qemu-guest-agent-debuginfo-4.2.1-lp152.9.23.1 4>$  ApaӸ/=„~1T!}!{9ya%U+ lhӠ b!9bh&LFA \h ;^!&U\9"r[:P͊C9\eVݷ݀,0eK^ @e}MjZ]EKObTQaPXfKxd̏[W;02_A[GhIPZi+0dzwfP(URU4497418ae2181cc1898ba49ed72f742eb53035adb27890e92280d650e61695cd7303c5241cdaeab4d36e74cbaf2e8497055b1343KaӸ/=„s.H%禳dLp@ ?! . ] $7@    ( D  ;^~(839 3:%<3F%G8HTIpXxY\]^bcde#f&l(u<vXw0xLyhzl|qemu-guest-agent-debuginfo4.2.1lp152.9.23.1Debug information for package qemu-guest-agentThis package provides debug information for package qemu-guest-agent. Debug information is useful when developing applications that use this package or when debugging this package.alamb14 openSUSE Leap 15.2openSUSEBSD-2-Clause AND BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIThttp://bugs.opensuse.orgDevelopment/Debughttps://www.qemu.org/linuxx86_64L AAAA큤aaaaaaa`bd56afd4f6aa6c37ad9e78cd1e147bd422ca0936c7219dfc3509a20b16039761../../../../../usr/bin/qemu-ga../../../../../usr/lib/debug/usr/bin/qemu-ga-4.2.1-lp152.9.23.1.x86_64.debugrootrootrootrootrootrootrootrootrootrootrootrootrootrootqemu-4.2.1-lp152.9.23.1.src.rpmdebuginfo(build-id)qemu-guest-agent-debuginfoqemu-guest-agent-debuginfo(x86-64)    qemu-debuginfo(x86-64)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)4.2.1-lp152.9.23.13.0.4-14.6.0-14.0-15.2-14.14.1aUa@a2@a $@a`@`@`@`@`` @`@`@``@`+`@``~@`y|@`x*`dd@`Gc@`&m`"y@`"y@`@```x@_cO_cO_a@_`^@^^^@^^@^1^@^@^^|@^y@^t@^t@^oj@^j$@^Nt^M#@^9\^8 @^0"@^*@^*@^@^@^^g@^]+]]]e@]@]Γ@]X]@]µ]]5@]W]]@]@]@]?]x]rJ@]rJ@]M`@]J@]Ik]H@]9\\F@\Q\Q\t@\ޢ@\ޢ@\@\ڭ\ֹ@\g\@\!\Ɋ@\\e\\Y@\o@\n\f\ac\T4\Q\J@\@n@\=@\@[>@[>@[o[@[[ @[ZnZ@ZZZ@ZZ̧@ZZZZZw@Z@ZX0>X%X lW_@WWv@WWίWW:WQWWWWW@W~W~WWzOWZWZWQq@WN@WN@WF@WEW!@W!@W@Wo@VbVV@V@V@VVuV]VQ@VQ@VMVMV0V&,VVZVZVZU6@U5@U(U@U@UUlI@Ud`@UT@UQ@U@U7@U4@U.RU-@U-@U) U'@U&iU&iU%@U%@UUU@U ]@U T@TTD@TZ@T@José Ricardo Ziviani Lin Ma Lin Ma José Ricardo Ziviani José Ricardo Ziviani José Ricardo Ziviani José Ricardo Ziviani Al Cho Lin Ma Lin Ma José Ricardo Ziviani Lin Ma Lin Ma José Ricardo Ziviani Al Cho José Ricardo Ziviani Bruce Rogers Dario Faggioli Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Lin Ma Bruce Rogers Liang Yan Liang Yan Bruce Rogers Bruce Rogers Bruce Rogers Liang Yan Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Martin Liška Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Liang Yan Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Liang Yan Dominique Leuenberger Bruce Rogers Bruce Rogers Dominique Leuenberger Bruce Rogers ohering@suse.deBruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Guillaume GARDET Bruce Rogers Bruce Rogers Stefan Brüns Bruce Rogers Ludwig Nussel Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Liang Yan Bruce Rogers Stefan Brüns Liang Yan Christian Goll Bruce Rogers Bruce Rogers Tomáš Chvátal Bruce Rogers Bruce Rogers Andreas Schwab Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Bruce Rogers Guillaume GARDET Guillaume GARDET Bruce Rogers Bruce Rogers Bruce Rogers Liang Yan Bruce Rogers Bruce Rogers Liang Yan Bruce Rogers Bruce Rogers olaf@aepfle.deBruce Rogers olaf@aepfle.delma@suse.comBruce Rogers olaf@aepfle.deBruce Rogers Bruce Rogers Larry Dewey Bruce Rogers Bruce Rogers Bruce Rogers brogers@suse.combrogers@suse.combrogers@suse.comldewey@suse.combrogers@suse.comldewey@suse.commatz@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlma@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlma@suse.comkwalter@suse.combrogers@suse.comlyan@suse.combrogers@suse.comlma@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comjfehlig@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comhenrik.kuhn@origenis.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comjfehlig@suse.combrogers@suse.combrogers@suse.comschwab@suse.debrogers@suse.comschwab@suse.debrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.combrogers@suse.comohering@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.comafaerber@suse.deafaerber@suse.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comagraf@suse.comafaerber@suse.debrogers@suse.comagraf@suse.combrogers@suse.comglin@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comagraf@suse.combrogers@suse.combrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deolaf@aepfle.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.destefan.bruens@rwth-aachen.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.detampakrap@opensuse.orgafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deagraf@suse.comcrrodriguez@opensuse.orgagraf@suse.comjslaby@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deagraf@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.dempluskal@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.de- Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713) uas-add-stream-number-sanity-checks.patch - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748) virtio-net-fix-use-after-unmap-free-for-.patch- Add transfer length item in block limits page of scsi vpd (bsc#1190425) * Patches added: block-add-max_hw_transfer-to-BlockLimits.patch block-backend-align-max_transfer-to-requ.patch file-posix-fix-max_iov-for-dev-sg-device.patch file-posix-try-BLKSECTGET-on-block-devic.patch osdep-provide-ROUND_DOWN-macro.patch scsi-generic-pass-max_segments-via-max_i.patch- Fix qemu crash while deleting xen-block (bsc#1189234) * Patches added: xen-remove-BlockBackend-object-reference.patch- usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) usbredir-fix-free-call.patch- NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) esp-always-check-current_req-is-not-NULL.patch esp-don-t-reset-async_len-directly-in-es.patch esp-ensure-cmdfifo-is-not-empty-and-curr.patch esp-ensure-that-do_cmd-is-set-to-zero-be.patch - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) hw-scsi-megasas-check-for-NULL-frame-in-.patch - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) net-eepro100-validate-various-address-va.patch - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) hw-usb-host-stub-Remove-unused-header.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch usb-redir-avoid-dynamic-stack-allocation.patch- Fix for bsc#1187364, CVE-2021-3592 and Fix for bsc#1187367, CVE-2021-3594 and Fix for bsc#1187365, CVE-2021-3593 and Fix for bsc#1187366, CVE-2021-3595 Add-mtod_check.patch bootp-check-bootp_input-buffer-size.patch bootp-limit-vendor-specific-area-to-inpu.patch dhcp-Always-send-DHCP_OPT_LEN-bytes-in-o.patch tftp-check-tftp_input-buffer-size.patch tftp-introduce-a-header-structure.patch udp-check-upd_input-buffer-size.patch upd6-check-udp6_input-buffer-size.patch- Fix possible mremap overflow in the pvrdma (CVE-2021-3582, bsc#1187499) hw-rdma-Fix-possible-mremap-overflow-in-.patch - Ensure correct input on ring init (CVE-2021-3607, bsc#1187539) pvrdma-Ensure-correct-input-on-ring-init.patch - Fix the ring init error flow (CVE-2021-3608, bsc#1187538) pvrdma-Fix-the-ring-init-error-flow-CVE-.patch* Fix intel-hda segmentation fault due to stack overflow (CVE-2021-3611, bsc#1187529) qom-code-hardening-have-bound-checking-w.patch- Fix testsuite error (bsc#1184574) * Patches added: device-plug-test-use-qtest_qmp-to-send-t.patch qemu-iotests-qtest-rewrite-test-067-as-a.patch qtest-check-that-drives-are-really-appea.patch qtest-Reintroduce-qtest_qmp_receive-with.patch qtest-remove-qtest_qmp_receive_success.patch qtest-rename-qtest_qmp_receive-to-qtest_.patch qtest-switch-users-back-to-qtest_qmp_rec.patch tests-add-migration-helpers-unit.patch- Fix qemu crash with iothread when block commit after snapshot (bsc#1187013) * Patches added: blockjob-Fix-crash-with-IOthread-when-bl.patch- Fix out-of-bounds write in virgl_cmd_get_capset CVE-2021-3546 bsc#1185981 vhost-user-gpu-abstract-vg_cleanup_mappi.patch - Fix memory leaks found in the virtio vhost-user GPU device CVE-2021-3544 bsc#1186010 vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch vhost-user-gpu-fix-leak-in-virgl_resourc.patch vhost-user-gpu-fix-memory-disclosure-in-.patch vhost-user-gpu-fix-memory-leak-in-vg_res.patch vhost-user-gpu-fix-memory-leak-while-cal.patch vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch - Fix information disclosure due to uninitialized memory read CVE-2021-3545 bsc#1185990 vhost-user-gpu-fix-resource-leak-in-vg_r.patch- Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591) * Patches added: migration-migration.c-Fix-hang-in-ram_sa.patch- Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574) * Patches added: device-core-use-atomic_set-on-.realized-.patch device_core-use-drain_call_rcu-in-in-qmp.patch device-core-use-RCU-for-list-of-children.patch qdev-add-check-if-address-free-callback-.patch qom-make-object_ref-unref-use-a-void-ins.patch rcu-Implement-drain_call_rcu.patch scsi-scsi_bus-Add-scsi_device_get.patch scsi-scsi_bus-fix-races-in-REPORT-LUNS.patch scsi-scsi-bus-scsi_device_find-don-t-ret.patch scsi-scsi_bus-switch-search-direction-in.patch scsi-switch-to-bus-check_address.patch virtio-scsi-use-scsi_device_get.patch xen-block-Fix-removal-of-backend-instanc.patch- Fix out-of-bounds access issue while doing multi block SDMA (CVE-2020-25085, bsc#1176681) hw-sd-sdhci-Fix-DMA-Transfer-Block-Size-.patch- QEMU BIOS fails to read stage2 loader (on s390x)(bsc#1186290) * Patches added: pc-bios-s390-ccw-don-t-try-to-read-the-n.patch- Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380) Drop-bogus-IPv6-messages.patch- For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975)- Implement jsc#SLE-17785 Host CPU microcode revision will be visible inside VMs (if the proper CPU-model is used): target-i386-add-a-ucode-rev-property.patch target-i386-check-for-availability-of-MS.patch target-i386-enable-monitor-and-ucode-rev.patch target-i386-fix-TCG-UCODE_REV-access.patch target-i386-kvm-initialize-microcode-rev.patch- Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979) pc-bios-s390-ccw-break-loop-if-a-null-bl.patch pc-bios-s390-ccw-fix-off-by-one-error.patch- Fix a case of PIIX southbridge state data not being migrated. This change requires the equivalent change present in the target qemu of a live migration (patch is also queued for the SLE-15-SP3 qemu) hw-isa-piix4-Migrate-Reset-Control-Regis.patch- v6.0.0 qemu is about to be released. Add comments to the in- package support documents (supported..txt) about the new deprecations as of that release as an early head's up for qemu users. These deprecations include these command-line options: - M option: kernel-irqchip=off - chardev tty - chardev paraport - enable-fips - writeconfig - spice password=string- Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) sm501-Clean-up-local-variables-in-sm501_.patch sm501-Convert-printf-abort-to-qemu_log_m.patch sm501-Replace-hand-written-implementatio.patch sm501-Shorten-long-variable-names-in-sm5.patch sm501-Use-BIT-x-macro-to-shorten-constan.patch - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) hw-xhci-check-return-value-of-usb_packet.patch - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) hw-ehci-check-return-value-of-usb_packet.patch - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) hw-usb-hcd-ohci-check-for-processed-TD-b.patch - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) hw-usb-hcd-ohci-check-len-and-frame_numb.patch - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) net-remove-an-assert-call-in-eth_get_gso.patch - Fix infinite loop (DoS) in e1000e device emulation (CVE-2020-28916, bsc#1179468) hw-net-e1000e-advance-desc_offset-in-cas.patch - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) ide-atapi-assert-that-the-buffer-pointer.patch - Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) memory-clamp-cached-translation-in-case-.patch - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) hw-pci-host-add-pci-intack-write-method.patch imx7-ccm-add-digprog-mmio-write-method.patch nvram-add-nrf51_soc-flash-read-method.patch pci-host-designware-add-pcie-msi-read-me.patch prep-add-ppc-parity-write-method.patch spapr_pci-add-spapr-msi-read-method.patch tz-ppc-add-dummy-read-write-methods.patch vfio-add-quirk-device-write-method.patch - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) e1000-fail-early-for-evil-descriptor.patch - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) net-introduce-qemu_receive_packet.patch rtl8139-switch-to-use-qemu_receive_packe.patch - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) cadence_gem-switch-to-use-qemu_receive_p.patch dp8393x-switch-to-use-qemu_receive_packe.patch e1000-switch-to-use-qemu_receive_packet-.patch lan9118-switch-to-use-qemu_receive_packe.patch pcnet-switch-to-use-qemu_receive_packet-.patch sungem-switch-to-use-qemu_receive_packet.patch tx_pkt-switch-to-use-qemu_receive_packet.patch - Fix OOB access in ati-vga emulation (CVE-2020-27616, bsc#1178400) ati-check-x-y-display-parameter-values.patch - Fix OOB access in SLIRP ARP/NCSI packet processing (CVE-2020-29129, bsc#1179466, CVE-2020-29130, bsc#1179467) slirp-check-pkt_len-before-reading-proto.patch - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (boo#1184064)- Added a few more usability improvements for our git packaging workflow- Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) 9pfs-Fully-restart-unreclaim-loop-CVE-20.patch - Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) block-iscsi-fix-heap-buffer-overflow-in-.patch - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) net-vmxnet3-validate-configuration-value.patch- Fix OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch- Apply fixes to qemu scsi passthrough with respect to timeout and error conditions, including using more correct status codes. Add more qemu tracing which helped track down these issues (bsc#1178049) scsi-add-tracing-for-SG_IO-commands.patch scsi-disk-fold-SG_IO-errors-back-into-re.patch scsi-disk-set-default-I-O-timeout-to-30-.patch scsi-disk-trace-rw-errors.patch scsi-generic-check-for-additional-SG_IO-.patch scsi-make-io_timeout-settable.patch virtio-scsi-change-DID-TIMEOUT-handling.patch virtio-scsi-trace-events.patch virtio-scsi-translate-SG_IO-host-status.patch- Use '%service_del_postun_without_restart' instead of '%service_del_postun' to avoid "Failed to try-restart qemu-ga@.service" error while updating the qemu-guest-agent. (bsc#1178565)- Re-sort patches back into upstream commit order, followed by our private patches - Minor spec file fixes and changes- Revert meson build file back to Make.obj (bsc#1179719) Revert-meson-build-file-back-to-Make.obj.patch- Fix vfio-pci device on s390 enters error state (bsc#1179717 bsc#1179719) linux-headers-sync-to-5.9-rc4.patch linux-headers-sync-to-5.9-rc7.patch linux-headers-update-against-5.10-rc1.patch linux-headers-Update-against-Linux-5.5-1.patch linux-headers-Update-against-Linux-5.5-r.patch linux-headers-update-against-Linux-5.6-r.patch linux-headers-update-against-Linux-5.7-r.patch Linux-headers-update-against-Linux-5.8-r.patch s390x-fix-build-for-without-default-devi.patch s390x-pci-Add-routine-to-get-the-vfio-dm.patch s390x-pci-Honor-DMA-limits-set-by-vfio.patch s390x-s390-virtio-ccw-Reset-PCI-devices-.patch vfio-Create-shared-routine-for-scanning-.patch vfio-Find-DMA-available-capability.patch virtio-net-fix-rsc_ext-compat-handling.patch- Change qemu-x86 packaging relationship with qemu-microvm from Requires to Recommends- Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441 bsc#1176494) usb-fix-setup_len-init-CVE-2020-14364.patch - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641) hw-net-net_tx_pkt-fix-assertion-failure-.patch - Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386) hw-net-xgmac-Fix-buffer-overflow-in-xgma.patch - Note: v4.2.1 update included fix for CVE-2020-24352 bsc#1175370- Add infrastructure to do package splits when split-off package isn't required and doesn't (otherwise) include any previously installed files. More recent versions of qemu have split out non-essential functionality into loadable modules, so we need our packaging infrastructure to be prepared to handle that.- Allow to IPL secure guests with -no-reboot (bsc#1174863) s390x-protvirt-allow-to-IPL-secure-guest.patch- Update to v4.2.1, a stable, bug-fix-only release * Patches dropped (subsumed by stable update): arm-arm-powerctl-set-NSACR.-CP11-CP10-bi.patch ati-vga-check-mm_index-before-recursive-.patch ati-vga-Fix-checks-in-ati_2d_blt-to-avoi.patch audio-oss-fix-buffer-pos-calculation.patch backup-top-Begin-drain-earlier.patch blkdebug-Allow-taking-unsharing-permissi.patch block-Activate-recursively-even-for-alre.patch block-Add-bdrv_qapi_perm_to_blk_perm.patch block-Avoid-memleak-on-qcow2-image-info-.patch block-backup-fix-memory-leak-in-bdrv_bac.patch block-backup-top-fix-failure-path.patch block-bdrv_set_backing_bs-fix-use-after-.patch block-block-copy-fix-progress-calculatio.patch block-Call-attention-to-truncation-of-lo.patch block-fix-crash-on-zero-length-unaligned.patch block-fix-memleaks-in-bdrv_refresh_filen.patch block-Fix-VM-size-field-width-in-snapsho.patch block-io-fix-bdrv_co_do_copy_on_readv.patch block-nbd-extract-the-common-cleanup-cod.patch block-nbd-fix-memory-leak-in-nbd_open.patch block-qcow2-threads-fix-qcow2_decompress.patch compat-disable-edid-on-correct-virtio-gp.patch display-bochs-display-fix-memory-leak.patch es1370-check-total-frame-count-against-c.patch Fix-double-free-issue-in-qemu_set_log_fi.patch Fix-use-afte-free-in-ip_reass-CVE-2020-1.patch hmp-vnc-Fix-info-vnc-list-leak.patch hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch hw-arm-smmuv3-Align-stream-table-base-ad.patch hw-arm-smmuv3-Apply-address-mask-to-line.patch hw-arm-smmuv3-Check-stream-IDs-against-a.patch hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MAS.patch hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch hw-arm-smmuv3-Use-correct-bit-positions-.patch hw-i386-pc-fix-regression-in-parsing-vga.patch hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch i386-Resolve-CPU-models-to-v1-by-default.patch intel_iommu-a-fix-to-vtd_find_as_from_bu.patch iotests-add-test-for-backup-top-failure-.patch iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch iotests-Fix-nonportable-use-of-od-endian.patch iscsi-Cap-block-count-from-GET-LBA-STATU.patch job-refactor-progress-to-separate-object.patch m68k-Fix-regression-causing-Single-Step-.patch migration-colo-fix-use-after-free-of-loc.patch migration-ram-fix-use-after-free-of-loca.patch migration-Rate-limit-inside-host-pages.patch migration-test-ppc64-fix-FORTH-test-prog.patch nbd-server-Avoid-long-error-message-asse.patch net-tulip-check-frame-size-and-r-w-data-.patch numa-properly-check-if-numa-is-supported.patch pc-bios-s390x-Save-iplb-location-in-lowc.patch ppc-ppc405_boards-Remove-unnecessary-NUL.patch qcow2-bitmaps-fix-qcow2_can_store_new_di.patch qcow2-List-autoclear-bit-names-in-header.patch Revert-qemu-options.hx-Update-for-reboot.patch Revert-vnc-allow-fall-back-to-RAW-encodi.patch runstate-ignore-finishmigrate-prelaunch-.patch s390-sclp-improve-special-wait-psw-logic.patch s390x-adapter-routes-error-handling.patch scsi-qemu-pr-helper-Fix-out-of-bounds-ac.patch sheepdog-Consistently-set-bdrv_has_zero_.patch slirp-use-correct-size-while-emulating-c.patch slirp-use-correct-size-while-emulating-I.patch spapr-Fix-failure-path-for-attempting-to.patch target-arm-Correct-definition-of-PMCRDP.patch target-arm-Fix-PAuth-sbox-functions.patch target-arm-fix-TCG-leak-for-fcvt-half-do.patch target-arm-monitor-query-cpu-model-expan.patch target-arm-Return-correct-IL-bit-in-merg.patch target-arm-Set-ISSIs16Bit-in-make_issinf.patch target-i386-do-not-set-unsupported-VMX-s.patch target-i386-kvm-initialize-feature-MSRs-.patch target-ppc-Fix-rlwinm-on-ppc64.patch target-xtensa-fix-pasto-in-pfwait.r-opco.patch tcg-i386-Fix-INDEX_op_dup2_vec.patch tcg-mips-mips-sync-encode-error.patch tcp_emu-Fix-oob-access.patch tcp_emu-fix-unsafe-snprintf-usages.patch tpm-ppi-page-align-PPI-RAM.patch util-add-slirp_fmt-helpers.patch vhost-user-blk-delete-virtioqueues-in-un.patch vhost-user-gpu-Drop-trailing-json-comma.patch vhost-user-gpu-Release-memory-returned-b.patch virtio-add-ability-to-delete-vq-through-.patch virtio-blk-fix-out-of-bounds-access-to-b.patch virtio-crypto-do-delete-ctrl_vq-in-virti.patch virtio-mmio-update-queue-size-on-guest-w.patch virtio-net-delete-also-control-queue-whe.patch virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch virtio-update-queue-size-on-guest-write.patch vpc-Don-t-round-up-already-aligned-BAT-s.patch xen-block-Fix-double-qlist-remove-and-re.patch- Fix DoS possibility in Network Block Device (nbd) support infrastructure (CVE-2020-10761 bsc#1172710) block-Call-attention-to-truncation-of-lo.patch nbd-server-Avoid-long-error-message-asse.patch - Fix DoS possibility in ati-vga emulation (CVE-2020-13800 bsc#1172495) ati-vga-check-mm_index-before-recursive-.patch - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386) exec-set-map-length-to-zero-when-returni.patch - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) megasas-use-unsigned-type-for-reply_queu.patch - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) es1370-check-total-frame-count-against-c.patch - Fix vgabios issue for cirrus graphivs emulation, which effectively downgraded it to standard VGA behavior vga-fix-cirrus-bios.patch - Remove problematic SMBus ACPI entry - causes problems for Windows 10 since it wants a (non-existent) driver for it i386-acpi-Remove-_HID-from-the-SMBus-ACP.patch- Fix segfault when doing HMP wavcapture (boo#1171712) audio-fix-wavcapture-segfault.patch- Note: a stable patch we've already included addresses bsc#1167816 migration-Rate-limit-inside-host-pages.patch- Fix use after free in slirp networking code (CVE-2020-1983 bsc#1170940) Fix-use-afte-free-in-ip_reass-CVE-2020-1.patch - Increased disk space in _constraints file from 8GB to 9GB-Fix potential DoS in ATI VGA emulation (CVE-2020-11869 bsc#1170537) ati-vga-Fix-checks-in-ati_2d_blt-to-avoi.patch- Minor tweaks to patches and support doc- Add gcc10-maybe-uninitialized.patch in order to fix boo#1169728.- Include upstream patches targeted for the next stable release (bug fixes only) spapr-Fix-failure-path-for-attempting-to.patch target-i386-do-not-set-unsupported-VMX-s.patch target-xtensa-fix-pasto-in-pfwait.r-opco.patch tcg-i386-Fix-INDEX_op_dup2_vec.patch tcg-mips-mips-sync-encode-error.patch vhost-user-gpu-Release-memory-returned-b.patch vpc-Don-t-round-up-already-aligned-BAT-s.patch xen-block-Fix-double-qlist-remove-and-re.patch - Fix bug causing weak encryption in PAuth for ARM (CVE-2020-10702 bsc#1168681) target-arm-Fix-PAuth-sbox-functions.patch - Fix OOB in tulip NIC emulation (CVE-2020-11102 bsc#1168713 net-tulip-check-frame-size-and-r-w-data-.patch - Note that previously included patch addresses CVE-2020-1711 and bsc#1166240 iscsi-Cap-block-count-from-GET-LBA-STATU.patch - Include performance improvement (and related?) patch aio-wait-delegate-polling-of-main-AioCon.patch async-use-explicit-memory-barriers.patch - Rework previous patch at Olaf H.'s direction hw-i386-disable-smbus-migration-for-xenf.patch - Eliminate is_opensuse usage in producing seabios version string what we are doing here is just replacing the upstream string with one indicating that the openSUSE build service built it, and so just leave it as "-rebuilt.opensuse.org" - Alter algorithm used to produce "unique" symbol for coordinating qemu with the optional modules it may load. This is a reasonable relaxation for broader compatibility configure-remove-pkgversion-from-CONFIG_.patch - Tweak supported.*.txt for latest deprecations, and other fixes - Tweak update_git.sh, config.sh- One more fix is needed for: s390x Protected Virtualization support - start and control guest in secure mode (bsc#1167075 jsc#SLE-7407) s390x-s390-virtio-ccw-Fix-build-on-syste.patch- Include upstream patches targeted for the next stable release (bug fixes only) block-Avoid-memleak-on-qcow2-image-info-.patch block-bdrv_set_backing_bs-fix-use-after-.patch hmp-vnc-Fix-info-vnc-list-leak.patch migration-colo-fix-use-after-free-of-loc.patch migration-ram-fix-use-after-free-of-loca.patch ppc-ppc405_boards-Remove-unnecessary-NUL.patch qcow2-List-autoclear-bit-names-in-header.patch scsi-qemu-pr-helper-Fix-out-of-bounds-ac.patch sheepdog-Consistently-set-bdrv_has_zero_.patch- Note The previous set of s390x patches also includes the fix for: bsc#1167445- Include upstream patches targeted for the next stable release (bug fixes only) block-io-fix-bdrv_co_do_copy_on_readv.patch compat-disable-edid-on-correct-virtio-gp.patch target-ppc-Fix-rlwinm-on-ppc64.patch vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch - s390x Protected Virtualization support - start and control guest in secure mode. (note: binary patch from patch series dropped since for s390x we rebuild the patched binary anyways) (bsc#1167075 jsc#SLE-7407) s390-sclp-improve-special-wait-psw-logic.patch s390x-Add-missing-vcpu-reset-functions.patch s390x-Add-SIDA-memory-ops.patch s390x-Add-unpack-facility-feature-to-GA1.patch s390x-Beautify-diag308-handling.patch s390x-Don-t-do-a-normal-reset-on-the-ini.patch s390x-ipl-Consolidate-iplb-validity-chec.patch s390x-kvm-Make-kvm_sclp_service_call-voi.patch s390x-Move-clear-reset.patch s390x-Move-diagnose-308-subcodes-and-rcs.patch s390x-Move-initial-reset.patch s390x-Move-reset-normal-to-shared-reset-.patch s390x-protvirt-Add-migration-blocker.patch s390x-protvirt-Disable-address-checks-fo.patch s390x-protvirt-Handle-SIGP-store-status-.patch s390x-protvirt-Inhibit-balloon-when-swit.patch s390x-protvirt-KVM-intercept-changes.patch s390x-protvirt-Move-diag-308-data-over-S.patch s390x-protvirt-Move-IO-control-structure.patch s390x-protvirt-Move-STSI-data-over-SIDAD.patch s390x-protvirt-SCLP-interpretation.patch s390x-protvirt-Set-guest-IPL-PSW.patch s390x-protvirt-Support-unpack-facility.patch Sync-pv.patch- Fix the issue that s390x could not read IPL channel program when using dasd as boot device (bsc#1163140) pc-bios-s390x-Save-iplb-location-in-lowc.patch- Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 bsc#1161066 CVE-2020-7039) slirp-use-correct-size-while-emulating-c.patch slirp-use-correct-size-while-emulating-I.patch tcp_emu-Fix-oob-access.patch tcp_emu-fix-unsafe-snprintf-usages.patch util-add-slirp_fmt-helpers.patch - Replace this patch with upstream version target-arm-monitor-query-cpu-model-expan.patch- Include upstream patches targeted for the next stable release (bug fixes only) audio-oss-fix-buffer-pos-calculation.patch blkdebug-Allow-taking-unsharing-permissi.patch block-Add-bdrv_qapi_perm_to_blk_perm.patch block-backup-top-fix-failure-path.patch block-block-copy-fix-progress-calculatio.patch block-fix-crash-on-zero-length-unaligned.patch block-fix-memleaks-in-bdrv_refresh_filen.patch block-Fix-VM-size-field-width-in-snapsho.patch block-nbd-extract-the-common-cleanup-cod.patch block-nbd-fix-memory-leak-in-nbd_open.patch block-qcow2-threads-fix-qcow2_decompress.patch hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch iotests-add-test-for-backup-top-failure-.patch iotests-Fix-nonportable-use-of-od-endian.patch job-refactor-progress-to-separate-object.patch target-arm-Correct-definition-of-PMCRDP.patch target-arm-fix-TCG-leak-for-fcvt-half-do.patch tpm-ppi-page-align-PPI-RAM.patch vhost-user-blk-delete-virtioqueues-in-un.patch virtio-add-ability-to-delete-vq-through-.patch virtio-crypto-do-delete-ctrl_vq-in-virti.patch virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch- Add Obsoletes directive for qemu-audio-sdl and qemu-ui-sdl since for a qemu package upgrade from SLE12-SP5, support for SDL is dropped- Fix xenfv migration from xen host with pre-v4.0 qemu. We had previously dropped a similar patch, but have decided that for now we need to go with this type of solution (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch- Avoid query-cpu-model-expansion crashed qemu when using machine type none, patch is queued in upstream now, will update commit id later (bsc#1159443) target-arm-monitor-query-cpu-model-expan.patch- BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow OBS to shortcut through -mini flavors.- Stop using system membarriers (ie switch from --enable-membarrier to --disable-membarrier). This is a blocker for using qemu in the context of containers (boo#1130134 jsc#SLE-11089) - Drop this recently added patch - in consultation with upstream it was decided it needed to be solved a different way (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch - Include upstream patches targeted for the next stable release (bug fixes only) block-backup-fix-memory-leak-in-bdrv_bac.patch iscsi-Cap-block-count-from-GET-LBA-STATU.patch s390x-adapter-routes-error-handling.patch target-i386-kvm-initialize-feature-MSRs-.patch- Include upstream patches targeted for the next stable release (bug fixes only) hw-i386-pc-fix-regression-in-parsing-vga.patch m68k-Fix-regression-causing-Single-Step-.patch migration-Rate-limit-inside-host-pages.patch migration-test-ppc64-fix-FORTH-test-prog.patch Revert-vnc-allow-fall-back-to-RAW-encodi.patch runstate-ignore-finishmigrate-prelaunch-.patch target-arm-Return-correct-IL-bit-in-merg.patch target-arm-Set-ISSIs16Bit-in-make_issinf.patch vnc-prioritize-ZRLE-compression-over-ZLI.patch- BuildRequire pkconfig(systemd) instead of systemd: allow OBS to shortcut through the -mini flavors. - Use systemd_ordering in place of systemd_requires: systemd is never a strict requirement for qemu; but when installing qemu on a systemd-managed system, we want system to be present first.- Fix xenfv migration from xen host with pre-v4.0 qemu (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch- Create files within bundles.tar.xz with fixed timestamp and uid- Add a %bcond_without system_membarrier along with related processing to the spec file, to better investigate running QEMU with the --disable-membarrier configure option- Include upstream patches targeted for the next stable release (bug fixes only) arm-arm-powerctl-set-NSACR.-CP11-CP10-bi.patch backup-top-Begin-drain-earlier.patch block-Activate-recursively-even-for-alre.patch display-bochs-display-fix-memory-leak.patch Fix-double-free-issue-in-qemu_set_log_fi.patch hw-arm-smmuv3-Align-stream-table-base-ad.patch hw-arm-smmuv3-Apply-address-mask-to-line.patch hw-arm-smmuv3-Check-stream-IDs-against-a.patch hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MAS.patch hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch hw-arm-smmuv3-Use-correct-bit-positions-.patch i386-Resolve-CPU-models-to-v1-by-default.patch intel_iommu-a-fix-to-vtd_find_as_from_bu.patch iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch iotests-Provide-a-function-for-checking-.patch iotests-Skip-test-060-if-it-is-not-possi.patch iotests-Skip-test-079-if-it-is-not-possi.patch numa-properly-check-if-numa-is-supported.patch qcow2-bitmaps-fix-qcow2_can_store_new_di.patch Revert-qemu-options.hx-Update-for-reboot.patch vhost-user-gpu-Drop-trailing-json-comma.patch virtio-blk-fix-out-of-bounds-access-to-b.patch virtio-mmio-update-queue-size-on-guest-w.patch virtio-net-delete-also-control-queue-whe.patch virtio-update-queue-size-on-guest-write.patch - Include performance improvement virtio-don-t-enable-notifications-during.patch - Repair incorrect packaging references to Jira tracked features- Add Cooperlake vcpu model (jsc#SLE-7923) i386-Add-MSR-feature-bit-for-MDS-NO.patch i386-Add-macro-for-stibp.patch i386-Add-new-CPU-model-Cooperlake.patch target-i386-Add-new-bit-definitions-of-M.patch target-i386-Add-missed-features-to-Coope.patch - Add HMAT support (jsc#SLE-8897) (the test case for this series isn't included because we aren't set up to handle binary patches) numa-Extend-CLI-to-provide-initiator-inf.patch numa-Extend-CLI-to-provide-memory-latenc.patch numa-Extend-CLI-to-provide-memory-side-c.patch hmat-acpi-Build-Memory-Proximity-Domain-.patch hmat-acpi-Build-System-Locality-Latency-.patch hmat-acpi-Build-Memory-Side-Cache-Inform.patch tests-numa-Add-case-for-QMP-build-HMAT.patch- Update to v4.2.0: See http://wiki.qemu.org/ChangeLog/4.2 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * x86: Denverton, Snowridge, and Dhyana CPU models added * x86: Latest version of all CPU models how have TSX (HLE and RTM) disabled by default * x86: Support for AVX512 BFloat16 extensions * x86: VMX features exposed more accurately and controllably * s390: TCG now implements IEP (Instruction Execution Protection) * PowerPC: POWER8 and POWER9 non-virtualized machines separated out * PowerPC: RTAS now comes from SLOF instead of QEMU itself * PowerPC: Unplug of multifunction PCI devices now unplugs the whole slot, as in x86 * ARM: Support for >256 CPUs with KVM is fixed * ARM: Memory hotplug now supported , when using UEFI, ACPI, for virt machine type * ARM: SVE support possuble now for KVM guests * ARM: ACPI generic event device can now deliver powerdown event * The backend device can be specified for a guest audio device * virtio v1.1 packed virtqueues supported * Socket based character device backends now support TCP keep-alive * Use encryption library cipher mode facilities, allowing improved performance for eg. AES-XTS encrption * Misc block device improvements, esp. with nbd - See the following few release-candidate changelog entries for additional changes related to this release - Switched package build to be out-of-tree- Update to v4.2.0-rc5: See http://wiki.qemu.org/ChangeLog/4.2- Update to v4.2.0-rc4: See http://wiki.qemu.org/ChangeLog/4.2 * Update the support documents used for SUSE SLE releases to cover this qemu release- Update to v4.2.0-rc3: See http://wiki.qemu.org/ChangeLog/4.2 * Patches dropped (upstream unless otherwise noted): ati-add-edid-support.patch ati-vga-add-rage128-edid-support.patch ati-vga-fix-ati_read.patch ati-vga-make-i2c-register-and-bits-confi.patch ati-vga-make-less-verbose.patch ati-vga-try-vga-ddc-first.patch Disable-Waddress-of-packed-member-for-GC.patch hdata-vpd-fix-printing-char-0x00.patch target-i386-add-PSCHANGE_NO-bit-for-the-.patch target-i386-Export-TAA_NO-bit-to-guests.patch vbe-add-edid-support.patch vga-add-ati-bios-tables.patch vga-add-atiext-driver.patch vga-make-memcpy_high-public.patch vga-move-modelist-from-bochsvga.c-to-new.patch * Patches added: Enable-cross-compile-prefix-for-C-compil.patch ensure-headers-included-are-compatible-w.patch roms-Makefile-enable-cross-compile-for-b.patch * Add qemu-ui-spice-app package containing ui-spice-app.so * Add qemu-microvm package containing bios-microvm.bin - Add descriptors for the 128k and 256k SeaBios firmware images - For the record, the following issues reported for SUSE SLE15-SP1 are either fixed in this current package, or are otherwise not an issue: bsc#1079730 bsc#1098403 bsc#1111025 bsc#1128106 bsc#1133031 bsc#1134883 bsc#1135210 bsc#1135902 bsc#1136540 bsc#1136778 bsc#1138534 bsc#1140402 bsc#1143794 bsc#1145379 bsc#1144087 bsc#1145427 bsc#1145436 bsc#1145774 bsc#1146873 bsc#1149811 bsc#1152506 bsc#1155812 bsc#1156642 CVE-2018-12207 CVE-2019-5008 CVE-2019-11135 CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890, and the following feature requests are satisfied by this package: fate#327410 fate#327764 fate#327796 jsc#SLE-4883 jsc#SLE-6132 jsc#SLE-6237 jsc#SLE-6754- Expose pschange-mc-no "feature", indicating CPU does not have the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812) target-i386-add-PSCHANGE_NO-bit-for-the-.patch - Expose taa-no "feature", indicating CPU does not have the TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506) target-i386-Export-TAA_NO-bit-to-guests.patch Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Update to v4.1.1, a stable, bug-fix-only release * Besides incorporating the following fixes we already carried, it includes about the same number of other, similar type fixes which we hadn't yet incorporated. * Patches dropped (subsumed by stable update): block-Add-bdrv_co_get_self_request.patch block-create-Do-not-abort-if-a-block-dri.patch block-file-posix-Let-post-EOF-fallocate-.patch block-file-posix-Reduce-xfsctl-use.patch block-io-refactor-padding.patch blockjob-update-nodes-head-while-removin.patch block-Make-wait-mark-serialising-request.patch block-nfs-tear-down-aio-before-nfs_close.patch coroutine-Add-qemu_co_mutex_assert_locke.patch curl-Check-completion-in-curl_multi_do.patch curl-Handle-success-in-multi_check_compl.patch curl-Keep-pointer-to-the-CURLState-in-CU.patch curl-Keep-socket-until-the-end-of-curl_s.patch curl-Pass-CURLSocket-to-curl_multi_do.patch curl-Report-only-ready-sockets.patch hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch hw-core-loader-Fix-possible-crash-in-rom.patch make-release-pull-in-edk2-submodules-so-.patch memory-Provide-an-equality-function-for-.patch mirror-Keep-mirror_top_bs-drained-after-.patch pr-manager-Fix-invalid-g_free-crash-bug.patch qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch qcow2-Fix-corruption-bug-in-qcow2_detect.patch qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch qcow2-Fix-the-calculation-of-the-maximum.patch roms-Makefile.edk2-don-t-pull-in-submodu.patch s390-PCI-fix-IOMMU-region-init.patch s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch target-alpha-fix-tlb_fill-trap_arg2-valu.patch target-arm-Don-t-abort-on-M-profile-exce.patch target-arm-Free-TCG-temps-in-trans_VMOV_.patch util-iov-introduce-qemu_iovec_init_exten.patch vhost-Fix-memory-region-section-comparis.patch vpc-Return-0-from-vpc_co_create-on-succe.patch Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Fix %arm builds- Fix two issues with qcow2 image processing which could affect disk integrity qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch- Work around a host kernel xfs bug which can result in qcow2 image corruption block-io-refactor-padding.patch util-iov-introduce-qemu_iovec_init_exten.patch block-Make-wait-mark-serialising-request.patch block-Add-bdrv_co_get_self_request.patch block-file-posix-Let-post-EOF-fallocate-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Correct package names in _constraints after switch to multibuild.- Address potential corruption when using qcow2 images coroutine-Add-qemu_co_mutex_assert_locke.patch qcow2-Fix-corruption-bug-in-qcow2_detect.patch - Include more tweaks to our packaging workflow scripts - this will continue as we refine the scripts - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- use %gcc_version for cross compilers (boo#1153703)- Add upstream edk2 submodule fix for creating tarball - Switch to upstream patch for avoiding git ref in edk2 makefile - Fix failing block tests which aren't compatible with the configure option --enable-membarrier * Patches dropped: roms-Makefile.edk2-don-t-invoke-git-sinc.patch tests-block-io-test-130-needs-some-delay.patch * Patches added: make-release-pull-in-edk2-submodules-so-.patch roms-Makefile.edk2-don-t-pull-in-submodu.patch tests-Fix-block-tests-to-be-compatible-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Reduce the cross compiler versions we rely on - Fix some qemu-testsuite issues, reducing known error cases test-add-mapping-from-arch-of-i686-to-qe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Since our spec file has bashisms, include the following in the spec file: %define _buildshell /bin/bash- Disable some block tests which randomly fail. This is in context of the build service build of qemu-testsuite tests-Disable-some-block-tests-for-now.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Add some post v4.1.0 upstream stable patches * Patches added: mirror-Keep-mirror_top_bs-drained-after-.patch s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch target-alpha-fix-tlb_fill-trap_arg2-valu.patch target-arm-Free-TCG-temps-in-trans_VMOV_.patch target-arm-Don-t-abort-on-M-profile-exce.patch qcow2-Fix-the-calculation-of-the-maximum.patch block-file-posix-Reduce-xfsctl-use.patch pr-manager-Fix-invalid-g_free-crash-bug.patch vpc-Return-0-from-vpc_co_create-on-succe.patch block-nfs-tear-down-aio-before-nfs_close.patch block-create-Do-not-abort-if-a-block-dri.patch curl-Keep-pointer-to-the-CURLState-in-CU.patch curl-Keep-socket-until-the-end-of-curl_s.patch curl-Check-completion-in-curl_multi_do.patch curl-Pass-CURLSocket-to-curl_multi_do.patch curl-Report-only-ready-sockets.patch curl-Handle-success-in-multi_check_compl.patch blockjob-update-nodes-head-while-removin.patch memory-Provide-an-equality-function-for-.patch vhost-Fix-memory-region-section-comparis.patch hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch s390-PCI-fix-IOMMU-region-init.patch hw-core-loader-Fix-possible-crash-in-rom.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Include more tweaks to our packaging workflow scripts - Produce qemu-linux-user and qemu-testsuite via the build service multibuild capability, instead of duplicating the spec file and using package link in build service * combine qemu-linux-user spec file into main qemu spec file. Since this model uses a single changelog, here are some historicial mentions from the now unused qemu-linux-user.changes (delta from qemu's was quite minimal): - Adjust to a v5.2 linux kernel change regarding SIOCGSTAMP - Fix pwrite64/pread64 to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600) * bsc#1112499 * Since qemu-testsuite.spec and qemu-testsuite.changes were just copies of the main qemu version nothing needs to be done there- Build opensbi from source on riscv64- Update to v4.1.0: See http://wiki.qemu.org/ChangeLog/4.1 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * x86: CPU models are now versioned * x86: CPU die topology can now be configured * x86: New Hygon Dhyana and Intel Snowridge CPU models * s390: The bios now supports IPL (boot) from ECKD DASD assigned to the guest via vfio-ccw * s390: The bios now tolerates the presence of bootmap signature entries written by zipl * PowerPC: pseries machine now supports KVM acceleration (kernel_irqchip=on) of the XIVE interrupt controller * PowerPC: pseries now supports hot-plug of PCI bridges and hot-plug and unplug of devices under PCI bridges * ARM: QEMU now supports emulating an FPU for Cortex-M CPUs, and the Cortex-M4 and Cortex-M33 now provide the FP * Python 2 support is deprecated * UEFI platform firmware binaries, and matching variable store templates are now installed * Now it's possible to specify memory-less NUMA node when using "-numa node,memdev" options * Possible to trigger self announcement on specific network interfaces * Default memory distribution between NUMA nodes is now deprecated * Fallback to normal RAM allocation if QEMU is not able to allocate from the "-mem-path" provided file/filesystem is now deprecated * virtio-gpu 2d/3d rendering may now be offloaded to an external vhost-user process, such as QEMU vhost-user-gpu * QEMU will automatically try to use the MAP_SYNC mmap flag for memory backends configured with pmem=on,share=on * Additional SeaVGABIOS patches added for vga-ati compatibility - Drop attempt at build compatibility with SLE12 - New sub-packages: qemu-edk2, qemu-vhost-user-gpu - Conditionalize building of qemu-edk2 (and leave unbuilt for now) - Implement new packaging workflow, includes no longer numbering patches, and having the "current git repo" stored with the package in the form of git bundles * Patches dropped (upstream unless otherwise noted): 0027-tests-test-thread-pool-is-racy-add-.patch 0032-tests-Fix-Makefile-handling-of-chec.patch 0034-Revert-target-i386-kvm-add-VMX-migr.patch 0036-sockets-avoid-string-truncation-war.patch 0039-linux-user-avoid-string-truncation-.patch 0040-linux-user-elfload-Fix-GCC-9-build-.patch 0041-qxl-avoid-unaligned-pointer-reads-w.patch 0042-libvhost-user-fix-Waddress-of-packe.patch 0043-target-i386-define-md-clear-bit.patch 0045-kbd-state-fix-autorepeat-handling.patch 0046-target-ppc-ensure-we-get-null-termi.patch 0049-qxl-check-release-info-object.patch 0050-qemu-bridge-helper-restrict-interfa.patch 0051-linux-user-fix-to-handle-variably-s.patch ipxe-use-gcc6-for-more-compact-code.patch (no longer needed) (the next three are replaced by the upstream equivalent) ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch ipxe-build-Disable-gcc-address-of-packed-member-warning.patch ipxe-efi-Avoid-string-op-warning-with-cross-gcc-7-compile.patch slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input.patch * Patches renamed: 0001-XXX-dont-dump-core-on-sigabort.patch - > XXX-dont-dump-core-on-sigabort.patch 0002-qemu-binfmt-conf-Modify-default-pat.patch - > qemu-binfmt-conf-Modify-default-path.patch 0003-qemu-cvs-gettimeofday.patch - > qemu-cvs-gettimeofday.patch 0004-qemu-cvs-ioctl_debug.patch - > qemu-cvs-ioctl_debug.patch 0005-qemu-cvs-ioctl_nodirection.patch - > qemu-cvs-ioctl_nodirection.patch 0006-linux-user-add-binfmt-wrapper-for-a.patch - > linux-user-add-binfmt-wrapper-for-argv-0.patch 0007-PPC-KVM-Disable-mmu-notifier-check.patch - > PPC-KVM-Disable-mmu-notifier-check.patch 0008-linux-user-binfmt-support-host-bina.patch - > linux-user-binfmt-support-host-binaries.patch 0009-linux-user-Fake-proc-cpuinfo.patch - > linux-user-Fake-proc-cpuinfo.patch 0010-linux-user-use-target_ulong.patch - > linux-user-use-target_ulong.patch 0011-Make-char-muxer-more-robust-wrt-sma.patch - > Make-char-muxer-more-robust-wrt-small-FI.patch 0012-linux-user-lseek-explicitly-cast-no.patch - > linux-user-lseek-explicitly-cast-non-set.patch 0013-AIO-Reduce-number-of-threads-for-32.patch - > AIO-Reduce-number-of-threads-for-32bit-h.patch 0014-xen_disk-Add-suse-specific-flush-di.patch - > xen_disk-Add-suse-specific-flush-disable.patch 0015-qemu-bridge-helper-reduce-security-.patch - > qemu-bridge-helper-reduce-security-profi.patch 0016-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch 0017-linux-user-properly-test-for-infini.patch - > linux-user-properly-test-for-infinite-ti.patch 0018-roms-Makefile-pass-a-packaging-time.patch - > roms-Makefile-pass-a-packaging-timestamp.patch 0019-Raise-soft-address-space-limit-to-h.patch - > Raise-soft-address-space-limit-to-hard-l.patch 0020-increase-x86_64-physical-bits-to-42.patch - > increase-x86_64-physical-bits-to-42.patch 0021-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch 0022-i8254-Fix-migration-from-SLE11-SP2.patch - > i8254-Fix-migration-from-SLE11-SP2.patch 0023-acpi_piix4-Fix-migration-from-SLE11.patch - > acpi_piix4-Fix-migration-from-SLE11-SP2.patch 0024-Switch-order-of-libraries-for-mpath.patch - > Switch-order-of-libraries-for-mpath-supp.patch 0025-Make-installed-scripts-explicitly-p.patch - > Make-installed-scripts-explicitly-python.patch 0026-hw-smbios-handle-both-file-formats-.patch - > hw-smbios-handle-both-file-formats-regar.patch 0028-xen-add-block-resize-support-for-xe.patch - > xen-add-block-resize-support-for-xen-dis.patch 0029-tests-qemu-iotests-Triple-timeout-o.patch - > tests-qemu-iotests-Triple-timeout-of-i-o.patch 0030-tests-block-io-test-130-needs-some-.patch - > tests-block-io-test-130-needs-some-delay.patch 0031-xen-ignore-live-parameter-from-xen-.patch - > xen-ignore-live-parameter-from-xen-save-.patch 0033-Conditionalize-ui-bitmap-installati.patch - > Conditionalize-ui-bitmap-installation-be.patch 0035-tests-change-error-message-in-test-.patch - > tests-change-error-message-in-test-162.patch 0037-hw-usb-hcd-xhci-Fix-GCC-9-build-war.patch - > hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch 0038-hw-usb-dev-mtp-Fix-GCC-9-build-warn.patch - > hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch 0044-hw-intc-exynos4210_gic-provide-more.patch - > hw-intc-exynos4210_gic-provide-more-room.patch 0047-configure-only-populate-roms-if-sof.patch - > configure-only-populate-roms-if-softmmu.patch 0048-pc-bios-s390-ccw-net-avoid-warning-.patch - > pc-bios-s390-ccw-net-avoid-warning-about.patch keycodemapdb-make-keycode-gen-output-reproducible.patch - > Make-keycode-gen-output-reproducible-use.patch ipxe-stub-out-the-SAN-req-s-in-int13.patch - > stub-out-the-SAN-req-s-in-int13.patch sgabios-fix-cross-build.patch deleted - > roms-sgabios-Fix-csum8-to-be-built-by-ho.patch sgabios-stable-buildid.patch - > sgabios-Makefile-fix-issues-of-build-rep.patch skiboot-gcc9-compat.patch - > Disable-Waddress-of-packed-member-for-GC.patch ipxe-stable-buildid.patch - > ipxe-Makefile-fix-issues-of-build-reprod.patch seabios-fix_cross_compilation.patch - > enable-cross-compilation-on-ARM.patch * Patches added: roms-change-cross-compiler-naming-to-be-.patch roms-Makefile.edk2-don-t-invoke-git-sinc.patch vga-move-modelist-from-bochsvga.c-to-new.patch vga-make-memcpy_high-public.patch vga-add-atiext-driver.patch vga-add-ati-bios-tables.patch vbe-add-edid-support.patch ati-add-edid-support.patch ati-vga-make-less-verbose.patch ati-vga-fix-ati_read.patch ati-vga-make-i2c-register-and-bits-confi.patch ati-vga-try-vga-ddc-first.patch ati-vga-add-rage128-edid-support.patch Fix-s-directive-argument-is-null-error.patch Workaround-compilation-error-with-gcc-9..patch Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch hdata-vpd-fix-printing-char-0x00.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Since we build seabios, take advantage of ability to add our own identifying version info by changing SEABIOS_EXTRAVERSION from "-prebuilt.qemu.org" to "-rebuilt.suse.com" (or "-rebuilt.opensuse.org for openSUSE releases)- Security fix for heap overflow in ip_reass on big packet input (CVE-2019-14378, bsc#1143794) slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0 * Patches added: 0051-linux-user-fix-to-handle-variably-s.patch- Make keycode-gen output reproducible (use SOURCE_DATE_EPOCH timestamp) keycodemapdb-make-keycode-gen-output-reproducible.patch- Security fix for null pointer dereference while releasing spice resources (CVE-2019-12155, bsc#1135902) 0049-qxl-check-release-info-object.patch - Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (CVE-2019-13164, bsc#1140402) 0050-qemu-bridge-helper-restrict-interfa.patch - Replace patch 0043 with an upstream version 0043-target-i386-define-md-clear-bit.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- fixed regression for ksm.service was (bsc#1112646)- Content of packaged %_docdir/%name/interop/_static/ dir depends on python-Sphinx version, so lets just wildcard specifying those files, rather than trying to manage a specific file list- Last change exposed that we still do rely on python2. Make spec file adjustment- Switch from python-Sphinx to Sphinx from python variant we are building with (new Sphinx is for python3 only)- Fix a number of compatibility issues with the stricter gcc9 checks * Disable warning for taking address of packed structure members 0048-pc-bios-s390-ccw-net-avoid-warning-.patch * Fix case of strncpy where null terminated string not guaranteed 0046-target-ppc-ensure-we-get-null-termi.patch * Disable warning for taking address of packed structure members and fix case of passing null pointer as "%s" format parameter skiboot-gcc9-compat.patch - Fix configure script which caused firmware to be built in linux-user only build. 0047-configure-only-populate-roms-if-sof.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Fix regression in autorepeat key handling 0045-kbd-state-fix-autorepeat-handling.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Fix file list- Yet another gcc9 related code fix (bsc#1121464) 0044-hw-intc-exynos4210_gic-provide-more.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Switch to now upstreamed version of patch and add one more gcc9 related patch * Patches renamed: 0041-qxl-fix-Waddress-of-packed-member.patch - > 0041-qxl-avoid-unaligned-pointer-reads-w.patch 0042-libvhost-user-fix-Waddress-of-packe.patch - Add x86 cpu feature "md-clear" (CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 bsc#1111331) 0043-target-i386-define-md-clear-bit.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Correct logic of which ipxe patches get included based on suse_version. We were wrongly excluding a gcc9 related patch for example- Switch to now upstreamed version of some patches * Patches renamed: 0036-util-qemu-sockets-Fix-GCC-9-build-w.patch - > 0036-sockets-avoid-string-truncation-war.patch 0039-linux-user-uname-Fix-GCC-9-build-wa.patch - > 0039-linux-user-avoid-string-truncation-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Create /usr/share/qemu/firmware and /etc/qemu/firmware directories in support of the firmware descriptor feature now in use as of libvirt v5.2- Disable LTO as suggested by Martin Liska (boo#1133281) - Remove and obsolete qemu-oss-audio subpackage. OSS audio is very old, and we didn't really even configure the package properly for it for a very long time, so presumably there can't be any users of it as far as qemu is concerned - Avoid warnings which gcc9 complains about 0036-util-qemu-sockets-Fix-GCC-9-build-w.patch 0037-hw-usb-hcd-xhci-Fix-GCC-9-build-war.patch 0038-hw-usb-dev-mtp-Fix-GCC-9-build-warn.patch 0039-linux-user-uname-Fix-GCC-9-build-wa.patch 0040-linux-user-elfload-Fix-GCC-9-build-.patch 0041-qxl-fix-Waddress-of-packed-member.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Update to v4.0.0: See http://wiki.qemu.org/ChangeLog/4.0 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * ARM: ARMv8+ extensions for SB, PredInv, HPD, LOR, FHM, AA32HPD, PAuth, JSConv, CondM, FRINT, and BTI * ARM: new emulation support for "Musca" and "MPS2" development boards * ARM: virt: support for >255GB of RAM and u-boot "noload" image types * ARM: improved emulation of ARM PMU * HPPA: support for TLB protection IDs and TLB trace events * MIPS: support for multi-threaded TCG emulation * MIPS: emulation support for I7200 I6500 CPUs, QMP-base querying of CPU types, and improved support for SAARI and SAAR configuration registers * MIPS: improvements to Interthread Communication Unit, Fulong 2E machine types, and end-user documentation. * PowerPC: pseries/powernv: support for POWER9 large decrementer * PowerPC: pseries: emulation support for XIVE interrupt controller * PowerPC: pseries: support for hotplugging PCI host bridges (PHBs) * PowerPC: pseries: Spectre/Meltdown mitigations enabled by default, additional support for count-cache-flush mitigation * RISC-V: virt: support for PCI and USB * RISC-V: support for TSR, TW, and TVM fields of mstatus, FS field now supports three stats (dirty, clean, and off) * RISC-V: built-in gdbserver supports register lists via XML files * s390: support for z14 GA 2 CPU model, Multiple-epoch and PTFF features now enabled in z14 CPU model by default * s390: vfio-ap: now supports hot plug/unplug, and no longer inhibits memory ballooning * s390: emulation support for floating-point extension facility and vector support instructions * x86: HAX accelerator now supported POSIX hosts other than Darwin, including Linux and NetBSD * x86: Q35: advertised PCIe root port speeds will now optimally default to maximum link speed (16GT/s) and width (x32) provided by PCIe 4.0 for QEMU 4.0+ machine types; older machine types will retain 2.5GT/x1 defaults for compatibility. * x86: Xen PVH images can now be booted with "-kernel" option * Xtensa: xtfpga: improved SMP support for linux (interrupt distributor, IPI, and runstall) and new SMP-capable test_mmuhifi_c3 core configuration * Xtensa: support for Flexible length instructions extension (FLIX) * GUI: new '-display spice-app' to configure/launch a Spice client GUI with a similar UI to QEMU GTK. VNC server now supports access controls via tls-authz/sasl-authz options * QMP: support for "out-of-band" command execution, can be useful for postcopy migration recovery. Additional QMP commands for working with block devices and dirty bitmaps * VFIO: EDID interface for supported mdev (Intel vGPU for kernel 5.0+), allows resolution setting via xres/yres options. * Xen: new 'xen-disk' device which can create a Xen PV disk backend, and performance improvements for Xen PV disk backend. * Network Block Device: improved tracing and error diagnostics, improved client compatibility with buggy NBD server implementations, new - -bitmap, --list, --tls-authz options for qemu-nbd * virtio-blk now supports DISCARD and WRITE_ZEROES * qemu-test-suite output is now in TAP format * Sphinx now used for part of qemu documentation * A few more configure features are enabled: iconv, lzfse (for openSUSE) * Provide better logo icons - Made these package building changes: * Removed this token from spec file: #!BuildIgnore: gcc-PIE * Created ability to build qemu source out-of-tree * Added BSD-2-Clause license clause due to EDK II code inclusion * Patches dropped (upstream unless otherwise noted): 0010-Remove-problematic-evdev-86-key-fro.patch 0025-Fix-tigervnc-long-press-issue.patch 0026-string-input-visitor-Fix-uint64-par.patch 0027-test-string-input-visitor-Add-int-t.patch 0028-test-string-input-visitor-Add-uint6.patch 0029-tests-Add-QOM-property-unit-tests.patch 0030-tests-Add-scsi-disk-test.patch 0033-smbios-Add-1-terminator-if-any-stri.patch (different approach used) 0034-qemu-io-tests-comment-out-problemat.patch (not as needed) 0039-xen_disk-Avoid-repeated-memory-allo.patch 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0045-hw-usb-fix-mistaken-de-initializati.patch 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch 0047-pvrdma-release-device-resources-in-.patch 0048-rdma-check-num_sge-does-not-exceed-.patch 0049-pvrdma-add-uar_read-routine.patch 0050-pvrdma-check-number-of-pages-when-c.patch 0051-pvrdma-check-return-value-from-pvrd.patch 0052-pvrdma-release-ring-object-in-case-.patch 0053-block-Fix-hangs-in-synchronous-APIs.patch 0054-linux-user-make-pwrite64-pread64-fd.patch 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch 0056-slirp-check-data-length-while-emula.patch 0057-s390x-Return-specification-exceptio.patch 0059-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch 0061-slirp-check-sscanf-result-when-emul.patch 0062-ppc-add-host-serial-and-host-model-.patch 0063-i2c-ddc-fix-oob-read.patch 0064-device_tree.c-Don-t-use-load_image.patch 0065-spapr-Simplify-handling-of-host-ser.patch ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch ipxe-fix-build.patch skiboot-hdata-i2c.c-fix-building-with-gcc8.patch * Patches renamed: 0011-linux-user-use-target_ulong.patch - > 0010-linux-user-use-target_ulong.patch 0012-Make-char-muxer-more-robust-wrt-sma.patch - > 0011-Make-char-muxer-more-robust-wrt-sma.patch 0013-linux-user-lseek-explicitly-cast-no.patch - > 0012-linux-user-lseek-explicitly-cast-no.patch 0014-AIO-Reduce-number-of-threads-for-32.patch - > 0013-AIO-Reduce-number-of-threads-for-32.patch 0015-xen_disk-Add-suse-specific-flush-di.patch - > 0014-xen_disk-Add-suse-specific-flush-di.patch 0016-qemu-bridge-helper-reduce-security-.patch - > 0015-qemu-bridge-helper-reduce-security-.patch 0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0016-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0018-linux-user-properly-test-for-infini.patch - > 0017-linux-user-properly-test-for-infini.patch 0019-roms-Makefile-pass-a-packaging-time.patch - > 0018-roms-Makefile-pass-a-packaging-time.patch 0020-Raise-soft-address-space-limit-to-h.patch - > 0019-Raise-soft-address-space-limit-to-h.patch 0021-increase-x86_64-physical-bits-to-42.patch - > 0020-increase-x86_64-physical-bits-to-42.patch 0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0021-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0023-i8254-Fix-migration-from-SLE11-SP2.patch - > 0022-i8254-Fix-migration-from-SLE11-SP2.patch 0024-acpi_piix4-Fix-migration-from-SLE11.patch - > 0023-acpi_piix4-Fix-migration-from-SLE11.patch 0031-Switch-order-of-libraries-for-mpath.patch - > 0024-Switch-order-of-libraries-for-mpath.patch 0032-Make-installed-scripts-explicitly-p.patch - > 0025-Make-installed-scripts-explicitly-p.patch 0035-tests-test-thread-pool-is-racy-add-.patch - > 0027-tests-test-thread-pool-is-racy-add-.patch 0036-xen-add-block-resize-support-for-xe.patch - > 0028-xen-add-block-resize-support-for-xe.patch 0037-tests-qemu-iotests-Triple-timeout-o.patch - > 0029-tests-qemu-iotests-Triple-timeout-o.patch 0038-tests-block-io-test-130-needs-some-.patch - > 0030-tests-block-io-test-130-needs-some-.patch 0040-xen-ignore-live-parameter-from-xen-.patch - > 0031-xen-ignore-live-parameter-from-xen-.patch 0058-Revert-target-i386-kvm-add-VMX-migr.patch - > 0034-Revert-target-i386-kvm-add-VMX-migr.patch * Patches added: 0026-hw-smbios-handle-both-file-formats-.patch 0032-tests-Fix-Makefile-handling-of-chec.patch 0033-Conditionalize-ui-bitmap-installati.patch 0035-tests-change-error-message-in-test-.patch ipxe-efi-Avoid-string-op-warning-with-cross-gcc-7-compile.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream adjustments for the same. Basically now the security fix is to provide a dummy host-model and host-serial value, which overrides getting that value from the host 0065-spapr-Simplify-handling-of-host-ser.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Tweak last spec file change to guard new Requires with conditional - Fix DOS possibility in device tree processing (CVE-2018-20815 bsc#1130675) 0064-device_tree.c-Don-t-use-load_image.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Remove an unneeded BuildRequires which impacts bsc#1119414 fix Also add a corresponding Recommends for qemu-tools as part of this packaging adjustment (bsc#1130484) - Fix information leak in slirp (CVE-2019-9824 bsc#1129622) 0061-slirp-check-sscanf-result-when-emul.patch - Add method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (CVE-2019-8934 bsc#1126455) 0062-ppc-add-host-serial-and-host-model-.patch - Fix OOB memory access and information leak in virtual monitor interface (CVE-2019-03812 bsc#1125721) 0063-i2c-ddc-fix-oob-read.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Again address ipxe GCC 9 incompatibilities. Previously included patch to disable unneeded warning got muffed somehow (bsc#1121464)- Package and cross-build rom files for aarch64 from SLE15/Leap15.0 to fix boo#1125964 - Add patch to fix seabios cross-compilation: * seabios-fix_cross_compilation.patch - Add patch to fix sgabios cross-compilation: * sgabios-fix-cross-build.patch- Fix _constraints to include all architectures for disk size (fix aarch64)- Revert upstream patch which declares x86 vmx feature a migration blocker. Given the proliferation of using vm's with host features passed through and the general knowledge that nested virtualization has many usage caveats, but still gets put in use in restricted scenarios, this patch did more harm than good, I feel. So despite this relaxation, please consider yourself warned that nested virtualization is not yet a supportable feature. (bsc#1121604) 0058-Revert-target-i386-kvm-add-VMX-migr.patch - Fix SEV VM device assignment (bsc#1123205) 0059-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Remove 71-sev.rules, which modifies the default permissions of /dev/sev by adding the kvm group as reader/writer. Upstream decided to take a different approach for libvirt to manage SEV due to security concerns which I agree overrides the convenience of providing /dev/sev access to all the kvm group (bsc#1124842 bsc#1102604)- Increase memory needed to build qemu-testsuite for ppc* arch's in _constraints file- Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0057-s390x-Return-specification-exceptio.patch- Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156) 0056-slirp-check-data-length-while-emula.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Fix ipxe GCC 9 incompatibilities (bsc#1121464) ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch ipxe-build-Disable-gcc-address-of-packed-member-warning.patch- Tweak Xen interface to be compatible with upcoming v4.12 Xen 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0054-linux-user-make-pwrite64-pread64-fd.patch (bsc#1121600)- Clarify that move to include v3.1.0 in qemu package corresponds with fate#327089, which of course builds on v3.0.0 mentioned previously, and that among other patches which this change obsoletes (because functionality is included in base version) I will mention one pointed out by reviewers: 0094-s390x-cpumodels-add-z14-Model-ZR1.patch- include post v3.1.0 patches marked for next stable release: 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0045-hw-usb-fix-mistaken-de-initializati.patch - Address various security/stability issues * Fix host access vulnerability in usb-mtp infrastructure (CVE-2018-16872 bsc#1119493) 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch * Fix DoS in pvrdma interface (CVE-2018-20123 bsc#1119437) 0047-pvrdma-release-device-resources-in-.patch * Fix OOB access issue in rdma backend (CVE-2018-20124 bsc#1119840) 0048-rdma-check-num_sge-does-not-exceed-.patch * Fix NULL pointer reference in pvrdma emulation (CVE-2018-20191 bsc#1119979) 0049-pvrdma-add-uar_read-routine.patch * Fix DoS in pvrdma interface (CVE-2018-20125 bsc#1119989) 0050-pvrdma-check-number-of-pages-when-c.patch * Fix DoS in pvrdma interface (CVE-2018-20216 bsc#1119984) 0051-pvrdma-check-return-value-from-pvrd.patch * Fix DoS in pvrdma interface (CVE-2018-20126 bsc#1119991) 0052-pvrdma-release-ring-object-in-case-.patch - one more post v3.1.0 patches marked for next stable release: 0053-block-Fix-hangs-in-synchronous-APIs.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0040-xen-ignore-live-parameter-from-xen-.patch (bsc#1079730, bsc#1101982, bsc#1063993)- Follow up on ideas prompted by last change: clean up the patches generated by git workflow. There is no value to the first line (mbox From line), or [PATCH] on subject line. Get rid of those - Other minor fixes and improvements to update_git.sh- Modify update_git.sh script: pass --zero-commit to format-patch This removes needless noise in the buildservice when the same set of patches is imported/exported at different times by different users. pass --no-signature to format-patch Remove sed call which used to remove the signature, use mv instead- Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646)- fix memory leak in xen_disk (bsc#1100408) 0039-xen_disk-Avoid-repeated-memory-allo.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- building against xen-devel requires the XC_* compat macros to be set because this version of QEMU will be built against many versions of Xen. configure will decide on the appropriate function names it knows about today. To actually call these functions, future versions of Xen may require XC_* to be set. Furthermore, fix a bug in QEMU: xen_common.h undefines the XC_* macros unconditionally.- Update to v3.1.0: See http://wiki.qemu.org/ChangeLog/3.1 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * x86 IceLake-Server and IceLake-Client cpu models added * Document recommendations for choosing cpu modesl for x86 guests * Support for Hyper-V enlightened VMCS * stdvga and bochs-display devices can expose EDID information to the guest. stdvga xres and yres properties are exposed in the EDID information * s390 improvements: vfio-ap crypto device support, max-cpu model added, etoken support, huge page backing support * ARM: ARMv6M architecture and Cortex-M0 cpu host support added, Cortex-A72 cpu model added, GICv2 virtualization extensions, emulation of AArch32 virtualization, Scalable Vector Extension implemented * Support for AMD IOMMU interrupt remapping and guest virtual APIC mode * Multithreaded TCG on x86 is considered supportable * Add a patch to triple timeout of block io tests, since the obs environment is fickle * x86 save/restore and live migration is prohibited if Intel KVM nested virtualization is enabled * Patches dropped (upstream unless otherwise noted): 0033-migration-warn-about-inconsistent-s.patch (shouldn't be needed anymore) 0035-configure-Modify-python-used-for-io.patch (upstream now python3 friendly) 0039-tests-boot-serial-test-Bump-timeout.patch 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch 0047-linux-user-init_guest_space-Try-to-.patch 0048-ne2000-fix-possible-out-of-bound-ac.patch 0049-rtl8139-fix-possible-out-of-bound-a.patch 0050-pcnet-fix-possible-buffer-overflow.patch 0051-net-ignore-packet-size-greater-than.patch 0052-lsi53c895a-check-message-length-val.patch 0053-nvme-fix-oob-access-issue-CVE-2018-.patch (fixed differently upstream) * Patches renamed: 0034-smbios-Add-1-terminator-if-any-stri.patch - > 0033-smbios-Add-1-terminator-if-any-stri.patch 0036-qemu-io-tests-comment-out-problemat.patch - > 0034-qemu-io-tests-comment-out-problemat.patch 0037-tests-test-thread-pool-is-racy-add-.patch - > 0035-tests-test-thread-pool-is-racy-add-.patch 0038-xen-add-block-resize-support-for-xe.patch - > 0036-xen-add-block-resize-support-for-xe.patch * Patches added: 0037-tests-qemu-iotests-Triple-timeout-o.patch 0038-tests-block-io-test-130-needs-some-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Update includes the following bug fixes: bsc#1108474, bsc#1117615 - Update includes the following SLE requested functionality: FATE#324810, FATE#325875, FATE#326369, FATE#326378, FATE#326379, FATE#326401, FATE#326672, FATE#326829 - Make the following packaging changes related to the new release * Enable libpmem, pvrdma, vhost-crypto features and qemu-block-nfs subpackage * New roms available: vgabios-bochs-display.bin, vgabios-ramfb.bin * New binary tool included (qemu-edid) for testing the new qemu edid generator - Tweaked patches we carry to pass qemu's checkpatch checker - Modify update_git.sh script to enable packaging qemu from development time sources, not just at release time - Removed erroneous (and now useless) tests for tar and gzip formats - Don't exclude s390x anymore from building the qemu-testsuite - Based on current OBS building observations make changes to storage and memory requires specified in the _constraints file- Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2018-10839 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 * bsc#1110910 bsc#1111006 bsc#1111010 bsc#1111013 bsc#1114422 bsc#1114529 * Patches added: 0047-linux-user-init_guest_space-Try-to-.patch 0048-ne2000-fix-possible-out-of-bound-ac.patch 0049-rtl8139-fix-possible-out-of-bound-a.patch 0050-pcnet-fix-possible-buffer-overflow.patch 0051-net-ignore-packet-size-greater-than.patch 0052-lsi53c895a-check-message-length-val.patch 0053-nvme-fix-oob-access-issue-CVE-2018-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0* Adding changes to mitigate seccomp vulnerability (CVE-2018-15746 bsc#1106222) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 * Patches added: 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch- Do more misc spec file fixes: * Be explicit in spec file about Version used for all subpackages (again, to avoid subpackage ordering issues). Default Release tag is also brought in by obs format_spec_file service * Delete binary blob s390-netboot.img, which we rebuild * Don't provide separate Url for qemu-kvm package - the main qemu website provides easily findable link for kvm specifics * Associate petalogix-ml605.dtb with qemu-extra instead of qemu-ppc * More entry sorting- Correct some versioning as follows: * Accurately reflect the qemu-ipxe package version value by adding "+" at the end * Don't overwrite seabios .version file, since now (for quite some time actually) upstream tarball creation creates this file and the value we are writing to it is actually wrong - Make spec file improvements, including the following: * Add qemu.keyring to enable package source verification * Create srcname macro to identify source file name separately from package name * Create alternate to %version to avoid subpackage ordering causing inadvertantly wrong %version value at point of use * Sort some entries * Be more consistent with macro syntax usage * Minor file tweaks as done by osc format_spec_file service- Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746 * fate#325467 * bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735 bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489 * Patches added: * only enable glusterfs for openSUSE 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Increase timeout for boot-serial-test, since we've hit the timeout for armv7l arch in qemu-testsuite. 0039-tests-boot-serial-test-Bump-timeout.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Drop legacy kvm_stat script and man page. We'll rely on the kvm_stat package only going forward kvm_stat kvm_stat.1.gz - Update SLE support documentation to match v3.0.0 release- Update to v3.0.0: See http://wiki.qemu.org/ChangeLog/3.0 Don't read anything into the major version number update. It's been decided to increase the major version number each year. Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package. Some noteworthy changes: * Support for additional x86/AMD mitigations against Speculative Store Bypass (Spectre Variant 4, CVE-2018-3639) * Improved support for nested KVM guests running on Hyper-V * Block device support for active disk-mirroring, which avoids convergence issues which may arise when doing passive/background mirroring of busy devices * Improved support for AHCI emulation, SCSI emulation, and persistent reservations / cluster management * OpenGL ES support for SDL front-end, additional framebuffer device options for early boot display without using legacy VGA emulation * Live migration support for TPM TIS devices, capping bandwidth usage during post-copy migration, and recovering from a failed post-copy migration * Improved latency when using user-mode networking / SLIRP * ARM: support for SMMUv3 IOMMU when using 'virt' machine type * ARM: v8M extensions for VLLDM and VLSTM floating-point instructions, and improved support for AArch64 v8.2 FP16 extensions * ARM: support for Scalable Vector Extensions in linux-user mode * Microblaze: support for 64-bit address sizes and translation bug fixes * PowerPC: PMU support for mac99 machine type and improvements for Uninorth PCI host bridge emulation for Mac machine types * PowerPC: preliminary support for emulating POWER9 hash MMU mode when using powernv machine type * RISC-V: improvement for privileged ISA emulation * s390: support for z14 ZR1 CPU model * s390: bpb/ppa15 Spectre mitigations enabled by default for z196 and later CPU models * s390: support for configuring consoles via -serial options * Patches dropped (upstream unless otherwise noted): 0008-linux-user-fix-segfault-deadlock.patch (no longer needed) 0039-blockjob-Fix-assertion-in-block_job.patch 0041-seccomp-allow-sched_setscheduler-wi.patch Make-installed-scripts-explicitly-python3.patch (we now make python3 explicit in other patch) * Patches renamed: 0009-linux-user-binfmt-support-host-bina.patch - > 0008-linux-user-binfmt-support-host-bina.patch 0010-linux-user-Fake-proc-cpuinfo.patch - > 0009-linux-user-Fake-proc-cpuinfo.patch 0011-Remove-problematic-evdev-86-key-fro.patch - > 0010-Remove-problematic-evdev-86-key-fro.patch 0012-linux-user-use-target_ulong.patch - > 0011-linux-user-use-target_ulong.patch 0013-Make-char-muxer-more-robust-wrt-sma.patch - > 0012-Make-char-muxer-more-robust-wrt-sma.patch 0014-linux-user-lseek-explicitly-cast-no.patch - > 0013-linux-user-lseek-explicitly-cast-no.patch 0015-AIO-Reduce-number-of-threads-for-32.patch - > 0014-AIO-Reduce-number-of-threads-for-32.patch 0016-xen_disk-Add-suse-specific-flush-di.patch - > 0015-xen_disk-Add-suse-specific-flush-di.patch 0017-qemu-bridge-helper-reduce-security-.patch - > 0016-qemu-bridge-helper-reduce-security-.patch 0018-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0019-linux-user-properly-test-for-infini.patch - > 0018-linux-user-properly-test-for-infini.patch 0020-roms-Makefile-pass-a-packaging-time.patch - > 0019-roms-Makefile-pass-a-packaging-time.patch 0021-Raise-soft-address-space-limit-to-h.patch - > 0020-Raise-soft-address-space-limit-to-h.patch 0022-increase-x86_64-physical-bits-to-42.patch - > 0021-increase-x86_64-physical-bits-to-42.patch 0023-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0024-i8254-Fix-migration-from-SLE11-SP2.patch - > 0023-i8254-Fix-migration-from-SLE11-SP2.patch 0025-acpi_piix4-Fix-migration-from-SLE11.patch - > 0024-acpi_piix4-Fix-migration-from-SLE11.patch 0026-Fix-tigervnc-long-press-issue.patch - > 0025-Fix-tigervnc-long-press-issue.patch 0027-string-input-visitor-Fix-uint64-par.patch - > 0026-string-input-visitor-Fix-uint64-par.patch 0028-test-string-input-visitor-Add-int-t.patch - > 0027-test-string-input-visitor-Add-int-t.patch 0029-test-string-input-visitor-Add-uint6.patch - > 0028-test-string-input-visitor-Add-uint6.patch 0030-tests-Add-QOM-property-unit-tests.patch - > 0029-tests-Add-QOM-property-unit-tests.patch 0031-tests-Add-scsi-disk-test.patch - > 0030-tests-Add-scsi-disk-test.patch 0032-Switch-order-of-libraries-for-mpath.patch - > 0031-Switch-order-of-libraries-for-mpath.patch 0033-Make-installed-scripts-explicitly-p.patch - > 0032-Make-installed-scripts-explicitly-p.patch (python2->python3) 0034-migration-warn-about-inconsistent-s.patch - > 0033-migration-warn-about-inconsistent-s.patch 0035-smbios-Add-1-terminator-if-any-stri.patch - > 0034-smbios-Add-1-terminator-if-any-stri.patch 0036-configure-Modify-python-used-for-io.patch - > 0035-configure-Modify-python-used-for-io.patch 0037-qemu-io-tests-comment-out-problemat.patch - > 0036-qemu-io-tests-comment-out-problemat.patch 0038-tests-test-thread-pool-is-racy-add-.patch - > 0037-tests-test-thread-pool-is-racy-add-.patch 0040-xen-add-block-resize-support-for-xe.patch - > 0038-xen-add-block-resize-support-for-xe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Update QEMU to allow kvm group access to /dev/sev (bsc#1102604). 71-sev.rules- Update to v2.12.1, a stable, (mostly) bug-fix-only release * This update contains new mitigation functionality for CVE-2018-3639 (Speculative Store Bypass) in x86. There are also bug fixes for migration, Intel IOMMU emulation, block layer/image handling, ARM emulation, and various other areas. (Note that a number of 2.12.1 patches were already included by us previously) (CVE-2018-3639 bsc#1092885) * Patches dropped (subsumed by stable update): 0039-device_tree-Increase-FDT_MAX_SIZE-t.patch 0040-vnc-fix-use-after-free.patch 0041-ccid-Fix-dwProtocols-advertisement-.patch 0042-tcg-arm-Fix-memory-barrier-encoding.patch 0043-s390-ccw-force-diag-308-subcode-to-.patch 0044-nbd-client-fix-nbd_negotiate_simple.patch 0045-migration-block-dirty-bitmap-fix-me.patch 0046-nbd-client-Fix-error-messages-durin.patch 0047-nbd-client-Relax-handling-of-large-.patch 0048-qxl-fix-local-renderer-crash.patch 0049-tcg-Limit-the-number-of-ops-in-a-TB.patch 0050-target-arm-Clear-SVE-high-bits-for-.patch 0051-cpus-tcg-fix-never-exiting-loop-on-.patch 0052-s390x-css-disabled-subchannels-cann.patch 0053-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0054-virtio-ccw-common-reset-handler.patch 0055-s390x-ccw-make-sure-all-ccw-devices.patch 0056-blockjob-expose-error-string-via-qu.patch 0058-qemu-io-Use-purely-string-blockdev-.patch 0059-qemu-img-Use-only-string-options-in.patch 0060-nfs-Remove-processed-options-from-Q.patch 0061-i386-define-the-ssbd-CPUID-feature-.patch 0062-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch 0064-ahci-fix-PxCI-register-race.patch 0065-ccid-card-passthru-fix-regression-i.patch * Patches renamed: 0057-blockjob-Fix-assertion-in-block_job.patch - > 0039-blockjob-Fix-assertion-in-block_job.patch 0066-xen-add-block-resize-support-for-xe.patch - > 0040-xen-add-block-resize-support-for-xe.patch 0067-seccomp-allow-sched_setscheduler-wi.patch - > 0041-seccomp-allow-sched_setscheduler-wi.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fixing seccomp resourcecontrol defunct issue (bsc#1102627) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-seccomp-allow-sched_setscheduler-wi.patch- Add ipxe-fix-build.patch to not error out with binutils >= 2.31 .- Remove linux-user patch which is no longer needed (bsc#1098056) * Patches dropped: 0011-linux-user-XXX-disable-fiemap.patch * Patches renamed: 0036-Remove-problematic-evdev-86-key-fro.patch - > 0011-Remove-problematic-evdev-86-key-fro.patch 0037-configure-Modify-python-used-for-io.patch - > 0036-configure-Modify-python-used-for-io.patch 0038-qemu-io-tests-comment-out-problemat.patch - > 0037-qemu-io-tests-comment-out-problemat.patch 0039-tests-test-thread-pool-is-racy-add-.patch - > 0038-tests-test-thread-pool-is-racy-add-.patch 0040-device_tree-Increase-FDT_MAX_SIZE-t.patch - > 0039-device_tree-Increase-FDT_MAX_SIZE-t.patch 0041-vnc-fix-use-after-free.patch - > 0040-vnc-fix-use-after-free.patch 0042-ccid-Fix-dwProtocols-advertisement-.patch - > 0041-ccid-Fix-dwProtocols-advertisement-.patch 0043-tcg-arm-Fix-memory-barrier-encoding.patch - > 0042-tcg-arm-Fix-memory-barrier-encoding.patch 0044-s390-ccw-force-diag-308-subcode-to-.patch - > 0043-s390-ccw-force-diag-308-subcode-to-.patch 0045-nbd-client-fix-nbd_negotiate_simple.patch - > 0044-nbd-client-fix-nbd_negotiate_simple.patch 0046-migration-block-dirty-bitmap-fix-me.patch - > 0045-migration-block-dirty-bitmap-fix-me.patch 0047-nbd-client-Fix-error-messages-durin.patch - > 0046-nbd-client-Fix-error-messages-durin.patch 0048-nbd-client-Relax-handling-of-large-.patch - > 0047-nbd-client-Relax-handling-of-large-.patch 0049-qxl-fix-local-renderer-crash.patch - > 0048-qxl-fix-local-renderer-crash.patch 0050-tcg-Limit-the-number-of-ops-in-a-TB.patch - > 0049-tcg-Limit-the-number-of-ops-in-a-TB.patch 0051-target-arm-Clear-SVE-high-bits-for-.patch - > 0050-target-arm-Clear-SVE-high-bits-for-.patch 0052-cpus-tcg-fix-never-exiting-loop-on-.patch - > 0051-cpus-tcg-fix-never-exiting-loop-on-.patch 0053-s390x-css-disabled-subchannels-cann.patch - > 0052-s390x-css-disabled-subchannels-cann.patch 0054-pc-bios-s390-ccw-struct-tpi_info-mu.patch - > 0053-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0055-virtio-ccw-common-reset-handler.patch - > 0054-virtio-ccw-common-reset-handler.patch 0056-s390x-ccw-make-sure-all-ccw-devices.patch - > 0055-s390x-ccw-make-sure-all-ccw-devices.patch 0057-blockjob-expose-error-string-via-qu.patch - > 0056-blockjob-expose-error-string-via-qu.patch 0058-blockjob-Fix-assertion-in-block_job.patch - > 0057-blockjob-Fix-assertion-in-block_job.patch 0059-qemu-io-Use-purely-string-blockdev-.patch - > 0058-qemu-io-Use-purely-string-blockdev-.patch 0060-qemu-img-Use-only-string-options-in.patch - > 0059-qemu-img-Use-only-string-options-in.patch 0061-nfs-Remove-processed-options-from-Q.patch - > 0060-nfs-Remove-processed-options-from-Q.patch 0062-i386-define-the-ssbd-CPUID-feature-.patch - > 0061-i386-define-the-ssbd-CPUID-feature-.patch 0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch - > 0062-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0064-i386-define-the-AMD-virt-ssbd-CPUID.patch - > 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch 0065-ahci-fix-PxCI-register-race.patch - > 0064-ahci-fix-PxCI-register-race.patch 0066-ccid-card-passthru-fix-regression-i.patch - > 0065-ccid-card-passthru-fix-regression-i.patch 0067-xen-add-block-resize-support-for-xe.patch - > 0066-xen-add-block-resize-support-for-xe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix build failure of skiboot with gcc8 compiler skiboot-hdata-i2c.c-fix-building-with-gcc8.patch- Tweak build service constraints information to avoid failures- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-xen-add-block-resize-support-for-xe.patch- Tweak patch file generation to be more git version agnostic. Also change update_git.sh to not reformat spec file by default.- Looks like the right fix for the AHCI issue has been identified upstream. Turns out to also affect Linux guests as well. (bsc#1094406) * Patches dropped: 0065-Revert-replay-don-t-process-async-e.patch 0066-Revert-replay-avoid-recursive-call-.patch 0067-Revert-replay-check-return-values-o.patch 0068-Revert-replay-push-replay_mutex_loc.patch * Patches added: 0065-ahci-fix-PxCI-register-race.patch - Fix a regresssion introduced in v2.12.0 for ccid-card-passthrough (bsc#1095419) 0066-ccid-card-passthru-fix-regression-i.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix qemu-guest-agent service issue (bsc#1094898)- Spectre v4 vulnerability mitigation support for KVM guests. High level description of vulnerability: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This change permits the new x86 cpu feature flag named "ssbd" to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled, via adding it to the qemu commandline (eg: -cpu ,+spec-ctrl,+ssbd), so the guest OS can take advantage of the feature, spec-ctrl and ssbd support is also required in the host. Another new x86 cpu feature flag named "virt-ssbd" is also added to handle this vulnerability for AMD processors. (CVE-2018-3639 bsc#1092885) 0062-i386-define-the-ssbd-CPUID-feature-.patch 0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0064-i386-define-the-AMD-virt-ssbd-CPUID.patch - Replay code introduced an issue for AHCI emulation, where on Windows 10 I/O would stop randomly, and Windows would then reset the AHCI device. The issue is not yet fully identified, but reverting some of those changes is at least for now a workaround. (bsc#1094406) 0065-Revert-replay-don-t-process-async-e.patch 0066-Revert-replay-avoid-recursive-call-.patch 0067-Revert-replay-check-return-values-o.patch 0068-Revert-replay-push-replay_mutex_loc.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Add some upstream fixes targeted for the next stable release 0040-device_tree-Increase-FDT_MAX_SIZE-t.patch 0041-vnc-fix-use-after-free.patch 0042-ccid-Fix-dwProtocols-advertisement-.patch 0043-tcg-arm-Fix-memory-barrier-encoding.patch 0044-s390-ccw-force-diag-308-subcode-to-.patch 0045-nbd-client-fix-nbd_negotiate_simple.patch 0046-migration-block-dirty-bitmap-fix-me.patch 0047-nbd-client-Fix-error-messages-durin.patch 0048-nbd-client-Relax-handling-of-large-.patch 0049-qxl-fix-local-renderer-crash.patch 0050-tcg-Limit-the-number-of-ops-in-a-TB.patch 0051-target-arm-Clear-SVE-high-bits-for-.patch 0052-cpus-tcg-fix-never-exiting-loop-on-.patch 0053-s390x-css-disabled-subchannels-cann.patch 0054-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0055-virtio-ccw-common-reset-handler.patch 0056-s390x-ccw-make-sure-all-ccw-devices.patch 0057-blockjob-expose-error-string-via-qu.patch 0058-blockjob-Fix-assertion-in-block_job.patch 0059-qemu-io-Use-purely-string-blockdev-.patch 0060-qemu-img-Use-only-string-options-in.patch 0061-nfs-Remove-processed-options-from-Q.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix qemu-guest-agent uninstall (bsc#1093169) - Minor tweak to qemu spec file- Update to v2.12.0: See http://wiki.qemu.org/ChangeLog/2.12 Some noteworthy changes: CLI options removed: -tdf, -no-kvm-pit, -drive boot, -net channel, - net dump, -hdachs, -drive,if=scsi HMP commands removed: usb_add, usb_del, host_net_add, host_net_remove Q35 default nic now e1000e AMD SEV support - smbios supports setting data for type 11 tables audio and display support split out as modules - nic for simple creation of guest NIC and host back-end QMP monitor "out-of-band" capability lots of ARM and s390 improvements - Include more of upstream's in-tree tests in the qemu-testsuite package * Patches dropped: 0033-memfd-fix-configure-test.patch 0034-qapi-use-items-values-intead-of-ite.patch 0035-qapi-Use-OrderedDict-from-standard-.patch 0036-qapi-adapt-to-moved-location-of-Str.patch 0037-qapi-Adapt-to-moved-location-of-mak.patch 0038-qapi-remove-q-arg-to-diff-when-comp.patch 0039-qapi-ensure-stable-sort-ordering-wh.patch 0040-qapi-force-a-UTF-8-locale-for-runni.patch 0041-scripts-ensure-signrom-treats-data-.patch 0042-configure-allow-use-of-python-3.patch 0043-input-add-missing-JIS-keys-to-virti.patch 0045-pc-fail-memory-hot-plug-unplug-with.patch 0046-memattrs-add-debug-attribute.patch 0047-exec-add-ram_debug_ops-support.patch 0048-exec-add-debug-version-of-physical-.patch 0049-monitor-i386-use-debug-APIs-when-ac.patch 0050-machine-add-memory-encryption-prope.patch 0051-kvm-update-kvm.h-to-include-memory-.patch 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch 0053-target-i386-add-Secure-Encrypted-Vi.patch 0054-qmp-add-query-sev-command.patch 0055-sev-i386-add-command-to-initialize-.patch 0056-qmp-populate-SevInfo-fields-with-SE.patch 0057-sev-i386-register-the-guest-memory-.patch 0058-kvm-introduce-memory-encryption-API.patch 0059-hmp-add-info-sev-command.patch 0060-sev-i386-add-command-to-create-laun.patch 0061-sev-i386-add-command-to-encrypt-gue.patch 0062-target-i386-encrypt-bios-rom.patch 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch 0064-sev-i386-finalize-the-SEV-guest-lau.patch 0065-hw-i386-set-ram_debug_ops-when-memo.patch 0066-sev-i386-add-debug-encrypt-and-decr.patch 0067-target-i386-clear-C-bit-when-walkin.patch 0068-include-add-psp-sev.h-header-file.patch 0069-sev-i386-add-support-to-query-PLATF.patch 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch 0071-qmp-add-query-sev-launch-measure-co.patch 0072-tests-qmp-test-blacklist-query-sev-.patch 0073-sev-i386-add-migration-blocker.patch 0074-cpu-i386-populate-CPUID-0x8000_001F.patch 0075-migration-warn-about-inconsistent-s.patch 0076-smbios-support-setting-OEM-strings-.patch 0077-smbios-Add-1-terminator-if-any-stri.patch 0078-Remove-problematic-evdev-86-key-fro.patch 0079-tpm-lookup-cancel-path-under-tpm-de.patch 0080-vga-fix-region-calculation.patch skiboot-GCC7-fixes-for-Wimplicit-fallthr.patch skiboot-libc-stdio-vsnprintf.c-add-expli.patch skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch ui-keycodemapdb-Add-missing-QKeyCode-val.patch ui-keycodemapdb-Fix-compat-with-py3-dict.patch * Patches renamed: 0044-Make-installed-scripts-explicitly-p.patch - > 0033-Make-installed-scripts-explicitly-p.patch 0075-migration-warn-about-inconsistent-s.patch - > 0034-migration-warn-about-inconsistent-s.patch 0077-smbios-Add-1-terminator-if-any-stri.patch - > 0035-smbios-Add-1-terminator-if-any-stri.patch 0078-Remove-problematic-evdev-86-key-fro.patch - > 0036-Remove-problematic-evdev-86-key-fro.patch * Patches added: 0037-configure-Modify-python-used-for-io.patch 0038-qemu-io-tests-comment-out-problemat.patch 0039-tests-test-thread-pool-is-racy-add-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix autoinstall of qemu-guest-agent by getting the modalias string right (bsc#1091143)- Guard strncpy call with GCC pragma to disable warning about possible incorrect usage, when in fact it is correct. This is for gcc 8 compatibility (bsc#1090355) ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch- Add WantedBy for enable qemu-ga@.service auto start (bsc#1090369)- fix qemu-ga service file name (bsc#1089067)- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604) 0080-vga-fix-region-calculation.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Add new look up path "sys/class/tpm" for tpm cancel path based on Linux 4.0 change (commit 313d21eeab9282e)(bsc#1070615) 0079-tpm-lookup-cancel-path-under-tpm-de.patch- Fix issue with key codes in qemu v2.11 0078-Remove-problematic-evdev-86-key-fro.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 * Patches added: 0077-smbios-Add-1-terminator-if-any-stri.patch bsc#994082 and bsc#1084316- Add support for setting OEM strings table (fate#323624) 0076-smbios-support-setting-OEM-strings-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- SLE15 KVM (as targeted for RC1) now has the feature exposed. Drop the patch. (bsc#1082276) 0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Change example qemu-ifup script to not depend on bridge-utils. Also update the paths used for ip binary.- Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor.- Update to v2.11.1, a stable, (mostly) bug-fix-only release In addition to bug fixes, of necessity fixes are needed to address the Spectre v2 vulnerability by passing along to the guest new hardware features introduced by host microcode updates. A January 2018 release of qemu initially addressed this issue by exposing the feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on the upstream solution. This update instead defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) s390x guest vulnerability to Spectre v2 is also addressed in this update by including support for bpb and ppa/stfle.81 features. (CVE-2017-5715 bsc#1068032) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ - Unfortunately, it was found that our current KVM isn't correctly indicating support for the spec-ctrl feature, so I've added a patch to still detect that support within QEMU. This is of course a temporary kludge until KVM gets fixed. (bsc#1082276) - The SEV support patches are updated to the v9 series. - Fix incompatibility with recent glibc (boo#1081154) - Add Supplements tags for the guest agent package in an attempt to auto-install for QEMU and Xen SUSE Linux guests (fate#323570) * Patches dropped (subsumed by stable update, or reworked in v9): 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch 0050-target-i386-add-memory-encryption-f.patch 0054-accel-add-Secure-Encrypted-Virtuliz.patch 0072-sev-Fix-build-for-non-x86-hosts.patch * Patches added: 0033-memfd-fix-configure-test.patch 0053-target-i386-add-Secure-Encrypted-Vi.patch 0056-qmp-populate-SevInfo-fields-with-SE.patch 0072-tests-qmp-test-blacklist-query-sev-.patch 0073-sev-i386-add-migration-blocker.patch 0074-cpu-i386-populate-CPUID-0x8000_001F.patch 0075-migration-warn-about-inconsistent-s.patch 0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch * Patches renamed (plus some minor code changes): 0051-machine-add-memory-encryption-prope.patch - > 0050-machine-add-memory-encryption-prope.patch 0052-kvm-update-kvm.h-to-include-memory-.patch - > 0051-kvm-update-kvm.h-to-include-memory-.patch 0053-docs-add-AMD-Secure-Encrypted-Virtu.patch - > 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch 0055-sev-add-command-to-initialize-the-m.patch - > 0055-sev-i386-add-command-to-initialize-.patch 0056-sev-register-the-guest-memory-range.patch - > 0057-sev-i386-register-the-guest-memory-.patch 0057-kvm-introduce-memory-encryption-API.patch - > 0058-kvm-introduce-memory-encryption-API.patch 0058-qmp-add-query-sev-command.patch - > 0054-qmp-add-query-sev-command.patch 0060-sev-add-command-to-create-launch-me.patch - > 0060-sev-i386-add-command-to-create-laun.patch 0061-sev-add-command-to-encrypt-guest-me.patch - > 0061-sev-i386-add-command-to-encrypt-gue.patch 0063-sev-add-support-to-LAUNCH_MEASURE-c.patch - > 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch 0064-sev-Finalize-the-SEV-guest-launch-f.patch - > 0064-sev-i386-finalize-the-SEV-guest-lau.patch 0066-sev-add-debug-encrypt-and-decrypt-c.patch - > 0066-sev-i386-add-debug-encrypt-and-decr.patch 0069-sev-add-support-to-query-PLATFORM_S.patch - > 0069-sev-i386-add-support-to-query-PLATF.patch 0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch - > 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Add AMD SEV (Secure Encrypted Virtualization) support by taking the v7 series of the patches posted to qemu ml. (fate#322124) 0046-memattrs-add-debug-attribute.patch 0047-exec-add-ram_debug_ops-support.patch 0048-exec-add-debug-version-of-physical-.patch 0049-monitor-i386-use-debug-APIs-when-ac.patch 0050-target-i386-add-memory-encryption-f.patch 0051-machine-add-memory-encryption-prope.patch 0052-kvm-update-kvm.h-to-include-memory-.patch 0053-docs-add-AMD-Secure-Encrypted-Virtu.patch 0054-accel-add-Secure-Encrypted-Virtuliz.patch 0055-sev-add-command-to-initialize-the-m.patch 0056-sev-register-the-guest-memory-range.patch 0057-kvm-introduce-memory-encryption-API.patch 0058-qmp-add-query-sev-command.patch 0059-hmp-add-info-sev-command.patch 0060-sev-add-command-to-create-launch-me.patch 0061-sev-add-command-to-encrypt-guest-me.patch 0062-target-i386-encrypt-bios-rom.patch 0063-sev-add-support-to-LAUNCH_MEASURE-c.patch 0064-sev-Finalize-the-SEV-guest-launch-f.patch 0065-hw-i386-set-ram_debug_ops-when-memo.patch 0066-sev-add-debug-encrypt-and-decrypt-c.patch 0067-target-i386-clear-C-bit-when-walkin.patch 0068-include-add-psp-sev.h-header-file.patch 0069-sev-add-support-to-query-PLATFORM_S.patch 0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch 0071-qmp-add-query-sev-launch-measure-co.patch 0072-sev-Fix-build-for-non-x86-hosts.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Update python3 related patches now that they are upstream- guest agent: change service file to a template so it can be used by Xen as well. Adjust udev rule accordingly. FATE#324963- Fix machine inconsistency with -no-acpi and nvdimm (bsc#1077823) 0045-pc-fail-memory-hot-plug-unplug-with.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Modify BuildRequires python references - seabios also needed tweaks for python2 vs python3 * Patches added: seabios-use-python2-explicitly-as-needed.patch seabios-switch-to-python3-as-needed.patch- Try to get our story right wrt python2 vs python3 (bsc#1077564) * Get rid of use of #!/usr/bin/env python in scripts we install * include proposed upstream build system changes needed for building with python2 or python3 * Patches dropped: 0032-scripts-avoid-usr-bin-python-refere.patch * Patches renamed: 0033-Switch-order-of-libraries-for-mpath.patch - > 0032-Switch-order-of-libraries-for-mpath.patch 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch - > 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch * Patches added: 0034-qapi-use-items-values-intead-of-ite.patch 0035-qapi-Use-OrderedDict-from-standard-.patch 0036-qapi-adapt-to-moved-location-of-Str.patch 0037-qapi-Adapt-to-moved-location-of-mak.patch 0038-qapi-remove-q-arg-to-diff-when-comp.patch 0039-qapi-ensure-stable-sort-ordering-wh.patch 0040-qapi-force-a-UTF-8-locale-for-runni.patch 0041-scripts-ensure-signrom-treats-data-.patch 0042-configure-allow-use-of-python-3.patch 0043-input-add-missing-JIS-keys-to-virti.patch 0044-Make-installed-scripts-explicitly-p.patch Make-installed-scripts-explicitly-python3.patch ui-keycodemapdb-Add-missing-QKeyCode-val.patch ui-keycodemapdb-Fix-compat-with-py3-dict.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Fix packaging dependencies (coreutils) for qemu-ksm package (bsc#1040202)- Pass through to guest info related to x86 security vulnerability (CVE-2017-5715 bsc#1068032) 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Update to v2.11.0: See http://wiki.qemu.org/ChangeLog/2.11 Some noteworthy changes: - nodefconfig is now deprecated legacy pci-assignment code removed qemu-pr-helper added for handling guest persistant reservations (bsc#891066, bsc#910704, bsc#943807) qemu-keymap tool added for generating keymap files throttle block filter driver added support for a TPM emulator qcow2 image shrink support better support for >=64 vcpus for Windows guests nested KVM related improvements s390 pgste handling now done better EPYC cpu model added (bsc#1052825) improvements in qcow2 buffer handling vhost-user resume issue fixed migration hardening ARMv8-M security extension support more seccomp/sandboxing options available s390 cpu hot-plug improvements misc. virtfs improvements nbd improvements MTTCG improvements misc. TCG improvements scsi correctness improvements SEABIOS now has serial output option * Includes fixes for CVE-2017-15118 bsc#1070147, CVE-2017-15119 bsc#1070144 * Adds KASLR support (fate#323473, bsc#1070281) * Update SLE support docs to match this release * simplify spec file to expect at least sle_version >= 1315 * Patches dropped (upstream): 0013-console-add-question-mark-escape-op.patch 0020-configure-Fix-detection-of-seccomp-.patch 0034-target-i386-cpu-Add-new-EPYC-CPU-mo.patch 0035-chardev-baum-fix-baum-that-releases.patch 0036-io-fix-temp-directory-used-by-test-.patch 0037-io-fix-check-for-handshake-completi.patch 0038-crypto-fix-test-cert-generation-to-.patch 0039-vhost-user-disable-the-broken-subpr.patch 0040-io-monitor-encoutput-buffer-size-fr.patch 0041-cirrus-fix-oob-access-in-mode4and5-.patch 0042-9pfs-use-g_malloc0-to-allocate-spac.patch * Patches renamed: 0014-Make-char-muxer-more-robust-wrt-sma.patch - > 0013-Make-char-muxer-more-robust-wrt-sma.patch 0015-linux-user-lseek-explicitly-cast-no.patch - > 0014-linux-user-lseek-explicitly-cast-no.patch 0016-AIO-Reduce-number-of-threads-for-32.patch - > 0015-AIO-Reduce-number-of-threads-for-32.patch 0017-xen_disk-Add-suse-specific-flush-di.patch - > 0016-xen_disk-Add-suse-specific-flush-di.patch 0018-qemu-bridge-helper-reduce-security-.patch - > 0017-qemu-bridge-helper-reduce-security-.patch 0019-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0018-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0021-linux-user-properly-test-for-infini.patch - > 0019-linux-user-properly-test-for-infini.patch 0022-roms-Makefile-pass-a-packaging-time.patch - > 0020-roms-Makefile-pass-a-packaging-time.patch 0023-Raise-soft-address-space-limit-to-h.patch - > 0021-Raise-soft-address-space-limit-to-h.patch 0024-increase-x86_64-physical-bits-to-42.patch - > 0022-increase-x86_64-physical-bits-to-42.patch 0025-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0023-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0026-i8254-Fix-migration-from-SLE11-SP2.patch - > 0024-i8254-Fix-migration-from-SLE11-SP2.patch 0027-acpi_piix4-Fix-migration-from-SLE11.patch - > 0025-acpi_piix4-Fix-migration-from-SLE11.patch 0028-Fix-tigervnc-long-press-issue.patch - > 0026-Fix-tigervnc-long-press-issue.patch 0029-string-input-visitor-Fix-uint64-par.patch - > 0027-string-input-visitor-Fix-uint64-par.patch 0030-test-string-input-visitor-Add-int-t.patch - > 0028-test-string-input-visitor-Add-int-t.patch 0031-test-string-input-visitor-Add-uint6.patch - > 0029-test-string-input-visitor-Add-uint6.patch 0032-tests-Add-QOM-property-unit-tests.patch - > 0030-tests-Add-QOM-property-unit-tests.patch 0033-tests-Add-scsi-disk-test.patch - > 0031-tests-Add-scsi-disk-test.patch 0043-scripts-avoid-usr-bin-python-refere.patch - > 0032-scripts-avoid-usr-bin-python-refere.patch * We need the multipath libraries link order switched 0033-Switch-order-of-libraries-for-mpath.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Avoid ref to /usr/bin/python in vmstate-static-checker.py script 0043-scripts-avoid-usr-bin-python-refere.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- For SLE15, it's been decided to stop providing SDL based graphics due to packaging constraints. Long ago GTK became the default, and there is little benefit to providing both. For now, keep it enabled for openSUSE (Tumblweed and Leap), but consider it marked deprecated there and if no one complains it will be removed for openSUSE as well in the near future. (fate#324465) - Fix problem building skiboot.lid skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch- Wrap analyze-migration and vmstate-static-checker into tools from qemu scripts folder, also changed introduction of qemu-tools in spec file - Move supportplugin position in spec file- Add announcement in support docs about qed storage format no longer being supported in next major SLE release (SLE15) (fate#324200) - Address various security/stability issues * Fix DoS in I/O channel websockets (CVE-2017-15268 bsc#1062942) 0040-io-monitor-encoutput-buffer-size-fr.patch * Fix OOB access in cirrus vga device emulation (CVE-2017-15289 bsc#1063122) 0041-cirrus-fix-oob-access-in-mode4and5-.patch * Fix information leak in 9pfs interface (CVE-2017-15038 bsc#1062069) 0042-9pfs-use-g_malloc0-to-allocate-spac.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Don't tie glusterfs support to specific arch - Build skiboot firmware (OPAL), particularly since it's fairly easy to do so skiboot-GCC7-fixes-for-Wimplicit-fallthr.patch skiboot-libc-stdio-vsnprintf.c-add-expli.patch- Added the global macro 'with_glusterfs' in order to re-enable glusterfs support. The macro enable easier future adjustments for various ARCH/targets/requiremnets. At first glusterfs support is enabled for openSUSE Leap 42.x and Factory for ARCH x86_64.- Add dependencies on ovmf (uefi) for the qemu-x86 and qemu-arm packages - Fix s390-netboot.img to be included with qemu-s390 package, not qemu-ppc- Update to v2.10.1, a stable, bug-fix-only release * fixes bsc#1056386 CVE-2017-13673, bsc#1056334 CVE-2017-13672, bsc#1057585 CVE-2017-14167 * Patches dropped (upstream): 0034-slirp-fix-clearing-ifq_so-from-pend.patch 0035-s390-ccw-Fix-alignment-for-CCW1.patch 0038-s390x-ais-for-2.10-stable-disable-a.patch 0039-s390x-cpumodel-remove-ais-from-z14-.patch * Patches renamed: 0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch - > 0034-target-i386-cpu-Add-new-EPYC-CPU-mo.patch 0037-chardev-baum-fix-baum-that-releases.patch - > 0035-chardev-baum-fix-baum-that-releases.patch 0040-io-fix-temp-directory-used-by-test-.patch - > 0036-io-fix-temp-directory-used-by-test-.patch 0041-io-fix-check-for-handshake-completi.patch - > 0037-io-fix-check-for-handshake-completi.patch 0042-crypto-fix-test-cert-generation-to-.patch - > 0038-crypto-fix-test-cert-generation-to-.patch 0043-vhost-user-disable-the-broken-subpr.patch - > 0039-vhost-user-disable-the-broken-subpr.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix failures and potential failures in qemu-testsuite 0040-io-fix-temp-directory-used-by-test-.patch 0041-io-fix-check-for-handshake-completi.patch 0042-crypto-fix-test-cert-generation-to-.patch 0043-vhost-user-disable-the-broken-subpr.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix migration issue on s390 0038-s390x-ais-for-2.10-stable-disable-a.patch 0039-s390x-cpumodel-remove-ais-from-z14-.patch - Fix case of not being able to build from rpm sources due to undefined macro (boo#1057966) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix baum that release brlapi twice (bsc#1060045) 0037-chardev-baum-fix-baum-that-releases.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- For SLE15 pre-release testing, add support for the EPYC processor. This will be officially supported once it is included in the v2.11 release. (bsc#1052825) 0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch - Fix some support statements in our SLE support documents.- Update BuildRequires packages libibverbs-devel and librdmacm-devel to the more correct rdma-core-devel - Enable seccomp for s390x, aarch64, and ppc64le - Fix OOB issue (use after free) in slirp network stack (CVE-2017-13711 bsc#1056291) 0034-slirp-fix-clearing-ifq_so-from-pend.patch - Fix a misalignment in the s390 ccw firmware (bsc#1056680) 0035-s390-ccw-Fix-alignment-for-CCW1.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Add a supportconfig plugin qemu-supportconfig FATE#323661- Update to v2.10.0: See http://wiki.qemu.org/ChangeLog/2.10 - Dropped internal only patches used to support SUSE Studio Testdrive as well as other miscellaneous patches deemed unused and not worth carrying (bsc#1046783, bsc#1055125, bsc#1055127) - Update SLE support statements in anticipation of SLE15 - disable SAN boot capability from virtio pxe rom used in v1.4 and older pc machine types due to rom size requirements. Hopefully a better solution can be found which doesn't impact functionality * Patches added: ipxe-stub-out-the-SAN-req-s-in-int13.patch * Patches renamed: 0006-qemu-cvs-gettimeofday.patch -> 0003-qemu-cvs-gettimeofday.patch 0007-qemu-cvs-ioctl_debug.patch -> 0004-qemu-cvs-ioctl_debug.patch 0008-qemu-cvs-ioctl_nodirection.patch -> 0005-qemu-cvs-ioctl_nodirection.patch 0009-linux-user-add-binfmt-wrapper-for-a.patch -> 0006-linux-user-add-binfmt-wrapper-for-a.patch 0010-PPC-KVM-Disable-mmu-notifier-check.patch -> 0007-PPC-KVM-Disable-mmu-notifier-check.patch 0011-linux-user-fix-segfault-deadlock.patch -> 0008-linux-user-fix-segfault-deadlock.patch 0012-linux-user-binfmt-support-host-bina.patch -> 0009-linux-user-binfmt-support-host-bina.patch 0013-linux-user-Fake-proc-cpuinfo.patch -> 0010-linux-user-Fake-proc-cpuinfo.patch 0014-linux-user-XXX-disable-fiemap.patch -> 0011-linux-user-XXX-disable-fiemap.patch 0017-linux-user-use-target_ulong.patch -> 0012-linux-user-use-target_ulong.patch 0021-console-add-question-mark-escape-op.patch -> 0013-console-add-question-mark-escape-op.patch 0022-Make-char-muxer-more-robust-wrt-sma.patch -> 0014-Make-char-muxer-more-robust-wrt-sma.patch 0023-linux-user-lseek-explicitly-cast-no.patch -> 0015-linux-user-lseek-explicitly-cast-no.patch 0025-AIO-Reduce-number-of-threads-for-32.patch -> 0016-AIO-Reduce-number-of-threads-for-32.patch 0027-xen_disk-Add-suse-specific-flush-di.patch -> 0017-xen_disk-Add-suse-specific-flush-di.patch 0028-qemu-bridge-helper-reduce-security-.patch -> 0018-qemu-bridge-helper-reduce-security-.patch 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0019-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0030-configure-Fix-detection-of-seccomp-.patch -> 0020-configure-Fix-detection-of-seccomp-.patch 0031-linux-user-properly-test-for-infini.patch -> 0020-linux-user-properly-test-for-infini.patch 0033-roms-Makefile-pass-a-packaging-time.patch -> 0022-roms-Makefile-pass-a-packaging-time.patch 0034-Raise-soft-address-space-limit-to-h.patch -> 0023-Raise-soft-address-space-limit-to-h.patch 0035-increase-x86_64-physical-bits-to-42.patch -> 0024-increase-x86_64-physical-bits-to-42.patch 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0025-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0037-i8254-Fix-migration-from-SLE11-SP2.patch -> 0026-i8254-Fix-migration-from-SLE11-SP2.patch 0038-acpi_piix4-Fix-migration-from-SLE11.patch -> 0027-acpi_piix4-Fix-migration-from-SLE11.patch 0039-Fix-tigervnc-long-press-issue.patch -> 0028-Fix-tigervnc-long-press-issue.patch 0041-string-input-visitor-Fix-uint64-par.patch -> 0029-string-input-visitor-Fix-uint64-par.patch 0042-test-string-input-visitor-Add-int-t.patch -> 0030-test-string-input-visitor-Add-int-t.patch 0043-test-string-input-visitor-Add-uint6.patch -> 0031-test-string-input-visitor-Add-uint6.patch 0044-tests-Add-QOM-property-unit-tests.patch -> 0032-tests-Add-QOM-property-unit-tests.patch 0045-tests-Add-scsi-disk-test.patch -> 0033-tests-Add-scsi-disk-test.patch * Patches dropped (upstream unless otherwise noted): 0003-qemu-cvs-alsa_bitfield.patch (deemed not needed) 0004-qemu-cvs-alsa_ioctl.patch (deemed not needed) 0005-qemu-cvs-alsa_mmap.patch (deemed not needed) 0015-slirp-nooutgoing.patch (bsc#1055125) 0016-vnc-password-file-and-incoming-conn.patch (bsc#1055127) 0018-block-Add-support-for-DictZip-enabl.patch (bsc#1046783) 0019-block-Add-tar-container-format.patch (bsc#1046783) 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch (bsc#1046783) 0024-configure-Enable-PIE-for-ppc-and-pp.patch (obsolete) 0026-dictzip-Fix-on-big-endian-systems.patch (bsc#1046783) 0032-linux-user-remove-all-traces-of-qem.patch 0040-fix-xen-hvm-direct-kernel-boot.patch (bsc#970791) 0046-RFC-update-Linux-headers-from-irqs-.patch 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch 0048-input-Add-trace-event-for-empty-key.patch 0049-ACPI-don-t-call-acpi_pcihp_device_p.patch 0050-i386-Allow-cpuid-bit-override.patch (was for testing only) 0051-input-limit-kbd-queue-depth.patch 0052-audio-release-capture-buffers.patch 0053-scsi-avoid-an-off-by-one-error-in-m.patch 0054-vmw_pvscsi-check-message-ring-page-.patch 0055-9pfs-local-forbid-client-access-to-.patch 0056-jazz_led-fix-bad-snprintf.patch 0057-slirp-smb-Replace-constant-strings-.patch 0058-altera_timer-fix-incorrect-memset.patch 0059-Hacks-for-building-on-gcc-7-Fedora-.patch 0060-9pfs-local-fix-unlink-of-alien-file.patch 0061-megasas-do-not-read-DCMD-opcode-mor.patch 0062-megasas-always-store-SCSIRequest-in.patch 0063-nbd-Fully-initialize-client-in-case.patch 0064-9pfs-local-remove-use-correct-path-.patch 0065-hid-Reset-kbd-modifiers-on-reset.patch 0066-input-Decrement-queue-count-on-kbd-.patch 0067-xhci-only-update-dequeue-ptr-on-com.patch 0068-vnc-Set-default-kbd-delay-to-10ms.patch 0069-qemu-nbd-Ignore-SIGPIPE.patch 0070-usb-redir-fix-stack-overflow-in-usb.patch 0072-slirp-check-len-against-dhcp-option.patch 0071-exec-use-qemu_ram_ptr_length-to-acc.patch 0073-xen-mapcache-store-dma-information-.patch 0074-exec-Add-lock-parameter-to-qemu_ram.patch 0075-Replace-struct-ucontext-with-uconte.patch ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch ipxe-ath-Add-missing-break-statements.patch ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix package build failure as of glibc v2.26 update in Factory (boo#1055587) 0075-Replace-struct-ucontext-with-uconte.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Remove redundant prerequire for pwdutils- Postrequire acl for setfacl- Prerequire shadow for groupadd- The recent security fix for CVE-2017-11334 adversely affects Xen. Include two additional patches to make sure Xen is going to be OK. 0073-xen-mapcache-store-dma-information-.patch 0074-exec-Add-lock-parameter-to-qemu_ram.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Pre-add group kvm for qemu-tools (bsc#1011144)- Fixed a few more inaccuracies in the support docs.- Address various security/stability issues * Fix DOS vulnerability in qemu-nbd (bsc#1046636 CVE-2017-10664) 0069-qemu-nbd-Ignore-SIGPIPE.patch * Fix DOS from stack overflow in debug messages of usb redirection support (bsc#1047674 CVE-2017-10806) 0070-usb-redir-fix-stack-overflow-in-usb.patch * Fix OOB access during DMA operation (CVE-2017-11334 bsc#1048902) 0071-exec-use-qemu_ram_ptr_length-to-acc.patch * Fix OOB access parsing dhcp slirp options (CVE-2017-11434 bsc#1049381) 0072-slirp-check-len-against-dhcp-option.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12 SP3. Apply a few additional clarifications in the support docs. (bsc#1050268) - Adjust to libvdeplug-devel package naming changes.- Fix migration with xhci (bsc#1048296) 0067-xhci-only-update-dequeue-ptr-on-com.patch - Increase VNC delay to fix missing keyboard input events (bsc#1031692) 0068-vnc-Set-default-kbd-delay-to-10ms.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Remove build dependency package iasl used for seabios- Fixed stuck state during usb keyboard reset (bsc#1044936) 0065-hid-Reset-kbd-modifiers-on-reset.patch - Fixed keyboard events getting lost (bsc#1044936) 0066-input-Decrement-queue-count-on-kbd-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Use most recent compiler to build size-critical firmware, instead of hard-coding gcc6 for all target versions (bsc#1043390) * A few upstream ipxe patches were needed for gcc7 compatibility: ipxe-ath-Add-missing-break-statements.patch ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch - Add --no-renames to the git format-patch command in the git workflow script for better patch compatibility - Address various security/stability issues * Fix potential privilege escalation in virtfs (CVE-2016-9602 bsc#1020427) 0060-9pfs-local-fix-unlink-of-alien-file.patch * Fix DOS in megasas device emulation (CVE-2017-9503 bsc#1043296) 0061-megasas-do-not-read-DCMD-opcode-mor.patch 0062-megasas-always-store-SCSIRequest-in.patch * Fix DOS in qemu-nbd server (CVE-2017-9524 bsc#1043808) 0063-nbd-Fully-initialize-client-in-case.patch * Fix regression introduced by recent virtfs security fixes (bsc#1045035) 0064-9pfs-local-remove-use-correct-path-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Backport ipxe to support FirstBurstLength (bsc#1040476) ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch- Fixes for gcc7 compatability (bsc#1040228) (in behalf of Liang Yan) 0056-jazz_led-fix-bad-snprintf.patch 0057-slirp-smb-Replace-constant-strings-.patch 0058-altera_timer-fix-incorrect-memset.patch 0059-Hacks-for-building-on-gcc-7-Fedora-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Protect access to metadata in virtio-9pfs (CVE-2017-7493 bsc#1039495) 0055-9pfs-local-forbid-client-access-to-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Address various security/stability issues * Fix DOS potential in vnc interface (CVE-2017-8379 bsc#1037334) 0051-input-limit-kbd-queue-depth.patch * Fix DOS potential in vnc interface (CVE-2017-8309 bsc#1037242) 0052-audio-release-capture-buffers.patch * Fix OOB access in megasas device emulation (CVE-2017-8380 bsc#1037336) 0053-scsi-avoid-an-off-by-one-error-in-m.patch * Fix DOS in Vmware pv scsi emulation (CVE-2017-8112 bsc#1036211) 0054-vmw_pvscsi-check-message-ring-page-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Fix building packages for some older distros. - Further refine our handling of building firmware (or not) for the various arch's and distro versions we build for. Note that if we don't build x86 firmware, (eg: x86 Leap 42.1) the upstream binary blobs are used, which may have migration incompatibilities with previous versions of qemu provided.- Fix issue in shipping qemu v2.9.0, where pci-passthrough for Xen HVM guests got broken (bsc#1034131) 0049-ACPI-don-t-call-acpi_pcihp_device_p.patch - Include experimental, unsupported feature to assist in some performance analysis work. 0050-i386-Allow-cpuid-bit-override.patch- Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9 * Includes fix for CVE-2017-7471, a virtfs security issue. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Add empty keyboard queue tracepoint to help openQA testing work better (bsc#1031692) 0048-input-Add-trace-event-for-empty-key.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9 - Enable ceph/rbd support for s390x (bsc#1030068) - Enable ceph/rbd support for ppc* as available - Update ARM in-kernel-timers patch (bsc#1033416) * Patches renamed: 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch 0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch 0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch 0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch 0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch 0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch * Patches added (support patch): 0046-RFC-update-Linux-headers-from-irqs-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (included in upstream source archive): 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Added additional documentation provided with v2.9.0 - Fix build failure with gcc7 (bsc#1031340) ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch - Made miscellaneous spec file refinements- The support documents included are now fairly accurate for the arm and s390 world, and the x86 version also received a few tweaks. Also included in those docs is a url reference to upstream qemu deprecation plans and discussions. (fate#321146) - Add post v2.9.0-rc2 upstream patches which fix -cpu host and -cpu max feature overrides for libvirt compatability. 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9 * Includes fix for in guest privilege escalation when using TCG (bsc#1030624) * Patches dropped (equivalent included in upstream source archive): 0047-linux-user-exclude-cpu-model-code-w.patch - Fix failure booting SLE12-SP2 Aarch64 guest (bsc#1031384) 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (no longer needed based on what we now build for): 0024-virtfs-proxy-helper-Provide-__u64-f.patch * Patches dropped (included in upstream source archive): 0034-dma-rc4030-limit-interval-timer-rel.patch * Patches renamed: 0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch 0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch 0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch 0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch 0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch 0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch 0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch 0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch 0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch 0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch 0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch 0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch 0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch 0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch 0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch 0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch 0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch 0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch 0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9 * Updated version carries fixes for the following reported issues: CVE-2016-9602 bsc#1020427, CVE-2016-9923 bsc#1014703, CVE-2017-2630 bsc#1025396, CVE-2017-2633 bsc#1026612, CVE-2017-5579 bsc#1021741, CVE-2017-5931 bsc#1024114, CVE-2017-5973 bsc#1025109, CVE-2017-5987 bsc#1025311, CVE-2017-6058 bsc#1025837, CVE-2017-6505 bsc#1028184 * Patches dropped: seabios_128kb.patch (no longer required) * Patches dropped (included in upstream source archive): 0035-net-imx-limit-buffer-descriptor-cou.patch 0045-virtio-gpu-call-cleanup-mapping-fun.patch 0051-virtio-gpu-fix-information-leak-in-.patch 0052-display-cirrus-ignore-source-pitch-.patch 0053-s390x-kvm-fix-small-race-reboot-vs..patch 0054-target-s390x-use-qemu-cpu-model-in-.patch 0056-tests-check-path-to-avoid-a-failing.patch 0057-display-virtio-gpu-3d-check-virgl-c.patch 0058-watchdog-6300esb-add-exit-function.patch 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch 0060-virtio-gpu-fix-memory-leak-in-resou.patch 0061-virtio-fix-vq-inuse-recalc-after-mi.patch 0062-audio-es1370-add-exit-function.patch 0063-audio-ac97-add-exit-function.patch 0064-megasas-fix-guest-triggered-memory-.patch 0065-cirrus-handle-negative-pitch-in-cir.patch 0066-cirrus-fix-blit-address-mask-handli.patch 0067-cirrus-fix-oob-access-issue-CVE-201.patch 0068-usb-ccid-check-ccid-apdu-length.patch 0069-sd-sdhci-check-data-length-during-d.patch 0070-virtio-gpu-fix-resource-leak-in-vir.patch 0071-cirrus-fix-patterncopy-checks.patch 0072-cirrus-add-blit_is_unsafe-call-to-c.patch * Patches renamed: 0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch 0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch 0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch 0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch 0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch 0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch 0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch 0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch 0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch 0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch 0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch 0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Buildignore for the global gcc-PIE, as this package enables PIE on its own and has troubles if all use it. (meissner@suse.com)- Address various security/stability issues * Fix OOB access in virito-gpu-3d (CVE-2016-10028 bsc#1017084 bsc#1016503) 0057-display-virtio-gpu-3d-check-virgl-c.patch * Fix DOS in Intel 6300ESB device emulation (CVE-2016-10155 bsc#1021129) 0058-watchdog-6300esb-add-exit-function.patch * Fix DOS in virtio-gpu-3d (CVE-2017-5552 bsc#1021195) 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch * Fix DOS in virtio-gpu (CVE-2017-5578 bsc#1021481) 0060-virtio-gpu-fix-memory-leak-in-resou.patch * Fix cause of infrequent migration failures from bad virtio device state. (bsc#1020928) 0061-virtio-fix-vq-inuse-recalc-after-mi.patch * Fix DOS in es1370 emulated audio device (CVE-2017-5526 bsc#1020589) 0062-audio-es1370-add-exit-function.patch * Fix DOS in ac97 emulated audio device (CVE-2017-5525 bsc#1020491) 0063-audio-ac97-add-exit-function.patch * Fix DOS in megasas device emulation (CVE-2017-5856 bsc#1023053) 0064-megasas-fix-guest-triggered-memory-.patch * Fix various inaccuracies in cirrus vga device emulation 0065-cirrus-handle-negative-pitch-in-cir.patch 0066-cirrus-fix-blit-address-mask-handli.patch * Fix OOB access in cirrus vga emulation (CVE-2017-2615 bsc#1023004) 0067-cirrus-fix-oob-access-issue-CVE-201.patch * Fix DOS in usb CCID card device emulator (CVE-2017-5898 bsc#1023907) 0068-usb-ccid-check-ccid-apdu-length.patch * Fix OOB access in SDHCI device emulation (CVE-2017-5667 bsc#1022541) 0069-sd-sdhci-check-data-length-during-d.patch * Fix DOS in virtio-gpu-3d (CVE-2017-5857 bsc#1023073) 0070-virtio-gpu-fix-resource-leak-in-vir.patch * Fix cirrus patterncopy checks 0071-cirrus-fix-patterncopy-checks.patch * Fix OOB access in cirrus vga emulation (CVE-2017-2620 bsc#1024972) 0072-cirrus-add-blit_is_unsafe-call-to-c.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8- Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583)- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Check that sysfs path exists before running test which requires it. This allows qemu-testsuite to succeed in local build service chroot based package build. 0056-tests-check-path-to-avoid-a-failing.patch- Factory and SLE12-SP3 got a name change in the dtc devel package: libfdt1-devel -> libfdt-devel. Adjust our spec file accordingly.- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Patches added: 0055-linux-user-exclude-cpu-model-code-w.patch- Make sure qemu guest agent is usable as soon as qemu-guest-agent package is installed. The previous post script was still not doing the job. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Fix potential hang/crash rebooting s390x guest 0053-s390x-kvm-fix-small-race-reboot-vs..patch * Fix s390x linux-user failure since v2.8.0 update 0054-target-s390x-use-qemu-cpu-model-in-.patch- Merge qemu packages from openSUSE and SUSE SLE releases together for the v2.8 qemu update. The qemu.changes file is the openSUSE version with this entry providing CVE, FATE, and bugzilla references from the SUSE SLE qemu package to date (see below) - Updated to v2.8.0: See http://wiki.qemu-project.org/ChangeLog/2.8 * For SUSE SLE-12-SP3, update relates to fate#319684, fate#321331, fate#321335, fate#321339, fate#321349, fate#321857 * For best compatibility, qemu-ifup and kvm_stat scripts now owned by qemu package * Build ipxe roms with gcc6 to maintain SLE legacy migration compatibility requirements * qmp-commands.txt file removed, to resurface in future doc reorganization * qemu-tech.html file merged into other existing doc * trace-events renamed to trace-events-all - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Patches dropped (upstream): 0013-linux-user-lock-tcg.patch 0014-linux-user-Run-multi-threaded-code-.patch 0015-linux-user-lock-tb-flushing-too.patch 0017-linux-user-implement-FS_IOC_GETFLAG.patch 0018-linux-user-implement-FS_IOC_SETFLAG.patch 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch 0041-vmsvga-correct-bitmap-and-pixmap-si.patch 0042-scsi-mptconfig-fix-an-assert-expres.patch 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch 0046-scsi-mptsas-use-g_new0-to-allocate-.patch 0047-scsi-pvscsi-limit-process-IO-loop-t.patch 0048-virtio-add-check-for-descriptor-s-m.patch 0049-net-mcf-limit-buffer-descriptor-cou.patch 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch 0051-xhci-limit-the-number-of-link-trbs-.patch 0052-9pfs-allocate-space-for-guest-origi.patch 0053-9pfs-fix-memory-leak-in-v9fs_link.patch 0054-9pfs-fix-potential-host-memory-leak.patch 0055-9pfs-fix-information-leak-in-xattr-.patch 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch 0057-9pfs-fix-memory-leak-in-v9fs_write.patch 0058-char-serial-check-divider-value-aga.patch 0059-net-pcnet-check-rx-tx-descriptor-ri.patch 0060-net-eepro100-fix-memory-leak-in-dev.patch 0061-net-rocker-set-limit-to-DMA-buffer-.patch 0062-net-vmxnet-initialise-local-tx-desc.patch 0063-net-rtl8139-limit-processing-of-rin.patch 0064-audio-intel-hda-check-stream-entry-.patch 0065-virtio-gpu-fix-memory-leak-in-virti.patch 0066-9pfs-fix-integer-overflow-issue-in-.patch slof_xhci.patch * Patches renamed: 0016-linux-user-Fake-proc-cpuinfo.patch -> 0013-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-XXX-disable-fiemap.patch -> 0014-linux-user-XXX-disable-fiemap.patch 0020-slirp-nooutgoing.patch -> 0015-slirp-nooutgoing.patch 0021-vnc-password-file-and-incoming-conn.patch -> 0016-vnc-password-file-and-incoming-conn.patch 0022-linux-user-use-target_ulong.patch -> 0017-linux-user-use-target_ulong.patch 0023-block-Add-support-for-DictZip-enabl.patch -> 0018-block-Add-support-for-DictZip-enabl.patch 0024-block-Add-tar-container-format.patch -> 0019-block-Add-tar-container-format.patch 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0026-console-add-question-mark-escape-op.patch -> 0021-console-add-question-mark-escape-op.patch 0027-Make-char-muxer-more-robust-wrt-sma.patch -> 0022-Make-char-muxer-more-robust-wrt-sma.patch 0028-linux-user-lseek-explicitly-cast-no.patch -> 0023-linux-user-lseek-explicitly-cast-no.patch 0029-virtfs-proxy-helper-Provide-__u64-f.patch -> 0024-virtfs-proxy-helper-Provide-__u64-f.patch 0030-configure-Enable-PIE-for-ppc-and-pp.patch -> 0025-configure-Enable-PIE-for-ppc-and-pp.patch 0031-AIO-Reduce-number-of-threads-for-32.patch -> 0026-AIO-Reduce-number-of-threads-for-32.patch 0032-dictzip-Fix-on-big-endian-systems.patch -> 0027-dictzip-Fix-on-big-endian-systems.patch 0033-xen_disk-Add-suse-specific-flush-di.patch -> 0028-xen_disk-Add-suse-specific-flush-di.patch 0035-qemu-bridge-helper-reduce-security-.patch -> 0029-qemu-bridge-helper-reduce-security-.patch 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0037-configure-Fix-detection-of-seccomp-.patch -> 0031-configure-Fix-detection-of-seccomp-.patch 0038-linux-user-properly-test-for-infini.patch -> 0032-linux-user-properly-test-for-infini.patch 0040-linux-user-remove-all-traces-of-qem.patch -> 0033-linux-user-remove-all-traces-of-qem.patch 0067-dma-rc4030-limit-interval-timer-rel.patch -> 0034-dma-rc4030-limit-interval-timer-rel.patch 0068-net-imx-limit-buffer-descriptor-cou.patch -> 0035-net-imx-limit-buffer-descriptor-cou.patch 0069-roms-Makefile-pass-a-packaging-time.patch -> 0036-roms-Makefile-pass-a-packaging-time.patch * Patches added: 0037-Raise-soft-address-space-limit-to-h.patch 0038-increase-x86_64-physical-bits-to-42.patch 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0040-i8254-Fix-migration-from-SLE11-SP2.patch 0041-acpi_piix4-Fix-migration-from-SLE11.patch 0042-Fix-tigervnc-long-press-issue.patch 0043-fix-xen-hvm-direct-kernel-boot.patch 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch 0045-virtio-gpu-call-cleanup-mapping-fun.patch 0046-string-input-visitor-Fix-uint64-par.patch 0047-test-string-input-visitor-Add-int-t.patch 0048-test-string-input-visitor-Add-uint6.patch 0049-tests-Add-QOM-property-unit-tests.patch 0050-tests-Add-scsi-disk-test.patch 0051-virtio-gpu-fix-information-leak-in-.patch 0052-display-cirrus-ignore-source-pitch-.patch ipxe-use-gcc6-for-more-compact-code.patch * SLE patches dropped (accounted for in above listed changes): 0002-qemu-0.9.0.cvs-binfmt.patch 0009-block-vmdk-Support-creation-of-SCSI.patch 0010-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch 0014-linux-user-Ignore-broken-loop-ioctl.patch 0015-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch 0024-linux-user-add-more-blk-ioctls.patch 0025-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-_u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch 0034-Raise-soft-address-space-limit-to-h.patch 0035-increase-x86_64-physical-bits-to-42.patch 0036-vnc-provide-fake-color-map.patch 0037-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0038-i8254-Fix-migration-from-SLE11-SP2.patch 0039-acpi_piix4-Fix-migration-from-SLE11.patch 0040-qtest-Increase-socket-timeout-to-ac.patch 0041-dictzip-Fix-on-big-endian-systems.patch 0043-xen_disk-Add-suse-specific-flush-di.patch 0044-Split-large-discard-requests-from-b.patch 0045-fix-xen-hvm-direct-kernel-boot.patch 0046-xen-introduce-dummy-system-device.patch 0047-xen-write-information-about-support.patch 0048-xen-add-pvUSB-backend.patch 0049-xen-move-xen_sysdev-to-xen_backend..patch 0050-vnc-add-configurable-keyboard-delay.patch 0051-xen-SUSE-xenlinux-unplug-for-emulat.patch 0052-configure-add-echo_version-helper.patch 0053-configure-support-vte-2.91.patch 0054-scsi-esp-fix-migration.patch 0055-hw-arm-virt-mark-the-PCIe-host-cont.patch 0056-xen-when-removing-a-backend-don-t-r.patch 0057-xen-drain-submit-queue-in-xen-usb-b.patch 0058-qcow2-avoid-extra-flushes-in-qcow2.patch 0059-qemu-bridge-helper-reduce-security-.patch 0060-xen-use-a-common-function-for-pv-an.patch 0061-xen_platform-unplug-also-SCSI-disks.patch 0062-virtio-check-vring-descriptor-buffe.patch 0063-net-vmxnet3-check-for-device_active.patch 0064-net-vmxnet-initialise-local-tx-desc.patch 0065-scsi-pvscsi-avoid-infinite-loop-whi.patch 0066-ARM-KVM-Enable-in-kernel-timers-wit.patch 0067-hw-net-Fix-a-heap-overflow-in-xlnx..patch 0068-vmsvga-correct-bitmap-and-pixmap-si.patch 0069-usb-xhci-fix-memory-leak-in-usb_xhc.patch 0070-virtio-add-check-for-descriptor-s-m.patch 0071-net-mcf-limit-buffer-descriptor-cou.patch 0072-usb-ehci-fix-memory-leak-in-ehci_pr.patch 0073-xhci-limit-the-number-of-link-trbs-.patch 0074-9pfs-allocate-space-for-guest-origi.patch 0075-9pfs-fix-memory-leak-in-v9fs_link.patch 0076-9pfs-fix-potential-host-memory-leak.patch 0077-9pfs-fix-memory-leak-in-v9fs_write.patch 0078-char-serial-check-divider-value-aga.patch 0079-net-pcnet-check-rx-tx-descriptor-ri.patch 0080-net-eepro100-fix-memory-leak-in-dev.patch 0081-net-rocker-set-limit-to-DMA-buffer-.patch 0082-net-rtl8139-limit-processing-of-rin.patch 0083-audio-intel-hda-check-stream-entry-.patch 0084-virtio-gpu-fix-memory-leak-in-virti.patch 0085-9pfs-fix-integer-overflow-issue-in-.patch 0086-dma-rc4030-limit-interval-timer-rel.patch 0087-net-imx-limit-buffer-descriptor-cou.patch 0088-target-i386-Implement-CPUID-0xB-Ext.patch 0089-target-i386-present-virtual-L3-cach.patch 0090-migration-fix-inability-to-save-VM-.patch 0091-ui-gtk-Fix-a-runtime-warning-on-vte.patch 0092-gtk-don-t-leak-the-GtkBorder-with-V.patch 0093-xen-fix-ioreq-handling.patch 0094-macio-Use-blk_drain-instead-of-blk_.patch 0095-rbd-Switch-rbd_start_aio-to-byte-ba.patch 0096-virtio-blk-Release-s-rq-queue-at-sy.patch 0097-virtio-blk-Remove-stale-comment-abo.patch 0098-block-reintroduce-bdrv_flush_all.patch 0099-qemu-use-bdrv_flush_all-for-vm_stop.patch 0100-block-backend-remove-blkflush_all.patch 0101-char-fix-missing-return-in-error-pa.patch 0102-rbd-shift-byte-count-as-a-64-bit-va.patch 0103-mirror-use-bdrv_drained_begin-bdrv_.patch 0104-block-curl-Use-BDRV_SECTOR_SIZE.patch 0105-block-curl-Fix-return-value-from-cu.patch 0106-block-curl-Remember-all-sockets.patch 0107-block-curl-Do-not-wait-for-data-bey.patch 0108-virtio-allow-per-device-class-legac.patch 0109-virtio-net-mark-VIRTIO_NET_F_GSO-as.patch 0110-vhost-adapt-vhost_verify_ring_mappi.patch 0111-ivshmem-Fix-64-bit-memory-bar-confi.patch 0112-intel_iommu-fix-incorrect-device-in.patch 0113-9pfs-fix-information-leak-in-xattr-.patch 0114-9pfs-fix-memory-leak-in-v9fs_xattrc.patch 0115-net-mcf-check-receive-buffer-size-r.patch 0116-virtio-gpu-fix-memory-leak-in-updat.patch 0117-virtio-gpu-fix-information-leak-in-.patch 0118-9pfs-adjust-the-order-of-resource-c.patch 0119-9pfs-add-cleanup-operation-in-FileO.patch 0120-9pfs-add-cleanup-operation-for-hand.patch 0121-9pfs-add-cleanup-operation-for-prox.patch 0122-virtio-gpu-call-cleanup-mapping-fun.patch 0123-string-input-visitor-Fix-uint64-par.patch 0124-test-string-input-visitor-Add-int-t.patch 0125-test-string-input-visitor-Add-uint6.patch 0126-tests-Add-QOM-property-unit-tests.patch 0127-tests-Add-scsi-disk-test.patch 0128-usb-ehci-fix-memory-leak-in-ehci_in.patch 0129-usbredir-free-vm_change_state_handl.patch 0130-virtio-gpu-fix-information-leak-in-.patch ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch ipxe-legacy-Fix-building-with-GCC-6.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-util-v5.24-perl-errors-on-redeclare.patch - SLE CVE, FATE, and bugzilla references not otherwise listed in this changelog file. The intent of this list is to indicate that the fix or feature continues the line of inheritance in the development stream of this package. The list is intended to satisfy searches only - refer to the SLE-12-SP2 changelog file for additional details. * fate#314468 fate#314497 fate#315125 fate#315467 fate#317015 fate#317741 fate#317763 fate#318349 fate#319660 fate#319979 fate#321010 * bnc#812983 bnc#869026 bnc#869746 bnc#874413 bnc#875582 bnc#875870 bnc#877642 bnc#877645 bnc#878541 bsc#882405 bsc#886378 bnc#893339 bnc#893892 bnc#895369 bnc#896726 bnc#897654 bnc#905097 bnc#907805 bnc#908380 bnc#914521 bsc#924018 bsc#929339 bsc#932267 bsc#932770 bsc#933981 bsc#936537 bsc#937125 bsc#938344 bsc#940929 bsc#942845 bsc#943446 bsc#944697 bsc#945404 bsc#945987 bsc#945989 bsc#946020 bsc#947159 bnc#953518 bsc#954864 bsc#956829 bsc#957162 bsc#958491 bsc#958917 bsc#959005 bsc#959386 bsc#960334 bsc#960708 bsc#960725 bsc#960835 bsc#961333 bsc#961556 bsc#961691 bsc#962320 bsc#963782 bsc#964413 bsc#970791 bsc#974141 bsc#978158 bsc#979473 bsc#982365 bsc#989655 bsc#991466 bsc#994771 bsc#994774 bsc#996441 bsc#997858 bsc#999212 bsc#1001151 bsc#1002116 bsc#1005353 boo#1007263 bsc#1007769 bsc#1008519 bsc#1009109 bsc#1013285 bsc#1013341 bsc#1013764 bsc#1013767 bsc#1014109 bsc#1014110 bsc#1014111 bsc#1014112 bsc#1014256 bsc#1014514 bsc#1014702 bsc#1015169 bsc#1016779 * CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-6490 CVE-2016-6833 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7161 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922- Despite the previous entry about re-enabling ceph on Nov 19, 2016 the change wasn't actually done. Do it now.- sgabios-stable-buildid.patch: Use geeko@buildhost- slof_xhci.patch: XHCI fixes (boo#977027)- Recommend x86 ROMs for emulated PCI cards on ppc, arm, others (bsc#1005869, michals)- Tidy SLOF patch boilerplate (michals)- Build with spice on all archs. (boo#1009438, michals)- Refine the approach to producing stable builds in our ROM based packages. All built roms which have hostname or date calls now produce consistent results build to build via patch changes, so remove the hostname and date call workarounds. (bsc#1011213) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0069-roms-Makefile-pass-a-packaging-time.patch sgabios-stable-buildid.patch- Re-enable ceph (rbd) functionality in OBS builds as we've been told the issues which prompted us to disable it are resolved - Address various security/stability issues * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516) 0041-vmsvga-correct-bitmap-and-pixmap-si.patch * Fix DOS in LSI SAS1068 emulation (CVE-2016-7157 bsc#997860) 0042-scsi-mptconfig-fix-an-assert-expres.patch 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch * Fix DOS in Vmware pv scsi interface (CVE-2016-7156 bsc#997859) 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch * Fix DOS in USB xHCI emulation (CVE-2016-7466 bsc#1000345) 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch * Fix OOB access in LSI SAS1068 emulation (CVE-2016-7423 bsc#1000397) 0046-scsi-mptsas-use-g_new0-to-allocate-.patch * Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661) 0047-scsi-pvscsi-limit-process-IO-loop-t.patch * Fix NULL pointer dereference in virtio processing (CVE-2016-7422 bsc#1000346) 0048-virtio-add-check-for-descriptor-s-m.patch * Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550) 0049-net-mcf-limit-buffer-descriptor-cou.patch * Fix DOS in USB EHCI emulation (CVE-2016-7995 bsc#1003612) 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878) 0051-xhci-limit-the-number-of-link-trbs-.patch * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894) 0052-9pfs-allocate-space-for-guest-origi.patch * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494) 0053-9pfs-fix-memory-leak-in-v9fs_link.patch * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893) 0054-9pfs-fix-potential-host-memory-leak.patch * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454) 0055-9pfs-fix-information-leak-in-xattr-.patch * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450) 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495) 0057-9pfs-fix-memory-leak-in-v9fs_write.patch * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707) 0058-char-serial-check-divider-value-aga.patch * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557) 0059-net-pcnet-check-rx-tx-descriptor-ri.patch * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391) 0060-net-eepro100-fix-memory-leak-in-dev.patch * Fix OOB access in Rocker switch emulation (CVE-2016-8668 bsc#1004706) 0061-net-rocker-set-limit-to-DMA-buffer-.patch * Plug data leak in vmxnet3 emulation (CVE-2016-6836 bsc#994760) 0062-net-vmxnet-initialise-local-tx-desc.patch * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538) 0063-net-rtl8139-limit-processing-of-rin.patch * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536) 0064-audio-intel-hda-check-stream-entry-.patch * Fix DOS in virtio-gpu (CVE-2016-7994 bsc#1003613) 0065-virtio-gpu-fix-memory-leak-in-virti.patch * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493) 0066-9pfs-fix-integer-overflow-issue-in-.patch * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702) 0067-dma-rc4030-limit-interval-timer-rel.patch * Fix DOS in i.MX NIC emulation (CVE-2016-7907 bsc#1002549) 0068-net-imx-limit-buffer-descriptor-cou.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7- Use fixed timestamps and stable build_id in ipxe and other ROMs * Patches added: ipxe-stable-buildid.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patch updated: 0040-linux-user-skip-0-flag-from-proc-se.patch -> 0040-linux-user-remove-all-traces-of-qem.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0040-linux-user-skip-0-flag-from-proc-se.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch- Document two new options, but leave jemalloc disabled for now - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches dropped: 0034-build-link-with-libatomic-on-powerp.patch * Patches renamed: 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch 0036-qemu-bridge-helper-reduce-security-.patch -> 0035-qemu-bridge-helper-reduce-security-.patch 0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0038-configure-Fix-detection-of-seccomp-.patch -> 0037-configure-Fix-detection-of-seccomp-.patch 0039-linux-user-properly-test-for-infini.patch -> 0038-linux-user-properly-test-for-infini.patch- Updated to v2.7.0: See http://wiki.qemu-project.org/ChangeLog/2.7 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0039-linux-user-properly-test-for-infini.patch- Use new kvm_stat package where available, else provide updated kvm_stat script.- Update to v2.7.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.7- Updated to v2.7.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.7 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches dropped: 0002-qemu-0.9.0.cvs-binfmt.patch (script rewritten upstream) 0009-block-vmdk-Support-creation-of-SCSI.patch (deprecated) 0014-linux-user-Ignore-broken-loop-ioctl.patch (implemented upstream) 0024-linux-user-add-more-blk-ioctls.patch (more implemented upstream) 0034-qtest-Increase-socket-timeout.patch (increased further upstream) 0036-configure-Enable-libseccomp-for-ppc.patch (enabled upstream) 0038-block-split-large-discard-requests-.patch 0041-xen-introduce-dummy-system-device.patch 0042-xen-write-information-about-support.patch 0043-xen-add-pvUSB-backend.patch 0044-xen-move-xen_sysdev-to-xen_backend..patch 0045-vnc-add-configurable-keyboard-delay.patch 0046-configure-add-echo_version-helper.patch 0047-configure-support-vte-2.91.patch 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch 0050-scsi-esp-fix-migration.patch 0051-xen-when-removing-a-backend-don-t-r.patch 0052-xen-drain-submit-queue-in-xen-usb-b.patch 0053-qcow2-avoid-extra-flushes-in-qcow2.patch 0055-xen-use-a-common-function-for-pv-an.patch ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-legacy-Fix-building-with-GCC-6.patch ipxe-util-v5.24-perl-errors-on-redeclare.patch ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch * Patches renamed: 0010-linux-user-add-binfmt-wrapper-for-a.patch -> 0009-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch -> 0010-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch -> 0011-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch -> 0012-linux-user-binfmt-support-host-bina.patch 0015-linux-user-lock-tcg.patch -> 0013-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch -> 0014-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch -> 0015-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch -> 0016-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch -> 0017-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch -> 0018-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch -> 0019-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch -> 0020-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch -> 0021-vnc-password-file-and-incoming-conn.patch 0025-linux-user-use-target_ulong.patch -> 0022-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch -> 0023-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch -> 0024-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch -> 0026-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch -> 0027-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch -> 0028-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-__u64-f.patch -> 0029-virtfs-proxy-helper-Provide-__u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch -> 0030-configure-Enable-PIE-for-ppc-and-pp.patch 0035-AIO-Reduce-number-of-threads-for-32.patch -> 0031-AIO-Reduce-number-of-threads-for-32.patch 0037-dictzip-Fix-on-big-endian-systems.patch -> 0032-dictzip-Fix-on-big-endian-systems.patch 0039-xen_disk-Add-suse-specific-flush-di.patch -> 0033-xen_disk-Add-suse-specific-flush-di.patch 0040-build-link-with-libatomic-on-powerp.patch -> 0034-build-link-with-libatomic-on-powerp.patch 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch 0054-qemu-bridge-helper-reduce-security-.patch -> 0036-qemu-bridge-helper-reduce-security-.patch * Patches added: 0002-qemu-binfmt-conf-Modify-default-pat.patch 0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch * Package renamed trace-events-all file and linuxboot_dma.bin * Handle building and packaging roms for e1000e and vmxnet3 (Bruce) * Remove ipxe patches which are now enabled upstream (Bruce) * Enable seccomp for s390x (Mark Post): 0038-configure-Fix-detection-of-seccomp-.patch- Update to v2.6.1 a stable, bug-fix-only release (fate#316228) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped (upstreamed): 0041-net-mipsnet-check-packet-length-aga.patch 0042-i386-kvmvapic-initialise-imm32-vari.patch 0043-esp-check-command-buffer-length-bef.patch 0044-esp-check-dma-length-before-reading.patch 0045-scsi-pvscsi-check-command-descripto.patch 0046-scsi-mptsas-infinite-loop-while-fet.patch 0047-vga-add-sr_vbe-register-set.patch 0048-scsi-megasas-use-appropriate-proper.patch 0049-scsi-megasas-check-read_queue_head-.patch 0050-scsi-megasas-null-terminate-bios-ve.patch 0051-vmsvga-move-fifo-sanity-checks-to-v.patch 0052-vmsvga-don-t-process-more-than-1024.patch 0053-block-iscsi-avoid-potential-overflo.patch 0054-scsi-esp-check-TI-buffer-index-befo.patch 0060-scsi-megasas-initialise-local-confi.patch 0065-scsi-esp-check-buffer-length-before.patch 0066-scsi-esp-respect-FIFO-invariant-aft.patch 0067-pci-assign-Move-Invalid-ROM-error-m.patch 0068-Xen-PCI-passthrough-fix-passthrough.patch 0069-scsi-esp-make-cmdbuf-big-enough-for.patch 0071-virtio-error-out-if-guest-exceeds-v.patch * Patches renamed: 0055-xen-introduce-dummy-system-device.patch - > 0041-xen-introduce-dummy-system-device.patch 0056-xen-write-information-about-support.patch - > 0042-xen-write-information-about-support.patch 0057-xen-add-pvUSB-backend.patch - > 0043-xen-add-pvUSB-backend.patch 0058-xen-move-xen_sysdev-to-xen_backend..patch - > 0044-xen-move-xen_sysdev-to-xen_backend..patch 0059-vnc-add-configurable-keyboard-delay.patch - > 0045-vnc-add-configurable-keyboard-delay.patch 0061-configure-add-echo_version-helper.patch - > 0046-configure-add-echo_version-helper.patch 0062-configure-support-vte-2.91.patch - > 0047-configure-support-vte-2.91.patch 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch - > 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch - > 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch 0070-scsi-esp-fix-migration.patch - > 0050-scsi-esp-fix-migration.patch 0072-xen-when-removing-a-backend-don-t-r.patch - > 0051-xen-when-removing-a-backend-don-t-r.patch 0073-xen-drain-submit-queue-in-xen-usb-b.patch - > 0052-xen-drain-submit-queue-in-xen-usb-b.patch 0074-qcow2-avoid-extra-flushes-in-qcow2.patch - > 0053-qcow2-avoid-extra-flushes-in-qcow2.patch 0075-qemu-bridge-helper-reduce-security-.patch - > 0054-qemu-bridge-helper-reduce-security-.patch 0076-xen-use-a-common-function-for-pv-an.patch - > 0055-xen-use-a-common-function-for-pv-an.patch- Temporarily disable ceph (rbd) functionality in OBS due to staging issues.- use upstream solution for building xen-usb.c correctly - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped: 0058-usb-Fix-conditions-that-xen-usb.c-i.patch * Patches added: 0058-xen-move-xen_sysdev-to-xen_backend..patch- Incorporate patch carried in Xen's qemu to get same support as Xen switches to use the qemu package (bsc#953339, bsc#953362, bsc#953518, bsc#984981) 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch - Fix more potential OOB accesses in 53C9X emulation (CVE-2016-5238 bsc#982959) 0065-scsi-esp-check-buffer-length-before.patch 0066-scsi-esp-respect-FIFO-invariant-aft.patch - Avoid "Invalid ROM" error message when it is not appropriate (bsc#982927) 0067-pci-assign-Move-Invalid-ROM-error-m.patch - Fix failure in Xen HVM PCI passthrough (bsc#981925, bsc#989250) 0068-Xen-PCI-passthrough-fix-passthrough.patch - Fix OOB access in 53C9X emulation (CVE-2016-6351 bsc#990835) 0069-scsi-esp-make-cmdbuf-big-enough-for.patch 0070-scsi-esp-fix-migration.patch - Avoid potential for guest initiated OOM condition in qemu through virtio interface (CVE-2016-5403 bsc#991080) 0071-virtio-error-out-if-guest-exceeds-v.patch - Fix potential crashes in qemu from pvusb bugs (bsc#986156) 0072-xen-when-removing-a-backend-don-t-r.patch 0073-xen-drain-submit-queue-in-xen-usb-b.patch - Avoid unneeded flushes in qcow2 which impact performance (bsc#991296) 0074-qcow2-avoid-extra-flushes-in-qcow2.patch - Finally get qemu-bridge-helper the permissions it needs for non- root usage. The kvm group is leveraged to control access. (boo#988279) 0075-qemu-bridge-helper-reduce-security-.patch - Fix pvusb not working for HVM guests (bsc#991785) 0076-xen-use-a-common-function-for-pv-an.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 - Minor spec file formatting fixes- Fix ARM PCIe DMA coherency bug (bsc#991034) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches added: 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch- Clean up the udev ifdeffery to cover systemd as well (boo#860275) - Trigger udev rules also under systemd (boo#989655) - Suppress s390x sysctl in chroot - Ignore s390x sysctl failures (agraf)- Build SLOF for SLE12 now that we have gcc fix (bsc#949000) - Add script for loading kvm module on s390x - Enable seccomp and iscsi support in more configurations - Enable more support for virtio-gpu - Fix /dev/kvm permissions problem with package install and no reboot (bnc#867867) - Remove libtool dependency - Disable more aggressive stack protector for performance reasons - Enable vte to be used again in more configurations (bsc#988855) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches added: 0061-configure-add-echo_version-helper.patch 0062-configure-support-vte-2.91.patch- Remove deprecated patch "work-around-SA_RESTART-race" (boo#982208) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped: 0002-XXX-work-around-SA_RESTART-race-wit.patch 0003-qemu-0.9.0.cvs-binfmt.patch 0004-qemu-cvs-alsa_bitfield.patch 0005-qemu-cvs-alsa_ioctl.patch 0006-qemu-cvs-alsa_mmap.patch 0007-qemu-cvs-gettimeofday.patch 0008-qemu-cvs-ioctl_debug.patch 0009-qemu-cvs-ioctl_nodirection.patch 0010-block-vmdk-Support-creation-of-SCSI.patch 0011-linux-user-add-binfmt-wrapper-for-a.patch 0012-PPC-KVM-Disable-mmu-notifier-check.patch 0013-linux-user-fix-segfault-deadlock.patch 0014-linux-user-binfmt-support-host-bina.patch 0015-linux-user-Ignore-broken-loop-ioctl.patch 0016-linux-user-lock-tcg.patch 0017-linux-user-Run-multi-threaded-code-.patch 0018-linux-user-lock-tb-flushing-too.patch 0019-linux-user-Fake-proc-cpuinfo.patch 0020-linux-user-implement-FS_IOC_GETFLAG.patch 0021-linux-user-implement-FS_IOC_SETFLAG.patch 0022-linux-user-XXX-disable-fiemap.patch 0023-slirp-nooutgoing.patch 0024-vnc-password-file-and-incoming-conn.patch 0025-linux-user-add-more-blk-ioctls.patch 0026-linux-user-use-target_ulong.patch 0027-block-Add-support-for-DictZip-enabl.patch 0028-block-Add-tar-container-format.patch 0029-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0030-console-add-question-mark-escape-op.patch 0031-Make-char-muxer-more-robust-wrt-sma.patch 0032-linux-user-lseek-explicitly-cast-no.patch 0033-virtfs-proxy-helper-Provide-__u64-f.patch 0034-configure-Enable-PIE-for-ppc-and-pp.patch 0035-qtest-Increase-socket-timeout.patch 0036-AIO-Reduce-number-of-threads-for-32.patch 0037-configure-Enable-libseccomp-for-ppc.patch 0038-dictzip-Fix-on-big-endian-systems.patch 0039-block-split-large-discard-requests-.patch 0040-xen_disk-Add-suse-specific-flush-di.patch 0041-build-link-with-libatomic-on-powerp.patch 0042-net-mipsnet-check-packet-length-aga.patch 0043-i386-kvmvapic-initialise-imm32-vari.patch 0044-esp-check-command-buffer-length-bef.patch 0045-esp-check-dma-length-before-reading.patch 0046-scsi-pvscsi-check-command-descripto.patch 0047-scsi-mptsas-infinite-loop-while-fet.patch 0048-vga-add-sr_vbe-register-set.patch 0049-scsi-megasas-use-appropriate-proper.patch 0050-scsi-megasas-check-read_queue_head-.patch 0051-scsi-megasas-null-terminate-bios-ve.patch 0052-vmsvga-move-fifo-sanity-checks-to-v.patch 0053-vmsvga-don-t-process-more-than-1024.patch 0054-block-iscsi-avoid-potential-overflo.patch 0055-scsi-esp-check-TI-buffer-index-befo.patch 0056-xen-introduce-dummy-system-device.patch 0057-xen-write-information-about-support.patch 0058-xen-add-pvUSB-backend.patch 0059-usb-Fix-conditions-that-xen-usb.c-i.patch 0060-vnc-add-configurable-keyboard-delay.patch 0061-scsi-megasas-initialise-local-confi.patch * Patches added: 0002-qemu-0.9.0.cvs-binfmt.patch 0003-qemu-cvs-alsa_bitfield.patch 0004-qemu-cvs-alsa_ioctl.patch 0005-qemu-cvs-alsa_mmap.patch 0006-qemu-cvs-gettimeofday.patch 0007-qemu-cvs-ioctl_debug.patch 0008-qemu-cvs-ioctl_nodirection.patch 0009-block-vmdk-Support-creation-of-SCSI.patch 0010-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch 0014-linux-user-Ignore-broken-loop-ioctl.patch 0015-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch 0024-linux-user-add-more-blk-ioctls.patch 0025-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-__u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch 0034-qtest-Increase-socket-timeout.patch 0035-AIO-Reduce-number-of-threads-for-32.patch 0036-configure-Enable-libseccomp-for-ppc.patch 0037-dictzip-Fix-on-big-endian-systems.patch 0038-block-split-large-discard-requests-.patch 0039-xen_disk-Add-suse-specific-flush-di.patch 0040-build-link-with-libatomic-on-powerp.patch 0041-net-mipsnet-check-packet-length-aga.patch 0042-i386-kvmvapic-initialise-imm32-vari.patch 0043-esp-check-command-buffer-length-bef.patch 0044-esp-check-dma-length-before-reading.patch 0045-scsi-pvscsi-check-command-descripto.patch 0046-scsi-mptsas-infinite-loop-while-fet.patch 0047-vga-add-sr_vbe-register-set.patch 0048-scsi-megasas-use-appropriate-proper.patch 0049-scsi-megasas-check-read_queue_head-.patch 0050-scsi-megasas-null-terminate-bios-ve.patch 0051-vmsvga-move-fifo-sanity-checks-to-v.patch 0052-vmsvga-don-t-process-more-than-1024.patch 0053-block-iscsi-avoid-potential-overflo.patch 0054-scsi-esp-check-TI-buffer-index-befo.patch 0055-xen-introduce-dummy-system-device.patch 0056-xen-write-information-about-support.patch 0057-xen-add-pvUSB-backend.patch 0058-usb-Fix-conditions-that-xen-usb.c-i.patch 0059-vnc-add-configurable-keyboard-delay.patch 0060-scsi-megasas-initialise-local-confi.patch - Enable ceph (rbd) support for aarch64- Enable ceph (rbd) support- Fix OVMF iPXE network menu (bsc#986033, boo#987488) ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch- Fix host information leak to guest in MegaRAID SAS 8708EM2 Host Bus AdapterMegaRAID SAS 8708EM2 Host Bus Adapter emulation support (CVE-2016-5105 bsc#982017) * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 0061-scsi-megasas-initialise-local-confi.patch- Address various security/stability issues * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Fix OOB access in megasas emulated device (CVE-2016-5106 bsc#982018) 0049-scsi-megasas-use-appropriate-proper.patch * Fix OOB access in megasas emulated device (CVE-2016-5107 bsc#982019) 0050-scsi-megasas-check-read_queue_head-.patch * Fix OOB access in megasas emulated device (CVE-2016-5337 bsc#983961) 0051-scsi-megasas-null-terminate-bios-ve.patch * Correct the vmvga fifo access checks (CVE-2016-4454 bsc#982222) 0052-vmsvga-move-fifo-sanity-checks-to-v.patch * Fix potential DoS issue in vmvga processing (CVE-2016-4453 bsc#982223) 0053-vmsvga-don-t-process-more-than-1024.patch * Fix heap buffer overflow flaw when iscsi protocol is used (CVE-2016-5126 bsc#982285) 0054-block-iscsi-avoid-potential-overflo.patch * Fix OOB access in 53C9X emulation (CVE-2016-5338 bsc#983982) 0055-scsi-esp-check-TI-buffer-index-befo.patch - Add support to qemu for pv-usb under Xen (fate#316612) 0056-xen-introduce-dummy-system-device.patch 0057-xen-write-information-about-support.patch 0058-xen-add-pvUSB-backend.patch 0059-usb-Fix-conditions-that-xen-usb.c-i.patch - Provide ability to rate limit keyboard events from the vnc server. This is part of the solution to an issue affecting openQA testing, where characters are lost, resulting in unexpected failures (bsc#974914) 0060-vnc-add-configurable-keyboard-delay.patch- Adjust to parallel changes in virglrenderer packages - no longer "BuildRequires" virglrenderer directly, just the devel package.- Fix build compatibility with gcc6 wrt ipxe rom where compiler warnings are treated as errors. ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-legacy-Fix-building-with-GCC-6.patch - Fix ipxe build script which fails under perl v5.24 ipxe-util-v5.24-perl-errors-on-redeclare.patch - Specify build time disk space requirements for ppc64 and ppc64le- Add sysctl script and %post on s390x to allow kvm usage (bsc#975331)- Address various security/stability issues * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Fix OOB access in MIPSnet emulated controller CVE-2016-4002 (bsc#975136) 0042-net-mipsnet-check-packet-length-aga.patch * Fix possible host data leakage to guest from TPR access CVE-2016-4020 (bsc#975700) 0043-i386-kvmvapic-initialise-imm32-vari.patch * Avoid OOB access in 53C9X emulation CVE-2016-4439 (bsc#980711) 0044-esp-check-command-buffer-length-bef.patch * Avoid OOB access in 53C9X emulation CVE-2016-4441 (bsc#980723) 0045-esp-check-dma-length-before-reading.patch * Avoid OOB access in Vmware PV SCSI emulation CVE-2016-4952 (bsc#981266) 0046-scsi-pvscsi-check-command-descripto.patch * Avoid potential DoS in LSI SAS1068 emulation CVE-2016-4964 (bsc#981399) 0047-scsi-mptsas-infinite-loop-while-fet.patch * Fix regression in vga behavior - introduced in v2.6.0 CVE-2016-3712 (bsc#978160) 0048-vga-add-sr_vbe-register-set.patch- Update to v2.6.0: See http://wiki.qemu-project.org/ChangeLog/2.6 - Enable SDL2, virglrenderer (for use with virtio-gpu), xfsctl, and tracing using default log backend - Build efi pxe roms on x86_64- Check modules for conflicting release versions - Suggest recently added block modules- Bump copyright in qemu.spec.in - Enable libiscsi for Factory - Enable seccomp for ppc64le as well- Update to v2.6.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.6 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped (upstreamed): 0041-tests-Use-correct-config-param-for-.patch * Patches renamed: 0042-build-link-with-libatomic-on-powerp.patch -> 0041-build-link-with-libatomic-on-powerp.patch- Partially revert the last change's cleanup - Indicate SUSE version- Update to v2.6.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.6 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Accept every size in DISCARD request from a guest (bsc#964427) 0039-block-split-large-discard-requests-.patch * Recognize libxl flag to disable flush in block device (bsc#879425) 0040-xen_disk-Add-suse-specific-flush-di.patch * Use correct flag for crypto tests 0041-tests-Use-correct-config-param-for-.patch * Fix build on powerpc: 0042-build-link-with-libatomic-on-powerp.patch * Patches dropped (upstreamed): seabios_checkrom_typo.patch seabios_avoid_smbios_signature_string.patch- Disable vte for Leap, fixing build- Don't drop u-boot.e500 yet - breaks testsuite- Re-enable libcacard support - Clean up configured features- Clean up qemu-tools libcacard Provides/Obsoletes - separate again - Drop u-boot.e500 - being packaged as u-boot-ppce500- Update to v2.5.0: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Patches dropped (upstreamed): 0039-tests-Fix-check-report-qtest-target.patch- Fix build on openSUSE 13.2- Fix testsuite on 32bit systems (bsc#957379)- Update to v2.5.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Rebase libseccomp enablement: 0037-Revert-Revert-seccomp-tests-that-al.patch -> 0037-configure-Enable-libseccomp-for-ppc.patch * Provide qemu-ga and qemu-ipxe for qemu-testsuite - Clean up qemu-ksm recommendation- Fix SLE11 build by fixing systemd conditionalization (from olh)- Update to v2.5.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Patches dropped (upstream): 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch 0039-tests-Unique-test-path-for-string-v.patch gcc5-ipxe-add-missing-const-qualifiers.patch gcc5-ipxe-ath9k-Remove-confusing-logic-inversion-in-an-ANI-var.patch SLOF_ppc64le.patch * Patch renamed: 0040-dictzip-Fix-on-big-endian-systems.patch -> 0038-dictzip-Fix-on-big-endian-systems.patch * --enable-smartcard-nss -> --enable-smartcard Needs an external libcacard, so drop it for now. * Drop --enable-vnc-tls * Require xz-devel for ipxe build * Package qemu-ga(8) man page * Package ivshmem-{client,server} * Patches added: 0039-tests-Fix-check-report-qtest-target.patch- Add systemd unit file and udev rules for qemu guest agent - taken from the SLE12 / Leap package, see boo#955707- Add _constraints file (based on work by kenljohnson)- Enable SLOF build for ppc64le, too, now (bsc#949000, bsc#949016)- Allow building SLOF on ppc64le (bsc#949016) SLOF_ppc64le.patch - Add two checks for DictZip and tar qemu-img behavior (bsc#945778) * Clean up qemu-testsuite build/installation- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix endianness issues in DictZip block driver (bsc#937572, bsc#945778) 0027-block-Add-support-for-DictZip-enabl.patch 0028-block-Add-tar-container-format.patch 0040-dictzip-Fix-on-big-endian-systems.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix qemu-testsuite for glib2-2.46.0 by assuring uniqueness of paths 0039-tests-Unique-test-path-for-string-v.patch- Build SLOF on ppc64 (bsc#949016, thanks to k0da) * Simplify x86 fw logic while at it - No need to enable KVM for armv6hl - Add notice about pre_checkin.sh to update_git.sh- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix aarch64 TCG: 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch- Update to v2.4.0: See http://wiki.qemu-project.org/ChangeLog/2.4- Update to v2.4.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.4 * Provide qemu-img symlink instead of passing QTEST_QEMU_IMG- Update to v2.4.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.4 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches dropped: 0037-linux-user-Allocate-thunk-size-dyna.patch 0039-s390x-Fix-stoc-direction.patch 0040-s390x-Add-interlocked-access-facili.patch 0041-fdc-force-the-fifo-access-to-be-in-.patch 0042-rules.mak-Force-CFLAGS-for-all-obje.patch 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch 0044-hw-arm-boot-Increase-fdt-alignment.patch * Patches renamed: 0038-Revert-Revert-seccomp-tests-that-al.patch -> 0037-Revert-Revert-seccomp-tests-that-al.patch * Package new vgabios-virtio.bin * target-x86_64.conf was dropped * Add qemu-block-dmg module sub-package * Set QTEST_QEMU_IMG variable for ahci-test * --enable-quorum and --enable-vnc-ws are no longer available- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix -kernel boot for AArch64 * Patches added: 0044-hw-arm-boot-Increase-fdt-alignment.patch- Use libusb-1_0-devel as buildrequires, not the old unused compatibility layer in libusb-devel- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix qemu2 cow caching (bsc#933132) * Patches added: 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch- Patch queue updated from git://github.com/jirislaby/qemu.git opensuse-2.3 * Patches added: 0042-rules.mak-Force-CFLAGS-for-all-obje.patch gcc5-ipxe-add-missing-const-qualifiers.patch gcc5-ipxe-ath9k-Remove-confusing-logic-inversion-in-an-ANI-var.patch- Fix CVE-2015-3456 (boo#929339) 0041-fdc-force-the-fifo-access-to-be-in-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches added: 0040-s390x-Add-interlocked-access-facili.patch - Disable dependency on libnuma for s390x (not available in SLE12)- Update to v2.3.0: See http://wiki.qemu-project.org/ChangeLog/2.3 - Disable iotests for now- Update to v2.3.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.3- Update seabios_avoid_smbios_signature_string.patch with version applied upstream- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix s390x stoc instructions 0039-s390x-Fix-stoc-direction.patch- Update to v2.3.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (applied upstream): 0037-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch * Patches renamed: 0038-linux-user-Allocate-thunk-size-dyna.patch -> 0037-linux-user-Allocate-thunk-size-dyna.patch * Revert -rc3 change to disable seccomp on non-x86 architectures 0038-Revert-Revert-seccomp-tests-that-al.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix qemu-linux-user on powerpc * Patches added: 0038-linux-user-Allocate-thunk-size-dyna.patch- Split off qemu-testsuite.spec * Package check-report.html and check-report.xml * Enable quick iotests - Dropped 0030-net-Warn-about-default-MAC-address.patch The warning is relevant only for bridged setups, not for the default SLIRP based -net user / -netdev user setup, and it breaks output expectations of some iotests. * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches renamed: 0031-console-add-question-mark-escape-op.patch -> 0030-console-add-question-mark-escape-op.patch 0032-Make-char-muxer-more-robust-wrt-sma.patch -> 0031-Make-char-muxer-more-robust-wrt-sma.patch 0033-linux-user-lseek-explicitly-cast-no.patch -> 0032-linux-user-lseek-explicitly-cast-no.patch 0034-virtfs-proxy-helper-Provide-__u64-f.patch -> 0033-virtfs-proxy-helper-Provide-__u64-f.patch 0035-configure-Enable-PIE-for-ppc-and-pp.patch -> 0034-configure-Enable-PIE-for-ppc-and-pp.patch 0036-qtest-Increase-socket-timeout.patch -> 0035-qtest-Increase-socket-timeout.patch 0037-AIO-Reduce-number-of-threads-for-32.patch -> 0036-AIO-Reduce-number-of-threads-for-32.patch 0038-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch -> 0037-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch - Re-enable glusterfs on Factory (updated from v3.6.1 to v3.6.2) - Re-enable seccomp for armv7l (libseccomp submission pending)- Suppress seccomp for Factory armv7l (broken in libseccomp v2.2.0) - Disable glusterfs explicitly on Factory, SLE12 and before 13.1- Enable glusterfs and package as qemu-block-gluster glusterfs post-v3.5.3 and v3.6.1/v3.6.2 have switched the glusterfs-api.pc version incompatibly, so only 13.1+13.2 for now - Use macro for module Conflicts- Tidy configure options: * Move --enable-modules to build options * Sort libusb alphabetically * Explicitly enable attr, bluez, fdt, lzo, tpm, vhdx, vhost-net, vnc, xen-pci-passthrough * Enable bzip2 * Enable libssh2 where possible and package as qemu-block-ssh * Enable numa where a compatible numactl is available * Enable quorum where a compatible gnutls is available * Enable snappy where possible * Prepare to enable glusterfs * Explicitly enable the nop tracing backend (to be revisited) * Explicitly disable Archipelago, as we don't have libxseg and it's incompatibly GPL-3.0+ * Explicitly disable libiscsi, libnfs, netmap and rbd as we don't have packages * Drop deprecated --enable-virtio-blk-data-plane (now default)- Fix 64-bit TCG stores on 32-bit Big Endian hosts (ppc) 0038-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3- Update to v2.3.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (upstreamed): 0038-fw_cfg-test-Fix-test-path-to-includ.patch 0039-rcu-tests-fix-compilation-on-32-bit.patch- make check was failing due to a bogus SMBIOS signature being encountered within SeaBIOS. Avoid having that signature stored randomly within the SeaBIOS image. * seabios_avoid_smbios_signature_string.patch- Build x86 firmware only from 13.1 on (11.4 was broken, surpassing 128 KB) - Update to v2.3.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (upstreamed): 0038-linux-user-Fix-emulation-of-splice-.patch 0039-ide-fix-cmd_write_pio-when-nsectors.patch 0040-ide-fix-cmd_read_pio-when-nsectors-.patch 0041-ahci-Fix-sglist-offset-manipulation.patch 0042-ahci-test-improve-rw-buffer-pattern.patch 0045-linux-user-fix-broken-cpu_copy.patch * Patches renamed: 0043-fw_cfg-test-Fix-test-path-to-includ.patch -> 0038-fw_cfg-test-Fix-test-path-to-includ.patch 0044-rcu-tests-fix-compilation-on-32-bit.patch -> 0039-rcu-tests-fix-compilation-on-32-bit.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches added: 0045-linux-user-fix-broken-cpu_copy.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Make test path for fw_cfg-test unique (including architecture) 0043-fw_cfg-test-Fix-test-path-to-includ.patch * Fix rcu tests build on ppc (undefined reference to `__sync_fetch_and_add_8') 0044-rcu-tests-fix-compilation-on-32-bit.patch - Fix typo in SeaBIOS size check seabios_checkrom_typo.patch- Update to v2.3.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.3 * Updated update_git.sh accordingly * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * seabios_128kb.patch: Added patch to squeeze SeaBIOS into 128 KB with our gcc 4.8.3 (brogers@suse.com) - Renamed 0030-Legacy-Patch-kvm-qemu-preXX-report-.patch to 0030-net-Warn-about-default-MAC-address.patch: Suppress warning for accel=qtest, to sanitize make check results. - Added patches to fix ahci-test: 0039-ide-fix-cmd_write_pio-when-nsectors.patch 0040-ide-fix-cmd_read_pio-when-nsectors-.patch 0041-ahci-Fix-sglist-offset-manipulation.patch 0042-ahci-test-improve-rw-buffer-pattern.patch- Update company name in spec file templates - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches added: 0038-linux-user-Fix-emulation-of-splice-.patch- Add user kvm when installing guest-agent. - Use macro to update udev_rules when available- Fix packaging of e500 U-Boot - Don't rely on wildcard with explicit excludes- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches added: 0037-AIO-Reduce-number-of-threads-for-32.patch- Update to v2.2.0: See http://wiki.qemu-project.org/ChangeLog/2.2 * Updated DictZip and Tar block backends accordingly - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches dropped: 0015-target-arm-linux-user-no-tb_flush-o.patch (tb_flush() not called) 0037-tests-Don-t-run-qom-test-twice.patch (superseded) 0039-linux-user-Cast-validity-checks-on-.patch (helper function introduced) 0040-linux-user-Convert-blkpg-to-use-a-s.patch (upstreamed) * Patched renumbered: 0016-linux-user-Ignore-broken-loop-ioctl.patch -> 0015-linux-user-Ignore-broken-loop-ioctl.patch 0017-linux-user-lock-tcg.patch -> 0016-linux-user-lock-tcg.patch 0018-linux-user-Run-multi-threaded-code-.patch -> 0017-linux-user-Run-multi-threaded-code-.patch 0019-linux-user-lock-tb-flushing-too.patch -> 0018-linux-user-lock-tb-flushing-too.patch 0020-linux-user-Fake-proc-cpuinfo.patch -> 0019-linux-user-Fake-proc-cpuinfo.patch 0021-linux-user-implement-FS_IOC_GETFLAG.patch -> 0020-linux-user-implement-FS_IOC_GETFLAG.patch 0022-linux-user-implement-FS_IOC_SETFLAG.patch -> 0021-linux-user-implement-FS_IOC_SETFLAG.patch 0023-linux-user-XXX-disable-fiemap.patch -> 0022-linux-user-XXX-disable-fiemap.patch 0024-slirp-nooutgoing.patch -> 0023-slirp-nooutgoing.patch 0025-vnc-password-file-and-incoming-conn.patch -> 0024-vnc-password-file-and-incoming-conn.patch 0026-linux-user-add-more-blk-ioctls.patch -> 0025-linux-user-add-more-blk-ioctls.patch 0027-linux-user-use-target_ulong.patch -> 0026-linux-user-use-target_ulong.patch 0028-block-Add-support-for-DictZip-enabl.patch -> 0027-block-Add-support-for-DictZip-enabl.patch 0029-block-Add-tar-container-format.patch -> 0028-block-Add-tar-container-format.patch 0030-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0029-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0031-Legacy-Patch-kvm-qemu-preXX-report-.patch -> 0030-Legacy-Patch-kvm-qemu-preXX-report-.patch 0032-console-add-question-mark-escape-op.patch -> 0031-console-add-question-mark-escape-op.patch 0033-Make-char-muxer-more-robust-wrt-sma.patch -> 0032-Make-char-muxer-more-robust-wrt-sma.patch 0034-linux-user-lseek-explicitly-cast-no.patch -> 0033-linux-user-lseek-explicitly-cast-no.patch 0035-virtfs-proxy-helper-Provide-__u64-f.patch -> 0034-virtfs-proxy-helper-Provide-__u64-f.patch 0036-configure-Enable-PIE-for-ppc-and-pp.patch -> 0035-configure-Enable-PIE-for-ppc-and-pp.patch 0038-qtest-Increase-socket-timeout.patch -> 0036-qtest-Increase-socket-timeout.patchlamb14 1635953325bd35b6685f9132a3386709e296241db02808a8594.2.1-lp152.9.23.14.2.1-lp152.9.23.1debug.build-id35b6685f9132a3386709e296241db02808a85935b6685f9132a3386709e296241db02808a859.debugusrbinqemu-ga-4.2.1-lp152.9.23.1.x86_64.debug/usr/lib//usr/lib/debug//usr/lib/debug/.build-id/bd//usr/lib/debug/usr//usr/lib/debug/usr/bin/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:17142/openSUSE_Leap_15.2_Update/164f2abf324592325cb35618f22e7cba-qemu.openSUSE_Leap_15.2_Updatecpioxz5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, BuildID[sha1]=bd35b6685f9132a3386709e296241db02808a859, for GNU/Linux 3.2.0, with debug_info, not strippedP,h놠6=uBqemu-debugsource(x86-64)4.2.1-lp152.9.23.1utf-8f8135292523045d4a3b38e11476fc90545edce679567f364aece24f189cc34a4?7zXZ !t/w] crt:bLL vaXOgpYDR͔ldppa( S 竁PDwD8m,%l60~ok TlGJ{<0PłK)w L7-  )JC5@s3ibJD0#{=W@ zL̴2@_гyXW#BcpUPs)p,bBE= ID==7zvNO 6b_/Ύw4jh,)U,P!ޢ_e yއ{FWhAaU d8V10jW&w߾!”j˨ ^Q]GĮFʪ SxWCާ,NِxVgUUW-i@,%kmdDlɮp-Õ*V-k$Ǩ?q,ɍb?gcDdL߅qP cOkĤV4^z^s;rx-q؞Vڨ@,+ [1JT\!8E$X Q>i3]:hNM mk(n\W@:5@cmݴYƭg2WKo^sSn+WAm&z6ÞuԒ}g =V"]ۧ> Ybs(`3a~<ݖLpПVFE_}uY = -_wbqqm^Xh+nE\ :@"]eN\=Ȕ $^7VNV~$4TNtc w:cR4^eGIjꆱR4N|,"oK۪|c3kQLOʆJR]I*&,"z egn7\c,T$L6.!WIy|UD ]Wւ{߲TM2 `CԧSL=_7ߜx `ːTzhO _C}9!) >  3c4P =<*r@ipdV Rఠ(%i#GdK{&É*!")ưY4>g)H85Bw=<5kՁBr"?Rfŕk9ӻ'IMeDi5 UcyADyQH4T)na+$rim(7jSEyI S T;#*ugqCrq(uPr-X,k@jZ/pCD"3teg[Q*YR%`wkG?~dۤDhzrc|D1 B;ċ y6%m&(LI0cZw(& s+l& E>^1++hGK ,&<5{vYȌmF-FYƆŷ;&i=ۏ;BDA(P I pӠbb`FgB:_^92]nkI!>╺iT׶ˢ֍ )[#CTݝ=a YF.mأ LxuLNn{8 Lhs՞mT9 .,5we[ؚ6>g0uBAJdu!CO ])@3 LMS]P'q8TCvF`Ta|\+*!iHŮ08zθ4/e'!9P 1 P"$ h$)0JW'էZ*mq[8}cm %YĸfQ?TpNr⩎fżiVk éշ .n+EY[jlGũ/j!9s#'%Ɣ~Ǿ el*z!g0-3$H%C:;;_ `GGʐ9p0T,O(_uPu*N,id02,>HϢ &ƕ\רঈ龃3p[Ǒԑ#RckX0z7ە6 thbrdA&/C/CɡT[6C^#EUXIS?/yeP$d߈R\ADʴ M*j('PZ 3+Mҹ[v,n#$3 t@ $O;̰n{mU:Ծ]wk<ޛ//Wv+a!{=UE v4tb" 2eÈ.{Uݨ$ܓ@*/&<ӨvmjȖ~ c (`xw5f>B?uFQ519˘CJqY#ژV>A&03xpO9bu㻺 64Ȏ"5,{6zW]KB8q[}@{Bij&%%RUa, ~4?EniևB!hʐS=ըpEr50#F+B Ip% H]h\5ԐW('IϘj)҃U3og%fƕ4@!f QOZ $.&&36zb$' ']6-'20&ȅa&Q4P7%lHrʒпԒm@NCȋm), [A t1ds,FiUm*Bs# X+/|Fs ,>(7us (M4&:@bn'JW|}\ 8H9~0akS6Vc@[Zs9g8uș\l(VZ?Ƀ I`!BHSJ"%ͩIf(Z ۂX!D&)XT$CZ 1z_"L޼1.~44b{ZPAC]>y~$B8KHMv81IxiNϸW}'4O#X7d$P9#wT+߻'h:(s} $z 4NJޗjsΖr"`E\UExR7-V?-k.^" 擫eS8axeT*UT5 FLΥ~G-q|Tv "mԝ7G$eayx3,065Lyr-AŗlS1 lڔi\G2Ԇ1`v҅pz8K D.@|Џ?づǪ 8}H$e TZ4@?5R';hd-So: (GnM!IYʕh<ΫiȦbIBHQ#Z%%sSJ(LLhCi!Z[eQ9&ܠ }DDTDs$s#=SM?~W(МMa1_I`FiJfX06]8 DsrП:HԤݎђ?U'3{ Ǜ` ;N_65R0M)z-ya`vs|{^Ƒ5T>MLqkViťJWA0;4ټI0M)Wn1 JXeV,L78`;!x57=eH9ePya[}b5)PsTjjFÇO'hnQZ/Յo q"@hr.myy:fP* KVAN tVhH> l\U6fS4; T"V[Q&PlBAUZ-̖'!_pCGULͪ~ x7b:w[g59{uЫ <32ߓ Q:ۖ1Pq];@Sa-;`фE†=G8޿]͢['7ZI;yR\yMNU@X 'k [x$:~ONX9Ŧ>4Kkf Jyԗ.hGYkzwƶʓV_=r7L(}ݛnQg_w@8n)a{"*ahwdQ[HH`g*ኸ~L Ge?P ktwsb[ZEZx[ "\jsOs-hPN=,ɇWCjb,F&$mJmyx%5ҷъΌ:)VO"^}3*AhEG([.Pht[h12i%;̞LEq Wִ۷sS^~4v4FxQP+?Fտso= WȖz.[=wŬR;&,?I-M,#*Q5qd} \CqmE!TP>ϧ1C~HkE&NMa; YU# ;+QSPo͏3uL;='X{< ˻r}v,Zq\m1\m*~fG'mF R _ _2όݾQPW~)7Tj͘++MCc9'wPnصVb/0E ";+#/p(Gv{8\yn|n"E[ ե 1b}ѥ:yBtGԅHhY@Rk'ԻLjm+-&(~J]l*i{`>U LgF]QIP͹oMZI,4*)@%2m}4l?ׁY:$ UJuqY$mDn[]vMuhT`N=",3Ud #7:(d98*OSKlqJT!sEު+KdקR1ٍM-KX+B̺B{uUc/y&&r,ܗ 鮕w W%LX cpYrxa6˿|0IC@7*5ufxtR;Wۜ#{)/?:3]M+u(eIJӽ9[GNP [niۯ&)="4WnL;>]Palqq3?)RqPtP qtWc洶;*?`L9v **- p}>76ɗ vj-2+jO b F>EU(gI ITқetc 2 EňBd0'EA/ e`~Dm>β)圑#Ԫ!!IBˌsbD1ZMMJTQ9fyDoNQX*ob/v޿$WT/vK*Էe>K'U_j[`90 ԃÕ$i|]P%CaS$ш|<0+9?5/\vD:j˺NT! =]9X.ЦD8b \ WǵrE_)]ԇє4MΆpXՐEEc8T-'pctu(;Bu73[tl EV`[4Ht6q #;91_7w{@ {6h@?xif-cK椡>Rv:k!-,4'_' ejrO|VDAoL9T%"Hy">D<`el@m嬜ܯ :%D^ǑT]bk~=se/k)> \o5՟mW{SO<"n}]tG@иu֡ &2!W㡋?q겭NL9p-_ $%nweyQXXy zL6N0Ev# Tʹ0LaϥQyp8*Q 2fܠVq%z*bڭM)d[quK_֤ eҘ{0*-c9V%\90I4-(} ŀ_U":}!4>'oA*I}xw?p'eBmk\钤bzj]W*͌Bwd:@1>ytiѼb$G2RhSΣ^/\`:(6公툌q<ۇ$;n0{v{Bٴ4/ dnyﺽ-0 9ILcA|Wgf6~yDGLH6/5Pyd,t<$G5)BAȮ?['L~}1]a4?PZ+f LJZAy"ˊ~(*a(v-qrZ5>3˗FDߑB%(47do)~EgXZt0sH [>0_@%\ LQA/ju>+ "(0МU /׶Mp* -l Ӭ\/i%AsK 'm-t[nٞhO;$ߴ'(^eXB!.˓4K CR$8r9@&λ~|օև$rWƅlU)ӧ koǩ!ڵz%۲?sW\Htɂ*8?8ZVMm-CnZ4=!s-.X{!ͰʛpEflQpm0QB&oajl%Uѭ)`J",IίZIOP_! q= 4& h@5duVG~U :j3鮟+; W_P^,S]>n<*;bx_150 2ѡGv YAQg݁a!˹u99_/d<)s~vtoGqǑ]8߲z+VwQzu?v=]*& -e'w(#%q } :ȹz[2VD)y:LJJwW!h'fLOX \Ce/zh7zC||Fqao"p4NϮ%a͈-=. E9 qoj BP~`x<-4Fq,$!EI;2$+N ~X5ϥj-VkȖ/chv[ k U;f~0,0U?DaIV~m'/63Z xL$a.+01f0&G YgV|0ԟVV<4Y#]Opʨ}`:rshnOHPT%&89WQ,r:ql8_(;(9@4yEn5n^'YQTM>BjoMJwR KU '3j;񣕂JV Z[׼ ab "rހFm0FbCuk ^~eSv%ϩK__o0l0 Nl]ΑoT(BN#Q@TNj} 6Q.gm9a@A|YKv(ֶn1U5yY5Jutm7Ī\ ǾW y%Fq$R%fxĈNb0V`dL9hx߄H썟%,%wÊ0(j8} =;"zKs% (`~Hۨ@?3;wUa*nŊ8f(hN8|e˒DW+:[iFv '$k^)<]9 ?}2܈I:< `߻:݅@9l`}Tҟ _})ҧLVLV/*4kοٮ }ȋ%,%fI&mi$% =A nT>z7û^sE]2JÞ14zj>cRSВ+=S@qy{#3y͗ێ26u26c 2`% KBk8VW-WhJ/-s<0˜J10gHuh 'Gȸ1}MzyJ(n)NNmR|Z Uj@xҚ Om> ymvr~嶨u$f2GDiyʤg ȕT4N|x7E'#x}} o|`!.r"W ^WAkX_`G2'C֑a!.Nyg.ctze|z+YU*񷭘k%qF>.H:B+Fua$ћ4nL;s'ts3↓1;L.jTo|rxPp^C\^)y!0:/&X-.O=;E#I=JͷGʷ]`,c`~WtsBFjvWm,u:,zPصgrF՟U\z/kI?qU\ U-Il*Bm>$eXgx ΄a.[+>[>o$KA6?h+fLN!K¶JvD0+gó2lcff`sܬ7&ڽ(ZT;k7N00ơgbj >-O{p{\14턆fxt*ٯk(ԃ`4!J{VRqE _`wB9 (xA Σ*MPx5o&JAP'EB`~H GӺ U,cV5 ~G aE2x<>eR67dVd/ D/I9ow· h^̣4B۷ G"] 3C +/-d&].?>[S0nX"/ON .ؠRS"s]…3G3&\6;ja Xpc]nSpcɹ{t7 YWxLd 1&Xs!\R1$$F\nZ Dw=lZ .Ψ*(kdq.@ @9]WGʙ{'f(ej>sXsp1T͆YQYeSCЅfN<@! ;+txj`tpǵO0&LFZ0,F_d1^X.Aa$mڬ}7mÁRaT)DU 'Hhe݌&4MsSS]EA=ji_ʋQ6TXCݒ& 3S\`؇/Ugy^[5ٖÁ3s = uRgPNϣ@aVǎQQO|ydi`QzC?;4*yڥj:\th!*55@6^ڱL,HŨuo'mcOɴ/bֽbq,u+"r&^S;G1\!^AS$F}_%vMC瘨5uFBiή9rd)"&ZֿC! oGhq (9ϳE&櫗6*_7uE?:a Ƃ.\ihŔh0eДz{Sx+}c&Fg7fʗ?Nf^:d+F5B?o@_Rn bpvFmF8E;&\GXL?Ǹnۡ^%3ǃ{X7)WeoD,?$fA:P`O{:X0IJ )d:&_N"6oefIt@$~vN3 qzp, \^LQ \ga$㚺0+Dzi0(GVjVGҧ} 7ɏ`1͈OZIv!ήWRx0Z s?XCO8ȣFD/?bIhBCt'Wjx?pv;tEVy(WAY)>E1@^ؠ~QDQh!=z<F-llY JIx2Kj"6H Zqڥ=jh:3w˫H%1G}襨{Ku5ٲ&_n)T G})*D>W$J.{zGӗ=Nԑ3$l$7mRspL!߈O/ 2~* :(u/0x6"5 ߕ= DE9KkI06F+ ܡFJSHu:hL}o67֏' xNB‚[Ҷ]VӫpR"jZ:Pҟ̦ApPsS^3/VPw]iլ{A o%̏U FqQvh,^_Ʊ`.J Q0șP[ ˂͝AK͑WkE6'Ŗ]{j ؊/ehCjJO3+y8&=F?'e.{ n,a3`GE#fG!Mg S+7 ś *4x{ğ ^VԌKtn@rۂPcL׀Su5maΖ̞f,MNYBMbCc}pO(^z}zgMs}GS PjT *(+}!9zjGm\&(6y&DOo-By-!Bö,qzjG7~ACLFK95{}MMn<&t)KVIME㚇Xe=JxS_V8/knׂ3q$ղݒ_w~@n1Ѣr/Ҿ - 'H˹MDPw]L6_FqN<xɺY AJO{[E^f?ˌbnIHL3ZE9 CdoڕQqicV^{EhF܌ sJ ~=@t"8dy569?^,/DSqv{_]Lpl](/qn'iުК޾va`:\Z MԣO@V7]-7JɠyIwqiqDtb)J<<[ι9>7q# [XY1c+eTO] q3z;z!AIbLwIد흗5& yͨIr2(( CT6 {5)ٝ{]x#eL.zlǎ-A&QA7ḴUHq.-?Q?e#B)mL9û0WRpr$7e)1І_]a*95+2dAnc tIO$+~ R+Gٯ/ 3pʛf_d.yIؖc\ކ^A1#¨Φ "BoeΈ."I{Pl?O >F )\y Ҳ:;y/VE(A6.MaؘsY(˼@0Н{*̡I(N4j{@Gu~?UjOuw$(z۴ 4 e#Ta1nW5b]j!ASq/];TqEY6|_ _W[ճ(R|[i.ĝqDO(vzvw-ފ"n:\'}:g(֍iU~8mHC{UH9 $FՈ@hqBi5S`TW+TLXB9ax hMzsț3InQLp?]ă@/U)OQM qPW" ImQH(hiQbMԷW(dAap8M;x.fL|!l(fhuh:|ݔ2ل Dta+Mџ:( unlx-3uMyb|I)YXBbփX. D,Sr EH+O\_qjS",s hRIo CTbϹOn^H(Bġ2')cf\Lާ],gL50SREJ*[b&% XM 5N![O{5;&Mde.V*NdIV&uLΎ$&>;H#!6")QЍ7 RHwVl>Rb۳%_صТUFзBVWK pZٔr8Ѥу&dx?V_# #,J.؈^t$dw5&KvuY>#ᙃϸPg٨xǾ,ebOsU' 2 4<3eVHc:J52Xg>#1'U.F; ph\8=u ٜuPˇl)G43GX<)75#sؖ9x7 ƶ1؀/5oJ?8^v!l*DžW 7_!;ƒnSNuON3 weh(P@i2;A:|ZV-NA7=VVs d(B#KCc^a;URfX>0AÚljQНS;g9 /N_9&+JY)[jQorUȇxZX W`{ɝM€ZufY倿CMO_ev3{O+98(ըkVnJ ڄgA, 1FvS]WȱQc%Ht17دSvN.lMqڃnPh,g gȡKg Gg{wOJKЫ$= .?>q#K4?xGFTCE "l0OlcRk SnĢ?}P;ovS'In_O0(Єrw^)[\=|Jcw>2X'+KOjr6Gm&n0ASY;ɚά~O<4ɆY&@5x/S)gH_W\t^ADO18im;!J-!db)DR=*~vvVtta}%]Oo[le'oΨf3NSuA1 ~txTBS!5ZM}vظ URRFô'㥦[iA('3{WX.)k@X_ ^ ;/#?xT4!oja\K crQ%5%S]*|-MXYmH3Fƞ m@"# oEi )rԲ<~,7S#wŬi_&@x[6l]FJcg?,> d(ۢ ےcK:7Z'@ y`K@X ظf )@bf R XF\ npnC;T:(?:Pt#Mli!ˡ{vZ電uu`fP1 ܝhHI|WaŮ.+m1Q0mj: O\y}uv[1v.?G!qԾ~|;Hsd$e:e t0TS5!ӆ^PJf!U#.'s:8JjXlANBA]HC/:ԕ[Z(Ad2pJB tYvwF`wo>jAqgwP*afR nj*fi0TR{צR 5V֚8: e#Pv( ꝵǘFZ$FTa\YeoA~HK7X2Age>zNd[,2Ⅽ7L쯡}d_.$=6šz}dGa~A,hf\Zѧ"fS|J5M)̋BKs@&U]-۝*j=B;wtzεyO6d9}6MQp%VTFBx. caU(qbl9;>!_$zj]@w|b83O/܁loT=Sڇת;I_V"0S.R8!FIFf)I5M2{W.l">\ѐ^9㣲nF[1yE- J*3&da'&\ⱼKվ<5:R]y܋EJq')u&N!Tf7Ln‰s6}J[4 2 ua92!xjH_|шuoyR}!E>:OpK GAE2ǻٖrnAmbVg_ˇcۆ5n$vEpc{}WѷP/ٺVy [²Wsj湔el.p4.:j삘&J/4=3ذTd1Mu'n5!Z4OS`VeN ݞKCx% zlNzzMJB &;qG3lrNNPa$-;ȶjXc[M7`o/KRkQr⮓$ j;mŻ[ )Ԅ/mRt>sxElX'r(a-o.u .V'Q JA'@?qKE&_;E [_Ciu7S',@V5cgUYg f[LijA mEFvK(5M:F_ᬰcR(x5HӞ#>,3A*V Gָ tpי3&l/ h)2qu)hHf~wg^u_Sf?/6g BmXG٢U(U;Ǭ8R%-ٜS DK]#s4g'0UivE+o8gS$!W`CXY&X3xܒGd1GM`2YUF&u*X/v4Cű0 0bc*c-ΧsK$eDE1?ӻk%#=[M @5 hݎ{|OUoDs UTH r;HcDBzNˏD @+TpL#1>9_shO6$qO,dy;OwNt.QY}f ӄ껧_o 2hJ89XzH3%e7 Qɻ(1O*9Ȃ|劗j$'$'42vB^adž$mlȓAV=c1/s.}) ; YPfŕն[Yrp~" 2q[&q{tDb*0B:zD EBŕms"&v3X!z3q]1WZe@قxU~]D1챂۵4KNQYK^PX{,..Ȇi;$`*EXxvշI y+ hK " l*CG[^zˋD7pŏ% EY8`% GgB67 e!7C:u",`Tnw{_6g8dxzNñ̤Xf .ӽhimg"' Z#CQ7- ~F+oP-pXw|l,?~G~"ЩU/N/fRHgJ]qųRMkaSy1p@VCm:ul {$U BPިhiJrm>ɞ W)&0L57f%|}D:>)~( ^'jm[XsU+GZ˭ ąMs{=-j0=T#zI(R.ذRSovo}Fbh˩V3 EƦ3- 2|*3MQ/) pxP<n@B͢n:_`3_d!v5[5ɀkz/DLVr!S2O )կ ;rV8{PHw? ){uML(u[zk89k[(RG_yi<{K :mj ߃d㘒l-б7IS}LIe^y1ڀEdfVZztiA;ڮHZ _%@bJXbg.{Y7x59T)GwmW.箄/ìb85Vh9mV>S*R_?p?x`ϳ((1sXtxJ:֓T9ܛP-R Kq)5 $=BӅ0L}(¨ ħCYү$<7iO7\9QX#ܿr<yan#B S Ap$&ęi5 V֋ۙ)A=r%UY\ee0MDVyga;8lk5) O*@bS9]}@cgR_%Go"}w͛*6:-ȍ**)cxiE1" /WUeB~0CFԯ p ~V>:wlHk0:]i.X?T(6²<0Sw ),? ۿ>7?>VB{Mw3B =w߸R7zZ)e53ъf}qSFvz:#Iv}M6Dioyk{FRH/h"sP[JdjV(@iS$E7$BSu M3uΑ&Ol}rX?E67հ kMLvmioX5H#s()k?FTum$$C"*q̃(h j)[[1c! af>2F=;Wm;fh~r=V±,`( ʔB#9=Q8=)/ `nXPfw==ԛ(g̞Qg/PF*K?6} ʡ1EEqdbݭri rN霘fк9[vsM`U*^E1*ݴXB[;G yTH8vC!"E"wA[޴! EŭJ4ژ!>܈lO%%l]!20j3Q2{GSPsz ц)=03'DC^?9>]x 2ﭛzͺcO'ϝYTw=̫MO˹ȚB5*dҸ$iUD}o-IprԖXY MҞ@j5T6 3u44ˬ|O CUzL|b]JO2Ňux% z$T_+aX_!~2W˞ABWx=06rEodhVw=nՇT' S~ibR,2b<ޏvCAЉX0i"z&P᪐x(g _A&܊cLQh" R>d?h}<* aKbe=?"nh,aayU *>0x8(9eˤ7$Ôj?bv!іG2 H=!fQĂU#(_nO6NVRj@8]=Px=,wunO|n.Q l3!Ѐc;0 <*=c?z v4 YZ65TxromM[\N9!XN颖SmɔvJzPh.#ق'/4`/ tA=%gv1ߒ |<7ָj Hne󍌲ԕuMvZp?0G$0?vHuG+z$yL AzF$qγdPX4mo9*JP wm~x 9}B#$]wLDM\Dz6ңV^֢xD8 ѼܑbΪY7 f\bk+ x6hrϘI9ZV! %e1=C+b/ .DPʡreʶ#+S"bwf؞$iIϖXEpw'$*{H{7~wnB&l_%,N); r`9(v_*,;?Lg. a-vVo*!7g"Hd" T;F]v/b. E;p1KM{F[qY5pX ˟NA`';*Qb,Nt Ὸ!|W#^T; )? vI!ϤC>?* bsʷ}ȝ #wFV`*P$hcI8M2}_lmj5)1 $:DߖӚh͂8bEJldՕ։(}y&l4WHRn}1\ CǑuM~ k/:넵s ~B]+[_WK!YǨ3YA1MI>rr33Emv[|8aqX4B֤iN( IT6  YP P@zS#'bW~Y4-ga=cװNo%'YShO2z(< }XRw1OB Cr?'$H^1yD ],Q4O.*9P E@:1FryV#qg}2Ppߤ\RkIi<wdբ;vyV Ɋ~\}8XⰋ_ P(TQo\pҦzW;yȯVl훇[)0;^xuJn,cPw( ;S\ߔUJWc8va%e4a}$9< ('qəZcm96k;Ә O μ>29Q=K6Iͮ`N#xqBȸXXv(x tŽ9)g ,Y#h(V0>@3z'3MEq*@v8CRk칏%=Aơl`ykV{?F k s(&&g#kJ簢Y=;:Rp7VI{Χ,r j&0ʬ]d.;ކ¹NwiaЈ)ޕaR}B|d=΃<[tNeYpD:ΚVl%]K%1E$\yiZT@`?ƫ&B2=2nCHA5QB$rz.!t^7*rKE*@wˎ% R lU:0.t4QvJl\@֠;~5ѹH#[/N*ɒd.9b}e3)QN}2 Đ_,?.Aiמּ+FYrͶhA2Q7ijy ƀ'חFuN.$RFφ¿QЪg)>7]o8Ag!L.NY̟7ے8K|M)pOf!f?ð}YIJ} $S 巫QiLжueBq]XLghُh vPK`j(H=eMgl܅d00~8UBA1oԙw;wIU)uƲSSiϝ帲:2G0ao%E\ ו酩 %G #o? oh? Z,FPY@60=TMjm;i'׏§Xײ!QD Ϩ mM2R95SC6Sj}*$>(l1W\ Sa cw$K8㯇aZoT(+$%`;OQ_o%ݷͭ=9q!Bc(קzzcaF QO*J0Xcs9K5{L&LxYTH^קn0=\ jb YDhgXl:Bix3&nvRz\/x8%\UeGn]vsN(ޞ~Oji*z<9 1ʄPnndWM Fч܈,q& D yqB [ޝuwЖJh"kG`k / , QӅdVS]!vןvG8UIqn63 );]/O/_rdӓD 1v1EC( BQ>V`7`=x4$ 0=+)cJɄYY ߔvdNj+&+wrhCWdb\{W/,wP m@|c'#b5u9Cѵ>;o%8B?^iZ%Frg1wZ"giO#>_/:ez5Pt/PbWK@H 7n V{`< 1*H"fbm|9gygm$KqLO *b 5 c1QJ b̆#UXфG&MLW"wvm\rŸ / ؁ AS ^ަ܎0~yԣ)45/vLG'bAFeZ 5z8YЉI(\_TvtcGY/h-ɑ (L9nV,(%jk[ נwLg׹2.Ku}j%`H /P)ly %m@zR 7`RIKa%%FѯÐ'RSv:ݕLlյG;I`:[wW'4"6kѽ܄|<!05'{iNa@v}Ͱd]^g^8ɹ]zLЀ+2}f,h70-$6m axtJ?1#m݅v|=.J0$AiE kp1xوϙay#L_yeŌ}5f~^ h]5HՉ롒$EUh ̾pKx~l Pv]KF;+׶2!yfHay<[=Κ$aݝ+2vX.eV:JYh\ ? &M!m: [5$կ 1ȧŭg*o0_0^Nɱwx|.hoE-G u`ġf"Y_V޸KKS4(kK d욧;mQ^ԥ,2чͮK, IJ4{p_ޤ-Os$89dNP `C4_IO&F5:xe=`iYи#Yؼրޣ}$Js/{7uE2@Dx1u< 3+N9Ĉ>?ұ'k̗R1eGyrUG18 \Ke0mJ--D%a-i ΈT  X^p6;W73(Qd HpV{s^NC9S8RnQ$*[ˌeu vTaẢAN]_uv^7^Aǃ`%-6 z E % 1GE%<7"m/^"_3^4οGjjdvOsN/& x$1.(X0ZHƂlcvz#:W7F$J B^l=ҟ65DXh=j=MX\s ={,akW- T`7sS-w3$bQriI9`*fn? w3oGRV:4SP'm/x׽xOo hT؜/mݬa(:APBi/9hhMH'޳`f{Xԍ\!~iʼhdB_QI<2hCǪF|EfwOX0A|܍5}'.4XW'P3E\JxN71&ʶfz'b]BjO'"xNjW[&ft[wx"Ii{7jq:XӠg$DVrR+_Lu𯝪/` dZX'I>+3Y_j[sd:]g8"ޚ#8ZCGjid9;u!@mR* u1̩u|jk"RNs[*j xA3| 0)J]zXJQj϶ )\Y_dz) ?#IS :Mw73@2UfyV4plqMfԯJDǁ.L[n6%<~ T/O%yGk-9X AN&'r J#]@ʅ4 ?0ݵT-0U!;[rXm4ARftEwo 0 ڜ;W(ko2Rh7UI" R'Ⰶj<;1 0W{D1

zXd>|?MٜG-upE?ǔBVş~WÉOfhNzIIe5* b kHPJ-O9g '_DӰYwQk~2*tejA2‡SU.+p[$qڵ,11Es$fbLkU |DŽYw$SAЪd$M /l Oj4VMыr^ZJ'7v@_t!ܼ} &s]n2y45+5PY=d#3jeӃ݄[:O-KVIlaKƞ˜5w&huO&r349=^ѐI'AyXz=?!誵 g*G ~TANt :+O d0B@L&KǛ͋40Ι% јZzie;a zo RSжhSێ:.ENnrgMa?PJrӂ:zudP4GeUA}L p^0'̮XoFKw;4sjWB~67mMSvo`!/cgGDJ(eP@P 1n -ٻRF)ꇪhBOe)SDJti0Vya9w=R^BaUk ]w7[J+o9 {f 4p˲#Ip`g-Mm5 I7z1|kglRBM\Vx3X伋t=g;ԯ_R ܚYwWd=My;J+nݐ%½ 2^~) < H"t*5+B]},N߫iv=-Z=?\ ӎbmEks'Mp_$҅]a[}k1b eD((Y"ira]pq Bdn;&*xu.>ȱȗ c{1undC7aH~~Jhx iON^MchC af˧[q؁p wtsngbB R7n7=n,\H*N?aor&cvoy)k_IW^vF_VƘ%qF_R_ut_;Y`8Z>r/@-a ^4 U;/ebж:j|2 )sMەw,k WHêEЭ#0NVXTw4lkLܶF3&>{/;Kã<1zV2jLFa[ TZ7 f/ϱљa:9E ]Ukrޗsذ mEƾGACsE0D 6D z>yh-kw"F'nyZD C%֌Efof𐤨EmOz & _4ǝm$Iy96^}JE! J@--ÈK7ߙ=cOv&dR,jFqft`SBFhr^jE!v{ldrwon7:t%ų"(G1=7u#U@Fe1Ipv04J#Q~FUb#A);WᡳR/!R}/i XDIueO79!pla}- vW@8*.ҾPݵ{td Dҟԣ"s{ OzpBN;w@՟ϳfθ>`9X\w@8A1Hb=e8nO@\ݓ۟H˫̫7Ij hN:R(4靦ڧu XSDCʂl:.ӱPhfu{$!)kRoΚa:>i(vp Mr N18h^f]_\$rqὈy_1w`#m70D\Ɂt=M <'ALbuJ%Ak'', ΅R" !w!x}]̑@RԮ LHD R,Z5{XB:9T%FoȆ\y$f3yR$3`,2P]SEChL\}XĞ>F_K/,{z3+O r!C{!sNV,rp~̒|S=DPUg[x5˃>mO_ YlfZeQ 7b̨M~u4ÓDv \E!RTߞq|%R}mBfG<ӠL2q-)uU_R2"H2 c/^|=FיR>8;3 ,pGV 2v*-Mee|W,$&c[G-hki37d38uH9Fz[VOgtZ6V0N }ku61+$0y2kPд)kQ Nͽ sБԂ'bGĶ却 RR qR 3YBIʶ٘Xr X Ӆ'hSˤ{!]"o鴣͗JmMe~ Vb\Ҋ Biu c͹7,Z͕'8=5:]D.GVa CiahzȒt/|W2N.#Byؿ, ߒF,7Ȩ?auS6L^6I4?|_wGx9 lKaPoSdR0rj-#&[4o¡&N8NF.N w!۳Y {/d+oKC Ew,¥Յ'(td~#]S[씟i56+ǽ9 E E:R^$x7tKo'ANb-_am >1x|, {]'6 L}+-հw2y *tpS`,&88rwk~V#G'NLz+bB!# m5 n*>$@!h_zc!8nMøC P-t!x(>7\k8X#O|Uvw|oǙaf>E"pPPw+K͝oy)<)\DuRyb ҏdl=]!}gmW뎑 PJ3;+T5.JqOmFp/[c88|Xp6> rpfnK-q8 Kev!yŗ]x;NPdO f}IVk>#b;H49x: xV%9y0ܪ!Z' gI+17[RMUL p©(t9GCK,l]׳Vj᳴{8@nv ܍";5fP,{({h@6jS8+#N+ V'1ܳ%ߺ?IxXzI1~.} qˌVkr A I%`ZRDa2ywiHw 6ʽd$ų|PC2áv8+F鹮r2i@5&AF)# 0f `"Tb:!^^Vἵ؞?f^RmXČN@'^NkC{Ʋ:'6 k@"X|p\\.$ yW "oE4(W؝VTw s)u?0UWqRڵ[ڒY3 U`jhơ<7;5& |nWMF{c~jޑX78?4uЄs!G8vϼd_"X= e73A< 㑡n 3f oMt`l-`o(ء[goac)GpH2dlxoJFŬ';v;qGp^S[a| ~F`ڒ) =6[~ ̟7R[n~caXU,%A:xdkDg?+} zRᦃ+ 您@bDga̻KW M~)ny AR GgI0G/1o׺!^ŒBAg>R@n̲=KQ%6붤JWvs/ 8Cg2{4F}3/iM")̱/H_;Q5=+n{v{Ȑj67ݤaJ;Ւž}θwcOk*Gʺ9K@U׈?kL})M<; 7=ci$54=2 f%4j3cJ#GrUۺ-\p_dgi d\#øu{F/̎ ?T*uL{ʼU!ZؐpYԁLJ`wi-oby=34(N*rm{S)qf⠍ݫU(`DQ$RSBK+&-U`CW\>Y8 z/e}nCuث`*M6;dTRᤧ  D k,NUK:߮، >ɛW<4*qns < 4jD3i튈~PehS\lxJyGX௤l9TVʼncs4mt+Sbiw<%B[/%O{5Y}yV V*P~śݹGl ,=$ۂDD ٍwĹ{}? .,*]񊥥-N/BX@T97>=PmuL]IN}YM+)6U.F08v u?ݞ5'|G$zs~N ֶ s;z3W۫50;ߍ[|X@zEy!TGqhVU@RH8Rl3B7O^zxMwىKᘍBxߩS5ki^%ú&ۓ;]MnóvY!uiUT?[S%հ]*2AY%Rt$7ĥzˢs4$)+V' zN*l =P̜W ȃ"Xd=2 3 !Ga,[e~c6򽢀w+l.SΎqв0".P%Hܲ§J[؅YR &rX5 =4(?̠=|I vf66/~idJDYv/c42=BxN' 薳Pi! ~x I8q :iK>yC[~]{>ˣ(a>[@ЏZ+}=o~JUv ub)3C#XSUj%lCڇ +h7ՐlMeo(.<[ݳmMtuk6ǽ+,Z*j0/[pCnˬ^d(,2;pj {g_|&Vl6l zӪH-D5|6 =.QAPb^<±*&`6b u{Y5 홡4ð% ֯C) 1b`qMAT;4YU~uӔ_vؠN qes}ûO\^BH>?a'l%?'MCKԁVlS@3#~Ӷ=#o2,-z-׿AdkgU}@l7Ln$b@G7'W` ]̘=({NxA[5JE,4`AU ር5t2"HDclԯ)7KIeb9{=:l(/9S"YGZo ;tLb?L2\ >#C#ig=L6J:%bks\<yzJ]ޗ-#h↍G'yfF/v80 !T)x0\,X(M|HfKRrBr%S?7pooc ?ư\!l_7IoaN+u`򼯉[3uHdbpvn KqU%, wtV,Y7Wρ1Hevd׼+tܯ8ll/?'eWGqigc<{)6fKJS eZ+*9f{AQR 3~)FPoIL| /K)ui~Ag`³T,h BDd&r&N ܼ (UWmIC^EHߵ$ʦ-ƭ.ü]fdտJ9f IjyR3`E4 B3^X]Kp>D;8 cbq H 2;,ϲr-_'浧 ʽB*KݨYtx XM uNh+si!s^3W4kۂ5E( V>Ƅ3vBBV P%#rd{‡[R޵wkE-*ev!յ'p@Qv?E <Ù%QAwxv %$D)o>u 챍>.} D :Lw{FUӧ:D GBIĠ=mj0fsքդnSuCb9LIY&W? z:R,de )Dd"O =N k`$A! ,?(&q.ThXX$}/rV\0v@P(u*y_ո@mdGO@b=?j婠E /2f]r0& R^0,w߹RNͬLˌ nϒG&-{%um1 gKݽ-9bd@d Q1noG0 Ձ0fqz.2 \EIj'L%Yd#:d4v7wػvM:\OCatloGcܴMhHaC ]AвUe~P>ȃ †;k+|AyC!1fG_ƘN!nqѭǹ62oAYKsF냑"y)͂{rv r0Ζ+tJIgZ>ޘDɩ=LQ,sK[QDEWv)h@nw=3msp(pyD@d2;o^/'Ax ,9kY̨BUHP"5枳߱VbveiYQ:k*UPNӜFPz=]ozQ)PܼuV~rеQ47~> ~3Q$5Zr,O(ip缼LH_ӉQ h^  ՜4Y)*vzR)mc,<6w&Nӓ`SEv# j}!Dセzg3a"Qߤ1WZ0FV+1'1ge9*zdB4?K(↯\t1YmoԶ:\*1XKUJ)Rip#aN~} aK')/cJǯа@<,w҄}1`k8 G, htLpЈyJuӸz˦)7&X?ۓsG&#0[,>_A"nNСj Wt9orǣIqRz2W> M;_dj ‡(e WuQY„H$%<Ƅ6zs-}Z"4DU9۠L*ͬdZ +YhXˇ>8{%i}u> />$6>섖ƨȎk? YpxsLu3ns1D L- %!Fd/GqC술)fze.tlL ȇmŴ/PVA*.b+씿IH% l1+\]ky%>ZU QV?'˲Iz⃂uf7(bcppA{+2<& smn&qKq\5 `m>%Dǻe>xpQ~ rZGT. D%>HOL ѕ m[arlN0iqٖ} ( n_B1h|nVJCA40wA :9H[w'Ÿ\Ϩꎡ>']OA2ZA9nX)Ыiי܅>AN{2Q Ȫ$Uo{cUhJ5rpvx 9g3QE2oĪ{!zUQ[r"EMu@qaFW ~,:yj}OF8FW D=}y|#Vs(O"F蔘9ޮfsE:,Lt6I#6"bK~4阝ODU[IL Bl^Cqۊq#Iʟ5]wR2+?@~A#ToLeK7"&ZA3YS+.h36FbzJ5W~%N(;6f)^K ڳy>%ה24ņ5637fsi%Qe{;f(+rElX™ڬe3dž}+ש}%IRަi(>5@IľM/':B7ޤ^i;LN烱f/GuAd):$ㆤX.~|M|]Cݏs܉%x#4~A{K!rXmdyLC`V!T 'f;c'C;?W9|n agL4(~틸Dot0 _YKBGȧv -,B-W3cA@` N`9[ ZAs7 \ yXd!zVf3~L#,q_^"x340s/QrdL b?  oxMu,: ckm U-WC+ǧ^S-LFl{Ž Y/ұHua='#ewN/'?6>`Ϣg~y|$)۷$)2˷k)o\ZzoSamS=b sU~䚕IL}MjEn-Nm2tE:/[C޳Iie$Ӆ*a` 9uaKQY p&G|Y[SE2x̽ )_uhh ax,o;ճlq_TXELȱq'Yd@fŌsȓpT"&L0/e~zl|@<}=,+f(C69ֈt,hH|ه릳ᢃZ 5tލ](nF6xP-,cŸ\ɽaZq@h d [uNN1o ysky|g{Oy< 3ZvŇ' 5k*MN83P̏w;d0wFPyNC`Gnw=}XWYgfJg\AP{G(m]>`L۾YSˮœ]"[SٯɵAsAIz4H`e1tpKklkHnɠ)2F eSл-ҫ$5F7.z}+EQ[h'0x>yD8p:bܪ)u8 hgϟ M{A=wB5+~`H'N.{5Qt/Tu-aͥldWXoB ,!u̝3H4M0>Ξ5P0j-n(2V٪f7Đk@m$VP#Ɂ"}.abzOar契5QuWV9\ ;=a?ۣ|M_S_e"%̐L؅&#ᾎrDA(j`_(o '6ҵ}q]^Gp\$>&JW@V󡋆͐>r|NVUgּ˛'EK[̂ %˴-SvSrt+/xݷ5LZ}ܔ+2vaB:mBk/:ScWm>.K.?޽DgIz>u*mrvɏ5fxEc=(jmgH\aGi~CJVGRMW~0qB`, D$NԏGl"!8Z`eJЙw_XWyOew,`9zc1ME(3dP4^$WpK+h{2įn$l?h1eb(mvĠ֟ `oQgxA'nC8s{PRGrG1e2e ޙ6J9LqYFi2qqҹ l&ǘ~dž)f\5.3UCYO'9!3%<9aʽ5'@͇J jHeHᎮ"&ZE{#k6*-)}՚ؚ~'&tX{ 2#ӌ#k898>jY,"7cz&  I+)u3]+xĉ/l}MOO؈N7@c_2Bw'rRoI:" 5g`Q, )lJ\B'Sc܎uJ<ݫ$huIA9LBwX  25Hn6;Sy+R_f4RBx|/W*|nQ1-7h,śըn{;eD͋)`0^9Bm)h& 6f7;)>Yqz5TK*Q+F%]K/sCzA"*??&Qł:,CnN!i{:um tWN'0d/wD!<6S$+GH&hKN*nTKCL1SX|'!k V8'G8) ++ɚnCϤ, =VGRVQgb&k}ςpw쾶sj ;$wRR~Ʊ[m :ɔk7hQKs"J^tѯ)*?UaGFJn0dhð!gz@OQt91WA,Κtm4>ov߲(gYcA?Sa.*xgPȻ~o*Wѿ蘅v0*J44Xoog08=7FXޒMUJ`IM6}2S֢o<BLCX7:qxd@IC,7±q!UpSnJ + H$:A*0pbH=ty[.t8 ~?jT\ _6fPkݷ5&/@P$z=?mTY Ӌo@^┋FFsƉ:CjÐ[){WkK-F|[/s0L(Hܸ>] J\U%D4D2/T i0۝`?dDw0[x`r֯-lL'BCQQsr2`Q%koXD߹<4!ةݭvs=;pN}^6%W&c~{:NKKr럤NK$^Fck&UPu[[V3 H=z21Q_k />Oϙoz͎j|vt!RVZ5"ӑNJ듩-`עշ|F/ho+yڗk y{IWRWrY&Fƛ NEʣ yocfzAm=H2hEN%gR_,b΅b,(7U1֊|cTrbZ{0F *e-QhCWϕ~9Go=__ nQeriwފh6v:Ś轙NpWb[R}vXѻyDˮ HH =圳 0ȥyX&咪j%- YmZ4 - 5f?H)徧!x?g+L\ucےnaB|̀=NW ؏+OCy颒ZҊf~'Mf25!8u;FT-KΓhO nsmO㠩M.  #d!uXg̼މӔ/0 r?GX{ʒiSY2&|Z`)L, Ȫֹ "/q7ss(yKw'd>7{aC $Mr`qT (Ln=|ZE\8>By/B)uO1{2!{H9&2mU ,@# t^r6Qu O M 2tHRWR1+(9e:WFOgac!xF҆a?~ꘘObN_]J9zԼ̳8롃Z$SIw F02}B&H2.ω XW" Dl#_^~!|tI9̈́sV Z\p z>[igRk6g#03gS;^d/?Vh>Lq _$ȪNH G6EEHpL7SV m;ư <BTSBG; <1$@|QRQNK~?$ 43Dk88:"pgݡj 'ekcӾÝ1d,= .5鬸+zǿ@i+l>gz-d~5-~ƫִ=^dۂ6ZgꉯN H9^D\`+GɅ3 {FTzuL?XӼtP\=+$4!T,h+uv6:=`E[ҧ]yٕ9-*n|Mm)Η(XfV 47Z?υ^C!˵B4t9D&]:o1xZY RLWxTLZ8gR?X+;hoPB۟Q7+W`-,IP#IlDkj%jU'~BtB 5C@5bFL*#B{g};[[ Z1Fy-P/`CD$r؛xUL~c՗}Wsʞ=jPן>cv6fWYfr*]=1.8ێiuǡ 6]0NE#,hF _2ݟ^aA~aFiRǝ,{vЂGX?(Gz }|2̵C阴T}hUjWLNVLJUÃB>`%W/F9z U1n nldJ넄t]FV}iiT Oow00x0Z/.dz, X#9Q 0|{ BMF:>,;`a5'6H3]w:apGW%g\M'{eaOJBLWR!>&%g֠O|R{3P$@gCKo(9IbۓauKb+Gp FIa"eӢc7(^ ;k"O m eJȓ%}*`1v?(#CH|`jgE[77ӯJ#؂vNqW0+my |bOv) XH%O1Vp%X$UaYl^U͚(8qdq޷<,.X{Ϸ\0z eր.?,WckN%w 7>Xt&ֿJAC^8r Tjd;\ɝ*ߴmDdm'"6q賝8] j9=LFO uܲGtW%ɬ;qdm~GK[90u7eh?4G[Pu2ulWL..55S<wLüQ`N8HNc[=.{ԗj/Q!͐Mh5v_k#2<ف鴉B\lV'8Ի>|}-oBh݅eošOj4q˛2D&s%+51 MJ̈dJ8k)\Y͡0 U 'yAһ\J`rkDZJvHW8q~m3, ,`b} mݶ])l!$g])E5 \ NcHU6u'N ,/¡ uń>y/S|!wq4"&n̵3v`,r[@H=bE}su~i"4'C.|D]YeMTx W ;-D=hW: R:jU{݁e'"k% r~K}<;0bkf6*Z.kMf}OKˌ' i{ Dim@:]>= 9y9(E%bϥavE쵍vzrq(GqWMf*$rqٚೄQ$SޟYMH@2׬6 ٨0"{}?nJ饒\ R./7Dj6%b.[I< |`ەb!=/I?RzpJPJpΖw`m:Sy9:<G9:Rq@$jBeiщȥXk A@j1Hyĕ1?&xkj%&Y.*!F¤l)qJz(n/mȱ pq]ErGϴKÍTe+Aʊ]E .lխ4#ȖSt8I*\X.%6RҸIJ+y?mBBvTNF%'OKyz[TSMv a*ԭ#|:Y: I(i=j;}jdNfWWvtP@wb%PmԜq| 7E3er_Zh E`cqD%Z2o܀;TJYN5z8Up& C/E/b3įW*J5'2Z0yT*WM1hԠg5~P$W^c"2ZI ;/{&dDfm2t05/xt{]=q7xe噞:a_嘝]{ǒmv> KH|Çe1[SEr=9B'RcLG^!5b8ry? /Q"Z{K{wgY*Wه^3F)}@띅 4+ VfbgQ+*E9?ULyK4|D k9 \>qL[g!)yv9 H&1^Q#@b cրcU[1S Q|ГD.^^ANXHȆOC%u!;%gN 砰<*悯j>3C&iڨ+@t.Tf2luՓ{f4I!lK-<,)#,UsNmN{/nIvՑh/"{tS j5Nب:nw,Q"]h5X t{YipKpNw{]Y"`tHM EhՋXvvߦ!"8 @{i7 p?LCMM-pnĵ.uW]B`y0ȿ6_#`X>[u7@ 0CEW3rc?)O:1plNR]pY=`7:aI@2C̓5[gQzl򕮕Wf,j'R`qWtե{@5xn;1\<(ad_V@8+O[xH}}=H8rY[鱌*XU3Jfܗ|6Η><ӚcЅ$ﱗ83XٍwQ 5C{}~c}o vgI 38'585t^sFok34+*iY9"{>'{yrf;E᰽rHìN*jc[pM43oa!b6A֢n%$J2wȔ\@Yl1edS4lh' wSƘ<=ABQjfL=h,<2xܪݸǃcNZΐA5yۂBrJpUhD1$ܐAlk/|8&rVFMѓRGcyB@]1Իs9Og˸R]E>-1HSrC)vNd5KcBqM8G3f.Qx+#yQȪZU6K$cyp:5ێW1ISF;V NƎ*݊R͋="K䉓1I R{nel1(%d+kOсR`- ~+BY~FZ: I>tuh;"g=,t,c+(~XV#T?jwyn C$@ɿ|%@ &욡|7_U!IēԜ9[z'18r|~bv (|1lU_pP_,!9lWo| Iu}$?Hx \.\E{9Х$VF>;*Gfnb*W?6@uO;Wz9h i>sƕu>g>NG{ϼ?N*<gYRB/-YQ'XӇ`#Ur3UDȉns8 xVGrg\I i$;#[O?~k rSmC!1YWQWxwj7< YգȳԅDl+KT~rHp-}ؓS[[uFE,vWbU'Lk뽟E ǀUCM}Ǣ1gp~3JH%N[>1g+ILؚQ2K]?@IQ(YQMt-iGU޴ebLDtmp tqcG,ĭ,j M#MvF#ĎfhщVV)rڇڳl]$Z.$@DŽOӿ➏zms.oh]E"E)wyH+9ڽRUq[aߍ%B.0H Ht9ɵbj%l8VYq01-H3:Hb/[U92yC3D{/蓶W3=B7zo8uc(#n 6:󌥳P~D,htO 5Z0(&rWVԼq,q;¾ߞ60sX"VsĮ3d`0ߊAfcN"]6 %σ ̄ٮҝ3pF, 6>?1E|Rj~s_9&JZd~ʼ%DTLzN-v5pa_(pq/^0J lX#@Sݑb6Gp(?Z_X#wrK#߾b BK 'js(gXEko bcPr.zכg,NTSAl0)<_2" o5J%l:JVdd|5 Օ7x;R'Z;!ZlIzo LLmW< v(Xzr'V0+z8"?q[qNEW+RK~`oQҢQO9i;@0j}}EBkw:89zD5%f9'f &4C#&Gzro*z@e?k,E[)}U=$Ij\H4ԋ_y#.4\tD!kT~.`|צPMj96PáioK3ni+M@>D}`Y@H! !g7M/#t򛒇T#VJҗ{lG ʭ[8U"b;XKd?m{w+PȆA08uFxٕP e!ykG؅<<D~w8nEiqSiC d(gWro,0uIrj sܱcKIc18KrZ8 Ԫ]2zMjG$dyق oy*%և0uߒ1Wvbe̪FpZa[.(*3 L|pP1CžFd JI6}fЮ["TM\yd~ PjFTؔ!*6Hʀ4ݜJ z6yRz#V!:O/oo] %w%~BIf~ƶ;ĭ6NSZzT +rZ>Ҳ z/7Z[z ؆ܢ}M\Y[t8ް@4aqdamXCxuDԢеl;ab\z ɻzn`t䖾Zhޅ&%XcHxZEZ;gVK !v3/[{X -u.ɈhMۻ|neF|W!3?5+0=ѵ] FukF=3sL*XlLϥ(rr0 1~1_#`LZ?OrBvp)VwֲWtom4+وm6jC I]lGhJ@T K&~E}'۠x~m@euC0]y\^6Az! zm6;oq@q971\E>hlӱ*t>BFDkRNoQ䮸8k 漢tg-A݁55plh 2iOltVPw|#@F>h9 tCتk|xJ2>ސ?@5UPh+c,4 B?S<;5 -rP ÐkN N4DpRPkzk]zD0Яh3aKBNJ/UKG/Y, ERw[ \vk{ԥ1-}&u _bY8J<^}ވv Od P'/ɤ8Bnbېu>Ym4ҲO3:X/hP|5D ak`QO8tY?\XWj^.g؆'MŤI(z897i]z_3T^V?;MuoQT !;e"IJsPSrl.@#9Y}e*gJh%lvxVЮ8o[[PrFBk/A/Zai*F#7-3|V?< K` 3t}Wt,AIʳ.t0'#U=Dn(F1 ݆K#?3 9R7TgYl }* ޸ݿ :C;=jF~}sQ eHɛE6/x~!]ʥ;Au?DV@%EMDM<쒒o%cZf]_mmi}_1έıDjv,S@}fA0 {;npF L%iJւ!k:N޺?2sm*xKe+qNޛ< |>kE =}lFmpl !(n9`PFw)OO.P L[`sB=Os_PI r{vҗ t5 _9Vr!_Ps2fsQM*!*cx~TY,Yn 1PvPȄ`(흳|"Z^&|OQIzewFf=ZOxD 2ke}\5B(Q@nkpPR}Zc0,7awcøgڥZsJ~+]7D+ 83:u(m#iWo{$uMlKvc)H11◈;P2#j<չ<.p 1ن®AY_s\GH'Q'.jR!UzT# AMcJ&[~n p>HJ&nz?_n&^b 3Y|'svE iuc5$0OU=|7?\*E%KܬL :XhU1UNlѻI+{tц0=BqQ`Qc\gvGJiI&HANQ!tE82CX"h6 ,9A  ե}Dp?%߁P ^K \ |ʉ<|gn]b'ukŭz}ĵCm_3Ƿahіn UZ_En11{gd.>7z໏}ytA#Du`bNF&R/{Qfo#Mhk~Wv3^WfNL^YǩB*6' qPaY1BՀY5iݲqT#=;ԟmт`9aE)QvMywWcgݮm׋QΩ26<zY+MV;)@oJ̳h]?6e|tt+[AN<6vT2+ OmN_[C^kŷ<7_\A >c ڑ `bn A =~^#z*;F~, |c>j1/q$>4zxCg:PFV[2ɱU-͎'+e«5")^*2w<7zPh1;~ Fr?b0s%@V5m: ɩ[{ {}m}E)wng EJ@YAzSoV qe_pR*唥6Nt3IGq}e-Kh! ,]{T!zAmf~^fy^7q@2i P(YE>i'AFyw\kW pqKCϝ ZT36 c{_gә3Eħuzt ^@S@3f?|Ed< x_ľ qqq@LQ<,"Hh. lT"!i} INZDz#,S*` MDƊ{_eҩW˝: NR'(]S028jkgIL&μɱ,Vwao^Zigh =xvL*0Ӵqsdv3+6o tP(_m3bm_4^#9kԕRfRZK5 LUY I~nNJ<.j䁤NN8X{>/u=\xnL RxZ@i2XwtOș6k%2Captz(*!˫EqǕRTt>$ix I5NTZvLE41Ş1a-瑱 0+ζ!x^JBD0\Hf@;A)ZBQ۠`^2I\T&6ѕkbBUmcr\9x i ;)FLS|6{ƉiXaf+&=NDPX(O iFB8,nCЈ"s Y=iJC;lCBOr;Yd((5B$H7eAQ;8*R`$4Qq.T"P11e |+r"%ɟmiFpy#X}9Txl7t5>?F^uN|'N ; j HmbaA0eVBMeqlib5y"a=l7Ղ Jp~/YzD¨{FUf6i5%2O7}"S`(qlղR1 '9@7 Rtb !܋ZuLG1qB{oG#2R[adb mՕY7'biqN.y:LajC8^OLԅ;< 7.GDYeWfc遶x2P)Da!\ۅӨ)}/fF5)gNk醹A+[VfY_J%UJԤxRĕ;~ rJkg쓿s/p CRAPUשK^Q u o@, JdN d1M5m i :FA,ǡgzX `6IBTz?g}O U)6Oh%f`$dez^v&={/9#R{o[>&k2; 3N>|3PӠveC;z5GvJyV2/W!N܅$NJsSFJz*UmWp'^ @V̒k] V6!x(UNX\a#Lf"hڣ ay [7}_v3ƀ|2tI\l̈R$F>2,뉯U\Dd\eY/$68[،! Җ!fa.n&\=R>QNJ7QI(ibxտHvjwBR`P:#Wde,/յc_&c[s$>/="usVuxU{)*yF1gi-Kf?,{>q#UB|ZcFF;Fq#nުN"tN '7E2^p>Lt7N#j=eʾ@ IA&"A!9i[9; 4W-QG6̎-Iӣ' SӰuKlyrlEi-wrq NM[388:0hFUkьOV崷0-tNr+m*" խ!L=Ƚ+ l,1&@Go&Z8jb&ke9NTH#RI9_UWLEeX fFIZJߍwmnh ꊃ15Q, sӡr4Iw3#HW1V-6M E)Xc3=PRڈ6 0а|M\`k{/)TN4At%fh$͜Χ0/ ]3W"'!$N/wMM(PA]2ucUTj6zRWC 9"8ꦣM]>mpwGoy;$ŽLն|3"Q5Yb pͪa7CM|Dd牤Tѥ;le.H.ogSYRG;OnĦgoԪoքet/ZPy𑺡$*STHy:_9B+-0Gū*MQ{;r4`nt`Sk3!4GIH#u>]|j?'P #jUq̹TxS_*IYn W2@p|Q>7i Ѯ? ށ4l"otL䲜,е]`0?@Jv跞> 4GB퇇# n =Y=(Sx=iۡRL ,%9@:iQ6&LO[((Ez['oj%uU2'o)5$J0o93uHURiwdhδޱ(DG:ljxZBbC' Oہ_6$n/C펃(ùZ<,ffIa u ZJȵK9py|!5;{fi ccݱAjRBKI *}LUDN_wҘS;0o|G4B}(,N3?i'Fʍm6j1S]h2B3V1,xlŭc0ίsf؍n-:B!+~NzwvqcZ2rz+v|PSDk PoW-M-6 *Shx"/)HUx*ra,(7%%ŏ`3H1̤f; P>Viqȫ7+N:V m@rJ./zL|,D;؅oMX_pM8F_ۻK7H=A9Y[ߔ$Ӄs}&R4c[B蝗)Tp>ˊ|4RV ]hIĜ(JAֲ߱┞_R`Κ\;?"1Vo?? SO4c "nsoo߃d1d.TJ>; rwP,?7֥zH TêGof`aqݕqEG?mXy#%Xw!zo!ѣ Zzr࣢WC]cryNƘ;}7AiGqa aʟ 98Gɜ #`߶w?f'Ev;,mwT}uMoU{jfQ%9F-kA O>Wo ŔuZkf {U~X܃^]3bb~`wf>71Ёa,RI[8k :Qh5Ucr_Vm0`q\UtI^>B-rM _w5g;*G>rfgŴKFB>5xi Ĺ@vZJX=R9"dPEϬwˮgMXUXx;x^c)_t8^%Lv|N)} Tsh`aUD:JJ&uGCF;ҫ8*˷]@e#a)-T}uؚ5 xkzfn7J?_\M0R6!}To&ʋ"ãZI!i\vb5 kYd!\r@j#ˈ)6wު$/9 &Sc69j }I]RKøH烌"n Hyzu"?OR02 }wSwLCgA6pʄn;ݽ5E5h_RB^3n2yA f'p/cILjRӺ:?Ūuid~v%Tr$H5qgJ^4,z8]D5]sPo g5'%_ 2y6kjCXx]B2ټǠtV⁥HX F̏^7lֆ =HԔEZU0CCL ci/,k.7M ,ڲ$ @P qv[2 4-(`;tRvFH G|@CKL+(p WPς=kfg7Ҩ.*l%m-Z zyM1T*vBI5Txkyy4Q~9{ 7տ *0s29e&8MMqu ڮ`_)c޿';՟x: ~i#},,ySAπSjYIoa @L7 C5I[s7tҥ*YoO?(Ϫ0IS#6c=88;dccM3?VxE\.'K 3[m09Qf%p.g{Ս*= _ ĞIE$j=OWw(KT:l)S\ExP#9rjՇM4)j߶{m0 \_ѡ4RĬ+PV޾$0N6cU7>4X:ܘ(u]9H#;; |zW>>_t]'ܩku\NzqHAZZp58(6ݕ&"ձ.#Gr=Fpj`3Dbb\`G{L}D ]qF0 DD+H X#)Ia&,NK |: Wb;sݫYnx_8J\*laC~ qG1JEysBxש Mam/CU_qgdLD˯1;BJ[^.&î7 x.TDu,AYyrUwZ,ʍ(6:;C8~U>꾀%!T38:DE=HQi_3YQ)\d}gK-(mc 9SMS&^: pRJ4R;{Ptz6B5O\Pi`h .#FfY=~kāQPCBŝ+YqNk0ќ9O[(;O167t`%pj=WVyQYW+h{#8|̪|RU`CYSj`)ʫ̂@;6&/q$ ]aҤ<H&~njcv]w[hZ3Cm5[Ͽu#VKs ]KΤxG2>>&pE_.?phܞ!?q2&WuAWK}JI`l'e !dǫ D+M^$ƌu8G0_@0IcV=QgD+YfVee lݚ~"va1EJΑ 6s-lY܌s[ Drq\. yER^I!, 7InN:͑6BM{aWw$k,|#ȇUxMz_A}oh DPIkfq\*#Jvk{sRZ^,C-1[_qj%{H4"Ҋ֨upʤQo?P 8F]:ܐwZY l;q $E$\Ίf&\I|^|8Hand}v /90@,iRw {}ݛ%+XC2Jl]|\K:r-V %Hm+|p-XD:3o[m)c͏h:Ӟ?p/C]#ܺl ɿ+~,4b}/;F6QwHoק"lg%cy2HQ$hc%{1&HTCpA1)91XRd<䖗v*Js}~UceTu63ݽ%=bBr &<6R͝k$= i2«yCo{yqRcd!g`McK7ؖN~)UR<6 E؛}ق#mU:Ɖ`:U2(<0΄I"14/W\Y?$ Fܔ%U>w_ hqȥDZ@U!K ճ<8Bƥl fv_4hP_Mmn#*RuxpXVWFvQYݬJ!q;7`!W$}c(?09iy7Y0g')Ʈ{s@J0Z ̡NA=gKSG{\W>`zI3qƺh%\T-ѭaW2]z|qt?~ 081(c> 8U9*?  i˚>AY.ĵeJLbw "` ._iv}c#eJ kJiGvG Gۇuz˖rל]̈/q,"/WOdQ.gK" +\*q{0KZ4kICqְhFVqⷺ*5wPxZYwiy3#L/k:rq"Fkk̞ksD²lA€H4cݒxGQF <{uUՄ1 8Ty(,Gݢ iP#q)>@&"3M$4aE$=S)?BH+>9Ce-dI*B=AB:^Ca,wOU) pӫǯAI늸d KzV Efg*1QbˇJ9."%PnYT'z8 ?i?3mpcBWZ&Lҗ} vcNB:RB,1껪Υ{U6sēv"mc;Pbo 0ptI4.2e`zQQ1>_Θ־ &ett]ICJ fWx}פ5 ) EAbw;U.m ,ZmIuAhg`)0dq~*z՟v̮;!;TݾL"0bwN̎Rkr4Z"Ou_NgƦ9ĊD:h[Vmq @V? +oUqqCI %{lEm`F|{o|71.{dq@2%O}F~K:ry5>+͆mGMޜ!W8>/k?e=`r[D=XK8de}sP0 V벉 v_.+CwTzY v1$p.(ͺ5;zxXqUe8gZ5%LQE=d['j2NPmdv_xlZwCc9g W2aqb x<sIM;EQ832W5d|5ZÆ^[,Ä~ҬX=5eX H,>>4JiԢ0?ys s|FLM$!YRD(.pqJ ­FX50ɭ(e뒶9*fҬ--)]eǓ<'nr{K+OqHXIוVz*#SETV)zUWv_1)u,p7aV+"d5.վNɐ.噪MQ4axwIVc5Z^loѹֆ<W Of~pGPb'~^+~nS=})U؉2'6}`Q0暋r CK0MV6Q,|QdXhl t{+=k܆vFFFB1n΍:e=C9xo@‘bcn**TBU+*@50LD Kb|ڄ0cL==+Ӻ@e(R{"Vr7}g D~SZn1bmuEuWIp 0ןBzl)3zh@]>mI02`-]{ZE58]Ls#`̈́)zf&V;fˍхeUk*C_5)zlViAp$ƫ;uOk=*%#+?994Jtb[lE}pf01I3/a܉E*y>pR/_И);_|/e  ƺ](j 5i88"C\c9a2x5-f!\aLR8UYbndb oK¸< vuj]~M[)Q dk{~%^Yx, - x$t{4AASqS\\v<Ə^lS䡺PFΗ $т4C7@Y>v6xɓ&e T_ho̓I#L! L5bva`h,jNwx i(" DʝiM 5N@YxuPF'e]Go|4\ Vk""Ј?"wS [QKLw\'"߂=,#5lqC@q!T> 󑳷^$TUɆHޱ~Te5~N%~3#]^Pm`ZTPZy 7򴧬ͼwCUTډE:Qٞc9z8)GMf7z.ud *~lix]"Dj[/+;o ʘ7PAzHOjȞay+RyPI__c-sn)m{mIzi9ۊvDڽ6,8_iWBH.}3mZOa ْ;t[ߤme]amЧM lUM*ɳ[ANT4vɍ~(7{+I/uɉnOkb>Grsɋw|jd%蹰gwj|f~~7(ucC8*ZjG-):#)joq+]O``q1OoH'ϣOJ#c+,1g|:&_=ع3zT?Ƅ^)T `_m+V)E𪬢r (6T1JvPKe. T[q4V!ۮg~ʀ#VKBk2S4PFބp\FD17if#θvGk$Ù0F%>TstG8DOWJ7y`Hd[7VߌߩjhZg Ѣӏ,~w1U2x5@IؔG`$|6vw W ѪY?ݿ/mXҳ'tt)ZbY.XNr㶖';BF/soT@i$b{$@m ~dj8Dm'mѪ*^A:H/TqYfOOg.o Xyf vH r=:'Kqq#:%ϕ& K)tof9ʤy_4=_yDBO8pByiYhͥ(^}\3DiH]ʭŨT~$uq=wjD1F}E_W-~y,`D[ 2ԟm^deFJ¦ Y~cbڱX=c$ C\G[JUtwA~^244_dhinB˗4%[|a "AZtY+c)A ُٔ/ÙBvtM Xlu:2"N\L: #όEAka7b,2 oF-۰RfA_Ԇ},sߒjc HNטR5,]Ga0 DA iTiɫEBl2q7A3rjmVY"̌H԰ :1yP 2 !%\c.(= Mv\ĄzUOm<.KYBVnk9ӚڋԽ R{&}&ogc>3͖oyd>K=zD+Sx6d Ligmlq#<8yu:­}cFm2q doesodӜ^'Xȏipf%q3ecYxOsh<,PIW4fs×}  )u[y ?1Y2pƳ<ȞyZw'{V_xt{ &a k9Z$ 3`dL]g)g(_H3GY@4jW &;[!vF6'ˇ{7I@}%A]*ÒmtJKQaBZn(ڝ!y251uy`/=mF'왰(/*қW;WDŽO\ˮZwY~\ g#[E6AX#E/?~C=}uP:9&[@ xthO6ocZyIVS.lc*jGNmJP,Z6R?Ѓ?` xxMChe(wR9Z_*`NhcF6 /DuT[ I!(q ܁f&Grυ4BoY$ek$ȱ|C+Յ20nI%sv iqy[XEʕiNdZ -Cy~EU<ۙےJ?rDTUjѕL-oҋ{m)Qp_ &?> ~>N, qǠ<{x$ɤcEP5-FML1t*JS۵Ӛ# H? ?oUD*J UYzT: /D7O90øU$AV/`mw3>R1-C$2sXNq ƸTM `чqpAK&  E),߻,6+%h(͕=7z =fwn6 MvHō.ܱݟd1jm/HRe Z$".YH8)q4´S9GA߂5;&1L&]i`ԟ|E$d"2_|f7<{rsPj(Yē~WEd2tYSV tsb˸ܜ5V#%0 ?$ԙ{ؾ8sYQK/x;p'9iڷs[Guy.3᱘'eZKQ ZYźCNKE8 LRe -&(82Qa DX-}GN{MmX(@"^< GJIM zҢEGǐzSƗ>A螠I-3 #sx8遊\ &"|kvG!*Hs ԙ$h=q ㏧=ѷ0)T}n /mX7Psꇞs6ZZ + שs7KlW6yжMi&>RZa6b~=VAUn͵+mzsJ[[)]QDbi)r2&iF4Aã;T_7==Xһ9qc"P;5zj}H5O-eX[R~BsyXۊϬdK -eGNi\fˁd`]G0GH%7KPBR}TǬ4~$Z\riBi;&p`tڧ;`3t^8.D? ;;> cv sRQ$$n\o@MI_.uĥDKP @EH-ۊwY^6\Q=ŠM#E) ;/Ԛ%1$ƻ2+†"s=\r&^A^p{Id+\Nxioh Zx' ᳄]FX<7$xo KAe+߯鶍k6<|ZY+<Md$A^9wctijÔDRtT9!͠%d=~dȫi 2mTF3g t}\5473vܯxAWʚ~7U bd.R kbQ-U˭hj< Vx\X,KX 8&O.kkD SsY F^/(挹 bhKx̐nZ]WgLAQAh9{P1xEe0J>֒!2 )O8W#{E.#,Z{su't9 jRxCͶo&QᘡzD$Ykhgbe 51Jii0d-${wsr_BmenvpKJ`@/͍gO"d\PqvpZ.n)=ipRKYbc$'~=d@0 aA ¦Dy\=\ETlqߺ%CnG76]υ}CD 8{8׺Y‡EJEHͿg ܿPr6Rm7J&<>;]kJXW6@g8]e7 "jkJ4"}?R='0΄?ΘXe5PMMJVT{HzLt4}(S᤼8X wqw>tr$? Q>iDxؘ# 8OIy4Br54]dTŲ.\Y}pKe!"QX,9;ҭ%D*f ݌>oD[u۵X] EP}dܷ%BήVBՌ m8aAm`.WykrЕ<-~no,c`^WXO}xP,) a0*|{GsU#CД#mE/9t}?Acz%L{mK9XP'$t8vȌyNrίf?JO&ov\,%Ssv(ˍNNQ]BI^jbį:C5tsa5fQNʭXŴ!?mdMu)eUs@SMiĭh@kA4AM M@:Aу,m3("LyT'uWawQEE0lh x3|GuCAb~@I95->&+ʠh"G GK}kuUW .85NU$pvSqW|V{jKH+N.ӈ^FDy N]-#_J[Mtq0_0 xF=sz\Qq-,j=kɎ%7{c`xs) >TXv\lp[kt޻HlͰ,*+4DMLCz@ k2ܤO/UoLh[͠$hmuX3}/INiЄ"v*0h#TGj2K N!ڃz;qKh=IN*Ԕ k,gczt84keemXF _>WSP)6&uMn(,%|}^Dݛ Zޒ UBs_,-DZxW˳W)v& g|bPvfeK ~>"'f]e zsɡ<&ó&J 4_UG+cJ7!YսԌ|٣G!S xUUěs?VҠrbISQ6d/* xEH72Q3Y"+$ r 1GiHp[? M?[ Qܥ1g 姜k$L{Kf["bHe02A{o[kYy!61=a,}?"(7^JsEz`.Mv؟VukbhhUCYE#֒Շy2 jj{{RAn` CJ2*x};]Cmb;hT};'Qjk()@b41/yd# q$@Q+t]f"]7R |!=n!g7}\i,7p)L?s@E [RN\62B٬80z_Gt <ܻxdcYc'l[Ck"SMC}I_oZdn9bAbSy"'^0+:9oۇ=.ʤh~0d\G,@UұM8:ڼ׾D Ա# F\"apA5eU3ԜH +.-/Qiw<7!ɋ@+7z𱳸 H!*^t||.V]L0bsh9,>+g+^ʡŽM.$!s8x1eck$*qTJ=P%듌KCP϶DІ( vR}ᖅGK0$E "J?[B=PQ_˙b<^g8?LAp|/مKS}7킳[o?@CדG!˵.zNiݶ? 乐4SLyLO0Wi~wě2FBHQEb;KPM"r4'1(W'&7Vr\(-첛'V↱CւI{uϿ"䘫8w_oO!%w[V7GO=RD-a'@Tzd+sH GE3Z8{P|LK q(r5Jc9υ7en!5MBk=p$&1^WA *Nwxlݲ ?>3x8BI yGrIf DRy](gߧxJ6D6mE+ 4- o K뭌bX۩u]b12#1Ƙo:*ܜ `Vm2sZPzihf}Y7>,g*Y$!z_;$MJ^s1 K&Խ!Y%E=Vi һ.'=k]KS <8 llՒ$+s鎠iߕդIh-Z4f&' "^h@D\Ҧާ@gl(U{n_'bsLgnMx1},RU+ӓCu_ʂ쑔cZYtcީ:)Ũ(%t:,'Xj:تӌȬJ"2[U&v^KQ8XsdBͯVH9 ܵEoTmQJ#!a.{7V *-1hWhO@v+YWUKR ޤ8lԤ[w?y-t/^M "@L4PT,ͭ!f¢3ejdFQJ"ްٕĨ̏J S7L*W|nl@_o9տӾ;sIFo$~e.$oY ?D2{.A$4P( gi F~@.aWܡHj&1ECT8lR]2#$}g#V<$ӀVV>?YOG>hN5<=1uON,MQ(CS^F4'> C9b֪o&t58&kjFzHw ]Xr%ί0Js6 R7r`A[zNsf+ OTge h_/O:,-reD4~9v!d3m2j᱇ڔJf4.%8"B>, w-." a[%{[. 98l Ain+0 V-[eϨQ;^cK]8?.T-N%Mrl߭$`wi8>"~d0a؋KS*|ѓyZD"ҲʳW9bɅWS["ui>k"JprgFƓD Ue єiQ19,}MSMêlN)( 1Hi TDR3=$4no3T)9;a&ߞku5e5hτ(17ŏŴxJ1z8-׾9\]3ӜYRy -J܊?3|Do\GLUĩF*8I/-`S:OIhԛwsuͶ?NkWx ,k"9<$YM '!^e < .whQCsZ5z!'(*+ϫcϓ=5 Ϣ;xKZuB~~m,\Uo#D9$S\4Gf1'ekvY4!+32>ҙ%{@.1O%#뷱p=!,Fki9eJ;7\ o O(]YS@Iߠtρظ/Ïͫuq+18PL˩:m8kpP-~C1ehq>ɸLoe]]ժ%((kSShj}f>_fe;V5:SBnߐW<; |;`Ҡa\ey`Fk%9QDBqC Uq` ; ?7Qp? ir!{zQ>Hyoו<ěxjoI +`k3dH9|"_;>v@NG^+9w|+$Tp4޸qVpЋV4|E%|䉐n)bNJY}V&7y0[(ebQ>Lrx1b'T9™j7*Gr$˼%#"dO 0wi;+ + &-Du~0]Zeq:Bs䎈4fP`Y^<{ Q;{=[ݐ:v8g}!s x5l=r6&oQ8^BA焝v0ݡ[;'] :&N#=gH؆Ew]Z0mqqMXA8l`hʌǷb~+j?faBGI&j[@5hr#AGY'Ѿo=5GpR.T +܃AI$7B8t?0H|_J@ of:eERM~Tظ{26PQ~]l.fbe>SڊpH舗w\ts"_ML¹Uzť5i09JTL=d:`l*^Lm0V aƎ=-IVG5vM ϙ,JmrɍV'gL2KYL7Q球O,BBe?) {ml֐.Ƙ!(ޛ6,*+IG] -V9GqΊ&rO <<Z`'%\j.Bȱ7\uړ*^ȕXAA,]}F08Pzs)i.eoj CϜo 9g̃V~y("lk@g{`D*țL[omhdg+vS]qǸCf5/;TVTqGtY+ Juhy7ː9X&J";_i@!56.QrPfR:#w42VHnAKAȣ)p0[u531;.AĎE]Zn+$5RȠ< SdC?lx6om_m9Q1.XS`NhRtӵYD7 1{)2>Mo4umBVʥ'/R.1Cv=[,W9E$1FCLSH}K\9A6&'=槝~'țS"~EDc4Kp[]/ҽmt ''joXשu 3;0dAneeZ/+Ja:nm H:v'G46#2K؂']z;oήΆW$:h ߵe\Yq-eNZt_P¸aPT=HV;;DʸA_uceކ{׿ tbޢ"?j4&U1|`z" E: .zp2*;,\DL( a#L'!cAÐ-q)h ȘڪX4==ׁ/ZOHu0֢Kiw E$\b?:[P\Iɷ- sY}i.*Trg^s<g0 .4,GJGNǦl_gy[qLon&̿TA+h]r~pbcq'EĽi\L؃53:@eleD4A I5,ސ5I,7`UثE;ynEy[w37noP9! Tciqg>2('I!XwqO)! y'wd;>>?3@Ij3% CM)}yDUFR*v3%p<Lx*ͦSȇ Ȅ,w: `get ;''nXlSII@L!3o:4.s,L t[t?lwr*]<=im$Reb1T$A-);yTHc#gu$|@¿`2($M(tDwVWP9Wv^.#"ږ%&Nqq>siѨ !x&~pI0}.xs"6Dr=Bb qMJqjT7"61Pk<x`dq+3h,k 5)e`$+Ym e^@s &8YBRO杧~/f/*;NQgZSɒg֐ېq)ЗmqnCCz ֚YG>CTIw z( 4N[rQhPC:Qa\'`Yݒ`μ{`.YM=RaQذ#3P$5rXf  B|~9GAE%!ߛֶb ԇ 0uKLi%KA 'ED.$pZ2{#0Ug%_eoFA]OAxP8XKL~thL s "eP Ru$‰2&2,0IDbT'G[J|p  WP6SIK 2;ʶur.%;{-$rظgtgn0D "Bmѻ-ISGJP6\H(-V;eN/c~G Ft3tɅ@6-,p>3ln 􊮵Tp~o%:+ #$sFJ a r+_P/e%敍uLmeW㌡sl iclFeѨ p w1Be5uYh/[Z s.a>7wsʼnwtq벉w|d;mdߘ Hml8`}nj*,J9Ooa|H(X $])" ^ `u#>S9T zUN<"hLPMR^=˸3*ePpb-&K ws] ꯳(&>*rck "X۝"HӁYYGq!Pt\' nZt&ΤlUbfֺA)yU%HzQ/]0Plw_H[E=MƠ'ZfЋ@ *4Ƨo#wTtv]9"RWp۫V7S|/Un)D4w Ⱖ;`QMlf0" > [㡵с_ZZ?" Q+>_ȭ~WTa B€pCBGJJg ^`+8Nb(EL؂JA(9 A*n&lMO&UIk8y=ʄftzciPf&f6uirw(AxKꮷ8kLYh,TwsMk0A|n@ڎB0dYr `75 hg96&yz.^grj>o->929b@ ÙPk)eCl GTb)!\h\ d^촴YG} .(l=wG߂# MAʕM+G0҈ن˽Wv"YI#i@3|qR(y$]Un!{جɡ:NLQ5ͺ ?BEl_м}]-c#}oUpaA_qN60g 91$c5kbǟ*Cs[d_ײ{[F.&O}FNc:CN&[{ڌc"& @E=){Iw_*i\z[fsYѐ8Ў dV L~rOf9ʁnrΣ s$|h˓d-mYje dg14K0ۮЌs^=o(Ncxf8J&a5Zv>D,~4ML][qQ8{P'2EeI{<*h{bi1Δ7%1 Nф FY{>9x^)k#='gqG(ӯY4KrKd_eoȦŜ̪)ƀzp+_: 6y2(p3e?%ĿMt1JY_;/ < E) 5\[ZS"OgX^NwjOTGE~BUA9+? Ul/%#)!H(wG53[vJ$D? )8`b,>pL'T_Mafݬ #wԮ%K O[0b(+Da |4A 0|E֣㚺B6 3:kZ=fתղt/\R!UH3r,rYx?]\TWvܲߟ{{lfVr`Ow%t`.))\2Dn6Vm/Ogvu99DFHUiHf׈ Ӌ:v`1Vѯ^^B @m h$:TP%Oکg>VUtNYes-j:4$ jI>g?~IE.o`9hh!p\F_$\X)[˜oa>-{Vi^?jK [Vc %C' wՂxr&xF,LY88QŵnK'}.jBzJ{%f9X![Fw4AQ,8,}<H%꽷am9iY.LD xRoEp֦6! zа}g3j}@V)[gEj ^4$!LJJ8HDڰ9kYM.8*GU c5Bg@iFabA Xg{z75$J̐Mg*\@]zdlQC/ؒl-P!uQEeϷSh(>BKdI{^wStn:ن5xJJHkӀL!+ymsA{b 9w"Ьw=MY>y(61϶M*=ڛ^*,bA-eY XD!Cݰ.|њLH u`Wz>l錒%`2\D !':_3%VYx {Y7"Z*n1؞dbA_=1b c^ks7kkȳ4UK +խa/;ǴMM @cq?+# ܮڵv}ar u5{?0z f#*Lub:6rnwiܻbuMF|D"p1Y:#AhpU  Wm984<[==LX 蘊GsqF6)y1nD=(M1 {pIv!Gh(?lq( ӶlIp:[rO QqvIz%y`ڝÁ`[/t=ZUXv]\ A9uRsMRf9 8!T=HPOSoTY`r]pa."`,b~rE֪MSl%Ag+Hu?H﬙Rg'"qVx}qTP\YdkR##'(7]%'U2Ԭr ߱w]YcI ӯVww5_oV:{>*Q`h}arWr71U[U?u莍7k=(TzFg0"_^2o\! /Uh$y'Q|rlO؈V$1M1Y $]zk[Yr{\˺ފAZ' 뜊>J!AtwK0u[mt)k3RQoiK6Fň2´3tæcRL6d௿ƅJi}VߜE"n$h@*m?S@(yl)MFN?xՉ4\GnP_5FO;?nӠj,CV3,o&ߨ?։Ã~ߏ?\N%CG=/_ hQxz! 5i(mL-4d) sS@iUw|vq:^^ *df.dQ+ߊă*uxȯhWkw]!v]$2DS"Y6\sX@Я c@ɣMh7Fp9hwS`'\GѴ&Aeg#:$(Lz, Vp$*KYK|D.i`jYcOc⊖5< ېVxr$W g2dP̳ú]jN$VA'R|+Κ2Q!!/Qb؆pӎ! ҳzF*R޻oe/Pm Bule~I]R(~ -eЩA=w28B0p.&B8ݑ%m2j7QZFީ4&W ݫg)gMiX 7ty}9֤qMlW5r]ɹ%#L II{6%5^K"/Bk!L՛YcOmۧ<ZwsQcJ4{&wesɴ%iZl6y{bu\_5 +Vv2$t?]n/ɐndW 'a 9:G_>gzԼ,-6HH?%ںKe#c d [[klq!6ݥan%p9@~@(qP}6侼 Z)=@n5?6̞冘b VnHy?-?`G?唽F6%^[u R=R>y'צ{bh$k?g"?}xoe%RK*'4BX U 튨^Fܥڟcq&o2 ^U +4DjhV<VuMXHE܅<|9" mᑣFϞ/ݥz?:h͈$xE;,ĔjQ!.UbrӅ@[N#Eš ) (F8[B2ef'4nOuKGsW/.>  #J^xYDC֏J`p4ǹ'iUH |<{/TQǝ*E;3aaV*#ke tXLtO;-U)r"S9J?kY0B]Ce!);_T(d'JXp޼,cm, mu^9> :QO= ypU+TEÝoH3Ht*Agh;v$lA\Kf1U;`k t=|̯ٱ4$<@}BH_@oŌ](?Μ/|ˎԏ8|g?EDMƕ96 %XY] Q|͆</M 5J/8i)&&^`H\}B򴩭i,|[䚹湷҃oK)`H/Tdˆ[L7jNNH! WUk>+Qz5mar:K?Cˁ~U[Cf=s3g3R@} fi9Cm,?35ͥ,(i6oI,q1mCG&;cnqWu)-gk0i1g:; ,{E[T`~P%K*>0PT/ۘ2o%CmMUzMx9 ߰^GNNw p^[=eyt)x BP#f|.&~ޓrv,,a}UERZ hi?lӖ2!e PZb?l™` >+YGlͼ3NS2zKsQ+/643hAͽcxKjEl |(}x<mgo*H$`r/_ =l8Z"{ÖoWq@kљl I,E9^ۄ !uy $׫#MUR( jGXm@w a~if&\fEjE[H:u89ђ^*,` \ U)'JI]rߔ sFl_(}F=jTWW |9Oٙ$_?6dyn'N'ŖЃsG|0fQj u#Z]ɲp;`!$>Ě[i҅B/*;옛A1G ͯ` 8_t W {uu6%Bvx_Ѷe0O[ "`J@:Q^D ZR*Ue"y S.-25 ҈^9}r$,?CV*`SsX Q0MT:OMv#I~Ho{iE^ؓ~2\w}jjQeT+|A7HPi*t.Ni,N"Cm#~ӗ;I`o han 8h>Skb\Ҏv\f\иZOɂ^6P ooYigs"G gġ!w5Gp3uOX;>Dq{'d $క+ a6;,\`dEt)O CkAA*Ǒմ*CU'#GmDSl)a1V (]%KCD//3J.q ;[gbe#mUmZU!v}BQxKAp㝇TX21/|E3ˑpa'I ?r=LL([ ֮lan=ad@U^ F^ű{M2NGlvhf:CT#v,>C-EU9#"%^TQlTkNcKǮ>rRl/DwYKE>57ʒaRHǘp"QIv&-:)R؝^E=<2LENu(5i%`:+`=F^pcK uH  0q2]K~Z-/ĽC2+$Á~R3TC5Zwvi_%IEA<`,AM@PwVlD:2&{O Ơ+C| hƳ( f;)d۾ݳ5G OX̖$JXZytY(טkp ?k÷M>J*+%-:J}1XEOP;6>0V PU\})=\mڤ_>ĶkY#Ө~m1F^02r27gԌ tjŊ6bVrGO~Bgx2|ҳJnY)zˌ P32O7Xa`Fyu05嘥d !MWt\n!В?q|i6X෰UTd'KJ"͔1wV3Tc{#,L.a|6'E)}zڪEΫ3@oq'N?;9L-VަӧO2Jވ~%P/sW|':x;0kh3'Ǜ*V.FqHiHP$ycQҐ7Xp|k>@b+r;u)H{:Π.c#<MR*Dp@{pRᜦ^I5DHf/q@R'ߺ8)룿EHi?(m!>pWxSёI3G0㌟bh{Ʊt>)4!೨AEKR.a鞌9N"5$L@Wrm@!]BOqPCG51&fоvi ݙ$99Sb&)ׇLќ tK歆>I0ۓݨ:q!ˆOٗZњ3-~lHC'=R-B'q|ZK-rUa. Dl kN8ј96轊[H5׫e+ꯣ*-]uT5(3!EVeܿEy@5٤!l+Q=yNtje|P׆!3W@~P#AԫdC ׁruh,8zW2jٳNFB͎R'B*@)ch<ң5nvk5<U7˨k Q _%"leU-cjW@vedV e0>!j}d( }`K90wXpOB( 1 vOA(c@7a`ʑ$^KU{&_Mn8O*4OeuǡcLDа(I|ːsP٪fTPʆ3u67 6Kl;(4w $xSC@wQƢslVўЯC9G5Vs~F.%r?x?ؙG 3>6D#z#O9\DܿzS}i!Q'sEYri)u` ? sa" = Urv&7#QYGLr7C*`=eqw9+0S+™,$9mҭ?}- ](@*RsM2F" dTU.R$qSgឡzΥۡeQQwpmP2~ 0`WDI<73|,ї" :׭\m^ )C>8*cDs }jc6HY $E B9Ɍ窰yw`C곝\&sNT:P3[|U~`RﶹDfl/E ɣ&>e<ٰ;"Q;g*œ .Y1DΦ[%YDό_6e@Nڝ!jcnwsfSF(cW(5)!#\ʜՌJSV c2L{4= zj(`ex:g(Q)*L.ik@Lt#9Lw~VH,+ݾ1>4t,{q"?̾lw+[՘hV7Dz4D<'xbLYXV^X 6Hr=Gh9ȰdPF\ޔ&T|gċ*[we @^|"?*|◟'kT߆y &};Y܆ N혾jKE(?SYDIOnz%[p'uJp/-EگUۜXr{TH6]? u`EKŽ;ADV x60"VE;ic5h= ''lSnKbfׇ`G08=v=M傮-h byb<ʾU`  9+!of}Kx4igè~9c }f'kz3ך{4MV{OW,9w"mcS йzÈ$p!]Pn?%$5._.*d7@qf##vv/?m b?8tH))槪v+( 1x*[z TZpi=u.ĎOeQ"Wϙ;zj@l 6膵m<oPw=<4=hwJE2~E[9Bբ$;C }T 8#r ˵師}Q1jI>Zq+H`W:І6jΣwQ!MkȟjdsP"9EhM@+'&i\0piR\GUeK;ag7k# N܃a̿x{}h$G cznO _BBt!o2pKwbϾ+G[PKq;-o‡1ت(x\ǡ|XabC U;e)1 ]Gf6{rM0-OHv6ZH9QFOU>cn*SC(=" BLAi: {s,́"kFJw~l=pS(UG :0Ij<4w)! \:g$%-,1NRߓ^K&_"%G:pOjߘY_d8n\-X6DlAxb#A*$gQ 򼏲-IG5&@YK)r4:84BVAMϩN|e&r\q8'#-٫Td4/C  [xOw@{_ UhA/+pQv2"c' ӓaF tF1Zs֥B5p0/CUD~MHy`T MhK!n˿BCAǫ||24|XQS/nlk?<<KY@<-mYH?<+kxIHWˉG0ϿJQo^oKu;jͭ 5?[J*9dOx=))-'[`٣gpL(k%uzux9̣Is#_(47vE)`bEV99,̟kmʟޥ9r/ ̂͹/ݾB!g%3ldC}E5bRŪN mzWGGgE{ 0A.YՇcb^3K/25utfc v7]5q软՚U[3҉RwZ )B$Eu 1oqާq|.KRQkOt8;6Ftv@Vt7^qZjbP a'nHSO7;;@* %uW  mq;nFiI9jp>tHrIr̉̄a$ghlˮ i'5Mr=r ⷫ-w 2L䛈_>c9hX:o*cIyX4 Q M?!ki~6^04]4_ȩۧ@y3Ʊ{olg/ou&zjK˘5nq؋ ZCa-?JkJ6'y5U}q^xB,s)]SY-V>P63D6,H똄E8"׈d>.&`k,KkkX!Hi>IйQ }l;z|\ønG+yfbMPlK,T"9c]s?6L{ f;D|>1q;Pﹳ_vSROOn,ki($&0<[l4/F\/s^.WRc F^V3vHV jJa'YUЦbPYnM&{w;?ki%5AFhuO5Ԟ`ml59{t:Xn}\D/Td_#+s-}@,ti3t!w=!gRg^@c.Cκ^<lVrhmV^42 b,Or~+mUYǕzSR7ylTtpJb3 T(7rDjssse&.3Lޓ' A) 2AbۘJ袈ᎌM~62UtL?^sh B,O>3yW5]TVZ$Ba(O/K˄eڑRF7klS!$JG1̗6̹D9wfvՃLx4Hx  ${Ge{QZܽOCpbًdxgѱ*?|x!"#JC̺8PtAEB3-k6| YgS4yA!\^lkx*}|ΥWqӟQk'L{QFx]b Mr#,gw?t+2Gq7"SQmF"eUF &`d2'UQ0ߜiguR )̛ƒ &0[J)(]:T/k,^s(8Crrlhw_JظȮXޓi fLh4 }zGSV) ]@SxqƔ:No9& "t+a^e@7LP Y .S*:#m>B#ȓ(٨1 HS Yl,!){քz90J9:JfJ:vkjxώ6HAfSAWo%8I ]f8فPȷjxˈzYl辫mV[o+e0loȌ- /,;پr64Hj"Oqdhs;TeCsjCfT+7( bH::!ҔNYWI+ zV=pmj~7+׋ ]uʇCOMrqkJZ.PdeHjCҎ)vέSZdZvV/ 5j*[zaGoɄE#Suo_[b#˜ 0vF4 cy <߾ Q|;$ S;_C"yADˬ^.:"88Nv\IX6diC.L_ x00y*y&wrasՈJSYl)O"W c:^`E8w͖Yrs6*ES{: >tysnP< z n< @N_Մ%R_)Sץ\u9H̷- }0/1n:#N ~t5s6+ >\B(B&<XsÚ'x@J5n2!)gOюD= 3,~ E# V/9AY#yΚ]{Y%|fmBwaPA!op˄䆇ݼ̧e:LF+VLLr܇ >8L'!`\ ԖpLhR9e\雯2f=9Zn"&sCʯ!?7d%̷ia2̕ ݆RCWɺ鍜ED dA{#r6#VԺ2(n.h_ġHlQ<ODz@<Ș}#g`;eV'&'S_`m6oS3 il!fmƐ zܢR@h)lqkЭRI^}#NTgz}H_LDMZ|©s0[r7AG'qtDYeu2  _Շ\b3x-Mzhj| v O/Y4Z!χWy[3%D&)&դ-_ĵYͥpJuٮH4mHѦ~mE#'P]ͭp$9HF;O&x}/5: [AB;MwEE? ֱiT{cTy:mh le G/k3Un9&|TfFCgM_S2A'p]/oHBRZ|dL.Mn /n>=$Z26D WIY6؃©;,cg*çiܷaNd6V3$<;̼J] <-=?&W֌7^.F)QrfT, Ɩ7ϡȢ;hY4VkH7\H8+ +BWB`<$8TTdq̃<6= PHN=mD#w ;gE(w+yQԚgf刄a7GS  %Hy*9@3e֘版 ` 0"ޅ*`Jqm_' TAKڪՖlO>D&D G>%0Jf/<8]$Ơ88TU= €G70ꑩ~ksN[WN-'jfQ[0kX6[BR\k +w?9C⸂"q[AŇSO g Q]XPp 5 oZ/#Z /?1/JDnʠ6?kLugͱ8\z]$1%nz r Oݺ.e^g50^׊f{E%(X)V'>~-XY4J,;*|Zю@3]*[/u57ʹ,wz;#r.)~G$]urO{4=lׁq'7"=T{n-|x$njih:TO F`MQu—qH@A.BP?OuYm'\A ܆-L]\tZE&OWb@?ڄf:j?M69`ZdCW/ag~xr.{7(p]~96+1]:o7UU':O rtW8f ŇnMJ\o z2cDwuw%Z*m83d$0`r'lh!EB՘͂ZfF!K ֟laVf{/֮/ mmήD)mjqڤ%ISz AOc)nq74]ҾFh2B$6UD(f<\O߂e [h>v~JW5Bn;$Ot|L P,?arv* 7Hk-wJf=GES+9ݎRڍB_E%bjW^L oVw:Uf\=tbBHq Xej8]\tatᛛH kaŸ-,%dֿ#:E3+OyܩEdbrВQIʸG32U E65b7il#C1hwpƧ;]ϗδ?ae'u%7#;#t'zoktY:l@|0F=oKE9s@LZiod*Ha#@1$1{ ,Ò!}N/BƟ@f&ւ1X{сeW)8x[[#(G`s9Z+mgT>gtQU|TRBu}OBm-(LX%[35".),9T/KycI@F,/:&th/\RQlM:Rm|o)Q㭣k+ u ]ޥ:vû!KJ#; IU$kdjw(0E@[Dqi-suNKBw0qx<. y Tki`X{`)\kS,p\U[';_D&/ ʏ[.]N{ GG׸|y#m? I?fn>eOГ9_`+"۔\yZҋ>_k؄z$S|Q'4ηWrBc-ٙL pe+sIKj%Nb؝J=,?.#I"lJOQeHxo\u9O$}A]H.D@|lg=\܂ 1*ᗓ@r.*`YǠ.]v?- 茂(B kwuhq An-vfz3xN1X>&I1{U^7,ve x( .gsO 63kVW m.3tOVX ש٣-v6ҏ:4.[ 7C]i ?C]-xtj,B5$4}{ [W ˀ R#*V+iFJE1m*;pUw)g'f$a(gv'.(g5tK_]s8TN|Es Ӽg j]lCDŽ %n`gHzf kov- O< vr@uT3&֢8ids|a)gJ&irolZzjW_ jIĔh*e\T^e:b]"+ׇE(eh`%D‰TYaŐ|.'(4oۿ"hnstOc֜L9+N~C:n`sh`h{h?%]3h%jF26yŸ.dž:/ ^a#mLP@#{ ȁ2V% ^PY2/e*d"*]DnB[a4vv5iDe!=2pUol3|vs~+2oM~\G]I?W7y/F&u5>S`Ɓ0EHV[HqҰT=wzMAKݭx^ hISO$(wG;z ^C{\uU2Nm5@v,1kA|wI!-><}O5H$/KBZLţJJӴ+urX8_1vq|#4 G׻jviCBahvf0HUxf6{Ibt?f l q4tA+I 8WnɡjXjq([Ҙ6kT}^V,H`ht)jx`3IZM'#@հ_ 9OMzB~W<R͖>Ԓ%6*ܼ1#¥ȯq ׽)(~>7=:~U_őNh+g~9Gv@ѣgPɦ &{s÷fB"qÄVNkJR~[Dq' _LS`ւ3߾^lqM8!nk AGHc3^ate{w?R[.9)ar7 { :G[gZ9$=˶CIB4nT:s&ƗlMW18Z)4X})!k =lԚ8ٸzWQMDEsuRRɭiX}}>~,2$]y64𯪻 ƹVe)VR|7pN)X|1喬P&UsC!0MDf l@=,Q1AZƿm侱"0,.~vsb_t?Pomh:i}XܞxFowm/^RPcj] 0p wAx*N 5c\9?٦~n?.'JS3U:#u2͐ӌ8R]m(U=BWc["cFNLlٹB qͩ;Otn_QI67K½8MOxdز>Ir5 !FWs I~ry{xȂ$]'w n@ H­Tgju(QӫvO)dNx+b`x~6_Ɯsb !n cN Qf'<D5T=lgZv2ZMC|%`,e t$jȒ (*'EHM|ALAR#cNo?i_ #Iv;.Q >:M i 0. s6U|,\Ȇk=1Uvm6/dcۼ&F ԄŸ2*Jɗ1ۈ \阏&oEOK7LBSZ-ժy#ΜhJ8S-\ k5/:]"9nbfo0tiZΗ{҈\ID^;T/ G^X,$#u(_~ɬRc{ * OPLOJXwkTwY`/VuO4hQ#P-/"J^IV@; Rs1զnc$iTճmEW* 8g7N!Jb9slxx;,E_m}Z˚D{XVa,9cA(Y8>V8ϥr@Z@wI'Md}4vZM|7{YpAU_rg\js5^͵h3bTRvQ㐘 U(-hHe*H` z=I7"irT呂L w%T  R'&)HLZYS˻FEش7 b}\F 8]O/SxղUS]! |_,3}w(5>8[  nmUȜ{/os̫W=0WӫNB)fgHE 6Lt> [U Vz+m#vAoSPU]MIF[ߚd1 Gr<<hQ*@SbGQ9g7/¶H:ܧp&N,-CH&O %`]r笄7ʒfMa%;zdc۶@c(hիf +)p~jf J+}s:/@8h4{šĀjs(S°s-X"/jƲN1/m q_=7H#'Z%%fO4?<ЯF޶]{Og"S77~h~3} _$M#L]Tn5Aj0C*Al@Կ)&Q|mt((a66R={M mh;yeU~ė$s3YPjD1DEwE'x(9~%+҂EbE3}1'hۋ7A;(Ds2>/N)ՇVN ȷeg&ΥrCmډrdUw!Vysz HN;:X! }}e690dq ְ4G,x?<e[\((cOa/^7-cRb0+"\rcľE%V>ʼVܰDK-t*;9x^y`)/ 21N7kR]9pZkfx"05utId! |a32gXWzdyp|poA.2 !OQ<'2@mmz`nC{ʟxaV7zo@iX Qk:@5p rhW I3v9U1b3He,;QAu-pfQޤY\-?WCeZ^aLIN6hbm*614#ƷCDǥWXA?pnmKzYSֱoW&=fD% ɯ@ᢄ|6Os6)ёt3/- dm$'U/ [+v1&=&X'2oz./\?t(wo}c] {OIl!]-+C=vhуy Te_2RJug_K# vn4պMb!_trgUzmq]+ʰ%/=jh+oTHx~*ؒآEǖHV N?L^\ @t` VI W2ǧ6̌[b6IA4;%J Dz"D]+;8kTc:r/t bJ/1DIIO@V?٦a^T(17jv5=6Em47L3.:T#Yt{E}FFrjeDCQ`FBMVT5Zų2<듖] u/Bbeϫ!ޓ'f41}ݥSřmW/#@: -# Z}a_7g ~>d- , 总 b̄P P:J$~ތB:&reyYb%zTX7֚Y 3&n2okl=Q,qdzTӽuP?F`B.gTi_ձ2q]]]ur~SEx/x(0aސþLpjǴѩJ簑lGPN?4YA؞k6'`U ^ǢÀ#E+v^\vxu犲|-!nltKs^k%mt0ZH'7=#6͔iH6m.U'+a ߢrA&$l"фTkrM㊊<|t6R/ƚOWMa;6s%)-ky?lnO)` baQO߲ҥ+H?UqSωֳ |V:vj Ec UJE ^vM~nz+Ó}F*QԪW1itYA6* Ŧp2*/d7OxbB%{o Aݩǩbd*> [uv#Nv$ #fp.8NZG~ũQ-&{Q FBba>CAidM8*nQvEPjjwK{/E<=ykK(?y3^Ͻ?vX<ʅFG#4\pEO~BlWg,*8=B A㔻Df^zyD~:tvyPXo'4f(!LѢ#ɨof,sEƕn,\Q~aBv4Nc+[ձZm  (8Beq7{:j&ƗbpxR%VEԬWEEN&윊ňϗ T㧨XP5HI~^pADQ_̩ZƁy/^[ Awl<*d E=gK ,kOB-ժy!~^ӔH03aĠXp"g;N>sKzNMQ?輻"#W%9fCSthذ]iE>f9,v#eȯZᢖ^j}q&RP]Lm{hV]r;5 o4 #L-m+F7z3*k/Exu)=98rxhq/>=q?8>W1GhS3<Ý9au `֝]}\1#b /+<H*|*MXWAZhT 8EI |ӃLbTJnM~VdAEv⽛=a(>/p'aknH $mY-,b+-0Lz68A7C JKX<66~kG4~rEWP}vؘkԊ4նcBqd5IboV0bjB (\Vf$lMLX'9V5*׍p;Ҁz8۶ˇw %cm&'G.ME%ㄣm23{f &aKc~fw!bYStI[d3HNV$#x :7XKsNIx< >tACK 8xKH~;H>39GX#'Pmv8SEH}eX^F]kuTleҾ(5˽ƙZˇ5 }eB;2Ü(L;ܯ3)+ߗDZ0VJ 5Od DSuhX.u_whŠ>S"¾MyF?r+jKw~Oj Cʭ9|30\`\Ln˥72:*By}{PYzZ E se-NHN-^t(.N}]$O@yR}XDp+RlVɫ_0O\Xf?&ƾ-Єl/ Qb ^RW+I[]K~VXzUP]c̟(=1k}"Lsk &ֽ[P[? a=q?"U㸜32_UYa=>=,%KI;C˧dB9 ~QGb&T,pl gBڦ\c(m_pHYQWtJ%?jHӧ8+ɖ\'꺂ȮߦEzV"sl1̮ -$5'B2 /V~\zQ}=[&3deFGٻOjtnOvљtQgju4RZHVDSI5fގA }:fFvmyG0,/[ER~A4KN㬉8s ~m(Sǿgyc?Z৫]6d%&9\<.Kx pF+Hr4WhZ0󬙋㐅rGcXw^[?/[ؐ_z ,m5aDw:3At52CVrx >Xa%FeN gZ\QB3{uٚ6FB1žEʜ>qhFz2VlG ëJRXTkC:bȔik&)nMiəsrmG8sQR>CoFS9s@g-#o33J0),0ugf h|hm!|nU{;ښ_ T#:~_.ƞ<+Us NbI=1!\iwm=ho8;\ ,XnI[9AB$\ ?Mf I'Z8QIVJ+Ocp/iSCٚgA[ mS/SFk?Һ$0-+c˼61sp^.0#I%eLRvh;|x_h+٩Ds]ޠ.cN7?5?|tELD^_ytpD^mSO1VPLcN*̀ѣ[ɛzQjzl."Td_]Ye<^'F29б[4qS؊y;*'Mu-@в) sH^چnCӋwbZSF:3hGaS0pv֥kQ W.k |^[/E\%_F9-VQV/v"X=Ga, Ě1х<6J70|Z1nI?Ss5=mx|J"yj<&>YyLbEf:PrR ̷)7!LT8b7!j᲼^|"BC$s">6H6HpaV VxGLE깛6*q W^J1FO0l^=2&M4>w>ufd}u"vbKA;$k)eH2P{KZ [#iQ6Ϟα]АvbA_mi8'~‚f.Tޟ99 j(5 amG~Wt^jމ^犀CmHHcȃ,x ijex9@0: &h0/~^uR-E1! ӗ;)YșzxKa,9- h ~1ܟn'uմan7)_^1 \H\a @'S( ލ"8z;2@ י*Nj:I ~x3: ]ɡ)DCVX3Xդ9ںi}V,c3 WMe8p6X"+iH3YܣE>{\i;YWш.VׁBr&2~5OVߩCUQ}'f큩$>zFG#CY+3 0iC 0tqgY:3ɾ biS£*ïuSaOQH"x[Z3h.<6ۏ`'":z=\ܐ]hYimtp13$,L)!=}6u\STnԇ |c&7¡Ț!Ľ=1J|Cv8_?y`FdD#^iƖqིm|[jp]>-X5]m}#YZG7G(_$5_+-سDpSg >*z۱FnfjG?bv6v(T,:u3>8{=á3G--GA}\J59%S5 wѫD>ÓfwZZ5H%K~IJn0kkٳSyk\#2.R|Ct2؅aL蛭@I-VNtj#3ɚUM7LQ Q  $~/!|y ^eGc4Qv,]Q޿}%GSѮ:x 43y2F;VìWx,U'.Y[7d)K{S7(ϩ׿ O Z80 f+`{bsOB5! w/lMw59ba'3WU5׹?GKcT65CLJ <WdrhhcNtZIL9atWla6mP/oCJ`&5m8J q6PEzD[؇"+ij.s[k\P͏ܫݧ<:*%lP3a?-bH^{!Xq(ijK1䕵ix8mvR,{Q. .&P>p#QO. X_ЁyJf7т7Jldir]Wi'P~%ש^znA_M Ry;f /+F]aA$׽B[l6[ĥax#lnmD5]GSJ!C|Bre ѿ2Vm::_L^k=5$kΧ.$~M ˉ#l N8<+3QD-qkkwA0M9ɷq@ 0Nj=vws)DsL~lOzߚ).-NL4G.x;7-/fޯ2Y=ooȟ9zxP$覍qB6[9OE 1ؔ>C F>)r*;g ؃L P/SɌ\ UE1|Zr/'%6LK*Tk s2@绬m =1ju4$È(> &wn6AXqFV8gQNF9V~CP$Y1(;ZS\#5&N*3G /G aVLyYtv&wSkP"S"2V$. P+X5~E)ZXp(E!oEl< Yqp7;<1'%j^8t]+XY`-Ŭ+laPۯ`![L E#YMV0!w{>^j^"&#iТHtxg;n-꾑LMk; v:Q6R!B*êh88!%K_aA>:CdFk|C{E*PtWc_׹>V5"";.jX3zWk=\T37Z! ӭ3aO_}T2JG1}<ư*P QJH?c Q\<*@|h+zYifMaipzeCšEycJ8pbI43=J8޾ '4voVil2ѡ!yB}gD>y>I?e?@Hºf_ h>퍶i)[wUb*] ᵬZmcik9rקX'QPyn[UZ\V׶¿t,m5 GN7HIȊL<4UOЦdvRm@F dcz.j]f{jK^\ВX ܎ /19 0Ugӄ'W\rsm3oJ|ѩ$wz)H}e[A8i`jb!3݊"߯|ۊ- Zґg?\ 8~^a k˒h)ޤFor o(+aEC4'R $ucj:Fl>syTsJH'MO\ iz))#B(ӵ QB5K{%nn=*v9$蛩=wm ]cڶi~w<@_ !rZIc(g-k|r[CanzFIe`RQ$${{k #B;3|wihb XeiTr.O֖@sXRȬo Nk7/m>nwz*KKsz1ʶ-_ԿR!_$Yni&+GzPG콕uŧ&+ 4 G0_dJx6 Ka067+JE]N"Dz&ʣ~ϦG1!z@A%UlXLۯNJ mӽ(ҋj\251S ΅z+}a&8aDn^,Xvrh9N*LH!M^݇[{kz [YC? U !Xz㭗=V@pX/AK24nY# F;o{B34 sSE0}?fiDA"s,k`| [QWIcXYNjNDJ;PnZ+Π[cYbǐ»AcC/-MlW)N ؞:c 5_f>_kt+mKzf+Z }*'#b0|8bOj(\MN鯍< I+G٩hsUOG H1}5mG'pO>d0.r9ydZ<4y4>x%a{j]}]Gs=u"]O i&8qV \=z}vW_ZB|f DFoXTE}`խ$ɜp7a sT97syabyM(1½]4.P]Տ!~-kg\g%dǍ82BY}4*eYe7̞wߟ&\ϋiBBVH?gjlW'M$Ջm-]|'4nWGG='lvNz'UȺO T}#˴FABc tN NJ=8bw&AK a$as,p”ͼc^_6v5`ZkH7hD{},5.A 3t2X+MӤJ.c&ҡQCTtAW/e9e+{-*z}S{z uڭ@Xi]AWj8 u8ʴr!Ļ ((Z`IA,8i!R8)}$Uqm5?M RP(TO7&)_LWf(̕EM &1{B]:Rl=n66 ]4HxêiPuE=GXHK-9O)j/1Enu9*%i2r/%U謽#y4$vfȶsO[=%9le3l%|tt|}M4Z'DzLP^XG= ɲI`nCg-o[t%Vks=j4DkfˍUhy!DfH;})B_+Ag/(5ni?Ѱ˘;fಧ2X;;0Vb?6N9 46lÛ= %NIet"fT.2aqEC\]Q%vlԽs =@ ;D Lo :i2f+H9!+oT_@z /I c$f`Y (c4#y%uAf"=O]f/oE 9O h=3kOtx?TX 6D'/ Amm(TG`ƋwF7t/@ ./yDvu.ဏ7>P#̒ʍKl*{Ŷ+5cz _]fc!2%/$3إ"hfg;mO*%MG>hDwAs@{ Ŧ]0<@>klzqeTFhZV2!P.4S;9=yy)j%SvAϽ5&[Z`  @:+ Q:sŐ#PmۨReҪA慪Gřͯ4?  Ҵ膜&6;QҲLBRsix)3o\}yUs̴; {pQ܏Rii掐;g*:o l !1M FT'brc,1`CDSٗ[+ a^9\%6*]'O:-BK0\3kb&"x]3KEEU0nejsh@knr=F$gGubA1|̅EM<;k¥ɵF{,\ά),^'#J' EcAe*fбMK#=NɁv;R$:~HͳNt KڠU *4 r>QC83αU%SQw87,k[2FFA^mf%.҉QVdL$_ף٬Hm_N\ fV}\g@^![pTaɔ(1LVB>5 YGK?d }dB/#o}|l6xHϸ8#"_a1vސpǥPehp ]7PMpǐex) =۞}yM{r2 ZPKj[2R,7u0Q<[G08E%8mń8_N"kU($S&7b\INrLG4$rX{`;s|J ^ʴ\T J(D,)+jfzߨ2*FS)T8Oy:Ʋŀ.,~o,˵nuuj݁|_Hp~vY VmrhƂ=TumޯB&Y)r!uG +>{ u3<( 褞ْ[_2 -/Mwc,WR:{‡n&*y!HqEmhfg ^q"Xi@*jUm"#!B>Q?x(40 &Cd+k R@"/Yn-9KKEkBZ axǵce QD}Z4>ʱ J:a`cjL^47WX_:lЅ"D4f嵅qd0'$2᜙O~AĤ!ZMv78l#}:?:TS]nfZI>_8Lo j @'nř:=0ѦoRt1s7Eߦۿizs}fz =Gz"5?W;Ha%xl.#gM' X|jšfn/Cn?ߛv/ǖ֩[i&E*j.F0C[jOJL]Uu)G C(d %^_۫]s4X}:Gū;Y{*4?z14,Q1\τY$9\%H1AaXP|]=O>wxWE SӔLVO\Ts4C>DJ0yCw#prҴD,!G6d[yt͞=: [r0LidtDuGg] |$KϣfCj1㑦)shV%&aS^0}=^/,!cسDT cC*>)ڄSNjBV{3E]O]Pd ч'ZNNO¶汍 Ռٝ8$kL<۸rD P#mkuPќSlzkhW:wӧ]n:NG[:6Ml!SB'/z_ YD( 2I'9|JY6)̔Z3$|,wߴ?/JY8B]RU1M:e4"DG.HڹCx)bM!CNZ 7[#va79xa=]V4pNcǜ(T=:a˜g¯ܳ`ԛΠ­b$?zRU;USc}ٰf1 Uf5P$zݽy#@³o`EӾ3zb^X݋I[G mT~9I5"i8"n1 ~{ XR /!If{Qe'}+%h>7d!Z~Nmw"Z"Ϣ(j>F̬c/0"L3PIQPŴS4N|k_wJso6⁂Y_֚)3] DCV?xVxORFnG9n}Ywy# _ ;,h;6ECE!ObiEC}]؇*ā@:O;#|~7P]}"-,>=<3!pRvp<@ϫ0k&lDfJzQ׷x-DJpW># *['5 vOy!GiW*_P]W GW3=&ȕS-SS܊UZ((¡bޞ4֤Y2LP. ,zYSY&BSUm @[bO,Uʁ=_ڗcҚ_y)x@`*ag z7stY l_<,@x/ 5楒ruH";\1JBKߥx5v NÍ1oB^ՆiX '$Yp~e>IrS&U ijpАջ|bcR,RkX #,قOZ@]ut.*ߌQ@r-!> }'(Uk&LmgT /c[tBf}95:COƘ -sy˂d K7f7|Cϻrz %8Cn舍S8lnL8A7(kZ\ fpZVF,@9~_9ܚeuB1:뿓v{1-ԚћC@$PE9B" N"h)&}6(N\/fRT$gr |+h8}C/D6T | c r.+fSZmJw5 CS+} l+GIl!YEßUL_#'oC^[]=q?&^pű=қ v^}JL>Oi5rܕ߼*~}!b:6HMc]kB5n:D\fŞ16s$|o7)ӛ򤢦?8 TIDG0{'2>q0SCe.n6x>l7@g@!6 ɓ]gk{wCHE ei`LWKu%9< H9֕+(H-%#H(mV]j;a%Y:*8Ol'Uf.xbي.xR]Fb{5m xl6(RWGUtKQ>lE0娅} N3YxT+jW b17~"5 q6\0w*tf?UYIHmI8*'%rvyÛN&u]b55vCiEum8e>ˡ'XO2wPEj'܌Ц%T$^^VGXJ9;m$;x=yji*K  2?=~ b9&WQ)gq2 .Sd&[ kllm2ע8{Y[BJ9e !J{_\}~5TTo:zB.}#7rTjġ)<$tOJ3|)rlwJ!E<ػ oM؟x%>P~܃cFPG qI~&5_s.(+6`ħ̽[2TVvq }1b6- E'4<>(j,p[g|=ƔSRvsՑ n&o l,QC6Zqy9䂵N@8hLRgݕ鏓rRC?}z \$NKiy],@/0D?RJsvK9\;upn.<ƅ.lW+1+geJZ{6.ŋ E4vFnSt^EFW7mXM,̫%1w~3x\Ǽ%VG\ԙIr@h6,lЏ|UGxe7V~A)JƢLOt_@+'A֮dvf Ġ|dL3u: EQ`v-!c,:;4PH Bi90:G=m;\Kpſ>igMS&$0D7ǎxrm$ L "̼d%[iz` 9&a‚\i pxU4ΣAܯOW.R4*7qP~p0Ly+ͨxVX\y!K###PF#.IG3ҥDZILPfŐ>6_21M .{#܄t\aONomoos3B'<,m G T@.me; ᢗn_"04>}m4A6&|{J4EcQ~t-LOH q/'fפ ߝAO0_9'Gju*yђ|SxkXv+`3\VpL3Sv; 3p٬`Ӡ\4}6*.> q , 'M.9E8,׽Z$ILpr*~PSϚhr[% (O"9 Mw.4Ty*%x / Hf?zO"I*OFQwe)>$ {4/bWi9WZ~m= H$dLt5N5BL$d ƯD/h#,zpvqb֨Q//`r,!{Md1 K´y-Kf '$:׼KhSI {"[!}h Wvn_v ++NThf;^%@&RF߅A: ė g [tA{d(K"Xh ͇r`jj-Q]&c5ҏ/O_NeG*Tsڹa1`]h1tԓbj޾9ɛLcu޹Yyii@pڂn~J]}k6V{⍟Y"0·V?@h}S6YMtSE6y}JawE,}պ=yz@ҦqŤ}/C_:֐ۙZ&M@uOQcݧq߆8 Y|V}̨ۡ@eJ]jv^o_~ ٕɮh%ImS*ߕNy>|JկpL7 NU΍}^2e#US@|j:ݞ[o 'N8w ʑ,d(r;jk9(ȤN/O;7_Rg'7i _o_ n5#6EBvt=%Cgj`ώ:M;4eaߡ`c7/v'ߣO:[G_uαSƾ|0< iVcjtqy8uCES q3nfP7Uu!-`VMz&Йī] l#wSf.z#VLVe"LeHa)d.;6-Bҕ\j7G$J: wřxyѫQ]ֽ$: L R@4Tad4Prj|q҅K_t|nb%4WŬ9A4闩#?~ԙl\@'7S-\Yůmc$YCNb:{]@b'aOܠF?=S_>HyE1M.1m8t挰7;q/&|9;f+d<K[H!TVG{4DrXA5JGciLҁ qq Er3DV4Ingca oȓ^^y`EEL:C])b4wy<ɟd]UqucS,9`BWmxKF*3[WlJ㎄ًim罌Na5\ԕ^ΨWgZ }xCc,y/u;#LS!>g]\] /4F% }dC2ufZvEG@ۆ@Fz %F99_O,+.f"^eQt=pZ鉫JxCY ifn^Z}+ir^ ].uyr䒡ù>kA _jF m{7דyS}:; t_y, 2gMً͈S_ G*+ܑs;8Ӻa!pdilOѭZ +MM>=zk(eN,3>'x{kR轧 {qǞ\& 1s@NGUhɻ/tyKT.-Qk"ui@GqJب$C)XxiFS?chʦc5 "uc,ţjMG6) X΃iᡞ]*ت{Y:XIԵS9r-sF%lg,Jy ã&:7}5%GM{]B[yը#FWgE2`XQiDy XvFha:6O{ L$?FATHdCF`en7^O OYk3Ñ/Tq+"9uPJ\8}uf4JiHm`TCmxa߹uv ~ծU%jb 9a1;Sy8S}Ke݌)-NTV+{0TMeJNiϨCiАP(z,2bSF#mwg;k( ڂVV\NУ]8Ps֭Գ0u$nֵgOSUJ$ HFbOKAdLͺc7S烯|H#w?q)2tʔ[R\N8k{^"Lݿ ATG a>j9kD!C8]o:n:퐇7yk̫VG``r;2G~xQ7;/=ӍkʝǭTpa P!ZC)vcn7ͫV28| UO@[v#33hlP۩$Gצ6X[MS$Y̤3h.`\(,E蟧͏ <4b,S8mȮ=MLOeݹ/khBVƛ䵿`dl4A5c {qqzR:w~V̠(|pQNw O[莆2(lJ* $r5?S|b^ 'zKgT]4eB<*cʜCEi>)-raE#D۴ fP ,*;`#־A:2oTx}/2ZcX B\/U(^Xxhr?yV5_@V#DkpdR$.|lYj8j@35 ңr0K\ga!Nc^ڼsyɿQ2 ۚk| Pl422C@NaX4Q5EU [bgQIɹQ}Eij7-C4#ε2 9&|l4 3YNh) [> yąd9/h ?(;䯥1 }\'ڈy"kRz&-C zfʄsn4 Ff,VRC3n7UWuCd9Z,>*lN0V^ӉcnwkatLY}Da,ǚE?ؽr,6e!Hh/}L (d JPa{1Ah-{:ya`9'cG\++ Z$e5PJ`%qJwUFg1#G.U0$|.}b̰<ü_s^hnc#۷A\WޟT,4RnXc{%ɭ4).,8Agk"9sS2w+ NYݔ&GA3n9B;2&)W!$` y츼oVn?̹~ $tk,gM5 `F ֞Rf@*̙`Q,E# _R~~լ+g_>\O0n0YiPjyb.0 hC{^$5ȸ2;t2GxO؉{9 ; {ITD?$f\sKɕ=I0*ןE)BkL.1Z욨b Sжe|̱ *2Vd;x욿 h ya$B[뱺f~HA9|l&eD|s$7=S>x/8'Q@4r1ӹ䖥yNٱV(s,Mcm-K¯YǞ=Dbb5Kz,X=q#0ɱII=Dt) R#Qٯf%J]041ꮛ󄰈.Ivg?L*2͑^&PZV:qK<'hi3olt( @ez|Ȇ@ O0Q4NEl7H%'P1g!Qzuvb ^Tȏ:1 eRZOkh_x; 7le.H/Y~>@Dq ( So<߅Jz+ k }TEGX3D2fU(]226QeH+"ETXՁo\G_bϥ6}HF%18=φxBw ]u-Oqrb}.NSbѶJV2bY!:c2As{Ĩ[y;/[$V0垩 kǕb}LJkk G)و`1ZT6бMG5)&h??4vׯ{Qc4N6ok3}qӾBB<xD y?!v.gcLƖ ܽy$,~?kyd*7$rsR0GFkS!NB҉ÔyA+}RoUԱ0bf1N)dLLal;.@.ʹ`ո\k3YAc+d̄v.?p5 X耷NVPGҜFV`rm'/NX$-~u!'LNQýk͎¸dH4zҰBLvpnEg9 ob)D}<}GnhAvm"@ڽׇ{~?!]\aߢr+hIDjHI;i6L EkۼZ-;cLH"xR٧t8P FaN/7Ȩvg`>@aWF!yTnJJ2DCqj6f:3U%I&?kh2Vq]/p͎[TNF'oCn}lCzIRq01.t~NTMWGw$؉ Md;;"%*ӌjɘ(3Ύ+ PA] X Xi<7(:08);Ж,+g ThBhG.:d?VbQtblA++(lOWu獘j{O;`kNqaSZ $Er,f/ 7Ɣ U-`k'ͅu!e?nLz8f⷏V%TVzPKԔE ) w_:'4 aNǣMԲǙŖNHB"˄{C`+o{XVۻɺoQ٤OP)6V~ pZ|pjx ɘ{bEa9bE(TT26 2%7C)-N:IEJ K NYWY 3==Ǯʔaksc*5;X4EPxʭti >-hX(zA@>*4j[arQ,9>GiBT+4TSMŐ6%+^`*2_m#.d&r3m[5ƊPiX3, 3xFw^"fQg&_0,^W.idk=%!Eɉ3(aN'AJF_Fá&Jʌwyd?E@>03kʜ ?O~:$J C}kQ+p~|; 7eY7 'N̵rv*i2^(Yu؆u{4@ǨuY )p_Hᑬ]Ld a@0D=Yrgo Vn*pChٹ2oAqew(Z¸)a7Zq1I]K7\G\":-HI,ǛyU4 @3F9d(0aۼw1أgU Gq0`u3)k.P. =p B ЄԷ;KH-mt{rI{[Sjc䪑rʼND/[O}VJf@%tDݧ.9@a>Lze)9h" dΖ4*]:.C;Bݚ<ؓ|H"?rmE+ ZdLhiqŰ"I9 ^FI~sMFf-Z69v<Pڱ9XͮصKJ}BT$j?n]̌V]A:2pTa[8=h/tI7J~ũ^f̷ n >ʧaӶZY e\6qW]9/9IGYVijhXv@/A3P 3j9RAbfU@[Jޚ'߭87'_V^K&*&j"QT8 {~ȤhNC080ѽoyF 'iNcޤR8F.5/TG%I 9b%qͫ]Q{96$ L6v>ǿ+좊'Wyw BU&͵; 2i#\o)";]CFgmN(O{j Xn?0F?LpJY s<\fTk^ԁ m kg -]e1~>y86TZ}/4D1Ϙ"k>bP?'.m%260}sJ3Gs7_O8Q~D[HA E/zܫtNi2Tq *[2)5"8&'yrXM M 75' 9#A;3E Lڹ[6;~pwfJ"^6r*;@2]Ȋ؂49͞zA3 $aTn>*ĻU_$CS Re,lI77fp`GahR;$^ xVmʷKe^Vdn*a^#XК*V7jBurHc*&c: p좧W*oC>W*o8,qzHo^@x BEEU_z9H=ۜ|`~ :%LȚ~W1 ^\T8€ՕUEc.rEïk5Poݧ. _|=Q$0,-N@w^۝$72o8`a E/ӫx eoҐ4cb6z}&mt6(UndžǕupNgg%]Xrh_:&ϒG脜_<ibRMLO]{OD. Dyw64\EG ggDp/pn`HIvVG (BÀ ]D=*s {a==$D.(!  FN-.# ˒ڐ"Ͳx>F$7w{h M2Ǎd/BB+G CO* :TU>YPJe4/}7 jd^S6s=N1G#OrQЫ^%mNdASĮyף Iه:6ܤ;4DT1`(ɯFs>UTFNR+UR$4g Σ鯰ޱOA_8y/]娱U̴:}5DRr훦v; NT)Mk}F=~3b7rhډ^8zز\=媘֢|vvHǀ :m!^lr˦j.;#W-*vlA?gf&2,Ŋ}YzK-GNEz+;'.1<%UE!eP>D Y'T2 ^ h/ fwI:lcnM.+(grxd*"i̓ӛV۲"i sJV}o>^{#8#;LG_c/ h7>| M;<{e2fpcM>ɒ> M˳g bZsxN/[m5u r,qp]  _l 5o ?>z2HIfRWysZmMWNJzF 1J*ƼY%b,3NofJ.ѽR譢m!8$;%P J&o_YPnQ%t5b~ka`HUw(E窵(Z]Hf{ԣLcu[atwH 6VokX;$($4)0&zbyZ/W#\ WL\jzcA+ߞ6]t>(W2UsJ*I*+߾$†8W9h4)kk9;; [[*W)AjM@v-[p/NZ4Ϳ煛O7 G^YQT dut~:j,@ަnu}9!/n4(CNuQy #tΛYr^0t5@JhN3 y/Į=~1W4记ƫҎ {jvn^ d2fv}95):N\g֎XSd3m 7& 8Ag [+bh xKNO#UMY-54ػ#28(beXtJWnrIUr9x/ ogy9&˯3fn O`6Fǘ54"(;}Y=P-:vPƹׁ9 R\QDiy"IeHYoz \.QUm"0 Wfmr*ǙϘs*=1 챧r-?8^Wz6: Uө_WdW4ͻ! &1>?@7I7-VP߯CcxEh 4uTOL/LgO+1@x rO@ f$dO5p=uۄw#BSj ]6+)^sxQ#mZE !7)rZ{fb$!UY:Aa*jfL[ UWB- Iq ͠V%v_/a4 Cl[%KG%8/Oѭ}_a\ 9, uIbhј/Bh!^To竜;l*Cr7ȠqO:RivjAPT:UJVt7,^Q/A#cmsc0Z6EʸF:V!-l:ׂv+bPAɮRJLE7E?19L0G%7 }-+g'F0껸G@口`Y&vE3(}$(rNJ_;@(:x_[wxdqf <j š胾t`Xd7HMQk⾧{liʄOv!!V+>v'! RR^57)5rB_Vpq䧉S2˵MѯQћW3~ˑ%#ʏ jDFSgt,#/tV.,VF= g?u I>t˹nw_`HFWr@][' e7EYAw:HL6h Fˎ}ir|f氬:jΙڇ'ԺˬZnH{_Z[}~svW+[>[bR3{k53W ݄D+ˁAHs"`(ݎZ["T՘ݢh}Å %'ƀjqdq\DJǼ< mؒ~NnsĽmt$餠0(PF4apZ qȁ[o qDQ/xJ[>_ڱy;S/yuRQ-Ib ~Z74N_ E5@̟huF M m/iٓ ~:<w90''J=ČX ) w>k]:g9i'!#JQ ŚĬґ"C]Mꔉ `e>#pl#fF@@ǐxO :W1H,`پj]zwYڃi/v߂r!eia ;QWl@7&4%޹㇖+AO+ODіDF`Gq.h>A\DwLTIA%O*5׏7hnhU1VˢU2MOh.m5I块&m]+&D>_1}z@"4"U̓3U5]L))JA|-.t3`/_4c?(Xiev00?7"x-E!$ ؠә]8M.o(!㙂禆0i!:eIr1Ie*_p 9BemE 5f=5"=i6~Fxx |A:\ȔՅm KJz+P3o|=iOz"Fܱ$R@3/NT߮1cK|q,{dKlBBA[3AuuDvLd ~ $*ގ3VP YP&w*~o(.]z`g0Fez}?{h {gղq<]F9sa3*rE[@^hY)x&AM_PA-+aGuܪ@Jkk}Q&Bcѻ k9͛# |kݲ&=sghMJW/K;ܲ|gHhd~'31/3Z9!(MA=$*:>C1oN֚" C cB<\2~Kw a\d߸ cD1?~tAőEmGc/E .Bd '/k.GxdH9( ́qH7ҩ?.!h /kju2ң)߅uX4~je?SWEHKǧb̮0= ccyB.GC||<tX{^zvZuF.'V)[%FA$<:9]Lc"z{u?W!Q[Frlܧ{Zd τo=H)H% vhtku,-t8h2mgUIs e8P~Tn@h4A bGqCVrТDOSVe2s?I#33$Ur2ѥ >]fy *]2^d*,SfR1yIX.%+ V9@8&XX[=ԧ),5rwVy=Itq OpY_ 4{v7^7uS0pI!hߠgbġ&$7n_hl`S6'NhtzkDQD"]BDKƘƶs|DT|ZQs3ڸWN4ď "k-9M;=q{_قDaΫ ֈgfϾ=z' 0:71Q^`X-.,ʉ-e8]D$!K[oh}.h㴋;]L=qǜ(byvh[& J V&fvf/vJ k.h^7X;p F vrgn%Դ2nap\[ħRyLhL ]'wY HF@}xɳju^R~O,c]!ҊoO;]k04Kqnש28{V/W 'ڄ#\[ fXz,4tHc֕Y+Iw$C8J۲A_4 up c$Ul18m|)ǂkFS1Q=قD~ (o3fҧ;H-_ 9j,/fWZ{ȠM% c19[`NDd=0A.YqUr(KvS$-Gp*&p`G(yt|=oUh !{4IWOt_16_yql"`8\ e,?Vo=3NV ?!G z~s6uwm+׹]JT@qB U{RꂲIy{+?0w#P]^>4~Fn ,u1Wǁ(V|%c0f"9|v7YiS?,,.r>HO◕921_36hb4iI]`'#BVnTg脾 ND!Cƹ-] %>D"k+ˇUNB|W"t!a@Z7+|C,|E&qm 5uH1s-x5#]5OQQAZ>ls[`Sx~օxE,(w`7$zaoLFWNoµe v<I 7m̓nl5C{08UiAy{Px / /aZ5#à|ǀ]kcZm˧YF?YN{qo]jOװq},Bql?kT_܂}^WSiErjybZtE ҥ Ӧ& ^zyDSn~{v76?q8xکDK@1eEnhF )h%|Jq+Uɏq!xvA9 Q_'T:'~b xfUfoMA1A D:׭"ĬQwQ/-jț=Z6 sbGOz3"_;GE<71JJeI0:A G;~~Ť&ՠ`Ը7gDk*'KV[9YR6.*P}]niԭлTMPKGv:iQ!9a֧!khI-E9_Su1۠y!VUfK{ Z~B.s|‡H ;F"aZޅrv5ɜGͬz4͌ T NBuD.[kZ\NY.nMC1 5M"^ՕɲfCfa[E7G?JOՁ:>0{YkN/ڼgҒ$*L%q?L BΟ("R6ZwV;MEռiA(Y0ÝDưʂl<=8Z=gp20wj?;@଩AUЙj͕sF q _U zƥYU9Hvne4B:;hf=;؊Ō(=S$պ&]NK}-,kzAK6As`vn{/GlXuf[Q7 -v$8f [uLZ>?,.Z ^x"e.] fbQ?+:~<+ژ8J?IFǠ0F($arFb]~;;$]2t@zɔ`19H5o}.+  M/D{a=뵡Ľ+@s `|5y,Ѫ&rwąk{ ; !'/V&{cXCeR'=dTuNĤx@lz3 ̳J5֘b49/rHv#WN ;CS"#'T"Ng7dL|0>yJG!uW[PVB+}N0WS߰m+H^U޽C$Q*N`K˿f\D^Aew n:7Y[JTDhIbQG{!xQpgX(TLJ@X# wg ϵHO~ĥ6Vua*2`ڬW&"+|LȒ؅n[QʏmT@ݾuD8Guog =!<3&$cz-7˟⻃D{=]2Jd+9ٔv0җ ! # (v+ORAI~$e4ڡt{J"N0oPw|Ze!uYH$=,H7 @L~gO/X:)9|:JXK, '֙5FZ|SJ4ªrTLڷ Uƺq@Ȇў`;A-< j;u;! Q"ʔ'(B7b\8/Sd\N}w2{]Ok])9dc!:Sb^tlT,r-OOs(ލB$xzZ]*SG_ۼrǃ4afb^'([Z)*pHب̛hvwrh뗎p|@sB}/JZLV$E0 ̱{S7t:EqW g㡶;=Lb Wmk&uhmOAXwXiO;] {n NX83> fWCnΜh+: Ȑ\.1XX˛51s0N0 1v!.9.EAYٗ""Ev0jV~Yg6i%TL~@@tmwY@3,vj@{1VHDrJ07ΠpuH%/O=PE2Ηîb[ؘ: ,b^IT"U1ni>@Yш iy 0:ҋC+eـvRJ^M]v?S_zc<`g!־M:[=6"ٌfK[ . /A&1u{"F=b0~(X[f\˧}0"6}Ps<h1h4[T0;.ߢVABmgkĐ7MM[[nAskɲZhvfӑvɔ)tŴАm۫¢aY/A2b`]$t Yhw Nd 9GY-*(66P"ΐpXra2Q tV3{ q $zC ,pDw$ ^^g#h⭒q!$(H8Uɠ׎]Gy,SsJezȽK?ar sXq5bmYnɇjB@ ;1VE 1HD]bGLِU}S`D;lcəĻwJ[;#3˘È ૂywAm^vQh!"sb@G2,n3q N1.&N3?Qqi-j]7Ȳ;,e^tk\F*W:bԁOT 4㨵M*+6 oqSv!Űb5CYTZû-h!`mo^v.'Gژ߰  R<'XEW?~Y-D1{-}"CR4m#Ԇ#77"+XaqpP@6sKߙ"V%UR[sI+q"04k4`X"z(gaW.OoUkޱv6{VNxx?Oe X6I)lEOٜ?:)vم퐴|%NN1&ب LdT$sj@ə2bb3u4•_޷F Bgkk0K`Kp%>dH[0ctMDљ &b/ܝԘ jKpz+ٰ8̝!La%M *.I#!7dGG)M੩O͈+rjj>[lh["tEKLD/?nܻjuB?c>b[SV2s(5zuX-M$š G8fd{+jpP5j [cFTm>f>NĆaeDq,;_ 53mP=7{a9#*uxNe.”#k/mxfMYo.QB_#J(\4je;4kF2dzvaM&ΪXa%@ĝ Rut3זWkc"vEZ{| >I2iDge T?1C(#;Hˀ~S*nү/³HT8*ł" #Xp-͑b_?v(Cge:tY-۪98l=)}/N6Ã@ŹڪZ;`wҳс ou_͌j M8t!|!,΍vCEh' $QŨŮKP9%vmH>l8PuZM.WmFl.]`#| YV4u!E1KuEU*3xcpT_r!p/e߬KXWJsk1VpaV0`)UB! ?VŹN{|b@* 5Jr/fo@9(JsYWDs9[ +E }eMǂC]¶~b)iQ;5'w-cEl PC= K|^)y@Im?r?S(ϫ KN֓e H QC*sdnsGՖҿ:prԁo]}Ub}Ԇҧ|ƚ"ء=wJJ!CRH||)4ʯgdPBI)dw. }5M@R[{{r7 #?hj:Bȕ 3@̀(oɁ}R{t4: '+wr*;ȻoO0GQ0y`-܉xoyҤp!a"Q ш])u=l=`O-İp٪Q' PZH"!P[s[齃RZhfܐ@m O!@gSXL{u46 z-+@b/NqH"Tݬ2SЁc#A 4as4Sgo^{jbm"N h e,|=a6'U7}- uS\/Ko.߽U?5P'|`JH~gطAJN1+W[]˜nx[ha&9qT`W0VlG KSl-ϬMx'|+j6Àu 3\$4z?|I,N#/1tz mQ{+Tϑϊ}=? ";.> ?i=MͫnP`p9s##cO{!g&^뼏VLTON\rĺ8e#P^X\ LRthK}1ydkpHCtL[{u61.|7CHe(BۚF+xRPKdYK)(!'}yi<ي>W?qX}lAw>M7q8Z %' GC! ek b}/-:r 8~'1̼= k*4]W viRod"@ &_ipBCM_?6IOɯpR̞@1$ í?8a'E:R7?_#7v8%` .%tx D mKod 4֌-KU2/)[O$@ƠV1EVJEKb]moMv7D^?Xiky7ْ8m~26l{Ye[4@ϗ701qrNPl@GӒۅ@imuL7u^41&,sj- 8+^Y @.F,qڰʣڰnsꇲa4#>zF'Lע !u2MF?@.U㳁yCE+42ffH}R|dhN5Gxz Z ~Ƴi"G[b>-ix#~H_:䜀%c ɧPVdS9h;snt*vz,m[0'ݴRn "X`B1ǼDBD5ɛ"#z $޸0Cp C]ž+̈3isf`ŭI2~ٞ,N1s |SG&t{k4#6Z;$aՎfVn-bP>B̈́Y%r.؇w 0ݻA{RʵZ%a/bѓQRCYL~eb`M{o춓 K@ S%n1 x16!n>Ӧ9enMS .C&ĚruAo^C?[@ G2AMD y9A vm`=6G |@hDB}[qY~sC0aMq)+^ Mע QA}rce3|aFQt v[2f3{w:zcM!us6uz+ЗILpv 2.Tg6I_OԎC?r8n~#=΅2zޔoH X.gux]Ʋg5(QYSDC/ <_DQnNV >[prhǰ} A7CCb^&.R%rpmZxN,I"Z&٢*w!(( DlUOisb%.9,~,! uo_Ҝ1F**&_pQ?qr[[s-\FVͩ{DOAz:}p|)]rf&_ςMITK.e"=:Va"i*z@mD.ZsyE{~k$SgHB'~R hqzE\Az߱ҽ0:)p4K+M9Y 63dsp{ð H*3DsT׽mI7-}=NĈG nA0LR~ 4YKFNo̼D0qs>m82na/جxãoHӮç_ޜ'H֙p /d\mfOo L8 ,bȺ HDd& $>?IZW#h[p4?3\4O\MG6.tz$%6 ǎ[%K0َo%`wƐֈ9I Sz6#ޛauh3 \c8B(轝bn[չ닼,dO9fM8j#uRMAn1ʺΒH%Q*躛ʉ^FVD0&@KgvH+FĴ8)Z.~[c&ڍ@:E &raaurf|zᢢ il:ӂ ?85K`ql:4N$%3@* (_ ʷ qs4Ol6l( bBo=d\JEjWۭOBxLMpT`v3lEѹxQ2u5Uǧ M~G@Ph` u#BϽ8/=@!y L @bokk wZm^7Ob[VHcmYsutD Ay" ݹMV| /}򫚸"9*ɕ@~匴q erGSȿpE@1S٧B[em Hїbk@W0S C^8u,fX^,OΛZF ш:}6~`خLS[a!Om6,-iĻ,Xι*Ei#m갃FQŶ>ll keb=vۼ-61aw5 e₦t!!MwGWGBx+ cSaN_P=p :Hc t}·T:s_`'ċ^E8 vTe nKLN:`S 8 9qk j6<@"'Smިw!M,6FR +3,$lXcl&c'aR2!w4+J"I ]ќ%[ dф;^Y]6fG Dglw00By} Ӹo +4H$l판MY,QK^KS_]mDwzw 6xs aK{~@{ni%Zukô<[D²#,gPM 'Ji玥6_:Ҙ * u^" 8KY'_Pr {$ܬ%(7zjs% B{8*Μ.|L 0.5$13}xnPjsn],qU+uqPZ\9Zro"YDn.:pȆ)WLS"3^oOBDm'W\tUCe&/2a]K (XlѰ:f Rujt#KUh=_=F "QjG+xwa'CUD %}%6E ¢ ]WLV .U[?/P2DJ%<>p ӧ1]fsz=~ W" *1=[՗0mz\8(%e}Ti=azBiK C]tXpGS _Q"1U~ٲx6_O"/3CXdp+Sܲ+PE%QwϹ2?Ì өUMHɶm3.#$7mðR&kN& a\K;ɈЭT='٩?DƃX&Cۃm8r~/@H>_3Fl)o>rR/ ,ݐ%ޛC{{Yc {KX,d2k~]e RbV3 M:GO ˸ 7F_W~잫 y v\ BHu>Ц~ϝKc6(,x ^5yx,))'@&|u,Wҳ%X"-2]Ojm'F >wS cqߣS 17+?*5EbYokq^< MtV}mcѪ|Ie26ZH `wWj+Z,\Gv"&sT4`8D`qǽЎWST$Dy0;t,T/TdR Ƞ8Z!|܏4CGv8GO7|n2|QsJ0(DohW NQ} Sdo}`*&lbKT.} b6TL)'SIijP!x<;nw td@jDHy2Ok{ :$HQ-%> =QUgRlD_mOYoOLpe](:],'3B On<.yeb̵EfVElQ?x[KTɋl1/ߗr53bX#5 AY:iZk)":؟teð@.2Ks)1m96?U:;dt .p*O2퉟E+ >p,ˎ[=.݊$ށ.,Ӌ^Ȅb"QScn2 d{`?pN?g ah1`e.  a[!~/BFa#ɉ2EpzNr|+ۥ]ú,xEDU|Ni ² qtX7 @,̽ uOwۭ2xpO\ȳ3IیU?Kyxb֊^ձ"0 $cU1vln-{sW*rJEAsG(ʗYPh#b&C C#S~b HU(X?+OoX* 7qÎr=^ǼgvRx}(EFIX&̜GBN2ި1g!O%^J*$ r^fn# yKvB6$Ԗ'RSPpĐ-1)Y*W2GԌcċXyFn+ lXX `b;mX =25Z~ågD?³o@eclXo]RNvj2D9im"o W ,P r qS[-&ʖâd%Wҥɲ>&jE  }3 2OD"Õk蠸,Cm/!`v<  nue]׫ڝъc/|^p;Qd?N%z-E S]&Xu ?P'+}n;eٙ+ òhCҲz/ZL0M#K#F&?:Vu 'rW,DiЁՀ1KW:ܪ']J_J̽8Zkֶ9F41H.UFHhmeC/An㯙Zo>T* vOٙ!n5떈~C `#g$ka’VV(-O.0GIufDګSWɌ1NּiÒ!D6r*3]] DIHFo=mTlt!)im'ݮZ.ҿx6RRLB[sAɨ^kQ\zCB^+4ong{rcߎߤWb!U4]x$R {6,Y,@9VvR-Ql^ p8+tOn#J::c!F,`O@t2XT0YRoy2o ݸ"e=8*Y_Iqo45Qۇ=m~_ &**$$9Ĺ!=?C0{fh3܎c$9ဤH|Φ)Trq%W`H` P&<}Rxn.6w˩%XPxF%A]N2}9$9-$ZWgF6!h|G pۊ9[$0$y&JD $ó hkRp-mxf9@kgOyYw?o3p3( Yl]]a88r6=0r9h-Wy>(Kv9iME]BVA$ X)}\*6xxBnsVB!,$=$$47_|ߩKFiNW!tO0 6Y:OGD( Q'`A: ?Hc%BQ;}d/sڹdP9QT6d_{6P.rZI>QbSᘄ'/3gAVwJ;j3^3o"}`|}ck}ٙHCceBĖ5h^CPZ9ĵ[+ZzηQA37#;"`wt2qvA - $5dG={bw3d/T>!$Dl%dagED޼Rj|ps`u" A`:z7QǷʷe<6- CSN0 "+q,]f V MQ-4x)IE(dA Kc){jcZZS] $e/6-enޚZ5`w3yS=(Fgj"(M4sK?b2gዾo͒.If U%Z\*W8DJ,Pǖ}>>yVFCl2HpC ZDXdol]{YYO]FRi5n{q}FvʕD]*a{t6@:<K"۝Ll[@xj$@֒a]q=`t9Klћ\l@Dݾ7y 힦i /yQMO9@!gE_3DNdt!l@ȼG=<M`q~ ШF˃moX(E+;N Hgl}A'C ;mByi*3osJыM8OwҾ Oݱ]5ݧ܆u%8 *~ttpA0 [V3$+e1f=:Q>I5M|ۂ~lI0] &bJMoM:yB0ژ0ǘ(z Ep P"Z QT&ނCdRO7Q9@5>Ҡqxū=Q~7۸om TRUEv!2Ѥz ݞuzޘZ=Ppp2lT]zP36r-[<zMܙos5~ M, 9*/<3??^=E$TacCZI`Q w3ySorvŅCN\C8/DŽv;>lB{)uf~4 BB?a}{\:\b#3gѱx4ra\ \ *`,AFO<ڛ\ ?yQD5彵P~s 轒$Ǿ/#BJMEhhyXo6@菏Ca#x`ޯTW N4{ȻƜGM#ؐThlR hꃔ*ҭoG1BΞM[%vktfO\MQNO XUҨ`1XlT|tA bRcj.iRohR~%^a@+D-~x|4c*bf(\7'Lf@­ldp# BVuӷ-A?Ҁ: {"u~e%])X@+|aKR\iTBs AzKoTEͺҳbCxY?WDpkJO]gYzCS!NIVⳟ }9V%S e^.6wdefL +yKm50!1$iV5׶z؆%H7+[/  J힇|8*P,B[, >; dr1`º%^HjTபrUĴ`kqC1h3kW z vHjҟ짊QYU^g΁~mYj2֧Wi6_Fu1:=wR0JdEsRx94c aհh*Tz^w~{`{ jf6\:2]sR&7)fM1~z9~IS q8b䍏3yU#{zLu2]\6ͦ`2N A>F)?'Qz +uk0= ќBf)ԣMck,Pp+zxv7%@zDh.B~ҋF0,-7`=-̥JԸ'K6?ₔeRQ?N/:+mUF2.+/@dW3ǫaqIXSp.CD4àdTg¼ b#K_v 1^8`:5=I*sYfl混w5>S8܀ ݞeQ!1]w:ygc `s>A0=) 6tdVhPi$X΅JH^zD\WQ3$xe|A '򶾐CAf>?6/ۿM8kjmTG%87{Dc OsuTHڂۻyn>v|Vwi.8COZ1%D]T6AܬEWS';˩-Gո1J9C{bT=cl òx:)Ls'pϥ}o|dS>.1 * j=br~AZ@'aOnr ߩfnݚM f#rqan_OX\6Lx r tI_5S1M_VRgxOvՐT"x `s? :3 B&I`w#ʼn-Qj\vnK`M+SVZ{0}~<[)?XWPr-9$OTV6id!|smLf_O~/5;BWnhB6^ \yI:)t>Te@U+[DZtR Ř`қu=< VicpE!M1F xx$-Ƨ*> V/1ZKW<ţ=4HvgzS5 oMj'˪&Zf"Q~'J!.l,.kgZtC2jf8`?0^]fe=)dԋTslXL֡Do\MOUe-=w_n۩pVώSܕ@,+h ڥlEޝWd2ϒI i\\!8-z!4P[S&vy2.>v gȔ_uGF/(j[Qf)D2hſ6;:E]hLP5u{d֥܃Sښ0_iNlJUfEp+:6h`vQ5V,aOn2)y8TO1O  ]NxȀ ቫj kE_me*6ɬ8FʚE]9gwP&WZtl„/8Ьw. ~^w5oK5snN35 +=̋/ڧʒjDmhnx"VqY ,[Q9ސZeGRr(}!m4"Ӻ+|(x%=;႓lwп(swxk1⍂Xg}ɤ2[$&W- ")ZcpXAL{'hVoLi߯MjE ? A]22lGiG|K2~߯4?+Ghd [5ڪ˘0`KC}\d2X JHޠ{&Iڰ˧h\DOSK9!3b/^عЖh-JWӢqZ-(*"N"'7NixA#Ry^u z3 ㅣc$4Js-Pd>l*+#C^}Iy4 ؠl7̮8p>&mrT) {B/zYw JٮkM`ct?Oh.:ſجe)&]Ud-i0#hX !s!y"Ԇ6AlJ4ABۯaL 2l2`sM5N>񇣓!c-(nRs˜۲Pa;4Tѹ7q\cN25N/ƺmS@2}"`1sUpMLGvH~1Y391!vOc&n()WbCS?@IQ6-['6 n*>ws(IʹK3dU8 5R̡v޵4=Y¿J$C)0IJVjW[0=uן;5C2Pt0DG[?W5:}@LȎGLҫ;5k/ *nls:Wi#-rS oұh& m ~(#?Tq H'ԼxIyKw1 V?yJD0q)Ci25T;^ObRQHAMz[Z5[gk5؞z句uE7%0&-WClCI G3bUJLق Dos%!ֺ\4, /"Oi5;IΏOdR=P> 6/wF(7ߍ\*]ݚ/lju0-utq0[*=gߺJhKOZ.D4QtN[Vͻ#:wgHU1ދ'Fvש U ?&>t'TХqǧU7g/-݆hq+mb9<|dń̤wgu7 d3; }CU`eZjp^u;P6BU*SՕ,57Y糼E_3;G#PhI[$)VHnIJU~BZOέt/h΄`8B&ơg,XCCb,"K1ka58 Bmad7.BEВ Y3г/֐̂/{| UOnWi%p)50:ˋ݋VPHI"+81'!r?N(>~Ap\/'::Mn˛R" NK}&K/H+8%#Jub$ _7 bZ-IGF(F?iu1Jhb_ikHÌ "[M9Oe.;׿T2c׬Bk_>Op# }sj4qnh.p8v2cK ښs`n޴:Гv:UN<[}p*B؂36"#nDZ5\Sj s6ž!*UȢܸ+~)sI V?2,5߬4P y3g1Va8Hّ'Ҟ!?MC^%K9hDz\0% e .'F؄N^x6e[v2~CcFdtԥ{8wd;f90U ]ؓ]pKF5.FPݝ ih&;A(nGԉPxQGɜYdZ~0 ^ƹ H*l9ל7+>12L gؠ/ lt}*JY)e9)`lewލU`a.DI=RʭQ<"==txhzzn pE K6߬*MUQ}oA*TDTK&T2#JK7T\)ϡbjPH$@RߒWkrO$#*QlͰd OEe%~75"(.ƨp+:Ƭ?eǘo#koPT[@zzTok9 jK^g=Xd, SF$t' m'0L$u0цAEvm?{ hD9ϫp0T(]yM}),[kR₷Lb]k(;)e'\axfOGWem|l"#|]9*2iu? 7hR&4%&t>3rHXgҬ2^B*EJ շ;R+yF(bD$0nF0n6Ӊ %Yi}|tJ$4DO9z!At0Fd~?uG`*98u*MLIIu3LttJH29_ߤEv)E/KIXUE8NaCBKeQt`E.`KOM1eH4}A _!52[{ %@4)X~I҉ i6)>>A=vbA* U}1YU 3Gx^4Ny+7#  9A( `_4*VO츖$;JbO,]kBĹ}ƢЍHgz0_X jj{%ղg~=&m7u59nx)]hu#HKdE`ߦޚDtaTE^?%)&ba[뺹h3r=XL_r*cM@J~㪫[+Xv ٗ2J7o'Zs^X s٭"|BXo*caHQ\f*u.(r1!.+7w7/x(“J9iυFSb@4߯cKUg 8]Pv[s3A6':r2QWܴiRw1;N2aJǴ]W֑N` i 5W0A8eC}(D/y)QaNJW)xc2폌7)JZ29>K ~cN'mP+1!9j8ZGԻȏQ&?)6!JWiu-wXaMsUDc;^8SsuRfz_~q*c" 2+]myTZr) <`rL^xg Ψ|;dLÔQ3ea@w+ޗt܅G c"wq|p o67ӟR3,#`f]=Cʥn;w("ԅKdX'D&0i=~Il[N1N \[!c1<(9r|ItQ 4ff%Y&I+nzf $|%) ڜ\xGuપRFyu}dϖoAJUinl⇜J IuXn|"* d1X${{FQ`_ D2nEaŚF F5aNK 6g_GFAmZ+;!v\\~YMS2pɑ(wsiCc`4[YĦP K;W| vy)G2ev#>fф+LYu"cS&k/):Gm}y^MT[*6f^XV+>|[D 90'xpKbp&{IȵC_4pr-`ʰ4Ɋcc $׵hnr/[ش!Ӓ#`!^S9#:,Cfvp6Ֆ:U!rܼ:XE?! b=ཞcp#_Fῢ%g*}JOmS'itU~f.o0*UMpŸjGI;ڌap]N. -3q|2w"=e6AH:[N@7Ҡb b?5)Mth+Sn= А1Xa^g]O5[!8e;#*^b^PjjE tsKb?SӒN(_m Q\d}T؉i Ac(F 49yq{7[ oLdUcf¾!))02$I)v"AMl6'QxkqUQz+ih+3c@wE+.〤}u7jdw{utײ 8I վ;rD$y%]GS(MINjTgVoTCh®#Tر=LBAƼCՇ+ 7O["cE=wƖ_:v%OvcցA{DmF幞_ +dHA>%룪(Uqч"3r ~"+)HϯAbT;Oo)7D^kL8&Ϳ7BiGն{*@}fAYUy6q%2WmL}f ^3'g#qu]FvrR F&G5eBã[Xc+蝂\Kb#q,'.|j-r=;z6U}E Bl9W4(^:8\ I٢Y৳;q/yCQn xQxڻO>YFbUaQz@LI\0bzQC,"ҹ 'ѿ kEMjŶ+yί1ÜsAEQHL?m.3nӽu*ͥ1"jVYWmJ)4nU@TVxq(yY}`pyRIA2Q9h tpKŀ|2Sg<+s\O-*EɸI9|YjoŜ]]C62rPkTn{y2n oan,l2e-wYg a^pTpơ B;nF.+NFoOqm)@}I% Np1Iѿ>;eGkgcr$!_gQ6yN/Niɫn/pA%.zimv 'Ea}ehpku썛8 nd+NCRc"Mv3Y,*r` {Y>Fz!ULp6i&ݙP1/Ũʰ* Lsk_@9aVs]S؊YnEѧۘ e%2d& ud=+JG2Ip܆r5:rj\jՈ?ݵijܜRNƷ_H@Cڇ4\/]bX&c+BW[M7[_~NP+Q- >vUe,A->~@,sL7gfrY%_lWskzWsJaޢ7b;<zʶꂯSSŒkg f\WeE˕XFoIC-hߋcSw+*D՟NaU&҄&_&U#pI^ R$Oydji4[YJh{Vd"otdZ/I \7R*[ӛ\Zo¤eɆP &ѸGIԷr&|֘7zt3Df^5q8:sW'1䜻kDTĤж[|}^UhS( d¸")dL6WZGM`Ms3+mX=!d9:cw/qIB{(bFz %8*/wKJvy˄w.;^7{]=J !J`+>wK ~+JS[؞DNj.O--"6>+YF˃-@FZ̝̈pqݔ/Uk]Nbsv_{k4w^мR#(H棅UߦC8L~Ga,e5rKC>'t[ϔ F||[k;5NA<*c”8e#j"z&+<19\O tϬBXbhዴʰXOweyPF|tB\PPpF\4:d{$mF\{SiV,&NGyZ'IjRUwYD|2甅#f] "?fsGGZPߧ.@B:FS-BԧNndM\ n0@sF0BXXh߾zc&:AT:񜫍MP9B=XNߏ0K$R5ï!=ԙs(c}QKpj7@ IdvI1("lVKQxH-+ ]-׽Ԡ`KGL^m_Sg*Hc7Qɭ1˻.Jݚ/8C`XtJBU) =H,d"AFfzˀ+ o~ڹ߶ဿEu; :}[^\KWQ.Cl4(r0+bꯟ=J I "?Ӗ bo4[j2`D%{r~*<@9ޞ>jSCVW>}%o FbHB.I)>9?̋?9px;zLX4tm"b O=~>7}+(ԆJ YMDd8ͯS%5 yeyU+k 0O:4싑Ě DZcu遜ѓ4h!ߠoi?oRX; :Y׿re0M̘Kx1f-;{%fGNCc)C71[#>qHIVI8q i=FCah ~Y+(zxӘcstqKZor8@MBpP)G JwD'y ÁyQHԠ\+س~C!颶GyraGGWղў ĉ~ 7w$[&:Ar;JJ SdaQ:L{wH ENÆ ԫ1 i-qr#6dCIH\D9[IZ>2P.,""&J@z/ L`_Ib9/epyܤbk8χeA.@2+-E'')RxfnɝDg}"ޮGzJMV6Q*-i%(v;W:{ZBϦ7]U$ZzDp0k}2뗦YQfo\aQMZ1Ϫ5>,K;y>`?TiŁnc0ETuO~<igZkmk"/ҷP=5FyP{Udf:G we4);,cm' NpFuIL&[Myea!1^1`9?Lw\jOLU%d D*◮Сcsye $ޞP&;| 0 M49A"ʬyaApwryMס8z mpWZÉVFc?Z!I4tk3/nKbBG܁lqQgSxhRV4od1a끫޾t-[Mñʿނ$ $z8"mebj&Gr0s6ɐ@D h#Q9gEYBgBT[P„=f\ro-Gk|@2 KB 9 ipjv1J$V5EM]Z7w }:F2X4GÄf{&]Dr"z>.E=<'l&0ټ=aoGyWl鑣ھD yxި&7O ڊ7/ItfU>JUΎbT$6WHϳ# Y/~ /-x_0ghc{yI[ ⷬX}-l̯U[dՐrXՂ@Pybkrn;TLD,/<_vRuJ,}5$kdM4QPHݠ4%.=Լ`8V*M?>hI)'[^D>s|Z=\Հ^"/EE1RNc>jC!x *;c6y+!ٻJ9VMK}Z#:>J% CQ룁Fxt6BӢv,?>$*n{P%50ĔY)Q4i_Cה`APx,90 Gu2lKʮiI$f |w*bmw˼5-@>-Bkڌ}a߂ޔo'Hs45ic)*7A7 {q5<(Lah/aV02aާq5qIF,;W&1KF PQ~C[:rѣĝH>5W22lm/)ɴPE$&* _Fa kAr6y.P] ` Bݿ1IǼ?`*]4<|(ڐU7Z'lrSYDL9EMH"Qa/c xּ8w7GJ!]Uq/חRS> h4ԃkVј DEWIH+;!RpGkmJ"hu";L8ujo%恭B*mZ?4Kc* = (*$ xpѪs*w{ԖJJںi5)n9sO<2dP);c!) ‰~".k&*)e\<('>.-]T}}D,BtoV/,Q /ΗD)~r}){Mvaʎ. qcJ9bXЊʓeL@J{M;cco?X(L*zH`q1,)GN*b\~B%m3:»8?`*JmRkܨEub!dx4;ԹAGOL/g,z k[[x|GBC5B}|zdV)`rB"Ϗ3j ?{iӘɄd>r}{a81jc|nv2Ih34. òmIL$sHh7cvd$'}=&#W 9>g팭R_g~nnɆ#=V? j_@?cwvK7JOUpZ gVrW%$KKuOs`>[g`ɲM5huIH\"wD̴LĢl]j`~EI?oHߗmۥ5] ;}pT7K33#O㖠>r& QĎ :!b90lm$ P{=̄eR5q:ŏ?FGvx^$݈1F-vhmQ)bmd?vFݯh%6Wy˛,ؠB1o L5-Hu`Hb/&ueT\8F?@,F_>mSY2cslo6r w|J.YRN`9U&Mf`ڎȗ;+INZ.w7՝oDIq fjF́W2 ݍ߿;:L&J_ Xp,ے$u\D@U~ôSSAScTipa4ȇIcX̖hSgkbQQAMܺ*9>1_Id-@+jy! pfa;F #oŞo'l6M)M}ԿO-`;s7$H=G3?<|ȥFryyyY̧H &% 埠y7W:" D/x&o$>\mǓ'(O\XG%nɚ@,i2P ~(j =+ޥ-P-E*f5Y7DM'۽X5OhT5ՙkj%]W5TZo@ 0u Umal6M @fEEvat], 1XkP-Z*Z>Cd= {wxO| W݁oEi|u;Oo⡘b1 mZ v_v`oEԖ:>?>$w;[ҷigt w3y3mA=7AWb۴*+O|LivQ]tDsUbGP\|7LAWFT_T;?'%Ro)&j}XtMT\_v~z!.PsOcjñcvkhyB6Q^ GΝ s&{y?&v1ƥ! o$g$֧`1r8 7+ԠB UѮ*Y2L}ՖGf,#iY5k Ҫ[B) ?MȴfT< *s# 'v- jķ4K)70d8&k|.GқwRDߤ͛ F56Yk=* 7ݬ%!hفgҕDktR kH.fň>t(W[QBuU7*뇛+DR-JXv3sǧn#xN:n6昜?6sh8؆"dx)iYv=,? #tk8hwbNwy3$j纚G8"d/`ժ<$d(a?y7݁='R:6ZRjk9QѲJ6ݟ[|n:ZxV)+ڑ% Ʒ `%ad1-$SLx-$\.̈́q5-o612dط/ J^XH)$ũ{tB2~Ҥrw`$<֙0 % tg=0${ܹ@G 6&Fgf:YOjErTIYwצ iIyV2Oϻ79Bul3r1σSNsNKi$Z-+ :=mۮ   }p)Qvgfi|44Ov+^Po[D17 m`;ᴯ-c j+W}%.Cp=Hyb>.\~;WeƢk Ҽq7"Q Cfئ:m3\)H0`RpR\%-f <`ro(E7k1|ܖ;dǜHZ+1}ygԘ e1=0 4%>s2bW36)ekECCFDWgUPJ;a S~ND؝bRwr+:YxL%W]}6Zs"atu9KT(]5.f OAN-h1}`R/QO] {ɴ2*;p'}d _lL9@;o1lt@NZAlrmkʮ*#Yj4ξaU~ NRHvDϖU0&>ya㸡R4/yl> 7Ix.+ƋN{)bz&U4m:sB{Yrӣ(E4T=}`GnhHB޽JT̘پg=%/ Cэ(?i8_8 ՒIĈ_Ƙ"j0銒iYU M-_k:dJCcאU93kB%4Y,o^vk@:RfYo+:]f]օ'x`$N,;yDBwfmEDRXQGѲ }@f'g{acw7.Qdw??zmO n '[؊ʴ G{dFS9X*_xnRrW(h^卑̢;E#_؜sG˃)Tͳy*$aZ&HXTW75"C G@.㼸Pe-跧HK&-hmOAϑ?yw4@`q-XPBkcy)eGF,XUxZրQ7MXs*֪@S7cE{y+_@t_AJ9#J3r?2 M hOC(!2VRh+=y|{mJ?Mgz|=Gt_+_TIp}`ޑG:))*i,ajdq9)dcGKzxR?}|}:BC^˿5*| O .rϻ ??ϝU&Nijzm.HE/1 䈉v,#™ieYcR;M1?FݧVkPO'G`4uJg|$?' B5HwAGkQwq+͛d;9?-8B)h<똓d$aS/b<ϓHn<噹=%GRhXTqOD"VƘPGbq4ȧHfH.ƕG|Sǻ P$ ^1,llh>'ՔwTYb/q1Y6AY 'mR6])Ԗ;.8+NO` h7w}|Y/#a a-y۫hg`wu ]ӮAS< '? 42=[nRgiac- CCZ3V1_-MS!m BxJV͞*1%V:Of:ԐYh<z]֑gp)- M:m !^_Kw,p,^Dyuy#9q9&::fq|F쓉 Mwv)bc"GqoBsnxi=` u.R}kʾm}ѳ)a 2Ud懻6q7P :#.ARuB̵t؞7} JS(޸RRu_t> &͎p%,L+~z?d4vg$0; &2ԾI.c~dECr>ʉGl3H-n- ⼨1[G͙AhpG AL{,4A`^qd.ky\k akYI>D)qOκrbRỽ-j Ξ%"q84Jq+ {ѺI׹%c𩭯-&!yF ]\kWĒR_&cD+jX<1\T)xXZR {efUfZƠ(5lƸiBm  P jkp ;9)]ߊ-3lF[i_#{%{xu(Dt&x||saB]EVW@Ǝ.laxj_38Qx}B@fCjUp]"="b<ϘOWN s6Mw"E20鮯')^>.HMD!ri V3Hp?RIs;.;d?gJvf:D2Sp*j( y^븉 n^ӵyW(Kd q $ N,_[ H320C&B`f?InaMn jv8t bs s#Kw܆,Y}z⩥+N0aٺ SK#H٧#{N0sm rKIo'21󲐼09c8r} ԓ\G;( 3*1iVĉq$"pER1/>A}4[*R< evGJq̈́gG|` dEl"2x)>G^&=y;! =pe>X4:" 1>[A$XhP/Ecx6z{{`WCOT\nL̽/e1Zi+!1[5F.0 >q$CBVg`iu˙E}\9">  kl+U,Y ہń@{ ~LE⿌,^7XuUˌV Lluk)iuam Du2ջQ}'2uQ#8lᥧ|Dg-zM[\PD~r,KN뒓ɪ3+׾Da|j --\bi)RnЭUMf7#4 ]yFz4,d߃wB[W8HéFPCI5!g҄8_nm % qFϖ1aCU:w!+3f-%Oo׍gvB5rKغ9Q)wwRWٖ7&vFL =GjsW0 g < m" .cc_Fp.6dJ0 )Q8MuWg:J>`|Lq @u/q:@Mkd(_VB@`gԊyXK<ġ㛠X&Z8 <%B %"јJ%~t7ͯUA':*k[k̯mNh}RrԖPz4kgS+v%ODo3!ߐ0؀N #$EcsAb;V ɖgcMTq?f2uJ [P6Y-N"ृeϣ/@2wu!8-s~0B9Aα}ŭ DR q 1E04[mBN"-r'p8w݄o%軵]/2':3@O*g y>@wG{e!wra ؁m]AD: >.gàuwrn.O;UW3#Oc+S5a` 8MqW ͖k5RmaQ(c\2eM_?Ҫa#gYNJ(83vlo[2!6udGqN!݆҈8CL? hË(Y 'I8ޗ{nILe,5 ,6jx A¢!!(%ŬjYoڸ^ty4ȹTbQ e uuY\k25Y"z B=^ K9%,!!ZC2G-L u%7{Ӂ3t*؍8HB_YxsK~E*&urʢ1)cP~Hz~h7t$~m\ ѿ?C7/0{^k)I y6@% =N(D%„2 z.1r3C~Tz}B~"XS]` [=.X1$՘u|*đgٮIU فx cJ\cY )uI EZD~+7x$HXLxO6/\,)X/#;L2y]VFҦLN1;9^jx.gzjCc=}1d14zS""y,%l 0)5:K$~=Ѐ]kOf:)qb/t9ŕtlu-`-4$VW _r)rJn흦.ܱF?N˟"ARR(JZua ~0Bbj8J?.{5!Bq*2IS;eð_jMV䵡LH 0VCrLL4ϥܬ$z$!Q|l>]EhL4Iw0|"Z=5XoeْvWq>aOkneg&W7!!(бx~BkaT~;E򴃓c< B/(R=1Lo>b[×="Ų$\0F07~v+A#X|~v% uj٦%u.{ 'xl(ovK yϋpF/Px]ccj}y)) v x؃|P㐨):'d sHC=ԴO"T`dLt=Pi[x?E.J+HUqE+96ov;Rf3q5rdW.(B;Җ:ٹY|[̃p>s5S^d)C’ujn]H]qp R%Wҙ݄hԴ%tar5yxZȕ=Q1s 6QWUPMDD4ˆ zt75|s=Ywk1F%-pB;'Jek%{dca<d~۹ȥ[m0t3q*BnpLud`rW6)(=E~`?.]Z=v.nՑ&iQVSw|fBKM->VK+% UB)pʋ]gIEgu{H#H,푿ϕkt֌UX7U՝`VAE_XϹI"p ,):{K~QiWX 8!~5Mjj^'J7yqe4, m\((:d?cDX5IvD /|^HuBd*! 7RT<N!#,Ѯ'J( %E~KiTWiy;0hl%1+DFh/ѨYQ0 fcQQ-i+dR7% DgYZT3W1c>o\ zt'ΈXZg:|d_?/Mmd }-#>3^ K%$uv*j%h:c?vN^=;[''5e96'0Ug8%};,~JXvttMO%,8RSG!#?2eQ3LA{B+M}!L!V4>!-mB˘B;mI۳j; A9gVH\ů)DRS.bE}5z{:(ձ6 h+s NҸ廄vWKԾfN]pӑo=GEvQ`p&콁'&Eu/xnUҭ#Y|ojPknНLv.Ղz2=/E+y66.}x|&iݴuoe7I}r^GAjU5 ψY^ET* NY7exYq#_{*6ru0RQQZ;|ȱaMgo.V`2T8N &b h$ϣ.ώ:IڧÂ#yU9A>d2U}w"g+ iYY eb2Cum.'Wox3Ifڀzro{˂4O)`.ܡ>Qy#,e' FIը<$֝Dğvc/. _6e|Xj4"}qeq;Db5? 8m}<_:V"AL+ e9΋}|Ȇ űyU jizv1XX*c' @qa`_?DZɾx'2`\[eM˦8)2( ~ןQ}gfwB @wOC,>?A~+I;5}'ʴ =RMdu>\mVEg6q;=⍰19< 'kJR{x e ?hl0˿O.p!W=~BV6b^FFk,SHsyT{/Hތ ;7 e=]1Yׂk1Aέ F_/װH=?NxK/J2TE-4ol&7NN%*٩}U 2s/%MN(6~pIFpfX\$+nQ1m+yV[&(#Ю8QNmx~ wYMuP8͋),@?K1wvvEJvOF 7uSc/{\BD[/!D!G:8;_a{GAC]H&k95Dg¥'?B8AO&s|pxDcբېS]Mh0X @)ɔoP!vF;‘ksWZ%b 0[lj8z'"+f Yd ij Ei0Sb>54I@L}Rn6 G{ ?d5҃641~'q3Z$J-q*9MAmd6dv?8uLDnUW^kc+SҧP/5lAVmpg¸=t ge#(}^w1Кn^č! `וd"(:yȼ.F-ԟw8ֹI WO-Z(o\AgKgL`):eP{ʗdX}WVoԯ N-z LiM&uy}!^u:mU6fBJhu_Q?"߀_`d½ZCw|k: rWۥ2&,c֣T@Al:.!\sX):\CQ_! M؂J0.z E0P恺e'[OD/c!3hoJ־'!!-Spo,O>?WR /w>ni{U|`H;q#C).!ه}a*?c@ȏ:V~Jd:`"|oE/MtGinL; eeߟ`kgSmUV] C, [ t4l+r# K㹩}. ڎ+#t2‹xsWvd6vtT41.fV).eW.}NٺPHfSӭь!ʏo&+ o5kmɴ"-,<&N,҈o5Ɠ0%~$g eXUSeˊ 粷gQCck[5+U~@&`&4YUx$6Ǒ Zzɮ=݀4+_fS7;85i )-g\~0K>P2CbK &R-P ۩#n)@z g EX gr( xceuzT(_2N91՚&Ӊ#w'b5QkR&l QTޮ*jkCG0Ƀϔ7 qH4S#m*BXK/̎MʧVZn-Kb.<Ƅ'o$2ՐBU4JkU'QSM}# 1<)Q&7KP ?L,&̿Y;ڋقV|g>{vx =:.Z/"4{Eo 4I;W-~Nm;Gá&V9H.E䩉##q 5p@(`: sU{*JrTwr,b; 7ajߕ'Yɝ9n˫P!xokvQkdɮӉ{sR:VM~ u`=R>޹XK oUca(3!VZn*FlP쉕䫳tSwuj/6Ƣ&eLg5jd9%-Bs=uXi1)S*x~)Y$ kITXI6ӥ|DL>п^}G7*^p[ Lcã%kr(v뗙#Rf>%qة1~= ,y};2n0ㆨ@rۿ=ɧ1&CZ4ը u]x,.V1Ghs4֐+ gX(V#|=iÕ{#W9NzWsiM^K},biJV.)> ۘ@%,Նft2?uXw,{}iN!W+c0u^KV9dV?~a_@p~A,C%JkFsS߅0;Шy7O&T\=9(VMA *Ebv}0%Wf=\ a6 Ӷy`MѯK|ؠh"DwW{N!rZ`Z$(AdR-L?;G<\{++ro" gWO jbqJ0,z f\#RTr۽M"6pzڳj;i{wR{+ ?Y1ͼG7f[\CJ'fӭJ¡-F,ቍN"r<Ƀ8?"Yhyx(?iAyR -@ymv8¼!.NWj 'X9ѶcdĀߕ89rE 12i=;z|F>EIb*MB_5wE PZm˞1%65@vi!M{~_gK0dQ,5ɏrR7N7T3ZUk2+ ;\ DiQIJ dcV+a?̂-/r3 +J7^VB7|98x7eǔ;}7B!\C܂32o :T&hF<, ny(MOTn0:[vE-uG(elE{5e>$2Q3`)_a*q,s׈oeTgPrqw, Mԍ ̖y|V*KQ?q-0ݢ TιRDC.cD1PPK:Zog%" &B}p\B i@Nt,Ub?=S7)L.z+~؝b~M+F\n {z#aζm/3}v 4UUXXZۦZrcB”~ϲ_[Awއ?Q Xru}asbU/@њ͟TJ3nM2demu:86jɟA 2E<]6}8!*ט(SZs2ֿN?hyw9FUǸzV 2R}ԽY۞c Nµyt S*^DMh*\ 4NPBjwce0PsmfY.X($K칑y1hzU|2y&δD^x4 үŸ?j{PKr0]\#Y9w11*"fSeڌj3$^OH w@مqkm&@C:NJIl38 ᪮MWi|h.+vUc p'/aF+$S(\1_'0FǵdCLV՚fo.2t`4OYeWR+`ϋ{'и?!A=7#.Ҹk% ez3 SmZZkEv /@:NV3[)o0}15FnqІ:L a)Cqr6}?A|ӳ0(LWE#}5TOr@14Ϭ[p%w,FKВ)V7 !p[Y 0+~ւI(fUF?+|kk4I& ?Q *եEןXձb) !lBgT]lG%M2.AN=4Q&cѼq?`7HTʆ3?<$vvӧH,32yPPәQ= xD1mMXO,y^&("/X*/)uə} ^rDϧ"ˎϷKhezZZ.si4fz.|fm?,{ ߀|XdC4О4פn倕t~ 㓑8[p%t(X(՟E險&Զ9-!1RZO͒_Lv\s5:YЗ>NE?f짭×0m6:ο0"艞hOaށƣu 2_i5ბcϻRgl>k'n]eX0Qhм)hyn,2 y\毁lvLev,Zq{SCP'knB[1\4L622iυ:}m1JuZysYAI,u.7jOHȦ+[Gǧsmg:Aڭz:wuoLis.ǼiA*Ynzv^f*V$^y#@yșFxPZlcc>G`ߵF9xy̐ ä 3ӚW;C4>ͿjҼGs0OP~k/1xMT1VOsl~96 )-zR>Cj?X)8_h 1X wmױ rb_ֽ8h[(GŧB'ҿ h&4vxՆ{]y(l((VK ,YyQaJ1*v>pr-ٶG+U01 ;3r6@&Y.C)b5P"٣D028WI߫5SrZf օ+w$`RD+$Yc2Y{xX~2rΌCC<TfeCp8B蕅,s7|Ő流Ԁc>'_I+h_,Չ+;㤄Qw(Z5yf2l$cŷ92\*|*̗NZ- ضmk 0 Is+r2ğڬ+O$ T ?=cŤVGw>~7Vrs^IڅuUnc<%Ai;+l+Ǖ~KD i2U>Knb?'gJm5́dݑa F ëIwa: `^F eg=G t=;y<})y}vݣf.oFWɐz{ҠHsD1NUtM,)u|MdEuv0'y﵎4 MƇp iS ~`⛁Ѧ16EwkK+JGkVsoR*/@JaQR! kV.ʠV}U! f#%DJ |-\G6gw8gH/Ҧ̋~C:&/9t-[ ^H{Ŕ]NMvߍK6GuP%}~;Ӫ!p΅\ UQs,C54k+# ET`AZ_\1?ך˅&٨w{͡)Jx\hWg)͞V˜S}tb]sF|iIMYC \.8F&pVL/ J0XuhI W ]$-<*8=)64+=Ppa!DԀχKLǸI01-8bѾO:.Άn{.I 2abs9|gӡ)>d$Jw!Kcx6& .krC6X^[G_!+FqBۀ}d؄N{<&~vԕi\3AlHA@m#?VDHO-)#WD(y*A5UM' ,`ŢR *ORY Gó*h%]+,D`g?b sVpslBNg!%@Q c*YtwkyN}"ǣU%S6Э.37QR%Їz5w7c0˜"n-?+,|K<0;R DQ%RhfD`6`@6SZh$^g;=.`sz >"?y/ R"e|` )>v LGU)n֦!gPeDςh$}KS|m;xX^*clm`DW(PvÔ1Vm1Ld SDu6Ϗ-',LmXŰ8x@` Fvm?v8zkJv/Ԯr"^Np0x;:hZu;(M;Y\ݮ|J("i7Pak$4BQ(Xpj]#T0.&_xsVo KJzȷN3qj}6`jw >n]-V3gsEt'LE%l%v^3fȡO A~!9l dnz]AQR:Ü9uDĤ L^3VSx*xI؃4PŁ{N,g0 " rZGb:UۤF DWlH٬WdʲIrdT@-HJyk?{AKYa7oƧ6BWFYELY L.%y{P)?äl%Ɇtӕtd>l>x6wOʥI1.Ys'O;>V[RRJ;P{B2$,a93)8$2t6 y%#d1nz2赈2'-Gm;B zY .{{uvN__JuRG}*ۺRB8 cRJKwR)SKmtLcYnY~X~>b'MYhc CT{[A==<*7yE^%Tjf簞ܡc>/n^Rb[ *v% w#bqh6\O=j=}u]`E>>ҸBݺ&D#Boڒ>0DRJ`B۩p`\a.\!]=U|syzd; Ξg0=ɖic"Jk '6!bT:R &LEܕ)p=bmid5*v=$|;YaX w,L6QȊt^:p.c^2,cՅ1U&FY6u6ZntX.>hi7GESź"a2U*i(u(6z1@h.Oo0E/kv׃+9]Qou;Onj5kբl®J!m&3-WK\0N?`f&;dZgIG HDDȪ" ЇhL- Ѯ 7(O.7lJ%Ziqg2f&ԫpۘܥL_Z}+JIg>.wj҂2 Ȧ/mxjۿWm4٭AEdZj % 9Ye0Q" X :M:BWzUMFs6r [IeK'5A,T1vYˊ]l~R4H/^5wJ(o~iC t`>W\0 ziؘlS&r $9w7 9gV͸7bqr.4z40)Q05ipŮw'Uʼnb?R/!9KQcN&fg` ֣ilϥR6s^JR #]ndS)Eĕ&[]?l:"KsG~i& Hxʧ?Y.UNo+cB|ã7Hk儶){<F]A[?^$| r0yuzUcF s|,L9KETB|@(;veX7nWҜtVT9x]$4;CX>zxHudpvWRe4YL ..bSs\Ȼcݹ ^U";v[;dNN&h.ߵu+W+Nu)=m+gD5="6Ðc88]V8)BiU|$ƾ;SyvF)'Z2)$j2Ol6WAªס0l6e}|Yv#xoQ{Vm*^7a^6lrHI!VSPܠ2DBpjج3,&h.zkh-g;&&`R'| A>UV"23>a&|ǭfMʡ$#SN m1uM >=ͱ">vqfLLS|,@FeX'}mxDx/v3`1H" 3zթ@@ox</aƋD` m9{w5T:t$P"iAՂ+?Ю7T8vz* -7[trNj۾-ckˡoHaTBnZ[$9mEXag { {~(2V AMʚmveuQUŵ)?c^K>6(uP#!1[wA5̄>6\pH `[xãn_78Yx2Z$c\~RU !D{ gCnv tLN&h:?DkwjN  ' ,U[T< Dbug& *+o`lFYt@믙K}%,c;kJ4kq̩%[˻k͋y>:}[] Obs!9O%ѻ~kpx'\D66eAw]F4\G*yF )I},CkETAyr>{~ z%0QI#-~j!d*?K @VKn%a=OFNg9NPҘCwyDqR STl<}}yʁFm3-3?=z cr"ܺ.kޒw5vD58}K1[ c. whey#SOb!D#n10{<>)iׯ>FSr^ȷm}KklQ M AxYV8MLxeYfZmr OfsO_eZ"DSOC7;i;"^Y~脙8 רi"԰㥩4UF\qE}L1?&Hd\|¥eQwq抬]BXQOþ{6UڷdVzG7-W4UL*qB+71{ 2ɹͼǗ:t1gN(%B[b_ss+ /.^1$h8.]Dvlх#kT}{ӎoB s/H h&0ЄyQ^׼d6z7Id9$zY5|_es?" =K2cXpZ߀% 6 s H-֡;-5e^y a,.#;6,DI<㟺D4,Wư!f)PeuWGv./4qc>ӟܘkEoa8v+&\/ ^:^07toZi]P%s h4,1VN Xt3UaSCGT"C]%q{\ӺVC|Zedl܃G1m.%ǛN mjt'ye_vζNЬL`VgL|}D5MǤB.5OCo!q:?FcGMQM)W:R&o{dERy " +T^bY, #`_7 O/}%VhzhFT)X iկ &sӸZލw ƣݻ^覸 J*>x!ѽB)L 2vg(zkAzIsVYv>ӈ$Ld%D_̺)=;yx]\rJ*tQϜoVa bG~v0 G6ݚ\BiюfHOGOaFXinN9 "4}s>5c}zӸAlـ* NI9oG[O2ާ<^3]Z%ɪwMnH Y@;} 7`"Kݴ, '*Rc*F$`q;?S@&,_4D9S,COvki ETpbh!ΰL]\osO9S 6ml{1 X6AjOY6ТnES>Y782%̨dPƲb? 3b9=\Ι=R>:HBЗT%vfFvh0Ɋ Mפo Ii `0ndrYӓ0C9Zaw J%#uyɸ+tQoFKu5I9T*yd1;CHȄ팔o^nԞĠ}n-@B EcE!)`r(2?KbPq>ep!*RD=[f\_(I@K`^ѩY`cLlⲄJGzQGyoM'%t[:`&Qj!x̰IDzi; =&@f'7`9ْղ-C!Hu ip|?1Ñ;-T휀L$3} pxt*'iÝu A)g &bdԁa9-Rkבt3( 4)AupOi{X??.ԫTI_M)0Gl'FY/:h;9TU7zﰷE@0oV9n1fi1eY+˦#EOO1\{J&KiKM5tkXA)N:0,X8\u3v\^҅!n̠H YC|nNS+Ex\eAI7 !O!ˆВLOe*ז-_`ù|1 pޛ˘:|ZETVBk[/hr7Ozv:d_x ư%VɹͭM A*SM> </XEA-Ѫ Dؽ M9PUW\ 8 x32p`ܒ|OKR+aUϾ[byt,KnaU|%Eon*'Twc_+*V9a3mB 4.Ȩ$u8焅4Rpwo\l2`U#xS)O"Ks;9o%OOu5u5Ι  FkI2Gus7˗B^j^] f&BʻE)GݵZ"s"[ohm6}PeϭpC: Oے/Y3-}Jumr:4q0Ƀ}#.v_9W^,U2+]EO$>-<; aTL(yjn.{"]0 Ww {?,`.( DmV~ S(i%KE_'ڀ >?P6v`װ9M @܄#+kH`9;xt1D|NGE-`AKmGZ2v&}U!`ؐM32K ro;Y!4sq7R^[qvv*d6kCE>Nk)ɐѕP>땆p2:.Tq:*n\w8cpKnbˆ26/FPJ٪>dHBWckKdHAM_L_rB^ndZVʂ:).̜:|M5cL;8jW C6k+=i@IAD{7GKfzX 13ifyzXSC̺wlcDpwG̱o2+9C9 f_EZm: yR(l "%dvѮeY] GS$+KFkp!*"Ȩp$>(khI?'G9LJTN:,%Dz|b @.3sCMk EWBpQRWft_L}y QQ +ylL=sX3|eAhC+)$up_IX^gHǖt,k(u! VKg3wSڿIi0~Π~aCW2:)[(ўЎ֒2SDs[W 7"O m],Ee.deBypd9/? ;*oKa/@$ ~.3/G1=.6-zJr'O3YgehI;ִߜ 'jx `}v!jW^7`^d=#1Y1wc */|xT=6&xX5 # 3T@)\1bF58)qjK5Ԧ(;1 FyF=&Ot0N&˃(J_Z;N+<UMC˙m9@G ?mlFkpS3ʞ)-+;r=&6LkN` | '.ԷX',ލAQa-Іv:fzۧ0&-gz[k0 S10vu >c2Sr\8>±p=+̎)$GvZH(PIy k.%?\^6bb8~[Ecnd[ilEq@}^sǍb3ۙ.6/&ZOU#m[ YUIO'gb2R=+&.4;2e8+ʣ4%Rl--x?-19MNRNyW qg>LYg jgO^ٜ0q!򫠏VĤ'@T_cF5bQYu$l׈閎҂JR4'f'B ]nd'5BԲ}9Jyӊi0/S-<; [p*f:c's@- Dţ{NMn 4d} —_dƩ[qy{;;>͒f™mˊPh6YO{'r ]i^;~Ɛ$!R&Sϯ@xT c\mN80fT_Z[]"vMZOy$s֝Ct*] @H7F.pZw+K)ZƁьn֌`b0>[wBup#>F*T5*w GsSq)'[f/P^, "KYn&%meS=UwNB߿P@>V0qOٻXnݔ-<6Dk|yTGkc; ڟ ޼3ȍ.< ~ۊRrs/>/\ ,҆/1~uA C2(9io֪D'(!tŅoKAWۀ2Up?)oRJD0uQjÖL_ \G. }wƗD55P{  E.=t^\vgfyDy?%&SaX!8\^ӹjd#{d/!6/;H`7b\6[޲MTu͙Oՙ&t|'|*H@'ܗNے$9/,-bY)囗,m9a0><5F=krnM]){Y''XO^T.۠`%R;Jzż\ʹ[ғua& 8^F"yZJ$"xz8`+$J5c}dJyx%wS`ݲTڠYJn8 |$*` 3`{ *=3.F!WQ2>?,okՎDoDѸ`u? ` MmhtƎsVHw&[,:n೽9y BX)B*6A l'n]\7 h2EͺɎ ݇M/ЦbpY'/xY~tUag2RRx>!&c:q=` P! mO=cR/9zCzO|;ڊk)V~G48E8+ZC7UW-y˚J\Ǎ&pU?v2ӕ"7gudI.Jư7y_ P"f4DRf zMSF`"F><ɿs/]fct ͹lxOGʴ}ɝ0ֿNh> 6KiMuPQ SqV؜2t杮1 {OCEx 7 .vA$+_zm[F|F_œ5DٕWσonUӑ)pF7@5*?jp h5snlQ,DX͟ino48/kJ+>މ^T^z.R!2C˵-@gFtA)W/›>7|Vn'wIH9`E[}9I5=$)!: {1{djU?5*bЕ[WG'v g:OU$y+8F"e{f;@,"yl+s;[M;I8!qt0wkEs?RYGln/"ԍ8w~cVWTD,!>0Ze:N0#)#S㸛^8R=KG /ڠbi1/ -`]dg$4_B*\a}hmUxkl zWuO>nmދH za߮okTj‰-'MP.;[%\:Y&bUbS$>Oco#2EQ85:'VR|4 ۈC0#4[]v)?(jX  F2!mX%ٸd1R @glZ@bz]mUz򹇝z:b:.]_]ymcClZݶFw(5t[.:xm"DӞD%TisU-xk<u0!stao.eW wsŠٴjW#|>2n6%s7-xN;g75I K<:„J2.B.6 塗݅1J_ !D:/hM|jw`{;ڶ{˘dR{T_M^J9=z L~?r 0η3,)GˑNS .?>[2WawF'peCk]$=#fB0UT͒kϱ]WdeŶ·I?,U^AKAԽ_p-AA$Q$\j SAkp.`c}mŦE_?.(2R!tZ`ES\ZQ;q9žeD}ø2XNa1<.Kr@_RLμBXf':0}__>5\8/OGCV}o,Yc"J#P-alC5g @Q;So\FǖJ ܖVnTSj D}akr˻:nXZqa40X@eVOK&^MH ra{ fodto:"wLnDO-#M{n4[Τf%pfQp |: hI{ k\ć0xOzZow.\#Bv>,:S,_кQ i}"#g vɓZu_㔣 ޞDYCv-JR%d= 2"Yr"|3Ƿ[l;qZq0]y?ŧ##:qMw{9aqٚ q"$21sH :eģ /%űʱ ;)3Q~ȥY"HhjHl;xrTU]*ΉP 疲v"fc\m`5g+03 sHQeng"֊!BrژVM]t3ȿfA`PV)p7}'Ze75C- x;ߺKSzBFvɇ" 19y^GkyZfL(ТyQ0U9*f}Cj7G]a[ʊVG,MoyM FlE_۝isUzpGA:3 KfMG};Z4_vgDgnvq*\Z!IwVֲ{CWwMk/47ʾ} X͛rcRBM- Lئl5?Xln.B c~lujw6U"ytߚ+"R^b7|xƋoڣ`":\5|7՛桜R 1OfwV%vwL]z:^_ + eu"$Y^%A ]-.78+p(} }6<ɺi%AM3`I1iʣjo yv){[PhMf|S߬B+èZ[.~:>Lg *̝X3k޿Sl(ڳFg_ɔ'{*J> Wlr=^ )U6tAU9;u有^3Eg,۽NQm7TXpc%& (50܋ܮz0й/VPF.knq^ׁL$T{Yb|ޮ{aJZ3v]w\nr 5 _/ :ӝE')s1_eFk|&a\E w<e>£!r9%b@L0&RočvU p1'u Kt~ީ@( 'Oz!'*@a  =Іj>{$h3$^u9N%TU6LZF֏I*WxH9r?8K2ё]zU6X2 &"GW98 ny_ێH}5ٞ /GBQaqC' ܦGyVӡ/e熾MՌ; YDPri" I&qءmXZ|mUzcrp ?KGG*k4 ztا'79D]}>SE¡;Oc?c%(`B͟DhsuE,cā''!^nN ,yijUkh%^gwdY;jN p6&I>m5{Йi3nŚ_}a]bv ?`A3 n*V]|xd {+ˁYuV&&Tճm]&1 ÒϴN"3dGP+kSd퐃I7Y Ƽk5zSKs\`TZIrz#8dR?0x-$4W{ |?]([ޏ:}=Ph1ei歹+(zFANe)rџ \͠("u̢*^E<%X{ok谪d:?O>RE~{-4 BCڷL5mT5<0piV #B[8q)@QSjF'rZΊ |<1 *vԛ?QY1iieśHN5n0KsE?S/.T4ol0*06g8 k;n 2ݦY5~`FϺ?l 9;a,qiE \`v? 8+m;BmUQ`;F垄AHL9g4_[ˌ +)s̪}w8x2]]rꤪGxG@tB1bBߟԱ:q$tg)rkMYcl3L3ߝv#0@>#F*<+ge1 GڼGOܥ!ÕVp R'?k>}2x_X.I:os)aG2 lno %S7辩o- +m] =}DkL]arz/稼}C\vW!RSf԰H0nM cZz<=kԛvi_*T_MIX7fz[n@4x4|uUkiz"CX2 Tۦ/rwBrg:Z+SnXBpɿi?G㠑-MPe`} L$;PU: Hx5 /}TS%v-3k:zZ8:^IJ ,nWhJmPԴ~\Ě4|&>^6.*$Hq%'T㴊u~ČUpN  M8z3"[hHKǽ`d(Oqy!Al1*(~tRf(ѸN l̄ fD~s8S e%9z/8~GŔX~%HB+tv^*?? SnhEPd 6롪dB\L>BOZ؝Ͻ{ Druջ]>0Yo䌳U3?|;1\ǪG=0FhBMv&JOqn 5TwHt y=T?%>RLAAխKIz$> !Yg;rаWY T#턺_^-~Mw*? *?8tK3Ta΅]hTt_, &fθolH1+Lzb\R~`Vibƴ/\,fFT 9Xtg@; @ۖj#k>7xp7q׺X5M@w;T.ybhVjToS<8o1ࠁ +z&CM_RL;TƼءŜľL`f_X8CrXm`ͦI1/ &.el 3)j;.D|Z1iCR9Nq;~f`vxgfGNE+oeX,=4IHjV599@cK˟\f?>3kA~ x-xpc2PsOr0Ho`̨਺EMh(CL;Rmao/mA}5V5H|l-!k17,^cjex̿.9#7z?D8D [2@Ji%w4 I?dڌ&^d$8ԝgةZyT>j@A^3b׭8Tl ̢y @PņfTD{+%$%an*NELozZ{YەpŖ7U;JΏRhѰ1p?7F1` ˔{NI( ]|ÐQ?ѤkFd# ٨Šge\'T vޢ:z^$ӢpE\='qGJdE:i!ʹ{ܡ[7m!rMc q~$Z!u˩^x&]jNO-uآfo׃2dm9`bibH۸֛5<Ӆz:-AP؃}%mHcAʭl_ Gv tB g5~VՅˆ/kc/[{;g tJD0R] p.+>3ebqyw*g߱(=" Yށ]|lQ.r wItpOP8M*2_Bÿ 8xzE&u4$cpy]GWO 6~tTK(;DA ,h'7]M#*q.raܦG#FpL<.Q}L7wQQdP_ȄI&kgmD&{"ن |j7wx_QXƃd lZ_Ϝ?ޫ;.;ҜC] H30wSj&L~m] Q-*PQ-QD2fb }xЅ|{g 3Tt_-K'GFmo:[@~u /KKtn2>20B& ⒥F ǁVI N``D+z>U[YLz Ut  Vf9(.b i ic%]m/H" .Bi-$GGr] ͽ_^!*ntˍi +!хc:*`\f>qg&yٵM-U/:<wFSW WWMͯıQd~ zkzw<$hH`@!$Snק,4-~lzS\OAoTW!ִGvpYihjIg^'l?Ba>w z(A׽86d]¸8̬ui&9r}ttDA"uKM/ q&9$-./p&N=iBsרb'h9 3/ұ>7Ñ;=%-3ױǡ $x]'d9,,e9,Y 7;FZ}1<ގwl69t¢%Vyʣ3tɚ_ͅf"dg+c'6*AQMnBkwdBݛb{Zyt61g=G#9WNKnɏA"]܂Ղꓠ`D_Xb6f FՑq9T˘t,Ps>} O:Ī+LVLÌzI-*ؔɩyPáK:m&~ jFyn+PUY,˽oHKN|DP36Ӝu+/*zFdLfG0}bj>''td-_e.R /fЙjͽ *R3&s,/6**FĹ@:Gmς`t5 `%6l_zU1>󮌘d<}b Vd`Qo3 e҇l4=sBi5loab s8BJkp5|#L;],g@bDGZ}KݬaoځUΦ!j NAE؟8hԇ7XDžmր+k1;oM^=` Jg.p3+ yQ{5Aр!́fe9Zֲυ;zݾR'5zMZqwyb46[Zan=6nKq,sS18sGzxK#ݸ'c0THp$Uuu6I7;5Oku`-G:i!U5ve@:o|ݣɮsf zo<̭A7:@-xcao94o'Y7Hu՗CƧ|1RʼvOHFŠ̽."TBEz^Fh :hh|弩Wt'=Z׏DM7@)9Bؒ7? %sEn;X9Ȣ6G911$rQ&a!+WYKULx}vZwFt^="Wh|' ajZ/58X&(e%zrSRd].^2bֳgZJܒ PL KhPAWvE'FT0CqTq Fݧ5¦ϥ[;lDr+(ԳNl@}K %,/Tt$|eCiX S=Y6%ɚl؝ф-etK_==!ӷS5[~r. )t (*u\Iebw"k+!4լ8q5;Xw_DƩ?ub/v9q GZ 5jmmo]g#Es%]xlaӥ~~Ov$ŧ]Sv9sAvoG#MH˼j~v\.pdswZ/z\Y̾&E Dlu$Dfka7_`F Eѝ!98a~˘ړy\khC r+Ւ1ͳ_&ECq/~ }[˜{pDOCN64"4* @l)Ĵ.q!PY&jYK}ien"etO5l&rEl-3: TD`Cz`Ǭ ;N9zC9ee* zJ5>I#vuЧgTVϪL"~3={QLWhB4C:ފQ43}\-Q,OWPM]ɏ57'k|PxF9!k32{0NA q֬>!x78,mqJWL邳2+)[>%Jۥeܗ?*K"߇_.^ȍX) JA+D]Đ/wTa3Ap~0yIi?0F4iPa';2XlA(.6}a:g&p-Ln+ 6Jy #*fD?4fdGտNxPvT?;4q#5.MQ¯?udlp q6 ,o;VEZ86?ffucJ]D,u:Yq[K"^)E#gIjOY=H ޗ%7oE2ӵ:!%'ϊ(yl&J۬R!"qO.T_6RA5ĎY/; #)q2M|-" mU&hdzU2߇1ǓB!>|af!V 39_q&kɳdf4Tޏ0*mhCp"{RIСlD\bcۇ LO=5܊P%5 e6["R{[>&r'l[gI9"Ʉ<~9v7|\M#<e$TNύ0g%T'B1Hhb!a1@ZgN=g;٤{UIВC#kX?n%z5'i=vz{lb6捜;Z WuoZv[w4rc0}E"C?VU9 +7M _I cO"L:`[-d1̶#C]T bі 8JRGGAn*Y\#*L M80$({ix D]~>ޓ5XY#=.$_0bl_X  tbU#ӿ z2y}7@4AmmIW%¼aVz-Q[H< Em}:і bߴtX#8Z$. 'h $YK 0ꛘ4!C◻Othjvv/73dž8ʋ !`( FK%P}C~ꝛZ'+?;ힺ@bVם^I"V~F"Eh <(?LQg.l "bm Hva>ќr h3rԪH p5",(MS5ze0<))p_/m0d'xeK*ƪ c<-e^:}oNU"I6ʐ %_*ܴK8mOW73=HW濣,ϲ1@?l PY$p9j!^mAJ%v!KL+X2BA<r ~ޜhys?gkxK?iV_b[S?OY.ZhɡV n,4Pa !dgR{6 $p5n3u4jHI3: ;FaYbwMd=+Ya@Xovn9\C&>u h)V'L"_p|@z0ĆkA*ͮn Da&phӴ9EL?:`'h%!J6R: .': (ww:mo0ASbpjI*lwHZMp%!KYҴ$]Yc5(&J3RS X>o³,4Eލۙmdd* "yd %l`6:=YWVٛ'lu9\ҭGZPKSirU+kAMSSwQ6\._WKg~>/QOg@XVvk(w>c_J:WuMqXсW.bj {9Ɏ7 ehOLOYo,Q {Mk:('TeV~(ň$se6`C\M4/#9sdYuŬLyu%O+A*Jژ^p͊}!-- x2/vlj1XvkoM`jX6i?XqTX:Bfh"o48Xaw߰PdQ;q05Y4 qL=S@q;)ME=^x.K}jqd~Sl7#KdA%Q!&d]|vKyJ"eBbCl׭FYeȿyvąGNqmq./&Yp@ 5P>J\b'423ådy{9ik_]<0Xٌ 24U@9 }DgΔ$, NbS#;FR+׏'(4eZ|0yV# 'A?wFjcMļ[p.CR5zuӴ+2+RC#d  !aXx\NkvZ@)*`Q c]:> gL=z o\l}7S'\}"šҗ*8kԡwؕ(8U:ډNUg=To ];n(kQÕ~0þ^nRs0e=E|Tj5ڰb:\ďd~`8﭅ܮg4{[2?RZڒ$ǀA.k]iqH (0?iE4`bCFW56j9?8T[>O*eM4 ޼Q' 68/  iBDKO'uuYDJ-Fuz杇0݉/CƄlICkHGӌ4/vFMa:A -Brh E&RֵTH襽-1X):xщ?vSˋjWGsz"9? (]O75=}Mk嚫UM4: tZd@G|H m/kd<-YdM7Y2[wnng.f!CѦ$u;VG"䂞t׺_=8\S$5#ԨáWb(kck[UwX/1ws:-` gK{B$Q,V jevLD1矠r[<2hGLL~;o{d&@1  RN=k ^YGEjl* Df`fdpsW|D|j,q\VU$=6),qrv@,n^ib o-I40I5Oz=X.2s70֡>OMQ<)S+HNGfcճ@&QIC / cJEj/D/2XD1O"= ~vpԤ8h勋!,#|L!l9ཾhU[uQ6*LlOa{A)(g$X:ă[ }J`y[I1,oy"͉Nq2ǺD~|pQo?;xepDTKC:gp=*l IP[rl?Hov2깮ZbǷ&^ȲlPHO]N|4b^eQ竢>IFf nP=WBNN*N1>1-Ih|үG sŌrh bЏx:./k}5&D ו'9i}_9RŒPNe 茒~ _HHPDFy\BfaN]~+eҰLNh?2`OH$gP5DJtfi99*7D+#QK6 s"K?[,]XX;uiax;Y"oꅛ j(S-T,$h>;KfiC~r% D_wdt ޶B.9YIQ `Th*/ |[M2/sy;'g[8`I@}z|=㎹k,7ˆX=\3#Jݻ(AF|1GT6d]&pN#]OG=!k;6 Ѧ/i$ݞ-ZG!^ ]$Z^`L $,}XoVWq,A͛ة>5{ 'g2β7|RR];yq7@ {ު7(#yיB%4"/1)X!.6+Bjp "Z%Gpۊr Mx߼]86^4H.BT~QzƌHک pR܅!@HqwٗOc*IMK [Sضky;! d{>e VE1$)v,;$߲cEExtQdVU5 v˅mȜpJЬ K+𲉷Rt抂qq.gjXh!#g`$ u%7R%hB3%9#Hfv?WN1B/f(dmb9]M)}X,maްzv}{Lv% gD6s 2S~J<(4Wi™י0>% t~ohWEE2# @X4&PwdխmeT{E`MB%!#aInz@hd+ H: پGr*7,dUzY~?It(w$:fFaryËU^N8S`YXSrin4z|qyGO n;n,GAr= ҍ!;nA,=o ܔH5 ώ; L:kL5%gӇQν+? U.H{hVEj gđ]T~ZB܁!_]G!A+ oX-[~oQZ4%2a  Pj I{%%M<׸7EMݯvx[joiUr[Z9Wum0,sL^QrRͼ@U%bwQJ%rCKO1l>i%Θ43Y}3הARuDjD~qI|lE`A&xՋ PzFk1kZV|X%~7d7v#Hc~6H{0N?w z'~<~9? @[ȣrW/G4LjTx[zfFޙם4,!2|#0$vZw "JNMz5lHr-QTVbHK3R 3+kz "˷%Ӏ}]2BVb9{b&P㬌n+[ʗS6!3&,Φw1 % ?5(öu< c@nzi}7 +mԟyvBJп5sl{q;&){fщ.w\)9j@kZÜ_'OtΟux :@{4n5A#AG8hxP.qeq͐0/(2.V!X6zdwǢ[ϐ`fQƛcQ 20٣fi,My޳kLT{XQp?^x.Uz8l{+-r`⼁\￴n8=(XqvW]Ig?X;J0D,‡M]+7lW5dwc^fo0t^'{ەJ"NV-WU~50u mד'GQېo-&$.ŗIpi\!Lc_=B_ѿr% ) #[1 hG(,aQ4+ؠ;:l"W2>x#a{hF} +2 VN1$ ?zVӇ S} C4gqxΙj1ŜϯfP!:k]%ckIYr=}4?"Q9,ڠY1{ <ԪRa5%d+4?bP*j^ E ͉Ho)5f-Ty{Iy\^J >+/,DʼnzfN;eGQ-Z\yP,񎌯:ɢxh 6|oc.`m)i#sce՛:ݶns^|;cWtuf-kJ;o +u {%BMF6-×ESf?kJU$V94AZ9ˣ'8]:#؁tğq`b |0tmsJH x2}A̒>iBA}ӵAz0PqUvX-#IU ix&Xhr 3[({ği{O IYisǛDœZCX"JqZK,`WO˨vzO<96;`ZP1IYJ!Cn]_`H?Tbk$'%'8mPNb(U ,EkXF=9gO ON,Ie'/ SQ pc=kn*^LX~iXԘ! DFL ~w[mst4C!$ `^Y̰F||%|ɿ&F}Jصz;6%N~k80n^݇T%~"#v nsD ZEIy0"N׿셹)T )RѓǴPItim:R~zQ2#p%tH}JY[-z#UcaJ}1waȞ¹I@'MBF3Kt]x^r豙lt;S#c!!_`vCru8Ե-Ct6h٘YcykR!  HD#0m#:@&7V!ԈF%%5D^J.FLueHof`dzм=o@ܕFc+iB~ JLG/ef``|868H}&ݞo>L0Ai6#im{^Й.esVbDOAyyߩ^n OL"B^ꄣ(IK| dًlu?K3 HutI_EI^WP 7!M_㿞,=gѦkt(^鲫:HҜ=h W Fݤ,&XFt3TAQ^0%g2u%Q9XF1Vn=}ZFp+k.A&@#m}4PCDq,X 칪%9Z=dQw0Çř#_d]vUzgJ.˰5/Fx dZѩC0g?N<5Y=|%T&sJs8ua w֖ ȍ^[ ^gO{f jO G^dT~\de?c^͕1Hzf3䵆7W9)tuas47\ (Zx ˭kʀ/W=c` /M Qd]!Fzv]=|CI:9;aO 45֨Fm*L:OȷA}?;G !g92s`.Ӱ bLs,7X|$]mhkQUkn _l,OC0EsPm&yC^qF'a~" J,nd6WE1khltb< ?Fp]IF#mʒAi}O Z>NDž nގGHw  4EͻqM)׈S,h 6g@.MMԸdo 嚜S㩼2R! uj룱=G~BN1n0)>uiI+ C`̈=*EZAߊVNUcˆ塣J%3<=jA0KoulYAg"U&c @jhdpobnHlũ͙"+Z %i` Spr9bB mt^:NJɨڬO*~XPOTR.1 0ްC0o 67z7hQ> w)A>Kx99%k3 R"Hzi&J9vw;moy1A E9 9bCeJfh6| W5hT0uzE+2b9Rt92a̿yX~ di0"Mp>o`bGK'-eOFwUָ:U:Ǫc:ؼOPċ?[L?herL%Zbח{$i,EJmgBLCkq'9j&]5);!E2CN/Ӡ@q'?1}Hs5By%Sl0|➖wuމ\.e%7z#؆/*Խ&Yhν8P;xusH>׃%>)?'xƮcq}-Z0ʲ%S1]OƉ[W1E7s =lJш:/nʥzr]:YG.|m$J~IWj 9DNBkv V,'[T$1' OlnY0V`/z /:+ Ҷuku 2aՓSc<^ 8rWNO}Pe2^YR1C2-o:&`tlx$tטP~f`ԋxQb^&eF~S>B/TeScjH"ũ:x>"|/q+lVbjO6k9vXAKgV_F4z7#{ZDŽ O- -m>7&b2Oi$:p_;OwU7ڧXMcwkhJTc.U04._G>ȋoR^3T bJyi8Ó/@Я!U TrN#5V;t֭n8MRәJua-NbF}w6jDkHW%dXH>~ZOx,t/UɕRpY}^5{|s=JOb㞈?Z_t&M :tìֆsAȔx,֜bz0q FD&U[&STBgvs.6*'r>Fe0J<b"53BU4NN`u(ޒ{wYC~K`6'ɦQ\ rJĕ@܎p%ZP.ԥN^eBZ]}s)כ1&A9 3@-Z/-Zܜy-OWyX}_IahWb,x9s>sX77ѝEE0`isAV'SUT3a;=,3 _O0/GI&!6&~.I[g7> =uS~ʄ>\C +' uGدk{f?Bi.h\pfZב2dx6 Cр7)n㈯16g}2*7j|@ Af$ƟnJg}=(;֝Gy0́Զ럷Q!:;j/cúEȃ_>'C(%BB;* >yK J+nG[eb XR'naE-DH]5_ c.IaR+EQ Te*=N'@ s j<ah#-J͟xa$407|0ieλC' E #8L5m%foQH?Ҳ~-ȍ1j:/~]HU8aPU-=XG@1LY:RbYNbLKܣ鐅{ /Ƚ`zWk?OȔ 4é1Qz !$F,_;1?q G~W#$*x4jd5#'P )`q<\#ţp^7ţ(gNt|'ubQ߸v$j=:3^0fP"7~`_2?H}rR9nc/ˋ!r~o>=| (3'< 6U"k>کWNϑ@YUY:c}+$뺙ӪF̑{q&'CLZJ LpWRՙDR*Ďڳ~$XEy H*U3WL~28C`1H=gX2â̻ABC(Yh'lfyxس?$~_oM)Vq/MyMƲbd:w#K*A''#Sp{de]F%4 M_K1u>s+;Pِ.-u5`wq{w^KeZq''9'?!F E.aN=+tqKhܕuMű:i֠!"fSl/.V2È*\? p8po`Ġmc=9m2@4rĖY~803F4u&6u2ek1fR͙*PsTk`5S!"ш^ܷYA%*0RVn=((/|C~)rܣw#ގ%eqW9 #S2M|m2q/O uoPO7}w g۸VBF㫩\v|G.T!q@ske[S*"tK/էRiyYyNQ{uOZƮyESIl x}3mq;`H;~(dEY@AUthfpn.#sdϚ#Ь ;Tn n]5o>S~A@45蘳E;ZCȿf)LB1RoAN^0ya)3kEA vRp7SGYEIڞ w觮2zKLȚ Fh\_PF "ʨΘ'!6J 5 GJf9!u~Ʀ+$7S\T.(2L^-8Iq i)5~mr?_!r . TRv6~&ntQX.h0.N,G†⫝̸Vy]7 HF+5JL^Q:炑)#IvoB[@:k mTaawt A6}L)59̢H֜Ŀ+{41)HCy+atc̰Js V7O!Ucg2ʿ8D~ .Du7x`Ppt !jsl# X#C->, T{G `{I5'CoE{ϳkoO eԹcuS"Jфn& װ-{b+uNH>3JWn:rabpD.o8fc(3*|жku)e.DgzjpBpqU{0R T~ˇy'dZͽVbI M.%YަnKsW`ڭVfکa?r2}/R3Meev 1A&!zb1N5W\Qv$>]eF}Y:)3, W}|uxޓbN(JBW vr|.@E7(M`|4>8(9Ww_CiE)mZPM&q9&;?ZpZ5߶;Tۑȝҗb2:ApGdzbϨ~c|tF{݀G=7I=~hN1f.ffqFcb!ƚ'']d4C8bxl9k mkZv]$H Gm05P sYF==F\q ɰ-hť j6AQhjۗAZcfr(oZav֞-Q='w-] (lW|T Й卝~T4Nq;) ,,Ulޣ2]BeZy5X?4.<#S'g)>#vuf ^SVV_xr; g˕z1LZpW rݙDVWDWrG:"/9@`"J}Osa ,8ׅO?l5ζ ZOJn]2 ^7_tSOe0+J LÍ2r#դ`ؾ7/a&@7'N;xpZ}z=?_5*PGQw3%} #׽ya\&uW=R/K%{5 VwqKS<kujǍjyXOS^?$ HJœB3N|YOKE)Aٷ"7mJ#;_ScI tW"NCx2γcq7hn:Xд:'NĊNct,$dd]'vB9F$6sW4~z GU00sgJ,x(0"#XOgLIձjNmu@ghTpC+r>aX ;㞇))&>UÐp#<) %CGD[6BȈ{*漖Gh%PTԵKaqm+4ޠ$Ziǃ60`xWcl[-۝$rD|dwvM4rP,ܳԛC4-NK\̈́$Mho0f 0~ <cA/.^-JT"a-M3C>SS۸KFj @dN(G &.ZV"AAx0!]^/TabSUF@4GX:oM1lfEl[Hu4 d`Ll6ƌQlٍi(JŅI,Һ꧶BZI b^YCA4RՍ,mY">{#z祑|3Ic0x8X'T@[ > uǝ6O`oŜBSkk@Ϲ!k'dEmYNfZJeXp$碧ǧ~8¯/=AwX=ezb'8$EOoTW'~SpO.!FVPk9 O%tА=XaqNa0&¬qڶQw^XҊI*/Ci?=pЏ܁:[>kޑӚ9G=Le`av d͗!fO2sHJJ4кf(#frwŏN [쮫VH.M$VhzYo ҷnRZ' kluiJWU6ֈ8f9ȯ_[j SQA/ B*NӴcAh[:-d6sSFCM\D9\L{_:PYԭm>ފifU= 5]G\JYU倔Z׎Eg0߭<׌Cz/Wh%RˌԶuTc[ʚ$ 0(85ݫ]PH$9k}ݱŽZS'6%&e2z H yӇ6'"9^6mmm {Bƴ5?q'uvp 4r&8W ԋCĽ*t6eg*r (%@…' ֥%eF VBоd'aY\v{ͭr  5r,Kt_ybgy^A-]]Omug -Fwd1æ|isT!N o[Fx B%) mI#H&,*YC~50㩒\ odzS1ǎ[29HBajSد6KzsL}W^2AQdvs?}ػp #Oǥ 'UG@q]65m lZ )L(==PӴ殟pbԸ.z2oZ4 j?m_eqzV=I}*;V"$I.1)Զok T#*pOQUtȶ&7Sn>A2mF3&xw΁I -BYᴛa[Q&E n+!DJ]qϛ)$'O|A1u3VG܋2z,돂ǯ$t~rN_^Ԕ(fzvG)64l\zE*M~#qHPإ6-$@Uh>tyY ^chzb;;Ô+7+c8se N1Z]S< XRxT-!h(*X'Rc@ mXS{L@r Bp!lh5ơYf=m|&v4B]KλiaWzzDʨVzW/Vc\ D@ۚBN*c|6҈E(=eut${__Ʋ`u$fxR9$ؙPS~ljDltF@oj$Jy%ͻGZMɮuw3TGRJSHe50Ey3MV:(~3p?\gR5 aJGҴjыx#+UAE–b٢`۲*ڤ?݈+ t |+vSZC|p:Ҽxp*[P)ou(ӏ, <%X^-svi1U7aJx_>b8P80 \ _[H ph#j}@N,nΜ`u0F/U}~RǤ=F혆5BJ֬ n*J>xhI.J5~蠝^`2!khiφwiQe0;QD89È9cxу! D//Ǖ/&`K\:Ҿko^+q)rܔ ʼπR[׀dӯ@pYr'ˇBxH,/z+g KPi(}Y% X}1lЕ j%ϘeR+}1 ٯu 67Ul,/K7GnF )jiRA>L=f*hV,T/D{'5c'<@OqKĂ%4O1 BxRlr%ƒyΑH?cm`֐zո5%B儯]3`{(*2nEyT9Z<{9 9UmW!Bɮ }=(D{qf>OG+~ җBfy$ZA}[VV_@SH"q.[-v:R,>4z%yՓHd9R0f!uv k.4jn \]G΀ T/v=[/F]X{$S$e*93F?S?т/1L^ErcXgb]s <1).N]j칄Rf%}Я-R{sA!+-hBhhAPp 9yUz9ҭvԮ}ڥv@P9nu/%%22S&Md?Qb݂ !Y&;d^@6F$%W\P4lU`dַd2q!O8"Mok%՘_V{Pդ>o ~'; <،6KUݐVϡ4YΑ,efұvqklpu<FwQ|d0u<,$#``mD!%ӍAQT4Ǚ_m1Xhn/yUn(⇯3"rr?\7 Ihb{ +nN# $>ɐlfnޞ`.&ItDpfR[S&Pj@̯W,t豨E-ƠcbF[xm>`෵sfzI L=kܿ_l0"Zt4J7YjO&:ڭ䥬Ug{΁hVWawR얮S`>:bD;J!V-g &QLI)!I'+XRGSJr4iub5 uBSL\qrw߮Z^⎫;r) }oʝq8,g7}SiڿTRI~Uf?߯U5E'Q_ b1+Z4>6ZH:qrG_I8 ݶm|ݰ37 x8:0+f>{-vJJ'gPY%%'572"D ,mUi:@POۣA S*R]s,~3i3.)"r}q]$?y_3dƄ~~Ӫն]P*2O{r blmR^-H~r K7D!T*+xo}Uu0—$i򆬷Y>BgItsImK~Ԭ{]Zʢ]9>ZRA2dڰS½~_!șB&;B귣uxzJy7`>7ۑ$NQ^(H5י}C*'!JM+gNR)F նNDeIJ/WJI(8T``]=@*<#U2A/vƦ> mwDpOv4p:Qq^n| J?d:y!3uڭi^p%6mYP]^,ռG*s;R mUAS~A^4VEI⺧ѐ6(G^_=],kR2w"Lk FOY##jĞ.~o wf~QH#2{0`HzT-PbIяGz5བྷG]c4*"䕌PiO( d7Uk5vn\.V#ƹ!h/Ȃ(Ꞛ(ϧv0> @kK>4@vw_('p|rm!xF1"먀qVl<496d$6|'`cIn]- f ']5͑TG&ըu\[ s+hcܬj7J/qJxbukd3zYzßoÃVE‹ $j! ˷!Wb|OL/"o#쾨X0Fr7ݺK&ص!o9k7|' ȅʩc~$X:mτ^I)@.>UNGc߁իʥ|>O! PHӘw瞊xV>풤u8O{_bG(֒?z݄nܽ~ Jƌ@r/[+qu-+O0n9ȼV2%lx|mmN1 AcPm rR/ag¨)DcY-U Ӌ,Զ<'k|9vnaSB"g}B%>oy?Z4=Yz zAA!)hQD p8$"gHh~JU[E*YТ_0ooݢ0q{Y'e<~ ~c7eCnQNɦ?eW4S/o@ T"{|)? Fo^ 7e(q͇ 'Z wp4Cu 3 h =꘽_ю mxJt*wH6Lߍv7?Ѝ7_؎3xMƏ煶p|3kS۴685)^%CΏWH"^f6be7c!k ݰOZEFK ] +v0?i `y׍GylQV dW1p^ e@a#P˒'簒>'t|b.c#V~AEgICi ,8;DyH`u~D#pcg%k Dr=ii!iD* YZ