apparmor-profiles-2.10.3-16.1>t  DH`pZM/=„1pR+awfEµj#y#Rٔ"² -i?f I캩O\:Sc+z(xhԄ||a"~ġLaG{4K|ܵ1X_=Ahn#R1P,@g\VuLX1MmCcv=sH0!jn5N$v V1}UFHlO6(vyCp6hEjd'V4yO `XI3=OjN6p'![6.,5.H>>L?<d  b  (.5L f     " #&<)--0/0,0H0(181 93x:=>BFGHIŌX<YHZh[l\t]0^bdcdؓeؘf؝l؟uذvlw۴xpz,Capparmor-profiles2.10.316.1AppArmor profiles that are loaded into the apparmor kernel moduleBase profiles. AppArmor is a file and network mandatory access control mechanism. AppArmor confines processes to the resources allowed by the systems administrator and can constrain the scope of potential security vulnerabilities. This package is part of a suite of tools that used to be named SubDomain.Z+cloud130openSUSE Leap 42.3openSUSEGPL-2.0 and LGPL-2.1+http://bugs.opensuse.orgProductivity/Securityhttps://launchpad.net/apparmorlinuxnoarch # workaround for bnc#904620#c8 / lp#1392042 rm -f /var/cache/apparmor/* #restart_on_update boot.apparmor - but non-broken (bnc#853019) # (copy&paste from parser postun script) test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" -ge 1 ; then if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then test -x /bin/systemctl && /bin/systemctl daemon-reload >/dev/null 2>&1 || : /etc/init.d/boot.apparmor status >/dev/null && /etc/init.d/boot.apparmor reload || : fi fi&W79=;BRDCEFCKJCICBJPCII?D??>=<<<<ZGB@ Q$xqpf %Ds) h  $Yv  b+pAV{~ D4Y@G 4s. YV)  n@ @VBJ##Q7*5e p%F2 iA큤A큤ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ15c4529e5e7ed8c949e3531d43e2ad18fe5e616a62989938dde1228c59395a3eb2c6b40577b4099c584cdf731f5aeb0b9c86af71a5a2e79a90d1578679a9c0c036e2825bd2f5ae44c106cbb94385fbb990b982f53d8958c424d4ac2593d120956388d08b128343ee8c50b4b072a010cabd7d3ca710534fa9fce5b97c98a504cc8c175c2e21846386dc0bc746a50bc911d2fbcf3f5745cd49ef0695b1ae0740f330893cee3d67254abaa7f2c963c7296f04e8f3e3c6b4cd2f64d81156b1cf3caeb67c0d3fe9a3d56acf88b4f0b840adec3bbab5255265539035c28872f859c9dbb79ec25190721ef2822eb1baf79a58b6c9dc8197e5e3406c48fdf0e1d511aa77e75918659946eeee602ccff92737de14b95e7b7b13c9556f924cec8ea4b2b86062f7744be6863b354f9d8f6b5984ae304a07a4bb25e474d33b144e4cd56410ae1412d2b5b0296ba5f23a96f3f40e8fd5010052c2180cf07317bb0c7b424bbfb0ae89b1f06cf98e8c6e19bc22ff9b858bf0d0ab0d7b90471505af550ba7f6c7d80c71112d3f8ed2fb87cf9dff59a8de3e7986cbf6809be4e67ff8785fa8b63c2b8ac1503ed2f1474098811cd938be234d5f3d0952b50707431930a8d74d0d5bbe6bbc8079e6eb86a910c068583799e9519801d69bafef27bed6e91e1e2fd1e39ceb048c9b1b37ba29a6726a06cd9a2072ee3d12e53b92252a1debe5ae28adb147343a381fb1296e91d2dccf12bfe5af4587d479bce0a5228b4f9ce1d8cfb57bf499f7a066a2389137db7fddc2f2626ff5b6097fe97b32c87c4615416491e9c4cd2da2e411861a196f4df0324c99546856e363a3f724c6aa38b0303f01cf1c125d90d5395c354a258daf53dab0864799f61283b7869ad6a4fbea8054942759b3852871c08c057dc20638e1b02d19cff602cde65fd4a75ba32e5492a24c90f938bd2d88b0227c3ba2c20480803c99a834935ae96b8dad4346ca654a5f2703f25a263ce0e745c3979f70c80dd4655743848a20cbe4ec32117003452d685c77ba296f1cd90d33b0d8da5af35dc773222bd96ae46d05fab9c3b450f6711fc23a2fa1510364a281686fb5ae65f4338530784e8b1d2eb218847d2c8d1822ed570d78208942c87df3004803fadb224b1866a7898ab9ace8fba53fe1c603691f3667826b9c8a968a437ce36b0f475dd85f2b150fd119eb8ffca3968f3f8b064971a4271122c873aa4704bda4218c3795a77340f19a00fc3869d2cc8bfb2e20e1efa33653491e542aed1341cb193db4491a8d231174e62e6a0fc8ac3b166bdeb248e55ba2646cacda1833b70ad888aa9e4b3cf596adf823a8968c46a400d35fdb101f9e40a95335e88ced90a3ce8a2f858764bb206fe124ac6fe833ba2b279436c0cdcca72a3edbdf9b37b9d7726993b73bc28c077c1ed1ed4c25d2bedf511d33a3d1e8933dbe66fb178be66815d936bb68b0b50e6272b2a12d30ae33043d2d0cfaeee4c363167f6c88c23eb27462170cdac414192d8386906b141039540e363aa835df136fd76b4218f0e8093026a156233fbdf63b7b7b09ce57f102e71fdbeb1a65e11e912342322ea65b07e74b2e9379332f855d347f164bd59cf59825d15190bdf91f2bde73fab7235ef43569d18490729d3adba82f04274c224f68f864896b0f63f1f509bc39622919685e739e4a25c9bbf3be47d3c79272af6d6285967e76bfb2ce31aa7c0c085dc9a9f49d2eb2661aadfad5ef12c01221785801c269d8a6a536101d27161ea898eed80a0591e77fd8121c8a868fedc5398c5d109623e907888bed373d8c93933c72d76c50e43255b599c3f07bf06b8bc62762aaed6d3ec4f4aee49b1ec40d437e0c26784debcfe408392057e5a1cd881a7d1011db007375669479691be2cc1429240fc7b9722e74f4a9a6975e60f1b9addf2d1992023d724bd0e7df8e59e38e24838b5ba637997d0e1cbf10d0d4e5023a420bf289e8ca98c981aaccf6d5cbf0882e135ec9563756a0d1f689be331e611861bb0a784ddc1285a6744d080e785b500a14231cc037e80691268071bb05e61f20bf1bb590d388b6bec639f6944f5f92f0593696b900f0167d79325e92a46637b7227e7db98ed1fb36ab0af7274c97dd20de73add5ec9bb3933f608395225d361048232952a6a980313ed2239cd3deea4e80841c98292dc87288e1e9ad1deca52ed9267fba391f590ae2274fadf24f0bdba1d196c982c016ae201708f9a5a5ce3061b27e5230fc493991f248f858daac0c3b127f1ad0fd2d8f986987c2b0d4ae8bf1694cdc64afca2ba8d2e458eaeab5b4ff6b5f0cbaa05af4e1eee325871592b2dd93fd7f2abfbe8a594c854dca96fa327c7ce9b81c1aa819d7233848ade36076adda0f3a0af526098e219f6c4386321c40cc0839a6346ec131cc293c1849a6854327f9ac282cee8569e8a8c8be268c334c57c4f3bf166dac21f6b3bf346ced05b94f46590b83be9d5d3dd1c5ec1843aeaeaa2d3ade85663958374cfc3541b8facea9b40901eec922e694520aa5ebd658ffa65d64db949ee11aab1824d7d7c7bb9af8154cdb4ae2428aa537c6f3a07752de8502fd2ed01a3349b78b9818193bc40a321fe7897533cfc819833d60eb17f1994e582818c470f4777b439eb2311cdd180dce81ee09d193757bcd7270f52ca30a56bbc61548025527a90b8de2652d02cd4606f636c059176e971d41c3521ee6a925f48e85efd1d89a31d2455000f5bab9bc8aa8a19670b74aac714ea94735c234ef5549d79259ec50def7212d228bf46af21631212f9df9a11432a5325c79b3be9b656a95e874f30a7a5cde702d0381ad13fc8c8f98a05bc59186878eaf55ca0ae01ca7a5de2a5edf435011185bd58b9e1d10e9fc25b7bb80ce08c8d1eeb6122c26ab04d6ee10a04b8962484ed59aad5809230e45a09d8a34cab4381bdb1690c682f33b4bf5a8b669b8f40dcd0106d304046fb720614c06a0af974e2ef050f787ab0e02516030aa34e0bc85144ac61b66d0c99a56b4dd36f9545d5ca1d4f8a6e9e5abbeca6debd0167fec63387d27d91e17cd4bd863b63989e00d6d37caeb85eaae862a4bbd1fe52064e173e7ff826436ac57969b26404574b8963f60007c4d1554c7a3baf886187fecbc24b941fa74c0f6c2aab1125497a7c86b08ee721739c1cabf2474682c16453773e8201e5fe84dc0b91f7dd355b792ce729d2ec249bc1b6a38433617e7ba288da6e7444df9a970c8feddc4b09c18c92bbc120f819418f057485fcadce0fe15eca04020201cb1a91de5fe9c5455822c78f0c07b62d18f7c8e40b5a1d9cba8e14b45065a992730ccf7cf375914bbe42ed3e81421fbbcbff23534771ed877e9c497341c8c2cd925cc02286c5d03a5053db17ec10bd0276dfde2b996050a8e04e507c63480400e3f2000ea4fcdb61e48657569ac8c9cf3cad47cd430ab82de91bc592cdcaeb8ff1e42bf0cf3c5263693b93e08bd32a6c11b50440c4a2a2379c37751eb0555f1baa26f52e741779b63643c1ccbd9c90659e3314e8487b8ecad418d954ed2750b9f66e002ef060346860f25bc70be53c31cb65e77b18547718dbed30812aed6f4c44926e570aaf8565b0126b464c09e610d2e47b87d05f14fdd21a5099bdbfdc1a3040198a2a3cef98e7e49e82cfeabc40d8969d4d2b288b12d991068d6e01f42a9178148a12200f3f56f91f779ce24361c7aed251ec256e6cb587c0c7d9c25f46c0a2afac6c7d1975978fcc79be89bd0de43f5aef2c1cb8e6be033c14e551e9c8b4a4a8239fb3717f161f12563bf884316d85bc36aa3500fb8554dfbe07274cf2212ad2fe2be2162d2bd77c7e6e14b43bb2380dc17fc93cac9aa46bbe778f1d9fdd0ef1307f2903a61ad457bfad7152b0b524ad65f63620bdb3526a5rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootapparmor-2.10.3-16.1.src.rpmapparmor-profilesconfig(apparmor-profiles)subdomain-profiles    /bin/shapparmor-abstractionsapparmor-parser(CAP_SYSLOG)config(apparmor-profiles)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)2.10.32.10.3-16.13.0.4-14.0-14.4.6-14.11.2YX׭@XX*XAXAXtX @Ww@W/@WDB@W@V @Ue@UU@UU~@U:0@U0U*^@UTgT!TܕTC@T6TT@T5ThTeT_W@TBV@T7@T2@T12T'@T @T TT@S@S/S@SES@S\S:@S5d@S*@SRRR۾@R@RR;R@Rt@RpRcR].@RH@R<8R6R2@R1RNR@R R QQQvwQZ@Q5@Q @PP@P@PaP\VP#@P`@Pw@O@O@O O@O O@O~O3@O'ON@NNN@N@NNNN@Ns:@NoENg\NRDN98@N7N7N"N|@NM@M2@M@M~@M~@MlMfH@Mc@M>@M>@M=iM=iM=iM<@M<@M9u@M5M,F@M,F@M*M%M@ME@L!L!L8L8L8L8L8L@L L+@L@L@Lwsuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decrrodriguez@opensuse.orgrguenther@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decbosdonnat@suse.comopensuse@cboltz.demeissner@suse.comopensuse@cboltz.dedimstar@opensuse.orgLed opensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dejfehlig@suse.comopensuse@cboltz.dedimstar@opensuse.orgjeffm@suse.comddiss@suse.comchris@computersalat.dechris@computersalat.delmuelle@suse.comlmuelle@suse.comopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.dedevelop7@develop7.infoopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deseife+obs@b1-systems.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dekkaempf@suse.comcoolo@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dejengelh@inai.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dewerner@suse.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.demszeredi@suse.czopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.demeissner@suse.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.dejfehlig@suse.comopensuse@cboltz.dejeffm@suse.dejeffm@suse.defcrozat@suse.comandrea.turrini@gmail.comjeffm@suse.decoolo@novell.comopensuse@cboltz.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.derhafer@suse.dejeffm@suse.debwiedemann@novell.comjeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.decoolo@novell.comjeffm@suse.dejeffm@suse.dejeffm@suse.derhafer@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.deczanik@balabit.hujeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.de- update to AppArmor 2.10.3 changes since grabbing the last upstream patch: - add permissions to the dovecot, traceroute, samba and postfix profiles and several abstractions (including lp#1650827 and boo#1057900) - some fixes in the aa-* tools - fix downgrading/converting of 'unix' rules to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_3 for upstream changelog - drop upstream patches: - aa-unconfined-fix-netstat-call-2.10r3380.diff - profile-updates-2.10r3381..3384.diff - upstream-changes-2.10-r3385..3390.diff - add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)- add upstream-changes-2.10-r3385..3390.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766) - fix a crash in aa-logprof on specific change_hat events - migration to apparmor.service turned out to accidently disable AppArmor. Add a workaround to fix this (boo#1017260 starting at #c7) Note: This will re-enable AppArmor if it was disabled by the last update. You'll need to "rcapparmor reload" to actually load the profiles, and then check aa-status for programs that need to be restarted to apply the profiles. - add var.mount dependeny to apparmor.service (boo#1016259#c34)- Recommend net-tools instead of net-tools-deprecated for 42.x (boo#1022963)- add profile-updates-2.10r3381..3384.diff with updates for abstractions/base, abstractions/apache2-common and dovecot profiles- package apparmor.service also in Leap where it was missing thanks to a wrong/outdated if statement (boo#1017260) Note: If you manually disabled AppArmor, this change will re-enable it.- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in logparser.py - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition) - add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)- only install apparmor.service for openSUSE > 13.2- Add a native systemd unit which *at the moment* only wraps/masks the early boot script.- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage - drop upstreamed dnsmasq-profile-fixes.patch - update expired GPG key- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes - refresh dnsmasq-profile-fixes.patch- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- fix bashism in post script- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don't warn about rules not supported by the kernel - fix logging of "audit capability" (lp#1378091) - add support for the "hat" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 - update apparmor-abstractions-no-multiline.diff - remove upstreamed apparmor-profiles-ntpd-pid-location.diff- add apparmor-abstractions-no-multiline.diff: change all multiline rules into one line. Needed for yast2-apparmor (bnc#900013)- add apparmor-profiles-ntpd-pid-location.diff to cover new ntpd pid location (bnc#899746)- update to AppArmor 2.8.97 (aka 2.9 beta3 aka r2721) - several bugfixes in python and C tools - rename "__unused" to "unused" in apparmor_parser to fix compilation on openSUSE <= 13.1 x86_64 (bnc#895495) - usr.lib.dovecot.auth profile: allow access to auth-token-secret.dat - various small profile improvements - update and add several testcases - drop upstreamed patch apparmor-profiles-dnsmasq-iface-mtu.patch - re-number remaining patches- split apparmor-profiles package into -profiles and -abstractions- update to AppArmor 2.8.96 (aka 2.9 beta2 aka r2652) - add unix abstract sockets, ptrace, and signal policy generation - several bugfixes in the python tools and elsewhere - move program-chunks/postfix-common to abstractions/ - drop upstreamed patches: - apparmor-profiles-clustered-samba.diff - perl-apparmor-fix-bare-network-keyword-handling.diff - perl-apparmor-handle-bare-capability-keyword.diff - perl-apparmor-properly-handle-bare-file-keyword.diff - re-enable installation of perl modules - move python modules to python3-apparmor package - create symlinks without aa- prefix only for tools existing in 2.8.x, but not for new tools added in 2.9 - make utils filelist explicit to ensure we have the right set of files without aa- prefix in sbindir - switch easyprof python module location to python3 - drop unused defines APPARMOR_DOC_DIR and JNI_SO - refresh patches: - apparmor-utils-string-split (file moved) - apparmor-profiles-dnsmasq-iface-mtu.patch - apparmor-2.5.1-edirectory-profile(prepared Thu Mar 20 23:35:03 UTC 2014 in home project) - update to AppArmor 2.8.95 (aka 2.9 beta1) - complete rewrite of the aa-* tools in python - new tools: aa-cleanprof, aa-mergeprof - extra profiles moved to /usr/share/apparmor/extra-profiles/ (bnc#713647) - and much more, but there's no upstream changelog yet - drop upstreamed patches and files: - usr.sbin.winbindd - usr.lib.dovecot.*, tunables-dovecot, apparmor-profiles-dovecot-bnc851984.diff - apparmor-init.py-gsoc.diff - apparmor-2.8.2-nm-dnsmasq-config.patch - add %bcond_with perl and disable the perl subpackage temporarily (the perl modules will be back in beta2) - drop the apparmorapplet-gnome, apparmor-dbus and profile-editor subpackages (they were disabled since a long time, and upstream no longer ships their code) and the apparmor-profile-editor.desktop and apparmor-profile-editor.png files - drop apparmor-utils-subdomain-compat patch (was only included for <= 12.1) - remove libimmunix Provides/Obsoletes (libimmunix was a compat wrapper and got finally dropped) - refresh apparmor-samba-include-permissions-for-shares.diff and apparmor-2.5.1-edirectory-profile- add apparmor-profiles-dnsmasq-iface-mtu.patch to allow dnsmasq read access to interface mtu in /proc/sys/net/ipv6/conf//mtu (bnc#892374)- usr.lib.dovecot.auth: add '/etc/dovecot/* r' to allow reading plaintext password files (bnc#874094)- Rename rpmlintrc to %{name}-rpmlintrc. Follow the packaging guidelines.- add perl-apparmor-fix-bare-network-keyword-handling.diff: perl-apparmor: Fix handling of network (or network all) (bnc#889650) - add perl-apparmor-handle-bare-capability-keyword.diff: perl-apparmor: Fix handling of capability keyword (bnc#889651) - add perl-apparmor-properly-handle-bare-file-keyword.diff: perl-apparmor: Properly handle bare file keyword (bnc#889652)- add apparmor-profiles-clustered-samba.diff to permit clustered Samba access to CTDB socket and databases (bnc#885317)- fix problems with dovecot and managesieve * usr.lib.dovecot.managesieve-login: network inet6 stream * usr.lib.dovecot.managesieve: +#include /usr/lib/dovecot/managesieve { [#]include + capability setgid, + capability setuid, + network inet stream, + network inet6 stream, + @{DOVECOT_MAILSTORE}/ rw, + @{DOVECOT_MAILSTORE}/** rwkl,- add #include to usr.lib.dovecot.auth- update usr.sbin.winbindd profile (bnc#870607) - restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/- update usr.sbin.winbindd profile (bnc#870607) - treat passdb.tdb.tmp as passdb.tdb - allow rw access to /var/tmp/- add Recommends: libnotify-tools to apparmor-utils (aa-notify -p needs notify-send)- update to AppArmor 2.8.3 (r2122) bugfix release - fix some cache clearing bugs in apparmor_parser - various fixes in mod_apparmor - several profile updates, most of them were already included as patches (except abstractions/winbind (bnc#863226), abstractions/fonts and abstractions/p11-kit) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details - update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch - remove upstream(ed) patches - apparmor-2.8.2-fix-ntpd-profile.diff - apparmor-abstractions-r2089-r2090.diff - apparmor-abstractions-ssl_certs.diff - apparmor-fix-url-in-manpages-r2093.diff - apparmor-no-perl-smartmatch-r2088.diff - apparmor-profiles-dnsmasq.diff - apparmor-profiles-ntpd-r2103.diff - apparmor-profiles-samba-create-dirs.diff - apparmor-profiles-samba4.diff - apparmor-unconfined-lang-r2094.diff - apparmor-utils-po-de-r2091.diff- use current ruby macros, the rb_sitearch is obsolete since at least 12.1- update apparmor-2.8.2-nm-dnsmasq-config.patch - allow access to pid file and supplemental config directory (by develop7) - update apparmor-profiles-dovecot-bnc851984.diff: - do not add access to @{DOVECOT_MAILSTORE} - not required by the main binary - add abstractions/mysql - allow execution of some more /usr/lib/dovecot/* binaries - better restrict access to /var/spool/postfix/private/ - update usr.lib.dovecot.auth to allow to read mysql config files - update usr.lib.dovecot.dict and usr.lib.dovecot.lmtp: add abstractions/nameservice instead of allowing more and more files- add Recommends: net-tools to apparmor-utils (needed by aa-unconfined) - update usr.lib.dovecot.lmtp (add /proc/*/mounts, /tmp/dovecot.lmtp.*, /{var/,}run/dovecot/mounts, deny capability block_suspend)- add apparmor-2.8.2-nm-dnsmasq-config.patch - allow dnsmasq read config created by recent NetworkManager (see http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d82669d3fdaa7ec70ef1b64941c101ac810c394b for update details)- add apparmor-profiles-samba-create-dirs.diff to allow samba to mkdir /var/run/samba and /var/cache/samba (bnc#856651) - add abstractions/samba to usr.sbin.winbindd profile - add capabilities ipc_lock and setuid to usr.sbin.winbindd profile (bnc#851131) - update dovecot profiles to support dovecot 2.x, and add profiles for the parts of dovecot that were not covered yet (bnc#851984) NOTE: Please adjust /etc/apparmor.d/tunables/dovecot to your needs. (apparmor-profiles-dovecot-bnc851984.diff, usr.lib.dovecot.*) - %restart_on_update (in parser %postun) is "translated" to stop/start by the systemd wrapper, which removes AppArmor protection from running processes. Fixed by using a custom script instead (bnc#853019) NOTE: The %postun from the previously installed apparmor-parser package will remove AppArmor protection from running processes a last time. Run aa-status to get a list of processes you need to restart, or reboot your computer. - reload profiles in %post of the apparmor-profiles package- add apparmor-abstractions-ssl_certs.diff to allow access to certificates in /var/lib/ca-certificates/ (bnc#852018)- add apparmor-profiles-ntpd-r2103.diff with updated driftfile location for ntpd (bnc#850374)- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x and kerberos (bnc#846586#c12 and #c15)- add apparmor-profiles-dnsmasq.diff - add missing permissions for libvirt-generated files to dnsmasq profile (bnc#848215)- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x (bnc#846054#c5)- add apparmor-profiles-samba4.diff - various profile additions for samba 4.x (bnc#845867, bnc#846054) - update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054)- update apparmor-init.py-gsoc.diff to the final GSoC apparmor/__init__.py- add apparmor-fix-url-in-manpages-r2093.diff: fix URL in manpages - add apparmor-unconfined-lang-r2094.diff: fix aa-unconfined to work in all languages- fix ntp by allowing read access to openssl.cnf- add apparmor-utils-po-de-r2091.diff: fix some (mis)translations- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch) - p11-kit needs access to /usr/share/p11-kit/modules - allow reading /etc/machine-id in the dbus-session abstraction - add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for the new tools developed in GSoC- add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental in perl 5.18 again - use grep instead (upstream 2.8 branch r2088) - fix ruby requires- update to AppArmor 2.8.2 - several fixes for python3 compability - various profile improvements: - various additions to abstractions/fonts - move poppler's cMaps from gnome to fonts; gnome includes fonts - deny @{HOME}/.gnome2/keyrings/** to abstractions/private-files-strict - add read access to @{PROC}/sys/vm/overcommit_memory to abstractions/base (bnc#824577) - update pulseaudio directory and cookie file paths - add missing permissions to the nscd profile (bnc#807104) - deny capability block_suspend to nscd (bnc#807104) - MariaDB compatability in abstractions/mysql (bnc#798183) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_2 for all details - removed upstream(ed) patches - apparmor-abstractions-mysql-path.diff - apparmor-profiles-nscd.diff - apparmor-python3-r2052.diff- swig for python3 is broken on openSUSE 12.2 - build python-apparmor (for python2) instead on 12.2- add python3-apparmor subpackage (currently py2 OR py3 package can be build, but not both at the same time) - add upstream apparmor-python3-r2052.diff to fix various python3 issues- Ruby 2.0 mkmf gets the path to ruby.h wrong (bnc#822277)- do not package directories as %config - especially not as noreplace- enable python and ruby subpackages (using %bcond_without) - update/fix paths in %files for python and ruby subpackages- add Requires: insserv to parser package (needed by initscript)- nscd profile: add missing permissions and deny capability block_suspend (bnc#807104, apparmor-profiles-nscd.diff)- Add missing files to SRPM (bnc#777471)- update abstractions/mysql with correct paths and add MariaDB paths (bnc#798183)- update to AppArmor 2.8.1 (=2.8 branch r2069) Bugfix release, http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_1 Most important changes are: - add various missing parts to profiles and abstractions - fix a possible x conflict with hats or child profiles in apparmor_parser - fix and speedup stdin handling in aa-decode - various other bugfixes - add pkgconfig support to libapparmor - remove upstream(ed) patches- verify tarball with gpg-offline- fix directory flags for /etc/apparmor.d to be in sync between - parser and -profiles subpackage- remove %stop_on_removal for no longer existing aaeventd (bnc#781564) - don't hide TeX output when building the parser and techdoc- clear and update inconsistent profile cache (bnc#774529)- abstractions/bash: update /bin/ls to also match /usr/bin/ls (usrMerge)- Add required fonts for new TeXLive 2012- update /bin/ping profile to also match /usr/bin/ping (usrMerge)- update to AppArmor 2.8.0 (= r2047) - new utility aa-easyprof - templated profile generation tool (the resulting profile may be less strict than profiles generated with genprof/logprof) - various small bugfixes - removed upstreamed patches- add apparmor-techdoc.patch to remove traces of the build time in PDF files- update to AppArmor 2.8 beta5 (= 2.7.103 / r2031) - new utility aa-exec to confine a program with the specified AppArmor profile - add support for mount rules - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8 for full upstream changelog - removed upstreamed and backported patches - remove outdated autobuild and "disable repo" patches that were disabled since the AppArmor 2.7 package - create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1 (bnc#720617 #c7)- replace patch for dnsmasq profile with upstream patch (bnc#738905)- add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't create network rules because of changed log format (bnc#755923, lp#800826) - add profile for samba winbindd (bnc#748499)- fix dnsmasq profile (bnc#738905)- add 0001-fix-for-lp929531.patch to allow reading /sys/devices/system/cpu/online in abstractions/base (lp#929531)- Update to AppArmor 2.7.2 (= 2.7 branch / r1894) - move various permissions from httpd2-prefork profile to abstractions/apache2-common. Backward-incompatible change: *.htaccess files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5) - allow various .conf files for dovecot (lp#458922) - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files and abstractions/private-files-strict (lp#911847) - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files to use ~/.kde4, not only ~/.kde (bnc#741592) - block write access to ~/.kde{,4}/env in abstractions/private-files (lp#914190) - allow write access for personal dictionary etc. in abstractions/aspell (lp#917859) - when using genprof for a script, include read access to the script itsself - automatically include abstractions/python or abstractions/ruby for python/ruby scripts - add profile for smbldap-useradd and allow smbd to call it (bnc#738041) - allow creation of the .config directory in abstractions/enchant (lp#914184) - allow TFTP read-only access in dnsmasq profile (lp#905412) - allow capability dac_read_search for syslog-ng (bnc#731876) - add p11-kit abstraction and include it in abstractions/authentification (lp#912754, lp#912752) - add audacity to abstractions/ubuntu-media-players (lp#899963) - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831, lp#890894, lp#890894, lp#884748) - fix typo for multiarch gconf-modules in abstractions/base (lp#904548) - allow avahi to do dbus introspection (lp#769148) - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992) - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062) - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in abstractions/cups-client (lp#887992) - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in abstractions/python (lp#860856) - various updates to the sshd profile (lp#817956) - (and some more changes I already included in the apparmor-2.7-branch.diff)- Update to AppArmor 2.7.0 (= r1858) - make traceroute6 work (bnc#733312) - allow access to pyconfig.h in abstractions/python (lp#840734) - fix logprof/genprof for hex-encoded program filenames (= filenames containing space etc.) - add apparmor-2.7-branch.diff with some upstreamed fixes: - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041) - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file - fix syntax error in abstractons/python- changed a $ -> % (typo)- package subdomain.conf only in -parser, not in -utils package - package libapparmor.so and libimmunix.so only in libapparmor-devel, not in libapparmor1 - make Provides for perl-libapparmor versioned to avoid self-Obsoletes - move libapparmor.a and libimmunix.a from libapparmor1 to libapparmor-devel package- update to AppArmor 2.7.0 rc2 Most of the changes since rc1 were already included as patches. Additional changes: - fix logprof/genprof to recognize "mknod" in audit.log - fix libapparmor python bindings to compile with python 3 - fix wrong status message in initscript if apparmor-utils are not installed - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS - fix some warnings in utils/Makefile - remove 4 upstreamed patches - remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now - update line numbers in 2 patches- make abstractions/winbind working on 64bit systems - allow loading the libraries for samba "vfs objects" also on 32bit systems (bnc#725967)- allow loading the libraries for samba "vfs objects" (bnc#725967)- include autogenerated profile sniplet for samba shares (bnc#688040) - more helpful error message for "aa-notify -p" if the user is not in the configured group- update to AppArmor 2.7.0 rc1 - aa-notify: add --display option and warn if $DISPLAY is not set (important for usage with sudo on openSUSE) - fix syntax error on "rcapparmor stop" - allow read access to /proc/*/mounts in the dovecot profile- add patch with upstream changes since 2.7.0 beta2 release - add example parser.conf - print warning if profile cache directory doesn't exist - remove initscript for no longer existing aa-eventd (bnc#720617) - set correct $HOME in aa-notify - enable caching of profiles (= massive speedup) (bnc#689458) - add comments for patches in .spec and comments in some patches - run spec-cleaner- add libtool as buildrequire to make the spec file more reliable- update to AppArmor 2.7.0 beta2 - includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182, bnc#691072, bnc#705319, bnc#713728 - add some missing perl module Requires to perl-apparmor- update to AppArmor 2.7.0 beta1, for details see http://wiki.apparmor.net/index.php/ReleaseNotes_2_7 - removed lots of patches I pushed upstream - disabled apparmor-2.5.1-unified-build (patch to use automake, does not apply to 2.7 and probably won't be accepted upstream) - disabled build of tomcat_apparmor (doesn't build, deprecated upstream) - run spec-cleaner - remove *.la files - move usr.sbin.nscd profile back to apparmor-profiles package- Update patch apparmor-profiles-usr.sbin.dnsmasq to include /var/lib/libvirt/dnsmasq/*.leases (bnc#694197).- install SubDomain.pm compat module (bnc#713408)- Update to 2.6.1. - One patch eliminated - Lots of minor fixes - Split out more common abstractions - Add check_for_apparmor() helper.- dhcpd: Fix apparmor profile (bnc#692428)- Add apparmor-securityfs-systemd.patch: do not mount securityfs when running under systemd, just access the directory, systemd will automount it (bnc#704460).- Fixed typos in descriptions and summaries of apparmor.spec- Fixed building of pam_apparmor to properly link libpam (bnc#696553). - Fixed building of apache2-mod_apparmor to properly link (bnc#701821).- move the requires and prerequires to the right package- make the -doc and -profiles subpackages noarch (again)- Added alias from Immunix::SubDomain to Immunix:AppArmor to allow older users of perl-apparmor to work properly.- Properly re-created links to old utility names.- Added /etc/ethers and /var/run/dnsmasq-forwarders to usr.sbin.dnsmasq (bnc#678749)- Update to 2.6.0 - 19 patches eliminated - Lots of minor fixes. - Split out more common abstractions - Added more local includes- Additional libvirt related fixes in usr.sbin.dnsmasq (bnc#675867)- Added 'network packet raw' to dhclient profile.- Add Requires for used perl packages (bnc#670650).- Updated dhclient profile and added dhclient-script profile (bnc#561152).- Added ability to completely disable repositories.- Properly indent sub-profiles after genprof completion (bnc#480795).- Inherit flags in sub-profiles when generating profiles (bnc#496204).- Stop treating profiles shipped with the package as config files. - /etc/apparmor.d will still be treated specially. - Add support for parsing network operation events (bnc#665483)- Fix for sbin.klogd profile using kernel versions >= 2.6.38-rc1.- Update to apparmor-2.5 r1445. - Includes 3 of the fixes below. - Several testsuite fixes. - Update for Thunderbird profile.- Add support for libvirt in usr.sbin.dnsmasq (bnc#666090)- fix rm call for nscd profile to avoid file conflict- profiles: Add openssl abstraction (bnc#623886).- Added support for sys_nice to ntpd profile (bnc#657054).- apparmor-utils: Support newer auditd formatted messages. - Fix two x transition conflict bugs. (bnc#662928)- Splitted ldap related things from nameservice into separate profile and added some missing paths (bnc#662761)- Fixed pod2man macros with older versions of GNU make- Fixed building of perl and ruby SWIG modules. The former is required for apparmor-utils to work properly.- Fixed use-after-free issue in apparmor_parser.- Added fixes for logprof issuing uninitialized variable errors while encountering audit messages for unconfined processes.- Updated cupsd profile (bnc#539401)- Fix {proc} vs {PROC} macro usage in firefox profile (bnc#436262)- Added support for eDirectory nameservice (bnc#621394)- Fixed incorrect /proc/*/sys usage in usr.sbin.ntpd profile (bnc#634801)- Added fix for another case of whitespace affecting profile removal (bnc#510740)- Added support for unified build, which massively simplified the packaging.- Fix for syslog-ng profile to allow upgrade to v3.2 - add mysql support to syslog-ng profile- Added support for enabling/disabling the module automatically during installation/removal (bnc#623246)- Converted archive to tar.bz2.- Updated to 2.5.1-final. - Lots of testcase updates.- Initial packaging of AppArmor 2.5 - Now contained in a single archive so built from a single spec file/bin/shsubdomain-profilescloud130 1509990443  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~2.10.3-16.12.10.3-16.12.10.32.10.3apache2.dphpsysinfobin.pingREADMEbin.pingsbin.klogdsbin.syslog-ngsbin.syslogdusr.bin.lessopen.shusr.lib.apache2.mpm-prefork.apache2usr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.ssl-paramsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbd-sharesusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddsbin.klogdsbin.syslog-ngsbin.syslogdusr.bin.lessopen.shusr.lib.apache2.mpm-prefork.apache2usr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.ssl-paramsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddextra-profilesREADMEbin.netstatetc.cron.daily.logrotateetc.cron.daily.slocate.cronetc.cron.daily.tmpwatchsbin.dhclientsbin.dhclient-scriptsbin.dhcpcdsbin.portmapsbin.resmgrdsbin.rpc.lockdsbin.rpc.statdusr.NX.bin.nxclientusr.bin.acroreadusr.bin.aproposusr.bin.evolution-2.10usr.bin.famusr.bin.freshclamusr.bin.gaimusr.bin.manusr.bin.mlmmj-bounceusr.bin.mlmmj-maintdusr.bin.mlmmj-make-ml.shusr.bin.mlmmj-processusr.bin.mlmmj-receiveusr.bin.mlmmj-recieveusr.bin.mlmmj-sendusr.bin.mlmmj-subusr.bin.mlmmj-unsubusr.bin.operausr.bin.passwdusr.bin.procmailusr.bin.skypeusr.bin.spamcusr.bin.svnserveusr.bin.wiresharkusr.bin.xfsusr.lib.GConf.2.gconfd-2usr.lib.RealPlayer10.realplayusr.lib.bonobo.bonobo-activation-serverusr.lib.evolution-data-server.evolution-data-server-1.10usr.lib.firefox.firefoxusr.lib.firefox.firefox.shusr.lib.firefox.mozilla-xremote-clientusr.lib.man-db.manusr.lib.postfix.anvilusr.lib.postfix.bounceusr.lib.postfix.cleanupusr.lib.postfix.discardusr.lib.postfix.errorusr.lib.postfix.flushusr.lib.postfix.lmtpusr.lib.postfix.localusr.lib.postfix.masterusr.lib.postfix.nqmgrusr.lib.postfix.oqmgrusr.lib.postfix.pickupusr.lib.postfix.pipeusr.lib.postfix.proxymapusr.lib.postfix.qmgrusr.lib.postfix.qmqpdusr.lib.postfix.scacheusr.lib.postfix.showqusr.lib.postfix.smtpusr.lib.postfix.smtpdusr.lib.postfix.spawnusr.lib.postfix.tlsmgrusr.lib.postfix.trivial-rewriteusr.lib.postfix.verifyusr.lib.postfix.virtualusr.lib64.GConf.2.gconfd-2usr.sbin.cupsdusr.sbin.dhcpdusr.sbin.httpd2-preforkusr.sbin.imapdusr.sbin.in.fingerdusr.sbin.in.ftpdusr.sbin.in.ntalkdusr.sbin.ipop2dusr.sbin.ipop3dusr.sbin.lighttpdusr.sbin.mysqldusr.sbin.nmbdusr.sbin.oidentdusr.sbin.popperusr.sbin.postaliasusr.sbin.postdropusr.sbin.postmapusr.sbin.postqueueusr.sbin.sendmailusr.sbin.sendmail.postfixusr.sbin.sendmail.sendmailusr.sbin.smbdusr.sbin.spamdusr.sbin.squidusr.sbin.sshdusr.sbin.useraddusr.sbin.userdelusr.sbin.vsftpdusr.sbin.xinetd/etc/apparmor.d//etc/apparmor.d/apache2.d//etc/apparmor.d/local//usr/share/apparmor//usr/share/apparmor/extra-profiles/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Maintenance:7460/openSUSE_Leap_42.3_Update/3e087941a333f37f7bf440561855fb7c-apparmor.openSUSE_Leap_42.3_Updatecpiolzma5i586-suse-linuxdirectoryASCII textC source, ASCII textC source, UTF-8 Unicode text_|*DDG߬&p? ] crt:bLL'RfĕO62iC&>Up*_-ԩ7vhxE@&L@1t.솇{[1W>"%s%`EK8z }qGN4bz|B}Q4P#}6&HV1 Ͽ;T}w󺆟]"!)3/_8T 1$.fl-l~a7'_1j76KTv-"{t!z28ir_R})"4"+zԅDC[a0DgQ OvU1ӅxSY C"٣Tۤ#6ΥAɾD Ա%@G6iX9,n1Q&E5v켱64Wq KLw45HJjm+ؓ\Di݋cA6G[<ʗl4o`2 XEt>Tmc< >n׃))@k$,nUυ_Wr_egn4u@pgwY}`cd %*^WP1d1[,S@I+ }H~Ze,sA %usԙ}٧=(gVE2'/%nZsB݄/DJ 4(3K~? N򽒳짗!O Lƨ GGFsv IҎC"Z0Q& UoIxQW=X]7Rn9yAeeL3BZҒ=0LfE䋟bUN9me'mU%a:D<-#VJ[Dw, `ߧ[`҉zv|o8vCXhT4mu`'ְ3nUl;xͩO&3˝a,cZF854=r ڜqSu$Fu7 FZe!2U(^x,` cu`CN^C@KuS]0Xu GSe@FCVLs9<IS dLPEʳ<(1ls Z f%"~/Q^dk$V9LZ|*4wN 6%V!n2?A>@o{by(Ge: \+&J+h 9+~#["VWWQ7CFˇ%!BW>w\ *"p3A K"0e?=_8%¸)]ػ [ rgidB? :9=ޞh [?! ?4VC4ZiĈ"8)ix_K *C{ 3ML5̩9C&aՈl}&#FEIC4BɔwB?KRA"+NNt] n*qF>H¡n*n9_ #+SRHB݈q"@.q / f^ [0~wֆcn 4r@V[{,XʟN &?݀o.ilZ^O^!b"4dIu52AKdL/j@7bgiܙpfɛ w\5VJaӕoq.| QB1wD+Hl%x#5&[XcXHO?k__Au-p۷*7AFa1*VU/R6x(0wL XRx[4õNd6f3>Uw5WY7( Nge8i`L{eOrz=N X7廮` g8&IbNr_ ZKdӸ }0EՕgnA܄hV< `ϹԚϠA9p"%#qTDB5ڐgZFֹjq2)Ś1V[yU }>C4*2Btߪ$_ACl[!2 (>@k9t!s %2GJn֔On`IP5f-̓sb1ڧwń1G7)Fgy1` h'ͫq&>ߧ3] 07/y]tzS$kZ4{Us ʴ}+(Jdz].DR|dBxN`;`{ t7ozZ9v=FN KJWtwRB yц t'-!$ /Cx%tFL:$K RWl}"HX3m,5RHыA>FrJZ30 %g.v[WґlNBxe'IC_d޸yiOU?/ Xlq͸{r5p5ȭ#2JjƬr/w _}`v pSpc9_7!")Hp'FCŻu)H7JOvV<̽5O_t1 4 /ats:x2a-*bUkW_tÈOt}53TDh wƬF ŽQR.U1F܄A ~&PGh+SNOS]vyy˱9T1h+szA{g]](^JWZD}jbgDP2 :g T;y17M+%z j]SgvhtHH=Ru:!C<lL,:&fdv|&nM4 rc$fz!d\ck jОD(!s/PInZ;:p-VjstG\p`9CF1ĜX[EzzU~2}y[d`xs6\szhQ϶T$h&K,QmB*a~l2>cڕcK% cr`Ğ6pum{-!d(-f(W >:uD`AR1(C|ը,U2؁zR3W_&\07e2y<;0?J4n7sl7,2.6)lz k?K;Z}Cɿ,+t(I|]MVP*y{TFh*;Ւ#1>;VXeqiW4cYC &-#W մ<'kF3ȝJÈE?jo)uc"5 )%X;sv;ȚFޫQPh"& ka XgwuqF,503Ƭ54u Uky+V#yv/ѹ+ϒcew|Eu4h@g_YdAY_2_;% }Tc/xjV+~(;#{g,c:~]X7XK+:K}A=&r}Э 2r6k?J|Yb!(b%Q1߭h*_a;& ,:X 4A??O&DIPd K% Rȳkhv0{_8Ѕ F)yQ}TM+ |J/VG?푿 /ZzGmug䋙Pky:Sz;h{=oVj; 6^Lk'eތ0+U;]Y2^~h+\1TJqA\Ovaj##Yx7/sY s6 O!pLFˮnj)h 7&ld&Uk1viì0J}>,d}{6VQ[;R^"j p}kK4c˯y[%^]g(_RY-#b#v LћuֲJl_8^}ҝ`0@V3euŴꜴ$ (d߲s}IG0Aqܕ6i1ﭏRwqJv# 0o9&S}ė>H fx|>`Æz3FcQQ[q"< 3s痍J:m l]y1Eq5Ss Nk0` *Dp1&2~t])^a<3X'漌84MGSύοYnOD64{# k/;1V@'qFbsA3mjo@>7' ]2*n|°"t.Ҵ#<8M,r5!6z+kkg>@(\cV<<Eŋ Hpg.^!!&u`ts#2Xbg` +SehLB:%8X쐕Џ<:B-NB؎kj.`^FSԩMh=oZ ӱ$9>خ]F\%p;|`?Π3C1z*k5l\S fP2Bw*W-ҧ8/>[9$' 7,lq ̛1t|[ *NSYG=b 4iyLEG$ 65֞ix\Gr҂.>+Z ("ZWTHm_4%ݜVS_\H!;K%Vuc~izT%kQP5zߎSby|N_tN7>M+/BW!@3RyvwEjh E T%F]3DLNE , YPӈq#K%!6УïiQCc@a9lGLQ4W9?- /6eGfq0}FN%i Mj"N@IEd %/5h``V_(l?q`* ?]Ҍ3۳EXOz ]`}dt/}HO5e*ƴ54+Pd؁2N5~v0 ]Juq<߹ukVH'fd *fBBlLWqx.L9bM5+BKBe+bHr&PH̛~~ec3ȰI~_ZX݊R G2>[ ?.ݵѢq/pŊ]MPg Cp;co,6,^,|k$iLuI[怷-nS0=OA(gܑ nƞc}=k Ood#!ݷ)IA9U"扑~(~oTCS񁡨߿ \71#bYLyVe= d&%?{9 u w }Ow@RqIT1 WQ#uT|#oD寓½b 5n+"S:"/h?Qۈ|G\XemVж;+DBX1#ᆹ+McAol@Z!ܐ`ðk3{Hg< װERzGWRU~gv+TOĀemYD"'6kNb/AI@(Dz,DŽGlz EIl07 zH@Hלip=ưql9 tH%22*:xA~\gƒ`t^HVϚ5{^x (eg1ke{89\Wh +8r0":F(%R5[vfLl A! x^~mBò3ٞo@uP@˩|FM/mt;S7 ܌/6;?P:Q{;Sd 'qrX !n{A@٫L-ChtΈ%ui qOPHV_{IQX! KfG }сV4k=Z|n}%& #\USE3!z(v%25+K|g:J2=6 0>rJN1m\ᎢKK2i&{|F'x|`"NUŠTn, 13S%TV[`Wn@DŮsI#] MͿv'f@;C#Z4XJKP磑\t;[uNz;^u w{7;5֑eЭ(O5*(.$ nl8`r.KsNlPƺ# z[4`vAUJR8Md U`nQ&9@ 1磁 7U ҽ p*N4ū7k 8yKàNly‹ѓ5D16oձaʉƞy7m "w1"ݔVw,=XiO)'sQ. D_Lkᔊs9%b\dBMVC'zvY`uhJH>|ZsiX:DQ#)8*:߫:aa=2-Y!~2(ci2-+HL*ԡ-Eί_,KH%R lYkig]t._s"E2"ĂONT+<<=%eq6N1Qȕ9&^ٱp寷YEz- quHm,J-?X>}iɠHy+נ+tw4ZjCC0IV8@Ngaϊ,$b k)3Na@ӥT]Û Kt̀Y$bpcr]/{4%Xz3;]ܖMKzɕaS'Us<;U;y*<K7·A !W41L_E;0n6_pxosa[B/~(lY|Tmi!|>ֶS]@9ik-q"+#9t_8m{6Gƿ;K,Vº,wV2&ARsux!7ɲvܤ4[M c ,鋢*o>NR\$Ky#pZ8?eQoK,N?[ m%`NO%I*ãEaD / 9'ಎ75e m: wL,W,0riFNH5WOYsZD @Ad*f%"i~^&&uC94.6BEqMԸMBrKDC"ǻ5so1=|NaK cC`+ehݳz9F (q{e򇚝{%KϨLn07]_0YŖEu>ު|]ә- g$$V?]sНݭ-(53TI;b<^5hip2mqRWt )A,o)K*``2If\(:rl[W9`UϒY8zBBh9X[T}?xnЯti`J?"#}rr q<64Pܶ7e߲}ۧj:/W_t] =6gGccr2搳^L.z[*)v~iYqZugtWGɝqRU6D/?JQWu׭qMz褘 -EOV~ eC%]<=ݗJ`bg){!c[ X]W-͆?;֏_»zmnke؅Z mowTf{ /(/ UoF z0=7m | Dh*b8ߋц|0ψ"k/_iմSwQ~M=yj1A$oqrXot+Ȫ.#dVO m酪s=Y#G_`SHRDn7"2HL`iG8!zrf^c9StV%Myoh3zvNjG< er,Wcjl}8L4/T*aG` .͉UqӚ/3φYfٱ숼)|>m$v$dN)?*H GK}PtYla>ͤT9_/GBRlF06%od60 'Tm3rb`훺l@r}`Aa2^Re0)yh`4 %CއTP2,LZx֭);+B@f;f}u LuxPN5s~]kf|~Q?Q^/=ԅR4_Oi{Rul4O}ݎcc*u|? &L-(:ct ֎w)31NGK ykۢ8< ? zq$ lPg+:ܻQZ#n8R!|u%FqР*5\Eqe8|@\~rò>!gLf΍TO㲊2:bK@`Tx4 L+˥9Sqߝz)h(]m b{W͖#zMt yGI嵃#3^WU?^~NٺE}ձ6mstLLMޔy'~R{rt?ŸC*%P5zQ H6I.!0*rOL0F)tA7qD^vbua<*s$~e-oT1%k7 v?ΠJf2& hĞJD!yڲM*9.ý-R4V#ܐyYd4g:T!d+3iB~"k=m0}KK) DYjiCa}_t^="L |}}_ 3wԡ?Zf?!~P WLjM#b|ѿǞ}72>?\\4`zdg9)GZo5! w6k[EA2ON:3 n,,yM_]ksNOݚ5ƀѩZo7{kAD_iD "=DÚja^@eչEiϖxݖc'f O<Ͽkn<pO+dE{7Aue"JrW5q+ Dt0y1 `͢v<"dz 5O&Rqfz Z{Izgeorek2^#BRNx3L<\|t BqE_0,@U g7Քע7 QF s>٦V4G/j |.zuHW7C#pbU KT6Q[$ V5XȿTvF?Gfq1xUQ I掓X=#TxyBN0׍V*~ z@%vKQ4(~L83\Y4x)SA٫樑+KG_$6yc8A*6I!r ԃ47h> 8CifJQG֨1rZAyd!&e<۳Ѕdˢ%آw~W'Єk1uT %وjA14 **I[Lt^Z{ QZe^o+5n9~Vh}HrW*l$63cGfWPѬbs7 J;JM:kSa1jT7Ȇ-wm}$bm#Znܳzqa&Sr1Ete Ef)ʚ3LT{ۤ<*lwATfjDQ0C\O S쏷\UʹucҫkLq*&n\PuyHͫGb6T\ǀdB$Z!EhJf^k=iA =x MpɰofHIp# .vޘյj^N7OX<31:#c3sUԴV}#< .1y ܀Pr)"BHo+0tG έM] *""YtJ'[%} ()S?qCW$&KU^?O9l‰oAt#lŋ^s PlBn?%pEGR;uiz1ʌ.lnbIr{3z0%CFDzo&? EtwJ>*ΈFt󫈋[ݢj gYTһţ{+"?$cJ IrA ]0,Z'1stv`%D ^x E:CͱrVN9-̩}t%0=pN*s*M:JpRF7ga 2ęE>lVw gɨKG"07ey4\S7t <%B]BiD e쯲65ӅS@L!&Tņ+k3l+`TǶ#ktVzs 1k"y zjmb}F[1Is?#M 28`wcGJ/"'2u:C3UC)B( 9R^ęsUjeN{F ]%7x݊mcU9a6dt~]M >!be_189@ov?[Jk8Y<{sxi;T״Z$o@F7' ВBXYJ/A^YF ŒbWDbtBlPmޔ^ǯE}Џyu! Kip5nSnIhvX\2y2qYt !BKsPV8 S"$:qyAѷrr&kYRO^HI#Cwҹe ;뽁bA3(-pwNt[Yxvz&Y^Zۭ!G՘ЌJ8<(|(|} /[Uj?sg@Kx.)pLd3eB6/SVi!^ E0Q3@;ٍT`(<Z+è:8[a)ys(=olk{=_%+YӺr\Tpi1Pjbp |]nL#žY-Ϲ( 2rZ]Vӳg58YόGڱkDf0fYJgK P@~NLVZ-GspE~syĩ{fo 2KHU:ҘH#35w׍z;P-#]oOǀş޶KB㖨C\x` |X`:3,l<:|Oq{t_\?a0Jx] +) 4R$-]@'CZ)rdBo*r _]n)P$aިZ&B$4,FHdpAJ 35V<[Z2Չ ү8`hBw;"Ruv~ޡ:PqHhΐ0GtJ)]3,$( G},xֿy7^7'zrTV.uxsfܤ- @fA{N Zg`1*J%J!=WM; j=s'#PK;&m]2zу!xfӘߎy |# 6OOkRP,+1H@P쒄G43~f?2ݭP_ZPQD"9`3W[=+e7sO [5fH֎ҙVb7 +lϘ?44fϱtOCڙOZ(ejPοBtD4ns̓_v!&O{|D:=TTW<Neg "u73lU0%A&0e8S,Tq%r )x9:$BcRڒG+E COds7uojtk~:OIZJTϵUoE}vP& P\nuӆM0Y}柃4j}d7FҮv|Zx|ɳS@l" 5A%hrMw(˥ 6`'QI+kΘnIEH~vڡCbT0\09 ޻DRͤ,L*; d`}6w+y-[N  IG)r+Z]yDD66Gh$ 4+{`pBαu 1߽9}s ewf]clu5͐*~e&[5ރfYI0\>pDmtI1*{$seEé'4'#} "8A@T=<v\_$lspߜ;nBO偳к𓊹}X/=#`È)eo;y(t9fR\w7@EemV+93'`rLZwR]pv:a>@Q=4l f4fh? 2r:Kh9{4oєLo91i7]SPntJ.=u/9j8=S+2e.;Mn5Zf%&;RLxwRNZ1JUaM] _) ,? xҭ*/q7< tL٩uw-GpVd ۃtbwW޲]\>7qgGH]`@-)Ee}PhH, sPܴҋ1EaθMm2s6zRU?M!&XlJMH} "0rC ز,a>Z$pA\GB.aHJjFTIѝ;SQ6RBp^s)|g;@|gVhŴa0_Gү)%$pIBPU6^94*[\Iez5r혬WQk^l~tNd3[t9-27u̸oa? VdhAhp2\hd--KKU$bfVH? 3~Gs3ke鰾&H m)&ņ˭9ʋ~FA;7=(Pv|Yr ^w##C  g.DP-Njy>'OQT.-U&VKZGt = adqq|gxpU{X-ue +2]+s@5wir NWHM^d > dI/8S,k^2Aӕ=)a%mW}+pJ$S }@2A%:&<+WR,S.!qO:g*y" Z* ;y5iz@hzbU)S(_PM2bNۖ]ڨj Q >m2Ό0Ea[! 1VV67x@vM0Enphkoe5 ) {NcB2=Հ0Bt=bdb윩_}<~Wr>&Jx@o Cwڇ6c-mlhhk7c^$E8OuRarU U|+ j\'+"bVWl8&62yN] %N[X?ut~L{1xouE#sy _I0~BN$*C/jNzJGCX&*QdH@ 3Q1os>5ƚ# ЄjeЩ&%@na_n֊Owq4^΢,fa%0l[zpds?( C,|HN13E1CYv넙7K>[O;Um+C5g%Dg`ۼQsr؅Ĵ1C{4cmhP5G_o sr0˗ps6)Ȼg'\Bh-C8+r!:MitC4,*Fݱ~¿ 'Ip% "ћr'NkUj8w-Ig &n 3+PTO/qZmċյ]sX{Ҩ$ fLhv?k}y!n.ϳGxy_321-&vJo~hauRrxj~ fwVX KC~gmjqw 7DŽ1(m zՁtgjowHO"Y:4G_"ⴑF_T0^vy6< ]='<炙gPZvR0/Lrj@$Cv`[85⊻8-D0/9/0.1 dOvﵪGcR)jVUH}~2Keh>8BG/_ B)4@:3ފL`X:I#2mI?깿KXe5. @p^Z8L#~]88TpW}4$UtʛYQcsfO;;G(f%B;8x eD4d;VnՌL` &hdz̄&((A><^G=y1:p%bcIm7@n:2vUm|U.7eQTZ*temпBt5aC9 HQ"Sʔ|ᑁWe^mݥ[Oy ~I6F OްT%$0‚&+׸U,R5R.G4җ3)2XǮ.)VTזve,bnw/=܉kzpH.OM6 ~K2CM\ 2mܰ)}z-m@K};mO8HIe:W<5n3W{Z 4}x8̡^U_k/9|zkdw ,ڿ0/"WU19q$_$ @v8$J_Ωw#HvLL#, }xI5ǀHX?8h.W=?b,gRجdcM!ћ/8z OQ3ܩ.6?YF9 Xe[[5-ӵtM Z>ƠtIwiH&-`XdY>xw#ҔO'n&w2֖ (=jD8ˀIV݄:DNlwd_~p %T#u(>L۔]ۓ,?AF&tFkd9|=?UVOa&>8gI1v#qD̋U}Y~ysD3\(Cx3〷2uz4KYƘћY<ǍHno)V'U~26"9:8ip59ef!ƅ %53Ơ;:.DŽaVLmBf8Lwvhµ 1^2uXw<16rYݍrFUȋr/U s~,Ql/qH qZP0 ڜBa:-RVG$eCL-C'5+|mFr7$^(s?9١-vxWW %-6V}֣̋k bGEyPTnQ.ˌ(avp*p !ZZ8NqQޒkXF +$HIGgmC"P䘅D_sxJ o?Ђf02P H;9֦K:{+w*5K%M )n\v\ L#:p0%ekiUjTb$X(Jt;9N:LRXļ@ƎHBз1Sy:c SM/|.p\Q;=}m_MB1B\D PvOU(=C^T1cV@ Pc%cˇ^a[d8$d^ #QD#40Rq*rAaGkƺm9 WqA)&zZ:ayqN6%DS(neB(Z>:I<&]3-3uZ{,Ӻ_[4Adh`i?͂Ȑ1\).ɟRy 3FfSAxmmxX]^,]Jtj}r&mo] F3w֩L, f1A04tXxR@JHDŋ_gkTMj[j(m/ g&e ^ݩwb XGpoV_Q &E.ۺ.uxG],Bswg:kՑ\rv >:#J yL=ӍOX:GD]S}6Z^B\=fNoյ63HD6ͲkOaT(!DyҼ汯4R#ޛĘ]r~81FX.(6|%/}e[s8 Eq(M%Pcd-#NjX#_KU2Q3]F.mEe7ړkGzSwl7٧vDu!s]\Q 8hiNXg$2*XWѴLKrAJv"cg3#27[[C,o!.= 5r uqivl8*MXTE`G;:z&? >}殘r&6]jrISj[҉wj03O M3O0eZ&t:r+P^/BviC wx#.Mk|Օ$; AV'Y4J}J !z=aV n:c4@%6 ;il[ĺC%#{ƋR+GkvG"$-| KTDW6$K֚-Ɛ=Lz0U[$$ZfN>q;Ƥ$G)?yjokRN0|<70oJjM듫y ~Y01m xp,7v?&l}2>ofGs3hNv5I{v'ȈY ֬./ 4ULnş&P *9zdeXm R_= !0MHt=яkD <[<=oށ!5LZaRE#:]Q8^Ȣɦa}Ò!Tc zC#,q{Y]o`vuIO0?=(0M$ ˳v= 򊫱sM*cfBb((4/t>!{/"Y| eZ=Ͷ>|4Aưv w|oNb++HC)~z:1.[퉒ۨL]&'E5uPqZ&>V@߂5LtUYPFHbL.=k=B,kx˚;uo*a&`"&kl7qiCcUhט(7i}GД^ L~@1钞WY4g:XtґP f+,Gn8yH_$CT$p$#3ǥ1cVY#Sj0)D(SA/fYCqm.mR(8b8Z.*| •لmkeh  7' e??oDtҽN0;V Uf3dF^y в@g("0ARR tPԵVWjS95sD$Y44}κ=1~/m뛷Zr at^Sׅ[hbcN uQr8ej>X{mT?{ҵ;ƧT`EWeH"]\tpa{=SI:ޡK9[zԙC v?n+Xfݘ"_Ulx$Ti';"I)&!YF~/eųUV;V$'FϐοN&{趛@-A>HFSLTY~XG.Ϻ&e/tE1ܸ̔*%ICgHB[ǜ*!dd?ޜ6U||S#R#}}QvQcUcd'0l oa&(74mvNʔƵAQ,:wGq=q /Jw3O`n}K|k]Yr@ZsX <Gwѱ$?l Al3iaR3c'ԍ\1chL(Z?tSKnC#C:dJUG>@u#Kprc~!d0TM~* ^/{MJ+;!6lB~zX O|ya)H;>֯aq~36?hG%]̚ ppM#h{Neb>̚L CTO?r+^'#pu'6)) s k?֓jxI hKICMb=Oѭz&]>2;75L,G}zЋ4Lq1T%z$d&qgz Ք]+0/xE+'cz;grkŗ=i~ϭŭsqܖԸ= w#o6Wh $tAeGa