apparmor-abstractions-2.12-lp150.6.3.1 4>$  Ap\;/=„ IfS,Uv̞ٝg!ؽn "tĕ),"^GW |A tBTvkv=eK_7͜D&JN1`$H&:/cox$uޙ3qfCj9-/0J$24vp=?d ) W * CYx~xx x x x $x %x&x)Hx++x---.(.8.91h:=>XF`GtxHTxI4xXڬYڴ\x]ܸx^ b cdCeHfKlMu`xv@zj|Capparmor-abstractions2.12lp150.6.3.1AppArmor abstractions and directory structureAppArmor abstractions (common parts used in various profiles) and the /etc/apparmor.d/ directory structure. AppArmor is a file and network mandatory access control mechanism. AppArmor confines processes to the resources allowed by the systems administrator and can constrain the scope of potential security vulnerabilities. This package is part of a suite of tools that used to be named SubDomain.[Tlamb20openSUSE Leap 15.0openSUSEGPL-2.0 AND LGPL-2.1+http://bugs.opensuse.orgProductivity/Securityhttps://launchpad.net/apparmorlinuxnoarch#restart_on_update apparmor - but non-broken (bnc#853019) systemctl is-active -q apparmor && systemctl reload apparmor ||:peq42gQv}~< >$ O8Q  ]hiRTBnyDNcYS dW lEy`{DIspx$z<wpdAA큤A큤A큤AAA큤A큤A큤A큤[Ǎ[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Dž[Džd144174bbfea179784dc23fc68320158a8e0bc1a21d5b2d220d90dc0b6a7ba8994ede5de434305c549dfe75e821e902c67db24579d1c54704ad2b108172f2b0cebbcf81c9bbe73dfce2d50a43d31644446ef3c6f63b6ee555aa3bdd1f3afc3f2269a0c2b6f7d113f66e4b93b20e373d6cb3927cbd6a8646a6ab0ce28721c3dbf1659fc6e88cf1eb5ab1cc6e9f9f442607180c7aa11e153fc8dbe8b650f693bd4da34239e72f0e33e03bb44afda6b4d051551f88cfea9655bbe78e9960589930b192fca480ee484c2ff77d9491d0ad8071e0d942145249939ff81d9b5550ca15d2f2b9b155fc5187fc919c00cad8f3594d08385888cc5e923e224786c4aee79f8b7d979db39fe97a09b46eafdc255c8b13eca5264575aa0c89ae26b52c587badc76655e92bc18f17f050ac218fba0cdc2de6d9b43069ef9a4f3159268cc8d531c7aa311205b983f0688bc500b778db2bb945b328f9c750ca222f8d94057765498dbbc0312ef9f6e51e182777262dda336c0724c177a22716627d4b8a3a5ff7a0f6243625ec7d59bf1b5e026919ab955ffce80e6dd2930cfca0fdccb1e7262238e2f89f233ed63535fed305b05d8afd633948e30225c1320745656fbe59df4bcc03d48b8bc35e9323eaa5021c9a7daa78db1abcebda723c32b47f13652f3739a85eb8e6ae8ec37e2b184892f932126fa2c8b9c27cba66df7c07057be4321952f379a66de2fd2769fd2a46bc3561a79a6b21687cc7c80fe3d5419bd6c1e1d2688bfedc22bb2e548223e8bcf71c5a0ac46c71888ac7306f261b0479716465243a4f6f631e430031e05091139c9dd5a1699948274021a47d306bcbea3e6b5064844c48a776318a8a210c3c65638725de785fd65192cae0d484630efe167be45b38e2d1e4fc596a1c4a321f07b1d32f7d17b7fea22cc93b10b58f0138749ad9b3497dc2cb348d5a0b843d4f66d51728afe002424c18f1620043cf1d7bf6c2c63df7d2896a3cbe159fbfe55e2a9275ad5879efd71847a7015b916ff10013d22ce87c0c8923f6127154b634ec13a4c428e724f0dc4cc50eea2d486753833444ee26b0e967344c9e679d9b4030766bcbfbafc6878cbdebc28e4a607129ad1c966f1d4172d39b9fffea2df3c3ce9886b81884d94d77e71df4b1ba2915fe32a08d4a53e87e4147e2f4acae952f717cc8607ee9ab7c14f318dc166bea803c5a7bd8e83c8b0d8b2fa0e5172ba650afd276244f66db309e01c353a35b749486f2c2220bae519981cb1acd5235278a0d329539e7c0d1378373cb5234a2ae30b061037717fe8b01de34ef823be38d74e1e2b6c412fb4c6dc9a78d2e20c7e04f12ec456db520e8f185db4e4a9ba9e7816c5442f20ee2eda88f6042345dac1fffc5643c1eada5d85b881a8c6002da4e622c3c58e24f172071bfc165a39712e6cfde04d9ee739d86d4b299da43d12be2353ecfe0542eb69c24c5763a8619e0ba968ea1b4800e277a85f361542e0f4dfd83d61d8514a75a244f3550dfc9016adcffaaccd60ee551627030dc89202341465b0f818d7f99bfdf798b9b0b4de65a139d68fb09c7de8899477a17500e3bed30e2bff8d47bde1611a97b934250b50afd210ace375c30269349e0031c44351d9800811671aa8710eda7f55a5ec9ce676fddb3371daf4a7bdaf42048243eff22f6b82cce3988ece66ec1e1fbecfaa619414d9e2cf10d8e7e2615a9f8ab4cb7bd5d0935753686c2c32fc866ebd7286afc954263111b557344138ca778ff73c4903b6340541c599bbe7fd7b985b26de1b793a31587b8d829b1f7f8bc905ac06aaca99bb8e5ce1cd5950797ee8c20d54ddfe96a7f9bc870e86fa117bbe314b453e880458da0fd6cc02c3c5eac22c4f49b085a884a76a3963aefde639e7ed8db397b3e79de84460ae5e7afd31a474c0111fb92bcc239c343371a1c89b4491a7c29ec2bd10a8ba442a34c0a09257d610af318801450882907cc7d04cdacdb1533095cc4757f9d09f4a8a92454bc129ac66c069f0ffd0b661d5dadbcf111587f7bce4cc94b57acac72e9b2a0166baa313efcfb32334370ddb5ad022186e3b3d8f3c89652b0221e4c90ef2a9b351967e8092852d37f7b3c3690333944b5a6e804fa56ba35760839348390520bfb097abbd94d08e5d34f7191bc59269799f2e6c8ca50f8b8ad0699188de039837b1c9af4f922a77ac1db23554410d0068fdd9b724ac204a0eb017c6dbec1276d7ac62d3d5162d3caa6d85821784b7e4fcbde5793bbe34743baa80dd6520dc50957774c93aee9772a497b4ca127dc55ba948f8ebbe26e22ae42daebbdba44a20ae830da7ddab6bfe76c10d48bee2f90ed49bb8fd3b0e08c91c8ae0baf642ea034e1d3733ebb25290072f80d79d3c26178e403b34e1321aa09d96f3a1c0abaf256911f4fe1494b5e7fab1520c90d09175d9333c69341dd7eb07ce16a387794d443bb22ec280db4a749f69babcd5ef41ea4a40740cd6fa9954230505b33f2b62ed2570b1903d128e726ee9af859d131875596e490261d9f77c2705b4c446fe83374796aac37def3c6017381e032b00a592789e35effb771ed90e4484206246b2c3c6d7b8ba31d96fbd7f4e47b3723b9809f507c95ea2b01f04e40001c121fb7412958df9775d03810968c9ed9a390aa9cc961ba9946443b5130aba13201a5531c798db6f6144da11caad66a36fe70853639a4e07836802e8f1021d1f3382f546c42220f20b3170be20595e994a31c93874669a56fde72f0d8e08079a965c0f6e0bc79093aa8e42e11847c788f3bde70295f271cf51d0ad55a48d24b777dec6c7bd377c7b8f8b3a5eb38b99ea23e15e84df970704ae0e2efb6e3d501cb8e41ef6432fbbc257482f4c1c157b5221f9716a16253b3eb319054e8eb1fba28afd90084fa9cfd9fd9d8824556ae3f1d070af40d2c873a93d5eef98112f1f0d5eb32fc17bfe295c8d06601253dad5c0377148d48d6939ebae7f4734697b95b830e3cf9b544ddb0d31ee3dc821010a121607af3038c926d1e14218a0e429d6dc5d57128b5294ae88927bf1216fec3145021ac48992f5ee6f0f984f938c3ca3a384a408b2f91241a424af4c39b56d49235e6418fd504ef7b7a4c2026b7a364eb5a04755dced1643c57a7d5954305ee1e005c9a67800c45a27f071b3d05d522b513a1c394b60fa8bf385c30a83e4d56d9b864dba676051d9b21a8a8fc96d42ffd680f74ca5ed2aa85d81e36a13b42a7d873b2cb4750b4adda32c2dccaa8f8194cc74d46d822357e15b10511c98cd94f31e3741999edde7ab7db2f29d619cca9d7225cccca51bea7d3769b416eb0bf75e4daae1b45fc6212f55f735a1dc8a6f08036325056fbe099e22144d0b4f3d123b0612a3ac03cff9f2eb9a31afc48ffa96929c8e724356b436c6f42cbce5f8c3ebb5654140bb0a399ee2758d76509bffa2e5b7c532c3ba7af5aaab1a6d81cdd79ee01f3779e0d909e119d4080ace51d5843bf1fbd512dbf96b983904d6a6c74786abcb06a393586dd663c0df40f37671aa54e40718715d3864174a223949c895ff8612105c74590e967e655f4069c86eda3ea8e865db38c107db01e59ee03b20dba7d998231c57d8b5b603ff1ac4a8b1d4dfe27eab76fc093a121cb47ec4bd7e163c3974ce58aa108d5d0f742caf52d48c31139d34d9955e8f64395995f5f7d9adb7efd0f40e00005bcd2c7e292556980373c235e4c7fe8aa165def311d1e07fd7d39037a4f64fe6b800df85bd131ac388c1a92213399ed489a7664e75abd83993d13da2ac1e3e4e7da28d019f0010e9a3e7c17b68f6bc7add313047dec835de109d0d8f750992466f40cf832d20a647b2dbf5187deab3a72e16a475ec173811c72ce393c960d264bc103c4d1555ab1155ce92ba3a35d9e7b73fbb004bcde63a9c313a8c13b636abcb02e360f6530dad12975c51c6b01a7027fd15ac2fa9cee97a684911981481b1003468c7add18a33d60732edb31751d17872f41417029830313a7ddc8e9d17c66ff41cacabe6e1dd101ea954da42a3bdfd4876099f2e6ebdd081d8733a2d2c83ebb85b49a632e5abc19139d1cd4a50402bf2dc83960f0a70c3b23178680c222962a4d228bfe5965c7ca3e39416c16309120c8fbb80abbe0a7da6a355c3a3fc6391a139703b709ddc8657f980d445d73abb9c66c3faeca85b93665a2594eb74898e089f792a83e6431c2104ec425e6196af7973f9463e7b36cb77d4db1a8e43b6705b8399e4b39b33138e3db3d18bb5a0b292b7928ffa5affb05b9b1355109e6d2f2787a21e0bf4a35a60ef853be4b0903780c220157398760b4e2bd39e55d051cb4fe2ee6db0143ac86e11783b766070a6e1fbd6e947abe42a86225e228b99f6eb6bf60549dc0ff14a67b7a8e1449697886ef5592e276656bdc8f3dec78755cc3bcd2d22615b91093385709b96ade57e4f9eb78c0d1752b2a8ec6e28354b543e8a19faa9b293f7a09370713d27a525612326cff6268ebcc6a21fc469f5cd46047af6f9d209f8015196f2e391ea02debcebecbf8022ececfee3a08e3973c3bb06d450d4f942b61ee4cca78e5341cf24935a41e4b57ef3170d85a9a884dde82a11b6c7f9e28e94d9feaec30cbd38c5c067faef858fc75a15f0bb9f66a5af6e7ab8bc731ad52936633b9a0c738605a2a08aad2357df91ca8fbe3bd2c3427d7aac240bf61ec4278709d2ff0f5cd475805497cecedbee49450c218ff3f65e6a8b236254c30442e78fe6acc423dd26bf319230cfbf45481fca564c75968e4becbb5da459a17713e1898bdf2341c6599c0b15b752b4727b55f38cb5f3bb8b7a86d3cef23207e51519c766e993b33946f18ef683bce531dffbf53d0ec005e13be8db77f31bd270ef24f5749791fb2c961d230fb0119daf395b7462f375a21bfbfa380342cfd9705b1ab368e32f4cce94f2242c6947b8624985b9c6de2ab4ee01b398dc4703rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootapparmor-2.12-lp150.6.3.1.src.rpmapparmor-abstractionsconfig(apparmor-abstractions)    /bin/shapparmor-parser(CAP_SYSLOG)config(apparmor-abstractions)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.12-lp150.6.3.13.0.4-14.6.0-14.0-15.2-14.14.1[ZZ3@ZWQZN@Z@@ZZ@Y|YY{YǞ@Y@Yh@Yf@X[X~@X@X*XX6@XAXtX @Ww@W/@WDB@W@V @Ue@UU@UU~@U:0@U0U*^@UTgT!TܕTC@T6TT@T5ThTeT_W@TBV@T7@T2@T12T'@T @T TT@S@S/S@SES@S\S:@S5d@S*@SRRR۾@R@RR;R@Rt@RpRcR].@RH@R<8R6R2@R1RNR@R R QQQvwQZ@Q5@Q @PP@P@PaP\VP#@P`@Pw@O@O@O O@O O@O~O3@O'ON@NNN@N@NNNN@Ns:@NoENg\NRDN98@N7N7N"N|@NM@M2@M@M~@M~@MlMfH@Mc@M>@M>@M=iM=iM=iM<@M<@M9u@M5M,F@M,F@M*M%M@ME@L!L!L8L8L8L8L8L@L L+@L@L@LwPetr Vorel rgoldwyn@suse.comrgoldwyn@suse.comkukuk@suse.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.dergoldwyn@suse.comsuse-beta@cboltz.desuse-beta@cboltz.dergoldwyn@suse.comcoolo@suse.comjmatejek@suse.comsuse-beta@cboltz.dergoldwyn@suse.comsuse-beta@cboltz.dekukuk@suse.comjmatejek@suse.comsuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decrrodriguez@opensuse.orgrguenther@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decbosdonnat@suse.comopensuse@cboltz.demeissner@suse.comopensuse@cboltz.dedimstar@opensuse.orgLed opensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dejfehlig@suse.comopensuse@cboltz.dedimstar@opensuse.orgjeffm@suse.comddiss@suse.comchris@computersalat.dechris@computersalat.delmuelle@suse.comlmuelle@suse.comopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.dedevelop7@develop7.infoopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deseife+obs@b1-systems.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dekkaempf@suse.comcoolo@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dejengelh@inai.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dewerner@suse.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.demszeredi@suse.czopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.demeissner@suse.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.dejfehlig@suse.comopensuse@cboltz.dejeffm@suse.dejeffm@suse.defcrozat@suse.comandrea.turrini@gmail.comjeffm@suse.decoolo@novell.comopensuse@cboltz.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.derhafer@suse.dejeffm@suse.debwiedemann@novell.comjeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.decoolo@novell.comjeffm@suse.dejeffm@suse.dejeffm@suse.derhafer@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.deczanik@balabit.hujeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.de- Backport dnsmasq fix: 025c7dc6 ("dnsmasq: Add permission to open log files") dnsmasq-Add-permission-to-open-log-files.patch (bsc#1111345)- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099)- Set flags for profiles represented by glob set-flags-for-profiles-represented-by-glob.patch (bsc#1086154) fix-regression-in-set-flags.patch - Add dovecot stats in dovecot profiles add-dovecot-stats.patch (bsc#1089787)- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429)- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429) - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests" to avoid pulling in several Gnome packages on servers (boo#1067477)- update to AppArmor 2.12 - add support for 'owner' rules in aa-logprof and aa-genprof - add support for includes with absolute path in aa-logprof etc. (lp#1733700) - update aa-decode to also decode PROCTITLE (lp#1736841) - several profile and abstraction updates, including boo#1069470 - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12 for the detailed upstream changelog - drop upstreamed patches: - read_inactive_profile-exactly-once.patch - utils-fix-sorted-save_profiles-regression.diff - lessopen profile: change all 'rix' rules to 'mrix' - add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems- update to AppArmor 2.11.95 aka 2.12 beta1 - add JSON interface to aa-logprof and aa-genprof (used by YaST) - drop old YaST interface code - update audio, base and nameservice abstractions - allow @{pid} to match 7-digit pids - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95 for the detailed upstream changelog - drop upstreamed patches - apparmor-yast-cleanup.patch - apparmor-json-support.patch - nameservice-libtirpc.diff - drop obsolete perl modules (YaST no longer needs them) - drop patches that were only needed by the obsolete perl modules: - apparmor-utils-string-split - apparmor-abstractions-no-multiline.diff - drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in apparmor_parser - refresh utils-fix-sorted-save_profiles-regression.diff - add aa-teardown (new script to unload all profiles) - make ExecStop in apparmor.service a no-op (workaround for a systemd restriction, see boo#996520 and boo#853019 for details) - lessopen profile: allow capability dac_read_search and dac_override, allow groff to execute several helpers (boo#1065388)- read_inactive_profile-exactly-once.patch (bsc#1069346) Perform reading of inactive profiles exactly once.- update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of 'unix' rules (will be supported in kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog - remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff - refresh apparmor-yast-cleanup.patch - add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the "changed profiles" list in aa-logprof- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)- profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195)- add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26- do not require exact X.Y version of "python3" - require also matching python(abi) which is arguably more important- don't rely on implementation details for reload in %post- add JSON support. Required for FATE#323380. (apparmor-yast-cleanup.patch, apparmor-json-support.patch)- add upstream-changes-r3629..3648.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - update nvidia abstraction for newer nvidia drivers - don't enforce ordering of dbus rule attributes in utils (lp#1628286) - add --parser, --base and --Include option to aa-easyprof to allow non-standard paths (useful for tests) (lp#1521031) - move initialization code in apparmor.aa to init_aa(). This allows to run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser don't exist. - several improvements in the utils tests - drop upstreamed python3-drop-re-locale.patch - no longer delete/skip some of the utils tests (to allow this, add parser-tests-dbus-duplicated-conditionals.diff) - add var.mount dependeny to apparmor.service (boo#1016259#c34)- Cleanup spec file: - don't use insserv if we afterwards call systemd, this can have bad side effects - remove dead code - remove now obsolete 'distro' checks - Replace init.d script with new wrapper working with systemd- add python3-drop-re-locale.patch: remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766)- add upstream-changes-r3616..3628.diff: - update abstractions/base, abstractions/apache2-common and dovecot profiles - merge ask_the_questions() of aa-logprof and aa-mergeprof - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor - adjust deleting the cache in profiles %post to the new cache location - silence errors when deleting the cache (boo#976914)- split libapparmor into separate spec to get rid of build loop involving mariadb, systemd, apparmor, libapr and mariadb again (see the discussion in SR 448871 for details)- update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog - patches: - add sshd-profile-drop-local-include-r3615.diff to fix 'make check' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff - spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren't used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed'ing python3 into aa-* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in logparser.py - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition) - add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)- only install apparmor.service for openSUSE > 13.2- Add a native systemd unit which *at the moment* only wraps/masks the early boot script.- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage - drop upstreamed dnsmasq-profile-fixes.patch - update expired GPG key- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes - refresh dnsmasq-profile-fixes.patch- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- fix bashism in post script- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don't warn about rules not supported by the kernel - fix logging of "audit capability" (lp#1378091) - add support for the "hat" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 - update apparmor-abstractions-no-multiline.diff - remove upstreamed apparmor-profiles-ntpd-pid-location.diff- add apparmor-abstractions-no-multiline.diff: change all multiline rules into one line. Needed for yast2-apparmor (bnc#900013)- add apparmor-profiles-ntpd-pid-location.diff to cover new ntpd pid location (bnc#899746)- update to AppArmor 2.8.97 (aka 2.9 beta3 aka r2721) - several bugfixes in python and C tools - rename "__unused" to "unused" in apparmor_parser to fix compilation on openSUSE <= 13.1 x86_64 (bnc#895495) - usr.lib.dovecot.auth profile: allow access to auth-token-secret.dat - various small profile improvements - update and add several testcases - drop upstreamed patch apparmor-profiles-dnsmasq-iface-mtu.patch - re-number remaining patches- split apparmor-profiles package into -profiles and -abstractions- update to AppArmor 2.8.96 (aka 2.9 beta2 aka r2652) - add unix abstract sockets, ptrace, and signal policy generation - several bugfixes in the python tools and elsewhere - move program-chunks/postfix-common to abstractions/ - drop upstreamed patches: - apparmor-profiles-clustered-samba.diff - perl-apparmor-fix-bare-network-keyword-handling.diff - perl-apparmor-handle-bare-capability-keyword.diff - perl-apparmor-properly-handle-bare-file-keyword.diff - re-enable installation of perl modules - move python modules to python3-apparmor package - create symlinks without aa- prefix only for tools existing in 2.8.x, but not for new tools added in 2.9 - make utils filelist explicit to ensure we have the right set of files without aa- prefix in sbindir - switch easyprof python module location to python3 - drop unused defines APPARMOR_DOC_DIR and JNI_SO - refresh patches: - apparmor-utils-string-split (file moved) - apparmor-profiles-dnsmasq-iface-mtu.patch - apparmor-2.5.1-edirectory-profile(prepared Thu Mar 20 23:35:03 UTC 2014 in home project) - update to AppArmor 2.8.95 (aka 2.9 beta1) - complete rewrite of the aa-* tools in python - new tools: aa-cleanprof, aa-mergeprof - extra profiles moved to /usr/share/apparmor/extra-profiles/ (bnc#713647) - and much more, but there's no upstream changelog yet - drop upstreamed patches and files: - usr.sbin.winbindd - usr.lib.dovecot.*, tunables-dovecot, apparmor-profiles-dovecot-bnc851984.diff - apparmor-init.py-gsoc.diff - apparmor-2.8.2-nm-dnsmasq-config.patch - add %bcond_with perl and disable the perl subpackage temporarily (the perl modules will be back in beta2) - drop the apparmorapplet-gnome, apparmor-dbus and profile-editor subpackages (they were disabled since a long time, and upstream no longer ships their code) and the apparmor-profile-editor.desktop and apparmor-profile-editor.png files - drop apparmor-utils-subdomain-compat patch (was only included for <= 12.1) - remove libimmunix Provides/Obsoletes (libimmunix was a compat wrapper and got finally dropped) - refresh apparmor-samba-include-permissions-for-shares.diff and apparmor-2.5.1-edirectory-profile- add apparmor-profiles-dnsmasq-iface-mtu.patch to allow dnsmasq read access to interface mtu in /proc/sys/net/ipv6/conf//mtu (bnc#892374)- usr.lib.dovecot.auth: add '/etc/dovecot/* r' to allow reading plaintext password files (bnc#874094)- Rename rpmlintrc to %{name}-rpmlintrc. Follow the packaging guidelines.- add perl-apparmor-fix-bare-network-keyword-handling.diff: perl-apparmor: Fix handling of network (or network all) (bnc#889650) - add perl-apparmor-handle-bare-capability-keyword.diff: perl-apparmor: Fix handling of capability keyword (bnc#889651) - add perl-apparmor-properly-handle-bare-file-keyword.diff: perl-apparmor: Properly handle bare file keyword (bnc#889652)- add apparmor-profiles-clustered-samba.diff to permit clustered Samba access to CTDB socket and databases (bnc#885317)- fix problems with dovecot and managesieve * usr.lib.dovecot.managesieve-login: network inet6 stream * usr.lib.dovecot.managesieve: +#include /usr/lib/dovecot/managesieve { [#]include + capability setgid, + capability setuid, + network inet stream, + network inet6 stream, + @{DOVECOT_MAILSTORE}/ rw, + @{DOVECOT_MAILSTORE}/** rwkl,- add #include to usr.lib.dovecot.auth- update usr.sbin.winbindd profile (bnc#870607) - restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/- update usr.sbin.winbindd profile (bnc#870607) - treat passdb.tdb.tmp as passdb.tdb - allow rw access to /var/tmp/- add Recommends: libnotify-tools to apparmor-utils (aa-notify -p needs notify-send)- update to AppArmor 2.8.3 (r2122) bugfix release - fix some cache clearing bugs in apparmor_parser - various fixes in mod_apparmor - several profile updates, most of them were already included as patches (except abstractions/winbind (bnc#863226), abstractions/fonts and abstractions/p11-kit) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details - update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch - remove upstream(ed) patches - apparmor-2.8.2-fix-ntpd-profile.diff - apparmor-abstractions-r2089-r2090.diff - apparmor-abstractions-ssl_certs.diff - apparmor-fix-url-in-manpages-r2093.diff - apparmor-no-perl-smartmatch-r2088.diff - apparmor-profiles-dnsmasq.diff - apparmor-profiles-ntpd-r2103.diff - apparmor-profiles-samba-create-dirs.diff - apparmor-profiles-samba4.diff - apparmor-unconfined-lang-r2094.diff - apparmor-utils-po-de-r2091.diff- use current ruby macros, the rb_sitearch is obsolete since at least 12.1- update apparmor-2.8.2-nm-dnsmasq-config.patch - allow access to pid file and supplemental config directory (by develop7) - update apparmor-profiles-dovecot-bnc851984.diff: - do not add access to @{DOVECOT_MAILSTORE} - not required by the main binary - add abstractions/mysql - allow execution of some more /usr/lib/dovecot/* binaries - better restrict access to /var/spool/postfix/private/ - update usr.lib.dovecot.auth to allow to read mysql config files - update usr.lib.dovecot.dict and usr.lib.dovecot.lmtp: add abstractions/nameservice instead of allowing more and more files- add Recommends: net-tools to apparmor-utils (needed by aa-unconfined) - update usr.lib.dovecot.lmtp (add /proc/*/mounts, /tmp/dovecot.lmtp.*, /{var/,}run/dovecot/mounts, deny capability block_suspend)- add apparmor-2.8.2-nm-dnsmasq-config.patch - allow dnsmasq read config created by recent NetworkManager (see http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d82669d3fdaa7ec70ef1b64941c101ac810c394b for update details)- add apparmor-profiles-samba-create-dirs.diff to allow samba to mkdir /var/run/samba and /var/cache/samba (bnc#856651) - add abstractions/samba to usr.sbin.winbindd profile - add capabilities ipc_lock and setuid to usr.sbin.winbindd profile (bnc#851131) - update dovecot profiles to support dovecot 2.x, and add profiles for the parts of dovecot that were not covered yet (bnc#851984) NOTE: Please adjust /etc/apparmor.d/tunables/dovecot to your needs. (apparmor-profiles-dovecot-bnc851984.diff, usr.lib.dovecot.*) - %restart_on_update (in parser %postun) is "translated" to stop/start by the systemd wrapper, which removes AppArmor protection from running processes. Fixed by using a custom script instead (bnc#853019) NOTE: The %postun from the previously installed apparmor-parser package will remove AppArmor protection from running processes a last time. Run aa-status to get a list of processes you need to restart, or reboot your computer. - reload profiles in %post of the apparmor-profiles package- add apparmor-abstractions-ssl_certs.diff to allow access to certificates in /var/lib/ca-certificates/ (bnc#852018)- add apparmor-profiles-ntpd-r2103.diff with updated driftfile location for ntpd (bnc#850374)- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x and kerberos (bnc#846586#c12 and #c15)- add apparmor-profiles-dnsmasq.diff - add missing permissions for libvirt-generated files to dnsmasq profile (bnc#848215)- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x (bnc#846054#c5)- add apparmor-profiles-samba4.diff - various profile additions for samba 4.x (bnc#845867, bnc#846054) - update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054)- update apparmor-init.py-gsoc.diff to the final GSoC apparmor/__init__.py- add apparmor-fix-url-in-manpages-r2093.diff: fix URL in manpages - add apparmor-unconfined-lang-r2094.diff: fix aa-unconfined to work in all languages- fix ntp by allowing read access to openssl.cnf- add apparmor-utils-po-de-r2091.diff: fix some (mis)translations- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch) - p11-kit needs access to /usr/share/p11-kit/modules - allow reading /etc/machine-id in the dbus-session abstraction - add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for the new tools developed in GSoC- add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental in perl 5.18 again - use grep instead (upstream 2.8 branch r2088) - fix ruby requires- update to AppArmor 2.8.2 - several fixes for python3 compability - various profile improvements: - various additions to abstractions/fonts - move poppler's cMaps from gnome to fonts; gnome includes fonts - deny @{HOME}/.gnome2/keyrings/** to abstractions/private-files-strict - add read access to @{PROC}/sys/vm/overcommit_memory to abstractions/base (bnc#824577) - update pulseaudio directory and cookie file paths - add missing permissions to the nscd profile (bnc#807104) - deny capability block_suspend to nscd (bnc#807104) - MariaDB compatability in abstractions/mysql (bnc#798183) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_2 for all details - removed upstream(ed) patches - apparmor-abstractions-mysql-path.diff - apparmor-profiles-nscd.diff - apparmor-python3-r2052.diff- swig for python3 is broken on openSUSE 12.2 - build python-apparmor (for python2) instead on 12.2- add python3-apparmor subpackage (currently py2 OR py3 package can be build, but not both at the same time) - add upstream apparmor-python3-r2052.diff to fix various python3 issues- Ruby 2.0 mkmf gets the path to ruby.h wrong (bnc#822277)- do not package directories as %config - especially not as noreplace- enable python and ruby subpackages (using %bcond_without) - update/fix paths in %files for python and ruby subpackages- add Requires: insserv to parser package (needed by initscript)- nscd profile: add missing permissions and deny capability block_suspend (bnc#807104, apparmor-profiles-nscd.diff)- Add missing files to SRPM (bnc#777471)- update abstractions/mysql with correct paths and add MariaDB paths (bnc#798183)- update to AppArmor 2.8.1 (=2.8 branch r2069) Bugfix release, http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_1 Most important changes are: - add various missing parts to profiles and abstractions - fix a possible x conflict with hats or child profiles in apparmor_parser - fix and speedup stdin handling in aa-decode - various other bugfixes - add pkgconfig support to libapparmor - remove upstream(ed) patches- verify tarball with gpg-offline- fix directory flags for /etc/apparmor.d to be in sync between - parser and -profiles subpackage- remove %stop_on_removal for no longer existing aaeventd (bnc#781564) - don't hide TeX output when building the parser and techdoc- clear and update inconsistent profile cache (bnc#774529)- abstractions/bash: update /bin/ls to also match /usr/bin/ls (usrMerge)- Add required fonts for new TeXLive 2012- update /bin/ping profile to also match /usr/bin/ping (usrMerge)- update to AppArmor 2.8.0 (= r2047) - new utility aa-easyprof - templated profile generation tool (the resulting profile may be less strict than profiles generated with genprof/logprof) - various small bugfixes - removed upstreamed patches- add apparmor-techdoc.patch to remove traces of the build time in PDF files- update to AppArmor 2.8 beta5 (= 2.7.103 / r2031) - new utility aa-exec to confine a program with the specified AppArmor profile - add support for mount rules - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8 for full upstream changelog - removed upstreamed and backported patches - remove outdated autobuild and "disable repo" patches that were disabled since the AppArmor 2.7 package - create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1 (bnc#720617 #c7)- replace patch for dnsmasq profile with upstream patch (bnc#738905)- add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't create network rules because of changed log format (bnc#755923, lp#800826) - add profile for samba winbindd (bnc#748499)- fix dnsmasq profile (bnc#738905)- add 0001-fix-for-lp929531.patch to allow reading /sys/devices/system/cpu/online in abstractions/base (lp#929531)- Update to AppArmor 2.7.2 (= 2.7 branch / r1894) - move various permissions from httpd2-prefork profile to abstractions/apache2-common. Backward-incompatible change: *.htaccess files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5) - allow various .conf files for dovecot (lp#458922) - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files and abstractions/private-files-strict (lp#911847) - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files to use ~/.kde4, not only ~/.kde (bnc#741592) - block write access to ~/.kde{,4}/env in abstractions/private-files (lp#914190) - allow write access for personal dictionary etc. in abstractions/aspell (lp#917859) - when using genprof for a script, include read access to the script itsself - automatically include abstractions/python or abstractions/ruby for python/ruby scripts - add profile for smbldap-useradd and allow smbd to call it (bnc#738041) - allow creation of the .config directory in abstractions/enchant (lp#914184) - allow TFTP read-only access in dnsmasq profile (lp#905412) - allow capability dac_read_search for syslog-ng (bnc#731876) - add p11-kit abstraction and include it in abstractions/authentification (lp#912754, lp#912752) - add audacity to abstractions/ubuntu-media-players (lp#899963) - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831, lp#890894, lp#890894, lp#884748) - fix typo for multiarch gconf-modules in abstractions/base (lp#904548) - allow avahi to do dbus introspection (lp#769148) - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992) - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062) - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in abstractions/cups-client (lp#887992) - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in abstractions/python (lp#860856) - various updates to the sshd profile (lp#817956) - (and some more changes I already included in the apparmor-2.7-branch.diff)- Update to AppArmor 2.7.0 (= r1858) - make traceroute6 work (bnc#733312) - allow access to pyconfig.h in abstractions/python (lp#840734) - fix logprof/genprof for hex-encoded program filenames (= filenames containing space etc.) - add apparmor-2.7-branch.diff with some upstreamed fixes: - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041) - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file - fix syntax error in abstractons/python- changed a $ -> % (typo)- package subdomain.conf only in -parser, not in -utils package - package libapparmor.so and libimmunix.so only in libapparmor-devel, not in libapparmor1 - make Provides for perl-libapparmor versioned to avoid self-Obsoletes - move libapparmor.a and libimmunix.a from libapparmor1 to libapparmor-devel package- update to AppArmor 2.7.0 rc2 Most of the changes since rc1 were already included as patches. Additional changes: - fix logprof/genprof to recognize "mknod" in audit.log - fix libapparmor python bindings to compile with python 3 - fix wrong status message in initscript if apparmor-utils are not installed - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS - fix some warnings in utils/Makefile - remove 4 upstreamed patches - remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now - update line numbers in 2 patches- make abstractions/winbind working on 64bit systems - allow loading the libraries for samba "vfs objects" also on 32bit systems (bnc#725967)- allow loading the libraries for samba "vfs objects" (bnc#725967)- include autogenerated profile sniplet for samba shares (bnc#688040) - more helpful error message for "aa-notify -p" if the user is not in the configured group- update to AppArmor 2.7.0 rc1 - aa-notify: add --display option and warn if $DISPLAY is not set (important for usage with sudo on openSUSE) - fix syntax error on "rcapparmor stop" - allow read access to /proc/*/mounts in the dovecot profile- add patch with upstream changes since 2.7.0 beta2 release - add example parser.conf - print warning if profile cache directory doesn't exist - remove initscript for no longer existing aa-eventd (bnc#720617) - set correct $HOME in aa-notify - enable caching of profiles (= massive speedup) (bnc#689458) - add comments for patches in .spec and comments in some patches - run spec-cleaner- add libtool as buildrequire to make the spec file more reliable- update to AppArmor 2.7.0 beta2 - includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182, bnc#691072, bnc#705319, bnc#713728 - add some missing perl module Requires to perl-apparmor- update to AppArmor 2.7.0 beta1, for details see http://wiki.apparmor.net/index.php/ReleaseNotes_2_7 - removed lots of patches I pushed upstream - disabled apparmor-2.5.1-unified-build (patch to use automake, does not apply to 2.7 and probably won't be accepted upstream) - disabled build of tomcat_apparmor (doesn't build, deprecated upstream) - run spec-cleaner - remove *.la files - move usr.sbin.nscd profile back to apparmor-profiles package- Update patch apparmor-profiles-usr.sbin.dnsmasq to include /var/lib/libvirt/dnsmasq/*.leases (bnc#694197).- install SubDomain.pm compat module (bnc#713408)- Update to 2.6.1. - One patch eliminated - Lots of minor fixes - Split out more common abstractions - Add check_for_apparmor() helper.- dhcpd: Fix apparmor profile (bnc#692428)- Add apparmor-securityfs-systemd.patch: do not mount securityfs when running under systemd, just access the directory, systemd will automount it (bnc#704460).- Fixed typos in descriptions and summaries of apparmor.spec- Fixed building of pam_apparmor to properly link libpam (bnc#696553). - Fixed building of apache2-mod_apparmor to properly link (bnc#701821).- move the requires and prerequires to the right package- make the -doc and -profiles subpackages noarch (again)- Added alias from Immunix::SubDomain to Immunix:AppArmor to allow older users of perl-apparmor to work properly.- Properly re-created links to old utility names.- Added /etc/ethers and /var/run/dnsmasq-forwarders to usr.sbin.dnsmasq (bnc#678749)- Update to 2.6.0 - 19 patches eliminated - Lots of minor fixes. - Split out more common abstractions - Added more local includes- Additional libvirt related fixes in usr.sbin.dnsmasq (bnc#675867)- Added 'network packet raw' to dhclient profile.- Add Requires for used perl packages (bnc#670650).- Updated dhclient profile and added dhclient-script profile (bnc#561152).- Added ability to completely disable repositories.- Properly indent sub-profiles after genprof completion (bnc#480795).- Inherit flags in sub-profiles when generating profiles (bnc#496204).- Stop treating profiles shipped with the package as config files. - /etc/apparmor.d will still be treated specially. - Add support for parsing network operation events (bnc#665483)- Fix for sbin.klogd profile using kernel versions >= 2.6.38-rc1.- Update to apparmor-2.5 r1445. - Includes 3 of the fixes below. - Several testsuite fixes. - Update for Thunderbird profile.- Add support for libvirt in usr.sbin.dnsmasq (bnc#666090)- fix rm call for nscd profile to avoid file conflict- profiles: Add openssl abstraction (bnc#623886).- Added support for sys_nice to ntpd profile (bnc#657054).- apparmor-utils: Support newer auditd formatted messages. - Fix two x transition conflict bugs. (bnc#662928)- Splitted ldap related things from nameservice into separate profile and added some missing paths (bnc#662761)- Fixed pod2man macros with older versions of GNU make- Fixed building of perl and ruby SWIG modules. The former is required for apparmor-utils to work properly.- Fixed use-after-free issue in apparmor_parser.- Added fixes for logprof issuing uninitialized variable errors while encountering audit messages for unconfined processes.- Updated cupsd profile (bnc#539401)- Fix {proc} vs {PROC} macro usage in firefox profile (bnc#436262)- Added support for eDirectory nameservice (bnc#621394)- Fixed incorrect /proc/*/sys usage in usr.sbin.ntpd profile (bnc#634801)- Added fix for another case of whitespace affecting profile removal (bnc#510740)- Added support for unified build, which massively simplified the packaging.- Fix for syslog-ng profile to allow upgrade to v3.2 - add mysql support to syslog-ng profile- Added support for enabling/disabling the module automatically during installation/removal (bnc#623246)- Converted archive to tar.bz2.- Updated to 2.5.1-final. - Lots of testcase updates.- Initial packaging of AppArmor 2.5 - Now contained in a single archive so built from a single spec file/bin/shlamb20 1542900564  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx2.12-lp150.6.3.12.12-lp150.6.3.1apparmor.dabstractionsXapache2-commonapparmor_apichange_profileexaminefind_mountpointintrospectis_enabledaspellaudioauthenticationbasebashconsolescups-clientdbusdbus-accessibilitydbus-accessibility-strictdbus-sessiondbus-session-strictdbus-strictdconfdovecot-commonenchantfcitxfcitx-strictfontsfreedesktop.orggnomegnupgibuskdekerberosclientlaunchpad-integrationldapclientlibpam-systemdlikewisemdnsmirmozcmysqlnameservicenisnvidiaopensslorbit2p11-kitperlphpphp5postfix-commonprivate-filesprivate-files-strictpythonrubysambasmbpassssl_certsssl_keyssvn-repositoriesubuntu-bittorrent-clientsubuntu-browsersubuntu-browsers.djavakdemailtomultimediaplugins-commonproductivitytext-editorsubuntu-integrationubuntu-integration-xuluser-filesubuntu-console-browsersubuntu-console-emailubuntu-emailubuntu-feed-readersubuntu-gnome-terminalubuntu-helpersubuntu-konsoleubuntu-media-playersubuntu-unity7-baseubuntu-unity7-launcherubuntu-unity7-messagingubuntu-xtermuser-downloaduser-mailuser-manpagesuser-tmpuser-writevideowaylandweb-datawinbindwutmpxadxdg-desktopdisablelocaltunablesaliasapparmorfsdovecotglobalhomehome.dsite.localkernelvarsmultiarchmultiarch.dsite.localntpdprocsecurityfssysxdg-user-dirsxdg-user-dirs.dsite.local/etc//etc/apparmor.d//etc/apparmor.d/abstractions//etc/apparmor.d/abstractions/apparmor_api//etc/apparmor.d/abstractions/ubuntu-browsers.d//etc/apparmor.d/tunables//etc/apparmor.d/tunables/home.d//etc/apparmor.d/tunables/multiarch.d//etc/apparmor.d/tunables/xdg-user-dirs.d/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9211/openSUSE_Leap_15.0_Update/f6d04c4b4c79c0b3afe4954b87a1310a-apparmor.openSUSE_Leap_15.0_Updatecpioxz5x86_64-suse-linuxdirectoryASCII textC source, ASCII text苔a]} $+.utf-8f56a3380725d60ca5950c826ca97fe549adabccacffa67cbd8f6f3cec351d634?07zXZ !t/M] crt:bLL GD !A\Dک""Ө\ܚI wS`~1gHm'Li"^9+1Z!D-6kǂzk5{'bu,%T|^$<'r[,? B>ic{$U\I]Ι I!HLpj*&Tna 0M*V a|.ٯ-Ta ,7Ζ@gwP};8΂߆FDK+r8x_!m;GTfG R6@)gba5}``X()v0^]7_ Un~y-= wCqHPPb3sooƒZ۹Pwwq €u ;|ߏ xQ:ЛmQ1_ɶH<}|eM-ՈmaP7@l;J1L#4aQza*td=QY+nd+4]\7B3 @ 'ċ3eIhԎ$aWP*Ovs뫷e%CX?y 6T@q+g"Hej`Ůcjp<*r~@3ܫb.O:gO),^WgB "zk~$(<:C:ym7O1y>ζNMfȇ/.sP`y&S()'RkYhioUܒ;#\&;@9Ic8{ ))?8g7{`5a'`ߔF|hBMi v4ikא%եFT0쀃:X Ħ) I;w۶`g;ϕ$ΙKyߧo7Xt];k.պt(˳Rw<Of6]ٖy7j8@jH%>k:|Ƈ.[bd;7 3 >?^ 4h0 N0RpK<$2ċ\7ZPeZZ#I~dp1R?@^,$2mڽ! @Ge{6A? $#縿cp !#Զ\{o<^g黶: *%_=ړdY֎s #ֱɄ4!rvҽaG#J~hHgKsbr?<">{,5`8̅0R8l^ ^u:Οg}_ 0Rv]j4CݝꊚjY ND{[ŏKX)W},z?;Vm {vש]v>Q_g$'uE,ѾSi䜷+>1vPoƬta"KPN_k$' ڣ'qu8R ؎N 1=N+C+ F, bJ!o-Wum'5|/$X 1󾼕*?E|HEܖ$#Y'\0Mz9C7@`kl"q~&1I\]5Uja 6T!{ O¶ey<<!;@Q0 O7T}ChN+oE0WK 2d>9oU<YS* @WC̙X b_0x/a!2CmVj{`!!7 u9@ v{NvznX550^50G1'|-$kPLK<f ԉpV?a u@dR+&0HamZUc_< oxba= !TZIS!~ǀ{Y#}"$h-=D0Xd׋͖i Ho,`BdSkU`]cl s#h]%l (7^g`:eH!h m@?P# ˕!d9<2Mv{g3S*(azKCTqiXzV̨V;t,`a܎>]b=u?Pf踦4ڏV?4FhBz 9>wkNtʀ~ڊO"-zy2 غ$]bmNOW;2_wD+-`F,hß 9L.FF4&ivV+>Q(e61xd j{.;0ȍǣ rG[_Ts+<㡃D#WHϡb=쿶e[Z<+j cr?:ӈ /աre.@MȔ[ڽdo7y^s (qHa):/kO4Pr}_r^ $=wD+H(Ο{'sb#Ϧs_n5j:rȂXү+* X50^)t9U/8VN_b_dI8DŽBFY^5aˣݱ'd#m"%^,h#aKƳwRE@;3,fgotTј{7:04m]t_xxx YV=rKm F)V6,˼] ~X5⓳<ؑOlM2} Gw_pMi'I AK3DW{H[XȘu eZ{4/W(ujY<EߝHڣ,'$[ld`,8t1 X,~iK4H=b;v3U{>Xu#[&r(YfrqF&yK}C uEY\{cKe` /ѱ8NPP1E,&XK##_0G֬aɇ8mk*=YRaM4D?ۭPp)^۔9Y'(dw׫|;clף1hts FRX]~䚆5)[q0(!bݫ<6b0nfmLREN:ya-5<뾮6 #p.(9z3T~~j;zdkCM>Ku'P_e=y&\B=<аÛU /GrfȂ΀%\;,l 6쬔殩&G*;)>ȉHE%[^7$h^G:TR&}'(+*R>A[;d:5D뤩uL }힪R8&Xp~MUI ?W`y"%52ZѴQ1&Y^@tk#Ҍ+r)~N-cOB[;`^M~;27&IOaPB1r'ƛbkT~T<t‹(y+AfD[If6:Ur]Jɒ܀52ó0H>(-b` |ePVvnxi&qt axK KӺvr}V-)*ʙK*%2Durz1<uF5@0;~4 EMkp'H\\e!SyLYh=q&/iIpF#, ٖma߯KZFϧ.bɑxNK#զ찰Ev#12煑iR:'`J4 ˬK Q 4Y0d]9K'e ÞDXf7۪ 6\aFZY}M`:|# ZR񝉪 * ~RtW{ ?:܋TvBW9 '\վp%X0E#&.<,+[ĊIf/hРAjwB<2a4J>, T|ڣq;` go׮>: )Y%/aVNPK>ŽxWTǍ1Gs6"?>%'/cZ+-6rL}Y 6~&- kF,W{R%(5>."F@,QpH ja:y~RI*_Mq%f^n (s eÂj[aC&Lq*[{y; JJ  E,J팭-Wj`Rvr’?"n? ddYA6e它exJ^r]eo:5OVJ=j)ݍOAFy5INKWuJӓKMSo4|L=S晓!d3vn_)E[?[ #/NC']J+]í /5{rȍ %*B\Q ūF~׷2.F_+q>tM>D ]硵@x;Y<]8J;sgkw*w Wl0Ͱiѩ##Vwfu'Xڥ&D:, s`YWd !Ig"[I7@\v4ʿ/64ġ6+%̠*mDW3aa:j2i,@}xH%P1osc?^@UG1f477(P>߇'4 [ztS[2ڃǮ}U<2͞D7ٟur(1ZSS/iPTiDa@klmylzeERf"7HORTSvVa˄mj ٭{$G5֡EyǡEh2|p-[hTT@Š0YV5_į F_UK* q܄wL#X0S:rϴg+;E 1%6o alr[,q}Xή_b>+R(Fzi ys.@6A/8,#UƣX-JБ1kb0!iϸ-S䳵 zo[#*S 沫U;b F)ae(ΓC N;ffT=)jūr”95vU^HS|"ԕy$$RPY$9Nm_Mn{ս=rm@7,_v_/h+J?)2N3/K]X.<w0&nLnnZ궈Y~K DzxH>;wΤO\8"H>&.Au'PM3B|u bx%jk!r|3:: JHQ0"a9sX~͹/G{3LF(/C,9<*15 [wٕ|IKC~)PeXynh_=9x'6(:vGiH6:PmE Qr&=5ůMO|ixJaD72,Aţa ZC {QB`"=RwtM7`:xߞrx(~C||1ҿHjP}$ձcu*~XEV%2;D1P̸G+_+,ʎ6*^@{{Cf@eF۹I~s^{ B"$Otv1y89*ceA 8rl &r,IOO/UNKkYL x%٘1#7:j@ʏuJ.heAMJ-_eCb&w ŋ! dTQ,IO禎On\qhu)cu?y6.+Xd.q̕0TDvAE o~.>Њi~1=^0?'[SƒqLű)c_Opa^R$$T:5+سG"} YYg#\+K+9Bۙ(QyJg !8{=D BOE]ߘlFR+}v\R?nK2Mނaɸ$[תT6]s0f<.ti0`WpN?zbs>r9͟X)[ b@Zv06fsrn ;*d Ԓ;'nPbң>#`Z н2DOʖٵIuґ!mavA]SCāԫTu>5+tu<>58:(,t4MZM3gǝC4KrɁz*'}VaQLp{Pn+7.a}#{TCP͎'۔o+E'^ 8iYzK;"Mq0h| 8`؏7?/&,jPGWDь9'QyY݄T5LH?JBF Ժ3L6cyCɽk.JMj܀g(/J*o]:jǐᗋ£"m;}!QFo37V YE9^[oyX~eH:;&ݗ5HZPw6Y|?Sx]6o׹SIGM_ aid(d^i)*D좘.[+d`IJ"]o^hG/ mXMdIΑӨYDxs ӛj*o첃ᙊ [ >qEm 7FJS/nnGhϺL9ޔ,br)Ō(Y5Fsi0)VHӟ.`>l.~#c:jf>Q2}H u~?{KqGv&2|b볚իbṃQ֛6bT:\L\D+~w氌Kgљ*}e1F12s?جdE-!HJ7B:=@EшfYͥp3D )jwQ޵b\ x\l,7!]-i`&P'S |YVJ>\n9$o:ZqۅEx%' ⁑xVVISiD…)> ɣhb{r Sv44[FcL0l*ϖx6>i܀ªyPʺ hu/Mz 4gD)TWPo4! __3^j&X>bx^>zѶF]:Ǻ|=c#xWuπ3{uZʧI}V=:Nvc-7ѐ[Il>FDXNy-uk*~F3h#l Yȟ#e'e3@/ֳ ^( |Щ#K$X+B1#8 0ęɏ|+{ڞJZ'rר@>.L0:{Hw:Tdd/d݆ ."P߂qGMh.y(ޑ< @2;KK\UKc/MH=RMDZ:j,|qGf17,#!kirU=r~uQQ?8q'WeƱi=2i QTᏦV ,˨>UiǘD:qV2#2Vc ب46\z!땻VP"rht?7Unי -k1yT.)B&D.YCHAj& ;C VFMܹ5~c|닆ư?=`'Ȥ=Yo[#y=`2B&j(nl_nZg=-qDv1[ls}4j54|c^-WZX/AC;ܔ'wCl0Eğm/)w e%; |c׼cY?:;g]:uOУ!T.XiFn1D7JqV ̸>Xj{z܏.흈K0RwQ:WIP>S'BIr H?M.iG 2w5Lgwg,FA6j؆lrn^.<Zz@CxRVVopwkEp0*hj-݌%ܺn$3fOĉC U] '6m^[$iBZ?;݆ ]菕bRl0T7E[)h/1 G'79$?N-q"zW S S`o7,8aaBopRЧ~h>Wm_\M0Pػ)KkMotBpW@rMU.C's㓰 Pmh+ hLT{g~HZ7M W?/}s6A2gZxM 4Yथm}'SXh|UV4m} Yޜe{"UUMR:-#;߃v}.// Tyέ)~uiy:aϳFIBLܹԱG A6Fvbna1L5eE53*Cp)aUx ](7UUAd&?Y(0rN%90bN: zɭb4W·=?s9Z)]oWoCr1UTWBF&2v2ȝeDvVT"8`Du,F_eLsۖeiMZ xf?QTYEg9iG2pͳv)w%>y:bb}ڳ w)`+BY+Z]mGvď1V'bK1:R!vPjIktDW8tІ2vIOmG_,քn%!>SH5.T(>!3GeKJ4m+4H]3\/QR&"%Ð}JƎՑF rgjnRk̺2Q$T {+]uMJ:h>||ODz܋$A2b fyay*Y.x~-Tv6L'6 Ɋߍ󧷍ȕ$(|EV\|B`e)ג77Zx#ܨKIBNn O,Q<o|PGzȨ 1%=QivZjA-J6f!JCtg^Jƅ^Mͥ%Bs^sRp$ђS4Z;Tr]$~T{<3D )>VgT+5ZR\^Efx%CqfBYii!m/nVgm`R|}IC>0s8 Tu䝜{6t3tNg1Łݟ|qj`Jut&WuY-CW ֙G-{H x*4׃B>ˉPH`yr5rMPhxW:ޛSX>DJ⫡d5iLB%m-1^ k7)w"O;"3v֐O!n2w0°8nϭ'rCˍPhd%ۂF+'$Ii~!Wc[_v_H=C5et쒯ĜkW"h&bZݺDtGkk/1طP5o*:v=|퇌>v0NYLoGtCVn&Gy])b& jEnf.m(4_Ql 滒P*';"\MJbzvgÛwֈNpb*#B߄:h%Nρ.uF{]gIsx$7oER9m: GTD/wAˌ`BX0{|M \!RS>;)8e;ldj% ,ΙBeZR#^;zX۰dq=Ce0-cܡ&#ũ5|%/ $y5׼1QR>8c\ld?2bJOU4{nAv_HHFl@ }vKh=S9lԃIb T8*tr*\ Z|r˽"t̢t=w"hz2,u7(]N @y `- =&A|hjȮyn{Q',R_1ܛݮL|%vRkN5ɝ qE>7m,պa,MvP "/ Z k4pTHIf{:WI\-~sBe)cɨ'nVdԫ4C 7ThMBoj\~rys\JOÅ}<3mlxOѧek6;wgo._ˣ,5-a.+/1!khϹD\Dǫh:q5.&&zSwҹ=1VٔAěQME(9&۱xIlps;- nV`M"^!uQ1^a#=Ó ܂XaLF\dNb iTaQWީw5Q^'63{i9UbH.;k /Ap\J=DTLa2c%(;BRU?0k{iwQfks.YultD>[_Z4S zeE[>0J[jp%H:ZDH qz['iy<(*XekBj8I+X\ TҴzI= XƓ:4˱nS Ùp}9!3hv9{%_eC& f?k{ײp1oGcsk w-o1 mm$;[Iy%k‚ R!5QtAVM8ԝBR+\-r[p“(B0yȟ5R JO*l*{?3D>Of$V3U}?40γ49 )Ci'rty C^`}_Q--ưow+Agj&2 8RbL.cװK|K $9,,_QtAnHg׈1c_AE Yx$ԞO,bH*\qZ˨Hӧ)(~Dnmi6J̄W }RDXW~YLf:Aye !p}șKrk;MHόRomREysR@a?-~cY74EZ"N>J@<l^>rve| %UM]UUg@-\ i39El3+sEK ?[{=sy^\RK0/õCE@=əi!HZj<2M~ixu &Z3ޮ,:Ps$~YB_DgԱ &y$wlS6 j&3SѷNe' X#u"(l&S[?K %ZW#3`)ԚgX(HCIfqORk ە3 "VdyOϥW'ݶ4moZVQt5]mK>}aZ{$cI\+K},렶Y] n$^eQ (NVwq/7Roij꼊a9 Z68ԍ` C2aʘ9uo]'ݖO\m:ɸw8|GFlb ZerZvޡ1 U0eLh(vܧoVMW BhMDokRb (_'2>PkD0?nOTˁm$KM,{qb@ˡ0 [I`ܣ%C.->>@&{Ԧ?Td8vmfQ/6 B=f?E K翔J`1Y 6Rdz=J{C0f d:G7<I0.bNf̱9mt>-!2A@  ,ܕs æyE 1= @ jy/mXڞyN,{[F?=u'NɃ[lu8G7EV1(񴅒FIJ4HR~fS2mHE%Kh N 4sSTVe~MDC쀲U ,_΀)oDH[`N*HC81yoܝHFC Hɇ(.nvkMO/pRVz.O$kz9SoZ cpcpR+b`'LWȍ"UíVOJ]{Aǩbgخ;CUAxCϛVO!GCr`V,PfI ţmHvp=4w&?bQ"Aw@O& ;>Zߚ;čX‚._O o(h&;/Ch`0BYq^ZRPv4Ig}U CƇ6&@Q_! I`,)VY{R k0cedv9"797_ҍ C1 naLZ>kV ݷrV4 b=o(66*'hX"6_G{{]lXFvV$_NsFWG+%w_Z^hF SJAڨA 8Ī$qTg?נfplJ=;P/I6%szيԐySV<:O/x BXy+!0+^57iEO{ Q"EsdU4>6 .NnwS V1?p7|/9MHH 춛C#B=-QλxDwxAO>Qb}ERP&֮^?7Ӱ|:܀;=G2@ܣT6?Jzi "[MՄu%O+W֐c&5p6߼Fİ,=;QђZ]uԝ.&EWfG8[)!+@lBWUV,cɹ;RX(?2>s=Pp%gяxLñԖG9yP4'b֒G ^2D%U8+a ث.`x/J)u`>ԁXX {"d>@P˿ 5)j"|9̽1(~e %/hg$y5DVtC93qM:  4_ wޕ@ J5uϸY"X {~;O>@_h*A*T1ŒۼaGN)yϱ GHM^̔Qs71q8 Vő9J{[@y>EVy ȉws+dA"7*x*:9)`=e;~gj)v\7OQ*&][ ;~[ZxCijŝ! Ή*c?u{rd ?0(_[89 &XcTSTpRc<`)-o_DÙ VUp[/̚J.^7l+p%(ty~iH]h/~XSJXy*|0ȇPR nio Θubcҡ|\۩UIC̞f$+'H$^X=@auSR۾lSಆ͓ Zv'7x`K&|"[1Vτت(-C 6,(JsNGR%ӹ3r@X :\>IrQU8"x/ [3B1;D|P"CQa[<0}o^ʋ5\mpKϳe/<yM/q~Nh0L)J™9X2])5 BJb3{CSHKrK1ƔQez3L2F1aFJ$%d RoCgɘ#BW18}>kO zcvIt[!tuy3ן~,] A _\ 6 Au∓b,zo?Ga(-stL5C/ L̑d8ŭg ' 6RV]Nfi0ӷp@s C;G$ǔNG_" ^N Ühv1M;xhYHbf#DW'v@ 4-_YQ%.S]F5E?=9yv8cwzAMעҳ=_ +Gib/7g],eZMqM)R㡕y& I [~@=x}%Ng%EZ'D 4aoY`p2M#8_ɛfԔjҚR\{FӢ:жת6 2S`Q;1: I sxR'U_t =!~Y٫ 0S,h3a|eP /a4;{F?|¦zo|ReE\t݈]%vd6|QT40JDfug0)&?tUԕeok^-u${|"==6%u ^ YZ