libapparmor1-3.0.4-150400.5.9.1 >  A d_p9|h8WLzxPXHˬX^@䆭Sn~{eUP3όg(, (ZiC|uSS6#ў ](yӍ#eOR{M r<7HEgwWCR+9ʍpw+G(ё.oOͤ5?~M kj w`4ѕz܉238,\>U%I ٮRK\ZNd#5b-I-gZa}7(r> FN8zEty]f f@h,*͓>7ė2 wa AjzS/H% %`iqLUVH@b⪴Y5\:H7~f"cv;(O  ]am>pC?pd " ? )J\ r       (2<dl4 h  (8~9~:8~>@BFGHIXY4Zl[p\t]|^bcWdefluvwxyz $*lClibapparmor13.0.4150400.5.9.1Utility library for AppArmorThis package provides the libapparmor library, which contains the change_hat(2) symbol, used for sub-process confinement by AppArmor, as well as functions to parse AppArmor log messages.d_h02-armsrv28SUSE Linux Enterprise 15SUSE LLC LGPL-2.1-or-laterhttps://www.suse.com/System/Librarieshttps://launchpad.net/apparmorlinuxaarch648d_d_dcbd898925ea5e4c793047d771bda5f67608eaa91d6593358c6aeaf8d03c2d62libapparmor.so.1.8.2rootrootrootrootlibapparmor-3.0.4-150400.5.9.1.src.rpmlibapparmorlibapparmor.so.1()(64bit)libapparmor.so.1(APPARMOR_1.0)(64bit)libapparmor.so.1(APPARMOR_1.1)(64bit)libapparmor.so.1(APPARMOR_2.10)(64bit)libapparmor.so.1(APPARMOR_2.11)(64bit)libapparmor.so.1(APPARMOR_2.13)(64bit)libapparmor.so.1(APPARMOR_2.13.1)(64bit)libapparmor.so.1(APPARMOR_2.9)(64bit)libapparmor.so.1(APPARMOR_3.0)(64bit)libapparmor.so.1(IMMUNIX_1.0)(64bit)libapparmor.so.1(PRIVATE)(64bit)libapparmor1libapparmor1(aarch-64)@@@@@@@    /sbin/ldconfig/sbin/ldconfigld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.26)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.17)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3d@d@cbk@bi0@bZbV@bT@bRbBb<]@b@a7aZ@ap@aabaim@aEaaua $@`#@` @````_@`%@`!'`>` @__ǁ_ǁ_Q_h__@_~@_[f_P_-B@_@^m@^@^<@^j$@^,-]҇]o](]K@]]@\\@\ \\v{\I\ include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527)- prepare usrmerge (boo#1029961) * use %_pamdir- update to AppArmor 3.0.1 - minor additions to profiles and abstractions - some bugfixes in libapparmor, apparmor_parser and the aa-* utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1 for the detailed upstream changelog - removed upstream(ed) patches: - changes-since-3.0.0.diff - extra-profiles-fix-Pux.diff - utils-fix-hotkey-conflict.diff- Use apache provided variables for the module_directry: + Use %apache_libexecdir + Add apache-rpm-macros BuildRequires- add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in de, id and sv translations (and fix the test) (MR 675) - add extra-profiles-fix-Pux.diff to fix an inactive profile - prevents a crash in aa-logprof and aa-genprof when creating a new profile (MR 676)- update to AppArmor 3.0.0 - introduce feature abi declaration in profiles to enable use of new rule types (for openSUSE: dbus and unix rules) - support xattr attachment conditionals - experimental support for kill and unconfined profile modes - rewritten aa-status (in C), including support for new profile modes - rewritten aa-notify (in python), finally dropping the perl requirement at runtime - new tool aa-features-abi for extracting feature abis from the kernel - update profiles to have profile names and to use 3.0 feature abi - introduce @{etc_ro} and @{etc_rw} profile variables - new profile for php-fpm - several updates to profiles and abstractions (including boo#1166007) - fully support 'include if exists' in the aa-* tools - rewrite handling of alias, include, link and variable rules in the aa-* tools - rewrite and simplify log handling in the aa-logprof and aa-genprof - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0 for the detailed upstream changelog - patches: - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0 release up to 3e18c0785abc03ee42a022a67a27a085516a7921 - drop upstreamed usr-etc-abstractions-base-nameservice.diff - drop 2.13-only libapparmor-so-number.diff - refresh apparmor-enable-profile-cache.diff - partially upstreamed - update apparmor-samba-include-permissions-for-shares.diff and apparmor-lessopen-profile.patch - switch to "include if exists" - apparmor-lessopen-profile.patch: add abi rule to lessopen profile - refresh apparmor-lessopen-nfs-workaround.diff - move away very loose apache profile that doesn't even match the apache2 binary path in openSUSE to avoid confusion (boo#872984) - move rewritten aa-status from utils to parser subpackage - add aa-features-abi to parser subpackage - replace perl and libnotify-tools requires with requiring python3-notify2 and python3-psutil (needed by the rewritten aa-notify) - drop ancient cleanup for /etc/init.d/subdomain from parser %pre - drop (never enabled) conditionals to build with python2 and to build the python-apparmor subpackage (upstream dropped python2 support) - drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed - set PYFLAKES path for utils check - add precompiled_cache build conditional to allow faster local builds without using kvm - remove duplicated BuildRequires: swig- update to AppArmor 2.13.5 - add missing permissions to several profiles and abstractions - bugfixes in parser and tools - fix two potential build failures in libapparmor - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog - remove upstream(ed) patches - changes-since-2.13.4.diff - abstractions-X-xauth-mr582.diff - sevdb-caps-mr589.diff - libvirt-leaseshelper.patch - cap_checkpoint_restore.diff - add libapparmor-so-number.diff to fix libapparmor so version (!658)- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, cap_checkpoint_restore.diff)- %service_del_postun_without_restart only works for Tumbleweed, keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x- Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete.- libvirt-leaseshelper.patch: add /usr/libexec as a path to the libvirt leaseshelper script (jsc#SLE-14253)- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON to severity.db (lp#1890547)- add abstractions-X-xauth-mr582.diff to allow reading the xauth file from its new sddm location (boo#1174290, boo#1174293)- add changes-since-2.13.4.diff with upstream changes and fixes since 2.13.4 up to 5f61bd4c: - add several abstractions related to xdg-open: dbus-network-manager-strict, exo-open, gio-open, gvfs-open, kde-open5, xdg-open - introduce @{run} variable - update dnsmasq and winbindd profile - update mdns, mesa and nameservice abstraction - some bugfixes in the aa-* tools, including a remote bugfix in the YaST AppArmor module (boo#1171315) - drop upstream(ed) patches (now part of changes-since-2.13.4.diff): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-fix-utils-network-test.diff - make-4.3-network.diff - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch - apply usr-etc-abstractions-base-nameservice.diff only for Tumbleweed, but not for Leap 15.x where it's not needed - refresh usr-etc-abstractions-base-nameservice.diff- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch (bsc#1168306)- fix build with make 4.3 by backporting some commits from upstream master (boo#1167953): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-network.diff - make-4.3-fix-utils-network-test.diff- update to AppArmor 2.13.4 - several abstraction updates (including boo#1153162) - disallow writing to fontconfig cache in abstractions/fonts - some bugfixes in the aa-* tools - fix log parsing for logs with an embedded newline - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog - drop upstreamed patches: - abstractions-ssl-certbot-paths.diff - apparmor-krb5-conf-d.diff - libapparmor-python3.8.diff - usr-etc-abstractions-authentification.diff - refresh usr-etc-abstractions-base-nameservice.diff- add usr-etc-abstractions-base-nameservice.diff to adjust abstractions/base and nameservice for /usr/etc/ (boo#1161756)- Properly pull in full python3 interpreter- add libapparmor-python3.8.diff to fix building the libapparmor python bindings (deb#943657)- add usr-etc-abstractions-authentification.diff to allow reading /usr/etc/pam.d/* and some other authentification-related files (boo#1153162)- add abstractions-ssl-certbot-paths.diff - add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys- add apparmor-krb5-conf-d.diff for kerberos client- update to 2.13.3 - profile updates for dnsmasq, dovecot, identd, syslog-ng - new "lsb_release" profile (only used when using "Px -> lsb_release") - fix buggy syntax in tunables/share - several abstraction updates - parser: fix "Px -> foo-bar" (the "-" was rejected before) - several bugfixes in aa-genprof and aa-logprof - some fixes in cache handling - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3 for the detailed upstream changelog - drop upstream(ed) patches: - apparmor-nameservice-resolv-conf-link.patch - profile_filename_cornercase.diff - dnsmasq-libvirtd.diff - dnsmasq-revert-alternation.diff - usrmerge-fixes.diff - libapparmor-swig-4.diff - re-number remaining patches- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig 4.0 (boo#1135751)- Disable LTO (boo#1133091).- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877)- add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile to match the newly added libvirtd profile name (boo#1118952#c3)- Use %license instead of %doc [bsc#1082318]- add apparmor-lessopen-nfs-workaround.diff: allow network access in lessopen.sh for reading files on NFS (workaround for boo#1119937 / lp#1784499)- add profile_filename_cornercase.diff: drop check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (boo#1120472)- netconfig: write resolv.conf to /run with link to /etc (fate#325872, boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]- update to AppArmor 2.13.2 - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (boo#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 for the detailed upstream changelog - remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch- update to 2.13.1 - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - ignore "abi" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including boo#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 for the detailed upstream changelog - remove upstream(ed) patches: - aa-teardown-path.diff - fix-apparmor-systemd-perms.diff - logprof-skip-cache-d.diff - fix-samba-profiles.patch - make-pyflakes-happy.diff - dnsmasq-Add-permission-to-open-log-files.patch - refresh apparmor-samba-include-permissions-for-shares.diff - add fix-syntax-error-in-rc.apparmor.functions.patch- update rpmlintrc: - whitelist .features file which is part of the pre-compiled cache - comment out filters for the disabled tomcat_apparmor subpackage- Backport dnsmasq fix: 025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch (boo#1111342)- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099)- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing (logprof-skip-cache-d.diff)- add fix-apparmor-systemd-perms.diff - fix permissions of /lib/apparmor/apparmor.systemd (boo#1090545)- create and package precompiled cache (/usr/share/apparmor/cache, read-only) (boo#1069906, boo#1074429) - change (writeable) cache directory to /var/cache/apparmor/ - with the new btrfs layout, the only reason for using /var/lib/apparmor/cache/ (which was "it's part of the / subvolume") is gone, and /var/cache makes more sense for the cache - adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both cache locations - clear cache also in %post of abstractions package- update to AppArmor 2.13 - add support for multiple cache directories and cache overlays (boo#1069906, boo#1074429) - add support for conditional includes in policy - remove group restrictions from aa-notify (boo#1058787) - aa-complain etc.: set flags for profiles represented by a glob - aa-status: split profile from exec name - several profile and abstraction updates - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13 for the detailed upstream changelog - drop upstreamed patches and files: - aa-teardown - apparmor.service - apparmor.systemd - 32-bit-no-uid.diff - disable-cache-on-ro-fs.diff - dovecot-stats.diff - parser-write-cache-warn-only.diff - set-flags-for-profiles-represented-by-glob.patch - fix-regression-in-set-flags.patch - drop spec code that handled installing aa-teardown, apparmor.service and apparmor.systemd (now part of upstream Makefile) - simplify "make -C profiles parser-check" call (upstream Makefile bug that required to call "cd" was fixed) - add aa-teardown-path.diff - install aa-teardown in /usr/sbin/ - move 'exec' symlink to parser package (belongs to aa-exec)- Set flags for profiles represented by glob (bsc#1086154) set-flags-for-profiles-represented-by-glob.patch fix-regression-in-set-flags.patch- add dovecot-stats.diff: - add dovecot/stats profile and allow dovecot to run it (boo#1088161) - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753) - update 32-bit-no-uid.diff with upstream fix- Change of path of rpm in lessopen.sh (boo#1082956)- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429)- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429) - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests" to avoid pulling in several Gnome packages on servers (boo#1067477)- update to AppArmor 2.12 - add support for 'owner' rules in aa-logprof and aa-genprof - add support for includes with absolute path in aa-logprof etc. (lp#1733700) - update aa-decode to also decode PROCTITLE (lp#1736841) - several profile and abstraction updates, including boo#1069470 - preserve errno across aa_*_unref() functions - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12 for the detailed upstream changelog - drop upstreamed patches: - read_inactive_profile-exactly-once.patch - utils-fix-sorted-save_profiles-regression.diff - lessopen profile: change all 'rix' rules to 'mrix' - add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems - no longer package static libapparmor.a- update to AppArmor 2.11.95 aka 2.12 beta1 - add JSON interface to aa-logprof and aa-genprof (used by YaST) - drop old YaST interface code - update audio, base and nameservice abstractions - allow @{pid} to match 7-digit pids - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95 for the detailed upstream changelog - drop upstreamed patches - apparmor-yast-cleanup.patch - apparmor-json-support.patch - nameservice-libtirpc.diff - drop obsolete perl modules (YaST no longer needs them) - drop patches that were only needed by the obsolete perl modules: - apparmor-utils-string-split - apparmor-abstractions-no-multiline.diff - drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in apparmor_parser - refresh utils-fix-sorted-save_profiles-regression.diff - add aa-teardown (new script to unload all profiles) - make ExecStop in apparmor.service a no-op (workaround for a systemd restriction, see boo#996520 and boo#853019 for details) - lessopen profile: allow capability dac_read_search and dac_override, allow groff to execute several helpers (boo#1065388)- read_inactive_profile-exactly-once.patch (bsc#1069346) Perform reading of inactive profiles exactly once.- update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of 'unix' rules (will be supported in kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog - remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff - refresh apparmor-yast-cleanup.patch - add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the "changed profiles" list in aa-logprof- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)- profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195)- add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26- do not require exact X.Y version of "python3" - require also matching python(abi) which is arguably more important- don't rely on implementation details for reload in %post- add JSON support. Required for FATE#323380. (apparmor-yast-cleanup.patch, apparmor-json-support.patch)- add upstream-changes-r3629..3648.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - update nvidia abstraction for newer nvidia drivers - don't enforce ordering of dbus rule attributes in utils (lp#1628286) - add --parser, --base and --Include option to aa-easyprof to allow non-standard paths (useful for tests) (lp#1521031) - move initialization code in apparmor.aa to init_aa(). This allows to run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser don't exist. - several improvements in the utils tests - drop upstreamed python3-drop-re-locale.patch - no longer delete/skip some of the utils tests (to allow this, add parser-tests-dbus-duplicated-conditionals.diff) - add var.mount dependeny to apparmor.service (boo#1016259#c34)- Cleanup spec file: - don't use insserv if we afterwards call systemd, this can have bad side effects - remove dead code - remove now obsolete 'distro' checks - Replace init.d script with new wrapper working with systemd- add python3-drop-re-locale.patch: remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766)- Fix RPM groups- add upstream-changes-r3616..3628.diff: - update abstractions/base, abstractions/apache2-common and dovecot profiles - merge ask_the_questions() of aa-logprof and aa-mergeprof - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor - adjust deleting the cache in profiles %post to the new cache location - silence errors when deleting the cache (boo#976914)- split libapparmor into separate spec to get rid of build loop involving mariadb, systemd, apparmor, libapr and mariadb again (see the discussion in SR 448871 for details) - libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but with minimum BuildRequires- update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog - patches: - add sshd-profile-drop-local-include-r3615.diff to fix 'make check' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff - spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren't used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed'ing python3 into aa-* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in logparser.py - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition) - add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)- only install apparmor.service for openSUSE > 13.2- Add a native systemd unit which *at the moment* only wraps/masks the early boot script.- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage - drop upstreamed dnsmasq-profile-fixes.patch - update expired GPG key- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes - refresh dnsmasq-profile-fixes.patch- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- fix bashism in post script- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don't warn about rules not supported by the kernel - fix logging of "audit capability" (lp#1378091) - add support for the "hat" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 - update apparmor-abstractions-no-multiline.diff - remove upstreamed apparmor-profiles-ntpd-pid-location.diff/sbin/ldconfig/sbin/ldconfiglibapparmorh02-armsrv2 16940645353.0.43.0.4-150400.5.9.13.0.4-150400.5.9.12.9libapparmor.so.1libapparmor.so.1.8.2/usr/lib64/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:30575/SUSE_SLE-15-SP4_Update/7fe01e9314dba00f82ee52cf94fce023-libapparmor.SUSE_SLE-15-SP4_Updatecpioxz5aarch64-suse-linuxELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=029a2fa69f6727dfa4df88c5597c9a114f6e2593, strippedP PPPPPPPPPPPPPPP P P PRRRRRRRW,2Dutf-8c5051f00c63f0d2eba003d8ab76ea28bdbe0e3c2f2d5171db995431c0608180e?7zXZ !t/tl] cr$x#Hݸͥ6[ɰCcݾhdsa)Rh%#΂&abLpy0QVTT\ noK3}vRU= !>m8W|0dpSkR`iPy+ERuǛbzgesШ~C= mʅd{X$qDpmp &7",)mqqc,BzlQU5ۏ6uj!:80ORH*|1,BL- M S; \$V,)ցU?'6Us.$(=G ĥ4N T)tdXy~rͨ峓x^^'zݴL{P/jO >$M]  r߇H)?L t=mU~Y.7KT׏Q}pt6ߕ>\kA{~o>`L vIB]D鴯Ƕ<.Ό7CժO_r5 Hu҂y•Ħ~fu'eH]Z~S5p9rKhKXI;T$4m{H;q*z|dgvMƈ<%gI;$ClYtivKCT/S@?U,)bu(-(vl k/?00H]_P؊G[خʮk(EPF2eTBҐٰܨ+7Μ1&-o]^8R }sm,Z.H䘛Л:Z6Gy٢re ȧ#;qcnx%}/*T ,tz!=5z7:H={~doK.|;'G? *_5 `$8`Aeu(-w? 5`G^, Ez7HYuk6r l(3G8#p8XMfڱ]Bffv3{*9~<1ɁSZ†2KS<Jmh}clw)fBn Yn ?NБgX} 3O*^A;n9Ϙv Uk}5䘨?j{nd 6yu~ Z|c˿js=5nh-!|g/]6DzW.V6OBJ婎i4]n!ˇSgT:?Kh\Ukzu~J"R}%\v/)AvKLEMJ:|SۑSuNdR^- 8 ׎J,AIo9gfD{D[= C,9`ET@ײFX99gVǽm]y=T# \x>ԡ a~rRE.oRm*A`o﷤f0 Ix%SjªF=z%qmKp̀72.\`ikk}A%GlK(A]a`,ԟ"@Xd[-PyV~h,)(Ydքn~Q sayovy[li_X١;qٝ ] ,USe7F]3$JV@hzP[k4υbepY={CsjBLt ;!(W/eI`{MQ?ZZ 3I;*v氵,g̅#{ sOn` zcLikWn# dp wMzwJ~>]dNt#xnp-oD/̫,0b@q&KmQw~xZjdp.@:ya'੕m]8.:־%hۂ~c.Asq1A;x C#vXbpijdp6Y~l "QO ij(T:4?,a=)6LQ 2UP%hA\ |"?[CE ~s&1=fCPVVx:ſC&2zh%I?e= 987Si[e?>@gC ל~f=[3gcJf^1DgW1@n驼vt4 p4Z}hrߐ,e/U0Q$B,){=g=s۠w)TQۙSr" `j$T8;"vu{v'߄5w/W Go ܔ.!).Q8Q|i/yJ V=lqDZwA!|NQ'r3.9.f`Z (õXiaR O=m WXmE V6w惒Y|)[ל\v@-2f6 2DM!='o_˓a*_]o,&)1?8X;UqaM+痧6ShX3GO5{u-IqWFGxs͜i qlԿ=:n*oaM͔ɧ\ւ̞IdknP\ɑǭ;pƦHV"p7$̹8{8 DӇƜlo QvJ d۪ *Ս~:ue%2uE|>?U\E N&M"N1vzvI|dOxDE"@2,*/"tl70/E ռ,ej]"]lBhyB_" <eItR87_d!` w| “ ɟ޺tKǘњ3mDPdOq&n>ꞿZ3TQz`&hz:M*@ Xܫ;*dmC"~#iА le5G)`jHct |u *Ԑ;k gPٌW}*w<Ť.QQ?8VFGkp^jxATmEK[K XEAQ\4eD,(IJ* *GB}~GX;rrBh*73.@jND/F_i$+I~Щ[IPtG /.(Z=ܣ){QLiX%!$x{0.tsV{8Bla-* OM|;{:1RI0bY!0.AnU vXr”؋D`ib:)\%\&=RnnOn2@eC"~%a.\un=Y^^_1NFjPZb9#Nn 7ܹ\.בaQ3xkF)jF:z,}(ОWVly۰~ˀ3S 3~ǦMTUH͌lbŌoewp ZG" Gڠur,yeQA߹ ,fVHYO[K{|!j4(m2B.F Rnr'IwG8pgNT){5ٗpqCOV GXMEnȔ\1}n$H"cXXvG^Ӏc`{h^Z.  J3yLӬټ<C;ucF՟ߙJKɮvp²F!Y^ct3 NMH ?bێމjʳ{yLf&yaʂͬ] us|~΅Z캩Gv3J]vE{XlwطZn;uW̤l:1b:$㘁C{ٰG&gb^A %y( VHG}{AHWbh*zT0M䲲òځiQZ o }|B#?o3{wp?}'q_يG ;/{#/-yLmRiT-G&x*cT8PFm/F,3zNgdf+, {/^dH2ϓh1i;Pc~RPnhe{Lq:~2$>9`1z]FÚ*1 9uOFpp4;J2" P+- 9Zݢﲷa#GQ,xΜz̾ǻ~A%@N+%gE.^i%EvQFkO[WXu% 'F` +>RÓǬML#us1 DHp~KRv0{V- pm +)Y[$.X_q5},ia%>QS_ J6Nd^#0 AH  4!4P:e/#g6*‹98m3)"9)B[ gfR!=}S?'LmillQ(aNW!K1O Գa]nJE[H<[oX1Hۑ>c"qӝ}2de0ˠ3Hx }T4";T"ql\%W`I47bf{ZꐤSǛ:š^e` sK_o׵jV"1(/-)N"ƚt&zpMQ em s^m CfnDKPJIT$P6Kp:HJ[a/k2Uv>BD47hWuoSID,̽.@NzILR)_2?.V[~bi伲~=ZO5"tzd".Y\d+iIm%mgNnh9bLPIXm=.A 4j ]clWچr8^OB zg|]C.o\CB.F*0@o"r'`T ,jD'bgmbFƲZ!ZJK=MoF㚱ҭ–=d0EʖPP3(Qܩ{>UQPHԑy{n xe\͊]}.;:f-gFv$rb2 zi%f3vL󥭄 Ŀ-$Oό fjJAI *>?) _銎dPi[^lК ZQ궞')liO){g`pCʔAl>IV5G!`#9MtV9dbtbApORNX3jbbƊH\30xSNRrf}>{$`\V~@f&&RvY9cA~<K;J[?mZZz0WЀ^e/(@Wwai\5ǃc=Ԁybs[T/GHk 3#(K7ԷVRBg6>qJb_&1E؀l9*J v.·k[fsAVju) MGMOhNj3N9&dC'ِZ&ֈ{^*\(,v폡-mR jp-ԊX~[ikQ=i͇YbÝ~IP=` Gv ЭvgLiO@ rhϫdB:j"L轛*JJq>KW~g_axɩB#K5v`%dp^WtTA-I8:ZL@`&ǰJp4:%Aޜ֜{.*0؛%z85}bȗp&DyRzi7\L,5Nڬ)wXw?Bf #t_\I-Me[g@Ǟ}҂*RzR#vyM^&ɘӃۃd f<06m_X#70ˏVKiMF-hf%,܃%n'VYɍR=[&Ś M43 GJssxnoSj/)E~Or%;Cx<Ή/F4;d}j n2S[V/>|TAO~/vP;KZfM̱z阿9K"mrrj5}l)[mDggK h&25M6wlp+WwF7i GcŢ}m̐ !5w@$ D@TǽllC*{<`Aϸd N{W@ıt;Vf TӏJC0ܐw'K42()^dl)xr>Y+)X~X=d HZk9 !K j42#|>qLwt\'|(GD_kh.0 3}Wdc /,pǃT@C]^Z,Fp+7;ǏIhV"+_^["]+vydcyef@ocRT2-Ez/K[՛ZuFդjTxpg8H[~,k}y<$I aB4P+t\;2kJN-g~ ܽ}ޭy.X=@y)' 95s1qˤV-g(k 1C(S (^=Jw]!Ysx<ȳ_79y[C[+IB54C8%XK0yI KqÎXlh.tqD;߲A^Ә$IJ{ǒmg];:.p>@!"vm.MoAGofV{{ jû0{߱1awOMOF,g0T[qe3׳ c~ع$ R֝TR!ghA>m!xNNoM C#*֔ W_?x^5 EYˠkC+eDn~蹬(3Hwz&/;D ޲PftLaҫx iQ΁W`/߸Drؑu9wkF{&ڹ"_,nc7;Y͵K \<@GyP)(4:dEzG?#:\WIk솁PgEμ`gn0C9nuHr5 ]GIUK*h8$DSE'Z\^߹~D'5ow YNQ~Շ=(^Vk |жO[o.AcPAW e*ƴ7 CA|$Z%QtH h֢H :fT4 Vcgl 2O_K$l;>Q "8JxpS -U5i=zDy5v0u0Ёv/p񋔦@#^Mzz':J$1^6))@-rN(I+jwVA4Ol$h>mGock BI>2Bu_7/{-6%.R7%JC*ܔ]lD`w'h5zW+}_4Cm^3X]5wC!,4hmEРvۂ<^GYppq}tԧ= >1%`߬|# y_o丷ފepAA)9"7ԞSp^-'hGZI_%SIk:}$(Cu r+Kg@m{1mt񍳀o^֙Qxg&楲NM[01= )`ؽ&)x6vNc/I2z}$)3BMk8]c+ecͮ[8)&vMGЊ؝<ҜҠuS|(M5B)&Y%&Mp7niӆ+,o]C,)ѓOʐXQ( 1qN]K$ΠI.ipJ~9&F39mq>%tHNj 2е SڞYS W%[TFMy=~9{%./~ 4Sm d,̔_b#Pܷp>.rsqL)(^D"`=%\\7it],YD@_*4%l}g#b.RY yyiuh1uy0 !k[N unjO\,CSG{5aD!s陑iS҈9A@3! flTڐ[X TC+,侖1Sot6̑z˖OrP,`G\`E()Ie/a2*C)f| 6ԙuTܐ~:zɊ#@%+y^WݜLEjCy'!E~-}FdD.6>w(C)Ax"BOhَ;icSgY-r{niO3(Sy/}7"1DmM%zzVcw>GoZG7 5d} 7ӦtL[Xp<4| 7ʽFVafr Z["l9bU ORiӓX/.Kcl(0ټ'`4'*ͤ׈*S%V$?FENN͸1jX Z9ŒH }"ߜ]\"ŘPw[ ty1\*z'FO8Wto}5j?jdyD)<.8t=3˱u[b>s XZ6,s#忛 iv˽@E]`Y3YzAF>ICTqG'11U3~T/jx+>Zl+r^5Z!%|sr0[v*‚kiMߜ.;2y;o.ox+Hl$34~+ '(12Lj rg`+uGJ7=e!QA|@a,.\GPYQKN ]Ϸ| +&Ýnq/γ}zf_)kedaSIa#YI@:ĵxVfolk,6ጨ9aUˊq)`*QsT$3֝[w޾;1/A.2t߇}kW oklvw'!^ye;l/_mdNL ۵? TBAa¹=$x.mL[U,A K/{.讒``e}a1c@5}$+xjˌvcFxA˧U_ _j;USmn&H$ZvUJ}E^@g?rjzct_(ᢆiTIJ-d* -m ϒ SLh0+iajbcԺ5YBA>ƾ\k]{9*?*oJ#jVx[=]8lyKX@]@t&Z$̆nj{o h 홿C#Lyi:^ QJ+)f7h8Mvt'UPTuW]{u.N2@h{m;r 1/L Gш0·H)uJ \Om(m;Q?m)kt(tt|\ kt5'KXbtc?Gs[8%Wӎ\ {"s^۞ B6e@Q'dMJ~)Yc 592M^tɛ8 1IןؔD[r ԉ{%0gx7s}"!#ra^uÛ#<s+)cE/6dctl;Q<^ %/ti(FKt;T̢%-uKW6s8(w|Ì +r'R4a"KzZ_v'Х\р4CgMi4bY :0Spr{bz@ZKK`D|gI̢QE:7Q=}иO$iE'?x=KK5 },/ⶄY'g''GYXt4Sb n- D&֜յq76 "1=Q͋B pCTϲ$eyG'z}-9@~(RqLr$5IBcM-2g/4O-LE 9 =l27J"' H7Iʧm`{| WQ_؏>"DWĒ4 bD2k'A> xp^/5͎Nzza3b*DެtAm{&c Ȧ um(PpXcu0G q% :@}#+ bq<0K޸:k½%àꊡWM4aB&nҰ(͂"&p x/1_|"yQFx=WIȳ^iT4a@%|޼ck!(|h<@$`[_BUK K!jÖmXSGJ"KkYڥM8u<.o1(ڪD;0o&pƓ"$u0q>OX ^nana<}Sh !P1Kw~tR5t>\HH/bIW2!wwZ@sU ˄hv8XCE! iw4RWX9IDȳnG!ܣ|6^|0\)L anCəMα< ^!onB U&uF5 aڼJ /ZQ#M6A.7.MC@5z& r0&;}#ER؞6 v=35= 퍚*@a@۠Q,guW(?"bTa's3X)4!Ql75f-nsETB\!#X`UqSQi|INk6>͵ʲlr`T+V46}b{95YDZ޲zT\ȯ-ͩ莣v v$.Ӑe9oXZ'6X7@YRH{;> ޏ~Ǻ'@0ns-ph]QɺU'?Y H%)V4ǭdAF h7\WHPd1ZocvV]j){ W)ƶRo=tt#q6}2cIz3CS2V][ Jm2IYoMo4bZꟐuvg-8-//^p.6w{R%TD*d7\{ ֚GEdE;^y; 0q6i2tno鬚&z*ԡn &a2 ޖqO଼oLK-e 5X+=F[#jb< ]^aU1I~4}4"ANwq P&+(>KM\23H" RdsTg,(%X%a4l|McfqAc lWόxm:W> ۷RL0'/W 0o\a@jh;3u _L ۂq:8E=Xy 𪴮.#L}U`^\=fcXvw$c/?BÚ!5]zEG֊U9U# >UC EuH𹅮Ŋ@ @WٴXG7†|B3ʇN(` byx VJH@L='Փ2 1uW}_u=f@[břmFPg}~U2UmqL^<~U1nJO$^ZT:k[-Ehk?ynml6ECϿcv!Neו iS?A/TMis9gSx$iЎK~~Z?VK̍74jbDa:t_^WR;C)u4Mip+9%섇q+4<kx7mn{a> e[3 Lҋ$Ld,řeNncZ8\L`:.dHMH<~rlNPE]?&blyFk' 5_aX d|L1*r)xtq_^Irb!ٗ| C욬Z*~ƛ6 /BBp6'FKg@ l@87ۛ<2R{ 2nvt =|RPFf=Mز!Qghd'>s*C2{} pGiqX趨KbA}ΙM[xirU fyBK0<e w %x|}4&TQ'T h];]t!'’JA1@ܕRؾ7.Ğ8C ^d[T^UONye M9ߔF\fb0C{X:[d)l{w}Mip9j.G 9Q3m _;#L*N%:zg29`0%DtxEizX.B$U͒RNDF5=_!9ak\2I;u(bfKJUc܎ޚWyurPKQgvdžQm*G8V$ KO[ggyrն)?siݯ.D\V}:гj^m.Rx'59,HȩN$^_<K~2iE%rG@S3׬D%) Qn#7i8 d5MU;v zy b?O 5f9#B{X,F8( Iր+it *)ҭ&&Hb8rJ3>p#B'Rq]nǨkvyelN6' uJpyj^_*s`M].0պ_f2})C}fp(Þ[Hb$(6+N|YJ3_ q~ -{tY?R1bn%:*D%,%+b'HP}p2 O>WA -` QR p;jݘ@nˮ* "q9xe 'v* ޒn/+2x_ig³kORc:S>&誷ߘT5Bn!/1 \pIDtdnĎ$th}%VRD8'+C`pq:Hg*>۸8f i`V[ՙ*uN,Zgf9l|1j|~CUMG1~s?B9X nzsV/(d4``@>wh5UHHݢy5"XE~Ra*#HS`Ҝ7[l/Vľ!a6cu4nk?>H3$ȷU :?_*F6+-OZRjZ!yB}eòmHWeMoNV GU~:Q?Z :T˧./ )pD|/OQrKóHz .L4Jb- *r03%8k}㯯*C{M4,*PqrlwRD=G7EK ؼ Gngya&[ s7[Eha>g a;V3O^֪ڤxLY)<~ډDo)xmof`S(;Zo7`ޓIZƍ42g)m鮮p.E ߡh q_O[Rmx ml3](~GvGIC 5h39ҹpv\Biv(l>_YFH"BPY$ ~:szdI- C7pU VWpҳ-M}~X̕ΦQ&TpUpM(#{Ԇ (]$EIOZ~)$+?e*o_O݁ kުf@|<NdAЄ!kAiM0Y2C#!21" A(C_TPy3WG$|T\:U½ 7z ÿ(?XǐxY>.H@R${[TJ [ $3S|-\e @PfW)ѓ  =(( }RA 0B],דFrkM.kv<4W ix@KcV/3yV9LQ&BE䨸Z?,3Ԋ ͘`ّ`.`'pM3>U3kP\vgg$': ]oOTo(=^ }`p?IѮY"bHuax )^ oZ`4pɺmKkpoƝޞX}ϣӥf&T1`VS~Zg>Bf5X ڮ(I쯣&7:킺=`lك1Aοf"&\iJ$JuNaA8~*0sK35d8g -)DŽ{|_KŨ~ z:.d=W =@'x:|e'*Gc{԰wQx"q s;wɯ'@I6:T ;R[6EA3XeK",sopbr!iW7äolV"Gfdq=")"*gA>m& P.3CvSo[98bAnmNR], ·p6XLvޅ "cp.PxǤ }~ǒX=X2M]ɍWuGp}%M#&CNkR0BT/;"j|;D#hj֭էJ3>tU~ġ)U^ia0qyh{MgJ6͇r41j"* ۊqs%>b;U.qx*x5ZcGFhp\0-| K=t3~Sk{E5뫎HYUmFr|n8dl?GyL^UE&d8n5xd =Ր.-WIjn3RiQY2D `lOp`!HFC( t6+AV۰,pdv%N⫥gzށ@cJD<]^g 3L13e Xm"xep݃WwLNɛϙp$zrv!sDG3Z5Mޖ67X N`v#fY{p!?)?" BiopuawH:> 3,,As+dA#SA7$9e<P?QQb,v0;t s8lo.2%BlBqVۙVEV9gʹ2 ?GﵝԁFׂYJ}|[n3i oܹmlh>x}߉~r*N#ݒP&%,{Fdto`|R"}l2\?`U<=$:ypuPl46 v|S9)s4N'إw&/cwW c^CUQWkMg*5]ԸO%:>wJ6\nqHZc-X 2xl$ZMS:J t{ ܌V e%n[ 0=. gCU紖1`ˎAǪ& z GӰk}ǭ G[^zq(wSqž%+p.7VMچ"?z4w{"SE5G\R^Lm>78/}v}[nuD(9򔢷Im$T~ ;7SNwIWoo9#Vb `zջa:\*#QܥqɳCt6L{+0xw¨//"84Ow6$e:G5 s ,ώ8ZVֺ%`OQ ]ޯҙzV`'ul(wFn)x>LP= m!*@Њt 7:kh1" bc/qYB.H:¢YDdP0'BwBh_Q݂-1V>N677y"wP.dmǨ,Z9;L8G 85c/D8?ZF4󾷰O`[Ctr ml pn$Zb*'VvD52N%eQa|:z-W;TmqxvCJ iخH4q2K WhB>=.rj S6H(i>֓_svR.(QNuuAh?~QfvQu񐊍*kG(Ufs#R[# Li@U/gb5[T7N W1JCų(8/|Ѵ~׌kz#2FZ"([~#gdn6 zGYe9`Ox<L2[]Y6z/ͼsdh4d?B7-r(ׁ gBwoӫB+kNaʳBGh dڜת9"Tm ť3x/o>@]3>k"UsO 4DAIX=7}z Ul64=-2ObxpNW Ú_~`!Pδ׈G$'48((zOb`e4Q V/OYXlЗCN}~pܘx>+~!_Z31fNAS;ПiS!/ ~S1=Tmq_ }5H97N6l9*Wqg6;\Qyy],|7Qyh*7OFec9 G_t4fZ7^D~:%o}Wjl'U8 gBit Դ$񚯖6wڄ>ܤFt *mWJ'"wv⹆(|59&{m埈Wg]_ؖBmq/a{k!7pקNgM uT.9\ɷ$W 7(+xUoA$q#Ѕs\$+'9LjcmNU|o$ Oݓt胔Hl`kU `<[K͞Z35_}U9TYsiKi{P޺fOҔ,t e4))6ԬLC8F8y!lmBѤ';V; MޤL^15SLZ6`hq&2g\SJ<V~7A[tCl "?w8U,NrrKǿf*)-™YO=z(;$!̈́~@vA Dj. qsn+#V!22ftOf[\[J+^zwM=59{ڻReqrp`͔FtΌ zV8 /U}{X{:O3UޫHc؂8X|ZI@vƚLU6dt<̨O+jPa@f/UkU N5fKR _)#vh=,;zzŲ%@W W{ǰzsoEufg.l@$ߛOj'em hoԅ  \u"ރls-$݅Dy𾙚`Xp̮SBzZ"*IJ+"G;[b*\Ub͛L9IH^%Zc&PIt& č)Vjq(|p .˂X՝$/+8x1(WPENҢs޹(zVW ;/ 0Ƞ ʕc1C 7n=\y2$1v.x8a.!iY|,J%{[\1Ja0:˶?26yaJy Px^rz!2 [зx9VFyMW _t`#U%Kbu'Wh~W0泍MrLi r=٩Ϻ&֗1<R)Գlu~7/0$X("3˯۸w}l}7FyO('rN)}cگ i.kH>5&e+Y) ӫ7*CqQ9Ljc;CԮ,̴9$NXpT[^c@l?Q=mNݳ#P-ht{ԸVK2R Dg)Mޞ O'yP1^x29P`sGCz8ť̅~_ѩg`}Y`Yz43ZWUpTJ8-ݻtN^1kNfǑ $EHNk 4#B %lY#O8WG ?Υ,cX@^BU<,sW@L2J/:¨>) ]"ϧq;X!)#Wk#o  Ou+]cz55 {GI#5 Urvd+oT\aMU3'/GIlAi1[ `:OQN\BMdH/$I)1DwAR?%zmS9֩zJ+[+p 0u\BiPSLl?2Rk2` 0'-.yt:DZ{Sfxk$$M0-Uz{mWF-6IWDF^lS9 +L Η[uOQ <m'B.N +˨:Z  x #iZ;*7$y6)wITrBtZlܤҜiEh~M`dP瓀aجO TzBpp `x0x$1hN'ֽc.pL35VHz<}x{Whdyl6E]ebu؀{[Br%LPLCQfO% $T|J\OHC:zvߤPl哏q҅A09!P']0p*TY\9?ȭe&TWG%* f XрVx%5{/Ze8U遶jɯ5sJq]jf 9bqDW 3ƣxf+Hםɾ[:EM!?mZEd&