xen-doc-html-4.13.2_04-lp152.2.18.1 4>$  Ap_m/=„2{}`pRXl?@пLffӤ`TV|!ǔ:-)i_WR#kxzz fߌgV:Í%X^hzg}G'RUXռ, {\iYk2C򞶠8yCz*pLCɽrdl0d*5w9qE>z>Uv9pٖ0rp%+C@~OKf6fc082eccc2d48b4c5406e62ae87b41b8f34dc898ea1839f3918602e29f5cff2357e612b60f6ac0badaf89ae6c83130a563af25_m/=„b z}k@31oQZE~EDp9?d & M AGPMM M M M M M<MM>dMO(s8|g9#g:;gGMHMIMX@YH\xM]M^: b%cd[e`fcleuxMvCxen-doc-html4.13.2_04lp152.2.18.1Xen Virtualization: HTML documentationXen is a virtual machine monitor for x86 that supports execution of multiple guest operating systems with unprecedented levels of performance and resource isolation. xen-doc-html contains the online documentation in HTML format. Point your browser at file:/usr/share/doc/packages/xen/html/ Authors: -------- Ian Pratt _mybuild71 openSUSE Leap 15.2openSUSEGPL-2.0-onlyhttp://bugs.opensuse.orgDocumentation/HTMLhttp://www.cl.cam.ac.uk/Research/SRG/netos/xen/linuxx86_64ot9DA'&6@ 72."B W 8` e $,76H"yjQ <3 "z768 I\xAAAA큤A큤A큤A큤A큤A큤A큤A큤_l_k;_k;_l_k;_k;_l_k;_l_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_k;_l_k;_k;_l_k;_le171864f5cfbf7c7b3fecd9b9fbeb3da9e87f63a7284ee52eeed093f8ad303ecf53beaf653f26eae12ff7ced3bf0735dbedad0d8baf45d31e32d33e0b868bfa954e980d65bcde307bad2efeab9640ef5c720b4ebc78ac8cc1eb48bd6134a5280b3422df9c1ad850ce9b456e83713da51f123c2286cf1f9fd4eb97f57c3eca9adbd5267a76a14fe4153f4ca727fb99f1c0bec9e8ff77302865a83919fa74e2b8db80b94ff1a198b4d6e03dcc25f86a1b332a80cf36f7df4bba07c19d192059b2cf62b4090098e5d648e9a3e615874b2e5957a93990f652eefc831d37779ba91069dbe69397d6c3d3c6d88c564032ba62cb41a6b8260a73fd9d6513c186d64199f078f07651ae04fc86183bc953a94d4437042b3a3e5182bfd03e899ed64ce4bbdf80257ef0688b6b53ccd52a4bbd9279568b22b31211e95cb4c6e86b81614a381d344261e1861b09d9bb8bb11a3caa1fcf632c9edc2107b175ecd48555e9bc639cedae3c3f2231b4340cf00a139bde6f3d5f0d9195d0906b227ca38a45038459a577d188c5570ee8dbf5850e4fca7b4e224cdb2725ffa755194f366179c1fd1b4d0d772f13207e89e3a519af0404d8ce75c584d7df7408643215c771621cb44b2c226a811e7f3336b6b187387a4992afc47488312928731367189b2fa03d7adef70d0a0d37169adb67569317d91415a0bcdeaf0c7870a806bb55b70092e12003913a9c456e1d8e004ff68d58686ccc8dbb0ef298481c2dadcbf30c638c625218de466c9be077fa0ef0ced23a246e92d14cc0cc8fd757931079cf928689b544b326b03382516373fc9221dc98277ed58043f0d5b49a8cf0913e57e5e47220c2c96bc7abdb1f733000c2cd91b519cbf7c55d096115abfef000da14ac794739fe8f0fe7d4c19e4b15b9d82ce430eb0767c3242c24a77c9b8d8d050129e41b51eecb6ded3add1a44dd1298e13dbe706f9a303f3b2169e18eb7d8afa43d0464f4ace15dc229890cdab48dfcc21f364fbc04c2bbc7f3b25c04e2a8c84148685fc9d08dba889ffd9cdd9058e5d6074d2b55f6e8c45e34e178cda364908c8cccbc08dc565a1f487e81635586692892b1cac3f2b705eddb54a37582c7a0dd4a33fe1386a31ed213cfd37be4282486d5610a30bb9c6c55ea3aa6bac8552669dbb46aee375a5df5076c347e7cad2371f3dc0bc10c6877c8f5251a5a57ddc6c79e1f9b532f89f9b3fc4dd2d139ace9382e594c2c73439a9d4f100fc61c4e4f9294d4239776620fbf590c80aef40b7e6ab58cefe9e4351ef6afaa6bcaf4e55d7809df6392fdb96aadfa0507b89d930b9500c7a95869685253e2082a4d704ad9ab9a720307e4e19c225a529d78e1e1365a40264348cbbcd1ef716fa7d97d977cb93f42230a1825f4faf9f22847781296550c42f0955595f5f23eff9cf7b00ca27ee70988aaee9f7ec2154a382909b7652464c29ad603492e27c76bd7d0de3b5198d0867fe0a75ebd93bafe2e73cf681a88dca3217d79376c353ff4e1e5ecee8c41c70e11b8c9e2d188834c2a97f1edeb4cc8e0e61519c5f8559abb020373ab7886252b3809b0a1d976728897864907825a5a2538c25cd0aa407ba15e58bed9f42232379103f1ee46160242648729b430f01c57403535a4cd52e480fa8aeba2b6662bf636d14522c2871a17c16c95ab0ee99f64d6dc5c3a303ee5d0ea203246d629ec9a01164f79991b95599c26b803f2c8bfb407d7ea7de55a783c40780dcb7f993af187e4d4200a7cd1ffaf63b68eb2cc3c3d663847edfeeeed22d3b1039b423ec94b5198ad7daba0315ada992171ac097279a5924539c83bc431e243edc9efd772f673fd5301bc159111fcd005b864ab1f4b803e059590043471e04d0ac7ec96fe74dbf857c003a9b4163966919de58c0d14d493b5d7c6826e43bd61f2eda3c2a4a33fd26f285982fb97cc7b4730fc7c1c5289c87cc4d1dfe6184c7908079cfb34de8b6d4d200fa7a5cd899e7aab4589a5d0193118825ac5072abd29bfa809c3b3aa704ec1d432c80a00b3c661489ab62333993243951154c8ffe56cf475ebcb8a54982ecbd145cbe19ee58416bcf16a88f474895a8626db19ae5f3654c894d7337bcf72c1fc59037f947f713649a84322888eb75d9dad867249c4c135787affea14ee1cf2c50b4403362cc91e5249e9a32270b77e1d08f1217206215cbdcbd7b4f179b7787b056e065805b649e73f32af8d7b9fd0a5b317668d9ecd29a382e968e6466945103b1f10e378ccf028b0040d857506d6a2f9f9f7202547fb83347ebc6cf52cf4d3228d603a99a49af40bf7589771dd6810ba68ffd01c20c7d7743ec76891e07a4851f086e043731368850e313269ca98ab91c156529ac3b961a67f54a522ef093965d6be4431b21e9ec2fc3e6c70050a26c3c78777e5200cad4282b96411eb4c871e9845d2b4b1163c8f2f71b3f232161df132b103360ee3fb48495eabd71c2be87437b2d33715486da3e3443c567a5b9cb6b8f54c07b3fac562cc7f7d20c570e6df66605f996aa6d38f8234276f2b8fa5c54a10903b7fa29d49d6dbdae30ef984b372a6dbe9c2786b09c1d722ffa63f7cff6848a3b35a68d4fbd7770dfee8c9157c4151eb9d4bb2e16e25f710099b13ab6c7b0dec076e76d504e091cf2642a805ff778edfde8be1bff36fe3825f070a22662ca16c8b8dc1ee56c4c73c3e56dcee0baa814fe39770cc81f77c8321ff63ef984c549fd5a0833e146c7bdc1c2097fa2ba0315ada992171ac097279a5924539c83bc431e243edc9efd772f673fd5301be9845d2b4b1163c8f2f71b3f232161df132b103360ee3fb48495eabd71c2be870ac7f1c170045695514643860355d8026d550047e3a4853bcfab39d620542b66372a6dbe9c2786b09c1d722ffa63f7cff6848a3b35a68d4fbd7770dfee8c915798394ef67fe837f917dc3f0101b89193414868cd6bd7c94ceb5ab3ccc7ed408frootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootxen-4.13.2_04-lp152.2.18.1.src.rpmxen-doc-htmlxen-doc-html(x86-64)     rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0.4-14.0-15.2-14.14.1______@__[f_X_Wr@_'@_{_^)@^^@^3^ϧ^x^@^@^^^{G^r @^j$@^g@^_@^Nt^K^=Q@^:@^0"@^@^@]]]N@]@]ʞ])]c@]@]@]@]]fl]fl]M`@]B@]/ ],j] ]@]@] ] ] #]]@\\ޢ@\ڭ\\@\@\@\,@\7\\N\@\\+@\\M\M\\\@\}@\k\X)@\J@\I\A\?\=@\9\73\4\$\l@[H[k@[@[^[^[/[@[@[9@[v[W[CN@[<[6@[0@[0@['[!@[5@Z@ZnZ@ZZZ@ZmZԐ@ZZZ@ZZ}@Z}@Z}@Z}@Zz@Zz@Zo Zk@ZV@ZS]@ZOhZ:PZ1@Z.s@Z&@ZOZOZ Z Z Z@Z@Z }ZC@ZYYYY|Y@Y{Y*@Y5YA@Y4YYYbYY@Y3Y@YJYJY@YYV@Y@Ym@Yw2Yp@YlYh@Yh@YS@YJ_YI@Y5GY0Y-^Y(Y"YY;@YYY@YtY.X@XQ@X@XۡXg@X@XƉX@X @X@X@X@X@XXX@XXXwoXs{@XlXWXRXQ4@XEVX43@X.@X*X lX&X@XX@W@W֘W֘W^@WiW:Wt@W.@W9WW@Wk@Wi,@WbWZWZWZWYZ@WV@WEWBW=W;W3W1@W1@W,@W(W(W(W(W(W#LWVbV(@V3VJVxV'@VV2V͛@VŲ@V`VwVVV=@VV@VHV@VvV%@VV<@V@VS@VV@V^VwVqR@Vn@VXEVUVTQ@VMVMVMVA@V;DV9@V7P@V0V*!@V V@VCVVVf@VqV@UYU@U@UUݪ@U@UnU4@UUK@UU@UU>U@Ux&Un@U\w@U[%UUUPUKSU>$U6;U%@UU@UUU.@TgT-@TT@TZ@TZ@T@TT@T5T@TLTLT~@Tl@Ti@Ta@THT?@T=@carnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comCallum Farmer carnold@suse.comcarnold@suse.comJames Fehlig carnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comDominique Leuenberger carnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comMatej Cepl carnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comJim Fehlig ohering@suse.deMartin Liška ohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comJan Engelhardt Guillaume GARDET Guillaume GARDET Bernhard Wiedemann carnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deBernhard Wiedemann ohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comtrenn@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.dejfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.deohering@suse.derbrown@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comjfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.dejfehlig@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comohering@suse.dejfehlig@suse.comcarnold@suse.comjfehlig@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.commlatimer@suse.comcarnold@suse.comcyliu@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.derguenther@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comrguenther@suse.comcarnold@suse.commeissner@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.com- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) xsa355.patch- Enhance libxc.migrate_tracking.patch Hide SUSEINFO messages from pause/unpause/resume from xl command. They are intended for libvirt logging, but lacked info about execution context.- bsc#1178591 - VUL-0: CVE-2020-28368: xen: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 xsa351-1.patch xsa351-2.patch xsa351-3.patch- Upstream bug fix (bsc#1027519) 5f92909a-PCI-cleanup-MSI-before-removing-device.patch- bsc#1177950 - adjust help for --max_iters, default is 5 libxl.set-migration-constraints-from-cmdline.patch- Update to Xen 4.13.2 bug fix release (bsc#1027519) xen-4.13.2-testing-src.tar.bz2 - Drop patches contained in new tarball 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch 5ef44e0d-x86-PMTMR-use-FADT-flags.patch 5ef6156a-x86-disallow-access-to-PT-MSRs.patch 5efcb354-x86-protect-CALL-JMP-straight-line-speculation.patch 5f046c18-evtchn-dont-ignore-error-in-get_free_port.patch 5f046c48-x86-shadow-dirty-VRAM-inverted-conditional.patch 5f046c64-EPT-set_middle_entry-adjustments.patch 5f046c78-EPT-atomically-modify-ents-in-ept_next_level.patch 5f046c9a-VT-d-improve-IOMMU-TLB-flush.patch 5f046cb5-VT-d-prune-rename-cache-flush-funcs.patch 5f046cca-x86-IOMMU-introduce-cache-sync-hook.patch 5f046ce9-VT-d-sync_cache-misaligned-addresses.patch 5f046cfd-x86-introduce-alternative_2.patch 5f046d1a-VT-d-optimize-CPU-cache-sync.patch 5f046d2b-EPT-flush-cache-when-modifying-PTEs.patch 5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch 5f560c42-x86-PV-64bit-segbase-consistency.patch xsa286-1.patch xsa286-2.patch xsa286-3.patch xsa286-4.patch xsa286-5.patch xsa286-6.patch xsa333.patch xsa334.patch xsa336.patch xsa337-1.patch xsa337-2.patch xsa338.patch xsa339.patch xsa340.patch xsa342.patch xsa343-1.patch xsa343-2.patch xsa343-3.patch xsa344-1.patch xsa344-2.patch xsa345-1.patch xsa345-2.patch xsa345-3.patch xsa346-1.patch xsa346-2.patch xsa347-1.patch xsa347-2.patch xsa347-3.patch- bsc#1177409 - VUL-0: CVE-2020-27674: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) xsa286-1.patch xsa286-2.patch xsa286-3.patch xsa286-4.patch xsa286-5.patch xsa286-6.patch - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) xsa345-1.patch xsa345-2.patch xsa345-3.patch - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) xsa346-1.patch xsa346-2.patch - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) xsa347-1.patch xsa347-2.patch xsa347-3.patch- Escape some % chars in xen.spec, they have to appear verbatim- Enhance libxc.migrate_tracking.patch Print number of allocated pages on sending side, this is more accurate than p2m_size.- bsc#1176339 - VUL-0: CVE-2020-25602: xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333) xsa333.patch - bsc#1176341 - VUL-0: CVE-2020-25598: xen: Missing unlock in XENMEM_acquire_resource error path (XSA-334) xsa334.patch - bsc#1176343 - VUL-0: CVE-2020-25604: xen: race when migrating timers between x86 HVM vCPU-s (XSA-336) xsa336.patch - bsc#1176344 - VUL-0: CVE-2020-25595: xen: PCI passthrough code reading back hardware registers (XSA-337) xsa337-1.patch xsa337-2.patch - bsc#1176346 - VUL-0: CVE-2020-25597: xen: once valid event channels may not turn invalid (XSA-338) xsa338.patch - bsc#1176345 - VUL-0: CVE-2020-25596: xen: x86 pv guest kernel DoS via SYSENTER (XSA-339) xsa339.patch - bsc#1176347 - VUL-0: CVE-2020-25603: xen: Missing barrier barriers when accessing/allocating an event channel (XSA-340) xsa340.patch - bsc#1176348 - VUL-0: CVE-2020-25600: xen: out of bounds event channels available to 32-bit x86 domains (XSA-342) xsa342.patch - bsc#1176349 - VUL-0: CVE-2020-25599: xen: races with evtchn_reset() (XSA-343) xsa343-1.patch xsa343-2.patch xsa343-3.patch - bsc#1176350 - VUL-0: CVE-2020-25601: xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344) xsa344-1.patch xsa344-2.patch - Upstream bug fixes (bsc#1027519) 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch 5f560c42-x86-PV-64bit-segbase-consistency.patch- Upstream bug fixes (bsc#1027519) 5ef44e0d-x86-PMTMR-use-FADT-flags.patch 5ef6156a-x86-disallow-access-to-PT-MSRs.patch 5efcb354-x86-protect-CALL-JMP-straight-line-speculation.patch 5f046c18-evtchn-dont-ignore-error-in-get_free_port.patch (Replaces xsa317.patch) 5f046c48-x86-shadow-dirty-VRAM-inverted-conditional.patch (Replaces xsa319.patch) 5f046c64-EPT-set_middle_entry-adjustments.patch (Replaces xsa328-1.patch) 5f046c78-EPT-atomically-modify-ents-in-ept_next_level.patch (Replaces xsa328-2.patch) 5f046c9a-VT-d-improve-IOMMU-TLB-flush.patch (Replaces xsa321-1.patch) 5f046cb5-VT-d-prune-rename-cache-flush-funcs.patch (Replaces xsa321-2.patch) 5f046cca-x86-IOMMU-introduce-cache-sync-hook.patch (Replaces xsa321-3.patch) 5f046ce9-VT-d-sync_cache-misaligned-addresses.patch (Replaces xsa32141.patch) 5f046cfd-x86-introduce-alternative_2.patch (Replaces xsa321-5.patch) 5f046d1a-VT-d-optimize-CPU-cache-sync.patch (Replaces xsa321-6.patch) 5f046d2b-EPT-flush-cache-when-modifying-PTEs.patch (Replaces xsa321-7.patch) 5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch (Replaces xsa327.patch) 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch- bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached ignore-ip-command-script-errors.patch- Enhance libxc.migrate_tracking.patch After transfer of domU memory, the target host has to assemble the backend devices. Track the time prior xc_domain_unpause.- Add libxc.migrate_tracking.patch to track live migrations unconditionally in logfiles, especially in libvirt. This will track how long a domU was suspended during transit.- bsc#1173376 - VUL-0: CVE-2020-15566: xen: XSA-317 - Incorrect error handling in event channel port allocation xsa317.patch - bsc#1173377 - VUL-0: CVE-2020-15563: xen: XSA-319 - inverted code paths in x86 dirty VRAM tracking xsa319.patch - bsc#1173378 - VUL-0: CVE-2020-15565: xen: XSA-321 - insufficient cache write- back under VT-d xsa321-1.patch xsa321-2.patch xsa321-3.patch xsa321-4.patch xsa321-5.patch xsa321-6.patch xsa321-7.patch - bsc#1173380 - VUL-0: CVE-2020-15567: xen: XSA-328 - non-atomic modification of live EPT PTE xsa328-1.patch xsa328-2.patch- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch (Replaces xsa320-1.patch) 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch (Replaces xsa320-2.patch) - Upstream bug fixes (bsc#1027519) 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch- Fixes for %_libexecdir changing to /usr/libexec- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) xsa320-1.patch xsa320-2.patch- Update to Xen 4.13.1 bug fix release (bsc#1027519) xen-4.13.1-testing-src.tar.bz2 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch - Drop patches contained in new tarball 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch- spec: Remove invocation of autogen.sh - spec: Recommend qemu-ovmf-x86_64 to provide UEFI firmwares- bsc#1170968 - GCC 10: xen build fails on i586 gcc10-fixes.patch- bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation handling in GNTTABOP_copy (XSA-318) 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch- bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch - bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing memory barriers in read-write unlock paths 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch - bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error path in GNTTABOP_map_grant 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch - bsc#1167152 - L3: Xenstored Crashed during VM install Need Core analyzed 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch - bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch - Drop for upstream solution (bsc#1165206) 01-xen-credit2-avoid-vcpus-to.patch default-to-credit1-scheduler.patch - Upstream bug fixes (bsc#1027519) 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch- bsc#1167608 - unbound limit for max_event_channels domUs with many vcpus and/or resources fail to start libxl.max_event_channels.patch- bsc#1161480 - Fix xl shutdown for HVM without PV drivers add libxl.libxl__domain_pvcontrol.patch- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 01-xen-credit2-avoid-vcpus-to.patch- bsc#1158414 - GCC 10: xen build fails gcc10-fixes.patch- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 default-to-credit1-scheduler.patch- bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate past the ERET instruction 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch - bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch hardening 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch - Upstream bug fixes (bsc#1027519) 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch- bsc#1159755 - use fixed qemu-3.1 machine type for HVM This must be done in qemu to preserve PCI layout remove libxl.lock-qemu-machine-for-hvm.patch- jsc#SLE-10183 - script to calculate cpuid= mask add helper script from https://github.com/twizted/xen_maskcalc domUs may be migrated between different cpus from the same vendor if their visible cpuid value has incompatible feature bits masked.- jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains add helper script and systemd service from https://github.com/luizluca/xen-tools-xendomains-wait-disk in new sub package xen-tools-xendomains-wait-disk See included README for usage instructions xendomains-wait-disks.LICENSE xendomains-wait-disks.README.md xendomains-wait-disks.sh- bsc#1159755 - use fixed qemu-3.1 machine type for HVM qemu4 introduced incompatible changes in pc-i440fx, which revealed a design bug in 'xenfv'. Live migration from domUs started with qemu versions prior qemu4 can not be received with qemu4+. libxl.lock-qemu-machine-for-hvm.patch- Upstream bug fixes (bsc#1027519) 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: Allow OBS to shortcut through the -mini flavors.- bsc#1159320 - Xen logrotate file needs updated logrotate.conf- Update to Xen 4.13.0 FCS release xen-4.13.0-testing-src.tar.bz2 * Core Scheduling (contributed by SUSE) * Branch hardening to mitigate against Spectre v1 (contributed by Citrix) * Late uCode loading (contributed by Intel) * Improved live-patching build tools (contributed by AWS) * OP-TEE support (contributed by EPAM) * Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM) * Dom0-less passthrough and ImageBuilder (contributed by XILINX) * Support for new Hardware- Update to Xen 4.13.0 RC4 release xen-4.13.0-testing-src.tar.bz2 - Rebase libxl.pvscsi.patch- Update to Xen 4.13.0 RC3 release xen-4.13.0-testing-src.tar.bz2 - Drop python38-build.patch- Update to Xen 4.13.0 RC2 release xen-4.13.0-testing-src.tar.bz2- Add python38-build.patch fixing build with Python 3.8 (add - -embed to python-config call)- Update to Xen 4.13.0 RC1 release xen-4.13.0-testing-src.tar.bz2 - Drop patches contained in new tarball or invalid 5ca7660f-x86-entry-drop-unused-includes.patch 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch 5cab2ab7-x86-IOMMU-introduce-init-ops.patch 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch 5d358508-x86-IRQ-desc-affinity-represents-request.patch 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch 5d417813-AMD-IOMMU-bitfield-extended-features.patch 5d417838-AMD-IOMMU-bitfield-control-reg.patch 5d41785b-AMD-IOMMU-bitfield-IRTE.patch 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch 5d419d49-x86-spec-ctrl-report-proper-status.patch 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch 5d4afa7a-credit2-fix-memory-leak.patch 5d4d850a-introduce-bss-percpu-page-aligned.patch 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch 5d6524ca-x86-mm-correctly-init-M2P-entries.patch 5d67ceaf-x86-properly-gate-PKU-clearing.patch 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch 5d80ea13-vpci-honor-read-only-devices.patch 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch blktap2-no-uninit.patch libxl.prepare-environment-for-domcreate_stream_done.patch pygrub-python3-conversion.patch fix-xenpvnetboot.patch- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch- bsc#1120095 - add code to change LIBXL_HOTPLUG_TIMEOUT at runtime The included README has details about the impact of this change libxl.LIBXL_HOTPLUG_TIMEOUT.patch- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines 5ca7660f-x86-entry-drop-unused-includes.patch 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch 5cab2ab7-x86-IOMMU-introduce-init-ops.patch 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch 5d358508-x86-IRQ-desc-affinity-represents-request.patch 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch 5d417813-AMD-IOMMU-bitfield-extended-features.patch 5d417838-AMD-IOMMU-bitfield-control-reg.patch 5d41785b-AMD-IOMMU-bitfield-IRTE.patch 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch - bsc#1145240 - [Migration]Can't pre-allocate 1 shadow pages 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch - bsc#1137717 - [HPS Bug] Unable to install Windows Server 2016 with 2 CPUs setting (or above) under SLES12 SP4 Xen Server on AMD ROME platform 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch - Upstream bug fixes (bsc#1027519) 5d67ceaf-x86-properly-gate-PKU-clearing.patch 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch 5d80ea13-vpci-honor-read-only-devices.patch 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch- bsc#1145774 - Libivrtd segfaults when trying to live migrate a VM Fix crash in an error path of libxl_domain_suspend with libxl.helper_done-crash.patch- Upstream bug fixes (bsc#1027519) 5d419d49-x86-spec-ctrl-report-proper-status.patch 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch 5d4afa7a-credit2-fix-memory-leak.patch 5d4d850a-introduce-bss-percpu-page-aligned.patch 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch 5d6524ca-x86-mm-correctly-init-M2P-entries.patch - Drop 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch- Preserve modified files which used to be marked as %config, rename file.rpmsave to file- Update to Xen 4.12.1 bug fix release (bsc#1027519) xen-4.12.1-testing-src.tar.bz2 - Drop patches contained in new tarball 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch 5c87b6c8-drop-arch_evtchn_inject.patch 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch 5c8f752c-x86-e820-build-with-gcc9.patch 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch 5c9e63c5-credit2-SMT-idle-handling.patch 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch 5cd921fb-trace-fix-build-with-gcc9.patch 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch 5cd926d0-bitmap_fill-zero-sized.patch 5cd92724-drivers-video-drop-constraints.patch 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch 5d03a0c4-6-Arm64-cmpxchg-simplify.patch 5d03a0c4-7-Arm32-cmpxchg-simplify.patch 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch 5d03a0c4-B-bitops-guest-helpers.patch 5d03a0c4-C-cmpxchg-guest-helpers.patch 5d03a0c4-D-use-guest-atomics-helpers.patch 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch - Refreshed patches libxl.pvscsi.patch- bsc#1143563 - Speculative mitigation facilities report wrong status 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch- Update xen-dom0-modules.service (bsc#1137251) Map backend module names from pvops and xenlinux kernels to a module alias. This avoids errors from modprobe about unknown modules. Ignore a few xenlinux modules that lack aliases.- Gcc9 warnings seem to be cleared up with upstream fixes. Drop gcc9-ignore-warnings.patch- bsc#1138563 - L3: xenpvnetboot improperly ported to Python 3 fix-xenpvnetboot.patch- Move /etc/modprobe.d/xen_loop.conf to /lib/modprobe.d/xen_loop.conf- Remove /etc/xen/xenapiusers and /etc/pam.d/xen-api- Remove all upstream provided files in /etc/xen They are not required at runtime. The host admin is now responsible if he really needs anything in this subdirectory.- In our effort to make /etc fully admin controlled, move /etc/xen/scripts to libexec/xen/scripts with xen-tools.etc_pollution.patch- Move /etc/bash_completion.d/xl.sh to %{_datadir}/bash-completion/completions- bsc#1138294 - VUL-0: CVE-2019-17349: XSA-295: Unlimited Arm Atomics Operations 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch 5d03a0c4-6-Arm64-cmpxchg-simplify.patch 5d03a0c4-7-Arm32-cmpxchg-simplify.patch 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch 5d03a0c4-B-bitops-guest-helpers.patch 5d03a0c4-C-cmpxchg-guest-helpers.patch 5d03a0c4-D-use-guest-atomics-helpers.patch 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch - Upstream bug fixes (bsc#1027519) 5c87b6c8-drop-arch_evtchn_inject.patch 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch 5cd921fb-trace-fix-build-with-gcc9.patch 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch 5cd926d0-bitmap_fill-zero-sized.patch 5cd92724-drivers-video-drop-constraints.patch 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch (Replaces xsa297-0a.patch) 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch (Replaces xsa297-0b.patch) 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch (Replaces xsa297-0c.patch) 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch (Replaces xsa297-0d.patch) 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch (Replaces xsa297-1.patch) 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch (Replaces xsa297-2.patch) 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch (Replaces xsa297-3.patch) 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch- Fix some outdated information in the readme README.SUSE- spec: xen-tools: require matching version of xen package bsc#1137471- Remove two stale patches xen.build-compare.man.patch xenpaging.doc.patch- Disable LTO (boo#1133296).- Remove arm32 from ExclusiveArch to fix build- bsc#1111331 - VUL-0: CPU issues Q2 2019 aka "Group 4". CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 xsa297-0a.patch xsa297-0b.patch xsa297-0c.patch xsa297-0d.patch xsa297-1.patch xsa297-2.patch xsa297-3.patch - Update 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch and drop 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch Refresh 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch- bsc#1131811 - [XEN] internal error: libxenlight failed to create new domain. This patch is a workaround for a systemd issue. See patch header for additional comments. xenstore-launch.patch- bsc#1125378 - [xen][pygrub] Can not restore sle11sp4 pv guest after upgrading host from sle11sp4 to sle15sp1 pygrub-python3-conversion.patch - Fix "TypeError: virDomainDefineXML() argument 2 must be str or None, not bytes" when converting VMs from using the xm/xend toolstack to the libxl/libvirt toolstack. (bsc#1123378) xen2libvirt.py- bsc#1124560 - Fully virtualized guests crash on boot 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch - bsc#1121391 - GCC 9: xen build fails 5c8f752c-x86-e820-build-with-gcc9.patch - Upstream bug fixes (bsc#1027519) 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch 5c9e63c5-credit2-SMT-idle-handling.patch 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch- Install pkgconfig files into libdir instead of datadir- Update to Xen 4.12.0 FCS release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 * HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates the HVM/PVH and PV code paths in Xen and provides KCONFIG options to build a PV only or HVM/PVH only hypervisor. * QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has been vastly improved. * Argo - Hypervisor-Mediated data eXchange: Argo is a new inter- domain communication mechanism. * Improvements to Virtual Machine Introspection: The VMI subsystem which allows detection of 0-day vulnerabilities has seen many functional and performance improvements. * Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project default scheduler. * PVH Support: Grub2 boot support has been added to Xen and Grub2. * PVH Dom0: PVH Dom0 support has now been upgraded from experimental to tech preview. * The Xen 4.12 upgrade also includes improved IOMMU mapping code, which is designed to significantly improve the startup times of AMD EPYC based systems. * The upgrade also features Automatic Dom0 Sizing which allows the setting of Dom0 memory size as a percentage of host memory (e.g. 10%) or with an offset (e.g. 1G+10%).- bsc#1130485 - Please drop Requires on multipath-tools in xen-tools. Now using Recommends multipath-tools. xen.spec- Update to Xen 4.12.0 RC7 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- Update to Xen 4.12.0 RC6 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- bsc#1026236 - add Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation for HVM domUs if their expected frequency does not match exactly the frequency of the receiving host xen.bug1026236.suse_vtsc_tolerance.patch- Update to Xen 4.12.0 RC5 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- jsc#SLE-3059 - Disable Xen auto-ballooning - Add CONFIG_DOM0_MEM to the spec file for managing dom0 memory. xen.spec - Disable autoballooning in xl.con xl-conf-disable-autoballoon.patch- Update gcc9-ignore-warnings.patch to fix build in SLE12- bsc#1126325 - fix crash in libxl in error path Setup of grant_tables and other variables may fail libxl.prepare-environment-for-domcreate_stream_done.patch- bsc#1127620 - Documentation for the xl configuration file allows for firmware=pvgrub64 but we don't ship pvgrub64. Create a link from grub.xen to pvgrub64 xen.spec- Update to Xen 4.12.0 RC4 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 - Tarball also contains additional post RC4 security fixes for Xen Security Advisories 287, 288, and 290 through 294.- Update to Xen 4.12.0 RC3 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- Update to Xen 4.12.0 RC2 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- bsc#1121391 - GCC 9: xen build fails gcc9-ignore-warnings.patch- bsc#1122563 - Virtualization/xen: Bug no Xen on boot, missing /proc/xen, after 4.11 -> 4.12 upgrade on X86_64/efi. Keep xen.efi in /usr/lib64/efi for booting older distros. xen.spec- fate#326960: Package grub2 as noarch. As part of the effort to have a unified bootloader across architectures, modify the xen.spec file to move the Xen efi files to /usr/share/efi/$(uname -m) from /usr/lib64/efi.- Update to Xen 4.12.0 RC1 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 - Drop 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch 5b9784d2-x86-HVM-add-known_gla-helper.patch 5b9784f2-x86-HVM-split-page-straddling-accesses.patch 5bdc31d5-VMX-fix-vmx_handle_eoi.patch gcc8-fix-array-warning-on-i586.patch gcc8-fix-format-warning-on-i586.patch gcc8-inlining-failed.patch xen.bug1079730.patch- bsc#1121960 - xen: sync with Factory xen.spec xen.changes- Replace old $RPM_* shell vars. - Run fdupes for all architectures, and not crossing subvolume boundaries.- Do not run %fdupes on aarch64 to avoid the hardlink-across-partition rpmlint error- Require qemu-seabios only on x86* as it is not available on non-x86 systems- Avoid creating dangling symlinks (bsc#1116524) This reverts the revert of tmp_build.patch- Update to Xen 4.11.1 bug fix release (bsc#1027519) xen-4.11.1-testing-src.tar.bz2 - 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch replaces xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch - 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch replaces xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch - Drop the following patches contained in the new tarball 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch 5b3f8fa5-port-array_index_nospec-from-Linux.patch 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch 5b4488e7-x86-spec-ctrl-cmdline-handling.patch 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch 5b4db308-SVM-fix-cleanup-svm_inject_event.patch 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch 5b505fe5-VMX-fix-find-msr-build.patch 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch 5b508775-2-x86-possibly-bring-up-all-CPUs.patch 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch 5b62ca93-VMX-avoid-hitting-BUG_ON.patch 5b6d84ac-x86-fix-improve-vlapic-read-write.patch 5b6d8ce2-x86-XPTI-parsing.patch 5b72fbbe-ARM-disable-grant-table-v2.patch 5b72fbbe-oxenstored-eval-order.patch 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch 5b72fbbf-xl.conf-Add-global-affinity-masks.patch 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch 5b8d5832-x86-assorted-array_index_nospec-insertions.patch 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch 5bacae4b-x86-boot-allocate-extra-module-slot.patch 5bae44ce-x86-silence-false-log-messages.patch 5bb60c12-x86-split-opt_xpti.patch 5bb60c4f-x86-split-opt_pv_l1tf.patch 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch 5bcf0722-x86-boot-enable-NMIs.patch 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch 5bd076e9-x86-boot-init-debug-regs-correctly.patch 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch 5be2a308-x86-extend-get_platform_badpages.patch 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch xsa275-1.patch xsa275-2.patch xsa276-1.patch xsa276-2.patch xsa277.patch xsa279.patch xsa280-1.patch xsa280-2.patch- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken: Missing /bin/domu-xenstore. This was broken because "make package build reproducible" change. (boo#1047218, boo#1062303) This fix reverses the change to this patch. tmp_build.patch- bsc#1115040 - VUL-0: CVE-2018-19961 CVE-2018-19962: xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275) xsa275-1.patch xsa275-2.patch - bsc#1115043 - VUL-0: CVE-2018-19963: xen: resource accounting issues in x86 IOREQ server handling (XSA-276) xsa276-1.patch xsa276-2.patch - bsc#1115044 - VUL-0: CVE-2018-19964: xen: x86: incorrect error handling for guest p2m page removals (XSA-277) xsa277.patch - bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even when disabled (XSA-278) 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch - bsc#1115045 - VUL-0: xen: CVE-2018-19965: x86: DoS from attempting to use INVPCID with a non-canonical addresses (XSA-279) xsa279.patch - bsc#1115047 - VUL-0: CVE-2018-19966: xen: Fix for XSA-240 conflicts with shadow paging (XSA-280) xsa280-1.patch xsa280-2.patch - bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE constructs may lock up host (XSA-282) 5be2a308-x86-extend-get_platform_badpages.patch 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch - bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV 5bdc31d5-VMX-fix-vmx_handle_eoi.patch - Upstream bug fixes (bsc#1027519) 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch 5bacae4b-x86-boot-allocate-extra-module-slot.patch 5bae44ce-x86-silence-false-log-messages.patch 5bb60c12-x86-split-opt_xpti.patch 5bb60c4f-x86-split-opt_pv_l1tf.patch 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch 5bcf0722-x86-boot-enable-NMIs.patch 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch 5bd076e9-x86-boot-init-debug-regs-correctly.patch 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even when disabled (XSA-278) 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch- Use SMBIOS_REL_DATE instead of SMBIOS_DATE for reproducible binaries- make package build reproducible (boo#1047218, boo#1062303) * Set SMBIOS_REL_DATE * Update tmp_build.patch to use SHA instead of random build-id * Add reproducible.patch to use --no-insert-timestamp- Building with ncurses 6.1 will fail without xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch - Building libxl acpi support on aarch64 with gcc 8.2 will fail without xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch- bsc#1106263 - L3: The affinity reporting via 'xl vcpu-list' is apparently broken 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch- bsc#1094508 - L3: Kernel oops in fs/dcache.c called by d_materialise_unique() 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch 5b9784d2-x86-HVM-add-known_gla-helper.patch 5b9784f2-x86-HVM-split-page-straddling-accesses.patch - bsc#1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen: oxenstored does not apply quota-maxentity (XSA-272) 5b72fbbe-oxenstored-eval-order.patch - bsc#1103275 - (CVE-2018-15469) VUL-0: CVE-2018-15469: xen: Use of v2 grant tables may cause crash on ARM (XSA-268) 5b72fbbe-ARM-disable-grant-table-v2.patch - Upstream patches from Jan (bsc#1027519) 5b6d84ac-x86-fix-improve-vlapic-read-write.patch 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch 5b8d5832-x86-assorted-array_index_nospec-insertions.patch - Drop 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch- bsc#1078292 - rpmbuild -ba SPECS/xen.spec with xen-4.9.1 failed xen.spec- bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM (XSA-273) 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch - bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS (XSA-269) 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch - Upstream prereq patches for XSA-273 and other upstream fixes (bsc#1027519) 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch 5b505fe5-VMX-fix-find-msr-build.patch 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch 5b62ca93-VMX-avoid-hitting-BUG_ON.patch 5b6d8ce2-x86-XPTI-parsing.patch 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch 5b72fbbf-xl.conf-Add-global-affinity-masks.patch 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch- Upstream patches from Jan (bsc#1027519) 5b3f8fa5-port-array_index_nospec-from-Linux.patch 5b4488e7-x86-spec-ctrl-cmdline-handling.patch 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch 5b4db308-SVM-fix-cleanup-svm_inject_event.patch 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch 5b508775-2-x86-possibly-bring-up-all-CPUs.patch 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch gcc8-fix-format-warning-on-i586.patch gcc8-fix-array-warning-on-i586.patch - Drop xen.fuzz-_FORTIFY_SOURCE.patch gcc8-fix-warning-on-i586.patch- Update to Xen 4.11.0 FCS (fate#325202, fate#325123) xen-4.11.0-testing-src.tar.bz2 disable-building-pv-shim.patch - Dropped patches 5a33a12f-domctl-improve-locking-during-domain-destruction.patch 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch 5a9985bd-x86-invpcid-support.patch 5ac72a48-gcc8.patch 5ac72a5f-gcc8.patch 5ac72a64-gcc8.patch 5ac72a69-gcc8.patch 5ac72a6e-gcc8.patch 5ac72a74-gcc8.patch 5ac72a7b-gcc8.patch 5ad4923e-x86-correct-S3-resume-ordering.patch 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch 5adde9ed-xpti-fix-double-fault-handling.patch 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch 5ae31917-x86-cpuidle-init-stats-lock-once.patch 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch 5aec7393-1-x86-xpti-avoid-copy.patch 5aec7393-2-x86-xpti-write-cr3.patch 5aec744a-3-x86-xpti-per-domain-flag.patch 5aec744a-4-x86-xpti-use-invpcid.patch 5aec744a-5-x86-xpti-no-global-pages.patch 5aec744a-6-x86-xpti-cr3-valid-flag.patch 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch 5aec744b-8-x86-xpti-cr3-helpers.patch 5aec74a8-9-x86-xpti-use-pcid.patch 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch 5af1daa9-3-x86-traps-use-IST-for-DB.patch 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch 5af97999-viridian-cpuid-leaf-40000003.patch 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch 5b0bc9da-x86-XPTI-fix-S3-resume.patch 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b34882d-x86-mm-dont-bypass-preemption-checks.patch 5b348874-x86-refine-checks-in-DB-handler.patch 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch 5b348954-x86-guard-against-NM.patch libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch libxl.LIBXL_DESTROY_TIMEOUT.patch libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch xen_fix_build_with_acpica_20180427_and_new_packages.patch- Submit upstream patch libacpi: fixes for iasl >= 20180427 git commit 858dbaaeda33b05c1ac80aea0ba9a03924e09005 xen_fix_build_with_acpica_20180427_and_new_packages.patch This is needed for acpica package to get updated in our build service- Upstream patches from Jan (bsc#1027519) 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch) 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch) 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch) 5b0bc9da-x86-XPTI-fix-S3-resume.patch 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces xsa267-1.patch) 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces xsa267-2.patch) 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch) 5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch) 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces xsa266-1-<>.patch) 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces xsa266-2-<>.patch) 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch 5b348954-x86-guard-against-NM.patch- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch- bsc#1098403 - fix regression introduced by changes for bsc#1079730 a PV domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen. xen.bug1079730.patch- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks bypassed in x86 PV MM handling (XSA-264) xsa264.patch - bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception safety check can be triggered by a guest (XSA-265) xsa265.patch - bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour readonly flag on HVM emulated SCSI disks (XSA-266) xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore (XSA-267) xsa267-1.patch xsa267-2.patch- bsc#1092543 - GCC 8: xen build fails gcc8-fix-warning-on-i586.patch- bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 – Speculative Store Bypass aka "Memory Disambiguation" (XSA-263) 5ad4923e-x86-correct-S3-resume-ordering.patch 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch Spectre-v4-1.patch Spectre-v4-2.patch Spectre-v4-3.patch- Always call qemus xen-save-devices-state in suspend/resume to fix migration with qcow2 images (bsc#1079730) libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch xen.bug1079730.patch- bsc#1087289 - L3: Xen BUG at sched_credit.c:1663 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch - Upstream patches from Jan (bsc#1027519) 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch 5ae31917-x86-cpuidle-init-stats-lock-once.patch 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch) 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch) 5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch) 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch) 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch) 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch) 5af97999-viridian-cpuid-leaf-40000003.patch- Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch 5a9985bd-x86-invpcid-support.patch 5adde9ed-xpti-fix-double-fault-handling.patch 5aec7393-1-x86-xpti-avoid-copy.patch 5aec7393-2-x86-xpti-write-cr3.patch 5aec744a-3-x86-xpti-per-domain-flag.patch 5aec744a-4-x86-xpti-use-invpcid.patch 5aec744a-5-x86-xpti-no-global-pages.patch 5aec744a-6-x86-xpti-cr3-valid-flag.patch 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch 5aec744b-8-x86-xpti-cr3-helpers.patch 5aec74a8-9-x86-xpti-use-pcid.patch- bsc#1092543 - GCC 8: xen build fails 5ac72a48-gcc8.patch 5ac72a5f-gcc8.patch 5ac72a64-gcc8.patch 5ac72a69-gcc8.patch 5ac72a6e-gcc8.patch 5ac72a74-gcc8.patch 5ac72a7b-gcc8.patch gcc8-inlining-failed.patch- Update to Xen 4.10.1 bug fix release (bsc#1027519) xen-4.10.1-testing-src.tar.bz2 disable-building-pv-shim.patch - Drop the following patches contained in the new tarball 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch 5a4caa8c-x86-E820-don-t-overrun-array.patch 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch 5a4fd894-4-clarifications-to-wait-infrastructure.patch 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch 5a5e2cff-x86-Meltdown-band-aid.patch 5a5e2d73-x86-Meltdown-band-aid-conditional.patch 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch 5a5e459c-2-x86-report-domain-id-on-CPUID.patch 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch 5a69c0b9-x86-fix-GET_STACK_END.patch 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch 5a6b36cd-9-x86-issue-speculation-barrier.patch 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch xsa258.patch xsa259.patch- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of debug exceptions (XSA-260) xsa260-1.patch xsa260-2.patch xsa260-3.patch xsa260-4.patch - bsc#1090822 - VUL-0: CVE-2018-10982: xen: x86 vHPET interrupt injection errors (XSA-261) xsa261.patch - bsc#1090823 - VUL-0: CVE-2018-10981: xen: qemu may drive Xen into unbounded loop (XSA-262) xsa262.patch- bsc#1089152 - VUL-0: CVE-2018-10472: xen: Information leak via crafted user-supplied CDROM (XSA-258) xsa258.patch - bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash Xen with XPTI (XSA-259) xsa259.patch- Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) (bsc#1087251)- Upstream patches from Jan (bsc#1027519) and fixes related to Page Table Isolation (XPTI). See also bsc#1074562 XSA-254 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch- bsc#1072834 - Xen HVM: unchecked MSR access error: RDMSR from 0xc90 at rIP: 0xffffffff93061456 (native_read_msr+0x6/0x30) 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch - Upstream patches from Jan (bsc#1027519) 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch (Replaces xsa252.patch) 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch (Replaces xsa255-1.patch) 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch (Replaces xsa255-2.patch) 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch (Replaces xsa256.patch) - Drop xsa252.patch xsa255-1.patch xsa255-2.patch xsa256.patch- bsc#1080635 - VUL-0: CVE-2018-7540: xen: DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) xsa252.patch - bsc#1080662 - VUL-0: CVE-2018-7541: xen: grant table v2 -> v1 transition may crash Xen (XSA-255) xsa255-1.patch xsa255-2.patch - bsc#1080634 - VUL-0: CVE-2018-7542: xen: x86 PVH guest without LAPIC may DoS the host (XSA-256) xsa256.patch- Remove stale systemd presets code for 13.2 and older- fate#324965 - add script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU They are triggered via xl vcpu-set domU N- Replace hardcoded xen with Name tag when refering to subpkgs- Make sure tools and tools-domU require libs from the very same build- tools-domU: Add support for qemu guest agent. New files 80-xen-channel-setup.rules and xen-channel-setup.sh configure a xen-pv-channel for use by the guest agent FATE#324963- Remove outdated /etc/xen/README*- bsc#1073961 - VUL-0: CVE-2018-5244: xen: x86: memory leak with MSR emulation (XSA-253) 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch - bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 xen: Information leak via side effects of speculative execution (XSA-254). Includes Spectre v2 mitigation. 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch 5a4caa8c-x86-E820-don-t-overrun-array.patch 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch 5a4fd894-4-clarifications-to-wait-infrastructure.patch 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch 5a5e2cff-x86-Meltdown-band-aid.patch 5a5e2d73-x86-Meltdown-band-aid-conditional.patch 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch 5a5e459c-2-x86-report-domain-id-on-CPUID.patch 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch 5a69c0b9-x86-fix-GET_STACK_END.patch 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch 5a6b36cd-9-x86-issue-speculation-barrier.patch 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch- Fix python3 deprecated atoi call (bsc#1067224) pygrub-python3-conversion.patch - Drop xenmon-python3-conversion.patch- bsc#1067317 - pass cache=writeback|unsafe|directsync to qemu, depending on the libxl disk settings libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch- Remove libxl.LIBXL_DESTROY_TIMEOUT.debug.patch- bsc#1067224 - xen-tools have hard dependency on Python 2 build-python3-conversion.patch bin-python3-conversion.patch- bsc#1070165 - xen crashes after aborted localhost migration 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch - bsc#1035442 - L3: libxl: error: libxl.c:1676:devices_destroy_cb: libxl__devices_destroy failed 5a33a12f-domctl-improve-locking-during-domain-destruction.patch - Upstream patches from Jan (bsc#1027519) 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch- Update to Xen 4.10.0 FCS (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Rebuild initrd if xen-tools-domU is updated- Update to Xen 4.10.0-rc8 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds If many domUs shutdown in parallel the backends can not keep up Add some debug output to track how long backend shutdown takes (bsc#1035442) libxl.LIBXL_DESTROY_TIMEOUT.patch libxl.LIBXL_DESTROY_TIMEOUT.debug.patch- Adjust xenstore-run-in-studomain.patch to change the defaults in the code instead of changing the sysconfig template, to also cover the upgrade case- Update to Xen 4.10.0-rc6 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Since xen switched to Kconfig, building a debug hypervisor was done by default. Adjust make logic to build a non-debug hypervisor by default, and continue to provide one as xen-dbg.gz- fate#316614: set migration constraints from cmdline fix libxl.set-migration-constraints-from-cmdline.patch for xen-4.10- Document the suse-diskcache-disable-flush option in xl-disk-configuration(5) (bsc#879425,bsc#1067317)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Update to Xen 4.10.0-rc5 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - fate#323663 - Run Xenstore in stubdomain xenstore-run-in-studomain.patch- bsc#1067224 - xen-tools have hard dependency on Python 2 pygrub-python3-conversion.patch xenmon-python3-conversion.patch migration-python3-conversion.patch xnloader.py xen2libvirt.py- Remove xendriverdomain.service (bsc#1065185) Driver domains must be configured manually with custom .service file- Update to Xen 4.10.0-rc3 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - Drop 59f31268-libxc-remove-stale-error-check-for-domain-size.patch- Adjust xen-dom0-modules.service to ignore errors (bsc#1065187)- fate#324052 Support migration of Xen HVM domains larger than 1TB 59f31268-libxc-remove-stale-error-check-for-domain-size.patch- Update to Xen 4.10.0-rc2 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Update to Xen 4.10.0-rc1 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - Drop patches included in new tarball 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch 596f257e-x86-fix-hvmemul_insn_fetch.patch 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch 59958ebf-gnttab-fix-transitive-grant-handling.patch 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch gcc7-arm.patch gcc7-mini-os.patch- bsc#1061084 - VUL-0: xen: page type reference leak on x86 (XSA-242) xsa242.patch - bsc#1061086 - VUL-0: xen: x86: Incorrect handling of self-linear shadow mappings with translated guests (XSA-243) xsa243.patch - bsc#1061087 - VUL-0: xen: x86: Incorrect handling of IST settings during CPU hotplug (XSA-244) xsa244.patch- bsc#1061077 - VUL-0: xen: DMOP map/unmap missing argument checks (XSA-238) xsa238.patch - bsc#1061080 - VUL-0: xen: hypervisor stack leak in x86 I/O intercept code (XSA-239) xsa239.patch - bsc#1061081 - VUL-0: xen: Unlimited recursion in linear pagetable de-typing (XSA-240) xsa240-1.patch xsa240-2.patch - bsc#1061082 - VUL-0: xen: Stale TLB entry due to page type release race (XSA-241) xsa241.patch- bsc#1061075 - VUL-0: xen: pin count / page reference race in grant table code (XSA-236) xsa236.patch - bsc#1061076 - VUL-0: xen: multiple MSI mapping issues on x86 (XSA-237) xsa237-1.patch xsa237-2.patch xsa237-3.patch xsa237-4.patch xsa237-5.patch- bsc#1056278 - VUL-0: xen: Missing NUMA node parameter verification (XSA-231) 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch - bsc#1056280 - VUL-0: xen: Missing check for grant table (XSA-232) 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch - bsc#1056281 - VUL-0: xen: cxenstored: Race in domain cleanup (XSA-233) 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch - bsc#1056282 - VUL-0: xen: insufficient grant unmapping checks for x86 PV guests (XSA-234) 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch - bsc#1055321 - VUL-0: xen: add-to-physmap error paths fail to release lock on ARM (XSA-235) 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch - Upstream patches from Jan (bsc#1027519) 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch - Dropped gcc7-xen.patch- bsc#1057358 - Cannot Boot into SLES12.3 with Xen hypervisor when Secure Boot is Enabled xen.spec- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored update from v6 to v9 to cover more cases for ballooned domUs libxc.sr.superpage.patch- bsc#1026236 - remove suse_vtsc_tolerance= cmdline option for Xen drop the patch because it is not upstream acceptable remove xen.suse_vtsc_tolerance.patch- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored after the save using xl stack libxc.sr.superpage.patch- Unignore gcc-PIE the toolstack disables PIE for firmware builds as needed- Upstream patches from Jan (bsc#1027519) 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch 596f257e-x86-fix-hvmemul_insn_fetch.patch 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch (Replaces xsa227.patch) 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch (Replaces xsa228.patch) 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch (Replaces xsa230.patch) 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch (Replaces xsa226-1.patch) 59958ebf-gnttab-fix-transitive-grant-handling.patch (Replaces xsa226-2.patch) 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch- bsc#1044974 - xen-tools require python-pam xen.spec- Clean up spec file errors and a few warnings. (bsc#1027519) - Removed conditional 'with_systemd' and some old deprecated 'sles_version' checks. xen.spec- Remove use of brctl utiltiy from supportconfig plugin FATE#323639- Use upstream variant of mini-os __udivmoddi4 change gcc7-mini-os.patch- fate#323639 Move bridge-utils to legacy replace-obsolete-network-configuration-commands-in-s.patch- bsc#1052686 - VUL-0: xen: grant_table: possibly premature clearing of GTF_writing / GTF_reading (XSA-230) xsa230.patch- bsc#1035231 - migration of HVM domU does not use superpages on destination dom0 libxc.sr.superpage.patch- bsc#1051787 - VUL-0: CVE-2017-12135: xen: possibly unbounded recursion in grant table code (XSA-226) xsa226-1.patch xsa226-2.patch - bsc#1051788 - VUL-0: CVE-2017-12137: xen: x86: PV privilege escalation via map_grant_ref (XSA-227) xsa227.patch - bsc#1051789 - VUL-0: CVE-2017-12136: xen: grant_table: Race conditions with maptrack free list handling (XSA-228) xsa228.patch- Add a supportconfig plugin xen-supportconfig FATE#323661- bsc#1026236 - add suse_vtsc_tolerance= cmdline option for Xen To avoid emulation of TSC access from a domU after live migration add a global tolerance for the measured host kHz xen.suse_vtsc_tolerance.patch- fate#323662 Drop qemu-dm from xen-tools package The following tarball and patches have been removed qemu-xen-traditional-dir-remote.tar.bz2 VNC-Support-for-ExtendedKeyEvent-client-message.patch 0001-net-move-the-tap-buffer-into-TAPState.patch 0002-net-increase-tap-buffer-size.patch 0003-e1000-fix-access-4-bytes-beyond-buffer-end.patch 0004-e1000-secrc-support.patch 0005-e1000-multi-buffer-packet-support.patch 0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch 0007-e1000-verify-we-have-buffers-upfront.patch 0008-e1000-check-buffer-availability.patch CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch CVE-2015-4037-qemut-smb-config-dir-name.patch CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch blktap.patch cdrom-removable.patch xen-qemu-iscsi-fix.patch qemu-security-etch1.patch xen-disable-qemu-monitor.patch xen-hvm-default-bridge.patch qemu-ifup-set-mtu.patch ioemu-vnc-resize.patch capslock_enable.patch altgr_2.patch log-guest-console.patch bdrv_open2_fix_flags.patch bdrv_open2_flags_2.patch ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch qemu-dm-segfault.patch bdrv_default_rwflag.patch kernel-boot-hvm.patch ioemu-watchdog-support.patch ioemu-watchdog-linkage.patch ioemu-watchdog-ib700-timer.patch ioemu-hvm-pv-support.patch pvdrv_emulation_control.patch ioemu-disable-scsi.patch ioemu-disable-emulated-ide-if-pv.patch xenpaging.qemu.flush-cache.patch ioemu-devicemodel-include.patch - Cleanup spec file and remove unused KMP patches kmp_filelist supported_module.patch xen_pvonhvm.xen_emul_unplug.patch- bsc#1002573 - Optimize LVM functions in block-dmmd block-dmmd- Record initial Xen dmesg in /var/log/xen/xen-boot.log for supportconfig. Keep previous log in /var/log/xen/xen-boot.prev.log- Remove storytelling from description in xen.rpm- Update to Xen 4.9.0 FCS (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update block-dmmd script (bsc#1002573) block-dmmd- Update to Xen 4.9.0-rc8+ (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 gcc7-arm.patch - Drop gcc7-error-xenpmd.patch- Update to Xen 4.9.0-rc8 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop due to incorrect return value CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory leakage via capture buffer CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1031343 - xen fails to build with GCC 7 gcc7-mini-os.patch gcc7-xen.patch- bsc#1031343 - xen fails to build with GCC 7 gcc7-error-xenpmd.patch- Update to Xen 4.9.0-rc5 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 - Drop xen-tools-pkgconfig-xenlight.patch- bsc#1037779 - xen breaks kexec-tools build xen-tools-pkgconfig-xenlight.patch- Update to Xen 4.9.0-rc4 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1036146 - sles12sp2 xen VM dumps core to wrong path xen.spec- Update to Xen 4.9.0-rc3 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 aarch64-maybe-uninitialized.patch- Update to Xen 4.9.0-rc2 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update to Xen 4.9.0-rc1 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 ioemu-devicemodel-include.patch - Dropped patches contained in new tarball xen-4.8.0-testing-src.tar.bz2 0001-xenstore-let-write_node-and-some-callers-return-errn.patch 0002-xenstore-undo-function-rename.patch 0003-xenstore-rework-of-transaction-handling.patch 584806ce-x86emul-correct-PUSHF-POPF.patch 584fc649-fix-determining-when-domain-creation-is-complete.patch 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch 5853ed37-VT-d-correct-dma_msi_set_affinity.patch 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch 5882129d-x86emul-LOCK-check-adjustments.patch 58821300-x86-segment-attribute-handling.patch 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch 58a44771-IOMMU-always-call-teardown-callback.patch 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch glibc-2.25-compatibility-fix.patch xs-09-add_change_node-params.patch xs-10-call-add_change_node.patch xs-11-tdb-record-header.patch xs-12-node-gen-count.patch xs-13-read-directory-part-support.patch xs-14-command-array.patch xs-15-command-return-val.patch xs-16-function-static.patch xs-17-arg-parsing.patch xs-18-default-buffer.patch xs-19-handle-alloc-failures.patch xs-20-tdb-version.patch xs-21-empty-tdb-database.patch xs-22-reopen_log-fix.patch xs-23-XS_DEBUG-rename.patch xs-24-xenstored_control.patch xs-25-control-enhance.patch xs-26-log-control.patch xs-27-memory-report.patch xs-28-remove-talloc-report.patch xs-29-define-off_t.patch xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch- bsc#1022703 - Xen HVM guest with OVMF hangs with unattached CDRom 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch- bsc#1015348 - L3: libvirtd does not start during boot suse-xendomains-service.patch- bsc#1014136 - Partner-L3: kdump can't dump a kernel on SLES12-SP2 with Xen hypervisor. 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch - bsc#1026236 - L3: Paravirtualized vs. fully virtualized migration - latter one much faster 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch - Upstream patch from Jan 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch- bsc#1022555 - L3: Timeout in "execution of /etc/xen/scripts/block add" 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch 0001-xenstore-let-write_node-and-some-callers-return-errn.patch 0002-xenstore-undo-function-rename.patch 0003-xenstore-rework-of-transaction-handling.patch - bsc#1030144 - VUL-0: xen: xenstore denial of service via repeated update (XSA-206) xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch - bsc#1029827 - Forward port xenstored xs-09-add_change_node-params.patch xs-10-call-add_change_node.patch xs-11-tdb-record-header.patch xs-12-node-gen-count.patch xs-13-read-directory-part-support.patch xs-14-command-array.patch xs-15-command-return-val.patch xs-16-function-static.patch xs-17-arg-parsing.patch xs-18-default-buffer.patch xs-19-handle-alloc-failures.patch xs-20-tdb-version.patch xs-21-empty-tdb-database.patch xs-22-reopen_log-fix.patch xs-23-XS_DEBUG-rename.patch xs-24-xenstored_control.patch xs-25-control-enhance.patch xs-26-log-control.patch xs-27-memory-report.patch xs-28-remove-talloc-report.patch xs-29-define-off_t.patch- bsc#1029128 - fix make xen to really produce xen.efi with gcc48- bsc#1028235 - VUL-0: CVE-2017-6505: xen: qemu: usb: an infinite loop issue in ohci_service_ed_list CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch - Upstream patches from Jan (bsc#1027519) 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch 58a44771-IOMMU-always-call-teardown-callback.patch 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch- bsc#1027654 - XEN fails to build against glibc 2.25 glibc-2.25-compatibility-fix.patch libxl.pvscsi.patch- fate#316613: Refresh and enable libxl.pvscsi.patch- bsc#1024834 - VUL-0: CVE-2017-2620: xen: cirrus_bitblt_cputovideo does not check if memory region is safe (XSA-209) CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch- bsc#1023948 - [pvusb][sles12sp3][openqa] Segmentation fault happened when adding usbctrl devices via xl 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch- Upstream patches from Jan (bsc#1027519) 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch 5882129d-x86emul-LOCK-check-adjustments.patch 58821300-x86-segment-attribute-handling.patch 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch- bsc#1023004 - VUL-0: CVE-2017-2615: qemu: display: cirrus: oob access while doing bitblt copy backward mode CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch- fate#322313 and fate#322150 require the acpica package ported to aarch64 which Xen 4.8 needs to build. Temporarily disable aarch64 until these fates are complete. xen.spec- bsc#1021952 - Virutalization/xen: Bug xen-tools missing /usr/bin/domu-xenstore; guests fail to launch tmp_build.patch xen.spec- No systemd presets for 42.3+ and SLE12SP3+ (bsc#1012842)- bsc#1007224 - broken symlinks in /usr/share/doc/packages/xen/misc/ xen.spec- 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch Replaces xsa202.patch (bsc#1014298) - 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch Replaces xsa203.patch (bsc#1014300) - 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch Replaces xsa204.patch (bsc#1016340) - Upstream patches from Jan 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch 5853ed37-VT-d-correct-dma_msi_set_affinity.patch 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch- bsc#1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch- bsc#1016340 - VUL-0: CVE-2016-10013: xen: x86: Mishandling of SYSCALL singlestep during emulation (XSA-204) xsa204.patch- bsc#1012651 - VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation fails to ignore operand size override (XSA-200) 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch- bsc#1014298 - VUL-0: CVE-2016-10024: xen: x86 PV guests may be able to mask interrupts (XSA-202) xsa202.patch - bsc#1014300 - VUL-0: CVE-2016-10025: xen: x86: missing NULL pointer check in VMFUNC emulation (XSA-203) xsa203.patch - Upstream patches from Jan 584806ce-x86emul-correct-PUSHF-POPF.patch 584fc649-fix-determining-when-domain-creation-is-complete.patch 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch- Update to Xen 4.8 FCS xen-4.8.0-testing-src.tar.bz2 - Dropped xen-4.7.1-testing-src.tar.bz2 0001-libxc-Rework-extra-module-initialisation.patch 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch 0004-firmware-makefile-install-BIOS-blob.patch 0005-libxl-Load-guest-BIOS-from-file.patch 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch 0008-hvmloader-Locate-the-BIOS-blob.patch 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch 0011-hvmloader-Load-OVMF-from-modules.patch 0012-hvmloader-Specific-bios_load-function-required.patch 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch 5769106e-x86-generate-assembler-equates-for-synthesized.patch 57a1e603-x86-time-adjust-local-system-time-initialization.patch 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch 57a30261-x86-support-newer-Intel-CPU-models.patch 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch 58343ec2-x86emul-fix-huge-bit-offset-handling.patch 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch 58343f44-x86-svm-fix-injection-of-software-interrupts.patch 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch CVE-2016-9381-xsa197-qemut.patch CVE-2016-9637-xsa199-qemut.patch- bsc#1011652 - VUL-0: xen: qemu ioport array overflow CVE-2016-9637-xsa199-qemut.patch- bsc#1009100 - VUL-0: CVE-2016-9386: XSA-191: xen: x86 null segments not always treated as unusable 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch - bsc#1009103 - VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch to VM86 mode mis-handled 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch - bsc#1009104 - VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base write emulation lacking canonical address checks 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch - bsc#1009105 - VUL-0: CVE-2016-9384: XSA-194: xen: guest 32-bit ELF symbol table load leaking host data 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch - bsc#1009107 - VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit test instruction emulation broken 58343ec2-x86emul-fix-huge-bit-offset-handling.patch - bsc#1009108 - VUL-0: CVE-2016-9377,CVE-2016-9378: XSA-196: xen: x86 software interrupt injection mis-handled 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch 58343f44-x86-svm-fix-injection-of-software-interrupts.patch - bsc#1009109 - VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious about shared ring processing CVE-2016-9381-xsa197-qemut.patch - bsc#1009111 - VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen: delimiter injection vulnerabilities in pygrub 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch - Upstream patches from Jan 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch- Update to Xen Version 4.7.1 xen-4.7.1-testing-src.tar.bz2 - Dropped patches contained in new tarball xen-4.7.0-testing-src.tar.bz2 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch 57973099-have-schedulers-revise-initial-placement.patch 579730e6-remove-buggy-initial-placement-algorithm.patch 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch 57c82be2-x86-32on64-adjust-call-gate-emulation.patch 57c93e52-fix-error-in-libxl_device_usbdev_list.patch 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch 57c96e2c-x86-correct-PT_NOTE-file-position.patch 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch 57e93e1d-x86emul-correct-loading-of-ss.patch 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch 57e93e89-x86-AMD-apply-erratum-665-workaround.patch 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch 57fb6a91-x86-defer-not-present-segment-checks.patch 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch 5800caec-x86emul-fix-pushing-of-selector-registers.patch 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch- bsc#1004981 - Xen RPM doesn't contain debug hypervisor for EFI systems xen.spec- bsc#1000106 - VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190) 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch - bsc#996191 - [XEN][acpi]residency -n 88 -c will cause xen panic on broadwell-ep 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch - Upstream patches from Jan 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch 57e93e1d-x86emul-correct-loading-of-ss.patch 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch 57e93e89-x86-AMD-apply-erratum-665-workaround.patch 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch 57fb6a91-x86-defer-not-present-segment-checks.patch 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch 5800caec-x86emul-fix-pushing-of-selector-registers.patch 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch- bsc#1007941 - Xen tools limit the number of vcpus to 256 when the system has 384 xen-arch-kconfig-nr_cpus.patch- bsc#1007157 - VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite loop while transmit in C+ mode CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch- bsc#1005004 - CVE-2016-8667: xen: dma: rc4030 divide by zero error in set_next_tick CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch - bsc#1005005 - VUL-0: CVE-2016-8669: xen: char: divide by zero error in serial_update_parameters CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch- bsc#1003030 - VUL-0: CVE-2016-7908: xen: net: Infinite loop in mcf_fec_do_tx CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch - bsc#1003032 - VUL-0: CVE-2016-7909: xen: net: pcnet: infinite loop in pcnet_rdra_addr CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch- bsc#995785 - VUL-0: CVE-2016-7092: xen: x86: Disallow L3 recursive pagetable for 32-bit PV guests (XSA-185) 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch - bsc#995789 - VUL-0: CVE-2016-7093: xen: x86: Mishandling of instruction pointer truncation during emulation (XSA-186) 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch - bsc#995792 - VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of sh_ctxt->seg_reg[] (XSA-187) 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch - bsc#991934 - xen hypervisor crash in csched_acct 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch - Upstream patches from Jan 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch 57c82be2-x86-32on64-adjust-call-gate-emulation.patch 57c96e2c-x86-correct-PT_NOTE-file-position.patch 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch- bsc#979002 - add 60-persistent-xvd.rules and helper script also to initrd, add the relevant dracut helper- bnc#953518 - unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol- bsc#989679 - [pvusb feature] USB device not found when 'virsh detach-device guest usb.xml' 57c93e52-fix-error-in-libxl_device_usbdev_list.patch- bsc#992224 - [HPS Bug] During boot of Xen Hypervisor, Failed to get contiguous memory for DMA from Xen 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch - bsc#978755 - xen uefi systems fail to boot - bsc#983697 - SLES12 SP2 Xen UEFI mode cannot boot 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch - Upstream patch from Jan 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch- spec: to stay compatible with the in-tree qemu-xen binary, use /usr/bin/qemu-system-i386 instead of /usr/bin/qemu-system-x86_64 bsc#986164- bsc#970135 - new virtualization project clock test randomly fails on Xen 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch 5769106e-x86-generate-assembler-equates-for-synthesized.patch 57a1e603-x86-time-adjust-local-system-time-initialization.patch 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch - bsc#991934 - xen hypervisor crash in csched_acct 57973099-have-schedulers-revise-initial-placement.patch 579730e6-remove-buggy-initial-placement-algorithm.patch - bsc#988675 - VUL-0: CVE-2016-6258: xen: x86: Privilege escalation in PV guests (XSA-182) 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch - bsc#988676 - VUL-0: CVE-2016-6259: xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183) 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch - Upstream patches from Jan 57a30261-x86-support-newer-Intel-CPU-models.patch- bsc#985503 - vif-route broken vif-route.patch- bsc#978413 - PV guest upgrade from sles11sp4 to sles12sp2 alpha3 failed on sles11sp4 xen host. pygrub-handle-one-line-menu-entries.patch- bsc#990843 - VUL-1: CVE-2016-6351: xen: qemu: scsi: esp: OOB write access in esp_do_dma CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch- bsc#900418 - Dump cannot be performed on SLES12 XEN 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch - Upstream patches from Jan 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch- fate#319989 - Update to Xen 4.7 FCS xen-4.7.0-testing-src.tar.bz2 - Drop CVE-2014-3672-qemut-xsa180.patch- bsc#954872 - script block-dmmd not working as expected - libxl: error: libxl_dm.c (Additional fixes) block-dmmd- Convert with_stubdom into build_conditional to allow adjusting via prjconf - Convert with_debug into build_conditional to allow adjusting via prjconf- bsc#979002 - add 60-persistent-xvd.rules and helper script to xen-tools-domU to simplify transition to pvops based kernels- Convert with_oxenstored into build_conditional to allow adjusting via prjconf (fate#320836)- bsc#983984 - VUL-0: CVE-2016-5338: xen: qemu: scsi: esp: OOB r/w access while processing ESP_FIFO CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch - bsc#982960 - VUL-0: CVE-2016-5238: xen: qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch- fate#319989 - Update to Xen 4.7 RC5 xen-4.7.0-testing-src.tar.bz2- fate#319989 - Update to Xen 4.7 RC4 xen-4.7.0-testing-src.tar.bz2 - Dropped xen.pkgconfig-4.7.patch xsa164.patch- bsc#981264 - VUL-0: CVE-2014-3672: xen: Unrestricted qemu logging (XSA-180) CVE-2014-3672-qemut-xsa180.patch- bsc#980724 - VUL-0: CVE-2016-4441: Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in get_cmd CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch - bsc#980716 - VUL-0: CVE-2016-4439: xen: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch- fate#319989 - Update to Xen 4.7 RC3 xen-4.7.0-testing-src.tar.bz2 - Dropped libxl-remove-cdrom-cachemode.patch x86-PoD-only-reclaim-if-needed.patch gcc6-warnings-as-errors.patch- bsc#954872 - script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) block-dmmd- fate#319989 - Update to Xen 4.7 RC2 xen-4.7.0-testing-src.tar.bz2- bsc#961600 - L3: poor performance when Xen HVM domU configured with max memory > current memory x86-PoD-only-reclaim-if-needed.patch- Mark SONAMEs and pkgconfig as xen 4.7 xen.pkgconfig-4.7.patch- bsc#977329 - Xen: Cannot boot HVM guests with empty cdrom libxl-remove-cdrom-cachemode.patch- fate#319989 - Update to Xen 4.7 RC1 xen-4.7.0-testing-src.tar.bz2- fate#316614: set migration constraints from cmdline restore libxl.set-migration-constraints-from-cmdline.patch- Remove obsolete patch for xen-kmp magic_ioport_compat.patch- fate#316613: update to v12 libxl.pvscsi.patch- Update to the latest Xen 4.7 pre-release c2994f86 Drop libxl.migrate-legacy-stream-read.patch- bnc#972756 - Can't migrate HVM guest from SLES12SP1 Xen host to SLES12SP2 Alpha 1 host using xl migrate libxl.migrate-legacy-stream-read.patch- Add patches from proposed upstream series to load BIOS's from the toolstack instead of embedding in hvmloader http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html 0001-libxc-Rework-extra-module-initialisation.patch, 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch, 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch, 0004-firmware-makefile-install-BIOS-blob.patch, 0005-libxl-Load-guest-BIOS-from-file.patch, 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch, 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch, 0008-hvmloader-Locate-the-BIOS-blob.patch, 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch, 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch, 0011-hvmloader-Load-OVMF-from-modules.patch, 0012-hvmloader-Specific-bios_load-function-required.patch, 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch, 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch - Enable support for UEFI on x86_64 using the ovmf-x86_64-ms.bin firmware from qemu-ovmf-x86_64. The firmware is preloaded with Microsoft keys to more closely resemble firmware on real hardware FATE#320490- fate#319989: Update to Xen 4.7 (pre-release) xen-4.7.0-testing-src.tar.bz2 - Dropped: xen-4.6.1-testing-src.tar.bz2 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch hotplug-Linux-block-performance-fix.patch set-mtu-from-bridge-for-tap-interface.patch xendomains-libvirtd-conflict.patch xsa154.patch xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xsa170.patch- Use system SeaBIOS instead of building/installing another one FATE#320638 Dropped files: seabios-dir-remote.tar.bz2 xen-c99-fix.patch xen.build-compare.seabios.patch- spec: drop BuildRequires that were only needed for qemu-xen- bsc#969377 - xen does not build with GCC 6 ipxe-use-rpm-opt-flags.patch gcc6-warnings-as-errors.patch- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite loop in ne2000_receive CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch - Drop xsa154-fix.patch- Use system qemu instead of building/installing yet another qemu FATE#320638 - Dropped files qemu-xen-dir-remote.tar.bz2 CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch qemu-xen-enable-spice-support.patch qemu-xen-upstream-qdisk-cache-unsafe.patch tigervnc-long-press.patch xsa162-qemuu.patch- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer dereference in vapic_write() CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch- bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in remote NDIS control message handling CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch- bsc#954872 - L3: script block-dmmd not working as expected - libxl: error: libxl_dm.c block-dmmd - Update libxl to recognize dmmd and npiv prefix in disk spec xen.libxl.dmmd.patch- bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers in ohci module leads to null pointer dereference CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch - bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer dereference in remote NDIS control message handling CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch- Update to Xen Version 4.6.1 xen-4.6.1-testing-src.tar.bz2 - Dropped patches now contained in tarball or unnecessary xen-4.6.0-testing-src.tar.bz2 5604f239-x86-PV-properly-populate-descriptor-tables.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch 56549f24-x86-vPMU-document-as-unsupported.patch 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch xsa155-qemut-qdisk-double-access.patch xsa155-qemut-xenfb.patch xsa155-qemuu-qdisk-double-access.patch xsa155-qemuu-xenfb.patch xsa159.patch xsa160.patch xsa162-qemut.patch xsa165.patch xsa166.patch xsa167.patch xsa168.patch- bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent cachability flags on guest mappings (XSA-154) xsa154.patch - bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may crash guest with non-canonical RIP (XSA-170) xsa170.patch- bsc#965269 - VUL-1: CVE-2015-8619: xen: stack based OOB write in hmp_sendkey routine CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch- bsc#965156 - VUL-0: CVE-2015-6855: xen: ide: divide by zero issue CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch - bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref in sosendto() CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch- bsc#964947 - VUL-0: CVE-2015-5278: xen: Infinite loop in ne2000_receive() function CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch - bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch- bsc#964644 - VUL-0: CVE-2013-4533: xen pxa2xx: buffer overrun on incoming migration CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch - bsc#964925 - VUL-0: CVE-2014-0222: xen: qcow1: validate L2 table size to avoid integer overflows CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch - Dropped CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch- bsc#964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer dereference in ehci_caps_write CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch - bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun on incoming migration CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch- bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch- bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun on invalid state load CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch- bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient resource limiting in VNC websockets decoder CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch - bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on invalid state load CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch - bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient bits_per_pixel from the client sanitization CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch- bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer overun on invalid state CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch - bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer overflow in non-loopback mode CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch- bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch- bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch - bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci use-after-free vulnerability in aio port commands CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch- bsc#959695 - missing docs for xen xen.spec- bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) xsa168.patch - bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage functionality missing sanity checks (XSA-167) xsa167.patch - bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch- bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers leads to a crash via assert(2) call CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch - bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access in ioport r/w functions CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional logging upon guest changing callback method (XSA-169) 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch- Adjust xen-dom0-modules.service to run Before xenstored.service instead of proc-xen.mount to workaround a bug in systemd "design" (bnc#959845)- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155) xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xsa155-qemuu-qdisk-double-access.patch xsa155-qemut-qdisk-double-access.patch xsa155-qemuu-xenfb.patch xsa155-qemut-xenfb.patch - bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch - bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer dereference issue CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch - bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch - bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164) xsa164.patch - bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM initialization (XSA-165) xsa165.patch - bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) xsa166.patch- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch - Upstream patches from Jan 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch 56544a57-VMX-fix-adjust-trap-injection.patch 56546ab2-sched-fix-insert_vcpu-locking.patch- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163) 56549f24-x86-vPMU-document-as-unsupported.patch - bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) xsa159.patch - bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) xsa160.patch - bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) xsa162-qemuu.patch xsa162-qemut.patch - bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch- fate#315712: XEN: Use the PVOPS kernel Turn off building the KMPs now that we are using the pvops kernel xen.spec- Upstream patches from Jan 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch - Dropped 55b0a2db-x86-MSI-track-guest-masking.patch- Use upstream variants of block-iscsi and block-nbd- Remove xenalyze.hg, its part of xen-4.6- Update to Xen Version 4.6.0 xen-4.6.0-testing-src.tar.bz2 mini-os.tar.bz2 blktap2-no-uninit.patch stubdom-have-iovec.patch - Renamed xsa149.patch to CVE-2015-7969-xsa149.patch - Dropped patches now contained in tarball or unnecessary xen-4.5.2-testing-src.tar.bz2 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch 54f4985f-libxl-fix-libvirtd-double-free.patch 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch 551ac326-xentop-add-support-for-qdisk.patch 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 557eb55f-gnttab-per-active-entry-locking.patch 557eb5b6-gnttab-introduce-maptrack-lock.patch 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch 5582bf43-evtchn-simplify-port_is_valid.patch 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch 55b0a218-x86-PCI-CFG-write-intercept.patch 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch 55b0a2ab-x86-MSI-X-enable.patch blktapctrl-close-fifos.patch blktapctrl-default-to-ioemu.patch blktapctrl-disable-debug-printf.patch blktap-no-uninit.patch blktap-pv-cdrom.patch build-tapdisk-ioemu.patch ioemu-bdrv-open-CACHE_WB.patch ioemu-blktap-barriers.patch ioemu-blktap-fv-init.patch ioemu-blktap-image-format.patch ioemu-blktap-zero-size.patch libxl.set-migration-constraints-from-cmdline.patch local_attach_support_for_phy.patch pci-attach-fix.patch qemu-xen-upstream-megasas-buildtime.patch tapdisk-ioemu-logfile.patch tapdisk-ioemu-shutdown-fix.patch udev-rules.patch xen.build-compare.ipxe.patch xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch xen.build-compare.vgabios.patch xen.build-compare.xen_compile_h.patch xl-coredump-file-location.patch- bsc#954405 - VUL-0: CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - VUL-0: CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) CVE-2015-5307-xsa156.patch- Update to Xen 4.5.2 xen-4.5.2-testing-src.tar.bz2 - Drop the following xen-4.5.1-testing-src.tar.bz2 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch 5576f178-kexec-add-more-pages-to-v1-environment.patch 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch 558bfaa0-x86-traps-avoid-using-current-too-early.patch 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch 559bdde5-pull-in-latest-linux-earlycpio.patch 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch 55a77e4f-dmar-device-scope-mem-leak-fix.patch 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch 55e43fd8-x86-NUMA-fix-setup_node.patch 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch CVE-2015-4106-xsa131-9.patch CVE-2015-3259-xsa137.patch CVE-2015-7311-xsa142.patch CVE-2015-7835-xsa148.patch xsa139-qemuu.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch xsa151.patch xsa152.patch xsa153-libxl.patch CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch"- bsc#950704 - CVE-2015-7970 VUL-1: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch- Upstream patches from Jan 5604f239-x86-PV-properly-populate-descriptor-tables.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) xsa153-libxl.patch- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) xsa149.patch - bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) xsa151.patch - bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) xsa152.patch - Dropped 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure temporary file use in /net/slirp.c CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-4037-qemut-smb-config-dir-name.patch - bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table size to avoid integer overflows CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled creation of large page mappings by PV guests (XSA-148) CVE-2015-7835-xsa148.patch- bsc#949138 - Setting vcpu affinity under Xen causes libvirtd abort 54f4985f-libxl-fix-libvirtd-double-free.patch- bsc#949046 - Increase %suse_version in SP1 to 1316 xen.spec - Update README.SUSE detailing dom0 ballooning recommendations- bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’ secondly show errors 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch - Upstream patches from Jan 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch- bsc#941074 - VmError: Device 51728 (vbd) could not be connected. Hotplug scripts not working. hotplug-Linux-block-performance-fix.patch- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) CVE-2015-7311-xsa142.patch- bsc#945165 - Xl pci-attach show error with kernel of SLES 12 sp1 pci-attach-fix.patch- bsc#945164 - Xl destroy show error with kernel of SLES 12 sp1 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch- Upstream patches from Jan 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch 55e43fd8-x86-NUMA-fix-setup_node.patch 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch- bsc#944463 - VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in vnc_client_read() and protocol_client_msg() CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch - bsc#944697 - VUL-1: CVE-2015-6815: qemu: net: e1000: infinite loop issue CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line config handling stack overflow 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch- bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed - bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been observed - bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot has been observed 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 55b0a218-x86-PCI-CFG-write-intercept.patch 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch 55b0a2ab-x86-MSI-X-enable.patch 55b0a2db-x86-MSI-track-guest-masking.patch - Upstream patches from Jan 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch 55a77e4f-dmar-device-scope-mem-leak-fix.patch 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch - Dropped for upstream version x86-MSI-mask.patch x86-MSI-pv-unmask.patch x86-MSI-X-enable.patch x86-MSI-X-maskall.patch x86-MSI-X-teardown.patch x86-pci_cfg_okay.patch x86-PCI-CFG-write-intercept.patch- bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap memory in rtl8139 device model xsa140-qemuu-1.patch xsa140-qemuu-2.patch xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch - bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen block unplug protocol xsa139-qemuu.patch- bsc#937371 - xen vm's running after reboot xendomains-libvirtd-conflict.patch- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code execution via IDE subsystem CD-ROM CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch- Remove xendomains.service from systemd preset file because it conflicts with libvirt-guests.service (bnc#937371) Its up to the admin to run systemctl enable xendomains.service- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line config handling stack overflow CVE-2015-3259-xsa137.patch - Upstream patches from Jan 558bfaa0-x86-traps-avoid-using-current-too-early.patch 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch 559bdde5-pull-in-latest-linux-earlycpio.patch - Upstream patches from Jan pending review 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 557eb55f-gnttab-per-active-entry-locking.patch 557eb5b6-gnttab-introduce-maptrack-lock.patch 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch 5582bf43-evtchn-simplify-port_is_valid.patch 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch x86-MSI-pv-unmask.patch x86-pci_cfg_okay.patch x86-PCI-CFG-write-intercept.patch x86-MSI-X-maskall.patch x86-MSI-X-teardown.patch x86-MSI-X-enable.patch x86-MSI-mask.patch- Adjust more places to use br0 instead of xenbr0- bnc#936516 - xen fails to build with kernel update(4.1.0 from stable) 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch- Update to Xen Version 4.5.1 FCS (fate#315675) xen-4.5.1-testing-src.tar.bz2 - Dropped patches now contained in tarball 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch 5513b458-allow-reboot-overrides-when-running-under-EFI.patch 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch 5576f178-kexec-add-more-pages-to-v1-environment.patch 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch CVE-2015-3456-xsa133-qemuu.patch CVE-2015-3456-xsa133-qemut.patch qemu-MSI-X-enable-maskall.patch qemu-MSI-X-latch-writes.patch x86-MSI-X-guest-mask.patch- Replace 5124efbe-add-qxl-support.patch with the variant that finally made it upstream, 554cc211-libxl-add-qxl.patch- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable qemu MSI-X pass-through error messages qemu-MSI-X-latch-writes.patch - bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed - bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been observed - bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot has been observed x86-MSI-X-teardown.patch x86-MSI-X-enable.patch x86-MSI-X-guest-mask.patch x86-MSI-X-maskall.patch qemu-MSI-X-enable-maskall.patch - Upstream patches from Jan 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch - Dropped the following patches now contained in the tarball xen-no-array-bounds.patch CVE-2015-4103-xsa128.patch CVE-2015-4104-xsa129.patch CVE-2015-4105-xsa130.patch CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch- Update to Xen 4.5.1 RC2 - bsc#931628 - VUL-0: CVE-2015-4106: XSA-131: xen: Unmediated PCI register access in qemu CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch CVE-2015-4106-xsa131-9.patch - bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable qemu MSI-X pass-through error messages CVE-2015-4105-xsa130.patch - bsc#931626 - VUL-0: CVE-2015-4104: XSA-129: xen: PCI MSI mask bits inadvertently exposed to guests CVE-2015-4104-xsa129.patch - bsc#931625 - VUL-0: CVE-2015-4103: XSA-128: xen: Potential unintended writes to host MSI message data field via qemu CVE-2015-4103-xsa128.patch - Upstream patches from Jan 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch- Add DefaultDependencies=no to xen-dom0-modules.service because it has to run before proc-xen.mount- Update to Xen 4.5.1 RC1- Update blktap-no-uninit.patch to work with gcc-4.5- bsc#927967 - VUL-0: CVE-2015-3340: xen: Information leak through XEN_DOMCTL_gettscinfo (XSA-132) 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch- bnc#929339 - VUL-0: CVE-2015-3456: qemu kvm xen: VENOM qemu floppy driver host code execution CVE-2015-3456-xsa133-qemuu.patch CVE-2015-3456-xsa133-qemut.patch- bsc#928783 - Reboot failure; Request backport of upstream Xen patch to 4.5.0, or update pkgs to 4.5.1 5513b458-allow-reboot-overrides-when-running-under-EFI.patch 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch- bnc#927750 - Avoid errors reported by system-modules-load.service- Add xen-no-array-bounds.patch and blktap-no-uninit.patch to selectively turn errors back to warnings to fix build with GCC 5. - Amend xen.stubdom.newlib.patch to pull in declaration of strcmp to avoid implicit-fortify-decl rpmlint error. - Fix quoting of __SMBIOS_DATE__ in xen.build-compare.smbiosdate.patch.- xentop: Fix memory leak on read failure 551ac326-xentop-add-support-for-qdisk.patch- Dropped xentop-add-support-for-qdisk.patch in favor of upstream version 551ac326-xentop-add-support-for-qdisk.patch- Enable spice support in qemu for x86_64 5124efbe-add-qxl-support.patch qemu-xen-enable-spice-support.patch- Add xen-c99-fix.patch to remove pointless inline specifier on function declarations which break build with a C99 compiler which GCC 5 is by default. (bsc#921994) - Add ipxe-no-error-logical-not-parentheses.patch to supply - Wno-logical-not-parentheses to the ipxe build to fix breakage with GCC 5. (bsc#921994)- bnc#921842 - Xentop doesn't display disk statistics for VMs using qdisks xentop-add-support-for-qdisk.patch- Disable the PIE enablement done for Factory, as the XEN code is not buildable with PIE and it does not make much sense to build the hypervisor code with it.- bnc#918169 - XEN fixes required to work with Kernel 3.19.0 xen.spec- Package xen.changes because its referenced in xen.spec- Update seabios to rel-1.7.5 which is the correct version for Xen 4.5- Update to Xen 4.5.0 FCS- Include systemd presets in 13.2 and older- bnc#897352 - Enable xencommons/xendomains only during fresh install - disable restart on upgrade because the toolstack is not restartable- adjust seabios, vgabios, stubdom and hvmloader build to reduce build-compare noise xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch xen.build-compare.ipxe.patch xen.build-compare.vgabios.patch xen.build-compare.seabios.patch xen.build-compare.man.patch- Update to Xen 4.5.0 RC4- Remove xend specific if-up scripts Recording bridge slaves is a generic task which should be handled by generic network code- Use systemd features from upstream requires updated systemd-presets-branding package- Update to Xen 4.5.0 RC3- Set GIT, WGET and FTP to /bin/false- Use new configure features instead of make variables xen.stubdom.newlib.patch- adjust docs and xen build to reduce build-compare noise xen.build-compare.doc_html.patch xen.build-compare.xen_compile_h.patch- Drop trailing B_CNT from XEN_EXTRAVERSION to reduce build-compare noise- Update to Xen 4.5.0 RC2- Update to Xen 4.5.0 RC1 xen-4.5.0-testing-src.tar.bz2 - Remove all patches now contained in the new tarball xen-4.4.1-testing-src.tar.bz2 5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch 5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch 53299d8f-xenconsole-reset-tty-on-failure.patch 53299d8f-xenconsole-tolerate-tty-errors.patch 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch 537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch 537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch 539ebe62-x86-EFI-improve-boot-time-diagnostics.patch 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch 53d124e7-fix-list_domain_details-check-config-data-length-0.patch 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch 53fcebab-xen-pass-kernel-initrd-to-qemu.patch 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch 540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch 541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch 541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch 541ad3ca-x86-HVM-batch-vCPU-wakeups.patch 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch CVE-2013-4540-qemu.patch qemu-support-xen-hvm-direct-kernel-boot.patch qemu-xen-upstream-blkif-discard.patch change-vnc-passwd.patch libxc-pass-errno-to-callers-of-xc_domain_save.patch libxl.honor-more-top-level-vfb-options.patch libxl.add-option-for-discard-support-to-xl-disk-conf.patch libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch x86-dom-print.patch x86-extra-trap-info.patch tmp_build.patch xl-check-for-libvirt-managed-domain.patch disable-wget-check.patch - Xend/xm is no longer supported and is not part of the upstream code. Remove all xend/xm specific patches, configs, and scripts xen-xmexample.patch bridge-opensuse.patch xmexample.disks xmclone.sh init.xend xend-relocation.sh xend.service xend-relocation-server.fw domUloader.py xmexample.domUloader xmexample.disks bridge-vlan.patch bridge-bonding.patch bridge-record-creation.patch network-nat-open-SuSEfirewall2-FORWARD.patch xend-set-migration-constraints-from-cmdline.patch xen.migrate.tools-xend_move_assert_to_exception_block.patch xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch xend-config.patch xend-max-free-mem.patch xend-hvm-default-pae.patch xend-vif-route-ifup.patch xend-xenapi-console-protocol.patch xend-core-dump-loc.patch xend-xen-api-auth.patch xend-checkpoint-rename.patch xend-xm-save-check-file.patch xend-xm-create-xflag.patch xend-domu-usb-controller.patch xend-devid-or-name.patch xend-migration-domname-fix.patch xend-del_usb_xend_entry.patch xend-xen-domUloader.patch xend-multi-xvdp.patch xend-check_device_status.patch xend-change_home_server.patch xend-minimum-restart-time.patch xend-disable-internal-logrotate.patch xend-config-enable-dump-comment.patch xend-tools-watchdog-support.patch xend-console-port-restore.patch xend-vcpu-affinity-fix.patch xend-migration-bridge-check.patch xend-managed-pci-device.patch xend-hvm-firmware-passthrough.patch xend-cpuinfo-model-name.patch xend-xm-reboot-fix.patch xend-domain-lock.patch xend-domain-lock-sfex.patch xend-32on64-extra-mem.patch xend-hv_extid_compatibility.patch xend-xenpaging.autostart.patch xend-remove-xm-deprecation-warning.patch libxen_permissive.patch tmp-initscript-modprobe.patch init.xendomains xendomains.service xen-watchdog.service xen-updown.sh- bnc#901317 - L3: increase limit domUloader to 32MB domUloader.py- bnc#898772 - SLES 12 RC3 - XEN Host crashes when assigning non-VF device (SR-IOV) to guest 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch - bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch - bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch - Upstream patches from Jan 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch (Replaces xsa107.patch) 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch (Replaces xsa104.patch) 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch (Replaces xsa105.patch) 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch (Replaces xsa106.patch) 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch (Replaces xsa108.patch) 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch (Replaces xsa97.patch) 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGH3AKDM4.13.2_04-lp152.2.18.14.13.2_04-lp152.2.18.1  xenhtmlhypercallarmindex.htmlindex.htmlx86_32index.htmlx86_64index.htmlindex.htmlmanindex.htmlxen-pci-device-reservations.7.htmlxen-pv-channel.7.htmlxen-tscmode.7.htmlxen-vtpm.7.htmlxen-vtpmmgr.7.htmlxenstore-chmod.1.htmlxenstore-ls.1.htmlxenstore-read.1.htmlxenstore-write.1.htmlxenstore.1.htmlxentop.1.htmlxentrace.8.htmlxentrace_format.1.htmlxl-disk-configuration.5.htmlxl-network-configuration.5.htmlxl-numa-placement.7.htmlxl.1.htmlxl.cfg.5.htmlxl.conf.5.htmlxlcpupool.cfg.5.htmlmiscamd-ucode-container.txtarmbig.LITTLE.txtbooting.txtdevice-treeacpi.txtbooting.txtguest.txtindex.htmlpassthrough.txtearly-printk.txtindex.htmlpassthrough.txtsilicon-errata.txtblock-scripts.txtconsole.txtcrashdb.txtdistro_mapping.txtdump-core-format.txtgrant-tables.txtindex.htmlkconfig-language.txtkconfig.txtkexec_and_kdump.txtlibxl_memory.txtprintk-formats.txtqemu-backends.txtstubdom.txtvtd-pi.txtvtd.txtvtpm-platforms.txtxen-error-handling.txtxenmon.txtxenpaging.txtxenstore-ring.txtxenstore.txtxsm-flask.txtmisccrashdb.txtvtpm-platforms.txtxen-command-line.pandocxenpaging.txtxenstore-paths.pandoc/usr/share/doc/packages//usr/share/doc/packages/xen//usr/share/doc/packages/xen/html//usr/share/doc/packages/xen/html/hypercall//usr/share/doc/packages/xen/html/hypercall/arm//usr/share/doc/packages/xen/html/hypercall/x86_32//usr/share/doc/packages/xen/html/hypercall/x86_64//usr/share/doc/packages/xen/html/man//usr/share/doc/packages/xen/html/misc//usr/share/doc/packages/xen/html/misc/arm//usr/share/doc/packages/xen/html/misc/arm/device-tree//usr/share/doc/packages/xen/misc/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:15242/openSUSE_Leap_15.2_Update/2ee2e21ef1b574ba0ff6684b214488b4-xen.openSUSE_Leap_15.2_Updatecpioxz5x86_64-suse-linuxdirectoryHTML document, ASCII textXML 1.0 document, ASCII text, with very long linesXML 1.0 document, ASCII textC source, ASCII textASCII textASCII text, with very long linesAlgol 68 source, ASCII textutf-83a92d40313b9f5d9f3468ebfb0da5fc8f818883000dd5c6127816738f91d6d98?p7zXZ !t/)J] crt:bLL 7ߏ)W}26sˏh}`I4p`#Hu4{JAI8&?3=6 & 'iXv a2|K1E3LL\(Jene$g*C5UP(krȳe ѹzª$a9Q=V8x?ͨdMgsiKS# ~L ,Y>7i.@}zŏ+~&܏El*1!GH_dHBW(5*`h;`<^='z)J8%QO%IR^Ayf^bmq>93KMre_j )kmH~5*}3m4O!ޣdl9M oqJ΅*J%dxF%Ծ;F՗Ĝ][NLᎳMGj۸dZV8mI j_n~S(~M*#XH8Dhކ&)gtt+%l~lp x_C;ɓ_< o 5;Ftn740q1i@ܑ(R LS_;91e=pRS b&+~WM.ٶyYK^ o>qv<.sMɸJ,ʧ_f"G?\?>B(#PkQ뗖 Feȕ{B([z~"ݽDqlZ'WOE@u?R*?Ƥ9s`*&']5FCrT!Ԟw)q%p ԥ/m-V"֛sԎT}PrSO>46eaz8 $s+`ʭUc>a'9Ѱ)pȟI>-?jڎ΃İ$vo h]Ddf"Zķ35 * [$ǞJ?Nn"sPw(J3AB?gᎡ4H墓܍[>ä( Lg-o`-AU:|nYlߟA+DfJ_2`37Yߋun €A& -fry&eI 8#+,dy:a+v]gq !R!6"Rݞ.uk?W?゗-x-9_Z#7]0PE;dp}ͨ]Az)$n~M2馿C$rrT͏]dm&@,˔oM-e'aKݕ<$VC0̢0#ñ+E {!AW&MAyC#ޤ;|m8N& e&Ѻ!&!Ձ~u+p##C" EY4z1]%GX9/g?SXJqrF1Q웫 (Iږp~E}^*m`ء]i''UAsHWm,kCg`}㐟I鄴Ѹr :` Yk,B).' tPp 4ٌ /Žt*o{ELƍ%]\8$hDb RM~qp?v[twW,WaXf(n %$CQA.}[5%cER k8(Xx1u:^vMrcix)X3\a[C$/]'Nk 4X4& ok~B7 G"a^r(A2 >ɮfgFbjmIP|ݬD&sIdm?+ |fBId. EltŹkWIJ ZY`O*Q".ϖxջ7Ċut~!*,5` 7vml}HEI /enYd}DdU@bĿZUSE(AvM U!TyVOjYr&dg(Iu&1 a T$>8xW4M/~> ɀSPɒ{.+R̸JHcP 'mU\31'E7NNm|Jx5hP:|\&@%Âi>gsM>ĸk2*tTπ:*i ^T6 ~ovpzSQ2{=\eCeqC{R07pL N< 0#IICL[PNrYVeėJM׷د{gY}oF 92yw{2?֪b/"=82!m8`&V,/4^za7jT^yc%wu>?׻A;E-a)_)Ɨt OdMjRQ;O9 9YgU0) )p7_p%E@OR bD=>%=/#F.٧b2b 6(ٍ*6cڙ*xLkZPwTKp|&5>&9VʕJ[7JU/ͩH@Gɦ<r4Yg|3JbI+Bfk}7ٱY=yf<;orAR=-{^䖽98w`ZnL;@b+6͐I#\?u5S72G0dT|kMs) z|t՚b ćdx~ysC Z` Sm · n Eү6k/Aeh@p: &tfY8yfbFYɆ,=WD6~j?!B rKs0^ @BL#!VJ1PA'v @_l4FN9A]oqP1oT q%$}^qeۛh8Gȣ{z[|~ʦy]&_{/N&jk- dN=O=QdIw?g՟ϼu4RfKxktΙ+gܺe7]+$C%zʻowpȆbD£^f"lPe 4gj:; (J Sjk:1 +Q{{ηR0琀?cEasP*Tэy!e.Q3إ:(@ץl+ck7#{{qj& Ƣm̞@l/E75[ͷcMb<=Ne*ndDPMO]؀ MPYxKF^LRD͠`pgv~ùwF@Ô4߷i綛5WV41ئV>{RA꠽K H7`h{^)V]-`CSta?#A˄k3E_veR3 Hf=cYU=_6m/~n9&$srp(⡺x>:d݀PF\fٖz9E1S9۲o6J6V6 q9 "R>7"f+ڔȨR8W+v?乀KOʖ!rA4H 5I!>H˿B^)?GTlPPQxR'7E3pKyqxMO\oPI`6d;ʮAC3#j~GF9@ac3=O dD4fl*7邢>PF)^ s?DYm eeiLiC3O"wa F`55vgvDBBRǔ H ueM_r(8Bk 24/DZ~b m`*To_zfTC@6xpQG)f>!^!D<8| nu;NˀUƽE25zmgeK./OsIR3©x75 NGKݤ11Em{>['$ܴBʵό#GjۊŦB`eؘtGl, ڽ椾^o":}4C@B&[bKbQ;HZ A*kw b%fD„WRH̉`!pycEHϥ)(gb13PE5K sex m].^n޵/zZqYb134XЎӸ G?9sO0X#]k=/DV %÷9Px ~JB"@K޾&Ҽrt*{2 #ճ,s{kG{ϹZ:mszox9"p2fA񳦬lvp v#'W[HS&wKbMY@ĹYPԺ'V2ʤUuUG)45KhkO^g?ZvK\7+ 2*o+]+4 ' QD+PyCq.bg/LkBڋ3Po!n=^YiTҙAg)ۅ10dqfFN"pO'%vL_kiPhBvdK!O2&sXEiv*kSyM+StrMeϯbRޓa֓鴣چ;/6 22BBc|!?U19u'PuE,KčK)Gl7Kw^ԟ,qRv'^n'q|SDALnJ@*q=HgpS%_&Cw)jćaVUe k#)., I^My[4 \Te@zl"' Lc}! 5+@ŧ4gF=.V^к|BtkGMCKYŽiԛom+P 3>-KeΝMٺXKR?9ga⃜ɡsLѵ9^tN'>)g^D|b@4K]PhiCӅ&Z]8PYE<1ʠWnv(ӫȿ/о^'oWw/(:efNغA'ۏ E/"pҝ*c;iu4W dߌ?kݥ7,JH4~)_Noq ʐxe_2xbeo =o;ip-"ߑOPޓ.eh 1:a лR!<[AlBkXynφWſ8p/AABk^Dzp-,2]˝ sw~{<,ު=G('u1RmyQCavҮ3;GgL ξ.xpӴ˥frsj$xxBU0J9nu\={\'gyss@ʄ"nxT c;zo3b&vOKaө kP ǖ-qRni`0܎X3jXٹ4k!g2K/1Xg֎_/b?8@A b?(JKxO_ z7xeF~N~# ΞC}gw Q&{ذm.H{b #Nl[ƀ迭5<2EH#EE4gVКPahBL,J4)%G Ik8xYTQ"a#V,J]GLk?8r)SC{bfi>fXnh#`Y1,r7m {ޫ;5ZVzDyT,x c"}мXEYl95 Z.s rŋVaω >bhIi)rÅ`~x$wUSЇ|\ Wݼ{g>[:+9kY+É*/MG ZR71'zb'CS] f(y-T]ea^h3PA:Py|di%4<$X{IQ;3mgbZM_ lr&ۭ\TeJ-ghdCW tJѾyݝΩz_>^f`X$h? $̒v7gQThs jaѻmTyG.Kz?[0@6 _w3<M%KVSK3Mj9TOM7¦w>SUE.7 ӕ Nfūp,v{^ Ӡ8Ȱ@jY)4Р0 wI<)R^VjaURuKif7xjصmmlYK~δpri oF~+TXn|/*d#Xv@"Oޝ碬O1cT(7jZҳ#i2iwqmNԕxײorɖjTחp)tXPb ЌwgzbcW?E}NtvDn&rsTl]xKl|FS4K? 1#}DHQAp._5Yg@ G{8,8xO,J}6>qFjS@> YXS!K끈1_[/?[Raq-]e]9k#T[B%Mv*Ş(႐s`be%aMA| TO\pc0P1fq8pnJʀNB+KT,9N^#X]?ziB[ft`\{vGe>ܹT;2V!je.WI^ ku*wl/-F j< i0 \Fy Zv19JfKrPf'Uω _g_uNgn#]d)qc>X/U%$cPɢr {- ~2oȯ,^l f36c;e FhjFfQ +\\v0 YH@SݮĮ,usPLh Za?Ҹ*hk i*pJ!ĩ}(E\bZd m?pߧeKAh,r£wmVV[N4LΉ0D=}y3 > ER Op4b $H?Y&ˊ xY-M+@2rt;I Z >;KRv!9>P! ;L~ LzhC8)g3Gn,'2V6u9,ڼ.{cаz> w9>7H~F0&F|: 7w,b\?wt-7BfZ'mA{45nRl#C0c>*-&QJ0-P9e.^[}_`Zo}$"*j>s4CG9xYޙs;Љ-dj~a2_NSDΚs:ľpx);$b$D T= /+1:MAUSL:`:qcZd]eK l2nD;-:b^) B u(劣և|^+BcZq(~ 8p*p+T2")Vc N=wF(`wKRjCCHst ͌\2@=;0ꄾƃMI?4C`r[VNlZrJ^%$1 UZ +\d8n2?B.HBgn]&7s%elbKITWwLpeѨrwjյ) `YR&V&K{2< sHZOUF% 6qw5sZt93*@J${7He$_ o ҿJNDX t9YxnѽbiqQM`GKL<= OdI vb~ܜBΐ &L 1oEfڵ# DG?!($6O[Dظ48?H>i.5{gL`Xe 3:K)|'Qsn0oQԜ7OD 8 5DKeK`ہ4뛬- c.@9 MNEa֛WMϱ6 _&T*wYiM`2agVʚEVyUp3RLp|ܢ1rfYiVQ^WZG~(1u mX6b.\/A6NTգ_ڗ8>4C}xclDݑwa `FB26Έ VkÅ\ciCwdD=.Q ,"436SHi͋q5vn a8.:r5 eA`n-!Hah\,ߨĽ+4Xf!Keu*$сݼ݈9F_?3n|ÁGz>R3@$a1b$D!HZ,>ťxe&dmSh&7ޕ P0c>i q h?ooDT+@İ%&XY ^pf'j“УJI L@jھrwAD b3J o !~&Ul [-3/K(BQq\FH>rdu0{LA lA\ɰAӢh\kV愳dH.ɊȖ;!q**'[!Z_As[x&W7nRX-b1{0`EPoVpQuV5Fw4K J'dw6*:AUsTsѿW g@jTzU€k%f2BYuq`F+%R}0Udpsjcެ>y.zi|c,[ۅ|,ê//_kߚrռXK|)ioBM(&=a`,T`q nj] />Jpjv? n%!,ЊM#[ɫ(zpݠ4lF{Y땎0ٸ4m`dz{`$|u!#%=|}HN\S˴l ,_F r1\M Iy=9eb(#`|ȏ 5F1MpC+tN/tW\)y׷@Pßà>Om}F̲ŭaf@A3J,},MU҈|#B\5[c}B rԽY>g}d@{;v0o *25uɟ*{l-]&TV5O?I3s 7?O)ߍCX1r@A$u6P7|GxCfh|SW)D(:1>Jss8?Ix da{s ;wg~=.aΑx d둅ŶU앺24 9e׹ֺ0S )41%QI%Wk _hCz?"\Wb(~7P9{~꼼ulcHL !՜ɍ^p* Bh !1zM!YvBի)}Qj(v:Xg4o 4G{n  PrscJC}9x6I\L&AXuC"b}//{ 2}:Tr_ZpRSBA-.W 6;Ǵ$TE'-7jtz`ui:,L7]To-j#B x(rOTtgΗKu7OW b3]l8PǾy> o GfK'^׻P=~_RNj ɓT9h7Mol'n|<Jig&nsi?Q4k"Ei^#*3;\3OPqUhB.FgKQT iWw^?t>/a9QEc2\$ѫTaݳSv{#ut!;YMPoڿ);czV{$RՃ~5li #'$HՅ|zAjIRG[jZ ^ru:/ZUX 7q&Ƹ#{7A{v4?@6Yb/q~Ag;ѝ\IJ$UJ[nDN:ayl&\]ţBrJqNrsU ~&ZVгƃ-3vP؆<9esa<?gݿ=@ BikM/ DYu#tA%A< ɕyR;QqQNrD͹F?@d\?HcjߡpבVAزe uV2ɷ3/#d-&|ΐ))Z,Dk-;e9le~&=vcI(H_cOrH~wƈ3\7M pS]'WL̽íUB! J q1:8|CYA"R]@,ti[kڊ@JlarSp{fML8I%1++@y g|?-ZWF-&2W ~Qڣ7O ~2]+W3CP ڒ D6VoϱoX^ZF ':l΋5A]n \|1޷5 1%;3xiLDf_E1W\ڊ$ˡ iO';S8Dzdo# eK2L63I@_$0ɩYoϯyn\|֬ Hb4-\R@ъ?*wk<џzoT%>V 0}\%&ΨN<:+_hU|>x}Kj"00_p9=LIqaZQ?BP$WDF>V#زB a0嗆U.޽M>nyi,ZgU7E{VgM2Q8"w:2]Ro`ͥBJi$t)>m7sp?$#3Ϸ^ș%7 f ᒥm(4N+ˍ좝c7"I0%s΂[k!Qy=f&/Ȃѐ,'zGQ;<+19DJЀq% .@ҧ.,)MkH>Ճ#g *,Ue4w7?oڅ:C y$U!ѻ LGWb}M.+Y7XY*G}] )RT}.A6{egZzPg6`mYزCXt[OXn^q cǻbm6}6{挨)-De)Qb <6 ƷU ˀƠ&r`k,AsP/Djo{y9؜dc=oP Ra\#sm5zo'rGEƪd pђ\3Z/`%[xOMpę;{eN311zbþj)=Ռ]d]ӥ5E:\K~+KQOx| J=O,P㒌F]~;Y}%迀8@L5e6& JfT9sn UwxJKvcN7|R G8R;WOwDC2tnj ]xz!Kbha߬ka,5 r|h JFaC<$5w컷0 79!~_44XݛA=n!^8bjO1TЍw儶L偒AWx(!KK*˲ (JW|rgR-AwDtq*ë'0UTP)Xt|PZt}G^.i]i ֎O flzs(jd:@.kcNG$x{%^v>]nK߷f%gWucDol^˃C5L[x"_XR#ioyx*R[ #w^(+1s5chlt`"d z'Fb4XPtٛ.v3h.CƖM e-ȊI>ǍiYf#taEET#io[VyGxz5Ɯ7&uCk vk3 <}KH KЌ|t7 %U/ь{Gbs5|;=*)%Hw~gCbX(NjՆ4Rc"*آĴ Ow id: YVh3X{e$BPΪm^chG}3/lu1T/{8v<2s@\ː>ӗXY#{Nūl(|Ǐԋ4؏KDົfa9S>!`"hd:#F$ZC|$'~aSV;&%Q::^7аgcmi`E k C,K=6u _[~ >[wb=iڟ(%0R3@,{j>?&ہ%2[A8@"ǻ/R9/_h` _lOo"o-vstDj8ETպb dWR!z@i2hԞ#YȺ+jyI u ˒X=E'Wp„^-k vnٞ=[ǿ*gP1B'V$0o6kT*iBaï1pya@qki @HRLlWj*DXPؚTWF]bJnT[S{lR#ٕ@)oI$I3XBIq149%N-3ьcm&GfqvZgԉ~%F"`2uooM ?o תرr9n?snNfPJDL4Zۻ//h{ڴ9LOԥ0~I|Oj]فqrTG<|UbdVrDcI`GS8m{Cpb4\&q8z'i;ݸfKㅐ‡7\/oLDHhbĀt&G,-9Ah?؎W("yڰQߘcLF5)A%UTDgVEk}'Xo"|wRy pqz/±O~T-#e[L!_e@kg0`dyŬ_wDE٪,ڬ5,=M)_2GS-'" R G?ڞF .e'f:-CrABZOL> ?F7P ػ>LB] oȆU=1qߝ6қm >yu-ٯ5, nm>!rtZIk>wL c)>)zӭ 0%̓M" 7bXvS-|ڿB(œLI s?K{ǘc~f3+]B_gkl,@wi]/{fwzftZZ6Qh FhF=,y bT |d aR,lƹaHf=zƮ .Jwh TB 3|zOP'R:SRCVII,$z͍ cE~u:Qo=wٗ[Vޣ: yJ7sh:\J泘n}εǧE?+v%=#،ָp]uGkGlGnE I~5)A(${jΣ1(: 5\%'d ?Pvax/X@pndhg\e\k3v%Rsň|xLG#CO a*zP^AO%>\d\ҫߦ:v]iMX} κMĻz\jl&10wJ=!n3ESioE#N$ߌѨj5v)P%b=R޸٪6q#rr7W|ˬ껀^ Ƅ/o-TXl)8#%@\>O2 әȳ$Ⱥp~C'{ B)>yK.2It XͲBOIp4atdt) @W  *2|T[]XJv 'oئ- }Rj[ojD>w`|L~9h.faO8tUG5THaO$nA~v)Ѵ:x̌V 's'O4a[9#aaG k.0ޗ(tq#VX]jGxxuՃnaG)S@23P=*5>,1N$ zѽ/ta#u[ځؐ6~}]CItn{EoTw/ۛ1t;i.*m (t\SwBXc?SI."JS/]U B ^b&{ ė6E`zcuK[UiFle3=1ǚ6 E}b_PrQw駪sW0<t\JCM%ʜ {':nH=Ŝnh5N!"767,X±ΊϱeX,;\zإ-#| {voO`kfu(Jpw; [OCQ]Od GA_ p8=K|N|X!*6MXF@&*]qs4~QLU9cf 8L'$4h3_$ʯb$^hj s@7 @LW% 5O)f]~{H.-m5).q5b$1BO]8೫2B)9@5?(K&t6fE~l(Zck AˤgNy(UCׇPI8Ҋ=h2(PIQr%_K)¹(;iQK?qFp*MA{P7%`XM@g|ܟ{ٟk k}uy#|ȭ0} n0"N jx15M=u՚VxSf{u) h KyKU؅WAC- NXb= qcRIihpmG(.] jE\d8cHpf )Ț&,7 $â!`2)Fт, 5۷7s0>߁^|w+7Xaɥ:V0; w:\U-3J߆PB2^*$Fj\7H'P}֧[ӭ9 mٜͲZI#W8Kn+#JF<6q?0ej, s(.I{Bޖ0yAIqt8, DXqNk&iq\Va" ui7Ӿ.CEb?|=xꔽ︉ |BMCaW]@?,<+Cns^p XGT6`y>)qԲ{]YS|sRwNOb(xG]]oм>{]WDc3"&"6E3S%(ĄYO,[ѯO#禌;E@v IzZ_O3t/ Pk;)RvV&Xzd7Z[{Շt(({dߓ_~ƢijVJ?9jP­;SUa:dTL(?IaH*Mww4PB x1`$y{Sj?OExƫ7:7;n3B%j%;^rKNãnϓQWVCCfH1`tE%D*N\jBo=lX!Єgrh?؁҂ap|yc2':\ODb3T'4o/Lk01x5/oɹnNo3P=&vMfYVrC J^^v>oCY$_&KgY[V>@ Wv ՜(# lrڳ8&?0k"XD9aי?D\L7Ȏ^C=wLLǴu;y&kE]1[԰=a:4&_}7%(kHfb{dX:5Ć!0TMk~'-1mH/Aw yoA^a{\U5-мÑIoO}HW@)5,8@;Ӕ)R`N\*A#Fo[0GK& G< a6mEy+s%8X-4{ہ΅ aMipҎ4Fx D_Ԭ##$f ub=$g7GLB0YfzYU\)BN,kl(*0;ՙFW7߱LLJ6bʷ>"YB<́mcu=&a(q`}^B>|;* >B=ɳ~0kzB$m2u≦z׍hAa&зt S_6iShUI m~LC ʪqx6, 8:j~E:@K*gԅ9^9>vD1PL>>UcmAG> ۶FJ7WȪ@::*骥?M $UB·h!Ì8<"鼷|D5^MZ Q<4 0|K\,w#椆9F2ڡ+Rj$) o]BV [ WCQZ)SRwV[91–6c 6 $drd(8&\<~LU 刁{ָ)%>>-D1[f"TRjSJ:)RQC~iX d!h*<Yc|H ʨgGƏGz|?WP9S3zYy:{-l{6 FȪ A<#鳟Q݌?oaBk'-h:^q"K$͞/A; * o-}_z ?ODU;?z6D|Ov9%Z(_tM ul,Fu pu˰a: ²7Tl`a-Ϥ&%Wv$0n)1 -6$WlGujZKܟL'}"HF¥gvB>>`jDO!$wVN4t#}nk[n؀Cu-q"=Vr9zjt,>/]} tW:-i>GS) ԋCxkw!6saaJ(7\soJlGa)>$_q$Gh" 812flٷӰqwv%R.dV]Fos9Jo8E*x9s<8! `IFh|b$7w@FFof!zhj2F-9E:x|r1๸ÂJt_q|XRFm")Bq֦ӣ-[ _GVZLF$7 锬Ȋ8 pH70gfϕ>RѰ()|L r=9iB P{L entOdSf4L˦@ь]vܹEX!Y@>(2omG26*᩶[LfB ׽Ja 塩Wvhj*kr" G8~gpyEвUSJ^OY_j"e 7 Sjɚwn"T4n'*OSK T_=Tr=2).(`6")kG: nCpfgv:FP0yĖ8YV›CRD2J}߈p:V&V' 9O d,!֨YU_ˌi\9)ՑܛʼӱHE댦ڳOU q tWC 5VZfu|W3 i\)%e.;)~K 4ifC{e?\SD=|UvhN u!a5>zqw+pLK#lJ?<ܫّ/T^f[ J(UeQ*&/qk?|t5oCVce…M=l> ӷ_#A˭3 ׂ8ȬjЫe]Le9x< Lf۝" sC#hB,&`5ٳpH`1I<>Gy烹J6V.Y8$+s!3C  ffv}\׼$ xiI{ XaJT\}GWˤ-̪vR9rFK*oG!"~`[!9@Wj]|% O⪌'t};V냢l|$Püt^X˜Xpuېc2H.Dj֍;iZ"xɮ;`$\9̥D[{Pܧ sh;jrēIVt>qsj`J_aCopY"3J|cCSsoUW-ιΧ%%{K`ץ7@x]S+' |g} Qwyo@gRek(y~~d#Q[-ݍITC[2uB N]F38WYѝ9x"!9,mqÀ)|"؉BS52*ŝj{x煸MT$ Y? v uDZ7obj۳6?cp4z'^i9`ӅJzRǐ!fIZvXL"->*ЙKBZɈ(4w4)_x`ҝ2oJLp>/1pW zv8:ly(b,NU/vj- Ș X X1FULӝcV#f^궐/qM&;k'v}ҊS5@Ly%ϡe*aI74Udăci 2_4 R"Uؠ1)W&Lhm'EM/M0{)ZsT#tQTY|lo9Oưb7znմjzʬ}ĊΊH? *QǑ/Nǧ`┆C?w @y1 6Uqr#90L7k"7v۲1Ixе)iQ(A֏jPěUVīb DX4@۔ $Eda#^AH\^v 5մ VSY굷H7z/ʏd+J:`SaTW T SŸ&!}Ch˦bfݥ(&DEû%f55 g1_NԺw YOq ;c/p =%mry/.*\ ]63ڡ?̂xQΝ`k!UM-٫fVxHvq=-ysF4"_EP_p2z[O;uEhVW©zݒkq&9SJzHBZ :[5(B1fy{`!@2%J:NhR<ҪWQO%,"-µc| }c_;y7xRĞz74;})m6'{LlY ټnC2-rMUiÀ5 dݹdo9ui 3wa=ac<jX&$<_a4tYVV>%_ĺ4~/ۺ\7Jy[3ëљ ?.C\>HF4˯Eh.-CdF, N bUifpW3Hc;?s>7.|lB<K(b&xA8SF*Z9SFŕY6lcw$} H?'H9w kY^#Q\ǒO^fDH_ovĝ\@% l{oAsF@wVU/S"O[c*<$QDc.s:~HPyMp͖ nj-R h"7іq(J:j[BuGuK/9p3>kUR&[aG8-<ܯlen;e a$?y᪡"zKQfvR{I\Ɔ`{*oy)Sna9Fvȃaz{Tj. iJ۷*&9$Qt.w =.4o1nMBs?Z,Yɠ7X9B&Dmzu左^̂ԛOKv-=QlpᑑA9BPS󠨥K+ܒ7*cvf5`nF{=(|2~j%ZcY8ʳ۷\&nq&d'jScs# LMPo8A}ʚ57oK98)CG-¯xSI3C4w܂Pܓ;T2;;[忐-h.9.VfJ}éH>|aZFF\i0,o. >4MU/J L1@_+j?G"zNfLqT#snϩfɦ_R6iSB+wa*BFZcQAgݧ1ՓQ5[%[A6zy=C)Pf?Y^C<<TGW&M^K6BSL7=~ BR>T8$ņZ =zjAiḆO( nL p%M }:Z[cّl?GŌ0.Z m6B.VV3NT>DpڴH2z쏏He"EbigB+hxoޥ` Yr!n"q8}%,Y Y!4;G Ŕ!v)Z'hvaXSڍD̽֙kcFqi`Mf%֕xS3I.q)վ{Љ~oIKi`!ITJ6kX9Kc2&gIvKV*:P(H_]Eqc[A+F0SА\NTl+z#ps،=a3VpB&AKGVje9jۀ wT=)8L~e4}D':t ]yFZEWx,& hMRfxHr% 4< O4tWciZF*WDy;ͯ*7눇bE]r 좧 ͪ[ &϶$ \!hY.ԑaWz+HFpl]8`=cQkh 7 t.ǟlh,>p<.[/xz`#u@r *!E4C ƩVvs x!Asw+7MPE>whFM=PgBă:l {/ȷuA.)%L_بmnb4V2fm9dAHۤjǶe3 "= f%Oێdt Q<0vEK͖_X!@^VvnsSL'Ѻ9dz8}m4яr>t,} pq>i+;R|ꔆmSǝ!QaLu}RA("H4%ҔYĢx.` gg7T|{R Œ{J]x %j1x!yه/9S Xc8Ytm]:3ܟe2^[ y}ewL V9:: 1SI&iEjKO;ah%/#XY]w~{&eO 9U"a/߳?4 2Fo Pn?-޸I3|[8BՔF0L:IJX>Խ#ĤЃ!c\H&:Є,̶E ۿSyʸATsMIHR@3qMcTP]AdG2KESÃdw~'<-Q&)IVt86Nm`z2ePg]{G|"aC_SX+gMd%}z0]˞.K@Zi(aכP]kUIJb7 \ ipm<< cx׀XS0+o[3 4}N~ۦ[;W+DZ p2vv}it:)%LQM} >c~UrPHkMwr#c=0v?Ce3$'qb e#=in% 6;p& r; {32sL3Da pǯf?V:z{*7!?""~F1Bjˊ4%Ua ad[|x˔ i xW2I憯LA `b٤dasg"c@m"8ER.EE͑ͅ'iQ[,~Bx3MA;AЛ?"3ӌ?L>& 9bo?Cv'9<02j&O+,cHc)p)2SI&(pYFZ*.:2E4{[jZÞ=uЉ%]7j9/ѕw~$dHb01Sς<}jt&y]Xo+O e6 ô6LKoZgG'KrPNd?람 |>?)l%'LH[Omm^& Ovp9hБWP4%ҍK 5K!;׎e&?[^*H"pOUy2ka6m(,XBQC[FoKl9/c/FҺ.ӺL`B/z(Wau[ <U}iqvK>v)K&iTyl-vxr+,MԴtiffX1LؠaD1AH_elTM)t'8XUW^OIZeLaZf^L |쬴S<(@PMFOVFx\fC$q]rZ_?V7s!}|G['x U`vk2P&r#kЉݘXwȿ&I!pМtbf՘=C*:I@.;gќAOmeP;Zí&$rH֎rwP$3-؄ lPUo_"Bid2)~L9bðb+)B@ںt-B!=<;CŒzO䩬FHL=Cb7 1 =0HΖ*^o}6 3?B hXےl4?k0Ad)L5xҒE15)xZ@wJj%8 ; NI-l7oV?%,ۙ{87 {<,f?AWnZqrb?տ8H?vVEP,Ze.][#t W0 W4Ic$Y`N*Q1.b#?u  ZlaqwL%ct=G5#!0uyDa;,x_ڸQ͢yy%<^)boZW`TůS^|u"JA1w4=dL,2Eɱq"Z\?Q.Rbӊ &D(5WOgcF7WZoGY۷"Է@E4g @؃AU]MijAc$POOJEptsoK:SFw7pJL)Vyf(b<ʹ:jvx;:/fz8j:,0!>ΫψT嘝D ,j hL4:S)C"8ggҲTuX>FR3H`osH> ]brf"gU|jC0Woy:Htݸ K{\D.ȗӄ5s;Ox­ĽĿNGbؔ~nd[q+Ǫ&ϑv]_A?a2QdeGV@uY{X_}~7(2cA3V) <$oIMhW~qovyТSU@zaC9m6߻]S1_?r4=g{eA(| X?Q/Mlg%29BJ<Њc;*Tg7~PElȐT6i:[LRέ43U>R3rj@w;=e-2Kˢ#ij;df^e'*䫵[n:'+ל x'/{U\Sw\S+NtT̑(E UC;O%Z2ت,zD!$qnS5WT#i@G3n8 pIF˿| DEQW^WKR4pbЂ+3.~N5|R Ԍ}}D2]YrA/i:㭉Awi }KPkA2s:1FJ Nqg,Ty 8e#b\`ĺF4;>D:@׾td|eif@_S C`- z+.eG g"ȞXv!3vS/w'_8IcFʧń_'8`K*mŲјCBz=U9\oTfHGB!E&P8"\MyOImF+xȪ`'u~CɅ[/x'/MMo@A ӓ.1]? MzQ"\H~ި%ņ$~%y%9*r%1ѧ` 8"x{8 V| vME;{U}(׮_F $Q"óOĕzfPB_ײwbyPߑKPX ͼe^ե#Iиֆ3RC涌USw7՜QV~' Cwmt\p6E=ڰbC9O'G"uHֽ0R22g6UYK8g,tۖ7&3':zȭ?fjq`wyU-;V0*}vk~}Zt̀ ZR+iAq `K&!lM4Ȍ('IEGF>W:_77C,oHS>HŭI Zǧ055Ē^%8qY uzbDpԒK0}5ΝJ^=eN1 *wxnVPwuч4;'Utf ?Ҋ~hD0Y(aMAPHŰ.UQ`s"mLz_ +hauLES׾a.֢ O.ZjH2)sdꑽbS Qi~-12қLY2w[UQ:_ׂݷ,.yyWUnrpsCGvMLUn&T`I<9+=J]cQ j06|6׫rDd)+So+TV-/&Nd 03Śzi?X<-au}аFhy+Nj<1d-*°uϿGN]VzZ1WԎ$D]tB)9 T8"/e=e9N4vo/T{A&'-w= Pm1ܛwbjO063ДRx.zAx024cJMw33ﺤ➪)Ƣ2,%cV18\ty3ɀ{gD \l#D̡X|5QTEJ gy($Brgխ_um 3 㔂,G9Y$msQr0MfWi?f`NSnw >$H^ 9٣YHډR%H ^ ^lLm`_Mp &J"O'2=P>ɓ\Z}%l:eS2'v ~/$=3J PT* z +x; RHųҢnWRz$=xǓ%?e\AmQDKw!\wg! UhT9)0='(mn nkt^>(y]T`&R*ɣM]g㸥J!$B`dSjirlKFq͸NJ|d1=\x#Nd|fF$nY.NTΡJ#psӐxbu}ûP퓛l V`} ƈsdt#=R)]HfP^5=1PYc,Ċ 6R/bRY`ns[  ~J9/v=G̺`8G.$h`l}#R2 r\L[eɍ|0&P,gɴSNS%>bäs= u 5"ڛQo.Ǽ #pK'x*0l,^^BGыd1bPR3yͶ=pͲP~3#BF3aߏ]fk`h5l'g3:DOr (H2~z,[d}d}ɸg>K* ~UŁS0G0u"n9pS Ty^gDO6 )_ISk%M0սޢ0 [A1:G4MP2ȠRdpYe3J;[ujѤ J!!kԶm3F&wtĕ !@02ѓy·d  Ya}aK>i]PÈ6nHZ)VQFB,oy'.Yrv"mD?9Az<"UIm#fpW@o}l2vA!w-'\qlHP05=ԮؘYĵCYV~Q w.-rmYk*,C 8Ԫ7Ei = ҆'"2GT@")])ӻԸp̾;P=h,h0Sʚ[v=0ˊEy2s*ŸlŃe4{ ?0N&9⦂=bZ'|SVL&`%r̍&g?z_:+$h28yi4(փa r 5[|&RuBMr)bd3sk!ޗ0#9'i?r+ο[̳+qKG]jAcV SQo*`6bd˰Y~5Bf|ށ"K*NZ-O/rHeR^{15FT^g u9O:n*mM  s{8&in?El i(eTx=!_Vh|8ʼnR>T[뿽[b=4VAZT\OT3Jp}˿Գ@v؜i-.;6=H;'Dl]u@4lV&[6߁=,{SY^w.4i柍,ƊoXgŃʚ8d{}Ivk"~)7V*6[lfP&PXN& {$wy;.fm0BRk_0oӍD{GIjhE^<w>?8,_R A, I4ǜAa4 mBwwD\[;*^Ò/wDn#&f?lQGjNzR2HLExK U$ixyK< ̬-*a!hؗ5tqY'ZQ9Fj? 3,߈ (6xDiG96ca"mΙdlPhrHS7 4jb,,s$r׎76SNﱯf5A$6N|5Q=(|3S noԿz\d;yٮX-h_@6H?V^rLTpѹAèI0z7U8cLY0oC*y6yH`;@9k?a,;'U7nxz7If.򽷩();y5'~GFT\pud&Bﬞ/1E󰋺3JX^_YI $ep|Vr &3c.Ѓ*eV,x. _"aOtFYv}DO~5Lo6s.j=/T#xLG HO¶ü\9wVO 9F9W uUdž˸命a_, rIjT6?8HHZb'jXгH^1-l.O*^ޫTa~\y6KiCǵQV[k-MZPA@Z+RU(M/0j-NJ4ZEŻ_>\ΏҝbPb-flORfii ʄ;^(i)9#޻q D6e9 V1RRFmz|BSD ؖb44BiT@zeيC Q*zȈq F=Lw}ZF kNn#UM3;d_ /闘=@]~]0Ej~=}@& Uϲʼ`e 6zs ܗ2^4 3N^BqN*x([T_kdl\xI4ͼVdd7@r7µP}G"F)[zHuRw'mnEa\X5M$R3v::# /q#%DopO sYBӛ*09I[lc VW9~8;ܗ+0/;RTZ@aR.Ŷ0s+rxycQR?ALW%5,Q}{c#'eF}%Ip_Jn9v,GN"M2iS~dHav(.yEk ?͋Ax7S!<㪱9ٿ}NcBZu@ ǒG'lSbYލB S+'v~HFfS'-:nGgUm/ Pʵ b(oF]YRHFF^⊑;H(Tܢ=cRX|X E ;WViCjgس3P1dŎ߽DLs*qY h6_"Ҷz .@j V2J)wIeLg3IbT'-+Fʜ!h]%Vԅ9#OMzt -s-ŗ(g]+A%` Q]q蘣QS7oivz .*{Ps:[|ͯM0G+ XrY19M|, E@W)СBJ%i1JQ)}q؆G~@@uNA3Uà8gm\b)TWULRj)7xg%fUĻxr)c!lbATU(% a1"Hݔ/E|["X02zf)z*{U < :eyk E֪ |";^{:oLײiⶴoc+ v/fbB9[qQlAH^w}P}g{ ~<[nkȭŘnsҀ=u{ ){cG^!,4(;"䍮7hXr/?Qb#'q`dWk5q7Rvh#ZŊbWLuYِaVwVyw)C)"R hNTa t/\Ɵ:2_OPկ蛠 GT0,*kA{Qacoߦ a WLnu'^Mt_yA"¡lm;I@6~U;<6PyRUfCOb)Dҋ-9~+l%jh9ıBcRw4hk1G?WW,0oC̦&`X4*GgWk=KV5ۨ3o?pT}hL%G߄ݙ!BD z`n å,_upJ&-6ӜI=%oqK_GF]y)v/{(ynB^hQL> X/!eX fiGxyianqWS~6tL OE@!ߧS-&) CqRoQjƜjK]+mHZsғų];u~ta|,dS8ℜ_j C0)q~ \̈s|#g *h1  `e2r_~O("-&K!ȑ{}Ĩù6…hrһuĺ7ڛα \6cѪy(DpQYK.ڰD،QHxy5[%rD{ :[X^:)nx,؝ j#O΁G1dSfKJQRSoOE*/ dLTV{ָ*ka17 e 6`Q`E:r!nsK3n ho/ <| EQ!'M9oDvQ֙NRX"ى_,f:we4%\0ݔf.^#tL:bY0p)Um6JH[Z% wJE)!\w lx \F3ǛWŠHj0k+ 8K.AdU4c QK\("*`{$Z3.J9KN)!+ 4G =jAV (hמ [=MG տz}M5d󍚞 Z:C!}7 \iySzXs 4 v)m+/bP1fw!7v ʟeÀi%L1hleM< ~*4~-rzvj1^vz+H@ܬ੹@Xmĸ#[e ֊uH'i7$u.fS}9Z%mh)>J.5A*۾e58r AUN8l#-9W{&[M]F<tR|I3ҁejs cB^eڀ~#tըPnzvYDI!BVzl_H wXdLhG"xX%)d/u5o,,?b#'XnC ,Wcfީ昽-UQPaӆRC UUƺg(L͊r>\IPc:? {v/e6t2|˜<J'~l/ S-ak2' bG5 ˑB_hmUK/OJb^W-sLI %(R+(s䈕JFQ8XENzf~o;l&.1/] Gx\4}RidM3z~/,!lq ϕꔹIq@¶u_Zw}5NYL´NI=~J ih<:LnR2egfKE _jK06v:Aq̉ʱ#ps) ac'is/e7YU6ؒ N^uv3ĸӕHy{cjm E]o-wM@5z9yZlme S2pMzJ$m0Zl%lj?[‡ WDqw, Ll t$  +VFFܨiX N酠򽚎qݑBĨDVs{* 6ZJg< m~[J[?x$&R(ɰlߗ9PG`$YK|MCϚpA+ s=؊5VTŤy]m_O#Ϟ:y 𜩦zΎ ]!8O T+|^dst~S?%<85Q-FQ U 3Jb`A>؉)58jXq^j?Nu*(#rIC$#&Ti4@\G+Iu\`(nØ=,I`Ư#T}?xN_T)&m"[gKjJ ¤8SɡH`}!?di6ёrf!G, #]4~9x,فEmRp*u&Gi(|[) 7)SdFdxo^v4D*W삆B5SVO p D'0Wʥ3x$n4Ia*oD$U={ͪ_ 5Li8 r3o쌛̳6`i`]UэˍEˆn+<8jcr*T|-2<8x줥N*@t5H#P(?bVCPQs$)j1}9 ܓ+1wUJzD8LqYƠE3Jn\ǷP7F4zH_**[F>>*ߢ uqV\=t'm>XxX1dq*,*˄k33ȁsbyFOsd3M]^J5E't񜼫=@A8UV#fm[ET1R^L=#W=)d:tR4e(Rd ޻Ó,6S% $v?hg9J=o~$1P^"v ەE,1"#'\9 6ţPB CduDk-$UPa)Z?$ t}5meʡ'=gym_\62QٿW3VN%_b:cp홮5cqX~Ř!ǐ<@H(l/jX \Z>JH7Em}v;4MsZ˒-yVhxa#|$Xw52kirL7yurT 1:vc )9Ԑ)~HkZn7[qJSXSfZ.a|rk9zZ׼u9VԱ ˬFvJraiᲪ~ j]kZQl/fZρ=4/^Nңki"5r]19vm%vokoC-8QN1p̗ѯ?h|;IrTurgp(Y.Uk2P+ ĿyuW2MYWK֮ngHhB[uз_B( `VY0SPLg5nQԹO5YÝ_CD~{X8u3Oh3v46IYC5ԳObkFg#(fِ^͝U^(+6a spxb4wEw&) xHT"O2>^uK"0MN%v `؋/y5G4$)PC=o/$C>|Ņ6\xhZBg G.?!>=KIVY{u]g/`}mec<&/7}sMa3J| cmԐ\ڍ: ᠍x<_,(Y(2#h4H!iGMoIC(Km X6jO]r#C61_|@1!Qe" +._^%rPż(_OO-#d(ud4d  k|;B0_fp|1@7;B]ԬS^(i;"̣Uo#C0 f4fzoGWm#2" ),Dihv];TjUew>y7xH;Q:`re`e_}懲u"ú5Nj&ib-QGl_wHš{̧:sLKY*ҭsQSŞ8/@+2YVq\+=ӡ\O W3k۞^O1yU3E¸lC!ΚjM k p/62VrI8WkI2UM;mixKc,~ D3}̅0vJfX6D.Oq">R(8rߕlȔd-D0$.@ h- [Y58yḰ'3ڜy>[2w'mtm, #nʌDd`|O )O lJVÔ |_e h4jLvB1S>l" ZaM[/Ug|CIn`Eh16^DsX!e~kgW$^SH)q8JoYquXn_<}MdM"49'mN*""(rq(#aLQr.( 5ð!µ:aXA@nj"ˀcA Z<̯U0:&ZWHaW睃ٞt:–Rl!nƒUh8?{% c9s>3zD&*'o e0P;\$EWllWC3lՖV)'y]#PZK}*b3 91.ޜrG CKãY|ILpEM=·";<6?ԠldX~&# }`Fd}1>i|M9A! |f6꜃[fQ}F=3X@gI%Kl_,;rީ+4h{lP5n|"A{*hs"i&.nՆx4Lpu? Ov^h1tT/~!ԝnKw]g%Ck_z3ۗĮKOݗVyy^ҿ}6~pMZ3{.$c)Ӆzew1v] z'ؤ+>>}`64p8dUES]tp,,+l!LCuYUv>6vq~V:n2rp|%ifV1lz)nIA)ڏkl~˫ ҞPu(K-q|7;0jL>L ]lp3sC|w # #+A}&#a?dI܄ 'hV9~~I>|=?W{))|}lf4$NUXnTwak [$!d?Pz2o=͍!girKE "A^l+kyi {`Xtħ4Kɵ:O׉]9`^X2b~PlގqDIbp~#Q( )x!*Ui:(OH\0cgAngZivcnA >ҋKn4 ¿Pk\{tGBx{$I^ qŐʌ \5ܰ)I>\҉7-Ud}T@3` ɏ 0!\\\tQT;=4kC[gJYpqJwPQ nwcCO[༟t4Ijr`(*Q q|Ѕ>1_4ȓ,,eAI嵄憒y !'F k9w `VW-} K `H aL/6}S*^ NOЫ33I}sF;I4#o5BKs5E*Xr,y|hU_w,: uˀy\kTvݫ+jv̈́-l:9j+Tβ,Ml7GCg@|Ӂcbeo^l:#CABaK}RT"s,ygS=K̊NO5  =p ut"F{eglBnyUܒ,)>/c&#%2 cvQߚz8, bFz*.PU?8#?ݰ]γO G}g}*AF0&V (M %؁ $@|]1}hdJ*r7vEc_c~EpTqǫфdT߫B9Aə1? ċf!3Eo '\_P9[T7QJnP=ƭǗ 9#ӥ"c+Z 5|̍Ŕ Wn< K:)¶T]\p$b<2OhʞN AZr;H8:WW2Ck= V BAD^Ɍɩyx"žɲ]qǯNyY6B_yσjsAbB XjW>jma_.pHD:ESDh3@UH]^qʕ< k:5A滈|y9 V׾o\z xS"Lj$6^vx^t$TvJE%M]zDP -!wo!C%% H}4 ;b4 ϰ@gsw_(ek0;n͙ Wᨋ_YOW@RjV(i9)Bm7?f,n@ ?!NV]+bps?GQ+y3nI3$@Z!s[O։~/6ne)bBQKw h&u|MD vxnvRj nV*b~qrřKI 6t9!/!8Tpӕ ?^2b 3Hʆx6!w5p^&U#|I?WBQob:4AhT ~M{HIJɺu0oK4eeU ǧKbwfȵ"97j|w$*U]Տ *AKѝ\$ ıBgH#&wwN0ߞf}RGMT蘚AX,cQmw| 0 6wܠ>t'dhV+d /.Fk]0KBZȰl]KNZ!3c &"Jsr7^:WqSDN˹(YNl4|5ܶ"G @l]NJoP~unk ,4b;\D܌e&{jhU:#w?8]'RˡL-SZFz$:Y˳14/N-?'1,a,]p$Yl[V51;cT۵Ma1%/#_ V1ǵ$bC\2j\hG=AvLg´o#jv@n kgA*xpKeTjua]f|$+]DVKN[8}bF4UWتYIs;15剩\Ӎy)ez~ojKEo[/6lDc4ܩURǑդZk147cމ{LT|% ڽXA5G~fg=[p,!>lrMT ?Z3A_̟ɋ8`<$yಬmC&GYelWRxC-rnٽu0(b#eStEY | tX@oc"~A}y)SOZmHǻS{ ˹A.D( / Γݯ¢x֘}yKUĵ$w::RzW&MCۨ1@>1 D,^U57O糵A˟1Mn˾?fj:Mx- Rќn%i7"o<mXl9> =dVAā彥{󤤠'cTA&)v| n2RR-%ߏ.('o:_+JDl*U=X^F\CUtT3^| L.`#1]G"UY!-%}P˽54-o,>hl Nк2[^$ߪ~#w^E8PU+J⊆1*4UY#4KD j}R^f6|!H~11#LH5 תTIOk.Pjs]+?n@P`eiǏWa 8zpa<`˪<t z|E2PH/S \?Tr80,} {(4=:Q"LSXB9¥TQ3GJ$oE7#(0I! ;u8*D1q@]Ŕ/z+2@צ]ܧd,d}$)k+¬(t;9fNb2_&Rx"x`G9{61S x3Cw%Mwx ل:,DzouHMBfME֦ `17oXh||}/ضqFenXO@qDjܯorP3t`S!NʟbP.q(E|6rKUJ'>2̛ZCMw "iEπ/!o 5Eƀby-t2C` c 2ڔ`M$A H3fs] mWS3Pw?3=~jk(u)QAֵXCR>^2ỚZe2Z/x\Ʈ 6:qx:s;ʦi,vnai̸8.cvn2X514wR^/RТN% IW%*"5gTumxk(2?uhLo6Pc pl6M{n> rU E=pYދ:v!/+.F+0–RDXc{mb.s^+%D?>6G?Xez="I!J lRЀNSα4K,Vf Y$jr.QLȠ1֞2?5x=@F&E'Sf=1`aDoi*6.V;'.^ƿRn)L\*Z36g=Mw4ٔrƗ,X#X;NbGaL!;$yimQ7MKbpCPԆε5lXq\-9mqFFl&R/"Y{HE]6vu2/A2BD(&,I 4s\'Knӄo6vn#j^^3HMu01S"/ 1ځBM\E~F`9ǀ[f x((:;QVnJ^qFf-TFbHd 2XltSgo؎A,ÓQKơfEqHQ v`I$)6KP<Ұ8:gYQUbHΔIDlY)'U{}13W.Xկ p/Da3=;ڝ ^O9XԞz SXQز_GS3" O߇:L%+vvs.<4\*Q0baBڱAll Wh:<>]X+{n݉MQmԴbAˋ|lnSC;'? S0DƯ]C;{&70}2(P*+=XC9t 7c#H%i J{i{xkg}7*~- P>hC$-nR3oCo+[N/# dywtҷW4sK uR.2]@5ڿl5_CT|`!"ߦ,7gK4"I] YNӱ1#A, F(s2r8>Uu= <06 L)feKiʬR'-* +l+.xL7b!'bj=T,vMz ^/F?D)^7%Zp41a{XQA"m,XL4JEa2qWw`t1c`nC]3Ӛ( ډ!ʋhBIؚ2,sbf_Վ,\[2)׼)$76W09X]^0ůS|"aD:ӪӪ#*1ݳ6' 7^}9w8&Yc4P;/'g?$o-F\s< XIg#:W{" 2Wzu<, ґ \My# Xh +Iнw8֒>#۲aەj4ԏ1064~7(qUU5 DKÐR'A 5*[T駄Y\%-;Լ'c$gJ{HBw6/MǏ^m[0!TX ŋr`W mz=7Tߐ v缰;%vYjHą8:T_e/\*f?\ t)(Od;h%zH":>dș[t~ Ƚ &BMK̐9٥_=m3UA&aP" ~3-F8#6xaqwKoC9q=]4x9[^l15t@ea#4"5qvnk{m\W?CF đCP3$hwz`Qڢ*k'{beJ|l*T>FUlj>!hX7<p(A9K ( 8遫!<>ɿCѿIb{ NPt(B" 0Ch5yƇK:AT;DRVMnյT ' *KmX_S%(G,̵3XיUCmG$?T/$A|megU\_WDBîW֡(U*ƛ"oG^z<_Һg5|63_%-Ha$Bu_{HԣvuE!OTaҩII(!e\ 8:H^P/(ԕ/YCLB"rpƖ'j.JPy ،8 B|h즙M{DD&CI7U -'u$[͚$7jLq"i\0AW =KSDޒpQ*%=CRR~﬇ۦ/NVIz4 {͎l}WArӋҗ.| mt+ MnIҚBL@H:DABqR!!"M1Q6 U*.-C$푧ҏ Ի..LCUt_7E)LZBR:Žbƹޒ _I>!8o~99ufL:da\ŨxNB:8s$єWuN(Ƚ<1u8 _{KՏX *d+@ݺx")_wsRVO5#K6Y$!MPQ/4n dѧ|y77CЄyr%üu Н4vh,YwP3(qC0<d4g^Wy NC-D5&)2\^k1e@&bz-i{H; A$>B1nsטb}.ʾ3sPF磊P[qz97L"!9O (pkFb<6$Eo ,)A!':gzՕO3.)z)f_XܘcAǸD2b?%h86:\W\ȩƂV%Hq3eD o^7{tr eRKckmigSD@&z'.`#tlT؝˒`HNz>aJ*9@[֝URZ!tR:ZPԈ眊Q fb#fʁ˱-("{Sv V IN]J,sW%AK\58Fj~JCGhFɷʗFg Q.DXh~'w"P*Q)a-LlZӃ]G'1'կHyނi7` 3!q8K3@!CW9{\3[u%_(v$N(E٫w T`ed?mRq*dݠq . a:ZmGnp8`Y%pY ۙ u@ `rqmP2O "Nq7}hlQh 'REzT$>"Q@ʞ]"hyE"-mH > μW4䴦N+ 3JD9L@mLCYi!ڭ1gw^ *Q:i;CXEP6Y=H EU4Ϻsb~%f`'z@ ZE nйt$zJ̢ ۩#lCR@*d bC˒TFGK"w@J& ے౐diHpCq:Wy eX73k:)d.F!|ݼqer+LCZݪ`uҔQcO]1J1s4O[0wF)z$sangxO`.[7Ӂ5½?k/H[x ,_.-fDWsC!yPo@b#8,2.&mr=~vvL,l1>HM]l0XI(`69SIeI##L(ҡDHFsg>2[}ыlA35_.1-;;e}[ojF hF:{jisҐ{*2NwN;!nEF# X;eYN`" ;Sb. b{%f?V=xnTDMKRպtnIdV 7 4cgn7,|$j^~)N *rNyH4:K٬!j |U{5ǬUS|!4шMX*^%Yp89Ꟍ٭._ }[޼)5-fEӃ?NȜIqu!_eE<Ц&(Szlv,.\|feQ8`i8UOeVs1kvf(:hvw$ی74 0$7ty٥w)1K?Ij>)fBjb jU}Q"D X){Z-mUhZ`]+Wo<)7M[Vѹ8Ʈ6zm\46c{ϲc/ԓ|`6~[;g>> r+v;VF1Y+inC6??dju46 iM.G_oJ lDϫDZk.1 n> |~\~c~}LT/vZ4}h% G3" &sR9_ÈhD/}cp:0B?FVwvH"i{|{R*ph sNŕqg֘Hǔ(D+Z( +oh rl8cVNџ]SluԀ3hńL;a,D~!5͚;]80~i{G_U5ZrB:%S34|ZpPq^jn17{V9f}yH;QWAQ:|`%/_n:a˃j RkS QFm (nh7C&z-UI!~ͧQ)呧ގne3w~*M` RoD[<-Ba$(\yb-II=*4ErÁgrV8Up{ s:bZ59E'ziR[*{0H7]奻m'EjIlɖ́Ƞ+,Ap.#uG$ $ˑs ^h6X,Ckp&D4Ff^)Ř$ywHMkJTC2Ƶ =㥮ҍn(zߠBD;*=_)&Yx*e?iimopMI,av;?~;b)ߠ[߭#t۵#  UNA|ї'@~Iz뗗{'ov]JVvA`1{|Jej/߷3 [k45eq o7 @4JZw衶-tT&;am\DŽD )86{1>oA!%.C۝UvSćJ4yK&xXg3D :["7ԝ:NJX1ca 4q曃TmSJs٣ϔ}gۓG`1X5>C}jX ia[W9L]E#&{J7w?Ǟ'ɛxB'2#A j/2SD!IZ($GRƐeU1Axw|r ĦBĽQ>ou½i:]Pcb`tVՠJ+hYwu ϳy E[+ Duco^ \BA,T147Y :Keɩv$<6O6Kj9Hif_ OA_xZ=5 C//~`wWd5&Ώ f~s eUs܌A&s0RU[r/*HAY6GqK~-3]V0X zu g80VL,sg'\Ge4{W+x/PǧLZp;4q"c?d[ZvOtSpUrvC@} _#,mU?9-jvR[X|"_*79n8d17|`KL15VuCmpi s){^TͰ< wEem  j~˔᭳JO{G&sld MkR!L+v*FzE&XpGM63 ]%ytZCYG胞?#?x^ 8QVJ?G 59]9&n@ +S etz$G87ػkuC{ރyF6T$k@LJ}M֑Vx2d5M 6j f~~6?cOФ5 p7 /1ȏjvp =OTy }2x?@. `-"czҎ* Fno͖^:9=U-[&}x$.̞NDئ5m ݭ=nM9Ct\9ݾV@]|( RzrT( #>|"3aN $ +d;AQ:~pvŴS, vZ']|!K Mc]x=x` 1iwd%3W2H=dt[t'ߚ+¦? j+1S} F< k_w`tsC-bPKWuTǑZtW';~j:ܤ2M{6?,%_GmzR=bO+%n,ɖ;Tfm`2?䫥/FTkS!~$?TCꐅ db^ Tg4W Hʙs,ցSorͮ(+,+(9vVY{ͼ\7njd!Ѥ#K€Cs8RyqiZЮ.nd/uoqxmNK# ͢]iGR #h,E[h W}3'Q]nI40a C ~T 4]r9B BP^*APz#ºpBlrw*B8W@7O'K.J٣ԎqLB]lFM;0V2^oļI#O⫁p#}1u j`jyw^4N]s8*U7KVڃ [7.E84Nf4C8Rn*(O(`:t}_[IPv;!^uN,5'^ 96&y35rԅo5B vꆾ攸wfrY',>s)Δ$n9*L )JNi!߼\K֪2/F|- XWsF=K\-ĿズrOtlč}3x )is e"r>pbδO#n6׎Ja\*MAr?BO S5=|Jᶜ|\`}eO&3-/Eo/2U&0ɴI{=KU["0&֢HTA&{rOlc MzbXKNf|ٟ.FV955_u(9tܯ&Թc>gh0u?OM[* P$Jq!g;{ fiSfQvbƅ^8WL<9. PuHEnmʓr3cP3hLnp0]D7[iR Y]Kd6R8MlagPavD2hT 敓ID@5%/9,p$I;>qѡmqGU4{iy;aheŠn0S$mfgBMFfPG^b1"ͰdiU!8hd-PخK(p7|%?>~͠U:ִ^ṯK-:av#9pSڋޚa;ٍ/&2!j֊Qd`3seZ@?ԏ1L==Ϣ2! mI%3lC WӬ5S3w2int@<3ʞ٩&xzǠ{sp~lj)=bQ Sͭa[h+K>:bG2$ =o'^ɞ;w`{ "q?<Ȑ`"Qdl1'S(|DxNg8F dJ$M0’,nSM8>&g~Yet" .Vxo/b0Ї`Q](Qe5[ Gv59gSy_I :N;O,67J]TZ (p),,񙉢9{*p40he6%g^'WSoP*)#c.J*ƞ֋37+S\#kt!m܁eAYkDj-^4~ U'MW"1[P<,+`6—Mѳȝ~c&Q3gb.Ha c@/RH:E~^̏`DŦaN>!ޖqp[2֢)x@0@xROoM cr$CC@]G>wĮMm4"~/)|HrS΄i^$-wceK4NN<N'#IKw}sk8`Z u{ju#VG҃em)W{FɷŶj)sy19|]jF!S8&iW7&a7ݒb?g*6q$ K}5IcaeM?!i#[>u@`~&E"-;,6]5u%`p뚍_tRb5h#=oK}S'kwii[SчF].Go C~z ꧱DWf!ZE~|yqFKdlwZcnS#gP~[kXR H}pӝ|I6> K$ #>l |Kʔ |围O][C{iaV cLd| ;kJ0DRWM,a$Vs# L.@%v":TT60 |op!Z|L'Hb tOojR=TtN`x9R8ЭupHpo7f=I0 t $:r~a0?ç[V ::f[@P;r;fE-sCWE^>h]Rܦ$_;Z~}lJZ'^nQH=愿ԵŌFJO_ MV. P+Ye@@~̇@|,(~7XW!d!v]0a@ c>1R=53޼A|Ҳ2y2ـ^=|]C.r@leEsrWmzП3,b٘L>&j`;䘍5Q/\wمgyGH۸owna&Wſ14i*BËg=m2+OQvնΧbD# fž;\چ=wclmaW*cuﭵmS&|[kw%g /~_sy9y;mRycNͯ?RYסyݥ4:;W^gw@^\"B9d n-ỻE U@c~e-ъYSKEUXaRe 5Zp୯$mdcaONpTLr`by3R = y B3``I:|:W:I.׍U\:,%7.(>Py1s Cu9S1 KX *r1L)+˧xw Eo?`RԸp",̼Iˋ2=SE76$SDvt [^h㱮B+&ơ#"g%fItxRP@?x@"(5SG#$;h#0ծd;Ate<6%po7G]=~\D +=f.>70JLAO}ќS]^Fl([k*RT}'W/ґUO/gɘDqo/VV03y?:%9A5bm$t G>.0shM>|YraںVđ( ;(1\Idldt|IJ~rMb3GjsA) uk P8PL*X҇AOӶISbǴb3aـ[ -hVv= j@V PDrrs9 .3+[ aH$z.|4 ĞPz SMg&w<ȸ9e7KBa=Fh.^01 skXͺR$F P 0βfĿ(SAkcIj~"LM j΅M:cZBXBpp8IML1\X>TyB te9p$N &{aerR2""MM2 |ya{ 9<sY9Y8~OKH/y>cPv3 [¬_CPBM`.LaboSL&? Ngkֱ=|G߄=Ta 9 j*݃8>dT_):fsJػgF0ZVV'cw/JyEϨPr#'EkPNVecRƾz|6H`^ۻhV,س7Oyc:ߺ Q~fg۫żfaq%nǗߣHE=BjBR ;ZI'#HFUl60>tYZE7EHװ-@lS<6)) woMZCzQ] =/$K=Ệ l[_V_q2M*il7zIr/fq 2sD;WӐ*idD DaP;nFz_XUR Q9>Wp!)XxP\F՗yܶhHq p}{'_UT#f4Epft,qPfյ{`ȗ|xAW&i>K0A퍲ܹ'geHc7 xC*}TLe0jU8ہ/5h +E=p3:|>AaQWSyޅ VTd@"h jEXdbkO6LFgmUDZKyUnI~F>y9A.d^A$`wkg,ZMZy@%qQ$Mh y]>خ 6Ȣ^bO@Ӓ?iC}ccs/+YͱX,)_UARrd&T@h|˗ -z,T3FG~a9|U`-0l~ Zy2WZ»}yq ,fį玦>rMrbN.Hug:75*=5O^m:/[e4İOq H~h?1zF% ye "1\Kd:λB=Sj/7tIi6NW殊9dfDYVig>i:U1?Fwa^k0q7~տ(a@I ~67( gK;e([=@ЬD@F3S0KS6]TQ FLiMg ^3 H>e|`C}pRذ{DuM̕D߇S5yt6w>|jK|w[;=5[arM" Ȼ|qK'{ PkEҘ:[N5Fco`JVu`#bݻPkd!^,UfO8jC$ӻ4DS[ ɂӅ_8oK ًO_nڄ}EG_E׌]-`GFG0BYatיM'?:`#J{ۥAASŲ?ws2  4uftoqE٭͔ GVnK\D2cLD(@UPAt?J$H%tu.ښҏ%[vts= cʢ+-g.?o{*_ PE;\bpSL]XՖ*kLp5@Gn # !i97#r Jo#apfi%c9Te"Bk$0Y!p1y@= -I1-J\2.z+z,]-6T~,*k^te/PY݃vX;=DK U&J^jPx+*^o^eZ63Vtt.E# E<0ٱDytYvDq/Q_>y@$ļ*pr>ǧy@嬺<)˳#ua>v9W&C 1D`m #v "3raBT\"hX`kntu ת[2&H/܍wM=2pgCOkػ KBLwb pn`^Sd#י]l& "b>HS4ݻi0mE^ה_sM9 k#`^2K /j]2rkKG: 2-#'9b񎿀2;smIӅڌUu#:zƩTX3˥" H2 \;5=oGv(xPkI8ۂR7yR #[=C!mS6Ҡg^,(J1y;!'Tס6׃+cbPGh7uZ3X2C@vw$K@s"l5}]au!e/z΀%Xx@U$e+0/LI.wy0_!n&3"*r!=eb//DK}: wrQu ݎrDyq`r'$M AdT:0pFU`bxgz'[vc9ɓdPF${,B9H5P,*$,Zm8kڿz346].sPh@dGa|@s,|iL!aMCc/xV,c NXXV<EQ2a PſR+ 蔇$ rľyP91B^ћ5#Hwaú¢&q4em?U!!SβJhP`xxX*`jo{hv,qE;P`@U bhq}ipSxw.Bp\lٜZEC;5ùQgkc:y7pMBEצTK 70ȓ%FDˋ:` &u7e#J}BCkRMWTmYTMf[3N;jil 4![^JC 'm>[%5/b-[a.4 9R28GQ/.-+"KNNR"$Qut^w2%i&GK'g>drHßtRQ7,Ms4qௐߜ(9 ϬDʨ>8f$ͪvg%咏u[KŹ bEE̓ofkLyѷ ! f! ϣ3F{;0Sk,Y# uW؏q"vI4w `9) kAx.(j b&يO?Bf5GkQŬ "37BT) gAM\mw'f\r=N=͗p]_1}!i)\xjL 6[|#Moa€6aA㰾ii.IP<~v5,W dyD=]E@7u9;+O pi#;6ap4l{AsOmvHCOWai*;Ŵ\ +rQ,yQNOK;WV%\K#|iA l KXvkꙏBGwq ;jD)ETwk@w؉,mu*FQB ~=dՙW6!-b;GXoq\ùy:?@PtwP*$l0wu˰6K?"E4bEӹHȎ7R'(9^S/bqsa^5kbg"tf*4%0TNmG #b]nQb3mMP:,PaZ*LFzN*sLτC.ގn@o6nYB'%Q(crNTK&bvAw_a B [ "JJ/<-_]zhLmfPB#&T.PmAH&(Uj@iM.`>佰xSgƱ"ʤiX+M#-z߱y|Ë UT%x!0qasȿs0;•PkY=z{2(W"€ Kb5E~R5@a&7g w `PQޔbiZ*,ė01ݰY9>ծpGcI:?Z<`\ TxlյG{%0M݆J+f^)6ﻰšMْ0KjV<ǴphZ4v7!%Ꮑpv3tr}^0-M,L7z\l ByƜ]f&L? tG>̷Sa90 loUFIx?/iAJN}IIOa%O&7H$o\:edHYehzu܈]YcB reڼoJGڵ<>|(eE=3Zťd|#8Pxk9aKE=$;ɻ˥ڿ-=v4$faf5/{]Df]Talc [rq;H,?~FcgxvVc3a31c@8٤84Dxj;}`9YP6sAH&,#f30'=v`jp ')='1LݗἏ(D'E<òi;gݑ?& &FQ_t$8H tِ/j\rGQo }ՉpF}ɘx`|ENޥ6<[!bǴBo-\pR)f;]&Dl`v*gtКr4ኘB&g^#}WHפy;(}!kHi"V35ӈ:XC {֭Vwgʮ_0o`u12E YT͘H'9;&Avc*9}S'ln (db/p\peJYa+݉+bz܃Ą\J%NL"s.2p0ɥpupkAD ɚ\8q.#~n̕Z&#tt95bG"KH9셐Q%AwM5ƵQqVEVE|\fr!>̟Ngs{ -\>oW`?? xH'$>d*B*KxDTM꾲zT1 pg#QS0~̼×t`;[1A@ іj*&j &ReՒg *zQOr/(ϏM04 $);$cj:Q?kS+!FZl7s+^jp5y:koHZZхkG󜥔YEET;"? .=!:Wd&+2iia=A sO41QZɇ3DHZWfԱJ6VH9iƷG qdcfx,GGes*rsf?Q\o+!&1˘Y"-iA#㊂SـM 熏-P.vK.>7O#Uy,+7v&n3PX|k[zE!76;#wAg6w߬j+nd6M+\8hA0) A(l$`ii-M[Jݬ PV#1U/mKMWԺ 8dSGd~K%ŷ@ MN7Ԁ}^H1`=7:}$Lh0F`iӶTeC.(piט!~.ƕqǥ}WͿGQ+ kð}nsF2xd|0*YJ%[ W^NInidvmoj~&o|@kSʩTfO›#4<{ʦuQGEAӬ ]yS5. Ћ)dNWТȓ7*)q&W:z ( jLjRݟ*a/ ƹ %$0"sYH]{ =vP_J)tP61ͩ 0sp7=7)NSqUŗ6k=$>ԑ6B^sw+LXYIa!wpStF`Do-T0ӋVviE ,Ԉĕ0f͸ 1=ܓx3 I@7F nm!TWa㌑Ai4uVo苢jK~PΈVPtTzSY\NOH,uyC^4!RI 7!GYAI:M@1"w,H={e$0X@Gb^<2O&s17ArTUhIC$mv&>1S hYs΅k-i[[m D&"?;b L\}Tq}1.9ϭ`rD`3A`fj8]>⪁zHzAK|VhݩDHcy2_>5m$^hs09E\W`b#sr,fٕ;O }Su(g}=傢 s@>m_x6|MZo{NUJDA{UK?Go3;tT6:}e閘 uRhcٴj9"/t@i؍[3i t++(l$*Br9-A9u 'd~B&Y"@l/$72~60ʌ&ebW ]X! FF6}bn=r{xoXMWҨ Vᩩ%N-aэɲ :V ,1 V4*|㋏ϵfDt&m4Y_s()ߏb0CnuJEN}ZhRn׾݊S1=jG(5¢]!|Ưj@͢Ȯא9FZ,>UXT/=R:=mLu1rz(3 319w9,E@b0*GgxXB Py7PΖwܧq88rE4s\Sl 4jj綌ޚdA-a\94x@޽ g)0o{! |+)}D+=,#]м D'B_7R;t쭒 NWfwI흪vm+#a'/¢󰋒ֳzGaix#w8oi͡݌ٱU@Oqw5QRۀLFʎ˅Skk7, tFՔʻvlNfR~+b2`FD4~Ўat| =G>1^jF8[P*BBRɒ3:nYq W귫Ԅ^L8+x-vtRޑ٠?Xh%FwT̯Ŗqy};DenxQ6h~&6"}>];\-'&[y,@6 'BEXs@uE?QG\̦3!0ȏyd~ Fߙ 9/;`xۤ,8jioI) d~4],@fxfأlZn}4@YaNA|H^8<¢LH^hE31* ?W4b^ж[O{y/신|Jx_BXj]ȃ $E?]#ЖR%0c04rGC _6$ݑWNJXCx]4x+?ar5>k"r,I9a |[_Vz dj};H@[ŨX57bBaUa$ӣOQBSB#6fxTT,$p^I2\n3u>! ŴtNlOl nMkÕHA Fg4T5ZZ8JmQ9B]3AGizdrQ j$ږUo14wɓ!'L I;qLR3o\{z VMBᩪ,66kAU?{"&x{dWO{"@QC,gs`k=Yb߀Y!X NLLxqT}Oڨ{ tb0]?RhERr1)mS(Љ3B/EŅ(ytm 4Qkg±wִ6k~{*{%-<7aCWĨzA`i"?ɠ\cnyia_9!bđ$eǦa>9tm>;C2ル-e΂\щ}?Ͷ[ʲsxDV`j]QNudS+ĩX혰sV40x١ m 5$n)Lqt/(1j"^+u]"ǯNm?)2Gы# Ь=>^ʑ4 S8Yxs(Q iSyQ+`;XiT"lB@0_1=EIn T[q\@]z/2~p2&UK\ByڬXHC'D'?⽶7 M.wq_JW/:\}0&is/|sMäe7FhaJ6Ǯ-UAWW{4`BU&ܜ_k!.Mo1z`ۭgґ"s  }5zP#8y,M`Dݢw8XX7y{"yӞR|HGg8~wM_[ c֫&jQ"1GP.MrkrU n'jcT>HXܹW7ގ?N̪خa%IowZq҆sȣr29?=[Et\QLp.Di3KnQX?D{$ax&KR=3ES ~d Ԝ4"ˊGۦ N|킷;Y5[1,WIF'3tp%ÇnfxOfFrNCC}͐ksI/SZj( =Ey*]g(&HO.;772OCrA!xp@WuɰZ֞uL;VD$niQcuAS׹SgPg\ڭ,а9ݷBZ')2C-(mya~W_O}a`?A =f9zrIyhؖ]x B|=hM+g[D}$DD7t!bp2blGqy hZg0-zv2F] O L#YR|[|(DW"+zCh|BQE*c*ĉ~<1bwXrsg0b&7dP\vT.- #H f4le5ZnоP% Q8cj8-l9;(߁Rz$d"QsR"ǎ_J7ŇbS( 1<[aI@葙闻o>&{e*> OoSFGcCrږxԊ܂_GMPew^ 27-[|(>2S2FI g?>I+> R]0ɏEg4M`Pmjf]uns(Bw'z/aiCy5PXtba9rR]u~#y$S9tSbNzd!c>(C_h vIoږ nbܸ$`&XOXbTJR2@s2&˸'5_wZ4T93ڂK 7ja ]dp9mE5?J?S#qL:M gUP$T $~g  u] `{p0Cv" !TM+N]_ hvrl%M_< C7Ô/Y\0=^#3)W̫~~͐sW{5aͬ ) NiYMufjNJ[VďyJw?r| ȩh6ez 3l=!1jZw}SH_ctZKzR5|WE^IG g8MXrcS])?6[4 *\\ҕrއy0.+߰mO2b .w@na~iK"BVhcsZ9P䏽TzjTP~FԏC%euVG;1re|6m#TrBs!hVr~ ?_5oa-_1!l(߉{ꐯN0R8 M<;1?yzurv{!3p {ty駔_x{?7.Ij͜_UKpb#{.ya%Fj]QkkY FH1$XuxLGe I 6 sA nN12هoZx:a՜W&]#, bWl8UeٻDqӔ֋ BpIF_z-#Y共gN!iFb(y.{;*f4TPdCʂmOoJQ4?_?;̻ {.zl"Ǔ~89#ρf\B;ʅ=pȗ:9$U/E|H\WAG'`{z EszJ~c ?biS!B/0ZQ ShhhP(QS%w+/4Ѐ BehjKdrGmhv`KvvEiBe-͒ f-p~_/õe&5]t{uSr=PK2p,ZFBk*Tn&'as:m5?GȢ޼$H\_0-3LbMh ;%m($:\7qx3m97f;\X7Ӈ6 LP0m&jk#&LRsހSp^C^D\^ b Pwzkە `0D%dr)*W]Ґ,RDW柚E@Qr-1f7,=m% II?+\Wykf:k!J!6x\kuF'͑ΫKރqg`R;UT77'iS-l iP-kaYC\|xkI+7=֬8Óޏy{HТ >mNcPćmf'MfcB@WۢS 3oKʶfmac|)>.1z5pzh 4q5B85۲ t-Ca1ʻh+c+흔Tt 9)eʎ(g.mur=cʹY"m$Qz w'u_˅>}`\GU- qKXq8]m"ߗ'Զiu4g_X~ JE>r!!,/0 l? |#n)9JQM@jj`X-г'xbZj̑dvc8U}WL@|sjeDt\| %Z[yHk/U=$T G)⼑! B\b_[LO"HO6=lG@!Y3?P› x8ฆw(0T%}Q?ݷABaY]--(TmiqαHϞo &!塱5e6plf ܹ|m fc_˦(.o|AGٝ#zrěH'Ndb3F"]qSZʬQe5slcK"O-V}𢈧?"sOM7hJ2.z-ҖP2}(N,V˒OIL+YIq8bߔN+wW; jJqVᓈNJ?Bjpwq-@X.U E'{LuOi$Dۇ׸^g1Oiռ&Gy;U/kNHЃ.։Bdoji}f=R(vzW%q=4q >nDaAY(VއiB)Yjv ^[6pB#u yqDVL't |o`SwSud?L7=w^tQ\ y]<هYuUcLooBotuFSrd j'B a'R|zډ dCeidȿ"h-l l3[{b+I[3xy:P%7G:-2ê"w҉BxT@6o+Uz^GS7ƾ{g7ճ Bդ. $zrVVQj|xyv+i P;ڕ]@Ze$Uns_/{!`*~G:Jt[߂@λ8սNjϒj˪<麆<~P\}Um8K> K\"a>~w\ Hp?-J sjy]$ Q12; dx H¨qRޏEӚCY #P[=Hƪ8~ΐp|==O(jg[n;$v,# 5Ȁr\' u6'O2c1_2tQTko>9& 0k9!ڥǹM>ox0- T.5*$Z|WG+'_ 5_&8r<9~ygPt\E׎p{ϩM;Ol2՝ש~Y(``s^}_,UWՅdr,[%R6/heA`S"_Bh?]ƻJJ rĘյL.six*pZ,HXz#H~.bD&BgYHLƫRuWK2tI 1M!v/GըěQ}TZ:J̲6mG667H}%s7g^.$ ITf{ K~>^5jNHVzbg~F(u3}ESN)t+IT@ 5o/ʙ ׫fT[c/nehRRI%@;ql%L{ aE$iqn0m$\4o2)9zM  kXH1WJ&ϦӸ8הDI.}Y(eEZ@oV 6\iP d!O^޹mMo^4DZЅ=+x|&NCUЎ &v*'RQ*F[i}Eaݻ p'TOZM 9mV䠼yWcjg2n(SwN 2نO=A61jNFU<<8t])M;IAhs娩QU-6hN3.׆&^qm<$ qY,}#6lהVw.$~ā]Vj0"Q*fCz'7H0u<3SRqĩdJ@ NW M^,ۡN>:p+KpUQ8B>.GAK\јO4h}87Rgg,Apf;`AvW\[AUK OUf"}/ ׇrZ$;M`bdּ^\@~tO0 _EHIٲǪ) s۲(S^ $1!Ǜ2r8u=r?6L?aD\pR5T{;boo߷Q縹}\˘†xb=/6TXLWjoo6L٩ bҎppBLTC.ƺJ^)pMz:0s^Րs1&TEmbG8EM&_Doި%:ٶ ܘ1SgAUsdcV6 ~k@Mwvt N'yFxdtS$)xpMxOrK٢mǍu;1%@gˠWQٲTA' {枯U~K%1U $G^17w‘ O.pNlۘ`>Ԋ'wN#/1ٿk|^(AXv?*I )s7bx0J>rcđ8R+5 q+AN2Kv´ Xa!\ ߒ4?CNwa)Cx"{Сh03 #B Ҿ ȰEvc Z. WX:I!cGPh;u}|kLqsE4z@w)m4 YN7"L?.ݚKyvZd.3l㽅̭\TWw%# w5&]{@v,zxd W \5wŤx? Dxe'x˞ X߶2]zүTm+jt$>0jlBf16!qyhz w^HTN*՜*8$6 ]+0^ZǁsCTDyi9=ژTq1M6 EH?~Qy5~{Uj?(.l 0KoIiKS߮z[Nj"{E&zyal:߭s  6U٬'h(sq-GWV' r\9ṥV\tp^f_=1`7jAt\?Q"F7_ѳrud,^0a=ğma)=0HT04HbG}+ U49k֕ER]qYd/fxb-kGqEoɀ#JwoHc-XyuPIօrFoȝ0a". Mb4PH6yn[v]Έcڹl7:т4AɊ߼/[ŋD"MڪL܋jy"tN(6|T F+/f 6|7Hզ3dZ8,t3V&4iP*l U.oj;to+y8=R2 (!=+:!Dl!o(C}m/PEr ~NV~'@Rd"'Hfw|$o(Y$o|5q)M&g=k|0$*gF#B3(j>vA+uTobw)mX*OnW6ƩA;ߟaޢP  ᱖ buh^AT; X \{Y&yni8NʙuS@@;N M=| -twa䆺 e?m\=n| 'bT .Ma9nlJk';D=dBvQݫ3Ѹ7F =.&1Ȱ76|I6Lt1xm3^f &zIqLhjH!^4s2Gkɣ<0{TlQ i OOu'cՋ}F7\I:wg_ hܤO_?ܳ ,d{M`|D)}MArwodT #<, ',0C$?TDr_>ޞao =D<665;^Fr(G!6r dkv-˚ep4OmQ̧0c%Y ?zR4dC>~pO T%ߩTψWx7~뤇2~ yeGnߡD$5bȾR@L3L;{ ;7]kԨR]π7E0eeV ݪ IFv4^%+%KNIctM-Ȫ>LsN.iL`^eؘhh"QcՑŞ>'BlC0X#zDh'9&xI-bVw(){ I~#t\'!ϮӌC|ͺVYp(=SU`*5S> q,'MN>? 8ҍ2JNjLy4'ТGD_F. fa2OZUK.I!1/mq8V* ϙ˕WJZA: يh_F%ޏiPxwk㢀Zۀ\zWmMGQʏ, ~b8TyjǞ+=}Bx C5xI/v㼵_l@乄L ˤH0ݞO^Ql(U~R~NFA58" ͗#k Z']}%nYA@U;WQAͤ*Aɨn*`5e%.Bom|dW֘c9-TI.jݬ\u-!yO|$}`j ёg\,@Ml(R\̙:J&\%~"fu.9/!S]+і.'$Ȥvc0YF2>A :y-@&{Z~%{e|n-[^CjqY]4=7v=e~0cύU `_eTڷ0Y.G;0 4DD,$.@/QȬ Z\RLKs&pgB2>%(z#g40V4{w\_SLjʷ*|w\kiLK`͌QWR"OJrUvǂBiN "cC>VbW ۵e1}!o=f%X+7!'l9-=;55tK8~ļXk;;{Dm] ڔ\ CAtP(b]w$X q&x Y-tL =5vzw%&5F)`^#U^ƩD_v52<![6>5KB˒A9W) =W.۪0o7Ƶ]ɵ3ő,),~V sdt%Ǧ=&vr$}Q&5nMrO[+T:lF8sA17p]P,fPT;yuڛ@hY&u I2x;/E1< x&~ØuAdwǓ/,:k, 2Z*'ɤMxu$' S`mr+^5F B(NPE_ ?Ϋ_SPX\MNӞ8t )wq{cWwu8%3ձ֍8S/Mw=0H(CQ~=oXOj`eL",@eBR +݄* ozft@^am?^iTe3^ra@nfMjH]8fb[N7PwI/TAV=$5r Snq,RMNy J@*w1ze,&c,Uq8mMJ?e)oj[)piwb>tkMΩ"V00 >16+Ĝؽ->) B _ibR}I)#jj2dBu*) 'eU)uIn*0RO_fekOɑ/q1y*0?B"v l,cmo669K0# d<"{]\PK+No'4~mᵧ*}o@6J C`޿hmjmN +J Txa~JZf"]+B0vmaFs5_ZrQߚ' ֬@sܺKj\?MFh zt:. ! VDW̺WY+=ۜ:D$7 07 {]ºpS.Ÿ&#RN ;P7'*):ty{ou¸ .цc;lP,<3iF-+2 朁~Xq`:A'3U$ʯm3dҀ:.pLQCM~÷]| k^6vBE|hA *2t3 eXdAܔNmI8dr2[$]f( x4 @B5cS4D;u6s*#hEx @ ~lz `:_%p\ۃn }ǷڬuL$: '(aEٖ:|T9g!iQw KoU`48.b,i p)1 U `9/l W%?xkYJ`o%Qo, 6ݍ܏>6q%"UprJ+}˳mٹ4xWDYO;޶ @!.V ~0W!xgڥ| !;rhΏsр9%kf}Q5H 38P F [ Dn+9щW7}{.h1$ &Iq#|e^j er/Gh' ᦨ(=6A}rUti aj#e>3;91vU LNJhd!H7;Bxӆb')#Nzɔl,G^0&6pGڪ8!]q _ko~a;M7FJIx!M>MEWRjSi~8|dW+i#-Jkg.0I:.ǐt ԁnPEV-R:svKaDѩ250uXKPcgYx|+qEKٛK^ #?LHʈ 9N".\J7NGnh*[4h夣K  sV[7&*I!-nx93ttji<sGPPnTNRZnYzAb._YAm#MS}N.U2& t{u&́Ԍ BYU1O7$0`5}DDPhJA7P,$h3N \1ګzNhbPvr@SCs !4u?uP!d/ bdžFa2#Z9Wk_V-,G@D=Z ]ۈ2V(6;rt%}1?I}Og;?o-!tV.qm#P {Sjn)Ϸ2iiҋ7B,=^)Z#QSWvSdx:=vP7IލxտٔOu#S}rxڔ8'o Ͻ"Pxrz-1`z|j)nImj ozxivB>h7: Knik;ew~Օyi(f<اKJXS 5!QK(R^"/a."k&o{:@JlZqDN3B!xc(%/=qPlb<扲Ed#ﳤ6M4 "Hh]z0!50)C]$&LN jGA\%9ڎ7})izwWz7y%1³9=Bb%,mcs1(c^IAф;~%™ g(qUZc ܔhqyIF~Dךl :\fVؙ.hi:ܷ&b-iJsTF~\l7KE8xdnH/;5T~ɭ)tt}Fb^cvb t!cϰc"GSNe" i1IthoS)#Ld-j2$)9͝UnyEA$/(Qx@r NTm/t6zܡ k<7!"űus0Rs^mS6niigp҃ 1/h@⤘SgM b0x _Xjk~W%A}"I"WfUIV?H!wo㯋]wf1"ze,,uT8FR0Ud\Lq+/r:!o1QMF~eۓHcH~cFg`[H!tDY'kQMk$`jTPx}}3)'/4('6P< m.) E?JQM<'4VcHFBM7I3W_?gx<{J/[nAbpK %BP!Fc#zv>sX\:صI*#4guK^/!ۍSdbL m(]WNkb-MOfV6b xqVt޺'WZ3"&[3:݉ϘJܑ%R}#B}IENg $5=0}TY7㡅5 -F:s}?(y[ []dVAVkeP/OW 1F4w C SB0Ds_AiBB![e77KSfSyf`JDttؒıaz*.'%fi_ԯ,į .zH:ᒫjJ7=n,cNl֬1f6:k f7/(Iȡ@5]—uZU_뀆ݧ;EObl1x?=\ҥJDBZ;d]}32|{9צ4eQ* Ʊj,GNq (sxZc+9RH,pȷtY}$/n_I$_}%LI [rǯsJr'CnmF{umY>a H@ OL[dreL>1, T0Rӄg}i =$Z9X.q-:VRT AĘZμOGM.Z?-'q'/oMcq N';`NW[g (+e(PXE:Š"9+bVwedW\œjm;a LmGy_'+B_ BRӊo/m)?OH?/6]xV!\RX@H(lX~]3Y)FU^7K&y6F%1fI,i3F̻%XVr Q~<@"Yޝ!*# qaf;~&AE2#qofqN5 z~Ե㫮ء\/pgp) KZ6̀ST*5ypxzh;h)pbQA2pr$J:kO#Ya -= ٟmA9"aB_g"O&DZ:Wg{rwR~DŬ$:FX~~bLS,5 UYy$9$L$ȝP8tBGXa6n{#LeaF2t rghdT{ݫ q[YX ŸiMO Hd = ÷Ȍ{eN[*1qPk`T伮]m4)뷸`XrHj'D̚HU%o"9-bs-X!{UU/AVnA$6za@o\RwRR/j-;x k{iH$HW-PgHݩбZ,G?Do4EX8:x[ 1I#Э}w剦"f( 3, -Q쪲~4wg>3LDN%ᴺ >`al8P|1Nm} a÷yی<*|,Nq~f(.m+#il昪D<Wzauv`8kɨGuӅ6:ʦwϣAaK 14ěq̌ a>̝iV3|_tG!CoQjYE W"y&GunVCOxȼ׉~r<?n"7dpv%)j Ȭ[ >w[MCq֏ܝ;ߡ|hE;={ tyv=ЎX k&;rdw7mڳԾý 񣹋.ߖqÍyp_{nQz:53{l^8@gjrā~0 ]ME$_8-芙c0^zk̳,`"Q@(YiץDcV6Tӭs%`ŵ^۪ z d6,:ECjy'{Pڈa'Zp ;XۙD0 2[kYU"}tRo=娐@Mrkt{Jz)!HuJ-d;.z:Ze%:$tXM.:o֧qmV%%S! mc1^T,{J$n1z,Ji.vGUTxuK@]3h`IapPp ׼&!~m$3%xqF`hCx~&Զ Sв٩oYUKu( [z6db|RSDhw梦D 'As\ඣcƕK1ѼTY(mb#E"%8\ !$-}&{ɺhλ%<\_ierFaedAW(kgQlfN 18 0G,/kPTfUʢ$Z#p:>˗za;ujꎢM¸agu|*\է[d0X5׀§Xw)>pb<j`e)H+vdCYX&~>Un`QAUw~.fh:|>{A5 5o{CjZau9^cl[oPzߜ.Qغ)&վĝzZkC }.Jc0*.ϢL; SWĬk>6 Qs\n6'~6 |ʉ2,6 !ވrv T(Ob[;I-?{8'˼ly I:YT > esI5.Ǝ;) Nu;#^sӮZ$X#^GY} c迉a\ms$JR|h*L̶&H_[j|^dH7!) r4o+W{ kنn ga<|ٽW^oc!4bڶJ<*C?`yJ+_+ 7qSjn SyJdOxBd_)OI\u-_lR|)>Fmc" \ٮ7ܓ¼& z ( tʑu1#Sǥ*1B$/3v cJ㳇"hJD)Z34՟kAH{IsniGǣ5f9n `PȨΛGną=GAAP/B }=;fs'y!!皐#! ģ& xS&fQӄw<4]jg ,dFӠ/"lW-7yX! ښ%/+~^i^u[LR4@%Þ\+4:u'GbPȜ-&-A y l$i3؜"흙ׂd)AYbQ\AeG]:=ZXqM0 Q\4ML8:z.#~OE.e,dt׭l]¼nBDG*\]S\>^bIij[G8q`/NL] ]ѿ9fxʞe}sxW:U5ȇ Qxt-iXU,2=8Lk)R&<[laI>>eXX<6S)ᕬkk$ӵ~g7Cr7褪+|]]xPMkQcZ0 ew4oeۅ=U"O)_ Cs:mV S '9dZy $#dV [M/XE_u:oREgˍia,6㱱!pej֣0gi3d76j<<!vС43%<$海 ;|r2^'9DPCGf %1-nձhc\9S$:$џnKM7!wu@yPefExaĻWh;Iy];k&ĺ'nθ¿'h_r3j[1~O97A@Gt_h5itEJxc Htm(P2"8@/O)Ry@,ܧ#6fϐ}ѣV͡fa H}$[k B@ x~/p) b3I\X3|@oK"^vhy(J>g/ʩ2|S{wϺ"ׄ⿀Рt')4ig5RHE# :nL 4gZ:˜`c:]w bQaĦ/:,dl Y`wTʣ %nrCڽܲ52"&E݅O/cb55/b~ y⟒Aed6COX(/imsgĂ C t q(i1jϗP_ (@l upH}g5\\Ɩ% 2N.tW@2δǜԋT h1I2@yTv_2NR[؉n~云M7qITcr0b_`^g/0eRU4Uve/"rl=u0@#^蕳HU(&AWE}X;H'V g sTԻE0,+E}-Et $nMamLt0@UDaՐpAO ҕ,h~gj[qX̓yi0Wݗ[5*)N0"_5ܦ[-gGl:3`b3i 4=8o3F 4H(T+ YZkDD}޾_LE\_0y&2`DXÙ]zLFC3VxX>Rt32;BIe@mߨ1x0XL}oQ*ڴ CxuFwr0c@'Ǽ4ם~_%m"V 4I;=Hk`rə@Em̾D6~U&FCz`nmd1jik~"C4 <-W@%08 0f:OپVSد %3M@4W ֒dx;I{d#Nuv^_,ܠ-ˢ KJ45yOXl=gE"tE%,G Ǽԅ{w 2|ut0$ $ 3?CI)@ M.>fzf ADxyÙAHTo5Sue3@5 Ճ#ȠH&*aҁyzԼXlhnx_$'rѸBnHIK̓3T(ǐ nOr XWhw=WJeuW80,ꔜj2E͂YC-=z _@/rEkC 9Kݪ;gr CI9vjiň\f7 Mײ8̹%Ӥ&4O8'-  [{s.,W's 0'$ZeL/e<9"ƛ[2=I_UCopp4Ok>kf%>V \'M;kYpVٍk˒i 6SvМIMy[w3%ϓ"A@6$6&%Athcފa!],}SGזW:#Վ8Yi@MǢ}eiM]<\\l`9>yp kE*"r 8iNu$*tĆԬLtra$I#Phyz3Aحh&h1\FU4sSgyUѨ>|A?ԣ:oʱ qs*E0| &<ؼC<" #}B*uS[X֡g]YGU_/nYG@򶏟oXغ-?"zACqKs 񺙮k0f)<W'GԲ\k.CTSkxͿo{({Tw#)|[@ѽWT+uj87 ~ge"roxe5 =2?Yk ppIR,I4iΥF9\1zsBAv9B4dI@b{%ߨHHVT]N+.\</P씆v K3!/ָ %N.$r]cA+oq%IM^qIgߢ!8ՙMleM}BVa[%{r,lu ˍLFɊEbc-Y(v-sr7OE D獏W@q<'A^{roo_ː_ Wq ϸbuv!Uz(Z#97 Αb; ^k^C7,(hE2:w^J(qgYPPG:1$3]ov.$46J tC-nLJFmfkA=ӝ2S0aAhpk}-wLSF *`ҹ)IG̛Ơg_U./rRN!hwe@8VɦEENLnyOy0*^睋<8J*uIӐ7FkНJ~wZմ90QeQ賨iLkEYg"#|}yj-}}]1@(+9zm:Mop*9y<&J]|›v&>_rDfqZӽ aϝTZ~S }FHXӌH/^wPk 1/}>_x.CHOk@}' V6X`2\+.D[,!C{;ky U{ՋU&ъWK?KwhT5k&`7gVBwU&q櫊 81{X4aTz?SV 6Bhtxص7#qoHҫOaq?~_ġ]f$”l4ƗBs\p,ۋ/vꪓ*JQ>ərVO1`XЋ:*~ї?~A;;E 5<Ft˲Ղwв{IQ~X'8~0z/ɼѫPocg@x|J^ج@a+ }$Gf:ٷ{d6o2T,1=& v|C^8`\>c.({t>h8*[t'妇Z1w78`GLMnP.EgY ; u%|cqq)ERqFQhS)}J"dxg( "3v . XbV HN`ȀK̓65ZY)Mc 4J$!l&P]ac_\AKjC[',ެeqw]?)W $9W`y BRȳZm[Ce E˹o]@J '% Jp6NʓrX32(ا!Jzf%ǻFĕSu3 ˄(uI2)?IV7B@gxN.jt&vq(&Y]S['y+2yↀNm:ao1d<ߐDl,wIuzSZqd^:E!:3T{d'$Ȅ (# :xlWږ&nrġ'Imz{r.n~2sMJHkV&"萻n·b|P/NAN<'%"Y;),$(Ӄ'}Y ?>$1'HI0`[NՁB5 覴VAefj%& -}y( }g$?v-r9t Q>)N^N6T/<бc7vOi!w74Cٴ}j2㶛|PKK?, v<_' ezM=Nk<|c^moCO^DVnr[)?܀9Z@1!#X G}-ecx7fpB7ڷM4%dϐ$7#Tv_("3\(@I ʑɭJ>-'B2],=&/ꏹA 0}uS%]Nb'8 To\?5lc6%*]@. m<`y>r 6$,,)_/͝U]y+@*Hh}٥QX*ov) $K(?te T1 {*laCr+G|&YIAf |ڡ*kQ/`Pek)7Yq̔0ٽt $S9'/wg>Ï=bݻPB[_f=l#8N6xCg%l^ Y;g'kؕܽ-ͥꨣ`QYCUV^kd`g'ݱ8,I5:l$;Ue~ۼlKY6leh)Ľ`jXOɈwx(nd*$4`b{S.Ue#ZEpc^{Zvx2ĸ^nMFX aki(V)&_Im:f& I%ZA,oH=.y',cj3FhV)\I%'/VjV.>XTqׯ -!HP" 5irߢkpHe1L~ \.R͕VV'40%J(}jnMs 8ls*d#-S:)  ]d`Ի sdVEbΜdaP=XxܣĎ*Y$ p w3a'Qao0\m?ܤSMԂ%IjH90W[SRfC 6qBOa5-;M;s %jWj_Ym~q|C K]қ 8>hoNG\&g;FB"i=1c:TQĘWQ <~,l(lxŷ[XcR疖2zU~ojoY҃i-|VG*K~\2շM}E`䈧1KZEVCD Q$M _J2TS_=?O8obXYP7ms*y=i<`!@Xhtpr@Z7^X;/6&`-yRwN-yw3&`վg/ +IybcA 쁿hyFI;0w鑨Um-`tfLfu곒e;Q!nt$X6])ω&:Nk.A9ݬl,>*mdאַƚJp oO#g{ŘЄ΅[;']J56FAv>΂0BE#߈ k_:bj4-[Rtvj{k` IfDm9ti4-A|Yo{4*9wʰgN` >o?2V:*Bc@e8'2m?n:sC$7:ȞC ?(aj^;.1Pd7Wو)f2imw'@$wϲԡሢ}mFOMFfL7?$ Î6JOR|deUë:~@_5~Z>KJA9lS<7Rݛ'oX{ zM*+@<ju1H!Hc2dLe?Ms&c_*/u;;g,GMp3=/ƨ'tic3}I?_/}Rsnf(D!!UfSw*wDjQ w\Fʸ(|q5{Y)DU<{ǼGCcЭ]?Uhjߟm4d>0i[(p%YkiK_h0"fg(\*B:pXd6ddCA~,0Q4ˮ9 !sr-Ks?hܸRB_K\ӡZ<ò5 dB{x6ۻ0|AdYYuӀ-6q)R_G @Ǎ%6uA~EISPI5kO&$dγl@h4`_J3r &Ⱦ'jv;̨ÙNM5rfaVh.v(޲3xJ;7f9VE?hmֽ0Jje 3iV2{ћ70J˰jt2)t"UYVOLTs 7wlURne309#: SSf>>Z@}zVŬָƐJ&"qo+bPռiV;.Ag^01[ztVؿFbl {B9>NҋP'5epE?\s&6qb0 횂,m +Xw$)=,>~լѥr#Wƨ?+NN u%l ^7c""io™Amh]qژj^eQU&pq6>i)Om-5nP= T(7@$6DYǶC'`}`ж KejpɉE2GEt,3򻯼gQp;AǩrIh-G뢎#Sw3v.x4X0`ǥahr#&|RQֵQߧ~,/ k^vST I^,| Ċn Yp`CM~'6 ,0*"<,( r,8㉍g;@5u z]PRCtТsτ=ԏrP4ϖ$ez3RfubTwAUD|eG@>XJ#ME>y2vXr{aiVʍй,{:AAoWz7g:JV '.m@+F?syjudˁN+}¿9x ˁ U_oK29֙D[+Fwd"/M)~iLjpFtJ=t+Q@;» V|.PCY]#$49Q0*S[ ,ڕܢIE۵|[}}Ō|)c^@-j}.&/ƓG!f/Y7H/(A'NVxDK0/}4d2!Y$]9E ^\ !>scOj T춂UcD/1FyBqv! Hqyz[t&νihL$YA-g` HD[ZmQ׋eN?f4CH"SԎ :(ޕZ7ğ0FyLE[`GP7uj^s>k}UKo' tZSmvph:c'{*_N8b$;r m4BA}v W3 Ě^KZ72]t?cJ ޽QFVD.=p(+BC&A1 +Z G{ȟ(q/a7q0z9lqam)D'+A)F€O"Kft$]@@{Rf2.UP |):EQݻaF3ܝoiʭ8{nnCpм"q0MaL_ADE_R3+2MޯlJf &bg;,i_j .9ۣ6n<tlߨ9ђr 1*:Gk:sLЫqȁOU5^f/GDm"jxNzL@ wIFg"ĨZ``IܥrA{e |m)p5Y)2t9ZS7Q& 㱺^j`FONM9Ju . m#%پSt,){GWmTQAP gk:+Ӱd ߝ\x-^ZaӘ?\ogeCyw6x_ *2n9Z<_C]((~kq~~:\D ԎY0l*朗#|ꄝ ÇǠ" ub=6Ttn*sFs *VK]2a [ZWr C~<,\L2BbdcH伇S~|"N~nOV=`5 ,R"%Ԫ]?+)^tdt:êbjL479_+}WK%elʐ&t2dQF/!j? 9HSO=}(_-C^3 VNh;'XDȡtA,fs89;ރTk*~ XK>~Ī*D Y{(as泎f9Ti~П-m1LnoI1|`@#xuWA` *̸$Ir R7+zOXm%9;ue'*V6?OʀAn}ƏjS1םS< q|? \wteNqjvJHycʡ4V_oAPJ#;ɾ"w)I&R늪fuDO8Xxfe@E%#$6]ow h/j1@b/.k!t~gPbs-7I5A*#<&ށ"KCO`%i)~~8g8518;fB2f*V~bjv@7iX';'JϘIXD'L`0T;T~'o$mO{rxɍB<++ˆ@~0i@o=/Kn† 7"BCiyqh5B@q" ;ѷ](X3H.rA>V8Άk $ڙv<Ϣ]ۀ e4x!m[SP>νFJtܠᱫ, 8thLPS E6b(Qr7ƒ:]Ȑ V}b"/5`:PhPgňnۿCEj )c`$WM]PKfk{ ǀ$W]RM6,rܷswT7e`oFGمt;a,"P}_#N{t_orؐ #c&uq@cpb6\=UrM%MPy Z/@FRzzTѝ\oߎfUmr|$|̷~b;T{~\#0h8"ո֌CMp".Ҽư;m-04`ڥ;qZ᪗n 5 ;6?qn&|k!tcEXȻB%c :7CKC?%' ,\Yy4zJ#P1rG[»#S08fMx,r4NZ/ͣ47Z@(hK@qި;3[QE&oB~):9k|3q UQ͊td3bأnP| w#~5([<JVz $qBhc{d MHv6c&bd"X I6>oLP(ҒZ9br qɂћ,cAј3W4yV 8ƆP Q"(΅|޲#J孎~v/_'|2fryA)فYc}YkJrV^'d3Ț~|Є4`YCQ *ѺPB A~C;C 4YbNQ^[CܩS6iR(N).Gi } LkTY~`z1!qSP>'xi"gJƥkqt^d_xk;^h2M qqۤ~.(2ٷ5%=affagWh~u0Yں aY|p$C;|B,fS߇&ReMd]Wh poʛrd4o!}$"?~ ؇-: :@a#EE\짥=GKUCچݭ*3VQ=cZ#Dg-h&B`8n;r3̬$lh,EhqZKVBV8U"Wl9‚cq[.]BS>fm/U[0TYH>a.e %P{sP/|&CHO[D6"|#"7=ӧJq:Nl4v ֙W5iY?nM$ӷdZ\Gzx@vYv@D&x[xA ǟRIdGkޡPEM.qZRsZtUb n"ND =6:kU +לP^ WN)Met[x;%Q{:w֦zga][md޹auad55R2u:w+!*\ޤto.CFP1^_آ5hxn3SP>.\eċ>>a"%ٿLB6@>Yp5QĄZ(k\㕊j`Ȗ5R95.f59Dw:+pA&ilK- ׵4mte/=v}lZ?ʨ䴐2?? a42;NTQɦPt ЗD 1j)/yDo02TbH۫<<}X0^z q_X[?LL;;z ne{gI$cE-#kحJ!ڡ<|7ac# }רwҶ6zFfU3h J)TY"e5AIhkB*^+_^r=zQPę&Ka1LI_Ⱥ}ȡͷg;d&ȱD]k& ,q`x,E!Ђ_gvQt5eN˛Pʯo^Th]/bl{!p` "* gBr/uԐpUƭdY EC9' $TE)ѧ؈bY>~D^uV45 V)P))aյ0 sPVK#7@(pI)cD؅Sf@si/%V3pb[&/;7Gچ7<9CY~KRHg<39mײƺSw13h?f6)v4>(N!~b3޼Xi'`zu@Z 'Wu{_\;|-}w\Fl PF\nͼ*BR:5L"=~KPJ4@h3<*[[e4m,b ,՗k^U9F3#Ug;8֝Jɭ5I,z #e{\Qܻ elӸ`[3ӧ>wڤIdLJm\v{3G}Oh2Qj`⧘RYS{.0:)۫WAFT3hhxhp%s*CneSi *e4Ycv$_V)&dnm*I1>T CrwNH秢v/ @e} #S*q^ȣԸ/dxWx^ )6VRaTZUU[&&ʠ |y0vB?tƸ۶Dbb^" 9[#֟Ń lWG!yoIU_nFB_{kY`R%&s:öq!+,v4Eic&:wGW@vS_sb81ޜ\ã61Jr3-+X7Jn$Kx&aqiEje,Rf#~4]{7skȮ^ts!]]^8MZZO;v:+QnP5 u SUE$ܵl+:~!7 4mzq TVh6iGz&bZ;{.Y*<q0˥T@ 05Mc]ǵZ?.;f$Kc!_):4-6&AriS5Qpii3njc5m #0|_8sAme+Tg}.J({JR~6N0.,^ƣۧF.09Nx)R3ZNw+,9}w->sҭ=wӄa_֠5P}'tZ9=!n͊Ƀcj; o¶. .RL{D`4!cd8 §$l'C9_O\#v0_45پKdSKS[ѻ`脰n|}i7Qú_WLI-$aתK%_YlvN/df%KBA&f{YW Ir1, ;MɋB2T.Tތ[#R=W~ߑnB?,f&K;C:(|MaV"8.] H~q!9dS5RCT/;O0:wj,j^e?T~5\fjVV('$'3/{QC9m<Р޻ޖN4&jD⸧WHAs%Z::EA0x 8Ә ? lHi&h@ J doۅDѲs]\aV+yIK)=>I hDˊǸF=aHSᯡ9q1jr_3t4 ɷvm}Sfc )ef8r? tzu)r.BWX Oxú?.bgOQhHȇyAɣ*V dYc4#~*wAi,|wtݡGrҞP0ǘJ*/?M7_y$媏OsT~?Vƫi٪4Rc| >יGT$j֖-j7(Ta=TD"m [,93 w[ *g&(( LD6LmuG_*'¤S":^Xxsw#7[NRe=&2p gUvyew-jE, "FVx6q#q/VdSӎ%^X8ъs-0¤1H&DQDWmG@ %|\ t%W\RfE˺iMfDX>%G~~Jd)~`X^ݎUoF9A 6}܈dƿk.qB &hG} 58gߓ 2= - HŃW2&F&3oWc֊_ƈP#2cHEvePu"]!tׁ˗g[ krvbG 3bhbfeq}""OCC z8&~ٮoPG* V P?H)8]'C{_ޅϑ+,ev\xZ`3 $htJ9Z<'\i*SqG e/nWZnm=If] ot(y]YW^Vu ) j׺ >7H% =* * Ԇ2@H^RTxMC^ڣΞ'YjP4D[ +ErA~هAKͬr(^ S9oy[!%@M 0jTQb/  FO).jɬbQ ]pGY`i!բM3Ci*g f< wYMi?N켂~~:e`o} el3@e|1w4bvzj>`=&`'T3*["u7KahÖ!f/'YG7ȏBIɰ2E;pa߇De)nm)1A:{I{j|k vqk5Hvz"j,\V&ߥ(7)B][JRSѽOqK/9-d B['0-u%_# GzqAEBtGZ"y7"OZ|# D-ٳ5qgŲݵOoJ /yV'~?fN7q&-%OH D5Kryz-H`a )2nk%YMowcL`7ReQYGA9zVYNXJ1 _EHz\J@hr$l<G$QvtAXy:(,4,b *xK].d/,tYEvno$iKF0!w%F4"jb]x* .! ZK1yPOKneH2X0[(ͼwƪ?נ<(Z|4vg L ! U7$?j18#LvU^4qWW1_G!D}뵄k1y9SdjUkN7vYxl|$F x#A"Ag3/܎B%R#̡ D3.ķ{0LO|F/oeJ3dưE ɫ\0̵aU}X{bcE+[!@Q l+9u6P!Y˻(3N)~9ۀIAO&VCVEVܠu;ʐ/wXy0;Ovo,u(٘ AZWKEYe]|WWW/["Ut=R~ $k#"ߘ3Qcռ JBrcO+^ߗ-UFAWs Mq SҒ&tOӁ sȡ[: b\?Qއx|&Dgn/Gn45t#«3K94 j[;|4#|bX_ P8륓$?yHgL᫩ @G:cPw9Ʉ z2[t:'Z9pg +m7Ѫ x]l[U9;|{LڦZ c?(_TXP2u4K1&>Ӯ!V3JvFk'5=R6t(+<k=ATĉ8?0uRZ ˾󫮌;X` JބƔ}op 6o-C!ŋ rR%Mr=j7%o䅟ֽ"-cm =v dy /{ڽ$T,:R;"]aԔ/8Jfm 0_.ksE _Vj"W66o_Av3 Mh0\̯q\m7Jhǡ;++sM,Xy` sx۽cY^g7~Hv5L4Ұkw p*St\ l^M*s RI*_Df p,{Jξ-_4{}:O\0W ВBG:Nߡ-͘]φns`IW8d9D[:.Y~e+2a;*RV=ѵI=U&,O:,Ow_dcׄ5wqAZ`OieTQtOdK;W \h̹pW 529?;jw`Wp`="%:{ ҳ!aU<h.|wx:C3sB}?kj#Y(m(lq %t6AÓR3+y֕Ϸܔ/AVHʪ"%L[1P2?4?`#~@'y ?d4ċaL0:Jkے|9\A7X[U|۟TռiSz{c傝b/!W?=KUR97xkIv'F->Xs4-Z}XW:cߖ_+e%}v8VhE"!ȩqsƓACh3#VH"*NP+1XX,"_6TSQ bu"]78tqx`9qMqty7*pͥe I分-H8MR\g: N踵>0TawV؀XrgW^v ӳNNG:V}*q0WmvW=a!lKς?7bd<\m9UfcUk5 sk隱F.:0$z~#\/vw} JMI|ј$֮rtX"J~n #7 "R#o n!~_ƓX;ڶ |z*S5%uǭйRm< :yf&h0bֶ=?x;!kqsZ$ݙ}l6ƕ"Kz~ -~ߥ%K,\@CjTM22KyygyHXCu4 ]Ld ?ŵWfE~{+K^-)U8DL6u^|h2돁1,qNjvƣ-N/v9kHPu9V=f)9uO= (yv<~ E"7Ί#}:-q5V2? ^, ٩d󷬛N-%3A"l8ɚzf}Fh ҭ[+أaqi9\aY j)͐V4?tLm@pLwْQ!H#j.|eH58b[̵iHM_*Y ҜLc'&Y<3'wf52:lR8"Xqݹd[+cYrЍ% $ņD3?.yla3-Ŋ0uMsZ,k%g4BڅI~7V{gS8"qw<^Q˻2ч4 ]YZ$??p0o֗j<֝tl)쎑Z'Ω`hj8(в~;Rt:悀_9´ĈeU0͒#9.~YI92*R7_|*ǁ0ϥ=X9H ܯmd,wh6_Du0^򁿇<͞G xF$"5M(h !f;l[w % oHHk7 :e7y+ʒ 7[>E ڧA4*͑«߈/JF3 36]*te@u2~ui^S򦰳8TVn+j?zoqTsBL3w8l>y1ovc&ֺʤ9hX)0a9`=q|2Э7 ^A}y$W~MõHO(siUz]pU+dOu+(*` "ǴiU_n1ԡ_A9Wp@bݏgSLY1vjxe%-7+O}R^?x3TS6mͬp`u#7b#'m7M/| zV":MeY -iF#25rgbWƏӑ$o3r)HAȞݔFmk kב7Q' pS~bˡ]2{DO' ;ʵS+5<6-!7 ?t َUsaL ÝRNK2+{88/ T=_'d| *w:}K=^׽ձWj,(Ӕ#5Rp;RMz%&$(zI4Jip&ŪJϥ۵7'O~vE[ZOu2ښT۳i,|2[tuY WpCYQco]&8℗߭ݟ3a6NWx(K$~_"%1Mn['-qJzg dNٟQ\nU;/ž/ؔ~qz6*P.uO]7%_\d[ƖiΗd s)'ទ;M~L!R4d*O4-L; wUz/ՄO7G`$xV`Up&Ah7@ƜyI7C Iw:;K^i ]@~l̇J5 9t^ma+ )-+f˝ qH , ~ZOs#<0i,p@w)i^F]TK-s-*y˿Xl9PjQV64 ˗Rc slJ $H/WeE2p?EZj(M=%#"b[w!.̸N)ĴoW굯:'Ћ{2c-p#f L4B}•GWT接Z]8:H\zs&6ކPŭ 6f64DO1ZJU^(ƒOsXm$XKkA~|NX础I}3 @.n 5!.3ddzK)YC8Rg?frfJ5d6`eE"Ԡ>F~FÑD%ڑ/ "9*.: ߋwD?Ok^Ag mmL<>*ϻ >OÍs.M3H~rJ8j*S2S3lٽ~0Ͽ8ckF/ݑP ޲hﲠJ 4Miә›51{k;0u]TX &{w0 S..|S^gg}Yh$PnKƔ1g/k+(;ݍ:EmH Ҋy+'JMuN 6 jV9^u( |'P!7s$5aBHJ'!i#J %.']3sA"t0& 8䕵j]m̕5~c1jS7~Bck,45_E!ɖh>gad/>]Po>]6 >Oi[J7m­߫@DJ2kP)DnޔZ'@Ew{JJR` Lf'_ CWЖN[ QQ탻إR/ ƯfHjɺ9W80I6rTSI])& ~Ivq+q&_%7@3.jo{>&8y`ovu `@I.xbqsqz7YbRIlbM%,)eÝ5b5ݿ4,1҆:44pŁbz0ʂ~ab +G_{BC j6کHe Roj#]14;^X9zsy):GHOjˇa2gx{CZTc]F,YUt[+Ek_8no&bCk.{ FDCԊrVĉӓdgn y$a l3=D0 U[Gn+9 M#ΣZ{^Tp^b]L*2,~0T8ۛ!pA8oRnj=Hr 23bQ܎}5G_<\IB0c'p1)YXx"H͎ y v';H!Jv\pV 45mkjuO(e;m W=Nn_'[VLHp#-@L@-lZT@EQ $}w2ԺxU/}+ykvg\#Z 10`jI`'F 4 hmo>v>[ kdF)nEY{|Y|t?$HD8jx؁+(Ƌ#Gr)'/_3]@ AV΃_p+h, ݽ RTW[:=M#@pI).`l*Ń:vEC^spw옚0r/}H>0|ջ&F\yY+$hw!]PHE~9Lzez*U6ɨAY17`< đ[V{)z@V;50*t|Ow"*)f±VO ~ҥTe9?̽ W'HY)AdO՘G 'sv@5эw>Zt]i^Wa `H8{pDuZby>r[F%ͤ׀v2Xv#<`q@HQi  q?+Fώ/;T"4_V6tyX VZ_>;_!8GQ8cEKVs #=0i^-D eW35!./lXWzPA~x-9a.+!-U'SvfF9~3n7b>k+p{ڏwХgc@.4"^YIc>S:%ՔK♄2XUmql!=? ͗g4 yc1n'JI{^xǕv]4}\W {q"a,1N\NRw;?(Ӫ2<|z9fXOFt|c?FH-gxe7bE3ytϔaZWLJ ;a< MϘ1_6ͯ3Np臾X^ow)H{6oGkg@qPG֬ ov We\2yBUXJ W3x-oBm7MR6/#"xo^~՝ `ZXJ&]:<2bAT{KVwlԜnsep-]S.H!zdʙ^ 5[/dC"Kz6"2Gq= r%3o־ !A@*g;6 U1-hm낖uAU"3&q[U|PG8*`DFpFF k^=9%'y73Q; -J8G9[btxt 6 u-1= ,<kVZB bjnH5Md9ܚC%p pKOUieB*ItOUak\7%FL򇩾BU^ ïT@R:|/pc7V"U(ˠ*\W9$\`}L`_~&pϕmYޖ9a˼u{\E=mk !sdʡig}3vVYhk A-<}dC]پ$nEڑ,RamBY#ү冘avlafe*ٝ)lb (H!8 6[Jhׇ/ /K\aIw&30o*=eV!r=|u-D*%s̷q IS65֍7StN2, v=#:.3π $$+NQw]5/i( kvhI[gKhdIbz<4P-"ݭWeE_1\ӿWh_lփX-/7eTAudW)P<:N:Lot=]VzOb& t(GAauh&kgE}?/QvWyjI L{ \Naȩ`d} *6Wo;YU)ƎVۀ$|bwoCJh; vU@Q_ۗCW?M,{0_WLq/ll`k)(ANwfFAN*0XL~ # `t?TVJ] _>!3^aܔꙊX, #N*bBos.Y0OnRkQ%'ҷBOT>XZek*9L<Jpy)5』#=bl-irEH^wK f j+;7Xw($KĶm.Bl2S~̊VQmKʊXR2h~`{*n{WBFTӈ] b==Z}}Z/ !jȲޢ$oIS=Hx^i+'L(k 6eVRCr;֦2^nC`&Ofػs`l  mI#e PiBOG(¾TIΦ=;G({:t0pROĶ mnı]3]MpS-N0R$`/QYİZ6~ryBӝyښo$Qͫ]0O!8WkZQB,ȿCT`$ǒG%LWF3ZZ,->gp$ؒVJ('6!PpVɂX['s_yPL"@IuB^Nz׶K Ͻx{ <*"בZh9O9OQ$sCW{BjK_ƠϏ"LU_3;a~bX׋[>o=- z}-ͿɗoUR3" h>fJH$-:6Dn8.x= oQ?̈soV8Ҫ61+ڶ-S/w#*`, 83܄_UgRY"8.D!=aD'Rhy?^rRv@h(X9|ģ|/?SD`pMk @y;N?CqئWľ}ˉE=c~1LůL$S1 mJ$n HZv"%5OryxD?do* &#@H$Dd=QR])uӛqL,-zn_ ͉_!Wy˰ZKS'f,'WI diw(鿶 #C *z[h 6 F®${O5hG}ps(XkNI!]g*+K%EQ.$fGu⠅Ʀoǜ[VrQka|gP31ȫ w4z(t3Ql/]M6q~ ?(z,/Œ|7ϭ*`Ć҂ۢ~0tuKF x9H$;!;웢R M`nlOe\n-BZ+1Œ{epaF+˯dud?F?c$.K?ޱ(π5-M^Ս!/H$anRڲD Źs]#/߃.:XE]*/huso=+$p9 ƥ}s(jmX@H|Tբ U ӮvGX,YLLvZױnh,'*.)spI{'_G|U/ժ1rP&:Glئc]ILE+/cVtDA\t̥I|:8AAU*(l#R ?S<I[gcUەA\Dfg̃ 6!/E) ~񓏥kN^MH'pMiR))06MlՋ 1fy3)U9d6 mo}_ Kgߓd }:9>2ڝ6n|Lz< rPQַC&k㻍8 {q oɪPQ=^#4q2l߷ݜOuW+ROkZg'>d>#IhUa|5I4K)|ND#VN$Xuc 98MPP$8ୌ1H Ia r8+uo}4FjL}A+SMuc:2x~縂+fx&c'r2 E( T ]["j'A }0*(yו#t9N4`Qp/"8 g6:tR7w2=k8X4oN$;Ape nHڵp7 '{"E0 rw"<\/@]up.ػZޣYێ `op2h ?vɅQЇ(&e bjo!1 mzb8ؖ6QS|zi{Kw6JIyEN^$w(l}F3c @7>2' < EV$ w'%> 62@ɞKyDݜ]󜺠Nv+`fr[cLB@p w[穉oe"{T lJZR'n..r-BIZJ,c7xJ5s8u y3JdCT# Ufq.ExmdBO]s(V<`J/|<޲pZ_+]hFpW2 aPv .!~ݞ/M) w$sji'6D"/[H\H-$COC;x}ɓZ,ɞ^QX^y3at1 RtsG[_ʵYG?sJ+4See`Qg[gwxxA43S3*ɩl@6ؒ/Ċٿ`{dۃ&ά` ͇lh ? iw_;pqa2 ܑZ P)JeGC3#x[{)f>d #16g& )鐝PuW7PC؋ǔG@- |S fOZ\$.j^-HǩJAi5v 4m8P҅vy؟b<+<Q ~=XOZN& v@I1h YhWDoXeGH< 4[$ In|@fx8Y#pG2@'SGO%!gA}L#+,zH3c$ "ǜxLx x'N9DBv#S,vQQW8tr;QV+f21OS#tҀ8Y")5bפ9iN%< h\FWHxfuͮl#e YlS켵#[7*41]ׇ1We3lC5e$)e]W cʴ^Y='p>C"hwOMø쪗;R#]n"ȴ1:^U*R odWQ=oTz3aF3p6`R9PFqÃlu<3t1`ڸlG:/^̼Ǖ6ސ ĺpRccyKk<RnmEq,p&vx{xjrl W)x H-kZB:y6тPZÈ3_.ڰ8܏!ֲ K\K\U5!5$]w@߆w4o/̇_|8(r ц(b.x,]W ݕh ab8 (ㅔД]lڸYU+QЊ̝`EDsJ]DYj!T?Y=͒PcMN!wS0mH|[4eƯQsO[.Z; 4g\HC햊u}p:?@riqV#u,|eC-y"8tM $zҵ}y8dIfm(j2e\UU3C|*3k#{:b`i|v}9I-[K" i%(k"C[Yf|ڀw_@tGhnyzkkT ޳vT_)艪 38d2eijm@mN_þ1K+XW<k'c_I2ۖ&$``,Njz%XxJ@^R>9}R , ϑf.[V{EELYJk0\P E_aɗ*,>J-kmpV;(G;꺸 !z$=ZPG=-l*{,^r>F62L-`5+-+(#f~=,(>a)wƆS!_.au&E=݊sÝG9f Hп ;]՗$);h @;otwN R{bah]FpIr:#ay_ bKC{!zpY4ȌЄ & ٶ1&U#=sR6K2R C ̄cBIfZ$Pט4Z &` &G3n@͖ zץ} &eQ>zos? -Q{-2׏#Rp*bHN2*T3Z]',#XM n'Vpyɧp 9y$!)(>j]-.04bBrmII&u႗ DCK2< wdwy)0 2hg |=wϲ=A,7On,mū q$Qk8a$iPdGuR{NThZPi$[Z ^Pr<ܫC݄?8)3}S'$uP{GG5UYsl.j$ {$qW-0q}+/2N,iErv~maVYqC2NE~9{QpLiYv\9O ' YZ