apparmor-profiles-2.10.4-19.1>t  DH`p\Ii[/=„AZԖds)O`F9+мg)a{`R ̾Syͤ eIQf :׼-Q+ S,UIŬ)0?wOcKPC/{cƙ&r ucQ(I,CnWh9H3}WlE.:)z҇[ZnndlKO.hK!D2dkeMI aƞwIC-4ȔO}ImKЦW 923755983dba942d11f25fbfed6b24a183f84cfc2Mu\Ii[/=„DZ9s[rGalhfbXO+SgzH Q9`W8C>&NQC+Pf> KR)ݖ V.:)kأ]OQeD${~9mn<n:ᄈr1D|USF5]spZ˘0?"T Plq뺇 'J5@НƠ@{Q*Bpn˲Mx{!_|Wpwni68x($O֬N $9W8fGcd05V5>>?d  b 17>T z     #1 #&*--0t001u(18194:>>BFGHIˈX<YHZh[l\t]8^bݘcOdefluvwxzCapparmor-profiles2.10.419.1AppArmor profiles that are loaded into the apparmor kernel moduleBase profiles. AppArmor is a file and network mandatory access control mechanism. AppArmor confines processes to the resources allowed by the systems administrator and can constrain the scope of potential security vulnerabilities. This package is part of a suite of tools that used to be named SubDomain.\IiKbuild73oopenSUSE Leap 42.3openSUSEGPL-2.0-only AND LGPL-2.1-or-laterhttp://bugs.opensuse.orgProductivity/Securityhttps://launchpad.net/apparmorlinuxnoarch # workaround for bnc#904620#c8 / lp#1392042 rm -f /var/cache/apparmor/* #restart_on_update boot.apparmor - but non-broken (bnc#853019) # (copy&paste from parser postun script) test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" -ge 1 ; then if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then test -x /bin/systemctl && /bin/systemctl daemon-reload >/dev/null 2>&1 || : /etc/init.d/boot.apparmor status >/dev/null && /etc/init.d/boot.apparmor reload || : fi fi&W79=;BRDCEFCKJCICBJPCIID?D??>=<<<<ZGB@ Q$p %ssG h $v  b+pAV{ D4Y@G 4s. YV)  n@ @VBJ##Q7+5e p%F2 iA큤A큤\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih\Ih15c4529e5e7ed8c949e3531d43e2ad18fe5e616a62989938dde1228c59395a3eb2c6b40577b4099c584cdf731f5aeb0b9c86af71a5a2e79a90d1578679a9c0c036e2825bd2f5ae44c106cbb94385fbb990b982f53d8958c424d4ac2593d120956388d08b128343ee8c50b4b072a010cabd7d3ca710534fa9fce5b97c98a504cc8c175c2e21846386dc0bc746a50bc911d2fbcf3f5745cd49ef0695b1ae0740f330893cee3d67254abaa7f2c963c7296f04e8f3e3c6b4cd2f64d81156b1cf3caeb67c0d3fe9a3d56acf88b4f0b840adec3bbab5255265539035c28872f859c9dbb79ec25190721ef2822eb1baf79a58b6c9dc8197e5e3406c48fdf0e1d511aa77e75918659946eeee602ccff92737de14b95e7b7b13c9556f924cec8ea4b2b86062f7744be6863b354f9d8f6b5984ae304a07a4bb25e474d33b144e4cd56410ae1412d2b5b0296ba5f23a96f3f40e8fd5010052c2180cf07317bb0c7b424bbfb0ae89b1f06cf98e8c6e19bc22ff9b858bf0d0ab0d7b90471505af550ba7f6c7d80c71112d3f8ed2fb87cf9dff59a8de3e18de06c9b9dd126d618347d7eab14b057986cbf6809be4e67ff8785fa8b63c2b8ac1503ed2f1474098811cd938be234d5f3d0952b50707431930a8d74d0d5bbe6bbc8079e6eb86a910c068583799e9519801d69bafef27bed6e91e1e2fd1e39ceb048c9b1b37ba29a6726a06cd9a2072ee3d12e53b92252a1debe5ae28adb147343a381fb1296e91d2dccf12bfe5af4587d479bce0a5228b4f9ce1d8cfb57bf499f7a066a2389137db7fddc2f2626ff5b6097fe97b32c87c4615416491e9c4cd2da2e411861a196f4df0324c99546856e363a3f724c6aa38b0303f01cf1c125d90d5395c354a258daf53dab0864799f61283b7869ad6a4fbea8054942759b3850140f279dce1b9f17780dfe2ae4a79e7cde65fd4a75ba32e5492a24c90f938bd2d88b0227c3ba2c20480803c99a834935ae96b8dad4346ca654a5f2703f25a263ce0e745c3979f70c80dd4655743848af3ba36bedfc555006cb36e533a9ff183f611162374baa0f988abb71f7c3a3b77e46d05fab9c3b450f6711fc23a2fa15139c92c6298015dd606efb29eeabf022a1d2eb218847d2c8d1822ed570d78208942c87df3004803fadb224b1866a7898aaf5000f7b0fa88d15fae0486cd100d348a968a437ce36b0f475dd85f2b150fd119eb8ffca3968f3f8b064971a4271122c873aa4704bda4218c3795a77340f19a00fc3869d2cc8bfb2e20e1efa33653491277107f9d1be72a214a3d937935bcbae62e6a0fc8ac3b166bdeb248e55ba264df90f5f9aa2155022e5974398e2433b8cc1093fe6f8e9ceb3afb231829a96c93f81287d8749420bf63d8324d0be9ca965335e88ced90a3ce8a2f858764bb206fe124ac6fe833ba2b279436c0cdcca72a3edbdf9b37b9d7726993b73bc28c077c76a46cbd1ae9cc3167983613521b179dbe66fb178be66815d936bb68b0b50e6272b2a12d30ae33043d2d0cfaeee4c363f53abd3640bdbf0a2b9068b758fcfac88386906b141039540e363aa835df136ff0ae650638d140b8d691a22a2e0b1acf48f57f35d82fef91e02099f16c66419b2342322ea65b07e74b2e9379332f855d347f164bd59cf59825d15190bdf91f2b18075c62cc7601d4279ae4da25a1407ea82f04274c224f68f864896b0f63f1f51ab59407f0428dafd979bf4ee6938e0c47d3c79272af6d6285967e76bfb2ce31aa7c0c085dc9a9f49d2eb2661aadfad5ef12c01221785801c269d8a6a536101d27161ea898eed80a0591e77fd8121c8a868fedc5398c5d109623e907888bed373d8c93933c72d76c50e43255b599c3f07bf06b8bc62762aaed6d3ec4f4aee49b1ec40d437e0c26784debcfe408392057e5a1cd881a7d1011db007375669479691be2cc1429240fc7b9722e74f4a9a6975e60f1b9addf2d1992023d724bd0e7df8e59e38e24838b5ba637997d0e1cbf10d0d4e5023a420bf289e8ca98c981aaccf6d5cbf0882e135ec9563756a0d1f689be331e611861bb0a784ddc1285a6744d080e785b500a14231cc037e80691268071bb05e61f20bf1bb590d388b6bec639f6944f5f92f0593696b900f0167d79325e92a46637b7227e7db98ed1fb36ab0af7274c97dd20de73add5ec9bb3933f608395225d361048232952a6a980313ed2239cd3deea4e80841c98292dc87288e1e9ad1deca52ed9267fba391f590ae2274fadf24f0bdba1d196c982c016ae201708f9a5a5ce3061b27e5230fc493991f2c3144a3ed832d8dc0e7a05efdf0e2abf87c2b0d4ae8bf1694cdc64afca2ba8d2e458eaeab5b4ff6b5f0cbaa05af4e1eee325871592b2dd93fd7f2abfbe8a594c854dca96fa327c7ce9b81c1aa819d7233848ade36076adda0f3a0af526098e219f6c4386321c40cc0839a6346ec131cc293c1849a6854327f9ac282cee8569e8a8c8be268c334c57c4f3bf166dac21f6b3bf346ced05b94f46590b83be9d5d3dd1c5ec1843aeaeaa2d3ade85663958374cfc3541b8facea9b40901eec922e694520aa5ebd658ffa65d64db949ee11aab1824d7d7c7bb9af8154cdb4ae2428aa537c6f3a07752de8502fd2ed01a3349b78b9818193bc40a321fe7897533cfc819833d60eb17f1994e582818c470f4777b439eb2311cdd180dce81ee09d193757bcd7270f52ca30a56bbc61548025527a90b8de2652d02cd4606f636c059176e971d41c3521ee6a925f48e85efd1d89a31d2455000f5bab9bc8aa8a19670b74aac714ea94735c234ef5549d79259ec50def7212d228bf46af21631212f9df9a11432a5325c79b3be9b656a95e874f30a7a5cde702d0381ad13fc8c8f98a05bc59186878eaf55ca0ae01ca7a5de2a5edf435011185bd58b9e1d10e9fc25b7bb80ce08c8d1eeb6122c26ab04d6ee10a04b8962484ed59aad5809230e45a09d8a34cab4381bdb1690c682f33b4bf5a8b669b8f40dcd0106d304046fb720614c06a0af974e2ef050f787ab0e02516030aa34e0bc85144ac61b66d0c99a56b4dd36f9545d5ca1d4f8a6e9e5abbeca6debd0167fec63387d27d91e17cd4bd863b63989e00d6d37caeb85eaae862a4bbd1fe52064e173e7ff826436ac57969b26404574b8963f60007c4d1554c7a3baf886187fecbc24b941fa74c0f6c2aab1125497a7c86b08ee721739c1cabf2474682c16453773e8201e5fe84dc0b91f7dd355b792ce729d2ec249bc1b6a38433617e7ba288da6e7444df9a970c8feddc4b09c18c92bbc120f819418f057485fcadce0fe15eca04020201cb1a91de5fe9c5455822c78f0c07b62d18f7c8e40b5a1d9cba8e14b45065a992730ccf7cf375914bbe42ed3e81421fbbcbff23534771ed877e9c497341c8c2cd925cc02286c5d03a5053db17ec10bd0276dfde2b996050a8e04e507c63480400e3f2000ea4fcdb61e48657569ac8c9cf3cad47cd430ab82de91bc592cdcaeb8ff1e42bf0cf3c5263693b93e08bd32a6c11b50440c4a2a2379c37751eb0555f1baa26f52e741779b63643c1ccbd9c90659e3314e8487b8ecad418d954ed2750b9f66e002ef060346860f25bc99951d6be525706cb42faf06bb30f2c112aed6f4c44926e570aaf8565b0126b464c09e610d2e47b87d05f14fdd21a5099bdbfdc1a3040198a2a3cef98e7e49e82cfeabc40d8969d4d2b288b12d991068d6e01f42a9178148a12200f3f56f91f779ce24361c7aed251ec256e6cb587c0c7d9c25f46c0a2afac6c7d1975978fcc79be89bd0de43f5aef2c1cb8e6be033c14e551e9c8b4a4a8239fb3717f161f12563bf884316d85bc36aa3500fb8554dfbe07274cf2212ad2fe2be2162d2bd77c7e6e14b43bb2380dc17fc93cac9aa46bbe778f1d9fdd0ef1307f2903a61ad457bfad7152b0b524ad65f63620bdb3526a5rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootapparmor-2.10.4-19.1.src.rpmapparmor-profilesconfig(apparmor-profiles)subdomain-profiles    /bin/shapparmor-abstractionsapparmor-parser(CAP_SYSLOG)config(apparmor-profiles)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)2.10.42.10.4-19.13.0.4-14.0-14.4.6-14.11.2\,[EYX׭@XX*XAXAXtX @Ww@W/@WDB@W@V @Ue@UU@UU~@U:0@U0U*^@UTgT!TܕTC@T6TT@T5ThTeT_W@TBV@T7@T2@T12T'@T @T TT@S@S/S@SES@S\S:@S5d@S*@SRRR۾@R@RR;R@Rt@RpRcR].@RH@R<8R6R2@R1RNR@R R QQQvwQZ@Q5@Q @PP@P@PaP\VP#@P`@Pw@O@O@O O@O O@O~O3@O'ON@NNN@N@NNNN@Ns:@NoENg\NRDN98@N7N7N"N|@NM@M2@M@M~@M~@MlMfH@Mc@M>@M>@M=iM=iM=iM<@M<@M9u@M5M,F@M,F@M*M%M@ME@L!L!L8L8L8L8L8L@L L+@L@L@LwChristian Boltz suse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.desuse-beta@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decrrodriguez@opensuse.orgrguenther@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decbosdonnat@suse.comopensuse@cboltz.demeissner@suse.comopensuse@cboltz.dedimstar@opensuse.orgLed opensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dejfehlig@suse.comopensuse@cboltz.dedimstar@opensuse.orgjeffm@suse.comddiss@suse.comchris@computersalat.dechris@computersalat.delmuelle@suse.comlmuelle@suse.comopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.dedevelop7@develop7.infoopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deseife+obs@b1-systems.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dekkaempf@suse.comcoolo@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dejengelh@inai.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.dewerner@suse.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.demszeredi@suse.czopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.demeissner@suse.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.deopensuse@cboltz.decoolo@suse.comopensuse@cboltz.deopensuse@cboltz.dejfehlig@suse.comopensuse@cboltz.dejeffm@suse.dejeffm@suse.defcrozat@suse.comandrea.turrini@gmail.comjeffm@suse.decoolo@novell.comopensuse@cboltz.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.derhafer@suse.dejeffm@suse.debwiedemann@novell.comjeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.decoolo@novell.comjeffm@suse.dejeffm@suse.dejeffm@suse.derhafer@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.deczanik@balabit.hujeffm@suse.dejeffm@suse.dejeffm@suse.dejeffm@suse.de- update to AppArmor 2.10.4 - parser: make sure cache write failure doesn't cause load failure - parser: disable cache write on read-only filesystems - add support for conditional includes ("include if exists") - ignore "abi" rules in parser and tools (instead of erroring out) - tools: fix writing alias and "link subset" rules - remove group restriction in aa-notify (boo#1100779) - ignore *.orig and *.rej files when loading profiles - several bugfixes - profile updates for samba (including boo#1092099), netstat, ntpd, syslog-ng, mlmmj-sub, postalias and dovecot - abstraction updates: audio, base, gnupg, kde, nameservice, nvidia, php, python, ssl_certs/keys (add letsencrypt and dehydrated paths), X - add vulkan, qtf and qt5-compose-cache abstractions - tunables: add @{uid} and @{uids} kernel var placeholders - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.10.4 for the detailed upstream changelog - remove upstreamed patches: - nameservice-libtirpc.diff - add apparmor-nameservice-resolv-conf-link.patch - allow netconfig to write resolv.conf to /run with link to /etc (fate#325872, boo#1097370) - add fix-parser-abi-crash.diff to fix a parser crash on invalid abi rules- add sssd-mcpath.diff to adjust sssd paths in abstractions/nameservice- update to AppArmor 2.10.3 changes since grabbing the last upstream patch: - add permissions to the dovecot, traceroute, samba and postfix profiles and several abstractions (including lp#1650827 and boo#1057900) - some fixes in the aa-* tools - fix downgrading/converting of 'unix' rules to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_3 for upstream changelog - drop upstream patches: - aa-unconfined-fix-netstat-call-2.10r3380.diff - profile-updates-2.10r3381..3384.diff - upstream-changes-2.10-r3385..3390.diff - add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)- add upstream-changes-2.10-r3385..3390.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766) - fix a crash in aa-logprof on specific change_hat events - migration to apparmor.service turned out to accidently disable AppArmor. Add a workaround to fix this (boo#1017260 starting at #c7) Note: This will re-enable AppArmor if it was disabled by the last update. You'll need to "rcapparmor reload" to actually load the profiles, and then check aa-status for programs that need to be restarted to apply the profiles. - add var.mount dependeny to apparmor.service (boo#1016259#c34)- Recommend net-tools instead of net-tools-deprecated for 42.x (boo#1022963)- add profile-updates-2.10r3381..3384.diff with updates for abstractions/base, abstractions/apache2-common and dovecot profiles- package apparmor.service also in Leap where it was missing thanks to a wrong/outdated if statement (boo#1017260) Note: If you manually disabled AppArmor, this change will re-enable it.- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in logparser.py - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition) - add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)- only install apparmor.service for openSUSE > 13.2- Add a native systemd unit which *at the moment* only wraps/masks the early boot script.- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage - drop upstreamed dnsmasq-profile-fixes.patch - update expired GPG key- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes - refresh dnsmasq-profile-fixes.patch- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- fix bashism in post script- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don't warn about rules not supported by the kernel - fix logging of "audit capability" (lp#1378091) - add support for the "hat" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 - update apparmor-abstractions-no-multiline.diff - remove upstreamed apparmor-profiles-ntpd-pid-location.diff- add apparmor-abstractions-no-multiline.diff: change all multiline rules into one line. Needed for yast2-apparmor (bnc#900013)- add apparmor-profiles-ntpd-pid-location.diff to cover new ntpd pid location (bnc#899746)- update to AppArmor 2.8.97 (aka 2.9 beta3 aka r2721) - several bugfixes in python and C tools - rename "__unused" to "unused" in apparmor_parser to fix compilation on openSUSE <= 13.1 x86_64 (bnc#895495) - usr.lib.dovecot.auth profile: allow access to auth-token-secret.dat - various small profile improvements - update and add several testcases - drop upstreamed patch apparmor-profiles-dnsmasq-iface-mtu.patch - re-number remaining patches- split apparmor-profiles package into -profiles and -abstractions- update to AppArmor 2.8.96 (aka 2.9 beta2 aka r2652) - add unix abstract sockets, ptrace, and signal policy generation - several bugfixes in the python tools and elsewhere - move program-chunks/postfix-common to abstractions/ - drop upstreamed patches: - apparmor-profiles-clustered-samba.diff - perl-apparmor-fix-bare-network-keyword-handling.diff - perl-apparmor-handle-bare-capability-keyword.diff - perl-apparmor-properly-handle-bare-file-keyword.diff - re-enable installation of perl modules - move python modules to python3-apparmor package - create symlinks without aa- prefix only for tools existing in 2.8.x, but not for new tools added in 2.9 - make utils filelist explicit to ensure we have the right set of files without aa- prefix in sbindir - switch easyprof python module location to python3 - drop unused defines APPARMOR_DOC_DIR and JNI_SO - refresh patches: - apparmor-utils-string-split (file moved) - apparmor-profiles-dnsmasq-iface-mtu.patch - apparmor-2.5.1-edirectory-profile(prepared Thu Mar 20 23:35:03 UTC 2014 in home project) - update to AppArmor 2.8.95 (aka 2.9 beta1) - complete rewrite of the aa-* tools in python - new tools: aa-cleanprof, aa-mergeprof - extra profiles moved to /usr/share/apparmor/extra-profiles/ (bnc#713647) - and much more, but there's no upstream changelog yet - drop upstreamed patches and files: - usr.sbin.winbindd - usr.lib.dovecot.*, tunables-dovecot, apparmor-profiles-dovecot-bnc851984.diff - apparmor-init.py-gsoc.diff - apparmor-2.8.2-nm-dnsmasq-config.patch - add %bcond_with perl and disable the perl subpackage temporarily (the perl modules will be back in beta2) - drop the apparmorapplet-gnome, apparmor-dbus and profile-editor subpackages (they were disabled since a long time, and upstream no longer ships their code) and the apparmor-profile-editor.desktop and apparmor-profile-editor.png files - drop apparmor-utils-subdomain-compat patch (was only included for <= 12.1) - remove libimmunix Provides/Obsoletes (libimmunix was a compat wrapper and got finally dropped) - refresh apparmor-samba-include-permissions-for-shares.diff and apparmor-2.5.1-edirectory-profile- add apparmor-profiles-dnsmasq-iface-mtu.patch to allow dnsmasq read access to interface mtu in /proc/sys/net/ipv6/conf//mtu (bnc#892374)- usr.lib.dovecot.auth: add '/etc/dovecot/* r' to allow reading plaintext password files (bnc#874094)- Rename rpmlintrc to %{name}-rpmlintrc. Follow the packaging guidelines.- add perl-apparmor-fix-bare-network-keyword-handling.diff: perl-apparmor: Fix handling of network (or network all) (bnc#889650) - add perl-apparmor-handle-bare-capability-keyword.diff: perl-apparmor: Fix handling of capability keyword (bnc#889651) - add perl-apparmor-properly-handle-bare-file-keyword.diff: perl-apparmor: Properly handle bare file keyword (bnc#889652)- add apparmor-profiles-clustered-samba.diff to permit clustered Samba access to CTDB socket and databases (bnc#885317)- fix problems with dovecot and managesieve * usr.lib.dovecot.managesieve-login: network inet6 stream * usr.lib.dovecot.managesieve: +#include /usr/lib/dovecot/managesieve { [#]include + capability setgid, + capability setuid, + network inet stream, + network inet6 stream, + @{DOVECOT_MAILSTORE}/ rw, + @{DOVECOT_MAILSTORE}/** rwkl,- add #include to usr.lib.dovecot.auth- update usr.sbin.winbindd profile (bnc#870607) - restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/- update usr.sbin.winbindd profile (bnc#870607) - treat passdb.tdb.tmp as passdb.tdb - allow rw access to /var/tmp/- add Recommends: libnotify-tools to apparmor-utils (aa-notify -p needs notify-send)- update to AppArmor 2.8.3 (r2122) bugfix release - fix some cache clearing bugs in apparmor_parser - various fixes in mod_apparmor - several profile updates, most of them were already included as patches (except abstractions/winbind (bnc#863226), abstractions/fonts and abstractions/p11-kit) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details - update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch - remove upstream(ed) patches - apparmor-2.8.2-fix-ntpd-profile.diff - apparmor-abstractions-r2089-r2090.diff - apparmor-abstractions-ssl_certs.diff - apparmor-fix-url-in-manpages-r2093.diff - apparmor-no-perl-smartmatch-r2088.diff - apparmor-profiles-dnsmasq.diff - apparmor-profiles-ntpd-r2103.diff - apparmor-profiles-samba-create-dirs.diff - apparmor-profiles-samba4.diff - apparmor-unconfined-lang-r2094.diff - apparmor-utils-po-de-r2091.diff- use current ruby macros, the rb_sitearch is obsolete since at least 12.1- update apparmor-2.8.2-nm-dnsmasq-config.patch - allow access to pid file and supplemental config directory (by develop7) - update apparmor-profiles-dovecot-bnc851984.diff: - do not add access to @{DOVECOT_MAILSTORE} - not required by the main binary - add abstractions/mysql - allow execution of some more /usr/lib/dovecot/* binaries - better restrict access to /var/spool/postfix/private/ - update usr.lib.dovecot.auth to allow to read mysql config files - update usr.lib.dovecot.dict and usr.lib.dovecot.lmtp: add abstractions/nameservice instead of allowing more and more files- add Recommends: net-tools to apparmor-utils (needed by aa-unconfined) - update usr.lib.dovecot.lmtp (add /proc/*/mounts, /tmp/dovecot.lmtp.*, /{var/,}run/dovecot/mounts, deny capability block_suspend)- add apparmor-2.8.2-nm-dnsmasq-config.patch - allow dnsmasq read config created by recent NetworkManager (see http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d82669d3fdaa7ec70ef1b64941c101ac810c394b for update details)- add apparmor-profiles-samba-create-dirs.diff to allow samba to mkdir /var/run/samba and /var/cache/samba (bnc#856651) - add abstractions/samba to usr.sbin.winbindd profile - add capabilities ipc_lock and setuid to usr.sbin.winbindd profile (bnc#851131) - update dovecot profiles to support dovecot 2.x, and add profiles for the parts of dovecot that were not covered yet (bnc#851984) NOTE: Please adjust /etc/apparmor.d/tunables/dovecot to your needs. (apparmor-profiles-dovecot-bnc851984.diff, usr.lib.dovecot.*) - %restart_on_update (in parser %postun) is "translated" to stop/start by the systemd wrapper, which removes AppArmor protection from running processes. Fixed by using a custom script instead (bnc#853019) NOTE: The %postun from the previously installed apparmor-parser package will remove AppArmor protection from running processes a last time. Run aa-status to get a list of processes you need to restart, or reboot your computer. - reload profiles in %post of the apparmor-profiles package- add apparmor-abstractions-ssl_certs.diff to allow access to certificates in /var/lib/ca-certificates/ (bnc#852018)- add apparmor-profiles-ntpd-r2103.diff with updated driftfile location for ntpd (bnc#850374)- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x and kerberos (bnc#846586#c12 and #c15)- add apparmor-profiles-dnsmasq.diff - add missing permissions for libvirt-generated files to dnsmasq profile (bnc#848215)- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x (bnc#846054#c5)- add apparmor-profiles-samba4.diff - various profile additions for samba 4.x (bnc#845867, bnc#846054) - update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054)- update apparmor-init.py-gsoc.diff to the final GSoC apparmor/__init__.py- add apparmor-fix-url-in-manpages-r2093.diff: fix URL in manpages - add apparmor-unconfined-lang-r2094.diff: fix aa-unconfined to work in all languages- fix ntp by allowing read access to openssl.cnf- add apparmor-utils-po-de-r2091.diff: fix some (mis)translations- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch) - p11-kit needs access to /usr/share/p11-kit/modules - allow reading /etc/machine-id in the dbus-session abstraction - add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for the new tools developed in GSoC- add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental in perl 5.18 again - use grep instead (upstream 2.8 branch r2088) - fix ruby requires- update to AppArmor 2.8.2 - several fixes for python3 compability - various profile improvements: - various additions to abstractions/fonts - move poppler's cMaps from gnome to fonts; gnome includes fonts - deny @{HOME}/.gnome2/keyrings/** to abstractions/private-files-strict - add read access to @{PROC}/sys/vm/overcommit_memory to abstractions/base (bnc#824577) - update pulseaudio directory and cookie file paths - add missing permissions to the nscd profile (bnc#807104) - deny capability block_suspend to nscd (bnc#807104) - MariaDB compatability in abstractions/mysql (bnc#798183) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_2 for all details - removed upstream(ed) patches - apparmor-abstractions-mysql-path.diff - apparmor-profiles-nscd.diff - apparmor-python3-r2052.diff- swig for python3 is broken on openSUSE 12.2 - build python-apparmor (for python2) instead on 12.2- add python3-apparmor subpackage (currently py2 OR py3 package can be build, but not both at the same time) - add upstream apparmor-python3-r2052.diff to fix various python3 issues- Ruby 2.0 mkmf gets the path to ruby.h wrong (bnc#822277)- do not package directories as %config - especially not as noreplace- enable python and ruby subpackages (using %bcond_without) - update/fix paths in %files for python and ruby subpackages- add Requires: insserv to parser package (needed by initscript)- nscd profile: add missing permissions and deny capability block_suspend (bnc#807104, apparmor-profiles-nscd.diff)- Add missing files to SRPM (bnc#777471)- update abstractions/mysql with correct paths and add MariaDB paths (bnc#798183)- update to AppArmor 2.8.1 (=2.8 branch r2069) Bugfix release, http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_1 Most important changes are: - add various missing parts to profiles and abstractions - fix a possible x conflict with hats or child profiles in apparmor_parser - fix and speedup stdin handling in aa-decode - various other bugfixes - add pkgconfig support to libapparmor - remove upstream(ed) patches- verify tarball with gpg-offline- fix directory flags for /etc/apparmor.d to be in sync between - parser and -profiles subpackage- remove %stop_on_removal for no longer existing aaeventd (bnc#781564) - don't hide TeX output when building the parser and techdoc- clear and update inconsistent profile cache (bnc#774529)- abstractions/bash: update /bin/ls to also match /usr/bin/ls (usrMerge)- Add required fonts for new TeXLive 2012- update /bin/ping profile to also match /usr/bin/ping (usrMerge)- update to AppArmor 2.8.0 (= r2047) - new utility aa-easyprof - templated profile generation tool (the resulting profile may be less strict than profiles generated with genprof/logprof) - various small bugfixes - removed upstreamed patches- add apparmor-techdoc.patch to remove traces of the build time in PDF files- update to AppArmor 2.8 beta5 (= 2.7.103 / r2031) - new utility aa-exec to confine a program with the specified AppArmor profile - add support for mount rules - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8 for full upstream changelog - removed upstreamed and backported patches - remove outdated autobuild and "disable repo" patches that were disabled since the AppArmor 2.7 package - create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1 (bnc#720617 #c7)- replace patch for dnsmasq profile with upstream patch (bnc#738905)- add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't create network rules because of changed log format (bnc#755923, lp#800826) - add profile for samba winbindd (bnc#748499)- fix dnsmasq profile (bnc#738905)- add 0001-fix-for-lp929531.patch to allow reading /sys/devices/system/cpu/online in abstractions/base (lp#929531)- Update to AppArmor 2.7.2 (= 2.7 branch / r1894) - move various permissions from httpd2-prefork profile to abstractions/apache2-common. Backward-incompatible change: *.htaccess files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5) - allow various .conf files for dovecot (lp#458922) - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files and abstractions/private-files-strict (lp#911847) - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files to use ~/.kde4, not only ~/.kde (bnc#741592) - block write access to ~/.kde{,4}/env in abstractions/private-files (lp#914190) - allow write access for personal dictionary etc. in abstractions/aspell (lp#917859) - when using genprof for a script, include read access to the script itsself - automatically include abstractions/python or abstractions/ruby for python/ruby scripts - add profile for smbldap-useradd and allow smbd to call it (bnc#738041) - allow creation of the .config directory in abstractions/enchant (lp#914184) - allow TFTP read-only access in dnsmasq profile (lp#905412) - allow capability dac_read_search for syslog-ng (bnc#731876) - add p11-kit abstraction and include it in abstractions/authentification (lp#912754, lp#912752) - add audacity to abstractions/ubuntu-media-players (lp#899963) - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831, lp#890894, lp#890894, lp#884748) - fix typo for multiarch gconf-modules in abstractions/base (lp#904548) - allow avahi to do dbus introspection (lp#769148) - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992) - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062) - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in abstractions/cups-client (lp#887992) - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in abstractions/python (lp#860856) - various updates to the sshd profile (lp#817956) - (and some more changes I already included in the apparmor-2.7-branch.diff)- Update to AppArmor 2.7.0 (= r1858) - make traceroute6 work (bnc#733312) - allow access to pyconfig.h in abstractions/python (lp#840734) - fix logprof/genprof for hex-encoded program filenames (= filenames containing space etc.) - add apparmor-2.7-branch.diff with some upstreamed fixes: - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041) - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file - fix syntax error in abstractons/python- changed a $ -> % (typo)- package subdomain.conf only in -parser, not in -utils package - package libapparmor.so and libimmunix.so only in libapparmor-devel, not in libapparmor1 - make Provides for perl-libapparmor versioned to avoid self-Obsoletes - move libapparmor.a and libimmunix.a from libapparmor1 to libapparmor-devel package- update to AppArmor 2.7.0 rc2 Most of the changes since rc1 were already included as patches. Additional changes: - fix logprof/genprof to recognize "mknod" in audit.log - fix libapparmor python bindings to compile with python 3 - fix wrong status message in initscript if apparmor-utils are not installed - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS - fix some warnings in utils/Makefile - remove 4 upstreamed patches - remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now - update line numbers in 2 patches- make abstractions/winbind working on 64bit systems - allow loading the libraries for samba "vfs objects" also on 32bit systems (bnc#725967)- allow loading the libraries for samba "vfs objects" (bnc#725967)- include autogenerated profile sniplet for samba shares (bnc#688040) - more helpful error message for "aa-notify -p" if the user is not in the configured group- update to AppArmor 2.7.0 rc1 - aa-notify: add --display option and warn if $DISPLAY is not set (important for usage with sudo on openSUSE) - fix syntax error on "rcapparmor stop" - allow read access to /proc/*/mounts in the dovecot profile- add patch with upstream changes since 2.7.0 beta2 release - add example parser.conf - print warning if profile cache directory doesn't exist - remove initscript for no longer existing aa-eventd (bnc#720617) - set correct $HOME in aa-notify - enable caching of profiles (= massive speedup) (bnc#689458) - add comments for patches in .spec and comments in some patches - run spec-cleaner- add libtool as buildrequire to make the spec file more reliable- update to AppArmor 2.7.0 beta2 - includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182, bnc#691072, bnc#705319, bnc#713728 - add some missing perl module Requires to perl-apparmor- update to AppArmor 2.7.0 beta1, for details see http://wiki.apparmor.net/index.php/ReleaseNotes_2_7 - removed lots of patches I pushed upstream - disabled apparmor-2.5.1-unified-build (patch to use automake, does not apply to 2.7 and probably won't be accepted upstream) - disabled build of tomcat_apparmor (doesn't build, deprecated upstream) - run spec-cleaner - remove *.la files - move usr.sbin.nscd profile back to apparmor-profiles package- Update patch apparmor-profiles-usr.sbin.dnsmasq to include /var/lib/libvirt/dnsmasq/*.leases (bnc#694197).- install SubDomain.pm compat module (bnc#713408)- Update to 2.6.1. - One patch eliminated - Lots of minor fixes - Split out more common abstractions - Add check_for_apparmor() helper.- dhcpd: Fix apparmor profile (bnc#692428)- Add apparmor-securityfs-systemd.patch: do not mount securityfs when running under systemd, just access the directory, systemd will automount it (bnc#704460).- Fixed typos in descriptions and summaries of apparmor.spec- Fixed building of pam_apparmor to properly link libpam (bnc#696553). - Fixed building of apache2-mod_apparmor to properly link (bnc#701821).- move the requires and prerequires to the right package- make the -doc and -profiles subpackages noarch (again)- Added alias from Immunix::SubDomain to Immunix:AppArmor to allow older users of perl-apparmor to work properly.- Properly re-created links to old utility names.- Added /etc/ethers and /var/run/dnsmasq-forwarders to usr.sbin.dnsmasq (bnc#678749)- Update to 2.6.0 - 19 patches eliminated - Lots of minor fixes. - Split out more common abstractions - Added more local includes- Additional libvirt related fixes in usr.sbin.dnsmasq (bnc#675867)- Added 'network packet raw' to dhclient profile.- Add Requires for used perl packages (bnc#670650).- Updated dhclient profile and added dhclient-script profile (bnc#561152).- Added ability to completely disable repositories.- Properly indent sub-profiles after genprof completion (bnc#480795).- Inherit flags in sub-profiles when generating profiles (bnc#496204).- Stop treating profiles shipped with the package as config files. - /etc/apparmor.d will still be treated specially. - Add support for parsing network operation events (bnc#665483)- Fix for sbin.klogd profile using kernel versions >= 2.6.38-rc1.- Update to apparmor-2.5 r1445. - Includes 3 of the fixes below. - Several testsuite fixes. - Update for Thunderbird profile.- Add support for libvirt in usr.sbin.dnsmasq (bnc#666090)- fix rm call for nscd profile to avoid file conflict- profiles: Add openssl abstraction (bnc#623886).- Added support for sys_nice to ntpd profile (bnc#657054).- apparmor-utils: Support newer auditd formatted messages. - Fix two x transition conflict bugs. (bnc#662928)- Splitted ldap related things from nameservice into separate profile and added some missing paths (bnc#662761)- Fixed pod2man macros with older versions of GNU make- Fixed building of perl and ruby SWIG modules. The former is required for apparmor-utils to work properly.- Fixed use-after-free issue in apparmor_parser.- Added fixes for logprof issuing uninitialized variable errors while encountering audit messages for unconfined processes.- Updated cupsd profile (bnc#539401)- Fix {proc} vs {PROC} macro usage in firefox profile (bnc#436262)- Added support for eDirectory nameservice (bnc#621394)- Fixed incorrect /proc/*/sys usage in usr.sbin.ntpd profile (bnc#634801)- Added fix for another case of whitespace affecting profile removal (bnc#510740)- Added support for unified build, which massively simplified the packaging.- Fix for syslog-ng profile to allow upgrade to v3.2 - add mysql support to syslog-ng profile- Added support for enabling/disabling the module automatically during installation/removal (bnc#623246)- Converted archive to tar.bz2.- Updated to 2.5.1-final. - Lots of testcase updates.- Initial packaging of AppArmor 2.5 - Now contained in a single archive so built from a single spec file/bin/shsubdomain-profilesbuild73 1548314955  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~2.10.4-19.12.10.4-19.12.10.42.10.4apache2.dphpsysinfobin.pingREADMEbin.pingsbin.klogdsbin.syslog-ngsbin.syslogdusr.bin.lessopen.shusr.lib.apache2.mpm-prefork.apache2usr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.ssl-paramsusr.lib.dovecot.statsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbd-sharesusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddsbin.klogdsbin.syslog-ngsbin.syslogdusr.bin.lessopen.shusr.lib.apache2.mpm-prefork.apache2usr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.ssl-paramsusr.lib.dovecot.statsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddextra-profilesREADMEbin.netstatetc.cron.daily.logrotateetc.cron.daily.slocate.cronetc.cron.daily.tmpwatchsbin.dhclientsbin.dhclient-scriptsbin.dhcpcdsbin.portmapsbin.resmgrdsbin.rpc.lockdsbin.rpc.statdusr.NX.bin.nxclientusr.bin.acroreadusr.bin.aproposusr.bin.evolution-2.10usr.bin.famusr.bin.freshclamusr.bin.gaimusr.bin.manusr.bin.mlmmj-bounceusr.bin.mlmmj-maintdusr.bin.mlmmj-make-ml.shusr.bin.mlmmj-processusr.bin.mlmmj-receiveusr.bin.mlmmj-recieveusr.bin.mlmmj-sendusr.bin.mlmmj-subusr.bin.mlmmj-unsubusr.bin.operausr.bin.passwdusr.bin.procmailusr.bin.skypeusr.bin.spamcusr.bin.svnserveusr.bin.wiresharkusr.bin.xfsusr.lib.GConf.2.gconfd-2usr.lib.RealPlayer10.realplayusr.lib.bonobo.bonobo-activation-serverusr.lib.evolution-data-server.evolution-data-server-1.10usr.lib.firefox.firefoxusr.lib.firefox.firefox.shusr.lib.firefox.mozilla-xremote-clientusr.lib.man-db.manusr.lib.postfix.anvilusr.lib.postfix.bounceusr.lib.postfix.cleanupusr.lib.postfix.discardusr.lib.postfix.errorusr.lib.postfix.flushusr.lib.postfix.lmtpusr.lib.postfix.localusr.lib.postfix.masterusr.lib.postfix.nqmgrusr.lib.postfix.oqmgrusr.lib.postfix.pickupusr.lib.postfix.pipeusr.lib.postfix.proxymapusr.lib.postfix.qmgrusr.lib.postfix.qmqpdusr.lib.postfix.scacheusr.lib.postfix.showqusr.lib.postfix.smtpusr.lib.postfix.smtpdusr.lib.postfix.spawnusr.lib.postfix.tlsmgrusr.lib.postfix.trivial-rewriteusr.lib.postfix.verifyusr.lib.postfix.virtualusr.lib64.GConf.2.gconfd-2usr.sbin.cupsdusr.sbin.dhcpdusr.sbin.httpd2-preforkusr.sbin.imapdusr.sbin.in.fingerdusr.sbin.in.ftpdusr.sbin.in.ntalkdusr.sbin.ipop2dusr.sbin.ipop3dusr.sbin.lighttpdusr.sbin.mysqldusr.sbin.nmbdusr.sbin.oidentdusr.sbin.popperusr.sbin.postaliasusr.sbin.postdropusr.sbin.postmapusr.sbin.postqueueusr.sbin.sendmailusr.sbin.sendmail.postfixusr.sbin.sendmail.sendmailusr.sbin.smbdusr.sbin.spamdusr.sbin.squidusr.sbin.sshdusr.sbin.useraddusr.sbin.userdelusr.sbin.vsftpdusr.sbin.xinetd/etc/apparmor.d//etc/apparmor.d/apache2.d//etc/apparmor.d/local//usr/share/apparmor//usr/share/apparmor/extra-profiles/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9516/openSUSE_Leap_42.3_Update/0b4a9528e9651a762f72694af3f63dd3-apparmor.openSUSE_Leap_42.3_Updatecpiolzma5i586-suse-linuxdirectoryASCII textC source, ASCII textC source, UTF-8 Unicode text:.Xb|H? ] crt:bLL'mwI+ mZW\SM2XJAf` N)R7sS> [di DB9#FH)g^ rKс4K}U ]%֖SS`nZ_t!4[ .sBDu>1Q2Ier)Tn|Ua4P%l~ M&I'}^TxP>R}o *? U̐ H荧<"Vðj>RT=6֟Z9MXퟹaB=5зb?6F98(hZGAjR}\s*NŬ-%mJLzݱ0(:# uԺCIɂ64*5b%iRo4>nٔC9fv8E} +fRsB1Qm_A@2wm#ŅD à10GXYCm-x"Ќ;E,ng`'U]yyh[Ջh ]>cZoH-߻KAs4b|/ yT/)wh=,@qL/,]nd?] j>dC2S3ДI&o ,n$ ѷPI(k̓SK,ݿZPU}8bQ2xx!%E`xm\؍ZjhPĞt޺#)nc5ok,KG 3wz'u-~klF&waKDT+r 7I⮎NYI*P\ ^D*S+Jcv԰/.=MeI@^~2\Tf\#zW nCfoB$ NX߈JT8*?9} >MrFx 2k|vΜTv exKȷD.CB?}?Ƭ_󖨚'}u߫b{181l=O 6m^s8~"O#A" ]$˙ U 0;>/s2t˒ۚ! @Y_C_R f'^N*-ghV#x_J1Iԏj"w~D4GQo8eT(B} K~kFVdʛ͞H^[wK 8DbՒ\Ԓwp0cΪ9*k?6m۴XߠΙ2ATv`hb3\uq-gGɞ axpǗݻ> ё]"LyȨx, z՘Q39Jv.;4kL}E'8ڛ~<(k Y[az3? Z@7x-̖CF5o"~o& ޙ㛱8&lM@2i":@zma '^m 8hh FbET, y} 9x{:s4onKcx(4>#XEvM8bS͌DZ$5;+ TF' Kfnt=h ;8ⶬ5N7+ܑ%U"..WzJX0*T@liMy}gp/A}Ml|? xvhݍ'XxJ}tMWaI6yR2m`Y1_zu;\ceveW}C嚳ͬ6gǝ^  2VOYlx&=d!̀i[,szJAojeb]c̘/˖r+FZ_%H0.da I^*KEj;\澹 ,d^G8B n; ]Ēz/Ys[>- U!m VNA3ueԡ&_>ޘ$V5H])8rorD9 j%=^H)"ЅOi}Ÿ́Oˣ)vh9;M8#nF׺>Aq ҏr]}`TF",s=?l=7?nOt L)xȑr#0GL/,#04I3kBJ{W]#r61c1\nzʜ4n^]uj 9) qB8xX YO`$ 4T*UlD: ʉfuWqcxctHd2D&C- T9"}$N0ryWy}܎* sG mJ"ӷ} (o6C?,4Sib}Zyg_b54f@/U0fly;O$#,M>/ۥ>1&a\PA@@B.54)!YqZ1Uy.V+&hJZЇv쯈ˬ_+]T~X2/33].]4vsKM6N+'/y/wO")_nٲ d-L*]-`!,E}*Ռd܎i]qxl7, +6YUىqX3T[AlORNy)WHLm=~LJ8CYa p" ;v _uVs}ep.GpF`$nƖ fD.p3r>YN<]NW<,bj9"1TsJ!OG5xkuZM-ӠVatP(6Z˄@^x$핰~ +tmكxRb!_Du+Igxe5Ѣ^=}x%=LtǦ}&@eH_DrU_|P & }Ko&b!|裤܅ x T{܏;d '⦷`ViYry}$@Dg6˗< W46J\C7|1c-Ȗ ku"7݄I Sr}]!k"]l޵g+DĻ} xlܢ6,>pz\i<I [+4!>W{̥XWާCWzG91+KL;L,D?wYG ,'òI9ОNT\7}MJOZS `ȉvli,FjD Bs]wՑ|% RFat'p)&Kz-ꕳ&]+kTy9/{7yk,%,O@; x R2fo]`/ү;ed m?hnK8x-Rex:ߨ no<e#[:FC$]ٔKn" % +҃mZU2H"<{>WCts4:ʕ T}MZ?LF?3|̻^17 KzԿW)J Qz~?:}^Q۱'kii)Ȱ]LRkNν+K19;YT}kYTaWX݌\ W)v)>3|m N;`vv$R1=X7{%xUKJΝ:_\:s3i1ML ]HG8X<11Ο> [*p|=j7taq2Y5SxT*Nϧ5­v}[Qr@9B7sK'O$)6c#+, ]>ܴ֙Wɸs @ 3&]h7)v) IR;IA9˞ #ĪDg2V1R 7Dùf_ՖNMT3ryDڇN0-484M ?zhcLWdNǷ<\3ܺE,klG+g%@ӎqt吥~zkh VlgpF3}5c@)93ڴئ\mWx;1)'<# EY3}O(@ct`ruHxi0Unx(ɝ~r fi.]͔^{: |sN DN\kzIos[F856PMZVss' u͢d7I10q ?JE4Gk6Sŏw× th)q:LAPߏ q9\$iXo+[PVɞ|a*ZJ4(ZGE5[]=N~̪$LeKYL[>L~V& ^YXpٟl~+w~?6b]'!k|j KD8xgG 'Mq:oU]wF9pQF屇<8eR4@_ZCVvwS& GI mtCqIOuw 8)F/p¥kN,̚4iUĨ8CO *& 25s^?0Ne=UHuj굊EIjfe+ "T 'fRȼ)DA x AO,4k{{$LMY iT判- aѯ nG:f M&3 ҈mW /|O?e+5^]>j!_ sH6T&I'M7}R65zCEFuT,p3UŸt~Zwp!liCFwOUMY-TM$ԈEO7m \ϭj81/5\N+2oA=,_Ҕ5z -Y\MĹI{N[dTa!Ѡk<;|90DŽ UKL"2cw@Wyn<.IxE5̠<錌Z@+(㓼Mk&o.JGd4_Lצ#$sjK Ul:(;\*ڀ"Wf yEs + r~[Yn|W+#Rb0S+Duj4\{9Y S}U>l],z@̄3h#8@Pvuz2L +Oyn=Є"J4'/?@5מnj7)unHRT'RZ݄%)@2VW NID;4$x i/33&Ko`g9y{{7*ώDށ~@+6˝GqLR\T :N^E{Oo'w[⾨g]V,uJUWߐ;/+vա03D?[/@ ᶏl[ ta,th)\%FX\ۆÁ=1lKzZ^kRE?ѷ-xfv)O]c T6.l咽,O^ iCA ?p+p^?%y0J4ȏx:%6=ƽkuP NwA^(]e?HLaG;q{U,ҐRܓU?34%n̢᎚՞*S^'4jjH!fMʄ,*)UR@AQ~G7Cԓᐖu$}lwh Y>I=K>FG⚋yۓS]" b|.8Т3[vq :UJ~]UJ޳ {*Q,7$M-#:҅=\Ѥb_VKW0^(W,1pFI@O:/[c`΅ _u5P?ʟB![No1A Q>_ rL Xaej#R={] Mp |I7zn߀n&ѽ*k E8'$ nuU^+^x˸:& bʣssԥ9ao& ^/*Gcbc 8*kSd 3wP Z5I5({c]ZX ,?s$f0BBL 7oaVOڴ5,4Gp P OZk\1? RGm\uuzI΋$7ܦ>+E9j'ABަ3 q`enqRD[P^%uߑXRȝ؍^ɜ'/~-`ӑѾMWD9RU%-ؽTW*; htڈJnͲ76;h^lкx}P=)8u}bmDZ1UD[T:۫U~L1kEЁU0uU_NIo&V[,)AwXķf_{yWc~&D tżfR!^q(m Ű_[߅g|Y9Uil˦jQ`d7vTPCL `'dGۂxZM@)3zxw lۨ& ԁMc7UMbWNilHm%2wH`YQu]p([ot*\3ŦfKh? nHaXoވ#̔ٔ|&n-JFjtSh}FQe gLp֙ d}SJZ6X*wlT|T2'ҋM _<]dR5LU0ZOxCʘ_W/mm7@vf>V;jY˻ v](0D3+UL,s#JFl. Y_˘,6lX :OVc*BfQ8YCFp E&& [ۗVU} m=},F߱ ބ5ؔ&q|[e%5 xͅ[r W!2ˁ\1y8E=wÍ#p55MYv*KCbaL#Y[Jbsf3IdhB BHNGQ+af-'d<,RG&5CSΥ*ڣjݠ>pnnm_t=KOIťMz[ײHO "t֨$k_liEsy oPX ]2Q(-hɳ2kh`}+~·w3*GfZsxFЍ` \?Csg/V G'Xxz@ zs BFt,`( ;M%B [u!p|2YRYn*t]At<{t9t͓شJ̳A=kB8cdm}Ec<"4\Ucmx'0d7bfK$/}u{5R|Hڽ;> l 6(U~鿕Lu)'yWWRSQScͤ f:XK$@ 7 _QHӭe8*_D c# kt͍{=l_1*k"lGM˦߬$+F*g\eue[IB wOKܔ-ܱNciU_?y0l_e Y q L$Z:}|bJwq;Z2Jqϲ),'w}jhhfd䯡NYi_=ifai?!lvAz4g I"H"B!y R8E<2+yKˍ JԩÑc3%zHdxV? Q+BF5:= E$ϸt/}Q>]AU;s,j[`_?>qi lV[JY ;&R_GdP-O'1 êH*HAoᯏXxKK 4" Gw޴նb·E*ޅr_n*(L <<Pぁz^D=!Oԗ3̤ÛATDQ$m9]zc[q*N% pO.`@ 5:_TewJ+o(5Fh)7wTm:'dj>/: 5&?lz-# s&Vd 6~U:@VZz_ipl[;,3#zLA!r7 Tg!"Aֺs&pe|_wQEk趵L9/oo QOp4NU^pcsT" ^RlR.b^㕟Ƅ9Fa2Dw+ wY*, x~ۉ$RޢY>H\yPI Ⱥnk۞ _c7DVc77* EgQ&w$mIwh̭.{G0.csRc:"^ (ʢ>gv$hgd]7EP J{$I-% sJ۠(JuxWb~}k$𽥝@߳c>> [JȞZf'1!֎哗fVAڀ:qdY1. iDz #Ԅ+x:::vK$tu Ե|*5C1F1 Hbz:ΠGQO{cJ F-a& }TIyH_@S6?xs9jb9jV~ ={u+iW>>d9:@U*Z>1 XM=R7;~+UJO )YĆ7AҪCWXR^0IU)PR-4{[˦fW4c[)mи2^Js$7ĕpqrE}OhU#֟[s[f(sx7khRvQIĶaO\ Ǘ~iL|v'Vul(Ҷ}X@2~KEr$I({*d_;tnUf:bo`:Ak9T%Ol$Op`V=!5B`Puem#CEmS,anXXGDm[XԽɎ⥓y rSP+[r`zvY#+KGNo;<`mL_"a i:zsP`߀|kG8X ٚmӻ*9ӀrXŎB²)=FlM!WEo[X0@GaC7vcC"@/  ' 1wr-)^us{RDY.Qvi%l -=L%㟀;;J Y{ >S@5VE"JP+"B[!iUhG&Syq1pV%]jšJK2YĻϬ~Z1ֆP,SUCoDc)Brc$ҫ& ;L"hUjce^m1ji0Px%/(~O;?#qD: `\dU]zs0JgO^{i`~a !yHtd~@KBp足 u'|P>PhtM?b†b͙\tJ!;(lHlԿ@P>mϐGr).\ΓfFfV;gB[s9V I~XMkQUcxbE/#nGUe+nvI8&8evZm5]c[nUvf}.> fڕq?jbf[,t*"Vc{"kٕM E/!؋~r~z߇*))Űb0&s*r>D8U{0z16=ׂ׺w^#@7r1,GTXSHӞ "/UX3ӝɞKm4\I_*ݓE_:i@CÀJ\ zqtZR41 A̾( m~|6ꐻO\Yu3t._hBcʵVIPX^s>uV]1=k${^dťu0qR4cI4DO;^(- Rs˽7tl+b^ˈqu؃A\[=w߄~Gj Lrx"DZRMy*sY >l~~ӕ@:$n@2 9f'>xV cb%jv𫭼K;FDfp {mR Ji훵XdVP/ %JJu:i}=Թ`OֽUh?c^evN49û`?FqwCw:-gAlrK6[@I@$1'|_έ 'x`7rM{V=k/\.-Oq~_ٵ}ՙHf0 k;69/dav)d٠P34glu?L񦕴&vS M!L2i/T'Ln3YQKLyNu>J74Zfn ]@#KmԋTl&xcw>ʰjkfz'dBUf~iܞxa+;laoo֤ )x D_߈\pUl;Ւ_}vJ8VdK<@-y< B8# 0JGֶvmM/9)"G[;Hj IGYg)T{e&N:YeTc,Gm;A=_L4@BtWB{σ SZHfD-e""̢Ć  ]bjs.Nl,v1N <ӁbP`Cn Qk;{2/D'f/׀{wY978Poe8Bz#t&C:^᫧4к'.C8!nC!{@r p%%:`*~sJicؔ8xCqNVh%(۶&jZ 3ͽ:Pߝ0떒RKwe0 @Eˊ[E0/sDe@+ȏI5tQ%W$Zt|0C@"ԋaØڻ<_f*p3S,Q?uXn]ZS=h0 p_Q, c公h1AtS x(Rݤ{W~{ZW" v K^ Rz1nN}饐 v$Ą銶EUcAr `[!i2VIמdpȵcD@v| |yc "tkhpoUSyV(F4.wK ]N6xt# y98ܑ) 'VkҢ'1e6]l+$X1ȎX5czBii<—Ok>Q)zmne MDk5J1 Gwy̗T0Z,e\_T@1ke,;,߷$3+%7a#HL=u 7"1ŽS$\8mgi0"jNt{%%zMcU ,eBxqD% z8"Iү;RoLH)"be߾뇹4DV%^$sE/tgra+Іs827ңT{S͛ǃ|9Hҷ[\@uNJd&ޞaDs^5(hCM%j0/AsWUEyIl^ ^4@Qi{)-R G!m T}5] .t 4S`|&mL"RT25Z3>>]C@ɗz _7m\?c;`jcņ VK/+!DpT5ՙy5oXaTuAȽqd%' ><U9gmwرyb=2Cu7kfcfbC$"7IaLY`N=!7:/s`#Ej䊼"oϲ{].~O]b_溂⫵aN+mm\R;d/*PqLPH\8Frt5lCp=knj=JBy3nզx'|}U w#$xf 8^_ $cSqɹHn3=מ(ؖWxd@ |hb KrdTҀ:^!P*.=0)jCqc%ҽ6^聺@L?3 [r :JQ+JOl*|$ؾomZwm6`Za Zwfp$R}`0'+*#P6e툹AC>KqVp;&F{IZ4jALMmɾ9H,-wi>3 ғe \QZ4/[֣Ոg~(!c瑭OcPۜ~! Ѡo=gn>GpǍG*yd>Kk {k#!Wx⹑U|ac,ƙ FA loGݪ㷭a -5S.tqM@Rz]Yi`0z9SkXDis]!Arh3|\ipbzʌLz%]}A7 qϾq"Y=)$Ww33/kx2Se,Eꂮx(7g%ۓ֕%[梖&䓰) y6KIP> *Br'L64@Ke6OG:Z\]͕! vQnaz72_){=11'UaLܕ "+պH<|*êW|4g$6@'ϋDTn(":&*2Vu2`g;֌˃Hͽ '/@;cڡiݡ6M DbR'@-uxwOȚ[@x_5!T;چ 3W4U*U)O]1aղ1v=I9}OBh@=ډ@Yk"'jY[rP]ڎ}"KR_<-牿lI+qhՑŰ=Ƒ(5%&!xf&jT87Y :O:~yLjs[Du%{D/˵j8ʼ9g\d~riOaͩ4%dt/"a类T:CZ}.3nz;TmvƮ[J A+\,iץ]d|C0l`|X:f!-#!P)59v>bl*W//a9@6WE]M;H|p?Z*a3~FOd!7-(IrxwMi#|eD,s b+#mB>J)2r!`\S~ 2J5 &BaqWOHMg!8D H3Xt|B"?pP#C.lW5#`vXE[+`g%p*naA Mý-`nW@.@qFk׬EE..yxpނH&J+\o$Z }D?SU2VEmpzCY|mz8U)v?S1┴ p&PTrU\T鬢'_Opٷ[" { L,jB1{̚wn79a5ǁT׏hSߠ3>d]a\|,xZc!.{JʏEV|Yr}=Kت4.4$-$ۺ:oq8I[k;^ׁe$ HǼfr{t{VʚiryDgRUbsmN9R⯟!¸/3'DN,'z@`\G.xo8Ԥ~yŸe4w莛H*I)Z%~:Ue#$qAlqmg?ވePO6h5 uSV"W9g XRQZuxb=֗֘[iUZGŅ ףآ0*oaͩZp(&Z~),%|QwZ㈇P t؊"R=qG;u[/r5aKϩo/_z_. _sBmMt50D"l =ؗ{ϛ+ /JQaՆC 4VM8ݗ#O2%PvЯ)j^^3BwjbTFU,t׳^js 4ZD{ z_l f ^@MzK6WL|ڕ!rD-'#bF;Q=خHWH̍jzE_!QG>RT&nόJnD\C**vMhg;FȂrZ eMz33飬ǭyLIvfYԋ[uL9rRoݺnJf#˨9*+O>=,QZ-4YS5;8zՒ3'cI`}fL1+n{$@mnt*a{KuV*g]8\/&Uݙ5zsa]t^Ryת M;HzK2bAx 6 ^^4ys\)]S\.JrlSͻl ίxvL!>=&ei0ai]1T#Qq0M[6,*>{/3FQ<#ToqSy&Q|U5px0}&ތ-Mgit`hv%?|Q ]׋#;}#RgdiT!7"F醽[1R9Dh1{Gը|?j6)`sc VN0JXP֡\I+& J>>%,k z1i]ۢ< 07e| yY-T-(IĽ}-@M3vE}7Mp ފm-qvXۀ!Ɍ$g5~wyQM- Lqp-Sk?X8pPs{ŌʺKUbv #t WTkǣ>Hΰw 5hXЏw`~"z"-RЀrnWj;hfAy6S娗u꒵Dw BjbA&X)*y֫rԺ9R"2 o]%Bkg'Nu; T6FD|Pgb8 S,Ӳ]+av'3V'o=8ݯm]bM{b`ʷꭆKy .Qـ|E抅ARhqPزfcHVT U,]P$:TL3 xU]S\ɛ[89bi.$(tsL}D=󟲉a(rs"C]Ea6v g9k w"WIX^2reH%_.r=5ϊ#3!cP+Hyfw(#YPjODjLDP'OEٹr՞C!)ЧplWcN{}x}FT߻XE#L"z|k+m/#ba⒘ʩ$F0ҍxIo,30@e=eEQr>Z^3cfn[K.)'EVuQ-y3|uZciGۮ׋D7ed^Adͷ%5к0 ȡ3Z1Yn7'՗&[Kx]O0"wI[hpAQObڌ0MCM<ٻb * OJU$B{q|y!<%LSيCirL½33,LepjyF˷QEc&/NeEj"c٣__qFc3MY:wD*)X6%5cmʜfYQB'&x4+$}Ml 6F~3 /E!"FG! sr~>ʺϥ%܈EH}fWYMe8CZEwРx R`BHpے<+pn԰z̶@Lvܴ6{ /`$aprw˳-RUܟYUgPBbʋG†?z)#g>Xqs м̞rrV_zA{/ac}} pD垻)AAކfj'u/t=E0f${}JU/]pO (2%z3 L)De[& ! p=!@/~.Y s?7bUar$e]=0G$NKK$kQ0;$uM{DmD ^u2E83_lĮ@heJ@ {%WsB0rbt2 4N1{)n ? Z uJw cONoKҧu˪o:ZsF;Oj@&xJJ!hpL"kVV)}*_Z}n?E?d B2` GvQgY0;p>/Ÿ|۾&y,wvZ`Ìr0ŀɼ%0>6MzvvNuB,w3^MAcx *QZ#6,A+A-ˆy"Dᝤz5z'p\s6R;~ BQ%#=FF$ȧ_/XaAeP5,6@(3 b7:y1].{CDSz\`O;7"/N,z%fu@bjV Y`R