������xen-4.17.2_06-150500.3.12.1������������������������������������������������������������������� ������>������������������������������
�����������������������A������������������������������������������������������������������������� �����e%�ip9|������uD��V�؎-Gj�)pB�a!5�
P)=#SP��NBgҫϺ_6�sP�E#2M�[Â
�a8!hpވS�nԃ�{//ar|?� J
e1A
YtYp6ի~ r�TJ'4fٶ/r.K�f��puↃSC�F*1F�m"^o4I�Zk
3X��'*_?nd:218d2123e41114e34169e95c86f9ca88f69840cd�98807fe35a6b70f7fc33e6f9d1c627b4996db723e804a9180b2461b94445a3a6�����T�����e%�ip9|��GF��VsFQ9>QɓKWNgԇy
�!~{N��o7D��&=y]���>Y�=R^AŶΟ �vRH(p�%gQz%lYKj%;eb#,06Hy~SwxԱ6S,h_L v�͈^υ��ۋ�JkDnj�z!~iI:'G![(Z�Q�r�݁�i٤AN/��dH}��@ix|hߐj+`/0�1p���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������>����p����������������=��o���?������o�������d��������������������������������������������������������������� �������������� ���W��������������T��������������X��������������d��������������h���������������������������������������������������� ���������������������������������������������� �������������������������������l���������������������� ��������������
���������������������� ���������������o�������
�������X���������������������������������������������*���������������P���������������������������������
��������������
��������������
���(��������������8�������������9��������������:������-������>������j�������F������j�������G������j�������H������j�������I������k8�������X������kH�������Y������kT�������\������k�������]������k�������^������l�������b������m��������c������m�������d������n'�������e������n,�������f������n/�������l������n1�������u������nD�������v������n�������z������o(�������������o8�������������o<�������������oB�������������o����C�xen�4.17.2_06�150500.3.12.1�Xen Virtualization: Hypervisor (aka VMM aka Microkernel)�Xen is a virtual machine monitor for x86 that supports execution of
multiple guest operating systems with unprecedented levels of
performance and resource isolation.
This package contains the Xen Hypervisor. (tm)
[Hypervisor is a trademark of IBM]����e%�$h02-armsrv3��1SUSE Linux Enterprise 15�SUSE LLC �GPL-2.0-only�https://www.suse.com/�System/Kernel�http://www.cl.cam.ac.uk/Research/SRG/netos/xen/�linux�aarch64�if [ -x /sbin/update-bootloader ]; then
/sbin/update-bootloader --refresh; exit 0
fi���������������������
���(���������5������������������������AAA큤������������������������������e%��e%��e%��e%��e%��e%��e%��e%��e%��e%��e%��e%��e%��e%��e%�����06507f39e0aae39c9fd5d69ce72fb59b6f79f692e318b90b77c248a0c4984116�39bf04afabcb047ab613acb536d4a6eb7a53bb502273cd6c332e3db296513b43�b4274a89d054d11065c4bdbcc4587d8a8ec68eca6aeeedb945936782d63cb120�3adef0ea0f2e2af012c7d42cbdf77b80f4649f5fde7bf0539382f19d2beb5db8�����06507f39e0aae39c9fd5d69ce72fb59b6f79f692e318b90b77c248a0c4984116����xen-4.17.2_06-150500.3.12�xen-4.17.2_06-150500.3.12�xen-4.17.2_06-150500.3.12������../../share/efi/aarch64/xen-4.17.2_06-150500.3.12.efi����xen-4.17.2_06-150500.3.12.efi�xen-4.17.2_06-150500.3.12.efi�xen-4.17.2_06-150500.3.12.efi����������������������������������������������������������������root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�xen-4.17.2_06-150500.3.12.1.src.rpm���installhint(reboot-needed)�xen�xen(aarch-64)����������
���
���
���
����
���
���
���
����������������/bin/sh�coreutils�diffutils�fillup�grep�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�systemd�systemd�systemd�systemd������3.0.4-1�4.6.0-1�4.0-1�5.2-1�����4.14.3��e��@e�;d�dd@d.@ddíd@ddkY@dS@dK@dJcd5Kd&@d�?@d��d�'@d�cc@c@ccc�ccc[@cWcOcOc47@c�@c�@b)bz@bγbγbb@b@b@b�@bzSbV@bP#bJb/.@b b
D@a�@aaq@aa6a@aaca@@a7T@a,@a�Ga
$@a
@`@`�@`@`E`�@``
@`!@`@``7@``}p`\{@`KW`F�`B�@`8`4@`.V`#`�>` l___�@_H@__إ@_إ@_S_$_______�@_"__E@_i@_h_d@_cO_[f_X_O@_N7_*@_'@_�@_�{_�^)@^^@^3^ϧ^x^@^@^^�^{G^r
@^j$@^g@^_@^Nt^K^=Q@^:@^0"@^�@^�@]�]�]N@]@]ʞ])]c@]�@]@]@]]fl]fl]M`@]B@]/
],j]��]�@]�@]�]�]
#]�]�@\\ޢ@\ڭ\\@\@\�@\,@\7\\N\�@\\+@\\M\M\�\�\@\}�@\k\X)@\J@\I\A\?�\=@\9\73\4\$\�l@[H[k@[@[^[^[ā@[@[@[9@[v[W�[CN@[<[6�@[0@[0@['[!�@[�5@Z@ZnZ�@ZZZ@ZmZԐ@ZZZ@ZZ}@Z}@Z}@Z}@Zz@Zz@Zo�Zk�@ZV�@ZS]@ZOhZ:PZ1�@Z.s@Z&@Z�OZ�OZ� Z� Z� Z�@Z�@Z
}Z�C@Z�Y�Y�Y�Y|Y@Y{Y*@Y5YA@Y4YY�YbY�Y@Y3Y@YJYJY@YYV@Y�@Ym@Yw2Yp@YlYh@Yh@YS@YJ_YI�@Y5GY0�Y-^Y(�Y"Y�Y�;@Y�Y��Y�@Y�tY�.X@XQ@X@XۡXg@X@X@X@X @X@X@X�@X�@XXX@XXXwoXs{@XlXWXRXQ4@XEVX43@X.@X*X lX�&X�@X�X�@W@W֘W֘W^@WiW:Wt@W.@W9WW@Wk@Wi,@WbWZWZWZWYZ@WV@WEWBW=W;�W3�W1@W1@W,@W(W(W(W(W(W#LW�VbV(@V3VJVxV'@VV2V͛@VŲ@V`VwVVV=@VV@VHV@VvV%@VV<@V@VS@V�V@V^VwVqR@Vn@VXEVUVTQ@VMVMVMVA@V;DV9@V7P@V0V*!@V V�@V�CV�V�V�f@V�qV�@UYU�@U�@UUݪ@U�@UnU4@UUK@U�U@UU>U@Ux&Un@U\w@U[%UUUPUKSU>$U6;U%�@U�U�@U�U�U�.@TgT-@TT@TZ@TZ@T@T�T@T5T@TLTLT~@Tl@Ti@Ta@THT?@T=�@carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�jbeulich@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�jbeulich@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�jbeulich@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�jbeulich@suse.com�jbeulich@suse.com�carnold@suse.com�jbeulich@suse.com�carnold@suse.com�carnold@suse.com�jbeulich@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�jbeulich@suse.com�carnold@suse.com�schubi@suse.com�jbeulich@suse.com�jbeulich@suse.com�dmueller@suse.com�carnold@suse.com�jbeulich@suse.com�carnold@suse.com�jbeulich@suse.com�carnold@suse.com�jbeulich@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�jbeulich@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�jbeulich@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�jbeulich@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�jbeulich@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�guillaume.gardet@opensuse.org�callumjfarmer13@gmail.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�callumjfarmer13@gmail.com�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�dimstar@opensuse.org�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�mcepl@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�ohering@suse.de�mliska@suse.cz�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�jengelh@inai.de�guillaume.gardet@opensuse.org�guillaume.gardet@opensuse.org�bwiedemann@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�bwiedemann@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�trenn@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�ohering@suse.de�jfehlig@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�rbrown@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�jfehlig@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�jfehlig@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�ohering@suse.de�jfehlig@suse.com�carnold@suse.com�jfehlig@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�mlatimer@suse.com�carnold@suse.com�cyliu@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�jfehlig@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�ohering@suse.de�rguenther@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�rguenther@suse.com�carnold@suse.com�meissner@suse.com�carnold@suse.com�ohering@suse.de�carnold@suse.com�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�carnold@suse.com�ohering@suse.de�ohering@suse.de�ohering@suse.de�ohering@suse.de�carnold@suse.com�carnold@suse.com�carnold@suse.com�carnold@suse.com�- bsc#1215744 - VUL-0: CVE-2023-34323: xen: xenstored: A
transaction conflict can crash C Xenstored (XSA-440)
xsa440.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
TLB flushing (XSA-442)
xsa442.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
vulnerabilities in libfsimage disk handling (XSA-443)
xsa443-01.patch
xsa443-02.patch
xsa443-03.patch
xsa443-04.patch
xsa443-05.patch
xsa443-06.patch
xsa443-07.patch
xsa443-08.patch
xsa443-09.patch
xsa443-10.patch
xsa443-11.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
Debug Mask handling (XSA-444)
xsa444-1.patch
xsa444-2.patch�- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
execution leak via division by zero (XSA-439)
xsa439-00.patch
xsa439-01.patch
xsa439-02.patch
xsa439-03.patch
xsa439-04.patch
xsa439-05.patch
xsa439-06.patch
xsa439-07.patch
xsa439-08.patch
xsa439-09.patch�- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
reference dropped too early for 64-bit PV guests (XSA-438)
xsa438.patch�- Handle potential unaligned access to bitmap in
libxc-sr-restore-hvm-legacy-superpage.patch
If setting BITS_PER_LONG at once, the initial bit must be aligned�- bsc#1212684 - xentop fails with long interface name
64d33a57-libxenstat-Linux-nul-terminate-string.patch�- Update to Xen 4.17.2 bug fix release (bsc#1027519)
xen-4.17.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
Sampling (XSA-435)
- Dropped patches contained in new tarball
64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch
645dec48-AMD-IOMMU-assert-boolean-enum.patch
64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch
64bea1b2-x86-AMD-Zenbleed.patch�- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
A bit is an index in bitmap, while bits is the allocated size
of the bitmap.�- Add more debug to libxc-sr-track-migration-time.patch
This is supposed to help with doing the math in case xl restore
fails with ERANGE as reported in bug#1209311�- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
(XSA-433)
64bea1b2-x86-AMD-Zenbleed.patch�- Upstream bug fixes (bsc#1027519)
645dec48-AMD-IOMMU-assert-boolean-enum.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch�- bsc#1211433 - VUL-0: CVE-2022-42336: xen: Mishandling of guest
SSBD selection on AMD hardware (XSA-431)
64639e84-amd-fix-legacy-setting-of-SSBD-on-AMD-Family-17h.patch�- bsc#1210570 - gcc-13 realloc use-after-free analysis error
64525c61-tools-libs-guest-assist-gcc13s-realloc-analyzer.patch�- bsc#1209237 - xen-syms doesn't contain debug-info
643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
643e387f-xen-update-CONFIG_DEBUG_INFO-help-text.patch
6447a8fd-x86-EFI-permit-crash-dump-analysis.patch�- Update to Xen 4.17.1 bug fix release (bsc#1027519)
xen-4.17.1-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Dropped patches contained in new tarball
63a03b73-VMX-VMExit-based-BusLock-detection.patch
63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch
63a03bce-VMX-Notify-VMExit.patch
63a03e28-x86-high-freq-TSC-overflow.patch
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
63d24e91-tools-xenstore-revert-simplify-loop-handling.patch
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
640f3035-x86-altp2m-help-gcc13.patch
641041e8-VT-d-constrain-IGD-check.patch
64104238-bunzip-gcc13.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
libxl.fix-guest-kexec-skip-cpuid-policy.patch
xsa430.patch�- bsc#1210315 - VUL-0: CVE-2022-42335: xen: x86 shadow paging
arbitrary pointer dereference (XSA-430)
xsa430.patch�- Not building the shim is correctly handled by --disable-pvshim
Drop disable-building-pv-shim.patch�- Upstream bug fixes (bsc#1027519)
63a03b73-VMX-VMExit-based-BusLock-detection.patch
63a03ba6-VMX-INTR_SHADOW_NMI-helper.patch
63a03bce-VMX-Notify-VMExit.patch
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
641041e8-VT-d-constrain-IGD-check.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
- Use "proper" upstream backports:
640f3035-x86-altp2m-help-gcc13.patch
64104238-bunzip-gcc13.patch
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
- ... in place of:
bunzip-gcc13.patch
altp2m-gcc13.patch
xsa427.patch
xsa428-1.patch
xsa428-2.patch
xsa429.patch�- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs
libxl.fix-guest-kexec-skip-cpuid-policy.patch�- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
log-dirty mode use-after-free (XSA-427)
xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
pinned cache attributes mis-handling (XSA-428)
xsa428-1.patch
xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
vulnerability in 32bit SYSCALL path (XSA-429)
xsa429.patch�- bsc#1208736 - GCC 13: xen package fails
bunzip-gcc13.patch
altp2m-gcc13.patch
- Drop gcc13-fixes.patch�- bsc#1208736 - GCC 13: xen package fails
gcc13-fixes.patch�- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return
Address Predictions (XSA-426)
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch�- bsc#1205792 - Partner-L3: launch-xenstore error messages show in
SLES15 SP4 xen kernel.
63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch�- bsc#1026236 - tidy/modernize patch
xen.bug1026236.suse_vtsc_tolerance.patch�- Upstream bug fixes (bsc#1027519)
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
Xenstore crash via soft reset (XSA-425)
xsa425.patch ->
63d24e91-tools-xenstore-revert-simplify-loop-handling.patch�- bsc#1207544 - VUL-0: CVE-2022-42330: xen: Guests can cause
Xenstore crash via soft reset (XSA-425)
xsa425.patch�- Upstream bug fixes (bsc#1027519)
63a03e28-x86-high-freq-TSC-overflow.patch�- Update to Xen 4.17.0 FCS release (jsc#PED-1858)
xen-4.17.0-testing-src.tar.bz2
* On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that
this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen.
* The "gnttab" option now has a new command line sub-option for disabling the
GNTTABOP_transfer functionality.
* The x86 MCE command line option info is now updated.
* Out-of-tree builds for the hypervisor now supported.
* __ro_after_init support, for marking data as immutable after boot.
* The project has officially adopted 4 directives and 24 rules of MISRA-C,
added MISRA-C checker build integration, and defined how to document
deviations.
* IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones
when they don't share page tables with the CPU (HAP / EPT / NPT).
* Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD.
* Improved TSC, CPU, and APIC clock frequency calibration on x86.
* Support for Xen using x86 Control Flow Enforcement technology for its own
protection. Both Shadow Stacks (ROP protection) and Indirect Branch
Tracking (COP/JOP protection).
* Add mwait-idle support for SPR and ADL on x86.
* Extend security support for hosts to 12 TiB of memory on x86.
* Add command line option to set cpuid parameters for dom0 at boot time on x86.
* Improved static configuration options on Arm.
* cpupools can be specified at boot using device tree on Arm.
* It is possible to use PV drivers with dom0less guests, allowing statically
booted dom0less guests with PV devices.
* On Arm, p2m structures are now allocated out of a pool of memory set aside at
domain creation.
* Improved mitigations against Spectre-BHB on Arm.
* Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm.
* Allow setting the number of CPUs to activate at runtime from command line
option on Arm.
* Grant-table support on Arm was improved and hardened by implementing
"simplified M2P-like approach for the xenheap pages"
* Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm.
* Add i.MX lpuart and i.MX8QM support on Arm.
* Improved toolstack build system.
* Add Xue - console over USB 3 Debug Capability.
* gitlab-ci automation: Fixes and improvements together with new tests.
* dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options
- Drop patches contained in new tarball or invalid
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
631b5ba6-gnttab-acquire-resource-vaddrs.patch
63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
63455fe4-x86-HAP-monitor-table-error-handling.patch
63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
6345601d-x86-tolerate-shadow_prealloc-failure.patch
6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
63456075-x86-P2M-free-paging-pool-preemptively.patch
63456090-x86-p2m_teardown-preemption.patch
63456175-libxl-per-arch-extra-default-paging-memory.patch
63456177-Arm-construct-P2M-pool-for-guests.patch
6345617a-Arm-XEN_DOMCTL_shadow_op.patch
6345617c-Arm-take-P2M-pages-P2M-pool.patch
634561aa-gnttab-locking-on-transitive-copy-error-path.patch
634561f1-x86emul-respect-NSCB.patch
6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
6351095c-Arm-rework-p2m_init.patch
6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
635665fb-sched-fix-restore_vcpu_affinity.patch
63569723-x86-shadow-replace-bogus-assertions.patch
61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch
xsa326-01.patch
xsa326-02.patch
xsa326-03.patch
xsa326-04.patch
xsa326-05.patch
xsa326-06.patch
xsa326-07.patch
xsa326-08.patch
xsa326-09.patch
xsa326-10.patch
xsa326-11.patch
xsa326-12.patch
xsa326-13.patch
xsa326-14.patch
xsa326-15.patch
xsa326-16.patch
xsa412.patch
xsa414.patch
xsa415.patch
xsa416.patch
xsa417.patch
xsa418-01.patch
xsa418-02.patch
xsa418-03.patch
xsa418-04.patch
xsa418-05.patch
xsa418-06.patch
xsa418-07.patch
xsa419-01.patch
xsa419-02.patch
xsa419-03.patch
xsa421-01.patch
xsa421-02.patch�- bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends
(XSA-376)
61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch�- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
63455fe4-x86-HAP-monitor-table-error-handling.patch
63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
6345601d-x86-tolerate-shadow_prealloc-failure.patch
6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
63456075-x86-P2M-free-paging-pool-preemptively.patch
63456090-x86-p2m_teardown-preemption.patch
- bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption
for 2nd-level page tables on ARM systems (XSA-409)
63456175-libxl-per-arch-extra-default-paging-memory.patch
63456177-Arm-construct-P2M-pool-for-guests.patch
6345617a-Arm-XEN_DOMCTL_shadow_op.patch
6345617c-Arm-take-P2M-pages-P2M-pool.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
634561aa-gnttab-locking-on-transitive-copy-error-path.patch
- Upstream bug fixes (bsc#1027519)
6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
631b5ba6-gnttab-acquire-resource-vaddrs.patch
634561f1-x86emul-respect-NSCB.patch
6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
6351095c-Arm-rework-p2m_init.patch
6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
635665fb-sched-fix-restore_vcpu_affinity.patch
63569723-x86-shadow-replace-bogus-assertions.patch
- Drop patches replaced by upstream versions:
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
xsa411.patch�- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
xenstored run out of memory (XSA-326)
xsa326-01.patch
xsa326-02.patch
xsa326-03.patch
xsa326-04.patch
xsa326-05.patch
xsa326-06.patch
xsa326-07.patch
xsa326-08.patch
xsa326-09.patch
xsa326-10.patch
xsa326-11.patch
xsa326-12.patch
xsa326-13.patch
xsa326-14.patch
xsa326-15.patch
xsa326-16.patch
- bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can
crash xenstored (XSA-414)
xsa414.patch
- bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can
create orphaned Xenstore nodes (XSA-415)
xsa415.patch
- bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can
cause Xenstore to not free temporary memory (XSA-416)
xsa416.patch
- bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can
get access to Xenstore nodes of deleted domains (XSA-417)
xsa417.patch
- bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can
crash xenstored via exhausting the stack (XSA-418)
xsa418-01.patch
xsa418-02.patch
xsa418-03.patch
xsa418-04.patch
xsa418-05.patch
xsa418-06.patch
xsa418-07.patch
- bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen:
Xenstore: cooperating guests can create arbitrary numbers of
nodes (XSA-419)
xsa419-01.patch
xsa419-02.patch
xsa419-03.patch
- bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen:
Xenstore: Guests can create arbitray number of nodes via
transactions (XSA-421)
xsa421-01.patch
xsa421-02.patch�- bsc#1204483 - VUL-0: CVE-2022-42327: xen: x86: unintended memory
sharing between guests (XSA-412)
xsa412.patch�- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
xsa411.patch�- bsc#1201994 - Xen DomU unable to emulate audio device
62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch�- Things are compiling fine now with gcc12.
Drop gcc12-fixes.patch�- Update to Xen 4.16.2 bug fix release (bsc#1027519)
xen-4.16.2-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
625fca42-VT-d-reserved-CAP-ND.patch
626f7ee8-x86-MSR-handle-P5-MC-reads.patch
627549d6-IO-shutdown-race.patch
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
62a99614-IOMMU-x86-gcc12.patch
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
xsa408.patch�- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels
A previous change to the built-in default had a logic error,
effectively restoring the upstream limit of 1023 channels per domU.
Fix the logic to calculate the default based on the number of vcpus.
adjust libxl.max_event_channels.patch�- Added --disable-pvshim when running configure in xen.spec.
We have never shipped the shim and don't need to build it.�- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
in typeref acquisition
62a1e594-x86-clean-up-_get_page_type.patch
62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
xen: retbleed - arbitrary speculative code execution with return
instructions (XSA-407)
62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch
62cc31ee-cmdline-extend-parse_boolean.patch
62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
62cd91d0-x86-spec-ctrl-rework-context-switching.patch
62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
62cd91d5-x86-cpuid-BTC_NO-enum.patch
62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
62a99614-IOMMU-x86-gcc12.patch
62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
xsa401-1.patch
xsa401-2.patch
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch�- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
for x86 PV guests in shadow mode (XSA-408)
xsa408.patch
- Fix gcc13 compilation error
62c56cc0-libxc-fix-compilation-error-with-gcc13.patch�- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.�- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
fix xsa402-5.patch�- Upstream bug fixes (bsc#1027519)
625fca42-VT-d-reserved-CAP-ND.patch
626f7ee8-x86-MSR-handle-P5-MC-reads.patch
627549d6-IO-shutdown-race.patch
- bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition
in typeref acquisition
xsa401-1.patch
xsa401-2.patch
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
Insufficient care with non-coherent mappings
xsa402-1.patch
xsa402-2.patch
xsa402-3.patch
xsa402-4.patch
xsa402-5.patch�- fix python3 >= 3.10 version detection�- Update to Xen 4.16.1 bug fix release (bsc#1027519)
xen-4.16.1-testing-src.tar.bz2
- Drop patches contained in new tarball
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
61e0296a-x86-time-calibration-relative-counts.patch
61e029c8-x86-time-TSC-freq-calibration-accuracy.patch
61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch
61e98e88-x86-introduce-get-set-reg-infra.patch
61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch
61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch
61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch
61eaaa23-x86-get-set-reg-infra-build.patch
61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch
61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch
61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
xsa397.patch
xsa399.patch
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch�- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch�- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
between dirty vram tracking and paging log dirty hypercalls
(XSA-397)
xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
cleanup (XSA-399)
xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
xsa400-12.patch
- Additional upstream bug fixes for XSA-400 (bsc#1027519)
61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch
61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch
6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch�- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
xen: BHB speculation issues (XSA-398)
62278667-Arm-introduce-new-processors.patch
62278668-Arm-move-errata-CSV2-check-earlier.patch
62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
6227866a-Arm-Spectre-BHB-handling.patch
6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
6227866c-x86-AMD-cease-using-thunk-lfence.patch�- bsc#1196545 - GCC 12: xen package fails
gcc12-fixes.patch�- Upstream bug fixes (bsc#1027519)
61e0296a-x86-time-calibration-relative-counts.patch
61e029c8-x86-time-TSC-freq-calibration-accuracy.patch
61e02a1c-libxl-PCI-PV-hotplug-stubdom-coldplug.patch
61e98e88-x86-introduce-get-set-reg-infra.patch
61e98e89-x86-MSR-split-SPEC_CTRL-handling.patch
61e98e8a-x86-spec-ctrl-drop-ENTRY-EXIT-HVM.patch
61e98e8b-VT-x-SPEC_CTRL-NMI-race-condition.patch
61eaaa23-x86-get-set-reg-infra-build.patch
61efec1d-Arm-P2M-always-clear-entry-on-mapping-removal.patch
61efec4d-gnttab-only-decrement-refcounter-on-final-unmap.patch
61efec96-IOMMU-x86-stop-pirq-iteration-immediately-on-error.patch
61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
61f933a4-x86-cpuid-advertise-SSB_NO.patch
61f933a5-x86-drop-use_spec_ctrl-boolean.patch
61f933a6-x86-new-has_spec_ctrl-boolean.patch
61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
61f933a8-x86-SPEC_CTRL-record-last-write.patch
61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
61f933ab-x86-AMD-SPEC_CTRL-infra.patch
61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
6202afa4-x86-TSX-move-has_rtm_always_abort.patch
6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
6202afa8-x86-Intel-PSFD-for-guests.patch
- Drop patches replaced by the above:
xsa393.patch
xsa394.patch
xsa395.patch
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch�- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
guest_physmap_remove_page not removing the p2m mappings (XSA-393)
xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
Xen while unmapping a grant (XSA-394)
xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
passed-through device IRQs (XSA-395)
xsa395.patch�- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch�- bsc#1193307 - pci backend does not exist when attach a vf to a pv
guest
libxl-Fix-PV-hotplug-and-stubdom-coldplug.patch
Drop libxl-PCI-defer-backend-wait.patch�- bsc#1193447 - Slow execution of hvmloader+ovmf when VM contains
an sriov device
61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
- Upstream bug fixes (bsc#1027519)
61b31d5c-x86-restrict-all-but-self-IPI.patch
61b88e78-x86-CPUID-TSXLDTRK-definition.patch
61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch�- Collect active VM config files in the supportconfig plugin
xen-supportconfig�- Now that the ovmf package has been updated, reset the configure
script to use ovmf-x86_64-xen-4m.bin from ovmf-x86_64-ms.bin
References bsc#1194105, bsc#1193274
xen.spec�- bsc#1193307 - pci backend does not exist when attach a vf to a pv
guest
libxl-PCI-defer-backend-wait.patch�- Update to Xen 4.16.0 FCS release
xen-4.16.0-testing-src.tar.bz2
* Miscellaneous fixes to the TPM manager software in preparation
for TPM 2.0 support.
* Increased reliance on the PV shim as 32-bit PV guests will only
be supported in shim mode going forward. This change reduces
the attack surface in the hypervisor.
* Increased hardware support by allowing Xen to boot on Intel
devices that lack a Programmable Interval Timer.
* Cleanup of legacy components by no longer building QEMU
Traditional or PV-Grub by default. Note both projects have
upstream Xen support merged now, so it is no longer recommended
to use the Xen specific forks.
* Initial support for guest virtualized Performance Monitor
Counters on Arm.
* Improved support for dom0less mode by allowing the usage on
Arm 64bit hardware with EFI firmware.
* Improved support for Arm 64-bit heterogeneous systems by
leveling the CPU features across all to improve big.LITTLE
support.
- bsc#1193274 - [Build67.2][Xen][uefi] xen fullvirt uefi guest can
not be created with default 'type=plash' in virt-manager
xen.spec�- Update to Xen 4.16.0 RC4 release (jsc#SLE-18467)
xen-4.16.0-testing-src.tar.bz2
* Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0.
* Xen now supports Viridian enlightenments for guests with more than 64 vcpus.
* Xenstored and oxenstored both now support LiveUpdate (tech preview).
* Unified boot images
* Switched x86 MSR accesses to deny by default policy.
* Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format.
* Support for zstd-compressed dom0 (x86) and domU kernels.
* Reduce ACPI verbosity by default.
* Add ucode=allow-same option to test late microcode loading path.
* Library improvements from NetBSD ports upstreamed.
* x86: Allow domains to use AVX-VNNI instructions.
* Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts.
* xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend.
* On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging.
* Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests.
- Drop iPXE sources and patches. iPXE is only used by QEMU
traditional which has never shipped with SLE15.
ipxe.tar.bz2
ipxe-enable-nics.patch
ipxe-no-error-logical-not-parentheses.patch
ipxe-use-rpm-opt-flags.patch
- Drop building ocaml xenstored in the spec file. There are no
plans or need to support this version.
- Drop patches contained in new tarball or no longer required
5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
5ffc58c4-ACPI-reduce-verbosity-by-default.patch
602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
608676f2-VT-d-register-based-invalidation-optional.patch
60a27288-x86emul-gas-2-36-test-harness-build.patch
60af933d-x86-gcc11-hypervisor-build.patch
60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
60afe617-x86-TSX-minor-cleanup-and-improvements.patch
60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch
60ba695e-tools-libs-ctrl-fix-xc_core_arch_map_p2m-to-support.patch
60be0e24-credit2-pick-runnable-unit.patch
60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
60bf9e19-Arm-create-dom0less-domUs-earlier.patch
60bf9e1a-Arm-boot-modules-scrubbing.patch
60bf9e1b-VT-d-size-qinval-queue-dynamically.patch
60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch
60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch
60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch
60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch
60bfa904-AMD-IOMMU-wait-for-command-slot.patch
60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch
60c0bf86-x86-TSX-cope-with-deprecation.patch
60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
60c8de6e-osdep_xenforeignmemory_map-prototype.patch
60d49689-VT-d-undo-device-mappings-upon-error.patch
60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
61001231-x86-work-around-GNU-ld-2-37-issue.patch
61122ac6-credit2-avoid-spuriously-picking-idle.patch
611a7e38-x86-CET-shstk-WARN-manipulation.patch
611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
6126339d-AMD-IOMMU-global-ER-extending.patch
6126344f-AMD-IOMMU-unity-map-handling.patch
61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch
6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch
6126349a-AMD-IOMMU-rearrange-reassignment.patch
612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch
612634c3-x86-p2m-introduce-p2m_is_special.patch
612634dc-x86-p2m-guard-identity-mappings.patch
612634f4-x86-mm-widen-locked-region-in-xatp1.patch
6126350a-gnttab-release-mappings-preemption.patch
6126351f-gnttab-replace-mapkind.patch
6126353d-gnttab-get-status-frames-array-capacity.patch
61263553-Arm-restrict-maxmem-for-dom0less.patch
6128a856-gnttab-radix-tree-node-init.patch
init.xen_loop
libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch
libxc-bitmap-longs.patch
libxc.migrate_tracking.patch
libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
libxc-sr-add-xc_is_known_page_type.patch
libxc-sr-arrays.patch
libxc-sr-batch_pfns.patch
libxc-sr-page_type_has_stream_data.patch
libxc.sr.superpage.patch
libxc-sr-use-xc_is_known_page_type.patch
libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch
libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch
libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch
libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch
libxl-85760c03d664400368a3f76ae0225307c25049a7.patch
libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch
libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch
libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch
libxl.fix-libacpi-dependency.patch
libxl-qemu6-scsi.patch
libxl-qemu6-vnc-password.patch
libxl.set-migration-constraints-from-cmdline.patch
reproducible.patch
stubdom-have-iovec.patch
x86-cpufreq-report.patch
xenstore-launch.patch
xenwatchdogd-options.patch
xsa384.patch�- bsc#1189632 - VUL-0: CVE-2021-28701: xen: Another race in
XENMAPSPACE_grant_table handling (XSA-384)
xsa384.patch
- Upstream bug fixes (bsc#1027519)
61001231-x86-work-around-GNU-ld-2-37-issue.patch
611a7e38-x86-CET-shstk-WARN-manipulation.patch
611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
6128a856-gnttab-radix-tree-node-init.patch
61122ac6-credit2-avoid-spuriously-picking-idle.patch (Replaces
credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch)
6126339d-AMD-IOMMU-global-ER-extending.patch (Replaces xsa378-1.patch)
6126344f-AMD-IOMMU-unity-map-handling.patch (Replaces xsa378-2.patch)
61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch (Replaces xsa378-3.patch)
6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch (Replaces xsa378-4.patch)
6126349a-AMD-IOMMU-rearrange-reassignment.patch (Replaces xsa378-5.patch)
612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch (Replaces xsa378-6.patch)
612634c3-x86-p2m-introduce-p2m_is_special.patch (Replaces xsa378-7.patch)
612634dc-x86-p2m-guard-identity-mappings.patch (Replaces xsa378-8.patch)
612634f4-x86-mm-widen-locked-region-in-xatp1.patch (Replaces xsa379.patch)
6126350a-gnttab-release-mappings-preemption.patch (Replaces xsa380-1.patch
6126351f-gnttab-replace-mapkind.patch (Replaces xsa380-2.patch)
6126353d-gnttab-get-status-frames-array-capacity.patch (Replaces xsa382.patch)
61263553-Arm-restrict-maxmem-for-dom0less.patch (Replaces xsa383.patch)�- bsc#1189882 - refresh libxc.sr.superpage.patch
prevent superpage allocation in the LAPIC and ACPI_INFO range�- bsc#1189373 - VUL-0: CVE-2021-28694,CVE-2021-28695,
CVE-2021-28696: xen: IOMMU page mapping issues on x86 (XSA-378)
xsa378-1.patch
xsa378-2.patch
xsa378-3.patch
xsa378-4.patch
xsa378-5.patch
xsa378-6.patch
xsa378-7.patch
xsa378-8.patch
- bsc#1189376 - VUL-0: CVE-2021-28697: xen: grant table v2 status
pages may remain accessible after de-allocation. (XSA-379)
xsa379.patch
- bsc#1189378 - VUL-0: CVE-2021-28698: xen: long running loops in
grant table handling. (XSA-380)
xsa380-1.patch
xsa380-2.patch
- bsc#1189380 - VUL-0: CVE-2021-28699: xen: inadequate grant-v2
status frames array bounds check. (XSA-382)
xsa382.patch
- bsc#1189381 - VUL-0: CVE-2021-28700: xen: xen/arm: No memory
limit for dom0less domUs. (XSA-383)
xsa383.patch�- bsc#1188050 - L3: Xen guest yval1a80 SLES11SP4 hangs on cluster
See also bsc#1179246.
credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch�- Drop aarch64-maybe-uninitialized.patch as the fix is in tarball.�- refresh the migration patches to state v20210713
removed libxc-sr-add-xc_is_known_page_type.patch
removed libxc-sr-arrays.patch
removed libxc-sr-batch_pfns.patch
removed libxc-sr-page_type_has_stream_data.patch
removed libxc-sr-use-xc_is_known_page_type.patch
removed libxc.migrate_tracking.patch
removed libxc.sr.superpage.patch
removed libxl.set-migration-constraints-from-cmdline.patch
added libxc-sr-383b41974d5543b62f3181d216070fe3691fb130.patch
added libxc-sr-5588ebcfca774477cf823949e5703b0ac48818cc.patch
added libxc-sr-9e59d9f8ee3808acde9833192211da25f66d8cc2.patch
added libxc-sr-LIBXL_HAVE_DOMAIN_SUSPEND_PROPS.patch
added libxc-sr-abort_if_busy.patch
added libxc-sr-f17a73b3c0264c62dd6b5dae01ed621c051c3038.patch
added libxc-sr-max_iters.patch
added libxc-sr-min_remaining.patch
added libxc-sr-number-of-iterations.patch
added libxc-sr-precopy_policy.patch
added libxc-sr-restore-hvm-legacy-superpage.patch
added libxc-sr-track-migration-time.patch
added libxc-sr-xg_sr_bitmap-populated_pfns.patch
added libxc-sr-xg_sr_bitmap.patch
added libxc-sr-xl-migration-debug.patch�- bsc#1176189 - xl monitoring process exits during xl save -p|-c
keep the monitoring process running to cleanup the domU during shutdown
xl-save-pc.patch�- bsc#1179246 - Dom0 hangs when pinning CPUs for dom0 with HVM guest
60be0e24-credit2-pick-runnable-unit.patch
60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
- Upstream bug fixes (bsc#1027519)
60bf9e19-Arm-create-dom0less-domUs-earlier.patch (Replaces xsa372-1.patch)
60bf9e1a-Arm-boot-modules-scrubbing.patch (Replaces xsa372-2.patch)
60bf9e1b-VT-d-size-qinval-queue-dynamically.patch (Replaces xsa373-1.patch)
60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch (Replaces xsa373-2.patch)
60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch (Replaces xsa373-2.patch)
60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch (Replaces xsa375.patch)
60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch (Replaces xsa377.patch)
60bfa904-AMD-IOMMU-wait-for-command-slot.patch (Replaces xsa373-4.patch)
60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch (Replaces xsa373-5.patch)
60afe617-x86-TSX-minor-cleanup-and-improvements.patch
60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch
60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
60c0bf86-x86-TSX-cope-with-deprecation.patch
60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
60c8de6e-osdep_xenforeignmemory_map-prototype.patch
60d49689-VT-d-undo-device-mappings-upon-error.patch
60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
- Dropped gcc11-fixes.patch�- bsc#1183243 - L3: Core cannot be opened when using xl dump-core
of VM with PTF
60ba695e-tools-libs-ctrl-fix-xc_core_arch_map_p2m-to-support.patch�- bsc#1180350 - some long deprecated commands were finally removed
in qemu6. Adjust libxl to use supported commands.
libxl-d5f54009dba11d04bfe2a28eee47b994de66b84a.patch
libxl-f3f778c81769075ac0eb93b98d4b2803e7936453.patch
libxl-4e217db45e83fc3173382306c8b03da86099a25d.patch
libxl-85760c03d664400368a3f76ae0225307c25049a7.patch
libxl-0ff26a3225d69ffec76fe5aca8296852fa951204.patch
libxl-7c313e8365eb663311a0cf39f77b4f5880244765.patch
libxl-0c0b3a7e4a2d65fd252b89b46bdcdb048bb24b6c.patch
libxl-fe6630ddc4e8a8fbf8dd28a1bc58e3881393f9c1.patch
libxl-qemu6-vnc-password.patch
libxl-qemu6-scsi.patch�- Update logrotate.conf, move global options into per-file sections
to prevent globbering of global state (bsc#1187406)�- Fix shell macro expansion in xen.spec, so that ExecStart=
in xendomains-wait-disks.service is created correctly (bsc#1183877)�- bsc#1186428 - VUL-0: CVE-2021-28693: xen: xen/arm: Boot modules
are not scrubbed (XSA-372)
xsa372-1.patch
xsa372-2.patch
- bsc#1186429 - VUL-0: CVE-2021-28692: xen: inappropriate x86 IOMMU
timeout detection / handling (XSA-373)
xsa373-1.patch
xsa373-2.patch
xsa373-3.patch
xsa373-4.patch
xsa373-5.patch
- bsc#1186433 - VUL-0: CVE-2021-0089: xen: Speculative Code Store
Bypass (XSA-375)
xsa375.patch
- bsc#1186434 - VUL-0: CVE-2021-28690: xen: x86: TSX Async Abort
protections not restored after S3 (XSA-377)
xsa377.patch
- Upstream bug fixes (bsc#1027519)
60a27288-x86emul-gas-2-36-test-harness-build.patch
60af933d-x86-gcc11-hypervisor-build.patch
60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch�- Upstream bug fix (bsc#1027519)
608676f2-VT-d-register-based-invalidation-optional.patch�- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
format as expected by fillup. (bsc#1185682)
Each comment needs to be followed by an enabled key. Otherwise
fillup will remove manually enabled key=value pairs, along with
everything that looks like a stale comment, during next pkg update�- Refresh xenstore-launch.patch to cover also daemon case�- Update to Xen 4.14.2 bug fix release (bsc#1027519)
xen-4.14.2-testing-src.tar.bz2
- Drop patches contained in new tarball
5fedf9f4-x86-hpet_setup-fix-retval.patch
5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
5ff71655-x86-dpci-EOI-regardless-of-masking.patch
5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
600999ad-x86-dpci-do-not-remove-pirqs-from.patch
600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
6011bbc7-x86-timer-fix-boot-without-PIT.patch
6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
6013e546-x86-HVM-reorder-domain-init-error-path.patch
601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
602bd768-page_alloc-only-flush-after-scrubbing.patch
602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
60410127-gcc11-adjust-rijndaelEncrypt.patch
60422428-x86-shadow-avoid-fast-fault-path.patch
604b9070-VT-d-disable-QI-IR-before-init.patch
60535c11-libxl-domain-soft-reset.patch
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
60787714-x86-HPET-avoid-legacy-replacement-mode.patch�- bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!"
60787714-x86-HPET-avoid-legacy-replacement-mode.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
- Upstream bug fixes (bsc#1027519)
60410127-gcc11-adjust-rijndaelEncrypt.patch
60422428-x86-shadow-avoid-fast-fault-path.patch
604b9070-VT-d-disable-QI-IR-before-init.patch
60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch)
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch�- bsc#1137251 - Restore changes for xen-dom0-modules.service which
were silently removed on 2019-10-17�- bsc#1177112 - Fix libxc.sr.superpage.patch
The receiving side did detect holes in a to-be-allocated superpage,
but allocated a superpage anyway. This resulted to over-allocation.�- bsc#1167608 - adjust limit for max_event_channels
A previous change allowed an unbound number of event channels
to make sure even large domUs can start of of the box.
This may have a bad side effect in the light of XSA-344.
Adjust the built-in limit based on the number of vcpus.
In case this is not enough, max_event_channels=/maxEventChannels=
has to be used to set the limit as needed for large domUs
adjust libxl.max_event_channels.patch�- bsc#1183072 - VUL-0: CVE-2021-28687: xen: HVM soft-reset crashes
toolstack (XSA-368). Also resolves,
bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl
bsc#1181989 - openQA job causes libvirtd to dump core when
running kdump inside domain
xsa368.patch�- bsc#1177204 - L3-Question: conring size for XEN HV's with huge
memory to small. Inital Xen logs cut
5ffc58c4-ACPI-reduce-verbosity-by-default.patch
- Upstream bug fixes (bsc#1027519)
601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
602bd768-page_alloc-only-flush-after-scrubbing.patch
602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
- bsc#1181921 - GCC 11: xen package fails
gcc11-fixes.patch�- bsc#1182576 - L3: XEN domU crashed on resume when using the xl
unpause command
602ffae9-tools-libs-light-fix-xl-save--c-handling.patch�- Start using the %autosetup macro to simplify patch management
xen.spec�- bsc#1181921 - GCC 11: xen package fails
gcc11-fixes.patch
- Drop gcc10-fixes.patch�- Upstream bug fixes (bsc#1027519)
5fedf9f4-x86-hpet_setup-fix-retval.patch
5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
5ff71655-x86-dpci-EOI-regardless-of-masking.patch
5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
600999ad-x86-dpci-do-not-remove-pirqs-from.patch (Replaces xsa360.patch)
600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
6013e546-x86-HVM-reorder-domain-init-error-path.patch
- bsc#1180491 - "Panic on CPU 0: IO-APIC + timer doesn't work!"
6011bbc7-x86-timer-fix-boot-without-PIT.patch�- bsc#1181254 - VUL-0: xen: IRQ vector leak on x86 (XSA-360)
xsa360.patch�- bsc#1180794 - bogus qemu binary path used when creating fv guest
under xen
xen.spec�- bsc#1180690 - L3-Question: xen: no needsreboot flag set
Add Provides: installhint(reboot-needed) in xen.spec for libzypp�- Update libxl.set-migration-constraints-from-cmdline.patch
Remove code which handled --max_factor. The total amount of
transferred data is no indicator to trigger the final stop+copy.
This should have been removed during upgrade to Xen 4.7.
Fix off-by-one in --max_iters, it caused one additional copy cycle.
Reduce default value of --max_iters from 5 to 2.
The workload within domU will continue to produce dirty pages.
It is unreasonable to expect any slowdown during migration.
Now there is one initial copy of all memory, one instead of four
iteration for dirty memory, and a final copy iteration prior move.�- Update to Xen 4.14.1 bug fix release (bsc#1027519)
xen-4.14.1-testing-src.tar.bz2
Contains the following recent security fixes
bsc#1179516 XSA-359 - CVE-2020-29571
bsc#1179514 XSA-358 - CVE-2020-29570
bsc#1179513 XSA-356 - CVE-2020-29567
bsc#1178963 XSA-355 - CVE-2020-29040
bsc#1178591 XSA-351 - CVE-2020-28368
bsc#1179506 XSA-348 - CVE-2020-29566
bsc#1179502 XSA-325 - CVE-2020-29483
bsc#1179501 XSA-324 - CVE-2020-29484
bsc#1179498 XSA-322 - CVE-2020-29481
bsc#1179496 XSA-115 - CVE-2020-29480
- Dropped patches contained in new tarball
5f1a9916-x86-S3-put-data-sregs-into-known-state.patch
5f21b9fd-x86-cpuid-APIC-bit-clearing.patch
5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch
5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch
5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch
5f560c42-x86-PV-64bit-segbase-consistency.patch
5f560c42-x86-PV-rewrite-segment-ctxt-switch.patch
5f5b6b7a-hypfs-fix-custom-param-writes.patch
5f607915-x86-HVM-more-consistent-IO-completion.patch
5f6a002d-x86-PV-handle-MSR_MISC_ENABLE-correctly.patch
5f6a0049-memory-dont-skip-RCU-unlock-in-acquire_resource.patch
5f6a0067-x86-vPT-fix-race-when-migrating-timers.patch
5f6a008e-x86-MSI-drop-read_msi_msg.patch
5f6a00aa-x86-MSI-X-restrict-reading-of-PBA-bases.patch
5f6a00c4-evtchn-relax-port_is_valid.patch
5f6a00df-x86-PV-avoid-double-exception-injection.patch
5f6a00f4-evtchn-add-missing-barriers.patch
5f6a0111-evtchn-x86-enforce-correct-upper-limit.patch
5f6a013f-evtchn_reset-shouldnt-succeed-with.patch
5f6a0160-evtchn-IRQ-safe-per-channel-lock.patch
5f6a0178-evtchn-address-races-with-evtchn_reset.patch
5f6a01a4-evtchn-preempt-in-evtchn_destroy.patch
5f6a01c6-evtchn-preempt-in-evtchn_reset.patch
5f6cfb5b-x86-PV-dont-GP-for-SYSENTER-with-NT-set.patch
5f6cfb5b-x86-PV-dont-clobber-NT-on-return-to-guest.patch
5f71a21e-x86-S3-fix-shadow-stack-resume.patch
5f76ca65-evtchn-Flask-prealloc-for-send.patch
5f76caaf-evtchn-FIFO-use-stable-fields.patch
5f897c25-x86-traps-fix-read_registers-for-DF.patch
5f897c7b-x86-smpboot-restrict-memguard_guard_stack.patch
5f8ed5d3-x86-mm-map_pages_to_xen-single-exit-path.patch
5f8ed5eb-x86-mm-modify_xen_mappings-one-exit-path.patch
5f8ed603-x86-mm-prevent-races-in-mapping-updates.patch
5f8ed635-IOMMU-suppress-iommu_dont_flush_iotlb-when.patch
5f8ed64c-IOMMU-hold-page-ref-until-TLB-flush.patch
5f8ed682-AMD-IOMMU-convert-amd_iommu_pte.patch
5f8ed69c-AMD-IOMMU-update-live-PTEs-atomically.patch
5f8ed6b0-AMD-IOMMU-suitably-order-DTE-mods.patch
xsa286-1.patch
xsa286-2.patch
xsa286-3.patch
xsa286-4.patch
xsa286-5.patch
xsa286-6.patch
xsa351-1.patch
xsa351-2.patch
xsa351-3.patch
xsa355.patch�- Pass --with-rundir to configure to get rid of /var/run�- bsc#1178736 - allow restart of xenwatchdogd, enable tuning of
keep-alive interval and timeout options via XENWATCHDOGD_ARGS=
add xenwatchdogd-options.patch
add xenwatchdogd-restart.patch�- bsc#1177112 - Fix libxc.sr.superpage.patch
The receiving side may punch holes incorrectly into optimistically
allocated superpages. Also reduce overhead in bitmap handling.
add libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch
add libxc-bitmap-long.patch
add libxc-bitmap-longs.patch�- boo#1029961 - Move files in xen-tools-domU to /usr/bin from /bin
xen-destdir.patch
Drop tmp_build.patch�- bsc#1176782 - L3: xl dump-core shows missing nr_pages during
core. If maxmem and current are the same the issue doesn't happen
5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch�- bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change
(XSA-355)
xsa355.patch�- Fix build error with libxl.fix-libacpi-dependency.patch�- Enhance libxc.migrate_tracking.patch
Hide SUSEINFO messages from pause/unpause/resume from xl command.
They are intended for libvirt logging, but lacked info about
execution context.
Remove extra logging about dirty pages in each iteration, the
number of transferred pages + protocol overhead is already
reported elsewhere.�- Remove libxl.libxl__domain_pvcontrol.patch
It is already part of 4.14.0-rc1�- bsc#1178591 - VUL-0: CVE-2020-28368: xen: Intel RAPL sidechannel
attack aka PLATYPUS attack aka XSA-351
xsa351-1.patch
xsa351-2.patch
xsa351-3.patch�- bsc#1177950 - adjust help for --max_iters, default is 5
libxl.set-migration-constraints-from-cmdline.patch�- jsc#SLE-16899 - improve performance of live migration
remove allocations and memcpy from hotpaths on sending and
receiving side to get more throughput on 10Gbs+ connections
libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
libxc-sr-add-xc_is_known_page_type.patch
libxc-sr-arrays.patch
libxc-sr-batch_pfns.patch
libxc-sr-page_type_has_stream_data.patch
libxc-sr-readv_exact.patch
libxc-sr-restore-handle_buffered_page_data.patch
libxc-sr-restore-handle_incoming_page_data.patch
libxc-sr-restore-map_errs.patch
libxc-sr-restore-mfns.patch
libxc-sr-restore-pfns.patch
libxc-sr-restore-populate_pfns-mfns.patch
libxc-sr-restore-populate_pfns-pfns.patch
libxc-sr-restore-read_record.patch
libxc-sr-restore-types.patch
libxc-sr-save-errors.patch
libxc-sr-save-guest_data.patch
libxc-sr-save-iov.patch
libxc-sr-save-local_pages.patch
libxc-sr-save-mfns.patch
libxc-sr-save-rec_pfns.patch
libxc-sr-save-show_transfer_rate.patch
libxc-sr-save-types.patch
libxc-sr-use-xc_is_known_page_type.patch
adjust libxc.sr.superpage.patch
adjust libxc.migrate_tracking.patch�- Upstream bug fixes (bsc#1027519)
5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch
5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch
5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch
5f560c42-x86-PV-rewrite-segment-ctxt-switch.patch
5f5b6b7a-hypfs-fix-custom-param-writes.patch
5f607915-x86-HVM-more-consistent-IO-completion.patch
5f6cfb5b-x86-PV-dont-GP-for-SYSENTER-with-NT-set.patch
5f6cfb5b-x86-PV-dont-clobber-NT-on-return-to-guest.patch
5f71a21e-x86-S3-fix-shadow-stack-resume.patch
5f76ca65-evtchn-Flask-prealloc-for-send.patch
5f76caaf-evtchn-FIFO-use-stable-fields.patch
5f897c25-x86-traps-fix-read_registers-for-DF.patch
5f897c7b-x86-smpboot-restrict-memguard_guard_stack.patch
- Renamed patches
5f560c42-x86-PV-64bit-segbase-consistency.patch
Replaces 5f5b6951-x86-PV-64bit-segbase-consistency.patch
5f6a002d-x86-PV-handle-MSR_MISC_ENABLE-correctly.patch
Replaces 5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch
5f6a0049-memory-dont-skip-RCU-unlock-in-acquire_resource.patch
Replaces 5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch
5f6a0067-x86-vPT-fix-race-when-migrating-timers.patch
Replaces 5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch
5f6a008e-x86-MSI-drop-read_msi_msg.patch
Replaces 5f6a05fa-msi-get-rid-of-read_msi_msg.patch
5f6a00aa-x86-MSI-X-restrict-reading-of-PBA-bases.patch
Replaces 5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch
5f6a00c4-evtchn-relax-port_is_valid.patch
Replaces 5f6a062c-evtchn-relax-port_is_valid.patch
5f6a00df-x86-PV-avoid-double-exception-injection.patch
Replaces 5f6a065c-pv-Avoid-double-exception-injection.patch
5f6a00f4-evtchn-add-missing-barriers.patch
Replaces 5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch
5f6a0111-evtchn-x86-enforce-correct-upper-limit.patch
Replaces 5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch
5f6a013f-evtchn_reset-shouldnt-succeed-with.patch
Replaces 5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch
5f6a0160-evtchn-IRQ-safe-per-channel-lock.patch
Replaces 5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch
5f6a0178-evtchn-address-races-with-evtchn_reset.patch
Replaces 5f6a06f2-evtchn-address-races-with-evtchn_reset.patch
5f6a01a4-evtchn-preempt-in-evtchn_destroy.patch
Replaces 5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch
5f6a01c6-evtchn-preempt-in-evtchn_reset.patch
Replaces 5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch�- bsc#1177409 - VUL-0: CVE-2020-27674: xen: x86 PV guest
INVLPG-like flushes may leave stale TLB entries (XSA-286)
xsa286-1.patch
xsa286-2.patch
xsa286-3.patch
xsa286-4.patch
xsa286-5.patch
xsa286-6.patch
- bsc#1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen
mapping code (XSA-345)
5f8ed5d3-x86-mm-map_pages_to_xen-single-exit-path.patch
5f8ed5eb-x86-mm-modify_xen_mappings-one-exit-path.patch
5f8ed603-x86-mm-prevent-races-in-mapping-updates.patch
- bsc#1177413 - VUL-0: CVE-2020-27671: xen: undue deferral of IOMMU
TLB flushes (XSA-346)
5f8ed635-IOMMU-suppress-iommu_dont_flush_iotlb-when.patch
5f8ed64c-IOMMU-hold-page-ref-until-TLB-flush.patch
- bsc#1177414 - VUL-0: CVE-2020-27670: xen: unsafe AMD IOMMU page
table updates (XSA-347)
5f8ed682-AMD-IOMMU-convert-amd_iommu_pte.patch
5f8ed69c-AMD-IOMMU-update-live-PTEs-atomically.patch
5f8ed6b0-AMD-IOMMU-suitably-order-DTE-mods.patch�- Update libxc.sr.superpage.patch
set errno in x86_hvm_alloc_4k (bsc#1177112)�- bsc#1176339 - VUL-0: CVE-2020-25602: xen: x86 pv: Crash when
handling guest access to MSR_MISC_ENABLE (XSA-333)
5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch
- bsc#1176341 - VUL-0: CVE-2020-25598: xen: Missing unlock in
XENMEM_acquire_resource error path (XSA-334)
5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch
- bsc#1176343 - VUL-0: CVE-2020-25604: xen: race when migrating
timers between x86 HVM vCPU-s (XSA-336)
5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch
- bsc#1176344 - VUL-0: CVE-2020-25595: xen: PCI passthrough code
reading back hardware registers (XSA-337)
5f6a05fa-msi-get-rid-of-read_msi_msg.patch
5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch
- bsc#1176346 - VUL-0: CVE-2020-25597: xen: once valid event
channels may not turn invalid (XSA-338)
5f6a062c-evtchn-relax-port_is_valid.patch
- bsc#1176345 - VUL-0: CVE-2020-25596: xen: x86 pv guest kernel
DoS via SYSENTER (XSA-339)
5f6a065c-pv-Avoid-double-exception-injection.patch
- bsc#1176347 - VUL-0: CVE-2020-25603: xen: Missing barrier
barriers when accessing/allocating an event channel (XSA-340)
5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch
- bsc#1176348 - VUL-0: CVE-2020-25600: xen: out of bounds event
channels available to 32-bit x86 domains (XSA-342)
5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch
- bsc#1176349 - VUL-0: CVE-2020-25599: xen: races with
evtchn_reset() (XSA-343)
5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch
5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch
5f6a06f2-evtchn-address-races-with-evtchn_reset.patch
- bsc#1176350 - VUL-0: CVE-2020-25601: xen: lack of preemption in
evtchn_reset() / evtchn_destroy() (XSA-344)
5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch
5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch
- Upstream bug fix (bsc#1027519)
5f5b6951-x86-PV-64bit-segbase-consistency.patch�- Fix problems in xen.spec with building on aarch64�- Make use of %service_del_postun_without_restart while preserving
the old behavior for older distros.
- In %post tools, remove unnecessary qemu symlinks.�- Fix error in xen-tools %post when linking pvgrub64.bin
- Make paths below libexec more explicit
- Create symlink also for pvgrub32.bin�- Revert previous libexec change for qemu compat wrapper
The path is used in existing domU.xml files in the emulator field
- Escape some % chars in xen.spec, they have to appear verbatim�- Enhance libxc.migrate_tracking.patch
Print number of allocated pages on sending side, this is more
accurate than p2m_size.�- jsc#SLE-15926 - Dev: XEN: drop netware support
Dropped the following patches
pygrub-netware-xnloader.patch
xnloader.py
Refreshed pygrub-boot-legacy-sles.patch�- Fix build on aarch64 with gcc10
- Package xenhypfs for aarch64�- Correct license name
* GPL-3.0+ is now GPL-3.0-or-later�- Upstream bug fixes (bsc#1027519)
5f1a9916-x86-S3-put-data-sregs-into-known-state.patch
5f21b9fd-x86-cpuid-APIC-bit-clearing.patch�- Update to Xen 4.14.0 FCS release
xen-4.14.0-testing-src.tar.bz2
* Linux stubdomains (contributed by QUBES OS)
* Control-flow Enforcement Technology (CET) Shadow Stack support (contributed by Citrix)
* Lightweight VM fork for fuzzing / introspection. (contributed by Intel)
* Livepatch: buildid and hotpatch stack requirements
* CONFIG_PV32
* Hypervisor FS support
* Running Xen as a Hyper-V Guest
* Domain ID randomization, persistence across save / restore
* Golang binding autogeneration
* KDD support for Windows 7, 8.x and 10
- Dropped patches contained in new tarball
5eb51be6-cpupool-fix-removing-cpu-from-pool.patch
5eb51caa-sched-vcpu-pause-flags-atomic.patch
5ec2a760-x86-determine-MXCSR-mask-always.patch
5ec50b05-x86-idle-rework-C6-EOI-workaround.patch
5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch
5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch
5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch
5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch
5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch
5ed69804-x86-ucode-fix-start-end-update.patch
5eda60cb-SVM-split-recalc-NPT-fault-handling.patch
5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch
5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch
5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch
5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch
xsa317.patch
xsa319.patch
xsa321-1.patch
xsa321-2.patch
xsa321-3.patch
xsa321-4.patch
xsa321-5.patch
xsa321-6.patch
xsa321-7.patch
xsa328-1.patch
xsa328-2.patch�- bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to
attach on next reboot while it should be live attached
ignore-ip-command-script-errors.patch�- Enhance libxc.migrate_tracking.patch
After transfer of domU memory, the target host has to assemble
the backend devices. Track the time prior xc_domain_unpause.�- Add libxc.migrate_tracking.patch to track live migrations
unconditionally in logfiles, especially in libvirt.
This will track how long a domU was suspended during transit.�- bsc#1173376 - VUL-0: CVE-2020-15566: xen: XSA-317 - Incorrect
error handling in event channel port allocation
xsa317.patch
- bsc#1173377 - VUL-0: CVE-2020-15563: xen: XSA-319 - inverted code
paths in x86 dirty VRAM tracking
xsa319.patch
- bsc#1173378 - VUL-0: CVE-2020-15565: xen: XSA-321 - insufficient
cache write- back under VT-d
xsa321-1.patch
xsa321-2.patch
xsa321-3.patch
xsa321-4.patch
xsa321-5.patch
xsa321-6.patch
xsa321-7.patch
- bsc#1173380 - VUL-0: CVE-2020-15567: xen: XSA-328 - non-atomic
modification of live EPT PTE
xsa328-1.patch
xsa328-2.patch�- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer
Data Sampling (SRBDS) aka "CrossTalk" (XSA-320)
5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch
5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch (Replaces xsa320-1.patch)
5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch (Replaces xsa320-2.patch)
- Upstream bug fixes (bsc#1027519)
5ec50b05-x86-idle-rework-C6-EOI-workaround.patch
5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch
5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch
5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch
5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch
5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch
5ed69804-x86-ucode-fix-start-end-update.patch
5eda60cb-SVM-split-recalc-NPT-fault-handling.patch
5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch�- Fixes for %_libexecdir changing to /usr/libexec�- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer
Data Sampling (SRBDS) aka "CrossTalk" (XSA-320)
xsa320-1.patch
xsa320-2.patch�- Update to Xen 4.13.1 bug fix release (bsc#1027519)
xen-4.13.1-testing-src.tar.bz2
5eb51be6-cpupool-fix-removing-cpu-from-pool.patch
5eb51caa-sched-vcpu-pause-flags-atomic.patch
5ec2a760-x86-determine-MXCSR-mask-always.patch
- Drop patches contained in new tarball
5de65f84-gnttab-map-always-do-IOMMU-part.patch
5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch
5e15e03d-sched-fix-S3-resume-with-smt=0.patch
5e16fb6a-x86-clear-per-cpu-stub-page-info.patch
5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch
5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch
5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch
5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch
5e318cd4-x86-apic-fix-disabling-LVT0.patch
5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch
5e3bd385-EFI-recheck-variable-name-strings.patch
5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch
5e3bd3f8-xmalloc-guard-against-overflow.patch
5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch
5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch
5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch
5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch
5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch
5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch
5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch
5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch
5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch
5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch
5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch
5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch
5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch
5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch
5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch
5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch
5e86f7fd-credit2-fix-credit-too-few-resets.patch
5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch
5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch
5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch
5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch
5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch
5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch�- spec: Remove invocation of autogen.sh
- spec: Recommend qemu-ovmf-x86_64 to provide UEFI firmwares�- bsc#1170968 - GCC 10: xen build fails on i586
gcc10-fixes.patch�- bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation
handling in GNTTABOP_copy (XSA-318)
5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch�- bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313
multiple xenoprof issues
5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch
5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch
- bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing
memory barriers in read-write unlock paths
5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch
- bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error
path in GNTTABOP_map_grant
5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch
- bsc#1167152 - L3: Xenstored Crashed during VM install Need Core
analyzed
5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch
- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog
bug soft lockup CPU #0 stuck under high load / upstream with
workaround. See also bsc#1134506
5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch
5e86f7fd-credit2-fix-credit-too-few-resets.patch
- Drop for upstream solution (bsc#1165206)
01-xen-credit2-avoid-vcpus-to.patch
default-to-credit1-scheduler.patch
- Upstream bug fixes (bsc#1027519)
5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch
5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch
5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch
5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch
5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch
5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch
5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch
5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch
5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch
5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch
5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch�- bsc#1167608 - unbound limit for max_event_channels
domUs with many vcpus and/or resources fail to start
libxl.max_event_channels.patch�- bsc#1161480 - Fix xl shutdown for HVM without PV drivers
add libxl.libxl__domain_pvcontrol.patch�- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog
bug soft lockup CPU #0 stuck under high load / upstream with
workaround. See also bsc#1134506
01-xen-credit2-avoid-vcpus-to.patch�- bsc#1158414 - GCC 10: xen build fails
gcc10-fixes.patch�- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog
bug soft lockup CPU #0 stuck under high load / upstream with
workaround. See also bsc#1134506
default-to-credit1-scheduler.patch�- bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate
past the ERET instruction
5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch
- bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch
hardening
5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch
- Upstream bug fixes (bsc#1027519)
5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch
5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch
5e318cd4-x86-apic-fix-disabling-LVT0.patch
5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch
5e3bd385-EFI-recheck-variable-name-strings.patch
5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch
5e3bd3f8-xmalloc-guard-against-overflow.patch
5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch
5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch
5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch�- bsc#1159755 - use fixed qemu-3.1 machine type for HVM
This must be done in qemu to preserve PCI layout
remove libxl.lock-qemu-machine-for-hvm.patch�- jsc#SLE-10183 - script to calculate cpuid= mask
add helper script from https://github.com/twizted/xen_maskcalc
domUs may be migrated between different cpus from the same vendor
if their visible cpuid value has incompatible feature bits masked.�- jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains
add helper script and systemd service from
https://github.com/luizluca/xen-tools-xendomains-wait-disk
in new sub package xen-tools-xendomains-wait-disk
See included README for usage instructions
xendomains-wait-disks.LICENSE
xendomains-wait-disks.README.md
xendomains-wait-disks.sh�- bsc#1159755 - use fixed qemu-3.1 machine type for HVM
qemu4 introduced incompatible changes in pc-i440fx, which revealed
a design bug in 'xenfv'. Live migration from domUs started with
qemu versions prior qemu4 can not be received with qemu4+.
libxl.lock-qemu-machine-for-hvm.patch�- Upstream bug fixes (bsc#1027519)
5de65f84-gnttab-map-always-do-IOMMU-part.patch
5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch
5e15e03d-sched-fix-S3-resume-with-smt=0.patch
5e16fb6a-x86-clear-per-cpu-stub-page-info.patch
5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch�- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
Allow OBS to shortcut through the -mini flavors.�- bsc#1159320 - Xen logrotate file needs updated
logrotate.conf�- Update to Xen 4.13.0 FCS release
xen-4.13.0-testing-src.tar.bz2
* Core Scheduling (contributed by SUSE)
* Branch hardening to mitigate against Spectre v1 (contributed by Citrix)
* Late uCode loading (contributed by Intel)
* Improved live-patching build tools (contributed by AWS)
* OP-TEE support (contributed by EPAM)
* Renesas R-CAR IPMMU-VMSA driver (contributed by EPAM)
* Dom0-less passthrough and ImageBuilder (contributed by XILINX)
* Support for new Hardware�- Update to Xen 4.13.0 RC4 release
xen-4.13.0-testing-src.tar.bz2
- Rebase libxl.pvscsi.patch�- Update to Xen 4.13.0 RC3 release
xen-4.13.0-testing-src.tar.bz2
- Drop python38-build.patch�- Update to Xen 4.13.0 RC2 release
xen-4.13.0-testing-src.tar.bz2�- Add python38-build.patch fixing build with Python 3.8 (add
- -embed to python-config call)�- Update to Xen 4.13.0 RC1 release
xen-4.13.0-testing-src.tar.bz2
- Drop patches contained in new tarball or invalid
5ca7660f-x86-entry-drop-unused-includes.patch
5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch
5cab2ab7-x86-IOMMU-introduce-init-ops.patch
5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch
5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch
5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch
5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch
5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch
5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch
5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch
5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch
5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch
5d358508-x86-IRQ-desc-affinity-represents-request.patch
5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch
5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch
5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch
5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch
5d417813-AMD-IOMMU-bitfield-extended-features.patch
5d417838-AMD-IOMMU-bitfield-control-reg.patch
5d41785b-AMD-IOMMU-bitfield-IRTE.patch
5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch
5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch
5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch
5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch
5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch
5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch
5d417b38-AMD-IOMMU-correct-IRTE-updating.patch
5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch
5d419d49-x86-spec-ctrl-report-proper-status.patch
5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch
5d4a9d25-AMD-IOMMU-drop-not-found-message.patch
5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch
5d4afa7a-credit2-fix-memory-leak.patch
5d4d850a-introduce-bss-percpu-page-aligned.patch
5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch
5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch
5d6524ca-x86-mm-correctly-init-M2P-entries.patch
5d67ceaf-x86-properly-gate-PKU-clearing.patch
5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch
5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch
5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch
5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch
5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch
5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch
5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch
5d80ea13-vpci-honor-read-only-devices.patch
5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch
5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch
5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch
5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch
5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch
5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch
5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch
5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch
5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch
5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch
CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch
blktap2-no-uninit.patch
libxl.prepare-environment-for-domcreate_stream_done.patch
pygrub-python3-conversion.patch
fix-xenpvnetboot.patch�- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines
5d9ee2a8-AMD-IOMMU-alloc-1-devtab-per-PCI-seg.patch
5d9ee2f0-AMD-IOMMU-allocate_buffer-avoid-memset.patch
5d9ee312-AMD-IOMMU-prefill-all-DTEs.patch�- bsc#1120095 - add code to change LIBXL_HOTPLUG_TIMEOUT at runtime
The included README has details about the impact of this change
libxl.LIBXL_HOTPLUG_TIMEOUT.patch�- bsc#1135799 - Partner-L3: Xen crashes on AMD ROME based machines
5ca7660f-x86-entry-drop-unused-includes.patch
5cf8da09-adjust-sysdom-creation-call-earlier-on-x86.patch
5cab2a6b-x86-ACPI-also-parse-AMD-tables-early.patch
5cab2ab7-x86-IOMMU-introduce-init-ops.patch
5cab2ae8-x86-IOMMU-abstract-iommu_supports_eim.patch
5cab2b4e-x86-IOMMU-abstract-iommu_enable_x2apic_IR.patch
5cab2b95-x86-IOMMU-initialize-iommu_ops-in.patch
5cac9a4b-x86-IOMMU-abstract-adjust_vtd_irq_affinities.patch
5cdeac7f-AMD-IOMMU-adjust-IOMMU-list-head-init.patch
5d0cf4e4-AMD-IOMMU-initialize-IRQ-tasklet-once.patch
5d149bb0-AMD-IOMMU-dont-add-IOMMUs.patch
5d1b3fab-AMD-IOMMU-restrict-feature-logging.patch
5d358508-x86-IRQ-desc-affinity-represents-request.patch
5d358534-x86-IRQ-consolidate-arch-cpu_mask-use.patch
5d358a67-AMD-IOMMU-pass-IOMMU-to-iterate_ivrs_entries-cb.patch
5d358a92-AMD-IOMMU-pass-IOMMU-to-amd_iommu_alloc_intremap_table.patch
5d39811c-x86-IOMMU-dont-restrict-IRQ-affinities.patch
5d417813-AMD-IOMMU-bitfield-extended-features.patch
5d417838-AMD-IOMMU-bitfield-control-reg.patch
5d41785b-AMD-IOMMU-bitfield-IRTE.patch
5d41787e-AMD-IOMMU-pass-IOMMU-to-gfu-intremap-entry.patch
5d4178ad-AMD-IOMMU-128bit-non-guest-APIC-IRTE.patch
5d4178fc-AMD-IOMMU-split-amd_iommu_init_one.patch
5d41793f-AMD-IOMMU-allow-enabling-without-IRQ.patch
5d417a16-AMD-IOMMU-adjust-IRQ-setup-for-x2APIC.patch
5d417ab6-AMD-IOMMU-enable-x2APIC-mode.patch
5d417b38-AMD-IOMMU-correct-IRTE-updating.patch
5d417b6a-AMD-IOMMU-dont-needlessly-log-headers.patch
5d4a9d25-AMD-IOMMU-drop-not-found-message.patch
5d80e7c0-AMD-IOMMU-free-shared-IRT-once.patch
5d80e80d-AMD-IOMMU-valid-flag-for-IVRS-mappings.patch
5d80e82e-AMD-IOMMU-alloc_intremap_table-callers-handle-errors.patch
5d80e857-x86-PCI-read-MSI-X-table-entry-count-early.patch
5d8b72e5-AMD-IOMMU-dont-blindly-alloc-intremap-tables.patch
5d8b730e-AMD-IOMMU-phantom-funcs-share-intremap-tables.patch
5d8b733b-x86-PCI-read-max-MSI-vector-count-early.patch
5d8b736d-AMD-IOMMU-replace-INTREMAP_ENTRIES.patch
5d8b7393-AMD-IOMMU-restrict-intremap-table-sizes.patch
- bsc#1145240 - [Migration]Can't pre-allocate 1 shadow pages
5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch
- bsc#1137717 - [HPS Bug] Unable to install Windows Server 2016
with 2 CPUs setting (or above) under SLES12 SP4 Xen Server on AMD
ROME platform
5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch
- Upstream bug fixes (bsc#1027519)
5d67ceaf-x86-properly-gate-PKU-clearing.patch
5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch
5d77b40f-fix-hvm_all_ioreq_servers_add_vcpu-cleanup.patch
5d80ea13-vpci-honor-read-only-devices.patch
5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch�- bsc#1145774 - Libivrtd segfaults when trying to live migrate a VM
Fix crash in an error path of libxl_domain_suspend with
libxl.helper_done-crash.patch�- Upstream bug fixes (bsc#1027519)
5d419d49-x86-spec-ctrl-report-proper-status.patch
5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch
5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch
5d4afa7a-credit2-fix-memory-leak.patch
5d4d850a-introduce-bss-percpu-page-aligned.patch
5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch
5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch
5d6524ca-x86-mm-correctly-init-M2P-entries.patch
- Drop 5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch�- Preserve modified files which used to be marked as %config,
rename file.rpmsave to file�- Update to Xen 4.12.1 bug fix release (bsc#1027519)
xen-4.12.1-testing-src.tar.bz2
- Drop patches contained in new tarball
5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch
5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch
5c87b6c8-drop-arch_evtchn_inject.patch
5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch
5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch
5c8f752c-x86-e820-build-with-gcc9.patch
5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch
5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch
5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch
5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch
5c9e63c5-credit2-SMT-idle-handling.patch
5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch
5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch
5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch
5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch
5cd921fb-trace-fix-build-with-gcc9.patch
5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch
5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch
5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch
5cd926d0-bitmap_fill-zero-sized.patch
5cd92724-drivers-video-drop-constraints.patch
5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch
5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch
5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch
5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch
5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch
5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch
5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch
5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch
5cdeb9fd-sched-fix-csched2_deinit_pdata.patch
5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch
5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch
5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch
5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch
5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch
5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch
5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch
5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch
5d03a0c4-6-Arm64-cmpxchg-simplify.patch
5d03a0c4-7-Arm32-cmpxchg-simplify.patch
5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch
5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch
5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch
5d03a0c4-B-bitops-guest-helpers.patch
5d03a0c4-C-cmpxchg-guest-helpers.patch
5d03a0c4-D-use-guest-atomics-helpers.patch
5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch
5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch
- Refreshed patches
libxl.pvscsi.patch�- bsc#1143563 - Speculative mitigation facilities report wrong status
5d419d49-x86-spec-ctrl-facilities-report-wrong-status.patch�- Update xen-dom0-modules.service (bsc#1137251)
Map backend module names from pvops and xenlinux kernels to a
module alias. This avoids errors from modprobe about unknown
modules. Ignore a few xenlinux modules that lack aliases.�- Gcc9 warnings seem to be cleared up with upstream fixes.
Drop gcc9-ignore-warnings.patch�- bsc#1138563 - L3: xenpvnetboot improperly ported to Python 3
fix-xenpvnetboot.patch�- Move /etc/modprobe.d/xen_loop.conf to /lib/modprobe.d/xen_loop.conf�- Remove /etc/xen/xenapiusers and /etc/pam.d/xen-api�- Remove all upstream provided files in /etc/xen
They are not required at runtime. The host admin is now
responsible if he really needs anything in this subdirectory.�- In our effort to make /etc fully admin controlled, move /etc/xen/scripts
to libexec/xen/scripts with xen-tools.etc_pollution.patch�- Move /etc/bash_completion.d/xl.sh to %{_datadir}/bash-completion/completions�- bsc#1138294 - VUL-0: CVE-2019-17349: XSA-295: Unlimited Arm
Atomics Operations
5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch
5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch
5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch
5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch
5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch
5d03a0c4-6-Arm64-cmpxchg-simplify.patch
5d03a0c4-7-Arm32-cmpxchg-simplify.patch
5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch
5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch
5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch
5d03a0c4-B-bitops-guest-helpers.patch
5d03a0c4-C-cmpxchg-guest-helpers.patch
5d03a0c4-D-use-guest-atomics-helpers.patch
5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch
5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch
- Upstream bug fixes (bsc#1027519)
5c87b6c8-drop-arch_evtchn_inject.patch
5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch
5cd921fb-trace-fix-build-with-gcc9.patch
5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch
5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch
5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch
5cd926d0-bitmap_fill-zero-sized.patch
5cd92724-drivers-video-drop-constraints.patch
5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch (Replaces xsa297-0a.patch)
5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch (Replaces xsa297-0b.patch)
5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch (Replaces xsa297-0c.patch)
5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch (Replaces xsa297-0d.patch)
5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch (Replaces xsa297-1.patch)
5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch (Replaces xsa297-2.patch)
5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch (Replaces xsa297-3.patch)
5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch
5cdeb9fd-sched-fix-csched2_deinit_pdata.patch
5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch
5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch
5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch�- Fix some outdated information in the readme
README.SUSE�- spec: xen-tools: require matching version of xen package
bsc#1137471�- Remove two stale patches
xen.build-compare.man.patch
xenpaging.doc.patch�- Disable LTO (boo#1133296).�- Remove arm32 from ExclusiveArch to fix build�- bsc#1111331 - VUL-0: CPU issues Q2 2019 aka "Group 4".
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
xsa297-0a.patch
xsa297-0b.patch
xsa297-0c.patch
xsa297-0d.patch
xsa297-1.patch
xsa297-2.patch
xsa297-3.patch
- Update 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch and
drop 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch
Refresh 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch�- bsc#1131811 - [XEN] internal error: libxenlight failed to create
new domain. This patch is a workaround for a systemd issue. See
patch header for additional comments.
xenstore-launch.patch�- bsc#1125378 - [xen][pygrub] Can not restore sle11sp4 pv guest
after upgrading host from sle11sp4 to sle15sp1
pygrub-python3-conversion.patch
- Fix "TypeError: virDomainDefineXML() argument 2 must be str or
None, not bytes" when converting VMs from using the xm/xend
toolstack to the libxl/libvirt toolstack. (bsc#1123378)
xen2libvirt.py�- bsc#1124560 - Fully virtualized guests crash on boot
5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch
- bsc#1121391 - GCC 9: xen build fails
5c8f752c-x86-e820-build-with-gcc9.patch
- Upstream bug fixes (bsc#1027519)
5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch
5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch
5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch
5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch
5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch
5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch
5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch
5c9e63c5-credit2-SMT-idle-handling.patch
5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch
5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch
5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch
5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch�- Install pkgconfig files into libdir instead of datadir�- Update to Xen 4.12.0 FCS release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
* HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates
the HVM/PVH and PV code paths in Xen and provides KCONFIG
options to build a PV only or HVM/PVH only hypervisor.
* QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has
been vastly improved.
* Argo - Hypervisor-Mediated data eXchange: Argo is a new inter-
domain communication mechanism.
* Improvements to Virtual Machine Introspection: The VMI subsystem
which allows detection of 0-day vulnerabilities has seen many
functional and performance improvements.
* Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project
default scheduler.
* PVH Support: Grub2 boot support has been added to Xen and Grub2.
* PVH Dom0: PVH Dom0 support has now been upgraded from experimental
to tech preview.
* The Xen 4.12 upgrade also includes improved IOMMU mapping code,
which is designed to significantly improve the startup times of
AMD EPYC based systems.
* The upgrade also features Automatic Dom0 Sizing which allows the
setting of Dom0 memory size as a percentage of host memory (e.g.
10%) or with an offset (e.g. 1G+10%).�- bsc#1130485 - Please drop Requires on multipath-tools in
xen-tools. Now using Recommends multipath-tools.
xen.spec�- Update to Xen 4.12.0 RC7 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2�- Update to Xen 4.12.0 RC6 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2�- bsc#1026236 - add Xen cmdline option "suse_vtsc_tolerance" to
avoid TSC emulation for HVM domUs if their expected frequency
does not match exactly the frequency of the receiving host
xen.bug1026236.suse_vtsc_tolerance.patch�- Update to Xen 4.12.0 RC5 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2�- jsc#SLE-3059 - Disable Xen auto-ballooning
- Add CONFIG_DOM0_MEM to the spec file for managing dom0 memory.
xen.spec
- Disable autoballooning in xl.con
xl-conf-disable-autoballoon.patch�- Update gcc9-ignore-warnings.patch to fix build in SLE12�- bsc#1126325 - fix crash in libxl in error path
Setup of grant_tables and other variables may fail
libxl.prepare-environment-for-domcreate_stream_done.patch�- bsc#1127620 - Documentation for the xl configuration file allows
for firmware=pvgrub64 but we don't ship pvgrub64.
Create a link from grub.xen to pvgrub64
xen.spec�- Update to Xen 4.12.0 RC4 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
- Tarball also contains additional post RC4 security fixes for
Xen Security Advisories 287, 288, and 290 through 294.�- Update to Xen 4.12.0 RC3 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2�- Update to Xen 4.12.0 RC2 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2�- bsc#1121391 - GCC 9: xen build fails
gcc9-ignore-warnings.patch�- bsc#1122563 - Virtualization/xen: Bug no Xen on boot, missing
/proc/xen, after 4.11 -> 4.12 upgrade on X86_64/efi.
Keep xen.efi in /usr/lib64/efi for booting older distros.
xen.spec�- fate#326960: Package grub2 as noarch.
As part of the effort to have a unified bootloader across
architectures, modify the xen.spec file to move the Xen efi files
to /usr/share/efi/$(uname -m) from /usr/lib64/efi.�- Update to Xen 4.12.0 RC1 release (fate#325107, fate#323901)
xen-4.12.0-testing-src.tar.bz2
- Drop
5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch
5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch
5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch
5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch
5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch
5b9784d2-x86-HVM-add-known_gla-helper.patch
5b9784f2-x86-HVM-split-page-straddling-accesses.patch
5bdc31d5-VMX-fix-vmx_handle_eoi.patch
gcc8-fix-array-warning-on-i586.patch
gcc8-fix-format-warning-on-i586.patch
gcc8-inlining-failed.patch
xen.bug1079730.patch�- bsc#1121960 - xen: sync with Factory
xen.spec
xen.changes�- Replace old $RPM_* shell vars.
- Run fdupes for all architectures, and not crossing
subvolume boundaries.�- Do not run %fdupes on aarch64 to avoid the hardlink-across-partition
rpmlint error�- Require qemu-seabios only on x86* as it is not available on non-x86
systems�- Avoid creating dangling symlinks (bsc#1116524)
This reverts the revert of tmp_build.patch�- Update to Xen 4.11.1 bug fix release (bsc#1027519)
xen-4.11.1-testing-src.tar.bz2
- 5b505d59-tools-xentop-replace-use-of-deprecated-vwprintw.patch
replaces xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch
- 5b76ec82-libxl-arm-Fix-build-on-arm64-acpi-w-gcc-8.2.patch
replaces xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch
- Drop the following patches contained in the new tarball
5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch
5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch
5b3cab8e-2-VMX-improve-MSR-load-save-API.patch
5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch
5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch
5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch
5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch
5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch
5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch
5b3f8fa5-port-array_index_nospec-from-Linux.patch
5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch
5b4488e7-x86-spec-ctrl-cmdline-handling.patch
5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch
5b4c9a60-allow-cpu_down-to-be-called-earlier.patch
5b4db308-SVM-fix-cleanup-svm_inject_event.patch
5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch
5b5040f2-x86-AMD-distinguish-CU-from-HT.patch
5b505fe5-VMX-fix-find-msr-build.patch
5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch
5b508775-2-x86-possibly-bring-up-all-CPUs.patch
5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch
5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch
5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch
5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch
5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch
5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch
5b62ca93-VMX-avoid-hitting-BUG_ON.patch
5b6d84ac-x86-fix-improve-vlapic-read-write.patch
5b6d8ce2-x86-XPTI-parsing.patch
5b72fbbe-ARM-disable-grant-table-v2.patch
5b72fbbe-oxenstored-eval-order.patch
5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch
5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch
5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch
5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch
5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch
5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch
5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch
5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch
5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch
5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch
5b72fbbf-xl.conf-Add-global-affinity-masks.patch
5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch
5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch
5b75afef-x86-setup-avoid-OoB-E820-lookup.patch
5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch
5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch
5b8d5832-x86-assorted-array_index_nospec-insertions.patch
5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch
5bacae4b-x86-boot-allocate-extra-module-slot.patch
5bae44ce-x86-silence-false-log-messages.patch
5bb60c12-x86-split-opt_xpti.patch
5bb60c4f-x86-split-opt_pv_l1tf.patch
5bb60c74-x86-fix-xpti-and-pv-l1tf.patch
5bcf0722-x86-boot-enable-NMIs.patch
5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch
5bd076e9-x86-boot-init-debug-regs-correctly.patch
5bd076e9-x86-init-vcpu-debug-regs-correctly.patch
5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch
5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch
5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch
5be2a308-x86-extend-get_platform_badpages.patch
5be2a354-x86-work-around-HLE-host-lockup-erratum.patch
xsa275-1.patch
xsa275-2.patch
xsa276-1.patch
xsa276-2.patch
xsa277.patch
xsa279.patch
xsa280-1.patch
xsa280-2.patch�- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken:
Missing /bin/domu-xenstore. This was broken because "make
package build reproducible" change. (boo#1047218, boo#1062303)
This fix reverses the change to this patch.
tmp_build.patch�- bsc#1115040 - VUL-0: CVE-2018-19961 CVE-2018-19962: xen:
insufficient TLB flushing / improper large page mappings with AMD
IOMMUs (XSA-275)
xsa275-1.patch
xsa275-2.patch
- bsc#1115043 - VUL-0: CVE-2018-19963: xen: resource accounting
issues in x86 IOREQ server handling (XSA-276)
xsa276-1.patch
xsa276-2.patch
- bsc#1115044 - VUL-0: CVE-2018-19964: xen: x86: incorrect error
handling for guest p2m page removals (XSA-277)
xsa277.patch
- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even
when disabled (XSA-278)
5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch
- bsc#1115045 - VUL-0: xen: CVE-2018-19965: x86: DoS from attempting
to use INVPCID with a non-canonical addresses (XSA-279)
xsa279.patch
- bsc#1115047 - VUL-0: CVE-2018-19966: xen: Fix for XSA-240
conflicts with shadow paging (XSA-280)
xsa280-1.patch
xsa280-2.patch
- bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE
constructs may lock up host (XSA-282)
5be2a308-x86-extend-get_platform_badpages.patch
5be2a354-x86-work-around-HLE-host-lockup-erratum.patch
- bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV
5bdc31d5-VMX-fix-vmx_handle_eoi.patch
- Upstream bug fixes (bsc#1027519)
5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch
5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch
5bacae4b-x86-boot-allocate-extra-module-slot.patch
5bae44ce-x86-silence-false-log-messages.patch
5bb60c12-x86-split-opt_xpti.patch
5bb60c4f-x86-split-opt_pv_l1tf.patch
5bb60c74-x86-fix-xpti-and-pv-l1tf.patch
5bcf0722-x86-boot-enable-NMIs.patch
5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch
5bd076e9-x86-boot-init-debug-regs-correctly.patch
5bd076e9-x86-init-vcpu-debug-regs-correctly.patch
5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch�- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even
when disabled (XSA-278)
5bd0e0cf-vvmx-Disallow-the-use-of-VT-x-instructions-when-nested-virt-is-disabled.patch�- Use SMBIOS_REL_DATE instead of SMBIOS_DATE for reproducible binaries�- make package build reproducible (boo#1047218, boo#1062303)
* Set SMBIOS_REL_DATE
* Update tmp_build.patch to use SHA instead of random build-id
* Add reproducible.patch to use --no-insert-timestamp�- Building with ncurses 6.1 will fail without
xen.2b50cdbc444c637575580dcfa6c9525a84d5cc62.patch
- Building libxl acpi support on aarch64 with gcc 8.2 will fail without
xen.b8f33431f3dd23fb43a879f4bdb4283fdc9465ad.patch�- bsc#1106263 - L3: The affinity reporting via 'xl vcpu-list' is
apparently broken
5b8fae26-tools-libxl-correct-vcpu-affinity-output-with-sparse-physical-cpu-map.patch
5b8fae26-xen-fill-topology-info-for-all-present-cpus.patch
5b8fb5af-tools-xl-refuse-to-set-number-of-vcpus-to-0-via-xl-vcpu-set.patch�- bsc#1094508 - L3: Kernel oops in fs/dcache.c called by
d_materialise_unique()
5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch
5b9784d2-x86-HVM-add-known_gla-helper.patch
5b9784f2-x86-HVM-split-page-straddling-accesses.patch
- bsc#1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen:
oxenstored does not apply quota-maxentity (XSA-272)
5b72fbbe-oxenstored-eval-order.patch
- bsc#1103275 - (CVE-2018-15469) VUL-0: CVE-2018-15469: xen: Use of
v2 grant tables may cause crash on ARM (XSA-268)
5b72fbbe-ARM-disable-grant-table-v2.patch
- Upstream patches from Jan (bsc#1027519)
5b6d84ac-x86-fix-improve-vlapic-read-write.patch
5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch
5b75afef-x86-setup-avoid-OoB-E820-lookup.patch
5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch
5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch
5b8d5832-x86-assorted-array_index_nospec-insertions.patch
- Drop 5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch�- bsc#1078292 - rpmbuild -ba SPECS/xen.spec with xen-4.9.1 failed
xen.spec�- bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM
(XSA-273)
5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch
5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch
5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch
5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch
5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch
5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch
5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch
5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch
- bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect
MSR_DEBUGCTL handling lets guests enable BTS (XSA-269)
5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch
- Upstream prereq patches for XSA-273 and other upstream fixes
(bsc#1027519)
5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch
5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch
5b3cab8e-2-VMX-improve-MSR-load-save-API.patch
5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch
5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch
5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch
5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch
5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch
5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch
5b4321f6-x86-correctly-set-nonlazy_xstate_used-when-loading-full-state.patch
5b505fe5-VMX-fix-find-msr-build.patch
5b56feb1-hvm-Disallow-unknown-MSR_EFER-bits.patch
5b56feb2-spec-ctrl-Fix-the-parsing-of-xpti--on-fixed-Intel-hardware.patch
5b62ca93-VMX-avoid-hitting-BUG_ON.patch
5b6d8ce2-x86-XPTI-parsing.patch
5b72fbbf-x86-Make-spec-ctrl-no-a-global-disable-of-all-mitigations.patch
5b72fbbf-xl.conf-Add-global-affinity-masks.patch
5b741962-x86-write-to-correct-variable-in-parse_pv_l1tf.patch�- Upstream patches from Jan (bsc#1027519)
5b3f8fa5-port-array_index_nospec-from-Linux.patch
5b4488e7-x86-spec-ctrl-cmdline-handling.patch
5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch
5b4c9a60-allow-cpu_down-to-be-called-earlier.patch
5b4db308-SVM-fix-cleanup-svm_inject_event.patch
5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch
5b5040f2-x86-AMD-distinguish-CU-from-HT.patch
5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch
5b508775-2-x86-possibly-bring-up-all-CPUs.patch
5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch
5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch
5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch
5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch
gcc8-fix-format-warning-on-i586.patch
gcc8-fix-array-warning-on-i586.patch
- Drop xen.fuzz-_FORTIFY_SOURCE.patch
gcc8-fix-warning-on-i586.patch�- Update to Xen 4.11.0 FCS (fate#325202, fate#325123)
xen-4.11.0-testing-src.tar.bz2
disable-building-pv-shim.patch
- Dropped patches
5a33a12f-domctl-improve-locking-during-domain-destruction.patch
5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch
5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch
5a9985bd-x86-invpcid-support.patch
5ac72a48-gcc8.patch
5ac72a5f-gcc8.patch
5ac72a64-gcc8.patch
5ac72a69-gcc8.patch
5ac72a6e-gcc8.patch
5ac72a74-gcc8.patch
5ac72a7b-gcc8.patch
5ad4923e-x86-correct-S3-resume-ordering.patch
5ad49293-x86-suppress-BTI-mitigations-around-S3.patch
5ad600d4-x86-pv-introduce-x86emul_read_dr.patch
5ad600d4-x86-pv-introduce-x86emul_write_dr.patch
5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch
5adda097-x86-HPET-fix-race-triggering-ASSERT.patch
5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch
5adde9ed-xpti-fix-double-fault-handling.patch
5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch
5ae31917-x86-cpuidle-init-stats-lock-once.patch
5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch
5aeaeaf0-sched-fix-races-in-vcpu-migration.patch
5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch
5aec7393-1-x86-xpti-avoid-copy.patch
5aec7393-2-x86-xpti-write-cr3.patch
5aec744a-3-x86-xpti-per-domain-flag.patch
5aec744a-4-x86-xpti-use-invpcid.patch
5aec744a-5-x86-xpti-no-global-pages.patch
5aec744a-6-x86-xpti-cr3-valid-flag.patch
5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch
5aec744b-8-x86-xpti-cr3-helpers.patch
5aec74a8-9-x86-xpti-use-pcid.patch
5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch
5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch
5af1daa9-3-x86-traps-use-IST-for-DB.patch
5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch
5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch
5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch
5af97999-viridian-cpuid-leaf-40000003.patch
5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch
5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch
5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch
5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch
5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch
5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch
5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch
5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch
5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch
5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch
5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch
5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch
5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch
5b0bc9da-x86-XPTI-fix-S3-resume.patch
5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch
5b0d2d91-x86-suppress-sync-when-XPTI-off.patch
5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch
5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch
5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch
5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch
5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch
5b238b92-x86-HVM-account-for-fully-eager-FPU.patch
5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch
5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b34882d-x86-mm-dont-bypass-preemption-checks.patch
5b348874-x86-refine-checks-in-DB-handler.patch
5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch
5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch
5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch
5b348954-x86-guard-against-NM.patch
libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch
libxl.LIBXL_DESTROY_TIMEOUT.patch
libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch
xen_fix_build_with_acpica_20180427_and_new_packages.patch�- Submit upstream patch libacpi: fixes for iasl >= 20180427
git commit 858dbaaeda33b05c1ac80aea0ba9a03924e09005
xen_fix_build_with_acpica_20180427_and_new_packages.patch
This is needed for acpica package to get updated in our build service�- Upstream patches from Jan (bsc#1027519)
5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch)
5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch)
5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch)
5b0bc9da-x86-XPTI-fix-S3-resume.patch
5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch
5b0d2d91-x86-suppress-sync-when-XPTI-off.patch
5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch
5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch
5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch
5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces xsa267-1.patch)
5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces xsa267-2.patch)
5b238b92-x86-HVM-account-for-fully-eager-FPU.patch
5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch
5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch)
5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch)
5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces xsa266-1-<>.patch)
5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces xsa266-2-<>.patch)
5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch
5b348954-x86-guard-against-NM.patch�- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch�- bsc#1098403 - fix regression introduced by changes for bsc#1079730
a PV domU without qcow2 and/or vfb has no qemu attached.
Ignore QMP errors for PV domUs to handle PV domUs with and without
an attached qemu-xen.
xen.bug1079730.patch�- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks
bypassed in x86 PV MM handling (XSA-264)
xsa264.patch
- bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception
safety check can be triggered by a guest (XSA-265)
xsa265.patch
- bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour
readonly flag on HVM emulated SCSI disks (XSA-266)
xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch
xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch�- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore
(XSA-267)
xsa267-1.patch
xsa267-2.patch�- bsc#1092543 - GCC 8: xen build fails
gcc8-fix-warning-on-i586.patch�- bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 – Speculative Store
Bypass aka "Memory Disambiguation" (XSA-263)
5ad4923e-x86-correct-S3-resume-ordering.patch
5ad49293-x86-suppress-BTI-mitigations-around-S3.patch
5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch
5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch
5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch
5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch
5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch
5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch
5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch
5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch
5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch
5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch
Spectre-v4-1.patch
Spectre-v4-2.patch
Spectre-v4-3.patch�- Always call qemus xen-save-devices-state in suspend/resume to
fix migration with qcow2 images (bsc#1079730)
libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch
libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch
xen.bug1079730.patch�- bsc#1087289 - L3: Xen BUG at sched_credit.c:1663
5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch
5aeaeaf0-sched-fix-races-in-vcpu-migration.patch
- Upstream patches from Jan (bsc#1027519)
5ad600d4-x86-pv-introduce-x86emul_read_dr.patch
5ad600d4-x86-pv-introduce-x86emul_write_dr.patch
5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch
5adda097-x86-HPET-fix-race-triggering-ASSERT.patch
5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch
5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch
5ae31917-x86-cpuidle-init-stats-lock-once.patch
5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch
5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch)
5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch)
5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch)
5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch)
5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch)
5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch)
5af97999-viridian-cpuid-leaf-40000003.patch�- Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254
5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch
5a9985bd-x86-invpcid-support.patch
5adde9ed-xpti-fix-double-fault-handling.patch
5aec7393-1-x86-xpti-avoid-copy.patch
5aec7393-2-x86-xpti-write-cr3.patch
5aec744a-3-x86-xpti-per-domain-flag.patch
5aec744a-4-x86-xpti-use-invpcid.patch
5aec744a-5-x86-xpti-no-global-pages.patch
5aec744a-6-x86-xpti-cr3-valid-flag.patch
5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch
5aec744b-8-x86-xpti-cr3-helpers.patch
5aec74a8-9-x86-xpti-use-pcid.patch�- bsc#1092543 - GCC 8: xen build fails
5ac72a48-gcc8.patch
5ac72a5f-gcc8.patch
5ac72a64-gcc8.patch
5ac72a69-gcc8.patch
5ac72a6e-gcc8.patch
5ac72a74-gcc8.patch
5ac72a7b-gcc8.patch
gcc8-inlining-failed.patch�- Update to Xen 4.10.1 bug fix release (bsc#1027519)
xen-4.10.1-testing-src.tar.bz2
disable-building-pv-shim.patch
- Drop the following patches contained in the new tarball
5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch
5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch
5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch
5a313972-x86-microcode-add-support-for-AMD-Fam17.patch
5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch
5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch
5a4caa8c-x86-E820-don-t-overrun-array.patch
5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch
5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch
5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch
5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch
5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch
5a4fd893-4-x86-introduce-cpuid_policy_updated.patch
5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch
5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch
5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch
5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch
5a4fd894-4-clarifications-to-wait-infrastructure.patch
5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch
5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch
5a5e2cff-x86-Meltdown-band-aid.patch
5a5e2d73-x86-Meltdown-band-aid-conditional.patch
5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch
5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch
5a5e3a4e-3-x86-report-speculative-mitigation-details.patch
5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch
5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch
5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch
5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch
5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch
5a5e459c-2-x86-report-domain-id-on-CPUID.patch
5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch
5a69c0b9-x86-fix-GET_STACK_END.patch
5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch
5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch
5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch
5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch
5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch
5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch
5a6b36cd-9-x86-issue-speculation-barrier.patch
5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch
5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch
5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch
5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch
5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch
5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch
5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch
5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch
5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch
5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch
5a955800-gnttab-dont-free-status-pages-on-ver-change.patch
5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch
5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch
5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch
5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch
5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch
5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch
5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch
xsa258.patch
xsa259.patch�- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of
debug exceptions (XSA-260)
xsa260-1.patch
xsa260-2.patch
xsa260-3.patch
xsa260-4.patch
- bsc#1090822 - VUL-0: CVE-2018-10982: xen: x86 vHPET interrupt
injection errors (XSA-261)
xsa261.patch
- bsc#1090823 - VUL-0: CVE-2018-10981: xen: qemu may drive Xen into
unbounded loop (XSA-262)
xsa262.patch�- bsc#1089152 - VUL-0: CVE-2018-10472: xen: Information leak via
crafted user-supplied CDROM (XSA-258)
xsa258.patch
- bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash
Xen with XPTI (XSA-259)
xsa259.patch�- Preserve xen-syms from xen-dbg.gz to allow processing vmcores
with crash(1) (bsc#1087251)�- Upstream patches from Jan (bsc#1027519) and fixes related to
Page Table Isolation (XPTI). See also bsc#1074562 XSA-254
5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch
5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch
5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch
5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch
5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch
5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch�- bsc#1072834 - Xen HVM: unchecked MSR access error: RDMSR from
0xc90 at rIP: 0xffffffff93061456 (native_read_msr+0x6/0x30)
5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch
- Upstream patches from Jan (bsc#1027519)
5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch
5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch
5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch
5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch
5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch
5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch
5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch (Replaces xsa252.patch)
5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch (Replaces xsa255-1.patch)
5a955800-gnttab-dont-free-status-pages-on-ver-change.patch (Replaces xsa255-2.patch)
5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch (Replaces xsa256.patch)
- Drop
xsa252.patch
xsa255-1.patch
xsa255-2.patch
xsa256.patch�- bsc#1080635 - VUL-0: CVE-2018-7540: xen: DoS via non-preemptable
L3/L4 pagetable freeing (XSA-252)
xsa252.patch
- bsc#1080662 - VUL-0: CVE-2018-7541: xen: grant table v2 -> v1
transition may crash Xen (XSA-255)
xsa255-1.patch
xsa255-2.patch
- bsc#1080634 - VUL-0: CVE-2018-7542: xen: x86 PVH guest without
LAPIC may DoS the host (XSA-256)
xsa256.patch�- Remove stale systemd presets code for 13.2 and older�- fate#324965 - add script, udev rule and systemd service to watch
for vcpu online/offline events in a HVM domU
They are triggered via xl vcpu-set domU N�- Replace hardcoded xen with Name tag when refering to subpkgs�- Make sure tools and tools-domU require libs from the very same build�- tools-domU: Add support for qemu guest agent. New files
80-xen-channel-setup.rules and xen-channel-setup.sh configure a
xen-pv-channel for use by the guest agent
FATE#324963�- Remove outdated /etc/xen/README*�- bsc#1073961 - VUL-0: CVE-2018-5244: xen: x86: memory leak with
MSR emulation (XSA-253)
5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch
- bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754
xen: Information leak via side effects of speculative execution
(XSA-254). Includes Spectre v2 mitigation.
5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch
5a4caa8c-x86-E820-don-t-overrun-array.patch
5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch
5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch
5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch
5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch
5a4fd893-4-x86-introduce-cpuid_policy_updated.patch
5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch
5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch
5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch
5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch
5a4fd894-4-clarifications-to-wait-infrastructure.patch
5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch
5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch
5a5e2cff-x86-Meltdown-band-aid.patch
5a5e2d73-x86-Meltdown-band-aid-conditional.patch
5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch
5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch
5a5e3a4e-3-x86-report-speculative-mitigation-details.patch
5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch
5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch
5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch
5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch
5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch
5a5e459c-2-x86-report-domain-id-on-CPUID.patch
5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch
5a69c0b9-x86-fix-GET_STACK_END.patch
5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch
5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch
5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch
5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch
5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch
5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch
5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch
5a6b36cd-9-x86-issue-speculation-barrier.patch
5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch
5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch�- Fix python3 deprecated atoi call (bsc#1067224)
pygrub-python3-conversion.patch
- Drop xenmon-python3-conversion.patch�- bsc#1067317 - pass cache=writeback|unsafe|directsync to qemu,
depending on the libxl disk settings
libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch�- Remove libxl.LIBXL_DESTROY_TIMEOUT.debug.patch�- bsc#1067224 - xen-tools have hard dependency on Python 2
build-python3-conversion.patch
bin-python3-conversion.patch�- bsc#1070165 - xen crashes after aborted localhost migration
5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch
- bsc#1035442 - L3: libxl: error: libxl.c:1676:devices_destroy_cb:
libxl__devices_destroy failed
5a33a12f-domctl-improve-locking-during-domain-destruction.patch
- Upstream patches from Jan (bsc#1027519)
5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch
5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch
5a313972-x86-microcode-add-support-for-AMD-Fam17.patch
5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch�- Update to Xen 4.10.0 FCS (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2�- Rebuild initrd if xen-tools-domU is updated�- Update to Xen 4.10.0-rc8 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2�- Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds
If many domUs shutdown in parallel the backends can not keep up
Add some debug output to track how long backend shutdown takes (bsc#1035442)
libxl.LIBXL_DESTROY_TIMEOUT.patch
libxl.LIBXL_DESTROY_TIMEOUT.debug.patch�- Adjust xenstore-run-in-studomain.patch to change the defaults
in the code instead of changing the sysconfig template, to also
cover the upgrade case�- Update to Xen 4.10.0-rc6 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2�- Since xen switched to Kconfig, building a debug hypervisor
was done by default. Adjust make logic to build a non-debug
hypervisor by default, and continue to provide one as xen-dbg.gz�- fate#316614: set migration constraints from cmdline
fix libxl.set-migration-constraints-from-cmdline.patch for xen-4.10�- Document the suse-diskcache-disable-flush option in
xl-disk-configuration(5) (bsc#879425,bsc#1067317)�- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)�- Update to Xen 4.10.0-rc5 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
- fate#323663 - Run Xenstore in stubdomain
xenstore-run-in-studomain.patch�- bsc#1067224 - xen-tools have hard dependency on Python 2
pygrub-python3-conversion.patch
xenmon-python3-conversion.patch
migration-python3-conversion.patch
xnloader.py
xen2libvirt.py�- Remove xendriverdomain.service (bsc#1065185)
Driver domains must be configured manually with custom .service file�- Update to Xen 4.10.0-rc3 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
- Drop 59f31268-libxc-remove-stale-error-check-for-domain-size.patch�- Adjust xen-dom0-modules.service to ignore errors (bsc#1065187)�- fate#324052 Support migration of Xen HVM domains larger than 1TB
59f31268-libxc-remove-stale-error-check-for-domain-size.patch�- Update to Xen 4.10.0-rc2 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2�- Update to Xen 4.10.0-rc1 (fate#321394, fate#322686)
xen-4.10.0-testing-src.tar.bz2
- Drop patches included in new tarball
592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch
596f257e-x86-fix-hvmemul_insn_fetch.patch
5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch
598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch
598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch
5992f1e5-x86-grant-disallow-misaligned-PTEs.patch
5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch
5992f233-gnttab-correct-pin-status-fixup-for-copy.patch
59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch
59958ebf-gnttab-fix-transitive-grant-handling.patch
59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch
599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch
59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch
59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch
59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch
59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch
59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch
59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch
59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch
59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch
59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch
59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch
59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch
59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch
gcc7-arm.patch
gcc7-mini-os.patch�- bsc#1061084 - VUL-0: xen: page type reference leak on x86
(XSA-242)
xsa242.patch
- bsc#1061086 - VUL-0: xen: x86: Incorrect handling of self-linear
shadow mappings with translated guests (XSA-243)
xsa243.patch
- bsc#1061087 - VUL-0: xen: x86: Incorrect handling of IST settings
during CPU hotplug (XSA-244)
xsa244.patch�- bsc#1061077 - VUL-0: xen: DMOP map/unmap missing argument checks
(XSA-238)
xsa238.patch
- bsc#1061080 - VUL-0: xen: hypervisor stack leak in x86 I/O
intercept code (XSA-239)
xsa239.patch
- bsc#1061081 - VUL-0: xen: Unlimited recursion in linear pagetable
de-typing (XSA-240)
xsa240-1.patch
xsa240-2.patch
- bsc#1061082 - VUL-0: xen: Stale TLB entry due to page type
release race (XSA-241)
xsa241.patch�- bsc#1061075 - VUL-0: xen: pin count / page reference race in
grant table code (XSA-236)
xsa236.patch
- bsc#1061076 - VUL-0: xen: multiple MSI mapping issues on x86
(XSA-237)
xsa237-1.patch
xsa237-2.patch
xsa237-3.patch
xsa237-4.patch
xsa237-5.patch�- bsc#1056278 - VUL-0: xen: Missing NUMA node parameter
verification (XSA-231)
59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch
- bsc#1056280 - VUL-0: xen: Missing check for grant table (XSA-232)
59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch
- bsc#1056281 - VUL-0: xen: cxenstored: Race in domain cleanup
(XSA-233)
59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch
- bsc#1056282 - VUL-0: xen: insufficient grant unmapping checks for
x86 PV guests (XSA-234)
59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch
- bsc#1055321 - VUL-0: xen: add-to-physmap error paths fail to
release lock on ARM (XSA-235)
599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch
- Upstream patches from Jan (bsc#1027519)
59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch
59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch
59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch
59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch
59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch
59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch
59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch
59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch
- Dropped gcc7-xen.patch�- bsc#1057358 - Cannot Boot into SLES12.3 with Xen hypervisor when
Secure Boot is Enabled
xen.spec�- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored
update from v6 to v9 to cover more cases for ballooned domUs
libxc.sr.superpage.patch�- bsc#1026236 - remove suse_vtsc_tolerance= cmdline option for Xen
drop the patch because it is not upstream acceptable
remove xen.suse_vtsc_tolerance.patch�- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored
after the save using xl stack
libxc.sr.superpage.patch�- Unignore gcc-PIE
the toolstack disables PIE for firmware builds as needed�- Upstream patches from Jan (bsc#1027519)
592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch
596f257e-x86-fix-hvmemul_insn_fetch.patch
5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch
598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch
598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch
5992f1e5-x86-grant-disallow-misaligned-PTEs.patch (Replaces xsa227.patch)
5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch (Replaces xsa228.patch)
5992f233-gnttab-correct-pin-status-fixup-for-copy.patch (Replaces xsa230.patch)
59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch (Replaces xsa226-1.patch)
59958ebf-gnttab-fix-transitive-grant-handling.patch (Replaces xsa226-2.patch)
59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch�- bsc#1044974 - xen-tools require python-pam
xen.spec�- Clean up spec file errors and a few warnings. (bsc#1027519)
- Removed conditional 'with_systemd' and some old deprecated
'sles_version' checks.
xen.spec�- Remove use of brctl utiltiy from supportconfig plugin
FATE#323639�- Use upstream variant of mini-os __udivmoddi4 change
gcc7-mini-os.patch�- fate#323639 Move bridge-utils to legacy
replace-obsolete-network-configuration-commands-in-s.patch�- bsc#1052686 - VUL-0: xen: grant_table: possibly premature
clearing of GTF_writing / GTF_reading (XSA-230)
xsa230.patch�- bsc#1035231 - migration of HVM domU does not use superpages
on destination dom0
libxc.sr.superpage.patch�- bsc#1051787 - VUL-0: CVE-2017-12135: xen: possibly unbounded
recursion in grant table code (XSA-226)
xsa226-1.patch
xsa226-2.patch
- bsc#1051788 - VUL-0: CVE-2017-12137: xen: x86: PV privilege
escalation via map_grant_ref (XSA-227)
xsa227.patch
- bsc#1051789 - VUL-0: CVE-2017-12136: xen: grant_table: Race
conditions with maptrack free list handling (XSA-228)
xsa228.patch�- Add a supportconfig plugin
xen-supportconfig
FATE#323661�- bsc#1026236 - add suse_vtsc_tolerance= cmdline option for Xen
To avoid emulation of TSC access from a domU after live migration
add a global tolerance for the measured host kHz
xen.suse_vtsc_tolerance.patch�- fate#323662 Drop qemu-dm from xen-tools package
The following tarball and patches have been removed
qemu-xen-traditional-dir-remote.tar.bz2
VNC-Support-for-ExtendedKeyEvent-client-message.patch
0001-net-move-the-tap-buffer-into-TAPState.patch
0002-net-increase-tap-buffer-size.patch
0003-e1000-fix-access-4-bytes-beyond-buffer-end.patch
0004-e1000-secrc-support.patch
0005-e1000-multi-buffer-packet-support.patch
0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch
0007-e1000-verify-we-have-buffers-upfront.patch
0008-e1000-check-buffer-availability.patch
CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch
CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch
CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch
CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch
CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch
CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch
CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch
CVE-2015-4037-qemut-smb-config-dir-name.patch
CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch
CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch
CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch
CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch
CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch
CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch
CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch
CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch
CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch
CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch
CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch
CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch
CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch
CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch
CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch
CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch
CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch
CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch
blktap.patch
cdrom-removable.patch
xen-qemu-iscsi-fix.patch
qemu-security-etch1.patch
xen-disable-qemu-monitor.patch
xen-hvm-default-bridge.patch
qemu-ifup-set-mtu.patch
ioemu-vnc-resize.patch
capslock_enable.patch
altgr_2.patch
log-guest-console.patch
bdrv_open2_fix_flags.patch
bdrv_open2_flags_2.patch
ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch
qemu-dm-segfault.patch
bdrv_default_rwflag.patch
kernel-boot-hvm.patch
ioemu-watchdog-support.patch
ioemu-watchdog-linkage.patch
ioemu-watchdog-ib700-timer.patch
ioemu-hvm-pv-support.patch
pvdrv_emulation_control.patch
ioemu-disable-scsi.patch
ioemu-disable-emulated-ide-if-pv.patch
xenpaging.qemu.flush-cache.patch
ioemu-devicemodel-include.patch
- Cleanup spec file and remove unused KMP patches
kmp_filelist
supported_module.patch
xen_pvonhvm.xen_emul_unplug.patch�- bsc#1002573 - Optimize LVM functions in block-dmmd
block-dmmd�- Record initial Xen dmesg in /var/log/xen/xen-boot.log for
supportconfig. Keep previous log in /var/log/xen/xen-boot.prev.log�- Remove storytelling from description in xen.rpm�- Update to Xen 4.9.0 FCS (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- Update block-dmmd script (bsc#1002573)
block-dmmd�- Update to Xen 4.9.0-rc8+ (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
gcc7-arm.patch
- Drop gcc7-error-xenpmd.patch�- Update to Xen 4.9.0-rc8 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop
due to incorrect return value
CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch�- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory
leakage via capture buffer
CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch�- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- bsc#1031343 - xen fails to build with GCC 7
gcc7-mini-os.patch
gcc7-xen.patch�- bsc#1031343 - xen fails to build with GCC 7
gcc7-error-xenpmd.patch�- Update to Xen 4.9.0-rc5 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
- Drop xen-tools-pkgconfig-xenlight.patch�- bsc#1037779 - xen breaks kexec-tools build
xen-tools-pkgconfig-xenlight.patch�- Update to Xen 4.9.0-rc4 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- bsc#1036146 - sles12sp2 xen VM dumps core to wrong path
xen.spec�- Update to Xen 4.9.0-rc3 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
aarch64-maybe-uninitialized.patch�- Update to Xen 4.9.0-rc2 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2�- Update to Xen 4.9.0-rc1 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
ioemu-devicemodel-include.patch
- Dropped patches contained in new tarball
xen-4.8.0-testing-src.tar.bz2
0001-xenstore-let-write_node-and-some-callers-return-errn.patch
0002-xenstore-undo-function-rename.patch
0003-xenstore-rework-of-transaction-handling.patch
584806ce-x86emul-correct-PUSHF-POPF.patch
584fc649-fix-determining-when-domain-creation-is-complete.patch
58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch
58510cac-x86emul-MOVNTI-no-REP-prefixes.patch
58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch
5853ed37-VT-d-correct-dma_msi_set_affinity.patch
5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch
58580060-x86-emul-correct-SYSCALL-eflags-handling.patch
585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch
585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch
585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch
586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch
587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch
587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch
5882129d-x86emul-LOCK-check-adjustments.patch
58821300-x86-segment-attribute-handling.patch
58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch
58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch
5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch
5887888f-credit2-never-consider-CPUs-outside-of-pool.patch
5887888f-credit2-use-the-correct-scratch-cpumask.patch
5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch
5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch
589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch
58a44771-IOMMU-always-call-teardown-callback.patch
58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch
58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch
58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch
58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch
58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch
58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch
58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch
58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch
58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch
58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch
58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch
58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch
58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch
CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch
CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch
glibc-2.25-compatibility-fix.patch
xs-09-add_change_node-params.patch
xs-10-call-add_change_node.patch
xs-11-tdb-record-header.patch
xs-12-node-gen-count.patch
xs-13-read-directory-part-support.patch
xs-14-command-array.patch
xs-15-command-return-val.patch
xs-16-function-static.patch
xs-17-arg-parsing.patch
xs-18-default-buffer.patch
xs-19-handle-alloc-failures.patch
xs-20-tdb-version.patch
xs-21-empty-tdb-database.patch
xs-22-reopen_log-fix.patch
xs-23-XS_DEBUG-rename.patch
xs-24-xenstored_control.patch
xs-25-control-enhance.patch
xs-26-log-control.patch
xs-27-memory-report.patch
xs-28-remove-talloc-report.patch
xs-29-define-off_t.patch
xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch
xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch�- bsc#1022703 - Xen HVM guest with OVMF hangs with unattached CDRom
58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch�- bsc#1015348 - L3: libvirtd does not start during boot
suse-xendomains-service.patch�- bsc#1014136 - Partner-L3: kdump can't dump a kernel on SLES12-SP2
with Xen hypervisor.
58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch
- bsc#1026236 - L3: Paravirtualized vs. fully virtualized migration
- latter one much faster
58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch
- Upstream patch from Jan
58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch
58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch
58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch�- bsc#1022555 - L3: Timeout in "execution of /etc/xen/scripts/block
add"
58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch
0001-xenstore-let-write_node-and-some-callers-return-errn.patch
0002-xenstore-undo-function-rename.patch
0003-xenstore-rework-of-transaction-handling.patch
- bsc#1030144 - VUL-0: xen: xenstore denial of service via repeated
update (XSA-206)
xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch
xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch
- bsc#1029827 - Forward port xenstored
xs-09-add_change_node-params.patch
xs-10-call-add_change_node.patch
xs-11-tdb-record-header.patch
xs-12-node-gen-count.patch
xs-13-read-directory-part-support.patch
xs-14-command-array.patch
xs-15-command-return-val.patch
xs-16-function-static.patch
xs-17-arg-parsing.patch
xs-18-default-buffer.patch
xs-19-handle-alloc-failures.patch
xs-20-tdb-version.patch
xs-21-empty-tdb-database.patch
xs-22-reopen_log-fix.patch
xs-23-XS_DEBUG-rename.patch
xs-24-xenstored_control.patch
xs-25-control-enhance.patch
xs-26-log-control.patch
xs-27-memory-report.patch
xs-28-remove-talloc-report.patch
xs-29-define-off_t.patch�- bsc#1029128 - fix make xen to really produce xen.efi with gcc48�- bsc#1028235 - VUL-0: CVE-2017-6505: xen: qemu: usb: an infinite
loop issue in ohci_service_ed_list
CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch
- Upstream patches from Jan (bsc#1027519)
5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch
5887888f-credit2-use-the-correct-scratch-cpumask.patch
5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch
589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch
58a44771-IOMMU-always-call-teardown-callback.patch
58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch
58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch
58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch
58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch
58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch
58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch�- bsc#1027654 - XEN fails to build against glibc 2.25
glibc-2.25-compatibility-fix.patch
libxl.pvscsi.patch�- fate#316613: Refresh and enable libxl.pvscsi.patch�- bsc#1024834 - VUL-0: CVE-2017-2620: xen: cirrus_bitblt_cputovideo
does not check if memory region is safe (XSA-209)
CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch�- bsc#1023948 - [pvusb][sles12sp3][openqa] Segmentation fault
happened when adding usbctrl devices via xl
589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch�- Upstream patches from Jan (bsc#1027519)
587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch
587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch
5882129d-x86emul-LOCK-check-adjustments.patch
58821300-x86-segment-attribute-handling.patch
58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch
58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch
5887888f-credit2-use-the-correct-scratch-cpumask.patch
5887888f-credit2-never-consider-CPUs-outside-of-pool.patch
5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch
5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch�- bsc#1023004 - VUL-0: CVE-2017-2615: qemu: display: cirrus: oob
access while doing bitblt copy backward mode
CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch�- fate#322313 and fate#322150 require the acpica package ported to
aarch64 which Xen 4.8 needs to build. Temporarily disable aarch64
until these fates are complete.
xen.spec�- bsc#1021952 - Virutalization/xen: Bug xen-tools missing
/usr/bin/domu-xenstore; guests fail to launch
tmp_build.patch
xen.spec�- No systemd presets for 42.3+ and SLE12SP3+ (bsc#1012842)�- bsc#1007224 - broken symlinks in /usr/share/doc/packages/xen/misc/
xen.spec�- 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch
Replaces xsa202.patch (bsc#1014298)
- 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch
Replaces xsa203.patch (bsc#1014300)
- 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch
Replaces xsa204.patch (bsc#1016340)
- Upstream patches from Jan
58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch
5853ed37-VT-d-correct-dma_msi_set_affinity.patch
5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch
585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch
586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch�- bsc#1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu:
display: cirrus_vga: a divide by zero in cirrus_do_copy
CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch�- bsc#1016340 - VUL-0: CVE-2016-10013: xen: x86: Mishandling of
SYSCALL singlestep during emulation (XSA-204)
xsa204.patch�- bsc#1012651 - VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation
fails to ignore operand size override (XSA-200)
58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch�- bsc#1014298 - VUL-0: CVE-2016-10024: xen: x86 PV guests may be
able to mask interrupts (XSA-202)
xsa202.patch
- bsc#1014300 - VUL-0: CVE-2016-10025: xen: x86: missing NULL
pointer check in VMFUNC emulation (XSA-203)
xsa203.patch
- Upstream patches from Jan
584806ce-x86emul-correct-PUSHF-POPF.patch
584fc649-fix-determining-when-domain-creation-is-complete.patch
58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch
58510cac-x86emul-MOVNTI-no-REP-prefixes.patch�- Update to Xen 4.8 FCS
xen-4.8.0-testing-src.tar.bz2
- Dropped
xen-4.7.1-testing-src.tar.bz2
0001-libxc-Rework-extra-module-initialisation.patch
0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch
0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch
0004-firmware-makefile-install-BIOS-blob.patch
0005-libxl-Load-guest-BIOS-from-file.patch
0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch
0007-hvmloader-Grab-the-hvm_start_info-pointer.patch
0008-hvmloader-Locate-the-BIOS-blob.patch
0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch
0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch
0011-hvmloader-Load-OVMF-from-modules.patch
0012-hvmloader-Specific-bios_load-function-required.patch
0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch
0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch
57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch
576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch
5769106e-x86-generate-assembler-equates-for-synthesized.patch
57a1e603-x86-time-adjust-local-system-time-initialization.patch
57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch
57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch
57a30261-x86-support-newer-Intel-CPU-models.patch
5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch
581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch
581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch
58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch
582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch
582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch
58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch
58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch
58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch
58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch
58343ec2-x86emul-fix-huge-bit-offset-handling.patch
58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch
58343f44-x86-svm-fix-injection-of-software-interrupts.patch
58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch
CVE-2016-9381-xsa197-qemut.patch
CVE-2016-9637-xsa199-qemut.patch�- bsc#1011652 - VUL-0: xen: qemu ioport array overflow
CVE-2016-9637-xsa199-qemut.patch�- bsc#1009100 - VUL-0: CVE-2016-9386: XSA-191: xen: x86 null
segments not always treated as unusable
58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch
- bsc#1009103 - VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch
to VM86 mode mis-handled
58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch
- bsc#1009104 - VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base
write emulation lacking canonical address checks
58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch
- bsc#1009105 - VUL-0: CVE-2016-9384: XSA-194: xen: guest 32-bit
ELF symbol table load leaking host data
58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch
- bsc#1009107 - VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit
test instruction emulation broken
58343ec2-x86emul-fix-huge-bit-offset-handling.patch
- bsc#1009108 - VUL-0: CVE-2016-9377,CVE-2016-9378: XSA-196: xen:
x86 software interrupt injection mis-handled
58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch
58343f44-x86-svm-fix-injection-of-software-interrupts.patch
- bsc#1009109 - VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious
about shared ring processing
CVE-2016-9381-xsa197-qemut.patch
- bsc#1009111 - VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen:
delimiter injection vulnerabilities in pygrub
58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch
- Upstream patches from Jan
581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch
581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch
58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch
582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch
582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch�- Update to Xen Version 4.7.1
xen-4.7.1-testing-src.tar.bz2
- Dropped patches contained in new tarball
xen-4.7.0-testing-src.tar.bz2
575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch
57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch
57973099-have-schedulers-revise-initial-placement.patch
579730e6-remove-buggy-initial-placement-algorithm.patch
57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch
57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch
57ac6316-don-t-restrict-DMA-heap-to-node-0.patch
57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch
57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch
57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch
57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch
57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch
57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch
57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch
57c82be2-x86-32on64-adjust-call-gate-emulation.patch
57c93e52-fix-error-in-libxl_device_usbdev_list.patch
57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch
57c96e2c-x86-correct-PT_NOTE-file-position.patch
57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch
57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch
57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch
57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch
57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch
57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch
57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch
57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch
57da8883-credit1-fix-mask-to-be-used-for-tickling.patch
57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch
57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch
57e93e1d-x86emul-correct-loading-of-ss.patch
57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch
57e93e89-x86-AMD-apply-erratum-665-workaround.patch
57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch
57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch
57fb6a91-x86-defer-not-present-segment-checks.patch
5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch
5800caec-x86emul-fix-pushing-of-selector-registers.patch
5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch
580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch
57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch�- bsc#1004981 - Xen RPM doesn't contain debug hypervisor for EFI
systems
xen.spec�- bsc#1000106 - VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not
always honored for x86 HVM guests (XSA-190)
57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch
- bsc#996191 - [XEN][acpi]residency -n 88 -c will cause xen panic
on broadwell-ep
57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch
- Upstream patches from Jan
57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch
57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch
57da8883-credit1-fix-mask-to-be-used-for-tickling.patch
57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch
57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch
57e93e1d-x86emul-correct-loading-of-ss.patch
57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch
57e93e89-x86-AMD-apply-erratum-665-workaround.patch
57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch
57fb6a91-x86-defer-not-present-segment-checks.patch
5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch
5800caec-x86emul-fix-pushing-of-selector-registers.patch
5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch
580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch
5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch�- bsc#1007941 - Xen tools limit the number of vcpus to 256 when the
system has 384
xen-arch-kconfig-nr_cpus.patch�- bsc#1007157 - VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite
loop while transmit in C+ mode
CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch�- bsc#1005004 - CVE-2016-8667: xen: dma: rc4030 divide by zero
error in set_next_tick
CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch
- bsc#1005005 - VUL-0: CVE-2016-8669: xen: char: divide by zero
error in serial_update_parameters
CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch�- bsc#1003030 - VUL-0: CVE-2016-7908: xen: net: Infinite loop in
mcf_fec_do_tx
CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch
- bsc#1003032 - VUL-0: CVE-2016-7909: xen: net: pcnet: infinite
loop in pcnet_rdra_addr
CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch�- bsc#995785 - VUL-0: CVE-2016-7092: xen: x86: Disallow L3
recursive pagetable for 32-bit PV guests (XSA-185)
57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch
- bsc#995789 - VUL-0: CVE-2016-7093: xen: x86: Mishandling of
instruction pointer truncation during emulation (XSA-186)
57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch
57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch
- bsc#995792 - VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of
sh_ctxt->seg_reg[] (XSA-187)
57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch
57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch
- bsc#991934 - xen hypervisor crash in csched_acct
57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch
- Upstream patches from Jan
57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch
57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch
57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch
57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch
57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch
57c82be2-x86-32on64-adjust-call-gate-emulation.patch
57c96e2c-x86-correct-PT_NOTE-file-position.patch
57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch�- bsc#979002 - add 60-persistent-xvd.rules and helper script
also to initrd, add the relevant dracut helper�- bnc#953518 - unplug also SCSI disks in qemu-xen-traditional for
upstream unplug protocol�- bsc#989679 - [pvusb feature] USB device not found when
'virsh detach-device guest usb.xml'
57c93e52-fix-error-in-libxl_device_usbdev_list.patch�- bsc#992224 - [HPS Bug] During boot of Xen Hypervisor, Failed to
get contiguous memory for DMA from Xen
57ac6316-don-t-restrict-DMA-heap-to-node-0.patch
- bsc#978755 - xen uefi systems fail to boot
- bsc#983697 - SLES12 SP2 Xen UEFI mode cannot boot
57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch
- Upstream patch from Jan
57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch�- spec: to stay compatible with the in-tree qemu-xen binary, use
/usr/bin/qemu-system-i386 instead of /usr/bin/qemu-system-x86_64
bsc#986164�- bsc#970135 - new virtualization project clock test randomly fails
on Xen
576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch
5769106e-x86-generate-assembler-equates-for-synthesized.patch
57a1e603-x86-time-adjust-local-system-time-initialization.patch
57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch
57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch
- bsc#991934 - xen hypervisor crash in csched_acct
57973099-have-schedulers-revise-initial-placement.patch
579730e6-remove-buggy-initial-placement-algorithm.patch
- bsc#988675 - VUL-0: CVE-2016-6258: xen: x86: Privilege escalation
in PV guests (XSA-182)
57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch
- bsc#988676 - VUL-0: CVE-2016-6259: xen: x86: Missing SMAP
whitelisting in 32-bit exception / event delivery (XSA-183)
57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch
- Upstream patches from Jan
57a30261-x86-support-newer-Intel-CPU-models.patch�- bsc#985503 - vif-route broken
vif-route.patch�- bsc#978413 - PV guest upgrade from sles11sp4 to sles12sp2 alpha3
failed on sles11sp4 xen host.
pygrub-handle-one-line-menu-entries.patch�- bsc#990843 - VUL-1: CVE-2016-6351: xen: qemu: scsi: esp: OOB
write access in esp_do_dma
CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch�- bsc#900418 - Dump cannot be performed on SLES12 XEN
57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch
- Upstream patches from Jan
575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch
57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch�- fate#319989 - Update to Xen 4.7 FCS
xen-4.7.0-testing-src.tar.bz2
- Drop CVE-2014-3672-qemut-xsa180.patch�- bsc#954872 - script block-dmmd not working as expected - libxl:
error: libxl_dm.c (Additional fixes)
block-dmmd�- Convert with_stubdom into build_conditional to allow adjusting
via prjconf
- Convert with_debug into build_conditional to allow adjusting
via prjconf�- bsc#979002 - add 60-persistent-xvd.rules and helper script to
xen-tools-domU to simplify transition to pvops based kernels�- Convert with_oxenstored into build_conditional to allow
adjusting via prjconf (fate#320836)�- bsc#983984 - VUL-0: CVE-2016-5338: xen: qemu: scsi: esp: OOB r/w
access while processing ESP_FIFO
CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch
- bsc#982960 - VUL-0: CVE-2016-5238: xen: qemu: scsi: esp: OOB
write when using non-DMA mode in get_cmd
CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch�- fate#319989 - Update to Xen 4.7 RC5
xen-4.7.0-testing-src.tar.bz2�- fate#319989 - Update to Xen 4.7 RC4
xen-4.7.0-testing-src.tar.bz2
- Dropped
xen.pkgconfig-4.7.patch
xsa164.patch�- bsc#981264 - VUL-0: CVE-2014-3672: xen: Unrestricted qemu logging
(XSA-180)
CVE-2014-3672-qemut-xsa180.patch�- bsc#980724 - VUL-0: CVE-2016-4441: Qemu: scsi: esp: OOB write
while writing to 's->cmdbuf' in get_cmd
CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch
- bsc#980716 - VUL-0: CVE-2016-4439: xen: scsi: esp: OOB write
while writing to 's->cmdbuf' in esp_reg_write
CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch�- fate#319989 - Update to Xen 4.7 RC3
xen-4.7.0-testing-src.tar.bz2
- Dropped
libxl-remove-cdrom-cachemode.patch
x86-PoD-only-reclaim-if-needed.patch
gcc6-warnings-as-errors.patch�- bsc#954872 - script block-dmmd not working as expected - libxl:
error: libxl_dm.c (another modification)
block-dmmd�- fate#319989 - Update to Xen 4.7 RC2
xen-4.7.0-testing-src.tar.bz2�- bsc#961600 - L3: poor performance when Xen HVM domU configured
with max memory > current memory
x86-PoD-only-reclaim-if-needed.patch�- Mark SONAMEs and pkgconfig as xen 4.7
xen.pkgconfig-4.7.patch�- bsc#977329 - Xen: Cannot boot HVM guests with empty cdrom
libxl-remove-cdrom-cachemode.patch�- fate#319989 - Update to Xen 4.7 RC1
xen-4.7.0-testing-src.tar.bz2�- fate#316614: set migration constraints from cmdline
restore libxl.set-migration-constraints-from-cmdline.patch�- Remove obsolete patch for xen-kmp
magic_ioport_compat.patch�- fate#316613: update to v12
libxl.pvscsi.patch�- Update to the latest Xen 4.7 pre-release c2994f86
Drop libxl.migrate-legacy-stream-read.patch�- bnc#972756 - Can't migrate HVM guest from SLES12SP1 Xen host
to SLES12SP2 Alpha 1 host using xl migrate
libxl.migrate-legacy-stream-read.patch�- Add patches from proposed upstream series to load BIOS's from
the toolstack instead of embedding in hvmloader
http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html
0001-libxc-Rework-extra-module-initialisation.patch,
0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch,
0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch,
0004-firmware-makefile-install-BIOS-blob.patch,
0005-libxl-Load-guest-BIOS-from-file.patch,
0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch,
0007-hvmloader-Grab-the-hvm_start_info-pointer.patch,
0008-hvmloader-Locate-the-BIOS-blob.patch,
0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch,
0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch,
0011-hvmloader-Load-OVMF-from-modules.patch,
0012-hvmloader-Specific-bios_load-function-required.patch,
0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch,
0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch
- Enable support for UEFI on x86_64 using the ovmf-x86_64-ms.bin
firmware from qemu-ovmf-x86_64. The firmware is preloaded with
Microsoft keys to more closely resemble firmware on real hardware
FATE#320490�- fate#319989: Update to Xen 4.7 (pre-release)
xen-4.7.0-testing-src.tar.bz2
- Dropped:
xen-4.6.1-testing-src.tar.bz2
55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch
hotplug-Linux-block-performance-fix.patch
set-mtu-from-bridge-for-tap-interface.patch
xendomains-libvirtd-conflict.patch
xsa154.patch
xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
xsa170.patch�- Use system SeaBIOS instead of building/installing another one
FATE#320638
Dropped files:
seabios-dir-remote.tar.bz2
xen-c99-fix.patch
xen.build-compare.seabios.patch�- spec: drop BuildRequires that were only needed for qemu-xen�- bsc#969377 - xen does not build with GCC 6
ipxe-use-rpm-opt-flags.patch
gcc6-warnings-as-errors.patch�- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite
loop in ne2000_receive
CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
- Drop xsa154-fix.patch�- Use system qemu instead of building/installing yet another qemu
FATE#320638
- Dropped files
qemu-xen-dir-remote.tar.bz2
CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
CVE-2015-4037-qemuu-smb-config-dir-name.patch
CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch
CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch
CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch
CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch
CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch
CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch
CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch
qemu-xen-enable-spice-support.patch
qemu-xen-upstream-qdisk-cache-unsafe.patch
tigervnc-long-press.patch
xsa162-qemuu.patch�- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer
dereference in vapic_write()
CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch�- bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in
remote NDIS control message handling
CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch�- bsc#954872 - L3: script block-dmmd not working as expected -
libxl: error: libxl_dm.c
block-dmmd
- Update libxl to recognize dmmd and npiv prefix in disk spec
xen.libxl.dmmd.patch�- bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers
in ohci module leads to null pointer dereference
CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch
CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch
- bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer
dereference in remote NDIS control message handling
CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch�- Update to Xen Version 4.6.1
xen-4.6.1-testing-src.tar.bz2
- Dropped patches now contained in tarball or unnecessary
xen-4.6.0-testing-src.tar.bz2
5604f239-x86-PV-properly-populate-descriptor-tables.patch
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
5632129c-free-domain-s-vcpu-array.patch
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
563212e4-xenoprof-free-domain-s-vcpu-array.patch
563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch
56549f24-x86-vPMU-document-as-unsupported.patch
5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch
xsa155-qemut-qdisk-double-access.patch
xsa155-qemut-xenfb.patch
xsa155-qemuu-qdisk-double-access.patch
xsa155-qemuu-xenfb.patch
xsa159.patch
xsa160.patch
xsa162-qemut.patch
xsa165.patch
xsa166.patch
xsa167.patch
xsa168.patch�- bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent
cachability flags on guest mappings (XSA-154)
xsa154.patch
- bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may
crash guest with non-canonical RIP (XSA-170)
xsa170.patch�- bsc#965269 - VUL-1: CVE-2015-8619: xen: stack based OOB write in
hmp_sendkey routine
CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch�- bsc#965156 - VUL-0: CVE-2015-6855: xen: ide: divide by zero issue
CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch
- bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref
in sosendto()
CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch�- bsc#964947 - VUL-0: CVE-2015-5278: xen: Infinite loop in
ne2000_receive() function
CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch
- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100:
infinite loop in processing command block list
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch�- bsc#964644 - VUL-0: CVE-2013-4533: xen pxa2xx: buffer overrun on
incoming migration
CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch
- bsc#964925 - VUL-0: CVE-2014-0222: xen: qcow1: validate L2 table
size to avoid integer overflows
CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch
- Dropped CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch�- bsc#964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer
dereference in ehci_caps_write
CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch
- bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun
on incoming migration
CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch�- bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop
in start_xmit and e1000_receive_iov routines
CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch
CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch�- bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun
on invalid state load
CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch�- bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient
resource limiting in VNC websockets decoder
CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch
CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch
- bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on
invalid state load
CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch
- bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient
bits_per_pixel from the client sanitization
CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch�- bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer
overun on invalid state
CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch
- bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer
overflow in non-loopback mode
CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch
CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch�- bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in
processing firmware configurations
CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch
CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch�- bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based
buffer overflow in megasas_ctrl_get_info
CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch
- bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci
use-after-free vulnerability in aio port commands
CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch�- bsc#959695 - missing docs for xen
xen.spec�- bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with
INVLPG on non-canonical address (XSA-168)
xsa168.patch
- bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage
functionality missing sanity checks (XSA-167)
xsa167.patch
- bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect
l2 header validation leads to a crash via assert(2) call
CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch�- bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers
leads to a crash via assert(2) call
CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch
- bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access
in ioport r/w functions
CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch�- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional
logging upon guest changing callback method (XSA-169)
5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch�- Adjust xen-dom0-modules.service to run Before xenstored.service
instead of proc-xen.mount to workaround a bug in systemd "design"
(bnc#959845)�- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net:
vmxnet3: host memory leakage
CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch�- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers
incautious about shared memory contents (XSA-155)
xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch
xsa155-qemuu-qdisk-double-access.patch
xsa155-qemut-qdisk-double-access.patch
xsa155-qemuu-xenfb.patch
xsa155-qemut-xenfb.patch
- bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop
in ehci_advance_state results in DoS
CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch
- bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer
dereference issue
CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch
- bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid
floating point exception
CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch
CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch
- bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in
MSI-X handling (XSA-164)
xsa164.patch
- bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in
legacy x86 FPU/XMM initialization (XSA-165)
xsa165.patch
- bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to
multiple read issue (XSA-166)
xsa166.patch�- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100:
infinite loop in processing command block list
CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch
CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch
- Upstream patches from Jan
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch)
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
56544a57-VMX-fix-adjust-trap-injection.patch
56546ab2-sched-fix-insert_vcpu-locking.patch�- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163)
56549f24-x86-vPMU-document-as-unsupported.patch
- bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen:
XENMEM_exchange error handling issues (XSA-159)
xsa159.patch
- bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel
and initrd on error (XSA-160)
xsa160.patch
- bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow
vulnerability in pcnet emulator (XSA-162)
xsa162-qemuu.patch
xsa162-qemut.patch
- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour
readonly flag on disks with qemu-xen (xsa-142)
5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch
5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch�- fate#315712: XEN: Use the PVOPS kernel
Turn off building the KMPs now that we are using the pvops kernel
xen.spec�- Upstream patches from Jan
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch)
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
563212e4-xenoprof-free-domain-s-vcpu-array.patch
563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch)
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
- Dropped 55b0a2db-x86-MSI-track-guest-masking.patch�- Use upstream variants of block-iscsi and block-nbd�- Remove xenalyze.hg, its part of xen-4.6�- Update to Xen Version 4.6.0
xen-4.6.0-testing-src.tar.bz2
mini-os.tar.bz2
blktap2-no-uninit.patch
stubdom-have-iovec.patch
- Renamed
xsa149.patch to CVE-2015-7969-xsa149.patch
- Dropped patches now contained in tarball or unnecessary
xen-4.5.2-testing-src.tar.bz2
54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch
54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch
54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch
54f4985f-libxl-fix-libvirtd-double-free.patch
55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch
551ac326-xentop-add-support-for-qdisk.patch
552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch
552d0fe8-x86-mtrr-include-asm-atomic.h.patch
552d293b-x86-vMSI-X-honor-all-mask-requests.patch
552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch
5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch
5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
554c7aee-x86-provide-arch_fetch_and_add.patch
554c7b00-arm-provide-arch_fetch_and_add.patch
554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch
55534b25-arm-provide-add_sized.patch
5555a4f8-use-ticket-locks-for-spin-locks.patch
5555a5b9-x86-arm-remove-asm-spinlock-h.patch
5555a8ec-introduce-non-contiguous-allocation.patch
556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch
55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
557eb55f-gnttab-per-active-entry-locking.patch
557eb5b6-gnttab-introduce-maptrack-lock.patch
557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch
557ffab8-evtchn-factor-out-freeing-an-event-channel.patch
5582bf43-evtchn-simplify-port_is_valid.patch
5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch
5583d9c5-x86-MSI-X-cleanup.patch
5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch
5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch
5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch
5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch
5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch
5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch
55b0a218-x86-PCI-CFG-write-intercept.patch
55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch
55b0a2ab-x86-MSI-X-enable.patch blktapctrl-close-fifos.patch
blktapctrl-default-to-ioemu.patch blktapctrl-disable-debug-printf.patch
blktap-no-uninit.patch blktap-pv-cdrom.patch build-tapdisk-ioemu.patch
ioemu-bdrv-open-CACHE_WB.patch ioemu-blktap-barriers.patch
ioemu-blktap-fv-init.patch ioemu-blktap-image-format.patch
ioemu-blktap-zero-size.patch libxl.set-migration-constraints-from-cmdline.patch
local_attach_support_for_phy.patch pci-attach-fix.patch
qemu-xen-upstream-megasas-buildtime.patch tapdisk-ioemu-logfile.patch
tapdisk-ioemu-shutdown-fix.patch udev-rules.patch xen.build-compare.ipxe.patch
xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch
xen.build-compare.vgabios.patch xen.build-compare.xen_compile_h.patch
xl-coredump-file-location.patch�- bsc#954405 - VUL-0: CVE-2015-8104: Xen: guest to host DoS by
triggering an infinite loop in microcode via #DB exception
- bsc#954018 - VUL-0: CVE-2015-5307: xen: x86: CPU lockup during
fault delivery (XSA-156)
CVE-2015-5307-xsa156.patch�- Update to Xen 4.5.2
xen-4.5.2-testing-src.tar.bz2
- Drop the following
xen-4.5.1-testing-src.tar.bz2
552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch
5576f178-kexec-add-more-pages-to-v1-environment.patch
55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch
558bfaa0-x86-traps-avoid-using-current-too-early.patch
5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch
559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch
559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch
559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch
559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch
559bdde5-pull-in-latest-linux-earlycpio.patch
55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch
55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch
55a77e4f-dmar-device-scope-mem-leak-fix.patch
55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch
55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch
55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch
55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch
55e43fd8-x86-NUMA-fix-setup_node.patch
55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch
55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch
55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch
55f9345b-x86-MSI-fail-if-no-hardware-support.patch
5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch
560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch
560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch
560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch
560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch
560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
CVE-2015-4106-xsa131-9.patch CVE-2015-3259-xsa137.patch
CVE-2015-7311-xsa142.patch CVE-2015-7835-xsa148.patch
xsa139-qemuu.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch
xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch
xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch
xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch
xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch
xsa151.patch xsa152.patch xsa153-libxl.patch
CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch
CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch
CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch
CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch
CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch"�- bsc#950704 - CVE-2015-7970 VUL-1: xen: x86: Long latency
populate-on-demand operation is not preemptible (XSA-150)
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch�- Upstream patches from Jan
5604f239-x86-PV-properly-populate-descriptor-tables.patch
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch
561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch�- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand
balloon size inaccuracy can crash guests (XSA-153)
xsa153-libxl.patch�- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain
vcpu pointer array (DoS) (XSA-149)
xsa149.patch
- bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain
profiling-related vcpu pointer array (DoS) (XSA-151)
xsa151.patch
- bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and
profiling hypercalls log without rate limiting (XSA-152)
xsa152.patch
- Dropped
55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch
5604f239-x86-PV-properly-populate-descriptor-tables.patch�- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure
temporary file use in /net/slirp.c
CVE-2015-4037-qemuu-smb-config-dir-name.patch
CVE-2015-4037-qemut-smb-config-dir-name.patch
- bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table
size to avoid integer overflows
CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch
CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch�- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled
creation of large page mappings by PV guests (XSA-148)
CVE-2015-7835-xsa148.patch�- bsc#949138 - Setting vcpu affinity under Xen causes libvirtd
abort
54f4985f-libxl-fix-libvirtd-double-free.patch�- bsc#949046 - Increase %suse_version in SP1 to 1316
xen.spec
- Update README.SUSE detailing dom0 ballooning recommendations�- bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’
secondly show errors
55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
- Upstream patches from Jan
55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch
55f9345b-x86-MSI-fail-if-no-hardware-support.patch
5604f239-x86-PV-properly-populate-descriptor-tables.patch
5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch
560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch
560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch
560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch
560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch
560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch�- bsc#941074 - VmError: Device 51728 (vbd) could not be connected.
Hotplug scripts not working.
hotplug-Linux-block-performance-fix.patch�- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour
readonly flag on disks with qemu-xen (xsa-142)
CVE-2015-7311-xsa142.patch�- bsc#945165 - Xl pci-attach show error with kernel of SLES 12 sp1
pci-attach-fix.patch�- bsc#945164 - Xl destroy show error with kernel of SLES 12 sp1
5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch�- Upstream patches from Jan
55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch
55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch
55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch
55e43fd8-x86-NUMA-fix-setup_node.patch
55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch
55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch
54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch
54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch
54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch�- bsc#944463 - VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in
vnc_client_read() and protocol_client_msg()
CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch
CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch
- bsc#944697 - VUL-1: CVE-2015-6815: qemu: net: e1000: infinite
loop issue
CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch
CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch�- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line
config handling stack overflow
55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch�- bsc#907514 - Bus fatal error & sles12 sudden reboot has been
observed
- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after
shutdown of guest with VT-d NIC
- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been
observed
- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden
reboot has been observed
552d293b-x86-vMSI-X-honor-all-mask-requests.patch
552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch
55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
5583d9c5-x86-MSI-X-cleanup.patch
5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
55b0a218-x86-PCI-CFG-write-intercept.patch
55b0a255-x86-MSI-X-maskall.patch
55b0a283-x86-MSI-X-teardown.patch
55b0a2ab-x86-MSI-X-enable.patch
55b0a2db-x86-MSI-track-guest-masking.patch
- Upstream patches from Jan
552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch
559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch
559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch
559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch
55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch
55a77e4f-dmar-device-scope-mem-leak-fix.patch
55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch
55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch
- Dropped for upstream version
x86-MSI-mask.patch
x86-MSI-pv-unmask.patch
x86-MSI-X-enable.patch
x86-MSI-X-maskall.patch
x86-MSI-X-teardown.patch
x86-pci_cfg_okay.patch
x86-PCI-CFG-write-intercept.patch�- bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap
memory in rtl8139 device model
xsa140-qemuu-1.patch
xsa140-qemuu-2.patch
xsa140-qemuu-3.patch
xsa140-qemuu-4.patch
xsa140-qemuu-5.patch
xsa140-qemuu-6.patch
xsa140-qemuu-7.patch
xsa140-qemut-1.patch
xsa140-qemut-2.patch
xsa140-qemut-3.patch
xsa140-qemut-4.patch
xsa140-qemut-5.patch
xsa140-qemut-6.patch
xsa140-qemut-7.patch
- bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen
block unplug protocol
xsa139-qemuu.patch�- bsc#937371 - xen vm's running after reboot
xendomains-libvirtd-conflict.patch�- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code
execution via IDE subsystem CD-ROM
CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch
CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch
CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch
CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch�- Remove xendomains.service from systemd preset file because it
conflicts with libvirt-guests.service (bnc#937371)
Its up to the admin to run systemctl enable xendomains.service�- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line
config handling stack overflow
CVE-2015-3259-xsa137.patch
- Upstream patches from Jan
558bfaa0-x86-traps-avoid-using-current-too-early.patch
5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch
559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch
559bdde5-pull-in-latest-linux-earlycpio.patch
- Upstream patches from Jan pending review
552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch
552d0fe8-x86-mtrr-include-asm-atomic.h.patch
552d293b-x86-vMSI-X-honor-all-mask-requests.patch
552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch
554c7aee-x86-provide-arch_fetch_and_add.patch
554c7b00-arm-provide-arch_fetch_and_add.patch
55534b0a-x86-provide-add_sized.patch
55534b25-arm-provide-add_sized.patch
5555a4f8-use-ticket-locks-for-spin-locks.patch
5555a5b9-x86-arm-remove-asm-spinlock-h.patch
5555a8ec-introduce-non-contiguous-allocation.patch
55795a52-x86-vMSI-X-support-qword-MMIO-access.patch
557eb55f-gnttab-per-active-entry-locking.patch
557eb5b6-gnttab-introduce-maptrack-lock.patch
557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch
557ffab8-evtchn-factor-out-freeing-an-event-channel.patch
5582bf43-evtchn-simplify-port_is_valid.patch
5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch
5583d9c5-x86-MSI-X-cleanup.patch
5583da09-x86-MSI-track-host-and-guest-masking-separately.patch
5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch
5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch
5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch
5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch
5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch
5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch
x86-MSI-pv-unmask.patch
x86-pci_cfg_okay.patch
x86-PCI-CFG-write-intercept.patch
x86-MSI-X-maskall.patch
x86-MSI-X-teardown.patch
x86-MSI-X-enable.patch
x86-MSI-mask.patch�- Adjust more places to use br0 instead of xenbr0�- bnc#936516 - xen fails to build with kernel update(4.1.0 from
stable)
556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch�- Update to Xen Version 4.5.1 FCS (fate#315675)
xen-4.5.1-testing-src.tar.bz2
- Dropped patches now contained in tarball
556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch
556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch
556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch
556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch
55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch
55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch
55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch
55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch
5513b458-allow-reboot-overrides-when-running-under-EFI.patch
5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch
5576f178-kexec-add-more-pages-to-v1-environment.patch
5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch
CVE-2015-3456-xsa133-qemuu.patch
CVE-2015-3456-xsa133-qemut.patch
qemu-MSI-X-enable-maskall.patch
qemu-MSI-X-latch-writes.patch
x86-MSI-X-guest-mask.patch�- Replace 5124efbe-add-qxl-support.patch with the variant that
finally made it upstream, 554cc211-libxl-add-qxl.patch�- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable
qemu MSI-X pass-through error messages
qemu-MSI-X-latch-writes.patch
- bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed
- bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown
of guest with VT-d NIC
- bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been
observed
- bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot
has been observed
x86-MSI-X-teardown.patch
x86-MSI-X-enable.patch
x86-MSI-X-guest-mask.patch
x86-MSI-X-maskall.patch
qemu-MSI-X-enable-maskall.patch
- Upstream patches from Jan
55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch
55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch
55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch
55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch
55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch
55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch
5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch
- Dropped the following patches now contained in the tarball
xen-no-array-bounds.patch CVE-2015-4103-xsa128.patch
CVE-2015-4104-xsa129.patch CVE-2015-4105-xsa130.patch
CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch
CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch
CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch
CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch�- Update to Xen 4.5.1 RC2
- bsc#931628 - VUL-0: CVE-2015-4106: XSA-131: xen: Unmediated PCI
register access in qemu
CVE-2015-4106-xsa131-1.patch
CVE-2015-4106-xsa131-2.patch
CVE-2015-4106-xsa131-3.patch
CVE-2015-4106-xsa131-4.patch
CVE-2015-4106-xsa131-5.patch
CVE-2015-4106-xsa131-6.patch
CVE-2015-4106-xsa131-7.patch
CVE-2015-4106-xsa131-8.patch
CVE-2015-4106-xsa131-9.patch
- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable
qemu MSI-X pass-through error messages
CVE-2015-4105-xsa130.patch
- bsc#931626 - VUL-0: CVE-2015-4104: XSA-129: xen: PCI MSI mask
bits inadvertently exposed to guests
CVE-2015-4104-xsa129.patch
- bsc#931625 - VUL-0: CVE-2015-4103: XSA-128: xen: Potential
unintended writes to host MSI message data field via qemu
CVE-2015-4103-xsa128.patch
- Upstream patches from Jan
5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch
556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch
556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch
556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch
556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch
556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch�- Add DefaultDependencies=no to xen-dom0-modules.service because
it has to run before proc-xen.mount�- Update to Xen 4.5.1 RC1�- Update blktap-no-uninit.patch to work with gcc-4.5�- bsc#927967 - VUL-0: CVE-2015-3340: xen: Information leak through
XEN_DOMCTL_gettscinfo (XSA-132)
5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch�- bnc#929339 - VUL-0: CVE-2015-3456: qemu kvm xen: VENOM qemu
floppy driver host code execution
CVE-2015-3456-xsa133-qemuu.patch
CVE-2015-3456-xsa133-qemut.patch�- bsc#928783 - Reboot failure; Request backport of upstream Xen
patch to 4.5.0, or update pkgs to 4.5.1
5513b458-allow-reboot-overrides-when-running-under-EFI.patch
5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch�- bnc#927750 - Avoid errors reported by system-modules-load.service�- Add xen-no-array-bounds.patch and blktap-no-uninit.patch to selectively
turn errors back to warnings to fix build with GCC 5.
- Amend xen.stubdom.newlib.patch to pull in declaration of strcmp to
avoid implicit-fortify-decl rpmlint error.
- Fix quoting of __SMBIOS_DATE__ in xen.build-compare.smbiosdate.patch.�- xentop: Fix memory leak on read failure
551ac326-xentop-add-support-for-qdisk.patch�- Dropped xentop-add-support-for-qdisk.patch in favor of upstream
version
551ac326-xentop-add-support-for-qdisk.patch�- Enable spice support in qemu for x86_64
5124efbe-add-qxl-support.patch
qemu-xen-enable-spice-support.patch�- Add xen-c99-fix.patch to remove pointless inline specifier on
function declarations which break build with a C99 compiler which
GCC 5 is by default. (bsc#921994)
- Add ipxe-no-error-logical-not-parentheses.patch to supply
- Wno-logical-not-parentheses to the ipxe build to fix
breakage with GCC 5. (bsc#921994)�- bnc#921842 - Xentop doesn't display disk statistics for VMs using
qdisks
xentop-add-support-for-qdisk.patch�- Disable the PIE enablement done for Factory, as the XEN code
is not buildable with PIE and it does not make much sense
to build the hypervisor code with it.�- bnc#918169 - XEN fixes required to work with Kernel 3.19.0
xen.spec�- Package xen.changes because its referenced in xen.spec�- Update seabios to rel-1.7.5 which is the correct version for
Xen 4.5�- Update to Xen 4.5.0 FCS�- Include systemd presets in 13.2 and older�- bnc#897352 - Enable xencommons/xendomains only during fresh install
- disable restart on upgrade because the toolstack is not restartable�- adjust seabios, vgabios, stubdom and hvmloader build to reduce
build-compare noise
xen.build-compare.mini-os.patch
xen.build-compare.smbiosdate.patch
xen.build-compare.ipxe.patch
xen.build-compare.vgabios.patch
xen.build-compare.seabios.patch
xen.build-compare.man.patch�- Update to Xen 4.5.0 RC4�- Remove xend specific if-up scripts
Recording bridge slaves is a generic task which should be handled
by generic network code�- Use systemd features from upstream
requires updated systemd-presets-branding package�- Update to Xen 4.5.0 RC3�- Set GIT, WGET and FTP to /bin/false�- Use new configure features instead of make variables
xen.stubdom.newlib.patch�- adjust docs and xen build to reduce build-compare noise
xen.build-compare.doc_html.patch
xen.build-compare.xen_compile_h.patch�- Drop trailing B_CNT from XEN_EXTRAVERSION to reduce build-compare noise�- Update to Xen 4.5.0 RC2�- Update to Xen 4.5.0 RC1
xen-4.5.0-testing-src.tar.bz2
- Remove all patches now contained in the new tarball
xen-4.4.1-testing-src.tar.bz2
5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch
5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch
53299d8f-xenconsole-reset-tty-on-failure.patch
53299d8f-xenconsole-tolerate-tty-errors.patch
5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch
53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch
537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch
537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch
537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch
539ebe62-x86-EFI-improve-boot-time-diagnostics.patch
53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch
53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch
53d124e7-fix-list_domain_details-check-config-data-length-0.patch
53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch
53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch
53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch
53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch
53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch
53fcebab-xen-pass-kernel-initrd-to-qemu.patch
53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch
53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch
53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch
53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch
53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch
54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch
540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch
540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch
541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch
541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch
541ad3ca-x86-HVM-batch-vCPU-wakeups.patch
541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch
54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch
54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch
542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch
54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch
5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch
5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch
542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch
542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch
54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch
54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch
54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch
54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch
54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch
54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch
CVE-2013-4540-qemu.patch qemu-support-xen-hvm-direct-kernel-boot.patch
qemu-xen-upstream-blkif-discard.patch change-vnc-passwd.patch
libxc-pass-errno-to-callers-of-xc_domain_save.patch
libxl.honor-more-top-level-vfb-options.patch
libxl.add-option-for-discard-support-to-xl-disk-conf.patch
libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch
x86-dom-print.patch x86-extra-trap-info.patch tmp_build.patch
xl-check-for-libvirt-managed-domain.patch disable-wget-check.patch
- Xend/xm is no longer supported and is not part of the upstream code. Remove
all xend/xm specific patches, configs, and scripts
xen-xmexample.patch bridge-opensuse.patch xmexample.disks xmclone.sh
init.xend xend-relocation.sh xend.service xend-relocation-server.fw
domUloader.py xmexample.domUloader xmexample.disks
bridge-vlan.patch bridge-bonding.patch bridge-record-creation.patch
network-nat-open-SuSEfirewall2-FORWARD.patch
xend-set-migration-constraints-from-cmdline.patch
xen.migrate.tools-xend_move_assert_to_exception_block.patch
xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch
xend-config.patch xend-max-free-mem.patch xend-hvm-default-pae.patch
xend-vif-route-ifup.patch xend-xenapi-console-protocol.patch xend-core-dump-loc.patch
xend-xen-api-auth.patch xend-checkpoint-rename.patch xend-xm-save-check-file.patch
xend-xm-create-xflag.patch xend-domu-usb-controller.patch xend-devid-or-name.patch
xend-migration-domname-fix.patch xend-del_usb_xend_entry.patch xend-xen-domUloader.patch
xend-multi-xvdp.patch xend-check_device_status.patch xend-change_home_server.patch
xend-minimum-restart-time.patch xend-disable-internal-logrotate.patch xend-config-enable-dump-comment.patch
xend-tools-watchdog-support.patch xend-console-port-restore.patch xend-vcpu-affinity-fix.patch
xend-migration-bridge-check.patch xend-managed-pci-device.patch xend-hvm-firmware-passthrough.patch
xend-cpuinfo-model-name.patch xend-xm-reboot-fix.patch xend-domain-lock.patch
xend-domain-lock-sfex.patch xend-32on64-extra-mem.patch xend-hv_extid_compatibility.patch
xend-xenpaging.autostart.patch xend-remove-xm-deprecation-warning.patch libxen_permissive.patch
tmp-initscript-modprobe.patch init.xendomains xendomains.service
xen-watchdog.service xen-updown.sh�- bnc#901317 - L3: increase limit domUloader to 32MB
domUloader.py�- bnc#898772 - SLES 12 RC3 - XEN Host crashes when assigning non-VF
device (SR-IOV) to guest
54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch
- bnc#882089 - Windows 2012 R2 fails to boot up with greater than
60 vcpus
54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch
- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d
Interrupt Remapping engines can be evaded by native NMI interrupts
541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch
- Upstream patches from Jan
540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch (Replaces xsa107.patch)
54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch (Replaces xsa104.patch)
54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch (Replaces xsa105.patch)
542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch (Replaces xsa106.patch)
54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch
5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch
5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch
542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch
542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch (Replaces xsa108.patch)
54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch
54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch
54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch (Replaces xsa97.patch)
54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch�/bin/sh�h02-armsrv3 1696927524��������������������������������������������������������������������������������������������������� ���
�����������
�������������������������������������4.17.2_06-150500.3.12.1�4.17.2_06-150500.3.12.1����������������������������������������������������������������xen�xen-4�xen-4.17�xen-4.17.2_06-150500.3.12�xen-4.17.2_06-150500.3.12.config�xen-syms-4.17.2_06-150500.3.12�xen-syms-4.17.2_06-150500.3.12.map�efi�xen.efi�efi�aarch64�xen-4.17.2_06-150500.3.12.efi�xen-4.17.efi�xen-4.efi�xen.efi�/boot/�/usr/lib64/�/usr/lib64/efi/�/usr/share/�/usr/share/efi/�/usr/share/efi/aarch64/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:30998/SUSE_SLE-15-SP5_Update/de20b59d46f9bc9714b972ee82633fde-xen.SUSE_SLE-15-SP5_Update�cpio�xz�5�aarch64-suse-linux��������������������������������������������������������������ASCII text�ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, BuildID[sha1]=ac902d0a9c38de7fdb46dee9abdbcc5befc03dc0, not stripped�directory�;F�esƯD�Eb5����utf-8�592c650d8457d3814202db2febdaf2af1e6ddc3d9816f9fbe0f0dacdb1472764���������?����0����7zXZ��
���!�����t/�C�]��
�cr�$x�#�IesX�HCD0pD$�]�` [^u�+*o�`�Q�V:0M孙fa*@8BM)8Q�N����pdže�ȗ^;�S2�d�7SD�8^h!2֏SK_,^mӒugyW�xBi=��}*5��&�v�x{1Pp�(�}n�\�0;U
7!3�MKe)~V,
h ɮ�B.}/Q�k
�(I�
j�:�VCF,֎�W{|ANK-AR[ѥw^b73!A[۸\1-0Sa�cw�,�{tse8�E��X-X=h�oZ{W>y�!8`9`�Sڱ?:�7q}�i+KWmʊgX"u+p�}7���&ddڰEH(k�]�ĥp��w4^*2/Ƹ%V~#lTHҥ_Z}��|'K$u9cqUwɢA�﨩VI��N'6�"~X�!)�<�jgE` R]�ܢ�'P�>^tWG$3aE<˰`�bDq߽�+wI�I�ųiUY� d��
ç�lJ��*bYF"D��*�w9 I�BӠPZ�&�8X��!<3ǣ\-�('�Yik"�X8�T`��¬P��#Wg`�KE<�cƱ �ٰ^Ut(-Ĵʹ?G��!�F..~��3wH'�F>�2m3��vK#8f�;ԓPl"���S/��zuS%KVXqu��ߔP'VPX qTɍق9ջ� @T;EUFmHUr1p9͝ԣ�sm}��.G鹔=2�Ib�3��y ZfR�͂Ꮤ!g��h�}����F��:�-;��r���J)(*@c�f�ÿȨ��H5xFd/JF'
UA#jmC�PS��(n�]׀�Ms|�Bǧ�M)�9�q!=ya��RP̅OBVQh�]Dҥ T)GL2|�ѤR 7'f d\Wɞ����ő�L�d3�UGKaxQ)a
�⇘ap#�=;-h?oY72hv�s(7e[ƹ�ۢ�15�<Ƶ%6n�xz~gCnuY��b4
= 8ί�]�iiϟ*�ٲ%#f]9]wG��[nqh8Z]OH*�<�/'ݝyli�-�6ϫ��81�F|Z�6Te�+�f3/Op�O�nM�'�g/�i)I*y���4Cz Wg~�f{�Uޟd&|��R4[ū��6D>�uk�OX=ř��dh| h�/E FM���ǡ1�¾0)�G9~۟Bs�Kh�1�G�>Iad=,Se�,/
-knm}/K}UY1XzpC�.�RP%�X�Խ���^DD7syf]w�b\�6X�A<;�KcKh6�'"V��L�$�L�akd�5�Q�xV�#�4�nG'$9ъ{'�o� {l�����r>�Q�Z�mcBlnB;^�F&p�sz�67y)n` �Ғ;_ۉhcjEY('ur�n`�d��0KwH��8C.6wWHA֛r"r�?V;7%tc%�w��Nb+���#���Pm�I;[9Tڙ�/h�u귪1�-/�;T*ky^9�f=kDuHDF;d%5}%N�V/vk�7Kro|Vvu�"�7�ߏWUU=_�NYCc$Ďzo����lJ'(ͣ6tɘ9>�&
�~+�m`/j9'غ+Gz7
2^hĄߒ`[OƮ{�V>^+y�3U1�v�Q�<%HmP��\Du6,���tL-CyȳUb��OРT\1V_n�e�ۃU
<0��gJUuZ��s7�x wIn6> f�z�e�[$ힾx%|Nm.
b�"bTw
%(@s19bc`P�={3_.U~�'pچ-$0Lggj�lXP�"i�R�X9") 7W(h@
ފ-��>7 ^Lj"-k#'Ū_oﴄ$eWPXαOpm�F0:Y�'�f<-8�""~ުN疫?ȋ#QBk3#0#jqK$&T�@�扐%k}\dk�C�ף;1�E= t:-oX6eH.Lm:?)[V_A7�(Zϐ�GLZ,%nV?$G#纀,B%[.10D'gRb�x$kB��X51x
�'�7(�pA-@_Aףz(}Rb~��[L�'dqZ�6иLh=ۘL,QC3#5�V&/QGV/ips[t*�$�-IȉVu9�B'�8�-� �ypܢ�>y��Y�,~zH)恴K���Rort�A�y�ʝaN�\�{eSXl1[5D:|J,�ewsv dA$Y3o�sN!k�Bq\G䫓S^��mR.g+d�&C�b.?#FOA�
jɝ�ӖetQ3��Xƾ/�ݟvp;A`�($7DbKWT0?@Mj��49~yf/U9%�J@�[wcܸ�4�9u7,Uʧõ FX+)e�cy&|�U��L�8v՟f2F?5z'j Il>�POd 9
�N��%aw=tqM"5QTSn7(6
F#i+=函Lv4w'WJx�ӎA�uB7��m<=Xf��V́��Gi+B3�1Ey~�� AgK�Kiqc3*C��8!�F�B��a�O
BO,��y$v�mr>OؗGS{�@|�^2u2f"tC&-A$c/u�w�3P��WX4ӔT��*=wHŊ9\2KV�>)_ T�P|�l^=ȟa�|�ٰ�4iݗTIy4�]0E`*�TN��#�ZCdܭQG1�"Fɧm,ÃI��ْI.zs�o�m�t�(}�wk|]Tm(�*P1�\�lBW�&�EPI w��Mb/C:}^'݅G�Ѳ)0y�.og#7ȯׁf(�.i�
n%F�y˯n�='~wz�@�ط�,g*Jt n|K7bY�xjƉϒϒtFk_�+YTB/B�~ȕG�K 9s��;-AWR�ܪ&�3V�o
7ߥE}.7\�iʊ7:gq�-7+j4;�i
t@ M�uF->3`˝@/d#:�Jj�*B,<�xY�D}f&yy�%Uo)˫c UN7�l7䖳=mI�Sh=I*rc*;*cMyٞ
-�?u8Joo�i6ԛ4h\~ߥZ��x<ыړ)BEeq`�^^{Zg֓jOT;|=!3�i��Nиï���Jc�l�V�Y$|��0<)Í�ٽ"4�&l%�Y[o��Yq~vۗiKC#�_>M\ƍ$m1s;r :�}{CaK}J~6<*H�skx.6�lW}�{��l�Rkah>�;=V� AǤ�^ct�
u*�v��] c0%܂
`vxbb��| ��,E9i
2tccL=[&�.R+N�^<,�Vq8�p�fKFVPCIT=�
hy~�^V$S7a3�6B�rhlY��"e*#" �TCCB%_zɂ"bēÿNK�)%# `c$�ˮ|cYۅ��~#r?CuE~jPE�Jх�H�x+l%7=�[t2r6xIrMC֊5JvRQ܄6.3s]�(ʟ(�zTABi�.ғ'�Ҁk%qd4SCmef0+JL5ۙ�4�
;IĒ�)UU�k/ơ��0(.��yv&#)V��=0���n�F@v\y�${9yҔǏHsIs
4_yj[_}yuc�u �+y1;aa۾oW�N)`(�_�x=�Ȯ݃3*
2�]Tz�Ů3n��]RW7tVTݬ�xF9i^P=1b"kEs#k =oY�L4(KgޓFYR#葬k�ŷ*se,9;\`\[)��&h�e� |lO/(��/�N>�TF,��6ʹ�opGB�
Y�~?qNG-̟
X1]OnX�RNp_u�,#%V��ێ͋v6@�Z�=T4yk�ń�K;+EE }@l3UBaϐ�KsY;VX`�T!)�5��K
~x�
�䖭[Z�C^
M2bs@GvYl��oRC�z�ǒ
f~U�G��'ao�&L{��֧(0%-4DO�Z6')RV�o8,ƽI}K?HvlRĀހ�\��%.(ji43:JvR�Y}eٲG
h��ud_b=c�نN�yp˘D$Zċ�-w�0ʰ<}Z��KΞף�1Gw4�k!W�;�ƫ����n�`+Q$Z7ҡ�CW^o,;��
,�+��5or5�Wx-ɣjbjI�aM�Q~)ʺ?�
L`�]emX#� � 8݅ yVC�ڏܿ�c3Z`� OGIiv[]��醄�yͣO�:Y'a�:��\c$�:H%#64��?.NװX7ҥp�Dp# ,x�q*9o�V�ny^+�W*P�WۖO~�|;�)��M!3Tc��x�!@�L� 4f+d"}�A��F�'Unf�cF#ir'lg���|��Jغ��m8��vAP-H@\�a�P�Sq#.*C`�/B8�@[rk
%��_#�njʒ{c�aPbDCE Q\,i��nۻ>M[@e>B�ii
�ekh��)��RH[KU.%˦סY.H�[T<�+隥�>ҏqX]0+i� �)Zi)`9/oj 9?T_uAL&]L>4u$u�`/P\�sIF� ې]�Q �4g/�ʓ.�j_t:2T+mQοgz��{wov�VI86y�%NyW�Lh?�(:p� za[7*,et`bH>�˹xiNcC�d�ݠ} ['N፣n5
�ۈta@qsE}�te5X�=]?POhg3^�iʄ+o�YT?,2e �m/~�f0h]H��~WG"�:tod}!scT2kR�nû,Ox���
��"w�r(5`T�Y]wրg���@^h�HN�z�۔2g
~硂0gZ
wJif2io%>%�^QATj�Vx6F3�]Ls�$�?�P;`
H*�#& l��|��2luZ-]8uӿh�Tù�U"n� V('�S+N�cָPR\�jTK[�8ZWof<�h4$Dp#η6�[!&tm"�RXSkmIZ�
Ü}J��VdW�yvH���u�w|�]bOF+#p�ѿ!�a�LGN�L/o�]m, �D5�y�x}QG�& VMj]y}$�҉F��ZO:�ګ�\�SIAN3�8Đm*UX,�7K
%;�j�+�B�5oA̴cDbsЪԦy]��xAz0(_"��ûm YU�GRm�7P~�[��Ů?=\=rW@Aӧek*�[1lh�#f*%>�Q�PP@�~ �ř��J=K6�*M|�2]R�c Ḵ7|r(]s.{�M.O9i3��7 x6�b�n�KM\.e�Bbm�q~˜9�?;�%�r�roQA�G�8|�B@[\џb (�X&�I�t�7lhS?�'D�|�$bq$�"lj3~w{AxxZuO>ˤFMT�eȑ�2�GF;m
?
��P b8|�͘�Jc�4!F�Dx{�R36a=��ϙ.�f$KՍuFFuzagFdoӀ")>yN�9l@�i�WU'�^�&�yg-CJ�PN
>27�3݉^c�rtNhɽ���5�"O9)wU(%`ȡa#iC�\J{P ˿��0HYYߔ0H�x'-H+�QZ4}�7̯wc��O4A��yQ�̋f9V>O�(3$� w:�s;P)}*�+.Zf{�NEx��m,�w{�%�#0��7n5:@:m%"ݣ�ACꚭ?RTf��
�0F��&4�)/�=�VܩjRPKq )w�Lj�۟4�"[lP�Ĭ[I�o$wZަ7J/@ؐ� x`(,v'1ʬˢ[5ȅ�?6@�̋r4+mn<�r]�?�![|f} ܍b{ݗ~T1c9r/��^��I[?T˓�04�?�Q'ŤSkۥ�VƁ��d!+8��)�s\JJ�A��MI5ف.�%�˼ԭ�nVA�TʈuAh0T0{\�wa>rV*ՆT��\Ԇ��1�HDx\�vaIu)��=�OIǚ�r0φy�
�B@]w�N�1�/
dkQ%zo��0�Rq��|\ࣵI�*㝀R1�ymML�~îTG(bTY~0ΙO��B�0u�Y�Z��m`~f*6�HgVzJ^h:؋�ND2pV`B8fH3=,ic�i՝�J;6tOw�?@?_v�=5i@ ���#���F�+䊈RG�;T
<�&�R~j0�F1Z{nj?We�SִT���?RO*�DyDO/ `4�� V�z]�s��P(iJY}Y��zn3WSPD���?L[oYzh�'#3�'ØP NnhH5ڠ�2"!:ٜSߵx3y,B#uT�z#܇��3V
0vnk>@B�پ}n"-�7 ڰU1KLoFXc-�se<ϕ"�L56d�z>k�*�
�n�mp+ݽ�wW)TE.ۆ'Ëe87_J
�((�A:%1aG6&aS}�^`�W\q._wPRO?K+8&#�#4XNx�u�@Z��c��uK�ihQ�la̼�֏#Ek8C8[U26V|?Nȟ%ɉ/.hUM�`
�6 �2�y ѹrwu�%
�J?>�4-�8h*Yj
6�ACf-�\,fAaنd��ԯ�7pZhL0�b;6=I�h">k4f7�ܢh*k [fdM+K�#TC'0F&�\b2|�JH�
IRj7���=DO:�蝶�:�K;�t��ͦY~-3�
�$'Wy=>VIu�BO�zǰHjH[`�~<��?J?0�T�JI*a.��F8qYl/Y?ԩ5+/7{}�U�VHB
�34�hMz"z�1�5U�O5,�f/u,#{�ly�v�!\�,q'K)�D1��B:ZZ&*Mޣf&C&D-T D[�х8'��-_V�R
2}T 4\+�зp~9)p�Y�V�/,)pxtY/>C@Tz�%�^� CŪ��ӝ�6l^r�
.)Y,Ը0H�h]�G�F�d_X5�Z4qσl6o=6(����J�d�3�%p4ǧz�y�-c'|�x�>k�X{@6��^j�e�j=?W�|}�ddG�4@ŞC�$��7eZ�KG�e#ch;�~�vg�8>�wa��$�XOY�(�[j��B>nkUcC]�ڲ`^z?KL@3C(G]wќZh�~$���< �dJtɖ:��[s%FLhȌ U�]
�)cfM ��>#cl�1�p�!"n�}�
/Qs'DZc(c㯿 p{N�ԥ=*
g'v{���
]>Ɨ5���1)S{�JWӍZM(W�}.a#ȉ?7]6wP'ѳt\^�1*8�-߾ܝQ���w}�'�O0'� �{�߫'O&]S>��uk��<~Ea>;�%or��h?#��ÆB�zR�y"�UC.$��an��(U�@�\2! Y:\ԒUx�y.)� $Gy��!w_�7B�)0yU'0C!�ײn7�9v��d}Z~K)�)(�Ng)"!xA��wJ>/�"��tbj{WMy�/iXmӛ1tzh<|�+�ߗ.Q�"F2T# L6g�CD\q��d�h2�0�
*Pv6gY�82@PI!6OnF�8�Cҹ�j.ff͂rFAkG�VR毸/m�Ą�dO���)�@U��K6]!4ǃaN~�B�TLbRBLJYT9sD�4)ϒ\�el&`W1Qp#�f}Ԇm�
߮O,wT�T�hHF�gbJ��8C3
$^vE/O1y"6ɔٲm�
!��
��Dv]��$
2[9Wb&�M+�H2�3w2Xm��'-˩Pv�0ϗ~Xmf1&�]ΣY'*FnI��֙#˰~p5{Tȸ'q2_�/ӡBI^z��5+ഘ;C<ω�9Qj�TY��\B"pnQ&>S6(6�"�� ��FHybsq0
L�K qҭ2+<4[2F{5�W�l
�(w��?�_�h+�4 |!Lo2ع�5�[�K?:�C8|*i�۰�z
Pc*qktE'���''=��V� � 3#a8etV3'a)7Kk�17ue6��6h�a��z ~��yF<��8B4?]AO};Pkk'pO
\ 4>�9u��?}X�yy]5�Fru�@b��g n�f��R��+A*%8R�=#d�_�QV,m_5Cv9Q
_H�~N'
�Xt"�W~JYtH0�Ĩ*
̓?#n@ѵ?C�8ˊ|sv3QB[p�#+X\j4p;tҟ)6e�H;�8�9ڠ��"JaqL#DžcV4:�҈[t(Յ:ړ��G FN.�F7`(%�,O
�WiJ;BHwju=n�s��7�ƺ1,�#e):N٭-70�d@srA�)0mOu%Y�ٮ&`X�&!1n;SBk1*R$
pW<@�h��V?gGbK+=ڒ
��1kx[^#^i
:�vdP`��_�ϰ
QIW�MCd�7iWD3�DXU3fiV?f
&���=�>@7oj�+q@j �`7�R]C/
ۻ�MDu|J;sXg *�@G}Ioݙn.PeT!>4�dz ��'C+48|Z~|0q$P<@XDٳ�,Y_d7!زk:VUm�YnS4A7.=Ec��T>k�ؽ�Z?@9�jE̝Jz
]�
6ᇇR�T�|��w[l��֞ps�Sv�*c��r. %`Ўk4%RѴ�_}0*>7l�*?�NUK!?̩� *.�#"S}| �Ґ)DV�6�juv$=mKrρ
�7\��w~�H\J4�14t�lgr?x@
)�PO�9hJB>e$^b�vov�b҇�2U]`%a�sc@~�'po$"r:X��X��)��
8rd�rI�lJ
mO�9�VL�M��&4Vʥ&>WrH8b=�_`MU�u_�pq)��]�35^I!uӲ\9<��S��)e����+GLӂ��+��Ao\
�(~9R(+fo~u_�uW]+h��z-~%1'i}y��&mK�g'q@RP{L�H��bj���O�{�`{H�Ń�r+|BN�|[Cu/ͱv��FwK�C0xID_d�T�oI_G6�b}Q�7�7גSί1Lj�?u�Ԛ4��% �XKy~}d���0�U�p��s ��̆ȓ-�%^��)C�*��n~^m1+[NLW�:E!X�=1}ӯH&'!5zH@-h�M!vt8��v���+���'R�4 �-nS$5[��N^ј_��xyb�ttwZ{.]�a��cJYkI;w�bV/mU1*8v
sڅ?<ճ�jHz<�=�qiӱ@]!�rf�г)VŘ�]ؕ
#x�A@11EiX�R^yx5�%k=�$+-�(H8�֠�E�vxaҥ-�J�m.Ɯ`B�(A��zd,@
ɇR�ܻ:4�>cyK&wJM.EL�2�E ?���k:+cJ�6l�A]�IՁKI4t5+?
�wihF��d\:lID�U�`W�"hZmP�X-ƣ@:�E^f!��aqIAk~f3ClHTv_vg��SZʵ�cDu&��G(+1A:��:q�v[e�=�,##pDAtӲw c6Oe�EÚ�OE=F��)��oj�(e�ʌ;_8��[##��V�"+%U3t�ru��.N"6>+pFycB*i8ƌo Rf!�2W>#[ށ/U!o>P�u8:ދ5r����QaXҐ�&0�!{SƄ`��VV6���e2M�9=^mwF2I2w��"nU��QǔsŽ��kcR&gGG�E�pL|���)h�kLWLO%ʸ#m3unU�i��"�BqV=u>H��q�bXÛw6*;�d[|�j:_-2˖'^A�
_gF[�) (т_xZ1��?O#�mi��UkҨxt,j7���}s�V�6q�xڊ�qkס&���3:3=Crmh`GF;ЭD'�tU]vx`H�k33֢k�%�R@�H;),fXMب`:&/M�u0p\(}7yd8Fچfuňnl����<�6CZFP�i_�'���m]�+'>Cx3LՠDN�lv"�Z�Mi܋Avi$CPj[~��J ]~��1'��U{E��SuQgZ0��Eek�9>[F~�rV�>�Hw�6i([Dhhr-W1 �%M�1�+D8�d
^$�� uy. ܊·bL鷕i,��=Go߂?72 ��lx~YmDHf`v+ TC�N*c~CjN�J�[Zx9T6':�oMDjĉuwرwC{-0�i�]p8:qݖd/<@-��|y%u{Q �,JJ&�c)�JwM� ���bQMٜ$9,nN4a�N�=07>��I?�$ڶ =m�]��82{3sNd.ZF/c�xi�t.vNT�^x�uФpGѻ
?*0J@x�Z~I�9���>|J㓃e�cD�X�)�G̓X�@�m�"&h!I/e��UV LB|U)aӤ^dg*JDU�)s�]P'NsƐ3)A��10"�Ó `�%oZ�rSq{�Am)@�˫^E\9/{eoމ_�oQ#�;HM4_W8iwx�:�n"Ъ���(sn�
�A�.S~uqo�~ٖ¡9nϵ'�K3dsӬ�6s Z`c^2eܡ�YI�:�l`>�&=犦8D�bKAY�civTr�sYhYm[CNL6X9��5�''|�` xI_ge2LФ\؊F�IaHe0.9%߿:N�}Rc֣�fOH�C��ݣV$Tv�?˧6v�fjOÓ/Ht�=� {oauwB`?<*oYުgE)3"mE$^-~}T�ΘG6q`k[G4�]£�Ql%W/Xa�Y��,�,?ܘ�7OYsQ�wn܄ �hq/5"W�8,&� 밵k��G{zKQ<�Q�z5}H=h&Jj0 7HI�M{_2`~'cNΣR;إjZ5XV�͚|�R4Ed9Ⱥ�B�`��ABt�o�Љ3d��Z��݅mɐM#Q�(P09>�S
cS^�܋̶Q�RySw@Y�#�G=sDz�꜑�2��hv&Műrg-n�E�*�A8l>1$4 �gO_l�g?�TX�Ù��Q0%06$m:Op�GU5"&tַ=ԇ��w514כ�6$�W�낛\�y`_C2+#vƂhYIuhK�h/20I4(NKcܱ\�uff.��Ly�xs�+m܋Ɗt��XSd�L0�t3j�خW-,D�CbRhE-���0�e@����
X 'oevQR�SnF�ʚ$ʨ'R���Є�4u4kcKLv蠵tꭂ^wD^x6�.}hf9<�R/p-��W#xVgv!�|9Z�{�HX�@&&� 1�3(v��ۡwŝ[Y�!*�*�:VP5�OJ
P21:�S�GE�*m0�ĭ�.�c�� jIx
u1Lcuh��xgB!-qӆ)_W�v*���>;S�Fr5%�9��a�7k0%{=epQ
cS K7@"NZA�1�p(4�@`(nEi"8<' pOZs��
.t^|�>8aŗ%:J2ޘN�Iя2KH�jnlb(H@��,�Z�T#iD�ۖU�"/U3�^�R&�ƝxU�*�EƦ(��qɩd^>f`W�9
7�25�!Lw6_xR099!dndJq�˰OW²QL�{Y8b�I*$!;I>]�4_��'�5��&S"�|�*+>YM3,lX}|s�&Jnu�I)�j��z u��G?_U�Bwl��kf��-y�[I[Ph]{���Yi7ߴ@P�nf)6>Z�J]+cy?�쫁�-o�A�)>
rS# 5\Bs�E6R�*�Biq�٨�R0I%y_0�=T?�Z�~?"& gG!�^j��G-JT?n�okg]2E�82.TbU68Tx%�qx%u�0KBo ǢvN5}�R'U�ƂPAb搸pr(v*܈�GȺI^��",-\}���Qwvl85�!�|dI^۲�{3�f�B5m�c ]-�3_@Vb:I5�9+7h�٢g�A�#w���̠>dW�zr/�Ό=X��0cA5jGjRavt-FP#B�"2�kfZ"VF�$ݩ'�%Cx;�cm�G�q6F�g��4H|ױ_==`]kq*-jW�5p�nQ.A4}�z`�CA�=99-)`F-"�'єc7Ck��r[wkQi`��8�A״�%o~>4!�j9Qng=
�i~@0iYF7ߘ��b��R��!�:>�(gOS6_p=6QKBj*pt8�0h%�IJD�
�Qoί
crz 4�bʩЭP
=
q�]�A|��(4\ie�B(aii�q#<6A}bv^�~(6j1ω(l빀�5[,c&I��>%qRRX9e
�aLwSlZ
�v�3nG}>@i�8;:A4e>/9�_"}^�N�-Q�sR\"J0z)�Xi2IZl(Cc
6אz䃥MΝAf4dzpJ`RgI �j��dbQ�C!f[p˷/H��ݛnoπ��O���L,4�e>I�2&Vg�|*'�m[��y3-kNR�7Bh֧z
�R=�yއ/6Ʌm3HOjP�Y+D7k5CRM+'�'�?ixt�uɮ>�sQ:��Ӕ6ܗSat�A^Gp�ه9+rY~SJ�Y&ku�ճ2�Ciۍ2�ට I8\N�7�UyB N}̯%Ұl�f�l�Pn$ 갬'�Ey 36 lE?
g?/GMjHQ
?Be%d��
�|b��t4~�1c�o0u`Kb)kB�}�;=�.SLg�p>θ->뎟ZJ*ZT+`�E{^uEՔ k!Y{A[8�!$�,� G0"5#j9F�cM0GHTۛU g9]s��2=`
x�CȂ*WϬZ<�Oە�X�l�@�bg)DT3y/@*a�$?~Q,ؓ(U_Z'b-KB`=o4WxCXm{4�H]R{PD�z*N"�;�ey���Ͱ�z�^�ȍU4�˦�LxȽFZ.�1�JHI/D�?�):`
F?t>��@@,ǿf@j(wr��s+?[��甕6˟e�vV � Oܩиan�U W-XpVitqf~Uz��4Nu_�2����YVwF�5;M�K�C^x�&$��·�EbR��O:>ʫ`nyIw�^;l\}�5aJU aDkp�o��dNf+7`[2.�Ĭ�R�R~ql�S:�#&y�_I`&qN1�!:%9jCJEtw�VmT|4Ģ]g�Cź 1'')p6vL_VÖzu����.M�A��Oh2^�ٟ)Fy&PI7�zw!|ij ]V�O=�<�;����_����p"].)ӼkӖe �ZPn~NO+9xYO]q�Eˋ@�9xWyⰼ�4j$)OKJKn,8�ŦW` U�ī=J�وo�:ϧX͊%&晾jse�En!"�`[yU3rYI+OO`"�Q �Z�}�`�pڻ���DAG,B 3ĂcO.0+p��JT�H5��Mipz]ަ\d]8�M1'���+��b6%fQ�t6�`6�qd� g�9h`��G,J,ܩֽB9-�pWNB5[hq4J&F[ZQTm5ϐwle�]�{/p��qX~�r�A'-Sh:,�^o�)xLW1ڹ��T�˳2}s�u�Akפ�ٳ)e^S�(w]�-�̧NmN��)/�e}�缫pEx^�2'f
�l1$X*W�=F}9�G�Ty>f�N8T@ҦafGq�KuF�3`��X8^d=gA!L�~tزQMPae���F�<�\VF+�18T<�I���װ��6PB/�0-!j�n;hҙP7�zA���z�㷝s:�Ŷ,D,&��xW�-8sR�}�v=˛K��x�b;-��ʂ7Ҝ�q��{i5GyC�V=rQ
D7}%q
rO*}�i�H��lqcwsB�`=s�MNX=�z..Ok=fKaR?R�h6kfh��� Ék9��CoV��Q��۾Bp�[oE&X'4)�aUߨ/<>o>FIpm '[ EgkHwj``6G�w�<�c8��%�>�ĭ:]}g�L)q>?#W0ié9$båA2GVAWN|<^$:/fIjG�ǎ?V��;,'����Rw';G��%$L+=�rl�؉Ivnu[[{ugI]i/{!Wѯ,HnG!��i�dgtU
&A,D'#�ͦH)=[uA�z�
k�}-jPG�F\3=Q3?_�~�dž�#$�]mAC.M
r%�O;KA�1K�!A��q�-B@^kS8
;$ v^LĹ[[됣~)p&�c'�a�'�J�?-�P>2���n >�-t@ٞw�WjGѹԵKU-�5m���ײ��8}x쨇()�F1��t�&XȬ�;oWր
�54+dTY�>|Tį�߮pu�0b�z��aBR+ۉc賦Te>EQ9 �mE3F7g0<
�J�/KeP7�CG:I?qq˽NG��"j*l.-a`$;Iu�#B�fM`�[]݂B�1k�F^�~>_a6׃6ImV>q
VƂH
t�E8bb]Oy�ؚ.�NŰyx./
c�O
PX-Bu� $�gmmjk|ȚAc�Vފ?@T[G3H"�'6O�:3Ǯܹ�H41i�j�B68& t[�*�CDh
l\FoBw �U�|ۇ!���-�\rj/ �@}Y*�X�;8 j#Ye��,�BzEf~ή�եt�]{3V4dO~ԟg3,�(<;}xq*�8�b���|0�d}fФTXUz���PgMLی7YX.#02y ;]�Ijx}N�f�-�U]-�
sx'F|]�ㅩtr��%{zʤkA`�{,cL�ۼ"L1�/��}sDɾ1$~g?0=h���~&c1J'hvQc�MtZE=�Ʉ-��DΏF{H�B~��ܼOs)-@>"h91�3&:&Oh���i2UP�L0&W>40wǵOQU��p�CP9(¨`#'9Oua^ \i
ӟcYsEequ&Nǝ[�f` �IƠv�{ԕ�}� ߪ.gJ)�it�J.<"L�bK c0�}=]ʝ?wpw�*i*t�u�qF�e1�;Ny��P{͌o*8=*wȝu\WUXP%Onz�T#B'L�f#`mLp$͆�s�1[���c@�ê�F_=`���]SwM?�W��=�
-?֧"�w���>a�%7-Sviq�r�GB\�aǍ7Qgf6�RsX_)5�T}��7,��*�b�FC*e|oY�$URdwɲil-sp7l�HeL��8(%zv"S6Mi�Rn펼G�
&�
a�B(űT##S��S`5}c�t~5�!��;@lF6n�B�n�k:}��0;
ڗ�vd�t.z�
�EZ:�fRMM �h��K%�݉�e~!xQ]�APs�}��_o'�ʖ/=����]+ʂnZը>
�?�c�w6X.)��DV��2|v��@mA�-
�r>g�T�ͬ�1w�Ҝ5j�L;�/�A�LU'#*MWy��xD&�\=��ܥ|z":�eҭP^+qfwCdO��7
;O�+Z3.K/�/!j=�(@�Avܪ��y�|
� p�*NgfDіUrɷZ%DS8%f5�Ͽh�7Dǫ| �3̒~N9}-v_O9wNij%-, :G�ػ��UC�OoC<�O;�>�^Υc���}@Ct
�A0i
0�H<#NM;7"
�vP;90S`ܗvvH�k��v]4^Fv��4�v�
IP�C5J�|R�|j�F%�N[I͟n[
nS؉<`x��>!S!f
϶M���3�i]Ў>���-Lr=ǯ�aHK-]De�.>�!t�83r/I�'c6oob*؎i,�M>er%=Un8!7 fٞ���Q،@�揇�k607U�|��oaH꜈͠Z1>y_!0x2h�$>SkihP�5_p�P+}b�hwg�sE$1ud�nəW�p1A�FC6bHQrq�;#I3�ƻd]GRyG Wx+F�*l��Y2Kdhy5U�o�gUgž3MauҲy\(zScl\:7<�?[g!TOn�~XS;S()Pz��{�C�j
}N�hLEZSȫ�p58IԦC2� RA���u�q_]b�$�G�o-}(j�x(`��x`^;��w3Y�-��&6ǫt(Xo:��U"��
*�vҽ�;�u
�4��-밫�/_�J���|n)�O;ܓx~��I��`"cUp}V�lo)*�sGSB6C����)jU�>.T²t@Q�C훚!S�BYw@mq5�::t�i
.dȐ};{KV+5()-m*[4p$P'l)0Y
ƶ1-�KDyƫv�f�Qx{�@욭��/o�J�
K�|!-<��-J-)�=\]hA�%ł�IFQ3; w5�_*^ܛ|sT�h3U�76
Aãۺ=8w/(MHe�U���oFM�̙vW�W�kⅡ9}S|cY&�X�xxRb��`+�^(o0�iݹ�DV�o,?W�I
�ٔYXX0�NpBŨYFNַM'*T�'=��QH-]Pm�آ��6�*�| ˩Wr?Nj{�g
��H\0�2�J7z�&?H(3dw|2T9
*�����\nW� C�i[�nP6ɳ,#ѵWEyU�Ǘ{Z3%y&Fߘ8��v@$wRFF�X%n�
��pDJ(�b?\�N&?4H`�z7z۞TTp^pxE��ݧ�=č4��@{v�g[iMG5�;a�:Y٫պ�;&Q�\\o\\P��� U;;x`m�_�c4)o3�>u�Tވ
$V܅}E�zO�j;�Ӳd��re!�,GpD
Y��2�&*)�R;w�ֺU�K^wnWKu�ġ(X̭{0�R�l/�ZE��&tV��M�h"f��i3iwrM��t4��rCA"}7z��%iJdn`0�}Jjt>�g1ܫ�S:z5�̇�9|?��yl@~,zkY��9hS�B�!LNSn:^IP�[l+"s�5*�g@Z@oɡ8nFqY0jR'
l3U&T3�ǗLi?��Fx��?P!S(|��1*d��ZE'\=5�R"��lC.b�A
�+�&"㩣~9�^�Q��j,n��[]ϖzZo�ܪ+�?nQ�0MCR�}uiG�Dĕuqe�r89CRQb�z
!�D�}ʨ):�g�2fy!
)� ƢM��2*9&��A�}e8TA?Qw�`�ge# 1/ub�?Vܱ>16V�r�5H&�Mo��2Ҁ�%;X_\@vZ۾�5S��O k
�a2;p~$`!�TL�6xM%f�jH��˻EF�S<$e0%ZQV_j�%^}�1�n� 2�h?.*�i�;8U4^1!$>]�yj�S����rF;[�i;Yap.S0
�Buԝ�ܽ:���Q*\)SG
va�sq��w
V<8w��
`3F_M<�f7i}TU[OL-p�]^���k4i �9�a�0I^Z�Kt�`
{�KM\홷�� .e⾚q�xjY�)RDhR�yTQel/%HA)Qo}"\ Z?Ej]C�|y�J"GS4U>�f:[T�W�5<>
0��þG(r8J珍%&5U 'y��KF�J%GHV*T�rBa�5N�!W-=_52"�Xج.,T5v]sdf�L1Gl+�\K _dTu��7A51X#�ļ!9t_�1Xγq]�2�l(��tGk00h{sB�Ba1w����o9p5H$q9
�)[�b_O!Ưe�*0j4|^2EÀ�#k
I�.
jLA�22g n$=\L _҉9Z$A'����^$5ubAw�H��(I��v)�6�c�%X���b5ܴ�{"o/�7"�$paڶWQ�~Reǡu�MkM�%9qa`@'hz[L?P8�io2�C+O>~eJq>B��EkB�A=ON�B7:mxpv� V|d�~ksN�#�G9cmb@��dl~Rû
Q��unIף)IթbIvq�dP1+7o%*h�rA��b8:9nX2%b�9Z�?"GF. u4esy6x�r| � &=��V�:R�ҍM+�iwS{j���hJ?�l�ZS�cP1_ƒD��O08>�b�3'��tj�['v=,�:o)pT�b�;�[�F@/1p�&JhITrc�c h
0
8m���5@GNJJC1M&[uB;
Û*2���mF�P���:L!^\��
[QK�p���j��Jk-�z"F*cZ>yu5B�+�n/1�ϫ1$�-~���|�x�'b.B7ks�M�Qɕ#|LĈf�o2I��Bq�PJP�ӛ{��~�S<{�C7�H�Gt v{4;@XNf$HD7�(v&vݏ�=8
�kTյ[O<섿32
-~n�rZQAV��y�)'SQ
,k[5yaBY02;j��4�RzRW�w!�O2Ӷ��FQ�L1R�o Ģ�: 9���gn~w�a27!c)XN0���? �38��p�q�
zl;wO�Ȩ/=:מ>D`aA7+��com-ϨO.(%x�C> f
j�,p|��nA ^/E#a�м�۠H_!vGh�^� oXēW�;&8y`�+$Y�' 4}5,IZ8m�& =(�^[pܒ=sY�Ԩ訍2!51I���|kY1]�ES35\ۀ<�5��r6'ʤf�Ѕ۴+����D3K P�j"&RI��(�:Lrk��^FM'9:XuBu1*xR}.F�
1Hf44?{tz+��XODȪ_湵FZ
K3IJ6og�ntE"op
N�Q}I-Ћ��朡c*t�ý1G5Pi�b{ɓC 'nng:jjVB9�
'k>����,��n=&˵i��BWX�Լ�H�;��y�A"Ht34TK]O�kϏy&a�KNak�d�aМ~B�!/jV5,�I�F��cɘ�˫CّX2u)�u�ZX`p=so}i݄�$���wT~�X���$.zh5FyZpMx�Rhld5oW
'�V&)ZX؉8=xY�^2M
�Vm{F�f'.sgl#�&�m5wHfy+z�q�eP>�wī|->7�B�-4:8ahSavۓ͞efo,�{w`FW�G|ʼn<;M\��~bk'k@i]s�@sm{Hd�<���90U K1d5Hv�S_{�xIV�U^T|j7�#$QWPq:7f1g�9�{��@~R\3kġ3ߥf@s0`���1�}���CP �P*HI2�7rb#HԆ3|!'a� E,ğ � I+d$,h��7rkA��L܀<�& v9&�mRA:@(b!�"MD"瑊j�?�{Bөe�J�elc,�mG�[˪暆sķ4>N���O��"7ha��`�?�_ը�q
P�V=��2e��ُNq�51ksD&x2�j`-j
AO'�x�-n.�cGj�al�e`
�ɗ-w<)ʁ7[bU4�C\Dr.r�s/B[z�,\}d�g;p#o|d$�r$R>w8uafE.gI��$dg�jw�-:8,�*��HJVcnJ\>S
�w(Mh;�7_K<1ov"k9k$AwیD^��q`{��uF8çd%�C)R#}�Z�*r��9ow;jn_)1{n-�����hdO�Kp`zK�~y/eBY!{.s�1M�7hisPSC(S6�;fv=jcq
aƢ鵩:쫎kQC6O�|rlïd�λ�Z�D-��YK3I�T\q���@R_kj�%l��(Hyc'na5��q�}�k��<��Qߋ�iN�^nx?T�_(��c6n`IU101J?�ݪ��;K��$p6_f�Y
gwC���� A�*YVe�s�}�vo��of;Ky^{$N=� ~jO4iK,L1!�(l'4t�iS�70(GELbqE$4&,�U���OU-q�Pv*40v�E�7&~(N(ȻZ,K4ߨZ �C�PPLeNh.zO�d���
^�8c-R��̉
ϱqG�d[G $͎}d�)S)cs/W]4R�؆��`�d��03���SWMl�ހ˴k�Hc�u*�έgE1��mN}Ib:�ꈷ9cLQ���Ψii|<~~UX{���Ojm���v|Ao
ַQ"aP,
3o"���|pΤt"5Tc�@�](w?[I.fq7)�RҜ1?X�Kz\4�4"T塉8�HȤ�kܙ sÞ�Ahg- Oָ�:O_J��t3rW£m�F
��%-�� zGN(Zl�_!=`ɥ8W^ en��Mq;���]M
bӣ1�5Ժg^�ݖ#0'&t(S�[G,]1=�ʢt{, x�Yv뒡# �jjO�!kf�e
n�_ZSs>ϲ>O9\ύ'>�1|�G�kV�H#+|��:>w[)ˋ-B}kjS n[UU`b#���J�(��T\䖝�>.o.nZ409gPh@�C#r�g�俾�~F~)g�Aaoɓ��%$\2�k�H�eW�Fh ;#bfG�J%%��o1WS��?�/�X$HތRggWe-DP�@;q�$J#�H'�Z/�/h�;�)=d�tpGnI'ٱ-h9JD'fG!Em.rAK3��ΎÔI��6/pƓ⏗xUsYlEy&4Ӗ_\E!q��D��є-{�M^Z�t�pr&�y^� !yl7�e-cu!��FMxz�`�\SB?Ԕ�tV ZEP#��y)�NW6���1�_�Xr��IZ�S��5MX]i@\.zv0 $J|w�ydxv*U拐|Q+WqS�Y4���[nȼ�~E�,c%N
gFS3�+P�&gEp8J'5
*RfK.8o+^
2ܢ<2f.Qo>W@RD�꽯h4WP��6��'�M"LTIQc�{wf�mU�@�;�F-Adž�]KL-T"OD�t$oQD%n2,�?ǧDwi�D
?2ӎg0W�[�z8"{;�#f2�nېD)�zsE+��ݸb�LX cµQX�kn��=,ŭQَvDi�G�P
Q3pa7b�ݓKf팰v-T�$9�wI[f$|EsioiV_!�)_+T�N�CWiHFgT(Ȼv bŸ%0o�O <҆(yLa�R<=1ѻc\g�Pbd"4>Jr1��SԸp$QHê;h#�xNgX=8;;rd]Gy]uwJ� %'I�C
{CРj@�%H8CƂW�7ӃbF9CF9d�DŽ?/em!����LF$aj*rѠH̯~AgaedT(!��۟*y\Ce1K�-;S?<5�%ю
�CǐAUu@(n48�:�a@'�&$Ny ]?NY^�>6@2>t2,;:EPп8�N\�0`��jֲ=��,FMW5�MRe8� BPC�chb�3ꢠw�]8Ǫp�Ś�ST&mAъXWc6(
7@/=h)²';<��-'1�J� ��^a@5MQH�_2YTV'wB�F�2���
Q����}x)G"b~cCc=B`]kL
�1Oz_^n<�(/C;�
#~Ɩ: {Ѣm
}\$LW9 2GM�%Kڹ �&|Q`%S/N;.@ݻ�F�,;4\�KY{hxXMI; 2H4ai%"{Χ�8ز%:ޯNZYi�e<2^�PK-r˂ɋ",*:̧p>�_�/k�)�)Q�N~�9K5'>h�E5ƇJ~~T4`� S�2wק18~x||jqB�d$B�,�ͮ`[蟶D����*7q|P
0T�G/{V1ژ7WjW㙴5˽�{Q��]a>nڨ~Y<5c� W�b[��w�%#�m�=3Eoj,H�)č�`W*�+,te��XX|jR�gS�[k\'�ln1!+=n]gPb88^��3A��M4(�_�!.ԩ`�'MPl@VD]i|q| ~f�Wr.4)l_�1̼�ul/](ш3{"neQ]o֣�1�)Z4�&ah
M��WMejN��fJſ4M��ICHl� Ð�l�0ƺ8ߧ<c#�Xa%�}Ȭ)ؓ�Z]ۇj#s"g�lnunl�uuٛX]nYL�`xx}6)�Ȣ&]$�8w\Vdon"U=TW
�?�":oϤ&.{?&yzy_�uk��j}i�zC�+`?#�R]��p�F0]fXS�NmA?Bz�]T�vi-�+s�/cAow`�1,�+�MХ3�wW3N]�{�sC�Am
XL��fR+Z&{=ѴK�{!!X/Gw�xxp�oqPM�va_�sVHE[xō�Ɂf���˞Qȫ��°�\�O>
0?C�СǝQS,8RUV�YP�Ff� /�A��R�$-rO�k�y�:�6l8O�hBQ�"Q��6NIt8A/��{�aceZ� י_B6��_3�K�'�FFo<�8C�{6U`~y(�I�͕�[�!Rב�$�DY�=`�[�{5ےk�3�D�ù/r菗BNݜ@[��-%A���_WCވmNXz�a-\sz;+_V�DO��Yl��ꇭò�y3E�hec�bjQO?#O�sJ`DI-DZwNP4T�xj7�o�%�Yn��Žwi�ê,��ZSQ�ZZc�}Nn9@��[~uZW��9�Ä���-,3Ȕ <��#F�0(Nr[
m
UӘ@/>
P+c'�)!ӪY�:9Av!�.{_%V�zfCAOxGe^s����/J9�MM3s�
G3M۠ �4Z!rɘ>Nfoɍ��+9�_�f&{pf�{-Eq4|y5sƏῡs"`K�OCp#qKD�xW5JZE]8R:ıb^/gvx�=稌��I㙹R=ʤU\E_) c9]2M�
��<5V�=B�$�-Dbt�E5E�2'QdY7iʶ5a*nG4ȝjt`a\}x'.��PAx/s+��@4 �Py!Rѥ�Ҁ[ƞV)"erF{&��T~}%-.6D�_p[Ͼ�N�.)/NH�ᐽ^_aβh͓1 jС&Xξ�wo�a7(vNPШGWI(2YIyًN"-��m%�ТUmjfdbKOR
d1�1p^��::'��Cv�cA�X�R9�I�P9�Q�kBR]xx)f�'�oȆ�úIMu c3,Y:h,T��Q�4%Md$A�%�6\'��KI)f�4K~Rh8ui]
�[m1;o�.�J/(k�} -DC+r$<�=�02�Y.]$t��!l�vM,)�?.D�WH5{6@ D]Y�.�đ�L��s���2CP�gu({�v�E*�#5X��±k8?IrR$k=_t[�eo3��ͿiؐZQA�&�*C=4uA[Y�c7Oa=I>'L�;Jm\2ffKr8�Srn(@_1lƊ!B�:8Vgƞ?�Ll�[iJ2�ۍ
�d0?x��܋%u~$ڌ�=�:t<)��Ʒ�r8lL[�Q8�o$��s�z;� EZ��6��N�3߆7_=�O�vpT��+_�]<
AZ/(~W�
%;��r!�tlφ3x�[^0.���kWwFMs��|��ڹhݶ��T@�E)7Dž]h�Fo�hH}m(�BAw`N�Kc
�ePX&n3�Wν�}�M��"M㆞�pEfY�
j8�},o8Jʄ�^EN6� ZZ:;��HtU�M綞ÈAp��B]c��i*�qc�S&/�W ��:|��{it@²�R�q\5a-u&& �0*?C`F�HYW�a�Rw$w>*Y9�j@ꕥ�>Ut\|>{�%Kn�_`̯@��� g*�z0j�S��/1"m?|+k��QB48y�x��ɘ˷zqo6P$��w�IDp.າ}\kg�ļ0@鋰��>[C'mk�|3�4tU
�&jx] �XTGR*����,ß[}?>�]
IF����)�]-R8�ʄ[:MQ>DQ̩΅�-���S}#-�=S`"`3�cq�(xx\CSQ7u� sƻ>Pg�;Y&*I�ߛ7>:p�TBhP@^2mKJ*D}
�ĊN�A\Y5si;'ȎN3��{W@ �Zy�N!.'1�զQ�g&=�ɎļK69Êu�G�wfjNu)U>9L4I-�Zh,d\1ʽ��&j�~'o2�Hwc7*
!GK"ݖa8ۺBO8٨t@b�f2G�EO�oԃe|LPch]HMq�t�GS{KǤ?YCRΡ�TX-M_i�LG-+q+z����Y[WZ�#ۢ�՚ix[�.7S*mk:mpfcX�7
2p�z
��l��F�7K#��
�~f'1\H� �|+�/c-2��u)A�@�}"(߁�]l��bof*:�st]O�`1��BlB�k#Aq^��{.�r@n)_kM;ѽƮ�=UF�!�{m9"ǫ4w$Iͫɝ�!0:5-
h�R=tGDw�ú7X;BKw@~bϬd�ᖐU:\'�s;=��'D57}Nu{I z`J�>^'UGK�~'�3�y=`�!{\d}�
:�S�֕�%FkdDB���0�ߣ��]n@z|lXĚ�؏�GO�3^Y5nR.X,m,�psXc6�ifSI�Y#)��
��|
PCr<�wuOL�H{[,Ik��TґD@5:dX��� M��lDH19 �_)5\t緂k�O�mq�\._1D�^mS;;!�>
V2\%7zxQJ�)�ZslwC�^�ȟeDQǓ:=����93v\֓YY/� aN#圛+T0z~nU=ѣ䃽욘
.#)VܓsH�� �˩{9+r]?�Er
�ksb_c�g50.
^ͳ"L<:�@(F9䥀dr%j&~XYLr�o~G���?N7
/����"H]{`�4�R%Z>��^F���Ex>G
�%vn�Z9h�i�mKHUoʥ�e�/ہ;bvT}L�o lUnHg9UM�M..�c/;�n��,ut: >H�؆FqCv|�*d 7=b2��FzGI]2�ڻJu����寧�
ό�rï[a�e1+�D�md�=?u7CwG7�O�?ey�C�]�-9�oV1WCЏج@2�T�ׂ�ֵv�;Vz���V=�JwӉi'vOk,�3� ',tg YV4�rT�-�>B���VG!�=_1sN#YpPLh@U$s �s|�Xy$Ĉ��5amkg&�',p5#(Ek�
Nٺ>\rxU\3�^10z�\&��sh7Z ����#�a,q���7fGz 6DžcS�u.}Y6ĩ�c o*&$(�%*9#)b�fO�sddGqW5Ɖ�'氹�c��Y���P1RҠ��'[�b!{��EC}n�p\_&�\�Q�ߠ7?dPN~6g��$fN�YhؘW5G]o<�j%$&�5��XФ�Eh�:n\�3Y�AJ˹HÐ\0HC�i
t}TI8��]]=O
��py:c)zH.v�E#"N���#ؗMxaGHO@%*��Fa [9s;+ =ﲎ�{sYN7J�ݶ�hf6f�nSI�O6SZ�pP��րo"k~�ƂkL7éih�lhr��gU{妢ULC�0@*%�
xSM�a9OL%m����!��GpV�W*e@6)v; �k�TCD�"�)<܍�:V`0��HuVq�a�]�#A*[ĕg@Kd�s?\s/Ɔ�y�`�O�|�td{UL*"Nuw�Q�܆5C|�4b<,\-�{*�]�_/'Hb>�Ow�D��{�/(Ec0J)ҝkmJ�Sl .m"Gv3|i��3-lǮp�F}֯q�+&."Q>@��}�78uŻ(|K�\L,Bt�^^rVa�E�30#�3p7&�#8ͻ RJQnԃ`en�bҋ����˻6dB+3wP6�m^�����klhφ�F^E{�3? ?�ׁAY@VQEa�ܚ!ƺx*O?A!=sEK|#vr(|4&C�\��3D?�^uHml M�6) O,�g�w\xw?iHPV`D'X#dA*Pp�"K%�$*�q{ʧ�ni�XCŞՕc8Q�JU䮄o% ��40{�ȩڐ=B捪aނB�x�'#y<
F�|}��K]Eƍ�cNR&ʺj(G�-ӝXIȏ[w)�-|�eߞEZ2��݇w�����v�
RBh�i㵬
�CDZLe5y3�R�R/�ιD6�Y*/�!/"_ԞAcԺs�شx[dݫoa<2C� .�r#v�ΆcV7A�
O@xѶ /w0} lMk
s|F/~mӫ�!Ls�Ԍ��>��6�Rq�Z"m6j~w�6t8�u`yԞ�8ض!
bT���F����OG,+V��Xx|)++'a{%?q�f�ث5#G\|
�Ri<�2{FwSAk�Ob}'�Pm
2��-lnT��ZY"y$X��Α0{`�Eۘ{E{i]{LΚP�����z=3gIcKh؉�|�h֕[:mQ[3%~yQq-(I
C�� YCw��: sr�5SՏdn1$Qt�.0ʘW_vQ}��]tD��Z��{l�p\�C����JhJlRۘ{^{k�zuc�<�:O\Ŷ9,չ"E�!�j'�y V1�_l=VRKL
nYwؤd@mG�0ۓ,k"Fע.U$݅�Vqse�gO�^�{A&���>��upZCBC5ras5}sZ(Ks}�3�Pf/[��1�
k�ʮ.HaxR6)UŁ VkV02�
�:%i���yu<38k$އF`XZ
XEb�M#a�-�}gh8H�`��xG`�13�):DRQ6�|7MaJ�'OIaQ��|ڞ�apAo8=��o$�Mv�£sϓ!Я�?{s7]jT�UAݭCua7ݣMX[
2�J�OZ&l�.�.FjAe�Un7u���L1?
�}�[ib!dHF@[
&-ǂrɑ[ 2�dcg|ӢT4���@Icmua.z�>�!�7o�Ĥt�f2q=Y"@T�gTD&?�e'FGIUx@�h?2�Ѹ���j*cKZb@*�G$,�HC!L�u3Jp+Ѡo�k�l��n&��S�:hl�Zpx]�㷊�En &&�|6�1-����e�*)]WY�Jm@;Ӳrg퉦`ۦUR�C,9r1>aA+{S>j=��sp5�-)'_»
�:�r��*$~QRׂ̦Tx7+�2�K0|�xC�G42&H0`[垏qV7+�m�Dk�
��$}3Pj
�ѷ#r��^N�{��aX�Ǖ(����bA;
h2�5[,v\BRs| &�;N͌*�gk1S�l��3-�HZ �:ʌ&.[c&�h1�o�W�y�� C�[UuIt�J 7fHC# �
�@9�H��\"�cћ�6$TEdg &"##۸\;�j�Vaq줷/��3`:�ԃ谿Z2!b:�Nk"U
7ɤdT�ɯB$�;
4Ѝ}kˎ��2�O'-(m1�Ox�e�U瀰Mn"���H47��0Iv�H.�L�I٘iƣ_�XKĴU�e9�ڰ!�\J��0^1lqݖf�e66&6!$Blǜ�=ط⯦Y!�5z�84\YrU�l*=Ђ�:N^�w@&{õ1
{E:U|�m-~RW7ocW�ϭ)3c�2_�4�xq�\kLglI�⯥qMxs�\(]@-�t1pSӁ�Z�ceٙ.`ݷ@w
�8Vk:I
'�J:Haw��
Rђ �hh!4�o�>zyiPҠ5VK|�φ,-P"w��m%�E�IF�b:SvҬ-[Q�p<�$I��-)bՔ.H_ZJ��3Ɇ�G,5?zh�ðb`}$"uՔ;:Ì2$f�x8�@���)Irouי^<`�ᵵpfH.T��#IF5�2rP.M5aQ�:ө�/K}L,ٯ<��f
n�D+J�~��_d�7M&A7/fT��,�Oá��,�k�&W�7ȍ1b�$ �ߓ�&WݧQ&̚c=-�8*GT|=.uq0NJbOjF��_ ìN��ep?UKB)!Đ�?�x
Y0�9hQ�k
�I$"�+yT�i8ÉSd��r%=2L�V߂§�� Qr]p��W۠[v!U�yk }&ަ2ÙJO:^�9B�F�4(*4;*^�/[]Tȋ ;?d�LZM�t 'W��nY˽Ӝ8"8F�2V�ðKSD��2�L)
jl~>>h٢�Ou
�I���Vs%]R8`m8H')xر[:���??۵O5a4��qu��H}\5Ӝ�xyVD���i箣ڡ��n�
G��vj�"t/�_}a�prIn26!�o*�[2$=.>cPY^�&ɒ$ �5�(E���ʳsխ�)GG8:7mae�'/W�N�D
{HBk ұX�*o*PV9
K]~�̇�>�ʞφ�>R=Oˊ�0@H�d×WvD9�=)ާɄaWr(*A
]PT!ܮνL}[ѡenlBjqV˨ɿaC�fe�A!Բ�ϳ23|;��lTS��m�p�`�|WGx)gz֘UX�����)]�S1W ߿@GrbW��8S1)CKm`Cw.#yO
�9�tOE3Zh71_djJ4®r�4Ɇԃx=Ǿ��8A� _znD��)
k6K<@)ys�ȡ�>c3{ߕ��[fq�\Q�QOy`8_\�ikKID10=):BI$0 ��>nU�PJIm/ac:9U]T�ÉOwLP=/N"@~R3YxTȂKqkT4bDg�_Y-��j-ẵ�Nޒ�� KH�Nq]�b9�WW @%�%Q[�g�͗
�
WWۗ!C�(�k
�vjjjlydcиu!!EZixަf�g93+߶wWP?ozt5�#G#1B|D+>�Ncqe��N��9W3wخ�.� nf3bzQ_�jX*�Ge~]�XX�p@[`WLVЉZ3s,"ГZ#$`WJ*M�~Xd�Aհ)D�Vj[T1m&m}N;:.���1:�K\)�ys���ْ�sF*%uy)���>1"`E!Qxv*�#
n䫪~!�sH���zym
$� �>+\%~�D[��Iĺ`B"�8z�y
��.
0�>D־.<"<ۍGwtw'032,nb3f�;�B9�,AX]/o cbV<#L� �� μ�|IqE ե;(RN42�`NwkԘ_@k
kC Y�t̝�VqA"Quӓ E"
zYfKD(R�hg�xo^5k�jX&Wz�-DHM���LZn�=z�;,4͑dj7u�eR}H�2>d~�-�+�Ae�p-y?1E�~8�(t�RL�+%\U(X5�8cuUPi;0�"�N�] E�`9�(!R� }�:rea�0�ܞW߇QĿ^�WW�NO朽x�g80RV�Ij{�WV�d'ly!���Ltc,)T�4u
,iMwQ_�#�%���+9�����y˟�R% �9|"�YzjR%!���3S}F*SiG^#qZ*^���P�"8�#0Yey�}%�SFa:n˒�[��R{q#{O|�$ִH�/D2Q�M`ote`�?sk��F13<�%yGw o�;�a}{#~���Z|1y�/7z2/�Q#� z�\G�^pϡ�v2d1l=�if%F_S eD�
1)C[gDXUF7]XtT4}R�,/�#.���v"evUYC{zOP�h[�6�6
�O2ة��t���&d(m�q�N��HK@ol�ܲuJ
X*�0���^�Yh�)b;=5-EQd*�QF~" ��:t0x;�IA[�N+�H5y\�g���^��>!/0w�)FuUi;Vf!^FIYa�+sL�"mhrx�^]9(k �+!Dz�Qx�t�'#�ہTڳ &ޚ�{�o<�gǭ�㹇#>.lA)CRHg,oVmM#3?,;֢;��_�)�Kn"q
�~9ڲ\�`A�Mb��Is,(��4HU11Ubti9�JS��'�m9g}M^DOW�.ӫl8M�Ԃ7p~`�p*��-
J�[�90̟�viI{S�:KhB<=@��Ŝ�^LY�,h;To�qB{�GV�ck�RB�odw��*C:$�v'�6B\3`����h;\x�fvye�{1HȮ>xmK�P^q"� Eܤ}:@&`kz�Ҳ>$�k��b���OR!��'2�(}��%�X8-M~Z4bOu3pٶ6.Ъ7R,<=OKK;=f�mz�C�ƥi*�:�B ubLѮu�;�$�b�y#t2ױ`�(�=- fhg�>!^��5ǫF�?}��L*ccWг��D%7jM7?@ymv g�Y)AiZrh-,&���IdF*/�[r9eV/glxy�ڨߙ'yPTbX�=Å��3��h1˃Qi1}($PU^�6�4�p�
cY| VztFBV"icfixA��h�nPkX�j�;�()9�]/R_����KBk7azr$9mv
�/)UOC\N`u"qR9ߗ�!��֏�$wAb�3j
v�����K>Y^%m�ghs
�^+7re
�O�),F�˔1n!]%Wz�"5O�k8^ı�ӱvߚ��Fs�Q3�"8�c`�x���x����F+�18&/}U�m'�iC�B64)j@r툡f�4�5�vM
lƓ-Ѣ
�U�Z��~8vI�=bj�0
ߍ��` 9 � ;��C38a` Fj�W3c�ͺ
yFGi�+"�Ji}mR/
P�u%2�"&'#e�VO.
<ķ��t17��P�KS@AH�4Ʈ)t�<i�k`�;z�p=A����/;>*E�:I`Oϣ�v<"6H1eAP�M|�A`30+K=D_�bWZ1Ѝ�~GP�!OJ}{�Y�W��7j|.?j�>�Xp'(�odžh9J47UK�4̼�x]tP�s#\Otqn��co7B�|Y|ҿX-Gc
ij �Y�Y!i=p߶��N'��~9���^�DŽ��r�P!@G ܭ�LGؓb
yW jO��
=okKKr�>c-�zБY
��I'�"�T �E��Q��
D>T`O�]/Âs釹f}�:f� �Vhv|b�)SwFW�uNX=?]!f�ܪN�?{S�^`ѹr�GdW}o"]VYMvع�k�N(�V]ߑg�\ZJ6Y�@4&w:1PG
�Q*=,Hv\�+]ڸcF��ˌ�zTd>ǞqPߡ�NNs+:��}vצt�`
R=6�D>Mڋ��ncPj(@C;ЍT(fzawo�� d́lcZ�!�5�~s��R}�6sfO�Ө5q�lyyv5��`Ac�W�pL�P�P|W�'����vb��;"nފ�4&�x9�+nZ mbeMS톪>�eA-}a;3��7��.�33�(0, V!ިGe�6QR3
��l�xQvP'U/Vѵ++dA,�D>Gڈ�݇AjcQ�D�~軓M'�)�y��_@(gM݈�NW�r0Ck��E_O
)P�|RM>�9M�j1 !Ti�r�ԙ
w��h`#�4M�-M
��Im?�Ξ�/7\%:-#0�mX��4���'C�σ��hig((h&9lL6�^왆 g|a+AX8/iy5(?qAs!S:F�v�
Wy�"t6bg:s8C!V_�0RM`ꔋ�uv=_h>Y� ��~R�("wJPv�=gGij2�@=H̺
$�Z�$0;�#�:iCJlYVj��=SӺ+$GI)Ƕ.ꥂxӹ%ƂHCUd-�
mi`_çl&�L-WM1Uoo�Q�I4{�:�v�ڦF
F1�Bhf14�[ԬO@ �z4B%@ǀ�cX~5JM:f`!|K!̈;(Q�)[VjXQ1{-�Dre/7/@Qb!�n�P�zg�`D*"89!&�W,�8+ۖ|4yf_ޠrm]k�Bo�]>qؓt=
J��jYoȜzpc߾I@wu|K?_aC+B.66�}Y2%K[+�H;�AӇy�H.�e8lb]O :кu&bJ��F)O,�v}�+Di�U�2�iu��Q�<3U7�-<�|���yYm$9j�wӶ�Mߗ8�5?Lc#ƨENJ#�KSwqRH"��˜�C4T�t�^OsWeI!\>Y&OsgO�h�u
h..�7g�%���n%R3�!
_T۪ i+-ENz}�0ZD$kzG�A�˴
iyc6ʺ!�~-5z�k[nVT
s⢻i�>Z
�����Z+B��5�
3v_;OX�Z{`> |!
oPkkw.B1/�5/�b�*>2FD�}0J£(}{{k$3$Z"K>)|wN(�61َ�+2��`/�cG~dRؐ+Z!uH6�C}>ÉJtI[uYic���mM����՞0�i�%f�v�+}760lɗH�ҽ�B'�4L�/W*SO50� \YG%�Zta6��iZqy9a'c]yk>�J/q�/]]~Cm6s�ei�27إሼ0`F+ŕ43UƔhF6 �_ŪHLC]���$^+ ����x@$-y�tb&�օX�C�[StK�'G� ?�.�'C�ً042
t��J�!s47�lyslm_B}dS��v2W�|v�HuGD/c܉��$zKؿGwZz�:%VI��`%�T?6ҫF
��|�koc6os�r�8*�FLR7�kg�d�A*Dw?�V,%�OrT(FL*]B����=tr&Q��Y,3a.e|6#S9r}M?}8�|7��2-�}[g+m�D�d
_:bM}f�����1u!U��Ɂ�FCe`a�e�y��
ݍkr@;lmx3`(aP(�rƤ+y�{?>h|�]QBwj1?u�f�0Az'h*fj�N˼q�}O�{q(臾'��MH'$.N�p��`4YvʷҪ]NvFʴ6?�
|Ym}F䩟RtWt6�\hF v}mX&�khB��qMLT(À)�&0|�'�7FEF $y^-৳4ȕ]RрPsv:Wj�}vt'�vix![<7gcQZ!�(�
@;WVcE�05ʆbƅ��@3]T3l~�B`RA��/݊h�XD� ,t26�
��3.�cK/�R±K1B$�cK"HvXjL6Mn? u��ٻ>X*�1?k=i#c{>L�uRl٭�oW2>S�W?{ĈkE>$F�py�IXޙJ<7sb&6z�rN�8OO4�ve|8tpr /J+� KThu�?n)L�sڊ��ʃsusg1vT,�uNU [L�7]Ac{�'p_$"+,�*(+�̲V+͡mzc¤b���LUp<#�8��洇�Fr}qyn5o'ث4M\܅jOf?+�y˴ϷDUI�W(/G>A;k�/N�Y>^J^{r�Mpg\�;U}IovZ�U*Io�|�hZ"nq&F�t�MJO���5kT0�^axKԌ6�FyhNcd���*�z>?-`I>LHX$dQ�OK���0�-U{��sgG~�lGu0W+"#^��/�F��J%.ޏ@���U�0c �k+�^ӻ�mX3�V_�[� �s0hH�6WOUJJq8=͡�W7�M,nC3GCܕZwc%�S�GFͥ:P
Նlr�(#Gkj^vve Z�lW2�}MS��OB$�P���w�)ia>U2��+4Ç�<`D�}I_*�
s���%Q�np5Åݔ<�2&V (k�B�mQrk��OFhu�`FM��K:Q>f):5注B�(vnZc�Ыny��.�CH9zD==h0>E�G��=]nuՕlS4xp6P!;EsG8լbgb�ʟ�W\nI\j�Uwe��@v�bYs\4��CXVh��L>DHj�,�LX-���M4~2d�tﰋhy6����d#V1<%��,�~qmW �YV-SA.ҎMqvYEV[/f(c��@O�qZ
�0~1�
?�~�f1�R��N�b�H PbY�3OW $ODʂ��Tq�\\R���=
)�'Uir�/nLg78
ꮥ �EE\Só_3�Dc�L;KG �ZS�0�$\B�Md�SV0|edF "7Wp xX��QEjF2�ZfPW0Ú^�"<�<$� &}�71(7VV�o
<ŃO�6J*9t$ƣI��b6Q1Z_m�v)_?7˩�(ZGC-(+6]�X�Mg]ESG�;5�,_oJ9`(}Gy7$2d1a�g�w�ZA^;�?wG~kTqQsňg
v M1v�/�f �I#!�
P {s#_C6!ux7OLjT]K= KPrJ8�
ȿ9sPP|[F
Tk�1�>zZb<;]|P%��:)�d%V�0U·%n<� ɅpP8%&�-
'
�h�B��62wދ,$�\�9i{���V̴�؍;�[FO
�7Ԧ4Pe�|e�#ӭ!aNOgZ2�X23w
�K2э�
z@[�E�H�{3*Xκ �T��#.iփ��GH~93*1��;
@r��B/�;]Z�@٧拠مITs�!Z1sk89S-{�[oF�b �QE�)Z��j�l��x3*Tq)+y%1,lxs
9a;yNrF!#g�Q!PV��%Ym(�D0v�rz��@�⇜3Ou��?7O"yFj1�]NY-$˃pJW�&95iGYJZ-\rJe��gX+�ǧĂn�k@�E�@(_v\مFN1U`JШ|L//�}h�Y�vmu.lpk�* ȵ�MONuv�.�őP�ޙآ�d&�od�0t�!XGf6Ae
�e"
�w�jX�' 1J�5!�%`G�݆&N؏*i)ՠ~u�d�<|2AWNmF�o=��z?C#iϋp�n%�_-k%X\]2�&ee�Ry4X�Dt$]i{1q�kAn]�`+ hw&V8i�Bg_
\zZ�A!Ra.$.HP
RT~22ڍ_ j銖/Dl%�Q�HY
�6XK4�k˔z�s��g~�N?bwI}G\�r)0/.Cl�[䎚�WN�5<@��}cs���?Ni�vwxΔvg",>�a? �L=R5pb��&VPQT��4-�BYC8 +8pa���&ZahH�zQtyF�|wyy
c٩\� }{��~NA���&!|>>�䄷,4ڧTrHQQ:v�sN/N��3ذ�zn�9WMo"L^^.3��_�%"Aƽg��L�t@jaD�Īt�EܞUY%ӫnu7>ȅIM��:@��B�A&�>tɔ!E�RY�u]5nƩJ�t6d
tO%%.�Eq2�E�Vgn!|{�>2{1�}-x�$���VM�#]N'$�;g;�Sg��huu��8,�`p<��)SG3#E�r��=#�זOo"[G[�mjsbYq&V�U2GbfА6oXOHnFÍ
7[)��!|Oz)kn��ȝq�"Kg-hדvBMy��3~{��&PTH�`e"|�]�u�:TN�,؊�42�A}fm٫1u�fQȯSM�S|6��3($?4W�5��<�V��B@L�$ Va'i�qRu9ߛ��b��lEX�t�~V�U3��{!J?쯞j;cIy=&U>�Fer�)ljzи�98:_hw�W-�^V=6!b�蓦� T�,�k : WT�:eW z(!Ǿ
T�/BO^H�}8.T�R�T9UI�[Ol86�M:lϙpe�ȶ�
YU;)�9� :/?)/�usbS;�.n�>��0�jKRK
jJK#(&Kv�w���v�xˇUv�^ ?�[{pWϤ�b�z&�::���D)i�$p6$�=T+*9C�%"݀#ɀtmrݮ#Io�X6�y��õ \X,~kZ+㊃|~�sYImnD��!��K9O��7/JMWJ�Q�&�Q.ץEm�3ܱԄx˵d
WM�XZ/Nt0�~!�sn~;G5au�
J@ݣmICܹ4 r��/s<��r]Ǧ&N{L�"k{[僆:<�H/}!~ d�I'֣1ʄ�wn}}G5�Sd��uu䯻
Ji�8ʇ8x�!6rg#�qq)j��OǽN�d�J���-g>ږY;1R�ԠEM�
4\^
hTgm�'7<,+!/yZ|b 4�T^-z��wLŅmƜ-�.�3I�7��8I �e>w�XIFϝ.�F��쀿g��X;.Z�ح*^nY27&Zt~ZуYY٫*H_nk2~|BV&QU~
\n�[1�6rXI\Ѱs߾%,nsa�yY cyK,1{A_u��/kw+�\<�iw$j39 �/rMG,Ҝ�&|_\,@Jk�}5R<�0fx
2d;]D\�~hqFSܽ`ȕ=
?}`�WчI9�cts^=
m+�-�~Ur5ژ2h�,)Д#V�Z2�Mm-7^ܡ>G�ܵNR}m{Yt$ut�Yӂ�XZz�#*C+�¨j8�q��XqH�y�*l�b?l#kbSnqN�Zyb
r �ϕa02 BP�d(Q+g(ksEv�_^q
)Mkf��LF3_u,A�>攑Cpt�,�6Oۖ�)Ǜ'ȱU &9*/
d�*FX�"߷�=9�Fv�+1��_S=s>o&�0�B�
_�8iF̛Ce8�ejg
�4�$$FmwX,94%)�Ҽ�F@1qG1)9P:�E�8Q?SБ5+ʽ9x6͊Kq9[��V�Kii9�f+�SʁN+� �/v��qa�}^$�l�03yD3C ,*Ԏӊ���gs
ޠοa9ܛ^'CiȤ[HB#�૮K�
h�:*�S8�EA
�|]AD`#JT�Xe��o�Y&F��A�ao>%�p��hŅ5P�7JB{y�!2J�
�
3v[VM}8�ER7RɀR3��to.,|q�W4�u`_j��?D�BT�S6`n�퇟�@ʭ8�o3m�ukl7ewF}u2�3�A�.�^�jokh!:_A�D1�S¨dRҶli0$5̛���ִ>~,ʳS 0%��Es�q -�\
qY�KG)d���QX��~:6��.O]Qho�3\OLϣ,JM�>X/�HWΏ@ �_Ox)&l7W�
^�4�&�]{̷CRjn5ۭtz1wMUc��E��BJ7q�*c wV�͞UTjh�`�s�QCqB:~0+^/ڍya!.�_f/Z c�X�]�)h_OG ͊nԀ�ezÕl@ފɻT$�0O�+8G
b%�xO>3,'E�BJ˪{RvOļAL�eC���YN�N�@�fPG8"/6�C'q?FL{=EAJk�Vsy6?�a'.7�hTwt.6mi$�]9]aހU�mRSG6Gq˒�үË둮b�PE#�cΗixQ//}/卜9 \-Te
a+
�V;qb˓[k[~TKupe�P4@_/�vG=Q�J":H>rYGÛ[p�gKZY|�!��kKJ��,R�7=@Z�%cln�>y#-F7����sP(9j$Q�*-DM$o""��ј_�^#H
�l4ԩ ��H h4Si0�_ѥ!�Y_$��3 3K,�JAES_ׁJdw�Y 7W.Wz)K��ڣ�?aQ|;��Rg/�pQ-ޏS.YZ?p�۞k#<4e�[[O�t4qE�V>)A(w>�ҞڹV;o�)ofWS�&|91pW��V]CTɿ)q'�p�g@V*c8!PH1�Nd�%gZ%3�
]��f
+�Zu$N/DMWKz:Lºa�זJSph]B9�;Xa��!7\�',ǡNW�z##5P:��8³Y��@ ���<�un' Qn�]{Yw&�%7{R:M6>M�놱`Mf>~=35zު{7�9nHNCѣ38�pSX+((0* �&#�g dbc
-K+o��nt
��adeCB��jQ��
JEsT�s�B[�t�ː�RKw>nAhoZ�[e%�52}ɳh}P�P SXҊj>\MDJulem�R#bؔ;{˯!7 2O�E�Y��%/a<7��ϭF�^sj��m�b4[_F_ZW!&Y1�'۠܄�y�;��
:g!9�p��(Qm�!)b}o��9't�~X|Ϭ_{.'j~*ht�
�'Yc4 Qԯ�
t�$�kɻܾ�V���X�bСD�`@��۫_,Nƌe�UtU25|mj"�\(�g�0d��aVfNTycЈ,)SQ�̖ c;
�I�S�&)�cB�RF[ ۿVGyD"wB$<$'s
Q &Ym9��ifXŎF%&-N %T�q's\�^o^ᣬQn%5']ii`�
8*&�E ;�8m�g�;Ҋ47M�VA}V+R
]а |,ѧ}�xv�K,F@c`s�|л�\]sd$>MN#
WKg�g1yީ��T:��K#���&�3��iMT���b�Q@�B]h-�)#O}�7h/ ߛ�ȏƊ0�F>�,̈́�:^t�DJV�� Nj!GAa�Wӽ<>O.2i��ݍ��=_EqRB�;!Rt4�W�#�:}�3GAf^Pv�*ca@ LɁ�-L3>�*��zZS]r12]eVOsjJ¦`2O�нx=��y4u�GQ/rU�}V~@ƛ~�誱\4NoA2k֚NF�Όl�����W�@�{(�\+���H�N7u,�u�Lw,&?
��S=9={Jp�dB��7KlCvgJ�- �V� uͺ0R; `)Y\y�('2y,LOep�〨�C&oš@�i�S}Ne4&�a<�Z�S6:^��4qUb;D�Ra"D"T�uSH���ݑ%�c<=R|/[�D<�ǔ}qAb[Kr�[
ÚqL4*�Ʀ� Dɉ[
T��7vyr^l=�GukӶ�y1�K*�}�tTO�J�]˿F���bxlʭ�oI1G3tQy-#.�v�G#��&_n:�H�͵'�}*��@YODŽ}賃>�_7?q�7eF>%b��!��wgz�z( eX�b^:�U�jv�e#4(+kf>(6ƾ��~N,̜VN'�҅D��J6,�
��!K�T�؛2j#�:%(�f =L>59w[[g>%9Ryr�#�bsj�!>҇{
aW�ĝ!�8@+:�F�H %YdS�ص"1W��]cHr�J�z�^\
A
$��33uѕb�WLU*jP�b�ޛ7?z銄c�GjVԿ��Oȿj�cs���mf>+:MKť{��X�Ee�}�:c�7ר̖zyq5�$l��(��f?C1~U1o�V-`>p�D�QI�]w
C#K7�Vr�$*CYE"8@�GHh �J
AcydB{fPKQR&ydQ4!�5GX~�s{E4&:CT^�"TKg�Q|-x/ҋ�se$�YoeOi�L�G3d ΄�,靴"�MJJ�1�pͯ>#�ӯuQo=T��y`C
,mc/s&u[F+DP
�a]'o��JZfU?W_-%��3(P+
h�B}ݸ�r/�$vKU˧Eb�_��#zޒu_`(m#@ͩ�靈|EnQcL,I8n��p~L<8"L:2�;�'Mޙf�AGx%��kFu;`D8;�zGW?v}Qx"�?g݅��fERΟ)�ng+�1{��G6e_3B�13�ˆFE`G9^n:�M�I{(8F�ݪ�{=-ߤOnqhA,gfzK9p�µ���]#a8˛E/@$6cGΦY_ã�gl^h��7X�]}v��
�Q+ Ɔ�$uRSڑ]I=�g �HP`'W*-0;*��x
�h|Q�e�[�X�Ǟ+n1z�[OUHhlم�g�1_;Q}UO͛)��0p8�Rr�R�%з:̋�U+�b"w<�c;G�2JA%E�Jf�@ ,�eɦ&7><�9]l7f6�K~9PzLݥ0mo�>}4vʃA�K6\\W۾X�[i.�F:Sk�QQ{9j&ŀ_rVrd+bi֤\[Ս[%
2v�IDEʂ3�Iu�udi�o:evqz�D:FHw;r`пɺ~9����}?4'|.Ϻd"{Z�dV1���aվ\`V=<����
$�_+e\eX0w�7��Jyw�`ǜ� ��9�b[x`*maA�QD Cvi��-I8̲/|W�ǒ_�лřdk =n\!�`
VQ�!i]e2FFKx O&Ov,�lzZc#?b�3�=62ț�>9[e�.%0憓0{e
yz`�9�d1YFpZ 7%-z}`>Kc�H{�ܾ{Rƅ2:�H1+�EЂ5t/��CI�?n;^�I˜�?��"lTw(
OtEM�%�kTT%dLeiK�.]\Y�rtD9��)�Ⱥ"0:� ~D^ũT,@(�%�~���O���FqA'1$TtPj�(�L$�
x�4-��e
Rp{>r[Ԗ�\�70ʰˁ_\]Qѱ7�4�!H�T8pOK[tqD/,4=WZ�5��6J�@�NDX(u���V㒚�1G�@1��w!g(�0?KA1ye�QX/q!*�
�3&hՂ6hZg3ߥaJk�ٰ�%r*!`TފB�e.�H=�K�Ch�Y�Fb�qǐvQ�d:Q�y�áF<&eSd:|I?x
^IW�n@:K60!v��*D?CI
�X}vw?{�-/PE�T>fD:�B�m� 2�^S+��QuS$$�2}�YXXiwIdb.#u]4a:q�ZaCR4H�Q#�5Y�o(w1d,H.p�g9TkԸ$Qt6*�v�5/;N �sxI"�iu+_ZT�~F;I�nyEiWh )�G3a�*V6EG�
��tH]]�9�$[Πp�?q�
��z'OrRd~ѵZ�
/E%6^+NI데�w%ax2JQ��j\� ;_?#`}8>��|mK5BA ٭46YUqcث~$_�-9�y
>Q92�dK8Op6̸ ���DvfuEK"_HPbuwcZC\'i58�Y-~ D[˸QdRс�U*��q�3dOq��l.��j��!O$u�&+c1xEb q]
`��=S;mWC".
|D8C�7q⭌uI⥺mw�'�K_QoSYDud.�}��Zb"t�\`Ql8rRO]�[5X�()|�r?"�?7j.Z�#o笸CA5ͺzlyp�[h|"�@GO��6~
H��dd�(H�mƵ#�?"��
wng"�5�3hFGzhD)`dk}7`�i7�ӻfvG]�]�H)*ѶhN�H~�ߦ�ץsr�5~_|�[�C1�<;�T%H6K1}8HxI$8O �t@�Y��ol6w�oپ�%ᚿeU蘁b}QtǼ��8�+Q�VD%]:S*zGad�nT.
B1~��s5�4GA6�'R�o�}�!uju�7X6L_EO.�`jY@uTϽ*d
�X8�RMA�nv1�
?8O�)q9�c�ѾaAZ�餻�HY&aZ\/�VioÖG��`�b
Fʯq)]NY'8)W�H{8gDO��#UrGP8Zy|;k��͉�s#Ȱ;V@c ��_Vd`/�!ȇE(NJ1 F0_Wf6�Iu�M|ƫsmF�H9n[0�2х]\�Eq�ݾ\ 0hyQ_~*�ka� z�:JL+� 3z/ ӥ"'[I#0q7�Ķ<͢e蠕Xi^��\�Ĥhn�YE� [GXG'rËU
�7�BÈwbA)<Ƭ��Xͬ�;Qvqr:�6|*ヱq6�$�v�ZЯ\r^��}6r�L6X
#q?lqѠTV2]�w�4r&�?�/B zadI��L�U{]U~pMw{ˈm,Y|,ոԧR �M1"[j'^3� �PŏYKpEW è�պMcc9d_eO�{jQ�ܫ] @!aX�J?}9f��db�T�l�:sztrּ�[� l-k7�3�6�|�8-�#G�e�W/�{<0Ru!��XxB�_Nf5knVy����u變ox6ֽC��X)�ڟ Bx+c@E�x�Ag�5]�7�)|��#2wh�"puKPԞ>w@c~Q���
�:`ث�,۞lĤ� R�|A�-u�LDrd:м"�-9o,�cm�kn�A);}u#E�OlMNmr�Rw�7�ҖІK:K��A �?c�M��!Ux y_�4C�G+�F�qOjr&i�jۭƬ�N
L|ƑØfiց̿6ols�v]+S�Ѝv�~jDz*�TŬQx?#y,��e >�
9�1\c=;��Z��O
�8D&ލQ
es_ W �˛,֠_�2D����`C�'=Dz`zXhU\}Dp���a�F�Ω��!|kx}M�?�y/��>�"VY1(��L
VI� xt�o�(άqz/*^m۞�5�ћ,1Y1k�;�-e�st�_
1 +�Q-[$q�
��5V�n�� /�F̯p)wQ�� ƮXidfS0pH
�a_���vss- �0zWsnbۛ녶��)�W��
KLt�<\�8#>X��)SGJz]q=oJvWj'6e�~%ӓ��xe_يլ!v" Ic`+J��~okH�"+2q�cM�2ŇE_ �_ꂰ EOLWmT8.�*��+pZnWg
q6j��,WiR�) =5 �.,
u:n֣�m��V}���W>,5˓s&l�X �~gTF=A��
=IpC��KԜT�/RvtK�2"z*�a�1ɷ_�7~nJ/쥗[*wP 4�d�:s='4>#(e5S���-0ȁ��-�_u#XgpEH3��ƃ?�np-�
Q7R80<-&M$,;|�f#vg=jx�6,`FHjKe9��/iU���2>��V��b�j}�YTxnZ~AGLX4:1Q��ir[xjt<�db39DQ^�X脸s�쮪>oӰ8�Bp P$o
T��0�c?�2y(��H-F9O;
[e�^$$H&lWk�Ë<�hr[m6!uqL��3Fp3+Q*>,_K��pIb$o{0AfaCk]ƷvK�>?/�"%�$�y<
<^4C�Jǥ�@��6N!0YT ő6lyᶑ4GbƏ�fS�Cu w�v]z�տ 8�̙02~Qv��Rk$u%n-P=9+qνB'P4R&Fvf쮖@o8:A yo/�)->laE� Cp7>K
�f�fJ^=ƿѨѴhV �biݨ҂6K+ ]|ȁW]�ܱ �-�o;��Pm��J&�8x�T3]���%K�ЛT1�$!m�P�?R(2K9ub��O�Ll83�šEPhF��lmW���!e/EV�>a �AN0$ր�n�x�jFw,Gu@@]Z�ǭ6�U~U0'�t��F[R����Fc
�V˖[�2;����9�U+,\�n뉯ל�$�ve4fP�q0
dH@9X-[-�Wv�,ކ_��x���`_|��}�b(� 4qNua)c#z�֚qusN7Z� ,Y��(�|v�I\юYw:8/ќC+F=O(.a�%ʑfdg%"Bk&lfA<#KjAT�A>�#�pъ���"KIOƐE�NN"wp�:Ы��eY_郴R)j�\cYd ;I�`�S-3ko7��f�7ih�>΄/^�^Lq'>"pDDŽ%t���e$-�T"7v2����agkƀr1V�.ػ#g�#03wm99p#�i��*Y�WW4�q?�?!{�<��ƅ08*�M�(Ϧ�r�-
*vձ?Ŷ8p?a4ǐ6#TA"w�Cͭ�5oU��^���íHɉ�{5vC�&wT�J`K@~f_ g�%q:^Zn"\d}0ƍ0/YqBb`�)fl@�r��swҥshEkVĝI�^sp}�'Q�dGk[drLu~ږJp9!,se1Z_edުX��R1՜�]ᎏ�Q-9��t�9^8խ0&3N�i:wJY�{m�-؞/3bpjIIJ#�8ȶ/ubQB m"!�y?P?0;zj^YV� 5m�Q)~��~W*㈃,K�R[D
k �R9/s#)�Ί_KvڣL��YRh-H2�R>���{*@���N|M wE&a6w]㜊aY�և�!E-kӊA*�N=O;Hrĥ�
@Ȏ�C�5q`�M�J7N�h]V8f6�vWs[_�Йy"7P�5+-
I(YzXCk�7q1�Dۏ?%J��E�a`C��uGLX�%h*l4j��7wlcj$ �{�W,d\8l0|�,!\M��Qh^e`:�PtTޞםz
<��9)�2y[fK�nM{��S�tk#��e��:X(`�2+Uʬ��냿�2wԉ�lŊг�!��|SfWJE
��U�:n+7��wp띿>T�PE8\l31�R�[l3
�.1�/P@k&}/�wK=\u?P^\Y>-L�2=:�F�kYGN_?NB}]"#�0v�y:;��]�hQWNtd9�1gU01&I7�E�bڠ5��$�Mv�D��q4A("hyҞt [G� }a�zcXWfъ{㽠U\e�|
ZC)*�F;)
M#1�ѻsx9�N�UcQ��Jq!
ZMM;~�-iq�U�qe(koM/`�!blshA2l3�of3�xG
c�]�.T|Pҡt��N!�^ty]#0߾�(��(-wr1$��ߔ a7܊7]t(�ETS_y��J;L^U<
{
yWq��kkջ݅Bc2��5!\AW/�
ËL��0~;|KϢ.GϦ�uD���V/m1qw5ڤ�EJ? ^h�U��i�%C*��Q+�ޙΏ�~Ċ !L�Qh$ v[+�ݖj�vW$hq7SdQ:,O�VPX6hA
0�;���'cR+�K6QK9PR�U9FZKbA�R�9��T^҇�H��ŴAO�s�}Xe�!�Jh/1&Szq�t<9qB+|�%�xR(l�4�4neA,Dif�E65L4`J�^qT���u~TI|}7BgǣAch✙�,3 Ks�[[?�U;n~ GN#
=S��vMcWR!8⣣^x'�˶z�>
''b+&轨9͐��myj19[`z+uS3#�%ӁwQ{A��rˎ(1,�_�LDf���GWPIO"�~xcS85\1~Uwٍa�1ӊʵ�A ZV�Ei3;dGSJg/Sx}ۡv�ҕ:'�'KO}MW3�vtPs`��o�SD/VDLg
x^3M{\\O�&~86*�o@d:gJ�WRso��#Rl�v%0i*o�<1�[uK�I]��'+> u{O\pb*���2ݽ@9I)" ��&&ۖmG9�G,x\u_2awťuk|ඬ*tl=]bz|Bc�`�p@xz8<-^Ce;q�X;-�>V�͌Y��鬛By@d�-1ҟ6@c*aǯ�.P.�u1L����T:.e<8r5?UY�}K.�/#|BEo��M�K'Sϗ"\۔[`[l*F�u� im�ECn~9=jM";v=OВ�
��b0�=��\B�n/g�H�"ڔ]D�b^���<8;.s<]�K`9�CgH4*u�͆�sƸ.{KTģC!\#
yJj:W
ڌ��N^zd�v
CZ+;Zmp �@��5&K`�I(�{x9&^*j}iE��1�%�,&U6z~SK<՜`li58��D/5mقe4xcnc��F5۟~auf�n�ߚyW_sbi�k3ܫMqPIe박R��ܱEzגZ�Z�}HM>\r:v�x� '�CY+Ѻ�S_'qD24Su02l
D�1
�վ6�
ݔ��5IeƤu|1'K�/�L$4GM+��L�ݭp)#ÚI�f]g-bmQ;:N(B�/t�b�K�{$\&1;QX['�7O�S^VNj�h�FB
SGv=" �*ռ(%K`��f/�.1�a,�+b�k`[,kŀ=8�&j�B$,|pĨ�jXNA�D]�JxۘkJ_wQ_`�Rn"�vSt*QJ�~`X�}9Đ̍��Ś�k�blb=.~�':fl�.� 2%r?m,�h斩�Ϛ�4n��(_l�ҏKt!zwv�>I�~U��-n�#AgkMÇ 7HLI&J�U}}&W:|3"�66יy"
`x)3$LbaX��R8Oƚ!S{�AгЋ��nW/�/�_Iǘʌ�,_N� \W4,:;d=�A�"X}VYGR�-u)֩Ȟju2=|�3�e{n_�;��t�
#�Y�V4B>7aT���5@n/CD�E̙t�.�G:鼥ғI;i&|mjZ1�]Zcl�(:���@fb>O��[ԼjzܭYk l�zA?)�W.:)��HRkp^Xܻ|8q#a�ק�`57t~])7� u$ߦ~ ګ�<ׄCf'UTAѴrk�=Y>>�%�$�G0��xL_V͔nk%�+�qPK��ЖV�hҴGX,/z>�k�Խ%�JO^�-6
�L�<\n7PYMWD=gYmƛ�y�PG�.]K�Z\B'2�Z����
O9S����D�^5GAo�)�6NFa�z
Q;3
�%mf<��@Lu/v`}�c?/�Á�3�01'K4y_,Zx�SY�į'�%[l:&h�!=>G.(e�j:mXiS��+_a�o�f��4g<-+L,m-9L�tO]r7g
tX�0�*BnpTʻH"u["2�?"'5.z�*K�j�t!hBXQu�.M.dqk+94�&u(gL\>�`-��Ǎ %I��3�.Tc�Cp�Y7y�h�ʬ�qaX�>:�Ԗ�}>1g
�y8鶟=��'n
��$>W�"�aynSlߚ\�3ci{qpA*�Zƃ^dm|�\,�cI^�k���"d�&j^uW��jeks0�We�W�z�K�`)!x���>CYyG\
ߡ�>��g2xkY) F*wY8&zmRsd]5E{��8]J���}8j~��Pf �R+?qꃱF_�I�kӔS� �+ �.� ('}2TY:<ф���K'�HN��:(6nIM{_F+%QG)8<.QBqk44*G��Wl�qk��xzO#|~B�3�ɾ;~�X�8[d4#V�9U\�p@gHCRY�"5'��,nLмM4���|�,(c:��\zR+_8ķH�snĻMG9�yA�eRW쑓��`d��IӒ?uLؐK˲?��3H_N�&= @Ԫۍ?}>|cA_�(!6Hrz#Kh�AV'3��h~,E�
*z%�HKU�nr�M�GP�a�=ȱOlO'�blvQ���X#�"�>X�Eq;} [i���j0]��k�� {#WC��ڣ7>#=�cgڈQ؍ޭ_N)bU3
22^mh;bS3fLp�4Y�Kp I+u�ǍȄTvќeafe^*-�'�'�٠E;F}MYY|u4ttD]�kl+b�YÊi q��yU]|~ɘB���Q�[wjw�" 8pXZ>i�._P 4�]}t?�ܕj>��Ow�4T��
/;;��-um�'0N>�
�"g3��2;\wl?�6�>6�J6Tٕ�?lO� a&�Լl�A7@;$qǿI@^[*�~�f1"&�3зZ8�Ahмqrn 3ݬyd�,~&x*in��ۉ-H^txNB��L��|O6�ˍBC<�nx[
P#������u-m*�|�
̢({X$dǒ�7�NY~�V
j��
�+�.ѡDo�Ma��z/�y
�joMɲG+3]BP*^6�Ab܍}Ts�?�`/�B&#mgbq�4�W�D��~S��W#X�rFOË-w��B|F�Bh�:c?
��uhg:yYE`{T`�]����*bu�(|.����D�EK�W.�_1ZK'��}#& �p$5�iQX@�f� &~-c�4{#�֒
"#Ĩ���~+DeIϗƄ�(1BH�֔2�{B&�.^6Ps =uN[�
Hf?t>"*<|61� ';d�k[.-y�"B~�HB4TgGG,#\s+�DqaJ9�%hmwgVa =�((,5Zu�^xgbMT$<>8�̧+*{Y�lq�qid�S*w��s�\W[*Jr8w\bg%N�WW�ݯBvo_&~Af7%e*w{PaEj«pvk}@O�h�a�p'���">LMndk9'1�`[�V�*-hrS邨Bkކ3�Ӏi4�0vކ^pnzMb�6m�YGDh6�7~=^��6wu%%lA/��r�:)4�H]\w�]N{�F)ڴ�D4շӦ?���mq Qs)L&Ng�?8'SHrq��(�㋀C?j ERZ�$)4}]���Aj5xo9V2i.d;s?+F1|,�vOڊě
�JH�`+�"%R��"3WBD�x��D3JuPx"')ބYF@B3�%�{$B(}(-uzXr8r�њw*5"��e&P(=5V·�aˬD�\3juqL4-p9�[~73�#9`B�8w~H(гZv\kldue%iK=.$�a�&�KF�Fe'F��lc�{U�[�Ő|
рʐ�vVV�ꌙc#}J`%Y�;vLd�.Cs'�1�X;!,*b�H&:HSL1e�BLe}�Zh72l0iCʂ�C"Y^?�5�e�@ҷI�'"���F=�S&1<#7�SOIIP@q^0[Q2G/B�;zZ�+\m=a�Y1nΏ�9�4O.weZ�ڎ~4XxD���JOY�+�hU!g<҈�Q�+�T*5>ɴ�:a�Uj~#��-S뭝s�m{�rO�U3tO��AY6
_�boͳ;+za#MgA�g%ϙq;LC��+?rJdKtB0U%TRN
mBy(n�jL띆y**c0b<
NH��j�`�zf���]A
2T�@��E#¦/V����Xע8w�]pOG͟H
�֡L[8-EZ[ڞs4#ݳ0Z_�Hu�Ѐ]Q8�GO�#�0tY�{�C`��Ie_`�TN�A//_�\dYȥs 0oa�XLjy{�9al� <�tϯf�3�Q�uA^΄DFY}ͨ=�fg�Q۵�!(y��RفRUO0pDo-^AE꠹G�*���VZgt)�^|XlD4�xX$
ƀi1�viR!>Ǿ�٘3I'Cđ,� iړ��'7��;Rx$wi�'oy@qb˰ٹL�bpX�^@-��#(�TjY���c�#L�vۙ��6qW@c����p��O7o|SC��X^H[j#ZT՚DWôFVClMϻSm?߾?J a+}W/p��뎞�T?l�`AXUX:]$Z|���>
dLp1TBy��?A��T�_>m-�8�j"�GP�P
!�1[|uen|+Y>QMUQF�OM�5,r^\. ��+�ȩFsu�(E3��1�G�L<^Q>HڕX~*��#ѥ�F鮂Ias#c ١xK�N9�~�R,!n#��^b�/r;@˘w8q>'BYb�.�dB~�{S$�V�JnBJ��L0�_U֎ɇ9G(zSz�
��uc*o$ٛuqj*Co�
!��UPo��[ɄY�_8ܓ�m/d�<)�
I}eSN:bޞ[�FmgK�x苵mHzbG*#��=;9x}�wqHuHyN^(�?�7v6%���5FIlY6:Ct?bsN��ρzz�/eE7H~�5WYOB�\i�6��)4<�Ċu|ZXd|9G-]ߕ�e�`S"�e0^yX"$#`�3l$2Ah�]x/L@/b)~�g�y!0�ܹ�ۃ�^)�P
�V*QΏ�3y|i���J29[I+�U?`LT]I-0YrK0]d{̖g] [mvh��f5KO5�7b+":C�ODg58�*�&��N%:g;�ҪK{ufJk)79>X/-U�ߖmbXB����X_khosiB�*�(y9o�
|)bb;�W'Iu\;m,W�n/�fBֲz k�0�,",�z+cmZ�zg'*P{#k�N5%wF!�WKP \_�
G"Jҷ���^cp =-͆�����ݹc7Q:*��#Rf+H,C7C��FUI3`?���kmKUAW�O
<�As���� ȹ^aThn�98�B*N".$L&5_;>�lJ0��(B(9Q'\}A�] �!��&|#Ʊ&>$*�kh�gQl纭X�f<˷
vkMP=U+��rUhFZB
#
;@!Wi�m1\وX�T���WϥA
/NezЪyhτd0f��_h%pn:c5BJ9�?l4��KX"q_Q�mˠ�U�Em�,�ZQl�z2WNSfgB|sS�GE�?Khm�;Ѽ;^)6�!Ƒ:��?cs�oo(�4xa+%�
�&VO?Dž�SGg�xL$RoZ�sS���, !@|J`{'thpLDl9q{8�5ణ}Oܯm+H�a.�욻I�jvYr��sͬ۩�?|-�NnR�+#�A�}6yc@��~އʍY+�R��=�2!� ��҇_d{)NZF�ҒbF �ٰZ�l�ۥ�`�ڵDeP{N�\MK#�E8mg=��ȳd}#F�Ls#HdhG Ѱj(}T6#��'o#UȢW��oSwmڌF�d�
msF:(UTZU}8f4k9x
'C}���L�`C,>LOi6�a�b$vqm{�+Q[�:`7^eP
[
�M,R Ox��Pq?hM3H
Ph�77�rL�*9a�\�CyMRFW21� ǻO粡;]r�PǾեYOi��R�?:#VKI��E�rϖHJ(n�&-Dc�Г�Zxe}�y߾ڐ�P�^ηD=
n�6r�ͪSٳ{EDQI�_�ja5��)trzaGIDD$�C]k�Q*�oݱ���~]9�N.��1_ұ6}^q�=f@n�X/zU�e/pJ�5Bĭ�)ǎ�',Rls��v̬Hiqo33�w0�D�;7鱸�Aʪ� r[ؐ��) �\gwLjחr3��]Yph>�@L` {mq]\�f�<�8�C!D$B@� fD�xOħ��S5Aa@zR�@~va/��
]
xU+K5tfhx�=��t
���JRϟ�R' +�{)XM�)rS(`^�k&>��BpIvԯ�>~(�Y�A4
��,�o
ؚQfd*(��?�k&'ݻūn+�7>#97��WE�t��8Xge���'F=D�KVɃ�7�?iҐ�"K_�E�-f7]�u'u�䃨BI�6gDD�YǀJ]^�C_|7sf?W~Ă�mx&[ Ч:,H�McKrQP0Ӿ?W�ܟ2B6�^R M�|�)�nAa/?A%�(i''�ȜGT2K!%Y$%Y=�bkCY^=;:\.&EJ�e^ŔK"Ţ_�:1͡Jh5�"A?�ƛ'Hc�▊.
)]%U<�pp$I8�zd<)�tLw)(಄r�sܨ�!iM�T珲JHSCE]@�+[G}/]0?tG�֩ȷzeմQ-X�7�ȧ}�=�
�ZQ%y"�"Ӱtϊ""�]$=6&�N^�qV+�]yxVj�<8�}*?ܗق�!�If5%�h|~g@V�Uwԫ7^Uz�?B*h:�|
�eoU#] 8��`Ic!#�@W�XAU)�HR6n-ڢZ�� x5H}(!r��m5��G�&' �D��@X";/~1̫uenRc<#^.M%.$X[gY�,W_/2PV�=Nz=`c��\�Bv�>OfNMh/�t:DU
`P�`��1r|͕9�S�┿Ç&&At}�SD&�֛X��!2NuGg�ED�4.lKY&[4[MB��E'].dx]�9�Y|�Ar0t?s1̀0外hē]�G`$B3NhI�hF[��ӿ��,��]E��(bH�*P%y��4/d�t3unR�qIrHCRqJqAg~ujᎣdp�nQ=�k�di>>4[z�iSv�]إ=ތa�.mO7��!8iaA�kH�h!5_3^r\zʿw!n5�%�^pf�L}G��Q�0B���h��mM�#�X7gORMtJX_�wO¦/�wuj�wїWr6�$/JzxQүo'�ls�OBl)Y42Sӆ�\p�G7j=Aw1*�F
>|"~>��ҩoO'�\�]E��3�\�i�FD'?DfJ�SdOĩs�:?ec�',Rr7e�`ֈU�)�XI�?rpāo#r�uH&�TVjU]%1zJ�.<9'7e�f{'@�"&ى#} ?N/O`7?~x��%jg.([��;)�67(�'na:?+�9
FSl#�DqCM�5M�S���t:A/�t�+� 9πr:nZ/�+iѩ9A�ڣ�j�FɴXgnM7|�ڬxrW}{��:L�k8|�Dr7$g�s(GZH�-i�P�d~R#�0�Qz�.�}K8q[JW؝!bWӵ�C�\�~=N?�J^N|ny�V5K#U"I`Ҷ3p}؏Q )�H"٬�qҧ"㺀HCxh[@31�EUȺ?kk�X�L���;l��Mz^&E$}xw�][P]�(dMVaL͢�Nq�,<��oLqǏc?F�і�$NΦ�YYso]�[
'�[5\H��3LX%�+��mp�'{�S�?o&E,i2@Z29�Nr*X9%_ų�]�<錓*�|0!AT�T#s2N}"R��g|�W'6z���f&�֛p ��C�5;I_&-!#f�vH�''W3GfoD��菱
")#I#:;Ym�5�H_�yoԧq����kł}�E�T�ޱ�.p�uRT;x�E
�4"NV!.�ߕ'A�s-�
4a3�(;k�z=��*.C
�蘜)K�)01#J`/��H΄�Ȑ(�>Dq~t�$;PƜ�qY2h�dfli��A|lS�o7��q8(&t�� }q�CrV; ���G�Mٶ Ɨ�NdSeBwLct5;D^k5I^N]db$$'^����D��(�8B.D<]tQŊ{WSI_��otGbU)F\v}�R?o�B�bmҵ�oSp&HȻe�/Ĥˑir _>
�PeQG끻bķꅙ��wP��KRuU譙Yƒ$ө.6|M:&�v��8XdZu�Ԧ$Z=��A+&�e&F;w8�H=M-+�zarY]a�/iL°z�Y&��}0�[��'[��ɞ��ZNUa�gIQ�Ocr�OX G:NV)$�PY>.\o��X_Mzo\
�#o�[��s�I5ښv]5xJu0'MYHT�&
DǍo+iAUnR٧ҍ���lj��i9G�T��\�U&z�4�+>}�Ǩ&cݯ~ՈE�$
k��)�8ņӿͱM�fZة9A�RǾ9k�G52MnϨX�2�1���B)zm^���w����VmT�йMN݆i0r�Ү�M�ϰ�e-�I0\E~��0�k�[I�Y>K&OԣNsw| q;�_TQ3;B�[Tb}p�7">�ٍwW�A}C�L�E�akz�(�UAS]G YZn\nb,�ۀ\v�WS�s% Cƽ>�I\nJȼwT#x2lQ�PS;�B8˒n�dݍ7꜇{�,T�Q\^�>�a�%6%1�f�9G6
[�;sZM��vUӘE)�XcEB$�Fkf�&zbՖE\ڙb/"ɒ=GR2�b�jZM�*>8|�ؤKX �h!�s֑i?A�UbwZ�ߢL�V`)z�VfgCC�,1{L+8�lAe1|�;�8/j�VW$$�X�g�eC��:DӾdu3
~�[!8ג�d<�Gk]S"巎I��-zbGc8��R,u��HӻZqonE�����;���eйL�,�Eە=�bGD,kc�⼓S�%�4r����jAlU1%C!�0C�?[۞�RpDssBxɟC^L@CXѴԔv�%uJ�W);
Y�7֗HZ`�o2�.ŊƖ��:ՙExSb�jnlS�06�q/�moQj[���]ga%�j#+P��ʞTMDpKbel�c?PTu1x£�Eg'8NsS!`�ߙ�kxi-
>?Έ05Yn9j5O%Fk/h�tQ��H�j� "{W
P@]�umA��Lrc�ɥZfxl_EKZ�J���V:ю#L6aG�Zn�#bt*ltb�s[`v%N?ok!v8*O3lcu��V�NJ>-td�z]
b59'N��XF�w4sg;(Y@V��v$:�UAZ�y
m�Ĵ���Z�3�2c>Yh{2�s�g;�'�Mf'%ڬIkJ�9
5U06P*(y%A�?EJ�'5OFM4
!QI>�vby� B4WMA2tlk4�RdxI#�](43+"6�6сj#lᰐӯ
�R V&8�}5!-qЇ8Vt&�1z�t"H�N.s*OrH\�^I��ܳ':?d�maPoV'T<�C�7W
]tVAHO�ne�e:ݼ7!wnQn�tӟ[հ?~9Æ
6Yt7^)�^0چ!�m�WH
sh�Piy:##;4iD˜rVA'f ��& �N$mB?%q3
b̠)H�5^
=+���L�2:�[hR46��Q /�ZNC%�mܛ/Xxƾ1~H�ęIM_=a��d#aG[\W�7{�{W y&gd9-<&4AU0\r+Tt\� h��$H>9QBE1��#*��Fփ)\l.jɏO��G@Ž�k�IxD}P
Q�#���Qzo{Cy--s�8>yL¾�ӊuB�Q�3�� �ϒ�ʟ�ݕ�7+wŭjm\yۀz;N>,:6;zcЕ&�S#
0>��_ږqeT٤R/T2TvPSx! � ķGW].82j$��y�趗/S'=�V!z�CssJavCw�#0C]Ubu64�{_�e8�@R�pGzi6x�9�W�� p���&`?$4/�TP�:h(ҙL㜑clOE-6)k!/�$XүX/c1oGyz7�H{4S:o+s�by9��Y`vB(-Bl��3n�@7�qڗքcjF!U7�¼zC��N8|R�?hb�O�qb|�ĉ#sH`&Br�)<%UEn�]B�^&2@gyވ2NE$Q3xu/�`@`.�!4b^1)=sjLGӿx���q�1Ժ=�sE g;s�Dt`k83oc%#UVt[4�3ODɲfe)#��k�&q�WCEsL[�zOv¨�f j<[9]] Ɋ3%]2w$)Ls�,pHt�k4�Sl~N6&���n9�Ҷz(�62*Hk.���Mcx&,�vOk�iJ(%e�&c�
kC'�j=P'��л*�X��ߺ`7`�¾�˕oYē(sԸVlo�ٰ[»#=+|߭u��G&Ⱥ8q�ž8��z�D&h2W"&�xeXҳ�7Nk�b(ϔmDwnpD٫�+�P.ro!�HG(V+�XżO8eu_^�m�VTnȜV\�gs|�EbDB9w��9�~qb_de,%*ѹ\;S1@�JTV��2/@�u֡��x:e�[ ]QZZdP�(~`ѪqA�sE��B/Cp5ހERJf\p���&B'�t�YA^LrE 90WGĈ]�����2#�$ )-NનY�a%Y�R4�%�G\f8S}�7sRWl�B-;�QiK >�`�BbyL&}A.�K�WO���V�q�Ah=t려cZ:PսC�Wj럅b0�V_q
<}wrY��bvyWr^�|Z*D땐'qʦVlw�U8 BF|c怬NܜLL63iGcTٺ'Y�h�(nv5��_JIMZ_���9bPѠ1!X\gʈ/-�3Uѣ>4�+5"OSѦ�aX?y3�M�7Wm�!%B�>ht`i6`XR�Zy<ó߇E�:*I?mޒEvk�z�|�+ñ
O[
j"Ez�D`l��CM�+N�-x�CLBB(�%�SG.|]+PӮx�T"��wԪ�'�&U�x�T�0|{L]Yv|;?ES-K$'DwAeUKGoY�.>>�xh1r!RxHU^�k+QK"
�{Br-�*�}0oHx6@�Ns�w9_�ONk1'˽�7Š�.`6wg>ޤe̋jPy敞3)M셜
oփzW|�kEp
�B+2�q��RB2sⵣᄌ@�Qv
c3�X1�Å?$�ݥQ"J7Q��f'$�72�\nR>5Xd(,%q\b�XWEW1 =B�D~�JC#ffvZK~h�V��b�CH�c"[]�O8c;W�d\F_�u^u�U=3c'�GXXY�Z�9c>*"A2�:�$Ĺr̓P�'7a�@x9+�g65 hLad�Xc�C�9T�IdLZ^I`�Lh��KI'g��|^Nux'h�+&A,&\&�`C啟�� \o�ԁ/�ʆt%�;iG3�;YB
fR?zlU~dnT$�Rn�� �[C
+٭B�FtggSin!i�,[%�e:\T28�Y$m�?�W|CO
�!s\d>'"uZ���ʣIXn�s��?,
]�#�ҿ4H[o*IZKf>�V`f}*aS5��..F�AFw/��uu�y;u��YkոE4{`����7WCYNJx��."X!f��sӂu;IӖ7+�Zr$.fIPo�~M{�^ïv^8Q�F�@X&5�KvUn�̹|w-SrMpQpGC.m
}ߺ(dG�*eUNlq�4a��D�L�XAC�\l)�|f*�->�)AFP�heDg�N�E\v[pT@ذJ2a��ZZ+�cÖ�x]o( ̆3�6rwm�@i@�F�Ǣ?_l�۞L2Z쵙v�㬰0,h"mC��'�D:�ԏwN�œrq��56ï�9��Kg/�lIު�*H_G�#K.ޥC8/^0�� 1aI�T>mG� yf+�5�KιM]�:���@��=�Fh�@y%b�s%�1@S�DeV�>� �E �,�'�]m_�hcrMU��LgnV#TEp
~)^�pρIblg~(KlG��-R#M
`Ӹ2kC��eaB'KEf!`x2�G$\Dy|}+�vVԝxQE�(JY�79bE�rؚ2BNN��,�nzu8.P��k�=6̖S�1eq1�4U|�P+!�Q5C[դޘ̊�t2;#D -�Ԁui?*z@���*Vw
�m?r�S���z/hqe��4>ݱU"(����gA�i,�P%��sϨ�]Εe� ֓RG4^wy�"P�Z(+��tO)X,ɯM�ִz;\'��@C]dcƥۀm�Yb3�8a�y7`]�"�A��ۙ^j�i@zLk*#5?mm:rOQ*÷pnܿ#|�R��
�Z`
'WBk= �YW����~|MLWT��L}5�O}pGQsFd/O.��qp[ɰ& �ڜ*+P.蒌�)��}v؇`5z2%J��Mn
w,t|CXe�"�g��ZVe!݄!�`1�-sD[ȨML�oƨ|gX
@qz)傞px�h�=K�aҘ͖̦k{1r>�@e��,�n c�(7�w`1�d?(�K�0��A�k ��p(
�n@�Em4��
�lLY�a~B.�o�ր%~�.�R s
s}�ĝH'_H_�`bd8wJ+/|Tc<-^�JNB6!δ,<�4_ID�g�#Txwo״τjyb*m ,O�wUb߭MVAM�L�!I���:V�^lm>2��U\W%&6CxQ�=$ɽ\x4җ(`/�zt`okGs:�"n|+E���?l^A<&VW)cdk�j)?xn���R0ye~o�ސ )4�%E09Mo+ev�Emͷ�%��'�شaA���q���^�� <�絘7w�K
dN;&њ<ǃ�ܯGgM�o^NJ��7�F'bgŞ�_�|U3l4H[�?�9�wT٧Dt#�,� %|9�?�59͟(�2"\Ԁͮu^L6~��ܵʚ@\uv/>]+13zl��M�3*iVKt]%G'ݕ3qgDZk�9�`�&Y/0)%SK .HbԄR��q��Hb-jA9h�Ng-��WEg|�?pq�<[3{ࡂ��$Z�i��79ܠX̩(42ZtXd;
O���$Gݰ^K:bጐ}HIUe =�#
�l���7`kͩ�
VfiPb�kUkXf�շ+&j(R�9+,ѵmZݢkN Juя*t`$#"%vEE)�_6׃�`ӹD
u��F[�l�WcE�C�J�$B�i|v��Ӻ]!鳚@V]�:
L��"C�.�z�AL7�!-&�ޘW7�j� ��/�OM:խcQ�52�̓�?A:(�[JǷ_J�cZ�ϾN=�e��J�sAl�[%J�3e}��9Жsނs��&�.#:+�=1XƲ+`�n
W}hרlB��m��*6߯��tD(6(vK@wO#�g�J^Yλ_�5qEz�{�]aa|�G~/{`/,�q[$�
X�R-_Q[] 7�CЭ�#77jހ{{*|ڥ�uk�s3BډM~8κxP7p*!KX2�3��(�v�Xh��8qQSm�FoS 2{�S&'y�o�u<�=�
]h=hL톔)(Ĉ�:�4XΔ��f�@b�LOqA)z �XѽByɄKa$ vwջ5'ԜaR5|;�6̏=HQ-!/&z(\57)oK�f@[Qe�YRz0�8���S�7L)�Jʽb_[}:���c�:]!<%/2`I %�����;�Hߊj:ApT'Ie@L*l&�},c�l��}�̹Y%�5v|Cƶ *>b�OU9fV�LY^�ZM!Nj�V]�t�63�� V�� Y�v~
qD@DB���D[0d`aa1+ӑ`��M`Y/�2w80�N
�
-/�}@VE���VhEck~`'yPn�5\S[,"x�u]r#|�0$�Uku'al�K~g+Z:u���bX�Hqe
PXJ;cFakD�*�4TD!44~E_-'agG�녺f1^��iۆ*Yڼ:/mtqu"]In}8'�ƿ���Q&
�@ա5QxW$�YcL*
`/ٗ:_:ptY!ݪ�HrWm4
E!Sl]�i�O@[��5e\ͬ�1ν!�D/�u5`ǎQ4K8lҲ-ߊI�$u4F녬JXP�F?:26��OK;bD�4rO!ZIJSg5m7VD?h ��:�YUG���ÓA$Q$M�^�U'oFkiIדRL?q<ٗ$=ϊ_&*+c5eObF�sD�I~K [@�Q��X8UːQyo|�":`Xc*
Y.��0&��2x��cZ��³4�Ȇ��У.�|p�/�SLG:u%e�pC)Gh[�nCw�@$P<_��7S6�voAn�!�O��hWV5w/QD2�RzZʳWIg�(mq!j�Jar{7ІS/W�7T]a$$���zς+�Zy.Vkg'I�ޚ�6#rwD�#rDN~��L<э�=ҡ8V.ǹ�Җ'w3P5ä�OR\1� e1
3nvP6d$@<ǘ>.CMk�r��+$�)]`PA**8O
)&5]]o�ː3�L�#,h>�=W;5Lm5�vWȰ4?�ZEAʪO>�4�Qw�(f�W,�xX #(�5{?T�SU$BR'
p)�FAkRrWhw/iA_Kr�j/��%B,6]K8X�rPOwKL.;U1_�Z�C>Dy��<́��9G��h4 =`TBENLj�5`Bo
�#ݙp?G0%%U4UpQ�=EC�|3�
Ѭg.Eq��82 &O!Of�hվ_jR>Zl#�rY�Δo�7&vV6�.qςc��Siq�a٬�╕gڀ߬q�`%a͑U�/N�42
W�k�"{:P��5{�nTG��|;B�*`J-=)H�WXA�#;eq>D-,�M5-_|%L2;#P�{u\ !�)g} A#[ŭ�aĖm�F(�#�Ё|���EJ'.:�oQfb.WunߩQ)b"aIϽCu>-V�}ʓks쒎!y�M�37�m�Yx)Β�ױ`�LF�I2�2)g*]t^G5S,�gb,o[)Oa�8ڎ:@fC)
5�=m|3�vxK^U`�$�&c�>���N]pD*yM�t+~ܩ�WқFU9=lR�ɰ��G u Z3]_zh3(E�d$�}w$/-�6I=1m=R~�!v\$"nOя¶}eRd@YX�ntPx�P�]/S�{۴ѱi6vzlb
&^jD3�Ѡ�e�J>1B\} y
�gMwF\& j½p_pc˳?O��rCğr� Fф͐cc>�#-�Aq�Lּ�JhO߲~^�mH=t�mh"�!.Z׀>
jĩ%ؖ
AC:�]�V �Rd#t�l^f'�% �Ph{u�p�N?�eص0��:ZG�A3!*uˉ�?
\f[*j>jqE͟bǺ�HoY]�GNhOgd4^f˟p�dj �3U?Oi3o8�匇�NR&gg]a.'+%Max�Ho�AK�3�B
6i~qT_y~�Ғv/�ciiרfa��/(dN�Q�3>a�1$�mqK�J=N[ �(Ij�ڍ
bm`��J>kucʱ�ɵ>��N7@�(.AP�̧u Yۊ4#�'Id�ݭp32�mA^Z͞x�2�$=ajgR/u��Tbg5AA�ì&Q��uOMel-A*
;jtp�bXu=(QS�xD>nږŖ�4
�;��;Ieu/TN+QիPQ�W:�B}Ι
��^q���_z< �cs��YQf�&"9�S[E-5ud��;v�qQ�L<ݮcfεR!s%z5<},#ny
Ն&Vz;K9tv���XSz9�
ԅKFO�z|O}#"�cLL�Qq9ʲ�Sq:GJ.\ߺ��8j_-4iBjqw�m'z*nGGbH��-fǛzQ�P]PS#smP_ }H�j/��)P}/+NJ
vǛw�@0�pxBRD1z).R��Ih8N&K�5'_.A���
8+�ث(;U��+�ͪuckh]t500�tMў�kL- uWԚo�d�k�b<�BYrKXë�\�4���NX$�6ZP';IE��?��8c=+ʂY*�����;"}_H'1'-\$M6b'>!'XW{|j]�C(����ȇoUOGB`�3Fx�1y�fJaf;F[e�%?�9'�6.+�bٶM�y�+R�
776;]6Xc�Ga7"UKXb7≥h��I�xn��RR
=5v�%'Lꓘ
7ь�2ZǃU7@X��Y�,5�DL?T9en@�4pIR}�\ap 7?�<š\DÕTb?Y'K˓?ZCpg)��Xy~->�lc!ճA927��q�X4mPx})�kv~lxٗk?$'ba 9*�0x;�s[lm�"�/2�6 \�U�R��\�}\�P_c^x�)zP|�N-kQ�|d���4.�b+�L�I ?{tz�9bYĢ��[�%܃!Fg=ldκ{Njzc9\~
>QI�ڇrY{oO��
S\.kEjIvr��ͣm��@_!h�`�2q[۟^8~:boSe� M2ҩ'��gWaf6R{&}8GogI0JE[.}vL�Y{q
K�ݒLIyj�]Ȝ�2OUӬ0XݦU��k�#%�%i��ܮB&3:Y1�tk�Ve�3˥�X@>��;u�& 7ʖֈn��!faUOzS�z9F��(�@+� *�1qѲʇ�v
fߒ>
o 5�DgjluzV9f�;!n^��8v0�iM.>osqO.j**b�Ƅ �v,�
ga;
/�jX>縄D-V3/W]6�~GMCB>c��KEl�C��2�a#dٳ����Jacr?R{�w��w��^%yI�\iVFжz0߅Dʝ�Y=�6T(Z�[\l�Un�>Z� +d,:Mv2]%|��CtAPhBօ�W�A/8�f}Iz<��ab8`ozL�#m��7�T�ol�g-;@uk+�cv?�S(I�j�х&
�lA$�~Ka}`
�\Vk`+p�#%푳 U˼Mu47ɧeN*
a�fHa%~粿e��0�TRVsXAY �z�^EĎ�pt�UgʠД�0Yp�L��=։�q9;bV)�3y�),~l�<,X~@�6p�L<8תn��jI?SY04��
\)3��'F�\4|�Juw Fi��YeZs
*# "DJ%��pWjB]|âd*!=UYo?RD2�-X_[b���v�C>ʂ�BkaJ�~xlJ4{4iƲ//?JWBLJy)|
����H4�YEM$i�'�g�&���YBYM=X~φ�Ljb6Rh�Q-?B- QP'}j8j��s:�Ԝܕ(,!:�UO.)LrYH
h��Ej&b~\t&,vzZa/[%� 3�)(�r
|�t�nDY{EāӶ֖f{R@ �!fHI:_FEGkNm/TgA�8M�L
Ԫ5�[�Shd@�⫍�y� !���@�`�n@/H)[mp%nHo<��^BԪ����0p,�1d$O�?ʽn��.0grw5��Dw�(ybk7ܔ.,;QC,fX+��/��P��lsAo'�iYp�R#�G`�i�F]�-�(�Yd?�?�}k-0y��Pj"ҍ��:q9-+y`�p7\£='�Pmba~Ke8ߛHC#TV@*r�3lY�[<|ĸ^@K=�rFP$o�ǫ�f�Xu3[�P0ɂJO⢠$_h.�gc@�R}I{�Z�_VO@�&}�\L�o#G*O��R�2:�ViSowlO��}C�=%EYê.URXK*1� p0@e!Q�~`ѹ}`w|!ۑoI�>ݩrOәT-c)��=�c2u
H{!+'8��GpM�`b��]��W։,��Ķv;3h4'e�b8i.y �2�M1j
"f~^(hc"$x
&䨊I~�̦�i0G6ؓn,7C^K���֛L(Ca7{(oưY_}Qs
L@:-
fm�
�MƂD;S2[os�w4t�&v
śz*l!��=2X`tI禹R!ߦáj�,jR"CcۜV\=Q$!�B��L<�+?ʬ��~�
gL5c{��QNDb�t�#�C�xHW2�Rl�ݠշ�hߡj1=�g$p#q|�LKkʵ?z։h7[/�7��j/�Z�@�oМf#@O3g��Y�'�3"�v-v�˖ro<@8�*{�Р�5хgo)��(�Ay)k��!6eӿY1��9�J��xn>-0rTÉg.:��D�uTWEVdvx�Y,.�G$b-/e*206�6v̟Z=��V`
J
;�
scd5@m}��@�K0�,5eTMJj^\jWxiK�艆aqpr|KIiKb@)^z��F�IjQ�|3ð���RM֣ptb/��5Qߒ9cv#D/C%h$
�7��ovm1|tXZ>MV^Ի�9:;�y6XՔ�s
!Ԁ����݅�J]� a&^M=z�}r fɕqF7�qؔ
ҽA��f=nYq5@ZΤ00cI
�!aaK�}]d%�3rJ$)3�B^Ts��噈nFscb� 1i:(q<`'c(C��H���
�[k;7'd ®<ͣkd�MarXȃ`�c�J?ܝ
�$!ذste�*Ah"�hϼs�hiD�N�R:�G�}"t
�[vЙsj2R'/Lh� �03Jcb�d\nFPښ#�s/%c=L;I˶r̠N�Еۘ{C�zJn2�FG#*ؿa�5tg"mL�v�V�|�eAjH6a�`Uġ.yo0��=)OL/N1�?w:o�ي@�W�z
"wovyr?w<ϻ)@�/ą���~4܆yY4b�0_k��Fj.H�h~!����kғ?]>6�R4�@4+�(�+abjK�{2@u'dn��o�t�hDFVw64Y=a�#[|�]0'!"�j =!
�@fIj%�THN3Dt
� FSѦ՛m4D��Aԏ3X��p�S�йARَ9Ĩkخ�s>�e�p#����4z
[j(�$c=�^5T]k�wI 6'�ne���
�e��yl/ ��.��T2f|bw�B?ބخb�G ;5]&>�E!ka�N�d����n<8MfKlұoX!%u|Ru*cP��=�RVBxq
a[j̢�=>A7�&.ضu4Q�x�@f�+�3b>۪9%�T2-b=!%JC|�*3�98z�7ֈfxa��VcP�oƮ��Ʊi$?3&2k>-W{�Q�qzOb�DDF���fx}Ǚ=ٚSظ#;n�i�HM3V�jc`F]_�� puD1z5q�m2:ŏ)�Rc/D̝b˅=0�c�cBw X*G�}HFxne-ISo��X{b�{�"q��Ծ%�PWFe2�'.`-HyX76%7W��$6.qĮ���[�U
*Yˀ���qϺF( &Xląr~��4=�'|Fz� j>`2�i#�ڶ҃K��f4��d$Y9H�))u���h\zT7 �y)��AL^,Gm �҄ψT�r)��/w8n��h�$
���u;:B�6I�u!Ee_е�> �@bXD0)Tr5ET" ���+vC�=u1�)?3sU�^n5��5=F
Siq�ea+Rpž uiؑb$p#j
dJ,)TmmX�pK�)8Tn��N@ �\��r�6bH�Vwd� �q;H�C�sMb��2<
PN]ڪ�@y�K`崽�I��?��;<_dC.S}&K�H�,w#֚#
��_C�}V�^jƌv-
��L$���C?,�o;�_]�`>�`DH|�#㢯\RUV[p�6Fa�R'�r憬�(҂UA}'�RI� �[�(9}.��#ܕNWC&�
R!*"I9�=6�.T8AC/}F�MʷgP2^zO3,�JUk�Ϩ5F7~H=
i_iADw[/[)-v�vo
& �u^#��jۨ(2�f,^�G²��"]O�~G�N8(y>q(IRYA�-|J'iшk{}&ME�m2hapv[�X~H�+a��>�%'!n=pLZW�W�pr2F]_e|=d7nv�輴^{�npyS0
Á�D5ܠAPFfyA+˶&�W1��
\bj0d~v�~
�<.ٴ�٥\WLA1Ci�nv ѥ%e$�Q�SL/
9F}ah� OOL//g:!`���PP~�C�ܞOJ;sHK/?("�AT77(7�4AtQQn�9PL2�4 _\��nG��b�V
?AӤ�ψfN
-1Pm@>|��A<�����!f�zu�++f���k�n�Uv۷S
Y[H_3a=��ƪ�@�L�z0��\�?�Br~0M�.��fE�8�>d !>�/ o^�U�0hL0�Ht<�>{~$"L8\"!(b���� >oq�Eg1�b6A@
[[;ց3>*.Ff]ڞM E:2��7Tɺ|0fYS�cI9Q(2k-{�Ffv�S}l�1�˜u=&ܓK;�ӱd�2ZӊE�{X13q�VAGلFm|�,\}��ny@FgZy�o@��W"KxS7/zCa2ſ��#VdB/+H�`fzqk2Gs�oDQ!?2,@D�:O[`���ë�C
C@�Vg!X'G.|ا(�]ۨLI3y@?KDGNK88)�<�:1RgՇOv3���lTm& P94Ě�@!l̛m<{d�k\]�z-M�Vs� qKwRMJZ�Ħ
S!,ٜ>W�TEMt�\Tr�>Ő�㿀�z((r�Hy�e�Š`h�fOy�N�Sx�^_0g���-b�)��ߛ�/]a�&�ȥ�!�-��#^D?$L₠�͑''ez=մ�&IA:)ҭ.z�yz>U�k> *�FN�2�|UE?�Æͅ�'cϳ�*�#c3Z"
�L^y,kP,]EU6Gr?=bbL�p7:3!HHO+Qf&,Nr|k|F5~-C�`�j��&YRL*��!Y�W����}.-��gt6�/�F<4VtR7�&p�QxS[ԙrpU@�-�9,S2R:fi;�n6�Ë߶eALru��lc46
;dH8Qsh_ �1q�>mFĐr�;�!-x�{+"�Xw_�jت�$=w-=j"��zf7eL,}X�O�j��_��L�Ohܡcj�4�詅+'D/��~{
��|4V��'�N!@qC uo?ۣoR�+f���[�#i>�ph欁xU�7)̓��E^joϽ9˝u,]v 瞦a�~4|Gb1l8gJ��leBS�+Ǫj-G�D�,�C_�[yx�!VdvC5$D^5>k�L�Q[�Kr43�0.rn''D/\k�?\3WD�
K����"e\0FBV�\�
Yf�ڎ}XT�d.A�"P0$���u 09@�JK��l%Drq�@A��hN0��B�n:}#ř^�W�i/m&;�b!+b&E~͒��0q?ཊ� ��t)"p* �3�6r,�-y-�W?�*�p2g�wBiJ/b7£ps6&\z=�{:U+(cN^7i3\�G�:<#dr{ f�U�wk‖h���lsZ˝U)�OydoY\�-0`w^_K5z5�zsȬU�t;d�i�4"hx`1Vkڀύ�w�&9�x���jjUco9wK=W}/3H6S�K�v]}hi�I&�Cꩤ�N(Z*Y�c4�Ńfa
{Pnϓf>it4f(T8�W蠘9w�y�Iv��M<��`o@*m#�=4`ʨQ�sN₦W7pfŁ$�<˭4X�T�^)��&TsrNJ_�MJ)6M�Q9�@RN�
A��pv�YȫE_rAG�`]m�G{}dz�i{4:6�G,eי<8o|*j@Toĝ^Z}�*���V#a�WCA?�f=}���>z.`ppb�ְx:[$(���G8*�1f�f��z�zi#ϙ@xZ?�L�5#�Lu�Mϧ=mtc.�5䊢U�h9�B�
SP
G|lH¾@cXf=/L!(<�K�fCp�5`eЬ;w�?ig.W):gGb�|�ϯ@@R/M)|So��ȱ>� �paM@ܝr|�JR:v@7NF)�:|'�تH��b$qߡg U�y)V,�ŝ杔$,.4eD=N0}R�n7C~7W崩:T2
)JDsx4G3˟嘆'$߶�H@ϓo�rMFY$cЎ;�N%YH�'`f�L]1ZoٵV\��s{fC!˽V_=Y2[Ӥ��O`eImdS��6hKG�/�?T�Y(Jta���=);�7K[1��~[D䉳,�K��W9�0�%B�ؑ캎,Xn2[BJ#$�diw�`qpֿ\�ZH(xt
wJJ5n Ŕ�M+4Y0B^yӁ L�p}�AyCaq.���BgS,;c=>>E&>QF#ofȍ�M��~�O"�Q5!Ai!]&HG�.+��g@#�M$w��k/`}%Z@G)�b0�D_�S�]_.�
dx��bB�uv1'0ɬ�?G+ݹ3~
k� -�TI�ۦE^i�1:�LՎZ Ujr��e*HO�C9q!F t^T,&y�«x4�tn3Pu��p�$^��@gxi꩟*}Y"k�8�ĺm�ЪEњk9�̯f|��%3Z���MXtM4F*d `�x [�ZՀć�*|Ϫ'Ks
2_r~YdR���:O}# u"n�_wu:zM<+�2�c{G�B^Y �/^X)~BX�< ךtY�c(�,xQ8�I�Q'Δr�sV�<|+H�7�jL#5"ޞxN!�����GK�
(�z�F�}5�rwЅń`p>|#`&9�L4隬�l''
6#��[f;`>=���#W�}4�+w:�|q���ĝeJ[yC@BWBϞ�V�� ~VZȝԑ^;,C��R\DB�y|$n�h�v9�?K�l|`뺻��C-���@o$0� zD�_�-A 3:f'k��Q*{#;O*x|�/�wS�}�PaUgnLP:qK�q�K� #�tmB'B2b,��J�Ws*.q �$ǽعI��M� cMwU/�A��ah.!]K��ukx*�7ʌ�P-G�7�<�~v�eҒ��Nn<)b:i2Eci(h�h�Z9�6[�nm~A*W�$�;hMUY]B��$�|}PE>Y�C(lZ0E,Ojɋձ
�{�4/Ļz�C7t��NvF��q�}|�Kʟ�=�i͢�Ö�kW ^
WU�!/U�=�x" پE�g:/s^T9os4�ծ ���*I[�G�zE2�7�1u�W�+C�]I ^Of$ �v2��)�\zM,W�JqH#`�`X�*jh&�:�O�ix&bM.-n7�OC"癳$Cg0���^h9�8�"c
eX�5f-U]�%ĞDC��K�QlW�9Sn\�:E�1WcJ�vy},5:*!Yg+#�yл�<:)
5(b�u*2�eO.�z#R�vu
Ҽxg�Wt|FNY
h;Tmଳ/
-�@$ίy|{�w�K25*\h<>
1:�=mwBMb���4D�s�o)x_Ɣq$w�$Trf��zq�i�
d>]yeͫ8^W;w\_�-RUt�P!K�/tD(Y�(�14\2!^_v_�&2�skzn�/�ٟy8\�ND�K�
dP�<���=76����?+56!51}q=�-\sg(�OJ�Ϳ%ceIB���\@yF�cQ,]�0X�[C�W�#w �&S]U:w�߃�s�VMɊ}�dJ�KBF�Ԛ�c6d�ןlvSľa�f�34R$M|cvX3bq"ǯ[:o;xpH�֘-~A i4-p�(�L~>
6WQSo5(nOȢC2{9%9)
25��Pz�|�$T�H�_TlsJ��2�
Au�S��'Lc>z��d
3C�{�Ol
>oE?V
2F�ˏPIĞ_��GƑ7��0=HH�j4�S�'E���K�Ja擽jm9a[z�7M2(�t�tՋ�d�X/*d\y)�M]�BgAog<}é+�0��o_e{F? �:��A_F�
[dIj-Z^!~ ͐R=c&
;s>K
Eиrt�oI;Wbg��>\�ol?�F8k�p��稴9@/Av�YQ
\>(W2I71P8SȽ�^W!\o4��gy�p*��+�moj�xf_"%sxyl��S��<5>VL
Sh옄�N�1Dx4Q�k(�Q,�/�Mą�-��{�!�Nz۲A
m�+V\�8?(I��DƄA}Zt��A#��r1 �R]ŗ(Դ5g?/���ve�N:�amq�'GLĹlgXug-V�*y;�b�ׂ�T
1G�K�2j;���ܰ��fmdKkȿ�� �PC�}/BH`&B;+\*�3֔,+轈�6>4"4U
s] �[ő�c˓�լ9A��в�xJPz߫?+�`_ټ��Hδ��VB�!�(j]g�oeAtyBTh#&PΫ;.e1'� �Uׁ63Ѯn5>d*̥Ow聽#(�S�@�E-S/h*$!Ɛ̬�$9�XE3l]~S�T~w
DȂC�k?>6�RY!�с#Es4
tz��p`֧~-!|Ӂ�[k�
ĸfA!Qj:\I>y��钃2YEu�W���HD6K/ VÀ㲚x̩p�C;>a�Y�;|a(�xw�o[���A0$edžX�c +C+0×PsI�n5*k|zPdhL|��-@L%�k{TH���`��18Us�6{� _MbTEp<��a�-}�942]eJ��1TS�qD2e"��%&tm�U)cQ׃��e_�i�j�&\.W�S懲+_a<,מ8Y5�OOp'NLLj*J;t`Ǽ]*U#۷@>�Iݾv9FYw�N|.�m>Ao-�-�i:yCa9|W�p�j�|�ʵY|A6M�~-A@ŏ�ª-D#�z;@qWRJ+nVdBHB]�8Q�8XA#;Äs@[b֊a
G|Q�~4u�>+o���aM[h.^$�x�^c=)�fxqO",�=a
zB�v~u
3:��ڦ/$�9Q7x.˗YۦĜ+(D��.qc4%{z}爑ѹD�-]r5c�q
�0gG)tmC<��ɊbP�
<ľ ]62j�/VT=vͺ⊯y@Z�Kjdf��U�_�-1UZ7��X�7ːl9��\+E|efh;mhc�<�0"8|�gd2:���(LI,�
�'|wͭdv&Xr�M8gP �W�v{ÞEm{
�w$'zk+'mo9wLP'y$ap7ܕA�WI!hyN, � ]c6�M|bѡz=([3R�M6?Nnh~\R?�l]
$!"Rd�7�MY+&3u��dlO"beiLU4^�D3r�9�x�~�f颉�!yr%BdI~##=Ɠ]}!fz*ć?IÆˣ(t����FW��AnNtd�W߲A$8�=��6$zM|
�`*vL1l�_�,8: /H3#͙s���YU~9Cł�W!UF�=��x_qE)i[PkYD�_2�>&b�F!O���rtk.�
d�^�)7#?uyBEB4b��� ,~NW0ShhJ��Ywr6]
.؊ e[.O@Ռ�.ɺU`
7cGPL�8cר�e�g̒�isk{@�G)�ȅjFj|2Sgj,Z��Ey#9LŵRg߇�ct^O���ߛUiD'^J)6}H�*vG̈cĀKvhyޓS.�9�/xN)�@3l�?m�ݜv�ooR/BMg.G/oT�%#a43$h"q=OXo1�INճ9+[`BIW!@W�P�oE!�S,�2A:=t�%f=�CXv}�WC���녃�T�o#dJ�>%'XD}VUou
�5e
Am�*s4F*�N�(\Ғ:
BÒi{*2YXq\[cUM��4>⮟Vh9^z�p
le1bSljM�II�}o%�/LLF�-�wL)�&�Ѯ�۴(Hm[CZ�e�22Lu
ɀ~AUvT:>^�&97�!~Y·ЁB�S uUUx\ ��b]g <�_oa����A�i58ʣ.�_v�v�5��pnD�6�c/}Сs'"ΓE�
g}8��81�ǠV:!Y/
�atrɚA2% R�Tx�?EB~ ^.?g@;Hzi�엦}&KAJi!��>'k�N�JtS
�:�O�Ȋ,ij�)-c��lPzw.#�&!3Y%E}-UsD%c���J|2]֑HCF�2AQ4� ��& 'GL�;�7|�^S�}MB�Sa�_�=;/ԍvC�y�.E%�Rn%)�'ez�_�I�4H�q̛@_{Hګ< �Ua�K��'lA�Q
_5-ɮ~�n_K �+yg>
wW#a/xJ;0w��'�HhL<(FBb�cCU
���QC1pcxIh�!�j!5nX�*Q5O$/D#8��ʎG¿nbvyw��
��N5;$v�U�֊֒ą_��^b@OjuUߡ2Yi[o5h
SxZ c�Yr&`V�M�Ջ;t�uտFy&;�^U#\TOyq|z_�[�Kb)AH]¶�} �}H]=a
SP�z},�A�D��LmF>�Zi<��,wDNedqe�-97y-J�h bQW)N�N'�0���zFi2Ѥݟ%?}���F}^Ki۪H)w�q��A�.!m�F_,�kxb���j�r�)L8/_F⒊̢xMȜh �s� =bغ*=e���W B��!�9mN?)'ʡ4m[��
y{X8JM
�*W7]E)b-�ƍ��8�$H��2PL�pJtP>�J��Yp* ݨ`�}&RmfQ�w4ǂyr掺f${h;\�ǨV`Ձ
EΥ$�dUP�0��pʸ
8>hDbVFE����
w+2Ry0̤MTTQmT� �%(b�g"J`�]:Y
29�4p�rjft�qQHb%�|�|$(7A#EWWHb?�R�`G�f_K�%�~eKԪ$2A#`:9o�۷i(au.�jW\~O2{�S@@�ŝ&��nX�wh�ڵLҰAv@��K^�,ul
wlک0�l�Hv;�bА5�Bu
91]ZTmXϯ�B1<�B������t'�b]$f)tۓ�hT pv-Zw
O
G��s�(=k�#5~Qࡡ�(�R4q3µ=�64Aeq�IX�K�8 zz`ڠ�6ܞMz[ {fl�!mZu��K nv6zZpU�OkB�%3 �iTZHL4&zK5:�=<�4�w�/Fj9(Ȭ�Oڊ"㮗/ �0e!\�V"X�O��Ë�$F6ʍ4�r.Mʷ�q8QeɆ6a0PXޝE,��E&E#/`N0X.ӱ%�mE]m.c:�͵�;�Zj�zKh�]1:5�(ߨd͞8v7|Pػ@�Z&q�s+ʝq&��z}-a~O=�b�><�J�ZD�y.]�X%s�ź��)%��1ZF[���*nE�bXA=�}]2(J5`G\UD�k/'m�иk5e��ݸ5,�"�K>oEK�f�
[C!|o82>]M�~�!urRQPyeDEhu\B""O��`=� ���2]nBq%�Z37(y
N &ѳC1߿@hJԠ%s�jeH.�R>4
iCpo$^YAhY[xᡞ�q=t
�`�ngAF7�=Rt_زi[E-s���
웷�PBx�$TO�/wY���_ C`Z�UL2C"q� {� �Y�Z�~̎.ϲ][�)ILk3.xum5Ǜp�5�
KA*A!k"@^b�ݨ�.;\DZ��ђ���B{ 8�ϐ��_�
IaJͯ:Gv/
�X'`_�w\
N/si)8U˾|'H@f܅Yƙm hСyS�П�Rv4�
nr|;(V�"�-@0n(���j` yJ:\4OE(��O�0Q[aR�rh�)jk
�
:@'�C/�� �]2梜�%9f롭�� �mq(��01/�\$�M�\3�5�槝W27Wod*z� �(�)ES���s
瞦ه4n�E�1'bDb*_�B#|pvw@x�qIi3._&�ʲ�&Gu},�,ص�?��} %8\i,iEF#�{3aJtAA,nWZg�?{#5(�$ӦMw�fpíuK�:6翯Լ-c��rη7p1j2�OW�YL�@@jq*=@6A|l$"ޕ
e͚��qkK)B3E�[�-_3 ACA�#f8�ch�F�J�-�W6>USA�FkА�W9[�{�ӆ䜳a��KO!o
a:�Fh�>Y34&BV��q~�e]�4'qE"h
!,0@fs&$�V�Z��d&G�f,Ty�n'nt{0C)�V^ l�iݝA۽c$?ji}�:G_j1痞�D3)xm��.'oi�}
%˜g�k))ĊņV$$O6$AWWGc0D*H�Z��po{8�p-��
�9Ētuzg��֞Ԑjp�H Uϩ���U 9N9-
)�, x�t}{Ԡ�Qg|��AgY
jTT����O$҃q�1̞KzPut�!�0Ӡ؎�M+BBl�*q�MU�afn�/76%1is2Be$o�I �gm'C29��}8su-&�MYp4vF�8�Vq'ޤ�5$2��
6ڼJ��uTC�2"Y./섫kܛ:a\^��
A%�u0ʏ
�uF�A
Q�|uv6^֑*
zl4 FkrZ)�P`)�4N>
��~p.�T`rS�NfWRNb�Db�4eF҃f�h:1)9"Iz%��tɈ
�N�.Mu��0r_F2�=�*xs\�ߙj�a����t�z�;I�Z[>X_�t W3�Ν�Ck�pBJRG(�)܋M��pxtÏA^i2БxW]N /cU.�'i/ ;.!�'m{X⥃j
M��ye<5_�QSh*E�P
CjWg�pY4Ioe9օrf=д�(( R�miDc8w�sW]5�� *'.SP]fwz3%xҔRtA=,j#,�2ЇMO�|� 7_Z��ٓ3�\�=5n�RnCˁ]j�0V\nWgR�Br�$��M,¿]�G�ؕ�4�H_nz?HO��elR�2:ZC8�ne�^|HYi� P�%KA,|�[֪v%�!#x~.߽AgR��A]�-CP�6zP�7�IP20P�<*]l|h
�|m,�ct\˔6�?]aA$#-T!?1U`Wor&{�I�r(�hpW_(z0�����W®1�gv1�q�#[�
)aë��y�C� zW)ib;[�#`)OG #Kz}>#39(e��m�Jڞ3z(�+vğ{hm ObhhX��l�SM)
7+ɋM�4T�Qs-eO
h8��tѩ0Kf�-�>�Y5���ׂӧ;>��a-1�;4�";m9��C1��wh3sT)46sZ!�E^��*vl+rMmv�`WYJ7y(%ʬ�Ґ &n[p*V�JO{�CP7W= Ē>+M�44RTc^6OC͖hi�r�5z`����b<�_]||XH�5B�/mlȲ
>s
sz�%O�IAyӨK�xY3LDE�bGA�Eb nۮ'iExk%ٝҋ�̱�M��?%--wL5uKOdf>%$B-��>A#:#$UϤ6Mzs�to54݃z/p*@r%P�Vְ-YV�V�%���l3
&زa�-l���8wK(\eCJq�pBPQ^rbMO=.<_ӁFc�ZL~�yhA=bn{GU`+;�1}}Xt_DI~|><�|;ۙ{�@H^~?f�
IZ[NP�]]��2qSȋY�[atKغ�)s�ٗmf�h{.b/d�@,jG(=!2Հhk�J�I�g(ly>W%I?3'[|Grx)B;]T u)@,�>��`xߒ6d8ZAA�k�Q`X��dehB1ig"F��B馻f}��C +A*cX*!�/�7Fjk:7QՁC*RcUW7.�ʱ�[}[n�㦑�q��S�zu7/�N3�`%1bޗ\D_'i~Sȷ?�s6ZL4�ixH�ZC1�-��:i!m8O�/�Y.}7rRX5P.�2�
�vkٴ
���[|muu�x��aՓMv�FIV�<�eKɮ�]xM�@!. }��E*��ۡHݧ~T���nf�[]5�uZXJg= �!0�V=�� *l�eYa,��YTRV3�[.?KC;�gx_^l�s(M��
ʟV�_�B~W$��B?M_l�UQqz8ʷDV:h� TLVLl2~Ʈ�o�*̊n�_]�\Iԣh
~mȳ�2�4�y�܀R24�: I.c|)sO%��!�b?C-
|t�G��:""C@ۮ>űj-2(���]~D�Eȉ�a3}�E?*,r�R`ΔӻiM;_8nW�*��@�8��qږqڜ;��
F u�ǭj:C4'L{IdGPƆ6]vqKI�ZN�t�))
!�+`1<2_V�V;<�#�2
HK%q�*5 guat>v�a7�y�(o/cZp^�eyɮV��0dD_ҀELxY�W֪�
҄?472v@uMѰ<,�!�Y�
�OʖUI3�����'c~�ۢ�*2{�q\�4ڛ��܃e���}!A�LЏxoD��jDC$Kb��h5JkQ.p���.�Pe�=fٜ9Ki���/.3�/D�Ge��Nn^0FwYv3#B�b} �y0z��e]d=;+_�gɂo
vgjza�+^�sdR!]h�bz)+mm Uq a7^�H�^�+HI?5r=�X0V_@8US�.YU�`Z�����Z ;&}2D2��@M&m8fd8iƻ9�"�Xֲ@�R�&�cnxT<6mIx&uI�]L:�fbi�OoSԵW]�G"ey^�$� PI9Y`y� [*Wݦ-�o81YJ:-#}ߚ$V��2�'$2%{WX�&
��-~(W���-�,/([ME &21g
q6҆xDn!Fmz2"$G�@1�a�q$���Xy^�҈|`s@BFͣ�:V
}"+ch<�aWcՏ;Z�xU��xhT'd.gl�A7ߍ֍<�W�o*-�;p��b.ǍsܿGMq
-_}k�TX�����
%��j�ۇ�%:1 �E�%Rt"�J:x�ߎ\�6:tcʀ@
$GoIٗ~CgԆ~���a�4{�|lewdK6�_|p�QHB^fx#a�r@#j2%2B�"Qf ?y0z:n}G�dWC�kb�^~B�=63"V�55 ��ưGp�eD��wu��v%pAN.Їe<Ŷ]Mg\<\��ʸؖa&{I[?1'�8
�́IY|�
Ļk�y SQX1�I5l�yHqsvV]U6XL�:p�K6W壭ip�;h8x꩷\
"�Qx�"l!A:�oXv%UVĽr7$UލC"n.V�yΪQo��mkr�:hU>\u��V
I)CXx�ı ^=5̗nEt>(CYrU~B[wRs%r'�aH;8s��*{0`B|T�m}�Z�kҋɘpJv0t��lp�_�t�,RϞ4Ÿ*ÝY��3Np7�G~��n�\
A��MGW@)yF�̢;;lˢ4i��0 IB01䨔\WB%A��hM!VB};)�*YpٷvQ�Q��|nC�4;屐�]X\HL_�~
�¢.BJ|grTm:1/e�//?]te�2FI1|Ī�6JB-�tA0bLxa~���}^yH�)TI[\�DPbҬ>dd=iI�jq7 ޛr�T�I��l�8,�Zfb]X6?Py+aZWgAdZmT\u<�*`n�%}���:�ޛ`7~n(�S:�JyL4l7�?˪�Cdb�
J>nj>eN� FO>�gBǎdQKϏn{cشUd�O����Y˭j8b#�;.!XN�:$:l��~��Hf�-pƞ��[0,�z)�sH՛G�@1,�*
!�l"}ۉ�� 2W7i^$��|3VZ&#)-!=&qoQbJ. ��.41�GI/+bmf@akpd��~�)�!^A^@Z�8ֵ>JjB�j<1]�+2t�F4ޜ,{'��YGB�D�Y��$/Zٔ
�T:9�>^<��Jbu�'j�hq3f�/yٳ��-x-�ޒpMwf�oe|;,:���I*��cWjveNf͓������p��K)x�Kalr2�Ƈsc$̸yr�6#讇?��8eN�<|�+M뒷˵
8jH\��7);�Y|d�R�f�(iu�횵7�"�)
5o8DfR0.c>ܩ�ec�Gf|
'9Qyld��F�#Q:�2Fk���Ij^�b�}m D�$q6˝Qn*a=yϱ�*�4tͼ�Ew{M1��Ku~"zd=�ܲH}Ǭ*�<}"8�߄ \P��*L�?�Z�i`VK 80=ݞ�צ;dkEb/�GiaYs��-�*ҍ�I�oP�qᴀ~*M�RfS,PcUQ�_ �
0m:yr�+oި�$i�K#R"-/KD�~rC48(X!v�X�CdY��k&j#%هD݅-hU3e6,Y>DB�u:&/|^{#mB&b:LlQ��W��>�,|@Y`�$�Mw{X3%n1�;6AhBZ,�b*�R�cG
9K݁*cd2Ngz�"x
pxqJ]��2N_�d֣ve/3X6hh��ujZ*F�/Fˠ~Ѥ.7Ok㑤Xںy/·D:WGo�(*3PWwʱR�;�J4ߚ�Y�W�:yc�FJY5=�!x߬��Ysb8k5Rh#E��6?ެl3�(QӒzs+m8,L$�"�pza țq�N �.��Qq�B�O�Ac(?ƷU_��VYpVXuCM0z,�~NOz�vsES%P��_k5�qDZMc7�U[�-��νUyPG Ҍ %Yns(Ovf-�a�ԟk-�[�[��ڵ[w17N �VPG%7/l <+y�gEzvymn]ޠzűNqИIy- �x<(1�L,?췁|6K4eF_Naɴ17^�f&@wfoe;l�νJT as!�Xȶi},�mR�[r'Ԕ��my5P5T2Sh�}�q�7P�wTS͚0ld2:@Z�_z��~_>*ξ7In5�v�̈Gכ MkSfᜁ2P@q�ߨx4p*Xnb|_@�D;ݵf2p"�a�XBC��,5� |G=VgwQ�^l1�9��}d�ГMZo*]:�W�+|alaV;|h(mo�SS3hGqUosqr~�0&ؼ �&�s�^'.�Ḻ���;H*bZ!O4^f�*)d,cZ 9U62hf7p,�/��#�
6m�4ބ DP0ZC��~�6NL):{J2tҼ���oŅL-rc�@�K�x_^H`��j 'wG@>��C767kaj ��כ&�hhٻRƜ]n��Qѓ��~D��n$O�f-x3, oeQg8?pt'$��LɐkڈǤ9@ljcݳ؋dz�\;�M�@8!y�Eu;A�r��t`*�X}(6GI_97(f9c]e��)˛XM[>�V 2�=3ScH^(^�[uf筊[s o�&$=\Ĥs �r��
fp(&ÍyViw<,#J�b9QTs]+-P&�Ѫ
�%T7a7Qw�U0AiFɶUPE6�2�xXfp%v3��9<�� 4cjNPbsOkb;7
6l<@½<ٿ@'|(4Vs7�MO$e,)A"���Ջ1�t9I�wøA�&_!�]�L�D䐳'yؿ�I�Nl+y�[- I�s�&3�*i FScCs�Z]%Odht BOVk�9g{^8$G]�zX�vQ�8���^c^U9i!y5�sG{{m!}��jG;ghB̘���s? wF# Ĵ8֮v�k/�*�IBV#߬Gy���Mt0<ξ��=
8&QoGc�a}��y=0mL4iM>�khZ-E��YpUw4$-;7GGp6�:2�C$l!Yw�]G�=ydt
*�4� �-�Q~Ԋs^�K�,*I�QS� t41R��Ih|D7:<~0Ʊք"YV@ ��dʸk#g�tP&?Nw��#s�l�Y~lz�^J1-Yӱ'l�Tw�]'p�G��/�jf@��)Mm>|}H":aws��� �&RPcá+Ў27mˤk1J�H"T�oBܶ�;��I@!M�Qʚ1KY ;/�밡P�_Y�ӲCK&��$f'K�^Е�%*#��IVz?'ɲSsQ$QX �IPQXe3r �|(B7K`OFl�f�AgJ��[�&�1(h+Ϙx'HZϴ�ݱ�[!!�,⥙wC^0��aSᖍ7w��J�.��
}�M�O�X`!�>�:g
�N|
k58~cLįR��A&1q=C�_p%(/cő"\z*�=7$�APQt)�[h��^M�w.�mo?\�/�GSAk����C15��#X�ainY�$l�d 0PK`d_Aч7ﲅ$~$]s�ۮUFmrTuȱ]q +F7飹GC�u>K/+)X�t��sA�l2L4"�ޯ�X~�w嫃q2L@Rk%($�+KG%Ne|(=ߜ�RsD jߏ^>Kmb�dFP
o}?k��J��)kÉo`e]}���%�']`W"#,WYg$uaWBx�3M_�p'�
�,eMVdId3-Դ�z��t%gOq^S{8M&E��W#^h|0C4Aspm0z%�mFU�9J#F^)<*ÚzhD2u�X�$R�
Ճ�T8X)=U
0\p�z�_!3Q�[٭ �W9)#,�_h֯ގ�;L�JC0��B�Pi_EIP�G��|5l�g�˨Ŵ/�R�R"G�8�Tt^s�Ov,mkܿCa+*>eXJB=^2$�9=<@L��
8NfhA7&� ��J(b!}�ոf)LZi��وX0N�(�R\�/l^�OsD
pl-i4w"j?�TM|-Zq�L"|}3Щ�̆�6:rXkjLf;�z1_z���AI��CnԦB �1b&aXP �97�V>7{泘z��}g��ۘK>r<�<*YmōV\:\0��f���)!Aipz!?
ҠM[c5�"š+ϕ(�RO
~z籦hi�YL\��[Nf.
[uV�~OwQ:Z�`mܭ9JZC,vAcgh<��c�P(lD`O
Jk�;_bB5!y[._3fc!�W�ANTR:Y
l"�"FNX $^:pISN70H4~�4p�A�k�Oo-#'k�Vv��/rR�"0�8��ke)�K�ǼK^ǃn�ߝmAZ$'(nm]r�d_/�#Ы�8�zM<�M�h^⦔a!偘9w�?RPF�sa"{eo�Mn =1@2&4�%�o%A7�#[C�B$�rԕ�]�|��jz�/q��Z�&PW3h
Cꁥ0o!r�Reor�Q�v>Āh7�V/[=f�v>O
�9��%(`(G�|}T�,�v:*K�郣poӚ9nt�[yK\T�h�uuΥ�r!'G˧Kی*Pf�>˂ޣ�W,O�=R��q$O9XC &qx[$BdG�](ƍl�yQpɀc%�,Rňjk7ky[%�.e�PP��>=,약<��^3�lȂq``"�jlX�w��$�ɳR=�&�7!Z�JDQG\U_B%�)W6�ڡ
Lpg(R&kԪ�7"�&��%e.5ܻw1mE?_�8!���Hr~ǭzL2�v ے1Ht�r8��@R^" BV],lki�#){軤<%��"�% K��Z]0ʶ�6J�m�{�Ij��v4RG1@��s7K�ؚƎmd/?/[{�lN%
I9pc2DdkWߣݣp�
msNGӝ�Q
䟹i�M�#˸Zy!O�֊|fS)[`0, �79�^dDv1�"ksy4WF#
�:g)T�54_d��D}0ac8R߇�.)�jړ- ߴJ%�rW'1`�'焉}�B!���x����[p[H^ ��C�>��IJ!ғSX�!炣� :eo,T8$U�K�Y
##zAQC))V[.VP�yEZ/� 2買v���$Gs"}\rSջ�N�&�dN_p�25Q b_Lsݛea�wVLs�T?qr@(B1!L��$9[�a/شaL£-|#o��Rg7OdL��A��W�D2�Уq��txI;�-�LO ��oq#9�`40z5U�œԞ3�$6j�yp݀�#t$[M�zFlj�Zhg@71�A��*1t�h�\'kE7h�e$�5p7:)/s�;�r�PC;0&*��ONPX�c◂0C@ӊ96LŅ�]�_*I'B�&E~6Gf
ZZ���ˌS�rr�6
+P5#'�UeG4(we�Jaa;H�~K A`i$`+ERsWk�/W�R| �Li�=�HK\b��vb?[JwL�|��02a]uS4&9#2Qb��b�r/vBg§V=O�4:t�
�$wB{'�O[�f��S3tl:��4OzD��B=dju+I�-�wKpF9Nd8|�Lo�Rg�WՏD6^h�Ӑ�p�3eԴ"�2�pEQJ�M[cKxM��ڝ�sLځS7?-)l*Jl!
ϣ(WQ�-Ew��rX(2��q��zɊ0M��[��G,U/\Q�귌�I^_o?p{+~�(g�6ɎF��6t�t�Ț��{}XW�z��&TɬK-#đ֤x�Q~[9jRT�|/+�W�BɜT&:]7G4�+1��t r-[[$�i��y�؏RC�0�&Z@B;/^Ż]h.uJ�CFaB9{'�T�uʿ�0$C%
9ۿP´V+�L$�bݕ}[1;Rl�+7LFz0-
FjҍH�ؼ��m�F
�kF�Y8kC}�ʪ|4�E!v/gN@*ώ6�Qe��CC(��05� r��lCN'� 7vभoAB(&w%�A3&QO͠woNg�K:,^=�үI4HC~
�̶U��0cR�y_Y?S�R(;�7k���t}ԫKxW:��4Fێ�*$L�^�Aέh8Ksԅ
Mp�-ΉA{\Q!ͫq��;6"���֭���&@N\D(B/�AU%�7T>D1Ǹ-Dz(/O3,o=o\|q]`�@\נ�tX[.�P 4�4�ً7��丿3[p/��s�YvonĦLG �_wSV�ZH�E9�m�@#� �߈ݙ �O�|uKJ��훛q�e7|Xأob��_�Dn]�{Õuyؗ�L�k��,d:o�t:#k۽9y�n揧a�W�7�7K�!Rgwa3=!3�^~�A{[�LkL12_-mHԀ�|3ı-�0+@E��Z@���K��
��;Gw
K�j��﵁V^�{�G@c/11Dȕ�D�/
"_#
���>�&r�DV�-Q( IZ̪g��H *of
Jͥ�M��×Xy�$l^VegYh͈ެk3L���OEp
C߯F
]8V�
1?T&!is*ǰb f�ވ#�:Sp3ˊ�E�aD�a)��.++�D��=]��� }HdʐLڝ$C*8p. �4ͪ�A"�wQTyYmC��R?@2�*/p��J]�7�b*&��<�V4W+Gg_.� ]!&e(nV�#>_-ނ7]��(5eNՂ*z�ƻ{�SR�Ys�����9#
��?�!fH�K�UQ��UUL�
fMǑx��~x fNLF�fȃ�SVίJCAC~b���I53>%!K啇u ~tj;V;Nw"M�R�T:]t/ܛeZ)V�`ŝVsX�[*.m�W/ۗtdhZƻJ~Nvf` L0'(ǽ;j[/@u
rsJ{Tf��GiKBxRԕbnD�>BCC1BˁKo�A+��`�*
(�ߖ߬T^nױK�%ۧê|
rGAVK�<��>O{�RN�Z�C.v%g4A�(0_WB�P�@H~N/߰A)V�`#R5Gkn;|'=U �_9�"k��\gєPh�:�l2��?B
pt>d>1>�Mw�O�ʿ(fe`�-Ms�W5a&ڟ%�4�_Mt0rґCUR2)���Y�F�k�Ia(VN\Ao<�4�ki��< G@����H�ܪlHbοY�YT�}Ŏ_l"�QϛM %*]zKf%X�+/@�f�vsBޫ{EX�mg8$�4dl+E! +F;�+ 0�Jc�j8\Q"fVdi��~qS~A�y=3�v09~r|_�d8s_g
};ZFv �?kC[Rx�G�\jD{�Gξ�yfHQ!��u>r=
ny'\=XC&_VIb<�
ʗu�Qsn9dk�;y
.LZ]I-0�'4�
V|��{weBH{}c8pbx1m=\B�/
�OsOG[,]"V�$KJCtj*s�c_&ui5ๆY�:V7<�u�ĘQL髼kU Xu8��L~�
3w�J/˽q2 p!ǥ/ٖI!����Pba���(�Pᆸ�{i�2B OvG#j!FɄn+͔O�w�j3*g^�&E �[io͓&ˆ]ړrR;x�{y�IFI)"a��gsIt?aյ�h~:���W@2XRWttL�EXm8@Eg#vR$:@C�J� OI7=_4:6a7�#?o�Ƅ4'r,tiQgL�ܦ7I!��gxBjq��ٜ�,).�KZ��$�f�LQ,3Y��5N�YyiTIˋ�]e�?��:ƜJ*�QϬI�jiBiDC.veZh/țgk��~H���\M�U_�*%VmK��x��jnq^�ޑU1T]xz4P[~d.݁�8V�f-uƅoB�C�e"1U{ImVF!lZH�?�^j_XYQ�S�Ls���6D$i�'>u�~$�48@L샀=ڽȜz
�)|۫=c z/�:�a=ͽkn�fΤp�쎗.͍�pl(/'�(9Ik��y)4I!^uK�C&5z#}yL'�4vG!'��VqR��^7[As
dԘs0��hqbY]0+K��{:ʴ� 0(g�e8\��M�kuVi��(z �\0.1��e�֒�5a�ukP٭�C槙
c>y�#�vC�輎��Ksm; ȋ�/�Qo~N">x1�|`wf,RϺޙ..xGM'*H
�XNsҊbླྀA�̭sӇ&�F��h@fR2w6
Դy, k
̅4UB
l�M�"PEAF'}Ę��ǁ�0�'#�{9<�y�4RTzԛS18^Y0�eKOPn|'D:TF=�d7%ẂQ��>
e�k|R0Ik >;^Wu&�vRؓ][�B'��6_�6�f-NG�TD37بO(;��9��PPJ�_
a6;�WS�?m]8x8Fkk$�\v6x�J}nLj;��>Lǿæ�Ćiט�5V�haqCi
�D��(DET�^b{�H�xǮ/�˿O��+An��u�@q3��ͤ?/�'AHBOR��E2C�MIZg� KuV�r)O6i�S��N1#;�'^_ڨcIfkW[;_:gخ4daMm[[KrEK;3F�ƹx%�aֲ�U6O�**ݐi
Dz&R=r+g̉E�@*#%,�#|U��!Ye��MtOo�O_?ՓSKd�NijNih6Anms�QJHWh&8�L|+v�}�dpQGrv�r?"��m%r��1�mŗj\L֎,$DkŢ2Ἷ�Wp<\�OeY!�=�? r] ڦcT[CVm)y;)Sŏk�3>.̉ @5*xb�O��h)eYe#ڰ[�ۘ�Yh#.7j%z�-�lٔn��_kp6�?egD�b�sA%Nψ�z3ؽ)سՃ�F�|[�
k��s'�nO}n,�f_]]Y.=W >�Q<�շX[>J�#?-Tq�r�m�w~?)ĩcw�ͮ~�a:?i�V)�7"b��O9�J�0 �uz< W�;TUD�c==ٽ1H.R�d#z�� �Q�LϦw�ЫݷF�A.ژI4!H-.=p˵+?�%�z�nroK�V�6:F{��OC7p;MU/z/u1#�P6�zІWr�~�{�"]6,vJstEX�dեsbpB�`�
jXt-=T%[x0ZΩ�,�\b�'W�IN�xE~^ %Rg�i ����ڙK`}L�Svz��M~��F\^h% ��I�ZBb=�
�Y3KM)b�)&~�\j��
۴şB��=NKW�Kt�� 5`V#Imus"7QzTv"Ӷ79`�EPu"9f�C�-Nyq�����
�vZʍ�`$"#ćH!rB>���j�f"��1@BS:�-d-JLZf�+{i�Ԭ~"j$Ze`�^Q*��VL@4wۃ;�A|](g-G|B��(+NcM�q��%jX�B]F#�Q3�3�.$I',�|.#���dH}?!b#{�(O�dD>ʅM{�I3~AY��9�2�%�[��`�`MEהe=��gie�#BnCx\yz0̀1A1#S (�\A�bJ(�S>��zlه �2%g�SO#
i7�,uCpb]%Cvoғ�X";0Ki@m|<,8 :k`�_z rTd�ŮTցE˭j�[Ho%Wc#+SxlH�q�B B@.rTӘz
/���sByMB&<�,ve}魯��.9w~�ˎy�@�XDY)0ѩ(UT�ˑ�H�%[�^?Da�
`���318z-\8:0�FY�@0!3>w@8X�,ݡhR$WN{f*~m8fϲ
�Y��llKva+W;U�BWI�w؍۫dA}5f^ʽ!H�r3;o|Ɖ-oy��ѯ#9ڴyw<��W[8w Ԟ+e>�EE-+~5d;tZCC#c4yV�(�\�|�Dȫ�s4=F2q}r�5W�'�H-6'fK�[g=|�徹oeG��ˣ5!δM�Zր�={]� p�l�t�|w-�J:�X�u`�A�6o=�DivA���BN+H�mNy�bߦDyFyi%dU
H�2ua!kxtK$Y�r�x_�nԆ|;5]L{�]i�:и齠f6&NK�Dzz�}�(��(M�̺MPk�3� x`6DVE&��UW�GGc��$H�<���KzqW܉gWhfF)��Ǹ��4J�*��!j�;MC>��]�bK
p��C��_7#!��g0ǁ&L3>e�unNe�lQ�^®G�R"]5zWɭg2a�eDjI�!>0^9M�/�A�֡=}A)����W�wk9+prX�":��rJ|�Q@HlLS[!.N�W)PqkEt�|OW˩�`��X>Tȸ+7&AJ �G@zh0�{VLbDo��WG*�rvظczY�YRhk�hٗz{�|:Llo=kxS3`��fTI�)�R֚�WcE�lȗ
Lwn����[0Ol�܊ 5d��YJ��J{�p��mv��
J>�=A[v3B�+�~PGoRuL�"S`{\Q{�w13`?�-�?�� �z�Q��zV2�;�/9y�~M%;IAd��L{oE#�#R*oe�@=i��o#>�7rQ[*ٽkς,��@%�>�4uywn*+[Si[J�QCm�}� f��/GZ�ۅU0m?�ɒ(Oo'PaQd���C��5�pGn\N>e�̓c5g�p��#w$/)z�#zq3����]V1T��䡘r�C:&t,=jlpYcX��ˎS:D�G+E D;�MM`�)�2jΎ
u�3t�.{Ct�g
"�T|�BeҒ sٞ�Y&_ށ�Q؛�� }V"�:܈j0,�
"�IT3o�u18sZ^�eVslD:o/Aʰz+�=vvWʜnC{,J(jDצTF7x$�@D8NN1jc2j!tbevG/N0�{g����vͯZraV�24@F;�ǝjSd m7`�&�
FyA끯Ac%.{5k�r>t'�'�Z#`לqK
��p-�5x4�S!04^C�1�ߕ|�ڭ�=C2p0G-d�<[Ga�
�M@��1T~S:
%o��\o"�qAhM4S�y���*����a�dۣT�kT��,&5u4v�ٸ6^�XEڐ�|+U�(_y?\�B#fL]��"7baeg <�D&Ç�,� ©i�0Y*ꔟJ
GB�9X��ư�[e��l3}�Ʊ>�oiTwxUvW�|�Wv}.SR4/ЯYBPFIX�YbxXi�n�Pَ܉j HY;�^���j-$5>xd}�8=Ө
� cMV�o|pa$a(!4I
XGhj5}vl�a�D�4��$gbO39�Gt2sh]$M�ʵ�)^՛uՎSr�n�aٙ$�ms{=k;(Y�tT5D\A8i/A4B?�eq95��%Zp�R&9;L8�y�x$6APK]{!V�ӡoQ��./|f%=�P�uD;=!0ū�&gEY�?$��0M�!�`��+���BoV$[4��7jXtӻƎn
[�7q*�ȃz�#LҚN-3u/ց##+Ua� [�Y>Bi|X1M{�Ӑqvf́�TT�yv"8
ݷvLB~
/�X�#e�.X�n(�~ȵO@IZ20"ēQ#"%%;ż^1㥩{FOWO
V!f<�5�ԀK��Yc'E1sȸ~2RQ@�Ʉ�x�N4Vg)DEnt�F>#�o�h~H=�0.gY!UL��z(.8ٷu=�W`I�=LDx~>`)<_ v�>jOpM�:6^st=Z4*K
9soMSc�3�+H($�PKWg�,�un�@3R{6G}6:v�e,����{_OQ*4<ѫ>Ҹ-aƈ��lt�1o2I��ZM&hm�C%Qjɢ(l�"7-t /:=mKCynذo���y%c`;#�s`ݓ h0[�!s8KiKV-->ئ�
4jJnzl�7#MN�R�Ǚ�H�ޞm�ˑdA !7AU�>G*�-5{{��0�is�;�EkDoDъ�)s>�W�}5$>.JV9�<,Ϛ���?
@qq�}b9��wLIvP;��ٹ1y;BtLE�K�W+�0&[0`k��nA;
9iQwlO�蓹R�&Jt1=�wFp
_둍J'm^j��at):qu;�nRP�Ѐ�E?�^i`@l%�SDӊ*9�oV��
̙%�ɼe�L4��JZ
g�!=)OhWbl*YO):)'-�b|4fo2�*mTc�ǵjC(8!�6b6dpWv4���uq|�`{�c{�o`3{,T\�+}\«װ�[Ge\DX|�F/7��j�Mp}jt�n�1|e&F�8�m6`xxf9)w�䈜:d|��T8���b��j1FTn,�-ʿ�AeDQFbsj=5힙vخ�>\�ɲ+�� VH4"
&Y���[Щ='
j+W߄ 1rCWx|q_eAJO5_(gT=z�j|�%h^���GQ�g-!it+v%|�IQ��$k1G��_P*^�3`9�k\?z��7�}�y"R��o�P!"�+2SM{�m�g�����0АXi��s"w[�zDeLh+RV�AYU4I.Hܽ˙Bf�.w3w6DTFtk:�4Z��V9
Ll~,ڡ=Jڢ]sd��C(�Zqj�of3�7b>�>ZQ[#|�^LZ
�i���JQ�4�NN'U(O�sT��5ꚿar*6v�)MpH{ٰ
�L�t"W*��rdm*s�IV
d�H�IP_
� {A
�+()m
�{
Y ��3'"e1�ac��04F=(v0A>l_]Ew+#8":I&OG-]xkd#η1S7}ƗxnkA��^cۚrQYO�FºV��0BGN~p�S֞�m*7@xM�#`zLg[C7v�+B�U�lq�X�uw�20�ӓ�Gc�nw�?�[0�k#%y_ͳ}x �R$o)tɓ}N拂N͛TB`�~܌�S�^`OE
�k;[H|[W}k;�5�:V�ӯIyob
� ~g�^9��Y�즥9_md��B`&z[K#msMϰĖ?33>F#"?SYmFr%a:PA+u;C/n���2ݖ7�MrF���#
ҏ0�=�3F�^
p�<.bJo.#>r0Ђ�g�A�
o^-oX^5>e2()4I>,Α: {1�fyS$�6rv�T~d&n��o+ �h4�nE�pE�{B' 4�e��[�Qsɞ�<�>$ڨ+UNЁ�Fj$;4��?wz�so:6z#$(6Dq&%$D˃hx=shy#xVe5G"輏�\5xH`]�M1]0�S�y{Zb|�5Ms+�;h�y �qb]�^Ȩ��O�r`�/��/n�qL7R�{BO3*�.�-.(F1?7]1�ؼt�L:4�[uũL�&હ-W6k0%�V$BTt�B�hͥ%kCN�� A�p�r4Lߋv0(YN%"�@owL�dĵ{c�a1�J?ry8k
]gj!4+2Z)�$UG
�x۳:�|��EBdx�M.Nz n��%4�QO!/o:3%�rb�Q_���B�Lgc
w��xSjn)~�7<�&z�\xLW >JL+^"sX`B1e?.#F4�A�G�3�[mEKE��Qy�qi_�[�Ce?$~>">{%5
'S-!Մm(oY=��5ֵ�0�q�.rClmkk��xBqVU�;X�]w:ǤW:3@P7J?FP�!=]�ˍ uK�}4m�'hu<��X��c�gB�9��2ḃ#G~��xƣi`z����ǟ�4?!1mIޏ1 ˅x7V�ӏ�q�u�q,melZ^��L.u^#x�t�.I2?ŢV8E'X@e�`|!@Ӝb:�v:j?>jWBzUʡX��As1Y�X&C8`٭ X\9_ewE*
70!�'W��&�z E,�RN{."$S�9ШxNQ�Ey1�sK=�P^'�LCYC�U:qӁJ$?3�6w�s_'.S�ܖ y,(x��Z*@O嵮�c=2UtH2mdӶK�RKM/��#�ԸgHpt/ʖgtpPiRz�!�æ7I/"B'w!\qSL}YAj?m%ŝZ)�=Ƽy�SbM|9~Qޗj�9){:Nb8%(�)�B:vS�L4¼!j0O�4
��)�;ͼClyj
xnkN'wX@)}}rk^!^51b��<-}R0].l5ϝld^}0[+)�aN�ģ; op�㝅�2X�uw|�g�1Fqw'�|Vyhʹ�㨢,µ+�9A��rY(C[v�9bQX=0J�oJj8J8.:�GEZSO5GKvݳ�nk]3"
#%�O7�فo�]6eۆ"
MJ�qY�e;��ָ=�y
lT�>O;�K'ς-)=vʴ⫟r�X*'wZ�6Ǘ$!<:�%_�Vu>�{��}Y
�cS�W"N�K�}δacMBCV}bkҾG'b$�h�/02��?R'0 VM6�xE�Teŗ̟B<)H$?(�D,^��s5k�М-�; �nˤ�H!DC�d]>�{��1.s!@$�ͷJ~o6"cvl�,S]"�~DO�%5&Ò9�&Nr�)EYV.9b#DDnt`�_!¨
V��_s=�f#�Z�UbNS4J�6^,�Ґ�TbOxV0J��d(ّ%�0N94���W�Vd.^�;�߫\S�X!.(hࡲ��Πy-��lq�{)1@���_M�L�u�a�(0@=MU]�>
&�
)�rTw �0{Q+,[
y�J�h|x�^+]r/ys<'[L>�F�"#`30JϜH]�j+O�#32�� vNc5D�iٴ˵.M"V�S7&Avې@6b!P��H_��V;|З/k7Fo�8џZK}��Y�+]lj�7X��-
ؚТE@v�eVL/��|A8a��6.å_@��6r92�ܫãʝ!*0;zwd��7L-�Aݧ/��pc��CR�`
Y��V�q8DZ�c#'ш*XU B(K`>B:C~+76B�\�yx0��54�ȴjMB3 �iZQE{�TO1mY&.}��9M puc(ޱv>Do�̾bBc@T}G菨̎Q̾Gt7)79(M6Ks�3;ZfJINiރ;`wϖp
2z>�@=:-�Gdb3l^��(�%ӆθ+1D���C�MKG�k.�eiJf(m:g�?u#|De {mܖ@8XCP8�ǺAdO.97zIzx�X4:
UA\*�ˇ0{Om��y�W$�RmZZR�o7BT�R��.
بp�.zà�o/}?Pv2m�7"��@d薨ZKQ�)~wSLRO�>
:bGD�,ȑ�K:q�me*6�[���zSBLv�~��MgP"H]��+�^4g�QR
�@��fsf�;Z�Qm�S[B$�Jb +Tz��'k6gxF�ÚLpHKD=MHB*)y )�-%�ۈ{@Z1fˌGr.} +�bB@B!ħ�M✝ǵ�U:�;s��~h `
��eE�/3
S�0!2�T:w��R�G=pt
\%�DΎ�H��xR�*�go?.uϭAA9�tYܱ`^�\`e_:om1znYa$Op^rcz
vS�-ٟmd�iXo��Fʪ g?,���[Sm��ȁU�x\�19/�N�~k+FdWܦ v0?=�t�~�v�R{U.�;zfXa?mWNjJ}>�\$ݵi8}Ğ���~
6
cUpEԽֿ-"�D*a:�$Ǹ`t�S8
R@۱3);�sE�[N@�m1+tbdZ#ex?u�f9\Gaø2u�Ny4H<<&��XM\ʃ`$Zʇab�L�ר\: ����Ro)�U>l�A���eOWCfNJחrW4B@
t�clTP'��%�,-Ԭ]K7�T�wҝ�ݵ�?DH^F��CP��;Gd�
�Y"�z�DV~ֹɾ{
1ybգb�{H ݘ<1bGS �,ʫ�xE;�G*�עі�T�I0&�'kQBZeF/Fw)K>�.�,%-2T�M�DnI�O�L}�½pc�*��}َ2�F�+o6�WB�D�,G�$~�}+�Zhnqpocv@�l�Boqܶcg�h:TE�BH4V?�u��]v:v:$�])�@�&�]$¥s\���AGVOO|^Mv(�]'ez���lVDZ��S2��]?̨��Y`V"l&^H�K+g4YW�v?*�}ۢ�O�*`'.�4A
u4 V7c�\�H a
JM,BzPj݇
Y/J �ITzLܦ��/\��̼ZX]V�^Zx<�aز VH
B/8uEC2�T- Ġ+}1.}`Ӄ�;B%A6T;�i�gN8�bUL zM"�*0?�#�-���rh)�L,zWL%SWC~+W/ì,@�E
EZ8�ti3@�]�p�&&aS�:�"?'�V��4�њ�vZ�D:�DM{�N]�1�}݈Z yD
~HT-y+0�+%\]烁R�-�1t�
�k[c� �ULRI.jL(jL[x[TK �${�7A�,W)�\3n(qoɡ5STŠ3QVj_�SiyK&�DVOogh!ke�> ΐ I#94F,E��Zfep�{ϖw ae4ƽ�YYߟ] : ^�3��>:W5y�\�C1ݞ�ZN��U�R�+�#`+��n�˘>dXrr7u:?�`�,Ӊ�dz�A?~�Ȕ��c�m�:cH9ı_hMnU.JIb@ͼyS�_匘#8.kWKE{v'Ll8=?u�ׅIqIݨ�LTI])Aw._S9��xl.�KY"1o�q�mE�42�J�FgO2l,,�y跨!�LBdmm&tGйUrR�J.]W}}V�.� �X ݫ_:��!;ȠP㪯3lfʋE%?�Pj8)�s̠��/k5߸4"Î�(D�p#:�d@�'*rTro��8�;�a/فe�i�Z�wT2�!��Ǝ'T�@`R.JhxQ`J���iK^�HJH�P4tlkv�@Fάɪ'mX��5
[��0`z]%�9=V�B30QGe?v==A�QVĞn/teT$-c"4k0?v3Q'�T
ShKjtc�B5T�}�Hat۾כQG[TT@ݾ�l-��/f��8pC {U�"**��p�5#.#��A1����
k9f03č{3?l>a>7ԋsZF }Hs�W5ΔM4`Lj4s��
sp,h�!où
c(_-�Ǣ߸�J4BL/,@�;&��>ӵiQܖ�b`'k͙?�0[z/�c3I(S+�֭(t�(D=o�S7�Ip!O~P�J:U|o�aј!ElC�؎@i�7STwR�_pC[>�_k.2钽=
"Ko�L��6fmw"u['؉}W.?(|�*;=";ַbl�M\끢��P�t�~#L.9�U6o�ևpjNʡrkYS/B�_2U:Qc#�i�ҥ@F.b>��qx���Z*��ڍ"!pM+(wP0-Pb�KC4�9�ޗ|<u1
%G�o
S(oF�-!(�HQهN&X[גY'y
2z*
�nNpyj� t"�
�ޅ�Hʽg5Dr{VK2ϡrB$w2%;oK�zSO*S۲CQzQ�R�WH~34;%c/d@2tG7o]%;6U'��s9��6?b\�.pԞ�C��JI'y�^mTfǥ³v�PAƢk4;x.��;f�o4$O1Ѷ )vhaZAT#mb8I6`�Z��ˎ1�@Zu�mD�q!��HѮ6WŔa�t� �?�%x�
�n3�=�h�zNl|C!�m9A܄�}O(¨�
�iFIw�.W^��O8g
�̱UMi�8DA�#�x5i-2w&�֒�y?Zȑ&?WAԤz݃xH-Ԇ�X��8��LQji$selw
��m�}�d��_�w�ߌd,Ѵ7)p&�Fj�~3O�x{�'3W/ʭ�-,�1k|/�f:,ah}cЩ^h��]쏷.PKpO;P�>�D�S�OJոgtF j�ĠNS@!Ѧ��(IY7C�s� �늊}d�̉N;8YxjO�EK$YS��H?����F-�t+0xDK̩CAg"&B7eu0C� Kߗ�I,��hyxiٵ=��lM-zBg0O9QDv�g�Bl$IƓʩqkѡ>=3IH
��7�ȠqFH;�f8ֵĿ/!m\ Ǟ2oW��Ef_�;gl;h>VV%1ݣY��_W�/�o:�OV9g�:/.�u?$_hk|�:+��YT��}o't�=A=NF8�ԩ;ltڎX�6< ��slW)��Mp!,FR+ًmZPVn h�܄�IpnS鶤G)%[5�o|eyoʷoo\hPoGHjr߾NZB�!'Brs��-C�A.E.M�1tv��rBU%t!�c4vzF�r�ch�3XZ�/�"0וw=-�xMp�yO-6eF6#C+%vP3�"/=^�M&xri^�Lp&L#s.u�J�~P
Qh�PY�\]I8Ƣϊ�'`}EVh1%Wg6^AlU^��D3RglM/MJp��uyn�秧Z#c3^'ӹlj}�aӆV1ߺf�hL�?��b_q[83U,�}�W�wٵ�{Iȸe�۰S8�'�%k�?; v@BA�m[U�W/�sISW0�X�FwƴSu�=�1W�O�$#&U�=_N2L_ٸ�/<$w,�;џCğB^7!,+��7&�gWhK
7_Bѵ0Q6ͽ�i�#_��yr -��`�D
L�W=ځ6${3=^,^ęA0ۧ60h��pӅ�Hh#wlڹVH&L1]A�]˾�)݃'끈 9v}^smK:$eI�l�s=A�sn�x��M;AFd?�&���EGljWB~͵[m6HDS��y�ӲA%45!/5�Ee(⥢u�ljc� �v (+C�7��ሃ�vje k[@0LkK�F
Q-S(U�tA*{D: uS>JQڑ+|(ʹhb�qn`?٦�w釿]ɍ��n/o�$V
%bM�B[}ۼa9Ĝ:)�M8y�jɑl#g�~�cnͭ{G:X�#Y�I8�lY�i�w�k0.�l��a2lZXޏܑ q>���s���֣E
*hOڍ3[�|�6Vė�(�F6�l&6�92ӂ2#|#jVH1yD��f=#hXulo(`�,]Ufm4& 1HQ
d>m�|�$CJu=%�Ҋ7֮nûR{cgMZЊ��F4D,3\˪?ɳ�Bo)>~Eַ�L=�6x6ޮK6��P7q�jʓ/гh4OQg4�\C/ 99K4�QK�Y��h�#
YM/�Ud�\D{.D�*�^Kړ.�DTUХ>��=}�@k(Ч\�5�Lyk3G-�]3{*Ζ%�]颹�F٪w�}1:6u!ó�YCC8aO@Yq�C5cī 's^bi2/�B�c���0y'O�` goq�|Wc)/$!�d?
z8 R�@�j�\ Ơ�E;E@A�$I��ٚ~�T~rH?@GZ-זb��|0-_hK�L7�5,+#�+0O0ed~ �#DPf~rY뽩�u�2u{
r;9�qϋZH9jZ
r��fp~ �m�A@I(Pt_G�v��s{CaI�T7�n�b�=Z�õ 䙱0m66J"'}�g�ۨy�FG���A~;�R.�'.}P�TN1z�`x@Yih⋧ +^%a^*8L:+QxAK8"w<_+"si
(,{�B*S\Z��S5BkytN#kv2SOg�E=
$̍dy�BʖAn>J
RUY�ҞhiqHrLF�W�`v4c�S`�WJ�{?�|ZgܘK,vJWT/Γd1ƾIn��~݀B
x A�&6W}ڬJXj0�Wש^yeeYыp;%,�c3=#t��6Mӭ^Q {!{`����<֣�PĠ{n"Hdq]�P2q:C.1��4+@'+\!vt
@E�vA>^x~s�aʤ{��Dbe5W(�hdd4V*P��J=ŪgxX��f�C%ME��ϖO
Q�> �
SܭkM q8g|W2�mnw�,yY4G3JB_ �f�ApTx��QD(��OzAGޒc�̥},�gDv�nS�S�Ut�
,MH��UGTJUGRYS,ɗZ�d8x�.�Ĉg��3����w�qC꒾'pp�`S~)R�=*�9)"~R��R|�X|۔)y6�wy�:}ekI+a@|/BlN
�[�uTkH PZ*~
�L�:�(B�=�bU)ީre\IGT~VhqŇLd��JN�$�h)D�k��:6�x-L.7.ZrLv5 ևC�
h]BRkgx5[C�h7z�FbIC��Ƴrڋ��B6�TJ&-Eb<@Q�Ns/�}�1렦tru�>AZeӚ1�q�ŦQ�YKEkw�
z�<�͜6/\�@brڌtP1y!3(�ѵ��whp7f�z>[
�f3l%zb|>]v(j4ǿsI?u->HѼ��DK#X!�)�%WNGm+fN��*� BӨf,(V=]d̓O!:n�r�;D6[�|W+N��K��!~�'�8Z$}̷�(�ºc
`f�ZHȘ
A
A2S��l,oc�wi���6i0x׀�+=�g=aMȑ!;Mb�zސ�cv*u_> `F�l��'b
���^b�ƹY�6Xo,y(FX�ߤ#8%G61E@
CN|�~7�рSEޠ�6w�),����d ^=
Lh ZxGzQgzl�¹!,5*^?J~V�a&�x�}^\w͚ܐ#/[j%Pxq�'9#:�.N{w�:En"|Uxn�G@�1 K&nʹ"
�1K�G!\e��+a.Pϋ2BfC5䤱ݱ�cB�#���)n�I�o7y
AF$aLHZ(Q6b�J|o
3l%eխP1Ԁ=�#�W$YRrr^A?� :u.ލYy�B"�E�+qm#v�j>)4ʿU7,M)htz2魈�c�W
>zNӖK(^w��a��&C֜~S��Ϯ)��M
}'ۡ\xKD�PS$>�]�W1d�Vu_y�~V9 �wfwzS�Bpe�⦮ɡq#(FM��<��]@7�\W!5:Ps
���kHO[~q)-ײ@>"�s��J{C�l\CtPa0;Iev%"[qUXA88J`pT�vsF >u&*|
>�U�%QdsRlW�$
�jߥ�mfQGlf3�� r><�j���wY@ؕ/fF���SΥ�#� ]vD�eCٝDW�:qplh �"S79$DM8I'ci35,qe_*O@JI��c�7qؓyP�'7&��KzFx[ >t-:��e��Rb8պr��n�z.�_�H@d<ܑ�2"x���Ɗ\:H��Xp��P[Q(
F�8�a4I�^N�9gȍ��aQl��:vT~Ϻ$|~j^Ys>բ��5u8Ѱ)xb{*/c�����b]pWYuKACMb�R�?ۿ*+S4`�6NQ۸
2ޡ5��;3�?[Ujz�ZtnX۽I,4Z��*�T�~Km�"�LY�⢎z[Z:��/nb)�?~44��967Dk;E0$�̋'�ȒlE|JsH�bJ)'�tn8u�.ix�[ƖZlj$`� CC �YUs�e0�tF}>ٜU`بMk=��$HrTh?]:_^ {N�h�[C�S�/K*�#}Z|KeJ*PY
�(-�f(F|��Z�r�SnjG�Q7{$M�Y(�Q�@Y32c�t<8TҕōbDn�蝦Uc�-7�]
Y�
H�A�`S�V�B0rL xW{ʓo�"T�4l��x�T�S!vŇB�=0z#oMpM'ۢL
�+.-�SodC���KX~��%MkTӎ\x�a�5Bʄ676G W��WT=NEsRY;1PF9,Ѕ8axm�c�X!xW�DY(¼ޯٜ"�SJ�ٕ��F(+2V'�@�`��a*�MP<&5<
�8ה�Q~I38v7�q8UҰi݉4<���?Ź:.Nݪ�RȂ�_#Ұ4|~�nIx;/u7Gcw+d��gPآ�Ĺ
hP��z{hcxQq�6�P㔭!AB_TZAL�͇.Oǿ6
[Qhf��Qes2eBu`ROB{ߐacI+5I<%PQ8HM�ZN@r��09_ zY��0$)2��9LJA�{+$ھ=l$�/9Z�8 .ilQSS�a5�I")QMG�ů��ӄz�]7�@�a^bک,H�hB�:u�N:�?&u;/?��aM՜VVu�@$[)d��W-$?k@;}"}?�{Y�(!@(,A9��[%E\�S
Rq
[�%qlcP5!c^�h?9jv9Vki
�B}0.4�(I @q#f>TP|`|N!*Zhɞ�5X�AFSP6v��k1&���q�1{A8n�(]D_L*`=O�Iw@sygV
���z)�bڋx̉.'PaNxDix^�M{ �2jٌRșb+xb�]/�IqU� JMc�2xJ���Ld��ҹ��Uz%O0���bэur�lq}Ox2ɷ ,��Z_h/A\��2~�0zz�c/d6֑GkcL �%!\�N:B`@G*%��p$vpa$:�*}�7>\uWGÃ�EE\�o$sOz[
e/X>/~\Oڀ�D E%-�,]�(�^��l'u�B^�=#!уW-+���btPQe�~1���63 P=��G�7M!�EE.*z?zkdȺlG�'rδcoam5taȚ�FF4K�eDX"Otj~�v4t��Ȥ
j՟�]F�3'���<(�?<�eq;g�eiApDmP����b8!YZ�i�4P�'vc�TF�*�
�<}_�0ԛ�6�~:?�%�Cdm*�q�eTj�8x�*6� 7^'K{d�xF.s{ cō�%D- `�8�qёYM-#w1�g9�r�|$٨�iPaXx
p�Z��]p��L�^��&�ԭ�<�#SS|3wM@9 ˅=msɋ!L;m�cH/Dcbm�i�(�;�pӓAE�qj)
=q�r�~�LAqA]iϼ� ;�>�c73<> ܸ��@�8����mL��R=���GF�e=NR ?p\�A'։_N�y6|�̶cI�U�՝?Ih%,Sft[�z7g�ÙQ=�wXqJ�2��?Q�_)fj"�zr(�9m7{�
ҡ���]Ve��un
S*�� |rcGB5aWqvg_�ma2�f}.N��{I��|ßZ<
Zf+��=�|(Ԧ]~L�>]3U^'lsGɗg/�]$#�bF�F*/� V\L;�PygGl%*e
qtHx6��cߗB$uq9�,�^70��2?BOUQ�O�x�0CM{IK9�q�Yؐ>N_C�r;~SS4�}-J j֢VvOg5U�&<7g�Iv1Wc�mD�'Ä�=Sfshm�ԕK1��eUA.C��\2�pB"[*�N�:eP7�)�=)�q|@qS�75Ĭ�_.[OG7p}#�oPp`�$�iàޭ_jb'^acZII�oUe!m6A5h��E`_�>av<ڏ4Em�~�tV8�k$:M-E,N| O
6tJ
C2o�
�%t.>�ݥ]O %"}^��#
(}�qE�)1���?�:/EL,ir�[ܿ�6NDC.h�KCCК^v>?7nW]6�c$ٮŀ�gؙ��نxlGXE�쪪˯-n<}Gؤ��zȒAEj�Kd++NE`"E�WyA�o�&�u{y3A�6LX5fM F�axYtK�2#3u
Ė��rv��|3@�Ӿ@�f�Ĉw�CB�k+Lsc��uy]ip���~G59F�ŀE7a�g2b* Q��MW�XJ�^U!�`F1�wOA^<®�""Mj餚
]�b889ۇw��`o���!���w|4kӕd=~ꧽ
O
5%?J���C
(Q�n�� �%.�O'`9/�<ۀW{�NR�һJm3=n*29%{ mlλ��'tF{�@Y-֓r6�b؇�q9�6vQ5��Ԙ�Kz���9IXvYY�e�Z�=l �8pFoy�,��fzU%-#zq1���}n�Ib�����1d�4MJY}qɂf-�QT'�;R�`e�`uMA-G�]>��a��K{CX&^3Pe��Zrӹ�WiV�L��mi�ܳ�3�fלUI\aC*(-~j
��T'\G�V.Wr(f1��
?,'-')aƯܸ�'Lɦ63�U�ћ/q8q�nK?FEvB((y��(O!�@w.Y[`!*jahmmJeX]MP.��3G~�@*iT;`V2d&�Oq�'�8�3-:W/3nNB��7B�$Nbd렎=�_mko�\d[S��` ]?��oauZ;ĭ��X�q�IrG
䝻�g!!$:��ݥ*-DY?)`~*4S3n}Su[)�UJ4j�@�Ӿv$�QAB!$1X#F9r>��ުr4h��{MrP#:�u9تTK�b8o�;3?Z^<�?w�ݽ]Ng;W9��>�L�kI7e�Ⴡp!A�(�+rCBa�jHLxk-�=xv�
�o
:.vc��A�5e@�^0�'{T/q�yF9\6�n4rY�b0Mujx;j<�(4 %;7O(>�̄MiJ
>9R �B̜A)*�M�=z�Xm�%k
ʻVyW�
�U�&U�6�!E-v;s�d^�/�~t 1j�Lu
��'D
1`pv��@!�_l'ߌpx&(�ir":�|14�Xy>i
m4���hh_�
IF^UlMT�0_(G���<>-7|�Ѵ�é"@�ѳ�&MK�CTRYP��V�h:,`=g>e6=��˙&L��hS�B8lhֈY#^Xؚ-�ii]$&$c]:h~U}Em%�Cu��lPvn��V#��S%�jd;��C �:@i vcF4�mCQF�[.�SnŔ�)�,��MƝ�"̔j]j�0Ev?$�|[o��ވV<
�t9[_)J&ު�yY>^lܫM{ӊk %c�XatBI;ʼn,eߐ"y�z&Uo����͗4�[RBM��rP2Zu̚�*�v?�bćUlGcƸ1O2J�\VrnSi&��Åw�l�f��za.ј`E4RE��LZ
2Z��PS˒�'\2n�BQ�G�W9InQ)��v �bȢ�TWO��mvQ2�!|�jU5z��q@n�ג%�r)�'h+K[u$F�"IڣV�7�76(r�RHj
0>L1K&'5},:uY$K7YLH�D^`aԓc����ԣYn�bпjؿ\'�-�T6,'qZ%>�zQTCg�[�:nH0Cf�'�s'E�
F��t@UQeʹ�
<�f`1�q5Z�3�#jI|ԃmMo3>ܺk\1pC.x=tV\�J\iƹ��G��).�d���ٮc��"s�r#�fAJB<IJ
p�g[\<�xhr01�Xμ[!04��zK+� �h$;�)�pr}4V[hݸ�A!M7�[۵{Dsy
k�9\jk��:>7ki!�e�N~5ƽ�6e;ↃVf`Q/_�!�q?0p/s+$�(
mX �F
ٹb�f�F��_p4bEgQ�t
�fD�wT6�5|lElͅ �ӕ� nI!c\uo��a$.? :{٤-69,Y�w�H�LwVKV]E�L X^Ej>R}vl{']&ͶzhNs�v�w[wN&�*FlJIըSu�Qf|g_1 �$2&5Xx8T�
�c`"�蟣Obg��F=n
g�cAXתi�J�;,L:Fv�"~wW�R]s� qd<2�l�Z#L'k�E�FH#�b�1r 41JK+ը[Lª)g|Q!ߟܩ;o�KĂw⤮y�1]h"�sdZ+OF۵���+S@Ay4p}�UC:}A+gԞ,��d4�*��?nBhP~tZJRI�vP"N}Y�͓.ϮyXjci+yMgf�pE#SooI\qi�r�p#+Urަ#�9W�L_x�A76`�2�F)x(�'1<#e-"yG)[: FL'�3�b
^�SRQRjau~r* �hl�4�:U_�s���)YOT�BxqM@�K?���ip5hgʏ�.;$�'`��'>y�8.Mjpr��C)��m�{ζTC�IP#�N9p4w~\9J7|��(9N֒�Ц`
�Xo�Wj+�$iM�OigEP�V��)!�Oudmٴ|�MQD&�Uf]4F�R�juc 9U1(���b�8!�r+�*8{R\W2;M?8'#ZMj�c���=`g%9Y�'�2Ab?qeCd)mPQpꃚ9�#�^ՠ!�tK��"F)R,jjzD¬%'�/��Fd|[odiO�kTL�|ի�4���w(���\ʌs��zN� �Φg3kp�"`�Qb�Xlhߵ8)9�I6˨x���^|&j�d[W3
�2^m�
��5P�^FI"SvN;BQ?_��mFh�A���yPUx|}!\uk�9!5�_�9$x
#\�sN#9
*�
q&wU4W2s3ڝy�C�5r�}J\[/iEo"�S+v{ܙvBzA�.H.1Ɯq%VG0&#<�,Fk:
Rd��Vk']?D)�t��o H�Cd:Ov1pP��kiLP
M�g�7X[GE&,_`93[6��O�GWp��l#˂�/gK$$4�D�_2�VI�#JpL
�_7$�g|��c���R%MISc�_ȥ �4�z
�3V��o�O/w�!&;�A#-cxIgDAdb�<�T[1xEPMA"`�vjI5Ԍ^G_t! g��n`Cꄭ~=[Lb2'*w�ǾC�NHVd)3J�NI*h9,zȆM$\qBNʫ,Z(t|B;_Pe~(��K4lhs_/X�ZG簾�Y-�l}IR�|oJ!V�F5�唈PkCTq8+H|�WI4j|t!�v^�ŷ�@B0^+3Iu&XbsHY�0b̎`67xc
��Baa1Yb&�c�hs͝6K�_eK8��sY[Ĝ0^^OG^˩d;yJ�L¦^=tw�g%5{�ᤉ<+a𠒤,> /_9*�1]zA;��BO+
4ad?���o"s|
/n31�´}���70�>,^&g
�i�3Id�pYO6H1ۓ&Ws& fӧc�^�t��k�&u+_N6_~#�h0|}¦^Xb�S8��/`*Lk%6�nNČd=�[ �/Rr�|cTy@=2PMoA,|��njj�J2�MC�۳[\��ο��H����MBv�-<ڶI�z�~"�d}EN��j^�h-ad>XU�l6pj$J,znu'@̏"?+'@{j7��a?W5Hꋕ@R}O"=
�ҰO �!yT@V3N&l̮`:1}l5@��au\�NvHI5�P�\�Z�G2�{�czv��36o�t@Fy�� c'2@��3�_o:��rBs�NУ,�&�H|r=ރjCo�mt�zR��0�u ۋGYc�HL~: ��գ��=RT�+:B,t?T�TEe)AJ�M?6]J�Km瀗T}:��6< L0T�V���HEOw$#ŤٜzTt&T��1�eZ<#(.x.:y�eཱུ��O�g�.v=��=�!�
7 �%�W1m
_~_�%ur���?eE-�.�:1͠�a!lWԢl��_eUte}_�23Ag樛D"ɉ"74yPg]��f�փ�'J@JI;o5ępbJ�=j&x̀!h
N�ڃǪ>;5 Q&瓇ّtҶJ��c
0t\��?��./("t�|ed��>�ʞ�s�Oti�:�Dϼ(�Lox3Y$G�[ϹJo*ιn�1.y�Pu*:�/(5o}ZS#�HH4̘�UNO�%���'b�+���v*�Z�Ȋup4�1 Wa[�:dc"2�P&rzi[~\I
uNޝ=B�3o�e'M
ؔѷz(zvoŴt9Jb�EN�>F�>a_8S`e�*�LHܧ�[�LJRuġ
[U�
�b�Dggk�<�)j+>�Q�)�pG0VF��;Mm�+m{�Bd9j=rtz��#�we�Ơ#*7}=��1:Bw&�䉶χZu0.:�HmJ%%Tt0j?:gv7s230d{
ZL�Ԉu'9�S_�$ldͲ})��7^
\}|Xwhr�&{-k?㚻�w1|[ 6�nKJPn�J臛OeNZzt�{�l{G��@m�MI}'o
F�9Ԫ)_�3��Q&ANtmcE1К>�NW5xL@�q'lFUtFb`�|0Lᠠ\Bsl^�xy��ܧw�oVG�굌U?H)0�=��dQ/f84�!$�f�82kE�/��Id4˥)c6;\д� єQ�,3�cS֔
'$HMؾMlzܫ4OAI�5L b�ZOYf NT̛`D-Z|6O/rX��!;2\z 9f�g�a^kЩT]Wx���4{s4��Q]�J"G�i,D�f�8u�y@q5��w�Zj�844$5gZ~KTm4
q�ք�j�$�M\HcI|.gUmWP�(�q�"�_�F:øШB@�8�wfe�~�RBV�Ue�(4VW��ѯnQ
Ʒ�/�nS5[P
� Ȝ����/r�|^$h��?�v�밨z\�丈�@A+H]z8�4UQ"KDPK�>gno�W-l*(M=w/�#J<; D��d�
M?5�4s�Ē~/T�lR j-oJ��2�S>d�Z~gEKHC�?��P?t!z�i�ǽ{w(6
�ҹEu��b)�%ʜDsio
c$<1! 8ZxM��&Ѯ�&_�v
͏nn2�"!��G9�c@l&ϲ)>йb�[ȡH?3w
\+Wy4<(Y1�TfٴKz/�89�bRp
(Ɣ��)�GfoV[@^۔0o�/O*St�� .rRK���4Ha�ը�PQV7ZkItn_
*c"_*Wd}*B��*�jX$�UOk�1�,|�.�'F,V_TL9q�~9n:^B`(6(�mjG9/EDԳmO]bF�OL7fL[Y�<�&!$~̖vUקM�2D|r 1XWwʞ�z|LN�/%#���ߌvCcCZ~jq�$
E�;7vI�/G ���Yc[_EOE?wɱ[J�S=01G`!��& DbԇͤNu
9���%#�Sʂ�8rp��Mb��|M?-,p�xs;�i�"�u��Sڌ�Sl6�BnDqx{ >+Yh#g͠j2jU_
wjo/�Y.X�r\�]]F\sL�XyCy��y�8�ΐp`�c�3��$o�J�E�Jᗧ{kEe�)vLwcF{z]]b\XK+hj
Iw}B��=wAK3;�|AT?'zVYEC�;�{`:Ly'u}L<8�A!��&#oG6cnC�cWEg]M_s��|=pdL*��q ;!'_%3j9�'V]!>6�_M�lm�"�=;SZ�'3�ͷ�/�Ɗ�kmPםR4>?H ԺGR?n�7PY!f�uV�rL�om��jk">/Vyɏ-^��u{~��#i
0`kl�R�YAσ=ɝ^2#ݛfߤ[b��0\k,ɰI7xu �;O�����0�Ɩ㝕Ұ&m�+9n;l˴nck�cOdg;눥�am�
Zs�]�蓦0���Y1�h0O*>V�p 4]5
p4P�п�!=ŋzUݡ;{(�sPI2(\�XTW xBL�Tp�Y6'/�M\*x%!>SB~đ���B�>G
8�!A#*�I$��'>x`z��RDR2�ZYp*��~t(Ѓ)T
/d�/ǽyJ4'{��F_�5};I�ϛ�WT/IhB��9b_g耳U�k�|滎�Y� �ȭxZcXut,��"} C1ͪH�Sּ�mu͋@� )eAp&�y&2Rϊ8�BZ=$�1���ѳl1tȍ89QHRǿ>Z�-ڄQZ� +z YXe�Ϟ:Ҙz&F�U,?(҈ȁI�gA C[ӷE��@7@�8H��"+b�N >%-�w���W]4>5J4j[��rd+Fp$ElZ̸*���'�c$i_�D��Į^�-ִƴd[��E��80�x�3Jg�r}Ƞƚ�ޒ[
�m<�-O$B7[D~Ax# g1�?�Ҿܳ)hO�nݝx��D�JeFH/):�ufON9��5�-� ^LfN1�논nv3o��)�bXk
(�71nAuϢx7FT-.r>)r)�ϋȫ~Ćّj�?'ÖH�q%3r̗]��-jFN���� ��R���k�mzWNz<@|tV{'ە]�XR�~>2�Y4^Rq�C>�9�� ZP1༓m��?���1nnf��{Ẽ7h$Tyl `]П�%q8DF2$3k!(>[�Pl-�NXNyc[;d��D�\Dg�kNG�"h����՟Q\��8g�z]H7�d�d�e]ӢuE\OsU#2 �GH�R.BXiw���5k^?�|V6(�!u�'`�k,nuc ��1C(Bɵ?ך҈av�_�'x�& PJؓ.U�m!�8�CbK̊Iu�K5/
e :
x7־�x�!wԈ�v;,� �~J-оWH:mpD�9k~(z�*�7KD�w '��t{[&hrYA`�㘑�죶*�B"$0Wv=1=Cvj�Xg�
lX]xnH
��ޫcJú��tPZl*C:JM�[ 7d*]WMg �1S㨱4x|{n]ؿCּr�cӝ0&^һ_r^ih�ռ/Г�Ͷ
+��W0!.f c<�)^lkꌗ
B+D�콫<�|X+ݢ:Ds^k8C
z�$@`X7$�Y�B즁(�����,�GprFMY��)AaY1��Ҍ_n�?ӰlarkޖօV�)l�(l�5ߨ8|6&js0(
OMw=6KU#6W5��Rt8~"�f<'.�<�KhW�';r�
;½
��\>i]q��Ԥ�Cm��i�Xp���%��3B�yKtj[}PKYftB1��dPځ�ly"Cr+fև.3FӀ��_d�S_<_k�f(��9�%תa*TM3�Ĺ[NlY{�vWIhlwJ~@:zps)� �j<8��c)�L+�2��TP*Lmv`�gy19Km;svIg-VВuީH6Q?_��=GIk*�f 頇T�l�)}d&Sr{W^E2�5*IOv
6�X|�$�nԍd�dc�y}>�)�W�(J4SmHl�amJ�bTm�?�MPQ}p\� �72,�vҍLgmd�DQmIyX�ɖV50/$7@U&T(d��ɝ�W/��?�jw>b$i)I�q?*�
_�!*�y'Xz�;�IH.W�C�[�r�x-q�&S
U-'*.�w��¶�[�t�H!:� 7v�~2��Wfu([u�NefRҨ&ڲ!f9Ҷ|k�Gp�L.)so�j��-U�)rb�TB�(^��L���uaG!)_@�"5[Su/}�ZC`O.(,0�d;�N�Y �ݏ7xW>(Zh"�mL藾V�o`"m'`��_
i_{>�-!$�p뢧qf&5C�_�@L5I�}it2��U"�<-�i��|\N�@=rfR;>u��Ͷc�bփP�9_
��A*A^"wi�@8{�cz.ڤ~B8}'s�5բTE�Gu�3]�����|�i6�-5�tp�J�lx(�C۸]�.�6aHۙm��y�l>u߫λ}�I�+�}uZX%JglʝB?�=2m-[v\=�*.%��
&5-��b�N4' �O�,�tٰHX��v�jD��\^4E�Wj�Y\AZB_|h`�ۧ �K^%~?(\:+)GS�t,z},OG-�{cR�QF*BU�5e&�� Dz*U¯Xs�sͿgMi*�� ��`BSTg�D)=|Kf;3?Z-5B[{�S`��_S=%'VMe�o�_�c�H'sZqVDŽ��P;{� ��䴶R�zT[fCı�ՇZ9$=X ˸�pE,<�W?Y$�ƴ�8cR1�?3$mu_5R���@tI�CsTߦ�٧t� �Q_Q�b
F~7�v\0n3�^>4�Đ#5[T�p�7P>zb8��9GHlvw�G�\x-Bݲ�bbBKkIxX�.�L4qehtD��Ig�zkn#r�#9);'4dLGc.-N1+bɖPDj4�!9�?BN�Kx�j&5k3� P��mC$
Lw�$RkW3qc8\�eY`8�OԬ@B0�^��Ht$ޛ?3'+k:a�}O9Z`N켅.�x(X!r�|:ߴlě$3rITSos>^�.ϙ�{M9�N�[XiUydO#{-.bGVσ 70g9�
g L7;�w+2Ry�loqY3�E\\V�JQ,ر}UD�.WN�lJ �Eh{:d0
�vHU�j� iv)��.o���XVflyFDu�7�Hx��}AF�;m�,A>2lbYbS})��B��
��r[o;?A"'gpf{�NZԜ�ʱ�v@문�����ehX8u0�;E
Zq��~,�`mFRڌ&:Z�lJF+�IVaJNcD.�hK��5B5�y�Ca$\�B
���)'.-ܶqY�_D.#}G;y$c�_SE�C�\j �ÿ_�o�dB|nr �qװz�3
�s@b_{uBoݛ�Xp� l!deK0 ��Z�MP)r:d�@Of�zҧf]{�ˁ5'WcG}ץR_y(
=s*si���ns�?53� pH(&��D�\ׇ+;`lg�!8!�Z?�tøH�a�^(^ -�m�y|Ò/|f/a,�<ּMe!b5.B㑝MNɗ�xRB;\��r�7G�݃2X�t'xn�9![�}:V�+/˃�"\T��*�OS�QɿaI/1jT?xo~v\�̽zS&
>�1
l�PW. S�,(cJfϴIYjP~%Zh�,\5?s�� 6;E�po�UU"
dBMDgrɱvdnJ:~�*N�l �MH�9J`,G!�l�
2�N%��U~whlŇV-n;EQ\'c�ℐ$i�ֱI_˪E(fV}^1[,�G�z�%e� 8o&0�E>
uB�"5O0>P,�'379Z4zHV�5�a#�ba�6]�i0(,Bc�?弉�4|^�U!5�Wu��a
�/H`B~�y?�7Z]Q=^I'2:�+0%�(R�=m$yu�3m_^G6�[W$Hkz@u� =�Ȭ}���Q�1�9/��EG=�n,7^E=rj ba�7\DPm*"�ד�41D^8'EowRčVu1�L.^2i勳4PH�;l\ŗ7Nض�*TO�r�@B~ʛDX�ͷ�3U߫o�?)Rz xMZ��mxsQ"<}�^;N1ڭd*f,[�D|c)�AIeVC~{G�^O>`�,�wmG�N��į@"/�DtfU��!BmWw�ha`Ax�!?m�7�ƻ$/>�b̾W4Gjt��5ͲY'*yi)lDj|3�^"�!{X֞Iriۈ]Upx+CC�u8"s(&n��*9ל�峾@�#��M`\ K
�<�T,=#gҮ��{V ر�qjz��~1�=ۦd�XZ]\M5�$}9v7J[=
'Q${k�-X�K;+HX��;UV�72@T&n*2�<_1*�"B�ON8��kJ�`YZ
5˽��HqVﰀE�]PK3ĘVīDBճ5H4Dc|��@5W3q�
ի=��V� o84:�S�[Sp�M'�Tq)@|cLKN��wjBC ԿAl�7eKPK-B#|;W&_Is^f~QGD~`�pQ S;`H+�D%�]�N' x9?W,,юuP�Q\4W�^Df�EN7�O(Svk�)c<9tuqꏸ�o+oWj!A)}�Ҁڝ'*@$�80I6p�>2%�y %bN4]ͨws1��Qo\g<\˿�>�gb�%)p �[>"�
DO��)N]o��~{Wf6+Yo.p§���Bc�Y� �t[\W�Wn.>4ӭюo^t$!1$N[#E�MFƪC$hYh�_��42zo>][:-xG�(ƚfnߖ\��_�u �2l:�WWi9FjsM�^�
~B�%ձqXOl.a�b���)zɫ�U}ۓ$�&od�3;@W�/�F}2
��Zޠ��p��06*W�ʯ7$�xiӋQ)MȹRǪW�a�U
CYLѓ>BP�>vhbH5>7?MR�Qn}ަ^ŊpL�췡�&Hd?M>�#s�@{�[C䩙�q�t�7i1>r-,,4BvX�KTNTM?>+%;�E$�D8W!��"�X+=��pD}�r*.-&�Ϥ"9*ޣQ:L�-,D��:�Y�B��`m\�G9E��%C�s:3MC�s{x�ѡRqΓ�cM+٠/xc�E�5t�VX1QE%g�Ae�I8Qd
i?r
7
&x'l�Mp�T}ډڪ�=�8I�v�wLW5ifR�^!��Dcz[S�Cj`uvg��0�-�c-K�1j3FZ�7(>7zqQ>cl!$d��Д�b?B��y��)H
(
�A+ki�w�-= Gׂ#}v^O�Y �XHe{�1$$8KW�7�<�S|5�7�BDgD�Q-='�g`�E)*�e9e�_m}
,GRϻᘥ[Z��T0h_Ŭ_5\Tc87�5/�Fx�<�x�V:&��38խkz�3'쌪BW/sХ(�cN���]0�ϫ�.]|Q�EȨ�1m�7:nU�Yi�E{!|�T49�W�_\6'{x@_k�j��l�>k O6h}\�Y>~i�3Y՜���)W}nxozP��ej0��vUtɂIf4�z=BmA/��sa6}nC�tQG`�kŷꓕؚpmfߛX�� �k[\��[�@@M2H�2|�ae�%�xӰ=ՃV�Ptߑf9_DH�F$5|`M�eܹLݎ$�U[*��gL~��%c`Їyi7V6rz^K0�q#�pw�YK ߐ��#f2 LM3jt
K�.�mf8o"w�$�y|�_&/n8�fnY��{25��2�}u/)�ät�[^mp@N�)�{#y<\X���)/X5[i(1u�omjHSzR=�
1sOǬ�KiVEs�|xb�nNCMD��}sR:�x
�2*q�l
b{&JȳIWhT6 r}�(^�k!f%sWe1�Co6�d\+4QwJ9[�Ӱ��5;dة�b�̭j4k5x*�OU!�.U +4_]3��ZͲu?<�iyV��Qb*(�b�Rf"�qY�e{rk;=�DB�&D��o/QTz"}aD�!+*tVd���qlѤ(c7DWˉ9Ŋ+ό �0|��`Lit�iBiT9`!PC̿'AK�t.0*=A3�v[yuo�I?4MT6H07"-S>8k�� #ne#�/sW�M@l�$hu�WEU*&T9x�s�jM&Vp(ݽg�&{$Ɗ�+0M=KS榹W
ܪ/m�UP.c&X7n>epY
GWxW6k�:�Tx:A�(e�dM2&˓* _U*ڴJ
�xo(!�\8#RN�J0�`U�xUVQ+*q\�1y���'W�;eE#@X7�w�/ߢd `|*)6P�&`�)Hg,mO)�X@4$rp$��$"GifSL`x�8%�ܔTMKrT !d,GfG��Ay {Z}G�F��
rt�W�;@M8�G P`W��Q_n3 Zh"I�Mq
~Q���_�fg7[s�R<ϳ1�ɝI�Rݍ�q1k+1��*H}� �>�k;�_�-��{~�d4[SZOmD^E_��^J`s��UK�9�>%h�YKS'
q\d�,\RE�Js��Wt�5]Os!]^ü!5m)RRꂯ�?��'|tϲ/**xv?2�Ü��q'%Us��:�XKb�i?lU@'C�*HyV:g!�#�!��[nD�cP
@'quW��(Lip
�����w%�+��G�)w�e/(��d.�S$bUK*�nDEoW�+4ywf@��,Fף�8/lBr�uH�ׇ�L>Ǿ��"Q
ΌP'2�w'b�?ٻ/kM�h[jvFU]_��IXi.uy�0߯ư4��>�O[`��[W?��<�5gC8L
��v�5%|S�aꃩ]`c<9�E _8}u0\5c�z�K_5oy'-'B?lPK}*cb5M�u�j�R%"��2�SP��ã-%$$,-|;�TH�ԑvc-ρi@�5 U�.Z�U���T99d8bGVe��9똟j�|(C��n�!��
�ʼn.Ӱ=._kHq�2Ni6i�)xVl̇A�n�
�8L�yJe&)`2O2�d4
�ָLMSJ
ʠOjoQ�A:xBU&Y?Nv�/C�;a��ߚƑ�e�Z�;t9�]_�Bp`-ˠk�vEu_%��J.s\`slx�+��.1����\�Mc;|.�!CY+��
_�8Cp�ox|P�ɌOI%fH�aXSlegv��}%�4%Z]ͫi=p]u]a
Øۄ4>�~:ާx`ĉNrf�`l
=JjgY3Ee�-R7b%�E1dI!q:�QeD$C�*,q%rr9#ІlfgJ7D�P9v_>xis��$FD{OAj��8x|l��Xj 1M+�ΙPXOԌouaa`}�u+K8�sle+'X5o9_$4�e�]� ;I W�mB`ԛ.Ipp�v�Gһ=9ABj>sdLa�`\B1E�|�H蠜2*t7o�u�13%ߋ�d@;Ԍ��
�ƤDS`�k��ȉY~Ku{ "��p+bMߡ_cV���@bbP|'9{��[n�GH��I�Oc,��=L.�A�s~p�i@�s2O1���XgnN[aP伳�
h���1w�yj"F[�R[-q}W,c`�K~�xjEs.MQ4䤼'�F-H)�A?^�R_��˴/��篜�YeRoQ{�Ǐ��*,�d#} -Y"N�5v|Wemj@uS�`?|Ji�v̉k+tE5 ^7~�8~t!���iU�ͨՀ&a��i�cYX-\&�QƝ +Q-:����̫`= �3P�w�82[Åvj�^�6�0݇D<牆+*�c``K?ҽ~>f @e)[*t�1k4Ed��a#�Ε MH��(@��6ob�j� e]%��CImۼ_��PAN# =ě���H�Gn�Z!2CPMnb){B��[~|a\jE!�:Y�zʻ'ٮrĂ�M?9Cu~�jd(j�ɘow
�$Yq=4�=zFFx(�`=)zĒ��&�w�2�Mh_$�
W�.8hھb^jH~d_2;_MG��z��п_�O_@q�� @�J�kf�ETBKp��cDhMx
)�poڂyK0wQT���wgZu@AF�X\Ա>żX"G�1rϽ;ڑ�WDcE
�2�Ybe3ƥipu']��b-ާ���P�Ά�X�Wh�r�[oIuo¶7�K?BdG�8�b},/]XúGN'��8 SsT@N!iD>`Ptse{�!�g"�q%y$4~"WEEkȸ�*��y��^הBO�]?f`^ C��:�XpHq+O�D\?H�a� ̨! FGȳ9$.<3<��sDdMr'ϸXDU_C���!:9gr8�{,K%@$By3#BO�¶_�s
X+�;Z�_�Ϋ��Nn5i<&MS&ȵ�>V;Jz1~i��nYØWP:!Iv[~X씡Yf3|L�w/�p
�z&S~ww]m36C<�G�WI~yeWk rfd��L�|w1@\�f@?:]�b��M\e&�o|YAQzOj�ј�(;R &Q�~Z<;lL "S�oK-`G
+�4ݱ[Ӄ�TQt2j�1
� XLg캣ZUAn6mxplH:s�m¾JZ�!Vd=�6C87^�̎Y�{`BU%~f6h�8�^:��)Q'�Q6��,�bc�7Q��wE'�we
^5i���3ȎU%3ά
(��5s;�}\ZMryX/Z ^D,
0)� Z�.a2Z+4xo4�Gw8�zIu#8�WUʑ�h!NӐq�|}�)�F"��j*ɼL;uѝ�;y{]25x�^qu&t�s>�5y.W^�mCxJkSE�JI3LFf)�wW�ii6gsF��<<�3�Q,H�=�3h�ȑ:���$%G2JGP:ƂΗ%ְT��6Q> �"[�
Z<2v D1e
�#i7t�ʈ�B��.�o/�.h�YܮI0�[Ņy��S�dS|xo��f�[�NKѫiQp-��6<@�yt1ZMŧ! v��Wf&z\�5o3[pͬ�C�bu�E+�Blr��:V@H�qА�U'+ӥ�>2|VpI(s {t\[?K:iG�^Fc��ۡ*�^��sh;Prl^52
CNM��2>WL��oel�U0�v��HԜE7��dD&4�{wi" mcK�K)�s:aM�