-dmmd- fate#319989 - Update to Xen 4.7 RC2 xen-4.7.0-testing-src.tar.bz2- bsc#961600 - L3: poor performance when Xen HVM domU configured with max memory > current memory x86-PoD-only-reclaim-if-needed.patch- Mark SONAMEs and pkgconfig as xen 4.7 xen.pkgconfig-4.7.patch- bsc#977329 - Xen: Cannot boot HVM guests with empty cdrom libxl-remove-cdrom-cachemode.patch- fate#319989 - Update to Xen 4.7 RC1 xen-4.7.0-testing-src.tar.bz2- fate#316614: set migration constraints from cmdline restore libxl.set-migration-constraints-from-cmdline.patch- Remove obsolete patch for xen-kmp magic_ioport_compat.patch- fate#316613: update to v12 libxl.pvscsi.patch- Update to the latest Xen 4.7 pre-release c2994f86 Drop libxl.migrate-legacy-stream-read.patch- bnc#972756 - Can't migrate HVM guest from SLES12SP1 Xen host to SLES12SP2 Alpha 1 host using xl migrate libxl.migrate-legacy-stream-read.patch- Add patches from proposed upstream series to load BIOS's from the toolstack instead of embedding in hvmloader http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html 0001-libxc-Rework-extra-module-initialisation.patch, 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch, 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch, 0004-firmware-makefile-install-BIOS-blob.patch, 0005-libxl-Load-guest-BIOS-from-file.patch, 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch, 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch, 0008-hvmloader-Locate-the-BIOS-blob.patch, 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch, 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch, 0011-hvmloader-Load-OVMF-from-modules.patch, 0012-hvmloader-Specific-bios_load-function-required.patch, 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch, 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch - Enable support for UEFI on x86_64 using the ovmf-x86_64-ms.bin firmware from qemu-ovmf-x86_64. The firmware is preloaded with Microsoft keys to more closely resemble firmware on real hardware FATE#320490- fate#319989: Update to Xen 4.7 (pre-release) xen-4.7.0-testing-src.tar.bz2 - Dropped: xen-4.6.1-testing-src.tar.bz2 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch hotplug-Linux-block-performance-fix.patch set-mtu-from-bridge-for-tap-interface.patch xendomains-libvirtd-conflict.patch xsa154.patch xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xsa170.patch- Use system SeaBIOS instead of building/installing another one FATE#320638 Dropped files: seabios-dir-remote.tar.bz2 xen-c99-fix.patch xen.build-compare.seabios.patch- spec: drop BuildRequires that were only needed for qemu-xen- bsc#969377 - xen does not build with GCC 6 ipxe-use-rpm-opt-flags.patch gcc6-warnings-as-errors.patch- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite loop in ne2000_receive CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch - Drop xsa154-fix.patch- Use system qemu instead of building/installing yet another qemu FATE#320638 - Dropped files qemu-xen-dir-remote.tar.bz2 CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch qemu-xen-enable-spice-support.patch qemu-xen-upstream-qdisk-cache-unsafe.patch tigervnc-long-press.patch xsa162-qemuu.patch- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer dereference in vapic_write() CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch- bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in remote NDIS control message handling CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch- bsc#954872 - L3: script block-dmmd not working as expected - libxl: error: libxl_dm.c block-dmmd - Update libxl to recognize dmmd and npiv prefix in disk spec xen.libxl.dmmd.patch- bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers in ohci module leads to null pointer dereference CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch - bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer dereference in remote NDIS control message handling CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch- Update to Xen Version 4.6.1 xen-4.6.1-testing-src.tar.bz2 - Dropped patches now contained in tarball or unnecessary xen-4.6.0-testing-src.tar.bz2 5604f239-x86-PV-properly-populate-descriptor-tables.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch 56549f24-x86-vPMU-document-as-unsupported.patch 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch xsa155-qemut-qdisk-double-access.patch xsa155-qemut-xenfb.patch xsa155-qemuu-qdisk-double-access.patch xsa155-qemuu-xenfb.patch xsa159.patch xsa160.patch xsa162-qemut.patch xsa165.patch xsa166.patch xsa167.patch xsa168.patch- bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent cachability flags on guest mappings (XSA-154) xsa154.patch - bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may crash guest with non-canonical RIP (XSA-170) xsa170.patch- bsc#965269 - VUL-1: CVE-2015-8619: xen: stack based OOB write in hmp_sendkey routine CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch- bsc#965156 - VUL-0: CVE-2015-6855: xen: ide: divide by zero issue CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch - bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref in sosendto() CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch- bsc#964947 - VUL-0: CVE-2015-5278: xen: Infinite loop in ne2000_receive() function CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch - bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch- bsc#964644 - VUL-0: CVE-2013-4533: xen pxa2xx: buffer overrun on incoming migration CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch - bsc#964925 - VUL-0: CVE-2014-0222: xen: qcow1: validate L2 table size to avoid integer overflows CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch - Dropped CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch- bsc#964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer dereference in ehci_caps_write CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch - bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun on incoming migration CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch- bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch- bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun on invalid state load CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch- bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient resource limiting in VNC websockets decoder CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch - bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on invalid state load CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch - bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient bits_per_pixel from the client sanitization CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch- bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer overun on invalid state CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch - bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer overflow in non-loopback mode CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch- bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch- bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch - bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci use-after-free vulnerability in aio port commands CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch- bsc#959695 - missing docs for xen xen.spec- bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) xsa168.patch - bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage functionality missing sanity checks (XSA-167) xsa167.patch - bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch- bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers leads to a crash via assert(2) call CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch - bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access in ioport r/w functions CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional logging upon guest changing callback method (XSA-169) 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch- Adjust xen-dom0-modules.service to run Before xenstored.service instead of proc-xen.mount to workaround a bug in systemd "design" (bnc#959845)- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155) xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xsa155-qemuu-qdisk-double-access.patch xsa155-qemut-qdisk-double-access.patch xsa155-qemuu-xenfb.patch xsa155-qemut-xenfb.patch - bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch - bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer dereference issue CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch - bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch - bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164) xsa164.patch - bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM initialization (XSA-165) xsa165.patch - bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) xsa166.patch- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch - Upstream patches from Jan 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch 56544a57-VMX-fix-adjust-trap-injection.patch 56546ab2-sched-fix-insert_vcpu-locking.patch- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163) 56549f24-x86-vPMU-document-as-unsupported.patch - bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) xsa159.patch - bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) xsa160.patch - bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) xsa162-qemuu.patch xsa162-qemut.patch - bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch- fate#315712: XEN: Use the PVOPS kernel Turn off building the KMPs now that we are using the pvops kernel xen.spec- Upstream patches from Jan 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch - Dropped 55b0a2db-x86-MSI-track-guest-masking.patch- Use upstream variants of block-iscsi and block-nbd- Remove xenalyze.hg, its part of xen-4.6- Update to Xen Version 4.6.0 xen-4.6.0-testing-src.tar.bz2 mini-os.tar.bz2 blktap2-no-uninit.patch stubdom-have-iovec.patch - Renamed xsa149.patch to CVE-2015-7969-xsa149.patch - Dropped patches now contained in tarball or unnecessary xen-4.5.2-testing-src.tar.bz2 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch 54f4985f-libxl-fix-libvirtd-double-free.patch 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch 551ac326-xentop-add-support-for-qdisk.patch 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 557eb55f-gnttab-per-active-entry-locking.patch 557eb5b6-gnttab-introduce-maptrack-lock.patch 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch 5582bf43-evtchn-simplify-port_is_valid.patch 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch 55b0a218-x86-PCI-CFG-write-intercept.patch 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch 55b0a2ab-x86-MSI-X-enable.patch blktapctrl-close-fifos.patch blktapctrl-default-to-ioemu.patch blktapctrl-disable-debug-printf.patch blktap-no-uninit.patch blktap-pv-cdrom.patch build-tapdisk-ioemu.patch ioemu-bdrv-open-CACHE_WB.patch ioemu-blktap-barriers.patch ioemu-blktap-fv-init.patch ioemu-blktap-image-format.patch ioemu-blktap-zero-size.patch libxl.set-migration-constraints-from-cmdline.patch local_attach_support_for_phy.patch pci-attach-fix.patch qemu-xen-upstream-megasas-buildtime.patch tapdisk-ioemu-logfile.patch tapdisk-ioemu-shutdown-fix.patch udev-rules.patch xen.build-compare.ipxe.patch xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch xen.build-compare.vgabios.patch xen.build-compare.xen_compile_h.patch xl-coredump-file-location.patch- bsc#954405 - VUL-0: CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - VUL-0: CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) CVE-2015-5307-xsa156.patch- Update to Xen 4.5.2 xen-4.5.2-testing-src.tar.bz2 - Drop the following xen-4.5.1-testing-src.tar.bz2 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch 5576f178-kexec-add-more-pages-to-v1-environment.patch 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch 558bfaa0-x86-traps-avoid-using-current-too-early.patch 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch 559bdde5-pull-in-latest-linux-earlycpio.patch 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch 55a77e4f-dmar-device-scope-mem-leak-fix.patch 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch 55e43fd8-x86-NUMA-fix-setup_node.patch 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch CVE-2015-4106-xsa131-9.patch CVE-2015-3259-xsa137.patch CVE-2015-7311-xsa142.patch CVE-2015-7835-xsa148.patch xsa139-qemuu.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch xsa151.patch xsa152.patch xsa153-libxl.patch CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch"- bsc#950704 - CVE-2015-7970 VUL-1: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch- Upstream patches from Jan 5604f239-x86-PV-properly-populate-descriptor-tables.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) xsa153-libxl.patch- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) xsa149.patch - bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) xsa151.patch - bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) xsa152.patch - Dropped 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure temporary file use in /net/slirp.c CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-4037-qemut-smb-config-dir-name.patch - bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table size to avoid integer overflows CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled creation of large page mappings by PV guests (XSA-148) CVE-2015-7835-xsa148.patch- bsc#949138 - Setting vcpu affinity under Xen causes libvirtd abort 54f4985f-libxl-fix-libvirtd-double-free.patch- bsc#949046 - Increase %suse_version in SP1 to 1316 xen.spec - Update README.SUSE detailing dom0 ballooning recommendations- bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’ secondly show errors 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch - Upstream patches from Jan 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch- bsc#941074 - VmError: Device 51728 (vbd) could not be connected. Hotplug scripts not working. hotplug-Linux-block-performance-fix.patch- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) CVE-2015-7311-xsa142.patch- bsc#945165 - Xl pci-attach show error with kernel of SLES 12 sp1 pci-attach-fix.patch- bsc#945164 - Xl destroy show error with kernel of SLES 12 sp1 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch- Upstream patches from Jan 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch 55e43fd8-x86-NUMA-fix-setup_node.patch 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch- bsc#944463 - VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in vnc_client_read() and protocol_client_msg() CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch - bsc#944697 - VUL-1: CVE-2015-6815: qemu: net: e1000: infinite loop issue CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line config handling stack overflow 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch- bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed - bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been observed - bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot has been observed 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 55b0a218-x86-PCI-CFG-write-intercept.patch 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch 55b0a2ab-x86-MSI-X-enable.patch 55b0a2db-x86-MSI-track-guest-masking.patch - Upstream patches from Jan 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch 55a77e4f-dmar-device-scope-mem-leak-fix.patch 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch - Dropped for upstream version x86-MSI-mask.patch x86-MSI-pv-unmask.patch x86-MSI-X-enable.patch x86-MSI-X-maskall.patch x86-MSI-X-teardown.patch x86-pci_cfg_okay.patch x86-PCI-CFG-write-intercept.patch- bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap memory in rtl8139 device model xsa140-qemuu-1.patch xsa140-qemuu-2.patch xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch - bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen block unplug protocol xsa139-qemuu.patch- bsc#937371 - xen vm's running after reboot xendomains-libvirtd-conflict.patch- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code execution via IDE subsystem CD-ROM CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch- Remove xendomains.service from systemd preset file because it conflicts with libvirt-guests.service (bnc#937371) Its up to the admin to run systemctl enable xendomains.service- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line config handling stack overflow CVE-2015-3259-xsa137.patch - Upstream patches from Jan 558bfaa0-x86-traps-avoid-using-current-too-early.patch 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch 559bdde5-pull-in-latest-linux-earlycpio.patch - Upstream patches from Jan pending review 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 557eb55f-gnttab-per-active-entry-locking.patch 557eb5b6-gnttab-introduce-maptrack-lock.patch 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch 5582bf43-evtchn-simplify-port_is_valid.patch 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch x86-MSI-pv-unmask.patch x86-pci_cfg_okay.patch x86-PCI-CFG-write-intercept.patch x86-MSI-X-maskall.patch x86-MSI-X-teardown.patch x86-MSI-X-enable.patch x86-MSI-mask.patch- Adjust more places to use br0 instead of xenbr0- bnc#936516 - xen fails to build with kernel update(4.1.0 from stable) 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch- Update to Xen Version 4.5.1 FCS (fate#315675) xen-4.5.1-testing-src.tar.bz2 - Dropped patches now contained in tarball 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch 5513b458-allow-reboot-overrides-when-running-under-EFI.patch 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch 5576f178-kexec-add-more-pages-to-v1-environment.patch 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch CVE-2015-3456-xsa133-qemuu.patch CVE-2015-3456-xsa133-qemut.patch qemu-MSI-X-enable-maskall.patch qemu-MSI-X-latch-writes.patch x86-MSI-X-guest-mask.patch- Replace 5124efbe-add-qxl-support.patch with the variant that finally made it upstream, 554cc211-libxl-add-qxl.patch- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable qemu MSI-X pass-through error messages qemu-MSI-X-latch-writes.patch - bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed - bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been observed - bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot has been observed x86-MSI-X-teardown.patch x86-MSI-X-enable.patch x86-MSI-X-guest-mask.patch x86-MSI-X-maskall.patch qemu-MSI-X-enable-maskall.patch - Upstream patches from Jan 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch - Dropped the following patches now contained in the tarball xen-no-array-bounds.patch CVE-2015-4103-xsa128.patch CVE-2015-4104-xsa129.patch CVE-2015-4105-xsa130.patch CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch- Update to Xen 4.5.1 RC2 - bsc#931628 - VUL-0: CVE-2015-4106: XSA-131: xen: Unmediated PCI register access in qemu CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch CVE-2015-4106-xsa131-9.patch - bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable qemu MSI-X pass-through error messages CVE-2015-4105-xsa130.patch - bsc#931626 - VUL-0: CVE-2015-4104: XSA-129: xen: PCI MSI mask bits inadvertently exposed to guests CVE-2015-4104-xsa129.patch - bsc#931625 - VUL-0: CVE-2015-4103: XSA-128: xen: Potential unintended writes to host MSI message data field via qemu CVE-2015-4103-xsa128.patch - Upstream patches from Jan 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch- Add DefaultDependencies=no to xen-dom0-modules.service because it has to run before proc-xen.mount- Update to Xen 4.5.1 RC1- Update blktap-no-uninit.patch to work with gcc-4.5- bsc#927967 - VUL-0: CVE-2015-3340: xen: Information leak through XEN_DOMCTL_gettscinfo (XSA-132) 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch- bnc#929339 - VUL-0: CVE-2015-3456: qemu kvm xen: VENOM qemu floppy driver host code execution CVE-2015-3456-xsa133-qemuu.patch CVE-2015-3456-xsa133-qemut.patch- bsc#928783 - Reboot failure; Request backport of upstream Xen patch to 4.5.0, or update pkgs to 4.5.1 5513b458-allow-reboot-overrides-when-running-under-EFI.patch 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch- bnc#927750 - Avoid errors reported by system-modules-load.service- Add xen-no-array-bounds.patch and blktap-no-uninit.patch to selectively turn errors back to warnings to fix build with GCC 5. - Amend xen.stubdom.newlib.patch to pull in declaration of strcmp to avoid implicit-fortify-decl rpmlint error. - Fix quoting of __SMBIOS_DATE__ in xen.build-compare.smbiosdate.patch.- xentop: Fix memory leak on read failure 551ac326-xentop-add-support-for-qdisk.patch- Dropped xentop-add-support-for-qdisk.patch in favor of upstream version 551ac326-xentop-add-support-for-qdisk.patch- Enable spice support in qemu for x86_64 5124efbe-add-qxl-support.patch qemu-xen-enable-spice-support.patch- Add xen-c99-fix.patch to remove pointless inline specifier on function declarations which break build with a C99 compiler which GCC 5 is by default. (bsc#921994) - Add ipxe-no-error-logical-not-parentheses.patch to supply - Wno-logical-not-parentheses to the ipxe build to fix breakage with GCC 5. (bsc#921994)- bnc#921842 - Xentop doesn't display disk statistics for VMs using qdisks xentop-add-support-for-qdisk.patch- Disable the PIE enablement done for Factory, as the XEN code is not buildable with PIE and it does not make much sense to build the hypervisor code with it.- bnc#918169 - XEN fixes required to work with Kernel 3.19.0 xen.spec- Package xen.changes because its referenced in xen.spec- Update seabios to rel-1.7.5 which is the correct version for Xen 4.5- Update to Xen 4.5.0 FCS- Include systemd presets in 13.2 and older- bnc#897352 - Enable xencommons/xendomains only during fresh install - disable restart on upgrade because the toolstack is not restartable- adjust seabios, vgabios, stubdom and hvmloader build to reduce build-compare noise xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch xen.build-compare.ipxe.patch xen.build-compare.vgabios.patch xen.build-compare.seabios.patch xen.build-compare.man.patch- Update to Xen 4.5.0 RC4- Remove xend specific if-up scripts Recording bridge slaves is a generic task which should be handled by generic network code- Use systemd features from upstream requires updated systemd-presets-branding package- Update to Xen 4.5.0 RC3- Set GIT, WGET and FTP to /bin/false- Use new configure features instead of make variables xen.stubdom.newlib.patch- adjust docs and xen build to reduce build-compare noise xen.build-compare.doc_html.patch xen.build-compare.xen_compile_h.patch- Drop trailing B_CNT from XEN_EXTRAVERSION to reduce build-compare noise- Update to Xen 4.5.0 RC2- Update to Xen 4.5.0 RC1 xen-4.5.0-testing-src.tar.bz2 - Remove all patches now contained in the new tarball xen-4.4.1-testing-src.tar.bz2 5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch 5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch 53299d8f-xenconsole-reset-tty-on-failure.patch 53299d8f-xenconsole-tolerate-tty-errors.patch 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch 537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch 537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch 539ebe62-x86-EFI-improve-boot-time-diagnostics.patch 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch 53d124e7-fix-list_domain_details-check-config-data-length-0.patch 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch 53fcebab-xen-pass-kernel-initrd-to-qemu.patch 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch 540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch 541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch 541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch 541ad3ca-x86-HVM-batch-vCPU-wakeups.patch 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch CVE-2013-4540-qemu.patch qemu-support-xen-hvm-direct-kernel-boot.patch qemu-xen-upstream-blkif-discard.patch change-vnc-passwd.patch libxc-pass-errno-to-callers-of-xc_domain_save.patch libxl.honor-more-top-level-vfb-options.patch libxl.add-option-for-discard-support-to-xl-disk-conf.patch libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch x86-dom-print.patch x86-extra-trap-info.patch tmp_build.patch xl-check-for-libvirt-managed-domain.patch disable-wget-check.patch - Xend/xm is no longer supported and is not part of the upstream code. Remove all xend/xm specific patches, configs, and scripts xen-xmexample.patch bridge-opensuse.patch xmexample.disks xmclone.sh init.xend xend-relocation.sh xend.service xend-relocation-server.fw domUloader.py xmexample.domUloader xmexample.disks bridge-vlan.patch bridge-bonding.patch bridge-record-creation.patch network-nat-open-SuSEfirewall2-FORWARD.patch xend-set-migration-constraints-from-cmdline.patch xen.migrate.tools-xend_move_assert_to_exception_block.patch xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch xend-config.patch xend-max-free-mem.patch xend-hvm-default-pae.patch xend-vif-route-ifup.patch xend-xenapi-console-protocol.patch xend-core-dump-loc.patch xend-xen-api-auth.patch xend-checkpoint-rename.patch xend-xm-save-check-file.patch xend-xm-create-xflag.patch xend-domu-usb-controller.patch xend-devid-or-name.patch xend-migration-domname-fix.patch xend-del_usb_xend_entry.patch xend-xen-domUloader.patch xend-multi-xvdp.patch xend-check_device_status.patch xend-change_home_server.patch xend-minimum-restart-time.patch xend-disable-internal-logrotate.patch xend-config-enable-dump-comment.patch xend-tools-watchdog-support.patch xend-console-port-restore.patch xend-vcpu-affinity-fix.patch xend-migration-bridge-check.patch xend-managed-pci-device.patch xend-hvm-firmware-passthrough.patch xend-cpuinfo-model-name.patch xend-xm-reboot-fix.patch xend-domain-lock.patch xend-domain-lock-sfex.patch xend-32on64-extra-mem.patch xend-hv_extid_compatibility.patch xend-xenpaging.autostart.patch xend-remove-xm-deprecation-warning.patch libxen_permissive.patch tmp-initscript-modprobe.patch init.xendomains xendomains.service xen-watchdog.service xen-updown.sh- bnc#901317 - L3: increase limit domUloader to 32MB domUloader.py- bnc#898772 - SLES 12 RC3 - XEN Host crashes when assigning non-VF device (SR-IOV) to guest 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch - bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch - bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch - Upstream patches from Jan 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch (Replaces xsa107.patch) 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch (Replaces xsa104.patch) 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch (Replaces xsa105.patch) 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch (Replaces xsa106.patch) 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch (Replaces xsa108.patch) 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch (Replaces xsa97.patch) 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch/bin/shibs-arm-3 1684339004 4.17.0_06-150500.1.104.17.0_06-150500.1.10xenxen-4xen-4.17xen-4.17.0_06-150500.1xen-4.17.0_06-150500.1.configxen-syms-4.17.0_06-150500.1xen-syms-4.17.0_06-150500.1.mapefixen.efiefiaarch64xen-4.17.0_06-150500.1.efixen-4.17.efixen-4.efixen.efi/boot//usr/lib64//usr/lib64/efi//usr/share//usr/share/efi//usr/share/efi/aarch64/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:SLE-15-SP5:GA/standard/3eca4b2bda5a4a86386c190500d5fea1-xencpioxz5aarch64-suse-linuxASCII textELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, BuildID[sha1]=74a442fa24629252dd306986ae79692cdd3cb4b5, not strippeddirectoryBB÷̣utf-8a8089efeedac4c50358250ba5c5548d093ab24b9110b58477ea048c76bccc5db?07zXZ !t/] cr$x#I>;mb<;( XL)o(ҼX |+)BuRkЮpg+?+8OARvݦ=1%ZS,8m⪚VoYi<`载w48@`GN<1M΅0,8HŭRe$}n{ pw@ RO zIt#s!JLÀ+|QѤX$H耙c gfZ^վiԒXϒ2KrF=e8/q0C j ބxu>73(Qd;HKs:[Ҩ[:b.jcG"Vqmx{ʮM.?UZ6"j*bO_^;JMl{pwPkgv @N`XeRwmZa46*TI%4{u3ˊAlHOڏc3˅d4a%4i,V EF3L()eS+v84w Ł0FPӐ [AB$I@JcМKp2Ώ&w5e%5xQՀDч+crjZZ$iPAS"9bfW43.pbe/?3A, ~#Rx#*xM g:=/62wW,!؍FQ }zk2 -xnL+j3U#+;u{UJC1mM *N<:79NX; R:`L[?ym\ʪ!ઓ3Cp^P@6̟aDE,7Ϲ 2l)TTE/#! )8ԄU:2O  (/YIxlpHIx_/ 1*m,g49]Y4No~sՕfϩAk e-fB 1.Fz?˷;٦Sar~%Y"FYä;*Dfm9'QRx%bLkb3vYk%UØ'5sA' k wJv{ʌƔ"MߐҼ>(h2>x %ˁRtЗ&[29RY Řvk?yu)b?zG>YV#P@/?0*Pc  FLv+a9CMԃyS`fL igŰAmn.+ᅴ!gn}^vf̆eBkP-GKj`ǣ`(0EC7mz PoP2@-6dSш{I+@0DUgj,+FW,Ee.X<ٌ6seW.BwQp?i QLaSTS/< <~JFVxT̺L'f7g?뛘YzLZu0AJ)|"}3B_aa^?<^*Sm4&vʌܮ/!- Q 7wM3ӏ_AC>I{n[P'+Y uAݝS<-x5< I?heRJSh:1lRB#zhS±mDh^q3ŵYlft(>x)qz%[Lwv*CxQ1V6C5'tՕ@gwȤHfE= OhY`mgG5J$%dU*C+WQ(nyP˟6M;~T$cniDzyP- P `uC">h+2ߟI|MELr)dr}rt ${ [WC)Qy8!}.l9el#^`'*rDi*017Zd Zic喡;ij6> fꋸ߱/P0.(BT& ЙQW6,Jo  ,`6Pls z"ʉQ8Fʏ)CQɭ( V5aP{Nu_(ro8~BuT1oWacBW %qz6+x_^h\do=jߡęx{Jv5As}  uLfK(N3:1j>Ә? 2Qav_Dd_j/.Q5':Fc!ëb8=/e_og a(h7Y07 HenL. Ӻ7 yMǮ h /Ȍ4WMj)4fJGL' `跚{%1^?T$kŬ,Z JB殆*EQ{cdB^?1ȺqƘE0#q|ջ5{UrRE;/mB1,[F~#A{K:HsM p썳co@!>F욥=)e]&"fvH;׶L3mP[*)*3n # ]6tP٪dlw5@&uʉN>N}$Z!ɥ;BI %>UyXhib›а{"<(1jh\@!y;tOuCפ*z4H*"eOnlxNl5 > **R>rKһ7}b(ٞ=7LDDv p&[֠Ls-ܾI@ؗ㹠_Su4*E4rw@1Tmۗ1/$g><ߎab9} 6BJ?8M֫ݿ$TZ0,xgTL<}ml<=>)k"MILLZA^;UؾrP"8QUX]u\}9d-go6[昞[61lzP!*y+tM5V0r-JD`(_{Y{#T҄KMt1M3SH) [1X$̝5l% uquvE9 uNg'QԆJ?)APL䳒./goʭ)s^wk%?3Z"VhsoHT;@T2CMv"66Krw# W94n&o)a)w՜@'Of!`.1|$6У:3@lJ3q'=y|ZyIYU{QO!w A*l6);(ڥD9 77dkE+$o٠ N\pd,HbRup7׀S3A~3z4k"Bf 52I ^iׇHJauO(kzueGqiSKm1AZ˼k&' k{J+Mi ΍3=LWz|v٧񤀊TE"LLe"щ_f>RԬLD}QQT ,2bבf,<PxboaDQl\9{{tH"?=GçY,f8gAP0D/^ЉH9rI18Jmt8U(0~]bI+L\UwCs5qΕ1/WBJ) KH~SH)wH7h̢$Szʁ ۠tQr:'v--lSÍ55HVOIfH!Z)]+>Ok~B^9H߽뫝vN?֩r3ǧ1ta>pq 3S gےG=;LShcv`J]d>eI#^VQ;z({T_m:e{aovɲ~>'~='DԔcw1]s Pe>9T/N3|ځğ71>6Q2]NXCO`gF.kopD1 {YP4L[& #4r+q o1dqalf46TSFEK mHJp '{0bz:b }F:}eĞ9%Wk|PG#zxψD(lԊobNj4K[ܚނh nY6ϟ޵`#qo6GXP;'tmxĢ ,y0Zoe5"ȕ6|L_+ʇy(H7_ı[lxkfu%]DH+}@:*afs^]7ֈ$ ҴX1}^1ޜZ&/TxRg_q>&U$e2oA_VY |0.+ŴusK;O&8>-~--k^@tO) e#-{՟,,+2 CS@YFF~lN5SK_=-ڕDjEc _UʊlZpTivo W]?wLiM@JB+R2N8\ [@(4SՂ9 kƷi]yq3<" ;Oh t b(J U@K?}Y@ XⰞn8PBAW@0пDEP\m VΤpv+K[dtX%I7'&Ž4D17! GnGjCϚ"O K\DzJQGU<ў?zD:0@-9YB(b[jδM_U ~rOFu.и*eq,a([>Ȝ%ri~Tx,G PPlc u_]C¼ͺ4Uއ{ do%Iĸ1{{HNkZJQ} m3/!.dyRoչ$?(\PWvڸ&YBù.B}`vy72 hX7'+$)pR4 ȩ=*'M*8=#2q{6^-b=g)jW-7)AVY1t{/*Ʋ tHx̸kAsx.3Mw:IJ-J> D}=J\"V\C_ښ) Z*pヲtMM!xxN~/N4L%~{矽I +.*PZF g+< r%+$M3sؗKf] Yb%',/oK)6D%I4ۅv f<=VJ`lPǔAѴ*:3nnQAkfL 0e OKb&pK+6GhI}vٖ!$H #sjN&ƏՈk8 ЂќUj1p D"9M_tőe} esh4 ,s4bx/-,7sXQ./[FUa$+ 쓗LbM)O}r;DJdzBYZgp NykyL-k]Y6%Au3ȿQ&& tv#̼Ϛ W<2>㟔>QHZӗ5Šks#@DGzwG{Y/㋧hNEj;!=6fֲ4("q|Xl; \VcEw7B/]| 7\q}XKqGAӺ=ؿ.ӔAZ"\/s:uaLaMOTZth< qeVt˻&r.9BH9g~`xބdK>L)&22+`WFcyo@@.8|SSs1p6-7 7 #M ha}!,'A977u/FlAKJQcӂA!Ȃ5!/ J{L|n!$z/%D3c\s% ,ΧҌ&,xYe%w| q#2H1=}Cqw5I|44Yy>?Ǩ^Thĉ#^$S%J:>䓜-cb?K` dN׻Xچ ,$^CVFK;OBYi${'?BX"abO#CڂvNXR{8mxhя|{ٛ^\viOJTѨ$,8S,Hes8T_FK t2%nvԢv%o _cAF6&.YUFuFK% X)M_x01k'J!s/MC P\1L&nw1yN@OPF|){7ЉN#fOc E`0=iJvys}, /CyAyVi:.A* /|^I}Rnfx'F1瑈sRF 7[,2W!1]NX 94""[5G-.>r'tzIfmb1rg;5MD^aAiDG%} Mt 1y$ɺSI;3DE]L&&Ѣ,B%SI XTwGO}w˺#2(C{dM y3PIixY{k%zҙ"XCDɬE)v:F\4I,mvGnSך掻pDXE-܉@_Q"t~pܝ`FS_A r\&y*tBtf:i -kl*J$s"#q>DqyCy>4p əDxOutQ(G%0+p7 z9ӱ+j^l1:|?z7LkY#xG/4F,cu4IFvun*%FZLFIX| "!p+1+-C o hoX-  n{*1qѤERJQb1Y#pָqͻ?X0:/$mAC)LfOA3Z)h#~Bc̅=)$Q)q3WA̘j]ioSgTZ3C6sͥy\(.f\kA@W4&wa)Dl$G_!YGV҇0VoZATpM$R HsHټm8ƞcE/Vn :?g{wzXHw ]f"UAXKWݝ`#S\<|}ɂK $ݼcv|W3H?[ūW7ːӁecګ*:Ei~ zlK&Q* eeusxɋA5V{3RZO3}oh|1C1ͽ#lGGabiDKdkBIX1#ڤrۏھka8b}2Pܰkyc1*f_m`\є\hERUSC¬#`:}eF 8J%ЄSLrdwj5U Fd4L[U#!q)F{$eV#-&1+>vlW'x5%=_[3\ FvI/Gw׳[M`1Q*S (ܱz {mG&*U#ն%Ҫ'.QQ9o]T?tJp7$S\+hK>UȀ=+{p#7wLlOEctP;\)#R^,'78$$]vq}3pF#gq!'7~9B,CD"-7x~G>[G^s/_U\A6&&[-%/(-gJ~ ۥf"D~.vg茕Q:}yqÁ\(du* yA]*eKjFeu ְsD_4[n٪g=93^(VA u.},7tC*3$DIvmAh g$=yH^6c_*[Sڿ79 bdc+a Q="ҨME_=yegz a& /  ÑljQ%Ё@FM:~م۝Ү4#890IAWӃ*bv"6&84_} ];Hg*(~A=5$P?om|O4ӫL~[Ͳ\Y)?KOh-J ޮ& z4 Y[ / L!]4@UާHr|Ň`^IUӫڕY^>\t4= lÙ}" _N&b;`}Ғw]FAl?3MRQdso\*ZZc>G9C. wD[1bÔOP_{Qa=t$?KwQ޶8ҽH4$dDz R}Ȣ>÷J :y̳^RO.LJsq֮;*x|a@q f5PDe5a!>F}9ca) H1*  ]_3oIŧqԑ"י7%f[~B9(sGyoj[_aYu5%X D~iT-ࣜ sDZ&q"ZӺbCW%_FntNd$n{|Q]]*''F/##~|T[φEWi "I@=[9 o̜~i-Mы=$$lO؀߳8ckaӫhuS+n*1i@߻ dԄZɔ7߂N%=?WOu;&˾l_|TĢ"=جntK8Ίӡ/2;8.{C fTT|Qܺ{А&}/ I =EbM A!`vf Bg:u>11#^G$w7ƃ+,+PUo n τAŠ38,z, *kgEQQ؉H(8pC3%LJat$0 4]b#%)PM@ka)([nZ3$q/cB}+颌!%kGȝEq3RŞ?0`lهחHZB G- ;ŽSKZ9t ancw=!kgؠ9q]i, fȈ,NwW`O"gH'Cb 됻:+s^<[rLXWOOj% fvnSoK֙K±Ml5cS&4]ӤՀ>j[m-p2:MET'G 2hb' J\ސ}!!yl2Y W䲴d6W4Y| QSgSeA:κآKeU ,97Q&`;2 q2_Go ISA[75ڭG VRL6)BkӃ+" |Gz%f> ф0[DĴk%6;.>BꒂGh<A, 5y\ӸyAҪE@B %$˺j>g#jV$4grd`edIFPXc3DP|mYQ3C:f@bo}N)mn"腋wp9}Ɲ?gt}T =2 p җ5/D.,~׶R71Zm:$>j"Ÿ8՘ȩhsiuSmgM[!pax("v@A$e8ݏ!ha,kT}?l7 *}.Z"umNwuß,=12I}+`)<K_KoA2Wd4  w̝8(\Lѯ 'mN,k Q]f4`*r*zq_`aҐLldx|iP esBW$wv{XX7EvIpZ{lG|R8.i?p7ҿ| +11#3shHdݬ.'u|3W;jE(Eۅ|~ NDϱ58EBe}:گ-ȸj] f̶X3djHb#b[?md,|i{$G `M-`m5g69a'"b˰X-y u…SSn~ӕMIV/nC,W}fق$!fkkA,䙣5~,?m@;uGQ\D@MFp)w7Db)74=*9 g9T--1n+}0]Ӭ$| =i+ӂRAPqKvL^˃Q9U ph557 t>. @9xWS"gaFuAm딎Bd*d*3 M}d '^W_ǜ;oȩ0E t.s]V2KE{Ѕ~̄H:/> `mZt@>H?hlw,R$̺ΰULCYURCn?<51Tq5F"c!3\aI}Nz8'8?tZ$$$ nJuSqU]{J$Ԏ.`9֋iN)Bd'[?#YYfZ56Rz{hp cf z3=EJפAra&qe'"wHNB=Wa4,ܐm3WeRj->.bPt{"dV"DZh9h~⏈}|ʘe4'Q9e_QZe ^p$gs:$Wb8x%ɚ\A,5!9>`=Z&sརwNohgp-G g QA5~Ca߀ЇkPtfC6(JD! WI %x9!~ZՓ`\ʎV{cEelbj2מ#udb͈I"Du#|dFK `aBڜEz]SDmY.YneVi}9?+;xE]TZHcWX"Ը%cӛqCƗalvQ'7IK(+#2M&X_m"3GO;%Wwe\ͤI tW-Q%:=&)x+j!:^f vOR~/ sA`Qoj . }9z1DZХ-53K-Wl/ W4vH<^vA|n9ka-7iK]7|3ս WvYm %ۘ&O'f 8 -xx!,G`M/Px G  MojP^:R4#|BŎ "3߇ ?}{J(P7N\$ _C9n7yEb#Èy'Ǜ 1$'>Y _vxiۂɅ r }U?D?Y~R}Yd PzA5xk/z&eoq-m|l/z#r @ȢhFcJ#=%4O,KpÁh;iD];eSoRh52 `iGps2a~,:H„cZQ}|kC{7I@3#m*#8!+$K6JKrlOP.^m@q)I?E$nvC?K#^/Y@p*ȵWeheV油8Ũ_-;:y)Q h-A/B/h& IMKq$Nġ^4," =("=|ĞžH(R/"P^eׅ;*ʏC( ;hfLh.J }M|K^BmafX 1ܒb-yF=4Μa%\͡^]'؟JII{=?m_U񿞍{@"Pz-Ͼߢ%f7IÜ(7ov(G属byo?mkPn"@ uɩxZ49JWz5HM&j2u~]ƠXjcZk#vbWYp*yKuMe=8Itl}q C]#zu>`ؽƼR˴2w1MCÊs_D SH1( WYy55$O{&2unK%7"n{az/ kRwYupǃ0x)${{O䦔`@ 'cl³A(&f߆sk2zq!S-ܗ׈GsT/XP9Ǩ=|O5}tVs>w(>;s-rtц`*޹*$m9QQE!XˈsH* 5=KN b=^ڲB=v}LДD{jOt;ȯiokPvE Prr%!3 l2e.f\qgn7_ A氠JLvtȨ9ΧWuj9u4MCF,oi@)K;w%\<,/Vܦ ~$\#؄tIR"r kW?IRl; i%p_Rf; l}o>T*՞:w qlF]%5}W-Jiw?&& u:S2f֐$gWF 7z7ғ*2쎐VVRe :uqOODKŠS:uߓ~23%ڂޜ#M(GA{//x#>cՓ+q%^pj|PpM%!sFgjfF{2sGHL-%s+!3d&nc) 0gbbS ]?AOK$hҀ]^W~/'G/pee!c! c1J D)fI@aU0gXlXaiUC GTg${`hd]?')"Ru-_55w1# p3XBYA0a\/\Yܲ˴)ުj #f^ԷtVAGD=)6.إ 0zhU̲xY;N%DCS.ԩ'y]^POVamXz(T~]>ljc/ m4%(P鶈FP||)qY0>f@7B|EȊIAU4pBאûrˀOUڛO# p78t_ :vE͞^jyT,QF{?6>0_.S"m!>Vici证Bg;8n'qB$צ94؍Th*ޑ:<ɄE\-'Ut-j2Pu|dٷ„{*/oO.mFD~TL3x}M5[aLݚ0<zp+ƚŋa>BRng=b[OxP7LTt*t2L pƦ6p>7l[N2ǯR)CzGCȒcgY0xP*VHUkƁLh~o}~r90&f7s?)ض @8Kpדx8s0Q;FwW<.TtNqJ"֫¢0؁U.F3$9Ƀ^'R{ #[Lsv(ebkAJPkQ+j?Dm?Kj0iEĕ!RE~omͧ~[m \A߰pO+U˹#I=t$PC VhnFG=~kScm1AGڼ`b $MR_4)Lӏ4K̩uȞ̽> y5c~*D(X0h,qh.99 ?:R>la1YHn1qE}cAu|u˰ +N޾qt_qƊbVܒ%;4E[+:l8>A5b< y0-&܂4KF:xޥ1- Kձa_kᲶ.(̥Pigqe_%QhY'z h@f2$1騝!a5q+O;%)YeOVsM=V:> fd>1%j}LuQfv*'i<=;M` *SP՝о{ 09ċg=_bN-1HN *K_z_SmKO3],%K~DȯaW$Aɨ\>a|[FV P4#C`d覑t$i!N]oF مWG7!5h4~ h^gjJQm ?>'"BHnI_}қ) }H&Nx0nO'C2Hb {߳Dfi23P}!MFfL`==!kkRr[wa`sm4+9ȁ6Z:)j7Mfl/ge\ЬcC)Z~r}f xlw6 ^JQ58{ny|XyNp++k:Z;hfIu/ HA΋!ɉMuýt<1"<.~֥~cbл [ ׬xMxYY,ۭ-?S4+? kUKD9T/B]ïY0ƜA/ =0}-?+A6|{',51w0['eh(bW=Zд"buɷGvg讍}#1ܒXvZՋ'Lrrkt`%zu MW[XގIDJ);HTvEum TkՅ|"~Nw)&S xnk0ZitPT fn}7U H䤈}#WLaծgw==B'"\ˢfÊSf0T@[Gn<VLbql2 HΪnFK:arb(7[󦓂Ck}^UbSe,.5¼yf&A#:ablMӌPKrpag<dQR1d3w lIt#`$o,8)L&b"V ~JJٛ).* UJײEL]WJHt^-B,c+`4jHQ8B,azL}46i>|&ࠀF@$5te{&~rljEʈ6RypsbI }5sXeыUL~ٍ۟{Fw}fEЍO3"@  +r{Lgɏ^DhpOSژJYoGwLk_5'L/Wqr<_H-̐UZfJϿ*AhOp^IJē!;ŠT\#ƃ5e%6R KmQ}`yMm8-/;r߇Wbps2}N4P!G^J_]+ڻeS9n'BEvԼb<^| V^7{23 ,8]MRq6'kWtQ>qy^|Oy-MPAOAhBaYc %^y2bզWVثzj9o0%Me4Xһ Q:kԌivSUh伀C{=@L2']tf?ɧߖe00TfyNA]>B+ F9\>]A[k tV\Y?j:4/ yیNu%J1-IhRY$(p-nR8w%2:(}(2033Qq'1L~W0 @ }w΀<ͽ08|%T{euE^\aJC]Ӂ|GBkxitIe5o}&wITv~:n#~2! UR1;%J; 鱏#e̔ooY]RZ.֜yox)M߆>49&L{ rsBt;j_v 2ۦq>ׄM{&:W =eD*Qt0ďa2%DPRѤ'fbw-g8E]J 3lܘI6دDiX bd&OX!r0Mh&H Y6Q Ly6[ž|Y`|uO:dDF/?.O=[x(AG\9ZM[] /&sY׋ʲ'|э;LK?u+j<` p})A W~7bL (bGgɂЋ5cn,"hǣ;Ҙj]gVdtߕU%y`c/8gy).@y~Melm;&. !/}QhbG azIih6CKFklކij^Wg# G:d1ӄS2du[ ~89)놀W=.SEZ q 74,|qMVFk&'VpǑ`Ò]&u181R2Jd.L`y-)H#?l&F-WOɝfAAKB˰ i+]RDf;IHa엀Q bLdͳ &1RxVxB_^c̫ 7;@dol E#+\\.S9ݨ`%\5k&P8i\cs|9@6ԝ8xg}z0k³: j1pxoHqy^ZEv-VxCGAa->0e^Y/|hR_ۀo"c Nv5F_FP2i[m ^ŃW? Kw>LomK4cEή[.mL/=&hTX(K7$K@:Z(jDQ~}ElJ8ͼg))6 V5qeDlN&K_ րuVGy|BGć~0:tnZإ=;\eOoW5ԓ*]ִ ~;1j)ϥ- QY[u #zv!EMk&lPJsF؛%@ }Q- {n8#ڛUy3a<Ck/T|㶁R}Y[s߰O=73BYc)mRT+_ب49O$_U?&ހz/ ;Nbg2d0A1fGUp(gkT q*plzє .[;_g[ҹzp&/.XeKk5{*OHzM ^ל/Kyv'8hw}aiU90FU.KObWw~-z%Q;^6^Uo)B)QFV`$mK?֟XF';٥yti=͑"rTL/*ۑ2d)hZ=GՄ̯g @ +7yP7JݰWQPd)mth*h)ڪԮLؘeVI]砋g_ekӆ VQjg0^F3>,>+e(b9I@A<{*rc1ZQdtU OtoTѧ^kqNu&=zϱ[sМd?`f P<ɺĶ=GT}ySj֟'ϩVc3 ?VG'e:&}$C^E)ey:B[\t=9dSYn蛕XD0yfS4rMB:b@S+<&#ÜK=el\O.ŜSk`,eyAq >+d9/eP~su<`0z]wx@_eqdsD@C![CX'&QRrcT8(ܪ{WM p•=Q@9=Υ^J0[ܡ QYGƲ|}Σʀf#blvͯ:\4e"?R~6$S47p?mGe|}=x]TD*$ htd.DL81JyeVMϫ|7i8<zS h^dR8w0vJ? )pVA{_ ftT!gi` 9gF]`7y\ oT0Iyn?sZ NPu'Zl=ΊܿXݒ/mt;K$^ZLknFR=4uq`%4gǒK9( mh6~vm*Р%[2 |bYz%bM; F)ݒ|.E Dz4?R#iTʛh-"xB˅ >ḑK-rՊ2C/nx:I"ʈ(QcZFP`ڧ|/iW0T7$W J*4!BrXkg2tҔh+\2"M<:AVthab^_j}0˗\3" 69rФRM?zfR4)Fo3QK9ڡo1fhLU`+{sv8}T1v[@:cL?:rNYoHOD'C:j2oߨ:3p8Ď`09?@EN+2+iHKrUR ^q2k:)d8%g0Ft}Ђ#˔K1`&=x\OuRXsxL#7~?tV@9::;y>0D9 )Pz45`L&$^ Qw)\y31b9!NMxV~m%q-?m>Z ~gr 54Xhz|Kz0O'+Y`H>+&Xkx0hl^?XӠ$, l? DKgK^ԁ9^^`? mڶl 9d 'c[H2hcIsD&%OTAj%j: GkDԐFEv7ˋL U|m"c(p>>SXgS v>vu Vv9Pmkqk/ih2bIU~,Y-^1W ՎؠD]~bұ-лe4{2uƚ~ b4Y 4yXɾyjYm8Q(, Mj/1e8 )qwI'S.|JBL;uާ0g"5KebeM{xw#crCA_ސVwO:|+t7I]M4"BtD Þ@vͭDȄ> k V}A"Z2kK3dብMX?dې+ Ձ8+M眳hI=W\Ƞ'_zEF]F[Ȫb`O'nڈJ)cRY7 o,:19lsd$M$s֕h @2 yE,{A G}:5n(bוYe[gC`f6%&C78#S䶱>I`|`},C"\>M vsac6| Mm?a:KnwrK!ɸSm iCG0GzyݘՃd/~ cYo+9|;ԜpQFJ x'Q^{ZC9Ag"]3N2̴W:E>(7L={L ֕8wx1m{Y,v@NR,h@+\? PĄmF~X3Lb>QgkA3wdL[ e7~;ilhZy?^ .j/8߮0ZQ%/fm9KBQߦȱ_&PF}|l Ub {d`5a4S NA< /H*j9_ayF D0MWU^Dݵ85/N?SWV'`7S|?$u%De4E4 ͢_Q7nBlfTYM-^qZ ;$wh~汞8S:C ljB~@|& }C@wL}4ZOz"5V5:-\n= w PN:tV)TU/P8M°6lmd=TZ߭=EdVME>Ld> Q{:K@t>Q=ӎ4X(BJ E%Z,R202RII[XjBkӷ kn_1SM,f%؈tWȁ=xG8E8*rc\-GNI1 DtȚH3ȎTU>Ey4+Ba U&` pѰѶp35o#S2y;e!<3 @V>E"/q "Dp!f5na OyEke+˩vbDCs]zQX8ƧN?}s$'T, /K w êq`D=_|Rn,Irp5U8(#uk;^h)m M3{L8q6Sm@QdCxUj{C1D{Tz2V\ggY"茙Qm @ex2p%02 0yp}9? :џ=WQvp1(K],"Ե7Ě]Gql)A n$u:^AE1N셦THc+j'Jo 좿ꤌrG,J5@3'gP4Kox65,Iu*i|0;8Ni#vS $V~D (f aǪI¿p(ll=m>Ţ`Pt(zm[RQw6vD9^{cZL"N/[%C_j>z`D//fgta9ǵo/ԁ>#⊺ K|'%l|<{E`X xWebu0^]a}"Y+A8 ,{ٜ (/1ЄVpdn$H(`Ҿc҈ob'@g+Nf*IihQ{6ͅ˲'h*pSVvuRKt+~ 2rA{: a Vu;V0)"٩ R=UD( 2;sOF ta.oڢ_+JIh7u-|_׽E gi 8u|HJ2.#4Mƣ]Ni]~g,c hA2*D:&#*EL}O{B)$.L]YE2Ë"XSN;FVWVP}iŕ^Z$`yS(+ Ou6UZ XLN.d}jNb%10?Iҵ8ͅ 4  @v-T :0eQB, ܥGzt7{"Lb8 Ri@@D d!PݼG!3] R1GɏQvd(I)9 vVHp+BtSjD.v&?rIhVqW eMȟ hǃ v7l<51P |Z^ `XΌTIp8?a!SL~<)4qHBV=Vf45h!Wqi1_/lA$˽c&WጇhVxH\2kh5DQ7YRVb[ln3*zNqs|/LCT`gYi\8~k˙~>97lR*=7v&Xu{ܠc@(K-TLȗ{>i_/QzQǽOF p|& \WFyL %CrD[q%]V~{>Nq%rZ}WHY7wr򛷀Ey㖻]D] jv|qp! V``C][l5;⋋`g@ʡg{%[}z;&t~<݊p °vuW8uL0)oҁڮG|S6<GFoL:(pP"Hej^RPtqj;|x-wK( @+,-_B)UR_ 8u;}Z[ ~~i+e˷8/2=jn"'mH3ܐvKc *ߵ4㏙0y;b-ZO/2B"LM`-A`/{Ps6ň=:]W5tRSY`WKr?pzF]ƟLo)&"GCYF*Jӵ0{d(Jђ)Xh'o0YwWS$WKՈ|ʡ@ȚFO*CYsB7 hw ?ZT=({ ӁV\22oՋ^g^n3҅N&S*\Y`T KDT}mJH.=~ۘIc^-Es8"RO&ryd xMb"z&n6lMQ) c) G:lqD#{;(kޜZn_J;kbd-+H[J-HRR՟$lV x/H5b;7am$Ń9o-hToAJ+r^sZ6|SA@hk5iձx6(xGf&KHa _lKyn CEH8D@dJXj$܆dzW` `XoHlqE6Q()s ;@̍h0`h h$3'"=+1կRg$cB~[z5?7kmzyZ6O:94Ƅo 24<98P TEpĒC[P8+sΥkj9j*wduEٱ={!ZxܫzʗO&q*ە![?0%DYWrV靄Ւs^ EO:a*W(,G9xc/1-,#h>9 2^R3\uԩ.h7eEL=Օ\pOF/h4YjXo GzaJLE0,3Dqܻ[xT:]sy}ZpAF502ƺY$bP1,nňQd/8]S6MbȌcDKf@KG;'ŔEK8$`s[]4\lj?ELBHivڧ,p3ᏮOVnmmqypmd1x9t</4ipbS mK͆o-yH9yZ ޘ@C-^Q/ǴfzV,}^o>fZ?y<N.#(ؕv2lC*I4qF+sx&)3H{V|@j۬#s|rwY#)>o0K7#"tt۠ܛF']*? 'EqF1N)8j('h +ꆱy:w <iu#KiPT/zT!oc:e'-;7@3ţ?LGa|,Q= gbk#?N^]lHoBʎ䋃51؆.SI:CI} gFf*G{[r9u flڏM?FvK{k!@@[\+3'_RJT *̼MZljȸߚ\>iVf]WHf r$_9_N"LYE}?r `y "Hc{7-R6+s>kƩo餈ip$DVkh/~~b=IM;iHu+3لs)LjgS} BkfkQ_ǦuV(Y@JY>JߚTJt3Ͼ K2uaqW\ |f1֨r%H 55t|*`\W613#jP\z"ޛf4/<8/GJaĸ%F{P225&||&fbgh$sb9dz-c4|ŗTMW)W@L*kώ97!O5h1Ob[,oIt7YB"4KMQ؍~]2]/ lX4&"je4j%Nt~Ncۻh(C*Q8c\ѕEx(=OD?H2Ø6 r|6O~޻Qݦ6TxG׍ UT[ƻ\/ -?t欶qzgnV KBGt^uzGȂP*Ȧq @lZ:Mҵ2_Q[W" '-+7GNk9nv=?)eL残 +Tr]Ot[: (:03VU W8mkm+DD{,!ʤ!k`z^,%T-h&*sѾ5NlI3|R-,Z-QE&>Io<=mf.4﫭]2g>w~\>wDRaDt9i @Z(5^6D:[\\gZb>hש\9bM3MÛF`niy!D&XC^16Ѿ~m1gOu::NgKlݚ TO}P5Qbҁqe7.@]'b2q!бʬՃ 4jjyWH6ҭrwb®(6{:,FTBu %@4|KޚvB siG+b7^y2E_ KYu dL-<`Asp ,n0q:&>` W Uj[e.@޸Ť0pa,w[M{%M2ot xp׆t?'>jԣ}s/Wb.i)u=*6krݥ>gJat|vcQްj>ToX*DcJAi׵G]p y8 feф\O~uț{& ' Feu8FvTA퍺J(I%B٦onD #,<$w8NPK!%1>z$ 9RQyvЂUԙQ8eX0mI(" [% M`+'v StWȔAA{UIV %ZH1wnEfփdI? fFP5mj£d&۬Zٯ{-rt0䁿bL᭳T=BpH\{9ƚvzJ>4Gci&V{Ĕ@a2YWL|Lո .>b8kqA;Bףkw_ Me5I&jS=JN:,8MWpʂ&sbq, ; {wϽ 6'R$EJ 1תx4xAI# %2h;~%[rĠ I&1"x)KJg7(x(9%N>CN[𪇑  [CY>M`0=8/`=/xO Xu_LO\Dtf!UAΙz%g`?pߙ= `}#C~lIDBdAH Ȼ`?7l U3+B .~_mc(K(n.$]5q 8fDz҇c@1>}ؚ;bLdb'/FIG=pGM{YX5.:F|ί0"%51aAIu2Z,TJfQr7,gG{uQ6YCyVUC& ī^*) <`P|b٣t;@w ZePw[ 'te) D#tX=)X&TqchvwiEt}ȇ&F8(_&,vۓCCjmV]Pl cC2+zlUDmhR 6>aNHLN!n{Yxpx]e37wmph98+%Bo~QXc0 Ei74,Oʡ͐yHaH.H&7EB {cqHe"ݺ ֑~\Nc|{IJSE}qFi:5@`8&!$k)JX> K$ncm~2zKC]R]$][9Kñ7e 0I k6eدWv'# %V+74VEK4;!sߡR,cjb4E'4d F)`A/2x2UDy*^ -Uk5*wkKo=&m%H#M(9  i*Q,gÛcD2 NT.One(pRW\ggVMm0Gf!֬}?6jVpPkLA:&*BIӻ WoHXwŪ}'fROu!ZώiM%9ΜE>j!=ޒ?g.DEO>&oco`,CcQ T2:i=n ?&AU?b쮬eTuHZ1=@/U3i 1=|a7B7/#tp'+MO%cynzX93[C0@RxȠ~^="ϻ^<;vLYYoqv[\(Dz ,R6Y=V֣t'~D1{ GJukz]1W7;̳`vtTX[ー?Q!c9\$0̀A&X֭ >jBi SfjS[ς:Tk+u3u)bR\VŃVuߟВ9\n}cO]U|394N l _N'WOD7?,fC!ZIP  /M8HdhD"ps J)J|=G@n-a V.xL$4WOKIcf6y i/|q~HXf7CS CލhH\Ee5#` WKU>_]`7K+(BŀƕkqN*kC%uέ#`P4&/؜_yVSpB[z'@ u.e͋[s=pmO}௥ g:WhO+"6[b@(Y~ ky~Ey8O4`?ڨI!XYz $b̐f:+dmA/] lCF UK2I)l`y0?gl5]>d]? )LgH>˃mQmUr?U. lA= 7.bs[aQNJɫ~q>buwkRGBUAux˯5E\YIkX%jXvC.PYBuaqçQ0tNjX;҄zEBſvxeYk !?fw\uCj7lN~' qR+*}ċ )*ڕR(ۉ>'8( ^t?tfF7PP¦-G*"cM7yW\6 F7&>4fֆ4MHKAn&OPWF& b Iz%hDw}hEpAr[`9wa</.R{cD7Y$[㇍.0!;C@||$C=#mR" ۃ p\turw#ܚmk~.~fRHm8WQgvfLoSR[Qr1lB?eFAhqEE/J%.m[B}ĥ}ݿb/J1&&v%^BܘKR·Ԟ qV@ KtM!/񑊁fI~ $9hXrZZŔ^8Z'.%4!>eR^Ko߳t9yRx?[͉uEeyc*f"𼼨*e S?3j]N1 .& Μ(I 8f榊E Σh#|TA|i [/#ro<ϝ? -\; H`ø\k(4CfsD0HIf\)_ߑ 7 Q7r {叽t,Y>#Vs; @c( 0{#I !3d NBnh83п(uHʹ-W(% GE$Y*?k{E{[K%t]%#>_A\t]s8咑`uݵ[mfiijN㌉w̡O>K)u2ed%iga~&\9$MՍ41V諚f p ;r 띍6 *GG*J> p0KI107@2"\<#yŏRŹܓ]:&$<-g)Icvݸ{:akuiAKMkH(HUs'/H?i:rG]((P-ƶ(g(R9 +8- D(?~ \/\ïں_,'LT؎ ][^uClhDoէ6[ۈfx}oh p|ѰZz/W>i4>\˅Y^>xX򌥎uoIec2b::GM-}7S&jmIw_i 0ުBҨH",@`/Ӌt7CZ#LV;eN DC{5U5Ç2B #S8>rxk廃;l&vKCz=Ry~TgJY4ɥ]IF{pkУ4KKڞ[jk?@2lX)*8gi}w\zc;HIRUq_ӭmF?4 c#t?5l; Vq*lVSMZ*΄QB<o'C̉Q9=ђjFࣇt~'|!z{-rBup#5Ri[(ѱZ'.wPt8v~8eMs322_qԃ/WKXѻq)bV^htc1fo8g J'@,-@p~=)Gnٿ3#~Ĥ񧸅ܞ&LGLb47!5t x-Ƀ0VN FM֣V~/+ɗ>WX ,9,Yri?1C7èy@jb|؜nr'"4ҿ]&hz ثB^ Է'KHQm,.fG^;Ct~AƫZ0 Wsx<<`>qH|sK5+Dr>[6c6"O4UѲ }})h0߀01].QFabڝC+ICDOB~GOa.Gsl~Y# t@SM #c.|P!>B{tz\hJ>ЕUJ\f'P85#|=X]/ V^PZTas+oj'Ze "upe &&Cش)k qy!?'~iKx5n_t:f,6)TT%?^1EhtfbY)LGxInp-Zk{+˄t6az(>W"'R [ZM:0tu AF17+9Hm-l0]'v>ksAdrc8̚)ܞ>?)BZ4.}}6ΰNCw3]QBL鞖WMÙ^Morv;"0sgǸ'\[Ww3:df٦b-:5V-dh B~('6ɔ\TߑEўY :R]!82Eq?Y`#~7B"`nWոQռU!=Ӡq )iYlS;"q=~Meș#S36 p檣Aa I:{Bkdu% Gl,C>Yj^dbQցMA3 [:XI_Q낮:y%,/_Y9T]IqZ%Iۈ>yOW]˰G KnsCFWb3>2A]$\2jfs1Hq.mSw;.D}UT#vx1*@H+U8#\R+ ={ƓU]8%mCvv(2X[-`j|1&quVS{f(jۯE{lGӃLé` h>q'~#y+uMT Nyt}0(ǢD->W1V\1a7TC3 QFuL>bH$ITۺhN'4g1OB5VB߷ZDqrm 7ȜMnDokkʀcsCxGP@4R\R6&.:[39KZ3EIp+eHTT3Cya)pJaMg'U+\6&kh1@xRlUd[*L{sNJm y0@&c5=_-p5oEF-ZFAyJXvUD&pOp.jYe f~yf0g{5mw!цv ښzl*˅2I;c.OF k- c?x~wl,r%,E!+5ڙj W~a.:0{⾬pP;|,BMeX3IK͗s(vj(B)ji(3hx=|嵊&b 0r1&ɇ9׶ρ OgЁ.z*w"'3%_steī,T-p#*E$0LHgCWjI[hRؽ^\gW0o'F,؛} cYb@CxWtr*[(𧻓:R7(ъB&@2TAϘ&%38{Mg;W fe,3V]*=_z K)"f:!__뿚=nJ3g!\PdLU8X}1W_b^5-̇m] ^ qa^2t-3MmZͨ- z\rU!dN0G,^Grj?K,>&g -1x0U4+`lSdIq,Į>39j#L׿2lz))]鳫HhnЎِSQ,rXwX=\_ms&CLuhZ)(9EsT6,;j{T@\JGz?p6l1_ [̓>VD;6,DebXEԄf^d NA Bc+IZQNMWWZcfZ:qhwZjv|k_.N ɹmDn0?ōR%t%(/`v#*M$*|_VGPI[Nͯ8cDC~QCH#"f;VWBLfQ.%p0XsV~J5*%*ډq_:BTF8BBi Q1DX&5?e{'_ٗc}! H$|}vK=~VXrدNv._v/uɇOW]#yndܿoh *qMS"lѦrOZ(:aeؾol `JFbArlqϱNbIGfg^bz˚<ި\P<+8=~vU&M3l>.mhJbqʼn.;ʉ{v N |͵%NB/ݝ ښ=Yᰏ $jy=Lj*n#d&?m,^$o>YV4ϟ=YΧrx |wp*;#as]f H0;xt4~J/hi熙Rg+W(Ta9r =^ఖ9l-Ӱ5qߌ Kӓq̍- j#Lr0w۰6zAm C/@݁df͐Zhe0V^ mz݂%p.ɴ }v1B Eoκ957 tJ{<@Xd(Ys젏*3P%C.՗D ==~:+P$_pFtZk>?r^ V*PnEZs CWg2sOtA}ٜreƽ(q0ݪ7+d.veT*eSHejbOv91 c )\2٬W^\mR\(9pqq_C>oZwZ< JS9nZ)oerH%vf +|2IcMg$.n yYfsgFb҉8]LnɯZ2JYTVC mE:+r𓡥pJGr'<ÞLh: M9kQLQI7ɏ.S#ZOp0emP%?&\_MJo5T{.:Z>^4$j]Hh ((to$ ժ*%ŋ`׸:jJX(UC#>+U"?XHI"2)kF]$7XGD̐A4_"\ &Fi1G_O dݰtZiIK+< bl{ar}WZgV%]@%@UAR GzRKO>]kM*8}ME?<=r.ElzTQKLQfR]c )>YQʙPUU wQXqź{oRP{i䅻reYIVX=L.Azsmi1ӫæp"p"Do{Td0 LbeH 8\KQG2킒-nLtQeo&-xj[S d"֏ge͢סXH+sTK9C3V~ھ-3S2¸z!t ?SSX1Q냭O 88kU{?WG˲ص!['uzl;L}ϝkG+*FcGa9ѐhw>5)Fhj;9r;G  CPqkJ*x"^LJeo>a8\$sUc z2zo&Һ s[E}B\wPQ%j[%WDOXRvg'YLG| 9b]G8YbǔG.qmvR%c{\vPTEΣeG"_V@먀aJC D6'!ED.@3 3*02$>,Q!lʿް4>Z!iں"T(zPui, #FyeadΦ c_!˵|1j̸cpW]d]6}$wJ :/$t g!E7JQUvžo^b[Ws=U=@"T٩DY3#ܵY goMlCO]f:k˄^93F~(+SP Ի \P(:m+i,jfSZF Ka'`<Kh#e!\^$U`1½a>иeH2Agq82C@iJWE[;vtWԕYu 9͖XsG錘u5|-aMnch2p4}7DrF5ym:WAU`GmAQe@Kx!l MW;!Ofs#3!WIVAޑPeUSI͂{]9'q=nဵJ5äҗװZm6` )%}`zEk|&x /" nlԡ~z1@4uy o!L#vh3HE]pn#+Me33ɮ;,l tɸ!88Kr^uQ*Ipް[yaw=ھMlj, Y/K @Ns ܣַ~RPĔ6+08")Z#{{Gty%x),c#,17yvˇeM$ۈ/bi[lʜQ-2v/‹↽xX~sDyaijQ%KԿyv*M+sKc\RBY'0 OLQ^ :T2|ge&Y3T4O]ńsu&xmHob0>љ>{{9+Cm.^x"K kۼ\ߩ VN]G\bpNm{6hWj@"kWr;\o1s[UӦ1@c|P )A U A}utU4vbt1r-WE)H=_E\ A$ vWs-go>ʭ {h2 gW$H GfK.ZT9>LhI5rWRwp~n1~C0 |Q؍ڹ5<$PR!Aԝqc Y0=UДSݭͱŀn%WE~$NTCBkJx N?J[EDL650v?-V191ӪBL$݌ae{xNr&5sQ!%~%7+Y۶{+fD3q8D֍QIHbcLǬ\; > Fʅ^uinz sF]e[-Xt 1F{Flu ґ6UܖۈyIq/wۑAO"LGM.`O`giAnd N2Eyp\A_NbOzAJ7OcP Anql/!['ܽ70n7OH&(~L I-[+"K-V*)+QvӟoTE{ r.߷>R8:IWyT54pV 2$ _`w. _79{ǂ0#PCͬ{)rpyE{2#y\(&=}$&Fnxrg*Y_i>bR]mĸ+MQz;z0_18-G/`w:*ÇB#}_71<]Ou| hn%I~n VehЯнT< MA8-I;{U(x̷e\:8<#':>TT  -"1M l^Xy`5{]0hFTpa9.Nˍ;qQSoXj-r֬h>w2}Tg6DzY;wm8FZ|hEꕡ)?-mC\YT~ .MeP`.4a*N:z#-z u*| 9єw!!<;=,m̫/|z%Z7@*wt"m4X,^,t|iw jY3맀KG׆8z*69P1$&D*fku)Ϫ]!Tl܉<O?qΦYCuHIȳ *uzqˆ>5uoaʗk= #!l3Պi,e0aVBAu6t ltYX #ZK? ZIf A _.$J`+nmbp}Tŧ~IRZ')=0[W)U(\wjYCUj;\ޝQ9cx3I#!~Tc$T$3, 0UpXsaEUo \xMfN n'>Jѕπb,d#LnHIi 7ߓ,ƆqRyAE&cn\B,HMJVޑsbd#$<}c3&vamMU%g`Y/H#G="@]1(f/e6ouZW" rF?b]C{@dX WI%(Z*G|Uubuy\ҷ'\%=~ v{_0k{YDU;=\Uk#>{]r;p} ?-$@BopW$=Mxaspr[1I\Ue⑦L\&Dw.gZ s, xHYx_y4Yl|9?N<`V7pyRe"3o?Pซa E7\p!4'W뢷ʱyV$qnDՂl\ )ԁ@tF0-؍7|禼C7 KĊ#Zis-<ޚƖqՂGiw7 LPʥ.,J! ` e*+'U6 Ր#\{hlqAxilDN;c:c$y$E6t qnȺOoУbz# l/O8l ]'UdU/rɥv2Gh<F1=xy |-gL6t~9|1V&?UQgOp9K{xHځ'9XeiEZZDNv^R% ݍ3&|_Բ. ∟d@2bYn(~i,4NBP2W;s:ժθQ#MM &0c)ʸEU~(QG9clکGZ e1k9=jgύzEoq_ݹZp>Q$?@C W 5{276N>{f4΋3ykv H݋]=+6*58M/ZI#I i[yI'kN ?hpm~><;4 b[vB;= 1.}2/eYA1&7űY <(0%PG'of =~b/[y#|ܭ65vSmiRެ74|4X9?C*rQDNGTR&?+xG }߶HxDAÉryJA~ V*YK(2 8yg,Æ"%XA.9 gPNSf b*"/"h 4=3C22B5= $,Y='cجW!&IY=SKDȹP$NEicbөHgShSВ+{Firΐ_ DG$j/ՀT0T&aWJcfܳͩ%Î[j̽ٱaP%P5OB#xJ4PeOLpֆ.Iq4ir<S$'clq߳;~hڛDXTIʡG~K?9o d/D )pV)a(,.4`Ik'| (tpS䰓D^XK&g8Q[f鸣0uOfV)3Xn)[̔T, $y*mA">bh#;nn`iJQB R^+ hD0 cH ,pq*@dQ"”$W5mi5*B*p)PURާ Z]x\-9o|fͩ0ꚫ0\k~eS,WfHb%`ݨl@JfslZ(}u`\ƸbP*$?Ǫ ,y?g܂ }!NTU?lƝ}V0 t u 4KXYRpc+#epSX X.'Y?{d?y:V̫z?W,  zյ?K;/e$d z[r>xSD >~`A+Z]WR8$%2Sc'߫#oaᐲ;-kDf$` Ord20,16ѯg'7`SU&  c-eReA#KmٺnY\ 'fFxxĮ+fAQ&/b,tc&@7 ~@^ / X!.}Q7C5\^g|aČvtέ nxBtI"r,[\p#x%B$Te.?̴#?YxKDe/ڌĠ2g3NHp+ovf/՛CWzClrxP#Kd3ҩAeSF'Zч$dY* 6V. q/Or!/Tͩf‚[0mdM-~Q'<ؗe@Lguc37z.姉Ƨv:a@:p\<VdyKDwߪj3z@qr!H\GVDYS\En0(~;5;9yD@ɨwH6YV%<*M2[!#dh3Řgq-nI"+J L̆Rg{cRrl],/ chݦ`ZNb_+7B|SX3 qXgƾǎ䓶NDKL~J,j|<[ A }{igݻ`2L_u7ϴ!o DRS.Z W*k)Rlc携FJʲHЪ8;UovYɦw͙r,Sikal/;Tls$AȻgWjTћgSOj:;NÈM%"\J}9ϣ.YRq55%E*R28WeBv!(Rk=BAoR䵃]@_5kS=BFo>PR( 1Z-:Ъ5fYz͊m 'K6}x2'P=Cz1%GjHP&O{&:DBWYnS!= /"`vk~p^V:>yĴskȜ`a Ƶ!r8=f4Ne_C Ai W~2@,Qf̝@j5׭Bw -e[z&vJVk.'2.HŠokybqXT7 èPQ /D qnA7aۅjӸxhzs쁗yZ$|l@ۂ=mc:*B='v1򐑪X@?N_38 "DW@MC=d1`< Dua_Y8?h[ ,2|pJRl,?&X޹[rvN{+|t+@dbaOFsU L蒇NPSLvM[]=vq6! ڶcf{@I_Q  v1ulodW\N$)GC)SPw?6j ޼TosLkfC/KO<}]G bG/|g3mK wRw繾h9*[:,K(58Z.Gg1n\iI]APԈf<uQot"$}ZrQ+ hc0J"UCd Sc.)Хlriy3]+2Kq%inC #CrǐenZP搤^n&fل;@ j%߫Su~d/YPQS i!|~&5/75ݴH,RR6dƘ)*җt~T@7d?[?%}c?1`ov~H\YS ֩<լ6B 0ūf=w,{}׃_ۆ2V|ݚ:NxSE[湂,wINitPvۺO?BQHM"e=_>I0 겪N#~?ӵeV,׮ IֈL/aɘ/cYmJ0~l8S2 b⅓ˌE]NG.%9.gdﮎr@k؉w@gtmڱ|.& .$gKfEUGu _CW^=s.ٵQ(VG$9`ivy^TͺKZ$f40lP#m.# kg'kxSxt}+!wNaQ^үarp<\с0h)G, MAK%P k3[ E DFji>$x._N {Wql,ZD2X٬xd{pK`x h}HHUP~1IxFl#Jп' R' X΅^aύ R)>]qC,B)$3&yu,GFkxlAf"aw@>8H}gT yfz0dƈϔXGȧrlp/=, `9.i5~ +͏?ʙI*?7 b1ŌP`Q /21A:`y<8 rŠuESl3J>FXkz [?Q\aE/K.YNʹ`"\Cw)܋b\+}@W˻10߮z \MtDz;Ѽw`lmp6C%=]a0Gk!4{lʼnN*1|+VFw6+XĻ2IjmPh0-RFQ2U:X)皷ov|u$w s֗%Ft0NCۯ7 ļuHl%|-i_Ϝ?J؜,b&c{tp 6G­v۵:(ѱN<}#4TjVXh`W=H_Yt79>3`& !~ S5׎3q/ F\i@G.?jOwA֕B@55_X%T$@!BڽL8 i}ƒ Nɝ*o;JvMìKZ@RFXkFև3cJy!7^.m昁1mX475 8Q2\a.32.aQEHl~:}2O`ހW94~LW3ŊJf%+,WfP.1K_vj hz]AiJ< lj2D⮏WkyX=U[.=!g`GJ}x7rlNm ]NĨ" ӒԥP-s1"]?l#5T]4'ߴ)zI}ȵDbvw0朁ZyD1Rd(%o/qv˄\Gƍyi3!J'@&?AVjL='sb>$ڎ ;_uM]>XzR EeIpG5n(T" Uz=%uamkχvA(|IpEGl4R sqWkMZDˮx'fHTI `i,XyP;4[];(J_ Yez0XFhӘ{cr`tG`P W %cAF8z6oQgTW翯g̑Zf'~ bRÓ|mȼ:{άS 莆|\Xh9/.ѷ^+'޼Aw?K+j23٣z5-:)f)qGr2=3(4NG<"G)Z{[0?CУ@M:Y@蚄<&uw eLI7ROԩЍi]+L ^,PgVtvS"C?L;o,9KpI7ecqՒZd+~8:Bw}2W0旨 2uFO!p\jL 2;s6imkW&cd2@6zP<': ]TvCTe6erdi0*Vst65ĈV\XVR.TOtwe-*Jho&챸zNrKuQAQS퀖#iX 2e&YHf8V5-~:Ϸ(sCĕ:;@VT?4x4{@wd:GLxPμ+< {T0;AfJ|JV*p LYXQĪ ؁arY֟3,h#Z3pWx8A"6檂XHG]@6 ݸfwHxlfIm2<˰WGHU41kc(&L[,8YL?ǽ,< 8h)«BHG3I|(L&ڵxL%2<0T+>;$EH< 7=b4<1Iǯj$g:p,d" 7&E]h6c w?њ 7D椫U^lq B0B;Gai.nT_ d~T '1WI3ulj!U2ء1;Lqi[ ۑ֏i?> f `i rX!,lo܎T|/w0&im6i*OVU[I_C>?Y6v*p &$1@&[.\ur=쫭jSjDuW0IdzU+{[GCQ@]KW H,_%}w;hu+x+pXm@ I}_iL,!\%&rVXٙ"9Ǩ}B*bZZ?̊T?哪7\_~ru*l8`hLŪ~1:-o G@kJ 1G黂XcA{l uXi#9"A9+BmKkZ'*d :C4R^rb,A}u3:t(P6U\_fIfR @>xؐ ̆՜;j5~Y2匆#$ߠTѺgoC*{܌8 >UcUC\K8| '6V:gDwEC>KMaWƴq ~ wHZ鍚g``SI>WלzKQG=TY=ί~?RwEbm 6P 6֐fX섿x̓2ݏj֯>9n>TL#ieiQ__di"a 1(ߊV0W4⠥ȳ9o6E(ؿiF\k ލxTv TO#wo0١tYUo{ R7@l=i_aGW~.^MYC7qJ,k$@$( Gֶ8tiJ )h-:K.{nUV1Њ*bJߎbʭ~3Ԉ iI\`%0mn7rƖq]2F&cEܔ7cM7 ȯe6:eDsV/"`3z&T-U'1t.h-uu5-$8~'\G=ʓ y8.ʿǷ Ȫks^O=O/p5Y )"#"m 0xch:?kZ'7uM;iֽ0:6'.L",WiE69PAݥWmH3Qc1|OW-#)g UjӇ-r2 횦VsA :؏*4Cq}tՒoHiuID LԱI@J0ꠚa6yљ`2 "f5M Ge̱LqQ0C&Ϯ4P4ږ+n.wABX~|i؞vp[EGfgAn>gys/?8Js)AҖ5?QVkGD>oJ $J ߌ@3>SQFm6biw4QݏAE,;z$.d\СgH]k~8?= ;wGb||l9Iܴ?յ$-^DOٹ,`8mD9uR~OY̗)ݮĪݗAjEb:/A0N~MV[.BZP&4WjG4[/hfFDtb/Ue!eWUwb#ݥLoc ]F  8Wu ÅwNJwCd*=k]X6l%7p71zFւJ,~E0t\qqsQ?ڡqPhO*`"CnT|?c_~}>`*S{a )c2#~Z|c)_/|~*SLɸ.3$)/qG[e:fJ/EKc)Ρ?K Պ;~G YLmڣ5Ё*D'2#6R:YˉTUNs=|%3y4(ϗVS!͹p2ZHHls(/tئh`~o9@6@(j 쁣^ObMHAX(v,uMt9V3O!5Jt=wǵҷpFm2' daJۺȂ6B﮻(z8Iv* P㐋ZnsEZ5T^ᘥ:X+>Y 4q}Z*SF\-S_ L.$Tĝ2NVC?O];\b v,ǐͭ +.У_L$% 5s:D#_x'79n8u /ŌJ5魑ي{|Ա1QBb=C>RLA-.ro, -z+*j7O1 OUUv;d!eS\#56eM9M*-&Q6(ڏW,[zIi :||kd9 %!ֲ矹}䬼a ZRq{2K>IlFuoZhë=ȍB<#ئ_ l3[LxYVsk<I |qQ! W+iY0 ܤ DQ>r +Yulfɾmh {~V%mZw=k[vIgVGKen{O#@e7,W.)"w(dd1󳔕%zQ|[Bzt!_S~z=N̾R^.l"YAslV7ZMn$Koz(gǜyN J۹{53{k\r|姼sٸX.‰*t&0V'Znbбa| l>s5tLp?6j+H뽌T|# wأCYO`)P;N{ڴX f>YXD+2zG;U\$)$LNN V4jL?Re9% yCT^Z*gذ'KQOh+7Ⱦ.A !v$7YTO)Oh9z_*9F#I=nNC#$61$L$ QORI]+IG'l;z,]B!¯zʉOA\̻T{4/!`މJ H+M zbG& }*6.5F(@YGNɒTYJQ?L>,ϲ}ELQ|Uo"34}UIxh'ժ$Dzw?UO;\0SɬVv}G}`2-q>*-G.i~twU(GYVˆr2j8 ;yqR qX5cޫ EIsT42Oƻ(wRpE ZᏩ7^oxX(+|P@(:iC%vn=LOyImn.=iiAB:L%*Q&x*~3fWwg:W/b,EF`\\vwe-RhIewFmthu#<CЮYrM7A̋' U֮XPF'DtkF;SjH݌LX3|ƚloぬ.,Dͱjq}PM{V9Ox:#i\OBL:ˌL2''ۼ\|եlիms'ԉe] &3I >UX73cF '8W@qC/@4z\Sz,=I!a d9s"uK~h^K@oj9a[,.ui3NϏ-h.ݚk;U3T `y 򎋡ȫƖtca+%3!B(7c_ʰm]kȦIrM;|zw^K)T~×Ws!B0V/>{ٯE痉ȸ{: {Zh)mz>i_ZWECЛgU6!W Z 'U.ΘmSE,h`IA)h|$:g }&Ed@P0'EsEό;c(_-x_ՂI00r[,#*Nmڵ>#JxdžJka$]A s&[6Ce7ZLOMU(rJpDWromx2#βŕ/`NDa$;/ڳn~(QE(JZ)M2NtW ~B=떡C<Վ6?4NQ 9{i@& %9D;s&3RMU~^"½6oGmbV*..yj35ã:fԲ/F+:b`2&e6bBy \_+;-+Lea~zO;ېY6Yw[9~EFs13N .e6zL.è J qIgRw; y,$䌣XǙl:sB*]T73-B U%a_ af{7ƇYef5rwpYt4TOёdI(8Sլp2A mC?(5]w>\Ky< [-!(n//ƨ4N($܌- (@YkX.cy)p*ipݭJRm!O;y{yw#?ysHަ&+xZJڧ|xp<5 p$L%CDTM!bphUb tE١c)k5NpZ‚O 3 ꟔NjɊe]pj2 ee6`HYtdҔϼ4KSkosV3ɨ^SH6-({D:uǮ&_lz?fX;;zL}:|Yk`>o;~ㅘFԉNyA!Vo|һjWW?>˗}e*EWf v1t(YD&8\Pd#"_;%BHȘeCk_,> skѫ1wѭad)cɱ6n+ρ#Nv2TnbcO zqq t ,LWg"b6 Ż̝˞ad*MQ tEQ`uirH)o&[wpB]ߑHf "-oNuԯA9T2*0ٔ&*O3EfCtt(DGR0D7GN%}1|%\4yt mN<ΨSIOB 7wDgR|\의.b@{Q i{?k-q.vҋo躋,&4GאY6S`[ g sw<̫*UclȌM3m81r=E~w)^m 78U۟  u,`jb݌Jp;[cMlx;xNƕ5Dqn҄ 5ڊx4v5d3ޚZLNxN%[c`p' PDz;/*N3j8 }iDT.uތ+$CC8嬨Dx!ZM"`yE2vs.4[tR DvX k,AF~45ޣcsr;KIԚ f$ +O+8 M<BۼQ(U"J% KDGb$n̚E]R ‹[%qxٮv6s7A_ђ O1U qYW:lБhKMvApz&Tdw2}+ϽW ;Eq_l]z+ˀ?JCVgۖ6s \ X?ق)~'UFLUBy]`Y@S;-('mĢX?4v=|:؄T}+gTR l^a3OH  6@nkc32dCvmf ϋ%-;J.bmuC)=0sX|^l;} ːkbf>n=VMF\E bigqE+ 3p"]XwQWL5ocuٝ1 ej};a¨ȩ='*jHdyn>UY7n)\oW Q֮/i`/s˰4S܄((ȵB٠ 焰| 48Eq> &.h\g'g)Vayqi#`VsJsR*2E8&"X~Z;sV@-hu pD{ZY܅vpȤҹVo8YK]a#9J_.ܧ(;[;PnFV+^ΰc#~; wc{|PGN1%ű7B?@MEvWr]ɉ6O~v dN-du%Q7fZUOiԆ"M_"g%^r;/@%~~~nͲz"ԭ<ԛa UrymQ\1z&x؏D {'llg:|%ӪoDws.5 ).Zc?'c}uK1[Z8lFYYȄs-8'9Zp{MNjGX| O< ⶲ]$؛7 vS6qt)0੘i܅>(hqz]Tz܃2JkH }e7Guoum0D O0n6x4$X'O\@K߷bUx؄ _]M$՗ez:У鴨+jp(/ĔGȵP'}ĘI"bnH̀ #Ȝh-t)Ӹ3Fgs},SWmHlԞg M)A 겅6)yY[@i? Ư}+Ub@bL>Rѕxpkpn~ %+ɐxV6Sue }s -˿C91#۳C^Sw-lv3x Y|ͱUhRFY~Odn ߇{h\CH&_hAvGy'R&s7t iST:`n[s X@0{&9 q_\* VX2W !,^'ENr(twl&nӈy 1:XDPGON]Qn&SMVkHYNzDeNʴ1wC厾uf3Kg<|}rC6Qb7&߾CJu 'k_lEWB-mpؽi9#I٦ϵP k1з9R%, 妉!׻aPz6 p 14Y-ZACۘ*^ 4}> ]8 $"Z4$Z5+LjW-x7bU}\׋ζްzVNe&KNBH'mmGU($,[YE[Cy%,O7Yj 1_& K͌!*K0&l\j9m2R[^&$kIy/V0{ZInq[טG.comKmeF %1C٫C1Tu!or9iLnCshBY'I=VH:Ud6@\eG+x\mbH D%Nsw܋< 2|)7-3!@J ;Qt nfHyF? 5p ^V_=?Q3)`=\g>q:my-I(صi [*\沘+J:(Nl_VwzTZ#F6lRm d4KZJ6Rm E}Z5r4f,֙k`sa]"5wN B!s.M8aA~Zir\,K<,w!Bѽ(flFd%OB} D1ݪbu$PQM9Gh t #?4Znօp$X?mDWqf# Jq-ՖSۤ^HHd]"R&jY[w|{VCƄ #5gQxRr70=i\ƙӬ/815kF'o.2ZV01QSG)K*/s+`,)lnw{dɈ}r_fwDхop!x6ETR&Bh]g0Divsif6nZfmuI<-ҟFs!1MEzȴA.7wuEsTI"nvOK"#k~jܷv9"Se3q$bOqF6'$K*9SfI2| cA-%ZΟÐI!ZWތ X =Ԏb١樰7CВBd0=vBI+^;PXoj2`3wSH /`‡B87X iUS-˦[mO>GoNlL@S'BARVzsxx67")FP.18j9 -ҭC#D6(5]S`@%v6yhqT܃uJ?u>,aTD+i /HlNQF.DI*-8[em[Ê ɸǴ*7򹭀1jͳA')ʬQ!ޙ01I$Ma?q3/.m[ȃ`Fas]7]Օ]1>B@W7X1=Ad4c:F5hԊEqcuuA&xK^#u-eDz6,xziO 63C%E 4@j+J9xP*%=edH.el_烱-䡸,%i)CM$aDeC2f2eBTY{ Jī=RS6s͂_uS3+\U2q ·lJ]^ %~7Zm[ādBeQɓ`b~0lu7aG8<פDn,qDo!q -BDOށD(TbND3˟B~8yC AnNfˍO:>"h_gxC|U1/o BNjT@djw':lT> =6@M]kbfpufslwsQ{o;2XTp5Wog=ZvZ?QlaIy{At)03.,mщ$k1(\Ml+p΀ mM, @%B,׶C]kJyVHx_eR >7Z1b Zy("4rH& AԤ> /u_|Jl<*-Ö0^>Ti8XBNz6r`S=h-AS&yNǐ;\f$Z&@Z!GOr-(]17bv06g'yAvsq=ܱ2m>Bcޖ&grxuv*R#9~HI @ffDzE%erOOo2xqYsK1,İ2w7hAF+}W jC2d4T9KȞ3B|VL QEq܎W ׼rhybIÇF3(: 0=@JHAJ8ifPZHs'a K4SFu͒&WQM>H@ ~^p>x?=Ask@($2Lkg 5~XTD) D&=\i8@ >jdc NlDXu 4fI4Svz!kYDb"?]#?Ж,X|bn[r֚ -4!7؞y;@*0ƕ\F}rkă!ewVN?k:1T[R+g#~M3-KYٿqt$VS\N>yd@l7g"qmB=VVtiׅ1xwF4(5E5O]|V/1k$酰3Ja|m>x7okL/,t v%#ndj( 'o,i^oVЙ _D(͟p(Z#vWrH295_AhT$6DošΞ`wͻ? `Lo>XQUG32}PaT|ͽxOVtΧQ[ֈ6X@.M1aFtJ#ɲ't݆F\C]C-.L= %)I-D:e}mƋ;\V+hfO(vP%A ܆=cy/Su/ER2]{)9Xweg*!egؾ: pgd_wm7-(Cw'!ި-]K@ ,pb⩄.%il 73@DrUW6EJ{-Zf@~!K'd0C 0$Gzrȴ?0_W5MmƠ^3"y.FC4zr!8TxS' +6T<֟zq.N 1T#2xtDO|NH'tʯ𔫪pT})y"W[+{m%= }rJ]fr!EQf2yfVٹOI UfwK/Ҙ&Za!P#n(+':g5a`PORĞq>=;ŭ)a '/ZJ FXPnʌ;.K^(< fIgٻ 6;vKc)EȬYR1g^Ύ;].ee/C(GbM.AYϕaQ;-QuY{(ן[PQ߅yalۡI,P ΂(HYhppI&:7 * EvҕmNѧLJ>]r4S'J[! 2#AQ;I  kzoch3Luۙ tP݊K ) 4{E d])!emVnj^צ~D} ΄JbVpb yI k(_{)2]Tf L$  HbZixr~~upRe蔧e<*KP^3q`Ä{@h`5qv+b#2CLdƂ~/Oھ>Gt@` @cł" t;2 YB]|!R46WgSڈHJP L< LEdzwotM\gNyj71j+w٧fd?&F5$h+2Cbݦ4FKg;`=Zx9P@%VNxs>VmB /*Raz 3,-4ւ"TPPrUwO{`}4iM!; UDN^(Xxt`C LvrKzaMе,iP-"(!Q{?V!bRJNڽ bqLi[=Rڙ6ަ4Op@➠V%'H, (bK{هɧɂ?y=S+JRwLxD=*UH(+(hJX;W-&%utoOq%N!ٔnl _I |`d%v̙Kv8?XacͱF(; v{І飰v\Њ젥Xu{:7\ **C# _23UzΌ=9#*%[؎!&V3ӏf jcE<  =*pZU4 ]Q_1Z=8d,--|HJOϫ# <Pb! 4O,`u`Cr֔cX+>* una7&P&t}h^~B`u_Vr6)Y8@L3g?ww޷v멖ÿ {.lLt]|E2Wx-AҨo LMm]TjLc\&ZJ@ma?-sj&\4 YLY:+zg(vJ^hVٶcP1ЮJyؖ"^~XlNm nn :Kn/VFK*Ha]h^ J3-w$l5w6?,NOͩ}GnA̗%p%v5ؖns-_n N? [^zCھ6#.`~&8EN{00Ac9~ꢕE>. rGxb/X= mthܫEn^g$=6!똳K:‰o=-m5u6j a!n)kHV?6B OeH'הQgST*Ŭ<|8c)(82Z}0&!])ҦYwP8ы#xQ7c&lcxjͱTeMC\nt]e2SCվD2k3z! l8dj/ K16~j<3 ,EsXQ{k1Lg R+{M7H42o34Ka1`E*- sޞ-R -Pq]kc\=$n,f*\TúA$J|@mGFiɏ 84_0GL۵|D-@cj+pvQ~bͤTXM -NQϟ0oD')\nqbzuьYJ-hNdAhUaYq%w`o[XU,˛NKT.GΝy3 jZ(t/ԓoƶq6rU*D@S j 4 ͋[ tzv*!T2UV`١J,_f̱fiJCf@_q[3]{"y+Bs$QQ [W$/xkD.8h.Ȧxk0'=CZg~-o[Eo"&>%ۧ3,dcdWPܷ мnZWQ pHEac{ MJMf$Q=WeP~| $ B%p& -ۦ9|XhdU|.;S~P_\$ɠqdvPA<C_N)$~f"nM&n# 5AxzQZXk‡ҡQSGNRŴ7=W]2tՋTh25M`^hkZs0{@ јsdnUpL=?wBf.:!60!Knxf 8@ܲ Ǭ@mt:pɄ-o66;fI m3(aA LR#a!~`s%d^Nx P<'k~NxG&9ч]ɶ;{D}x EUZDiu9o=v:4o_#Prdɧ>aO; k7XÁ]LGbG CwkO`f蚺{7Tا oYuEe|󓪯A" RXD<.UdlA|d֑,S1ܤ}nMFϱ43*dD;Vķ%?cO9R2ū}sq7\&1&2:s!Ϥ,Uy'$NJu.ap>T"IR4淉`RIu97(<986$-4(0 eMsd{mΚAM|!dlXѭ-Ĵq̿qضU|,!AИ݆aL9ۡQ_ l& g[k[*Rb(z٥Ef{[<;Qx'Tn [0jq BTA>Nb?h' 7c4YZGXE72Fr@k͗ձF,yț@_,ﮱ c9b掳yZ% xǢ}rx—:{ xk3rV(UI砲Ipm 56Ȑ{ڸ'FZ|+yG& ֓ ӾHGnȫnän KCIA˙l{^mW6R䉎 %5(@xs- .\7K8Le e1[&(8R 2ܞf !Dz\=-xZnf<1͆G[:[rm0^>pY]Y'g{VkFoE,wO*7JR{-jnpe'CL%(-e ~GgR5\ fO<}v\L΃nN,@w)FTD׊ @vl%^ R)02Kœo! d#g4LCپt&{:Įpa貓B}޻. 2}C V&)=U6!K!yr6P +-H"/xm*՛]н,ʽTx"f#"l@{O]  cZ{z:X"z戢0f4XAǺ_;-Pefqئ k ԟR~4P;z i%]9wyfůۙ\VwąvhCkK*_-^Iu=$ mA^VPW큮ɌS:{eC053`Jf3WvyV@7,ѝ< _hT1TA iQo[~ͳ;nhne 0~m:qp=F`Ll#JCvy7nAK3tNܽ}pfEQ7ΰdP 7XU8`{Wd(7 )AK,5}tDW| 2 { Wڀr]h`TOv/Jd;1'5#`)Lx UVgJDP-Lʥk䇱\U(JA!^ hLpT/al JmiA6<RhGJ^/udyL=KXjEmb]|?+Q PJ?3&x*#M(!=謁wgU k-SpdJEe,`P{aB=Q'4e.I< [2M_AcVt3] Zݵ{E3M%Ati_Ϻi+&"|M+M⯾odE*;!% txI<~='G <, "/:53lg 'Ev^iS&Ljv{E"JRC+ـbv{9<>^:z/P–a8Qhn!#Ml]@B[Vx PoN`9;pV Hl!ۻ92sٔ:6 jCl2z>c*$RבTwMxBbę7Iy6 1i:&goA1#W_i),Hgq  FE'@Vy~&dg:5⨔?yBU F7w]rh|keu/D,EpRpQO 8AaXHVRbeuq'j) wS5ݨ74P_P 321F r5&8ڋԝ1$(Tn#Zt?˓|eDlq5|+J : N*4L"XWI3r/$㒣 ?W]T  hRsP&_T^bf# ,9I>W#p#wu:!W?[YҚo~qz4F$ Kdz[JΧyg^׋єƠVk;5.L)h:6awr#BPsZIbP{X96Vo3XQY/C1h[+}*$y<7`mbBF'_ l%5F/0N~KFtBjUȟ' \ĻcI{^F'(s"''t2F huۚ/g1Iqq`|h,R[$(uN@zYC4 Ʀl/W/+wM~#;8j&xF+Zv0P-X)[5 G8~>4z`/Zd!aqs#hwWuyRFTƒؒDX&j^_qÆ88GTY}buذ=wC Pcz>3LK䣫sB!? E0KM!pZ }Βt:$DİkH0.kXM:'sYoKf`MUlZ+:W@`ѻ}G'v9ePZ ͳjE5 =ncA\ʮ*sxIk sh(p_>@HDZ)=bswloі3Rez벙^.o!u,9jՂdL > ͩoc5Gn_8p ~?o<OB6.P )9˅Ǽ?"qw3UcWtdϑFJHdGfZxP-8(Y_jD)LP 3I,8-T|Co;LOW\lP=D|>Ҹq78py@lѺ*1{i&^ quFBHW^1|Շ%mE 7ȕ$qS~wk>*~Gk&Ԅɋ!#纓XW1#9fy 7ߨV*5a$ M=:)ޣL="Ub?P`X_AQeZPq-re`mC}?-1Dtw 83n rhh?k6*--_>NvwLA-kjj7A!x]U9_$(7^J1Ndҫ74L.`$6:& ١i-ul8z 1y" bs"V^Kz{W-,ʹ\Xfy8Ԥ|!ITEdJs+er=4 .RFx$95L|;y o;8L!(y>lvC A qy|P2~` ̔PV(dM<<;m QV̝kUFWcd] w=l@^E5[r7"2uF1{d΄RPD)T&r7]~D>Kv*& d.A4D/?1-(JOw5wѫxM6D6Xl,>/%`3NwVk3 uF:_0TۑRFBDȾҜ:Z(#+k1dsǹhbF7ܚ1785= ]*FIV엤N,b>l|s߈BXJ21({Iв4[eW̭D[poVcu5៪F NJ| lCGojuk[;'bzl/$8vWcFg -v>-# A.2;2&!=Kˏ=:c  n,VŒ`ٓB^TԿϿ 19Q{%i0Su['kkEE"IۤDYR}Ո2CZS3/qc^{T )9oܦ]]rA+c,{Z}L8+젦VeD/n  {ZJ' P5R1͊InOQnsXs 0[BAd6OiSn  YxqM%Uk.ܰCR"FeP &}c~LBμ83aZ'FA`йC*Ss- Fcq+JK\yP&:nV_댳N8K)ccU cZa9ݕK(y/"X!c{UIꠛՊQjڐB Eb/!`etL>t"žScp:pDqC`$Iq{)߰H8=v/=R9Zf-p]7=7(HK(4v 1_t^R  B퇄yFN|FZđaaͥ5`L|His7km3 B\caOƬ`Ȉt3 ȷ} =w;ei`6dgo*n@JM;ieYw]lrv6"/<Ƚ*\e]YozbQA_y(RW$U%2©I_j6Ц!It4,R%_+B! c,#}J`2)tPQptdӍ]!H+ ;km_8)ꄵL?F; Mםܠ#-s&<**B nQo۰MNMs"H{bBinZbC9 fx< Lz$OT#Uj̱^IJK WT/L4W9B2Z?UAW*/?2pnmsjl,.n#_͠^;10MԑAxvVp6W\MH(= z~"wtdc/L]gjzmoXKB%g6k]4 BS*n.#6QGr/uQ7Mx#|%oe`=|O~+$G*#y [b=ïOK1HԚ/6~H4UiEOU+E񚆙Vf hMbiئjt$+P=jO I}>(Wӌ' "#1!BxSW(iQKݒz:nT;F4X'b7zߋq떱PBMrBMǁ35_^FtYtw,t g(ʠ}ߖ vY'tܬ ť@2FW?:"1o!<74K SUXUJb \8O>H@EDFwR)7'&KDnRYt VAӍ, -a^vh%>}&12wWɨdni<fZ_O%=.r~˒ugR|nlgǗ1!f+84{LW2|}#61`dO鍼H٭-VXmkk)NBs!rxֳ*Pd[(2_J ΕcpC$ˤtf$-ЮW 1U֚vEr(_gT-?D1X4Qcx"zUP`EZ[ ]uxʆL¡JIi@W;~͆i;,*MװH!H&/,w$ڷ"v~~D[)A/>Tk0C sX=\dԣPrY~H <Lr!U <Cj M]-Cʪ;@W_2M'*H~4",cfMJc\[q> 1 L[r~8]Nb͙Yz@4dLȌ%%ōzY0Ѭ s*63uxW,zS-T @!! N=8%#㛏bl~˿{XOՉ)"9W^IKSy{Mzk(nBk9ӷi3-NIRBx p<Tl'1,^eS}ijsPŸ%f%m3oi',y3t[ԍm@<>JĞ:T/nS\AsۉkE\ҾgwS_5Y&b\J#vK>nE`'*EY~ʛ[5b&/O1zNSc8`<^z5|;SN`r.v,ovXS\H !;[!ehu#n)xi#Dln!(z |[ǟvq"VAQ~ژp7 sfxjMR%FC9R:LѥH tϮ~ɔx@Ϟq{ir/#zZtOk+#5RV9o w}J~p  nQRB/Au}Hw+fzƱ'Ћ$RI|e꦳ IbL2Zlܱ3Ʊ#s-=,YWuc,@sG7#`\7#!xC Ċ9).]kʻvЭ,l2bGDlZ#@MM{P0Jdy+ R)CW b?NK@@N9?ʨ/N%HrKPg`FU;>++l3Vl\sV)YZ?f(0'1b.߉ʫװrKo#ҋ#Sj2EVEp(Du0|vd`j ' jakR|\iB/kݑ:N!.sz^>h-xF2KBd*iO{"Vcc}V S:s 7uKynlXJJٚБC&c2%Є+R5껷x@'N=`phš1'b`;)d&V%%"IiN~V >KK竫F|AO8S/ >93f.8} lrMttW6)\~;B _MM;Gb(;Fh fHh]xNc ' ƺW1Ld@ )i D~lY\S Q-sXC~l޷5cT(#ԧ8wˮ[GA8R]D3H9SCC(c{Ӷv+GxIŘʞCi:Y>sh|.(D PYO6 [W-6sae}P'`ӹabbi# J9[ {9Za(?!=i>VB]AYlؿN?Oh'9Ay2=5H#e0UL@ǝʠ^"_Rԛ};"%p p6n# nu#K5AO+o XXERlA"Ab[Ej#%^b:20'aoe5o>3#C_a-\nc0C6+NBI8U"vywop| FZP1A-;d&hip` Nd4C3]5Arm]SwJzzgt0uv"bm6bz46d>gM5fDbS\<~w n~] ʎ#Dt#K`-b#u`YAxE~x1~X|g3vl0ph82kz0QjAl@μeUʋ"N m=4 H }kMr}z$\ T0dhkFp='NQp!3ޟۯgrRqƹ⫫0 F~vcj_S܉RYaY?> #5;58J0(_oBGV;>"BLlDCPc475γ%9U̒15P$, ` 4 ߦuךt4bȨx5q0>6ǕuB},d+v7®e}S cu9@0_xs}b3 %9 )ύKo6X'wP.bsU+[aLy]f)r~|^WIڭLJ~wZe"h sX\EtCw۴Z0r>jҳG, !xiFuG'[ 3sD3ǖN4eTN{dYpqߵ#Cq!2Cc@Iu"0r^&ݾ[9k 0n;=&W O7{ݎjBң e(xVFz(waC*/-f&Lqh#@gئL"zMTZBՏo$))ox l)HśZi H%cu}+w>kd^aߧ49$U&`J5Qs[Lb|4eMyc^Wl15U.j<mn[x@8+4bCÌ٣&Tg>s6bҭ\˧>l/ FlfijuTJ.'vð/uR)<+8Ԟ]>|6b(OŜΌñ m.W3 A[Y7EYZ.ū!=bJSӠ…U{|EwQ+ y?Zip7T>U֖=F; $KRhm3#Hwt> iΜR|Vg $>Gbf) ~ os{V5񅄐%Å"iK}8X9G$ /ktٹP?Asr&dB{Ct#k$\w2eD?&cG*6Vu~*"䑀/zqkvNZd^r Vn"eSWJ:kXҷ,ga 0 5b;jyވWD,ba+׬OI=]srv#@8>DcV#ivD k,!nHdýr 'r>PlnS'@%p:d8%O.-ًW2ET *3ǎYC1m]k{tǾ0 vq _Q{D\>v:<̜vlĹRA6,4l ql76&9,c]>|]=v#ʚRNgxGk? {qOĦmZ^;DɄ1 7;v!p*_jE] -b澐b8{n!ג6 Ut~,+艜@"K &#?\3GtA.&?e"[KEIȱ@z/G1!5l6GX9*RmM^oB$SNQ>v ܞfGX+;D}}GNΦFy)Ҥ_L c" *7'Z:jEu@Z 0vհY/$RSvr:p Pݹ Eʦ`u29 TM*R15b7^vOr'U `Ri݂Lqz$Ԟy^6o 6XT#=g{쀴IY-Y2 Mx) *ԇ#Vm(ɴˀZ/rT 踅H*!j-ϊk8x .ּW)wJQbHY[:ōN(fef&H]RxJS~5Oo"fkƔ}89t^<,A8 6sp"맍1fߖ9J?M )3ˆzcD[֢t_+us;[961w#ÙS6uS8v,-w5HtWDwZwi[μ|Eʍ3K8'uhK*2M2f)AdK0i}M2oVv3ZGw4`9: Rhz* 1u! pK ;ʞ@]S 8)x[cѧs:lo&EwV7>U\B9FfUB䪶έǺeP]P[;7CybnF[n+Cx,.ej0oDvAwrMk~֨NCx%s"VpuYJ&q04c%=֤3hB]Z'`lz;!`)[s4}kqR%(-š0萣L"]Y 3>PkI4"zt^9w]j01A0;B ̃k7R=Cg(-ϙosd=V}? +o4fd5IH AYhEOxkjhW5IMwtoz\3˔}1'MDҏ'.*JKt6_/.K݅B/̹z|^HL<\0jy1u1W{&!hvL:D\#O+!)=z3 ]~LgV]!TM_ݗ{3Ϩ&6.jh4Izx> &!X8~NEذ?M 6|ޫ qwg7c/< ޡa__gY0Z %-7vzVCPVAZ٫b'FR~i9i|&fΏ>b/BY_t('hR-m9;xT{JiB}"`ٱK? P&0qDBc- L* B~Dtɮ 7o%H.f|O0BUl ȱ|Erd_oY=:ȯZ9CX+$(I< ]CN[4=ZEJg^^1{"7Y?PogHFA>ѕ jNU)~,md*될[5P-3rIqL.9A簇>F~qD/;j8/Qq\Tú9XN>ˇ|,LAĩӞ& Q 8}iwH(OVuW\YdÊ 8@ڂ;>? )+Uh8*i,L!ܟgsfC 5?M2 yEw|PkVe;q0]1kc^e(_(?5*pv#I6cRr5 oS<*bCND8VvBlNcK&v^W2@;١T㴏"4_yOb2$קwOG9z 6:VӞET 9%U_Aw5(\byX}/O!m0v6f Ii\}؉3.qX.͊Rpw]c6U<'|0^fbf$68 [bP 1tUC |n:Cf4kO z$;uZߋ߹ 2>Ю8ʓ,+]̍sį !L\o/S9bMR>%rek鿋h?!0U5K?7L6x,cevvoiC o 8n4M,^9uO_/=߶V:<:o9F U5aƾ|PfTnf"AP/\d ÎXg+7;XZ"Awr* ;Y]8Va |ڔ[42 z!jSu ?-DB~4mF{4} SK^o9|"۾>W PJbeU+v;R.`#?z6o| t1H#PLeF;yx*!Iى䶩C 4&25H'̙a?6m=Ckzh&ߎn>J^Q+20t lGy 8S@ӏ<Ȓ]wG G3k zv]Vmhb&%tf=twfS@OM?`QrsflfDm(#/r'OJpDj*^bdBH% ) xnK{YNB Kd}d 5Gf,Ԥgl[>)o4\O tf> YL7)n!Io$^x gEs)0SY5z<4vHY.{ "YA1G *΢Ҝ9IN>*sFj`oDuvu+䞲1`' $GaT"R/OӑztLעD0$+щ~аxoƘ3FzfgPj+Eғa#m/.Fk_3sO`_[c?|M~k·4=Q4AА?FYayrU33ޛL* |hY}gW3PBC2\H#NZ,O8q9Y? ~y|m=GAJW~ &؎w0^9 F 2g0YevJPq3j!K`4S*#/`P݂ .!-8A31oܷ.ws#Wʇs]!f̠]|;Y[>{ a;RdeX/uLd@WpaGD?>{gA2r8v2d4h'=d rg̱tݿ*myYqT=kfn~.sv)m=RWLoRm#HH?/[ j ǟ_2az<:4ѧZ4%#MfKiVx\m#Y0Zu5Rlg6ްxEbŕ(14#C@ܮJtؼ$Xlg1S>ڣjS<:y.!FȄAQlwYz1g` xL2%ѫmڼ{ Qy3Or3c5{qMkX E\PPYapE݁+'Z3`",(a8fwkDݞM/wٹ>T)djehĀI_d+j0`X÷d䐵K_-GޯjBptyAFM|UMiRN 4s@`CxE [ׂY7ұr>ʷmBmPg۝hvGx=b3咸h\ۇxvY/QK29|n|~jz}ڛo#=j23];xq\ -8ge){m]B zkjr4.wEt뢚) 3F;siE'CL߬**޲㑬JhÇ$2`H W3TUTC2v_@G}{0&S5B3 4}LDϸ M}fT QgRNfxs.e<&'¿WףTRYB2[ĐVRHޏ &Uz櫇 78"6~q `>iS$]IamwF??WU᭫{y<1&^x 8TY'U`ISH4^M+8Q\.:P0A kSkMqђk.rtHZvk("BB>DG-iAdш heO&ۃ醮?$m֪F;ɜBHX hB#2SMqA:fNuR֜OX{&?ywZv0Aކ $1c1Bp 9}1K$ؖ!۔^&/Gg~S"ss2`X8~_t`ߪaTqx2RY_A>pNnZw>MQXۡ4 `\"ZN`:\iӹ>c.Kh-]sdQns',XR{(}c~oW* U@^uCؘOp uHcHNi1ŠGޅg Ta6J5iI9{-e{A lOì|ŋX0Y7'Rm-`쉔iA"69 y ^&]qHR+V\LU=v2X"+Io+ЍKDW j8.\o37!X74qFG&XmFХleh~wrRd=^|ioK~kI_t !vOTR]ɛ$H#d@BDwJܓ0q,'\^dʼn M9-xIvp] MϓxF(Kxt-I̸3}AIRgVt `)~5)7s[D&d)+IV3[ݕZ9=3~~PibؼVqiAfڅѠYYKiֱ^_ `^̶$9&~z+*[9n0Vk-Urx+"eR켚Np˩5WLzG L8 ۉ}~ ˆ* TJG]$"86B| P9RF 0'{&pqgpw@lz@S+ Vu^]O*_fn@H>0r"%n*2[ cX:<3i~t(li-|~I>ίb[eSPMs%ᓄ1t6=P$$f!62U:ļCeu`*8YhRR08$>jYNn}&-"BlJGߺ oc8 ơ%B1 ,Skyɜ貽*w H"joPsίX Qݱ kEwaĎÄ#?)a$PΚovh ~1V ޶4wsxUvƛhƬ.:,A̼/皓QTuC N ۂ`!ө,)L;ί[^W]"їY145o2v_ONր+fBԧC;w3w{1TKXЧmd83"}ԕ/^}  bRy"-H*ؔ-CqNw${dz&d| +]D,KpT_bjRm6R#p$d#] K$f8 4R`XvZ-@bWXN`&!'$C9+ At*(9!\8HofeKl }pAn0j+r]7o^hvzWbhTc}Ph-=ŦA𗲂,v+Pn,4y}zJ2jքha_n2ob#ae&{q4XnDWkX^1M)gș-!zl"w6!OS*Y& H-,$z޵os->|BYfMoV8cQynCLȹ9Nϝ?2o̿Ww뀣Hqjx .XpF%t妻uc񸳂zdOO^ l_,۱"D?ǪS GhFx BH-v,Y /=cnONbb&]"&yh iSj#ĉw$4AS V]&QCaA_Gs^^xcPͬ\'w{G|&} 16wDew{+sxey=?`/MqBŁZ #eD'up$ui Ȅ7e^w'BNvDMEOumV)Բ@-,ڥÂ&ɴ} UTd ; #5dBg-m-̝F?ӕ↓k{Ԅ$CLoyN6DPFUm'/۹ȽIj~. m P`Hc45F^W|?܃ A|ԞlkNa p;C՜& OS7m=B ˵7? MCb~]t&ƴy$ ӗ xZ1lݝeҒ_n kܷr i`bE:RnM|D]em1Y~`Jo# U!y *=xؙ$Pδ!l1G,q9D6z(^S&z%*0EiyRx-pR' 4}d3I'aSk.I!bR PC p W#(gXX_+ŖMz˙/ُ}{2]j7LIO~ )@ċ& /TY AEH)BgyA_ J9wKm+xcC5ooDWM4{n<)"K\|&@NKc#s~=0 +7UfB'Lʅ;MCT}EeĊT߃Y4v\RŠ 5+v YRUn%Xo;@ˌa35kV[L4`2eϒ`Yhn(+1r'2rryqrS}2r4$"xa`@ a*~eG\1!+myC1%K6;ŧ K-faI":,)k! [v"$!E`]r@ Jd;0XK [`8@ pBmxtr ) 'wm1qVOl_ZzS&,2hasT`p:71H4a=_P"ciڗgK/ /^<cH2n׍QzdӘܗ8<ݰge۵+t 8xMf`rRc'Zd`MSs$= ,$zTׁ!17y ڄA=FJHi;5o|ST8rp@p #H`*yj(#:m.H <ޝC%n5.&1X]rnzةT"~LDuLSs(kI_C9U EShb}QڐC[1#EBrk4 {NfDoAUG} p]JFHFw pŻr:U ґuS#褚[-+XC7[ _;z-YUN"# %PXHr%> ?:ZXw$k${D`cXCVv<vgo,y~ه Pn""W?G gKYҝ٘g^#6# #ZwYLnV;*n4l^y']X[?/H2왃_Hq+uy63x*駹Nd+t4llavrcm 5X9y#Wpll$m FoZu2ԉ-mWy{H y>Q-o3Ī10Ν%UH^x`[pOZXMMiBz|I?Ő<@)% T3/tk A S" )j䟻RmE|B3C\bTSy(WO-y(mpxc^d{fDOPT϶]+@-[4u)|s/Dda:Y eK?:ԆRյ}gB} *G8O_: `E_>J92%E)L3V`\LK;/n9{*y\`hfc*Dp>>h^UEr)m8T% ^5|doP@~\e||/!3{b#.$Lg]E Y|/h/~Ǽ =3Ā Y @# HЏFnAveȕ'yqXoXơ~F)=fxDj+:6<:aO(jgDzɝʚ 9\92+v(>TXpRvN_"3M#`sӁInU) ٞq~40~RKizIiR9aIL`CJcDL6[bHA x) (R1h[>iLXtsURZ#{5Rє4*D1O"MR1= 5\MZ]~a]eoO/1lY¯D<<%FgnjkK;ı-'Vzmƹ&{ι3w9H$s->ara1|^ 5&'ryn`U 3 v.be;=qVHO:$aG)ǑJl"P 4.K$48'*|#6N@ʔF(H[58]PQF1҃,WIs#^ 8|_Q[3X=J(14CƉLi~OF YЅ _ƸNo6Ajh ]9";@W3wM-XUb+F!vXˑ%k=]Y"r<F7%a}3C|D5߈ 2=TuQB_ቪAp%_%CwԩH7OAS̶y`6H9C$LB}u;jzCK1^iTϓ|G)*.GeOrw= vA=${g+WF8T{Kvs|\!_1zHƸ`{+ <f) _jk|  @|eZC꧀= =~x@᫧`ǣ|SFl(.#k)k(ɂ,f>̓a~{Aܔé߬;${pի-kPaK=c}চ6O}fF8 ~#,r##fPͣ~ǿ{1feE,Nf1倴neH6=vַ| 3lzO+RlV Ѡr |>>#5w(e3;u$ˑr֓<&} )- ev!øBR4V[Ww5SL*(͓ e3*}K-* Sv9z R<6!|㾨| RdBgٯxyG|m^mjs;ڮ6$zE'J['48z5i=Hco@K6} "s[?ZA4*J+G}U~]4 X *JL1WN]QacqSًS4e"Ƞ ' :nw*UtXC$/܊$+_^05;*P#((Z=PNNPENNLİ-+M< XcoF} gQVbobW95-wnBIdxӉM!O"(刭e'y(4W)5rꁽ]& <[̍Lh<޼1hu_'r9a=#s<5 E׫ML$SO1HoۊC}uV1xPW[dƓj*t|hk ]jd$HԄt .oihkh;J5ټ+PQ4ݤ:?>2km'AxC@cA5|"F<0W1LʎJd(Q{N"rtL /d3UWN]t݃Cg|d18!GBU|}(UK&I[:}B)9ڴF܃Szw$&:ěu\ZrRwsMf3YZgR!A#2Rb"eHХ7YW!h8{Q)5_uo S#1pϻ}^l.Z-|}(M.wXFĨcDkrt\SB khufxn#PB۫ch: c\~;Cg RMX\:0Z1H_|M!'WPEcȳǪ̓ y۽QKPJ3MDt 0VgbC9HC5g@)%?G2AkXc!gG'9k {(!aT-S)wE!|>:W)]4ȱ?E MҹW&0>Z #6sGwdnj?ci:={$ƺۣ{m{'R %n?{`6rdeS^}z?Ï F눸6!,b2:!*1Z\#4S+h-͉k<1W~X^!!l2xGO;S'D';sxaVçm&ը"L_fGYHi//;0܁Ղ#6SpЯ/;!oO󏫒[; F6'$~lى_8nPb )67=ᢁݞyQ-MS"y婄`J48#cZ{zdG> t)[5f0 T_y:bc5y;g<"{åt5W#b*Q~ՌQĹH񘂹@hױQB*l N"#5Сv|x#1K7iKxSP*(Ƚ|+rCBɍz 86mͤFHMgiB,=7=%8u&[aZ]t:kTfS([ñ9fFa-."@!i 9]e:G9"|k@x Hxx)8$U)  o"Sv _Z؋|!kn(ȞQ`$;[YsmSi2pP).s@$ު3P]44Z.DdiUt&H=WrXF&Ym-zrO /0 'fTBK,KDb+_ muFV9*vd&_Ldsrso 5'!Z=0 {FdrK5ؔ3Zj7[tBn56U>Cmr]8NN( KtUc3 o,TqҲv@rn]@؍#8(ӁR*) @1$}RZX1g&uC~:ރBw2zKRv=+]U5o}COQ 5z4idǃ;d8]g0; >ڬS<}"p8-etlB~ء_"&-pRs4m9W׌VjVLrOXq4z1|FhӂVCP&2䃋]XA jF9?Uш5+uuem^ߙU\7CDZpt#KvGFwܐO)RhNz>L_'c&` qE~ILk\q_L>t UiP>0=lhbDŘbA%ŜюOԷt#ɋR&+/Fm2j_G-*O_x'\7 LrsNN$O5:DTHD"sl~luV6*/!%$RxAupn[4QJ[>28S^dpelqCy^?fg@2+@~3>")4xC?5D%I/lwmϒ x ޓ%ϳR,&4$C%"k_@4}M!$lƎ.n}[hETõfCHh7ΑMYf Ɋ*`PxT"N,6`S^XUto}/sä(P+ɨOt%lo( wG|f(!OeU^w\R$0/+Y)bXb@z@mf{A)5o\cAnQQi.z< w$-2jp0 jhz(W)%Hdy! LTF|  w}Gh e/ayiK+?&[tVxkT/5cI)n0`gxq/ny#p% g]RrײW6uLZy98G:?RRM̬xIG1&H' @2AE&MAoE!3GP \"[P?-SL-5]J \48|$@Cx~9~r6pA@fQ{ۍt9y-q[μZ}aYɈ[ʗXl [sP%H{y!堨L*Q^ wIADu7d(!zz0~ddPP:H!e?;n ?0$Lȟ/٢kpr-)lw CqWh.K~ZͱdKWqSs\bsJPG(o VLsB9ݝvk~srr05Qt4=O+$S4l*"8^х:}G3rԠXXqX~#jORF r˛~~)\t Nbb0 7iji嵵ٺҹTлyS0W {@jڮN)C<1 cg( jSVv#{r%,͉ cJ'Uc@vF Zbiձ|Fm}tznk.FvxC;RޤpI}Euܚw&Hec!`$ L_]L!dO?aB=9H7" -s$^*2[9VJk.T|(?K(|0ނP5S_V ?xE"^>4wEوZØQ(Մ(D;K |y4U$\/Wz|=w냁{S,/ԻSe{IJ@<:Z 0ҵ6@nAKq6t7*niJG;bO~AD8t*ga[c]6/9,B]XeUD{ L7x#W˜$Lgr Mxn k1_BaQAB2G>G_Jdω*sZcԽڃT1Q X9gXk};jѹheRi6WcZh&BbHu)  2lZw?YeSC9_m-y2Kk 4 矹] 6qbPR=vv2<H8h@R'6I0c`:./[d挙5<2s(Bqxm%@@63wEg#Y t6#Uz>Ux@V-Ng0'Y|>Wx^aCΔ3[KZ~ c$ cHR9n=!=,%ɳmn_=YϘ0Mj 'FG)D.HwJ%tM8'`u`k']QO:N/);iW\t ^hk h΄v A60ږհ:˝aG#Q(\z)]hS݌C]ՆM l>ʻO >G ofG)`BRwg?MR˩z~Zl`Pdet|&BmO?. "@7#",f-Aޓ&t4%kkL5 3fxɒ@;@>,ҋqxwqXf(u-θSn`>E5wjQ,a|$~ 1WrT$ɚ0qio̷fy39Mep4DưMT`RJ^PV[ݎ %xyF!~Aʾp52FPu>A)Ksdp)zhaeT!r[CZևjDMnt+2b1נs>!Э!^6m x@0c&t܌nM׉{efb.f-@)uW $ XkoC*8:CX`p,-qoXD}b%H%6\ޛ2}(0㖊BOXx``}d+mj }݄h$6SW@PQQs;fn{>[|J|Q<&cuUeL>RW1/{*26%Jp~t[t=i}G,ͣ%`tF-^GX!1gGÍSt*ќᡳc'R몇O +X۵*- NTI ЊX5z!L5B1‡J1̬EYol3w/k7vh!Xyue{)L|~mDzɱ3_N@JYٻXi;-9rxf&9* ̓:}zX7aXc֥eVX.&7oI;_`L[,VEFZKA-~Dϔfl(GNG@!R"eϞk4!a%ߝZUu4=KPguNe7RD; gqzv5l3& s9QMURuoG5Ps-TyVKߧ*dޢ PI?ew^wNBgUH!kcPelWv侥q>T,C-y(ҴbnR nK~+Gr,(vUZMgaH#u.Bqw냔,|te b7pJF)x݆ Ti@]i ]T< 'aݍ'zyJkuZ(ɘ[-7{sT,/gY02}a7!֔*'hiv‹ ;{0uMAF|5UqB$[PgÊ:%:> LQH(z[-SY!x]-hJt-<GN@gnɿ{jPFV9_Y[>(>€/gam"uV 3vQ 2NHVՓVYlA3t 5|'¯xQ/wxOP ybsw3w'(w-g훀V1{Gh'°J1+Y/[jcշ8opF[iֿaGl"K̃O@砭۟y,p,ؘh?|jnG>}m"4h]7TPOnR""bv?hؚb1纵!JS9#y*aE0Zc7wY VbΈ^1w~, Ͻ#l?Mxe3M;ۤtm"QuF:ppW?zΟ{+_yo<1M Vzou|JoaKǸrڍљBPFGkIɪ;Wv-PQu/\>´]n [qbN}@c~d%$Yזw]SV  Xu5gw3QT@n( "u{oZ)}3E*6ͻ3-$H-){x,ʊ 4\樠*ji#+a*#:w~hM4ǝ>2^T= G9,/:)ˬo痍Ea3y蚶=6yi($rOuMMH\"n5YDd}` p3=+Pf$3Z`o*1ʏw(%Bsdٔd.G0kj'ϓ`%߁"O|NBtT^IXR!nyux+SuُڊCK];9Վ$I6Ƅ?I/&?]r%VIc"}x3#YR(ÉVw Gפ;E[v0#{Q)bu&"%^s{#N3*9d,Gڞ xIPҡ^MXj+P!TܷbASG  qBYq(Lf \(2g'58l#Je/L Rmu^7e;uhU)WOI(zwϡGi.S0:m֧Ұ`{5* pX{u >ѹqFa&W>eպ>vv&گJu)\\\9Ƈa'7FX  <5-9#2%t}O0D0R㟠 2*=Q>㍕m_y1(Zs;U dFl7]? 7¼̸X4pBj˽\ds0 uZqz+5+UEdK-%nM'i,˕ )(O]ɇiHWﱠ5NC֦&&^@2w6Q^"Rm1#*.DWX^jLWdY,kݡ9>=3r s69.8j)sNy؈_f-S7 X$l "WQBe[ O8aUZ[^*M$}bLJ;ѫn! w&O)fcE+Gkѽ"L7~'@wu86A q༾V!<ռte3]F"yi)Ƚz隒kzhQ!I0}}=I [AE*P~3΀L>-`JKWKW}Zǯ+٬ѫLDh)xoO*6}#lV+] $4H?g;DEaWsqƜ7 k~ai7^BlzJG74~cUs+V#A$oH6+Bnsǡ#I uCeʓӕf`( l7._xr)Ӥr[-x02=.tL.]wу[{lĂw[-<؇;4l[t0Z,4J=/9fF,FX׏IǦ헩]\B ,N|K-JFyS!4V5*N4n=}-. f9$}7)(Dj\~Z8@ m#ʲdӁiv-@BG< 16f(P91T63!*% ~IssĞ.V,/a.0c_,{/BISB!+dꫧ: 8f`SeMdhcDou:xtUL!@bL) +Pu} W0O n*ykՕX^AefbY^YLg'άs{&3AxQ !(ZC=cEnZM%@(}bU=̀ʫ1E1k9d3Pf8IXfu(=|dT g%13&4Ub '3q"zO,AG&荳>.q4,^1gbFƋ]g[͸-GƦ4ʹ`H(׈"S*{b/u˖Z`n .&JB/ؐXlm/roVδʂ=F}VJhqMo,ˡ2MP#.?5TA!xu398nje~Y2ۜlVmJeV?B)GkO=gfDYra ]'$cx/qlhnĹHDn+3 7{OŠG?f H;(s4WAB`=jJADu,'CM1.(+G~fA^! Q9ЅRvlk#io"(+8L&U+D{n$Cm.m'yK+4@S]E%$@@&c@Y=Zr!;R.S-|=S GlpPNF&-{bbV$%m4f+$+勘۱] }L?`wOͩ1 ǼtҽfM Gt@Ftbl W/_+L󓬾JUɨCo%ˆ)XUg Sb1*~Đ~ګq\MG)z {n|d214w]=ݘsy /3D$>m 觙yk&VRrLכz_CvaCD+݆6 ؤ˚7,PI&4c&=yXU1 'Kl[EչV&N+ Wc3 `ݫvoeU 5Sg(}`xpϰq/̕]rNWޏm8[MRXiB6$9JBy/ٴ(>"% ۿ_+0u%JwF c1eP y!bI 0ѿa(*Uf\hwVd~&8)~1Y1xA@<\DixD8l5"?i-bv?j[cl1gfAZ?@Igfgz4zWq1 ǎO]x}lڡb,m%>1ֻR?&ü E}l8x*TwZ /ҔEp7E%6$;jM< ]QOpJDž8f4czM!ҬNO\7,@T/\_wpt]1? LK#Fcdٯ5n~K坳 ~˸qyy՗0wj%wFj]< ׂ!m>36t9%80]su~aD$yi^-02ęF5ԅ@~IS?A KN omkn=Wo½^iUnl/>g|6xa~ t8*x.09/aoHL{Q#VMBLpg1lZ*`Ma&\k0c5äb< a{:M$v[R4$c+> |'uk),)M}nYO]=|I/kkq=pw]̂s>8&uKc 9&K?GI}vʓs۸7q5Dn$4=`pƒVe.ٻ0 Qv:#:u`US_:Ew%‚r ~|b0gSY[}IM()`ψpW`+ӽ஁xr&CRNk$n{!H&a_TAmLwT[%n'g =1UBӦ)6s@J;9{pLZlYt.>xl|E`]J3DO,w$/?tK yod@F<'][%۷pV+(UƹUmg <#lq+F`跙"!?X*cN3]xs&$")2_ǡO,beD5,'(? U'J>y/MAbT6#|IFIeҗAM.̩96w'AX8lw ChHk=sn - BS_b8[hC E)-w-M--'s?gYx(s[!gm6D}6~&eC.y"UҮIzy5-FMEqk&V[?^^浵\Zk;E*A3}nҒ@,U8O0)ܪy^Aq<͒fT357j2P|E0T4RiYi%RsPx-<Ac'1ojtN2v#n ~to A.RflZJnQ,l%~]3",׏ B{9ki ^ !uYQJ ^Od2a/l&?r2Xvmגa!]!'w1{{R\}K nB{}w@LS(ߋyZró<犛|k/[)NPEWH(JarV| @}Og^9; ]gIs} K۞ŧH:[Ԑ+[mt\؟UAÖ% DԶ*iXydsl@6"!G%Fv[M#ulC?DE}g3.3sIA4yqZ&8@ ]u"-Ώv&,zB鍺эz0ӮF &()aCU/%.aC|zPuabI9eYE3bN!^f )\SA:0fL+1OJp#j pa_/o^ϯR3Ȉ-$|ޛaN' lGTdtvP'ǹrʛc; 7/k);?9X EzeH gx4Яk50 S6rԁOp =g^,@;9b5³Ə/rHbEt`]d [-y Q9c/{Qѧ8[l[zk `R<+_8RbE(1Mc1+ x=1IT0 $͉僮_9`FG-VK0=ARǣh5FX4;uu[>|SPدzS4Gʩ vWᆻn=j~nTC Ur$^#a–[za=3XFu``遊tL.)ӹ~G|0G9 fmҟK>wo n ܊ө/Qbcm*£n4fƬ̖ 6H׼eq]1큔=DOa>^+w8-7gdl}A~dڪ'ݪ C$8ME3,a^%8}vև#{Lx?&۾s=t DR~tG9cW2 [w.6a( J_))kM:ITx>9$ 7i;f(-X0m,P&76 fh) )DmprjJH`ǎ]mCS䰸݊_g2ZzVؓꥲ!G&?zCO*5.ʳluzhe1i6>Agy%vAV@Pb$d4O+Tj Y |Ff-!= 2F,k7@&'d0U,wHS1mªA,مq3u%GN<>aD0C<%Վ`pD$5 f:LչRkpUH+-.3 3 M"HWЁ@jC/~)E/C7AK݇δBc۷* /c\muی6`B5L}}Ε#9LS4$"|H3qCy`Rբ6y1`s}59o7i2+-PJoW7/Nu8!1NDk\DFsdglg_R&nF\WUޛE\k@dv(Cr!Ӻ1@ hssLJ,݆ t~9[m"ɏH0$CfkP~+IVō!apB/fEqih9E[ֱk#`#\Az8q[D^Ǿ„pZ<}TB'llkVl,/A02g57v1.cZ|(mT?4]DSHgC7),{7J1M5iy$gKwu?He/:RO\.u bֈN_4nr}jSC6z $g2L庌˕Mݯi#Vb!=ijss[[gߝ, $m|Y @:lZ=HoGC3m#)V>`3ޭ<2T/ V˵@X W8Iw5{:~4L *W+iUqnb&"^'*&uĔ_A> zBsIm~zsj%3:w cb.^{%T_G ,`QFsMq6&4JܘGٞ䦴wyȒV)X7&VDPh?^l]TܓoK]aka[X?' 4=g4V8?|ev_ Biګ޳hBg)ఽJ3N9~1K- nP}PP=Sg3k~^tJ#B %kwd2'ɜK_"W71X.I,_²fXk]rnBtj|`zQ}Kq XkI}p2RepmP֪y,!pX.80KPr7pNu8V'!Y րbjd T{^DxTrT[\KT]M/Ku AXIPh؍ c`ܛ n-åKRQ=r:9"$wrQÁa@9U9(M|,xM̽reidUF NW֑mmMKy6 C'Tz3TJNI4ԌXUgΌq-Qȧ">j-@4ڼKvHͩN zvp[ęǁ!tx >u4Qr\1VZ?[/f.D(Tq*jFybgkTt#]2H=1/\Sa*^P~k|usXLd@}r'u24}mThA\/ThCsD? X خnk8-P`?Wsq , G$BϘ8$k9O:jpyb&Y4l!S`F"O-̓kz-3SNh&ldxz0,W;Ks`7tX6"L9]-:1^B4m_c'^F6gX:S rR$tNk hpJOy sZNM(u'6ur˶) idju"]Ѐ@*!Ms.`^~-Zߴgj7¬N^k_g&v'XҪ 4oy#)t`1[J{Fņhḿ4ՎH R:gk$lBŗ/iyiU!"+j` 2ݥb/վf~Qrg0I(HmSiVM %]p!8c1 5HabwY&h6]5'ư`mB| b-}\D8æBy{X|߃P_ $J 5ɢĈˈQfÌY@*SBI Ԧ Ī߫5 3>~_lO_T:͓{Q.Jٍ#z>sm+7,&`u)2m/egD$, >0㸖+fߛn u(T`b.B9*ս ѰQǀ"f!kys0,͚9"!Qxi~iX^{z7(` Jhq(g&})0'_noT'/^Ptcp#< 3{32L.*yj+Hnml ɴ^ZgƉ=pEgafB}>h]0K%=;" 2q0Cb}ѐͨ9G!+>}r 6INޏpT޺a8!V"sKqBfvom IW<Vݬͼ]GmSBM|IG]4jM._lH5(,M%CEKXF~?k*?3TJٖCx,rڼj֬+F8Fx=YUk-ΰ xxm=iѥYhp;ӂu'K?I=i*0r|X^@;%o$fՆq)E8HN~ڈ 7YK[3}d퍋C )oVɢi@G8`!|u$2ܸ(E Ms"9čsLPJmiտ9y[rp[ǶE"m;_#1NKCX.z chӥ!WDNSi:% &T؊4ޯFбܜY]yV{Vdծ |y8CxMg2,N$Cy]mW cY?2H6}WZlBO,7VS)TNDYu~xe^ _\OϞ*ŋ79ο} Ƥ]B 5j́3%cڢ$=%u@|0P ?DZ?4"Nߔ{OʨMfHհ'%+E%,:데Rq\@*H3g"X]zysWeG_% DT} 1waduG"&%]TrVnkN{P6ОBQsW^>-D"WA b.TsX.pD>0WCaiFIb_RXCcPޖ 9j‡6eN*i')x:Hɜ):'Dx@bEfb$QO3 E2k[Ԧ" A횤1>Fac鼅tGEg'Gl)P='_Xh qYZ¹1vjG-tVR8WKȽś/*Q . %TG3A/ /U2|0tͱ?m En-!êZ,gԎm~ Vx|4O%@ # Lzi<'+FR򭃔 (vǀ^?jgi,/Os{>*o1D#fgތ5_2q[EWy#A\sE_33`^KOсP#=* `79rrIgSUûkxl*Gk.rdPj"v_fo7ƼXE~ajC +7 .v %(Q $]fl[k_G)]c{򏨘(5b/wjDOV炣 i/1N\ib27Ny_biU}ܸ3?5ꌋB^}pkOԃ$(VIi A?[43O"L |(1MA3 KaqxpQKמ 8?z&8ʃ@ SZw t٧,Zz,|Gh9:9hE}VܾMseݤ$K7)+U9OMiGrw<یK]D, Xg~Ss4zQr8nWc̳rSAS*,=#1%̹Vrp1VI2'W7hgݧOVkH W'y*MMY1Z]\ϣ!U4eiEsQmRYa(]Y!1.e2nPZ,w=1k|Ve'5]"g3HOeҶۣ( ?6E+H=P apoyQ@ JR,.`)~Gĕ#2"|PNI-(ɧ];`sR b0V blEǹk=R=^tPuJ=V+DÌIs3oBـW JƩ )fx哒7<v{uQ1Ikst:z{^[06gBp"(B\nlz7l<(c}ôwɮ%6%Qy3CB5,CN Za^-Sq׭N;L4wnGHOzpMV26᧛T$g? 'Qd۱`25D 9`G;}%ž<7)vj-qcl(aYc x<̿ށQػ..Xz5٘NLR\`A>Eaf9]p*yb03Z_X ˽fr΅{rC#Kњ=c-D8m) 0(^`>|,o񃈀Xkkx'k#8{ksu%~/"YEVЀh hj8 ?-x,] 0iC3o.09;a2 ; \Md}@.bxM9=yHD#.ň)%惞$ҩ vd8yA`{QݱU;9t םC7ƼjLa6w$E~"؅,M9=5vwB!\:leEAKƞPkcY/R298q?rLCWD䥦m i7$+CF;b[\ǥp&#0b5_wx2J][->um6T${v\56WC!4w2eRAg{: t7 &1kSM |cΛe|DS݂n;v[T>3Ne[yoؠp)*LvBS:S;lNlb7O$/]A>{Ovͪ4tfs{GVNHM+t'tQY!ZB&7)H5ɺjoDM,q/Wҋz8$Yn/O `+XDxNQn0UL0lkOBB3``kFq^D}+L~ՁVu4}fo!VZyAIyD2f6ᶶbѾ{8~.h@%v21c2rC[|yBޘDkKvR8mIzB|;NV j% )#t&K< B[``N<ѾFiM.);\0^`1B^r#lW͹KE]4)M^~2.f;{=~#@D߄؊j ԰Y0 IGj'GE*UIrvƃxchuAˋ/2΍OR](/뚏(}:j"f?H0~dV kzrܜ24-e?Ff>j0䱟?<~.#[^4o|I6Ă/3B=-=&&t<@liRԊLŇ, ޞ]X/UWkm>@ۋ0RӒ!,e:+ X >b *Xͳfi%q6]uD_AZ><15#̓t'l}pͱQAH&9AN 욃P% 4;7;Sjiў4H W`UC~5SJfK# p~}?Y(,$c qZvu#4 jhZAVmᬇwݞh)N56=nTمZ~ y"Պ{ t,X9+LfXMO0z nȳFǎe*a@ΰ:aHem\S2pv{.}'oB3%e|*҇j0yF ( xRι@"w /Z[=<>=]r$vUGcIAq=k ؙcd?R+Jf#ь*'Aq^RW4ƴ8Kqypcc,tkƒ@6ٷ?8IDg*b^Eb9Yqх+qVa>Bj+!}{И{T~Ʉ{!.4ƙҷ!041W Wl ݒmmwdd%򨙧Fc0 K-Z#(d)_oG/}<֛\L+@"4>iҖwo&|+)+1b_bC O90lƟh/)U|=((gJB)!\,u+T9zu u#\M@l)fď Ƿ]GS3Fઙl4RYdgLKP4{m3P2߬B)Ǒ0 ," 6=-a k9Uɵʷm)uϧuy:" Mİp0}DOy9Z+}k.sSv!~3Ur髫4qNaXg-;~@fo 5r *Z.[Tywܫ߇6т# 6:!WauڕjQ;2-p4wdG٦;~]pA հ©qF0ʱt:uC.c44 'F~؝P E'z?l{}Cu1CLXiɱ?cf cX!Ƚ\ڗ,iSZۯf]xYFj'Ss&.4h{N: L I[7hWgg)dBğ'@iP+%UQcي@z!|=]h0xVӶ w;/;a6C4X{:޷͛ PC(XW66 c_! R.z>L5!ru [E(T=bEK&,CۭJ7|5{?0_MO(u+WL *~uÐ։d!>!*ƴm`G@G9 @jEjQ,Bh4юGۓz&sE~̦@cG j==*9C8XUJZ7rTS2xPZ FOYC9Vk0Z0Z@mТPD$ŭ7Ҿt-IsBq-ƛ*>T& 9J7 _ir޽KZJ s98ߠKp}QiWHo-3@>! 5> +%VPIeggυO8^aum*oe$ :NIt&@>>?0NFCL*wb' nS:oSJ&)20)~d0Oo\e33RfO C?caR$ӳkŨ),]HxbJW[T-cr C&jN~&ĉe=9Sukq M nLrZnj 8J,bЪH wP~ATscL}.F]Er 4 =TC1{:Ct9O%AZcWq10âS.לڈ ^ǙlGm\*v' ckn;0h-0' ]Ez}4w̅:t+;wrHᛧq>%~kþ8>x}ޖ+:=~Xf35[e~鴁'%ܷA;p =uFfxLNz"6eٸyPTi+Qyхhkxu;fU5!(/' K}:{@Avw ?xD!͇H!>'̅4yaO_sEUSphM-f0A @zp[tפQe!. O&hoOsՕ:4T9t JW"X$JjmM 7vgȡ(n#(,x/ӥfLəedg*uY!$ f`5sY4QzML{F˵ :Q6QOE*P/(Aǃ8Te,LʮnqrHl~ Ar+ɈN90Vn%_nxrMƣi )ew/br Kc>( h#mObȓ*O,E06> vrMb`‹klmZV@!] :%Gam[k%`]fswtL}y==TW Ћ+LɃ阧m(L7* Lr߄m$oASutg)30к+:4Or[ֆt4DNzë/XZލlY0ǁvH@QgN0i9) ;c[>r 59\mUyccؒfBŜ4X6Kp~juf:PV&Z$okH2orHcV?rMfLܒs#i!:{2'A.cgvygE`M>?c[ʑ/-`yK{.K6>̷ntwl\X=u"Kog.3 Ȱ"˧O#ЮatFM&EK5@49HZHP~MOd=qCvC[;,;2$$T=b9ZZQeIrp~YӦ!BQkFlZɠ s yE^ndHeO\J r)[aYxJM-Fs' BsrƼnĄ'+981t4 (BЄ#Wl/0@5G a>ѵ%ޅ;yw'QK9 J6띆q8T$} DM ,_5kLJ\qirLֿFחQM DtlGN`7c]*c TxsH)&{ɭI\@x/ l9m&ȉle%UmG,[Ht {7d.%*t #6c |ⴡN2c8p,X 䌸I'D906i%l\GA|x<*:6@6g-,7쪓QI?IVg#/ВL?bH'nT=Kt&!;PBZ'~NjtiݏN ^O r0idLb{5k^4oЈ,VNjxh\X|NuG'Pd4f V{5?4ZVrA8KFSUr7$s@ʌuj6}6K 0gR'0Wz'zJ7.<:Ն].21)W1BK 7">8VHa#YmZ6>f2C;?N߇]h2@ ׶q (SЀxఊw>6Cv֡ ݱ4|V|M`ZD1*1!:H5^ 3;n^xi_b1,g JRosO;U+ w2O+ڵ55twbHXhyHe|Mn%4@ ^1;szTPzޞMP.Yk.R FY(ø,8PoketwϚ %tЏ M%fkĝԬԐ&Ń|JlР~ܲ:d'lIӊJE Z:#0P1 vKs`%#)) mZ}>rA~Jg8N8?!ϦC\Z eLdSfDu!V**#'wpzQ^:+{/7|ey遠Tr #0 3oRϝ꺰R]ihEr4M"7s߭8pejHvƝBb?%4%WAϒ.<ůnŦ8LُG|vGm12^PLI. tGSÅ~_S51Ld%6?BM-R% &3JtrZEܤiׄU#Ƀb- nu 6L6$2nom`<5sɿs{jrLmn B#0c ]R3i<GPgPv$ 8kQO!絍/g{ϣ#0zp> 3Lܺ~ OXkLY7}qYRIngJ ^Q~dhS^r΋8r1V?cͬ:e'pw˥fg#T(a$7+yBd[Ѫ\p$U,wD#s #Zqir櫐.17/NHRVvIL2=2I߫x WM.:I*H ©QKipԢZD@u}k;D23\a~Ӹ0{QF"](\M|>Eǒ K㈛aC<˱X~$Zax5٠ >R@KLbreMm"H5ޭtVLN47;'!폚ˆIqD"U fb9'̤-NyBZ)+^Zb3m>bl:$`D}t#j"̗94N9_L;=_r$D~^V 93)Ԣ{U#"Ma}.-JS 6)Yt$tD$\&fm͓[Q|ˆ),r5/5͓g|w Xu֖vE"_U} )i)K=ip肈OV]JoZ #@L1BJVCOpF낦!7jvSԇwH{^>|:V%VW 6osWq/mg~&6fdB&7ÈsQ[% 3֥ɨxUEc-|ÙՖ5,DAxxX[I1urL*V.Y" 5B8$,[d䕗1k2lp1W'/,$ 8e.7r 'jk}N o[qԶM5U6F!=)7"mk乍^<tw3rmE(zCOD]} @K܌Z ɔA-CO-`𽧐=6p 66DZjogzmIZeJYd4 ?ENVq'4xL)҂?b#g&JlyT5t/0qrQϪ rH{kd~%[ HL7 :>Qߐ3 ǥJb>khG"fjde;խ)V7[U61Qz 'r*i4X8 2pr}(aVorƳ~$iʙƺl~s@8N(4T,0|ɪn,8MEVl .cq^C9D}?El8Cdd]sgbﻊ:9r$ΤRkF'_0mx-MD ^*1v$,&twȪmDY0q-o\l*kfKCJN6! QOݻ z+[ϿsϙZ!m;7hOu$ȎmBK4Zu|8Gaй2Ln4eP!_(ݶ,36FBJLV^76(my䑫A10払qtQ^@fziʲ25Om:DqRIF!= K v L*1g,#!S rxcϷߙCI36k$-i2 bTX ~-^l-8GH/Yu&sMc$eM8Bwx}<4H#˜[E= :'`:[?(Q,I&,LR;\$PgxC?fkn3k= 荌|4>`䤼LiAq1~U2\kCZMO0(PF;]y|>Coٹ4aEE #n*N3m>`*! u4pq$zIw1\qK<Ǝ˴30;bQj&܏DUb2ιR0nR-)՛{7O1vB&۫VF@ ݿwX'_D]i q`AbNzXn0|Ӯ$Sӭ=~/27wNDzWG ePڑMAw6d⿃#~Objumߐ3,DoUa~Vl }#k/[tIOG@ٓhXC `a"kj3Ȫy? ~ \^Τχi*R.QOkH:~e^CKΑ%mzR~)P޷sVdu#nq|`G[dP3Rj6撷}%7ؾ9Ҙ"Q1c"3Ejd"RP3*% M* MI\I/"z]wo(G#fU9hY ,qqU-Ko CI+!PمC[Ŗ'Io^N2JMaߩ j7#`՘րhMG茶!kr/R$?9>;v -|Gx?BEMruTZPjdU,o {){DwH`ϰX. MeD IS'GLF:sxs7' (-ۥ0; 0FTU-COh5ΝO -ype]NUa`i ?c'n(f-\H9^"iߎ>2(g`I%!vH!dC1AOe~4&>IUsca"  OKqA"zŽ*WAn O8?QJqA^YϠ%~ax mO5+(\"6[ ;6'8;ZKq*l_`ĉvΥ,>d"QTkF_dMװK&ί(`\ h_ 4!lY9K$xI[DY-9r S`<rC,'f'Lƪ.& +Fӟ􈹆&gwu~0tJ~[jaT]Ʀ=i 2?FNz>@AuD HDgfYabA95Z[,A.3U K ?=j%5˪^?LX@3[ԏz+yV*"_db+w|SCQ9 ̤Uzx:Bb%Q]dG="m3Czݼ ]hy=-]pcDՍуzi ec؃s٨!nhBoSm0ފ']܈ !}/ƻ}Xy1 q>U{9˸̾9FxE\B P] 9^9vKH _H&R}|lr_҄Ӊx2ÖPkL&Tw]9H,H2ls8)CDlfBR<*QPm%S0 <&"dJtҚ=2}8`#h?oj$;%ׁ+;EDRziu| S:S3WS7c%Y-Ƣ|Ih&{vnG<916x!$,$ Ql\@Ss:@F}^ eѺYmb[/(lݓT #9ZStr`a*K !v\oᡱnQ!^Mc(NWlBhGWw;W?zv'%\Q9TT_܏CPCs{oz׏}ɬ9 -z*Ҍ hM:u /ESY]5RA3dڸ9D9eo(rJ؈BY})>̕}aL,9MKͿ%2@"p>X5-l=﵋9dG{̫&g5ctѐSbDf˧ޑEya֊!':#π2#ZۡtRN,Imd B I&2k'C\= N[|ϫDըU Gom׶a7"M4-b/.J$E?s'(F Rz1vV+OwҭHFӦ\^7wym{ք2z_/P4]yIrQpm5,NeÔ!&(&r Rg>"8j 4p8DWSNv3И * >%ѣm.KoēSg|+[F/DƺRYtD d⸌,TMhX²fJ\"  &A4\n(!E~Vh  8XWݷ8bVC+ʄӢm8]9M[I]̼ ̈Zbq 6bq7a pa2珼bLKֲ;ҍej@5軺e3jPη ʣP1!7OMJ1T?dmalђģQn1Zx<f.(b_=k3bS0g ju ⨔?kB '4ʔI (w,{c^3r+Zol薘!pZ,6qM$h[$vs&œ?a0jGۍ$e0su_[1OnCت3Ql+w O CᮽvX!؁"aH[-81,PFۥFx~\ \f6'FCInՎ~tO¢ۚavZ+2jgq'TXzZ:TQ@*gr,0l?Gn%QVȞ'u@ٺ^+k忎yݻNHmP,%exT 8Z*yBKO*\-ѤymĪ+)@ =ydYvwXvD?rspS]w7;\~J+3uLng7eQ ^MЋ?I99ӔF߄c}e C]g(3*w3->,CWXO(T// )JJW}#R]ްu.3jM|eczСtjۚ$@'f=0&DUi-Uey*JQ)x5ƅg޿!E('ס볢_58r F;s'[PMY?-}N/7!pYQ]4L$_ %; $y~ <||ʍD{kzzd"UOvsR_S`ݶD&[È3W(U㴘5 w{'SɔmVIWd Xy2mM[5QDjN:8Zlܥ\2 .q=PmsOt0A'Xu+>. (dk9S7 FmZhwFst Ͼ |;EJfPu!f ]OK^5~;ŸQ?]NjO_```S< >17G(z aQPL8(!GLcu 0Z>@Sby.t?E2raQWFXYn)g 6r)R` B½x }Cv?fn>t{ yS,>h{FRN19k'c<&a#EB/~GGW&`#|lga'Tؓc3%A:Og,yP&Q=-_hunj7fYǡcSv^P~Z'l^ c1 M,yMs,'3goj- 7 { VH"_r@xUf#%"οE /YIPo{~Z6Z6i7=Ǟ:r*_/)l[5d%}圁x䏍hKçQ/2|4h%&*VnDBPS bHwe+w`@ӌ87Ixsy|.FIRcwcZ$f`K Y7hųs[Po"tۮRnjmDl!nAŵmBa_lx g;Y?4x0FyYf~Xr k/ɺg`zG/3:gH !==<Y^;>ߒWWSJ {K U㩄mp`-I]Ն7uWьcz?yd2POPΌ5l6JE&32j*=tiBxsIb~:¥Q2"_#N]G$OkXwj4p~ۑSv(DM51vX{ 18:b 4:LcbSԭꈯBWի/m 2z1‰M}n?+9d{?DbyE \_1^[BCrjKNܴf.SS.nyǴjyb9kHl]3"Q.gSk% )"k-ѳsG Fn e)#vA㪩ʊJ/@\26M=Ѳ=nV+("PŻ[ P+XQyy%,鹬k1E6+hEǦSCƯ,e j|ˠױgP6G,: Q=n&PVf ytiaH׏lFFp~!Zu\eǤ){z7Ʃ)FLAӷOe]EqOu%-fƷ$H/J#̒#BxrX֍課t(VHsږo`&5 TOڝ(fҖء, gb{᚜ErIC C2hkVᕤa|?$6+VY@(Ğ;ړ֛Bk0(q)f^PQKEe [?ṭ)kCmǽ8vNs鎥Ōnm|)uf@^s%f`8(7NZK3Q /YSP]s2yA'օCv(yᙿ tYR=n"ܩ72 ZM11)7fu ne=W;d*O+-9w#|VomLм||=.[WsBj<քVz5B)НrD 4vaa| ߒ>ʅĴ6lj m!}&:fnAafx~0uXh3UM]g\>J`2Q &Ŝ0E@1:yuhʉ&CtsaB|aF(LdV7/*4n<ԝRK[ISG|e3e~Rq5GMlC^i#5j^qB d]/ۺgSr A8 @:h ҼKI2~Fsyva-Go)'HqvU4TWgFQCju\d۠~4ExC!F |[cj`5x2zm9Bk;  ³OsI}Ӎ)k%)uCU,^w?#zhsZo>:1,[bHu`Vqiy^綫qnLf# \0n-Sy i-}»Dd]hz:MRˎ7#ٱi6I\E^ tgF[s2\D6/BHj{0vЦ?7=ZXQڵzDȆr[;mŢ0o nCdK條q AEdn*ܪߪG A|8cvCC\v&Q1ٽ=v 5DLs!wV7e\T0Oi%j囂uIP"Gza,L`)sv+Qp=DevS<{0ƣM`FsKlPm˛Ena:\ 7iNKFC&J*Uů)q.ų)3v{9>eY5BfL 56hF% m2:Hz뤏J8N6Q vNH;yaf6ȁbU& aP]rdZWxQ|VQH?7 'c~0z~ /+<)ä&FUpRY"S$עv{VXp+Y˼xv,˺ߔ4bRgé`L"-xW,+}F"쇥~,m#y^7t6qRn_#vO5`잞bjWSv" }oS 1ި;BIyq6떜BԻs`9LDɕfQ X*"4=8q&*eBrzI+6eO8U ZrRu{LuxYGu$'WDrߝ$y^Ayr_nzH`{}lyv i OȪjToH SS#qk{[jƱ^ȃ*NNh'6/z,n:҂_0ϟC ʢ^ɛN]R l}qL?f&6Э ו;a*@9JUog[M;_! tA ѵkhtK>"ܰ(S{ZiK” &5otmcE" {DiҥRFۊHxqbhmρf]EC_2mf+*e-psR7̬ DߦM-H1\:eM굍 T[$͈z_c9Bi}^RC>2Pa'5g ^e>$~<<9Ҿyˤ P$ >뫎u{Fee 5r:& |L'煨ElJ ۛF j/B9{@twڴwO9:BѼ@d ٿyNRb$#1|( pfƞ x? ySB"6f;IZo'jd:^[(䎼kU8C6ENqF?'Vqy\0ϝ"@@ *@xr&ǣ/fzܼR0 (>ܑI/9M^E}Wc Oq٨}GLRDWޤ@-j;>#=]nGTN]y,#޶Oy%WF!-N)F1<)˸C={OCo=;Q_ $lC ~`MpteU(?i@xXV8:  VJgmrGGPtVǝ-c#>۝[lT_yQJz/a[mWJܠ*#pY[kjVKf5 Me4 x] 3T4نZN;z CCê#!9A#,;ҹYm E`?6i*P1ĐIDhpfE>uB|1Q#A î1]<.Pr3dK VU{Ș t?rd 4}:p#8#`^x+s/*ATFog[=/G慶$b\;"g,7,]dG5 }]=n}x}pu5ש= Q"p]gd:.K殒W~CJSF!({ /9sh-:.cj#:` +-YGi=ع벸ftʈwSqAH>*cǂ?|4 ^҇7JUUo.̂$%8}bg$|Z'5 sce`P8!;FD9.$a_f?O($,6='ZH׽r}]`# WR;Zylh}z"ݑ&Bm + ~I'ݴŴ%j oRU` f j~vze&+TB(sX+0%f(8JC2e6ȰQ hC,0ņMKaJ8jjnXoApZ\~-!EHމ ­;hU0&zÇ9^d:orY̆@Wjj|m ֬j?9S6EX S@ =|VjiE~.Oҗ+LƸ$F{dd|YtFN푣#5ExKgYwGFqOۂl@} ,́g߾p%BaLGxuؙZ-}"ɻ% \ |p<(үwit BdEM]u.bC~bJ Fygͩ'q:'d +̺W{(5ĕ,]@SzX+(5`p,"q镎P]iSVNع'lnXhZvQwK ^NfWsZA% 繷K8}v#a*twۊr彝7?$GG~cP1En=a7g{+ 5D8S N$@9ݤ;AGIn z~k~O"Nw?N(*:Jv!k;bNC!DZFW>l-?"߽GN}쬸oN|x2J/Uf65 Xꑠÿ&G9V ^wyĖ$]9IM#^L,ZٟXa@ledrv/]&aȷF,F}F'yd˼ qsXǿ?zm)<"!6*vFfɒ9B)kB| ѽd|+=Ơs.{.#XI F]cb|,>7IoDQ,lO, [ZCgbeQ׾GVO/`BGRswrk`0r2)cQejvR) 3Lj̏K,B=,*K$,? >}{kk^֡x!můdoȲT)p,;aҠe0^zÏc,HO=lXjG5b&G(AlF:2;9EcAթ%rJpZif)NKSEp dAZŤ y VXq7k֌>2Yggi2UفPAL*JZ5(X&@ -:CZ3s >.9kv;v&%G(7۾^#'q"& `<<^jNre-O\2Ml/B&^:! ?U],vo KXXۨ#bwj~oER9Q22H2.^0&Wӣ /E\Cٔ@{~W:H9Ra Y,):>c>wZ]U~PFHiCg^8-kBv NP0_*k~ iBK(@yD^T/9v3.I| 7 9[1,:N0~9aO+݁9$-(X)]mINJ!N{-TPηJm⎡Lt&*68Ѳ7GؽT0Υ36E@11x)"TޣU(smj"/ȭ4scM:>#aS:u!XբV'AD[HhzJr(P{A34:k,zR ]l`RUϟ}L̋ISܢ9'5}/ݟ\4Akbq>n" <_-dp1 zK, !%@P.j0Z,9C /dy!V}Ԅ|4ѭ)!roo;$iUnt3~}+_֕Cp.qɒa/T>a#ĈƯ )>k#. k;{fGEZ c<me 7[=ˮ͸ HPTz.zvXn|x=BLy??W] )V\\]@Rp `3;<` ̅mŮ鱱:{@yܕKoxIP%WfbP"7}4dBQڕN:/U]gLh_k+]tMw|f= ur [R`xfx4, _mvw gXM&TY^)7lS H/ZUWŝ"EpuJ4 m! AJ4GŠ4мzduC 7;_fҶ[*6p1tK)@xE:D>6Ow [A %^QwN( k=2]ES rYܦj̠^N5?x5DeJ80<&UZO6}!o=WE.)MT8©?eӘ4-P艡&A,{Ii$%ɠ^lj d(EBj뒌] ;B:Hl= yb)4vc8/>_wӕmyLf=Q F^!0ַSN|j4;ڜM5;`QF֓Mxו4E22OمY̭jS;$檤y,;;NdJN.5c .z!ѻb93~l+w>ZC>ymx|=ܭO9gѩ *Ϭ'U%'Ts@E9?к|?`Q3V* vES[VCH~DgGWzpHl(,滾}2a Y~JlR 6ICgm5 ;:Pc~ c$g>/6XxڅN]&D=IA:PlDYn^#Ϝ9LPd6>/3^m :uP)@롌_EY003Q4\?lI p'%[Af9ta⑼ ň0;'t于#ɹqUuvؤQn X?*;nds  v0&n?4 *%tTž:RQ{_ fR ߡ/Y"SX? 3Зp.qMd[϶ a,f\EdXr>V [@3y, 9At'>FAÐ.̕)j|E)? '>gg=D8bbMKe;?G/\{fi>ߣ٣]Rd8Ϻ-XG H[KP¸YvR6m*V/=~׻zsK߬sEY Z ߅"+ "'Z}cۓݯ\41.:lKM}"Y|uu puK|XS&@ cc_e5$`˪aX#kzGhQdRcfIi?ЎgJckk|tP(Y3izMlm++/|v6`fӏgxhAcjXz0EʄĆe 9{L9G݂~Y:iM,9"8< =M^Ն/+>L`'&#dzH@wxW}S8W!;7CU+Jx+ChsQj4Iэ?e·:͕n]uB~-&G"#4@{KЭlhy::F w9G< z$$a d9r8xG@sXẌo ,Tv`-,)5fi=Ȇl1Jjs| ?x!f r@qן}rƁl;{dx8ӥl o&>ŵBb&V=d{Mq4ehg004nE> 6DPGB}ѕ< ,BWӫpzR{$)d@V9`]!|b%ԊIT; 9!>)[7ZX)I;%ʞڌdzPȾBh3dJR17@P ,lOe|soCa,([Q/[#~!z1G 35)7xRxIwr^mh tnKc8G{B}{ŌemН7s½9L% .n-?Kq8^Q(ˤa>p˂ʅ(*@lrhyo0zP@(|ӞnxNjd/h}h FP OV )JN'AmqO1TPŋYv1H/%eJ\|) r0Y l,\x-}elQd&h=Sĭ.Kfܢ 8w߫4 K@|S[oUE/2U? @we]-_dpPh&,"^,Ix;Dm-Pst WQYynX1GvFe3۳b{bS8|! X!Zƭ:M3>&Fǎ75Ih`A8\Y05 αV{V<}}Oѱz1#NAE;Ac77cYz~szk<PDjidl 4=GZ8 "0L2.٠||#o/LJDc-ՅTd, b! ;/#h1A'A؃֠ !s6Z%s;8&-]sNl"L.5!pXBT /gRbbHJpy1EH5E3S*$-`CXYeT9  ɳcvF~co0C!"qJ!kgP赈Ѽ8eSeYQs$ V)|;^&_ &)RXCj7N'&8q@ G9ce!JؙRHGR2l[C-hnxMu$/i@ M6^ hBs Y\ѯ%q׉ĿR+dQ_{u+9+&j-? -V0n܊P{_v9m-aq045Ax{q9}SvF f. -8^_.ַ*rdŘA;S/:FxJjs=vZ0G - P#8g'ʓs{!09fƯ&7kGI10P@ ju雑,EzIDi 1_8b~^.%i;Bz wZEk".Z>qٌ|v,u_|7F֖-] c=z _3|GyR?yO=icdq+why e8_#@G:v}K q% e-eek]3wqC[ix@' 읬BTr>^S]S[SWnH"Dpԩ7Q_-nn?܌_܌`WJ=Gm1[<0msr2 "%D:_eq lcCK^gqyN ;[7 (&2ŀ܁V.W֬HmU $IU O:w7#{ ;\vq+['Lr#SE+FۉSF5#; |`ě!X8ݱfm&̊Eed$7)o _`IتŸ$1Դ rQ93"Ic۩+a}/9+=b:TJ#YzknοY,b놝J6tP,\&ݦDq/ͩpɇ^ OM@n*uMtHtýƲFw 0\ʜ&S )Ea1'ؗzZLѥuf oW1\WڝWY(l`ɣ;ΔL/י*s0[9`vğw2>V;SNމ]% .>Oz6fUG{!)05\ש-Jԭ?_b i$/v~3ͦ@HM~ Lj •*lwP9#Sc20@@S |Y0o@<7I9w3eKчlLwM-sQ{ 7Ի^ ESp{[Κ+ [zUU(=iT7+vz}xgRȃ13Ê82];r?k @p?h_52# Jc#+lN WuohLѣO;9OVOmr{R^=-Ga*^Ժ [QA:-m* & Ńh6i6G~8U /vg6#B2sl&Q>FI W 4+ y5V\ aPq玴y !bJ,(ĵ*BbNyWR&ށm<8-_ 0Hͥ ejta!%JƩ>ѷ_^2( 94dmj14N]֫ p"Y4Jö5?S/s'V!}cW: +jW)pA7f?Au_j>6GsCKl\]^Lu=ŰC}W&t̶ pD@+:2PPEfP%]U uߟi((ǻA; :)'7Qji+~^z4sxe1ARyXmD]3/[nܐJAÎ{51HZ>f(P1,R6NKNDQ2gS` ou4ǒ(go)$!#HvE~ ݭ-͠J ҬU5/%g?~qOo[pV0b8,mGn>Дsg̾߷, 8. MG@)iᱝstnݜ h)P")kL1| (- 3x[CTUemC 1;l+a,@%M>%V;EphvIpumZ$l.Tjɥx2GsiE'I(] 3VO_E%/)wj˪fj)\'?sCG2 b.$ Z{3ڣ;3bk%Frg5p}Snfrj˧kv hGBAE#J A3ߩM)6Ǽ_/>ЌFTn=~1szԫhHu!$\攭<@̊Tp!H64=uhPVs {y[E76C.)2T{*ʯ-O}׺ HÉ/ ]?92 Veej4h`\QHr$ lQruo@5Ү=p6c\@qxor&dosl S[F)zS&ٗmV[2p Мկįpٖ\[vM >m$ޣh<=/Ypp]r=\ΘqFkߚ)ΝXg2>@!ZZXGE],09K4//K@ (:ʳ(CcyK*VA;.7J_nk\b) 7:@+_ M(YMwoYn`kDV`~UYsdY >cA9U|@/A#ѼX9(+vz7?BIG+soЖ=EV;[w'#8>]65; ud+mR zINڙlW%z_ O\DOP-֮کD3_[X3z*n+Ҏ"q*W@@ $ œw/b:xrrӽKu)06I[y:06iIp&,]EšNߐe%J eg:&#"!6`\B1Bf=7NEJl'ܠP' DQwPFD^HvFL$S톆MwP5 D{%iXo?ʼn/z =(GJnxjF\Of˄RB%3zҟ~{^>tb/Gs,E9^F޵RD|&3y-i:܋络KQ;_$I/ љ8f}&V_ ج()>~a7ߪu<ڳicFӏɾ/|H3 A]SJoZ,!Gە}A.}&`Hah?@|F'q_$e{?*w+uOPU,W#\#>iE!DE6}+e~P>>BIQWS Fb7M.{3TS3AZs^1Lc$~ϦߔiK!R du49e#L8BO̯@a侂sP j ?CZ9{yzy!oS֏Eɺiܞc߀%2` R?tAsZ5Xws]uCY #yb2.Oueh,GB=N>0tYA 7]vvk*j"IR Ӧ+9ͫLtOXz;f N&PJ*KHi =ZB3"&>xl vZAuI:p^R~ͺWOA6g?ҞC[oF㲷j j^4+6jh2o{DP0PH,n˙,[4bt |~ʱPsbgc6 Xԭ Ԥ?t+$8O7 `z e^$ yUة W8/$>d ,TSQ* 1l nQ  b²t Z-3Kǣyҷm]딟"FK:vк@ ֝ ]?>5S'AKH]VZ[ϯOTY]-AVԂi8\1۽k'fZI}ㅼ4'y۪l}%t5LkB_GToL,qu)/cWDAɩ*/vKuaɶčjt昘BdKt9D8r@$*U)u^j~4>ajm( *uЇ泃zK5}eV&+q0SgqUMQ݃͑4fX*gIcip g1tyK U:*oҖ=sD ю4t!G&l?& r%1 eoF ?="\T ~-MH/*ljy$H)S w s>A"Y\Xc|~Egl,AP{{FS0;>9iIOD'L5!SI|Vkil>)Z9 #D-ДWz{.a:' e#BZĦQķ{.c<lԺA2[NMH陓&}=ٍ#Rn#wX\d!4yrZ{Zxʎi8d&*DK-*<释qu?M kYbjiV^ HTF24 c[ȲC # 9nΡlzLR#{Ҩ ~Z5G*#:8TNV%=ڏfq< VGtCb#[E1x ]q ;ڪ*]U+(չ]Oɦ>d_/ zzCrЊ^5whyXhF~W}`}>H-i7/v1ڠnr {oQű1={jYL;=kw bAh-Y]%K9|(߉6VawzoyGT15P$5{<:02:ȹD0i7 lD3hh޺dIosNL"h_ > 20RKЁRt˰]AwDK{0.o6К'2˱WcYGQVݫ|awn?7QG6cE@Ie:* \O17vD%?ԏ0,4US(M)^e*#7d_WF~){?[eR"9KsG :P~m*0ԴJVvuiT+L$& QUT*ZH',P'f M4*Z<¨#8`L Tl,j^fߗ2ꎖ Lg[<;XWKH(=XbU0y\Uן_لpi8C~`Òuax܃>x\u-t[*7̵43> Zh=woPr[@-A*ʦhug/ƴԻ ocW[,}/ѥsבX `SմH>qI5j;i9#:;;Wu܎4^y\Y855Ýi{IN G/`OfyǠ ;@lAjR1%^RhmhF^Z`%RR䮗܋ɞ`4j=D۟΄Hmq|5q`Wɒ|QubxQr ÛdV6}r(TSqPO$vr?6QƤXw'1Оx}n 2NtVsw{;i If9@eOe8l=Uϧ)ȐQЪ|w10Db\?^Wh,"47銎AC(Ña)Ϭ&&pYԔ.d?Zfk*><ӇJևGVf;E!򪍦wWPmǑxM_]qjN 9Ejxc!:=!r0Q"ɐuR赐mS4^y.6u+ӦhĐC 5-6+ɄKr@`~F_J;E3A閜9+M|_fb}2zV` "I{E}Ș퍉 <0fR9Z1Hɍe| PRJWt+SrXʬrS܀+5B.щRg -u-EƮOVlԷR1ۺoN.LM!v4L羽O xCSİB,/ Gd9&g*rf}6udhJ}2`էB\ry\@`|z䍞[+ -[@$rlڅ#8$f AkH'O* KRtq#ίl&}P)b}.(%+k$E f( 4_}l9{t$>QD=Y>.pBDcR"k M62ec#Spr7#gƓr( <Ɔ;IUO +3&Dzd_Q+ηӳB"K4אc}ǥczA.7g YH4ĭGx%*;BlJVҺBi n?= :M1Un=nAAMoLgJ&;ͭURIoܪ{~^S|F~ CO7W쪅'"kՃ zL ZWܻDt}HtUF?4IU-h%dŋ) _u}ߘ H"-&Os 㱭B:%2~A{=pnGbئ0 aqjG Ct|,-2=zF1jB>h>vF(qdt"|*5ao _R.?e.ɩ߬Ji Vf'4^,Iœ0Mx\B=lD6GDo{8jQϳv\ᛳݴPmChVL/mkn9NY[blH> -W[?c (*fOԋ_?ꣲ}!%l? ɛ4/|aIWmq0mNJ7)[3d'߁yT"7,|@X^ T fQ=*5a ؃,gU'}r~uGrFsRCSu\DfƈdݴZa|3D&&NҎAMn2jتh T_}5ƃY@PHp={a%C*c剮Z& 41.vs8gQ]~ll<&Tڂ/!ۛ'P"Fb001TMHg.Iіe?$Ve!Ҳg .'E./] "ڛC2-p Usvy^b[Ū3!.Pjc7Kc{OU~WpSy郇Gnpv:4'B#Q_0yo+e+P`_7 mr_[^܋ ngC2UY5  F 9*C@&n3H+LHx3ɲ]+_:i"hJD3˟ x@A V((nT0-in?`PLMݧW-,SpPA$N_d[ߪGuJ3+pR__"u~w)t 0tS fT?g`&}S]Xs}4S/0䮸U7AKo 'pgagRML̯?}jզ*r>>_&sdAPB;O;$(p~H5j>K Mm8| 4lBUE+*_1d^u\+Z;a@tUC.#c"d7SaJŭ5eVfo_#+<JNqt󬚲^޻[Ư~ChC}WQ{I!)W:i=/ܸHWa s(U ҵ.S%Hѡ)yÛ[#A"Vq|кp>Rf\9.T Qzwn˧M! VC8HM4$ F5 devfiYZq Bm'̔JwmZ+% ((fRsCo7nh9 T;HzhtH'o5ܸj_|۳(pU J]iX=72 \N~f}B#҅]='( 4^38VF7!UK}RXoj9 '2; jټ!xYL4kbIROCLzR{iO"k18c3TS>`մIf#$5)?0[֑:w$7ƗI_gG9k NWO|B Et䟖Љ:5r$2&Ilcm5V4IH_,ʎIᢪUs)')a^SMu1']fZ.,C(s[@dSD>d;uLps7^d|!T; 9~:gPyx kT,7k;i Yc˞v $GUTΌ2"`ygBp $;#jn7 N0Z {S v`?,ynwam4Ѕb*JޑNw67i.&_o3L5xÊ]9zv_NY#C19 O춀$/ cyA7;jp*DjlX[!eU3[+W~)V&@KoŒm9җOS!(\2fTXW`>r]F{0Bjߏx`&L0$u\iu5l"7ʹ|yo6Lʌʕ|Ly$Ma KJ%h%|5BLTGZS%%lK:v N@#{e{S+ᠽ7 !ek.㼹tVT?̳]#2SVhFZpakjJ[>a*^M|_ QO1 1b.1`|1.!b RI.ٶ&vX͍qGT ƸׯjnZ3xpA`oJc46݄VSNj@߯gyW`G8Fl*rdzi3eh tP:XuJY[52%mnVNL90jCno]X5eG:3e%̨cv4J P }rLYTZ$l54^i I{H' ,D·DSO^%GdoN#|2ƇKpCTǂ5v%uAu؎=v^"gO !M@W%[&Xx{|cNr|AQ؃ŠY@3߀ E|e',RCٜcgV)mn{_aО9P x QL[B9Ywc] `s50qc9JqZ MqU} J^gS޿VtQ?&eUUM\TQ77Ǵ!\ ɖ_ܡAzFb4Ԕ*\}^nH)t/ ~ڗfB4+N|޲KUC 1M=v:qԣiVb|=HjBǖʟ? JOq.%f_^daM _[7H?uc؉" %$~y$Sƣυa}|^bQl[Ki'V܃EOޘ}_XB!y= ^qy dH@QAHۼ||K@X䨚ɶQ%/Ͽ>G:9)=ثUJ^kquqߊ6cGZ}ʅr@s#^UT-"OWIF#vR8MI-M4J4jPL^(x@#wu$[Gh5SYbݕnZx3/Y( !>waSt- bNNpa۬ l>+t![9WdG;(\&8#h! l+)g; YGDOQ1Xc0I Rj 嶭\@߸0~{ u2C:3'6;,jCݥ+[8*8E2=Ďbg~o˟Ɩ"3"t_q\ɫ<-?q;= /diѲK`.w2Km+)?I 泗 r uNMϠ} }׉l!x۝9\~u 5A(]lP3R/2 Z@Z?.J^_,gDr!Na.gS9dUOmy¶&䎜J̨<9tDv@Gn8k0ә5 ; *52ɜOݶ}cYc}5Ts#*Ue(3#h>|$͡u\~_-]z 703 @`KDD`TT^9F ;}|șF'䡦˚'UHTԼkGi/VAr"3/{UoE dXvm%E<}y#r d|aŕa$/n- Е6儮#DZu=\Oe:m$0S/DV݁\nptʨo&4b*_NRJZL#iA _6tVD(̷[h;/(TPrlFsƐnJEtGyY49a>N24N?rbJȏ|:Ґ>Xƶhģ0.#!=_ɖ]XprBN/5>㤫,uP)CD =C}CYey=uC,׮[-MkE N$׭^a7K ;"IJzI7U^ш#B^'E#hvv. ~w6FrGM`,Ɓ=Nq./J1.GL.Ҩj~KOa69 ́#8aae8FzQAu_*YЇvK`V:V sa+`%ZPI8ym5w@ C=&cmwE䑺C_suKPZqySҘ2D>oۮ ֗{oh]Ӿв֢ZLX ͇b8w5\ \&n'$$yl_!kd3.+\J\y! ("4撾 ;Gh Wp*#VM,ݚ1wjMiIN~>y,p֩}%+iQn_ P9Y;_G@7ؔml:yUx?lw"0:M*B_'fIh?~X~z@_Z5wcuaڽi= D[Vꯚ2΢ SYln+IscFle_#p\LrQvDTiL0u>M}~:(A"ETM?T(\^v(л=OۻBG LJ/.`NJ43 >5vNAq8m"R|oBix?C-6Q NaRcv_R_+v7ē/L>͸J#_Ǣ qD=U$™~ .Q uػ#\yn^;/#H)A \ZO,6}HʖLѰčeduQm`AǏ{$=ϗ~rŒᅮ~cJ m_} p(cg'B&` ύ{kM(lEk9X+JФ ;5dwq%hIiTťLFX6San/G(pj?N2Nod"k~EgTUn_ f.ś8+gpeT)AǡB:hIYT)rϜ? z:C}TB0.nX\'\ò|XIKc_d tp[j 6ɖ+*IycFEO*NRK07U]=$C1%sy1á.;#Օ@>.qn/"P](6Ԉ" {j|1;-T<95ͣ2p;R1~^w,(j߇N@M1'M)c W I)fMwSQ5K @<V[a8BQJev\kt8 Zķbj-jE c E ۼkF 2rI ᑏ/Bp[V2>=(] Y^ Q'[ƽΣ9|Yfk 2:pэYqS=< ZY ̒xWaa*2rb7ےwso|A9qc-⺫*yǂQc T"EUc~đea[QY?q'q]Ig@^."2*`P'3JRy{Fa%\jDbLpVbF(ĚS>.6Z+~.qG y_qOhk#%ၔv3#o!1٩,fyq0ʝ;||`>-i c~igC٭}R`wW1U,S8U/t5Ӄd:&A@zG G!^/`Tв ۘwd9?, 9ZfAu;2&6lBfұq|F [ 8^put3W2fY]k5XJizm[S%t)bBA9,N >e|MIxA?dعUo8Kwu-ajkAU70%H j5cB#aR$~̦%\UB/g*zwѮ*8z{餶֏yYM 8}T[J lYUw"r P:!2ɡk'Ho("|Uxzˑ`q`9SNگ* X'Z1ZñA%;ah>$eVɨ_D|h&kCVE$n&R$nh$Vve ~hp e|>E*dP(â לXOZ6Wcl|UgRLݼ5l.< \~Ih|9:FǼI_-h.dV>')Rt# ~ZsJsL&Fw1U&(m='2P`J(' ƛ;Pݩ5 ;ǪF[cv"zp<4$ "'^+X˟~Y)Sݑ0GߎiK0voI.f?RDWR9dqRCϝD=EFCY8d$.%;U*nҸ ҁ7M)a9a} +WPga\S FHx PBhpJfKF1]ZØ]3VቿKܿPJMN|")k= !ԧj8rWr)u4Se{K8}ãc5%n`Q")f , Ҙt&Uߊ3?Yʷ˰fE'+&fwckOُv2}5j,ƢvꂚQx6%Mb؇20A5fSXں([Yu dVyL jxKCfl͊';#{I̠!FC H;YPjB 6O%޾Z,NY.r|cO_Z)#pc9yZz.S8@ fG2t#rSʥfkHe08 F/u/L!|Cq#X]}m{߇%F#)Jo&G~)ycGTXB#Og"px]rw?G4N~hfUvx$.AeA?Ε*}_ˡreH'1:q?\*-4û*,k5)@.:tUy2 #$Ѓr_r>E~Ár,Gcل?Ҁ)#h62g0ŏGQ ;*:Qp!]p%?}}_*`Z?_,MDHr;1 >sR聆QB,)ɜt^icv*E[/_'ZͷT'HŵvԄq6@@؜ѡ".:DȧUenM+s8^*,,vp9,fD38}TI-n,?dRî<hy($֥qʔ].W8_,0Pv]{_}cO>-{~c bO9(܃4Ia`P؅S>)ũA' 7г@aJL,yF<7p+Eik_wK!VQO?y .t?{4N4GKQ!߿SxY*x$ l(4:1z%7 @ FߴnEڊf an7c H~B橡\ (iGV*LiޑiP28.?lީukF!diݠ 7 c i#`>gfxr3h,XЁ3S'L{9lBm >rWsLaZ(Gꌕ:f5ßէ>ky!P$k#Gs,^^tO ͙5 }Kԧs_sWKV`BTl[hĠ~~Pv:@VC'UĒ$BXcy-W>ZǁW?E }C0/(xW4v&6F4zs2 r$#~Z˴UchT5!a")0auy_?۷Df MZU*@qT (NV+QK 1heKwq-C#."7>w3"uwoGC$քDIƹvnܚN$WJ2AۈMkZ<}7R׍krr:.@%]eLO 7JXa/NlOKA[܆.O"&T̄#'1vYاC G=t# gQ%2KϥCZ?l#7TuҪ+,Ȣ$z-gIr xp.i:]LN9vQHӅ"o )O}^&&Ұ$͙ZbUrж>~_Uт"n{#4* m#2{RfS’R!{IJ,Y&yT%^iċs9F|O(?2xzj} ԋ0<qsYj99s9=;|BBo?l P9Ysl{ !3 =֨N?%@zdLO sh}@ANUZv-Dzqr1 xӿ1&92GCdl;?My_"t$F0{N ywьjvXQD`v9C<xc)c\Ч갆tWql:5>h/tir4ԅu`Oa2& 0+6r4  3NOy&1S\H-Zi"l1[-YnR< 4Z^׍hUL' 3 0f}n?!;L0 fy"%_t7•(|!pEƚeX#LID*u!u,KmmCLu4*@7n@em♈PPKlōFqRP8>h k_a!֓éa\%\5nF'v%aHNOp kQ97)"+YH1O isǼc7?EutDղu9hKNgI#v֊+Sk=^v7^ 9RqP)Ш4[|Ӑ2 8\<մ񉝦 gy`ޖX*v :P@,s@JFzkO)Ϋlf~@F$0jB$f=KuQD 1(*?з`#a_%~}F 95LkFo.V[8]Sq&ߖm'0_O BW vh= *8+^ ܬwkB3<=jR< .s1Hm6:;l槝ř>O{ŨXZWN=^+@f-4?HHYM3~!fTt!] ؒZzbLg$LwNzx61APSB"7aRu2V Y(KQ%֫YtEg.] &kg"Yj ` p(4v[^4q/f^ɚ,}dUqGN.#ɂZ7:t\}N  'JM^;HvjHTKp:Ŵ&9608}O8n59.bn d)y/x |'L0狺|mp7'B.[=K^E5*Tr/ o6VLXzl'j꿤>*YSa=W.aBE&:|Tm7,WDAhϠ=Ujl{568B/j"ʼnlƜC}^Y:X SQ'P5 =. ׌nϿ{Q-reUV@_ ^[ꍚm;Oq +ydThTѶ Ty~`3Q 6x؍.O8$ )p5rP6A$] :{kn+e?VZcD2QBSPw$IJ!1l<=\Wv5 k!sޙydzCaOVa49x[L!giT<ӑ `CeFSDHi)/<0p,>/Nr;?8SV^0 9C| u?(wZ~  9!O}Am8Hs{WH)MfMf(<;Cx )ɀ3*wv|^nԇ鍤p¯Vs g^xDg?XI EEp`#=-ö ?pUͨCNiaC.naM~@ =IKZӻQ^p΍;_TCi hBOz>ԿK*X/C(пf6l6z==Tv[͞P0 zN24oLw~s;GLɇjݵܻ ;hNp./@H8@.EqL HNv22&$aO(ށ+F KSs_R)IMN}gLt`/`Cou*N/ q.,px3IWQ"E QqfU"v.sC6tDqF Sm|vnFia'h 3w]bjP$Af#c brMhp vDP?ü7&;G`vI`0Cz(ܘ۱\])e\) f8M)ќI{?Yi<d6Ed'@R{XaB!m|+K3"CۃcFW Yb}zQZ 1 DKD%qM5a), PW/W,e#:0iv[=* Sdy'+^* r'ô(ٻDOMeFv,ސ8:735&ϫ Poo!1>t&mkKZC}[ `v;7#ܝ:8& 4KL]1ai qr]@R3Qw b|8\rg6ķ4u9OuЃEl9I_ e;_ΞNvQxO{(pTeH+8=頓P "J9Wg<|6*|: 1*#( '1ϿJ׶p1bGbxjČݥ-y{y>/ހ-LChK࿺|T!-PL[~w$/gF|I ;dϏ|TKX|;]~L 佧zU,D\0UbwvV=+٩dkH`1Ό0xAZbL+t/xjk:g8ȎDzl\)➸$0̄0J(fg+7#E8XW39qsXm"0h&-]@PNH'}}f4-\ERK ͌?NnŪ "NDWSٴ9` 9lק 'zG_t2gi۟sxhR vu$Ei$ztS>Asu{Y4Bf.\VDx(ՠtxjYtgI+Mq3't\) u8[tM9XrM ХSwWڰd#+dW9?_\u!0>ڿV#@0cs"(/!U=p ]]V o@DkM+]CN.$mo M{_4e9ݱusxqpZDaqǛ_G'AGnѺ Բ_lĕlhkPߖc?Uwȕ]#~mloSI4nH˄fB`w OEc"2)" {vD(v NJe/:ե s>԰*k"-|猝Q Kv"h#io؜*4 /̵oiqs赐H\?)G؎5t_Ԑ~ǒ12$㗢}_W RBmwDI A*fNZޥΕ@SDH@ӠޟiĪ\Զ.rJU4 &_x.\?08Έu=M! hXG`(/t~Y\0EKCwjMl/oׂ鞰qɕGZbtQ£؀0TT S'Px~YS m.hM<_ hCxD=ylqBIFځw >j؍2TO>aKl.t3Իc0Vx:w19MԬ`SQ /yyo\i'.F(( g>hc3·E=%SKJ! s sol(݂Ƕ܋ f9ŴO-EM輏K`@" VPЦ!Lv5q4p9 }!F},WAbO#bQ& |T&7+F2= kb㩨JJJ bF7Fzn .oHaZB-&SH *Cu6k?SN#c;)$Smܴ!W=rzD'a%:-$xv+1g-)Z1B^~urA ō#F꡶Tק<4dXߎT-22ז}.δ^+JHňs8̗̺H)Y)vKnIE +9#JM('"OpGxds׺=XrzI9?$rQi|^ A'A?maRdv=l9ٷ7{Ӗul7Wx@5Z__-C5e7vW ($bfIt{F+J݃IPvwSagMXs lhlp9a}9Cڶ@$nzӤiS4|} S0+3S' N&8^Hq^t^g\Y݋.hS(El;.,RCGRkv хv*#h`RFOj#dn#\~(gmot%gLX2zh,dc (W@o}R/$*:Dw,HM6(}Мq)`xu~]7wpv0m `ا59 9}kEf %~OУ26u C Ϻ o%[T*^UTd{͹VP,#4P`|@q@І/~r>Vk=Ըe pT8Q9Ww!҅}&%'x ?Β(I`{ k@DjaI$t"tJܐKTsʠ<bc:j)CVٳH*QgQb&jZ4wFt?Kb?/,:pj ڙPXnj}Q8u"dFSnBV7"e0 !pa^c㹋|*iЄL^߸u=(`XΣq*']X? Pw Aw,Y/X6Ђ wGLRaȀl女 cn3抳SK#K{.g>1[ !b o+ejW]ȕ`%޳2Pߡ ~+-eO%@'h\:Wؔ;ˬ+:*aQ[I&1=<*gB^xGNi-;OQӚkᗽʑK  0I $q~W犭JBpM;r,~H/RY+h ÿIFi-cfj2|T`<P%No2ӑx9}K:dBSpbGh@L|@G0D!O =MK41?E4x D8OۮzEQ_ 5H|r-A%+d7&u# Cr#Mv N&seu #[݋Mg2-D~v\ݤszcV(G ̂1S*R{*73fE3&zc-iriwl'ZyUdc9rXcx*s w  FG/-%q $d3N$ :$. < 59-wʾ$: ,Y3Z`RMȖ-F>ni$~"9V0qw,ճjv=+ z5v)>EIѭN >*䉲knp5yTB a9m$fMJ{qh'3M\.ɺcJpG/G6Atж7WtN )0KO{>5'gIOALO F@ ā54-|PfXS%0_c#@nH.ݖ<Y! d-178n7~"%8Dx,sbZ@.Wӛ'SR!t^En5T5&r< ¾P~,ED/ p.'e65Etcn$:l6X]sɣ1@2LeNXvH1=#ʵw7x6:ʪCM7'C9!Hƒ4ď᪒U2q Γe?wj Vq"|-c<4 79+y7?<C`6f nttXe_Jn~Z9O .A/ˇ\{Ƌƨ#SM_(p8w<::<_H0bcў0@ N&-b6|؎VMhdTS99؈;ۇAnk=*偿zo) A֏(-:|$xNcS^X"51p~-Zjf_CGԴ !`ɦxBkJwPؤ`7.Ñ˪yk`nrjMŹМr*yȺondaP@ H޿e=<_O{:PsWb @yA #@^0`tJuiڟkxT3oA3WV` ՌP%}2u4Y+gt60bþ,'=|\0u*i=Z%zhr, ʒ2P22J;".}/GJXx6JmK@ac[(#Xcn|mvq{~0S4ų=$$3UЌQ[(ΌL2كQ8!,`0̖"N ~ԥ 7.l dMpJrm7m!*ݦZD|-00Y6>kTd}.>7f(7B{gYRSb=:qR_ '4DL7qlg'9s{Z҄-qlYC\V~;9"D3-•(Dr/Osx$> 4ce WFs[_aKڎCGlvMT?wt\Bln:)RCՐ6qk2lcAմBp@% [Cv]@fIA=>#7|7LAo]*=l-m`rV7Ë@o~=oN^NeZ TØcb ɟsǷ* <`M77{GlB%ft-ϴ{˗Rb–x9F3,7Ex>ϔVumx (+Z^\am=K4!*fċ47$Ơ*Wg  >:fp?o"4cco1jx2(Rz_=4@#I P" - 9WnΙ(e"6j9.J0C\5vB:k$ N1 .(\UĤjfe<%J~ ڰrv^M -<fQWsNdSj!Ǚu\kĤ3)@¨0Xs"YxlAq7hָg'qm<&nz$ 5*”w#ct$i35v)0c U3-;I;:?t YbF6{О}C Bܾ?b} t?Dhz? D2=)j i݄exߣY@т ĴT~ْ&b|@rN[/ƕ3of“M-/lۓE &\a[f4$ ? 4 9(񭲞oέV5HT);=NjVwć :_Vbŋ벽㖌,͏-بykl:„Ԡb!7U9c²YZB=D8ÁBq_7QR<@L(<{wURAقkt|tyuRI[ N%,D סթF,+PV,W76YŪb;ԨA՛60`&>DćvK~Sg<+O jE>4ʆ=1,hңɄ3OgvYSU_lӱ_6PU--S.`n`5`3XӪS@0( QdXkV1rs*D8J8寯4;,"gm.Okñ@* w8IU݃5a4 2G E~\I!`Y1 NBrJT 5ac[ e;^*lr@@qEdqjӄ"7ʊMd*{[P/ #)^|+'9_v!޿o[ʏ] +uꮀ8#`~'c<\ 3.sbT}O9x谨@` F, Pqzrt3rS3\iN[eqE^mi|ȑ6 %fpz6G{F4=;gbp?eBP Nj?g&x%c$XpsGQ1x!_o= ڻWJ(:颹(¹c-J)L[{89 7:OVā40K۝AD 6N|hm<]ë[G-s\/(A$5?j#inѐ#vr䘋*eq8H3W$*66i+?f`iRWZ ^hZW[PgMWg+5̎M4;[O\Mh <&z680)nBD%*d5*FY`rehgI -<我c-1lN0ђ4/+]J<eP ihK9oWtd8pVM#vx(LgbA Tk0ۼMyMOΧ2X,6y[-q^ԺѾ{`{oPԯ]Qvoy+c "[bJ ^SJvNJZHQG GS))w>ӡOQ@Ď,dK*4 KOqj7܀$2K) v Na ~pqʤ㷔;SlЌMy dMS&}3@aiJs5!Q ҷ#۪_+&c ?$cpG_ۊ)d„]*B q3ĺ;IGfsGul˞yJ`-ֿuk hecӹ 'Wzu1|~2r)nm~+*yc̵Z )Nmh鵳E*6vd&$J@Q{ Vic˩03yLO%Ģ"c wЋ=c0]>\ŷ͈C0Q i.mxvdcX뱒e"_tFE1kF ɐF 1'0p8Χ3rc\PdY}F8 gpT+ǟKdNZ1فڒSG*4e)n{bF%Nھ{mG#T) }]t:$\:f(4xY"DG6c4"6gޚVU@( •C ;DVy-`"N=G&egc{C3xPB׼fwl= I~WNqn+jܔE~S[ F S)_; 3U>,., _軉Zi?vxuœ SB)>*x@X SZmz:RZ& (A4/<͛^}YX;r2βX?C덵.J64'wAELsE2a4vg*9 _ (1E#|QUHo] @+#COLNam.;h@CAI/-ׯ^ 'I.Om|T:Hvaz-(SAp)է]p,-D:e9KPx)ll;( ]f/iVVLL)w=U[Ԝf[Io-Y7X RXTOPpsru-d<3ΛtّPҗB;a'/thveaC7^ϟjӴ4ǣX@zfeAMj(c: y ]$Buaj}HSM^NlLk[ꍕ&B";vNT~h_q*S 6 O3WSr9A|rXspeBt)WNT\:M_FAp]Jf8͹^PG\ i3"pLRuAqYԅ@ E+ӋUT(J}ʑduIo jR(t&YY]['Pu鄹PiRJݒXdݞ\awXtR"(r x\$[*eC[n?4x)%"Z26j@K~&i -%w~q67]#-z %51%pRܨ1T0bЃO|QB+RP /uJ^vlIvhk]UÄX& ^NMg!97jº-Fp6B{pW}Hŷ rC0e,#ū]PciWBPOe_M&B#wacŘ#ֳ6RևjsOt_fgD`-8tmIȳp QB%h!{,_%}m-Q>6S0Fm~6ywʎ;XgTHR樦ȊSk"@E_r4f7[m߼IC/y7>\7.wϽQb)Į(d8z6Rpw n)7FyoNsLS:U&#B㳷qlƼ8muP{m¦9oy.(gnb[$A[\"q̴Mh|jEt[YOR|R" %y,+>RXfAyv}Ӊ\t MoϞ&)R_dLp;GMF//;jBWEj=."WEۆd8hNi`vPO!{Enj1_6֔kedq}xtkpOLe ^i|]`XRY1}Du Q'NjMG+PUEroti1(#1uG]n%8\"x0WڭcjHY`Nm U$=; oާ%We8f*[.cEڰ _I5җ2-ղ}ZB =|ӭȏc1 saZpj gK"vLS`) D˴G\l͈H DN<~1]9dTVSk+یįz鲏 l$_LiW32 ϵ(v9r- J‰SY5"#sa沚6#oԕW~bO2rK4A[3oms+B1&|,^gX>,D>sgpot/dL !;X5ranB.B<۝ 'BJ؉1/4cfx\X]L]Iq M6|ާʙ^6j;Z9AI yf?!{^ఝ W +?L%HpwG_i`98=a- Շ4>>$, &3-)6(P,A샍Fn}GR*MF7;Չg(ύ4YI"صM{x`2v1+BAUX !㳯VzRHLÚ䟢9 snyQMK"jKҢH6@pyOb݋Jk<0liMI'cqy3pk?rvTYD:!bŘ&Hixop+"6ϸ8{VAX~iy¤WlklzQonx ֬ b֥R@s4Փ/YЮ) wd '\=&YLQy&jrg.V}fd#;<^FkU*xB蕷тi WZ.@Xmt0vmm <̥ s$Kpok9JJ G"*]\{HT(CfS(8]k`y$=EeΩc;)Q 4n|AcF[UYMMf,uҔfg)-xL?':dUvP j @vaF႟`,==Ml/P>CjrM\7<-#L uz=UGaOZ11k6k9"C A`˃\:&Q.®Is RO2O=gd|6/9`BA<-sX1r eId;:R\Kol\ ܯh|ê;nrߞiN߸r^J@잡wx5̩8kSA_;@-uALUYM1GlRy2[DaǜcCᙼWxK$HE/ ,( 6|:pe1S1uȬn 49@_H.Fqeu`](z>)"u`Ir:PezH6*{&؜k_/E2~SnAʑ!tC,xkR1m2N^~_(1B[ĸNeA@~sʺn_kW0_($# ŸH&pAt%u|T:"`F_2r5tx{XI7FLS %DяCi ,5_b l*E{X“ϣ{?f5AjY.o4ciudBS8WE_3)yEѧbD-;A-(MR!K~6 ,n:;r'KT蕴@\#Q6$7%oEbOh`մ-H6ha>={ϸmg1P\ܚsSU\T1YN(Ұ^VCvcH\IL[N5/woQcYm;ܳ::YTxnLllAdz._qhNq5z[euM]..`{, f,]j|R{~a=g^_972?#aMõ\f9 O|wLPdqb}𽄚ހKڊ`u)f/=dq߹=$Hܺ2gI?Iܣ*Ӓ 3 *yP:^Ih$s&9r],pxU/eэݚ7#yDف-HH|"KZ=gߤ^)O$>1[uk?g627zBEUr,6]iM_o0gňL ƒ2;}*bRSyՃ÷{cY JHe\WJz 5$Q Yig5rvJ}7;&ôn<.b ܏U$SbƦN,:SuZ utwӊ *15fQ-?fֺb XQہD='mkz\wWpuTGi"iرz鐺.y6h۲53{qqu"WCL#ц4I{ hq@)6B0vzh})*sn:^9x^|)w4#Ez$+ v:o(`$+!R8(<δvgRIg^r5͡\& F[ ͘r@+y|"hTd̹HiT8wS!|TjB;PB&.]~nQ@O2. K_7KL D-Ϸw@jo|bj(4Z56q_>)lZܡ:ƺw^F# 1_36GoG"LZrxU fq_0':HV`lRA,~STn$o9Tw)$\Xa9 zڀa |\^z6u]Vb WyRjε#tuOK.ĸ0l?J4Ȳ7`mM<ىE{aCR?oCQy~G)v ǙSB-O3m2pwvRÃ~|޼sE* i *Ti@QTìG=ٸ(?t$-"r*Ki8LzIixRD yO_t WM$#>ʇ'pT ˆo%~-Z듳/vVד#@0- pR{7)NAtȍ3(5fb~> p~TSMg :#kXVj  h<,qmx)6.`xRyż p$g♺ՖΈ? ô; tgOZ_3Nŕ_>na(Oe5/.emC!azEW nyJ`֧!A1cyFJAV':\5ѴEpRf<|@}CC'9~Oo elOSfGErI`hJX>䫈m^3;BP@ygչ;E- PUkDW꿴AWs%^d?G]ɔ%.Tzy^-^ڰITy[L6xѻ&3iB0M~묩kH>6Ж.z(qi]_ &pD郞^-w7Nm*8Bf!0+\'mcUFBF|OՇ3tȦT긗SBŅPgvܾ/}Y趻7<5=ɕmaəR-o4+"mS[#]jdw/f- #JΖӚM)E\ `bZfǺ<ޝ7tёMH,]nn4';O>h1X\(42N m ɷ{s&gֲZS|ZIV D<ASDKM@MH[kin׃Sh͆)O!q@ϱBHXiWd*tF7{+آul!y3Vy 3G5b%2:_)˷~ eڍ|`%a/Y}Ȗj'i\)D|^7|o3X_=.02mY nu7IT7(W)_sy61=ܚA;4XT2hjMĚVm`Z["sK/Άv16qLRIL)fͳB3FJP&nvdH\̬Pw5}[B2`xXr%=CSD:o_kv| ؾz?5;AZHqhw aT;~W53*< 2GKt_^h"cSd4#u{W(r6tm9IZU;o'kMd&ۥ,Xǰ0|2^ ⼍x#>G\$tUrY(?Φ'Oi/ <p<Πr)}1"%Z`0 J=9wpZ5{r^ͅ 2a{hEpF50-EmY&z N3s^D%~+PyA3!M{m򥮫w@oCh$NWO14fqR*~USqa6q[=òUU$H߄ꯏ^BFTr0IYBܾR`xFԾ7^KY<+ EEm1®tRnd-۞hw5b6Ӫ5GYa= |ˈCzXuu[nŚ=7tƳ?n%Kl2~!Mw^pt'$"[FՀc94UC{2e-r_jP?R3xل{d8NI3Y_5h@L Ж| 6Ju2uQՈH|x[>~NeH<3cLbvS9 ϝ`*w\cGP ʏ6YjЕl@Iò< ]P^ y%@olc3Z'%M^e,Baգi/Gej4a!}TY|q̀Aphicl(K#X؂I7ezIu6Btv |k,.\ۚ#5刯'u|nbQNõ̍jmߋVSL"!+'L8 Qn<ᙳ管Zۃ]Qm*z3bUAcwLpNyJ%@ވ+נh6d4COwśe Qg!>aRlX4~O cN@]*IYp#Y 킸]sԑs1sȜ9zZ\|Pv>g Ym&{ +3H4.]sxIa?g1Zu$aya~`y<RdZ }b$E#@ y$k2DK%^X@[i4`~PFsΒ1sT ;XQ8F "rȵi#tM*N1ΪAkș$%S1O  E׹#/ M:x 8mx44P0^ ,MI,;` =C50\pZ}lSeq .l.l T9}ƫܲNUFϪA"a Pе@ Wnnb(cH 7@;K jts2K9?bs0?3F]Q.a7d2kvvon޿ W x1KrxލC̹ȼ|ceBDR̀Z-Mwƥv2#[$cYFUQqa}&F .qD= )e 7|.)MW툛y.P5^Է:SmRFgLw8D;r.Iv2Vِa{=yG_Ŭ>6, $ȾkQpGO;=h_'L(} .& پ hc~m;Nz+#?G%{$w!RBP s5I[=QFd+kW[HHryW\tQ+7|PpAQn d mJͳpK%I0әq\&^#qu`ĵQ @72L׍)rϓd ȵ_-_N/ic? f]lta1ArӾd *;3xAG uaAD0RAXD#T#/2ɣ)RhM0E;a֔Cn.\ň *;Y2 5Eip1XAiߢ{prB#x7Fy$dr+{)m,nįĤ|-c4]K}㒛dIp2,Bh<4 EiE3Z0rXK TDVe' wf P/\=X]i~Qkx 1L˭y0BI.?Lz`uTc**9RN#:}!0%WC}y9їa;{GW6%0(N 6F{s+:W@J&zD넼Ü. #U/}Tm6gtn1 kJ#}MWwtZk$Sќ|>?r x?ߚrzTWpHidpizNlC|Z5ucjC ?پ\|6QGjLxhXkƐo j7^gDn2L2Ҷgap+9F?庼p/cTggI=} oҗw]}Ҙ }8Q>'I>y줍 UJYV?zxDL|75miJM8x _O-Dp /`H Ѩkʣ6 pɽe6EI{@WFGK˒*-Ȏ& h2hlREJwFM RſUfaܕR|vEYb^?oqf[k0`a}"Euye-<o~fA6dgqSFFP)Ӻ{@~ȩ*&VN}[PN$R+D#OcG֑n\<R]'Mׂ -p_3gX=T y#gR#O΢]>q rY} Ie [Nr{C /\q .U4GpaRnAQ S Il*V']aęU7'g@k; zP"^IdZlOiX{e- lb8h]-%}MaśN̳KdPߋN6TRO,$s6wzǓgDzqKC1L˗z_f!5bYn枕y ԇH&>3:qlW<ۼ6cLeJ48R3X.B/T0dJ夥̕P}5AM:X%XɅ&?2s~M:W |ybpλ3*Œ˹ & ޚtX{Tn56A4#/VSXXge! 2J [Cvbr^ !CT+YO"꾿>TYht^|w ?E@m c=yŏ:ԇ 9.uN ͯ3}J1܏%y yч""=!?UR__-ԻSwBW[q;K|UǑ 2g(AP}<4MNL)AJqTtXo>:m Zoj3 T(~ 9giAE2Rb2N<-cpv/zlBbE"AOФ=Ďp@Jxd½&سcTVI^<XRs%%C\Q, -gI.{#.XT8(oƈ6b2W`SVS0i1mdBm*~Pg;BH^UwB߉w5$q#u;C-)jqgmuҚPzxqLM<ˈ5 4)w 暗2sƊDRb@\o 'B!pMO M=P /jo^KUaX㷜=U;>Fep&.ThBjZHk$BS89pOs.'3γ΃O=nƛWzBT3="M s}?xJ:tr (efȥ$rþ޸"0?&xE /`h "Ge^-h+ W[pZ[BA|@uJN5}6~# ųʴ{L+(Q)кcZ+Џ|j;nQ<%n5 rx>t-L摎3ς$%J(]0KgHz>/Y|^T.pAJC#IL)vآYVް.`>7U IKaΫ:pwA/o&P Nܷsv3g˾X@ZkE"o](OHȃI؝ <%ǭ@g g7o\̎rߋu:B79PD][_w0g<];iEϹQ8,eE0wz{C"ahl^As[0h|:4}:Zji`4q>-?5vӆɲI,|-:,۬ NРnmԃn+bxq7; 3, =.PZ&UdΠ j+FGC^؜5Q;xWxSCO.Fja"'C]w 9T4l|25wԤJF!m%#J  cWWMQ=7sL 71Ox$^u/O7W Yw!R$S;pk$ٓuԿHA/ũb|*B&({|ũiSe9Hµ%[Wa3½v|uMHxࢊ֘yֻ_N!r|s#JA{ h}0#;eO3;l|Ә55L #+rӝaydbXy8خP=]GM"Dp@s#˯=C lm}4ࢿj}$ R5=?e 򶚩xD[ } 8y&M8åW vFeEpڮ%DN Gp?fYO)SxamJWӶJoJړHKX􇍾:9V^D(mQ 6NclBVX^+lrO#h}"ʠ\F`)<}XE~lN.:hSA;Bpͥ"2kwBk&ql4G u?a@rM|iE?䕶k~'3k8ܘ!6 DŽH"g[!5Y JHhBkϞA'mI30(:íl oD&tlAaW6 "k=iݔ}ʯXzX ^JdjV]7߯eHᄉSa?QqFEd' ܶBoo#HAk4}^"]؜?a 8MO񬋲Z\7ӄx͟#] AsQۜ1gƷRhlg"p .irKnoP%Vy7 p;/ (אٿ( \_r>\dy6JcfR\.HE&ZHipuo-px'J\94>7zm?ms/橻zC/8 g Ϣ^b •H-(3sO/; ه ẁwk[(>Am(8뀁T͍PzbX'ZwCX_ JRJ#DIc'~$FZccu.@̸fA+0n*ƓWsF nsY:z=IA JL龽;[NBeՃ ng W4ѩOתv a10P;rt~\돔&vA*imlb%ȚbsE1E`~՚o&51~tVkYǔ{ IyaJzϗHa+p!z2ܾMX&%T_ 52zbCmD;ezL IE N4S+ 颐& &xH.2XHͮRq!ݘJ>GU7݇Yq_~E֚UYۨX3TgSƦMjE靴l}{j:saYW>yZ|b.`UzѶ?&'N1m]v4h(ڮYg;[W*㛆/aT^t Y`JN01SԵ*7.b]5\3"anK (Ɛ?kZէi;~%lI&hDl?it,SSDȖ2ìL%Djp_b/ #|i_F~s>>zn\)vWM\S@lr=l1wFfP[R 5i㙴oPں?.XW U tNj?0.WMKvҤ.8&>D}ɔ~q C FY4O4]ƗXFNs4ƣcǓor!)Y֨j<MQZ|0z`ơΎ$#S+F%~,m:H:3%'e*27 J QO!y75XaYOa{/U *8r%3Y$jmxS -:xs;$Eu =̿1]Lf,\V#%^WܳvM24kU^R$b#xAڬ+=OxuYDr&xle 6_8}F0N%^X@\7kA1=DJ_#]rf]9V3XS>o&W!GE@ ڽ(d!-DhH* M I/'e.(X"~X䪕=qTД{UkfE:"S.p*磾3g -Xg,秆X*/ <]fv$.mi'Z^[Ds%ƺ*qexp/>?/TD B6p ,ޟ9+ WߑTh{EnNK7zJq;+'l)*:"DqК)l\'{O3~Iv}0%oEo(q3`gJ~|"+a)\L1B%+LoOӚd_n/٦4{P/P,1hio6)P-p'ɶD1~ m%mz"v.v){\-z|SBwaR뵯Pu[_"EZ4fNy?!27Ec2]f^{C6͈Q TQI3/Q&eqĸǫ iW7(;;=x}w#!ݎ`NKfw$qUzDλSɔN[#ˆ~h'6̰8A%>Ar"TftKIREs `yZ5R/a#^R)WJCQpțP`z&חdHg`uIcKުlfA[JI)a}2X;ٵC涞rc,nǮnR62TȴW$˯禖P~{' ҧ}p` 3> $=-α8`*mY93-)CΝbā/0![ /.Sy)o5>ɡ$ ;'ʁFFà-f-wSR4*i(HM^ NkxeH^9&콵'["nV[3/~m&C6SP Ni4iM/jvvN"tf%!c`-X)iVWDM AL9 &EĬl\>+cHJ"A^ l"9~P:VKxTzVsaΌW?3[&{,SZQҫbH# nHtS|ὣ6sɌC>\<7lNGF zTMDi16L[zO=fxÞ}@nE¿`>zEr≁qi6'~+o XWT0p"eLE vkB)c./vomcIhc ηWDe!Д[Y䗚|Q眨w/,0:UPAwt`k%]I;m8MSp*-o.v'EGJXav#Twmr5-%O1<-zP,G䓇K&M[=B"//k,2<;7 ,QP0K> fjX?NckʦD$9]5xvs)rYj[-սh$\*m%\EM姊CY77ossi?؈/oWڋr!DC1 {PE4"q33dٟkG?2'_~[ـսAq/zn=`y<{E짫ŮWCt*C[=v&%YiJ6 .s^OFMdmA7Y`j,ip=-_{dn+[J3؉a ibeեaNKgshLEε-hGWP 3D= *$db&ݶ#vNF~]{s;GdsfyÕG1Tٶ-hKVxJJȨؕY럸>AZ( jQ\{Wi_i"ܺ>#'lRϳ,%]@*gۋ`jI}5{*g֥:n$įr,})|q/d+tڅj7>I4ī60BW5>'"&ۛX!W ΅4%A6wĊ1X_ M A3-o 5wѿ*lTMb`ؤ;$"ISpiVV-3(!cpxDeg&F+"mJD]iCHksvkGەŐ+N $>Fi$!Y\AYU4Z 4(T&f׾IvnZb ەJYzow}ƀZc S^~`tdӗ 4(]hA"В&L."2B hц2bd\`@LIo96+"d 򫿤%?u46*7]g<.7#ks ^AKXo$ ֥ꉬnSfOb"/8ދrl%e"By5_JԨnlX 6#2rN(=gS(\ !ڌp/!W>kW953a; \qیkH^x2i nL &[Ws_se6{~f@-޸/E/s@CP}5x<# &Hߴ"'_CUV򓰯4t虤gaPm.ݯDgK1xnBW NFI`JѶQFqZXl .U# vvǻsiץP*VOقƘKDv@ٜC?4鳦!j℺HVµ\p|㐧)h+m2$|!w=VN^i`f5_ewjY;"q 3,i {'QlQs1:-gڨMQ LkI9-;/=d1+^j"hN[;%ȒXh# aҞ Ȑrk'1d!b5E +v$)HKo.g;Sid8#_H#6WY;p]qGj(Lq.{ᅣ@JVظ#}@ 1A;:C7y)Fօ6(&t/^„ã5hiÇ|8.ۗc2>u`c{S9"c9!czyL%\]I-u Hs.Kԓvª: U=,F8_J=.Y/ Ͻs@!pʠS߂o) -xӸֵּFawL )Ouj>ryYiM3RkY$NT#UtOEmB!hMZں5pl{Ik<ҠXIl~}}ϱ}n_(h᜔Idtp8&i:䞴؀# R۞ kwg4Z K"x/Tѵ:|p =ٓ|kZ Pv;yP}]N񃭙 MLT6WvJT|; EX>` KSoX2Ob'V2?N@f__ELwO#)+D &o/8MWTyH ſ$qC>>H[o{C/L>_\MnQo͵Z6xqε;Z ]u:d˺\ -y>Ғ[#jCz0K!䩕d׳iBpΗ.l̊kc.ӆ(}b9+/Fw VJE*N>q+Xh)YRaoqZi3{B`-~-̺|j;̶/Iۀlj{`QtD90ݥa%W>=IWpJi5 L~:i[ nbh&fY9쾈{^-9E}Qؓܘ8}ȵ1)INMm 磗o gZ; i+S/~}Lv2$(H**rOz]H}p/0k3"ϡLWZ QZs-0h2#U̚jg^A]L$SUcI~7i#wseZX].Ańe'6V%q)0 #իA_?^z/;S r.wY XQKsxΟa[.IKiNq0}{]Ç )GAAj+u1U*{W]4a;5d.Y@ sD?0|s;LAEQ 3-PLcc,|KwBy\XL7HoIXȝS?\uk¶=Ų+>(h}KfuRj[r].ICbXE^ B ]NF<׎Vd6γ+̑W 7 [!A5bzOsF+tHmO%m:J~2r&ϘA?3{O3Y¶O)h\B]VtDMtXhZY\T5 (L.$>ޮ\\dJK`G%)O"!q kN,Yݧ ;i6Y2rPhhNѾdlY4>yA} ' R( {o\]9Q ?ñWٙVl5TG|wPg/$w,{/NmXoίYB='jUT\ohtq%J PzL61UhuKWbA. WGgE̤sCc܆l((,Re+1Pt2Siq7^5KZ˰a\慴]6l},x.@c)>;K;qOh-43+(ph;ͩ-X'aC;jæpY/2Ε6R>:dw⸠d$9sWu`ǥtS:4ob~4E=4VhiɼG w`=ܾpI]/P%ю{m!{b+ƃ4@7q y>TEpl/kR`Vg~gv5׾mZ?m]VtF:'i*A&XuyO& D^=;GSb+D9fcZ?s!|_$ݼVn\UB(<=hp,7YK0T+LD&TرLHVHVSlCIng꼿S:\`9uEkZU(kAynԇ3 rFg:jlSXon%ʑAW_4svcʼPVB?"YWJKRmw˱-- T6G)THEB+,aA"M/IЀGVF0Cd.nC+໕zD,UBTzաaf/@f¶MHt]]+S}s& Z( jXIy+|MyLT\{ 8kԟDDNX틔&$yXq ߲%ht 0ity^(R4(;VNělq3K[-Ť J g.΋8hSWW.J]T;D4O%4@ '5*DֺfSYүw'f, _D[iwʗ%ٗ2.pex #{)!T4&8x;YqO~0+M<4'K6i Vk񃫟Ut_ ʶ?+ ,$Duq Xa؟cdH[9$XXEPI%oQFh 9P&h ¸ssԀP~Ƭxgl"sGٴM׋[Qc|E=Yez;˾]oAἐqJ9'%lD?Z q~`' JkgP|hHbI䜘{SY[!q<'.q[TR3 u+addun`wP,u`knms֔E0BE3!_!>[$o *ijXot%62`5'DIEAZ0I lēZ!q|-Kv%Lp쥸qsymO /3u&$ C4~"Ig>ʓ Aبvm0 <&W_Xk(`̓'E]ci6~Ax"; ?)rt% V:E 61g$Z P$^GΥ"㊈ԆkQt@x#9AS⽩@|#J ÌP>a H]6o͆5Zw;$);jE~0EqҾٺ-[@%ï}Y$+'#W+D58~[p'f&[CScibK#MR<#U#3<8+sA,w5|]\T?[j1~)gn*rNڒh؄!OAKOCZfd}@CQ>!} '̤EqKN4xwG>pFaނyy$HrCp uֹF@6IBZ%dD9aQ~!!- y(kt'`\҃yɌET\SKKޮL[בvLQKo]dV%#t"dpY?YДһBZnmuwk47RI%fn i8%}a3Fa?(/.bV#L)Wڣڵpsj*Q5aL3[YN3"DiyylBYD٧iJ^A'֬Im@ybT^ -}&y~UTko8otB^ \s4W͆&G#2ln<~|Q19݊LM$B-4IsD6l`(>@C΢ÒTXm+RnQs8돝X,́&2\M"pOVhCU$UrF(9P=vJjclInUZ4 I#$@HOB5/.JXrSwEX& J x()W,gXSj)W\ ֻ4u o|dK$s%W){3O *.Cxזtxq)I_T|3^ØԍEjyF#Y3 T,(>/i*j){U4r466}ޡZwZPg]AB<鄍+$\d z'7C)yh ݠQQnh bnEwO@y1ApcTrߨ7 }cѣ0/"! GypZ}."T6U`"Hów n:l=q #cGv\q^ EzOdY;'2l"г?3Sx9^{]0|4 -[3ɹ?-EzëAbD| PA8B^f\*.Y5`vޑ!FB$4nqy]N 瓰 2L/%RU i" ^$W2rc)+E7/ckkI,$eu79D#̠ +:o?W} VۨgaQo|TTzRفOeAω=8'&w`4 BJs?)PuX 2Tי"5hQFfprC~e|q1)6"𒊟1s9eiw9¬ ElN<}V&9. e&DR⺍+b>-1Àʼnc2N-w3 6Te-{^60XrG*0w!D=!I%=X9 _ūWT;@lCL8 AnFovQieL7cNIz0zܧji98V]XuOA )'qPO ;.wH‰rL-yUzpucHn7/maQ%"޹ar5sAxiy+Y3L>녉[5|>q:xYc6UHAΡT u.0v]K+ LQΒeXg[҇A7Z-Z9dw;<MVՍ0n8ymzVYT2빒/vRo:A~5^6@?0DSFclžkw )#)|nP8]%g'F#[w=<%peQ`@Ϝ#-]4ՃfCKPgSF=1=F+B)!B [̃Y/'z'@0YD誋0~֓.;XqԱ \5tgQ /La{/Au Fzȍ.n\VywAYYZQ#b4@U@d L6NJR&—ë*r [s R._tui@DqM$8 \+,ly?DkK 3^jz[:'8yUB򫐻*u{0a4c9rҤA'&S# **MA>.{cd&kx_ΑUz싒 =0KRDlÞpS@z UjE3!A)*<E~W Ae7XAK$= |wTPFlTLPҩnIhn L(EX$)%> 0:*k.3!rPްZ۞{/7ŴᐚRT4C'=Me&TVƘ>G~ Mg1hc61 {qƓçpBו8c$f/"`Y bZeGKql_sEsT͞  +Gی՚lL4AQOX;c ֡|S& i޹Οua*OjԀ1]x(k)Cӫ&-J/Sw6#ko4\%a(?* z#9!FI[-IMt@ɇk(Ї $o'x(үJ q&}TZQ?%0eS#įQ 8 eSi '4)8YZ'.js׮P~~:qɰu{_&u!PmuG᪟ٟD2T]Ni ΅Qqde"f;l*H6(=b.1ͦ~ݙl`p9-3ViD~)?"QFB_Zu N+Ht%|pwa9, Z)LWOJLE1 eyM!`qD|X1]TX}LTpƵ)q}JOt<R7-|$jf: BG] M1 *ѧLk8 19Hj]%bNt7op9/6FjʡPف&SE4I !A)O|]hx=+0; d ˣAx~; AD f"M;ĔwnRի΀pCC,`\G`qG*o<ey ?5HZڍ7ѭ ƞ ԼEp)[ @y׏W/Cׇ 4Gkk o^pKDJбPUOZ̒aew3"Nl@ҡkt RzKA ̿~鼻ttE[[4=.<@ DݏU("БLHQ! UdN]ѩlŤrs<0:D|!tD _]E]J7йn7y2VY*6D9g[@{aنM0u҉/5*Tkxv72jq1>oC1f1'0ZJUԽ=Q1۲cq&{m(?iLGUέr1jmh-]CNp>H.nr-gg#77-˴Z Kg B\Qxrv5wԴ%UbPxB1ٖel6`@pE2: ͤHԫf8+/el@f~MGW!8_b&'rni*kH<蔧wݎJid.jH0Z*-n{Q}.5.dOEC HN8䇢J PF5lsF+uƹ KN2gWU9!]{Z2l%JZUt:Cx%oO%В(0Am@vRA"u[`IHp?HjW8<5#8aӢ :y%U&W]o*G9/;fs '7[n.RK2|wxV>~^!_X%uSQ yx`BI@j'PGgжDz{ %igrgJv"ڤEQ" lҢ|'YTk. ] uH-X8U θ ( bpM E$r *D}PW r\^%_i);N&̉{j$[c^Jfs-@qx%UGL?6.=eὫ iKeC#qdyO@`Tp@kesJNUkbE}IeNS(nd5@*\`(uQAQJ)B 4X2≟}#*QT X_$iAadIˁ*5L}I/+oq!ա#C*ٰ]:ݩ8k ɑˊj4H?`cZH(vO-F WW3f6ׇJ8tƭ.>`s%OH=Օ>8؅>c/vRVEc1S~`<}/ a%qޥH]Ɋ6h ENR=QS _2჈Ӿ18Tqϳ Wb] Up:k|Q)!NdVp|u/i0IYr xŪ*w](W1H):/6%uxvҬշ,$9 G6ҙ,ՋArN/fwhx둓:!*gqI -^=@{uŎi %DcL}G]R9^~.0.THë uK(S((v*MdxJ+bĨ/z'obc6.lATſ2y'9%QC3ܶ|rhy\Ojm> E(]Bq>1AnVmNU~Qdnl wn6Rg@ hhs9NW-ֈinBa7"z+[?>ZPnd]d/?!ҹ`H lؼ3mɕ&|FX4a,l A{JZ]$H$@$e'M% ^ymz . Y'PlDg|'ęL=YmD!xߍ>20HCQĠ>M;ʕUT.Y^"?bh5 &Α#bPxۊlٟ? n9(&*eАcUeO Q0(b3~YA8#++),ˇo7O0qd;jfkNY9~?Ljsd+<5:2Ab+$ h;IS} qbm6 Eȉ1=t^w ١b/vbu(9L2ڑzMD6exP2h\;Fq:Rmw T_HDlU Vsa\,sIH#ٵ|䅴I*sYNHf=dV|R2N^Y$Vڳ0M&MÇ~VRU D-s=(6+D%n{SA#hPAI3G/;kOl͡ $UKV.ֺ$j:(O1LA_hgD}it`JvYr퉙tX#A{O7{N fr6&!_|MN5zýP> x lY@Uఱނ*'JJ,gY&§B$jWCxgw`( *-i\wtYp*n~y,ݟBͬ>'Ë;KlCyOḾ]vfI~ 7|˸aPUupq鍘NYcE^\g mTó_]&u[ %z%Xs⥠Bj;hQ# *{#_t~tjB&O|(H'SM7[1ODNfD"~DU'rVDf&6ۖfKXN9 S 7ݯn? <3!%R:In)6t}<&8n;rz"JC8gKO+͵O"Q1p7ЅI&KxYHouZD:2J!R@ ݊;F9 Ur˞!8<V̗?cmԖg8&CkC]'/H4LJe B6nstsćf%{iJ腞`A6mhIR >HwywIy%)Q{a,W5%0p׳PbE:/d2۸}H7TʠD_1Ckkq[pgT_+}GA}(J;A=*!Flc;Ќf7H䴻ؼ̑5](4?j }mOk #%ğʶK")Ew\7{򷏒yQ+(s{iJZԣb|, (3  H,N##N7zwڟخ4'dQpű0b'ø9L ̅n?2`fY$sֳm|%< nc"No hP[qAb 5D7"=Wbv.kjbz>Bl|`Cze$|b?Aՙ|H^ALbK K4ĥZ+>3bdYЏA;NA +$ʌ%Gv-ֳv6J;c0A^[ v9jۗ@xYCaoN6/癨 Q{KvÔ(M"$A-uFDU~̋@wWAmT};i^_A }Fz2=^AW0qv&ŬRBD{50\EK&UBa1Ԅ;(j2{_}X귒ybZ_lpdK}@٩Q<~F'?aN+5mǎT_!=3,xj{ovk:N𖛚gŋbGEɪnOƅհ|%Կ ۹3h|vE L7];vz{F-jx#Qt|y$Dr}@̙,iH&KMn[}8q(mN"^}dzaYpZK)WYYT<{Ҿk:e DF?R%nOTa<џJڣT]c)O8_4ObjJѤF!L26/ !@}UCˁL`_2u| /^yZE B%Q?q[pb0(s+ VzV_S j#/!\lgY:F2yoiDu1[9Z큚;w fu`Yw*v$GvteS%ٗ`p IE`s23Y0Y؞xo)dd;ODŽ b)V0bmp :X(FAD/v=< a#}c!G k3#Y{ 8a ֟tyށpb:ZYQdPv([D2c~Z.7qh0&&&zNs g`3$[xr0 %1A~-?lԎMD+r|a1/nb57gR?V4rnBfn6תeݾ#wLxLc!H`.3 pvnTC3^tde,j'eit ؍PץG&+ea:̅:p =|`.H < j{$Iw uPi\nzom!Gfe; tR1? fŬX7ͬ H 4#)b0[مvW޺N3~C-M3mD6x׏hpIɫ*v(_HMhlE_u3̲w}:B.x&+>JŚq.kb2`C0{]51uinT7mCW.t`O, ?hናIm<[@\<l6OqZL# h5d)} ~Y%.iB.Dĕ ttAA*:'[R}Zȃ|kW4[{St1]fgU:uVI{ <M!gw Eyz#.? JD6_qr ^Vqzh}胪EJ^°b̿Sqvj4V˙Q4<fm{(87X9PƗ ,0BevȕE1\h<b9VC| }D̟qPAΤܸF*[*G@>Kb3I|'1mB:ƬGcD#<FA@[p`T_Ȅp_-pxз[4GXl'? a0<#)6[^#ba%hD8Y"?t~ѹ5{Mѭx9̤}[VzWdZW} jZA;]ojjr*I|(]-g{u\ AsuD >[D|ԉaL'X>" %ϦScX-&2mzcYBz_}BP=1 ̟ f 7@]P%, "fX8)ͯaVNtp->j EeCh-)'>Dld>6VX%Ce)v?/\BVoǴokwR4Lg"Q{k1zۙ+%\y2$|2xn w(Ç-=tebefX#0 ShDYI4h i_<݋KJi2Jl-m(f:6dӢG}|8 Y=y_ϐySqGuYZ@7-#GBG˚OoUĩvuu0q\XbuX ( *gBMb+AR=*Bf+46 1= y9_W2g8z-τ*WSݓ,o gr&b=<4s_PՋ%ݺuefDYG$lR0>D&c'U(rP%Tzj Q 5, ̷2~;KRG!VH0L.0$m7mLfw15~(gZ{:gz(v A<)麥Hr٤Ӳ ;7>5 VB#_>yj=?}X{XVIVjR߫yETv_~s(쭗p}QUL?us}o+k=-wTT aO#dGƮ蟾rq8N>m+$j,%Q'NSTݱ>)QՅ% xjO+<^ٙV̲poMlKg߭G t똸,FDWݎC6+D%D4 Bٯr\?#$Jj Jq׿|k"pXXLWRh=඾eKNs2ȼ)慠!_BssE!y?acӮ!n(6UF0N6/(P,+1(͇p{ o_g6x*8HEK%i8 ] |ْୁ,Pt%R]c4LH%P!h_Vp a9nPѝ:A)X 4pdrNK1u{RL9P*S[]BE7vΧ*[@ fg9z?9(|XpỹXAřpIS `NV]/=6%Im]*i\ y8^s^ "e*z>T5 '?RYv@;^VDVcj&P"N)S)qIţ:M%]•qp'$bǑM-,rq): $f=:(l)s#XYr)M¸9+9j~<ه):gѦi(=U f{C#i#O^ y=h%y^h <:EUDOOs+`DMo~tǘ9z7q'Ηwu|^/2R&rv(p7Xz4nIIHTh>`\$m!KPd7aOlwMۼ)lvfB+^[u:;Tq]MSĚWUk8-i~bJiچ!Azi(#g:!L:JB$ay@쐮.Ʀ#Mhzt]Lojq٣WE瀦M6Œjaaʁo7sT,^Ҧ0I&JL&~./S"t[I<5u+>}eT_O }X鬆_x/&;bl={LXEV40'S% )$d0'_2$ᔈD>Zlá"XZ"J1Rbu4|gLn7e& ܱD;^znUEnq SGi@H"ע'~Z}h#%hVǁ`{y?t1G ^L$.-Ԙ#R»Y@b}K|B6#w zY Y UJx vja\*x1M9+T[jPpxk ;d:bfAP>4j!_{ڬnhs~AlSޥGv; ExlE$Qݦ{eS3J3gHn}=HJue(Ǻ ߯\uSbլÕ'A`)(GaQCtOc~8x+wޗ7=FEv޷2)IKv5/X:X0ĞI!!^XrNjG즼Me3 O&NM=(Pd?= (;˟xĜWzeq{زx;1+j.@;#[arV\7NَIHbW0At,- j&$ʻ{[cˏ\Me9(^\Ű`"2# b3^G3:.ߢ94)n@"@FNH5*!9*hICNX(!nY۷-L- ʋ'}>Fc#|j^y.o;~+;*2y$7٤QՆ, Q^n"e2'nn,PN27 ?,^h#@G))JX60W|!%]l߂n |MxZ1,yil_ +VK-Z}j{&}M$T]vǾ>FaEEd:lJ7Kѯ6)a1w]9p f36YKΰ|(}WЇoi0-փk_7"y4UfBgNQ8Ðz48 l" k^ LHⓢ}% Y; Է}v/"d.䞫8tTa\.XsD^J\m7Jk jM2 x33%=:X Ud{)Œ8i w"`Bx ` _n#%@Ij 9plPPoP&-;5 OQnqZrHCeL+;wHŰ뜙{`mYvɥci$J`fjQlT-ϐ]3Vܠ;gKѣ?Rrc)˝wU@n@roXs_Ms8E#V@u`^B) ;&sX]㯬1A>p`(bTU=[ KDL\Z0y R`D&jT5qȌ"tawKv9<E7-X1P'4w{zɤ%r,)Ƣ`sG,/H~j#TE J$] X8~[slbcr͋u3!+y=fѡ6FzuY߾(Vn՟k :?8@lu />Y2h~!J a՟Liw%g #mf3|c ]1,ҜD,QbrT^:x͇*s=nsWO|Pw&|S5LϚ@䢓lo FF/%'`M敯F?!0A:ȣ[7l9lf `7r ~=5"@)e̲VŦHԪः N9M8 H3U"B m=-/T1w} %a{D<_%Rv-SKaMd- hFB!*5÷ZI 4h*ď kd} WCԪysH@,NDbZ7x_5#}-F$*T^m!2uO RM͞".*W{bLLĻ׆W]k8ENh Uff;N14vR*=?s1nvI#ބP5.&tVUMrP~LGec](Ō*|%Ǻov7*6gdgMĈ7{,\-d,.uZ+w OyhS0 |3v{bAVot`%v~sGqbܖxtgn $|Պ6p4Ɣ.tS0-'=]YW/}KTDoGz!@Z ȍxhSie]mupjѶoo*q}9kqet7\KboEN m60uWm>\9:fmlQk zCb{sPt 6c?@g<<2'}tl8'mP"qs^Xfrd tg cMUǸlq-0ϐLbqj3 Iʚ9 ƕs9ƉYwTHmx:%o&lP5a:H7xtYb1nK5^>I͚J:qzgmϋcoJZj(uHI~?`++S&|LGEu ЄMQ %;He0OGrZg[v:CLx n- +&=]OefL*k [Gۑml8Qչ̦=z &Eg/2دk>2AYvɻX DSBԯ1'e}0CS"yPcz-ozW8MrB@[Ե%HRG{v^mQD1t-ڵx.0%SD-QaLr/maϐ w@ 7:DoUມ& jVZJ)ig@4l/f$8 nId޵B гM%"m~O{&A^5˪-0:JzTkwd.ܵ | ;F<+VB97_cСv LZJ\p1[ݷ?3To SӲN2 i[$ľ0H$A4MZ|إxڐcv1i#?@[?46S]/9"}1LŶx⦁%Pybrs,wv6;i}L&?M&YywFjlrtR5{lΓF 5 * 5 z5( UATp $1Ej4vP$ky%q{!saag#!{0`d3 :>K;J Oe#s=,o%ǼLM&e6j&@VN#[z;x8Ȅ-\}i +ip8`zHe I]f0=Av |dQ@viW |Ǯ?M/%X˜)eܟwQpUA&%M;̏/ZH^\N# go8O7(-jc9 A !E-sSZ,C4ުq'P EUʽ &os%'SyX uoa5d\2ӝ驅x ۅj!;\bW Kt;Àugdgq^08880.⿢54K[eҐ8jX6E$܉!,0>8ТZφ:LDkQ4o}š]UY4 aFQDI8p7 -@;Ps _+̡~htGoWd'=d' K9)P?x0I[1DJ3'nGJ/͡A0;zLXi\@]Nso {ruN>s4OV̄(Ы\µ4ֱ! yˇoPzN et hқ:t)8\QE,f:f)h $6:$|X]H?LSA\~~:߀KRD`"ߖ?\ShGge&e" 4#W$QXANʐc]{'tg~P;WE]Xk؅(9b\Z Wѯ&'ynW"C峿qSv w :uY'!evoj@DͿل# Xo_Z_|wET:爦j+ pz/P̹dN$(B9$׹4F.QDM̂r}r EkIA(,bh^"S1}k迴&ll ]Ⱦ |~ܷrYཧ9C{n(Q)E 'A?{!|c "9qb{]=8?_)G=nn44Жkjd3LQW@>CD.F.wQ*!?{Q8z^ƕ!^FW 8㌎dao*qrHF i8賙D+P@J9?"ołH<W}E`u?,UǓ3yrUc<Ⳋ["uwU TKT(aHS.@pa[#O`*SA.r1Zyʼ%n IFxXbQ-aMжkfw~Ƚ|Ro/ف9A]_C{-*,BN_ˑlɣ9zLs߹_h JZnUjVǻaY "0x5aN ZC3_f_0`='΅ʯ\ vaCv;@ "={a'֑lE%q~ hLM40c5zB?G)x,Yn\L ZT!}(M*ɲ7J,f)$(+ϰ.dYYF趌1Ȋ.N,z TB;d|-Bۈ"\? zjG 4]- 혍]5M ʝtajw 7Qm6cs.YyKޏҞjIwNɍ?|Gd"wE;i/-aViQo8$t!sz:zGJð wl$MR[Ni/Q.digկĥ_%8c-GԞzxZvyŘ2\"C3;9VFJCO #E'bJ?X`"cC`5H|6*BgVq]¹:a||#UN\E4K&R1 p)ݎ!}Oט"E-&ǘJzSB|?5V{~ q^3ЍODvK:h{08;5.F%H/Hֹڐ٬;DXj» uL+E3nJ?+xɥPsOW84Tz郄^wq~c`Hz v)QX_6;^{| js$ozxXPȍxKWv d5*.gq@'ce #Fl5s7eF@c/pu].#Йd!76M_]8oe4H`֌bMKeE۽MRԉ7|dQ -nNȖ[ni.F9|OлmgpX ]M\`PQqN HYd6Q.6KB7Y>2ݔ) ;R4,JBj?r\8bQ-QjޥsHy-iosjɘCDI)˕ :* d g!_ХZ2aQlM?I;f1H֜"bP^AZpN].D籲zaѠ󥄽 tblƖK v$p;K" S%}1m!׻,+QI7IӤ Ii\t8dR\^"U\"'1W&jɼѳ/a)qi|Bj3JM NjM+׷8gve#C/nEJ00YM5Ow6F$ԉ?[L6l,d플XJnaGX!p< mt.iBٖV>hvx{*ر.+H0|b'W^YglʱC~pTﻷ`7HJշ`v+?'@ slEv L\KFkиuw` ^"U:(G>"{$F/?m+Pkjd^HlD/6&?fmv|ЯX|VȀ04cM@ORƘ`D70+"Wu vqUvʪq3N،:`6zq@d*+O)Mg{1v-0d95ljBVJ}B Hs)'T+K7ƻ4 )'ޮػOƤ`wpbo{r剨z.)3q/=& iS bk魶䉳<("FYLҁ z3=5ҥ`MuMDJ8$=QѕJZm'w-`ȱ*]M%ZrDxr9Q̈/o;mslmG3`F:?Rd 0VQ]^Hcz5ԡ/k7 ?"`vEKz`0 G8$?cH>.x=: ȵq> 'S"ȨP-gi&P/\E^TRb+J\q$Y)}&Sa6RyafF)_5"ojSx~~ӫq7y&4)BPӓxOLaSeEƁEpvZM/hS:Pţ:Cqn`(6͗¨zhA{E If +.5uiioUlߣw Xu%$C6GⶐIx$8Q:kEH 2R[86p(U%hJn+9opGٞ dl8 Rea5玬 htfr)k^tNЍzCB m )]7Ld4=] "&K 'v'^sOdٗ?()?7,H4=o}RԵ`bC{^z2y2zL-1SL1PF_ګtsef4㹵]N뽡Ȗ@;އgZz~Z]c'?*4{C=zU`@uGA2UhD 8Cή+"}C6?Z( HRz!p]0ݹ@ W-'/d`RbH R`Pz邰= R=4Xlw+Dկ?r0y V\d,w3Xȉ'J_pUC~WH&ev޸DfJ"f֒6x;7P>qD35 5o_߇?=reI(JN)=n9%mF/i}W.=W]\\(E+QDGRlȤsO|H0O=.R/6-6VV/|XhuWDqR[_L|X@R;QL#iy0sTԫf$?ݓ$:j7\Q6ZX͝] ĝ6b 1kTh18j@ 6@#M[zE4y* ڮؐ6sItmJоKmٲ):/dܗ#%j2k2VL$sE9FBHLƑUhL}@JhΙ4bo!yIf,y-v%E)iY$[+2Sxz}䞾L?jHYiH:JA|B.Z8JcbXLoj %Zr:=|e;$EdkVj:Lw&9Vˇ6Fjwnp:(%X32[\TB+uyf`WEm|1=р= `ljm pi 6,^"TDK/ ȄDcӟ nd}{Y~˴$L?|GT"Mi3cDScJwUzP8ض[-gCc$]0znΣvR)/`,IKK"d } %&QNx@>/UQ Oh5MI`{x?{3SՃQd9D|I!$nFbF~Z-&Ȟ}iHB'D*blYm>zHM$&gϰ͒^Eȣ*65S€!B& FB#)IwukJXh -*OHM\9:cC{Qw Ra060wU|Ң*cd_nS~sBe:#*wKr \ GV?m]毻yegF؀zfHn8 M0$?49,R,bLr;mK-)"7+*wt/v[ZU k D;L[4t"1C v;=B^ve~7$9[ZS;= TGr|KE+@Fє$Y@?ʓiL.{f+esC뮁ڧ4Ib'*?cyq'8K"TG5Y3N8L6~F}TLȽGv`J4Kisu\QMl_nhyw{nXrd D@>٧ӟ6!Հ'-Kh łU J0ajnuRLzK:n{2MPHGKڝz w̸yI{w[SB_ .v/`1[$WÍv(&V9b;AbU{aaBMX*519>Sv아;p@$jc 9ŘlU{vi?9Nq=@ԫzltsx1l 1/nT;0CEԽ_.EnLm0k:%eJ@Boc_iGܛi*ȪZmh/".LsTU.aMdc7W UR)ng@=fjCJ=I8Єl9Hi-ϻ;趚Z-)تB7 Uw#IߗݟNTog0%izDdGw'ۻ 3ngCnY7ƓxPc9bJ=n oREҝ9P҈}'}(TՆY;HT~'æP&WF.LH2aGe%yKź{r ?H8.qOx 2+xC}悑IWvoШ[xCO#R\ ZͧH]8KңJcZD]'7_%fDTl`r}rѾBNjr$T\-&~o=`v eáxȩZ!``3TQ7+.u,5m{k"Ke{7dy[r t1tYz:Kfx> 4x8qר_'@nl}rr HL3psFYe\B\(uZ|} ܢ4;ik(~6cat/Y#24!$3e˻)YPQX<-b: %C,;*i2Яtkmw0"=M5ȆR-űh[qoJϞԠfL[wY)]N2Lt?HǃG29LA*Hd*K mfR< @/l7{_^9$@5f}  gWY(c2J8ꅣucS.=qNVjȢlAz*=@v&"]&x<`J9Ն^̆)>( Ӿՠw|Q'lS`47,Cz^)3S=nzW=VRI%U2M)VM}`?jay.k&F҃{znꓛsV|PX ]GqOaqrm;k^u_A=>o:~ډvkDzn?JʵgWy Hϓh-F-d79`& 9#8o`cC0ʲZ%S/7bc?',93&DTC2\P>Ay/8Z/<~0C/-t;%\X]s2 OH|>^ꚙ ab{@&CE+gm.}rv=v8S&Ca60Al6\djd>DBGsc[_`Rf-8A^˫˓b!AWQ,qJFBL_QMw Zփ+Eh{pW7صl8e3tXvKeJUb[ٿF0 l6a*/]~GQIwՎS^9?}B 3K byw|ŦX&S_(N f;m c՘[<3f{mfF}hQΜ3zԫ;֮2KCVP bQ+wȜY6 ޼-dc7G@^hNn20L50/FK㹋Jh|L{K_²a=>l#=lN>;"8zFpj%—TCgVEC+F5pU:'"ݮkDz1ØTi5#?P- OOF:6Yx%Q>G SGr4c7!t"JuݙrAo@Ӎ\O^fu2z^eOhy'qHxo, CcHLW1kt{\l.j`ɜEpZM ߱{V Rչ_V3 -QĉIrHB9>HH3ccc|ow~~C4!El^S1M`P|˞pxp(j(/{]N"F:B)C07~&Ѷ ƑɷfQۘ l3ުQCb*Mlb%5nfbT_r;q צ%Q{Kd\hv^3&֗9@: bDJ\ Il) C sL%K:D>@<82qSb5CVDB)b su#.aSCkKbH Z n&e]}}IV;WtMĖQ%O oWCkhƇLj:oY>;CpgXTI{::6uwv5}䇜 B`ӭQTqvf}箘k ۢB)#A6 CbNUGLhRߚ0 &<׬rWi{1:g =JMȏmZ 2jgZ!=ds\UTvkW2W104OEl/yӅ Ǯ;JBHiIxyq?C6b-գRVAfglN+0(MdsyǪ}w kǙ\q ֗ŽPKgp_VSc|sk)aDċ m0߉E6\&]P5$vs_35\-tgSٯj(rYd^$mɲ7qzoM/}~P[$l7ogp!E`%zy\~z&];`_C ѝex *t^hde.ꦭ~#f K<}ͣ!\& xux&QUZV˜nTNI,A0ͣUW>iW?qS]QgLF-mv~7^o4t2Y${XD&`;_gpp*iH:J#teƞMA Y%c0sD(1_!E(oQ`[4!ƻ!/rEM$ vZ,=:ybB7vU`+go]l /vB0* 7̚8g? !!4$@ѺLDNN=s`~ 6$_Ibs>z'wg! *sM6*H|mY _?ec?~ɕ^=2dYK" `L[2߆nd '(:͉ٛb)53<6mL0nw|"k06 i'QlYwYs'< C,Urs'kzffY#qpwDK:sƜLZEz0{X 9@9XA[&^hlUԝqŻ$[LIֶ- &\*iBsVu?KR7ԉEJn\j,&bBs|^ 3; `< t.oOM81W R%095 ͷ&.ryo;0&B'cJ//ʑ$@|YQG^w-rĜ/%^Y8;LJ)n+ũ su@WJI g(Jk*#\)zw4gzOxBڧs/_tSE:bߎY|kEr9J#(]SVl͙DFbIJ)6RGQfk@Kpט4R4:8FrniƯ;˶ QQ?5dKhlc*UGF{WGu~4ogX2X, /4x4A[yq$t&i*<ܓtg3W9gLPMU@kʸK(P6[ng dG| }Ge;lT%t~Ñx%6t߸캒ꨜVՔoMEQ`mh" Z5Gh,uw[hz?c?21KM>1U]ԃY`U@eV}ŏJCkh5O݇N o^6 f}(Y>/Cs|Z4OI"ms^x^n%JM标M]7Hr/c׀ߎKU;5̰^0ʯ6.aKҒ=ՆWsJhR=h k҃xV!~M97,-@6oup]J"ZRئA3ˈ+f|6_@4[&1ɱXظe~3ReWGc[w3` F/TG}$|jay~Q4*'1% ? L,dZ1w$')YbGFF}'^υ_YpׂT!SB1зvnCF~ӽd U{p>!*"JB!D_.3#C ̷ Y)esh ܕ]%6IJƉ^Sp{~0To|ح|s6ULzRC+Zv/w ~β^ǹk;ҝŁowVyl.g]W7=j ʳ˜vp^RlE++ 5;G{]kRgdӍ-krqQ졫 &1# ~Lߍ[Ȓ nl^OJ\o;yiNב"UH/R gqFfxqede:ETdR((3 ET<hI8!9|~YhUOع@3^J_]D{y{Wr0`=I PfD /bn@pZcD5SШo_t=`ЄEU++Zȳ Ln*Z\?&!~y i#.徳^y8pnL^1Y6 URe9JzO) h A ^A=Uj\tin@h -sSCFֹQc\eΐo!^]8 I4z&c`?ڤ7]CaG \)#54]Z-18/rɐ2CܮY/|CO:ti@T6ڣ9d+  eEA~$%49<cjԬ]e(*Uf>FN[y-g1̔+&xf{`y{)ߚSء;!ɄzǤk&%|+'Z<8j,Nx#3BO?EApon|QIs'P!vI &G /5pHOS19mSwn7f6.堽7aQ~4E=֋R!_C lZ,kX2e̜KwQ4Aͯ&v{fd/s6gPMse\6ÅWWroΝi{-aLݔ0b4ZbK`&'+cc{`w@i!0/  Aӗdž*l`}K|g xf[RڪM@;NIjb抶a>R R`TB\ksy .ø]'D uVܢ~ȋD=L>1QESWI_5s mߟ ֯4cXU]ǢvΑ%9$eR|lhhM°,/Y6cU=o=+Zݘs  7%g$OxzςA <[$:IRu>fͮ´LpD5>_/%:TDT+I_j YMJ5N !)X ,B|HdKhUᐕjTN@^&Ct_|D_IWLr#L# V/q)*h1͈H+6N% d :k4|\vs>Ltj@@Zz)d'6 ֩3R,]̤a,,h5#, W@hJػmKQKx[s%B<#AOm3kSM?D-y#\?ܬQՁôʷg@+>*i~Yv8zgvNI4Q0%ɢو}𸾽YqE|J4 5@_iGB}@v--1yUb `n>,<4=:;u/zu9?*; hg;m5Q0O=0~&;SuWrJx_'a$8̞2?yWzcT(qCzXN?,d.p@ӵ[DH%%8wV .Pldq3?:fT7tbcġEقZަGöA";n4CdL1fn_]`Lqݐ»x|S 9s۹_I>#Y,ȭl 4N`<֔ [Gwt':1S#̭A^QCGbbn9MډV#]g3/c_\narT(?mIDEowEq[z韐Eq@5']0^ }.a z2 -ۮb#@(Ns|(ऋ"#v+B=poZEiY#Y wq.@#_~a- =#f(;Y>L]!ҙ׳}߼L_Eぞz~2K- $US;74LLehI\~I}nMdTtRrlM2P2b;><*Ů"a&ƀ0T}@`mv9/g(KM:`,HGR况n)D V >@.{yU€ 7u7nY<qP|G5!"HIwlHNڪÈ8wdK /%m*|Wy1;*6r{@w/8q#A綵V@_)RDgO;{wIXq!KH5h<2ډȭ$4 fу͝H?E ۧyнNތ[P䖃2dX^1hgVt+#[pUjmgO]-4"ޘl{SSM-bĺCS) [W"<='n gωq+r* G1E!50zZ P ؒ OUvcCmhQh )0}?2߶1*q™`:QۯX1qM W=ƾ]uMM{.+} 'FtaTTsӝ5GgNLGUj' X߿RH3sQ9Z6RDS83JZUXG $DYt'V,Wq#L{YЄ#ٖ-R̬uC[Hmw+Jp_WoS[Ƶ<.v֍<.էto}M? ႮJ> A VRN/PgV*=u /7ny}-&q9alMd0"qyz{t?N0o9z#.)ݻȋrqXLI= z. ؝ -*Tʉ\94eL06}r)E?6jݔV`(N H&)k@jB9=."Y!+(}Ik>="iҠx١BmA]B>l:e?farPTI \|ZZ^BY`>qߞHlW'UXeFRB"];\ Em8pAxϽcOp=0(m#;P~ J8,RH>%$Ibiq`GR=>-q@au۱x!hI+Žt3+OT)Ca/\)J/Aswe/n:4\yлڎ% u1Y2YIV4Y?KD1m\aF~l>ZnyL s=j}+=ִj`jC~ݐl3tk }(E0Pt `ڪ^Ftd?|)SlnCXNMR4xojNf83r8i6!ĀIJ崼& ;l*t8'#fs$*LH[JU/E<`#J?Kzf:g RGo2KQ[&4պ_KD-E244@R.SczyڊN;mo$o͸ Ko^f94d5*t*gک9 cK mތ6^|c;w}`Lw(g# 4w$[D~ջ2}?3R](rߨn8I/&Ţe^]:tg,mZQUGkOVX⡌ef =s6{.z$騇=iGLErOAo) 5.Ϙ%qnCN|CY$LG3T~6rErMtzzB5b}r4\ZkS>ɒs9=рmEE:=.2 BFB -y|E:(|krF|쎪/S WMcŚ +T }SaCyBMJ 1nKj+Mk*}{5/Q5%Zvް&}hp?#d#BGr!LB]=Qcnf6%hD|Al- J5)?SZVul !Y?1|PΏy, 0/ڳa hDF*r`,VW m|(& +}^<NJ0~ZXv6A"JNkEd"`>H⟾O 1*((^d`faFu-mQR] XlEٸi9sKkzV*g1vDhUn)J1=C]v~;jSF(_tKI4>6/ylg3 @:Hs ?NJiHѨ  dW{+O:&[sNB􁐧 :y ϮTA!Z\v4+\+%Iq@(R?Je*{RϯFoE;D7ylCmMځ;g}MsH=RP.d:iݯTGwW[<(hjflt6)׮h%ME/j>6f0)n 69v.Y>g ߥgq0]g }#Ƭ0y=}}p>_-w';ElVGgf# )iHÉ׺k"t|Ĵx*`q6rF$S;? L6I2y`rU)LM >U⧑Oyύ6zix5Zr IDf?H&y ZbD7?1K[ޔD፼Df/ 7++/8QqÇK`P?'{aƺgBb9Cnȣow[LGS1 k݄YXľA$kϵ efY8Vo"Oy}LqLѦmb{?!0lpqkkC_z1YS `Ugٓ\_]a >vohczzqEhgUD108_b-cA+i~ݥrʔ 89h(VEx1sƵb16Ǵ,TUR|yo 1nqށZ/ـmUqnόYfG fJ}Wj #EΞHѨt q9G2!jF#4a ~`MA% [ C=vYE+M4lL]C6B,# QXϷA}Y+|;hVv&!ʉ ffV(gO>̐Y(RF^FM龅91 JgiQz):iYP=CZ!V2ilM9K:ytGXAt dpi쀊WGCRL,'o4G.ݍi#Og)뀙Ff8Pj4lk#ȍa\3}Xg)W]`nlKrfX-:tUw$ާ6Tsy5݉Pbl_\Nzl =X`SmM$\Zhe̠L8L._82sHbsG Hn)uvG@bc+H}KX%~{vrI|`Bj\=h,i[k%f2`S'=(^U{#lNq.^{Hv6]G}g1~[ (zqMyݘUq}r)prVV Hhdy `'rF?0Ӟ`]s܏`s |G}֓W릉7U!'s-yfIt_M0lCKE`7zx JACsû 6GD 5N2;K Ҥ͘4> RFX^_|)Goneտ>xbtR'FIx\KAxNF)T4^}O ot| 袺>n36F.7NUpQ <~'}45}ʟMQy8VuRjlU{* Q>HZ؇K>_K 9$`sиp sKJh}ce/L,-J{6ԇ7ӆԅ~jӲѹ=w.-P W(7?*Ƴ肭s7q qysJ==ZHۦ!+A̬n'kR1ΈEN:V%gJ+4YE0>l )"NW*!85ʵ|7 iv;U7c_; }po'W=/U/g .Fnxp*Ųcuח%3E^ N_N~7C (! }04I h~ix┷\z1G&ǰ.6y,_pw] G]ilHo2EY[}8atImi$i% ` W[Al6i5Is_& l. >ْ`EyvGP*G6T=]Kv+>@>/$1T t ^rfaqY3ccoڴS(d. 60Mʯ@;D!1v\A7=3 Q{9*/ QC#!}GvNⴤlwq%Qv{] GL _pkHqym g"}w1T(#}wdKdiu]źm;h6^?& 3ejl[ OHɋrlîvxw xV|!"z};4]Ġ [X>fBmPvDf8ΰv5&;\VClXEb/A}C# ]Mn5"Z'X6R],?V*:J^̐jyOxPqR] ;flXpjy!ڠ`2] Alf]}=ZD @7kGjn[#&ˁpbiVeK4$o;ϥezkBVuyҰ.) 25;?9Y[]>2i;9 c3i?N)aeZꄩ*/+hx`l{^ݏ{uַK:~X*0b„W ӶgFQ*'OPp4ltyuuZBK.G4y7.>[# Hԡ5:O7Ai վ9Bq3{ɗV=u vs| UK/5c1BAI"^ũr޳eӾ[oB+ȶcl|p<{O9]j?Hm?9a み 2'&@A~/% }'`ѼVċ8(&n썴ˉf))ۣr y y^Еh~c[Z0 9g:4@n(rSO$oA :u~m# ؇&Fv:Ⰿf*5:_b*X֜`?4ʫC9\UcߖETx+cxCM'F4ۡZbSeK2%$_S; rd怵j+,\e%r+q7lɌfC@Aps:Q@1WOdE |77ݽG{Qʑʹ$%U252W*nX7ql4scQlm6ϳ5/è s ńGzSI*IS &#@) ƕ=ZHL 41A?7Bsn .2 g6֧q67x1߇X*:A5DS# py. zAaۊ҆C#OޙխK8ϟ"# 2DZ*i N i3BTF2Gcp-'=qqpa}[b'Dwᚕ^lU,C)1Rb{HLGJO/knko. <>x{2LjU'x${g9[UD LǨC1|P1 7"Z4{ .!-K:yS'䄜&s\89,ř@~Z;YZS=crߍIgdߊuZ)?ک36'!1q?Yj,Bu?KB bRG^ R~:Q*@`Lb=}pf }r$xb@IJ}7) Jy%u1x3" w7B^>14ý6~zQVƳ l. =GvP567,du90sR @G}2grEh_z+Gk3;ȸIJm?1'N),M{wI/Gtj189 {NW(K $K$IYsTUL:WFm*[g=c ˫d1I<; $ e> ]VǢ~!$*INi*GүҞ5AҐ v$ qoeNOPrkv1`to@uPs2+)"HMi$ӣO9m-ĨDsmhja0\a֮d0'(oY^nECxJ,Vq |< ڗ|@#"j[&DC /뀈ͭGJzM?_RC,T FUƫ̙yL2fĨ.N@FOQ~'g:EWP ^1v5^k4DЉ>%FB28 8n0E*KX1M0ALv*0ݘIWbX,V.N@=hF-Ho13h&wv=>*dn떐wAҥt۱ճx"4dd(e)[]~|_{)4DzT. @9-ZVP$9bu{=lN}j13~P|?Uz f1ɠ&Cu <9Q .cZ{,Ʉ*\B9!_9T+7 A ZAE^ x#rq'Ė$ד֪┺tvVDzT<{C}4n:*x:;>fWw% {fI2!+təg7쵛Ii>vi^V^_9y_u=xVj`aY., ~s'9l^/kmbPj\s ˜aFy9'|Ѓ`c#!H,.yG#6p3Px%%{$hg臬Bku1u[LjDK/I+ B2f< $Oc`@nEm0Wj_T;rFld?͡M҉1!_ْap.ItQ񿫟O{@(Aŝ)qSDZ?X:DHSj*QUʗB+l ^Rz-yLdp|8-d\eP[ .mUn 4d| /4$^׹r k|~%w`|4sjXwI%~SKp;z޳ %#yJ6~׸>^T4s5{MOBxyJ^/b.t7"wf'/E%ïE1>_N魷άZSzK' A Jm)½FJ"p^HVA˱Dh +פ-CpO%i C3;"Ϟ3QQNTJ%'Y3& 7{dוwLw֖ۈ͂uk=Cm1zֈS@WD$eR\|m<.U5 .{:h5H NuR͇@ãY4.:Q|tRY_th/ pޏ@k {! bȓXePR@1m6c FlRχD:!}^ glէ#3A/XĀ`; ETYvqr5#b:2:E3&٣H=Nmc0kV 4;HKy2'IZ&r 9$p#_(˅ѕ~*'uMدՐ%S61opMG ё`α'\YfRXvY[ڭR+t[ BS=)d ;*lߵ;Ľ._>Kf@jJdh]z2VC8IRzfrWڥΞ5P#X7qj}fˊgT0A*2_ۯ:`-fɻtl}r:/ ;J3zpWL;%b7दjC*`OK2zy/TOm9Z(AM^o+輔y(1Y94V3m|eb7)jc N֢ C/Ug1DUVKc02e8oeX18{Fs\pF9y*3.`l6Uh>F0Qy! ; FPFpuq+XhmzC8(1UG5f{Uƪ` Yr$\"|fr(eǡ-_:zcx+ǦIJyqBrr^y[;'ȌO|3d$y~C㺒.OQlD]7FcnV}pr7aSpreоl=|p7e錩 \`uh@l1ufx95dҷAod2. [?)YfEoź-A$")"N&=[!д Ee+ }RN.E:ވ!r"OgQul<䗄N%Q8 |R}ReRIm.ԙfm\Җ~jHqN\|qDk}@Ȏztݑ_cި)0jSa0Hρ53 xQS fl$jkk$#o ϚTUeջJf@vӮ[0Vl8-0S. %}:f'^ 5{xuGKȅ]V[ ky3pŸҺ6$p'rP>+R!5y%~Cq1(IiTH*$'} bAe;һ(ix<}So$d`|S"M`}>_Exw9q'HX]z!þ?_n!hUJO4WzVja'wH5Jc`p+y?AߟLoRbpηFW,b$oߪfX[6AF kv00 '}黓 I6~,j9]'@i JlUJÑIkɂ۝[#}@*ށZ}:e )NȮ?&3.c]A344g \ؔ4\4(ǒ9PgJ$m-:ۄ 3:7_Pe&-`,e训= d]PVC&}dl~CNPEs1V![2Wk2l(}3u8ʟqQα>%IDfʊÇXE"t<|x;*3=BaeU\՘R:yC#Ir4./9*φkgrС 4Kgn)0 ٓ($eĀ-6hUϘ}vZqh"V Ɵ0YZ|fB# 07fACWrXrKP[y2nW#:%4Mv\+cy$b!B ,c7_Rh6u0Cm<*t'ඊ@  f.o DD:]{"&%Per.~jJ3|8Y 0sDd0[ dΡEH> md1~|3^y;o>d~/}sE*^7i}/;y |U~>pG=5$txH'z8kū7@#7 nT| j }S:}q&vEݐOjOZwmأc_lZ3-:<eR#O_a fͅw'IL0k~,WK妎 59nG&,wr!ԔS*0ˆZ6jߗ"HK5輌ߢ7駔_(l pM-Y}ɯm@%E"lhepJ__,xZ t$ e|\YL":'-< xV@Xmz4҆<&|V,ϭ 1WoZ{qhy0L-;>~T4&>_ W:DE4Wa)CV6ťl)U5z~vWrCz5:1i.Ҏzp2!n@5v2-\9V{Q:zkZ nZ6Tb->۵)5wҽ"H7ƽBfQJlJmV3r`Cn dQb!/ ODSZ5ҒG/ &,kР{YR~6-QӦ\bH'1,@׈]˦dߢ5YELg 6Qn"uw(Z8yt%]izEGw WeU^{Ϣ:L-a_cF48^{Wg_@3!jr>TEU(b.[뀠*b|,lX^FRur1_O-#{YKeD0w>`1'Z{˧Sd 7źp]썁lE9>䟠( k iO|cN#zoVΥ8 P''3z<`*^xvC~RaŜÒekH9ucDELJ#XJ|뜴*=RBT&`wAxj&nXV m̌\NI]|ոLaߕŷ=cX/ju!N #7|D1ډr-=~bzGt ;5n$ߔsJE4۟u%c;"ۓM35jSc'XKsHȯ^zګ3=F'wt}93*Okb3PoPv\1d)w>@֩鉰aZUv<+aV-'`H h\P10l[%]R$!?ohDS<\b5qtgF.Hr2^msSg@䯽y%PP&؞js>*ZlQ4 ת=fA]M~hw b5 LSMg^Vj1N0= cP]\G[Z-,xU:&jz#@4kD15$u}G680lPOu,ENԾ:"5K|^z[r xJy?&O¼K<̠ct 4ZSL`ו+U6#A~2Agk1+{u2LZxxZq#];.D͆LYY,f#E;Z&X}ƒYnRQruL(}Vߴ"$[3fA=F}qip o`BZYfНLȢd1,8Y8&kq8jm?V$z?N;/' k{[R /g$=UʘeoOm li:׈ɹM ^ 8g:*mC)Trq[:#e_fdN9&,[@ҭrO7x8: nkR%EY!=ʨaX҅\-zQ5/u&ac(* =4*oK+P|<Po7i5;iw4q[D Ug9lvƀ ;U]']uIz/wGq'~e뵡H&T`Qk1,کФf͎PBJyz8-\f'A"! ]4r\'_Jf05+4p ~ / (MCL+ɶ OTM/}AO<~T[ Tȫ*mUNgATK~*RUjn j̲RNB:]74b>Yg2,hd+tӏ$T\|PKq=[5cyodz0tOkʭrHLk6M~~-o ."Ȅr}}l*<sf, I<Ğ^+J Vk1![P a|hy9D܅Sjm%`A~tJ3 ={o(XZy)v=GץjE_tzP"PMD%p~{+bB/sd ktm07䚊-Hd'2E33_< 8LLK,3`h)k~+f E_->ەXNjoo ]/׀Ub٤cqZa^Á&Bw^CY!ƬSm)\e}w(*9؄C2y[sa5_:4HKmÝ| SYL ,ɍe/#N%h])H4Z\.;ULAn@eM,%6tHH-LnPs:3C-Wm^USz-"Hmb;%c9Om0k;V(Mwu_S[x78:2Hi'2f)KO7X$Bn!-+>$'X"e'bY:jL,%3Th0eֻuܒN."GVr'ֺ/W>V_гeL0~>FU>DN9`KgVεZgcwUiI͂]PΧoܨ\q҃XTxqƒT{ک' }X@?[WRDZ8+lH/(LZ3XB&//9k;6\_ 9oETOÉo1P2~sQy2=Skނ0;;w';+ݓ/4|j[!-m  1$Λ8:525̶7;3Mz.Xk""Z iB*t881(eL8Oft41W)Mx$\,[Xj:\qPiT/]ÂɌvu'!73ԪK?t7[f5Ϻ[-xclR`>~d`< vH_l~,u*,^_i?k[5^4Lo X05o\Kl|L$,-FQF²d3\ \| po".KP)|bI2Lc;h|Maw"*m X~:[?m% 8tv;mqWR%]bwS.韞W|F0mYAldoj0| ThAߌQ^z;Bߌp0qBAi>Iۍ;UU\&Ib9#;JkXAnZ^*%g'&Dn7(.%e[]'E G}4~υwH 34eÜ v х)m=ʸ@{D3uvMoB?SbP *fL)N=:&_}m I\@9fC߻d$B#AT/J\M54a3Fm8t3Ue|Yi( 2qe:a+Cmq69 ?+BwfWQ.ZPqEOZR3V A\l܏]E7q]X |NnĹO.lG4u 31s(^%B|a(F7.$DHM1KA%bQʦm^+C1@[kwQ0hG7p0 Zxme==W/ݞ *2(~e5Jk7 `YI},wLyV6_q.LO+RdaviG-s[sn[&'eiw^]ol)³`?lPuF_-ԱUCP-sGh˄wk@/C>%}`.n~I<&,}Q|"[^-= 0JE9 8澆 Y~*hz| q̤Y1jeۿ%+3E7pJD}$JeaYs)WYdG%T=;쫫[7x|^a_/K#$0JŞPQL\yB`]9RK83Ew ~ G9]5k1n C%P`UH7\D #F10=##׿g*ЄCsFFx` IbFroIjı5g@ Cp5 źz&}7^\`6`0  SΝ_tBb,ϋk/oyC?)Y>5?Hf;;ײU#yќ11<*>{ *Y͝^Ik2L'33 rleI5ݪ?QP(mi1u%%!݋r149Y-Fm/sKnI>M4階 4,,aJ'EcٜP_{9f,Τᯱx1W~0m58Yċ2%̻bƎ%x9ط@%r~KZ4%R/!0TOnTR/f&7JvZlODÒz|^4fԕ&:e 9>٣^>f|+W!8L9C٨uOe Sec5^1W.pDuLqaÚǪPetB @;^}.Z4áR? Oj8A]mifoOaϺUZ.j=sjm\,()b֞)0Mm܏q{fP\t J/-)Z!s.?+I$S8j`~ "NU,0#arP˘ OHGvAFk3}WN?IT\ :H|IF{!OYȳZ'HUZ+ 'tx LxfhPmKtGrD]rR3kf N7WI(%WƒhĮC ?U,9c PckXc8jcŬ6GC'1"s"rfˮ8_3v^ NčWR7w.R{vւ~T?=mi\-qKx&mZ7{l^nQW60t L?ک# 7!Zb U#kx"zi@5ܶ~pMkdM`qhlo$ |N苊ʮbܥ¾<j:;/[]_N I/\S PTm3 }ap<$LO%t >^^[%T- ͸͞ xG(p"\;YE>bP{QL :(s% u\Ǧp'^A!*, NKC@=(!ڦEFC2CEza!qC]5A2$V)P߫?@q`.E5v4Q\<:zh3 L+`n ?Z qC]ڬXڑ RCK/B]O9Jdg$~(@%FtdYV <`LW /b~4y:yDQ+aTV5-VlkcD#D&H)s']GL*3@P9|arVGͷPMOSCmL}϶Mߕ}ؚ'7d>-ɂ:JiDH/JuT`[` :H KCm ϸprX@$ܨqUb=@b$b]a /"/俣tW77 _co ~.TF ,.ɟfBmWBV/E{} || Fշ/N\4ڶh4ZȲxΘiS lܦ /TﰐW¾GŠ'D7b,G[x6;?Zwv:.t+gna+.etsohSm)TٶD׾HWtS/ KqMÛ`QDb=X$cZgF,g/ʝ+K!#Re :ER ns|$e$JY%׾˖:oZRG9Szۮ !(1H$[ԾQG]?3cKeR]_qHdoY,N&˩%b'zeX{d|M b7c7BĝDzca)\9!>2SKnQv:HXx*^C;UMwʼnfmLg6so1͛DUdIVPEےG@6rn˅g/-U ?t//O!kyu*0ŭ4VVEBph08paM~ʧ=N6;}2ϝno%Q# j- YR0#^]MsrLDۣ Z-g$b0&B̩Gu45]N7|aԑYZti˷Y2Xأ1DJ 2Shavv<שU5u R9 ^gb\@Tp[i~ >5# *%=tNEIlNy \D<8 'E 8ip:4yҧW]\\2C0Ԋ4姰i!& $T he0S]dm:_)[thRS6Dm50YŖ)<ψ:SG  _ϩaoI оW6w&=m]CB`"w=z {#Kw>#)B"m)hH̸l}*}B[nk$h&5Cơ^lC:Kd [v0\+-ͯ" fŘn"=Ca5ى}ֳ_hy:_ύWt˘NTlӍ!>h_jcRKKDi$KauyN>@2˰79 KTjiSJo+쾺Y.x]ʭR.oVv~kNv|>.(ޚUXN&ܠ gKaBB׉|W@j:G}IF LXD m?$Hrz3)^yN!f CfGF S?2ssLCG"ĵ+ʶ j.V~|[θO4$~1%PCA7,N_bLaaj$ivܦgʬ"4pzs]M"#02V3jݢq׆ caz te,/b+q'CnBڹxJf:sq_ô6YW#`p^wKh2W XCޗ;O^fT UxΩW&\tlqIeut%mݸ]ϧbU$I"i{#XZCm2`MʐcHy e5bk1-~Z2,MEO>x۽ƪ>5~mFK3uFqeunC҉i޳xjW(W{)ƮRB$U^Sa{PohdAp!jwM2fḛܝ/9l?EA{CY?Gy];W<?t`3 =hv%Oq,,g#YY;j}B4He5F&fNdaCk^m[R=CCUC 8iy饖%KqTCȚiJsJNY0cM^3;A;{BÈ_|䈪/wiv;լ-VtjVcKN kUY3d\@7g{w:Uh3-4oƟkP*%tC ßeW0/XȂ3h L"jl.ɟSұƊ>3 =~D΀8At}$s[{B=1,ǿds.j+TFN/WY 㗝tD.Rx;g_3 ;V@R T[Q4?޼{M2aA٭t.&Ls|T~gWY\ܨ*S=Si/3tAiSo ? X-`#`%j_UĢ#Lmù8--&y;EG'(C[LFvY 2rNFg}{,,>6>bbMC1L"^TLEyn/ 8f3(ZI>E`욼E=Y}Ub,2@!((5Uv6Bvsǁ ÷("ۋ Fj|L".teZޖ%JyRmgHh`jÿ W|RNXfF[WiO.sQ05wW}b!3[#gg*jIԧ)hw>QYbóN^);n5\|F":;ք2tfĮFeٲGQv`#iEۋ`Aitk6qlu8k b2mאE'"u=' QJvd}\#9>gv.'H.g%-(Rė @/rR?8h|Ÿv)ENӕrcT\)f;ɊwdRۿ5*}d j^?F}ÙW 'fS簘jz-Aʏ[)I6$b#oZOIpEؙ~rݞH{UdTMXEJcZ^ULfޡYw&Aiw"3̚+5Gemjm iXX>Z@e*gh6~_9UBR\$E;^d OpBGk̉"yKWq _g"!EI|q35&5N9ɬn'ɏ,rHD@ ;TJS3ӞV 1R8laRڮGSEV(%cm;Yeڛ*.n¯HPa?ӏomFC2 yd 0i{z*Mt}Cy1,X#y*)+ryd~Ͽv5Ƣ(gzo-')Q}?& 1)&ۿflʙv-~v1iVŖI>lHGiهhPlѪ] }&{xV=oyY "E/b7qAG&-;x#K'+7+XOj[}XU5 -@P{,#=Gp_%@RikY]j+=Qt_cV{Os;Y^JNj@^.0Zo#[|._'*q|B$vju0TܼE Ð )PN]ZjŎƺGw?=瞭&6M Bs/xR4̶Pmq>^R(W\JIvr_ɓ [ݜ{8ACxSވunE)I!^ׯnW?E"^K*~}5˭:x)M8ڥaN+ezejz h=W]۪A/*lqސQf֤ApTߌ֮b?w+RrJ"J5m8@M)\%}RV TF.,{=+ݮ?{}!x%SDC8oWnw%9yMw!bpa}zcq2"!Kp\1ktz}o4)Cfe $3Lɖ =Ɵҳ;},@ aoSos hK|ɒ_^mm"%'гjy*xL[4qM'G{0sKV8ڱ0}E#Zz%\[L.ۭNG{ (IP0{ rYn3X M^dx-/RlR VKU[3ZAr9X:Nc7j`,~6kg8sjGكZ?mœݎ;*2 iq8\O KѓػO_vp7Dr#Sy FxS1 ݭ4ݡ^YRvK;F$0Ң4| p@i|ּ}t 4}\xKњBoq/*J,h|%EdD >sb6edk-ۡ!V]u퉑7sɃ V8n>Ò\BH_e(.Q+8R6݄JwGs PvIz%Z0!ME<6l-[exCA quh_*oeR'jB@Z(bAzO׾/M}S>A,4U>] `_~Gn):^Ka~QDVOZ=tzF P(Y?eue?aZGN0A/p< FF|iS#yOAVS")mH(C+qp2El*1x9"H6&:dEd6h%%tOQ33y jT˿[P_ޖʔt׉~I˱mׯj9W/$oaGx1MdAP{bS]h_m^NlhqLpg_zlCO4c8-sIAxrwuD딅 mlR!2qYaYihGoD",3A֜mT|MyM"*'YH$K̡qm)ay;F.z›^/bu6 ܐXO-bU1 v1DX &.OAV|dXW#_Uv6++CK-(PssT`LӑL ^4`-_?enzvX~?WS|Tt짍"1&J+ PZsDlXshcBW<;׎b| 8O@ 0<)c)$OOPA)~3}nfJan@Vu_nfġad03cB-/|l'u1z*q=[9rhEmIA!f -|{v8 Tzj#n|-/3Y), "ӌL]Jsp^5H~&"-㠃 =)QK7|s`p2xD C_ r`FᄁĹ{&*̷%x+bIh-X=x20eQ4>,Rd K%׺XЮl[ĕOPl';" 0h1:,MƳwy]Z,tNscNY^@Cf>=;"#?௰PĘt%m|M.H)w1xϮGˢdAY}JX\16d?#!B)GSgÙ:?>pX-!Sd5Y"QGAm[d9oQ@Amg;~sQR(FcAjGFåjx4\ " U2&IԱe[oqE[̠Syx8ʥݽZİ:2ش3E̿'~@ ~qW e; A)%n}OP}{`+|ϘȽ+i:?""a|S!ZCSS n:?’/h"o In1(HhN -k’!*pq17R2FNE_Us/ ˾gخTi\Y9H/oΐDqo׃;C7wēĘՂ֮]o*WBd!nv=m~V3|?"=vmϚjg2 PQP Q־e*0G%c"?z`._ * HB{f9Fk)aa/)8_:,.ϵ-o#,А,KFgEP43AV6uWDЃ283|45;:!ʚĞǸyImj}cE/H+`\"Bwo$f-˴;Bb7-7:5(\DЪ<_? UehAZNv Њ&jF cd㑭&'$p&.,hv aʖߋC‚^[``hͪM E#us E@4.I"!ʜ.-9!v W捼eםuN:{A0KSqi% ݈/,fIHF@nh_3Mf-p*$z׊ \14;5 VZ"Á w\}r>q;pR.4{5Md/OD[jARί 8U[Qpnd62nnG1nU c k&&䩙g$ Urw嗀+HeeUkpC,eP*b:Oy/uwz~_DSu.3!4tc$ࡍߎ!AӉcJ-$/XBNd$W Whe5x(?;۶6 HɛiQDBWB065}/@Y L%EF!Q/H闏@keUǾN;71~T\17^d%88{eȥf7 U^fC}+BNIo4ӥM>* . Kv!]-ISX;2ml8#Zs (qo?e\=S܀eޅWb]1b?XOGa,qFro'|>cYFIv uUȪ ۜ$A}Q@F[K;&r*B6?߁߿U"B 8eU_1<-̡r[ 4.L(fO=Z3}Vveiԯ8'!z7-ư ndр/^;i9{-nO/&'48˅bAS@,:-' D,9-I숚$((߾}JH1.!Num UHTwpXj,D LgR Ӏ-k!.$#2S;Y.~Ft/&Y2WUj:zBp\˂N 'xY^zAj{"G5DIZ4,>`my@G娉7vNWI<ȴܮ!ŝ)e3g$)b ńr1.'8xMV=&Q0jx UYx̕ovKfDr*V'=Zbݢ}O3IV=%P*g8b1?e4ZRq-$L؊ݿ#FL_JFts\XG"WJp܋ږᨐuvvI"%Ptir-v9sUXH Dž%_ݲ\ 2#>*M~IF.$E R49kK$V#5dfDxgb:WF٩Cm֏7?ab4T/Pm SآEF$O$\Ib=rkk Lt+s&akUz98f5 l3}+,A.6XI8-ppLiO%X& Fdz|]L(r2ހjɸa`KSX[UDvŃgO %*,7`L^c |?0{g@o<&XÃZhnIv뙬5؁ƌV]X,c"e>7Y{ :޴D`X?62C*ԁ1|vq56HU/<7>C഻EY)`J,1+AuԔw;me< xM<70Wӄ"aY)jW){kݤ xI\4 H%cao;o̫VN(9a [!c0 Jt'`)H`1$>C <ڇETlaW^_fC)4r3h Ƀ[.lv%영p+r0M n3F~{KJ]Zh*ST:cqF>,nㅃLޣ7Qy0J-re,5"oU5L[ #b,rP3hZŧ0{>"-MƗ^EHk!zJOBwNȕ3SPwSM3aojĘ]rIWy(v%_.`*S?D:tI3s{[mHM0li0TWMT*P7 `MC B$AdThuM(1Tl׺_;e<PiZZd? Bm: U |((.=Cʁ֡ElUiv.DGg-_&qJG_e5q0aX Ia#? pl?3 ;~7ϑ42&ƗfbFJ ִ*c`~3v/~WCDɠ\uzfKL<Ѕ'*_+q-Gɡ}+EK1^%vp8PGm\bn/ HW7|- LJ0 d.es@nm tS˕GQlRmE)x.(eSvo_Pu.A^@}@\MlC:b=(dM0HЙ.׬F}AgG.P07C\"R_:=cuErBa%`Tz6>ze:c7&WvX RWo9Ʋ?ֈ\u[2g%-B6nRsJEB*]xtԏ1x‰=,LrlTc’D0=*60u,bv *45cf,|_ܝ67|l`&!S%#Y;US e>=*AZ\!'zqb{yLe=YSq7Ji}28MiK~/ˆp0>HdUa771S\(d>ᴝb 9轵A 2Y=>YE]i{ݝk`u=UooUkw xmg.1xBs:+_ErÙJbtL!lXDU]e|85=LK 7\hH%O)ݚ MǏ yCP-okMS:}m}m@RQ P/\$JďYƈT1i6PU 2AyA H2Z,`7Ͳ=n-?0 ˩/oS+¶A!7~-] |N{V1B`tϊf+-es{>o &.'B:{Jxղ=0%pPkkc1嵚 MmQafӒ.Ŝ,w.Dad=n}GzǮ]QsƔnݼJx:+w[k&<#T?j vϓEM 9 1ɕ"D =,TUoFW҄MimJ.c׳>3ai{ْnUitI+ӯBw qk󻤬%>ГTLLs@ LAUM7L|:BMң:&aQ&uFDJZ TPϟih X#l@4XէG*kdY.Rnr +=<(jhoNpó5?_1@f0J0 V*i2JڤqQwm[㫜vg xy DA Tk4EEmv؋n qz+8~L> =e9۟%揬/ˑƵCuNq[.kQ>8®sdmkX8rTӤ4`˺ Z;] x-c2xf'g; g#Z[~ (Ȁ(?G:(zz:-%Q`d6q95f)&ôvG:Co؇ᄗǺCLCIڕřtLg %Y=OľlONNd;sxk@O3SUߠ@A[m`q6_/Am¢Fazh\VXg_'1#ѐ/c"_X4B6+>&ρr'cy H98*sV|+)dkOl\kV++elxM cx 4~?ikd{3IpPZs7Kֶx\5SL BsEtJAPP0xTm!,;wgu6I ElhɖD F7ᗯcȆZCBkc>qh=D* .{G#/U.3Td GU%tc'h*϶=q 4MނoQxn- Jc g= 930H$}0+1K\fsYOGپbģPZ44ݩ7/N_쳅ԞSVv\ÌxflZM>AL0k@ؕ5)Ԉ9d*qgqTfuG_#K׷U b)[{; <yA :Wh' ;==ZΜSTƌ(lP>6gD[2HR,X޽((A~L?eFGнRm8[xLb5$̉G\b}XnC%7ϤX]t‰oVHΏ&_q(U{?&Lzc2LU mx6}+F|;,\_ȻT&vcDή+pɓiK*nhJƙQmgD$YKn9GGvX wpyrN;1yf Ǵ,*lIs->߈ l'ѳ;ŗ{S"C9S㧖9}x&$GFO(}u A#L݃8&Bvjsw *m9c(i%Lҥ\9߁lF`XGR\:A:1(? 8uCމ yc a:u+oU}HK7i3O.Ǜ%ޗEEBM9ߨލuH:h3G#;_>r3Os,б$8/`D!\$@%st_R0LrUaJ*\sga;a+,'?Z&pa^k%LLtm7Yb 2LN{<#n|-o_>vJ[L ]UWqV<\Fvi3 F]F_θ@b#3is,,C2">8WOg-M0C[zP{{;#TPQ囙0*vƭ_MΏ"GggڄM/JєK}{\\+˧KF"NJEC4=9+Nj( kyj*p4?vjrD3.3Ԧ8ea3"YjOF29gpC(8U*eC37YVeČD4"w,SO2s{iN7V6coǹZ:,.Z؎n5#}9wEuhhIwdo?ߘ*#+%łs+ mXnu̐8X:"/"r(o]GϪ([?~ޖ oe]V58{ZAA];mM)S7 UC+) XO xJfZIBtZY["lx5h.F|QP 9SyS'NzB*a cS\R/]Z' }v9n.wuwcuZmZ[j )Ͽ's:R&;RR("7u)V`kFl4A`G#֝0F UW*eq W"8kjdSc7KbY5ߥW\^WzqWzƬxߴjiN 7h৕{7x-%tD`mpQT(~:[Xaݨ *IMDMƝ1+|:Nv Sx _#A4Qǀ5J8^hnw:/EhbQe/l-A2éOw꜀a:*5KZb}'@ ^}N>]-k6fvN"=[+?Q^ɨA6&.R)x95a+dtUўa9_R5{9xHzb ^]LJZkqףL6ޭY3\h__5萴 (ek-b'6;"{Vu.3[pf)J~Ӯt?蓸$tzB ʨCq_,e֋]Xw[AqcfIL@"Sddk2C&JdVFO%OZj > g MOS8~N'T [;R|p0;VY+*ckÁdؤSJ 蔺 ԯi ?jY2k&Kл/NLu U3`Cz. `!׀)L};mZN߾K#벭kL;3ro3"Ip4z8O\ LnV7<}%ʎ)ꁳPMP+$S=?߁}RypfbFN4g]Y^kMܶ5z>?Zg,8xэ$ڠ s3};^8e_0i33q>!6`u]gY:XYi_ M 4%֛޼ePq F(_0Tp;v\+D"0ýU9S:zV# ܠ Z2D0m01܍^&`!s :2׍lUVUg j7a `n3 }sU@ s\͓fbo+cѬ;$r'Kaɓ_K GlaAA_GlO4-K)($~[IZaL2YnՓ!R]IJFxxIimf0'}%3/Mg BO%(yc'h.&kC>:D RgHYlR̠з`0,d j@[O{p1PAcAUsPd̻>pqmUýOKFk㞼iR|͵){*9:Z6.]?n=xSܣq"y5 4Bs+ˇL>pFv8%@[-B8 {z3}1*zNcx>p[CYpq3OrxEPu5D!fl?+4ģb|~e_am$ ރ Įi{-quQv9}Z=\HY0Ρ5Fka"v!L>MY.l0BP7'w+`ٱoTVwQGykmdy9˼o.Do l D_ZږGF*X cy}t{ JJ4؏Wfs`Nf2D&h2&a)_L fp"m0kPHL6&rsɗUӋ6tȫܕ7'ST2~IQ fվ!yܥ=ÃV!m/K!;t֓XVc@6S#<;8i:7h22l8}?֭FZP^"Kќ*=l(fL` u֫Fzb)f.n2,EQϷ݊fuA~]Fx q+7.w}֛X!+7O żm8QZ~q]i4+%~_F{?~} k$56Iq$M%2#|n 习bݕ4P`zc=.Ӳ᫭(HZ܆|q\ۏt*H7!LWv{\u^x8JEXN,]JU:p鴮9Y^t;Xl=2ˌ6!YuUȐ7Kx. >:܎ˡ. i[;M^辠:0*, imHnNuX_\y1qoU)˶6)H4+j*rac.BZE)>hV<\4qӷ.?x>rN9LԚPS۰ n ۘ RJ <'w>h=6p1>\j܇b?xkracP'n[S~5F5aOǎ2 BX._H2VϚɥ@wB2Oa`+hWVB4E5SFk 4#XРD:f٥pv~xo߆MR}wT,ndwƌtCH+)GfJI*jI{"ˍg s+?[G ,Еa\>+*jDVߡ9F!VWޭs\p׾؋!A|@L# c#Dp@].((SơP,ב JZe쭈df@oVI4'ΣF6rC|yP3fJOJP4Owx'34cZ? [=,g ),Q*lzp-iҳPR]RȱnkNH /Ea]\5w07zD Χ?XaX_ZT;` O9` c]%T}agY 3U*/nrZkD~DZFo=}W(Rޫ%1SeIPW*C.6&T9ƼC9*sdC||M<`p9B/VD j}9DF|M,gڈ6#Ua~  t/I }Ꞔ+,*u!>)92ima8y%rDN6^1҅(F):v͕ء/Wq!ދ HcUfAJ¨~I>aM=fSvc J!t(mtuIUCHXQT+`򪕩qt!x2uJɂ!eMvļ%4=[_y ]7\Qb/ )5S,g|HP{."UJ'w9e;fmiI}[ t+kxR̍ۚܰ(<f1HOz8y:K[Q!sSM򖞝Qݏȗ u`7UܑMNCS= 4: =ic k1ϣg}A++݉ҷM^#~;D$zTX<RZEM-nu/>ocOay5VuW.eq}@;`e0<[#Z :5o[9]M8JkN90/MNS0 mpd%a"@ޫ3$]K8aR n zGOmJyQBA h&1!Q@6ݡq2<}})(&ngΖo-u=H&<7b@/g۷ `C7 3ODw7$m>Ї%rMjňjt˙ox(om*xuKc  by-Q ?^UB*Zo'U`<Ӵ~;WͲK7p1=T(k6<ɭ-R$qs' UQOc QТ@(&ls=9(uK۬i_̀߉KZ i? >h_U9ty'Os [xD <󡖻VΨ =&V8 w8s)keeB2m‹)L&,t}$EwΡ !ClW bS w[k o_nJ]D-ICexkW͉+& V޴yU5o7tˆCRɭLv&yAJ<`>H<޾bqXN%LhF7I?yr=Uɝ=VNZ|3Rj_5ɶ|TG!.DYB}Bwh$М%;+}Dª( ECwD>6j-9ۢe?:[湗Gؾn;dɂO2[(]~b_<)=U/mc_tHDdNG JNj)c,8|9∙wQ>ν~?дkIH<)[TCx$sRĹue2tEY)S}f&ɸcAV΍Q"bG䮶Y~x񱸸^^#S<GSkG_-FE)~$yu|y\xFO]*=YZjsvr&~{(D"'8_^XcUcZ&)$[ P.읭Ke#W gT_K%bB<`^sb:9{;cb*rB3{m~"Iwa?L Sذߺj|Ϧ A-Ƃ?'Xry Ej/OhAK>Sܖi'95Oʇk*]`5R7&qwSQnJyԙAq'$ с_SSo8ܸ!if!2Bm8DaW:Aq^!, ¤ ϗvtb4Y{Ec{~0 )UrbT¼C嗶;pt;ג^+]V1(e 9tkEʇ ZOCpSf-/5n5)oq{/d־]q;`s0/u VÇcϼ}pT|Z-=y0aRArV6AN$ *mnXy-D*/pևCMwAG@:o}KP}/`y $~B$"2,S)"·C 0o#0yV(|qQܝzLii>1˙<U`dO{Er..+JoiX1V{A0v+k ]iOO&~Vl{HDn莙QciI%ۙ4Uؑg$KwD٤fUte.+gه N!L_Ga!ܫcF^L_xb '&O#g5"?D?P' WmJ h\g|Ʌ^ <݇W:0 j$OTU{d>0"nV`,C)1 פ5jl=,BrEPVe3lW&^QdHk: @vғVS>H{ <~|sv,UhQ:GO.긭o8x2op+3 &$6 s̳1tcJ,h]A-zݮCiĽEbnP|jAĤҬa>eΙ5,W2#AD@SMM)5AV |H'f; /O^! z)s1Cv<~d"TN |Eqţ.HeIqVоi״V3_o&QЅ"}e &'ZaHUY@Z t{*Y}E߾ZV cVdt~y|52Dځ@蕓$}MU}8xsE-Rw:5_'$:WYeJC|_`CA/W-flnNA&шŀ|/0#X71^$몲l$٧R3Rz_P |w% B۲5Rv)4 GrWi,*xH"oBvn =JjVFGѩ˝ pp t5P|mYTf%xڅ3Iت?Eϗ^DE-`6i}0#WX}T=Gcgo॔k2@$wGLmީ>u^R8vOvqEϗ] A PQmK(Ktz<~=7({RpqپHe+,,.?V1ZA+{+OM't&~!KdUbńR*Q-P |D%;ysiŲ;bhAl= %U≮(v'u~xy9FTղ$=g;A1b0jle_boaAVct#h!V&?d )?7TMIX"gR4w0@FROJ+Y?y~nUVw"v^J솔'a|pSt(}癷Lm#]vjT+윎 K#gkx@Û\TPUb‹w$OS?ƵJX^~_X?YĊqnݟ%V^T. 4-_SYcy3 %U~Z|.4}uP_ XY*gPY}^Qk;4tx6|Ailh\zʉ Bj3^/bW}ڬΧ5S_桂 Vad St2GzǂԦ~KIBҒ'6r6VQmiȺJ,(,"Q||yf  Eͩ/7.T󕪼9|9em>ϔwS wPBaZ2߬YdR'I‚mÎqMc^>|IKF_£FZ%Ȁ]R9muxӛ=t8~>![8l-Fr곤ܷt Nyx(r?TZAr?$$Dműb1}ǃ*.80 11 v?!Xw[ ijV ?^D7*ŃU7ySZ?ď^<+_pS{|+\-=$B ˶3yɡK!溡֙[3/sES's4vZPgRwН+x^"ʁgԝ27|IPJY4UYhT14ꉓU7,T=L@G+K?` pgt{3?܂n鈕Ѭwr&Sz Ǡpx&#ư3[\3)P5$~MnrTd3Ymk[ҐeD91n?c9CS{PwLT>/?1â70&iH-D\uL3;i1сq " II}Bc 7LH:Cs3$%r$z<_6dV`HP4JT\ BUl$yo5IZdL!ypNc@Fk;HJ$xe~@sB)YpS2d]q3EJzl6Eq7eR惉 P6j5 C *g!HxJ;$Fی3/8 3 : >dh9S+>h b!~ kj/cx: p52z ɉOq[X?HT́W4PpH]2T]3^=TI80U8LSJh*{o6K6 ⱼ>z ?)]Cum}vѽH1nh]8V>{8[1u>i][S[ʄExe sj)&! =yU;`0 `1l8I 0^$񛋉cmU{sJD=1<D=o }qmuK5weT_LPX3`tFs/ԄS ¾NE!OɜF{}}pډ($n%wl-~g]^ҤʂeՖ-^gO_-7Wː ]S=P7ʝ9c|NYR/ %,>y#XrйܐHkP*\$Z9DY_b Rafċ eU1ynwHN915炦^]nľjpӜ>&G(A>jGb'O)K.b{w|\M 4H<@{诶'/@xJ(Qv 3!ؖ_bS$Ny5LmmfInS/^/(}#q^% VMElcоob+Cw)LPǓN Q_D}pu9p"U iZE>.gPd~ngg#;R4y|Ye-/'IWn&0K D"p D4dY]J#O4txDY5]d3K }mPX{{QnLqX1ZfeFfWhl GS .HLǬ~~&lwdSnFyk- 1R)zlѧ]UC/4a_ҩgFqJRj1b{ f.e4D;N /Qd#EN{Sp-l+&9W nyE;/55`8Y%A=ƷOfNdCdX2HFOӃ,RM IO<-:p5NP0(=N$B[ؑsׅ5<+OaY/HV6{j4qk#\sYU :\a;H@hEv| qcW$HMm+N՟Z"4g c!./XX3}P{ 8 * |ڶԓO!]E,JNfsr$%ۺ9R_},y"4FNPUS:nJf:Z+X5ۡ/RG$A i{QCCqGAW)">Y.ܽ5@2!;4*] A(N*DS B=$#埣/,iAR⬲ɼ=OB_bZSinʿy}A9pa(n+{}2mYceQQ; mr/x= xXvY5ÊER)k/*O_eĬؓӹC_-(ЊiZxPv;CoVos|IqD(i4l+{1ɍ?<{~es:i8뉴Xv T9|>v>v2WL /_u839gv?0;'k<_n+˭~N)( zU7]/lvoCbmWtш%;'X?#Xq./|Vk(`B6:{|VLq@kfe'WYlpd<&D MLIK25QB#|8dCkJ|2p~P?6} yz'`&@ìXnGxK[RdK֞a8XmmY2K$ ڤ=?hb7Pѫu]|BvuiG3eV=г;m"-NY+GeT:t ZPݨx,‚:{+7]NZȊ,bj@if[#^<.-ѝm0Ć=-tX5iO5] QD. uy^ui$ZHDĢ8Otkiy޻Lr̔U}2B{!#o"Θ'3T+$65dof_EqRQ~p6=]˗\a[z_66y7.2>Nq_16WnаVn;IS 3 zwv15UW6*mAxOTC^a)O8{{h-*DuR:TE(]M$"=@ҏ?#cst8j*Bҋ`ik꒍ ((V2:}3?pHG1E{QJ pxgpv-)B\"`*2V؏š/Y `} \M-FZiVRiJA{`iY='*t@slrR=w.‰~تitd.ML?Q4`&I]T2_7 6 <1Uߨ6V "qB7Jf-?Jf@&ނ [Bx /F  DdT5E GBJ%Z'fμt+zvEG׹*6c Zf}N*υtHY3d&ZnO9Ъi^/QIJh(5eF LY+{ґ ͥLm. "XuHSX,{#&-ucܻ)O>p+m!/U4 %[Xjf#Jݒ:z/ t,m$"`LGn;8gIO kI"[o>EuAxX+Pi%ƱoGcLR(DФBR/{_ٍtI T扚v.w! M1)x1x5ju?8w'IBk`)eo9# sJ%aC-p;H!\$8[ҩjfD+S,wD\7Jn%7>UBR `- A%`iͱv3&+?BӂWjІK0o|+`?RYoV g"sQʽTkE 9@畀zk]^,I*=|mVS0G3EV3z)zf29bUo9s෮3/d%F3hEXݛ*-\U.׽ SP:ԕGe ,#)!|p>ƶ)ҞzgC/ {W{;3ya`Sr ;9[Ţ&I(ĮNP(J[Rrf8~ƙW֧!f^k:m9+ iz H2fV窎1?uNxk+Bmz}vSSoh fhT)2k p!P-f{a;ȽCj۬?(YpuX K8w_##w#?.F'^.qkJ dp,$H.gy{.=h¤fy=POB"8CIcb]\#-DkWsmxQ-Hh[TFwKU_< jI@$ k'܀t c5x](^c(cd!j\-W$ a(ɀVaY{,oc=asQVD*գt31)gbH "P~5I o*oE/T ξ]@t,^n.NSE2:B8V xTU/}(3u&E7S]ri}-Ul^} m.Wj$'9n┭s6I\SShuܔ8^wlhɻL@`PZ&퓟fAշ {UitNmMg16y]kV9-s&\_러!4Q!3??8ҪAlc,+^P%F7yP $>o>ђ)/:l4]!ݧN X\;0dk3f_eC7/G"nd,lb91ueD#nktk~0m*sj }4K:lΓ 7sR#_FTzA`\*3y=!IxȿUϳFR飵 HGC4) 5d;l@܋O ]RzgBB?s]< k[5Q.~FD/=3sCօ;9 |Xٔ#rNC Ngbr8wKZx-5$޾\iW]b$o$Uqogm܉L~g/C[yFD +e/:(Y,ډg%))mr&>-ܙ(qZV hMe0x %l=]iTaH)%3]DnR ;>sݍt7' "Ts̱Bk=Nͮ_,zHubOpD^mvFS_9uڈaB@!!WR@^k-{!-HsQ̞>3 m.aê\bA?y$/ߖd!YЗxs`X O)c342+p23AԓlU H|[Q'-qEzpoO !9h$VCŨ AmgJUﱭ>ص|f0p Tw;?L'A3}'xԴoؚ /^MCIBdL|-3̤w[wg2Cj{~e4SC|v9{N$ӵ*#KFd<)v1bb@XglMѕ6 %"UU:mMt-w0 ]?ЛS=& ӒxvJ'"*M?pB5YNJDryWX(zc2XG{L|GЧdtІAD*Jm? Uu\/_t+@m\%F̔]t9G YUL>3\;“fi>[+O'emG dhxM8br4.,OІ{]PyR1O㏂g>{q+rLV3DՀX JL/ϣmc6k4|n BZݭenOUAb1y!c!1 ND v?+C 4iHm[E-zҖ#>۳į=I#y8e!NONzaQuH22jˏWw\Maѕ"N١vF˿5i!St%^']bm`!R[Äi[dRPeЁ2ț4ZZ7HJɶtĉ"(t ~u _*[Yͫe%#yFTՙX{rѨhN=pq'LGP n35#c!G!?B!#[A"C|{o+*E҂wyR.A*E3Ca٥wCun{-(dm Em䭛6BpvpפU4q;|v.Ԓ+y5ښfQ?ni*%Pd{?ɾ{U;AO{](]p5 9B_%7Ex'w־1s-eiN쵲#Cw6d%:xpJ"oAh"P"zڥG Mt΀!oB4W*<k̮R4KN496Do8ުEdPZIJgdЄn1|Hi|5+kEl> V/e/fr[6>-x9| a|ϙ P&I=}U}N;7<X]WɌ3=ٗ2rnj$3St%U%(6Nz!P^PYYd cbtے(wX& k ~9 '&VvDq>Ν2b4USϐ?o^M{s-~>GnGNni5 cuP-#k_UG'Q~x#9 Sp?:;?~K?o}=D G閣wtڵKD)eniDjr+%V\NxO#_D.4T/Kו bvܖ]euh#eQڮ>_=/ꣷW'e~%>`@qkPɃ5gt~i %Q#PQw~ †#/|($KrrBHGHnfTꚱ 6Me=xs&zwG>YW0zPeLxv2~x;L˝+F\U" =X8T{k^ tR5jn qܲ9]\JFdyw-{_p>UaǕ In7"X?|q*x%zv6Tg>gTZ(v|Up [ fat,/)*p˼ q"ls7nV'͜-"}, c@'Jp.aau\rQKbt0e9N,nD mÃe+@=j)-:JA$@ 7w0(_MN4(M 0>t{o-\hi4qF!q/3p;[,UUjCI)WEDRt³,SYйE0_d_?cnY9s~EV@' <4EӇ؋4P(ZKGޙݫJ ~u!ImYsd!,X+ͦ8Z]? 4#+ lA4c,2趇gturPaޜBK,^?[.. 3RUcͣ;˓^ P4~.Q aZw ېXΈa}Y*~#N=W]X5wU 5iՃ#6 T{ dux$c3],K7F 9Ժk:2_Ԫσx^e9(&gMw =d/ )8H\(Z\?x5\ZJ%7=,YA.D\+5IF )gµqwwE*m$21tHHaP %sr晬7 r!6wwK=Uo u%_5afp_+[k²Tb8J%!es4@y^l@Ea]5\J=BnxO:%:DGޖ5FqKo8f5&!)v}[LaOkC-|X.RȖ+#@+{XnNA_)awXC9>xN@<^1@ u܀(=?s* ܾArYRc93e}]6(ѫi4A|Fp#N=& W+I][۱=t>]&8V/RM?k p*'g~4E[3T_$ƒo^n?phDbqQF72kUH,OiakL5p96_ WҮ0~~T]ڍ6R._}LFN#(+B~2Rk[ C} p^>FAvW@]2Jcx:}8%i~/FEsH׃tvm"",0w֧K\‹@e*X|a6FE PDr֙(>p6c54΅,?3sF-*7TlVg3OPI%,f?{n++ZuZȫS}p>o[;O70 2ֺI$6~( cRʣv lL0a|I+Ϙ*B9@ tȟeY`a~@97oyz)XU-qg#}ĵ5Uy<1-B!,U7ZCoz'bp6Ww)+]P:mFeG`Ld.@rcc@L7?8|f89'?:fz@7L;$l &PzZ1CX3|RoUdl;XvrM ޑn|w6l]Xkyjki.#3ߋbp h*gw} xr s{3{_Bxi}00`|/Lտ=>E#8=r4(%EȟzŠ6|vt2ҵ$jE#Q#PMuo,h[Zl(7gƖOp)bDkD9TL6Ms( ՎƖ1AƯ*7rOr +xjkx~v^s]ЃBO\>jlG=XOۻ< Ы)6?ʂ/h:zk ' #V7Y/{T&ް,iWP l>g>pM #4gZ0X9FpnǒԊ d$/ 2Kk/!(`;ܟRS_b6JB鉀)6=fe2vጷ!x3cDYP("=dn\9rJr#6Кſ] IvA`ͽ,j8j'Eq2kGds WId4~Fǭzs;MsZh&U- FZ9L6}׏X8nft[4V8*37.9Çg~RS2G`y89Yk$B_sHTȾ]{̞_@mTAmP94Q)߿pǍt5%)\Bmfڎ9RHpB|xiFvI:D^c/:%L̰wp)qUQU 86@X^&xZ!pQ% W Zy]] A2:g-Gw?Fmm Qt킮/ecm3U{Gβ轘K#ڔ@@q0xT5*W$ryaw5p=zkf(_1j/:aFnL9#J)۬Zç~އ#Z̻koz4jV&pwhXW~%፺|-FZ2U _k, λiV]=kd9| hP d:.h%:X,v1~#(h{YKbrЫR$=MA?Iݩ5U 9ŕ#Ey4޵QE3&SIJ~JQ:C΄v N(H3s=+؃iJ -:ԳDg#tv_rF2Px`&a=B =)C3v|&ƨX%!QKMG@1vŪZ%#5L2X04RʌjLFaVpbWZ.x  OqS }q6FVRn{1LbZ<σ3ܚvyb\NcpV"(MY%̶\Q\ jL~EŸeː ] DLN=G6$i:+_=8E=3hy^~GԂr{|nR3xk碝(} n;Mtorp:g1_a 2ȧZD^hȟTYKhB#t#,w[+ZLm㽍7|Z^ZF%ňEkjɩ#D@G^