xen-libs-32bit-4.10.4_06-lp150.2.25.1<>,T]/=„bh F-3gh#ɋ ׃FHPQ-e$Ŀ@,Po :^w0- OpPl6J8 z:gk &b{u\nAEqM*= դs^JBbb$wm -_G7oZ}B$L`L )l<18{"Pg͠"+(T1Z8 };*2Ý[SD^G,sݰ>>M,?Md ( F 1?ou|-@- - - -  U-  - h- I-*P-;;;(*84!9!:/!>1G1-H2-I3L-X3|Y3\4@-]4-^7 b8fc9$d9e9f9l9u9-v:wG-xG-yHLLLMCxen-libs-32bit4.10.4_06lp150.2.25.1Xen Virtualization: LibrariesXen is a virtual machine monitor for x86 that supports execution of multiple guest operating systems with unprecedented levels of performance and resource isolation. This package contains the libraries used to interact with the Xen virtual machine monitor. In addition to this package you need to install kernel-xen, xen and xen-tools to use Xen. Authors: -------- Ian Pratt ]cloud136$openSUSE Leap 15.0openSUSEGPL-2.0http://bugs.opensuse.orgSystem/Kernelhttp://www.cl.cam.ac.uk/Research/SRG/netos/xen/linuxx86_64/sbin/ldconfig%%%5%5f6@58$5%%5+ vv&$5'TAAAAAAAA]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]1380f8f77c6b97342ee69a5497a4c98d6a70d3a20e8e8be0c1ceb75ae66bd0f3ea09a265df2b11196ce80d2f493ac67ce925f1d7251ceba0f51c58b3ca3c49cd90838d1d39f33059f5bb89522a23c019f89c904cc9fbfa6184473113d02e244d798a500484936d0089885ace6975c6ac786ead67b08b6086192868c01cc8ea4433822692974989968429d4bd6c49f40397afd7f626d63449f880ebc931c8785e07d4aac8994976eb84976a60d79b43888ea8f2b61d05d7222c6fef46ae5a4a297f58029f619428cc4cee3226ad77f68eae323d0d7d258a01f89987b808668622140b8f8e9e9cccdb0c184d32f0146abb690708c44dc2c3a538f587e362a2b6dbfe0be99f9385b82708908d48edfda0a66cc6ce59c55e0ebfe7b9e335e77c5e3d37ad5831a20fc96e1824d19c76527ae43f04bd981d233053bd2a3f37475985019550b99fb1038a54f9bce5a865bda2aab7b2c5d83662a504a538c0caf2d72ddc6d8a1d4281e06eaabddc1f83eea0f800a393239f2faed81cd56f78af17dc66546e1a7bcd5b8d469bbbf31920ccf2ecba3648dedacc7da6c03202e61ccded85b52ae8f24bf1d2e18496e66027980f812cf361888a487566a39e3250a1bab93e6ac76cf369ac6e640d644e679fb39ad495fa1cacfc617eb4b5cd60a5d12caf6c8471e85cfb826e7151f1d34cc42a24e55610926cac2fb99584d9e67b5a1cf5465e2921ab77adc78328b81258aed6980cf3a6bbbffa33c2ad4c6df04b6ac394b2238dde15bb1e87c5da354484b0a42ed8547d2c764e56c78980fcbd8add6cddf7e73a528a83cbf33a2b24659c00c799304ecaca1f4242bc478af3c6c411a431b6219b2315b1336eb0441d8ae90b3417f4ded787cfd977c31ac3a9ed8c4c685919f0a5f29d504395718160bcdb03c5ab3b56be3812dfd59fd4cc0f1c6bdbcd838176a03a4d6b8f6d0cb2b6da808499f02f380f3c6af688922d5f2c51671079bf9993libfsimage.so.1.0.0libxencall.so.1.0libxenctrl.so.4.10.0libxendevicemodel.so.1.1libxenevtchn.so.1.1libxenforeignmemory.so.1.2libxengnttab.so.1.1libxenguest.so.4.10.0libxenlight.so.4.10.0libxenstat.so.0.0libxenstore.so.3.0.3libxentoolcore.so.1.0libxentoollog.so.1.0libxenvchan.so.4.10.0libxlutil.so.4.10.0rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootxen-4.10.4_06-lp150.2.25.1.src.rpmlibfsimage.so.1.0libfsimage.so.1.0(libfsimage.so.1.0)libxencall.so.1libxencall.so.1(VERS_1.0)libxenctrl.so.4.10libxendevicemodel.so.1libxendevicemodel.so.1(VERS_1.0)libxendevicemodel.so.1(VERS_1.1)libxenevtchn.so.1libxenevtchn.so.1(VERS_1.0)libxenevtchn.so.1(VERS_1.1)libxenforeignmemory.so.1libxenforeignmemory.so.1(VERS_1.0)libxenforeignmemory.so.1(VERS_1.1)libxenforeignmemory.so.1(VERS_1.2)libxengnttab.so.1libxengnttab.so.1(VERS_1.0)libxengnttab.so.1(VERS_1.1)libxenguest.so.4.10libxenlight.so.4.10libxenstat.so.0libxenstore.so.3.0libxentoolcore.so.1libxentoolcore.so.1(VERS_1.0)libxentoollog.so.1libxentoollog.so.1(VERS_1.0)libxenvchan.so.4.10libxlutil.so.4.10xen-libs-32bitxen-libs-32bit(x86-32)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /bin/shlibbz2.so.1libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.2)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.15)libc.so.6(GLIBC_2.17)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.2)libc.so.6(GLIBC_2.3.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)libc.so.6(GLIBC_2.8)libfsimage.so.1.0libfsimage.so.1.0(libfsimage.so.1.0)liblzma.so.5liblzma.so.5(XZ_5.0)libnl-3.so.200libnl-3.so.200(libnl_3)libnl-route-3.so.200libnl-route-3.so.200(libnl_3)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.1)libpthread.so.0(GLIBC_2.2)libpthread.so.0(GLIBC_2.3.2)libpthread.so.0(GLIBC_2.3.3)libutil.so.1libutil.so.1(GLIBC_2.0)libuuid.so.1libuuid.so.1(UUID_1.0)libxencall.so.1libxencall.so.1(VERS_1.0)libxenctrl.so.4.10libxendevicemodel.so.1libxendevicemodel.so.1(VERS_1.0)libxenevtchn.so.1libxenevtchn.so.1(VERS_1.0)libxenforeignmemory.so.1libxenforeignmemory.so.1(VERS_1.0)libxengnttab.so.1libxengnttab.so.1(VERS_1.0)libxenguest.so.4.10libxenlight.so.4.10libxenstore.so.3.0libxentoolcore.so.1libxentoolcore.so.1(VERS_1.0)libxentoollog.so.1libxentoollog.so.1(VERS_1.0)libyajl.so.2libz.so.1rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1]d@]@]@]]@]@]]#0@];]@]@]:\@\ޢ@\@\\\8\\\@\~d\w@\n\mA@\f\N\[k@[@[][t[[9@[qr[i[Y[6@[0@[0@['[!@Z@ZnZ@ZZ@ZmZԐ@ZZZ@ZZ}@Z}@Z}@Z}@Zz@Zz@Zo Zk@ZV@ZS]@ZOhZ:PZ1@Z.s@Z&@ZOZOZ Z Z Z@Z@Z }ZC@ZYYYY|Y@Y{Y*@Y5YA@Y4YYYbYY@Y3Y@YJYJY@YYV@Y@Ym@Yw2Yp@YlYh@Yh@YS@YJ_YI@Y5GY0Y-^Y(Y"YY;@YYY@YtY.X@XQ@X@XۡXg@X@XƉX@X @X@X@X@X@XXX@XXXwoXs{@XlXWXRXQ4@XEVX43@X.@X*X lX&X@XX@W@W֘W֘W^@WiW:Wt@W.@W9WW@Wk@Wi,@WbWZWZWZWYZ@WV@WEWBW=W;W3W1@W1@W,@W(W(W(W(W(W#LWVbV(@V3VJVxV'@VV2V͛@VŲ@V`VwVVV=@VV@VHV@VvV%@VV<@V@VS@VV@V^VwVqR@Vn@VXEVUVTQ@VMVMVMVA@V;DV9@V7P@V0V*!@V V@VCVVVf@VqV@UYU@U@UUݪ@U@UnU4@UUK@UU@UU>U@Ux&Un@U\w@U[%UUUPUKSU>$U6;U%@UU@UUU.@TgT-@TT@TZ@TZ@T@TT@T5T@TLTLT~@Tl@Ti@Ta@THT?@T=@carnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.dejfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.deohering@suse.derbrown@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comjfehlig@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.dejfehlig@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comohering@suse.dejfehlig@suse.comcarnold@suse.comjfehlig@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.commlatimer@suse.comcarnold@suse.comcyliu@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comjfehlig@suse.comcarnold@suse.comcarnold@suse.comohering@suse.decarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comohering@suse.derguenther@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.comrguenther@suse.comcarnold@suse.commeissner@suse.comcarnold@suse.comohering@suse.decarnold@suse.comcarnold@suse.comohering@suse.deohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.decarnold@suse.comohering@suse.deohering@suse.deohering@suse.deohering@suse.decarnold@suse.comcarnold@suse.comcarnold@suse.comcarnold@suse.com- bsc#1155945 - VUL-0: CVE-2018-12207: xen: Machine Check Error Avoidance on Page Size Change (aka IFU issue) xsa304-1.patch xsa304-2.patch - bsc#1152497 - VUL-0: CVE-2019-11135: xen: XSA-305: TSX Asynchronous Abort (TAA) issue xsa305-1.patch xsa305-2.patch- bsc#1154461 - VUL-0: CVE-2019-18424: xen: XSA-302: passed through PCI devices may corrupt host memory after deassignment xsa302-0001-IOMMU-add-missing-HVM-check.patch xsa302-0002-passthrough-quarantine-PCI-devices.patch- bsc#1154458 - VUL-0: CVE-2019-18421: xen: XSA-299: Issues with restartable PV type change operations xsa299-0001-x86-mm-L1TF-checks-don-t-leave-a-partial-entry.patch xsa299-0002-x86-mm-Don-t-re-set-PGT_pinned-on-a-partially-de-val.patch xsa299-0003-x86-mm-Separate-out-partial_pte-tristate-into-indivi.patch xsa299-0004-x86-mm-Use-flags-for-_put_page_type-rather-than-a-bo.patch xsa299-0005-x86-mm-Rework-get_page_and_type_from_mfn-conditional.patch xsa299-0006-x86-mm-Have-alloc_l-23-_table-clear-partial_flags-wh.patch xsa299-0007-x86-mm-Always-retain-a-general-ref-on-partial.patch xsa299-0008-x86-mm-Collapse-PTF_partial_set-and-PTF_partial_gene.patch xsa299-0009-x86-mm-Properly-handle-linear-pagetable-promotion-fa.patch xsa299-0010-x86-mm-Fix-nested-de-validation-on-error.patch xsa299-0011-x86-mm-Don-t-drop-a-type-ref-unless-you-held-a-ref-t.patch- bsc#1154456 - VUL-0: CVE-2019-18425: xen: XSA-298: missing descriptor table limit checking in x86 PV emulation xsa298.patch- bsc#1154448 - VUL-0: CVE-2019-18420: xen: XSA-296: VCPUOP_initialise DoS xsa296.patch- bsc#1145240 - [Migration]Can't pre-allocate 1 shadow pages 5d70bfba-x86-shadow-dont-enable-with-too-small-allocation.patch - bsc#1137717 - [HPS Bug] Unable to install Windows Server 2016 with 2 CPUs setting (or above) under SLES12 SP4 Xen Server on AMD ROME platform 5d89d8d9-libxc-x86-avoid-overflow-in-CPUID-APIC-ID.patch - Upstream bug fixes (bsc#1027519) 5d419d49-x86-spec-ctrl-report-proper-status.patch 5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch 5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch 5d4d850a-introduce-bss-percpu-page-aligned.patch 5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch 5d6524ca-x86-mm-correctly-init-M2P-entries.patch 5d67ceaf-x86-properly-gate-PKU-clearing.patch 5d779811-x86-fix-CPUID7-0-eax-levelling-MSR.patch 5d8b715f-ACPI-cpuidle-bump-max-num-of-states.patch 5d8ce179-sched-dont-leak-XEN_RUNSTATE_UPDATE.patch- bsc#1145774 - Libivrtd segfaults when trying to live migrate a VM Fix crash in an error path of libxl_domain_suspend with libxl.helper_done-crash.patch- Upstream bug fixes (bsc#1027519) 5d08f651-x86-AMD-correct-Fam17-checks.patch 5d08f68b-x86-AMD-limit-C1E-disable.patch 5d160571-x86-cpuid-restrict-OSXSAVE-leak.patch 5d1b395a-x86-MSI-fix-loop-termination.patch- Update to Xen 4.10.4 bug fix release (bsc#1027519) xen-4.10.4-testing-src.tar.bz2 - Drop the following patches contained in the new tarball 5bc4977d-1-XSM-remove-unnecessary-define.patch 5bc4977d-2-XSM-introduce-boot-param.patch 5bc4977d-3-XSM-SILO-mode.patch 5c7e6f86-gnttab-set-refcount-for-transfer-copy.patch 5c7e6fe8-IOMMU-x86-fix-type-ref-counting-race.patch 5c7e7008-x86-get-rid-of-bogus-page-states.patch 5c7e7020-x86-make-coherent-PV-IOMMU-discipline.patch 5c7e70c6-x86-mm-L2-unvalidation-preemptible.patch 5c7e70e2-x86-mm-L3-unvalidation-preemptible.patch 5c7e70ff-x86-mm-dont-retain-page-typeref-on-IOMMU-fail.patch 5c7e711c-x86-mm-properly-flush-TLB-in-switch_cr3_cr4.patch 5c7e714c-x86-pv-rewrite-guest-cr4-handling.patch 5c7e716d-x86-pv-restrict-cr4-fsgsbase.patch 5c7e7192-x86-pv-toggle_guest_pt-TLB-flush-for-shadow.patch 5c7e9d9c-x86-mm-fix-GP-0-in-switch_cr3_cr4.patch 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch 5c87b6c8-drop-arch_evtchn_inject.patch 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch x86-cmdline-parse-fix.patch 5c8f752c-x86-e820-build-with-gcc9.patch 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch 5c9e63c5-credit2-SMT-idle-handling.patch 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch 5cd921fb-trace-fix-build-with-gcc9.patch 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch 5cd926d0-bitmap_fill-zero-sized.patch 5cd92724-drivers-video-drop-constraints.patch 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch 5d03a0c4-6-Arm64-cmpxchg-simplify.patch 5d03a0c4-7-Arm32-cmpxchg-simplify.patch 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch 5d03a0c4-B-bitops-guest-helpers.patch 5d03a0c4-C-cmpxchg-guest-helper.patch 5d03a0c4-D-use-guest-atomics-helpers.patch 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch XSM-fix-Kconfig-names.patch- bsc#1138294 - VUL-0: CVE-2019-17349: XSA-295: Unlimited Arm Atomics Operations 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch 5d03a0c4-6-Arm64-cmpxchg-simplify.patch 5d03a0c4-7-Arm32-cmpxchg-simplify.patch 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch 5d03a0c4-B-bitops-guest-helpers.patch 5d03a0c4-C-cmpxchg-guest-helper.patch 5d03a0c4-D-use-guest-atomics-helpers.patch 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch - Upstream bug fixes (bsc#1027519) 5bc4977d-1-XSM-remove-unnecessary-define.patch 5bc4977d-2-XSM-introduce-boot-param.patch 5bc4977d-3-XSM-SILO-mode.patch 5c87b6c8-drop-arch_evtchn_inject.patch 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch 5cd921fb-trace-fix-build-with-gcc9.patch 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch 5cd926d0-bitmap_fill-zero-sized.patch 5cd92724-drivers-video-drop-constraints.patch 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch (Replaces xsa297-0a.patch) 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch (Replaces xsa297-0b.patch) 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch (Replaces xsa297-0c.patch) 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch (Replaces xsa297-0d.patch) 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch (Replaces xsa297-1.patch) 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch (Replaces xsa297-2.patch) 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch (Replaces xsa297-3.patch) 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch XSM-fix-Kconfig-names.patch- bsc#1138563 - L3: xenpvnetboot improperly ported to Python 3 fix-xenpvnetboot.patch- bsc#1129642 - L3: xen domU loses attached pci device after reboot (since dom0 upgrade to sle12sp4) 5ba5188c-libxl-keep-assigned-pci-devices-across-domain-reboots.patch- bsc#1133818 - retry XEN_DOMCTL_getpageframeinfo3 accessing the list of pages may lead to a temporary EFAULT backport a mainline patch to retry the domctl, which may fix live migration on the sending side libxc.do_domctl.EFAULT-retry.patch- bsc#1131811 - [XEN] internal error: libxenlight failed to create new domain. This patch is a workaround for a systemd issue. See patch header for additional comments. xenstore-launch.patch- bsc#1079730, bsc#1098403, bsc#1111025 - live migrating PV domUs simplify and fix the required change. The previous variant broke PV with device-model libxl.pv-qemu-migration.patch- bsc#1120095 - add code to change LIBXL_HOTPLUG_TIMEOUT at runtime The included README has details about the impact of this change libxl.LIBXL_HOTPLUG_TIMEOUT.patch- bsc#1111331 - VUL-0: CPU issues Q2 2019 aka "Group 4" CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 xsa297-0a.patch xsa297-0b.patch xsa297-0c.patch xsa297-0d.patch xsa297-1.patch xsa297-2.patch xsa297-3.patch - Upstream bug fixes (bsc#1027519) 5c7e6f86-gnttab-set-refcount-for-transfer-copy.patch Replaces xsa284.patch 5c7e6fe8-IOMMU-x86-fix-type-ref-counting-race.patch Replaces xsa285.patch 5c7e7008-x86-get-rid-of-bogus-page-states.patch Replaces xsa287.patch 5c7e7020-x86-make-coherent-PV-IOMMU-discipline.patch Replaces xsa288.patch 5c7e70c6-x86-mm-L2-unvalidation-preemptible.patch Replaces xsa290-1.patch 5c7e70e2-x86-mm-L3-unvalidation-preemptible.patch Replaces xsa290-2.patch 5c7e70ff-x86-mm-dont-retain-page-typeref-on-IOMMU-fail.patch Replaces xsa291.patch 5c7e711c-x86-mm-properly-flush-TLB-in-switch_cr3_cr4.patch Replaces xsa292.patch 5c7e714c-x86-pv-rewrite-guest-cr4-handling.patch Replaces xsa293-1.patch 5c7e716d-x86-pv-restrict-cr4-fsgsbase.patch Replaces xsa293-2.patch 5c7e7192-x86-pv-toggle_guest_pt-TLB-flush-for-shadow.patch Replaces xsa294.patch 5c7e9d9c-x86-mm-fix-GP-0-in-switch_cr3_cr4.patch 5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch 5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch 5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch x86-cmdline-parse-fix.patch 5c8f752c-x86-e820-build-with-gcc9.patch 5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch 5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch 5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch 5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch 5c9e63c5-credit2-SMT-idle-handling.patch 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch- bsc#1079730, bsc#1098403, bsc#1111025 - live migrating PV domUs An earlier change broke live migration of PV domUs without a device model. The migration would stall for 10 seconds while the domU was paused, which caused network connections to drop. Fix this by tracking the need for a device model within libxl. add libxl.pv-qemu-migration.patch remove xen.bug1079730.patch- bsc#1026236 - add Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation for HVM domUs if their expected frequency does not match exactly the frequency of the receiving host xen.bug1026236.suse_vtsc_tolerance.patch- bsc#1126325 - fix crash in libxl in error path Setup of grant_tables and other variables may fail libxl.prepare-environment-for-domcreate_stream_done.patch- bsc#1127620 - Documentation for the xl configuration file allows for firmware=pvgrub64 but we don't ship pvgrub64. Create a link from grub.xen to pvgrub64 xen.spec- Upstream bug fixes (bsc#1027519) 5c6d7b01-x86-pmtimer-fix-hvm_acpi_sleep_button.patch 5c6d7b35-x86-shadow-dont-pass-wrong-L4-MFN.patch 5c75615a-viridian-fix-HvFlushVirtualAddress.patch 5c7561aa-x86-shadow-dont-use-map_domain_page_global.patch 5c77c30b-x86-hvm-increase-triple-fault-log-level.patch 5c77e5c8-x86-nmi-correctly-check-MSB-of-P6-perf-counter.patch- bsc#1127400 - VUL-0: CVE-2019-17348: xen: XSA-294: x86 shadow: Insufficient TLB flushing when using PCID xsa294.patch- bsc#1126192 - VUL-0: CVE-2019-17342: xen: XSA-287: x86: steal_page violates page_struct access discipline xsa287.patch - bsc#1126195 - VUL-0: CVE-2019-17343: xen: XSA-288: x86: Inconsistent PV IOMMU discipline xsa288.patch - bsc#1126196 - VUL-0: CVE-2019-17344: xen: XSA-290: missing preemption in x86 PV page table unvalidation xsa290-1.patch xsa290-2.patch - bsc#1126197 - VUL-0: CVE-2019-17345: xen: XSA-291: x86/PV: page type reference counting issue with failed IOMMU update xsa291.patch - bsc#1126198 - VUL-0: CVE-2019-17346: xen: XSA-292: x86: insufficient TLB flushing when using PCID xsa292.patch - bsc#1126201 - VUL-0: CVE-2019-17347: xen: XSA-293: x86: PV kernel context switch corruption xsa293-1.patch xsa293-2.patch- bsc#1126140 - VUL-0: CVE-2019-17340: xen: XSA-284: grant table transfer issues on large hosts xsa284.patch - bsc#1126141 - VUL-0: CVE-2019-17341: xen: XSA-285: race with pass-through device hotplug xsa285.patch- Update to Xen 4.10.3 bug fix release (bsc#1027519) xen-4.10.3-testing-src.tar.bz2 - bsc#1114988 - VUL-0: CVE-2018-19967: xen: guest use of HLE constructs may lock up host (XSA-282) Fix included in tarball - bsc#1120067 - Libvirt segfault when crash triggered on top of HVM guest Fix included in tarball - Drop the following patches contained in the new tarball 5ae31917-x86-cpuidle-init-stats-lock-once.patch 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch 5bacae4b-x86-boot-allocate-extra-module-slot.patch 5bae44ce-x86-silence-false-log-messages.patch 5bb60c12-x86-split-opt_xpti.patch 5bb60c4f-x86-split-opt_pv_l1tf.patch 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch 5bcf0722-x86-boot-enable-NMIs.patch 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch 5bd076e9-x86-boot-init-debug-regs-correctly.patch 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch 5bdc31d5-VMX-fix-vmx_handle_eoi.patch 5be2a308-x86-extend-get_platform_badpages.patch 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch 5be9634c-x86-dom0-avoid-using-1G-superpages.patch 5bed93e1-x86-hvm_copy-no-write-to-p2m_ioreq_server.patch 5bf4118c-amd-iommu-fix-flush-checks.patch 5bf41242-AMD-IOMMU-suppress-late-PTE-merging.patch 5bf41311-x86-dont-flush-after-L1e-update-failure.patch 5bf41331-x86-shadow-move-OOS-flag-bits.patch 5bf4135a-x86-shrink-page_info-shadow_flags.patch 5c011aaf-x86-dont-enable-shadow-with-too-small-allocation.patch 5c17ce93-x86-hvm-correct-RDTSCP-intercept-handling.patch 5c18f5ad-x86emul-fix-3-operand-IMUL.patch 5c190203-x86emul-work-around-SandyBridge-errata.patch 5c3608fa-fix-MEMF_no_dma-allocations-for-single-NUMA.patch 5c3dd8fa-cmdline-fix-strncmp-LITERAL-construct.patch- Upstream bug fixes (bsc#1027519) 5c17ce93-x86-hvm-correct-RDTSCP-intercept-handling.patch 5c18f5ad-x86emul-fix-3-operand-IMUL.patch 5c190203-x86emul-work-around-SandyBridge-errata.patch 5c3608fa-fix-MEMF_no_dma-allocations-for-single-NUMA.patch 5c3dd8fa-cmdline-fix-strncmp-LITERAL-construct.patch- Upstream bug fixes (bsc#1027519) 5be9634c-x86-dom0-avoid-using-1G-superpages.patch 5bed93e1-x86-hvm_copy-no-write-to-p2m_ioreq_server.patch 5bf4118c-amd-iommu-fix-flush-checks.patch replaces xsa275-1.patch 5bf41242-AMD-IOMMU-suppress-late-PTE-merging.patch replaces xsa275-2.patch 5bf41311-x86-dont-flush-after-L1e-update-failure.patch replaces xsa279.patch 5bf41331-x86-shadow-move-OOS-flag-bits.patch replaces xsa280-1.patch 5bf4135a-x86-shrink-page_info-shadow_flags.patch replaces xsa280-2.patch 5c011aaf-x86-dont-enable-shadow-with-too-small-allocation.patch 5c0f786c-parse_size_and_unit-percent.patch 5c0f7894-x86-dom0_mem-variants.patch- bsc#1115040 - VUL-0: xen: insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275) xsa275-1.patch xsa275-2.patch - bsc#1115045 - VUL-0: xen: x86: DoS from attempting to use INVPCID with a non-canonical addresses (XSA-279) xsa279.patch - bsc#1115047 - VUL-0: xen: Fix for XSA-240 conflicts with shadow paging (XSA-280) xsa280-1.patch xsa280-2.patch - bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV 5bdc31d5-VMX-fix-vmx_handle_eoi.patch - bsc#1105528 - L3: xpti=no-dom0 not working as expected 5bb60c12-x86-split-opt_xpti.patch 5bb60c4f-x86-split-opt_pv_l1tf.patch 5bb60c74-x86-fix-xpti-and-pv-l1tf.patch - Upstream bug fixes (bsc#1027519) 5bae44ce-x86-silence-false-log-messages.patch 5bcf0722-x86-boot-enable-NMIs.patch 5bd076e9-x86-boot-init-debug-regs-correctly.patch 5bd076e9-x86-init-vcpu-debug-regs-correctly.patch 5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch 5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch 5be2a308-x86-extend-get_platform_badpages.patch 5be2a354-x86-work-around-HLE-host-lockup-erratum.patch- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even when disabled (XSA-278) 5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch- Upstream bug fixes (bsc#1027519) 5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch 5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch 5bacae4b-x86-boot-allocate-extra-module-slot.patch- Update to Xen 4.10.2 bug fix release (bsc#1027519) xen-4.10.2-testing-src.tar.bz2 - Drop the following patches contained in the new tarball 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch 5a957d0e-gnttab-introduce-cmdline-feature-controls.patch 5a9985bd-x86-invpcid-support.patch 5ad4923e-x86-correct-S3-resume-ordering.patch 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch 5adde9ed-xpti-fix-double-fault-handling.patch 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch 5af03009-x86-pv-hide-more-EFER-bits-from-PV.patch 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch 5af1daa9-3-x86-traps-use-IST-for-DB.patch 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch 5af97999-viridian-cpuid-leaf-40000003.patch 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch 5aec7393-1-x86-xpti-avoid-copy.patch 5aec7393-2-x86-xpti-write-cr3.patch 5aec744a-3-x86-xpti-per-domain-flag.patch 5aec744a-4-x86-xpti-use-invpcid.patch 5aec744a-5-x86-xpti-no-global-pages.patch 5aec744a-6-x86-xpti-cr3-valid-flag.patch 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch 5aec744b-8-x86-xpti-cr3-helpers.patch 5aec74a8-9-x86-xpti-use-pcid.patch 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch 5b0bc9da-x86-XPTI-fix-S3-resume.patch 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b34882d-x86-mm-dont-bypass-preemption-checks.patch 5b348874-x86-refine-checks-in-DB-handler.patch 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch 5b348954-x86-guard-against-NM.patch 5b3f8fa5-port-array_index_nospec-from-Linux.patch 5b4488e7-x86-spec-ctrl-cmdline-handling.patch 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch 5b4db308-SVM-fix-cleanup-svm_inject_event.patch 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch 5b508775-2-x86-possibly-bring-up-all-CPUs.patch 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch 5b56feb1-x86-hvm-disallow-unknown-EFER-bits.patch 5b56feb2-x86-XPTI-parsing-on-fixed-Intel-HW.patch 5b62ca93-VMX-avoid-hitting-BUG_ON.patch 5b6d84ac-x86-fix-improve-vlapic-read-write.patch 5b6d8ce2-x86-XPTI-parsing.patch 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch 5b505fe5-VMX-fix-find-msr-build.patch 5b72fbbe-ARM-disable-grant-table-v2.patch 5b72fbbe-oxenstored-eval-order.patch 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch 5b72fbbf-9-spec-ctrl=no-global-disable.patch 5b72fbbf-A-xl-conf-add-global-affinity-masks.patch 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch 5b8d5832-x86-assorted-array_index_nospec-insertions.patch- bsc#1094508 - L3: Kernel oops in fs/dcache.c called by d_materialise_unique() 5b9784ad-x86-HVM-drop-hvm_fetch_from_guest_linear.patch 5b9784d2-x86-HVM-add-known_gla-helper.patch 5b9784f2-x86-HVM-split-page-straddling-accesses.patch - bsc#1103279 - (CVE-2018-15470) VUL-0: CVE-2018-15470: xen: oxenstored does not apply quota-maxentity (XSA-272) 5b72fbbe-oxenstored-eval-order.patch - bsc#1103275 - (CVE-2018-15469) VUL-0: CVE-2018-15469: xen: Use of v2 grant tables may cause crash on ARM (XSA-268) 5b72fbbe-ARM-disable-grant-table-v2.patch - bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS (XSA-269) 5b72fbbe-vtx-Fix-the-checking-for-unknown-invalid-MSR_DEBUGCTL-bits.patch (Replaces xsa269.patch) - bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM (XSA-273) 5b72fbbf-1-spec-ctrl-Calculate-safe-PTE-addresses-for-L1TF-mitigations.patch (Replaces xsa273-1.patch) 5b72fbbf-2-spec-ctrl-Introduce-an-option-to-control-L1TF-mitigation-for-PV-guests.patch (Replaces xsa273-2.patch) 5b72fbbf-3-shadow-Infrastructure-to-force-a-PV-guest-into-shadow-mode.patch (Replaces xsa273-3.patch) 5b72fbbf-4-mm-Plumbing-to-allow-any-PTE-update-to-fail-with--ERESTART.patch (Replaces xsa273-4.patch) 5b72fbbf-5-pv-Force-a-guest-into-shadow-mode-when-it-writes-an-L1TF-vulnerable-PTE.patch (Replaces xsa273-5.patch) 5b72fbbf-6-spec-ctrl-CPUID-MSR-definitions-for-L1D_FLUSH.patch (Replaces xsa273-6.patch) 5b72fbbf-7-msr-Virtualise-MSR_FLUSH_CMD-for-guests.patch (Replaces xsa273-7.patch) 5b72fbbf-8-spec-ctrl-Introduce-an-option-to-control-L1D_FLUSH-for-HVM-HAP-guests.patch (Replaces xsa273-8.patch) 5b72fbbf-9-spec-ctrl=no-global-disable.patch 5b72fbbf-A-xl-conf-add-global-affinity-masks.patch - Upstream patches from Jan (bsc#1027519) 5a957d0e-gnttab-introduce-cmdline-feature-controls.patch 5b6d84ac-x86-fix-improve-vlapic-read-write.patch 5b74190e-x86-hvm-ioreq-MMIO-range-check-honor-DF.patch 5b75afef-x86-setup-avoid-OoB-E820-lookup.patch 5b76b780-rangeset-inquiry-functions-tolerate-NULL.patch 5b83c654-VT-d-dmar-iommu-mem-leak-fix.patch 5b8d5832-x86-assorted-array_index_nospec-insertions.patch- bsc#1078292 - rpmbuild -ba SPECS/xen.spec with xen-4.9.1 failed xen.spec- bsc#1091107 - VUL-0: CVE-2018-3646: xen: L1 Terminal Fault -VMM (XSA-273) xsa273-1.patch xsa273-2.patch xsa273-3.patch xsa273-4.patch xsa273-5.patch xsa273-6.patch xsa273-7.patch xsa273-8.patch - Upstream prereq patches for XSA-273 (bsc#1027519) 5b34b8fe-VMX-defer-vmx_vmcs_exit-as-long-as-possible.patch 5b3cab8e-1-VMX-MSR_DEBUGCTL-handling.patch 5b3cab8e-2-VMX-improve-MSR-load-save-API.patch 5b3cab8e-3-VMX-cleanup-MSR-load-save-infra.patch 5b3cab8f-1-VMX-factor-out-locate_msr_entry.patch 5b3cab8f-2-VMX-remote-access-to-MSR-lists.patch 5b3cab8f-3-VMX-improve-LBR-MSR-handling.patch 5b3cab8f-4-VMX-pass-MSR-value-into-vmx_msr_add.patch 5b3cab8f-5-VMX-load-only-guest-MSR-entries.patch 5b505fe5-VMX-fix-find-msr-build.patch 5b62ca93-VMX-avoid-hitting-BUG_ON.patch 5b6d8ce2-x86-XPTI-parsing.patch- bsc#1103276 - VUL-0: CVE-2018-15468: xen: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS (XSA-269) xsa269.patch- Upstream patches from Jan (bsc#1027519) 5af03009-x86-pv-hide-more-EFER-bits-from-PV.patch 5b3f8fa5-port-array_index_nospec-from-Linux.patch 5b4488e7-x86-spec-ctrl-cmdline-handling.patch 5b471517-page_alloc-correct-first_dirty-calc-in-block-merging.patch 5b4c9a60-allow-cpu_down-to-be-called-earlier.patch 5b4db308-SVM-fix-cleanup-svm_inject_event.patch 5b5040c3-cpupools-fix-state-when-downing-a-CPU-failed.patch 5b5040f2-x86-AMD-distinguish-CU-from-HT.patch 5b508775-1-x86-distinguish-CPU-offlining-and-removal.patch 5b508775-2-x86-possibly-bring-up-all-CPUs.patch 5b508775-3-x86-cmdline-opt-to-avoid-use-of-secondary-HTs.patch 5b508ce8-VMX-dont-clobber-dr6-while-debug-state-is-lazy.patch 5b50df16-1-x86-xstate-use-guest-CPUID-policy.patch 5b50df16-2-x86-make-xstate-calculation-errors-more-obvious.patch 5b56feb1-x86-hvm-disallow-unknown-EFER-bits.patch 5b56feb2-x86-XPTI-parsing-on-fixed-Intel-HW.patch- Upstream patches from Jan (bsc#1027519) 5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch) 5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch) 5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch) 5b0bc9da-x86-XPTI-fix-S3-resume.patch 5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch 5b0d2d91-x86-suppress-sync-when-XPTI-off.patch 5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch 5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch 5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch 5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces xsa267-1.patch) 5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces xsa267-2.patch) 5b238b92-x86-HVM-account-for-fully-eager-FPU.patch 5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch 5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch 5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch) 5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch) 5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces xsa266-1-<>.patch) 5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces xsa266-2-<>.patch) 5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch 5b348954-x86-guard-against-NM.patch- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch- bsc#1098403 - fix regression introduced by changes for bsc#1079730 a PV domU without qcow2 and/or vfb has no qemu attached. Ignore QMP errors for PV domUs to handle PV domUs with and without an attached qemu-xen. xen.bug1079730.patch- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks bypassed in x86 PV MM handling (XSA-264) xsa264.patch - bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception safety check can be triggered by a guest (XSA-265) xsa265.patch - bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour readonly flag on HVM emulated SCSI disks (XSA-266) xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore (XSA-267) xsa267-1.patch xsa267-2.patch- bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 – Speculative Store Bypass aka "Memory Disambiguation" (XSA-263) 5ad4923e-x86-correct-S3-resume-ordering.patch 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch Spectre-v4-1.patch Spectre-v4-2.patch Spectre-v4-3.patch- Always call qemus xen-save-devices-state in suspend/resume to fix migration with qcow2 images (bsc#1079730) libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch xen.bug1079730.patch- bsc#1087289 - L3: Xen BUG at sched_credit.c:1663 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch - Upstream patches from Jan (bsc#1027519) 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch 5ae31917-x86-cpuidle-init-stats-lock-once.patch 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch) 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch) 5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch) 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch) 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch) 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch) 5af97999-viridian-cpuid-leaf-40000003.patch- Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch 5a9985bd-x86-invpcid-support.patch 5adde9ed-xpti-fix-double-fault-handling.patch 5aec7393-1-x86-xpti-avoid-copy.patch 5aec7393-2-x86-xpti-write-cr3.patch 5aec744a-3-x86-xpti-per-domain-flag.patch 5aec744a-4-x86-xpti-use-invpcid.patch 5aec744a-5-x86-xpti-no-global-pages.patch 5aec744a-6-x86-xpti-cr3-valid-flag.patch 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch 5aec744b-8-x86-xpti-cr3-helpers.patch 5aec74a8-9-x86-xpti-use-pcid.patch- Update to Xen 4.10.1 bug fix release (bsc#1027519) xen-4.10.1-testing-src.tar.bz2 disable-building-pv-shim.patch - Drop the following patches contained in the new tarball 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch 5a4caa8c-x86-E820-don-t-overrun-array.patch 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch 5a4fd894-4-clarifications-to-wait-infrastructure.patch 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch 5a5e2cff-x86-Meltdown-band-aid.patch 5a5e2d73-x86-Meltdown-band-aid-conditional.patch 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch 5a5e459c-2-x86-report-domain-id-on-CPUID.patch 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch 5a69c0b9-x86-fix-GET_STACK_END.patch 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch 5a6b36cd-9-x86-issue-speculation-barrier.patch 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch xsa258.patch xsa259.patch- bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of debug exceptions (XSA-260) xsa260-1.patch xsa260-2.patch xsa260-3.patch xsa260-4.patch - bsc#1090822 - VUL-0: CVE-2018-10982: xen: x86 vHPET interrupt injection errors (XSA-261) xsa261.patch - bsc#1090823 - VUL-0: CVE-2018-10981: xen: qemu may drive Xen into unbounded loop (XSA-262) xsa262.patch- bsc#1089152 - VUL-0: CVE-2018-10472: xen: Information leak via crafted user-supplied CDROM (XSA-258) xsa258.patch - bsc#1089635 - VUL-0: CVE-2018-10471: xen: x86: PV guest may crash Xen with XPTI (XSA-259) xsa259.patch- Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) (bsc#1087251)- Upstream patches from Jan (bsc#1027519) and fixes related to Page Table Isolation (XPTI). See also bsc#1074562 XSA-254 5a856a2b-x86-xpti-hide-almost-all-of-Xen-image-mappings.patch 5a9eb7f1-x86-xpti-dont-map-stack-guard-pages.patch 5a9eb85c-x86-slightly-reduce-XPTI-overhead.patch 5a9eb890-x86-remove-CR-reads-from-exit-to-guest-path.patch 5aa2b6b9-cpufreq-ondemand-CPU-offlining-race.patch 5aaa9878-x86-vlapic-clear-TMR-bit-for-edge-triggered-intr.patch- bsc#1072834 - Xen HVM: unchecked MSR access error: RDMSR from 0xc90 at rIP: 0xffffffff93061456 (native_read_msr+0x6/0x30) 5a956747-x86-HVM-dont-give-wrong-impression-of-WRMSR-success.patch - Upstream patches from Jan (bsc#1027519) 5a79d7ed-libxc-packed-initrd-dont-fail-domain-creation.patch 5a7b1bdd-x86-reduce-Meltdown-band-aid-IPI-overhead.patch 5a843807-x86-spec_ctrl-fix-bugs-in-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 5a856a2b-x86-emul-fix-64bit-decoding-of-segment-overrides.patch 5a856a2b-x86-use-32bit-xors-for-clearing-GPRs.patch 5a8be788-x86-nmi-start-NMI-watchdog-on-CPU0-after-SMP.patch 5a95373b-x86-PV-avoid-leaking-other-guests-MSR_TSC_AUX.patch 5a95571f-memory-dont-implicitly-unpin-in-decrease-res.patch (Replaces xsa252.patch) 5a95576c-gnttab-ARM-dont-corrupt-shared-GFN-array.patch (Replaces xsa255-1.patch) 5a955800-gnttab-dont-free-status-pages-on-ver-change.patch (Replaces xsa255-2.patch) 5a955854-x86-disallow-HVM-creation-without-LAPIC-emul.patch (Replaces xsa256.patch) - Drop xsa252.patch xsa255-1.patch xsa255-2.patch xsa256.patch- bsc#1080635 - VUL-0: CVE-2018-7540: xen: DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) xsa252.patch - bsc#1080662 - VUL-0: CVE-2018-7541: xen: grant table v2 -> v1 transition may crash Xen (XSA-255) xsa255-1.patch xsa255-2.patch - bsc#1080634 - VUL-0: CVE-2018-7542: xen: x86 PVH guest without LAPIC may DoS the host (XSA-256) xsa256.patch- Remove stale systemd presets code for 13.2 and older- fate#324965 - add script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU They are triggered via xl vcpu-set domU N- Replace hardcoded xen with Name tag when refering to subpkgs- Make sure tools and tools-domU require libs from the very same build- tools-domU: Add support for qemu guest agent. New files 80-xen-channel-setup.rules and xen-channel-setup.sh configure a xen-pv-channel for use by the guest agent FATE#324963- Remove outdated /etc/xen/README*- bsc#1073961 - VUL-0: CVE-2018-5244: xen: x86: memory leak with MSR emulation (XSA-253) 5a4e2bca-x86-free-msr_vcpu_policy-during-destruction.patch - bsc#1074562 - VUL-0: CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 xen: Information leak via side effects of speculative execution (XSA-254). Includes Spectre v2 mitigation. 5a4caa5e-x86-IRQ-conditionally-preserve-access-perm.patch 5a4caa8c-x86-E820-don-t-overrun-array.patch 5a4e2c2c-x86-upcall-inject-spurious-event-after-setting-vector.patch 5a4fd893-1-x86-break-out-alternative-asm-into-separate-header.patch 5a4fd893-2-x86-introduce-ALTERNATIVE_2-macros.patch 5a4fd893-3-x86-hvm-rename-update_guest_vendor-to-cpuid_policy_changed.patch 5a4fd893-4-x86-introduce-cpuid_policy_updated.patch 5a4fd893-5-x86-entry-remove-partial-cpu_user_regs.patch 5a4fd894-1-x86-rearrange-RESTORE_ALL-to-restore-in-stack-order.patch 5a4fd894-2-x86-hvm-use-SAVE_ALL-after-VMExit.patch 5a4fd894-3-x86-erase-guest-GPRs-on-entry-to-Xen.patch 5a4fd894-4-clarifications-to-wait-infrastructure.patch 5a534c78-x86-dont-use-incorrect-CPUID-values-for-topology.patch 5a5cb24c-x86-mm-always-set-_PAGE_ACCESSED-on-L4-updates.patch 5a5e2cff-x86-Meltdown-band-aid.patch 5a5e2d73-x86-Meltdown-band-aid-conditional.patch 5a5e3a4e-1-x86-support-compiling-with-indirect-branch-thunks.patch 5a5e3a4e-2-x86-support-indirect-thunks-from-asm.patch 5a5e3a4e-3-x86-report-speculative-mitigation-details.patch 5a5e3a4e-4-x86-AMD-set-lfence-as-Dispatch-Serialising.patch 5a5e3a4e-5-x86-introduce-alternative-indirect-thunks.patch 5a5e3a4e-6-x86-definitions-for-Indirect-Branch-Controls.patch 5a5e3a4e-7-x86-cmdline-opt-to-disable-IBRS-IBPB-STIBP.patch 5a5e459c-1-x86-SVM-offer-CPUID-faulting-to-AMD-HVM-guests.patch 5a5e459c-2-x86-report-domain-id-on-CPUID.patch 5a68bc16-x86-acpi-process-softirqs-logging-Cx.patch 5a69c0b9-x86-fix-GET_STACK_END.patch 5a6b36cd-1-x86-cpuid-handling-of-IBRS-IBPB-STIBP-and-IBRS-for-guests.patch 5a6b36cd-2-x86-msr-emulation-of-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-3-x86-migrate-MSR_SPEC_CTRL.patch 5a6b36cd-4-x86-hvm-permit-direct-access-to-SPEC_CTRL-PRED_CMD.patch 5a6b36cd-5-x86-use-SPEC_CTRL-on-entry.patch 5a6b36cd-6-x86-clobber-RSB-RAS-on-entry.patch 5a6b36cd-7-x86-no-alternatives-in-NMI-MC-paths.patch 5a6b36cd-8-x86-boot-calculate-best-BTI-mitigation.patch 5a6b36cd-9-x86-issue-speculation-barrier.patch 5a6b36cd-A-x86-offer-Indirect-Branch-Controls-to-guests.patch 5a6b36cd-B-x86-clear-SPEC_CTRL-while-idle.patch- Fix python3 deprecated atoi call (bsc#1067224) pygrub-python3-conversion.patch - Drop xenmon-python3-conversion.patch- bsc#1067317 - pass cache=writeback|unsafe|directsync to qemu, depending on the libxl disk settings libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch- Remove libxl.LIBXL_DESTROY_TIMEOUT.debug.patch- bsc#1067224 - xen-tools have hard dependency on Python 2 build-python3-conversion.patch bin-python3-conversion.patch- bsc#1070165 - xen crashes after aborted localhost migration 5a2ffc1f-x86-mm-drop-bogus-paging-mode-assertion.patch - bsc#1035442 - L3: libxl: error: libxl.c:1676:devices_destroy_cb: libxl__devices_destroy failed 5a33a12f-domctl-improve-locking-during-domain-destruction.patch - Upstream patches from Jan (bsc#1027519) 5a21a77e-x86-pv-construct-d0v0s-GDT-properly.patch 5a2fda0d-x86-mb2-avoid-Xen-when-looking-for-module-crashkernel-pos.patch 5a313972-x86-microcode-add-support-for-AMD-Fam17.patch 5a32bd79-x86-vmx-dont-use-hvm_inject_hw_exception-in-.patch- Update to Xen 4.10.0 FCS (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Rebuild initrd if xen-tools-domU is updated- Update to Xen 4.10.0-rc8 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Increase the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds If many domUs shutdown in parallel the backends can not keep up Add some debug output to track how long backend shutdown takes (bsc#1035442) libxl.LIBXL_DESTROY_TIMEOUT.patch libxl.LIBXL_DESTROY_TIMEOUT.debug.patch- Adjust xenstore-run-in-studomain.patch to change the defaults in the code instead of changing the sysconfig template, to also cover the upgrade case- Update to Xen 4.10.0-rc6 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Since xen switched to Kconfig, building a debug hypervisor was done by default. Adjust make logic to build a non-debug hypervisor by default, and continue to provide one as xen-dbg.gz- fate#316614: set migration constraints from cmdline fix libxl.set-migration-constraints-from-cmdline.patch for xen-4.10- Document the suse-diskcache-disable-flush option in xl-disk-configuration(5) (bsc#879425,bsc#1067317)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Update to Xen 4.10.0-rc5 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - fate#323663 - Run Xenstore in stubdomain xenstore-run-in-studomain.patch- bsc#1067224 - xen-tools have hard dependency on Python 2 pygrub-python3-conversion.patch xenmon-python3-conversion.patch migration-python3-conversion.patch xnloader.py xen2libvirt.py- Remove xendriverdomain.service (bsc#1065185) Driver domains must be configured manually with custom .service file- Update to Xen 4.10.0-rc3 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - Drop 59f31268-libxc-remove-stale-error-check-for-domain-size.patch- Adjust xen-dom0-modules.service to ignore errors (bsc#1065187)- fate#324052 Support migration of Xen HVM domains larger than 1TB 59f31268-libxc-remove-stale-error-check-for-domain-size.patch- Update to Xen 4.10.0-rc2 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2- Update to Xen 4.10.0-rc1 (fate#321394, fate#322686) xen-4.10.0-testing-src.tar.bz2 - Drop patches included in new tarball 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch 596f257e-x86-fix-hvmemul_insn_fetch.patch 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch 59958ebf-gnttab-fix-transitive-grant-handling.patch 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch gcc7-arm.patch gcc7-mini-os.patch- bsc#1061084 - VUL-0: xen: page type reference leak on x86 (XSA-242) xsa242.patch - bsc#1061086 - VUL-0: xen: x86: Incorrect handling of self-linear shadow mappings with translated guests (XSA-243) xsa243.patch - bsc#1061087 - VUL-0: xen: x86: Incorrect handling of IST settings during CPU hotplug (XSA-244) xsa244.patch- bsc#1061077 - VUL-0: xen: DMOP map/unmap missing argument checks (XSA-238) xsa238.patch - bsc#1061080 - VUL-0: xen: hypervisor stack leak in x86 I/O intercept code (XSA-239) xsa239.patch - bsc#1061081 - VUL-0: xen: Unlimited recursion in linear pagetable de-typing (XSA-240) xsa240-1.patch xsa240-2.patch - bsc#1061082 - VUL-0: xen: Stale TLB entry due to page type release race (XSA-241) xsa241.patch- bsc#1061075 - VUL-0: xen: pin count / page reference race in grant table code (XSA-236) xsa236.patch - bsc#1061076 - VUL-0: xen: multiple MSI mapping issues on x86 (XSA-237) xsa237-1.patch xsa237-2.patch xsa237-3.patch xsa237-4.patch xsa237-5.patch- bsc#1056278 - VUL-0: xen: Missing NUMA node parameter verification (XSA-231) 59b7d664-mm-make-sure-node-is-less-than-MAX_NUMNODES.patch - bsc#1056280 - VUL-0: xen: Missing check for grant table (XSA-232) 59b7d69b-grant_table-fix-GNTTABOP_cache_flush-handling.patch - bsc#1056281 - VUL-0: xen: cxenstored: Race in domain cleanup (XSA-233) 59b7d6c8-xenstore-dont-unlink-connection-object-twice.patch - bsc#1056282 - VUL-0: xen: insufficient grant unmapping checks for x86 PV guests (XSA-234) 59b7d6d9-gnttab-also-validate-PTE-perms-upon-destroy-replace.patch - bsc#1055321 - VUL-0: xen: add-to-physmap error paths fail to release lock on ARM (XSA-235) 599da329-arm-mm-release-grant-lock-on-xatp1-error-paths.patch - Upstream patches from Jan (bsc#1027519) 59a01223-x86-check-for-alloc-errors-in-modify_xen_mappings.patch 59a0130c-x86-efi-dont-write-relocs-in-efi_arch_relocate_image-1st-pass.patch 59a9221f-VT-d-use-correct-BDF-for-VF-to-search-VT-d-unit.patch 59ae9177-x86-emul-fix-handling-of-unimplemented-Grp7-insns.patch 59aec335-x86emul-correct-VEX-W-handling-for-VPINSRD.patch 59aec375-x86emul-correct-VEX-L-handling-for-VCVTx2SI.patch 59afcea0-x86-introduce-and-use-setup_force_cpu_cap.patch 59b2a7f2-x86-HVM-correct-repeat-count-update-linear-phys.patch - Dropped gcc7-xen.patch- bsc#1057358 - Cannot Boot into SLES12.3 with Xen hypervisor when Secure Boot is Enabled xen.spec- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored update from v6 to v9 to cover more cases for ballooned domUs libxc.sr.superpage.patch- bsc#1026236 - remove suse_vtsc_tolerance= cmdline option for Xen drop the patch because it is not upstream acceptable remove xen.suse_vtsc_tolerance.patch- bsc#1055695 - XEN: 11SP4 and 12SP3 HVM guests can not be restored after the save using xl stack libxc.sr.superpage.patch- Unignore gcc-PIE the toolstack disables PIE for firmware builds as needed- Upstream patches from Jan (bsc#1027519) 592fd5f0-stop_machine-fill-result-only-in-case-of-error.patch 596f257e-x86-fix-hvmemul_insn_fetch.patch 5982fd99-VT-d-don-t-panic-warn-on-iommu-no-igfx.patch 598c3630-VT-d-PI-disable-when-CPU-side-PI-is-off.patch 598c3706-cpufreq-only-stop-ondemand-governor-if-started.patch 5992f1e5-x86-grant-disallow-misaligned-PTEs.patch (Replaces xsa227.patch) 5992f20d-gnttab-split-maptrack-lock-to-make-it-useful-again.patch (Replaces xsa228.patch) 5992f233-gnttab-correct-pin-status-fixup-for-copy.patch (Replaces xsa230.patch) 59958e76-gnttab-dont-use-possibly-unbounded-tail-calls.patch (Replaces xsa226-1.patch) 59958ebf-gnttab-fix-transitive-grant-handling.patch (Replaces xsa226-2.patch) 59958edd-gnttab-avoid-spurious-maptrack-handle-alloc-failures.patch- bsc#1044974 - xen-tools require python-pam xen.spec- Clean up spec file errors and a few warnings. (bsc#1027519) - Removed conditional 'with_systemd' and some old deprecated 'sles_version' checks. xen.spec- Remove use of brctl utiltiy from supportconfig plugin FATE#323639- Use upstream variant of mini-os __udivmoddi4 change gcc7-mini-os.patch- fate#323639 Move bridge-utils to legacy replace-obsolete-network-configuration-commands-in-s.patch- bsc#1052686 - VUL-0: xen: grant_table: possibly premature clearing of GTF_writing / GTF_reading (XSA-230) xsa230.patch- bsc#1035231 - migration of HVM domU does not use superpages on destination dom0 libxc.sr.superpage.patch- bsc#1051787 - VUL-0: CVE-2017-12135: xen: possibly unbounded recursion in grant table code (XSA-226) xsa226-1.patch xsa226-2.patch - bsc#1051788 - VUL-0: CVE-2017-12137: xen: x86: PV privilege escalation via map_grant_ref (XSA-227) xsa227.patch - bsc#1051789 - VUL-0: CVE-2017-12136: xen: grant_table: Race conditions with maptrack free list handling (XSA-228) xsa228.patch- Add a supportconfig plugin xen-supportconfig FATE#323661- bsc#1026236 - add suse_vtsc_tolerance= cmdline option for Xen To avoid emulation of TSC access from a domU after live migration add a global tolerance for the measured host kHz xen.suse_vtsc_tolerance.patch- fate#323662 Drop qemu-dm from xen-tools package The following tarball and patches have been removed qemu-xen-traditional-dir-remote.tar.bz2 VNC-Support-for-ExtendedKeyEvent-client-message.patch 0001-net-move-the-tap-buffer-into-TAPState.patch 0002-net-increase-tap-buffer-size.patch 0003-e1000-fix-access-4-bytes-beyond-buffer-end.patch 0004-e1000-secrc-support.patch 0005-e1000-multi-buffer-packet-support.patch 0006-e1000-clear-EOP-for-multi-buffer-descriptors.patch 0007-e1000-verify-we-have-buffers-upfront.patch 0008-e1000-check-buffer-availability.patch CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch CVE-2015-4037-qemut-smb-config-dir-name.patch CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch blktap.patch cdrom-removable.patch xen-qemu-iscsi-fix.patch qemu-security-etch1.patch xen-disable-qemu-monitor.patch xen-hvm-default-bridge.patch qemu-ifup-set-mtu.patch ioemu-vnc-resize.patch capslock_enable.patch altgr_2.patch log-guest-console.patch bdrv_open2_fix_flags.patch bdrv_open2_flags_2.patch ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch qemu-dm-segfault.patch bdrv_default_rwflag.patch kernel-boot-hvm.patch ioemu-watchdog-support.patch ioemu-watchdog-linkage.patch ioemu-watchdog-ib700-timer.patch ioemu-hvm-pv-support.patch pvdrv_emulation_control.patch ioemu-disable-scsi.patch ioemu-disable-emulated-ide-if-pv.patch xenpaging.qemu.flush-cache.patch ioemu-devicemodel-include.patch - Cleanup spec file and remove unused KMP patches kmp_filelist supported_module.patch xen_pvonhvm.xen_emul_unplug.patch- bsc#1002573 - Optimize LVM functions in block-dmmd block-dmmd- Record initial Xen dmesg in /var/log/xen/xen-boot.log for supportconfig. Keep previous log in /var/log/xen/xen-boot.prev.log- Remove storytelling from description in xen.rpm- Update to Xen 4.9.0 FCS (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update block-dmmd script (bsc#1002573) block-dmmd- Update to Xen 4.9.0-rc8+ (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 gcc7-arm.patch - Drop gcc7-error-xenpmd.patch- Update to Xen 4.9.0-rc8 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop due to incorrect return value CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory leakage via capture buffer CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1031343 - xen fails to build with GCC 7 gcc7-mini-os.patch gcc7-xen.patch- bsc#1031343 - xen fails to build with GCC 7 gcc7-error-xenpmd.patch- Update to Xen 4.9.0-rc5 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 - Drop xen-tools-pkgconfig-xenlight.patch- bsc#1037779 - xen breaks kexec-tools build xen-tools-pkgconfig-xenlight.patch- Update to Xen 4.9.0-rc4 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- bsc#1036146 - sles12sp2 xen VM dumps core to wrong path xen.spec- Update to Xen 4.9.0-rc3 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 aarch64-maybe-uninitialized.patch- Update to Xen 4.9.0-rc2 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2- Update to Xen 4.9.0-rc1 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 ioemu-devicemodel-include.patch - Dropped patches contained in new tarball xen-4.8.0-testing-src.tar.bz2 0001-xenstore-let-write_node-and-some-callers-return-errn.patch 0002-xenstore-undo-function-rename.patch 0003-xenstore-rework-of-transaction-handling.patch 584806ce-x86emul-correct-PUSHF-POPF.patch 584fc649-fix-determining-when-domain-creation-is-complete.patch 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch 5853ed37-VT-d-correct-dma_msi_set_affinity.patch 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch 5882129d-x86emul-LOCK-check-adjustments.patch 58821300-x86-segment-attribute-handling.patch 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch 58a44771-IOMMU-always-call-teardown-callback.patch 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch glibc-2.25-compatibility-fix.patch xs-09-add_change_node-params.patch xs-10-call-add_change_node.patch xs-11-tdb-record-header.patch xs-12-node-gen-count.patch xs-13-read-directory-part-support.patch xs-14-command-array.patch xs-15-command-return-val.patch xs-16-function-static.patch xs-17-arg-parsing.patch xs-18-default-buffer.patch xs-19-handle-alloc-failures.patch xs-20-tdb-version.patch xs-21-empty-tdb-database.patch xs-22-reopen_log-fix.patch xs-23-XS_DEBUG-rename.patch xs-24-xenstored_control.patch xs-25-control-enhance.patch xs-26-log-control.patch xs-27-memory-report.patch xs-28-remove-talloc-report.patch xs-29-define-off_t.patch xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch- bsc#1022703 - Xen HVM guest with OVMF hangs with unattached CDRom 58a59f4b-libxl-correct-xenstore-entry-for-empty-cdrom.patch- bsc#1015348 - L3: libvirtd does not start during boot suse-xendomains-service.patch- bsc#1014136 - Partner-L3: kdump can't dump a kernel on SLES12-SP2 with Xen hypervisor. 58cf9260-x86-EFI-avoid-Xen-when-looking-for-mod-kexec-pos.patch - bsc#1026236 - L3: Paravirtualized vs. fully virtualized migration - latter one much faster 58cf9277-x86-time-dont-use-vTSC-if-host-guest-freqs-match.patch - Upstream patch from Jan 58cbf682-x86-EFI-avoid-overrunning-mb_modules.patch 58cf9200-x86-EFI-avoid-IOMMU-faults-on-tail-gap.patch 58d91365-sched-dont-call-wrong-hook-via-VCPU2OP.patch- bsc#1022555 - L3: Timeout in "execution of /etc/xen/scripts/block add" 58d25ea2-xenstore-add-missing-checks-for-allocation-failure.patch 0001-xenstore-let-write_node-and-some-callers-return-errn.patch 0002-xenstore-undo-function-rename.patch 0003-xenstore-rework-of-transaction-handling.patch - bsc#1030144 - VUL-0: xen: xenstore denial of service via repeated update (XSA-206) xsa206-0001-xenstored-apply-a-write-transaction-rate-limit.patch xsa206-0002-xenstored-Log-when-the-write-transaction-rate-limit.patch - bsc#1029827 - Forward port xenstored xs-09-add_change_node-params.patch xs-10-call-add_change_node.patch xs-11-tdb-record-header.patch xs-12-node-gen-count.patch xs-13-read-directory-part-support.patch xs-14-command-array.patch xs-15-command-return-val.patch xs-16-function-static.patch xs-17-arg-parsing.patch xs-18-default-buffer.patch xs-19-handle-alloc-failures.patch xs-20-tdb-version.patch xs-21-empty-tdb-database.patch xs-22-reopen_log-fix.patch xs-23-XS_DEBUG-rename.patch xs-24-xenstored_control.patch xs-25-control-enhance.patch xs-26-log-control.patch xs-27-memory-report.patch xs-28-remove-talloc-report.patch xs-29-define-off_t.patch- bsc#1029128 - fix make xen to really produce xen.efi with gcc48- bsc#1028235 - VUL-0: CVE-2017-6505: xen: qemu: usb: an infinite loop issue in ohci_service_ed_list CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch - Upstream patches from Jan (bsc#1027519) 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5899cbd9-EPT-allow-wrcomb-MMIO-mappings-again.patch 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch 58a44771-IOMMU-always-call-teardown-callback.patch 58a48ccc-x86-fix-p2m_flush_table-for-non-nested.patch 58a70d94-VMX-fix-VMCS-race-on-cswitch-paths.patch 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch 58b5a2de-x86-correct-Xens-idea-of-its-memory-layout.patch 58b6fd42-credit2-always-mark-a-tickled-pCPU-as-tickled.patch 58b6fd42-credit2-dont-miss-accounting-during-credit-reset.patch- bsc#1027654 - XEN fails to build against glibc 2.25 glibc-2.25-compatibility-fix.patch libxl.pvscsi.patch- fate#316613: Refresh and enable libxl.pvscsi.patch- bsc#1024834 - VUL-0: CVE-2017-2620: xen: cirrus_bitblt_cputovideo does not check if memory region is safe (XSA-209) CVE-2017-2620-xsa209-qemut-cirrus_bitblt_cputovideo-does-not-check-if-memory-region-safe.patch- bsc#1023948 - [pvusb][sles12sp3][openqa] Segmentation fault happened when adding usbctrl devices via xl 589b3272-libxl-dont-segfault-when-creating-domain-with-invalid-pvusb-device.patch- Upstream patches from Jan (bsc#1027519) 587d04d6-x86-xstate-fix-array-overrun-with-LWP.patch 587de4a9-x86emul-VEX-B-ignored-in-compat-mode.patch 5882129d-x86emul-LOCK-check-adjustments.patch 58821300-x86-segment-attribute-handling.patch 58873c1f-x86emul-correct-FPU-stub-asm-constraints.patch 58873c80-x86-hvm-do-not-set-msr_tsc_adjust-on-.patch 5887888f-credit2-use-the-correct-scratch-cpumask.patch 5887888f-credit2-never-consider-CPUs-outside-of-pool.patch 5887888f-credit2-fix-shutdown-suspend-with-cpupools.patch 5888b1b3-x86-emulate-dont-assume-addr_size-32-implies-protmode.patch- bsc#1023004 - VUL-0: CVE-2017-2615: qemu: display: cirrus: oob access while doing bitblt copy backward mode CVE-2017-2615-qemut-display-cirrus-oob-access-while-doing-bitblt-copy-backward-mode.patch- fate#322313 and fate#322150 require the acpica package ported to aarch64 which Xen 4.8 needs to build. Temporarily disable aarch64 until these fates are complete. xen.spec- bsc#1021952 - Virutalization/xen: Bug xen-tools missing /usr/bin/domu-xenstore; guests fail to launch tmp_build.patch xen.spec- No systemd presets for 42.3+ and SLE12SP3+ (bsc#1012842)- bsc#1007224 - broken symlinks in /usr/share/doc/packages/xen/misc/ xen.spec- 585aa3c5-x86-force-EFLAGS-IF-on-upon-exit-to-PV.patch Replaces xsa202.patch (bsc#1014298) - 585aa407-x86-HVM-NULL-check-before-using-VMFUNC-hook.patch Replaces xsa203.patch (bsc#1014300) - 58580060-x86-emul-correct-SYSCALL-eflags-handling.patch Replaces xsa204.patch (bsc#1016340) - Upstream patches from Jan 58526ccc-x86emul-64bit-ignore-most-segment-bases-in-align-check.patch 5853ed37-VT-d-correct-dma_msi_set_affinity.patch 5853ee07-x86emul-CMPXCHG16B-aligned-operand.patch 585bd5fe-x86-emul-correct-VMFUNC-return-value-handling.patch 586ba81c-x86-cpu-dont-update-this_cpu-for-guest-get_cpu_vendor.patch- bsc#1015169 - VUL-0: CVE-2016-9921, CVE-2016-9922: xen: qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch- bsc#1016340 - VUL-0: CVE-2016-10013: xen: x86: Mishandling of SYSCALL singlestep during emulation (XSA-204) xsa204.patch- bsc#1012651 - VUL-0: CVE-2016-9932: xen: x86 CMPXCHG8B emulation fails to ignore operand size override (XSA-200) 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch- bsc#1014298 - VUL-0: CVE-2016-10024: xen: x86 PV guests may be able to mask interrupts (XSA-202) xsa202.patch - bsc#1014300 - VUL-0: CVE-2016-10025: xen: x86: missing NULL pointer check in VMFUNC emulation (XSA-203) xsa203.patch - Upstream patches from Jan 584806ce-x86emul-correct-PUSHF-POPF.patch 584fc649-fix-determining-when-domain-creation-is-complete.patch 58510c06-x86emul-CMPXCHGnB-ignore-prefixes.patch 58510cac-x86emul-MOVNTI-no-REP-prefixes.patch- Update to Xen 4.8 FCS xen-4.8.0-testing-src.tar.bz2 - Dropped xen-4.7.1-testing-src.tar.bz2 0001-libxc-Rework-extra-module-initialisation.patch 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch 0004-firmware-makefile-install-BIOS-blob.patch 0005-libxl-Load-guest-BIOS-from-file.patch 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch 0008-hvmloader-Locate-the-BIOS-blob.patch 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch 0011-hvmloader-Load-OVMF-from-modules.patch 0012-hvmloader-Specific-bios_load-function-required.patch 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch 5769106e-x86-generate-assembler-equates-for-synthesized.patch 57a1e603-x86-time-adjust-local-system-time-initialization.patch 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch 57a30261-x86-support-newer-Intel-CPU-models.patch 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch 58343ec2-x86emul-fix-huge-bit-offset-handling.patch 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch 58343f44-x86-svm-fix-injection-of-software-interrupts.patch 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch CVE-2016-9381-xsa197-qemut.patch CVE-2016-9637-xsa199-qemut.patch- bsc#1011652 - VUL-0: xen: qemu ioport array overflow CVE-2016-9637-xsa199-qemut.patch- bsc#1009100 - VUL-0: CVE-2016-9386: XSA-191: xen: x86 null segments not always treated as unusable 58343dc2-x86-hvm-Fix-the-handling-of-non-present-segments.patch - bsc#1009103 - VUL-0: CVE-2016-9382: XSA-192: xen: x86 task switch to VM86 mode mis-handled 58343df8-x86-HVM-dont-load-LDTR-with-VM86-mode-attrs-during-task-switch.patch - bsc#1009104 - VUL-0: CVE-2016-9385: XSA-193: xen: x86 segment base write emulation lacking canonical address checks 58343e24-x86-PV-writes-of-fs-and-gs-base-MSRs-require-canonical-addresses.patch - bsc#1009105 - VUL-0: CVE-2016-9384: XSA-194: xen: guest 32-bit ELF symbol table load leaking host data 58343e9e-libelf-fix-stack-memory-leak-when-loading-32-bit-symbol-tables.patch - bsc#1009107 - VUL-0: CVE-2016-9383: XSA-195: xen: x86 64-bit bit test instruction emulation broken 58343ec2-x86emul-fix-huge-bit-offset-handling.patch - bsc#1009108 - VUL-0: CVE-2016-9377,CVE-2016-9378: XSA-196: xen: x86 software interrupt injection mis-handled 58343f29-x86-emul-correct-the-IDT-entry-calculation-in-inject_swint.patch 58343f44-x86-svm-fix-injection-of-software-interrupts.patch - bsc#1009109 - VUL-0: CVE-2016-9381: XSA-197: xen: qemu incautious about shared ring processing CVE-2016-9381-xsa197-qemut.patch - bsc#1009111 - VUL-0: CVE-2016-9379,CVE-2016-9380: XSA-198: xen: delimiter injection vulnerabilities in pygrub 58343f79-pygrub-Properly-quote-results-when-returning-them-to-the-caller.patch - Upstream patches from Jan 581b2c3b-x86-emul-reject-LGDT-LIDT-with-non-canonical-addresses.patch 581b647a-x86emul-L-S-G-I-DT-ignore-opsz-overrides-in-64-bit-mode.patch 58249392-x86-svm-dont-clobber-eax-edx-if-RDMSR-intercept-fails.patch 582c35d6-x86-vmx-correct-long-mode-check-in-vmx_cpuid_intercept.patch 582c35ee-x86-traps-dont-call-hvm_hypervisor_cpuid_leaf-for-PV.patch- Update to Xen Version 4.7.1 xen-4.7.1-testing-src.tar.bz2 - Dropped patches contained in new tarball xen-4.7.0-testing-src.tar.bz2 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch 57973099-have-schedulers-revise-initial-placement.patch 579730e6-remove-buggy-initial-placement-algorithm.patch 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch 57c82be2-x86-32on64-adjust-call-gate-emulation.patch 57c93e52-fix-error-in-libxl_device_usbdev_list.patch 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch 57c96e2c-x86-correct-PT_NOTE-file-position.patch 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch 57e93e1d-x86emul-correct-loading-of-ss.patch 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch 57e93e89-x86-AMD-apply-erratum-665-workaround.patch 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch 57fb6a91-x86-defer-not-present-segment-checks.patch 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch 5800caec-x86emul-fix-pushing-of-selector-registers.patch 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch- bsc#1004981 - Xen RPM doesn't contain debug hypervisor for EFI systems xen.spec- bsc#1000106 - VUL-0: CVE-2016-7777: xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190) 57f3a8ee-x86emul-honor-guest-CR0-TS-and-CR0-EM.patch - bsc#996191 - [XEN][acpi]residency -n 88 -c will cause xen panic on broadwell-ep 57dfb2ff-x86-Intel-Broadwell-no-PKG_C8-10_RESIDENCY-MSRs.patch - Upstream patches from Jan 57d7ca5f-x86-domctl-fix-TOCTOU-race-in-XEN_DOMCTL_getvcpuextstate.patch 57d7ca64-x86-domctl-fix-migration-of-guests-not-using-xsave.patch 57da8883-credit1-fix-mask-to-be-used-for-tickling.patch 57da8883-credit2-properly-schedule-migration-of-running-vcpu.patch 57dfb1c5-x86-Intel-hide-CPUID-faulting-capability-from-guests.patch 57e93e1d-x86emul-correct-loading-of-ss.patch 57e93e4a-x86emul-don-t-allow-null-selector-for-LTR.patch 57e93e89-x86-AMD-apply-erratum-665-workaround.patch 57ee6cbc-credit1-return-time-remaining-to-limit-as-next-timeslice.patch 57fb6a91-x86-defer-not-present-segment-checks.patch 5800c51d-x86-hvm-Clobber-cs-L-when-LME-becomes-set.patch 5800caec-x86emul-fix-pushing-of-selector-registers.patch 5800cb06-x86-Viridian-don-t-depend-on-undefined-register-state.patch 580e29f9-x86-MISALIGNSSE-feature-depends-on-SSE.patch 5810a9cc-x86-emul-Correct-decoding-of-SReg3-operands.patch- bsc#1007941 - Xen tools limit the number of vcpus to 256 when the system has 384 xen-arch-kconfig-nr_cpus.patch- bsc#1007157 - VUL-0: CVE-2016-8910: xen: net: rtl8139: infinite loop while transmit in C+ mode CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch- bsc#1005004 - CVE-2016-8667: xen: dma: rc4030 divide by zero error in set_next_tick CVE-2016-8667-qemut-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch - bsc#1005005 - VUL-0: CVE-2016-8669: xen: char: divide by zero error in serial_update_parameters CVE-2016-8669-qemut-char-divide-by-zero-error-in-serial_update_parameters.patch- bsc#1003030 - VUL-0: CVE-2016-7908: xen: net: Infinite loop in mcf_fec_do_tx CVE-2016-7908-qemut-net-Infinite-loop-in-mcf_fec_do_tx.patch - bsc#1003032 - VUL-0: CVE-2016-7909: xen: net: pcnet: infinite loop in pcnet_rdra_addr CVE-2016-7909-qemut-net-pcnet-infinite-loop-in-pcnet_rdra_addr.patch- bsc#995785 - VUL-0: CVE-2016-7092: xen: x86: Disallow L3 recursive pagetable for 32-bit PV guests (XSA-185) 57d1563d-x86-32on64-don-t-allow-recursive-page-tables-from-L3.patch - bsc#995789 - VUL-0: CVE-2016-7093: xen: x86: Mishandling of instruction pointer truncation during emulation (XSA-186) 57d15679-x86-emulate-Correct-boundary-interactions-of-emulated-insns.patch 57d18642-hvm-fep-Allow-test-insns-crossing-1-0-boundary.patch - bsc#995792 - VUL-0: CVE-2016-7094: xen: x86 HVM: Overflow of sh_ctxt->seg_reg[] (XSA-187) 57d1569a-x86-shadow-Avoid-overflowing-sh_ctxt-seg_reg.patch 57d18642-x86-segment-Bounds-check-accesses-to-emulation-ctxt-seg_reg.patch - bsc#991934 - xen hypervisor crash in csched_acct 57c96df3-credit1-fix-a-race-when-picking-initial-pCPU.patch - Upstream patches from Jan 57c4412b-x86-HVM-add-guarding-logic-for-VMX-specific-code.patch 57c57f73-libxc-correct-max_pfn-calculation-for-saving-domain.patch 57c805bf-x86-levelling-restrict-non-architectural-OSXSAVE-handling.patch 57c805c1-x86-levelling-pass-vcpu-to-ctxt_switch_levelling.patch 57c805c3-x86-levelling-provide-architectural-OSXSAVE-handling.patch 57c82be2-x86-32on64-adjust-call-gate-emulation.patch 57c96e2c-x86-correct-PT_NOTE-file-position.patch 57cfed43-VMX-correct-feature-checks-for-MPX-and-XSAVES.patch- bsc#979002 - add 60-persistent-xvd.rules and helper script also to initrd, add the relevant dracut helper- bnc#953518 - unplug also SCSI disks in qemu-xen-traditional for upstream unplug protocol- bsc#989679 - [pvusb feature] USB device not found when 'virsh detach-device guest usb.xml' 57c93e52-fix-error-in-libxl_device_usbdev_list.patch- bsc#992224 - [HPS Bug] During boot of Xen Hypervisor, Failed to get contiguous memory for DMA from Xen 57ac6316-don-t-restrict-DMA-heap-to-node-0.patch - bsc#978755 - xen uefi systems fail to boot - bsc#983697 - SLES12 SP2 Xen UEFI mode cannot boot 57b71fc5-x86-EFI-don-t-apply-relocations-to-l-2-3-_bootmap.patch - Upstream patch from Jan 57b7447b-dont-permit-guest-to-populate-PoD-pages-for-itself.patch- spec: to stay compatible with the in-tree qemu-xen binary, use /usr/bin/qemu-system-i386 instead of /usr/bin/qemu-system-x86_64 bsc#986164- bsc#970135 - new virtualization project clock test randomly fails on Xen 576001df-x86-time-use-local-stamp-in-TSC-calibration-fast-path.patch 5769106e-x86-generate-assembler-equates-for-synthesized.patch 57a1e603-x86-time-adjust-local-system-time-initialization.patch 57a1e64c-x86-time-introduce-and-use-rdtsc_ordered.patch 57a2f6ac-x86-time-calibrate-TSC-against-platform-timer.patch - bsc#991934 - xen hypervisor crash in csched_acct 57973099-have-schedulers-revise-initial-placement.patch 579730e6-remove-buggy-initial-placement-algorithm.patch - bsc#988675 - VUL-0: CVE-2016-6258: xen: x86: Privilege escalation in PV guests (XSA-182) 57976073-x86-remove-unsafe-bits-from-mod_lN_entry-fastpath.patch - bsc#988676 - VUL-0: CVE-2016-6259: xen: x86: Missing SMAP whitelisting in 32-bit exception / event delivery (XSA-183) 57976078-x86-avoid-SMAP-violation-in-compat_create_bounce_frame.patch - Upstream patches from Jan 57a30261-x86-support-newer-Intel-CPU-models.patch- bsc#985503 - vif-route broken vif-route.patch- bsc#978413 - PV guest upgrade from sles11sp4 to sles12sp2 alpha3 failed on sles11sp4 xen host. pygrub-handle-one-line-menu-entries.patch- bsc#990843 - VUL-1: CVE-2016-6351: xen: qemu: scsi: esp: OOB write access in esp_do_dma CVE-2016-6351-qemut-scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch- bsc#900418 - Dump cannot be performed on SLES12 XEN 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch - Upstream patches from Jan 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch- fate#319989 - Update to Xen 4.7 FCS xen-4.7.0-testing-src.tar.bz2 - Drop CVE-2014-3672-qemut-xsa180.patch- bsc#954872 - script block-dmmd not working as expected - libxl: error: libxl_dm.c (Additional fixes) block-dmmd- Convert with_stubdom into build_conditional to allow adjusting via prjconf - Convert with_debug into build_conditional to allow adjusting via prjconf- bsc#979002 - add 60-persistent-xvd.rules and helper script to xen-tools-domU to simplify transition to pvops based kernels- Convert with_oxenstored into build_conditional to allow adjusting via prjconf (fate#320836)- bsc#983984 - VUL-0: CVE-2016-5338: xen: qemu: scsi: esp: OOB r/w access while processing ESP_FIFO CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch - bsc#982960 - VUL-0: CVE-2016-5238: xen: qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch- fate#319989 - Update to Xen 4.7 RC5 xen-4.7.0-testing-src.tar.bz2- fate#319989 - Update to Xen 4.7 RC4 xen-4.7.0-testing-src.tar.bz2 - Dropped xen.pkgconfig-4.7.patch xsa164.patch- bsc#981264 - VUL-0: CVE-2014-3672: xen: Unrestricted qemu logging (XSA-180) CVE-2014-3672-qemut-xsa180.patch- bsc#980724 - VUL-0: CVE-2016-4441: Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in get_cmd CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch - bsc#980716 - VUL-0: CVE-2016-4439: xen: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch- fate#319989 - Update to Xen 4.7 RC3 xen-4.7.0-testing-src.tar.bz2 - Dropped libxl-remove-cdrom-cachemode.patch x86-PoD-only-reclaim-if-needed.patch gcc6-warnings-as-errors.patch- bsc#954872 - script block-dmmd not working as expected - libxl: error: libxl_dm.c (another modification) block-dmmd- fate#319989 - Update to Xen 4.7 RC2 xen-4.7.0-testing-src.tar.bz2- bsc#961600 - L3: poor performance when Xen HVM domU configured with max memory > current memory x86-PoD-only-reclaim-if-needed.patch- Mark SONAMEs and pkgconfig as xen 4.7 xen.pkgconfig-4.7.patch- bsc#977329 - Xen: Cannot boot HVM guests with empty cdrom libxl-remove-cdrom-cachemode.patch- fate#319989 - Update to Xen 4.7 RC1 xen-4.7.0-testing-src.tar.bz2- fate#316614: set migration constraints from cmdline restore libxl.set-migration-constraints-from-cmdline.patch- Remove obsolete patch for xen-kmp magic_ioport_compat.patch- fate#316613: update to v12 libxl.pvscsi.patch- Update to the latest Xen 4.7 pre-release c2994f86 Drop libxl.migrate-legacy-stream-read.patch- bnc#972756 - Can't migrate HVM guest from SLES12SP1 Xen host to SLES12SP2 Alpha 1 host using xl migrate libxl.migrate-legacy-stream-read.patch- Add patches from proposed upstream series to load BIOS's from the toolstack instead of embedding in hvmloader http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01626.html 0001-libxc-Rework-extra-module-initialisation.patch, 0002-libxc-Prepare-a-start-info-structure-for-hvmloader.patch, 0003-configure-define-SEABIOS_PATH-and-OVMF_PATH.patch, 0004-firmware-makefile-install-BIOS-blob.patch, 0005-libxl-Load-guest-BIOS-from-file.patch, 0006-xen-Move-the-hvm_start_info-C-representation-from-li.patch, 0007-hvmloader-Grab-the-hvm_start_info-pointer.patch, 0008-hvmloader-Locate-the-BIOS-blob.patch, 0009-hvmloader-Check-modules-whereabouts-in-perform_tests.patch, 0010-hvmloader-Load-SeaBIOS-from-hvm_start_info-modules.patch, 0011-hvmloader-Load-OVMF-from-modules.patch, 0012-hvmloader-Specific-bios_load-function-required.patch, 0013-hvmloader-Always-build-in-SeaBIOS-and-OVMF-loader.patch, 0014-configure-do-not-depend-on-SEABIOS_PATH-or-OVMF_PATH.patch - Enable support for UEFI on x86_64 using the ovmf-x86_64-ms.bin firmware from qemu-ovmf-x86_64. The firmware is preloaded with Microsoft keys to more closely resemble firmware on real hardware FATE#320490- fate#319989: Update to Xen 4.7 (pre-release) xen-4.7.0-testing-src.tar.bz2 - Dropped: xen-4.6.1-testing-src.tar.bz2 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch hotplug-Linux-block-performance-fix.patch set-mtu-from-bridge-for-tap-interface.patch xendomains-libvirtd-conflict.patch xsa154.patch xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xsa170.patch- Use system SeaBIOS instead of building/installing another one FATE#320638 Dropped files: seabios-dir-remote.tar.bz2 xen-c99-fix.patch xen.build-compare.seabios.patch- spec: drop BuildRequires that were only needed for qemu-xen- bsc#969377 - xen does not build with GCC 6 ipxe-use-rpm-opt-flags.patch gcc6-warnings-as-errors.patch- bsc#969351 - VUL-0: CVE-2016-2841: xen: net: ne2000: infinite loop in ne2000_receive CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch - Drop xsa154-fix.patch- Use system qemu instead of building/installing yet another qemu FATE#320638 - Dropped files qemu-xen-dir-remote.tar.bz2 CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch qemu-xen-enable-spice-support.patch qemu-xen-upstream-qdisk-cache-unsafe.patch tigervnc-long-press.patch xsa162-qemuu.patch- bsc#962321 - VUL-0: CVE-2016-1922: xen: i386: null pointer dereference in vapic_write() CVE-2016-1922-qemuu-i386-null-pointer-dereference-in-vapic_write.patch- bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in remote NDIS control message handling CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch- bsc#954872 - L3: script block-dmmd not working as expected - libxl: error: libxl_dm.c block-dmmd - Update libxl to recognize dmmd and npiv prefix in disk spec xen.libxl.dmmd.patch- bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers in ohci module leads to null pointer dereference CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.patch - bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer dereference in remote NDIS control message handling CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch- Update to Xen Version 4.6.1 xen-4.6.1-testing-src.tar.bz2 - Dropped patches now contained in tarball or unnecessary xen-4.6.0-testing-src.tar.bz2 5604f239-x86-PV-properly-populate-descriptor-tables.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch 56549f24-x86-vPMU-document-as-unsupported.patch 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch xsa155-qemut-qdisk-double-access.patch xsa155-qemut-xenfb.patch xsa155-qemuu-qdisk-double-access.patch xsa155-qemuu-xenfb.patch xsa159.patch xsa160.patch xsa162-qemut.patch xsa165.patch xsa166.patch xsa167.patch xsa168.patch- bsc#965315 - VUL-0: CVE-2016-2270: xen: x86: inconsistent cachability flags on guest mappings (XSA-154) xsa154.patch - bsc#965317 - VUL-0: CVE-2016-2271: xen: VMX: guest user mode may crash guest with non-canonical RIP (XSA-170) xsa170.patch- bsc#965269 - VUL-1: CVE-2015-8619: xen: stack based OOB write in hmp_sendkey routine CVE-2015-8619-qemuu-stack-based-OOB-write-in-hmp_sendkey-routine.patch- bsc#965156 - VUL-0: CVE-2015-6855: xen: ide: divide by zero issue CVE-2015-6855-qemuu-ide-divide-by-zero-issue.patch - bsc#965112 - VUL-0: CVE-2014-3640: xen: slirp: NULL pointer deref in sosendto() CVE-2014-3640-qemut-slirp-NULL-pointer-deref-in-sosendto.patch- bsc#964947 - VUL-0: CVE-2015-5278: xen: Infinite loop in ne2000_receive() function CVE-2015-5278-qemut-Infinite-loop-in-ne2000_receive-function.patch - bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch- bsc#964644 - VUL-0: CVE-2013-4533: xen pxa2xx: buffer overrun on incoming migration CVE-2013-4533-qemut-pxa2xx-buffer-overrun-on-incoming-migration.patch - bsc#964925 - VUL-0: CVE-2014-0222: xen: qcow1: validate L2 table size to avoid integer overflows CVE-2014-0222-blktap-qcow1-validate-l2-table-size.patch - Dropped CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch- bsc#964415 - VUL-1: CVE-2016-2198: xen: usb: ehci null pointer dereference in ehci_caps_write CVE-2016-2198-qemuu-usb-ehci-null-pointer-dereference-in-ehci_caps_write.patch - bsc#964452 - VUL-0: CVE-2013-4534: xen: openpic: buffer overrun on incoming migration CVE-2013-4534-qemut-openpic-buffer-overrun-on-incoming-migration.patch- bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch- bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun on invalid state load CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch- bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient resource limiting in VNC websockets decoder CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch - bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on invalid state load CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch - bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient bits_per_pixel from the client sanitization CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch- bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer overun on invalid state CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch - bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer overflow in non-loopback mode CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch- bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch- bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch - bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci use-after-free vulnerability in aio port commands CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch- bsc#959695 - missing docs for xen xen.spec- bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) xsa168.patch - bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage functionality missing sanity checks (XSA-167) xsa167.patch - bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch- bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers leads to a crash via assert(2) call CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch - bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access in ioport r/w functions CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch- bsc#960093 - VUL-0: CVE-2015-8615: xen: x86: unintentional logging upon guest changing callback method (XSA-169) 5677f350-x86-make-debug-output-consistent-in-hvm_set_callback_via.patch- Adjust xen-dom0-modules.service to run Before xenstored.service instead of proc-xen.mount to workaround a bug in systemd "design" (bnc#959845)- bsc#959387 - VUL-0: CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory leakage CVE-2015-8568-qemuu-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch- bsc#957988 - VUL-0: CVE-2015-8550: xen: paravirtualized drivers incautious about shared memory contents (XSA-155) xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch xsa155-qemuu-qdisk-double-access.patch xsa155-qemut-qdisk-double-access.patch xsa155-qemuu-xenfb.patch xsa155-qemut-xenfb.patch - bsc#959006 - VUL-0: CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state results in DoS CVE-2015-8558-qemuu-usb-infinite-loop-in-ehci_advance_state-results-in-DoS.patch - bsc#958918 - VUL-0: CVE-2015-7549: xen: qemu pci: null pointer dereference issue CVE-2015-7549-qemuu-pci-null-pointer-dereference-issue.patch - bsc#958493 - VUL-0: CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception CVE-2015-8504-qemuu-vnc-avoid-floating-point-exception.patch CVE-2015-8504-qemut-vnc-avoid-floating-point-exception.patch - bsc#958007 - VUL-0: CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164) xsa164.patch - bsc#958009 - VUL-0: CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM initialization (XSA-165) xsa165.patch - bsc#958523 - VUL-0: xen: ioreq handling possibly susceptible to multiple read issue (XSA-166) xsa166.patch- bsc#956832 - VUL-0: CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing command block list CVE-2015-8345-qemuu-eepro100-infinite-loop-fix.patch CVE-2015-8345-qemut-eepro100-infinite-loop-fix.patch - Upstream patches from Jan 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch 56544a57-VMX-fix-adjust-trap-injection.patch 56546ab2-sched-fix-insert_vcpu-locking.patch- bsc#956592 - VUL-0: xen: virtual PMU is unsupported (XSA-163) 56549f24-x86-vPMU-document-as-unsupported.patch - bsc#956408 - VUL-0: CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues (XSA-159) xsa159.patch - bsc#956409 - VUL-0: CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error (XSA-160) xsa160.patch - bsc#956411 - VUL-0: CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator (XSA-162) xsa162-qemuu.patch xsa162-qemut.patch - bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) 5628fc67-libxl-No-emulated-disk-driver-for-xvdX-disk.patch 5649bcbe-libxl-relax-readonly-check-introduced-by-XSA-142-fix.patch- fate#315712: XEN: Use the PVOPS kernel Turn off building the KMPs now that we are using the pvops kernel xen.spec- Upstream patches from Jan 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch - Dropped 55b0a2db-x86-MSI-track-guest-masking.patch- Use upstream variants of block-iscsi and block-nbd- Remove xenalyze.hg, its part of xen-4.6- Update to Xen Version 4.6.0 xen-4.6.0-testing-src.tar.bz2 mini-os.tar.bz2 blktap2-no-uninit.patch stubdom-have-iovec.patch - Renamed xsa149.patch to CVE-2015-7969-xsa149.patch - Dropped patches now contained in tarball or unnecessary xen-4.5.2-testing-src.tar.bz2 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch 54f4985f-libxl-fix-libvirtd-double-free.patch 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch 551ac326-xentop-add-support-for-qdisk.patch 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 557eb55f-gnttab-per-active-entry-locking.patch 557eb5b6-gnttab-introduce-maptrack-lock.patch 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch 5582bf43-evtchn-simplify-port_is_valid.patch 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch 55b0a218-x86-PCI-CFG-write-intercept.patch 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch 55b0a2ab-x86-MSI-X-enable.patch blktapctrl-close-fifos.patch blktapctrl-default-to-ioemu.patch blktapctrl-disable-debug-printf.patch blktap-no-uninit.patch blktap-pv-cdrom.patch build-tapdisk-ioemu.patch ioemu-bdrv-open-CACHE_WB.patch ioemu-blktap-barriers.patch ioemu-blktap-fv-init.patch ioemu-blktap-image-format.patch ioemu-blktap-zero-size.patch libxl.set-migration-constraints-from-cmdline.patch local_attach_support_for_phy.patch pci-attach-fix.patch qemu-xen-upstream-megasas-buildtime.patch tapdisk-ioemu-logfile.patch tapdisk-ioemu-shutdown-fix.patch udev-rules.patch xen.build-compare.ipxe.patch xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch xen.build-compare.vgabios.patch xen.build-compare.xen_compile_h.patch xl-coredump-file-location.patch- bsc#954405 - VUL-0: CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - VUL-0: CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) CVE-2015-5307-xsa156.patch- Update to Xen 4.5.2 xen-4.5.2-testing-src.tar.bz2 - Drop the following xen-4.5.1-testing-src.tar.bz2 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch 5576f178-kexec-add-more-pages-to-v1-environment.patch 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch 558bfaa0-x86-traps-avoid-using-current-too-early.patch 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch 559bdde5-pull-in-latest-linux-earlycpio.patch 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch 55a77e4f-dmar-device-scope-mem-leak-fix.patch 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch 55e43fd8-x86-NUMA-fix-setup_node.patch 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch CVE-2015-4106-xsa131-9.patch CVE-2015-3259-xsa137.patch CVE-2015-7311-xsa142.patch CVE-2015-7835-xsa148.patch xsa139-qemuu.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch xsa151.patch xsa152.patch xsa153-libxl.patch CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch"- bsc#950704 - CVE-2015-7970 VUL-1: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch- Upstream patches from Jan 5604f239-x86-PV-properly-populate-descriptor-tables.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand balloon size inaccuracy can crash guests (XSA-153) xsa153-libxl.patch- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain vcpu pointer array (DoS) (XSA-149) xsa149.patch - bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain profiling-related vcpu pointer array (DoS) (XSA-151) xsa151.patch - bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and profiling hypercalls log without rate limiting (XSA-152) xsa152.patch - Dropped 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure temporary file use in /net/slirp.c CVE-2015-4037-qemuu-smb-config-dir-name.patch CVE-2015-4037-qemut-smb-config-dir-name.patch - bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table size to avoid integer overflows CVE-2014-0222-qemuu-qcow1-validate-l2-table-size.patch CVE-2014-0222-qemut-qcow1-validate-l2-table-size.patch- bsc#950367 - VUL-0: CVE-2015-7835: xen: x86: Uncontrolled creation of large page mappings by PV guests (XSA-148) CVE-2015-7835-xsa148.patch- bsc#949138 - Setting vcpu affinity under Xen causes libvirtd abort 54f4985f-libxl-fix-libvirtd-double-free.patch- bsc#949046 - Increase %suse_version in SP1 to 1316 xen.spec - Update README.SUSE detailing dom0 ballooning recommendations- bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’ secondly show errors 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch - Upstream patches from Jan 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch- bsc#941074 - VmError: Device 51728 (vbd) could not be connected. Hotplug scripts not working. hotplug-Linux-block-performance-fix.patch- bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) CVE-2015-7311-xsa142.patch- bsc#945165 - Xl pci-attach show error with kernel of SLES 12 sp1 pci-attach-fix.patch- bsc#945164 - Xl destroy show error with kernel of SLES 12 sp1 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch- Upstream patches from Jan 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch 55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch 55e43fd8-x86-NUMA-fix-setup_node.patch 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch- bsc#944463 - VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in vnc_client_read() and protocol_client_msg() CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch - bsc#944697 - VUL-1: CVE-2015-6815: qemu: net: e1000: infinite loop issue CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line config handling stack overflow 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch- bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed - bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been observed - bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot has been observed 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 55b0a218-x86-PCI-CFG-write-intercept.patch 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch 55b0a2ab-x86-MSI-X-enable.patch 55b0a2db-x86-MSI-track-guest-masking.patch - Upstream patches from Jan 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch 55a77e4f-dmar-device-scope-mem-leak-fix.patch 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch - Dropped for upstream version x86-MSI-mask.patch x86-MSI-pv-unmask.patch x86-MSI-X-enable.patch x86-MSI-X-maskall.patch x86-MSI-X-teardown.patch x86-pci_cfg_okay.patch x86-PCI-CFG-write-intercept.patch- bsc#939712 - VUL-0: XSA-140: QEMU leak of uninitialized heap memory in rtl8139 device model xsa140-qemuu-1.patch xsa140-qemuu-2.patch xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch - bsc#939709 - VUL-0: XSA-139: xen: Use after free in QEMU/Xen block unplug protocol xsa139-qemuu.patch- bsc#937371 - xen vm's running after reboot xendomains-libvirtd-conflict.patch- bsc#938344 - VUL-0: CVE-2015-5154: qemu,kvm,xen: host code execution via IDE subsystem CD-ROM CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch- Remove xendomains.service from systemd preset file because it conflicts with libvirt-guests.service (bnc#937371) Its up to the admin to run systemctl enable xendomains.service- bnc#935634 - VUL-0: CVE-2015-3259: xen: XSA-137: xl command line config handling stack overflow CVE-2015-3259-xsa137.patch - Upstream patches from Jan 558bfaa0-x86-traps-avoid-using-current-too-early.patch 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch 559bdde5-pull-in-latest-linux-earlycpio.patch - Upstream patches from Jan pending review 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 557eb55f-gnttab-per-active-entry-locking.patch 557eb5b6-gnttab-introduce-maptrack-lock.patch 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch 5582bf43-evtchn-simplify-port_is_valid.patch 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch x86-MSI-pv-unmask.patch x86-pci_cfg_okay.patch x86-PCI-CFG-write-intercept.patch x86-MSI-X-maskall.patch x86-MSI-X-teardown.patch x86-MSI-X-enable.patch x86-MSI-mask.patch- Adjust more places to use br0 instead of xenbr0- bnc#936516 - xen fails to build with kernel update(4.1.0 from stable) 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch- Update to Xen Version 4.5.1 FCS (fate#315675) xen-4.5.1-testing-src.tar.bz2 - Dropped patches now contained in tarball 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch 5513b458-allow-reboot-overrides-when-running-under-EFI.patch 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch 5576f178-kexec-add-more-pages-to-v1-environment.patch 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch CVE-2015-3456-xsa133-qemuu.patch CVE-2015-3456-xsa133-qemut.patch qemu-MSI-X-enable-maskall.patch qemu-MSI-X-latch-writes.patch x86-MSI-X-guest-mask.patch- Replace 5124efbe-add-qxl-support.patch with the variant that finally made it upstream, 554cc211-libxl-add-qxl.patch- bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable qemu MSI-X pass-through error messages qemu-MSI-X-latch-writes.patch - bsc#907514 - Bus fatal error & sles12 sudden reboot has been observed - bsc#910258 - SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984 - Bus fatal error & sles11-SP4 sudden reboot has been observed - bsc#923967 - Partner-L3: Bus fatal error & sles11-SP3 sudden reboot has been observed x86-MSI-X-teardown.patch x86-MSI-X-enable.patch x86-MSI-X-guest-mask.patch x86-MSI-X-maskall.patch qemu-MSI-X-enable-maskall.patch - Upstream patches from Jan 55780aaa-efi-avoid-calling-boot-services-after-ExitBootServices.patch 55780aff-x86-EFI-fix-EFI_MEMORY_WP-handling.patch 55780b43-EFI-early-add-mapbs-to-map-EfiBootServices-Code-Data.patch 55780b97-EFI-support-default-attributes-to-map-Runtime-service-areas.patch 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch - Dropped the following patches now contained in the tarball xen-no-array-bounds.patch CVE-2015-4103-xsa128.patch CVE-2015-4104-xsa129.patch CVE-2015-4105-xsa130.patch CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch- Update to Xen 4.5.1 RC2 - bsc#931628 - VUL-0: CVE-2015-4106: XSA-131: xen: Unmediated PCI register access in qemu CVE-2015-4106-xsa131-1.patch CVE-2015-4106-xsa131-2.patch CVE-2015-4106-xsa131-3.patch CVE-2015-4106-xsa131-4.patch CVE-2015-4106-xsa131-5.patch CVE-2015-4106-xsa131-6.patch CVE-2015-4106-xsa131-7.patch CVE-2015-4106-xsa131-8.patch CVE-2015-4106-xsa131-9.patch - bsc#931627 - VUL-0: CVE-2015-4105: XSA-130: xen: Guest triggerable qemu MSI-X pass-through error messages CVE-2015-4105-xsa130.patch - bsc#931626 - VUL-0: CVE-2015-4104: XSA-129: xen: PCI MSI mask bits inadvertently exposed to guests CVE-2015-4104-xsa129.patch - bsc#931625 - VUL-0: CVE-2015-4103: XSA-128: xen: Potential unintended writes to host MSI message data field via qemu CVE-2015-4103-xsa128.patch - Upstream patches from Jan 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch 556c2cf2-x86-don-t-crash-mapping-a-page-using-EFI-rt-page-tables.patch 556d9718-efi-fix-allocation-problems-if-ExitBootServices-fails.patch 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch 556eabf7-x86-apic-Disable-the-LAPIC-later-in-smp_send_stop.patch 556eac15-x86-crash-don-t-use-set_fixmap-in-the-crash-path.patch- Add DefaultDependencies=no to xen-dom0-modules.service because it has to run before proc-xen.mount- Update to Xen 4.5.1 RC1- Update blktap-no-uninit.patch to work with gcc-4.5- bsc#927967 - VUL-0: CVE-2015-3340: xen: Information leak through XEN_DOMCTL_gettscinfo (XSA-132) 5535f633-dont-leak-hypervisor-stack-to-toolstacks.patch- bnc#929339 - VUL-0: CVE-2015-3456: qemu kvm xen: VENOM qemu floppy driver host code execution CVE-2015-3456-xsa133-qemuu.patch CVE-2015-3456-xsa133-qemut.patch- bsc#928783 - Reboot failure; Request backport of upstream Xen patch to 4.5.0, or update pkgs to 4.5.1 5513b458-allow-reboot-overrides-when-running-under-EFI.patch 5513b4d1-dont-apply-reboot-quirks-if-reboot-set-by-user.patch- bnc#927750 - Avoid errors reported by system-modules-load.service- Add xen-no-array-bounds.patch and blktap-no-uninit.patch to selectively turn errors back to warnings to fix build with GCC 5. - Amend xen.stubdom.newlib.patch to pull in declaration of strcmp to avoid implicit-fortify-decl rpmlint error. - Fix quoting of __SMBIOS_DATE__ in xen.build-compare.smbiosdate.patch.- xentop: Fix memory leak on read failure 551ac326-xentop-add-support-for-qdisk.patch- Dropped xentop-add-support-for-qdisk.patch in favor of upstream version 551ac326-xentop-add-support-for-qdisk.patch- Enable spice support in qemu for x86_64 5124efbe-add-qxl-support.patch qemu-xen-enable-spice-support.patch- Add xen-c99-fix.patch to remove pointless inline specifier on function declarations which break build with a C99 compiler which GCC 5 is by default. (bsc#921994) - Add ipxe-no-error-logical-not-parentheses.patch to supply - Wno-logical-not-parentheses to the ipxe build to fix breakage with GCC 5. (bsc#921994)- bnc#921842 - Xentop doesn't display disk statistics for VMs using qdisks xentop-add-support-for-qdisk.patch- Disable the PIE enablement done for Factory, as the XEN code is not buildable with PIE and it does not make much sense to build the hypervisor code with it.- bnc#918169 - XEN fixes required to work with Kernel 3.19.0 xen.spec- Package xen.changes because its referenced in xen.spec- Update seabios to rel-1.7.5 which is the correct version for Xen 4.5- Update to Xen 4.5.0 FCS- Include systemd presets in 13.2 and older- bnc#897352 - Enable xencommons/xendomains only during fresh install - disable restart on upgrade because the toolstack is not restartable- adjust seabios, vgabios, stubdom and hvmloader build to reduce build-compare noise xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch xen.build-compare.ipxe.patch xen.build-compare.vgabios.patch xen.build-compare.seabios.patch xen.build-compare.man.patch- Update to Xen 4.5.0 RC4- Remove xend specific if-up scripts Recording bridge slaves is a generic task which should be handled by generic network code- Use systemd features from upstream requires updated systemd-presets-branding package- Update to Xen 4.5.0 RC3- Set GIT, WGET and FTP to /bin/false- Use new configure features instead of make variables xen.stubdom.newlib.patch- adjust docs and xen build to reduce build-compare noise xen.build-compare.doc_html.patch xen.build-compare.xen_compile_h.patch- Drop trailing B_CNT from XEN_EXTRAVERSION to reduce build-compare noise- Update to Xen 4.5.0 RC2- Update to Xen 4.5.0 RC1 xen-4.5.0-testing-src.tar.bz2 - Remove all patches now contained in the new tarball xen-4.4.1-testing-src.tar.bz2 5315a3bb-x86-don-t-propagate-acpi_skip_timer_override-do-Dom0.patch 5315a43a-x86-ACPI-also-print-address-space-for-PM1x-fields.patch 53299d8f-xenconsole-reset-tty-on-failure.patch 53299d8f-xenconsole-tolerate-tty-errors.patch 5346a7a0-x86-AMD-support-further-feature-masking-MSRs.patch 53563ea4-x86-MSI-drop-workaround-for-insecure-Dom0-kernels.patch 537c9c77-libxc-check-return-values-on-mmap-and-madvise.patch 537cd0b0-hvmloader-also-cover-PCI-MMIO-ranges-above-4G-with-UC-MTRR-ranges.patch 537cd0cc-hvmloader-PA-range-0xfc000000-0xffffffff-should-be-UC.patch 539ebe62-x86-EFI-improve-boot-time-diagnostics.patch 53aac342-x86-HVM-consolidate-and-sanitize-CR4-guest-reserved-bit-determination.patch 53c9151b-Fix-xl-vncviewer-accesses-port-0-by-any-invalid-domid.patch 53d124e7-fix-list_domain_details-check-config-data-length-0.patch 53dba447-x86-ACPI-allow-CMOS-RTC-use-even-when-ACPI-says-there-is-none.patch 53df727b-x86-HVM-extend-LAPIC-shortcuts-around-P2M-lookups.patch 53e8be5f-x86-vHPET-use-rwlock-instead-of-simple-one.patch 53f737b1-VMX-fix-DebugCtl-MSR-clearing.patch 53f7386d-x86-irq-process-softirqs-in-irq-keyhandlers.patch 53fcebab-xen-pass-kernel-initrd-to-qemu.patch 53ff3659-x86-consolidate-boolean-inputs-in-hvm-and-p2m.patch 53ff36ae-x86-hvm-treat-non-insn-fetch-NPF-also-as-read-violations.patch 53ff36d5-x86-mem_event-deliver-gla-fault-EPT-violation-information.patch 53ff3716-x86-ats-Disable-Address-Translation-Services-by-default.patch 53ff3899-x86-NMI-allow-processing-unknown-NMIs-with-watchdog.patch 54005472-EPT-utilize-GLA-GPA-translation-known-for-certain-faults.patch 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch 540f2624-x86-idle-add-barriers-to-CLFLUSH-workaround.patch 541825dc-VMX-don-t-leave-x2APIC-MSR-intercepts-disabled.patch 541ad385-x86-suppress-event-check-IPI-to-MWAITing-CPUs.patch 541ad3ca-x86-HVM-batch-vCPU-wakeups.patch 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch CVE-2013-4540-qemu.patch qemu-support-xen-hvm-direct-kernel-boot.patch qemu-xen-upstream-blkif-discard.patch change-vnc-passwd.patch libxc-pass-errno-to-callers-of-xc_domain_save.patch libxl.honor-more-top-level-vfb-options.patch libxl.add-option-for-discard-support-to-xl-disk-conf.patch libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch x86-dom-print.patch x86-extra-trap-info.patch tmp_build.patch xl-check-for-libvirt-managed-domain.patch disable-wget-check.patch - Xend/xm is no longer supported and is not part of the upstream code. Remove all xend/xm specific patches, configs, and scripts xen-xmexample.patch bridge-opensuse.patch xmexample.disks xmclone.sh init.xend xend-relocation.sh xend.service xend-relocation-server.fw domUloader.py xmexample.domUloader xmexample.disks bridge-vlan.patch bridge-bonding.patch bridge-record-creation.patch network-nat-open-SuSEfirewall2-FORWARD.patch xend-set-migration-constraints-from-cmdline.patch xen.migrate.tools-xend_move_assert_to_exception_block.patch xend-pvscsi-recognize-also-SCSI-CDROM-devices.patch xend-config.patch xend-max-free-mem.patch xend-hvm-default-pae.patch xend-vif-route-ifup.patch xend-xenapi-console-protocol.patch xend-core-dump-loc.patch xend-xen-api-auth.patch xend-checkpoint-rename.patch xend-xm-save-check-file.patch xend-xm-create-xflag.patch xend-domu-usb-controller.patch xend-devid-or-name.patch xend-migration-domname-fix.patch xend-del_usb_xend_entry.patch xend-xen-domUloader.patch xend-multi-xvdp.patch xend-check_device_status.patch xend-change_home_server.patch xend-minimum-restart-time.patch xend-disable-internal-logrotate.patch xend-config-enable-dump-comment.patch xend-tools-watchdog-support.patch xend-console-port-restore.patch xend-vcpu-affinity-fix.patch xend-migration-bridge-check.patch xend-managed-pci-device.patch xend-hvm-firmware-passthrough.patch xend-cpuinfo-model-name.patch xend-xm-reboot-fix.patch xend-domain-lock.patch xend-domain-lock-sfex.patch xend-32on64-extra-mem.patch xend-hv_extid_compatibility.patch xend-xenpaging.autostart.patch xend-remove-xm-deprecation-warning.patch libxen_permissive.patch tmp-initscript-modprobe.patch init.xendomains xendomains.service xen-watchdog.service xen-updown.sh- bnc#901317 - L3: increase limit domUloader to 32MB domUloader.py- bnc#898772 - SLES 12 RC3 - XEN Host crashes when assigning non-VF device (SR-IOV) to guest 54325cc0-x86-MSI-fix-MSI-X-case-of-freeing-IRQ.patch - bnc#882089 - Windows 2012 R2 fails to boot up with greater than 60 vcpus 54325ecc-AMD-guest_iommu-properly-disable-guest-iommu-support.patch - bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts 541ad81a-VT-d-suppress-UR-signaling-for-further-desktop-chipsets.patch - Upstream patches from Jan 540effe6-evtchn-check-control-block-exists-when-using-FIFO-based-events.patch (Replaces xsa107.patch) 54216833-x86-shadow-fix-race-when-sampling-dirty-vram-state.patch (Replaces xsa104.patch) 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch (Replaces xsa105.patch) 542168ae-x86emul-only-emulate-swint-injection-for-real-mode.patch (Replaces xsa106.patch) 54228a37-x86-EFI-fix-freeing-of-uninitialized-pointer.patch 5423e61c-x86emul-fix-SYSCALL-SYSENTER-SYSEXIT-emulation.patch 5424057f-x86-HVM-fix-miscellaneous-aspects-of-x2APIC-emulation.patch 542405b4-x86-HVM-fix-ID-handling-of-x2APIC-emulation.patch 542bf997-x86-HVM-properly-bound-x2APIC-MSR-range.patch (Replaces xsa108.patch) 54325d2f-x86-restore-reserving-of-IO-APIC-pages-in-XENMEM_machine_memory_map-output.patch 54325d95-don-t-allow-Dom0-access-to-IOMMUs-MMIO-pages.patch 54325f3c-x86-paging-make-log-dirty-operations-preemptible.patch (Replaces xsa97.patch) 54379e6d-x86-vlapic-don-t-silently-accept-bad-vectors.patch/bin/sh  !"#$%&'()*+,-4.10.4_06-lp150.2.25.14.10.4_06-lp150.2.25.1fsext2fsfsimage.sofatfsimage.soiso9660fsimage.soreiserfsfsimage.soufsfsimage.soxfsfsimage.sozfsfsimage.solibfsimage.so.1.0libfsimage.so.1.0.0libxencall.so.1libxencall.so.1.0libxenctrl.so.4.10libxenctrl.so.4.10.0libxendevicemodel.so.1libxendevicemodel.so.1.1libxenevtchn.so.1libxenevtchn.so.1.1libxenforeignmemory.so.1libxenforeignmemory.so.1.2libxengnttab.so.1libxengnttab.so.1.1libxenguest.so.4.10libxenguest.so.4.10.0libxenlight.so.4.10libxenlight.so.4.10.0libxenstat.so.0libxenstat.so.0.0libxenstore.so.3.0libxenstore.so.3.0.3libxentoolcore.so.1libxentoolcore.so.1.0libxentoollog.so.1libxentoollog.so.1.0libxenvchan.so.4.10libxenvchan.so.4.10.0libxlutil.so.4.10libxlutil.so.4.10.0/usr/lib//usr/lib/fs//usr/lib/fs/ext2fs//usr/lib/fs/fat//usr/lib/fs/iso9660//usr/lib/fs/reiserfs//usr/lib/fs/ufs//usr/lib/fs/xfs//usr/lib/fs/zfs/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:11478/openSUSE_Leap_15.0_Update/2ff7bbfe6252b11e375926823eedd926-xen.openSUSE_Leap_15.0_Updatedrpmxz5x86_64-suse-linux     directoryELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=66b5cf6f7261b3bf71b45c2dd3f35baeb9a0c4fa, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=a775ffa30e087592a3faf362ee98c944e7ba909b, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=0a1b0fb3ac7b95e44460b2061430a67b8ce49fdb, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=3e18512b11edeb72744197979add66363917f5c2, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=520583f94c6d5db786d9796e6764b20f783f7ed9, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=2d565cb9b40ec11329c488f6793dc5aaee5f132f, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=84830344435775aa284cdf5994198727f6410c81, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=d56946881e59f21a9eb6ed2b5f2743ed41f13542, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=73d8b336967fc09f9dcc64a855f14309724f5842, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=befae64a745dadb00cb35a0598373796fe67e6f9, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=d4c874ca1f09cad5db41a2487831b6bb538c3de6, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=38c97fac35f0aadb1855e6ff9b5be8315cc9d192, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=86892681857193733fbab08be2fe1245933875a4, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=d9c3288981848acfd5774f59f67130b25f0fecae, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=2f44a639aaf1ded149bb2c42b3662fc478614d70, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ffe5d7b8417ab21f9d980627547150daa5e55c04, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=0b8ee649dda7f84bfb5400b43e2b052230184b45, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=76b8225114b47e1efbfe38b1353c18634454c6c6, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=e0f52fc53fa532427c09f81443b37eac6c03c204, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=388f837f0e00b0e0b5115f72aabe2858f49e4c95, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=b1901aef63211b33fea73ec1d8526ac70b5c3199, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=3a7758d675f618a3a0bf7c072d02395185994b45, stripped '0;I`q~   #  R R RRRRRRR RRRRRR RRRRRRR RRRRRR RRRRRR RRRRRRR R RRRRRRPPR RRRR RRRRPPR2R4RRRRRRR3R1RRPR4R-R$R R RRRR R)R+R'RRR3R(R,R#R*R&RRPPPPRRR2R4R$RRRR3R#R1RRP P P PR2R4RRRRR3R1RP P P PPP RRR2R4RRRRR3R1RRPPPPR2R4RRRRR3R1RPR)RRR RRRRR RRR6R(R%RPR4R)R RRR"RRRRRRRR RRR R RR RRR3R(R%R.R0RR!RRR5RRPR RRRRRR R0R%R5RPR2R RRRRR RRRRRR1RRPPRRRRPPRRRR RPR-RRRR R)R0R,R(RPRRR R RRRRRR R/RRutf-856480c3344a1feb471f66df3a08590c45be1d2c94e9e04d99bb06420427b4d6d? 7zXZ !t/g]"k% r]HN1 K0BJ>2eI8[*cːkcה`4'm?l{};KpZ]4՟ѦکK N$ .ӸRjY\wXLfoooS.Pr 8W/~=&%nFݡ_;oF@4:r;V 50|(:l.;r 'y\Ҏ,>2eB"Jv&!!B<*ق_b%cq:wƯm*mtZX]KлO˝>T;Nl+l6BgdB *ץ鵇-I?`g.dk{z (&( xL!!K%&%l5dCsb uqg­%8Fq@l$9ׂXBTnm]wIE' ՉAD:e($GǗJR $NxokwtdvsV;ʲCݾI8!F!n#3]j.nG͔Usq8}iVx8:[!g?yh7,JҘ\n/ܙ8^baC!v1p%[buɆ(-.mbk)H(*O1Q'ٝOٰr]f\cd~ Qoh ϸ|,@_Qx<ǀR3$yTB;C[6,gjC[G?,~%A+G!hh$2 ̚f~'"ȷO XS;hBޕ td$ca,/W&ϝ,ڕi;YzXkCa툹yomfڞvqw: D~B{Ne(Zs ~8spvG{ֺ9 ΁@xJiUj.W5M..QSD&dћvSKv"Y=t*7bŹ̻')r(tV͔R*FXbiJb+9tW r2dcFaFzfIzuqoϝ3Kr:┞ f?f/:kunf]Tn%JAprFQ)E_rU͸ei1*ʌFށN} $<*W ڄggDl)>$&DRG">wv<}OkNŒ<;Y!w5nlO"j/PhhaSade'+:V.ӑ[6bj_Liܞ_Fh83E\kX8ey,NrXPB/8LEGKra7:vN7^Jgyo+<~+L/sk0Tfyec.GxVQݴljd;ŧ|VœiWq'q_ÃR( 9Zax?'b5*qIF&ɍ=+WRIKK{QM4g `Ɂ czq#Ix>CЇLU}KNT_.ڻ]I[׺0HZbd9R1sX`Cj-RN6 +~n)昦Z5ʄ Uyh8qFz#|17'Oo 8洋o!ͺi4-_ 8/P.=@c_ڧp[+xNt*2p{'1V榒Y}xz:aQHlwe@Gҕՙ S* H ?4G̰▲'"?|Ww}SM6xSr?PWkC(hbzVtXܸ[2dtl6vAٖ_nguCxq|*i}~l}0 _Ͽ ℆ˎ~ ?/55x!-9bysȗ e,O(H<9:~#>v^2PH BX)3Pc*#"Ɔ%M4Z'K 胰MnʷP-isrP w$> (d5=Z$ΒBsZEȘyQubHRc5FN~a#>7_X{ҝ3pq$4ɉKY@b췵ZEo)yudΝqele/זtҧi.Tqhܭg26criŜ.CHqZ|!(Oo^GRXmlG a֮@3dw]?[)r HU9j>Z`c}g`ox5ߧֲo?ܺ疧|V C@:w:2 4e0ۻeyoe6}+ Tr2'crgN.z+y=_ϊJVZQyod-D4^Zr4/ o)5g fDz}Vbdf"[K2:r(n+Hln/mT#&i~Gg-+9UWv06!$GVΖeA sU%L$_#`g:V^.) 8c/,{;PɷpZT'yH28$ė;zmSjU8B33P`JdeRa=̘*  jr(70#9-N^(3+2 _^/ -4o00QJ|ϦRѿ^j㴴>q *:> SSc/@t1Ŏ}(` pɧ Y°z${H\SZPol!vc*=;lٯU' xY0pSz@?"6@j1sW'xCyLqE@}{(ɪF '3Yٲ F,>{Oqle hiE49fq~9/};gtK[2)ϘtNp}QzUrΌBJD\%T{u;R~I[h2^GKϒ8Ѳښ@;25RZ0.%ȵ巌@Auv@:mӾlN,i92SDDuPG"K6Ҙnć}AymrP ٲ%y>y#,Rlq(lKX(v>Q;a "l&NWX!n#E2> 3)3u1̀^ Dܼ扆|,1fµ 8r0Saw t" 4bUIצ4P;z A_Khw(\v̌F@?Y8JHՉweNpw'Hܫ.E~&7lmOΡI@bIAE Pn&7Wc>J^_;(/ZRzc;@xFʦ 8: ^ C? 韁9[GQڐ%kEwuf[zґ,&޷ HJڢ{A̓{Qw2 R-DumIM R,Y}22Hk]\4cy-h}0fi: E+*)ۂe6dkpBeJɋRe5%18Y= #JukrF 0-R9-[t)E`AA.yg~8L =})h3iGBA(9* r@HPy-efJFir6uumET7H1zOa(0RA6 $!Lj(} xfU!)p}$*Ȗ(ɺ-} ݵ^"9>Xġ.舵yr=iĻuOF5Zݿ sp}EnxHԼ:ǨҨş"d0PVV)_&t5v$<ŻF["ٱzYGS:>?ŸK!8{zlhDٛO68!Vݡ4d:EQX%aG)R;O;~Fkf0 ]Z B7ۖæb/幊۫A y?~1P,tqBPdeKYSk wl,+yeXU zK٩`1Z7hkGZ#%nRG {y+- ^}#u<J鳵Kn/vrnnxϭuj`|F hD?O V@UPMy6dsz48#ďmbađ\M(B/n5ͤ0Bxjpf3dp~u9:aS_(_c-S s hPC!.ҧ>H~N׹RXO˅Jvn^IFOlkD5ΕXJji,s$fқ?OT 51ӽ 09QX5 +va5$&p$bŽw/N+뼪#A<\ }f ៚u/l*̈%凵[{pkYȾh 'dL'R(TJ'Cu~:BVYNHW3jan͏qZI},da -9O ,ʪ_2R88<ժFm$ͷYTcSĔ̒so|T)]0<߈x{(1Jh`'bθ_u %˥S g;^t?ȵ3v.n$i1lUoq-Íf sԣ ?hJ6޷+f\=%T;o#o %cLDqpJyZ(+#Q aۧDwz9D-#0"?^<4u6Kzy?9Wdw ?9MJ2I`hm.UvNnBr1?5ⰅM"b0l̮!>zZ;JEn(fKb#'jI!cq79 gÝJ,J?J0W`/9Aē5}WvB &'ܮt+xԖ_ŞYF9֨>(V%lm:biriVHa kף ,]ׅkfqj5'H7/ , @%Z6(bpʙ=mZtl1 7s9RM"zVpop)Ǧ.h's; 8TFՈYF;(Qiwse}bʴivc8ylo".9Vn럈@e5ѥTD> 8<2'.`۲bp AW$ڣ;yW|XpC\S:ĵݰi=Svvb|/ˑ) Uc93tTCoe0L*]w:9ﻹ > Eng2( j׶~oX6DwpFiC"ZCZyB'1Z<.Ȑ߇N}>`3CL$;ھzEU V G#ER Ƽ־m%bP|w~^al ƵR\KTZ{ i^gt1OHT3s۶^?aCW3D p)k:L_kÆ,O^ԕbbŽd0 q5qSXi/ +Nƕn_s(ѬE,&5+]5`153]-D]t@;h5NjyWt! tDXBUjxOe{obd0:N*:NH;:qQkU`/zw[TI@: <\k.@<}c}rv횯nEm]"fYg^y'ަ6O6q\"Ub93 cPy4EiEK5@'%@ e8+n1TnRG(0*j^b"tx_=)nFGV& cMW}iiЍI2X|Ųba.sCnٺ\ߙ8:W<)HԲv$AnͺaU"6|O<7 ~m,9):@C:0oڵ Ɇz0lżOBmuUjq"2ՖRE z8}h9!bF|SeјJIG~]Q tN'UQȔ3x0LNEW~A7H.ީFҧk_ъ',xmxH5Ia1')as-b J)^G |ÚP̻#o>kR?Йi=Q7hLAڪ:hrXw.^ēguO<]c6o\_ fE LBq6NM%R_ɭrG˲2Ufϙ4ܔC|mtr3R(mD 4 in^lC<3,/KM,:1ΜM/H& HG@O'mbCmirX}%Ϸ}&G۩> je:R@LlldeojS2s ov G(J,R St| `wpWݜdyEK4w:>F ij@5L Cv-fw667!w V_c9#Q xzoNA#?}25[H]vQp#YD"B4SLŽ*>rt0F5/:Y%xGQ(5Ю,^ڢoA4=# 6=a'[17Ppwb`3_c)R{$~A-?#J&[TPy͆/RJs2jp CBZ)~i(N]<ߦ*b;D[3s[ݞ٪ENDVT g -]YZ0šނY4q g5(7A~seH0/&< ?ѻVl뒨i$3Վ̜AٟG߬l.Z i0.Ծ{ c(eRWwX6yYD$x3TҢ׾I&ez/_z4A=wo;m& @Mʡ)=Fqfy'Q? g.TWGC;B2vtbQ5Ɏ@a>#-^u(" 6o@\*F}#,dvns5)PKk8#'8hB -׎4%Ajpߌ _F9NQMOYlqU[ߣN䇹\o:҆V5~@(5ܬ*P?k namvUf[ô5w"3{CU>ѹsoBVڭM-l=A 90N,Wkc?c<%,k<8CJ87vU Gz?v9;eCY{|ωo}l!_ꛬ.Y S*QLi.Ta0 ?^8uը hoՔh-.Qc=z qoT}U`*q T]ՂE[jx_mcvq5][^ӷm]20/MlZ2 ;1@od)oLx2Z +IM=/GhzsTdtkiJe߉Ayc΃%Ö$\jel%5"=%GwƴHb>.G4%#C].sG6;uv15KR$f_w4|BU^1'l21kS*7mZH;kxԣa0Id $ GU"S"|Ij$דI$Mr;vjkiAg?=QJj05H}LX0y] M6 f䷞+xx8U0 f&GEY#EX ʹmԯ1TgJ+L!MR8H|A=lP597sdUODU4$Dy,[,uC =q~s,huVcZn <͘C uMoo1& ;.q$A׉ߵuБA1 ȱh1Y2Db+m8vz%}yL\`:k&.rw%*U\%ԜSt4*I53L@1~ӎ/nfYr#'+c4cs0ZyU&曐_w:C,XUAcF|Ǿ\6_a _&KJ,=S{SOEp Z|_>GM@~jӛTr@\7a S*]L>F~sxȺR2iҖ*Ꮅ= m4>hMlۇ8Ohy҇5YZrvqzfrWBmGئ͵@s$]\Ԃϳ_犾D'~:?_<4)vy;GSEӼpڛy\-`|շˌɗ0 0/4nS"Y$y| $c]@gh~pZ/s=ykKu~O祸/Tz?h)v덕esYi˫K`(xvJ3p~q wmXbk=OFh]BPݒy+;gbAs0Ոs\ PEwә>a~l,$]314d:OLz쇣 e+O׹jby{5dXUIjB[ x}[:7L_(3d5T^d oG]:4-e Lb(ۙZpcdmAE1f-''|\Q啐U:s\.TDub}yNoF:ŲrxQ˩ڙrd>=#0Rҷmi4}bڔ:w=Lu!л7L55@>7,JJ_fI>Kvkgw"F 7Fk,)4SjbږxH\+:K mZeNy$ ~%45n¢t?0}2hOGzs"jKj,| 8 zxb&2Sc ]xn 5 ;pchm8[<_RN` }C3S'_/E8 h9mE!y>k@J 8`v(RזQĥ *-7B7r,,eW~J߯:ޱ2NaAI=u?\yY*@K5Y/d#OxVBqh WܷL \V'-{\+)@Mv%]:RH){Ճ21*N<~ZSCR Caw_Nz)aެ/H~of5*۰ Ju(L7fFZH%ҷȤb=aȰ8da^9sp/䙌Dt [mEq$}]h=Q\NjӶ"+ U:$4Xr:83qjQ ab>uK (>"ݕlPm5WVEB2{n&,+`j1*Q m5dc1@Cx&k eS/JvܫqF~xhg=C"I[aS"Kf Z|JxR۴hC wH!`%Hjio_^ΌZbd+2,rA+ .X7D 9~{V')"ddeS1q9桯}rIbP'N{╠m0B\StlQ|E[5 -h tҙH+G_{ؖ8SH),Q^>>~wR$ -+mn[4Cmc nA`hRҥfݤX m\!uWrx%?u2\GĥsY缝Ȯ] Q=ŋGJ>ïf(He4UDr -eeFh_3Hc#cmUvɤI&X.#C2 ç|$EE:V5#?*U_w_;H*E5m%һLmEP [4dUUCs`j>- wϣ*`L~&8P+:h^G4Q"ZC~b@hh=]o8ܵ S~ܲ0v a7BhM':z7$ϼo“ ir+NA4쫬6^vV`@v-k!­ "Rwʴķά҉0"Jy$ֺ1sE50vMp]K^=WXTcnakW(qe_N>Xnvk\sc%"Q='ZH' " fEFx@ϖm^'&t &A6Ct˽aˑs7Ges\~mRj4ۖ}2͗@ m;urU;$ bڑkzHnC(Sz.O?YͶWoܖ]o-1Z8Sm#0󇵜 +t?%6U'+P #A }`ؿN֞i?JO]{WJBQSuV ˉ/ʱI%5WzFB>UuıCby1W ]QMB8ew2E!x+ JQTns3od\ܛ׺RicZkr,ԑ@4DEw~742`3gIb}$tJf`ƲtTu;Üd5jO do}bh}xuf0b(Zn$A\wo^̽U F37:j`fR`V0Ip&c&a﵄YRRB%zѪ ɏnu{zsL߽#юiED pV;k\(GuIfa즕crj S!'?lPSDʕY&bYWpe]Icèt؆6EɑAUnᑊ"qP*f(V0SǫºG;R$ azKTKoCc& 8"y ˬQfXsi(ʠ$(J-/y\0ޤOLV^N_,3Prwrf,T}LD]#ϔad0VTK/&^Вe%E Dl1m?VzV t=-և=WY_h%׼*Ju(kq@ pNpW47kFxdm@5| x.xs|6'Y˝@ vbb埤Mdžj 0$"Q٘vXk7S"%[] 'DN(za&, \tH$e ^0ł=}hYUXG:G 4P#,yq䬐XI؀,qZEVh.e)|xE!W 9A?lz;y |~ۦp9Vdv`;ߎ9y{jl2 'UiVÄydGd (68IQ)򳎅1tiH5z'$ݱQz؋UGҢRv`,l&/6+9sq`pfNVLd:ꁃAbh\ۦ{̸M̆ UqȄJ6GԚUJ`{>l)!]hT8"8{dkdJL!ApcI0fv tי^>ޜ~eɉAYG@D\ۍ#8Q|<s\Y^=7ːv2ռr2MNX,~)a3δeJiu 2csЛ4xlJ>Qiz=6^`F8N򪱮ң'@F/Q汝 oTaXB-9e,dxHUU*2m2},jT2S~wuBr4L{H)#+n鉗%] ZtF9H-;)W6'̈́c{JÐt)Z=yNdŢH!O뎪YE/yƷ:i٪^УvF [+Ƌ,qN`P5c̲OZ XcHr*-d1%JbN_,ZG+5mQf& ݰ!yoAk+Q75ʲ1c-7b8 ] cL6 >Yb?% 7 OF1tMvԊN-)>ÀqxL%$`AQWW!u+ƫJ/Mqe/\CU scb;2$!ٹn!G}ݝ:h4"{ڼRlߧ) dz{y0"5xL{"xm%؀!ִHUCr:GS?y xsie\rw8 MQ*yx:^@W51֬FL#%@.@OL|AxDof(XS^^ N{^$QEES$ꛛ']nr <#kG|k#sg{Nl@0Ih$/a ԶpkH(P57eQXVpD74Z;:g= C ? %82u'}riyJF3:>B ZG7:M5Ae$>,X?ZnC-ip]%Q LJAc#3&-8eT~΢ %PU36~ldD3MR]<C;z騹i$>.$6e&q巑#&Z?=XD}Hf{wjFn9N \٣$mRŲ^Ρ,QT.5Lp1; qbi}j4 8ӂޭkҎH0J#An{$BjCT,Wy/B7ۍg0ڶ]+B |.)Ýƌ ŀsTHhcl5[@ūa1|ħ7C=CPϜɊݳ65%QIdl #-L", <ɜ1/߾w9L_9ֵK ќ}XD~0oI:zȕ.UIwx|8byNs:͋8m)3Vb){.F0Ҋ92,*"arrCkbF=]rirz%GRaOUWC"fwV ?x7].wVEHIcGν2QKGiB\ >7? ~<(@Nfo=QOq3׋,^ %cQctyH äʮk @NǢhJ طVa6TN K8$w*smAe?Yd\|/eEu?bx ,MpcvAW9k]9S'R ͠id,pDCݣvu@ x eQ/͙3/ b ~wfslw +-ndrc5} $;gO-Xg_Jz1 ωyR81iNƶա DMMZBZ9'WL4yc >*3,I<􂟾!U`]x[dUC>*ɟp $My=LX=.m }5)`14և@Cm-X!NkL.dž>A.64<=bmbˍ"l@XK!<8?Q [*2$O9g]{~L"CF4gTc/5+w} 53сo:OcɺCO0vR0 r.C|1_lADUT#Å׽8V,y?RdQ ZWgi?y Lā`‹㓔 |?+ T}$W9-9 (1]ԑTȂSj d"*٩;k;=g{ΓME͢Oːڃ׿e0AgY!fG+C0i0MK9$K$5)qP+'CbD?W3}{rD_X{ParS_T񓬚zIXDBEvAK_KL=]LwqOQB 3#<֞vF ׵\k)q|04) unn;MV\= jq~s-ᾈ WmdžD5:C bpgʷjN+Mbzhx2o0H9}P;_C)NęxD[L.#@뗤=+n⋪KbCzT_~ۊ??ZkHf"s<A@J uWg9cwbd,5_DTamMjFh]6pzH"QrFLS<%Y,{<5t:8T`@&ΰ_d;\SSӨm'fu`%_Î cNc}j&|Lۅ^/wDrEZ e9~&^x'O܉Jڎ$/tToG=5Y)DNΖTYa%Xu6"92Qha K[3>twSOnmR"Vc5=s.ꘆ@*|%ePg;!XtT˵*&lh| [K8=(eUPpb'NY]"x({(]14>׻Tgk;bWDv"ѿa$+.{YEMtdGvڶh0;D!3zn"˴g4j7Ե;GͷR( {,sbsiр@O m&L()oYUyBE-J%!ߋP< 1˕xu4@{ > ǧbzEwT>5gjQ2x4:D0>寋wZ|id)xȜnoSjv3tLF${.6 V@-.\c(DH'0o˄]NRwFq&f$+u'&N#0zo%ܩSo%@ԧlj5"SHN+d3S "M8}KYvٜovAB{Ǖxbke[넎%I/@95?G\ .^-vڟ)^PP5{{< AY*PC!$QF:G'lgVDm#&c6V`0*]Zsa >V pjGS0= &ZPH?apTr@!U3KVE-<+3ǢM)F۫C^ugۻ8+'8/f੢*X,Iap3[ Mta5wߒS½"dQEɈ<5Vϡ^ d4VMg QDRo_𰏦DH61Prit_B\Kb9%2Ö% 1%U;X6A|!h㦋d\$=C@RR1m}6T.FS7sdA^ӀD; "2UBm`Ђ_{:H=Zi @ 2kR5" c+ΘP"$n:WfӒ'

`ph*Nksqd_9|7qhE,κL>wb9z{ޖݭn'ct}C$Jnrn0+B-ޔ8oHqÚ 찎[Y԰4Vm?*`mA.>̙b*V=ۣZʈW,=W` @wh(z{rgB>f;{(SC 0P]xKꑷi;@ls]8<xk8Z8эC@E tA \oA?UT h:}tzU 94oSS!Jpt&|Hp&s1eJ[~IQܰ=2`Rkd@aGCy ~@?QeF_ %W;1eP:V/x#y`zݚD=g+ޑ\@AM όz ̻BY<Ͽjy|Fm^j;ys"*₀_0.j!xXIMAlh&O63 [(pWiLT6:&^KT9ЉLqN*HtUK0=Xqoș@055V%3C_ ǢƩ~ 윊) =mJ[$]=H##b[߫뭿vq'gl4V!t\Vl1Bo1#,_F Q9.lЕ^uAa9MSRn7`؊|'''Ty{staPqWr2bgG<6hlbgԺ++;ȯr!AJ TQ G ,FuE:/V IDkkf|(,.pz7*+3augKO7,%S%Em;{d1 gl=ZBh44".ƨsE&-B$4ʵJĩP3Yd/d@TRg)] x̓Ԍ p]oBMw5 l>0\&äU谚U=)WBn0CRؗ w#[Y)$QHtBN15e<rc2/ĠѼWM89)Oʈvuɱ9!R:#O#As>wDoy+QK}0?sFfeD*ewڑ=܂D8+lVo *uͧK|Ϡ9hQٙ9Nxjm>+GE%D%<IC$H4Me@~ P! !CMbd-eom~q玿yzLdQe7FgQ2 8 ϫ]݂ıw2o%YiU۵e:5>8Zj$kiZ[˺'ʊh$ 2&JzaunE 9Dޓ!{vN oRS2,zH7SW dY.pɰD KA\[BXN#jɛct:^eRg`e])T;9kZa ;`N*1K{gh8N~E iKNSSU]k1PS)>;!3>yr<]6k !kL3>b˳#> ϔΙqpẂqcg롳mg4[ YmvbnpɲS^jŅ>}b9hr7^":LN)o?OxUAyB&t?NY! pw 6ؠtx(Nc?/ܩ+ULkOywe֗܀^hnӱn>8ѷUs%y>=Y/܆-YBv6O\ q\f[%rzD5OEQNK~@?7iFE5pu;/1ɞ5,cmSc.xplD$ٰ`d8Y0ZAwHE_׳ѮgF3` 3*heOE.#ZCS /ܛ!q~8Y|xB9;,,c*#l- C;x:F&4o OQWuaRմ|J'oUnQ%?!]:q fف!T ^X_"ayI5KKfk%66$~N M]jL/JCaAݱIFecu䗳]8SR -5[f"(I_,|#.;G'd5 K@^A߫2z]E0@"5.^a;/|w;Wƒηuf*:3RE/ $,#'e)aBxh1R'M5Wߖz=_fZ~fMDß4 "E38n9U:a4/rr 9)mST9GCEAe(:֢nBKHKPEu;wcyt~{jP#E_e]AwhVt]Aylo}TF3'|8*7`XX+/d|,@T#yEWJ RF|(u>-De%Z.\*Ex%#ƫ :|#5ɼytTٴs|3joV= )EOOp%Ya;#\(I?َn9RMbpˆ)7(lBY .Q w [ozՌ"y5I״ipZO' cJF쾸{og*IZ<89䉹UdUL ПKzHIE9)qY4+Ң :qS$2;\Vj]U"fpЃDW49CEaJ.# 3W(zYVmp@\F1wR.20L>o e>m\p;p_bE?(| _7XP(R~1)ZϤIVIq5F*#^W\0!e'pǷYY;cչ^Z~Cxg- ) 3p~,:R7 TO 7Zr4eD[+ \ /sJNd#0 ) /6q dH4,bQ"bSRstR}{e! s\Y~iN ]`:Amj{kݜ3:J9D/2tÕr%D5s4+l^i*v"nPS\ uFB06v9h?~."!⺏ |Uy=iTG^A~Ʀ-ioYzz"j[xnឋ`admȷx5VtYh_l{lHK?-aR\#wDm]~mQ+@bs<EM]'๬Ŧi{E@8" -3Kl~HUeMؑeWk 3,! a\;`-7PA0UaGjݪ8hA:u2\ 1^xp=ɲ",Y Kɣhi{ˎ21_DaRKkyڤCe2OdǼ"FէjlOH,bBlCfi#e󋐝擝[hA$ ts֯ ;Z!dPdsӠt j"@C$0v_b@Ҳ`?0y:>00)l) b@[E' s\v=#$h/JJ@߶iy↻4:IZKLiimV#-_vc]cC3:7ADO+JB E$!şT\s4.K2u@NP}u{5T'0K :PRkA1jDضc!1UT7봋7RtwTٮ+۔zȅ| Z1+k/+<'.N Mn(27Hö5ЯQffQ]˄$xD743bQaU˵gG&>@/=7#]2j`X{]֍KmK2ܲ@CH~Qf@pkԫf>F58tĎ.鶾DgphށQD v90:Ӓ%[_Lɟ>gaqqi Mu32)sve` dқd׮ލ]yJ@1׆ic+خᵞ7M:|-B_eMP(.On4,f=GGTL&UrZFl0B^A pL4ԜƊsI dT{ %V "Ѕ9{EbE*fIo|5CTOD 4~~JuIa&+Qk*}_Z0,|#aмV t撄0&sCƶc3  >s\i@DwG8 liO`ǂWDdNO,i~Vκn )M jWKҦ`R3F]lVlT w!tX)/T{dN!q+W||MHS +WFZBdH'6#I#wTbF~E k3T*2>sjR\꾧7W>o}n`Fncj*wh^GI \?* :&<;ҁkz]hiyӋ"TIˇiNQmiyQm+^Z!;0 p,c*N[pm S)/hsF@"& 1cAx @JKe94=߿ݐ/[$nqAvQh%b+j |_|rt laN{w^%kf14~x3L9@q~f^ @ )3Lf.rO𴺾+qp!劫\ >jrӓ[jܮ 8whyEl!ɘPr7FY LJ?t$2ވW TvaAD0qi9kjhp|Vod^!Jݨ]C- ~ʄX睊$17l5p@╺:3csЛk#,fΚIH.U5Dm4Js,L-UZ[e@7xmKO~ȦQ16 d: 󅽒(~K׮USð^-38:AikB"͂^>/6ѮxW΃ H[i5<@vB.pd؇A-(1ۥ\ɹu}7R8-(PިO߰%G?D2r$VorH8}c퇓\iD9j^A<{@i&~3B*y qmO1/=>"X[Z姲rMi$5W 4y=nD})֡QWKh; n#x]{R+^]?\"a^Xͯ+(bILOU8Yē]ZJ O%9?`5KC%Ft? t|>wj_R2\fdRS|$r؛T ?w,vlE'1 w#ht e@yEpCɵ9t2Ċ7< `u&%]R`xzҵ1l(PAC2,O> "zq?iuRԜ`Q&5(3~;,t(?:1-Jң&PP#0i#WGB%yf~?:;jtyyPY,,zw=-w]$x`/oxզM;c.saհ?Wjzr̥I0fYM$ [f**<%-sd #7V tR~?vS+u>S+vkM![f,kd!p  -X| |1w暬Vwgr{2.en vU( $ƄGEo@OfRP/#ߦ;y1fp}WSlWwX7QԦP'ggZ )dtXz YPĄfǔN>}>ps| {2f ?Y$3q PSNVɹH9k|&¼ڀ=0>X|@Q]:ޥ'Ik'E*ӎcI1M\hF+l7,9i[ZM#̭̉{d>yP4-;>| dCaϹ=/U"焓fBbgHlm%ѴnXyk@=~gp Agr?_ թ3 p a_dd+lx1 /'~Y9R w[;K ;1QE*3wxL5ɨ(\m;ucŒ%p_5RB9 %MdFh'ww XM׶^i/Np#ѳ]tO 5!$EXٍXkcL . _ uXa4k̢!LdF]]vbHh>4}^>``>Xm d E~f=] RHo/*L\pNҙPFMѲ yVZژ܃z&B<@„'G9*K MGݕs͕NWv}2 9}NϽuo`$aӱTϹk/Zbg}d#hIQ5p|#-Y 25I~{Y7 IKw ᓙCo5OAXXS3v 䮘Kyy;W[E>bcMfW`"&|fOgBofݪquۅe֪V2aJ@nQ X`tdr) [i6/$yh!ۢ.a$)hOgRؓ@z7d[MZMEwx)yրJM.:R~ p yHTLkKq(O[+G^{F {lyfICf$7o) %./k} ?l"|"{Q}! BCg0RJ\6Dӏjp]$C6XЮ]?#g֒U0 m6;߳5YlЂV )n.G  zqV~ŐQzE۬sٜHq?qڷ=d$54lM&]GFkr31w_ccl-hՄ^9RJ-!Qʫj2F@S*J;M! %c xEUJ&aM;:3+ˤďH?o)z@86H^Ww pؑHPU43,D@|7o_\G2 n̺RYֽ/NBdTI)RF"F^7:rKӱ1d8zcwweI\))vz#)ZHg;zfL)5W~=;>~<+DRN1teC'HѾ1OЛNM鎸\" @:<oۺdi\ S;>+B&-ZEa4cH`;¯DU"HZCh+[ɞEj{ a^ +:ȯ::j)k[ѶoSo m,]g)/6QSy+-f:| LY($QSfqX˟3ghN6x>Ҷ0DN!QKpkPk_dddۓ igˌx%' qugeN,Q[ۂX1bpzTDP=t8'**NI23{Bp6 24HcXgMfA!x's!72|BQA H4[RUSP"d0اIPAʕ b7__vdjr| ꛉNk:j:EFhepp1*λ/^ezxoEy.Ct'xFU* C{tVϽ0ۮr Fs"7ͥ J5ښ@>d.#u H1 U3Iڳqk Z Fx1_ytaZ1:g\/@y8,4'!uwun> 5j㜷c- FhUy^{nDy+#qSY N3C=,0-j $NzĆH"Qx<9K S=[$T؍ճ3;mBCBO@Sxh7%KȽ!Oe4K<|nBO*a&`5SYLC9u[%GZ[O]!?<-0!b#~b!.&y\*R֤%0VhA| փs8͍KMo[Jah$!ixצduS&l;(TCǴ1~vv£*2&**BZ6mQInDp@RhW#!q-{#}2g&@<f5 uwwv0_M r GK?kp[IF?&ϛw,4~ҘV#ՖB+Jl3vkϗiU,eU;(ӥ6F7Z<>ܬKvg&MMX,*I9U tCH~RkA2!սw؋G` =_PXɘ EbQ8M1Cw␨0.(cc7i/H1~wP'< & #/BhТ0+|c;vPC}pMZzU"yJRn=&Ǫ6 (tPA 녃,zCOržU{>}!tH^ Wi1EP\GSAp)Eޣ*gƇa) sMƁGtsJ+XVf_3 Ӟ"-?ˊD\{AP\/{v%A|RhD*\Oy轓F5:'/;HddVx 7Z2͌SCꚙuD-iPZp,Fi}}U7/],hŦbX gt=䬸eX̍kb)$\D7Jn֦QK+f۠P;vLhnڀ u0qYih&#`ޟ&PeM*?4QN{U}`5׺YDx`؊\w"HIozE~`qz.XiKEQL9V}'_G*͵aHeΩ C)NFyI6wg7hrޝi)cc,&g6S C멿iD'($jen߿ӀS٭|o?'ESn%lRعQQDq\E3QS9u%ڪE?dd &ҲB>ȰIά@} :0VS,O5da?6Mt5mWp97Bm$7߮_0bZ2~IؿytkEa]@R4zy @bg=uVU# ^NAAkVHEGaT,]sN|6ۄ CHwkR4E |-޶nCS ]e`Wh/FOdRoMu [ Rz?Dq2~/FJ$e& QGjm~@,Uvq%~V<9Ɇ Jekh>r*^p"J6ysBts\Ze!:g<tKfܱ+4^[,+6Nj !{%b, wD\4A Ct>-/VR`8OS nL6 qQ'.] 3?UqO,4$h 5ӂo7^AoYz-GnJqAKX%ꚣOd~`UW{D PuP)kIU8ņ8ࡔޝ)6&ݽZ3D;}J&cj;󿒣%Cd`2c^7|okC{*W $ Px1nW̸ Aԧ `zS.DY@3%IfTi ) 5%>O2iZxayIE*{6p[w8=&?MY3i  խ'o|m`L6/҉ǎAY?fU?@}m15s%p!ѫµիը<4*^{8_:nuE*|!يNl|kT#~+?N8BѺ)!Dl,C7#'dc=bU; lqt&/7&9S\B<&z<ТڿH݆sIyi#!1\":OsSP)#ZkN:"\'jFjRg#^÷"ѮdB[m6 !--Q/OSpt2q< + /gkJſ aO[@UHiH}vO%32ʀ3/Y"l&Eս"pbA5Q&M38ECNv7k%} 7cCmN,28ܙ&foRa 5KE&lg4& i`6P魀KK>8&p:4{bg(VuC2_SZ*!'4]@˩וfā+D'8*XﶏVR8n 1ޓt %pL@`Qx(@׮j.&0 vTn5X1W[k8-Z=:+ $NFQ6D,G"A%EfJZ[e)Bn`Y 8wgaz* d2ƒvtq7ށeOU/:e10W;,w5 ~qK[ԆQ=Pp4tYoEr3nvK@z  |2}${e\7քՎ/s}/~>Gj t|.|1c0 ((l5yGv ΀ x4Fo.9Q1*P 5)V@i4(>96Z9 39/}+qjPb[m֕4N)_5OO0iu{GiW(5n}T "b5ʒ ̱C.ՆnjVMiC`- 䐝y]6{9m89lNn7ϪEBX.O8COH==b^W pyhe4$_}d ;Gu`{nxR< ~nFskRׂ҆m '؏5pqwi=nl(˅ sˇ#EI[*TD0X.XEyS23mN u.rFVZ ·(ɞi֛v)Vج3he gqSi6L`25!ur4U,x.2ftb2kKLμΗbIT`M/K$L{5|-b/ʅHY6>&> J AJz[?̃5w^˾ۓ03=wQx#'wJOX&d#>pag_s2 8b}g}65nugT%&$y ;P&ae9E8Q_<&g>ʣ91PDa{[Qm[ȭ:*8ʘ 'T/*E8rzؚ|r1@H S7LTp[/סIagY.-B|&/f oYyglt*dKx˅=խ6]l= N 2>ҺYM)Tm(O=%JR(j)(yuL:ۥ~CpC#fHO '1F+6!R\]ZxLi4d kqTZNxGPJ-!`޸)3=fߘ֢bB9 r|goiqUW}*ve yI)~ֳul&u/Tyj}p pYyOJξG`WyT! 1Y#v~]  _luLIv"4B;ur BӴ2vD`6V W= W6qh"E7k xwvwp`O+L)C79T\u',Ge]clr=ƹǎJ>.d.50d},%B31笀֞Òٓ"ƇW.h'Kf s!+0+wk ]v9"8tHTpc-pLdFGP 1!qKA9<;_6Lqy|]K)07u ӶYVB::"AX; <@BCojrߌsOCx*A~C|?譕(wg7ee1~]zV?c_6WFl|*$u։iM8-9υU@%Q}Kf֑P*aP_w+!r&Ls2Pni\}TjyU͒G$S) _i0鵑*蜧yuUzofotB")h"j!u~Bg>eO~c)iOr_}r .e 4 [ރ(%&YȅګN*ߧ㷌nRXAq{"X1/eP^ 48@CeC!m0nŧt\<2^YT_$0ȝ ,UG߷aStV!>ARm]_[<(-ԟ{S8wBC"x d^iAbĵш3uuss{?Nv&YgL:Y%$]=i&*?ڎɠ6f>؃j%i9T˟^Ò?CC8=}ؗ#ӌu |;t56U-]լ5 5CzӛL>&cOsO lHⅽ[6bBm#RH"WiL7ͣDv+5~i70  9o?p g(yU̸L‘=8HqmSOpM9rwg2?xSU}HwmoAȸǶ3 p mO&`k[m?"Ьw%, 1FՌ >jobEһYXۚ靴eJdaγ:psbȏA-`WzEnZ}Ҝ;W|P5`? @7M C}Ɯ+ = OՐURM(o.[˻YFbsQsd9"`bp-5VP]yo/kA/WVybc *B*U)t#vDЭ{VEA0x"ԓ-b[HU-=/ 3x$ʘ@z mi"γIMSJ78Y8^;='n32FH /. "o++l9&8ԮS$ʢ?V`(AL\? D򹡀~QKϠ%fşޛ}EFUjˈT~0{/.3nQS&iY-6e83Tר#4<.Nʭ 't=:)7,*z'l)1y)[B= a w%qH6G:RuRJiH$*!AZ˻OskcX-'sʾ9JRVb3J;v D x%|Wyk:tb~oӔ0Wז3/2.ߝ"/#}fW=l2%UgZ8f3b$!kP 9xx[OFuGi:Ԋ}џt$\rCt%{VO 2?¤upƮ UTƬ^.h\辭-j54WZT)S>>?tƇy7k~CnT$קa Q;p8RWq`yǀ<q}r,;dѣtQ'ݘlʍ`9{zޘApr(}|BȲK_(ΆAsoدn2ݜegH[rS*vԬ++΂8QωcjqudR\MzwӸk٤Bo:uq^·gT:XvtBP{4Ebg#\{2hu%e9ܬGuTx5nݜ)}T(U| 1HF ¡ʅp<ٽMzbȪϰw[SSsJe9²hg2/j~ϧT*ץ%"[mUdh?o%h-)* aLwEЧ Jg>&@YF3bX}7R% # MAFD#JIb}ɰР`Եw`8KPHMqS"' M<~?e†L5Jsj94P~>nno\^CT7+[/ y1*(O+, %u9f@0dU1txnJ}h2=Hv2ł0Z|c<I|9ךt#5.IJxKCg#޿g4Wu~>~JKKCYDE8cGfʞO4lVA蒖 S$δlwl$UuY^*8xU̿Qu$v^i!TJT(]9OgHӣf5/ƶUҳ}:zs3fh9e(M6~ Qo^kѱƁZڞ6y1m );Iӛ\5Q$ϋ)D*?FlǁWuC'$^§${^P9Yn'3yitl~5c=PAm!/[^5W9V[Ò7D(Qa9)}`R6D`{Ѿ)h;p L*vv3kHq@>p?sJC詌qBWfy< lv1=ҌXzXp7G? cR:㗯x@=G124oޓgĸ96pFxq{֓{}LQƛ -)90%%l'd麤!l9og*ge] J5&PKC*rҳ*9V%sMDWkeM'w5l\6x+ Xp9ZTYdhcL{菤v ]Aa(v=ɳtZ+Xu!Orp)Whjm \u`V%jנJBEs.x<6.:(Vs%t)%OdPUhBX(_8>V7Q)SnSbVc3f#œ#U|ɓ MRUic,Ѝ\(5ndQÆ3U%:G3^t9e{yO|Ϯ *E¶_:3E1;_lG]/9Lԥ2P61:.nкIˉ?HYO+¯mLE s0L1D T deԘf[Zt+ƷuUAV(~; UXKHr&3Ƴ&f< B7`8Jn0gk$%cIfZqd f{te#X/q<1us/(R1_6EYINm*%1E :cFBiIr]/FO~'jU0C+{s$cT4orv%o_w/P ^?J45 Ap GJ6{f&!<KGt繥zS,b73`Mb 2| k\a(Mv ^3"}Gѐ)tMEQ~q,+)woRMhK S.U O0a0Rec]}gmTّ`X>v4EV;HiJdcE.\n'6I݋ fG0 H/hYrrX#ʢzugk^ `|ծ5ޣwo@.Ͻ@ޓc Is~%񘕶~]*gÏPa2h&H,r`pf۝n+^B^Sט}܏ c Swiev9zjv)y0U$Rmh 9d)GcdWgZeɂmYD)=bdc?wZ(]=QΔO>GMCF&=I8 o0hQJ ^o}jlKL6W1xV,JlT>uͅB$fT! 7έ11 vr6?I=( Vp!BWgirl@v|jS+2vzXcیCBkg2#.liWZ0͍WuIZ%|vdLsB%ȫnp"m3xxU3_49GMrUCL2/o}׈q[dp6uժnH^AC;]E|1M)^LcN~g Ʊ[ãJF  g"I);Q9ܭ~3"hC0O\'1w#O)wO3bgBT_LUc_& A"%B0=_z5$1`[sU$]|*\Ou^aqlrqѾ(9w;EORlXD@j?>OYaBN(pU~A~RoD:#!ĝ<$a2;PrƆMwM"IDďr  )ߢ; Ξ`GQL$A|kHZ0U1׳AX|hZ7@TVPK5"8 w5|.Yq_bz)|_iT0xТש$(ߐ !'_,nDr84Gj>yh0㊷tn&2ЦAP) ]LW %kꨮ`pe>n8(i~2e4Q}?5z]Ifm#*Lh@l.lARrcs=%31dRlIIBU˙WF\6f#FWn_nͤY[ˉ/~ 61gl$QCrתntŅzOV+䖟s؟ר0Hm0ȿ9*9UTY, J6f4%.fPQ.ƴu gʠ`|ud\| rINrP %Wcd)|(잟M1 ,: EUhl {w(MLEs .mTj > [l2m{ l[ۢlAA>)WIW93 sfeWy< yԄy:*!0Fgܕ㢝D$rGh:}#z $F Zr@ԋåoٲGvO2 8$~4#l0v+_p(A'eX%!1,Xk-/JOD%h%Bsk@X3Qc +ɋGd$xp1`pSa wT?7R H@C2hYSK4~B'bCx<:ɩT/Ѽ[P ˕l]fX?N7w;.zR7AҌh-xggP|Oz p>LdnꮞaGHb{vPoJUDhΨY7i;Y*s>Fr naOvṴ̡ވldfv"JrO-*%wFTX˩)¦h1 S,za',[ 96:KR@㎜ Rw| Ƅ(Sq»4 TIXC^•s.S?&0섪5F|r `)(pa|!џ$a\Ś>m-/P^HV AI:h1Fnuh3{S|̇Ԃ2H83ߤgky\7F\A*v/:5V%FĦeCu%.z>Sɍ7 #Gǯq!t5.`=1k>Oh?hzOD ,Pt l&K}Č|4T])M(?6t :CAjߌBz$d9:5dSB|DpT/o@ݽIfHðȖmvH2Y]g" [Wܥ&4"w@Q)p:۽1u"&Fk4Geh[@vAb?;aRcI}Ğqݽ.ސ0vѕP{ϔhť ORj/E%(oPD#2/\G8o^xF; JEX -J^q`(ѿeh5U v4umjVGigL!j1i\n=cZL?bY7k6ԸNOwtccl^C/W~n޻3rSl/L .jQ?^ !]iO0N-4EFg`?fx*Ob0l+ۇ8 I}B&D#v S4($=˴m'ODЍ&fFxVg1T",7Mj`hʖ̝t{kVNmZK쪠_m3W[ox'Hײ)1qP:\ i]UK1+#M:L8"lWzq*h#J$wԢ8.SLT R}mtF⯕TwE*~#(T`J%dm~8lqðʪz<ҡ%b6~g4G::3$Ť"V뫤EAy)(:X!Ҝ ^px+f rAClݹh^!<nIE4%."?ֹ[bBKmYi65e9'wߖ7h_]`L>?Q? IL*R74*h;ȫaB̤dbǿ+Ά@H(ԗԀ(7 4>618̎|6 }$mn6hae4|HH[/A\yf\V\XGB`/oRz' ,[`D_Ǟ1xn^2IQF!Ghhz1kܖgA;*sy(V"X=7+p_͛`f'˒L\VX-znArHxepGgТpڦfIcdBY~= _r[NǨ %0pp$w"qYWvh#)2~}st~o^'M p}Ugjבa^˃ 5qRAG,R^ a2OAZxϦʤxu4%@PjƌƯ%.%a5BBSd?G^lT&E& y1 %gj<׻qgܒU<Oޯ=?נ 8f6v`׉9=W̎mcX_&c 6X(@R(g@귞$nR߅C}u`-OY^%y\-" ۋ-,/.ŪCOż*w%ǮDo{f0uߝ6WhqAr L8R78y<]ٜ-o2wV,,~m`rQgUt& A5#e%l$ez24FT<ݷ0n?~Y <ɉ| ]Q.b5- 996>Wdyhu%GVDM # ^f?})yGMv7IH[#IVa? 9¤8¯!.RɾQs6 ;;nƷɽ(ՙL(lt_-QyI&= Ǔɮʈ\ɟD!eE9oj-ɶޏ:_sKZ[ /yT3891(؜%Ae&J&/6gJ$;* vx 5H#ko>d ̯+l#(]b= B[3E^dF.ϑ/[DT@P#N/ŚTēC]:QUW=x>\T_B^-!iSRT{ɥ^k.{MgjMx΂z$$@{XWju(!|7(U"=yZa[=P_*o3ĪСGO$~lrގHG~^՞9\;Qaa 橑KdH KyԶr4N;7_{xJ%,`8: ):g񠒩xvwyi%~& w.Ϧlj.oIJ؍!ռ %i+ڑ[]Y,Mȏ@J ƫ׬bd3SdDĦI/ߊƷ99`˺owh9v/HDIo4bnb@-: rkIgMnlW*r' 'p=kX kQ]c/?hNo\o ČocF'm4Y\,h_j)5b (/0[WLb=xoC~L Q]4PO.ǁ'Pԕy 0M3v=d:H4l LYw]}pgﵺXTcDA|`3d%C keXф.dJ,{qȉI)ELUw|ak@}jv/W1Gw uծX28hI-,%h;xmU?۷߁x;8:-[K)| _.*ljI?P_!t=vWe", .|eLtsj߲xZ@18"5r"A7P|!20w)vr~(}L/\ o/:WJ^~/Gpj,oo%?;&z}KK4wqafTmS&;LOu[!Q+6I"ԛ-'|:)@d S!H UT{^5ݳ>2U!j؛@)[& BpuyJ,Sj_V]XPҭbrr2KG9y֭!p4ݝNp"RUr5̂(>/@q 3`da{CS^y D = J}2 mwtl{j䗬+"r|Kբyuw=y< mGLEBVOd> Ԃݺc|!]t 朅A8 {*TT%OFAiĘP޳/(l E?״X: :8txлop4+1">do[hOY+p:*g>v2xF>? vH7R _P)}~`y xra3Mc|&qYkIwœjE& kh2<~䴠}.}p^Na56qz5Ј%{(l~7WB>JY# YMtI+ʭZ$rZ9ОY . jrSq*4 _t}`UlaD3mE$*UK%5ap߂WBc< .T6?Ӵ4}JArSGD*>m<"&a+ooq )bE(d>8盘+G$9D}gD&8&ZiA5_5+釜&dħ+8b Uԏ&F,uk!dՄA}szv*lO'jFaa&f2Oiu+YK$adtT Hyce'&VRs!NHu|fӎ 2ϊvJuC"5j3z gY,}I 9L/v>W#2% DZGnP( xN+ZF eӑW'T*4VX`3j6V01krםПlίssר:YSsO;תL"=ͅU 1h긗 f 6J~W2?Ҁ֓ X<\^ #EkN(eLV]Hgț&V$(ܮ\E7|4D)_SoM8۰} ;|S]3 -ج~Վ缱WnN㗗=CZg-jg|z]:ؿ$\Z4ʇ]gD~2> lߴEu? uy6lQ!BW>z2m5We/1I~\}Gx[3gS!Kߕ#vLEL,q7'vd6BTS2n>^R=Q^.qJ9S, +=9\dz@E=",:,1 !cpaDmz4\* ,菷#ukHuQZzݔ!VTVLfu0~*<KG[^aQ՞{_@}u|~7kL)MہLH!hBWE 'G-OC yO6"pFB6㌋Qb"!OkQRe3jZ&5p30F™ g~Е--2ϰfOߝ1S)B&%vz˓C;貏/0[yݴl>4uuBIIe.E>J}a"=LPGYfH3z:h9leC]%>!Z@cfv{Gy:2 l'STS6I-Dwz&ʗ@gdq s证084e?\PBw+f[  A$=5(dGO7͔X\^k:Ţl^"{ g~õS 24 Q{s;)9hcctoq\sU_ַ6oGbg^T1lY$m8c)eho0 (aF$@ 躳fR:|P>%O@F1B?$_CQGIa!78ӇE\5A,U̮Mj!" On;͛^ux(.1>B%s㞊0J/Y ^Q.>D\hK]2xPȃ l]ʙH^,0FuVPLw `Sn= jA;²ʊ39(9 еuIZ~ѭi) _ {w5 oDE%͛,ҹ&XQϤ=Dsl@t6v~b_eo+1.z3b5ˌU.t'pDmD֐ y2_hg V_[l̡:;hiRFAFDbZqŚSɓ~FU>au'ݘgu+ϥ];,)bn`6땃iR61@E+dK'g~bPӯ% n\>|B8o[hÓ('VD&I?X~pu g[UwcU]Bmw<+[;M(;8_=#F&wC]n{<^ )5p+!|J+ &prW%cnn7ǀ7~P|cz$Q$CS K/%_/yKۖ =7Ԑ$K̴V s-|*PAqZҲ[ glqf:X#;疺XXYPZ6OBIWqNA 0~`%c!ǓV5OZϝ;X)C}QK| ]5%E(|T+)#kz*Ҩ[־qN0pY(nG~B HrijnkA|&0z%pA q!J /rqX:VKKKpF}۶ r% Z=E snVM0E >+sFqL MԓhGÌ+2W0ܮّ?1t5.6rߪ?T 'gۥ8ŠW ɮ8/jDV@:9'&؞d,}I8pf3wV vkop܆?eauwf>UȷC@&Iލ܄jN55p+#Hxw /ie?YZvx[$GQjD}kB>YދvwkFl \T){56~ߝ)Xπ˜HjA-Jeب}S>e 7C |,pq3CDH2M_!^۟=I-,+4 Y}5YWw!CfeϿ|Ho󎋳_߈fL >:% }BEQ!Wq:uZWL3H.cRhYM-iCWE?V:Vͭk1r"* xJn[DV8~?XnO:Cfax0sGE2d{3!\6 X C"A 8XƿF|❉H@)g`뮸ܴZ>6j95QfyJ˄* ukaɐvt́^[\Ʀ?z׏X#.:> e@j-upƀ'ʾz )ՄB@EAQJt񼫾[eC)+f,00{K~*vHnO N,nZ~3jk.4:M .RqVC~_sݔ qv @+F}T~)qw U-*-WDށqќЋc!rWN0.?Lfa2S,4(H\L]$LCp5)VmfC6h_쥄S32MLC g m_L jh2qF0P_j"<۳%CѾx8P \2V% llu,Hpq)w/^\h,X^Ts;yƝƑ&VVz9t>;&NM\]Uz h,iD9{c?N]JP0*w~+ɑƳ8nrW. qƍood\^dFkj"3qVV؜B2Z}TsVuQ*((4LVY\((u]Zai mlpMI;Ú0a5dʆQMsn8)%0F m .SoGcẋ2ǷbDoR(Y$[،#uNZ; {(x rYSn Z~d(Nw (F]y~')$r@anOٹ$eڋza;bͮC",w"A2۳OG= .oCKoݼQ$ ,N[i6-t`Olɷh1B]NB0ِS'p3bWxiz^ZAD%=<9h*AWiiیޟA>tkrTj9"NJ" }pֲd蠒!u؁8QrJ>!Y>yf# &~yI\Ã'ȵک:2/K[u^AS\] it˞ PR/DZȑ%C?L+]!LBE.'1) n7ag၉.o{SOv}PdUA7Jaս׺z$, 8cUGPֈq,LRSjۢ\*R T)És?2HJFRK̴\_-kӗiT0cim+ɸ 3J.-fU?#澊P1-d^2up#ZuC?&oV3-j_X8"̬Kr6ǓgcMv=|BBg(ũ-ԙ/f ʱBb~:v^sA<ons'S|ɈL/#l_EdZ5h\mҒTXaqG7Q5_d%>ǹr?OO xd7.W:VyL'Cu.3J,VVC o#f_0'AMsF2o:jY|̣&;(FC'  a_Pۣۚp7ZI\ ~HLlBs3c%o^Ǔc~ӯQ9&"Xo Q%>榃?7b.V1m6 Ge^9m9 ^( 彬E!S g`± {^qs:t;4+ݾ#=S7h0 C)%ۃ%/}b5+KtJ_'38Wކ`K}۸řVz%t&utQ".,0OUdUNDR*nםĘXȆuK1'm_@^+ϞXy)R c?O c&/u:P0(`=\ҽ;S:/,Q5$uξI:*QXbKΊTsʹdx y ˂Ry Ym5E6\g| |D^vR֮שy{B̬I5Kk$W;f|#צ} ;㫽чx;Gp"gJ #Meh%eFߏ&TK^[XڿbCI0ƌC&lUWe:Wyt0EX+'km M!y5/th{lŒO<,^LʆCp![+I8‘]w\hvɼF}N rNp v_keqYMzDKu}_ӫn6t+))?Gn4@hR&/L]0D!~O<,1=]OrU[x4* b^y%H7"wxբ1Jᳬ3$'w꾧UFwcU{oBEF2!_R8'jyJZ?g0tvAtb-#u7\?kXSՏL@|Ƙpލs/ #a|o 2]c!(Q Ɠ2~Ģk7ev%SuUq⾸tK>[a *8$Ki(eАWWK4F4lj1F˯ޱw8 U?oX/~U=?'/}jwXe9zm`+mјrKe֗FG]XN n_/`<]5(;mppHpz H i-r24J`:BЧt(>N fJxRtN=/AF.uE1¾[^:TEµ 6'W6 &i (L@-˟Cٜ~lO%߸`oFeY0N3@1pō^b U h1ǫ,qQ:D-g3:'p7 l~ψ?3DXכ $9b)-@NlCV7S"+8&.ݘcKe.t E2_F5L os}m#x)#3"N҅O2??%}ۿ칲2rNt:,xGV ⒩gx_6تV\ AۀlD<8hA6W.a/5r}ξYfm2'H=>VZ1I @|B{ ~vԨ0q#T(:D="xVi%vӂ_ ?tŞ_UHУ JbSgnXh MoD *!Y30hl+en&6wƄu]j6p@qt|P Qt8̫O=DMG" 5n&@<*]+c;Gɒ'7_~a4dT%3XkY4$Rbhoji=%N |=n0q|Cf"gt+0humr2AƪW<>Ϭb DKLnuh4oͷV[1WoS0yw iL \l*%4:ZFyyUgƨPDq-UcKT9B*ݘN87J11hͿxow!4V4 @}/}#1qΛi-9-I 'H ǻ(!{Li~׋wѥ[e[ל<TJ2ns=b;ICGhM__$ 9W` شc>5؈Nϡl;YA{U+R/Cݛ!Pe9-FUQJto<!Bǹ1.dէ n "\S,z<X (+z}mg'?2z }Gb([Bi`IQx==(ȏ1Kw4D SMYJ {& ^'NIQ\Qz݀˂k.gH1SIh sT[bf+'|%a3;$ҍDڙWbZ~"Tx7VRJwЕUgJpH&l۵b@J3(k/\QTWI˫i؎ߠ`zFcVH%`FU :XKqI_$4ك3H{6 42bb$q;T*.iOo" U\EI>5}Մdٲ paݞܬx wۨWT4AWeES6:j%Є8G(W@4:Nx3vwz=s`au]qt5\SdDe4ft9W<2ORfyC~4#!$iE+~L? 4"8˺Lժ 01UQտ*He^McFdo-fO^[g`H^oxܔ[_~䋂5ҘmeA%ŵ:P0>[Hg!'~IyM\i(QuCAFo:~PrO얝Gg?q:T2Y(.(~C<B\r{!10WC,Z'eeR3J'{ iu",e-tx*M;n,];2" 0{w`Х@Rȹr(z,c}k<԰Tϒ e#cD⺰XO=>!2.BV%Z']HOZJrfM9>ܞ LA>B\iyTfÿD݆ \9JWAK.ufu5>2lPy0۟iтQjPG:1c[2w9R)e 1oa-ɴՖt W4;`VzjAbEyqccZOy/ie/r찟V@ES`@]5W^Nϋ1zq|g 5e|L$Ճǥcn6ٯU4a\b296줳(}F"zFo4#٨'݀DQ,!Mn`L`{2N.6Kkz ! /p0!*w4fZiily_95%OB|#(. TUًk-A[yyS˔=UQAc8bt2Dӳ LAP["үXi:B! +o/e(̔׹gdng9ϞsIRSK}u~OF}qĺɼX ,֨޳67ڰĂзnGH+J4GȰR~&赓wDoJqy Uaʕ=eƶ!w 7Nv54yIno0LaU] y$ -[*ﮪbp&Aw2^sSR 3(( KSrk/ޠ^p%B.;]UTrZܐ-;j8-Sa&o> Rq|=h+T NdQ9\_eUPVkyCg:F3V4Ǖ\S ) 6+ c*}+ߡg jp= d&GȊjS05gŸi5JwpfQ5'EL!'u>>Ϻ>lͨݚGo?lζG&JlfYͣVj']BjqjFT1Rc M T-ɕcG}akhN8IeI\T-A)uKer᎕~\ŋa=7J?9(ɵs-6(ys.*]g& !Z.Y:xOpwjpƄuGY"#ߩs ^LE ftz62!S_iIi`6⻄cu̡nӛ(eί$8;<Ƿ5\ BW"8#19q!#{L|qi[B);l yrcz֐ö`[rnʱ1vzRN0`d^E8I:GfRG~ ܇p9LJ?)7{#"6mZ4$][Rez"*Az 4bV6iү|g]ws<2tH9COɞ $:|+/SoA!,@l˛RzaUiX mH#̋dz볟iԦ29DIۧ`W26vXʩ1Yb{̘{ pV~Rr$. <7biɐmAt\e qƒQ{"^| N*>jIV|sHSGOSO5|4˿EWKC9T7x1uÀb[ .gm1,[\jZ,YVW׉m$V7_,=mׂ( hy.LcC:Es)`Xz=y'jDٻ;rbJb'LH u'b<1}JʥL,jF kkb{ AZύfeg_Fr6wY9NDF%1kzWl /I/.}wV"(V.'4m̽'eE2ǚFi&e ~) E5;d|f*fiTq^}F?EY͘&=UeĖ-[_U#za;?v3\cvxcH LffI<ɒ6 O]ЌnO%68ͦ+fN$׿DuCn ?I+gƀ)Zϱ8b fm?7`"k `:7?o!5( oryGd?-3M=)փlPpuH2aluȴy+a >WF1z僇O4-@S :1G>Ps8J:0%'[KVꔔe%tz\+wmx;t@x%:qrl=4jd6Ğ%1hۇDA4@;G]-6o8TjY<4}ϤC~і ]+ =_/#j%g=+͋h%_2PQY:Λ*SX e D" #iC7c6 -(<u1rXLjȖ2lVSƯոZ{pL(詁c.=R=-MD$(FubGYG] beS V(zcG8HHP}ɎuǗ%SquÙp">9o7%߿c5쇃cPLm/'=tOuGmZvXAw tvL"5; K9E:*%LW8/_H&j}su|*n\Uj-lS{# S[Z<7<zG']lA <ǐU1`CP8Y ʳ Kžŕ떠Rv4 ui<2” atCCB6OO~Kak{6L vM~3iNO4b$ ׇY:xpрsixT;6< 2osF^aJ %t26k%aJR/,.imW4U ט'?dfx21,.⨬R/'=Oe٘@WO3:p@t9l}&Re0"i)}K/"T_f/(+CK#{PM9 I?kԂʄN#Y>]iq=']۴\'Y:__ydcQX|OL_`?rrA4Tah<Ð3A=_.Ca i7^|dp`2&F-0Qlܣb\ESƻ 09 T,@t+I+q+<@5SND06wβN,FbX~؀kE9AJfs4D:ܝϻJ+q#y;V:rPa˽\-ӝ,lVa-}pEW[׳n4')3Gfrw1;>:PB ްtMCتb^|U c}vKA\׽FL- w\bCΤZɍ̟}+go<repiNԴw$ਝX;=/K\c2ף bw7VSq @eC7H5̤Z#A_G&A c>|PFػhY< -c򪺥\I.Jd^0Ty?XkڧU>.bIqDr3Ģe#&uzkdU|RX0`">$?5=Wu0󲤖*kR{KĝZE%7294ի{2?,Lʝ~V[xZb=}ͨ"خZa G Jذ^W<ѱKC`S-2(Xk:5V`W"##Qo}ɜ e%>1ō$F ~k&8>%?L Uh就Sh^G L`PC07ǘ4Q?⛧Wf]A\'߱AjVV~'_"mY  1#d _ɹ 0T|q<: {.="QA3%7?f<%& }:}c]X[Oޥ 1f]vg`3ob>D-6U5t۟64^&A6J{dMrWZ}oС]rMmF5(Bba,tk>&8+i@&J71%kB®Aw2g%U9a$|s1Eg l*X߹`qݜWQXIumx~9@5Ι1%y]TlH3 S)~<(!LO` :BB问Vc2ǘc}!Ak˗'?d-.vu<"ׅNQZىy%@(Ѩ@d5w[ '-o/<1; CD_-o!}UUڕV(fQm8c0kip`MgRr̟ŘiJoӱQTҍ\.)ffG#YOV<"(ΖyWDK廆&MĐ0`Si0* 4}v-!ԙ>Yh),KT~=toeDB)mwr2*J;&a/J Q~PO0݈ҟ9^㻴+K/!(u+}D f8bKK /45+|<%6:b/=K{!hC_ Ly:lQ2fwLY\D}<'3MzoZޑ/[GS]PfY|Lq _lځ mB֗'miK69 ^ڵxY diRGb|&UG@٬ SRS9Aq:qйv*v]IKFg]e`J̨]5~5f„?eZR ʲykڂcG"NJn֘uE2 ;7߸EB`9 8ULE0)+w-;iY=~4'Pa/+xAN wd3[/e_'V&6*څc =''65ፎmo~l|] /a?c_\L t5#lXn`L%y(1% ƛvب&QW2]H~j. ~KQ iF88<8! n<+SӍP/ teH2w:16)tsh@H3[7\#wNv9b3| gNY0f=3ѱwٻe\zaٻepYvuR'_}|0 o|ˌUY(c@$;!Gf~#ߟ禡; K$O|C_/Ó $;koJ#ى +]KK *iDأoE!P%hZ$X,'E۹2r53>[Cc4q?B׋[5*] chX _ ӓW r;j 5ن$\7Z)Wp\5|dLo^䉔qC[&ψ(5R d~ TF6 )fHs\^is}${;ž|nuԃ׉Iq1?Ikʕ4BY! ]Ж&Gcm Y7/7?P<Š\,f K9+pD'U*~[`&)wuOݑjYw֜7I #hU-ܘC-S`ͦZw/rG0|TM{5τ(6]ðp k7K~8H4ې 9.QC4 &q%qc#L/+JɻKVBoYцrܯ2ً'D#Y J'V+v)c,$ gKP+plMV|=cOMBbi*؊s*7"SiRxbR4ЩOK;t XC:2pj΅\Em8WM4$TmA,n E,'|~ϒko_efqY(GMPO *Eֿ c %_&}䑎 c0*s1 0A׷ dcarvudSk:q©}Gc}`dLӆ%ҿqE6թ6@Ҷ%S'%JbUǕl1,tJsR u,X 9 Y| !JZ> N{E#7+roPaj.4Dj8jwas,, :L-+"Yr~߬x1n0庶=t~/+(TS m ǡ[cm@;Pۋ87r($kbE?XFrTQʹxȡCyKU/8cgp4XN>9ElzoA+ c|*#;dq6l].{Z6 hI"jjnDتwX=.l|*vTFe~[ےZb@ԗm:/J0I|iS34̩.;az;4"[s=Թ0.l̩˵俁~V7o!!q)CGX46S%~STk ~7\].qzW~\LOfkQNO\ Qf[=7i0ѬS,*NWU>en+w Aq^#[qқLCk|ɽdRROJ^cUQܓ|nJj}X@! ?oT/ dP).GY+ĤzYeG L5֮1Eޣ,V%mq -J) 1B4Vջsl%؞Sc ݺHOC$ȉ 6[Kv[-FRy\DTӉOTu1ιteѻ7znGE(uHͤ؟ uh[U.ޏS&@k% U¿4pֶlvpɒB)Vտ{o湑Y^Yv-# Kjse=J[i$ -%z[VJLDQB̃+ERt.OE>+!tyV~iظgE/ 9: $#oőn.30j6  aŪѥv 1HҮu/?vҌ4=L9'\ɓav+i0'dLҐMA 2;àELjO>7bimt(vyE: tkSrU2",s#ٗ@a3 OΘNqdL9kuaPL´a Khd_;1bJ)Ҩ |QjRBDU*j>Rv `B͔kT|wA=zo\6A)uk9/Hx&R$6~YaZSɵ Nd4?iC4sK0?'iQ"ay.%Pz<|s3$P"Qto QJIu;}ْAksuY0v옯N5S zUgA){Gb`'@=8`m Ox"_<<›4Gj?Ý9'lj&""GF|JƬ[bcUSu6$Eeez:[rvE*hz\##ᴰ3<13`1CQQ9JZtfی?r?AJ fWá(Uy˦YJNG9n ˦@WR}2Q,AxL}S7~FaDO`P_DysKkܐ]Ugkn. td_0}ߥgS7DC;ﱐ'b>LH{eh.*P:lS'd]×~97wWkUsRn_|t}']&0z*ؚ)rFؾpp+^Q,~ _{C-8HV!̘KOb [[1/,+@hqI3S-9gR+u7 >x¨PvpnZuÃoaK{6zp`#C|ch^5}v8Te2k~L*H~W6 {ZٿW$3ѭw]?N:gJ Ùr<:ƒ#\Ge14x M(4CW ;-}x${"aOmnJ4Gq6${2qdސ#Še)mq̠떙(Sg>#2 EY shQɽ͍ST=2vdGه6|K_ńPl/UL~"]NaƄvc\kH"fZk.qbCc<ZV,Hֳ ]Ydn\QXhjeɦJ ,njHH|[p^q;M66+F thmT|Q`n "W.2P;Ǧ A)sᏭϿ+~A5!\66.E$~n%1j?\Յ.{v]d)Fl@t[Nu$%ETO`a>m!byu NPۆ}"Gx-k̛Som){9b*azђG- :t8wq5Bq툺P!bՙ Bm#/pE<-߬xtLtd|[@d$G)z'˨>ac521b/Ov{KQ5fBMʭt!>d9swڃ{T 4rˌM?G%%%rXR==kaΈgExkz>U&pC4 k3o5ma'N3_&g64Sm,wPP$/̰ N6Dٔ56q= tLܝRׄtaKP0JcepuwUmT:vk$ #f0;4 ^o/´iV g"{?YA)yPaS(3X] T -4 &>"ƻM?Ysa2iXcuHDļ-吢'Mھ&`_Id3)ȸ ',XڥKЛ+8 ATŚ{R9c|)O1D'?=Jp_մC ATZV. ly.nK+R(/[A0Yҫ<]g FȧqB>N0ԘPrp0)LbL% OI~_wVuţk \U`qHPq麗I>)wstl j4@ar^V28>>{nӷ p ;QV׻*,+;& Ub.|R[ 6"Wh|uNUE >=ny} 1ǵj3Pivů`N32~a{񜁗/1Pk](gFG9CTZGMTs7+xm"Rz-,ո'+ӆm|7rUZGE<ۤ ,BhC28Ew%v!{k3ƉCgLQUHP#>h\h qݸ򲿯Wa [ . =U*-ҁ^!BAtCDf:P:@4h0@mTu D_qgyX +Q$HJ5` [ >A_f$j%ON tږ5_!򹶂ڪl7s]&  ]p]Z<]&mE>&'W&Cu^el󠍦WN'۫$a)ֈ=5:"XgKV{Lk`.Z4%g|0eU= M5֝yZ'9ƭZ6#`VPŊoADkat.*6=Pbސ'hHp8kIe:9c Za( .Sd7GL-"-\K氏硹{ZD1aK{ &RfqK8y3<S5 1+Ӿ}J$vb/]<&mv[ G\p}[Hب۬S" *̵FCD,Pyx,}=4Ձ!t5QS_fPbB;L=ъW5=YqZ(0aǖcэ$jБUq vT;^JK3bhh`L{`}#(PToOW?vkpKA y4](װ2o y#ZD} |ڊfZU> f;Ër.H+Ƥ PU|{b6l$h^d-%$"7Z9@v練(*~N3 V|X}xv8Qֆ-xA[z>j4~ĻFjoX(;a!^Q#=0.Nl&T[HuJ$rجƦlڌ;?j6ΰ"Izr'8\] <P'QhWʹXϢi`֐s[s L6;q qTѱ4SYݜPN眆 yxp"CX4}Xmb"?ί?$_d%dg\^*qHtZ@)1ٺ  5($w( 4 ״\pt-6){"K4I}b",yEv*q:D辌6O;屍r˵aN>&Qˋsw3~WP` gVlCsѺ7Eצy5xIF-z^Mp Ò,đoc=F}՘voȊZZ"K@pvcGon1#ᰕ" c} !MO7)C7s*Ng +qR[{%"Q#$g? !b O(N|Xbs4! 7 ʂh^ߌA6Լ0.9*J.Ҷm3+jszC>,Ɨ/(#uw=pH61W"G}dNbhWN ͝?.qU-ޚc}'E(Ot1jn.*wZ2J=mρ:&#_&2 mncSIc yU'.+:bs&>)2@ecl%ƶ[M'Fpc6/c^[z}Ї1=g܉zx"H T$TB 3a 7RӗYs$Jx$s$=|$CSLgy~VakT;Ƣ|)<[j)u^΃nk^B994Px>IDf oyh)u^VKyI*ӯ⩦<^ie7%|y0\p% 1B(ЮGTaZVWGP84^Du qdf8򟏈JĎ5|W ]K2N=8C.{(ɹ_ޡ[4HgrWMR!''H"CTA}&c[L`qhsLNpmy:zrTHXJ8HӪ,,VA-+k,^Ak4,|7(ȜOYR!ź5$иN1͋_ø5XȜv|8>w_y;h'h솜\US{PH ޵5n͜-g}7FMErceO0G=E_/`mDmņg^^Hf_D%%>hPg&dPH}Z&beRse]Z>M)C9ď#Vz$Y'܇`7.2V5e!wЯrAd8|r$~@sH]GՓ$辋4m5LNzo2L󗂬-\\D1j  E _$*.Gbp}LP: C{Sَj<8=+oQ1m?uv^th>1S :Y \1*l$ $?9{AʩVd,)p7#&lOa@2wG||JBΞTݛk-,释@XY ]ny&& bK>z%)nOAmR3?stXX+.' Jz`'{w)4>9fq*X>6(z|Sk^v0nJCDU{z'|DݸwpUgssq0ÉLDVG2V1NW~-c6/mssoTV;A(͏"pȥv7ٺAY!yDbTKRO_CngW#yMQ5D_[/hdFY'lhvゴ1`sFyJQjW({w -VI] 4DNz *7H yĭ`嶝Lzե/]ْ"dNsYr5BF^tpW5l:m6{ ԭݐ=zuj>QT bna߂1i9b9㺩 7^O*|cj,^Nѻ9::; Ntg]6fI cUf|zF1?su Fv AV]B~S :M1)w[o4vû@Ki2GO\QیL*}KKkxAc+M^rEM>^bjA*;A[lRmGWO}T,ܞVY(;@Șͦ"ؐo:q^&EiE5ߨ:(Fsnu]8]d"AMܻUĥ'FU6hM3RS+aja}LFn4S,`_V|H/T>_jMBiQNx$@贆k/^ޣ|63רq8MQcJH :)uh._Ǣ|8(g͹܂^}#䙄IbJ;e;kH]i} :L(#L?{Vj~wfMBEfJYCz7fDġ/9tZ Ȟ†['I񁓨Yy7[hܖFDZi!>.;MXl3"?@yB҉Vq ַpHVr"P~;t΄i<%(G *[tgRS"l)?$]@1 WGbWI  ?BE$QO+wsGB_=s"YRP+;lT7o[;Kcn;D XmEP%QTz]=pY☤@ E⾯ iW$/[=zNWHnnNZ5@4bS4 @;hÇ728~4(dXuޮT%|:a4 $w>eȚF]Ҫq;C[[b }GIr H PO9)c-WD^Lƥ{M_3gy;(Qm:<#HƐwS cm<>REA=(,*K\mxb*߸^g{Ժ1}cUQ>8+z HTDJ̣>՘Wy&ft8uu\Cxi#?$Sz M.BK&5׆Cb/ p0hAɤj4 I(?ۇ; |Rv#fҗO|v 94HTg˨w9%0淨@ *F!-i7zJ29Lmo-T矕TcġauAѐ. w39g%Xޣ}i\No݂ w^LpchYE*)l/Ԟ[R%S340tX_2upbݏhtTy[ֈ&}t\ɪO13dŔ`7T +u%|[JcA 6OX̣ ,]GW%z~O;b),_"aTUG_7sp]AKbjo>T[櫒ReFkv ߪ}qܤo#W8V# ŭ}x1|4|ri0tMQ?u382.u㯬g2zs* #h!5{O{fohPަM߳!x1j9H5vzYnt^7n\\7JCcuK0쮏ID.XwZ7auêJdу+At_ȍC@Y(Yr;0hVkoyK+48%6xIL}=y19up qyL,N6i,7(ڨ9"O%J7DRYA][2PMnnKщmEKf.rÄ /brtSc9-/eo'4(ChepICݻdg̈́_WY[XTe˘=$v? 'At$\|M<g%WyQւ-Z~{Vb/3nƒnx]XhLwOaiw_tt3!ĈwM: S[x>SBօn@V0q<6NSmYt~K{n*n1rxӔ8woc^-Q,am"f#S2(9̋DE yDaikE?=ՈTO* 1eIsI2;sv Y]2%w ^/p2{H'NwLSQԭxj{ G165q"vp<0#s珈¡Z]h17@)B>Wz|"Zl[ kྨS' *YPۚkhѧ}屺z į]ZCO˷5z fa[N uMfm x, Ю%SjS:Toie?J_FJnjA |q \kEuw BKUu6:k\e+r([s0Um !%JtL$qx'zyl1p3j qؖf5 Қ.#ONR?m`/%e12-B^V=^?i [ts}P}@b97-oeyAluDu`[GYt@E慧Q86KxTcC3S"dTٓCE88) M]w\?׬NLȑgfDti[gsj P m}|Hiir{zA2'R!Ah }uz7Bj_ ȠRA}cPa~G<*@{{E8EFuiC(%jNON-$Е [S1J*2NsMt@I\Gյ۽@TwyYf5G'ӎԁkIԶ|wR/|`QWf8B~~foӭ#! c"r}(zdУpDhUК.aBi6R_sa7:-ҖO#*_vv5GJ+1lo; !Tg̷naFƢDݥ%|8b{tuc6+lfۂ,Uz(»r 04GT2ܔ NS+#?α=jUBYVK'Oy $+Hb?}"3Sē8bQfAb/MC*N|m>i 5NN7yW n=go*y`yQ>J`Oޥ>N&1W+\,6!9F:?MjZ4(5LG.SviCvtEFc: Qt4 x[6E"bu1491׍p{VKF=0·Z"0*WƮH 1chW+R{a3ҷ,i91|MrZ+NMm=v/59' K a[{G0v@Z)T pO†䢵?`+D f.QG5 3DY,KIAG #Ejƃ`opjmP,gz;œ?qkI 16QoV)$GԒS;ӗ>U@;/4O̓n|S:yd](2׀ꄶaCVr**CQ[S2RsP2a#9;JND^\2)+{@^BpؕbIod-(gG|$\ -UrpMe^t Mi$}T;l\1ˮ6Mnߔ0#1Xyԭjwe> .=vs VI9QpF@~2D|2 _Ztؾ.Z+_+ƪ:K+s=]%J|{G)N#ɶDW0&Ȋݫ-zH E/'͗r:3 ž;I3!c@ki" ^`T ,OƢSh}sjDCXR!%n,Tgg/Ỉ*or` A.3!+6G+4.GbOi/>> 'tfb9.&YW=h-b`a)$G5Y Idf+(Q4w!Kp7IeZWoӺ*NeVJW,蘅`^6U+nIlIk";@տbPU(t1W^zyQbzF5VI+˼7+g0Tp xs8víggGݤFBqAN 7vߔkhxTwX~MJD#vd,wx,+@(J5y$ VxhOAZ]Ĺ)U-ΝZT%;;٧Y=#t)!qȻ5d(=ȼ=%+*ad=J4?4Ҝ$]"%L֪M] v`.}N[5nf0~q,*6"a#5͸"JFy9U1| rL(3:Z_=bx >)y3_c]S̙/Q4scTj8S-ZzƌSvMx&`K<2>ITwXL] 2&cMh6[/Qbxǡ tpQ5ٍfgLm)959vN'D^vh^k9#9yeapҿ&"}c Pl8A~TTB:-^QR&M}̅! fb}:Cѭb]* f7xoUIL{%K8E,7Tx ?_eÊ~^LV>0ĩleQ@]uoWt1 S_6Z/.ª*d>j^6ZYV?I2Sr8AA J; ~9$ o61,7g.^jIkPA(iT36E4'ƵY>޳8ں˜Ěn)uUX`Sp\Xi) T(d*FRχ|乤~-ӵsq0 \ozE#N`:WR <^$Bo-pֆ؇AmuU+o݆|H{ 1;tKgw5Y\XUCQff>wmˑ*}?(=L4dD}zc#Vwd#)vn"::Fl Bo.?{j ^'Jd?- EZl yD mwTT-Nё0{Hn]*,7ӷ,e4`uʭWCظ*~[X-8B6|&F"^-̅B,IHkx\Bk]!> Sl5|"(G"^ HW)"'}^]3bU?d&}0 3ƬfKg@{ٶP$?cұ!0jpA~9EL_< S~ 4c΀Dz1d5 P܋ Ѩ `v"#$ ]|PT0]y'e2yN ~vT̛4?4Ig ș 兲8sQ"ҳ6uzdL)6Wt0`Uh{ϖT uʨ Z.;#xhF%Uv> 1X$l䢭s*yB08^6AmCpRy5'ڙ:/ROdGpܲ `z:.0>!"Ձ(w A}}HZ!F8z5`꓄22yiƋt=ڦУwϝiJK5g5mOl dOϩ><Ӹ% ujCu3\0jqrob4iK6uDί4^LsU;B}B"}M;lh! KPIk!ƦHk#B^R[ mfuyh#]~?ȼ:`Cȇ~1n;Π]wTM<8ޜG)NU90AFT~z4\*6M&$ (' ݻp͡]/=xVSww qJ/.O0@pJOU3M5b>g%F$sD(cCQ1 WIV|jͅFYֲ"I(`;+<LnoQǠ(oU"8P|N~^W[Ǹ |Vub/$UHbjMLVOnTȸ dC$gu,$f#3X;1OIuI-#ϯt@4NB'xM%xC7M[O :IEyB;ndo~Ycus >U¬++ ^hˏAb}JdrzL1M-nj]ħ0 xi ƘgPca&j`#V QyV5ɜO 3J:t<\h/8]Mpw_wja_d4q@馤u{D9zފOO x_6Q)ٿ= 2;[Z8>K2k.ؑ.rm}Y< n05ނEa{D"]u V aqKY?VZ3C@/y܎~R=K4&ljrBs{6Ӑf{/-Z֔aU [q$Ѻ2J6Z*T9VL.Cv:\ɚ⳩  |s8Fi? ,Sɠh2"VS@1)qXSQc 51D5~ T?/<9CYIzG 6r9qby5HǙ-kT½j f)NW>jl!ɧ=)cOvۚB324[yiT;K7a#-% Z0LDékwlJ3Hm&AA*e8mrT1-XvUU\ paPe~Q Ҍ!AٻKY^mI,Mh;;W(>7HJcEK8x3"Hղ\)$x>QI6l5d\9'y@)A zzV&S%@,-[96 #T؋K3oGwyx\=XKַkriJ g y? 2 [%X=u/`@~ܾnGVl(B #2jsͰD~iqp#r@C_\~\+ ZSj:J.; Q^Q%Y'X2uX]{>sR9 #E0 ._]КuY:O5nԸËH.*3S 6/|?D' Pl [cA.5F/Ya} c4M^ZrBk;2ЉӑY s&Us0$i3 iCzXWueHu[a9M%um2XkVGF"Q%,X,“#ZO<АocU Q:r71aĂ!B 8_S"Wl-RHE `Z-^F~rў̘=y4I iVekXPȷW .rȞ=i,LFh>5C! Mue>X[2{3&  -%XWj:Gr:IO^]z؀(gY0OSM}ЛGM Df={Ix>Fu("bF ,4/ i$ID[g,zaКF#ǞV Shast ~dLu{5J"Nun=zɔXKEӳmFP޵5ey784~WJьī⹓] .kn #N ydOX̸1>-R($gvcݴ}!-9'FȜ>ɔή{gu%T\> 8bdm%ņ<%i2%9(CUʁGK}?ΜiZ>`3JұӎEθk_/zAjFf$پaHծgyxO!1p_`Uikk9^tl1+WFV bƶ\3FއQaD #-g?hqm0ɊJ'JHRkۜ|h8 kg;#u yK*0M(QUú1'z '&b篦zi߷1K?5JguYOMg#nvXP WsFHri f0r7B5pQ(xbCӯvy5mv-xTZRpL^1qaDX'6y>;r׮&{TnPsyġWy؈I'7[wSs1<><b>F͚Ii-|*vʤ[ TJBTz|9F 4W$(!\a!HɃt>Sdw;,T2(QP pSINJ)F_$*3DɳiXȕ1(IM %%RGL<G`zāh7`:Ǯ#NZf7x…•ַ5Xh$6Z!^dsXw G-1h4Sfәp#Lώ5G y1 WA3PeHtA֜e3sR^1e%e4 յPDžl&ȄyxD7.qm!Ui*A @$(!фBwlCRHf8ZJshw7ڏ/9 e@ ֱ "퐀ͽ]X+nK05Y* ^Ò %H MyCdr 1=u'L氺 ~ϖ%qHDj;:+@lWZ{ʼbB4/֝9-68ʍUj˴RּP9b_RHy1DXRaKnny52=Pʞ4wfRcF$h.-Խ Jhz=zi1yAS@8 nz|0􁅘OZ?\=URvEߗ.jv}d)gnA E#,<@pm̀i|=يÆKbg'k_4(}NV4UlV"INX͸vRzV\g 3]5"2^ .RFwaWFW0L6hU42_qOk44>-:D\}OajĻnj͸D|;/m4Xro[d]| ʈv4倭H|g_Dmo'8qpD΋EzT MT'܁9Qۀ݅5Ns-Dy|>D:Y&61Y߹#I)^%KVHWC[wS uYc<{9UUS-IDRCqV ڔϼֶ4<4ߺ? h\m |-FOQWPMQ"zTX@dsfz$53b 3Xi* Gťp*,B,A!L~_nΜ@=}eߠТ,U|P^:MHdɏ6TUvФƲlmZFIW:㚄@#.ʧSЊf?=nZKX ^'4I`yE$lS?6pG ]L0\E~v8 W / 7HLS].GscO7g!,ox9 ˟Rl0jr O?cH4) tpDAㅼC&o N. h:#"$O\/RQ|~.`P+JSհ`Z0H1^PiYSj@|>T:UQj-qP&HJ~ʆ`[2ɶUdz2%fH'{Wg e BlvgV"Ьn&inhkltH[~Rߗ*;!lKd>>8ZJL^%)epƁ> *Qx5Mȧ}lqߒ~<}Ѐ6/_F |M0~e7E{X6OJO^gJE;lnG#xjȞ^{1}h|Wd~4W*ߓHIUB-oF!졠Acj4Ƃ ÝkD;d'CCKx!u2 4Cn!KS$D8\E-t;bJy䝳{ ,+b^zuzH/CBFBxf{ OGc ZTb.j-%5`)AT)??n)Wz]z>m^rB x9Q`P] N<={=*/Pvl>Y^x}Y8 D׵ցZȵ:cTHŒRJ%ZWۮLQϥp!(>YGlTR 5Izb>n*eYjm=rqYֻII1e!gl'x4I̭d3cXH2M.648΢yOgXO]g  sLՙ"iZ΂GII:0jD7BK}TnOw)PߜȺ2̕+eVK ltd4YV pՉ{܄ìR?3Rl #hxZx$B))[#)вS|`f6MdԼzE΅w߷GKs wP&P1 )~ƺLNQU_J{x5)IyHEшh8Qh&,ו 2>_%J6 [P8Gϋ4R|]2RN?D9@=i;-ߪGz=Q{'|g\ۑȕLJJb߰UP8/ \gAs Ul3yxԓKÝUQР}'|M8YmY[ ՖԵ3!y'D=~چo)YJ斃Vcع¬%?f.qyP,\?{T_GMB6  USH,/#2f?u]j# 4E5Mr)߬"'7 " pT H;WbdǦnJL'6;BK~$h~ c͋gY dwÌsa4*JKOVwEl6\Jn;I bpSWJ|KTŽ<_e}_z0X}dxҷ"yanNu]%:]Ѣ0Z-#zIJ >268@I4#G+rŨ^hkS \tW=Y5x$ -l݇Mk8\+ݰ\Z! f4b$8v  ]If?& ~"~mn 9syAC[harE^Zr?c,+c'T9c!Vu\z*6L:Չ[8p(?hK|-Z[uP'rl:wt{qGNWeS(C6piVŷ+!=4`);q' j$ƌߔJ@!, eҏ:Ul1z y'teYEZY -uCd`?}!+XE`z>Ȋ2Z/f(\-%3ZN1:mXmDџNV\y)8Q.өu`AiDOO@? PA(_&Pjo-kiÇǾ֞aO [zf- Pvqj s) pKbavR ?K$Im./SEWҢֳ_8aJhڸq zDY=V¹Hn]>n +E21ؕUi">ksQtf~W{N=.7#upv/iB,B8×dtP3 XV< VOa \5"j#zuYģi* ]a>+N(n>A6}%Ӄ羱M՛eycCrD iJ8 [$zL 룊*u8q&Fl.": -[32W!` 7iTY\H5a&-w'LO#ip2V\Xs}r Xݼtۯ"^h*TVy\6TH1RM0Pc"s/~}L"YpʽsvQFZ+A|7tPXG&(%yBkt#ohY~٢۪ȧ]V5ͱ&s?hKfeEy5R%8loo+!zf^`R0۰]57:߬Kk?1SO{w# sb$wyC^բ ˟W_l@Yȁ`;\=Aڶ%hK I* :#fђf}dBE4X"Yv3XE}^̿ q70|v|(!J䖞y? ,f׬i9O[Q$ٵ.7B5(;1ORK - =DsU^Z e4cu8$?e\"I0At 1*̞]o)Ze0!rx܎urF|F Y2L.;)F(aom`C =' @lL0]N:ny)dzf&-.{\4s)Ļ 5,fωB_܌@gO)P3:b Itf+|+9 RDMЅC^^uTWtu* ۇ_gUM/NS{5d-[9\j+P3ՄV9Tdn#8,{C&CA6)'qL oR9ތqQy:c) \za.c)FIa(&cS'6FΏb`2+J9#Q´XgO7+Tgx#7pEmQ'+)mS?1,Kbhz@m_ᥱ@"Hcb|@s@b>RvJ:SVŞ(qL%sc,+.3wFZ tJ7k<~`3q %%}5glѯ-6Xm1b}R3+{#H|'cXNj~&m Mh_Rڅw!v>TmY!Y#ts4i'6@4+j . 8%fنy"s n*ߓئBSrIs햶rAh\f+Dkn!oLAvVģ~c#=-KR46xɴ /vKSE`rᢻ:)5*(}'ڡ2i^!Ccqt Cܸ\f.=,>W;jp O ВDpeqeq_TtHV=E ҧ\A:+~\ <ǓIH)u~қ=hF75A8+^l0y԰v1jxkz[ZZ@̴B~y8VG-0' Qjv@5En!mڹ fo[Gt0CR-( ;v,g#BL2¡N0]ㆆs{in57g}nYF#b4oɀO27Gw|X*Yf0t35_>k~K@}UcAZ|`'B1I_/g="?KO H\L]k6RT;z)]|Y5Pp<,!qשּ\k;oQl.N(O$n-W=HP"V80V:ƕe2J-Ԗl?%p,qb:!*E_PK˩%8MgsP#r'm;R9W39t5C~^`=ر';JIe뇫=V@Ns1c¶AP( `AL 1lczBbF!AFyPSX!" G4DKؐ,;B8yguj.|6aXjk$Zo}h1 ʿpmK[-d>x:/dukH R䗘N*݊`]DŽ%zhyh(eȓ "qf8hH=;DKhΡʜJ^+d`JD֪1ܚkC4~䬐lX,G6MnMyu9 7};5TDdE~ dH}L#ӿD'1JT% th=]dMJ\SኮoE^N9DrZF1o0Ϝ6y{07@k%tT/Om%':@%_ 4mӥNsD͊iL?'n nMVz0$"^ǫzvV]P>Xrq(w#]y.@JRAه l(zʤvh2Y$`_G0=_c61n%Ix؊׽QK_KL\z=q]0^ɝ@݊s:u500q3C1[]BWő\ i"]Cjaop_X1MRH#= /Ӯj~V Z1l˲Ի*"RI؀ѷ؀"S:2.Z,1? v\jHqچ <t'vH|y! Diy?f[蕨&: _`N8iUIMC"?u5kyyIz~L%x&ME?\dKc,կ8l^T(WЏи 0F`ŊdwϑOsPc#cJ 8͘Xpk&IO'Qx=#)Ԉ݂ ug&FnjV2/6̉ZKta$[+,$)hT[!SNvoiH{q|Qɵ2Ns|ȭzȒ><Ϟ4D]913/ ~J CRTRi._+Ƚy1(LQm1L)w @#o\%}v (: Pftl1o1eS]YrS]i0RC`Pi3GK0G-C5 F-hEIzYtk:R%!Tu5.ܘ!|q_W'i*ޢ(QoSNmΣDT=bJM_ Q ֻX`]yd:l{;ߥMiA6,?%8F; VJn S`=ukgXPdEMg X K]tb|RQ]%(9t;"-b2D'ȀDɦFY\bHKX>qSX/'/ȁpLPS߻!}Y| i'K }]+<<;6׋<$`dٻ=un$i9 ZkF߷撧H"f' Tg>Ŋ& ewCk$D7Zef370<ocʑ0y[ܘfП$eי~*[jZ`D ~0m۝ǏTgbSh Iq se{;_׮Bmc2@ δht6X~>mqN$΋Zv1`y")'˸=:?~]89kter2mtIjdz1~5Qsfi341eCjZeF'q慽ACbINH Bu \T-ݰ3/V͡BKI~)Owzԏi]lwBI"ߔELMj%7ݫ*B^(=~cfط=}`9-sи,F~`RKB'ܳ>0 fNv2>p3 a Yx e`ѫiev LHT9AoV  D~)x%QEPPͣ[ًVј@uY"o_VK ^ZKw\bhU$hfd @w07ߺ\,b/Z,g= q{޼p6V7Oȵ16Eq54K@)b72f:fvwI 2Ug.ԍY5 !3tN!1-Zť#nGX ~bt9rTQ\ HY0LI'L珨#Pjiz+{/AeL{Rw{ NB X7-:܄A$,Z]~⹐(xdhD5IRC^;/<^׵HX-eq[VR:0[% 5,|LvvIJGD7JMVB8cs1U1%>N}Jx)R"$O;䍷֪K.M BlκlEk뷮5q@--_bF5#n&!$%Y,<93,hTf9Kb3|: >9-m w="]T/ǕYMl@s4))+/oSm" !i`_Syy[p;&.W?H-(GX6[od7 YԛW*? +!q:evPۅ'?KO֊G?FmvuF|s_;iTL#MS9Y!BYRnZ?v[tY)Q :Ӟ _73",'8̉4tv|,6D#+k .!$R't'iO8z^(YKGRm#$Fx6֝Os 87͢2'Bffe]p®#vo1*LXZhZR5N\\(Q@|?a+/x@O/8 cnbLZM:r G"[f' >H\ ;Ii H{p$e:qc8 -t."xg: a\\Eap9,ȣ]Ds9 }-!S{#q'F|ύ9P2 _"W]gՔtU/X<*LclT<5J[Zvu#0&{p fp1J4;S0y5vjD=A -y' Pdk~3@1!GN^ux>HaD/b#KJY׈qXγhiBvWvX Fj sF1x8Ƹ`]D+ҠJȀ82[eΒPY"ȄAmH r ?'f=tJAx &(% 5SNJCt( Ѿ@ V0,40\v),ʏ]A|WENjÃ\2žLiB`K SJڀ?D$5tFpcKHLQ1̘ԑOB[{Cͷ6QW־gJMhUXpat_tNYq٧3KoɌbw {"=W]ƮiyNwP=U3 )_ nG'znᨪHN`nʆ1yP7!VXp͖yAWg1ao]dCm+<NS!E*EP)""'aBj@^衩/%Ϫ.`o䕷g~{% f+/uIRX=Xuwt?Re|mP/ E`0DR!UHbn/6؂2/ߏèO۸nt_~ [C S74P5ggA996"0-J66lF`FKa) d0.pϬ M>-;S>z/2 Ȱe9{K5gAp_kiv$] 712> Bm7eղR(BD\/:p{wbyj8)qfJW޸: x:{.J HAZF_\U d ?踅%pv_ ՊW?h;4[YG@OZp5#6 ;%\ϣRƔOpkG#K\}OR0j#_VGH4Pxq :݁[y¼ x-UB@tV5BA;~liPEnm5)DQy#A>8)9xz)|D0|A}|Ӈ̣ݑPB3m@r, CUU+( OZpBEF5TҜOIpeoq9Jq׫\v9bDN@>;24xWn)m"Efm)lcBaܥqgD^GU;l1uʼʢ+[eo 0ri(5H>{q|qFg{uwy@Q>ZrLv-&~ 䖀>~ug=^x>⬳TUr` SxitM3,V}R ~&ﮞ_%1^$B#-p7X1'6sf[燿*iG8(8Hv==j52RΝpρnFKI?ԉ֤-OQ7MMhߵ׳Jf.;t.&ΕN'BH`-*YLvv)H~;WJMoRkp\WK#zf'G%F[v~ |k:=XiȤx::T2rr,> 7_%9.Ge]m*X7$GL~b[tGIŕȖz%;5`6.|4cIjARj Yj=]6ѤB>CC)'UQ/*3LJ778,x[]ǤKnZ`{^$o~n}6ז"3?[[+>k"}^"#snFU>>&-7$ί^R[ls Y/ȆUbIDǩq7Un) L3_Ej)K@&W)!G$<lf?d[&ah#EVy_8)):U9.bKYsod[.‡hmb;:QyM;5ꆩ>H[4|f{!{)q9t56({Z2)guc/;:KXgRO2| c11a#3rp9&{8-H $\fGk^$GK|ܬbVq :P=kZQDjυb0 gl525Gb>@4ry>i+nӛLnTEUTªҴID=dp$C4TlBOms[m7[WԱpwi>X>YF j9 V5:],A@C0=:wWmiz?FMX1%N"' 8/u~G $! QAxAU00h5 N 3|aE:@= w.AYT)W4}bG_6_j>6Qa)~hܻ ,,;)_J!,.D}·ߚ.J.Ve^alU"QtH91\&@|+;贾^1@߆JG9Eϳ7Zn[DU /(And0T^0 ˥Y7Lux3vo~H$L#l 1&pk64aB Z'umIHG$ND±r1z9!.Is@ͷ;F~z3\A`eJNb=s,ŏZ"#'C!ݱHuvdԊXuxI`aB˨$|I +8_{Aٖ&)fk,n`d=;|@UF񧙰Gf81TCڐ|+?kE>`[RK#2ƱT\zA27FAbɹ?xG̦U4%zc`qF_ gyؙG~ "{\(+e;HxQ4sѼ/KYe4.9p%h1rNJuù}"Zo5\V3C1+Qq*2,4:/,S9awAPj^ؘ8\~TzpdE43 hG=Omfi#'Z:Z3%Na0НEOCgʰc4M׈wzNCK@E$ {9ךmn XFl?C{BDCnl[H(1[ ͝ݮM6eW32 zG0.ծe[s 1J !A,Zj]E!YW`cqo0xҜEpkC^XŲK>l0)@"? F씋$+d^pUϙ͈E9nqħ04bx ~E]1ҙ:)Im(YCԘ b&2ď7 4f䭊Sb~^]1>t*ټXxf-SYaZ~Y_+Q\pFX= '+l]nIM^.ӊ²Q øaG]F"W`B7ϱ Əuc Kl8Oa,F1΄_KN/bKj#" TyS8KoU;WʓH1 1na,Xke/]JCޥ^ijcvXznxG7gH;t $hbK`,d!j?3NSPu/U$>9TKvl"őC;)02K+&֭8.8*@s贳vej12Q?wgڟVr{fGr8@{<ɅC֠}hD~jQcT(WJ 9bq`v:<%a'2Uq;EfrD$q3 晪kDjm3/L1cPFq=Ӫ@w<'WXīn4A-}$7ݱO7PXo.I/R 5=I="Ʀέ=Hu= heh6^!LxY`1O@tiTt[ZIGG\}jlucu8(܂3}igȕ$Ԣzf@TС3T9'uQaC}֘Wط 9 8x  Dc&zPՓEבFH`LiH,0d6]e[.>ڷ5<8Wc`fulm6NtJh2x Ʀum >|rn$ wA]Ef+?\W4u,j?OrUV&9€E^ռ+2K0f 6޿uݪ|ѷW1n 4_@6;n͠LCҧ+zzS=Bt#1@ cp'^ & }sl([#ai,q`nYXݕ<[r>2:4_z q@b#A%?fnqRJQpT;ZͨAX)7$1T7-A׀1 \<+@)f $I,(B78}yHdVHӧ$Kt/"-͕ۙ?4WH"bZ̸G!)HՕˇy_qW܈o҈zUF+03[h{!-d"#ÿy; 2ےJQ jrOekYtHzcĈgH2UVr$;m`Lb/b7x3tO."9 isz%狯N> j, fw\Qʎ/{׽oJӋtt9ٮ^7,+2xX}m ;I'{ЍLMszlG2uSRpPtOvAz6jKx_|e2h&7s\q,|G`>4-%w_D`!g"j(>H8C1o Shm)r$ !/!W6F0/Ūy𩞱ʩWZηbz`Ļ*z _.ÒL#LzV([{RL_Y ^ZK*@e^PW p xD61n <]Wbg~;HHw`e e;=ʃuru2?98vƳpy%tG S:W(A;[:TJOf @LǂVOؗ8/5 QcS%ց^&( 8q_j HtȨ&bP,2$P:/xad"__`k>B0[aMVjv@ҫ$ӓ\{zkxv5!̇BgNJF7xUqssÏe211"_j7,!GnAjgoj|!l4U/¥D+5?G!n0r C{NlRȒ!͝r)sߎ(M;J4#e5+/gZ(NR͈VszUN!6ZAcSQaəA:1}C#B;i:T4BGQoN+5C:kiFEbҐyA3]B1+0D>l~"VNJ]gYn$5:\n64.tؗ7V0o(iV%SF["3WP܈V)FExuc UGY#8oi %3ۏX- wF[lOr|*pIV(M^@Rk\KY]>\!0\)`Jَ<T|/F26³:irӼBɯO^*F$ ca :X?ܩe#F~w,jSD+CUNOΉ dݸGSTMgΎ%pH']>H#>g5C"4J/H ƘX;{Ϊ7:ЀTdICu.Y3"ԅ }HSa4RUajAϿѨ{0|=9=ݧ @ְӗ}$pL„nb5Eb0asۿm`,NUl C9KO<6FFƼ{`.>v<J>lO#(Fi~_pc9E5sJ} kxf@ZX p"-"HO2.rԱ7ZX7s&v_#BJ0w({uu;3FDH NRϻM>HJhoKAޖ-ew|˛[ #PgԖO_5BFoI,08BUp7>q[BQFXL{e8.&/(Tţ u@^ Y)%x_XLJ8ݤpkIjkbpubH -~kSĝQhԖrx'mF'sٓQ!ndjd e'iTU xMQo=g+J M}UdBBoһy =RΘurG;ov}͘;]En}ҧt$aWs=t"^]ؽraX`>BG!6,\[2odWw4 ! ~Mqeo]I'ye|Ux}! @&ӸUx+  92|Mfq96$(uOԘO;z>w#,s4d=ƌ$j-%n)`@a;Wl*8lM>>/hFў$pN[#롲 *;tDN2\@8la9*7mo< :X6PགX4o{R:fCn6e*_sD ,zчN SZ!{,e.w P|o}/"qb[> hRn',)@#:$YAu6)$!NkZ^S鐩QQ,^r5 gss}m,°RJAR^0c$BG&1;7(޸| Ʌ1п#-͍mEHB2?u"{yizOpꄯF&Y1;{mp;o>Fa Jl]3 fֿxȪU*e[M lccj]qA8΅K2 ޏA}tMaż 7i.^A3↑$ɻN& yj:%Ģs)8Z®_3ޑTg{`1)P)/}h^jᦆO6b8e˖_iwz^_}2љBz0~"\@⇻VdAth]X #hDѲ t|PvW `KI OQaP g,!lGÏ`yji{ 5^R>_ ;$(W9!PbSݫ7SuD]gІ#BA_w ׇ ' J ᪩_58`C .[ l[tx#K>E7 Ds6&yr>`Tjgq.M$nlׯR[ɣҋj-x3$9ujU=SP+ B}=l6nuԏ/)c[~ 鵻=u1C1Tx8erM\7ټtEsE9&]wXNۖ"dAmH}M**܋Rfa!*[ UPUzf,P jܑasi]+Ti}NBϬ8f^q>x1F{ϖr?=y3E׋Cq+'4XXq)~ !>޸ɜZ"4n5' FcA~RO3Ӈ! \^f҈n-.BPu!!&y9_pe2,$ jd>,;z75;OiGy~׶HN2ΒlFRU1Ŕ!Ŗ! {N\3TejҩDw_xΚ. "mh-wʮբOzaOl>\] i F7PH5Dg$2}0u w$3!k]/WnDGSpcYճm_I˼oʤ WѿZ,>:  ^g$-?_ (R1Ѡ0qv/nrv;4^6Ŝ P2--Wn<֔=Y'2ք/b4|EqHd8- HaNd{kaS}Zv0.ųmZ'\A3χЀJÐ, XXhj eL[#cV:RǹE5+%3:N2tkI?mw_dtQ@1'L'rVP .I!9R7i. moO !cx*vFG߁B!#'UQ,Z` AN@6!lyt}t ,p _bIf. uh[~DV+/~B1v}z_!BOzQCY*GN.X@khdSwՓۿttT|s>hhlMV _xʴ=vnwwU_OF}rMdyI?ѣ W|C=C;j֝hT\kE}}Aw` XaEkq`֞bÑ &Zp-\:rg2  {'X %:vB'-O[I|Z KKjH~rp$Mpj<<@~]7Mέ<tR T2y|'MF)y6',/_T.]Na{E/ $"Gn ׼ Xwjgl+6nǞF;53j nVHeE}l;&)̻Q`Fd#-FfVi/ ޢ_C 23A;uR7pXs`w2$̗ӡf"oY 3JOmOI(@V8r݉G~;ċfXY\w_ϗ 7%R^c}:者wJ[o8hS-ߎ}@SwGOq6dSCQaû\v&e'Q~IK?Nc5.SS>{Ə>JqR Msh 4e@8[b9:V@g\O3z_{˨G<$C*gY6"pbPtbN!yZR8y3HYBr>cE }`ty V΄V' OcŦ#;/iU@M5dSOw?2| \FSBTPh [TE *ݔ2fn~nC},gARq@Bm4b,gVTŇKWr&_,/u&AaAٱ 6f^{5oVy#Pedċ+W~H ;HngWp%?_ʜ=kL&KC7$|ؗMs'ca]>z'o PWxf5mlW۝~qIIزYma`W9"z9H% R> rX3[e֡`;RXS_^^:4bEUc |2oa8Os|X9Aӈs3PF'5+LD@ʐN1TOk(nE0S>:K<[`PkrҘF.|$ Ή?;$n[@Wh?* ܡ8-Si<&3‚N@P\~'Պ.Ig7Q^.w=„Dsw⒭G%h[S"K1K(=G@I? Q\$<9C;Zo’;,?_5byVShfjb?Fh6N˼&ksWQv{)o , xSt^)xݾ|A&0ܒ0m}{9VNX8q% 񅧌vF;&ҿ__&bH4:?qȯy>gPhjd_25#ǚ8Lܔ \k$hkg}=~c tk.$orBqho(02;L7SK : ob#G(S͓|$>:XmyE*N'ღ4 cC{m:\H5> W,!g?*<>nz#1AW'-acX!B')x3(ZLkC7SPcJ%zK4S_ {Z`W jfN<Ь`YLAqt%4@@55:ok6~DVw7I +l,:4W!*MQZyiS渺fi[ݹsݸ{޹;8yE 'bDd|ͤ.i֝Qpbddmo TvS]>m[.R23cG.k7\x3L+k@8卧K6sTsA+;RKv*#D E ^AZeG?"PNܤ=YfR>6o5|(;UY hZ]7= O2Q!zJlnG WA47O;M p Ώ$A`> }hVfuJy[Zo|p= մ8ML~9,K˓Mdnr[Y qY03@r:X4l8+FиRq"{urDL]E:<4GzўvE .:'~気. | b2/(7m; W'hX)Iy*BR ?0 |SĺzHpH:"QҒ 1E671{w`tAZja}}3I'A XDS-IŽ*΋`_V B}ArU$wrZ-&ղ>VN W-7RveqmHԤVhO6G gU^#ƊB.G `Z40.4gOSФftV5ur4&~@y3I(vYH 9z vc l.Y1MP+ڠz⌜RRҠ'OAJ%^Vݕ2S3 6Bu {[knp8fFӘٹD.in 1㮛eBd+!zFd7`njbm}#pT# 7)6*2aDƜ^hsxQG+l6V6\ı?jgB?c%7nzs{{Ey6G-`I>gYﵻAQnU3Ț"(/Ѽ2e*r=a] jo5Wϓv(>i{d,)Ci {[*Rlx%|5l._)z!0~8Tta}(GړeK>o>2. xB>{i|+iR*uɥ esR!J <TjHxM\ .#<-zP5\NհOYBy 8cǫ4 zwͩhWVNsp ꆒL8g>"FSVy9j~{~qYCRd%Fr2i"ǖF1^k32%a&Sr8mX8&eJ}r"82RW@7>卝RMfj})f4CZZ$"|wJ,~q/fSC,$} zErRRgWYzQ7.F9M1&l%VBQ.i-̺qT(l| 7ZzH4+ÌZ 6絣돗Fu IB^>K^gM^ yMoumF2Bh#W7!k%=*[MlkNFq,ZLn?♻ bu#y;,F=ljBKIKm*X1gFEuK+l7Mٺ#aJ.ܶSƺUzT0J{ɩ"P~p7VC+[u;~rU=a-3-Lfe@'(iDQ /2wXi3Y=[MŠN Gy]00 lc1LiR![0d-k`\^.9 W_A; 4|ʇ.W/W^7*sT"BŞ O#~å*}ӜRԊ>hR`Ц9^:Ye'N^/"TA񮨑jޗ0bSPdjBBG}D< mF%<90+3`::JR6hJB8fTFW]RǠK,:U$47!r x, 鑁'iߒ DKrtTViE<"OmvC%cH@891Lbr&, @wh.#f~ߣLjY-X2׿I|3w 7G`̅ʺMNiƶo/BQDV3hXXZu};03g!jtĹy;-3mu(x3!!INpPYglZ_N!e'O/aUԘHrg8` 's/k^8tȺGXSC(]N]8źX 1,x[O|ș(SVblY5P|cI'iX<۠*24!zx6X檏 |~ 瓽N7k'hr#[ x*uu^~5Z V/`1KmO~4Z8tbl kR9j0n$?Rr5-@@YgG2.cu$xW7- ";DN3gOf{U^KP:ԴP 27M$ f]%4==/oJ=^LVl)k~~k j"J@"J9R c%}ĻON㴦j:cWTʼo o<\ӬĪEuܲ<5.3Ϯm遙rNUFɍlD*@]ޮ횴b@ $M4V5\ۡVDv6tTog9+&ӏ~Gj1}nYQ8Lbk}lT8ğkGkt*x~:?JH9ͣix =I>xgy?Y`鵈M̺VuToa(Ƚ PNfiśRIe/Wƹeת8ϔO}g/Dtbn$Q3tPX1`Ƌd#rYj#yprR~*VX!ak|E0-t|$FfwyB,VK94^)B5!f8CRdȴdnKDOwZvpN$v /r[!.i !M &5đlAzϯ'IBФ^sN#3f* ^5űdZ& *lGe$`_VÎ)l'Ovhbe\ьsdJv]sBW lhpb*ylUiǷ2RZ>bzm/R*/e5ZB @1Nз5Eu6jaV[f#ҁ3JK8MO4< 4[j_7Hy@W@z& +B:s, cwEdYqN.CS| xQ֕<+ 7R4DQLE9C*[d&p }i>8]G]OHISKBQšuuQ`%ǣْFJƢKӟ}Ip#arf =,>f.Hwͪ8;g4A〒Cw̸PgXECN.7PZ- }Swqmk].h0%,&؀| MqA4 E4ۭoћWcD Zi  wy\j`pl&lcH+3tǾC7Yhm.PQ&Q]*2s-`{2,up8]\nf"S=*UdO_Z3q6pvEOBW0iŪʼnA6܁Q\?Q&Є7ʡe1( 7O΍l[Ƽ@T00;ڈѶ`8$FBAYX~-%uho"eBVb;Aܬ,o)b癵\ f_B6&Pi}gv݅^#9ʮe%UH$\((.gN±Mo"P36od F[t7^3LK)]")I|P>aܮJO QpJBM}6Q`r6ښ h*=*JEg-g oa/$}}4+eu)`s}>ѽׂ`îwLm, UV;v=:uC6x}T`Il $0^1|-aQpy9lf֮zf~'#೗N/Y K-:*Hѭ^?gXGnZąWے3pY1{XJ  1n(aOȞӕEiy̪l }1] &a' ei3`O",CIv^ԱIA dPVrJW3u<:=l] |$w4TU)*JI={00疚}\{+[qUXYf*v9 /}$'NEigZqƒ%4Wo T{ (THp^z?ܾ_e,׽.?Wˁ f ')Ԃ?b́3+|\i95Z{ nhG#`qM+mT `l㞈B;Mh<6_ FΨml{ԎFi\'n'qK\,ٌ*fgИx djuRaTYQ|d)Ú%A1TZIg?e$w1E3uZ:NnBZY0|Yp^hco)Xg2ŷKξ0ϴ{ӢTKv)DwyFC-Pɘbqx8vQIߥ_]p.X֌T_v~m_d*lF)IX\{ga$DT-I<9ecŗ:޸y0Dh&(^Hl.쯀t71,{L $9+ N5yK[Ys &DȽ >ņ4SEya|ŵYMS2^(stt-'\iK[Ya7i6 X Pb^snk%[Vhs^Y.QR=w*^i`ݱ $;&Uy;Vq;­-vUMن?_eoGuPްw',(73?KgԿ#6<}P#=ë3Ӆ ~/7 *3!r''L+\lj5%AAMr1qkGZG-N8ʸ4[e9Z ɅߑT/ڢg׷oU?2yui,/6R$ h^<&6F m.97-?$!~O6"z {&(Cʰ PX^\2t6äw5M%B׵3GSw +MJgj§RsKs_)͏ӈ?bƭFliR}V/)!*(: it@~齮=D|~ `Y 0/kN8:熸:^`gbUkCSe^YwBK,@^ IWqv9f4[: X8-iq̳RW4bXB".Mm/\(iLɩ-ZPĆЦoSI˃H骷'Cd)'Xg*jJ Ckzc8'}& aMj*&ibUZCOYu7m&Ӹ13 M6EjQ|S^=aӼgF$:ŖABj\, iu2 RU$eԂe)nM /="opj ^#f]&h@6x |C jI_eJAx֬E :R l%lLs>bke%]!>Yz+ ӖMI^qun*5߲)gM*tոцB9Ѱ+uzK4y믤28 `}}b%BT/YL<'HДVɱ!W0XpZv:ggpua&@{Uk!_`M X](O4r)P D-zKV kwS]).+gBVp "N ].TmPi*W6ENOk~geGsMښ%"4.m?jB@45;ΑPlZE8z4d@V.o"25!)[C,\ذn46^kHE S՗Z!pʊ= sE}e<%q> ۀ*{"~%@8? nWP'efaJs2:H5ŲA")1oEWMp;X$)gN|Om;y\U aѷs[!NP/V3SM"o> 2|ULX%%1v .7 “]`))tR`5}Vtvx!t7zuKc* 8_:E=XJ\#ZpZc\OثLV_V1Q,5<6`y6w[ѶjsK*JS8<}RTbV@<@DO|u٧>-揇c q':~5ȔP 'Nǚp5 J%d1JK:ϑL>FoSzD]jmNHt"0o.ښ)wqqݙ=c4bpzʚtt:nk3^xx{+K vʜ0og(B A@%(d7(}[!t0Ў0y t{crbFŭHvhs=D)ŏH0Y M"WV+G1ikAZHQ<׈v{O@Nby8=,[%,}1[bkk>}hZ ]{aCU%acAK{R#-YeT}Я3 sQ'-Uv"D,~?Dٰ&70C;~~Wb+P 7 33أ. A ,z:)0`Ȱ$AP10Fo-F[N-ۮ\'v[!uYڐ2z'gL!5^Y*!|#=e?1>.04GlxLǴ)bihfwWЪg]2BI˾YImElˏO@LG4۽ɗ0ׇug0T{iʇ~JhbpowUc#p͛ơۅ~ԋm%D%H[qZ*ԗyD~ K6i&:odEzU4AEV~h=K#E׌ Nm?.V^U%dR+>ڎGd[Er ꣎jȋ7x%KvLU) L /HΠ?fĔ7rK~V#(0|o+~qΒkdpvxF_ҁq~Nl tjФ_4kg0$̞hT)7B~Ql~ۋE Jo~{Zu^- u. q?M3jyЖS:+ͽ(k;< y18ndC{{KW>*I g_;4nI>_82d؜Mw~U/ךNE6j&As+2vzf\mMN>c=Ymz<{W|p|ջ%3W ",p/F?]pc _y7lRu*H]e%!zُH%?nfXY*'rEv% GVBq Қ۶0w'Y] w~ Ϻn%SJYZ\#ól-{mƙ N-@)z;y˯SBhcz'+ l&9H0.S\3`[gD : hbC=xnVmU#n pn6/7EnFf˟N?# ss_XqLm| ҳNmgfse\x [`W8X|y#MN"g5R\`ࡷR >s(ym 3WCЕ_9kaDL+7fp F/ YQ09aTmTCS}ON"h}>t4+8̷ZEhVL؟SOlK[e.ASM^;WyG{ǵx~<0-LB 6)v2v6j`\a/3{Y=,[++f q(cwu]#f'yw |R\ T#Aޥ3.vX_{?SK.M?sDo]I"*n|OHI.O6nELf ZRFu\Q7YbzpX1o68@z̬muxNKxf\h4gFE'}S:RAhk1sɩ6B{x0c!MscMֆZȂc$GH uu Jf \/nQڎٙ--X[d|EKU)%bWi+GlI}x0FsC.Ot_{a $Fm@^%8G :;ܵ;f$ySmZJ0WcH]  TqBk:5jƞnc3 nohB4i FltELd2xj bAw\{פ0[68j967s v twy]Ru~NX*(tRҔrn>S$2x0C1O'|?.@i2I1! 7?P@m)djVÁz\y" Ү(uNX!l|vlKb?b+̵ [Œ1ڬ.fT5QJGޠ[[Rm5xpL]~Vih P; .7Xu欟dLEFde ١}LK$V`1;2|˫ ]%SB_;}X,[C4MXS*I~*-_HN1Tg b='Da BvrB)g[N3G}֔3+o*3wR* Q4n&M>q~^~V)7H4yGeWF NM܁Di|> v?3c,`UsKnuVi(`?֏SdMBBVg@WD"G勋3AؔZQe9>-@vE*UrASʋepK: T0rxf**¼ڰJ9ѥ}?(P̆/"o &dg|TjFYkۚ7|5Løg ؊oGG -:9ΊެKΩ!:UV_ 5x,.̦@*?zcdnS !Au t[dlwQVT˪퐹}p>E,Kyjsvtd?w=b\[r0woEuhIWhH$N#uk e)'Oɺ0l2J ̴`lawB>ۡD|P>zS}PoNP_f\)BА«_on'%Y/#b$biA1ԌW}n.>|fw @ Rꂂ.!'rYxmbWm+ 8~ uQ2T| gMkn&Z}nhK;تTJO°[\nfZl`6Z(=&3we2dَpS@%E5c#Zy*IT 4Pi;AmDfjƏ9I}D^DE3tH]K{=~so8 FhtEVYMd =BZh(gX@Uj4*j0mBG84>W mMP#ϭ1c3|MBrZG~z+ S_ƾ`H-봊:dbH8}sھ# +ƉLcugțõ*}ݠvȟ@U O^^V4=p=WA3ןaUp8-c;e;vE"[P?$PruPg}":wr*Ѧnw=Qq*mOh 2(\Ɯ)r+3$rN{EY꠼#6jM¬F-c5+ ޘQs>3V`OTPwИs+k+kgs]"J ?}e#^oe|y 61`\?;f=qU &mG]kn9$EW,jHt#1qotb9j+f<4*m0@6ooo^@Ð4c2[N_ÉPr5' P.ݕ'U!/m_(Ⱥwkuu9z G!IP@#g+BxUCsYbԓE\PY(Kpin go/VN ?ĭ]]224UMDдY><7sꃥZ~C~|ip'̐@`N}f 7Ѵ4n51mUT+X&2ʳFĿ㰔|jj#g{76XpTeo/&P-}Y XPTDƌpku~^P$< =lWٝt񺓾<`/' idHMhbHUVXJ+܂Bv=M "0ނ_"bvs[ _ L8 {wEKq;eAr?}`I<~k:L}$>GS[eI&E̒+h0|5D4M9s$d*Tq^Cu% } ⩟WX+')Kr3p>g*矅-1n7`J wUH ZS1 .}A+?Ethnr,t-~`PA1e L$HzI]IX2ԫcmUf|xd:!Nѯt&ŗЖ8Zֲj'Cr"죳1;*C`Q;6, 38HH~H<6(*x8gH,؍ГDB&VZ+QMö P'yPE. ;y UZCGsE,D|Շv֔͂ _~S!߬/4>q׾}#GBߖGo返$e OWP%,sOtTvW"U=nv?iMn?ULf`dRj蕤U;ƣö.Ѷ) v""iXmcnj`4gn@C3(ۄMb#zLH;wɫrvv7Hjo!ݺ 7DJj%U9Sւq Aݧ/`30;9~(/FfL0gYto3-MqWOͧgZIUx%\0ivJXIuz@%8ō zI䉶3"ÝZ6F.hV!;Kbo7̲p|D(2%%h%>iCrv2NC ?5giP.qpT'ekOěM9TނhЀS`v%-x3D^(7' /g^pndvL:?KuG@uÕ$|q该w/G95'`eW:%溷1Lũu G!||IìR%ǟQYU0R!&&\Ib5M~x%2t^*8&Vơ =өMh*a~(2ȮQH$/aEn/$Wdei1Ͻe\nmwG(TXJNk<6E%/0ucBX$[EfJzu0S1rP̤1s\q%٘`&`"xQt@cU?TPn( \J )I>t}tBAj? PM14>O<"N4ZI?6F:SuMNE-5u(/ݖp.9WabWueB*O#EU6ؚqprK**A{XyW^r+`7AVscx0 Ny&xDVI#a,zXV#,+tiEBm*xYhKoCy٧K;+9zZ#r )pv ."E:k|ۘg78ä;)P*}ȆxH}/辦XE)Gn 1:Q`δ%J~sǒEHZC3녇pSރNGX9 ,ѴGf K!x:Ox]&"bGy[ k&ZT/w5kī`h*H@X:\j >)OQ!([lX|4Jɠ2gFHXuW 5T{Jݘ(2m_kDĕLLW3(n \;+f eSYe5z@[(6W4&9D9٘V4' %iM|V-ٯc S[ khTGu3̫R ẻ&wO؋AaUcTm"\1k{vC+m"d_Cz,]ǘ2Ba¤XؙݏC\Cwy2&܊dw|:r*M8tZZCc(ç ى\p3˽3꽐\-m7$a"܇ʛ[=Ob5:F!0 q9{=_0}ޙ Le0'|'&-2R,(> w|FREhk;r/8IvsS'[,q[m,p@:teМBBo^mgMjrkz`/NwOI }wdɋm+;E:NE>s-h# {G|9'ѯ>i+W7kپYʌ(1%|G@?7*2EcIn4 k/־ X| GC+vH.K6U+࠳jh*)C;`.X"]m,Wŝe7Yg3rԩpd(o^Afx]B&M)KhzWy9`W^Kwb/%Tafq4(E{KsAR[UQGaj;kV dƹ^mί,kT$gR+,-gi^4pbn !e'{6ј v_Jov%gwש9qNփY(":P/c?]xW޾4zA~ξ6BPq栃חMKˠPF+ŶN/X9&O+Zi0hv~G樢pY:YӍ|C~Q$55Ex?$ hFy{!2/񼮣#Ijl;OFZ7L m_%baWMO л{OX*'FhtD\/C].JK.grW`X\(q 60-}[OרN7 6BbIgLQjc=9sAp [u7ugCnZM 2 >"D o(2j]$tYWfB Y˄,c:ʱI_ Nv'+*ϝ ;#$Vșzo%)ķpEUc<'| vj{kO@wb?WY.ż441?>g%T!WΪB=ԿaMuD9_k? Bj0w9+u[ }Ȩq~vwem_tDA'yPJ/*t 5d*Qa1+ +H˹QÎQu<-NB8+#RZ6!WYA4GtA=~*k:_bcC~z{=^3/Ee?jš|e/3O LM,9w3,fJSY0UdoWgJCU03*C.8s~ ,JΞtXxRcx1a䋧Ϋ3I-'RD¿h)ߞn`T&i@삢Gɩ4E{' Z{ -K6|Igu%oekN~!@'EYq!gf# ~j<©'LoDPqb@0N pFLߪt.?4Kun{S1pJ% 2gL}^pm)Ǒ엌&3Iڏ{U>a=;kpRWҭ^o=E::Y@*'汹vSyo.x W}nS6emynhN{-LcHxPU+i ~+EtܹXU ӝ>I&82UϤ Q=R8T9TI&(yzB5vb/WrEBtزg\G=ꎇ"/Aiwm&k&FwRsՓ͛j1O ~|8N]ڻUK!^_$yR4r,(4T+dOyi݌V+<* zeJ)L)K?gtHv6%+s|64(&)13Jjw |q"_*XEӘN^[yDuME_h%/IƉ}95֔ a+P4ڛk7ǻ}.\5+ a0b}Β$٣ll~}`N9w[bxρIn'%(bR%nm =sycfv9ʅ1Tts9kx¬ )V_pߗrLo3Xp4il|瘌Ҭ/q|hNkL<  (j=-5S}4o ytӞ0Ҕ5=94gO 죁>ViC6EH{dM6ڴJ,r膞a4qS b2.o5ڜ}iBX*jMzEw,O)j>8h4 R[~[>C '{J0&"s´ka1p!ozx 3_WsD=s^߲_Pv:;JQJ+b3 RZ QuGe3/EZwE,({/s8/Y, TG|.r"P&/!?؏Kj,%J!^AX,m6֢ꛎg4-8M1 d |uÝYpC?icI#:dEQ@<8ȟ98C9 h 5;.{#h>2ߞ]dp>U/]3v&zY*='2iڞV1$7/ (Z,Ѫ'~piLЎ!ztJMsSJN_ðZcz21xg~"Q|((z. g7}89(3 φz;P3ZZ}B#Xm /E0p9ئ7BeӵCy?"/AIp z+R$ PJ;ܱzߋI _θQXN&.8c! P/qvW+Q +xʆzp [.W=Z'V@Il1ѯ3t /_7$}O_JK'cFj1"rdaz@z"yAOw=ݟ.# -e_'ĽVu%F#pgQ.y(!XnȻ~meQ {U)TGs}gmk%9fqTR C)k>/] W.})Hh|5+aE G[ ڰJ?>4^һM_v,\Ltsoۯ0ZQ.PL3'\W9%:Z#pG 4h߫kCxJ|}{} {X`*cCzϜ"oGK(MLK`? =+MٷgY 3ǝCg̪!KJ&%˗H? 6Jz ڭ,0-%*'~𺟶my;t܌ < sc8v^dabE9CQF QBĴqNӐ<ֿ `1߶ I4}EmO$`➽Q)N>bי W!,7jc_x0 v~!A.rgMtxTopmwR\u;Ǽ;8ؠg}ϒ3V{硶ΰIު ի]5 =]y-r+֯r[J\[pt7;5J()m5_\@ >vlz5HfUTB iʗd\HCoyHUN $gEeXފH; a R-i.?9lH\g{:^mXuWhJfI-@O&i|"rq~韺VL 1I:VAn`[)S:TR!3m3;-uQ]\zD@C-^H hWN$5tU1xVsRMl!saPɩAB|vvd*p+Rg|5c ufǰ4syZʬek> SJL A3hP^R?H*[sF%gߚtܙ*Kl$nż (MX9PJ HPw.E`#ڗ,U&.^9w,*JUH8&I< ڑFF q}>}64 oɚxbϽhoLt$jn>Sջ+^SwoLrїUv%@A=Nh8ơX̼]ZG I kPL_k$HAf6N6h9SNvy $-Ui껏nV=됾V7}RR%9;T':D}1UD2aϱEJH7*FtvL42Ps v8 $L6v!5{e);zJſHEoz7@s#-p8[&ͪSV[G ec8'LSlVQ p ZX~\<>,0'|VuU_ZhqLbS AY+$bãyP]=/]i^?q}PmlϢwCabF]m&1g0K(ptb q(qo|gf ,)"mKܪˑ5ExRʓ94\6Sy~Bc뤻XGa(8ToAzXNiX}RpRuBůMI]\qd`/JSgL `չtԄUњk|ܗ)]k/&zQTiۘ%nGtrKPOTJ95# Wi WI7:W2':nc>fyw%WY/`L^HЎFz:fd0>S)qH=ZEVyPjv'ɬ0cjFjN.^zi`yޖ=WPE8-ޔ z3/?uG) Wt $.M؟*Y@o:]s" Rg*oBr<OǢJ+V~$M̿sU+gM)mQh}PBpMXf*А&-9fD8̥t;YQ/eR[ ZYfJa/jtՊ"/ŕhLzUkH">c n/n畽Ne2cS6G紹\AVjV$T i 9{>: N,l7aJ"_10}Wi]L[I śfdY HXR8/FeE"jݝ+.3|i@Z@^}]1;n'M6$:;4RUrmSR:aRL )7 F|Df!S|,as"y/bYCPKv'f ,{v%C _`1Sw4 3Y61Iڄi#ib[d>:pݝ,)yHѱOMltNmkAt8y xTTyMNy ~`Id_BHĆk.d3] 6iǪ &-i3}aso-*Ɏ8G 7OvO 'BsI8hn7' vtdR2(7(_՛؃t=xl5ցd8wU ?;,>ӹ veCKQf"jՇ0z )-kZsnr:˾ףv4{4ܱ|ZVutጌbC-"{ &qPeW`L̪ȿv>x!ȜBW_${&#P)SY4=mvؚ6D!s2뙫LR|SpP*<$q _Q#yZGVҁJD k- 쬀ԾvNbqNI-Y8i@}/h hE|wd1I\Jʰ=Z/ dK{^Co桥lWR/_vyo{>gİW8S (tkߊИ:g^X{Rϟ$7p/-V~놇ծK!XOk Cex=ǯsџTM<)JmEЪؐ,p) k9ɼACZky&XYb%tM/t3jꮲ${b:lk 8H#/8=+d#+ELe)!a$AT#L\@#Z D^ȗ VVTEƬ5Z%W=Y!PF,Gᘄtk\*eeY%A7 Iʘ}Ng0u5`iK;_Ltp+'äCpz+v &tMz_ZCZnW.}(oA7|ǃf 7/w%EOqwSșc?5C95sҰy ļ-wϑW5Xuϟ5bMau'Ӡ1O3tp;?ވn!NV(UE7M6,逪ٱO)p&Ƌ̆QAOd&\ d!0AM pf e ;:-RZUI ]x+ $qv%Ehf3cɏ;2 ПH,fkU'X] L/#Q_(U]uM^@%ڐɫAYAyOEj()^_aHBIz'>_ϡ):ڥ{ ្l6O2QԄom3#=#zo rfMzj ^|4U5'=0lcGq kO MDV|ZSE4ZJDYrt0ZDY.a 9U: KhpBG {ȳU 5o5ўcJ )jZ3IP$|L]ǥ0.&QMw[lj3mر8i~qn'vUx"pCKs 'y.='F Kbgx={K).#"ͱ|nCM{#?5ýP|D^uc= X7x$~LsFV%4"-)/\֥U|g_L"U-}!~n_@ÞX|E]j B.tMI'tVQ+aթ>q2Dz@ u&?0RW~FZg)궓a]Ɏ˘@U8P"8n2Kg'͵|(l'vWPR~Z1 oٝQs֭q,J7\[oMMUA7%WJY%J:ǺW@RQ#&E0&"(9 *\"w)0ꄿH9-S&Ȁ:ک#c_̈́~rg;-S7Dbz4$H>xޯ;N)߈S(ikQns-AeV>>3H2%`eFA9 HeMbQ/ E܍/CK7yϝ2mh)q/E vfWmŽ& 쯩ԃ)o"C_g: ZbC 9c::k7QX֑?ӵoUcObtc\u~]!Ê=F/қ+KQKzM3w /_eHwMD 1F@׻2^QPVH)K6&[+mA n9)jV![s2TUJԴ2ZّXTR %b#|9LlGtvOtADuLbYr\im+ο{'{6Oqc͗b-y nD_j*$QP-0=PN͛!dZ,{rF/V{| xn ޲l4|d#s8TO<_WkҾDAJjvT=ǬAB,W[9SU$\2.,A$,Mt _sḥ"#bwBM|rś(C:$jhE\DkJk#2H)j!*5jMֺ4S7\rJz0E iIiS|:CϚ{@Ulfj`1>KW  +flv</n/יdp&ub/$tSCJ[Yy盘ۼ"J&L<#]Y%7 mҸTۻ4kwTJM~o 0u)WBmIAc-2l"'5E? 7_.v_#?QӖ6}慹ï%B n|BtY6 N}Κ*>nRf;什HA8'7dC8L[fpP#."ivey5^C)䴃NQ[$u2א֏GP$2VG+IDc;B#{[!@Ҁ,3D]+i*v`V $[ lk YZ