xen-doc-html-4.13.2_08-lp152.2.24.1 4>$  Ap`l/=„AܫB-BsSłpI"m6s& :)iu Nڨ~ |V65[8ٸ[G;@W˘.hyp"*ha YcEsovybӞ1Ol}=Jا o&j#KOӨ<}t ΉFY92UUORdžVuq!{n :n5$_Eh {C Xm' ϩ2 %(<;\9bffdfbcd753b9461315fa07b9649aa23f5d479f3c2611a57dafca64591780448e7b57649c8c4a8ddcf7a6d86764252ddbd4dfac"h`l/=„{0CC6-o.ԟH5m@yצ"v@ ~o㰁C}у1fUI SdsҦ",3lana]ga5oa[L(kE,>Ew27EK.3-=+p'/hklT. M|]3IauQ'sޘs Qu/=☑|"q&766G-#e~ֹUe (9|(P >p9?d & M EKTMM "M M M M  M@MMBhMS(w8o9#<o:<,oGMHMIMX`Yh\M]M^Z bEcd{efluMvCxen-doc-html4.13.2_08lp152.2.24.1Xen Virtualization: HTML documentationXen is a virtual machine monitor for x86 that supports execution of multiple guest operating systems with unprecedented levels of performance and resource isolation. xen-doc-html contains the online documentation in HTML format. Point your browser at file:/usr/share/doc/packages/xen/html/ Authors: -------- Ian Pratt `lcloud120 openSUSE Leap 15.2openSUSEGPL-2.0-onlyhttp://bugs.opensuse.orgDocumentation/HTMLhttp://www.cl.cam.ac.uk/Research/SRG/netos/xen/linuxx86_64ot9DA'&6@ 72."B W 8` e $,76H"yjQ <3 "z868 I\xAAAA큤A큤A큤A큤A큤A큤A큤A큤`l`lW`lW`l`lW`lW`l`lW`l`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`lW`l`lW`lW`l`lW`le171864f5cfbf7c7b3fecd9b9fbeb3da9e87f63a7284ee52eeed093f8ad303ecf53beaf653f26eae12ff7ced3bf0735dbedad0d8baf45d31e32d33e0b868bfa954e980d65bcde307bad2efeab9640ef5c720b4ebc78ac8cc1eb48bd6134a5280b3422df9c1ad850ce9b456e83713da51f123c2286cf1f9fd4eb97f57c3eca9adbd5267a76a14fe4153f4ca727fb99f1c0bec9e8ff77302865a83919fa74e2b8db80b94ff1a198b4d6e03dcc25f86a1b332a80cf36f7df4bba07c19d192059b2cf62b4090098e5d648e9a3e615874b2e5957a93990f652eefc831d37779ba91069dbe69397d6c3d3c6d88c564032ba62cb41a6b8260a73fd9d6513c186d64199f078f07651ae04fc86183bc953a94d4437042b3a3e5182bfd03e899ed64ce4bbdf80257ef0688b6b53ccd52a4bbd9279568b22b31211e95cb4c6e86b81614a381d344261e1861b09d9bb8bb11a3caa1fcf632c9edc2107b175ecd48555e9bc639cedae3c3f2231b4340cf00a139bde6f3d5f0d9195d0906b227ca38a45038459a577d188c5570ee8dbf5850e4fca7b4e224cdb2725ffa755194f366179c1fd1b4d0d772f13207e89e3a519af0404d8ce75c584d7df7408643215c771621cb44b2c226a811e7f3336b6b187387a4992afc47488312928731367189b2fa03d7adef70d0a0d37169adb67569317d91415a0bcdeaf0c7870a806bb55b70092e12003913a9c456e1d8e004ff68d58686ccc8dbb0ef298481c2dadcbf30c638c625218de466c9be077fa0ef0ced23a246e92d14cc0cc8fd757931079cf928689b544b326b03382516373fc9221dc98277ed58043f0d5b49a8cf0913e57e5e47220c2c96bc7abdb1f733000c2cd91b519cbf7c55d096115abfef000da14ac794739fe8f0fe7d4c19e4b15b9d82ce430eb0767c3242c24a77c9b8d8d050129e41b51eecb6ded3add1a44dd1298e13dbe706f9a303f3b2169e18eb7d8afa43d0464f4ace15dc229890cdab48dfcc21f364fbc04c2bbc7f3b25c04e2a8c84148685fc9d08dba889ffd9cdd9058e5d6074d2b55f6e8c45e34e178cda364908c8cccbc08dc565a1f487e81635586692892b1cac3f2b705eddb54a37582c7a0dd4a33fe1386a31ed213cfd37be4282486d5610a30bb9c6c55ea3aa6bac8552669dbb46aee375a5df5076c347e7cad2371f3dc0bc10c6877c8f5251a5a57ddc6c79e1f9b532f89f9b3fc4dd2d139ace9382e594c2c73439a9d4f100fc61c4e4f9294d4239776620fbf590c80aef40b7e6ab58cefe9e4351ef6afaa6bcaf4e55d7809df6392fdb96aadfa0507b89d930b9500c7a95869685253e2082a4d704ad9ab9a720307e4e19c225a529d78e1e1365a40264348cbbcd1ef716fa7d97d977cb93f42230a1825f4faf9f22847781296550c42f0955595f5f23eff9cf7b00ca27ee70988aaee9f7ec2154a382909b7652464c29ad603492e27c76bd7d0de3b5198d0867fe0a75ebd93bafe2e73cf681a88dca3217d79376c353ff4e1e5ecee8c41c70e11b8c9e2d188834c2a97f1edeb4cc8e0e61519c5f8559abb020373ab7886252b3809b0a1d976728897864907825a5a2538c25cd0aa407ba15e58bed9f42232379103f1ee46160242648729b430f01c57403535a4cd52e480fa8aeba2b6662bf636d14522c2871a17c16c95ab0ee99f64d6dc5c3a303ee5d0ea203246d629ec9a01164f79991b95599c26b803f2c8bfb407d7ea7de55a783c40780dcb7f993af187e4d4200a7cd1ffaf63b68eb2cc3c3d663847edfeeeed22d3b1039b423ec94b5198ad7daba0315ada992171ac097279a5924539c83bc431e243edc9efd772f673fd5301bc159111fcd005b864ab1f4b803e059590043471e04d0ac7ec96fe74dbf857c003a9b4163966919de58c0d14d493b5d7c6826e43bd61f2eda3c2a4a33fd26f285982fb97cc7b4730fc7c1c5289c87cc4d1dfe6184c7908079cfb34de8b6d4d200fa7a5cd899e7aab4589a5d0193118825ac5072abd29bfa809c3b3aa704ec1d432c80a00b3c661489ab62333993243951154c8ffe56cf475ebcb8a54982ecbd145cbe19ee58416bcf16a88f474895a8626db19ae5f3654c894d7337bcf72c1fc59037f947f713649a84322888eb75d9dad867249c4c135787affea14ee1cf2c50b4403362cc91e5249e9a32270b77e1d08f1217206215cbdcbd7b4f179b7787b056e065805b649e73f32af8d7b9fd0a5b317668d9ecd29a382e968e6466945103b1f10e378ccf028b0040d857506d6a2f9f9f7202547fb83347ebc6cf52cf4d3228d603a99a49af40bf7589771dd6810ba68ffd01c20c7d7743ec76891e07a4851f086e043731368850e313269ca98ab91c156529ac3b961a67f54a522ef093965d6be4431b21e9ec2fc3e6c70050a26c3c78777e5200cad4282b96411eb4c871e9845d2b4b1163c8f2f71b3f232161df132b103360ee3fb48495eabd71c2be87437b2d33715486da3e3443c567a5b9cb6b8f54c07b3fac562cc7f7d20c570e6df66605f996aa6d38f8234276f2b8fa5c54a10903b7fa29d49d6dbdae30ef984b372a6dbe9c2786b09c1d722ffa63f7cff6848a3b35a68d4fbd7770dfee8c9157c4151eb9d4bb2e16e25f710099b13ab6c7b0dec076e76d504e091cf2642a805f97129e2d6ddbd2789fc0c43d157a3ed94bc29d199b2970101e0c2ac3d060a285baa814fe39770cc81f77c8321ff63ef984c549fd5a0833e146c7bdc1c2097fa2ba0315ada992171ac097279a5924539c83bc431e243edc9efd772f673fd5301be9845d2b4b1163c8f2f71b3f232161df132b103360ee3fb48495eabd71c2be874794d2bb12bc5238dd998d7518981bddcd92b8becc261ea956feaf4f1fbb65d3372a6dbe9c2786b09c1d722ffa63f7cff6848a3b35a68d4fbd7770dfee8c915798394ef67fe837f917dc3f0101b89193414868cd6bd7c94ceb5ab3ccc7ed408frootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootxen-4.13.2_08-lp152.2.24.1.src.rpmxen-doc-htmlxen-doc-html(x86-64)     rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0.4-14.0-15.2-14.14.1`OL@`B@`4@`@` l__$_ǁ______@__[f_X_Wr@_'@_{_^)@^^@^3^ϧ^x^@^@^^^{G^r @^j$@^g@^_@^Nt^K^=Q@^:@^0"@^@^@]]]N@]@]ʞ])]c@]@]@]@]]fl]fl]M`@]B@]/ ],j] ]@]@] ] ] #]]@\\ޢ@\ڭ\\@\@\@\,@\7\\N\@\\+@\\M\M\\\@\}@\k\X)@\J@\I\A\?\=@\9\73\4\$\l@[H[k@[@[^[^[ā@[@[@[9@[v[W[CN@[<[6@[0@[0@['[!@[5@Z@ZnZ@ZZZ@ZmZԐ@ZZZ@ZZ}@Z}@Z}@Z}@Zz@Zz@Zo Zk@ZV@ZS]@ZOhZ:PZ1@Z.s@Z&@ZOZOZ Z Z Z@Z@Z }ZC@ZYYYY|Y@Y{Y*@Y5YA@Y4YYYbYY@Y3Y@YJYJY@YYV@Y@Ym@Yw2Yp@YlYh@Yh@YS@YJ_YI@Y5GY0Y-^Y(Y"YY;@YYY@YtY.X@XQ@X@XۡXg@X@X@X@X @X@X@X@X@XXX@XXXwoXs{@XlXWXRXQ4@XEVX43@X.@X*X lX&X@XX@W@W֘W֘W^@WiW:Wt@W.@W9WW@Wk@Wi,@WbWZWZWZWYZ@WV@WEWBW=W;W3W1@W1@W,@W(W(W(W(W(W#LWVbV(@V3VJVxV'@VV2V͛@VŲ@V`VwVVV=@VV@VHV@VvV%@VV<@V@VS@VV@V^VwVqR@Vn@VXEVUVTQ@VMVMVMVA@V;DV9@V7P@V0V*!@V V@VCVVVf@VqV@UYU@U@UUݪ@U@UnU4@UUK@UU@UU>U@Ux&Un@U\w@U[%UUUPUKSU>$U6;U%@UU@UUU.@TgT-@TT@TZ@TZ@T@TT@T5T@TLTLT~@Tl@Ti@Ta@THT?@T=@carnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comCallum Farmer carnold@suse.comcarnold@suse.comJames Fehlig carnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comDominique Leuenberger carnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comMatej Cepl carnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comJim Fehlig ohering@suse.deMartin Liška ohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comJan Engelhardt Guillaume GARDET Guillaume GARDET Bernhard Wiedemann carnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deBernhard Wiedemann ohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comtrenn@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.dejfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.deohering@suse.derbrown@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comjfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.dejfehlig@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comohering@suse.dejfehlig@suse.comcarnold@suse.comjfehlig@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.commlatimer@suse.comcarnold@suse.comcyliu@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.derguenther@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comrguenther@suse.comcarnold@suse.commeissner@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.com- bsc#1177204 - L3-Question: conring size for XEN HV's with huge memory to small. Inital Xen logs cut 5ffc58c4-ACPI-reduce-verbosity-by-default.patch - Upstream bug fixes (bsc#1027519) 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch 602bd768-page_alloc-only-flush-after-scrubbing.patch 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch 60410127-gcc11-adjust-rijndaelEncrypt.patch 60422428-x86-shadow-avoid-fast-fault-path.patch- bsc#1183072 - VUL-0: xen: HVM soft-reset crashes toolstack (XSA-368) Also resolves, bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl bsc#1181989 - openQA job causes libvirtd to dump core when running kdump inside domain xsa368.patch- bsc#1182576 - L3: XEN domU crashed on resume when using the xl unpause command 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch- Upstream bug fixes (bsc#1027519) 5fd8aebb-x86-replace-reset_stack_and_jump_nolp.patch (Replaces xsa348-1.patch) 5fd8aee5-x86-fold-guest_idle_loop.patch (Replaces xsa348-2.patch 5fd8aef3-x86-avoid-calling-do_resume.patch (Replaces xsa348-3.patch) 5fd8af4b-evtchn-FIFO-add-2nd-smp_rmb.patch (Replaces xsa359.patch) 5fd8b02d-evtchn-FIFO-reorder-and-synchronize.patch (Replaces xsa358.patch) 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch 5ff71655-x86-dpci-EOI-regardless-of-masking.patch 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch 600999ad-x86-dpci-do-not-remove-pirqs-from.patch (Replaces xsa360.patch) 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch 6013e546-x86-HVM-reorder-domain-init-error-path.patch- bsc#1181254 - VUL-0: xen: IRQ vector leak on x86 (XSA-360) xsa360.patch- bsc#1180690 - L3-Question: xen: no needsreboot flag set Add Provides: installhint(reboot-needed) in xen.spec for libzypp- bsc#1176782 - L3: xl dump-core shows missing nr_pages during core. If maxmem and current are the same the issue doesn't happen 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch- bsc#1179496 - VUL-0: CVE-2020-29480: xen: xenstore: watch notifications lacking permission checks (XSA-115) xsa115-1.patch xsa115-2.patch xsa115-3.patch xsa115-4.patch xsa115-5.patch xsa115-6.patch xsa115-7.patch xsa115-8.patch xsa115-9.patch xsa115-10.patch - bsc#1179498 - VUL-0: CVE-2020-29481: xen: xenstore: new domains inheriting existing node permissions (XSA-322) xsa322.patch - bsc#1179501 - VUL-0: CVE-2020-29484: xen: xenstore: guests can crash xenstored via watchs (XSA-324) xsa324.patch - bsc#1179502 - VUL-0: CVE-2020-29483: xen: xenstore: guests can disturb domain cleanup (XSA-325) xsa325.patch - bsc#1179506 - VUL-0: CVE-2020-29566: xen: undue recursion in x86 HVM context switch code (XSA-348) xsa348-1.patch xsa348-2.patch xsa348-3.patch - bsc#1179514 - VUL-0: CVE-2020-29570: xen: FIFO event channels control block related ordering (XSA-358) xsa358.patch - bsc#1179516 - VUL-0: CVE-2020-29571: xen: FIFO event channels control structure ordering (XSA-359) xsa359.patch - Upstream bug fixes (bsc#1027519) 5faa974f-evtchn-rework-per-channel-lock.patch 5faa978b-evtchn-revert-52e1fc47abc3a0123.patch 5faac497-xen-arm-Always-trap-AMU-system-registers.patch (Replaces xsa351-3.patch) 5fbcdf2e-evtchn-FIFO-access-last.patch 5fbcdf99-x86-DMI-fix-SMBIOS-pointer-check.patch 5fbd042b-memory-off-by-one-in-XSA-346.patch (Replaces xsa355.patch) 5fc4ee23-evtchn-FIFO-queue-locking.patch- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) xsa355.patch- Enhance libxc.migrate_tracking.patch Hide SUSEINFO messages from pause/unpause/resume from xl command. They are intended for libvirt logging, but lacked info about execution context.- bsc#1178591 - VUL-0: CVE-2020-28368: xen: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 xsa351-1.patch xsa351-2.patch xsa351-3.patch- Upstream bug fix (bsc#1027519) 5f92909a-PCI-cleanup-MSI-before-removing-device.patch- bsc#1177950 - adjust help for --max_iters, default is 5 libxl.set-migration-constraints-from-cmdline.patch- Update to Xen 4.13.2 bug fix release (bsc#1027519) xen-4.13.2-testing-src.tar.bz2 - Drop patches contained in new tarball 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch 5ef44e0d-x86-PMTMR-use-FADT-flags.patch 5ef6156a-x86-disallow-access-to-PT-MSRs.patch 5efcb354-x86-protect-CALL-JMP-straight-line-speculation.patch 5f046c18-evtchn-dont-ignore-error-in-get_free_port.patch 5f046c48-x86-shadow-dirty-VRAM-inverted-conditional.patch 5f046c64-EPT-set_middle_entry-adjustments.patch 5f046c78-EPT-atomically-modify-ents-in-ept_next_level.patch 5f046c9a-VT-d-improve-IOMMU-TLB-flush.patch 5f046cb5-VT-d-prune-rename-cache-flush-funcs.patch 5f046cca-x86-IOMMU-introduce-cache-sync-hook.patch 5f046ce9-VT-d-sync_cache-misaligned-addresses.patch 5f046cfd-x86-introduce-alternative_2.patch 5f046d1a-VT-d-optimize-CPU-cache-sync.patch 5f046d2b-EPT-flush-cache-when-modifying-PTEs.patch 5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch 5f560c42-x86-PV-64bit-segbase-consistency.patch xsa286-1.patch xsa286-2.patch xsa286-3.patch xsa286-4.patch xsa286-5.patch xsa286-6.patch xsa333.patch xsa334.patch xsa336.patch xsa337-1.patch xsa337-2.patch xsa338.patch xsa339.patch xsa340.patch xsa342.patch xsa343-1.patch xsa343-2.patch xsa343-3.patch xsa344-1.patch xsa344-2.patch xsa345-1.patch xsa345-2.patch xsa345-3.patch xsa346-1.patch xsa346-2.patch xsa347-1.patch xsa347-2.patch xsa347-3.patch- bsc#1177409 - VUL-0: CVE-2020-27674: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) xsa286-1.patch xsa286-2.patch xsa286-3.patch xsa286-4.patch xsa286-5.patch xsa286-6.patch - bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code (XSA-345) xsa345-1.patch xsa345-2.patch xsa345-3.patch - bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU TLB flushes (XSA-346) xsa346-1.patch xsa346-2.patch - bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page table updates (XSA-347) xsa347-1.patch xsa347-2.patch xsa347-3.patch- Escape some % chars in xen.spec, they have to appear verbatim- Enhance libxc.migrate_tracking.patch Print number of allocated pages on sending side, this is more accurate than p2m_size.- bsc#1176339 - VUL-0: CVE-2020-25602: xen: x86 pv: Crash when handling guest access to MSR_MISC_ENABLE (XSA-333) xsa333.patch - bsc#1176341 - VUL-0: CVE-2020-25598: xen: Missing unlock in XENMEM_acquire_resource error path (XSA-334) xsa334.patch - bsc#1176343 - VUL-0: CVE-2020-25604: xen: race when migrating timers between x86 HVM vCPU-s (XSA-336) xsa336.patch - bsc#1176344 - VUL-0: CVE-2020-25595: xen: PCI passthrough code reading back hardware registers (XSA-337) xsa337-1.patch xsa337-2.patch - bsc#1176346 - VUL-0: CVE-2020-25597: xen: once valid event channels may not turn invalid (XSA-338) xsa338.patch - bsc#1176345 - VUL-0: CVE-2020-25596: xen: x86 pv guest kernel DoS via SYSENTER (XSA-339) xsa339.patch - bsc#1176347 - VUL-0: CVE-2020-25603: xen: Missing barrier barriers when accessing/allocating an event channel (XSA-340) xsa340.patch - bsc#1176348 - VUL-0: CVE-2020-25600: xen: out of bounds event channels available to 32-bit x86 domains (XSA-342) xsa342.patch - bsc#1176349 - VUL-0: CVE-2020-25599: xen: races with evtchn_reset() (XSA-343) xsa343-1.patch xsa343-2.patch xsa343-3.patch - bsc#1176350 - VUL-0: CVE-2020-25601: xen: lack of preemption in evtchn_reset() / evtchn_destroy() (XSA-344) xsa344-1.patch xsa344-2.patch - Upstream bug fixes (bsc#1027519) 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch 5f560c42-x86-PV-64bit-segbase-consistency.patch- Upstream bug fixes (bsc#1027519) 5ef44e0d-x86-PMTMR-use-FADT-flags.patch 5ef6156a-x86-disallow-access-to-PT-MSRs.patch 5efcb354-x86-protect-CALL-JMP-straight-line-speculation.patch 5f046c18-evtchn-dont-ignore-error-in-get_free_port.patch (Replaces xsa317.patch) 5f046c48-x86-shadow-dirty-VRAM-inverted-conditional.patch (Replaces xsa319.patch) 5f046c64-EPT-set_middle_entry-adjustments.patch (Replaces xsa328-1.patch) 5f046c78-EPT-atomically-modify-ents-in-ept_next_level.patch (Replaces xsa328-2.patch) 5f046c9a-VT-d-improve-IOMMU-TLB-flush.patch (Replaces xsa321-1.patch) 5f046cb5-VT-d-prune-rename-cache-flush-funcs.patch (Replaces xsa321-2.patch) 5f046cca-x86-IOMMU-introduce-cache-sync-hook.patch (Replaces xsa321-3.patch) 5f046ce9-VT-d-sync_cache-misaligned-addresses.patch (Replaces xsa32141.patch) 5f046cfd-x86-introduce-alternative_2.patch (Replaces xsa321-5.patch) 5f046d1a-VT-d-optimize-CPU-cache-sync.patch (Replaces xsa321-6.patch) 5f046d2b-EPT-flush-cache-when-modifying-PTEs.patch (Replaces xsa321-7.patch) 5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch (Replaces xsa327.patch) 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch- bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached ignore-ip-command-script-errors.patch- Enhance libxc.migrate_tracking.patch After transfer of domU memory, the target host has to assemble the backend devices. Track the time prior xc_domain_unpause.- Add libxc.migrate_tracking.patch to track live migrations unconditionally in logfiles, especially in libvirt. This will track how long a domU was suspended during transit.- bsc#1173376 - VUL-0: CVE-2020-15566: xen: XSA-317 - Incorrect error handling in event channel port allocation xsa317.patch - bsc#1173377 - VUL-0: CVE-2020-15563: xen: XSA-319 - inverted code paths in x86 dirty VRAM tracking xsa319.patch - bsc#1173378 - VUL-0: CVE-2020-15565: xen: XSA-321 - insufficient cache write- back under VT-d xsa321-1.patch xsa321-2.patch xsa321-3.patch xsa321-4.patch xsa321-5.patch xsa321-6.patch xsa321-7.patch - bsc#1173380 - VUL-0: CVE-2020-15567: xen: XSA-328 - non-atomic modification of live EPT PTE xsa328-1.patch xsa328-2.patch- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch (Replaces xsa320-1.patch) 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch (Replaces xsa320-2.patch) - Upstream bug fixes (bsc#1027519) 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch- Fixes for %_libexecdir changing to /usr/libexec- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) xsa320-1.patch xsa320-2.patch- Update to Xen 4.13.1 bug fix release (bsc#1027519) xen-4.13.1-testing-src.tar.bz2 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch - Drop patches contained in new tarball 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch- spec: Remove invocation of autogen.sh - spec: Recommend qemu-ovmf-x86_64 to provide UEFI firmwares- bsc#1170968 - GCC 10: xen build fails on i586 gcc10-fixes.patch- bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation handling in GNTTABOP_copy (XSA-318) 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch- bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch - bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing memory barriers in read-write unlock paths 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch - bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error path in GNTTABOP_map_grant 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch - bsc#1167152 - L3: Xenstored Crashed during VM install Need Core analyzed 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch - bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch - Drop for upstream solution (bsc#1165206) 01-xen-credit2-avoid-vcpus-to.patch default-to-credit1-scheduler.patch - Upstream bug fixes (bsc#1027519) 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch- bsc#1167608 - unbound limit for max_event_channels domUs with many vcpus and/or resources fail to start libxl.max_event_channels.patch- bsc#1161480 - Fix xl shutdown for HVM without PV drivers add libxl.libxl__domain_pvcontrol.patch- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 01-xen-credit2-avoid-vcpus-to.patch- bsc#1158414 - GCC 10: xen build fails gcc10-fixes.patch- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog bug soft lockup CPU #0 stuck under high load / upstream with workaround. See also bsc#1134506 default-to-credit1-scheduler.patch- bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate past the ERET instruction 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch - bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch hardening 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch - Upstream bug fixes (bsc#1027519) 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch- bsc#1159755 - use fixed qemu-3.1 machine type for HVM This must be done in qemu to preserve PCI layout remove libxl.lock-qemu-machine-for-hvm.patch- jsc#SLE-10183 - script to calculate cpuid= mask add helper script from https://github.com/twizted/xen_maskcalc domUs may be migrated between different cpus from the same vendor if their visible cpuid value has incompatible feature bits masked.- jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains add helper script and systemd service from https://github.com/luizluca/xen-tools-xendomains-wait-disk in new sub package xen-tools-xendomains-wait-disk See included README for usage instructions xendomains-wait-disks.LICENSE xendomains-wait-disks.README.md xendomains-wait-disks.sh- bsc#1159755 - use fixed qemu-3.1 machine type for HVM qemu4 introduced incompatible changes in pc-i440fx, which revealed a design bug in 'xenfv'. Live migration from domUs started with qemu versions prior qemu4 can not be received with qemu4+. libxl.lock-qemu-machine-for-hvm.patch- Upstream bug fixes (bsc#1027519) 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: Allow OBS to shortcut through the -mini flavors.- bsc#1159320 - Xen logrotate file needs updated logrotate.conf- Update to Xen 4.13.0 FCS release xen-4.13.0-testing-src.tar.bz2 * Core Scheduling (contributed by SUSE) * Branch hardening to mitigate against Spectre v1 (contributed by Citrix) * Late uCode loading (contributed by Intel) * Improved live-patching build tools (contributed by AWS) * OP-TEE support (contributed by EPAM) * Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM) * Dom0-less passthrough and ImageBuilder (contributed by XILINX) * Support for new Hardware- Update to Xen 4.13.0 RC4 release xen-4.13.0-testing-src.tar.bz2 - Rebase libxl.pvscsi.patch- Update to Xen 4.13.0 RC3 release xen-4.13.0-testing-src.tar.bz2 - Drop python38-build.patch- Update to Xen 4.13.0 RC2 release xen-4.13.0-testing-src.tar.bz2- Add python38-build.patch fixing build with Python 3.8 (add - -embed to python-config call)- Update to Xen 4.13.0 RC1 release xen-4.13.0-testing-src.tar.bz2 - Drop patches contained in new tarball or invalid 5ca7660f-x86-entry-drop-unused-includes.patch 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch 5cab2ab7-x86-IOMMU-introduce-init-ops.patch 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch 5d358508-x86-IRQ-desc-affinity-represents-request.patch 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch 5d417813-AMD-IOMMU-bitfield-extended-features.patch 5d417838-AMD-IOMMU-bitfield-control-reg.patch 5d41785b-AMD-IOMMU-bitfield-IRTE.patch 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch 5d419d49-x86-spec-ctrl-report-proper-status.patch 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch 5d4afa7a-credit2-fix-memory-leak.patch 5d4d850a-introduce-bss-percpu-page-aligned.patch 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch 5d6524ca-x86-mm-correctly-init-M2P-entries.patch 5d67ceaf-x86-properly-gate-PKU-clearing.patch 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch 5d80ea13-vpci-honor-read-only-devices.patch 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch blktap2-no-uninit.patch libxl.prepare-environment-for-domcreate_stream_done.patch pygrub-python3-conversion.patch fix-xenpvnetboot.patch- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines 5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch 5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch 5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch- bsc#1120095 - add code to change LIBXL_HOTPLUG_TIMEOUT at runtime The included README has details about the impact of this change libxl.LIBXL_HOTPLUG_TIMEOUT.patch- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines 5ca7660f-x86-entry-drop-unused-includes.patch 5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch 5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch 5cab2ab7-x86-IOMMU-introduce-init-ops.patch 5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch 5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch 5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch 5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch 5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch 5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch 5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch 5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch 5d358508-x86-IRQ-desc-affinity-represents-request.patch 5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch 5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch 5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch 5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch 5d417813-AMD-IOMMU-bitfield-extended-features.patch 5d417838-AMD-IOMMU-bitfield-control-reg.patch 5d41785b-AMD-IOMMU-bitfield-IRTE.patch 5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch 5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch 5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch 5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch 5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch 5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch 5d417b38-AMD-IOMMU-correct-IRTE-updating.patch 5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch 5d4a9d25-AMD-IOMMU-drop-not-found-message.patch 5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch 5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch 5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch 5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch 5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch 5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch 5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch 5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch 5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch - bsc#1145240 - [Migration]Can't pre-allocate 1 shadow pages 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch - bsc#1137717 - [HPS Bug] Unable to install Windows Server 2016 with 2 CPUs setting (or above) under SLES12 SP4 Xen Server on AMD ROME platform 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch - Upstream bug fixes (bsc#1027519) 5d67ceaf-x86-properly-gate-PKU-clearing.patch 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch 5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch 5d80ea13-vpci-honor-read-only-devices.patch 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch- bsc#1145774 - Libivrtd segfaults when trying to live migrate a VM Fix crash in an error path of libxl_domain_suspend with libxl.helper_done-crash.patch- Upstream bug fixes (bsc#1027519) 5d419d49-x86-spec-ctrl-report-proper-status.patch 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch 5d4afa7a-credit2-fix-memory-leak.patch 5d4d850a-introduce-bss-percpu-page-aligned.patch 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch 5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch 5d6524ca-x86-mm-correctly-init-M2P-entries.patch - Drop 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch- Preserve modified files which used to be marked as %config, rename file.rpmsave to file- Update to Xen 4.12.1 bug fix release (bsc#1027519) xen-4.12.1-testing-src.tar.bz2 - Drop patches contained in new tarball 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch 5c87b6c8-drop-arch_evtchn_inject.patch 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch 5c8f752c-x86-e820-build-with-gcc9.patch 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch 5c9e63c5-credit2-SMT-idle-handling.patch 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch 5cd921fb-trace-fix-build-with-gcc9.patch 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch 5cd926d0-bitmap_fill-zero-sized.patch 5cd92724-drivers-video-drop-constraints.patch 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch 5d03a0c4-6-Arm64-cmpxchg-simplify.patch 5d03a0c4-7-Arm32-cmpxchg-simplify.patch 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch 5d03a0c4-B-bitops-guest-helpers.patch 5d03a0c4-C-cmpxchg-guest-helpers.patch 5d03a0c4-D-use-guest-atomics-helpers.patch 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch - Refreshed patches libxl.pvscsi.patch- bsc#1143563 - Speculative mitigation facilities report wrong status 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch- Update xen-dom0-modules.service (bsc#1137251) Map backend module names from pvops and xenlinux kernels to a module alias. This avoids errors from modprobe about unknown modules. Ignore a few xenlinux modules that lack aliases.- Gcc9 warnings seem to be cleared up with upstream fixes. Drop gcc9-ignore-warnings.patch- bsc#1138563 - L3: xenpvnetboot improperly ported to Python 3 fix-xenpvnetboot.patch- Move /etc/modprobe.d/xen_loop.conf to /lib/modprobe.d/xen_loop.conf- Remove /etc/xen/xenapiusers and /etc/pam.d/xen-api- Remove all upstream provided files in /etc/xen They are not required at runtime. The host admin is now responsible if he really needs anything in this subdirectory.- In our effort to make /etc fully admin controlled, move /etc/xen/scripts to libexec/xen/scripts with xen-tools.etc_pollution.patch- Move /etc/bash_completion.d/xl.sh to %{_datadir}/bash-completion/completions- bsc#1138294 - VUL-0: CVE-2019-17349: XSA-295: Unlimited Arm Atomics Operations 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch 5d03a0c4-6-Arm64-cmpxchg-simplify.patch 5d03a0c4-7-Arm32-cmpxchg-simplify.patch 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch 5d03a0c4-B-bitops-guest-helpers.patch 5d03a0c4-C-cmpxchg-guest-helpers.patch 5d03a0c4-D-use-guest-atomics-helpers.patch 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch - Upstream bug fixes (bsc#1027519) 5c87b6c8-drop-arch_evtchn_inject.patch 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch 5cd921fb-trace-fix-build-with-gcc9.patch 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch 5cd926d0-bitmap_fill-zero-sized.patch 5cd92724-drivers-video-drop-constraints.patch 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch (Replaces xsa297-0a.patch) 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch (Replaces xsa297-0b.patch) 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch (Replaces xsa297-0c.patch) 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch (Replaces xsa297-0d.patch) 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch (Replaces xsa297-1.patch) 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch (Replaces xsa297-2.patch) 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch (Replaces xsa297-3.patch) 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch- Fix some outdated information in the readme README.SUSE- spec: xen-tools: require matching version of xen package bsc#1137471- Remove two stale patches xen.build-compare.man.patch xenpaging.doc.patch- Disable LTO (boo#1133296).- Remove arm32 from ExclusiveArch to fix build- bsc#1111331 - VUL-0: CPU issues Q2 2019 aka "Group 4". CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 xsa297-0a.patch xsa297-0b.patch xsa297-0c.patch xsa297-0d.patch xsa297-1.patch xsa297-2.patch xsa297-3.patch - Update 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch and drop 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch Refresh 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch- bsc#1131811 - [XEN] internal error: libxenlight failed to create new domain. This patch is a workaround for a systemd issue. See patch header for additional comments. xenstore-launch.patch- bsc#1125378 - [xen][pygrub] Can not restore sle11sp4 pv guest after upgrading host from sle11sp4 to sle15sp1 pygrub-python3-conversion.patch - Fix "TypeError: virDomainDefineXML() argument 2 must be str or None, not bytes" when converting VMs from using the xm/xend toolstack to the libxl/libvirt toolstack. (bsc#1123378) xen2libvirt.py- bsc#1124560 - Fully virtualized guests crash on boot 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch - bsc#1121391 - GCC 9: xen build fails 5c8f752c-x86-e820-build-with-gcc9.patch - Upstream bug fixes (bsc#1027519) 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch 5c9e63c5-credit2-SMT-idle-handling.patch 5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch 5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch- Install pkgconfig files into libdir instead of datadir- Update to Xen 4.12.0 FCS release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 * HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates the HVM/PVH and PV code paths in Xen and provides KCONFIG options to build a PV only or HVM/PVH only hypervisor. * QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has been vastly improved. * Argo - Hypervisor-Mediated data eXchange: Argo is a new inter- domain communication mechanism. * Improvements to Virtual Machine Introspection: The VMI subsystem which allows detection of 0-day vulnerabilities has seen many functional and performance improvements. * Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project default scheduler. * PVH Support: Grub2 boot support has been added to Xen and Grub2. * PVH Dom0: PVH Dom0 support has now been upgraded from experimental to tech preview. * The Xen 4.12 upgrade also includes improved IOMMU mapping code, which is designed to significantly improve the startup times of AMD EPYC based systems. * The upgrade also features Automatic Dom0 Sizing which allows the setting of Dom0 memory size as a percentage of host memory (e.g. 10%) or with an offset (e.g. 1G+10%).- bsc#1130485 - Please drop Requires on multipath-tools in xen-tools. Now using Recommends multipath-tools. xen.spec- Update to Xen 4.12.0 RC7 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- Update to Xen 4.12.0 RC6 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- bsc#1026236 - add Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation for HVM domUs if their expected frequency does not match exactly the frequency of the receiving host xen.bug1026236.suse_vtsc_tolerance.patch- Update to Xen 4.12.0 RC5 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- jsc#SLE-3059 - Disable Xen auto-ballooning - Add CONFIG_DOM0_MEM to the spec file for managing dom0 memory. xen.spec - Disable autoballooning in xl.con xl-conf-disable-autoballoon.patch- Update gcc9-ignore-warnings.patch to fix build in SLE12- bsc#1126325 - fix crash in libxl in error path Setup of grant_tables and other variables may fail libxl.prepare-environment-for-domcreate_stream_done.patch- bsc#1127620 - Documentation for the xl configuration file allows for firmware=pvgrub64 but we don't ship pvgrub64. Create a link from grub.xen to pvgrub64 xen.spec- Update to Xen 4.12.0 RC4 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 - Tarball also contains additional post RC4 security fixes for Xen Security Advisories 287, 288, and 290 through 294.- Update to Xen 4.12.0 RC3 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- Update to Xen 4.12.0 RC2 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2- bsc#1121391 - GCC 9: xen build fails gcc9-ignore-warnings.patch- bsc#1122563 - Virtualization/xen: Bug no Xen on boot, missing /proc/xen, after 4.11 -> 4.12 upgrade on X86_64/efi. Keep xen.efi in /usr/lib64/efi for booting older distros. xen.spec- fate#326960: Package grub2 as noarch. As part of the effort to have a unified bootloader across architectures, modify the xen.spec file to move the Xen efi files to /usr/share/efi/$(uname -m) from /usr/lib64/efi.- Update to Xen 4.12.0 RC1 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 - Drop 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch 5b9784d2-x86-HVM-add-known_gla-helper.patch 5b9784f2-x86-HVM-split-page-straddling-accesses.patch 5bdc31d5-VMX-fix-vmx_handle_eoi.patch gcc8-fix-array-warning-on-i586.patch gcc8-fix-format-warning-on-i586.patch gcc8-inlining-failed.patch xen.bug1079730.patch- bsc#1121960 - xen: sync with Factory xen.spec xen.changes- Replace old $RPM_* shell vars. - Run fdupes for all architectures, and not crossing subvolume boundaries.- Do not run %fdupes on aarch64 to avoid the hardlink-across-partition rpmlint error- Require qemu-seabios only on x86* as it is not available on non-x86 systems- Avoid creating dangling symlinks (bsc#1116524) This reverts the revert of tmp_build.patch- Update to Xen 4.11.1 bug fix release (bsc#1027519) xen-4.11.1-testing-src.tar.bz2 - 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch replaces xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch - 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch replaces xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch - Drop the following patches contained in the new tarball 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch 5b3f8fa5-port-array_index_nospec-from-Linux.patch 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch 5b4488e7-x86-spec-ctrl-cmdline-handling.patch 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch 5b4db308-SVM-fix-cleanup-svm_inject_event.patch 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch 5b505fe5-VMX-fix-find-msr-build.patch 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch 5b508775-2-x86-possibly-bring-up-all-CPUs.patch 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch 5b62ca93-VMX-avoid-hitting-BUG_ON.patch 5b6d84ac-x86-fix-improve-vlapic-read-write.patch 5b6d8ce2-x86-XPTI-parsing.patch 5b72fbbe-ARM-disable-grant-table-v2.patch 5b72fbbe-oxenstored-eval-order.patch 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch 5b72fbbf-xl.conf-Add-global-affinity-masks.patch 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch 5b8d5832-x86-assorted-array_index_nospec-insertions.patch 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch 5bacae4b-x86-boot-allocate-extra-module-slot.patch 5bae44ce-x86-silence-false-log-messages.patch 5bb60c12-x86-split-opt_xpti.patch 5bb60c4f-x86-split-opt_pv_l1tf.patch 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch 5bcf0722-x86-boot-enable-NMIs.patch 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch 5bd076e9-x86-boot-init-debug-regs-correctly.patch 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch 5be2a308-x86-extend-get_platform_badpages.patch 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch xsa275-1.patch xsa275-2.patch xsa276-1.patch xsa276-2.patch xsa277.patch xsa279.patch xsa280-1.patch xsa280-2.patch- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken: Missing /bin/domu-xenstore. This was broken because "make package build reproducible" change. (boo#1047218, boo#1062303) This fix reverses the change to this patch. tmp_build.patch- bsc#1115040 - VUL-0: CVE-2018-19961 CVE-2018-19962: xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275) xsa275-1.patch xsa275-2.patch - bsc#1115043 - VUL-0: CVE-2018-19963: xen: resource accounting issues in x86 IOREQ server handling (XSA-276) xsa276-1.patch xsa276-2.patch - bsc#1115044 - VUL-0: CVE-2018-19964: xen: x86: incorrect error handling for guest p2m page removals (XSA-277) xsa277.patch - bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even when disabled (XSA-278) 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch - bsc#1115045 - VUL-0: xen: CVE-2018-19965: x86: DoS from attempting to use INVPCID with a non-canonical addresses (XSA-279) xsa279.patch - bsc#1115047 - VUL-0: CVE-2018-19966: xen: Fix for XSA-240 conflicts with shadow paging (XSA-280) xsa280-1.patch xsa280-2.patch - bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE constructs may lock up host (XSA-282) 5be2a308-x86-extend-get_platform_badpages.patch 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch - bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV 5bdc31d5-VMX-fix-vmx_handle_eoi.patch - Upstream bug fixes (bsc#1027519) 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch 5bacae4b-x86-boot-allocate-extra-module-slot.patch 5bae44ce-x86-silence-false-log-messages.patch 5bb60c12-x86-split-opt_xpti.patch 5bb60c4f-x86-split-opt_pv_l1tf.patch 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch 5bcf0722-x86-boot-enable-NMIs.patch 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch 5bd076e9-x86-boot-init-debug-regs-correctly.patch 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even when disabled (XSA-278) 5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch- Use SMBIOS_REL_DATE instead of SMBIOS_DATE for reproducible binaries- make package build reproducible (boo#1047218, boo#1062303) * Set SMBIOS_REL_DATE * Update tmp_build.patch to use SHA instead of random build-id * Add reproducible.patch to use --no-insert-timestamp- Building with ncurses 6.1 will fail without xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch - Building libxl acpi support on aarch64 with gcc 8.2 will fail without xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch- bsc#1106263 - L3: The affinity reporting via 'xl vcpu-list' is apparently broken 5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch 5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch 5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch- bsc#1094508 - L3: Kernel oops in fs/dcache.c called by d_materialise_unique() 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch 5b9784d2-x86-HVM-add-known_gla-helper.patch 5b9784f2-x86-HVM-split-page-straddling-accesses.patch - bsc#1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen: oxenstored does not apply quota-maxentity (XSA-272) 5b72fbbe-oxenstored-eval-order.patch - bsc#1103275 - (CVE-2018-15469) VUL-0: CVE-2018-15469: xen: Use of v2 grant tables may cause crash on ARM (XSA-268) 5b72fbbe-ARM-disable-grant-table-v2.patch - Upstream patches from Jan (bsc#1027519) 5b6d84ac-x86-fix-improve-vlapic-read-write.patch 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch 5b8d5832-x86-assorted-array_index_nospec-insertions.patch - Drop 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch- bsc#1078292 - rpmbuild -ba SPECS/xen.spec with xen-4.9.1 failed xen.spec- bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM (XSA-273) 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch - bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS (XSA-269) 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch - Upstream prereq patches for XSA-273 and other upstream fixes (bsc#1027519) 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch 5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch 5b505fe5-VMX-fix-find-msr-build.patch 5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch 5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch 5b62ca93-VMX-avoid-hitting-BUG_ON.patch 5b6d8ce2-x86-XPTI-parsing.patch 5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch 5b72fbbf-xl.conf-Add-global-affinity-masks.patch 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch- Upstream patches from Jan (bsc#1027519) 5b3f8fa5-port-array_index_nospec-from-Linux.patch 5b4488e7-x86-spec-ctrl-cmdline-handling.patch 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch 5b4db308-SVM-fix-cleanup-svm_inject_event.patch 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch 5b508775-2-x86-possibly-bring-up-all-CPUs.patch 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch gcc8-fix-format-warning-on-i586.patch gcc8-fix-array-warning-on-i586.patch - Drop xen.fuzz-_FORTIFY_SOURCE.patch gcc8-fix-warning-on-i586.patch- Update to Xen 4.11.0 FCS (fate#325202, fate#325123) xen-4.11.0-testing-src.tar.bz2 disable-building-pv-shim.patch - Dropped patches 5a33a12f-domctl-improve-locking-during-domain-destruction.patch 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch 5a9985bd-x86-invpcid-support.patch 5ac72a48-gcc8.patch 5ac72a5f-gcc8.patch 5ac72a64-gcc8.patch 5ac72a69-gcc8.patch 5ac72a6e-gcc8.patch 5ac72a74-gcc8.patch 5ac72a7b-gcc8.patch 5ad4923e-x86-correct-S3-resume-ordering.patch 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch 5adde9ed-xpti-fix-double-fault-handling.patch 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch 5ae31917-x86-cpuidle-init-stats-lock-once.patch 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch 5aec7393-1-x86-xpti-avoid-copy.patch 5aec7393-2-x86-xpti-write-cr3.patch 5aec744a-3-x86-xpti-per-domain-flag.patch 5aec744a-4-x86-xpti-use-invpcid.patch 5aec744a-5-x86-xpti-no-global-pages.patch 5aec744a-6-x86-xpti-cr3-valid-flag.patch 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch 5aec744b-8-x86-xpti-cr3-helpers.patch 5aec74a8-9-x86-xpti-use-pcid.patch 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch 5af1daa9-3-x86-traps-use-IST-for-DB.patch 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch 5af97999-viridian-cpuid-leaf-40000003.patch 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch 5b0bc9da-x86-XPTI-fix-S3-resume.patch 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b34882d-x86-mm-dont-bypass-preemption-checks.patch 5b348874-x86-refine-checks-in-DB-handler.patch 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch 5b348954-x86-guard-against-NM.patch libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch libxl.LIBXL_DESTROY_TIMEOUT.patch libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch xen_fix_build_with_acpica_20180427_and_new_packages.patch- Submit upstream patch libacpi: fixes for iasl >= 20180427 git commit 858dbaaeda33b05c1ac80aea0ba9a03924e09005 xen_fix_build_with_acpica_20180427_and_new_packages.patch This is needed for acpica package to get updated in our build service- Upstream patches from Jan (bsc#1027519) 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch) 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch) 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch) 5b0bc9da-x86-XPTI-fix-S3-resume.patch 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces xsa267-1.patch) 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces xsa267-2.patch) 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch) 5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch) 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces xsa266-1-<>.patch) 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces xsa266-2-<>.patch) 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch 5b348954-x86-guard-against-NM.patch- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch- bsc#1098403 - fix regression introduced by changes for bsc#1079730 a PV domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen. xen.bug1079730.patch- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks bypassed in x86 PV MM handling (XSA-264) xsa264.patch - bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception safety check can be triggered by a guest (XSA-265) xsa265.patch - bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour readonly flag on HVM emulated SCSI disks (XSA-266) xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore (XSA-267) xsa267-1.patch xsa267-2.patch- bsc#1092543 - GCC 8: xen build fails gcc8-fix-warning-on-i586.patch- bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 – Speculative Store Bypass aka "Memory Disambiguation" (XSA-263) 5ad4923e-x86-correct-S3-resume-ordering.patch 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch Spectre-v4-1.patch Spectre-v4-2.patch Spectre-v4-3.patch- Always call qemus xen-save-devices-state in suspend/resume to fix migration with qcow2 images (bsc#1079730) libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch xen.bug1079730.patch- bsc#1087289 - L3: Xen BUG at sched_credit.c:1663 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch - Upstream patches from Jan (bsc#1027519) 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch 5ae31917-x86-cpuidle-init-stats-lock-once.patch 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch) 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch) 5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch) 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch) 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch) 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch) 5af97999-viridian-cpuid-leaf-40000003.patch- Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch 5a9985bd-x86-invpcid-support.patch 5adde9ed-xpti-fix-double-fault-handling.patch 5aec7393-1-x86-xpti-avoid-copy.patch 5aec7393-2-x86-xpti-write-cr3.patch 5aec744a-3-x86-xpti-per-domain-flag.patch 5aec744a-4-x86-xpti-use-invpcid.patch 5aec744a-5-x86-xpti-no-global-pages.patch 5aec744a-6-x86-xpti-cr3-valid-flag.patch 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch 5aec744b-8-x86-xpti-cr3-helpers.patch 5aec74a8-9-x86-xpti-use-pcid.patch- bsc#1092543 - GCC 8: xen build fails 5ac72a48-gcc8.patch 5ac72a5f-gcc8.patch 5ac72a64-gcc8.patch 5ac72a69-gcc8.patch 5ac72a6e-gcc8.patch 5ac72a74-gcc8.patch 5ac72a7b-gcc8.patch gcc8-inlining-failed.patch- Update to Xen 4.10.1 bug fix release (bsc#1027519) xen-4.10.1-testing-src.tar.bz2 disable-building-pv-shim.patch - Drop the following patches contained in the new tarball 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch 5a4caa8c-x86-E820-don-t-overrun-array.patch 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch 5a4fd894-4-clarifications-to-wait-infrastructure.patch 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch 5a5e2cff-x86-Meltdown-band-aid.patch 5a5e2d73-x86-Meltdown-band-aid-conditional.patch 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch 5a5e459c-2-x86-report-domain-id-on-CPUID.patch 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch 5a69c0b9-x86-fix-GET_STACK_END.patch 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch 5a6b36cd-9-x86-issue-speculation-barrier.patch 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch xsa258.patch xsa259.patch- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of debug exceptions (XSA-260) xsa260-1.patch xsa260-2.patch xsa260-3.patch xsa260-4.patch - bsc#1090822 - VUL-0: CVE-2018-10982: xen: x86 vHPET interrupt injection errors (XSA-261) xsa261.patch - bsc#1090823 - VUL-0: CVE-2018-10981: xen: qemu may drive Xen into unbounded loop (XSA-262) xsa262.patch- bsc#1089152 - VUL-0: CVE-2018-10472: xen: Information leak via crafted user-supplied CDROM (XSA-258) xsa258.patch - bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash Xen with XPTI (XSA-259) xsa259.patch- Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) (bsc#1087251)- Upstream patches from Jan (bsc#1027519) and fixes related to Page Table Isolation (XPTI). See also bsc#1074562 XSA-254 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch- bsc#1072834 - Xen HVM: unchecked MSR access error: RDMSR from 0xc90 at rIP: 0xffffffff93061456 (native_read_msr+0x6/0x30) 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch - Upstream patches from Jan (bsc#1027519) 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch (Replaces xsa252.patch) 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch (Replaces xsa255-1.patch) 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch (Replaces xsa255-2.patch) 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch (Replaces xsa256.patch) - Drop xsa252.patch xsa255-1.patch xsa255-2.patch xsa256.patch- bsc#1080635 - VUL-0: CVE-2018-7540: xen: DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) xsa252.patch - bsc#1080662 - VUL-0: CVE-2018-7541: xen: grant table v2 -> v1 transition may crash Xen (XSA-255) xsa255-1.patch xsa255-2.patch - bsc#1080634 - VUL-0: CVE-2018-7542: xen: x86 PVH guest without LAPIC may DoS the host (XSA-256) xsa256.patch- Remove stale systemd presets code for 13.2 and older- fate#324965 - add script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU They are triggered via xl vcpu-set domU N- Replace hardcoded xen with Name tag when refering to subpkgs- Make sure tools and tools-domU require libs from the very same build- tools-domU: Add support for qemu guest agent. New files 80-xen-channel-setup.rules and xen-channel-setup.sh configure a xen-pv-channel for use by the guest agent FATE#324963- Remove outdated /etc/xen/README*- bsc#1073961 - VUL-0: CVE-2018-5244: xen: x86: memory leak with MSR emulation (XSA-253) 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch - bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 xen: Information leak via side effects of speculative execution (XSA-254). Includes Spectre v2 mitigation. 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch 5a4caa8c-x86-E820-don-t-overrun-array.patch 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch 5a4fd894-4-clarifications-to-wait-infrastructure.patch 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch 5a5e2cff-x86-Meltdown-band-aid.patch 5a5e2d73-x86-Meltdown-band-aid-conditional.patch 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch 5a5e459c-2-x86-report-domain-id-on-CPUID.patch 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch 5a69c0b9-x86-fix-GET_STACK_END.patch 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch 5a6b36cd-9-x86-issue-speculation-barrier.patch 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch- Fix python3 deprecated atoi call (bsc#1067224) pygrub-python3-conversion.patch - Drop xenmon-python3-conversion.patch- bsc#1067317 - pass cache=writeback|unsafe|directsync to qemu, depending on the libxl disk settings libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch- Remove libxl.LIBXL_DESTROY_TIMEOUT.debug.patch- bsc#1067224 - xen-tools have hard dependency on Python 2 build-python3-conversion.patch bin-python3-conversion.patch- bsc#1070165 - xen crashes after aborted localhost migration 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch - bsc#1035442 - L3: libxl: error: libxl.c:1676:devices_destroy_cb: libxl__devices_destroy failed 5a33a12f-domctl-improve-locking-during-domain-destruction.patch - Upstream patches from Jan (bsc#1027519) 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch- Update to Xen 4.10.0 FCS (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Rebuild initrd if xen-tools-domU is updated- Update to Xen 4.10.0-rc8 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds If many domUs shutdown in parallel the backends can not keep up Add some debug output to track how long backend shutdown takes (bsc#1035442) libxl.LIBXL_DESTROY_TIMEOUT.patch libxl.LIBXL_DESTROY_TIMEOUT.debug.patch- Adjust xenstore-run-in-studomain.patch to change the defaults in the code instead of changing the sysconfig template, to also cover the upgrade case- Update to Xen 4.10.0-rc6 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Since xen switched to Kconfig, building a debug hypervisor was done by default. Adjust make logic to build a non-debug hypervisor by default, and continue to provide one as xen-dbg.gz- fate#316614: set migration constraints from cmdline fix libxl.set-migration-constraints-from-cmdline.patch for xen-4.10- Document the suse-diskcache-disable-flush option in xl-disk-configuration(5) (bsc#879425,bsc#1067317)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Update to Xen 4.10.0-rc5 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - fate#323663 - Run Xenstore in stubdomain xenstore-run-in-studomain.patch- bsc#1067224 - xen-tools have hard dependency on Python 2 pygrub-python3-conversion.patch xenmon-python3-conversion.patch migration-python3-conversion.patch xnloader.py xen2libvirt.py- Remove xendriverdomain.service (bsc#1065185) Driver domains must be configured manually with custom .service file- Update to Xen 4.10.0-rc3 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - Drop 59f31268-libxc-remove-stale-error-check-for-domain-size.patch- Adjust xen-dom0-modules.service to ignore errors (bsc#1065187)- fate#324052 Support migration of Xen HVM domains larger than 1TB 59f31268-libxc-remove-stale-error-check-for-domain-size.patch- Update to Xen 4.10.0-rc2 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Update to Xen 4.10.0-rc1 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - Drop patches included in new tarball 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch 596f257e-x86-fix-hvmemul_insn_fetch.patch 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch 59958ebf-gnttab-fix-transitive-grant-handling.patch 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch gcc7-arm.patch gcc7-mini-os.patch- bsc#1061084 - VUL-0: xen: page type reference leak on x86 (XSA-242) xsa242.patch - bsc#1061086 - VUL-0: xen: x86: Incorrect handling of self-linear shadow mappings with translated guests (XSA-243) xsa243.patch - bsc#1061087 - VUL-0: xen: x86: Incorrect handling of IST settings during CPU hotplug (XSA-244) xsa244.patch- bsc#1061077 - VUL-0: xen: DMOP map/unmap missing argument checks (XSA-238) xsa238.patch - bsc#1061080 - VUL-0: xen: hypervisor stack leak in x86 I/O intercept code (XSA-239) xsa239.patch - bsc#1061081 - VUL-0: xen: Unlimited recursion in linear pagetable de-typing (XSA-240) xsa240-1.patch xsa240-2.patch - bsc#1061082 - VUL-0: xen: Stale TLB entry due to page type release race (XSA-241) xsa241.patch- bsc#1061075 - VUL-0: xen: pin count / page reference race in grant table code (XSA-236) xsa236.patch - bsc#1061076 - VUL-0: xen: multiple MSI mapping issues on x86 (XSA-237) xsa237-1.patch xsa237-2.patch xsa237-3.patch xsa237-4.patch xsa237-5.patch- bsc#1056278 - VUL-0: xen: Missing NUMA node parameter verification (XSA-231) 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch - bsc#1056280 - VUL-0: xen: Missing check for grant table (XSA-232) 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch - bsc#1056281 - VUL-0: xen: cxenstored: Race in domain cleanup (XSA-233) 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch - bsc#1056282 - VUL-0: xen: insufficient grant unmapping checks for x86 PV guests (XSA-234) 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch - bsc#1055321 - VUL-0: xen: add-to-physmap error paths fail to release lock on ARM (XSA-235) 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch - Upstream patches from Jan (bsc#1027519) 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch - Dropped gcc7-xen.patch- bsc#1057358 - Cannot Boot into SLES12.3 with Xen hypervisor when Secure Boot is Enabled xen.spec- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored update from v6 to v9 to cover more cases for ballooned domUs libxc.sr.superpage.patch- bsc#1026236 - remove suse_vtsc_tolerance= cmdline option for Xen drop the patch because it is not upstream acceptable remove xen.suse_vtsc_tolerance.patch- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored after the save using xl stack libxc.sr.superpage.patch- Unignore gcc-PIE the toolstack disables PIE for firmware builds as needed- Upstream patches from Jan (bsc#1027519) 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch 596f257e-x86-fix-hvmemul_insn_fetch.patch 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch (Replaces xsa227.patch) 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch (Replaces xsa228.patch) 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch (Replaces xsa230.patch) 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch (Replaces xsa226-1.patch) 59958ebf-gnttab-fix-transitive-grant-handling.patch (Replaces xsa226-2.patch) 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch- bsc#1044974 - xen-tools require python-pam xen.spec- Clean up spec file errors and a few warnings. (bsc#1027519) - Removed conditional 'with_systemd' and some old deprecated 'sles_version' checks. xen.spec- Remove use of brctl utiltiy from supportconfig plugin FATE#323639- Use upstream variant of mini-os __udivmoddi4 change gcc7-mini-os.patch- fate#323639 Move bridge-utils to legacy replace-obsolete-network-configuration-commands-in-s.patch- bsc#1052686 - VUL-0: xen: grant_table: possibly premature clearing of GTF_writing / GTF_reading (XSA-230) xsa230.patch- bsc#1035231 - migration of HVM domU does not use superpages on destination dom0 libxc.sr.superpage.patch- bsc#1051787 - VUL-0: CVE-2017-12135: xen: possibly unbounded recursion in grant table code (XSA-226) xsa226-1.patch xsa226-2.patch - bsc#1051788 - VUL-0: CVE-2017-12137: xen: x86: PV privilege escalation via map_grant_ref (XSA-227) xsa227.patch - bsc#1051789 - VUL-0: CVE-2017-12136: xen: grant_table: Race conditions with maptrack free list handling (XSA-228) xsa228.patch- Add a supportconfig plugin xen-supportconfig FATE#323661- bsc#1026236 - add suse_vtsc_tolerance= cmdline option for Xen To avoid emulation of TSC access from a domU after live migration add a global tolerance for the measured host kHz xen.suse_vtsc_tolerance.patch- fate#323662 Drop qemu-dm from xen-tools package The following tarball and patches have been removed qemu-xen-traditional-dir-remote.tar.bz2 VNC-Support-for-ExtendedKeyEvent-client-message.patch 0001-net-move-the-tap-buffer-into-TAPState.patch 0002-net-increase-tap-buffer-size.patch 0003-e1000-fix-access-4-bytes-beyond-buffer-end.patch 0004-e1000-secrc-support.patch 0005-e1000-multi-buffer-packet-support.patch 0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch 0007-e1000-verify-we-have-buffers-upfront.patch 0008-e1000-check-buffer-availability.patch CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch CVE-2015-4037-qemut-smb-config-dir-name.patch CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch blktap.patch cdrom-removable.patch xen-qemu-iscsi-fix.patch qemu-security-etch1.patch xen-disable-qemu-monitor.patch xen-hvm-default-bridge.patch qemu-ifup-set-mtu.patch ioemu-vnc-resize.patch capslock_enable.patch altgr_2.patch log-guest-console.patch bdrv_open2_fix_flags.patch bdrv_open2_flags_2.patch ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch qemu-dm-segfault.patch bdrv_default_rwflag.patch kernel-boot-hvm.patch ioemu-watchdog-support.patch ioemu-watchdog-linkage.patch ioemu-watchdog-ib700-timer.patch ioemu-hvm-pv-support.patch pvdrv_emulation_control.patch ioemu-disable-scsi.patch ioemu-disable-emulated-ide-if-pv.patch xenpaging.qemu.flush-cache.patch ioemu-devicemodel-include.patch - Cleanup spec file and remove unused KMP patches kmp_filelist supported_module.patch xen_pvonhvm.xen_emul_unplug.patch- bsc#1002573 - Optimize LVM functions in block-dmmd block-dmmd- Record initial Xen dmesg in /var/log/xen/xen-boot.log for supportconfig. Keep previous log in /var/log/xen/xen-boot.prev.log- Remove storytelling from description in xen.rpm- Update to Xen 4.9.0 FCS (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update block-dmmd script (bsc#1002573) block-dmmd- Update to Xen 4.9.0-rc8+ (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 gcc7-arm.patch - Drop gcc7-error-xenpmd.patch- Update to Xen 4.9.0-rc8 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop due to incorrect return value CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory leakage via capture buffer CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1031343 - xen fails to build with GCC 7 gcc7-mini-os.patch gcc7-xen.patch- bsc#1031343 - xen fails to build with GCC 7 gcc7-error-xenpmd.patch- Update to Xen 4.9.0-rc5 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 - Drop xen-tools-pkgconfig-xenlight.patch- bsc#1037779 - xen breaks kexec-tools build xen-tools-pkgconfig-xenlight.patch- Update to Xen 4.9.0-rc4 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1036146 - sles12sp2 xen VM dumps core to wrong path xen.spec- Update to Xen 4.9.0-rc3 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 aarch64-maybe-uninitialized.patch- Update to Xen 4.9.0-rc2 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update to Xen 4.9.0-rc1 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 ioemu-devicemodel-include.patch - Dropped patches contained in new tarball xen-4.8.0-testing-src.tar.bz2 0001-xenstore-let-write_node-and-some-callers-return-errn.patch 0002-xenstore-undo-function-rename.patch 0003-xenstore-rework-of-transaction-handling.patch 584806ce-x86emul-correct-PUSHF-POPF.patch 584fc649-fix-determining-when-domain-creation-is-complete.patch 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch 5853ed37-VT-d-correct-dma_msi_set_affinity.patch 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch 5882129d-x86emul-LOCK-check-adjustments.patch 58821300-x86-segment-attribute-handling.patch 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch 58a44771-IOMMU-always-call-teardown-callback.patch 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch glibc-2.25-compatibility-fix.patch xs-09-add_change_node-params.patch xs-10-call-add_change_node.patch xs-11-tdb-record-header.patch xs-12-node-gen-count.patch xs-13-read-directory-part-support.patch xs-14-command-array.patch xs-15-command-return-val.patch xs-16-function-static.patch xs-17-arg-parsing.patch xs-18-default-buffer.patch xs-19-handle-alloc-failures.patch xs-20-tdb-version.patch xs-21-empty-tdb-database.patch xs-22-reopen_log-fix.patch xs-23-XS_DEBUG-rename.patch xs-24-xenstored_control.patch xs-25-control-enhance.patch xs-26-log-control.patch xs-27-memory-report.patch xs-28-remove-talloc-report.patch xs-29-define-off_t.patch xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch- bsc#1022703 - Xen HVM guest with OVMF hangs with unattached CDRom 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch- bsc#1015348 - L3: libvirtd does not start during boot suse-xendomains-service.patch- bsc#1014136 - Partner-L3: kdump can't dump a kernel on SLES12-SP2 with Xen hypervisor. 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch - bsc#1026236 - L3: Paravirtualized vs. fully virtualized migration - latter one much faster 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch - Upstream patch from Jan 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch- bsc#1022555 - L3: Timeout in "execution of /etc/xen/scripts/block add" 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch 0001-xenstore-let-write_node-and-some-callers-return-errn.patch 0002-xenstore-undo-function-rename.patch 0003-xenstore-rework-of-transaction-handling.patch - bsc#1030144 - VUL-0: xen: xenstore denial of service via repeated update (XSA-206) xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch - bsc#1029827 - Forward port xenstored xs-09-add_change_node-params.patch xs-10-call-add_change_node.patch xs-11-tdb-record-header.patch xs-12-node-gen-count.patch xs-13-read-directory-part-support.patch xs-14-command-array.patch xs-15-command-return-val.patch xs-16-function-static.patch xs-17-arg-parsing.patch xs-18-default-buffer.patch xs-19-handle-alloc-failures.patch xs-20-tdb-version.patch xs-21-empty-tdb-database.patch xs-22-reopen_log-fix.patch xs-23-XS_DEBUG-rename.patch xs-24-xenstored_control.patch xs-25-control-enhance.patch xs-26-log-control.patch xs-27-memory-report.patch xs-28-remove-talloc-report.patch xs-29-define-off_t.patch- bsc#1029128 - fix make xen to really produce xen.efi with gcc48- bsc#1028235 - VUL-0: CVE-2017-6505: xen: qemu: usb: an infinite loop issue in ohci_service_ed_list CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch - Upstream patches from Jan (bsc#1027519) 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch 58a44771-IOMMU-always-call-teardown-callback.patch 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch- bsc#1027654 - XEN fails to build against glibc 2.25 glibc-2.25-compatibility-fix.patch libxl.pvscsi.patch- fate#316613: Refresh and enable libxl.pvscsi.patch- bsc#1024834 - VUL-0: CVE-2017-2620: xen: cirrus_bitblt_cputovideo does not check if memory region is safe (XSA-209) CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch- bsc#1023948 - [pvusb][sles12sp3][openqa] Segmentation fault happened when adding usbctrl devices via xl 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch- Upstream patches from Jan (bsc#1027519) 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch 5882129d-x86emul-LOCK-check-adjustments.patch 58821300-x86-segment-attribute-handling.patch 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch- bsc#1023004 - VUL-0: CVE-2017-2615: qemu: display: cirrus: oob access while doing bitblt copy backward mode CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch- fate#322313 and fate#322150 require the acpica package ported to aarch64 which Xen 4.8 needs to build. Temporarily disable aarch64 until these fates are complete. xen.spec- bsc#1021952 - Virutalization/xen: Bug xen-tools missing /usr/bin/domu-xenstore; guests fail to launch tmp_build.patch xen.spec- No systemd presets for 42.3+ and SLE12SP3+ (bsc#1012842)- bsc#1007224 - broken symlinks in /usr/share/doc/packages/xen/misc/ xen.spec- 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch Replaces xsa202.patch (bsc#1014298) - 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch Replaces xsa203.patch (bsc#1014300) - 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch Replaces xsa204.patch (bsc#1016340) - Upstream patches from Jan 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch 5853ed37-VT-d-correct-dma_msi_set_affinity.patch 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch- bsc#1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch- bsc#1016340 - VUL-0: CVE-2016-10013: xen: x86: Mishandling of SYSCALL singlestep during emulation (XSA-204) xsa204.patch- bsc#1012651 - VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation fails to ignore operand size override (XSA-200) 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch- bsc#1014298 - VUL-0: CVE-2016-10024: xen: x86 PV guests may be able to mask interrupts (XSA-202) xsa202.patch - bsc#1014300 - VUL-0: CVE-2016-10025: xen: x86: missing NULL pointer check in VMFUNC emulation (XSA-203) xsa203.patch - Upstream patches from Jan 584806ce-x86emul-correct-PUSHF-POPF.patch 584fc649-fix-determining-when-domain-creation-is-complete.patch 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch- Update to Xen 4.8 FCS xen-4.8.0-testing-src.tar.bz2 - Dropped xen-4.7.1-testing-src.tar.bz2 0001-libxc-Rework-extra-module-initialisation.patch 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch 0004-firmware-makefile-install-BIOS-blob.patch 0005-libxl-Load-guest-BIOS-from-file.patch 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch 0008-hvmloader-Locate-the-BIOS-blob.patch 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch 0011-hvmloader-Load-OVMF-from-modules.patch 0012-hvmloader-Specific-bios_load-function-required.patch 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch 5769106e-x86-generate-assembler-equates-for-synthesized.patch 57a1e603-x86-time-adjust-local-system-time-initialization.patch 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch 57a30261-x86-support-newer-Intel-CPU-models.patch 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch 58343ec2-x86emul-fix-huge-bit-offset-handling.patch 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch 58343f44-x86-svm-fix-injection-of-software-interrupts.patch 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch CVE-2016-9381-xsa197-qemut.patch CVE-2016-9637-xsa199-qemut.patch- bsc#1011652 - VUL-0: xen: qemu ioport array overflow CVE-2016-9637-xsa199-qemut.patch- bsc#1009100 - VUL-0: CVE-2016-9386: XSA-191: xen: x86 null segments not always treated as unusable 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch - bsc#1009103 - VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch to VM86 mode mis-handled 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch - bsc#1009104 - VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base write emulation lacking canonical address checks 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch - bsc#1009105 - VUL-0: CVE-2016-9384: XSA-194: xen: guest 32-bit ELF symbol table load leaking host data 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch - bsc#1009107 - VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit test instruction emulation broken 58343ec2-x86emul-fix-huge-bit-offset-handling.patch - bsc#1009108 - VUL-0: CVE-2016-9377,CVE-2016-9378: XSA-196: xen: x86 software interrupt injection mis-handled 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch 58343f44-x86-svm-fix-injection-of-software-interrupts.patch - bsc#1009109 - VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious about shared ring processing CVE-2016-9381-xsa197-qemut.patch - bsc#1009111 - VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen: delimiter injection vulnerabilities in pygrub 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch - Upstream patches from Jan 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch- Update to Xen Version 4.7.1 xen-4.7.1-testing-src.tar.bz2 - Dropped patches contained in new tarball xen-4.7.0-testing-src.tar.bz2 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch 57973099-have-schedulers-revise-initial-placement.patch 579730e6-remove-buggy-initial-placement-algorithm.patch 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch 57c82be2-x86-32on64-adjust-call-gate-emulation.patch 57c93e52-fix-error-in-libxl_device_usbdev_list.patch 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch 57c96e2c-x86-correct-PT_NOTE-file-position.patch 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch 57e93e1d-x86emul-correct-loading-of-ss.patch 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch 57e93e89-x86-AMD-apply-erratum-665-workaround.patch 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch 57fb6a91-x86-defer-not-present-segment-checks.patch 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch 5800caec-x86emul-fix-pushing-of-selector-registers.patch 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch- bsc#1004981 - Xen RPM doesn't contain debug hypervisor for EFI systems xen.spec- bsc#1000106 - VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190) 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch - bsc#996191 - [XEN][acpi]residency -n 88 -c will cause xen panic on broadwell-ep 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch - Upstream patches from Jan 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch 57e93e1d-x86emul-correct-loading-of-ss.patch 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch 57e93e89-x86-AMD-apply-erratum-665-workaround.patch 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch 57fb6a91-x86-defer-not-present-segment-checks.patch 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch 5800caec-x86emul-fix-pushing-of-selector-registers.patch 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch- bsc#1007941 - Xen tools limit the number of vcpus to 256 when the system has 384 xen-arch-kconfig-nr_cpus.patch- bsc#1007157 - VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite loop while transmit in C+ mode CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch- bsc#1005004 - CVE-2016-8667: xen: dma: rc4030 divide by zero error in set_next_tick CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch - bsc#1005005 - VUL-0: CVE-2016-8669: xen: char: divide by zero error in serial_update_parameters CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch- bsc#1003030 - VUL-0: CVE-2016-7908: xen: net: Infinite loop in mcf_fec_do_tx CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch - bsc#1003032 - VUL-0: CVE-2016-7909: xen: net: pcnet: infinite loop in pcnet_rdra_addr CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch- bsc#995785 - VUL-0: CVE-2016-7092: xen: x86: Disallow L3 recursive pagetable for 32-bit PV guests (XSA-185) 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch - bsc#995789 - VUL-0: CVE-2016-7093: xen: x86: Mishandling of instruction pointer truncation during emulation (XSA-186) 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch - bsc#995792 - VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of sh_ctxt->seg_reg[] (XSA-187) 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch - bsc#991934 - xen hypervisor crash in csched_acct 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch - Upstream patches from Jan 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch 57c82be2-x86-32on64-adjust-call-gate-emulation.patch 57c96e2c-x86-correct-PT_NOTE-file-position.patch 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch- bsc#979002 - add 60-persistent-xvd.rules and helper script also to initrd, add the relevant dracut helper- bnc#953518 - unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol- bsc#989679 - [pvusb feature] USB device not found when 'virsh detach-device guest usb.xml' 57c93e52-fix-error-in-libxl_device_usbdev_list.patch- bsc#992224 - [HPS Bug] During boot of Xen Hypervisor, Failed to get contiguous memory for DMA from Xen 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch - bsc#978755 - xen uefi systems fail to boot - bsc#983697 - SLES12 SP2 Xen UEFI mode cannot boot 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch - Upstream patch from Jan 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch- spec: to stay compatible with the in-tree qemu-xen binary, use /usr/bin/qemu-system-i386 instead of /usr/bin/qemu-system-x86_64 bsc#986164- bsc#970135 - new virtualization project clock test randomly fails on Xen 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch 5769106e-x86-generate-assembler-equates-for-synthesized.patch 57a1e603-x86-time-adjust-local-system-time-initialization.patch 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch - bsc#991934 - xen hypervisor crash in csched_acct 57973099-have-schedulers-revise-initial-placement.patch 579730e6-remove-buggy-initial-placement-algorithm.patch - bsc#988675 - VUL-0: CVE-2016-6258: xen: x86: Privilege escalation in PV guests (XSA-182) 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch - bsc#988676 - VUL-0: CVE-2016-6259: xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183) 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch - Upstream patches from Jan 57a30261-x86-support-newer-Intel-CPU-models.patch- bsc#985503 - vif-route broken vif-route.patch- bsc#978413 - PV guest upgrade from sles11sp4 to sles12sp2 alpha3 failed on sles11sp4 xen host. pygrub-handle-one-line-menu-entries.patch- bsc#990843 - VUL-1: CVE-2016-6351: xen: qemu: scsi: esp: OOB write access in esp_do_dma CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch- bsc#900418 - Dump cannot be performed on SLES12 XEN 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch - Upstream patches from Jan 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch- fate#319989 - Update to Xen 4.7 FCS xen-4.7.0-testing-src.tar.bz2 - Drop CVE-2014-3672-qemut-xsa180.patch- bsc#954872 - script block-dmmd not working as expected - libxl: error: libxl_dm.c (Additional fixes) block-dmmd- Convert with_stubdom into build_conditional to allow adjusting via prjconf - Convert with_debug into build_conditional to allow adjusting via prjconf- bsc#979002 - add 60-persistent-xvd.rules and helper script to xen-tools-domU to simplify transition to pvops based kernels- Convert with_oxenstored into build_conditional to allow adjusting via prjconf (fate#320836)- bsc#983984 - VUL-0: CVE-2016-5338: xen: qemu: scsi: esp: OOB r/w access while processing ESP_FIFO CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch - bsc#982960 - VUL-0: CVE-2016-5238: xen: qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch- fate#319989 - Update to Xen 4.7 RC5 xen-4.7.0-testing-src.tar.bz2- fate#319989 - Update to Xen 4.7 RC4 xen-4.7.0-testing-src.tar.bz2 - Dropped xen.pkgconfig-4.7.patch xsa164.patch- bsc#981264 - VUL-0: CVE-2014-3672: xen: Unrestricted qemu logging (XSA-180) CVE-2014-3672-qemut-xsa180.patch- bsc#980724 - VUL-0: CVE-2016-4441: Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in get_cmd CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch - bsc#980716 - VUL-0: CVE-2016-4439: xen: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch- fate#319989 - Update to Xen 4.7 RC3 xen-4.7.0-testing-src.tar.bz2 - Dropped libxl-remove-cdrom-cachemode.patch x86-PoD-only-reclaim-if-needed.patch gcc6-warnings-as-errors.patch- bsc#954872 - script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) block-dmmd- fate#319989 - Update to Xen 4.7 RC2 xen-4.7.0-testing-src.tar.bz2- bsc#961600 - L3: poor performance when Xen HVM domU configured with max memory > current memory x86-PoD-only-reclaim-if-needed.patch- Mark SONAMEs and pkgconfig as xen 4.7 xen.pkgconfig-4.7.patch- bsc#977329 - Xen: Cannot boot HVM guests with empty cdrom libxl-remove-cdrom-cachemode.patch- fate#319989 - Update to Xen 4.7 RC1 xen-4.7.0-testing-src.tar.bz2- fate#316614: set migration constraints from cmdline restore libxl.set-migration-constraints-from-cmdline.patch- Remove obsolete patch for xen-kmp magic_ioport_compat.patch- fate#316613: update to v12 libxl.pvscsi.patch- Update to the latest Xen 4.7 pre-release c2994f86 Drop libxl.migrate-legacy-stream-read.patch- bnc#972756 - Can't migrate HVM guest from SLES12SP1 Xen host to SLES12SP2 Alpha 1 host using xl migrate libxl.migrate-legacy-stream-read.patch- Add patches from proposed upstream series to load BIOS's from the toolstack instead of embedding in hvmloader http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html 0001-libxc-Rework-extra-module-initialisation.patch, 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch, 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch, 0004-firmware-makefile-install-BIOS-blob.patch, 0005-libxl-Load-guest-BIOS-from-file.patch, 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch, 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch, 0008-hvmloader-Locate-the-BIOS-blob.patch, 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch, 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch, 0011-hvmloader-Load-OVMF-from-modules.patch, 0012-hvmloader-Specific-bios_load-function-required.patch, 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch, 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch - Enable support for UEFI on x86_64 using the ovmf-x86_64-ms.bin firmware from qemu-ovmf-x86_64. The firmware is preloaded with Microsoft keys to more closely resemble firmware on real hardware FATE#320490- fate#319989: Update to Xen 4.7 (pre-release) xen-4.7.0-testing-src.tar.bz2 - Dropped: xen-4.6.1-testing-src.tar.bz2 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch hotplug-Linux-block-performance-fix.patch set-mtu-from-bridge-for-tap-interface.patch xendomains-libvirtd-conflict.patch xsa154.patch xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xsa170.patch- Use system SeaBIOS instead of building/installing another one FATE#320638 Dropped files: seabios-dir-remote.tar.bz2 xen-c99-fix.patch xen.build-compare.seabios.patch- spec: drop BuildRequires that were only needed for qemu-xen- bsc#969377 - xen does not build with GCC 6 ipxe-use-rpm-opt-flags.patch gcc6-warnings-as-errors.patch- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite loop in ne2000_receive CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch - Drop xsa154-fix.patch- Use system qemu instead of building/installing yet another qemu FATE#320638 - Dropped files qemu-xen-dir-remote.tar.bz2 CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch qemu-xen-enable-spice-support.patch qemu-xen-upstream-qdisk-cache-unsafe.patch tigervnc-long-press.patch xsa162-qemuu.patch- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer dereference in vapic_write() CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch- bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in remote NDIS control message handling CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch- bsc#954872 - L3: script block-dmmd not working as expected - libxl: error: libxl_dm.c block-dmmd - Update libxl to recognize dmmd and npiv prefix in disk spec xen.libxl.dmmd.patch- bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers in ohci module leads to null pointer dereference CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch - bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer dereference in remote NDIS control message handling CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch- Update to Xen Version 4.6.1 xen-4.6.1-testing-src.tar.bz2 - Dropped patches now contained in tarball or unnecessary xen-4.6.0-testing-src.tar.bz2 5604f239-x86-PV-properly-populate-descriptor-tables.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch 56549f24-x86-vPMU-document-as-unsupported.patch 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch xsa155-qemut-qdisk-double-access.patch xsa155-qemut-xenfb.patch xsa155-qemuu-qdisk-double-access.patch xsa155-qemuu-xenfb.patch xsa159.patch xsa160.patch xsa162-qemut.patch xsa165.patch xsa166.patch xsa167.patch xsa168.patch- bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent cachability flags on guest mappings (XSA-154) xsa154.patch - bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may crash guest with non-canonical RIP (XSA-170) xsa170.patch- bsc#965269 - VUL-1: CVE-2015-8619: xen: stack based OOB write in hmp_sendkey routine CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch- bsc#965156 - VUL-0: CVE-2015-6855: xen: ide: divide by zero issue CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch - bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref in sosendto() CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch- bsc#964947 - VUL-0: CVE-2015-5278: xen: Infinite loop in ne2000_receive() function CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch - bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch- bsc#964644 - VUL-0: CVE-2013-4533: xen pxa2xx: buffer overrun on incoming migration CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch - bsc#964925 - VUL-0: CVE-2014-0222: xen: qcow1: validate L2 table size to avoid integer overflows CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch - Dropped CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch- bsc#964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer dereference in ehci_caps_write CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch - bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun on incoming migration CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch- bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch- bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun on invalid state load CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch- bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient resource limiting in VNC websockets decoder CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch - bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on invalid state load CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch - bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient bits_per_pixel from the client sanitization CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch- bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer overun on invalid state CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch - bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer overflow in non-loopback mode CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch- bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch- bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch - bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci use-after-free vulnerability in aio port commands CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch- bsc#959695 - missing docs for xen xen.spec- bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) xsa168.patch - bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage functionality missing sanity checks (XSA-167) xsa167.patch - bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch- bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers leads to a crash via assert(2) call CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch - bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access in ioport r/w functions CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional logging upon guest changing callback method (XSA-169) 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch- Adjust xen-dom0-modules.service to run Before xenstored.service instead of proc-xen.mount to workaround a bug in systemd "design" (bnc#959845)- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155) xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xsa155-qemuu-qdisk-double-access.patch xsa155-qemut-qdisk-double-access.patch xsa155-qemuu-xenfb.patch xsa155-qemut-xenfb.patch - bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch - bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer dereference issue CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch - bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch - bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164) xsa164.patch - bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM initialization (XSA-165) xsa165.patch - bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) xsa166.patch- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch - Upstream patches from Jan 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch 56544a57-VMX-fix-adjust-trap-injection.patch 56546ab2-sched-fix-insert_vcpu-locking.patch- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163) 56549f24-x86-vPMU-document-as-unsupported.patch - bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) xsa159.patch - bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) xsa160.patch - bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) xsa162-qemuu.patch xsa162-qemut.patch - bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch- fate#315712: XEN: Use the PVOPS kernel Turn off building the KMPs now that we are using the pvops kernel xen.spec- Upstream patches from Jan 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch - Dropped 55b0a2db-x86-MSI-track-guest-masking.patch- Use upstream variants of block-iscsi and block-nbd- Remove xenalyze.hg, its part of xen-4.6- Update to Xen Version 4.6.0 xen-4.6.0-testing-src.tar.bz2 mini-os.tar.bz2 blktap2-no-uninit.patch stubdom-have-iovec.patch - Renamed xsa149.patch to CVE-2015-7969-xsa149.patch - Dropped patches now contained in tarball or unnecessary xen-4.5.2-testing-src.tar.bz2 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch 54f4985f-libxl-fix-libvirtd-double-free.patch 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch 551ac326-xentop-add-support-for-qdisk.patch 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 557eb55f-gnttab-per-active-entry-locking.patch 557eb5b6-gnttab-introduce-maptrack-lock.patch 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch 5582bf43-evtchn-simplify-port_is_valid.patch 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch 55b0a218-x86-PCI-CFG-write-intercept.patch 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch 55b0a2ab-x86-MSI-X-enable.patch blktapctrl-close-fifos.patch blktapctrl-default-to-ioemu.patch blktapctrl-disable-debug-printf.patch blktap-no-uninit.patch blktap-pv-cdrom.patch build-tapdisk-ioemu.patch ioemu-bdrv-open-CACHE_WB.patch ioemu-blktap-barriers.patch ioemu-blktap-fv-init.patch ioemu-blktap-image-format.patch ioemu-blktap-zero-size.patch libxl.set-migration-constraints-from-cmdline.patch local_attach_support_for_phy.patch pci-attach-fix.patch qemu-xen-upstream-megasas-buildtime.patch tapdisk-ioemu-logfile.patch tapdisk-ioemu-shutdown-fix.patch udev-rules.patch xen.build-compare.ipxe.patch xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch xen.build-compare.vgabios.patch xen.build-compare.xen_compile_h.patch xl-coredump-file-location.patch- bsc#954405 - VUL-0: CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - VUL-0: CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) CVE-2015-5307-xsa156.patch- Update to Xen 4.5.2 xen-4.5.2-testing-src.tar.bz2 - Drop the following xen-4.5.1-testing-src.tar.bz2 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch 5576f178-kexec-add-more-pages-to-v1-environment.patch 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch 558bfaa0-x86-traps-avoid-using-current-too-early.patch 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch 559bdde5-pull-in-latest-linux-earlycpio.patch 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch 55a77e4f-dmar-device-scope-mem-leak-fix.patch 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch 55e43fd8-x86-NUMA-fix-setup_node.patch 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch CVE-2015-4106-xsa131-9.patch CVE-2015-3259-xsa137.patch CVE-2015-7311-xsa142.patch CVE-2015-7835-xsa148.patch xsa139-qemuu.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch xsa151.patch xsa152.patch xsa153-libxl.patch CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch"- bsc#950704 - CVE-2015-7970 VUL-1: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch- Upstream patches from Jan 5604f239-x86-PV-properly-populate-descriptor-tables.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) xsa153-libxl.patch- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) xsa149.patch - bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) xsa151.patch - bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) xsa152.patch - Dropped 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure temporary file use in /net/slirp.c CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-4037-qemut-smb-config-dir-name.patch - bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table size to avoid integer overflows CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled creation of large page mappings by PV guests (XSA-148) CVE-2015-7835-xsa148.patch- bsc#949138 - Setting vcpu affinity under Xen causes libvirtd abort 54f4985f-libxl-fix-libvirtd-double-free.patch- bsc#949046 - Increase %suse_version in SP1 to 1316 xen.spec - Update README.SUSE detailing dom0 ballooning recommendations- bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’ secondly show errors 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch - Upstream patches from Jan 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch- bsc#941074 - VmError: Device 51728 (vbd) could not be connected. Hotplug scripts not working. hotplug-Linux-block-performance-fix.patch- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) CVE-2015-7311-xsa142.patch- bsc#945165 - Xl pci-attach show error with kernel of SLES 12 sp1 pci-attach-fix.patch- bsc#945164 - Xl destroy show error with kernel of SLES 12 sp1 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch- Upstream patches from Jan 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch 55e43fd8-x86-NUMA-fix-setup_node.patch 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch- bsc#944463 - VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in vnc_client_read() and protocol_client_msg() CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch - bsc#944697 - VUL-1: CVE-2015-6815: qemu: net: e1000: infinite loop issue CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line config handling stack overflow 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch- bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed - bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been observed - bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot has been observed 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 55b0a218-x86-PCI-CFG-write-intercept.patch 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch 55b0a2ab-x86-MSI-X-enable.patch 55b0a2db-x86-MSI-track-guest-masking.patch - Upstream patches from Jan 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch 55a77e4f-dmar-device-scope-mem-leak-fix.patch 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch - Dropped for upstream version x86-MSI-mask.patch x86-MSI-pv-unmask.patch x86-MSI-X-enable.patch x86-MSI-X-maskall.patch x86-MSI-X-teardown.patch x86-pci_cfg_okay.patch x86-PCI-CFG-write-intercept.patch- bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap memory in rtl8139 device model xsa140-qemuu-1.patch xsa140-qemuu-2.patch xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch - bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen block unplug protocol xsa139-qemuu.patch- bsc#937371 - xen vm's running after reboot xendomains-libvirtd-conflict.patch- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code execution via IDE subsystem CD-ROM CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch- Remove xendomains.service from systemd preset file because it conflicts with libvirt-guests.service (bnc#937371) Its up to the admin to run systemctl enable xendomains.service- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line config handling stack overflow CVE-2015-3259-xsa137.patch - Upstream patches from Jan 558bfaa0-x86-traps-avoid-using-current-too-early.patch 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch 559bdde5-pull-in-latest-linux-earlycpio.patch - Upstream patches from Jan pending review 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 557eb55f-gnttab-per-active-entry-locking.patch 557eb5b6-gnttab-introduce-maptrack-lock.patch 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch 5582bf43-evtchn-simplify-port_is_valid.patch 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch x86-MSI-pv-unmask.patch x86-pci_cfg_okay.patch x86-PCI-CFG-write-intercept.patch x86-MSI-X-maskall.patch x86-MSI-X-teardown.patch x86-MSI-X-enable.patch x86-MSI-mask.patch- Adjust more places to use br0 instead of xenbr0- bnc#936516 - xen fails to build with kernel update(4.1.0 from stable) 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch- Update to Xen Version 4.5.1 FCS (fate#315675) xen-4.5.1-testing-src.tar.bz2 - Dropped patches now contained in tarball 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch 5513b458-allow-reboot-overrides-when-running-under-EFI.patch 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch 5576f178-kexec-add-more-pages-to-v1-environment.patch 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch CVE-2015-3456-xsa133-qemuu.patch CVE-2015-3456-xsa133-qemut.patch qemu-MSI-X-enable-maskall.patch qemu-MSI-X-latch-writes.patch x86-MSI-X-guest-mask.patch- Replace 5124efbe-add-qxl-support.patch with the variant that finally made it upstream, 554cc211-libxl-add-qxl.patch- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable qemu MSI-X pass-through error messages qemu-MSI-X-latch-writes.patch - bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed - bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been observed - bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot has been observed x86-MSI-X-teardown.patch x86-MSI-X-enable.patch x86-MSI-X-guest-mask.patch x86-MSI-X-maskall.patch qemu-MSI-X-enable-maskall.patch - Upstream patches from Jan 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch - Dropped the following patches now contained in the tarball xen-no-array-bounds.patch CVE-2015-4103-xsa128.patch CVE-2015-4104-xsa129.patch CVE-2015-4105-xsa130.patch CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch- Update to Xen 4.5.1 RC2 - bsc#931628 - VUL-0: CVE-2015-4106: XSA-131: xen: Unmediated PCI register access in qemu CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch CVE-2015-4106-xsa131-9.patch - bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable qemu MSI-X pass-through error messages CVE-2015-4105-xsa130.patch - bsc#931626 - VUL-0: CVE-2015-4104: XSA-129: xen: PCI MSI mask bits inadvertently exposed to guests CVE-2015-4104-xsa129.patch - bsc#931625 - VUL-0: CVE-2015-4103: XSA-128: xen: Potential unintended writes to host MSI message data field via qemu CVE-2015-4103-xsa128.patch - Upstream patches from Jan 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch- Add DefaultDependencies=no to xen-dom0-modules.service because it has to run before proc-xen.mount- Update to Xen 4.5.1 RC1- Update blktap-no-uninit.patch to work with gcc-4.5- bsc#927967 - VUL-0: CVE-2015-3340: xen: Information leak through XEN_DOMCTL_gettscinfo (XSA-132) 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch- bnc#929339 - VUL-0: CVE-2015-3456: qemu kvm xen: VENOM qemu floppy driver host code execution CVE-2015-3456-xsa133-qemuu.patch CVE-2015-3456-xsa133-qemut.patch- bsc#928783 - Reboot failure; Request backport of upstream Xen patch to 4.5.0, or update pkgs to 4.5.1 5513b458-allow-reboot-overrides-when-running-under-EFI.patch 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch- bnc#927750 - Avoid errors reported by system-modules-load.service- Add xen-no-array-bounds.patch and blktap-no-uninit.patch to selectively turn errors back to warnings to fix build with GCC 5. - Amend xen.stubdom.newlib.patch to pull in declaration of strcmp to avoid implicit-fortify-decl rpmlint error. - Fix quoting of __SMBIOS_DATE__ in xen.build-compare.smbiosdate.patch.- xentop: Fix memory leak on read failure 551ac326-xentop-add-support-for-qdisk.patch- Dropped xentop-add-support-for-qdisk.patch in favor of upstream version 551ac326-xentop-add-support-for-qdisk.patch- Enable spice support in qemu for x86_64 5124efbe-add-qxl-support.patch qemu-xen-enable-spice-support.patch- Add xen-c99-fix.patch to remove pointless inline specifier on function declarations which break build with a C99 compiler which GCC 5 is by default. (bsc#921994) - Add ipxe-no-error-logical-not-parentheses.patch to supply - Wno-logical-not-parentheses to the ipxe build to fix breakage with GCC 5. (bsc#921994)- bnc#921842 - Xentop doesn't display disk statistics for VMs using qdisks xentop-add-support-for-qdisk.patch- Disable the PIE enablement done for Factory, as the XEN code is not buildable with PIE and it does not make much sense to build the hypervisor code with it.- bnc#918169 - XEN fixes required to work with Kernel 3.19.0 xen.spec- Package xen.changes because its referenced in xen.spec- Update seabios to rel-1.7.5 which is the correct version for Xen 4.5- Update to Xen 4.5.0 FCS- Include systemd presets in 13.2 and older- bnc#897352 - Enable xencommons/xendomains only during fresh install - disable restart on upgrade because the toolstack is not restartable- adjust seabios, vgabios, stubdom and hvmloader build to reduce build-compare noise xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch xen.build-compare.ipxe.patch xen.build-compare.vgabios.patch xen.build-compare.seabios.patch xen.build-compare.man.patch- Update to Xen 4.5.0 RC4- Remove xend specific if-up scripts Recording bridge slaves is a generic task which should be handled by generic network code- Use systemd features from upstream requires updated systemd-presets-branding package- Update to Xen 4.5.0 RC3- Set GIT, WGET and FTP to /bin/false- Use new configure features instead of make variables xen.stubdom.newlib.patch- adjust docs and xen build to reduce build-compare noise xen.build-compare.doc_html.patch xen.build-compare.xen_compile_h.patch- Drop trailing B_CNT from XEN_EXTRAVERSION to reduce build-compare noise- Update to Xen 4.5.0 RC2- Update to Xen 4.5.0 RC1 xen-4.5.0-testing-src.tar.bz2 - Remove all patches now contained in the new tarball xen-4.4.1-testing-src.tar.bz2 5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch 5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch 53299d8f-xenconsole-reset-tty-on-failure.patch 53299d8f-xenconsole-tolerate-tty-errors.patch 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch 537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch 537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch 539ebe62-x86-EFI-improve-boot-time-diagnostics.patch 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch 53d124e7-fix-list_domain_details-check-config-data-length-0.patch 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch 53fcebab-xen-pass-kernel-initrd-to-qemu.patch 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch 540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch 541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch 541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch 541ad3ca-x86-HVM-batch-vCPU-wakeups.patch 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch CVE-2013-4540-qemu.patch qemu-support-xen-hvm-direct-kernel-boot.patch qemu-xen-upstream-blkif-discard.patch change-vnc-passwd.patch libxc-pass-errno-to-callers-of-xc_domain_save.patch libxl.honor-more-top-level-vfb-options.patch libxl.add-option-for-discard-support-to-xl-disk-conf.patch libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch x86-dom-print.patch x86-extra-trap-info.patch tmp_build.patch xl-check-for-libvirt-managed-domain.patch disable-wget-check.patch - Xend/xm is no longer supported and is not part of the upstream code. Remove all xend/xm specific patches, configs, and scripts xen-xmexample.patch bridge-opensuse.patch xmexample.disks xmclone.sh init.xend xend-relocation.sh xend.service xend-relocation-server.fw domUloader.py xmexample.domUloader xmexample.disks bridge-vlan.patch bridge-bonding.patch bridge-record-creation.patch network-nat-open-SuSEfirewall2-FORWARD.patch xend-set-migration-constraints-from-cmdline.patch xen.migrate.tools-xend_move_assert_to_exception_block.patch xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch xend-config.patch xend-max-free-mem.patch xend-hvm-default-pae.patch xend-vif-route-ifup.patch xend-xenapi-console-protocol.patch xend-core-dump-loc.patch xend-xen-api-auth.patch xend-checkpoint-rename.patch xend-xm-save-check-file.patch xend-xm-create-xflag.patch xend-domu-usb-controller.patch xend-devid-or-name.patch xend-migration-domname-fix.patch xend-del_usb_xend_entry.patch xend-xen-domUloader.patch xend-multi-xvdp.patch xend-check_device_status.patch xend-change_home_server.patch xend-minimum-restart-time.patch xend-disable-internal-logrotate.patch xend-config-enable-dump-comment.patch xend-tools-watchdog-support.patch xend-console-port-restore.patch xend-vcpu-affinity-fix.patch xend-migration-bridge-check.patch xend-managed-pci-device.patch xend-hvm-firmware-passthrough.patch xend-cpuinfo-model-name.patch xend-xm-reboot-fix.patch xend-domain-lock.patch xend-domain-lock-sfex.patch xend-32on64-extra-mem.patch xend-hv_extid_compatibility.patch xend-xenpaging.autostart.patch xend-remove-xm-deprecation-warning.patch libxen_permissive.patch tmp-initscript-modprobe.patch init.xendomains xendomains.service xen-watchdog.service xen-updown.sh- bnc#901317 - L3: increase limit domUloader to 32MB domUloader.py- bnc#898772 - SLES 12 RC3 - XEN Host crashes when assigning non-VF device (SR-IOV) to guest 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch - bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch - bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch - Upstream patches from Jan 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch (Replaces xsa107.patch) 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch (Replaces xsa104.patch) 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch (Replaces xsa105.patch) 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch (Replaces xsa106.patch) 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch (Replaces xsa108.patch) 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch (Replaces xsa97.patch) 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGH3AKDM4.13.2_08-lp152.2.24.14.13.2_08-lp152.2.24.1  xenhtmlhypercallarmindex.htmlindex.htmlx86_32index.htmlx86_64index.htmlindex.htmlmanindex.htmlxen-pci-device-reservations.7.htmlxen-pv-channel.7.htmlxen-tscmode.7.htmlxen-vtpm.7.htmlxen-vtpmmgr.7.htmlxenstore-chmod.1.htmlxenstore-ls.1.htmlxenstore-read.1.htmlxenstore-write.1.htmlxenstore.1.htmlxentop.1.htmlxentrace.8.htmlxentrace_format.1.htmlxl-disk-configuration.5.htmlxl-network-configuration.5.htmlxl-numa-placement.7.htmlxl.1.htmlxl.cfg.5.htmlxl.conf.5.htmlxlcpupool.cfg.5.htmlmiscamd-ucode-container.txtarmbig.LITTLE.txtbooting.txtdevice-treeacpi.txtbooting.txtguest.txtindex.htmlpassthrough.txtearly-printk.txtindex.htmlpassthrough.txtsilicon-errata.txtblock-scripts.txtconsole.txtcrashdb.txtdistro_mapping.txtdump-core-format.txtgrant-tables.txtindex.htmlkconfig-language.txtkconfig.txtkexec_and_kdump.txtlibxl_memory.txtprintk-formats.txtqemu-backends.txtstubdom.txtvtd-pi.txtvtd.txtvtpm-platforms.txtxen-error-handling.txtxenmon.txtxenpaging.txtxenstore-ring.txtxenstore.txtxsm-flask.txtmisccrashdb.txtvtpm-platforms.txtxen-command-line.pandocxenpaging.txtxenstore-paths.pandoc/usr/share/doc/packages//usr/share/doc/packages/xen//usr/share/doc/packages/xen/html//usr/share/doc/packages/xen/html/hypercall//usr/share/doc/packages/xen/html/hypercall/arm//usr/share/doc/packages/xen/html/hypercall/x86_32//usr/share/doc/packages/xen/html/hypercall/x86_64//usr/share/doc/packages/xen/html/man//usr/share/doc/packages/xen/html/misc//usr/share/doc/packages/xen/html/misc/arm//usr/share/doc/packages/xen/html/misc/arm/device-tree//usr/share/doc/packages/xen/misc/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:16038/openSUSE_Leap_15.2_Update/1e32c375ce78eda5d4d86aee09c866f8-xen.openSUSE_Leap_15.2_Updatecpioxz5x86_64-suse-linuxdirectoryHTML document, ASCII textXML 1.0 document, ASCII text, with very long linesXML 1.0 document, ASCII textC source, ASCII textASCII textASCII text, with very long linesAlgol 68 source, ASCII textutf-8c4eb0cb6e96fbc9af1fe04e719853260bc80e49f3e7abd28024cf90c591ef3bf?p7zXZ !t/*] crt:bLL 䣓ӯ kIijh)y# kQ*;+,' XvXG*Zv呫5Hsa"P"h*Ѯ>&XKE ^b߂x6 m3۹T`uW2oͬކ"(+B\n z+zv'`_z5{LV0Ѓ`u"S81 sX1m$\Ź`>-D{B8VTZPQzw麃3d.@gSMNhb% ;/O,@S>/[z }fnՉ eD4DYJz^=Jqs "jX}KI-Yj(%ݓm:{4kU *x?]םbH@cvȱ9cy$e@ H`a (ח!9]Jox͊feT _ sRf s`FՖGjv⟛qo*W?|$ɛYbC4LzqXDAP>)Mϖ$(4|z{;TP$V4{q:#q4 "c2.Ey𺴁Nw ?K$]C^RS|3F@Y@3iL e]#ubma/M\U '&YYka!ZEa0NR 4mTfr ^Gtꍛ-w,g E1JEFE5F YԢvi%sz Tr/zW]o=ƭEey 6j'r:o`+vɏJb[YL휵آmx楁 nO1DHaVբEI\x DCyY3eceZ(kL _Y Ih#v% J]F.yǧzd a^ul^0b6ԌZBM$E ʅquSXvɘb} ea܃ۑ*i%c \5)>+E>%n'2=t o>p"SzpcOefIX߈e`<HR~Zt?&kM?k֊7E6!ZVًD@Fy4AƬDWVs*Yh-#dPEx5S#I8(̸/iƘ2{%񗇽mvqR:ݥD]pBbX.L4 n^ j9_xKc\o ߪhWߨJ3]BG9'DaWcLͶ")Pہ~;Jix^Ŧ&J1G+G2''Uj@&<-y \}[ow{У{]"&B2D6S N ]G|d@O+@ieaH#,vic_7 FnR'@cW{"9ML8+H:{=rxrN ܉۟J5A*t?乾ѭ^ϖf8W {aj k:=l/`.ψ#*̤ @Z>R̃ V>C5æx|x!yznz- L" y4oV$KT&˓_ jn?#=3FzpXlP H<~ci~[Ҫ #,B}~R ,ె`#xU[Oy h!M[VoFRPmkŴIW /՝P9o^9 11ubiOD(\YU{ԋxtrGw`U*|ghY=$j@ײG%wl"Q/{jèX:Fb1 (* k/dܙba]|s]f19Ae0J9p/ZM@@8X"/ u6PPyFP-vh(`LFH_޴Y @;d?#,%%5ڿn3;"_>oPScLؼpr+Sg!D6ӛp TJY(uƓu$\L%Hʜ@#8VOϕc3]$H# w@-*  =A6]Yt7Uvc6OE_(b[,CI'ØHuvĔSpS{hQՂL*S%"35NZW ~r&9l[P0x|`ؐ?ޚօ:0%Hŕ1iGHaUyD0c: ChTM|Hz)-6D)#9-ۢh}&._p'~촼/Yx=sP@}бnU{-@ɢsg5 QNk+:px4#-nl|5 GoX/ّ)_mݹ2@6v%:pg^YsC}8TDkCe-c?k&"'yz,f Q[>k>.}4{uc/xKq;]ZB:EU $x rS2WD0Esm td2 uSH/|U$'SySl5&tRE #NPLu*CWħR 례b~1HD߹f]Qu7`Q?4vk"(. 5<(d_PҮ*9Gp6$jy-ٷ}&Z Kj4KFA y:I1 6{_5dbz?!+X;bzȠx'CB 觮4F z=4Ȇ҄4eIzns-8L!Yirdo;{Ă|чG٫ E_#b"UAmeiTmo Cz^E!D/bيQZPkMQ/փ75RVܤ!B."sBms9Ңn.Mf΂T>=cz9c]=>"{u.CrwUsB *vɸq $^N@5cᑩkg4(@ujҢ$>5ۋUK-4@꾌<8%PI+:^al'_!m'w)o. ƢZkS6kcr̪g>AEU=€,lۿUb]FoOb3-NUKFh9nUK IbKS:脹 YX"N3@ypK`q=lZM"'p*R7ڜ,ѴX% _neQv=Z/H!`F^lП^{)X2^M9}IBx =E-\*bPF9 -yKq+GN1ZUPAnΈAB +X̴d xekn QXVy)(ϐvܹGvj5U qigX>F3LVjH:;\A1(lupJB9|r\o33{Kj;bpwn ]0 +bk u]JMՆ+I * iHgB#q?zHGD`2g%x*z ὆sM~~euk`PaXpfM~AI/wLۍ:  0PYlv=C/Sb[I:p=!˃M|ثoM$T?LFD HrEtWwsȂs_Cd7EoMJ=pݯiֿW;WS U3i"ꛁmDװJ~8EfFWv9P10DVn*D{Tlqu:v=M_MDW:B. KSnz5"=m﷡}֤:&tJi:~&%4dnECH>~JuSeζ*Hku)9GQl0q*ذ3 B t@Q>*"h]&CM._:It'𱀷sNT,Zd\qϒ(k5BQ,C|bOOœHKV'>Gs (vN^l`@٣Xw]Ϝ0~R!EV6xҔa6kU;cZi^k'`bB;Y,D\TDw]m )ǪGUT]qQ5Φi7ϵ0.k+a zE9xACʄAF}E䲯 t UоuCxug?jo } {-ƥDzXv+ #:Xgw7XT^=c&ԅs @X=ѫ,>TV]W1)$JL֌~':rݲ N FXŘT&IOP}y?898A]CuɖG^;8&r ]F !(VUfu)J Kڊl׍ 8,1OVq*Ų3Azvlg8[ ܖsTIH?e7ŵTn027 B#cJP2S%u&gqϬى$aJWh$`p6P^EDKlfmѪw42}"?p0 hƓ?ޏV8/t$[bS]H]%C$ 5t;'=3zE:ln6P /6Pz"`GAr p:/2_P?t0αJWh`we+9Lώ;=àw~&՞9 uTJ duV3)0=̲7sOxq+40o ݒrr yq&y49ׁ}ž#ȚؐLck*Ngdڨw tNB iSV^G6-M%.e(#_v58Z4 ퟔ"I /FD{|2f_ ]ۜĬ+u+|4nOJ$X}Q:]YNJ,>JA)T'|_^koK&%IQl{F(1AJ0&(bIp5nLv#菸]#^4ԯgp]W/5.?Wծ@8)ӇO*yYS NVajTx\-%eL-:[h5D9(W UB6an2>"\]5GE;_ȓ,zNlg`0pʚdsrGeTO=+3AFz_>b "{/~~02Dn16U<:mAQaQ A IPKoB~2!g%@vpM 6^ -\0^ީCÑϠ9(Hl B)vfc.͠uTf8y N|%%\X Os*n'>Hk, 0ppVIB1?n|tGUm Vc@c$a Nh(`cZxt&i;T4OO :(]w=6oGxux>}PGPd^?8'8|>l,q C8Rp`dcˌ#&L_<@)Hm- 3Ji(A t9O*n!2۱k)PGi*gR6C A+LTc)}m,YkW h{!ٸϞqꦣ&pF{NOti)0~OX0@e>!lij[աVBO!a;.hzwJ:Jq)2h%RиqM+KOqI FBlV Y9\U`  ,oTJ5P_`ꪭ C:MշcG&W`u5|zz*DS`CYf #٫ Ğe b㒃8 `?BS{AOi/,*dW-VS𻖝N}A16TroLlTYl3TrZ9B( LJ[]K$Y8L z rmhԸkb{@?2ExZ 4ޒۉ9J]G6Cmmw.s#dlVޘFT:7=9-\$▔ظ|\Rܦ 2MMH#HMqTEVI=Qԇ+ |]IJG~Z__?#xdR0M<,i=peFOSKGSmGw"DEd%G[cR )'o9б+$qIYajI':SY@[VTnm]'Hl"FAE,*Z-MRSDwjVH_K=D1=iP1ZI57.GX6dzLɖ`G1 ,4*rGz6e [j8@g9[Ӂq\:MM<5/EiD83 Yicbo{&K3{7CpRטpm~VFl7:gG?Ͼ2$i߁~OQ׏tE=6Xbˈ޵# *{9/RH$$})EA&_tnF%fEA>yI5m 'e[߿M'Üi<$*ZxyfR` ;m?3+%cXs,!Щt 29 9{qM}j,Gv 2A _Z7C0A26ws > -pt$׉!*)E:6N>tA#d gCׯmY[^6vckϮ d~Ehhr0=խ M4-XRߡ<=߲ڸ}~jRc e-QgWUJP 1K AC.,9W{MHެ0:4 ΚwUH4`s/Z綹+Oql[TYvL=i}{mq-1I6~B>4S]{EbjuA/u^4GX݆:a;3 k=qI4i2@E8@5Ohi;A@3w c|?-h5Om9&4 pߚN"{p<Zg'3VӪC T}r ?ͦEiĥ;S 9 s+ۗew/OLNSق*qf< <deY .{NDwe+D؏6c%ѰP}$>~Dr)2/İbXSypO @6T<$#~iWmI_)/W\f՞2ET){~G0lUmZ9|.{ (xGKQps2k"{ɏ Qyc3'γ Ob {rUZ )R+H[jpqziV~J\yU܍x2؍,X&4G8XoVpQb=guK4J&;ұeIwAY >pb{_!7D%dLTuy\7Ľi#T}2]3v4)k-@. x0M;G~Z+U"" X9柎0QFtSSi'R)գ|A!Dy|чt| }&4A6v 0cZV*D/~VN)v ) -_FM:yY˷mX6Kn~\$Io }1ZdhnÒ0Vf=QgD&+R gvKsUw390 gYc&A,:ة}.|IZ?k o= f&#!ߛyF"a,&}1x)%)gIq^BgՇCcyřU7̈́鵝A,y>Ŧ\פXV0"]®cc7D@`%5 %@w 2wk199:%dV$)s> 6 xnM;yL!V-y%+;laut li >h {Po8kȽ/ܐ*Mc/%qڪZ =˄ioelX\xjǂy?u3vWtLMe(ZX1aװ&ɏQm-Ӈg,՜YaQS0(q^!J&v1ew~[' $S#߾N=8a4M*+6ӳ1Su &t.(Oi 9)5؊tI\i I\5U#&9Nh[մo$;`z+IffD7os4Jch7 x. F-*/zmOPY}h릦 ?`z#ioO^=9.hSo6c2bʋR4D4&A#r_𭦷 pvnM$M!&7 d)4@Kzil`vV̗]!qX kwĺT37eCj>@*Z}rrl$4}#&O+Ύ{. I'\nOmw1jƟfyyWhEB .9HMH`Ot+MOrYM5$HK|S#QȘmT2[T|krԂU6}J 'ѿz߶ƍLBa>?bTyMwޘ~/PCDѡ%ƃ Z ԓQ iOR<TI j34Ɩ 6=Ϫݷ0a ooy5UKZ:yR$Y(}!!AoCH6,5nݿ*\W/-#tj9B,!Q̼0E</QL_;oPO~dp2Gu2l:X>5BKDUuɑ.׿ ;dc mXWU,zq6aΗ.-R<Ծ6]'d?#6aq>x%*`^*g^#:5&۠dV BNk*=.ug%{-|MqpNA6$]6P~Y,W1yFrg>.vP-jj Vwx0l[WƷ!Kݲγo} ?8U " 1&=_@g~|܄J'?֦&(K!y)Z nU .pDf^Ė?]ؒ4xq!y>!"*`hQEat dCp{ E΢Oc(`K F4P~vSɛ'*5Znh]n;.a1DDArZ2o@F9(hT)snI@燄R0[I@=Ouς9Ml0ҸC%Yප t^=S()}Bgjd- #j{Ռ 33 ]ZiP˧k?&cI9rf8p8/ɢ8,!Ee}`,793.z: PJUҍ9TuL)\[NAMtTZlktNG.嶭bX7Q#hlkhkJ9ԗ30Bq tWl+;<3:h,+DE]F*. ^pNL6]yw !6QifArvivt\k:kaRS(4oVTG.["tj_uٟQH?\ڀ֊;i'\#)qZE3À [pI:Jm/{ؼ3]ڇ&FYWw t_Qpհ%JRqZ#b>/kt")K==#2]X$oRx7:jaoTw}(rZ{b[Y0cg-C|ԒOb FZ< :Wp5֎ziU>f Ťr˧7ᴳjwhE -gYCKy~[):vϗ3=6g5;*3W3& l!U .)sЄg+SSPc57𩏹hArP*P)>Ad T0 ,>X >ooʕE[\.|O=&R,OAdV]`r:>dűǔbras2XaEB1(S]kQ?F1g1-n]$\ |X~|}C~Hr@5%?d=xjUjMjgvUA؜+7Tt}olL{<"]D>Eޑ><&J(g()aP]$;yLr/Gxﮍzif!n[Nbp;2W'tgr7 C]LL)M~mUjqg%0c'I|Lv܄m @Ƅ0$܆s*pk_';'%F䇃o}GKA,,}xxOR-tEX;tzv^1' - U$nbD)N4_) h[47kfr{怡ddA^z2y66@}-P-Lͩ- NQLPH%>VL\;E+ypc,qh%^M<ӑIv'2BR|vvrӏ u=OT(wŹh(ro B[Q=A|q/~Cif眣oB~"zz,vVwQw' H@efUHkn⢰ġb5=|Sچih ڱ@K|jRV]-X4>'_Bx&d"C-z^yLHAa3>AOYxs0U0|6/*1?Dz,$AK:&y/˛g5QPNjOvINBSة]N~1yuԝt><W'؀uw8,WpSҘrlXndԧ&Ae%2Jnx8Wwb _q^JA ,>R8sD!EI(w0; ;xlQpN I^E4Aغȷ'_p-9!q ׈yN-wansdoݛ,NdY`PJ2bI8dXk$w8s׿Ս0y=J*v+{##{QZ[TzJm NL/ćz%{֭y*"~n=`D? Y0FXO 3`&r$- uonU OVԊ_`aXw{E&B)B9rt0$ \M}}I3Ap`ICprvh?(d#''=,TkE=j?nBѯ5i:WpRʗRTT#ٓzwS$ɿnUS })%{I\1@8M`˭^vKz`q 2(DW!=eZؾ0JnʌO_&;j Y?hxG&%M@O!Ho5I&;4w YIȃ^j)W+mM*hs7 |k:Q f .V )eXf!UI36aIOƇ8^6k$=] ѣ?mRt #gk4˭Yt6i$$=\m~~&o^yW\F1-N뱖p#]Oad?ٱb5@,xЙO@\2"=f {[+BIŃX{{2wQ?*9`h"Wpߓb @ZWi;axwp/򾧵Ŕg3%bq7K@e5(CK^t1 X.]), ;ʠ] 3j +zj Z ͋]3m*\#J0]HNtG]wBV@~P8{v9 H7A^˓  :+kίus;rpTMSܔmO4B׉gv>*#ijF6Dر:3T:REn-RM'c䖙QFF~&x@K.ђX^ҩ6=ɻi[iMvlY.2JM,c1i2ȽZǐ[GG~"-4%ud^43#T}3t 6yF]J˻kOz%mڙC,ʧiA;WĖRG~^r~ (*e$`?Ug(`E8v Gry+K^N$WSJ\nv|Hx:ܺp{@FUeiFE&p)N<2'2!Q+2sHyV|uѰ?G}+24[YsW>_̡5ɪf,ןJ^=,yw9K8,bIk_IF|PS$BOxR) vsMpD@#3Oo33-7rlk'C6=a,jqcҙ;H3qRۮ$p1=dd AwmvVYz<MSKBDQϨN׹O騪y Z)c=:Rf QNDMOR68$5TaL|.$ p1qIU1#>:S@ҢT8q߬8_(=^ 1',~yN}]sF)4#am|f3>i_sXaAXX2;KÁ7(Y'W(LT1OWsT9 B0_t/WԎ 9lvn:`"f.h5:v> 84^yyZ>1>2?)NJj-䆬[\C@S PXU߱VVT=*O,0/*ХCpΰ0Oᗛߦ5.?tHD9T-@Azw$3Gvcȼ\VJjpW5 $5 g>u, )B ӧMţ?*Պc0xv #ܴ67hEI L@OgjsXXDhM-v¿_YPVAd:)FJ NY(N.0C}$/.L}ו{WZ,R0:C5|=QکkRsbo@tm+ڃ= lF(:t?kvWTj;h}oϹJĭ䷸iS G9Vܖc{CHHɤti'9N9hlLZC|izNdR⽤mCl <29B2հ~bWΌ6oif~SYޞG݁@-vAi*R` &SBҟOM{H ,ع1#-dTa/UֵudZq H*ӛZ$I<Ā*ά/)1K6ZrV?4R6Y*5շe55wE5ԄLTbN1r&&B>x>u g%iB,Ҕ?B7ND2'4+| `(jIR9bD~;]iAwESn|egTA&"?t4y|}hZ [i‹5F)`>h$@mӒ_^>0J.@VG[T9snvz.y=/&$xjqGq@Yj M5/_d ! sc P8ͳOJbc-Mʈ1:])/-c+E*RGBʃi­~&k i S:HdpD\b "/s;sVK!=Z@O[,8PŭՉMЦ++6pMafu `_]_?lUu'if@̀3 xUp&Q!_eWR([JĕVKSOƱil-,^K iŸOdqxwBN̛}V#;:Go_Y/3j2'_OHc3r!> f1ԇbTֲwѴz;'?DCn; bgUԞ kc-KECClHV~:i{.L5q@6ԲFi[Gfj1lɦlѰE*>? N-W}H̓xDe#qwż:@7 nɎ'۫<"ܗhk&dvV6ϸ5Ypfp-ΛW`"?)tG .do?\1Z= SD LxRjbRe Kx㎶7,ubd2þO+FJa.Z!MKg~Ղw)%N3JtXPj_}E9*|ܖib$qҖ$uȠv0?XEјR% <>@a\̈Ŧ$ -.ӾOvPtT73uhI2(@"yjV/;Y~Z3XHJłT;CLA2ͭk(kj 5/,֢䁡VY w"mWj C; bڍXDdrT)渣2J,2o;!f\aMQn^p0s3P0lތ [͓֫L`L_YN7 m3nG=iMdS'6Q]E4#]U8 +żGǍY0zSEa|;)$X&v: g=b݈ pVk1;~wb|/Q\+Jsv4_LC@EӜ0f8EmJ8wԓ|`*_$r7o*OYc,_479f(BT]ۿ}) Е [$߷s5 '`")Մq@>8%e Ew=Ld1VJHL%X*EC_7K&6.)P{Ϸ,h<ۛxK %QJ.u~̳A0˱r2t3n _$K٨TxрV4L'h:BR"h>4]a>65z GMIW$`x/v>ɡ]L͝d.QBƷ<N']@FIUsvS{y+phLQZ1N}cV~PgTJNL1лOu>RPKy66u~*hҲm#k.mLw Bܢ45N١xo|jbĤ60Ulu~g[h]*$XE mR $'0HgxYD_g) a?e`d6WTXnt=BZ5&Őx+ҏ # 50϶z"g ZqlWDɒ\Ӎ?gSz |]y܊/a-N\뛢ZP+Lv > JS? klNUᠲkI ̪@<ٟ.-[V%6M8LBˠԿ$x҈4=&GA?-7 у?7MΪԐ׏s== ]밓;YX p=x dv[EYѧsɍߏMICH1ҟ鰁40•`" 9 ;%LHV#M=/dWRh8r!ae{H֭ov>vS EL((^P Al -H.ȦmK8u;(BSVuwk̘Iny݅=Ms 'qç*@);/SBwי;Ӡ/]gHН2Hr|ysM_iH!,s( JUS:\pL2%=i=wg:Eex/g~h@Z ߾tvЍDt3wkKR_gG-vb1x^kIˤ'  rͧ:'{G9: Μer2eՖ[kYŶyD2 q{^ 'm[C/\՜@%/F@!:2"8fKj 񴵔oW4fU`w+suqAqd- :z]fX .HzpT/d~vbFq>Lk4Qԥź6 [>f.Pð LJ@]ޚhR]m4O@}E©$ 1Rs ,tp0"K>plv~w6VL]%T.A`T\M  oAN = Vmx_֮y )ڡ'a8@3oj,C>`:yb#ȤҾ0n {AٴpF.9m 3JB C!4~woΩ|%n*)w!xQ;fإٯߢF80BQO縜+| YpDR35׹4^ӫLу,ڗ~sZm/|'/VNc Sq f^b$侎̲y{4ڸO5AUpc a |y<hݢXkU]2i b?NJ^h0.[JK(ՃTESctEEN-!gcqt~쩧~4J/O 16۳InTac78Q&{ˠ፻zQ,Ῥ':r <¦IϷKb0Qjӵk0R{ڜ0 "o(,l<6||N 9(ڎ! 5ݶ;D%,AN|N<8FVYF7q(wEZ 'Rc;ah׉nO=<$G1?k49 ؄'iuWzÆЩ;4Ҁ4a)7C2$ӗE6q&[J,e7oM$RDbtXG^#cWy Xb|=DS";4jC#~-&ׂz!?(  YOis?".JY\glV%nVxjHM !OX !lBu?Ap(Ծ7|ɣDw݀?n܌޳EDu^ឍB= ٌɓ=u'S΅D/`#.4cR\y7Nwժo:BOC1!d5<cr]#|kndF;=&4:Zt~{ߦBx~i|>X8ł^jbԏԨ'8,^IGutfʤ.f:N`wI#G*ݔ ]=RW)mӓJy [`\gjQDAaN#T7\V>/"Q/ktHOާ>QT_fqx!H3-Œprtr pS0afm7͊=:? (WkЉ58TČM˝uZ;Ls`4i;G/ģȍ8OK&3Om*{J UH$(DJIVEY(꙽'jg4b(K:֤`l?ƟͬЫ}n 8z@yPvl?5$3Ee*;Ue=VZbN=?;Ҥ&XsQMxVS &na􏕁q@ҥij?y7Śӡ!ܮ6̆q#,L<a2jfZu2B,0:C㘏^r.[E tPDhX+$?:US>K6-*@cy<Ȫ.0Wlt%N:b,?<(\1ǻ$ I<)}^JRY L$QjZj 'fFXB8Q-NIsàM G' c5qw,mf~h$˳PsJ}sNF$I•NK1'+\*+[9}FDq3n0i:p@c@1@ Q[^4!՝ᰠ'#avMQo[p"%H?+gca&p7ae 8M&{lyRd{!rvJ^[1gҬmͯܧSx w%2v9?j ̖pi'rh5nY3$F#1')D@ T`܅ $5sg^{*:}ml蕑gCU 2|KB9wfhjՄ62\ `b}*$#b09pOcdIȰKo w9XcoC6ly_1+.P+{KVzTǹZj3=^$pC4QAayl"?vw@`qaq!$HZX/CI֚2JђD ӌ y Gx-#kOBAG{ ?_$_ <Z~~)5O"pT'>/)$>KK{ ?gI2 2=J23:\)&eqx" A@VXgdHAĦ!׀->!Y:A N+Q`*RJ"yB֒u7)d6{om .[vfW{_ 73ꟁ7DQ̙GhSu~\uMR@Ӹ d<b56AӤAuBTP*&Yt#Gg 8>mLJ_lS €VLQM҆AU.6O)=\R.͟B5^{xէ$"hc#~,/T<3V+5ruzEfȃe| ͭ(pTgR.Yyii O!1Zi N=rXi9mB놖 ՙWJ>BU f4-: ruܑ?2ә"`3^a5iw%2)k~䣸7):>LO.K[y@q .Dޙsd'4wC}PmJL|+s, i]{X^+t~o,ǁ%2H}hI_{M<Q/Uɒ8Jp;@aTT*S^'-pJ/9u$;(_}cCr}DJk,n GH0$bHx_-H#=OY4GFύ㥘 QX挘J@ch[#}ze SfA6:GKU_BVboa91448zAh1 3TU4AKBoѪ i|N9?ҜAG}XB״練 m\n H\owgq (X>c_qPvXSUЩH±ZtۺT [b\/ڪQ dǵ[B*yFD3b{+A9(OG w7Lhġ %dXFX'auD9N%eby  ǿw]8-ӤZyeЛA8 )epe57($Ɍ[&{}<fB{ dWf49$GDK8,Y^.0}Q¥B:*@a>4zjT[1$)بd`gCJPX1M3ӯnAw;_Y0r"l <Xѝ(D0^2[bQ3 02{KGt=OA: M7% NSbYkyk~vJj*^{N>ꠢOgھXnw*-ЏʻBZlီyZJDm2 }ݻp1][IeHHh-s<(;,aK)C[8 ST B\fxUy4b8S]x)s]>_*`EJ[Mdb RFŪ Vj? f;h58}33Vq0N\c@4B G\>` (:gFR ~wdxMSy.`?YÔ>ʀ"H<%~Ls o*9@6ͯ?rf8P%z:8 ;_PRNWj7SW {ASJ ޣF(z Μһv) ]t&;4aNψ/!#)2C2eҢRcx=`|g ^;jT ʿIpT9bvnU Y;v U>.WC!9cr0Bc3lؠY;6>r{cӥ^'/ I쑜.O 7yrQmrc]i]F\dsU )ͮ mTi}V۔f>KsI;kPז]@mͤҍ"ЭG>aT[{TkՉamZ">DKK@Abo7n5)MzHT7}69CڕNnD:SNcYqЗԃd$v~x;g 4sv""C?dC',H&G7~P3I⇿vϖQ:J `EO/ _l>H 3 M{tdZA F/`+wgF,qc"W>֎3N*^ʊb;oX1 v0 @y4lҌ)D>pEj f{]b/ڣ ,TW\y so %A"A%yهy҉w2C)=UwU`~XʩM*N% ӄLO Em5U>X =.2X#޿Qǽ$ n@vL$xB-1VT^ˊB+򟡞zS2Pl9haا2F3ϡh?^JPӛ2FYz![ekXigkXWfSiE~[P; Zo:58.iD\z Wst|КDoX4-77zǞN! f+vl޸qhF!hu*:-b=8lbboٽX˳ y%bm;穦,0G%U4~p*5h!źAYwLS#V(-j1ٙWƷ-Ӯ0,wg&fD%QV7kkqm]F! qUDaJ#@vDw1ߝVC4 `k3w=&&q}(R.H7籄yM==[lY T0WK'iד#I΍nonW.bǂa0SpuUsE!?(#,qݮ-<Xj>[Yh8@B)=l8YgvtC NzS7U0[Yx 䜐}ܧu;Vȣ Fv0Cp#̮9ɍ6˹I 8cv d2pCDS_mj:ȫF_!$>Ma9ZkNW|z'i[=0g hGȄc֠ 09ݦ.E݂7гOKO{k.b%:i/ع߱Qyu Z(rdfomg2\hz S0RT,lW6CW 9d]ϰSJz:AYw򇪏B/"U}"ir8ONae  X ҥ6 nw{]{eX7%4^sg>{McIK =!/U& 0 C-ؼ=DPqVEۤiajavcmfI&}(<,$w'B'QE֮ S[Β3t.o90!.`zvV2N#QmT3KXe1 EG R}*ZH٣ڋTjP;fV !HjsutcؕP K(=:h 0)ЎNLmD`oAr8CfKBcM?_OE9O TC;?tyo4p ĺ ylw:-%׋03%FllZ| ҔK+QFܿn_~h R&@,qNڛaiA<ܻnYp;ߺ}nh6![QyIcm RGuYPJRMڞ.#"|HeX ,}91UhY%9B9X}]#@t[#ε®0Juԙ>!EЂfSK+)Yjf( 6@֡☸Kqvr^4pFrO@UO[;Il-D 4q:dS:Q*<uuseS90;mIK0˷h@&ҋC_1ݕ¾8Mgnߥz Tmq X`hp6.tf1iTUޙk@"ں ?A0DۡvU8XѢDvC(d/ S()S7OJU~>~9Z MJ~ʞ[=~V,o5KY/ :Yw_rҙ1@wUkDjⶓ;UkGɫ&=c߀^^p0 {L k_ʉ'0pV 4FR|*^[,Ɋ.>:Kgo+["ʒp2aM $ M/%q_:EԀ+&fB%&y\w`3DEgIaW^ 1OnG Ӕ$~@@icI;"lN e-|!_M,PQWD] 7Y M 2^}4UT,c/~)ġqn'a')яt\@h|q[42&`FOAD qpVs3kq@blõHqQMf#Dɕ>fhKbjzGBs%kH&(Gg3~(MK= t\d4i8vpr$7DtC/8gGʚXےG+=d2k-fM%CŐS&"xS 8՜CE>a9`Cfa=UPf @ Yego>e*OreC))u፬cݨu$V/iǵ%&Vj K 'dty(x%UXhNͻ;!i\Zy5l\)#Cam>w ̞Y'ޏu PӷrO</# B)!;B?LOWwOTj`6ms}yq-Us+?/HA^")F\ԗCտgG"uq 0'XeJIE~OL"׆:+B#2|<ZEcZDy S5*aw:ڋD֢:bJV7(aa!e\1t"OL֎Pk(A"R3XUB Au&}@ P +{a(Izڥ& :gk>uev.qE3Q5`0Ǵa?0Y[P46_S򬀁4;?vaPp 6Гj1y:y+Y,uJ9wpύW!\Bwy@-T?ޱpsj)}ExʔỶU㢊ob2>d˃e;C(@j])GKVT٪#P]8 yZ'"fud tio&? u$Bn1N?5o:9]mˁ81H)E$'AM2;ɳ[ShS=R W*ez J;%d-F F"~0j-C@/ +lM+kd;_1fdHZҭ[LNHLa]k[b5J0Mi`1..$0y;Vǩ| rɬ x.x✵zHtx`Tsg3^+jט D8"sr[uN@_^z IZ ㅀN!*TVn)B>fybJXhAOYZ/@YbEbg&=\8B#xFȤvbeNnUf'9,DtnxM%HuKs}{֌"X5_C7Dy(ȲlIbyN|"Kݸ`%a0fmWCi_Dɼ\ |l]C{Y.vۢvvj&_` [4@מ (DI( +F1 UxGHh}2vu?ጟߖ_S. Nߗj$ё;`>9a8L>"[ZO^^g9UH_ U!B5F(Rd K5w`yNQK]s]YxxN=՞,&psؑT -hb2poODoM c\-`(1mg& rw/2n^*fqF4f@gQAk㯻!;nbL<) U]pz"'}*=YbY7޸\x?I4W(0꽏ʯ5ظnpY;`H51vn:tjvB~IK%63^a>qXc$98 [UZ4w=\(.+} @w`qKS'YEdI2L!"8J0u\˷\j,`,'3F$K="r\uCfʓS HC"V᫤SQ#V+ܕ<5F9o9Gϻ5Fӿ/dI3[p"Đ*ji|hEDVRQsMlYAuF,d^rs=h j0>HH}fRikhv4L_WFrWse 6O.TM3Pωl2*AơRnc:/"RUwPxh.%K5=v8 ʸl24@&p(Hw׆O"| 8 Y JGֲO kr10BGY&-hy#Ց8q2p o !`에8ߍW{msۑ 7bÚ?%ҡÅ<~&Hn*?dcT~gqg 6WF Ǯoi}ϺJ@fP5AD|q!컘}|ꑻωNvmťiY=.* ALY!\$$ɨ 8~WfE}^G\QOHQ VJ׀C0>&@,-7PP_+H)҆GcqrS3K@wv=4?`ḃ>D_pQ^1t8W@p*QDӃ0\~Z/& "s[0Rj$GnJYUOYI( ŝegݶ\ J^pa:7@_%a6!1< ϲN?@Y51M΍T$ 8|:)'sf"hmx_=(*̇kq=919k pp',7.Ib۾xWtMPT @d^ ]N0 |T+f rیsqrudK?t8>F>V*9BηYXϛgE']59ig-oɿ$"P$ivn+^)y)A݂ ?HZ,hկMVTeXӈ斆fw8(Gi%w[bK+FxݤXL\$\ͳq9z[pcۓ=.9cM _} u k8)&P~[8;*˧" et:죃d|tFsQn|S7KB1Z]x.|pwDuPtjSgDFCZ)ܕKwQӘ5^Zp1){H6_"V}h*U)NT% a Bұ`N=cن~f*ٽ *~T;C"/~3YxB6 ++v0XDx>Y3YKQM WA(HԴiTa(@풚+n]<-]j5T xE[;[gg *\2=oME!=.L&(rA)^>˷pljRlbhr6]Z|X^[1S7G||5_T *p=¡ @اA9yq-Edx2?HLIyoY͠%.C] 2< Cq@_``mĐ"|f1u=Mh?/t/GocQ*9+ʂ-I& v컕A_>-R/HJĈD6>@7u=>L+ ,a<(ClNz%FFgȷE}"P yqe4z ~vˬ$v狯ggcdP՛>yaV=xuD&&氍t ۫c25ӝVE9c ф%Ԟяm`X8*]"hw,W7g-w`!9Xۏi:o f{PG8 %ǃM @P# *^m`:]̤T#n2{MC$0왰b`QS-Qq㾩-c7V:aX±<mLn|cSIuo mu{Wk6VQDP`oU֬Ѡ8%M?ۼm6Dn!j_{/' 68W^%4 e*"a;2B\%<}KwF aD\dh0BA>djv$ QU`Ք;LDĎt`8 D]tcLI/c@BF@q#\T#h }vp蒞.0-^?/b\̢'4 s&EǢq>AV7->{#<I +,1͒賊QWou{bKflj/xY 1'ev=av2;JkE@88*}6j/ &cpc*qOH՚<Qg䆵 dpm/)6.{fKK b0HlJ&[Isq'9חSOBW?XͥVw&M,[V@jb}gIE7>k" Bo/rܞңuyg,#\m 2 8-}/&oot[sy0?ncߓ(WI>!v@QfG5)TDż"}-n,JsLMoKcypݞYAKƌϜ 8X+ hy)by]r {hW̠\|;I6m;Q\PX]M`i0@$`}@$_ʷǾ{G:I` 2d~p٤wFؒ}:&B3s=d޲"^=>mG7"Fnb7 k[$󦳚LJfٮBU1~Oz!e=0g޴ؾawd11"]3z#_/ݜnm0AӞ_8LLĮiBE8@GͲ4>Y rb ߩx,#%L!j\?)8hbRY' IQ=:=iAU B]-b[ˌ!<^ז*JoN+OOuI]!r}4Uw5e->"u4k^CL>f09>Y*ɿ {osF&ẽU3zyRrQmdy^6=&8HPfY.3I꾝wD"Ff-h@=4 F62k%;.Tpء{6mߤ fp7&{F].Q8ry2S7ܻŎT0 1ьp "coGǞ)ʿ[\ ״pNw)Wk$$s=c*:tB"(:B5.#@<߳a mHfP`ޝCOC K5dƅa.cdd"usMo|P=$,[>C`振D|K7| ?-Ӕ /H߰b#=.#z\+m^Uc&2JUP,*^hu L2jek F\).3{jC< K%q_$2*TLeX҆VY0@[~!"DԤ|?z/UPq r'zE]GQQ,8ѵ]W$15NN 9>X7ػZ&g]JNfbN[s:RZJH@֝FX0BKXMN@+% vh- gx.(t]jϒ.5E&u$V)hhmC(B&}"mī72B2"Mּr`#zs=`ާ3ǁ&OG.Sd_a) U-Ϊna|nۚ\9@l!:OiХ $( [VN;G EN{`5YsӆD*`f'5Fj罂|t!몭lf w V.Aj7bQCX݇yOS+(s@vJ1&*) #8 _aiQd>Ц%yhQa^N^L&,Er rȆv=Ҋg͇<[諦g!śҔMNEb ff eHy|Ȼu>EO=v!Gcf"Uf"*$GIR,ċ,jD`G( k8fU"{w:ѕFg!W%y0їb~ƏNk62b~)rA9/>/|0^2zؕ=Z YY-&_ު20r!U6Ȳ|ve"er r-d<^a+nѢ&r4j]C>cyiMQ?PYܩ,pi a w7cEy,2KնuacyϿa5r/:"OWW(>9/7P@m˒S|pEvKDV <ſ#m؟ITFvYR@[T}L CVηtldfiLko !)ۏbWvӉ>^AĠgu;9ȠJ1D0^eA)L?]n,[rrtDR  ͆uOAm 2Y,EpWc($g $K7*F%(l`p91ֈ˺= )Ƴ wmMIʙ 11k@̟'m_u4Jl&= t$9f ЉRkt O P&Rh/v& ;smE@q}dγUh3[HGPwL y;HRzi1*v\e+IdKhߦ`jQVυ<='7jo!n8%wed'[-~+ Dq.#]>巘sPso&]2w]px]x.`Q$loWm囔`oXg:AgOeN)c!]b/$C}a7-n}4'e'"/hUw-ڵe~`O>x'0E:K=nƀv L i!)3rVv3r_.~'Ȣ 'y| TXHנlVQL9ͪjD4xv3`ʦGDߚuu"?Xtk6ay-T.ߢA,)("}-\z*&IY'EI N땄HW iH_|AFޗSOg DJ9 X2 d1^,X~ ՗@,jf;2>O Mў]\d~p í*s.Ü~wIISoB+q C-Is`hm!Mޣ铉0%Hn 8 T5M㏌p{v;A7Qދ%h‹fl900w〩e/u.aL5wTKvSjXշ?U~nx`|i' K `3w7M[5kP;#?nE =eٳ-qiu60A tĻ,3G~3 m#xӛiԮ.75M&@H ):Ʌ@,gCxƟB^UwU }\_2gSaQT;KSL.u)v3Ry %!mV`Ā_;c^)nx @`XHRCp N?MǚUo5dʄcZf/wKp\Jpdl[FnϤW]yj^H#er6PI]8#0<v*Im]'P^ЎF `s|X1EoI=8~t$#*³bgK N\fXx~Q`Ft׆[W<l؆ӢhmMzk1GjںrgkW5NL);҂L4a_j{ %`PEԾ1XPfcw0pū#0FUV߱3PWTi.rJf1 '^V8!`w5LeȳHD[/5DcPa_T׸!b$U S2 NP4yG۞*ߨ׮ʉpF^I%A>NjL&G k~P'efQ}6(ETtQH0h!"ަM:h"XhGFԴI!e.XӅMRxdy3x@S.プ0,]-}:0REk/N-eSehYǀRy\f@WD8r^d7g8,2wI f**o}uњUc`X՜'iY=J Qh ]$e\f)ӓdV }*4b[Qˁjʐ-{ZfIbt>R`{kLЀRd{F/#]ZyU x w4pw`qwLha) Go9Ȭ}W! ط*}vUM>p狮~z3{Ny %fwP B~&%Ӣ!ߙZc2=fZ<,WQ7V<fraOؤP?y&ب3G,7Z9C}mϘ[a_3*1EWB7Qjfs1b_ vi&Y :lr$O"Bgs,wQ?}T=:6#t+QڎxP7+( !uc\Xwnb7MBw˴DI6G]_F/I_=j$$<.al­#sH^n",,Wq!@gL|K+96P4"8%cTϱ=z}u#::qVѲR*ı1g W W ,k*[4{a\ ߆~=ҧzo$Tɹ>wYa/TĚv PKP7+X"! ;?6˹IS f1dvu>g#5̀{ls >=s|X0লt&t 0˰pKw|_'Jhi@{C9ѐY4FF2Kt)>plvVG-!oU\7~gV^7͊͋}2`%l` r(bfu=þNㄖ;x7FJ/ 4 ݈鑪D@AviLD]J["9pBXWNAs}XyլT`T4y%ɵÍsg#I(>m㺊njz$bFmj_΋%?mգF:e e!^Zno`kU-. pЋЌMbP<ھMٽP ap/!ܑM Ѩ5 vEWn5Wr|ȗ Wn Ȗc\.5ګC7J[Nv]բ8sI Ɋے՘ bBe}]]m5g;B6Lj -\ara;ڱqDՁ'Vu8_g?26VB5Y(]/&|3݈v*`+^2[<6(l 7fW$l2.P)zv2n +w ?`+2E.9RabA*rl?]Azlvtaj.@n/EkC 7S[ΊaCToPxJTiǿ ݵX爰n9?zsw n<((cmVt&8CmzIʩm!\wL_Z_EIyf:ⴏ,(2wqQM],S vW}zWLi, !̅,f% *pZvO[zr$V 9ImuqjnH=޹RTX5 `ؙ"FYƱUЎkv| [wh<'8(&z&+35W;&zf3$qRY/مk"ސbbDW&CuYj16?JpOc~Άԭ`l~$kq'BΉQlebmʓ ԫqoV9wȮr؄"͔Is).㞎GO L#ΓTZK ^ RHǟ͢,*7, _XI୒Q("1 d0"Y o"WEՃ@ezCz#muWotCl+n׭8NlF2N)?$==[d08;m\Ira L#NR$ی|F)(|:ϛiB!Ai-7 R}%69-\±4p'wlZ kReX)m~Qk7uJoO2[:!!Py;ƈFVR ,G&&avpl+P<@]Opvg :J6Ӹ 2?> d2mBR3PZNp0{W#lsOi.^| xg2K׶ BT8.峣ODk΅HPN|`tAUZ~]@VIwb'aˇJ 2=S˵%~bpV`SW0E 2vNν?OXw)BP̰WX\VKܨ#ǟ"c$0 x ĚRc}KY=byrZ.B@m܋n#CS#YBG"{Vu:tYZpbX_l!eUo10((ż>UG!U)V(ha:( u/)kGsybKYk,y DdَlR%"{t _еS>kfYcV-KѶrO3+} ,mr-.6I:VdnR١a\\1s%ZIH `Y_tj0r3,W >m8J"e4.M$|tb >t-W 6 M]_5.Zzjbֺh{LR'd08V"D±]::z*kkEDBR2 _zzkw:Nq}>y#"BIsiP}a~]V(qwMhtsA jwK*+xj2~7=vՊ(  u_Eʥ/v\:м#+RTmT݀c$9p !\4[yFKxC(ſaha t3Nbn\d8{,\iqs55㩗% īBɍ^QTXݢw 2nf=ٗ HOm(gLN YzA\(sܐ;m/cNngnXqUíQ$:5x*fZdMÙ1YPҌI޵g՘|PSIxr=zÉ*{ f Q'|4 L%k &-?ٯCșu_hwk>g|Snwɦ-^X5 w=7n[kaly\&$ajYVf$X\D>(9^O},5e=)ޫYG/%1.NgAV`5b[k.Zd)98JsXnQ a 1-q6.bVW# Jަϻ^S/S]M)Geoy&aZ88Jc Џ">fIGwٻhP \~ў,o 0`8c|C.viۊ%S!| ;C2ڗoo. ݑp&t̆rC=^m{ 2ou{deDb$5- euTC۞[lf]EJ =o3C)[N8lJw}k2UF|: >BpvHf,׊M>w&h$mµyly}i0a OmtXHH&(`-T )QV}z W+u}痔(E`ADn Xr#iJUPX43dGςHɱѰh,R!Ž%fur"+Hv[ve]8u #p}B+@ɣѽVT$$uJ)\5^t+(Օ $%$({.NcA]j(5PM}7΍Ohgd(ڿzEp2_OF[u"ޥt wL "6˙88blB=}8O̡E 5lgs )\۲ F,2G0lq Zܕó"qlyaS^ TG^x ԷB9kE\KҜRjT ϒ{ݴ/!¸},(xSev$Ư8ع"5Z#>N6i1S<[~ g;R4VC73D$nTakSy=J3 =&aOo[; {Q'5ۀ.#8O; {3VfʹDVim BA ܽc7EIlcX6Y_)gXK_H0Wrg!ߧ n8dӂ>^p#cv KlT`.`&&@B<-b}EP/IIVW@!;nlD2ZC[~y#A @rcuZVgeSƂ}_wYvR`n=I[/Ula('Ր|bcJdx<|:BuRdԻm}ٯR~0[Dxy2hG*J WN+H=O[&q /钆 5eJOz~ȿt%8O̓X]xw1&#eQ#{Ahn pZe']rn/>/Vr} M@ש>2 SADV$rĉ<3a]aQ 9`Nm&!Vcf#g @V:M@񯦛-P!?3zp/4 T|72 }b:$T5 դ`{J;jNN18I+{uOۉAJZ[+auܧ+i#Rke(Nޞw{8H[a*eBA%_+hmSHy H8 ŠD`xy++ wP㾆Зo7iV RyXݳ4XU7lڝM^UpJi&jy԰s]Zv[;Osa!2l7hx+KVt/R9xw*T4 mE'tn~Ğu_ Y+ Hql\;?$[&fXNW:21 u|8 ]Ei&š2*K!{2zȪB\BRwDw`J7) z3 K'[FChi$~Ei>36XhGcS4{DCi@M'+JSasQ.^399 oZA2LNt2j/cxHkB=+ Ǫ`%`6C7Sw~\ٞPa'IE e{$FV; ܳ≙|\ ,iIA OlNf*y 1>!+uufY#l9 m! cM-,p;[:ϖ6C3GTPxhRe>y'zgMhtI ]կN401nʕBWnne9R{@ 6~T @Ymtg]JHt„6'3nKЌQSԥ`XBK[ n;nCSIN#VxV׻XgFhdj~Y?3Ϥ+?wB7FP]=ϼ8* u_a!zm!)6(ӓx"CCh=2QV`9Jmse/vthe[JcZ7zCv럀V {QP7%/1AOoeYBxeՊDNfpVj " bAQh!BS,<ݩ̀cg YW*n+rh'[̇̆G 'Ь+JUB tfٺEeȉqd"EdMRq>r]ѿB'&?7,cS_ŧk]`~G~\," ʞ[RuKnodteބG\S1pAL^eToT7zBÉ}U/\wp]o8GE9w ?kU+-4Iwd1/ΐe>— j\f܉RgaH;F"WDpٖ[Y"O?S<~〻&ADKoLe!M~[>m]CgX2|F g͊$4eى Fd"gmxx^;dRXTYʖ4p8Юna>x?N2-7x( (v4jF)KLq7euj.N(9mBp.:vt^r8R1}UFy I{@[=WS}Q Nd` 62nLăm7sIm_{U^7`| mPr*vc_gE%\_+xo9LEz"ĥa զ$*u 6PPnRTOt:~C9^ԭ^MJĴW2  jNNPG`V$1CgFkl*}{` rܮH'22$/Z)1Dj"&گ*7r DA p-x:ٳ1YC)M Xq.FwBm>g#&$rYT bԵxG8tPm~K?4Zg)fTu"vnARP5Cp{P1>fkA@VCQ,jvS҂YI $^z kٚ?830&_j q'_p؞7~2nDG=$$)u4wz s utE=aL|\SR=B6Ga#|'`z~O[ a'DDޕϨnUgE|JA9reg;Y7n^1i2\xQ6= @/z SEbjs6 vdHX1N_X͋ٗ&ˤ22TclP f̥rZ%`31Z"cȡm٬5 a /]_4}|[];u~?-L#(%\bȲ9 RJɛN=NEfmoaʼn:7X̔`@ո- &C69tHyq5wĩ.KRI)*;p/_zpRV )K ΢*&!'+ Lm#z2~JԦJVosa\dt]eY_<9CTmxkG%X9^1Էi ݩYik/oB ˿:$ÎwSN)[_݌>)דcFZޤrl Av{:MWz󥌸 2d췅~.pf^EGJda`HA?I[1ܻ*}a925!JHX(:(h:Ŗ Ytsq;s,HU#sʹߚJ yP4;r3~qɎ gk!KGRUW݆i;FB\xC[ĀivJVc]Ҷ@uuAha ozJ6J6CTRʪd(cll/bxьNW]p]"(ƚX`e<"C2ƊT]QWH^[) !cb1)ssr,I>$ )UĊ' B{ҭGW ѭJtz @l_Kt=2C1'2?G `m7~8rw6k/%N߬Qm;و~ Wyj[$=CyC\-Yc(8{T`mRzO"G{TyzrdI咪!w)S-eE`|O ߗ.|C#m MH%!g8T2s,~ȿje`[8H8d:_I{aOrx /jQۖ tfiCKB.V:]C2aⴀ;G^zc~[߹K; Mݺ ~LbUsVZj?{ $ 8obz9[e9q<#(* jwO\HKn&1Kq:̂27`^PvW_Lon|kO]\Bi-w(TYU}φ7&W3(#ig{v[bǤbvl&ES3ONΉ*,;]"jy͙H"iEiU^lFy=e6(߈gٲ6WP/ SqY0_dl˃)J'Ň9ƍI)P#¿*iTZh.;o+*˂~ۇ w{,! @15_;O&TnS ۱ϼ̙M?Qi='`i[y#Q$&c@fD9ᑽʷE$$U2΁ۍq~ +#ͿĉAZ- fM5 }kyUf#ؓn0^5;^zTȫI:l{᪲X15Me\M%ڢ㎷|d^IG(!Ts6 \Wvrݧ=owÇ(qYApyx6hR|JLIy;Zd`1ғZIK1w!h1@C7.IJ nHOV#-%0`bɟE ' Me3R^o$HOz'Zlۃ{=:CAA{aK-8 ߓI \4WrŴ5IG*&%3GRW1Lˣ~97uYon)8F!lrWFU ]LFkͫ&4FQ2o Q,8Ò-EޒLњޮ;ly Cb=E/6XSSI )\ε>"Tc t/bwzvDTj"->H50u:AtRf#\YT۵y 묍xuu`lâxm BeqA l0{ҐA9'@{B@PzuP_[^}~s@ &Iи(V'}8.-p`aܠhÙ&:UOiq~"BW"4.Rʢ]43h׺wVm[ޢ^= #3`hguqW,>3BYǘۢ% #"~FNܒfSEuiE.Z`}ġK0tuLcWxOM\ِ׭O0B_cH<GA鏡iBt:{7.3S8-YVqk@;L!,F.jLʜƄVTM)$u["-$ ZV),ձDF"6+ N^O&D^&vV ℠SApNuR#<71C f6AF =r&FJZ HcSi6]Ć"z,klz:o*ւK-RՂU\fq塚?~ؘGFM WCx+uɌ/CQy]{:xu=l'ŶcNgg^S\Z?ww]Ʌ-K̓^+Wpal!HMQ؞s''ͽ0z%| WQvLfX/uwN.C!viJ;Ѥ-"U 7%NsZ{Ĕ\&Ƈ;BW0O!e:Bw)XLm`U9JߤQ(w``@VWBlSRqֆMQ/ qrQTE((F—<]9@I0Ѹj@қ#34UV&+؝##j4fն*qW?V\ZA^-a}$fcToР1Ls^k9cq|VIo :xmn28$ͱuG'r?V3+Daz m >"MҲJK-о[Ipv g>P;f(Jw-8uSK'6ݒ{[nn3cߣTޏAK/o`bHd[t'݊4,'FQ2KryTQYLׄR8ϒGW΍eV OvC"oټGm/bFXV?X4 ū`e3KV}1)PUHF_n%z\4ׄ=3;_.>ThA_fx>%^M?I-97doP|~Rv{U '@/1N۩\e 07IQxicdYh?a*4A7 N BC)sieDHJ5N(hX\} 8Rgu(@/\_}w|\*Х VfCA aAR09)HT{AjQk>^qnj7 LȰYbcݡmI~B7*\;g #V/QňtfZHLsFbBǍeEe8 y&\*Wul-!CS([ChhOܒRl&}aS(~@ClԹQ~Bu'#bw%5v@7{'eu\4ύuL;WH29a 1 5Q_2I%+e lS`W2[Ϭ+vpiDŅuJ;;:_zN1&[V&8R+|[q̳6WㆲzӾ,][vp8+Uf,6s9=c` jR>v\ֆU/1'Z9kbUuXqپZ{BhH5ihv˞ʏ\9z<RNUnGhnc-3%1O>ȋiɮNfy##AK|ՀL>"4M(#`*}Z㜨dK!=\t\О&jd-U+$R!Si;ua^\Km4r+-κ}xg9(Z!1<9]χٛQK],"I 3!ZĄG9$"u]7I01ٖQ5!ao%1cJ4 3-9Bݙ#b9!jr*AķX/ Р+QV&< ͔(CB3ۑs꒐H)"fgΥq,8;C}ax > _fWifo cGƥuͫME=Y\̹R lbarY&fY ]S=_)2h\^{J7_Iƪ1*O(ev-X\/`n=i#,3*Agɰ$zTFv#'{*2M HLH * 2nV-8]NMvsѕ(̩|3t0f_{ >'$;VTHh6"ҡꍤX0Pivor1W·mA Ȟ~2k]9sf+Jr3zvGxbHg~l 3\"akVl()gXXٿ 2}v#HBӹ^dtz\Č7aYSp+^Lg0z~fj޹sWV jSJS5տ2V(vR%G^0!_'{2u vw>rRiqׅz۷[0鉲!32\@Q,+9IrqZ,N0+WC13T+GhĻޮA„lCϐ&ƞZ ?GJ MD ³40d^= `D`|ӝcGߤCibUKs[s .3,4;*`Ѥu48UsgOp3~g&CLz7{=^ ϸ44ް?p-LZ輗D"ߪt;6",ޤdP(/׬vxr@JU,/ Lq8_n\RF۟ !eLi4;^STz!Zx=N][pc;ڏFtzbӋ5⬹썔Bۘ3*j‰wz;M/_ w109o2\3cF XXHqpE@] ;4k|Ng㻏[ fG4cp}[B|פc]n~i{0r t6lR>q$>nJv[[A,5:y w/ݢ"g7Jk6"pp.Dnlkwhl;]t B3}N]M@N4^Z˪n@mtݾ '0LL  L1lqG"ඈK5lb'p Ldv֏h[# }#$3?˫$XJ4]!܆[{3ᵀXKM}1^{AYhnŊ1ditJ9ݪu0X-\]\VY?Hk"I2b0HmnݚT|tNJGqv>~!ΏgfcnNTg!h5-sF3lG8x\\mFS©7z޳y'`^I5uѸSi I7*:t;ž[6㋞=ghJ[czHPhs*n"ihi\3ƥ4E9VD(Aveuph*eI-Y=-|nVIW,mx8dӧ|T4\MpalAM99#w}n dI %]aŻԥ`ySi)7-=|/6BZ.lQck)*gMbIIQHݬz`̒gAL ffԱs$X$"l[z1hՠcҎN6JFh~¸E:=HW:lU﨩" :S_AJ/>/8T'td(밦M6֪yL2!ljF')|-oPsxNZ#`V-r~|Jc=b6cK=i[)o`EFэ0YH-SڨQÂ=мK\[hb$sߕ{lxu6XG+tnF启 B@Vɇx?jag Ǧv `rM[ l+IƢ:Ӭ [-к<~eS5]:LmS^n~'?c!3B=*3Hzau3\}bl !=5]\ bf> ױ@-l+.(vѩ{p"_F|߶@8=XyAB^ ]Tkx둆9qw[#X?4 tAPW1:6F^pFvU0>ZBsSU{w!TvX ͥuh^3Q AZ}^~ScD m#\ZQYHXS[T ZXJxfx/{!R3[=3-H@r6K/- eBM { YBka66 =ؿÉp7UtjR :dlCLbm)B_ lAyذMݎsSlLp\o+A 5٭ʟhOL@;[=~ca"=D+(FyS!WfG}>]k_gF^Z͞"BT7̔p/Gܾvh^bWB-JeH R:+ܻ]~ېsk̕T *ukò:gb%fmlI Eɦap}fUX5QaX1;!ob. TaCMދ*aOesTlp7 :@@O)RC.g_BsmlDПYFJܫ},7Ig&{@_[REt!x|K ]/!GϪ+wodi;Uv(f8qs1c?3}v@}Gji˹Q#gZޱJZߦ ^bEiӦƵ0 T׷IU|YډCOX&\uaM#M> : IZMz1bLy"h$ᐶNUȌg7m \~ݻ&a|$z$3ĻGsAŕ. 1M un?;ؓ\cZ`lq3 e) 90+F4n':/.?mJ>J{qtMY؝a)3g?oF # D!fhZ{שp;գz̾  +>,9gZ桼 (-1B LL~UCCKm̸BEG' }/9ELU3:Fjͷ<;IHuh^ rqxog;j/P|R)a0" 0x1H& ::It*z-ɫK.zm-b;Tq9L]H@S0Z oVݏ+V7x\,"Dx89D7썇txt)pSe' E/J*SdNPDNɵ5a«_<߉;?afF҈鎓?^AF<@0a+ 0l'Hߘ_8va]ͅL%%ɷ kQyh lT˨!=S.=iWpHzG.\L&)pfvRQ yO.T!zQTX~A#Q&(]~vO'P't [~mmb̯!ZҢb^%~M[惡bs~ΛWKUR93Jh_w4:hi5~Th$h8MsD6D>'BEԛǝ%[bOWI~D8oݝvN!!E;Ӿe4њ%Ze!89)l烫ץHu@Z+ffYʟȮIb&ioMhQ;ש Gɠp|JxM7? P?J풟h64YHXGLqS?a4<y r16eбا3>P@L#[>WwNiTqFxO:7߉ ȝTXPT1톑QcGr|]y` 5ya pFd@~Jgt?=H@k2ұ͛phsnZF1Xi:8>P\߷~qrn7Y=?v}H=1k3Oi7;Sq:@m"cܶ ^7wTnFX=CtAνl-J\XB8S|w HQ颻ѡ&e0hV?:tY9\j/z:j'+8*pl z CD}J-Oz]RZ z hU{Ós&kh=6i"o1^_pcxg~1'xYjufF&).>Rj~wtq)Hх>rr`tOk ^s}^e8n:2耈xcAU'޳̉]ѪJvdL֏wln1?l]aRu 9E~֔t2&D5AjNY35}[MyM躑`u*3UOT0=w>\Hs'xho TF^,{$ ]A MNPB@Erȧ+1Ba,<"6bbRT=:h7(]N_^q?!oD5 NQKVϵ[k1 γš <$}y?IO0YB:)yrY}"i|%'Ŵc>3~T7/MX;c~FT,*l1*kDػlwM]duo{! %Ju)pD\R.v2D5GJ0JHZp9+/es~ HٲU6Fq/@_(Br&OVT0aCʢ&GGWid${HUJ%Yt:GSzqLn?*W=9"@,qo6x80SK[A9񔖬FAՔ$1 c?W;n&c$dkRYGn6%1V&_bvw@h|Q[c#1(| ?*:<0;TN*j}k]E\LvפBB&3% ~Ru|Xr2Py Ce@x,@L\ImO Qd%L``N/"5_JD&o[NP˜i`)OBq#& QEс3IunN<`s}?oҷ~g1}%@'0eЮpII@W:4UdO=C&j#xNJ?sGB@M01QP%&%'J=:+ޏC91^Uٿʀ/H8(%x6d/t`Esu zm[<~99;F0̋07$AX{BVW8~JSIs}+G_-ؒs,< yyDV7i0ayY,DԎ-:UIe.y=PH˛m[ %"R!Xu.<t?(Z zL( ~>kxblaD@//[)LmI+ڿ Xq[ D{cqN2NZ%2drΜ}{aХ@h4^I%AZKȒSAĪ#O?RŴt]B@ѐ[q#*!7^D/bLD2k(enʍSY0b^X[lc9N_{Sx$cü\ djs)%^ _s/J^e+B=;LDN5P(Á`pEokta4 uW،aH m9 ۳J rﷰrQRjb+zeutOTΠ+dZ SM$k9o9cKH$Xgz?IP#A6Q_54q&B_&(=&?q[F{Q%$\{u30~ U2 6!m X拶~'ב; tWaˉ/m( 7ȻyDf>p*<;Qӆ 6+~I!m7## gq_U4 __'"(|=YZψl6%*weq'Qfts.0~cI+~MBq}#uYZR:H3o7>.z43O$T 'Ùh#֪fTxws{W$}3іiK@[%~DyuGhEאGHM%` jn 1ϋ,tykjF ]_(1~ԲQȌ@d{Z6.hW-\cQt*sH5u47!I̷} JbrLXИkx5ɏfQls9D'5z$0#0=WYu{@JF t:ӱ=lJE{%0vLR{?Nutm_m9> bMxdEsDrp '`d15sv&ct xkx͊jj~&F3&Z2vFzϏ?x?xvk[حR)0 n6PVꅠ"5y[Q 7ioz /G y ^raB?5_Tc`-/_fQgoQ\VCut `zReR\KV>N )o/4eNl+,1_#̌K6Ԗ>6l_G}ڟ~gV٣{h95Fj?{Ngjs g)AY^x;99|gZ HނwH4ddhrȟTSo$oRg7FOBߝoM'ǏJaFZ郙&y $ۧB57eDjÛ缮!ii)>3`o(V3?Rx{e̝ a8< q}'0u'G4ʘnQiR3LzNЂ`6Qu, ^wBޏ @rs[vLUX< I>ӡ0Udo)_ѸLyO+8q z­ ZEkXA+Mr"X N1 k JЖJVYW=+$`wˤ&Ӆ_Ez9$ęRn5ʳWitEH˪5Bħ~zqz[F!dma\^^ a JI44h"02=w啳pZuDe/3 =c;=/{yO-#P9/ڋ+#jhܛ0;5v0KA/b(|7iguGjA8/Y J7hhmDmTf^5Rw!tn2lHNZi5Cdam@+C M4M5-Bla^]Kp'#&?`a774W+CS4&pvxM%,6tB:XYNhx~V!2yذ2%ԡڟ [ |!ڻ?1pph׃ !Ìp;?\]%91NrfG2 gTY",I^[Q=BQ* _8:_Fm;L,g_^914vL%6[#݋zK%|`c  f!n3x᱐ާ#a*aU<?D76[HE-QNbF%7%;Aƈf 4N;҄q#Ɩ 4{pfzI[9m T}*ݢF.4Dy x]P5ᤃjhgP\z6ն~ȹ\2+ぱ?*WylެNX֍o%Cd 2HpItˍcEc@E GP#ہ`3T\}T|:*aڤ9O lK14rsE5Vs mNl|EXhFA3FQVuvǥCa=a,YeOk8]b.aOz4 IAO.[1RIsz]Ӭ&kv)]a#9\Ə|-זf!EQgm?/Lį)6X{ lAQR$QE.ֲT$.7HD7p5Wi&ZaS}hgfx3 %|Bu_ #On/:ƪ--Y/T54cy}Qe/_ce _Lr Aj^P_%'8}I!x N'tˍ>} Z%o{od +}Иc9Dg1@H<[a̔~ɗF־(eQ93~% 38.y&,Q^dq#g\+ax1s,Yi-P] X>}l'vA#\Z2Y7:T enh#_I#ߘj `,;2y_=?%^@ODՕ*"䡓oŮ!37{'&o?sHZפZ8U:Id=*AQ 5+cX^*Ƽ`rRL_Cξh`Md` =5kjӂacfB jx yhPz//R4-kWF+?'`b\=Q"?Ob.<:* l2_ҟX/ ߭-#o sci/Ўg> pbqG!Ez[CS2BSN]B(%+p;|P5'{р?1(cj A fܿ#cn^ kwظx)~=i) zJ@Q[ؐWJP-N= i2@ise42i@LIX֥Lr[y)^R!ݳOJ07/d4W޶M%>/%mwb=t\M ֘Z/z ^pa(,S}CykA<}(m5,6(SNf^#`k=.[>5G`qV, m2gG&-\+2ŀaM>Uz]o1v/A#'z\˼i}ӑ@Xz?ID٩6\~a}VP/i) R_1Pg='(LtT(~#"'_!u&P / lG!ILtHCh6{BigNT&4}Gw-9ê7)t}l,;@ܝ`wd}tgs޿䟳҈2+~ ,vxUQ&}OlLFڬl p}$?Y)urm3@PwWH ^-jWٲwם!i_,_KJXvN0 hpZ Q>7nuhD10G)KanUq3.p,5$d6Ya~*a)2'' EJ̈́里c7hhGٖ ɾ|J:S rXv^RD"~RsJ yNy'I˻a< e&Y{FSTWa:Ö_hJf~sSVU+ 54$WsbV:{B0n+cQ~W-}"  `}㸻r; UJ&m=JK֦&6pMMT*Ud YലSw \#om> ˌaH#FYt|`M~t`BߕՊWd@'I;E1[z.B\aEg"ɛ5'>n!BFCP#K 輡 z</{5^~nux!$502Sd7BC3\;8J6+聑y&{s7W?)&ߧz@OpY(97C/ ]݀[ucR*3wKI[ 6q̪T @kzWqn\wJ:/B6Ve|^pz:+3C:)azȨh>͞r-Ic,(]MY!B"B̀'Oɣ61>(p$NҟY&(E<4ѡ,q1RH;W51u,jk"n'{MVn9",g wq}x}XfMgGS21nVhmY6#Œ'c }fs!̇ڲ1W˗PJ %gqīx?0}<*'pk;*ĥ6-8<Р诋 T(;\8&cI=R+t`MP=Pq;@{ɈX}n_ә]ŝc 6;`- ଌ$"ʓr:~aVݜRP`-Oz':[}ˢm{,{; < "/w*QJw {nJrz #xQaXOGw,{5w dmƀM 0dF9π%QBw,l5#XMwWhO෈b´ 0Îąގ)fa1huZ{V$hc:nEfs ]%zYa$ÅUQzi}FqH@z%"W-sdfH gQv?Ic*jҶ}x9`ekss*)< dfYu<7QqxFpFH,vzIHcNXImf lÑ$'yUJz] #,^o4,?5D|.7߶ Ի Lj~|_ؗ:/v )[fLڠC *`Te W6ISbD\ 9͆|yίz u2v?"8{9]?bB_li#e#.Ep˶YLӫb{E!]iCϯL)9.jEL+#ǍuPm4| ed%EE*{ /ߞ'_y.Gu!q Bާ"7g8,٣tsCyD tMZ,]kf}յ!,pr'DjߕTb>_~LP,х. O!  ɫ*^ 6B:K[+Zt_Oۿ#h?#|I@4vۄSMݯgޗ(2Iұ~/<@nۛHul+81P÷'8O^"/aLW_N9|^vZT+j! M%8V} qVBKc+ߎԄ &5n$-qOmC-;qÕo-OM>sB]@c a]Z5xh2]}ğ+ @0y xEȒ#s&_&kf쯘f}Fkwʄ"nC$ĞKy ⿽m2CT)}!H0>T*?\B)/>q.ڮd`#{W])םF8fYB[ٴj=?l' 6q`D#U=ڹRQ)v3I9zaf0|=vQE宅 "\7\7KIR-@ҽ B2AIEtLZGJzZ8v D/ye| UWy6Az w6X%SRsJs a/Oa$pMJI&qY”z~i@pDmP[Wn9!y"'Ic>-@+O}FZ O\la.ٸD M̙D0Ǎk'l=/)kd=b$+R?kq6f Мv` ?~2b(wW"d D-`6V(Ǘ`@v)m o-@4X"{—?*nM7HzXזA vT&b|^`GU̦vr|HZʼn]xVS fC\!4W~g8$EW^4wୁDu9ŪӄާT\3i'+[c&|y@}Pڽ2wb]`y_j\e/ 2[Wo'@%:hwQ sϪSkweY`=c 4VFЎ&ef:@4\ -i`{6s9z e}stI($+MP!fo Tu9=\d`(7v~M\.[CNOfkZe^-N糶I-D^R3-(Yea4.-a"B|p~DVs97"\#n6Ţ2 c"L-يU"hu#x`Ptxsݷtsg?,ķpfFH w9ʖxAE`M Tso[GBRO89َZe.7Jv Et{ U C ۬t5Hle?,nl;>d}FDKN- @ 4 MfjmCu;*S]Wյf"!q="{DP2L`ϪP:?Omu YET`< sGOap$[AqF)H䮽ci"/WpVeWBLy4T^ R1U)GzEI`v%V۬ͪYS\x{B"qYЀq0alh1$lיhvz[7܇1NF7$͒$AXT9gd@e o3hmMKficmّm%V¼;.+RkY㖯ryFPo#1t^ÜNG<ץ\}T j b5M;>\ZWY +ǥQmOrC.1oςA-s"Fa߼]Pe˥,Z?y0' 8Ϊj9C+jSdG(7J술UkghtuR\t݈e6@ac 쉫V?o7r-Wt `\okHҠ Dz'ؼvNL`_cI hN-^!-Ut0衜G ]@&pb\SН~'[u짓L] ˜IrWs8usk- ݖ-Z+bf8,HSO]9Х_њĚ-J~aj913nN+g<ZWjʮA+)0в ]H= hdF9vqޟb=19#8A5jZU*/d/Z I/[DT7.q&Q58fb<ɉ<[!`Ԟ|inɷtK󢰧@?r1#84G0aHHw@O(|DGfX6Y HUkR~m~qe;헋O]1SE q'ɼ=&MK _G;L !  |cxWS.7űmkE_7͇;vDcO߷0!7NZߐ Oj=߂%7!3|^^L܄t{0ă)}GBW@Ž-ެ -vCh 6Wx2UB7U'ʹ1sUk &G:djridf'|jf+P`\[7jީji ՍDR~zQh"ܛunfŰUq ά)ot[Ӕj%DErg0[W7a1A7OQ؋F G4; XgX<=2; ڳ.giMCpnJRj:́ζmc ;}i7#}z^W߲ l[؇0@_Wo]ev!:2lvM,-Ey@W`R>^1y1>֠w:ug&ʀ x(Ó5<Q&=\ m~}Mu81;XB.d왹1tueD -t"5Q)m*s;l ѽ&$a !jzMڸs>'R:ɏ.dnٯJt9:qӜY11=A숳*al BTnIhU\F -$LW鏨{Ud,h'ft H0$Lx V;EhJٟ9uӉ`8+gO#؁`P~@C6p3'bKV:`ye;m>\g/5%!]y]j#;!0@ܙ݋婒m.5eMq:oEU W/<88|p ڃ^,w9$떦b#iyhg(%:ɩ{1zf'%Vn+l%G7ޞ%!dʔ2-T|%(`Ŀ`J81,/s' XFZ/5z\5cv#{]nWe;Hɧ/Ś,b3G;~A!T$[:!cLT1=xצfQ;L.sgr,-m7{v!$$ ~gV~xɈ8b&蒦. v=D>HV}aB-puD4n*Բ҄u@ڛGİ-CVA$̫5(U9A?xDՒp[lC/D!qu ^٠ i~jA?s1?Eþ<=Z @/~z:;n""GCstq4\zQXAMOYxW6@Gvs@7Z]GE%ּ=Q xf USrϛywvx(跈?̊g"!4bKjϻI3DM>@ zl)Ha`S* ?[8`,-N恁IkA ;]|ڑcx,kEPq4Qیrjpւ+9WbfRBǚJ^u#XfJ~=@Y`I ZY$u9.?TqCs,,QRN|<5rB)F=2 S-zDBv\Cׁ\X OT67F'zT:b k$aIiÔ=r&m\ޟy,`荢68xP K lSjQ8{r M#;*TOvH9 Wp8b7 ?+kgi]Aw;x(o`2hyoEwHqz^V:E.}I$qo 4f}=$\"ԑ \z3g{xOi]Yrc3VmvqDF0C`rwGR^_wA(+S"Wqp@C(oM{ؕ>اx'2מ-~f`iSmvڨ "&_D ʤ>=f#P [ޒIrnX_\I Ա6Ϻ̓(Gd?etwq&@]TaFSu\x9[R6Z!H PN@BOnߦ{E/.S j#7@4bB9kEJƯ9T6Fr, VnhuOAu-1jĬ,cv\]Zw}uw?=/&z,So3&Sx3jSOV&2x/z"K+)~^ʡT/mq,E9V>('fj }g_q7gRugV9UXTB'DVAדU,µטV0x rUSLEUP|٪3%x5}6?}LIқF ճJA9[ ޭB]#aa m#Q>nls=tvwT?^x;2rg9ǍvWBR_qYXs\~f΍ֶN;a5 –f|M^ۗ`-^yJF$ưo(ٴA/p8WuCp03jwu9JN1Jk;]l) 1hNIPɬD<-1tq7 KNhӂoJV~/iV- zmV]%陸\Ms-E^5#/qFФQ|j|hYt ˥W?},\)P0CCA>ד"m}m c4{p|z\W<S,_*T.a'4Y#hBBj)aVV88@uxpXiTB}y?3G6*) "ӘZo$BO1;R++l݉s)殳eIK!8 ( H~P tUN o9P_j5\O(%fS#L]7+]yaSC:>hFDNa:u8fDxxa{n[ qHKߎ!!BsHLl1_i ڳ6-\I)`z>;vqyy8[R@zh1Ѝi3xpw8m{t4[&n 278`M""قSICG{pAUT$74Yo?bds0qڋJ2?A?gUaf*Dn:Ah9ȕu}/0!_Pe KM])ZhvUwf.p Urc ;1H~%P\Jc {ҤL)cߥ>9"P`KrXb&l ?Jfb'4قpcPd)"H gJE݋"S'a֡pWiE/n*ä]}=;Mmzr*39ݮӜZ$e-B1ړro<1zgzB }Qvm^cV9%^G#^r Go.zcw\oT&|հCDߴq^M•DC7C3fU ]5g_inKywӗL:O ~p02E7 ƄS,eR;p@c>Iؽ.ܭ}àVU@&2+DBp@Oa1Z}7}vpf#`8T eW;VHYrIŨ)91w߄+QYΐ: I]Mۆ Nx?g~lsW0(uHۓn/Z䮃&Pi/_:Oz*DJ1\> Oč}xxr.}ja?gj/5׶t ԅt]:&4*H q1_ X0}1irQ-PI(ěrVȫKԌ⬾^HUJIty8eՈMկGBƑWj s)ԇMɻlOJ |)e`ZC8lxLùIX\T$ %hemr8lwV*sot?ͦP<BСirqD]!r0W>\ETog&ڽrU/䇦|he?aXDTU-#bƖ ~|/V!RA7ӆ$`ZzUoRR?pDbz%8)=)@8@եK81.p$Е./uUum[`7mk1:}"m[\&b 2$v@nr  eJbY{1ȍ^E'Hv@/M-ki.+fҞD@wk<%eT^ w|#"+S5d/ABPq8MEknd[;C!cu.ގLI0` 8%0䬥]~%izdA gu V)eGs59{pb8qALd$`(2xJ4*~@i0T&SjBmbYQ>d*9k󷖦H 9 PN!Ff4`)?$ cl2#w  c>ɜ"걺XS=Yp$;aI˷YTb5ws1Ň7o=Pj:*|K:Tt6/FVijM^iUcow$rC?+8AN4R~#ἬlCdeR[s_zgcDAGXѩJbLB?Obp+(# jφvW*t>hϥJ2Â4ljL:(w0m?; br9DŌ40HS+Diy!3q14xԙ3g)@0.3p(b VOz[YC~E5L3#ڿ#O=tٲ:V[pǎ`nH]BW_Xkˍ6{'aWiJ^L!irsJ{mݍ4bQ/w`V!Y7Abl H08Jr#4K>qڕh C[,$!>ߤF7W7cmEY-M)GIYNPeB s{C'@<|:uKFf 0gj**9)JyߨK9y0]ygDʃ_4R-1RUV}]Bǂq-%\0SJuxײ x?!uRch-1cf ?QP=MU7lc_auvl*e@:eOK~{Ԛ͸{;V m-aЎ|I38g"noT" >W,&M0VOQ@UDxéG\u>q,T*|\P|}կկL;| Pdv&c%B{P&7_#3YEDbq24~x!<xv -V +x!RR c`|٢n}x5,tcOSCvl3L}UbuҬX[Hw9/-Q7Kn8cba9:u^Sum=A\BXs V_2s n&Cy%o͇P\&M)53RO%nkØ w&G&{:4 _·eQ#f2J@sb)AlYYv?F_[SSm̥FIMqjf~X(nfd 0 ;ӆG,yO{u/X9ВTNҼzǗZM56Ɏ&;4Í_-*;:Dҁix4,'q%?ХgrPzz׫ ?(YUG* b.6I^&~bNԇ%PviGd6sE2O<3*1 QL  VݍtoBJY^I#zF'~MY3|`C;~4ٶ1ckHj~yBܥ8Rw 3ۤ>`UcrsC?!^'S2BO´lyyxCvnmvYmꕞ!e⒦IUH(?9- عT,v t1cm޶xt.Q"k_MW, iU‡cy29{7hl;_Ie/s20:ȧх j 6 PexR[4b[84cc1b8DMȆt ^ [A=͑{su#\<(ƇdokArY>TU会\Am-_0E \CcK+'%*$=}I8Ej0x)" jHYb% i 8aCO@ (f+$7'{Ir[en@1.8͓M6`LCMa E!oE} ]@B{ܿ?>p 0f!\"~3 t`F/Cg&!/uCwV.=G57Vmz>vcZ&b0`< }/äz6؟S_фص̓B0S[i"R`5W:-Eo5[x̲;k QrBaνHdIk~[~zg҆.8Sr3;"FߦB<3,(`BD?X;>UTF|%1dn%imVjl&F: ˤMHn)E $LމHB,$VEPC9p5lxgL֕QT}۰Vdw@\Bfn]~ईC9ܞӖ4˚GKB-cMRm+{Hr1ìJ^LiCUQnaq0SV}ݚ\ ^tGȝ\q8/ܽ~"Iq|iqGkcl%_Li:$]}7Sú)""_+϶$;;햼'}x"_WJt*a9VBce243 Q|#r eǪ5: '$t{U(Y*>!}"LaG#֚%zark6z*j_YRcjA+c/|zB1tx-wxYIuا @ztfd ŗW*6O9?/-X_Ii2]IU- rP=Q[w8h.\bRPaʵvDPVes8cŶ~C.d-$%%XnY\E7`W,V-1ޫ*OE6_"k8;I)VW:UUݔ״w}(۠"@\b384 L+{SvZ K) WDNJx!zJ:jn5#LFPS^H+h[%G(KWd zZ] Ō}KhVjyU:Krw@~5Э# OβC!AQqEnRA-#Dq@ri)ufYQXT}YK0Y֯ڍ$cyodP  ?t ߻@%< )fs"# luj,9gnxg s ٘fBO`tEWh ..I}E1hh 䋳zMs'-XB^gh4lgy!K'H9'}'uKs\VǕ!v% *#QVfK4 MX""eׁGܭWI?B8 g;mx|*"qT”$EߓX-To0-uW~O*G,qn:zɮ+†ES@a\|pl8x-Ք d&_#ptn- h%m!7+HflGxYEƉj*pfx7$fRڱ|s%\LJ=TqmO0Mأe|HgO`$?-}tMWDb^9IqG5&Sa3X^`2i86KnH"ZNF5+h|0HYALrmBdFA菚Ś׎Vy"xg} Inϧ ? !FL˗F/ 4;DNؾ=I% /K+L}]V872S+'y=a15 )qL=i8Afӓs;1C&{/y 19FQV4޺ףe%_-\g*fDf >h$_峛/zR,M'`ɿ -Wak긻{x!0?h ;@er$r^U|䑄րV}o4j \{iJ~$G35G{,jr:5gqCQ Yğ@v[T="3?1 ɣnC WdwEޣ AqQ0*;(;}gBԘki$"ffX!7YE"U-7Ϲ$Q̗ 9sZ*j֕܇ \;4d]ΤiA&ygvSk brcM͟f `j y&3{Q Egd\4z$Cs]L`;/ (]AUcP^UUCusJYϢN>(7!vhŮ~2ҝմcnj!1r ~0<\xيY)`ݺCKo= {A@I^~[mӡޡu_3U!/8bqkq^A|k:?ĞfS!bq%-Ï`E懀NkvC* @iJ):a9\ x'|@X$ySM <3 c1jJ~TT`@;{Vo ǧpx5Q)N^ h8+s'!N2jL&~&QTO\HpzIYQ)~[ pW p6#+53OL0(iOfGhjs*P#R_u,XXpxQ,y>6=GwaxGEvg̐Tzp .+8hݏ땸8TBW7,Qt6Yw&5m4棩x"{vP0VIcKΙaURqmxN#A!^$u{FzIJfsUꦊ) Yz/`Gfksgz1(9 4|B0,b]).qD^g98}1l1{`IhDGX?o9PUBgs5 >VNLg;9D G=^۬TETo'21K3NA2As(ZW?A~,tmc7t"jK nz!PkFT m!:Pze<" e"JYT=(FG GtvO} Vb2I ,aac(@ET( $*zOCMWYSbӄ=D:]0ۡ ЦCG~,7h8j*VP J-F|ZɀULKWbՂ՚{yMW|9eV.K.2'/ _!ttQp&h@~fMzGE3&mG!$|MZا9R /X~m6hXSpNg!FD*hJ^F'Km B6V ~X"^xtVmi0T!jc.٥>̘ ŀd9sfud'G8C4~6E3Vm-HB4H>}K#+ӟwV\&hC-zۂIk- wMI1B@857@9"g{^SEq'9:(_7L|ouSs_zpTeFEft@=E8}ާDq18kRdGd~Nːa.t(In\zJ?$US!Buy԰zIs#`taD2d*H/B ~!q#E^PQLb`gtwo)7Cg+gp!ڏb+#bh[e5aIFHvYyvKVtKRCt=\U6Q0Ӕ L niQ`pZ%A (]4 2=3{v(ٴ7p +wgvB~lo O@0&.DGpbL]Fg3{iPqPTGtBgtm'!X$·: BĜlÎ-PhT^0oejg^(;RqIUvJ1ǩduc Ó̦5Р2d$3K+~G/&FnI k_d@Hig@̯Cʋ*A|dɈ )UZ@ 3쳋4\A6ES-l~`owgԬ.n&.9ЇՐ13!ˏz .Ӏ陸d,I5Cc_w4w si# i߭~q3ӕjB܏!Y6 x#_yOε/N?*H%W-z{UXO%״@CG]V; u]L#laOT2功gj}ȼtI]st5a8z$M2?1\77rmypWyaHAJHEn"ʬ@!7et f0JXmz*jK``݂?_A4jy1Ü ڨ=F}ڂl㥲m8mwE6aˆDṾV}sA} B@v{}7 t Uv+7p'y|Y0 X1"AMإGV.|X-w'5(å_w~Pw'޶ZL{5h%Vl6"QReH]*aњ}xs`趥Vl~ F#$(zYgjhH5_aypv ڔzcmi?mYct\g#~YƧ^3Vw.Ͱ3vYXC?E yۻ}86yD1vtn6\(⻹0 yEr߰O}0#81+oi4)Ã+W>!Plۓ =ty$z ](Cgn@0R nk&`f rO8R!t~t @2\ѮȰ! gW=E mfۼ-5$p&?",\].WJ0)A ? ~ =Ti Oj }6>vϮA d]~,h= < Z?@MES)akOiwzLK܉Vɔ0UJSdoh˭ORG{B+8'Kw.1|e7S>5&][RO0~rIPjɓQBk͔uIfԯ(>LxTs "ǿ C՞7 K-AoW]! oHY<:qSj6"PZFЧ0QU(P:L#Q8WƧpXtX#t,m9&O~6(,B'yL_Tq?_LF p ݄7+ dG4-խQ1lo7Sd"?;%-.D@%JƟUaFL>!s4ݥ=F嘟.W˒BoXدZ0r"ukGzms}q=H">+׿-8C@aN6 H=vMc "S <.)%c'`JpE<웗p>Msw|oʂ2؍Z?qlC{(/͏ )^\uEB꼦4Bo!6c1g?΍n{$h]A1l5SEO _bRp5  F6-:I Cݥ8"l+iw5C /p<ܡ%rG=#Zϑ}G/qj2.N[m3闝\ yF }fOUC(PPzqge9G BdZ[>4bre45vR.mKuOl9 z,TҌ\,(Ti g^w&v9O߯:JC>i3*ǀ4Iщ܋(ւlWgYD]<٣-cN [ Xd.dt06M`Β?Q|6. ]K'Q+ᡠÕd-ݙUc!6~ >?g8T{tޏJȜ/S"ɵoҞjoTCUwz\951bPB[{ |DYf]àjӓK8@[?שjwΦd|P"緞&˦WžUdwsx^sC|+hH/%>Xϔ̉EWp #).v̓ :* oRcU۔&1~i W* ?Ry_u`ƛ`Cx0A%V* vu _<5 2e6uYO:{,kd !f'm~i;i`ĢdՒFxZ2>^N9>) d'"hcFZ]vUpXQ C*nrXbzD\ݍV2YW9Ď*,*>[1N+LY7PǸv]M+}9q>xد9_-y9Y+<-ϊ&,q*[COf>mo8KK@) S5٥42\Ѫ?IQBw1ɖmgs~4-U~UW{%=C߽"[iݑ SpƜsZ+v/~elcZ:0&3t[q#,$" c>E8433M(hyˮٳ99պׯpLgX?ykSZ̶+f8J_izT{ c!m]Pt\Z3i{,,FBΤǯ@.,aۓ(A u93{- O ?&8O*[r(031 ǜ(gE'nm.,nR{8WnL04L1%' =D(dE[#mC83s(Uk]xizg|BLHP q xT a]8QRLR3 @|͕؏.*1.UP;+f fLkMY2G‚']_/{!u"V>NCU0Q`*N0aOuD~S&cpيJK Ep -8bַ1]n9P $ynYj'ذ)v}UT4D{),KwS5+;RS!7eʸ(ZP}"#km_G,9)x.U]G~"`ў,D?[B!ТI>fM5@C룂PSH[#]KZRM?=־_;,8 vYx{ $, n@8NJx<\:Ԡ J̜F9lŏ8 K x:ߊRIBXpmXrlƯ6.#O3&V `MCgڪǔ/'d&p 4ORGn\]F0'B <._AW$B㞾Sxk&|# |4VߋkO;[ڹ4!#ˡ4pXSF߳iQXu&C݅l mARM^`nk26a~ˉ ( ASj2혫_qn!21h͊j2ENiBM=dȓ$pnm}{{@Kg,* @T"YV{ UJQ0406}pa5%h*D8e& e/nǷE\FXشe|=Z{*LQzB2ZKHhqSN9KС~#~fBueڮND~ p1jjrfM Ǣ夒$X\KY\=m!xR'`v1_=%sĀS@J͢uٍߧtA)3x,4_$݌A\6䨈j}&Ik18||<8lCQa͎ɞՏ6S dn>e7|tZ'=ӼteQ =@22glȎzxzVF J L~OvWb~{CSv}tGctݻ)i |)QX}}=T),% (Ȗ aPuK):^<3oBS{7r !oӰ_s\ ZԞTFF-\9Y<&+?I1 0}:]<_ޮ ۪bGRxmK53L182mD.̹3ߘq̲䭀 4n( ny4w_ڛ 1pKغ<% 3nnm ID\pMX:=ap6&6%Zs(a*mdA~ArhorEs{ۙ7Uu6ld+?+a_/f[[$^c)qÓ!ȥg [bm#v[I"OHˈ?Ї&bTV( P-#wF1Cx [0C[VK.Qm^uIq}W&]gQN\kLdFݪ#.)"(LJA\2D'/0lqއ m λ@?1|(&)(TK.(JZ7Teo`<,) ?#%3q./6+yS?\XU-lϗd{Kϟ(glv ![7ݦ$gx~;bkfZssߝKKZeEQsYn!ZJQsGeQ\U~]-3)Ip^(P]n]O%mɫIjR\7VEg0V$@oZsyl❼ь\ Vhm"q(1(pv Ֆ#@>Ҧ$?qȃW^#% #zOgb6]l{ެǓ2|t*Ka|R愶;贗p7iJ2I98h@sP۝׺ă @% obVg=AȘ> U)7WN0來e>kyDRN[rxMZŎ;DHK*?3Rc4=ˤ,fܖ*5oW^iKf ua|88D3kV*Mv4D'a9=qܱЌDTf8 :^ssje"nV7:nKpxCZy.)Ұ'uh'hGH^r7# kbYRLnJ#gHళgw-Sbrekbd9?10כ@`fVG \UbvTp\D)aķy ͬV|Hp:}Ac,&gKoisQB:Zx"=bj s.%9lƷ 5ղa-M~˓q E1 e۵WlJr;Rh.BA6_BeC&/" gaBiʵ7{lhƄsxG׻39fa3pT2ͺ\q6Y"yOZZʆBK9k;Ǽc1dgbSbG1[%K{?Nڐt#@Sg?T9SV2ЊlXy x'-s/cb)҃u82/m4qX0똛qo_Qr\r1h sp~Ɩ-=Sd)l(\ϐE1 q.j%-!?ڝ&Efyf7i&dX xEfLo'{+PaXEYƏVM;ٗBK/z{|U,T_3G.8;SF*θ@0IEluYKm8Ҡ؍`?qa}o~?Z.|L9dsB`ѣn=mg{*"~J>4o0AA.!9jO$a250o+;PIvh-@|,8Xv:N/?-ޅ$9w( _%mY0F㟋Qa<=Zi5e -b$H}nj޴'Q_<۝f|͞4<:20;fH5?죻;^~\{,|Y'^HժL 6kpA"G!F/YWɧ 0( $+%Y6ݶ;0H5t9;VtT3A?F}/xI Vi[LAA}aȨ:`Q ~hyHBC;&&B' _jj=E-c:V&#?%s` gPÐ99tʘ: MPT[/>8wh@d2 dmV\H$&Tx6Of4赝@Jl7UvYLe.A}42{t'+Y`5b׈Ap ,rD1-.S'2w뎡|У5–QQoຳ隻[ B,3ζJ@y{Pm k,R, 'Gq>3VmC GAWF`Wd܇7+\[gv:{C*/0%qS5_M&ڐr Kάas%`J# /CF@l>V`fu%Xnm@$F-X:g*_g*F,j8@xƏO0:JRVXl}Vo/4q3 Wdn z9TeR08oxb 'ZP)'=<(@{G:kV62߀Lv՗0о"'3k:l:AH(u\eݗ|'@bQf/\`R%xrbVӳKm^_{/WAgKMSހWcXşVYԺ*<6̭vg:ĺgTΒSO4ͤ͡PaݺߎfM,Oyrx_Thx^㕮(FNꊶAdظǪirx9;]>=Tտ8ȏ~Yظyx6lxjQ)+ HƷ"Ył`HϘ| x&ݪdW9,eS ۶E,޷i%Hk|ciѴ)pG/VAƴ!h 9S/|bHq]cݤbLҵ=VEZBmC'Y*a"!w7ωt NE^bv+*Sߠ&s.M<v<2++BhkG&'FUҝmU%`8Zj˺ oRQ%c:Y];LpxXZ[+$3&jYyu RBO-oZR:aZ`+~J'ޡf'Hۈ\tV[^bFׄXAd_䙿5'Waq 1ʡ9qT`VeBdpXۄ1\68/4WE=D(y@5OGRV"jٜ]=/J S˲fkfOa\o#Ac)>c|]!GxɘI2Efsq"#@l~ѩ[ C,(9y3 V24 MLn9Ez ikgOBF ٌGRVS+_P0dvk%1An-7Ǡz70sPYY 5t#cez[ݝ*A$@JzNEcd l {(/;k}i6yDZ9kp[M[BX⏺A  %tz[q">[ LS $mTyYHS6+ϧoMIvPT^ETF@S* R%hl] :>o,jEIM䇯BM`.'ߒn,Wg"&SXWB]L4(iXi}aP@T׌w@sWmiLCKZ1.9>ЯʖA;57׶M xrTYg![)i栄vuFl'4-w0'ip'AytUKz/묺q?E9J0X"C& w@BVq1!Kn>]Cous/2b;Ŭ;1SCw^@ܽ0;rSF.PI9%zr]U-Jf#kaE?jnh:J.}hv)suK+`\vBۺ0)InHtf?i6ՍU5T4`7BW;‘׹(F{trFrت9D!X8ۓOB=d j9[v V?s3DIx8œ[hz\oeUցJ tKevCHWggKV?/ t N:fs$ؓLFe7l. ]"෦ >n.`X"5RNJוQO=/Df9L$X<}C h+#%0NqBE^= ō ^~u!3._e v%*Ggk[!Aa $\_x=QAIUFG7dfT^lLdyQ0. >EJnYMhFX7q.qōsd\B).j!99d|* Gv/i>^vh#Uxο@aZLҞ U3QGS*K tW`V%!yNM$1*-v"#x jdbN^ H.@yӌ2rH ߆h5ٗժ.fw Ql"1o(Zdl&}Dg,{[i:S#>bPB6Œaƒe 嗥(cpd .N4-%]@vZB-N'Y[QQ%h ~Qr1}8\A N)gN+ z^{^}qHl4dbň)*_uǟƊX{f[/oo^ rBT?ęCu5=I%6:-'PURI`]NZyCɝTls'-TRϛJ)Sa>Uޞ۠&JnXZS4*q5+Q )@>,|-^|5ȗU4F*b>4*4-\jf.CU޻u-y 㩐elnW?EؑW{o\`^yuC|[8+2.<0N+G_Fc{/H gkJ l+x-rH:P;80Yϕ,PJ2UB}Ѥk.Z#%!3(ބsu($cܕ!|Gl >nUuҾx@ !jOfreMTqIC&Zbg $v0 aJ8 =PI^! OoڰY^j:|,#GHD@\&\i`uICTYt0N>^ gzZ%eu5XTZ` q٠VGu)P<_;!$:K-TATKϩ`'w^ Dޗ*=%z4;cT'q(cpgY@jdP}M09|nօI)WRn͋xS%f]<'fڎp/k<#OxU*LKf*'S'\͊u1'f5hPOHk> ѾUz|Xbi rR&/zN[ǩd *UZK XY5 rM~ 4dkdQo3_ɡvQqY "w[{3$`XKLETW@O Qʾ`2[[n'mv27]!ks#3U&uٓ s_xY X^ut8M;X'2=c3I#@vXr(Y!i (t{ j[&ٍAS\Cף".XMf[XU `:^ό|k?kȊ;Q)tUˑ}t|LVÙ)ګx׊7bVI`~,9NePynXFn%&KB6rb?Kv-Q/ pH57!K8@יȰ_v:FJE1ۃt?‹ӁwYEzHVc?& ehvӠ ͟9#J=mzEJܬYfxӖ4sG=S3-H-<*ܿ eSp Jh AA3"FʐQaxȶy7"Vl0#[ Nr\nH疷PӐ;X|5.FebHF+Kd[,t>Ljfn)Nް3;EH$Y}!I[ʅY8ks2J=:;|[]KGVk5-c8NKq#5cF J$?@jtYp;P/0>@zcWTh"|^MG:@(`1|.- JFA% ךZDU睞U*gW-y\q9oƣn+`Q&29GBy͸C;:{;zbM{C /^Y%@~&Z9R'MV# zUs85xuz=r e73RS ;ƀ|&iRd86nQW`7xM@ 44Ys"q3"ÅzDd`2$?L5U>]cCB+r:bnZypVt^'S%.֙pM+ZL`- g1Jy.MOIF(OJ`ʁWrd~;,M#FU 'ntxn0}9 izʠT=Lt,\FgQepYߎ+wsѪBf9qaVJ'ܡ%M&._QI02?'_-ϕ[ʆqtDFABBvvρ@"A#3+(:{AΩDЋ-WJ69@]!B(?>H-l\w#E+ ĞF@^ReeJ+c𓛲oV5|8/TeZДfJޙqd2U\k(Bߙv~뺲'~k̍iY:y 3tL_ar!WChlxwZ,\sSkG> 4H1p+kꀗ7<LިuQ0@@NG5l>DVsRVrQ_j##ܟoBA\^CS[}_Hzx"\0ЬE'HqC_O}1zEmг3 2RQ)U l/"<~hևdY:J776oVbxw-Y]Y#Eo'OlfDKl]1佖_ !=EQn@7D>?R%u 5v3.8F'W:7uGw;U}V3VF/S!T$r5޶R65pXj?kҌ}Iu\V“2Pֆqu:ѽ@jfR?xnG k2&DCj8P<5\^D q [dF@WDLq߶zbK >X_:A(9)T4sĄfXn 4nd6̴J%jMupu6LK E 3 5|l[`&HҒ~5,HKͿ;{ko[Odp/#.IXZgQPΆ$ezyYTee9L\Giie] W6jL1oaD>dUlj8Y,.}SgFqfMesqtmZ)=N pS;Ll:y7B\y2 l6>rpSuT+3-~{;T]gqI~dehEm̜}O2-e4|oeg2tF6D!#CG%WnQ7s, P]>K̯h}8gOeoNoSUhL[5e["+!{ |S^id 1n'PyEE߯ Jw*@1r#4UFT)bukО}qӵ2OyTKM= uG6jyF2N33;(}~߃KyN+0mǶ Tk0\1>3ԃoݟݴpN\|W{;KᑥǸc)1 ϙj.Dn1g7SΨrV{fDXf".dbRp>ٌ*6{LH3s4$ԙ]YDc'n>9*QW)lB.}a7f{0e·۫Vu7>e0bnIDEwyk kc}o>~ۓ)PzAk$혉줡t𕷍iEN05yْT[ Re3Pm*/LZ,ْl~A$Mh]ςu $\RH3%ce0zDGq*alZpp9cp=W+wH22V$.VZPaѧٛXsay)SK(:Uo:C`'N:G Ə4k<ħ/Ch /Z ڵ['x[Lש1ry yΡXФ1krj6Ѱ߮e1Z"gu+D-VҼxa4v0w}+?oǝ:U jAŜl%&id\ԮS6x vf@hzY: bڋFn[k7ܝDct C%S.c-l1B|{Y ])5:K1a;wlWXǿaBG3nMO`g~Hw1Rfob5˯`~=A^NrhJ"wma]S兆|oaX8CRK|̫B,eDrc ]^B (k)w6e~;3bBXb>+!,7(ys \VBSZQkϙ>_D'E~_Hhb t(@raD9vs~q# ՏZ]<>Df&e);6 M%[jyRmKݡbwbۣBdϡ Dj. ؘ6$ʚy1S!9bͮwc YL{(ڟqӼ<9I%g.>s;Az?W&ԟ [7iLU#g"8`MM/+]Ӗu7  @]̷3'vslu-'`):>4k=cVʵѫPɍjķsQhQ;2S)dm=pT S$} fP$͒,/pY.u,DNͤÀ/ K1\B'vm'#c+*]K r(vytiY(yM}KX^ ~՛ͥex<=M"k?5qtg̶S?"Em0\ZHOSK _$]t_{]wZzR3DeuB>s9ۙN,'s+$YqOؤO*A&.SEX``j˙.Ch n D:Ix _貤ވÚяbk֪I4 `n2|\{4YIɫ,k+Bh}$xeeAX9&pF[LkG3T9h<`CS.PGQ)8EΏf 򈟉1S,o^J{^o*,ucD(4:y~9], B?tҸA@dZhry wߖv+rj8Kbʿ?r<=gZ Å lu伞务L oI@Ml@hH"&"!6nE{M 9rsd䲖ִQ-(2be5$3;հZ<0SxP1 @QFCBwFYw VKrRJUfRE4X4UY :ًE+9,f 蓚nK#5%m㽄|15MtrY*o/ezS%zYOg24(\{'Kc)әfb=ߤfeɉN@ "=m83Qmѫ-GgdBt| 7WlXxB$N%MOں(Tzc0;Y?[3勳#76 >ւ7mm˝7x~;kY.t:eÑ !09BQ#BȆHVJꔜyC`Qs%# +K&cMIև#l{tFN\ed J;vgAU)؞ Y{+wW]U'OKuJ=3x tM{_b,CRjv0] [#5hL8"Ͷd-̚*TiW$fL+W6鶧>ˑ6Fm 95;e'$84xسFhTh/C<?Ժ(dT$&}3 mYpkVlӫ+oG^"XP2m>=̵hv!+f2$jGaCN\a@-Lϯ^k L1gg S|+-;~Cg2lw\ jېJa7DP%ƟwHNsJ*Rк3hBiPhͤ!V? R(A7ZcUdPmKgQϯ_諘9zTXx:V&De.͒T3wқ/Neθ|vN1*X;}j`ĸ>VYOox҄3A.T>t wqp\^(QDbWÿTث;I5%H,b_L+KZbŔNSXjm`< ѭ3Ҥ|oˏSag|J "@t`PFK+*g>< lG#bƔ͟DbqE% e+O8 98CFH~Bzi4D,GfI_BR xG-*^ar0o*=moCς&(;:.%6r D2L*q @uJ,bt=H7 v۔mu슝B726絒ƹgE/̦j%.`auت8mwO.vҮrunS~6oEaYHºYkcE]\26#MwIG]31l6I>|etJd$Z̥HeBkK"ՓzGMOt-iC^ګd"=ҝv! dEzo[uiB^=jBvGXSXD<Ņ^NءҔz\xsp6x}AFKǑfa-Q7e|$zA*T3jcMOOJBg8%w6uBC0[D(aBZms})r7bQRHH, baipQI1D׬s(WP=tTXJEt2 KޙFT^Sl33VT%z.j1+Ws3KQ{ %$?tM,3U2URվ"sw͵äNK 7jgBVm'*&gz5>c6K`g,I&YNPO3$Iarfu^> A  n6p{oڠY ɐF<.1O4q3ֹ诱[ca2A e=h阛vyd,P1؉:O,n'bxqe侫MSMk1wi4]X\?Dqbߡ!EH1E5Ҭy;y"r^ )X2 V*)'K0d>}BO$\ 5|,/ $D V\^B8z/G@a5" :aDh=矯4`plv\sg 0xF<d^Y4nNV ZO%LeەOy0&.Zo1x`\wdUfZ\b!G42-CxC OC}:ΕT#uїQ.JLl1* j'&ς)v }Ke%| 1C*!C/` fJa6͠icYѫ񸹏ΰ;:#G4K˻GDVjvsggS,tsOI\>B7#Jl8c=ƏKAXwߠ54CG + ``ZTq,PD՚~fbh+\H41ieܣb.SŒ/NퟛQ24cNeȦU% nVb-vJz8%rMz%*"IJ-( Zt;R >5ycE|ݨj0vd0=P!:dOb>o2S>핁_avQ܃Q5&YYqh4yq ˦w Mbd~ܰsyD֍/(nN"8t]DTT1utOZc:3V24EuJ1k8 lA嶲ɛ E QspyXOpCz۔{:}\iG깉տ!@KN:ÌjFw12)ݹmkiM; lGz`KQ zeii%wjSjP[tNp=9ԯS[cտ -4l;3+x<^hr@!8 }}Or8v+3ŗ}Hi#ψpM^;ud->{UoTkp'kMuxFwx=uKhWADHԵ9VȻ=m9 'Tֶ:lOr79=ee#*87AMA'Kt|8!E*hʤ8FNdz:~1$X@ `Dp@Hn f^eI`q"\S$/S怸̩UZE H)H&doФSI+k'9@IG)kK0bH9F7d.c㟆M؝ y /?xwLC_Jho{̍Oa]46^|p/x~ wdG;kJ"*0'z ȵVX'R4^(U+ĖC*IT{uyu:џ,%HD/ZGdĮ.gfN[',,4㰞wRjuҡ8׮U;xA V{Wy$C^Ve>&/mJy?mjaI`u3-dlt{OO7P&OY!Hofmʉyʆ}$ U"xJYk]zfIS3;Y8/aWknsqZ(8t5Lv\l}:VET^ՐƊT (z5ۜ\y$vTO/1*$I\*t)(-'"R6O.d%sX bM)|ϻRjƒ-^{;hywY탕Q1iK w 5Ρwc%#O.Ǽ\mD{'Pb# x@]b#6xjeq![P*i ]O{mFE)ǩh}x]_gs:!{xJsT0^ FԚ^Y #Pr:j#-QL֛QGZːoXIU07ZͰ HHWޟ'tۼQ_wc'y]άMvW [-;hЕLo@]à ̘Fc^;2=T Ð"*wR]@)ӹSS_3OȟV?F$R uOQZEK׀04g0Ѩpý MJԾH>v"ľSK}BQ*S៓xf%* GWt&GǞɴpO@rn-&Z_BmֳHoiᦵ-n#2/|.q8isאtNo\f0,K^`Qa%z'P͸˝0J0[[zLo4SVqs$V$)j͎ WQ3:;5:/OCb 沧\h xtC:2 zqAٯ;h=j919$31DӟLh:#N}+kQuKIXs+>\B0]ScjmgR]Rofw9h% @9>.y͡ìq1@և/qmT,ᶿLAw0n 7s|J\s9\),j1m^DM+?=Ó-FƎj dQV=4G+m*D*a)׫@7,GJWlaDmG֒r%OwP[4;0&n53p 'z'rj<&!|}<.vtAKk澬j'OY Rٕ<伄\3w*dmPEY (nt`CjolŇ2"Zn2+cwX$:s,;tuGpxFp+ Pc\S*}č +J>'wlGeʭ]o|wOR3, :.liP7Ϫ >TKLY'yrx<(HXJ:= c Tzbd&Yh?<΍@*XKsڨ5G}i `j#=E#a$R ?}h|ݓBt`>TQ0یe,a=ȐH+=X1XC:hIDQ{e3m 󺈚3Ф dmJUќEQ}S ZR`d/}Yk >˻,ƸR~FES XZ('{>QejAL}^m_(0Ɵ=JG'w<+!E0W*ty@3v$]]KGE<@F4̺ZD[_k*`z6qf_1{ocKd3bZTdmuئ!KYv˝+3!]E@S@Hy]6)k@GM_l)"P{sCZ AMuF/^W r"v?~gUPJGU1Ov"?|L?FB=@,.u+pqhDO!uD)?S.uP< )ߓ.(3yU(WSo&wA,aKy=ʶ}6D*iʹ2n0_`y*|XM#*u+N7"Q(VoɗaQQF#JCpI }b =b_8E}F rcS zea{08Α\'4a)YHH"9ES~ z1Z#ÏX4K3F2z]*ð?2L(U*%n]]&t7c Nk yv?ɰ.1Z2'Ra[#;Ɂl/}F4]PO\X۔9EJͿuЊt0<& wyeH?>o Pf6<KLa~CmCQ39N` J6.s0݉v+p6,Cj2 6+mk%s=?8;Z Izwf} EVܾ1cbO$w7(> RwO%qc 9 -S2_lt3ـ {rD/J+㯅jb`xMk$V( }\0X(*!HV>EqVY Y"( $zMzk2=fXQ@(R M2eto?b))X}X39,ޡ0`G` 3Po}|mUOaʞ_rE'U5KL(6 8*a#G8b*V fǡ5hABW9E9u4~CWQW^1"X^Aw,ԉ^Uu\T-`P!U#g-7eK uP!k:Ⱥ|~K0X}C'Z4{\-2"=e{sW=ߡix*ቩ+}J3/]lǏ"#YNS_l a23d~n)fC۸I UQBZOG Bwݧd![Fxjp2kO6L8pY.hJ`o;e۔a2TOsÌ9c?ɚ_IHd- lm04UaY{u>YyʇwJ 2r N=ՇJv~4{c:+kD鮈A=BKbMOIy)/fd(/2Siԝf=ȵD?ǧPT\j!kxG0扊"BQ+;n*JL7Rjn7lQ-Żij4b ™ߨuתK2KJD  n͛2W] tȮm#,YWb.aT"]29& i>ddΙ6|}0+D<Ũf<,S }$v}*I}*-J2֯š>g: ԟUT6A3%)]Rj7Qn&j5)k7pZM=UN-$&9GGl8V3k^xZ D|[2s@ڢu`?F9Kh_% $7L/s=/ñ!้P .@@նf \o%/,^fwUEJ J/?;;a}č@p9LP -II< -%v9ef$(Z8\z``p>x4%-҅e%Hƨ֌ĸm}#vt^Gux_SZ7 9ߧ*N3\ͩ,bU7sΡğ#cc[:V~uSFkؿ@yV(-Ώv#]np޺մT( \~QYjB ZfIن %5tX&KI;DW;qM\ 2LsѠ|&(e1&5Ūfc&Ӡ{%'t7SmV8{R@㛋 r A+ V.B7脱D,3|0l~2Im)3{dlgO+@ . ~zҰՙ[ϒxS- uϕhw¬t*Ƥ8tKCpu{JȏՉpZ;tg=N`Tt$,Ս;Ii$"FB> c-zb ۽kǃkvһhގxndVywL(h.GoU3xu}rD+T(7(-~Wj`x6Kk qAEn ͏ uwA}A8E~:Sf.8+! #I-պ YDk'97α}VmP5B@,,E/CFqÅ/Lxq߫kڻ`ޟ8)cPPucW[u* m-vDϟWwi\ؖxjѩ*+ڱy/)#FJ]Aa9ݱ,fơaόUm|QWr ` 1)ㅢ8 ސW/luU`nf:%a!}x@߮)fx39 fK6:cH8[3?3X7xՠ8b&2D(#{愮ʤ#e(? Z,>ٽ|ϥ]t8m3x.\\s{|nミWp="ZR- s ss9] bA<:qDrJ1%X+ )mt`J(n݈avO @oI ͝PȒbjۥ^L5>ؚ ]mfomðQƊ΀ ^ G/*d{rRcyZlMT5$h G5}0!*=qeex; eS_32F) 'U8Pȏp}w @DruT<:!j0C"~U-%l>(e@^G)bK2} ?y4k=BHl Fz@4 E>H vU$dGLm},l<3;<g@{o[!BgP~J_M TJȝ-\HߤXCy4ڢXwɱlLGdL Y-sؽ'"-IXehў$g`-C۠9a9'֧%.m _=Vt(FXb, 4eh ):y!%CΈrdT5=J?y<"N/sEDlsǬ,Rai-c/ 4Ɩc&ʶ[Ɠ?24W!3mx3j)YV ~+N7e3 vlXKX]J{Rȁ2bJ^BX6+&%Ff;9&[wl lB'mF@W\0}pƠ@.Ey~]OÎ4.LI{>xfqv`)+f>̊Et}!g^^K4FS MSr_L[zW#O0,sAn.LܪjF@ɓŃxS쌗oFZZ̈́0>޺Qݸ2@eFPEȏjp樌Brh͇{:ן@Bi;}4<3B_z~&MNd]ĖY2,BW0*QSqQ( ]gl9{Mr?J•L]a2L]|Ý:vl팻r:O[*]ehP`ۼ&z|[Ҙ})U CH¹JDeuC~əPRtSD,93/JuV'=kXقeW$ 'HvvuBÚL^S >Cs>&&6N[hD˂U-b4; &G3KJzޜ>vk?ϚQ۲u"tȢH]h/H|>ʷXS}%t˓we{)?1TrQ{Ail)DGdVhx$3r޷-%^BvWDt#Gdp t66.+hbhe*EBZSr:f .z_}3=$)$%;#Ty~ٞ+1n|m3(\ݻ'O:e MΙv݇+~{'>1:݃ޠBI0$J 7_΅,ɍ6jR'Zz7U݇jNtȴr0Y[ jS.t3 tY%۱-- %[L9Eg{PaA>600t|<.b Y$jˑ9l7 \}٭aM]ĀE}y:"`,lzthJMdEIطǬNwG  EuyPf8cY2-0k=3JGoЋ]8P$*le ^@BM Rjg/P7 \,L n>mA3|t\?Ҋ8d5soGa`*z&rEk M9]p@gpFP濼4dOrHhXw:=sd bM25o$tыB[hg4$R9 S*XAX , Fb*XK9] O<[]\?Ÿ,.t㚋1Hڦk TЂ{^ޠ$/0YޛTcoOMlbkdXC+wHQh0hübPTf=l?2酘OI\搂fM r}&*ߌn:=e=\̌,Ce4aN0Dr&(ϥB>E}US&ɐ 4 kpdGzk^!ѿjF Pg\%0,H1}$#ՄWb$-,m\%[5,%x=eéܤ^=)?:^y?gz!q#E Wθ3G"I]SrG&qѶ0'eCVx}Y?O)K!aR#Boi!qAyϝF2Q_6Y;UQjJ4=? vj $gHpG+& Ck(&m^[20 +Q@9ee/Ǒi"`{ӼuWXWd.zy LJP.C'Ce(-_YYU{v4Ҹ%\ PܭSKK+7Z{.6!CM! &Sa݆{%uYt>L_L]v$9MRi[ |jZ2f^lE`ދPUT0toL5VFe{żND&562Vl8>~3I"lz}כnҪUFUWּ|'sH(_zE.|~h4;V .Zo$5ӂK(wa =yk)4vVVn/`WŘזq$Y%)N0\c(?Oٴc#pR'S\xIjUF$^bQ]nyl q 1㯚`.1@Gu!hszfǬqz;!b6iá'rO=]K K?QٽQVfjlw)sW}6#Z&~t5ܧ6⺱\׻-I,A;U0Cs ޠǶ/P\c]ɖwS LJmEKdlvb&ӣ#Y-8>bG;AL}cuK 7I\rJkO3δ|=OZ<]Zl迮k'dn%ch 5BQJA0_ӄ_ `nJNkdSS9fUݦ!bKIJ#Y*|Jwtjޕrಛebڍ1O1DɿrqMu."P}Lo@e))Amoq#$-Yd,AjBv5 Ph$^lqfٰ}<3 j$3!銁8.ƩV @U~ٞ]|K,Es;Namܹe2nv N\(TO+-=>YˣşbqXWсnN\UWh0ҷA/h Hz8ȺgҥjВ̘uu7ne8t7rTN=~3"\h~X^>zBꖚ]b /Y9/CT~^.Uj4:"E)7Y3SNH>NTJq{d]+dOT4f7t/CJQw<0Dv: {vjˈۢ?:cnuȀvzܞdI&:R\"!o΃X ZT&H̥S>t%\O7ƎOؗ Cyv@bRJBvYgJUh)dZ~rQy 3YC7:ĬԒ5`1x _j#5Wi`@#42Cu/cKS&#BG-EU:D83ӵ(ʉ鶉"#y~8QZM4!k]S;k.xzK) `GlK)8Genфޛ"oyҁkf[E@1E{ra)Ţ G95eBq<w6WE ^SFrQ"zӒdUN^F#,bOtZu ,e$H "m=8<w-̠zsMz= |h_M TQ:2$$^ AGmJ:w,5;u[93U\_QtnU"K@ޥGV^x%M!6qUw,4 }dRtV$G{.`gyd9@#3h+$cII!%:kyϝjN1J֞sɠ(ʰ^wиbi8pH p59|Erۓɩ|Pz #@FȠ=OM^v/9^b^{G]~%{B d,ŦR":}Zt4{(X`֖d 9l{#0F'g7v2,$Xc:̽"8}!wH+U@*XdKOɘ3 lMg߶6כB.?T%wXŦ5C1Z,(hYkF@^3-o+e }:y5q4o }}7'IX#U-(:1gIVo  4tnBRwb5S{:B&ixb烨SQT_݇`5!./Wm@y 8[4gԇL."N (XkJ-ݴ~/,7nv4T$ YLOLf/LQhurn'LNʃ\/eĹQrZzWځ^ c >ݨ& KXAU%\b"r=˱h ŽYԾO1hݭ?ąn ̅hBvMN*꼗to8O:O}.zy0vʆ$ã\`(=3a<]q";H7q7#4ӻA?'+C\1?)yGu*Ff?s;aUܵi6zrh5_:9]ȔtЅҪPWe"bkcv.ЫJHd2r1_ ؔ橍 BSt ƑMz9LcYn'$F%ePGܥ=+yFI+e:K?\=AOh-i\_z7=F6Ge]j(Oo-]d7lLѴ B0o1=5ҌjﶋmQu>W^H?iQsצD%3Txl: F+WM,"A׮3QuUdLD;U]2+x$D2r|}Sf(.^AW j>in f1&ru0e᳤^954EuBׄ]fY"›OU7L=XX_".ThqRZ>cw/iX4lVVBp|ԤȏiWf6Wл2lmLiWQb+/ M#ΦNn3p,0 ~cd2WlJ'滏xO=ad#*(ڕk\SjM4P 3cui/L+K}nS&f5ړR( ֘ AhV| M@I,c y^y ЗmqeV=݂?Vsb@ r r|h__OCU~| `SA| .Z*8R_)u4wYa6}If&8ztM\XS\)7໑q_ߐE9Ƿ]Av}\iVf qDLkRltA[g ~qPm6 ę\eYπHL=~8*;.ww~Ci[gM/Gy)joJby9@ki*7 8Ҋ u@C`A (CRJY9|VՉ_mG nG Uxf<}GGͫ㿝D}Ѝ/`|2MH( VMdJ" ;6CJ"4џ(`DtB7?fg-75@dB!Xȍ@W`vw?9+>eFﶘ~D[F6aYmoh'/1B^~.9<6{v> SM#ՠj꿯}y^6m*{`O R;!~\wRQ!H.CȾ":W.%Og oVzXQF/:*A+@ۜ=?$q{N&)/0B|&FU*Zo8w{#%w.5%OM^b9SŨ_$SU-ڢY?:Kv@o$$oJ tYk̄)|$bǡKE/Uݸ{I{OiXptF숝JnB= 5UEj.ńK,KxN'y()h6HBz&r:45cDf[ta3LOq\RHKs/vN.f{*."3 ObSj {xD+suJщgs2>a^% 4h*xQ rm0(8PnRI56+xU B;?8AC": 2SdvC,!  -.m _V骬y(,R],L޹])d;i?K'h.'hm&7ÏG><0V'dl{z;${НWd` H^Tj .³C+?x_,Fb.Y羹5Ql |RYstbe}x,uё7%!2U'jQ2ӊYZkn+a0kCRѡ TmYy3f)ĕgK>&Ӎ0~AC*U' k9ms f,>cg:!U&-mtm\(Dž)U3ڃ)d<6O?LRSY{ܫŚ;`"ކlsЅc˥!^F4tA~sLh`Bʝ[ߚMjF^3Jz#0'x=/M#mx z.ʜ!N3 0d&@00teV,ݷ/(Ξc }kڃ"fL&pNis SQg'jLX/T-T#ˠH!z:5:bgMt`χ*ɵEk6 6|#%FDd;ycʪlé0}_5I$4&Ɛ|rapPZ/.n͔c۰44rvb5Pb`;^(ut75Q'Şm {2>Lճ쩂1W4' >yhubր-L-xsWXo:tV)Fv )9oAcg[>c=Yqef}UFz!d&(1K">WOJyh^&(#tPӃ龏! _CYym׻Z'EoMʴ:6>.\ 2oV4kS.sΒb@&_!(y/}Q%}fMd"IJ~shAejƺTM.̲bd]gP/ (zQ~!_*_jii10&xt7B]L'tB!Y}NwE*@nhA@'襪Ԧm٨#պ+,W]Ӑz5.Fyk`CM9>4 b)܎RkUxB!{Ff`9I4ܸ<LOty aʪY_]=AGS !$Ϛ H'u!_w5 >wT.K(uaY[sDS{H53oS|fn_s =>)K Ms4Y|$٬IC9-bPg᲋2)Հ@%u~zptr.<> I{K8kzx̯:1P+i.NonPw!֭_*Qr8P0=1!RU䔥[x-Eӏ[<9ܒ !Nm}ư!U#ˊd+H$׽t# (%0_EnP_P)=CZ+H \Pؓ^K_olJO@0DPq嶹8jW:`{^4߉$Y ',L",<}pZMM0鲙bCUI~l((?8iQ>3]v5lo@/W}YXfG Nk]do!м_ 56\Q0v\.x@Fh܀ }/-&%&YWߥc+oH0Hj"6k }XRܣ'qtk"$kCCU sǬD3B9ՐʵYkv8~ Zְ {_AOc^+-Q "Pq1c`H]&Ǐwa_O|/j4\%3ֈLˠioQc3e|jB*P Z褓C)Xy&ѲMSAlU ߕ.UdX{5*jxXh5$q[GV%ʐYz~Kz~!Q^_ XP5Vc` SO@K{< 7Wq%/tsəRQbOj$tȝM<ĵrKEft0mtC(0InPG/SxyܛcsѲ W0Kt^vZ@>d'\]f p&[j"C uml_):zQ[~eNڣImzyQFmm7@hjWLEYΕc&]cqуPT5%wk٬7u?V$N};Kj 2ɁfMaވ2= bkX3jz6GwQʸO^Hvr+L"Nw?pyJ*6wi,_AykX6u6Epb h*uꄄWq\8XVE/D2D+(LR6]Tohi xc?v޵|+c̜[*@$Bf?~P/7GQ!`5!X$5nq? r{D'k^)kb ^,<C9Ucp3/u[IWҷ(iĹ}.N?wsǣe{"^>1k1, 3N3"Xw6YW@b<5,$i[AMƄ<4N{^NKhk۔,/I Ը1W[Cnܬo@S G 77u=vgj9ݖ,a6溣[*e9 `(M\mB.M_4AhY~nwBMiVa)? BAI.3QVzYW NRI!lKD(<Ιi#d`Q匪S}$ {섊'O$'LmbѹJH&G9*BLpeQ10 d IܩE $LұMc?⬞TDwUm uq^ŗ<"8D~ }SsQ`9#dv)c=HfH.0܆z]pTM!F u^iZ' f `A<3b|Le\ o{z`#OM ռJ\ Ryd `H2?=#R"Yp|ExI@Io~늈󂯷!Q3Īq0>FfT7OlN2nhf#j.)gF31ؓ5N^)<~LԨ /OM;{EQv$-ʒq`7tP\v.*\њ 8'u!oMX9H*[\ѫٌN I'ufӛI3CKӔ]tҮel{]g۝T߂DeZfXO^ e<&9 :#۫KެGRDzl[A4-#"#-%"Ag4祽$$q U0eaDԂM['ʱm5O 4V3 zXhhlak/.* 0 v>+ƏbKtvΗG~R{V?Gg^ E t~[ ]@ Yl^4r EV9_эmqJq';Z }HNR~z^knMJ΢<3 m0WOnX a@JNQ 4̴aN+GDeNKʉ(9εbQGjWZ~Me`Qiom^>?F!֓Q/f[{}&&^~h*-q>1ڰ,tОyQ;16z * ,Ox4B(~UhݹBBҴBe/1-[-k7 x||ѶQNi}n)H.ƟXD6t)h2_!?5DJ Y<%36k.gkXC넥'4HPvR m?Rrw^OWiBav[^"qa %PQvd;ELz };^xL 7YZ:ӥlp]dd| 腍>]ȲGrT QE9yLΣ#?o7-6H0'Gicd42e+ٵgj'QȂ3_Maּm伎I .9CHZ{g>m2t>d i[,QOxS R8eٓи,sA3MwTO+K0 |Woo΂dc7Tʩ|95p?ՎvB *| V5t Œ`kvBVLòW#j'1$Hl{ Ҷ˫H/yt&JUr3W(y.ՔS\`ܴJ7oDt.oWUrpX6a3hwCQk Fϔݫ{CH,q"3$ < &Wj@PO{RdwrKW2RFz!pįY@? đ]jE{ j rIa~Եbz煢3??xLH'['#C-2FUIE$zOo,shM |VnGIX|~]U' $]s;>${َG!덷] 8>kw[iiA|AFE48m7DdKs.8GEbAS>;!2#}D\}33rbuYve#nHDNhy4ngV7Lsej3&vƗLrV:"< D g8R_s*3GOGzAwr=ZJ$6ۉfvF4^S6W  ;rA`HbG q}0(V w)>u DJ ;Rt{B =p,?'QZ2,??>lVzYc5zx̶}㣣 煕D'%qG=p/B\5@X2^YZ,tOA)BJ-ݒ˯Fjʿg-X8KBoDQ([ ?~6ߑd?gf0;]slspa(7(V?<)mp "zZ[Ҋ_OӭHiQl%VrZu=]idp!)TmAo Ust#eg&A$z>nP3N/xb|ݏpL)@lS(dHc6닄?? {3qv>ߞ3W9PT a.>4|&`9hôF{&%} ;7A <8-}4̅6~'._+,vtG> Bd\Aڿ:Ic)pO|z,qP)xBs (ܩV;!hZ6 #D_}W0HI'[6> Q_@qS |a!3Nb3rune$< ~ ;B @ tiX<I@\w.;Π[\ν⾰Ů3uA&4i<|"$qș:86yǞ)(z%=^ս'vrܽCy}@@FcV#X[6fg±(cZe=n [a?rx݂Oҋ1n laOp-=,k0CyE(=S 1>w/Imy,;HQ-fP*6|=OTV@</j@4@ڛ-) n#Otm5!4A smUKQQp7 /&ax#<.JR q(z?wV{!hLdS.ASnk\>H*0ϣ骑Tkвb]0YYΧ #l3 Vx/zۡ;QF)at5Ԫ+ׯTשSK5 _6:١{u:7u;9}򨑖.s+HRW}Ǧg 3T6k̦4䒈>&*Ϻ8厱AaO B` wFdϪ{v=X_c3RBWOK);|@4pb˘bNkt/٘Hsy2? {\>QӰ#DѤ9 n01I@s;2nTY?hF"31:K!hKr cʰ ZcPDo>9W(1M g.pn7R'd*H {:r6k'I6VQ?Vk?zؼX%pN.!b=\<kYRsOQ {y]RrcQ)ҿ%eCh*5 }iVaƑ*{0edDcx6 1R(;0D+g# УqqǍ@Q9iyr[,Ch`ڒU;evowi`W;JY}U&|\;[mE}18&H̹cMDp?z5ɉw>ݖR\AqlA.ix}w6Zcg25`-,~Hy_,ɜ(|p 4#^ } nVT5Y<.r#;#A/nLRTLGHX=BI(9쵭"]EĵjXQ^C} 'j YZ