������tomcat-servlet-4_0-api-9.0.87-150200.65.1���������������������������������������������������������<���>�������,��������������������������������������������������������f�jp9|��&�!uDe=9�t^n-q3Ev\3�Ͼ>Pv5o7p< jG./A�0r�� ʫEh_%B|:iyɟ��3�m��$5x~FpӨ+V�")�t;��{��T��Uv~PD�vus[g➚�Z3:5;}S�N�X�!Tng)ݴlV���o\"
�4(bg!FsD�k^�R/@yrT5]L1���>��������������������E�����?������˼�������d���������������������������������������������������� ���������� ���,���������� ���]������������������������������������������������������������������������������������������������������������ ������������������/��������������I��������������O���������������V���������������/������������������� �����������4��� ��� �������F��� ���
�������X��� �����������|��� �������������� ���
���������� ��������������� �����������1��� �����������^������������������ ��������������
���������� ���
���������� ���
����������
���
���(������
�������8������
���o���9����������o���:����������o���>������Ź�������@�������������B�������������F�������������G���������� ���H������8��� ���I������\��� ���X������h���
���Y������Ɛ���
���Z�������������[�������������\��������� ���]���������� ���^�������������b������Y�������c��������������d������Ƀ�������e������Ɉ�������f������ɋ�������l������ɍ�������u������ɠ��� ���v�������������w��������� ���x���������� ���y������@�������z������\�������������l�������������p�������������v�������������˸����C�tomcat-servlet-4_0-api�9.0.87�150200.65.1�Apache Tomcat Servlet API implementation classes�Apache Tomcat Servlet API implementation classes version 3.1���f�jh03-ch2a������G�SUSE Linux Enterprise 15�SUSE LLC �Apache-2.0�https://www.suse.com/�Productivity/Networking/Web/Servers�https://tomcat.apache.org�linux�noarch�update-alternatives --install /usr/share/java/servlet.jar servlet \
/usr/share/java/tomcat-servlet-4.0-api.jar 30000
# Fix for bsc#1092163.
# Keep the /usr/share/java/tomcat-servlet.jar symlink for compatibility.
# In case of update from an older version where /usr/share/java/tomcat-servlet.jar is an alternatives symlink
# the update-alternatives in the new version will cause a rename tomcat-servlet.jar -> servlet.jar.
# This makes sure the tomcat-servlet.jar is recreated if it's missing because of the rename.
if [ ! -f /usr/share/java/tomcat-servlet.jar ]; then
echo "Recreating symlink /usr/share/java/tomcat-servlet.jar"
ln -s /usr/share/java/tomcat-servlet-4.0-api.jar /usr/share/java/tomcat-servlet.jar
fi�if [ $1 -eq 0 ] ; then
if [ ! -f /etc/alternatives/servlet ]; then
# /etc/alternatives/servlet was removed on uninstall.
# Create a broken symlink to make sure update-alternatives works correctly and falls back
# to servletapi5 or servletapi4 if they're installed.
ln -s /usr/share/java/tomcat-servlet-4.0-api.jar /etc/alternatives/servlet
fi
update-alternatives --remove servlet \
/usr/share/java/tomcat-servlet-4.0-api.jar
fi������������Y�������������������� �A큤������������������f�jf�jf�jf�jf�jf�je�f�jf�j��b74fdf12cb8d4f48ce71c10b4b3a0ffb1a0a57df80069c936acd8f49974bc5c0����6f939fc48667e2ddb1ed62e9902ff4e6780b1c4d72543b9175d22609484a88ad�264f18d7d0fa5de7eb358c6a63a204e91c86bbdd719206d0b7a8be218ea134b7�42633b0d9f6c58bce567bac4c39ca161cb31f7f21d42fb9965d7751e81cfe9d1��/etc/alternatives/servlet.jar��tomcat-servlet-4.0-api.jar�tomcat-servlet-4.0-api.jar���������@�������������������������������root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�tomcat-9.0.87-150200.65.1.src.rpm�����mvn(org.apache.tomcat:tomcat-servlet-api)�mvn(org.apache.tomcat:tomcat-servlet-api:pom:)�mvn(org.mortbay.jetty:servlet-api)�mvn(org.mortbay.jetty:servlet-api:pom:)�osgi(org.apache.tomcat-servlet-api)�servlet�servlet31�servlet7�tomcat-servlet-4.0-api�tomcat-servlet-4_0-api��������������@���@����
���
���
���
��������/bin/sh�/bin/sh�java-headless�javapackages-filesystem�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�update-alternatives�update-alternatives�����3.0.4-1�4.6.0-1�4.0-1�5.2-1���4.14.1���f�eZeeПe�@ee@e@e)e_>e)1@e�0@e�0@e�;e�Rdld0�d�?@cc@c@c{h@cQ8@bγbbN@b�!b�@aa�aA@a@a{@azamaamaama`X`Q@`OL@`OL@`3__F@_�@___FN_!d^@^�^_^@^Y�^U�@^1s^%@^!^�@]҇]Γ@]4@]?]V]�@\\\r@\k\j@\Yz\X)@\LK\?�\8@\'a\�[v[u[@[@[ug@ZZ_:Z!D@Z�@YYY�Y:Y�@Y�@XZnW�@WiW|W'A@W�W�KV�@V2V`VA@UlI@UlI@UlI@U�QU hU hTTи@ricardo.mestre@suse.com�dcermak@suse.com�fstrba@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�ricardo.mestre@suse.com�fstrba@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�fstrba@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�fstrba@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�olaf@aepfle.de�michele.bussolotto@suse.com�fstrba@suse.com�michele.bussolotto@suse.com�michele.bussolotto@suse.com�wittemar@googlemail.com�wittemar@googlemail.com�wittemar@googlemail.com�amehmood@suse.com�amehmood@suse.com�wittemar@googlemail.com�wittemar@googlemail.com�wittemar@googlemail.com�amehmood@suse.com�malbu@suse.com�malbu@suse.com�malbu@suse.com�jengelh@inai.de�fstrba@suse.com�malbu@suse.com�fstrba@suse.com�malbu@suse.com�javier@opensuse.org�malbu@suse.com�malbu@suse.com�fstrba@suse.com�malbu@suse.com�fstrba@suse.com�malbu@suse.com�malbu@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�dimstar@opensuse.org�malbu@suse.com�malbu@suse.com�fstrba@suse.com�malbu@suse.com�malbu@suse.com�malbu@suse.com�malbu@suse.com�fstrba@suse.com�malbu@suse.com�malbu@suse.com�ecsos@opensuse.org�fstrba@suse.com�sean@suspend.net�malbu@suse.com�ecsos@opensuse.org�malbu@suse.com�malbu@suse.com�malbu@suse.de�fstrba@suse.com�malbu@suse.com�rbrown@suse.com�malbu@suse.com�ecsos@opensuse.org�fstrba@suse.com�ecsos@opensuse.org�dziolkowski@suse.com�malbu@suse.com�astieger@suse.com�tchvatal@suse.com�malbu@suse.com�malbu@suse.com�dmacvicar@suse.de�jcnengel@gmail.com�tchvatal@suse.com�dmacvicar@suse.de�dmacvicar@suse.de�tchvatal@suse.com�dmacvicar@suse.de�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�tchvatal@suse.com�wittemar@googlemail.com�bmaryniuk@suse.com�- Update to Tomcat 9.0.87
* Fixed CVEs:
+ CVE-2024-24549: Improved request header validation for HTTP/2 stream
(bsc#1221386)
+ CVE-2024-23672: Ensure that WebSocket connection closure completes if
the connection is closed when the server side has used the proprietary
suspend/resume feature to suspend the connection (bsc#1221385)
* Catalina
+ Fix: Minor performance improvement for building filter chains. Based
on ideas from #702 by Luke Miao. (remm)
+ Fix: Align error handling for Writer and OutputStream. Ensure use of
either once the response has been recycled triggers a
NullPointerException provided that discardFacades is configured with
the default value of true. (markt)
+ Fix: 68692: The standard thread pool implementations that are configured
using the Executor element now implement ExecutorService for better
support NIO2. (remm)
+ Fix: 68495: When restoring a saved POST request after a successful FORM
authentication, ensure that neither the URI, the query string nor the
protocol are corrupted when restoring the request body. (markt)
+ Fix: 68721: Workaround a possible cause of duplicate class definitions
when using ClassFileTransformers and the transformation of a class also
triggers the loading of the same class. (markt)
+ Fix: The rewrite valve should not do a rewrite if the output is
identical to the input. (remm)
+ Update: Add a new valveSkip (or VS) rule flag to the rewrite valve to
allow skipping over the next valve in the Catalina pipeline. (remm)
+ Fix: Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by
removing reference to org.apache.catalina.ssi package that is no longer
included in the JAR. Based on pull request #684 by Jendrik Johannes.
(markt)
+ Fix: Fix ServiceBindingPropertySource so that trailing \r\n sequences
are correctly removed from files containing property values when
configured to do so. Bug identified by Coverity Scan. (markt)
+ Add: Add improvements to the CSRF prevention filter including the
ability to skip adding nonces for resource name and subtree URL patterns.
(schultz)
+ Fix: Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
+ Fix: 68089: Further improve the performance of request attribute
access for ApplicationHttpRequest and ApplicationRequest. (markt)
+ Fix: 68559: Allow asynchronous error handling to write to the
response after an error during asynchronous processing. (markt)
* Coyote
+ Fix: Improve the HTTP/2 stream prioritisation process. If a stream
uses all of the connection windows and still has content to write, it
will now be added to the backlog immediately rather than waiting until
the write attempt for the remaining content. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that once
a connection is marked to be closed, further asynchronous processing
cannot change that. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that once
the call to AsyncListener.onError() has returned to the container, only
container threads can access the AsyncContext. This protects against
various race conditions that woudl otherwise occur if application threads
continued to access the AsyncContext.
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. In particular, most of the
HTTP/2 debug logging has been changed to trace level. (remm)
+ Fix: Add support for user provided SSLContext instances configured
on SSLHostConfigCertificate instances. Based on pull request #673
provided by Hakan Altındağ. (markt)
+ Fix: Improve the Tomcat Native shutdown process to reduce the likelihood
of a JVM crash during Tomcat shutdown. (markt)
+ Fix: Partial fix for 68558: Cache the result of converting to String
for request URI, HTTP header names and the request Content-Type value to
improve performance by reducing repeated byte[] to String conversions.
(markt)
+ Fix: Improve error reporting to HTTP/2 clients for header processing
errors by reporting problems at the end of the frame where the error was
detected rather than at the end of the headers. (markt)
+ Fix: Remove the remaining reference to a stream once the stream has
been recycled. This makes the stream eligible for garbage collection
earlier and thereby improves scalability. (markt)
* Jasper
+ Add: Add support for specifying Java 22 (with the value 22) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
+ Fix: 68546: Generate optimal size and types for JSP imports maps, as
suggested by John Engebretson. (remm)
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. (remm)
* Cluster
+ Fix: Avoid updating request count stats on async. (remm)
* WebSocket
+ Fix: Correct a regression in the fix for 66508 that could cause an
UpgradeProcessor leak in some circumstances. (markt)
+ Fix: Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
+ Fix: Ensure that WebSocket connection closure completes if the
connection is closed when the server side has used the proprietary
suspend/resume feature to suspend the connection. (markt)
* Web applications
+ Add: Add support for responses in JSON format from the examples
application RequestHeaderExample. (schultz)
* Other
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Update Checkstyle to 10.13.0. (markt)
+ Update: Update JSign to 6.0. (markt)
+ Update: Add strings for debug level messages. (remm)
+ Update: Update Tomcat Native to 1.3.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)�- Add missing Requires(post): util-linux to have runuser into post�- Add %%systemd_ordering to packages with systemd unit files, so
that the order is the right one if those packages find themselves
in the same transaction with systemd�- Link ecj.jar into the install instead of copying it�- rpm 4.19 requires dependencies on tomcat user and group (bsc#1219530)�- Fixed CVEs:
* CVE-2024-22029: run xsltproc as tomcat group (bsc#1219208)�- Update to Tomcat 9.0.85
* Fixed CVEs:
+ CVE-2023-46589: Apache Tomcat: HTTP request smuggling due to
incorrect headers parsing (bsc#1217649)
* Catalina
+ Update: 68378: Align extension to MIME type mappings in the
global web.xml with those in httpd by adding
application/vnd.geogebra.slides for ggs, text/javascript for mjs
and audio/ogg for opus. (markt)
+ Fix: Background processes should not be run concurrently with
lifecycle operations of a container. (remm)
+ Fix: Correct unintended escaping of XML in some WebDAV
responses. The XML list of support locks when provided in
response to a PROPFIND request was incorrectly XML escaped.
(markt)
+ Fix: 68227: Ensure that AsyncListener.onComplete() is called
if AsyncListener.onError() calls AsyncContext.dispatch().
(markt)
+ Fix: 68228: Use a 408 status code if a read timeout occurs
during HTTP request processing. Includes a test case based on
code provided by adwsingh. (markt)
+ Fix: 67667: TLSCertificateReloadListener prints unreadable
rendering of X509Certificate#getNotAfter(). (michaelo)
+ Update: The status servlet included in the manager webapp
can now output statistics as JSON, using the JSON=true URL
parameter. (remm)
+ Update: Optionally allow ServiceBindingPropertySource to
trim a trailing newline from a file containing a
property-value. (schultz)
+ Fix: 67793: Ensure the original session timeout is restored
after FORM authentication if the user refreshes a page during
the FORM authentication process. Based on a suggestion by
Mircea Butmalai. (markt)
+ Update: 67926: PEMFile prints unidentifiable string
representation of ASN.1 OIDs. (michaelo)
+ Fix: 66875: Ensure that setting the request attribute
jakarta.servlet.error.exception is not sufficient to trigger
error handling for the current request and response. (markt)
+ Fix: 68054: Avoid some file canonicalization calls
introduced by the fix for 65433. (remm)
+ Fix: 68089: Improve performance of request attribute access
for ApplicationHttpRequest and ApplicationRequest. (markt)
+ Fix: Use a 400 status code to report an error due to a bad
request (e.g. an invalid trailer header) rather than a 500
status code. (markt)
+ Fix: Ensure that an IOException during the reading of the
request triggers always error handling, regardless of whether
the application swallows the exception. (markt)
* Coyote
+ Fix: Refactor the VirtualThreadExecutor so that it can be
used by the NIO2 connector which was using platform threads
even when configured to use virtual threads. (markt)
+ Fix: Correct a regression in the fix for 67675 that broke
TLS key file parsing for PKCS#8 format keys that do not specify
an explicit pseudo-random function and rely on the default.
This typically affects keys generated by OpenSSL 1.0.2.
(markt)
+ Fix: Allow multiple operations with the same name on
introspected mbeans, fixing a regression caused by the
introduction of a second addSslHostConfig method. (remm)
+ Fix: Relax the check that the HTTP Host header is consistent
with the host used in the request line, if any, to make the
check case insensitive since host names are case insensitive.
(markt)
+ Add: 68348: Add support for the partitioned attribute for
cookies. (markt)
+ Add: 66670: Add SSLHostConfig#certificateKeyPasswordFile and
SSLHostConfig#certificateKeystorePasswordFile. (michaelo)
+ Add: When calling
SSLHostConfigCertificate.setCertificateKeystore(ks),
automatically call setCertificateKeystoreType(ks.getType()).
(markt)
+ Fix: 67628: Clarify how the ciphers attribute of the
SSLHostConfig is used. (markt)
+ Fix: 67666: Ensure TLS connectors using PEM files either
work with the TLSCertificateReloadListener or, in the rare case
that they do not, log a warning on Connector start. (markt)
+ Fix: 67675: Support a wider range of KDF and ciphers for PEM
files than the combinations supported by the JVM by default.
Specifically, support the OpenSSL default of HmacSHA256 and
DES-EDE3-CBC. (markt)
+ Fix: 67927: Reloading TLS configuration can cause the
Connector to refuse new connections or the JVM to crash.
(markt)
+ Fix: 67934: If both Tomcat Native 1.2.x and 2.0.x are
available, prefer 1.2.x since it supports the APR/Native
connector whereas 2.0.x does not. (markt)
+ Fix: 67938: Correct handling of large TLS client hello
messages that were causing the TLS handshake to fail. (markt)
+ Fix: 68026: Convert selected MessageByte values to String
when first accessed to speed up subsequent accesses and reduce
garbage collection. (markt)
* Jasper
+ Code: 68119: Refactor the CompositeELResolver to improve
performance during type conversion operations. (markt)
+ Fix: 68068: Performance improvement for EL. Based on a
suggestion by John Engebretson. (markt)
* Web Applications
+ Fix: 68035: Additional fix to the Manager application to
enable the deployment of a web application located in a Host's
appBase where the web application is specified by a bare (no
path) WAR or directory name as shown in the documentation.
(markt)
+ Fix: Examples. Improve the error handling so snakes
associated with a user that drops from the network are removed
from the game. (markt)
+ Fix: 68035: Correct a regression in the fix for 56248 that
prevented deployment via the Manager of a WAR or directory that
was already present in the appBase or a context file that was
already present in the xmlBase. (markt)
* Other
+ Update: Update Checkstyle to 10.12.7. (markt)
+ Update: Update SpotBugs to 4.8.3. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji.
(markt)
+ Update: Update UnboundID to 6.0.11. (markt)
+ Update: Update Checkstyle to 10.12.5. (markt)
+ Update: Update SpotBugs to 4.8.2. (markt)
+ Update: Update Derby to 10.17.1. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji.
(markt)
+ Add: Improvements to Brazilian Portuguese translations by
John William Vicente. (markt)
+ Add: Improvements to Russian translations by usmazat and
remm. (markt)
+ Add: 67538: Make use of Ant's task to enfore
the mininum Java build version. (michaelo)
+ Update: Update Checkstyle to 10.12.4. (markt)
+ Update: Update JaCoCo to 0.8.11. (markt)
+ Update: Update SpotBugs to 4.8.0. (markt)
+ Update: Update BND to 7.0.0. (markt)
+ Update: The minimum Java version required to build Tomcat
has been raised to Java 17. (markt)
- Added patches:
* tomcat-9.0-build-with-java-11.patch�- change server.xml during %post instead of %posttrans�- Fix server.xml permission (bsc#1217768, bsc#1217402)
- remove serverxmltool and use xsltproc�- replace prep setup and patches macro with autosetup�- Update to Tomcat 9.0.82
* Fixed CVEs:
+ CVE-2023-45648: Improve trailer header parsing (bsc#1216118)
+ CVE-2023-42794: FileUpload: remove tmp files to avoid DoS
on Windows (bsc#1216120)
+ CVE-2023-42795: Improve handling of failures during recycle()
methods (bsc#1216119)
* Catalina
+ Add: 65770: Provide a lifecycle listener that will
automatically reload TLS configurations a set time before the
certificate is due to expire. This is intended to be used with
third-party tools that regularly renew TLS certificates.
+ Fix: Fix handling of an error reading a context descriptor on
deployment.
+ Fix: Fix rewrite rule qsd (query string discard) being ignored
if qsa was also use, while it should instead take precedence.
+ Fix: 67472: Send fewer CORS-related headers when CORS is not
actually being engaged.
+ Add: Improve handling of failures within recycle() methods.
* Coyote
+ Fix: 67670: Fix regression with HTTP compression after code
refactoring.
+ Fix: 67198: Ensure that the AJP connector attribute
tomcatAuthorization takes precedence over the
tomcatAuthentication attribute when processing an auth_type
attribute received from a proxy server.
+ Fix: 67235: Fix a NullPointerException when an AsyncListener
handles an error with a dispatch rather than a complete.
+ Fix: When an error occurs during asynchronous processing,
ensure that the error handling process is only triggered once
per asynchronous cycle.
+ Fix: Fix logic issue trying to match no argument method in
IntropectionUtil.
+ Fix: Improve thread safety around readNotify and writeNotify
in the NIO2 endpoint.
+ Fix: Avoid rare thread safety issue accessing message digest
map.
+ Fix: Improve statistics collection for upgraded connections
under load.
+ Fix: Align validation of HTTP trailer fields with standard
fields.
+ Fix: Improvements to HTTP/2 overhead protection (bsc#1216182,
CVE-2023-44487)
* jdbc-pool
+ Fix: 67664: Correct a regression in the clean-up of
unnecessary use of fully qualified class names in 9.0.81
that broke the jdbc-pool.
* Jasper
+ Fix: 67080: Improve performance of EL expressions in JSPs that
use implicit objects�- Update to Tomcat 9.0.80
* Catalina
+ Add RateLimitFilter which can be used to mitigate DoS and
Brute Force attacks
+ Move the management of the utility executor from the
init()/destroy() methods of components to the start()/stop()
methods.
+ Add org.apache.catalina.core.StandardVirtualThreadExecutor,
a virtual thread based executor that may be used with one or
more Connectors to process requests received by those
Connectors using virtual threads. This Executor requires a
minimum Java version of Java 21.
+ 66513: Add a per session Semaphore to the PersistentValve that
ensures that, within a single Tomcat instance, there is no
more than one concurrent request per session. Also expand the
debug logging to include whether a request bypasses the Valve
and the reason if a request fails to obtain the per session
Semaphore.
+ 66609: Ensure that the default servlet correctly escapes file
names in directory listings when using XML output.
+ 66618: Add a numeric last modified field to the XML directory
listings produced by the default servlet to enable sorting in
the XSLT.
+ 66621: Attempts to lock a collection with WebDAV may
incorrectly fail if a child collection has an expired lock.
+ 66622: Deprecate the xssProtectionEnabled setting from the
HttpHeaderSecurityFilter and change the default value to false
as support for the associated HTTP header has been removed
from all major browsers.
+ 59232: Add org.apache.catalina.core.ContextNamingInfoListener,
a listener which creates context naming information
environment entries.
+ 66665: Add
org.apache.catalina.core.PropertiesRoleMappingListener, a
listener which populates the context's role mapping from a
properties file.
+ Fix an edge case where intra-web application symlinks would be
followed if the web applications were deliberately crafted to
allow it even when allowLinking was set to false.
+ Add utility config file resource lookup on Context to allow
looking up resources from the webapp (prefixed with webapp:)
and make the resource lookup API more visible.
+ Fix potential database connection leaks in
DataSourceUserDatabase identified by Coverity Scan.
+ Make parsing of ExtendedAccessLogValve patterns more robust.
+ Fix failure trying to persist configuration for an internal
credential handler.
+ 66680: When serializing a session during the session
presistence process, do not log a warning that null Principals
are not serializable.
+ Catch NamingException in JNDIRealm#getPrincipal. It is used in
Java up to 17 to signal closed connections.
+ 66822: Use the same naming format in log messages for
Connector instances as the associated ProtocolHandler instance.
+ The parts count should also lower the actual maxParameterCount
used for parsing parameters if parts are parsed first.
+ If an application or library sets both a non-500 error code
and the javax.servlet.error.exception request attribute, use
the provided error code during error page processing rather
than assuming an error code of 500.
+ Update code comments and Tomcat output to use MiB for
1024 * 1024 bytes and KiB for 1024 bytes rather than
MB and kB.
+ Avoid protocol relative redirects in FORM authentication
(CVE-2023-41080, bsc#1214666).
* Coyote
+ Update the HTTP/2 implementation to use the prioritization
scheme defined in RFC 9218 rather than the one defined in
RFC 7540.
+ 66602: not sending WINDOW_UPDATE when dataLength is ZERO on
call SwallowedDataFramePayload.
+ 66627: Restore the documented behaviour of
MessageBytes.getType() that it returns the type of the
original content rather than reflecting the most recent
conversion.
+ 66635: Correct certificate logging on start-up so it
differentiates between keystore based keys/certificates and
PEM file based keys/certificates and logs the relevant
information for each.
+ Refactor blocking reads and writes for the NIO connector to
remove code paths that could allow a notification from the
Poller to be missed resuting in a timeout rather than the
expected read or write.
+ Refactor waiting for an HTTP/2 stream or connection window
update to handle spurious wake-ups during the wait.
+ Correct a regression introduced in 9.0.78 and use the correct
constant when constructing the default value for the
certificateKeystoreFile attribute of an
SSLHostConfigCertificate instance.
+ Refactor HTTP/2 implementation to reduce pinning when using
virtual threads.
+ Pass through ciphers referring to an OpenSSL profile, such as
PROFILE=SYSTEM instead of producing an error trying to parse
it.
+ 66841: Ensure that AsyncListener.onError() is called after an
error during asynchronous processing with HTTP/2.
+ 66842: When using asynchronous I/O (the default for NIO and
NIO2), include DATA frames when calculating the HTTP/2
overhead count to ensure that connections are not prematurely
terminated.
+ Correct a race condition that could cause spurious RST
messages to be sent after the response had been written to an
HTTP/2 stream.
* WebSocket
+ 66548: Expand the validation of the value of the
Sec-Websocket-Key header in the HTTP upgrade request that
initiates a WebSocket connection. The value is not decoded but
it is checked for the correct length and that only valid
characters from the base64 alphabet are used.
+ Improve handling of error conditions for the WebSocket server,
particularly during Tomcat shutdown.
+ Correct a regression in the fix for 66574 that meant the
WebSocket session could return false for onOpen() before the
onClose() event had been completed.
+ 66681: Fix a NullPointerException when flushing batched
messages with compression enabled using permessage-deflate.
* Web applications
+ Documentation. Expand the security guidance to cover the
embedded use case and add notes on the uses made of the
java.io.tmpdir system property.
+ 66662: Documentation. Fix a typo in the name of the algorithms
attribute in the configuration section for the Digest
authentication value.
+ Documentation. Update documentation to use MiB for
1024 * 1024 bytes and KiB for 1024 bytes rather than
MB and kB.
* jdbc-pool
+ Fix the releaseIdleCounter does not increment when testAllIdle
releases them.
+ Fix the ConnectionState state will be inconsistent with actual
state on the connection when an exception occurs while
writing.
* Other
+ Update to Commons Daemon 1.3.4.
+ Improvements to French translations.
+ Update Checkstyle to 10.12.0.
+ Update the packaged version of the Apache Tomcat Native
Library to 1.2.37 to pick up the Windows binaries built with
with OpenSSL 1.1.1u.
+ Include the Windows specific binary distributions in the files
uploaded to Maven Central.
+ Improvements to French translations.
+ Improvements to Japanese translations.
+ Update UnboundID to 6.0.9.
+ Update Checkstyle to 10.12.1.
+ Update BND to 6.4.1.
+ Update JSign to 5.0.
+ Correct properties for JSign dependency.
+ Align documentation for maxParameterCount to match hard-coded
defaults.
+ Update NSIS to 3.0.9.
+ Update Checkstyle to 10.12.2.
+ Improvements to French translations.
+ Improvements to Japanese translations.
+ 66829: Fix quoting so users can use the _RUNJAVA environment
variable as intended on Windows when the path to the Java
executable contains spaces.
+ Update Tomcat Native to 1.2.38 to pick up Windows binaries
built with OpenSSL 1.1.1v.
+ Improvements to Chinese translations.
+ Improvements to French translations.
+ Improvements to Japanese translations
- Removed patch:
* tomcat-9.0.75-CVE-2023-41080.patch
+ integrated in this version�- Fixed CVEs:
* CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666)
- Added patches:
* tomcat-9.0.75-CVE-2023-41080.patch�- Modified patch:
* tomcat-9.0-osgi-build.patch
+ make it more robust to change in number of artifacts in bnd
+ do not enumerate jars, just take all jars from the aqute-bnd
directory into the classpath�- Require(pre) shadow because groupadd is needed early�- Update to Tomcat 9.0.75.
* See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.75_(markt)
* Fixes:
+ bsc#1211608, CVE-2023-28709
+ bsc#1208513, CVE-2023-24998 (previous incomplete fix)
- Remove patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch
* tomcat-9.0-CVE-2021-41079.patch
* tomcat-9.0-CVE-2022-23181.patch
* tomcat-9.0-NPE-JNDIRealm.patch
* tomcat-9.0-hardening_getResources.patch
* tomcat-9.0.43-CVE-2021-43980.patch
* tomcat-9.0.43-CVE-2022-42252.patch
* tomcat-9.0.43-CVE-2022-45143.patch
* tomcat-9.0.43-CVE-2023-24998.patch
* tomcat-9.0.43-CVE-2023-28708.patch
+ integrated in this version
* tomcat-9.0.43-java8compat.patch
+ problem with Java 8 compatibility solved in this version
- Modified patch:
* tomcat-9.0.31-secretRequired-default.patch
- > tomcat-9.0.75-secretRequired-default.patch
+ rediffed to changed context
* tomcat-9.0-javadoc.patch
+ drop integrated hunks
* tomcat-9.0-osgi-build.patch
+ fix to work with current version
- Added patch:
* tomcat-9.0-jdt.patch
+ fix build against our ecj�- Fixed CVEs:
* CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840)
- Added patches:
* tomcat-9.0.43-CVE-2022-45143.patch�- Fixed CVEs:
* CVE-2023-28708: tomcat: not including the secure attribute
causes information disclosure (bsc#1209622)
- Added patches:
* tomcat-9.0.43-CVE-2023-28708.patch�- Fixed CVEs:
* CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513)
- Added patches:
* tomcat-9.0.43-CVE-2023-24998.patch�- set logrotate for localhost.log, manager.log, host-manager.log and localhost_access_log.txt
- use logrotate for catalina.out
* update tomcat-serverxml-tool and spec to configure server.xml
- Added patch:
* tomcat-9.0-logrotate_everything.patch
* tomcat-serverxml-tool.tar.gz
- Removed:
* tomcat-serverxml-tool-1.0.tar.gz�- Use catalina.out for logging (bsc#1205647)
- Added patches:
* tomcat-9.0-fix_catalina.patch�- Fixed CVEs:
* CVE-2022-42252: reject invalid content-length requests. (bsc#1204918)
- Added patches:
* tomcat-9.0.43-CVE-2022-42252.patch�- Fixed CVEs:
* CVE-2021-43980: Improve the recycling of Processor objects to make it more robust. (bsc#1203868)
- Added patches:
* tomcat-9.0.43-CVE-2021-43980.patch�- Do not hardcode /usr/libexec but use %%_libexecdir during the
build
* Fixes for platforms, where /usr/libexec and %%_libexecdir are
different�- Fix bsc#1201081 by building with release=8 all files that can be
built this way. The one file remaining, build it with source=8 and
target=8
- Modified patch:
* tomcat-9.0.43-java8compat.patch
+ Do not cast ByteBuffer to Buffer to call the Java 8 compatible
methods. Build with release=8 instead�- Security hardening. Deprecate getResources() and always return null. (bsc#1198136)
- Added patch: tomcat-9.0-hardening_getResources.patch�- Remove dependency on log4j/reload4j completely (bsc#1196137)�- Do not build against the log4j12 packages, use the new reload4j�- Fixed CVEs:
* CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)
- Added patches:
* tomcat-9.0-CVE-2022-23181.patch�- remove instance units from post scripts, they can not be reloaded�- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569)
- Added patch:
* tomcat-9.0-NPE-JNDIRealm.patch�- Modified patch:
* tomcat-9.0-osgi-build.patch
+ account for biz.aQute.bnd.ant artifact in aqute-bnd >= 5.2.0�- Fixed CVEs:
* CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
* CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)
- Added patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch�- Fixed CVEs:
* CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)
- Added patches:
* tomcat-9.0-CVE-2021-41079.patch�- Update to Tomcat 9.0.43. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.43_(markt)
- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch
- Rebased patch:
tomcat-9.0.39-java8compat.patch -> tomcat-9.0.43-java8compat.patch�- Update to Tomcat 9.0.41. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.41_(markt)�- Update to Tomcat 9.0.40. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt)
- Removed Patches because fixed upstream now:
* tomcat-9.0-CVE-2020-17527.patch
* tomcat-9.0-CVE-2021-24122.patch�- Fixed CVEs:
* CVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)
* CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)
- Added patches:
* tomcat-9.0-CVE-2021-25122.patch
* tomcat-9.0-CVE-2021-25329.patch�- Log if file access is blocked due to symlinks: CVE-2021-24122 (bsc#1180947)
- Added patch:
* tomcat-9.0-CVE-2021-24122.patch�- Update to Tomcat 9.0.39. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39_(markt)
- Rebased patches:
* tomcat-9.0.38-java8compat.patch -> tomcat-9.0.39-java8compat.patch�- Update to Tomcat 9.0.38. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.38_(markt)
- Rebased patches:
* tomcat-9.0.37-java8compat.patch -> tomcat-9.0.38-java8compat.patch
- Removed tomcat-9.0-CVE-2020-13943.patch because that fix is upstream now�- Update to Tomcat 9.0.37. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.37_(markt)
- Fixed CVEs:
* CVE-2020-13934 (bsc#1174121)
* CVE-2020-13935 (bsc#1174117)
- Rebased patches:
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch -> tomcat-9.0.37-java8compat.patch�- Fix HTTP/2 request header mix-up: CVE-2020-17527 (bsc#1179602)
- Added patch:
* tomcat-9.0-CVE-2020-17527.patch�- Add source url for tomcat-serverxml-tool
- Fix typo in tomcat-webapps %postun that caused /examples
context to remain in server.xml when package was removed
- Remove tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from
package. They're not used anymore becuse of systemd (bsc#1178396)�- Fix tomcat-servlet-4_0-api package alternatives to use
/usr/share/java/servlet.jar instead of /usr/share/java/tomcat-servlet.jar.
Keep /usr/share/java/tomcat-servlet.jar symlink for compatibility.
(bsc#1092163)
- Change default file ownership in tomcat-webapps from
tomcat:tomcat to root:tomcat�- Fix CVE-2020-13943 (bsc#1177582)
- Added patch:
* tomcat-9.0-CVE-2020-13943.patch
- Change /usr/lib/tomcat to /usr/libexec/tomcat in startup
scripts (bsc#1177601)�- Replace old specfile constructs. Remove support for SUSE 11.x.
- Drop %systemd_requires, which is considered a no-op.
- Trim redundant license mention from description.
- Make documentation noarch.
- Do not suppress errors from useradd.�- Avoid hardcoding /usr/lib as libexecdir�- Don't give write permissions for the tomcat group on files and
directories where it's not needed (bsc#1172562)
- Change tomcat.pid location from /var/run to /run (bsc#1173103)
- Use the /sbin/nologin shell when creating the tomcat user
- Use %tmpfiles_create macro in %post instead of calling
systemd-tmpfiles directly�- Update to Tomcat 9.0.36. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.36_(markt)
- Fixed CVEs:
CVE-2020-11996 (bsc#1173389)�- Update to Tomcat 9.0.35. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.35_(markt)
- Fixed CVEs:
- CVE-2020-9484 (bsc#1171928)
- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch�- Update to Tomcat 9.0.34. See changelog at
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.34_(markt)
- Notable changes:
* Add support for default values when using ${...} property
replacement in configuration files. Based on a pull request
provided by Bernd Bohmann.
* When configuring an HTTP Connector, warn if the encoding
specified for URIEncoding is not a superset of US-ASCII as
required by RFC 7230.
* Replace the system property
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with
the Connector attribute encodedSolidusHandling that adds an
additional option to pass the %2f sequence through to the
application without decoding it in addition to rejecting such
sequences and decoding such sequences.�- Update to Tomcat 9.0.33. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.33_(markt)
- Notable fix: corrected a regression in the improvements to HTTP
header parsing (bsc#1167438)
- Rebased patches:
* tomcat-9.0-javadoc.patch
* tomcat-9.0-osgi-build.patch
* tomcat-9.0.31-java8compat.patch�- Change default value of AJP connector secretRequired to false
- Added patch:
* tomcat-9.0.31-secretRequired-default.patch�- Update to Tomcat 9.0.31. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
- Fixed CVEs:
* CVE-2019-17569 (bsc#1164825)
* CVE-2020-1935 (bsc#1164860)
* CVE-2020-1938 (bsc#1164692)
- Modified patch
* tomcat-9.0.30-java8compat.patch
- > tomcat-9.0.31-java8compat.patch
+ Adapt to changed context�- Modified patch:
* tomcat-9.0.30-java8compat.patch
+ add missing casts (bsc#1162081)�- Change back the build to build with any Java >= 1.8
- Added patch:
* tomcat-9.0.30-java8compat.patch
+ Cast java.nio.ByteBuffer and java.nio.CharBuffer to
java.nio.Buffer in order to avoid calling Java 9+ APIs
(functions with co-variant return types)
- Renamed patch:
* tomcat-9.0-disable-osgi-build.patch
- > tomcat-9.0-osgi-build.patch
+ Do not disable, but fix OSGi build since we have now
aqute-bnd�- Change build to always use Java 1.8 (bsc#1161025).�- Update to Tomcat 9.0.30. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
- Fixed CVEs:
- CVE-2019-0221 (bsc#1136085)
- CVE-2019-10072 (bsc#1139924)
- CVE-2019-12418 (bsc#1159723)
- CVE-2019-17563 (bsc#1159729)
- Removed patch:
* tomcat-9.0-JDTCompiler-java.patch
+ It was not applied�- Update to Tomcat 9.0.27. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.27_(markt)
- Uset aqute-bnd to generate OSGi manifest, since we have that
package now in openSUSE:Factory
- Removed patch:
* tomcat-9.0-disable-osgi-build.patch
+ not needed�- Add maven pom files for tomcat-jni and tomcat-jaspic-api�- Distribute the pom file also for tomcat-util-scan artifact�- Build against compatibility log4j12 package�- Adapt to the new ecj directory layout�- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut the build queues by allowing usage of systemd-mini�- Update to Tomcat 9.0.20. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.20_(markt)
- increase maximum number of threads and open files for tomcat (bsc#1111966)�- Update to Tomcat 9.0.19. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.19_(markt)
Notable packaging changes:
- File /usr/share/java/tomcat/catalina-jmx-remote.jar was removed.
The classes contained in this jar were merged into
/usr/share/java/tomcat/catalina.jar.
- Fixed CVEs:
- CVE-2019-0199 (bsc#1131055)
- Rebased patch:
- tomcat-9.0-JDTCompiler-java.patch
- tomcat-9.0-javadoc.patch�- Build classpath directly with the geronimo jars instead of with
symlinks to them�- Don't overwrite changes made to server.xml contexts when updating
bundled webapps.�- Set javac target to 1.8 when building docs samples and serverxmltool�- Move webapps bundled with Tomcat to /usr/share/tomcat/tomcat-webapps
(bsc#1092341). Affected packages:
- tomcat-webapps
- tomcat-admin-webapps
- tomcat-docs-webapp
- Remove %doc directive from tomcat-docs-webapps files section so that
zypper installs files even if rpm.install.excludedocs is set to yes.�- Require Java 1.8 or later (bsc#1123407)�- Clean up OSGi manifest injection
- Put embed maven metadata into embed subpackage
- Use the .mfiles* lists generated by %%add_maven_depmap macro�- Fix tomcat-tool-wrapper classpath error (bsc#1120745)�- Fix tomcat-digest classpath error (bsc#1120745)�- Update to Tomcat 9.0.14. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt)�- Add pom files for tomcat-jdbc and tomcat-dbcp
- Add org.eclipse.jetty.orbit* aliases to correspondant artifacts�- Update to Tomcat 9.0.13. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.13_(markt)�- Update to Tomcat 9.0.12. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt)
- Fixed CVEs:
- CVE-2018-11784 (bsc#1110850)
- Rebased patches:
- tomcat-9.0-disable-osgi-build.patch
- tomcat-9.0-javadoc.patch
- tomcat-9.0-sle.catalina.policy.patch
- tomcat-9.0-tomcat-users-webapp.patch�- Declare following files to config(noreplace) to prevent override
access rights:
- host-manager/META-INF/context.xml
- manager/META-INF/context.xml�- Empty tomcat-9.0.sysconfig to avoid overwriting of customer's
configuration during update (bsc#1067720)�- Update to Tomcat 9.0.10. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt)
- Fixed CVEs:
- CVE-2018-1336 (bsc#1102400)
- CVE-2018-8014 (bsc#1093697)
- CVE-2018-8034 (bsc#1102379)
- CVE-2018-8037 (bsc#1102410)
- Rebased patch tomcat-9.0-JDTCompiler-java.patch
- Added patch tomcat-9.0-disable-osgi-build.patch to disable adding
OSGi metadata to JAR files�- Update to Tomcat 9.0.5. See changelog at
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.5_(markt)�- Modified patch:
* tomcat-9.0-javadoc.patch
+ Don't append to javadoc --add-modules since we are building
with source=8
+ Avoid accessing Internet URLs from build environment�- Update to Tomcat 9.0.2:
* Major update for tomcat8 from tomcat9
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-9.0-doc/changelog.html
* Rename all tomcat-8.0-* files to tomcat-9.0-*
- Changed patches:
* Deleted: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-8.0-sle.catalina.policy.patch
* Deleted: tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-8.0.33-JDTCompiler-java.patch
* Deleted: tomcat-8.0.44-javadoc.patch
* Deleted: tomcat-8.0.9-property-build.windows.patch
* Added: tomcat-9.0-JDTCompiler-java.patch
* Added: tomcat-9.0-bootstrap-MANIFEST.MF.patch
* Added: tomcat-9.0-javadoc.patch
* Added: tomcat-9.0-sle.catalina.policy.patch
* Added: tomcat-9.0-tomcat-users-webapp.patch
- Renamed subpackage tomcat-3_1-api to tomcat-4_0-api
to reflect the new Servlet API version.
- Commented out JAVA_HOME in /etc/tomcat/tomcat.conf
- Added "tomcat-" prefix to lib symlinks under
/usr/share/java to avoid file conflicts with servletapi5
and geronimo-specs
- Fixed wrong %ghost file paths for alternatives symlinks�- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)�- Build with JDK 8 to fix runtime errors when running with JDK 7
and 8
- Fix tomcat-digest classpath error (bsc#977410)
- Fix packaged /etc/alternatives symlinks for api libs that caused
rpm -V to report link mismatch (bsc#1019016)�- update to 8.0.47
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE:
- CVE-2017-12617
- rebase tomcat-8.0-sle.catalina.policy.patch�- Added patch:
* tomcat-8.0.44-javadoc.patch
- generate documentation with the same source level as class
files
- fixes build with jdk9�- Version update to 8.0.44:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVE:
- CVE-2017-5664 (bsc#1042910)�- New build dependency: javapackages-local�- Version update to 8.0.43:
* Another bugfix release, for full details see:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Fixed CVEs:
- CVE-2017-5647 (bnc#1033448)
- CVE-2017-5648 (bnc#1033447)
- CVE-2016-8745
- Renamed and rebased patches:
* tomcat-7.0-sle.catalina.policy.patch -> tomcat-8.0-sle.catalina.policy.patch
- Enable optional setenv.sh script. See section
"(3.4) Using the "setenv" script (optional, recommended)" in
http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt
(bnc#1002662)
- Fix file conflicts when upgrading from SLES 12 to SLES 12 SP1 (bnc#1023412).
Added explicit obsoletes for tomcat-el-2_2-api, tomcat-jsp-2_2-api,
tomcat-servlet-3_0-api�- update to 8.0.39: (boo#1003911)
* Improve handling of I/O errors with async processing
* Fail earlier on invalid HTTP request
- includes changes from 8.0.38:
* Refactoring the non-container thread Async complete()/dispatch()
handling to remove the possibility of deadlock
* Improved UTF-8 handling for the RewriteValve
- includes changes from 8.0.37:
* Treat paths used to obtain a request dispatcher as encoded
(configurable)
* Various jdbc-pool fixes
- drop tomcat-8.0.36-jar-scanner-loop.patch, upstream�- Switch to commons-dbcp2 fate#321029�- Backport fix for inifinite loop in the jar scanner for 8.0.36. (bnc#993862)
Added: tomcat-8.0.36-jar-scanner-loop.patch�- Version update to 8.0.36:
* Another bugfix release for the 8.0 series. Full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt)
- CVE fixed by the version update:
- CVE-2016-3092 (bnc#986359)
- Fixed a deployment error in the examples webapp by changing the context.xml format to the new one
introduced by Tomcat 8. See http://tomcat.apache.org/migration-8.html#Web_application_resources�- fix maven fragments paths to build in multiple distribution
versions�- Version update to 8.0.33:
* Another bugfix release for 8.0 series, full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.33_(markt)
- Rebase tomcat-8.0-tomcat-users-webapp.patch
- Rebase tomcat-7.0.53-JDTCompiler-java.patch
to tomcat-8.0.33-JDTCompiler-java.patch�- Fix fixme for the prereq preamble value
- It seems systemd prints error on adding the @ services to macros
so do not do that�- package was partly merged with the scripts used in the
Fedora distribution
- support running multiple tomcat instances on the same server
(fate#317783)
- add catalina-jmx-remote.jar (fate#318403)
- remove sysvinit support: systemd is required�- update changes file for CVE information
- Fixed CVEs:
- CVE-2015-5346 (bnc#967814) in 8.0.32
- CVE-2015-5351 (bnc#967812) in 8.0.32
- CVE-2016-0706 (bnc#967815) in 8.0.32
- CVE-2016-0714 (bnc#967964) in 8.0.32
- CVE-2016-0763 (bnc#967966) in 8.0.32
- CVE-2015-5345 (bnc#967965) in 8.0.30
- CVE-2015-5174 (bnc#967967) in 8.0.27�- Version update to 8.0.32:
* Another bugfix release for 8.0 series, full details:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.32_(markt)
- Rebase patch:
* tomcat-8.0.9-property-build.windows.patch�- update to Tomcat 8.0.28
* Multiple fixes, read upstream changelog at:
https://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt)�- Some whitespace cleanups�- Remove pointless conflicts on provide/obsolete symbols�- Version bump to 8.0.23 fate#318913:
* Multiple testfixes all around, read upstream changelog at:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.23_(markt)�- Fix previous commit. Fix one rpmlint warning�- Drop gpg verification from spec, it is done by obs�- Fix build with new jpackage-tools�- update to Tomcat 8.0.18:
* Major update for tomcat8 from tomcat7
* For full changelog please read upstream changes at:
+ http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
* Rename all tomcat-7.0-* files to tomcat-8.0-*
* Update keyring file
- Update windows patch to apply again:
* Deleted: tomcat-7.0.52-property-build.windows.patch
* Added: tomcat-8.0.9-property-build.windows.patch
* Added:tomcat-8.0-tomcat-users-webapp.patch
* Deleted: tomcat-7.0-tomcat-users-webapp.patch
* Added: tomcat-8.0-bootstrap-MANIFEST.MF.patch
* Deleted: tomcat-7.0-bootstrap-MANIFEST.MF.patch�- Version 1.1.30 or higher is required for APR listener (bnc#914725)�/bin/sh�/bin/sh�servlet�tomcat-servlet-3_0-api�tomcat-servlet-3_1-api�h03-ch2a 1712679632��������������������������������������������������������������������� ���
�����������������������������������������������9.0.87�9.0.87�9.0.87�9.0.87�9.0.87�4.0���9.0.87-150200.65.1�9.0.87-150200.65.1��������������4.0�����������������������������������������servlet�servlet.jar�tomcat-servlet-4.0-api.jar�tomcat-servlet-api.jar�tomcat-servlet.jar�tomcat-servlet-4_0-api�LICENSE�tomcat-servlet-api.xml�JPP-tomcat-servlet-api.pom�/etc/alternatives/�/usr/share/java/�/usr/share/licenses/�/usr/share/licenses/tomcat-servlet-4_0-api/�/usr/share/maven-metadata/�/usr/share/maven-poms/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:33133/SUSE_SLE-15-SP2_Update/0810171cf16a0006948476d4602b0797-tomcat.SUSE_SLE-15-SP2_Update�drpm�xz�5�noarch-suse-linux��������������������������������������cannot open `/home/abuild/rpmbuild/BUILDROOT/tomcat-9.0.87-150200.65.1.x86_64/etc/alternatives/servlet' (No such file or directory)��gzip ERROR: Stdin has more than one entry--rest ignored (Zip archive data, at least v2.0 to extract Java archive data (JAR))�directory�ASCII text�XML 1.0 document, ASCII text�������������������������������������������������������������������������P���P���P���P���P���R���R���J{x%D!AB<�,����utf-8�c7c0cf16fd7e1e88ff63eedb9bad318876632eb47c4d4028f5c85b513b6b8680���������?��������7zXZ��
���!�����t/s]�"��k%LX3���iv�� +fe-B�?2e{|5�%v.'%suCu�6t-D^$F="OK =@�pu1"p,�y�q4�ĕ 0vUxL2K;}nm舤ma�A�|� '_[�U,Dd�,l� WV)@Bԡ�M
�}J���*
W��z2-|lHN,X"aI�tGܯVW!�J�~~[�zp�yWp6�J�=�>�jAGB5e ö��X�g��})��y{C:٘�\�/fώ�)+J()�Y#S~P;T�P0e�♚26x{ZUS$�ZH@{`�&�Hn�^P�&@�?�\r"ۮ]^ѣ^ �I;B7$0T=�d�sRe\�mf:!��܌g"�/),��=wԕC{Z>�R۶�M|!����!L
1e
�J!>U`QlLg+
z�@n°yƓϠC�`��P�ƞh?h.Gܣ \qP>75MzT[,؞%�%G�\)!�NjdV׃{UTyLe�_^UL涗�1.w��Kb~c.+j]�WPь
2�hN+#g�'%̛�7H��p:5�QZ'(>K_5I�ťHJgb1f!�Np~�,l�1�죴VBt*A]��sFJ�x+#ߍ2|({%��s2�F۸\@rD9{bFBHd=S����W�D~,���̷%{�;k8j{�xI�()��}ç�$�t�AG@W�&E[��/Ȑe�li��|Ff0�3b).Αj+W'Dl*n=OJ-uu-b"�W�:^C4ފgSU2�i�,E/ư]��atUcgEeeϣ1t�"�[=O)�0r�X�H%Xtv X|@#�a/��_k\Yh��whl o�@A�et��n�&�G&_K�R>uM�,xo�tS�$�4YtaQ�8�7�z3�~J>M���CNK%:��{B�xefo'H`�AQ�h)�zO��|C�#���DY
�o"�([]9�y{
]?S`y}o�]^aEs_qֳ�_���7}O��9w(�,hS
S%Ѵ:17+ 㺤�_;#f!f��Sfet�T
|�Hla�ؒA܅�"?�+��F*A@�;k̗�q�եyٟ�m�&U�:.hY1ۤ(c']Vl_�0E�;
[ tSo�gZ�3B2F=�<���w[oD8�'A
~���8�HH#?qa\&_3ឺ^i�Yj�D'a9L�u�qo=8Ae�ho$8Ql�kڥ��^hLr����?&O_�1xq'b[bD~2؍XwLZYm�G)sh-w
:``�/nYi_y(:E;%$>�ǃˡ�g:T�?XQ
�L#@�'|E�IF=$XSX��e���$`?
Si~~1ߝ�mND|x�7�
f���С[}w.9I"�
�)x|({�ŎMsոCTw�2�A�IT)���i�aZ5ʾ^o?��5q?z9��E�eq8Wm|�ԣ��Qt8bEش�
2IsȌH7,�O3@^J�ǑC�(蔷j!k9Fn{3j�nL��4Z��ܭc1TV_`nK�ϧ �)"�bi,Y�sМ=CO�UVQ�
u萚H�e8��-V*M)Z�Q)��D(}ș..|ڽOrBK��wNi�6�8ы�t̪�HJ/T0�2Nj$�9wtA`- d�90tbO/d
L#Ҍ71*"��9"!$vF��u�s�Rh=U��#�Ł?gMD�n$�b�'B�3
��Z1�ob���}�~p�S`��(;6
�{�,\ۦ;ooA@L1('TSb1Bx�n�m�˜yij)��-U�y}c�6�5,�*�n;}s6wִr��T��mwe[q�~SX'
=J^Ykɹn5 ݼx�ɱ�鶉�;lO/V�鬕
,b}a/|Bճ
v~�`un
{�Qf#-D�S{�y9@"եPwqt�P펜's0fۏm^ˉEln�qN A$zzDT&�3�!b
},NVTVDs]8~e|츈Z�?^z3֒�,ɞ6w`u#�&/��a�e�~YWFT1C�N
q/cklcYߐ@�e �1po�ar`0�B�*'*V�;�|jYX<�`g
JV���,�I�Ok�Ћ_&�[JFW�#h\([A8'k-]EOt��X�!Ex'��/S q����
O
l$ot%g .;Rʥ�FFK[�y�lЯ;Vi�+e�4{pGlzm'R2C�_�S`ΌL
���a֖��xۜkoDM7�RPT�oCjI]K
t��!@-1*b��[o'hx��"�ۋG+F��cPL�KT�|��mT!|IcyʿWl�ӔQrQbP#TӢg�M
Yȉ_Z79ǭIpmĹ�?�Sno
`�'r7!)
s)l\y$WN-r� oo,�,@i�ќӑub
�XtM(͞~;9Ap2֫$Ph(x6])Ⅎ(p��NZ�n�F��+@I.Sy-a5d�;?�g�"g6c4�NUlp^R�2͘fN��
K9Cr1u�,;�rt�nq�S�jao?4�6�ÂwuhL)J(�>�Z�
5q�LƞY�+g7~}
UjH�[ع5ol3m۽P`{v��WП_,HAEͯ,hy�`SCo]|z6qG�=mqF*
K��?;%�D��ЄB�N�qU"\H.RJPmj��y
ܲ!�?B�:dVe(||�'Łw�9+F[1ĒâhS�j&6)�eh^i"Г;$]T�f7qF�G�sS=G58�͕�eT�2><7v�d:Q�}�)7mLh.qz5E*J�֜\2�
��c!k�%8�Ud,iP<�eSQ+^h�!�Z�5JTdiTxX'd�韕��Tk|H(EB\Gr$G�/A
ԦmR|Û4�1isbL�
W��۔r]�C�H�rZe@*ہ{L��H�KWcEj}j�7��?s%�V:N�=j|َNiwj!8��
.
g<'�&J�B(X��L�.2ힹ�
q�Ȓċ`�de�g
cq;>χKC),XKd.�0IlI|ϨqP�j%~cv�C=xM�2"f[A�.U]���8 Re
+ef6GquN컥^�9Y��8aͫaddrge+ ]㼣"Ɍe5vy��yA�b� 1 [�k#�ue,2ÛY��%jsZ6!�U�u��/{P3ծ Yt�
�P(b,<�zU%�A�N!_Z=ZF�w���=��"vX�w�|w�s��/KյpaP�}vA�"�n.WR�lGq#�~m�q?eM|'#}��D9CkI0SxwFhlk]lf�0O8ͦ"�K�QeX_]Y/�@s��NGZ}s�b fpFxz�O@Nd�{ʝ��]�|hZg[���v*�\*�m;��MA, Jb�Ie[�S�k�c>5,3�=N(sP?���KËhK:5n+҇�KA{&$RטP|�ZL['�)(i �)ـ �<8%�u44�Lz�EQVDҨ5ׂyHA�V'�z)鏲_�nhe;zLRwk��sRش
�
3�A:|q�@L>(2#؍Zxom�)�P�M9jC!BKƺ"QلS.�y�=|�l%G�&Aבq,#8 8b`�a�9�/.�NPAnܰ�n߱3X0Q�H+ay�#��HcZ*"#Sp3"|�4(ev|b{m&P�=c?;ifjs}v뒰!ֽ�2E1��ٵ�VtPBs//
u�߱Xw)K쎦mbw+,єEo�,9?*>�^1@8ҙ,HKr$uxlSb"z<5I�.7,�}X��\LR��3WW#x�[E�C8yr
o�:��kCҋAcMCFJ�F�yA�
�w*H��u0�By�Ex����$pyw�'�D'Nt�UG]-v��0z _aM�Z�<�ҮD9=2ۍe*w�4ۮzPkʼu&�;j&o0�3N�͎��rLfz$?3�tIXpu�vU����Zc6K<ʿ|m�R��Nϱ::Hwp&�DSs7W�Kq9׃qEd3!�^H~^E6__/?Fֹ�4�~G}<6��;~B�-l�z99𭅶S5?2{Z#|�JAnYI��7NdZE�T��Fpdvr�ȜtR�*:gh�%��CD4yXY>��*NHr>̢ܣ;B��+ C"2g,`�gH�led-a_�.�
� ��F-��r5-Ր~g0hzMn9
J�vd6U��X"$�ݘ&u,A]i1'8�&�I2a�RApVR逫XSE7�
6OW2.ރ�3X�YYp]�Cy4BG����OR(^�p38�N/#�^9�W�W/Eyd"'Ha[e,A9^Ά�B;aW"oớ.[2Dɓ�,*G*t>�6B?L\>`�
f��aU5Z^�R;W!0g�'P#q,:RuzYv76:�?�uvψ�n%r�*&w�c�,-]嗦cU4aK5Z[�_} %a���@*8f-�:y2_"T<�6�0�)v��uaX�AIlҥ�݄X�y_S �-(N(�M���g
Y=&� _1us�y)T��I+z�i+@0|;@]%.;0
ЏI2zMA�;$�VZT�:�ixn.~'�ZÜ/�ptK&Z��Q�4N�b6oiy����_b�Dx�{�.��`.��t(Ρ�u8�\^�2td(B2ȞYbb6{2&z$�L|�%.ޒGnY]1�ƥh&'�#Utwvm9
_g\s��o+\��hn[�]HmGU'�!�:\�CJ]6Y!�@GxMnۏ(">_RK>^9�V%�`ѻ�$�9v$Ps+Xs�}@��7HcBe��(0iHI�`8+kS�_ew>E!X2-ql4{~��2a�*w)ztO0}i_
��M_â8Xw엯�[3u�4Dt&"�_'y#ǂj�{$ו7E]f9l�S]��VwJL�ECmbLm�DE�R%3 7ÆI���1;�.2٧m����zRﱅ�Kuq7i%Ga�|r=��wZ4Ɋ�RzAhQ|�mF�AK4nk�&M(ĞG~GG6:;vϗ(?NcB3/Խ5ub1�ZPy�mcikgv/3@^Y�>&�3;�66�薃@p�vk#]�)����O�zȎ݂QW 55=*d�I?S}GqPi�cc�R�}��&@G�|̐��q/f�2f�f�l3|�&L}Mh��)�@#��M//��*IU6�
}�-)maE l-E`ci�P�.U�^�w=7J2fHsM� N}3c��R=���7嗲Ԉn�e8p�r�hg8Q�A`݂�g_m#P���we.�1B�+8_m�
�pej!*u��͵(E8M&;aqB=8m�M,fjW;W�X�Cί�.1�w��j$ZaE� y6�ЛN浦QG��#48fOz zjttYc s)=s@=ڎ��7�SOnѬ /@J,DD�.�� �Їl_M7X�Łf%D%yI�
E҈ޟ4Cd,�g9 TJu1⛘U!:
Ǟ
VƧ;\a#.'Wq/m2�.
^�༽ ;\�_kCY�EufzV�&~[F@5�FZ�`�,(�Kd;w,z3l6LS�\"(hL)ޔ!0b�LFWRS�ȸ�SyN'#bn^bM)mok�[QL�*Ұ!
�v6@8c7�ZJm`:K�o��-Et n9꺊�D��+�xvxX�6;n�z�j>U��T-E̍-�Yﮒ"L�%"}q;�Z�\� Jy|n)ZY�Vv�0J5-���!E1�1v~7
���2a:K UK7$AIOh��o.�n�%e��)0 _/7%8D֛�P�P
Su�2�E6�OJBJ~
p*./!�9�ItIe�,P@�L9a0[��B8J6rbfRJ'{SE(
X>�Tl�a�Ā'��zy8Ԇqƪ$(T�i!6�,:;SqE.
+�:�uED*D7��'�LrW�ޞ��J/"f%_��>�qic[+A�s��؍,^[;y9^Pxfg[0UT=`?Ya }V`�-�V5�ŕijD
U6� 10�# .WzH;��.Zv۱})ō5d
u2~�7�o�*+�/�Iڲ@@O��ϝpv:k�S?#�+�'3$>bNO��|kr!m"}�m\�r~~W9�s��Pz-6����a[¾xk@K �,LsX0Sb[03jdK���7�h�+Lo`pGmrbW(�U�Jzo|>{>� fx0��ՈPKs�g�D9�R 2x�W~|¥})�l<��>nƘdӔ/��Ă�Htѓ�aLeCm4Z�
n˰xy�|�π`L�06u�rP "M\ޫ�X;W{zB&ί}O�},��塚h60FT(A)_�\!E;�U�=AP�e%�'SZr?�
�~CXI}#6MR�Iԑum{�y�(�k
TE=/v9a��*B�&x9
0�����cZ�+�
2 ;C>4>\��u�QP�0�[U}A?2)3e(gsѪ?:M7MYą`)xt6?�x_FˈP�f�{;aQ��?{�96Eh͎�MJ{�IS}j�.gLiȞ'_E.,H8J `8��+AFdcͣ8cm�l#�~y`�x KI�"h+�$[_h�l�8+5�`GY4!�ɻA]@l&I:nMW�9(i7�LvR+8=Z%ԇ1�"$�s]3xFVO�ZI2#1J0~Ƕ�pJ�e).�e m+�A%�7QX0O75}sW5N9�e�rRK���Q�_I�2n +Zn�!64k�B�e�h⌕v9�♁�t1�`��6%�78p{0eM-U��Y�T�ܫXb^ʘ\PZc�k3�l�w�|-P.�IˠC�0�xqHfX!� i��y�r�Ϝr�"�+&�IGm_tp:xL@(y.{#�*p"sߚ�//ج����۞^ 3`#"`��U̜�_ݨe@I ;�Ar%�~��?O=���!?�.qnHMf-g+;?wC1�y�
녣d+D ?Q@�Qd8�Yj*C�D�]#1l\50\�]�m
?R8-%�.Q'*�J�f6�G�>}.>7�C�Mb?�X��k�:]2hP;Ҫx":�9��(l�LkKL�O
-u�%ݑ< 9�+p{aB[(S;NfNB*exd�>#��+4&
0kfG^>}0�}po2\��|`|d{te&O4PC:l $ov%w]Xu]bk_`p
m644*M=->���}$dRH�y�P#
v��Bv[G�@y����%uy�Ge�{NJwK�1v�غ'IЮ�6 �v��(%Yªn|s;6[<0x-:5�ERO0�ޡ&���Ve
W�гRr�wv)u�=(P-|�yuӜ&p憝��fzwiP/(�~A�ᴏ=5D?{h�G2b"ejTԿ'�xt$c]#if_���� vI(�*pf}]J9l��skpu�d!n|S3ԋ��XVv"PzFBѲ"JBׂL8!]B}̐E�oJ��cQ~R:gW�0t6� �q��~b64K9:ʣ.�W;Y*ģ)us�uTJ5�j���ߕ/BpP�yƥi4DŽA�K#�+4h
��.Gq�^_�@,O��e}&�SmsR( @fv`�9Ƌ8G�O�WM�2>CKQE?*9�<�G�x={˗/�w)v`x%{[7ܭS%�#�%Ltu%3 wtC)fݣ�ʤTKw&A_�19��1oH{_.Rg=[UA,˛#\+h(p�[�^5�vs��v�PߺkDC ZӒ>O�:*TScϴύ9�\,�@wfGaж7a�,Y!A6,X[�UnG;W:uq.]�|f3hpt)E���&�HAj�*�g~燯�@M{�/f҆o�:X�6��c*f"Ǟ4�&^�.z�$� 7VZuYM�.s ��bM��9�*�
�vJMD*�>?8OPAI28cI��=|Y�R{�g�V,iD8#r� .Ϗ\Q �4���-(
:�dd*[s�ØK��KJO+|n[[r. E'�Ld, YaOAfo?)SR�Aq�-&56�%IHLln}*l��706P�?|QlJK>�ʝ2�[ڃ�!>gȂtqzG:`tr#P��m�롞'�y�8%`>3W~gnxLHޤa1m�2݂>W�ʋ�Y",7&n�*-� 3QZeڔ\ilH�uw�zKV�klZ7x6�mzލ��:<ˎ�s^U��{v /Y@8`'��t+u(T�\�k�-S�L�uꬼW*dx:E��,J�0y:K[BsW��9o�
�7az�Cq
E�A&oxN�����U�{RX
U@�-;�U��N��؆dDH3!XAPe�.ҫN~_B�f�K�3۵8?0 ,c��
V�b?4<\4Ԕ9P:H�EZ@Fv�[Bzb�[S77c�x(����纉`>I�EgzW̾DJ%j�4\��ɏJG�3�Ƞ'o]mI�(Cw�P�ro@b@S�T�:�7Q �hO١��h�Ic�Q��K~�')F58TBj�0 "2@zSؕ
FD"�,�YMTAG��*n�q�jRB#�<0i^��_3=�FAcDa�Rfn%p͕��l�8]*Q}h�6;!R�q�]
#>�(Ei �~<27��ξ k�%j�y%�Ζ�@`aZZD���A�P7wS�u�=Q^�TB�� lNM�[WTm]�b=^%d""1�[f1v,�YP�cËQigYo?�]�XeI�ѐ.ڟ[x{Z�a@�[i�#�H {�ߛ.�EB3Ӵ0px
A
d�ixn<,(dzo�pקּ�!Vp=�:h~Ug�=W�wV;�O�rI3lm.7y/Z<# ]$,�Z �W-
�>jw�j&qF,i�
=0�{~
xY�NV�.>}K-&�TgbTيV0�g_/Y�=�cMqԽ�fߓ?C߳ZS���T`�L�#Jz6ua���*�
�)���,�ĸ;g9�8){Q+��![Ei�)��'8[�.Ul4k��kh%��y*�[1hnUP.�zkw(cR(M�
=0G�[>�QM<+d̃�B\'hA}�_�$7ӮnH�^
�[
>�B^ox;]]?&�@e
.�q7�澊YM^�L ծ�`GByÍ�c;oQf
H4
H|mX8B��o&{� [kP鸉Yκb��a,�/욶
'J_YA�\&GV�K;V˽:ߎ&M,ӔhQ���.�i^[�썡$�}ugtQ-tig Jj(�¥�2ؚa�05D4SJY�S{�B.7R<8}}{c�IIa~T�4!iu��B#g�c%�ڹa-(�iʳBݫ,CU,ͳI�qWEg&h:
XbyC.C�3s=o<ɳ�2g&|�ƫcw݅�(�"�+:b/Bv;U7Hvn)TU{ �U5u�1$,oK-��
ӌ�?c�]&N>OV-BTj�L C�\m(<��=�QhK?znV7W9b��Г�Xikf5a.WDg�}!1@�\J
��l2X�>ҭ
:�q1BUm%~lځ�DY�eXC&1���Eyky)��L,D�βƧ7bOݹ�mH2��@��bd84$��+qn�I6N[+g`R57ijnOoiפi$
Eɠd?�؏���25 p6˶C�CҾ�1g�"�r?xnu��b-Ł#��Ū�/'?ɗ5id�Els2J��ҿ:�O�
�4jL!w�,^VxÇ*@}a1�`sJ0ó*Ex_`Rg�BbS
�6L5U�H 5=1�D `D0&R��2�HkIvI:y�+l�PI/T~9
tlVK#ݪ7f��Z�P9"r69YB&#j؇ܶ*�B�kR=HUuG5@@o=ݠo2�/�A�
d
X�hm�KA �YꉹS�k��m~7I1L=
t>#y&īm3�<;u+'_I0x45�SxJD�ݜ_�~:S"C [>�>弦�)`̢�
YΞxr�pJk�#q�����8.d(�=�-W)n\O2Sܾm?xn?A)
�c<}��|6h�$ؐȮ-I}"=b�3�W2�nM?5=�
�.v[�,�*ؖ�Ӏ@E9D�VYWR�@7wU?A~4?k$=1kX֪ kt7��Q
FsUcxk^\�4�za@~S�*g�2�N5@a=q&jFq�
�hw,)gx�n]Cy`@#���梿{=q a"x
f�!LW�C,ו?p�+hM
89i�gKĥÂK@�V<�MlmJvr��ul�g��Q�NMxE�ח6�hn�V.8tZb`�'�ͬ+N�S8˅�u�`kx�z8V3Hc?K5,e��h>��דV4o^6�jE�I�G�0 e'yZ�CtC�'�nl�zس
SK7в]m[XE[~ Wdr,j3F�9fDn��hn�y%�̰At~jdv�cn/<>"k�r+$D&
YЯ��ᮨ|EA5�҃%֗�oR�UNٚM.��SKbz�Gk��`P-��Ik'
h=�[T:v}�yL^hw$zbđ�W偢
J+e辯==gk M|
�~|dp�zE�k+h8T^�ՒQz�ҏU7 w(z�2~眏ø:X�I3W�H!H Mx�d#�34r�1�JIH�U�XI*G|ۿ,�1�?SP�@1JW�>dVws] 6�l�t?6?���H>@^fъ*&_�!n:t�6]�hp~]@~*@� �pr "͘�,�z%qWu·�Q�!A9��Q]՟烠I {P4h��ؓ}Z�0a7���p&J�T@��KdE//1k7�
��f��ϤЇ�
'"W{;iŬO9FY=���~bgecid�{�'2e.T�yPD.t;6QR.v+0Mb�E
��,cY�u�Th!;-W�,9vZpv/Ώ^&�!9ܪ5Q�U�IlSW��Ob�&Ȏ
\d(U_D45YD i˫e.�_��U�/g*9w0]�7� �92�5�((ބ峛|
Y]cIH$��mcU�
��6ǥ��4�g1GДl�]~n'7bz{�K[}CO�B2G�tLY1[lg�^U��>"I�;' �0�D!mbr�iF/V&ɢV�dATJ�O5熚��a"Qnk�2~r¸:4>mu=��v�l�EJ�.^��t!�`8�y^EдQ&>ZPm,sɑ6�gOX�w(�Tv w�l5uzmS*�3q?l a`#R6nN<�,l"�Gp
b?*<'�r"ѽDMN (�n�-t?if,�5̖D^'�z(oDӒww�4.{ԍ٪
wH@
��c
m(1證0h-��lO��Nm�$4
AZ<�\ NYj<�N(���b.-|< y)A
żE��(kv
1alE~Qpa%r�KֶjQ͵MegiM_�|�Y�Q*��~�g �KՓ9$(�Is�b$|$Ǖ�j{˅�C"HG^ع9_��õ9-�ZrƋ�_.p�J�]C�-K�7X}ǐk�ѹp4púx�5�öИ�eN�/#�Su�+E|f쁫$;�YH��Q�-0lL4p
g "vDxaؿV./Ukwtt���}�
�A�RSzS맻"c8kW?mƝ",5��+z'gd՟)�\aB3l{Mx٨q��םŃ�OTt�~4E r?
;��[x��D́aC"+
>r*�(�k_�_hEڍ!jmL��PdV.R�ع\BiV67"|�^H^䧶qQu#v7�}yD�XJj8�ou�-(�p#�om*-85i{0�`Է��
ؓzΥ}N[E�bjDrC9WO�Y�p*c1egB8C'eUλJ vXp7�r#
)KPlQt�z.1mdcBP:]HĐfBAr�[�G��ޖ^w݅\�k
h1EA��s�= �YED05E\*+��!�|�A,��v��e˝�� O@9а'*ƚ�|uz!ٽNy.ǟq��~[)�̲Fu;̦۠ur,�[{Ժń�-�ऌC,V�c,%Lx(;@y='
M�&m,*jBU~˘?2)ҹ|턇�>e�Q�$3OO-F)p�fO�CgZ?>t�N�T`�S4ũLA.�ȆiWpsc"2jvNڐK صXh&C�$s\IsIZZ/�)
iɭ< �<86�FA#RY��ą��1�7i.OA�{� êWt�f�a2:�^~#A'��@A,o)C\^0Ћ2?oQMxf�aGڍ`C�F�-}y��Ik�=R@d5{9V0Ehd�]eis
yNK4˂+RĂpO�I�Cά��n>Ly5&vOޚKKb˻�a�\u=ļE^,�=G8UBse__lP;1[L@8zH=-=pW !@�97;. �%1
��mWi�5�X|Ӊ8)�e{
*DD;+pPb�ՙAz;~]|
�?<>y4`3tB�aG�g6nۦl&p0�B>E:��0`@R�!"3SƜ�q1FPhv!;+� Z�$Ū?+8!�r8�$>zl@�Iբx=5�BVǨ)f���v-o1�t�e0Ӧ?Lܻ��rdy��w8}[�9�s�8\GG���;Ƕ�خӸ�^KP�a�hee�Y?'hڡ۰ r�صƄw�8߈eB>Z��ȃK�i�oNv�PȷG�%딫�vT�DFy���>�7+_F�U�\lm�t\9_�ܥShW^�$Ń
gMSgh��OfhLD=̳��w�7MSإzf]s�mKȺ�{EҰ2�>R˖� R�:_1��x#{> X"l$}�hбnT��9�S.��$:0!u7fN`���"jb.Y�@��dw7:7a/ ;E˿��i�uoGLFA'�-3̠kZI!akA|l;�v�o =_�8_38_7V��I�]kqTbY\N�ÔX9C; 44Q�-5�&;Dބ@s/rU{BGWlQ|��C~0S�u8a4���؍SU
�WTݜ`:#^0ӻG6- ��,NGqP[҉�(�ZIJ!Vvq`MHZ�NGq}1a"2vs3�:s�=ko7�Ǽ�Pȃ8�8����J Δ�J2�Q#_擓`b1_I7TO](IԪ�R_;ܗl
�tѵUM�{%gx2
a�қض��>۠H<�%^
we�Kz}W�Y�$C�
n�_J;�T0/yK�B)p�㽈~uT!m"�q�+1�R��ux6N52[M2 W�C~�鏮R/�L|ӇRlV�q:S2rǧv
�u<$%*99Sͤ¨?kcۓ�ѻ¬V/
Kq�%&|��H0Gn"Ca녰!7��BB_=#YOԩxK�V�0p>�X*Rw8ā:��o^�Uḇw�>pm9uSi SB�kn�tv&_aqQ��Ҧ0AHEV2)!S jQ$Yf憺�N:@9�c~t{^�!ߋmCȰ(~;'�lw܅!y�^��=c$k<�`;w2ۓs�~>9�.>�rGf Ѭh>:?Ij5s!6�뽵:VŕD��:!"�>�Ӯ��N<^z���~qwu,(2*�_B3&x{9�__7yP.Sl��l$b��oX�gJ]>֠J�I>Yw2�G �/9@dqa�k^�nd$�ڢ����r;sk�Q6�hla�b=O?mrCJXQ$`#i4���Scq}D{�;$.uFpVtz%�ٙo?!H<
d�B�Vݔ
�s�f1'vv_ށx���0r]M�DZxrYds 0JiMK{%Ê&l k�[P>=zb�]l±BG|\n@
)��
g%w�y�^ؒt _\"�4p>L˚.�]!,!la\h$G�)9pWKCs,.k(>*/-<ןD!ѩJs>r�*n#miӥ6$[u�b+'�q=':|�{P^@Ϗm
_
PPMŮ;J;�FڔbAe1x8빦�u�b��Fp�[��t&HLZ6h3U��[�1^BLv8�7�CU��@t�8 �,>Ⱦ92_�+՝F``D��,E(f�驒�s�*@@'Oɟ�(|4V[�Lv
zE�IJ�-��1�RPi5V0~n5pW
�ZOF�
۷��^]hư���*d}x�
BWӑ0S_�-�ڣ�ݙ"�9vh��uuZ >Gl��㕐RC�1�-]Z�Ut��d߲z'�H2hY
0�s�S$"N/
9����2PW.�jD1�{PL���X J�7,!�vza�,#yC�aVDy�!VyAs5+,:H=[%0$|j~B�i.5uxγ*KJ92�9p~�[I-ʫ�(giQ|$)�el ��IXkOK�k�&B-(tœ]e�{a��m�%BJlINw>x�qJ�hy
\X^�yTi9�J�@)MM�1*Z#p(WMa!bC@i*v=AIΦ��r�F[����GkRN3[(ΔZ�Z!h~ P�+|l\oS�PQcgr[
0�~"�.߄-�|[Irˢ '{OL� z_�1gq"~AoKtGӃ9!rD>�]k=-*q壵խ㯫_@wy�eUVsA�Fu
?{p.H^oAfvl}V��)x�z/Ýl;
�gA/�y^俞9
�h39iBLo� )c�XDqJ ^xUV�!$�zzt0`�mlM+F*X)~jr:TZ[tl3�gpJ��SE$�z��ʈ]}G�#u*tbƥ&}�.
A�6ΏkC8-H6;eWN�fͥOx>%iik3z>ꐻ�G >2eKxuU�mT3�m3s -)ԅ�l-�)m!�e ..5zKǧ_G�-cZpS%yH?p0!QրH�F*u�iJ0(\�00-
4h5Lƹ V^I%[=_�;^JEgj8SKqPfTr8+z�92/k 3ŧn}2ZL�$��F��Ȭ�l3�VԻƮ�+�(b&NH"r8iæ~n��gMڪA|t)!��\lSg[t,9-v>! ��I/Q=q�lwJ2l,~/�"�!^��4g?�5J[4צ/�Ѭ5.
?]7u<���-d&"tPt#ZyI\
+& �h;�Q$�j+�L��l�7߱[mN�x*]�%�f�`F'>5� �p�rs_ c�1��hd}� =$ms�gD.:]ڴq�րЊZ>\
ԭ�'����Z�Mܸ�3x�?!y+3�uT�f��2�貌�H_�ial@FX�?�hyc{rF=�'c�
WD9ی(�Vœs6�2"iMꞓ�e$;{~2o$3`t2\�'k#rnz0Ugt3]_G*�9���
LK}yUtƴ*L�� ~�3~YQ�R:a$�y�xO-)GѸj�BH%=4&D/F��9A<'RqP7�8䘚x
hxG"a�KRZ�gVq�{>67Q[7A�wvNӯ
L���bVZRnj�;e�nѕ�SqME ˘A̛!�.{Zf̠
�H���@x1x�D�:EK82p+'��$�"ro9�q�%��Jo'dV�
��T
I��S���x;�uM}�]!9�胒a_o~i_I/V�=CჀ��IӇCn^I"Fß��
Um�F� u7T!n�oc�f��l�c�awOvǵ:�Ly@k)4ٖ^U�'g?\@lt�<5u/Q7>ʡ�ώ��H�{ "�A&tT���BF{'sG/\�"�[-|0�BH�#t+/��,�Z1\%
2[�jj�m�q��+N��0
7Mu--SL�%6?�P8p_s>7l?d�uHOU�
�dE-#3m*`�`%�QB4Sl7^�wg~�7W>p�7D#�9I?ިO�D��#�*kA&�[fdu�.�O�Tx�1%,����vq�>O=L%~%b?lH�6�M(�!K�E�?�7^p
g|cnpm8h��"̂]LG�6F�eO ÐW[hW�ւ
ūT臦B%|o����nXȓVZ\d[4��*/
[I�U/cZI�ՖT*S*�Q=uٖzz ��&Kc V�' ;�)T:wO-�6���KđFT3P��|ՏN}_M;w~/�
M�49�_�ǵ8
�Y,*+t��GY
�BV�[�0)߾;P#�ڱsAZ161R��T��%�v!n�[Gs��R��,1�9�14 �v�o{T.ƾ[&t_wC�#.FK��yK&ʆ�U1B.�Ϭp����)ɿI `xH�,L?j���Ax aF+\�]�Cey;df�ZeN ��.���Qh
k�nŷsx��pQ3 � ���D�d�:��I�Q۵�B:36[�]n[��cI
+X52Чg$�ұ�Sd�n�qj
��m�j ;*0Fmm�ky~K4~ѵ˕=6҃(���=DaR\eYA���42k�V� x# [�Y�QSZɅ`E[�w�*A*+:+7X^402Q[�2�;JFNO�른xxIz�O"3�{d��m�Za�Z&64�9e4^iemMS9mޕ0O��tN�Ƿ�Fh5|ΰ:@ܟ�r6cP�2�N{��(%v%\OQeط�l9حen!#&�P
�hRB�ص(B�EjQlTT;?+`wBu'K6>T>�ܾZֵ�j�,�A���1g"M+6!Nr}Mf w)BMiT� F�jy>M8:B�5&_z_!M+W��xeO!D|Q7Yn{f�g<4XVe�aBvdi� ,0'E�Ңd�9;�v%ˬa[�c�s4mg͚nET�)=R+ �Zܐ=�4ЀX#(K�ޭ�'�τEN �}`uXy_�`O9xUD}3_J_�eS8�[7�Z Á3��gq}rA�Iw�A$T 1=A8A2$SL�I�_Auf�z1��D
Dۏl.o0I1
i��sx�O%|nHԁ�+Li�sm~Qǵ3aԢ*��aw�|e/՟b�E��zT�XevYvd�(�&�#c�8�Pt֟��'�Y{;�`�Gp2Ck�|�%2a8Is3'd�}���^ Gώ-5Ml!%(�!�@�d^�H`sc�-�0ˀ&B�]sw1MrFtJJ~Mj[ux;�JhD$��\�#G_^��&�'E}C&q\2ѐ�ׅ?R(sʨi���MM�_N�t�!Nm�#CSTm/+�:
m��+2(HD(\8�6ijT�s�kƱ$Z�ot)CT駮j
A�5Kr-�:h
""0��1(a"K- m71MK��4�NSaV:^wwƞ8�j6Xn>�^A�%�]m�:d]
wX��`d#P�&FX�`Zj)1�|:N2��ѵ}WڤǩJ|P,d{%ذ䅾0-�f9�T
)|"mU|os�HTt�ms�owWڿiy"Z�H으�O)�˟R[��x�1��i$*+z2O}Ob34h�#J묻�*\1$ENk���$wP{J
>�<+�tZLl+/&Y{&F�t&-P�IF7γ�ț7XCaln]n8̅xavd:5;2އ3Fg}ǒ[1"�r o'i'=9$�vC#0�_2�Tz8=P$�\3]YwRc�D~Xx<ցm�jk�ҢQ;*uUb͐�~4/6�u�1=<)�E%#xJv!��]¦3J.t>!�Go�E�WSQC)_A�q^'L#Xz !@ǂo����쁔�V{o1{;\MaO�ȪGiR
�Ī=�=%:�C�`F=%Zq�&�V?)��
7�;J`%B>R��6g@x
8Kc\#>kp�x=\6�Jt۬/g\�]\�KEx
�7/j!=z�b'���Y�[ I3|.KO�/"�Ҭy6�X���
/\K0FT�_"��_b�De�c*u}61sO�����*�cuZMsxng,*�9G�506�f�&,��ՇwCEC>JEWXvP_ʢ�IomR8N,aW8dSgTp�
�6�1(I~�Hi0@wXHLÒ�
gī[F=耹\ c�ϟ?zdN
<ɽ��s]m��y(T�l8���ZG7=>z�\!�*��d'C>!�<<�؊-$/H�^mS|9ILfB膘v��-���8XX pU
C��_xw[Q�ʊ.b�s\\y'r�ef��_Kxxݡ<�;+Xr*=qbJ 4=hE~ǔ@�ou0��~.:b R8F?'D� M�J
K�b�a+/ÁR�8f�P[Y1Y�*Q�r5#g�C
65`t(L9X�hkbUZ-3�%il��[횎%J.;g(I*�$1ac
�ġTw /@!5NT��F]d$�>t6=~kP��.3�ވ�� Emi{�{�QC�ТЮ[L+7~�oJ\9�1rvZ+%@�K��HgSSSXoȮ|U.0BCl�8e\GNm2,� +�gӺqkkԅߐ8n,U9�drFa�䦎f~5]̴�N�[l��U�F˄r�") K��f^ia�)ֹF^$�2h��U�t� aI>4)/3ړ[#R;LO"YBX�(ר�+@C^t@|\/$��^Fl{[b{�kQ'I .[,y�Oߒ�kMP^MQ�T?�)r
m.I��MT�l�~{-ڕ3A3a�Xj̺ĩ�l'!�a?D].z�\5!JDȱCcKl]`gکH�90-Fץ��~W)uaE�[/ӓ��$}槱q�-Q+*�\_`́w#Nw�� _��)KP�{Z�M.C�joBK�]i�J8�4��gЯ�kZ��Y��#Ǟ�FfIa?۷3�/&G��Xو2� ոhew�[c�uI28�>�FMK/G�tȻ=K⌲��ב6Oq�;K[e=]!�Y^#b@�[O@�iv8�q>]�1�nSѡ葜�J�'�?��Z#[y㐮��*�syƒy�iCf%3؇BN)/5s87#cu^ �NjZG0�����X.x*PYc e�ff]ߴBt�)1,ӧv;q�m^�8jl�UjEм��c�r�aP��QNy\�ҭK�SţNO�AM&aK0"mOfÉ�
s1Ziw��D23�l��c�`,!2�ص.
b�G�$5��@�4;o,qdu%k�Q"髓vA�@[�EgH\+C�^J$W$4%�ju4i�My�RE�VD�
pz>�g!
�j;�YQ"T+Md*Ոy (,F+�UѪ/nZri7 fc�F7-bmO
��[3��(�CIWY]|1Gl%Pe~L�hZ5*�af7<��u�.]N<2�UzDxI@eܿ(r D;rܷ<
bNBf_�7%oG�U���d=8Qc"6̺kp#.M d
G嬨_ ?5Q[5?m-�:p���cT�A7Pᯢ�Z6r{};^HŔzx7$]N:f=Vy�l�*ia(]rm��BL.w�+�Ĕi�䋿~ueɣl�!�7�O|s=3Is�&Ʃ�diC(�VNhD9^ �F�$ePXY�L#?8L>N=�=H[��zDංG~;"#�2@q�j˂#no^>ؗr�WB(H0k嬿n>e8p
"��i ^�{Pq1f/�%;P�'պ�W'0 �At̿w�,˫�aNr[Ԋ���*�-��y!2:Q5^MNDġ(Y.�� !HܪRO�c<c��h|+v0nsy2%H�D~S` {/ݗ�^�FP_F2VD�5}xTGn��?�$�Pe C2k�h#{O/!cFI͊��կ�2T }NM���/C2H%\7��IBxzZ>
g7�6���o���.�Y>�XSɗ"͛���s|u2t$w-t'T/�yMK=T��6ȡ~?T)go��0���R2`�UZx*mZg3�E
�m�(Jm_tҼaj�R��'^0^A/63�%#8C3� Ì\��6B;po�J˽GQ�R5O!kYX�0gZ�w�IKZbFGqm�
ޖ",�.�oa)B?��>Zذ^0$75#Lr~'G��~e۴=6U�*)ұlr`2�*Vb8-L/^KXWt)̬,�-:04P�AWze�\��\R9=rh\|4ug,ScඅlI05?�k`2UEX~~�I��/��#vY"�"��3½z����?���[q+@i�p�]%۶�^qjs�B!nu3
���=�NZe~>M �j[^�lL�'вJgdtp/PCΓaEDJ
�;l݇S;>�ËT5p&�7c9B ��`Bdj;O-%HV��AHt;!��=r$Kj}m�ᶫ��d1Zf��ebR`�.f�8|r0
4x�3ֲ�a E_�
0��I�}#Ž1J��<�QW5�U#;"G#1aR~e��fN�)���Ѷ��ы=f�9SWӏA�pnC>a�EI[�G&tYAƂ-�S&6��лХ�L([j4eJ?�L�rv�>(qt6n�PkXHGe�|i�� >�b�h)w�V{<1i@:�^g'B�H�c�"+`0�:Ӡȫ
/OlܫE9'[$Zԏ�"c!T�{tTC�֦do7��z�RĞQ
�`|.J0�$'�������Ř`s��#Tb�C��K{`_�A HJ9��I?x^ӁPV;#
r3J߄gZǛV܊^%^u�s!نO
РJ�Gtq3҇���&3|o|ÊQ�nE)ߓGN �*a~)#b[�"2}�%I
1�#��g0��4ߢAn\sbrB{<ۗ`}b Xm08|c8#��:-�i��,�+d179މ�rq}`}ѣ�F͒k8�*.�$s%�ih�6�CӊxlR`�_ �!ΥcV�f!#L +�û�
ճWZY[P�YeU9o+$,K�!2au'��B�, ˊUE|K
~1lc8I�k)һ~,�'aG,H�_/&>)>@gU5�.�Kb<�mSQE
iYڜ�bm8"{jn:IR�{*�W ZYX"aCVX(6�`yY�o�F/n�}�.�TpgGѮ_,A `MzY
GEV�D�1w�]^Z.�0�قJ<0SVv3�\0ϪQ3廥0�KXtmC�`.bܧhkxOAw�w��PQ}@(<2���vYG\3�m֭?k�tw
5L�{�*@zvP��R8&cTG�T��c+; N-l��A+h8��=[���zP:aZ�`;Y2ć-�3湹?\a\HfڜϿ.텛B��^᧨uAQglce\q"�HX=GuԅKFqU`�eN.a6&W/q�i�B}�%HDGc{7%zA#nԸ>tM�JyRN|+(2�r`ѧ�l}O,J*E9հHh �Lok@-Z`%TR5eW~mxf{ƺAb}70�nIN]"rފ܍44Bnu7[
$d0,*��BjY'/OJA"fS�Ǥ��ae0�p_ ~+SN,f�*jP?ٚ+,
FR)�ک|bp\�v���XI�Dbĩ�"�����U[h.bBinb,Xe.c; �R`>�U<�D.DDP��R$?Gw{�^�>q\0�S&xЋ
"24Iy�cFSnxYEMN,)X+i)R��QU2�j^K��<\�-qezN'{}d�XtU7%�m]�iAuy*U|�b@R4�PK(P<ץ.BfɀGW2�^hCN*L?lWZqTM�
bS�˦�W6s:7LI尩XP1K%K�iQƸpj?!.&�/�@P_KX�=^u^B�qF
(��,S="�Nom:H�E~�" I:�n�;H�D�b/Omj\b:e [.0ݑ[�[F}q�:j��7)Z6O4!�(EF:8hx6iGlA�iu$iR��v論Mk�f`Sm=I<�`貼:)Hά�(��怙jS^_5Q'n"dTKp�ȼ�>F"ڈ��1m@F ҂oT�l�/j`mK49VGc���]�Tt�'TDO
D�T��D#\V=
B�c[�H���5N �/`̦䩨.V5�$�n}A��5Q^ r4+�e$�z�k�6Z�n~�Yqd���5+R��>F1Qm4�t�2�Ι
�'jD!%u��j�3�~ݳSM�-Mgek$)!
3��Vfl6 �aZQXq}T ֨ ]g&Q̉���g4�qa�Z�&BM�Z�@υ&%!NUz�
6IT "y9ֿ���QGC:}�>I?[ܕ?F�.�FB9;FC#��
}E>�Wv~��~��8gc56,�Bi0<:Щo�oV7uM0r|B'+U+�u�,{oT�Csݩ�DodtAE=]U�b����r�1X�r�b�IUfQG�=�9Zɬ\9wLpOKVt!G)5O2M�>�?���V)#�
N�V
R\7S�Y��d�jN&�ӳ̈��6].˽xoj5{'
s*AZZX��t*�c>W_.wb�uzo{Op�A��U%ʣr�b7Fd/D9�z�-,#-���E?�/�ۈnX4OBhm�Qq]oa#HD�Y$,xr5�+H�L�r}+,�ւ3@��aOGXp9F8(n`]3ϗ^q^ThN;nS5NoQزZ͞d�k�S5n4<���jӀ�w>sr�)4ⴔ<�̕��bpp6%{S6f�C1PD_ QK¯0 �^Y�
,>;�=E�s0L�W?~�I"re\XB)yh6|�~�#ƃh,D�j.K0*p�f(Ժ8YtDd6.y7x�cYw9�l>Rw8-n]@4<8g�Xˌ�G7+,Ni-mu�MBNhK6#b؝��F[mbI^ub#>}Uv�,;�v��dB1dZs[+-o�LB/p&k� `o��.t$jqdXM̓ĭOخD�2�SZ�_Yzm�pT57%ɝ1�7喂<>NRа$x�u�Qp0WY�4OcM\zjj�aW>:j'"i>�*�s%c"zl�+���<),v#"|��GS7�Χ�?{C��=� kw�X��T�αsE%^��ZW�ɵtg2 (zU:YR}��ުC2+w�y�v��ZG0Ә�ZhTz(_�%ܝ�P2v%��U4�}b0&sC@}�?nI``m�7uk'Ԍ�6YjtА@�Ɋgx�u[q.�
xg*
�ߠ$s.KU0�e3_xc<ꀹQJ�~_%qԃo}!e,䐝�p'L�vË��A�P�!IհI�>:�j�V2C�ThFy9@��0>I=:ki4~6UM#O����!~y8�hNL)yd��&(��_� 2 q�7+9Zn�R!ޏaƀ~DUyg6F1?&O`c�b?Q^7�JʃQ7*A��P'D&lSWc@3�G� Sn$E3Z(A?��@bP6
�xq-��ϝF �k�aL �m�ܮ�&��F%l�BbM/2%�y��c�ZI
JBGQ�մrM3-Q�o��DH/�{xz_�܈�>/�PV(�1o0�,,�E{dV�zt*BN�
.�9�NK�_sUD/l~טcU&g_GL�;]@eU�ӏT�Rѿ6�8vq�E!����+͚E"zU���Q:{�,=Qs(y�:o�#Tws��y>ǫ !o
gVd6J䚅��o}�`R6Oߣx akAU�b+�$�
����z{;��y�m]c,�9� MYkDMD�BYt �"Жd뤓/)UꀇF.�FNq\p\KJ,�l^�0Uƕ6؟lܖmGLKr�Gp,�f#H9:�k��zǎ
2�� E
��妣*JW֤'Gsӝ~LC̀}jd�ygJ+�~��`^�<ՑlX[:�WLG�X��,r�G��T�¾4f/�qjbG&%*�쏈9*�8==�Nt߱�Fm<�6&+�(o�:Lvan?(��5x%t�dF@9{*k^�fJc-W'Z�7e��`M.=A�$�b�T�M~�.E.qN��CܞWe3^�a��cH]髖t,p~C���#�N�a'XI�.qB|6g'v,˺�s���E�_-IFxI`b#vqz�ƏO?F , <�ũgHlKA@<�WrHX5�ha]@%5+(˃ʎM|8%jאX�{F(U�OPmb}߹VMDx|;A�+5l۸Ij�VAqAJ!IyɅee
�ދx�G%�z7�SWV^�_ ȥQZ�I4/�heW^+�0y^"~'gqgU(�a�ς9ۉ&K;�Ip܅|M�ܪ3&�q"ez)e_�/h
dTacR\#'͓LWvy:�
=�YR���'�#JϠf9)~>#n�!#3؊�HL!(=.|sPBp��s�{ R#1' &,ړXK43IF�Q�_z_#�v
� П�Zx�(.kBp�![#TA8�8~ѓ]GPʭ݃�g4�
�&Q5z!рFfn��x`#\jWɠk�0߂Dy#K4m��hm�5A6@#>1B�_&{�_:%�zC�M%Լ/ULB�Nb۲W5VG�wŰ{��to=��
Њ\$�(O���0Z�4zl�+e�navJiO�*dKx�eK:e�~�dr��vzdqVLEQY)8Ĭ׆
|rS�#��c��9xCv��ǖ[<�z�+$*73/@aa�Pa箰z�P�k��L
"�S0Я�yڈ3 w;��� W^RR4�hMYp22D?}zC?~o$kEF��3'O
SL�-�~֔QqUu �{G���i�]>0k>;�.>I3u:N2^Ucy}`~ÿF�:??Nuo_�ૼհbDv3j2Lэ�)=$Md�v^ng鑘[i@"3�4]R%d:.~֫P A-uTH-2�f�BaQ@4~�ĜX�9Pi\�9���:��p*=TuǠHM,�m �_�{��4�{2+Cc�OM�x%�� Nf$C+� [f6S%V�j�L�=
2-Cs5qeR������?�YGmInOMбL���O��Ys�oDF�`��,"�m|ܤ!м_
݇YCߐ͡@}R�=#��M�eČZ`|��'/A���!AepeAb"ȴ�Kz̅"RSHA$GH텪� X�he王f|KX$ًٞo{+i[g&]ls�7�._倂���9ӵ5զ�}O3:Lr-Bt7�^ϫU9Ȇ k�!0�OͶO{i
ft>�zf9JesSK|;���N̜I��/�j~M[�s���x�J!v��9j˛j�!e~){XƘZ?($uEy|5��V-C����G.�h�E&}L\Ѵ�U�c t` �cWsb?�^$z�K883Q�^�JKh R^G�L3TV.e{)�d�7�(-�ݦ2<�dйi8<#Ot�."N�5p/VgADD�|.>r�
6!`Kvi@Sàߨw���Rb/Y/�����T�v0\�!�4_Uw��25%'[�^
Es:�}*�uZ�jF�Pm:3o$QU~G�C� !ν={ V@37L "2&gfB+�Y�$h�@*Q��44T%GF:P+ܽY6)#Gh�(;�f`?�gh�M��:
Nrp}2�ʰ�-�*��w�S�}'ՠm�Z˨ϻ���d[G$5if҉^r�1W�AH
+c�,�뵍�PP�Cq �E#=��a@���kҦO�䷀}f+d�`]'?/5*�khH�ďJ̭û��]$'^*l�f��80�ADq�j-oM]]B�;릃�{k)fU,#��%Am�617h# U�z�8询< �:TG~Rst�`_eF�,4Es��[7eeF^y�UpDc=StsBد5Ӳ2\�VE%v~kpν$#
w�&�ȑ�pt (\_�YHlX&4_Ivm%<>
?z�D59�:sG߹��Lq
�R^Xn~,tn cŶ-a�?h�u`��krU�BI'�7AJ�hr1�8·#yթ襌��a�Q+7?edƨ^M2�{�ɞw�s:�l9i\s)���n��#ha~"T�Ӟo둱BGIۇ����Ƅ7�D/�H�~tT٤7
Ο$��1�
9GuHA;s�8`�y6LiO7u'Ά�o�3s4hL���^zF�KY*A>ѹ!&��6%~`B{?�zˋ9�b�?�C�Xql;1.M>�
c0/
�?ˍ'��@��T�>?ȅ2$ P!D�ǝ+-A*1{&(cU}�]ɢN[[�� [^m/b��^ 2AS❿zB�F�HV�**Q
~�v(&4[�"pxK�wrBV@fěo4�m�
_�NM,"?�eƚ+p�A$B�c�� A%Y &�*Jm�Yn!Éǡf}��tXIs�o:m`7[,w#�4
�&#
�Z"Th|�~_M6�iJI*և�)krea]g�;@M�`Bڄ\/�d}^��@Ɩ�<��2�v�
)Ϧ{A+qZ9�Б
�3��Q]Uڙ*6]-e(��?gl:�QzFJGc_�W]�IU�^��fEݨ/pz�Yv43�QDn����GckjSr6 ;v�>xw�5_gp#V]wb?��>�`�2��}ք&¼嶌|xC:�t<)�)}�#
�ݽ\�MF�%��=~7*ke�;c1fc5��F7�^|uڥiu�d8C�7w:p6�%c2�D~0Hdj�+U@�$nEKlP69t�U�!f�RG )Eg`�l�clz�!�!d6W)$ʻ:[=ďJU"Aþb�YQb�I#G@F!Ks`O_
yH;KʅS4G�:B`&"EƉfw�B�O0y���m�1:<[V%�3�\CSiӅaM+��ds�]Ffy,L5o5�NjV�'}F5���7XQo8�q8�
۞M}Nμ#�3v 1PrsTܷ
�xlH�Q�Rܺei=9-�Fp6VY
AU/d:��p-ᒻ�]ȡPVK�>gp�>N?{YbҖ?}�a湎[5Kw"`j�Oպ"D��ɒ�au&�O�)ԯV"q㙠2R�k1- _\V# CN��7�0"�P�Ф/^M9x)�A�J��v��B�P�eF8$ gbqi|&-A`��V�2Wm
Y���~_oe�"6p�>$G+(ѪQiH�v��k�,FJ8&5{ ^Ej1�H\N�|/��f4-L0HNs�8~LK7XUI�/�{}ཉ�u~D�2�Ozփ4{É، ѽ�~3I7y EFHU �esYG�_ByE�����{TFH.7pɢQ��qL�&,-�g5�V|Ia}h�s�& �C@ر�M�@*qer݈r,JATdٽ�0.e"r-
!(�Ҧ� �vL� ��zxVS�$k ^UeB)v-dn?u+$4:Y�`��0m�斵 ��Tw-@�b��Eu}2KNTeع⁘l'z
뺈_>j�k|ԩGlL%9mܴ,
es�cZW�5P"qv֧)$Eq6~Εh�M�%T`�ksW&P�aZ4��%pw;R�'kH0�X~�9�Aׅܲ0��ką�3
Ϟ�}}��.27雟X@�1,"}�!w�>�ϐ:
+;��{��;��$�?lה�)�(��cڍ1GF;W\ehkf�#|�i~�,31b�ogܗT]lLԪ�FM�i��6��n/@U��LT/@e;|"U����5J63�4��װt͡N
!~m2qE�9gc.6:�aR�ѡ�NeC=3A�=� �T�hYdQcQ5o�=9?R�*�:1s���mlP�����W3�v+�˅a<�0�Oc�����:ڶ������
YZ