qemu-tools-7.1.0-150500.49.24.1<>, tg!1p9|7EMC7tfS5Rl3&4#(W@9&hEB+X9TlKVB-(yC[^w RM,l)I(`/5]UNU"cRSH ';D!G/ P 4;}S~Ri5؎+R݌W&N䊟jntke~jJWw(9dZz~$].=Q? lC.rHzWi>Ep?pd  " 1| 8     o < p> h>>(D7K89:7Z>\C\F\G\H]@I]X]Y]\]]^8^_Lb_c`Dd`e`f`l`u`va,wjxjTyj0zo`opotoooooCqemu-tools7.1.0150500.49.24.1Tools for QEMUThis package contains various QEMU related tools, including a bridge helper, a virtfs helper, ivshmem, disk utilities and scripts for various purposes.g!1s390zp32SUSE Linux Enterprise 15SUSE LLC BSD-2-Clause AND BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIThttps://www.suse.com/System/Emulators/PChttps://www.qemu.org/linuxs390x if [ -x /usr/bin/chkstat ]; then /usr/bin/chkstat -n --set --system /usr/lib/qemu-bridge-helper fiP $P#@' 4U>% Ř  &3MA큤큤g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!g!ea1292bab8e65b4a0d7dde9cfc4d0360e15d491462ea32949fb08682c87b6462877447c8534d7c0217932bd0b9e4b6515a5fa30eb2f0c5e2d18c3a9a1dc4a188adc545d77445fe222b4547656cdf2245ea72744190bc62367e45918b66edca0a18850e47be94af220a6ae376fc80ec0474b426b6751b6e2a0f8b0cf4d51919c6d7f4ed6f18496b6fc2f175e0a97116c0e09f2afdd9bc91c08c6f498c1c41129f30ad0cf42a93512544b712d2ae63d79ab9cf7c04e9843e8281207d734b7de7cbb05388432d517ad00a10993233182d215fb5257e9dd02e1151ec341da396f4f01ec604911c6a7267f41a441c52e323d0544edc01fc13a9baba7ea3c9fcbffdd21b702d9fce732f48a9db0ef7a7f6b8e8890f990817f741ee57dae1a7560f12e48f0f03191dbe2a624034d08780515aa147625e0280cbb2d00a329e9a41caca561ef6408313040c1cc5f828c47f922d6c82fa636378ec8330c0ebafbb182df419e92479ef802021e67db9f2a0f1984bdd1e484618213b77a45d1177cdecd0d96f8eeb66d7245e3e286351a67e8eb2bbed1b2dd6b68e51b5f262a57c57ad4e091e891a7be2e960debd0ebd9fa9dc407064bef6126ecd0fe5f8b43bc2bcdf944812c5c919ec7180a6709490aea3b0605db41c6dc0e4fd9beeaf479a94d2648959287e2cc4dd4d3cbf7d56fb938064e554843baab12910387adaa5247625af6f23dfb1859f0501d22ce667c5a0ac4f9f7fadb01ca4bc1044d2d0962c45b48227dfb5a541321d731c0ce195ec64eaea3aa6b1c768634ca41faba9740631c3b272474erootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootkvmrootrootrootrootrootrootqemu-7.1.0-150500.49.24.1.src.rpmconfig(qemu-tools)qemu-toolsqemu-tools(s390-64)!@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /bin/sh/bin/sh/usr/bin/env/usr/bin/python3config(qemu-tools)group(kvm)libaio.so.1()(64bit)libaio.so.1(LIBAIO_0.1)(64bit)libaio.so.1(LIBAIO_0.4)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.10)(64bit)libc.so.6(GLIBC_2.11)(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.27)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.2)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.30)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.6)(64bit)libc.so.6(GLIBC_2.7)(64bit)libc.so.6(GLIBC_2.8)(64bit)libc.so.6(GLIBC_2.9)(64bit)libcap-ng.so.0()(64bit)libgcrypt.so.20()(64bit)libgcrypt.so.20(GCRYPT_1.6)(64bit)libglib-2.0.so.0()(64bit)libgmodule-2.0.so.0()(64bit)libgnutls.so.30()(64bit)libgnutls.so.30(GNUTLS_3_4)(64bit)libm.so.6()(64bit)libm.so.6(GLIBC_2.2)(64bit)libmpathpersist.so.0()(64bit)libmpathpersist.so.0(LIBMPATHPERSIST_2.1.0)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.12)(64bit)libpthread.so.0(GLIBC_2.2)(64bit)libpthread.so.0(GLIBC_2.3.2)(64bit)libpthread.so.0(GLIBC_2.3.3)(64bit)libseccomp.so.2()(64bit)libselinux.so.1()(64bit)libselinux.so.1(LIBSELINUX_1.0)(64bit)libudev.so.1()(64bit)libudev.so.1(LIBUDEV_183)(64bit)liburing.so.2()(64bit)liburing.so.2(LIBURING_2.0)(64bit)libutil.so.1()(64bit)libutil.so.1(GLIBC_2.2)(64bit)libxkbcommon.so.0()(64bit)libxkbcommon.so.0(V_0.5.0)(64bit)libz.so.1()(64bit)libzstd.so.1()(64bit)permissionsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)7.1.0-150500.49.24.13.0.4-14.6.0-14.0-15.2-14.14.3 /usr/bin/chkstat -n --warn --system /usr/lib/qemu-bridge-helper 1>&2g @g|fo@f@fJf! @e,eg'd\@dx@doMdm@d @ccU@c&@c1cӼcӼccctck@cc@cY!@cV~@cD @c@c=qc=qc< @c< @c< @c6@c6@c47@c47@c2c*c)@c#b?b?b?b@bbҨ@bҨ@bVbbb@bw@b{@b^@bL/@bL/@bEbBbBbBb=b=b<]@b; b9@b0b%b%b@b@b@b@b@b @aC@aZ@aa@aa*@a*@a*@a*@a*@a@a@a5aLa@awa`2aC1a@a8a8a0a.a(a'@aj@a $@a /`@`@`Q@`ݮ@`ݮ@`@`"@`P@`@` @`@`@`Z`@`@`}p`x*`u`c`Y@`Q@`P`OL@`KW`KW`B@`?z@`8`/@`.V`-@`+`!'`!'`3@````@` @`x@__T_j____^@_@__@_}_ts@_h_`_Z@_Z@_X_N7_FN_D@_>e_;_2@_{__@^z^@^n@^?@^^^U@^U@^^@^1^@^@^^|@^y@^t@^t@^oj@^j$@^Nt^M#@^9\^8 @^0"@^*@^*@^@^@^^g@^]+]]]e@]@]Γ@]X]@]µ]]5@]W]]@]@]@]?]x]rJ@]rJ@]M`@]J@]Ik]H@]9\\F@\Q\Q\t@\ޢ@\ޢ@\@\ڭ\ֹ@\g\@\!\Ɋ@\\e\\Y@\o@\n\f\ac\T4\Q\J@\@n@\=@\@[>@[>@[o[@[[ @[ZnZ@ZZZ@ZZ̧@ZZZZZw@Z@ZX0>X%X lW_@WWv@WWίWW:WQWWWWW@W~W~WWzOWZWZWQq@WN@WN@WF@WEW!@W!@W@Wo@VbVV@V@V@VVuV]VQ@VQ@VMVMV0V&,VVZVZVZU6@U5@U(U@U@UUlI@Ud`@UT@UQ@U@U7@U4@U.RU-@U-@U) U'@U&iU&iU%@U%@UUU@U ]@U T@TTD@TZ@T@dfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comli.zhang@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comli.zhang@suse.comdmueller@suse.comdfaggioli@suse.comgiecrilj@stegny.2a.plschwab@suse.dedfaggioli@suse.comdfaggioli@suse.comhpj@urpla.netdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdmueller@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdimstar@opensuse.orgdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comlma@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.commliska@suse.czdmueller@suse.comli.zhang@suse.comli.zhang@suse.comli.zhang@suse.comli.zhang@suse.comli.zhang@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comli.zhang@suse.comdfaggioli@suse.comdfaggioli@suse.comli.zhang@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comli.zhang@suse.comli.zhang@suse.comli.zhang@suse.comli.zhang@suse.comdfaggioli@suse.comdfaggioli@suse.comlma@suse.comli.zhang@suse.comdfaggioli@suse.comli.zhang@suse.comli.zhang@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdmueller@suse.comdfaggioli@suse.comguillaume.gardet@opensuse.orgjose.ziviani@suse.comli.zhang@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comdmueller@suse.comjose.ziviani@suse.comjose.ziviani@suse.combrogers@suse.comjose.ziviani@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comdimstar@opensuse.orgbrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlma@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.commilsav92@outlook.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comdimstar@opensuse.orgbrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.commliska@suse.czbrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.comdimstar@opensuse.orgbrogers@suse.combrogers@suse.comdimstar@opensuse.orgbrogers@suse.comohering@suse.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comguillaume.gardet@opensuse.orgbrogers@suse.combrogers@suse.comstefan.bruens@rwth-aachen.debrogers@suse.comlnussel@suse.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.comstefan.bruens@rwth-aachen.delyan@suse.comcgoll@suse.combrogers@suse.combrogers@suse.comtchvatal@suse.combrogers@suse.combrogers@suse.comschwab@suse.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comguillaume.gardet@opensuse.orgguillaume.gardet@opensuse.orgbrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comolaf@aepfle.debrogers@suse.comolaf@aepfle.delma@suse.combrogers@suse.comolaf@aepfle.debrogers@suse.combrogers@suse.comldewey@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comldewey@suse.combrogers@suse.comldewey@suse.commatz@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlma@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlma@suse.comkwalter@suse.combrogers@suse.comlyan@suse.combrogers@suse.comlma@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comjfehlig@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comhenrik.kuhn@origenis.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comjfehlig@suse.combrogers@suse.combrogers@suse.comschwab@suse.debrogers@suse.comschwab@suse.debrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.combrogers@suse.comohering@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.comafaerber@suse.deafaerber@suse.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comagraf@suse.comafaerber@suse.debrogers@suse.comagraf@suse.combrogers@suse.comglin@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comagraf@suse.combrogers@suse.combrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deolaf@aepfle.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.destefan.bruens@rwth-aachen.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.detampakrap@opensuse.orgafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deagraf@suse.comcrrodriguez@opensuse.orgagraf@suse.comjslaby@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deagraf@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.dempluskal@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.de- Fix bsc#1229007 (CVE-2024-7409) and bsc#1230834 (CVE-2024-8354): * nbd/server: CVE-2024-7409: Close stray clients at server-stop (bsc#1229007, CVE-2024-7409) * nbd/server: CVE-2024-7409: Drop non-negotiating clients (bsc#1229007, CVE-2024-7409) * nbd/server: CVE-2024-7409: Cap default max-connections to 100 (bsc#1229007, CVE-2024-7409) * nbd/server: Plumb in new args to nbd_client_add() (bsc#1229007, CVE-2024-7409) * nbd: Minor style and typo fixes (bsc#1229007, CVE-2024-7409) * aio-wait.h: introduce AIO_WAIT_WHILE_UNLOCKED (bsc#1229007, CVE-2024-7409) * hw/usb/hcd-ohci: Fix #1510, #303: pid not IN or OUT (bsc#1230834, CVE-2024-8354)- Fix bsc#1230915, CVE-2024-8612: * softmmu: Support concurrent bounce buffers (bsc#1230915, CVE-2024-8612) * system/physmem: Per-AddressSpace bounce buffering (bsc#1230915, CVE-2024-8612) * system/physmem: Propagate AddressSpace to MapClient helpers (bsc#1230915, CVE-2024-8612) * system/physmem: Replace qemu_mutex_lock() calls with QEMU_LOCK_GUARD (bsc#1230915, CVE-2024-8612)- Properly fix bsc#1230140 (patch also submitted upstream): * [openSUSE] target/ppc: Fix lxvx/stxvx facility check (bsc#1230140)- Fix bsc#1230140 (and bsc#1229814 & bsc#1230008): * target/ppc: Fix lxv/stxv MSR facility check (bsc#1230140, bsc#1229814, bsc#1230008) - Fix a build issue of ipxe with newer binutils: * [openSUSE] roms/ipxe: Backport patches to fix the build with binutils 2.41 - Misc: * [openSUSE] Update hash of the sgabios submodule- Fix bsc#1227322, CVE-2024-4467: * qcow2: Don't open data_file with BDRV_O_NO_IO- Backports and bugfixes: * net: Update MemReentrancyGuard for NIC (bsc#1213269, CVE-2023-3019) * net: Provide MemReentrancyGuard * to qemu_new_nic() (bsc#1213269, CVE-2023-3019) * ui/clipboard: add asserts for update and request (bsc#1218889, CVE-2023-6683) * ui/clipboard: mark type as not available when there is no data (bsc#1218889, CVE-2023-6683) * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) * hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446) * apic: disable reentrancy detection for apic-msi (bsc#1222843, CVE-2024-3446) * raven: disable reentrancy detection for iomem (bsc#1222843, CVE-2024-3446) * bcm2835_property: disable reentrancy detection for iomem (bsc#1222843, CVE-2024-3446) * lsi53c895a: disable reentrancy detection for script RAM (bsc#1222843, CVE-2024-3446) * hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (bsc#1222843, CVE-2024-3446) * checkpatch: add qemu_bh_new/aio_bh_new checks (bsc#1222843, CVE-2024-3446) * async: Add an optional reentrancy guard to the BH API (bsc#1222843, CVE-2024-3446) * memory: prevent dma-reentracy issues (bsc#1222843, CVE-2024-3446) * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447)- Bugs and CVEs fixes: * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328) * pcie: Introduce pcie_sriov_num_vfs (bsc#1220065, CVE-2024-26328) * virtio-net: correctly copy vnet header when flushing TX (bsc#1218484, CVE-2023-6693) * hw/pvrdma: Protect against buggy or malicious guest driver (bsc#1209554, CVE-2023-1544) * pcie_sriov: Validate NumVFs (bsc#1220062, CVE-2024-26327) * esp: restrict non-DMA transfer length to that of available data (bsc#1220134, CVE-2024-24474) * s390x/ap: Wire up the device request notifier interface (bsc#1205316) * linux-headers: update to v6.5-rc1 (bsc#1205316) * Update linux headers to v6.3rc5 (bsc#1205316) * linux-headers: Update to v6.2-rc8 (bsc#1205316) * linux-headers: Update to v6.1 (bsc#1205316) - Backport of SapphireRapids CPU Models (jsc#PED-8113): * target/i386: add support for VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE * target/i386: Export MSR_ARCH_CAPABILITIES bits to guests * docs: re-generate x86_64 ABI compatibility CSV * target/i386: Add new CPU model GraniteRapids * target/i386: Add few security fix bits in ARCH_CAPABILITIES into SapphireRapids CPU model * target/i386: Add new bit definitions of MSR_IA32_ARCH_CAPABILITIES * target/i386: Allow MCDT_NO if host supports * target/i386: Add support for MCDT_NO in CPUID enumeration * target/i386: Adjust feature level according to FEAT_7_1_EDX * target/i386: Add support for PREFETCHIT0/1 in CPUID enumeration * target/i386: Add support for AVX-NE-CONVERT in CPUID enumeration * target/i386: Add support for AVX-VNNI-INT8 in CPUID enumeration * target/i386: Add support for AVX-IFMA in CPUID enumeration * target/i386: Add support for AMX-FP16 in CPUID enumeration * target/i386: Add support for CMPCCXADD in CPUID enumeration * target/i386: add support for FB_CLEAR feature * target/i386: add support for FLUSH_L1D feature * i386: Add new CPU model SapphireRapids * target/i386: KVM: allow fast string operations if host supports them * target/i386: add FZRM, FSRS, FSRC * target/i386: add FSRM to TCG - Backport of EPYC-Genoa CPU Model (jsc#PED-7366): * target/i386: Add EPYC-Genoa model to support Zen 4 processor series * target/i386: Add VNMI and automatic IBRS feature bits * target/i386: Add missing feature bits in EPYC-Milan model * target/i386: Add feature bits for CPUID_Fn80000021_EAX * target/i386: Add a couple of feature bits in 8000_0008_EBX * target/i386: Add new EPYC CPU versions with updated cache_info * target/i386: allow versioned CPUs to specify new cache_info- Fix bsc#1188609, bsc#1213925, bsc#1212850, bsc#1215311, bsc#1213210: * hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638) * virtio-crypto: verify src&dst buffer length for sym request (CVE-2023-3180) * io: remove io watch if TLS channel is closed during handshake (CVE-2023-3354) * [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 * [openSUSE][RPM] pass -p1 to autosetup in qemu.spec * target/s390x: Fix the "ignored match" case in VSTRS * linux-user/elfload: Enable vxe2 on s390x- Fix bsc#1213414, bsc#1207205, bsc#1212968, bsc#1179993, bsc#1181740, bsc#1213001 * vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (CVE-2023-3301) * hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) * 9pfs: prevent opening special files (CVE-2023-2861) * hw/ide/piix: properly initialize the BMIBA register * ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) * [openSUSE][OBS] Refine the OBS workflow for 15-SP5- Fix bsc#1211000 - Patches added: * Run fstat asynchronously inside coroutines (bsc#1211000) * Allow bdrv_get_allocated_file_size to run in bdrv context (bsc#1211000) * Convert query-named-block-nodes to coroutine (bsc#1211000) * Convert query-block/info_block to coroutine (bsc#1211000) * block: Convert bdrv_get_allocated_file_size() to co_wrapper (bsc#1211000) * block-coroutine-wrapper.py: support also basic return types (bsc#1211000) * [openSUSE][RPM] Backport some spec-file improvements from Factory- Fix bsc#bsc#1211697 * Patches added: smbios: sanitize type from external type before checking have_fields_bitmap (bsc#1211697) hw/smbios: fix field corruption in type 4 table (bsc#1211697) linux-user: fill out task state in /proc/self/stat test-vmstate: fix bad GTree usage, use-after-free qemu/osdep: Switch position of "extern" and "G_NORETURN"- Switch the packaging workflow to git, like the one we have in place already for Factory. * Patches no longer present as patch files, but applied as commits: Disable-some-tests-that-have-problems-in.patch Make-char-muxer-more-robust-wrt-small-FI.patch Make-installed-scripts-explicitly-python.patch Makefile-fix-build-with-binutils-2.38.patch PPC-KVM-Disable-mmu-notifier-check.patch Raise-soft-address-space-limit-to-hard-l.patch Revert-linux-user-fix-compat-with-glibc-.patch Revert-roms-efirom-tests-uefi-test-tools.patch Revert-tests-qtest-enable-more-vhost-use.patch Update-linux-headers-to-v6.0-rc4.patch accel-abort-if-we-fail-to-load-the-accel.patch ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch bios-tables-test-add-test-for-number-of-.patch bios-tables-test-teach-test-to-use-smbio.patch block-Handle-curl-7.55.0-7.85.0-version-.patch block-io_uring-revert-Use-io_uring_regis.patch configure-Add-Wno-gnu-variable-sized-typ.patch dmg-warn-when-opening-dmg-images-contain.patch dump-Add-architecture-section-and-sectio.patch dump-Refactor-dump_iterate-and-introduce.patch dump-Reintroduce-memory_offset-and-secti.patch dump-Rename-write_elf-_phdr_note-to-prep.patch dump-Rename-write_elf_loads-to-write_elf.patch dump-Reorder-struct-DumpState.patch dump-Replace-opaque-DumpState-pointer-wi.patch dump-Rework-dump_calculate_size-function.patch dump-Rework-filter-area-variables.patch dump-Rework-get_start_block.patch dump-Split-elf-header-functions-into-pre.patch dump-Use-a-buffer-for-ELF-section-data-a.patch dump-Write-ELF-section-headers-right-aft.patch hw-acpi-erst.c-Fix-memory-handling-issue.patch hw-display-qxl-Avoid-buffer-overrun-in-q.patch hw-display-qxl-Document-qxl_phys2virt.patch hw-display-qxl-Have-qxl_log_command-Retu.patch hw-display-qxl-Pass-requested-buffer-siz.patch hw-pvrdma-Protect-against-buggy-or-malic.patch hw-scsi-megasas-check-for-NULL-frame-in-.patch hw-smbios-add-core_count2-to-smbios-tabl.patch hw-smbios-handle-both-file-formats-regar.patch hw-smbios-support-for-type-8-port-connec.patch include-elf.h-add-s390x-note-types.patch increase-x86_64-physical-bits-to-42.patch linux-user-Fake-proc-cpuinfo.patch linux-user-lseek-explicitly-cast-non-set.patch linux-user-remove-conditionals-for-many-.patch linux-user-use-max-as-default-CPU-model-.patch linux-user-use-target_ulong.patch meson-install-ivshmem-client-and-ivshmem.patch meson-remove-pkgversion-from-CONFIG_STAM.patch module-add-Error-arguments-to-module_loa.patch module-removed-unused-function-argument-.patch module-rename-module_load_one-to-module_.patch net-tulip-Restrict-DMA-engine-to-memorie.patch openSUSE-Basetools-Ignore-spurious-GCC-1.patch openSUSE-Makefile-Fix-csum8-to-be-built-.patch openSUSE-Makefile-define-endianess-for-c.patch openSUSE-Makefile-fix-issues-of-build-re.patch openSUSE-add-cross.ini-file-to-handle-aa.patch openSUSE-build-Makefile-fix-issues-of-bu.patch openSUSE-build-Silence-GCC-12-spurious-w.patch openSUSE-build-be-explicit-about-mx86-us.patch openSUSE-build-enable-cross-compilation-.patch openSUSE-pc-q35-Bump-max_cpus-to-1024.patch openSUSE-pcbios-stub-out-the-SAN-req-s-i.patch openSUSE-switch-to-python3-as-needed.patch openSUSE-test-help-compiler-out-by-initi.patch qemu-binfmt-conf-Modify-default-path.patch qemu-bridge-helper-reduce-security-profi.patch roms-Makefile-add-cross-file-to-qboot-me.patch roms-Makefile-pass-a-packaging-timestamp.patch roms-change-cross-compiler-naming-to-be-.patch s390x-Add-KVM-PV-dump-interface.patch s390x-Add-protected-dump-cap.patch s390x-Introduce-PV-query-interface.patch s390x-pci-add-routine-to-get-host-functi.patch s390x-pci-don-t-fence-interpreted-device.patch s390x-pci-enable-adapter-event-notificat.patch s390x-pci-enable-for-load-store-interpre.patch s390x-pci-let-intercept-devices-have-sep.patch s390x-pci-reflect-proper-maxstbl-for-gro.patch s390x-pci-reset-ISM-passthrough-devices-.patch s390x-pci-shrink-DMA-aperture-to-be-boun.patch s390x-pv-Add-dump-support.patch s390x-tod-kvm-don-t-save-restore-the-TOD.patch scsi-generic-check-for-additional-SG_IO-.patch scsi-generic-replace-logical-block-count.patch tests-acpi-allow-changes-for-core_count2.patch tests-acpi-update-tables-for-new-core-co.patch tests-change-error-message-in-test-162.patch tests-qemu-iotests-Triple-timeout-of-i-o.patch ui-vnc-clipboard-fix-integer-underflow-i.patch xen-add-block-resize-support-for-xen-dis.patch xen-ignore-live-parameter-from-xen-save-.patch xen_disk-Add-suse-specific-flush-disable.patch- Fix bsc#1209064 * Patches added: s390x-pci-reset-ISM-passthrough-devices-.patch s390x-pci-shrink-DMA-aperture-to-be-boun.patch- Fix build issue with Linux 6.2's headers (bsc#1208657) by dropping linux-user-add-more-compat-ioctl-definit.patch and adding Revert-linux-user-fix-compat-with-glibc-.patch - Patches meson-enforce-a-minimum-Linux-kernel-hea.patch and linux-user-drop-conditionals-for-obsolet.patch were added as downstream patches as they were part of a series, but they never made it upstream, so we don't want them here either * Patches dropped: linux-user-add-more-compat-ioctl-definit.patch linux-user-drop-conditionals-for-obsolet.patch meson-enforce-a-minimum-Linux-kernel-hea.patch * Patches added: Revert-linux-user-fix-compat-with-glibc-.patch- Fixes bsc#1197653, CVE-2022-1050 * Patches added: block-Handle-curl-7.55.0-7.85.0-version-.patch hw-pvrdma-Protect-against-buggy-or-malic.patch- Fixes: jsc#PED-1716 Add S390 features from IBM requirements * Patches added: dump-Add-architecture-section-and-sectio.patch dump-Refactor-dump_iterate-and-introduce.patch dump-Reintroduce-memory_offset-and-secti.patch dump-Rename-write_elf_loads-to-write_elf.patch dump-Rename-write_elf-_phdr_note-to-prep.patch dump-Reorder-struct-DumpState.patch dump-Replace-opaque-DumpState-pointer-wi.patch dump-Rework-dump_calculate_size-function.patch dump-Rework-filter-area-variables.patch dump-Rework-get_start_block.patch dump-Split-elf-header-functions-into-pre.patch dump-Use-a-buffer-for-ELF-section-data-a.patch dump-Write-ELF-section-headers-right-aft.patch include-elf.h-add-s390x-note-types.patch s390x-Add-KVM-PV-dump-interface.patch s390x-Add-protected-dump-cap.patch s390x-Introduce-PV-query-interface.patch s390x-pv-Add-dump-support.patch- Fixed: bsc#1205847 (CVE-2022-4172), bsc#1203788 (CVE-2022-3165), bsc#1205808 (CVE-2022-4144), bsc#1206527, bsc#1208139 - Improved handling of: bsc#1202282 (jsc#PED-2592) * Patches dropped: pc-q35-Bump-max_cpus-to-1024.patch * Patches added: accel-abort-if-we-fail-to-load-the-accel.patch bios-tables-test-add-test-for-number-of-.patch bios-tables-test-teach-test-to-use-smbio.patch dmg-warn-when-opening-dmg-images-contain.patch hw-acpi-erst.c-Fix-memory-handling-issue.patch hw-display-qxl-Avoid-buffer-overrun-in-q.patch hw-display-qxl-Document-qxl_phys2virt.patch hw-display-qxl-Have-qxl_log_command-Retu.patch hw-display-qxl-Pass-requested-buffer-siz.patch hw-smbios-add-core_count2-to-smbios-tabl.patch hw-smbios-support-for-type-8-port-connec.patch module-add-Error-arguments-to-module_loa.patch module-removed-unused-function-argument-.patch module-rename-module_load_one-to-module_.patch openSUSE-pc-q35-Bump-max_cpus-to-1024.patch s390x-tod-kvm-don-t-save-restore-the-TOD.patch tests-acpi-allow-changes-for-core_count2.patch tests-acpi-update-tables-for-new-core-co.patch ui-vnc-clipboard-fix-integer-underflow-i.patch- Refactor building and installing SeaBIOS docs- Rename submodule patches so that it's clear which ones are backports and which ones are downstream only fixes; - No functional change intended. * Patches dropped: Ignore-spurious-GCC-12-warning.patch roms-sgabios-Fix-csum8-to-be-built-by-ho.patch Makefile-define-endianess-for-cross-buil.patch ipxe-Makefile-fix-issues-of-build-reprod.patch qboot-add-cross.ini-file-to-handle-aarch.patch sgabios-Makefile-fix-issues-of-build-rep.patch Silence-GCC-12-spurious-warnings.patch build-be-explicit-about-mx86-used-note-n.patch enable-cross-compilation-on-ARM.patch stub-out-the-SAN-req-s-in-int13.patch help-compiler-out-by-initializing-array.patch seabios-switch-to-python3-as-needed.patch * Patches added: openSUSE-Basetools-Ignore-spurious-GCC-1.patch openSUSE-Makefile-Fix-csum8-to-be-built-.patch openSUSE-Makefile-define-endianess-for-c.patch openSUSE-Makefile-fix-issues-of-build-re.patch openSUSE-add-cross.ini-file-to-handle-aa.patch openSUSE-build-Makefile-fix-issues-of-bu.patch openSUSE-build-Silence-GCC-12-spurious-w.patch openSUSE-build-be-explicit-about-mx86-us.patch openSUSE-build-enable-cross-compilation-.patch openSUSE-pcbios-stub-out-the-SAN-req-s-i.patch openSUSE-switch-to-python3-as-needed.patch openSUSE-test-help-compiler-out-by-initi.patch- Fixes jsc#PED-1716 * Patches added: configure-Add-Wno-gnu-variable-sized-typ.patch s390x-pci-add-routine-to-get-host-functi.patch s390x-pci-don-t-fence-interpreted-device.patch s390x-pci-enable-adapter-event-notificat.patch s390x-pci-enable-for-load-store-interpre.patch s390x-pci-let-intercept-devices-have-sep.patch s390x-pci-reflect-proper-maxstbl-for-gro.patch Update-linux-headers-to-v6.0-rc4.patch- install binfmt-misc handlers for systemd (bsc#1206838)- Raise the maximum number of vCPUs a VM can have to 1024 (jsc#PED-2592) * Patches added: pc-q35-Bump-max_cpus-to-1024.patch- install SeaBIOS documentation- Enable KVM support on riscv64- qtests test are not realiable when run inside OBS builders, so let's disable that part of the testsuite for now. There is work ongoing to run it somewhere else (on dedicated hosts) to avoid loosing coverage. (bsc#1204566)- Improve dependency handling (e.g., what's recommended vs. what's required. - Add a subpackage (qemu-headless) that brings in all the packages that are needed for creating VMs with tools like virt-install or VirtManager, run either locally or from a remote host. (bsc#1202166)- Build fails due to exceeding 10 GB disk limit (10430 MB): raise disk space contraint to 12 GB- Fixes bsc#1204082 * Patches added: block-io_uring-revert-Use-io_uring_regis.patch- Due to change in where some documentation files are, if qemu-guest-agent is installed, we need to make sure we update it to our version (bsc#1203995)- The links in the forsplit dirs, in each subpackage, born to deal with package & subpackage splitting, are not really used. In fact, they're "Provides:"-ed by a bunch of subpackages, but there's no "Requires:" for any of them. Let's just get rid of them.- The old qemu-binfmt weappers around the various qemu-$ARCH Linux user emulation binaries (see, e.g., bsc#1186256) are not necessary any longer, and bsc#1143725 can now be considered fixed. * Patches dropped: linux-user-add-binfmt-wrapper-for-argv-0.patch linux-user-binfmt-support-host-binaries.patch- Fix bsc#1204001. Patches are not upstream, and have been picked up and backported from the ML. This is something we usually prefer to avoid, but this is urgent, and the patches looks fine, with high chances for them to be included as they are (and if they're not, we will revisit this, i.e., drop them and re-include the ones that are actually committed) * Patches added: linux-user-add-more-compat-ioctl-definit.patch linux-user-drop-conditionals-for-obsolet.patch linux-user-remove-conditionals-for-many-.patch meson-enforce-a-minimum-Linux-kernel-hea.patch- Improve the output of update_git.sh, by including the list of repos to which we have downstream patches.- Fix: bsc#1202665, CVE-2022-2962 * Patches added: net-tulip-Restrict-DMA-engine-to-memorie.patch- skip tests that don't work under qemu-linux-user emulation- Runs of the test-suite seem much more stable now, in this version of QEMU. (bsc#1203610) We are also fine re-enabling running them in parallel.- Switch QEMU Linux user to emulate the same CPU as the one of the host by default. This is a bit conrtoversial and tricky, when thinking about system emulation/virtualization. But for linux-user, it should be just fine. (bsc#1203684) * Patches added: linux-user-use-max-as-default-CPU-model-.patch- Be less verbose when packaging documentation. In fact, with just a couple of (minor) re-arrangements, we can get rid of having to list all the files all the time - Package /etc/qemu/bridge.conf as '%config(noreplace). Next step will probably be to move it to /usr/etc/qemu (bsc#1201944)- Switch to %autosetup for all products (this required some changes in update_git.sh) - Run check-qtest sequentially, as it's more reliable, when in OBS - Build with libbpf, fdt and capstone support - Drop the patch adding our support document, and deal with that in the spec file directly * Patches dropped: doc-add-our-support-doc-to-the-main-proj.patch- Updated to latest upstream version 7.1 * https://wiki.qemu.org/ChangeLog/7.1 Be sure to also check the following pages: * https://qemu-project.gitlab.io/qemu/about/removed-features.html * https://qemu-project.gitlab.io/qemu/about/deprecated.html Some notable changes: * [x86] Support for architectural LBRs on KVM virtual machines * [x86] The libopcode-based disassembler has been removed. Use Capstone instead * [LoongArch] Add initial support for the LoongArch64 architecture. * [ARM] The emulated SMMUv3 now advertises support for SMMUv3.2-BBML2 * [ARM] The xlnx-zynqmp SoC model now implements the 4 TTC timers * [ARM] The versal machine now models the Cortex-R5s in the Real-Time Processing Unit (RPU) subsystem * [ARM] The virt board now supports emulation of the GICv4.0 * [ARM] New emulated CPU types: Cortex-A76, Neoverse-N1 * [HPPA] Fix serial port pass-through from host to guest * [HPPA] Lots of general code improvements and tidy-ups * [RISC-V] RISC-V * [RISC-V] Add support for privileged spec version 1.12.0 * [RISC-V] Use privileged spec version 1.12.0 for virt machine by default * [RISC-V] Allow software access to MIP SEIP * [RISC-V] Add initial support for the Sdtrig extension * [RISC-V] Optimisations and improvements for the vector extension * [VFIO] Experimental support for exposing emulated PCI devices over the new vfio-user protocol (a vfio-user client is not yet available in QEMU, though) * [QMP] The on-cbw-error option for copy-before-write filter, to specify behavior on CBW (copy before write) operation failure. * [QMP] The cbw-timeout option for copy-before-write filter, to specify timeout for CBW operation. * [QMP] New commands query-stats and query-stats-schema to retrieve statistics from various QEMU subsystems (right now only from KVM). * [QMP] The PanicAction can now be configured to report an exit-failure (useful for automated testing) * [Networking] QEMU can be compiled with the system slirp library even when using CFI. This requires libslirp 4.7. * [Migration] Support for zero-copy-send on Linux, which reduces CPU usage on the source host. Note that locked memory is needed to support this * Patches added: Revert-tests-qtest-enable-more-vhost-use.patch meson-remove-pkgversion-from-CONFIG_STAM.patch * Patches dropped: AIO-Reduce-number-of-threads-for-32bit-h.patch Makefile-Don-t-check-pc-bios-as-pre-requ.patch Revert-8dcb404bff6d9147765d7dd3e9c849337.patch Revert-qht-constify-qht_statistics_init.patch XXX-dont-dump-core-on-sigabort.patch acpi_piix4-Fix-migration-from-SLE11-SP2.patch configure-only-populate-roms-if-softmmu.patch configure-remove-pkgversion-from-CONFIG_.patch coroutine-ucontext-use-QEMU_DEFINE_STATI.patch coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch hostmem-default-the-amount-of-prealloc-t.patch hw-usb-hcd-ehci-fix-writeback-order.patch i8254-Fix-migration-from-SLE11-SP2.patch intc-exynos4210_gic-replace-snprintf-wit.patch modules-generates-per-target-modinfo.patch modules-introduces-module_kconfig-direct.patch pc-bios-s390-ccw-net-avoid-warning-about.patch pci-fix-overflow-in-snprintf-string-form.patch qemu-cvs-gettimeofday.patch qemu-cvs-ioctl_debug.patch qemu-cvs-ioctl_nodirection.patch qht-Revert-some-constification-in-qht.c.patch qom-handle-case-of-chardev-spice-module-.patch scsi-lsi53c895a-fix-use-after-free-in-ls.patch scsi-lsi53c895a-really-fix-use-after-fre.patch softmmu-Always-initialize-xlat-in-addres.patch sphinx-change-default-language-to-en.patch test-add-mapping-from-arch-of-i686-to-qe.patch tests-Fix-block-tests-to-be-compatible-w.patch tests-qtest-Move-the-fuzz-tests-to-x86-o.patch usb-Help-compiler-out-to-avoid-a-warning.patch- pcre-devel-static is only needed when building against glib2 < 2.73. After that, glib2 was migrated to pcre2.- Substantial rework of the spec file: * the 'make check' testsuite now runs in the %check section of the main package, not in a subpackage * switched from %setup to %autosetup * rearranged the content in order to minimize the use of %if, %ifarch, etc- Properly fix bsc#1198038, CVE-2022-0216 * Patches added: scsi-lsi53c895a-really-fix-use-after-fre.patch tests-qtest-Move-the-fuzz-tests-to-x86-o.patch- Make temp dir (for update_git.sh) configurable - Added new subpackages (audio-dbus, ui-dbus) - bsc#1199018 was never fixed in Factory's QEMU 6.2. It is now (since the patches are already in SeaBIOS 1.16.0) - Some tests are having issues when run in OBS. They seem to be due to race conditions, triggered by resource constraints of OBS workers. Let's disable them for now, while looking for a fix - Update to v7.0.0 (bsc#1201307). For full release notes, see: * https://wiki.qemu.org/ChangeLog/7.0 Be sure to also check the following pages: * https://qemu-project.gitlab.io/qemu/about/removed-features.html * https://qemu-project.gitlab.io/qemu/about/deprecated.html Some notable changes: * [ARM] The virt board has gained a new control knob to disable passing a RNG seed in the DTB (dtb-kaslr-seed) * [ARM] The AST2600 SoC now supports a dummy version of the i3c device * [ARM] The virt board can now run guests with KVM on hosts with restricted IPA ranges * [ARM] The virt board now supports virtio-mem-pci * [ARM] The virt board now supports specifying the guest CPU topology * [ARM] On the virt board, we now enable PAuth when using KVM or hvf and the host CPU supports it * [RISC-V] Add support for ratified 1.0 Vector extension * [RISC-V] Support for the Zve64f and Zve32f extensions * [RISC-V] Drop support for draft 0.7.1 Vector extension * [RISC-V] Support Zfhmin and Zfh extensions * [RISC-V] RISC-V KVM support * [RISC-V] Mark Hypervisor extension as non experimental * [RISC-V] Enable Hypervisor extension by default * [x86] Support for Intel AMX. * [PCI/PCIe] Q35: fix PCIe device becoming disabled after migration when ACPI based PCI hotplug is used (6b0969f1ec) * [PCI/PCIe] initial bits of SR/IOV support (250346169) * [PCI/PCIe] arm/virt: fixed PXB interrupt routing (e609301b45) * [PCI/PCIe] arm/virt: support for virtio-mem-pci (b1b87327a9) * [virtiofs] Fix for CVE-2022-0358 - behaviour with supplementary groups and SGID directories * [virtiofs] Improved security label support * [virtiofs] The virtiofsd in qemu is now starting to be deprecated; please start using and contributing to Rust virtiofsd * Patches dropped: acpi-validate-hotplug-selector-on-access.patch block-backend-Retain-permissions-after-m.patch block-qdict-Fix-Werror-maybe-uninitializ.patch brotli-fix-actual-variable-array-paramet.patch display-qxl-render-fix-race-condition-in.patch doc-Add-the-SGX-numa-description.patch hw-i386-amd_iommu-Fix-maybe-uninitialize.patch hw-intc-exynos4210_gic-provide-more-room.patch hw-nvme-fix-CVE-2021-3929.patch hw-nvram-at24-return-0xff-if-1-byte-addr.patch iotest-065-explicit-compression-type.patch iotest-214-explicit-compression-type.patch iotest-302-use-img_info_log-helper.patch iotest-303-explicit-compression-type.patch iotest-39-use-_qcow2_dump_header.patch iotests-60-more-accurate-set-dirty-bit-i.patch iotests-bash-tests-filter-compression-ty.patch iotests-common.rc-introduce-_qcow2_dump_.patch iotests-declare-lack-of-support-for-comp.patch iotests-drop-qemu_img_verbose-helper.patch iotests-massive-use-_qcow2_dump_header.patch iotests-MRCE-Write-data-to-source.patch iotests.py-filter-out-successful-output-.patch iotests.py-img_info_log-rename-imgopts-a.patch iotests.py-implement-unsupported_imgopts.patch iotests.py-qemu_img-create-support-IMGOP.patch iotests.py-rewrite-default-luks-support-.patch iotests-specify-some-unsupported_imgopts.patch meson-build-all-modules-by-default.patch numa-Enable-numa-for-SGX-EPC-sections.patch numa-Support-SGX-numa-in-the-monitor-and.patch python-aqmp-add-__del__-method-to-legacy.patch python-aqmp-add-_session_guard.patch python-aqmp-add-SocketAddrT-to-package-r.patch python-aqmp-add-socket-bind-step-to-lega.patch python-aqmp-add-start_server-and-accept-.patch python-aqmp-copy-type-definitions-from-q.patch python-aqmp-drop-_bind_hack.patch python-aqmp-fix-docstring-typo.patch python-aqmp-Fix-negotiation-with-pre-oob.patch python-aqmp-fix-race-condition-in-legacy.patch Python-aqmp-fix-type-definitions-for-myp.patch python-aqmp-handle-asyncio.TimeoutError-.patch python-aqmp-refactor-_do_accept-into-two.patch python-aqmp-remove-_new_session-and-_est.patch python-aqmp-rename-accept-to-start_serve.patch python-aqmp-rename-AQMPError-to-QMPError.patch python-aqmp-split-_client_connected_cb-o.patch python-aqmp-squelch-pylint-warning-for-t.patch python-aqmp-stop-the-server-during-disco.patch python-introduce-qmp-shell-wrap-convenie.patch python-machine-raise-VMLaunchFailure-exc.patch python-move-qmp-shell-under-the-AQMP-pac.patch python-move-qmp-utilities-to-python-qemu.patch python-qmp-switch-qmp-shell-to-AQMP.patch python-support-recording-QMP-session-to-.patch python-upgrade-mypy-to-0.780.patch qcow2-simple-case-support-for-downgradin.patch qemu-binfmt-conf.sh-should-use-F-as-shor.patch tests-qemu-iotests-040-Skip-TestCommitWi.patch tests-qemu-iotests-Fix-051-for-binaries-.patch tests-qemu-iotests-testrunner-Quote-case.patch tools-virtiofsd-Add-rseq-syscall-to-the-.patch ui-cursor-fix-integer-overflow-in-cursor.patch vhost-vsock-detach-the-virqueue-element-.patch virtiofsd-Drop-membership-of-all-supplem.patch virtio-net-fix-map-leaking-on-error-duri.patch Disable-some-tests-that-have-problems-in.patch * Patches added: intc-exynos4210_gic-replace-snprintf-wit.patch Revert-8dcb404bff6d9147765d7dd3e9c849337.patch- Fix bsc#1197084 * Patches added: hostmem-default-the-amount-of-prealloc-t.patch- Get rid of downstream patches breaking s390 modules. Replace them with the upstream proposed and Acked (but never committed) solution (bsc#1199015) * Patches added: modules-generates-per-target-modinfo.patch modules-introduces-module_kconfig-direct.patch * Patches dropped: Fix-the-module-building-problem-for-s390.patch modules-quick-fix-a-fundamental-error-in.patch- backport patches for having coroutine work well when LTO is used * Patches added: coroutine-ucontext-use-QEMU_DEFINE_STATI.patch coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch- seabios: drop patch that changes python in python2. Just go to python3 directly. * Patches dropped: seabios-use-python2-explicitly-as-needed.patch- Fix the following bugs: - bsc#1198037, CVE-2021-4207 - bsc#1198038, CVE-2022-0216 - bsc#1201367, CVE-2022-35414 - bsc#1198035, CVE-2021-4206 - bsc#1198712, CVE-2022-26354 - bsc#1198711, CVE-2022-26353 * Patches added: display-qxl-render-fix-race-condition-in.patch scsi-lsi53c895a-fix-use-after-free-in-ls.patch softmmu-Always-initialize-xlat-in-addres.patch ui-cursor-fix-integer-overflow-in-cursor.patch vhost-vsock-detach-the-virqueue-element-.patch virtio-net-fix-map-leaking-on-error-duri.patch- Fix usb ehci boot failure (bsc#1192115) * Patches added: hw-usb-hcd-ehci-fix-writeback-order.patch- Fix bugs boo#1200557 and boo#1199924 - Now that boo#1199924 is fixed, re-enable FORTIFY_SOURCE=3 * Patches added: pci-fix-overflow-in-snprintf-string-form.patch sphinx-change-default-language-to-en.patch- It has been observed that building QEMU with _FORTIFY_SOURCE=3 causes problem (see bsc#1199924). Force it to =2 for now, while we investigate the issue.- Backport a GCC 12 aarch64 build fix (bsc#1199625) * Patches added: block-qdict-Fix-Werror-maybe-uninitializ.patch- Filter out rpmlint error that is valid for qemu, but will have its badness increased in the future.- enable aio=io_uring on all kvm architectures (bsc#1197699)- Backport aqmp patches from upstream which can fix iotest issues * Patches added: python-aqmp-add-__del__-method-to-legacy.patch python-aqmp-add-_session_guard.patch python-aqmp-add-SocketAddrT-to-package-r.patch python-aqmp-add-socket-bind-step-to-lega.patch python-aqmp-add-start_server-and-accept-.patch python-aqmp-copy-type-definitions-from-q.patch python-aqmp-drop-_bind_hack.patch python-aqmp-fix-docstring-typo.patch python-aqmp-Fix-negotiation-with-pre-oob.patch python-aqmp-fix-race-condition-in-legacy.patch Python-aqmp-fix-type-definitions-for-myp.patch python-aqmp-handle-asyncio.TimeoutError-.patch python-aqmp-refactor-_do_accept-into-two.patch python-aqmp-remove-_new_session-and-_est.patch python-aqmp-rename-accept-to-start_serve.patch python-aqmp-rename-AQMPError-to-QMPError.patch python-aqmp-split-_client_connected_cb-o.patch python-aqmp-squelch-pylint-warning-for-t.patch python-aqmp-stop-the-server-during-disco.patch python-introduce-qmp-shell-wrap-convenie.patch python-machine-raise-VMLaunchFailure-exc.patch python-move-qmp-shell-under-the-AQMP-pac.patch python-move-qmp-utilities-to-python-qemu.patch python-qmp-switch-qmp-shell-to-AQMP.patch python-support-recording-QMP-session-to-.patch python-upgrade-mypy-to-0.780.patch- Drop the patches which are workaround to fix iotest issues * Patches dropped: Revert-python-iotests-replace-qmp-with-a.patch Revert-python-machine-add-instance-disam.patch Revert-python-machine-add-sock_dir-prope.patch Revert-python-machine-handle-fast-QEMU-t.patch Revert-python-machine-move-more-variable.patch Revert-python-machine-remove-_remove_mon.patch- Support the SGX feature (bsc#1197807) * Patches added: doc-Add-the-SGX-numa-description.patch numa-Enable-numa-for-SGX-EPC-sections.patch numa-Support-SGX-numa-in-the-monitor-and.patch- Backport CVE-2021-3929 (bsc#1193880) * Patches added: hw-nvme-fix-CVE-2021-3929.patch- The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) * Patches added: Revert-python-iotests-replace-qmp-with-a.patch Revert-python-machine-add-instance-disam.patch Revert-python-machine-add-sock_dir-prope.patch Revert-python-machine-handle-fast-QEMU-t.patch Revert-python-machine-move-more-variable.patch Revert-python-machine-remove-_remove_mon.patch- Add missing patch from a PTFs (bsc#1194938) * Patches added: scsi-generic-check-for-additional-SG_IO-.patch- Kill downstream patches around bifmt handling that makes cumbersome to run multi-arch containers, and switch to the upstream behavior, which is well documented and valid on all other distros. This is possible thanks to Linux kernel commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch- Fix update_git.sh wiping all the package file of the local checkout while cloning the git repository on demand (in case they don't exist and the user as to do so).- Improve test reliability * Patches added: Fix-the-module-building-problem-for-s390.patch tests-qemu-iotests-040-Skip-TestCommitWi.patch tests-qemu-iotests-testrunner-Quote-case.patch- Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall (bsc#1196924) * Patches added: tools-virtiofsd-Add-rseq-syscall-to-the-.patch- Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 (bsc#1197018) * Patches added: hw-i386-amd_iommu-Fix-maybe-uninitialize.patch Silence-GCC-12-spurious-warnings.patch Ignore-spurious-GCC-12-warning.patch- Proactive fix * Patches added: hw-nvram-at24-return-0xff-if-1-byte-addr.patch- Build PPC firmwares from sources on non-PPC builds as well (bsc#1193545) - Build RiscV firmwares on non-RiscV builds as well - While there, refactor (and simplify!) the firmware building logic and code * Patches added: Makefile-define-endianess-for-cross-buil.patch Makefile-fix-build-with-binutils-2.38.patch- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) * Patches added: hw-scsi-megasas-check-for-NULL-frame-in-.patch- Include vmxcap in the qemu-tools package (is being very useful for debugging bsc#1193364)- The qemu package should require qemu-x86, qemu-arm, etc, as there's no point installing it without _any_ of them. Additionally, right now, the user does not get a working qemu, if recommended packages are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087- Give clearer instructions on how to modify the package patches from the output of update_git.sh (docs change only, no functional change)- qemu,kvm: potential privilege escalation via virtiofsd (bsc#1195161, CVE-2022-0358) * Patches added: virtiofsd-Drop-membership-of-all-supplem.patch* Patches added: block-backend-Retain-permissions-after-m.patch iotest-065-explicit-compression-type.patch iotest-214-explicit-compression-type.patch iotest-302-use-img_info_log-helper.patch iotest-303-explicit-compression-type.patch iotest-39-use-_qcow2_dump_header.patch iotests-60-more-accurate-set-dirty-bit-i.patch iotests-bash-tests-filter-compression-ty.patch iotests-common.rc-introduce-_qcow2_dump_.patch iotests-declare-lack-of-support-for-comp.patch iotests-drop-qemu_img_verbose-helper.patch iotests-massive-use-_qcow2_dump_header.patch iotests-MRCE-Write-data-to-source.patch iotests.py-filter-out-successful-output-.patch iotests.py-img_info_log-rename-imgopts-a.patch iotests.py-implement-unsupported_imgopts.patch iotests.py-qemu_img-create-support-IMGOP.patch iotests.py-rewrite-default-luks-support-.patch iotests-specify-some-unsupported_imgopts.patch qcow2-simple-case-support-for-downgradin.patch tests-qemu-iotests-Fix-051-for-binaries-.patch-Backport patch from upstream, bsc#1194063 CVE-2021-4158 * Patches added: acpi-validate-hotplug-selector-on-access.patch- Enable modules for testsuite* Patches added: meson-build-all-modules-by-default.patch- It's time to really start requiring -F when using -b in qemu-img for us as well. Users/customers have been warned in the relevant release notes (bsc#1190135) * Patches dropped: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch- Fix testsuite failures by not using modules when building tests (and some other, also testsuite related, spec file problems)- [JIRA] (SLE-20965) Make QEMU guests more failsafe when resizing SCSI passthrough disks * Patches added: scsi-generic-replace-logical-block-count.patch- Add an audio-oss sub-package- Add some new (mostly documentation) files in the package- Remove option --audio-drv-list because audio is detected by meson automatically in latest version.- Remove options --disable-jemalloc and --disable-tcmalloc which are changed in v6.2.0.- Update to v 6.2.0. For full release notese, see: * https://wiki.qemu.org/ChangeLog/6.2. Be sure to also check the following pages: * https://qemu-project.gitlab.io/qemu/about/removed-features.html * https://qemu-project.gitlab.io/qemu/about/deprecated.html Some notable changes: * virtio-mem: guest memory dumps are now fully supported, along with pre-copy/post-copy migration and background guest snapshots * QMP: support for nw DEVICE_UNPLUG_GUEST_ERROR to detect guest-reported hotplug failures * TCG: improvements to TCG plugin argument syntax, and multi-core support for cache plugin * 68k: improved support for Apple’s NuBus, including ability to load declaration ROMs, and slot IRQ support * ARM: macOS hosts with Apple Silicon CPUs now support ‘hvf’ accelerator for AArch64 guests * ARM: emulation support for Fujitsu A64FX processor model * ARM: emulation support for kudo-mbc machine type * ARM: M-profile MVE extension is now supported for Cortex-M55 * ARM: ‘virt’ machine now supports an emulated ITS (Interrupt Translation Service) and supports more than 123 CPUs in emulation mode * ARM: xlnx-zcu102 and xlnx-versal-virt machines now support BBRAM and eFUSE devices * PowerPC: improved POWER10 support for the ‘powernv’ machine type * PowerPC: initial support for POWER10 DD2.0 CPU model * PowerPC: support for FORM2 PAPR NUMA descriptions for ‘pseries’ machine type * RISC-V: support for Zb[abcs] instruction set extensions * RISC-V: support for vhost-user and numa mem options across all boards * RISC-V: SiFive PWM support * x86: support for new Snowridge-v4 CPU model * x86: guest support for Intel SGX * x86: AMD SEV guests now support measurement of kernel binary when doing direct kernel boot (not using a bootloader) * Patches dropped: 9pfs-fix-crash-in-v9fs_walk.patch block-introduce-max_hw_iov-for-use-in-sc.patch hmp-Unbreak-change-vnc.patch hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch hw-i386-acpi-build-Deny-control-on-PCIe-.patch i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch net-vmxnet3-validate-configuration-value.patch pcie-rename-native-hotplug-to-x-native-h.patch plugins-do-not-limit-exported-symbols-if.patch plugins-execlog-removed-unintended-s-at-.patch qemu-nbd-Change-default-cache-mode-to-wr.patch qemu-sockets-fix-unix-socket-path-copy-a.patch target-arm-Don-t-skip-M-profile-reset-en.patch target-i386-add-missing-bits-to-CR4_RESE.patch tcg-arm-Fix-tcg_out_vec_op-function-sign.patch uas-add-stream-number-sanity-checks.patch vhost-vsock-fix-migration-issue-when-seq.patch virtio-balloon-don-t-start-free-page-hin.patch virtio-mem-pci-Fix-memory-leak-when-crea.patch virtio-net-fix-use-after-unmap-free-for-.patch- Reinstate Lin Ma's fixes for bsc#1192147 as they were submitted only to IBS. * Patches added: hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch hw-i386-acpi-build-Deny-control-on-PCIe-.patch pcie-rename-native-hotplug-to-x-native-h.patch- Rename the Guest Agent service qemu-guest-agent, like in other distros (and upstream). bsc#1185543- disable QOM cast debug outside the testsuite as the corresponding asserts show up occassionally as top #1 in perf(1) traces under heavy virtio load - enable LTO when we'd like to use LTO* Patches added (bsc#1186256): qemu-binfmt-conf.sh-allow-overriding-SUS.patch- cross-i386-binutils and cross-i386-gcc are not needed and were dropped from Factory - boo#1193424- qemu: virtio-net: heap use-after-free in virtio_net_receive_rcu (bsc#1189938 CVE-2021-3748) solved by virtio-net-fix-use-after-unmap-free-for-.patch - kvm,qemu: out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702 CVE-2021-3713) * Patches added: uas-add-stream-number-sanity-checks.patch- Stable fixes from upstream * Patches added: block-introduce-max_hw_iov-for-use-in-sc.patch hmp-Unbreak-change-vnc.patch qemu-nbd-Change-default-cache-mode-to-wr.patch target-arm-Don-t-skip-M-profile-reset-en.patch vhost-vsock-fix-migration-issue-when-seq.patch virtio-mem-pci-Fix-memory-leak-when-crea.patch virtio-net-fix-use-after-unmap-free-for-.patch- Fix testsuite dependencies (bsc#1190573) * Patches added: modules-quick-fix-a-fundamental-error-in.patch- Replace patch to fix hardcoded binfmt handler (bsc#1186256) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch * Patches added: qemu-binfmt-conf.sh-should-use-F-as-shor.patch - Stable fixes from upstream * Patches added: 9pfs-fix-crash-in-v9fs_walk.patch i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch plugins-do-not-limit-exported-symbols-if.patch plugins-execlog-removed-unintended-s-at-.patch qemu-sockets-fix-unix-socket-path-copy-a.patch target-i386-add-missing-bits-to-CR4_RESE.patch virtio-balloon-don-t-start-free-page-hin.patch- Fix qemu build on ARMv7 (bsc#1190211) * Patches added: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch- Update supported file for ARM machines.- Keep qemu-img without backing format still deprecated (bsc#1190135) * Patches added: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch - Update the support files to reflect the deprecation.- Update build dependencies versions: libgcrypt >= 1.8.0, gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7- Fix hardcoded binfmt handler doesn't play well with containers (bsc#1186256) * Patches added: qemu-binfmt-conf.sh-allow-overriding-SUS.patch- Update to v6.1: see https://wiki.qemu.org/ChangeLog/6.1 For a full list of formely deprecated features that are removed, consult: https://qemu-project.gitlab.io/qemu/about/removed-features.html For a list of new deprecated features, consult: https://qemu-project.gitlab.io/qemu/about/deprecated.html Some noteworthy changes: * Removed moxie CPU. * Removed lm32 CPU. * Removed unicore32 CPU. * Removed 'info cpustats'. * Added Aspeed machines: rainier-bmc, quanta-q7l1-bmc. * Added npcm7xx machine: quanta-gbs-bmc. * Model for Aspeed's Hash and Crypto Engine. * SVE2 is now emulated, including bfloat16 support * FEAT_I8MM, FEAT_TLBIOS, FEAT_TLBRANGE, FEAT_BF16, FEAT_AA32BF16, and FEAT_MTE3 are now emulated. * Improved hot-unplug failures on PowerPC pseries machine. * Implemented some POWER10 instructions in TCG. * Added shakti_c RISC-V machine. * Improved documentation for RISC-V machines. * CPU models for gen16 have been added for s390x. * New CPU model versions added with XSAVES enabled: Skylake-Client-v4, Skylake-Server-v5, Cascadelake-Server-v5, Cooperlake-v2, Icelake-Client-v3, Icelake-Server-v5, Denverton-v3, Snowridge-v3, Dhyana-v2 * Added ACPI based PCI hotplug support to Q35 machine. Enabled and used by default since pc-q35-6.1 machine type. * Added support for the pca9546 and pca9548 I2C muxes. * Added support for PMBus and several PMBus devices. * Crypto subsystem: The preferred crypto backend driver now gnutls, with libgcrypt as the second choice, and nettle as third choice, with ordering driven mostly by performance of the ciphers. * Misc doc improvements. * Patches removed: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch hw-block-nvme-align-with-existing-style.patch hw-block-nvme-consider-metadata-read-aio.patch hw-net-can-sja1000-fix-buff2frame_bas-an.patch hw-nvme-fix-missing-check-for-PMR-capabi.patch hw-nvme-fix-pin-based-interrupt-behavior.patch hw-pci-host-q35-Ignore-write-of-reserved.patch hw-rdma-Fix-possible-mremap-overflow-in-.patch hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch hw-usb-Do-not-build-USB-subsystem-if-not.patch hw-usb-host-stub-Remove-unused-header.patch linux-user-aarch64-Enable-hwcap-for-RND-.patch module-for-virtio-gpu-pre-load-module-to.patch monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch pvrdma-Ensure-correct-input-on-ring-init.patch pvrdma-Fix-the-ring-init-error-flow-CVE-.patch qemu-config-load-modules-when-instantiat.patch qemu-config-parse-configuration-files-to.patch qemu-config-use-qemu_opts_from_qdict.patch runstate-Initialize-Error-to-NULL.patch sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch target-i386-Exit-tb-after-wrmsr.patch target-sh4-Return-error-if-CPUClass-get_.patch tcg-Allocate-sufficient-storage-in-temp_.patch tcg-arm-Fix-tcg_out_op-function-signatur.patch tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch usb-redir-avoid-dynamic-stack-allocation.patch usbredir-fix-free-call.patch vfio-ccw-Permit-missing-IRQs.patch vhost-user-blk-Check-that-num-queues-is-.patch vhost-user-blk-Don-t-reconnect-during-in.patch vhost-user-blk-Fail-gracefully-on-too-la.patch vhost-user-blk-Get-more-feature-flags-fr.patch vhost-user-blk-Make-sure-to-set-Error-on.patch vhost-user-gpu-abstract-vg_cleanup_mappi.patch vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch vhost-user-gpu-fix-leak-in-virgl_resourc.patch vhost-user-gpu-fix-memory-disclosure-in-.patch vhost-user-gpu-fix-memory-leak-in-vg_res.patch vhost-user-gpu-fix-memory-leak-while-cal.patch vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch vhost-user-gpu-fix-resource-leak-in-vg_r.patch vhost-vdpa-don-t-initialize-backend_feat.patch virtio-blk-Fix-rollback-path-in-virtio_b.patch virtio-Fail-if-iommu_platform-is-request.patch virtiofsd-Fix-side-effect-in-assert.patch vl-allow-not-specifying-size-in-m-when-u.patch vl-Fix-an-assert-failure-in-error-path.patch vl-plug-object-back-into-readconfig.patch vl-plumb-keyval-based-options-into-readc.patch x86-acpi-use-offset-instead-of-pointer-w.patch- usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) hw-usb-Do-not-build-USB-subsystem-if-not.patch hw-usb-host-stub-Remove-unused-header.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch- usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) usbredir-fix-free-call.patch- Add stable patches from upstream: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch hw-net-can-sja1000-fix-buff2frame_bas-an.patch hw-pci-host-q35-Ignore-write-of-reserved.patch- Disabled skiboot building for PowerPC due to the following issue: https://github.com/open-power/skiboot/issues/265- Fix possible mremap overflow in the pvrdma (CVE-2021-3582, bsc#1187499) hw-rdma-Fix-possible-mremap-overflow-in-.patch - Ensure correct input on ring init (CVE-2021-3607, bsc#1187539) pvrdma-Ensure-correct-input-on-ring-init.patch - Fix the ring init error flow (CVE-2021-3608, bsc#1187538) pvrdma-Fix-the-ring-init-error-flow-CVE-.patch- Fix qemu-supportconfig network-manager verification- Fix stable issues found in upstream: hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch hw-block-nvme-align-with-existing-style.patch hw-nvme-fix-missing-check-for-PMR-capabi.patch hw-nvme-fix-pin-based-interrupt-behavior.patch linux-user-aarch64-Enable-hwcap-for-RND-.patch qemu-config-load-modules-when-instantiat.patch qemu-config-parse-configuration-files-to.patch qemu-config-use-qemu_opts_from_qdict.patch runstate-Initialize-Error-to-NULL.patch target-i386-Exit-tb-after-wrmsr.patch tcg-Allocate-sufficient-storage-in-temp_.patch tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch vhost-vdpa-don-t-initialize-backend_feat.patch vl-allow-not-specifying-size-in-m-when-u.patch vl-Fix-an-assert-failure-in-error-path.patch vl-plug-object-back-into-readconfig.patch vl-plumb-keyval-based-options-into-readc.patch x86-acpi-use-offset-instead-of-pointer-w.patch- Update qemu-supportconfig plugin- Fix an update-alternative warning when removing qemu-skiboot package bsc#1178678- Use doc directive to build QEMU documentation- Improve compatibility with gcc 11: target-sh4-Return-error-if-CPUClass-get_.patch tcg-arm-Fix-tcg_out_op-function-signatur.patch- Enable zstd compression option to qcow2- Fix out-of-bounds write in virgl_cmd_get_capset CVE-2021-3546 bsc#1185981 vhost-user-gpu-abstract-vg_cleanup_mappi.patch - Fix memory leaks found in the virtio vhost-user GPU device CVE-2021-3544 bsc#1186010 vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch vhost-user-gpu-fix-leak-in-virgl_resourc.patch vhost-user-gpu-fix-memory-disclosure-in-.patch vhost-user-gpu-fix-memory-leak-in-vg_res.patch vhost-user-gpu-fix-memory-leak-while-cal.patch vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch - Fix information disclosure due to uninitialized memory read CVE-2021-3545 bsc#1185990 vhost-user-gpu-fix-resource-leak-in-vg_r.patch- disable sheepdog, it was dropped upstream ( https://gitlab.com/qemu-project/qemu/-/commit/09ec85176e4095be15f233ebc870d5680123f024) and fails to build with gcc 11 on non-x86- Fix CVE-2021-3527 in usb/redir: usb-redir-avoid-dynamic-stack-allocation.patch - Fix issues found upstream: hw-block-nvme-consider-metadata-read-aio.patch sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch vfio-ccw-Permit-missing-IRQs.patch vhost-user-blk-Check-that-num-queues-is-.patch vhost-user-blk-Don-t-reconnect-during-in.patch vhost-user-blk-Fail-gracefully-on-too-la.patch vhost-user-blk-Get-more-feature-flags-fr.patch vhost-user-blk-Make-sure-to-set-Error-on.patch virtio-blk-Fix-rollback-path-in-virtio_b.patch virtio-Fail-if-iommu_platform-is-request.patch virtiofsd-Fix-side-effect-in-assert.patch monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch- Brotli VLA error was already fixed in v5.2 but the patches wasn't included in v6.0. This change fixed that - Patches added: brotli-fix-actual-variable-array-paramet.patch hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch- For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975)- Update to v6.0: see https://wiki.qemu.org/ChangeLog/6.0 For a full list of formely deprecated features that are removed now, consult: https://qemu-project.gitlab.io/qemu/system/removed-features.html. For a list of new deprecated features, consult: https://qemu-project.gitlab.io/qemu/system/deprecated.html Some noteworthy changes: * Removed tileGX CPU (linux-user mode). * Removed ide-drive device (use ide-hd or ide-cd instead). * Removed scsi-disk device (use scsi-hd or scsi-cd instead). * Removed pc-1.0, pc-1.1, pc-1.2, and pc-1.3 machine types. * Added emulation of Arm-v8.1M arch and Cortex-M55 CPU. * Added boards mps3-an524 (Cortex-M33) and mps3-an547 (Cortex-M55). * x86: Support for running SEV-ES encrypted guests; TCG can emulate the PKS feature; WHPX accelerator supports accelerated APIC. * ARM: ARMv8.4-TTST, ARMv8.4-SEL2, FEAT_SSBS, and ARMv8.4-DIT emulation are now supported; Added ARMv8.5-MemTag extension is now supported formely linux-user. Additional device emulation support for xlnx-zynqmp, xlnx-versal, sbsa-ref, npcm7xx, and sabrelite board models. * PowerPC: powernv now allows external BMC; pseries can send QAPI message if it detects a memory hotplug failure; CPU unplug request can be retried. * s390: TCG works with Linux kernels built with clang-11 and clang12. * RISC-V: OpenSBI upgraded to v0.9; Support the QMP dump-guest-memory command; Add support for the SiFive SPI controller (sifive_u); Add QSPI NOR flash to Microchip PFSoC. * Misc doc improvements. * Multiprocess: Add experimental options to support out-of-process device emulation. * ACPI: support for assigning NICs to known names in guest OS independently of PCI slot placement. * NVMe: new emulation support for v1.4 spec with many new features, experimental support for Zoned Namespaces, multipath I/O, and End-to-End Data Protection. * Xen: New guest loader for testing of Xen-like hypervisors booting kernels. * virtiofs: misc. security fixes and performance improvements. * Tools: FUSE block exports to allow mounting any QEMU block device node as a host file. * Migration: query/info-migrate now display the migration blocker status and the reasons for blocking. * User-mode: Added support for the Qualcomm Hexagon processor. * TCG: Added support for Apple Silicon hosts (macOS). * QMP: backup jobs now support multiple asynchronous requests in parallel * VNC: virtio-vga support for scaling resolution based on client window size * Patches added: doc-add-our-support-doc-to-the-main-proj.patch * Patches removed: 9pfs-Fully-restart-unreclaim-loop-CVE-20.patch audio-add-sanity-check.patch block-Fix-deadlock-in-bdrv_co_yield_to_d.patch block-Fix-locking-in-qmp_block_resize.patch blockjob-Fix-crash-with-IOthread-when-bl.patch block-nfs-fix-int-overflow-in-nfs_client.patch block-rbd-fix-memory-leak-in-qemu_rbd_co.patch block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch block-Separate-blk_is_writable-and-blk_s.patch block-Simplify-qmp_block_resize-error-pa.patch brotli-fix-actual-variable-array-paramet.patch build-no-pie-is-no-functional-linker-fla.patch cadence_gem-switch-to-use-qemu_receive_p.patch cpu-core-Fix-help-of-CPU-core-device-typ.patch docs-add-SUSE-support-statements-to-html.patch dp8393x-switch-to-use-qemu_receive_packe.patch e1000-fail-early-for-evil-descriptor.patch e1000-switch-to-use-qemu_receive_packet-.patch hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch hw-arm-virt-Disable-pl011-clock-migratio.patch hw-block-fdc-Fix-fallback-property-on-sy.patch hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch hw-isa-Kconfig-Add-missing-dependency-VI.patch hw-isa-piix4-Migrate-Reset-Control-Regis.patch hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch hw-s390x-fix-build-for-virtio-9p-ccw.patch hw-sd-sd-Actually-perform-the-erase-oper.patch hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch hw-sd-sdhci-Correctly-set-the-controller.patch hw-sd-sdhci-Don-t-transfer-any-data-when.patch hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch hw-sd-sdhci-Limit-block-size-only-when-S.patch hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch hw-sd-sd-Move-the-sd_block_-read-write-a.patch hw-sd-sd-Skip-write-protect-groups-check.patch hw-timer-slavio_timer-Allow-64-bit-acces.patch hw-virtio-pci-Added-AER-capability.patch hw-virtio-pci-Added-counter-for-pcie-cap.patch i386-acpi-restore-device-paths-for-pre-5.patch iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch lan9118-switch-to-use-qemu_receive_packe.patch lsilogic-Use-PCIDevice-exit-instead-of-D.patch Make-keycode-gen-output-reproducible-use.patch memory-clamp-cached-translation-in-case-.patch monitor-Fix-assertion-failure-on-shutdow.patch mptsas-Remove-unused-MPTSASState-pending.patch msf2-mac-switch-to-use-qemu_receive_pack.patch net-Fix-handling-of-id-in-netdev_add-and.patch net-introduce-qemu_receive_packet.patch pcnet-switch-to-use-qemu_receive_packet-.patch qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch qemu-storage-daemon-Enable-object-add.patch rtl8139-switch-to-use-qemu_receive_packe.patch s390x-add-have_virtio_ccw.patch s390x-css-report-errors-from-ccw_dstream.patch s390x-Fix-stringop-truncation-issue-repo.patch s390x-modularize-virtio-gpu-ccw.patch s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch s390x-pci-restore-missing-Query-PCI-Func.patch spice-app-avoid-crash-when-core-spice-mo.patch sungem-switch-to-use-qemu_receive_packet.patch target-arm-Don-t-decode-insns-in-the-XSc.patch target-arm-Fix-MTE0_ACTIVE.patch target-arm-Introduce-PREDDESC-field-defi.patch target-arm-Update-PFIRST-PNEXT-for-pred_.patch target-arm-Update-REV-PUNPK-for-pred_des.patch target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch target-xtensa-fix-meson.build-rule-for-x.patch tcg-Use-memset-for-large-vector-byte-rep.patch tools-virtiofsd-Replace-the-word-whiteli.patch tx_pkt-switch-to-use-qemu_receive_packet.patch ui-vnc-Add-missing-lock-for-send_color_m.patch update-linux-headers-Include-const.h.patch Update-linux-headers-to-5.11-rc2.patch util-fix-use-after-free-in-module_load_o.patch vfio-ccw-Connect-the-device-request-noti.patch vhost-user-blk-fix-blkcfg-num_queues-end.patch viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch virtiofsd-extract-lo_do_open-from-lo_ope.patch virtiofsd-optionally-return-inode-pointe.patch virtiofsd-prevent-opening-of-special-fil.patch virtiofs-drop-remapped-security.capabili.patch virtiofsd-Save-error-code-early-at-the-f.patch virtio-move-use-disabled-flag-property-t.patch virtio-pci-compat-page-aligned-ATS.patch xen-block-Fix-removal-of-backend-instanc.patch- Include upstream patch designated as stable material and reviewed for applicability to include here mptsas-Remove-unused-MPTSASState-pending.patch - Clarify in support documents that cpu-add was removed in this release from both the human monitor protocol (HMP) and QMP interfaces- 6.0.0 qemu is about to be released. Add comments to the in- package support documents (supported..txt) about the new deprecations as of that release as an early head's up for qemu users. These deprecations include these command-line options: - M option: kernel-irqchip=off - chardev tty - chardev paraport - enable-fips - writeconfig - spice password=string- Include upstream patches designated as stable material and reviewed for applicability to include here. NOTE that the PIIX4 patch has migration implications: the change will also be applied to the SLE-15-SP2 qemu, and a live migration from that version to this SLE-15-SP3 qemu would require this patch to be applied for a successful migration if PIIX4 southbridge is used in the machine emulation (x86 i440fx) block-rbd-fix-memory-leak-in-qemu_rbd_co.patch block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch cpu-core-Fix-help-of-CPU-core-device-typ.patch hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch hw-block-fdc-Fix-fallback-property-on-sy.patch hw-isa-Kconfig-Add-missing-dependency-VI.patch hw-isa-piix4-Migrate-Reset-Control-Regis.patch hw-virtio-pci-Added-AER-capability.patch hw-virtio-pci-Added-counter-for-pcie-cap.patch s390x-css-report-errors-from-ccw_dstream.patch target-xtensa-fix-meson.build-rule-for-x.patch util-fix-use-after-free-in-module_load_o.patch virtio-pci-compat-page-aligned-ATS.patch- Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream (bsc#1181103) * Patches dropped: hw-s390x-modularize-virtio-gpu-ccw.patch * Patches added: s390x-add-have_virtio_ccw.patch s390x-modularize-virtio-gpu-ccw.patch s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch- Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144, CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282) hw-sd-sd-Actually-perform-the-erase-oper.patch hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch hw-sd-sdhci-Correctly-set-the-controller.patch hw-sd-sdhci-Don-t-transfer-any-data-when.patch hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch hw-sd-sdhci-Limit-block-size-only-when-S.patch hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch hw-sd-sd-Move-the-sd_block_-read-write-a.patch hw-sd-sd-Skip-write-protect-groups-check.patch - Fix potential privilege escalation in virtiofsd tool (CVE-2021-20263, bsc#1183373) tools-virtiofsd-Replace-the-word-whiteli.patch viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch virtiofsd-extract-lo_do_open-from-lo_ope.patch virtiofsd-optionally-return-inode-pointe.patch virtiofsd-prevent-opening-of-special-fil.patch virtiofs-drop-remapped-security.capabili.patch virtiofsd-Save-error-code-early-at-the-f.patch - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) net-introduce-qemu_receive_packet.patch rtl8139-switch-to-use-qemu_receive_packe.patch - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) cadence_gem-switch-to-use-qemu_receive_p.patch dp8393x-switch-to-use-qemu_receive_packe.patch e1000-switch-to-use-qemu_receive_packet-.patch lan9118-switch-to-use-qemu_receive_packe.patch msf2-mac-switch-to-use-qemu_receive_pack.patch pcnet-switch-to-use-qemu_receive_packet-.patch sungem-switch-to-use-qemu_receive_packet.patch tx_pkt-switch-to-use-qemu_receive_packet.patch - Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) memory-clamp-cached-translation-in-case-.patch - Include upstream patches designated as stable material and reviewed for applicability to include here hw-arm-virt-Disable-pl011-clock-migratio.patch xen-block-Fix-removal-of-backend-instanc.patch - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)- Fix s390x "mediated device is in use" error condition (bsc#1183634) update-linux-headers-Include-const.h.patch Update-linux-headers-to-5.11-rc2.patch vfio-ccw-Connect-the-device-request-noti.patch- Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577) e1000-fail-early-for-evil-descriptor.patch- Fix incorrect guest data in s390x PCI passthrough (bsc#1183372) s390x-pci-restore-missing-Query-PCI-Func.patch- Include upstream patches designated as stable material and reviewed for applicability to include here lsilogic-Use-PCIDevice-exit-instead-of-D.patch vhost-user-blk-fix-blkcfg-num_queues-end.patch - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) 9pfs-Fully-restart-unreclaim-loop-CVE-20.patch - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) net-vmxnet3-validate-configuration-value.patch- Add #!ForceMultiversion to qemu.spec: + As the spec file defines different Version: fiels for various subpackages, we must instruct OBS to not ever reset the checkin-counter, as it would by defalut on a version increase. Resetting the version counter results in sub-packages reusing their VERSION-RELEASE from the past (e.g. qemu-ipxe is version 1.0.0+, and upon checkin of a new qemu version, RELEASE is reset to 1.1, thus again producing qemu-ipxe-1.0.0+-1.1.noarch.rpm.- Fix GCC11 compiler issue in brotli (edk2) code (boo#1181922) brotli-fix-actual-variable-array-paramet.patch - Tweak a few submodule descriptions and summaries - Fix a backward compatibility issue in ACPI data i386-acpi-restore-device-paths-for-pre-5.patch- Add patch from IBM to improve modularization situation on s390 where a new qemu module, hw-s390x-virtio-gpu-ccw.so, and a corresponding new qemu-hw-s390x-virtio-gpu-ccw subpackage, is split out (this parallels the hw-display-virtio-gpu-pci.so module). Split-provides file is also used to track this functionality splitout. Both the packages supplying the above mentioned modules now have a Requires on the qemu-hw-display-virtio-gpu package. It is anticipated that this change is going in upstream as well, and if done differently the plan is to update to the upstream implementation if possible (bsc#1181103) hw-s390x-modularize-virtio-gpu-ccw.patch- Added a few more usability improvements for our git packaging workflow- Fix issue of virtio-9p-ccw having been mistakenly dropped from qemu (bsc#1182496) hw-s390x-fix-build-for-virtio-9p-ccw.patch- Tweaked some spec file details to be again compatible with quilt setup using the spec file as input - Remove BuildRequires that were added in anticipation of building ovmf within this package. We have not taken that route- Fix uninitialized variable in ipxe driver code (boo#1181922) ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch - Add a few improvements to the git-based package workflow scripts- Include additional upstream patches designated as stable material and reviewed for applicability to include here blockjob-Fix-crash-with-IOthread-when-bl.patch monitor-Fix-assertion-failure-on-shutdow.patch qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch qemu-storage-daemon-Enable-object-add.patch- Switch the modules qemu-ui-display-gpu and qemu-ui-display-gpu-pci from being an x86 only Recommends, to a Recommends for all arch's except s390x (boo#1181350) - Fix qemu-hw-usb-smartcard to not be a Recommends for s390x - Minor spec file tweaks for compatibility with upcoming spec file formatter- Make note that this patch takes care of an OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch- Include upstream patches designated as stable material and reviewed for applicability to include here block-Separate-blk_is_writable-and-blk_s.patch hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch hw-timer-slavio_timer-Allow-64-bit-acces.patch net-Fix-handling-of-id-in-netdev_add-and.patch target-arm-Don-t-decode-insns-in-the-XSc.patch target-arm-Fix-MTE0_ACTIVE.patch target-arm-Introduce-PREDDESC-field-defi.patch target-arm-Update-PFIRST-PNEXT-for-pred_.patch target-arm-Update-REV-PUNPK-for-pred_des.patch target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch tcg-Use-memset-for-large-vector-byte-rep.patch ui-vnc-Add-missing-lock-for-send_color_m.patch virtio-move-use-disabled-flag-property-t.patch- binutils v2.36 has changed the handling of the assembler's - mx86-used-note, resulting in a build failure. To compensate, we now explicitly specify -mx86-used-note=no in the seabios Makefile (boo#1181775) build-be-explicit-about-mx86-used-note-n.patch- Additional tweaks to ensure libvirt runs ok when qemu-hw-display-virtio-gpu package is not installed- Use '%service_del_postun_without_restart' instead of '%service_del_postun' to avoid "Failed to try-restart qemu-ga@.service" error while updating the qemu-guest-agent. (bsc#1178565)- Fix two additional cases of qemu crashing due to qemu module packages not being loaded. qom-handle-case-of-chardev-spice-module-.patch spice-app-avoid-crash-when-core-spice-mo.patch- Fix issue of qemu crashing (abort called) when virtio-gpu device is asked for and the qemu-hw-display-virtio-gpu package isn't installed. (bsc#1181103) module-for-virtio-gpu-pre-load-module-to.patch - Add additional inter-module package dependencies, to reflect the current module dependencies (see qemu source file: util/module.c) - As of v3.1.0 virt-manager, new VM's are created by default with audio/sound enabled, so it's time to reflect the need, at least in the spice case, by having spice-audio available when spice in general is used (boo#1180210 boo#1181132) - Further refine package Recommends/Suggests based on architecture - Remove no longer needed dependency on pwdutils (boo#1181235)- Fix qemu-testsuite issue where white space processing gets handled differently under bash 5.1 (boo#1181054) iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch- Convert qemu-kvm from a script to a symlink. Using qemu-kvm to invoke the QEMU emulator has been deprecated for some time, but is still provided. It has as it's ancient origins a version of QEMU which had KVM acceleration enabled by default, and then recently, until now, it is a shell script which execs the QEMU emulator, adding '-machine accel=kvm' to the beginning of the list of command line options passed to the emulator. This method collides with the now preferred method of specifying acceleration options by using -accel. qemu-kvm is now changed to simply be a symlink to the same QEMU binary which the prior script exec'd. This new approach takes advantage of a built-in QEMU feature where if QEMU is invoked using a program name ending in 'kvm', KVM emulation is enabled. This approach is better in that it is more compatible with any other command line option that may be added for describing acceleration. For those who have modified qemu-kvm to add additional command line options, or take other actions in the context of the script you will now need to create an alternate script "emulator" to achieve the same result. Note that it's possible there may be some very subtle behavioral difference in the switch from a script to a symlink, but given that qemu-kvm is a deprecated package, we're not going to worry about that.- Fix crash when spice used and the qemu-audio-spice package isn't installed (boo#1180210) audio-add-sanity-check.patch - Add some stable patches from upstream block-Fix-deadlock-in-bdrv_co_yield_to_d.patch block-Fix-locking-in-qmp_block_resize.patch block-nfs-fix-int-overflow-in-nfs_client.patch block-Simplify-qmp_block_resize-error-pa.patch build-no-pie-is-no-functional-linker-fla.patch- Update to v5.2.0: See http://wiki.qemu.org/ChangeLog/5.2 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in the deprecated.html file installed with the qemu package Some noteworthy changes: * Dropped system emulators: qemu-system-lm32, qemu-system-unicore32 * Dropped linux user emulator: qemu-ppc64abi32 * Added linux user emulator: qemu-extensaeb * Unicore32 and lm32 guest support dropped * New sub-packages (most due to ongoing modularization of QEMU): qemu-audio-spice, qemu-hw-chardev-spice, qemu-hw-display-virtio-vga, qemu-hw-display-virtio-gpu, qemu-hw-display-virtio-gpu-pci, qemu-ui-spice-core, qemu-ui-opengl, qemu-ivshmem-tools * x86: A new KVM feature which improves the handling of asynchronous page faults is available with -cpu ...,kvm-async-pf-int (requires Linux 5.8) * s390: More instructions emulated under TCG * PowerPC: nvdimm= machine option now functions correctly; misc improvements * ARM: new boards: mps2-an386 (Cortex-M4 based) and mps2-an500 (Cortex-M7 based), raspi3ap (the Pi 3 model A+), raspi0 (the Pi Zero) and raspi1ap (the Pi A+) * RISC-V: OpenSBI v0.8 included by default; Generic OpenSBI platform used when no -bios argument is supplied; Support for NUMA sockets on Virt and Spike Machines; Support for migrating machines; misc improvements * Misc NVMe improvements * The 'vhost-user-blk' export type has been added, allowing qemu-storage-daemon to act as a vhost-user-blk device backend * The SMBIOS OEM strings can now come from a file * 9pfs - misc performance related improvements * virtiofs - misc improvements * migration: The default migration bandwidth has been increased to 1Gbps (users are still encouraged to tune it to their own hardware); The new 'calc-dirty-rate' and 'query-dirty-rate' QMP commands can help determine the likelihood of precopy migration success; TLS+multifd now supported for higher bandwidth encrypted migration; misc minor features added * Misc minor block features added * Misc doc improvements * qemu-microvm subpackage change: the bios-microvm.bin is now SeaBIOS based, and the qboot based on is now qboot.rom * elf2dmp is no longer part of qemu-tools (it was never intended to be a packaged binary) * Some subpackages which were 'Requires' are now 'Recommends', allowing for a smaller qemu packaging footprint if needed * Patches dropped (included in release tarball, unless otherwise noted): docs-fix-trace-docs-build-with-sphinx-3..patch (fixed differently) hw-hyperv-vmbus-Fix-32bit-compilation.patch linux-user-properly-test-for-infinite-ti.patch Switch-order-of-libraries-for-mpath-supp.patch (fixed differently) Conditionalize-ui-bitmap-installation-be.patch (fixed differently) hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch (no longer using gcc9) hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch (no longer using gcc9) roms-Makefile-enable-cross-compile-for-b.patch (fixed with different patch) libvhost-user-handle-endianness-as-manda.patch virtio-add-vhost-user-fs-ccw-device.patch Fix-s-directive-argument-is-null-error.patch build-Workaround-compilation-error-with-.patch build-Be-explicit-about-fcommon-compiler.patch intel-Avoid-spurious-compiler-warning-on.patch golan-Add-explicit-type-casts-for-nodnic.patch Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch ensure-headers-included-are-compatible-w.patch Enable-cross-compile-prefix-for-C-compil.patch (fixed differently) hw-net-net_tx_pkt-fix-assertion-failure-.patch hw-net-xgmac-Fix-buffer-overflow-in-xgma.patch s390x-protvirt-allow-to-IPL-secure-guest.patch usb-fix-setup_len-init-CVE-2020-14364.patch * Patches added: meson-install-ivshmem-client-and-ivshmem.patch Revert-roms-efirom-tests-uefi-test-tools.patch Makefile-Don-t-check-pc-bios-as-pre-requ.patch roms-Makefile-add-cross-file-to-qboot-me.patch qboot-add-cross.ini-file-to-handle-aarch.patch usb-Help-compiler-out-to-avoid-a-warning.patch - In spec file, where reasonable, switch BuildRequires: XXX-devel to be pkgconfig(XXX') instead - No longer disable link time optimization for qemu for x86. It looks like either the build service, qemu code changes and/or the switch to meson have resolved issues previously seen there. We still see problems for other architectures however. - For the record, the following issues reported for SUSE SLE15-SP2 are either fixed in this current package, or are otherwise no longer an issue: bsc#1172384 bsc#1174386 bsc#1174641 bsc#1174863 bsc#1175370 bsc#1175441 bsc#1176494 CVE-2020-13361 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092 CVE-2020-24352 and the following feature requests are satisfied by this package: jsc#SLE-13689 jsc#SEL-13780 jsc#SLE-13840 - To be more accurate, and to align with other qemu packaging practices, rename the qemu-s390 package to qemu-s390x. The old name (in the rpm namespace) is provided with a "Provides" directive, and an "Obsoletes" done against that name for prior qemu versions, as is standard practice (boo#1177764 jsc#SLE-17060) - Take this opportunity to remove some ancient Split-Provides mechanisms which can't conceivably be needed any more: qemu-block-curl provided: qemu:%_libdir/%name/block-curl.so qemu-guest-agent provided: qemu:%_bindir/qemu-ga qemu-tools provided: qemu:%_libexecdir/qemu-bridge-helper- Disable linux-user 'ls' test on 32 bit arm. It's failing with "Allocating guest commpage: Cannot allocate memory" error, which we should hunt down, but for now we don't want it to prevent the package from being built- Be more careful about what directives are used for qemu-testsuite- Fix some spec file 'Requires' statements to be accurate to the new model of relying on system-user-qemu and system-group-kvm to provide the needed users and groups- Added io_uring support.- A patch has been applied to virt-manager to handle qemu spice related modules not being present, so undo the change from Sep 30, 2020. Once again qemu-hw-display-qxl and qemu-hw-usb-redirect are Recommends and not Required by the qemu package (boo#1157320 boo#1176517, boo#1178141) - For jsc#SLE-11629, change qemu, qemu-tools, and qemu-guest-agent to rely on system-user-qemu and system-group-kvm to provide now static system UIDs and GID's for qemu user and group, and kvm group. This will make guest migration more seamless for new installations since there is no chance of having required ID's differ in value.- Add virtio-fs support for s390x (jsc#SLE-13822) libvhost-user-handle-endianness-as-manda.patch virtio-add-vhost-user-fs-ccw-device.patch- Note: As part of the "Close the Leap Gap" effort, it's been decided that our SDL2 support in qemu is not worth trying to maintain. Long ago SLE qemu stopped including SDL2 support and now we will do the same for the openSUSE releases going forward. Accordingly SDL2 options are now configured out, and the two sub- packages which are SDL2 specific, namely qemu-audio-sdl and qemu-ui-sdl, are no longer generated, and due to the rpm package conflicts used for those packages, they will be uninstalled from systems as qemu updates move forward - Drop e2fsprogs-devel and libpcap-devel as BuildRequires packages. They have not actually been needed to build qemu for a very long time - Add more forsplits files- Create qemu-skiboot sub-package. Use update-alternatives mechanism to coordinate with opal-firmware (provided with skiboot package set) on the provider of the /usr/share/qemu/skiboot.lid firmware file. qemu-skiboot uses a priority of 15, while opal-firmware uses a priority of 10 (jsc#SLE-13240)- Undo part of the split-provides recently done. We have to wait on virt-manager to handle qemu modularization better before we make qemu-hw-display-qxl and qemu-hw-usb-redirect non-required (boo#1157320 boo#1176517)- Fix spec file, where a conditional macro didn't have the correct syntax (bsc#1176766)- Change qemu-x86 packaging relationship with qemu-microvm from Requires to Recommends- In an effort to "Close the Leap Gap", remove use of is_opensuse from the spec file, so that the same packages built for SLE can be reused for Leap. Some sub-packages will not be included for SLE which are included for Leap. They wil be provided in Package Hub for SLE users as unsupported packages. (jsc#SLE-11660, jsc#SLE-11661, jsc#SLE-11662, jsc#SLE-11691, jse#SLE-11692, jsc#SLE-11894)- Add infrastructure to do package splits when split-off package isn't required and doesn't (otherwise) include any previously installed files. This version of qemu has split out non-essential functionality into loadable modules, as noted in Aug 20, 2020 log entry, which describes the emergency Split-Provides. That approach will be superseded by this planned approach, and those dummy doc files will be removed in time Here is the new mapping: subpackage continuity file provided (files are dummies) ========== ============================================ qemu-chardev-baum /usr/share/qemu/forsplits/00 qemu-hw-display-qxl /usr/share/qemu/forsplits/01 qemu-hw-usb-redirect /usr/share/qemu/forsplits/02 qemu-hw-usb-smartcard /usr/share/qemu/forsplits/03- Fix path of qemu-pr-helper. It was a mistake to move it from %_bindir to _libexecdir. In more recent qemu code it's been moved back, so undo this mistake by providing it at the same location as it has been all along- For SLE15-SP3, note that this update to v5.1.0 is a step towards fulfilling jsc#SLE-13689, which asks for qemu v5.2.0 or higher- Fix some shell syntax in update_git.sh, esp. an issue exposed by the most recent patch added- Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) usb-fix-setup_len-init-CVE-2020-14364.patch - Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, JIRA, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2020-1983 CVE-2020-10761 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 * bsc#1167816 bsc#1170940 boo#1171712 bsc#1172383 bsc#1172384 bsc#1172386 bsc#1172495 bsc#1172710 * Patches dropped (SLE) (included in current release tarball): exec-set-map-length-to-zero-when-returni.patch i386-acpi-Remove-_HID-from-the-SMBus-ACP.patch megasas-use-unsigned-type-for-reply_queu.patch- Fix compilation errors seen with pre-release gcc 11 qht-Revert-some-constification-in-qht.c.patch Revert-qht-constify-qht_statistics_init.patch help-compiler-out-by-initializing-array.patch s390x-Fix-stringop-truncation-issue-repo.patch - Add Split-Provides mechanism, using doc files which were moved in v5.1.0. This allows for the new subpackages to be selected for install when the v5.0.0 qemu is updated. These new subpackages are not marked as "Required" by any packages, in an effort to reduce the dependencies of the core qemu components (boo#1175320) v5.0.0 qemu file mapping is provided as follows: subpackage continuity file provided (files are dummies) ========== ============================================ qemu-chardev-baum /usr/share/doc/packages/qemu/qemu-ga-ref.html qemu-hw-display-qxl /usr/share/doc/packages/qemu/qemu-ga-ref.txt qemu-hw-usb-redirect /usr/share/doc/packages/qemu/qemu-qmp-ref.html qemu-hw-usb-smartcard /usr/share/doc/packages/qemu/qemu-qmp-ref.txt- Fix wrong usage of %{_libexecdir} for systemd owned paths below %{_prefix}/lib.- Update to v5.1.0: See http://wiki.qemu.org/ChangeLog/5.1 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in the deprecated.html file installed with the qemu package Some noteworthy changes: * s390: Protected virtualization (secure execute) is fully merged upstream * s390: vfio-ccw devices no longer require setting the allow prefetch bit in the ORB, but is still dependent on host kernel support * s390: vfio-ccw now has basic support for relaying path state changes to the guest * PowerPC: pseries: NVDIMMs require label-size property * PowerPC: pseries: POWER10 support * PowerPC: added interface to inject POWER style NMIs * ARM: new board: sonorapass-bmc * ARM: new emulated features: ARMv8.2-TTSUXN, ARMv8.5-MemTag * ARM: Raspberry Pi boards now support a USB controller * ARM: virt board now supports hot-remove memory * RISC-V lots of improvements * qemu-img resize now requires -shrink to shrinking raw images * The mem parameter of the -numa option is no longer recognized starting with 5.1 machine types - instead use the memdev parameter * The ACPI WAET table is now exposed to guests * The max blocksize for virtual storage device is now 2 MiB * NVMe improvements * Crypto subsystem improvements * Block backends and tools: Numerous improvements and fixes * Firmware updates: SeaBIOS (essentially v1.14.0), OpenBIOS, SLOF (20200717), OpenSBI (v0.7) * Patches dropped (upstream unless otherwise noted): ati-vga-check-mm_index-before-recursive-.patch audio-fix-wavcapture-segfault.patch es1370-check-total-frame-count-against-c.patch exec-set-map-length-to-zero-when-returni.patch gcc10-maybe-uninitialized.patch hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch megasas-use-unsigned-type-for-reply_queu.patch nbd-server-Avoid-long-error-message-asse.patch ppc-spapr_caps-Don-t-disable-cap_cfpc-on.patch s390x-Add-SIDA-memory-ops.patch s390x-Add-unpack-facility-feature-to-GA1.patch s390x-Move-diagnose-308-subcodes-and-rcs.patch s390x-protvirt-Add-migration-blocker.patch s390x-protvirt-Disable-address-checks-fo.patch s390x-protvirt-Handle-SIGP-store-status-.patch s390x-protvirt-Inhibit-balloon-when-swit.patch s390x-protvirt-KVM-intercept-changes.patch s390x-protvirt-Move-diag-308-data-over-S.patch s390x-protvirt-Move-IO-control-structure.patch s390x-protvirt-Move-STSI-data-over-SIDAD.patch s390x-protvirt-SCLP-interpretation.patch s390x-protvirt-Set-guest-IPL-PSW.patch s390x-protvirt-Support-unpack-facility.patch s390x-s390-virtio-ccw-Fix-build-on-syste.patch Sync-pv.patch tests-Disable-some-block-tests-for-now.patch (no longer needed) vga-fix-cirrus-bios.patch virtiofsd-add-rlimit-nofile-NUM-option.patch virtiofsd-stay-below-fs.file-max-sysctl-.patch * Patches renamed: build-Do-not-apply-WORKAROUND_CFLAGS-for.patch - > Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch build-Fix-s-directive-argument-is-null-e.patch - > Fix-s-directive-argument-is-null-error.patch * Patches added: hw-hyperv-vmbus-Fix-32bit-compilation.patch - New subpackages, due to modularization: qemu-chardev-baum, qemu-hw-display-qxl, qemu-hw-usb-redirect, qemu-hw-usb-smartcard - Configure to use "system" libslirp and libdaxctl (libnvdimm) when available- Don't disable cap_cfpc on POWER8 by default (bsc#1174374) ppc-spapr_caps-Don-t-disable-cap_cfpc-on.patch- Updating to Sphinx v3.1.2 in Factory is exposing an issue in qemu doc sources. Fix it docs-fix-trace-docs-build-with-sphinx-3..patch- Fix DoS possibility in ati-vga emulation (CVE-2020-13800 bsc#1172495) ati-vga-check-mm_index-before-recursive-.patch - Fix DoS possibility in Network Block Device (nbd) support infrastructure (CVE-2020-10761 bsc#1172710) nbd-server-Avoid-long-error-message-asse.patch - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386) exec-set-map-length-to-zero-when-returni.patch - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) megasas-use-unsigned-type-for-reply_queu.patch - Fix legacy IGD passthrough hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch- The latest gcc10 available in Factory has the fix for the issue this patch was created to avoid, so drop it build-Work-around-gcc10-bug-by-not-using.patch- Switch to upstream versions of some patches we carry add-enum-cast-to-avoid-gcc10-warning.patch - > golan-Add-explicit-type-casts-for-nodnic.patch Be-explicit-about-fcommon-compiler-direc.patch - > build-Be-explicit-about-fcommon-compiler.patch Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch - > build-Do-not-apply-WORKAROUND_CFLAGS-for.patch Fix-s-directive-argument-is-null-error.patch - > build-Fix-s-directive-argument-is-null-e.patch Workaround-compilation-error-with-gcc-9..patch - > build-Workaround-compilation-error-with-.patch work-around-gcc10-problem-with-zero-leng.patch - > intel-Avoid-spurious-compiler-warning-on.patch - Fix vgabios issue for cirrus graphics emulation, which effectively downgraded it to standard VGA behavior vga-fix-cirrus-bios.patch- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) es1370-check-total-frame-count-against-c.patch- Work around gcc 10 bug (boo#1172411) build-Work-around-gcc10-bug-by-not-using.patch- Now that gcc10 compatibility is figured out, remove NO_WERROR=1 again from ipxe make.- Fix segfault when doing HMP wavcapture (boo#1171712) audio-fix-wavcapture-segfault.patch- Fix DoS in virtiofsd, where a FUSE client could exhaust the number of available open files on the host (CVE-2020-10717 bsc#1171110) virtiofsd-add-rlimit-nofile-NUM-option.patch virtiofsd-stay-below-fs.file-max-sysctl-.patch- Add more fixes for gcc10 compatibility: Use NO_WERROR=1 when building ipxe sources, at least until we get gcc10 compatibility figured out. Also add patch for explicitly using -fcommon (boo#1171140) Be-explicit-about-fcommon-compiler-direc.patch and fix for tighter enum compatibility checking (boo#1171139) add-enum-cast-to-avoid-gcc10-warning.patch and a work around for what seems to be a compiler regression (boo#1171123) work-around-gcc10-problem-with-zero-leng.patch- Update to v5.0.0: See http://wiki.qemu.org/ChangeLog/5.0 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in the deprecated.html file installed with the qemu package Some noteworthy changes: * x86: EPYC-Rome vcpu model * x86: vcpu model fixes for EPYC, Denverton, and Icelake-Server * s390: (as previously mentioned) Protected Virtualization support: start and control guest in secure mode (bsc#1167075 jsc#SLE-7407) * s390: support for Adapter Interrupt Suppression while running in KVM mode * PowerPC: pseries: NVDIMMs with file backend supported * PowerPC: powernv: KVM guests now runnable under TCG emulation * PowerPC: powernv: Basic POWER10 support * ARM: new boards: tacoma-bmc, Netduindo Plus 2, Orangepi PC * ARM: 'virt' machine now supports vTPM and virtio-iommu devices * ARM:Cortex-M7 CPU support * ARM: Lots of architecture features now emulated * ARM: TPM supported * ARM: Timekeeping improvements * ARM: LOTS more - refer to upstream changelog * virtio-iommu * VNC compatibility with noVNC improved * Support for using memory backends for main/"built-in" guest RAM * hostmem backends can now specify prealloc thread count * Better Azure compatibility of VHD images * Ceph namespaces supported * Compress block filter driver can create compressed backup images * virtiofsd availble for host filesystem passthrough * Improved html based documentation is provided with this release * Live migration support for external processes running on QEMU D-Bus * Patches dropped (upstream unless otherwise noted): i386-Add-MSR-feature-bit-for-MDS-NO.patch i386-Add-macro-for-stibp.patch i386-Add-new-CPU-model-Cooperlake.patch arm-arm-powerctl-set-NSACR.-CP11-CP10-bi.patch iotests-Skip-test-060-if-it-is-not-possi.patch iotests-Skip-test-079-if-it-is-not-possi.patch Revert-qemu-options.hx-Update-for-reboot.patch iotests-Provide-a-function-for-checking-.patch Fix-double-free-issue-in-qemu_set_log_fi.patch iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch virtio-blk-fix-out-of-bounds-access-to-b.patch block-Activate-recursively-even-for-alre.patch i386-Resolve-CPU-models-to-v1-by-default.patch numa-properly-check-if-numa-is-supported.patch vhost-user-gpu-Drop-trailing-json-comma.patch display-bochs-display-fix-memory-leak.patch hw-arm-smmuv3-Apply-address-mask-to-line.patch hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MAS.patch hw-arm-smmuv3-Check-stream-IDs-against-a.patch hw-arm-smmuv3-Align-stream-table-base-ad.patch hw-arm-smmuv3-Use-correct-bit-positions-.patch hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch block-Add-bdrv_qapi_perm_to_blk_perm.patch blkdebug-Allow-taking-unsharing-permissi.patch virtio-add-ability-to-delete-vq-through-.patch virtio-update-queue-size-on-guest-write.patch virtio-don-t-enable-notifications-during.patch numa-Extend-CLI-to-provide-initiator-inf.patch numa-Extend-CLI-to-provide-memory-latenc.patch numa-Extend-CLI-to-provide-memory-side-c.patch hmat-acpi-Build-Memory-Proximity-Domain-.patch hmat-acpi-Build-System-Locality-Latency-.patch hmat-acpi-Build-Memory-Side-Cache-Inform.patch tests-numa-Add-case-for-QMP-build-HMAT.patch qcow2-bitmaps-fix-qcow2_can_store_new_di.patch backup-top-Begin-drain-earlier.patch virtio-mmio-update-queue-size-on-guest-w.patch virtio-net-delete-also-control-queue-whe.patch intel_iommu-a-fix-to-vtd_find_as_from_bu.patch target-i386-Add-new-bit-definitions-of-M.patch target-i386-Add-missed-features-to-Coope.patch hw-i386-pc-fix-regression-in-parsing-vga.patch migration-test-ppc64-fix-FORTH-test-prog.patch target-arm-Return-correct-IL-bit-in-merg.patch target-arm-Set-ISSIs16Bit-in-make_issinf.patch runstate-ignore-finishmigrate-prelaunch-.patch migration-Rate-limit-inside-host-pages.patch m68k-Fix-regression-causing-Single-Step-.patch Revert-vnc-allow-fall-back-to-RAW-encodi.patch vnc-prioritize-ZRLE-compression-over-ZLI.patch target-i386-kvm-initialize-feature-MSRs-.patch s390x-adapter-routes-error-handling.patch iscsi-Cap-block-count-from-GET-LBA-STATU.patch block-backup-fix-memory-leak-in-bdrv_bac.patch tpm-ppi-page-align-PPI-RAM.patch hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch target-arm-fix-TCG-leak-for-fcvt-half-do.patch block-fix-memleaks-in-bdrv_refresh_filen.patch block-backup-top-fix-failure-path.patch iotests-add-test-for-backup-top-failure-.patch audio-oss-fix-buffer-pos-calculation.patch target-arm-monitor-query-cpu-model-expan.patch block-fix-crash-on-zero-length-unaligned.patch block-Fix-VM-size-field-width-in-snapsho.patch target-arm-Correct-definition-of-PMCRDP.patch block-nbd-extract-the-common-cleanup-cod.patch block-nbd-fix-memory-leak-in-nbd_open.patch virtio-crypto-do-delete-ctrl_vq-in-virti.patch virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch vhost-user-blk-delete-virtioqueues-in-un.patch hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch pc-bios-s390x-Save-iplb-location-in-lowc.patch iotests-Fix-nonportable-use-of-od-endian.patch block-qcow2-threads-fix-qcow2_decompress.patch job-refactor-progress-to-separate-object.patch block-block-copy-fix-progress-calculatio.patch block-io-fix-bdrv_co_do_copy_on_readv.patch scsi-qemu-pr-helper-Fix-out-of-bounds-ac.patch target-ppc-Fix-rlwinm-on-ppc64.patch compat-disable-edid-on-correct-virtio-gp.patch ppc-ppc405_boards-Remove-unnecessary-NUL.patch block-Avoid-memleak-on-qcow2-image-info-.patch block-bdrv_set_backing_bs-fix-use-after-.patch hmp-vnc-Fix-info-vnc-list-leak.patch migration-colo-fix-use-after-free-of-loc.patch migration-ram-fix-use-after-free-of-loca.patch qcow2-List-autoclear-bit-names-in-header.patch sheepdog-Consistently-set-bdrv_has_zero_.patch target-arm-Fix-PAuth-sbox-functions.patch tcg-i386-Fix-INDEX_op_dup2_vec.patch net-tulip-check-frame-size-and-r-w-data-.patch target-i386-do-not-set-unsupported-VMX-s.patch spapr-Fix-failure-path-for-attempting-to.patch ati-vga-Fix-checks-in-ati_2d_blt-to-avoi.patch xen-block-Fix-double-qlist-remove-and-re.patch vpc-Don-t-round-up-already-aligned-BAT-s.patch target-xtensa-fix-pasto-in-pfwait.r-opco.patch aio-wait-delegate-polling-of-main-AioCon.patch async-use-explicit-memory-barriers.patch tcg-mips-mips-sync-encode-error.patch vhost-user-gpu-Release-memory-returned-b.patch vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch (no pc-0.15) hw-i386-disable-smbus-migration-for-xenf.patch s390x-Don-t-do-a-normal-reset-on-the-ini.patch s390x-Move-reset-normal-to-shared-reset-.patch s390x-Move-initial-reset.patch s390x-Move-clear-reset.patch s390x-kvm-Make-kvm_sclp_service_call-voi.patch s390x-ipl-Consolidate-iplb-validity-chec.patch s390x-Beautify-diag308-handling.patch s390x-Add-missing-vcpu-reset-functions.patch s390-sclp-improve-special-wait-psw-logic.patch vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch util-add-slirp_fmt-helpers.patch slirp-use-correct-size-while-emulating-I.patch tcp_emu-Fix-oob-access.patch slirp-use-correct-size-while-emulating-c.patch tcp_emu-fix-unsafe-snprintf-usages.patch - For SLE builds, leverage the html documentation by adding a link to the SUSE specific support documentation (the *.txt support doc was slightly tweaked to be acceptable as reStructuredText for conversion to html) docs-add-SUSE-support-statements-to-html.patch-Fix potential DoS in ATI VGA emulation (CVE-2020-11869 bsc#1170537) ati-vga-Fix-checks-in-ati_2d_blt-to-avoi.patch- Minor tweaks to patches and support doc- Add gcc10-maybe-uninitialized.patch in order to fix boo#1169728.- Include upstream patches targeted for the next stable release (bug fixes only) spapr-Fix-failure-path-for-attempting-to.patch target-i386-do-not-set-unsupported-VMX-s.patch target-xtensa-fix-pasto-in-pfwait.r-opco.patch tcg-i386-Fix-INDEX_op_dup2_vec.patch tcg-mips-mips-sync-encode-error.patch vhost-user-gpu-Release-memory-returned-b.patch vpc-Don-t-round-up-already-aligned-BAT-s.patch xen-block-Fix-double-qlist-remove-and-re.patch - Fix bug causing weak encryption in PAuth for ARM (CVE-2020-10702 bsc#1168681) target-arm-Fix-PAuth-sbox-functions.patch - Fix OOB in tulip NIC emulation (CVE-2020-11102 bsc#1168713 net-tulip-check-frame-size-and-r-w-data-.patch - Note that previously included patch addresses CVE-2020-1711 and bsc#1166240 iscsi-Cap-block-count-from-GET-LBA-STATU.patch - Include performance improvement (and related?) patch aio-wait-delegate-polling-of-main-AioCon.patch async-use-explicit-memory-barriers.patch - Rework previous patch at Olaf H.'s direction hw-i386-disable-smbus-migration-for-xenf.patch - Eliminate is_opensuse usage in producing seabios version string what we are doing here is just replacing the upstream string with one indicating that the openSUSE build service built it, and so just leave it as "-rebuilt.opensuse.org" - Alter algorithm used to produce "unique" symbol for coordinating qemu with the optional modules it may load. This is a reasonable relaxation for broader compatibility configure-remove-pkgversion-from-CONFIG_.patch - Tweak supported.*.txt for latest deprecations, and other fixes - Tweak update_git.sh, config.sh- One more fix is needed for: s390x Protected Virtualization support - start and control guest in secure mode (bsc#1167075 jsc#SLE-7407) s390x-s390-virtio-ccw-Fix-build-on-syste.patch- Include upstream patches targeted for the next stable release (bug fixes only) block-Avoid-memleak-on-qcow2-image-info-.patch block-bdrv_set_backing_bs-fix-use-after-.patch hmp-vnc-Fix-info-vnc-list-leak.patch migration-colo-fix-use-after-free-of-loc.patch migration-ram-fix-use-after-free-of-loca.patch ppc-ppc405_boards-Remove-unnecessary-NUL.patch qcow2-List-autoclear-bit-names-in-header.patch scsi-qemu-pr-helper-Fix-out-of-bounds-ac.patch sheepdog-Consistently-set-bdrv_has_zero_.patch- Note The previous set of s390x patches also includes the fix for: bsc#1167445- Include upstream patches targeted for the next stable release (bug fixes only) block-io-fix-bdrv_co_do_copy_on_readv.patch compat-disable-edid-on-correct-virtio-gp.patch target-ppc-Fix-rlwinm-on-ppc64.patch vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch - s390x Protected Virtualization support - start and control guest in secure mode. (note: binary patch from patch series dropped since for s390x we rebuild the patched binary anyways) (bsc#1167075 jsc#SLE-7407) s390-sclp-improve-special-wait-psw-logic.patch s390x-Add-missing-vcpu-reset-functions.patch s390x-Add-SIDA-memory-ops.patch s390x-Add-unpack-facility-feature-to-GA1.patch s390x-Beautify-diag308-handling.patch s390x-Don-t-do-a-normal-reset-on-the-ini.patch s390x-ipl-Consolidate-iplb-validity-chec.patch s390x-kvm-Make-kvm_sclp_service_call-voi.patch s390x-Move-clear-reset.patch s390x-Move-diagnose-308-subcodes-and-rcs.patch s390x-Move-initial-reset.patch s390x-Move-reset-normal-to-shared-reset-.patch s390x-protvirt-Add-migration-blocker.patch s390x-protvirt-Disable-address-checks-fo.patch s390x-protvirt-Handle-SIGP-store-status-.patch s390x-protvirt-Inhibit-balloon-when-swit.patch s390x-protvirt-KVM-intercept-changes.patch s390x-protvirt-Move-diag-308-data-over-S.patch s390x-protvirt-Move-IO-control-structure.patch s390x-protvirt-Move-STSI-data-over-SIDAD.patch s390x-protvirt-SCLP-interpretation.patch s390x-protvirt-Set-guest-IPL-PSW.patch s390x-protvirt-Support-unpack-facility.patch Sync-pv.patch- Fix the issue that s390x could not read IPL channel program when using dasd as boot device (bsc#1163140) pc-bios-s390x-Save-iplb-location-in-lowc.patch- Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 bsc#1161066 CVE-2020-7039) slirp-use-correct-size-while-emulating-c.patch slirp-use-correct-size-while-emulating-I.patch tcp_emu-Fix-oob-access.patch tcp_emu-fix-unsafe-snprintf-usages.patch util-add-slirp_fmt-helpers.patch - Replace this patch with upstream version target-arm-monitor-query-cpu-model-expan.patch- Include upstream patches targeted for the next stable release (bug fixes only) audio-oss-fix-buffer-pos-calculation.patch blkdebug-Allow-taking-unsharing-permissi.patch block-Add-bdrv_qapi_perm_to_blk_perm.patch block-backup-top-fix-failure-path.patch block-block-copy-fix-progress-calculatio.patch block-fix-crash-on-zero-length-unaligned.patch block-fix-memleaks-in-bdrv_refresh_filen.patch block-Fix-VM-size-field-width-in-snapsho.patch block-nbd-extract-the-common-cleanup-cod.patch block-nbd-fix-memory-leak-in-nbd_open.patch block-qcow2-threads-fix-qcow2_decompress.patch hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch iotests-add-test-for-backup-top-failure-.patch iotests-Fix-nonportable-use-of-od-endian.patch job-refactor-progress-to-separate-object.patch target-arm-Correct-definition-of-PMCRDP.patch target-arm-fix-TCG-leak-for-fcvt-half-do.patch tpm-ppi-page-align-PPI-RAM.patch vhost-user-blk-delete-virtioqueues-in-un.patch virtio-add-ability-to-delete-vq-through-.patch virtio-crypto-do-delete-ctrl_vq-in-virti.patch virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch- Add Obsoletes directive for qemu-audio-sdl and qemu-ui-sdl since for a qemu package upgrade from SLE12-SP5, support for SDL is dropped- Fix xenfv migration from xen host with pre-v4.0 qemu. We had previously dropped a similar patch, but have decided that for now we need to go with this type of solution (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch- Avoid query-cpu-model-expansion crashed qemu when using machine type none, patch is queued in upstream now, will update commit id later (bsc#1159443) target-arm-monitor-query-cpu-model-expan.patch- BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow OBS to shortcut through -mini flavors.- Stop using system membarriers (ie switch from --enable-membarrier to --disable-membarrier). This is a blocker for using qemu in the context of containers (boo#1130134 jsc#SLE-11089) - Drop this recently added patch - in consultation with upstream it was decided it needed to be solved a different way (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch - Include upstream patches targeted for the next stable release (bug fixes only) block-backup-fix-memory-leak-in-bdrv_bac.patch iscsi-Cap-block-count-from-GET-LBA-STATU.patch s390x-adapter-routes-error-handling.patch target-i386-kvm-initialize-feature-MSRs-.patch- Include upstream patches targeted for the next stable release (bug fixes only) hw-i386-pc-fix-regression-in-parsing-vga.patch m68k-Fix-regression-causing-Single-Step-.patch migration-Rate-limit-inside-host-pages.patch migration-test-ppc64-fix-FORTH-test-prog.patch Revert-vnc-allow-fall-back-to-RAW-encodi.patch runstate-ignore-finishmigrate-prelaunch-.patch target-arm-Return-correct-IL-bit-in-merg.patch target-arm-Set-ISSIs16Bit-in-make_issinf.patch vnc-prioritize-ZRLE-compression-over-ZLI.patch- BuildRequire pkconfig(systemd) instead of systemd: allow OBS to shortcut through the -mini flavors. - Use systemd_ordering in place of systemd_requires: systemd is never a strict requirement for qemu; but when installing qemu on a systemd-managed system, we want system to be present first.- Fix xenfv migration from xen host with pre-v4.0 qemu (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch- Create files within bundles.tar.xz with fixed timestamp and uid- Add a %bcond_without system_membarrier along with related processing to the spec file, to better investigate running QEMU with the --disable-membarrier configure option- Include upstream patches targeted for the next stable release (bug fixes only) arm-arm-powerctl-set-NSACR.-CP11-CP10-bi.patch backup-top-Begin-drain-earlier.patch block-Activate-recursively-even-for-alre.patch display-bochs-display-fix-memory-leak.patch Fix-double-free-issue-in-qemu_set_log_fi.patch hw-arm-smmuv3-Align-stream-table-base-ad.patch hw-arm-smmuv3-Apply-address-mask-to-line.patch hw-arm-smmuv3-Check-stream-IDs-against-a.patch hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MAS.patch hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch hw-arm-smmuv3-Use-correct-bit-positions-.patch i386-Resolve-CPU-models-to-v1-by-default.patch intel_iommu-a-fix-to-vtd_find_as_from_bu.patch iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch iotests-Provide-a-function-for-checking-.patch iotests-Skip-test-060-if-it-is-not-possi.patch iotests-Skip-test-079-if-it-is-not-possi.patch numa-properly-check-if-numa-is-supported.patch qcow2-bitmaps-fix-qcow2_can_store_new_di.patch Revert-qemu-options.hx-Update-for-reboot.patch vhost-user-gpu-Drop-trailing-json-comma.patch virtio-blk-fix-out-of-bounds-access-to-b.patch virtio-mmio-update-queue-size-on-guest-w.patch virtio-net-delete-also-control-queue-whe.patch virtio-update-queue-size-on-guest-write.patch - Include performance improvement virtio-don-t-enable-notifications-during.patch - Repair incorrect packaging references to Jira tracked features- Add Cooperlake vcpu model (jsc#SLE-7923) i386-Add-MSR-feature-bit-for-MDS-NO.patch i386-Add-macro-for-stibp.patch i386-Add-new-CPU-model-Cooperlake.patch target-i386-Add-new-bit-definitions-of-M.patch target-i386-Add-missed-features-to-Coope.patch - Add HMAT support (jsc#SLE-8897) (the test case for this series isn't included because we aren't set up to handle binary patches) numa-Extend-CLI-to-provide-initiator-inf.patch numa-Extend-CLI-to-provide-memory-latenc.patch numa-Extend-CLI-to-provide-memory-side-c.patch hmat-acpi-Build-Memory-Proximity-Domain-.patch hmat-acpi-Build-System-Locality-Latency-.patch hmat-acpi-Build-Memory-Side-Cache-Inform.patch tests-numa-Add-case-for-QMP-build-HMAT.patch- Update to v4.2.0: See http://wiki.qemu.org/ChangeLog/4.2 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * x86: Denverton, Snowridge, and Dhyana CPU models added * x86: Latest version of all CPU models how have TSX (HLE and RTM) disabled by default * x86: Support for AVX512 BFloat16 extensions * x86: VMX features exposed more accurately and controllably * s390: TCG now implements IEP (Instruction Execution Protection) * PowerPC: POWER8 and POWER9 non-virtualized machines separated out * PowerPC: RTAS now comes from SLOF instead of QEMU itself * PowerPC: Unplug of multifunction PCI devices now unplugs the whole slot, as in x86 * ARM: Support for >256 CPUs with KVM is fixed * ARM: Memory hotplug now supported , when using UEFI, ACPI, for virt machine type * ARM: SVE support possuble now for KVM guests * ARM: ACPI generic event device can now deliver powerdown event * The backend device can be specified for a guest audio device * virtio v1.1 packed virtqueues supported * Socket based character device backends now support TCP keep-alive * Use encryption library cipher mode facilities, allowing improved performance for eg. AES-XTS encrption * Misc block device improvements, esp. with nbd - See the following few release-candidate changelog entries for additional changes related to this release - Switched package build to be out-of-tree- Update to v4.2.0-rc5: See http://wiki.qemu.org/ChangeLog/4.2- Update to v4.2.0-rc4: See http://wiki.qemu.org/ChangeLog/4.2 * Update the support documents used for SUSE SLE releases to cover this qemu release- Update to v4.2.0-rc3: See http://wiki.qemu.org/ChangeLog/4.2 * Patches dropped (upstream unless otherwise noted): ati-add-edid-support.patch ati-vga-add-rage128-edid-support.patch ati-vga-fix-ati_read.patch ati-vga-make-i2c-register-and-bits-confi.patch ati-vga-make-less-verbose.patch ati-vga-try-vga-ddc-first.patch Disable-Waddress-of-packed-member-for-GC.patch hdata-vpd-fix-printing-char-0x00.patch target-i386-add-PSCHANGE_NO-bit-for-the-.patch target-i386-Export-TAA_NO-bit-to-guests.patch vbe-add-edid-support.patch vga-add-ati-bios-tables.patch vga-add-atiext-driver.patch vga-make-memcpy_high-public.patch vga-move-modelist-from-bochsvga.c-to-new.patch * Patches added: Enable-cross-compile-prefix-for-C-compil.patch ensure-headers-included-are-compatible-w.patch roms-Makefile-enable-cross-compile-for-b.patch * Add qemu-ui-spice-app package containing ui-spice-app.so * Add qemu-microvm package containing bios-microvm.bin - Add descriptors for the 128k and 256k SeaBios firmware images - For the record, the following issues reported for SUSE SLE15-SP1 are either fixed in this current package, or are otherwise not an issue: bsc#1079730 bsc#1098403 bsc#1111025 bsc#1128106 bsc#1133031 bsc#1134883 bsc#1135210 bsc#1135902 bsc#1136540 bsc#1136778 bsc#1138534 bsc#1140402 bsc#1143794 bsc#1145379 bsc#1144087 bsc#1145427 bsc#1145436 bsc#1145774 bsc#1146873 bsc#1149811 bsc#1152506 bsc#1155812 bsc#1156642 CVE-2018-12207 CVE-2019-5008 CVE-2019-11135 CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890, and the following feature requests are satisfied by this package: fate#327410 fate#327764 fate#327796 jsc#SLE-4883 jsc#SLE-6132 jsc#SLE-6237 jsc#SLE-6754- Expose pschange-mc-no "feature", indicating CPU does not have the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812) target-i386-add-PSCHANGE_NO-bit-for-the-.patch - Expose taa-no "feature", indicating CPU does not have the TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506) target-i386-Export-TAA_NO-bit-to-guests.patch Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Update to v4.1.1, a stable, bug-fix-only release * Besides incorporating the following fixes we already carried, it includes about the same number of other, similar type fixes which we hadn't yet incorporated. * Patches dropped (subsumed by stable update): block-Add-bdrv_co_get_self_request.patch block-create-Do-not-abort-if-a-block-dri.patch block-file-posix-Let-post-EOF-fallocate-.patch block-file-posix-Reduce-xfsctl-use.patch block-io-refactor-padding.patch blockjob-update-nodes-head-while-removin.patch block-Make-wait-mark-serialising-request.patch block-nfs-tear-down-aio-before-nfs_close.patch coroutine-Add-qemu_co_mutex_assert_locke.patch curl-Check-completion-in-curl_multi_do.patch curl-Handle-success-in-multi_check_compl.patch curl-Keep-pointer-to-the-CURLState-in-CU.patch curl-Keep-socket-until-the-end-of-curl_s.patch curl-Pass-CURLSocket-to-curl_multi_do.patch curl-Report-only-ready-sockets.patch hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch hw-core-loader-Fix-possible-crash-in-rom.patch make-release-pull-in-edk2-submodules-so-.patch memory-Provide-an-equality-function-for-.patch mirror-Keep-mirror_top_bs-drained-after-.patch pr-manager-Fix-invalid-g_free-crash-bug.patch qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch qcow2-Fix-corruption-bug-in-qcow2_detect.patch qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch qcow2-Fix-the-calculation-of-the-maximum.patch roms-Makefile.edk2-don-t-pull-in-submodu.patch s390-PCI-fix-IOMMU-region-init.patch s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch target-alpha-fix-tlb_fill-trap_arg2-valu.patch target-arm-Don-t-abort-on-M-profile-exce.patch target-arm-Free-TCG-temps-in-trans_VMOV_.patch util-iov-introduce-qemu_iovec_init_exten.patch vhost-Fix-memory-region-section-comparis.patch vpc-Return-0-from-vpc_co_create-on-succe.patch Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Fix %arm builds- Fix two issues with qcow2 image processing which could affect disk integrity qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch- Work around a host kernel xfs bug which can result in qcow2 image corruption block-io-refactor-padding.patch util-iov-introduce-qemu_iovec_init_exten.patch block-Make-wait-mark-serialising-request.patch block-Add-bdrv_co_get_self_request.patch block-file-posix-Let-post-EOF-fallocate-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Correct package names in _constraints after switch to multibuild.- Address potential corruption when using qcow2 images coroutine-Add-qemu_co_mutex_assert_locke.patch qcow2-Fix-corruption-bug-in-qcow2_detect.patch - Include more tweaks to our packaging workflow scripts - this will continue as we refine the scripts - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- use %gcc_version for cross compilers (boo#1153703)- Add upstream edk2 submodule fix for creating tarball - Switch to upstream patch for avoiding git ref in edk2 makefile - Fix failing block tests which aren't compatible with the configure option --enable-membarrier * Patches dropped: roms-Makefile.edk2-don-t-invoke-git-sinc.patch tests-block-io-test-130-needs-some-delay.patch * Patches added: make-release-pull-in-edk2-submodules-so-.patch roms-Makefile.edk2-don-t-pull-in-submodu.patch tests-Fix-block-tests-to-be-compatible-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Reduce the cross compiler versions we rely on - Fix some qemu-testsuite issues, reducing known error cases test-add-mapping-from-arch-of-i686-to-qe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Since our spec file has bashisms, include the following in the spec file: %define _buildshell /bin/bash- Disable some block tests which randomly fail. This is in context of the build service build of qemu-testsuite tests-Disable-some-block-tests-for-now.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Add some post v4.1.0 upstream stable patches * Patches added: mirror-Keep-mirror_top_bs-drained-after-.patch s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch target-alpha-fix-tlb_fill-trap_arg2-valu.patch target-arm-Free-TCG-temps-in-trans_VMOV_.patch target-arm-Don-t-abort-on-M-profile-exce.patch qcow2-Fix-the-calculation-of-the-maximum.patch block-file-posix-Reduce-xfsctl-use.patch pr-manager-Fix-invalid-g_free-crash-bug.patch vpc-Return-0-from-vpc_co_create-on-succe.patch block-nfs-tear-down-aio-before-nfs_close.patch block-create-Do-not-abort-if-a-block-dri.patch curl-Keep-pointer-to-the-CURLState-in-CU.patch curl-Keep-socket-until-the-end-of-curl_s.patch curl-Check-completion-in-curl_multi_do.patch curl-Pass-CURLSocket-to-curl_multi_do.patch curl-Report-only-ready-sockets.patch curl-Handle-success-in-multi_check_compl.patch blockjob-update-nodes-head-while-removin.patch memory-Provide-an-equality-function-for-.patch vhost-Fix-memory-region-section-comparis.patch hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch s390-PCI-fix-IOMMU-region-init.patch hw-core-loader-Fix-possible-crash-in-rom.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Include more tweaks to our packaging workflow scripts - Produce qemu-linux-user and qemu-testsuite via the build service multibuild capability, instead of duplicating the spec file and using package link in build service * combine qemu-linux-user spec file into main qemu spec file. Since this model uses a single changelog, here are some historicial mentions from the now unused qemu-linux-user.changes (delta from qemu's was quite minimal): - Adjust to a v5.2 linux kernel change regarding SIOCGSTAMP - Fix pwrite64/pread64 to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600) * bsc#1112499 * Since qemu-testsuite.spec and qemu-testsuite.changes were just copies of the main qemu version nothing needs to be done there- Build opensbi from source on riscv64- Update to v4.1.0: See http://wiki.qemu.org/ChangeLog/4.1 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * x86: CPU models are now versioned * x86: CPU die topology can now be configured * x86: New Hygon Dhyana and Intel Snowridge CPU models * s390: The bios now supports IPL (boot) from ECKD DASD assigned to the guest via vfio-ccw * s390: The bios now tolerates the presence of bootmap signature entries written by zipl * PowerPC: pseries machine now supports KVM acceleration (kernel_irqchip=on) of the XIVE interrupt controller * PowerPC: pseries now supports hot-plug of PCI bridges and hot-plug and unplug of devices under PCI bridges * ARM: QEMU now supports emulating an FPU for Cortex-M CPUs, and the Cortex-M4 and Cortex-M33 now provide the FP * Python 2 support is deprecated * UEFI platform firmware binaries, and matching variable store templates are now installed * Now it's possible to specify memory-less NUMA node when using "-numa node,memdev" options * Possible to trigger self announcement on specific network interfaces * Default memory distribution between NUMA nodes is now deprecated * Fallback to normal RAM allocation if QEMU is not able to allocate from the "-mem-path" provided file/filesystem is now deprecated * virtio-gpu 2d/3d rendering may now be offloaded to an external vhost-user process, such as QEMU vhost-user-gpu * QEMU will automatically try to use the MAP_SYNC mmap flag for memory backends configured with pmem=on,share=on * Additional SeaVGABIOS patches added for vga-ati compatibility - Drop attempt at build compatibility with SLE12 - New sub-packages: qemu-edk2, qemu-vhost-user-gpu - Conditionalize building of qemu-edk2 (and leave unbuilt for now) - Implement new packaging workflow, includes no longer numbering patches, and having the "current git repo" stored with the package in the form of git bundles * Patches dropped (upstream unless otherwise noted): 0027-tests-test-thread-pool-is-racy-add-.patch 0032-tests-Fix-Makefile-handling-of-chec.patch 0034-Revert-target-i386-kvm-add-VMX-migr.patch 0036-sockets-avoid-string-truncation-war.patch 0039-linux-user-avoid-string-truncation-.patch 0040-linux-user-elfload-Fix-GCC-9-build-.patch 0041-qxl-avoid-unaligned-pointer-reads-w.patch 0042-libvhost-user-fix-Waddress-of-packe.patch 0043-target-i386-define-md-clear-bit.patch 0045-kbd-state-fix-autorepeat-handling.patch 0046-target-ppc-ensure-we-get-null-termi.patch 0049-qxl-check-release-info-object.patch 0050-qemu-bridge-helper-restrict-interfa.patch 0051-linux-user-fix-to-handle-variably-s.patch ipxe-use-gcc6-for-more-compact-code.patch (no longer needed) (the next three are replaced by the upstream equivalent) ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch ipxe-build-Disable-gcc-address-of-packed-member-warning.patch ipxe-efi-Avoid-string-op-warning-with-cross-gcc-7-compile.patch slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input.patch * Patches renamed: 0001-XXX-dont-dump-core-on-sigabort.patch - > XXX-dont-dump-core-on-sigabort.patch 0002-qemu-binfmt-conf-Modify-default-pat.patch - > qemu-binfmt-conf-Modify-default-path.patch 0003-qemu-cvs-gettimeofday.patch - > qemu-cvs-gettimeofday.patch 0004-qemu-cvs-ioctl_debug.patch - > qemu-cvs-ioctl_debug.patch 0005-qemu-cvs-ioctl_nodirection.patch - > qemu-cvs-ioctl_nodirection.patch 0006-linux-user-add-binfmt-wrapper-for-a.patch - > linux-user-add-binfmt-wrapper-for-argv-0.patch 0007-PPC-KVM-Disable-mmu-notifier-check.patch - > PPC-KVM-Disable-mmu-notifier-check.patch 0008-linux-user-binfmt-support-host-bina.patch - > linux-user-binfmt-support-host-binaries.patch 0009-linux-user-Fake-proc-cpuinfo.patch - > linux-user-Fake-proc-cpuinfo.patch 0010-linux-user-use-target_ulong.patch - > linux-user-use-target_ulong.patch 0011-Make-char-muxer-more-robust-wrt-sma.patch - > Make-char-muxer-more-robust-wrt-small-FI.patch 0012-linux-user-lseek-explicitly-cast-no.patch - > linux-user-lseek-explicitly-cast-non-set.patch 0013-AIO-Reduce-number-of-threads-for-32.patch - > AIO-Reduce-number-of-threads-for-32bit-h.patch 0014-xen_disk-Add-suse-specific-flush-di.patch - > xen_disk-Add-suse-specific-flush-disable.patch 0015-qemu-bridge-helper-reduce-security-.patch - > qemu-bridge-helper-reduce-security-profi.patch 0016-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch 0017-linux-user-properly-test-for-infini.patch - > linux-user-properly-test-for-infinite-ti.patch 0018-roms-Makefile-pass-a-packaging-time.patch - > roms-Makefile-pass-a-packaging-timestamp.patch 0019-Raise-soft-address-space-limit-to-h.patch - > Raise-soft-address-space-limit-to-hard-l.patch 0020-increase-x86_64-physical-bits-to-42.patch - > increase-x86_64-physical-bits-to-42.patch 0021-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch 0022-i8254-Fix-migration-from-SLE11-SP2.patch - > i8254-Fix-migration-from-SLE11-SP2.patch 0023-acpi_piix4-Fix-migration-from-SLE11.patch - > acpi_piix4-Fix-migration-from-SLE11-SP2.patch 0024-Switch-order-of-libraries-for-mpath.patch - > Switch-order-of-libraries-for-mpath-supp.patch 0025-Make-installed-scripts-explicitly-p.patch - > Make-installed-scripts-explicitly-python.patch 0026-hw-smbios-handle-both-file-formats-.patch - > hw-smbios-handle-both-file-formats-regar.patch 0028-xen-add-block-resize-support-for-xe.patch - > xen-add-block-resize-support-for-xen-dis.patch 0029-tests-qemu-iotests-Triple-timeout-o.patch - > tests-qemu-iotests-Triple-timeout-of-i-o.patch 0030-tests-block-io-test-130-needs-some-.patch - > tests-block-io-test-130-needs-some-delay.patch 0031-xen-ignore-live-parameter-from-xen-.patch - > xen-ignore-live-parameter-from-xen-save-.patch 0033-Conditionalize-ui-bitmap-installati.patch - > Conditionalize-ui-bitmap-installation-be.patch 0035-tests-change-error-message-in-test-.patch - > tests-change-error-message-in-test-162.patch 0037-hw-usb-hcd-xhci-Fix-GCC-9-build-war.patch - > hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch 0038-hw-usb-dev-mtp-Fix-GCC-9-build-warn.patch - > hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch 0044-hw-intc-exynos4210_gic-provide-more.patch - > hw-intc-exynos4210_gic-provide-more-room.patch 0047-configure-only-populate-roms-if-sof.patch - > configure-only-populate-roms-if-softmmu.patch 0048-pc-bios-s390-ccw-net-avoid-warning-.patch - > pc-bios-s390-ccw-net-avoid-warning-about.patch keycodemapdb-make-keycode-gen-output-reproducible.patch - > Make-keycode-gen-output-reproducible-use.patch ipxe-stub-out-the-SAN-req-s-in-int13.patch - > stub-out-the-SAN-req-s-in-int13.patch sgabios-fix-cross-build.patch deleted - > roms-sgabios-Fix-csum8-to-be-built-by-ho.patch sgabios-stable-buildid.patch - > sgabios-Makefile-fix-issues-of-build-rep.patch skiboot-gcc9-compat.patch - > Disable-Waddress-of-packed-member-for-GC.patch ipxe-stable-buildid.patch - > ipxe-Makefile-fix-issues-of-build-reprod.patch seabios-fix_cross_compilation.patch - > enable-cross-compilation-on-ARM.patch * Patches added: roms-change-cross-compiler-naming-to-be-.patch roms-Makefile.edk2-don-t-invoke-git-sinc.patch vga-move-modelist-from-bochsvga.c-to-new.patch vga-make-memcpy_high-public.patch vga-add-atiext-driver.patch vga-add-ati-bios-tables.patch vbe-add-edid-support.patch ati-add-edid-support.patch ati-vga-make-less-verbose.patch ati-vga-fix-ati_read.patch ati-vga-make-i2c-register-and-bits-confi.patch ati-vga-try-vga-ddc-first.patch ati-vga-add-rage128-edid-support.patch Fix-s-directive-argument-is-null-error.patch Workaround-compilation-error-with-gcc-9..patch Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch hdata-vpd-fix-printing-char-0x00.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Since we build seabios, take advantage of ability to add our own identifying version info by changing SEABIOS_EXTRAVERSION from "-prebuilt.qemu.org" to "-rebuilt.suse.com" (or "-rebuilt.opensuse.org for openSUSE releases)- Security fix for heap overflow in ip_reass on big packet input (CVE-2019-14378, bsc#1143794) slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0 * Patches added: 0051-linux-user-fix-to-handle-variably-s.patch- Make keycode-gen output reproducible (use SOURCE_DATE_EPOCH timestamp) keycodemapdb-make-keycode-gen-output-reproducible.patch- Security fix for null pointer dereference while releasing spice resources (CVE-2019-12155, bsc#1135902) 0049-qxl-check-release-info-object.patch - Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (CVE-2019-13164, bsc#1140402) 0050-qemu-bridge-helper-restrict-interfa.patch - Replace patch 0043 with an upstream version 0043-target-i386-define-md-clear-bit.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- fixed regression for ksm.service was (bsc#1112646)- Content of packaged %_docdir/%name/interop/_static/ dir depends on python-Sphinx version, so lets just wildcard specifying those files, rather than trying to manage a specific file list- Last change exposed that we still do rely on python2. Make spec file adjustment- Switch from python-Sphinx to Sphinx from python variant we are building with (new Sphinx is for python3 only)- Fix a number of compatibility issues with the stricter gcc9 checks * Disable warning for taking address of packed structure members 0048-pc-bios-s390-ccw-net-avoid-warning-.patch * Fix case of strncpy where null terminated string not guaranteed 0046-target-ppc-ensure-we-get-null-termi.patch * Disable warning for taking address of packed structure members and fix case of passing null pointer as "%s" format parameter skiboot-gcc9-compat.patch - Fix configure script which caused firmware to be built in linux-user only build. 0047-configure-only-populate-roms-if-sof.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Fix regression in autorepeat key handling 0045-kbd-state-fix-autorepeat-handling.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Fix file list- Yet another gcc9 related code fix (bsc#1121464) 0044-hw-intc-exynos4210_gic-provide-more.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Switch to now upstreamed version of patch and add one more gcc9 related patch * Patches renamed: 0041-qxl-fix-Waddress-of-packed-member.patch - > 0041-qxl-avoid-unaligned-pointer-reads-w.patch 0042-libvhost-user-fix-Waddress-of-packe.patch - Add x86 cpu feature "md-clear" (CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 bsc#1111331) 0043-target-i386-define-md-clear-bit.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Correct logic of which ipxe patches get included based on suse_version. We were wrongly excluding a gcc9 related patch for example- Switch to now upstreamed version of some patches * Patches renamed: 0036-util-qemu-sockets-Fix-GCC-9-build-w.patch - > 0036-sockets-avoid-string-truncation-war.patch 0039-linux-user-uname-Fix-GCC-9-build-wa.patch - > 0039-linux-user-avoid-string-truncation-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Create /usr/share/qemu/firmware and /etc/qemu/firmware directories in support of the firmware descriptor feature now in use as of libvirt v5.2- Disable LTO as suggested by Martin Liska (boo#1133281) - Remove and obsolete qemu-oss-audio subpackage. OSS audio is very old, and we didn't really even configure the package properly for it for a very long time, so presumably there can't be any users of it as far as qemu is concerned - Avoid warnings which gcc9 complains about 0036-util-qemu-sockets-Fix-GCC-9-build-w.patch 0037-hw-usb-hcd-xhci-Fix-GCC-9-build-war.patch 0038-hw-usb-dev-mtp-Fix-GCC-9-build-warn.patch 0039-linux-user-uname-Fix-GCC-9-build-wa.patch 0040-linux-user-elfload-Fix-GCC-9-build-.patch 0041-qxl-fix-Waddress-of-packed-member.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Update to v4.0.0: See http://wiki.qemu.org/ChangeLog/4.0 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * ARM: ARMv8+ extensions for SB, PredInv, HPD, LOR, FHM, AA32HPD, PAuth, JSConv, CondM, FRINT, and BTI * ARM: new emulation support for "Musca" and "MPS2" development boards * ARM: virt: support for >255GB of RAM and u-boot "noload" image types * ARM: improved emulation of ARM PMU * HPPA: support for TLB protection IDs and TLB trace events * MIPS: support for multi-threaded TCG emulation * MIPS: emulation support for I7200 I6500 CPUs, QMP-base querying of CPU types, and improved support for SAARI and SAAR configuration registers * MIPS: improvements to Interthread Communication Unit, Fulong 2E machine types, and end-user documentation. * PowerPC: pseries/powernv: support for POWER9 large decrementer * PowerPC: pseries: emulation support for XIVE interrupt controller * PowerPC: pseries: support for hotplugging PCI host bridges (PHBs) * PowerPC: pseries: Spectre/Meltdown mitigations enabled by default, additional support for count-cache-flush mitigation * RISC-V: virt: support for PCI and USB * RISC-V: support for TSR, TW, and TVM fields of mstatus, FS field now supports three stats (dirty, clean, and off) * RISC-V: built-in gdbserver supports register lists via XML files * s390: support for z14 GA 2 CPU model, Multiple-epoch and PTFF features now enabled in z14 CPU model by default * s390: vfio-ap: now supports hot plug/unplug, and no longer inhibits memory ballooning * s390: emulation support for floating-point extension facility and vector support instructions * x86: HAX accelerator now supported POSIX hosts other than Darwin, including Linux and NetBSD * x86: Q35: advertised PCIe root port speeds will now optimally default to maximum link speed (16GT/s) and width (x32) provided by PCIe 4.0 for QEMU 4.0+ machine types; older machine types will retain 2.5GT/x1 defaults for compatibility. * x86: Xen PVH images can now be booted with "-kernel" option * Xtensa: xtfpga: improved SMP support for linux (interrupt distributor, IPI, and runstall) and new SMP-capable test_mmuhifi_c3 core configuration * Xtensa: support for Flexible length instructions extension (FLIX) * GUI: new '-display spice-app' to configure/launch a Spice client GUI with a similar UI to QEMU GTK. VNC server now supports access controls via tls-authz/sasl-authz options * QMP: support for "out-of-band" command execution, can be useful for postcopy migration recovery. Additional QMP commands for working with block devices and dirty bitmaps * VFIO: EDID interface for supported mdev (Intel vGPU for kernel 5.0+), allows resolution setting via xres/yres options. * Xen: new 'xen-disk' device which can create a Xen PV disk backend, and performance improvements for Xen PV disk backend. * Network Block Device: improved tracing and error diagnostics, improved client compatibility with buggy NBD server implementations, new - -bitmap, --list, --tls-authz options for qemu-nbd * virtio-blk now supports DISCARD and WRITE_ZEROES * qemu-test-suite output is now in TAP format * Sphinx now used for part of qemu documentation * A few more configure features are enabled: iconv, lzfse (for openSUSE) * Provide better logo icons - Made these package building changes: * Removed this token from spec file: #!BuildIgnore: gcc-PIE * Created ability to build qemu source out-of-tree * Added BSD-2-Clause license clause due to EDK II code inclusion * Patches dropped (upstream unless otherwise noted): 0010-Remove-problematic-evdev-86-key-fro.patch 0025-Fix-tigervnc-long-press-issue.patch 0026-string-input-visitor-Fix-uint64-par.patch 0027-test-string-input-visitor-Add-int-t.patch 0028-test-string-input-visitor-Add-uint6.patch 0029-tests-Add-QOM-property-unit-tests.patch 0030-tests-Add-scsi-disk-test.patch 0033-smbios-Add-1-terminator-if-any-stri.patch (different approach used) 0034-qemu-io-tests-comment-out-problemat.patch (not as needed) 0039-xen_disk-Avoid-repeated-memory-allo.patch 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0045-hw-usb-fix-mistaken-de-initializati.patch 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch 0047-pvrdma-release-device-resources-in-.patch 0048-rdma-check-num_sge-does-not-exceed-.patch 0049-pvrdma-add-uar_read-routine.patch 0050-pvrdma-check-number-of-pages-when-c.patch 0051-pvrdma-check-return-value-from-pvrd.patch 0052-pvrdma-release-ring-object-in-case-.patch 0053-block-Fix-hangs-in-synchronous-APIs.patch 0054-linux-user-make-pwrite64-pread64-fd.patch 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch 0056-slirp-check-data-length-while-emula.patch 0057-s390x-Return-specification-exceptio.patch 0059-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch 0061-slirp-check-sscanf-result-when-emul.patch 0062-ppc-add-host-serial-and-host-model-.patch 0063-i2c-ddc-fix-oob-read.patch 0064-device_tree.c-Don-t-use-load_image.patch 0065-spapr-Simplify-handling-of-host-ser.patch ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch ipxe-fix-build.patch skiboot-hdata-i2c.c-fix-building-with-gcc8.patch * Patches renamed: 0011-linux-user-use-target_ulong.patch - > 0010-linux-user-use-target_ulong.patch 0012-Make-char-muxer-more-robust-wrt-sma.patch - > 0011-Make-char-muxer-more-robust-wrt-sma.patch 0013-linux-user-lseek-explicitly-cast-no.patch - > 0012-linux-user-lseek-explicitly-cast-no.patch 0014-AIO-Reduce-number-of-threads-for-32.patch - > 0013-AIO-Reduce-number-of-threads-for-32.patch 0015-xen_disk-Add-suse-specific-flush-di.patch - > 0014-xen_disk-Add-suse-specific-flush-di.patch 0016-qemu-bridge-helper-reduce-security-.patch - > 0015-qemu-bridge-helper-reduce-security-.patch 0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0016-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0018-linux-user-properly-test-for-infini.patch - > 0017-linux-user-properly-test-for-infini.patch 0019-roms-Makefile-pass-a-packaging-time.patch - > 0018-roms-Makefile-pass-a-packaging-time.patch 0020-Raise-soft-address-space-limit-to-h.patch - > 0019-Raise-soft-address-space-limit-to-h.patch 0021-increase-x86_64-physical-bits-to-42.patch - > 0020-increase-x86_64-physical-bits-to-42.patch 0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0021-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0023-i8254-Fix-migration-from-SLE11-SP2.patch - > 0022-i8254-Fix-migration-from-SLE11-SP2.patch 0024-acpi_piix4-Fix-migration-from-SLE11.patch - > 0023-acpi_piix4-Fix-migration-from-SLE11.patch 0031-Switch-order-of-libraries-for-mpath.patch - > 0024-Switch-order-of-libraries-for-mpath.patch 0032-Make-installed-scripts-explicitly-p.patch - > 0025-Make-installed-scripts-explicitly-p.patch 0035-tests-test-thread-pool-is-racy-add-.patch - > 0027-tests-test-thread-pool-is-racy-add-.patch 0036-xen-add-block-resize-support-for-xe.patch - > 0028-xen-add-block-resize-support-for-xe.patch 0037-tests-qemu-iotests-Triple-timeout-o.patch - > 0029-tests-qemu-iotests-Triple-timeout-o.patch 0038-tests-block-io-test-130-needs-some-.patch - > 0030-tests-block-io-test-130-needs-some-.patch 0040-xen-ignore-live-parameter-from-xen-.patch - > 0031-xen-ignore-live-parameter-from-xen-.patch 0058-Revert-target-i386-kvm-add-VMX-migr.patch - > 0034-Revert-target-i386-kvm-add-VMX-migr.patch * Patches added: 0026-hw-smbios-handle-both-file-formats-.patch 0032-tests-Fix-Makefile-handling-of-chec.patch 0033-Conditionalize-ui-bitmap-installati.patch 0035-tests-change-error-message-in-test-.patch ipxe-efi-Avoid-string-op-warning-with-cross-gcc-7-compile.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream adjustments for the same. Basically now the security fix is to provide a dummy host-model and host-serial value, which overrides getting that value from the host 0065-spapr-Simplify-handling-of-host-ser.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Tweak last spec file change to guard new Requires with conditional - Fix DOS possibility in device tree processing (CVE-2018-20815 bsc#1130675) 0064-device_tree.c-Don-t-use-load_image.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Remove an unneeded BuildRequires which impacts bsc#1119414 fix Also add a corresponding Recommends for qemu-tools as part of this packaging adjustment (bsc#1130484) - Fix information leak in slirp (CVE-2019-9824 bsc#1129622) 0061-slirp-check-sscanf-result-when-emul.patch - Add method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (CVE-2019-8934 bsc#1126455) 0062-ppc-add-host-serial-and-host-model-.patch - Fix OOB memory access and information leak in virtual monitor interface (CVE-2019-03812 bsc#1125721) 0063-i2c-ddc-fix-oob-read.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Again address ipxe GCC 9 incompatibilities. Previously included patch to disable unneeded warning got muffed somehow (bsc#1121464)- Package and cross-build rom files for aarch64 from SLE15/Leap15.0 to fix boo#1125964 - Add patch to fix seabios cross-compilation: * seabios-fix_cross_compilation.patch - Add patch to fix sgabios cross-compilation: * sgabios-fix-cross-build.patch- Fix _constraints to include all architectures for disk size (fix aarch64)- Revert upstream patch which declares x86 vmx feature a migration blocker. Given the proliferation of using vm's with host features passed through and the general knowledge that nested virtualization has many usage caveats, but still gets put in use in restricted scenarios, this patch did more harm than good, I feel. So despite this relaxation, please consider yourself warned that nested virtualization is not yet a supportable feature. (bsc#1121604) 0058-Revert-target-i386-kvm-add-VMX-migr.patch - Fix SEV VM device assignment (bsc#1123205) 0059-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Remove 71-sev.rules, which modifies the default permissions of /dev/sev by adding the kvm group as reader/writer. Upstream decided to take a different approach for libvirt to manage SEV due to security concerns which I agree overrides the convenience of providing /dev/sev access to all the kvm group (bsc#1124842 bsc#1102604)- Increase memory needed to build qemu-testsuite for ppc* arch's in _constraints file- Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0057-s390x-Return-specification-exceptio.patch- Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156) 0056-slirp-check-data-length-while-emula.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Fix ipxe GCC 9 incompatibilities (bsc#1121464) ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch ipxe-build-Disable-gcc-address-of-packed-member-warning.patch- Tweak Xen interface to be compatible with upcoming v4.12 Xen 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0054-linux-user-make-pwrite64-pread64-fd.patch (bsc#1121600)- Clarify that move to include v3.1.0 in qemu package corresponds with fate#327089, which of course builds on v3.0.0 mentioned previously, and that among other patches which this change obsoletes (because functionality is included in base version) I will mention one pointed out by reviewers: 0094-s390x-cpumodels-add-z14-Model-ZR1.patch- include post v3.1.0 patches marked for next stable release: 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0045-hw-usb-fix-mistaken-de-initializati.patch - Address various security/stability issues * Fix host access vulnerability in usb-mtp infrastructure (CVE-2018-16872 bsc#1119493) 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch * Fix DoS in pvrdma interface (CVE-2018-20123 bsc#1119437) 0047-pvrdma-release-device-resources-in-.patch * Fix OOB access issue in rdma backend (CVE-2018-20124 bsc#1119840) 0048-rdma-check-num_sge-does-not-exceed-.patch * Fix NULL pointer reference in pvrdma emulation (CVE-2018-20191 bsc#1119979) 0049-pvrdma-add-uar_read-routine.patch * Fix DoS in pvrdma interface (CVE-2018-20125 bsc#1119989) 0050-pvrdma-check-number-of-pages-when-c.patch * Fix DoS in pvrdma interface (CVE-2018-20216 bsc#1119984) 0051-pvrdma-check-return-value-from-pvrd.patch * Fix DoS in pvrdma interface (CVE-2018-20126 bsc#1119991) 0052-pvrdma-release-ring-object-in-case-.patch - one more post v3.1.0 patches marked for next stable release: 0053-block-Fix-hangs-in-synchronous-APIs.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0040-xen-ignore-live-parameter-from-xen-.patch (bsc#1079730, bsc#1101982, bsc#1063993)- Follow up on ideas prompted by last change: clean up the patches generated by git workflow. There is no value to the first line (mbox From line), or [PATCH] on subject line. Get rid of those - Other minor fixes and improvements to update_git.sh- Modify update_git.sh script: pass --zero-commit to format-patch This removes needless noise in the buildservice when the same set of patches is imported/exported at different times by different users. pass --no-signature to format-patch Remove sed call which used to remove the signature, use mv instead- Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646)- fix memory leak in xen_disk (bsc#1100408) 0039-xen_disk-Avoid-repeated-memory-allo.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- building against xen-devel requires the XC_* compat macros to be set because this version of QEMU will be built against many versions of Xen. configure will decide on the appropriate function names it knows about today. To actually call these functions, future versions of Xen may require XC_* to be set. Furthermore, fix a bug in QEMU: xen_common.h undefines the XC_* macros unconditionally.- Update to v3.1.0: See http://wiki.qemu.org/ChangeLog/3.1 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * x86 IceLake-Server and IceLake-Client cpu models added * Document recommendations for choosing cpu modesl for x86 guests * Support for Hyper-V enlightened VMCS * stdvga and bochs-display devices can expose EDID information to the guest. stdvga xres and yres properties are exposed in the EDID information * s390 improvements: vfio-ap crypto device support, max-cpu model added, etoken support, huge page backing support * ARM: ARMv6M architecture and Cortex-M0 cpu host support added, Cortex-A72 cpu model added, GICv2 virtualization extensions, emulation of AArch32 virtualization, Scalable Vector Extension implemented * Support for AMD IOMMU interrupt remapping and guest virtual APIC mode * Multithreaded TCG on x86 is considered supportable * Add a patch to triple timeout of block io tests, since the obs environment is fickle * x86 save/restore and live migration is prohibited if Intel KVM nested virtualization is enabled * Patches dropped (upstream unless otherwise noted): 0033-migration-warn-about-inconsistent-s.patch (shouldn't be needed anymore) 0035-configure-Modify-python-used-for-io.patch (upstream now python3 friendly) 0039-tests-boot-serial-test-Bump-timeout.patch 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch 0047-linux-user-init_guest_space-Try-to-.patch 0048-ne2000-fix-possible-out-of-bound-ac.patch 0049-rtl8139-fix-possible-out-of-bound-a.patch 0050-pcnet-fix-possible-buffer-overflow.patch 0051-net-ignore-packet-size-greater-than.patch 0052-lsi53c895a-check-message-length-val.patch 0053-nvme-fix-oob-access-issue-CVE-2018-.patch (fixed differently upstream) * Patches renamed: 0034-smbios-Add-1-terminator-if-any-stri.patch - > 0033-smbios-Add-1-terminator-if-any-stri.patch 0036-qemu-io-tests-comment-out-problemat.patch - > 0034-qemu-io-tests-comment-out-problemat.patch 0037-tests-test-thread-pool-is-racy-add-.patch - > 0035-tests-test-thread-pool-is-racy-add-.patch 0038-xen-add-block-resize-support-for-xe.patch - > 0036-xen-add-block-resize-support-for-xe.patch * Patches added: 0037-tests-qemu-iotests-Triple-timeout-o.patch 0038-tests-block-io-test-130-needs-some-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Update includes the following bug fixes: bsc#1108474, bsc#1117615 - Update includes the following SLE requested functionality: FATE#324810, FATE#325875, FATE#326369, FATE#326378, FATE#326379, FATE#326401, FATE#326672, FATE#326829 - Make the following packaging changes related to the new release * Enable libpmem, pvrdma, vhost-crypto features and qemu-block-nfs subpackage * New roms available: vgabios-bochs-display.bin, vgabios-ramfb.bin * New binary tool included (qemu-edid) for testing the new qemu edid generator - Tweaked patches we carry to pass qemu's checkpatch checker - Modify update_git.sh script to enable packaging qemu from development time sources, not just at release time - Removed erroneous (and now useless) tests for tar and gzip formats - Don't exclude s390x anymore from building the qemu-testsuite - Based on current OBS building observations make changes to storage and memory requires specified in the _constraints file- Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2018-10839 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 * bsc#1110910 bsc#1111006 bsc#1111010 bsc#1111013 bsc#1114422 bsc#1114529 * Patches added: 0047-linux-user-init_guest_space-Try-to-.patch 0048-ne2000-fix-possible-out-of-bound-ac.patch 0049-rtl8139-fix-possible-out-of-bound-a.patch 0050-pcnet-fix-possible-buffer-overflow.patch 0051-net-ignore-packet-size-greater-than.patch 0052-lsi53c895a-check-message-length-val.patch 0053-nvme-fix-oob-access-issue-CVE-2018-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0* Adding changes to mitigate seccomp vulnerability (CVE-2018-15746 bsc#1106222) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 * Patches added: 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch- Do more misc spec file fixes: * Be explicit in spec file about Version used for all subpackages (again, to avoid subpackage ordering issues). Default Release tag is also brought in by obs format_spec_file service * Delete binary blob s390-netboot.img, which we rebuild * Don't provide separate Url for qemu-kvm package - the main qemu website provides easily findable link for kvm specifics * Associate petalogix-ml605.dtb with qemu-extra instead of qemu-ppc * More entry sorting- Correct some versioning as follows: * Accurately reflect the qemu-ipxe package version value by adding "+" at the end * Don't overwrite seabios .version file, since now (for quite some time actually) upstream tarball creation creates this file and the value we are writing to it is actually wrong - Make spec file improvements, including the following: * Add qemu.keyring to enable package source verification * Create srcname macro to identify source file name separately from package name * Create alternate to %version to avoid subpackage ordering causing inadvertantly wrong %version value at point of use * Sort some entries * Be more consistent with macro syntax usage * Minor file tweaks as done by osc format_spec_file service- Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746 * fate#325467 * bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735 bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489 * Patches added: * only enable glusterfs for openSUSE 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Increase timeout for boot-serial-test, since we've hit the timeout for armv7l arch in qemu-testsuite. 0039-tests-boot-serial-test-Bump-timeout.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Drop legacy kvm_stat script and man page. We'll rely on the kvm_stat package only going forward kvm_stat kvm_stat.1.gz - Update SLE support documentation to match v3.0.0 release- Update to v3.0.0: See http://wiki.qemu.org/ChangeLog/3.0 Don't read anything into the major version number update. It's been decided to increase the major version number each year. Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package. Some noteworthy changes: * Support for additional x86/AMD mitigations against Speculative Store Bypass (Spectre Variant 4, CVE-2018-3639) * Improved support for nested KVM guests running on Hyper-V * Block device support for active disk-mirroring, which avoids convergence issues which may arise when doing passive/background mirroring of busy devices * Improved support for AHCI emulation, SCSI emulation, and persistent reservations / cluster management * OpenGL ES support for SDL front-end, additional framebuffer device options for early boot display without using legacy VGA emulation * Live migration support for TPM TIS devices, capping bandwidth usage during post-copy migration, and recovering from a failed post-copy migration * Improved latency when using user-mode networking / SLIRP * ARM: support for SMMUv3 IOMMU when using 'virt' machine type * ARM: v8M extensions for VLLDM and VLSTM floating-point instructions, and improved support for AArch64 v8.2 FP16 extensions * ARM: support for Scalable Vector Extensions in linux-user mode * Microblaze: support for 64-bit address sizes and translation bug fixes * PowerPC: PMU support for mac99 machine type and improvements for Uninorth PCI host bridge emulation for Mac machine types * PowerPC: preliminary support for emulating POWER9 hash MMU mode when using powernv machine type * RISC-V: improvement for privileged ISA emulation * s390: support for z14 ZR1 CPU model * s390: bpb/ppa15 Spectre mitigations enabled by default for z196 and later CPU models * s390: support for configuring consoles via -serial options * Patches dropped (upstream unless otherwise noted): 0008-linux-user-fix-segfault-deadlock.patch (no longer needed) 0039-blockjob-Fix-assertion-in-block_job.patch 0041-seccomp-allow-sched_setscheduler-wi.patch Make-installed-scripts-explicitly-python3.patch (we now make python3 explicit in other patch) * Patches renamed: 0009-linux-user-binfmt-support-host-bina.patch - > 0008-linux-user-binfmt-support-host-bina.patch 0010-linux-user-Fake-proc-cpuinfo.patch - > 0009-linux-user-Fake-proc-cpuinfo.patch 0011-Remove-problematic-evdev-86-key-fro.patch - > 0010-Remove-problematic-evdev-86-key-fro.patch 0012-linux-user-use-target_ulong.patch - > 0011-linux-user-use-target_ulong.patch 0013-Make-char-muxer-more-robust-wrt-sma.patch - > 0012-Make-char-muxer-more-robust-wrt-sma.patch 0014-linux-user-lseek-explicitly-cast-no.patch - > 0013-linux-user-lseek-explicitly-cast-no.patch 0015-AIO-Reduce-number-of-threads-for-32.patch - > 0014-AIO-Reduce-number-of-threads-for-32.patch 0016-xen_disk-Add-suse-specific-flush-di.patch - > 0015-xen_disk-Add-suse-specific-flush-di.patch 0017-qemu-bridge-helper-reduce-security-.patch - > 0016-qemu-bridge-helper-reduce-security-.patch 0018-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0019-linux-user-properly-test-for-infini.patch - > 0018-linux-user-properly-test-for-infini.patch 0020-roms-Makefile-pass-a-packaging-time.patch - > 0019-roms-Makefile-pass-a-packaging-time.patch 0021-Raise-soft-address-space-limit-to-h.patch - > 0020-Raise-soft-address-space-limit-to-h.patch 0022-increase-x86_64-physical-bits-to-42.patch - > 0021-increase-x86_64-physical-bits-to-42.patch 0023-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0024-i8254-Fix-migration-from-SLE11-SP2.patch - > 0023-i8254-Fix-migration-from-SLE11-SP2.patch 0025-acpi_piix4-Fix-migration-from-SLE11.patch - > 0024-acpi_piix4-Fix-migration-from-SLE11.patch 0026-Fix-tigervnc-long-press-issue.patch - > 0025-Fix-tigervnc-long-press-issue.patch 0027-string-input-visitor-Fix-uint64-par.patch - > 0026-string-input-visitor-Fix-uint64-par.patch 0028-test-string-input-visitor-Add-int-t.patch - > 0027-test-string-input-visitor-Add-int-t.patch 0029-test-string-input-visitor-Add-uint6.patch - > 0028-test-string-input-visitor-Add-uint6.patch 0030-tests-Add-QOM-property-unit-tests.patch - > 0029-tests-Add-QOM-property-unit-tests.patch 0031-tests-Add-scsi-disk-test.patch - > 0030-tests-Add-scsi-disk-test.patch 0032-Switch-order-of-libraries-for-mpath.patch - > 0031-Switch-order-of-libraries-for-mpath.patch 0033-Make-installed-scripts-explicitly-p.patch - > 0032-Make-installed-scripts-explicitly-p.patch (python2->python3) 0034-migration-warn-about-inconsistent-s.patch - > 0033-migration-warn-about-inconsistent-s.patch 0035-smbios-Add-1-terminator-if-any-stri.patch - > 0034-smbios-Add-1-terminator-if-any-stri.patch 0036-configure-Modify-python-used-for-io.patch - > 0035-configure-Modify-python-used-for-io.patch 0037-qemu-io-tests-comment-out-problemat.patch - > 0036-qemu-io-tests-comment-out-problemat.patch 0038-tests-test-thread-pool-is-racy-add-.patch - > 0037-tests-test-thread-pool-is-racy-add-.patch 0040-xen-add-block-resize-support-for-xe.patch - > 0038-xen-add-block-resize-support-for-xe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Update QEMU to allow kvm group access to /dev/sev (bsc#1102604). 71-sev.rules- Update to v2.12.1, a stable, (mostly) bug-fix-only release * This update contains new mitigation functionality for CVE-2018-3639 (Speculative Store Bypass) in x86. There are also bug fixes for migration, Intel IOMMU emulation, block layer/image handling, ARM emulation, and various other areas. (Note that a number of 2.12.1 patches were already included by us previously) (CVE-2018-3639 bsc#1092885) * Patches dropped (subsumed by stable update): 0039-device_tree-Increase-FDT_MAX_SIZE-t.patch 0040-vnc-fix-use-after-free.patch 0041-ccid-Fix-dwProtocols-advertisement-.patch 0042-tcg-arm-Fix-memory-barrier-encoding.patch 0043-s390-ccw-force-diag-308-subcode-to-.patch 0044-nbd-client-fix-nbd_negotiate_simple.patch 0045-migration-block-dirty-bitmap-fix-me.patch 0046-nbd-client-Fix-error-messages-durin.patch 0047-nbd-client-Relax-handling-of-large-.patch 0048-qxl-fix-local-renderer-crash.patch 0049-tcg-Limit-the-number-of-ops-in-a-TB.patch 0050-target-arm-Clear-SVE-high-bits-for-.patch 0051-cpus-tcg-fix-never-exiting-loop-on-.patch 0052-s390x-css-disabled-subchannels-cann.patch 0053-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0054-virtio-ccw-common-reset-handler.patch 0055-s390x-ccw-make-sure-all-ccw-devices.patch 0056-blockjob-expose-error-string-via-qu.patch 0058-qemu-io-Use-purely-string-blockdev-.patch 0059-qemu-img-Use-only-string-options-in.patch 0060-nfs-Remove-processed-options-from-Q.patch 0061-i386-define-the-ssbd-CPUID-feature-.patch 0062-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch 0064-ahci-fix-PxCI-register-race.patch 0065-ccid-card-passthru-fix-regression-i.patch * Patches renamed: 0057-blockjob-Fix-assertion-in-block_job.patch - > 0039-blockjob-Fix-assertion-in-block_job.patch 0066-xen-add-block-resize-support-for-xe.patch - > 0040-xen-add-block-resize-support-for-xe.patch 0067-seccomp-allow-sched_setscheduler-wi.patch - > 0041-seccomp-allow-sched_setscheduler-wi.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fixing seccomp resourcecontrol defunct issue (bsc#1102627) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-seccomp-allow-sched_setscheduler-wi.patch- Add ipxe-fix-build.patch to not error out with binutils >= 2.31 .- Remove linux-user patch which is no longer needed (bsc#1098056) * Patches dropped: 0011-linux-user-XXX-disable-fiemap.patch * Patches renamed: 0036-Remove-problematic-evdev-86-key-fro.patch - > 0011-Remove-problematic-evdev-86-key-fro.patch 0037-configure-Modify-python-used-for-io.patch - > 0036-configure-Modify-python-used-for-io.patch 0038-qemu-io-tests-comment-out-problemat.patch - > 0037-qemu-io-tests-comment-out-problemat.patch 0039-tests-test-thread-pool-is-racy-add-.patch - > 0038-tests-test-thread-pool-is-racy-add-.patch 0040-device_tree-Increase-FDT_MAX_SIZE-t.patch - > 0039-device_tree-Increase-FDT_MAX_SIZE-t.patch 0041-vnc-fix-use-after-free.patch - > 0040-vnc-fix-use-after-free.patch 0042-ccid-Fix-dwProtocols-advertisement-.patch - > 0041-ccid-Fix-dwProtocols-advertisement-.patch 0043-tcg-arm-Fix-memory-barrier-encoding.patch - > 0042-tcg-arm-Fix-memory-barrier-encoding.patch 0044-s390-ccw-force-diag-308-subcode-to-.patch - > 0043-s390-ccw-force-diag-308-subcode-to-.patch 0045-nbd-client-fix-nbd_negotiate_simple.patch - > 0044-nbd-client-fix-nbd_negotiate_simple.patch 0046-migration-block-dirty-bitmap-fix-me.patch - > 0045-migration-block-dirty-bitmap-fix-me.patch 0047-nbd-client-Fix-error-messages-durin.patch - > 0046-nbd-client-Fix-error-messages-durin.patch 0048-nbd-client-Relax-handling-of-large-.patch - > 0047-nbd-client-Relax-handling-of-large-.patch 0049-qxl-fix-local-renderer-crash.patch - > 0048-qxl-fix-local-renderer-crash.patch 0050-tcg-Limit-the-number-of-ops-in-a-TB.patch - > 0049-tcg-Limit-the-number-of-ops-in-a-TB.patch 0051-target-arm-Clear-SVE-high-bits-for-.patch - > 0050-target-arm-Clear-SVE-high-bits-for-.patch 0052-cpus-tcg-fix-never-exiting-loop-on-.patch - > 0051-cpus-tcg-fix-never-exiting-loop-on-.patch 0053-s390x-css-disabled-subchannels-cann.patch - > 0052-s390x-css-disabled-subchannels-cann.patch 0054-pc-bios-s390-ccw-struct-tpi_info-mu.patch - > 0053-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0055-virtio-ccw-common-reset-handler.patch - > 0054-virtio-ccw-common-reset-handler.patch 0056-s390x-ccw-make-sure-all-ccw-devices.patch - > 0055-s390x-ccw-make-sure-all-ccw-devices.patch 0057-blockjob-expose-error-string-via-qu.patch - > 0056-blockjob-expose-error-string-via-qu.patch 0058-blockjob-Fix-assertion-in-block_job.patch - > 0057-blockjob-Fix-assertion-in-block_job.patch 0059-qemu-io-Use-purely-string-blockdev-.patch - > 0058-qemu-io-Use-purely-string-blockdev-.patch 0060-qemu-img-Use-only-string-options-in.patch - > 0059-qemu-img-Use-only-string-options-in.patch 0061-nfs-Remove-processed-options-from-Q.patch - > 0060-nfs-Remove-processed-options-from-Q.patch 0062-i386-define-the-ssbd-CPUID-feature-.patch - > 0061-i386-define-the-ssbd-CPUID-feature-.patch 0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch - > 0062-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0064-i386-define-the-AMD-virt-ssbd-CPUID.patch - > 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch 0065-ahci-fix-PxCI-register-race.patch - > 0064-ahci-fix-PxCI-register-race.patch 0066-ccid-card-passthru-fix-regression-i.patch - > 0065-ccid-card-passthru-fix-regression-i.patch 0067-xen-add-block-resize-support-for-xe.patch - > 0066-xen-add-block-resize-support-for-xe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix build failure of skiboot with gcc8 compiler skiboot-hdata-i2c.c-fix-building-with-gcc8.patch- Tweak build service constraints information to avoid failures- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-xen-add-block-resize-support-for-xe.patch- Tweak patch file generation to be more git version agnostic. Also change update_git.sh to not reformat spec file by default.- Looks like the right fix for the AHCI issue has been identified upstream. Turns out to also affect Linux guests as well. (bsc#1094406) * Patches dropped: 0065-Revert-replay-don-t-process-async-e.patch 0066-Revert-replay-avoid-recursive-call-.patch 0067-Revert-replay-check-return-values-o.patch 0068-Revert-replay-push-replay_mutex_loc.patch * Patches added: 0065-ahci-fix-PxCI-register-race.patch - Fix a regresssion introduced in v2.12.0 for ccid-card-passthrough (bsc#1095419) 0066-ccid-card-passthru-fix-regression-i.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix qemu-guest-agent service issue (bsc#1094898)- Spectre v4 vulnerability mitigation support for KVM guests. High level description of vulnerability: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This change permits the new x86 cpu feature flag named "ssbd" to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled, via adding it to the qemu commandline (eg: -cpu ,+spec-ctrl,+ssbd), so the guest OS can take advantage of the feature, spec-ctrl and ssbd support is also required in the host. Another new x86 cpu feature flag named "virt-ssbd" is also added to handle this vulnerability for AMD processors. (CVE-2018-3639 bsc#1092885) 0062-i386-define-the-ssbd-CPUID-feature-.patch 0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0064-i386-define-the-AMD-virt-ssbd-CPUID.patch - Replay code introduced an issue for AHCI emulation, where on Windows 10 I/O would stop randomly, and Windows would then reset the AHCI device. The issue is not yet fully identified, but reverting some of those changes is at least for now a workaround. (bsc#1094406) 0065-Revert-replay-don-t-process-async-e.patch 0066-Revert-replay-avoid-recursive-call-.patch 0067-Revert-replay-check-return-values-o.patch 0068-Revert-replay-push-replay_mutex_loc.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Add some upstream fixes targeted for the next stable release 0040-device_tree-Increase-FDT_MAX_SIZE-t.patch 0041-vnc-fix-use-after-free.patch 0042-ccid-Fix-dwProtocols-advertisement-.patch 0043-tcg-arm-Fix-memory-barrier-encoding.patch 0044-s390-ccw-force-diag-308-subcode-to-.patch 0045-nbd-client-fix-nbd_negotiate_simple.patch 0046-migration-block-dirty-bitmap-fix-me.patch 0047-nbd-client-Fix-error-messages-durin.patch 0048-nbd-client-Relax-handling-of-large-.patch 0049-qxl-fix-local-renderer-crash.patch 0050-tcg-Limit-the-number-of-ops-in-a-TB.patch 0051-target-arm-Clear-SVE-high-bits-for-.patch 0052-cpus-tcg-fix-never-exiting-loop-on-.patch 0053-s390x-css-disabled-subchannels-cann.patch 0054-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0055-virtio-ccw-common-reset-handler.patch 0056-s390x-ccw-make-sure-all-ccw-devices.patch 0057-blockjob-expose-error-string-via-qu.patch 0058-blockjob-Fix-assertion-in-block_job.patch 0059-qemu-io-Use-purely-string-blockdev-.patch 0060-qemu-img-Use-only-string-options-in.patch 0061-nfs-Remove-processed-options-from-Q.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix qemu-guest-agent uninstall (bsc#1093169) - Minor tweak to qemu spec file- Update to v2.12.0: See http://wiki.qemu.org/ChangeLog/2.12 Some noteworthy changes: CLI options removed: -tdf, -no-kvm-pit, -drive boot, -net channel, - net dump, -hdachs, -drive,if=scsi HMP commands removed: usb_add, usb_del, host_net_add, host_net_remove Q35 default nic now e1000e AMD SEV support - smbios supports setting data for type 11 tables audio and display support split out as modules - nic for simple creation of guest NIC and host back-end QMP monitor "out-of-band" capability lots of ARM and s390 improvements - Include more of upstream's in-tree tests in the qemu-testsuite package * Patches dropped: 0033-memfd-fix-configure-test.patch 0034-qapi-use-items-values-intead-of-ite.patch 0035-qapi-Use-OrderedDict-from-standard-.patch 0036-qapi-adapt-to-moved-location-of-Str.patch 0037-qapi-Adapt-to-moved-location-of-mak.patch 0038-qapi-remove-q-arg-to-diff-when-comp.patch 0039-qapi-ensure-stable-sort-ordering-wh.patch 0040-qapi-force-a-UTF-8-locale-for-runni.patch 0041-scripts-ensure-signrom-treats-data-.patch 0042-configure-allow-use-of-python-3.patch 0043-input-add-missing-JIS-keys-to-virti.patch 0045-pc-fail-memory-hot-plug-unplug-with.patch 0046-memattrs-add-debug-attribute.patch 0047-exec-add-ram_debug_ops-support.patch 0048-exec-add-debug-version-of-physical-.patch 0049-monitor-i386-use-debug-APIs-when-ac.patch 0050-machine-add-memory-encryption-prope.patch 0051-kvm-update-kvm.h-to-include-memory-.patch 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch 0053-target-i386-add-Secure-Encrypted-Vi.patch 0054-qmp-add-query-sev-command.patch 0055-sev-i386-add-command-to-initialize-.patch 0056-qmp-populate-SevInfo-fields-with-SE.patch 0057-sev-i386-register-the-guest-memory-.patch 0058-kvm-introduce-memory-encryption-API.patch 0059-hmp-add-info-sev-command.patch 0060-sev-i386-add-command-to-create-laun.patch 0061-sev-i386-add-command-to-encrypt-gue.patch 0062-target-i386-encrypt-bios-rom.patch 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch 0064-sev-i386-finalize-the-SEV-guest-lau.patch 0065-hw-i386-set-ram_debug_ops-when-memo.patch 0066-sev-i386-add-debug-encrypt-and-decr.patch 0067-target-i386-clear-C-bit-when-walkin.patch 0068-include-add-psp-sev.h-header-file.patch 0069-sev-i386-add-support-to-query-PLATF.patch 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch 0071-qmp-add-query-sev-launch-measure-co.patch 0072-tests-qmp-test-blacklist-query-sev-.patch 0073-sev-i386-add-migration-blocker.patch 0074-cpu-i386-populate-CPUID-0x8000_001F.patch 0075-migration-warn-about-inconsistent-s.patch 0076-smbios-support-setting-OEM-strings-.patch 0077-smbios-Add-1-terminator-if-any-stri.patch 0078-Remove-problematic-evdev-86-key-fro.patch 0079-tpm-lookup-cancel-path-under-tpm-de.patch 0080-vga-fix-region-calculation.patch skiboot-GCC7-fixes-for-Wimplicit-fallthr.patch skiboot-libc-stdio-vsnprintf.c-add-expli.patch skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch ui-keycodemapdb-Add-missing-QKeyCode-val.patch ui-keycodemapdb-Fix-compat-with-py3-dict.patch * Patches renamed: 0044-Make-installed-scripts-explicitly-p.patch - > 0033-Make-installed-scripts-explicitly-p.patch 0075-migration-warn-about-inconsistent-s.patch - > 0034-migration-warn-about-inconsistent-s.patch 0077-smbios-Add-1-terminator-if-any-stri.patch - > 0035-smbios-Add-1-terminator-if-any-stri.patch 0078-Remove-problematic-evdev-86-key-fro.patch - > 0036-Remove-problematic-evdev-86-key-fro.patch * Patches added: 0037-configure-Modify-python-used-for-io.patch 0038-qemu-io-tests-comment-out-problemat.patch 0039-tests-test-thread-pool-is-racy-add-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix autoinstall of qemu-guest-agent by getting the modalias string right (bsc#1091143)- Guard strncpy call with GCC pragma to disable warning about possible incorrect usage, when in fact it is correct. This is for gcc 8 compatibility (bsc#1090355) ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch- Add WantedBy for enable qemu-ga@.service auto start (bsc#1090369)- fix qemu-ga service file name (bsc#1089067)- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604) 0080-vga-fix-region-calculation.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Add new look up path "sys/class/tpm" for tpm cancel path based on Linux 4.0 change (commit 313d21eeab9282e)(bsc#1070615) 0079-tpm-lookup-cancel-path-under-tpm-de.patch- Fix issue with key codes in qemu v2.11 0078-Remove-problematic-evdev-86-key-fro.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 * Patches added: 0077-smbios-Add-1-terminator-if-any-stri.patch bsc#994082 and bsc#1084316- Add support for setting OEM strings table (fate#323624) 0076-smbios-support-setting-OEM-strings-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- SLE15 KVM (as targeted for RC1) now has the feature exposed. Drop the patch. (bsc#1082276) 0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Change example qemu-ifup script to not depend on bridge-utils. Also update the paths used for ip binary.- Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor.- Update to v2.11.1, a stable, (mostly) bug-fix-only release In addition to bug fixes, of necessity fixes are needed to address the Spectre v2 vulnerability by passing along to the guest new hardware features introduced by host microcode updates. A January 2018 release of qemu initially addressed this issue by exposing the feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on the upstream solution. This update instead defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) s390x guest vulnerability to Spectre v2 is also addressed in this update by including support for bpb and ppa/stfle.81 features. (CVE-2017-5715 bsc#1068032) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ - Unfortunately, it was found that our current KVM isn't correctly indicating support for the spec-ctrl feature, so I've added a patch to still detect that support within QEMU. This is of course a temporary kludge until KVM gets fixed. (bsc#1082276) - The SEV support patches are updated to the v9 series. - Fix incompatibility with recent glibc (boo#1081154) - Add Supplements tags for the guest agent package in an attempt to auto-install for QEMU and Xen SUSE Linux guests (fate#323570) * Patches dropped (subsumed by stable update, or reworked in v9): 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch 0050-target-i386-add-memory-encryption-f.patch 0054-accel-add-Secure-Encrypted-Virtuliz.patch 0072-sev-Fix-build-for-non-x86-hosts.patch * Patches added: 0033-memfd-fix-configure-test.patch 0053-target-i386-add-Secure-Encrypted-Vi.patch 0056-qmp-populate-SevInfo-fields-with-SE.patch 0072-tests-qmp-test-blacklist-query-sev-.patch 0073-sev-i386-add-migration-blocker.patch 0074-cpu-i386-populate-CPUID-0x8000_001F.patch 0075-migration-warn-about-inconsistent-s.patch 0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch * Patches renamed (plus some minor code changes): 0051-machine-add-memory-encryption-prope.patch - > 0050-machine-add-memory-encryption-prope.patch 0052-kvm-update-kvm.h-to-include-memory-.patch - > 0051-kvm-update-kvm.h-to-include-memory-.patch 0053-docs-add-AMD-Secure-Encrypted-Virtu.patch - > 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch 0055-sev-add-command-to-initialize-the-m.patch - > 0055-sev-i386-add-command-to-initialize-.patch 0056-sev-register-the-guest-memory-range.patch - > 0057-sev-i386-register-the-guest-memory-.patch 0057-kvm-introduce-memory-encryption-API.patch - > 0058-kvm-introduce-memory-encryption-API.patch 0058-qmp-add-query-sev-command.patch - > 0054-qmp-add-query-sev-command.patch 0060-sev-add-command-to-create-launch-me.patch - > 0060-sev-i386-add-command-to-create-laun.patch 0061-sev-add-command-to-encrypt-guest-me.patch - > 0061-sev-i386-add-command-to-encrypt-gue.patch 0063-sev-add-support-to-LAUNCH_MEASURE-c.patch - > 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch 0064-sev-Finalize-the-SEV-guest-launch-f.patch - > 0064-sev-i386-finalize-the-SEV-guest-lau.patch 0066-sev-add-debug-encrypt-and-decrypt-c.patch - > 0066-sev-i386-add-debug-encrypt-and-decr.patch 0069-sev-add-support-to-query-PLATFORM_S.patch - > 0069-sev-i386-add-support-to-query-PLATF.patch 0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch - > 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Add AMD SEV (Secure Encrypted Virtualization) support by taking the v7 series of the patches posted to qemu ml. (fate#322124) 0046-memattrs-add-debug-attribute.patch 0047-exec-add-ram_debug_ops-support.patch 0048-exec-add-debug-version-of-physical-.patch 0049-monitor-i386-use-debug-APIs-when-ac.patch 0050-target-i386-add-memory-encryption-f.patch 0051-machine-add-memory-encryption-prope.patch 0052-kvm-update-kvm.h-to-include-memory-.patch 0053-docs-add-AMD-Secure-Encrypted-Virtu.patch 0054-accel-add-Secure-Encrypted-Virtuliz.patch 0055-sev-add-command-to-initialize-the-m.patch 0056-sev-register-the-guest-memory-range.patch 0057-kvm-introduce-memory-encryption-API.patch 0058-qmp-add-query-sev-command.patch 0059-hmp-add-info-sev-command.patch 0060-sev-add-command-to-create-launch-me.patch 0061-sev-add-command-to-encrypt-guest-me.patch 0062-target-i386-encrypt-bios-rom.patch 0063-sev-add-support-to-LAUNCH_MEASURE-c.patch 0064-sev-Finalize-the-SEV-guest-launch-f.patch 0065-hw-i386-set-ram_debug_ops-when-memo.patch 0066-sev-add-debug-encrypt-and-decrypt-c.patch 0067-target-i386-clear-C-bit-when-walkin.patch 0068-include-add-psp-sev.h-header-file.patch 0069-sev-add-support-to-query-PLATFORM_S.patch 0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch 0071-qmp-add-query-sev-launch-measure-co.patch 0072-sev-Fix-build-for-non-x86-hosts.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Update python3 related patches now that they are upstream- guest agent: change service file to a template so it can be used by Xen as well. Adjust udev rule accordingly. FATE#324963- Fix machine inconsistency with -no-acpi and nvdimm (bsc#1077823) 0045-pc-fail-memory-hot-plug-unplug-with.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Modify BuildRequires python references - seabios also needed tweaks for python2 vs python3 * Patches added: seabios-use-python2-explicitly-as-needed.patch seabios-switch-to-python3-as-needed.patch- Try to get our story right wrt python2 vs python3 (bsc#1077564) * Get rid of use of #!/usr/bin/env python in scripts we install * include proposed upstream build system changes needed for building with python2 or python3 * Patches dropped: 0032-scripts-avoid-usr-bin-python-refere.patch * Patches renamed: 0033-Switch-order-of-libraries-for-mpath.patch - > 0032-Switch-order-of-libraries-for-mpath.patch 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch - > 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch * Patches added: 0034-qapi-use-items-values-intead-of-ite.patch 0035-qapi-Use-OrderedDict-from-standard-.patch 0036-qapi-adapt-to-moved-location-of-Str.patch 0037-qapi-Adapt-to-moved-location-of-mak.patch 0038-qapi-remove-q-arg-to-diff-when-comp.patch 0039-qapi-ensure-stable-sort-ordering-wh.patch 0040-qapi-force-a-UTF-8-locale-for-runni.patch 0041-scripts-ensure-signrom-treats-data-.patch 0042-configure-allow-use-of-python-3.patch 0043-input-add-missing-JIS-keys-to-virti.patch 0044-Make-installed-scripts-explicitly-p.patch Make-installed-scripts-explicitly-python3.patch ui-keycodemapdb-Add-missing-QKeyCode-val.patch ui-keycodemapdb-Fix-compat-with-py3-dict.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Fix packaging dependencies (coreutils) for qemu-ksm package (bsc#1040202)- Pass through to guest info related to x86 security vulnerability (CVE-2017-5715 bsc#1068032) 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Update to v2.11.0: See http://wiki.qemu.org/ChangeLog/2.11 Some noteworthy changes: - nodefconfig is now deprecated legacy pci-assignment code removed qemu-pr-helper added for handling guest persistant reservations (bsc#891066, bsc#910704, bsc#943807) qemu-keymap tool added for generating keymap files throttle block filter driver added support for a TPM emulator qcow2 image shrink support better support for >=64 vcpus for Windows guests nested KVM related improvements s390 pgste handling now done better EPYC cpu model added (bsc#1052825) improvements in qcow2 buffer handling vhost-user resume issue fixed migration hardening ARMv8-M security extension support more seccomp/sandboxing options available s390 cpu hot-plug improvements misc. virtfs improvements nbd improvements MTTCG improvements misc. TCG improvements scsi correctness improvements SEABIOS now has serial output option * Includes fixes for CVE-2017-15118 bsc#1070147, CVE-2017-15119 bsc#1070144 * Adds KASLR support (fate#323473, bsc#1070281) * Update SLE support docs to match this release * simplify spec file to expect at least sle_version >= 1315 * Patches dropped (upstream): 0013-console-add-question-mark-escape-op.patch 0020-configure-Fix-detection-of-seccomp-.patch 0034-target-i386-cpu-Add-new-EPYC-CPU-mo.patch 0035-chardev-baum-fix-baum-that-releases.patch 0036-io-fix-temp-directory-used-by-test-.patch 0037-io-fix-check-for-handshake-completi.patch 0038-crypto-fix-test-cert-generation-to-.patch 0039-vhost-user-disable-the-broken-subpr.patch 0040-io-monitor-encoutput-buffer-size-fr.patch 0041-cirrus-fix-oob-access-in-mode4and5-.patch 0042-9pfs-use-g_malloc0-to-allocate-spac.patch * Patches renamed: 0014-Make-char-muxer-more-robust-wrt-sma.patch - > 0013-Make-char-muxer-more-robust-wrt-sma.patch 0015-linux-user-lseek-explicitly-cast-no.patch - > 0014-linux-user-lseek-explicitly-cast-no.patch 0016-AIO-Reduce-number-of-threads-for-32.patch - > 0015-AIO-Reduce-number-of-threads-for-32.patch 0017-xen_disk-Add-suse-specific-flush-di.patch - > 0016-xen_disk-Add-suse-specific-flush-di.patch 0018-qemu-bridge-helper-reduce-security-.patch - > 0017-qemu-bridge-helper-reduce-security-.patch 0019-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0018-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0021-linux-user-properly-test-for-infini.patch - > 0019-linux-user-properly-test-for-infini.patch 0022-roms-Makefile-pass-a-packaging-time.patch - > 0020-roms-Makefile-pass-a-packaging-time.patch 0023-Raise-soft-address-space-limit-to-h.patch - > 0021-Raise-soft-address-space-limit-to-h.patch 0024-increase-x86_64-physical-bits-to-42.patch - > 0022-increase-x86_64-physical-bits-to-42.patch 0025-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0023-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0026-i8254-Fix-migration-from-SLE11-SP2.patch - > 0024-i8254-Fix-migration-from-SLE11-SP2.patch 0027-acpi_piix4-Fix-migration-from-SLE11.patch - > 0025-acpi_piix4-Fix-migration-from-SLE11.patch 0028-Fix-tigervnc-long-press-issue.patch - > 0026-Fix-tigervnc-long-press-issue.patch 0029-string-input-visitor-Fix-uint64-par.patch - > 0027-string-input-visitor-Fix-uint64-par.patch 0030-test-string-input-visitor-Add-int-t.patch - > 0028-test-string-input-visitor-Add-int-t.patch 0031-test-string-input-visitor-Add-uint6.patch - > 0029-test-string-input-visitor-Add-uint6.patch 0032-tests-Add-QOM-property-unit-tests.patch - > 0030-tests-Add-QOM-property-unit-tests.patch 0033-tests-Add-scsi-disk-test.patch - > 0031-tests-Add-scsi-disk-test.patch 0043-scripts-avoid-usr-bin-python-refere.patch - > 0032-scripts-avoid-usr-bin-python-refere.patch * We need the multipath libraries link order switched 0033-Switch-order-of-libraries-for-mpath.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Avoid ref to /usr/bin/python in vmstate-static-checker.py script 0043-scripts-avoid-usr-bin-python-refere.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- For SLE15, it's been decided to stop providing SDL based graphics due to packaging constraints. Long ago GTK became the default, and there is little benefit to providing both. For now, keep it enabled for openSUSE (Tumblweed and Leap), but consider it marked deprecated there and if no one complains it will be removed for openSUSE as well in the near future. (fate#324465) - Fix problem building skiboot.lid skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch- Wrap analyze-migration and vmstate-static-checker into tools from qemu scripts folder, also changed introduction of qemu-tools in spec file - Move supportplugin position in spec file- Add announcement in support docs about qed storage format no longer being supported in next major SLE release (SLE15) (fate#324200) - Address various security/stability issues * Fix DoS in I/O channel websockets (CVE-2017-15268 bsc#1062942) 0040-io-monitor-encoutput-buffer-size-fr.patch * Fix OOB access in cirrus vga device emulation (CVE-2017-15289 bsc#1063122) 0041-cirrus-fix-oob-access-in-mode4and5-.patch * Fix information leak in 9pfs interface (CVE-2017-15038 bsc#1062069) 0042-9pfs-use-g_malloc0-to-allocate-spac.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Don't tie glusterfs support to specific arch - Build skiboot firmware (OPAL), particularly since it's fairly easy to do so skiboot-GCC7-fixes-for-Wimplicit-fallthr.patch skiboot-libc-stdio-vsnprintf.c-add-expli.patch- Added the global macro 'with_glusterfs' in order to re-enable glusterfs support. The macro enable easier future adjustments for various ARCH/targets/requiremnets. At first glusterfs support is enabled for openSUSE Leap 42.x and Factory for ARCH x86_64.- Add dependencies on ovmf (uefi) for the qemu-x86 and qemu-arm packages - Fix s390-netboot.img to be included with qemu-s390 package, not qemu-ppc- Update to v2.10.1, a stable, bug-fix-only release * fixes bsc#1056386 CVE-2017-13673, bsc#1056334 CVE-2017-13672, bsc#1057585 CVE-2017-14167 * Patches dropped (upstream): 0034-slirp-fix-clearing-ifq_so-from-pend.patch 0035-s390-ccw-Fix-alignment-for-CCW1.patch 0038-s390x-ais-for-2.10-stable-disable-a.patch 0039-s390x-cpumodel-remove-ais-from-z14-.patch * Patches renamed: 0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch - > 0034-target-i386-cpu-Add-new-EPYC-CPU-mo.patch 0037-chardev-baum-fix-baum-that-releases.patch - > 0035-chardev-baum-fix-baum-that-releases.patch 0040-io-fix-temp-directory-used-by-test-.patch - > 0036-io-fix-temp-directory-used-by-test-.patch 0041-io-fix-check-for-handshake-completi.patch - > 0037-io-fix-check-for-handshake-completi.patch 0042-crypto-fix-test-cert-generation-to-.patch - > 0038-crypto-fix-test-cert-generation-to-.patch 0043-vhost-user-disable-the-broken-subpr.patch - > 0039-vhost-user-disable-the-broken-subpr.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix failures and potential failures in qemu-testsuite 0040-io-fix-temp-directory-used-by-test-.patch 0041-io-fix-check-for-handshake-completi.patch 0042-crypto-fix-test-cert-generation-to-.patch 0043-vhost-user-disable-the-broken-subpr.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix migration issue on s390 0038-s390x-ais-for-2.10-stable-disable-a.patch 0039-s390x-cpumodel-remove-ais-from-z14-.patch - Fix case of not being able to build from rpm sources due to undefined macro (boo#1057966) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix baum that release brlapi twice (bsc#1060045) 0037-chardev-baum-fix-baum-that-releases.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- For SLE15 pre-release testing, add support for the EPYC processor. This will be officially supported once it is included in the v2.11 release. (bsc#1052825) 0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch - Fix some support statements in our SLE support documents.- Update BuildRequires packages libibverbs-devel and librdmacm-devel to the more correct rdma-core-devel - Enable seccomp for s390x, aarch64, and ppc64le - Fix OOB issue (use after free) in slirp network stack (CVE-2017-13711 bsc#1056291) 0034-slirp-fix-clearing-ifq_so-from-pend.patch - Fix a misalignment in the s390 ccw firmware (bsc#1056680) 0035-s390-ccw-Fix-alignment-for-CCW1.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Add a supportconfig plugin qemu-supportconfig FATE#323661- Update to v2.10.0: See http://wiki.qemu.org/ChangeLog/2.10 - Dropped internal only patches used to support SUSE Studio Testdrive as well as other miscellaneous patches deemed unused and not worth carrying (bsc#1046783, bsc#1055125, bsc#1055127) - Update SLE support statements in anticipation of SLE15 - disable SAN boot capability from virtio pxe rom used in v1.4 and older pc machine types due to rom size requirements. Hopefully a better solution can be found which doesn't impact functionality * Patches added: ipxe-stub-out-the-SAN-req-s-in-int13.patch * Patches renamed: 0006-qemu-cvs-gettimeofday.patch -> 0003-qemu-cvs-gettimeofday.patch 0007-qemu-cvs-ioctl_debug.patch -> 0004-qemu-cvs-ioctl_debug.patch 0008-qemu-cvs-ioctl_nodirection.patch -> 0005-qemu-cvs-ioctl_nodirection.patch 0009-linux-user-add-binfmt-wrapper-for-a.patch -> 0006-linux-user-add-binfmt-wrapper-for-a.patch 0010-PPC-KVM-Disable-mmu-notifier-check.patch -> 0007-PPC-KVM-Disable-mmu-notifier-check.patch 0011-linux-user-fix-segfault-deadlock.patch -> 0008-linux-user-fix-segfault-deadlock.patch 0012-linux-user-binfmt-support-host-bina.patch -> 0009-linux-user-binfmt-support-host-bina.patch 0013-linux-user-Fake-proc-cpuinfo.patch -> 0010-linux-user-Fake-proc-cpuinfo.patch 0014-linux-user-XXX-disable-fiemap.patch -> 0011-linux-user-XXX-disable-fiemap.patch 0017-linux-user-use-target_ulong.patch -> 0012-linux-user-use-target_ulong.patch 0021-console-add-question-mark-escape-op.patch -> 0013-console-add-question-mark-escape-op.patch 0022-Make-char-muxer-more-robust-wrt-sma.patch -> 0014-Make-char-muxer-more-robust-wrt-sma.patch 0023-linux-user-lseek-explicitly-cast-no.patch -> 0015-linux-user-lseek-explicitly-cast-no.patch 0025-AIO-Reduce-number-of-threads-for-32.patch -> 0016-AIO-Reduce-number-of-threads-for-32.patch 0027-xen_disk-Add-suse-specific-flush-di.patch -> 0017-xen_disk-Add-suse-specific-flush-di.patch 0028-qemu-bridge-helper-reduce-security-.patch -> 0018-qemu-bridge-helper-reduce-security-.patch 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0019-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0030-configure-Fix-detection-of-seccomp-.patch -> 0020-configure-Fix-detection-of-seccomp-.patch 0031-linux-user-properly-test-for-infini.patch -> 0020-linux-user-properly-test-for-infini.patch 0033-roms-Makefile-pass-a-packaging-time.patch -> 0022-roms-Makefile-pass-a-packaging-time.patch 0034-Raise-soft-address-space-limit-to-h.patch -> 0023-Raise-soft-address-space-limit-to-h.patch 0035-increase-x86_64-physical-bits-to-42.patch -> 0024-increase-x86_64-physical-bits-to-42.patch 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0025-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0037-i8254-Fix-migration-from-SLE11-SP2.patch -> 0026-i8254-Fix-migration-from-SLE11-SP2.patch 0038-acpi_piix4-Fix-migration-from-SLE11.patch -> 0027-acpi_piix4-Fix-migration-from-SLE11.patch 0039-Fix-tigervnc-long-press-issue.patch -> 0028-Fix-tigervnc-long-press-issue.patch 0041-string-input-visitor-Fix-uint64-par.patch -> 0029-string-input-visitor-Fix-uint64-par.patch 0042-test-string-input-visitor-Add-int-t.patch -> 0030-test-string-input-visitor-Add-int-t.patch 0043-test-string-input-visitor-Add-uint6.patch -> 0031-test-string-input-visitor-Add-uint6.patch 0044-tests-Add-QOM-property-unit-tests.patch -> 0032-tests-Add-QOM-property-unit-tests.patch 0045-tests-Add-scsi-disk-test.patch -> 0033-tests-Add-scsi-disk-test.patch * Patches dropped (upstream unless otherwise noted): 0003-qemu-cvs-alsa_bitfield.patch (deemed not needed) 0004-qemu-cvs-alsa_ioctl.patch (deemed not needed) 0005-qemu-cvs-alsa_mmap.patch (deemed not needed) 0015-slirp-nooutgoing.patch (bsc#1055125) 0016-vnc-password-file-and-incoming-conn.patch (bsc#1055127) 0018-block-Add-support-for-DictZip-enabl.patch (bsc#1046783) 0019-block-Add-tar-container-format.patch (bsc#1046783) 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch (bsc#1046783) 0024-configure-Enable-PIE-for-ppc-and-pp.patch (obsolete) 0026-dictzip-Fix-on-big-endian-systems.patch (bsc#1046783) 0032-linux-user-remove-all-traces-of-qem.patch 0040-fix-xen-hvm-direct-kernel-boot.patch (bsc#970791) 0046-RFC-update-Linux-headers-from-irqs-.patch 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch 0048-input-Add-trace-event-for-empty-key.patch 0049-ACPI-don-t-call-acpi_pcihp_device_p.patch 0050-i386-Allow-cpuid-bit-override.patch (was for testing only) 0051-input-limit-kbd-queue-depth.patch 0052-audio-release-capture-buffers.patch 0053-scsi-avoid-an-off-by-one-error-in-m.patch 0054-vmw_pvscsi-check-message-ring-page-.patch 0055-9pfs-local-forbid-client-access-to-.patch 0056-jazz_led-fix-bad-snprintf.patch 0057-slirp-smb-Replace-constant-strings-.patch 0058-altera_timer-fix-incorrect-memset.patch 0059-Hacks-for-building-on-gcc-7-Fedora-.patch 0060-9pfs-local-fix-unlink-of-alien-file.patch 0061-megasas-do-not-read-DCMD-opcode-mor.patch 0062-megasas-always-store-SCSIRequest-in.patch 0063-nbd-Fully-initialize-client-in-case.patch 0064-9pfs-local-remove-use-correct-path-.patch 0065-hid-Reset-kbd-modifiers-on-reset.patch 0066-input-Decrement-queue-count-on-kbd-.patch 0067-xhci-only-update-dequeue-ptr-on-com.patch 0068-vnc-Set-default-kbd-delay-to-10ms.patch 0069-qemu-nbd-Ignore-SIGPIPE.patch 0070-usb-redir-fix-stack-overflow-in-usb.patch 0072-slirp-check-len-against-dhcp-option.patch 0071-exec-use-qemu_ram_ptr_length-to-acc.patch 0073-xen-mapcache-store-dma-information-.patch 0074-exec-Add-lock-parameter-to-qemu_ram.patch 0075-Replace-struct-ucontext-with-uconte.patch ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch ipxe-ath-Add-missing-break-statements.patch ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix package build failure as of glibc v2.26 update in Factory (boo#1055587) 0075-Replace-struct-ucontext-with-uconte.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Remove redundant prerequire for pwdutils- Postrequire acl for setfacl- Prerequire shadow for groupadd- The recent security fix for CVE-2017-11334 adversely affects Xen. Include two additional patches to make sure Xen is going to be OK. 0073-xen-mapcache-store-dma-information-.patch 0074-exec-Add-lock-parameter-to-qemu_ram.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Pre-add group kvm for qemu-tools (bsc#1011144)- Fixed a few more inaccuracies in the support docs.- Address various security/stability issues * Fix DOS vulnerability in qemu-nbd (bsc#1046636 CVE-2017-10664) 0069-qemu-nbd-Ignore-SIGPIPE.patch * Fix DOS from stack overflow in debug messages of usb redirection support (bsc#1047674 CVE-2017-10806) 0070-usb-redir-fix-stack-overflow-in-usb.patch * Fix OOB access during DMA operation (CVE-2017-11334 bsc#1048902) 0071-exec-use-qemu_ram_ptr_length-to-acc.patch * Fix OOB access parsing dhcp slirp options (CVE-2017-11434 bsc#1049381) 0072-slirp-check-len-against-dhcp-option.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12 SP3. Apply a few additional clarifications in the support docs. (bsc#1050268) - Adjust to libvdeplug-devel package naming changes.- Fix migration with xhci (bsc#1048296) 0067-xhci-only-update-dequeue-ptr-on-com.patch - Increase VNC delay to fix missing keyboard input events (bsc#1031692) 0068-vnc-Set-default-kbd-delay-to-10ms.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Remove build dependency package iasl used for seabios- Fixed stuck state during usb keyboard reset (bsc#1044936) 0065-hid-Reset-kbd-modifiers-on-reset.patch - Fixed keyboard events getting lost (bsc#1044936) 0066-input-Decrement-queue-count-on-kbd-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Use most recent compiler to build size-critical firmware, instead of hard-coding gcc6 for all target versions (bsc#1043390) * A few upstream ipxe patches were needed for gcc7 compatibility: ipxe-ath-Add-missing-break-statements.patch ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch - Add --no-renames to the git format-patch command in the git workflow script for better patch compatibility - Address various security/stability issues * Fix potential privilege escalation in virtfs (CVE-2016-9602 bsc#1020427) 0060-9pfs-local-fix-unlink-of-alien-file.patch * Fix DOS in megasas device emulation (CVE-2017-9503 bsc#1043296) 0061-megasas-do-not-read-DCMD-opcode-mor.patch 0062-megasas-always-store-SCSIRequest-in.patch * Fix DOS in qemu-nbd server (CVE-2017-9524 bsc#1043808) 0063-nbd-Fully-initialize-client-in-case.patch * Fix regression introduced by recent virtfs security fixes (bsc#1045035) 0064-9pfs-local-remove-use-correct-path-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Backport ipxe to support FirstBurstLength (bsc#1040476) ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch- Fixes for gcc7 compatability (bsc#1040228) (in behalf of Liang Yan) 0056-jazz_led-fix-bad-snprintf.patch 0057-slirp-smb-Replace-constant-strings-.patch 0058-altera_timer-fix-incorrect-memset.patch 0059-Hacks-for-building-on-gcc-7-Fedora-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Protect access to metadata in virtio-9pfs (CVE-2017-7493 bsc#1039495) 0055-9pfs-local-forbid-client-access-to-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Address various security/stability issues * Fix DOS potential in vnc interface (CVE-2017-8379 bsc#1037334) 0051-input-limit-kbd-queue-depth.patch * Fix DOS potential in vnc interface (CVE-2017-8309 bsc#1037242) 0052-audio-release-capture-buffers.patch * Fix OOB access in megasas device emulation (CVE-2017-8380 bsc#1037336) 0053-scsi-avoid-an-off-by-one-error-in-m.patch * Fix DOS in Vmware pv scsi emulation (CVE-2017-8112 bsc#1036211) 0054-vmw_pvscsi-check-message-ring-page-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Fix building packages for some older distros. - Further refine our handling of building firmware (or not) for the various arch's and distro versions we build for. Note that if we don't build x86 firmware, (eg: x86 Leap 42.1) the upstream binary blobs are used, which may have migration incompatibilities with previous versions of qemu provided.- Fix issue in shipping qemu v2.9.0, where pci-passthrough for Xen HVM guests got broken (bsc#1034131) 0049-ACPI-don-t-call-acpi_pcihp_device_p.patch - Include experimental, unsupported feature to assist in some performance analysis work. 0050-i386-Allow-cpuid-bit-override.patch- Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9 * Includes fix for CVE-2017-7471, a virtfs security issue. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Add empty keyboard queue tracepoint to help openQA testing work better (bsc#1031692) 0048-input-Add-trace-event-for-empty-key.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9 - Enable ceph/rbd support for s390x (bsc#1030068) - Enable ceph/rbd support for ppc* as available - Update ARM in-kernel-timers patch (bsc#1033416) * Patches renamed: 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch 0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch 0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch 0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch 0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch 0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch * Patches added (support patch): 0046-RFC-update-Linux-headers-from-irqs-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (included in upstream source archive): 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Added additional documentation provided with v2.9.0 - Fix build failure with gcc7 (bsc#1031340) ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch - Made miscellaneous spec file refinements- The support documents included are now fairly accurate for the arm and s390 world, and the x86 version also received a few tweaks. Also included in those docs is a url reference to upstream qemu deprecation plans and discussions. (fate#321146) - Add post v2.9.0-rc2 upstream patches which fix -cpu host and -cpu max feature overrides for libvirt compatability. 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9 * Includes fix for in guest privilege escalation when using TCG (bsc#1030624) * Patches dropped (equivalent included in upstream source archive): 0047-linux-user-exclude-cpu-model-code-w.patch - Fix failure booting SLE12-SP2 Aarch64 guest (bsc#1031384) 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (no longer needed based on what we now build for): 0024-virtfs-proxy-helper-Provide-__u64-f.patch * Patches dropped (included in upstream source archive): 0034-dma-rc4030-limit-interval-timer-rel.patch * Patches renamed: 0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch 0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch 0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch 0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch 0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch 0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch 0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch 0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch 0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch 0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch 0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch 0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch 0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch 0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch 0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch 0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch 0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch 0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch 0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9 * Updated version carries fixes for the following reported issues: CVE-2016-9602 bsc#1020427, CVE-2016-9923 bsc#1014703, CVE-2017-2630 bsc#1025396, CVE-2017-2633 bsc#1026612, CVE-2017-5579 bsc#1021741, CVE-2017-5931 bsc#1024114, CVE-2017-5973 bsc#1025109, CVE-2017-5987 bsc#1025311, CVE-2017-6058 bsc#1025837, CVE-2017-6505 bsc#1028184 * Patches dropped: seabios_128kb.patch (no longer required) * Patches dropped (included in upstream source archive): 0035-net-imx-limit-buffer-descriptor-cou.patch 0045-virtio-gpu-call-cleanup-mapping-fun.patch 0051-virtio-gpu-fix-information-leak-in-.patch 0052-display-cirrus-ignore-source-pitch-.patch 0053-s390x-kvm-fix-small-race-reboot-vs..patch 0054-target-s390x-use-qemu-cpu-model-in-.patch 0056-tests-check-path-to-avoid-a-failing.patch 0057-display-virtio-gpu-3d-check-virgl-c.patch 0058-watchdog-6300esb-add-exit-function.patch 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch 0060-virtio-gpu-fix-memory-leak-in-resou.patch 0061-virtio-fix-vq-inuse-recalc-after-mi.patch 0062-audio-es1370-add-exit-function.patch 0063-audio-ac97-add-exit-function.patch 0064-megasas-fix-guest-triggered-memory-.patch 0065-cirrus-handle-negative-pitch-in-cir.patch 0066-cirrus-fix-blit-address-mask-handli.patch 0067-cirrus-fix-oob-access-issue-CVE-201.patch 0068-usb-ccid-check-ccid-apdu-length.patch 0069-sd-sdhci-check-data-length-during-d.patch 0070-virtio-gpu-fix-resource-leak-in-vir.patch 0071-cirrus-fix-patterncopy-checks.patch 0072-cirrus-add-blit_is_unsafe-call-to-c.patch * Patches renamed: 0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch 0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch 0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch 0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch 0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch 0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch 0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch 0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch 0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch 0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch 0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch 0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Buildignore for the global gcc-PIE, as this package enables PIE on its own and has troubles if all use it. (meissner@suse.com)- Address various security/stability issues * Fix OOB access in virito-gpu-3d (CVE-2016-10028 bsc#1017084 bsc#1016503) 0057-display-virtio-gpu-3d-check-virgl-c.patch * Fix DOS in Intel 6300ESB device emulation (CVE-2016-10155 bsc#1021129) 0058-watchdog-6300esb-add-exit-function.patch * Fix DOS in virtio-gpu-3d (CVE-2017-5552 bsc#1021195) 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch * Fix DOS in virtio-gpu (CVE-2017-5578 bsc#1021481) 0060-virtio-gpu-fix-memory-leak-in-resou.patch * Fix cause of infrequent migration failures from bad virtio device state. (bsc#1020928) 0061-virtio-fix-vq-inuse-recalc-after-mi.patch * Fix DOS in es1370 emulated audio device (CVE-2017-5526 bsc#1020589) 0062-audio-es1370-add-exit-function.patch * Fix DOS in ac97 emulated audio device (CVE-2017-5525 bsc#1020491) 0063-audio-ac97-add-exit-function.patch * Fix DOS in megasas device emulation (CVE-2017-5856 bsc#1023053) 0064-megasas-fix-guest-triggered-memory-.patch * Fix various inaccuracies in cirrus vga device emulation 0065-cirrus-handle-negative-pitch-in-cir.patch 0066-cirrus-fix-blit-address-mask-handli.patch * Fix OOB access in cirrus vga emulation (CVE-2017-2615 bsc#1023004) 0067-cirrus-fix-oob-access-issue-CVE-201.patch * Fix DOS in usb CCID card device emulator (CVE-2017-5898 bsc#1023907) 0068-usb-ccid-check-ccid-apdu-length.patch * Fix OOB access in SDHCI device emulation (CVE-2017-5667 bsc#1022541) 0069-sd-sdhci-check-data-length-during-d.patch * Fix DOS in virtio-gpu-3d (CVE-2017-5857 bsc#1023073) 0070-virtio-gpu-fix-resource-leak-in-vir.patch * Fix cirrus patterncopy checks 0071-cirrus-fix-patterncopy-checks.patch * Fix OOB access in cirrus vga emulation (CVE-2017-2620 bsc#1024972) 0072-cirrus-add-blit_is_unsafe-call-to-c.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8- Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583)- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Check that sysfs path exists before running test which requires it. This allows qemu-testsuite to succeed in local build service chroot based package build. 0056-tests-check-path-to-avoid-a-failing.patch- Factory and SLE12-SP3 got a name change in the dtc devel package: libfdt1-devel -> libfdt-devel. Adjust our spec file accordingly.- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Patches added: 0055-linux-user-exclude-cpu-model-code-w.patch- Make sure qemu guest agent is usable as soon as qemu-guest-agent package is installed. The previous post script was still not doing the job. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Fix potential hang/crash rebooting s390x guest 0053-s390x-kvm-fix-small-race-reboot-vs..patch * Fix s390x linux-user failure since v2.8.0 update 0054-target-s390x-use-qemu-cpu-model-in-.patch- Merge qemu packages from openSUSE and SUSE SLE releases together for the v2.8 qemu update. The qemu.changes file is the openSUSE version with this entry providing CVE, FATE, and bugzilla references from the SUSE SLE qemu package to date (see below) - Updated to v2.8.0: See http://wiki.qemu-project.org/ChangeLog/2.8 * For SUSE SLE-12-SP3, update relates to fate#319684, fate#321331, fate#321335, fate#321339, fate#321349, fate#321857 * For best compatibility, qemu-ifup and kvm_stat scripts now owned by qemu package * Build ipxe roms with gcc6 to maintain SLE legacy migration compatibility requirements * qmp-commands.txt file removed, to resurface in future doc reorganization * qemu-tech.html file merged into other existing doc * trace-events renamed to trace-events-all - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Patches dropped (upstream): 0013-linux-user-lock-tcg.patch 0014-linux-user-Run-multi-threaded-code-.patch 0015-linux-user-lock-tb-flushing-too.patch 0017-linux-user-implement-FS_IOC_GETFLAG.patch 0018-linux-user-implement-FS_IOC_SETFLAG.patch 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch 0041-vmsvga-correct-bitmap-and-pixmap-si.patch 0042-scsi-mptconfig-fix-an-assert-expres.patch 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch 0046-scsi-mptsas-use-g_new0-to-allocate-.patch 0047-scsi-pvscsi-limit-process-IO-loop-t.patch 0048-virtio-add-check-for-descriptor-s-m.patch 0049-net-mcf-limit-buffer-descriptor-cou.patch 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch 0051-xhci-limit-the-number-of-link-trbs-.patch 0052-9pfs-allocate-space-for-guest-origi.patch 0053-9pfs-fix-memory-leak-in-v9fs_link.patch 0054-9pfs-fix-potential-host-memory-leak.patch 0055-9pfs-fix-information-leak-in-xattr-.patch 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch 0057-9pfs-fix-memory-leak-in-v9fs_write.patch 0058-char-serial-check-divider-value-aga.patch 0059-net-pcnet-check-rx-tx-descriptor-ri.patch 0060-net-eepro100-fix-memory-leak-in-dev.patch 0061-net-rocker-set-limit-to-DMA-buffer-.patch 0062-net-vmxnet-initialise-local-tx-desc.patch 0063-net-rtl8139-limit-processing-of-rin.patch 0064-audio-intel-hda-check-stream-entry-.patch 0065-virtio-gpu-fix-memory-leak-in-virti.patch 0066-9pfs-fix-integer-overflow-issue-in-.patch slof_xhci.patch * Patches renamed: 0016-linux-user-Fake-proc-cpuinfo.patch -> 0013-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-XXX-disable-fiemap.patch -> 0014-linux-user-XXX-disable-fiemap.patch 0020-slirp-nooutgoing.patch -> 0015-slirp-nooutgoing.patch 0021-vnc-password-file-and-incoming-conn.patch -> 0016-vnc-password-file-and-incoming-conn.patch 0022-linux-user-use-target_ulong.patch -> 0017-linux-user-use-target_ulong.patch 0023-block-Add-support-for-DictZip-enabl.patch -> 0018-block-Add-support-for-DictZip-enabl.patch 0024-block-Add-tar-container-format.patch -> 0019-block-Add-tar-container-format.patch 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0026-console-add-question-mark-escape-op.patch -> 0021-console-add-question-mark-escape-op.patch 0027-Make-char-muxer-more-robust-wrt-sma.patch -> 0022-Make-char-muxer-more-robust-wrt-sma.patch 0028-linux-user-lseek-explicitly-cast-no.patch -> 0023-linux-user-lseek-explicitly-cast-no.patch 0029-virtfs-proxy-helper-Provide-__u64-f.patch -> 0024-virtfs-proxy-helper-Provide-__u64-f.patch 0030-configure-Enable-PIE-for-ppc-and-pp.patch -> 0025-configure-Enable-PIE-for-ppc-and-pp.patch 0031-AIO-Reduce-number-of-threads-for-32.patch -> 0026-AIO-Reduce-number-of-threads-for-32.patch 0032-dictzip-Fix-on-big-endian-systems.patch -> 0027-dictzip-Fix-on-big-endian-systems.patch 0033-xen_disk-Add-suse-specific-flush-di.patch -> 0028-xen_disk-Add-suse-specific-flush-di.patch 0035-qemu-bridge-helper-reduce-security-.patch -> 0029-qemu-bridge-helper-reduce-security-.patch 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0037-configure-Fix-detection-of-seccomp-.patch -> 0031-configure-Fix-detection-of-seccomp-.patch 0038-linux-user-properly-test-for-infini.patch -> 0032-linux-user-properly-test-for-infini.patch 0040-linux-user-remove-all-traces-of-qem.patch -> 0033-linux-user-remove-all-traces-of-qem.patch 0067-dma-rc4030-limit-interval-timer-rel.patch -> 0034-dma-rc4030-limit-interval-timer-rel.patch 0068-net-imx-limit-buffer-descriptor-cou.patch -> 0035-net-imx-limit-buffer-descriptor-cou.patch 0069-roms-Makefile-pass-a-packaging-time.patch -> 0036-roms-Makefile-pass-a-packaging-time.patch * Patches added: 0037-Raise-soft-address-space-limit-to-h.patch 0038-increase-x86_64-physical-bits-to-42.patch 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0040-i8254-Fix-migration-from-SLE11-SP2.patch 0041-acpi_piix4-Fix-migration-from-SLE11.patch 0042-Fix-tigervnc-long-press-issue.patch 0043-fix-xen-hvm-direct-kernel-boot.patch 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch 0045-virtio-gpu-call-cleanup-mapping-fun.patch 0046-string-input-visitor-Fix-uint64-par.patch 0047-test-string-input-visitor-Add-int-t.patch 0048-test-string-input-visitor-Add-uint6.patch 0049-tests-Add-QOM-property-unit-tests.patch 0050-tests-Add-scsi-disk-test.patch 0051-virtio-gpu-fix-information-leak-in-.patch 0052-display-cirrus-ignore-source-pitch-.patch ipxe-use-gcc6-for-more-compact-code.patch * SLE patches dropped (accounted for in above listed changes): 0002-qemu-0.9.0.cvs-binfmt.patch 0009-block-vmdk-Support-creation-of-SCSI.patch 0010-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch 0014-linux-user-Ignore-broken-loop-ioctl.patch 0015-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch 0024-linux-user-add-more-blk-ioctls.patch 0025-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-_u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch 0034-Raise-soft-address-space-limit-to-h.patch 0035-increase-x86_64-physical-bits-to-42.patch 0036-vnc-provide-fake-color-map.patch 0037-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0038-i8254-Fix-migration-from-SLE11-SP2.patch 0039-acpi_piix4-Fix-migration-from-SLE11.patch 0040-qtest-Increase-socket-timeout-to-ac.patch 0041-dictzip-Fix-on-big-endian-systems.patch 0043-xen_disk-Add-suse-specific-flush-di.patch 0044-Split-large-discard-requests-from-b.patch 0045-fix-xen-hvm-direct-kernel-boot.patch 0046-xen-introduce-dummy-system-device.patch 0047-xen-write-information-about-support.patch 0048-xen-add-pvUSB-backend.patch 0049-xen-move-xen_sysdev-to-xen_backend..patch 0050-vnc-add-configurable-keyboard-delay.patch 0051-xen-SUSE-xenlinux-unplug-for-emulat.patch 0052-configure-add-echo_version-helper.patch 0053-configure-support-vte-2.91.patch 0054-scsi-esp-fix-migration.patch 0055-hw-arm-virt-mark-the-PCIe-host-cont.patch 0056-xen-when-removing-a-backend-don-t-r.patch 0057-xen-drain-submit-queue-in-xen-usb-b.patch 0058-qcow2-avoid-extra-flushes-in-qcow2.patch 0059-qemu-bridge-helper-reduce-security-.patch 0060-xen-use-a-common-function-for-pv-an.patch 0061-xen_platform-unplug-also-SCSI-disks.patch 0062-virtio-check-vring-descriptor-buffe.patch 0063-net-vmxnet3-check-for-device_active.patch 0064-net-vmxnet-initialise-local-tx-desc.patch 0065-scsi-pvscsi-avoid-infinite-loop-whi.patch 0066-ARM-KVM-Enable-in-kernel-timers-wit.patch 0067-hw-net-Fix-a-heap-overflow-in-xlnx..patch 0068-vmsvga-correct-bitmap-and-pixmap-si.patch 0069-usb-xhci-fix-memory-leak-in-usb_xhc.patch 0070-virtio-add-check-for-descriptor-s-m.patch 0071-net-mcf-limit-buffer-descriptor-cou.patch 0072-usb-ehci-fix-memory-leak-in-ehci_pr.patch 0073-xhci-limit-the-number-of-link-trbs-.patch 0074-9pfs-allocate-space-for-guest-origi.patch 0075-9pfs-fix-memory-leak-in-v9fs_link.patch 0076-9pfs-fix-potential-host-memory-leak.patch 0077-9pfs-fix-memory-leak-in-v9fs_write.patch 0078-char-serial-check-divider-value-aga.patch 0079-net-pcnet-check-rx-tx-descriptor-ri.patch 0080-net-eepro100-fix-memory-leak-in-dev.patch 0081-net-rocker-set-limit-to-DMA-buffer-.patch 0082-net-rtl8139-limit-processing-of-rin.patch 0083-audio-intel-hda-check-stream-entry-.patch 0084-virtio-gpu-fix-memory-leak-in-virti.patch 0085-9pfs-fix-integer-overflow-issue-in-.patch 0086-dma-rc4030-limit-interval-timer-rel.patch 0087-net-imx-limit-buffer-descriptor-cou.patch 0088-target-i386-Implement-CPUID-0xB-Ext.patch 0089-target-i386-present-virtual-L3-cach.patch 0090-migration-fix-inability-to-save-VM-.patch 0091-ui-gtk-Fix-a-runtime-warning-on-vte.patch 0092-gtk-don-t-leak-the-GtkBorder-with-V.patch 0093-xen-fix-ioreq-handling.patch 0094-macio-Use-blk_drain-instead-of-blk_.patch 0095-rbd-Switch-rbd_start_aio-to-byte-ba.patch 0096-virtio-blk-Release-s-rq-queue-at-sy.patch 0097-virtio-blk-Remove-stale-comment-abo.patch 0098-block-reintroduce-bdrv_flush_all.patch 0099-qemu-use-bdrv_flush_all-for-vm_stop.patch 0100-block-backend-remove-blkflush_all.patch 0101-char-fix-missing-return-in-error-pa.patch 0102-rbd-shift-byte-count-as-a-64-bit-va.patch 0103-mirror-use-bdrv_drained_begin-bdrv_.patch 0104-block-curl-Use-BDRV_SECTOR_SIZE.patch 0105-block-curl-Fix-return-value-from-cu.patch 0106-block-curl-Remember-all-sockets.patch 0107-block-curl-Do-not-wait-for-data-bey.patch 0108-virtio-allow-per-device-class-legac.patch 0109-virtio-net-mark-VIRTIO_NET_F_GSO-as.patch 0110-vhost-adapt-vhost_verify_ring_mappi.patch 0111-ivshmem-Fix-64-bit-memory-bar-confi.patch 0112-intel_iommu-fix-incorrect-device-in.patch 0113-9pfs-fix-information-leak-in-xattr-.patch 0114-9pfs-fix-memory-leak-in-v9fs_xattrc.patch 0115-net-mcf-check-receive-buffer-size-r.patch 0116-virtio-gpu-fix-memory-leak-in-updat.patch 0117-virtio-gpu-fix-information-leak-in-.patch 0118-9pfs-adjust-the-order-of-resource-c.patch 0119-9pfs-add-cleanup-operation-in-FileO.patch 0120-9pfs-add-cleanup-operation-for-hand.patch 0121-9pfs-add-cleanup-operation-for-prox.patch 0122-virtio-gpu-call-cleanup-mapping-fun.patch 0123-string-input-visitor-Fix-uint64-par.patch 0124-test-string-input-visitor-Add-int-t.patch 0125-test-string-input-visitor-Add-uint6.patch 0126-tests-Add-QOM-property-unit-tests.patch 0127-tests-Add-scsi-disk-test.patch 0128-usb-ehci-fix-memory-leak-in-ehci_in.patch 0129-usbredir-free-vm_change_state_handl.patch 0130-virtio-gpu-fix-information-leak-in-.patch ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch ipxe-legacy-Fix-building-with-GCC-6.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-util-v5.24-perl-errors-on-redeclare.patch - SLE CVE, FATE, and bugzilla references not otherwise listed in this changelog file. The intent of this list is to indicate that the fix or feature continues the line of inheritance in the development stream of this package. The list is intended to satisfy searches only - refer to the SLE-12-SP2 changelog file for additional details. * fate#314468 fate#314497 fate#315125 fate#315467 fate#317015 fate#317741 fate#317763 fate#318349 fate#319660 fate#319979 fate#321010 * bnc#812983 bnc#869026 bnc#869746 bnc#874413 bnc#875582 bnc#875870 bnc#877642 bnc#877645 bnc#878541 bsc#882405 bsc#886378 bnc#893339 bnc#893892 bnc#895369 bnc#896726 bnc#897654 bnc#905097 bnc#907805 bnc#908380 bnc#914521 bsc#924018 bsc#929339 bsc#932267 bsc#932770 bsc#933981 bsc#936537 bsc#937125 bsc#938344 bsc#940929 bsc#942845 bsc#943446 bsc#944697 bsc#945404 bsc#945987 bsc#945989 bsc#946020 bsc#947159 bnc#953518 bsc#954864 bsc#956829 bsc#957162 bsc#958491 bsc#958917 bsc#959005 bsc#959386 bsc#960334 bsc#960708 bsc#960725 bsc#960835 bsc#961333 bsc#961556 bsc#961691 bsc#962320 bsc#963782 bsc#964413 bsc#970791 bsc#974141 bsc#978158 bsc#979473 bsc#982365 bsc#989655 bsc#991466 bsc#994771 bsc#994774 bsc#996441 bsc#997858 bsc#999212 bsc#1001151 bsc#1002116 bsc#1005353 boo#1007263 bsc#1007769 bsc#1008519 bsc#1009109 bsc#1013285 bsc#1013341 bsc#1013764 bsc#1013767 bsc#1014109 bsc#1014110 bsc#1014111 bsc#1014112 bsc#1014256 bsc#1014514 bsc#1014702 bsc#1015169 bsc#1016779 * CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-6490 CVE-2016-6833 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7161 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922- Despite the previous entry about re-enabling ceph on Nov 19, 2016 the change wasn't actually done. Do it now.- sgabios-stable-buildid.patch: Use geeko@buildhost- slof_xhci.patch: XHCI fixes (boo#977027)- Recommend x86 ROMs for emulated PCI cards on ppc, arm, others (bsc#1005869, michals)- Tidy SLOF patch boilerplate (michals)- Build with spice on all archs. (boo#1009438, michals)- Refine the approach to producing stable builds in our ROM based packages. All built roms which have hostname or date calls now produce consistent results build to build via patch changes, so remove the hostname and date call workarounds. (bsc#1011213) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0069-roms-Makefile-pass-a-packaging-time.patch sgabios-stable-buildid.patch- Re-enable ceph (rbd) functionality in OBS builds as we've been told the issues which prompted us to disable it are resolved - Address various security/stability issues * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516) 0041-vmsvga-correct-bitmap-and-pixmap-si.patch * Fix DOS in LSI SAS1068 emulation (CVE-2016-7157 bsc#997860) 0042-scsi-mptconfig-fix-an-assert-expres.patch 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch * Fix DOS in Vmware pv scsi interface (CVE-2016-7156 bsc#997859) 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch * Fix DOS in USB xHCI emulation (CVE-2016-7466 bsc#1000345) 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch * Fix OOB access in LSI SAS1068 emulation (CVE-2016-7423 bsc#1000397) 0046-scsi-mptsas-use-g_new0-to-allocate-.patch * Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661) 0047-scsi-pvscsi-limit-process-IO-loop-t.patch * Fix NULL pointer dereference in virtio processing (CVE-2016-7422 bsc#1000346) 0048-virtio-add-check-for-descriptor-s-m.patch * Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550) 0049-net-mcf-limit-buffer-descriptor-cou.patch * Fix DOS in USB EHCI emulation (CVE-2016-7995 bsc#1003612) 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878) 0051-xhci-limit-the-number-of-link-trbs-.patch * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894) 0052-9pfs-allocate-space-for-guest-origi.patch * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494) 0053-9pfs-fix-memory-leak-in-v9fs_link.patch * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893) 0054-9pfs-fix-potential-host-memory-leak.patch * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454) 0055-9pfs-fix-information-leak-in-xattr-.patch * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450) 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495) 0057-9pfs-fix-memory-leak-in-v9fs_write.patch * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707) 0058-char-serial-check-divider-value-aga.patch * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557) 0059-net-pcnet-check-rx-tx-descriptor-ri.patch * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391) 0060-net-eepro100-fix-memory-leak-in-dev.patch * Fix OOB access in Rocker switch emulation (CVE-2016-8668 bsc#1004706) 0061-net-rocker-set-limit-to-DMA-buffer-.patch * Plug data leak in vmxnet3 emulation (CVE-2016-6836 bsc#994760) 0062-net-vmxnet-initialise-local-tx-desc.patch * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538) 0063-net-rtl8139-limit-processing-of-rin.patch * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536) 0064-audio-intel-hda-check-stream-entry-.patch * Fix DOS in virtio-gpu (CVE-2016-7994 bsc#1003613) 0065-virtio-gpu-fix-memory-leak-in-virti.patch * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493) 0066-9pfs-fix-integer-overflow-issue-in-.patch * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702) 0067-dma-rc4030-limit-interval-timer-rel.patch * Fix DOS in i.MX NIC emulation (CVE-2016-7907 bsc#1002549) 0068-net-imx-limit-buffer-descriptor-cou.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7- Use fixed timestamps and stable build_id in ipxe and other ROMs * Patches added: ipxe-stable-buildid.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patch updated: 0040-linux-user-skip-0-flag-from-proc-se.patch -> 0040-linux-user-remove-all-traces-of-qem.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0040-linux-user-skip-0-flag-from-proc-se.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch- Document two new options, but leave jemalloc disabled for now - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches dropped: 0034-build-link-with-libatomic-on-powerp.patch * Patches renamed: 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch 0036-qemu-bridge-helper-reduce-security-.patch -> 0035-qemu-bridge-helper-reduce-security-.patch 0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0038-configure-Fix-detection-of-seccomp-.patch -> 0037-configure-Fix-detection-of-seccomp-.patch 0039-linux-user-properly-test-for-infini.patch -> 0038-linux-user-properly-test-for-infini.patch- Updated to v2.7.0: See http://wiki.qemu-project.org/ChangeLog/2.7 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0039-linux-user-properly-test-for-infini.patch- Use new kvm_stat package where available, else provide updated kvm_stat script.- Update to v2.7.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.7- Updated to v2.7.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.7 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches dropped: 0002-qemu-0.9.0.cvs-binfmt.patch (script rewritten upstream) 0009-block-vmdk-Support-creation-of-SCSI.patch (deprecated) 0014-linux-user-Ignore-broken-loop-ioctl.patch (implemented upstream) 0024-linux-user-add-more-blk-ioctls.patch (more implemented upstream) 0034-qtest-Increase-socket-timeout.patch (increased further upstream) 0036-configure-Enable-libseccomp-for-ppc.patch (enabled upstream) 0038-block-split-large-discard-requests-.patch 0041-xen-introduce-dummy-system-device.patch 0042-xen-write-information-about-support.patch 0043-xen-add-pvUSB-backend.patch 0044-xen-move-xen_sysdev-to-xen_backend..patch 0045-vnc-add-configurable-keyboard-delay.patch 0046-configure-add-echo_version-helper.patch 0047-configure-support-vte-2.91.patch 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch 0050-scsi-esp-fix-migration.patch 0051-xen-when-removing-a-backend-don-t-r.patch 0052-xen-drain-submit-queue-in-xen-usb-b.patch 0053-qcow2-avoid-extra-flushes-in-qcow2.patch 0055-xen-use-a-common-function-for-pv-an.patch ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-legacy-Fix-building-with-GCC-6.patch ipxe-util-v5.24-perl-errors-on-redeclare.patch ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch * Patches renamed: 0010-linux-user-add-binfmt-wrapper-for-a.patch -> 0009-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch -> 0010-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch -> 0011-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch -> 0012-linux-user-binfmt-support-host-bina.patch 0015-linux-user-lock-tcg.patch -> 0013-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch -> 0014-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch -> 0015-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch -> 0016-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch -> 0017-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch -> 0018-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch -> 0019-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch -> 0020-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch -> 0021-vnc-password-file-and-incoming-conn.patch 0025-linux-user-use-target_ulong.patch -> 0022-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch -> 0023-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch -> 0024-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch -> 0026-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch -> 0027-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch -> 0028-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-__u64-f.patch -> 0029-virtfs-proxy-helper-Provide-__u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch -> 0030-configure-Enable-PIE-for-ppc-and-pp.patch 0035-AIO-Reduce-number-of-threads-for-32.patch -> 0031-AIO-Reduce-number-of-threads-for-32.patch 0037-dictzip-Fix-on-big-endian-systems.patch -> 0032-dictzip-Fix-on-big-endian-systems.patch 0039-xen_disk-Add-suse-specific-flush-di.patch -> 0033-xen_disk-Add-suse-specific-flush-di.patch 0040-build-link-with-libatomic-on-powerp.patch -> 0034-build-link-with-libatomic-on-powerp.patch 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch 0054-qemu-bridge-helper-reduce-security-.patch -> 0036-qemu-bridge-helper-reduce-security-.patch * Patches added: 0002-qemu-binfmt-conf-Modify-default-pat.patch 0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch * Package renamed trace-events-all file and linuxboot_dma.bin * Handle building and packaging roms for e1000e and vmxnet3 (Bruce) * Remove ipxe patches which are now enabled upstream (Bruce) * Enable seccomp for s390x (Mark Post): 0038-configure-Fix-detection-of-seccomp-.patch- Update to v2.6.1 a stable, bug-fix-only release (fate#316228) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped (upstreamed): 0041-net-mipsnet-check-packet-length-aga.patch 0042-i386-kvmvapic-initialise-imm32-vari.patch 0043-esp-check-command-buffer-length-bef.patch 0044-esp-check-dma-length-before-reading.patch 0045-scsi-pvscsi-check-command-descripto.patch 0046-scsi-mptsas-infinite-loop-while-fet.patch 0047-vga-add-sr_vbe-register-set.patch 0048-scsi-megasas-use-appropriate-proper.patch 0049-scsi-megasas-check-read_queue_head-.patch 0050-scsi-megasas-null-terminate-bios-ve.patch 0051-vmsvga-move-fifo-sanity-checks-to-v.patch 0052-vmsvga-don-t-process-more-than-1024.patch 0053-block-iscsi-avoid-potential-overflo.patch 0054-scsi-esp-check-TI-buffer-index-befo.patch 0060-scsi-megasas-initialise-local-confi.patch 0065-scsi-esp-check-buffer-length-before.patch 0066-scsi-esp-respect-FIFO-invariant-aft.patch 0067-pci-assign-Move-Invalid-ROM-error-m.patch 0068-Xen-PCI-passthrough-fix-passthrough.patch 0069-scsi-esp-make-cmdbuf-big-enough-for.patch 0071-virtio-error-out-if-guest-exceeds-v.patch * Patches renamed: 0055-xen-introduce-dummy-system-device.patch - > 0041-xen-introduce-dummy-system-device.patch 0056-xen-write-information-about-support.patch - > 0042-xen-write-information-about-support.patch 0057-xen-add-pvUSB-backend.patch - > 0043-xen-add-pvUSB-backend.patch 0058-xen-move-xen_sysdev-to-xen_backend..patch - > 0044-xen-move-xen_sysdev-to-xen_backend..patch 0059-vnc-add-configurable-keyboard-delay.patch - > 0045-vnc-add-configurable-keyboard-delay.patch 0061-configure-add-echo_version-helper.patch - > 0046-configure-add-echo_version-helper.patch 0062-configure-support-vte-2.91.patch - > 0047-configure-support-vte-2.91.patch 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch - > 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch - > 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch 0070-scsi-esp-fix-migration.patch - > 0050-scsi-esp-fix-migration.patch 0072-xen-when-removing-a-backend-don-t-r.patch - > 0051-xen-when-removing-a-backend-don-t-r.patch 0073-xen-drain-submit-queue-in-xen-usb-b.patch - > 0052-xen-drain-submit-queue-in-xen-usb-b.patch 0074-qcow2-avoid-extra-flushes-in-qcow2.patch - > 0053-qcow2-avoid-extra-flushes-in-qcow2.patch 0075-qemu-bridge-helper-reduce-security-.patch - > 0054-qemu-bridge-helper-reduce-security-.patch 0076-xen-use-a-common-function-for-pv-an.patch - > 0055-xen-use-a-common-function-for-pv-an.patch- Temporarily disable ceph (rbd) functionality in OBS due to staging issues.- use upstream solution for building xen-usb.c correctly - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped: 0058-usb-Fix-conditions-that-xen-usb.c-i.patch * Patches added: 0058-xen-move-xen_sysdev-to-xen_backend..patch- Incorporate patch carried in Xen's qemu to get same support as Xen switches to use the qemu package (bsc#953339, bsc#953362, bsc#953518, bsc#984981) 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch - Fix more potential OOB accesses in 53C9X emulation (CVE-2016-5238 bsc#982959) 0065-scsi-esp-check-buffer-length-before.patch 0066-scsi-esp-respect-FIFO-invariant-aft.patch - Avoid "Invalid ROM" error message when it is not appropriate (bsc#982927) 0067-pci-assign-Move-Invalid-ROM-error-m.patch - Fix failure in Xen HVM PCI passthrough (bsc#981925, bsc#989250) 0068-Xen-PCI-passthrough-fix-passthrough.patch - Fix OOB access in 53C9X emulation (CVE-2016-6351 bsc#990835) 0069-scsi-esp-make-cmdbuf-big-enough-for.patch 0070-scsi-esp-fix-migration.patch - Avoid potential for guest initiated OOM condition in qemu through virtio interface (CVE-2016-5403 bsc#991080) 0071-virtio-error-out-if-guest-exceeds-v.patch - Fix potential crashes in qemu from pvusb bugs (bsc#986156) 0072-xen-when-removing-a-backend-don-t-r.patch 0073-xen-drain-submit-queue-in-xen-usb-b.patch - Avoid unneeded flushes in qcow2 which impact performance (bsc#991296) 0074-qcow2-avoid-extra-flushes-in-qcow2.patch - Finally get qemu-bridge-helper the permissions it needs for non- root usage. The kvm group is leveraged to control access. (boo#988279) 0075-qemu-bridge-helper-reduce-security-.patch - Fix pvusb not working for HVM guests (bsc#991785) 0076-xen-use-a-common-function-for-pv-an.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 - Minor spec file formatting fixes- Fix ARM PCIe DMA coherency bug (bsc#991034) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches added: 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch- Clean up the udev ifdeffery to cover systemd as well (boo#860275) - Trigger udev rules also under systemd (boo#989655) - Suppress s390x sysctl in chroot - Ignore s390x sysctl failures (agraf)- Build SLOF for SLE12 now that we have gcc fix (bsc#949000) - Add script for loading kvm module on s390x - Enable seccomp and iscsi support in more configurations - Enable more support for virtio-gpu - Fix /dev/kvm permissions problem with package install and no reboot (bnc#867867) - Remove libtool dependency - Disable more aggressive stack protector for performance reasons - Enable vte to be used again in more configurations (bsc#988855) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches added: 0061-configure-add-echo_version-helper.patch 0062-configure-support-vte-2.91.patch- Remove deprecated patch "work-around-SA_RESTART-race" (boo#982208) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped: 0002-XXX-work-around-SA_RESTART-race-wit.patch 0003-qemu-0.9.0.cvs-binfmt.patch 0004-qemu-cvs-alsa_bitfield.patch 0005-qemu-cvs-alsa_ioctl.patch 0006-qemu-cvs-alsa_mmap.patch 0007-qemu-cvs-gettimeofday.patch 0008-qemu-cvs-ioctl_debug.patch 0009-qemu-cvs-ioctl_nodirection.patch 0010-block-vmdk-Support-creation-of-SCSI.patch 0011-linux-user-add-binfmt-wrapper-for-a.patch 0012-PPC-KVM-Disable-mmu-notifier-check.patch 0013-linux-user-fix-segfault-deadlock.patch 0014-linux-user-binfmt-support-host-bina.patch 0015-linux-user-Ignore-broken-loop-ioctl.patch 0016-linux-user-lock-tcg.patch 0017-linux-user-Run-multi-threaded-code-.patch 0018-linux-user-lock-tb-flushing-too.patch 0019-linux-user-Fake-proc-cpuinfo.patch 0020-linux-user-implement-FS_IOC_GETFLAG.patch 0021-linux-user-implement-FS_IOC_SETFLAG.patch 0022-linux-user-XXX-disable-fiemap.patch 0023-slirp-nooutgoing.patch 0024-vnc-password-file-and-incoming-conn.patch 0025-linux-user-add-more-blk-ioctls.patch 0026-linux-user-use-target_ulong.patch 0027-block-Add-support-for-DictZip-enabl.patch 0028-block-Add-tar-container-format.patch 0029-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0030-console-add-question-mark-escape-op.patch 0031-Make-char-muxer-more-robust-wrt-sma.patch 0032-linux-user-lseek-explicitly-cast-no.patch 0033-virtfs-proxy-helper-Provide-__u64-f.patch 0034-configure-Enable-PIE-for-ppc-and-pp.patch 0035-qtest-Increase-socket-timeout.patch 0036-AIO-Reduce-number-of-threads-for-32.patch 0037-configure-Enable-libseccomp-for-ppc.patch 0038-dictzip-Fix-on-big-endian-systems.patch 0039-block-split-large-discard-requests-.patch 0040-xen_disk-Add-suse-specific-flush-di.patch 0041-build-link-with-libatomic-on-powerp.patch 0042-net-mipsnet-check-packet-length-aga.patch 0043-i386-kvmvapic-initialise-imm32-vari.patch 0044-esp-check-command-buffer-length-bef.patch 0045-esp-check-dma-length-before-reading.patch 0046-scsi-pvscsi-check-command-descripto.patch 0047-scsi-mptsas-infinite-loop-while-fet.patch 0048-vga-add-sr_vbe-register-set.patch 0049-scsi-megasas-use-appropriate-proper.patch 0050-scsi-megasas-check-read_queue_head-.patch 0051-scsi-megasas-null-terminate-bios-ve.patch 0052-vmsvga-move-fifo-sanity-checks-to-v.patch 0053-vmsvga-don-t-process-more-than-1024.patch 0054-block-iscsi-avoid-potential-overflo.patch 0055-scsi-esp-check-TI-buffer-index-befo.patch 0056-xen-introduce-dummy-system-device.patch 0057-xen-write-information-about-support.patch 0058-xen-add-pvUSB-backend.patch 0059-usb-Fix-conditions-that-xen-usb.c-i.patch 0060-vnc-add-configurable-keyboard-delay.patch 0061-scsi-megasas-initialise-local-confi.patch * Patches added: 0002-qemu-0.9.0.cvs-binfmt.patch 0003-qemu-cvs-alsa_bitfield.patch 0004-qemu-cvs-alsa_ioctl.patch 0005-qemu-cvs-alsa_mmap.patch 0006-qemu-cvs-gettimeofday.patch 0007-qemu-cvs-ioctl_debug.patch 0008-qemu-cvs-ioctl_nodirection.patch 0009-block-vmdk-Support-creation-of-SCSI.patch 0010-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch 0014-linux-user-Ignore-broken-loop-ioctl.patch 0015-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch 0024-linux-user-add-more-blk-ioctls.patch 0025-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-__u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch 0034-qtest-Increase-socket-timeout.patch 0035-AIO-Reduce-number-of-threads-for-32.patch 0036-configure-Enable-libseccomp-for-ppc.patch 0037-dictzip-Fix-on-big-endian-systems.patch 0038-block-split-large-discard-requests-.patch 0039-xen_disk-Add-suse-specific-flush-di.patch 0040-build-link-with-libatomic-on-powerp.patch 0041-net-mipsnet-check-packet-length-aga.patch 0042-i386-kvmvapic-initialise-imm32-vari.patch 0043-esp-check-command-buffer-length-bef.patch 0044-esp-check-dma-length-before-reading.patch 0045-scsi-pvscsi-check-command-descripto.patch 0046-scsi-mptsas-infinite-loop-while-fet.patch 0047-vga-add-sr_vbe-register-set.patch 0048-scsi-megasas-use-appropriate-proper.patch 0049-scsi-megasas-check-read_queue_head-.patch 0050-scsi-megasas-null-terminate-bios-ve.patch 0051-vmsvga-move-fifo-sanity-checks-to-v.patch 0052-vmsvga-don-t-process-more-than-1024.patch 0053-block-iscsi-avoid-potential-overflo.patch 0054-scsi-esp-check-TI-buffer-index-befo.patch 0055-xen-introduce-dummy-system-device.patch 0056-xen-write-information-about-support.patch 0057-xen-add-pvUSB-backend.patch 0058-usb-Fix-conditions-that-xen-usb.c-i.patch 0059-vnc-add-configurable-keyboard-delay.patch 0060-scsi-megasas-initialise-local-confi.patch - Enable ceph (rbd) support for aarch64- Enable ceph (rbd) support- Fix OVMF iPXE network menu (bsc#986033, boo#987488) ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch- Fix host information leak to guest in MegaRAID SAS 8708EM2 Host Bus AdapterMegaRAID SAS 8708EM2 Host Bus Adapter emulation support (CVE-2016-5105 bsc#982017) * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 0061-scsi-megasas-initialise-local-confi.patch- Address various security/stability issues * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Fix OOB access in megasas emulated device (CVE-2016-5106 bsc#982018) 0049-scsi-megasas-use-appropriate-proper.patch * Fix OOB access in megasas emulated device (CVE-2016-5107 bsc#982019) 0050-scsi-megasas-check-read_queue_head-.patch * Fix OOB access in megasas emulated device (CVE-2016-5337 bsc#983961) 0051-scsi-megasas-null-terminate-bios-ve.patch * Correct the vmvga fifo access checks (CVE-2016-4454 bsc#982222) 0052-vmsvga-move-fifo-sanity-checks-to-v.patch * Fix potential DoS issue in vmvga processing (CVE-2016-4453 bsc#982223) 0053-vmsvga-don-t-process-more-than-1024.patch * Fix heap buffer overflow flaw when iscsi protocol is used (CVE-2016-5126 bsc#982285) 0054-block-iscsi-avoid-potential-overflo.patch * Fix OOB access in 53C9X emulation (CVE-2016-5338 bsc#983982) 0055-scsi-esp-check-TI-buffer-index-befo.patch - Add support to qemu for pv-usb under Xen (fate#316612) 0056-xen-introduce-dummy-system-device.patch 0057-xen-write-information-about-support.patch 0058-xen-add-pvUSB-backend.patch 0059-usb-Fix-conditions-that-xen-usb.c-i.patch - Provide ability to rate limit keyboard events from the vnc server. This is part of the solution to an issue affecting openQA testing, where characters are lost, resulting in unexpected failures (bsc#974914) 0060-vnc-add-configurable-keyboard-delay.patch- Adjust to parallel changes in virglrenderer packages - no longer "BuildRequires" virglrenderer directly, just the devel package.- Fix build compatibility with gcc6 wrt ipxe rom where compiler warnings are treated as errors. ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-legacy-Fix-building-with-GCC-6.patch - Fix ipxe build script which fails under perl v5.24 ipxe-util-v5.24-perl-errors-on-redeclare.patch - Specify build time disk space requirements for ppc64 and ppc64le- Add sysctl script and %post on s390x to allow kvm usage (bsc#975331)- Address various security/stability issues * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Fix OOB access in MIPSnet emulated controller CVE-2016-4002 (bsc#975136) 0042-net-mipsnet-check-packet-length-aga.patch * Fix possible host data leakage to guest from TPR access CVE-2016-4020 (bsc#975700) 0043-i386-kvmvapic-initialise-imm32-vari.patch * Avoid OOB access in 53C9X emulation CVE-2016-4439 (bsc#980711) 0044-esp-check-command-buffer-length-bef.patch * Avoid OOB access in 53C9X emulation CVE-2016-4441 (bsc#980723) 0045-esp-check-dma-length-before-reading.patch * Avoid OOB access in Vmware PV SCSI emulation CVE-2016-4952 (bsc#981266) 0046-scsi-pvscsi-check-command-descripto.patch * Avoid potential DoS in LSI SAS1068 emulation CVE-2016-4964 (bsc#981399) 0047-scsi-mptsas-infinite-loop-while-fet.patch * Fix regression in vga behavior - introduced in v2.6.0 CVE-2016-3712 (bsc#978160) 0048-vga-add-sr_vbe-register-set.patch- Update to v2.6.0: See http://wiki.qemu-project.org/ChangeLog/2.6 - Enable SDL2, virglrenderer (for use with virtio-gpu), xfsctl, and tracing using default log backend - Build efi pxe roms on x86_64- Check modules for conflicting release versions - Suggest recently added block modules- Bump copyright in qemu.spec.in - Enable libiscsi for Factory - Enable seccomp for ppc64le as well- Update to v2.6.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.6 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped (upstreamed): 0041-tests-Use-correct-config-param-for-.patch * Patches renamed: 0042-build-link-with-libatomic-on-powerp.patch -> 0041-build-link-with-libatomic-on-powerp.patch- Partially revert the last change's cleanup - Indicate SUSE version- Update to v2.6.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.6 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Accept every size in DISCARD request from a guest (bsc#964427) 0039-block-split-large-discard-requests-.patch * Recognize libxl flag to disable flush in block device (bsc#879425) 0040-xen_disk-Add-suse-specific-flush-di.patch * Use correct flag for crypto tests 0041-tests-Use-correct-config-param-for-.patch * Fix build on powerpc: 0042-build-link-with-libatomic-on-powerp.patch * Patches dropped (upstreamed): seabios_checkrom_typo.patch seabios_avoid_smbios_signature_string.patch- Disable vte for Leap, fixing build- Don't drop u-boot.e500 yet - breaks testsuite- Re-enable libcacard support - Clean up configured features- Clean up qemu-tools libcacard Provides/Obsoletes - separate again - Drop u-boot.e500 - being packaged as u-boot-ppce500- Update to v2.5.0: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Patches dropped (upstreamed): 0039-tests-Fix-check-report-qtest-target.patch- Fix build on openSUSE 13.2- Fix testsuite on 32bit systems (bsc#957379)- Update to v2.5.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Rebase libseccomp enablement: 0037-Revert-Revert-seccomp-tests-that-al.patch -> 0037-configure-Enable-libseccomp-for-ppc.patch * Provide qemu-ga and qemu-ipxe for qemu-testsuite - Clean up qemu-ksm recommendation- Fix SLE11 build by fixing systemd conditionalization (from olh)- Update to v2.5.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Patches dropped (upstream): 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch 0039-tests-Unique-test-path-for-string-v.patch gcc5-ipxe-add-missing-const-qualifiers.patch gcc5-ipxe-ath9k-Remove-confusing-logic-inversion-in-an-ANI-var.patch SLOF_ppc64le.patch * Patch renamed: 0040-dictzip-Fix-on-big-endian-systems.patch -> 0038-dictzip-Fix-on-big-endian-systems.patch * --enable-smartcard-nss -> --enable-smartcard Needs an external libcacard, so drop it for now. * Drop --enable-vnc-tls * Require xz-devel for ipxe build * Package qemu-ga(8) man page * Package ivshmem-{client,server} * Patches added: 0039-tests-Fix-check-report-qtest-target.patch- Add systemd unit file and udev rules for qemu guest agent - taken from the SLE12 / Leap package, see boo#955707- Add _constraints file (based on work by kenljohnson)- Enable SLOF build for ppc64le, too, now (bsc#949000, bsc#949016)- Allow building SLOF on ppc64le (bsc#949016) SLOF_ppc64le.patch - Add two checks for DictZip and tar qemu-img behavior (bsc#945778) * Clean up qemu-testsuite build/installation- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix endianness issues in DictZip block driver (bsc#937572, bsc#945778) 0027-block-Add-support-for-DictZip-enabl.patch 0028-block-Add-tar-container-format.patch 0040-dictzip-Fix-on-big-endian-systems.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix qemu-testsuite for glib2-2.46.0 by assuring uniqueness of paths 0039-tests-Unique-test-path-for-string-v.patch- Build SLOF on ppc64 (bsc#949016, thanks to k0da) * Simplify x86 fw logic while at it - No need to enable KVM for armv6hl - Add notice about pre_checkin.sh to update_git.sh- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix aarch64 TCG: 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch- Update to v2.4.0: See http://wiki.qemu-project.org/ChangeLog/2.4- Update to v2.4.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.4 * Provide qemu-img symlink instead of passing QTEST_QEMU_IMG- Update to v2.4.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.4 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches dropped: 0037-linux-user-Allocate-thunk-size-dyna.patch 0039-s390x-Fix-stoc-direction.patch 0040-s390x-Add-interlocked-access-facili.patch 0041-fdc-force-the-fifo-access-to-be-in-.patch 0042-rules.mak-Force-CFLAGS-for-all-obje.patch 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch 0044-hw-arm-boot-Increase-fdt-alignment.patch * Patches renamed: 0038-Revert-Revert-seccomp-tests-that-al.patch -> 0037-Revert-Revert-seccomp-tests-that-al.patch * Package new vgabios-virtio.bin * target-x86_64.conf was dropped * Add qemu-block-dmg module sub-package * Set QTEST_QEMU_IMG variable for ahci-test * --enable-quorum and --enable-vnc-ws are no longer available- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix -kernel boot for AArch64 * Patches added: 0044-hw-arm-boot-Increase-fdt-alignment.patch- Use libusb-1_0-devel as buildrequires, not the old unused compatibility layer in libusb-devel- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix qemu2 cow caching (bsc#933132) * Patches added: 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch- Patch queue updated from git://github.com/jirislaby/qemu.git opensuse-2.3 * Patches added: 0042-rules.mak-Force-CFLAGS-for-all-obje.patch gcc5-ipxe-add-missing-const-qualifiers.patch gcc5-ipxe-ath9k-Remove-confusing-logic-inversion-in-an-ANI-var.patch- Fix CVE-2015-3456 (boo#929339) 0041-fdc-force-the-fifo-access-to-be-in-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches added: 0040-s390x-Add-interlocked-access-facili.patch - Disable dependency on libnuma for s390x (not available in SLE12)- Update to v2.3.0: See http://wiki.qemu-project.org/ChangeLog/2.3 - Disable iotests for now- Update to v2.3.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.3- Update seabios_avoid_smbios_signature_string.patch with version applied upstream- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix s390x stoc instructions 0039-s390x-Fix-stoc-direction.patch- Update to v2.3.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (applied upstream): 0037-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch * Patches renamed: 0038-linux-user-Allocate-thunk-size-dyna.patch -> 0037-linux-user-Allocate-thunk-size-dyna.patch * Revert -rc3 change to disable seccomp on non-x86 architectures 0038-Revert-Revert-seccomp-tests-that-al.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix qemu-linux-user on powerpc * Patches added: 0038-linux-user-Allocate-thunk-size-dyna.patch- Split off qemu-testsuite.spec * Package check-report.html and check-report.xml * Enable quick iotests - Dropped 0030-net-Warn-about-default-MAC-address.patch The warning is relevant only for bridged setups, not for the default SLIRP based -net user / -netdev user setup, and it breaks output expectations of some iotests. * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches renamed: 0031-console-add-question-mark-escape-op.patch -> 0030-console-add-question-mark-escape-op.patch 0032-Make-char-muxer-more-robust-wrt-sma.patch -> 0031-Make-char-muxer-more-robust-wrt-sma.patch 0033-linux-user-lseek-explicitly-cast-no.patch -> 0032-linux-user-lseek-explicitly-cast-no.patch 0034-virtfs-proxy-helper-Provide-__u64-f.patch -> 0033-virtfs-proxy-helper-Provide-__u64-f.patch 0035-configure-Enable-PIE-for-ppc-and-pp.patch -> 0034-configure-Enable-PIE-for-ppc-and-pp.patch 0036-qtest-Increase-socket-timeout.patch -> 0035-qtest-Increase-socket-timeout.patch 0037-AIO-Reduce-number-of-threads-for-32.patch -> 0036-AIO-Reduce-number-of-threads-for-32.patch 0038-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch -> 0037-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch - Re-enable glusterfs on Factory (updated from v3.6.1 to v3.6.2) - Re-enable seccomp for armv7l (libseccomp submission pending)- Suppress seccomp for Factory armv7l (broken in libseccomp v2.2.0) - Disable glusterfs explicitly on Factory, SLE12 and before 13.1- Enable glusterfs and package as qemu-block-gluster glusterfs post-v3.5.3 and v3.6.1/v3.6.2 have switched the glusterfs-api.pc version incompatibly, so only 13.1+13.2 for now - Use macro for module Conflicts- Tidy configure options: * Move --enable-modules to build options * Sort libusb alphabetically * Explicitly enable attr, bluez, fdt, lzo, tpm, vhdx, vhost-net, vnc, xen-pci-passthrough * Enable bzip2 * Enable libssh2 where possible and package as qemu-block-ssh * Enable numa where a compatible numactl is available * Enable quorum where a compatible gnutls is available * Enable snappy where possible * Prepare to enable glusterfs * Explicitly enable the nop tracing backend (to be revisited) * Explicitly disable Archipelago, as we don't have libxseg and it's incompatibly GPL-3.0+ * Explicitly disable libiscsi, libnfs, netmap and rbd as we don't have packages * Drop deprecated --enable-virtio-blk-data-plane (now default)- Fix 64-bit TCG stores on 32-bit Big Endian hosts (ppc) 0038-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3- Update to v2.3.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (upstreamed): 0038-fw_cfg-test-Fix-test-path-to-includ.patch 0039-rcu-tests-fix-compilation-on-32-bit.patch- make check was failing due to a bogus SMBIOS signature being encountered within SeaBIOS. Avoid having that signature stored randomly within the SeaBIOS image. * seabios_avoid_smbios_signature_string.patch- Build x86 firmware only from 13.1 on (11.4 was broken, surpassing 128 KB) - Update to v2.3.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (upstreamed): 0038-linux-user-Fix-emulation-of-splice-.patch 0039-ide-fix-cmd_write_pio-when-nsectors.patch 0040-ide-fix-cmd_read_pio-when-nsectors-.patch 0041-ahci-Fix-sglist-offset-manipulation.patch 0042-ahci-test-improve-rw-buffer-pattern.patch 0045-linux-user-fix-broken-cpu_copy.patch * Patches renamed: 0043-fw_cfg-test-Fix-test-path-to-includ.patch -> 0038-fw_cfg-test-Fix-test-path-to-includ.patch 0044-rcu-tests-fix-compilation-on-32-bit.patch -> 0039-rcu-tests-fix-compilation-on-32-bit.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches added: 0045-linux-user-fix-broken-cpu_copy.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Make test path for fw_cfg-test unique (including architecture) 0043-fw_cfg-test-Fix-test-path-to-includ.patch * Fix rcu tests build on ppc (undefined reference to `__sync_fetch_and_add_8') 0044-rcu-tests-fix-compilation-on-32-bit.patch - Fix typo in SeaBIOS size check seabios_checkrom_typo.patch- Update to v2.3.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.3 * Updated update_git.sh accordingly * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * seabios_128kb.patch: Added patch to squeeze SeaBIOS into 128 KB with our gcc 4.8.3 (brogers@suse.com) - Renamed 0030-Legacy-Patch-kvm-qemu-preXX-report-.patch to 0030-net-Warn-about-default-MAC-address.patch: Suppress warning for accel=qtest, to sanitize make check results. - Added patches to fix ahci-test: 0039-ide-fix-cmd_write_pio-when-nsectors.patch 0040-ide-fix-cmd_read_pio-when-nsectors-.patch 0041-ahci-Fix-sglist-offset-manipulation.patch 0042-ahci-test-improve-rw-buffer-pattern.patch- Update company name in spec file templates - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches added: 0038-linux-user-Fix-emulation-of-splice-.patch- Add user kvm when installing guest-agent. - Use macro to update udev_rules when available- Fix packaging of e500 U-Boot - Don't rely on wildcard with explicit excludes- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches added: 0037-AIO-Reduce-number-of-threads-for-32.patch- Update to v2.2.0: See http://wiki.qemu-project.org/ChangeLog/2.2 * Updated DictZip and Tar block backends accordingly - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches dropped: 0015-target-arm-linux-user-no-tb_flush-o.patch (tb_flush() not called) 0037-tests-Don-t-run-qom-test-twice.patch (superseded) 0039-linux-user-Cast-validity-checks-on-.patch (helper function introduced) 0040-linux-user-Convert-blkpg-to-use-a-s.patch (upstreamed) * Patched renumbered: 0016-linux-user-Ignore-broken-loop-ioctl.patch -> 0015-linux-user-Ignore-broken-loop-ioctl.patch 0017-linux-user-lock-tcg.patch -> 0016-linux-user-lock-tcg.patch 0018-linux-user-Run-multi-threaded-code-.patch -> 0017-linux-user-Run-multi-threaded-code-.patch 0019-linux-user-lock-tb-flushing-too.patch -> 0018-linux-user-lock-tb-flushing-too.patch 0020-linux-user-Fake-proc-cpuinfo.patch -> 0019-linux-user-Fake-proc-cpuinfo.patch 0021-linux-user-implement-FS_IOC_GETFLAG.patch -> 0020-linux-user-implement-FS_IOC_GETFLAG.patch 0022-linux-user-implement-FS_IOC_SETFLAG.patch -> 0021-linux-user-implement-FS_IOC_SETFLAG.patch 0023-linux-user-XXX-disable-fiemap.patch -> 0022-linux-user-XXX-disable-fiemap.patch 0024-slirp-nooutgoing.patch -> 0023-slirp-nooutgoing.patch 0025-vnc-password-file-and-incoming-conn.patch -> 0024-vnc-password-file-and-incoming-conn.patch 0026-linux-user-add-more-blk-ioctls.patch -> 0025-linux-user-add-more-blk-ioctls.patch 0027-linux-user-use-target_ulong.patch -> 0026-linux-user-use-target_ulong.patch 0028-block-Add-support-for-DictZip-enabl.patch -> 0027-block-Add-support-for-DictZip-enabl.patch 0029-block-Add-tar-container-format.patch -> 0028-block-Add-tar-container-format.patch 0030-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0029-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0031-Legacy-Patch-kvm-qemu-preXX-report-.patch -> 0030-Legacy-Patch-kvm-qemu-preXX-report-.patch 0032-console-add-question-mark-escape-op.patch -> 0031-console-add-question-mark-escape-op.patch 0033-Make-char-muxer-more-robust-wrt-sma.patch -> 0032-Make-char-muxer-more-robust-wrt-sma.patch 0034-linux-user-lseek-explicitly-cast-no.patch -> 0033-linux-user-lseek-explicitly-cast-no.patch 0035-virtfs-proxy-helper-Provide-__u64-f.patch -> 0034-virtfs-proxy-helper-Provide-__u64-f.patch 0036-configure-Enable-PIE-for-ppc-and-pp.patch -> 0035-configure-Enable-PIE-for-ppc-and-pp.patch 0038-qtest-Increase-socket-timeout.patch -> 0036-qtest-Increase-socket-timeout.patch/bin/sh/bin/shs390zp32 1730278449 7.1.0-150500.49.24.17.1.0-150500.49.24.17.1.0-150500.49.24.1qemubridge.confanalyze-migration.pyqemu-edidqemu-imgqemu-ioqemu-keymapqemu-nbdqemu-pr-helperqemu-storage-daemonvmstate-static-checker.pyvmxcapqemu-bridge-helpervirtfs-proxy-helpervirtiofsdqemu-img.1.gzvirtfs-proxy-helper.1.gzqemu-nbd.8.gzqemu-pr-helper.8.gz/etc//etc/qemu//usr/bin//usr/lib//usr/share/man/man1//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:36268/SUSE_SLE-15-SP5_Update/b67c89015a6b2e3584ca9ce990e53a5a-qemu.SUSE_SLE-15-SP5_Updatedrpmxz5s390x-suse-linux  directoryASCII textPython script, ASCII text executableELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=bc0a47a9d05fd3f3541ba9712027e2b5707db844, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=1a7d9d5b2f9434ee6598a89a0b2d6a0464d1bd97, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=e75a40dda198f9d269b5f8520ec002f1f1344309, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=a458a75310ca93738d4a34c371e4bc2e56fee94a, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=d68e4575f0a61ebd9267f64c8e40adfc152a4cf9, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=7a9ef043aa7ad148b9b41b6abcca6d3266e8eaf6, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=cb9d2ff854b969fd1cfa2d7b3222645f1d568f7f, for GNU/Linux 3.2.0, strippedPython script, ASCII text executable, with very long linessetuid ELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=01d8855accb1ca5e95a530092796221a67d4ff37, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=4c0a49314b1baf738e32c34a6c44e7c583269f56, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=f4b73a8cb31a02566b32c99a861725776aaf1bd2, for GNU/Linux 3.2.0, strippedtroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix):^u$$'#'RR"R(R+R*R)R RRRRRRRR R RRRR!R'R R"R2R&RRR RRRRRR RRR RR RRRR+R(R)R*R1RRRRR!R%R8R7RR'R R"R2R&RRR RRRRRR RRR RR RRRR+R(R)R*R1RRRRR!R8R7RR%R'R R"R(R+R*R)R6R RRRRRRRR R RR5RRR!R'R R"R.R2R&RRR RRRRRR RRRR RR RRRR+R(R)R*RR-R1RRRR!R8R7RR%R'R R"R0R2R$R&R RRRRR RRR RR RRRR+R(R)R*RR/R#R1RRRRR!R%R'R R"R2R4R&RRR RRRRRR RRRR RR RRRR+R(R)R*RR1RRRR!R8R7RR%R3R'R RRR"R(R+R*R)R RRRRRRRR R RRRRR!R'R R"R(R+R*R)R RRRRRRRRR R RRRRR!R'R R"R(R+R*R)RR RRRR RRRRRR RR RR,RRRR!R'R bApo@multipath-toolsqemu-block-curlqemu-block-rbdutf-83becef0c89fd9c935e342e17d0cd76b1c7db88b1a2bb2b0464b05c0852f93249?7zXZ !t/]"k%K!j?INRgU&3΃H6C9zmKAͬlPbjn1ov]zHK-sVop)!n MuK\*:h KkdAb>3TX)O{~NsObR:2Bܪ>搇/^p뷠Wf},z!pw`Zko[s bt.ZFͬjioq߃^S`_M*3tu sHmsMKj%\ oi]Y )a_P̦1Jd|C{ Bĵ ٍ#)%vah!32<86C\Yt/']%ozL3Cum/"/ 2YO3EMnvZ.XbN>LNj]Mjx6pե^n+QaL!n1TI^mڗzįs雤f@§k!#.˻iJn8]E1ͭ!#nOG8O`zi'$wuQp:#-yv;Ħ z:mxWD_8qY~2L~ݺL3U}"n"?+vWYw\-H1*d.| n܉lA6j˾WnxQ dK9 9T9I3:TSؽ+5!}A U~x;XŌ%Y.NY/>~J(2N1ζKb-[&^1N}TZo VubԜ3!'ND94m~̤ N|FڍOs\hգVleM{},P-j]u6elKenoOZ0nOPV0^} Dȋ.,ul]ذk[Tah Dt?4u U%a_xzBf,PܶKT`gET,= HwU2JB骣qm>dH' UpK!!PZ* om1vI~qm]T=b, Ib!? k06(r2%$fVTo+H)$RtPɽ_+ja:_fG65[\~C|Cq*mE)s%D) $\ClVvzvliUhs|C),GjX\?7]P L(zԆ#j2$"eK;)u1]ƿ?*#L{>$Ea+CXc +p!Jq܏V0˥:12VTf֗t*6W"J&-t"r"CvD/y+m;2$SUZ? ^x7.(w6P+)v~ʴs:x!ҋ1}%kd>HDa{B{SO C̹Y#+F$T_ix%hl65H֎j/W4QkiQk#og]Hi "fuv{4ܞd]B.Ӗcojr XynACv2Ȣ=VVsdXDC)L_`^;kiz1#} xػc @4hV:NIXyNYPd@6>&$DPG5D/ Z>8Z>S]fGrkD?)M>j:z y'8Cg.)"oRE[yX 9gVztLYkN6cL#Z}=MژO8U'lm>ݭ]W?,@ cZ*sa^z}|ww}LGق_bhsԺ#6~&@nasnlD%UiIeoWȨH7@͘f<SP <(AWN#U".I\x.!ưt 2͸Ȟu6k\8 ucD!-fog1#̢8:`}VxO:3x.>$H%gSE0z"6]Q**O6]kV#> Y] rZ;#~J8Ŏμ4j(K“'g?2|TPX"&jA"U`[Qjv<H8%{׶+(/KS6L}Đj\ H\F؀P0oqmtݦ]uKf%Wy$˃&׺la؞ H.fF `3fȅo}x.t w3ˌ4c "}t0XV6WȲuߩyz2M i]s,lAc%gcGՒ8[~]vReD Hi LR^Ⱦ].N+ D3k!u:_3GG{v T+FYvnB?ͨt]]5u|:,kEپ+LG}Jʖ6uLU"8?41} mQ#owFѾef/VQ?:k5pY-ϠD+(h#k 'X]uY+YH>3Z\ymSҩ$cV)Bx,>.Z-ݭarc8U&@$c7Ws $Es{LT+.@c?gAf w̃ۮB;*Vg ,7Iur2 - ~d`ʻXj\a~W= lS&ӲU53crƄ#Č8kь)#SXs9{6G0rG-o|ԄCH:ҪP~Z^iZoD6ZU!tQ7]$a_Ӫ4L^CLfe?$sJ/8lۆY+=kx@#к`N|G}kPN@@CuNB-edm;TkWN%5i4Rr4sXᯥ1W:0WcX8~Vv^ZxnpYOICh)0ѱ?Н!6/D6 GbRQY+=@'69KbtVk$ ?{b h }K?za 뮓5CJ@+yéaAmНd)of , 8;sp~! ^x݌;-eü ߣ˱M!v[in]㨄kk$O$%]U guj1Ffy0 \ӧLNB_^Wa-˯p |\2:YYYi8uacQ''h[L9GMOH0d]GKRF5&3_n4[ Z pbpDCAҌ/rȶ\4ԩT( /MgFp"1!1_onts6Y67jaEi:.²~3-i%r'D`F~sPa,t&F3ߎm!P|'pwcVd[]c,]k~7J}$wRw#?2~&JEZqXcas1~WI'aprFa|A`x6W/̥p2TzOoG]JZ_Nc(NZpO\qn P`ٺ]GpX^ҵ2XGVvRd7CrStb|HsTw'%(ܛ3mu4EEi !n $B{jS #n kR4t=q"h#7kLJҚz]5R2 X߈B|ij8jPF+V=fg@?F7ۈαx㾦*ʄ'e7fn(t HPxk4D CI-R87DjYBl=' %F`!oCv0Fik6y āGo%9o Q6l ,!?+ N'ˏA1xK/gͨP,uzƐa8Deiv Rd їLPOvEXm>TP]Qav"VݒjV+EgY'y@gh`N'U|B(e !\Cª5>p%+$HpzLS/LFN!._;h27M7usi*@,X^Z(ӒOԵgb >jpf|tH*I-nٿ"{$QxQ?)a~aXESG]mip*g'h.!G/Jgf7\Q)3I2AtyE>^I:,Ey0N_voj>Ԋoop'\9X{-ǠH ɍ`BzɌdx4ssCa-`5+X y*mV][. |u'@*,_kC9|^LdJޟ47CMhZ,~jf%HE7EQrE|Mh_ͧ规Gq&j^<-xG&3@ӏH. =o\@7Q C& RpHɝ9*hH~gaHG(ey=+L37\|{NDcv ͟xi04J0m SdG,:j4bO!Yn o2B-dF|P,>h /%8)ru+3Ot |rj|sx` ahz DkQ=e9Q\]X rjfb<|V9h#n $a{:;sae,z"V@ecl&2|%DcbU#m˅hA,)ӻL>=1&Hg>J}<`IE;_-`V=Ga "u-Ӆ9;(4̇oA'{-Å,ÊNc}R-oFs+}[Dd*tE?^2 9"}rA}7OeN=P)~#eZ?q`Y:Dtn'4?xEj䔋g>qs %UV)b{&̅-xpy+gZK#}&Ҟȑs {AbAs/I?AտM@g !+rnag1c?i #K[,|ȓ>&fq*LҲ71Mw5 y7ΛCADZ Idtr/T]>\9h Piy*u }L h^z"7ym/J ;}}]ٳ9e;7aijuh kɘLDѭSh_.YrJ"M닾zuة@:Ckdj"pēZn3Ic mʖ4Qa膇DTls+G܇ˎgmV]e4`ܡTT)V3;%hFWYь^U-`8;bȞb|ֽQbH^|8ё#}XEZ.DkFPwd"9W]Ri sVYn_F;ѥp UPW+2O!QQ@.1ph̏ȀM"~(q#ХI1E(vI">|}o' ƛPq(*?@Ov0ʜgUrjizm|$g5 8˧ `^JX#P>@Ĵ2!c;?MWۧܠv=5Tjw<ruA2xU48bBzXS}EaH0#]=Kv6yMq6Դe;^7%VNm_i4B&S8Dx^RBqŞn)7eOW prd YɄiqyBra+$#u?G@^$lf?&JXrm! Bis멒_$;-zNfW/biU!ƟNl@H iNFhy$+c5"A>'J1 { kCexR9e4܍f)!=!c>'16_҃H#z:7==+j1JRmhy&FhX'J&a+ܑ"9rZWC' Ĺ f zMo(|ZvNhAU$ hB_6wodev@"~usZ7`, Eo 6ZĪR .ȖX "ơvpP刅@oAwsn3وa]rQP% xdJ m|yXSH!Zc%N 5A#rlcV^Q =(`V₻|?&LǯO^&@1alpfT--. |gjN((>Xl] x_$ߡ% ؞'[Ճ&6J #6JʅZNOxH)ZCߢtǵkY36vG 4S힮x};΄-t\;0$q_Op7-h)Cv9lEGpbe{c}> G[UK#Qێ{"'iRƼ4"zoR'Zl7zY5E-[Zi3 _NZ*m^\3ob3O%ƀHǶ "ȼڑxi>KI&t(B2G&!4x No7}@;;[k1 Z Ģ=Hw6H! Hcݪg@z` ?h[3!>]-9z/kʻidezӜ6CV2ނ١94;/ 6Fl]d$\Dpʨx!ێ2 AF^P{ @>H]λ`D{}Q*m6 {iZlb0O$#˘s&eZu@`mSŽZ9lA[ ^ݤX7??k"ymk{r LU1/BІgqH%&B%!E<ԹF|+.fCŦUp|!$՟\xb;*@V?x9R;8t(Y|-GK NϭvX5EX<"21,j5IRm4"%3JO\ƅ`!o.rJ5/pe:Ybš`v0` %[H1x^(`^;^Z ~_+ )2*#SKwm=Gtj|K]n W+ka$hCrt/%ґ')1(2 !YGE` E'lYF䛡=#:np!SMkufW㺔Kʀ $tD Z$gצ1rWN j ҚByWeŚr* ARE8BnwU ڸ.ʮGPpMɴ\?4?V%dF*!uZJ.B'q :Kݽk "S!weLVϽ٣BjP^v rݰG9f 'ȾͳFW8*~GktN?9W3mW*-l2Uw6Mk餤? C- X,Ms ]m ^pO,]Ԅof댿 &\v9m5J@R%\ 1œ#q &HmɆef[<4y\;[,\Р㹶cX W +1#:~P/OAο- OrRqٖD'M[З=91smB=+xߙ,kG]S 7zOKuLz\JG8UrxEOR^Ntl=JA޽Y~JB[ÍB:\0 Ŀ8kh5` rNY@&6*u!~/Np_]Ow+.|%rZfЉۀCXFehm mZZ -j `7M% zeδP*:K j?,†Fr ?;wIʫ5K6qk„#] Qze|=i)U![CK3,$W~8vj?oTʉ92G=(GLT;@A<6{su@*T6ďWb.wsUi&38_(Cᾍ漸ɤ_ZjУ7pk q[%и|v3"\*dCnK7&x_=W^ }.̘f>3@j/Ca|yZPZ GBCZŋ`w(cQAEj++қbi@5nU#{<˅ci wAmFo6*NEKsY9})q1:Np 6\PlvIDRqj??n}Omw8D!|fct-z8&Nvv&=_>vU *M(@nǦ+ģbJH\gzN*_>hX=$[ ;VO**k[$sʦ0kΙBm_`6eFcdլ -&Rp= }V#s#! 6_,*`(ORݭt\es{`qm>@&ȑ`QMޚ4-YSW{WCI\(0: S7JU]k"y{c)*Jgpfw}#/{L4O2`ӱzUMFd)Fr܉h>Iaa<0xaJك08\cYO)20HE]0B_wrg7Ή8+1_p4pAA2D:p$hT pt}Y kF2Y$ZR[g|y/yB//xAV:l''9 obxu7w.-Wǩ\@!ZJ[Qd-Ouzw RD+jׁK_Y[uRvAJi=ߜHzQR3'Ee/7}nk9?}9)觉+}qbQf6}Z/+Zlo0)Ruֽf轗7}2[Kr:; hſ򧷔``9Ӑ<e&,^@oOv!YW>6 _B~0Y mH=3BOqumH+g53⧿H4Z#|#. =4A"O+O 1pv>u&e) `ݦ0;4e}Mp;o2P#ұĞxYmS| Qg=c7NWo6> \W)C&#wkSȞ &a5UVtS+gL; En= z?]%;&οS3PѺb"7S[e/8=jgф< 8 8r2/N@(=czt ļzJنHi<{'82;_q.rbyk,mѹf`iVl6Qh.wI;l )N6P#d4DǢ寁(D0w9 ;yPy%dvE`瘥.-u\z4?nJ5B;']3i;:)qWłekq"H !'<5]@)ŏ 4Ǘ\. .{Zq" _Ͳ˥{PtS% "w4C!A)h>v?8&RdYޢO GUjėb?}~o\N;޳NhN&w0lU%l<)K&-= y &@|RԨ(m*#TIcA64ZgC~)P_.]rńmc,ǡjsF$swQs%vH]ѓnnIh"P͇w Х _D:@;q%cU{'FIjΒ,_3fpإ=s6E3ZKX`]c"3i_l 򚟈Kj_@Ȑ\ |Lġfflu^dOMcRX0j XV$̓E|G0=ЪWd${1"){$n+ p{ЃT%9v?L7ZuU.a'w7Z-A>;u{^HYc-k#VT T41ɔf@[$tvZtxDM{ ٷg1abί08&DSf م3@:ٜD '!EZ8]=o}`'9 *'dEυ6o!6V''jiXVďheL9~|u+5F8SG/M$̍ܘ7"Trzb0I{]:f VlY>B$CmXS_tĘȟ,d gu\XhX=J!q^ C_:F6[5 &m/bEAvNs*Nk/Ae+Bc͵aV+kkϧ%Dڃ=Xd/d@>>(kVuo `([i}7=~b86Кe\W#t$rD遱fDR;_`)fU*7HS*gu00O2̋*D*X6~=[<^L{iie@w^ٖeyVMpa!F7~Gn餦an"v'(%`U:ŽM~rɧ 2\rom`³S.Q.tL2"b]5xw,?-xBbv䛰kEE7(Z9.\qr@?i KBJ]q6lrj". ck^$1 K?w ZlMLд3ahQbQIAXyn(3X3`ZT?:u^̠"~QJĂht ʤd y¤7AʣN߼=~" YVh`2Tߥ`L\&sFlD~w+y~!"H8%ޖ]\feӾhc,3b 4d#`]t;F:E0~DPM2ZL:F Uyȼ}ķujin3ThB[*p͡ Ln'V[ mj%lT,xq!1w0V?$y5@F5|#i*E'{ʮ JK/GuHT߼~_)`_ALe2DmK}E_FaM{ c\$s"V9{`Bwe:# p}ͦl}E8F6_CH!5Gi(n{ik\h^(Jb%y>hV2 irޑ]~`ql#Ɩz>G>An*O2ԓ͑VVZlF/'(ɍ&BƼiҧ 5RQh:uَx,θglpxvPkj)7d'dZĀZvA &̒@YĩQJ"CR ZleԁnxƔK, H%?SL__4{?ix2k^:@C\e*փ͆0iG߂0jXi# R zu7m@&XDŽ:&XGdB8ox·6NJRƖ\=mxMD+*,B{/%>>xYKl78@ a2wC,óW}z#i֗"3h$<)6\m!r6.EUL< P0 ]WU2ȑdqz+Hr6ye&m<}O79LΧN;N@|SP5Y5!(dW(C&UQk`0^ÃvAaJh8gwkAuYet^ѹ@SdDAmNŦ\y7H t",ot19l3Pl>)-g{[m x0QUŎ1xf@ԾvX|r 7* 6Li0B1k}=i=iS2$~U.et⠮{}]LOƽ.v}+ӯV%dNuMmYv@J37S픛Jݳ*lgQ[E;ZM 'jI\p ÞQS;8|^Qt}+8LQLzSFǏyBZF>[2a ⮳"6 ]C_/1k7[ /ĩXxY'寵6@O;#y5.KF@7QëYlZ3Tnm-fN;_^M}¶շM!/ :٠6R[0'bjԱ$HUw_Di٣฿5 M f7}8gSU>w]U([%ɮlCmr$]1VD9&ƷQrg;ј?tU=-"2Y_~ nڵ$ ~0!|]=Sv]0aOBTw {T ;I "txHWҲ8hL{>O?=*/VT Q aCt](lZl]1D`~ VOG\a"W!UpFaɳ8cBL/O}, 6˧BZq!I{źnq5pClR'eH^4=H1 9 <( ܶQ>c 8Dlf`̒+ td߻&liLF|t^/sNKLE>':2~d.Awcozg rr/Z_A\>M X_dh_\ p8]`H_ԚgX˲ Lղ}[tB4^NPa3h3]}rRgJұVE;I_2@k,~GQ=10Ő4kF /swϲ-ː٠WUFð6"\-^!*pJ"H+kxf5Z[hO-*sFENG *n4Yt *$&m!D* \ r55i ='s y Y[p@cQw٭seEs} N[\27_{C+.ZplEf0|fEGL#76>5!ʏ_hdO$0̓>s[:: R7Ϟ oXa":?h#N-\@Ur fZ SЯgȯdJ0޴vR>~ \8 sx*j!#w29ev|nwo]wwY*5VD5zc}D㘐J[1WAoya(o ZF "핂tu*~%Oky3Yrm%5=IDKKt}ne1ɫa*^.MפAVȐ3`LW@KbFK2oѦ._]t&UXXAcG*#}|.ʚI|S[*fUrD<(["#+ʥ {j˹G/jيp^"`a.^J~l:s3~ \B3D)9u˺ж?&"?,3QwK5>G{a1ea.tme=fH3)ךJ4NvvIO /Ըߖ$}`OdQRO]+2}i>hߩ\jQǗ` [?H@*C,RcH1@p˔lpQLS8旒M+m |1 aCwMx 2-!.qŤs$ Wݨ'׺ڒL-ڞZ+aĵH)n,vaD%/ u|#S5R6PlWUX$*W~` z s: Brrӹ34Rh.R LZNfH斷G{||M)60ߓ_ǸnkapڝABhafJ^ AQNi2D Rry   ?/0m rgŤ.nϬ(!'m]pQ@Nk#H$cl6jW/dyNpl{zapތ#P%B;+f#{ J?߳==d4O\J"|| ᖓ.k9Pܠfz1 ZK`ڸ(dPjjN3ܿ=鑤1H6_L#xm~4D080flu$QQp4}յ{N d5>S>auE7/R#nèSSᘹh#ltL ^$&a's7^ci#ci %sƫG\ l]>Q}mfϫC3ni &4̃Qy1#w;,jɏ.hy𮰥A(S)qn7L!P8qcq [+E$pY)Ok=,xs?N$VWfַF$}. &FDl9Ny %x(ڒ)ȆI3dcv@_r5zSvRՂ!lCɴх;\Wps6Tp5m\)[МyGZQCGX]X)Z\X%OX(Xa;U PQ1"x4fR2 }xXn0zXHow !> ]B4Z0!%{岵>m=~`e@=[ 7'%c{*lrUi:F|5[dNAvJh%VY`Z>r5/p4oݙ|*ܫlBZ`H"=:VF=aymʃur#BmKQgíSdn*e@r6Hș8X)x(^ɋFc7%NҐE8D[ QCS2DRv5GU>~` ^!%e5$ r.eg%!.ŔMj\I4ZJKD|M=i]OvahN@!(} d\&!o8hS3Q=z39'i^%MuK8>9/>:U0A]nN.;&;d_*Sv^je#?Ͷa#>M`X4!LxӎN$,rܫiv1}: YN`#|y}"2SJH3#j霶t:M Z &JJQ߈ vB|@`.[m_ (\50I,Tq ẍKRrpt֦lB&&:n fVw}xg hN ts-E/$MJ%!m84miTuq%YSk!G]mu0 WuR3OV/VD8,M?@">wM!*/FͮM9l3o/x\nزkr(dOjpv3jմAs<|XO}Qg0'B%[t[|4c?b/5{5m_v.҈<&shs}8@ n!feĘ; SńKwh52\:.f+z ]egXn'o)}1 *C\yVrX&ROm."x~埱mJvV5mo]+>>j ([Elڲ;R}MVJ+O$f0ljssl@C<:V9 z$#[~ ȧ[wr {KW17J4iir&eeoiޢ94$w8{hnŷ@M ` )߯ Ɯ-Kh{yv7#KE켠[<ܮ_hlaAt8qX(bgO Uۦ@̕<_Pхt}ӱ[Bsd1O#@{ U(͒ jLRrb8q['2S՘h dn%6hhѐJ$ON]nt/_XIIpV sv#U`R;@2Ba6JSxbHBžu/qA絅9*>46ó7uSZ09̟n-KyҌS^E̳Fڠ{VHur#X,0?tI> bp퇔֪_B7mv[PTMEag,ɯL4fb-,,] f n9Eل^;xdЄ'K xq[JS5M7 _a ii~>#Ar_5CUX vyjct"`e̦up><AV:ob*&ףc'5hKoTQgyxܖoQ[̺! *DVR!I>85*-`1_Fp3]<i;NM,5&70CwC | `)^S HB AK+?7GnpMQp|o.xv8dףM"=77 7kĠ4*Bv[ 2wk2Ս&vϙ{Hf&-r]B#/MJ|{VP,WaPBsb0Qù*A G`Sz)Z@D;F|)CNvޙTDYG0`Z|w+OVMì )ai &pgVF$>}+\VhHWiVj 삑VCo@ OņSU`u RqA3$0cT"$:?sU"J&߁,#jUSFn;bçOIbk9kWqF12Ybj8FZR-&|"KT(@V>:xV/ꧪ!ĩ;HJ3G TAr&Fyy.&SuT8\rgD NTfjK"Dq^ PRS's$ӳ+'ȣ 8WRF2G"0xN4_8#jBsuR0;s$ח+ ?RI?6Ã/LpΪx\[6JA6vyf+i0"ߗAӫ--8團G 4z UkjQ$P\<#a٢t' ?e[pzJ>]ʨ'%:6?Dxt퐌ȢWIjEV)yX*tkd;MIUv ī;sc ͣƞŚF~Zovǟ ºPʘ„NT%hMٲIQ3w^&܊ (bEb9eʖG@9HAߑtJ  6Plr`9uq2 -asiyN{djDv7(]W:DzZNoel$\S浇k\+tqL~Q s4:1ZO^ݚrpgҔef:+鰴6KwtvpgaO>ƾ#).s-prW+G *f=-4e1wيq)T5:[/(Z;nC<'&Q'bh7]Puƹ_mU85rzԉeH TrCz?PN8΂ѐI"{e@>/ Aʡ$ gK4h#S[مB!te</b]":׻-߄I>Lgbu1VN2"϶诟ɡ=iP8w!w`Ӆz/|!m6?kvj}=Q[eXS/p b/an5"uhRջWbh? 'Ά0d QR V#DsU[NpaVh7֛4jK ![0^63υ+|y^5~q|p^]N(eҳ 2;I$+%yc"7T&˥Ҫ*"fU&srA @#g.?Փg$#Bĵp fq՚;|DF+8Hv4 ␔,$?Vo͆3QL!ʔa|vh>~I92F.y1dpS6]3tXYu+ɵ$s,61PgԱƊZ9uו7g%?.hZbcu'0GVh{c:3̟xB>d $ICOH" sbFc`b^T i/@69@Mlr~l_Gg`sCFS!7Zx#bH~ YE`Mol*q(M{]fP6/?1с<2LC3UCi }zuԿќHB6hfAEpEȌ*ߌoX>]MX~8F|Ah 1 8FSؖ WJf9a<W$:!.pHA^Uh? q3hDxsS $gtys#sh$M\1H5vFLz]~nji"X㉓HM?ţ,3`i2&$`͋=Dy\nL;(Bdm0HWݘ \j j^vJ~PQ6SW$ R@ $I]3#!R&]BD⪨&Mأ^,y=leeaalO(ޥ,>\e ~FMDqJ, Q4|y?9=ۓ0 .`|v}Dh($rXI;f^VLbښa]$dS Y&*dSb.C 錱C;b־0jWB?HN5q sa*BC6 BaA>:~W= J.$"Ҧy$hgY&@?r/fޟT"mRpbpH(|j7~;xz;'5T6+(߆z*X$#%nqdНݪ \c}uusႋMvb;ASp/cVb{q(I4m\|Y?'`&@`x<1 xFQeaO:Rݑ|9 4W,m5\}&=/ TAjUR}BM_9_I@ʶ|$Y4-]tAQ4`mBj< vJml *I}Eabnu|c!K70-DXw; \LbQ%J!  n#C2k߈sej0NOe "@G T9!`noW2B'm&:E5$WΉf4iXgU]u)DnD<hZ"ijR XJ4YO/ϩ=.V%%>}Momv ib@0qǢ+Vr~fìxHP;rmiC‚vg#k]Ǒ0eCRa:֘vHXCL:;xGm2.LAˁ7,4LawW knOD x]N>8~ {=tx(a-K<:S} 08m1b&D%Qk0׾"G2f})t^į5˟AZu!V;V$P5J߽IQC9+]?/iMda&m1o^Z&X6k8BC~{Xx߆|G2UHAF;~_en1d,|0f9^= Ֆ.*%&aZiaeyRԔc=2`$Lsϐ moHU3 _ R͢-X-|Kw|D}A҂!?O>zGA^lg<(| 6q,2h.@@FIjOP4<ݜa,.>#[ ֎%`KTKPޞGv!&Nzpc2@'ʓ ZIoO^9L û#؛Xokd%{3 3LiABЧi@CqWo '4۱SXqrO qhxbWo2#ʨ\|^D4Lbܨ"Qp6)]u\7Uyfj)f㙍v^b(ML7s'r垁RM@<13-bP"8*k,U>OQgSJUG(词fOF$>DAjXF7>n>vmkR:"*ra60 b22ql^-IsBuMVMH("%53y>^@ԘXhy(s^DsRögo+ZN3YCgF\_BF_25 W'-5썃~`q^GsjвF9ʔZ[3sD:/ޱ3,sE~0é]´^y`Q~зɮc[C)5.0Y/@wā(nPu)R0Tr& )-l\^淢|Np(̺9tQ>p42LN;^?ds9FOf왍=?<ȗuճ jJ4JvOV?7̜*Y!f;缁=q%Ǜ X6^lsRSQo H cPA8''. 2J<*O!K ' c6Iu1d)[.{빈a](><FAoQuWHXo&|U" h܅hd×Zl5 kTkGY߾z@p{&Ɔx>RV]㹆Ϫ,6ޚ xu\$n.[)$χԖZ?zuM,V&(6 E%9) -zT+ޏ2hCKKRcx+Zvn 9-|X(Gw<  >tbwJ^]jEl fWW7HSkZ6y x4VNui~YEX//+wM tJ%oچeX[Kخ*荒|(*J7Їc߬ʖhi0 6+iO _Nt++usk<41; ft*IX"tl|y&1,kbu-}.줫{] 3Ǜo|;APWtκ[kocQPVNM*:}p!;z8ɂf:9[`yH"z=Vr3]*FQa┸5Jf:_Ǘ$]BMb\MJiqF6'%^Q?qa ξ5՜:a, "ļ_]Kf[wHkHPkTN!8eHy Rܐ-nk Y>9xf"[2o 1.\r! |TfF!qc 1ѥCyK]WDΓj"柷vN^XT'쬿\1y8#\lHwN"ii=FBBuL<%HH< zGaW2)eKjJC5)bw>fd.{hSHW{O˳`Ŷ`7'sW\VR7Iv^7S6.yvN3ƔtP!|͞hWVAe4Jj?yRr#Ϗ9>| tW8F㤡]VLxs)ֹ1H qs;!^6抩f-_APӰ^}ql*AEY$)/.w!1<3h"8SOv ;a$IȠ"\ظT6n@EeW|w,d^Ml@5d^4r"o#e-"$䦺\ċ' {NaFOU7ٖ `}a?HE$`ϥ.< oZaonG20Q5¨ti*QR>`k<:j M[G7f*$lbzҴEG1DY'-r_Ja~+]EE +O ~Y?5%d)ԚP +r#@C 7.l 4ǵO&8=%""bBf_dӿŸiƥ9pmS G$sôNR2dΈZ%bDѯXA&|4S7~2+lNL?H5N%kBx̫kL ,H̼5>.fΚ moRb<Ǻfum >v!]ߴ൘9  },yKtwrYJ#8󌐥iLs7W2>G_?:yME9ZXΩKPO9T-*3w;vrju`Q)Hq>ȇNŦ'mafDDI`?J?p$,ƬQ70n voERP1#K}ȿY|3p0NyDuVD5qGq!AB(H1.{AY ^.T.3UDȎg8r"T]KMWqӤ7Xyy>[ꕡDrdlao%rdjrߜ/GƬb˜6j쩏lc<-A PjLr~A&ɞϬ!cP>`Ծبv{NǘwcSIsJtW!I%*TUq1\-r`ƶGpn3Gk񸈋b6i.|I:b~ CI>?S xߕ{D#{z`@=:^[Jy'[7#}5YTU1Cf'*!4p|9ƙln4ľքˠ49m.qĮ+^Jd{> DJ=o +S COaGB/1P2,i}?L4<b^ 'j!`Aiں{OWO\-T,`a/ A1|؛g%6wz"}5 5PWI҆* T9NdiX gyZ:} -[(ǥfr0M=7E";ECcRH܂ht΅9z83k[WH)v2 E _ԝRMi(+NfHh)ʳHVE3 φpLvwF [Dl 6` wJˏ#IV mߜ"|*=$y>&gwSv`3t<*JI#y5l`n(u B"ĭ[ T!V怼qNnF]9MqH nZb>buX?ä~``Sߴۗ~m_+n0 rìē3:=uqs?j'|;Ұ,OJ#iD/k* #cgmʎ^;T(?DZ?Ob̄VJ[j !"MR-F8 ?،e*a$jbF7XSNq} ^H{6%s.^dZ/RCĀw괛{E25fw1P,g@?׬c9 9㴂>o񷂼4<==A ?{z2ȁ3>^om GqIi V[kmA:U7 1;)jwgL"U )cSt&`)%>|:%ʹKL>w)M{hf-m?ߢc4 -m`E N lWլDeq>Bc%p,i]DWS[&*NYeH>aHfZ'ZH &]\i0>!Mȩz7|[6&&Vdb lҼGBPKtE T" V/ (vۃ{hMP0J O&Ub_]u\[| >&^r>II.Z& WeY7M2]nGb|$&= -; !'{+OY| :o&z']Ty P\-L_&%?DMz41tՔ< ^LMǜ-"Āਃ!_]x8"kqҝ C$tղv1wҖV85l0Irg/4Z%̅Ioc)ʧ0Hhv >NjuWz}ϊ\8H@YWh@څ`},{P@-zG#?Ѝ0C2MUo#dPhr,Žp j~)d$NcMԭI 0"j퐾v77&BvLLK53сiZIH`ʽyߞiR1mT؍@ A3͔&Z$ 8泖Zb@/Q@[EcJK$81fm8TS?؜f[YoW sJb)˖O)VK̆긠Q}Zu{OZgt3K,  RNEx6~:J.0[dҨwOm}u/`%b`Fimȳ 9j.pю>kjÔp >'!뤫!oݍ#;wqkag9#ƐrK>җJ/8>+Tx @Po/nMB}'D1F G3༒|QCqwО5 ͣ "d-G|n)ۏocq4YْWE zjMbliF=Y?W+dUPH-: e)o}PFN3SX*zus /³xp#?=>B\;ؑ=7xkg?Gd.o_jZ˃أNhx_?>s'Zl"^Ob+9wBuĴ5q&yJl-5Ӟvw~\J9{)6[xh*Fp{U}X`:7g >IѮ?T%YwZXwQ2.UW&3}*,,3f1LU[g-D5uiGyHj 6]VN*mбyC[69-/1BVb{(=NO,CfSGغclIu5{!.ݻ5kӴ `>۵H#i)wѵ뤢,kmql^o]]uYaHV K]P>kOd6 ?5Q5&Q镢!9ئeUz8bfFY=HL?" ˠf;tKV FHˎmUyK^؍gUʓ};mLetMs݉JƙE CK5v77ox$CD9@ڦE"ke2[]-e+oT5QB&"͖`\$pAwuˌu*)x؏AO$ZaVlhݱ}a}'kz / owX89k]oEŎPcAN* !IɳZكALS KY?muӗ%Ur ҂ MA*pp-ߺ)%#܅nHqi􌐕6=VvN%dBK\xć!R<1$3u͖c2Y1dUvy@Ʀwrֲ4eZjA 5a׮'S/&`&/!Ϻp=P i_:ut(W F96Q"¸1]үɲ* VsǴt!Us/K@0#̇'<:Ej׵ yhVȊ$ARnF%@>~U;$@Ieۜv x5R뇮kzS[*P%n"ȱaqsgOPĂ<#ȯu5.1GLUa#OWP[hnuͥ!CG3xYp(}{p#eV|4@Q]]Tp;KnU^Eh0"݅O^nxu`'q8uL/x+l>våF UrTw,IEN\9oBHF gcZO PszF.HDԼ2c?n@y#܆ o-ܚe/~>ԌQ TOzJ*I~ٟN);~EOYב 9&6 s_irЪY΋,kaS7 5q9>8 0Tz%VDt(=~RcF\lrygw[J 0^Mr O1U8Mo^6Uyύ?0/TrDp=@_UKUcbA(]b,ẽ,ZPnϐ5e9ˇyAYw704/.-4U'OJAF-.~ҸPa hPd'Lzq -4p',zuEs<,A`5•۵Ө>%vbCt_ٍrV Ng w<wB~ 9XSSCa۪q:p$Wl!H{ZДֹ۴_ʤńHb~y xI]=%mKGus6bcRKen.Gpjyw#|ENI1Nt3 ?C~.yU~3LQ_FS•3iPwݸ/.Ew하I=d |dIz!i#F3)zZ?@<զ#vC.j=Aw;9[y7m6c5!movk#mTc-rs0qxvrG N,={tPI&_vXtsQ0Y} 3 lA,NSoZ^.ו(>P-T7ݓ9Fv\鯭VKhIa2D1+4xmpBPS|ӜwB@H@ȌWĢ_sSL7%z(rMm~W*~!`8q+fdX3Bdr38h6Oq!BR5}Y)8XQ 5i!e4c WL`+E<~*YT7&33+p[(OsQsX؍mh>[pxy^WRџ[4+] ڭ8v@pE*3$/=L_(*&mvċ|շ/|yYxc}^VѪ<M{nY .[] >YR6i ϜNݎyeu@pHĈ G1`+C]- _4-,?/yj(.eDL{{=N4YMϐ$T,_RZT<&ߚA%9^pSw'h_5@H6fьjC`ϳ/D7uK5g 73*F/‰2])5:}| ԗj4Mju'o]%Πû?̃S`s\6b1 W%jo)tRHpU\k$I^sp!p, nЛ!d8.(8R~¥e|$L^ ORy~]mg$wjUo I׀< ujǭỳ@At<>G5 Ytnj3ĝ;688\nWvm˙G?]ǼA~:ÀJj/x[r&~wF1IH9 X?V`ÙZ_{܏f%MLBP< id뜒{K+ XUU燚-P&lsK{c7!~,UYyꉖ ɵV&nx@n~9/Oep7˚Ari$u[}2cGF)!3HUDMeqN-3x/}PExAQ!v8|.[kn7{Elt%ӯ>WRQ2ߑasƾ@GnNƛ*5&Py\}w%PbWPig 'Hx9~+!HKB-?dI٭ub琊W{+K@8?57@݊;ʓkSP2 Mu_{#2 fomZ<:'7M1 ʁ]$5'~bk=Qj_W?O j)BLPz㾛H/0 P:kX ]b{Sf*ס["H@HTɥ|;"f/V?Y0~|Aș+(E#$ !'ٿsBSځ}ql] EЎ&Z6P]J,ByCGP}m>7Gn?1Po_+O3Z6꥕4o_3a`k,C>Â@ܬ#2~ ZP$cU"X|Ƿ|U7'\E>(@)V^c?I!ql5aȵ>&@h`MM懞0UbBb7e'û- Nx!sR7hXi'P<.opƤAK5dwګm/Lטn7#w1Hvz!m(<)48Xdt=ڱ4Y1܈H@} =g_28Љ_-Fh-4Z@ bͷ4ECV?r,r(WdA_ضjڴcfmsꇾԋ ʅ7K 'O{)~Q4tSn2xN&( W-5e% 8BmYF?0珪0juC͖qfXJ;< ȉ=mHۂ~U;M(Px)"FwilDLnu:ԫ:J\HCwWBk;C7#H^3N3TagV,>jۘFBXI=j*uL $_KvCh VMA9PU =R y2Sz{[lG8zUQpY?o?̹ٷcImnxFp?|6H<^Kc.5Dp=x瘡e6ӋBJ( 1nm74(M*ooyi,ŧX L%}w"lǁ x3`XٻfIIe1 "@C ң/Y]c~U 䂻M3-PT|; 7ߏY%[CA굇'TF2uȍu߳ȱ \L$a $!3 qBpQVߟ+IYpW'(Q}Ar2:~uaA;w+8I(׸x6=0uqpksPa\ߑiuR=#0(z *%Be_( :?Йg#6y>w &iGtSBEdA;Wߺ@ֆ r}Ȕba*<Ў ե*3b$q\wGx.vM 0{s+IYD+p*^iVX'H&ב/3*'kɤYX0d 1{j G N2=聯o'|D% -OKfzUKU&u&j)V k@$tT)e?'5^a'UgW*qe"웏 YۚfI]$ tlrqp~hFjIr<2mpߏ%akKx" ?';GNgi}6ˑ ^-h%_I#[붆Y,.ҲZC}._(~e 0Ml} ]*iH-$OWFZU% @܈ݗuQ0'L&7}E1|Mg1c`?謳~2|IbEApMK0WA4\ǽ?G,@@b;ĀN{ʿ#ӧ 39CLt#x}Äs#ro7ԿfGiIe,hqpGXhKQѧ]5@yDY^SdzTNDgBbo'`̃lEز xXe<Qvg3ӷo#52X*-y}PS˶C֕j~B*'?+Ǻm?OR%"a8 X>! |[E'S߬gX#6ɶz TP@ `~eq@@gͿ:t r 77 #-Q"*l@ƢYyɕA۝MOB[!FPj'\2P|s*JJzNDWqGl m|< 0C,h&IE-T㒟K 7t3l㭗Av T̛`}GqԫOHi>b;rU@~aqEʈgu!TB휵e<nMtj 4B0CPЊՐl.^&%:^]<P=~Zr) 佒3{w~!t8-;e2獍^w~\7vs`V'~̅]3Fw5ߩsJD=($}}C͘cYT;cog#$6"՛^&):c)Sp90du53$*Klmky:*jM@Vdy SR*u3k=$NdZ]kP)Ս! 2G>YS9(I@Hꪕbfj *`i 4dyT[Jx 6bڇ&6Ӳ§58Z&TJAf;WejO|1 lT,[WE$]MFYg'haۃG!ȭ]iJ 8al4mͦ|@sZCg  )M6ق8}g!KBI0l=odm?N:uկ@1"|&]HkX[%mR}>TPVk*Iv6Bp8Kє AÒT(%::ImNi'>ꓰaB&jsة"C-j4ǁpsX fZ{SY](lp_7|o.Qi:Ŋ͔P*O zs\lr0T~+D@KFB@m=ϔFS$7 BHmc{m<niD~K^6_;ʊXeׇ;:˵rp]C3ѱl0zLk`{R6;4go- s.HFoܴGww˄ yK3ŕ֚uSA~D4^8pF= ~&K-&^)z6JH¾{MhL,#'m1q)4F)S"ة13e7oPHuי X_Z.$}YqOF|*h#IlO/k^ n[Ԁ oK`L%p\ldb$| 2?hl>UB+7DQThe0rz3_O&c~Mϧ͋OhW3قc:a{rY_$U/@;C a5NZ ;%mՈ~G )/p"H~N^.κ9ٓi]5j@^gϹ"{ M_=/Fn;266 @g7xlmg\TzI+] 7!\].Ŗ.d7P/yK1y.}&Vct/-+Syk~`ੑa@|yĬ~W`$򜖂Ys Hl1*2( U@G#?=][c>]a!?fUmu[*MUA(Mv!dab~Xv XGrˢxSie"AMHG sؐhҖ9Ub~ȓǧ`8vz}jt%<=Q#5<}MKr* p{T0>n:N ޝF-SmC»~$WAq0$S{9FVGҐ|n5:fV ^qE\JX8Ó)&5JK^,+`M `*IE44 g- /vew)Җ85_={f bRޗO)-N2k$Fg,Uk\H|TN2qbF; $KtlseW?Qj'BHPAvtp2wp{Y?I |H ޘ/@(byL Zj]QCHffY7rq>f$GNY{ $uPb(.<٧%Ps0E& .I3X&1D{!xDz\IQ<͘ ſ?Q+B֍Aq"@!j3wE//=xFzѫh.p_]Il6ڕ%<S;wZxvH;O&ͯjo8kADo>$vMbEp` EWAt [ }.f߷*g#0rIFɅ&tm̸WdG(oV%u#ArQ?SkɶuLrùgى@<7IgK0,=JuXU*6Zw[& Bc0ǿĨ,>"G~TYc+xˏ 5;A0QSf˹խϰ(gSfJ~p}u&q(k*1:QȄ'G:4GT١`D=lcw7gWyKMk:kItUʛWLGx]jq *a<B~\w_ 80&}qyl76 ־Q|_CVIsB o4FN1wz!?s ^-!F<}o&ϓoR4AASc4Sun㼒u+lۘEjÒG1#jMnN^#k:g0iL*+DPRflKAvҾXb)b?tSk9\, o9z SW^,(VXgoi48tGHc+]Df /B*i>t Cg1fYѤLG3O @J$zAAҎ2j3~*#M蕊vx*⠢}oRxJ<N2]CESO0؉rzJ>Gv%3Qڼ/D魊5?s_Ýŀ[˻>HxGݐH'Na7FTV})62= R${lsXӈAh̗> GU>rո: B<[}[ xۦAc3Yy4pGMtR)@b\xr''D]YmחtiaC_,Ծ|'H&b)]p a5>=>7$8يvlxԽ5nL#COږ=cn$˜o=(tN`5?".}e;`[83O3MRH%Ϫy ~ߑtE6Y [ 2 `96coy\"~A\G &h55XkC gp ]jlΠt7CLz $;{$tZGL*:Ʌ#;#v<}^- m1燠X={|fН|?``7k!dOK(JD#4#-(ar ,iZϞ@=@ZsRNێeoY4~p )d: p\0B* %ڵVzu(edlco ֻl1`ܠaVkCD >A}jѓ~&+m$q5kKK7TM8e2ZU$Ũ49ɿܗ@('PylGYAyiY-Asbb|xv_l N#ᖌ񤜢m>#iIUuJjc%cY:&FV͉}.?:'Y򅔁WƷٷl[5~f'6L-@^^||,Bů+F٭|?sbHALs,K4;xdB!i# T+/. Muix h+.x3Lɕ 8 cOE9pBc3c I B&pWMiGݵTpə/z1`G6։|7dZW}kM2E|n Hudm>lIo;d&2Ew# :nv0Z[Sx/hv{"YHڐ۵}b L^Mrr>JCʘ8E r(|v8,i2TUy '`!g@OREgqړ)KMY5p3ek|6dOd鴈:9E50πM&.a7bPyEkhG$\@brw Ly kw[ce=kx3RF?h`Uq9 t6?rZ B- {8=1wMl&ef것UGZ'%RF[eý_>nUOeo8_#CC&Wa{E2g)D}n!YCܻ5?é|}h/1ѯkh7Lg@ԇ:p9E7l< <;Z;oK񖞔J<5{ F=FCUͮX鼂xӀ[;6~?Ѳ:A!8u++7%X6ͩﳖ"Ҋ~ql$kgj8}- ~; }馽K'9~iS\?ĀjӜG: ^56Vo[^d̔(ڪ/.kkđ:˺ZnO<ӯw/wgx@jZ^s1ek$#H8E WIJ.|*$pkadNy۠ތ@0J:qҰ暅Bp)|FE>fAr/;C`h 2V͛<MSL}2cZ9y/e:3n)S*.>S1P QxKLD_$UOh%VaVQ[GMe YOjs]? '[1J ![Hzu'IYTq!7qkDy[*2CGS|խe MHMu޲W7h+͗ߔtͦZ0fx!qg30RT07FPM$z7E]‹?i*Z#x>PHVlGYVz.{{x:ѿPq*)*MԝC+nh)G1ʜOx[Lvº?o xMs/^L>aSSBvJH.|Wd b0>Ey2jv# W !ijK]_>%W }8+7ih!t}oE%O4 @$CIU]odMw;{+#)1a]?:|Fʩ>^P!d?x{KY}8#ex{mkĉY4 T>l q >4M\3k#a\bu?Vķ4uwA7%ǀaߐ9]m?: P&u%.+כĝ 2RMʼl})l7W6V|d>M$/޾EǽfzD>H-t|JwoeT)JXv;-IQ!\z+ uS @Ӕ#Ѳe}49*1 ^ӿڨn}Q;aˆ|WK9Xfh3=gAbVOq hg}bB5Oײ7mnK89JEʃtxtNI'=7cvckS/FxTࠛ<@sDQLX * iĪFdf ; Wxg$?0VN M=1ÿL xP.Td ע0QE59L* ~}Fbq#GIL*>ܕO 7¹6A@wP;g+E`v^)!pU08LD.I'!<'93&݃r$,hk0+! n7S-`L!ّT3̷9(&ʀRFWs]r)荈J3u@֡ y$ZXvNYww%486IQ6A'NotqlP.)(ZZ/y~/KrakGV+(*(nޭrr̥oUjr1빰&}O>X$y(V-#/mo37.KE˝r/j{qh[ 0!"&e Oiy+= ao8 i4Ǩ_4,vN8-ׇto:E*j;k5587`Z@:HXj83v׏7pW Y^W~T%eFd*Cz(w7IЬA]:@=O&?e(~p`k.q:e V#yr4V}t6OH0C;訣'?DOnƗ$Et{DTq.]j*~F*lN j?LRrQoK(aʛ3)@wԗiPq+M %z@nw.wSkOI>kԣ=s0>dGM@ώ(-j?#yvtC``F/>1$VoM.wt |-i>xjEDO Rjj}OZ.o|Ż ^FEB C& & 1sQXToqe~?0)k0nT{jM=- LC#A}pשSJZQd%vf"^#|i'iqE uS-Soy'ˣgJ!]ì, ;7^Gչw 30K3@ (Ie^>2S7e:5ɢY@v 1: b9=U:u^JL68juu,B|P1L QR왕aN"Q15w@@9EX%S.rUl`vϿ)DĘɞy VE?;Z~󎘌BӉ?#ݲyۈ8 ﹾwn.S|91sv 3߄qnɤ,9."'onwIK7[ v/XB' : Z_þxOvޅGjPb&N; ({qhӵxۆGtt%5g7eU}U%|Α;23 dD9}1o}kM@jʆM x_ΤZ 2MfGϔnyDSZPFUqK㯪ìET5n^5Iv,J$3W~&{uC)*ͺ^~e9O 4h5a٬9o% 64(̈19ygwNB znxwy2fx:V?@wTpkP5tx\]T,>~`{jm(9❁CM>b8#=A]3ɳRv=^G[@s駍x O}!,;vMJ n(vd*!r}DSí&_m+臛u3.nc:m6AZzIE֢+W[VT+G,|mY;;AQ/z#| iqQ)Mf!n$9XRj~:@WV"A&E~%D%/vRjc^9JvuKt9|JCH rH[%mQg5(Z!liL{fLA'=-2!ʆĸl捐<5r O,AēM~ .ŰH+!q?,}/ėwE>zGbdE3"t%4pW`ňc2pen]>-֖!\*9Q@Y<[.K괙%&7>4ُf\gJ> sb˼W M Grd BbGȵwTos=)$y!{Cn*e|]Ql|UO3}|MT!H3͋{waxlMɏVخ3s"+1#R85vrwZ ֭hap@d.ߒ>PL zUJ d,^]h{<q0,ڝŷU#xmy"4/j|wsdCeE?iMrö0/D[X= NsM6U>fe9ix)O38U&tթ{x]pu@OQ2S9PAEKMe:f\;ϗ(#kC"J pIG^V:o,36m9y 1Ğ,jHQ Mdzq1+4\&}l#etwyY8p?”OV+F7N/P1B45Ca%ykL^&.,Dt$ K F,iNGD<]G}Xf9vZhD_.}u @gg%'W!i>J?N|~YO2)]Jυ^fl'&OuMU&6'oDHYrm0/r 9ϫ^^Pu\ #ՁXT6eV,µ jHF*2~+תfO1[U>rujW!/֎bV,W9mBfB4^Ᏺ {EW|dlrG%Şn Ozfi9n!+&FzZ$0#ʟ $D\u{eta{{3 ʢ،k ? 7^Z?rxi ͥq-DQRm?`@91qVhr\*{T# 9M+$Osr8t:(jzR>xONQ{cւh^kY -§tR$ ? 1=:{eE+i5dQ͐fF|#nNvO"0,ش㲉 =([ݥU.X;t7mJQ>PN<^9O .tjx^schNLULgujNRtq;s+ʮti|EꚲA r7=O<GfL v\)*ŝ/z»Q,QCژcX(/ۈ{#̚EKl78_~X9@|F- J.K%D̎|W,vW;)jAeCm}X^{A%Bf?VGz/5z$_eGI2b A .+xqQK490U5AZv*sCaNz n~tkK]m-%#^Ay?H_ f-n>&o.B)S˦AS)=m(4K\ck%jM Z'-W6ԟS5tNiYtf`p׽U",@6JИ[ÚN0eC@{)/v`/`{ wemzd5nQ1JdoJjjd`pH,L:in#ݪjúNk{z%E0)p-ρ0h#@ 3ιnˤ7Jro֤ޘA ~0;cPÿg%RmnM[vA)#8OLB]7j%ۃ!lLjҜ$@VDy1:;5l%aa¦ܮ~J\4U ]W$ܳ%(1j:X,R7t<}o:^#g*(1HC$eg~%Mf\GVCmSS"۽X~yS1a6@ʷyƚL9ꇱ=#nVDCNѕq"@BO6@’((=}C$]-Q`-KODe !+3L~)41jE)\ƐS>B*x ۳cnqAQs\r;wt)ݴȮvpuݖuys\!.WM_=֋FܫN;M͈s5y۩9ɺɹnE=됒swk ,\(9^jw\uEbMkMhFD\.1&mr\-wtQBHomur+d2C7BE{yķ"DBaԪ|Vu..Vr66D9I.ƽݝu$.n׺o @]|uˮ}u~_卧λT[m!t&nEtl@|RfRw՛C!Үa`heJ"A+%zmK<5戭ݼ.k6zs^&1\rޚ]<[M D*Q)E!QimncKSCc-*b鴕dצL5TzIpԸ]ӱ;mNC-7uJIusY7@4m)N.TrUa=.N-{a~|Ert-nUT*hy71Y)Rtv-;Q`)e`Twip(!]DRH1-%ʕP:ŀ/Rt !v*vĄg> EVoSU8+M$ tqnF+#9uVhQzh0@؍muWTl\?O𰋼  oF5,Dh -_4 :6 gYD4ܡ}h)tHaKMDA*0'v," DSڬCiZj€1Y$D/v?"/Dރr< D6v{prVX'=mqͶ΄#(fmE=Rrk!J0/ؔAyP}{xFvJ#?wL؇w~yo`$@?N_{,42e1 1$H8Q%^~?@oy\^[ X @H Lb mrp@d;߿El|km'uzGeֻs"kUd[s>n;/r^zDmr1:.?u4LԾݗ/sempQ *Śq5Q[f,Ү_0\vOU5@"9߷IZ.dI܀Es!^K] n"GWo_`:?ImVa~530s@"IK0ʚy`ǀDB=?y)߹vG+WN @E!ژ'pL"=o0jgiQ_>s DƂ l}p|/&wk5;kw5{D&0fXH$; ib{mED<{3imQ4=F{>,XXByD"`G=zdBz1Ӓ2M/"|N۽UŸ9]+2(}d՞zmچñuw{5msYx___0́)Xu/t$)T@<~7sn*A$),B< D@D +8h&;>8LxU/hMSG7VYi&0eA{[[A{@+T(QTB!Z$\@fUA?_'QKWi!!3Ƕ" ;]Ԍ|I*q=z@ 2o>clM41/$m G6\w(q#ʌ7뤟%dj=2!7_ȃ'WgUe5s^\%R}2'{vicuMrF4TM7`t5o <&sϚ;CsO7DL^IsxĜβsIPUHP@P q6'K)w!R |2C.4 Efi:Jsm+*1[y3'6]ޓh^ H3l6|asa8T'g$ f D!)Z(36%?ٻ o`L@=4%o=Da1Ho.`p .ӴzdIm6/d=I$izf!DAѲ$kx:g5c:Ǭ:I܅" ̾@ O=f;G,Oã,Wll ϻB 3$IW:Ąlr޷=a7eB`;2% @ *ORGm~~_. \>vۢW?vB)Ao/?ߩλ*_59 6g̵l >0keC+Ui[eTB5YP! $ y⾞Sl`6ƿهv9Ȓ绰#/7dwJbrJwR\RA78W:swusic 17:B8t4܃ ݮԘGu1ָQ7GvdpnbuumX"w\14W]tW.i ݗ9K\;KdG+/]"4\ !s ĕ؈BӮw;P/. -%s$Mw\1&*1D+sEdhFd̐罃pW1\r.b6Lm=/.E?4*#Gw:wud1;Av Ah AZI]s?OL$ðp``1P2"AB3-r3&4_ift>DÎ+gC_―,K;g:'Qj,d*UH?yQ9qJ.| 'HdSjL)WCr~},\&Ym`dS>@|԰ٓD6shU L!2"Ug^mlI1 Ѷ2"+0D0-Q,)(0Oxb͢l~Sm߰N { KdݫTH$2H C0BM+-̨Mm,;:WVb QZI)DžM"" ۇ M'9A~=^E;/?:+}V~<[dv}o6]G np p-W뻮^1kQH ꡿и\sNԟ]>^#}H7~^~.w[gtXOa0(Hams ίwS*oGxFm! pSLHHـ*IMh:[k%F JL0"Z(LQc 0V`͌L1 PFd awOܳJ jA*a68엮~B6_?j16nf<{M˫{Hc:6ߥ639ri?[?w'*3ߡȿJGP yWqސK°"lWm, ?_5 :I5g~S/9U!%[(v(50RԬSUiy`k= jmLq^5;|[fl}j%AK@,^­SQ$%QYFe:\ aeP-4h<L=9HW17 Pt U0w=n_Spyl*&4dR`l%5*>}]"`75/PhgxT&jQ#^\*{J3Vߊ`ӴPzv.2ؑ#Y7>wk,sڳy^I v& 'eCeigw'IGAh:- 4k?4P=opC*\ 0ٔUugRo!&f\gY*#xk|w"3Rek݂Ѡ y+E>x#cqU"@OOYr/=w@x€hn" FR*,!HZ :V b BL"C!ڃ}](;l#/1g!r]|= <9} B@3Hӳ昑"1@j;YYhwxPxʘ %D@13`״W*z*0NOa3;F]yJimJnV+mW YfF`'̃Ft,+j -j&#~4jt5Cd/ſo)) >IQ~lPhDzd7zuw%aBG?z٧$j_w+s/tMـg5Pţ.muf"F#R݆I&$43{B>ԡ }抵ڽ5l!܀e~N=":7"R iiήߺxK=tSۤCAK[҈.ѿ= %kp__k$ !lP@fNbN *FxH:H9Fo{Y>ەS1SbC_m;rLH F~LBt$P~cxx )s><$s+oNS֍ŞJ gu܃nuq->G wONL9EGmj ,rCje3JÇ%W;rY5 ]cE#{$7jӐ D[W=Z'әS[o:RU$[i];uaSi}ElCaH0#N*:ꐁ=^%VFT$bP/wjg]d{^x 8&7O a wG!f wġth#bC4 qw)ikkȓx˺:v k1`3͘ ~ߢ"14[Q lD?^#7NMo }ܯ3닗IOt m _]nwur0ZX5ZT=ܠ9Dd~26kiJʮ0Q`1iCCX#mۢqQJ!b6iEFs20BHY2,/<!_Z)sܘcW]4El,YؚbFôxGv3 Cfa!g4Ϲ|'yZ{  :"q,Hc(uIh܋`'3ִ0ώ\>(oRhkusrX> ZA"  LqhAEDw/=2rj;M|>|Q'5\L|":}5wX<2ޜOZޓC@bX mx)|(Q+|) AAP)A Xu4z?|ޣ𤘘RΟ6$ D6os+>n~Ip_~̀j!4$)!&gy^0a`gز~'ZsŦ҆ &%V ZӒcuG}f[Y30APJ%#@IGFEf{ č& *eX-$SP&|sHQ2fI^3AÔ!!}DXu/Ο>: HIYb[g;yQjNԨ+W: X["QFۭ\\-(a.ݫ\er`O½;D wڢ}i^#7Av jtBoN v A0$j`P"z}oARܭOoRh 斿B#/I5 qyM}! O,ӼGkJ!hբCOq9ǽod'aP ~:o  <w$ mw}4nT/"āCCmB, i")UMYS#OLm;[Kg=˳}i[fFUfW]dfʁ 6Cna A2UQ8 P|}~D]RM J'vO^=zqS$OWQa{6 (& GV6.٨;ҫAaH pu|R[Tv] L6v„@(|Țyq/f#HjFQ5fYoz5 y1:AGnj:S|^ն˺h0=l[\ ءP!H[*6HP̍ۥ-LŚm@7i6w#X+A+X"THA8%!6mY(_G9yo?&CܶkߧciG.k%uw>gW~wZ|OpystYyLj7ijd -٩H}XEf=VhmI³rѩxVGi$ +$ICgYRKCj7P_3ng~vκ"KﮘIp.w7wrWGsFs#F9;޺ztt(iyuԌ O+cQ{ta"Ʌ&W5GwDbB&KKI6"1#c 41d A>LccLkxr&V%"Y<~UAp`8DVYbtF0 aqϾZugόIxPc  v0Q1ͯ*b%L(`C;z 7 ׽[61r[[G ~=Gg Bܾ 4hz,¬p}mK+Yo@YMjDODI2-ZH%,S//!A@_S_VɅVDC$%ҧ}MUT>M/Jhc2fFӼ1J2|a1ɬD~RɷunIKH ]-_đUjg]yjxW;ٵքR:vѡ|/,JNۡ+-6轓8y/E$m@P%,EBR#[ߞ-`٦l0\"_]Bv1\0Ur# 0pv&?]dr`k. r=f6#K!}l\mH];&e.vB`ٽSE Pg8cCN1"t'w._5"B!f| .O${9w |B^}夒rH)B %JUs#⫟ 4.bhGXZH93_RU7TK SR >ٷ?dEOAm3(|=<m֭QD.al`IҦB3(LP8 ֈ` fZI@TDxӕj.Ddߴ]z@FAYQ2"$ƂIaGxSq 5cge@rH>J(&''鰰 IT@:^A!xvi59]ނ,"H[6=Cldg%˦yECo;h|kczc\z>/x]b{w_Spz# 0fiC S!d" &xٴ1"B5| ~oMr:7f 9;N7տI 9O(0 ,!>'{7Ey@̈D6{uII*w:OGI 6.gpEig\HR騥Xj${% \}?AtnɚD' T*FU&u iiI#VH#%?$eț7z]ww WSKJj$qݣA&i]CBA15Y$TΗ3JB>n&ɨ/!&f%*Ay $cNf}s?f;5T<|9Klek04^wSfMX"M=}_q  jY$awRB`KpނU`3f:#_)ӽꚏYT,wunZ}_mv{[5OOҞéOo&ؘ6coZlid`0^G=+b ӡ [{ Qaݯmw$"PL0R)6ܠ S]x[j0aC,r,Ȉ 0{}Gf"!=)ۅ:⠄tIGʱ*A-n=^?7=hP pf$"՝YP2Je/}*isK@@v^bDw4^s psb?y}SԶ03wjII%7 !.Lw*993oN_pЙs9d1IBa4y Z549GpBR u,d`9fNH-Bӂ7Xv7mz&ZrsSXQ2êdt`F'9#` X-kьvRCh5gj=6h"+znc<$_;*$8ŰAIR>FK1>0ډ1jd0?Doҟ*=.`]zlJ{E!RQ OL ;0s)+˺uW"j .y|뫑gYcA9Ɇzk0+,9&Nbx1eTOd/DN0/Q$`_irBuyJS5tMi\Kp@{ˁ3h8ab霹ǎu5aM h vg.h^UHiE؉̼ WI,Ϧ/+v1nX,aFY0,BWb|]x3 2Y&R-FuDk:s)fGE*jTQU nZBF3 陦aLT3AT$ym1Z]ѝ8/^ Fh:lw3x^TO¡Yq+Ԥe$*)wUTTeRF"be65(%DV*6*6-Hjbq,L̅34aQlUiSBZ0+|/3 +s)7^N ݎ][`eޚεejĘXNsۘRH6J!b4T51ixx5+, M}//G~Fi}X%F1?)ӃOB8[c. ~u#P֢3x=Cۺ(+-mq YiVpHnQrCLi6yIHfC mE ȱ>7YGpWq]gMoofAbEFƍf6֧%f ?l.yZw1+*!(唠SiPbkOD|dlǔ7ufm% jUѤ9#gM7F}0ĠvIa33OإvV97մfGPxpG~kw?ק4$ծX*Gcf}+t/^[ڢfj_R|2%)!!y.eN2nS]5kϳ H*Z)KY>shw[le5L)~%ёpJA', bPGoOt` j6: U< wdW@B3Qn(o#/Y NS۔*%P'?,I[M_n:p%WZsafs0&F% J2 ?櫲9e r.ݩE-GV6liIeJJ#[φ~6 9PJ0߬H`x5q*˄m M喅ymf2D@GcV`2 vʦ_7]V0@d"T e N(Q60~<}OM+y8*nd0&(} !<6kmR gJasB۽6خ>OJ)-,W{u6ikuI58ϯ}u6&v|_s} C6]벜xsz" #23TcCzunP0lM@`Idh(,3{̩F`i^bJ@?q \Ө=WQ0bŨ(xZ)u(QdEb1f$12 aKt]llmLlc݁EY#vo\d6BRK-[:[p GGB0AoD-5? x>NA-|$ 5<-.2ÜTtg9HDR HѻPP5Q ??HC$k6NhlmLPrd,}yuk}kF}\Oګ Oy^n?;dʜ>/$Yl!$w*du='#nL@@ :7U=Ii\=~V[o>E  35gz(F Bjf0) FQ AG0 27SA[O"RZ6 HP9[+ʹFBwMݸݦ=ytZ|+1$RNILS&tTxPmp"M]TB:D Mohtn g-qM+a'wr6 EMu=yK8)1@f %xiնAoRXm12ALjJ=nmA8*$ɤZ3ve=pySXbS-5O>6.s{N>N5ο|ݜ;.۷3EIG/c`PEtKp{n;| NE1J,uVh-3HNcU~8{h:!$391w@!r闫X|Ǿu){rG' E/W, y i0YWAH`:-q]Ncܤ]S0'$<]5Tf_fwĔeb.Ԥd6J~}SujUlm)i6D?FWpb3Vl雼K2&[ r8[)V9mÁq)4D`ogE\?3 EpC &G `Ϣ5ѥ1W2(\̊e**[i-.eV.SV2\]urkw ٨F7O"W p9``ϡ@^~Vh =ILˡylp`ʡ0*DѢkQEK"hC5R`Ul>х+0߶wTg'KnF%OՔ7b =v߃ϱ}#}kg{eVyW>]{~矅x^v?bqSHAa NDOi LJʃ+t_ yT j鷙':b#7ĸFoz10 'q[Ʃ4\ f42gY2nB sT@OiC$ʡ9Rx6g l u0f9cg+f G0ƒcvktPdbȭo쉊RiaiΔ0DXrҐiZ8ɜWNAb Aey\gmmRG 9ٴ"Tezh@Њ咀Je.(8 xr2E|8ȁV9E0 =PT%yNy/ͫxk;'$?gOp<}шfEFHQ1qCjdaeA8Κ!@Tp? Wks9}Ö*.`>2(DH g,:ҧ2>z{nǗCω1zQ_b6}APnGUsy~ŽVⲶcogZXNŪ.SNͯSsɛAhn PHϨa,Y!,IP^:T00& oǸ.f/>`~ w#Ԫd벱emgĈf3G5'6clՕ~:vyGvU LjOcH0@wnjmyfZ t\UQ6ǔH,֪2BH32/ A$ɘ/_t#=冁˕wu9*P`{`2i FzYa9|+&r pY{M(=9nN\$;=CdeA( Uj: Obk:yF}k> uxq D@\o~^2Fv4߬7O{(؊W5_ݏܚDI<TP%,KH"2CuM4Q中YZ31 J*|DP*RW':2#1KE˴R]4򰐋42յ2bui(yѣyg=!rLqR}\amyTϢQc / h1f.c\,{0 Ûm@>IK0|CY}W"`5K|"cccc4MCczl~X{cS[BG<]mՇ $ZcVRysP6 A.fo5D\szn>a >!f$u  "jy#h YaBߏJFyE[Z,U! $mr!PȘpe 7C8Lc =|Deq# K5S#a 2#bȕ_$bŘ*͜pzr|oǏ%áVj-&F X*%HK5wy @cgahar+x1,AJ 0e8p׆,!``h@sԀ\G~ شX9`]qە j(P1k?/DBa2GyT Ơ0pvBaL!_p?ǗVoxn(o*B!e/CSM%3+J=  na1`)y330S=N xA]* BZ e.l5 iQ٠2SrzY$B?"`Kpq:Z pcդƵq,'Vu"X¯*+B.ZhL H u<~$5zr0tvgI.vL.U9s>dl<E.A!zC~=S`I>|M QZtXD}_\o_-0= 2-"mL/MyQH8԰ߞ_4  HQޏҬG;ٌȢ0 !Pcy Ps'?:}"' 4֦-1HtH]kG!9 {5X 0Ǵ0 L0s?Aeǐ$eʼ(rP7bYh?eHq~nKe{x\Փږbʄhw"!qϧH˲Wў8Vr&CxsG=wȅ\pv&$|.>~.(rTs6đN ą>wxG!߲F{u PYmc\1%Xh4z!df)Q12[b^Dghmcs v76D۱̫ߐC:W~ "dv?9eM*fQg$\xo@ΐ~:GoΨ9O_/]V{ S9Kgjs(; /}ߔ0>cxG9)%=x!` B9plu@Lu "9F-'˳`rneAۂ}&G ka Nd$@0揻E@ 0TzGc[,tx#^≣yodGkuzC }kW*^MͪuD<z,kNgC_ @P!%!] ̐?h[b켭l9wy^OTzlhF{1yiFgih)RHyHY3>vBًc I M3$"֨&S|^7鹚;q?er.k2jk_z moٕ1+1kpep F,Zߦm;F013͏1X8Q§jvs W,s@B?DXJuH I/7T|.9wڵY=;UM l l ̌S~S KBLѰ5DX P- CŗC(HvCBQ ,c3tT*t]Bur-oGä2f@o5`͘ 2tHBMqB!5bDmՏuޮ"B& mQwA`-(&] e@J*#2 Alvi$zlHVz h[wt1swel1MYc_.tnع=O/uvsssX!*1+4@Js b֢.4!%`Bau0[n>7{JG3 v˸E6Ob%:JB4#?gÌu|vwq\:ݯ=V ci60ccm16 cc_mu2Y& |!Yԣ:1Wǡ TB@'&) /DG nY?WAl=0@ %&!ܠFLCg+󵫱yB [b)0A{70(849PGY'!?h' ooYLR `~PC֕y87ug8`2#94r!UB~#*̦+S5+溄{qHr9sakܹYEA" $4' ,  12QP7NͤS }_ q?'J2<@% (ce)xwm.Wq`C/ӶvAػqbfIQ6 qs5Pj60)L'&됀o~ʀ`X}eD\P[ @lLjUCI.$N ҚpGptA@͈2`KFv+BP5eԑ/DϺd,ѯquZO2 _s,;\[ҹ4h33ܞ`@ VP7n%D!4~.3?&r0Hm`$z旾XXUKVG]hInM#m;Lۤ ;^y1+* _U2xlvpDt,xzuR0H81 !8YIJJFYܠb / l(6F S~f*Xdv_=v c↑!z ]Cz}oJvGnf3e[x-·}^P:lxN9q*OuPbXC~yJ.u KNJu\҄wwQ4͕;H]7  noeF׉9T&)tl%C>-ԐyYYokP.bh1,ǝuzZMz+wRa4r*t2jl`w1UUL͜"}fyϯv=8#ӅeD+Plj4ئ D..d$*[ȥRRLTr OT*^`*)W'T/ "uhȉp1_ѝҾ4z-Eroq3ZaW33Ѻ*|}Vs&5,So8]&seY9r0Ӽ_|N<CD5p"Wx2J,"GC 5FuURS5@m{HHS4K~ yؐ󔆙w  "Ld gFzL`].w'"qTsBұ! !\puN Ӏw\Òrۛ9҂0OU&F|dh qWk uA t=WjMPNLNOR@*Pd =7UMNf`̵<7]?Ŏlxl qlqJ2&瘙0~ QѾ"'$^![PZ +o~7Hո|dAufAXZIz>\e,n/I|SuO*0?|zt:79Vc&rBi`r_O3dr:>cl/ c{'* Ph0g@(aJ{-v/sR!_]-88 /RQh$:m>Ae74s<; !ȳ cdMDZ]4SA\IW-c?jO'nJrEȈa%>{ulr(`xch4r9Wݜs\[(6K~E2!@2bTv1XRPI6h!2 Zϝe ֨k[q;!ϣn;}d\W%$fEyɤcH:Dƛ11 %4 6&FF-&j&`ɣmV5%ڋcj*k,6ej4$!"IbX+-}L_}ߢ*3#A8{;k0tȢ)k깗{q3\ uh Ɛ*`)?&~YR0ޏ1N|_U]`3 ޅ-/69G>1_o+q_@p=ؐBűN^l"4܂W﷉*R@/qۏ7lƅ^AˆA<H ۹0s:hl)w :X>!`|s ?|1>@(ϫ}@EP`l|a.BF4 W'o 3j;v̈aCg2B{ $>Oz?ܽݴ&ٽ_ab @ްPT"yTK2"kԭ?h@fG2ɴel3H8D0"W#w"-w^H2]RM5=-G#fN-Z̲_(5ەζ +q8̈+00z9*a18p-X#;DκW 7]EGu]K1/1DHd"'sPf,3>a>t]n2BB&S*:E=DѰT4**jV=ŏ٘7=_#TI|ޤ{ ]e ?q\tgڑZ?1zl}WZ&;l$)ԐyU;mU6`lO&!)"nW蹙YLq ND$dDf7WOd Aa-U23.@[/S|:$rHA.cEddyo9Ҥ& F$ڣTO$p>?^jb$ 7ٲ@ ?Gs/sB"O(Ou֋w0{>"*: nN{ -ov^hWX%  !k;I m$mlܣd4Z,lQkrV4mO\h)RTR][nWӕCEF1[7-B&B' MPC_樈;mJ+j.p6.Wbǚ=[Eb\t-#PX]-,$Ai-QVgW]cV(" +yH(|m] & Hbm&  Y+LN"OGI41)#~7Jz2Հ[R7-Dm !R(YY鿾Y/%)Sɐ#32#$3gvCH H^(m#]oM="czFLiFaRB3`鱫ۜ]ЈBāb]cDdj˖kM%mIP6scie|_}?Vi~ܗ"u39 PB)BP1Ikͮbш4UTF梋cIjK-湶5͊-Iwm\IX`-cQ*uԛF"jRTRjDb*4dLV1#KQr\s3bMIcZ墮Q'v卬mnkFѱa+lmsXAhm{A6!V6łDXۜؤ1s%kh5ؠ5F6"nt#T.TnQͫ6nDb9lj*mj `wm&!W+\EIFأmn+cIi)*+m%ݶbcW4DlcTQ\ܨ*-6mҍTZ4[QsU(RIՍDŸW-`m\Q5n+r5snMEwrIn"%@lcEIb*{0cQFZV4ت0ZfcبX`F6RPFb"t4cj5]#Ow#XlUF̴[#b X*nksQ!056Ƣ2֐J4JߎjkLS ů4c4[EŢ"[h*+`Dmۻb<וE( дkRX 渮Yd!KbPHRnN0Л"Dܜ'%h(hJ d5bxl1|1>MOr/1 d2CT i 'Lmsllbk !Sm- M5bmȊ4lb$0B) )X$_W6ڋQQR4hh"؂*,40FEE)4l6,j1PccPk+td2ZL5ERLDœmh4Ald1EF&X hrD5FHk`bhL4lm5%(КhjlbtU[չPZZMDi1MEܮڈڋPhkucm QQljܛlTZKFŴZ5X9AXkFV`m-k#Dhѣhϝ Q$m0@kj5hjŨt wv+sk6-Ibk&U7*+hlܶka60s[`Es[rj*4W6JU!8`7D+"!)*梍 nmnV\R<1iR# j=~'4J+F;ݶǖů0 lV"v+rwnI3DP2& LL bXFLM(ŴcDbi5Q(Ţ~#\悓sr1Qh"(+C) hJhŢ*MFi*ZQHLf"t1o]VJQF6nOۻyEHc%_~HALQLcTV-AQBF-lmlY+mQm-ͼErDHQ b]2knkT^Y*YEśIh_Ǔz9lz a9(2Nm 2,dlj+bƊ QE{<-IޖyO]^mt*aq+űgN&='2m]pvbO `.2l;ڛdr>]~d%2Mf&w\LQylh*Et4rv I GTlzgWt pcΫp@Mm (A@cv3 Z0:3!4:/ާmMefTȇ Ԕ@wNj$B Rp9.4lAjU5ҴuuUȌkۂfNB6UY0Q* `5K@!JSTJD ߚ]t9=X1*[ &Nߊ_E!nڰCat%t2g1rtCu6[,if)Q2?#Vڵ(i hAJ@B%Lp *&_[2Ct2A5RELgUcmҽg~~Km?o~x9w [/MnW?{"]?TSޤ0 Ȍ\$5A!(QkI& -YڬlΙ쟻z;>N1ͦӲ,6(\CՙH7P# '3Te{4I&nS_F3=ּL#fҲ0l^T3JV0@`K0:}J]MjWt9Q!7E@9h@HP6c2ES7"0,hv3>t6#W G"gcq hȭk"J $L =_[Unڔԏp#ITƜӔ8#.bFpΤP /w('Nj3`f;ާ,7NW.'Zܮ7ٳm-<6 3>Jco7׺Go}ki[9'K->#$3Ff` ZY DXU Q& m&(1&5XhF1ѨQh+* EnhѨف-5b眢ƙbض6X(-4}(,R=S>>?T-*Ӽ:}#$t7aKueܨ~(65cTj5uY4E,m**kFXՍ6Z-%k6R bcY,j(EJJT P-b*6QdHTSjZJlcZ4cl[bL6-jhXXɢ*%&bŢ5V#Z#d(4m4RmF-7emEi6EQEj6*-FQR[Zj6-UZQQQcj6F XQ&Ũ~w16ZFڋIQQb4V5nmV(hDZ5%bmlXEW-Xlh-3[hhM&F*(`֊+0+ BZ *BF\Պf*hj665Ad1XآQjFآض-&F*űQTF5QmV+QVXQFجEFԦ#UF#V+hփh򻵒X,QY+hi ElhX,[`j,UXE1-E+5`kA%lITV++FQFZ5IX+cmU5EhcTkh4XlmڍQرF"6Q[bգcb6-ѫ̱dƴV#J52Z4llj6+5`&,j*JZ- _-s[V4%(fj-RmlcbѲXV*4hւ#5QКFHdlѶ o娢Ũ,j"h6-6 DV6EF[TE4V(6X,V&+1UB6 *4mQɢEV1hڂѓQ*+Z-DjƈműhգZ#ljb(ɨڙQc X*%Z*bh EElZHZ5Jb~/D52܇*˔~|*@4$mh"VصGoN`d<܆eI+fm&'&ohB4HRR~#_8Ydk <5f^^]ap_-1]_q|5xuUo$bZaZ,,00APU2IZmODnꇩ7vg/%࡯.N| W(}m{6rqx4Pa_A=Jk YQIag|CIȃ=<;u{qy5m;kS ٢<#J/+Xx=i&utwOORMŦQ)re74!w)?~x4~wn8w/-'aІ֬9Br|9D34g<=~qS}=L|2pYώƏbs'd4a{uцZ~ Kܽ; NmM(MtSG̿3BZ_}nh߷\;KDƀBR Rd)P/1η"-"c=d낛yAD<ӇFJr%;Ӕe8({өDLJO#o' {Q“2.xÃ#(@!ArπXa$8P&4BBءf,v XEàapM=u7GmkM**()LJL $@I(+99VbafKلV_3Ga|Ӂx§v:.LB3Uvh;: {% {c^_v9nG3p,Z:La!AYxUPmLd%xe rA S1($P5)N:/Gٳy;::F9Bxi[(iWevub aF IJ,0 !E/P]%L&P2-I 5# x /`n / Uf #0U?`DD0i"ZRvb "AѴV *s"A`?d bk >^(QhNpJ6jc)~{rIߞ}xOlRA)焘"F)J^|`P0kA ˺b ( A@Muɫ)}4&feIIrEH,Y{f(!^`TdDŌZ .ac U]t`/7*1 tl D EkHe& `8App@P 1I+aDC~vffAIJψ. ۜ!tޚwom,hNLuSt=;nI@=ǡwI# \aM" e4VITO T5$Ƃ01KA|I꾇l_#zu{nSb'c٧ً Z+`0JQ@Av (""х(XeUi@XD~ Y=d*Cb`2+AeEH`]``c%2FX JNtrü9V$2*@B0[ (X e.ZE(](d(_:8G \0l'mVhUPU]%kF9_ V/b#{Z+#Hu)(d ΁@QE Y: f Aq11#[3`+IVWpp FLF" Q]BohC΀.fVCE8P&1E :P0gfh"gOxMрfRln kZOCtv4uT< k/q^w<#\N\trw, Ae)(P  h[B]#LDV1qb"(ʊ% HVtg4X4iA0@B""!Θ\*<#E-ŲA^,hjP^a,bV+ `,b*?7|/;Z۝O~PsE*ǙłY/ d,ɊTX +!xQh@\ E"`RVI>Ð4gnc+qlE'\%dB$ XgCDL6"(að8k 2"A֢u/Q7 F EMAFm+*K5i(8pFL&Vr"7~< <5<&ǁS=*W)gahZ%aHb/6TEd TW ) oؾz9ȌFE쵁aafL9LȒHet$$!_D,Ĕ\]E0u`D0G +ay TL-U V"HH-`aTl32cS{KyCrK.h)c;eΙ hz,;{R BTiVpE"[R"& ڊfBٖ `pPa(ֱ\9!C6J=M.wE[9P@,5)AQKDb:p|ഉkfl`$\ Ă"$4#f -'<'m%g8`Jl'ZPkr cÅ.LS|׃5G 5<]1ˠ57XsoSxާ[M/csW]aU  eJ^ eCUk3se(jx&L6(a<6S~[%1/3K! AG3# d T֛4xNs8z.vlOO"]8Sh1I@ U#EB71vtj 1@E3Bf p x H96_mfh9< Zp!J#-" H&%h@q$8݂FBcK̬݅ $[ҍZA00ph&/o ,Aj]0P,P!"С"\`\d8L #]LBZ" HjJ"AR)ZYD@)NȤJZ6Smm}ZO~.@Ҵ_gvۻ;S (ٞCOATp7Qa?~qq! #Zղ$?ѽڞ(y}d?oSzߦwDa6 h&`Q(#$#OSh" ށ ?mt&jkxh')G [0h}w( A6\h}-Ma` 6~=-`jCf$ Cwd0FF k`4"od 󛍏B@0)M/B1uzؐ:N>mzzwDtA D:z3Ada*I(hZ"f ߆*~]Ww=||זngOLjO:aXS@0S5xij l؞"ߖ^BL+\ʨ YCIsx>]bNkj`#haNn D0 EmP^ 9#>vd :Ƀqf$W93\4_UJHhܘ"A"'og>!s]Fġ|vtdByvNZ&.ϚL%c 5Flj`QG =5@P&BI@P)h,|0߄H>s>SzJ/SU4hF*X!YXnP]HL$'FG yf*O;:?|Yůu Jicttֺk5+ykȒ 9h#[r4\%>L}BH"0U~a8Tֆ#{wP>Vm>Mkp^|kƫRȈPL Q!g!¾#R~(Z!{Ira2b=($#Qݙҋ0YT ( }@o7~< L,QEyMT)DyEK;&FH ~ҼLɘذGwb3:@2A@GԶ}5m}RzC Ԟ?>] :E'KyYz?Og$m@O tΏ.ddH"trQ֜YEE#(q!ɄKJJHU%$@ ?ԸYyҀLT22^m։b5gDS %z>3GXCxmUsKU= WK]4AKdY*Q1)4@0f`]F:O"5",Q-\p6}ze@BgHs]g[XTv $WLt†%;SBo6EB}JNwnhdLj{0UswtoDsAôWf0wU:4{}_w_5KCh:U{T1"PܟB^ů@}920t%2(Svli?8җa:S@ö9aT .~\իqTX.rMz;5C̫h2TY  6ePZ^3{(Q@Xh´_:6.X-zWkS1%.6Yf ]S&+3~İn@ hfb' 04׬`4-Rxm&ޓ:e4ν vY6vyHCkSDxLKmTD3nniApyra>];i"PQ֗#-W;kC J^Lw,ۅ :SnQIYiH,1XFa޲DK#_)<[.:A+Rgr0#oO.{ِ2qU. +|l Be2)J3/F-F5= T az7$90j]owǻx=Og-ٯ>o% rUef|T{%1q8%&s!a]:3qi.%?l[ E<=-zSLN?XvKy=b'u)ݙzZ&~Qv3oŻQNk-@ڢCFݬEQC0PΤĆ<(wG^$09U(Ԣ:JթdYu8+Fw?ɭ_}RւqսcW$lԹhtݵz[۵e3hwti Afo) a9H{_3fK?MͬhG C)'*̴Ea.a'Dp9WHzQQhg{vTү*8Sl9^y@,aAFoo8ZpO(Y/H5L^lsmW mZ4JEטÖ/).&E7{}L2~X2&K~8JՎ_u>, ?n uSVV*/&`<d͹ߢe&zը{NH7bwvFh֖\ :Ǜ^mn| ޳Ύ|Z _ӝtImvޑ$ klkXmydU0Mř+R#!&2&@@E{yw#ᅢ@1L3a)3K; VV=qӫ~t$TI 4|;aPa!@Kb"fo~ꮗ7C=ib<B~3|aq%^SmsC?]-҃~_{}|c!/EopۇrM^36ȎSJhղ&b/F1VdQpߠn2k(flJ[3L)W36Eo6hϻŇ$'iҩr򛮶=Cw6/4{Ya.PIe=S% 5ex1V@mcaQ݊}xش4~i<2+=j,rx5m=?RX |$ cڭx,u0lp-d5AÆa;E(EJAbv;xó]9XxLК!< o?,Z/tP/߁Ň\@YR"}nUA,K_04Z8řTuOoYhJ~R\NVOwG_ }2þI/;KK 0ЀtrU9: _BCfa Z,v`ZG"]6޾!ɻyZ]LN ԓe5HЛ%UГBEoKSxd떻oMe"=xt^ h~u6&T1 ;{LXZ%2vjbcX^["6DDbШX/8iO>~_ZaSU q]1 +,g;Yp`w'PMB@ajfulW~C!RT"rfVJTdl\8mS]QQ4Ωۨ.6Z6*e:L|}+ݏⷼOTSES_On+=OS6(9l"F653MmZM:kS0TʩyW|c0.?l{Y3@YQhhK+R g;E\RAI̖brF kl9gms=;jT6wɠ[&~JⶖE(tB2W#d_O6h-}o""IM b7Uݞ"=L81> 7/Hb!'koT ^&r5rl1S%tM 7QHi&XYW~מC'a[ (<DBm'̲%!3&#"mgƠͭӫZ۶~5l,~՟BUdXέVJnh,V&-1)<@m(QCe]>;%3@yVيjlen+ṙDS4d/h2 v[UKxM;{q<*YƝW6gb)y?Mq30Π(9[T5]ņ+bnl#\7=;=׃x5) %_hYZu'pqZ fP_@b/3^&ZYLC@~TF),ޘѫS" D![)BE"d3W|XMEi_-9 @1f%+LF)#ɰQáG՛Ő2 ”!">0 *xX5jI]C$n;b!1;^EɅn<&HT2q 7BƊieC*R?"YHJKsNǾY_{EF~bX~!N(|7vML\,b0*c{YPPy.s>3bHE+*Z*CSF;@|ۮ% hH>@>SN1icirNJcQMH  &tG2-6W \!"Y:vjDJ#Ygnx5ktr lNr{LՊ>[+Asy5a~oXy [H~9"'S_U d?{GmVw=E |c1̘v)%~,39~" hģ*BDg.Ѣ?n"ViYb"~m?2OC% TEo+l q;UTx=0\8Qmz?+췾і1)={ҀhmGfYf]O3wgE~ꕔVt~5Og\U1CL YJJzܕ=K^\k)S@31+>aۍ՞s1K5U}>& 9Bݤp^p 1I Ed.hjrBg&AWa=#$w4x4\j%bRn2jF}." ǧ,rۯ~GHk Ǘ[7 _MkJi7󘠌SFi {_+}sU zfŝ?[ű;GV:{{ו] <XH TDMsli͢j?!P1Jw7V5^ڸ"󵤝fCfj 2bebXð~ƞew`0,6o}ޫMv^q{vWP:Lȿ'}OD( czKnA ں]oZ^mc:GSk]_ut=s7 J:nƏ*}?|GegE緝k7O5GWq'kk=vױh<_˚2{4oc괻;kga7! `}OEZ?Ce;ڜI`.sg0؍+h0~wκc='U}\SЯ=v}1=`Wc^Б~َh˵1KΠ}sΪڠ%ynRoGI.#diO:,עCq P0Pe~3oΡ!˩O6-io٬N\z B`QQ DbefD=INuɂ1?@rϯ`fTP%ׯ :qemN I:q1͎j>ix7*p'ΚANԧgoS|:Xp18~Rz~=uf f#7͛d7oY2c*f(hфvrvo:ȎYB+5GkS:,&DALU CGznzxS *A&Ymx`"_M%dk JmeGӀ(Xm6sNy@(Qgp̌@C.968 ;s˷йU4HL PWR@rLQ-t34sLN}?WomdCYaazL bLKJ̿⏨HR| F٨;UCQ*LHYemml(DrUպJKx|j@p~ZJ}EFf=_Nfbɛ۸OFx`AXhyT+?^?/Y8!8=:FVrUlԪyћgGĄesU*Ah$fj٣.U M+Waő,4Ѥ Z+W]ũֳ.2pz DEͥgurYP\ Fd"ʕ*` (4VpB#p͆n>D BXuY(ٷ JE67g"@,pxgą^^a3DBAű]-M 9~7r5o{us{'Ӷo0pgd،3,{I}`@R(jOmb=]l:4fQCQ90f>_ZIȺ@x(@mV[80P,ĊK >Q$?`_&{\ Eϲ<&}XSk`(>ȁ;JaOFZA@N3hoZ$"D dinm!g1 ̀jlōu#T ĄeT*&D4Na[ۄq@F^: ^5! \5$ ɍ߷XWW{MݢhUUqc 1aT~1A c7~uy!=FU 0סUHq %T0kn1my G A^=P@vs І{!sFJTU#0 {PD"CsSS̤K@,oEN+i^h"u1gN*X`ZGŎp~c Z18ph@c'.Vh%2:9$Ph .հ=Qz)?qhɠ_.W'W[a i12봮~Qk fQHOuQ3|`JJ+HG1.) r{X)ߓOPI 0]=n4h=OU'S:p]a.Ξ~~SÐ8N @w`#e P+R+H^Q< N6_1|ښ04*;(ToKR4`TQaÍxMB`KMHTqik`=g~_AO|5;NTEhH:cDz*B|q2|VZ$Z(wmp|Syc&>o:f*:\/1HXFSj "uMN ssAKnmh\MIj)#zɔmpҡ+蜧x,_K1Z,<_V1/\X66ҏG31^Sqϳuf[>e?a3}^LSl‘Fb;Ll͒ˢKx>s5fn|0_#ruj :2I29qdJL lMI4i9\Zh i:R*J`lT&m Ipi]fƁ20:f!:|yrvHΐc;+WC/CKXqJ!S.Xia0⾩-A԰^8Ȩrr8d`@gaQcNp߇;T?QB# ( /W pySPrr9H;DI"1x)S6k#Zvl擦&$m%9Q#.uEQM| Y%~ɢk=afũXȮl#HV߄qcVQٯfeS@Bd 3<An6uUqq‘9G9Y*HV2Qk1@" & [db dFJ.C'QoF 3V1DkbnCR5]j=*C7No9 z%*.DdE7 Px`I鉭$6\5^"(UU<^ KUH˜)Bo9b+/3ӊa*ֶ, E^!SbD<6c' ѣ;n5-Gj6UJ-B2($ZqxRpK@D.sRڣึtQZ.dU 60Ya"DїI|x54;KZlN+}BIrxDB\MɼxdP Ě:$?m S^9:>˂"/p'-n # +JQ2)З,g)^T#0ZC7R;/BNK5!7Ple5i7+&_M ψ  v7mQ pRFPZNT  QkP@$TJTӸ4Z2)A ܰҀ(8z w@  ݶm}p=:8ˣW,a5ض6[<hEU/jd-k[3EDtZZaBgvkj[VREPQ@:i%Q UTUA@} h} gRJ  = P i@ `YCGmϟ\|>z)}ZOw|@v^m5U&Fz{`t@a盯28XR(#wU馭pm P*[ R[:CC pxmPn}t zdP z8 {U1֮g.рs!6 _lIc*KiǏq=sE<+YuxwOKzr'1ܼ(l^Fax'BRCM9٧E.]auxޙt1^څ=㷹=80G 4Ѫ[;>x:%-@>*tǥOo/6>oq *`dD|wnשt>7'}ÎǓg;l(w  P - TsC@5l2`x-dA]MΫ,þ_\>lhݕ_F2}|\8>>>.1k]9gu u}oO_zvZ\i:p^lҺhۊ ۼ h)\b|d@`02DJU@ѱX[V/UAݝSw<A0@`L d@ M@S "h 4h4d zI'3$)jzi7Dj='h<ڏL=A B&@24R6 x{FiF~J{Bz(=OIh6I)=OSO)ҚI@'hLjiGɄM5'~`TOҧ4OM'L)S=PziM4'Q<&z$&52OL#"z44M4$zzO)蟤MI2~ާ44hiy#C=B`hj116І0$H@Lh4ɠ hh0#)4O)43@S<"EOqNblm&HmpdƸf.!"QFV6( ɖIC)@x6]\Eƹ$tKED#u`kD 0|pX"Zk)AYj.q8pa  a",!di$E "cm+WkzmmyFCc3;CmOGdI3i#iT)IѴX]miVp,:>)$Lqu4ț29_Ib<߮o\CMCaA8?ohx7GXkup{Bc'"%Jv.6ݶh&J%W-wt;{O<<Ό̢L(>cxSh\֊akPu6qpkZĘk *U"2q T%aaJqfR0*@$YCWR>[ٴ91UURɏmɛC|aO{}~X,6Hp1Q& * TD4LiU@Q`(XU-dB7E3-R[J[(YQ@.70.nwFITLE&ff3ֱ˽")jSK[`aɚk7\MbS)\s1 Rn:rKihFP Lne1[\.5lWۈgW%ȹ\cFUL0Lb5ijFwwj\hsĕGwZͮZ ˛-b"DY2WW- n \uaxk74˙Rk Zlk76HLd UM)hL`H\?5rb]҆2dHmIY-uƳD6"KcwJ3.89D޴kU3 Ex2 BPګ!CB% +$4V,ՌPpi2ږ㎋(4aj\wx0Vָ院00˕L.W. Tcan5ElQm)Vc1ᖺ4.e`Pn\-m8Zt*%[LeֳLB屶XfETʭ. +-G F.&f` KD*0rոZ[\QL&Xșr2*F[lE.YU&%r(Ŗ.Z\˖ q )ۍ` +Qq\չ+!D2cXbJƨbɌHVZb8ަbN{ [r e)2IbdӧBRںuZ(ݨ;^޳9_a4AFH$Hp90i*a* %)"rN@8+, DL4J-.<dEdO7)*  ;ztH0=]#@AEMB'5q2/|z0I$o!#(@#Η >>Gبo&}6q "! B İg&z~ISuq+VҔ)JR)JR)JR)JR)JR)JR){ߝB6V70o m1iƤ ] *)a`?K$+p9=Y48pḘ ϒE_iKS iDB򑽄BY GoDa 1 p¼ZO+‚!gPB;G^X6M}5ۮ~{RHm6}(M]a{Q>/|(, [Fa5-u0ȨKX鋥ؕӔyV6-7Zs')Hb/'a} b<*,oׄ_ia2l)^[^JV8S2rfJSkء+ q_KK ʸd`kiJ?A^*M1cME;m1ŧl~~s1$1n"R9[a3-VRP\Kn.kwveƼp' l,]ۉA2XDD}]2lcR~TYmEkbg;跤C "Dcl`ƈȐ!M& B$aqdBw\%Bˈ F24d,$6M ʐD"hF-&IllͻRɨYЙfˑ($PW8J"L1P)C4"d4He3 i 3cI4I$$)C4(&H0nhr]w6ahA4d( ($#BIcb wkmȍ(Ɣ)s%mDDbbȎf6̬IL!guֵY*1 @Qg7YFӄ)c-֩PV#'.4V[AX-(\kqwGewq-[t'^xMlJ) E**(mbܙJ5[YB[X[y¸鸪jqm4[jdǭИ\˕1 Mc4k,\EFb%`1I%ܷdZ\I%0FA"BQ6b+1ݕt3UA!WYv;PKJT4k/iKn4ộMֶ4r[CQBPԪAD*eR8<~zm܂dJc~q &cc#KF(D3z+C%1K4A,҄ЈBQbU,fļ=\F5LMɢIbPFZdC#(J 6,DA%PMl"YA(dK$i!L% a M׎E,c35(-2l*&,`lBkw9&Q%ܮ@2DQ-($CE5AZ /sF !ޫJR*FDqڢ+OMLyWvq]yp8CNH䏭d#+B? `cC`UCݻOҩ!wo,uC0"YThu;$ \d]!FzĩYԺ6mK]j+e&*%XlBD=ܗ/'g3Lк$o}LR0 D TKJDYU QB Az[&~զ|e\6ͮ$lƊ+3ի <-ILnq zRScK؛;/{t7}5jrW/i 8&e{`YUm6sC*0; V҉i*(A: =]$`Q$9m˭I:P =y rU=֍i%toJY''u޲׉F eѹ4AГ[@E-GRTb>]+L}Ķ[g(42 ybZX4ŁXsU'JW; .5tNd+SQ YOFkX&پ2fܤ[0ewzslq3b^*Men.)k<kxH&fa{M#eGb9ǚ8d}&A1c!2 ! B{["2b)A z]DnDŐm[0bL@d<|)xȼ T n56hȗ1pȧjNh]u%9k'V9s8 tGP`0;"<TbeH-{ :m9I2ѨtS5EĬ*=-']']*Sk(h/j-TiȘ#Cq,9`NϺG/E0zL/IJ.0VzZ)mڵ.n"."]djFE$iETu$c w5 .9t1i.S< ־4&eo 1$" f]64'^SUQܘRiC4i{tƞ1?8M /Pl _{,*ZIݔ +T%ThBes Lee%U uC,7yY6Wrm$[%A>n@qy[C0׳W—|Ev+hRQз_eg>~.Nܨ;"ⶢ.6~΃p<$,%#3ak$~@<My.k8HÔjC$brQbũF{?-ګ՗s/Nb!ՏIъhFƔkE[b!#=]LA}V|VL^%T\ VXeΰυ+B.6u%t* *XV=` $0,`!/S+-ܥrLdQrKafms(cYo53 fh֌p ėua%w-w_RW= ,<fS\g.$#΋ Hsر o2'=LWIlc"y^cq jVEcb_P!Ĥ2j7U4 Mۋ c)_&uʿjڨ]ZKJWeP:v&q+s@0檗!,K0uS NltYN0S:ZŢ }f[+)j(k}G#JmPToR 5.taFg0# dI]i[ADY3Ʋ^@*5P('Jn&0 *`|X*j&F3EcY5/QenN,*e+5-\_uS=JV$6Cȹ͐q GXsfM-|Yq ,$ 3"mf}=ۄ(h\:A\͕],JծF5D UBS wӤI,[-cj Ő1gUG3dY]LiEL@TCIY \TeK ɦ0I0uXD骝YG՟HhJ(}9x,iEӒ-1!b"j@:.3nN*"+ _`y۷%S-uY p!SC1S7j}  }eҷ1ŨŀB4?cPG5¦ޣ?;*Uv]^aw^dH0 xA`1<p !C6toa%qg `~?NkM%דvQ*{Zz*De1n¿bva9vЪ݄XRk٘MF Xp҄\mm+tf's#xw6SXlrQSL[\e| VWfчZ[ B b c0ZBJm𴉡*&1S]{e^i?suQc[MUҚnɬ shdd lAMia MS'+uwb&敨O3^~UKh6v'."ah3}RKM-'^:N{4lꩌ,tbhȘ uBIֳýI'0:JN}p2UQ24Q QibW{ Ǔe3&˷_Uyoa&BHki#l41S\`gEdjk/ae6ʲgY4Ўbʹ"t "ټgӳ[:z%5lJ;qe|I4 ŔսoA c&d:ICG{rj%g&gHa|%iJdϛI[8 \IP&gb;nmgaqd+1TS+΢s/rlTm4v"c&[eHLgXq*ԚZut%Kd &ktŲSIjuA5WS_=u~$POZ йo;s,*k4l [.hۂlM֊XdqąKa+.I73O!*`6s1aLRLȌDh5pIv;VV ho.kG-]rTvkۙDu;,#o.p3,/bi_/A==(tNR=mGQ t+mݠoC]hj>EɛـQKD{D(%U\k۴:DjfxIJ$YE a]L|.dKkw5ܷD.ܵ?L6 )QshͽP5.G#:16l#H9L<3Y.>MqVұ 0/1-"nN]=k8xW0-Ejvl#2Mcs-똹_h Cql\WE5Ļ*#* l*X$Sfuٲ٧^J9\j5I&qT(-%eă>PEꫛ[@8QYؚuz@t2yEG 8?ɫ CiAuqKŕQOCnU=$&u2[%5 |cCkƒHa8fv^9`2x^Dǭp9._I V# /hFhlv]E}\hj_,:Hn+MN1mjkpI4]*y  eQK']zRWmD"771Ƴ=ղe}Vw}^ڎ Soj1h//? U&lNO^ڹ&7$Wo3nunu< 7fǹ]@WL9qxֲupQ[唓d%Usk9X{UUKµQnmxeµ׀!KSB0 7=m4dc uܱ::PrH9>#9oR>+Ы?G>QuL& Yȱ^Y`zi$L(LJFk`aE~f$5ǰRbBi{. SC*C;.b\\21A,DH HfFLˣ~J<"ӍK 09N?cDjm'>E<5F6`Wb']%@VÅfV9F9u=YipL k'Wr߷@Jr$(A? YbU"V3qhsXL!Fz.LnGSݘdrSB%GOHX6b(iK 5I#,ZMWK6Llm)p7yQX G0ZinT}M#*/o!0]@ì[KZ̔DFkDU|:j?Ye5LRfmhk4/%fi0CsBsp ~% ט+*٨YQBbht3fM5̃,a?2dZCgH;'L@$C< *Tfٮyg{<ƶR 1Kod9N)^lQ{A*XCKsl *5#*_&\%7)G TΰD3j+2h\[S߭ԻX#+(9Y̻G4XUX42b!ghϝmm%-Ky4`UǛ\"{qb?%IS;R㵯5PAA 'mjCNP䰖!ίȬc ,rv,=D#ir~v޾b"(Qb;[Bb責嶇_wCiyW3oqgPcN$y*2a#+!09F2gtIkZѫYQL<6+i e_˚Z"'JAdJyD$f`WK j05M"+@ZA j0Ir=".m3]w|-~ OΎ*Ξ7*nBERϵ+;"+hLeQM]:VO7Ato`1(ڗe`%ݳBG7gwLˠǹ lGW` wQhӪ[?R$nVr ; Yt(t=&VM"ant3L2갴W^6Qvt\ݚMy*Zj50rSR?6Nh,h,$5ZeLfJn % `1eM= qpZQkKEaS/LT]VIWf TUfѳy⭡cUH/2tJX$TlkGKFHImbk刓ZPSDlځ+KrZC?+gzinu(AT!gYH`|94ħɮȞ _G/'M&m<%j]r/XyOOdS[&{eU.~Xȋyʄ5s_yqHG/k qQBHh*kvrrCc=;%"xz&y5ɫzCvU2-(`X%327Yحa6U>+BjEcӅX? )Qe%A5o\FE*AT`C wg ҦӇ%.FqA>~]D֝ <[L۸vILϋԸΞ6=Tz }UDv5+97"J">TdE u: vAWs TkW<N|4Y(l ^{IJ]tQT`^׶AI%Uw;aB|f"QigL]^citT0Ҕ*n5E2W$#h?{e gPWSHBKU@~x2}$~OFqa}_fS+w۹:9ثmER"ҥb%w{pO?,MKeR3-QT~SIɪ1"'|t2 tS"ڄF:(,sXDŽ/ ^g|K PbJ߀]y9xMqt I)Prmo~+O4Qĵw`Elmm-b%ierr9\&ܤCʁ ro^hkKKn|)jvjW$R5ƪ_58>/UղRF[K[%Kλ;ÆstN\:îvN-(*5JJZH C1ml2wƌr$o]&2-ί3}}zWbת8|n+4` )#<ܮNv(y hF:,81Q1fMbj`P("앝0.V˄{qW B.+ԑ"m6c,9>%XMuZ֪ʋ*4śdL;Q<5&Ã.NXpLƂd<|I.UTAd wR}S$S2pё`Q^%Bxa(Y\b\+*IrG&%bT&>44F.k㦓: #WU}-ࡏ9S͎.(Q .*եe,EiN۫zuKׄĔuڨ&5h hBg0`r RU`iKlMJҜeM:JX@S@)KH-"ɫs,K5챧aPcVRqV8g6%2'r.Ĺ{[!_} 9*GJKWmFe}g \jSK&Dž9jz=XPꟺX {Z X2%N.(pwC+WyJ;-QrG'B]$A0*CymSʠ8mm1\K!"wyhc`dPQS ruM3'(CYr7֎ܡZdd& װD?B>0dUD^V:lTsTWl,c\FPD" '*$;HV׺fqYdUT]K\>~vUW*$UFfBJwBB̚%m15"dnU(zq4W@=ւa.nZn(XȳCn^zK5ZAiPLf<Ք;TKP, ]D5#W`¬R6M0_Q[ţX:ԌpTz5 5f+ T8H/)Դ>K׶Pr׎ Cxj Lg4 ( a;ڷZĺEu1u$r:nj)X#bdh&ofψw.ԍm=+pgCgG]"Z[ V,k!asKJ HW%miElSKbr.uO/QKBLC]HC͜Z *X ¤I^^R yDwzi$ZZ4F^7`n{\L,ej5F?ɜn믵AىjXD=50ͻ<յ3QeL\QFOX_M"yZϻuJj@n#H8T%EK2C&Ț*>A bI8P&^B!LiXyD*lkyfa Id\_dK&"1˳eU]D#I Vr`2\c)ݛ8؋ 䫙 S {o'[OE:lΎ d{k (1~nUPU5DMMFo,su!$U2XtslC9ސs'@ }585L'c(qzThtKE(2 ]|Tjl7']cZsp/9G%vR+ )2\UN5R0c"TоOj{G᢬i,W[  bew; D1&͸M^P52{ |Ȉ\MQe3RU:Ce" ?C'ec:գSU~c֫2ۙEvJUvWS/س+WZ˛5_>͍9M{*H* g}wMq9+dJIUeZPz I\$4 Vܜʂjq SY#<caLYN.eUUU3'+yKz T'rV#*'y;8Km$JX֫`ڪM [񩱄X kbX&œ-,rk%:5.|L"YZ'#2*c$![)[U,Q[ |=VT2;̐o_!i8gmI,H!%+IcQF#ë/;AI#X_:h #QMi32[2 RgR vU@+ٖЊHy[6TʣƤg }s ظGILajN&(-ɛ]k|TB~'LΕ\5nU r7^F SEZʤRAĩjvSGg!".*=r#£ʀH񝚆ȍc;>"\t WcJ:RW%6;F*¶5X֥?!D|[̙yi\h\(RpplfULUoSM v',UUZSɗj2H4!Ff)nơ<iu]hm뻬C:k |US4dƅD-KHVٸCЙՠm7=B93La[bBf'*5љ614 и((qY"&4pqrJO>DZHSBiKQJNAwT"Dm--;4+eq' aVzSB#l1 ;EXfLE\,vT\ֺ HVMͤRU&j1S@4H_V>Yca,a\i<\Qz,qdJ,xq4axy"ˤH`s U!][Cqq҆M_JZӧI3?2 4JɺJY:%UFP2bYTm,X+ǎ2}~e>y5imY)dtS͒*Ǝh^4hLJ9P= i KGϯzfS}yiRLTDI)lj}Rona!`Z")2h6F65ؐ a(! j=L+K ,FA,rYbe],e ,yJ#Ӷws*#W3(Gks-+J]HH=0V m= 5Dž9AƳQЄ5FJ%,Z&~mfBT[=L-veX(-׫HOCU`9N,pշqʥ$,KHXB ybsFpPFQ咁+-F8W̱IP F!:0^LܮGom-6qDh)]OY>eI k)t)B^2vx۫LT㧠Y_G$TZ2q-"F .Fur="%U+/YWЛq@h1hyb(b*pE0LIGFam4t:A魤+R87h|e_JQBR8JYy926gV)IMLoi5P=wsRwe|1f Xlr ƒbRj>vBnE:,攧i=fdD$yLb/}x of´Y5.Vi_4~Sl-ThT@,( Is[UQMY_l+Mc@ٴF~~_&fͿD8IVJ rz\gS"YYaOZʀ`X3(0bFX>VR 2b-SEA'&X;=tT~{6zGL 1,D*dx6A&rj01 A1WMUP̹xXzpV a'Ty`L, igc(yioUL #dHrq0wiONrs"&E=5d5kY\N<\ C{v毒}(6r\̧]:*Z.w2%⁰tj$(H`$GgvwUtUDf3&Zg *&k3 b&.Qu!M;U@eYK?jR\+;%y79sڒTPYDfWp>;C(Q3l\9S/)?/T\c0AGlVbXdYEJE3>Vd)Ly69!ѣD6@p-2P |C3MYuE jNb\7|.UJG !xj"G4M$3GU>hVNb˹#f>'`6Ff <+`ǻ}&jP$ӇБF#\0IJ'ء:)2*D&`¾TҮ+ <Ca,mԹ O կm/qPWwCiAozJFJ#mfZmefRTV%htJ\a[]Ml$Ϙ2uY<\ihN:i luTcC+P\sTPC z&GDXcKрΗTms4t谊ZX]aQɝ!8ET+u{::*]%7UqXJ" p[\W k3l XO2f[pEB17mVA@eJwu (.CC &ꍠ y"R-=Q PvJ.b79ȲXΘJ]ZhDE?8D$b\ ŢQ=M6]G#d%p rJj̛6NUysqcj[u%R\ϯ£N>VH.zı'J ܤ:΂ =AڈV# :2Ng W_ dcSQeT~n=Qq/+& lŀi zSzUc\ N1iOB7V&MNkE)|ak3)!߳<**"^1vhD!22JQqVXͷ_a]p%זF^62SxM1@T< F`d{ x) &$JδRw /"RGg:Խ| kI]P јQEp Xv0V7y(EKJ!TxsDsw* bf՜*nK-tzR>@+e!"9@Ѣ(y崐ĀGR{` )TD,T%$H58H#YS53J2ƝwM?#Z1ު6 1څB+'1,e g[2.@C&f ]\1_.~|dj7SN'I+@ @LXL0(NU`U!uZ̩%2$DbLpIGZ$i R`H`nEev# r *l| hT CNr@tB ] $3${gEqvg5 q yV~PMYeImF!R[ CY5EXŹnmW-njTj6 uS@Ĉ <ذ0Ęx+DVDP 'mRPfDAJ^yž`!0cLx7 "J2D w9X杞f)=ˬX1nCt.[NK{?{n>:;neeDkwX|yEW( V}Z+ͷne2m"9?m>riLs3$BfǨ:S1?*(2?3ɠIp$؛MOC(5VA(6[Jێ;c%ZPt 5U*lcB {yJ^u!`n-@ɖW-Drnab1-m,U1 ),KwOGtNDCCm կ2i_ᾇݽzcd"/?-{W`AX2%2ni:|.rw<oNwḺ5yg ) =m!YLw;u[*f{ٶ'7yUu^z֛v_iu /#|?*FWv; ә--d7]ݖ{ȉ>- cu]Cae7[}}$CyNʒ'7;/"f\Ou,v^'sIի7_Gmg[>es1\;ͱWGkTO쉹; =Gn@ WAawz}V&ǧay~)J xt0z0 /p'Ԉܟ ~BV33iQۦ HfFmDhk&urսkV-rŷvKU(oݪ@Ik[AQUxhۦA%a Ȁo]7wpBLdY`cD̺Ed +d܇fHr Sś.Mj(: a7eJb2-Eq*c.G?TX 8'Qb[{NZ_[Z__]}n]yﲦZ>w'QAa!Ҳy_Rz|8w0zg˫o}Ft*o};zr+[Q}Vվ\L|>/pܗvD`*u&_Ԗ+K7Ks-aEws ~trn:U}C%օht;MwakFށ'sO%15O~_$}Mg'f;N_AwvwŜnJQTHpc)cq1R<UG5LD^*d6f/9M4(aR#DA`U^޽<캀b4p麖cyp󠆿Bn0{2m lmjWet9Qcoo/{DTTB`(T$F"C&(bRQ!{:lBd2QF&-a,V*611PAMѵj1hB6$EbeDchK%2(Rkdh,-1rB J#Kh(ض1X#bhA$EF4kIPQA`,+&5i1dXŢ)T"l QHhE"BتLE%QLMMB`Z(I%G8A"d`H̊0hDF$0 Е}_Iϳ/w_{x`%p76qϣ};Ѵh4j1II QF F̣%F(AOCYَ%zۓl47 X /K.1L)$co+\Ѥ;9`ddDɈ`Đh"3Q62͌PcQ 1$X6Mb#wucF$F HRFF1dʊ261RRQARQX٘_yc!F(J5z(E3E$Q {H?rG˒x;غ_Op+}KY~NWlc@qw#4!YW쫢xѝߢX/rc`q_ϳOk}+a201~XOj@PHiJ\ T)1CLLiF(mLڃh3cb.rشcPF,Z-љZ)у4Fd8L8kwbEhEcm@y}{,gTn^烮(lj>s+W^/HZ *1+CE7hauziWxA"]kk~K( EVیAE<+ ?o!l5Z%44 +ܴlD02dd˷ (c6(bachbMk P'wJ5#mr( fDW7't[÷"77#f4D,Z4^.;o dQ(X( ) %A0*&XQʼkƍwUim-n%E" X"rыӚ#wv?}mdz]&Ѡ6(4FRl{.^.cSmrMxܴIFQW'Inw\I7ut6f QYW.(CMVIR Ji 5(,8kfAc TX7+1rшۦ%`kDEƒ!(MRQt"Bzt6-$R/ UIh[m XAf kK]3QLq̑zPEeỺɰhܮm]ݨ6n[`wZJDmwi" mGsyb/P&;9f((T*i)h,/JYupS#y٪>A-c~.X`A1A`#,t7~ދ}GmrRa@$/?vUܥ?t_[h񟕣s4̮TTD0' ax;Y+zܿ rh Kr(tHج2HF F,a0kڍ`\lknmbkG3*bMe&Q"h) e4͡2a/YMK,Qaܤԛڷ5^Ɉ2r)(]hQxjH@xI`#I"o.U,P|ְ$X!3)m mUF LB BQ*%1*uO]&ܮn(w] 9D`ԹhimoP5WFOUZ2yew]gOû`,gfz})jgе* ؅_dyyOzwl^ kF!cJ:װRE< S $#"GȺaKڊ[J̝uYSq] nӦYUWN[wf_J;EX95:S݉4_fC];fQ_ p.\YѡB<˼q!+o7P1".hy:dvq*5ݣZu=KtMڍσy4grn1L_Z^f[ȿsSٳ"u0ʫK 0]4 * #qa/&P9(% &ѺUY ];@Kv+ٗ&TU;*;YS@hedkيԝ<}m  ~4oPHG@/D.%9- 0N .[#ɨjh|wܒ7eadM#quuZ6"r6*+!hڙŮN6T\ +e.j}+6"'*4-d͎X}n j@ O&Fw[δr5|5ϐo Frl2EX{Qj8=,ͬmW "t|Ldd1M/)7Ÿ+:~^ 5х )zRdi# tHh-#- 3G_4USe4h FPDHDg ,2HgYfZFZ Y,HES$'k+i1eyZd{W793AvNliw vm{]ݺݜ7%Dq"yaS/W$;fȯjN  !Rl\h<tp]X:'^2ȯ//G;׫k #Ǧ-FhEu7)" M9'O3)MD_LCu%N?#xk ƩSϤtvr%fHw>,цr) ##^d &A C/$:U [a 7l(<"EVXh])dQ {VCȅd;4DH0Nvܔh`%痄8b;D\+9 ]$۝ tf1[r>8epBgu^&j? ŽxߘYWœ(U`Ӷ[ha휺kO.m-޴MԥeZ\%9?gR`U9)61Yd/zlk.,T7 IV&B;] L{Qd`xed1uN)փXp6Hf'u'{-^צC2R֫k/we(Sl{Ůx=NIDr.VaW]vRi$)[IN|LSMQ2[Xdž\5_ 軒`P sܦ6羚VRT7ar"`+pZRAC[bJq,ZOE*3]˪쌝S؝yV%^!C2S-Z'EY>ެ5C&lf5%Wj}ȨSŶih^a!S͊R{lLWvb tndIU_}^' [WJ.b?_' 96ŕkntJN952cq1j>ѫS~ӯyxYFVm,ٷ3x1"" eB*,E-k% cwhg7nqw !2J _y z#']{-2/gGyU~~_~d<}d9{Wzב$+.|Kj -""8ܔY"4(ޓ$!%uk%4Ž+뮁 ']\20ֻltV[Zbɬ 8^l:+Ym0{TGKZ mEk 1CYGB^Du{j8d&@)(҃$`2[/$ےfbt;`̈kRHf-OV(3-dUUQY,W4TF3emuRn'Mq\J*8ƒ#YRRʲ&a sӲvr[`abu\w>s)NB:ʫ17mINW0\Lmر4y%"[ߖ[opj/w6^]U5f%V1խ>V%R6;#yfa%T7#ehvwk-Ne,!1I<;%8 Nt6-c,: el1Ԙ 7Ye{T~[q͒ZI!a[5;{n£"&r+m?Gq IWr׍"5oT6n}u*'srǐzSytk|QǍFi~gw1mLoyimҚ&{8_4l0w>TUUҵser_\FiЎme:oa[sUljJ'θ4ӊ`+ĕ}+x9nhͭ8jqu"AZ2myղY)LuIxc<𬊛7ctcUpÜ#sr\"[[NR<'MݪR9Bx[803)֥')+ (?ɒ5Syӊ:YAKl:xgA=.BӺj'BآY52ū!#^r~]ȝp3K*]vKX/]Qg`J|mR m\ٗW [ny\٬G Wvl;!uWU),m-ulc7Z׌w5Q.^^Z\?k1̥ƙk%7..+]R|M{km۪UQ'іגx}a;AA"0*3I,ӲK-0bK.]vV<nO:ZͼO.< {wUS\wez۝le¬F);*m{=zvMJOe?qX۾*zi/UC5 D8,31ZPF V'd2I @c1t{Ȁ} mЌmyؽ0HBC@hh5UUxS =tǑ  fY[b, ^.@~-:RT%`"ha2xFX_sRbxkȳ'3iQ+ʜfM-+Cw%A{.Rr}VwQ^xb9Xƽӳt$zIhգ 'Nj$o!;YmERƊX_:1ؗl%c-8cusZ[S/V7-ŗ-@ՔHFa smU^GYq+ޢV8bFJ}ɨrY?<7$/¢s tg-^*\M+jfvmGyڛ|oUM&x+2B(!H+ ;Ϝ*dV3ZziR=7- ~5ՁW %.,H 5E3 !-gFhK 綌Fw;ZTַYtw xi Ҽիd/aR{”ѐ)}w I*Jv諣!/ 7aэFiUֱݫ^*Q7VMAD$H\1>sHQfoS^[gugK B4S*(5g.j]!i5LXԔāřk^@MBWLۍb!AȀ$ P 7FB9c7/5nhsRFhK@@MrZ6|mҼކ~ힼh<pWU=4&7aZb!;StI?8drgj[L[0{],/"n`$0sj=.4Z&Lme(+L M%G҈Ҋ`_$DD 5ej,] $=lf6:B 6灈oeNcw+|l㐳p~߸Q})p󸿛k ,@d**]uY-g f- 5hS]krk˜W%v:\NAEUWuT4E`h0+P4n.0ZqܷR)~֑I;+-n(XEV$.RR2po"@6P"a]'=)G=ADH/} CDV7kuܔrmu)v3c4͍\r4jN:muԝ^/9m<\.XYꡂW Ejb\0{+V4૥˷s@HfyIWR9pX+N0-,Fyh[W8i}XBn:P;^AܸMqrf[+ynM$3~%8ff)Bfd9]nWNeǢۛvxc$nWqp/{tϹKOEt[oZOWKWc c[p~([*ު9Kv[c:kjI? }}ܜ;zgpzsj2$W3qRx~Ψ+MOͱkwaa)ӄ59P%獭򝟒9vXfXUrиg&i]4.!}Ii FW#sɵ F6g,,Is@k0Nvq}(:pqt0*\lwj c -bԱ,@o4n z Zhh ^+WXJ""P@*`P:`$=߳`}Zbfcc .mրC5UXa*eoܜAm^4ܬt0O&˵YȐXPULHT\!hݍ;<\DF(T9"W:WJi՝`]7V{Ε=;ב6W}竻.h Lw0kKŤDS%$hё<7 !1: sf8;RMZ*UمH\6$AGl]'e@d & o!CK }|xK/#VxM`^LR |tMKp`LHcWrLE~Lj].U2__^8P~MQSwWn5b7 "G#(NӚdTeg=ƙUHFR٩ y^bC+Y)m垤l6bJ` ^jNDZmpf+fG SZ#a5/-kvx66U23̣89Xm'2 KLlTsv%ՐG-pH/i X &+4i-êb+^L)K&W _ӆSk9/rcZW# *C*B;<2H}`S$T~æOѬyCg@$2YŚqG*vqdyMye(Cuq!7hޔ؂7tG²#s* ,LndSq@׃kWϜ!Ao1|W5cڳ#nq 1בbMU/^GO[ЋvȜ]:aͭ {S,wfc*KTrwkv]~\/a\SSDzW¶\/+M筚फ़_+;; W[3Eo)V̟.%TP.}Ly1|S?Qq `&]~Aލi_ѳ%KAwxi* bdf!.?yL|Ɓ#Ly?5!oٯ~&.$WYlHD ;k]B( 4Xۘ=.inxӑFvivr]vg4uM-2Z[FsSlTѮZ3vOPAsU\Y'$厽]k|Yb_.?Z`Uѕc*MC*MvZm)Ed1ِjYj C*/|-6/͗"B%|LX Gخepb0{%Z#4a2 hV@Kl2\f5Q oZ! s)Q F N5ଭjUVQQ-RmbZ̅ΡsqwnKZ"(2Ubϑz7zτx5;5-@ZyW_vԟueP13XIe9b2kMYgVy!myp@w)Mcz\YuŴ@v5jUM>/OV ǩɴf:ig>Ha_f锢Q6PZmJ,jP k[.Do.tnbk79݈GW]HY\Ze UV"(ֲn~ԟdIJQ=pwY Cc!#9tq˅pݹuqn*(TkV#c*>T6;M}:p~^q`q =,TJKXI3F|ݐވ362,99mV#WBqX6%h2ੀ ,|tQd[b+ L@敎QgۯOCt9}Z٤Y=_~ȶ`ՍTZFحREYdbEIиí;_8<ʮӲ6ܓُ=v9у?3CFZrQ&L?D6&idvdLiLh V ˜%V*Rh235W/颼EX!._/-~o3O2 j Z1*,dz'*C0[:wy7ŞbEӂBuǧ(a ?O_'3 N`Y)R˗wFYwc[E)Hnca* c_~/w#{?q'O;wAhaG۴)S9W2щJ1ˮ{9j8SMq6~.Cbjo: h_^VŅ%MBr[Z)z;fj]U؈vs8 Zz ʟ?a/_U|W[o=h`1cAA˹ܐ0FIιI†˦ctD˻uw?Y'KVgof8\9~oww~ ނM>Xz~:Ӛԅ5Ϊ?t==x8^$W[sV.6|Q>P{K<ޚ?.3\d~M3u4>n[D|lh("C A1q^Y+cH!B"3_nawWpvyY'VgDo~CB@yC"j_>4)|=i=cᅨ/PVVD)J?0)hܵ2!I``XM5ӍU-1_yH"M*8Qb.e-Ked\xY|V=4zwq[Tu2?pxl`yYKހͮ^=(R_oJQT}g:Blh|!R4cPPd/TenL4#=ythq30oCv X]%MN_JDs8@ =-jp"Qbwmjn 3f 6֭yZRh`I7.68U@ Su&6˺]V^" )TȦ{&8Tjٓ- Q8:.U* *4Ji-LLE%d`\1LEaq+Z[V Ze34OϊDD:rmfm#l/: VE/s?k>Wd~GPgaID/_>[>;0<,'WL(EᱲͫQL xw! E=V+&vI 8x8q}4tɝZtv_ b4VCakq﫛eUguuM>kwuܡs9`d>\O=9nQDHpI#ڙ̥fS}u!4ÉHcm/ZIpSh 1|1qPP)}N|˯b/=+9WԱ/(삪uo&-/9@nögK®OCu H  ɈIQ^_ng:pU\n>I 7C 7'@H*e>Mp8ˆf[,?7)<rrOD [8^>x>W$LMjgۅV LEY=¦6ԫ QUl^^vh몽~aLRDLE7_~g}VNrylGDrUv!DPS]/Kkv"m\VXe2U]Zg]Qf5^\3`sϹuZjfΪnTkԒg޳upkEݡCd>_1lX;htw0$,ݶiBNV(sTEvV ϸ4t|F, (b-#AFI~id@B@@@f/Z&Pn/bI5Wz{b|L6Pyt<}u]?E*"`dsF?xPahc[e(R2BdnH` nsPY P(e,)9tw66: g(M I\]H/(r;g]CH!_q}D9z`0@ILiRVFyWeOuj(bJL"N]ݥ˹9]l\iHB&hlIik@*͆!RCŲ[)RlK"&2uWwloo]޾Ċ2("(YAE x  i M7}sWבod=#6;nY&%\N䆖)H^ȱ-}.ՐScc ‡y4=a@I0k.X.M Qo"HR 3@:bx*xaq!tEQpҕb"$HVOIg'רV5;XaҲcyb5QÖ MݫBR2Lq"(&')H]sZΘ{.\YODWC*M/ʋ}rF$"! hRWoXh QmNL 㫗ԵĒ8ZTxbfSg a5M2F s$WQ{ڪ$2jV%6eԾ.7')W+uM- rvQ7zQz%vZǞqhpl w]0,DQ](]6b3,9CK=g~^o9/U/AVٜj|URdD0c=IKWǻ-e@)=Q/+77k⤉Kh 0-de t%FmE 2"ۣ!3kX) mB1lvJ+Ubu}f3g}p-n1"9ҥOt<ͼ;q;B3ÚbLcW W/L4PJA%'B(o5^w !L+xokhxcE',ܜ pOVCLi-Lj飫Dcō/;ΟO|O~|A6Cq eO/oy'? t@rI:һ.{hz|iX!ij-eNr.I'#3R|_Z[Jk.2-E11pKc-)uYH#odjqI w K1d.(f7F_m 1ibsj ^77Owo|Ö= U%sw{ٜ{YSO:NwY9M$ScP4-KmC|Q͍u=9ӫ&67(1˭r)&ͧ+W<*-2fuBt̩Vhs}׿ lV׸ѭ._7hi>\iOjTPP5vvѿ2kF6,nrl$4(qBtgmot}6Y+- Y /J6SJsFo{^8,h= (ij!l+}kf[gZ"}|skmk-YQJ4B-{edeTmeHYeZ֌s|y0<4DV[jԢ[}KUI6qf@82yI!4RCwО[۷) q..wv4 }XаЩSѬO>Wuc&Z*X+%fZƃ6Ga0:g{ϻm|L0(&I( B8a8S"֨!B_@||e㎇mQbŃ"nI2GܒNCpD$+=#M@) Do6pl;99!)@0eYw׉w r{)0<0d^2D|*2a[ ZfA՜Ep)K$:g ;!%:F tN喫pZkkfͩdO"yxwms:1@U((< Ңb8S.YTTM)̘7胓DwO1-RO\?zޯ+>(-J"Eg2u,PH; }|4ݒm\OQ$/"#!>v $Tᑷ]yw!hv%n,LAJur{a}sZ"h9r<(B[kG `w3Kw <{7XPĘeiR#EѴ{ nq8k$!V΋-ȄP'\̠MhEf%ӆ,*g|v0u^l+N#3Fv$ @0`׻Am#艹 s)5g~}yzdNzbNDJ6X)nA9o-PMhgoag೾D{YDl%53 ,m$1+#d S.ej9nYR4%kBEJ.qsɝQﴊ[܀ $&:U :T,fL&D9.OG(yULMՇ3O@Ї 'rV7HBE IZbn_nxs*&hUL@dY/{;($ ̉ TPqm\IUxWn[)0tJ_ VAY-4iUeVk[ 鄸$/6m-|;HfS+v|')̳A\RZV>/$4 v 5r' )_T@*z:;Xtѱ}[ vı%΁DIҸL 04S3 y;&$O(;xx1k*tE܆<ۧι󂽚;0$a1ĒѵM[d]ۥ:+%fz`bl vp{ж @daHQbƭ-ǐ{عF rOxC5eS1;PkƯ3Ny״{ Mk7iTuN{\@w tTrMAF Qm%ۭ(iu 'nЪ$sLk,M7BG-p,ldwV:ݾT\K##^@l3*D%Y ¯e[h,{{p*S^۫`o%w*f" =sуk8w욯'9YY!kuBeȡ/LPReRbqG5n3坘f6,y RW',1"fdhV fM0LT󘟬a!8!7$_)]g57@Mū_|mU^O~""bB k@/ȀoBJHD}Q.aݵ\vqi@J@ܥ7i6lWX~7;&OIKra@cբB%/\GBD2Nw` ]R[xc l: QFPV%3x+11}ERB7=5g $bAFhcc&%s`0.b.m ǣZo]|+_k6-նcklim5 /p fQ$lo?$_I8'2;{߅7>:bBI$v7 b^n7 $ d%<׼ (*QDNIF{Y靧"~iVIrT63nP0;A9m-JXOI?kW)E@!?i E ;& ,%K@%t"ty-$/^đu$!-sHI#A$ %K6{ F~*լ˘GjUe&?P :sv-; cn8n==0NM׿(L.PژrϘh]te:gL\)t>rMwvSkh{]ВQ޺FKޜr>npcF[,l컔{c͔v9m Gl>W&LW mKK1YӦ ׅYR^8^=g߶nfڋ?[ڳHߴ ?$ <[zoFM>OIwv_O }~֗/j^XCS~Wz5޴UouX켫/H]q 1pJ∝y[Lf8 (U%hc{;PJ$sp69*'ҧܝ߂; i_)-v:0K(9:vrId}AI9)w2:"sVW}+p^cͽ.emҽp,Y>iX^hm ˡܝ=2ֶL;hu[$elsK[ nM+X[ Z!cZV>c5JIs 7>lT8|;mV4u;\2tY۴v|ͨWln'7t[ >Aۮ7J5;MWg򽞽=t@C(NUѝFNsůZ\K b6Y8w`aorT|mv#≮0xXj cMzePә\YfSc)mQ>իbejo[ZS1'jk}Q]r4ՒEMs¹RO7=ŠnrudKEުhڿBI^#@f*Oڻ-;':uDubn~16]i:;kr4kf- ߺY&&"Ήg3adRڭ , y MF|&n7Θ7NWeeQyak~EG]U'RY6{#]8#B7㔳)&AK@.0JN̩喰鰽Uƶy& YK-7eB@@@GΫ[vl8toDm::=b^/q z6 LBh+I wRPJ')֞/zuO6VwlW˵1< R,+MKb*Kpnef o^˱k"YF`  3Ci*La'\]*ݓ}:];A,夡sXO.S8WpB f۝Y,b;k¹K;lxmӋztvÖ*v7}k꠭8vO졸m{æjIdYwziuI=l^1gmP1*7Y\O K+U1,ʖl8e lI>\3ju{ tb#;r9vi6hޕBJ^qल=)kH@ &:g[ۻ92gH]x&.dN/*5]Y7clF~:qsǸ{]ӢZQb7})ш;v* x;ۍIҋenWH>ܗВ"E]YE/!@B-,,fXr]h̓jַr]P Jr%|\tN 5t !7a<)We7idG&tS\zUIyt9UW9DP\ ;u7s5t^`\sK@Bt'r+xu&/\t]Mﳋl{2 LN^4)`pEONIԁw<NfU +n+:ƭj-δ{Y2<.XܐVTUV Q53zyю)yZ9/ieRJss̩cV1EEWN Y+PLtUDN ] ZL2Lփ uqjCAhB&579􊗛z8ʰD†Kh v:'8kTtHJ.[ AٶR#"S*' AEP^CGvYDâ`j-שsFSr8BMZ.8+ 3-fY()*F3w][YTFs6SA&iNTTՌTX.&ELYw]c5^-dQv;N;r-U ;9Gek3Uo!!a!@!@]hAG;<K*;qnnipMK4by崃]5&S5(MNԜbP~.j˽B$RvD/bK0" \l)oazm_+<[J^1uV.D#%BrBiFkRi eQI_b@e -LM%1bVЁW $E HAbPtH1CU4 bE>$!mλo#]JHA)D.F;CY4%zN%B~lt+m}\vx^zsīxo8LL7ǵWUկ [F1ڨE+mNW[i+(EYVBYS$TM<[L XcXdŶXGQ^Ax=:ק~UkqpXn]Fedh :zmuʛˮuJ˯MeuV*i9{3, %in2L̄"\dMZluhLWmuK\v$vؗV*8tgnc |[eJ3}meK 0}f85'l RgɻQ)TN+,mbEYsYa$4.v.4UƮ! yM=smkΕ ƽs5nvJ)qmV>:(YO91 _r81w%'NkQpB$$AwM| CȩPEP# 94"DD@G!\$~mܜz +Q.l*.VS9׽vG޽cv6q;դ u]m%oNӝmѳ:IY~%ыCRuq̸L&=\O  '-v}&ovnÑ`Pxa7̨H+ŶYm֪7ȧSx}V@2n-abh{f) +g}GlJ-tBz`BV\Tػ˝<qÍW7p[6ɻ:t͝t}4M2vYM9#ӿan&5W,m­u,ft8*㎵as,(D SjU9 ߳ެt٪vOYJ4N/5ZfBKeT;p3 XH@BaӮ~=1$ӖGvwS iڲŊb03X]gX73|*2gvwk9CɌvҤWݔjdQtcwJ񠺢:,z*e՚wdʓ QMmi^5auy a)ة[2U:amh7Dhe0!ceg݀@G8M/ݥՅ^\2rı%yIAY&.DZdߴUeN_f8iղz9IʉIok݊')k[TiifW2 (&B-`[қv;v-듊wZr+'%U&p|Sm)Y⽳ceǢB4iR )O ,Sʖ%,:VBSa3g7$ QrN ]fZ7<4vB Ua}į\SVZkp6SWU9pjmĕG{5kc +B!-nX[סaVn犫}wP e}keFe.md 7;F@LP-ajŕ͵.d)tb/䪊/Kmw9 G4x3.z?_}-uO>oo"[5$IvBCbCi b:wCEk|_>㥺~/49PcXH5*c<Ϊ@۞g!jݱ)ԭHABq"qc \" VH@<Ƞ$!ɠRkqHHnqi{Y=RB}́qL~I۰UNF~{ps7_pxvP浘;&ABwK8!I׵rin o7#' &K_M5 > rp@uvxF~۪\dl:[|ޞ@h]\֛땊(&,@/Iמ:75Tps-7vU.I\usl=5¸TS2E BZwVCS44%j,G|zu{ )ZnnDgM*{ pvC~Z4LxNu˿eج v+P6U3+զM#Q027ߡrP@A@ R+0XUI dY q!"\Zjs"  QSʁiXԆ2Al24\)E\DDG]g酦"9_= &tkgveBW.Joڈrbwym n >uK lܻ(6MiV9NsRM5vMhC* ,(Xe縖f ûB˼)Y)0B@41$=kbhmmmUZ2I ?ͤpKiTAIBXI)s sr\ڨNp֌B@@ a 0e@HH,m =fHm[W-Uj6bŹZ5EmkkQj5m5ZmTlmZ-kkb梢JȲeleaIE$d |UޖUlEY$)VԄ5j0#T*d g(IfI.4 1Z3~Ų`ɠ5"4krB9I$6Z@B`#cf .H65Iv v&]c @:ksK!_+o5[?]|$ƈG,f3Bh3$~#I ^%4@l ]o]6q/X tL^GBG:,qdy$%G #_vGb? $  =l!i#Oi&;%hE%kx~$停w|w j8 K򘖋 IcAh0i ΁.u_~9-! `5Hm-,^ĒFgW I/oL;[;,-$%=$#dp048tI{ʐX,v-?3vHa ]=m;^n5u փh!" O n9 j$@y|Ћ"| ^OT|/YV5C'@{ֻ}㊄%PBE;ɫE-ȧܛA9jtgo>3^ /_ϲ;Ѐe [mVpB^E88Z4+Ј177gBzX1]HH!5/٣c91c~MCl+MrGP* Qog+ѷYz^k`%hű:o#hPALjdJ O63kg"b-Z}jҮƱp|]cboV$,e؀jSuW*s7[nXj٥vp8eJtoy(}eטӋV?O)/^j?' g,! zkq5(E_͢3 ;)[[z ױ9gwrUZsQrVM={3MR[bP|\DZ)*MXԧGaQR17L:D`-_jK1^dS.2>]Uy_U=)cꓟ2{#$ˡƒeD- Ǖmg+RZsp"{ .|;- 6X𶪬vD=l@9E\V?&&|z&b,/SɄcZSEX3Z۾N* uLw,)f'ot`܄.=:y}Tٛ{SlXۺ{tu%qǻƀ)]@Y ؐge&UwFNv],Ljr@)CK~MW]ɾJ~|愕Y!C ~NUސ!$r! E1q'?K~t]zƮ^xvJgK}:d)vN<.| HVFۭXi/۞uɇޏ-}\ٕ:5orW8btwRC7brzEaZmNï U(@@GSnZ9tUaU},@|+'w_vҾv7/w/`ݻ՗S7YH\WA@B宬 *L 2`gh¯*׵)uۼnN*eqYb;h[:Q1d3!Ӡܔ[,ⷀ,k2>M@;K@ V$0;*+l$\,}"ԥVJtYpI*rkU}nu>\vޡK!__+)R@5{ޖ6.s>DU|=~6/pn>YzWZVfLL :ߌ6辰Ҕ*MUIdaW^;u,numv%m#= UmUz~r,q !@= Fb^H5tbZZuܞܱwqSZ}٘*[ugc4u}]S9=smޣmk>S̊'5-^c}1ǵITZ ,GQE3br9ɺڣQiYw۱:6&FU7F'HsʄݚkX)-~&-m,WP7Rȵ6\cXU]p12~2龕NVf7k*:bX4\edYnjʻPڣFtd5(2!"30@g1 `f}P"(%ěY6u6]t+.4!m 6xC Ȍ38TꕃƧO|TjbڻvGHM ֔ZU]xu{o* n BHclls]k{oY%!HClCqquQ=.Džvu@tVʜn(St FW63(\2}\|,T DT}s޲eىyPf=f e!ԣr4S:nC#8XE^߂}BMclSv?W;Gf$df/^/= "4P4hΗ#-0Ѡc8zjªٕDi,R}Jaw\݊U cҠiDᾒm4|8u9Ԭ[: s^, K[HZT =]\> U.]|[%CRmm¼R' *. Ybn(du.nNSƟlNyf;ִ}WwzO+ɮ9:C[h,2+%i:XWf ӽulpi!$ų5a͒T4"q☺XN%'N&/iUMUd uڴ@t~QrXI;aڅ]vֆ]RjbҌ57o3u }UROZveN䕺ϴ -V[; kxEk{ijO) H_2UXY PQ 8!/w\#m5Ot+[yOMk"į4dC/g RE46|we#+_UW]c|-:dEDM;w[n]_vyU:D='d=źݍqh]ZAZan4E׻f*I݁KMvv8حm6 wn=]mnG (;e 쑉j""^Ю9xwsWv;4={Eaw*B z& @,Kj۽]IozH,~-UK..5LIc3(܃.%gهMWBC2ly_}&eٳXm孳0$O ;l̼!bBַQ v@Wke|WΓU j*J'cU-*kpbJ}7b O׷^3kX5핪ѵ ( **a87e(Kb,ֽ͒Y'c~s>2{ZnJ5`Ưq˪a pQdIi j"VFlh-m\+P,hTY^վU$OPy]mT.8ِ=TԗhomcSC飫ݗEtym瘹zN&B6*=YHSĩ+tpSתy=Wvۜ$ӅΛo3b ]p% #TGBZ9lcAGSSy-LEUn& hwd+z: cnyJG0odY},7k]^J*`jE%azEoR6蒴hPHЃ3Y38V$YZ7elRI(^rܽ:>Sk#9ctvXY$V䵋AS1b\̯;(5d&Ċʧ%NQ$lq;tcly ejfVLT]%,[EƙixME cIF+76ctHV2l {ŧ^;Sj9$ȲmuWfNa W7>5Ƚwva۠73>S˸5WKozzxTccԨl$]Nkq2+XmE{,hy3yfh[5xT=fXǞkCERٻ -k˃Lr%A\l3lcn%8/J~EӭF&{@[~Ԍ!w`٥(-}z1V2>Č " XZ d4!T4*m]ȋto#F@ٖM{j]zJ }S/CLd3{a \n-w>HJH']aei 2TԞ07t(@\sWYQ^Tѓ+j]Gq{vҜqTqQ"N+ou1jCI$m.RÒhQ,(mXU6PQى^gY0ʟCDI+رtь:hck;:+m4t%i-Z#bCZTJSXztۈ!CjfYt҃LsҦ6Ыx ı0*(vR2.U/bae!,We^pw$f +q o2M{ˍti-w8@ͤd#,g:*BbK¢JΓ6S3 ^T Ma/q9a4^#);A/5 Z~ !qI(d5&#BCtǻS.]}e`yI>.f$_k62n Ƶ=3p@;ib6ӆpv]]D-2V.ޡ|Vc,]\:-s6ٞhB[{k# vv[t -OmIMbVU ^ॵx]?EEsJrǹvaU2AwջVu%o3䪋zdžsf=cm.KN{uVԥbmVlU]scU:Ol{. \ REt8*m46ηU+¶_Z8K&:v&֥' VAQbj2-(Z 9*] vfXTHDHA J$!$!JPcdueA3!-i 8ʻLTJD 4QXU:b.J]߰K#Ye$V)\  Ti$   6&r9WWe؉i fe]g¹eJ&G-3Bui.[Sc k*Nȇ SL UG/ j<4RCu$P2\NŽXH=uCLz ԁ(S0% y<Ynu dЍ]`@h,'`"0VJH- 2I$Z2.9sC6?5$Y+[ǞvIBێrɫ~71'HJU5j]PqI]+iuV<[\7 U?) *>C脞΍:ׂn%G+cʩ%ҘԲ^{!1~{ d[b֯1 rYc՞" I4E,\;:+2M(B2E-Wu3]ϰ)妇 )T\Qow}ljpE[/^ D$))d2 )ڛ DP"^)ZD'ް^uA>Z6dLn C4Wl K5bΒHJMKj5eksM9NwԸ*^UT Ag2HjU\Ƴd5h"^ev{0<'^Wk2s8)ݘ/DA1Va^vi`崽ּoNߟzw]Gzv@@3y_BͫUVZ jcVWm`I$`H@>@C0ZֶڭU^m$KI II#Bf$*WRy{RVjruj=ʪ 4BHiH< BJ $1]H>3I$f1$}6H>k?A C`! UBHЀ'I Ā~ɐ ;$ilI$lai!ilawC?ai$ˣNHB;vْ`2I+~H=#{x^ {@4e^A@/J(.a#@*y5UWbB9OP`+l+B $-ZϧBHIjV^mo+U~ϱ $ :ִ.B.B,a 昀_f4ʟm{$H Kx]CG;{&8=T ;)!x{BId7vt I/zSzM!I#0tiHHEI/t H>.\0݀{$]o=o%~Kp Aq D|^Ic[!8yJm5>L/s,ciG]HėSѲ]~{oN*+z'?Ai$k'oQomА7j!do{:I uz%{I 콇M$$B֎gY@|hapZW̨Z!#'OАw]n`;{9$ux]4!nxןI՗E=\qV e!EEMNarx҄ 6=v\RU 7z3[.G *VH*&ͭk> _3ٛ\;=_n Sƛŵ;ff2 }k1CࣘƦ{@ 1"Ln}h"sKӿ%E?uVCY#3`HD c20{?؞I"jZ0u >ETD%gM?VDZPRCLo6f1zf#9 glLd&fDI9Los[#\(@ ~^"΃wx,~7VfKN$i:fB1ՉĀҰ(:xqkn+ QսXŦWnJfEuK  $Fѹ۵uąV %d![m cFj^ń`G {ae࿆NǍz?';\Q?S.y]hju]{Xv\ cyj,gI N6# ?nlqy\- ޷ s~h{)/ԗoO~=4 v|1uYoy>C:>E߽qGs͛@U' Oa`!#i/m?Pڙq /DzA{RNMTYqdK֓ $wCWҴ"41 ?GQygojcr0BD>i/ (}~M?N?ʛTloCk,zhZP*[獩Jz_PWjJg~5_:`?vrxXCSAW;_-3\} ֮ʟnԿŌ#&YZ_w4fT5O(h}33{jɃ7 $qX ܟNE}LC tJ> e.$Yt>lcZjE@[6kw/o1l@ֆlHm #1XDBEK R `ʶ" 91b@R !0IH$藮,I*8 )o9d J:eIV[NL t_7'$꜀u`AeaR!F \` $.trT¦ O4[$,r>J4-Ra${64jmX&߮k^ib+g޵4CI-ϴI$7B# ǂ^,n$T$' !-ucçhf1 㴡ő#rv@Y|*0@"y, #hb}D FlyN(JK@QS7\O1a%1LHa |lkVsȤmPDb_!=TÖ?a(jJw) #~[22sH-xc܁$D`)]$u޾x08h C$H 32yd ȾXyLߖjT} N<+{'GG=~Z #blۂbeT% M1%'υ˲vʩ].s]d_fbyH6*RHtv~}j VADs{ i!.ခg%M&39/A3]m ճBLjBdv`wEv5Y XQki͜Ʌ-e TożC !$ a*^F̟EzWuȑ}i1|i߳ YٓY~~gD+lkGD޲\;\y_$t*+Wnu#h-K0 N/Grg'.T\zws nvRb:h ,DFG1P㫢x^Ŧ_џ+1|d?OrJ0ܯdPo>\p Uewh~"? `441z1ޟIrVԫڪx )h0IBM.2tZ zgWXִBm kj Na["PE4HbCNWw&!9B|^f<shުD#FEAE\NzP. hHG&B-D(`nWYCH1FU͗Z1gWmƫm, ]>f;Z23`TSueUǓ(? H/)%'ŷO(CвACAn 66 ns64N[gY&2 X,AarY8m- _h4\D|c[,GWo%jǘe}\_OQ{1 YrT{5PH#^s`?,.Ks'r@!iհ \β( ԴFK(8U,Oƪnd ʴIukr ?T(y9ɢ>^um'lϠV6Daixcµt]Ru%II S.b 78}diB: d_?:u| sZS"hz]X ]K@&Qcs]=֯q׹PiM/$a T+I?#˟/GKGOAC Ѣ-DUNNy} d 0h3^Hx-}V`~Y܊m#y|tѾ~jaHR贤InZQ^vo= (eE:8wS|~&nx`U(!D-۷bCd@24y|l0-n9Yxom!q4V~B Şn9E%EhϬJ,3i"=+"(J ,՟ P Z<Gmװv7(}߿?Z;]tS( z?.> z_/!+?ڬ <[ !NnSYpBǽ,R )SWֵǵo"vb!Uۑ3TBs=4!?_A-5SР6sy jT͡Irđ%~ 3[?1 '^$B;UuR[yLljce:!äpgF+jS['تw[PcMu=WaJgT|++ rؔTUl%pg&e2)$!c"zǛ-$Jҩ?zkh7ZcJ޻y2V*aeBavkzk=™ 8F)H2IFBBϏoFLDC_fGJG[eL-ڽVgEܬi9B\;R-;4ݧڲ/)>g)3<7Yo{%rγsI7@_j㧖"zzU556N~^NݧFuBe\ߧ&d?w$ثc-EhdJ$gI;e M77 BWrgy&F'ݝ[{[OlUx|$,a%@'@ITg;6/zz?$,f1V.B'!QfYR蹰hӥLSd)Q!0`ʆxH R }b](vXZ9v͌NaIEZQ֖~۞𥫪!X| ȭzt̑ا{ hrUZV1H.{zlK#jȔNXf(e"/sE iכŏ6:k57LwR@g#aT̬oa;нfs. j/dT&Oa!V*Nk|bYCY"hNJVR. 1J'j{yuh97Q bHav1ȁ3J"Җ$b ,4<}vgg\gU1ug33YT`.Ki}1[X>W*uf޴%vUʢ"ii#nH _Gm;kng @ XNVu~C{9wO4Y;')%IQj8J?2{/ (AealjM޿ uX9fD\nlؽWI7|&cV?kD}Tn}\~kL9^V`7όƩ96azL~uҵ:_mzMמ]E.˝WofG؈`&b_f0LI$3dCa)}8d 0I iŊOi&y!; vMxX?|{>EYcF3ھLEzqPEɏV5K[oT*{vԏ@Ùdt PKd3һ/FkݿJ Z\/SdH[ V(iTac+RiWe-8"Ҕr(<:+h ^(x{L7&DTAҨX88umyc6Gi8db6.A'xw_8Cec'u;;>wP=NXN_1 Yޒ^51"YYi6X<}ezo&%̿13EW9íx;:"I1$ed%/ެ@|}F(ZkJ 3$!$nqƂ-Exm]IUA"-APJdv x]c£WCw|ͷzfrфEIwL 4J[&yZQl܄cd Lq#(]TO9Fh$qbIeZ*V-mUŪl+_p9ԣ[]?ɒ1\=H.usbD<@9$ \$:_F6AqV:q}KS֕M%]?s[o0I8ꌔ3ܪJ9\j@Dulhh @aKF 6 էr d7fJ[\mt][wqS_K ISzX:>5Gu:qRo;ZS9T_R"Dͮ7sHPk`Xf hhH62ݾȝ2yebI7"kA̭է+׭%ꮃk .83lJd"t=]M5\ڦ[5mYrȫ'kiw2\!r2)8^Ƀf',=6$ۨyvc΂vb{W4 m=/1< 4ZZ|1dQ<NcdIfxH5ubu8#}jN$ĽHYF:g9UJGQո 3M5QERKS,n\ #\3E_ICUqkQM`{^\h7s+IͺZ0/oWߜ ʉ3xVrZ \9 M2zo6ucZb1k` Hƙt> צs yjT4T)tg,;-|3ޯ:~NQ(wUO!*muc[酌Q!:S&3n1jpĮ-rj[\՝3oV4$;c+/UJk6幨XĂ FʞkJb̄ȷr{f'L o3A$)ZlV|yUkq}fՊ:һJέ_RVԠ.u30$U:L}\ ac9 &$nIaFHd8S9TuY"X۷p43nV/L ƩD VL`@4E fe C߉֐+!+&uPmNiSD!VCb>!/쫐O1?FJ?o?0kr3Z)c#5$aۼ/tםCtHO!Q" rBJߓ=+=ʚEԃ{Cl,B6"!~6PX @E2K F$$ӆu$dkOԿDi>u ^7-c&XɵQ\>Ldhгӭ (헙 R j**tU-0LȱGvb(|rdI F@%kDps=>jO"33C|,|!!6M#eјCşC%+=9ܡOQX@P@pEʄ@s/~G'y=(韈39UhBlr8A?ź8q|G•א'A$oۚj!w¼X*DQ e# ] IX,Fu<΅`s[Ή$EY!?H Plzy#?w dݶJ[U6? /\bi6o!!lahqz!cd2":I:Mlٝ\P3DD@FI0( Fƍoʴ֡#YC&Y**n)?Fss?3?k>7oq?y]|"\FM{LEqq=  |Fٽ%ΟЪs"-vnNkZ4ȳS8kNj80mTEa?;č\\cc|^Nyznl6}W˞xq#m}3?"q&.F_YiiK22hTppmM'Sfm3uJFbԎι7F+z3[{6<'gnRw"ce3:HӳJd#cFJds3kno,mբf!ٸk*iUӯM\r!$0#[PQAk+CG 3@('Vk{5V[bW֫?m-V֭jŭm{U^6%TH !@AH@RUcV$kmV))62^+~;ݷȬU6mݭjckصmW#m(>d_ vTM@OI0)rs /}3 {y+Rpd0MvAHՆ/q$]66t( DCw *y6뀭sjI3GN~]4 K[/0N5րr[%$~IOO˼\;m0~{$IA<ƿAK?N~4Gr(TU3Q@ z2tկڋo^kl3g /xO0)-NkYԸZTRuPNLM z!$b44I]K˙1 ]L0j}9{dhئ:a4@jyy0#}RWD#_NsIHRR":r,Уqoڳ#ߴnooJ_T#\n%~2QGڤ=2 Kiˤ>D?UXx\TAbd@d(3QrوV {wZ/?|z.#~#aI3SRqބI6'D^$ɿ..sd|6hSFS7)d!:_U.ʤUCCbjiιQsX[@ꪀ9R0@מug=~E[b hnf{uÈy f;XbF _rci]ᣮXPv=rŖ>$'ջ"شY҇}1DXs 5Y;زHiyI(B(To7><1 :wauftXZhOz9|*3CMTK a9 u "i=Ո>$?T0:z ј0.VT_M"P64rP,~%ש)E^%yT*Ta˚Nd]?!Vrig4Y~?ƒϪv3P7,0&''`s6A"RQ\TdP^zAkt+j-K1H>i[HrwB~+Wu¦+7d%\PЄQ\Ъ(0BH緖f<俭=oBO]Pd2SY=+mՓcPVQRHq6khūګPl/o'n[k|!R7dX;ؽA@2<]3O WL .n]H펬cȄIaX\jyU qm ;LVr0nF]07~BO<)"lgTf1 PMj[߭Qcl@7k\!{=iH,wZnҦ51qx5Ťbl?ِ/ yxNZa\''ZժUڔوQ1͞Ӻ_blI +@ȎlOYlH^75]Q#D Lҽ]ih̉&/)ގ <|;ڜwTH@6iXOӟE3ݎԂId)Nx4MI,U\YS]k!HX^blEDI,Ֆ6;Yr63sH$gM-fiu)G 6cv3.5mv"k[LVϝք:$Af !l I'E lbi1 ՙ= HR@!w@Рh}@uh><i5iMZKckbP`RXBx !ac!DGAXhj=iY6_vxOްv@E$2$`})@6SyY堒ua"Ő8vD yony3 0B)$S 4 {}rL- $@HC %Nuw{v"ڍX,Y#sƈCH ECmN5PLhYThд5BMcpC ѳm 4Pj1 Z-ҕ&!&䠰 ;04)(Ha9@K!%! !0ΣP[3JQRj)F"*$u !o *0a֯0r@1BAd[hڃD]oW{">}5wu,^s!~w%޴>2@:tVu _Hf_8.MX:^6/ONN:Q5a3 娰?Yӛ,̢Сvآ-QI&6׿k5rE !g|wyd05&ia5`3[j5n^&I1 "22X}6謌"#-EdmX I:qC%XBCe3lmVŬXՊٹkL2QJhz&ٵKmkhU2l[lIm4khg@Y Z5FSDFF6`J5kݯn%ZԚlaD$\ɪ-cbڽr]Xշ[e-m@XĄ) ,d{ ݄)~INP"# @!@% ` &^V5jXc T wa'3L=F B pq _٩$911;ܪ;o碛uupCkXߝL{`u_)Y0w =ef}} Y;F7> >}m҉fm6::m,3KfQl V&ئ2ʉE-J5)&3X[*A&؍wvB[Eh(Y4F5\ !XSR+I `Y aJ:!$B, !>O>MXNXqK"#~aX\EU3zY"R`h>gZ0JlA"5htZN,Ua:(ȓĹ~70_ +O١&2 FM1CY?lCh~nhnMoM8Gk}~߯(o` ~2gyq}Lǫc)"3Řp(G)2FFOPy,G楀k%Q~ˍ8QWuiI9}'܏[Zr_sgC߯c1HTwV )D5qdi/ӆk]b=W0QOPmr,4 X0еȘK,nD)$3!2TOwTJ֬W R)jJ[|qz!YX*ǝ]mjel 0?'`P z~W! K*soxl T\O#2gһW9J m^=CpsC!íG@tLYC:xY1EzGHVo0ʢj R};eW R*,E[%1(Fx[uJR]@.BnDo #3[E bPtrd5ld5(C62dI&O-ơdaIbg@@XLJsVdS: ìw+5 ^ǘ|}GhFܠ{}zA( cmndzF0+[`J珮9ysY'68)30d'_t(2Īܒ$iz/Q!x}>kD0†‹үm'߾2~+Sd:5}{.zZ_gYP=k>NEi8h~2**=fj?-7{efP )g&A” ߤytEu6]ŷ4#YDn(WLCXC}zf<1!) `E'F;~yj/AÍGĖ0QNJ6jLm#h&*.-8Hи+9&6d= (`Y=rq6UW@$߰LB1bM/*{Pc{OemFV?ϳgڶ" x@ 1 a>qƳ\f>IKۚa8?ąP"i}/`Goq=|·f^G5 6Gn:zO fc84H6ݘ :+çOq[KAen$ЃF$ BnG}$ +]Tz?BM2 !;$2j;$R}7((-1k+^6sDb(bprB!+!@4N:5Fq;X2P;@ u((MСI%a\4\+?߃Ē&%SYfCRg2rgU1]=/lQ.~(yXWuQXrdRT|ZmyAe:{cIRpeh]?f;QK`߳<9+HiNa#8&CME1noAۥ:6G:XNv=K zGjD0k`.L#lG-[<8 5=Tt\cH4ba``ʐAJ9PKwD'hڧC04y(bW(%VI;X i,ĢJQFDּaQ/āQ B#KZ [LE-vrO` p.ML%vnHs/7h !DwG`d䭛) RNN%$RcYz*s .) ^uӎ^NhGבŲ+rW:bm=c~ m6>1A4V \]E澞_;-1/ zRO~.My$/?O2-IYForw{.~p]LHg:jyӏ'{B6 QP w뽗A]=BaY`ыGmThN5DW=XTSߟ[G^ ?]4E*o0j/ .2, @ ( X`J%6?UFlm{p9 V'E ?HY/}  >l2$I!&,@@$P==dL%$$HII*H@"@INMxQj櫅b{/O/f(C䳔4gM|82pٗA:T_)P+fNɌ T@hR@R "鶙f!ĊH,(5@5X1̸XU(! y''J}]WQ_ 'r{=;gYՏfX@vOؐla<5@QT $$Bŵ6shk|=ZٶV+EZ[oKVZ RH섘2c$A $RiIB6=gz~ aHo^,᭏n g@XWȲt`u'=^=$&aG1[4R}j>?`Mye H6-I6$bI >鄇TI$ } mx֊U֫ۖ?!@OXcAdXB(@rBPX@tgT7,D zqq:&3޶2 *x♅7Ƴg(ˬ9NvMcX@Ȳ$R'5Jԥ>/il>;otuNl®"&qf)䢸EUY91wjz\:ZMBsթTpȢH B $B596hcnZ[rXѶ[Er\sUT'U0;hHBlICi%[[VmkfTA^TS (bZ9I{{@Rr<ϩc()5*%}3z 9<̫Ud7ZNlmmmmXAk-bՊūclkFmcQYj 0mhحi/?[Z {ch[FmF*MXFبbbTUIkai{%Ư.sK\~Dtr{ 6@Cp1epzu_Bwӿ5kTwX^wmM|^ NN  A%TV5lkhkF&Ql[֮kE5[bڍ}VM+hWEjb-jhQmFlm[+j,ljcEQ[hTkDXڤZ_[5F]jضhQV5_#jQmh6 ֋Tj*bm%hlXձi5TZѵƣ[bj-EQdXѶ+lV([FjmEkEbVѵZ9-E֣XQHIVhhclmcXmѵ6ѱm[F֍llU[ETm[@j5cj1lbmEF-dj6TF6DZѴmX6k5mF5Ek&F-j6**UkbZ+EXUE&kEZ,m-chLV-شV-Eb+VF-kFQVTkTZkѭkŬVkPV*hbTb_wVU2ڋ6QxHR__L}X+ Wb CuXA]!m8eTc@s6wT3<1?%]2plXXVw$C41d ~'Ҧ2aފd cs{pAkd;{vLyz!qB~/,@1QTdaᇘ:Y,Dic?sd|][ĆX>0 z}L,Y7Y6u3Θ.X,hq xw, 1XSd"O𶇼+ pa+@$1R‘O{wC> 83'Dc' 8HݚpvɤS3z(()38_<, J}̡_G]]VF1=A5b˙Lm+~[zq,ʦw%2],OwꠏefjJ o<bg yđ`c>$ΊIAiޝ(aH(DEt*C/PڪY5r.\c4lF]bprG[+V+clZ6fUm*lWFѣc&s4R3I ˡ ds(b/y5 X'e(B$FN!$BşK8B ,"Ƀ%aR,Sa,"̘ 2_VH9 `T)S_= [ݯ/]o@>h:"1EDOROSz~<$,]kkkߺmtÒ2ASkkYrr?wLT߯-v0d`U!Mi-bc= \@儊A%IClYEFk26#1,JM)IJ*4\ѶPF Xatt}7ǻI z4nfdlF"Q+vi+=|ـQZ5b6*_T ܨX FTCLA p#fDm z;r44e_Z'9L1p{n" Z'tu<54y'V"\=y$Pz+ (@$^^! MwĄ:,Jb$e1*y=m xs{Cϙ\(TUͤVkNHn\FcI>}dd&O {fU4hKXO4$xnI7 2E"r!S>#Ӏdt0d'5z^jhđHC ;r}I&.`,)fI QaШ zZ^/q*5 sH'q: o=uVbxފlb-HzÖHM . ࿝u#_Uݤomʭ7uފRւ/2Ly?Q$gO1F%3b_1Mg+e|~z4CBC  F"A$<LBs$Y2>u Ʉ}_0)hXFEP!֌ H?JܝzE"@ZDQ@\o!ҋc4̅[jlPۜl=fk+JC@Ö H/fb0hV!/b0G@…32`Q{?֎%O9v+0(w!@R?d @i)$5)fI$5L˄Q$|%UҺ ioS3 4H"_S;0l)1Bmf$q@=%Z8L̹_X,n/1y9#o#8w`fz'!;װfz;/HSx\팝ymY'lj hNZİH(hkU.jhmƪ1F*Ѷ6Q[أhM$v]Hց ;~vH/{vK_Kx3L9L?Sd> *0x;z}s (lc)wC]W {|0.@1E}, ϸ{z*l#F o86 `o2J^L}iLr IJ%,$owY!m)ǫHD>iɓ|=DN}g[O+(AwQ% ?=ʾ`˾Ӳ{_fxA|@a9tI R"1w馗m$bwd{F/7"YEEgjש)z,eRwsHKӗ!H%bijD `DC-ΐثs良jsǶW1r<$#3^'Hҁ'ʄN4JU%l`Oޅ͞Zp- r/Np1H[—_@wڃKvmPhM)П9N 9(q c7|Q=fW~h֖OQzR0->]4 Y198ZkcI\%N.L2Ldqoҏ14ÿ(?X`A!,{gެa(!pa!ra?pLB>s,d̕OV|~oZ5F+PZƨ55+(55EQ[E%m#Z6ljIQA-Zhm-Vf$$ljF0RhƫcQEAj6"&EԖ6*6Fh&MV)*DFJŨQFThMh-E!kEmcZ6ƊdccQkhEbƊ-5F1oZJT4ȠQg"c:;xw46a!WvL?h&A\QSǎ2gLl V(c%҆5IE194B* ^nmUdYamk|V$Fƪ,kQmTjhO|3x==&MAFʼ: ʅQ EMoмPUі 3@HAC{"wΙ81;TR?тuC2|H,>bFIRرPbi65XMi QXXE7. I ] Abf]r6GYR]0̟_?|[A뀏ꙭs!]\{e ;$/F>z\;߷ӵq"#H;igH"$o5Bɧ's̲@)r~wbH =ilsY&ntK޴? ϝ+sOv[OjȖnktɈ t}7سSC11}X{mGJN~P<0-tzn~>A%bA6MGLHĈ{-_CgF:oPE2#WTr|a UG)՘x!ⒶXw~7`N",H 1kh6֨bjdڍlkFFMj*5AZ#E~$i6#_{cs?xޤ.{ YRChmJ" m6 gy˅'4~]>o:/C}= KNvWS!ll?=xuBF aC'gM dB*z\+k`U"YSSNnMMJ0kWf z)$P ɀO$S)Mc* a6҅L㼡۰gD`]w! Goa]M: i(e.Y/maJ; N-mr玨{zލaU-,WE,3dpa:=119Lk+$uOCᒌwJAO}ݓE_}1P\B5ªS VQam] YLb# WbL9!i!bH& (Tƿhhyqp![/|{IhEb1,mҲآ)J֍QchPXQdLddb֠[^PQ6i5#@/V í:zrnJ->{abu1OnaqMo6/dx)js8bHy-vj gI VHs)42 3.;F 4b=|S4FjRm NZ4fL`-\R'O% 5<3lk7*oȯ" C&㝁ia/8] m=ʧN8雀0ɰ2^|[ y,~榳%fYx|Y;g 6-ZQbkE5*Q lXD## hbL;s%3LblMeC^>O?Ӌ3Fp_2`͡M`FZ+~gvc3bIQ6( EMbHe4 b (DmT2CF"&XMIdѨXڂK⑞.\Vll EQudҦrJ'LK ;(3-Nx鰽Jv!rƒĒظL`YD/ \zXu 2s A1(RwAec㙌-,<wANM^rYwp< 3mdaq1&k9ַ錫g `iU% m!M5w\NC~uEH+ QlBm֠-bDkb6ъ-Y,mDK"QX~ p [:wi$FNjHUHYF (EE"(E'}ɉy-(&LFr1)kquf?1 aS@kN?E9<nPüƉ?HŬ~s"LZ4]-W9WҺW9XѨLFlmEHY*LZ2cj(1|$5mHhL6@9F&]_^wٮ_ho׃u&K~zN[6/>i[V! 1ur:OʌM)AҮI$A+ش:TsMpD~|(4H @X."#~= hJD G$"6?U6&M ~L x7`ZL.'ÏZ&GRaCqAd`hPm'5qh/MJoGW cFLBh\4* g ozݯ%es=X vkPP eETcj)"eDEF6 ( uק?;UoLj'GRИݿ=vs>qj.\O[mZu({LPtEޟ"?j(H=_}G9u岒1$$Yp$!~ֳj~g]f4|b>FNE J0u]MhWAHןÐs &wF`'r|MUL/4S۵_@ަNNY yVIQY츣4 28Jm̙>}в{C# \O nZVz9Fئqr{ !£zk(NGTcGQ5q S(,a\1 kI :-waV<^p% + ?/ϧ[nDŽ 1K6x&0=fZVA察U[מʺ'H/T^yYΙ;^tJk)?zz裋C0R@Avﲀ'V^rDߐ|Ne(tӖLA2tHLPp~d1# aW\Mڀc/\%_=SᲉ<Qf("HnB@ kj;qǒhN0΍qFx.NͷSuJ({7I6ƋG.!V⫐QMUP (~Ә\jЕqo{z*9k(Y1]S繌2|屴Hhϗ4d$`$d^}!8= w@eVݻg}:Z)yXBfK{?smPtq=D Z%YIﵝ^FܢiۜsgWGY><[/['ƄsDm>,ylPM%Q}Տw%RkC~'z ?%Oθjo.F~`{Pw3y6nO-7Nda+?V},~C32}U&`( ֲ<<8pϝ=oMDd4A`J47iveU]%E)Ts+,ssۻl^ow뮌<ϋ,:1果-rC$$~L r:ֲ8 N7i tWyrbŔC:t3]꽸4&\7fdDA$LaJDU7WéyXE1IC'dn.mR*ZfiVgRmzn^(HōhTo_j[Ur B@ڡ,_kvyI)ƝF tW QL&6IJG[vIKF^y;WgW'cCb[Ǻ6Kg+5J+i7p^+m=+Pu_>uy~leDPIyz٭Nٿ^WieZ.RmfB4V#+]zOOԬbK2TЋ5Qg^w;3wolIeKI"B-9f*H/.-\"`1wgt0>61no@wWvO0#J?H>(H\kn=312r=_. ϥ"1T3 /Qn~t0v DOvxYewdWҷ  QuYGk5ݯU|%V[عHt?(>Wjl{ݎЋ.GX5x28y]՗e( G{ ,V7k}D}t>UEJkS[99ҌU7D@u1S.'?NF:_G:^- E[smh][wQ>͛*Ό)ꍬw7f͓ *~#wC'nMv)ߗͫ(UD|XktW;Mj,QxuKͨk’YIɀE(a ZX{ʐ2bSO?=/?5DmO = )'eZǙ*g--d4THk-T*2ˍc_]?SlS}NGh+w$s3Q~匿ԣ$2{:N N:abBc)uz3!9I$`/BHu9,'T_LhϞs*~wOxTIauovb0( OIcH&вӡ?:@,Ɛ&vMm|m;`Ǵl;[a{SbwX Llc b*)){Z S32r"6@!$38jM~t>5SIPDmj & `؊e2*R/R ove;/xv;?df^R|fJcw |=̻ ef$eiJ1(rŒCe.۹ݠ",*Tt~k>L8gwdb;ڢdkuw{~v7\xNzA{͵ƃX+婧3PdQ%b^eBڡ.P]NdwCbdɵPCU)M%EK`h`M8{'S a@~PPb (̬ ,;Fiұ8-?eQn]8ݚ71[t/;b%Y= 9P_yI0E$P+5'03we3i9hÈ&8/izChQ*DYV߰!T<y@L9;3j!6i<{-b:>/| XXyCD~<%[(xhhb:9O(~ߩ7?ot|(c|VH%1dΧhE_a{xXRC@! |0X:ζWԠ=r|X2w0d(pVx3+qU&jĉpӠS&Segk}g":Me! A#]& nR!bB+1f.T!eBGuV՘[93CJ! ^_ F S cv1|=/@=B"y?'",OH|,{$~CRb?.82!j7z Ͼ/?KL EN!\m;*Pu892;((;W@Gsɽu;Vq% KїpeYհ zF]Tn9^{&\%(IYw~]|{ڪƅ,4ҥ:Nݼ{vzf}:"Cķ}h-Ӑ^:!&W'Ngo*bk53m6ɿn؊ov'د{˨PK'ܹ2谲@1XBOڔ*M _O!EUO^]^Lfɶ!hK1dV&_ȥ%{ .3b) D/t ޖqbd7p|LA&I6l)6i"K}6זBGNPPM^cBB rHtÚfXnz*F.#zwky 5OA:ojkPAy;_Q'qR#K;rR`n>k~uIMm6$0좊Ԕ?c[U,9߿sר{Jtf5_[Ҕ!?=TS@O{ܞ剻Vo={˭|?`pυ‘DwwZc (1FqB4 AiiF_քxzb(l}|& a#` 9"eV<,{˳MaDR@ Ry?`c{L2rI0mE44SJqb '~+D3׉;AI d(I`"H REe2TJƤ.(7{)W5hVWSS|]_s}!-/?EGO-S~z(/dg^.󜀅-JϳOvLdtsmraX ΄~yT?kܻ2?P>bT=z}oϻ8#wp3!gY F- ڻVy:*_v,5C2i ҅ܕC`d}jZ pIo.㻃%ʇ}m{iewyvOO>u1 X3ā ~Y QmA(K$mcY63LLf2f"dDhb>̉ †(d͐bI 6_} s|&ƸO~#uQ/iCE 6+!Y ܿ<> h E9 j,ҡ0 E A#pY,A~/'{eB31bBHr8 +&QÆ5GG|_iI$g#!@SIεģgXԔSQO#i"z/I: F `0ˇ"" Z1$$W ADYP/X`+F"*IA8IrG,:4pF}pI(w M\쳹(|ΡvԾys>h! ^~Ɩ(ʬe-~U !23+♟=#вG?(Ff4v {?~UV"EӓJ'>&D3Oq3 cJUA_z-|)v%B^xT5LU@F=.g={1ZO8-rVUpFhn mb0n#F-]\Ȑumpyκ\]Z"\G~MRrf{(wCJ]CIaff>)vlرJ#mIjb \%>Ah[@0m4 cfep&`zȤogf=Zg=]xʛƙtyImѐ/6446lr Yq%q/vL5m'[8t\4 FŐ79ܹ m^BSRow2).zr3>oo>z<5}dTc>XK]{[*feJ%Wh|KFq,Iz%}t'ez'qnelv+\byCtC6 &qYA=ICև},R3 P5QZPX"r>3ǃQ'Lq㮣qZbA#߬lջggp~B9E+Hi!D5Ȁ2sRZr}N*EBȳBy )aFR$cTR i9b%Ÿ~fcf9ekbbL[,[Llᑐ1#Hfb%̽bf)BAh0NRq2@!.>̷Th"3RLK)^(w.m&dvQ:֦ٛkTx\ i筬YdͰw{vs k$du2!I%X4-!A/*Q7U3m{{4dƔ^OyIcEӤOPGz:'#kKw}!YF[ON>R3ofOy_N7(}vK~9Nv*V" CcZ1r qw0n Ne]qhzeFF FfDLo;^nت"*Wm[sqX*|dD VH"|/Q;9Ka>XY^kxy ~S"3AJ:zDGyfwr֤ bXd5=-KJF;kQ?^(Yy|V)JCK!MlDЧ;*קɫg4>åC2ైHtD,hO۔u$lKAy<KqCnVm:M

\&nPiO٘_ovIJX-ե /*I>{^byJ3GZDS# !e#ox9_FPW>/6Yo{S(hTsA> B- ى# ek~Z³1@IvJ,&KrLl_/@n4 "}{ U6&E>zHz^w'†nAi-d=^ ~.s{ z.sZb"'8ҽE]>XMoK?hR&hQVeX>3vڸTkm5|^&"(gq}w9kzwh>ٰ\&{?ޙ#F E>BU^LZ:"g ~>¹ejCrd6=陹MP;2ЄTAC0ENE} cyȡY2=7[ǯøsJ%Ʀ kv3̪Yz]2t0ުM꟬ZaH+>YzC~*K +#?$PXDZj${ B|C=j&9}  (;DB$wt?:Ζ?uw+zaW׻ $0=[tNĆз+mpq܃e<8ZYmcS|֑<״3<R= 8q+hS>zb!Yjc/̈ˌ?)&w{Rb-t"دN(cxuݧIYXJ`^#\ 0c(:`~^˘M£Ui#$~*=cnsr=$ݣ‡cnO (F'¿sh4^+x bX>nLޝ2ZSP]U-OapA}oH?s cKҎdpQ~8r(|٥Wc?[O'',dz(O^32to9VUUJ $Z1Fsϛo) NTYӥ*m8k8kZʹdW&bOwt&Zn>ܶ*̧%;!ϳ×}{9ֳIM%L^QN3';$ܲ,c9=m:.RN)ǔ;p>.x+S)z|z-j뱬s%:X7xxHs=f%H ~)8b{ ˮ'[xc5PdFep_Cl[|'_m2T=z>N gt֥}|jT|9G;BGVp~1N b`}Go묙,/*F}}hNbx̠ GPSm{Cݹ!?ojX{,kL$z00  ,@M3 4Xoz/w<ic&j2k&MhƭmHd(b)4}_~oD%,QQ.V:l+ZUw:5}-ċ'w;3d7po2mpQO`n69f%*4{wOUyy]RS7M >xX29@Ԅwsé&LIfjU<2>aw9#CyyFqq+bJ?ը`ٔOخK JKij}/SYb[.=eui_Ln"*q@"}M!U**,]ʲ{d-Ve|wR{C@uW O8ٌMt&&l66?Y1◨CM3H cQW!Op: f]/!WHxDWO_sw'W3i4hn OiE) TOgD鯭K:W2҉Lf{fFQ1;fb~Gn;:d;'&#vKo9ueN;X|td0 :vE^.T&BGJԤLH 61nsl[Vp-kU7-2(V/>gY .`r7m#1]kU.U?~s MY)RUF\ǷlY82U]?6GMp q kJdWEDYqk k#RZwyxj(]J\Gwv?O|̧ĘHA@^ -'s2eTPF׈!>B ;^/j,wdG+ ~&[ളʙi1m.0DC[=3EWF hj*+I@SjέGm!QʮjFCH+׎twnQ1"Kw\1d@퀦& yEbMم;t˝ ]ӹ97#.I c,QvuF.\1J& r(̠9ы1L`01Ft3, $$Lw]sww $QΑ lcNvnƋ-j?rh "OU> 5B'E%ġ teBō2Ҧ 4r>rI;ܼ|^wh-b2E DrÖj$l gҖw1{?[RP~$@1%묟Z[OOﱾz&7;V$>o+nnBm4iȓn !I(1@A>#qn#}6 @@ЀQ[-=gk}>Š_wnosX#L٥rQ"ɓ1|y0fj#d(7'#?g\QX,2}?_=oȺeWoF\Y>ǹi;J%*Hi0#es&rh@ (HhR!FC'S#D;@`JJ/:z)ra !ma2>zAwo,yOqT; '|>alez¯PBamIfN/]anJQS% X6G/*5ldl#ƊA-$k:wHt} {T1m!ț C(b,6m(9 y7d׭j{f6N;yVeOwcDi|1̈@M˺5;0qY$I6ϏGʖ¶ыK)n2^hHش  @{bC-1WoKL0FJ6Ąb mȴX̱0cS(5I>?8NRhI$]S\j^UNö[=>2_ \ZVOjwW`/W ( { qwL>(׻/Qlsq"cXuSi}ϫbMԚdM`_ԾuƲ{Q@Cf~{hē-Tq͜cSe2"(q!x?n_Ϻ))W+ƵڠHq(ԁQW8TQY-"Dnl>ǭ;NT5 I~ w060E:|>⻌c^gj6 Ls{9i܊vNĜiQ[O);L"}o7"-k8 _Lm_#aأDW;kSu^ X/\R TOꊟ }%3PdlQ񙱳0HNBi>zj#""RJQwaU(Hl+/W@ ;4ǁɟ`~ g6nǑtouZvNǛtf^wRʷH?8m%H8H:f2RSA{U~0t ~HiS,*;\?\pm=orXq/ QC՚OeIXnu?I?ϛrrW eSbi6D;us0/+?[|5ZC@ z<¨g3줏moO9vQ_QӡQTvQmܶS-*kE}V9W>$N~>'aIrJ)_.y>&Ko(lJ<(jI d1D FO{?c̓E]S}U70Y?K[)x'a覺̦Sz,"2؟%4* ^:l?yO>]RL~~}vl6 67T! 0D<5ϤqN1L4?JBf\{$W@Kr>\KJ#+mhq"yjʿNTb<8@!ى Pb `0"5#@zM}WC5i_{= ~TKV3/6.joB~x8ɁMu}YFyU|^'x+g`.MLrY $̆5IAwb`wQ\?wM3\urB;#9T]XnMBY@C}w FK|ӧ{MdDoՖA#絴 uSd 1-&yTʏrDfT}QZóR0QdP&@1r.F#TD:sڟ/xsugU;qir,J53{p͠\-镈,e{hCtaj $e!qs9X QRlҦ ,k]š3,"!l Q78DQAE"HĊV)oΎـp--h-Ufv̕.:)<[:J[އ3$3>&bD /L&1fKGzH)bwoOgPTVrj6i elcf*N>K gSA#Wb"U{QܶFβ y"oޚwB?̴t 1ctuO/|X*^@@F"60LaJX^G 7 qQ#{3.\ileYL1KOgG2(li&z28@8 .U2[0bg{lh\_CXs# o31 s{LD A, ^[.fݻL\tq{1e@ހՉ3M,-wμլt|c"N:V+L$*TthՊ1ABG[vPP.q5Bw~%r* &K@0!#BtdWUv:qZCA+$ B1&1*l1-*Ӌ\˾rzS֥rƃ6UH,16YI 1sgX!=mj=D 3ʬ MCP !cjUJw:N '(VS*[] bLmTbpG_ 0mRy=PD_M㳝ZR-6< ֒5jtsW1wW-YPi g66Xbp "(X3|*PA 7ON:vl#A@$c7LWtNgp&z6،7h,q #|<묋pP::T`E*QŶe)1aBԶuҶ8sGD@`M[#fŕXMZU4 :Mk9cgJ(oZ年E^.ݢ'lH$E{>2$ Gȵ $Iozó–ŝI  SZZF3|UWgayd3V9E -& `VI"#jaquw-sZ FeX{D&$@,Ke4izwulݼ1IfgLHwe!:Tjj̜x.x`pt / 0H$a]bv槄{{̻U]۝ "-ΜbU(+an!N-zޞ)6I:d44!H25h-cEȲ,09ҷ0 {);$ơ==p(XH.yKc"#&]gm;0Κ:2:Rzl_(=cDcñD1uG``u2z:s(g{YƗ8̈jM8m:H #Ei{.#74 $c47&fo0tu=% ,KrsD XnKC8DIۖ (Ƙ'ii*2%Ti-(5[ٰݕS[b(  ۦkB(F[L1e@E Jδ*"AA, Eom1#,^K5F dQ8]61i@l)!<]DG&PCuȿrm⮘5{,߇&mSSW:Iϗ$301Y k*1!iy/_w=5?[~̨I{ou~?@gIѣuݎW^"I Nϣ~zޛ.DWݮyS*H/+7Ì\CBhiڴM/ -TӒ*Jj=1fѾmL 20d֐7Yۯl}>Pg70dp6&bz7w@#56M\1%1zzsyOw )~EYDO.BS J1ҫoQo~c~ 1ijF:8QM[N++^ M cE5j[bAsuF>qYl`O6{d @?n|#UyK g |GnOw^K?ݐ?_z5t)ҳj}r_^wj` ~LR_U3t{)_=!U[kxh]+r*Qu L-yU h:z81[_׳5tbW!A`"LOjW_S('ѧDvSn&LQۚFD ՊғWr?_5?x~ZH5ks?QhDclOaN F{pP1_p63P|X1x|e`z C@Jj`KjH%ÒOK8_wE9~{?Hy/C?];:ϊ\c*[?)d$k{,=yu_ZM0~ KOy0?/"ÜM^UOpY pn edJL2ͿQ7JӁڜ%e$0)>q+\ g"/H&kuTfL9/ߜw%5ؘL%JG4#JUpe.wDo4_ٳl}uy({κdtp7z/mQ6jiu4m}rV;(gݬuzoU^/jz9)eiHž~}ˎ ?-r$#)e(>kl C0JSN,NH&3gj`~ω3 ch~7򸽷mRh/VLi{<\o@:4_Vb ##HaՀ>+]s‡ .ɻl9t C1S;~_S)c8YL]˧9φeOT{h^ַ/oɸ+zSMϮ&fa!ٲ~˅ɖ;<\Dz#ֿ^Zgd[y\փV7~02< ޿ܲ=Ml %fFٌ65ະF^7?+sx5Ѷ`K;]{0 a?ljpz ֱr޽2CZ0TK6a'?f|nm:m#8 @k]I~+YxL2LyC+~@>A_M 1닰7l7$7H4d1HeͰY'I}Wlp101S*ELY7m Aƍ(sB|;jf_e ?5f5!a5k/cBf9?q4e817rbX:ZsKHZ&ՏՁ\=6[x0>K)s~Z}.x2kٴgg a<.3!9}+<6)êt] 'h,_!~×9iyw-G߱q/:$!*BZ);f(Ta*CV)?=mC~ r3f1ɴaم~Y6T]d\abimXvC˻z0cӛKja=/?}Hv|TCOga43.v94t l/0ŬP)7ђ;?=KxDg>_\S#U_%ؤ 8L3Ys -#X7ofs W.EL~Zy;|HT9Aa>?ltgo`p*O^n O:PI3ɟ[Mjzgz$Ic!ĤDɘPj(4i$L((I#Q)ldSdMFX0EF1E4ETCDh ɘ 14̃6B"Q2U%mKTV-*d<|MP`5ykDTÆ]9z ἺRg*f3˼Kڗ?[؅*$i쮊̕!iP|SCÚi;6U_"q ֻ&R)Thp((m'rwj{$e$B0RldÎRxyOQR:mul綌qaؘ,+5DA;TU[aw޸V5Qnq &O{>2TJ#BRܻҦS.%C54Tߧ3dEu孴m̱+u>ъAFj*Rm-j6ؗ- #uAwvЅ5 $mVVXzUG;8#XtɘZ[Q-ᨱTc5X1LnS DUV_cLՖ*(O>GɧmeJ*Lf52QT|/{54o71E)eSYVut=RԶ/^h0_/^?xχ8ibW+# cu,fbr˳bQe QK\~Woo^B.Jf6dTxiCziϩkJ#>;8״\L;,~X~V>IEYkTJxKZ*E-z =' ϫ}g2`˄C]fH3Ei~n "#% Ϲn:LًETizν]9KD7fcpj5N,߬Dw>?~-2.)ZԤYJs(T7He!YPHӺci޵M!mT'V]e G_X W^ۑ询ZjZ<_ý^{& iG~JP)`{}? $=^`pkJ28rIGHDo5_AeoW4x䅙"]!Y]^C}}.LH#Ic TB0y)%'D =?~͇Ws'..`n)laz1sQڜ2HEC&"K3.%K/3-LW-X(bޏktۧ>ΆdQ5^uZO\4n-mNX,;R }d[Z8drvE[jWv`mmjPyoX}#_k~(d<id >zv4U,64$?oʟOϱVwOwjD:RwṠ?׶Q8Ώ w̤ڊ |9ݥA҈ {f:<UW`̒hz܂+1 =-"ʘ,p/ +H: :)c%PY4I1 WX߆!}={.vqweN]>׌ Aѡ?ofFt91S5Ba7Gԍ4 ~^ʲJOtt[iwz1Y\%"D11sOiwJO_qgſʢ"SG7]SI%#IX%f$E&ɕsq;[zPۅ>.܈^$2DB,Jdb,%"&JLFbbh&I WSHZ h 6КkA־;-Ѥ(u ^{>ǯm\ϡ$(hF5ڗS~u}xZq+mB_wdί! G֨d׵b{Q>K[ҚaO wUqc-JAB˺Gs^>G]:Ar`EW&C^t DEj*Txgڟ+2g7i}?]Bf?:Q d&jyVFmV?x ?/՗q:Z2s%'QL@3f}).B紐Q#a~`?doy;_p>OǞbh=lx"5^[i?n^פ9-*d@ L~Jk>gZݔS/ovi"E#3 0s';پ{V 4aa~jU&Rh0,펌jnyk +m9ԑ@ vaf5 pu!Z+ecwC;8{,/`DCH*QElzLod8dM0Dk{,F+T:gŭP[oݪb'aȢgG_BlF4P"VA8EȐ)Jޙ#Rˡԍu5@" -6 1aT&3Tvb"K3L(7YFf S:2 ì@,"pӳ{Nwo\6**!4a@ibPh $3tz̐3m!0J0:*f E,Yjq(2jP r"ԓ[l`#L Kj0\"-IJ|].XSEpt\0\Ȼ ed!eQ;ZeJVQKMm/i=ZMSa#lu:N6N Lmcc/t9CMk/HtHfRߖ8AD+Lj$Iq"lcSAEvl`tP*fLC:PךqCgtFLZz˓X*ONG/̋iz]$Sc:Lv TƅtVꯧ+gݼ0aȕxOΪt>ΒL69S1B  DhRx,B C @7MN(E¯uNq>9\ϘAC\(eKD#bG$u^zwDkuܤ|@qn>mO.Dq-ۓ| ̈́YX8JX 'yB cvVۊui=sJ(@s4>j`c xN}9t{r/e!}S>Ϟ6ge]_Ƚ^Lbcn';}A}[qFzS_*f}tm un[w7φkǨf},Vǭ6\&+mSϱʲtOK;eÓ {( 8!lG~?ũ ٴe%fm0H,rTDP2 ޿O^l"Q02wJUDIii9SeAiS`$\ 'sm10ӳ&B$ɝ KyjE7r cX2Q,%kQy~?ſ_]>qn,[،TÄ{դQBLQӌwxFmFRI6Tl4c4R"$ČDst]CYF bȱQAtwignn[eÍRe]nRɖTB|܌?zjo1_i[qǺRѬOՓڒ |el ?9ҊL|<.H14|e;N("yl?yfq,\9 * hlXҹb1KA0!wղg7q3i!gu^B#yA+9hP < ΐ:aO(f |@ .vP%M =7EOt}:>H8Cp+韯-[w)Z''ȉ|';&J+H?}$_菁D#@1e~ۼ-\yl-tph!~G~=޽ S0I_,#Uh_7Y4kZֽRZr"W 3 D~g/|O_QR?f61o$ǨQ)20#"A[B{sk爛r ܚ.6_Qqy}XߥUֱu' >ojI`_s۶1ͿA.'HZF _o?;B ZFhSfW_o.-Foi 5ׅYrfP&I6‰ҚDs?֞#N*!K{uK?|̼-hYaM7z^JFLZE[u]s ZUUTwA J9NKG#t>UYp';u2 gkDR,>wWYpUtqv4΀]WGUMXxsPy_|IY&堬r>vHo`NWn?#oC`HZXT6;JhFPũxa  MsO> ?Z~;d#xn{#y Ԝނ9,Pno#mzk}SH)=R $Ga8'Qd%dNaWS:SI8jh4|;|LO/dQNB(@*j&knТta@0@W DKu7Uw^<>u$Gb2JtwW*(Kvb"{.-6^\;tߝMaAP0!`,|+Lk4uGMN\EJ U~jqL0KRUD'=Se:mKičD >x:eWV:X˕ƙsp`xӻg͗)z=dɃ\?eQ3dPC>q΅?9n91hY&Ѷ,m,ʷx, +Ls 0UD`β"X$bIw_uz3¨m?zf8U sJhZ0b,O" !Ԉa!1odݲy{4MXoάڣpTǛ_UQkX KڐŏutMB"DhB?H˯^858d {3B/ OHGrI 6|iTK?2WY*RZAcyBߴS ۻn4'>]6f#8#o:V%lAcq$@~*LI W0oNKOek⻈o!+<4Ol`1c~Bqb:k{whY:FևGjeYLmFAkFT-+ca-FK-6FFiJRE&2a50`J{&]Vpϙ)VQd[ed._߇&,e bCi#/,5 Rd3cLevBʑ tXʟWpSwJx'BX&A1@JRv^GOsg>0Di_nbj{$s[ZW=z?7D 2B9?+c!Ga3b]pd|w QA4-BO(@iqSðRF!AD]0qtF%|ڭZȃ+AҾX: ougMTGTv4c۵E7 6L[[+OgL[ZiWy_Su4cdB3ʉ2%&3GqFdNv`&]9;-L5(:mkh,-`>QP# ؘck]I,-W.CWհߨں!ecg坛p>_ٔ} -<, Rnyu~G_PuD"Z,@!e *43I"'*OYRIJ \# ]$ƚL$M˭ _yo/~뤪laXd-A²$ZS]jY `u@◎*'UVy<%66ٱ+;z;ֶժ|ZҫeWF1x$ g8 vou(J]lur\ *L4& ?]vDB{k/ϴy&5]j/]@`EQ,zu%Xq+# 4O&@WWM26Ֆ,rڗDT nu_AkpD?{4er"F"Ԯ4@OCSGR 8MDLs ,DQҲ0 9#hQՋ̡+ޕ,ݎ.ٌt[N<.|t~]ӐwYҷ?$YBO_ne@eANqƅMU5Wz-/b}kf>K^g~d g,ɼ +<X$6rQ,5f[ǤO #(2_ȒIh\}X^٘`bdRy4FHĤa󽺼&ekxܮHd6ijŒ23QEc$ib$ChƂ#/KD"%cAcIQU%meKI PF5c]+!ad%fW LQD4 ĆA gBI CIA h,dS׷ДfEfChF2#F,Epd0Rę(4 c&,$4kX&Q{Xlhh &DD0d$LT@4#D% 12PBQ0bb FIDAѠCRa! fQ!hPi(3"F`c 1f)E%AT!&6cD#Hbhd4H(i=Y&,XI`%$Rl1LLX(MC1!@ ȄTɔZHXA )0YK,,dԚ63d,̙@ȓQH(0(Eï4j #L1XfdeM$ĔGu3,2f`f0 JP hPɆ< EA(`PlRdba%641eH  HB&%)&E"*bUbFɣսWTz^3MG.R1UTSJ,.f@PDQjа\ִh1b*DDbvC{:Xi'JH@d,۔.u_r*KUASNФMӡXL8~tiFB/ k,ޒ[Iu$ t-g*{|ʒ1ȁ!ID4;Z 'O;"ua찐$0TФ)PӜC^ìDouQij7 MZPV1qԚhrȮ{ohDuDUOv3nF҆?G[$'^TnIu>i2:(mP%\?;Ӣ??Cf!`w|XB!vi^Pu-8qR-?m mm&WJ <iE 6h|; n#q{o-:OUlcí\m;( l$KϵktdB/7P:eO"~_tH};U ~Z\{KDTOhkؒ]S:޲^~n26B__a 0@UaHl#aCq%QgɝjyaB蚺ܕx ILq,,.-]Y JP蒕Ӊ-ovk'o20:s[97Kjgi}\<a0b0 6@#x0'u.4||--Z~mgKܘ ?rZt̐Þg#nKRI =YH@t0B:0a(<24IJ.,` = ,}#fM1и̜(za[?_LK?&'T4@I2TLXh޿[yv'}ρH!/Wg{Ʋ1CSq{?ºKnU-_^fO#^!x_S۱~&dHos B .1sFRnZ`zٹϗE6vtk iD9ڇzKz" Di1p$!$~eWP_dqVI_F._ b21ޱK\Oɨ/AI~so0?.NBB'= ?~eÃ=ȠF1Pg:&[[Ĭ\Ow,-EjϖOzW˭ul0`+%?>Ua;(_j(gHǵB /q04.\}I/I Y&+®UojlI2;2 =EG)[ }p;Ϋep DǷXoS4Sя*(` Kyzht&"/bó$V6~ cin@q]R""(P i9W /y}GSz6H x.lû6Kyys8tA/[o=;~sorôGz<kCm ߕRTPpR/62LirPԴd^Ɉ R`jo皽)QLfAЖٖ7zNfQ\ƎvM.8%v}"sR}KV?31M\snJ+yʶM˖*Rm6ՙb"ԪŊ S_=ǿNZHyNxb1X" t/&__29@㘙yFVX.=twh=|̸Mo/]>[bfq3>5H ZCoO.N9;Y$yvJ.\k#o9u7+bqzvZAk׳աysn6_ ۠{(='=8}svH(JytW]~_5'qoAeQPDQܕN\˳o c?Om-.{5$o\uq #*fL\hѣ:"*SRE{ 2uDZQM\[wkeoBB?(f6o&? Q QC{t7 ɪj8?ϳy6mpP&Lܐl}JK xT7(UuPnƸQߖaBc[^SG|I,)>Y~*'KNFg]*K?U79ooYfL"l.40lS45^ br",yAL|D!΃M˚6uյ O73B+eAx("SlZmGfWAlq`B󹮟zX\YM!(q/KPiWefGU$vnn5 /u<%==nKQ'u{dx8緾o<6?XL=Y%!in`\%^7reبܼZUS*bإA'$dNģEV}S7Zu=%/i CE_IW~) IG\4۹՜/zPvǝE0y_\ttgPnZW"ڐA(kO?H`Pb0Au>Cy ]{_VרqHȔs0T'J&ebfQfFI!`$cӋJ3[1YnbO!t1D:3;Ü ,PQ"I[vx獚9X,K""(4tłdFC?fL IP~ {9 &$;%)8=`1m'ݙy.l COUCv*ӊ_'rѷV\2#YAUH{鳇MfpS ϴ1۪_pޟf]"S}m5V!Z"{6VWUp2Xxx&!*2!%ʘPG[P*G }" ´ 1֨9-R/t1iۿ? ywN8jPRAL6kS=!Ba{z@4MMBV.l{ڲ~RGaj?/ţl*;j|sog@)ʉ+[ok6GZ]@$&rr. !S#L„)o[}15@1(TD%@2\o$ VYl֠(H! x1 +"suɱ(co7CNw\u>6):9?2O '=##tSrK羽ƇyG\ߖg&2"Mu3fEXRdZk[lj wY7Eדw{ɺ݃.ܫg4ەjINp%bV4b>fuakWEL <dҧH,QF)c (b?,'aO8B?G+0l1lz{&9NG+2;X@C!$bJ4[K ,4ľs_t:54`({4Eё5hꞓ3:^Z? o҅S4#hSG :x?qIӱ(b\C-$@ve,(`/`f4{Fg>/K0qQ`@(TUձ1wƴD%FJ P˚i:-ois;F£3s 쭱Qw^hGܬRk%loڏe@l} C_t"=I} R_/+QwߔVwO+KK&>-{9ǛЅZשi?8gJ-1C(`0!-.̾3yrox*ǟ^Ÿt퇳ywy]2~lyL}=O+;Qކ_PFIсCKUpaLxkK `PȥAi&aiP(K[P\VPqX]P`f6Σ1(xvѴVCEseQOeUuׂw"gGsʪ:mDC w֊"ȑk Pf YcJ69zwf']|$$(v3G3L6 4a]m6AHF*:J`r,64hrQc0fU|3B։Jէ󒼭4aDFwtcrRR V?k(vޥm$o331OhG#hL *ZJ5YTec=G( ~YgP3a /џ0;6)a ⋔ŗ2GH~Q C3?s&]ŶGLVTpiClo}{K#{-`,~/Jk{A/-Ta5eKP݄'s/:?sf{/ <\OU (,DPn7NF^V? .G[,[dJ,%~%ms@!>U y Vv>n?sGĸÁ5^5~k` X_q3>6h&O*/gufaz1R=m |~|zP^ݧ?8kV vk8"14x{+|zU z67دCr)_;vUQktFxgQq2J_[B}J`.2'scOM{}\Ug;cC6c c$MTqeh 0˾" fE>xb$Ib |:]fKm:#CAo"12/ZkMl[}(=JUE 701[తy-#Z8>/lM.jXzZ4IW 0ŞOP1?<^V chʺzužGk)z+f\ =Q{s_F *}t$[=Ba(޻/ؒb쎠)!g#uC=fLm6i:wÖ3Kָ8zQkO"0۷ɫk/ѹzƂjWy k?-a|rx@- \fקʼLyQhR Rzt"H s^Wz~rv? t_G.tz|R חGuqk~a +:ʗ459^u@q|d)ۛQapUvӃr{q7·UH0b ЍF󩋝E{ȂJ)@jƨB + O {mw߸7%7(ʊ҄`-yô(@4 pw a.1<`HEGgx\dwsNpv8F3e\ O6KS# 6Ƹ/R^'t;i 2RXVťC(A&}Y^aR:QhwlgUĠ [ljCRVDZ?~^b/uΉ$d1@3nIcch,[ic`S$~MLaS/;txl[fц(ܵi#D[嗳`)2+efq^} LR?cW[X}10KMGwn&:fA,Rdb=)KcJ2ҠDTbȌEO?:btb%S:EN-Ck+S,ETv#W1/# Qm^̉Zh?u1CCG'_dW·^ε1@~3'ޖ5TzH@_H]l$n2EFd!e ՘ ˌBj)eLgo[rAlv~='t F>dm.MYey |Ojgf`ݷ {BZJvd:[mw}->忭܍{x\uweA@|>yHҫɏ\/O&Kr汱(Q +Qdzũ%dWӒ 7~& ֲN0 @%@߆|qfZj$͘&Nڥ-*9c>=<I(`%FĺƱE+Z1>]VXZ0>ɄYyT`PCaE4(*$|BZ6"kbQCmʓÔ6s07 z~? #{2g1X|ޫSkn>Jo:\4ysE}xِ/RN E}8-!722ys_ ?5,d njkf+l~{X>G.AE [=gqc7r0>3~%+RSh#Z#y`"i*OU??NU\3N]2-3n󶋌YV#NP[AG^M.Eո45@Uvl%HiC0fnJ0Q)ɶqK_ȝoSU6lK}D\yh)~EuQ)}lCƉOM 'Y4(i)rы-(!RYܻ^qu-V,p#= ԀoHu7i#knld`FNeP4S=m%3-52O͝on6$~BtvMDRz~AcM~fF}}1IZ]5&6NB _؏T~!}FZḷ Au{I#o&> ?c>^HNnGB/%Re}ֆgOXgW,: :N ͤ6n2mH4iUNP0梖EZ0!ڑ8Aij#T+KTP(b a,afaȆQfxq(l^63')ysm[&m6[9Xiu&,vIT3-3?ӹޗ2]X,wkZUoa͟4!Dj+b[훔w`ƣQ]}W4АXCo1hY(H!Q >aۥ8|cY] ({[ע[12{^;NtdXWofԟ'3B}]8)R+iTRK !H0'6 >7s̔;%9+nRl7=[M[kȄ1LQCĆ61~7!OE=" +Cr ۿtC;=.鲄Uڼ߶aLn~ 9u~2:2uc\„M6 ?k|*4ʫ16llmƚlcKv #j+ԕ+Efj~KMRį(W^~TY v}1n~'?ww_>52;?b̛waɵ%} W v}"s<D4~VКERDQ9R8 9UYK^.S^He!dߟ?YnT4$Oi)Qaͺtڰ1̻n6̇%(dvGb#)AsQCatEt#NWNa~ޓ$?W?;y=iGy|t;(_m5kh@}4cG;9?k@ ~ᕄXXd>~ I,dXj~aҤ+&&a;](MWVHP@+w5 ﻹ~]w>wEz!]W.:5g6-}^0uҡ.hV~ t1 `1@ 4Uջ%i,̛)g\_zaGNSNDFIHAuU?bkxW W0l &9^f%_[79Μ 5 3@E3/tdgvz> Ec~UI̼ww]s?j?gyL;s^|Tg ꬪCΠ̙yt꼏IY FVMF"j1dR D>NAgDo? s 1^}僄?Vn`1.pn-'l$?=n/WJ̾_0>_?c†yUÄ́}YCI%hZ4M9T.]rJC   nK0u^LK 3\zi3o5me^pcO GOOe {c>B:{wDs;bD|Z1⭉.af_UfZ|/ ݏHSw }Z;x09Rlaw}sV>9)SjyU xuaZsxCy$ڻLq蛴/SUYO' u)k#9{^⥥%\_0zfƀ= P֖W*.uӠ)A!%}7lOzڮLus+t/߻&@|iO& |aPBQ7ŀ.+Y*tpzh,ztH灟?:m ! $D|)(ir;gÉx^ym! 6IgVaePtW\(s7_Ô}H4яUaTD<19ojEX*\ץx9WzA@X@vrq$ [0~6j\E"(c P0%Ir˪,Kiybn]@bqlJ W,=˵CŴ-}kߋͮQEZ5&TX5A-"TQ6q*U$FtBKлa[M"Q1}%=kch~*5ݍ)la r> g@F9-"@PF]Cd[Q\WbKܑ{7_kQa7ČH |6w7+}FgOCcu&C^: 'vc̏wd%ȥGy`]b, e}G˨y2%G{ =կ#tGٝ]+ojZ_iŘp;_ΟOWx hn}Rur2>'CPѼc̡'SNCm+z\pN08}y$0.]I~LJ(Ջ K)D~[Gu~_B[=Y3*W3Uǃ!Oʊmdwc[+=}$*~ǭ+y:7_??=Vb櫛k 5FѰbcƌZ,UU!Y;QL#߿WDe^٥ YlF.F:|tj_o>*_3>L#[ycY" JF=tcA|{fl,atbR-.Ɗe<;oHfyQ28_g<*R&$6on'~meykQ_R@E|?g9ٓ"˚fV'HmZ~qR::^rCJ'Cs[,$rl0oL{Nk|ȌuBC{*OAJ6PP˃j<}L`ة(=wk, '!ZPs?Q 83 ǫ x0P(bí(O$ .=d-9dz2]2,J$ؤwtn2V > >Vt;%z!D'Vtp%MkfIцXGٌ"ea3gAT&4qךʁVVtMhiBŸ^*bBEd676@mxX%j A6"ONgg_Eϓ3{C+jn"#U?nRlk1\j{/;I,3IrEsZӘ?gL{'8qoK,1bSeeQ6ZQQlhGЭc<2C3Ftѭp-wEAeaH&6bNiD 0r"[zYo.'۬k21 q)7.#b& RpPa,Ғ`&Z]N8"bex-gm.ǜQ>큦qBN< 0wK^k~_f+ \Ʉ`u'u8C9$т0-W_wQLj-ǒZ`(Q0 UyMu$.usI=<ۜBq26fNJ26 (?_Lhex{$^w@I_#EV="˜`L13>NYaI7aI?_@Sm2c|]j(t{׃-?+iD?)©.H&D ~&#Tڠ߄^c ,0_WцCrZԧÇnhq@ rm>؊Q)!Cɀ$J\nq΁mװ"1w2 <2T4;&PK*ڞOmX\UU&&A9@n'\qǑ Vqp  Pm6IO52O!E"Zs߆AX# Nbk15Ht$E4OdHx$ƌƏWa0ǭdӢb8B@́i@|@iMwuOVE!~o2I* lllB(B}V +{=z\#z 2X'J1r|%lx;A͑+Zj#iAWPj*zT!F֊mk{E:4Fa)b '~6(UXI:3M[M{z Փ!Sj _5La~%98;$>g8qJ#B86Ty d6s{6Śa+uƬәI-2Zzt>bbD@Vq!0J7qd C07"tD`ȣn,P9i:3v;E\ zEaՓLI}j{kTϕ >;AKv^;Sh8qe,KxAGq6W U?rQ|gd;{VVoCi]&J. s-cZWضM?}u{jbҊk_hmLkSxm_kc>Fg_:rcOę3o oc+^hU xqE Kl3[(ۈ3 nd^-ofZY41GOפ 괆& =G0"LnQm*NH}g/`G`ep`Ac%rUT>y*A/CgT?h1o1VA-ai1XVCY$wL;AH'l Qt`KbP0$ŘH'j(p)%CEO$WY!'(G.0MzKqe[?/ ڊoZH9WC2^^D.okCm  n+{l:OC/voPn=[j?F]qs)k!>g8VxBǹ5hNzAV4-}͛ (ɁILHu6YGv8ZzqۻѽAr8uVVU4T@+>k RJ] QQm6p>rՎB㉄#ٖ7}?a{f,45~ao/CmqpM"M6 EE+ByտV+ oX!G_iZ Z1P(?.ʪׅnQ:]I + B́d尣1T!XTzfaI8aՁEP[ٲi Y'GjUgޕa&I)y[kM16ME ?%P@f+C}g3BGLN d7xƻoG0VPE$]oS7JI?7B,0E: P3:8[&,=O~GOer*+m6-cX^0U4#1zE[lW&va <3`9?aHΨk'mMc,IK9X~l=tUƅĥq0 ӷbsF:͢^! DztMlNl͓̆w{g5T6Nt\濂fΞ.22fdCjRp+Q+pn?u}?;JzQ!t=D_ z1jK ðK `x9 (ʄhAVh;w]K^()yqf08O+50qk1{X_i"@ tH zӝ@"ү%ZL4Akz\~ dN8ԓL뀀>€1a 90H|^y3X{:NxWy[$^JA7A؁e gѰ4|勪^}~˩֑9Ef(~Z47^\uS$w&I  e28GE{ȮR*Ba _)ަH4#0+>Wo3Hjg]k'W8a{vIx"SP|i$Ls$Z4ܳIDc!&0 "0(KpwigZ^j$9IE3HF[H1BHwVm h#ㄱLJ sN* bQ 5nA~GoU m v-m|AFHXB(@;;d8&I4E`|WL_OS[TPPS30 s tqQad yd6mG,'{)m%]4$8-""(ƙxkW0HyѶS7dո2|Oet׺l]+F@mYn~`⟉rvi]RAB2=.nAޔk>Yp1;(aBH ܤ/g)wDf6/Ưѕ8FOq B"$Ƣb ZEh5wo{!}SYE2LEkq /J~~>LaJt)H#"gu?dN{@BLK" f0';3? eNeѠ)٠Pu @ u1N2i$+"v9d rJHi%&dӶ%0*dbU!.upkIàqv"\XT1$9O Sb'G;F", ݝڕt(,M(Z e[n7S%*]DBؓh [r)>i_r>x?@  ' >@M^^6EٵdjF6 ObF"G27`_HPԤT8 FaF&(Fu@h00薢X65W6!F"ͥ9 Wl- I"Aޟy#儕(hhLBr,!?|(Ne:zqE'q•JUu,w6m!@گڰ$* +!)l &T kI, i!7Шl`OZ 4ZBFڀ))!c226Dt"Z 1tH* GlP&d ܶbs dE Յ@2 9buI;hп $z2Ω s y^B d9߿lN=0u@Yu~n{'YG,WBNDZ(Q>Yzq%]o ߑl} ~![8xp{)QS;c~gӧvFK4Y+9yOC7jR6#@ NϯN),L#x5(B-9f"27f[0O>RiXਉ vmC#Jt9F:r!8؝tKty@5$2 UM}Y4UH[ynZE"ҌATeYj#u{hDlhK*`$AG& <kB ) 'wk{v)JSvk~sj%ii +^_lYņ&E}*Z|<uE"aŅm Y }t_d*c .K}_1ز6WZֽki{`uh|hKexJ Ə|ѱroA #I44*m!8 k7%!WCf՟TbR5ϳ~.'3;>뮖m?sj콃̠`_Zz<3It/?WBOO @`+rQJA} z+ %jvOJ͢kD;㲆lx432l oaEo -&\mNM ra>';N{.0}lE4LŗI)aQ"/5>/J#N?ť'NgIr^?R!zEA$!H@~M^|kߕQ>0AobnEe׫@b h5!c]'hnf6>Cc8zM:d4fy,v~`Zb^K1mо{[ai4Baxx!lZ0(`i(h,ik:JmQ\ ȓ[\a W&b8R7&lD'X@PIQm1Sf~$3C&e%PRO{NZ\fCޖ_ ycԀv#{ݪRʟt39CJP JUƖH%"$e/d,⫞МL.#.e~2XD0ڐО!OOL*#8%SRlsf )͝YSIݗBOlρKS$uٯ k\qRPZ9拚 ?"sb',%Nkg'] 竼:=ʟ~k8]^׭|zNLd6=Ae8=Biي'Ed);H4{X fӵD$g_rMo[>p/WysɳT뜟#}b<>^}YG=l_ؗ%רg3kmv+QOq+~X cJ\;fH,B(3ؔR5$k2Tg6ezIgu﷟ަ [Y䒽=ھǘ0~^- ~ʮ1#8*cS2Bڢ+3hF-*%bc9xz}HgDCRl-m:QWv/JCOO 2'ۄU B1Ʊ|:(fA|?hԅShMK0(!eeZ&K־+gSyRr.C<JtΟa( 28ۺOzv*7*Ba>&x5__;V{sQ8b R'4SNT qEH;{<'w}o[י)$kּhzY|fRZu ݳ(uoHȀc$Bp0)7( !oa+*r0קzzW5G-~ǺNI5~;n=_⏒+-M'鮋ԛi++Cؗ ǵ(3[̯ q 'h~˓OZPz'D9E"0B g(  9Q%9Á*wwwO]e`t} V{}!8dX:hMHcHiD0pd}v"^iÍ!e +~ Ni=vv+.]>2ǻʔyJ}E;GO^m S):2Տo3 *@ O2|,_]!w!^  HoT4}.^1z_>qćgmݙF  tQ+b/GzX1ERiX#QPM'ԕ~G%rlϊ]=KM?>Wж/5:; 5}sv7Y;֯їUݒ޼=\}\#IWo+2;D7na]I[H>0ӛ~R3v O}=ulD/&(3cGuI 4ϑy[(m|(, 5Y0I6ZFу>PN?:6Ij:08q|SCr|Z(!yIf@+D@IC,#ўC`4&:( ^ɊrЂQ!c"a.zS6-ia$fdʤ\`'( b\S!=dS!(`jiƪ9TL&,*H鹒%O֜!*]YK4F=.(pǠRʰxDxYA9aM@R&DD⚞f (#o\" Ѷs~x g"DPܜ`f"514 @E}YcU>4o1O~Za"%Q((P%̳#}="Z4ɏe$ȍ䅧DeL۽(!* \\\SRR~5vQ)$@T c2Cb h& R0Jmz2E,Fc9iT(K9d)`9c'vO CP2=A$5Ɇdl/JၕaAK @$AE :gN韁LZXF8BA9Ƣܒ%$z2^k X3"GUzhKAkt , qM,d 4WC0?;!v:u!8xԥ -V*](Ѿ{ʕhM 008* p㝰d+HFiL(mߪڲju#*?8J 595ξ,uыsdb]VER N 4 kHI;[EYDI$HQiK,4CtdD~^o<2ui%SvqQ s[pZAhOX044>\)NUHT9kP*C $ pS7SǚN.=O+z<47EԴpn-~%4)`B96.)M8;J*'C(L]( e6Yǭ?OƃN`)%3f!k2? Ev[7g-|΋{=?Nֻ}/k#JpJFzLBդ,JKG9x}(uwڐ ;w x 8 Q/ x46:E A$[uDJeF BD'j/hT/.:r $$iG>X H6Wc-ɨSDp;q ^\ՆP \aEMq(x6.)o Qꢧ%c-aJn!KH+8!ߑSLm+tFZЫ jՂNÙ|A Xǔ{9b = VHN ZXyEha*;Ǒm wdU3j\nPSKK+ŞM cŢ>)S:|!r'PƼ,P ֔loFjn$~5|(Lb ,>ˤP~#Q—٪+4%H^AM$s;PCTb4aOO(MHxo?fV J03!My>4Ǫ)D@ 9# }%Ƕ#a}גS kci3:pS QA`TU&ͺ4X*WU|6s':3Hc4R, @]aڧER+XڋmMB_LJ E1pz>/Whk65`0RiYH`E+~ fCv ܀JM4;ǚI ك #ǕS׬Ũj*Ѷ܊}[_YxZVtۀ oVjóGBdYeh@7ISћ d"$/46DLl&kjڴmj5mFUj6j(EID麌GbŔnX[66kETBH@&l'Ϥd T(Bh9{l% w ]ױyę" )8sZ}?p F±`,,!w:q8wӓwt6JV ")atsIĊ,Y";g$P u8*i4 @P'o)׍7 kUm8m͸QHBq!}G&Y)` BcR*Ba.cΏG>ճvIDB N*)@GxB=zy>=ur:鐃Mir`Wq{ W;W¤4X[OKԽ\wݚÛ.~o4ݮl?V@f?}C%; _B9l?Jλƪ=wHz\^9H"{]yiGz矓Z~{Y\I^*4?UAw5905B(0F.H-pE;"Œ@fI R۸/U1/j?c.A?=8c1T<2B060/#($~=뵫6'4~1q'-i<~YϾ ޺~ ӏêNA/* *`}V{kjk!hۃ8 BK.aj!r®[78K(! a_Q PHmthU>^+T{YqD~\okY"L"7=)dJ-M?k13B,$w H 1*|Z Y goP V$A y 6b wOxғKBKѶfŠ^ݕ0NďXbƵ~B$#0дc>[^ aЅ@kiD@SiK9J40#ZC ,}$kE<-`h5ZFlB̾@%`16>gP[hY̚+?gJJ-q:A@8m) $6e7.LYx1T>'ղhJpdF8WgN%!'fԈNdѬ˗bsYBH 5 .k{L0RHM ",H.ݚ2dDNir8d!,&Ω!֥`,a,_ytDd) B BeBuɠ䁌#f!RrJou}7U `n\H$5z0,CQM$!dV(sL`Jxi9dAdS l9oBP>3m`N줝zݤ: ,h3,X>ǚtEX+pDݫU5j|mE[XֱŪ*mV $H)'OsZ3S$C̄BBHc 6QQmbVmRFYk9RE &h,9Z9Lm4w9`NYRE4I&!%tFD[58T"H%Q ӃRIAd0 H, S9*Rj1?a u٬Y &44Jp2v-h_mͪ+eҧl!09!8`CdFI5 ũ0ds0DvtSYvL5Jsm&BA`@ EsfEJTē}x>4~_a(U$㘠#PI;DmWԟNsjcՁ~6wZURbFυrEΦ?;̥}W=|ta~2"-Ytv+A6)+7 2Sn8 TS_A }@ G(n= DN#]{| }|DJ@9 T=כ۹Y)3@tTF yvp-}nj/`9zIn=硠]98i"'{<ɛ0-ݼoz/3р7P  @}n:v୰I_fςnK`h0t /FK yx6Prt `ȉIۧKfH7Ү7&K.;ޯ<%D4ɠd4di4444ɂi=B)`M #M4ѣAa0"&Jhm@hhh44=@@4Di4&FL&CA3M&AO#M1O(ѩS4(:Yj"^jӄIm :2e9g+h[?2X feK ,AΞu& r aa e|Nչc3P\rpzu(_[`Z+HRбK(X5xXő@puOK,?Tq7xߒX^L:œӪ#(xÓVU2Ƕv*Km\\pdewGײ$ѕj#͇h?C϶c\uͿrįǃuC^{9z?M密LJ4MݽF i휟~9|Wo_·͏&mo/k.O ~`ARf5.kihkka@4vju}: \Xߑ'6 6_fVZ˪ːHDWSb31$cUH8˙s:϶ih/Oʼ/$$( u8B0  uP1Mȃpla/Db5aX |7'KZ;x>{Nېr0FUn=< HFSgs983n5P"|!i2~[m^8Gv8O;D ;7i8G{Cö#/y }yrؙ)Y%h^]+U)WB*1mGby Y4 [O-\ZDܳjD&*yᗏ/F%zOVk8Iy;:=|w< N-.kyTnnmϖѯz߿gz]mW.]]e۪0aWblש m׶r`\-rrFo'K^^A/^ kklS8(ڇQ(p7eX\to TƬI$;_?= 1` rww&N 8 }^M+Jr]oQWu1Ut6x}=x0WO/zV:*8}\|)6+89|֒/4r'\Xr D*'6_tm/KMnq,ZXZIS@^LR"UFr_==cpHQ"srW#T!!iÛ#"։G<_<"yFY 2[Pgc"Ӌn,U_y;lR1 x2@0"222$%2n]Ljs&C(1d(e;`2ؙ,b8mf Y 0 !,  *[ܮ8Ƚ?۔ma9 g' 0g>di|Tk҂y컄k}86g-l]t;XS"*_oY[67>Z! 1@?p0 &Uw}:5s9]}ǭ63};xʣ=>Q˿'Gd|GGUi>|vqswuj֯_6r%w4Zuҹf}1XNݤ-xQ8aU{e^jW B}v]G=}e*WY\wx|>Džĸ}C4\Ø>WUkygBu-}:b^,'2֌h8Z3%W&~/ހkhˀ=ρR7EF_y7.Wo6a,.󳨒v+\J`hVeUPgX ޫs7ʹE7(~o#AD8%$D]H {Y&'׼GiT"apᆒ-$ EZk-lLxHrtζ6ŒņyuGmcyzY4맺!Ɲ =n چb3 j/[ %!?P7PʃP 1 "痽Nݫt=c;:oi"z}`)@8cIR;}eltVʅwb_+CkxwP4og=y R]yRuލ}b푿,ǧ|R5YKbf hWO/ݕݕo{gx.8ySCH2wK/Iپo9X.0`g0E=C;ͥ8{)Ҿ܎/6g?m:Ǖ/ k{Hj\@#ysڬ7䋫 9cnypan'pN/o.\J}*RJ0 t>}nxPY݋l-?'YLs˿3?f;ZKˍOwy̬b]ZgPBGr鸾=Nl ~T#h":06z>1m f,+8 yan>٠zWM3 h+TS[;QVQ/+^&8C^rI-ss<`YySazM.ŕ=v9oGJm=R+˪m~=C6}05/[z>AD ;—.%Sb>yӵ5x]YcjK^-]>DSh ]dK|0u,5kgP]1% 2&bG2D _Qh-k~g=o<:%?LXjon0;K3a`&H $Ӣ?0 yb^f@x@FgsCc84l'Dېcfo] :07|Jґ~pymS莼Q l(ܽ+G {D^Ie4>Wz]㫦9xT)W|2.{`0cc1U\]Rp9|8.|Ԥ@k Vཬ/ #0,5}.Ј)~<}ig&mhӣjJv D??Y6fz __+sN'eSѷdroE)6{GOwOL^ဈr'wq[XmMX޿VW9XZA۠ٵh, :'n]NQ]\@pUtz/2 ӧF ڦ"x0-T9%~& @$ @sw_=~P-5K R52F N}k4Φ\eT ){>vTr4 cmP:uo.^TNJ.ZwѦLw8XDETvX1 }>#㞣tj_uGm+:adft9Bк~ͱ]c@!Sr+ "h~!Dd s>Zku;AaF6vHX~JchC:ZFNr_*DQ;$,'w)(:EH9.iYʘ0mUiwX S&KYSB Rji06 -[OpJG:QӞ {4g#*SYSp6"ZqQO]4zy,HY%g"L> %)|# d†_$LdI n6-!i`5⤣qPbY=he fshBWc/%:"JA0wh42Dd𨀨Wxs<`Z[॔lcy~nTAZ&2ΞfLE3j~43fsZΓ?m~w==D"j{?XvOis=ص5) @8X_tj+ _ cZq1ҒT)v  0<*NTH("QSrϰl$4>M,9ڷ),v*e] UXe˞ bX:9#v`W"Xk!vgy\6פA thkMt3xAD!qt;P $e_pprH}dNMN$VSA<鰉Ї1xPqwSf'mAP؁/3ҙkи\V/AW G֕Nc劋#fU##DUfjrw ޑ27usH_/ um g0jItVܕ?=&!wcwJVߖ!KQόP:1O1'U]|*H* |q2Ǻ^ W][1 99@u=,."h' W3y:;'*qy,%-hO()('?c3lnò⁙>sL>]_Tݺ  gp˱qil2.BڌA zf$lmxm8n $EfW 1nG./uB?)7ۥvrPw=>ҽOмm"snHr~v_@ƈu F1sx]J$"w0ɾU()zw7[fUSHqD^W`AenF#9ӌ Yybd@+@ ϱ-N3g;=:|*UxvsmHIcg\yV@ó`Hc.mD3M0۟8Shp$2L~nˇVz`-K묝CmI6'U NfK]/R[d'J dRz;D^K/i9ߙsu]W+x|2X0I*~wPK>✒%+EǸXAW׆8kj{3 aE]Jz&BFҌ ؔ6&g%/rq$ͺpռG񖽽rv#n%9$+GN]h H): n2˧" )p\ʀTaj.@AH >|ɩN2EIS`Z>o{:@f]U ~;\M&Jd29YlAn"AoA/-6SW)bh%sJyo}ͷ@A@j.gT$'K6 >S e)  Z0D +U ߍ;{ڢ M$n"[g`Lzx<4(Q:IdGW7vi`r /kPoYr9,"J} bYZTdFͲZץ1bzI>K cY[nݿ{3 +gN{]Z-vGc#^8D$+Fb{Z+ѭkP%! ~/E(Y~w)SEVw%Ka 9}h#蹴DhD}K_LhcWOHf(ԛ?>ƺXΓN'^("R@AH?%|C~G?>%snt.1E:wrZ[G8QD,j"AKdޘ!mş< ]76es*B(b 'ý5LܔgR$,0"-D >~D,$[Ps̉שNoΥ&G "~uU(z{]P宩]xZ_~a].GF4\j1:^Vq2: 6xfO%DH;EdZQ@ % "[V=19OYM[gpiUUlTޕw}oCr(èZU1US1}*T#hmբmr@mj0s79ClLClKPRJ}Tj}>/u!-&ōטgamMמt-w308r6gFTaCO%/+Yވv]{ٗ0[v>ayv%_MH]j/]^N:zPؒwȏ`Duzވܬ|2]^q0|}*==W;[:Ngh]tČGEi 4>^(́i0u4jYM6)Y64gԦ2=;o%__v>%h\ zwR@EwAT)/i0aݳܻk$QI 9Z.y\.<p$i}4$ $$SM!PК'8 ']gf(A&u0lkŬOeࣗ\*{i72@rZS~ࡿe tG1qgx mǚ87pdʂw: PDkxQ|=\KDcj=5Z?\ʨ fQ%Y^{H%Du7B$Ew5S:5S9W<p[E&yovcieg,ڨ x&W=E7\)$.MZ"uʭTʴc,Ut[`=xKR,d)!iD:Gg)l̚2ەSײt'Yjlc<tG['oЛ%yG Uv?y^18_<^N CʗNkX>Wu/|\*DLtyPx3;pM>~ 꿗'-8,S+]sm"j\VAlf\\Lڙ+ap$!S=KnW&8S +ltzSbQ[MW6.tޜ _}"Qh MejXq,&r&̷,Ҍdx<9WmQr_Gv1S& RRtx n`|frYacFI[^{΁][ jwLܿ.-{J_0 dEl ߒr[:Ϯ1 z9E@ˬo ^ 񫋇Ylfx8U6$ EŲz[7+aͤv=u{9j\؞N-[dd:b=mSBcU6leA ]u+]BO{i"BE9/YvWCM"{%saK&D|D,H N:&P15)"bNU9@Nap,K53Tte=-w;i˦گmX5/WIj *ٮ`!cKݳq*H?cĐ|'8FnżEc@ђTta(:{*Nۭo yG@ٷn,Šl5d2EBзNK iCf2rK )l;5c\Ů=tn,L7ͱ6k(s6M3g=Af(yS'Υ8Kd/aC hW6%{?&Vj{s=5 E.i$IpK+&rVb aUTQk݈Nūp~]3Qߖ$PkZPC@w0 9Zd,!é|][Q=BEXvr7L<])/IBnqiDyB8iimW(C" IkTr]qD3TФZÑb YOb{P1kb؍ρ}oʥggvV$lA*sO.^#6^+@YQK semkj EJRy)C&p 3]5"c 6X{lAbLtD Rځql8]ǀRb;֧ޮ@Xb^F'j^9HU2N6DFcڭE3 PQNMM3uwò8bA֞R27I:e&eF  sJ,C{;=~9CTg;  Nch 9* i"pY!Tci a؍ k _"@&hDD6(#NvW$ղZBi{[)(&L`{*%L`gdң""`PemEw.򯣃ˬ]'Ug⇩3X_шMz[% =ڝ,6 DIcůmJь _8<#Ԗp|{i4۽&\;ᴴtWȁ$3|4o72 %Q|a|>lbNDX(ϋ63m qAZVڧϦSadNCDqFF Oİ6-eAC$ޏl|{hw[\)ݶQ. GTйuqu=@pT7y_4]$~?H5c 󅅢?}~xPF}Rvfqc|IjL_hV>V"eW{xW]R=]Ք㋲o ƃˣ[8; am񁈉2ZaPI9ydVօ˺$4|woe[k'YvkmX1hb~-Ab*F{5V1bb1)UEueĪ[H$E淪zۙ]b<^Hb75Y)xjAMx *iV vF(4OnOmgU+Ӿ{V2eiE"e|>f! aprG7Mvn'8O7]iE9aKcS72q9a8JB絜$O'lspkHG6I-`%ᬼ+` 4GiWpkNg"c=gTJYىkfbH+Ѡ{hK%E&&c#s==<[$?<ѧPȻtE$\wn|| rib4[#ԉ߲T5^ u+ȘJnV>)l5f5m>k]͂O냻Uvvij!)"G‚j?S'iw4a˶ " H]bc6s6gABv׮u@9^(<\[7FԾdCVw|Dz0w]ưF{ߩj/+Qkt|$Al0b* *$/KQ]< ;A!@D w@ SASG/C,TMd(Ȱ$L #!(#EUR, !ed, ""+eL %S ̵\-`mEUeE1"Ԣ*4GcrRJ 1*UeqacY(ܴbL[.e&Rɖʕ"-bUE0mX* k0HdVVnm*VɎ"TS2ꐪm.% ¸ʂ"TR+6ɅJӱ mD64l2`E`$PEE)QU2Mj 0GIC0M` %((C,C.TYd4"Ti met#āI-!f)(UEFam"(TY*h! B1T1HŒV,%bf"ܴL[,Yp+R:̄ѺPX, "DZld!S1ʕ11$II`fX` 8ZbLdrEUU1##uU H# (a;21A82cCc))`έВLCP)0̰*0 h9L L1H*T̶((0FE!P" cPFTpr RؤAV[e)`00LFA,2+YR,*ڴaX)HۋrIqVPm*F2lĺSa1TAEFBZd c"a$Lb$S!b8b3Mf%! ̑ KS )1"TQ1bEX2EDT`1XEB-Z8HnaFIQFE*P+STQ!UX)r2"Y0-"V[ hFШ* [, b"&R4U1*r+Er¤تҢV,k*(,3 @AE%l s%G.`TmEACZ̶n81V`aI%E`AD*AH)Iq260H*E#@jՔI bEJbG D93'rȜH'3@;J(E0mfUTLp~4Zn~uy.}]z7,k1VTؗ/ՆzvUhzy[}so2 DUhTG{~. T #=}*##R=H eU@X/H$oP0eRԊ |q"UQ7yf+ u`;(P c&UL!P<_^BnfuC9B9iT0spe: LІFpuO>޾gQ^O(̅PR$B N{e(`gY4!L @" ^܍$Y 2t\OsUs/ɇ [I % 'Ig+ &5 h8#"#b]"uҌSmɳdӴ(Ӭަԓ,L5Q zGET9iUVI$(@*H,$P$XB  m[D$Ğ/s\T FAEB@@dID@H"7@FDYdE@R @tBDdN?lbjU:;UPcV 82֛M8᩿->ij FPM2н\wic1"wy_&p97MPIRtw5ĆőH{$LHH y6: 84XwHH#8%$+RNrW6R/{\/ysyk3/ǴJ Keڌ0Qs)Y*, `"c`e#i%@RbAIQaXȢ $B H iDFBA{%0a˦ W8䐥G-!wR/Lc1%bH,b(#"*H) XE  z+Ƞw\zwx(]lX:O=,12jq&r>z_[3\G LcZ,u*vX|x.QKd}69fn5+&c%:U26bSIx"AIJde `:Ⰸ$["$wS: 9 MU]c`Oؾ>SD!dFRe$D9HVD!فzp?lZ' 2IHu-jzL&ƎBqrf͊dɊ &wx?﵋؍8@H#20ѻdᇂMio5'IyhNc=U|*=wGJ+tC<?bb)(C@^VNFIZAEnma;{Xkz4_?k7BӚ*VeRHQnb4&]!#@k.remNI nrH )ӗLBV;R`i++'Ys;x@Ʉ&?A!8+P;@'`iXFEBAQ'lepEd Y%Y>)aQy]J2ײܦݵ;ߩM idHCf̰T8Y,I7>NDE%Ʊy)!Q M O˅3ky/bQoAv]C&w2t3eNX{NݝK[0}Cp-F[ϣmen9 =lrw`H9SxiM13X"a n,<;5]q9N^&>z7aBvr%xEHxReZ+&OP3l ?)8*~Bj3P"AYV{*`!^Tpk+1fݥ[. +\zs;Nj"' O"[_bݴ=SxQ}l ^7egFFאA>NW   1>?-eSis8!hĈ4̬m!cl(ڢ4-Yc6]SY|41Bŀ ֿ NoL^=33 p#mSUvN(˭E|?~fa,/ĻQYd@8߭}Dk變 UikDQE) V2bߍP_?@ OqUejrQWIxt"hK_;UQq‡6~TËDEGj@<8m+lD\ @Kmx>Oẁ A`Y{|/A@AYÒ:yD$^eENmz ގ;@\#,qX?jݺY<@D}nKO`_Mw^Id0_BgjRc+Tؐ2gT]XF!xfz(o^wۚ0u/xq[eT+u91VX CWsmj}SCOv1l˒k0Rb:FY|c0vܷ~I:{uEUy`$ii;voFeh7 V 6\ TnsmXCmLǰ)BY"8[T,-'mNG֝7@mLo)vތeQ? 36 QSQlt [Gry}vFv%'ݤt2N^'קR0 HZ2ju_~+E'i]D*Hs _W%zX-G 77E) m{-CƝp&  eN E߀AfVA2UNٌ@[P"~>pA7xppci>ܵS""HH ,XAc$ Qd AIEDH"Ƥ<@ň(( AH"PY$EܾK?j};Cݟ'~meo l/fפ n%UCMcU}3|M|l HH"(PFI>W6Zy}Skdvgt߽wΟ5KPvPK9s,{^u^*iDBevQOB)1zp @|𫰚0#)r^i6z,n ̡7Dʞ)‰[g8.;TW<{X$#~CNy@tP8n < dr/i_cV\_pީ[ɚ!ֽDL٫&fȅӟ痳/r _˹ t)`z?:Oԫjc;6@F$#g*6"o^uHq6M v<EBn [GU\%mJ島gϋ<}OUgw+{'/װv<,c ?%;@ ҠXT@DL T"9/ gQxA~ApydH^y›e\ uK 4! DAjn.@C$TsM7mK. u܂Ғ˗Xa |id2.eCiN5 Sh0 4=D!>n<ܔ :3sj?7YWJF l6{L >FI ({F PQ_t~u"{0FXwp1d#ddSG0FPku *Vq``O*"ڝ95Ecn"@6B5^\LfuvgtaM'?ѡ!*]Bi|H^אkWfDZ%RDxp߳xh;HP71kTVXL}}oooYyjIwX&逢 <(mVOIc? #6z8|:yup{ ol&fצF^K$(d)#3;$>ꠉ<`@W?vxkٯ_45waD[4޵2"mUo pdQdi~] {G`6  FI}* AyEwwJBZ;,Nps=3 8QwqFjDŰP<'ر*RJImK5))5V*(H"I+ A){  ؒ2BCStK!BȩFZFX,X( hJ4cL!DQ3N@DV""Fք!!*6DATJ &h,2k@EE#aY`CpXh,UV VQQڢV50V[DUߥ"ED-m-DѣtPS+aEeTZHm)IZAY\ܺժ Z%-b cZ!X,4I`mEUUbj5-Jm*1D"щb[bZVV~QFZijȈ֍3Z–,KZ,)SQVZUmQT6Q` e-Zъ*-/4}N(n0ѵP JV2Ъ6ֶ%!EU-Z4TJ[lbm"յ\2PZZV-F҈ZԪhXq AcmlXZڥʭ(k`&B-QUK[PDZFX9<.ake-*.֩*REQm~uSEhڳEϝZkvnQP R8 BmJ#~9/7߆6"̧Çսl*-% KbҒ([QKR")JE -FP(+TDRYjRH@mM.`##lusEfQhiGCR-Ժ "MX !4hբfeB0Lԩ`s4Dr؃i,mlչf+Zk[Yzǯǧ[)`[J0ֿO2B<uͮ HZ()N/iK͟4VQMyg{eXŮlUNk9$ҧuKJ4*d|Z "Fȱ[?ijNr?C|F?L d;2H<2NMj;D*Zm77 1=/}fXp˘t5784}m\aE $4'wߧ8BnQ"5$LkJ4$(C֤V (if :^ɓՒ003}upM82E!e1*" X0 ) R(RA+(@d*E4g2iG}`̯V ;R|h_/O"!'"yq@b` 0;Jƻlv}ݢ_`ɿS 2&46{x.?jYfgZs}>d`!|'d!JWk{K0yb=Wë}՜(DtCrkp_yEZ$H"]v OH̿}׾AihhXsN13'(/!7aʈ)'l#Q|s.+{V{r_тLFπ:б,Hƺ h>qH~:u<7Ee ;&0+bI$` (c0u׍oPYP>NEmw4h@V\JJ7X )K콶 c" EmG}}eOsxXJ4CɃʰ]Cӯ4HߐV35}/6?܃oڵk-3zqwu34z.Bc뜙zxNmtw:jB{G$ ` (KYg`qro|eWC!K r+0Y8zpm_ݻ:4.LZ[j?m5Js m*7q&[Њ < Fգ0f.\Ό*]M|M*kUpKѣ t"lІff&4+. :p֪,bi^]a K#lV mDErڢiҘ5Bqʶ0*۸'ѣgVmY%D8b _e-[iWnuu[jufZu@8 E)mVݳ9EU{C;~er)YjFT$;1s#UIaб9Upߋ\dWeb a_NJm)iKZ AaZc#JE?]3pO<nha(ZD^9z%7";ʓpJ 7De)}"LITmxXʉC7}gC򈊥 (P81w"+Φ\5d #3J3#gX/@ H% 2|nq1"-L KS+[11 fm1q  !|V,J0U=[ ׸¼Ԋ1;"'PY-MAϱ0< WD$VGp`kb4DC21N]_+= }?3we綰v0k .'}4瘮 qs  {c#dӶz5vD5P㌮GGX0P^v-1JM4YU fKvOlG,[bp}-yNFU;t5ZUu^f'=ljׯ r@( s>9>Pbaҍ)ɢ(Ƹe$TI LJzө *<68r*7'xY\MμƇ^pj'9گ|&Pws״[Iu!!- ۃ47 *(Ï#E+x#>H #`sh"5tkF{$E`ة%ߞ\cV@zULz q+ Ϣ?߯yX[㸋j<$/ֻff At%k9(_䎈ULH Z jdquj5V66Yԁ ~qH<4mZ$Hfshf\pNoW _Hk0.hr9οNeɉ*J~  ץh<ֿ 1Y!>S=^2T:bQɗASGƊ*/c#}(Mx]FCנ/Õc89罾$ 1m 1 qCu 6Ul-23`3f s@Ұ -Hr$IݖоzkJg]6z>M;eζu۲oHl'j |[ztV-@pp`>:UBV]J(@Ԩ%-D b(H!@Jp{p$0ΐdcѪL(vofO|jSP\YE;JܓZ>m7RDg<"D^]̌a6Fӈ0w"DZcN/bH`qN1:c8 3S繿SjrM0I z܅Wrwپq ZiqNeտ`5U5Ez3t@12i,{P%C.F/%اNOeks9杭$⟿ qy$2l,;g_!{mj2\B>/ X'lԳ9vekKA|/$!z:vHo #8@B<~1F4d8ZS @ 2ЧǸӴ8h7?߳YiKj]^oyA9i> RBPY'k<%HبbOGp̉X˲Ⱉ. QB~db~"@.FooC>3Fts_=ZSPݢxkZxJ@|G?\8b"cTAӴ*^y" 5--', w/ܵ<.VSgx"Mb3ɪQ7;5! l@H%:&i(d4f~@ <ə/撷 ,$6秔o4|^g0<4f$ebs V`0 NY{('!Is/~V5<˾mX7-9}o*jJ ]ӗ@,T)AE)(|Iwzfzt=='!`v0NT=&_g|LM K{0Mʖ|A A uuq_BZ q M*5}ٺL%8[[,G "mV9j=Hvcp۝Lvn߲`ٚ>(|N \8xGPB(MFu]XdtbJ 4hP"M;[3W4(^˼O`N6%tFf - :\A`5-Ф#P}[`b'M bV/Z< A\@ Ae4P,p R=!&!.~xkl8@[pj/`I$W {(i?L%Cپ?Z E$cSAAB/ xA3hrВOnT=3 ;lҿ5JkC=T"i*y6WJA6W!@P>ITH#Rg;"p_OL|LvzOԼS%kx-ye6%gJőխQi\C75@<ւYn@u5v`3 2q%m~C@1 ]1zk>ںeY]Y EpYc a+';%oHc`#iűf:9^g"cYů#D1]Qo<WLT7ƾܲA! ?vFB؜:Yk>7ޞ~H|@&xg'ẁ;GSOB]\u5㽧R"D@!|Rgܻ-`` & f=}z> rtGb}7wr:F-"̨؈E(C޾5 6,Y |=A3,, )Il}B C3Uݳx>v\=i>K^9zϓH2_gi{M:sm/ TJB'OWVӵg:41 )#J8qzsW֜}SZI>Bgi z O[pu/b~ L\H0xPR­C>w8>.WB“E Y8%vm;Cs SeGAs?. T! _M5dym#lZ8ru|c5jۍ{}Q8>{mƢFYm` cpA{s1ll4睊z"BzvFmQ{G@l?DU(=m~MB&KG޻kYL,ņ[b] [eQf&!~cjg樮=L&Qb+5?NF"W)$/,㹚dHJE6_S#Lh#me Q/PgI:]=0gޞ41,*#l꽚_| HR7-;V^b`zFY 3m\ӂNJ%3q.o]l(V_2耭Tc b98ƭ*ft%tHsEASQ>p#f50 áf?xKJJO;xs5v!j'_mK)CSyJzLh3.3\kOk I,NxM%5Xq?'n TK֗W|w>6E*)*{Qعн8i&u# ܲs]q% I|Ҵ2w[%v7jg8)0nj\mORf"  zKwWcZUJn3N 9׆7յ[]kbPS  h﨟C|2fY/H*3QUKm i8y/dp# sZ;o":1xޱ2R=<֯`<(Bx6FP7.& @[ vM+[Roa#*#ѶwYǟ)jY,>b䈤Lh3;: v;'cʳ`CՕ$1sg;^vl2%O>Ces2:xgGś9 LBEk4(1@"XaC$wWsSKb㧡x[6~U2@[~2y/Gm6#jB& ہ싋\zjUl.Hlj (͂Po۞8&7O1nP%ϖJ[b J-{Y=jHĞ܋UL?2zX <>o!yڨ~#7a!4_ɜ!^ nk ˰lJp0VаHFe}2RΣ2LFF3KBT{"f 09&[tl=}Ȇ2#Y;O!71][=-hiof,vk)iBE6EB"') нcScr*1NF 2z)NbY[}{M@!ʍpGvTbѿDo'K^喐Zjp#Obޙq:l3kӢ 'F|I51#_5KT$NSդ5Ǚ ATCXGOU/ j՚apԬ8kP]FeBaSz>1}'2?!v+_]Y[Cέs(+ J'^ou!]3nSAe0vQr0n 1gZn#.aPlTuUI1K6~*Z`/ukNښ{psC;A Q_TD]̢%S@`},]f+P,zAV L j#+jIJ/X% kdXw`D[ ;EյAQ4)(TKY_ k9l2M#U&G;ecXTx xb&BWOP˳݊\$]^u3#u#!2l8[=]1&7S1^iA<}N:{{:WB/ҕhjyoJ??qq\6",ŀ["@ԄJ^%,mc+-{)m( ? mk@-xH C4(}3V~Qɼ-! ;E&2CY(~Qb̼%|`PZ=`X. °c\% q+5 $NWD(֛b A_+\ (sAۉwes/eQK'Ik^y6qk:ξqyNv' 綣<vڄcdZQ$EN12+~/BX*ۤE2ȅ|>wB '7֎ld:@t=KJnhn8Cųñ Gڦl M{ӒӃKcv({p.9C86g M>ㆣ.:٨$_0B]6E7ZVّM$H%"7Nll`(8L)oЦekJ] Aؼ6&9Q%ASb4ԐUt}=cܟGY{DaC݆ X9uh8#UtFY4xQ$u`˺qk9`}g3H4DO{=|TԪ}Ǐ0rt -x;CLeco)ٸI5nFvxאz8d`NJSUZqrd;IByiw[eW1RpBv;#t4H R<|V7\>0-6T*Dkvf}> A 7#挱TQ X3@dN/`C,.x Al1QԅwwC\=ge2P,o0/ZoxLt|=%9A'w`Xtgmtlp__#\ F?@9BLhS~{ߠeKP+!M?sGi5! huK?"ƶnZ C2s@RB3 sW˭fvOMZt{, *oTGtqD<j'/w-ya?P(,것QF r0- 哓Luz<,:9#-4.g-yJTGaKxocB bNu ta銝IG0K6ox$VtynrLi{ Ĺ ),O!uSN^B[cu޲)~,a&,Q_$c׷@FUBuywn׊'jh9n3x:n?T2I,7,V']%nY؍Ν]K3MsQ9@Y}r55n7S}\ Lw|%P%3D[aБf6bvq%6|ig&b>k;{-腋穩"fb_|0_(( zUr>w{:VJ$@R0&l#TqJ$:)%n03'zn~Ec!)# -A(9{qfX3x/z>nm:a} c0' ʊ,Ay^(?vg3oUu|F<@AY:lHSItP'Vn|2F^+tK%gqB;@3Mohb^NxzR A [, k+ot ;35zAf3}fi]8"F 3y<*7'_֘zV特vԴBH'o8,7yIkܗD|\lH|"W=Xdtco^x;0Fau iSQ<_LiWJ:6vT'jaj"I.@x ]W(^A"IC8>Bnk^unT(~"!\Ƈ-\rto#H"x.rDJ̐r]_뢙8sdGf/Е4~\(څPZ&*65)qTdQ85Wn-* ld [#3wWj{8ZH|=sj򤾊 ҿY_[۰0nB:>{7&$\e@m|}9>Hl6jk,p4aԯAi/#]@GDDLc,,w$OoW7kF*Sc *'K,>W"~4+A2t) 4\5Ѕ}roEBp8xBKyDRb5-n5X(&Q 6H1)oyxPԟR```XsWF(r%ĢGjL?eƀEh4F.$ro&l,$<}շLT,[*\.|%f@]Oծ,z~(b76 5mjq8)7㿥Pip D53Q|) j&>Oy{OVeLBBвoPٺӮkp:c.%HAFW}@Ʋ^G!T<<&.^uCGޗJ)J&Xm3bIAҝ.>/3y%JH E}iVUL2{Ixfx]cBa'VJ\g\u,.]ea9joJz"_3H?NincLH%P\,ug{N 2-RG~~sBfMd)JY`A˽W>]۩!T%әh-rjp \j\&;KخS9b9S_vʀ|`Qi vN5zfg ћ䗴P-UQ9=Rk4vR)nA iߪ(`GaUʗpI3Z߰N\CoYBsH..-n:nPe>@naRCia!bW83j~p66B[Ne IW׳&դ^종UEcZD Q{ بcbmƻuA#89NvE!){ig%!K Yޅ5"R_nV?SЛT%c J9|(YmP ld'߸vgZYvAf9Vi 3Ob+!Ʀ|P{ %) pP[yEoqAu˛i+|Ljf},\R=r|S&_{*l-z9 ۯ ( K8CZh\†R^(M<tg "WR9{5swPW3Âchس(I ~|F\Ft dr=ϵjl}Gd0`RELz{}AUnt4ɡ0GamPR1 &''&2-ap4% cSYzT rSy^׾YnOBFw1D@P+dUo%nl.z$8I5 SZ9Ƚ3XRlOIm < ;,!\\~_s&y/ ͑r-jC#ɶ!^ "o4>)FP%؅TgE>TtSMmVI9γ4$%ȲWP"Ø:ツ{uW( J3~j034a2 O̺tt&JIA9b>(h*Dd?zo'[F`Uպ_3[FؕH[b]f֬%xa 8" ?Y%a &qCYQ]HN]5h'8*U 3<SafheÏn$)n.m2f=*svG p=?OX!oL$7NZK$'q/rmF.;DwO J)R7D#^j};Hy L y} oi(W<}3x*tw {滚X|,Y )gZ)"jk%_e1"F=ՅFfdG'<4u` XF%TЍ .dn!6u-IqfB Pm+D֖oD٠0& U*aUĔ170љW6 _˩j,\.jȃOa= w3JbjO_;'޾{z+ nd.5U *ĬH UeP>*ʕ!DC]ɘv:vbEHUĸ,ϱBؙ# SPxq) 4?[LKG hE;M`N^pU:>Tܧr!z +IS =}ApSócNl$rXS?bږꩄ q["4M>]A;kp#V k `n U(ȶ}b) Ɖ;iB.:63NV*!ttkQg/jϮxљ}4Lc܅n#x1gXt$r0%4%L3xmL×q@v8|r[g{-xǐE3C$Bt^>PLE#pS}2 14yO[@_^egc>/Bˠ =ȶ4V4wPGVb+_Sd'JQT}|KN-D:v!O`}GMCz*I]n靥LKEd@JދHg)SsJFhiۦzQ Ljvduz^BOLqW16%&|w=)YռXWh$n *9n|S.:gؿ_B8Z,5ߍX֒qnpJ)_q !z0a;qg:EtKq<彤 n6$XuGip-*s+:q4<GQ!=嚂n̖n7u,g 4Ng2gCa5k[]yHc@Vc :r@N=$S(~^(v2 %n[yz(1~,MWK?3tj l+"ЀOV|m ]6_?ɾ.D zG' QEGX2#gFozxEIڱ8Cbe5A5.1b|y<8tm;{qфP1_beDjOq3OTY&h\їJS"&p0Ј|(F1Z{(=*իƘi|m4M9Ro6[Iefb2޻/PJLE|qyDQ#%NZi.xW$a@;sr臵 zS'OqK@T #=\+gm`"Qr%2$)l`ga (;~W?wRPr% wmԡ]8GZt_8䩲n°K%5u\8^ E i@ 7uFtS9Z4=0 2,nb:H`V#m̻.w,(`TB<8l+]ü3Av^BBr SA@k^~/n C{wF:[[zXbbBk^g,^*/ U" !۩BHu_3W ,#'M3LeJq4h**׵2PBTj> 2hy:8g^=pw09cXzBeHwWBg lle Hd[|$(?&=M!FE]V.DN ]W1 y-ccdlfIQʴ^fJڂ{nDuc'4l؝Q687.4mcXGY;tQ2NFG7P?!qd LKhLa 4LA؛P:7ImiוK}WB;Eu^0gsm=K<]m cĽY5#+*[g4_hu@d2@7B=bj,Z [3UrYt}c\eo.b31 ;ϓ[qMdߍn? ~nxt>-+}OfF7II?0 d;&=Q5Oi[*:KRnQm9"sD#u|qΟMGߑ1tvtH%81k2M1$)s zͮMI59K.=}/㨝Yl]s &08T F: A#0k yH9c'C͓QվN.>Q3Sjb&;isNNE4.J 4CBrSvt#F.Y. \ ,+\DmLdy'ͫ tZ-Ef:ͷƯf"t[GHǠ8;P =u93۔Va.SQ/O7нrI}o>z}B >GܬGOrHP3u>$Cs"N/MՔwB o6UxJ+q< Y+ш1饓ިdH +7\%,FP(1kk>Fք/%Y>vՊ܍Y!feCE8 D J1OR&E濡e`A|/"~m&"Sr b0O(G[:ū"Y\ J r5\nI+51D2UٷJ<_ryh B1*i {]8(dcǵqOm:&Iwp |%'c|>vBy)̀;>f>e 72[{͞5 ԧi: sAЫe E]R} v U\[d-^5S#xeVBJKq/SsI?zwC(.J6nJ x&EחxyM0jΙKTs kS5 &h@/PX9i$qBk,2Xp=pSJrm9o%B` ]uG5!abq&xؕg'ӡT6߷A'݂;,85n@wxWO=rǪ׋(^7Ryw>-b|],a,+]9W mT~Z~"*c [>J=[Y7/ʜ<=c)@n]nMhm_+ZRLd=mDd -KtZpgUh!w?8#!b%cHudJD +d;鿯&nߏCf H॔ ;׻stsA72Xҹ׾m٪s%uI|#Ồ<5HR:_B<9<~$iȬpۙQЈЋ%ry-}+~4$./TcF*ą|/~cpߟR"^|dUn,GmYG4L YTC ws?B_]ڜԽSd;sUj5gJ'0Yℏ} JYJJcwh mكԭ-Š&ۍ C[E^B8eã `BODVqqA>惃֠ b `P#$,qHÐU6y*-3.+zfGEV@oolF׍*Kɕ;'%8 <7SE4o9nsJm27]63p֑r9&]ԣQ%J~t]h V0_amūQgS\Z,UF]Q|_2cetlF@-'<:eW 8P}sޗ|З>E-~.PL7Can+oֽqnUY rm) [*)mdr'i@ -eM3*_;A_P4ȻCI#OE{NQ}Jy~!U(;)Α;p(zmrV`+'5HOҤvn,@^ڻ=t`!nCQv;ATmZɖL^#$/#U6E̿~=0 ٵL$qRC yJ5##QvAt3Ip rJ'{w#AA~,4HU +jkqUfLyZzZ|vX )Q6ܰZD  ι˄v#:N* f%Ph8CRmv5X|X " `qڴo z(=|w z)H' (RD괥<9tbLJʇݸhÑdfuWޖ9:Myrj(<<ƭЅ!e2\piUG؋3' mڐu Y$ɚ϶5<77=.b, p 3"pBHdt77.>/vߝA !XOOݾ(w C(Ɣgl +*auKߐ`@B0BYmetHviO:g̱[u6B:Q~S.r&0.'' l*H _pu`b]פs##x}Tޕ7o2}հ ~;\ll|_+ yGAƑAwq;) u)DQبz]O$UW('~e07(&bO`K%Ca%V B`` ksEM-ml2 *ɒ^HR>WOSlۧYp躵.Zx?{I(Vg"VzEsO jz ߝi- ͤEdџwUOȣ"ls:622`f9z,ճt0Hr%1$2id:mX.= ֶ yszvu+:ˋat s#<(1 EBwaI>#UtG~-.6  su/k+-$-dgf,m3a _܊Rw_݈q܀/X"I3 ZFq8>d{b4YEP_ L_U 3?Y6Z>E,]3 z~x^0rk>n\L(SWyMI_Cz[s)-X3q?̠5+Fg^6(jD`T@%6uqT1U 0EL$|N9P>LѴ3ڍ*Zctvs(*H)gBrZ!?#@Daz&2Um=E,}:&CĿtMg]_Uiq+?G /̊b 1EK#  q"tܕSO-q!^*ja|{MV{Ў X h B@e؟n_WHB8+w_z;xI:B7cT骦VbFX^w@򹟅eJ׼1u*B6RgKl)20ղ5,w3$?}Hj.] (QSTԓM&B۱CX.dD(rf`Oqʵֈ9:T~%47҂KFcYk[`SF8AHwMZV/`tSpG 9Br:Ǿί^UkHׁ #c6\GD0[hs tx̬{anrc\r-NUVJQ gjX(3Ҵ%C'#(Ӛfd/ơ%Ђ7V e+)OWPW+A'8L)cAڔKX WĊ!ac.} Mٙ!emAYLv)§?ˆSi =H%۬CZtլcNIVJ, $65;zٯ]z 3^ -=kc o1rQm(z`icQ(2aߩ׻eL؉?+=Me6(kU,.ei+R$y")(/jYc}n:4F 3wÃPm+E1%-5u` ?ľrh"$t`:57!zOuxM&ץkQ?KHFBяIXSDm2sz8_d-%,-3lv?I^Pߦ2'"9 MbQk8pe ؉{9T@lRT`>;cA _ )z(IL6[]qDYqqc۞J:yE3D_t"]V.)WRF@"-<~uz8d)]U–)GFEFwT yM9bŅF K9LJqWñ-MY k,˖:@[P|.E>G`j5!`oY/Újx1}p;u4`8?z+*f!˶KVىKjqFJ ' [, *{D 7 cՁˁY4yI2#sqiTR!m6HvC1xP ^X{QfA[&LrnlJ*牾)"Ŷ)}X]+ܸm2Ը*|^iTqƒkjxcy ڜqĜ<{{J}<L,V@Rvjvo$|6ܤ/5:XAʦjSjF ʸm. <(C_xYq/}-]/#ɘZ6zJ+b*Aw͒}VVnuhxsIJh=v4 YK=ɐv :TWU=KU닧/[b>0 bJq`'ʬK(yހdiqd4BR*Wr׵c,Anr1`n0]b,EӾ-ev𲣄U}{-h^Ũ:>"4<8heXWcH:!dw8;e&t|!Q'Prt 2)%yKY֩5I 0g]#{7]oS7z缍RR8+6L2 ]CIQ4 Aa#WUp&Ufwd\]ӹ]n M༁/Bgmeى\QDNQ*h~^'U;80I@fbG(Kh[p(JQw:\}Mbe 1Ls_}|iC ?}ϐ#7 ĵLjG14Rq#|Y mqjCeN& p5wAgWg 2Z޹5%O4 T5+ӵ7'v].Q}\~G\:N]E,p1$0w>b+oLVsDS^gy'1ٞ٧I<>{qِAUkjUp2ѸKFd)@q2CW\{qFa8/??"~-Ho`BS"&6,;mr |:"уPc ݣJgxtWs JFڸC,&":'K߇@^413՝Lh夭 Ey,VjBp/K(\2LRof Sv. Pd"U@co9 ͉>JЪ"z"ٟ"F_ ~X6Ww5\"!걸%@֥CQ?>te!)x?2WY( vn·25k\ٜ4jg≟zNE2#[.#G^"OC<_ӑúcFoo\qkXj"E+F:y=@,ϙ٬N͙*Vko (x5 &BQ_0\"FHp\b7U_,0nZ7f@ E*fEQi{/ͻ:qJy2:brl[F#6O"r%ViPT.ޙ@[$I*ATA^R6DŽl?P,[ ^I"(=boݱ0V]k0TDaPRf:[)NI6h55%Ӈ}~B"'J8p2( 72`*oH,a2"n_j2B$DOJC>m?%M0_h{DI:0ct-C&io%w;x^X]S8vчYDtK]M ^w~LRD傫a@K: *=⻑B޹_5s#$tu5fmfMO.ϕQ@8QZˣ)V ;܍"ݺq}}Qp!_貇X鯝 {<[5l'V(5]MƳD/TNԶ9ߪѥ(#5^(:l(|z7t\fx*7L^J@bgz+J~deBQ Zdo&ޑ'ھ2ChO+~jok;]d6NxBzq^]_5I1鈙: \b&+n\+ P$(Ya$$g윍cݸi`9bKD8g!.-k'Z HjJ~[aPaJt, ~M NYAӰz^0XRm'k9;|ke2L8SBn;xD߹hd1`*^am !8idgNd$+gʨ$ΊDc ݄M.Y"خ@aXh5ceM8R$-H t-j2㢯j.KѠj@V4k }!Ce9%A+fcwrYX[/\EiI{U X]9!/XU<`̭}:ɯW*L)B*C2ӣ89Ց/L:P4 ˬIY:55]K`מ*,'\{yFG,a>5-Y Et^SŠyZ P]08J3v+uL%]?9:5 =~< JQv9S}EBX$tpƱudaɒtu;UMQoJEx}3P5 6qQߛ~{eVlSE yuP6@)ٻ-\S]Xe3&-ji-|֋gy_J*o ^ot;b_N+>]s SZDt KZ^^hרz 6ZBS fkxx~d5ߦh5Uv\$L>{PY1q(Q}Z}[h\ܛWü^M-*2sc#x5*!w??0-Q6`W`"'BLRZ8D=.HzK`A3 LrI:x+tbtPԶ^HY-$A]Qɏ$ڕAnQ,D\P++ XZ8= RYL!׫{Q1&O0 Y҆Hc}:aJ\nkf3.cլ-%J+&Ը->ORA]/VȹJ.d(4 ~,ŰL&)+Ar'=gOVNqB5^]o} [?7Q%ѤTo-xd,V7xg/qt'W4(Vȗ9C][9VH\dMZt^7Sob o x< {}Jg)[i`)tWGf -Wnz FSH8eXJJI@4MzMc@Jy<GBǹh߽m7[lJĶn0&b F}`u ^ݦA&E RTd|uT?<ЌZ_ {]n.%\UaʼiҁL &Lã! _Af%rJ힣$jy76- ɶOCz@s'x *+zڴZ7:ڽfd@ %gÍI.l"<@ɼ!j5ZMOi!"-)۶6=fBي23y.‰;ub +-&1uk!匆<.1pĩ['51aD|ڢ'w7J.Z[|^}o UcH+{-H#$67#.M|cgMFШJNxJN1gl,|*6^$) l^A= E |I@>,dD"-.of"1ɝ,*ZT-~&\d23R/͹~ d r2+{ 䲄R|Smҥc%Tk zUpJQ"G,ا"FMN#GFSZN[$Ȏ "d2cNV`䠁ΤnбcD\CCV{r_+-Ci,R~vYU>(lt+_&@F{ZE_j@ZAfxNM eÙ Wxq.jR'm=Saw" ]-z ^kga*Vr^S$5_VOr/Az ʲ?y8}CkV̮s衃X,vѩ5¸/E^tSˠ;*֨[q x/$Nks[2oא"ѦKN4":KEE-W2]aQqqUӘbvoLj6|7[`\}-_OKMur.P딄&(Νw$ͬuy<:B)MAm%{ZJʯTN~xG0!% 8N37wԕ+܁n SGV!Te]qv9˯3W$9{}3U\9鳻g̪s3/m`$YVȥk9 ,/ k`O~m0o8Ba˲VGZ3r[Bm+<^n) g$ź:1v݌tN2i8fXL%j`чa5$e\.x]鹋ϊnP7MHq99r,Ŷe?]Hx!LQ}UKތBHtM"óE/Jv",F9Y.Esn']&[=_ÞizE'B4z3\{$Z2 Un}64|O8njÚٳ"yUqq t.d[=05*d2 X?%\[/&,>@;iDFE ǯ3]w @[3^ q=4Pn ΈOeJa kکi 3^#o;`k\$G*qń1t*UQ&Ay})ԑ=(QRq,`+*dgV6ވW m#d^|Sr4o4i*̰Rai; DHor+EuyM㌰pϜ,k.ctY"A*wm^ EQ܈'f>Fs&7FAN7xtB4͛Lu} ſv_=!Lcjb@Y(ooJ;Ӳny*eqM#I͙١Î1>y:XO S?%,ׅsVgCE#"|UٮfLFO,}=;HIUAM|:Gx~%ts;)qbNT:\pOHhz͆~JX4u^[dҞ( ֣ch jA\FkpgR[%aA'&Ђ_wQ1 VW]5}=3ڷ?s& M.}``۠UuB+䧐Ҕ$eE>wcƸ?ȗWh&igJNJ s:*iH'Zfd*dfJ-~MHrKehPeSvY[1@Q7P`ʭWPsSC(@2Fuu5zL, Ɲd J0x2ྐྵB2X{aűto +ڲ%P1ĨkXIGKvWaNTLn7i8mnYUۥ ozܢFI -`zQ})ci rwT]1&;얿I#Ƴc|_7nNO&D$ұ-x |;JJnoUUttOïK SۅZ*czFp%㣎ɛ}\WkPuwԫ6e7~5>P{\F ?8NBx%P5H/^_'} a޳…c>3SN@ЖlWK!Q / 8|5yA"4+XJ}&,VGMxXYq3SQQ$mۿ7"K{mc$OFucshZfN n?yO-ǙjLUR7%[+CM 'TV͋UcB!@Wa5ÆKLZY:L5Mn*qJ~S3k;%n"WCv}3ԛDv#dsq]DXh!iLQ;), dZX5>{R<}~+ 7Ƚ u'^BKz<ڜ~62榧 8|e:y fRn׽H*r=g'HQaJyvC{ZqpWP9N m2d:-?M%a[+pL(y"%')Ã٧Az*OPW/؛]pzָ{yV'nO3*[=eV%tQ۹Vhaw󩾱9iҩłOz 4gÏ k}'*cc#мBSHv%q{Vj~9A:a&]E}sLRYk*K2C[CsS{d57Q3=jPb2$-P &m*^ׅ%-wbW7ez?F ]2)D "'PX c7"PpϾ`cyOGUXpRT`0U*L˿tUN7Rb9iz[h@Ab<žbʃ!RYCR}EPmmuH0>#i#\V~+%ב5Jbk˛KΙ',ub?qRա-"㸱s[SLkVsܣ$\۱ z0I<)bS!LIn'SgtMrNS6âhlTR0D):t(]$P&U xz, UĎ_RitwQI6$ J/&~,q}L̋Zy$iO.#H;$jvՃ.@ EHy:Nykʜ@Xy i{vU>~,]"9;"^a&-.;E_Rf[[2J(Dd"ȕ[{$ x#iD,fËe"i pJqYy#'}d9W}G^y^XTc$%GVl6L4|D}&V~m}< цؙ]o RB2Ο7kyD6Յrq70Yamhh \<,ד>/gw+<J2Bz"#~AO~GtYO=-cTՉ[jsrZĉB%*Ar޿$dѱ~ d =TC:;*mpv={mNؐ"`vMIICx jWeP;ȳquԱCkZؤL@g pybuQ4B=j[|-{Q@$܏:,T?Cz 2)sQ)m}A^P xTαIcB)F6[5~d&c7=HmT'G4 |X:Y1B ;.eKd;Fv ^ѳ=E{k2H󧆳>UEçU~Z ^#GsҞ\8٘I2RHU ClIh`.>]AL1{*P`r_cو_07nVvNEn֗EeȡBV&$! o?T\:–oiP '( TrÙgWQ!ywl\%1KM(өxהYb7|Pb떍ymk近CłhYě AnKW&2l*qe,ё rн 1z$uKxكwf)w h+ v=Q-R87j(EA.8 *FzfcAMb막4<w+lNi]zsn͡ɚ2м3w#hLY2Y󾻇aBtиd+p;$@5̼޶Y aC")ELvw"2e[[g@YN8/O 9qen)S>+a0^齈B(`{,9_\=UG^)Yl! a ;a4#v]$`RR lSƑ+wccKȝ" nn>4:gtz@obn9P8 6q=l$'\5]ژEJ!`=-x==H_̜5NI6)`4X2f9jaF4Ѳ"/g}E;p]nyZeg@U{˶ǫ3IuXǿ#I^/T3]+ů;, ϷH=\OEmH4Q`@HzNJ=Ċ͠+Ѐș:K(lC.,т0~P$zJ/Q5S^qe#Heiԯw欜K0 cF{1sEok a L1=;nM _< ®xm--79Cv~;KCXAX,)Sq4[sK%;TSmĨȬֆ?,K!u%k2YhjC;8LoI4ZUhqCA&v#ԯ,k}c}\uOgC~ )N: !! Nh`T}4]N=mCX,{_7n AoSwοD Ş%͇ݞGR8kPSzkYUt#BoWi7Y¢S"`SO". 8=+cSJRFڥQ\5fgHJr,3.I! '[llIqzC?|:4D> l芛}jiQ&W%-''A1G a 4#) Fp#l^Rn%Q깽!/9Kn7{2L\p_{|gE \]jaSKkŠ#ɳn ]$}97'=ڨ0oZҘ*P߼ G( (`[y32ы1Y VrIu^yؠkBU& k?Yl+йw,ױnMB{d8 dQ?"ꃘ$"{< &=(aЙ{k#$jQvN_ +du@TֆZ`KCӇ Khxn7N24{yYvENWY).6Q`Fó'e)b`% LS7(j:J[1tx.mo8=K| &ܩ(K(kS S>7> fVܝoI6p*NN+TA Bm!Ωp5s6IiBVBW;/˥Wn:!G˧W`]Mz'6ڨ-%f۷>}@%%8tlI2Xe\,jrqU8NP٫eƪA9F.O$3Ŋc0[3.F~<b]bZNHdz=цZq?I vneaunrfi@]7G[AV}<Xc4H#4G]T7 @)@TZGDWklR,_Ƈ&vq*BZ2́VBtbU؄ '&c{ Ȯ #بC?^wױ[B]$j^r*2Dh%I 1iACgBֽfU^Rl#v^dl >kS"̼?i ỹlngM Ϳ--VV"Dਙ !_!_].#Kf;M^[-67mF\EdA|l>ՒN[ԓ6[mMOGHQN6}p:\tu= Gh%5+ݰ3%~&OûQo"wƂ܉Y(HyE1^pwYg@g%YStqZ|Ǧ"Rl[RUܚǙry3oZ@BU63w0B|* m= ^Xui_myL,z/g4\Q mEr9xeJz|$NE1xk3PݾQ몧4h#F WCxYIsIe[_3h3ˀ210/uo` YC/Cy>* ꡂp=z`Aa߄=0իpȜp3.i'Ǚ޳'XP Q -Ѣ 0>m&h_v%7710jG|gP(~'R2͔ZO~z hRK_u`5dz_r@nPk$Pa5ӭSU;OKTyLoswO15}!#ܭč@Z@8}bPk8cd}N$: MA줴ս8RCDt9h `鵃@yo)IRpbZpsw-S5ٜ; 51⼥N#I_NDTBBI*%n x7%\s:Ys8J1 7>r3R;=,ֳHxw YهHiQ4[̳ȩ3G|Tp$mkp:}KxzG&@&CjSo^s:Z~⫦\|dR%*[d! D6V MWơdQr3&,eIH|MXD@Z|ݲibuFYod.zoPEiikoa^Q1U{.iWN{ lGTք!WɒOyhؘ%LA iyudYa^SoG;)0zny؜t?u0e&O.i;OEq, %4:ru]&7{B>f, [B/׶~U@n+[O3R>]?R.VVQCĞq,%9'`6HU7w]Vjrl2n+N.jK7Sc׿7) Y.a!BgrbS.]YgܫHB2OL>&|3 yyyFALlW+dP"VOEҷ;#(8\t0)%d{`wCQdy0`!fX0ϩ^<^6 H4I>uy,1f"ԡ[kҽqZ%Jbw0%lKמ\׃>>6pGs$*kxYO~ 0kxhbأiFF6nzb5G{p=*7Yޥ ,ɖObh}.$ލj ЕX!J|u6bO+}/ߌ_Qkn PmvvQ1Q 2J5;L^-Ehs[jq9ų`9*?x'֏WI<-PNG}w]"ųҀ)6_}Ѓ}KW}^KGM 넗6$2g2 _s4M@kMdC_YƄd+.:D- zL ?9yݖvVPO^ѐX MsӘdlsb8'M8"4oTwk!ZdQkGuцV JeaEXʹl"+)rI NJ?!yK 2~{Ϊψ`^-o = ~D6Mm͔۷Y؃*y?W?ImSu,x@Wֈ'1Zg1?b0dwړ8>9٘A0 UHM|a[(E3,_n<0F&Nz .PdXԶJ0Xe!@1Hs J"%Qĝֵ&=9( @ǽ6W w OA 5I˥:׿V~Uk[v%ߐM&6XBe1/Ң ! gtPKp gut # Qlk7{Dۇ_ 8\{(?o3!M~X良Fi)m怃*RliD>ZU+zJɠ!V`qšIF qJ9a|֍ j0t7D6< ݋^;ޛQ1j]cOͱv,Pw՗s3BN b&׽d& 0bR+ȗMes- HS4\Kq ]_ok@>/Ӕ)?I@~Q ~tUG=b ?jlTh&5J7=F";7iU,"=cY4G_r] N۷uhр ڝ|>Y/Co-Go^OyQoWw@Jg}c\7;9ibrPn$JhD*?^OOm ^]ؑۑP\*ַg^rv(fMny@HXVR&5'k'TgIL}i\:/0'S3]O`+r833x_W_{q ~fJ-Grhxŏ d??77!t^(R{vcW mP'j]Ҁ,|+@>6r! x׹N4;,t߫] u<>QLq x>v/sц"*θ`o-wAt9B_9r8 N$|}Eb'몱9WGD ni_^afƆ16r/T,[s5Hv׾DY;X/0co f^H]q+Z0 غed͑`QZ{%z FJ]s#^4,5xO"mk<ۥb hm נ֋)U_*lRI_rI@kF#8ĉa$9Qg5>]mr<$+jި`(6Lı\iRuo{v[ 1{KSVm <||3*?hHF{ے=,{Vl!Pyu@zK(.l*m0f tx --tв 4,+2A6~"CNw5H?=}Ayw;,,낑B$&uOX{y֍|4ɻClbʦ u|*M>UaNUQk9a/f\=E3·:# ID Ò5cjf׻('zX$ߡH$i樷l`GLץ˨AH.H2]NG `гvŊ眇vc@|MeT{À[tQs8I/ OcrQ'HևH+i8)8E)u2zwbSWmIqܟf!f|( '<ߵDc"76WeV72+[E)w 1A>0 9s[1=pTaU1pȪ3vJ(@ V܀pNt݂fsoZ./JXuEwryۄ&eHcB.]>e͘NtѤQߞɓ'8 c'B~FS":V5Suv[.9H175*5Os, z})|SQ aYCGt%2cIў5 πüb'D1:~wG_b("CΪJ4{~(FϠ#0IXŃ#2WsAQ)q`!3zsX]1SUw9_.x`@?fpAx%GHCf{]cĝpgz_SmN.orGX;eƒK QOuO+Q ACK཮5r5Tš"$}Edme: k$o>o*BCS;%1U ˎD2%&Xo7J ~:3ĆupˁfsnF\#f36& ՟vns9ܑ  2޲^IȦ%dg pgHX5\U_*UfizooTw'M)S~PId^;:77$smaeD8fviw YZ