apparmor-abstractions-2.13.6-150300.3.15.1 >  A bp9|[?)B ҧjzT-t[.JÏ#r_yp}!>ΟD_hbY5)шi42nv-bcQw KL/`!!C%̫-ʚ깜1`X[HYk`4:ȭZ)>mnT`995^p/PQMA֊ieDP)wg<ѼZ|X$ ݚ.d̺+T0:U(@+]׫sc|I0Zwx5p=?d - [6Y o    L , -0/t2I55D7778}(888_9:4_:A7_>FGHI(XY\]4^ bcgdefluvLzvCapparmor-abstractions2.13.6150300.3.15.1AppArmor abstractions and directory structureAppArmor abstractions (common parts used in various profiles) and the /etc/apparmor.d/ directory structure. AppArmor is a file and network mandatory access control mechanism. AppArmor confines processes to the resources allowed by the systems administrator and can constrain the scope of potential security vulnerabilities. This package is part of a suite of tools that used to be named SubDomain.bgoat04SUSE Linux Enterprise 15SUSE LLC GPL-2.0-only AND LGPL-2.1-or-laterhttps://www.suse.com/Productivity/Securityhttps://launchpad.net/apparmorlinuxnoarch# workaround for bnc#904620#c8 / lp#1392042 rm -f /var/cache/apparmor/* 2>/dev/null #restart_on_update apparmor - but non-broken (bnc#853019) systemctl is-active -q apparmor && systemctl reload apparmor ||:ZQR4FlQv}j~2D( d$ *AQ \  4 ]hi Z~@nDFN^cYS FW lEy`DIspx$zow3zdAA큤A큤A큤AAA큤A큤A큤A큤bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb3ff13295f6b13ee512fb0c5986bffc85760cd3255ef25fc26709237bc780dfaba0a70aed7ec618eff6f91d8c536c9476bc4fa54a9d6d6fcf1d1e856c4205e9d4ebbcf81c9bbe73dfce2d50a43d31644446ef3c6f63b6ee555aa3bdd1f3afc3f2269a0c2b6f7d113f66e4b93b20e373d6cb3927cbd6a8646a6ab0ce28721c3dbf1659fc6e88cf1eb5ab1cc6e9f9f442607180c7aa11e153fc8dbe8b650f693bd4da34239e72f0e33e03bb44afda6b4d051551f88cfea9655bbe78e9960589930b836c912b260e71403d3b61ca25ffbf12a42462511f1dd0da1d1a51d73f777ff52f2b9b155fc5187fc919c00cad8f3594d08385888cc5e923e224786c4aee79f8bb82a3b0e24fcde30b14031dd6cff8d43117b640b06f518c9752d32ce4c8866ae75f01acc7d1880cf3555ad7985534aebac3f526d099b276054c0c1b28d523a4dcc5ac4726cd1db6a1fdbf8bf76ddeb11b4e62bdc4d32afbdf16e00c61120536dbbc0312ef9f6e51e182777262dda336c0724c177a22716627d4b8a3a5ff7a0f6243625ec7d59bf1b5e026919ab955ffce80e6dd2930cfca0fdccb1e7262238e2f89f233ed63535fed305b05d8afd633948e30225c1320745656fbe59df4bcc03d48b8bc35e9323eaa5021c9a7daa78db1abcebda723c32b47f13652f3739a85eb8e6ae8ec37e2b184892f932126fa2c8b9c27cba66df7c07057be4321952f379a66de2fd2769fd2a46bc3561a79a6b21687cc7c80fe3d5419bd6c1e1d2688bfc47b660ccd3e325241ff4b56b5eae2f6e87880f6ab4210d89d791b199ebff655edc22bb2e548223e8bcf71c5a0ac46c71888ac7306f261b0479716465243a4f6f631e430031e05091139c9dd5a1699948274021a47d306bcbea3e6b5064844c48a776318a8a210c3c65638725de785fd65192cae0d484630efe167be45b38e2d1e4fc596a1c4a321f07b1d32f7d17b7fea22cc93b10b58f0138749ad9b3497dc58d04a189a336982c768aed85c7498cc044d38a4dc7cc2a4d787b0a06e7cb69065e9fe752e1c88c8c4f778873dcdc15a1dcfd9e6288f768c3ccd4ce688e2e78c3e478a9b4795a430443b4cedf7fdac2bf1d10d02d010716737b08f1095ea8d766cea1fa75d7dbc200edd11943a433b4b31b495270cc2baebca39fbdb941d0173429decf62f487129a01969604a821982748fd8d32f2184c7d5a31fbb077cd771923f6127154b634ec13a4c428e724f0dc4cc50eea2d486753833444ee26b0e967344c9e679d9b4030766bcbfbafc6878cbdebc28e4a607129ad1c966f1d4172d8d88cda60ece1427a2a60d54ed41132de5b8e90d685d4780a9d64d43b65ec74de56f2c290e880beffb3b7770c803a2dd8a2829f21c170361ac7e022e219ad8cf15299da41f67f6e263fd319b23d1df1da25df3f8f421602ada66d59d8722ff664dfcb9c06472276c0446f1edeedf20da952de4f9530674ba856852e45d70822a764fa2a3f644b908053978b37394f9ac5016dea51b52e24475de3230e761434b99a5703bab0c178845be19076e0af2821e3e478cfc56e1e2906f85307b484fc5c2c0ea0b4466e5da7e46296e227b2b32a8ac27ee6e89d654fc88055fafb07b9ae34ef823be38d74e1e2b6c412fb4c6dc9a78d2e20c7e04f12ec456db520e8f1862919d50df1f7a7dadc7caccb3841c9a77c0c1ca01e251241440318a70721c4050ba5571ebe16c35299b0a0d4a93efadbf0610f8a239e018d19a479af03fcbe4a7b839287c17823e8157796864c7fb5dd435a920c42ee617d3feaf7a42e425efedde9cb110fa19d5ed12624383d36a1fb7f7fe454b3605d383ca79b53c1683dec5822844f71aa88c83aa6f43b22997d0502e7fdd7177d0457b161b7ad55db86e53781011cde46045a51bae836ab0035bb75370f7a7fe8ef6ec0b076718a1f2e59d54b01c596844875eba17211bda93bd9169524d4221f351cffe15a6f5c0be360dc89202341465b0f818d7f99bfdf798b9b0b4de65a139d68fb09c7de8899477a17500e3bed30e2bff8d47bde1611a97b934250b50afd210ace375c30269349e9de786fdf19d7435d67b09e8524f0a8110ee22030bad9b7142c9581248819e91f4d3ce2f3d6d20b2512dde184487ab9693ba506955350d40fd09dd760b6e3cd7048243eff22f6b82cce3988ece66ec1e1fbecfaa619414d9e2cf10d8e7e2615a9f8ab4cb7bd5d0935753686c2c32fc866ebd7286afc954263111b557344138ca778ff73c4903b6340541c599bbe7fd7b985b26de1b793a31587b8d829b1f7f8b29adedc8b5e14c703123b0c2f49872a5bb458fec0055f053281cd853b84f6d28be314b453e880458da0fd6cc02c3c5eac22c4f49b085a884a76a3963aefde6396106521c602af631b17dc98ba382c1c5cd0f4b508752538fb00d7ce1e980fa4da3805a9697ca06b162be9123f0f26737941bc8d8052ed0813ab95d3e35f576c1359bd20d743c5f692767e6f30a76ce13e0eeabdcabecc2f579dff30da8e14434645bad5d3db5c92c17d0f39a886b37314c6e393f8020d9e2e93ed44f632e7d4473d148d079ed76902d230f6457fcedf1a82366154480eecadbf544e20af0798e3ea6698db79264587281bd2beb1b78fda21607dc70a21a2ec4f9593deffc638a719f0841680a70afcdea5999b2513ede3d5810e11ce18e14f162fa40940344204491a7c29ec2bd10a8ba442a34c0a09257d610af318801450882907cc7d04cdacdb1533095cc4757f9d09f4a8a92454bc129ac66c069f0ffd0b661d5dadbcf111587f7bce4cc94b57acac72e9b2a0166baa313efcfb32334370ddb5ad022186e3b3d8f3c89652b0221e4c90ef2a9b351967e8092852d37f7b3c3690333944b5aff5e0676c2516c3ddd371ee17f476e6aadcd36b7ac15831039fa35c644a08bcf2e6c8ca50f8b8ad0699188de039837b1c9af4f922a77ac1db23554410d0068fd6b5c7ed349b429278a3c6de532b90be8050d528cef0c3c728a632897163c4bec561bac91f88ddcd213465c12d037fbfb75b1bc16c9e8621dece1e84e9e3aa0a88e33ebf55cefa778cbd6994727434be5652b1b841f666c1be96bdd60303ac4335a24387c241b143060822b0ae5695cee1c5f5e7bb9a676932425224f16658ddd5433feb37521be5ffb1e852aafb91e688ea1e1f8fea86cc4c88fc1967ef5e6375fe911335576dc224d8c3df50d02e3d9e67406b9162134e7428d8246f6f1a98dbc66d4c39e3d8e4ebe8358ffb8d474e0e37b40bcfc137e714e6f0c50a27fb77fffca71a22d0777e869a2940376fcea1ebbdf8ccc87ea963f116711b6aa70552f3b34e1321aa09d96f3a1c0abaf256911f4fe1494b5e7fab1520c90d09175d933a035f3904d42b5b2643d1e93cc7df96f3c185a74f0b30d2c58e85a41d72d11df740cd6fa9954230505b33f2b62ed2570b1903d128e726ee9af859d131875596eb06ffab1cea5fdb02b369ee54461f97027abb25d5c755ee74875967763f1c0fcbf038169a09b78457390b22c07a8b3a9f73b23af1611675206fc964dbba0e706c95ea2b01f04e40001c121fb7412958df9775d03810968c9ed9a390aa9cc961ba9946443b5130aba13201a5531c798db6f6144da11caad66a36fe70853639a4e9dbab5524f1cbbb8a2eb7f8224ce26d3a50673476f0118574bf23f8563296b585ab9187ce7a5fd02455f295b637b164efa12ab8a6f8c6953c4ef94d95929cc0ecf51d0ad55a48d24b777dec6c7bd377c7b8f8b3a5eb38b99ea23e15e84df970704ae0e2efb6e3d501cb8e41ef6432fbbc257482f4c1c157b5221f9716a16253bc0a21bb510e3fe8d9137111c544189f5e10da3f3089dd23fb1b5a7ad691985f8a93d5eef98112f1f0d5eb32fc17bfe295c8d06601253dad5c0377148d48d6939ebae7f4734697b95b830e3cf9b544ddb0d31ee3dc821010a121607af3038c926d1e14218a0e429d6dc5d57128b5294ae88927bf1216fec3145021ac48992f5ee6f0f984f938c3ca3a384a408b2f91241a424af4c39b56d49235e6418fd504ef7b7a4c2026b7a364eb5a04755dced1643c57a7d5954305ee1e005c9a67800c45ad4141a55fde78ecd48d5fb8c50802094a1f8ec654c1e78ff8ca1ef5ba53d9da9b21a8a8fc96d42ffd680f74ca5ed2aa85d81e36a13b42a7d873b2cb4750b4adda32c2dccaa8f8194cc74d46d822357e15b10511c98cd94f31e3741999edde7ab0b60f00933ff96e863fac67426b72d79e3cbfd16bc77e7c5100b4c36d0b67c7f55f735a1dc8a6f08036325056fbe099e22144d0b4f3d123b0612a3ac03cff9f2eb9a31afc48ffa96929c8e724356b436c6f42cbce5f8c3ebb5654140bb0a399e1c18deda6d78d60e4494976a6d40fb27f87bd846dd9f8f7168903c0bdeb9e79519d4080ace51d5843bf1fbd512dbf96b983904d6a6c74786abcb06a393586dd663c0df40f37671aa54e40718715d3864174a223949c895ff8612105c74590e967e655f4069c86eda3ea8e865db38c107db01e59ee03b20dba7d998231c57d8b5b603ff1ac4a8b1d4dfe27eab76fc093a121cb47ec4bd7e163c3974ce58aa108d5d0f742caf52d48c31139d34d9955e8f64395995f5f7d9adb7efd0f40e00005bcd2c7e292556980373c235e4c7fe8aa165def311d1e07fd7d39037a4f64fe6b800df85bd131ac388c1a92213399ed489a7664e75abd83993d13da2ac1e3e4e7da28d019f0010e9a3e7c17b68f6bc7add313047dec835de109d0d8f750992466f40cf832d20a647b2dbf5187deab3a72e16a475ec173811c72ce393c960d264bc103c4d1555ab1155ce92ba3a35d9e7b73fbb004bcde63a9c313a8c13b636abcb02e360f6530dad12975c51c6b01a7027fd15ac2fa9cee97a684911981481b100e4cfb813af6a2cca1500b35ccfd1e8dc64923e558b37035a8ac1c95199dc43478e9f5fcb0bc486db6977a6a0d7dd13e4cbec5ae2ff7c37d149c232911974cf1df41cacabe6e1dd101ea954da42a3bdfd4876099f2e6ebdd081d8733a2d2c83ebb85b49a632e5abc19139d1cd4a50402bf2dc83960f0a70c3b23178680c222962a4d228bfe5965c7ca3e39416c16309120c8fbb80abbe0a7da6a355c3a3fc6391a139703b709ddc8657f980d445d73abb9c66c3faeca85b93665a2594eb74898e089f792a83e6431c2104ec425e6196af7973f9463e7b36cb77d4db1a8e43b6705b8399e4b39b33138e3db3d18bb5a0b292b7928ffa5affb05b9b1355109e6d2f4b25337128ade9183c916926665e391ff0df8d23c36c7339d7b23b47e025a2372787a21e0bf4a35a60ef853be4b0903780c220157398760b4e2bd39e55d051cb4fe2ee6db0143ac86e11783b766070a6e1fbd6e947abe42a86225e228b99f6eb6bf60549dc0ff14a67b7a8e1449697886ef5592e276656bdc8f3dec78755cc3bea1db232cb4ff43c973f1796acefb46cef55767313675030a7d257341b5645b419faa9b293f7a09370713d27a525612326cff6268ebcc6a21fc469f5cd46047af6f9d209f8015196f2e391ea02debcebecbf8022ececfee3a08e3973c3bb06d4d8b00539df6ef85035d475ccbb6aafbb88d4f2b5ca0e218aaf44dfa99b3c964ec7f9e28e94d9feaec30cbd38c5c067faef858fc75a15f0bb9f66a5af6e7ab8bc731ad52936633b9a0c738605a2a08aad2357df91ca8fbe3bd2c3427d7aac240bf61ec4278709d2ff0f5cd475805497cecedbee49450c218ff3f65e6a8b236254c30442e78fe6acc423dd26bf319230cfbf45481fca564c75968e4becbb5da459a779123479a998542f8b54429510bc4005a8deea6159718cecc0aeeeb8c504444c53660da20944a658a8a42984ef26c302767022864f80a0f53525ae60eb1c4b405443e4e6cd04887fcf1999be00ca55e32223878ab3e1ba05ccbcc3cdc87558386ef113b736b14319fa1aad4f0b09f367147121072dd1ad354e528a16a588c5d270ef24f5749791fb2c961d230fb0119daf395b7462f375a21bfbfa380342cfd9705b1ab368e32f4cce94f2242c6947b8624985b9c6de2ab4ee01b398dc4703rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootapparmor-2.13.6-150300.3.15.1.src.rpmapparmor-abstractionsconfig(apparmor-abstractions)    /bin/shapparmor-parser(CAP_SYSLOG)config(apparmor-abstractions)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.13.6-150300.3.15.13.0.4-14.6.0-14.0-15.2-14.14.3bBaZ@aՈ@a@aim@aex_м@__@_~@_[f_P_-B@_@^m@^@^<@^j$@^,-]҇]o](]K@]]@\\@\ \\v{\I\ lsb_release") - fix buggy syntax in tunables/share - several abstraction updates - parser: fix "Px -> foo-bar" (the "-" was rejected before) - several bugfixes in aa-genprof and aa-logprof - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3 for the detailed upstream changelog - drop upstream(ed) patches: - apparmor-nameservice-resolv-conf-link.patch - profile_filename_cornercase.diff - dnsmasq-libvirtd.diff - dnsmasq-revert-alternation.diff - usrmerge-fixes.diff - libapparmor-swig-4.diff - re-number remaining patches- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig 4.0 (boo#1135751)- Disable LTO (boo#1133091).- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877)- add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile to match the newly added libvirtd profile name (boo#1118952#c3)- Use %license instead of %doc [bsc#1082318]- add apparmor-lessopen-nfs-workaround.diff: allow network access in lessopen.sh for reading files on NFS (workaround for boo#1119937 / lp#1784499)- add profile_filename_cornercase.diff: drop check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (boo#1120472)- netconfig: write resolv.conf to /run with link to /etc (fate#325872, boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]- update to AppArmor 2.13.2 - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (boo#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 for the detailed upstream changelog - remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch- update to 2.13.1 - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - ignore "abi" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including boo#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 for the detailed upstream changelog - remove upstream(ed) patches: - aa-teardown-path.diff - fix-apparmor-systemd-perms.diff - logprof-skip-cache-d.diff - fix-samba-profiles.patch - make-pyflakes-happy.diff - dnsmasq-Add-permission-to-open-log-files.patch - refresh apparmor-samba-include-permissions-for-shares.diff - add fix-syntax-error-in-rc.apparmor.functions.patch- update rpmlintrc: - whitelist .features file which is part of the pre-compiled cache - comment out filters for the disabled tomcat_apparmor subpackage- Backport dnsmasq fix: 025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch (boo#1111342)- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099)- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing (logprof-skip-cache-d.diff)- add fix-apparmor-systemd-perms.diff - fix permissions of /lib/apparmor/apparmor.systemd (boo#1090545)- create and package precompiled cache (/usr/share/apparmor/cache, read-only) (boo#1069906, boo#1074429) - change (writeable) cache directory to /var/cache/apparmor/ - with the new btrfs layout, the only reason for using /var/lib/apparmor/cache/ (which was "it's part of the / subvolume") is gone, and /var/cache makes more sense for the cache - adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both cache locations - clear cache also in %post of abstractions package- update to AppArmor 2.13 - add support for multiple cache directories and cache overlays (boo#1069906, boo#1074429) - add support for conditional includes in policy - remove group restrictions from aa-notify (boo#1058787) - aa-complain etc.: set flags for profiles represented by a glob - aa-status: split profile from exec name - several profile and abstraction updates - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13 for the detailed upstream changelog - drop upstreamed patches and files: - aa-teardown - apparmor.service - apparmor.systemd - 32-bit-no-uid.diff - disable-cache-on-ro-fs.diff - dovecot-stats.diff - parser-write-cache-warn-only.diff - set-flags-for-profiles-represented-by-glob.patch - fix-regression-in-set-flags.patch - drop spec code that handled installing aa-teardown, apparmor.service and apparmor.systemd (now part of upstream Makefile) - simplify "make -C profiles parser-check" call (upstream Makefile bug that required to call "cd" was fixed) - add aa-teardown-path.diff - install aa-teardown in /usr/sbin/ - move 'exec' symlink to parser package (belongs to aa-exec)- Set flags for profiles represented by glob (bsc#1086154) set-flags-for-profiles-represented-by-glob.patch fix-regression-in-set-flags.patch- add dovecot-stats.diff: - add dovecot/stats profile and allow dovecot to run it (boo#1088161) - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753) - update 32-bit-no-uid.diff with upstream fix- Change of path of rpm in lessopen.sh (boo#1082956)- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429)- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429) - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests" to avoid pulling in several Gnome packages on servers (boo#1067477)- update to AppArmor 2.12 - add support for 'owner' rules in aa-logprof and aa-genprof - add support for includes with absolute path in aa-logprof etc. (lp#1733700) - update aa-decode to also decode PROCTITLE (lp#1736841) - several profile and abstraction updates, including boo#1069470 - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12 for the detailed upstream changelog - drop upstreamed patches: - read_inactive_profile-exactly-once.patch - utils-fix-sorted-save_profiles-regression.diff - lessopen profile: change all 'rix' rules to 'mrix' - add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems- update to AppArmor 2.11.95 aka 2.12 beta1 - add JSON interface to aa-logprof and aa-genprof (used by YaST) - drop old YaST interface code - update audio, base and nameservice abstractions - allow @{pid} to match 7-digit pids - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95 for the detailed upstream changelog - drop upstreamed patches - apparmor-yast-cleanup.patch - apparmor-json-support.patch - nameservice-libtirpc.diff - drop obsolete perl modules (YaST no longer needs them) - drop patches that were only needed by the obsolete perl modules: - apparmor-utils-string-split - apparmor-abstractions-no-multiline.diff - drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in apparmor_parser - refresh utils-fix-sorted-save_profiles-regression.diff - add aa-teardown (new script to unload all profiles) - make ExecStop in apparmor.service a no-op (workaround for a systemd restriction, see boo#996520 and boo#853019 for details) - lessopen profile: allow capability dac_read_search and dac_override, allow groff to execute several helpers (boo#1065388)- read_inactive_profile-exactly-once.patch (bsc#1069346) Perform reading of inactive profiles exactly once.- update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of 'unix' rules (will be supported in kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog - remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff - refresh apparmor-yast-cleanup.patch - add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the "changed profiles" list in aa-logprof- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)- profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195)- add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26- do not require exact X.Y version of "python3" - require also matching python(abi) which is arguably more important- don't rely on implementation details for reload in %post- add JSON support. Required for FATE#323380. (apparmor-yast-cleanup.patch, apparmor-json-support.patch)- add upstream-changes-r3629..3648.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - update nvidia abstraction for newer nvidia drivers - don't enforce ordering of dbus rule attributes in utils (lp#1628286) - add --parser, --base and --Include option to aa-easyprof to allow non-standard paths (useful for tests) (lp#1521031) - move initialization code in apparmor.aa to init_aa(). This allows to run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser don't exist. - several improvements in the utils tests - drop upstreamed python3-drop-re-locale.patch - no longer delete/skip some of the utils tests (to allow this, add parser-tests-dbus-duplicated-conditionals.diff) - add var.mount dependeny to apparmor.service (boo#1016259#c34)- Cleanup spec file: - don't use insserv if we afterwards call systemd, this can have bad side effects - remove dead code - remove now obsolete 'distro' checks - Replace init.d script with new wrapper working with systemd- add python3-drop-re-locale.patch: remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766)- add upstream-changes-r3616..3628.diff: - update abstractions/base, abstractions/apache2-common and dovecot profiles - merge ask_the_questions() of aa-logprof and aa-mergeprof - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor - adjust deleting the cache in profiles %post to the new cache location - silence errors when deleting the cache (boo#976914)- split libapparmor into separate spec to get rid of build loop involving mariadb, systemd, apparmor, libapr and mariadb again (see the discussion in SR 448871 for details)- update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog - patches: - add sshd-profile-drop-local-include-r3615.diff to fix 'make check' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff - spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren't used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed'ing python3 into aa-* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in logparser.py - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition) - add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)- only install apparmor.service for openSUSE > 13.2- Add a native systemd unit which *at the moment* only wraps/masks the early boot script.- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage - drop upstreamed dnsmasq-profile-fixes.patch - update expired GPG key- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes - refresh dnsmasq-profile-fixes.patch- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- fix bashism in post script- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don't warn about rules not supported by the kernel - fix logging of "audit capability" (lp#1378091) - add support for the "hat" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 - update apparmor-abstractions-no-multiline.diff - remove upstreamed apparmor-profiles-ntpd-pid-location.diff/bin/shgoat04 1657079435  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~2.13.6-150300.3.15.12.13.6-150300.3.15.1apparmor.dabstractionsXapache2-commonapparmor_apichange_profileexaminefind_mountpointintrospectis_enabledaspellaudioauthenticationbasebashconsolescups-clientdbusdbus-accessibilitydbus-accessibility-strictdbus-network-manager-strictdbus-sessiondbus-session-strictdbus-strictdconfdovecot-commondri-commondri-enumerateenchantexo-openfcitxfcitx-strictfontsfreedesktop.orggio-opengnomegnupggvfs-openhosts_accessibuskdekde-globals-writekde-icon-cache-writekde-language-writekde-open5kerberosclientldapclientlibpam-systemdlikewisemdnsmesamirmozcmysqlnameservicenisnvidiaopenclopencl-commonopencl-intelopencl-mesaopencl-nvidiaopencl-poclopensslorbit2p11-kitperlphpphp5postfix-commonprivate-filesprivate-files-strictpythonqt5qt5-compose-cache-writeqt5-settings-writerecent-documents-writerubysambasmbpassssl_certsssl_keyssvn-repositoriesubuntu-bittorrent-clientsubuntu-browsersubuntu-browsers.djavakdemailtomultimediaplugins-commonproductivitytext-editorsubuntu-integrationubuntu-integration-xuluser-filesubuntu-console-browsersubuntu-console-emailubuntu-emailubuntu-feed-readersubuntu-gnome-terminalubuntu-helpersubuntu-konsoleubuntu-media-playersubuntu-unity7-baseubuntu-unity7-launcherubuntu-unity7-messagingubuntu-xtermuser-downloaduser-mailuser-manpagesuser-tmpuser-writevideovulkanwaylandweb-datawinbindwutmpxadxdg-desktopxdg-opendisablelocaltunablesaliasapparmorfsdovecotglobalhomehome.dsite.localkernelvarsmultiarchmultiarch.dsite.localntpdprocrunsecurityfssharesysxdg-user-dirsxdg-user-dirs.dsite.local/etc//etc/apparmor.d//etc/apparmor.d/abstractions//etc/apparmor.d/abstractions/apparmor_api//etc/apparmor.d/abstractions/ubuntu-browsers.d//etc/apparmor.d/tunables//etc/apparmor.d/tunables/home.d//etc/apparmor.d/tunables/multiarch.d//etc/apparmor.d/tunables/xdg-user-dirs.d/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:24912/SUSE_SLE-15-SP3_Update/dc7934d2ca5d37f1ee18b50c372c7b79-apparmor.SUSE_SLE-15-SP3_Updatecpioxz5x86_64-suse-linuxdirectoryASCII textC source, ASCII textwNaWautf-85eba6ae1bce820fcf1ed0b2f866213fae253e34edfe2b178398e8254b5d62ead?07zXZ !t/Qd] crt:bLL C"Y1a^%G.Q~F_h`s ҁzgvL~z`pNߥj5!t#]^ ˓TYGSπs[V#/yJ[k*Jlik֏y>_;Ie06\ iJ_OH% nd%Ik6glj$ӡɲ "q¬3U(RQ"7OZ3JZMHX8=TRX[YP*Ȓ/}k~I}(ՔY *"^bL8n7ƥan2h5,|&omx汾6.w.Ms;Y4{WPzn? q#_md)1^p7|D~,{A[ $$&Zfdi0:p8M aa " (f =XҒN#?_k1?}W=}nqUtitS+eD aUg5a=}ΤISӟQ冕 BagfTcȗ+}R(UHx#7_}NM|B xf'f)TA B!o&]iA&J]3Iܬ4"Z0) ~*B g C YUYKY>c#(@QCc7_E !\{%Zu/ǨE1 l_h' +.ZUpek >"wg3]WP'OPHZ u|sCT~_;FL=cs7BЄM`1~-Up bBn{/.3U窭ytNi1Bgzo<"``.z wE-ʗs׷&\YpIsD$HdHүRͱ'>MeqN%t':2:_!ԥ,Om]ҋN*m&ohí(+i5l<ʚfnxAofnWN1tlG  A x n-jA\<Ц!>W/*γقKbڪ4a/:8f cKpLI(^*0͡ev7#-MPʮ8~ҨTC\2"(*C-Ϳ XfUHFS<7-I/*mnJ0|-!1O-,RIag_|bp &2M@6Ө;ݝ6aڪX$[ieӈfuR> ۱2\I"_ EÎ 2N&p7鲿s49%ÿ6X@=+Ls$[Kue̕t=\rF7 "刜Qq[/jL*bP(3X0U^bQi#4EdS[*~`GTڙnDZjN Q6ZF?#ºX.f-J {hE<֒ NJ=xoԉ8Gu)rnʼIdfs{8ËTxR/5.Nn|NHJl) -@߉S$ғxky?".'LĵDJ= .K;v x^`*z ~w ,r> 6eҟ^[_n#9\}잀[x7/t(l" ҴhJ?/M'-|a}mR/%ֻ}޶#!Ṁ̼d8</LX"Er+G5>vk/l[-|﫺*Hsl?vpix vDV!(oM\En}sɑP|;=OB꤉MY)Oʸcv\-ӑ(Gcw9(#smi+yK$ä " ՆkJZtOG!A$CmJN.l2&TiR?>|Zu̍J2ٙIT ShZE@F_W1 HasBR~bySVm6T"Z]nol8`\UɩV7*^6d=.:Ig_4|8Q  {>*ؕ@j_{[*n忤d&_/8U*!uycu&ھ/Šf0~TrԏQ̱@ 's<>pLy1kCXvі *\^XavJWmbF.y[Òj`zWfKf|̛͂0)1Mw])KT"ޞ*T$g8Y:Eq.0O>&Ժ@ZRvdtˁL+܆rœ`ry p%4-ZC\HG⶯T`6l<7;Jxͦr3"LZ@MoFM ^n7^ku/gTɘ]hγ捑LE+nRRn/ТTj{H d0ą̈́c~dV/lX8_:zaD 4 4Bq!1jc,N, > Rd9jT$.P;ӬK9>fUM^Pf#xT!R7tHY]j6y`ܛւ۟z\֨=v;>JsUTC,mEH7DXr}2mB^]ʣ^rʉr·HT$v};T' wW`¨}+ jՖ!\K lL3ۗ^eIvR ;;Ԁ':6l%.uu:;V3=L 2y˕w27&;4gGIE .OcG'r,BqIl{~[hIW.]yѼNRJa[; ]MHE-C>roܼ+U7eK~0ê 1ʙ *fyYjZcB*e 6iZɨ.Vc䭃!G;) wnI յ?]JUrcAjBݠƄcDiz*&*!) ϤGJ0Ң_4ftmMkkrs {շIdd{\ҴJ3^򜅫oo›kN)k \u|[Z?C7DQ10ȥw|ѐ‰4KdQ+:jTgjL;Œ2Prt)(>`j;ѿ:R 2巊z#ٍ8"~7Eah""#3o{wJ6/rx?o3s8ٰۮ >W"Dh .]O3HTz=("6Qb 0ʬjW8eSMb>wuZi";]>Q5 @r8n)OFOP9 {9%v'6[\?&3Wi_juuM\cJO{譤f̖juoǡ`\"F(S[Kw–BƽhLw|ԯ`ZH>{}eON1q H p7Q|q\=~ٸf<*,k~_#^~UHq"x$:iVn}'ImHUʛ{jS FgYNݛ8<ɏ}OeR)/ߖ{HC07~% L`k*¯t|r`ɎbckQ@-2}0$[ {CQr_qqv^.FNy 6nG )lJ1 3FmK5Bݖas|)T!C…:Ѷ]zegƧ0ÆBZeѨ/1a)uZȊZDj`)3YcQRv#Ф1"oAkBH}5w ;1q#6?ouE7i5[VrTٍvˎCl7j[piܖ+iBƯ@ăܞx1 DΦɅ2lo@6Ot3dA)h_eA[W8.^ q*-HEh]A1?tUQvR4eD l]eH>.F ObF|:u('{Y+e%ij[:/+*g2cD<+@Ї& cEXlKtLJCR~MyD~J9*G{׫TW Vg|8YePr iy[k? rm\$ \1hj -zhaojjvv%3>yM+`7n7h.ƪuEN;0oASM揷#ui-CFwZ/WEVA ޔB tz'㳆S" D#Xid.JC|TcvcN6HAAlVLhp\m_b. Į37z~ Y6tzUq0iW \{ew,dGd-ROt Y\.wZY>ڮ~,Yz) angX{JVL/l]"P f4)Z[>xpՉΣ԰MB6 LQl?..n/Q*,ee*x FήbD6TY𩖄u=#Zu}V%d+[&POɷeKI"2ybN(˓g%3)JɢX=ڐ[= k\Eo=qB;P#AUK(9gr,={9(+pĿwXf&R%鱵'WrK.93B+8crVDI{ Ebs zp3 T̔Q+iy}Ԍ"vuJp<0ɗֿ=k@ZjRe=L1Gt*v3lDMᶩ wOȓГz{A$LR-+gHhF;*-w~7;+Jt+o^q NT|bDZa{EY6/pӞ@[kdqûΨ6^׆? k!Lk6N [h #Z~CjVYsXNthL-Rd´ƥVL](xAI|Ca{/LӠTTj-T>NH,f c*"h'>5^o5Lzh|fPw )Kb!=}[Pƍ M oA|/YL4^!0OUk;^IGzh]ڪ?b_ ^%Hײ5E/䂭OΒF,xwk){5V%KlN{VXXªtw^ܞaϙ2[*`^*#kzgeEp=pKpKK<~-Q؅Vec KN|FKΐf~əu:ؙV`"_ wekPm$0h/֥K!7+LYb:Oy@;ڰ^:VhؠwR(a\ѕ0q?eVlW!KxijBbW>8FViC~:2ު&\{*N+ |3x4yYaaNj\"}DFʛ4mɡj Đ%]0Œ^͗k8QQAu8XDrz-~ ߨ][5t|{Woݘ1 *dpJZP+<v>s?-}kU Qe#>H,ph^UnAMy+7خNlO07_b @6|"S:~B6?:Ue(Cb@paxai)9_ֺpBm[V}22R!.wt;bG 򒤥lv{ ;ćQߞ_\l:xPE7b&#F,lYCtM P8Σ9?_RF,K;Ģh3CO{h[W-Ճ= 1f l!q rXf a糸7*MaIWiapZmd[z̚߆"Pbi9XDy0w){r#9B]S߈N\d~YR1-4|S,q;,Xjy` 'GvtT엖-MDA&WWO Q̀(ˑkВ=L 6fx[lAYiR#{hF#xΧYDת1T{zD g~ED`93ۺǹD jmL?,XQn{pJx%XYR]:\dpWzm>{bh`~UԦ3+8Pӧ1Ҏ6ѭUpBԄ_Iz58R04YqܜB+zW1 `{]Gs %dG *W+7"'?B2q4 Ji蹶|Wl3őe.hL<,^f_.:4>kcpTqGD5ih#%G]f񞲯 Wyӆ~t9|ŔWWhI" vxQ ۧ6^ T:0M 5$lc3w(Ո. +!%yw-%?synj CٝPr*d.Dqܚd3͋GlE(F s&El߸]u4ef(5BoWrh$>TPk V`۽ߗ׏D`)x; w5D?;ʦ-ZǑ̫P)]8pXcgH#cڪ>(||)3|W+ݙ9d@V4n(d?.r CBG1bMJJuugu\4%=ZS"&r/M~?]cn O+">-M`q|qQz/}zҀW|% %}/\ԁz}T͍"Jֿz B14@Ɋ{)3v.NIX}>J3QNo82E4UT-aॴn0>_%{&4ю/{.͏H!{UkAۃn??Z~\d Bݴ+9q0)R?9`6g kÚR6 '< ⻔Q ӷD6Y(+;GUމΎr*nMrATdxA8;]- ʲ_)G)O?+:"eTHkhBpu\䵤 }}W'y_ܧd@LNs*x7׫ 5‚|ܲo O`:XD'|RC~MG,tiRٱ;K1@Zc(E4 (l|Z $L?OmEal5"hՀĢi@wQKB }wbw.fǮyEw߲ZlmD3NBzb'0N-3E[({;TmC(Ԏmԉʹ*4V&U2ƥ*xHZ jJ<%eav0qj]WX(iE95q&o0#4c 'EYB^Eи5I6S3VR( `6V0{)"J'ELT͂q[^id"*᠟a°tEY4(L`6=L" GpvoBeRg?Ω{Wmpt R8mh3W$CȄuttKt Th62 >^o8k&jHs :^3* N6'$=n<@Yd3┰P#\8Cޡ~R3ըTچ\<Y[esmp#Odv2+ɕovGd 2f6D1qK$p8 r(q7(7΂bc)(VKqY6v . kX/z= hNf{ 0ʞZk A:V5(cYeD[Wa/fbߍ/-z_ՇAQ9u=FMAnbFֶ6k L9ṵRұ5&ԭ[TLEg2VxMOw$I*4a :swN06?7ZUV\@V*rFsnn3,<שN|wvh2Z{wL6g[@W[WԌV縟HAqA.}d'}Ѫq<x^Fe8u6j-!߮Ok`\b{ )RcK@$P?C4с`(3abޞ9'E;ѨynP|1be./ iVR`Hٷ1൩ 5,o@ȃ;źEE;L8pU~뾵櫏qA@84+>Y-m81)JFWcR<)}BD>Hғ+J5vGcrHSl힄(K\'7cE,y⦻8LFmE:)%YPĢB|9R#+C6.\27fYC.W`e-H(wY7~ĤGKG sC T/Ҧ7v<T2ME`1FDYn@.!4+\Doc9'R҄ lg٤OlBWY<噇lSͥiC 밪ZKgJGd{)"rh@f}ؔg# rGag> M!jk0Iݨd'`BT<P32aץ1E$tSVI!"-$gI@Y8Y [1ͺV oEA$D[SbCB;hnAߝ {%yTPZ0027Y2Y[=̏b@ɨ&]Su=yGKw RŽS3X(9JFZk\XãcUs<+-¤& y5 L2'!D0Zo6Be3ƿ|KGSz$ %VtmnE(eVfuӜ<:7R1?@飉^KT:ڧ0zR_+i3z7=! R@q1 jND#p,Z8*Ku/7U CZ^4+$c'3mq90.(%ܸ`@e 7ROuVQх;&I.H(V'g\rTCL!JA;T RPvA݌  56dBUsXż  Z,፼\4y|DK¬q*>%pS@V,M=w[A#w`|Mx*xPMin C%DU;%F`t;a N3)UG>b-Xa8C+:In"cb֑Gv e=E|ȕjW,yZ}6f5F gi n|/~:[sKcIg3Wbi3y;& pQZW0 ty00t=zy|@ [ȐDj)'i >]qsa'<22ԈȢm9>rlm"\Pʁ`+`M4_1R rK))b:d*IEY$pA׶=;Ccֽ y'ybJm{]M yi`&dU*FGрPc٣a5d1 ࠮ 9p_,tޓ)@:SWɿΥ  ~?=shyu6tvVE|3d\VBF7eX;``/+TV:B07O.D>)?jJ-f70mWݡ"_1Cv|K)3OVٷǷd%VBXP*DV"$SL{׾c^ev1`uEQND}h;$ؐ~”s#s55j([kmuF݌DNQCKY(s< / :Π {ULZY:Qes *[x_ᧂH61D,!nm@7(a/X.rg_O"@Mc^ٵuwJ3L7R[6Q7.>i쌛;G_ {hɁ^D( \Ht}Fsjcs4[m61␁'x%!p䵬90GgCmPo6y~Y(ady2)mZ%> _Շ 6郱Ս#֩#P{ ?L6]LH5dx_wmu ^" )s*4HyY~ V.?2KN˰`?o뗈N? Lk@߈uEilxwT]x%_ϣZo6KЋ@C҂"Yc4IlW3q|,)HaT{k8`TegbX7w<kSe0hEp9LF8Gѵg\WbAFyIu)\ay ,FI &R֢Lv#]UB}~ M,]ll+mD*R.؏0͎Rs&Xձ+P(*v׻kI@H?G1qw3;=d)E yګTRWfRw yOuȢ3xV \ڪ髂KzctpPcK+TH:jaog+sCއ*#7^ukdC)4Y7]rBV0 +V98#hscmVncڍj;xe'f;wة( Iˢԓ2NoRpķ8jJIx횾!bIȖ?=)R"Knp{?N,*M*@:$RSP#T9CJK4kb_ѶM`2q^HK7tF#=pO#[:;r"jLie@+Rb$:P Ww, Tx[RطGG'FX|p?Wq2p9w0=NeMY_ݗ:.WeG84UO{HsC#P$}i7ky׺4Fv eVը|ٗ{, F,jLZQȿsI\vGHyD4oYLF@Ged hqI\_y=O S2W|ƴSl UH73?`%iWA*lweNIU!_9uQ Ak|sw{ds?Yڿ&;[' ݟ== "_i;bLuピ;$@ir=*>W}ϙ ׍=/v3ywVM\EY߆Y~t}l]"ZtC|Q!a@ XUl hTȽkjG{;apPpמp4i`]L\dw`f'Tf&di>3nV̟hIR0Pwzρ3]b+([rqA?-a .P8Պ;rV"LI֘^k}aI-N$&;!orpV- "` VV0] E!1/%&,ԁbupgZҨvҋnhoA䑙*Q?1XEU٤Y^&gRL?Kϋ {u|v&Z՗b͘~,4rƆсS|98%ץuEnu6d8<`# Μ7*xÔ5y!z--UjtM1gm947[Xq ~zᲹQ5҆bC1P@nx88M>ڹaU-i_V]|s\mc0qkbCCDʎ/V+iWccU]Oޚ=)ps-D9UYM|O\.KB=+z8JyMDt&;}-"S 1FΏ0x/j]@u2 ruwF k!ЁM*ς )1!Po1+nAW,>>-ejLNT0+%st=|(A>R/G]BCC4SJd,R!I vwzW8[E QAiR^ ܚi7L\^+tX;(}BWP)۠D``OkKKJ`k>(})eayyXT(d\?.b[W}m0T5vktc(>-ӎtol#˱Y"\6Ѝi[*;$2(igG /_Z[pjKf ]EW_ g<,@pOi{Fgƴ&lYy O{᱗ >TYds7} (BucTP9f%ᮌu3s cޫ1LAd<B Zi|f?ԍy%d!E' L$Y$ ykֺWnҜJTvJis灙yktrp–U}X^8syzޢ^ʺ>3~mxUO,G԰E|J rc|PC fr썃S1vL$-\c$T`%ISX}\p& ?"ܺ½$;c3h@1 /Q7Gx88I>T4\r b2fPw@S`[S`Z4;P7ZS|QVE{QXB5 wPҬt^K"]Hȡ}M,EaBҤƔGo6ۨ!/N >9? v+VHb9Pːn ?FO)/rZJC!N [ՔD!]թ[^L97 lDm( 5NRgٛK▒}3$&O_|&i xr^ .U4ǫ.a\7% gR0]Nx{ӧn,xZ[d7~gjli5x8BnNG$`s J4-L}NW9z:YS牄c*\ %dp8)>h7?q}OU$Bjcؐ g.ytX3~*G^%:̑]/$V x0k2 }9nnxgiٟY DW aӒAg1թk`7+_@lfn[O:O@~r>!T<[-Q:;;wEc4l@#i1,ڌ0 :J1k1- 'a$v{k|eT#'i@N\#RovƲF`t4qRkJPÔw[҉|aWȴX:]YF:g{X6vEYF[D0 iLmPGܨ&H߆$ k5.Y 6l>+*,g+|L vEj6q8̼x"$9J!,D ' kɋ2G4R*elK3dqM]ikwYq+\D@FM@dZ_xʃ2 *\fju޾V R )@PqG6^Ԟ1 OoUbN>g݆#J=3ɻ]">M59^s nL"o|=+|o;ԟ:)qMX1f>/+u`A|DC8<2J[IƴW)3ZM0xr3Gn!+tm񧪕$d"RW0g.+'?Ȁq͎1ϨyYn$%dVЌrq9r0B[|ك6u]/F9Tߥ : -(CϹ]){h/JCE@7[/Z(@H]>T=1\ =M7ӭ"!ʎV/Tv绑aISf\f14%)F+ "",k(= N>:ؗ,Hpez q6Wg=v)s1+t>[ nÐ ɛ`xŒu=偎c3pw/rmJBʫi70p:+ܛXlaM{_r~H6UvOKOisIPCւ/-y_ a=t&(G58f\-#UtNS0]U1A hqP5U:ªZ̆;jCԉ,g |'w=Ѩx/;i`ʨt1!elGuaJGSGmT"lb4I%c.GKK f*{tsd/ so'#4;HeɼwwIJD&D#6fVWӅ9Y3SǹW&Q4L^aܻ/8z; 9!)>m=\ [2AMWBxО5ΌӁh!<,}N}'l؇(иy0+|aBطq(k>qnIpd<`)Ē͋MBV'mMLGNQfo CF۟suY1Ğ2}aH){W5r81ũeRjȆ]q CMgH /MJq#e#1>xƂ >wZ%!iTT/v.NXr|=~*p{&(*KÏwhY _I@} }ҫՓ]V,fG`+֜8Ơam> e]G䋩2:xM3D/֐ DO!\xN[=>ond4ͪms7BJLǼ4mFbl̜{ ~ W ?><:1II}RkOM@4R (r"4A;VZ*-5bxA#D}8 P:NR[&{F̀T2t|`S 4#Do>XKE[wGG3D|~S-CU&@yQ]=4mahnBOv3NUFWa]GJ [8XTBWzS%/bO$Aי}jޣTIآWhq\* ~;eE`<`(])7)V[N!UGz8zPmgkg8YvOf,lKBPuH;0oT ۊ/J2cqwmT4W/Ҿ6f]vDI.&nGĖ(N/U.FWȔ$1-ĘINd[^PD L 2kr(i>ĖKQ %G!iOfd$J?'aTI*P>RݘRŦ1_Ί̾==ljOsT['(GhbXL''e2ns_Dԁ-6u. (pGY(a:г4S_@mXuC?b<&< t#g!rGߪfo.D!R­7hqǖa9F擸<&b!7 \;Ҹ2Pp;>-z9ze5]UE.Nf0kӡ|VmL.qdJ %D8&c˦D*1÷FBxaYo.x\za3Ә!O.7;C0S7(+ G6Ua?cΌA{l2s_Fi)=>xCFrSPvm MpuEsg1x*nIʔًIm&x<^*+Fˏ57,*gK-!{u8uvN΅Ն̫;R6uJd $dzې$׎ʽҗr]jAȆ-@+>fwH/n`NfC1VY2diqJ KW@ i[J/1`fennT@ ߑr_y*R> ]^6ugaNը;/'CPRaLY왑b&l"]:|(,γiA3( @1:y}_Mu>;ؓP $ ~)U",/y͍cE(A[ W S R D9R%\0=7jqxsjq~.M˫#sCƢ_^.u,Jj/ -?dp.8.5 9`4&LJ/&'=턫GXYϵKɤhq.2Sj󐪈Ƌ޳o2/1D=6+WQω- ۑNf[ȳOk~N7ġvJ 1&6S?Ч:yTׁʚkj={i[^5r^ u'י` ,?G-rE B'GI:ʥ(7kv v?PkHrwoC Xu0`M"{ h D4:BjM?gȓh_eEQ;5l'<90K;xp] EA/!q1u[0)وfoxxٷ^QC]/̄ x*S/qɠM܊vSVśL񼙅JE~iA0EhzE Kݼ`#8eCH*aj>5\ bs YZ