������xen-doc-html-4.12.1_04-lp151.2.6.1������������������������������������������������������������ ���4���>�������$�����������������������
�����������������������A�������������������������������������������������������������������������p�����]�/=���b��vcF9
%]F~�g-vMR V;B۱h/u(ʔΘ|PHXy$a´Fp*�moe&p��b�9��ǙfNs1�.�G������p����������������9��^���?������^�������d��������������������������������������������������������������� ���%���������� ���L������������������������������������������������������������������������������������������������������������ ���������������������������������E��������������K���������������T���M��������������M��� �������"���M���
����������M��������������M��������������M���
�����������M�����������@���M��������������M�����������B���������������d���M��������������������������������������������������������O�������(�������s�������8�������|���5���9������"P���5���:������7*���5���G������PX���M���H������Q���M���I������R���M���X������S��������Y������S��������\������SD���M���]������Tx���M���^������Y��������b������Z�������c������[�������d������\'�������e������\,�������f������\/�������l������\1�������u������\D���M���v������]x�������������^L�������������^P�������������^V�������������^����C�xen-doc-html�4.12.1_04�lp151.2.6.1�Xen Virtualization: HTML documentation�Xen is a virtual machine monitor for x86 that supports execution of
multiple guest operating systems with unprecedented levels of
performance and resource isolation.
xen-doc-html contains the online documentation in HTML format. Point
your browser at file:/usr/share/doc/packages/xen/html/
Authors:
--------
Ian Pratt ��]�cloud125����� ~openSUSE Leap 15.1�openSUSE�GPL-2.0-only�http://bugs.opensuse.org�Documentation/HTML�http://www.cl.cam.ac.uk/Research/SRG/netos/xen/�linux�x86_64�������������������������o������������������������t��������9��D��A'�����������������������6�����@�����7x��3����#����������B��������������������(����������W��
c������
������e�����
���$��,��7�����6H��"y���j�������Q����� ��<��3�����
���"������z��2��9������
�����74�����\xAAAA큤A큤A큤A큤A큤A큤A큤A큤����������������������������������������������������������������������������������������������������������������������������������������������������������]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�]�����e171864f5cfbf7c7b3fecd9b9fbeb3da9e87f63a7284ee52eeed093f8ad303ec�f53beaf653f26eae12ff7ced3bf0735dbedad0d8baf45d31e32d33e0b868bfa9��54e980d65bcde307bad2efeab9640ef5c720b4ebc78ac8cc1eb48bd6134a5280��b3422df9c1ad850ce9b456e83713da51f123c2286cf1f9fd4eb97f57c3eca9ad�bd5267a76a14fe4153f4ca727fb99f1c0bec9e8ff77302865a83919fa74e2b8d��b80b94ff1a198b4d6e03dcc25f86a1b332a80cf36f7df4bba07c19d192059b2c�ef514a67cdff39837020d8d96a1ba5eda7d01962b24dab6fee8c475ef8081dd8�37e73cf353da4bddd8d662b9cf85d2a807ecca293298fe8b00cd352cf958104b�078f07651ae04fc86183bc953a94d4437042b3a3e5182bfd03e899ed64ce4bbd�561b47426bf32b42f14d7c7c61466a753a6c7dff614ed227f34a3e646040c6cb�d344261e1861b09d9bb8bb11a3caa1fcf632c9edc2107b175ecd48555e9bc639�851050a5d238d9b38e13e23f494782688926fa6c7aa008016b3ea433277f32c6�d7554269b2dc588684a32eea5da8b59ef1347b8fcebabf743127a8d51f8ed283�8c60977071d97490acda0485b064d9480c95b878f280d9c1f79d960b7854985c�2015fd56a367e006535db8b49524ae66cd08c0afcd4ef0602fe65a9807c3302d�61b4dbbfa7a6fa0573416e7292e459d6493fb933380541ba8fc8598dff289775�d07b7ee778bc7d235842e6fbfb0e33f9459e0d93dea5311bd00894c6495d7e8f�e466c9be077fa0ef0ced23a246e92d14cc0cc8fd757931079cf928689b544b32�6b03382516373fc9221dc98277ed58043f0d5b49a8cf0913e57e5e47220c2c96�9ee6135d71a7bc45978b5053451cfbb78bf8b1a5f6494e677bde29652eee3ff5�9a8c771f2fb58d22ee3f0764495a5a3a33d4b3fbe946ff9f9db3734ec8b211ad�4040c61e56acba239b76d0bdd6f9a10b0e60f694e5b9832577336615df9416bf�ebcc9fac4476929cdaea315186f3cc51c3937e129a5424d403036350b2337657�4371cc47909aee32715d5104b6a3c97d6a699beefe9587b72087783636c328d3�c12341298a8aa14625278d6a282665ae94787e9d9c56a5430ceac67a215ed10e�b3e1c4bbda2c55f72a5a5a11d272e7d4ce4bb5c2d12c4c2d6b40de640b4912d3��df5076c347e7cad2371f3dc0bc10c6877c8f5251a5a57ddc6c79e1f9b532f89f��9b3fc4dd2d139ace9382e594c2c73439a9d4f100fc61c4e4f9294d4239776620�fbf590c80aef40b7e6ab58cefe9e4351ef6afaa6bcaf4e55d7809df6392fdb96��aadfa0507b89d930b9500c7a95869685253e2082a4d704ad9ab9a720307e4e19�a4e5ede94dd88cd418f7f9055306474ee16f502772341ee0cd7fe83eb735ee68�4faf9f22847781296550c42f0955595f5f23eff9cf7b00ca27ee70988aaee9f7�ec2154a382909b7652464c29ad603492e27c76bd7d0de3b5198d0867fe0a75eb�d93bafe2e73cf681a88dca3217d79376c353ff4e1e5ecee8c41c70e11b8c9e2d�cfcdd851724d27ac6e7db6d1ebea36939bfc87abb5ee94ed0789538023410245�976728897864907825a5a2538c25cd0aa407ba15e58bed9f42232379103f1ee4�738b1644bb9c4dfc41af8064e2a518120b48fbc4e08145393f66b0c5a021e938�cbd8a3df94dfe4e0f9e13aeb37f875b125d12de5ecac063ec0981c788138e0e9�91b95599c26b803f2c8bfb407d7ea7de55a783c40780dcb7f993af187e4d4200�a7cd1ffaf63b68eb2cc3c3d663847edfeeeed22d3b1039b423ec94b5198ad7da�ba0315ada992171ac097279a5924539c83bc431e243edc9efd772f673fd5301b�c159111fcd005b864ab1f4b803e059590043471e04d0ac7ec96fe74dbf857c00�3a9b4163966919de58c0d14d493b5d7c6826e43bd61f2eda3c2a4a33fd26f285�982fb97cc7b4730fc7c1c5289c87cc4d1dfe6184c7908079cfb34de8b6d4d200�fa7a5cd899e7aab4589a5d0193118825ac5072abd29bfa809c3b3aa704ec1d43�2c80a00b3c661489ab62333993243951154c8ffe56cf475ebcb8a54982ecbd14�5cbe19ee58416bcf16a88f474895a8626db19ae5f3654c894d7337bcf72c1fc5�9037f947f713649a84322888eb75d9dad867249c4c135787affea14ee1cf2c50�b4403362cc91e5249e9a32270b77e1d08f1217206215cbdcbd7b4f179b7787b0�56e065805b649e73f32af8d7b9fd0a5b317668d9ecd29a382e968e6466945103�b1f10e378ccf028b0040d857506d6a2f9f9f7202547fb83347ebc6cf52cf4d32�28d603a99a49af40bf7589771dd6810ba68ffd01c20c7d7743ec76891e07a485�1f086e043731368850e313269ca98ab91c156529ac3b961a67f54a522ef09396�5d6be4431b21e9ec2fc3e6c70050a26c3c78777e5200cad4282b96411eb4c871�e9845d2b4b1163c8f2f71b3f232161df132b103360ee3fb48495eabd71c2be87�437b2d33715486da3e3443c567a5b9cb6b8f54c07b3fac562cc7f7d20c570e6d�f66605f996aa6d38f8234276f2b8fa5c54a10903b7fa29d49d6dbdae30ef984b�372a6dbe9c2786b09c1d722ffa63f7cff6848a3b35a68d4fbd7770dfee8c9157�c4151eb9d4bb2e16e25f710099b13ab6c7b0dec076e76d504e091cf2642a805f�8128ce2d59c9e5bfebe0a433ae1306e8a719631f940b74c2751182c03bf29543�9a80dbf1fabbfc82ede8ce1fe4f43a5c4bb36450cafa0e20cb488f196d3031a4��ba0315ada992171ac097279a5924539c83bc431e243edc9efd772f673fd5301b�e9845d2b4b1163c8f2f71b3f232161df132b103360ee3fb48495eabd71c2be87�99c2d96201aa0764f2f38af8f27cdcfb78da67b52cf45d2c1f3635386eaa4a19�372a6dbe9c2786b09c1d722ffa63f7cff6848a3b35a68d4fbd7770dfee8c9157�98394ef67fe837f917dc3f0101b89193414868cd6bd7c94ceb5ab3ccc7ed408f����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�xen-4.12.1_04-lp151.2.6.1.src.rpm�xen-doc-html�xen-doc-html(x86-64)������
���
���
���
���
rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PartialHardlinkSets)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�3.0.4-1�4.6.0-1�4.0.4-1�4.0-1�5.2-1�4.14.1���]d@]@]@]]fl]M`@]B@]�@]�]�@\\ޢ@\ڭ\\@\@\�@\,@\7\\N\�@\\+@\\M\M\�\�\@\}�@\k\X)@\J@\I\A\?�\=@\9\73\4\$\�l@[H[k@[@[^[^[/[@[@[9@[v[W�[CN@[<[6�@[0@[0@['[!�@[�5@Z@ZnZ�@ZZZ@ZmZԐ@ZZZ@ZZ}@Z}@Z}@Z}@Zz@Zz@Zo�Zk�@ZV�@ZS]@ZOhZ:PZ1�@Z.s@Z&@Z�OZ�OZ� Z� Z� Z�@Z�@Z
}Z�C@Z�Y�Y�Y�Y|Y@Y{Y*@Y5YA@Y4YY�YbY�Y@Y3Y@YJYJY@YYV@Y�@Ym@Yw2Yp@YlYh@Yh@YS@YJ_YI�@Y5GY0�Y-^Y(�Y"Y�Y�;@Y�Y��Y�@Y�tY�.X@XQ@X@XۡXg@X@XƉX@X @X@X@X�@X�@XXX@XXXwoXs{@XlXWXRXQ4@XEVX43@X.@X*X lX�&X�@X�X�@W@W֘W֘W^@WiW:Wt@W.@W9WW@Wk@Wi,@WbWZWZWZWYZ@WV@WEWBW=W;�W3�W1@W1@W,@W(W(W(W(W(W#LW�VbV(@V3VJVxV'@VV2V͛@VŲ@V`VwVVV=@VV@VHV@VvV%@VV<@V@VS@V�V@V^VwVqR@Vn@VXEVUVTQ@VMVMVMVA@V;DV9@V7P@V0V*!@V V�@V�CV�V�V�f@V�qV�@UYU�@U�@UUݪ@U�@UnU4@UUK@U�U@UU>U@Ux&Un@U\w@U[%UUUPUKSU>$U6;U%�@U�U�@U�U�U�.@TgT-@TT@TZ@TZ@T@T�T@T5T@TLTLT~@Tl@Ti@Ta@THT?@T=�@carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�Jim Fehlig �ohering@suse.de�Martin Liška �ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�Jan Engelhardt �Guillaume GARDET �Guillaume GARDET �Bernhard Wiedemann �carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�Bernhard Wiedemann �ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�trenn@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�ohering@suse.de�jfehlig@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�rbrown@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�jfehlig@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�jfehlig@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�ohering@suse.de�jfehlig@suse.com�carnold@suse.com�jfehlig@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�mlatimer@suse.com�carnold@suse.com�cyliu@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�rguenther@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�rguenther@suse.com�carnold@suse.com�meissner@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�- bsc#1154448 - VUL-0: CVE-2019-18420: xen: XSA-296:
VCPUOP_initialise DoS
5dbaf89f-dont-use-BUG-for-parameter-checking.patch
- bsc#1154456 - VUL-0: CVE-2019-18425: xen: XSA-298: missing
descriptor table limit checking in x86 PV emulation
5dbaf8e0-x86-PV-check-GDT-LDT-limits-during-emulation.patch
- bsc#1154458 - VUL-0: CVE-2019-18421: xen: XSA-299: Issues with
restartable PV type change operations
5dbaf990-x86-mm-L1TF-checks-dont-leave-partial-entry.patch
5dbaf9b2-x86-mm-dont-re-set-PGT_pinned-on-partial-page.patch
5dbaf9ce-x86-mm-split-partial_pte-tristate.patch
5dbaf9f5-x86-mm-use-flags-for-_put_page_type.patch
5dbafa13-x86-mm-rework-get_page_and_type_from_mfn-conditional.patch
5dbafa46-x86-mm-alloc_lN_table-clear-partial_flags-when-preempting.patch
5dbafa5c-x86-mm-always-retain-general-ref-on-partial.patch
5dbafaa4-x86-mm-properly-handle-linear-pt-promotion-failure.patch
5dbafabd-x86-mm-fix-nested-devalidation-on-error.patch
5dbafad5-x86-mm-dont-drop-type-ref-unless.patch
5dbc0d64-x86-fix-CONFIG_PV-build-following-XSA-299.patch
- bsc#1154460 - VUL-0: CVE-2019-18423: xen: XSA-301: add-to-physmap
can be abused to DoS Arm hosts
5dbafb0d-Arm-p2m-avoid-aliasing-guest-physical-frame.patch
5dbafb4e-Arm-p2m-avoid-off-by-1-check-on-max_mapped_gfn.patch
5dbafb72-Arm-p2m-dont-check-p2m_get_root_pointer-ret-with-BUG_ON.patch
- bsc#1154461 - VUL-0: CVE-2019-18424: xen: XSA-302: passed through
PCI devices may corrupt host memory after deassignment
5dbafba5-passthrough-quarantine-PCI-devices.patch:This is XSA-302.
- bsc#1154464 - VUL-0: CVE-2019-18422: xen: XSA-303: ARM:
Interrupts are unconditionally unmasked in exception handlers
5dbafbda-Arm32-entry-Split-__DEFINE_ENTRY_TRAP.patch
5dbafbfd-Arm32-entry-fold-SAVE_ALL-into-vector-macro.patch
5dbafc3a-Arm32-dont-unmask-interrupts-on-trap-without-level-change.patch
5dbafc4f-Arm64-dont-unmask-interrupts-on-trap-without-level-change.patch
- bsc#1155945 - VUL-0: CVE-2018-12207: xen: Machine Check Error
Avoidance on Page Size Change (aka IFU issue)
xsa304-1.patch
xsa304-2.patch
- bsc#1152497 - VUL-0: CVE-2019-11135: xen: XSA-305: TSX
Asynchronous Abort (TAA) issue
xsa305-1.patch
xsa305-2.patch
- Upstream bug fixes (bsc#1027519)
5d9ef2a1-EFI-deref-pointer-in-set_color.patch
5d9f454a-x86-EFI-pixel-reserved-0.patch
5db2b4a2-x86-is_xen_fixed_mfn-off-by-1.patch
5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch
5db892ac-VT-x-fix-Haswell-Broadwell-LBR-TSX-errata.patch
5d948bdb-IOMMU-add-missing-HVM-check.patch
5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch
5d9ef2c5-EFI-gfx-mode-for-MB2-boot.patch
5db892ac-VT-x-correct-BDF93-workaround.patch
5d947b01-x86-crash-force-unlock-console.patch
5d8ce179-sched-dont-leak-XEN_RUNSTATE_UPDATE.patch
5d9ef2ef-PCI-clear-maskall-fields-on-assign.patch
5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch
5db07974-x86-update-time-info-on-TSC-adjustments.patch
5dbafa7f-x86-mm-collapse-PTF_partial_.patch�- bsc#1120095 - add code to change LIBXL_HOTPLUG_TIMEOUT at runtime
The included README has details about the impact of this change
libxl.LIBXL_HOTPLUG_TIMEOUT.patch�- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines
5ca7660f-x86-entry-drop-unused-includes.patch
5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch
5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch
5cab2ab7-x86-IOMMU-introduce-init-ops.patch
5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch
5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch
5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch
5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch
5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch
5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch
5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch
5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch
5d358508-x86-IRQ-desc-affinity-represents-request.patch
5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch
5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch
5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch
5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch
5d417813-AMD-IOMMU-bitfield-extended-features.patch
5d417838-AMD-IOMMU-bitfield-control-reg.patch
5d41785b-AMD-IOMMU-bitfield-IRTE.patch
5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch
5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch
5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch
5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch
5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch
5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch
5d417b38-AMD-IOMMU-correct-IRTE-updating.patch
5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch
5d4a9d25-AMD-IOMMU-drop-not-found-message.patch
5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch
5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch
5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch
5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch
5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch
5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch
5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch
5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch
5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch
- bsc#1145240 - [Migration]Can't pre-allocate 1 shadow pages
5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch
- bsc#1137717 - [HPS Bug] Unable to install Windows Server 2016
with 2 CPUs setting (or above) under SLES12 SP4 Xen Server on AMD
ROME platform
5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch
- Upstream bug fixes (bsc#1027519)
5d67ceaf-x86-properly-gate-PKU-clearing.patch
5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch
5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch
5d80ea13-vpci-honor-read-only-devices.patch
5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch�- bsc#1145774 - Libivrtd segfaults when trying to live migrate a VM
Fix crash in an error path of libxl_domain_suspend with
libxl.helper_done-crash.patch�- Upstream bug fixes (bsc#1027519)
5d419d49-x86-spec-ctrl-report-proper-status.patch
5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch
5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch
5d4afa7a-credit2-fix-memory-leak.patch
5d4d850a-introduce-bss-percpu-page-aligned.patch
5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch
5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch
5d6524ca-x86-mm-correctly-init-M2P-entries.patch
- Drop 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch�- Update to Xen 4.12.1 bug fix release (bsc#1027519)
xen-4.12.1-testing-src.tar.bz2
- Drop patches contained in new tarball
5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch
5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch
5c87b6c8-drop-arch_evtchn_inject.patch
5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch
5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch
5c8f752c-x86-e820-build-with-gcc9.patch
5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch
5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch
5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch
5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch
5c9e63c5-credit2-SMT-idle-handling.patch
5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch
5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch
5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch
5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch
5cd921fb-trace-fix-build-with-gcc9.patch
5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch
5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch
5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch
5cd926d0-bitmap_fill-zero-sized.patch
5cd92724-drivers-video-drop-constraints.patch
5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch
5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch
5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch
5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch
5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch
5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch
5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch
5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch
5cdeb9fd-sched-fix-csched2_deinit_pdata.patch
5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch
5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch
5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch
5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch
5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch
5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch
5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch
5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch
5d03a0c4-6-Arm64-cmpxchg-simplify.patch
5d03a0c4-7-Arm32-cmpxchg-simplify.patch
5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch
5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch
5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch
5d03a0c4-B-bitops-guest-helpers.patch
5d03a0c4-C-cmpxchg-guest-helpers.patch
5d03a0c4-D-use-guest-atomics-helpers.patch
5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch
5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch
- Refreshed patches
libxl.pvscsi.patch�- bsc#1143563 - Speculative mitigation facilities report wrong status
5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch�- bsc#1138563 - L3: xenpvnetboot improperly ported to Python 3
fix-xenpvnetboot.patch�- bsc#1138294 - VUL-0: CVE-2019-17349: XSA-295: Unlimited Arm
Atomics Operations
5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch
5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch
5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch
5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch
5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch
5d03a0c4-6-Arm64-cmpxchg-simplify.patch
5d03a0c4-7-Arm32-cmpxchg-simplify.patch
5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch
5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch
5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch
5d03a0c4-B-bitops-guest-helpers.patch
5d03a0c4-C-cmpxchg-guest-helpers.patch
5d03a0c4-D-use-guest-atomics-helpers.patch
5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch
5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch
- Upstream bug fixes (bsc#1027519)
5c87b6c8-drop-arch_evtchn_inject.patch
5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch
5cd921fb-trace-fix-build-with-gcc9.patch
5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch
5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch
5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch
5cd926d0-bitmap_fill-zero-sized.patch
5cd92724-drivers-video-drop-constraints.patch
5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch (Replaces xsa297-0a.patch)
5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch (Replaces xsa297-0b.patch)
5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch (Replaces xsa297-0c.patch)
5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch (Replaces xsa297-0d.patch)
5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch (Replaces xsa297-1.patch)
5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch (Replaces xsa297-2.patch)
5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch (Replaces xsa297-3.patch)
5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch
5cdeb9fd-sched-fix-csched2_deinit_pdata.patch
5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch
5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch
5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch�- Fix some outdated information in the readme
README.SUSE�- spec: xen-tools: require matching version of xen package
bsc#1137471�- Remove two stale patches
xen.build-compare.man.patch
xenpaging.doc.patch�- Disable LTO (boo#1133296).�- Remove arm32 from ExclusiveArch to fix build�- bsc#1111331 - VUL-0: CPU issues Q2 2019 aka "Group 4".
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
xsa297-0a.patch
xsa297-0b.patch
xsa297-0c.patch
xsa297-0d.patch
xsa297-1.patch
xsa297-2.patch
xsa297-3.patch
- Update 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch and
drop 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch
Refresh 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch�- bsc#1131811 - [XEN] internal error: libxenlight failed to create
new domain. This patch is a workaround for a systemd issue. See
patch header for additional comments.
xenstore-launch.patch�- bsc#1125378 - [xen][pygrub] Can not restore sle11sp4 pv guest
after upgrading host from sle11sp4 to sle15sp1
pygrub-python3-conversion.patch
- Fix "TypeError: virDomainDefineXML() argument 2 must be str or
None, not bytes" when converting VMs from using the xm/xend
toolstack to the libxl/libvirt toolstack. (bsc#1123378)
xen2libvirt.py�- bsc#1124560 - Fully virtualized guests crash on boot
5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch
- bsc#1121391 - GCC 9: xen build fails
5c8f752c-x86-e820-build-with-gcc9.patch
- Upstream bug fixes (bsc#1027519)
5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch
5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch
5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch
5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch
5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch
5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch
5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch
5c9e63c5-credit2-SMT-idle-handling.patch
5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch
5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch
5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch
5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch�- Install pkgconfig files into libdir instead of datadir�- Update to Xen 4.12.0 FCS release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
* HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates
the HVM/PVH and PV code paths in Xen and provides KCONFIG
options to build a PV only or HVM/PVH only hypervisor.
* QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has
been vastly improved.
* Argo - Hypervisor-Mediated data eXchange: Argo is a new inter-
domain communication mechanism.
* Improvements to Virtual Machine Introspection: The VMI subsystem
which allows detection of 0-day vulnerabilities has seen many
functional and performance improvements.
* Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project
default scheduler.
* PVH Support: Grub2 boot support has been added to Xen and Grub2.
* PVH Dom0: PVH Dom0 support has now been upgraded from experimental
to tech preview.
* The Xen 4.12 upgrade also includes improved IOMMU mapping code,
which is designed to significantly improve the startup times of
AMD EPYC based systems.
* The upgrade also features Automatic Dom0 Sizing which allows the
setting of Dom0 memory size as a percentage of host memory (e.g.
10%) or with an offset (e.g. 1G+10%).�- bsc#1130485 - Please drop Requires on multipath-tools in
xen-tools. Now using Recommends multipath-tools.
xen.spec�- Update to Xen 4.12.0 RC7 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2�- Update to Xen 4.12.0 RC6 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2�- bsc#1026236 - add Xen cmdline option "suse_vtsc_tolerance" to
avoid TSC emulation for HVM domUs if their expected frequency
does not match exactly the frequency of the receiving host
xen.bug1026236.suse_vtsc_tolerance.patch�- Update to Xen 4.12.0 RC5 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2�- jsc#SLE-3059 - Disable Xen auto-ballooning
- Add CONFIG_DOM0_MEM to the spec file for managing dom0 memory.
xen.spec
- Disable autoballooning in xl.con
xl-conf-disable-autoballoon.patch�- Update gcc9-ignore-warnings.patch to fix build in SLE12�- bsc#1126325 - fix crash in libxl in error path
Setup of grant_tables and other variables may fail
libxl.prepare-environment-for-domcreate_stream_done.patch�- bsc#1127620 - Documentation for the xl configuration file allows
for firmware=pvgrub64 but we don't ship pvgrub64.
Create a link from grub.xen to pvgrub64
xen.spec�- Update to Xen 4.12.0 RC4 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
- Tarball also contains additional post RC4 security fixes for
Xen Security Advisories 287, 288, and 290 through 294.�- Update to Xen 4.12.0 RC3 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2�- Update to Xen 4.12.0 RC2 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2�- bsc#1121391 - GCC 9: xen build fails
gcc9-ignore-warnings.patch�- bsc#1122563 - Virtualization/xen: Bug no Xen on boot, missing
/proc/xen, after 4.11 -> 4.12 upgrade on X86_64/efi.
Keep xen.efi in /usr/lib64/efi for booting older distros.
xen.spec�- fate#326960: Package grub2 as noarch.
As part of the effort to have a unified bootloader across
architectures, modify the xen.spec file to move the Xen efi files
to /usr/share/efi/$(uname -m) from /usr/lib64/efi.�- Update to Xen 4.12.0 RC1 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
- Drop
5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch
5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch
5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch
5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch
5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch
5b9784d2-x86-HVM-add-known_gla-helper.patch
5b9784f2-x86-HVM-split-page-straddling-accesses.patch
5bdc31d5-VMX-fix-vmx_handle_eoi.patch
gcc8-fix-array-warning-on-i586.patch
gcc8-fix-format-warning-on-i586.patch
gcc8-inlining-failed.patch
xen.bug1079730.patch�- bsc#1121960 - xen: sync with Factory
xen.spec
xen.changes�- Replace old $RPM_* shell vars.
- Run fdupes for all architectures, and not crossing
subvolume boundaries.�- Do not run %fdupes on aarch64 to avoid the hardlink-across-partition
rpmlint error�- Require qemu-seabios only on x86* as it is not available on non-x86
systems�- Avoid creating dangling symlinks (bsc#1116524)
This reverts the revert of tmp_build.patch�- Update to Xen 4.11.1 bug fix release (bsc#1027519)
xen-4.11.1-testing-src.tar.bz2
- 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch
replaces xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch
- 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
replaces xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch
- Drop the following patches contained in the new tarball
5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch
5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch
5b3cab8e-2-VMX-improve-MSR-load-save-API.patch
5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch
5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch
5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch
5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch
5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch
5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch
5b3f8fa5-port-array_index_nospec-from-Linux.patch
5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch
5b4488e7-x86-spec-ctrl-cmdline-handling.patch
5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch
5b4c9a60-allow-cpu_down-to-be-called-earlier.patch
5b4db308-SVM-fix-cleanup-svm_inject_event.patch
5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch
5b5040f2-x86-AMD-distinguish-CU-from-HT.patch
5b505fe5-VMX-fix-find-msr-build.patch
5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch
5b508775-2-x86-possibly-bring-up-all-CPUs.patch
5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch
5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch
5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch
5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch
5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch
5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch
5b62ca93-VMX-avoid-hitting-BUG_ON.patch
5b6d84ac-x86-fix-improve-vlapic-read-write.patch
5b6d8ce2-x86-XPTI-parsing.patch
5b72fbbe-ARM-disable-grant-table-v2.patch
5b72fbbe-oxenstored-eval-order.patch
5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch
5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch
5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch
5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch
5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch
5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch
5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch
5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch
5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch
5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch
5b72fbbf-xl.conf-Add-global-affinity-masks.patch
5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch
5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch
5b75afef-x86-setup-avoid-OoB-E820-lookup.patch
5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch
5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch
5b8d5832-x86-assorted-array_index_nospec-insertions.patch
5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch
5bacae4b-x86-boot-allocate-extra-module-slot.patch
5bae44ce-x86-silence-false-log-messages.patch
5bb60c12-x86-split-opt_xpti.patch
5bb60c4f-x86-split-opt_pv_l1tf.patch
5bb60c74-x86-fix-xpti-and-pv-l1tf.patch
5bcf0722-x86-boot-enable-NMIs.patch
5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch
5bd076e9-x86-boot-init-debug-regs-correctly.patch
5bd076e9-x86-init-vcpu-debug-regs-correctly.patch
5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch
5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch
5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch
5be2a308-x86-extend-get_platform_badpages.patch
5be2a354-x86-work-around-HLE-host-lockup-erratum.patch
xsa275-1.patch
xsa275-2.patch
xsa276-1.patch
xsa276-2.patch
xsa277.patch
xsa279.patch
xsa280-1.patch
xsa280-2.patch�- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken:
Missing /bin/domu-xenstore. This was broken because "make
package build reproducible" change. (boo#1047218, boo#1062303)
This fix reverses the change to this patch.
tmp_build.patch�- bsc#1115040 - VUL-0: CVE-2018-19961 CVE-2018-19962: xen:
insufficient TLB flushing / improper large page mappings with AMD
IOMMUs (XSA-275)
xsa275-1.patch
xsa275-2.patch
- bsc#1115043 - VUL-0: CVE-2018-19963: xen: resource accounting
issues in x86 IOREQ server handling (XSA-276)
xsa276-1.patch
xsa276-2.patch
- bsc#1115044 - VUL-0: CVE-2018-19964: xen: x86: incorrect error
handling for guest p2m page removals (XSA-277)
xsa277.patch
- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even
when disabled (XSA-278)
5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch
- bsc#1115045 - VUL-0: xen: CVE-2018-19965: x86: DoS from attempting
to use INVPCID with a non-canonical addresses (XSA-279)
xsa279.patch
- bsc#1115047 - VUL-0: CVE-2018-19966: xen: Fix for XSA-240
conflicts with shadow paging (XSA-280)
xsa280-1.patch
xsa280-2.patch
- bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE
constructs may lock up host (XSA-282)
5be2a308-x86-extend-get_platform_badpages.patch
5be2a354-x86-work-around-HLE-host-lockup-erratum.patch
- bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV
5bdc31d5-VMX-fix-vmx_handle_eoi.patch
- Upstream bug fixes (bsc#1027519)
5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch
5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch
5bacae4b-x86-boot-allocate-extra-module-slot.patch
5bae44ce-x86-silence-false-log-messages.patch
5bb60c12-x86-split-opt_xpti.patch
5bb60c4f-x86-split-opt_pv_l1tf.patch
5bb60c74-x86-fix-xpti-and-pv-l1tf.patch
5bcf0722-x86-boot-enable-NMIs.patch
5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch
5bd076e9-x86-boot-init-debug-regs-correctly.patch
5bd076e9-x86-init-vcpu-debug-regs-correctly.patch
5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch�- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even
when disabled (XSA-278)
5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch�- Use SMBIOS_REL_DATE instead of SMBIOS_DATE for reproducible binaries�- make package build reproducible (boo#1047218, boo#1062303)
* Set SMBIOS_REL_DATE
* Update tmp_build.patch to use SHA instead of random build-id
* Add reproducible.patch to use --no-insert-timestamp�- Building with ncurses 6.1 will fail without
xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch
- Building libxl acpi support on aarch64 with gcc 8.2 will fail without
xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch�- bsc#1106263 - L3: The affinity reporting via 'xl vcpu-list' is
apparently broken
5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch
5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch
5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch�- bsc#1094508 - L3: Kernel oops in fs/dcache.c called by
d_materialise_unique()
5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch
5b9784d2-x86-HVM-add-known_gla-helper.patch
5b9784f2-x86-HVM-split-page-straddling-accesses.patch
- bsc#1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen:
oxenstored does not apply quota-maxentity (XSA-272)
5b72fbbe-oxenstored-eval-order.patch
- bsc#1103275 - (CVE-2018-15469) VUL-0: CVE-2018-15469: xen: Use of
v2 grant tables may cause crash on ARM (XSA-268)
5b72fbbe-ARM-disable-grant-table-v2.patch
- Upstream patches from Jan (bsc#1027519)
5b6d84ac-x86-fix-improve-vlapic-read-write.patch
5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch
5b75afef-x86-setup-avoid-OoB-E820-lookup.patch
5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch
5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch
5b8d5832-x86-assorted-array_index_nospec-insertions.patch
- Drop 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch�- bsc#1078292 - rpmbuild -ba SPECS/xen.spec with xen-4.9.1 failed
xen.spec�- bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM
(XSA-273)
5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch
5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch
5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch
5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch
5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch
5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch
5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch
5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch
- bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect
MSR_DEBUGCTL handling lets guests enable BTS (XSA-269)
5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch
- Upstream prereq patches for XSA-273 and other upstream fixes
(bsc#1027519)
5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch
5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch
5b3cab8e-2-VMX-improve-MSR-load-save-API.patch
5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch
5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch
5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch
5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch
5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch
5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch
5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch
5b505fe5-VMX-fix-find-msr-build.patch
5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch
5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch
5b62ca93-VMX-avoid-hitting-BUG_ON.patch
5b6d8ce2-x86-XPTI-parsing.patch
5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch
5b72fbbf-xl.conf-Add-global-affinity-masks.patch
5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch�- Upstream patches from Jan (bsc#1027519)
5b3f8fa5-port-array_index_nospec-from-Linux.patch
5b4488e7-x86-spec-ctrl-cmdline-handling.patch
5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch
5b4c9a60-allow-cpu_down-to-be-called-earlier.patch
5b4db308-SVM-fix-cleanup-svm_inject_event.patch
5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch
5b5040f2-x86-AMD-distinguish-CU-from-HT.patch
5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch
5b508775-2-x86-possibly-bring-up-all-CPUs.patch
5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch
5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch
5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch
5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch
gcc8-fix-format-warning-on-i586.patch
gcc8-fix-array-warning-on-i586.patch
- Drop xen.fuzz-_FORTIFY_SOURCE.patch
gcc8-fix-warning-on-i586.patch�- Update to Xen 4.11.0 FCS (fate#325202, fate#325123)
xen-4.11.0-testing-src.tar.bz2
disable-building-pv-shim.patch
- Dropped patches
5a33a12f-domctl-improve-locking-during-domain-destruction.patch
5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch
5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch
5a9985bd-x86-invpcid-support.patch
5ac72a48-gcc8.patch
5ac72a5f-gcc8.patch
5ac72a64-gcc8.patch
5ac72a69-gcc8.patch
5ac72a6e-gcc8.patch
5ac72a74-gcc8.patch
5ac72a7b-gcc8.patch
5ad4923e-x86-correct-S3-resume-ordering.patch
5ad49293-x86-suppress-BTI-mitigations-around-S3.patch
5ad600d4-x86-pv-introduce-x86emul_read_dr.patch
5ad600d4-x86-pv-introduce-x86emul_write_dr.patch
5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch
5adda097-x86-HPET-fix-race-triggering-ASSERT.patch
5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch
5adde9ed-xpti-fix-double-fault-handling.patch
5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch
5ae31917-x86-cpuidle-init-stats-lock-once.patch
5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch
5aeaeaf0-sched-fix-races-in-vcpu-migration.patch
5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch
5aec7393-1-x86-xpti-avoid-copy.patch
5aec7393-2-x86-xpti-write-cr3.patch
5aec744a-3-x86-xpti-per-domain-flag.patch
5aec744a-4-x86-xpti-use-invpcid.patch
5aec744a-5-x86-xpti-no-global-pages.patch
5aec744a-6-x86-xpti-cr3-valid-flag.patch
5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch
5aec744b-8-x86-xpti-cr3-helpers.patch
5aec74a8-9-x86-xpti-use-pcid.patch
5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch
5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch
5af1daa9-3-x86-traps-use-IST-for-DB.patch
5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch
5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch
5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch
5af97999-viridian-cpuid-leaf-40000003.patch
5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch
5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch
5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch
5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch
5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch
5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch
5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch
5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch
5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch
5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch
5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch
5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch
5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch
5b0bc9da-x86-XPTI-fix-S3-resume.patch
5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch
5b0d2d91-x86-suppress-sync-when-XPTI-off.patch
5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch
5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch
5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch
5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch
5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch
5b238b92-x86-HVM-account-for-fully-eager-FPU.patch
5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch
5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b34882d-x86-mm-dont-bypass-preemption-checks.patch
5b348874-x86-refine-checks-in-DB-handler.patch
5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch
5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch
5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch
5b348954-x86-guard-against-NM.patch
libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch
libxl.LIBXL_DESTROY_TIMEOUT.patch
libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch
xen_fix_build_with_acpica_20180427_and_new_packages.patch�- Submit upstream patch libacpi: fixes for iasl >= 20180427
git commit 858dbaaeda33b05c1ac80aea0ba9a03924e09005
xen_fix_build_with_acpica_20180427_and_new_packages.patch
This is needed for acpica package to get updated in our build service�- Upstream patches from Jan (bsc#1027519)
5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch)
5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch)
5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch)
5b0bc9da-x86-XPTI-fix-S3-resume.patch
5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch
5b0d2d91-x86-suppress-sync-when-XPTI-off.patch
5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch
5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch
5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch
5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces xsa267-1.patch)
5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces xsa267-2.patch)
5b238b92-x86-HVM-account-for-fully-eager-FPU.patch
5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch
5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch)
5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch)
5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces xsa266-1-<>.patch)
5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces xsa266-2-<>.patch)
5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch
5b348954-x86-guard-against-NM.patch�- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch�- bsc#1098403 - fix regression introduced by changes for bsc#1079730
a PV domU without qcow2 and/or vfb has no qemu attached.
Ignore QMP errors for PV domUs to handle PV domUs with and without
an attached qemu-xen.
xen.bug1079730.patch�- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks
bypassed in x86 PV MM handling (XSA-264)
xsa264.patch
- bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception
safety check can be triggered by a guest (XSA-265)
xsa265.patch
- bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour
readonly flag on HVM emulated SCSI disks (XSA-266)
xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch
xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch�- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore
(XSA-267)
xsa267-1.patch
xsa267-2.patch�- bsc#1092543 - GCC 8: xen build fails
gcc8-fix-warning-on-i586.patch�- bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 – Speculative Store
Bypass aka "Memory Disambiguation" (XSA-263)
5ad4923e-x86-correct-S3-resume-ordering.patch
5ad49293-x86-suppress-BTI-mitigations-around-S3.patch
5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch
5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch
5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch
5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch
5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch
5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch
5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch
5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch
5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch
5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch
Spectre-v4-1.patch
Spectre-v4-2.patch
Spectre-v4-3.patch�- Always call qemus xen-save-devices-state in suspend/resume to
fix migration with qcow2 images (bsc#1079730)
libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch
libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch
xen.bug1079730.patch�- bsc#1087289 - L3: Xen BUG at sched_credit.c:1663
5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch
5aeaeaf0-sched-fix-races-in-vcpu-migration.patch
- Upstream patches from Jan (bsc#1027519)
5ad600d4-x86-pv-introduce-x86emul_read_dr.patch
5ad600d4-x86-pv-introduce-x86emul_write_dr.patch
5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch
5adda097-x86-HPET-fix-race-triggering-ASSERT.patch
5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch
5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch
5ae31917-x86-cpuidle-init-stats-lock-once.patch
5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch
5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch)
5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch)
5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch)
5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch)
5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch)
5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch)
5af97999-viridian-cpuid-leaf-40000003.patch�- Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254
5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch
5a9985bd-x86-invpcid-support.patch
5adde9ed-xpti-fix-double-fault-handling.patch
5aec7393-1-x86-xpti-avoid-copy.patch
5aec7393-2-x86-xpti-write-cr3.patch
5aec744a-3-x86-xpti-per-domain-flag.patch
5aec744a-4-x86-xpti-use-invpcid.patch
5aec744a-5-x86-xpti-no-global-pages.patch
5aec744a-6-x86-xpti-cr3-valid-flag.patch
5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch
5aec744b-8-x86-xpti-cr3-helpers.patch
5aec74a8-9-x86-xpti-use-pcid.patch�- bsc#1092543 - GCC 8: xen build fails
5ac72a48-gcc8.patch
5ac72a5f-gcc8.patch
5ac72a64-gcc8.patch
5ac72a69-gcc8.patch
5ac72a6e-gcc8.patch
5ac72a74-gcc8.patch
5ac72a7b-gcc8.patch
gcc8-inlining-failed.patch�- Update to Xen 4.10.1 bug fix release (bsc#1027519)
xen-4.10.1-testing-src.tar.bz2
disable-building-pv-shim.patch
- Drop the following patches contained in the new tarball
5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch
5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch
5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch
5a313972-x86-microcode-add-support-for-AMD-Fam17.patch
5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch
5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch
5a4caa8c-x86-E820-don-t-overrun-array.patch
5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch
5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch
5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch
5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch
5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch
5a4fd893-4-x86-introduce-cpuid_policy_updated.patch
5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch
5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch
5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch
5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch
5a4fd894-4-clarifications-to-wait-infrastructure.patch
5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch
5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch
5a5e2cff-x86-Meltdown-band-aid.patch
5a5e2d73-x86-Meltdown-band-aid-conditional.patch
5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch
5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch
5a5e3a4e-3-x86-report-speculative-mitigation-details.patch
5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch
5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch
5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch
5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch
5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch
5a5e459c-2-x86-report-domain-id-on-CPUID.patch
5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch
5a69c0b9-x86-fix-GET_STACK_END.patch
5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch
5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch
5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch
5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch
5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch
5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch
5a6b36cd-9-x86-issue-speculation-barrier.patch
5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch
5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch
5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch
5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch
5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch
5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch
5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch
5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch
5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch
5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch
5a955800-gnttab-dont-free-status-pages-on-ver-change.patch
5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch
5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch
5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch
5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch
5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch
5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch
5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch
xsa258.patch
xsa259.patch�- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of
debug exceptions (XSA-260)
xsa260-1.patch
xsa260-2.patch
xsa260-3.patch
xsa260-4.patch
- bsc#1090822 - VUL-0: CVE-2018-10982: xen: x86 vHPET interrupt
injection errors (XSA-261)
xsa261.patch
- bsc#1090823 - VUL-0: CVE-2018-10981: xen: qemu may drive Xen into
unbounded loop (XSA-262)
xsa262.patch�- bsc#1089152 - VUL-0: CVE-2018-10472: xen: Information leak via
crafted user-supplied CDROM (XSA-258)
xsa258.patch
- bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash
Xen with XPTI (XSA-259)
xsa259.patch�- Preserve xen-syms from xen-dbg.gz to allow processing vmcores
with crash(1) (bsc#1087251)�- Upstream patches from Jan (bsc#1027519) and fixes related to
Page Table Isolation (XPTI). See also bsc#1074562 XSA-254
5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch
5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch
5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch
5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch
5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch
5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch�- bsc#1072834 - Xen HVM: unchecked MSR access error: RDMSR from
0xc90 at rIP: 0xffffffff93061456 (native_read_msr+0x6/0x30)
5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch
- Upstream patches from Jan (bsc#1027519)
5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch
5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch
5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch
5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch
5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch
5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch
5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch (Replaces xsa252.patch)
5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch (Replaces xsa255-1.patch)
5a955800-gnttab-dont-free-status-pages-on-ver-change.patch (Replaces xsa255-2.patch)
5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch (Replaces xsa256.patch)
- Drop
xsa252.patch
xsa255-1.patch
xsa255-2.patch
xsa256.patch�- bsc#1080635 - VUL-0: CVE-2018-7540: xen: DoS via non-preemptable
L3/L4 pagetable freeing (XSA-252)
xsa252.patch
- bsc#1080662 - VUL-0: CVE-2018-7541: xen: grant table v2 -> v1
transition may crash Xen (XSA-255)
xsa255-1.patch
xsa255-2.patch
- bsc#1080634 - VUL-0: CVE-2018-7542: xen: x86 PVH guest without
LAPIC may DoS the host (XSA-256)
xsa256.patch�- Remove stale systemd presets code for 13.2 and older�- fate#324965 - add script, udev rule and systemd service to watch
for vcpu online/offline events in a HVM domU
They are triggered via xl vcpu-set domU N�- Replace hardcoded xen with Name tag when refering to subpkgs�- Make sure tools and tools-domU require libs from the very same build�- tools-domU: Add support for qemu guest agent. New files
80-xen-channel-setup.rules and xen-channel-setup.sh configure a
xen-pv-channel for use by the guest agent
FATE#324963�- Remove outdated /etc/xen/README*�- bsc#1073961 - VUL-0: CVE-2018-5244: xen: x86: memory leak with
MSR emulation (XSA-253)
5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch
- bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754
xen: Information leak via side effects of speculative execution
(XSA-254). Includes Spectre v2 mitigation.
5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch
5a4caa8c-x86-E820-don-t-overrun-array.patch
5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch
5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch
5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch
5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch
5a4fd893-4-x86-introduce-cpuid_policy_updated.patch
5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch
5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch
5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch
5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch
5a4fd894-4-clarifications-to-wait-infrastructure.patch
5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch
5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch
5a5e2cff-x86-Meltdown-band-aid.patch
5a5e2d73-x86-Meltdown-band-aid-conditional.patch
5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch
5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch
5a5e3a4e-3-x86-report-speculative-mitigation-details.patch
5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch
5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch
5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch
5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch
5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch
5a5e459c-2-x86-report-domain-id-on-CPUID.patch
5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch
5a69c0b9-x86-fix-GET_STACK_END.patch
5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch
5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch
5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch
5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch
5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch
5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch
5a6b36cd-9-x86-issue-speculation-barrier.patch
5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch
5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch�- Fix python3 deprecated atoi call (bsc#1067224)
pygrub-python3-conversion.patch
- Drop xenmon-python3-conversion.patch�- bsc#1067317 - pass cache=writeback|unsafe|directsync to qemu,
depending on the libxl disk settings
libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch�- Remove libxl.LIBXL_DESTROY_TIMEOUT.debug.patch�- bsc#1067224 - xen-tools have hard dependency on Python 2
build-python3-conversion.patch
bin-python3-conversion.patch�- bsc#1070165 - xen crashes after aborted localhost migration
5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch
- bsc#1035442 - L3: libxl: error: libxl.c:1676:devices_destroy_cb:
libxl__devices_destroy failed
5a33a12f-domctl-improve-locking-during-domain-destruction.patch
- Upstream patches from Jan (bsc#1027519)
5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch
5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch
5a313972-x86-microcode-add-support-for-AMD-Fam17.patch
5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch�- Update to Xen 4.10.0 FCS (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2�- Rebuild initrd if xen-tools-domU is updated�- Update to Xen 4.10.0-rc8 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2�- Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds
If many domUs shutdown in parallel the backends can not keep up
Add some debug output to track how long backend shutdown takes (bsc#1035442)
libxl.LIBXL_DESTROY_TIMEOUT.patch
libxl.LIBXL_DESTROY_TIMEOUT.debug.patch�- Adjust xenstore-run-in-studomain.patch to change the defaults
in the code instead of changing the sysconfig template, to also
cover the upgrade case�- Update to Xen 4.10.0-rc6 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2�- Since xen switched to Kconfig, building a debug hypervisor
was done by default. Adjust make logic to build a non-debug
hypervisor by default, and continue to provide one as xen-dbg.gz�- fate#316614: set migration constraints from cmdline
fix libxl.set-migration-constraints-from-cmdline.patch for xen-4.10�- Document the suse-diskcache-disable-flush option in
xl-disk-configuration(5) (bsc#879425,bsc#1067317)�- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)�- Update to Xen 4.10.0-rc5 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
- fate#323663 - Run Xenstore in stubdomain
xenstore-run-in-studomain.patch�- bsc#1067224 - xen-tools have hard dependency on Python 2
pygrub-python3-conversion.patch
xenmon-python3-conversion.patch
migration-python3-conversion.patch
xnloader.py
xen2libvirt.py�- Remove xendriverdomain.service (bsc#1065185)
Driver domains must be configured manually with custom .service file�- Update to Xen 4.10.0-rc3 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
- Drop 59f31268-libxc-remove-stale-error-check-for-domain-size.patch�- Adjust xen-dom0-modules.service to ignore errors (bsc#1065187)�- fate#324052 Support migration of Xen HVM domains larger than 1TB
59f31268-libxc-remove-stale-error-check-for-domain-size.patch�- Update to Xen 4.10.0-rc2 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2�- Update to Xen 4.10.0-rc1 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
- Drop patches included in new tarball
592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch
596f257e-x86-fix-hvmemul_insn_fetch.patch
5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch
598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch
598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch
5992f1e5-x86-grant-disallow-misaligned-PTEs.patch
5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch
5992f233-gnttab-correct-pin-status-fixup-for-copy.patch
59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch
59958ebf-gnttab-fix-transitive-grant-handling.patch
59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch
599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch
59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch
59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch
59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch
59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch
59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch
59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch
59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch
59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch
59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch
59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch
59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch
59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch
gcc7-arm.patch
gcc7-mini-os.patch�- bsc#1061084 - VUL-0: xen: page type reference leak on x86
(XSA-242)
xsa242.patch
- bsc#1061086 - VUL-0: xen: x86: Incorrect handling of self-linear
shadow mappings with translated guests (XSA-243)
xsa243.patch
- bsc#1061087 - VUL-0: xen: x86: Incorrect handling of IST settings
during CPU hotplug (XSA-244)
xsa244.patch�- bsc#1061077 - VUL-0: xen: DMOP map/unmap missing argument checks
(XSA-238)
xsa238.patch
- bsc#1061080 - VUL-0: xen: hypervisor stack leak in x86 I/O
intercept code (XSA-239)
xsa239.patch
- bsc#1061081 - VUL-0: xen: Unlimited recursion in linear pagetable
de-typing (XSA-240)
xsa240-1.patch
xsa240-2.patch
- bsc#1061082 - VUL-0: xen: Stale TLB entry due to page type
release race (XSA-241)
xsa241.patch�- bsc#1061075 - VUL-0: xen: pin count / page reference race in
grant table code (XSA-236)
xsa236.patch
- bsc#1061076 - VUL-0: xen: multiple MSI mapping issues on x86
(XSA-237)
xsa237-1.patch
xsa237-2.patch
xsa237-3.patch
xsa237-4.patch
xsa237-5.patch�- bsc#1056278 - VUL-0: xen: Missing NUMA node parameter
verification (XSA-231)
59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch
- bsc#1056280 - VUL-0: xen: Missing check for grant table (XSA-232)
59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch
- bsc#1056281 - VUL-0: xen: cxenstored: Race in domain cleanup
(XSA-233)
59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch
- bsc#1056282 - VUL-0: xen: insufficient grant unmapping checks for
x86 PV guests (XSA-234)
59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch
- bsc#1055321 - VUL-0: xen: add-to-physmap error paths fail to
release lock on ARM (XSA-235)
599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch
- Upstream patches from Jan (bsc#1027519)
59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch
59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch
59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch
59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch
59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch
59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch
59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch
59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch
- Dropped gcc7-xen.patch�- bsc#1057358 - Cannot Boot into SLES12.3 with Xen hypervisor when
Secure Boot is Enabled
xen.spec�- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored
update from v6 to v9 to cover more cases for ballooned domUs
libxc.sr.superpage.patch�- bsc#1026236 - remove suse_vtsc_tolerance= cmdline option for Xen
drop the patch because it is not upstream acceptable
remove xen.suse_vtsc_tolerance.patch�- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored
after the save using xl stack
libxc.sr.superpage.patch�- Unignore gcc-PIE
the toolstack disables PIE for firmware builds as needed�- Upstream patches from Jan (bsc#1027519)
592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch
596f257e-x86-fix-hvmemul_insn_fetch.patch
5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch
598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch
598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch
5992f1e5-x86-grant-disallow-misaligned-PTEs.patch (Replaces xsa227.patch)
5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch (Replaces xsa228.patch)
5992f233-gnttab-correct-pin-status-fixup-for-copy.patch (Replaces xsa230.patch)
59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch (Replaces xsa226-1.patch)
59958ebf-gnttab-fix-transitive-grant-handling.patch (Replaces xsa226-2.patch)
59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch�- bsc#1044974 - xen-tools require python-pam
xen.spec�- Clean up spec file errors and a few warnings. (bsc#1027519)
- Removed conditional 'with_systemd' and some old deprecated
'sles_version' checks.
xen.spec�- Remove use of brctl utiltiy from supportconfig plugin
FATE#323639�- Use upstream variant of mini-os __udivmoddi4 change
gcc7-mini-os.patch�- fate#323639 Move bridge-utils to legacy
replace-obsolete-network-configuration-commands-in-s.patch�- bsc#1052686 - VUL-0: xen: grant_table: possibly premature
clearing of GTF_writing / GTF_reading (XSA-230)
xsa230.patch�- bsc#1035231 - migration of HVM domU does not use superpages
on destination dom0
libxc.sr.superpage.patch�- bsc#1051787 - VUL-0: CVE-2017-12135: xen: possibly unbounded
recursion in grant table code (XSA-226)
xsa226-1.patch
xsa226-2.patch
- bsc#1051788 - VUL-0: CVE-2017-12137: xen: x86: PV privilege
escalation via map_grant_ref (XSA-227)
xsa227.patch
- bsc#1051789 - VUL-0: CVE-2017-12136: xen: grant_table: Race
conditions with maptrack free list handling (XSA-228)
xsa228.patch�- Add a supportconfig plugin
xen-supportconfig
FATE#323661�- bsc#1026236 - add suse_vtsc_tolerance= cmdline option for Xen
To avoid emulation of TSC access from a domU after live migration
add a global tolerance for the measured host kHz
xen.suse_vtsc_tolerance.patch�- fate#323662 Drop qemu-dm from xen-tools package
The following tarball and patches have been removed
qemu-xen-traditional-dir-remote.tar.bz2
VNC-Support-for-ExtendedKeyEvent-client-message.patch
0001-net-move-the-tap-buffer-into-TAPState.patch
0002-net-increase-tap-buffer-size.patch
0003-e1000-fix-access-4-bytes-beyond-buffer-end.patch
0004-e1000-secrc-support.patch
0005-e1000-multi-buffer-packet-support.patch
0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch
0007-e1000-verify-we-have-buffers-upfront.patch
0008-e1000-check-buffer-availability.patch
CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch
CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch
CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch
CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch
CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch
CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch
CVE-2015-4037-qemut-smb-config-dir-name.patch
CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch
CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch
CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch
CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch
CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch
CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch
CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch
CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch
CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch
CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch
CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch
CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch
CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch
CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch
CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch
CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch
CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch
CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch
blktap.patch
cdrom-removable.patch
xen-qemu-iscsi-fix.patch
qemu-security-etch1.patch
xen-disable-qemu-monitor.patch
xen-hvm-default-bridge.patch
qemu-ifup-set-mtu.patch
ioemu-vnc-resize.patch
capslock_enable.patch
altgr_2.patch
log-guest-console.patch
bdrv_open2_fix_flags.patch
bdrv_open2_flags_2.patch
ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch
qemu-dm-segfault.patch
bdrv_default_rwflag.patch
kernel-boot-hvm.patch
ioemu-watchdog-support.patch
ioemu-watchdog-linkage.patch
ioemu-watchdog-ib700-timer.patch
ioemu-hvm-pv-support.patch
pvdrv_emulation_control.patch
ioemu-disable-scsi.patch
ioemu-disable-emulated-ide-if-pv.patch
xenpaging.qemu.flush-cache.patch
ioemu-devicemodel-include.patch
- Cleanup spec file and remove unused KMP patches
kmp_filelist
supported_module.patch
xen_pvonhvm.xen_emul_unplug.patch�- bsc#1002573 - Optimize LVM functions in block-dmmd
block-dmmd�- Record initial Xen dmesg in /var/log/xen/xen-boot.log for
supportconfig. Keep previous log in /var/log/xen/xen-boot.prev.log�- Remove storytelling from description in xen.rpm�- Update to Xen 4.9.0 FCS (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- Update block-dmmd script (bsc#1002573)
block-dmmd�- Update to Xen 4.9.0-rc8+ (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
gcc7-arm.patch
- Drop gcc7-error-xenpmd.patch�- Update to Xen 4.9.0-rc8 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop
due to incorrect return value
CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch�- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory
leakage via capture buffer
CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch�- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- bsc#1031343 - xen fails to build with GCC 7
gcc7-mini-os.patch
gcc7-xen.patch�- bsc#1031343 - xen fails to build with GCC 7
gcc7-error-xenpmd.patch�- Update to Xen 4.9.0-rc5 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
- Drop xen-tools-pkgconfig-xenlight.patch�- bsc#1037779 - xen breaks kexec-tools build
xen-tools-pkgconfig-xenlight.patch�- Update to Xen 4.9.0-rc4 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- bsc#1036146 - sles12sp2 xen VM dumps core to wrong path
xen.spec�- Update to Xen 4.9.0-rc3 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
aarch64-maybe-uninitialized.patch�- Update to Xen 4.9.0-rc2 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- Update to Xen 4.9.0-rc1 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
ioemu-devicemodel-include.patch
- Dropped patches contained in new tarball
xen-4.8.0-testing-src.tar.bz2
0001-xenstore-let-write_node-and-some-callers-return-errn.patch
0002-xenstore-undo-function-rename.patch
0003-xenstore-rework-of-transaction-handling.patch
584806ce-x86emul-correct-PUSHF-POPF.patch
584fc649-fix-determining-when-domain-creation-is-complete.patch
58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch
58510cac-x86emul-MOVNTI-no-REP-prefixes.patch
58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch
5853ed37-VT-d-correct-dma_msi_set_affinity.patch
5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch
58580060-x86-emul-correct-SYSCALL-eflags-handling.patch
585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch
585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch
585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch
586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch
587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch
587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch
5882129d-x86emul-LOCK-check-adjustments.patch
58821300-x86-segment-attribute-handling.patch
58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch
58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch
5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch
5887888f-credit2-never-consider-CPUs-outside-of-pool.patch
5887888f-credit2-use-the-correct-scratch-cpumask.patch
5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch
5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch
589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch
58a44771-IOMMU-always-call-teardown-callback.patch
58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch
58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch
58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch
58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch
58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch
58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch
58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch
58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch
58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch
58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch
58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch
58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch
58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch
CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch
CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch
glibc-2.25-compatibility-fix.patch
xs-09-add_change_node-params.patch
xs-10-call-add_change_node.patch
xs-11-tdb-record-header.patch
xs-12-node-gen-count.patch
xs-13-read-directory-part-support.patch
xs-14-command-array.patch
xs-15-command-return-val.patch
xs-16-function-static.patch
xs-17-arg-parsing.patch
xs-18-default-buffer.patch
xs-19-handle-alloc-failures.patch
xs-20-tdb-version.patch
xs-21-empty-tdb-database.patch
xs-22-reopen_log-fix.patch
xs-23-XS_DEBUG-rename.patch
xs-24-xenstored_control.patch
xs-25-control-enhance.patch
xs-26-log-control.patch
xs-27-memory-report.patch
xs-28-remove-talloc-report.patch
xs-29-define-off_t.patch
xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch
xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch�- bsc#1022703 - Xen HVM guest with OVMF hangs with unattached CDRom
58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch�- bsc#1015348 - L3: libvirtd does not start during boot
suse-xendomains-service.patch�- bsc#1014136 - Partner-L3: kdump can't dump a kernel on SLES12-SP2
with Xen hypervisor.
58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch
- bsc#1026236 - L3: Paravirtualized vs. fully virtualized migration
- latter one much faster
58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch
- Upstream patch from Jan
58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch
58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch
58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch�- bsc#1022555 - L3: Timeout in "execution of /etc/xen/scripts/block
add"
58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch
0001-xenstore-let-write_node-and-some-callers-return-errn.patch
0002-xenstore-undo-function-rename.patch
0003-xenstore-rework-of-transaction-handling.patch
- bsc#1030144 - VUL-0: xen: xenstore denial of service via repeated
update (XSA-206)
xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch
xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch
- bsc#1029827 - Forward port xenstored
xs-09-add_change_node-params.patch
xs-10-call-add_change_node.patch
xs-11-tdb-record-header.patch
xs-12-node-gen-count.patch
xs-13-read-directory-part-support.patch
xs-14-command-array.patch
xs-15-command-return-val.patch
xs-16-function-static.patch
xs-17-arg-parsing.patch
xs-18-default-buffer.patch
xs-19-handle-alloc-failures.patch
xs-20-tdb-version.patch
xs-21-empty-tdb-database.patch
xs-22-reopen_log-fix.patch
xs-23-XS_DEBUG-rename.patch
xs-24-xenstored_control.patch
xs-25-control-enhance.patch
xs-26-log-control.patch
xs-27-memory-report.patch
xs-28-remove-talloc-report.patch
xs-29-define-off_t.patch�- bsc#1029128 - fix make xen to really produce xen.efi with gcc48�- bsc#1028235 - VUL-0: CVE-2017-6505: xen: qemu: usb: an infinite
loop issue in ohci_service_ed_list
CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch
- Upstream patches from Jan (bsc#1027519)
5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch
5887888f-credit2-use-the-correct-scratch-cpumask.patch
5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch
589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch
58a44771-IOMMU-always-call-teardown-callback.patch
58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch
58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch
58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch
58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch
58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch
58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch�- bsc#1027654 - XEN fails to build against glibc 2.25
glibc-2.25-compatibility-fix.patch
libxl.pvscsi.patch�- fate#316613: Refresh and enable libxl.pvscsi.patch�- bsc#1024834 - VUL-0: CVE-2017-2620: xen: cirrus_bitblt_cputovideo
does not check if memory region is safe (XSA-209)
CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch�- bsc#1023948 - [pvusb][sles12sp3][openqa] Segmentation fault
happened when adding usbctrl devices via xl
589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch�- Upstream patches from Jan (bsc#1027519)
587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch
587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch
5882129d-x86emul-LOCK-check-adjustments.patch
58821300-x86-segment-attribute-handling.patch
58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch
58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch
5887888f-credit2-use-the-correct-scratch-cpumask.patch
5887888f-credit2-never-consider-CPUs-outside-of-pool.patch
5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch
5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch�- bsc#1023004 - VUL-0: CVE-2017-2615: qemu: display: cirrus: oob
access while doing bitblt copy backward mode
CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch�- fate#322313 and fate#322150 require the acpica package ported to
aarch64 which Xen 4.8 needs to build. Temporarily disable aarch64
until these fates are complete.
xen.spec�- bsc#1021952 - Virutalization/xen: Bug xen-tools missing
/usr/bin/domu-xenstore; guests fail to launch
tmp_build.patch
xen.spec�- No systemd presets for 42.3+ and SLE12SP3+ (bsc#1012842)�- bsc#1007224 - broken symlinks in /usr/share/doc/packages/xen/misc/
xen.spec�- 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch
Replaces xsa202.patch (bsc#1014298)
- 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch
Replaces xsa203.patch (bsc#1014300)
- 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch
Replaces xsa204.patch (bsc#1016340)
- Upstream patches from Jan
58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch
5853ed37-VT-d-correct-dma_msi_set_affinity.patch
5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch
585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch
586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch�- bsc#1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu:
display: cirrus_vga: a divide by zero in cirrus_do_copy
CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch�- bsc#1016340 - VUL-0: CVE-2016-10013: xen: x86: Mishandling of
SYSCALL singlestep during emulation (XSA-204)
xsa204.patch�- bsc#1012651 - VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation
fails to ignore operand size override (XSA-200)
58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch�- bsc#1014298 - VUL-0: CVE-2016-10024: xen: x86 PV guests may be
able to mask interrupts (XSA-202)
xsa202.patch
- bsc#1014300 - VUL-0: CVE-2016-10025: xen: x86: missing NULL
pointer check in VMFUNC emulation (XSA-203)
xsa203.patch
- Upstream patches from Jan
584806ce-x86emul-correct-PUSHF-POPF.patch
584fc649-fix-determining-when-domain-creation-is-complete.patch
58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch
58510cac-x86emul-MOVNTI-no-REP-prefixes.patch�- Update to Xen 4.8 FCS
xen-4.8.0-testing-src.tar.bz2
- Dropped
xen-4.7.1-testing-src.tar.bz2
0001-libxc-Rework-extra-module-initialisation.patch
0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch
0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch
0004-firmware-makefile-install-BIOS-blob.patch
0005-libxl-Load-guest-BIOS-from-file.patch
0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch
0007-hvmloader-Grab-the-hvm_start_info-pointer.patch
0008-hvmloader-Locate-the-BIOS-blob.patch
0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch
0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch
0011-hvmloader-Load-OVMF-from-modules.patch
0012-hvmloader-Specific-bios_load-function-required.patch
0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch
0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch
57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch
576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch
5769106e-x86-generate-assembler-equates-for-synthesized.patch
57a1e603-x86-time-adjust-local-system-time-initialization.patch
57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch
57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch
57a30261-x86-support-newer-Intel-CPU-models.patch
5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch
581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch
581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch
58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch
582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch
582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch
58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch
58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch
58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch
58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch
58343ec2-x86emul-fix-huge-bit-offset-handling.patch
58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch
58343f44-x86-svm-fix-injection-of-software-interrupts.patch
58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch
CVE-2016-9381-xsa197-qemut.patch
CVE-2016-9637-xsa199-qemut.patch�- bsc#1011652 - VUL-0: xen: qemu ioport array overflow
CVE-2016-9637-xsa199-qemut.patch�- bsc#1009100 - VUL-0: CVE-2016-9386: XSA-191: xen: x86 null
segments not always treated as unusable
58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch
- bsc#1009103 - VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch
to VM86 mode mis-handled
58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch
- bsc#1009104 - VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base
write emulation lacking canonical address checks
58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch
- bsc#1009105 - VUL-0: CVE-2016-9384: XSA-194: xen: guest 32-bit
ELF symbol table load leaking host data
58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch
- bsc#1009107 - VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit
test instruction emulation broken
58343ec2-x86emul-fix-huge-bit-offset-handling.patch
- bsc#1009108 - VUL-0: CVE-2016-9377,CVE-2016-9378: XSA-196: xen:
x86 software interrupt injection mis-handled
58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch
58343f44-x86-svm-fix-injection-of-software-interrupts.patch
- bsc#1009109 - VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious
about shared ring processing
CVE-2016-9381-xsa197-qemut.patch
- bsc#1009111 - VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen:
delimiter injection vulnerabilities in pygrub
58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch
- Upstream patches from Jan
581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch
581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch
58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch
582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch
582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch�- Update to Xen Version 4.7.1
xen-4.7.1-testing-src.tar.bz2
- Dropped patches contained in new tarball
xen-4.7.0-testing-src.tar.bz2
575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch
57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch
57973099-have-schedulers-revise-initial-placement.patch
579730e6-remove-buggy-initial-placement-algorithm.patch
57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch
57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch
57ac6316-don-t-restrict-DMA-heap-to-node-0.patch
57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch
57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch
57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch
57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch
57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch
57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch
57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch
57c82be2-x86-32on64-adjust-call-gate-emulation.patch
57c93e52-fix-error-in-libxl_device_usbdev_list.patch
57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch
57c96e2c-x86-correct-PT_NOTE-file-position.patch
57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch
57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch
57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch
57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch
57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch
57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch
57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch
57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch
57da8883-credit1-fix-mask-to-be-used-for-tickling.patch
57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch
57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch
57e93e1d-x86emul-correct-loading-of-ss.patch
57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch
57e93e89-x86-AMD-apply-erratum-665-workaround.patch
57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch
57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch
57fb6a91-x86-defer-not-present-segment-checks.patch
5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch
5800caec-x86emul-fix-pushing-of-selector-registers.patch
5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch
580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch
57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch�- bsc#1004981 - Xen RPM doesn't contain debug hypervisor for EFI
systems
xen.spec�- bsc#1000106 - VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not
always honored for x86 HVM guests (XSA-190)
57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch
- bsc#996191 - [XEN][acpi]residency -n 88 -c will cause xen panic
on broadwell-ep
57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch
- Upstream patches from Jan
57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch
57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch
57da8883-credit1-fix-mask-to-be-used-for-tickling.patch
57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch
57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch
57e93e1d-x86emul-correct-loading-of-ss.patch
57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch
57e93e89-x86-AMD-apply-erratum-665-workaround.patch
57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch
57fb6a91-x86-defer-not-present-segment-checks.patch
5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch
5800caec-x86emul-fix-pushing-of-selector-registers.patch
5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch
580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch
5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch�- bsc#1007941 - Xen tools limit the number of vcpus to 256 when the
system has 384
xen-arch-kconfig-nr_cpus.patch�- bsc#1007157 - VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite
loop while transmit in C+ mode
CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch�- bsc#1005004 - CVE-2016-8667: xen: dma: rc4030 divide by zero
error in set_next_tick
CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch
- bsc#1005005 - VUL-0: CVE-2016-8669: xen: char: divide by zero
error in serial_update_parameters
CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch�- bsc#1003030 - VUL-0: CVE-2016-7908: xen: net: Infinite loop in
mcf_fec_do_tx
CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch
- bsc#1003032 - VUL-0: CVE-2016-7909: xen: net: pcnet: infinite
loop in pcnet_rdra_addr
CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch�- bsc#995785 - VUL-0: CVE-2016-7092: xen: x86: Disallow L3
recursive pagetable for 32-bit PV guests (XSA-185)
57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch
- bsc#995789 - VUL-0: CVE-2016-7093: xen: x86: Mishandling of
instruction pointer truncation during emulation (XSA-186)
57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch
57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch
- bsc#995792 - VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of
sh_ctxt->seg_reg[] (XSA-187)
57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch
57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch
- bsc#991934 - xen hypervisor crash in csched_acct
57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch
- Upstream patches from Jan
57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch
57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch
57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch
57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch
57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch
57c82be2-x86-32on64-adjust-call-gate-emulation.patch
57c96e2c-x86-correct-PT_NOTE-file-position.patch
57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch�- bsc#979002 - add 60-persistent-xvd.rules and helper script
also to initrd, add the relevant dracut helper�- bnc#953518 - unplug also SCSI disks in qemu-xen-traditional for
upstream unplug protocol�- bsc#989679 - [pvusb feature] USB device not found when
'virsh detach-device guest usb.xml'
57c93e52-fix-error-in-libxl_device_usbdev_list.patch�- bsc#992224 - [HPS Bug] During boot of Xen Hypervisor, Failed to
get contiguous memory for DMA from Xen
57ac6316-don-t-restrict-DMA-heap-to-node-0.patch
- bsc#978755 - xen uefi systems fail to boot
- bsc#983697 - SLES12 SP2 Xen UEFI mode cannot boot
57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch
- Upstream patch from Jan
57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch�- spec: to stay compatible with the in-tree qemu-xen binary, use
/usr/bin/qemu-system-i386 instead of /usr/bin/qemu-system-x86_64
bsc#986164�- bsc#970135 - new virtualization project clock test randomly fails
on Xen
576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch
5769106e-x86-generate-assembler-equates-for-synthesized.patch
57a1e603-x86-time-adjust-local-system-time-initialization.patch
57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch
57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch
- bsc#991934 - xen hypervisor crash in csched_acct
57973099-have-schedulers-revise-initial-placement.patch
579730e6-remove-buggy-initial-placement-algorithm.patch
- bsc#988675 - VUL-0: CVE-2016-6258: xen: x86: Privilege escalation
in PV guests (XSA-182)
57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch
- bsc#988676 - VUL-0: CVE-2016-6259: xen: x86: Missing SMAP
whitelisting in 32-bit exception / event delivery (XSA-183)
57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch
- Upstream patches from Jan
57a30261-x86-support-newer-Intel-CPU-models.patch�- bsc#985503 - vif-route broken
vif-route.patch�- bsc#978413 - PV guest upgrade from sles11sp4 to sles12sp2 alpha3
failed on sles11sp4 xen host.
pygrub-handle-one-line-menu-entries.patch�- bsc#990843 - VUL-1: CVE-2016-6351: xen: qemu: scsi: esp: OOB
write access in esp_do_dma
CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch�- bsc#900418 - Dump cannot be performed on SLES12 XEN
57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch
- Upstream patches from Jan
575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch
57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch�- fate#319989 - Update to Xen 4.7 FCS
xen-4.7.0-testing-src.tar.bz2
- Drop CVE-2014-3672-qemut-xsa180.patch�- bsc#954872 - script block-dmmd not working as expected - libxl:
error: libxl_dm.c (Additional fixes)
block-dmmd�- Convert with_stubdom into build_conditional to allow adjusting
via prjconf
- Convert with_debug into build_conditional to allow adjusting
via prjconf�- bsc#979002 - add 60-persistent-xvd.rules and helper script to
xen-tools-domU to simplify transition to pvops based kernels�- Convert with_oxenstored into build_conditional to allow
adjusting via prjconf (fate#320836)�- bsc#983984 - VUL-0: CVE-2016-5338: xen: qemu: scsi: esp: OOB r/w
access while processing ESP_FIFO
CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch
- bsc#982960 - VUL-0: CVE-2016-5238: xen: qemu: scsi: esp: OOB
write when using non-DMA mode in get_cmd
CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch�- fate#319989 - Update to Xen 4.7 RC5
xen-4.7.0-testing-src.tar.bz2�- fate#319989 - Update to Xen 4.7 RC4
xen-4.7.0-testing-src.tar.bz2
- Dropped
xen.pkgconfig-4.7.patch
xsa164.patch�- bsc#981264 - VUL-0: CVE-2014-3672: xen: Unrestricted qemu logging
(XSA-180)
CVE-2014-3672-qemut-xsa180.patch�- bsc#980724 - VUL-0: CVE-2016-4441: Qemu: scsi: esp: OOB write
while writing to 's->cmdbuf' in get_cmd
CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch
- bsc#980716 - VUL-0: CVE-2016-4439: xen: scsi: esp: OOB write
while writing to 's->cmdbuf' in esp_reg_write
CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch�- fate#319989 - Update to Xen 4.7 RC3
xen-4.7.0-testing-src.tar.bz2
- Dropped
libxl-remove-cdrom-cachemode.patch
x86-PoD-only-reclaim-if-needed.patch
gcc6-warnings-as-errors.patch�- bsc#954872 - script block-dmmd not working as expected - libxl:
error: libxl_dm.c (another modification)
block-dmmd�- fate#319989 - Update to Xen 4.7 RC2
xen-4.7.0-testing-src.tar.bz2�- bsc#961600 - L3: poor performance when Xen HVM domU configured
with max memory > current memory
x86-PoD-only-reclaim-if-needed.patch�- Mark SONAMEs and pkgconfig as xen 4.7
xen.pkgconfig-4.7.patch�- bsc#977329 - Xen: Cannot boot HVM guests with empty cdrom
libxl-remove-cdrom-cachemode.patch�- fate#319989 - Update to Xen 4.7 RC1
xen-4.7.0-testing-src.tar.bz2�- fate#316614: set migration constraints from cmdline
restore libxl.set-migration-constraints-from-cmdline.patch�- Remove obsolete patch for xen-kmp
magic_ioport_compat.patch�- fate#316613: update to v12
libxl.pvscsi.patch�- Update to the latest Xen 4.7 pre-release c2994f86
Drop libxl.migrate-legacy-stream-read.patch�- bnc#972756 - Can't migrate HVM guest from SLES12SP1 Xen host
to SLES12SP2 Alpha 1 host using xl migrate
libxl.migrate-legacy-stream-read.patch�- Add patches from proposed upstream series to load BIOS's from
the toolstack instead of embedding in hvmloader
http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html
0001-libxc-Rework-extra-module-initialisation.patch,
0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch,
0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch,
0004-firmware-makefile-install-BIOS-blob.patch,
0005-libxl-Load-guest-BIOS-from-file.patch,
0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch,
0007-hvmloader-Grab-the-hvm_start_info-pointer.patch,
0008-hvmloader-Locate-the-BIOS-blob.patch,
0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch,
0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch,
0011-hvmloader-Load-OVMF-from-modules.patch,
0012-hvmloader-Specific-bios_load-function-required.patch,
0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch,
0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch
- Enable support for UEFI on x86_64 using the ovmf-x86_64-ms.bin
firmware from qemu-ovmf-x86_64. The firmware is preloaded with
Microsoft keys to more closely resemble firmware on real hardware
FATE#320490�- fate#319989: Update to Xen 4.7 (pre-release)
xen-4.7.0-testing-src.tar.bz2
- Dropped:
xen-4.6.1-testing-src.tar.bz2
55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch
hotplug-Linux-block-performance-fix.patch
set-mtu-from-bridge-for-tap-interface.patch
xendomains-libvirtd-conflict.patch
xsa154.patch
xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
xsa170.patch�- Use system SeaBIOS instead of building/installing another one
FATE#320638
Dropped files:
seabios-dir-remote.tar.bz2
xen-c99-fix.patch
xen.build-compare.seabios.patch�- spec: drop BuildRequires that were only needed for qemu-xen�- bsc#969377 - xen does not build with GCC 6
ipxe-use-rpm-opt-flags.patch
gcc6-warnings-as-errors.patch�- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite
loop in ne2000_receive
CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
- Drop xsa154-fix.patch�- Use system qemu instead of building/installing yet another qemu
FATE#320638
- Dropped files
qemu-xen-dir-remote.tar.bz2
CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
CVE-2015-4037-qemuu-smb-config-dir-name.patch
CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch
CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch
CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch
CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch
CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch
CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch
qemu-xen-enable-spice-support.patch
qemu-xen-upstream-qdisk-cache-unsafe.patch
tigervnc-long-press.patch
xsa162-qemuu.patch�- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer
dereference in vapic_write()
CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch�- bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in
remote NDIS control message handling
CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch�- bsc#954872 - L3: script block-dmmd not working as expected -
libxl: error: libxl_dm.c
block-dmmd
- Update libxl to recognize dmmd and npiv prefix in disk spec
xen.libxl.dmmd.patch�- bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers
in ohci module leads to null pointer dereference
CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch
CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch
- bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer
dereference in remote NDIS control message handling
CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch�- Update to Xen Version 4.6.1
xen-4.6.1-testing-src.tar.bz2
- Dropped patches now contained in tarball or unnecessary
xen-4.6.0-testing-src.tar.bz2
5604f239-x86-PV-properly-populate-descriptor-tables.patch
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
5632129c-free-domain-s-vcpu-array.patch
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
563212e4-xenoprof-free-domain-s-vcpu-array.patch
563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch
56549f24-x86-vPMU-document-as-unsupported.patch
5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch
xsa155-qemut-qdisk-double-access.patch
xsa155-qemut-xenfb.patch
xsa155-qemuu-qdisk-double-access.patch
xsa155-qemuu-xenfb.patch
xsa159.patch
xsa160.patch
xsa162-qemut.patch
xsa165.patch
xsa166.patch
xsa167.patch
xsa168.patch�- bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent
cachability flags on guest mappings (XSA-154)
xsa154.patch
- bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may
crash guest with non-canonical RIP (XSA-170)
xsa170.patch�- bsc#965269 - VUL-1: CVE-2015-8619: xen: stack based OOB write in
hmp_sendkey routine
CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch�- bsc#965156 - VUL-0: CVE-2015-6855: xen: ide: divide by zero issue
CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch
- bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref
in sosendto()
CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch�- bsc#964947 - VUL-0: CVE-2015-5278: xen: Infinite loop in
ne2000_receive() function
CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch
- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100:
infinite loop in processing command block list
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch�- bsc#964644 - VUL-0: CVE-2013-4533: xen pxa2xx: buffer overrun on
incoming migration
CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch
- bsc#964925 - VUL-0: CVE-2014-0222: xen: qcow1: validate L2 table
size to avoid integer overflows
CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch
- Dropped CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch�- bsc#964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer
dereference in ehci_caps_write
CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch
- bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun
on incoming migration
CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch�- bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop
in start_xmit and e1000_receive_iov routines
CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch�- bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun
on invalid state load
CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch�- bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient
resource limiting in VNC websockets decoder
CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
- bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on
invalid state load
CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch
- bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient
bits_per_pixel from the client sanitization
CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch�- bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer
overun on invalid state
CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch
- bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer
overflow in non-loopback mode
CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch�- bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in
processing firmware configurations
CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch�- bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based
buffer overflow in megasas_ctrl_get_info
CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
- bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci
use-after-free vulnerability in aio port commands
CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch�- bsc#959695 - missing docs for xen
xen.spec�- bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with
INVLPG on non-canonical address (XSA-168)
xsa168.patch
- bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage
functionality missing sanity checks (XSA-167)
xsa167.patch
- bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect
l2 header validation leads to a crash via assert(2) call
CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch�- bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers
leads to a crash via assert(2) call
CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
- bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access
in ioport r/w functions
CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch�- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional
logging upon guest changing callback method (XSA-169)
5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch�- Adjust xen-dom0-modules.service to run Before xenstored.service
instead of proc-xen.mount to workaround a bug in systemd "design"
(bnc#959845)�- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net:
vmxnet3: host memory leakage
CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch�- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers
incautious about shared memory contents (XSA-155)
xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
xsa155-qemuu-qdisk-double-access.patch
xsa155-qemut-qdisk-double-access.patch
xsa155-qemuu-xenfb.patch
xsa155-qemut-xenfb.patch
- bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop
in ehci_advance_state results in DoS
CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
- bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer
dereference issue
CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
- bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid
floating point exception
CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
- bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in
MSI-X handling (XSA-164)
xsa164.patch
- bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in
legacy x86 FPU/XMM initialization (XSA-165)
xsa165.patch
- bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to
multiple read issue (XSA-166)
xsa166.patch�- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100:
infinite loop in processing command block list
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
- Upstream patches from Jan
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch)
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
56544a57-VMX-fix-adjust-trap-injection.patch
56546ab2-sched-fix-insert_vcpu-locking.patch�- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163)
56549f24-x86-vPMU-document-as-unsupported.patch
- bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen:
XENMEM_exchange error handling issues (XSA-159)
xsa159.patch
- bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel
and initrd on error (XSA-160)
xsa160.patch
- bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow
vulnerability in pcnet emulator (XSA-162)
xsa162-qemuu.patch
xsa162-qemut.patch
- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour
readonly flag on disks with qemu-xen (xsa-142)
5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch
5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch�- fate#315712: XEN: Use the PVOPS kernel
Turn off building the KMPs now that we are using the pvops kernel
xen.spec�- Upstream patches from Jan
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch)
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
563212e4-xenoprof-free-domain-s-vcpu-array.patch
563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch)
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
- Dropped 55b0a2db-x86-MSI-track-guest-masking.patch�- Use upstream variants of block-iscsi and block-nbd�- Remove xenalyze.hg, its part of xen-4.6�- Update to Xen Version 4.6.0
xen-4.6.0-testing-src.tar.bz2
mini-os.tar.bz2
blktap2-no-uninit.patch
stubdom-have-iovec.patch
- Renamed
xsa149.patch to CVE-2015-7969-xsa149.patch
- Dropped patches now contained in tarball or unnecessary
xen-4.5.2-testing-src.tar.bz2
54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch
54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch
54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch
54f4985f-libxl-fix-libvirtd-double-free.patch
55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch
551ac326-xentop-add-support-for-qdisk.patch
552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch
552d0fe8-x86-mtrr-include-asm-atomic.h.patch
552d293b-x86-vMSI-X-honor-all-mask-requests.patch
552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch
5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch
5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
554c7aee-x86-provide-arch_fetch_and_add.patch
554c7b00-arm-provide-arch_fetch_and_add.patch
554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch
55534b25-arm-provide-add_sized.patch
5555a4f8-use-ticket-locks-for-spin-locks.patch
5555a5b9-x86-arm-remove-asm-spinlock-h.patch
5555a8ec-introduce-non-contiguous-allocation.patch
556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch
55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
557eb55f-gnttab-per-active-entry-locking.patch
557eb5b6-gnttab-introduce-maptrack-lock.patch
557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch
557ffab8-evtchn-factor-out-freeing-an-event-channel.patch
5582bf43-evtchn-simplify-port_is_valid.patch
5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch
5583d9c5-x86-MSI-X-cleanup.patch
5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch
5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch
5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch
5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch
5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch
5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch
55b0a218-x86-PCI-CFG-write-intercept.patch
55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch
55b0a2ab-x86-MSI-X-enable.patch blktapctrl-close-fifos.patch
blktapctrl-default-to-ioemu.patch blktapctrl-disable-debug-printf.patch
blktap-no-uninit.patch blktap-pv-cdrom.patch build-tapdisk-ioemu.patch
ioemu-bdrv-open-CACHE_WB.patch ioemu-blktap-barriers.patch
ioemu-blktap-fv-init.patch ioemu-blktap-image-format.patch
ioemu-blktap-zero-size.patch libxl.set-migration-constraints-from-cmdline.patch
local_attach_support_for_phy.patch pci-attach-fix.patch
qemu-xen-upstream-megasas-buildtime.patch tapdisk-ioemu-logfile.patch
tapdisk-ioemu-shutdown-fix.patch udev-rules.patch xen.build-compare.ipxe.patch
xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch
xen.build-compare.vgabios.patch xen.build-compare.xen_compile_h.patch
xl-coredump-file-location.patch�- bsc#954405 - VUL-0: CVE-2015-8104: Xen: guest to host DoS by
triggering an infinite loop in microcode via #DB exception
- bsc#954018 - VUL-0: CVE-2015-5307: xen: x86: CPU lockup during
fault delivery (XSA-156)
CVE-2015-5307-xsa156.patch�- Update to Xen 4.5.2
xen-4.5.2-testing-src.tar.bz2
- Drop the following
xen-4.5.1-testing-src.tar.bz2
552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch
5576f178-kexec-add-more-pages-to-v1-environment.patch
55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch
558bfaa0-x86-traps-avoid-using-current-too-early.patch
5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch
559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch
559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch
559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch
559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch
559bdde5-pull-in-latest-linux-earlycpio.patch
55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch
55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch
55a77e4f-dmar-device-scope-mem-leak-fix.patch
55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch
55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch
55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch
55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch
55e43fd8-x86-NUMA-fix-setup_node.patch
55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch
55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch
55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch
55f9345b-x86-MSI-fail-if-no-hardware-support.patch
5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch
560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch
560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch
560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch
560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch
560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
CVE-2015-4106-xsa131-9.patch CVE-2015-3259-xsa137.patch
CVE-2015-7311-xsa142.patch CVE-2015-7835-xsa148.patch
xsa139-qemuu.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch
xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch
xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch
xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch
xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch
xsa151.patch xsa152.patch xsa153-libxl.patch
CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch
CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch
CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch
CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch
CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch"�- bsc#950704 - CVE-2015-7970 VUL-1: xen: x86: Long latency
populate-on-demand operation is not preemptible (XSA-150)
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch�- Upstream patches from Jan
5604f239-x86-PV-properly-populate-descriptor-tables.patch
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch
561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch�- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand
balloon size inaccuracy can crash guests (XSA-153)
xsa153-libxl.patch�- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain
vcpu pointer array (DoS) (XSA-149)
xsa149.patch
- bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain
profiling-related vcpu pointer array (DoS) (XSA-151)
xsa151.patch
- bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and
profiling hypercalls log without rate limiting (XSA-152)
xsa152.patch
- Dropped
55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch
5604f239-x86-PV-properly-populate-descriptor-tables.patch�- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure
temporary file use in /net/slirp.c
CVE-2015-4037-qemuu-smb-config-dir-name.patch
CVE-2015-4037-qemut-smb-config-dir-name.patch
- bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table
size to avoid integer overflows
CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch�- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled
creation of large page mappings by PV guests (XSA-148)
CVE-2015-7835-xsa148.patch�- bsc#949138 - Setting vcpu affinity under Xen causes libvirtd
abort
54f4985f-libxl-fix-libvirtd-double-free.patch�- bsc#949046 - Increase %suse_version in SP1 to 1316
xen.spec
- Update README.SUSE detailing dom0 ballooning recommendations�- bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’
secondly show errors
55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
- Upstream patches from Jan
55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch
55f9345b-x86-MSI-fail-if-no-hardware-support.patch
5604f239-x86-PV-properly-populate-descriptor-tables.patch
5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch
560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch
560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch
560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch
560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch
560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch�- bsc#941074 - VmError: Device 51728 (vbd) could not be connected.
Hotplug scripts not working.
hotplug-Linux-block-performance-fix.patch�- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour
readonly flag on disks with qemu-xen (xsa-142)
CVE-2015-7311-xsa142.patch�- bsc#945165 - Xl pci-attach show error with kernel of SLES 12 sp1
pci-attach-fix.patch�- bsc#945164 - Xl destroy show error with kernel of SLES 12 sp1
5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch�- Upstream patches from Jan
55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch
55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch
55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch
55e43fd8-x86-NUMA-fix-setup_node.patch
55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch
55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch
54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch
54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch
54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch�- bsc#944463 - VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in
vnc_client_read() and protocol_client_msg()
CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch
CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch
- bsc#944697 - VUL-1: CVE-2015-6815: qemu: net: e1000: infinite
loop issue
CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch
CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch�- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line
config handling stack overflow
55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch�- bsc#907514 - Bus fatal error & sles12 sudden reboot has been
observed
- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after
shutdown of guest with VT-d NIC
- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been
observed
- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden
reboot has been observed
552d293b-x86-vMSI-X-honor-all-mask-requests.patch
552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch
55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
5583d9c5-x86-MSI-X-cleanup.patch
5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
55b0a218-x86-PCI-CFG-write-intercept.patch
55b0a255-x86-MSI-X-maskall.patch
55b0a283-x86-MSI-X-teardown.patch
55b0a2ab-x86-MSI-X-enable.patch
55b0a2db-x86-MSI-track-guest-masking.patch
- Upstream patches from Jan
552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch
559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch
559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch
559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch
55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch
55a77e4f-dmar-device-scope-mem-leak-fix.patch
55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch
55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch
- Dropped for upstream version
x86-MSI-mask.patch
x86-MSI-pv-unmask.patch
x86-MSI-X-enable.patch
x86-MSI-X-maskall.patch
x86-MSI-X-teardown.patch
x86-pci_cfg_okay.patch
x86-PCI-CFG-write-intercept.patch�- bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap
memory in rtl8139 device model
xsa140-qemuu-1.patch
xsa140-qemuu-2.patch
xsa140-qemuu-3.patch
xsa140-qemuu-4.patch
xsa140-qemuu-5.patch
xsa140-qemuu-6.patch
xsa140-qemuu-7.patch
xsa140-qemut-1.patch
xsa140-qemut-2.patch
xsa140-qemut-3.patch
xsa140-qemut-4.patch
xsa140-qemut-5.patch
xsa140-qemut-6.patch
xsa140-qemut-7.patch
- bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen
block unplug protocol
xsa139-qemuu.patch�- bsc#937371 - xen vm's running after reboot
xendomains-libvirtd-conflict.patch�- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code
execution via IDE subsystem CD-ROM
CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch
CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch�- Remove xendomains.service from systemd preset file because it
conflicts with libvirt-guests.service (bnc#937371)
Its up to the admin to run systemctl enable xendomains.service�- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line
config handling stack overflow
CVE-2015-3259-xsa137.patch
- Upstream patches from Jan
558bfaa0-x86-traps-avoid-using-current-too-early.patch
5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch
559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch
559bdde5-pull-in-latest-linux-earlycpio.patch
- Upstream patches from Jan pending review
552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch
552d0fe8-x86-mtrr-include-asm-atomic.h.patch
552d293b-x86-vMSI-X-honor-all-mask-requests.patch
552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
554c7aee-x86-provide-arch_fetch_and_add.patch
554c7b00-arm-provide-arch_fetch_and_add.patch
55534b0a-x86-provide-add_sized.patch
55534b25-arm-provide-add_sized.patch
5555a4f8-use-ticket-locks-for-spin-locks.patch
5555a5b9-x86-arm-remove-asm-spinlock-h.patch
5555a8ec-introduce-non-contiguous-allocation.patch
55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
557eb55f-gnttab-per-active-entry-locking.patch
557eb5b6-gnttab-introduce-maptrack-lock.patch
557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch
557ffab8-evtchn-factor-out-freeing-an-event-channel.patch
5582bf43-evtchn-simplify-port_is_valid.patch
5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch
5583d9c5-x86-MSI-X-cleanup.patch
5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch
5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch
5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch
5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch
5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch
5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch
x86-MSI-pv-unmask.patch
x86-pci_cfg_okay.patch
x86-PCI-CFG-write-intercept.patch
x86-MSI-X-maskall.patch
x86-MSI-X-teardown.patch
x86-MSI-X-enable.patch
x86-MSI-mask.patch�- Adjust more places to use br0 instead of xenbr0�- bnc#936516 - xen fails to build with kernel update(4.1.0 from
stable)
556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch�- Update to Xen Version 4.5.1 FCS (fate#315675)
xen-4.5.1-testing-src.tar.bz2
- Dropped patches now contained in tarball
556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch
556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch
556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch
556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch
55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch
55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch
55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch
55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch
5513b458-allow-reboot-overrides-when-running-under-EFI.patch
5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch
5576f178-kexec-add-more-pages-to-v1-environment.patch
5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch
CVE-2015-3456-xsa133-qemuu.patch
CVE-2015-3456-xsa133-qemut.patch
qemu-MSI-X-enable-maskall.patch
qemu-MSI-X-latch-writes.patch
x86-MSI-X-guest-mask.patch�- Replace 5124efbe-add-qxl-support.patch with the variant that
finally made it upstream, 554cc211-libxl-add-qxl.patch�- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable
qemu MSI-X pass-through error messages
qemu-MSI-X-latch-writes.patch
- bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed
- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown
of guest with VT-d NIC
- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been
observed
- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot
has been observed
x86-MSI-X-teardown.patch
x86-MSI-X-enable.patch
x86-MSI-X-guest-mask.patch
x86-MSI-X-maskall.patch
qemu-MSI-X-enable-maskall.patch
- Upstream patches from Jan
55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch
55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch
55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch
55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch
55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch
55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch
5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
- Dropped the following patches now contained in the tarball
xen-no-array-bounds.patch CVE-2015-4103-xsa128.patch
CVE-2015-4104-xsa129.patch CVE-2015-4105-xsa130.patch
CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch
CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch
CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch
CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch�- Update to Xen 4.5.1 RC2
- bsc#931628 - VUL-0: CVE-2015-4106: XSA-131: xen: Unmediated PCI
register access in qemu
CVE-2015-4106-xsa131-1.patch
CVE-2015-4106-xsa131-2.patch
CVE-2015-4106-xsa131-3.patch
CVE-2015-4106-xsa131-4.patch
CVE-2015-4106-xsa131-5.patch
CVE-2015-4106-xsa131-6.patch
CVE-2015-4106-xsa131-7.patch
CVE-2015-4106-xsa131-8.patch
CVE-2015-4106-xsa131-9.patch
- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable
qemu MSI-X pass-through error messages
CVE-2015-4105-xsa130.patch
- bsc#931626 - VUL-0: CVE-2015-4104: XSA-129: xen: PCI MSI mask
bits inadvertently exposed to guests
CVE-2015-4104-xsa129.patch
- bsc#931625 - VUL-0: CVE-2015-4103: XSA-128: xen: Potential
unintended writes to host MSI message data field via qemu
CVE-2015-4103-xsa128.patch
- Upstream patches from Jan
5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch
556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch
556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch
556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch
556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch�- Add DefaultDependencies=no to xen-dom0-modules.service because
it has to run before proc-xen.mount�- Update to Xen 4.5.1 RC1�- Update blktap-no-uninit.patch to work with gcc-4.5�- bsc#927967 - VUL-0: CVE-2015-3340: xen: Information leak through
XEN_DOMCTL_gettscinfo (XSA-132)
5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch�- bnc#929339 - VUL-0: CVE-2015-3456: qemu kvm xen: VENOM qemu
floppy driver host code execution
CVE-2015-3456-xsa133-qemuu.patch
CVE-2015-3456-xsa133-qemut.patch�- bsc#928783 - Reboot failure; Request backport of upstream Xen
patch to 4.5.0, or update pkgs to 4.5.1
5513b458-allow-reboot-overrides-when-running-under-EFI.patch
5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch�- bnc#927750 - Avoid errors reported by system-modules-load.service�- Add xen-no-array-bounds.patch and blktap-no-uninit.patch to selectively
turn errors back to warnings to fix build with GCC 5.
- Amend xen.stubdom.newlib.patch to pull in declaration of strcmp to
avoid implicit-fortify-decl rpmlint error.
- Fix quoting of __SMBIOS_DATE__ in xen.build-compare.smbiosdate.patch.�- xentop: Fix memory leak on read failure
551ac326-xentop-add-support-for-qdisk.patch�- Dropped xentop-add-support-for-qdisk.patch in favor of upstream
version
551ac326-xentop-add-support-for-qdisk.patch�- Enable spice support in qemu for x86_64
5124efbe-add-qxl-support.patch
qemu-xen-enable-spice-support.patch�- Add xen-c99-fix.patch to remove pointless inline specifier on
function declarations which break build with a C99 compiler which
GCC 5 is by default. (bsc#921994)
- Add ipxe-no-error-logical-not-parentheses.patch to supply
- Wno-logical-not-parentheses to the ipxe build to fix
breakage with GCC 5. (bsc#921994)�- bnc#921842 - Xentop doesn't display disk statistics for VMs using
qdisks
xentop-add-support-for-qdisk.patch�- Disable the PIE enablement done for Factory, as the XEN code
is not buildable with PIE and it does not make much sense
to build the hypervisor code with it.�- bnc#918169 - XEN fixes required to work with Kernel 3.19.0
xen.spec�- Package xen.changes because its referenced in xen.spec�- Update seabios to rel-1.7.5 which is the correct version for
Xen 4.5�- Update to Xen 4.5.0 FCS�- Include systemd presets in 13.2 and older�- bnc#897352 - Enable xencommons/xendomains only during fresh install
- disable restart on upgrade because the toolstack is not restartable�- adjust seabios, vgabios, stubdom and hvmloader build to reduce
build-compare noise
xen.build-compare.mini-os.patch
xen.build-compare.smbiosdate.patch
xen.build-compare.ipxe.patch
xen.build-compare.vgabios.patch
xen.build-compare.seabios.patch
xen.build-compare.man.patch�- Update to Xen 4.5.0 RC4�- Remove xend specific if-up scripts
Recording bridge slaves is a generic task which should be handled
by generic network code�- Use systemd features from upstream
requires updated systemd-presets-branding package�- Update to Xen 4.5.0 RC3�- Set GIT, WGET and FTP to /bin/false�- Use new configure features instead of make variables
xen.stubdom.newlib.patch�- adjust docs and xen build to reduce build-compare noise
xen.build-compare.doc_html.patch
xen.build-compare.xen_compile_h.patch�- Drop trailing B_CNT from XEN_EXTRAVERSION to reduce build-compare noise�- Update to Xen 4.5.0 RC2�- Update to Xen 4.5.0 RC1
xen-4.5.0-testing-src.tar.bz2
- Remove all patches now contained in the new tarball
xen-4.4.1-testing-src.tar.bz2
5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch
5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch
53299d8f-xenconsole-reset-tty-on-failure.patch
53299d8f-xenconsole-tolerate-tty-errors.patch
5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch
53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch
537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch
537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch
537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch
539ebe62-x86-EFI-improve-boot-time-diagnostics.patch
53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch
53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch
53d124e7-fix-list_domain_details-check-config-data-length-0.patch
53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch
53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch
53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch
53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch
53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch
53fcebab-xen-pass-kernel-initrd-to-qemu.patch
53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch
53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch
53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch
53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch
53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch
54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch
540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch
540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch
541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch
541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch
541ad3ca-x86-HVM-batch-vCPU-wakeups.patch
541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch
54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch
54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch
542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch
54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch
5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch
5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch
542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch
542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch
54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch
54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch
54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch
54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch
54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch
54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch
CVE-2013-4540-qemu.patch qemu-support-xen-hvm-direct-kernel-boot.patch
qemu-xen-upstream-blkif-discard.patch change-vnc-passwd.patch
libxc-pass-errno-to-callers-of-xc_domain_save.patch
libxl.honor-more-top-level-vfb-options.patch
libxl.add-option-for-discard-support-to-xl-disk-conf.patch
libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch
x86-dom-print.patch x86-extra-trap-info.patch tmp_build.patch
xl-check-for-libvirt-managed-domain.patch disable-wget-check.patch
- Xend/xm is no longer supported and is not part of the upstream code. Remove
all xend/xm specific patches, configs, and scripts
xen-xmexample.patch bridge-opensuse.patch xmexample.disks xmclone.sh
init.xend xend-relocation.sh xend.service xend-relocation-server.fw
domUloader.py xmexample.domUloader xmexample.disks
bridge-vlan.patch bridge-bonding.patch bridge-record-creation.patch
network-nat-open-SuSEfirewall2-FORWARD.patch
xend-set-migration-constraints-from-cmdline.patch
xen.migrate.tools-xend_move_assert_to_exception_block.patch
xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch
xend-config.patch xend-max-free-mem.patch xend-hvm-default-pae.patch
xend-vif-route-ifup.patch xend-xenapi-console-protocol.patch xend-core-dump-loc.patch
xend-xen-api-auth.patch xend-checkpoint-rename.patch xend-xm-save-check-file.patch
xend-xm-create-xflag.patch xend-domu-usb-controller.patch xend-devid-or-name.patch
xend-migration-domname-fix.patch xend-del_usb_xend_entry.patch xend-xen-domUloader.patch
xend-multi-xvdp.patch xend-check_device_status.patch xend-change_home_server.patch
xend-minimum-restart-time.patch xend-disable-internal-logrotate.patch xend-config-enable-dump-comment.patch
xend-tools-watchdog-support.patch xend-console-port-restore.patch xend-vcpu-affinity-fix.patch
xend-migration-bridge-check.patch xend-managed-pci-device.patch xend-hvm-firmware-passthrough.patch
xend-cpuinfo-model-name.patch xend-xm-reboot-fix.patch xend-domain-lock.patch
xend-domain-lock-sfex.patch xend-32on64-extra-mem.patch xend-hv_extid_compatibility.patch
xend-xenpaging.autostart.patch xend-remove-xm-deprecation-warning.patch libxen_permissive.patch
tmp-initscript-modprobe.patch init.xendomains xendomains.service
xen-watchdog.service xen-updown.sh�- bnc#901317 - L3: increase limit domUloader to 32MB
domUloader.py�- bnc#898772 - SLES 12 RC3 - XEN Host crashes when assigning non-VF
device (SR-IOV) to guest
54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch
- bnc#882089 - Windows 2012 R2 fails to boot up with greater than
60 vcpus
54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch
- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d
Interrupt Remapping engines can be evaded by native NMI interrupts
541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch
- Upstream patches from Jan
540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch (Replaces xsa107.patch)
54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch (Replaces xsa104.patch)
54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch (Replaces xsa105.patch)
542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch (Replaces xsa106.patch)
54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch
5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch
5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch
542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch
542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch (Replaces xsa108.patch)
54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch
54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch
54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch (Replaces xsa97.patch)
54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ���
�����������
��������������������������������������������������������������������������� ���!���"���#���$���%���&���'���(���)���*���+���,���-���.���/���0���1���2���3���4���5���6���7���8���9���:���;���<���=���>���?���@���A���B���C���D���E���F���G���H���3���A���K���D���M����������������������������������������������������������������������������������������4.12.1_04-lp151.2.6.1�4.12.1_04-lp151.2.6.1���������������������������������������������������������������������������������������������������������������������������������������������������� ��� ��� ���
���
���
���
���
��� ��� ��� ��� ��������������������������������������������������������������������������������������������������������������������xen�html�hypercall�arm�index.html�index.html�x86_32�index.html�x86_64�index.html�index.html�man�index.html�xen-pci-device-reservations.7.html�xen-pv-channel.7.html�xen-tscmode.7.html�xen-vtpm.7.html�xen-vtpmmgr.7.html�xenstore-chmod.1.html�xenstore-ls.1.html�xenstore-read.1.html�xenstore-write.1.html�xenstore.1.html�xentop.1.html�xentrace.8.html�xentrace_format.1.html�xl-disk-configuration.5.html�xl-network-configuration.5.html�xl-numa-placement.7.html�xl.1.html�xl.cfg.5.html�xl.conf.5.html�xlcpupool.cfg.5.html�misc�amd-ucode-container.txt�arm�big.LITTLE.txt�booting.txt�device-tree�acpi.txt�booting.txt�guest.txt�index.html�passthrough.txt�early-printk.txt�index.html�passthrough.txt�silicon-errata.txt�block-scripts.txt�console.txt�crashdb.txt�distro_mapping.txt�dump-core-format.txt�grant-tables.txt�index.html�kconfig-language.txt�kconfig.txt�kexec_and_kdump.txt�libxl_memory.txt�printk-formats.txt�qemu-backends.txt�stubdom.txt�vtd-pi.txt�vtd.txt�vtpm-platforms.txt�xen-error-handling.txt�xenmon.txt�xenpaging.txt�xenstore-ring.txt�xenstore.txt�xsm-flask.txt�misc�crashdb.txt�vtpm-platforms.txt�xen-command-line.pandoc�xenpaging.txt�xenstore-paths.pandoc�/usr/share/doc/packages/�/usr/share/doc/packages/xen/�/usr/share/doc/packages/xen/html/�/usr/share/doc/packages/xen/html/hypercall/�/usr/share/doc/packages/xen/html/hypercall/arm/�/usr/share/doc/packages/xen/html/hypercall/x86_32/�/usr/share/doc/packages/xen/html/hypercall/x86_64/�/usr/share/doc/packages/xen/html/man/�/usr/share/doc/packages/xen/html/misc/�/usr/share/doc/packages/xen/html/misc/arm/�/usr/share/doc/packages/xen/html/misc/arm/device-tree/�/usr/share/doc/packages/xen/misc/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.opensuse.org/openSUSE:Maintenance:11481/openSUSE_Leap_15.1_Update/e2db486383f3e2513e206dd08b943b52-xen.openSUSE_Leap_15.1_Update�cpio�xz�5�x86_64-suse-linux����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������directory�HTML document, ASCII text�XML 1.0 document, ASCII text, with very long lines�XML 1.0 document, ASCII text�C source, ASCII text�ASCII text�ASCII text, with very long lines�Algol 68 source, ASCII text��������utf-8�a473591d58c717721cfe39418c03b28d095fa348942230d87062a92e9c5dd8d8���������?����p����7zXZ��
���!�����t/-)]��
�cr�t:bLL��F�zsĪ;}ظ6(inWEp.1(�[Fc[��`?[G(q?O�u>s �V/�|G�I֢Q��V�\�=vp�Wꩧ.�dInD��.R|>ŒZII0�zN�\�3|lΠ/\U+F
�C\}+B�V��Pz@7Գ砳?tfdhZ��tƟ?g.��B-�ic[�7�õq-@ؠd%k`:�n1N�죦63udM�g,TXd`#7�e]N*VA!R�kvrƹh�⣃SOL'�톰|?qP79)EM2%
2
?F%/Ue!Ki�etޕ�VW��qx�>�:��E~+\Z�}�3V"pfŘ:}�Gm%$%='�BR(Mhi!]DFꔡzn�P�%E_E>�jVQ?g�)NCTh�%5_^iv1a
_(J#P�
z��JƱVGI٭ߛo�2ZG Oۓv91M�!U�7<�S Occ�L ĔTPJa6@%��7 (!r-�>2!l8�7����"�J�d6J�o�
p JG=ίd+Nf�~
�>�,g�t!ܶ�w!Wp�
ACڏh:٭�
39F|d$�kZ��gW'
z{�UL'-5�_h �r��tRSJ�@^w���ᖭjM+r;S(^tNx|�乂�=^Bu0iI�P�j;`k(�G0u
q�9OgK{�`
C4e!Lx0 ':$"ħa[Z+�0��u̯�� �ZBVk#�CfoZ$�t!��{I4i.rZ���uC�k>0r䩌��a2ijDKyX&A-
�0\W��@Ug�PWՀ=/W6B�'m�E0|tε+Y[�
h[�K_b
?�po�ʱ�ejawS^eV|[�uY�)#t*<'-�cPq@�o�%B)Oj��\L"r��_n;YP^Ԫ�۩>&�ޏp}S@XhR-}O�4xhd�%H�':�r�]k�VU{��+D�gsdDJ1�g%8eV22�uk� � vr�r��@YPSWU�ԊVSކŔ?�I=d�
ҌՄ0>H
}6�U\UK"_&f֓ �+\�V@;{_U+2}
a�c�-|ch�K_-^cqms
\֡lIf"6|3. 2\i.�A灺eQС��,n�g�B}=r"A��G5T��2*H"�co|Yn;֓��߱k1�-YA�X\ѩƁD:5{�JZmCH`2z=}=Ii�Y�I`s=+�ac*�st�EЊجWas$o1|Ne#Φ�idr�P[?�1 �gPޛ�}gE�C�l��NF<�̊*qq��}3eix����fyqzk
�v;V'
B����z?���s}t� t�q(�joԉFL2mz_P2p�!�'?rSr]�?�P�ƷZ(V_3�2&\u:5�@y-'443uU|=x��Ȓ@c�*Fq�&<���c3%gCJG�e_�!S�W/Z\C.5>p�J�\�¯d@n�v? {
��̹!��puU;^m �'4Gs&M{ͯT>i&d�7}b ӸF;} Y-#T�]0* T!/Gf��0j3��=i[��Y#4Ր
b�x$jEq
|q
Lr�1JfuX,ql5&uC2;?�$1CZ�'d
�=a[m������FF�ٳ3>6Ŵq:G�x,'x�q&�3��WR5 }��+NBR�1S21-e�nw>�vAv{i۰8�c0B�~fZ/c_S6>"D7cꮓpvZ
XdI4R*�N�pR�{Y|?d.RJ|S^5�yd�u�Pқ֠�p>�#E=PP��2Y#&��7y#噧 �1k/*S�s��_!@nUYp��(D\4�����'q�nCAĹ}kj^tҮ"$0�{]"l+SQjVM;�Rxe$j�3}[Q�(�D 21id@X78��"
]�U#]�Ӷƽ-FVH�9�$}f��`k6(g��:>DOR݄F,=
߿" ,;YIS�~�C��6��)jT��I�7䳌�>yU@_-[ V x+& !w�\ܷ)J x�V����C�$È�Uƿnl�;_}Y\"�H찃%ZWK@G�Q�Iu�vQЙڿ~j"eD�
�%X+c!�=z3}(�$�#�G�v�[2^�1����>4r�@[�xeX��\[d���;L�l����b�K31}a]H4�h�RH�
]Qx\dX5�lO;pSFkΧ a�tl�w�tn5СƆrzF:��)
&D�/W�r�И@8�DVf.NOū2C�xM௬S1@E���G]i;JMfܰ�wKg!r N<*Jd-!n|D
Ww:}Bli}{[;ǰo4"UAE�J
�
K�B��.wVտz�`:�$o܋RX�2+Q^Tn.>ω2ø��"T]|P1n��8F��ii
�ob? uG[π�
k,h�P®M~X�*E�E�W_]`pF97
fGMjE?ɣ}W$kuJk��1r���"`()_C6[_`����`b�X鳾|�}&!cޝs(3hZl/J~�4ņ��-�@uޕ�ζ�-b[%zpɆ/"Th:1;z<� :D�>rTa9:#�\�1fb�S_[<~?QYXh.2eAr�b7y$��tB�cFn��z��qti'�lK{/�FZ*�G4_1\D7"�'UU
";We�aX5�-M(`gR/UK�$c�o?��
4 �"�n-1ҏ@IvBS`Z4.>rq�w9x2�?D9�-[ܕ0hV�Uϔ˸|d}ڥ.{=Cm#0�(R�=ZAB{1F B5y����B��h{Im�RoK�5
r(O�O�����hE]fU�w{}�[�jf`Dr�D0<˒͗�l'/[\M8a�Ie5zq��)��OWRJV�W17,1\ڏkMn0�r:�U0`S647(=�:ؙ�V0�hf͉hT�]�V]�5��eC7sG"3R1ﺸ$lToQ�Y���T�{�Dm6@�]�8���51�
3*>F*fךR�^v<#�Y�S�.њb]-noK_5OQu|�-7�3%qZՄZٝC@�y8|lH!cBbkQ�k�g}J�te8Z�f�p�uH,��t|~8:j'ûpn�?~��K�xWΦI#RZ�f��3�;*}lޱS���<
*\RmɎDz5�KjV�S+[fᾋquVp�G2M7FE$N�h��@�������[hEu�)�T'I3V�
@�5�DԄ(#)c-Haȧ8ҟeC�m-G6; N������[R6=b`䩗A 90<\qzx9Ak�.3y@۞t2PC.;
�+�21цy_�1nz,�bJO�FѢ)8V�\ŪfK%Z*g�3)@�+c
+c)CW:�O�lbМv�**rg�;/�OtXr�c,Q<4et�hX��Up4���ח+#��5"�v[+6�eg�W
K��n`�6>
|lցB1t?))ǽT�82o�r_�JSh �l�u9�xNOw���(yu\'�~rb�P!.:�vhexbF�8z#cn'I�ؑ�VSClk�%xs�"Gi�Xe�f}V"LHHl ѥpiZOl�D�u���{R<`?v}A{�X�!Ahbpyo�҆wO)2�(T"rƥM(eچ�;.&�hL�arGNs:�ybku5%jbC1X�:|�! eZ��ˉL�bG+,��q�H`&�.AӷUmne ж��g�5��\�+n3�@Wؐ_B
;�P��yDU�)p�>y�.o�R[�s/Z?6'=�46I��u8ܳF�N�v!-}RT�[�Xwl$d}��UR̿S�(Ti�;3]Iw�rgTNE"`G%Y.3E�}\"�^fqyt�r�Zt)9�0SGL�mf(8'mbV(\S�Ɲc:9VD3+7>BNb�%F]е~��_6P0h�?ݷ#.e='lpF=yg}
�5߭ٱ�<暪�sǣD*�zlLi
��R>J
�s��C;�/5&"C˹[Iј�PK�htͧg�Se�NvȮ�GؤU77�h%xVM9+-ml
�4sY?U"GDb�8Z_p柩�V�R�F��|%JNyJst�,0�wؐP�~d+�MyhFg
E%;s*w��*��sE�NwJ_ٚ$5l)05�ZoJQ-�>�2�A�%@�Sx釾aԲf �؝7�*x$mN
�>ȷ0i�)Icq%\v�Ϻ*��V|6JUς̕T`��xWۼH�ͤ+��3gp_>##cMX/&4�Γ����Y98hz�'NVRp[y��&OS�ze叜fQt[YĄ�?[wit�fv�r
C��l��ݨ8u��1��5����>�3b�`t4
{WAºN��@{4�L2sZ�ҒphW��\Ee'U�;L"2=|�1R c�w]^��z Wa}C,��To�X=s�8ުM,6kgZ%ae�Q{�Z^R��A8�=F7�j1��o�'u ,��ϽE.J�RשmV
@�u}]m6JM{c�Q�M-C�P��/vq<�!w
c۶jC8fuz~}}D���W�wfӖ_.Sj���yC~#W$-\ݛ N�d��`!Q�N3\\[�x�nH��VO�17��=
�^ܷ)lX Q�}���KOu+m�q.EC�ܙ\i3"*]�mJ�}z+Q:pq6�&Pss;l1x�KW|�C���9C;]G`;?�)�N��͒�Ӓ:'���0VO�4'R2Ƕ���uD��9Ἰ)y|<�3<�sǀ7)*-\�?�#�,P^J8ӟ�X;h_�; Yc�B6�VB�Fгj3aW�zoɣx�HyMU~4#+?;E�*�ۏ^`pvW/,Qc>�Xm�i2�2fവ�>؛�Hi ~KM$>��k?�/�N�s'�x01� �{9aD�9���;#q�
�V�8smEN&A,(MS|��,lP��N+�1n2 [9L=չ8C�S߲g&�ـ
:I^L0�nw1����$^Ntr-q{�bhjj)]&8uُ0�-z�W1��gh"mpQBB:W�:�n@�n]�@6@4T;T�F�5?1K-�ЭFI�ImFU31K~D��7^ƴJM⢩
{7<4m�oCxryV&J�N8�-@##l�\y81�9��73~O(ĦR�4]mz]v,HX X�x�{*{l�r�1�+SW:ӄ~S;8ye,��' Neި´L�xb#+)?^Px'${.80A�.Z�$.˱�mN�ӈ;P#сBO�m�ohs9N4
-f>ٜ�696�|�ȿe���؊(IT}Չ-HRڨ�H�օ�`9q/�kb"6�xt!?NWr#ɸu>C���ީ�2�$iG�u�ɻI3ŝ{{n�7}�8Ϧ_$ͷvA�5C|���xe2,\M�0o�=��ՖA�_�L�ǎӅy=$P%�RL\Yi��/5e@tR#<ފdT3'�5y�/}�2FI,A0myaA�b˯�A=/rUSxMT9о�;�i�uʻK�Ky-��xī{
d�KQ�&!*�NEGyϾX
hs�dSPa
F͚(d�ݹo4Yie%]`~xi"'}R�l*&�_
v\ہ-C/���ܝKK�t3lUg�K"t
kF8WY-�n; �c4OQ�� *U�S7C3�2Lo,
�{�$bG
xV[
X{*Fr�d�]�S^N靋&9�Fx�Aҗ4�kn(�q�)moY}.Ot�9xI;9s�*UB�m��>ݯEbmh�S4$r�*0w�0C�G� ¾*5�^Ö�j��XF�R��ffO.0ۂ셞ݨ�/�ۖ�/֢XjOe`1ղC
")]�?;`2].V@�$P!a f�.V�`JT��bz4�a⓷*=LqHNoS
^O3<�(�Z@CU6u�,*O)r��I^nz,A~lu���ޟ?��fw<>&,>eYA-QdnbTiД�ˤ�2��r)���xں�z�2��: x9���hqR2M*$ADshR7��qDžma�?jQO#.lz�v*�Y�hXc&�F`QK4
As1%�KJL}�� b"A�
�Z�Po#8y@!7�`QGxCcxI�뀞��ơh".9gO8�Y}*ْn�mkw'jWrV�弋�ܤ�XJV2U@j�# ,dLWAQ� ��%� F~��vߵ�0l_�MSQ�l��w@F&M.%6M-W��!ڢq��Z�fs�=`]�GA5�z}8@|(l±?9ImHy�vy=QsS8Y< ͅx��_Nv@DYW?0N-DEHCⓤ^;�;4Rվ݊PѾةj&!nef�� T5%��A"D}[5�LI�G[PcS0H<��p�7~Yފ"˾
I!gz��P蒰W�ܙa�.jynpJTI�I�'(���$%p㹦ṼdtG(Q�~6o��%22 �X; Q_ʒ�;/v
"98yƕ#)yFe�x"/ů9T+]�ںQPkM=�;9iMn"09
���+ɅY܃i2=�~HX
�UV1fgQh�kOy��(#J}fؓ8Dُ7ڈ� �ߒ!$ ;�5_&o^JWHo>T�$W
U,*䚰6}jzx- _�/E�p�n$WMn=��_Jvzk
�=.w�B]vK��r���y**
O]eg�8eN}s�v9Ӗk=
��{K�way38H�CrM�G�ooؑ�ٽûjp[TEXJ~ߕoy- ��%$i|�U�Y^Jz)g�1C�(7#| �)�W�e|D�F24-~͆NiX_1q7.S~0^3�#u_Ox�e�fʽu;/8G^8�3�� k�
R�_��o̬|w�&�
��D�tS�=�d{܆$*"z"�@Rs|hM1_)+{am�FlIН^&nu[/=cۀ�ڀ$Y9�V^�a�6X��@iլI��}�o~떳x=L�eNo \[P4�?u~IQ�߅�6��OG+H�dt�qrApcbHڒX�$lX)쏂,��qK�
(d\1eߵ6��w膗ˈ vyvΞe:?">>.7==�ҼK&R_��.x|R1��16ݼU\N}c<$_ecu,�DƖho!/(j3?9[''3yR{�`ɏ "Nצ�;y@Q�v!g|R>L5iST5�dXbmbŠBELt|_̽|�'vo=AP�FQŁo�7[M8슀V-p~نd'C�5):�OD2)�Կj�A G(rWcay�I�g)ޡ�m�R\62Ʊ���4�4@J��b\�J|Kw"Ug-=�p�@ �DհC ��q7y3�fWJ'�w:2� I�_I
��Bb�cX�J$%n8Q3#?
;GQ�ΜBͬa�P{v��])KFT){�cW7i;Q.E,#�XZz�qǽaS�cl>kO~E 4E�gD]e�}_>�&έ4_F;KIq>X��դ_�%��cks7c�ۧyv#,�ToB��@�]b�۶�0��5ZO%�U2�`[��V�f
SNZQ43�-g&/0BCwgw^*֟�̍a-�p#Pȿ9HK
䟝��LV�WS��ܯ�s�,�4� /V���\��@bv˛$AZ+Y(F/�'K*vn�Qk Ӕڴй4��=$yJM`홖&
p�オEP�O�GM~���G`��F�Ls-Q$0xf'Eݠ'BQ8w>�kC� �A<
,*��L*mj�r��� �bܷ�Q�8wz!\!ͫ@W:unh+&s5gřy>,2)hR�!�$6FI�M�&<�XWD�Yj�6*ܻ�%Oe��'O*}�-rbu)Y*Y�Q`�CRi|6R�
m��M
neބݳ��7Et�H�i�i�v`FV@��_Bc~$|4�SN%�س4TFh�8)�sauM
w�|�QS`,
�wrXޝ�)��h��9pFf �>>��@yQc?}Ǡ �p0d|�Lj�" Qm/y$|}��9ǵ ĈkZPfRGN��WaSc[z�2pI1peB@j(B H4qZ"'k�yT6�!m[Skn,sxP(j!Z+G'KӘd1^zk�[��rK[>O�;
oBZyM^dY�jFLP+ S.
�j|DnM1\�-shXbIm�NZq���ϝ^BxJ9GP7T�a+;3x(EJNʽs_�F��^�^~>h*5m26F�IAȰGlo+:%5zB�[-ymH~RO,�X�
y+Q0\>
b��W?:Z-O,/gvr,��aBpa�Xf}p�x|�[a�M]gߛ\� /N��o
YI�B�cu/�P�8�Yz�c>��uI�O}J,hZ��N}v3T5ј
дx���}wNT+˚>ezsLVǿ{� �Af8rJ5�>Y.qs�\|hd2FӘ�%[@ -!6Y3�\<;e{.y*}b$0Y(bPoo�њCAiddm\
̬
^Ƀ��!X�bbtSG~8u~y˄g.HfZx�R�;��h&&{
&�l mM��H[LDoM$?;
!hf%8,N�?9F!ͼMg,#HE*��Xt��"jѯ'};BP�[ �"5Fg�nhܣ$Ev�ʉTA�[J��m>VC�ݩV�<%��<��l4у�2�.)ONvR�/>ڝ^+
t4kԽU�PpiS3�+�IUWnLT뷸͆��&�b�iCMv3+kq8}$qR����g{յv>v^TW���LYr�J!��Aj
ߋ�rSQw�,IB�LK1ϵl
-|Ke*Z"�UBuUl[6�q�L22KZ�qxPOgm��W�7tjQ��`i�4xNЪ/K,�TC
�O$r?h�TA?�.0FyԤKO�GזHX۲i/ 3V0��W
6.(|N3�ue~H"~8K�GBy�:,5�>Pl�i#�&IY$٣�,ա3-1�W�k�8�%b`
k�.bϝ$�&$�No��Y}t�=l]��9�|��Q01BT�!���^�AYRE,+1�`%'�a&H-v�N�i�Vs�kdS˔p8�8> }+{Qv>Df
!voщ?�ͧѱ˵[G��e�u.V| U�0QIg]�h#)?�NIɋyTv�f*CI�F�&l�д˩L]_(6���-�4!;B|
��6�ܑS/ ]C$FI=k�lh{G�נN'r�&Y͜`K>N25:m��Srvǜ����D�qG;(
PH,fN@�Pk|KC�-8q[�%ǑEZc&WK|}ڽA��NjއgN3\�J;8^�-�șw=o�Q-A#s
Lg*�9@*HiE�*T�eч�푽Dm?rfn�}��FC���'�#ϣh>DS͊;B͗ʣA,;$X-�E�9�ǽq�s1Q (-e=7*X�X^�^i�vܺ-Oc6?!M{n0uu-nd'E;B_X�eEx@Jbsq4^ED5 @{Cy� (Z�y�IM96"��rDޞ9\�v(@H�W X�y:(y;a�;}$��WU8+AЎ≠2{}Dpk=C�y��i'8iYBK³ԩM,s�̹uQ�ȎG�-͉�!J*yR?oN�G{:�۾*Q�TF�)
X����ߛ�,^z~p*Q�ѻ,s!Jt�˵S�~Q"xlHۮO�� b)�d{A{rşwx,�13�n4ԸveZ�
?�v
�1��gzA�r ŷ$Ұh4�ي�x�F4xd{:a
Oq�OVsRpct^�ݫS��@d���0�p3�)�T��#Rf�2p�y/?^jHb�_-zB
p
$ ɟj�sHַ͇[re�YޗEy� k#�mРmJg�$V��Or'v2'6��!EbKE�lq}9u )E[lfz1j�iGw�A. 7˒L�2Ќj *UH�pE�B��;X*QX�k�`�#[Gh߆9B��z$Z{�Dwh
Nۜ6WLr)(thY.ss����"s�^"�DZ8j?aJbZ=,�j:+=�N{a�*JQَ㵑զ缌�h�#�0K7#�?7��竣��$:!h�5V�B-_/��3�dN�9� <>W��̶ePFs�kmo���e]g҇RC!�2��3r� i�W"HѓB:�
�Q�U�Bڸɷ;PB�7+fu,�*aѡb3|-А.&jh.ltNư� �|B8�PXF� θ`�6ˁݍ[\tM�`8��Y�k�~8@{h_A�䮽'�"l.'=(wd~Gtufس"�hgčX)�(�(/ H$�ҶE83%�T$��
/�T*8L1SEsی*VU�-խ`?H�gGNij¸_h_I��m�5u� vZ��'�~>'owֱ�dz�zkt�"
/}\g+�h&�,6w�n[KGe4S*��S`.k�Ÿn�%1��Y/t�7D=]x�):�ϕo*�_j,�e�8=ȱWK)��.�hڶI'K�u4�\�m)�y��C˕",?}Z�yu?�V1oEi ,ۃ%de�&H�'M5@N*KS>�a,p�ƪ@�م#Lt� M U;s Q|q%ᰭld�3LBi*Tv-[X}bx�U�dzb8�%�|�k]D蟂bC�m]x�lc2�FF�4�1��d�j[�[M)@P��EoW&f29)�y0ŕW"c4i�LP]ڧ.̍ƈ0)^X�4l/+m�λb]�t�os�
=$Ow G~r0nL�Ƙ&j� �gǡS�zO|�7jv7:�&^w��.E�!
c-rzũ5lߪy7y�1S8ij��*_��=R(c1Uj]}n/9b�rNZ*QA�$y%s�݇/7mMspu1mc(Koެ# ~Ζ �!4;Sb�0 k4��/oP)N>?"��(ΙW�-05��eEo%]Ѓ��@bA�:cQ_1EȳBjU#;ӰOXS:h�:;Ju��
#3遉R1�hy]B>w;o �7[r�D���[GlbuSZx8̼`wy�/Q��ޜ��?N�PK"קgu¡=֬h:mץr%&6�+ff*�YNd�)U�؎�!$[@<�{ōzDOm�
pr5wHBJO�oԡU�zEp|�] C�?qknK@Go�WשX�pa�RUu %:�Gp`D�E�(�?1y�4`u/j�o,�DB3/�ȃ+>:
z˨4c"/T� � F �&Bbu)umO\3u)~
.@�
�ul=#l1v]�%l$�WÖ��a��Q77�B镮�]JI�2qhx���D(:WZ~c8cY\na<�$�Y)A�JGd0NgȻ`6oo;'FM�6 ԲԳxLxh3�27�!ui"M1�J{�Jˠ N:>`/~~��ρm'Txܲ�]Uz);`dcX_JMD
*;R`Dl�x*�Pp<*j<�ׄq�r]IM0L/y��4Nj;Ev`&\�C�"��GbT�tQ�Ŭ� �)UB*�K0QҒ&3|
Z�츹HO&�ې߈fKI� �
�u|(e�r݃Z
�/J;ƈ9; iv�0y
CVtVa.uT6)`q�롡[b IgȋE|�/T%'Ej+>8LQê=b�eZb}0F*-X%�ܫV}
x
,?\A&h�Cҁ+�g(m?�^5:x��lZh)D5X�mb3ӶȗON�5�TT(\ob*OȐM�w_g{�4Jİw�Z;z몉I�JQ��p/mF/=ϑ��6�vye^.��GӾў2�+#lE��Vl�+�"+*Q{dn~(CE�FM`(_aY`!h]
3Vh�5�M @07ͦq�
>�[d�5tuX�}9{yyv!1evLxՌ%J˧�i�y I�f*ӋwO,q|�SA|6Y��X��);�<ʷ~�̾u
$$D״N۽o6?71PXE�5r�HML`q}�3�[�=WQ=z4V.V��X%y1G%�%' Euoڌ~d
"[XXrEOp>ޙLˈ�Rc6Beu~+|R&,,B:�A9�xx9T`Aw<�#E_)ш@Yteh�_�[d* �P�Y�O�1�=!ND�igS�]��9w,�^Q�Z? �%qGA眍�E(U5E�aD\Y9mB�a���&AJ�iA�÷M7�^>`k'FWo� �(k4%�5�yuT�՚�6F�9b]s!̺N*o=�b4�J*{J&A�|i,p5}LTSv
\*ATND1WBCqBj*zDMb�F8wc+6S�/ȧ5d~%v��^0o"XN6rИ
x8�O䘝P!Qb�@MA^=�*c(_�FSp/ʨ�D8��Tte?ۃ�u�!҄%٧��zBx�_l>T*X1m�ۧ/7mP#[
�aCV;�$�k_r$�wO'G<,愡Dek&Mٖ� f�AYK�$�Kz*�.Op1�jvx`3m����m�gЂ�%ihUpJ7$.b�Ult
Y�Ϧƣ�ȧ��\�鷉HZ島���V}h/[�#�cIԽʯ�n'�"Ѥ$�4��z\�dLz��Ӝ"�á2Bב@��̈́l)�}H�'Ma77G�Q�Hƹ§- �"Л?Q�{H�&
قn,�0�>M< ��V�F+\�v>'%`ʥz�Sa0"~�6ry-c��a$�$;VWZk`BB�b9�G ո�9=|S�jc��tZ:�E~+L=��+jp/�Icw�v)A\e$g�N{a̪5�4p刨�Uӄ
�w_�X�U+I�k⛺OwBx�;^�2VUܟ�%/e&ָ^@��i�\|m~�ۑ�EU62�sֆT�ƭ-G��LjB�V
�Ҷ�GJ]Ǯֱl��bFn]Yi+�owIT��p9�ek�GJt9^`߿&Dt�)�꺐NRp
��mr
p"Lpbd�m�Jё��:`C��7kPdt;ʰ��VK2؏�2!]>=*#dFt%��^j&ǽɈ.��KZ�kBO3B�#��^���sl(ݮl
|"V� Y|
\R<`z-sc.�kdG.Q?cVsXla*�5L�mv֛�]/̶f*{=xfCZL 0R݉!�VkL+E1KcO\�a5�K vѼ8ҷw|6\qsYlg��_>�^QmnO��9 kT��~3f�?�r�258%��0eKαU:$�Az�Tr=2!OPazL�0_�a�L{XxMr�T\9MOvER��CYv�~I�ʀEC�~TY6�C&����<04#9�Zы�AGq\A�˨�n�|�[�!/XrѰ_�y%2A�D 9W�N�cΦDJ˖DGw�h�MD�:��,?<.FF~`p{'ǟ:zwwόٕ` 1�1[QE1o�aYdHK?N0!hd\'��l�Tp4��߉{�ikCENh*zF0ѨҁC�Kx�Fno[�/F`"�8\ܔ-��d/#'n(u�#>EE$�*oZ�5��*X�(="04�G?%?X̺�G�I>{VZk} iB#dt�0+�F3o'MY�en�!-fҾ+`ZA��&�F�zN0wQK��7t�-K^`��{5r_M�w,9W!Fԁ !n�ʱ��Wb fe_��^�AMNvUh�
d�NW^OеNb�u(B7$׆�IB�e&V�ݾ�W6kV@նd6VW�s�̒b,3d1<;w?�9ɖM�䠰|s5�ժ+1_}dRrXȖ�F_,ݞݓ@^Z1KL��וWi-�:\m]Yje�e"Ұϰ� ~��(=}:n)�)TjDE�;�2G:CT(1αǧHܲJ0�MC_De=e;l�F(�;l
=?ƛbK.ɓck?�aBk::_yٺ2�L�,�b�="U:q��d5� ӯr�haGV��,TsAV��Qӓ^@y[DՌc�\g>��8uc�kN?�z�RP:ƸR�NPAʥ�fs�])j�"9�F4V'�m�$�$hcz�[�х'-ª]}_��^�� y
9U@=�ShV-6xa�/,
�э�g�i@�sEO&q�67.w@5��T)�-} 7,9��;�Y���?~FǞ~V^ܨSE&;�oYk2D$^#A <}IT�gP�
ԯ'A�y�14M�ڈ1Gk_Z��չ=@W9(6�Fv�֒�5�b=B3=@w��d,_Pծ1%.^#ϫxe}]Yk�G�:�Ds&�7s5(]s+:ZE3}#eξ2ƾ�spֻEh#?M�iQy_70�D ��s}Yi�rcopIlSJP�a=�~%�.k7:wd
C^qsk[] <|~U��JЯjKWCU{yԴFե�ޥ*Atm*{�e�5{(�#;P�
b�q�kqg�
�lT(UHӯ�i�ZI�}MZz�7~蟐_&�,�}Gk&v�jj��MY�%oSL8Gr?Ġ#&Y3
��%�d)Nr�
]�qW҇g!]Gu'Z=�� -_Z\L��v]Tc(s���/=u�NqR;a�Z�0hj):QTw��I#�i<�ȹN61hEV@XT-3bЀ� #�
�Y]EgᖈI}"-|d>C,Wm bԶPLiP[
jA�p�wnb�l�-aF1a#A֭r-^Eޡmܨnkc~#$F�^� ƻKi"wk�U3rUV3x`��= w+M�
t%5Y��{�"ƒ70nY-mۗF8�
ɽ\��3Ѷ��W^gF���S�gLnMa�+l�ykj&&jC1[b},,�cLJ�>C2�Du'D
�
�r�*VX|*HD��zdH M�|iN9)6~!dxj�VT�Ӯw*28�3f!6[�sC_� �dޏ|]z#�y\+Q!
p�/(�T :x6��%߉Lc�dS @&w��:Jٱ !ӡ����MB�@S+�u#z�>s5o/d2�{0(K�TT:u2J,B�LsS{e�PR��綯s/1!& ��M@Tė▀%�\6�����
���1a�+h+x�t)Y$v��gk2[C:?;}��~:$A�{?,�jױwq
�Tj^ �}e�SMv#S!"*R�+ߚz%A�`o�dEuyT:�Ã� �v5@#}6�7�;5>�6#)f҃s#s�Le2K�Zz_;S
frleռ2N 8�?- �N`lvpsW/mZ�g(�0 rBz.ոAx9�Z
O3o��O-]?;M�d� nr� Qa\|T1^*�|D2XJ�*#u V~Loq1T��Z�:#zIFժw��xϲ�kT|�+wVΚZ?zG[K�Z`ӠQ��8dOQK0^�j�|iL%bC!H?ӲiÍ�&%W���.�}4�ClxwЦv=�,N|ͼb���ᝓ\PҚ�͝v;_RfW_+�Q,"F?8�G+�O~a
�uy!tݤr�/⡔���ݢUm=;m0`,J�m�0C(P*�堠cU�
u�oT&:T4뀝X�`.v��(e o35k8^{]Ogj~*M`_=p@�ћƍfE*"z�]�)oN,Ӧ
K{U>ªG(&<,,U:!�y]^GC:ֹ7�#`M"o��m8�Yӆ����# }J�D]2�-s<�ؘ5"0gt/3"ܡTX^>#ɩ'�!^{m[Pॿ~�i+GJ\R��BJ�Y BQ�]VMw %ނިbeZm�8�ASE�S�3�c���ܵ�U�st@3ֽHfeC�aDf�1���f-��W�whp͋h 8�A^���T=LufW߆4Z�S�E 0"~��3�h�\)x"�&mn8z�Ha��7s/i(;pߴ�D�LDC�0uO[6���ć�z$$ZXăp�"p'X��xc( ��dp~-`Z?dX>s"Ty��M�f`6>m#
[$(1�<|~"N"OY0�'c^��2�R4}H}WNz#C�[@"�k]?#t1Y�Fi]�xΡX#k�AR(Ӣ&C
�!|sE?}]\ x N�]�K�b�?dAdX���-wFX/w�Kqw�;3YQIz "r�C��nMKdB2`��n�ɧUZ!7^Opv�jvJǧ�:DpiT#XU>v4JO�z;2~2V܆�O:Sn�P-- T3qޏ�~bʁ�+�PE D*Jc
d�=H�͕ڪE��ase<*ѷV+�D֎٫�f;|'_c�:W�]rjBmQz��Nn
.�T(��\q̿֫[M|j�}�`Z}�:�թ7w�Il�@غA9ͣJ8):,A';\ub'�q)>XZiBdK'#Cx&>9K�Ns\Qp-�J,�{vc՟YSR%zY^`zeHne�>r#-L�Df�Pi;)��T`oBR�4DY;��B˸|nɒc��9i�+�dN1SF�C��z *P_�Biu�,�r{��_&;]_d��e��}}�A
MgJủk��[<�%V;_ֈފ}YI�?T-fsZ�1jS
^F[�g�uѐi8Ѹ��{@-&W@4�2 \uʗl��Vq]IM�`-Htݳ�2
4~�El�6==}SJ�o
vzFsO0ҥ�jr1"�|3>�47E)>cQ
{Upt#��Z���;4�]mC9B#�B�h�3I)42(eN*�r]�(}B��v7LCH�d(NqG@UL\��?hvD̒Ubeal>17w/8ˆ�-:�R$Sh'qLMs=
�͐K
Re\ӿ*�(`)l�Yhobg/5)m���9M>?;KtZƪUZ/8�*EO
4wLER@Y>~r�
`�_M�gFߴ0�͝.q.�]yIhf�l~^f rA2
T%5
�yjec�z*8D`W�a�Tt+3�:�Zv%�5di��= �QK.yN$6 J!UKMv>?6KaS�fK&�ܤxضvܯm�rrA����bȢCx�?Z�Zy(K
r�>O5�,��}OS`@cR�؋9xCSqE?qק$Oh+{}�R"5ovQУ" �ϦCUD#B�(
|H~sTH�I�*aJB3Pwi9E�c$Z
Vu�5߸rL0l��Z@8�oM��9+rߕA�^\!�\�\)CZ+�EY� Ntu@9UeZ��pˇxH8@SpH�/3xW ZiU�i���l_�(]/H+B�xK̳Jq5f�ť
�E�w�F5Ls%HcuxLKR�dàNٲN/�:Af��E|�!b.�&6�Gdg�j�@q&qn]rie]vkxI?IA=8& /PM,\}3>&�QS�3�dA,B1aC6:Z2�,}͵v�]=-H"�Xt$�67 ��Kwg~\�\|~V�丩h�
ʉfB'LB�KԇHx?F�?$f�"=x:��c�Ib~�A/�gq0�xw�?o~~-�n7D0T��:tARCT?<6�cV7@�M-�|3#�~Q_H�Ã�936dYs0?'B0�GIuJ=�^ ����L �MD'zWZ_)���L¥)��C t�go�>��
"tj3G9YWF˽f9e�\CmS�(�\�OQsA]�I#̻I;�35LZӤ�w79��P%Axˇ9��kgٵ�o*B�V�ڀ-��f1&�FRnti}Pi���Ⲧn,�8-��..c>}7HE(�uMJF,qPV"�dPƛ]Q}�Baa%G�DFzm/of�hr;�O�f|Ji�6=Nvm�،=Q)
�Ό�Y>�[��IU�Zk��0��/�aY10HV^�4M8Net
Ybq!3�k�af:hf[In/: t��kYA1=^PZ[g`�gV�s) c�"�87Džx7pWiICV.ҞzRuLXBl�Ed�`�IEfp�4�{f#Û^P%>?h{ Ie� WF+~uI8&`j}, vIw;&!E
J1y5�'�x
GxP��4 1 Hmq%64wý�"ߌ
?Jb_vy!W�fXLnWRf܂=0i�xb �7ꉕ:p(4l�]<(Izy_{5Ed�X�x�w��I
~V?*".#UFK�;4X�B+aeGU-i}0ן�%#@aKV֏C#>Bhij"ۈ��]LD4�.݆�ov:BGqN�ީ(1a<�G%K7'
�t6�|5khZ#bBg|G+bLV�3ئM
�"`d6��&H גB
r@��bjI��) PN�h{mʹb2(Q1r)�Un>_\2�ͅ��= V6
�u97N�g�E�<"Q'oCl|�#�hx.+ֽ�,tnқ\9�nNl\�PK4}~1kx0PJ�T�s��W�?Cu$s��aJf`MF18٢]�vsZ*6�柃%?WkDqWAeRSId~��p}scb2���X6>M\Q|ajRqk>/
ct�l���n'�Kyo%�/"�k�%վ~-5���:`e/\�^m�3fg�"N)�|eġ��XnBz�8.t6ICEM�t/4?�ww�V�h�i�$eޮӑ{oX!�l>fj�GG1>4k�Idh�al.%�De=)5RЂ��H7��Jڹbxts]%�7j�@�f�nW^rb(^�j��Exe,- x�NACx;g��7:�X�ͣ0*+o
p�(�Qd5��ђRZ���
7%#SwMӱ.
JK�Y)Ŵn�ǟv2vB�
1MO�Eޥ˩d^P4|�t'-P2ٸR<��H0M>
e;=>B|�j'jkCPG*��Nx;�Pw,u̪[i�[4kF}c�817Xm-R=RNCm&q324)ul%Kྯ6�Tj
4L�WV�{2�()�]hj|wt)pIˢw8N��?sĀ2"� �y|�&ld��:2#S3u �2�los�i)*ܳSl�riU˽t>8j ç<ַM` y1
~85O\F~�~JC"j_;��
m�Nz~%_�5/7 iG8�C
,Nދ>"%IG�t�t�N'_U_SM �\Xƪ3yf�-I�� ˧}V!\܋z)=Ջx&b"MI�M�%%sS?B::W���:)�@=r��ed �20�mb�Zd2e��0�S.<πp(@E2A̤Rz�� QtKb�Y�qm��r3㞝6Lc'�08p|ۥh�-
鮢�{#�Sg=maoeiW}sZe�=C@^�z� �ߨ�:��t��[I4>y%{�v�eE!4ܴp�}n2)ʷ[d���4��9 ��z� (~Sۄ�Zq!?��# n1
v�j�po"�Zs���,ﶨb^>ijxUҦ"ߋWQBLoMVYAq#X�Zɗ3�oHE18O'Xf V)!NI=m.}0��sخH߲(eo]f~Ր'3[O?�!Z_�Rk;)� AH٧h�%KuG6#8ȧe&'�9ܼS�x83�:�@pš�z"Ԏ[A�_"ky��zV`h}APQs-'s�sb�Z�$:0F�p>��6�1ޱ�!k>}nĸ0z�PC;aٍ3~
�f7��R�[U��roPb\�Q-v1��::�aU�l�ik%�# j�~���J~�9a�52�
\MsB�Ǭ{^^�v*�a�zH|�:V#(3n α9�Ty%�ɑO�=�hb @�-V2�߯}^b5o�;lSg.g% Y!�\4ב#xp�H�PfLJ�U2Ɔ��fƆC�^�ͅ"D����o0�$-��B�9Rs(J� L�aq'IK-+� dD7 �cha^k��ED)9�m^�yX.��id{u8[3-B2T�3�dfV`� q>d]Bl�I1��O+,'��`=]/�?��z5CdW$P!}Y,�}ܽ���Rp��vo�YU+H2ai!�h�' mۺ~�20cj3cԘ:o|#�_NtIbǔR�uW�Z��XLN�*g'ft
Pq�R]1ge�V{�GhhKt`:%�>����Q176��'��J}:7�5��GGTMDR��ɓ|�kfN"s6Wάf=���Q^1�Ğ/LѢ}z�7�pԡU[�"*fT�mB�i�#Z
�YtjPr�ɱcŦd_�ܯu%a��I3�B?N�ë#B2�塂J�T��S�^멞\<�{7Ubjޡ]NHtQ0�f<9l6D��-.Bn�!Kv=��Vs,g>L֝.M���U\Z2�-#IMWsa
jPT�v_;$�m%5IW}E���}S4�+�7*c&'}�}`IMg]zC@�+r^yk9 qo䝾k�qͲZ/E?'w�<9R/72+0|0s=)�ZK
¦c�xy��$_(s�H;�O��d9�]x͞ж�/h�0NxP1O��Yj��
/�qZ7y(h`�Z/kdӱf.~Ӄ��ar.^zFnGg{J�ti�.:pq'�~Cjʋ] 7OwKޚ�Ȫ/|��5}E]Sj�&)�j"g�xn���Uъ/27(_G�oP\(�r�f4��q�rU�w�#נ%_-�y;���V�kFq�SGZ/�~�3E(9J�ҟE^Q�@E;es {zvL�cF2!kdT*)�ww*ѽ1fsy�ߠYF 4NxT/=�V�.g`h#[�[
�utQXuU#QJpuؓ^Vk�h-W23t�G�E"+W,w�Y`z�ʝ�Kg��VMJ�'d^~dpԹRPazi-j:$(��/^݃H�8�ZaKM��IEjɠ�_`r]�n�#�uׅ%t4�!MiM}znzs�BEq]�`7ܗQd�n*]Ay3-�b\�?�DҢ.l�mF� �:�;Zdp�3_a�x�zGj
=J����pq���iY]e��M�fBVf^^Eq��T0
3e''e�G>�@Q4rznh�|Đ:֟uqس��[x�,��^k{P#p��i&g~@)uMo�/�m'ow�Oa乹{��k[�n{�yLs@&A���.vUçL�SGػY;IۈiT�m�12�f�^̍�Ki�U�)�
�7�%m*?x|Oe y} ۄ\&˰8|Ԥ��vL!�~Wu'���S'i��3q^r'|O�B�Ƞ$6 Yۅ[0eJȷ?f3�DWa8dzҶl�P!l_G^z]� )ȥ�wA!NCUu�%�(
@Š�+gpqCb/*8$B6�;cԸeAl�~�O�B��[^ LT
q5%�lՅ'9lƇ-@2R�ƓP��Z'�D�~�B�0O[9�1CB,UL9���P+QФ0#c;��)Q}�5:`&gJ,Dln�kP�>(tKi
y�>��6ym<�6U�5-S_Y"|,�t,K;?@w`EY#3�A��bV;����])��g}H7q_:F8�`{b{TI�ܩ�SpFvg'>۠Y9�͛˹>.(D ( ]Wx;os*}�G7IV�k�A�I]Ŀ(A
҄i����8ȩ5qf�w�98PCSlE��'&7��pT@& 9�H3"z
r*e67X�j�j�9]u���|Z#_~p;{s,W �lW#_Jt;ڿʰ8p跢}^�a\)��^x@�hd%W7�ȿi8o?"'wZ�[��%�U*0VQ:XƧ\}yV.y5ba}J6+�pS(bvA�/KjJ- L5&{�3NC}����'�9���'�an�)/5.\b7!'U&'(D/2 e.��[v(:?mb⢵��},2^�4dE84"��Qz��N;
i}y=JxpH�,=P93U*k,Sb6:�%ڨoD�{5v*�'&�TUz�zhd��>)WJ%F�`ń%L"�8Xt�?|��&�߉b-^zWOńYn~$b|/086
�"M87{[\�f�r�B�u>zN�CPC�f;F �)Sô��t�A
vބAm�u7iw~T_?:v+B.7YN0BuSQW�gO!sK�.4:L)cc`$%$ˍ$v3̊B-F�E~8O�l*vDh4E�m�\9TV9�iF��� �T!��U�vǬ.]~Gl%bS[1R!j*�Ę|�^f8` VS@zN�7��YVԬ"k��S�f2.S�VU4.�q��ZHS);���+8�I֑n]ߋD4<Ѐ4�ό�Aڐj9HA��7���V�(��[Z�g�[
%�`L��#�ڡ]�]8ŷሡSS�~C0 �<2J�{U6�3
YrpHedj@sTg(xQE���t���C9E
Bn`+$8Ua٩@HRD@c$}^�@P@/7ȼ&M��B{
-ē'Ś�"ib�*�@lF�#Ǵ"PwдHR�=O6څ" �0`x>0C3Z-X֛Rs��Cʁ?$1qON���$p:I-c4p#bt1c�Mt(N�E#tf�z�$[1�-1�/D"-#:�\9��Br\��W�`KI=A
4�^7x>kzX�;�?!��*j�%Κem*-�P$\��R,|L#m݈|9P*3੪@f^k<� �&_]ji8*0'z=* �Rzn`/ 0hZY zٱTSBm��9 uX_[Si(��|i ?'�z��!(֔�ÛŽt ��e�2�ײ
2TL){<(0-9o &@Yڛe-+,�ZFn�naPeb=3/�YӖlDPa�B�rPr\M�J#�ύs^-Z>nS4
!b�3'4�Tx�D\pm�C7�:px6w�;d<'^B8<1�XyuuZ}IzB&:)+�,?<9W(4,oJamFR08�C%=bf+w
¦rBɬm
-L5N4uz:�SX�4?s~#ȝ*V~5/m=�!��.s4C>rO�, L(<4b:ȧ�N*"T7�;Oݜ~Jݻ]5E3\ײ:mbG�MEпzc��.'KNƓ;C�KUhQ]�w#82#�{iq(͉�VL=K�&3f`F�kgD>)
'9��uJ3ɋH";BuҎۑ�bލ0A;<�ZF�dg8Jg�zÏ$ʿ m����Wg$ic��u~Spok.!={Qg��.n�#��xAJHHκ�\ʂ�Mm��)�4M<(u%ͰTw{)^TRLdk&�M#B%R=l�S!��g>WU-{fJT�T�m�/8Kb2y
%�zH3u.XUD7vdZ�vL���f��(*z?fgo�{\�g�~�H5 $< c��|hQlR.(n�P{[ꤷ,bioǩ'!�$H"/HJf6BNT�`�Ntr�n
H�3dP:l�2)�$�f��;�gy;(�ͤtPM��NpP�E���'upU�}$gt�4IyV=@�"q6~��}gߪ*oh_�o{,]X>ӮbΠ
6ݤ"Tx+B:# SX��nf��4%�"�{l)}�B~#��V�#FW@ÎK�@tx�d_4D!L�#5|��R�-[ksr2Pǰn(Q,�uFꐰ4c����`^(/RsC=TJ��kMm(FVDx
ё��[WU9ӊTh�,쯾K̨�6
ǝ�)RoH�9��@x�wփ�ڨ+aԉpR9}F`�fxm&}ך`
`mY!vql#oL8�@�o?yh50
8o`ȮR��B^�cODOvǔ4b
%4,ܕC͡'_
lO@�)n"�Q2�Y!}[iB Qt-F`Mn`Pe!Ъj�vyB�D
/�Y��j�'�
MTt"s2��f|`0Xt�
@�+=H��HQ@[ÕH.XfD˽�CǤ�5��g
���WYp=8|�ɷpeZYO@^j �*L�T$q�%˪dRq[X,~5%e/V&V�;e6T[͍|��rֹ-feʫH-NE0 D}.� +0(I�hG;l,w3jL^9\p,s8[^�x���Ey $(]w1.�٠)CJ:�oiť٩ז#�=:!qc��\ԲC>̾�rxfgaDۚɯq�{[ꋳt]Vm*ZPܵ9J�<&j�Ѥ�H�t�qΚ���W�O�n�ZNB'5M}*M���
Sna,䚳TT(a%+P
@,@NA�gO�styGb�XMa e>9�j�1�F���)":����xcܫtT��@�LЋt�J_(\O�OIJ2)D�8a�ZCєr��ؗ�Q�ɘ��f��=�Pin�*]"5#i�q
z�'oi�㸉�hwJh?�T@�XBi+!hSRT3ĥXڞ_
(
5uSjG#˯R% -%6�c�#4ޚ�78^��:Jd b쮍ƀoo7�P=O9�:x�GW�BM
�0.�;��%K;O Mb�,�.d�U8�mVN8I pekWSUϒ{$ќ4�b�:q�
�&P sqo͋[gu�No|�dT:Y7:^�56w,͗'�U~�y�Ω�rr\Tk�{�yBO��yѪ�N�-g-6�TX_�ގj,�b{�HډQ*?cJeg.+�p~bM}l4j<�uefg�HF|^`Kw_g��T\P\xcNkF8cEoz�y�l�3�CU�9tډ+��/k̓iD�kBj%�L�g���f�V�/ع0�.zih^k�<-T
�$HN�9�YcZtި��WUj쌙Sub�Eke(g}�٠KtLZ�gv�4IX@#nc Q%VVԨ
×Ft��난_Ol�D�#V<�Pf
;@Z0{Zq[��*<(='#�-3�@1S+de�h�R0�9�$�fᾝ&��&�ؚ�6�M?B`N��ǒ?a�/85"QV|zA#�cެ6g�d�ݨ�2ka�~>OPD)
Q�]riJE�#�D(Q��?FDb��+�A�zc/*E"7>��7^���lʅ�CȽ[Hn0s[�cf!&¥?V�\� NFr=H�J�F:�e,�!�*)OUan�M�MV@��JY�}\ߒBVL125ݡ�tYpH2�;C۪Aވ�=Jpu=�d13 O
Bl;���tF�� d'Vea:�AUCWPw��;MOFֻ[u'�k9n>v1~a'�@>t�ֵo p�nywN5鏇ky-�PP�^�bZ~hϱSgu�Ji�i�,�Io,;_x沕f�kѦ��M3
;$�ӬdxlJu!�HOSZ�7�e
1vg�\�t&jOD_d/�:�9lhD�a`Ujz~;+�ԥT(e �3e!`�.��]f�a��E���vh?x�vYxe!�xŒ"yx)o6ۏo9 k�t~N?P̏HjqjJɱi�5݂���PeK�Z|̚=ـ9У�EeM3L��u4['�TVaB|�e�P#�\l Aj;##VP;i�:loɶ-([?Ԁ�w*�XUeA��OCn��&s.���B<3uD&B=GlUT`LIGOߌ9/ڇ!�ہT.�Z#�|+�57;ӿ
Q��h*f3v�k)z��DQO �ق6'X~H~;lI}SBDp6-y6�FmxG�t8M�U$m%���(\3*`E�ɨȠ�'N�%&Fr%sKp]J�j:J7G3܁3��G�\|2ER8
Cu.Nf�t6Nmncû��pS
wJn�wAW�� yt���2�]t-mtV�?HwkQҥX5Xʨ�]M�!�ݫKZKFe�G�řP5� jFyiLɅ(7٥$'W0GM5|[#>�m'շ5d'>A
rPs�D(ls'�=��ŏ��vy�C���WtwE�a�i1it�sѦo/ڂ�}T.�VZ}Bn?B6϶Kn��ٷ
?P_�w�(y�pz`�J`H&N�"^,�J( bo�FC�tAȇ+ ~W@:!��h1.-H�rY�r"ހʇ][pM�eq�*[KTP99+��]O_^�0cGr�f2�(IdzK���Ⱥm�6�[�U"�d,{�50q_ljN�E")S�#YmN\$eGGһg.=#Xr1�F9Xx�{;_kqO�8�^[*2cP�- El6�YTqRƀj(!~,�A]�\�0Xn7V =8A>)!�O@Ac'2zY]��#�l�0�
XAm�UL�Gl?�nZ#XT�xdWe]ϳ*�5�E$ ��Ts&q/cWORKܦhʔ�K��2h��O|b�F�%? �@ui�#ݞV8nX,yAc
����<]x%2]Y-FH�j%uY4�����vH��[]o�4_"y83�
`f4"lׂ�W�ܬ�iHÇkD0gHɲr֣XόAX͋ZxӒd\��Y]jF.Yt�>5*X/eOvݵ�t`2�&B9(P"'!o�0.�goxVOjL
[=햙 Qgu�f�Ix.埢މ�!�aWQn|��̡+%�@���KzvO?3l8�g�h2 'uS�5N��eںW*}�iʣj9
Zڋ�,By@d$\���g`�[7)lB�ܬ�{S�G\ �>0:45�[z�b�zA�>, #(u05u��ઁM�R!�-ēA5�86,DxRPZoEی��P� `��hg5N%Lhf7³Qh#R:UެUW6d�RT~6�*�.9�Ԫc�/
g�W,��kx�잃u4zO�yd$_JN_H<*%$a9na.ώ 7o/;Ui!nytTT�a&��ʅ�n��,�E2?sf3�h@M^F]cn0Տ�\�_��B�;7MQ;K�˾E��7�)�e{Ǣ(%`6!�눫j<%N`x;���j�(��&
?�CǍ"wkXD�Zi^Rp(5}C<>��5媷Ig���w:7]#� Qt5p�7ȡ�Z#sbJ!Os{I/c'0�P( �,L�?!�M�^D'��؉�_�OSsi
Q�9�vz{KKs�>IIXd/]~4UGgnm�%W[SU,?�lcek_VW|C�MsѷRQ?=Zd^Mfוh5v6����0wTDE�7'���PC^`�!R�V)<:U
�D��r�lg3s_I . $;"���];BZAD#4d��E!(�Rj'
I6�9�6&+EU]A'lMG�#D*MVWoSmG�9SId:Qċ
{S̘40��_\8Z�xSJu
]M켣;=�C"ЮȦ.�˂�ۖЀ�`�KoN[��Kw�\/l B)�u�1�GaP8BCr}cqj*R35�
R'}i}x˚�W.^ʥ5ki`bD~^
]>(g|%N�/%��;$�y;.�@�)K{2�NeP�=ZM,QA��W>K�:[�WQ��߽6eC�+��Q)c\#�:�]~
:�i9f�=��ȣkK!.~�%Nwᦌ�;']%r#��y�AH�rD,WہG7\A؛u�5F^5c'»��49UqGz]먗]qY\t� �WEEc')�*�Q&�pTH'Ktt㪵{=Bx�Q�FW�x�VHOm8PrQ9(^�5@F�L
'�6Rt~~V^teۿb'�5}c[%8u%ωӢ8�]az:�W��GPF]�|ot=cJ ]v]ó!5�>XVk镺�kb�uڹ#M
#�.բտW^+�膞��~wE؊s
a%O8xN֟(��{HpBa�·�x,pƟ)h�lE;]50�AoQyԟ{7v!o?V_aps'H�=mri(�VxB-*s�W˂h�
4�M���fW'^5Mv�:Z�B9-\ˢR|��ax� |oK ꡔ��I�~a�R9H��Jo>֝�Ԏr'Su�Lh/Xaq�խa�|%\Y�qy C�*T=Q�6yS[�Q9Soq?a]�}Bјt�VN~�b|�k>z����n-D��
M-GM�ro9�+�e֨9��PGkR+�Φ�DḆ;�J{7Vװ>YЋvx���2ͩRu��9�6GxE�q$h0]�;@g'ވ+��g2EäzK0ɒe{ڍxӅ.ή��IwЭ�br�8A�R�=$�#P"z4j%��E%��nX��r�SJ~v1h2!�ij7yn
l�6קSǒvcn5��:+�<աHz4Pq܆"pEN��&�R*i`P�mz��]p5 �*|��t_j^ۊ��B+ bZ;$�\λΕ�U�p|9-GXŚ�"/S~�ɯ��F�Y�[&f*(�mgn�;�Uf�Atuʹ'dUfTʙ,� СO�W�2����K�v�C�C(X�S�3tJ��W �M__{?.,9� ��,!omүOn><^<-�Z(kXG4TA5p,�yا�oa�!xP�S[^~aP)�zs"��Z�L�ά�qa4ke5�_CfAuĹ?pǐ�Ζ}EͰ�,lA$wEE��30��CUS\˵�AK��'��?
Y �Á}�2;"8((D;a�իL56b fw2\ PQWu)��`gu]>Dq@;v�>�5gZXdMRN�a����A2
��b&�kU�
٩BŹ�}]8D�[FqWE
sR5sw~�Nu܄�H�l"�./FfPL]iIx�OY̚l��M�P}/K�O�"V@gv<��W�uL���C@�Uc�1dߑE�q#iZcs��tF,
[#�p|�̥jP&GN7Blӗ�^��7�Nu�A�s�EW:8-cB
��'u0:3�#M?3/W�}^=}�e�%gQs A��R!�-MD$aW �iƂ��ǧ?�S,��h��l�u۞�
$$O��mK[s"m,47�;ڭkk��r` .Il��(g0?`<[.7&,4gڱ�d�:v�җ*�@A+mmR5@.Us
ޅ+�
�QmHHYkaMAfw�Pʨ.$F�ͷqJt@g�d"7-O$I]�y4:\#j�o윔oH�P3�zLtbD\օQUo)S�.s7�o.=xUL�8
C���v \�`�T�!/#O�%s^�Pa̴�6*PYg-0Јꛗ]:�,~CE��E4בc��PyX
k�5�6f�]DYN"suE]���t#?5�<[yP<ޡ� #�ot`Ȫ!\ך�eP�;|��AC*H~�1wA:0+BWf\1P�LH�V�`Uf}�*�,�AK~)IÎIW:^wYS&�J5�%t �l'<,62{ޕ4izfW�3&yt=�k_�:LvXd�fT=�FXT��]0^F��Wg�8\Iݱ��
;sv`)#YE>وʼnUFb\`D%J��Yೀ}bUs�W�ͼV!��0��o��(�lu}��
4*)�My�QyPg!"K_�Xcf�܄O:J��4!E l\)`&;>~I��;|FH�SU�9}.B��oiن8�4Ha!Ajȅ.y﨣NJ=�M�"h
;GumKa�!c��'}J_ބ �sgVe[��JL>=XlMs�7�1�zqM
�jdn 5��c=�)=;w6r֎4
cs�l>��pW�6QF8aRqH�T#?8�+�;�WK[�-cR 2[S*\Jl_K3"T"E c1!LQ��ƖbP�fo�x9%|;U�ifkZز}w�TI[
I�A9q=�� vme7{�01H��!Sʲ>/5d�
i(M�x�dl�0~�}zy i�F�>ږM%QN:(JfEk�{�t�_'[ڵc�tu�Ll�RB%�UK�X��e95f �-�E"ȏ���[6|�Ir��UH�K}�=b�#=|J%NBKz\3_-4 }�kGK!�y�B�pBw*�-^"�` X[l�Z+d��S4{��Et�hkMs)OcJQм�Df8 <2}*�Sq�5E]OM�@3"D�ۄ�Y�%)�ϐilN�z8j
4�{kGgU�lk�魺�(`m�k�)'xkB/":_?�rɦh*�
oQ�sƬ�z敾.*Թ?e�!�HU6\dI8E}`#
3R'R]sI�[Qy�Xf4u^uZ�/o�c9Ya�4/zVDI7V+��a�hIJ
~KZo}U�_.D�l4?P
�7:�7i �ߗo�
H]J�l\j'm#W�U3Q?.%Nډ���cڍ-@jxXj�_&)w%V89r V
xlN��-�E�VT;RxFE?m�/H?�$~ܮwA|7b�k2��n��3'"�ibc2,[ݥqH{W`j&�0!�$nbܟ&^v*j�śm�q U�-
�ԒaâD3)P1$,c��K"gc£룱���)o����[�n1Kb1ea�i2�k)2<
P�W;!wB[1uGX#agz4�h^#ڦuInT*�
�JGwMШ"�7$0m0F�%H�^F
:vV6{nΖoA �8>h04
<1WMdܻ�£ϭxZP7�5�Mi�=ջ!fex0ؼE�((p؊V0�J�)�fR%4
IԆ5;0AI,9wIqi#3O�ݰ&�sMI%g+ʏGa\
wM0%T�+$@Ž�2�1��$as&�"p�)Dwiŝz+��|Z?I(<$e�>i�+(Y^>+�FEr�YSΏK u �3DCG!��M�^_M*5<�H*g�kn(E�L�ٵ�!H�sB`D7d�=>I^+�y��s/��=o6¨B���JcW��9k֘h=Nj2\.[Ȏp8p>rB=.�蜙s)�FASI�XΌ�;%kz僎RHV1)fH���9$r��x �DiJVv�̶9=-KxS�
_
T�I*���IY%&�>6Fc�[{*�Ssw+Ŷ�:�O�Sg�izo�O݂w�B�!E4_19
�XhC�B�1
��
g�A{Du�=AF�t^��DA
]h>|?LU�X>wE��y�pIL;>Gph{c35h)�L
Cq��I@�'8�<�"3ӓ����RO�
�W{WoYr~r*��o(r�<�6�ܟ�!�-RBc[GjeAaI�lObC.qtG^_ ze���T0j�;�1cYYMz_ͶA���*x!!y7V� !V�nxJkTk��G0!Uᖸ��>[h焺@�Qׇ�5L"Dy}�#Ai�ٱ);f/h(갈'�b$Q^�{�!�J,iy5]mb_Lu\&+�)m٪nhZPd�ZhBHN_WG�vy�`~:g
E�,'
K#�'d�&$Ђ&�v�I.YͶ�/)�/Ca~_mݰ[�`g#�2++�a?�NZ�]>6u�k|@�p 0:��JAR�߾~��T�b�eL ȚO)\�﵇!�a��1Y5�� �+�8-͠�k@b7TpP\7P>_q�6
P�{�֡|g_&k�,g�^dՇڗ�lu4y9��)�⇞*}Po�˂#�՝ԯ/0KuM�-�d"�fBzm`dc�b(��a�m$eb�Ɯ쨵U^�o!Ȯ<8ki�:[8ͦ1{4�ie+�O�8�tG溛0�}0p[ħ
J|�1��MH=x~Q�Q�ƣ;c2��|w��$/H=gC� ϋ�?ہchU�Qr���AB81�oW|'Z?A�#2BxW
Rz�AO҈7Hn6�-]�vgn|=��zU��� �;d5Ppk1z!8��УB/�n��8#�ՕN��^q1Zn"r
yM}d3|]\L'���<픽l}'�R6x.�Xj}E�F*�*H�pb㭗.��b_%�4_VFnj��4VKKu�}ϑ!�_fvEB1@j)k*k��<
ZZ �J�X~F�١6�O`h�P
f{∲��roz2|A
~D֍g_ˡ�P2r,a{E5ʱspZ�A��9btTdV_:$./.n!by!�ߦ!�)�g`'(�,VD�gD�S߁\3zU�:�th��A!$<;R+]E�,,!Czuo~O-Nʀ�[^�L�M?+�hs�O:6
�q/7;A֒4]̰2@�".nV*~ݥj/nyFbfvW¿ӑbm0%;bH&8�MZ,&_G�]O.�*sIbltBIbԛ_ɏ �ZGtV�t*2N��Gشe>2Qk}�ŠRV�zc�9rtf�DoLùg:Tqt�k
{ws{M�竄/WLYq73 =�!8TL3S�,�N=gz2�$lLy='!_%((���^6yo
��UF��cBQ3�RgoNj]�oJO�1'
t,$�{<8Ӫ�i?EWSm����byX��YM9we�iRBOI�o Hu$Ÿa�^7TyĹ�ls+�;,�s63�J/dzsz/��0�\%{�[;n;4�,i?0�J=M�w1(o{� �$߷�kzOYaR-�,Ic_+�]0Y* 7^Qp^3v9cR*)�f�����3BtĢeB�F�&H7N�\U�%AS]3.õj�A�{.�J4�����Qb:x F�-iyc#u|}o=�5uʱj�K�uunr��ʣ�3/�6�[gV�8wQ_ODŽ��{y�3vA""ѯ^zcZ�.^�ɤF�O�H(Y۱("fÂ
Tg^w>w�H�Pn��N@�.�ͮX,�BX�Ǵ@? �A��^�/wr�Km4p�Q�uj(~q���s�w�w$z<�0XX�E�[=�Vhmp:�_*(A]�ɠ�g}+ >\ea"}B\�'n�/G�!�eB
d�aSE��U؋cu#|Fn�ݴ�p0��/ uܰ3ZgfD��a�|�FJ]g�سRo$Wu%+�
Q&�~ڱ���W(��4콸W K�K-{pa`olM]�~y]j:(G=/���Y,�r:U/Ȗ$b*e]>)�h+T:o��{tT�րr�kޢ^:K�EQ%�SH5z~P�W >�w>�P�X�7}�2ľ���eu�#�'/\�I�Xe/9"��jI\0SZSۋ|S�z#zr6:#�CZ,�j?N�/gR�G1�I?
�BO}(y^F7J羢&��[�z�OqP�ʲGGows!H+Y�iP�#�z�d.�5�;-S6YgS{%��"d�JZ(ΞtP-[o21�#&9jYt�c��sGT�jI;�@_|[uŁ"|(k9�qƱ-IL,́g$XS@ɣ1\;i9kvN�&$XaO\DI3�-j�rTfc/22ow��'h0}z[�HǗ!J�X
d=�Q
A�Ns'�>S #mq2xvQzPu��2˱��[ p�{|��qc�>A}�z(H}g5M:�}7~�\9#�ON\k%�io��؊�S�[kW
Y.�G�LV[�UK�"փbrp|k�ԡ6s3/gҦOTdTlk1)ƻ� Y+⢈�zA�++e8(k/y-~~!��>L*,+1�x0Q���}шC8%!6έM(""#:]�:G6$\ly�b �7|2%!{``M�<�n2"J]�f
E�c,Vd��M&2_:c~f_�`.G5__34lpٓ=�!�P�3B83~,AHa^¹9-_^b2liEN��?�N��ϧ{�i
/n<9 7>NF*M39�vi̮X�_/@krD#�q�T^^�DV|̺GYхDI=N}mQۄҏ쮁*3v~.AQ
C;\i-��u8h��H
�c4a@�=ݨzV;f!�� QC�6yl�*�qQ��15�N���a?,�&Ng�B)oLͪT�nU��&1[A-3u&fiN�1ؙ�wܑ4z=�!�Lx(F62Rz$W+m�k���.��͊�O֨=����ke~/,Gj�` (xR;9796L4X-a"63��/�݁l"l$._�Y,�Q5RUfsI9�E.�BLMD���Gp%E_,��w�jOi5Džق�}?�L Z3�w܊>�LYz-"h1�,a;�>݊!��i9mr̆pI�wz]�0w&U_��nS-��5oܳZֽ.[0\8I�tؠ?��/}Y-m^IcYa+�t2�Ce�
=4>�(�N��/gKj.\*Ӥs#A[)�X\�ޝxBH�V�E�I0sUV6u��(yl|S�Gw>yj�q]�3m��_ڛ��Q`a�n�+�5W�#���YFgIS.$��$ѫS�))h�)~>z ��ۊ�{V^*\`)/jWEm&�����Zr3n�R7]Y�MX��߿vjtp䉅� yݳw[,e%\Kz�0C�?a&K- k=ce+Q�'�Ċ�H�b,:|�%]I}�F�6X>`6qRS?Ԃ}KY��5Yޥ&S�.oY[2h"�%)g?�{Ԣd�ݫ{K�Gsu#J']ܟ�8Gu"0O/ԟ3��SB�p�x2hdpͮ+�&5*q�s�\�\�|/V(d=QYI�h̖}t�És���v�ͫ{dƌ/%�?=@�W�J@$�栉@J'na
4M+�C3b;!OegAƔQ9.N�F�,!��t�O"#'205F:@gH��{R0R%z`%R�`H[kϙ-B`:ʼ !�Ɵkx8m0Fl��e�2^.k6V_f
<<�
XDyzʵǙڅ5';Щ-4+f�i#>\SF�ůṅP f�p�'tK5TцuZ�BsۓqmAk�yFc{x^?JjB~6O�,�K.cfX�otX^(^S$ڇ��EF�n%1_�L�cæ~ ,�C�9@3+0b7:iw�*1��{٘P$u+#0%dK��b�:�Ǩ/O9�q�{3=3,b 2�t:�l�whqƲ$7��_�l蹃V8l?/t,
i=R^ɯ�n`+z�
�/�Hܯ����)Ip�BU��L).aRK�%�:Xyp�S|
u;�MSu�kc�*h�KƯIg;h߾>�i/�A供o#\)dluWuQEh}C��j[wpfJ_,>�u%Lտ�c/D��pT5!mQ!T"rć1fѠ�X@�*U�cG&Q1{|��b\\P3*z�rDngp|0��Ȳ��y0ۇz. Nzl%X�^Uy�T�9%�ի��X+-a��+� _L \rweK*0
[]sd*�UP+7G_k.*O k�` ��H͛܈}MY3Sv.H._8f
b3J/�kxP ,s3�v\٣C5;
�2�EnKԫǿE�n|8Kٽ`)eULqz|�=�f�?�n*F�M�a,�ۚ,"HT�7��g�7}$vEx�v©l�~�"�� 'U3k Ѡ>8�k-K�!OԷnBv+� z!IoX?J�e1f{"cir�ay��WLSE8D�qו���6ޱ#evǼե=��Pϲh$�C]ڊ�J�OGI]9/+JQ>W�nX�ى3`.iH@Ӥ��5yc�P0-+�
�|6=>f1~RyYhɰT�;+%��9kbu8gڮ4"�
-66rnb!*�GV�Y�!�\�F(?aW�Nwad
�:2�̞e"+�E4!= -���{4̝+ZF
T92&�gg=�V/J:��;�Gl"��:n_E쾵~N��
e�lx)p3?,6ݰm\UɈy?>�Uq|ku�ś5lt<�OM�AK77�6 {9bW/8xRV*'@YN�i
�~����)p�b�|�uq��Q��N֨�bg zyu:4�Cʷ)G�g��V��Y$H3\sÌ+
�j�K0�e;OEG^!�^'d�5�j.Zl�x�@0`p[s�7Ĵ�dy;�KC���;�F%7Q�&��N>'2t=�Fx 1gQ�[��,�&ph�R
U��.2�!y2[�XvU�w�Z)&m(vi L)seWXζΎ DM�7ΒiKV6V)35"|HAYQ�_'uDy�u\y�F�c�Hߐ��4wpqqؼ/m|-Yv�D_X)-D̮*_?;�' P�SH�N���b`A�d̉
1ɢcp�s�OIRdTt,7Xͪ&F <�d6zFD��eA�-`�7l8=�]3䲂Zk[�.J�I�zj�)a|Y�}[ZK��/~F^jRF�BbIB�6SI21xgU=�G)��Rjƨ��y30;�D)KۍtFBJ!-*o]\�:P��u`T
.�ceI�'EH4Յ���w*[K6z�N
=2"ZorF&g60䨒�,oye� �2=)
���ԭT�0%:.!Dka#h�YPrO�6
5|K|x]y:�И;hEk͟�̙o��sa�w9sSU�4'~
��_�f^w7�!ɤo�b;"?P�!zò7�<�hoB21.ם5Mu�tWI�y"��L3 C=gIc�E4Z�I|ok~ 8oyTLtv04uV�"GK&u�)�4zi�[R�R�rx}�!*bb)i�q+�(��aoNF�\2P㤴1CӢÁJ�8�.j@P,1xш42r� aϑ
0BJMNh|iD�`7d)Ŀ�5
�GEZ-[
~6ۏ4�谫�&ұ�KĀq�8%]O>Cɦ� 59V'^|.r $uIa_m*zva[o��T��p=��PBsbT�-,NmocE�F5yf> be-RG<�B���>_�a���9ų{zݥfV_ن�S]�kԓ4��::sb.9P��i^ETO|9
lLo��c
I=h6P���|tSF+PS5k�Q.Q�N1;5�?%�] H0\M
\ganDF鎿Y4j6qI�&(VQ%'IR{J5� �a{
]A7s�Ùfu�z5�
M�ݠ͂4�[��o>JG�d�!l�.() �~KJV)?dw0�5Ŏ$o'A)g`-U�O5�8�tY#
~�!0V6`;Wyϲy�j
C�N�;I,D.��;FU+�P"g/ZʌYn�?�e�Zs�3�?�n�:.gz@I5�'�T<8\Ak:� j��`ŷkɴ�m�Cj��mɸp�i?䈬F��s4�L(oJ
�6cF��<�m�g&Hۇ��q$$�JԜh�O�bز?�b #*��1n~�_gXao�s0RCd#bL3'P\
|�.;��g(5eKU:sXʣ;Ёx߃T}NA6Ѹ]:rMX~t&sJl��D6"Ȭp�[XZ:�%
qPh�W��08z8�>�i:y�P{v�}RS
]dSȝ8��[t�afZ�A<0�"i>EgѮ=�$�iFϱ.Ȅ�kuǩ#3\4 �Z0t|�l}V'G�ҎblA�/'\k%gL�Zh_�*�v�Ez�JyR@AFxZ1|/_57W*`0ksͧ��wM
��R0{�y�H%`_�b#�k�ƚ_�МG�Z��=�@D�!{.Zm·%?�,�R#؉*4b悤W=Ւ��<4䇒I|yp;ՐpE5Q $x,(Niķ�uoWݢ�͍�O'G'T:��Ȫ�CrZ�.am�Ǒu}=q:'W�;�ԁ㋔\LrdߢM��J\Jtg�VB�ϯ�Eqx6b�⊑!��<�C%t�;3BȻD_Z�EasTI�i�-K�e:�$�rÃ.Q~ETuuko+u!Ȕ]LD;�!A5��{ėP��X��z�Dzg.#q�>SYOSTuҔ�I
;lV�\cVR�*�{գ��t�fJ܇nk�?3*E��/6%CK$� "qs�CG
V=}KY^3{u<^�K;{�
7eO �vS=�|�`ҭA|<9uo�,{_�l2FQ!N\?�^GA:m-�u4�v2ΡWMK�1ޘVS�$hm 'y?
|3+5V#2Fx�d�k~L,̑��6_�y�vD;ߜtG$w.Bp`٨
�{~2ˉQ,�s!�\ͥm�Uw-)/sK!6o$wD@�3�!!/�uJ/ș`������a�#yo`�}��ّI,=�ft�\u�s�
RÀ!+�4�N?N�B�\�W�\.��7Fn099ǡcAll=m�Y?���Q�r��c�$?.��oEx�})bI�a�%-�AJO��Zq��s_j��M/p]ąX9�ÞT\rT���qk�,3*U8Pέ�=xwE�Z���D(N5f@� �z�`zc�4w|.JOG{�.O
|�69Ά�-�u�-mQG?H:P��mkU-�G[ߦ`?m�OM�t $���7* fÈe?`/^v�s�)BC�(�qW�2o#Z�:,�[%Wވ�9�踼�z]�g\VNOg{���+MdSU%T
D�4qt3FlQ~lN�A{4`�-MlEM�1�Y]xok\!@��(u[�l�y�b@�Y]μBد�m�ƋbKKq�qG'r� |�Ҳ�%6r1
$_=_m�3�l�-BUY�:ǺL�H0(Zm_*t3K0y^_2t �@1>;k!�G![`t�4tFtXVD[�=d�$섦YA2
��b`؏p�!}J
?
y3;��i^�6!c�I�R>m
"zmQե;ImyDe��G�u~\~.xkbL{rdO��
HU�MJ=r�I½8Q#Ь��1��n%�,<`^4$/nbBjewޣ7&<_dRv�l{�k�h��&1L^(vl\͎-:�$�Vi콓E90\G;:s$:pLFx�P{j���G��i�F�c͟_S-F۷�V$AJ�L:�\錯*Ըdd`2]wԋ��~ثȪIIP3ĴHLG${Kտ�+�;�ֶeG*t*��+Z{��Tw.P��U
;Y�Yc"dD
c3r{|zu�]k5M~uv�Rڙ=?֬S"D�VՊE"qMpqDX�S�Y:����gG:&o#n`�Th+\�^1%{��-܂?}~�^j
�jW�Ϙ_�m!Q; (�m�s-@d}/Hځ"@�%���C5֦�>���EL?I`1|Q枭6.y�fk*�̡IU+tHE"+XQ�,,0bItXeL�*�3A�j>g��`%�`43DsG�JN%X%
�O>9*ij2T1OqJg�y,�/'+R}�Ԡ�V�px'+Qh*$��(-o��L< �a_Հ(4O�=[�,]�G-n�SI+cNWJ\^e5-�os�1\_�XkA�-z>b�BS÷�~�&�1hJ�^$ƤD"�Ab�Y��ߖV1P�Ԩ�vvN��#m�3�=X�"
ͱMP�b'DŽ�H�[)]{"��Kɮmd��",J&&�t �h%
`'ύL_�G���Bs͙Y=o:2q;�";)H|8�Ɵ�-'qS�1�zN��[�Py2�@�i6;v"Vuc�F>Af��~�1ԣ�(1�/�uj@ppSLM*H�_A&_�\vt*f�AU�&J!g@�eD�oLt��;U|,k���:vV:iT/W��k0RҟJ&1�4Q��SA��1�IS܂s���fG#9�1-='MIpIv92rPC|wuaȋ/�<
"ж9R{e5!u)�.>X�Ee�ֽ곑P�$/F�;]L#s߳�xSOB68|K`jQSk�R$&q#3Qظ�
��1-�uFݙ[m;MAf�$%hL>G�d�MT߉X�*sX��m]Gu+Vvc�=�n.�*��M6�QN^Pvd�_t�;F
&A"Q0Eւy�WƇB/�SJ%2yz��iǴJ:k�q3@A#NZos<�!"8)�Zn/;vX��#7��Y1T]�@TŲg�m_��(d0&F;ci@:|RGQkej�D#cyL�PM�y_Gqw\,�!y]-�9)�9b$1&^Q�C�@oDLقұ:�Щڶxş) �4iX~�蛝 W0At˃_�lJ{6�V*6��_dy���bй�VƖ=#9 Umv~��-,3XN;#X{@SX+�a^2E(?oYXM:.JHM]2#`A[
��*�0ʅP�`ՈxQ�
{Q>[ ^p=˴M>�ԛx!r.y.u%I?h)��(N*��Ca,��l�wĵhav�_껍��. `#Ws�騀J2�"a#kMV|2?=o�hڨx�s﵀LZ���c^u�<�!wF�f%90cO�,D1Q�]�@�VVy/�S`W=;V_X{ /�>|R����,2w�b"5VSra�^/c��p6̗;�)�+F`��@.~=8K^r|we�B*Ô�Wl��?� `!�5�X�{A�}u9]_�HE~vQ&
H�2°�EtME`<� ڕ@,`rҌު�PW�sdf�3;XUDYu@.�ͣsT�p��y|LTɧw.H�.WgbP�j�"/H=_c!��6BrFhgIh(ƨ�W썐=��k}Μl*MdthUSM;]{^t3`]�@N)�A1�/�:G3R%7p.X�ɞ#��g/�/ؘ6��Η}r٠�^>sD�h"?���Y�FYM�1$p�Wp�9)7ݾN4J2}o� |�!�!JyG'w�bxU�'a
IqRV�"
͡�|,l?)Cl���dG�Ǿ|-l���,ةD�-U�HgR�C0C�Y=��v�]:ϣn+�)�?�e6�?4AOasbh}��*B }�kt.�fzP}I1U )�xP_5Ô4�0eaL{~~&�ܭNl]PbV���Nt]~.Յ�k�CT¸WY�6
d�BsN�V5BЅ �U~Ťu2wkHWƏ}C-8]^!FQ1[��^[1{`&r-,;55cWs"I.v�JH
��7�Z�m�bU= Ғ}v_��(&�2wb��QT�b:�pnIjbF��S�LF%�o��>
r+4WHv3\@�;�,P-"Dl˟^
7a9B0GG
@|Ĩp4�^eE_��~brrk>itD�[dK=�gq挢�Љ�(z
L��~3�{#&OS6e�J���E4��ܑ�tg�1ݕ �_~��ĦaHUuaOQl�Ռ�(�{q@UC{oW>3�)0#A5h<�U%-��/մ ;PLB��Hyc~��QʯϷ_Mw�ko1�${iVy}L%u3]Gďw�'jyx�yvCj���XǴN��+>~(و)|8� |dnDesϾoq*I3Wi5��ijaҝ�nW #Qq�IW��YςMյ�%0gc4)t:�R'cW`a���*n|>
X\)XO*k\-j]>bh�AbJB`&��#l�
RrmUL�d%LZ ��I��p
6 V_N:Q3�r�FK>sÈ%7��Vbw]=�/.��f6q }�;ĆpMgҝY"A�*J�Eȿ]��+ۻ�Q�R�wg�N�HLv�:�Rb/]M~gֿ
s9K�2 �.]q*8Pw�M"(�#�� ($K5
f^/R8ʗMrT��L�KŪ#8Ww'Vwh��|�y%^��?{OU�P.Yc�foo�ë�`hlESe�ixܑ� l'�[:jґM�A$31�$&��˥"�i-TPU[�u�\xB5Y�alk\»[0A0�K``28`
,m�xl�.%RlAn pV#EN0�3*!}
RM�iAƔtIQ!G�uQ$�(��V)��hlU9��vO~nyܷp�=sw�
ft*@f�ւJ�1�XOF�JJZ$7|Tw��>^tm�}Dg&غT.��H:'O�^{RTf$ɝt%⟁\4��t�XX�aJ#֚WhfjbEu,P~��bU\Kq�a�'(��ihHG5zoǬjW9s-W��7 7X Ժ)�̫�!�Sc̻%s=�V?�<Ę|+~h�(C<=�=)8ry�gO3�Xio@��//lvN�C�Z�NF�"fp,xrdGy~:T��^7o�C=u 5"!z����ſU"Tp{rۻ#B'[H�T\ Y
GM�0�ީ4r�k5@Cj^Or�S@��84�0YPrb`7[/2q���ֶ�6Xd�)X+Py�6[y5N�py)Q\͋�cо-3V-6m`<ǧ6$'��?\
?V�3[ֶ\(�+:6�HM!V f&|CH�5Jm&nL)rպ6�oonÅ
Ę��Qv\XE�gl{Î}Fa%9vވ~m��]�
t0N7s�eRXL:Gz.MZg�T ҥʑ
"�]�.&b��KLkLe"
GjPm* ��zx`1hӭW� 1�\+ätE�|?]ʢˇY�|�sOM9�Uo�w_W6ي`}?
؏@�l��0�DήȂ�gx1;4gx6HM��>/$'��~0$-i�rrvSF�\S_U&#ȁ>�بJϦ�r�)�_jVᾱ%�ccehlkp\Ԉuχ��7CgA�Q_^
Q�'�)m�Ezhfcu{Y�s6,Pyr/�6>ITOt �_d%0/Z|�.]sTrmk{̍Z�92ڈ `��e~���"Gz�+ Z���G '�}�t��[��6V~Ν~�KZ�/
~F^1Il6l��)sWMv!^��φ3�pR.GF0p"��FNhǟ];n=�[�N{x�uH�Aө2BaB-:4��+�1L�zH�)�oL+^JO�f L4�n�y,q8Z@p*;F9ZwrZf�R
,I3��]`a]���:1>�h:؛[EXO�OH�}imK2ESb^Rylfa>#\�#�LũNn��L۰!c*fw��:��o�~?Zb~EA��+w�ԛ.H�M�,~mWT�3�:�Fd3q]5O�Jo�{=Xٞ-[VI3U�4� +)a�@� �IcŜ�_/�KNh LĠ#Vt^]��&�u+9�88Ld#(>�lѼl�L'!Mg(FR!`!��JY�Ձ'f�5;_GCzùտ]͘\�=�&!��ϮE2�1gTd��R3ak(oP|u�xk�}Rq!+C��88v��E27�r}8s2�a0joX>[�}X#t��^�l�c*D#|?8=J5^9ڗR=y*ީ�'��43+g*
I%MɷWßXFFk�'Y� gz)6c8^à�`ІB�� 5�}IyҰ�r�U�掠���`sky.>g�RږFE~���-�\��雀��l�t)|a7�b[c;U�N)놇���@"6h!LH��,ėz+�"�o S�X܀b+r$TC@e��;ZEi�,�
�kR.*@*qri<&�Hmnj՞r��taN9�iԲ{��&wN��19�)xy
*Up��Fٻ���#ZU]��V+ �KdafII�2>e]�x!9pj�U�ˁlYFP,kC�5�'=�v02�<2��[oi1B_�x"{w"I�Թ@,>zu
FB|?L,���LݧQ㵊SY߹�4H|[Hn�`�(\!/�S=nԉU5�3�ćloBU>-x+0��>`[}3/`$,|�J� 7�4�͟2_�i�6/���*Qa;#ΐ*|xB~
[uߊrjH)��k0z`#� ]�DB(�cr��H\⿁5iWE
ϩ:0
4ɂPbK<1lr�q(k>8HG�Ĥdg=�,�/^rx3@7rW֕@''~PrA%'˛|Uh�HLKi"L{Wg*OiZm��r]Κh|]�7-t&���]n/2���/oL-Fp?h�6�ɠU}���MbƬa<�2JoDL☯ދAgF�̚Rk��oG)t)7�84h�� qa��b��~ObEM0øM`cC�
1[a5tP��-^ArX7�zHleP�t�
e>luAfI;
�l?.b��rh�aZ�tJ�5�s�\!҂sOae$DI"pϰVZpd``:$q�SzE/uTI2l]ϧAZ��v}%)zy4i*Oc`�:_�,�{# �
:^�21yH`M#T�<(���0SJ�#Y�[5YLhJB-Ԍq.rG sdobOv
t��(�ݢ�U'\%
�hK`y�Lw`=@�8>�ۨ�v|�cWK&%�B?�
�Xu�Z��)ϼ�e�(Q�)8��0*4+¬wF6��\Qn
ͳ1'K.@��<-:���0P߱%�y�{��wGGmeك�k2m�1�xn%��r Sfe:ik�';�櫽t^��8cpn*j��$i
�8ϼ�Cf�Fv"db�k�
pW�_�L{+kh�S8ePkK�L&h9)�~_A lZ
:eL;M&a`8d(
�d�vp^ɶ'd]1Awr>��j��zֺ_Ssl8$X«_ʝ!*=�
|�7WAA��σ�DR�X)Řnv��2vRX[d1wD�!ͯ1�ݠ�TT
"|8ڌ�GED40izE=;_�{avg)W![*�7N(��@gb!;SC_/�ȥ �4 LƮpY-�+E:�p�aژ��[�T}7v%V�\d� ��&P
ږ�2�{+ȎG�� S�mU'Y"=4
�C,T��Oo�;
,Fw�E5jE&
�i��v�WϮeKjH \N��X�X
WI�U`�8N�ܐR[J+�c��~"?�,�R�ÝMlK��Y��KWVKl
EH�Tӹ1o�3)y{VYG�)'��P_
:,�0�U7-F;�\^�Oա�D;Rd
2O,<�h}}!
P9?"d�ˀX�͑�W*-%5�2s�b�+HZ���T $E7t:Oٴ9� ּL�=�N�ӷk:b72�8hlPd&�]Z{0f��adצ5��(�K
jHɣ?�0)qb iS&[r�#�||
EJ`3�΅FLA�Ezm7.&=
U}/[-K
$~�A�6̋'8(���\w~,Qw�@'kZ��~K^OͶ%G$hBD9:ʈW(��[�YcԂLY"g�m��cמeskH^R~%��X9&�0H�i!LZ#�F��r4y�,�QbYQ�qm>�^rq:aO��^�(V4�%.0қF;+W�bn-��0�GY�V0k�\=�a@,�;V~1~dAr�->Q�5EP;JVPk[QL:&$ڏ&C��q�M/�?i2!j+`<77Y�wH��Iu�{oϭ<��
�]�;+�%�d͋9
B א6�$/
�Ah27lKE*݈bFby:fy(+o
E;zF�m3�/�}2R Ң~5�N
�Lqz|w��? �P|-|�CU͗jZP=6�,, |AcϖՎ_C�O�m`;Œq�-�d��VL
��ֵ�+i�--lWL�� �E3~���t�"cP.M6p#�6*n;e�rX݉qk�<։�K*b<3��
no+m=�k��k3wJ]Z
�t
忡C./P[/1y�_BrP{gq^g'0ްd~�Ѐ�Ѿ,m5�x5�ܠW,K�ۡ#�0Ƣ � m1#(" N9el��8�+u�
dψ��q�uuȉx]V%#�_M�k�58++w@��HU\#w38~�'�$۳ �\P�ږ�Qq^Y�2Eg:5��X5۷-���ͨ%$Ć���F+d�cȎ3 /)Pg]\�P�`��-^�l�Y�j>�QVT$�R:ZdCb}Z-6!x^:9(�@|�^�N_� u�1Ư�/Y&N. GmY_%3j� tuud�Bn.�:p'yξڀa�C)y,[
JűL0+V9x�M sxũd~6[vfxz wV`
[L� /_^5E7Ko !-7&iËt}�Dp~@lO��![f�S56b$�ό]$7'}K:Lc7u7�,8�?X⺧GiC�WL�E�τvlsX�z
�#�a!�J�ѲL8�:-k|#�fc�,%1�Azmh_�!r-o��iI�C5J4
q)ӈ9#@p�嵪X��E�"(t�9<_1Rc�n◤G=�p&3e>�m|�t�<ȞU1_�y�*c;Ze'5+?/\S0D�1'J�qbeh�fq�N[�꿀�>Z5"c�u3(]N�N�Le*i83s9�SΛ�Y &/8#$|J<�q�d��w31�ȟ�旘)�ep�*8kyIl���0yݾ�'h�"j I�33bdo^ٗ�5EUb�M뼁ý|��7�k3YO�I���jDjZ'��t=' �dž{)5��g�3�ޘ�^r �f��w|Z#g�r<- ��0z�.hHQ-B+�0�c51�Go)�e�CM@+l8yC?K4�k�W|Q�vUV��r Q*d{}+^�H/>Ge2<'�E�ZwU�~�nȣt;�z��\% qZ^p`BYLg�=4��߫@�ybʛbnݟ��ߋ��?hЈ���_ ӕ�@�{ݑ.+�v
[2)k>K�#&&:L�L-_��(f݄�$Nq Tt퉓�.�^�LZ�|a�X*G��&8�@|_v�xta LAEr͒g;&�/�~(:h?�,aݐ�M:��*:)�GV|G��'/);ln��X9�eؠq�'в�TϙmO4Yc�Ny7NE$QZvn;8��ߩV?�_+K�,#W0u�k"b�,ow!>'q�_�ǐB^ktm��$۸l�KR[<�`*F5
�5|2C}��>�?=+Zy�f@6��Hleeҟ��_>Z_[m
�$�a�gsha}0s/$1� �@C[jS@͋zjm�>_~qY_S
� zT
u�dYj2Z&�,K�Τi�x��m9mn�6��Q-,=Gw\W14maq*�<]��?p�-ȩUBmgmL�L^͆5^tC/�h�x�e
g�?8I�ʍ\'V|�uˢ�/J_`ft+=�⸚ΕpOE ���dzuZ0�oBt_FL2��>___��'^t)mxL^�[L\�x�<=��6F1;2�uCƚq�,�彋���Ex�OĨI�O�JoCa�-\_*fAH|>{��"-
�$��VV�ψ|g�7u{f鼃}#U3��(=se=ݜõ7
��M=RW���N}J-d8�]M���&G{Tw9
�%�ޣ tڻn$>j#�nV3*�A�羘Ɂ}�m
J|ZB$�z:��%0`㽔�JV}'؏�V큩..毉5fQ�Ux\#MH� ]T}_1rPFGcA
fG��\ᚾo(�Tp.]á+IYc�6s��,lLWLsCU#jF�#<&D#XD'^ �֞6*=#
(Rk&e(�7�`GPs1�x��&�-2NW�ln�
Q= OYIvy{q$Hhd~d>�(�]}�]t=r9ٓ蘦"s!�թ�L(9\��,32K�e�UaenzD�1�
taq˳?E�@;P
B��o2gh�F�BjTP^!��>��(U|PTs,-�
FZU�]؛yj3Vx(Ki0_B�\R�T��T�*{�rknoֵ,M{t3˗�A�Co��:&`4Գ�C={6(%dLBM|��18WT�r/ww{"#Z'f>Ցu�(:�59�M5=�5{Ô:Ͷ?K��g"g�p-�2V_Cbk
rKͲ�.�Z[_BB'lw]&<߄3_l#v0NLl$u옺yTk�|�;^�,bHji%(E-95֔
SIl�ԘĊt�AMF�3[8�jb#Vؼeg
$m�q ~L^RR/~�+2:�{Bx{_�/ej�L� aa"ԯ�
?g8l;s%
V7�hi�uq�3>���W3��"aq3KXS%R#zm+ �բM&R\{Tz�QiF3�zg!gl!MV6#�?Ɏ~#��Q
3�ft��Ub<��
�_v�kO�56{C�ï�@8�m�R2ƈA/?iQߐɋ'�x/)*i^<)(0�&:Ը
�~i~ޥ�'~ٌ.`*-ǁ��3;��FjFꈮYeX7g&K"%�2@�S5�r��y&Ԕ�r]_js�;�hy�es@G.Q�{��%�xN� WK WQc+)0�ex��P&{�29@�#=mUP�?�� k悥+G6�a\.M��KZK���Է\8p7�pAfUnh(muJ�n~v.H׆(�vL{�l�KL
�)q8��)ӡ dM
{蔡 ew$3Xm�bA�(]vl"-7e�U�{p5Po�)[p-6�\?lޭљ�Q"S\�̈́ �xZjKc=y21&=49[xT�N�ŭ+
[P쩘vrdC}�[l�,ںY6rlf
�9���C}
z�dLb�EbM^�t��bA@%uod&[Ya>6�dg.�u�qGRg9.���GT� � ӫ_/ydfj&|"[�hk�Vܷfj%|ˍO.��:!W���[3��ճCtFU
��tN[C=68hJ8H� cǕj4{aM9_i�i��j#�4��Ǚ�t.�z[ P0h�i��R�3Nv6�p.X(�.؎-a
� mjT|SDE|};Y�.ţ
O �w^?erK�R#Zܔ 5-
oKp) G{��,JŚ^_k�bt~u
_�+yxc�XI)P` �v#�1��E�ø#l;~P*|(G͒
9S2nE+y�{ޫ3DF1j&9[����,6��x�Gc�-ཹ�mfiK�Sy&)Q@��PRkLƜ�C;5���:�B�dCm2$۸rJ�ޝ�G9:�DXeDž98A.�Y>dȪWIa�6R9 �K@��+|��*]fKW�e$umX#���+bOE4݂,;: #{�s�͠cŌD���@$NX34�F�̊&�щ]b<ϰ&�vvɐ�ߑb|8��+ү�\��?�Sa4Z�33G.FQS]{-�XP�� 1؛1Sؕm7)%YXZ٨�PKSLP�K#P
|iK4�c%[KNY)~=�NsWhvO埻�CZ۫D�K 9Ї[�i�`s^R/?�1X�O�_B< {".Q!�Ӯcȑ;5Pqk ġ*:ʎ)Ze�>]W}V$Չ,1��.ѲT](Z�b;-ȋv�s$zҏx(iQ9I,�$hŏ��$YZ���k0��
4^gVdfC"�w���ϑ���겑�֢nm"wbXBPA)qq��;ag��=U4���]��?3.S8" 3�1�y�%^Rt�aqA1^I�_GmYNxb.&YfME�71y
�OU6V�@�51�'�M\�xR*;D*,��u65UcӾQ'-=Lwz> J�!(�G+{23b�9X�HqU0]Bund�BoB�)촋Q��ƶo�L�tDWDnE�2\yJsn�*A-#�/(3m>�UA!n Ŏ�Ex�%^��nQ|?Y4k.�z��]B>Z[ё;uÍ{F{-�@�d%`I�?;_̕!�<~=59R��9)(b�6!R��@&y|l�v�s:j%zf 4+�5C���:�56`sJMANyOu�WN�U@p='�u�7r}q].㘢��(W=�[�
{] :
״�v�`!amNO�JvSBL��.Ngy̥.��C@|,]�|>�!�9k�p8L9T�[W�xib0z:n�liŮ52}<�w��zn_�
Z__32?+NL�_$naŴ�ӲXI3�+i�ip�~��:E(}#+-�%��^ZX�ΛuXA`��Z-��Ն�Q0̔d�ӆ_ysvCqi?i+iMJhx\¡sU+.Lˏi+_߀}5�lM�]�nv}�3[�NImj
9ȫr}HH>=nm_�|M^��оˌMyCaU֓phqJ
��f�1>qyf'�ʸ(S�07~Z�m)�RMw{�~읹"3�F Ns{x./@uQ[}{TǫVeO�-�NZgˠbjQV"1Lq|a:�<{�x�
߳���f3'�Ha�Ie�n
�]lD�;=�JV}#oA|WX n�nӢ=[yC�f0�=UE�,ٖIhd�)psr� #JҜ|D�,�YC|N��B����rƷTn���ݽ@N7��vFT�>}!4m�8!);
C`0%2 G���玊�<|G�"��0ӁcVL<@|ƭ*dRœq{Iq~?��hqS[Xb*�%)R0o!�kdpZU�TߎmxE@oBff�+,7�Sc'.3$-i5<
,$O��(��I�C�b��eCaHl(o|�9L:g8ij�Jq{�ۓں�
�C�����T�#H{q4{@):�p���Gi;��U'��=,PkQ,�6
�&B
qIԋW�Јu4ӿF3Q@=?U)ѿ#�[�8��;�}�Hy�TΝLѣ~k
Ӵel�o)�W=ڠ�p�a�,ћ�R�q]/JY.\&�R.Q
0?'�H ]�՚x��ʒ�XNf?/�毋ޣ�RsJf�gs�$�d|2�zb%)GKp?3���Fc�JSeJ�*�tv0R�po�k�v;'Qx68|/|@�2沙
K�8b"}D�j�NslX�vf7�Br�إJLG)�=�t$(x�0@e.j�RP�kYfbXz>
�J)=�Ӄ{�dC4*Dw�iE*
�Wg#��rN�w�JhVu C��{! K~{4�6sa��・�7e������0zCr;JCL}eD,2%6eJ%*�L6R`�P՟WX�njP�RTtrYd:S�/S|>l�h}�f҃�KIH□!$?�zP��|���;e�9.
TR/-!o2)��1n�B`��p�*kczH!耹_Ժ*H8:$e�~��H8'&yڐ�]4<w�,ʮqݭ+. a|l]�[*p@ZvT��T6&w ��T*ÌT��d;4v-3u2Ybح2�*=U�E[ B>ֈ)Aem����GIJD�B)�!%6'
�,,x�
ؚ_��fhQk�?{|�o3GUFq
E*~wYP۱͍w[b$(ti;ny�٨GBxO~�Uy[/<*C�@hK GDzL�Ȗ@%j9=9)�gm�{:�8� l4_KXRT2��"%Po$("V�~If�E>�LMÛp�lt�h?�5&c�_Pa9Xi#1[x{k?�!h&8g ��*N
ئ_�mu%OvFO(;Qy=T[�N�=E��]im&Im�D$�p�Xy0VdqQz?�A�Kfg�4$��ӕtɄj#ɝ>\3yv� qHh!ԁ%
�*m�q8�AeFKQ㉏f,;���6H'��wD�ޮjuTo}zrwkn˛g
|'TUH�М��')�O�u3n"-&�ţmU>}cnޚ$l�|��n�0�c֔XV�6�vlotA$Q�ֆX�r/q"Lm}r҇�pXĞF5_���A>��^R<�"L�Vzgu|��]8�X�-ʆN72�0|miT~h<�zLJQ9j�-نYb]ƖJ:r_* y��*�M6�|�Ҳ:�É"BەA&aN5�?cY3Zw�P
Ld3BKЮ�Nd-xwģ[
e< Q����>h{��\vX^E�(m8zhUOYa"�X�x1V"��ސ94���֒;Q�9;L�S
,�7�Z�ќf12M*�5aT6n�pwC4.H:N%8�ki6
0|H�)�1*EOB+� Oey��٣yQ�D�%ln{/]UO+@fAMcz0�@��oĎ�`uzB��7Ɲ]6*}yt=>SC u�f
²�6P-,TnITF+$�F{Sn�=�Q,t�_PVV Q?eaĘ-xnoW�{
C�6i�x} H�BrueO�|UDZ�DR�<"��ZloOm&2�P�J�ʞ`2�n�Mvvq���aT;t�ɊI�@H�@]��G-�zX'�ĔoD�VIw�`�}ap7l(G$i"-1f~s)��uE|Y_�r:p���bB؇ؗF8S/ w!;vU?Xdɶ�̔�[" {�+6ǐ_;ʢܡQ�5
#Φ&roڤ�__#I+l1#/
�W,f@�Fs�:�R�C>���%<Ô �Ѭ.�hf7�P/ڳ8]U� �y&
M(/g*EWo
3.�T��^vxvCaWa<\��/\_2�.i�h�qv�.a/&O�q9$6&,Y5zi1.B_PŸ�H�J;Ė͗�0:}�^!��rړ/�
>t�.9�)p/#쾷#u�(q~\Tדv-)�8=�ᶸH�BhƼ�O,}0j\Y�YZ%(�8 �,�Kɔzj�q!ݜ]=_*�?t� ��?Ut ��~s4FVID9<�^^�c�S<ɿ�R�Gj)
ڦa�T�WP��VÒV,h�7�=EIw{e
`�s U�Jft�5�ڧUh#ִgl#_̰d!0n+��wsx@m�tް�_#\�)\j�MKZMcffCJ3:+Fc<�FOmu6v0؞bL���m=�~�HR�u~sc��@kݣ�A��N~lOE}�8�tPS#eH�:x��#��/ìlM�h ��:m}B j�3UeW+ s*�F)YJ1p,}+w$
�]Բ/T?˫J�BTmz=&+=E�sS�^fK{DK�4{h��fW�{��XvTj7J�Yq7N%-(0'1l�1s>i6O��7�ǔnAJVB��p�:lw�KǺ;a�����٠5{�T&d20Dl�AMY�W8Qj]f>�nޒѤɇp
�G9K[*��}!ΌW|DTO63
P`F(P+ ��G�@Z(�`'~�cK)庉OQ7�]ov
/�63+_�t�upuI~{�A4�]��P�j���,-%k�_k8(�?5Kַ�Cf�TbA`@V�瀥P_(K;e5�^Ka֚K6!
+D͑}
E�
-=4Y
ʪ7KZ�7��WPx&���8suJvEd_ b�o6JaJ�v#s3��
{@~�i`�=}vo�m~2#Et3\TS�X� M8:E˭6楅q���"N$t)�YΤBuEO����K^�z6x� Xp�o vmʟ`qe��2ɐe�b��6ݏWG0����-i_�dl�K PNpFv-A28^l�`�v��Q�-b`�~�z�U)epK40�y6�?�]7�^sZ1vWXF��sM[#y��NU/k+DC�v��GYzq"5�cԪn��ȶ/7m�+h]Զ&L���3�/ƫ���3Oor�>V,"�}�[xښϢ|#M1%gZfh�`�ꌙv'!^$ۡ�Zb�#:��:�
lY�7L��{"9m�;ޣ]�w�Y�\zۼRxh6�3e �`fY0D�Ca�L;9ӡ�p ¯F6c?3�,VtV]=bV�
�RUӡ
m#�Il��tH +1Өo)$Er�mGh]Dôp1�0%Ȣ'J~�J��V�]m�X*VXN�~S\1�ʭ�#<*T]�JD�=Ϗ'4G��'䢸@p获Y�y|A?㥟��x�o�y*l;�Y
s�XoVs?$"1L�X4ri�05F(:ܽ8xeߠCZs�zcd�wu���I_R#`6ML���F.%rL�ef�H)ܛD�r�@KW;hdeB3� bU�:(�$*K]eX0 K��'Ik�0
,Xf�NXn
2+!�H��]Oa=>y�m7d!r8-^t���Kg��iDis�ToS1F�eR�OmNj@�=n�'QSe�u臒�FQ�F4 ru�E�rvE��vw�>ybd�X+oc,"A�@ݹssT^k�0V!_fخ��}Lq0h0t��cdp�_g\ 곪@Nx3W]13B�'8{A�Y(W�c�Hk}KNݪ9'x!f eטtR@1t$���Ɉہ��0�E�C*mz2I�Sf�2�LɈ!_.OcQ*Oe���jG���Ai�p�Ittds
j5krt`3vݜ�4?̀�HTO)�@�~��H8]Ũ��@SQBލ&&]CŨ剟Lec#�8Ǯxp47Ѓێ oj K咝@M�>o!/h@s9ͱs9->@_mE���N)!>&
A}K���5:#A|~T(;뷖,�*)���?մ\i'n�K8�[qWY4`nIA=�.6]ez_bTLrU~~_ƸA2Ep�H$gB��j�]f\܄Fa>jǞs�W�lj%��O1,
-bŐ.ЬNgH�|d��(ˮH�>`:`xYLP�`�7y]+7�%$=ne)�b>Y 9�}Q?۾�}ycvf,�Ϡ^_`Q�P픣+ 71;ro}rO��Q��_�)V�1G|!�S:\ӹg!yCgۯ"F*iC.j�WW�[
x]֘�[s9]ELAGh��hMMS2�KM6bX ۦm7 |Ktm~;b�a5r6�e�9P闲�傊843��AT�+\F.�4C�\�}eg6֬��Pg1��͵ B`6d9m2�KJ4uJl$G8@2�����b�RJ�4h85�5:�T�&_5�+V \�=�)m�KS@�18]Hl}K/,as{P|���C/!��Ʋ=M0b��`V
�x
b$le�wU?܁u`p\fw}oq:<%�b�B@'/GTkK|�~FLC�^u2ʎ)�d[wO*0$��2Y+nmAMZFO�@Jl�͞FAV[,w+4$��g�]mJ06.?�@��6qZ��W{;9űo^e}~��5*9pKD\�[8�!� iNIݛ�
GKNGo[u%}�{WBEo\TYW-�S{f0td�q�u�Ϳ!}�\/-#m��:[��x]Yg;8YCKڷw}mob\h5#)�Ѵ{I'=jP#좨2WĨrd��-�86VSz.g�*BP�ڃ3oȜ<6j�P}�q�\p�*O�=^Tp�4��=VK�%�;D�ւ`}6)HKЃmsSlzu�1:
?Yd«Uz�BsG}#$JgJ� �[�x�9l`PhuaN�ܵ`A�/EL֪{3?Oy
�X`0:"X�4f�H0�)P~WΔ#Љ���8�p_��
6ޞ1y�jM]&��4Y(�;Oc!\{�09G�>?m�B[h5?<.�qؑ�vkhGUg*2�κi/�\�q�a��Qs
ַN6o{؞ϱk7�5�W�qHMo�D@𭍮}A΄A4��h9
O,qs^�:T?��:yЩnй_)C�'�z��dW��Rm!%�ib�SbԚk%NZU~�ڝ,fsLdb3v"E
3�X�wK~���9iA�, �/�PZ �j�C�Mwfzemˡ�f�qIM}=��#V�YSWirHupEM/W,�>u��G/\��ND,]{�|/GUgJ�n�I�0JPg7IF� A<ȇG��::-a�cʡ�L�˔db�zupg�cƃ8GkO�b}�d#n,1�sg+ۆE[O�O�D��85i�?�,hi�ׂ5�:78l&��v�{ ��4~�V-\̖C�q-h�M�%:/)v�㗗#qڢŜ�T�k��_r��*�?DuMGD
A$kkcו����&
0�m6Hu]n5Cr[JAڔ
D HKi٫*1~"W�=�FO{�)~
]�0tXc7�o>�4hi5ojVka~ 5 8hbc�"^P�W�ڗt Ӯ(e�bAum5bV�6YSL֨d^6MQ�R&KN�Gsff,4mD�ޔc�e!���ܗ�dRMrW'o?kd��o}C�"�>|=fHow�&m0�vZ+)7|[iIӪoyXW9g��Ĉkd�S4v&�f�7f�Cwz�8�lt""!ݠ᪉P5r�cX�9~�ǥt僬dC�_}P-�������#V�m��r=G?9|eP .*F(Q��ӈ�ay�C8,LD)\wfb"n�2�z>b֡Ϛ-14�ԕ,]^N=_~�"+֢ǭSP91h{Hucdc?8柼\
��
טD2WI`?(�=1`�)i>rz^����
N%5Ns�cri6Q��AZ�
Qa=�Mv�cBu�cc!#u�A3(GJ뗂ʡk��)�`߽;Q4t�co)`vS��+�o�ST!"i�$\/�Ir/4Dl\TCod��1�楶V>���Ӽ�&8qy�);VP��-� RLT��;�FH>4T50y��3Wn}Iu 1��|&+*b61סCT�Ujhy0�YWUߕ&~z~ݰ?{-v ʒ/R]N�0Po<,\wArOxmR22L(q=wN隇lB��+ [e�O3(�] 9;4hW;���({�?hGB�1a�'ưOciuk�L+B0�mx��ƟUOF̾F!�o0Ӌ�Fq ሥ�uw&DNfy�>AijsVPۃ��bv0HL'̝�庛�><ؤ5j'L�m"^~#%ɜ=�D˶xiqY%ۻ`J̸Fb�p�bxê�(6}Mv�6cy%JYZf�N>sr�Y�0'@&+NLʈ� 9�ӱ�|Mÿv.wbyNBlaJ���dLdٶM�b��;���.O�:~�n0s4�1S�fRՇV�͉��|uz%Kmѷr@o V/tD�y�@r;\c2C
aݭpj�x��b1 =�f �K�."2<,,E#��w~9yK�.64))|��VY?M�vW8Lğ0]c"hj.ޛ�Jԩq$JK]y"xvX`O?sꊳw K�(��w��F?DTv�WR5?-N�|= J�A�w&$U7I}њ~�Jp+do�_�x��1fm*ԙF� $JՁoc:.i��;�_P.n�� s(�;*eXЩr��IQ�.*�`W��aÝϺ
,YÒ���Om4yYY�O�[&cծY\x.u�Y�]blq0�COx7�ד���\l`j~��݊vxϘ�#�B.l7m�*�|Eq,,I)b�?oXl0ُPDމnrRf32EVw8zeiE�@J�g(�YkLʹ���D�S��e(igcxԄI���ޖ=oVVtʄ>�U ]�Gy' [�{}���p'��>I��ΙeP�.�v6�E}hT�ܩ� c.bT2I>,LY?l0a+.ڑ]�F
�ݬwS��Jz g�3.�@s�`~hӯ�]ykB`�\MG�oW�Lw5,�zb�%}uFW�>�B3L[h�>ûRBE�QoU:X@=$z깘\l1z?,AI0)��
LOfPa�8�,0t�ĦUȽ!Wab��7�x���@Pr�z�mU4�oݾrȱNh�8z��Wd]&vbvS�=AY~J9�k@tRgl^n����;c^ǃ�5ͪRݡoy�WW:)irWk�)b&*[U��3?K)<ߘc�/Þv"��L)�0hY�[�0ղ)�{-`w�PrOWi,\mN pQ"+^{PDp�fKb]~'H�ܑ2qr@u
�=��M=~4*g�g���"\U�>mS/�3�GF&s@)jmAj�j9�2
)����d���"�}Z3E.t!x'|>*�[bD ��kfUp4qj
^N�A`NkpF�./?RsZ�ZQ��a6jͅs`x�9C$;�}ݷ�J�N[^��Mf*ry܉%?+o)�驟2$lJ�*p_�d?�R(3ةZdE9\Ho Ѭ+�CS{
M6e.˄��7H�|{M�~U U�MV-ͧ#8p�:= V26F� 4�_
�bB'�&>`L!NVX\ ΫC TYla펨7�G-d\mƽtAؑ��jD�:�-M�@%a;�fuh�A=�AYNnՁS~H�ȍ#amѴ Hcm^�ܖ9v�Ӎ
��*a�o^'*ᰶrE1G�M$+M(E@Q�m"�˿3lNX��1ޣ�#6(��^Rrj/X�E�6Nΰg$Oā�X]ܖ)M�s~"ֵ��^�~(Eؗ�`ըUlǫ{e !'E<QXX?\4㹷vu23d#�RIOza`$zlۘ-2%E$CT"^�:�
Y+K�P[?S~�L24إ=XFVWF,!V�*3RԿG|�}�bP@}(tGϦXq�AHP �\3�/Bm�@�z�i:pca<ܩ?jJOᛃ12r7%K#GOy"vV#��懲�y^U�7RC}N7܋cHȋ��:$�նTOooc" $|cIzVi�J�z3}3L4lGTh`FU5�_w �|@ ⥬��hكEuga� o�eޕ�"�8K�(1;�0H�p}
GjJwf��wN*ֵ}ߞS��uy%Od��Zǁ�gSBGb�&Ph�/S�[_/go8$?N$:*5��h}>c#�EMj�C=-w��իRbuv'2sy�T_�ڤԊBf ��+�9@7
le�|-�I��hf_3�'�Oܒe5C�PEX�5|��Yɶ
Jˢ�0BUyv|M6��g5p+zG2YVXXD
bć}C��lY�b�YtTɮg߹)�1Tz|�fIV&�džeDZm$.y8u ضBeTaKHi>{@HpߩG�˦dr^/cJ@͵���aD.kF
"�~
i�*ڑ�6Bny�U�Ԯ 1��R(#3 h1N(j휟��>0fu�QҐzv֝h.xz�Qq�=r�&?X*�ATrD�+4:_o
ŎJx
6lW3!@[+aIGQ7/GWq�=*=,Y]wh��}[��й`9�ʡn�+:pU^"!Ѥ��q'[Ĥ�L]cr87ii0Ɉ0��$C@�A=}2t+"umgY5ea~��A-Ic
D�6�s)�]Ѣۦw#69j<{`]y׀l9N��kU'q4�H\;eO�:/�U`%E�) sO8%
GW�#8
e�ƌ�A~��q���+�eYw^" �sSUTTakr\1_Lr�9x+2;GI�qAܩ/XwK��3s4��OO⾋�3~�XeoMg.(VXṭnJϦ˙i,8�y3�Z*l��gQ,*�^9�7bbd�I#[�. M���4,ڕϼ=�;wb<�Wk>/�+8�t�0*[trWK# jUm�G\�$>Z z"ee0D�;crGzZ�_R�*��Y�m5Y+u��`פR93�N5E��@�Z[vn#d7�S�ɱ
ᄷ�s *"H7�)�Ǔ�=`�{8e^�8QO-���ݓiΦ�+;u;��Fe�<㚦Ň]^~>NK:Pl\5�LZ-
Ύyx�mLQ+n+f
�AA�� l
=v/J3�^G/b Y)�\�kr"E6h&^(u�G�Y�U<��|cDzGbZ�K�$
8K
fzi]d,A< �Sȥ]XC( Żp�mLi?�$Q2wlG�o5&o4PŇsPmB�yON�m���ԎNV4{�(�/ӌcϥ�u`F q�Aa� A4s�isc��OpޓJu�\&ё�.H�Z-׳l�ݐjU��82eS0�e;^�I�۞��Ƙ=]%X<:!)�OE_;T6Ӿmx�~exN]b�DlpP+8+iS|�дKMno16IJJD<+|!9]L�M+�F�^Y"'?2"6ln7�Nuk2�/R.ÏPz=;B4=n
F0�F�7n��(w{b*ou4[M����%b�ZB(')�}+�lhNLExl�.�̪Xac{�Ap$-�^.�1
.���F�P^O6nIzt30ٔ@p�wJ1�ܴl/~㏵)1\/`]Ul3q�.h%�sﳇf�V�nd6�y�.uw!�P/%EPڬ�It0w#�ث@W)XW?)Yd8IJ[mn��ьqߧο`'o,ZU݉hB9%>W�h5-@\c^�GU�;./UI,Ӎ0+D��Ŋ�QNG�KBo^ \C?O((g|)nG[Z,r,2�=��lE劻%�
B�G>E_b\<[y�?��X4�݆|g'^bL���$E(ti|B ��&�g�8_lcҎ +�K�":a��uU
S�c5K;a�[�}W��)�azPyd_�ͳ}�!}JTY�X`Ԡ�1?p$nÐfz=qGk�.(�X�N){ɲ�O\~UA[{$y.7G5`y4�ܚ=7-F�P�f�"�8\�)hĝ�uqk� $3
P��Ln&Ws&@�S�_w�nj�Hoi5�;*�$�$Ղk(*Vf
;8>>_s}_P��ˏu`rz-r` IY�J
t-Q?jjl-`�>�m_;%unq{�OQ@��6'^Ǎ>rf0lVsI)bwL$~��/}}�-�z�z�%ⱘ;ȡ�aܗ��-D
�=jew�^?C)ɚ�U[ǟIR�% ��)Cy(%h0���&pw�1kh[�|'YW���1�8h=�1"!JD嶪CZ+HﶕymT��u�Ы
ǣ^]�mC�;�߾�1~g"-:�[�|JeWo+T`g�D�Pظ;>nBR2(G݇я|#�GFڻ:/+[*JX�.>cn��~ ףz�sInϫ7{�"YPC Ptޕ���wŚ�NV�,Dg;t
c�ufTQLu,
4?l߇W�yV y%SA.�Y�0)�̧rD=q忆��-_Jh��W���bfdCy!1
Y3
_Ŷ�1Wi}ޫx�%S~G]((0�r��JҽAt��ɔ�DN�p
0:g4vݪ{ss"ԭuE
3Iٮ'!tJ-uY�KKIfp�l 8���;`NG�Ђ0�`i[=d^y[zҒ:$6[x�:�P5d_l)�{[,)f|�e�>B_wwV�X��@#t<>F5DCT+^K?r�C%:��uPzvZyF/uD�M6'�m] ;l�78�ˊ
ZFQ�s!?�|�#vT�+�Nݻ;v�Ӵ�LmMG���l דPdK�P&;qm枩��6ʻx�zSU{^��Wg<`-4\%O;-!!{=
:X*N3F8\ ��e!Zyr]�,'TG}`�K|v���t^N_4"8-��>'IAN/˅�dm 2�]��n:���U}I$Tl�W����#�ݙӸ3�W����b 7�O�~cHM�|�9,�F5>0Ebxh˯Ձ6�;�)|-^�皟H�Aݬ�zRQ8�:ҵ�fՅ=9d&�T=rP7O3e�OWK�L+
b/I�buq�FZ���%t}A�pI<(
�S^0[y�>�vIJ�/@�=Fݾa0
�}`RH!�wؾ
�O_j<>IrB�g5|2�Z.|Bp1B��KUx
L^��&'���AK_k.>:_ٮ�w�KS6f1'�5%'e�
4i;&9Iet��겭J/Q��
F6�b�qw~3�_�g�ˀq�%'�]�b�p),WxCK;0�!}h�`2|CJk�8kN�z<
O�G&�I#IT��iV!�j&qG�}$�ȑ;.߄-CԝE 4ژ6tL�W4jR�><��J>�Pp4�^�Ccn.u\�EGО $ʨ
^7zep�C�I_0ǚ?擣0FYQ�7*x�X1Fjn5~oU-ՈV(N�G3H9
�̈́`j5��x�&�cq�!H 4�yiKq y�˗LI��u}l�}LyiD&|hs!~aO���gig{}�dy�uM�Cc�;\�JT�\&BT
M,j�a�\_q$K}&Fm�
o���(c%T �үDA�`>�Q�)�Cxg; �x�càܯ)�|qS�Jޞ+(�QlBC[g"1���n�O뜘7D
GO �?S)�V�7A\�JWǓ�or:�|�a��Y*7bl�5 gh�?,�B\
u�7oz�nu 68\5p9@'a;Sp��o��9�o
�Cc�
,ZZ_)gQ�kh~n*�M�>l-�f8� �z\Z?w0bh���F�+
]�\Vk)W8NfŚz �~} xǯ$9IY�A�8����]ok
c�m?b�e�#W/�^[�b*ΤǙcx�X�I!TrV.X��Wa�]g#��3M>3�ԺK|O[
PU#hRjҒyr�s�8����%F�WG��>ĨŞC��JB%Ui~/~bO-�ݫ5�D6#<3 xxWJ�%�
_n[O�1�.1Q�Tl}�HMM}�u0D�4��;U_a���t:��rvZ%C9�K��?hʡ|�T5�S�:�KP÷B�!�=a#JXy9yz�kamuq~�HY�8*-j�ǫ2jEB<�R]q3<*:�Nj%݀ˎ{;e7s0[�EՏyNUk0"F�m�(IyC^ejͷ:�Kc킀P�\)He50�hK!{q [_pQ}j&U;$8E͆jAS��<�eZ��v}T�),+^X�,m��B�i�J?©/R�o*oE&ФMr>7�0���(DXM2\u:;s�(F�`E$9�[s� L|SEY|~K;qP!�!53�qv$=ӵH�%v�U8߬'��Z$va�t8�8�b�N�bj73r�F^!�G7-�E���P|��w9j`4�g �
2ej*S��v]���uoٟyCG�t{v_-uqZfs�,|4��I�Q&Ock���F{�[́2@#*hh3��~�Aeyh1Ff�kF_O&J7Lq�Ѩ�Q>樬ZOpaxB.Ndd�JCX|Xw�ޓRG8��e s/d�e�XUYB@n|�DA;J.M!cgZA�Z!�\^%�{;W�~m5&Y_^r+Bbd�zФO�t�1�vM0n-%d;,�%�AO'g?P1@ˁ�4�|�pHƉi��H�
#/`7y_W/�3/-2Ǥv�3��K8cw.njsj��R��ۛɩKg
ѽa4Xң`vt��b �^C.uu��p��C;
`בn_$�#
,
38#� {�z}ҁW&j�'�Pv$ca9v2��c�X#ņ0�I;Y�mFWh+��n��9vNeۙJ3%68{L�ʵJN����Y.FB��
hH�9d�Pͤ8TPOY"¼$[(2}H'0֔�߀~OW�ǿ8N�����tgI8D1k�`�fQ��(N.^D�NQ^pZ议;
"�1X Tk_vNl�W]0d#�
P@\N'mL=˛Ц9>�nxŰ8Os��]|q&)JM�RV ,.\n09�2�;4F6��9@bL^OQț7��5-8ؼ}Q&qO�1I�MtLh(\~�V��
x?`��:�7�(Tcs�lA�ԣR)?KMEoF��;�Nz53Tg%92vإ~: iQ5-7�9�=�(@5[)`f`b2�+4Eq�ö�۴~:ߚ6|< =�;Gx47t6D_��؟F!//9ZߛZpeTЇ�*-~,}B���^ƽԪYA�_C�G�3�t��1jf
d3�̾F
.;j̺R+uT�JE�D���>���H�V�D�dn�('�6<��K2HDZqY4_1Iެ)4?�F1/��.ߵ}�CrA�t�J~アL'eG��&}]?J{c��[OK�t9H�mL�}اַ>xat��檛�
8wy"kV?<��D ��:<6rS7\b1�h]*"[1�c[��3.K3BaQ�[,WD�,,uy쓣rZ&̯.�pð#��_f�cHlaf8Y$wj�|0:�PZ<46/�1?5�J-v�a�K{?UrL%|(C(˿)nB�$zͲҼv`�S\t=g�ts͎trG�xG�Oq�3�fԐ2�Nn/�w��æ�Fa6�Α�kG:B4}DDvbU(�C��J.~siYiū
l1:"��'Ѥ4�t��;Lr٥iDQ:�f$_��'�+>U�6G
m9`3)�Nv-�(EG�mn�3F#~B��G�.�DGk�B� RWvk#J*Y��NK�J�~Rn9hK$�5\i�t�+6�FI=ZVT��\%N`Q~�$�C!^��_f5�}2��^_6k�l?c)�M�p����)UtmDԼ�P�&+
J�!]I,deM�d6^sL|c8-�Aloi&�ʠ�HU�#n��ĩL=ۺrw{> )0W
>z�4ah��>EsfU;i�ț�@{ֽ9�$`9,�C_ǜC2l���_l`!�v:2;z�:�
@/~:`?�0t@]�4q? q�c�yS٥|&Eα/D�4U�kLC({�߱ ]6O�ݖ�[Z�2�:5|wV��iGoB'�A�!�>�4*`8�||
JHm��F2-oÝg�|m
5ECN,P?�e���&9WV*eF��% ޓcTOȹ;3`b�� �U�`4�2�=H[SHzTz��2*�$�5w7lHb2%�Ro�
#tZp4�f�faGپ�.JHB~�Q%H�
]<@9L(��R-?8hwO..765�?z�i�F�8f>a�vGFx�k5,��4wD�S NsX; Bt�4UX_'��>{�i=9��Me l?ƫ cNޤHdm<��It큟e>3�-6@JVl%'餹"n��"m�V�[bꮈ��@���&u_1l�1!a2�V�qg%$r�qk$hw"Pr��B��-^#ؗtFK::6Rh"!1a�S#U+KӅu��U^9�"�%h�Ya6~�"�$q��eT�6%�tM�T�$r(И[��_V.o�
fk?k.2r3n�ɜ��p�Vr8yV!�"1��
`F�ef���ؔCo8]�wne��ӯ6Ub9`{�C�,�35c�TպepYl�ȏ}�y!1/� ��ߧ7�Z"�ok��>eE?wr�pD*vvN
T�O�K�
HXpq!a'x�eS\�e.X2zhC)g`�Ƈ"I�;�ZB&Z'+8?��e �Ef�[sڳR
f*��8-g|yӢ�w�/z*�{̋4o(@1H>?>N-$LgzítL�H-ThrV!Id�0F}5\-}a4���!AG^$;{ޞW�Pwfs�Nř4�z�3G�O$q �
'
ģQ[�!�Y�Cb�s_�&"iM�y�>4U�:D�Xuaf�, �ڍ�;����<�ؕ̕�t-T6](l!o�rU9Bp!�]�fJ.��NpM!r#bNKs8R�r|qkS/JWa,T 1% �3�w�Z!,4G!gS3ǍI,\Z�J�fIK*ԫq*w#dWM�MޮF�ם2U ft¤b�O�ȁx�_2"Ket?*k;pTa�(,9C|{N[浑I�q>ݎ@��Q|`%mI~�/l��I��ޥFx �RHރJǫʲD]��B�a��zfsq4 y~!�)Au�zz�X+p0?)@��a^N��M-hq`5G* j�4�:mY
)a9Jg�WC4[?3��wT�'K�|TbܩWFH蕫!.G)|Ƌ�0}j�9�<�?-E~Nޫg %,[o~Wl���U{=
[6�e^�]�DQ�*'�G".(R�E
4e
ԁ9q�Q&oRqq�4럃K�4290q��~}g3q�{
:e��4�`ң%ö�~6��/}I�@�9n�hbO[jV#̊dm��p�F�SMs]Lbc���T��ŧ{�4zUcKżgT{O[%2Cq])v{���Ѝ�)�?�͜=�Vs|Sm*=v�=�~m3BygHATUg�𗙫gJE�ANG�-�*KV|߹�Ǻ� �~^klRS)TU儕�7�D篅'EVg&��R�c�u� uň�wt��C��Y.>"x2>Пl���a�.*|[gF~3Rx�4z1zAF�"�3Ԩ�E֨�2+Z��e~�}9�zM�Qzcvt//8;A"�ڧAW��8\:6?iOF����~=/*\8Sx�A#I^y/ByO3oDAxC�*��[u�`
w�=8M+�XǟAR�G�!TK�h�BKi��+vHԐ0N3q;(ۘ�6�%"�g��X.��ǧLe8w 0^�,E�d�
�
i|c>fI5���Muc��ܼ0)�EyV.o\E��d
X2fU''�RvE�U�/6[^߭K|^jD+&?>�;92:y٣R8�w0WX@�~���fp^�Լړ=�_2~3¦�Gc��ȉ19ؔ,`��U��۩HRkR/�!ʃ��Y���˺*�!of,�*�(twbז",*YVX��L��q�3�r��9*��@�xە�u)��lЙ$i
9;!M��3>em�-LJL.h�zdBV�H־�Sj5�F~/�c:)N�$4�'1y1N�ӳ˳A2TI(�*��1f��ѮFz�6�Ï��y5b��0_=
=x{@Q->ƝydLPG@�'�G�djw!4�¯Zy5�A(/@*}/u��<�7�U�Vk6Lx7t)ȡKEe�mW={H<;d{rN�ۂU6-�i�Iz
�8A"�b'Js�Mi㺦jK,5a�W8=]tp19?W%ՌY}��
Y1C]eL$b|4`XG$ y۟VkJl)_^$]JWI2H$kQiZl�Bʌ`+xEh{
z�T�ة4-9k�<���Fe�ӻrY~B;z���W&PV�[Fo5UiG/m�<�Ekd;ųa/ڠ%^�؉�
7��S,nbS`%�(J8[�W��uK4�ź[�;Q/�s?l%O
�6r'ߺ;"�j[^�3jѠz �]�Jb=ҫEyBS.}hŹ]f3C�ٍm[%�ň���2}oA m:Ls�ħ~$9�bOz��`/ª]|�|�Xv��S2�8{^т~�0p'$e؏# Y_ynH~9l]wT`m&oe(vпc^�L
z1nrI6y5f �VL�*��נ{bgBWDB�ćX{���iA3j%�im͓`�O�2v~�rmAI{-�[v`6M�ڸ��;�8̎kƊ*�3Un�*G�~�*��èA8
�
KUF4�)Ť/w4�0J�)ړ;Ӭr7(�j�ɪ�[�bVڗYO�OF1�/��ɾ
nac�:�Cު뻛o(w ;ǀA�]�ݠva �r'z�J`�wʼnfܪ��MYo�ZIaN8o{%?5�xggSa:���eSyL�/ldno=\"F_r�hHj<+�FlJ|�2uVH�h'I3b5M�U0��mB
$C�{)g:�M<:��U�ppd:J(�<<�H4,_=ώ���cղ[Z�vHn _x�w,tsNS=M�ӳ�-�)K��}b��/l;k|Jq&ATj/:魧d�.=�^dKW"y-;UmMc�vOS�FC"/QkYSK2Li�VuȣSу��mT�� `qt4ZWe&CՄ�VU!g+�k5�<"r�XY�e���փtF�L^{O.�d;.ӧS0��ㅹ,x
JRA!}3E�8<|"A~o0Va5�}"#~�ߤm
ăB!2�,Q1Yo�|ԥI�n ���Δ��Nqˁ�5/~Jb6Һ��H"*�-
vʎ6KUK�mMZY����ˈ_��.F0s6az4SM���ݏ.3ʹ`1kقFGJ�4[nO_H>
A�=TB]4|/.f�(�Rq
�9�G>[!��|D���BN�Vc*,3R$I���⎁�b �Yg\/�="�ʑ��0�XGl^���N2qǀ5{Ԛ0>y`X@YMKG[_<~�By#��ldJ��Q�ٓ+�)ֲ�t
�Ik;^ [A5aryk�k�`�g΄HL�^�OE��([vp�Ϫnئk�oOpadL83#L�͐R0cj1�Ubw�11-�U1%�H�2�]O�kܟ!zz��Z
M=6n{E Ldey6,Hwz�g-�^R�eT6q�g�|xi#]M>ʧL�jy�W`Ma@-)4S+&dX7�D0,U&iD_��MX}7�LdF߃H9@�V�bqb0wX�'`�j�an)cZ�UյBG�_\V3 )d
�{*ÏHe�1_1=|EXvɨb���7n�pՖ|x3V<2s�;QCT"?ӈ3t�r��Yq�p24
k v-_{�2O)ϔ�czkBTd95D2ҙ|&ɷw���!ǁ�;i]\�b�'?�ґ&,V}hOM�ב;�C*v�,'BO=�Ty裗^fӅ_V�SĵtROn��ƻK�)2� r2l/P!P`�QH�4t�^���\�5)Z%DA8%캘G��:�g�~e�5�F����O`(o +�Ѝg�|l�w2GqZ�ѕ��t;44)h���B�
9�m(h0H1ҰW�[�FpAOOeB.>S
5ż
ZgJV$^ZZ}B(fI,t,ܣx:�Y���Zx��U
�[1ZN �+�@NI#�+ $&wq�Q!3��}i�prS@XT��8ߚQ|%Ńx~We�G6�i
�P�.²E�F:�!T0Ƽf)\eݭ�Z8;�ե^2Ybd�GGQLo=?$�pTNaY2?m�\ă ݑa˶1�֦�
�#s<Ⓑimrp?��*&3,ɪ
(h.PrĢpFeQ�%<:9U Z�w?=%pe�g<�LP�1(f�G�OILh ,g|j�{R*u�Shk�OAz-
�~Izj/_J۠f��xK�Ǿ-�Xue0c߄%"tEBrluE}B�2r?1xsӐsMpC�z^��1!v��Ǐs"`"L�Y6z �8=�B1)
�>��أQ�/�dl^YJ3٣|E�xZ>DGhMՕ!5[EL�ʌzv[H�U`D�{�w$}GR6*"�;Ӑ%F�0pH�g w:K�]��e!zUk
f.4�ro4Qc61g_|�%;SM�3nvm�̓U��)m.=^}Le
�|2f҄/Ɩ֑H>8�H`B�Rgk�8K�Nv�}�ʓ��4@/VY�B)@�"'� 2
͐:�B /s����8yR�E��;K��߷�����+ �md~涝958(�J��1lDP�TA�/}H���<&gps�G ��1?7ڥn3��S;Q\�t(RO5z_ �/�(_h%r�&�٣zs �mr; <�{`d٥�9�M�LY;>q��Q_p(ܥG'�s֢si[X� IeUCOU&��Gi��#Lع}VaK|pJ�PR�\���Dn8N�p�g I��=�&.RX[��H)#>C�P̴��@mKLTugn �x�Y a.^gw66Mv�b;?R" C�
jTL7/J:t:�ȄR�UcOՏ)�L�y�&��^PC$JR�#@�dft�,�}!>#&D|�jly�`vN#�]ٽ�.[{d�Å"iS꼢�eboioe�c1SҲn�vKę.땲*Ѓ7�]�GOy8�vGxH�Fb;$!>t�v�٨f��RZCwV��u؈�ŕ(Fbw�TAL8Bf L?+0Pdvj;1N.T"h�#'B俷8)�Ⱥ�m^�frgb.HYWq|+5g)+wSM�R$mS��:h5?d%� `H�1oϹ��"b#:f$)FV*T(> `�5.p\;~���Z�o�UXL<ؚ�=Ս6�y�/A���(oGv���V.v\�nv첁�b+Z�-�T|A⦻>L'&��M#�l.ÉI�2LWY`��Gm�Z5T���6Q�zA�)$q�KM(Z�N�Oa}1&�rn
uYЅJW<=M�+{ף�@1�Юkr�����6]qރws+�%(_R^vNU"evoE�Tۤ�J�c%T�.WOw3Ps�,}4nqj�2 ]H?tl3�ȩ壔�
�GfZ} ��a-]"Sg�b\I�c>�J�>(D VEꢕݛ_r�s�`IqЏ)�Cqs} S"�/�|Wno��('.)�3�+�̫D!��Ŭyj��k�=`*]ڶ�.D\ν'�Uv3iL0U�q�s>1P1�Nj��T$$髺v�Ou�lS�q.��Nu�Gp^�-&�wV2}Fҷ\u%}ΗW�[e?Wf�:B��h�d ">bZo�&R
/��Xd,m
U&w�#�,-H=C*Ȏ᧘n�W�0F(�N8Y�T��gņo&Dx+if`D*r,bwu�&߇=�6r((8'w�8%n9srI/@G2.GEKּxqƺ5�dTe\W�"ɸ^Mk*u�bF/͉7�7]gtx�:x3ar �@\h���
I#S�ede��ܥ(��aZ[=}s\QFJiGD�U3G_
�9]SP8Hy��E*R
�ԯL/zRЭ=D�iƢxoaO�;+^"q�pچ :=?0�ekk뿂�"Asr��f5�s�HV&sͦ+Tvsq�??�d"i
̜wl+uUϿp9-A4o�]�0�Zh��2tpy~[�-�fl(:`��=TU{77C�W+䛋Qێ�fq^5JɱrKR��暓�R�%x�nly#91z}vӼq"�TÄ́�>^«B7
dT.Ma-�xʓ[.��>g�Q"ݧ�[^Q|1㓸�X$yY~*(a@GO@v�J@3Y'�,&r�*3�
W!�rRezW1OH/ˣL�[f�kF�igMU櫗䜄PM<\RnxX۷;C&!�6T]=�?gj'@��A2G;GY�Jy�=oNn)K+8+߷9YS$]txj*+X�:�N%a�!,?L盨ht�*SL&�R�ܙl[tᗞ`z+��?�E�)@sA�62ټK
��M�VPŜk�!�̍U'h�f]\m�* qa�%2K��C"|�4VR^�HᏬL^� M�Eg[�C4.���-Xq���g6�R��K�c\dY)N7�l}l2�8^;�\G�z�
EВr���Pٔx^*�n{Lg�Y�AcD�yRܢ5I9���>q
�VF^�Z."�Js�{)��wӫHY@@zfnO�f[)�kP+R�p
քj*U��f�wϹaϿ?r�#-k�.6{�UnvUnp0OH�/�PwY/z�;$,:i$oSߛHx`XpbG�j�
�_@�N!㧫FuszÏR,�KXӳnCZ���E>*LMI:>]_j%m$i4g�oE�5ȭ{Ag�R5<ޟb~8I�YĬs�;,DĞ4 [f�Q�~}ܠ��ng38'/w
~wm+c�gZ���~T(yڴ1ZOdJubGk^J8w?-H�'=X�9btX*�+<+V�ˮ�F5/�)/K5<R7L�*sq�ö1b�GZ �PMPSP@t>`4UV,��*ݟݞNnp,!O1'@%QD
�BA#CV>߂@0e^��lD�c/'X��� yXAs%hˢ6^5,:\[?�E3r�vÔW�n|�K.m�45�UgnFoZW�I����� NyG"K^jۂ�r%[ff�
/d�ctO$NDa%ͪlf/)n�b�o<-4�`J/Ġ
�4M=�M4<+\�>b}Wy�g�aeIlF�E!аX�[td^R!2�J���.?9O>*w 0� t���9ܱ�B�N��_o٣8עh#z7}`�
Ś*^-}>�S&lrh��{mH�xxG'8 Sg��UzN��T�1Ù&x$�Ѝε�eĂl?B�G3{H'ƽ}��uDIl�Α@9#�\FIwa?�&K5a��>nlu�%I}6Dߺ-Q'=Yr�3�*��9�e9啚�ض��}8uQvb~oFי�/,0�
��?/1�V�7Loq�pk"���!t]o~JL��˷�8,_}�0�8~"��U&(O4p�.YɁ5u�uS�ըr`�ˮ!C�znQ G0^爳Mj�=H;-cJ7?uw 0,V�vf�I�/RLJ϶~i�xJ���&p?e�G\��B_h�Rcߤ5ףe��v[G�_
J{R :l7aRQ\R�3v2Gf-d�0"�|5ӷ"]+1f/Pe��&LF;�A[ztt9',C� a϶�S�s�k]t[ș"Te.o8@��!�@6�9ӵK"{&�T_))P4kg猆̮�b�Ԝ;L+B:haXn_�@�R-0Ӟ -l�da&E�o>aʿHוP7XŬf7$#+�e��6dG�Tb(0&�{�[�{00FW��!�vV�zMeRed"0yd��,�i�KMC�{�ʵDv G*>�&E����AКu"n�Ċ?fu�3{Gg
�U`j��Yb��E"1</,U�8R�cڹk;8p0Mvp̟$>�9�|Kecrg.?��(2&u!�=>=B��5֢E�o��+(�J��e��a3�Ͱ5�}DʡY-`W٤�,^o���An\c5!2{� �/uX'3(:�ń�J`Nq] v�6}.
\[6NP�^^�Q0˓B5Hj��5d�)�XH�1�^Tzv
$#H��0p0R6fDB-X�(O��T{�r@�\K�7joQWx�*�>T
\�M|3&l>C Y&�ݰ��#)��OP"XpF
bw�ǭ(
Ђ`LSíqS�ֶ�2oZ|�.涏�fu�6�n-�SG�mm43C�w:B�*H�Fo0E�)Խ$��yt3Ea��T."֏VCzckԎ�w/B�'77��Xc#
Eu5|Ѯ�g尭o�Q3���cѼ#ߌ CVR t#B٫�c
nXHL�93P�уCL`%v��#I'߇^75�v;�2
�!ܱݠ^YuMAfjߖ�yt�/ydbݹ,ԦD&>h"�ޫG
�d-_�γ;2���h�|%tP>K0�5^Z�H�xX#1����!�]U"�;�-�M='�kѬs�E�*F-f9��c6�LME+5�Hfh&?�f�ÖX�7�/xDJR��Œ4]WNXT"e'ύ�vdiI|�E]
8YXk+� c2&I$��{=O:Z�-*l$�O%��"eq�-gF#�|\_Շn�ʈ֊8%(Y�rD 6�ߋz,-�#s[ГZʕѷߝ)&Rt�耠rH1d+IzۜY�2KPn-�(�i0�'�e ��(!�ȹ�YnqmA�?' BA.;CK
J��l�i�6Ǝ:.6.6ܥW��c~7o{� 0wZ�PT`Oc,mǴ]˳ۡˬ;_* h8-tlh%9ׁ��"vY�nLw�u��#̦ȕӂ�u�M4oZ6�()"/>M&txE�[���=LD*$�nysl
џtFaT%s\c!�Cz
&h|_(̎�jcD� MEe�[4W�X)n=�g�/*Y]�Fb Ub̴YZ@Y�T�A�G�~�q-L �Cr|z>} þ'G��zsOO*0�ԬJn03�\ P�P
�G6Hx-u�˚XY�1֕Ұ#$P�J+�@L5�kXz'~q4Hpp:8˖(|Kk'T崷:kg2ͽ�y':nfZ9�e+�5PPoJ�H%˓
F
!�Vʼ�Xs'�V7CdB.~��.A�}ORه$� B�B#ᩴ[AII�ꐓB8^6VP�yBy�Z�$0� hQ̞l6�)h�8!$�:a�v% zY�kIzH>�.GB<%%^ڮU0��J>(/~jw�E\|_S���|
B�ڡ}g�
-,oOG�p�rl��
G~+S
̍�2YW�w+A�se�S-`�eD�7�K~��^�4>pX`���0��uFD0C�Z'C#*YL�zSOW4
��6<~1^�LCF猻j^[84U6ۈ��ž�LH~nD��gb+#�j� ǁr�]��]jNt85ea:/w\w z{W(bx��(! �@=jc5[W��PRBb+�ݠiam^�/�DP���ɵ(��Ÿ5b4W�,_c|,�\�QԖ`M���"?e Pa`�h7SfXTDJg:ZY)3�$uߵ�k3]��dʏ�}J s͆p�UxXd�"�uϸ#�{�z��"D�FՒ�Z�Qb/(@�(5�Ŝ��sUr埲J0kn�G[�lv
vzĘ+TD�|s90+@5�6%,`țfFࣀ2Gvlx�� ͪ�ayU`!�>�"�H>SSRܔgOy���>?p�ylV@7
xLܟLY��Ɗ
{V]٘T-�� Z�ύU@It4a�,?yB}S�j�Od:�uWo�7BP��|L
sEE5�j`ѩּbFvOI�aFcN)c]N-{5>lf(tOWB��BhMc��/�Rw=qĵ��'fB�6B8��g2�ʯ�OO�WX®(�f+Ll�ˉiE/;Ïj-x{}�_:�R0Bc�Yu!ۡU��My9Lƍ5A0�2ym�Z̯�Oa�A.���>�KM*��c?'1"L^k1h�Մ