nscd-2.31-9.3.2 >  A aJ gp9|δJԎ`,CSH<%XӍ* -ko-Ks E8lHdz(ȳ3͉)^LDՈKwi[VhK /*VӖ"g;QQNqsv4Q6%pفt(^aM_M6goYRQ}ޖ 3h}(cRCA0:G$RL#5(r *lAeWM&D>="|Ng%2чGn6fd476a12201d8c894690be77676c9abb88206e3546e75baf319b2727e25c0e586b4bdbb7e4a1515da6fa8f88fa02032b1f06d86aJ gp9|aطDfP;A?ID~Ʊ|ۣ-O_'~f Ӊmzr= P %3W*0eD#-^a^  e" u>#4P<#y~DPp )N./;HJ= 7sla}HpI?d   .  CIQ @ =   @ O l>X,( 8(9,:= >?@"B*F0GHHʄIXYZ[\]L^ b6cd_edfgliu|v͸ wxyT zx҈ҌҒCnscd2.319.3.2Name Service Caching DaemonNscd caches name service lookups and can dramatically improve performance with NIS, NIS+, and LDAP.aJRibs-arm-6}SUSE Linux Enterprise 15SUSE LLC GPL-2.0-or-laterhttps://www.suse.com/System/Daemonshttp://www.gnu.org/software/libc/libc.htmllinuxaarch64getent group nscd >/dev/null || /usr/sbin/groupadd -r nscd getent passwd nscd >/dev/null || /usr/sbin/useradd -r -g nscd -c "User for nscd" -s /sbin/nologin -d /run/nscd nscd if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in nscd.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in nscd.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi [ -z "${TRANSACTIONAL_UPDATE}" -a -x /usr/bin/systemd-tmpfiles ] && /usr/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/nscd.conf || : # Previously we had nscd.socket, remove it test -x /usr/bin/systemctl && /usr/bin/systemctl stop nscd.socket 2>/dev/null || : test -x /usr/bin/systemctl && /usr/bin/systemctl disable nscd.socket 2>/dev/null || : # Hard removal in case the above did not work rm -f /etc/systemd/system/sockets.target.wants/nscd.socket exit 0 test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable nscd.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop nscd.service ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in nscd.service ; do sysv_service="${service%.*}" rm "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart nscd.service ) || : fi fi exit 0  A큤A큤A큀aJaJaJ?aJ?aJaJaJaJaJaJaJ?aJ?aJ?aJ?aJ?e2cdfafd373d24fab07018d0e95dd49510ea6c992b7be2b0611ab23bbc2750b579fe74962fbce2fa9b2a4b92f693b2fd42cbc2ed331fae268de7104879a72df879c9cec5dd2414dcb76d11e75903aa6fd9b7785c897cb9f853edcb140a71b77946aa54469f04e2ea33455082235b39131e352dc8086555c5e1fd3be076eecf41/sbin/service@YYYYYYYrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootglibc-2.31-9.3.2.src.rpmconfig(nscd)glibc:/usr/sbin/nscdnscdnscd(aarch-64) @@@@@@@@@    /bin/sh/bin/sh/bin/sh/bin/shconfig(nscd)glibcld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libaudit.so.1()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libcap.so.2()(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.17)(64bit)libselinux.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)shadowsystemdsystemdsystemdsystemd2.31-9.3.22.313.0.4-14.6.0-14.0-15.2-14.14.3a0`ݮ@`a@`H`H`?z@`@_T__/@_O@^)@^@^{G^g@^`^U @^&^]@]7@]|@]@]:\@\\]@\@\|\~d[[ͻ[$@[t[r@[qr[^[!@[@Z@ZJ@Z2@ZH@ZZ Z}@ZxG@Zp^@Zp^@Ze@ZKt@Z1@Z/Z@Y@Y@YYܶ@YdY@Y@YY@Y@Y@YW@Y@YJYYw2Yp@YJ_YA%@Y.@Y, @Y, @Y$$@Y"XۡX@XWw@W@W@Ws@Wk@Wj}WYZ@WL+@W3W0{WW V@V@V޾Vm@VIV@VŲ@V`VVV@VLh@V.V$@VVZV VUYU|@UAUȒ@UU@UU4@UUv@U%@U/@U:T@TPTgTܕTء@TO@schwab@suse.deschwab@suse.deschwab@suse.derguenther@suse.comrguenther@suse.comschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.dematz@suse.comschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.dematz@suse.comschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.dematz@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.dejslaby@suse.comschwab@suse.deschwab@suse.deschwab@suse.deidonmez@suse.comschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.denormand@linux.vnet.ibm.comschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.demeissner@suse.comschwab@suse.deschwab@suse.demgorman@suse.comschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.deschwab@suse.de- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify (CVE-2021-33574, bsc#1186489, BZ #27896)- wordexp-param-overflow.patch: wordexp: handle overflow in positional parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)- s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector support in memmove ifunc-selector (bsc#1184035, BZ #27511)- Update glibc-2.31-HTM-vzeroupper.diff with a AVX-SSE transition fix.- Add glibc-2.31-HTM-vzeroupper.diff to avoid VZEROUPPER in the AVX2 accelerated string routines which cause HTM transaction aborts. Instead use EVEX or SSE. (bsc#1181403)- nscd-netgroupcache.patch: nscd: Fix double free in netgroupcache (CVE-2021-27645, bsc#1182733, BZ #27462)- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)- sysvipc-sem-stat-any.patch: sysvipc: Fix SEM_STAT_ANY kernel argument pass (bsc#1180557, BZ #26637)- aarch64-getauxval.patch: aarch64: Accept PLT calls to __getauxval within libc.so (bsc#1167939) - iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - printf-long-double-non-normal.patch: x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - get-nprocs-cpu-online-parsing.patch: Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)- power10-support.patch: Add support for POWER10 (jsc#SLE-13520) - iconv-option-parsing.patch: Rewrite iconv option parsing (CVE-2016-10228, bsc#1027496, BZ #19519)- Update to glibc 2.31 - glibc-2.14-crypt.diff, crypt_blowfish-const.patch, crypt_blowfish-1.2-sha.diff, crypt_blowfish-gensalt.patch, crypt_blowfish-1.2-hack_around_arm.diff, glibc-nodate.patch, powerpc-elision-enable-envvar.patch, s390-elision-enable-envvar.patch, crt-nocompress-debug-sections.patch, resolv-context-leak.patch, dl-runtime-resolve-opt-avx512f.patch, libpthread-compat-wrappers.patch, math-c++-compat.patch, remove-nss-nis-compat.patch, eh-frame-zero-terminator.patch, ld-so-hwcap-x86-64.patch, assert-pedantic.patch, getaddrinfo-errno.patch, resolv-conf-oom.patch, dynarray-allocation.patch, nearbyint-inexact.patch, nss-compat.patch, nscd-libnsl.patch, malloc-tcache-leak.patch, falkor-memcpy-memmove.patch, aarch64-cpu-features.patch, nss-files-large-buffers.patch, sysconf-uio-maxiov.patch, glob-tilde-overflow.patch, dl-runtime-resolve-xsave.patch, spawni-assert.patch, x86-64-dl-platform.patch, glob64-s390.patch, tst-tlsopt-powerpc.patch, powerpc-hwcap-bits.patch, malloc-tcache-check-overflow.patch, dl-init-paths-overflow.patch, fillin-rpath-empty-tokens.patch, getcwd-absolute.patch, memalign-overflow.patch, stack-guard-size-accounting.patch, libgcc-rtld-now.patch, res-send-enomem.patch, glibc-fix-avx512-mempcpy.patch, i386-memmove-sse2-unaligned.patch, realpath-ssize-max-overflow.patch, localtime-2039.patch, math-remove-slow-path.patch, aarch64-hwcap-atomics.patch, glibc-fix-aarch64-build.diff, absolute-symbols.patch, x86-haswell-string-flags.patch, pthread-cond-broadcast-waiters-after-spinning.patch, mman-map-sync.patch, mman-linux-map-shared-validate.patch, nptl-setxid-error.patch, pthread-mutex-trylock-barrier.patch, getaddrinfo-parse-ipv4-address.patch, japanese-era-name-may-2019.patch, force-elision-race.patch, regex-read-overrun.patch, regex-parse-reg-exp.patch, 0001-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch, 0002-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch, 0003-S390-Unify-31-64bit-memcpy.patch, 0004-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch, 0005-S390-Remove-s390-specific-implementation-of-bcopy.patch, 0006-S390-Use-memcpy-for-forward-cases-in-memmove.patch, 0007-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch, 0008-S390-Add-z13-memmove-ifunc-variant.patch, 0009-S390-Add-z13-strstr-ifunc-variant.patch, 0010-S390-Add-z13-memmem-ifunc-variant.patch, 0011-S390-Cleanup-ifunc-resolve.h.patch, 0012-S390-Mark-vx-and-vxe-as-important-hwcap.patch, 0013-S390-Add-new-hwcap-values-for-new-cpu-architecture-a.patch, 0014-S390-Add-configure-check-to-detect-support-for-arch1.patch, 0015-S390-Add-arch13-memmove-ifunc-variant.patch, 0016-S390-Add-arch13-strstr-ifunc-variant.patch, 0017-S390-Add-arch13-memmem-ifunc-variant.patch, prefer-map-32bit-exec.patch, s390-strstr-page-boundary.patch, ppc-tle-htm-nosc.patch, posix-Add-internal-symbols-for-posix_spawn-interface.patch, glibc-2.29-posix-Use-posix_spawn-on-popen.patch, backtrace-powerpc.patch, pthread-rwlock-pwn.patch, manual-memory-protection.patch, ldbl-96-rem-pio2l.patch, dl-sort-maps.patch, dlopen-filter-object.patch, glob-use-after-free.patch, nptl-setxid-race.patch, nscd-senfile.patch, ldd-system-interp.patch, abort-no-flush.patch, fnmatch-collating-elements.patch, nss-files-long-lines-2.patch, iconv-reset-input-buffer.patch, nscd-prune.patch, syslog-locking.patch: Removed. - long-double-alias.patch, glibc-nsswitch-usr.diff, euc-kr-overrun.patch, riscv-syscall-clobber.patch, nscd-gc-cycle.patch: Added.- nscd-senfile.patch: Fix concurrent changes on nscd aware files (bsc#1171878, BZ #23178) - nscd-prune.patch: nscd: bump GC cycle during cache pruning (bsc#1171878, BZ #26130) - syslog-locking.patch: Correct locking and cancellation cleanup in syslog functions (bsc#1172085, BZ #26100)- nptl-setxid-race.patch: nptl: wait for pending setxid request also in detached thread (bsc#1162930, BZ #25942)- glob-use-after-free.patch: Fix use-after-free in glob when expanding ~user (CVE-2020-1752, bsc#1167631, BZ #25414)- dl-sort-maps.patch, dlopen-filter-object.patch: Allow dlopen of filter object to work (bsc#1166106, BZ #16272)- ldbl-96-rem-pio2l.patch: Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (CVE-2020-10029, bsc#1165784, BZ #25487)- pthread-rwlock-pwn.patch: Fix rwlock stall with PREFER_WRITER_NONRECURSIVE_NP (bsc#1164505, BZ #23861) - manual-memory-protection.patch: manual: Document mprotect and introduce section on memory protection (bsc#1163184)- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC (CVE-2020-1751, bsc#1158996, BZ #25423)- posix-Add-internal-symbols-for-posix_spawn-interface.patch, glibc-2.29-posix-Use-posix_spawn-on-popen.patch: Use posix_spawn on popen (bsc#1149332, BZ #22834)- ppc-tle-htm-nosc.patch: powerpc: Fix syscalls during early process initialization (SLE-8348, BZ #22685)- s390-strstr-page-boundary.patch: S390: Fix handling of needles crossing a page in strstr z15 ifunc-variant (bsc#1157893, BZ #25226)- prefer-map-32bit-exec.patch: rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126, bsc#1157292, BZ [#25204])- GNU1815 - Hardware support in toolchain (bsc#1151582) 0001-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch 0002-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch 0003-S390-Unify-31-64bit-memcpy.patch 0004-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch 0005-S390-Remove-s390-specific-implementation-of-bcopy.patch 0006-S390-Use-memcpy-for-forward-cases-in-memmove.patch 0007-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch 0008-S390-Add-z13-memmove-ifunc-variant.patch 0009-S390-Add-z13-strstr-ifunc-variant.patch 0010-S390-Add-z13-memmem-ifunc-variant.patch 0011-S390-Cleanup-ifunc-resolve.h.patch 0012-S390-Mark-vx-and-vxe-as-important-hwcap.patch 0013-S390-Add-new-hwcap-values-for-new-cpu-architecture-a.patch 0014-S390-Add-configure-check-to-detect-support-for-arch1.patch 0015-S390-Add-arch13-memmove-ifunc-variant.patch 0016-S390-Add-arch13-strstr-ifunc-variant.patch 0017-S390-Add-arch13-memmem-ifunc-variant.patch- regex-parse-reg-exp.patch: ERE '0|()0|\1|0' causes regexec undefined behavior (CVE-2009-5155, bsc#1127223, BZ #18986) - regex-read-overrun.patch: regex: fix read overrun (CVE-2019-9169, bsc#1127308, BZ #24114)- crt-nocompress-debug-sections.patch: Don't compress debug sections in crt*.o files (bsc#1123710)- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig (bsc#1117993, BZ #23973)- force-elision-race.patch: Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330, BZ #23275)- japanese-era-name-may-2019.patch: ja_JP locale: Add entry for the new Japanese era (bsc#1100396, BZ #22964)- pthread-mutex-trylock-barrier.patch: pthread_mutex_trylock does not use the correct order of instructions while maintaining the robust mutex list due to missing compiler barriers (bsc#1130045, BZ #24180) - getaddrinfo-parse-ipv4-address.patch: getaddrinfo: Fully parse IPv4 address strings (CVE-2016-10739, bsc#1122729, BZ #20018)- mman-map-sync.patch: Add MAP_SYNC from Linux 4.15 (bsc#1126590) - mman-linux-map-shared-validate.patch: Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590) - nptl-setxid-error.patch: nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153)- x86-haswell-string-flags.patch: Fix Haswell CPU string flags (bsc#1114984, BZ #23709) - pthread-cond-broadcast-waiters-after-spinning.patch: Fix waiters-after-spinning case (bsc#1114993, BZ #23538)- absolute-symbols.patch: Don't relocate absolute symbols (bsc#1112570, BZ [#19818])- glibc-fix-aarch64-build.diff: Fix build on aarch64 with binutils newer than 2.30.- Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales (fate#326551)- aarch64-hwcap-atomics.patch: aarch64: add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962)- math-remove-slow-path.patch: Remove slow paths from math routines (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882)- localtime-2039.patch: Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526, BZ #22639)- i386-memmove-sse2-unaligned.patch: Fix SSE2 memmove issue when crossing 2GB boundary (CVE-2017-18269, bnc#1094150, BZ #22644) - realpath-ssize-max-overflow.patch: Fix overflow in path length computation (CVE-2018-11236, bsc#1094161, BZ #22786) - glibc-fix-avx512-mempcpy.patch: replace with upstream version- Use %license also for COPYING and COPYING.LIB (bsc#1082318)- Add glibc-fix-avx512-mempcpy.patch as quick fix for mempcpy buffer overwrite in memmove-avx512-no-vzeroupper.S for Knights Landing CPUs (CVE-2018-11237, bnc#1094154, bnc#1092877, BZ #23196)- Readd nis to netgroup and automount nss config (bsc#1088860)- res-send-enomem.patch: Fix crash in resolver on memory allocation failure (bsc#1086690, BZ #23005)- Use %license (bsc#1082318)- stack-guard-size-accounting.patch: Fix stack guard size accounting (bsc#1074208, BZ #22637) - libgcc-rtld-now.patch: Open libgcc.so with RTLD_NOW during pthread_cancel (bsc#1074208, BZ #22636)- Mark source0 as nosource in non-main source rpms- Add systemtap-headers to BuildRequires. - Add --enable-systemtap to configure arguments. (fate#324969, bsc#1073636)- memalign-overflow.patch: Fix integer overflows in internal memalign and malloc functions (CVE-2018-6485, CVE-2018-6551, bsc#1079036, BZ #22343, BZ #22774)- fix-locking-in-_IO_cleanup.patch: Skip locked files during exit (bsc#1070491, BZ #15142)- Avoid duplicate source rpm- getcwd-absolute.patch: make getcwd(3) fail if it cannot obtain an absolute path (CVE-2018-1000001, bsc#1074293, BZ #22679)- dl-init-paths-overflow.patch: Count components of the expanded path in _dl_init_path (CVE-2017-1000408, CVE-2017-1000409, bsc#1071319, BZ [#22607], BZ #22627) - fillin-rpath-empty-tokens.patch: Check for empty tokens before dynamic string token expansion (CVE-2017-16997, bsc#1073231, BZ #22625)- tst-tlsopt-powerpc.patch: fix tst-tlsopt-powerpc (bcn#1070419) - powerpc-hwcap-bits.patch: Update HWCAP for powerpc (bnc#1070420) - malloc-tcache-check-overflow.patch: Fix integer overflow in malloc when tcache is enabled (CVE-2017-17426, bnc#1071479, BZ #22375)- Add _multibuild- glob64-s390.patch: no compat glob64 on s390 - noversion.tar.bz2: remove unused source- x86-64-dl-platform.patch: Don't set GLRO(dl_platform) to NULL (BZ #22299)- spawni-assert.patch: Fix improper assert in Linux posix_spawn (BZ [#22273])- math-c++-compat.patch: Add more C++ compatibility (BZ #22296) - malloc-tcache-leak.patch: Fix tcache leak after thread destruction (BZ [#22111]) - falkor-memcpy-memmove.patch: Optimized implementation of memcpy/memmove for Qualcomm Falkor - aarch64-cpu-features.patch: Fix glibc.tune.cpu tunable handling - nss-files-large-buffers.patch: Avoid large buffers with many host addresses (BZ #22078) - sysconf-uio-maxiov.patch: Fix missing definition of UIO_MAXIOV (BZ [#22321]) - glob-tilde-overflow.patch: Fix buffer overflows with GLOB_TILDE (CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569. bsc#1064580, bsc#1064583, BZ #22320, BZ #22325, BZ #22332) - dl-runtime-resolve-xsave.patch: Use fxsave/xsave/xsavec in _dl_runtime_resolve (BZ #21265)- nscd-libnsl.patch: Remove reference to libnsl from nscd (bsc#1062244)- Drop glibc-obsolete - glibc-2.3.90-noversion.diff: remove - reinitialize-dl_load_write_lock.patch: remove- nss-compat.patch: Move nss_compat from nis to nss subdir and install it unconditionally - nsswitch.conf: switch back to compat for passwd, group, shadow- assert-pedantic.patch: Suppress pedantic warning caused by statement expression (BZ #21242, BZ #21972) - math-c++-compat.patch: Add more C++ compatibility (BZ #22235) - getaddrinfo-errno.patch: Fix errno and h_errno handling in getaddrinfo (BZ #21915, BZ #21922) - resolv-conf-oom.patch: Fix memory handling in OOM situation during resolv.conf parsing (BZ #22095, BZ #22096) - dynarray-allocation.patch: Fix initial size of dynarray allocation and set errno on overflow error - nearbyint-inexact.patch: Avoid spurious inexact in nearbyint (BZ #22225)- math-c++-compat.patch: add more C++ compatibility (BZ #22146)- Remove rpcsvc/yppasswd.* from glibc-devel - ld-so-hwcap-x86-64.patch: add x86_64 to hwcap (bsc#1056606, BZ #22093)- eh-frame-zero-terminator.patch: Properly terminate .eh_frame (BZ #22051)- Disable obsolete libnsl and NIS support - remove-nss-nis-compat.patch: remove nis and compat from default NSS configs - nsswitch.conf: Likewise- math-c++-compat.patch: Do not use __builtin_types_compatible_p in C++ mode (BZ #21930)- Add iconvconfig to baselibs.conf (bsc#1051042)- resolv-context-leak.patch: Fix leaks of resolver contexts - dl-runtime-resolve-opt-avx512f.patch: Use _dl_runtime_resolve_opt only with AVX512F (BZ #21871) - libpthread-compat-wrappers.patch: Don't use IFUNC resolver for longjmp or system in libpthread (BZ #21041)- Update to glibc 2.26 * A per-thread cache has been added to malloc * Unicode 10.0.0 Support * Improvements to the DNS stub resolver * New function reallocarray, which resizes an allocated block (like realloc) to the product of two sizes, with a guaranteed clean failure upon integer overflow in the multiplication * New wrappers for the Linux-specific system calls preadv2 and pwritev2 * posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to create a new session ID for the spawned process * errno.h is now safe to use from C-preprocessed assembly language on all supported operating systems * On ia64, powerpc64le, x86-32, and x86-64, the math library now implements 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE 754-2008) and ISO/IEC TS 18661-3:2015 * The synchronization that pthread_spin_unlock performs has been changed to now be equivalent to a C11 atomic store with release memory order to the spin lock's memory location * The DNS stub resolver no longer performs EDNS fallback * res_mkquery and res_nmkquery no longer support the IQUERY opcode * The _res_opcodes variable has been removed from libresolv * no longer includes inline versions of any string functions, as this kind of optimization is better done by the compiler * The nonstandard header has been removed * The obsolete header has been removed * The obsolete signal constant SIGUNUSED is no longer defined by * The obsolete function cfree has been removed * The stack_t type no longer has the name struct sigaltstack * The ucontext_t type no longer has the name struct ucontext * On S/390 GNU/Linux, the constants defined by have been synced with the kernel * Linux kernel 3.2 or later is required at runtime, on all architectures supported by that kernel * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes, to avoid fragmentation-based spoofing attacks (CVE-2017-12132) * LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE mode to guard against local privilege escalation attacks (CVE-2017-1000366) * Avoid printing a backtrace from the __stack_chk_fail function since it is called on a corrupt stack and a backtrace is unreliable on a corrupt stack (CVE-2010-3192) * A use-after-free vulnerability in clntudp_call in the Sun RPC system has been fixed (CVE-2017-12133) * fate#322258, fate#321513, fate#322453 - fts-symbol-redirect.patch, glibc-resolv-reload.diff, glibc-2.2-sunrpc.diff, i686-memchr-sse.patch, ld-hwcap-mask-suid.patch, ld-library-path-suid.patch, sunrpc-use-after-free.patch, test-math-vector-sincos-aliasing.patch, tunables-bigendian.patch: Removed- Fix RPM group- s390-elision-enable-envvar.patch: enable TLE only if GLIBC_ELISION_ENABLE=yes is defined (fate#322271)- ld-hwcap-mask-suid.patch: Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (BZ #21209) - ld-library-path-suid.patch: Completely ignore LD_LIBRARY_PATH for AT_SECURE=1 programs (CVE-2017-1000366, bsc#1039357, BZ #21624)- Remove glibc-cpusetsize.diff, no longer useful- fts-symbol-redirect.patch: Fix symbol redirect for fts_set (bsc#1041123, BZ #21289)- test-math-vector-sincos-aliasing.patch: Fix test-math-vector-sincos.h aliasing- add-locales.patch: renamed from glibc-2.3.locales.diff.bz2, drop en_BE locales (bsc#1039502)- Remove glibc-testsuite.patch, no longer relevant- Use multibuild feature - Remove obsolete check-build.sh - glibc.rpmlintrc: remove obsolete entries - Use %tmpfiles_create in nscd postin- i686-memchr-sse.patch: Fix i686 memchr overflow calculation (bsc#1031021, BZ #21182) - sunrpc-use-after-free.patch: Avoid use-after-free read access in clntudp_call (BZ #21115) - Build testsuite with gdb and python-pexpect to enable more tests- tunables-bigendian.patch: Fix getting tunable values on big-endian (BZ [#21109])- Update to glibc 2.25 * The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR 24731-2:2010, is supported to enable declarations of functions from that TR. * The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS 18661-1:2014, is supported to enable declarations of functions and macros from that TS. * The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS 18661-4:2015, is supported to enable declarations of functions and macros from that TS. * The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L. * The inclusion of by is deprecated. * New features from TS 18661-1:2014 are added to libm: the fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros. * Integer width macros from TS 18661-1:2014 are added to : CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH, UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to : INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH, INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH, UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH, INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH, UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH, UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH, UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH, UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH, WINT_WIDTH. * New features are added from TS 18661-1:2014: - Signaling NaN macros: SNANF, SNAN, SNANL. - Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp, fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf, fromfpxl, ufromfpx, ufromfpxf, ufromfpxl. - llogb functions: the llogb, llogbf and llogbl functions, and the FP_LLOGB0 and FP_LLOGBNAN macros. - Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag, fminmagf, fminmagl. - Comparison macros: iseqsig. - Classification macros: iscanonical, issubnormal, iszero. - Total order functions: totalorder, totalorderf, totalorderl, totalordermag, totalordermagf, totalordermagl. - Canonicalize functions: canonicalize, canonicalizef, canonicalizel. - NaN functions: getpayload, getpayloadf, getpayloadl, setpayload, setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl. * The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014, are added to libc. * Most of glibc can now be built with the stack smashing protector enabled. * The function explicit_bzero, from OpenBSD, has been added to libc. * On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined to float instead of double. * On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the float_t and double_t types are now defined to long double instead of float and double. * The getentropy and getrandom functions, and the header file have been added. * The buffer size for byte-oriented stdio streams is now limited to 8192 bytes by default. * The header now includes the header. * The malloc_get_state and malloc_set_state functions have been removed. * The “ip6-dotint” and “no-ip6-dotint” resolver options, and the corresponding RES_NOIP6DOTINT flag from have been removed. * The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING flag from have been removed. * The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG, RES_BLAST defined in the header file have been deprecated. * The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for _res.flags are deprecated. * DNSSEC-related declarations and definitions have been removed from the header file, and libresolv will no longer attempt to decode the data part of DNSSEC record types. * The resource record type classification macros ns_t_qt_p, ns_t_mrr_p, ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the header file because the distinction between RR types and meta-RR types is not officially standardized, subject to revision, and thus not suitable for encoding in a macro. * The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook and rhook members of the res_state type in have been removed. * For multi-arch support it is recommended to use a GCC which has been built with support for GNU indirect functions. * GDB pretty printers have been added for mutex and condition variable structures in POSIX Threads. * Tunables feature added to allow tweaking of the runtime for an application program. * A new version of condition variables functions have been implemented in the NPTL implementation of POSIX Threads to provide stronger ordering guarantees. * A new version of pthread_rwlock functions have been implemented to use a more scalable algorithm primarily through not using a critical section anymore to make state changes. * On ARM EABI (32-bit), generating a backtrace for execution contexts which have been created with makecontext could fail to terminate due to a missing .cantunwind annotation. (CVE-2016-6323) * The DNS stub resolver functions would crash due to a NULL pointer dereference when processing a query with a valid DNS question type which was used internally in the implementation. (CVE-2015-5180) - Enable stack protector if part of %optflags - startcontext-cantunwind.patch: Removed - cpuid-assertion.patch: Removed- cpuid-assertion.patch: Don't assert on older Intel CPUs (BZ #20647)- glibc-2.3.3-nscd-db-path.diff: Move persistent nscd databases to /var/lib/nscd - glibc-2.3.90-langpackdir.diff: simplify- Update to glibc 2.24 * The minimum Linux kernel version that this version of the GNU C Library can be used with is 3.2 * The pap_AN locale has been deleted * The readdir_r and readdir64_r functions have been deprecated * The type `union wait' has been removed * A new NSS action is added to facilitate large distributed system administration * The deprecated __malloc_initialize_hook variable has been removed from the API * The long unused localedef --old-style option has been removed * nextupl, nextup, nextupf, nextdownl, nextdown and nextdownf are added to libm * An unnecessary stack copy in _nss_dns_getnetbyname_r was removed (CVE-2016-3075) * Previously, getaddrinfo copied large amounts of address data to the stack, even after the fix for CVE-2013-4458 has been applied, potentially resulting in a stack overflow. getaddrinfo now uses a heap allocation instead (CVE-2016-3706) * The glob function suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name (CVE-2016-1234) * The Sun RPC UDP client could exhaust all available stack space when flooded with crafted ICMP and UDP messages (CVE-2016-4429) * The IPv6 name server management code in libresolv could result in a memory leak for each thread which is created, performs a failing naming lookup, and exits (CVE-2016-5417) - startcontext-cantunwind.patch: mark __startcontext as .cantunwind (bsc#974800, BZ #20435) - Removed patches: * 0001-Updated-translations-for-2.23.patch * 0002-Regenerate-libc.pot-for-2.23.patch * 0003-Regenerated-configure-scripts.patch * 0004-x86_64-Set-DL_RUNTIME_UNALIGNED_VEC_SIZE-to-8.patch * 0005-Add-fts64_-to-sysdeps-arm-nacl-libc.abilist.patch * 0006-Don-t-use-long-double-math-functions-if-NO_LONG_DOUB.patch * 0007-NEWS-2.23-Fix-typo-in-bug-19048-text.patch * 0008-Update-NEWS.patch * 0009-sln-use-stat64.patch * 0010-Add-sys-auxv.h-wrapper-to-include-sys.patch * 0011-mips-terminate-the-FDE-before-the-return-trampoline-.patch * 0012-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch * 0013-Mention-BZ-19762-in-NEWS.patch * 0014-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch * 0015-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch * 0016-Fix-resource-leak-in-resolver-bug-19257.patch * 0017-math-don-t-clobber-old-libm.so-on-install-BZ-19822.patch * 0018-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch * 0019-S390-Save-and-restore-fprs-vrs-while-resolving-symbo.patch * 0020-S390-Extend-structs-La_s390_regs-La_s390_retval-with.patch * 0021-CVE-2016-3075-Stack-overflow-in-_nss_dns_getnetbynam.patch * 0022-configure-fix-test-usage.patch * 0023-Suppress-GCC-6-warning-about-ambiguous-else-with-Wpa.patch * 0024-nss_db-Propagate-ERANGE-error-if-parse_line-fails-BZ.patch * 0025-getnameinfo-Do-not-preserve-errno.patch * 0026-getnameinfo-Refactor-and-fix-memory-leak-BZ-19642.patch * 0027-getnameinfo-Reduce-line-length-and-add-missing-comme.patch * 0028-getnameinfo-Avoid-calling-strnlen-on-uninitialized-b.patch * 0029-getnameinfo-Return-EAI_OVERFLOW-in-more-cases-BZ-197.patch * 0030-hesiod-Remove-RCS-keywords.patch * 0031-hesiod-Always-use-thread-local-resolver-state-BZ-195.patch * 0032-hesiod-Avoid-heap-overflow-in-get_txt_records-BZ-200.patch * 0033-malloc-Remove-NO_THREADS.patch * 0034-Fix-malloc-threaded-tests-link-on-non-Linux.patch * 0035-malloc-Run-fork-handler-as-late-as-possible-BZ-19431.patch * 0036-malloc-Remove-malloc-hooks-from-fork-handler.patch * 0037-malloc-Add-missing-internal_function-attributes-on-f.patch * 0038-nss_dns-Fix-assertion-failure-in-_nss_dns_getcanonna.patch * 0039-nss_dns-Validate-RDATA-length-against-packet-length-.patch * 0040-resolv-nss_dns-Remove-remaining-syslog-logging-BZ-19.patch * 0041-nss_dns-Check-address-length-before-creating-addrinf.patch * 0042-nss_dns-Skip-over-non-PTR-records-in-the-netent-code.patch * 0043-resolv-Always-set-resplen2-out-parameter-in-send_vc-.patch * 0044-tst-audit4-tst-audit10-Compile-AVX-AVX-512-code-sepa.patch * 0045-Fix-tst-audit10-build-when-mavx512f-is-not-supported.patch * 0046-tst-audit10-Fix-compilation-on-compilers-without-bit.patch * 0047-strfmon_l-Use-specified-locale-for-number-formatting.patch * 0048-glob-Simplify-the-interface-for-the-GLOB_ALTDIRFUNC-.patch * 0049-CVE-2016-1234-glob-Do-not-copy-d_name-field-of-struc.patch * 0050-ldconfig-Do-not-remove-stale-symbolic-links-with-X-B.patch * 0051-Report-dlsym-dlvsym-lookup-errors-using-dlerror-BZ-1.patch * 0052-Fix-tst-dlsym-error-build.patch * 0053-Remove-trailing-newline-from-date_fmt-in-Serbian-loc.patch * 0054-Revert-Report-dlsym-dlvsym-lookup-errors-using-dlerr.patch * 0055-CVE-2016-3706-getaddrinfo-stack-overflow-in-hostent-.patch * 0056-Fix-strfmon_l-Use-specified-locale-for-number-format.patch * clntudp-call-alloca.patch * glibc-memset-nontemporal.diff * nis-initgroups-status.patch * nscd-gc-crash.patch * robust-mutex-deadlock.patch * strncat-avoid-array-bounds-warning.patch- strncat-avoid-array-bounds-warning.patch: Avoid array-bounds warning for stncat on i586 (BZ #20260) - Update glibc.keyring - Unset MALLOC_CHECK_ during testsuite run- nsswitch.conf: Add fallback to files for passwd and group to prepare for libnsl removal.- nis-initgroups-status.patch: Return proper status from _nss_nis_initgroups_dyn (bsc#984269, BZ #20262) - robust-mutex-deadlock.patch: Fix generic __lll_robust_timedlock_wait to check for timeout (bsc#985170, BZ #20263)- nscd-gc-crash.patch: Fix nscd assertion failure in gc (bsc#965699, BZ [#19755])- clntudp-call-alloca.patch: do not use alloca in clntudp_call (CVE-2016-4429, bsc#980854, BZ #20112)- Import patches from 2.23 branch 0001-Updated-translations-for-2.23.patch 0002-Regenerate-libc.pot-for-2.23.patch 0003-Regenerated-configure-scripts.patch 0004-x86_64-Set-DL_RUNTIME_UNALIGNED_VEC_SIZE-to-8.patch 0005-Add-fts64_-to-sysdeps-arm-nacl-libc.abilist.patch 0006-Don-t-use-long-double-math-functions-if-NO_LONG_DOUB.patch 0007-NEWS-2.23-Fix-typo-in-bug-19048-text.patch 0008-Update-NEWS.patch 0009-sln-use-stat64.patch 0010-Add-sys-auxv.h-wrapper-to-include-sys.patch 0011-mips-terminate-the-FDE-before-the-return-trampoline-.patch 0012-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch 0013-Mention-BZ-19762-in-NEWS.patch 0014-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch 0015-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch 0016-Fix-resource-leak-in-resolver-bug-19257.patch 0017-math-don-t-clobber-old-libm.so-on-install-BZ-19822.patch 0018-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch 0019-S390-Save-and-restore-fprs-vrs-while-resolving-symbo.patch 0020-S390-Extend-structs-La_s390_regs-La_s390_retval-with.patch 0021-CVE-2016-3075-Stack-overflow-in-_nss_dns_getnetbynam.patch 0022-configure-fix-test-usage.patch 0023-Suppress-GCC-6-warning-about-ambiguous-else-with-Wpa.patch 0024-nss_db-Propagate-ERANGE-error-if-parse_line-fails-BZ.patch 0025-getnameinfo-Do-not-preserve-errno.patch 0026-getnameinfo-Refactor-and-fix-memory-leak-BZ-19642.patch 0027-getnameinfo-Reduce-line-length-and-add-missing-comme.patch 0028-getnameinfo-Avoid-calling-strnlen-on-uninitialized-b.patch 0029-getnameinfo-Return-EAI_OVERFLOW-in-more-cases-BZ-197.patch 0030-hesiod-Remove-RCS-keywords.patch 0031-hesiod-Always-use-thread-local-resolver-state-BZ-195.patch 0032-hesiod-Avoid-heap-overflow-in-get_txt_records-BZ-200.patch 0033-malloc-Remove-NO_THREADS.patch 0034-Fix-malloc-threaded-tests-link-on-non-Linux.patch 0035-malloc-Run-fork-handler-as-late-as-possible-BZ-19431.patch 0036-malloc-Remove-malloc-hooks-from-fork-handler.patch 0037-malloc-Add-missing-internal_function-attributes-on-f.patch 0038-nss_dns-Fix-assertion-failure-in-_nss_dns_getcanonna.patch 0039-nss_dns-Validate-RDATA-length-against-packet-length-.patch 0040-resolv-nss_dns-Remove-remaining-syslog-logging-BZ-19.patch 0041-nss_dns-Check-address-length-before-creating-addrinf.patch 0042-nss_dns-Skip-over-non-PTR-records-in-the-netent-code.patch 0043-resolv-Always-set-resplen2-out-parameter-in-send_vc-.patch 0044-tst-audit4-tst-audit10-Compile-AVX-AVX-512-code-sepa.patch 0045-Fix-tst-audit10-build-when-mavx512f-is-not-supported.patch 0046-tst-audit10-Fix-compilation-on-compilers-without-bit.patch 0047-strfmon_l-Use-specified-locale-for-number-formatting.patch 0048-glob-Simplify-the-interface-for-the-GLOB_ALTDIRFUNC-.patch 0049-CVE-2016-1234-glob-Do-not-copy-d_name-field-of-struc.patch 0050-ldconfig-Do-not-remove-stale-symbolic-links-with-X-B.patch 0051-Report-dlsym-dlvsym-lookup-errors-using-dlerror-BZ-1.patch 0052-Fix-tst-dlsym-error-build.patch 0053-Remove-trailing-newline-from-date_fmt-in-Serbian-loc.patch 0054-Revert-Report-dlsym-dlvsym-lookup-errors-using-dlerr.patch 0055-CVE-2016-3706-getaddrinfo-stack-overflow-in-hostent-.patch 0056-Fix-strfmon_l-Use-specified-locale-for-number-format.patch - CVE-2016-3075 CVE-2016-1234 CVE-2016-3706 bsc#973164 bsc#969727 - resolv-mem-leak.patch: renamed to 0016-Fix-resource-leak-in-resolver-bug-19257.patch - no-long-double.patch: renamed to 0006-Don-t-use-long-double-math-functions-if-NO_LONG_DOUB.patch - glibc-gcc6.patch: renamed to 0023-Suppress-GCC-6-warning-about-ambiguous-else-with-Wpa.patch- glibc-c-utf8-locale.patch: fix bad standard in LC_IDENTIFICATION categories - glibc-2.3.locales.diff.bz2: likewise- glibc-gcc6.patch: Suppress GCC 6 warning about ambiguous 'else' with - Wparentheses- Add compatibility symlinks for LSB 3.0 (fate#318933)- powerpc-elision-enable-envvar.patch: enable TLE only if GLIBC_ELISION_ENABLE=yes is defined (bsc#967594, fate#318236)- ldd-system-interp.patch: Restore warning about execution permission, it is still needed for noexec mounts (bsc#915985)- Add C.UTF-8 locale (see https://sourceware.org/glibc/wiki/Proposals/C.UTF-8) and rh#902094 . Added with glibc-c-utf8-locale.patch. - Add glibc-disable-gettext-for-c-utf8.patch to disable gettext for C.UTF-8 same as C locale.- Move %install_info_delete to %preun - crypt_blowfish-1.3.tar.gz.sign: Remove, the sign key is no longer acceptable- no-long-double.patch: Don't use long double functions if NO_LONG_DOUBLE- Update to glibc 2.23 release. * Unicode 8.0.0 Support * sched_setaffinity, pthread_setaffinity_np no longer attempt to guess the kernel-internal CPU set size * The fts.h header can now be used with -D_FILE_OFFSET_BITS=64 * getaddrinfo now detects certain invalid responses on an internal netlink socket * A defect in the malloc implementation, present since glibc 2.15 (2012) or glibc 2.10 via --enable-experimental-malloc (2009), could result in the unnecessary serialization of memory allocation requests across threads * The obsolete header has been removed * The obsolete functions bdflush, create_module, get_kernel_syms, query_module and uselib are no longer available to newly linked binaries * Optimized string, wcsmbs and memory functions for IBM z13. * Newly linked programs that define a variable called signgam will no longer have it set by the lgamma, lgammaf and lgammal functions - Removed patches: * dont-remove-nodelete-flag.patch * openat64-readd-o-largefile.patch * mntent-blank-line.patch * opendir-o-directory-check.patch * strcoll-remove-strdiff-opt.patch * ld-pointer-guard.patch * tls-dtor-list-mangling.patch * powerpc-lock-elision-race.patch * prelink-elf-rtype-class.patch * vector-finite-math-aliases.patch * powerpc-elision-adapt-param.patch * catopen-unbound-alloca.patch * strftime-range-check.patch * hcreate-overflow-check.patch * errorcheck-mutex-no-elision.patch * refactor-nan-parsing.patch * send-dg-buffer-overflow.patch * isinf-cxx11-conflict.patch * ibm93x-redundant-shift-si.patch * iconv-reset-input-buffer.patch * tzset-tzname.patch * static-dlopen.patch- isinf-cxx11-conflict.patch: Fix isinf/isnan declaration conflict with C++11 (bsc#963700, BZ #19439)- tls-dtor-list-mangling.patch: Harden tls_dtor_list with pointer mangling (BZ #19018) - prelink-elf-rtype-class.patch: Keep only ELF_RTYPE_CLASS_{PLT|COPY} bits for prelink (BZ #19178) - vector-finite-math-aliases.patch: Better workaround for aliases of * _finite symbols in vector math library (BZ# 19058) - powerpc-elision-adapt-param.patch: powerpc: Fix usage of elision transient failure adapt param (BZ #19174) - catopen-unbound-alloca.patch: Fix unbound alloca in catopen (CVE-2015-8779, bsc#962739, BZ #17905) - strftime-range-check.patch: Add range check on time fields (CVE-2015-8776, bsc#962736, BZ #18985) - hcreate-overflow-check.patch: Handle overflow in hcreate (CVE-2015-8778, bsc#962737, BZ #18240) - errorcheck-mutex-no-elision.patch: Don't do lock elision on an error checking mutex (bsc#956716, BZ #17514) - refactor-nan-parsing.patch: Refactor strtod parsing of NaN payloads (CVE-2014-9761, bsc#962738, BZ #16962) - send-dg-buffer-overflow.patch: Fix getaddrinfo stack-based buffer overflow (CVE-2015-7547, bsc#961721, BZ #18665) - powerpc-lock-elision-race.patch: renamed from 0001-powerpc-Fix-a-race-condition-when-eliding-a-lock-20150730.patch- Add audit-devel and libcap-devel to BuildRequires, for use by nscd- reinitialize-dl_load_write_lock.patch: Reinitialize dl_load_write_lock on fork (bsc#958315, BZ #19282)- resolv-mem-leak.patch: Fix resource leak in resolver (bsc#955647, BZ #19257) - tzset-tzname.patch: Force rereading TZDEFRULES after it was used to set DST rules only (BZ #19253)- glibc-2.3.90-noversion.diff: use stat64- ld-pointer-guard.patch: Always enable pointer guard (CVE-2015-8777, bsc#950944, BZ #18928)- strcoll-remove-strdiff-opt.patch: Remove incorrect STRDIFF-based optimization (BZ #18589)- iconv-reset-input-buffer.patch: Fix iconv buffer handling with IGNORE error handler (BZ #18830)- new patch [BZ #18743] PowerPC: Fix a race condition when eliding a lock 0001-powerpc-Fix-a-race-condition-when-eliding-a-lock-20150730.patch- nss-files-long-lines-2.patch: Properly reread entry after failure in nss_files getent function (bsc#945779, BZ #18991)- fnmatch-collating-elements.patch: Fix fnmatch handling of collating elements (BZ #17396, BZ #16976)- opendir-o-directory-check.patch: Fix opendir inverted o_directory_works test - static-dlopen.patch: Static dlopen default library search path fix (bsc#937853)- mntent-blank-line.patch: Fix memory corruption w/blank lines- dont-remove-nodelete-flag.patch: Don't remove DF_1_NODELETE flag from all loaded objects on failed dlopen - openat64-readd-o-largefile.patch: Readd O_LARGEFILE flag for openat64- Update to glibc 2.22 release. * Cache information can be queried via sysconf() function on s390 * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. (CVE-2015-1781) * The time zone file parser has been made more robust against crafted time zone files * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors for LD and GD on x86 and x86-64, has been implemented. * Character encoding and ctype tables were updated to Unicode 7.0.0 * Added vector math library named libmvec * A new fmemopen implementation has been added with the goal of POSIX compliance. * The header is deprecated, and will be removed in a future release. * bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211 bsc#940195 bsc#940332 bsc#944494 bsc#968787 - Patches from upstream removed * htm-tabort.patch * o-tmpfile.patch * memcpy-chk-non-SSE2.patch * pthread-mutexattr-gettype-kind.patch * powerpc-software-sqrt.patch * static-tls-dtv-limit.patch * threaded-trim-threshold.patch * resolv-nameserver-handling.patch * nss-separate-state-getXXent.patch * aarch64-sigstksz.patch * heap-top-corruption.patch * pthread-join-deadlock.patch- pthread-join-deadlock.patch: Use IE model for static variables in libc.so, libpthread.so and rtld (bsc#930015, BZ #18457)- glibc-nodate.patch: fix verification of timestamp- also filter out -fstack-protector-strong- getaddrinfo-ipv6-sanity.diff: Remove. It breaks services that start before IPv6 is up (bsc#931399) - glibc-2.3.locales.diff.bz2: Remove sh_YU locales, fix currency for en_BE.- Add /usr/include/gnu/lib-names-.*.h to baselibs - pthread-join-deadlock.patch: Don't require rtld lock to store static TLS offset in the DTV (bsc#930015, BZ #18457) - heap-top-corruption.patch: Do not corrupt the top of a threaded heap if top chunk is MINSIZE (BZ #18502)- threaded-trim-threshold.patch: Fix regression in threaded application malloc performance (bsc#915955, BZ #17195)- aarch64-sigstksz.patch: Increase MINSIGSTKSZ and SIGSTKSZ (BZ #16850)- powerpc-software-sqrt.patch: Fix powerpc software sqrt (BZ #17964, BZ [#17967]) - nss-separate-state-getXXent.patch: Separate internal state between getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007) - static-tls-dtv-limit.patch: Fix DTV race, assert, DTV_SURPLUS Static TLS limit, and nptl_db garbage (bsc#919678, BZ #17090, BZ #17620, BZ #17621, BZ #17628)- resolv-nameserver-handling.patch: Replace with simpler version with more compatibility- memcpy-chk-non-SSE2.patch: Fix __memcpy_chk on non-SSE2 CPUs (bsc#920084)- resolv-nameserver-handling.patch: Rewrite handling of nameserver configuration in resolver- htm-tabort.patch: Fix TABORT encoding for little endian- Update to glibc 2.21 release. * A new semaphore algorithm has been implemented in generic C code for all machines * Added support for TSX lock elision of pthread mutexes on powerpc32, powerpc64 and powerpc64le * Optimized strcpy, stpcpy, strchrnul and strrchr implementations for AArch64 * i386 memcpy functions optimized with SSE2 unaligned load/store * New locales: tu_IN, bh_IN, raj_IN, ce_RU * The obsolete sigvec function has been removed * CVE-2015-1472 CVE-2015-1473 CVE-2012-3406 CVE-2014-9402 CVE-2014-7817 bsc#864081 bsc#906371 bsc#909053 bsc#910599 bsc#916222 - Patches from upstream removed * ifunc-x86-slow-sse4.patch * pthread-mutex-trylock-elision.patch - o-tmpfile.patch: Fix value of O_TMPFILE for architectures with non-default O_DIRECTORY (BZ #17912)- Update to crypt_blowfish 1.3. * Add support for the $2b$ prefix. - ifunc-x86-slow-sse4.patch: Fix misdetected Slow_SSE4_2 cpu feature bit (BZ #17501)/bin/sh/bin/sh/bin/sh/bin/shunscdibs-arm-6 1632246866 2.31-9.3.22.31-9.3.22.31-9.3.2 0.48nscd.confnscdnscd.pidsocketnscd.servicetmpfiles.dnscd.confnscdrcnscdnscdgrouphostsnetgrouppasswdservices/etc//run//run/nscd//usr/lib/systemd/system//usr/lib//usr/lib/tmpfiles.d//usr/sbin//var/lib//var/lib/nscd/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:21234/SUSE_SLE-15-SP3_Update/0a8d5ab0cebd98ac673029614cff39f6-glibc.SUSE_SLE-15-SP3_Updatecpioxz5aarch64-suse-linux ASCII textdirectorycannot open `/home/abuild/rpmbuild/BUILDROOT/glibc-2.31-9.3.2.aarch64/run/nscd/nscd.pid' (No such file or directory)cannot open `/home/abuild/rpmbuild/BUILDROOT/glibc-2.31-9.3.2.aarch64/run/nscd/socket' (No such file or directory)ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=19e30b3709994a15722e4a12d341325aca51ae8c, for GNU/Linux 3.7.0, strippedcannot open `/home/abuild/rpmbuild/BUILDROOT/glibc-2.31-9.3.2.aarch64/var/lib/nscd/group' (No such file or directory)cannot open `/home/abuild/rpmbuild/BUILDROOT/glibc-2.31-9.3.2.aarch64/var/lib/nscd/hosts' (No such file or directory)cannot open `/home/abuild/rpmbuild/BUILDROOT/glibc-2.31-9.3.2.aarch64/var/lib/nscd/netgroup' (No such file or directory)cannot open `/home/abuild/rpmbuild/BUILDROOT/glibc-2.31-9.3.2.aarch64/var/lib/nscd/passwd' (No such file or directory)cannot open `/home/abuild/rpmbuild/BUILDROOT/glibc-2.31-9.3.2.aarch64/var/lib/nscd/services' (No such file or directory) RR R R RRR R Rqp| sutf-84d953e8d625aabaeafd8aa3abc02bad71b0e9c7e2a927987b44537d02bab3243?p7zXZ !t/!6] crv(vX0qTkCh~{aJS4뒤V<<$+6 *ĂB8<vvjXon-gKD>U1 aK%{vSdaƨLV%Ҫk Uc<0xdqì63߆,F56ei_ZX-tfmJ4`VЯ-l3az=8^6"܋Q@T&$uߑۏf$4Emѧf,[70ng&W eP\URj!kĤep'"2_+)zH* x JN&fM3,>~֍sRBAa9J"\).CgZa/l-"79z&k*9i_eYJD'pmBk[M5qkމT^$1m]ׇ^i0Y-LK`0}XyN”j 5A}?d<+3>pW1-g@И t<TI =%V"ȽJ(NlGep}1Lhs%AbTʘHG5=PUR1/QP&p|t=J2iwn!-R̕V vFXt%H]-Ga-;M1Kl76>sG8;Ib3V{:(Y}B(7 Fm4=d\\䈡 >DHUQz@bIpaPfR\. wW7_;8Aœ@fpU 6%71ªqLdۊHQF/aS,[E o_L*%VAvۓ<~$g=2MYASiǑҨ`&!8:ܐ]f’0&WZzr^콷xViQ@u>(njot_ei<-#1ϻubx~0|nCm>g-1 aZV|Zh7ufѴ4KRnDcRe=rkaC5-5tGA1 r߯}Э1/Y/s겛8ySDy&Dd'`j#^$PJĺc~s^aB, H前Ҵ۵oZp"+7 B)7Äc_c1dYH($@TM?ħ\8iCbV2+ 'Lz -N$;6!_:MTaC4srAC6 zzC})Mv9Pf_SK!@:ӍpN7 6!b_2h}f$S_0nו4Ll3j9ajrg|g"7!;.$k)1U%!+sbDs/:*v]:t;Z%h/)Yԋ Jєh:{Z!8DOk4<Ќ їmv̄.{aպ0ivYC30Q. 6#o!a5ǩaWBuv+6윉*yYCmou@rm_yt{=̶QU j "R`[ł,Q-k2-FOQ#6s0J‚`pH6 F%.] PvƢ4C/1LkjzfnX:dl"pDm1DfG Ϲl ; viTϪOgzO ) stD:=aIO[ӕğ1ɓLre(=DW۔6Jhm+5aQD2e="TVT\8 Z*/jMɰKC+=wQv?o5-Xd4c=8 IEO:I'e#,ZDv͊ӜKCͫӗ9v!Q0`}e3ԧXȅ2{-ֶ.U0{D g pdӇv>zx=tbtŢ! Cz3@Cɚkh4im-< WʃBQsB0fqDmHD@b#_A> v>E~;k/#7BL&{C0Q;lkͪ}}bsnWfCJ[1@yT]{_w6+ 7])B;UkX CUpgXZj$jI,T}>6a|(R9X?雪/ѡV0>"#ӐP6QW l][`ge*mpߖen:j'$Mp:ޔiPNM h.9PmRwI m^ /׀d6X8Y?k&D,7z 2F4x\;Tq,)ZQxp'<ِWT^ZFp{8?[)K%.s}83 :cHrZ⡋ AAtTV5 5oh; m= \ůw_hKZ-xl;6/\IHes sgrY#~Uo1Q*ԏ37Y{wp5BuvO½T!ֹ8{3//ŪI]RœӌJBRpk)g2=BU4+}_'7ܭ>|ldh&5nS(9r+JezD tL7g"Wq!'mY,'6@JkyNcXzWn v[mE̒r#Yd/>fښ NS2 -FT?2תhm'M7NƷiAO*cִTI riUf($룾$Dɑ*&Ϡ4V4 fGEJ8|i}o0mGnilQ3Ee\&N^ wQ|۸}U~5?lo8Kא(4޾xT4~L.RB[ sz]=eJ3)Yڨ[L4suɉ"tWUExD\Q+Ñ4ܿa3ñ;V',`93\&֭2yQf㔉~YRqwO5mڜWЊ>TUvԎEV%vf,8rVR|N伕q"!N$oq", J50/׽e$7^13)'O3F΄TU7CR?XŹO?g$=Qxe"lMo<̾[?w*̌w1X`՗e#7m߿ZS[ д\[a 6ę#VɅcm)n8/Z(W,1~V"sm?n91s@wQ/eU XF9rIN"say+ 3Eb]7I޸FkJ(}ea B1߇*nNM$Ԃ3s߶C0:2_C#RF+hl_]փiŽ$Us5Z{ oǧ\|_SbnדjGD0y?{GblYqσ-RUH=6OslSLG@޼pGKpq8mK7(_!XX PI:?iMgNa Ga6jx].WL?{gj@>aU׌0`u ˇW Ӽj߾CK5]AaE[I<@nӹ; K*ap0~E Ƴ".T!& C% =4ØPW&IT˄L2<ht~KaY'Vةj7;CKEhae xvvF@bQT%TsKTJ36*>lͽQ8[ZOG(X6_Ew R؊`0$d,WE\+iY "=%ϬRkF['9Eff?"tgVD4LC!XI\ 4>?JtS3=ZL+j`GxXĿSIH"zP2Y9j8yE2_1˺ - 2 6)0}:;Z$a X@9|,aR~akvp1莰YENSIgnOwʯkl9#{(56*NEƐ)&^R76Е2 ZtJ㻜k"p nuluL).1N* 犚JibDs2̊cb-3`$%ꤕP[J 73h_H+0$t4@/?p۳Caw{ }Zx['0yv#(y sq(19N+g>ҫfdT B4?4OTw x X4hE&3yy)*nI(>WllHȲdu^G=xa*4]t򶹩j6mxW綉oSL.(Qb<0o"s5?K-+sn1 z[Q6tN{$㢗׌ gbflE[X঩ZmcE9I{6'hBGE Su<^F~o< h |^ǔS+\`“*8xP>ky8qDMGp{UVcf|a*/qmy}?҃1V/Uk*i-T*~1($`\MjgSƟvIlYA^as|7fs41\A:-B>Oے1xv}5ȆpdÉ o0u|p:A\C^@Ag-CmWҘ#I8$%p_\=a\MGV:L7b{ Q(= /wV'L,JWKӿw`P|񻙻3+xb&;hSsqUۺ#l#8} 5>QQ\cU:c;%hJbnʎǂ_3o:esy5z\>zt41Vԯ.d=hNǗDldX9/fd\gH=`W`FKu6$5nQ"Hq(b;Y1TImq O`&8 S."OQ5=}6a[l& JU ktŃz3TM3T Cbi/+4:*yByoϳ)EF ~srTO] `Z߳\XOz32 D/0ɕbxG1/F1,QSMh~^&-n> Ƭdz t'oQ6l=VP_"A3/(x=cX%&)``Y6/US`fhs{ri6W+I^vq]Y`C>Fuw:]u lEʦ NboOkUUzʑ\SaGMW7Hv^Š, ܢuRRrкl{.@ /LK6 tMzcƷ#rG \|Y3 =s;ECR~inCr|Ύ⒑ \c}-gSb|h0l(TƏ)`6gH/ zL)]HtڶK}h c՘ jakR'zvnH\eK>E–F=?iBEHZ9E {V Vfiri$ڄipYWLB{P =MLȒFG>_T|`}~1j(> ;?@i#]E^HLɲmCE5"mu'H.%웸H;ţ_$HFl[N*iY)V)rQp{Em)=J%+FSwr6J%0OÓb=Oٜ^.D؂h/SJm!n9x،bu98JLlh3k8y ֆgvRGc*<=ƹL`뒅]#`!=]q3BqJmO!ёIWCN1t01Kt ,1.= wx#&؇BJ&4TPKG5z.: *Žh<ÐrO&} &+̽y Qg] 7yvПEh硻n(jC"g҈*]S& fDJǛ+[RуF;_K"(P~/T "WUJ/q3t^uFɽ[=r]PD6qd\~E"O,bC1[d:Brb5xln8 Pǁ惠H0rW]k}|*z1(}sЫY]žs P]b: $}ehP:"S9k8m jsm6a!+[kQhꏢ{$ e1ߐ ǩp+~|sBz؉'6I:$P-X'6X~^`DZ}J8 Eч3dy7̈́83;nSы~YecTu1LF& YZ8;I"FtPYTBh 9w |5znaRPyݑ+P%3 RX0#':HսUwUd|8s2o{uaVq^,cAea@E۷7bpM>Q٤tR)$vqj~@g vdMO.,gB r鰫~"OdޠzFDUM$ 8śҧ,W}"Z8fSd_WE %M&V^fk ed15t85a<)KI{SMYSMu w'.B?6m ܵov&{(љ •Zia ?2&tXd^Korкpo[}=+C'U {3j r`fF{0p6 yը1]|sig t\^R!M{$5pFwD,}U"/t6]/7dz&H[-*QI4Y/&HX\ݚkLIS^Gm[h|Gg9\ ]ܧ_R;ͥX?[V2<[+sVsܬq}/Vl;!TΘQ`2t^߆]%Mw"!tWR06]b= TY]hh}E+ԘTjU8XǕ@< d43+j,~${EşOKi#nM"r^-.vHI_\ƃEjClMR}9]׽e屎Pؿ=ׅrgU){ ᝨ9›P`>)j) W<2&wB)`D 9:]$Ka؄*ƞ]4ZMwj.?ckdBk.Zpެ4k#⬽, >ý'x9P#0vq o&]8cE`d2COT7*ZN BO1X8:-W_ ?\SΧ 8 jhZ R@yn4)ՉD_h4/oIÔ"}dZtJęݫLD5AVbgE.<]^ 9{Z \B@+!7+4"aу]#go:AUhKFň,Z:%mtUbvΟ|J)yͼgtkRIg8GR ,"۹HV tk+ªF={͠^f\EY|' Uigw_;??.RTg>\n'G \OjPmSHc :<8nV|p7pVe'>h*n=,!WVwnuJD0ʉj_I]ٚ*ǔd wVx |SLx$5PVȈ+{1 J0/[\?s9#dWzV\ssgV-eH{OZaE* 81񃐌/fSdkXz49@ Z@l-֒.AAնݟ5.UT/NV'/)ćc'l*] vD$yۚIzlG1É8Xh;]d 4x60v[#e;y_I0D~|0֑|T@(ޤdd7t퉲V6<Jӡ K3\IZ0+yr7~MOLta)F3C.iڡW f ^\x"k*C "Jt,Bo3^-u#S :1i Ps|z1*M7޴gAYsB^ـp`#^|@b+) "qp"NGCH7Q+k4k4khF*FӰ"X:Ĕϝ3ܜI(ŷa+C}8;A&披GhLzy63܊R!ɓN=7P=>!ζv(";\+qǬ]p*:mfq#xO]:a]dqtiB˗\6*ÛZ\ ʗ{fvsyt#C 8Hѐc5uķHhYܪ:)P_iW."Wwg(9%MA̅EɐxO#qB3f@_qfwxS&9?@Vg(DP!>irc6;iꥋP`؈雹 *7(gGa:2v̿“r]@ =}2\ljaeňRǟGqth(O&^cb~Q Qfǒd%bC(AUp.~0h+2mts=Ls{mB)lwS3{7G^J!tUr_sK55L?\L)rsd.d ˒G.n<˶11"Fl,pZ 0"e1鼊 ( SbDU؞@}MA# a+E/;mJk/C-OhgXW394y CQ42|;M'{bJ7gETA馌|9}VRGP><~[OMRSr v W'G=_-y.A-keb!1Nq%9PTȜ1j񑅺XdL&BAЖ1ꌺ nw=|Yyy?*cT O:B Obض0s>G'_0z0QbJ٘㡪)769 v 2jV`Y4bofC-P P#)$c8L|{kX췗ZpXx7K#z{x XB!1|ls[ӬLT˫pENgcΞmؓjB{";=Ÿ$P_0G]ޑ FqDq3)|E,/g?}VnH:_64pܞ*\E mR^&3Ǫ}U<p eh`_ QX)iҬ+* DZv]s (.' >qCɞC~i [Z>uNrKXn"t)mO / LQPJ ȉ Y|'aNZ.8!P؂"6& }3%@"~+]\gSӺWw[cB;QD=߷=3H)h1 pW_fhDkۏa_Է]&l(H1&ftW /-(!ga)VW--CH10M_oE…ߋc)N|u7~4*-;{z̕,(hy? F+Uѵ?S/'9%'4vZP9`4A!NcIbE [7/*~ af#>U'&UBӴzϭnQǴF/T >UбI4 om yLǶV, ][y-=>*C;e t<6 |$?h(+U}*14 vNb+BkrߢYM<7&7l A-#Sll\rM\ [JՎ(P(xZϪ`67^iNMQŶ:1^)ݒhUu9+OhoeDFw/#ڜO( l߁b!`ᑧdx,g1) VYhefiɊl:e)'cx>nTICIB@C|\ըq;^&n<E@:{7FNYTIw=Tmkj0j?'(HLۼ,Ce^9q$aYhJύZI=`1JV*I)KJYn爗-#l;(/5."04XQLQ$SuV׻RR}q\ N+9EKp}FNa3.`( aZXI-yxo3#'| 2s e+ƻi& !i@be dg W(CQJ/%#gd!$@F& $??9ă?q$a,W1İ-DN戜Z%,(* oq=p/gt kANCNtS450:ZOבl٧6{Gh\ƣ%ڊdκk>MH RE"׭z:)=k6Qx/;kY%%V+N#op8c~-^1(4ߚ1@;$"ao`DE?x/dD\}{9'x8MlI YaUЭtL򑀤66ʎCX#Ww M1:kv_}snP/ZbC20EPR-u@>-rip VԐ\ ,jw[XS )Av):\.9%;H]x!Q,RTJSw[Pdeۮz5̂Z%ʼnq ×6/9Ծc,jfbS9rSI0M1 6^~Jjz,ӠVfߝBn[R6-tTOtW~gԳ33~:a鵊STbS7.fi>p.փd撛|Hq1hKLg95:J_([p5*or慤_>71c~,PM ]K\{iU~7*gUjM1%; k8+-L* ͨn9t>$Sm8+πk1侞. y3,0Xry<ٲq}AdmGE;M&b7m e>՗y[haMD5zRV-tm_̖w}yT6,)_7i)0`$;-<2`OBmgH!'dg;18cȦ!S&lLK0P0 q6y)K9ELVa&4ǻn[RvI_Őh*ĨlH@=)pH&Z5pDx hr^&&Vj7kapy>HsT]C8Bҏ60-ږxF` S  1ptۭcYk,$yq'3kU*ڥn"0AcNg=03PY2 &E> ` 9.2%mBb[a$O@}:Oq$tm0AS;neThF{I!56b8mvr)IN!VCMLF>!z7 '/Ht6ǤTz4!:/U{)q<GCMfout#~E/L3@h)qHˬ>3P%P:~8Q6wrSX([,Y W V룞2^k?ڠ\7\~RJ?3tVwMۡQpZ|sհ5HȮPMЎMw?&px^ ]IoJm,fRȠ֫ EfꫜF@C.~mInk 4>R; ՉNRYYG½ R3ECH[,ؔoWpNZM^I0(,JgHxχ)u1^_inA=ŃEOp LnU0s=P 3&y+=ҟC'UqWXsdhdԸ:bv7bg["LH\c!/J[@GǿfR,?n'$U\ۺX* Bn 4`+ggWO}4ϡLdj_2TQNU 3= uu$s0wJx]h*@[ԸE+ Mo]4;P'pc"i~j$O!?@h[-Y0U92ndPY>LW1{.YE6&s N"8}{H<Ez{ V\O +:k@c/yaĵ'Y Lްag0l-H݈ܲt 3{D`ǔS~`AIc6xNUz\u#j J0kMִYo{}tMFO]0L*\G~Mk{)S73 RJVM OCj~Bli )EV/ ą|>>V~= ;YS[=RT!D} qmjʑ̬#k9!}x;oH*E}EE5*WjOb9.Ho6Dw^30y7+a+u5p9MŸ2Kƫ{5v qD&sko^î+Tc]u/mg0{FSMU$/UC(%)q/!s`\SK.r 4\'vq:fChZ˚xܼJ岝Cu 1־:߇ }%WV$稖S@䴸SmEs%U3Q1J8)W2eқMtpZ1E=/SNv$ʦڽe*p(FvH|^0Jl}9ĸ>U&:KVȞ}%|?*S^1'A"szX s HNBLJH3%Q,QQ5'8?5Tڡ6!@IXWYTpL($M=1~/hZ{5PlI M.Ih! mH>=鶩1ʦ#}^)@"Ǵ:~r%p`Tœmc9@Hx^%2E:#'VRB iٻ4 GȈ%8iŲG=?K{2SPmC:d] q5da繑"ҨRyĂ%`z RwmJ'"յFKkb1izv+ULjƦoZ.|U:CK }eGPUR.^Pv# sXve' !~[Q/S7O{\'x,Zvjn^)1"aAY^_c3x͂QЙ#֜NmI|y>֒e-9k"H: CGFB5(KL$Is5 huJcЦdĀ]$P9LU&Tff y3uq5P ws9|ӈj3n B cZF|Tߚ_Yз5`w/jX g+3Wiy,SIXn.;f%qeM#xR NmYZlaLNV3x\%WMђ\[V"mP;p'[jZ8Lkb[v0}}noΣcAbun$H4,tݕ\Img'2_m}g .QgJOX'2m+MD'FIr|gNvqGPE,%+_>zĒ^zr_}ӀPOk-Ҍ",+dN 7}/BƖ1Z'=5*?2)Kve@xuPOԑ!-+}n rm*XK f@"ׂbU# gk_PZڥݯl1=CDeI[ew)=!{Su\\L3O6gSɳw 씦x  smC]ɗU9^dA;!:HwӬ9ݩqX}yGJ{#q^nJM֪!Xl̤.뜅DiևґXMɈǁwLMۉlQct>x%'󵣙 †v-j<`C =7l T*g}.g CaJV_Uk0Nz7S$Kl6Exk:#fC@fQgvx$3ڢ-s!IzO\7Yukn)|Yw 1)] ]_dd`}3NJ(ӝ\1-oL~R'{/eCu}XeQe7S jHvPL0 WA㳶J/ xEMNV :'i=T7I!Nlh|䌱I b 'rN®A.rnU8|P\>Z9+1bq|n./9iqD0_|Wb$cVt2U.xTucXi}C׌Tv0rs[*7@ E6 f=t!m:,.pE!Db7syDqL۽ǛhM\{ S3PH_#֗C.?An?1g~IHX )DPxq( Z*9{В ȫ8$O05$ S9X~fct3dG:jG&>>I+"6\;bɬj+,D 0͐RʋЬ%yʴ p4w 3@;0-QƯ0)0g@A'McF>Q^ndUHǂYw겥"<>}ʱz }!5SS$y!푷 yBOcsGckkeֆɾ5WBf .]zel&#irdKlLK]@,`HX20YINni D\Un=`r{y9;kݺoiNr|s"70GCP߰;凌п&*. !`9jVM? _*1(&H? (C_+R%y=On%X;f)S0nWx"l/hSsmlq4nF,"ň;d ^e}0{y@h뀆tRM ̷q>E'^7ݍcD5XZ~ÙF;߳h#}FoEџ[]Cm KG!-*c<sKZ6Ox?Ĵ ;0,474˘ȝJpEqa87rɂJ0_L('.['9K< Sm{X[dd=INmM.4pmc)+ 2I"3…) *"0 w?2,6(q=lՠ2grnѣ#>FFK8fnz%atKǔȑ kx\-c1μ|]y7ґ*)K\}*v:Hq[A^䨠һ=b rxJ3=0@ It^wSG2G'xr;NXATeSu֙,+"e>"4 vT{#E8]ؐ$v"ctY:*1SLﳄe<&sjοEݓBJUU^-2zo'qZ9P7RL?pGjwKavG\=!iHk3;Q`^֚)nQ.uEQ8vpfe06"k)X')Dspo\L)okmF.fb0y>qU&1]8z֠ܤ]f}¦t &˪Gm3C Z)_ٮ{3 ǕrӚGrC0鱀qҕ|pzB'wvU]S5IHA$G| Zq*ӲRwFkr$s:?dr&PN Ph.Ч5&Ny@pfEׇts`Jct,px/X_B@ 4mW/lz#h?O%evl gCeG'Ml,F$K&{pLAJ?0]qQ%7yE06v 3pG!6|jUl4;j[E*!˾򽍉fVqgxh]@lļTUe!OdԭCZ~ oҍ:Dϥ*+:,~<&/H9H݊VX6󕪐35oOb,b-MWELV/ݹ 0ΊTuixnj߲5:% s+%/On8%}6^ZsS/.,=RƮ`[Ku2]{;8 &]g*,m@6r\Rg{!׷ɿJ슜K^{x0jTad NSK oJ|uT\vw!ec^$9,[.WUfhѷ)35]" gaDZ׺IiȎ:bglZ[#s赣EUw_] x4Nn ܴahUl Y@po!*[ ;)!u 9TP2 mtWAl5$a_ Wwdhx@;=AʽgJ, /dݍ5U bӺdRb2Ɋ Yk;Z|g\<8jtN1 kr+]Hw'f7$EUcՆp+?;~Oy$S,~򫅀T9I dIť%@SQX^RXb.NE55gsr3)4ufbȮe5cO4} [Jf]|倒Tr~7ǯEet0y)i\` <ԵQ9z}шe4V40rA(,w}h)B!([϶i*`DԝYJ(y#2e+72,~ك`b6Hf؀{L*8=`Vy;uB1uf qs"~ouHTs$7Ӛm;&^;Ö&B 5t +@-o7S :.x{%-9+Ϝ8%`OXFnZTZthCz6mQR g^gFx\7 Wْ8}z6끦PY ȫID*xlz_4K#ٲ?r=w\s#NA2:,ksHe&r|5up02#3N:_3^5a_Z :Bd$Z-0dvHz[YL*3õ@' QoHk J*(\N򯖜A~h:X+ Bv8w:8X0FfS&.;˭N 8uŦ@5aߌlcf}Dm=|RH0_^[G h:D9omAR, _dWVd,W{ ~ !Bw⬂ miQpCm%-ϨhHT L֛nZAˡ 'dɾ <_}Ѿ|1i' vhDU~U [WeC.)bl gi$zo*oaS\6"GƻF5QhpXKuV!g Q:r p(x jD;aDܺɒ')Z-n v=hL5x=-D)WY=zMd3+z32nPC(On Q#ږf(eօБ [tQOjvpxXAn}'xjoKNi٤t{,%jN nR]{Ea^Z P@کle慫?'CV#g+' (0: \|9A~5CX,"A97_MwI/ع 9բiK w10(Zr_RԹ>40‹< 0Y+E&t3zi[]hiPJ$-M%0>m !R^#E@eŒۦ&8T)==)[;oݩxXXBT % U7o#@D@~cةʼ D37Qx=?r n&@8GhLRC~}%uŎsQ7;ȹpF`~Ui{:fS.7A;~ʹR!s E/&^50tHa9˟o5/m54Ni:UNYʞK˔3ހ>يX2>@r'D+ye?lOWJ v0 RՌqq΅y_o5RA۱fYƫp!D.mGO|m0I '@|GK&U ?&-I ~͝Pgjhl9Ԕ_ kF#w'P-DmC4 fvj$M~1]s@4W:1bB쀑mDR۶%'}e Y [uy>u_mYyI߽3)Y3.(q%#QWɀL} }2[ܛtOK=w< %2} KG,*[1+|5 ijA4ue>{H0̋N h{oY!dɆ3*Ķ.+B:79Ʊ- п:(yg>zEz$%OٿRuUݳu;,?wU@ ': owxNڼY"c`?⦕iKB3Eywy4\9@H` wmSz|b^<;+nCBQKYq?p&'i[ĥ;'lFrO-ւB?)&U8 {5Դ}h/-1'Sټ#C}i~rb9"b{JQ<(z A#]tjPj2L>'EPo۹^M>h,gs&,r.%q8 *6{Mu%{vGwKo;CB_FdvŖ~Nj#)+i4݋s҈(UDDCx2f DI|j׿`$h$iL;f#h1"t8éOQ\*.%55h Y O4\#_Khi ygȎJ2tG_ (pC3C+;]]6;m`4 8%qz9 Q7|v:/ o~'T#wi-&%P+2ʴ3;7Dy+Yf^uW6 xw_*/]$6}bŃ*0FMR_uZi*U3b蘤!S9ܺY8%Y m*̛ң 6>nkE>BBZZ]2}L'7p¹"$Πj͊I9?<_[+,aU~Dd5Jh)ML?,Jw*hBŭ쑞.ȲL΁X51U ۡUih7[AD* 1/sTOPwne"_&K"&OO6|Ye2FQBvqICoU~]Va_{'J,^$[k2B?qtKU"6mt:+ې fE:G5UEuwSe$̐~p?Ce"&2mpicj}Z$9G4hg\VvCa,+S,zdnMe饴yZa!91 Vs*U+NP+3hhm>wg!Ky:JUߑXxV >;[oAL/~ւqTgOf:I/z $0:՛+է)QW@цPB,C&ц&X@Ѩ֠JPHB߬) ,s :ǦنSVVv UVx%BN0w/|Z%p/^ u^?qEq^w©vaD!N7杄-hdtg}.ÿe!-c0Jw>gRM[ ʺA/χ%˩"Q, NQhi=Y,w:++"GS<\9 39Y2Ӱ6E$_| '넳\y8w cukl`Xzj\R<-*Ř |;Oʘ&2DdK,#C GjpJ^ϰŨzǀKU>Fҁ.•57ӽ,G7]R妖3\]^e' О.^^YCLu'>YaA5/" Rnj ,)ym_M[x]pDXh &t@K䬦qt(BO_DJ!/`˽n|?1_tھaݝ=I-9 S͉4xHS"&~UH7f+3!N9& CIzLX/-͗=ͫgKg噷7g2X䂚'Mϳ^%]?hΟ:b&/z73ɏwYeSDq&*HaŪ؄DqJMPbG`؁7r]w` \\d*Js]-- B)vKRu>Z'Z(̅IR<7HE&n(& UC "t]V_tӗPWydn(I[G+< %W_tO|@X7Ch+||!ш EF`K( b foI MYJ}̤E^J{a+ëGg(\t*ul`sF̼0aW/U]^к}` 8׉#R\hJp9hp:LuV,ӒmJ,j'^* "*,&L%8B=gDѪ,uS `/ !}dI;\J˶`Hd xsba,rg4goKukd{PDUV|z-\ͳa>!;a{)MKëʵԸO@xƣ5W;BA4l A 0as#c9M;{CJ,TflH3U[qg*?iDL2շ%X:f-Hp,2h1qnaٗh2 K6N46-(4_!BS,! 4be6\oNدESޗق#ebS8.I M)x.2Yow#r~BvE@YjQF{NJ5Pe5(=sxm' `Ku&\vU\nؿ"(+kǂVulNDt,_gwD_ĝ_ !e'FP st_<*vmaHܹjGeH>k t`3Mhƥe  rcB()v=>l+_~saޏxBcV$o:tqgǺ6o4R2= 5eC2u^TL dIh)9aƽ y:Ϳ,Zxģ~K8)*.?b3O˞}zTXޚemTƟ/O8s<F_# )3Ҽ" 7wx;ii>Ҕ#jÀXQW&Hry ԊCڽHq΢&jbze3ohgc'E. zWi&?lt׸Z(!˱"hi(d c#J]v*v"jWcr70C|KkpB[0hg~}h0}vԅsgdApH|^tԐ[SϟȚ6y%c.bp{{\]ABP\cHMcG2jĂ?{8 2["&9$Hh)ݥֈ#qc?~Nڎ1_z%J񽛑mrpG~I,O>ܐln%hidQeDlJGtKəmJn–fQPJ+8ؙ?pښ:ݍzMLI\Ss>akIҸ;R2ɈI<2}ЪrP_A᳡|Oy lc8HBF[3^JˆF BjnBA?%d-?\L!~`!NOJs}m-b3@:Z-ְ Ur Hq/yvK-h #⨼` )oAC-swwTჅ0k'uV4JAzHXr k fE%iEkHPn'f^/26h[q'ˏnR0l-+1êWJZ;a2Z)Xh!gҚ~M2XsޅS(*[4`31O \M5*:q2%ޣl.-k1G&pۆU8劧 7XU=z0AIxܟINѩ|Ѫ}*X;61 j@G/j8$ة޴~pߘH: 95@_z33H(X `o6#H(ԑ E|ZnS=|1Tq-"̞ !1'qHɣ;-*ԕLvdE'r#͍zg2{%aǥhct bO40q/"r鸭!E@]GMj9m@% 5"#,rPb͛ @}O!2ӌ75`5jTk:F*gaMh&3w~Q&#g|b+Q}-ܳ l3/\p4*)̜h!B|F'Y8hт$d- ǰNF9CߗD"R؊?r_|3=qC5' 2irGVEL{V O?{K cz2GKぷTQ749-%Xp2V}潿 s]=y`3'Z֘Ϊ0r؍4̯(R1[+^=^} Pȭ=ǀ}0/+WJTsP4=wRp&IpqiC> 0H(zDK2d]^NW42IdoI F{R@wc|<|Yv]l- aܶĕtRhqsذU&b:s ibigs}pu_Nh-Idy&\/J\ 26B >=A;k&81P 2's櫉@)U-G5wWqhVwBmಿHޡжJyǽ8fHb 5U*ǘFqLllH/L*HILm3=>V#>w)~nJٙ;z:vu?T?+m䝕rr/T`7;-5ts\Ԣ)bm>e~t!ak^#48:/' |j8=\!fPPQ*:u{=S':DE's- t_S֦wV6X+L n]൲A,m):HM5e+hv~ò55BC\GŜ&c߽4p!m{ktA%[TX:A2EQzJzJY(vk;sm r: ukWc[= 0qލDV1En-%|C bG1R154cZ#`=͚}O )2i5}J~c+WB\dcWXq2Li&xj,+8h"7`=Zn['ԷܙKYO/jAޖ RҺ\!WDʗ[๢Fy{QqsKkaGVVʔk Mɍ , pz`>\ N+sA*OUuaA0ڻ@G)9>P`yz~t&zm#"U[vWO Z2⣹}vDX7V6UK\&퉋%ZʥH'W\Q]cXqV[;pߒWZ9c5[Mg֐f)?i y/~ L <˓oEsZk5܋g5E0%ឬJvs0"4̣ya_2A#@?H!>F2V˹d>uCl ęTRD*s&?X׭%wͅ?c?Zμw2)x6R;׉n3KmPKȳ4q05,,(-vp*sXV(# <>*٤fVڧ*$}dAfA".Ԋ'\T{ޏiai 7?ZafAIY(X>)1z(IVKP.8(' ՝ǜ[d*+1]E\e@U d8]y=*3(q[@--JD`'u%bm!g=)kђ$߆]1i^.P:OpML`$RI ),p]qg/y(g${3*i{jYI90<[R0Ǹ'[# (o>?f…Cj,l6Fsk`?I }'HV`/x4<^O!^]`+Ԙ)ꝲpc \ N؈ =[.mW: ^2Y@|2o/Qz5u)|d1TwsɂF %Ď.YZJ> $=o羉r*V ](el=<)ŃfrP9E85}ǰ E%WJ3L7rLcX桗]N !c8NUܵ QJĶxΪ3n^EA( SMcՌz*Dq)=x&}-ܯh1ƒalw%x[P5D=[&2?RhXR|OdLz^|h䵦ѻßAu. e!@*^>64AࢼI;Я-)F+bSk傷~{q' [\Syu?^>jsB$3X0%^:pbqj*BE@4`v9>_)Z!Iag$JIkQ xʣ/nM5w\9 7(_+a t)8k Yt&,4o$.<d3Tua8t|=߂$Lϳ)GAs5XtATA `v*KvdE65B}T"ZN'tׄc` +eLyO:b]w AGBqnHÌڈm,v~6,?4 p}T'S6KOh?HQљi{7&EDtuytkBA)|+lX0\XSs[bv!nW.]c\pAK.~;WSHIaujC!C1lEmzGp}([sZ1п?"#((I!`by4NAݛ[4lTvJR~$>y R*Zp#F$ҞD@JYlҮF*68 àyf;VT4ePnB o,5{T{H#Ӈ(mᬒ>@]%{V3#U#xONe;Ii. 譻!DQ>Kj~ڠs(N/AK)f7C].Ul8Rb[zU<=ʛA]u:~!F$_U6Lh<Ұ7WI.3fB$֤2ڍ]v=[u$16%ZMCsHI5gcz9 5o[v)FUH kp" Z䋲dЦ6JS MO,=\k=O$D #s7^NGzP$ns,>s.uL"T.>?(#N[#bG4̏r4 ܞ>̘3?82F[0k.7ߔT}T{j""EsJ},*cR eN02 O?͡p]|4]]7iCm̴yxFcʄٽJYOp gW70F&y탓VZl1/1h; {"L]agrE 2F[9`,CkZsݰ'PZۅ`` +/`Р7,~A/VSɖ(Tꭩ g->Y Ѵ\Y{? (76Ÿ<qJ' =ʧc*W6X#])q).!.!2yGKgF"TQ˂iD^h4Hp0 7I=_& Rtj冲(JX-9*:YjڙU&[/z~o% ]6E ݨ@C Ժt$8?*ZcMn}wqFqR+m=r* $k Nk"V2\`{/.Q*{ہ_iߚB!}^b I[VVҭf| Q￟r=G;_0vQך];eb*On *`GA} KRɫ>[p /]J$\ b%aY%3)\K sv ٓd$:G#s9i~c=J+k0'J[W`W)?h>+r@eQ*o9pbť"OYjpL waY!K{O\%ܫY[^kv%观-a'iD  ]׏rR;VqYanׂy5"YTf4u-OP4xקvov :/Tv:;  ۲]x}۱a70 qn@5,p}͌q<Veٕf:瑇aB\_=VuG!/g l.`mSՆ}mҎxUˋeOmL>Rq)[d*qDsKR5=ı)c}rvSO +*/)hquK1҄*1"aڏ>ho`_xa37,[1k8-1&i!.թFV\ly9p+@h]1ߏ!_@,dW{T.%NYfsQͮV;l.1ѥmj@l ᑂ2F d>iܧ,x~p\;,>GiR9n",+N3dKD9ȥ? ^ӽu#xr:`!u|LRmB՝YQ"BT/_KQ l}Y\\iъqgCis{<˳O1Onڀf~pBk'Ƿ2Mg#Yqtqn̈ǔxNUy|1X5ˆƬ c # uY|S _MVPUQD%Tui9Y̩Ri0 \GBN& }47L&!T*iBbi rN39s:MWVz8-:4fFԑ7MJ)ȧ'A/o03i]oZT(ZJCZ}+mOvsd_qƓz,U[K;oS&giY`J; #R] YQtmWz S<؇t.=F_j %S{bXUw~>3LcK.MytpAɦtQҢXz%Wy[{b_;ffAW~'ݻ8p{3=3Q#Mӧ=Yd 3gk&:4l:2jIEXi l4 czܡʛ8ati> QB*>oτ(:;\b~hbBAs7"ԅXzsTmp7~+TT|ivS6DV`jzJw, FV=_n]?_fL~VR@٣HIewӬ>v;ª5 S^C{?nJҗ2l}X!wg!tBE3: .c18'vw;gYɓ &uJUs&5J?rD߶_lD+WY{| }W><XD!CI:"\j>nV8V3}.B^6sֵT@7AT|e2V@-Nqz4u ݘj:ʘ(ڻ^; gy㼣OLi j]ا 15ֱ#҉@,)%r..,YܻexgL` /]fkɪg2fyM!2I4e}I_yyĒ<<<q=tԣT\r ѱNi{͊IjdNA;\ Zg,17XmVvi||̊=Lb7G V PZ@/k.̏XlyP\3-&ƮG\Y! &+x@;<Źqb$6V2DdC"WZk0 j<^/R_ԾXd RYgTK^y] N0f%qAr&s0SXAW ?mdZϨ6]}N.Ħ,P7GVa5ķ?D>+$)4Sky رKQIo}F[gOD&ykTp$.覽Uq ?H7t]RA_Azjï2|ഀWb6hGs+}yzж}m|?Ɯm2 ֢+ۛQ^$6<ݖ{jx:kK| h@z n^]Ɖs)hz3c^B'==3__)Mx-tQ u͂U^ L@o_2>67^ _%2 nSB&1}fWښr[up6ZucbJ*+gzAqv:/!w`fc9\|Fx;sz뇝U#);a{QAjlE2[MU3v10<vCa/!g3H$De;8 Re^8s 6;8g`mX\MC`w6 K\@~%&׹~!B;KaU2T% -90"%&Y^1ga}.>L<(}*mwSJPBەh3ʟ*dpnlպZ`gX=,7v: i ɳP$גEǚÚ`(у#4^?} |ʑ"b͏C+ɨ4/{H}(Lȱ1Dajʡ:AV`kTtq }\*Al08JN\ e;ɻpHnQ(e<#dZYBjgck=(/:xn@O.IθA*gT"!eG{@LMn>(7~@| Tř~b^<: *3JN!۰ ?oE}^w_\>dE[09q!b]f)"ۊss .^1IE @̓쐵ŌVOCnPM8#MtVdKtUua{ASv/Hk1X iLXעiG(QynEFI<9 xr[Q%,ǺtܿAQ=h8ɋN!SI~wx6j m`RטP;vrSr&.3q6H` N;w "g#R.u>V21]y*؜y[ ʿV=|ܘDrDV%vc໩C_wѭ+x(9LS0vLkwHGO J{AmnQ^jk6ߖR:4n!s'_f\.Peu {IMj_Ah(7UZ})sRo%|RiGl TUrochan )Si%p3Ѐq "xu'S0,^N-邷 .<5[IG`8nǹcJ31(>`xKG%CDMʲ3: .tك <<,GzLOϪ-]s!(tP̝,S3n#(SX|+H`x,e s iIibmK8QV3ZD{,F [Ұ|ɏwo2&rR)&) u$>( ~X뮋oQDL6=@}R .(kf LZA[~Xaʿ|̑ni܋9`1_-U_hRMuvS eOݖ~z>#{->)h҃OЭ&ޞ$=;Ñ\ʙMЏiAJ#)50&ׇ2}/>m@(1Mǔ윮hǥbnKҔHC)" f6M8G XmW6^(|NRL G!ً) lNѥ\bf?[4a(,)xZcC *y0ӆ= +Q!{k\O9@ܕڎ1Ư]i"\f_Dpfq,[aNC@#^y vyqs"` V+ꣻ\PgYF˄)m׎{fKxmpJc*'sH#_E%fzUdBf.Ѯij4qRla+θv%2MM& h'>a%,*YJEs `B+)Ou*ݳ(cT-so"(i#GA4. Am x|@ۊOwTҩ'&־Ȓ c1ߖYL!trBZ!g||,3%z |Iq# LTyJjblf~@oRQ` 8e, Ыq01^X%9QG 3&ިCZJ}!Vb5a[XTƾy3}"À + ?u[e${l$ؽMΤ㶧(2 uYik(sE0qPtퟰ[n>xL vddL$ڋy+9 ):  TS\т+`ɗ97┲OYgF;!;ZJ>?4 Sj8|qfQl,+E׏9L3_e}`(BJ]f D1Y6UaG 'm s@RJ%ϲ_7 [P&K Urx7L%=!WkbHbQv"Gsgp\bNp\ܫsv7BoɁ4hh5aetK3 ts7I8%Q߭(B We/KTj.;j-Tga?HwPqK@eJgfQ|' <:fY]bCֽ@h5y |5dV_R7ۜn*_ݼz[HUYcLvܻ%k736CI /M:%Kn!~V'zxтIl$dV* 4wFqrz6O kv~v̎&?'_.ҡ<4Fӵ-Wwս>A%T ɧmuJp{waҰ2ϺTu[1B ZS$Rd\g$WQE, f{㹦murM+o{{[!  ͕2LE`wQuA(936Vyf-F;eO%e_Ǿ/QHe1V %k?q5{KDVށ{;͌KE;)HG"=aH~†s^KZU$a4>0!|&O"J=KF r[+F#hbR%[ԝ˖|\E3 llg{G[Vt`}i/," tsm'F"+ tä s bs~}ع hPG_z+ {rYfUiM{v%K7}EC\% 9hǦ!"W3#B |9R21: MS$ẚ-0ؼ '6{ p#^qpx eQŅk 2g>5bT.EϡZ9зOh w6\RsU<>CαIb=w2 qxN51F(=0W`̞e)@"Wp%@XDI{DznV}9 ؚdCK\=/\iY PYS?pHy0&WPΧ^j:M&/e..N]zlJ@Gtw lt !I:D,'faO{"5Vs'@rBK&9*]ja!4=0pfkATST*9lXbjkҏcfGI, ;0Mk37_#avdRr2p2B(I dLj,A3TsY]y1|Q;]鮏d*'xDX lοnt9zi#?v*_j3c3=F%!w\# n갋Q(Y.8eJo,VO^Nְ~zN o'G!$c>aD櫇ǼPoi̞;n1yhThLybQVf ;!3>Acujԓ,PeHzu &u|!nƲy!TtDɭpSo#`ug۾:*`je| ڦQzy6o .G|Hz#DPg4Z'l,ٝی\ uw,`G J9iG[=yDB!7 ܛ]RPNtrax3%|4A[%l!BL0!$lcss#hvcC[hO-p6G͋NLץt:g)枨n(Q75؜clO*ldC!m+ʣ_{"a@F:M@A8/'6TVRCar-:!e"%0[>bwHeWiG܅nq[M=8zw;!Q~8^廍.1 y %8hIj͉Ga*uAc0 +B,;=,2 ԧBX)gB#3#MF"0Z\Tɚ*=9jz$l+.0;^Et8ƞ$yIY2+vP*u KKC :&М#=nRMY}#; 'g;2 {H\ytƒ("@hn2] uC,Q~C].mT`CR_/H0jRk h *8Ol; u%v J -bqpX5N_od;)ɘx`9u%qރ+ǃ^Rm {~UcTL`>Lfj'3u |?5O-_/;#[g՞?Lam:v:`żrU-J:ptWY5o:?n7^ӌGBqfQO:pr|Bا`d{ӧP%8$,eUPʎ:g .kn.w^t601A!#4$&tqECMP" DX5a?&:,)قIM~֖z*j@Bh Q|UEl.7pObQOq&+5Ii{@?XBG1_z+@nU=n@7Rh-!~(S DDu.{)mM)nxP`@TdvYTDI'?jh@;Y(RU»rS)Py('pYBը`wB諸ءÜ' ᶘY.v]gy(QxPNHT-^90Q[S<ASb=i7tdZ?`O>V#bԌRjxշ DO7:e~521@xmR1YG /23#L+crU-,(D/-ȽS@i3Y5M[^ ! )d_څoL.tv5 <* Qcl0#dרP9GbS, n^K:M?++VQ{-\$em5>.|G7Psa}k d[]kTsB[ ,?9FD38~MQ!iؠ.}ZJHƋ~(Dy:3S{En94AFyH.3m;Zܧ )u>*YPRȻ\@36a4EwD8>q5BM)ܒ$, X>TL]Z2rU#5nGx?]b &QؗR0x+W4oΝQϪ%~% ~TfCs$#NMYnp~$|P6,0Tz\úN8Fkʉ^Gk{!sudpOwJt {J?tlMVxKۭVTUվ!ˍQ`sH1慷ӦɎAqH]8uqX/%*1 7$u6 }6ߘhVc)md(য় : COṈ =<ߎX\q9vz}J@UΣTԤ 2`bji(sWgN@x1 LC­]] v0pݪ?X(nʧxӔfYDھ̳PvZ3nt0.2hf٨_mih(bЦֈcזf"7uc0rژTj|LWL7"{L_T~aGʺn6r~ǸD7b);zbi!<\.GON\oxU{1H) QdpH!;Ȳ fIԠcSUԓI`"/G8ΒD5VT^}@7!M’ov:g3Ӗ 1MP 72k~,U܄N{M6Ӗ_Pf~T (!i/`-`'€F{|~ÉNRr 2x2QCPRCw% i dgoȑ#Y̺N]L3=1tUl_DL}cGf47:b? 4 w d !6`fV5fԡq`шe Jeh;aq6ͯub k WZe%']SgU`x "7*Ý@Bu&ܾaM`3J8e`,^+g-qHy}o=3Т_qo݅B(m䅂BU%s܈8 S~CmMh]<v`]{Svjr`00Ga?Z8*BPg=+~]>)H-0;o?x-NlA8'# ^T:ҙm y\pJOHiLb0h_7:Ӄ)k]`6*{!^.%fefk7b+Oa$\wpXyacbmP$Q@;g@&q| q&4zx+\2!oowmΊGd/4~R [!O d3_Ϫl峌 _օ'2Yō2fro0*R[Z|k QFBĐg4δloFmUØ5G) XA)~ R)#ݕx=? lsyM盯Y,9ᠬZłRYqeտz/ ʆ`5o}yq)a.72#4pE h* ,Ͳjq,׬mh|Q7\5<9G _ ?x1eAcG o#`7ᣝM/M] 6tkYzgQTm|.B'`ZlȤ9;1 G;FꩁͿG1~i|w$._2=/*33Cwv#Nu4OW,IblcfQG{N/[Z0U/`v5,m)M\+xU_5sׅȫbF6ԫca]ylKd125wLedq*ӷI-IIǂG3)21Y/G퉯@^OA_O˜ èGڹ'-X6 *ֆ7n ~,\&=K# H0rBV2gw@ TmKlk 1ӃKM$S\![zg!yM@s=m1s`$F`gԀZ̜[ ޏy .ҭvGhɑ"§& $pzU8nCh݈#ĬCP䇎UUlޠpZp0ZAΪN]P^Ԛ8HgH:3I^A(NX^DGMl+A♿+]X*~ {o jYY&@5CMO0#^E>d$ǽvPd <1qD s`|an;-wdK,c`-8b6䆖}+Ocz "Kk5|<3ׄʆt2@_B Fb'"Ⱦ{M ]<'KPa`WR 6=3L0ͦTJgXTc1G=A%&Ol!YiM^%`pS?Y^MJVؕwcH*! ݣ72 z$C*uJ4- <$vfzb-83(F}9XhnEpĘz4;3#i+!a#W:!X8acZa+h/^>3;TZkVTr& жa,/PGeXcOi6,(Go =j(/W1]]]*Msf.lKs봬W9FC-*v0Ϭ[x榅^,#A⼈þњ Apq$I bh|e)>t8M4 Nn"xLJfDA3]RjIC&ɂiD')MCFqE0ZE)#PH ӧf-o6D5Wk%+>o m$ gaJ&do]=V ~]+Xi0/ƵNt ] YZ