������libexpat1-2.4.4-150400.3.17.1���������������������������������������������������������������������<���>�������,���������������������������������������������������x�����ep9|��r�Bz|*?)"�4;?:F�
͡?(Кr29x8�QG.57�8�˧�t'#EJ *(ߤ!jf:G5C/J�h=;1CJb:,(Q��/F�kF�'6hQ�eAi|�զ4~)9g#e"#̅I.�4;gd�G[ށi햠em/�WTC´aC>?r�[朗�n
:㉝ӝ;˹�ki^���>��������������������@��h����?������g�������d��������������������������������������������������������������� ��� ���������� ���3������������������������������������������������������������������������!��������������B��������������F���������� ���\��������������m����������������������������������������������������������������� ��������������
��������������������������������������������
�������������������������������������������������������$���������������H���������������P����������������������������������������������������(��������������8����������$���9����������$���:�������V���$���>������d�������@������d�������F������d�������G������e��������H������e��������I������e��������X������e��������Y������e(�������\������eT�������]������e\�������^������e|�������b������e�������c������f1�������d������f�������e������f�������f������f�������l������f�������u������f�������v������f�������w������gl�������x������gt�������y������g|�������z������g�������������g�������������g�������������g�������������g����C�libexpat1�2.4.4�150400.3.17.1�XML Parser Toolkit�Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).���eh02-armsrv1����SUSE Linux Enterprise 15�SUSE LLC �MIT�https://www.suse.com/�System/Libraries�https://libexpat.github.io�linux�aarch64��������������ee�4e83a7575560bbc10ce5c314e19004524e37877d00d8d1f83dcbbc9545045064�libexpat.so.1.8.4�������������root�root�root�root�expat-2.4.4-150400.3.17.1.src.rpm���libexpat.so.1()(64bit)�libexpat1�libexpat1(aarch-64)��������������@���@���@���@���@����
���
���
���
/sbin/ldconfig�/sbin/ldconfig�ld-linux-aarch64.so.1()(64bit)�ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)�libc.so.6()(64bit)�libc.so.6(GLIBC_2.17)(64bit)�libc.so.6(GLIBC_2.25)(64bit)�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)��������3.0.4-1�4.6.0-1�4.0-1�5.2-1�4.14.3�e,eN@cY!@c1@b#Pb�~a a@aZ@aɪa7T@`@`@`u`lM@_y@]�@]y@]o@]�G@\\�\-@[@Z
}Z
}Z�Y@YYdY[@WW~W=2.4.5] Fix to CVE-2022-25236
breaks biboumi, ClairMeta, jxmlease, libwbxml,
openleadr-python, rnv, xmltodict
- Added expat-CVE-2022-25236-relax-fix.patch�- Security fixes:
* (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs
- Added expat-CVE-2022-25236.patch
* (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
2.4.5 does not check whether a UTF-8 character is valid in a
certain context.
- Added expat-CVE-2022-25235.patch
* (CVE-2022-25313, bsc#1196168) Stack exhaustion in
build_model() via uncontrolled recursion
- Added expat-CVE-2022-25313.patch
- The fix upstream introduced a regression that was later
amended in 2.4.6 version
+ Added expat-CVE-2022-25313-fix-regression.patch
* (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
- Added expat-CVE-2022-25314.patch
* (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
- Added expat-CVE-2022-25315.patch�- Update to latest version 2.4.4 in SLE-15-SP4 [jsc#SLE-21253]�- update to 2.4.4 (bsc#1195217, bsc#1195054):
* Security fixes:
- CVE-2022-23852 -- Fix signed integer overflow
(undefined behavior) in function XML_GetBuffer
that is also called by function XML_Parse internally)
for when XML_CONTEXT_BYTES is defined to >0 (which is both
common and default).
Impact is denial of service or more.
- CVE-2022-23990 -- Fix unsigned integer overflow in function
doProlog triggered by large content in element type
declarations when there is an element declaration handler
present (from a prior call to XML_SetElementDeclHandler).
Impact is denial of service or more.
* Bug fixes:
- xmlwf: Fix a memory leak on output file opening error
* Other changes:
- Version info bumped from 9:3:8 to 9:4:8;
see https://verbump.de/ for what these numbers do
* Drop unused file valid-xhtml10.png�- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474,
bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
* CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
for XML documents with >=2^27+1 prefixed attributes
on a single XML tag a la
""
where XML_ParserCreateNS is used to create the parser
(which needs argument "-n" when running xmlwf).
Impact is denial of service, or more.
* CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
* CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
near memory allocation at multiple places. Mitre assigned
a dedicated CVE for each involved internal C function:
- CVE-2022-22822 for function addBinding
- CVE-2022-22823 for function build_model
- CVE-2022-22824 for function defineAttribute
- CVE-2022-22825 for function lookup
- CVE-2022-22826 for function nextScaffoldPart
- CVE-2022-22827 for function storeAtts
Impact is denial of service or more.�- update to 2.4.2:
* Link againgst libm for function "isnan"
* Include expat_config.h as early as possible
* Autotools: Include files with release archives:
- buildconf.sh
- fuzz/*.c
* Autotools: Sync CMake templates
* docs: Document that function XML_GetBuffer may return NULL
when asking for a buffer of 0 (zero) bytes size
* docs: Fix return value docs for both
XML_SetBillionLaughsAttackProtection* functions
* Version info bumped from 9:1:8 to 9:2:8�- Update to 2.4.1 in SLE-15-SP4 [jsc#SLE-21253]
* Remove expat-CVE-2018-20843.patch upstream�- Update to 2.4.1:
* Bug fixes:
- Autotools: Fix installed header expat_config.h for multilib
systems; regression introduced in 2.4.0 by pull request #486
* Other changes:
- Version info bumped from 9:0:8 to 9:1:8; see
https://verbump.de/ for what these numbers do�- Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"]
* Security fixes:
- CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
(denial-of-service; flavors targeting CPU time or RAM or both,
leveraging general entities or parameter entities or both)
by tracking and limiting the input amplification factor
( := ( + ) / ).
By conservative default, amplification up to a factor of 100.0
is tolerated and rejection only starts after 8 MiB of output bytes
(= + ) have been processed.
The fix adds the following to the API:
- A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
signals this specific condition.
- Two new API functions ..
- XML_SetBillionLaughsAttackProtectionMaximumAmplification and
- XML_SetBillionLaughsAttackProtectionActivationThreshold
.. to further tighten billion laughs protection parameters
when desired. Please see file "doc/reference.html" for details.
If you ever need to increase the defaults for non-attack XML
payload, please file a bug report with libexpat.
- Two new XML_FEATURE_* constants ..
- that can be queried using the XML_GetFeatureList function, and
- that are shown in "xmlwf -v" output.
- Two new environment variable switches ..
- EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
- EXPAT_ENTITY_DEBUG=(0|1)
.. for runtime debugging of accounting and entity processing.
Specific behavior of these values may change in the future.
- Two new command line arguments "-a FACTOR" and "-b BYTES"
for xmlwf to further tighten billion laughs protection
parameters when desired.
If you ever need to increase the defaults for non-attack XML
payload, please file a bug report with libexpat.
* Bug fixes:
- For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
for UTF-16 payloads containing CDATA sections.
- Autotools: Fix generated CMake files for non-64bit and
non-Linux platforms (e.g. macOS and MinGW in particular)
that were introduced with release 2.3.0
* Other changes:
- xmlwf: Improve help output and the xmlwf man page
- xmlwf: Improve maintainability through some refactoring
- xmlwf: Fix man page DocBook validity
- CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
and CMAKE_INSTALL_INCLUDEDIR
- CMake: Add support for standard variable BUILD_SHARED_LIBS
- Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
- Resolve macro HAVE_EXPAT_CONFIG_H
- Delete unused legacy helper file "conftools/PrintPath"
- doc/reference.html: Fix XHTML validity
- doc/reference.html: Replace the 90s look by OK.css
- Version info bumped from 8:0:7 to 9:0:8 due to addition of
new symbols and error codes; see https://verbump.de/ for
what these numbers do�- Do not BuildRequire cmake: expat is part of the distro bootstrap
cycle and any additional dependency makes the ring larger. In
this case here, cmake was even only used to own a directory.�- update to 2.3.0:
* When calling XML_ParseBuffer without a prior successful call to
XML_GetBuffer as a user, no longer trigger undefined behavior
(by adding an integer to a NULL pointer) but rather return
XML_STATUS_ERROR and set the error code to (new) code
XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
of Clang 11 (but not Clang 9).
* xmlwf: Exit status 2 was used for both:
- malformed input files (documented) and
- invalid command-line arguments (undocumented).
case of invalid command-line arguments now
has its own exit status 4, resolving the ambiguity.
* Other changes�- Update to 2.2.10:
* Bug fixes:
- Fix undefined behavior during parsing caused by pointer
arithmetic with NULL pointers
- Fix reading uninitialized variable during parsing
- xmlwf: Add missing check for malloc NULL return
* Other changes:
- xmlwf: Document exit codes in xmlwf manpage and exit with code 3
(rather than code 1) for output errors when used with "-d DIRECTORY"
- Autotools: Use -Werror while configure tests the compiler for
supported compile flags to avoid false positives
- Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS, e.g.
ensure that they have the last word over flags added while
running ./configure
- CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
- CMake: Detect and deny unsupported build combinations
involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
- CMake: Install pre-compiled shipped xmlwf.1 manpage in case
of -DEXPAT_BUILD_DOCS=OFF
- CMake: Fix use of Expat by means of add_subdirectory
- CMake: Keep expat target name constant at "expat" (i.e. refrain
from using the target name to control build artifact filenames)
- CMake: Expose man page compilation as target "xmlwf-manpage"
- CMake: Introduce option EXPAT_BUILD_PKGCONFIG to control
generation of pkg-config file "expat.pc"
- CMake: Add minimalistic support for building binary packages
with CMake target "package"; based on CPack
- CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with default
OFF to build fuzzer code against OSS-Fuzz and related
environment variable LIB_FUZZING_ENGINE
- Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF
- Address compiler warnings
- Address pngcheck warnings with doc/*.png images: Version info
bumped from 7:11:6 to 7:12:6�- Version update to 2.2.9
* Other changes:
- examples: Drop executable bits from elements.c
[#349] Windows: Change the name of the Windows DLLs from expat*.dll
to libexpat*.dll once more (regression from 2.2.8, first
fixed in 1.95.3, issue #61 on SourceForge today,
was issue #432456 back then); needs a fix due
case-insensitive file systems on Windows and the fact that
Perl's XML::Parser::Expat compiles into Expat.dll.
[#347] Windows: Only define _CRT_RAND_S if not defined
Version info bumped from 7:10:6 to 7:11:6�- Version update to 2.2.8
* Security fixes: (CVE-2019-15903, bsc#1149429)
- CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber
(or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype;
* Bug fixes:
- Fix cases where XML_StopParser did not have any effect
when called from inside of an end element handler
- xmlwf: Fix exit code for operation without "-d DIRECTORY";
previously, only "-d DIRECTORY" would give you a proper exit code:
Now both cases return exit code 2.
* Other changes:
- examples: Improve elements.c
- Autotools: Add argument --enable-xml-attr-info
- Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom
- Autotools: Fix linking issues with "./configure LD=clang"
- Autotools: Fix "make run-xmltest" for out-of-source builds
- CMake: Pull all options from Expat <=2.2.7 into namespace
- CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF
- CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF
- CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF
- CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
- CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
- CMake: Install expat_config.h to include directory
- CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..])
- CMake: Now produces a summary of applied configuration
- CMake: Require C++ compiler only when tests are enabled
- CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
- CMake: Port "make run-xmltest" from GNU Autotools to CMake
- CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
- Removed patches fixed in the update:
* expat-CVE-2019-15903.patch
* expat-CVE-2019-15903-tests.patch�- Security fix (CVE-2019-15903, bsc#1149429)
* Crafted XML input results in heap-based buffer over-read by fooling
the parser into changing from DTD parsing to document parsing
* Added patches:
- expat-CVE-2019-15903.patch
- expat-CVE-2019-15903-tests.patch�- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937)
* Security fixes:
- CVE-2018-20843 - Fix extraction of namespace prefixes from
XML names; XML names with multiple colons could end up in
the wrong namespace, and take a high amount of RAM and CPU
resources while processing, opening the door to use for
denial-of-service attacks
* Other changes:
- Autotools/CMake: Utilize -fvisibility=hidden to stop
exporting non-API symbols
- Autotools: Add --without-examples and --without-tests
- Autotools: Modernize configure.ac
- Autotools: Fix check for -fvisibility=hidden for Clang
- Autotools: Fix compilation for lack of docbook2x-man
- CMake: Make libdir of pkgconfig expat.pc support multilib
- CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
- Remove fallback to bcopy, assume that memmove(3) exists
- Removed expat-2.2.6-fix-make-clean.patch�- Add expat-2.2.6-fix-make-clean.patch
- Allow profile guided optimization again�- Drop docbook2x dependency, the manpages are generated in
the upstream archive and this way we break buildcycle�- Version update to 2.2.6 Sun August 12 2018
* Bug fixes:
- Avoid doing arithmetic with NULL pointers in XML_GetBuffer
- Fix 2.2.5 regression with suspend-resume while parsing
a document like ''
* Other changes:
- Autotools: Fix docbook-related configure syntax error
- Autotools: Avoid grep option `-q` for Solaris
- Autotools: Support
./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
- Autotools: Support DOCBOOK_TO_MAN command which produces
xmlwf.1 rather than XMLWF.1; also covers case insensitive
file systems
- Autotools: Drop -rpath option passed to libtool
- Autotools: Detect and deny SGML docbook2man as ours is XML
- Autotools/CMake: Support command db2x_docbook2man as well
- CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
- CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
- CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
both defaulting to OFF
- CMake: Prefer check_symbol_exists over check_function_exists
- CMake: Create the same pkg-config file as with GNU Autotools
- CMake: Use GNUInstallDirs module to set proper defaults for
install directories
- CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
- Address compiler warnings
- Fix miscellaneous typos�- Expand description of expat-devel.�- Do not generate manpages from docbook
- Temporarily disable profiling due to bug in build system�- Version update to 2.2.5 Tue October 31 2017
* Bug fixes:
- If the parser runs out of memory, make sure its internal
state reflects the memory it actually has, not the memory
it wanted to have.
- The default handler wasn't being called when it should for
a SYSTEM or PUBLIC doctype if an entity declaration handler
was registered.
- Fix a case of mistakenly reported parsing success where
XML_StopParser was called from an element handler
- Function XML_ErrorString was returning NULL rather than
a message for code XML_ERROR_INVALID_ARGUMENT
introduced with release 2.2.1
* Other changes:
- Add argument -N adding notation declarations
- various compiler-specific fixes
- Improve docbook2x-man detection
- drop expat-docbook.patch
* fixed in 0f5186c7b8e503c669e332d944712de010b265f3
- switch to github for release tarballs and website�- Version update to 2.2.4 Sat August 19 2017
* Bug fixes:
[#115] Fix copying of partial characters for UTF-8 input
* Other changes:
[#109] Fix "make check" for non-x86 architectures that default
to unsigned type char (-128..127 rather than 0..255)
[#109] coverage.sh: Cover -funsigned-char
Autotools: Introduce --without-xmlwf argument
[#65] Autotools: Replace handwritten Makefile with GNU Automake
[#43] CMake: Auto-detect high quality entropy extractors, add new
option USE_libbsd=ON to use arc4random_buf of libbsd
[#74] CMake: Add -fno-strict-aliasing only where supported
[#114] CMake: Always honor manually set BUILD_* options
[#114] CMake: Compile man page if docbook2x-man is available, only
[#117] Include file tests/xmltest.log.expected in source tarball
(required for "make run-xmltest")
[#111] Fix some typos in documentation
Version info bumped from 7:5:6 to 7:6:6
- Release 2.2.3 Wed August 2 2017
* Bug fixes:
[#85] Fix a dangling pointer issue related to realloc
* Other changes:
[#91] Linux: Allow getrandom to fail if nonblocking pool has not
yet been initialized and read /dev/urandom then, instead.
This is in line with what recent Python does.
[#86] Check that a UTF-16 encoding in an XML declaration has the
right endianness
[#4] #5 #7 Recover correctly when some reallocations fail
Repair "./configure && make" for systems without any
provider of high quality entropy
and try reading /dev/urandom on those
Ensure that user-defined character encodings have converter
functions when they are needed
Fix mis-leading description of argument -c in xmlwf.1
Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
for CloudABI
[#100] Fix use of SIPHASH_MAIN in siphash.h
[#23] Test suite: Fix memory leaks
Version info bumped from 7:4:6 to 7:5:6
- Release 2.2.2 Wed July 12 2017
* Security fixes:
[#43] Protect against compilation without any source of high
quality entropy enabled, e.g. with CMake build system;
* [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
resulted in NULL dereference, previously;
* Bug fixes:
[#69] Fix improper use of unsigned long long integer literals
* Other changes:
[#73] Start requiring a C99 compiler
[#49] Fix "==" Bashism in configure script
[#58] Address compile warnings
[#68] Fix "./buildconf.sh && ./configure" for some versions
of Dash for /bin/sh
[#72] CMake: Ease use of Expat in context of a parent project
with multiple CMakeLists.txt files
[#72] CMake: Resolve mistaken executable permissions
[#76] Address compile warning with -DNDEBUG (not recommended!)
[#77] Address compile warning about macro redefinition
* Added patch expat-docbook.patch to compile the man pages with
docbook-to-man
* Cleaned spec file with spec-cleaner�- Allow building when do_profiling is undefined�- Build with profiling when possible�- Version update to 2.2.1 Sat June 17 2017
- Security fixes:
CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS
Details: https://libexpat.github.io/doc/cve-2017-9233/
Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
- [MOX-002] CVE-2016-9063 / bsc#1047240 -- Detect integer overflow;
(Fixed version of existing downstream patches!)
- (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
longer tag names;
[#25] More integer overflow detection (function poolGrow);
- [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse;
- [MOX-005] #30 Use high quality entropy for hash initialization:
* arc4random_buf on BSD, systems with libbsd
(when configured with --with-libbsd), CloudABI
* RtlGenRandom on Windows XP / Server 2003 and later
* getrandom on Linux 3.17+
In a way, that's still part of CVE-2016-5300.
https://github.com/libexpat/libexpat/pull/30/commits
- [MOX-005] For the low quality entropy extraction fallback code,
the parser instance address can no longer leak,
- [MOX-003] Prevent use of uninitialised variable; commit
- [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
Add missing parameter validation to public API functions
and dedicated error code XML_ERROR_INVALID_ARGUMENT:
- [MOX-006] * NULL checks; commits
* Negative length (XML_Parse); commit
- [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
- [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
to go further with fixing CVE-2012-0876.
https://github.com/libexpat/libexpat/pull/39/commits
- Bug fixes:
[#32] Fix sharing of hash salt across parsers;
relevant where XML_ExternalEntityParserCreate is called
prior to XML_Parse, in particular (e.g. FBReader)
[#28] xmlwf: Auto-disable use of memory-mapping (and parsing
as a single chunk) for files larger than ~1 GB (2^30 bytes)
rather than failing with error "out of memory"
[#3] Fix double free after malloc failure in DTD code; commit
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
[#17] Fix memory leak on parser error for unbound XML attribute
prefix with new namespaces defined in the same tag;
found by Google's OSS-Fuzz; commits
xmlwf on Windows: Add missing calls to CloseHandle
- New features:
[#30] Introduced environment switch EXPAT_ENTROPY_DEBUG=1
for runtime debugging of entropy extraction
Bump version info from 7:2:6 to 7:3:6�- Remove pointless --with-pic (for static only)�- Version update to 2.2.0:
* Fixes bnc#983215 CVE-2012-6702
* Fixes bnc#983216 CVE-2016-5300
* Various cmake and autotools script updates
* Fix detection of utf8 character boundaries
- Remove all patches merged upstream:
* expat-2.1.1-avoid_relying_on_undef_behaviour.patch
* expat-2.1.1-parser_crashes_on_malformed_input.patch
* expat-alloc-size.patch
* expat-visibility.patch�- add expat-2.1.1-avoid_relying_on_undef_behaviour.patch to avoid
relying on undefined behavior in the original CVE-2015-1283 fix
[bnc#980391], [bnc#983985], [CVE-2016-4472]
- add expat-2.1.1-parser_crashes_on_malformed_input.patch to fix
Expat XML parser that mishandles certain kinds of malformed input
documents [bnc#979441], [CVE-2016-0718]
- use spec-cleaner to clean specfile�- After simplification of expat-visibility.patch, it became
uneffective as no symbols are getting hidden. add
- fvisibility=hidden to CFLAGS again.
- expat-alloc-size.patch: fix braino, realloc()-like functions
should not take __attribute__(malloc)�- Update to version 2.1.1
* Fixes CVE-2015-1283 — Multiple integer overflows in the
XML_GetBuffer function
* Fix potential null pointer dereference
* Symbol XML_SetHashSalt was not exported
* Output of xmlwf -h was incomplete
* Document behavior of calling XML_SetHashSalt with salt 0
* Minor improvements to man page xmlwf(1)
- Simplify expat-visibility.patch, refresh expat-alloc-size.patch
- Drop config-guess-sub-update.patch, fixed upstream.�- Cleanup spec file with spec-cleaner
- Remove old ppc obsoletes/provides�/sbin/ldconfig�/sbin/ldconfig�h02-armsrv1 1710749839����������������������������������2.4.4-150400.3.17.1�2.4.4-150400.3.17.1������������libexpat.so.1�libexpat.so.1.8.4�/usr/lib64/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:32868/SUSE_SLE-15-SP4_Update/25076609447c9113fea917c2cb786238-expat.SUSE_SLE-15-SP4_Update�drpm�xz�5�aarch64-suse-linux������������ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a167250b992caee8a6def35aa8ce5e5a6c6c1a64, stripped������������������P���R���R���R���R���R���7�?,]k����utf-8�3dea0fc5a5de07ce6c49031e77a6b7ea1f96f898bb43e42fd809142e76b17296���������?���������7zXZ��
���!�����t/k�]�"��k%ʽd�tb3z,n褖ks��ȷ!fHlh41#q4HEo�@�zD� �!*?�ˣS@XmD�v�+�?M"8
nFD%)ュ��$�C$_Ʊ: �
]�G9~ݎb=mB|~@͠�sX~qfsGN�ӌ#Y ~%�~`ϰuL�[̖Gs.BNP�WCK,a�j2J�S1� I$܃:;�GiiLzQB7#&\�?�0oG.Nklf*�L�+Ӄ#�)�(�HhW�Xޑ
F=&D֞aX�Lq*
�ـ1����G�ƪ�ŵ 4 _�����Λ�1D8J��{ '91�(r뵤�:9=#��z]zH��dK��#eH%!DƌS⊣0s:آҷwC7ARß>5w�=��``m#g6x�:Vw;@�^K>xyb1hEK
ȗ]V/OH{Ql-"h]_y!7
]"+̟�~/iMV�[k*]�P
<|ѥ_0��Tzƪ~����� |ǻ�J2�Wxf=X:^L~V+1E&�Ia_V�s�\2w@M`t:W(�W}R}d�~P?�+g^P~"M/D.B�
)^K�C`��WC.U|kSY^˅ E�Q[p�5]&Q:��uOP.LvhO�辤2neP��/?~u̶@^AK)O[�%8eC{|#/PYN�ݴբ�6�7׀�V�P
�뻚3~Zۇt}�H0[ݍ꾶�0�iS��h�E�+�!c'R�B���7MPI#�@�8�]�B�O]Z
|x2�'�YN:jy,x~[�t�ռV`]�P�GU�_�K���Y&��;$n⇻e�Ӌ��ԭ}t}Pz�зr`�-noSn�Rg�H�D?:@͗Trj~�&1ºw$8'�o\?:�Rdm4JR�~LDK��{ 1�m|״ą=j�8Hj(2#8�m5l�Jh{+9iwPWee@g�'�ň
=�M'6�c&dTGL¾�A}>8�wÖm�`ȼ�j;5@*
eu��M�9aj3AOq&C1{�*�[qKIT+H
A0�G;~�1�nML$w36�Z
)K�hJL n%V��U-xN<
�x:P
*B��HPo
W�Py�Zs}Ip��DCkG�?T�s�dz?�Q!j!HG�nIpu 5l�T�!V.EExD�Q)S2C3�V,LOA
cҧX�ʭ{E�Ӥj��L��#D wA��(މ@럹z`ZU�2.@�t$ogt�|+-{e���c)ϼ\E㌺I@���-�!d�
I!�qjod'\Z���~_�^y3C<04^�>T�*�F~qM
:Ȣ(RG��^�p��X3-9q̺O跽v?W|�x�^t(<+�ѿ�i]3{:4�l!k#�k+�wl�5�_�š}�`>�3/AT\+0R�4�#Og ,8-pZ.�
ϣO@.uPϒձJ
ܱUO�k)Q�t;P�뫵�v�2.ɰ#sS�?O%r@ ҖR^P�A+��e`U��Q�\�ZiO�葱j옹s��,0Ȭv|K�쫚%�
�E
d\I��jg8>Ζ�ޕ>�CCdI9Ux�p�BC�s7y?.��9M�EG�m�pcֈqѶW�F$W���C��)&�NMr���C�Djac,�.P�$�tyʴ�v$}��3hp 4�䅾�,YB�D"#K\ R]z�ueΉ�@!>>GHG:Z�7j!�)vW�n}`�d8�G{1�Bxq4��M)2֪YݥC+�s'T��Aݕt�,F1��5䒄�ҧ�aa}Y)'wpC�iF٤}vV&Մ&�дh8%���V�4m�(
Ģ�u�adw$Z�ekwfRV!Yo=uny��G"uάj[���4f\
Z;c_0y�'n�J�euzؖ�Ws�-A�6S]{�%kC}-Q�6V:Tfٳ�-ok���}>�J�3{�u#1��tD��WO_̺zU#mD�pNc��e���W=O�+�.2eG[hzz<:r1A�xg9|騫r��
�l
�7U�`:h\e�CS�wd.4šf}=Ͷ9.k1X%z2�2T>u�U:�b^/"`ÀE��td:�(��-ħ�E-N#5l5����y���jTAF`
)�I 8~PI3�Gr���V��X�!�f
�1s�halH�?6Iﲩl@ZC"9ڃ*_ xᅡR*)(͍�Aܾ>*V>��rv[mE(bDu+/u&i9r�)R!)
Qx}ne�ͤ(\�9Mau�p��b�@_�T�)j=ŝO%rH�{Aec�=7NRit����Ss�ٴ{�cV|�XlZ�:oʜba��b'
4;Xʄ�O|WfM"SXUV&�kZ
7���p ���Nv��~_3%�*[�
!rI$����k^!IG���ZW04�.Dƭ�]Y6^\�y�
e{Zz7.��g�v((#>�mj�Q�~HV
G�i��H�� !˖ra@D{Yp�/T�ln�%�p�1oT?)�QmKћ7�;��X+7�qJϾ�΄m_�X�M�ge$�zb}h��u]�l
~AbyheA%ؔ��T@B�=tI�.x=�oKHZۼDȦn!!K<��u&K{ՙ�©�MK酄y�ktBj�1x��,X $6bq�}[�d�!��"bLG�s7�o(��2 35&fd'6�?n@R(�C
{7O~On3�@$D-`d*nD*��t+��w'&qR��i$) {,֊t�jOz`؊a؊9$rE�.Mx |gޓSJ}"DsS}v@KYYmiz�v]!gag)xF;L: B�J4\�$�F>*P�+s�S�ȣ_I�QYA�Uw� kQ>*X.Q#JI_a]M 9a�W#iV^i.q*���_ICp�B=\Q�O~/wԆ��3�;9oCP~ߎd_܍&Z$$T^u^l5o�8"%aob̚�7�1ثʰ%�%c?ʮ��_WnꋑP44IT#F.\�sq<8]KM0��0q7EZm,�Z��S�/k�tQS҆5*C`̰
-�� 1נ�Mpln�p\Jָ�CM-Y�|`h9�{EU�6<�k!A�o"�/�Y+�4�{d C[|[d|$�c�U1�2q��bw%@b#HF%F�왑��LZsJkJ�-_�\~ �rJ1AB>��OwZ�.&�U%�H4y�hܟhx;e@d�J59Eq�Z)Vj�~ל2!n֠xc@ӄvډ O�$P~�{ �i�E_+6ͺLRk��Լ
�h"l7�G�
MA*FB0$ZxE\螴y g �Rg�)8睢��1{X;㣠bH�q�zL`/V.O{�iK�Co��pV(5�+�gH Eg)�&Aځh赾8&eG)�h6=i7u*x[�x9*�@{ڼl0N!NNQ��ۿBm(TP�Х#��[�_MedQ�)"�hJ]��z&Ed�Aߤu$!k&��p�d&�!*o1SS��Zc�mFC*<6�4Z.�ۋOS�"՟?�X/ϪRN�w,�N�r|�_d���j8�?2i�<��U�hʘ'1!Xg:t�jzI�F��'ù[rq��Tmߤh佯�O.'pRq䀫�=OȜ �%c`��}yő��Z�@ЩygB!꼗��G:Nwx#
szah$]��X-�C�9]>D˅�J,$-x-ˬ�Ǯ&�̊$Q�w�y[Ma@0
.�IcC��Ε0٩�G�ZNzEQNg`%Z9[^�f?[&'�cJu
&ubLnߡh]~xf.K&{bը8)Jm@YQ�w�,��z�qyH\�T�a*�ƣlX��f Sh�N*B�7Giwq�cʵ�̪��m*O
f3���<��
b�[υg Z�1vl�.ABy}\�)�4�!X`Mp,5wPН\}'@#� *OcAe2w&
Qi�Έ℺
Pʥd(;m��n4|!!F3N5D~)x�yCl&4�%�=3�WǺ;m`z�q1jy_8wӎ?"�L��`f��W'`xj
>V���e^HkZu@+/vHiM[Do�RzP`ẩNH�^HAԩ�D|_�g�5
n.Ô8�m;öc�1we�Ca9r6t��+ϛSB~�Ep9�f}�}Gv �WiR�#h�( z�ɱm�]tFo+B$(l]8|gWSڱD_��L"v x�,fv=9^'ȬO;�?U�&A`&/0�#;Ɔ),4Tx��z(>^��:ҩ_�q�|jX/jo�?I嗘{$��,+J�=ٵ[�̤Gg&s��K�|pQ2W�T6=�ʶC�p#|8[h+_!} �?Vd7e $óGz{�M�ClR`�&""fBgU|H]�EdR?PQX�^3IWBh]F%�ʬ]NV3�լ:]!t%j~� yg��e`L�M33�QO��컁����4\5���kbƖ{��JTΓ��cp
LYucnpV=(k.`%�pa�0̗��ʅ�?�A%�jؑǹ�+3�GSP43]�G^"af��gK .�ܮTT�H)�M�I2κB:.U�pNxFwOI=x5�3ݻR�w_3�A9k�˾��\PuЃiwCݣ0*yn*e����n#Y�b
z<|Dí#�`"
$7M\גn[3v#rԑ+f��X��.�l�PĆVH�%fQ6�щ�Y]8uX3�|T~-:F-k�K/rfł$Z*UUgd�04�c^q
=z 23w{L^HG'^�:rD#剣T�kS_�gw>1WLG5�I
pc8CJ̱3,.uIx�&;�C1阄jb�B��Frv>�a[Ei+3�[n8{2`juTuLJ;o+0Nn?D})�!ճ WXgb�̶j]��9u�#�]�b4HHiŜ3�$$S{kp\<
Fs7˾$�} ѝs]0=r��JjN
x8(��k{bP`n]�~�R+ZgJ��O�d*\qQq%>M+&)@[A_.^h
}K]0rGB�϶�jW
8E�
*j^�Q7ܺv�>@�$�E���Sg1���Ds�:���arIY>ʇْUo穻 *�~ �);�A %,�u=3#%�q@f+А@[IR�2?pj^f�n�LVo�sj��N
ySC~%]X]aO�)J�* ��z<2Y8!n!O�N{�E
�*/�y�}#`uNv�{کAc�]�TVi
7B瞔J#�v>'tA�f�LEدwJ,�W>'�?FT�YN2')\���.fQ
,oY(13��}^R�ú'#[Z`��ҞRv(``K�Q@t.� �6w�ת�,�gFk:G@$T͒v&J��0��f5.g~�ă
��)BRj-b�s�k�_x�4�劳z>CحkӾ�u76ʗH\bS�{RKŖ��ٛdJc@�rJ(68>ü�B,��l_q �H3Bn'T�� ,]/����m���&|Џ�MB'�,@{ 6zq��}I�؞#3,CeeJ?]V3a�w����zC+�f�1��ZcG#9;"nMTyp'C�YTqvt@!ދ�2�j�6fpL~�u2OX����R6ۦ�Sp�ndk�IǸo1�͢'�>� an!3zD� d[ZDu�Ru#/*S>�H� 'qF,/%#Qľ.ߵ�I�-;Il?3L.[D�(kf(oG[o1=ݽK%���B�!d�0݂zw�=
D�͜џ��ϑF��d���2{�0&H�Peط7 M0,z|l
Xl&6�Kn�3<�z;yjG#l!u1V
��e
4ˌ�A-'%�|$D7xj$s@4Ն5�@s({_K״g_
"8b>t:qnz[-t>��Y17FmJBt`�H�gM+?�iU|*qPaiJ@}uE#$Wk %YLn!&TY[(H�w*+4]/
\B!I[��*�7/.Ұo�p{%���X9Bf?�}6$�UGLC!���!NK@˞f#p�rcֲ
�@+U�k
3�]�ѽw�{YGxD)`*+8HcM8ڴE8�`��w�iI|Jb@-#�V�nbG�eBQ�'Zʚ �>{�\}�?�tz.}��d�c5p6Q:*�b:w.8Ckw}CtK��%ݸkcQIhSgu�!]�:ķ���BRH��^,W\TH2}>`I
e2F�.�B_�[7vGZKR�xm}l,=��|��`}Ca9%�
SM��G���k�zHQwwQ/m'K}!s�Էopm��(�Mܧf륂ɘ �@n*Ŕam)7v3A�L^HrrP
��_Vkom}#^ई
Jޢ㟝=$;��"� ;ݟ8M'A\�
9)ʍ+����?>�:
L{�OOR1�C̐}&EXpSw@Tg�n��ER�P-6�B�恦֚4�S??%Rd=g_�`Sjo�_ᤃ:rtٛӹ
o}��C_XTǘ,:ƨ+ecؔ2'FM,�Ddktאx �ER=UX���f)�!u�R lA'/$m"�Nܹ�R�h��Gq3QW2V.r�SAgq-�'/G�Y!���^Jю�9mW6�zd6ӺY!W�m['(P�BǞ*�Rv5h�S'EAU��M\?B/%Q9�pQ+.W6v�,��~�XԝVX3"rGѨ�D'�%7A�bEIi%8A�gZT\��T;8|,rH���F{IH>+M0q/�Qf�θ0P%ތQ,X]%wB;yV�k/Vՠn�
�uT](_dUl֒<)�NutEt2ޠDgM�2}_#i�o�zJB�KGiCK�q=2nͮxTe�s6>+vbLJ^�$hv�j�'�Rf!P7F;`��l�{yl~:F�{߫�6�k`((uC`�A4��s�ŏq"rOT�/{}��2�{�ϕ.'����(HI -�u\&H
I⌺U4�8~�ԍd$@W�ɯe{#���Psаה��./�D�;i%HD&"AX6Ff(1�$ȨsI TO3OȺQs/BN\�hЉ̈́�
GMpE̔�U�czX�v��d�%qv�>�~��ÚfGΪ�4sE8w~%z�g'Gp;@˲�T�K=�~Ǻ[{yGy�=-:'f���}c��(UVH�(&�f��8�p!e��)N�1?#Jen:lngR9i/4J���;B�-�p�SQy]Ėo�c�$3gB(�9P?0{�)f+V:{+C�Mi�)d#�X��G-XGi(��L++�u�`��ȠXn�|&�k��K2(z6-,�tg5(H<2Ε��p#�`N3i2?�d(LV�ZD0Ld닱ԮwDUx�f,`QdUhE'ҪڝF���%w]!3@�B+�Bٴ}Z@IZ))tm@?2�h(�_#hr�j� wUh�!�_
=~hA�cji7
~0G�Þ�^~˔Ph8!]i���t�ЮE1U�S�$o`s=p�g˃_[?��;4M'db�Z�(e9^�G%绶oDMj�ҏLǹ�*�1~�
hG4{ݘ*�8EJ�ōHL)/: �N���6Q|J"
xt+G8"�f qeA_;lގRY�xk��cL+V�^g_OiL~�C(S 쁄F`P>&LѠ�w}IYF>ʎ5/!̢p'l_R�J��}i�K��7}>������.KE}Jː�3Rȃ97╜�F^V0�~M(jp$QPޅH��$~j�>y�e�n_"a1\�v[
`�W*#m
!ƛ�l
\lj�c e�Ϗ!$su|>cc^1M�UCV ^vʃܚLQdR88�>4X��u؊��a���~y5k�Wo-�#֬)�Y�r:ϭ#1�b�0�wD>sVTy�B"R1��QA&�s 7lA�I$
(20R,cԙm��1X31Lp�LK0�^�t7'nA�B``�Ի�<�A5msZllh�,�$z,|?}5n1�k:V"wKkөZwR]rc_GMk i��N�Wo�MLhS-V�mU�0M:\Lj[}U8Z]D̩�%^�p\xACZrqNy]|
�@zw8�<.!�(0(�sG�wػ{FdD�G �Hi,5#�ɜ/
Vn?'�-0��D�Յtj��ײ�I�@,#�:X�T(b|Ξ�㐿ЖNc�,Q�.�Tn��a�`Rۃod^�|N3_�k`ep�7ҳ Uk$�ڈg�p&=Y4x2iE�:t�O,��>�UacKh~MiǚcaGHq�R/5̈́��pLh0(bo�Iމj�ט6:+k=�=�p=�h�0j8`Y��8`iץ�4~ص&�Kf�V(�#�}\�wvR1r̯��@
GԬaX6^&ki
p�Bn��2�?�M���ڰ66ߡau�OQ'kYW���-/)�5
ۀEĆ6����<^`OX�rx�x����Qg_WI�יQ^�gk�&()C�
�Wg�>�~A�����^OHq�M0
n5JN}xi)Q-&K)I��$Hbȃ.�}32<$j�yl<ӎ.`}�wjrL&VO%ܱF[ey�?$w�ITc@&:siO<�ǖ&P�nX5xt��ePg��O�C^�^��YA,xf#�'hyb%$V�1C'rII`]WGc(5S&�#f^��SV�N�g9�h�Vw��ϑGPL��OZ9@rgsG �Q�t1k[�]s9�c씅 ��c;�Ӹ!l4�'C>��m2=I߉6U��8,`uֽvTѠa�q}}VZ�(LSn?_nӴV3hbl�+'fctq]Jګ��cY�n]�4�5�N�}ޮ�*�0%Gf7)u2Oa|� nD
Eۚ[d?�/�ɠG;���i�FI*C';?JpQF/$�yb4�NPQыK.=�KXmͤ�>*X^֘
�|[^�3�qI"l�5�֧Bt/
ujMĂ/? _+ĕ��G�iaY
SO�47��YRomKUOtqqQ�‑icu:O SuCl���L�cOC/;Y�[!/%�Z[)y��]@9P�PN
I�⿑.ȺZD23�yDb/gAǘ��e]�BTPC(FzOlj:s-�BZ+ɟٓ#
ɜ;�l�u.[$r�MSؘ)�HPOY4W�QڕhD�c㗺قQD9P29}Xxf
s<7hoxӲ�7�
LCF. 8ߵUZO.!Z�|gсaU(RI'^^L{J�Lj8&*d8LTA9�g;02wcPdH+�2C $8H��xFMVOоyԌ0`�h/"�D'}Ua�}F]��&� ��G�4~Yxy{@jixJXrq
��}Q
$՝9D~�TT�n}ڹ)|V+^͌�e��~�ϥ֝$G|�<Ӄ�r⟠4Yw
Fo
hMY�t�K=Ƽ֗�l�)���j,
~PUTnNΪf,W̰es#L:o~|Aދ0�,h$�Wɨ0[+`id[˶'ЄlR�~C8iZN_X�Xh�`c�0�?.�u,6�(qNwez>:K]A/h "���e<
S'�?⥴jD[}&&Ҍ�NEIUs^d�岛u!)ގdo�`ߕ�=E�=N��F#�Uj,L)�BI�|E@yG:=,��oc�b/ 0�TX�Aƅ yk4�]�R�ӳ5?�d�ڤ]&ԉRVqDp\}
/ڈfcuqA�`�V�FVJ�&O{@}c�tc:R5ITa@>�+e�|╹VI��ۄUHm/#%�i��tRW)8Я0i� fx>~%]�Z)Ɉo"*GJL��LJradKc㋺ �1Č\DnkV_
�R�"]k�pB�L ~M}:udQ�@8�U�ƥ2*6��<�n1~&�yP:N
,\�4lDWG*v��k�R�6hk@�kj��aR:`p|(+WOE.�g9V�zփdܣR욾Mo{`R(Ud$4j��lWS$lADx�hJW�1QF3u*W-�|Kjue&-<a�����
za��rM�h0�̙
3m1#�� -!w
�"998Kh��sĕ<�U�mD)0�Raq~gXwR��%�D(�,Y��ۇ�%�MPQ\x�j�mWky?G("c��H�fI%@�p�~)3��561�.(l .A�%Y2)}IrÃE0�Nk�2iFjv`�^/?v^�o^zI�fr@��YJA ,�_$)2ne�Pg)L&f-�
lU�I`V��<|��OG c,&Q@+�QR�iI�WeQ%BクxX#��"wt7�_7e&t�a9�FY$<-B�dg~h�dM��z}}��l?OQq�O&�-O��D&fz�o"��
1}�iHz�R1Y.lL#8(�8Cf4vg4f*am/r⧍�3<%/@Q{ʌ� CRD��\:qQ�٥ϿߧH��
^�)�V4IW*AXWT�U%E��?]t���.�4s8�BYwo�F�.^�Qy+sW�oTLG�D�;Iqѓ�z/>!��:I;�^HR�Ml"DTͭX={�B4V/�*p�LŘIYE^o(&͎&��VY[�n�1k�
l̻Zꏎ/�dg�Ty�@A>x{J�},`n�HGZ=8ɡaqCq���3K�6W)i~}/+-�Wh4bw�͖TkȰHq��0vZcMݓ�vtp9Wh"kC�Xr[2���kF:�2p G�vAa|qPc(AYs?#e(g|�y�VB"}HI�TKH�sX`zc`*d!CZ/qX+zvKt?�R0DO�:�2^�qUWlm��8Z]eU8
V">n��.�K�dW�3�1SFy�DFG�YA��%P@}�9l�)x�|~�
ݗ �۞�P["LIBy_�g���{o]a1Ŷu�۔�U\DYv5лLW,[Yu*'1?;�n5!��=hGW�!ۖJ��$GR�M샭JU+joQk%r<-��0S �ʯ6]��9!d�א�2a,"�;uU��,�>�2v7M+8pR{lR�3M�6Z' %���o|fsz�F_�fz�Ր��e� V`L0{dTGa�#ݚA���>UU<�Iț{MI�?Wx@ҹ;ݸ=7bvR}8)1%1oQ�' p;jn��f�\3�5�l6��gY�UG�3ΫӴ=[,�ŊX8y�{1�hEy�=��^Pv�&dj�Uy��hp]�,8�ҲL
HL4܂0��CjT�~":�*�=\N�]�'@�<%m�?0��v b�J� kn,ٴ�ig��p*n@ùY��>r�wm@D�8�_Q㜍/?�kL�K)Mz�Cэ.��j��Ryzn3 4l/�#ȓ(NK�A�;P�&=��_/1�xE!caQ��o�_瑧jJW)e�R�T-3c%'�X@+XT�T�`�U|H xF(G$+$�P-kMS(Kv:�ċ~~ǿ��)�7̑�suӅVw\�Yk;?!��RzAbdB&�Q#V8%W"i)hò!zM+�D�qwqqʂ?3�;S�rْ�%@��Q�v��
$�v)㫬W%A�ηRw"C';ձPw�'pNdWOp$<`JxEy�N{jk�c�sI|SIYļq����bcoJBՏ�I�Dz[)�d.�f~`Xv4VI8�
y&$7u�#w�vr$&[P�phCM)Yb�C>Jp�g�rA~oPױ�HdY87�Mt˖"�&HiajᖩM�sw9'�� �B����OܤN|{6q�Cz~sjr0�c4~U?f|!:,&z\&Ji�2́B�ԛh��
�4`0Cb7`,8�o&1POs7˦�.K�y~S-6'\a��CZ (F�;C3ԥ��W M
�A�չL�Qc)'g߈k��o��� ��iYۗ}�bFہF�I�-9B�5LSSg,>푙��@͕h}�9S6:+�^�dʪLd��,���D�z@LG^nXz-\4eZR�L�5��Gc��ޔG�3�0&dS�~�v�5��ds6|5Q(#�HwCR�BAcg?`v(?VoAvV��A+=U,PW�M(Ѣ�{��V#��Rdp/ݑ�x_
+|>>4w�%`SSc�]�b�BBff4z"/WDսR[bǢTQWQ\'lJp9�V�:_���ML(�j��VhqlFź?&LMZo+f=$3?#p*7k^RFmOe�*p��{+=��PW0��FC?�s�_,/d�jߙ0%?K]� {�mޤS.,4.
_߱��۹�])>�?X(
8! P1_?V6x�qʿ Ԯ�n��%<4C)�2�'m�e���UN|@/OcI�N�3|<�P
q�`@�9A6$~3qE��{Ar�f��e؍%�u�
ģЌ
\0iS~U5�ш
RF;�#"�\_^B��f�UsV%RU�(�5eL�7> �ц%^4i�:؎?ɀuzlHw�fv0}6cZǩ�z':��/35�~E!`cG�E>ܭ-5>X�ʺ�*�`�ՙV-p?Ŗ|Wexc�({"
r%JCt0`fB:cN}.ѼI
9(��0_~Aŗ\.I�w*FiJYk:?�D~g�g,�(҈d(6�XOO�.H3Ccq2�{I@))qR�Q)yj$�����e)M
�.�=\O��tX.,�Gc�u{"Sayw��x-A[U��Che&5/:�|p5lSvv-Ɩ*=Tn-pf�W��Z�,Ѥu_Lbeu{7��W^wk{ђC}l��^!8W�L#�csى3R-`B��H W%˘$xH
j)��CաW7Bo&6FY@SNWNZ8
c1�Q��{�1��^'!��W�Е�|&^=_S�ufߤ|�n���_ň�}r8ig�a!!,`r>�BruC`cZE@<8$).f/6�xi"]:(!bꇻ{f4P�5�SfPU0�UKj�`+��F�rG,}$.aY��BZ(�-?���ES27�-1>FH\98DL�Z;~~Oy�M9�C6
Xº-ȭs�3r�[[=Q:6oGz�:F
THk��[f,Owi\e_-�7}AX6ڴ@Z
^κul0*Uㆦ�{D=dQtB�8�CdG)��ka�C�u
;_)�A{zeP��L^Ӌ#�",(IP�%RD3?<^�H//
_Nj+)�$��F�r6%)Nɥ� +Fn���o��#r=
Ft�tؿ1�
ݟ
��/Y��M�LQ:VrH!�@ˊB+�Qq?vI��aNޘPm:��O��� @%uu�Gl�����/Q@Dlh�AۘKP_Ftm����xcfzn�pN]δ -�~f\8TAb+@RL~�bʪgnx��m*9ճ
%��1"} �wg7컌�zWy^b[��q{tLkH6Rb,7�c2I_P2y kK��cH
g});k�[��=3��Y�H�M �kʽ6-̄|בD։ K^
n�u+7��Lyÿy�B/ށ%'�Cp^u
�4ϊ�uCzql=;^ٺV$;߹F[��X4�c< W�w�ګQ�r�>OI�N�3TO{�v��T/U笿9Wb�?۔vn4[�A@n@
@?e�3\dkB�fC�#@@a
Q�nq�w}�(+qɹ�H,�߂�0DH[WS8/CR]2v>͉�D)3ޙi��"P@z9AE{�dW�>ɾLohK�`$I�y yô
auN@_0Z�6$݀:^�`\gQ_Z'm�舏l�z��.?}�pzMg?Z�d�#�QζUvF�Vb_(/ꍢx
�/�bSKNyc�f�<-�OX�x�i49�Z\RϳfE'~PV가q5�&O�zmGKW\�x3=_2d�1?G}35k["N8۱{%`��krl�2/΄6nf^,htl\�px@sJ_}�\^
~���}�
y3�!Vz%#x"'2{F*-�ia_Kouƫ{+ArBIC77:
oqǟ>(±c�Fwas|�XNW^�V(R!=w "�eBB�j!zc/�N�.�=ZT�i&ɕ`�T�A�Y�fzm\f+nd*q^&U>93:�潲���1_.�MU%LD}UX!Ջl�x��u'&�,cDN[�V��fII��])Dyo{aj�jaӧ?Rܐ+B@bo�&+>0�ʹ���QG، �}�dЈC�J[�۩
Ұ�PLu^;?5���?nW.wA[)mD�3R
|ۗ/A[�ȱ�Iz��CI<��myY
�W}++�*B'�$Y;/&�b7mĵ6`v輿&·]h+kʾZWtd�/�k|�:%PԮ$�~HƟ9BU~A%wTy;w)�RDoյ�e�T&�#�/Ht+VI:V嵽�
M>uaM1�0B<�9f�K�J
NZeF:Xs�Z;x�魭>4u5hp,ᰖ�aa8vsbR $tJhD3{Ƽ�"F
T\I]~_�?�W�@%-пB;O�d\f [%tM[47.�8�C��B`'b˪hJ3y!Q]dg9Mvsƺ�y3?R:��:N5Xa dCfoYq Q"Ư�#xxEJSO"x3wҽ�y"XW�6�]FbW+f?,h�F=�`)
RN-2��@_}_ 1@��p0=%Q:ˣ�_B"ID�+\U�ϓ]�R-�znM9n]H?n��!GsR$jy x�q$އHVpݻqt@`
s/�*5XZ.x U�n0z�xb�|�0`*�A-��OGgQve$X^3aNt�W2Df�����=?����&x3aBY�قo�1*|�I2>(LuI�v߶Ry��gp"Bvؐqm��K��
�.頻P'v�5abw��"_#ؒ�h%�/�>0X(uI,N1Tx)/
lGI
l��R�K왯c?�$�P7!Z�ha*��xlճT+���Ѡ_&2�]�����Ҷ������
YZ