libapparmor-devel-3.0.4-150500.11.6.1 >  A ddJp9|a~j2 AomBG}v,U]Z5+ˇ",~v-5C;Tl3Բi6HyH =&ㆲ/ڙǭ`Rutkvs-euq+fދ5j(Yg.(MBLM4:.1V#eD->^'I%׶Ew8~Q!b2x̴yCֵ=0,MP BZ\Bh GT-n/2 ^6}U3kEfcdccaf115d5c55e3d8e2c9081822f2c1282c958277d2bddd35604eacd8a2149e7ed5e1f0af03913e636d4f44c90a6c033cda238DddJp9|L`l?pGfn~MqWŠ@E|&!MaSl~3JEPH5d!-%Pu7^%/9:\ uҹ8oMT\B,&3N_~J\R]a9 aZS9Pwz"F"@WK9UCbf-@堟Bg(2Jm`̫(D ӢTBZlt|H=wCKUkSL9-*z#K(>p>?d ( Z *Jiox   D   P$hp(89 :FGH$IhX|Y\]^/bc]defluvDwx\yzClibapparmor-devel3.0.4150500.11.6.1Development headers and libraries for libapparmorThese libraries are needed for developing software that makes use of the AppArmor API.dd)s390zl38ǍSUSE Linux Enterprise 15SUSE LLC LGPL-2.1-or-laterhttps://www.suse.com/Development/Libraries/C and C++https://launchpad.net/apparmorlinuxs390x"C$ C z  A큤dddddddddddddddddddddddddd ddddddddf02c988c0ef92bba8955d94c52f54074b95b8a516edb640d60bb1f32d466c88f2e84186d6985966e8615bfb0a90f9b40744c00eeffd9c47de714dc52d688e96f1589567a05ac8cd496782298edcd89d22ef745cdd5ba8283916e9cfa403c6fb26fd8189d7e12d91a0b03e506f1ee6a7f4a0d507b0ecccdfab7e42d896b2a595a3f14d54d40218d52536f934bd83b7a59ad38dc91dfc645509fd4f7fc77fbe5c8998e3ac476b014f8f1dc726371f9cf78e0dbd2b1d96168fc71706f11378a2d8dd57f660348300322b4c3bcba64af715bdd4d9545134b6d9eaa90e75bf694ad410420f9610b2e5b171a04e452a9391bf86ca7290661e9028af883a693776a0bc969253832aee6e169a34249dba2c8a304fd8a0437db0e21237a3bbadc7f7cd763e8b32561cd134267a6f5e1c965433e422e8d3f75e061db24b7766ebe6f2393a3909dcc3b40b412d58e6d4de5ea89000045c401e1042447a1834a2214500af48f94295ad48298ebe9f69f08a49c6e6b52826441a9e82c37de71855588772a8e0f1ee1ccc9c5f8eb9e18a55ffef7ebc7f047e205e380c0151db55f8d853b4586409b650a56ed1aa77bd2035e4e694ea0e98548265e3c1a0d8c39a856798a343e59libapparmor.so.1.8.2aa_change_hat.2.gzrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootlibapparmor-3.0.4-150500.11.6.1.src.rpmlibapparmor-devellibapparmor-devel(s390-64)libapparmor:/usr/include/sys/apparmor.hpkgconfig(libapparmor)@    /usr/bin/pkg-configlibapparmor1rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.43.0.4-14.6.0-14.0-15.2-14.14.3d@d@c@cbk@bi0@bZbV@bT@bRbBb<]@b@a7aZ@ap@aabaim@aEaaua $@`#@` @````_@`%@`!'`>` @__ǁ_ǁ_Q_h__@_~@_[f_P_-B@_@^m@^@^<@^j$@^,-]҇]o](]K@]]@\\@\ \\v{\I\ include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527)- prepare usrmerge (boo#1029961) * use %_pamdir- update to AppArmor 3.0.1 - minor additions to profiles and abstractions - some bugfixes in libapparmor, apparmor_parser and the aa-* utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1 for the detailed upstream changelog - removed upstream(ed) patches: - changes-since-3.0.0.diff - extra-profiles-fix-Pux.diff - utils-fix-hotkey-conflict.diff- Use apache provided variables for the module_directry: + Use %apache_libexecdir + Add apache-rpm-macros BuildRequires- add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in de, id and sv translations (and fix the test) (MR 675) - add extra-profiles-fix-Pux.diff to fix an inactive profile - prevents a crash in aa-logprof and aa-genprof when creating a new profile (MR 676)- update to AppArmor 3.0.0 - introduce feature abi declaration in profiles to enable use of new rule types (for openSUSE: dbus and unix rules) - support xattr attachment conditionals - experimental support for kill and unconfined profile modes - rewritten aa-status (in C), including support for new profile modes - rewritten aa-notify (in python), finally dropping the perl requirement at runtime - new tool aa-features-abi for extracting feature abis from the kernel - update profiles to have profile names and to use 3.0 feature abi - introduce @{etc_ro} and @{etc_rw} profile variables - new profile for php-fpm - several updates to profiles and abstractions (including boo#1166007) - fully support 'include if exists' in the aa-* tools - rewrite handling of alias, include, link and variable rules in the aa-* tools - rewrite and simplify log handling in the aa-logprof and aa-genprof - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0 for the detailed upstream changelog - patches: - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0 release up to 3e18c0785abc03ee42a022a67a27a085516a7921 - drop upstreamed usr-etc-abstractions-base-nameservice.diff - drop 2.13-only libapparmor-so-number.diff - refresh apparmor-enable-profile-cache.diff - partially upstreamed - update apparmor-samba-include-permissions-for-shares.diff and apparmor-lessopen-profile.patch - switch to "include if exists" - apparmor-lessopen-profile.patch: add abi rule to lessopen profile - refresh apparmor-lessopen-nfs-workaround.diff - move away very loose apache profile that doesn't even match the apache2 binary path in openSUSE to avoid confusion (boo#872984) - move rewritten aa-status from utils to parser subpackage - add aa-features-abi to parser subpackage - replace perl and libnotify-tools requires with requiring python3-notify2 and python3-psutil (needed by the rewritten aa-notify) - drop ancient cleanup for /etc/init.d/subdomain from parser %pre - drop (never enabled) conditionals to build with python2 and to build the python-apparmor subpackage (upstream dropped python2 support) - drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed - set PYFLAKES path for utils check - add precompiled_cache build conditional to allow faster local builds without using kvm - remove duplicated BuildRequires: swig- update to AppArmor 2.13.5 - add missing permissions to several profiles and abstractions - bugfixes in parser and tools - fix two potential build failures in libapparmor - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog - remove upstream(ed) patches - changes-since-2.13.4.diff - abstractions-X-xauth-mr582.diff - sevdb-caps-mr589.diff - libvirt-leaseshelper.patch - cap_checkpoint_restore.diff - add libapparmor-so-number.diff to fix libapparmor so version (!658)- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, cap_checkpoint_restore.diff)- %service_del_postun_without_restart only works for Tumbleweed, keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x- Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete.- libvirt-leaseshelper.patch: add /usr/libexec as a path to the libvirt leaseshelper script (jsc#SLE-14253)- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON to severity.db (lp#1890547)- add abstractions-X-xauth-mr582.diff to allow reading the xauth file from its new sddm location (boo#1174290, boo#1174293)- add changes-since-2.13.4.diff with upstream changes and fixes since 2.13.4 up to 5f61bd4c: - add several abstractions related to xdg-open: dbus-network-manager-strict, exo-open, gio-open, gvfs-open, kde-open5, xdg-open - introduce @{run} variable - update dnsmasq and winbindd profile - update mdns, mesa and nameservice abstraction - some bugfixes in the aa-* tools, including a remote bugfix in the YaST AppArmor module (boo#1171315) - drop upstream(ed) patches (now part of changes-since-2.13.4.diff): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-fix-utils-network-test.diff - make-4.3-network.diff - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch - apply usr-etc-abstractions-base-nameservice.diff only for Tumbleweed, but not for Leap 15.x where it's not needed - refresh usr-etc-abstractions-base-nameservice.diff- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch (bsc#1168306)- fix build with make 4.3 by backporting some commits from upstream master (boo#1167953): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-network.diff - make-4.3-fix-utils-network-test.diff- update to AppArmor 2.13.4 - several abstraction updates (including boo#1153162) - disallow writing to fontconfig cache in abstractions/fonts - some bugfixes in the aa-* tools - fix log parsing for logs with an embedded newline - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog - drop upstreamed patches: - abstractions-ssl-certbot-paths.diff - apparmor-krb5-conf-d.diff - libapparmor-python3.8.diff - usr-etc-abstractions-authentification.diff - refresh usr-etc-abstractions-base-nameservice.diff- add usr-etc-abstractions-base-nameservice.diff to adjust abstractions/base and nameservice for /usr/etc/ (boo#1161756)- Properly pull in full python3 interpreter- add libapparmor-python3.8.diff to fix building the libapparmor python bindings (deb#943657)- add usr-etc-abstractions-authentification.diff to allow reading /usr/etc/pam.d/* and some other authentification-related files (boo#1153162)- add abstractions-ssl-certbot-paths.diff - add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys- add apparmor-krb5-conf-d.diff for kerberos client- update to 2.13.3 - profile updates for dnsmasq, dovecot, identd, syslog-ng - new "lsb_release" profile (only used when using "Px -> lsb_release") - fix buggy syntax in tunables/share - several abstraction updates - parser: fix "Px -> foo-bar" (the "-" was rejected before) - several bugfixes in aa-genprof and aa-logprof - some fixes in cache handling - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3 for the detailed upstream changelog - drop upstream(ed) patches: - apparmor-nameservice-resolv-conf-link.patch - profile_filename_cornercase.diff - dnsmasq-libvirtd.diff - dnsmasq-revert-alternation.diff - usrmerge-fixes.diff - libapparmor-swig-4.diff - re-number remaining patches- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig 4.0 (boo#1135751)- Disable LTO (boo#1133091).- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877)- add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile to match the newly added libvirtd profile name (boo#1118952#c3)- Use %license instead of %doc [bsc#1082318]- add apparmor-lessopen-nfs-workaround.diff: allow network access in lessopen.sh for reading files on NFS (workaround for boo#1119937 / lp#1784499)- add profile_filename_cornercase.diff: drop check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (boo#1120472)- netconfig: write resolv.conf to /run with link to /etc (fate#325872, boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]- update to AppArmor 2.13.2 - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (boo#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 for the detailed upstream changelog - remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch- update to 2.13.1 - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - ignore "abi" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including boo#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 for the detailed upstream changelog - remove upstream(ed) patches: - aa-teardown-path.diff - fix-apparmor-systemd-perms.diff - logprof-skip-cache-d.diff - fix-samba-profiles.patch - make-pyflakes-happy.diff - dnsmasq-Add-permission-to-open-log-files.patch - refresh apparmor-samba-include-permissions-for-shares.diff - add fix-syntax-error-in-rc.apparmor.functions.patch- update rpmlintrc: - whitelist .features file which is part of the pre-compiled cache - comment out filters for the disabled tomcat_apparmor subpackage- Backport dnsmasq fix: 025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch (boo#1111342)- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099)- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing (logprof-skip-cache-d.diff)- add fix-apparmor-systemd-perms.diff - fix permissions of /lib/apparmor/apparmor.systemd (boo#1090545)- create and package precompiled cache (/usr/share/apparmor/cache, read-only) (boo#1069906, boo#1074429) - change (writeable) cache directory to /var/cache/apparmor/ - with the new btrfs layout, the only reason for using /var/lib/apparmor/cache/ (which was "it's part of the / subvolume") is gone, and /var/cache makes more sense for the cache - adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both cache locations - clear cache also in %post of abstractions package- update to AppArmor 2.13 - add support for multiple cache directories and cache overlays (boo#1069906, boo#1074429) - add support for conditional includes in policy - remove group restrictions from aa-notify (boo#1058787) - aa-complain etc.: set flags for profiles represented by a glob - aa-status: split profile from exec name - several profile and abstraction updates - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13 for the detailed upstream changelog - drop upstreamed patches and files: - aa-teardown - apparmor.service - apparmor.systemd - 32-bit-no-uid.diff - disable-cache-on-ro-fs.diff - dovecot-stats.diff - parser-write-cache-warn-only.diff - set-flags-for-profiles-represented-by-glob.patch - fix-regression-in-set-flags.patch - drop spec code that handled installing aa-teardown, apparmor.service and apparmor.systemd (now part of upstream Makefile) - simplify "make -C profiles parser-check" call (upstream Makefile bug that required to call "cd" was fixed) - add aa-teardown-path.diff - install aa-teardown in /usr/sbin/ - move 'exec' symlink to parser package (belongs to aa-exec)- Set flags for profiles represented by glob (bsc#1086154) set-flags-for-profiles-represented-by-glob.patch fix-regression-in-set-flags.patch- add dovecot-stats.diff: - add dovecot/stats profile and allow dovecot to run it (boo#1088161) - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753) - update 32-bit-no-uid.diff with upstream fix- Change of path of rpm in lessopen.sh (boo#1082956)- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429)- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429) - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests" to avoid pulling in several Gnome packages on servers (boo#1067477)- update to AppArmor 2.12 - add support for 'owner' rules in aa-logprof and aa-genprof - add support for includes with absolute path in aa-logprof etc. (lp#1733700) - update aa-decode to also decode PROCTITLE (lp#1736841) - several profile and abstraction updates, including boo#1069470 - preserve errno across aa_*_unref() functions - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12 for the detailed upstream changelog - drop upstreamed patches: - read_inactive_profile-exactly-once.patch - utils-fix-sorted-save_profiles-regression.diff - lessopen profile: change all 'rix' rules to 'mrix' - add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems - no longer package static libapparmor.a- update to AppArmor 2.11.95 aka 2.12 beta1 - add JSON interface to aa-logprof and aa-genprof (used by YaST) - drop old YaST interface code - update audio, base and nameservice abstractions - allow @{pid} to match 7-digit pids - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95 for the detailed upstream changelog - drop upstreamed patches - apparmor-yast-cleanup.patch - apparmor-json-support.patch - nameservice-libtirpc.diff - drop obsolete perl modules (YaST no longer needs them) - drop patches that were only needed by the obsolete perl modules: - apparmor-utils-string-split - apparmor-abstractions-no-multiline.diff - drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in apparmor_parser - refresh utils-fix-sorted-save_profiles-regression.diff - add aa-teardown (new script to unload all profiles) - make ExecStop in apparmor.service a no-op (workaround for a systemd restriction, see boo#996520 and boo#853019 for details) - lessopen profile: allow capability dac_read_search and dac_override, allow groff to execute several helpers (boo#1065388)- read_inactive_profile-exactly-once.patch (bsc#1069346) Perform reading of inactive profiles exactly once.- update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of 'unix' rules (will be supported in kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog - remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff - refresh apparmor-yast-cleanup.patch - add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the "changed profiles" list in aa-logprof- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)- profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195)- add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26- do not require exact X.Y version of "python3" - require also matching python(abi) which is arguably more important- don't rely on implementation details for reload in %post- add JSON support. Required for FATE#323380. (apparmor-yast-cleanup.patch, apparmor-json-support.patch)- add upstream-changes-r3629..3648.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - update nvidia abstraction for newer nvidia drivers - don't enforce ordering of dbus rule attributes in utils (lp#1628286) - add --parser, --base and --Include option to aa-easyprof to allow non-standard paths (useful for tests) (lp#1521031) - move initialization code in apparmor.aa to init_aa(). This allows to run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser don't exist. - several improvements in the utils tests - drop upstreamed python3-drop-re-locale.patch - no longer delete/skip some of the utils tests (to allow this, add parser-tests-dbus-duplicated-conditionals.diff) - add var.mount dependeny to apparmor.service (boo#1016259#c34)- Cleanup spec file: - don't use insserv if we afterwards call systemd, this can have bad side effects - remove dead code - remove now obsolete 'distro' checks - Replace init.d script with new wrapper working with systemd- add python3-drop-re-locale.patch: remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766)- Fix RPM groups- add upstream-changes-r3616..3628.diff: - update abstractions/base, abstractions/apache2-common and dovecot profiles - merge ask_the_questions() of aa-logprof and aa-mergeprof - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor - adjust deleting the cache in profiles %post to the new cache location - silence errors when deleting the cache (boo#976914)- split libapparmor into separate spec to get rid of build loop involving mariadb, systemd, apparmor, libapr and mariadb again (see the discussion in SR 448871 for details) - libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but with minimum BuildRequires- update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog - patches: - add sshd-profile-drop-local-include-r3615.diff to fix 'make check' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff - spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren't used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed'ing python3 into aa-* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in logparser.py - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition) - add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)- only install apparmor.service for openSUSE > 13.2- Add a native systemd unit which *at the moment* only wraps/masks the early boot script.- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage - drop upstreamed dnsmasq-profile-fixes.patch - update expired GPG key- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes - refresh dnsmasq-profile-fixes.patch- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- fix bashism in post script- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don't warn about rules not supported by the kernel - fix logging of "audit capability" (lp#1378091) - add support for the "hat" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 - update apparmor-abstractions-no-multiline.diff - remove upstreamed apparmor-profiles-ntpd-pid-location.diffs390zl38 1694065705 3.0.4-150500.11.6.13.0.4-150500.11.6.13.0.4aalogparseaalogparse.happarmor.happarmor_private.hlibapparmor.solibapparmor.pcaa_change_hat.2.gzaa_change_profile.2.gzaa_find_mountpoint.2.gzaa_getcon.2.gzaa_query_label.2.gzaa_stack_profile.2.gzchange_hat.2.gzaa_features.3.gzaa_kernel_interface.3.gzaa_policy_cache.3.gzaa_splitcon.3.gz/usr/include//usr/include/aalogparse//usr/include/sys//usr/lib64//usr/lib64/pkgconfig//usr/share/man/man2//usr/share/man/man3/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:30574/SUSE_SLE-15-SP5_Update/850b0b44dc68b8f0cfddea2941c729a9-libapparmor.SUSE_SLE-15-SP5_Updatecpioxz5s390x-suse-linuxdirectoryC source, ASCII textpkgconfig filetroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)C source, ASCII text (gzip compressed data, max compression, from Unix)PR%Q̜Iutf-87dcc5bf22de50d44cb5fffd3224f2932a84ea376e4bf44e4584d26e6514754c3? 7zXZ !t/'] crt:bLL )[ftTFܖ2_Y53.֊?]r4-77O)[|\¸FKB_;|?*zңLK(#_k /AuAڟxh&;kw1'B#m](?n40+YrUm(dOڧl}_k ,]ivuJy8q~]ܜ~ UQٰ՛h{c1s=$db|ܵ^ˠIoI=,cctqJOv$BU[$T}rvޝ}AzP)j+#|֤AZjJDd .:Lf@Q4V12B;;Mzn m `¥‘TtM֓ܪ5%K/ 񤬲r2E. 9NN?E$[GNF=u=X:[{i0yKj\"jRY' A/j#ύ7<9Z/I{3zC+gsjZAb ǒYC>;Q kHrsJu߰OG/nS6 /56ӒxXUȿaѹM/ ;pX?1g(Naly ,ņ \{\(go)7qg!Bc9ۻk,Vc{H%=5qty= U!?J}W HC&-eG]8lSID7FGqE$y(sևBtt+i%VbakU(yPRA7CXvV2;DJ ,gԲ5W\㉺K4 qU BcN!1(}|܏dΞ&2Iרϙ%ZP/UC e_d d T46Qx;MWz4%(|\,Y110/X+Y!“G%o6mj`tVLtixgSa|X?ҷHf5R=VpieP+ߐ*kjƘZL{lMG `nv;ƢMNdvp/ٖC%Oi`"VXqǨ );,>]Q3aO0;'DXp[oW$8;idf5$uW=~ӨB":B!@a{Oq= ֝`}:h=s%婢, &jCtl'5RPHz2wB W<ȲwgI/IF^_~Adǝ" 8q A]/aP:Fib@gReiޏZxѴY3[E9[ޙxc&$TĀ.خo4֠} dqC5p82s4t?ǯʩ?Wj~^w<7Ėu 5]'JCA^G+x=V͐o_8FL0dV" X_aA8 td?h`ʧO0LBYoMޭFf]Q{l& @yuRklj*j5>G՚Tž{!߫Ř ˞Wr:|iC*%dI3C+8CzhWk ^OE f2d&ewg`N:MU\=3?Gx@\w8%+XAh"&=~nZ"8B7S$cA;!)*@WT^F$=AT xbG" xgܟnF&U2ӧ5zm[roڷw$!ԛQ^W޹':y5Տuv<[mr@+⠞»B+,hُ !/'mM@:uðTTfZړl}_`Ɏ"U*2Y O]w7;ߘ@D9xk%lŽȏ񫎇P^( lO 'Vh®t\˰P Eqj[6 lQssM,"me2 9^`gjxT9c?< YȑÇP5!Jvm"4KS2 TU*ժ!KA0d?o/wvx|p۱[D-̋ќTL2ǡ01X%YEWifA*5,@lN~W!w7?ܽʛXOPK}uʨ R!-^'b >v9%c!YWe۴_um:SWc,W<0?6R_iQwv>s>8*7c/>z` .j czB6?SU^mgɭBx'VkXZV#6JeZոq]PlK'(gpQ{f2Î&諔f9o{^uE4Gxe`Ln@fY?0%P~(@R8YCziUQ:{ dZ\w3| d|<B9#GUǫrDk3i%H>E$DXNU_ԡ=zQŚ;28~ meTDH;$TAD՛G=087}t&Z6.>\u ;MԮ I=Uq{y(LD]`֯sL~U0jTr嵑^2Kz҅zДʰF2o8nq>KA&U2|ETᎨ6[^_cC}B=lg3l#};YkPHI\)-_F1x'H`V& ŒzLޢO׵">y-$Чh97C*(~*:H)"5Z /_@Unjzn[2 Kq$n5.+5_?Җ Zi<|#&B&DӺ,S6+联|;+ T[+0((1Ofg*?j!t H g{S C /v;xϙU+˻8^q ~%MdKuTg~ m47x쾞Q:TN6*Vy)j@J̤ߙ"erCƦWu 73L y|/}6r rvWAZ7pZ~uQtE j<IњhoQ>.=IJ+HwdD:Uh-h`eꊯ`y:>n"(TN ſj8t Y12O] @}k0pYt2I>XtW->X8&cPOb 㤿'@.n8" U9O꺂J/. mzk| Mnm2gl_13ȅaLM8]Bh ETH>muQNZ !;*I`t.I }*EEmG+s=3(OKZQ]vRSH=>ӿBLL }{A,C7{ԙ?FSIdPžnE{>} S UA/.r2Wꕑ=u2$;j͏,l]^L%)F-y- B紞?˒6^bPGBֳQHiM\LPmY$;2xEF 0f+m=$<_fQLߪ(gqBI _ha /uqKXaXȋTE+/{-8 E|IbDz ӵ9SGrn`kH_Y#2&6`qs-q i-<^tuTsu}=E's.`1)*Ò3Kt3*mJUn =SZXs<8kYoߨÿ1O+F(RoݒZdZ^0'/% j,{_Y]i?覰vs!Mq$Pg玭$* @2jh}iZR[S17cnCOv֋D exU0f_5"r9V3{rS ~av{-?FnOآ^6u"z`!)**_ ,e7 d5fУP86*`ހCG*Pvȅ`}%J ɢ.WDyo4%,D {;R >ʞSV7OnEٳpv4_W~y]odOb)Z 3͈$!#ɇ{X XyN40Y;?%U#-6ܹ-'|(\'kX :.c dټ^$KV'To}$[cro,cJUV *PuvtEMA~.L(2ĐUWSؖ/Zd|Ȏ ֭˖Xe;`~i.CR"$nN٠h.bmw `0#Ǔn[:%NB?DžK)Hd6"ϫ(24d%cnk?wNH[kByP 6 9 m;EH{ 0Q`9'xխ'[G35#޻peЇ[2I6 {N7%Ft !hZ$i#' `})ܕ_cfE|8ń"t0k/g{)*R(2bFݱM$}[]vW@p n "Lt&A-Jy֩ Csz5UoHcesw] Y>r$H~WDZ]lh}X~nq /Hs.1Y!gT~I y` uKK%X E]:A{g_Z*#OBX-*Jj;o~iqV'fp(56!{[?\y'P(mtA_$;N Êܙz})~NztL%H",;CqX _G\o"8rfeK.lHp48-v/7h6,%ftc" i[vNMߤ?|rI\Ae H0-!2-Pp$IB͑@US+T?W %>``Wb&'>S)'yY rL}I3|~ZGYͯ;g{kzHaf wQMPFG'w  E4i1]lsmrlWHl*H߮ /m@$h_t+DƘL6d/Р3YN배)`߃-gVc&v vT$y:7+ߢO38]-cl(=ÉI1!of;&cQ7TuƮw1Ҁ'SLÆ{bz 7RƋ>}l D  K c0/熬U/݁eLa^f-L-!WBi>407,߇QV492iC-б0OYePdQ=;rvE\M B\VUShZo9=V@d|<3WtPԊkʍ>A+!(LIKGEw`:QOlBLǭlUTK;͞h'ޅJ)ZC"TXWPIEJm[IL1Vd>C^ag^_C`Acwإkv>GaL7N4jI7]j#s,JЋ Mh/H| 0YzN>ɕe4òGa݃V9Vc3q5==ooN- Tl*E{}tc1;ymNH\iMhRIkG jʸ$~~-FabPͧeT^K ifd5}[] _-v;aJH @ .fШQC..l|y b?u@ ` C1W&l7V373;!`mHO(_+!@|2(9nOwkSca+b0sD6YG1Iw7ܜV'~e9zy՘N$x\OaIGl~2A7 OjP5?zfƺf1 g?]6Go/ cU@I]U{M0G?bIqg|3݈Dv?z! rs<4ɝ%gE-&s.T܉B9dʪ&)w&cJcnԽorcջ A(I_ݐdV"q.IK+j'O2}"x0jM.wUC,ob[) ŷϫo%Y_vVt'80pℸK;0JJ IfhqS.$.law7`,DVy+ÀnYmZ\\N~c5rOcj+z} #fU\NC<$sl-Y/CW&\XN\Ho@G3ӎcU!L/r 8#hKMun7gOã}K\*Xs_)OLZ*z9UKg'$`# ,Go9EMc‡xmw ArN]EOaX8)[=lEX7l~xF P CNU^Wל%05 kyn4?cS1U8"\Eg8PgyM3/#TWEH} bew+}!+4$.!PdEMW4`r">)ǘT'MTNL{lNeW=yۥj{pIr swHƌ.TEen܂M0Y\W7pU5EˆF۪^&Åqnex|ʷch@=XE- b*h| UHRs?ms%hDh-nj#;>S) D9Q>99)!V$' 3؊Z8-Rg3șPIb饇lME3f>*ZE.1}:z-й>q/Xׅ9Eˬب&(Tq ' ;`u] OS}+ sB&W0{U:k|k`f/'_>RD&L[b-׹d8״  VW}_yAu|ciiixȓ/&6V F'[Lm; dCChݒ-#jkeK`Q^:.K;q ]#4ChF &:P{fhP-P#=3(g.s0DXr X}ς+ڱhl4r\H^/ߩ^ Y7y,^ٜ#zR`Gt a3nA+ףNa)DE |:#`>&UQњQ^g#dC91iʧfvT!Q.%G bm>䪈F'7Tוe gC;:r4Hd '+#l|;~Ui0G-G.cRyt?'ہ7ބ\LdX#L# EX !>yxnsHXYS)[ۃ. F5rĠdjщ wd&F4/,'wjcئt#g4[lN=DloR[p CʿD -F'B'ZeI¤|7ܴH~qƻ Vw>GLcr+ 5d\ItK>܋hQ=Cn1 Q`F2Y0,I{ ˎ27hp;>eLFx~U+؎u!P>x Q0&|P8BifPﶟ8dze] Z!e .K3rʰ3ZHԚbڳ̾UƐzY:mqS=+Ai5mD#4hԘ^͏q}3.72TB]!B{%q)k#|p2Tۜ>!Ög߱&;G<r & ƨVZ(n#ѨU҈y94' uceiQVtĭ/VCLhu;>mAA30‰'mep1S! }!a>iH DڭiG,2K/5Vhm0۰DDɷa"nGx!%F;6y~(GA:;ߴd56g' !dUY].K_/T**\ƴׂAs?LA=HӔuX):HIF}/ 6TU}3[0HCx_0uTbȖ&|ø8˄\`9k{oBBs*[}cHhY+q'[X,F ڽp|lsJFf(i $ NnNDxǝjd0&%rpұ%e_ 1"nFhoDCR!)t'_"`Cm7fB:0i2T~Gߧ(7@9ęP$ U4kJ'bVSIk PZ'}*[zky *24YZA㷖dC`RLQ$h.5Xvv飏m*çzy]u>7y.b'l~ݺ0WԃIƳ7,q;sam1|XZN Oo/?ƁYT`k}5^22][. WvK0:do8(_+i!>0 em~WRϨUн"|Se{> -YxAn?PLi!gQ̯bmEޘd8 Kg/_"\^?^(Lݩ̢P9d4U+[,_ XlOZ_eTmc:^PHާ?HI921^ 91v{TIX%j~2%˼{D8u8.=:WuшT{"˙CPVed]'壦~BƅDjY*;@Jܤ`e#Kkp6cԸFc+ٟX $UR}KNNPه-? ҂_vIoj܌/? ?eMY`·|T`[ ɟ5Xi|ۨ 4|W1Ov}V{F0 )#E8n4ӆ(=nGo;rI3oГp~VG['^I^d@cIg|~d?yh+|{֑@_(EY'gJ>N6Pȳ ]C+?;1[F Q}c x%|8G"im+$ٽˮ'`*!ID&֯ج?Rڀm"^]9Ocn픉 خ͌/IO2U^?FADp|{cLx V%؃<ɫ;WWF6<PeDM!A+}햌-t2^u5Sqh[lbj_D&2bLRQ= "̪L;DQZSX+G -Ԇޖwn(cA3N>*}4$ݎ>Fz)(g%oV+ ʣlIuJVCxt^EW5=~\yљiRnS" p?z$^쯆whe7~ rE8Egt6Nku^SE}L-_A;?' 3[5U2%RJ}/8;0r˪I2)CoQDs意{vwXcwdE1?0kn 9ƖN jzl ?Wv-ne(rf7PB$({1~:fAs{[צ˲umq;+G+aU6RRB_kTZϯj8LSN7Bmty$Bo/'Z1i3i+頥' O|%9ApQq鮔/6q./"I/ALåW]vK3g^Tgĕrxwi JZyELv{ҩvMnb Y b{+n9 'j] ]ީK`J(^j}hPY@ybScc!a#59 ,~#Ln6'"n;tG\+8: _7,'DapD㈭4c$4+rμ]`SנhcL铪sC6>SO|6zEqHjF!B+i!aB0mՁ!zLLBo- F 6aeCTlUR%GI 2/RO3Ŕ'H(8yT3v]t21:S K`垄lr{/KYwe6I K"ƽyѽ}t86,"*S7\vbshG"?t^N '7T[P _R~6@ppb}MYCTNcܭI/%ISY2Lѽaz׾M^I!BΩݠDk }Pt棰f= TcSGzB3#xn4 @j쀷T4 F1_e]iWU@^),4sYIx h.ztRQAbp-._\v{I]rhyqnʕX7tPN+~P`e<:RS·kK6K@91ݹȷWs>Qo|ĖbN\ qv8=N`̍3=W*J ڋD|9m>)P5&֊uΕV=32 חlW8!}tw_NQΎRL`^qmy[@]|a''VaĈW xi"R0&|\Cs&ʬ[Qe0HLuuB;!,#n#w x2y:q4oPd-T!8q]ꉝ o{1C=B m7A)qhI wc0ܸ! }`mWE0 YCMo34/\i fwoLhLtߪ_c1I{sW&Hhz f[~&K~Jz>C ^)7֩  fCn [a O+QwL|< LT;,$lp<¢U K+ro6*?u /U.@c\z0큷w0W2ylZ^ʉ)I]Pto[' YkhDEu1MFi=xPu%V  Md_ Hk m=MH~`,t&Xl~ۢv7!0Dzr5^@gd,74Rߠ1&l5o8%$\RiAp@5_nڳ5$M7((\fnS)sQ'4Ly2=,{8iXsioxRUd~z4HJQ #.lXl?6rÐ)+zzP]]'!^N8 k'3"ukr?5OufxD\x23twło1R{;1$GvO*,;<ՙGeL>{uL*PkEBVQZ;˱&9%! MMsA@ũQ8 i+FQ)a&tg:,61R!,dW-spDPMކ h&z E_jbY-݇$Et ]NCDb1 jP6=\)u8i,j9gfVf^~ԊPYouC?W,g{n$#ATᕓ Rrk,T3au_Mβ5G2]#tzygL#mO~ABRhKbZv5oGp3vY:ḽ YdNp8u;AHeqû`ҁnÁnlb~uK&Io,*Bܥg(PD"&Eg*SH2C!OU2X'&v(ÆPs%p@T6/I2=ͪӽ[@pc+0d]1r۬:Dk嚏[,hW|VS-溁T2?K4NK{UJ]Gsh+RuMИh0DzaP6rfQQy 8qf:$pf{ampEy(bP~|łJ87"`0p=ss /!,mz.;8:YX4Ba;ȁ$}A: Yφzvs3B=`zc+n0=?|LAYo9?M ;m,{Z:X}u?JI;HݧlXI({UM%S{/(fbG0~;:h9C١+e;E w:D'n5s?FƩhbKP 'NL3v-th0lݯF0Bvǃe֐\*M,&'ӆrio&XTŅmͪml%6%@юuo)( 46}@;ï!4;t9DE_bI)jAy+:h@-ڢ쯴\z{4)Kτ=[4H̢"]Z9$'8ZnNNʓU@نjx~4[OQDVpcv}>ڻ !$a繸ayūF(ֳ67 NJjZ%3YH8 !&f 浟'.\ܻIxuu T֯c+ZBжu~ӟSvR!2R;T X"J "K.lQLfػ'd]T^sj'mL@96&Y^;Ty[=D5>OC+!VԄ !hFxV-thNge_# T j9) 'h~I_ƃdr ^cZul+qgj(V pX(J%A+~ZO@=SKϱ22xC_EP瑞s4Ca57 0[;285 uPdN_qS%S uJl8r)ٗL8G/,ĎLI)U}n2}PrOeu5΁ڻ؊+p~M_at\SV!=(Xzx=?)`kݖ4rD[[F;b1迏5ByO˵̧/0LŨ x+-SRQ2>n V,u\IVUD#-O4@Ca7UE6bZ=xO@`bQK+'?{ Dy he'؇wrC7Ԅd1xw+#ŹS10jRħ@򵒾q3gs}c%COQah[lX;ԓDY/w$ͺ9Y5oڿC$rn';s2:*g5;eL yV˵lRQZ^ [0--jEZrA+|ÿquͼ97f5눦#‚{GYN)ĉ~@9ڽNq2t|y~;- L`6h@kq݉>d!yeJ[$Ky.?rSzȺyr$^m(ab`n0pEmK-5S{љ[naA`ٕ7%BrZdTr˖3f"mQp[)X8iU'n2D$7h~_%<䮾2$}Лm>V2QaSEВECOPi3mCy ȩa ^WaA'zSɔ_ȆI6;o&ǽTf@L.ZtsZ"GE._RwDGxRz&ZOcw傜l ꮖp5R |1넚H@^mؿ}!ciX=Ϡ:5О!}u "yrDomR='b/"]ӅH,$ ڦTy@˷%Ax!8jd[a1?d.A?U6_懞ӑF5..茦̢C{#TzeY .&QK!];;t w8H_Vl*N(rTV4c1JG'DuS8gV-|sdsO;_eX8 ?XIv&w'7A^`5q+D%\ VķXUd"lc͇+751˔-XjGX#1*%*N5͍>]0\JBK7+N131|bHRRUE/ٕمjVأ(yq*J vz5^Ncr4C(.YԮ`7gdoQ'g#;?uw;Z^\[,hMEUNv)KuW3XM  ӓ3os8R`t;%[֛Roƴ h-%UȦZfxMzT"kuQ+=#(hc>Tg¥rk#3՛'K$YUT3@# 0y7!qJ 4i߂Drxi;7.Zmh ̑aiaOпA581Y3Ŋ~/5VvR>`Ud]@}ky y0<]?n#ĵY`ձ r?A!*|h~?h^e,g1bugȖ/3%C_"7F<l9:n_ ql bfW 9G*`$(&hP~1dy"Y3=sIyzXJ!C$fa~Ėsυ6 el:%cBLKtB;qpR([vc͊i?W)f׮fѽ3٩{9yH[ib |54[G}tB0PHCX+@ŅqאCWlh9`1D]ǵ :ЫS JO-݉5VLVX.O"RWOʴ: 6דVUu`0ul23k_nR_<=jWiAB7oc 'ѭvc[U6)F^)XXaӤ93KLFh;.nB Bol]khh7i%lޡ:w)\FQͻ-=w9Mj@ k ʙVvXf`5eMh(G5A gL^YF[Q(VL?1뎺PvUaOȂ rdĖ&Y\ΩR1LP`| NdJI^ ̵:ɾ|]tz(2ȁ9W"rLf$l>fwOK#]z Q.IđI-˿~[$˘꫏M[-9F~Op"hnN.:K-ijj`^lksN !<ԞnoRo= !y}v: z bJ8UB 7d.Qtuھ^ "f{=G}X+ unIFUk5ƆJ L*/~ݢJ/I=:FѷfQYU6L,EUf26O5n*w7-ʟvB T%fQC\K<| k?lh$J汵}A`o/F&9PV3cKq9|yL7Qю~5ZεWG\׽zcsQna-<fn=ms}G{Cas*n/1CpW)9^gg sВHm_PB9ۧ=s+>4y24ㅻ~CTXaI8bW`8lڶk)jYRDIIr8mb%]LZsYE(Tv Ftڶ&8G|GV07SnN ,~iL%2$*DF6yf;7HcJJik0@VcD8җ$M˸%4 RN[}=/(mNy@]wwd +K3Τ'NҒ?^\rʍ:vw]fD6?()*T~`i0b(r@%zt]j&cέ\ƦR6%GWjXBIڹ-o~ОpJ ɉ$]>/*tX=m[Qis?,,\48s=Ǖ%)͉`YAw}HPtO Rz" 4]3ΤL|y"6BZ@bFb]'(WBN6, p2u}YÒLmR|ڳ>SX$:ZRh#5p$-\"|bZBAhk'bdzJ]m'vՏZ>Ufs`!;sn;`wHgd(GY\Wfd J evaZ[ia2tFCZIFwM3ǃ`>7ţ2w{ $|:8E.Bɢve݉GBl~3L?S f*ŝLҜh6XwVFZ_ mS*@y{sM4'B]ظ={e_xܲ BDVn_u1h8+krrJB~Z`qZ<;Mo+Tރ{Z< :,>%k8K2ܪG<x2 fv7*Z m.R8sn = @qaKF@Q Ȓ3&c:1žMAj1ǜ_;\Fo;"CQȼg~S> 0- BէH i׹l>&JyTPY]^(i/1顡F`yVGI)ԝEXMaE=g a#嘋k*ż/A}H5RmsBKa[6C1q.bY\/] w'kp+e`e7Tέ2[쇆I҆]]Q[HF^ 6/L* RHiǡ iYnoxylAAi J'ul_#e&+ ?0p9YR*_G]G8Am[ @Y7.ϺO=;\VMKWA P_ pߣ,8!/%|]> (8:FjΞNġMS08{NA{ް7-z0(8zF7HŝLQLՇ~7N`.]K .X%Tm\(ΈT6bz1ٝ߱Ǜ4-"r%w'4v q0pwb$qsw▟l|f--WB4 py1f]fs/!=CT؍qX=ȢX@C͎4j|a{ٚ%aǛSf&é2Ի;:I3gw8h.J2\Vgf佶>ƫoh;U,k2^:½[LMD7߬L>x˛4ĥCkVYeN -pq=*ؽxo9rڋ,<(ϊ:#`{9{VE`u$!|l9 Bj[nz1Ym:הG`FaLzۡ3b"LA֎V7〲bIkņxw Q㫭oy?xe%æNUhn3F6bI@vQe&@t acA#tOAt]]FaNW^^=>*#Pt C-$"T6.R3o3JP8h,N'f77G(OޣԞPYjT 谾Y]6z3'ӤdBL$x|]^딐T%/ʛ) ayYE1x!!KjD5|X?L{[ىyt1hP&lnm?>'b{bǗMm&a0es0 O cf5Q=·JV `2^5>ZÎ5UB4ψkhN?gH(̅uI2sB|]*٫XpAp^Xmb u6E'j ǬKm4+h+W*wtAë1uY /¬$){3&ot]+&ʇmFן,H-ĨT$vćCn>y~)45XVlg" j;ԆgS}si_Q.[LY(y `|\ov#,4i7H"ڒ@,Ց; u҅QAc7p☬늴Sk4؛!i_SpZE{پR';Ѕ'`߶"ori{{xglGlK dQgK3Mz#R(^b}Х2p+y(SU .E`%g#5/<=3n4dr18f)D$A$, |wmU݅gfbCr(YZ!",WʮvpPеpv5,UCm?C ?fu$[X[xiH ;=eLy9bы=]uPnl=288`q[![ ]s|WƱ.b"K&g68D6 #Wc[ܞ[ hB94F_21PO,M_Q I͑R2<@~*VXH!x5*)~~hⶥ:kZIxL8錉yW(QԼF:` * !fX2-hSM׷/X$Fg_-Z!" ":P* j\h߹Jh۩:V^n=\K ȓ-p vؐϜ0*/8+j3ԭtE|g̪ܢ`361ȳ,/#_))w'kCMř%MTv-Ɨ|C٘bx :|(~ɩ >97_G͉!p=~@v[f0`>g) ;4A$ ^|ŒuiI fZ LO}'pcɀqj^~QcsxtM&A \P nGeJ/:):u8<~6UT0"iIX,X J5C@uzSB:4N& iih.l&?aB_,9ܘ2̕&ҎZӨ?يᭁ&=O%\u-X(7;4.2}8d&G/6}N* /Uo{ C pj`I3sZ{`$G!gWOߊ?3&.\^%%_̓TqԋikG|gikEAL®,K/oԙ{  2=3\ߝ>[/ؠ.degkogu9ROB9[vXa;*QZ4% F!! ޶$#FIiXty]uybz Ư0.D7eWgٴT5KYZ9r>(}Rrˎzv Er挕bqM ybeM W_m%abӯIkNX` /KF[j[KI V莫wٚJB6'ŧåפKu{0ҹVO."i ;2[ro#ڨ¬hˆ }gSFf-uϧUu >flL;]P."&E+X-\%-89{z7q}BVWh~u7Cգa,7bTɞaE*?eKJxҳPlDɉk$\}~nez@"Q[7+ujUVCJ=|9-oeaK"n{S ׃m텛<6_3(iڎu =` I5('Z1(6]uzpXѦ$=mҠr x}h<4.~&!m WjE$nhku nK/lst-H̕As'1v3ܽ'95$Dt(.Hb׎@j Oz$=3}%p@\ܙդ~&$-|Q >G>&+qZ>AIs}YÓ>>cu1"9O-lvPq"ɹ F9΂T(?{Wg)CLA *aA/oƶYTCr$~]Q]wFi{_MՄzQmhb҈qA3Ͷ|wh(7l2B)w䁫Xl k_ UMC0[QQ/M$9yLJy7G6.;zj͊_Dӭ|g{Ќ! )#՗rޘ./a]Ħ1ə?dy6xY턡Vd v~-({ Fĝ]A389@ ӫӏLCƣ_BkX:}IhZIBxBZ0{6ޗ7-`f9 NW#)OI[W @D%d#2[l-<ʩȈf"Ott)ϤVNPp <)JMNq7 K^G \莸g RK'Y˼C5AH=aJH-5;W5Ԛ#/ԑ-B rai90D)ݛ@H^eK*'ۨCZR:\ä=M CoP=WJhIϘ[ٷԮHIz@ewîCS5 ͬ!9(E 3' 80s+QDW_OIC2BP KQh1[* @&=jV5`*o[I0yۃvg^\G Ea UJxfji9/B= E'N'&Nò$j Y8,w 8U\ZY?l8.kH%{lpQAw(UBwWW>ý/xHCRxk18l2A/@)mq4P;Ro3$byy:ʍ$c5ԻR&i?MM ëC_W|/An z'6HrpK"sxDO m7 [0p&CL+ҊHVXQ2*l2Jy҃(8Tl=-z[(0\q_I n\duͶg_52&zW+(N,|=ҴF*7CW׽&,CB;UFr/ [m(đ/ay:QHMM%w˟G*2Qvi~.Ps$t!z$֟}C_ÒR#rL=H vtې_cpr87ĎhHUA#?q^IWL6-T$OE)횠WȋQl:]zȧdgٹX8 j;Ǿ2* o(@9LTLn0?/}Rano}'SVU*\4+g_Y԰jظWdwXy?Y$wH/=A~(S G7?=u)}Ag/6?|PCqJMg]ve\W$Hua~9Cq0 ͒5Qj'ǭI@`0 ȁ1Lya$8CU *&Yb5@giAo_k>H{*|Ng$3>R`ѹXqg{DS3H>o?{L$S~LKI @xs[_ };~nഋh/ߧH'q^w0VIr T:b6Isd ؖ Xy+͕χ/!`Wau$ &ܶ`6kB  9oQw k(>?[U줈9M-DN0 o5t-&/ia0C&"'Р !fLgѐ 5haR TJoBy vJ-2"wWD1u{m¥)*ZIVM˝38iNm]!W*w8cI @뮆l7ץу3 nleB_"p M#D}Y3P)mJ >gd4BU%{j\iK*܂iJGXt5Cj~B"+/#7%F\6+Pr~bbH>;3 >KAMI*{,ɤAC ߗ>٧6Wi]<>57;QX4;\5Y/XP]:Q\EZ?QJnX \j:wa(:MV۸U,*!UbrqWrPQ*B0zT@YU1&a8}kVbLΥ.L>_8lcPrR`E&UHM[Hx MEa\ϣY{ߴgh[ Ҟ`Zge("qu@w0s$$+4%&xn_X7S0B3`S^h yAc|"e`zJгzMhG$%RaI];Z|I3m*zG![Q{`?@?`CjŚY47< TAP lSD=eE iUpIzaNS֢Cp#W8f\i"DYEC^t=ֹg ͎" HNS_|'UZXqd||]rPg[0 2rSq E:vx(IFAΜ +$!4vEvaxz;#|Lȓ>}UD6UFl:zpwQ)IVEʟHwo;V@l9 2hg e ʎ:Z܀j=ǞywQ>&8iɮBe;uhU~)rz^a@NFXRB~sC. xc8SozGV+hc;f={g l+[$&7KE}P}n༓G/q3aDSÞh9lM$\7tKW9 %0y|7ٿi7Ajq'Xz'FEr3" @J5Kd Ęrτv)0|kQh(qmx.?eo%$̫BTЫYbCf$2l;rkp/JJΪt|hva>:pz،$8äOaE`"yRJӻQ DN慡kLBΐ}ߕ', LIIrԥAx++eMvLI Wk曔&{!c/x{w{z7V Jb!hN~ħx+^= 3RXshgbeN1 ɕp󧞵a&x_Y ?*->ќO * biq1WTwMBk}yos"199Ƃ9.'Sp#rS,y k/(?5*݀/nm㗉yH`FDqC;h;8=/l1=FSbN'n+0$ $KT~Z@I^C$70I=7WOC'Ts*?U(RݰQ:_ }mE`)Q ^JOj?Iu=9i;c+%;Xͦ]4Y@FcHM$%4@S7Xm)`pT*Pp DAY +68[=x`? l)1`8iM9۰EQ[E+ͼnG<ުɖ*y3a8<+`a(&V0i]1ݺ2Jo\l"IGVVL`Fѐ{Kֲi >}բ'S>Nl2Łgux"lRK>ZceJtJ5b1dR,GGwF]|T7t^c7@gWG>VZakLr~u5D%j>Z3}ٍ =S-,ǧf$6KG:ۀtdsiRnb?\FM'oFyoD3?z4.qUQݢAkc8 O%^;qvD劾6@hE~4Q/[&ː:?KʟF]a~~73[$3,%zQ.@ܛIAymGLF ο}.1^yQ:ip_b-cj[RiO6m)Lz95y Fn_Ixl/bڥI,?%a}Քi·ۀp#.ZDV%Eescv5։QVcH0Gw54q}9 v"!dմ]z{ t/|tݟĶg(eZGȵdChO>/ksW(C@v{DGy <x|ҿC= h|lχ 2 )KgtT'YzA>ad蜎@ފHjLI"Z^M1όX'_Uݜ:QEACɀ'.ΰ΢Q| D9%}$8c7\DY4?$Q? E%UȡU7%_>.Yu P«]*` sUE\Zv4ABa@e1 @X.m3ͯJIS2'J ${sI`q^D•=Ci635~^ۀU м֨h=crRHք C,Ht-yQUbB&@V]=a֡&/q`RS?ϢkȖb~w"bX8ZK& ҡsR'@&nTZ!]x'}T s8ŬK7A$LľU!`kߠ ~fB^ܮ}m]$U x"UUӊ4Inrto N9btiIk$:*VKy-qe0'a] )tф'g)`?sϵ O4rQ!{L#z.*ﬨUi*V7I1D5C)pKt\m%`Fa E q ya`h7#c\bM4yY-F?ZQ"6vV/1T!]B3{?!Ň .Bt89$-2-ke5}Fv6TW-' NP'dHҥu"q*Mf%wIKۭNUoGԩ?OcL<.xjcUjςk$P>g p]5A~&:DNaQJɩL8ZzӎQt:Vqg0sc7Mɍ*ٟ`W^D,ZS:-:Lu@CY8ziV'JfĞy`\FYcH@{Ko[ZUz X&{Hxޖ~YzgtXV` uUR~XP?ҴC?`P<ʁW 48M,ZaF_l3Cv#g]2;bkvƧp1 L+f[WЛq/FSO[|@ް%5=Z^ yU%IVn+8O"Zs{|v)ACwUKtTA4Oxi@Ĉ6Sy0-p.%->LO{7#G4*۸ʩ1wަ3*z'O׼s]Q| c@եV(d E_-n=3{Pr._[NSinbbaL/m'6 <_U|Z}1mv]P#2C]Ҹ߄0rKG&&I'7Q1X niXTFk'Rߐھhv pg2B:lvF7yuMLSƱYIHwk8 Ly;4^&!78L,h^[,>JX JSn+HcӨd"!'ˣ.+㰯<`oo!sTYZL73ĶJZ3T/CCkbS^*-|}uȢ? }fBjtx(,qRjtsA=7ev`X9 YZ