apparmor-profiles-3.1.7-150600.5.12.2;>+堉iYp9|DXAUpp2*XMsC]q~B@f,߉;SMC@ M:pMdY^p  |.YiYmY囉獇tقX~/{BW{XDzD2k:;M!}-0;b8\iex̷nN2MsiV͏Uh5#aqE7qFsMHcf$_@)UI9EKOƃC}{y}>@A?Apd ( j  #9X^h     PC QLUhZ__cd0dPe(e?8eH9g:sBuFGHI X!Y!Z"["\" ]&<^9;b:c:d;0e;5f;8l;:u;Lv?hz??AA A$A*AlCapparmor-profiles3.1.7150600.5.12.2AppArmor profiles that are loaded into the apparmor kernel moduleBase profiles. AppArmor is a file and network mandatory access control mechanism. AppArmor confines processes to the resources allowed by the systems administrator and can constrain the scope of potential security vulnerabilities. This package is part of a suite of tools that used to be named SubDomain.iYh03-ch2b!GSUSE Linux Enterprise 15SUSE LLC GPL-2.0-only AND LGPL-2.1-or-laterhttps://www.suse.com/Productivity/Securityhttps://launchpad.net/apparmorlinuxnoarch%^V7:>69<9AA9=;:BDCEFCGMKJCICBJPCIIKID?D??>=<<<<ZGB@4cb 0 c|WVA 4$$RV  $ 2rIqYALQy2N yYPU3UYLU9XIUYRMCiY1 ,aB(F`' 9; . \ [ V<<]{1$E&2m{ 2 ~T(T"e PmZ1 mB A큤AAA큤A큤iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii68cbc7e271bed8160fb1dd96370f817f3ab61a65d405a542655a52223174de99643fa79788045b100be192345ef6c378ff97cfab0303593bf27e829bdc0e22b4a9459f44b42bed989146a7785a3e7a9a9beb5a4319d91007ff7938ebec6f6fdaab7f52de2a49c322ca22deaff676af8ebb909a0efd83b6d5e27579897a4c1c5d2f579e0bd229638c353f722be5d569088f55b297ee02cf32fae8226c1865aa04b845a39f39b6dd89fd194798b6e256f06cf57246796ecd525322851748748c1f064a9ff9902223b85a08a9030d4868215f93b1aed0262d81ae378c0887e7c2d733b4b1aeeb0e6f34197add8e90d04a7b51b3f800e146e1001b5a79ad37b9f2b52bdae8b831a46f381f541f563215ad6e1cc571daca13ba16aa597806e0225249796b6e6410e773021be2c82ad6fff7243e2e6f0d3c5c11adff61da073cb14d21dcc1af994578aa541041dc4f1a5a5e902f5bacddf783f1e08c0fb22fe622f8737823281bc7c0cc0f8c1181ba00768822bee344a885561e0fa17eb85ede3454ff81107f79fbb30188f8cef12435b9e584a686c26415c874b634f6fbbb5dac1a8c9713a9701599cf6cf610dc6fbaa85e6ccc7fdfa7261a25d3d213996aeae2757ba7d679d783bcaa5363764c16869f9ba995b36f0986db0b9d064025916e79ae86769b3370612194c0443dcaeb4483503e9f67e76d76fe7b28c6d9dab055fabeaec1ab19fa9edb110815e8afb1c90319ca5b468739300300adc013a121ee29da1811a5461ef85490aae0379a3723288539c21a200072453e1230511b0fc1a518a593dab4a141a620b249b52bea5ac8eebd27408df7ca56e67a1b5716adbc1d90ba7706b520236a3653e795b5b1762ff2c633719ec920734063fbb64ddff9c9e57cb514c5e90ef1727523ef832079ec02c8817f3b852ac8953ea05fa6b2601f2e3b676067207d5f4d60777308fd7e88ddc912b9d1e9562077c6438a23d925a31a0715390d8c5973b1ccdb15950066e099424d301af3e534cda973228af2ecb7326460be1c1b75ec6ba04e4ccf3e8deb5dc58b97b8ea38310a34838214f829d9d97d5a7fb8cbefda399fb3fd255417615c3fa1c026cfa7eed06fd7ba58c3b5cb0bc6478e6e27f75774172214494235ca00fc058966387c2824f9eaff8ea60ed7888be8ac96d5ed6d93eb94ca995979b604dd8813bc6b8d0a01d031fc4162766b75079cb034a0cb660a8448e7cbfaa59ceb8fd72a6a50167edcac82906a9f01e62d67347db7d402c98e4471548a029b8d424fc31cfc4083f0ed342b72eab2accc2c655c95272813199f06a2f7db93a231375902860e4306e561ee09896fcf381c76cd4af8b2f08bb90dc0f5ee2b1aee758841a2496c7c0055416cc85ea95377d139965eac9fc58403f411d821c6a95456bad8fe07226de1edb128f5a85fe7a7774a193e97afe6d695bee2568226c3b19d7e103a201cc9f29a52c6e2a2cdcb7ce6a6a2c640cce70ae04999ed60b0a976026a416e2856961882e06bc68abc16d4037ceb28faa7473a66ebd60ee2d7616321bcdda5d0274a710ebedddeae2237a8056924f7e02d233b9c252fe3ac767418bc35c95495954e2b36360b6de78ad77b7087ea38bb71ce0001c53644edcdc9afa09bf30260e4f7138525b1b8f65346e4b08c563b54759c0de72e4d112d07d3c65d36bb7bcd4ea9e8dedc811ac6e210efaeaf8c60eed8037dd30e6f6369ef74ba934438af33bb871e90584b9414f96f40e2b256b44710f72406f551fd9d86871d8f1c1b5c233b8356803b1768faae8e283a1c13698e8fdda52b1010a543290090131c2bf4ea878c446001285f5e53b98b355fcf78948c03e657e5d7334a929a1f3446fe1e3bf8dbf56e3b9e9ecab57c19a61ad31c12c8281a0fc2ecf3d49ef6dd542dc59849b5516988e7cac473dcbcbc4628940aff93a667d8e2fc0450279e04715f9977ddf0e4e0c53328159da9746a43ae08c12d6436bcafa4ab95794a993d0d8ca24cf1d334d4c9fce0a84854e0474de26c7cfa3a1e67cff4bf1034b7503fb8df38e5ace76607c853cb8dfc4d9d129bb262946919381c08d32151ce4a403c73ad22dcd5f9bca21be455587383e756a0343384c88f267a8aed928ddac0a62daa61229a0ec7b8e3fd91c5abf6e20c7c2093172b061126a386642e3e87a53366807829b3fbcca0df3efc6a70b6fe61c398e31e7df09c62a842da2aca7ab3049602aa4bbab8e95d7fdf25fccc3850f632b1cd0e4dd334507ac60d2e082c748d020a3c74dcc8f3f59da612eb93f1a811525eb2a9d8b58ab063a16077d5287f1ab8991cf18cae17ec149579e45f958c0724a1fb4a488bf1224ba412138927a02ba056b1d92445bf519394709b24cc23a11ac20c931e61fb5ea8a11531e0fe43c103819e2740802bab3af2079c1db2ea9af9c5cb6f1151dd374e97fc6d3903a9ad0227756b248e10f15bc94beb3e21f946f89185ab623884212ad299d00c7e82a75d1d9ac0914e6555cdfcdd80d3bc383bf01a81cf5404b1a9d9612a51a6ff5608a6b41f9aa39c87822763d955eaf53131dd924df88e6ba6e2f2e8f7e1a80f1ff8fae85acc0afc2682ef2bbe98f24e57a90e74afc5af6275a08f01b8c6e6cde2fed4fc5ff62fdf2d5dc2ca299bfa98ca71a546bb6e5835e3dca756e4e0a3923c729d257593a0f5a054eae0a0a041d5c31e67c0371151907b2f683c3c45f01a6c7c9ba1b5126d81f91aae26fab7b72435134e17db1ea9ecd96a261485d1635cd7475181d451e01d1a52c5d970c37c22dc79c87562659dc13d05f730dd2eb910799208ae49250f9012899454b44e9dd7cb104d2ab2bea2d0bfb898e2c112b6e9d80d6130153f7b3bba84c1b7dcad4c87193ae0263073aa0960bce81e6e3e8adf21655a7ca2d329edfca8a6987afb294c347652b549dbeaab57d929d9a000ffaab9b4cb6f9bee94658e6884c80a7f4f1db9d9b8eba884dc1fb0142f1756ea4499f2e7eaf9288757dd2a7eb7d6f44971cd0cee93bdcf203a5f41909a9a974d1fec6f7b2a17b0f811239cbd1af5bc3988aeda9faee5707c6ffae60bf937521b7ee71f3d8585a59ccbfca22f33c6c4f77b756f7f7d97d1fa51efaffbee2fd6c366fb80ca2b1c6795153098a8dc42062b6b4ef6754b30956c20aaad706cafdd144518d63c4af6bd13583957c01171c082f8a9fe11ea263f1836ce7a63c46e38674045f5d877167cd1877c59f4ec7e28401369f0a7775836e5bfaccbbe6e11758a50d1d8af40dde539d178d5509949308a30a7d6ec3f3ffe2a1c708482a66be047ae55963bb863fb63ffa415aa59e0fadb9ff3eb9c8ca611663d83bdb4787fc967605e67ca8d15e900150abd9350778f8312dfeed64384e23fa6648d4b5c6a6fc46e29e0a4bd4cf4f60f1cfe0dacd554bd6895f2c08cb6826eb8bb5fe332c5d3696efb039d4ec63129bc26c77449f111c5816b28998c06592bf540fa45b1301f20e720b107f959d99cba31966e122ca74650096839639f2efd858518f0f52fdf638e2db1df79720834071e48280c4ace5cdc4bd9c226b7580819e626e81ede4cd1b285f8c0fe5b5847391d7fc96ac431117c8ab9219bc9313e1a4e2595c1ee610fa1b4875c1000477b99c3a47a6dc33ee29bfad1da17ef591bbdae27e56617104ecc276f72c8702804fa399a282b71a639009f7679e56958f0afd0513e7372e579b3d1de789b43c180d3336c525584c1e3e302349abbe92c3900ffc5c8729f51828636695812e69766a3dbaceb2ffdd9da38b9e77122c0719567aac0e215e71f8cceef0bdfabb18b1bc8d4ece4a3a04b1673414563aba24c9d1cb9c75c66849b0b8768fb24ef37f6a1c5560fdcc5262df8d9f419c8f56a623622fef1408ffa98e0090fa40920bb7939264ee656a10af06035d98305bae7290c69282433394c92f94fc8df46263a990a019ca25e8c3fa34565f63fd4b53f70bc39c6991710b3f6b83782f038aa9c7c6854f98b92b76fb3549c8021975c441d0ee6b0923c0fef36724e106ab0bb6599472ef0717cbd18e962a903c064092d8b75501d2541ef0143550c5035cbc55b4c238dfc2611a829e8cd2e662280fa8fa5657b1a8c6c9c45572c7eae2cc2f379ddce887cbdabba8a506ac3db9708af24255285ae855101dd7056c52d0747bb53c582d487cb2ef1cdd3e84d57d8646a2190b296ec88d0841b6cd505076f75a88d7aa9f187921111cff5c1be0811253704f44181c6c00e69ac05abec0f539ad014c81c0f28380c8d89dba7153909ba735d0c2c3109665bb6b192534d0155e9a831b2a1e3d7e85b04120c5e7a933332e89de7eb75c98b8014d6dac1bfbf07756a31cd136671e062294c9cbd3e24c9ec3314c609a073ef177dd293d5789aed24f6022723253412be87eb28dfc5db7f039a3da535a665ad2f08cb3629ee3f0d3e7e17a12a6eb323ee0e123033925bd5d57a345e0ff7baeeef9250570d8d528c456b5196e784c48ae7afd5d0a4e58e629f47b87661388f01f9487038f6bb201a96339aff9b4298571bd09dd59654d5d51f845e165e1098ebd76fab193ff161badb910dd318d5d5ec3d6d61b435d308e5586b48f505fd7ba66bb3463eb1dbb40f3c0051cb31c09d7acea6211b2617566f5b89c2fa647becec96b7fe514879de2187a63755e93c33e805cac46d0348f942b0ea886cb28bd7a7ff7cbce79f53ca994d7637453788c6203308d0a358c3835af42d12129fcdf887cf1880dd7a691d0c99f5bdc9bc0cd5b079247430685c60493d527fa34edf886bef0538cb27dfdfbea98919bb02cc9287485e9c7bfb24e6f0c844ba3ac8af8222fc40ab527d8e2c93159defa001536755d16352ea71088f541c0cbe5a65ae5b9e138cec3fa34a4913c097e8b5daa7ef8c576895a13916803ca645c09e34f99fe273e577362fc985f3fee472dcb3d6e9748b95dd5cbae7c85473c7a850790319373c8392b9e51d940a9083bfcd4faf290fdf2f01cf9eb143ce5061123f873e34e9d92cf341915f9d3ccb655aa6b7738aa439a8f97042e51319c757c7e3da935a8bdfd86121e6efd8f249c704935ef94e7c497f11ac821cd4c4fcee9067206a65a4108d69b9bc12b015740947039f01c18049aaa04508c95f59e5d8f12380a7813c00cf1915f1438b8ba2d0a1563ac658338001175c717db70cca223af863484475520a4cf9b221c264bd4395e29696e22764bf5d8a093460b3cf110cc3d5cd44f304feb76b281f24348b53aa0e4c48ab66c0272400932898aeb7f726216fa5db341d08d6473fda8627946866179efac869aac0d78eac02e24e6548a89d188d757cbe0937fddd1353c3a12cc5ba1a22d8cd8ae8da1cf777283c79a5a0a9cda1b168a79091467ccc556e02c5723e760d8effdac1703d6a03eddde3607d5d8aae54ba7f8eb628f3c8db37f6bee4c036e2529da2a0bc8ceff84fc14c73742c1cbfea5db2e36d4db2606551f1fe7470f2c32ffed65ff33534b05289d8c8331b406ee2a906575a412ec9c3cd483cbfab9339e19610323123bd281bd576a139975506bb118af57fb16571d63e1d1f0784d73aa47543d401bdb5c66dc2f35a079b73db118fb35f78e35aba2d558436dfdc63921910437150959a60bb88f1ef27840c25847f5d8c9525d27cc96974784a51de969faedb3bb34342549b781bb9996e33538b2cb203563bd1da49fb77f0bea32019e03ffb03016ca5338716c76854bc8e562ebcb939d0d3b8a88a6969179926c411a9ea6265a07bed5b89ede96a4b16d57a91cdf8c6f76d415ba3c7ff8d3f4335dbf340e0e381946ceb90fb5cd466cf936ae4f0535389a7000ccbdac0c12989e3e31500376a7110921335037f909f34da4604ffce7ecd6bafe2de42f2860f4a4343315cca7b42eb3d3da3b3d42e1fb24862bb750b5e52f02a9307db9817df3368c900e2b9da4b16a3b1dbec69cd3377da15b1882468b3a420b10135c682fcfcf2668e28828875422207ba4522bb62b13f51aca0a88e6f3977f49d73d2445068b3db8b922c366e2fa7b747c5b50e89d543d401a65661fe9e98e7b66f6da8121bf59cfaa6c8139d494b30a90aef132a70c563f035472d2e2c6c793f320f4c22a328136b359c4531c64e0c3bd048372d5c771ce763528b8b9203c86fd00a86e09f8ac3b3aa6815707728c8d44a292b21f09a57f3a4ac6d8883feb74f70b483a849ae53cbb6bd851886f75aba00abe15bd2252e046053040c6dc0f150441b1bfadb4e0491bf8b7105c286da664ad1b1d90cb26312355c6fb46bbedefc4ecb83aa7e0106f974efac67c1ebe6e5eb4764c7a6ae5243419644565dfd0d5313ff73ab726f050bdb606fd05a91cd2c5d1e810b44672e6246837d65c3721044e4ac9867c54a81143e8ea62f107a6c982e3955726bbc07c672e83ccfddfaba444855bdb8aecb16c6a26aa6e1a72d4982ddfa711d5059e5aca0deb4ff45276607143a6f000bd532bff6262f7e3d736dcc6057e8157f1f84f962e66b5f479881b0a5f7ec1b0425e1221b5f9ac59ca7bcbe5daa5c56a4768efa89dda073caaa19ba913b7820a7aff2907bf684dae4b6ba1a60adc4e0ae13cdc116631293a2afdee44f601313a2849ab95fa4b4d25cc176f1dce100a9ba52f5cece02c561b341fa8babdc3cc09486ca58e9b1e04816f2e461afccf8904f068775bfcc3ecb6d3d7911d6b66a02b533b48a26928c8ac6a34dbc0a72bfe0957878b7e6f6ca7457a3ee4a555321a1ed28990d20cf27ae7301ab902b561f313791d51a78980de5194f8d834207da21a135f43f7efd8a3e1c2e0202e0ec4e0c3d534fe5017b356227ddc57ddcb489e75e6437c6e2d2972c0a8545af437734124c83736c62fe5905dbe81088f97d6707884b7bce053197eb2d568a784e330e3f638c451695c0ca9a423e0df23d97a5c5762dd520fdc0ffd191e45917b525ab7b2926dda77a601028f651a3b90889aa863dd3a21c8d9c9dff01415b2ac44ee8b37b75c034118dccaf345f9a676da867657119c69d7a937db037baded19cdbf4638df5ad825a0fb7f70b674581d0d2415effec9a2e51eb0ebe5588d5df7bd7d55489afc7f0495b9aa756662531859361f03dec17935e00aeb624795be2eb93c0a670788f778af621db1a61e236a2c42b30fd9081f9400d8de0bcc553abc62a4a4cb5c6bfa4fd13f218aad7b15239ca9d197564a4a5cb5773250e326c3e33b4ce76b261491541c9d899bb7e60598384d137ac14efb0edc9f856ab6a3908fd6c1e54110a76ffa56104c0455572143c1dfd7002b854a98ce758821265c7f74756d46ceced6aa3b775901c86a23c853d7ee67f40161372e7631f3d6621255f4a76cf46c58484fee0341261f799ec4fcedf1cc01a42e05d05cff80dab1dd3db8af19981eb0c570d19d96c1f7896ae3eaebec27cc49de8182fdfd7f3fc733374f0f41c29e81ca274af8a4049b6f4dfb12119c50225bf2617d98078f3c207c6e12ac835a719524dcecee9c14647450a3ab85f8908ad5eb804430b39eb80e9b912f440eaa04e9d321bbf2ff9854003b49cdc96fed7efd5adbcf7be95511332b9238404e0494d7b3f51054f5c8eb12c98f5673c63039347e7b6546fa53ef8a6497b60ff42ec63f3d9b34e135cbd4b7a9d2d70ed73035d2371e0cff5ed8b663ff1a1b15b9c4d13a2fde4331779559474113286722f480b8fde246dbc562da219c67326ec5dc73ba7905dc755d9c00b5606f5cf67f298950a9ae96cae0f1b973ea57ddb5b547ff9b235db8deec538ce4fc4bb0d01c27c93abb9236818f253bbad1349cc2df8069cd5d7568927b74c2410116a13a9ef8b5126fcdd639db529f9ca5797cdc940f36465474cad9d4c15e2c4865df7d26368920c2f1e3ee1625508570612e9c5406bc534b3560631cd775de41aed6dffd2cc723dada17e07d935259b69ce5f0db67e71f244c450ec4b013bc406dd2dde0f7c9e8a8482811c553dd3c5f3f7d46aa9ef02468838ea16870457540bdb9b114ab84c8093c8f13c014ad6a7e3d69fb4f86497f470ad4394f596a4c3180c8355ee0f49271b0df3fbad0d82e935bd2ea6c29077e07a3a6e5dc9127629d6aeb9c17556fc43feae3ef94470d5ac2906482ff33532a0d7a9d7d654f5a8b184e9914973afc62faa7b95d2e36ab60253aa311a63b31948d0e9d3792ee3c87c8d2dd07ee758925c7978b9f4206c4e328009290254dd9306d169ee94f5252da87a6969d1e0fc5f8251bf3436388c73b21cb32d1ff25f2693b6b69a64a1e035b6dac158faba23eee7251f1663ca345872fd9ddc61812799fa04c5d69678d62b8f6236cea6811f4a69355f40e5243535580f75e2b6a85a4339ed312ceda3a45a3e18e12497b2fb3d0cdd9216a17d19b4c5ba2eb367021cc68c031b169f7df83afc5f6a2e964c24a0d5b4d608f701f35eef8ce5ece499eb4da12e358106826f3768364ffe83bec8901e7e28a754fd31ad1ebd850b96b810fdd8371209389f4839cb91b5c0a537f2e2fe63c09745d7bf4285359d99fc5cf08a89f24310112a9467f08d82d525597bfcc6df0a4503f477f3a3ca78d79725a1977fa4152e15671a01862f07827fce5c00e82ba72933d055768d5766dca628187e3bdffe48a34950b9f8a82a05a06cf1ea6c33710330384d01ee41f22f036eeec351cd1da38c88d92e171d1f9b8d63f1e8e9cc32f0e566576d104ba318ae127618024c4d78d2db58a7b86f5d0bc41292ba60902ab3edac6c6454e797ba4e2035a98289e8fc28d23005a2e038b2cc58e03e0c56fa7db673ed61d603647f9e5ac2312f480e89d22381196c25199c9f367152fdbb3f739c0694afaad4b1be7a193e9384026369fd6ba3af115f61a038ad1aa8dfb5242f72da20009ff13cc3430ea937386a66ab32cd4095e9f35f2ab44d47153d05a642b3536c1c92ed738fad6651845078dd5f6c9b943cfe9dcdbb7692c58e539b5117dfdfe7971b026e959b871665c7712cc0e677fb3f8889cca6eec3eb7af42b448d942b5121e6579074a0561d1f270ff26f9ff4a2b7065acd2513569907474c40f81777111a816330da51b983cc22808fa8c74193bb6e17a6efc05433a7f0f73758847a0419aaeddd704f16a62bf5d4655bedeb712c1d6b7c27981664f710a9b046e24e5d34e3f8abbb2723d341e5c5e1294e374da5996b1533a9194e9de7060ffdfb98ebe6e1fafd0805661839f9b380376e0c69069dee0d4ae1bd9f5c2180d2e6bcf0cc6cffa23464b945a9dfd8444dfd4f5da1df6e005559a2524409f4c8f0a2e130a9552e8c04a1a682a5bf7cd15db00cfed531fc9ed07e675c71db9bd714ab46e2f884ad7aa15047d5047f88c82f28427dd3106812d4a00840eea180990b6a446921e6fd1459b0a76e7fdc5e2ee301627b38eb4bbdde57ade8034d1a73d6fea2eb6d541d376e5482a656cc3957d43d3a90e92c93780b82eecb195443ecf9dbea96f8fc0892f43cfa22f4d6b995f28f4938a7a865dc1ee7c4c096b349baf80263e99ff346b1e1215248cdd38cda55cc9faa852f8603b1bcad5dabb1c39b7ae9af731f59e0039072f7bcc40ae6a32efbfa57b660dfd6fae0e357cd5da1b2028c5a3d4d805583eafb8ccf3b4ac0962279586735e69f8d450b241c4de617b18b5d4d22f9bdee02414543a5bbb70601ce1fe9dffc2d241d883a0b15c39593717556f73a80184b9302054e7148641a0ca9fa0478e4eac4348b065a909b2b705ac68b4217a90023b5069c0c28ee5e528fb11d9047ed887f09ca2c9a71f76e445b6e2ec18014ea6d2a4b3c7368476ebc8ec285b80adfc73793778a38f03f64544c1e50b392bd6064f885990782350e3ac8ae0844401fedff7ddc34d5e9e6e17b7b6207d4ab50cd99430109886b03df139466cfbc1b28315c90d4d4b3cd46449305127f2e84ff3bfa5153aca6ff47b07388dab31e5984b152f64af4109664bbcd03cb48ee941e1c5f3182e60cfde3184447c03755b12326c9665a792b131921bb26176c2f10f143ebeaae13102ef46d8398d1894332c4a49e9183c811d4a1a954a1b66aeb35f1e752f57b68629b5869ec75104025843e0ea50ff686c84b5fcac65d2355765c2106585783e412c1b41a246e60d1435d295ff0f667af1cf79ffa0079e06da4f92bae5cc2a4b9224e6c2dbfee61f195f058d7cc87ad088b552dcd8cde96019b99ae7062d6f5a8a2a68a9559313a66572239bb3d27187374d3c2f135669d71d9cffd204ba035fe153b9348b65f5b8f6646960b3731bad8fba1128f4ba21d199e8dce411ee0388cd517bfdb9e1f2bb6a6e97bef5ca1c61b25fd06adee82e43431ecd788ba8ce6a34979eba9e793716a15bad0bb452c235ff7639cedad6ff06464e7c50941c2a1d01ad14839f74c12f4aead8bf6b2e8f8c353325b7d71166431bab390a62cbe5d0e740e310a4da81ecf01a63d9c72e7336a6b7f40751a354fa8ba575c5a16e9933a31e6d6e3617b6068ac208b8b1da09f61f8b472a2e459ddf8b8a4557383983feff742f71e0a3e88730210ec4dab89c33e445b475452a07ed4d121852894c064efc347e09e88e6aaad36a31c5184d525981d8d131e3ccc737fee5d18486486e6398be3ac5957aa127651ee2885461ebab88571f795cd2cd6217f535d201971880d75ed3e2c2df3ad99deec82d53bf877803a8b18e120196ddf62ad26549517604d0aacce8a4168982dbd1b995008c3cb13bce4be7598f50c6f869e7be8eaf755c2dce8327c90d3bab61451a76ef03e0bce59ef4b7784a1e73ae6a5e4cf70dcbfacef158a5f40471749898860f5280e90a88ada115005fb59596b3c0cd9a032d304ceaf428ca2f101d11e81138f5cecbe163093c9212c3c517656ad8e6fb9c082a9dca28de166b562d22651aa20669345f2a6c196e4899a1a6e58570b8476f9f9a90d011b7f92f4fb8a3386ff614b7ec5ca1a231cab36d509dfadf3a50254a4aebcf9bc433aee5fe1c88bc0a4d0713bef2af865441cce055446e155fef3e5984abdc3a6219f19b638a4e79c23bf2a93b2cc4cd40589489199edcce8952711250989839bb02ee1319bdb009bb25bc79a6dda2411a8bb89ff8e89713db025c828797a9150e1d8cfa98f548a446d285dcaf9835f8c761a7aac4c534509e2dbb903b590a9e5ff8cc2861486e08eb589c66be379f11f3f96cc12299787a16644fff6bb872d7707b10f16db27144eb52f6242a727d4c7d4b756f779c919ba49c8fe360de00cb534991d03fbf3561b4a787586351f26aaf3d2361bb4e7a180cb130f62b72ac98d8c02f784d8f11f88a17a730fd147325ecf46adba38b0a13f340f96d2962b80fb563da83b62be48a9f0cd6d14b1a050e1db7c659c8a853bd16af77a3227fae4f4cf4050112bda93560b8b82e3bff62d97fdfc838aed43e53be9b3e39705c1cd341e51edbb685c466cdf722344ce50cde43d4d1e11a9a2f09ec2e87003eacc956af9cf9a50d0737dbcffefc98086d60832662b67687f9d84dce6aaf146528e14b4d59f1732f566f8bad6baed461a7e2125d000978f43afcdd2e91d14212db2c7fbc5f233d12ffdaffbdda1ab2c70f7553278f45641040e07bea8f8f630581af4bb22dec34456331abfa3ac65edc174a981f7579c044bd7d580571b21f93b9198893329d1rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootapparmor-3.1.7-150600.5.12.2.src.rpmapparmor-profilesconfig(apparmor-profiles)subdomain-profiles     /bin/shapparmor-abstractionsapparmor-parser(CAP_SYSLOG)config(apparmor-profiles)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.1.73.1.7-150600.5.12.23.0.4-14.6.0-14.0-15.2-14.14.3ih@hg@e@ee}@eԔ@eԔ@e@ee@eKx@eKx@ev@d@d7d@ddtdS@cccױ@c@c@c|c@c Xcb{@bb@bޅbVb@b@b{@bwbk@bi0@bZbV@bT@bRbBb<]@b@a7aZ@ap@aabaim@aEaaua $@`#@` @````_@`%@`!'`>` @__ǁ_ǁ_Q_h__@_~@_[f_P_-B@_@^m@^@^<@^j$@^,-]҇]o](]K@]]@\\@\ \\v{\I\ include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527)- prepare usrmerge (boo#1029961) * use %_pamdir- update to AppArmor 3.0.1 - minor additions to profiles and abstractions - some bugfixes in libapparmor, apparmor_parser and the aa-* utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1 for the detailed upstream changelog - removed upstream(ed) patches: - changes-since-3.0.0.diff - extra-profiles-fix-Pux.diff - utils-fix-hotkey-conflict.diff- Use apache provided variables for the module_directry: + Use %apache_libexecdir + Add apache-rpm-macros BuildRequires- add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in de, id and sv translations (and fix the test) (MR 675) - add extra-profiles-fix-Pux.diff to fix an inactive profile - prevents a crash in aa-logprof and aa-genprof when creating a new profile (MR 676)- update to AppArmor 3.0.0 - introduce feature abi declaration in profiles to enable use of new rule types (for openSUSE: dbus and unix rules) - support xattr attachment conditionals - experimental support for kill and unconfined profile modes - rewritten aa-status (in C), including support for new profile modes - rewritten aa-notify (in python), finally dropping the perl requirement at runtime - new tool aa-features-abi for extracting feature abis from the kernel - update profiles to have profile names and to use 3.0 feature abi - introduce @{etc_ro} and @{etc_rw} profile variables - new profile for php-fpm - several updates to profiles and abstractions (including boo#1166007) - fully support 'include if exists' in the aa-* tools - rewrite handling of alias, include, link and variable rules in the aa-* tools - rewrite and simplify log handling in the aa-logprof and aa-genprof - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0 for the detailed upstream changelog - patches: - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0 release up to 3e18c0785abc03ee42a022a67a27a085516a7921 - drop upstreamed usr-etc-abstractions-base-nameservice.diff - drop 2.13-only libapparmor-so-number.diff - refresh apparmor-enable-profile-cache.diff - partially upstreamed - update apparmor-samba-include-permissions-for-shares.diff and apparmor-lessopen-profile.patch - switch to "include if exists" - apparmor-lessopen-profile.patch: add abi rule to lessopen profile - refresh apparmor-lessopen-nfs-workaround.diff - move away very loose apache profile that doesn't even match the apache2 binary path in openSUSE to avoid confusion (boo#872984) - move rewritten aa-status from utils to parser subpackage - add aa-features-abi to parser subpackage - replace perl and libnotify-tools requires with requiring python3-notify2 and python3-psutil (needed by the rewritten aa-notify) - drop ancient cleanup for /etc/init.d/subdomain from parser %pre - drop (never enabled) conditionals to build with python2 and to build the python-apparmor subpackage (upstream dropped python2 support) - drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed - set PYFLAKES path for utils check - add precompiled_cache build conditional to allow faster local builds without using kvm - remove duplicated BuildRequires: swig- update to AppArmor 2.13.5 - add missing permissions to several profiles and abstractions - bugfixes in parser and tools - fix two potential build failures in libapparmor - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog - remove upstream(ed) patches - changes-since-2.13.4.diff - abstractions-X-xauth-mr582.diff - sevdb-caps-mr589.diff - libvirt-leaseshelper.patch - cap_checkpoint_restore.diff - add libapparmor-so-number.diff to fix libapparmor so version (!658)- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, cap_checkpoint_restore.diff)- %service_del_postun_without_restart only works for Tumbleweed, keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x- Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete.- libvirt-leaseshelper.patch: add /usr/libexec as a path to the libvirt leaseshelper script (jsc#SLE-14253)- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON to severity.db (lp#1890547)- add abstractions-X-xauth-mr582.diff to allow reading the xauth file from its new sddm location (boo#1174290, boo#1174293)- add changes-since-2.13.4.diff with upstream changes and fixes since 2.13.4 up to 5f61bd4c: - add several abstractions related to xdg-open: dbus-network-manager-strict, exo-open, gio-open, gvfs-open, kde-open5, xdg-open - introduce @{run} variable - update dnsmasq and winbindd profile - update mdns, mesa and nameservice abstraction - some bugfixes in the aa-* tools, including a remote bugfix in the YaST AppArmor module (boo#1171315) - drop upstream(ed) patches (now part of changes-since-2.13.4.diff): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-fix-utils-network-test.diff - make-4.3-network.diff - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch - apply usr-etc-abstractions-base-nameservice.diff only for Tumbleweed, but not for Leap 15.x where it's not needed - refresh usr-etc-abstractions-base-nameservice.diff- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch (bsc#1168306)- fix build with make 4.3 by backporting some commits from upstream master (boo#1167953): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-network.diff - make-4.3-fix-utils-network-test.diff- update to AppArmor 2.13.4 - several abstraction updates (including boo#1153162) - disallow writing to fontconfig cache in abstractions/fonts - some bugfixes in the aa-* tools - fix log parsing for logs with an embedded newline - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog - drop upstreamed patches: - abstractions-ssl-certbot-paths.diff - apparmor-krb5-conf-d.diff - libapparmor-python3.8.diff - usr-etc-abstractions-authentification.diff - refresh usr-etc-abstractions-base-nameservice.diff- add usr-etc-abstractions-base-nameservice.diff to adjust abstractions/base and nameservice for /usr/etc/ (boo#1161756)- Properly pull in full python3 interpreter- add libapparmor-python3.8.diff to fix building the libapparmor python bindings (deb#943657)- add usr-etc-abstractions-authentification.diff to allow reading /usr/etc/pam.d/* and some other authentification-related files (boo#1153162)- add abstractions-ssl-certbot-paths.diff - add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys- add apparmor-krb5-conf-d.diff for kerberos client- update to 2.13.3 - profile updates for dnsmasq, dovecot, identd, syslog-ng - new "lsb_release" profile (only used when using "Px -> lsb_release") - fix buggy syntax in tunables/share - several abstraction updates - parser: fix "Px -> foo-bar" (the "-" was rejected before) - several bugfixes in aa-genprof and aa-logprof - some fixes in cache handling - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3 for the detailed upstream changelog - drop upstream(ed) patches: - apparmor-nameservice-resolv-conf-link.patch - profile_filename_cornercase.diff - dnsmasq-libvirtd.diff - dnsmasq-revert-alternation.diff - usrmerge-fixes.diff - libapparmor-swig-4.diff - re-number remaining patches- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig 4.0 (boo#1135751)- Disable LTO (boo#1133091).- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877)- add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile to match the newly added libvirtd profile name (boo#1118952#c3)- Use %license instead of %doc [bsc#1082318]- add apparmor-lessopen-nfs-workaround.diff: allow network access in lessopen.sh for reading files on NFS (workaround for boo#1119937 / lp#1784499)- add profile_filename_cornercase.diff: drop check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (boo#1120472)- netconfig: write resolv.conf to /run with link to /etc (fate#325872, boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]- update to AppArmor 2.13.2 - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (boo#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 for the detailed upstream changelog - remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch- update to 2.13.1 - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - ignore "abi" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including boo#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 for the detailed upstream changelog - remove upstream(ed) patches: - aa-teardown-path.diff - fix-apparmor-systemd-perms.diff - logprof-skip-cache-d.diff - fix-samba-profiles.patch - make-pyflakes-happy.diff - dnsmasq-Add-permission-to-open-log-files.patch - refresh apparmor-samba-include-permissions-for-shares.diff - add fix-syntax-error-in-rc.apparmor.functions.patch- update rpmlintrc: - whitelist .features file which is part of the pre-compiled cache - comment out filters for the disabled tomcat_apparmor subpackage- Backport dnsmasq fix: 025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch (boo#1111342)- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099)- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing (logprof-skip-cache-d.diff)- add fix-apparmor-systemd-perms.diff - fix permissions of /lib/apparmor/apparmor.systemd (boo#1090545)- create and package precompiled cache (/usr/share/apparmor/cache, read-only) (boo#1069906, boo#1074429) - change (writeable) cache directory to /var/cache/apparmor/ - with the new btrfs layout, the only reason for using /var/lib/apparmor/cache/ (which was "it's part of the / subvolume") is gone, and /var/cache makes more sense for the cache - adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both cache locations - clear cache also in %post of abstractions package- update to AppArmor 2.13 - add support for multiple cache directories and cache overlays (boo#1069906, boo#1074429) - add support for conditional includes in policy - remove group restrictions from aa-notify (boo#1058787) - aa-complain etc.: set flags for profiles represented by a glob - aa-status: split profile from exec name - several profile and abstraction updates - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13 for the detailed upstream changelog - drop upstreamed patches and files: - aa-teardown - apparmor.service - apparmor.systemd - 32-bit-no-uid.diff - disable-cache-on-ro-fs.diff - dovecot-stats.diff - parser-write-cache-warn-only.diff - set-flags-for-profiles-represented-by-glob.patch - fix-regression-in-set-flags.patch - drop spec code that handled installing aa-teardown, apparmor.service and apparmor.systemd (now part of upstream Makefile) - simplify "make -C profiles parser-check" call (upstream Makefile bug that required to call "cd" was fixed) - add aa-teardown-path.diff - install aa-teardown in /usr/sbin/ - move 'exec' symlink to parser package (belongs to aa-exec)- Set flags for profiles represented by glob (bsc#1086154) set-flags-for-profiles-represented-by-glob.patch fix-regression-in-set-flags.patch- add dovecot-stats.diff: - add dovecot/stats profile and allow dovecot to run it (boo#1088161) - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753) - update 32-bit-no-uid.diff with upstream fix- Change of path of rpm in lessopen.sh (boo#1082956)- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429)- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429) - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests" to avoid pulling in several Gnome packages on servers (boo#1067477)- update to AppArmor 2.12 - add support for 'owner' rules in aa-logprof and aa-genprof - add support for includes with absolute path in aa-logprof etc. (lp#1733700) - update aa-decode to also decode PROCTITLE (lp#1736841) - several profile and abstraction updates, including boo#1069470 - preserve errno across aa_*_unref() functions - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12 for the detailed upstream changelog - drop upstreamed patches: - read_inactive_profile-exactly-once.patch - utils-fix-sorted-save_profiles-regression.diff - lessopen profile: change all 'rix' rules to 'mrix' - add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems - no longer package static libapparmor.a- update to AppArmor 2.11.95 aka 2.12 beta1 - add JSON interface to aa-logprof and aa-genprof (used by YaST) - drop old YaST interface code - update audio, base and nameservice abstractions - allow @{pid} to match 7-digit pids - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95 for the detailed upstream changelog - drop upstreamed patches - apparmor-yast-cleanup.patch - apparmor-json-support.patch - nameservice-libtirpc.diff - drop obsolete perl modules (YaST no longer needs them) - drop patches that were only needed by the obsolete perl modules: - apparmor-utils-string-split - apparmor-abstractions-no-multiline.diff - drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in apparmor_parser - refresh utils-fix-sorted-save_profiles-regression.diff - add aa-teardown (new script to unload all profiles) - make ExecStop in apparmor.service a no-op (workaround for a systemd restriction, see boo#996520 and boo#853019 for details) - lessopen profile: allow capability dac_read_search and dac_override, allow groff to execute several helpers (boo#1065388)- read_inactive_profile-exactly-once.patch (bsc#1069346) Perform reading of inactive profiles exactly once.- update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of 'unix' rules (will be supported in kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog - remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff - refresh apparmor-yast-cleanup.patch - add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the "changed profiles" list in aa-logprof- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)- profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195)- add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26- do not require exact X.Y version of "python3" - require also matching python(abi) which is arguably more important- don't rely on implementation details for reload in %post- add JSON support. Required for FATE#323380. (apparmor-yast-cleanup.patch, apparmor-json-support.patch)- add upstream-changes-r3629..3648.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - update nvidia abstraction for newer nvidia drivers - don't enforce ordering of dbus rule attributes in utils (lp#1628286) - add --parser, --base and --Include option to aa-easyprof to allow non-standard paths (useful for tests) (lp#1521031) - move initialization code in apparmor.aa to init_aa(). This allows to run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser don't exist. - several improvements in the utils tests - drop upstreamed python3-drop-re-locale.patch - no longer delete/skip some of the utils tests (to allow this, add parser-tests-dbus-duplicated-conditionals.diff) - add var.mount dependeny to apparmor.service (boo#1016259#c34)- Cleanup spec file: - don't use insserv if we afterwards call systemd, this can have bad side effects - remove dead code - remove now obsolete 'distro' checks - Replace init.d script with new wrapper working with systemd- add python3-drop-re-locale.patch: remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766)- Fix RPM groups- add upstream-changes-r3616..3628.diff: - update abstractions/base, abstractions/apache2-common and dovecot profiles - merge ask_the_questions() of aa-logprof and aa-mergeprof - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor - adjust deleting the cache in profiles %post to the new cache location - silence errors when deleting the cache (boo#976914)- split libapparmor into separate spec to get rid of build loop involving mariadb, systemd, apparmor, libapr and mariadb again (see the discussion in SR 448871 for details) - libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but with minimum BuildRequires- update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog - patches: - add sshd-profile-drop-local-include-r3615.diff to fix 'make check' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff - spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren't used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed'ing python3 into aa-* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in logparser.py - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition) - add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)- only install apparmor.service for openSUSE > 13.2- Add a native systemd unit which *at the moment* only wraps/masks the early boot script.- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage - drop upstreamed dnsmasq-profile-fixes.patch - update expired GPG key- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes - refresh dnsmasq-profile-fixes.patch- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- fix bashism in post script- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don't warn about rules not supported by the kernel - fix logging of "audit capability" (lp#1378091) - add support for the "hat" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 - update apparmor-abstractions-no-multiline.diff - remove upstreamed apparmor-profiles-ntpd-pid-location.diffsubdomain-profilesh03-ch2b 1774261849  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~3.1.7-150600.5.12.23.1.7-150600.5.12.23.1.72.9apache2.dphpsysinfobin.pingREADMEbin.pinglsb_releasenvidia_modprobephp-fpmsamba-bgqdsamba-dcerpcdsamba-rpcdsamba-rpcd-classicsamba-rpcd-spoolsssbin.klogdsbin.syslog-ngsbin.syslogdunix-chkpwdusr.bin.lessopen.shusr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.directorusr.lib.dovecot.doveadm-serverusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.replicatorusr.lib.dovecot.script-loginusr.lib.dovecot.ssl-paramsusr.lib.dovecot.statsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbd-sharesusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddzgreplsb_releasenvidia_modprobephp-fpmsamba-bgqdsamba-dcerpcdsamba-rpcdsamba-rpcd-classicsamba-rpcd-spoolsssbin.klogdsbin.syslog-ngsbin.syslogdunix-chkpwdusr.bin.lessopen.shusr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.directorusr.lib.dovecot.doveadm-serverusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.replicatorusr.lib.dovecot.script-loginusr.lib.dovecot.ssl-paramsusr.lib.dovecot.statsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddzgrepapparmorcache201d1af9.0.featuresbin.pinglsb_releasenvidia_modprobephp-fpmsamba-bgqdsamba-dcerpcdsamba-rpcdsamba-rpcd-classicsamba-rpcd-spoolsssbin.klogdsbin.syslog-ngsbin.syslogdunix-chkpwdusr.bin.lessopen.shusr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.directorusr.lib.dovecot.doveadm-serverusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.replicatorusr.lib.dovecot.script-loginusr.lib.dovecot.ssl-paramsusr.lib.dovecot.statsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddzgrepextra-profilesREADMEbin.netstatchromium_browseretc.cron.daily.logrotateetc.cron.daily.slocate.cronetc.cron.daily.tmpwatchfirefoxfirefox.shpostfix-anvilpostfix-bouncepostfix-cleanuppostfix-discardpostfix-dnsblogpostfix-errorpostfix-flushpostfix-lmtppostfix-localpostfix-masterpostfix-nqmgrpostfix-oqmgrpostfix-pickuppostfix-pipepostfix-postscreenpostfix-proxymappostfix-qmgrpostfix-qmqpdpostfix-scachepostfix-showqpostfix-smtppostfix-smtpdpostfix-spawnpostfix-tlsmgrpostfix-trivial-rewritepostfix-verifypostfix-virtualsbin.dhclientsbin.dhclient-scriptsbin.dhcpcdsbin.portmapsbin.resmgrdsbin.rpc.lockdsbin.rpc.statdusr.NX.bin.nxclientusr.bin.acroreadusr.bin.aproposusr.bin.dumpcapusr.bin.evolution-2.10usr.bin.famusr.bin.freshclamusr.bin.gaimusr.bin.manusr.bin.mlmmj-bounceusr.bin.mlmmj-maintdusr.bin.mlmmj-make-ml.shusr.bin.mlmmj-processusr.bin.mlmmj-receiveusr.bin.mlmmj-recieveusr.bin.mlmmj-sendusr.bin.mlmmj-subusr.bin.mlmmj-unsubusr.bin.operausr.bin.passwdusr.bin.procmailusr.bin.pyzorsocketusr.bin.razorsocketusr.bin.skypeusr.bin.spamcusr.bin.svnserveusr.bin.wiresharkusr.bin.xfsusr.lib.GConf.2.gconfd-2usr.lib.RealPlayer10.realplayusr.lib.apache2.mpm-prefork.apache2usr.lib.bonobo.bonobo-activation-serverusr.lib.evolution-data-server.evolution-data-server-1.10usr.lib.firefox.mozilla-xremote-clientusr.lib.man-db.manusr.lib64.GConf.2.gconfd-2usr.sbin.clamdusr.sbin.cupsdusr.sbin.dhcpdusr.sbin.haproxyusr.sbin.httpd2-preforkusr.sbin.imapdusr.sbin.in.fingerdusr.sbin.in.ftpdusr.sbin.in.ntalkdusr.sbin.ipop2dusr.sbin.ipop3dusr.sbin.lighttpdusr.sbin.mysqldusr.sbin.oidentdusr.sbin.popperusr.sbin.postaliasusr.sbin.postdropusr.sbin.postmapusr.sbin.postqueueusr.sbin.sendmailusr.sbin.sendmail.postfixusr.sbin.sendmail.sendmailusr.sbin.spamdusr.sbin.squidusr.sbin.sshdusr.sbin.useraddusr.sbin.userdelusr.sbin.vsftpdusr.sbin.xinetd/etc/apparmor.d//etc/apparmor.d/apache2.d//etc/apparmor.d/local//usr/share//usr/share/apparmor//usr/share/apparmor/cache//usr/share/apparmor/cache/201d1af9.0//usr/share/apparmor/extra-profiles/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:43338/SUSE_SLE-15-SP6_Update/dafced5dc34c05635c1b35e59c000446-apparmor.SUSE_SLE-15-SP6_Updatedrpmxz5x86_64-suse-linuxdirectoryASCII textC source, ASCII textASCII text, with very long linesUTF-8 Unicode textby + o).# workaround for bnc#904620#c8 / lp#1392042 # old cache location up to 2.12 rm -f /var/lib/apparmor/cache/* 2>/dev/null # cache location starting with 2.13 rm -f /var/cache/apparmor/* 2>/dev/null #restart_on_update apparmor - but non-broken (bnc#853019) systemctl is-active -q apparmor && systemctl reload apparmor ||:/bin/shutf-82ebb1018edfe379f439a65756b7912cf8bb6f8840a2a2e2385f493ba63075b01?7zXZ !t/G]"k%O6R~S4)JJגup%MyIv !sH=Vr_SSF(d &Q5,VA}YB8K|{vt0 +!Ǣurd[YG];Lg>P^:n8gNn򺬈Tn6]d * g_<;&;ޭ`憻\B~g {mI(M.{g) vW?c?&Q @Txb%)+]$ȵJ!Ug܌ʳ N7Mw̭"+{;; "q'ϿO0bRbK{x$& `5N-۷B1о](j$ w-6g5@$[O)`pJRʌ/=xXJQsJ}abB=T?"8r8z\f*>cbcĞ.9j'z:p8bwozSoاnk#V8Woa zWsHh ![tE:Tw&Sf]@P\5_wI?\!?uDå"ᛥ 0 x$K`"Ä3/ӻh!4Ju`LG$(ΣVmi2]99m(DW/9( e +NTNHe | yf?\޸aͮT$j'U~{08{)0\Hiw?It%DmHJ>d0 'SjQ{5]苯Ȋ8j;w2%@x]JF~<ȇo=d8gWk2?5CJo ݩ U0Yx )?O4E7Ku\BY3+t1:7vϺ&5'm N, hp94 i]!w= :5C~vǴva xJZnrM_ȥi6p]A%@Ai+$,>Uo`MqDW2zulGA3oLU^ KL􀦭G|D  qsns7RFcŘ,4$za A›3$L:YQ#imevhu#gfrwb#"&$%?QiT_P\S>Ћ#?ډg,U T{-pF;X(ZF, t~,u;D8XQpdY(6I߶x4VA{t Ozkl׃}$8q?!I=ɻ QG*'÷I̚6rSȾ g;>(M;n6RgEkc0> Hm]&P.uHj>΁e Qc/S.2S| ەjkPJzqcBz%y$JsDF+hqFCUXvU9:CVPT8=Ît?6$` (\t=MRx(<.؛1aSkS+@DjpII!EgS 8 Hqw\Q;ID_7/Ҍva@+bQ* p3vdYI—%5;ךDD>ze4MPvEy$.^v &~X,jiSO5Ӓ?j*\VyVN:bkX ۏ:5ӐQ婈) 0YlC]hwu*R-ґǿeLQGGoƁ%0s'ul^.`.G<>^:ö+މxnA%1J(9պ!R}ӀQ3ؑJXbLL"QO(aܩq6VfC4zT)?ɂ8\Zs5,6.:(0>agSe &A/ʏ1c DC,5]-'n;2cxܜ j\ yQq˦Ü%Vײ4J_oJSC 'Yρ;-b/z UkrvOf 6ݔ,bOE$+q%GWOu8/?[PI\S2hX )ПƁk^P D,D;]e+󳰕`ؓהӏ˹!\lX No@~BܽO<`ωmIƩ]GO(JN=4'&RaY|5T`-yKW9mk!܏/ +kAv~/ʏ/&V3,4XQHУT +`>(`ip$y$g;&Mb =Ħ>c?&0}}ux IUUu"5x7Q&Pi9Q?qO[v/v mNC35c \n? mݱ|rWďP 5evbb&Fߦ$0n:RyW&okItz Gfoϟ<s,{Wo6r[s Hsu?}dD)MvŇF'D봺ROA_sш t7' +aYPtD.Ty08=I#;'yFEb@O+2Ge͔:]=E***]-+^' g]P4ŬL5 _ke)t8m,zwBFmE{UF$O"A¬֡Ӆ^ (._X Ѥ+;n8C_א 2Ҳ7|̷ qS9_;'ڷ7?!H;!@8] r-wo⣷"Ț3(k a.wQ|\ϝ| I|e<2x,\ط|@>Io?RoP1KRU\s ͺ [Ԓx&ӂmYcqͪPl5 m"=\qF^B̰UV ,EG ,¬ҌL\ J'COu,Y"K);Kk _N[H9olz$*yJy}Ѯ{ ֳOmXɚM&X/2a5n]< LdϝY'= tM"Bqv<_ mU Q.-:ZjhȇwKRX%0b](5xh\ժ&v0 ڗx|+8AtM'A^~xY\fH-G &BeϮxd}B]^|JLz D6˅5K_$]:Mtm+әiLxH+'Wp\w%4ԯ|bdOyKu`.%p$Z^w`[iB/ -5Ζ~ٲ;' ʡ^]|UJ.b'0`0s,6 PRөT7~]BUـ؆5P>y!el5ts*%L@N3'0wJ)x|V8J(P&tyT!\ҦǶqD\ucӦ#07.L]2xQ&n<'W.S^Ь4ԗ$<=r`Q*~fO"dyO1m}o+$Pt_v >CױǗ E7TZt-$?#yI: Yǟ_z%5^o@TZGNc/ n΂ Bi؁jt&*5C8]W%g7kFY}Ixr]yzp,(~ͯC\촽zXŎ9~w 'KKfCL>Ir<+׏:n71VO!kl9c,aXaGe,)dsc`v0lŸp=2M*vG@@wWRNM sXZ,_0B ؖ L b%ps0 uo,`t$+0E&8EdH!sqΈq@-i]2ZVq[8ȉy2%S{"wգ`JA> pA0L3P[ɣQmKtY \]d}JOtIFT5?)#eCigS 4A|cK6TZ llx{{Q[KK;} XEcFaP}T.xwgph# Pzpѱ~QO@T~mc4kUj4W,/h)8[,b#X9 dp7&vD_,}7uȪϑ(BtrvF']/Ds7j.(.ηNXtt:{PR"\D(X).\#c: ڞRaƷw).'Qg;37B9;rǞ3vw8l+4A}l6lTOt>6^j >u_Gm򍄁LСIFif{rZYpQH>XyEbs fzZ76m%?@TttLcX?R2Q76ȔqA`,R$,4IqjlB^G k_T . m$6"ڵy||ր˳"ެ=Y%AܫkTGeobgVT=oZS xլ| Lֵѻ;ѽ.x){gr(%5^|AgPp@r$ BS#J*xiߠ"9RԓK9Cdzh['Gq|P1} _!)Szó y|ıܭ+M%bi^My5+U|Q)yXT kzddgYmryN3UbH x{$?i~1k6تcpHf GyfR}\F3q X;J[,=atkf< j+ !1o;)<~4&И7d"_B+U7t{Mmkv'JRNcb Zm޿n~ CvdbMi Fڸ [)3 Y GNT"yV-άEcPx#w9'Yk>dcwm%j{ 8sƨE>^xڝC ȘD#ak>o@"oi+LN0FtB Vp2G@ݛdYn\]πC2?oK­(&O;eO?=̅xTƕY;c>6oG aJ-yK:`H6ًYeCQ"5 B89g6X@*`BUn~F\|Cukul["s@a3 uw2^7JEƭPv UK&F++3/^)aQߒ0i;*[F-\fv=1r{*9z4 7pgcj!ŞRM1H;z6bjg f]/ x5&(-*$G] A|3NX<9W?SaA)5T.T*:˵3K[<x\:1 $vM깐gN"MָċB/DL"?$נsaPm fu:n0X[&yz2Miۗ @3eq|wudsOyoi8\O;q#Qr>cUV0D UW(1Kn,pm7E@:uC*6nݟmF*4~~Ax~Jalo$! ATJr[N(j .&*ۋQ6FŃ]Et/qZZŞLu4A,')#&*h EXur\uh%) wF堬 b1+O!hY|*RQ1Zޙ)!}FA.t5GULJjU5=nNi`%{^ac<qppn9I岲7>>f3(,sk>sԨ'N/t~tNriGSDΛ~6FK3E)na 4Mkm_o>nVozIE![Y0OUGѝ ֑EA]zƀrʧ9$5S[B3 e=kZ/L iM.:MًNjI/zBbP(X:A`R^?{&}w2d[u> +/Fꏚ+! Tn\%*s[Q'ްr^+V|ϷK08%dMgeSӈMDzj${@ByiT\,:З }و_B:LrZFv +a %Q|cxU>2 Aڏ!(>CLoyn 5s0>;]B(U~^iyQNZ.@脉GK%a"[اIMc*8e΄ECYl6j 0_&-!ጇU#%oUcN50Irt`1f.*X)bjYL:YJC\Ϊ$Oާ9wv0:iD}EpW~ Fvo490"CFVraiyBSz"7H+(8̑qZ/?_$q;CQy4RZaJfrkbȿ{rr@ӕx%Q%HP2pw")yEFC 쪊Ȳѽ.!@uo#n1H(8:eJvL$r2:~)tC&Z͘Y҆IkÉ/Wakfs(Tf^) w'_F(<;:Syp)0lfLd O8Jйu6v]v z=:fl:l̺BӞ22{gMk[7C`~µ^2-\Wtgi: \226`ti*gLU nD3%?"[)M3)8W$jһW(^96a-_vr- j.hhX#<4ozL ]K|@#Fdtv GSR eTP1]͘M` TSJs ` $2WW q6ni&H,{GEDA+h{uq-H4bFJ_l֗@кQV.W>1 y%Gę=\)zT/ͥ{{`8a'f+u$ ^?^$̜ԁl.C`\<$YrNja܋h1̺ڙ(ۍ)k:5*2v1>R<+Sl= d}jOHG^ǹǦm3X0_CRou0ek:1Ψ[SʼnN* |)ԭS3A^rnmG=2!Ln>H|nffu٨ϷYVӷ^ 4ثx`&OcG.FMŻ`?!4yjl(vAOdMtze MO5EOSql1=?(2eH%yBd#dtӕTo 넵}*RT2^%.J=Ux? u"^_1b|.a Cҁ\ Dh/U+U/@F:Qsa8}f1Թ/&Tp?zlq^s0po&3M KZ?4* m?w :o ,B@Dܨ@ڇ)uZ⾂XA>>ҋHk}# ~.JopUALvq![ 4)/: 9~ŵq76A6jBU Djv7ҩ/| N6A'wt¾8!b >kӠo{'EbNHX?ʯ۰*OUÓ*mJ6cbC K^oԆ`/kDdQ:ڸbdwbЏ,.@y Xp%#WvwVL`̳Ұߙ ?e 1tPO ɈtȾr}*ҿ\3٩_kaM:eՕX2& Jٯ;9\(0ܺh՞@so^XCMYimJ`Ѐ}%r[GA!PB'/ eKC,q ~)n;k}&/"[~u&CBP^ }.5C@sG=~\>t[ iש`rV誼2QB%_&fnՑA?q"dŌmk6Ĺ[nEAӓ+B!@zqگ,QM GfxŎa&Mދì leU.@RZn;0B^˵aO؛-EͧnVa^!\A\@jU-;+Hyzt|]9$(l<.'wiemHԫh & Ի{eS/AHf,oIE@.]"gbqM,[pq~llM)uXuDrMe:BC;-"GɟA?1{w2榌/k"?K6}0l@hd_Xdk.]ϰײ1aqNl"@"rzP.D*&RXNpcOz͚WJRRN ṣ .꿼_o4}wS's1 ҫztpҡq$]$yhoصחa[R t]t f$_ 9^8<=>k 3=djb-Cg/~Ve;x+IݨҖ2-q}S6dk\l}rbAi]5V,y MAI,6i#Wq4hP_[<%%E0{n5cXtEE%;f陱hQ^v6g thדlWd)}˱,ܖ~-/. i. Z_{4!ay7,I6 QopB@VÀ qF 0#:ʵIJm|D\=)v[>WU?VkqB*˜ZmLRv~BPzj,3 CP橽u§T`HĿW5ɱ3"ee GIHM,+o: _h]id;Erebfۋcxoy-#J`[>{szY)Ag%h5 >Fo)$;&uJTj ץGs47@f5_#+;OI:BIxgاLQJa[nt!^̒ZrFeUv! k":H?_L͑C>Չ(Ŷ84}DnҪwGElMTu RƱ Nٺu̱}VnDv6x,تurW]x1~ΥdjxF4CB_.H(]3~]@t,{ o,.7uShnw' 2:]dzi;iOc$v]n9=}IPJ@X簖c1@23^&j\lJt81jۣ?cЕ ̤c`l]`Vz)'.D%HwB\soE%)$ |t0K_TSC63kx-f2Q4 &s&:oX?$z3Iur_!%Bh%2 1%n¡&Fq..g4k0E' ?'Mzr3Y%3?ٯq&EɹX 2XU6GF|`6o: ǿg\1G@ ŕuIJ"ŕƊ6?]+:0f wŬm䴷|_Yܓe4Żj 㛵2۴Ƿd(JĐ ~ȝٶ/Hu{`^8@َ߸s:"]!gZ],I.v2~E?b (c flJV[2xK:!lPfgد[ӵkt S!B^gJp~/ׄUK+4X"Y Dl/'Dzؚ@Kw]~i-?[G`8D~"5uC?VNT}@:3Z4*SwpBG&NidʁCyű{)ʪO ݺNf;rwo;A' `h{;AIږzïR+0wm8ET֟**/ˉJ&&˴lV?CKU)th Ͱ;L`\MwEQ׏Tqs*3ǺU΢Ż k;QJ_/Y"*XZz>V۽ԭ/OvC.?:iUZb_՚U`JQxES+Ts]X\G5 yٞ,ĿcQh9sWJׅZ6n|U@U'-AKq./nOĕ "GhXd>] 3z:C #D6@" ɐw>d U0"!aq.dkX% c4ާۀ~4ܥlR٘3Oyp ʙ4T P17^#L'AʔV|x\4l{NOehqi'kYȤñaRr^"?ڰ* d5$q#=b,03>.8njuxG NwH$B:ҥ]?.Τ3% t+j.V7E0=WƖx AT@hZ4y o bیiOG7 WK;ECf<˨V_zfo>HZ T^j!t󘉉tǒ~ p} SMwj#7sSZH"oIImd.;@;E9gD$/՜AH<]5|1Ԣ3p:/c(CXCZf<%{ޫ|Um~0.M!$Kpl;ZK1Ph N[ѧ/6O`\q(vS,s6DlTdcq%fg _C2Jo(jq^e SXMXn3 g(RϻQ݈GPŏиfQ' #}EY+ t!) z1Aºܒ#bd亡" R<~%Dh}8OT[wf>0ݡzH.B& y)xRJTw+A15<ᔅ-ay:S-Wa>LZn/ϼ0B7ִI&R!' Z{3{%4WQkMcrWFʝ.\l*X;БQ`Hn}!dO*Tk6IApgGe.@VD>y(Y XN5?SP;X-w4 o5N=ȥ(!q;~.(B~$P,KҌK>a:N~&rd# g.jvL:|<%/p-݆BX+0ňc4%.Gq@ դ?=nj{R`B̓Ά! mQ._o sV_~QOo佅=oh = 4qԷ;H*gMA7.:mAmn _\#qsq k jG^6c$N ? !X֯n lktIMd^Td`wl}XEʛDU]1qόwS}f]kn;9*LʀoB+]Ň;] GVKlE w}QZLL9'~)~1z:ǦRTo>Ha?G tKAB(ϻ1zs:5SlJ_X}sp!(ԺnRNm:}/Se[BpE'@2Âc_(0хG5u_ (앺ovoͤ,cn؏V#FckY_)0c̨4P~{R,'!9ʌmRf6˙\G/~≉`pwYF6~ݖA2ûKUt,XKL\]- y@$.[#; NB`g)s'\\%x쪬U b/ėP4OvcWwjǩpp_9-_icHx3 6Suu"پ]xs1JK @ d-|+c&q'i9ۡ̇%/@fhlѩ&ȏQ\d 5[gq}]8 ̋tXa> ҕ%ţ6Ydl#}Iv(%HA=^m*?4RN3Iu;Jઢ[9dcBX^ [ lm1><;[j Lr_$K5H|}֝{+š?}7Y|i$[MIE )ͭϙ^B$F{[ rl⭦Q Ƚ[CNCu0@ 0w36YfOgsNEɻ!HTP^4$dOظ<7mVPZ:,*w5{2{7oE.eV)cg䟲oQ&8`tWЩC./}MiصsKZjL&QђVy ) Gӂa'[u#Qm&9JA>>I7aӽʦ7u]aY,iD=z$ZYM~כIU-"o6Gr/gLh6b.˸25/Q ,ecL١D|mE!xB{j 6-|$gi=f8ɣk3Lǖz@UM[[p$Gɑ/K7h1 ` u#+/eWl{ݳBus ?I}`Tb3F7y;yz&lp2Ԥ(ԜW#D7SmT@-tkys<3եZA4賷1;1=&L$Qtܞe`-]*iSQe9T'=MU61| (U^)_qWpt?>O=s@Xd$/H5w H%',Rsjn*=!~k׉@ Æ7"=#.^@ZشlAD鏭nCtx^;Q!)=;^.=g<&:WbQ>b+^>0lحRvH"WcRz#NyDǙPFy 6 z=V@՘jBgU{:@Hq4 D}lTVo)(Ww˄M) n[ΐq7v$^`kf0Y,Qe@. 7]V螖?jblb]pu.l)1&Zm`hl:e>?X-Fg!"mNIp%o#csHܜ6^RN1 /YH"PT9 :o@R pcpSrٝ]FV;"vw^ǃ҇A?G.b $BDݗX:{^ՖR;3ﳂ##M g{n51&t(1Gv ELK/% l2x Y ZaCi=qGG cn(d@MPT/ An!IUq}b4lC1P䦗mC>w*n@xb܇LqФ]K&TVWǺ fG+a!FC7(_ IJ; Ղbk:tgٔ5w =̜tB%Pa%=z^9u;<iuydBɖ`;w,tՍlYZ{/tq)sy8Igh1'~vطg1+mW@SP%yBnuugf=_lU;U!33~d/4J@)7-9)H'lP(nY@6uYǨeF M*׸FVXPԫ`1:"<郥LFZ7x ngd>ZT k.l˰bq="٨>E Xbn65%"_*߷>au]䚴 lF{Fnfk.7 AؽΙf`D9 ]^t|$[k-5'KyAjg )mjI!0(w\WxhmP`JFQf$Qsfk%c?+36,bDPglt^w B=:\ɈVLA=o|Cș8UjUU.RܾnrNׁX3Q u& 0B)І4`| ,~ }7DWPOI#zƞv\5Jn<[Ù yҟ/:ցcldy*^MCDDy0UM i||!)r_2jMmL(x3k(twgGR1 vDCό{T+m59!;9~$gkw)#OQc<2=ʗ|B^ ّȹ):DDJޤŠ'oĸ*=gU_oWܔK ~B/˨׽o,mv A^ AQґh Y 9ۓ>E#lMExF٩?bVİ$~廩_m"M($KEdCu2jx'JCp"_6#E4HJ9P'$w[jk"=QJ@sr ƾG&1yn*T tM-~n~Y^|"9s Ux"dh1l>>dǷMU"r^PD{;ͯmVi<@зXUvfw;=]-~Snjtqj z(;Yڷ~-@.˅=<|K9Iҽ@+fN>@lOA&YGުSŮޛ,m:Vgf}!2oOAG1tN|?_ǒVNLC$AJxZĊ=n?VRдsWPS dyv^5J ;=4ml,٭&rg?E +a9-\<3%IU@?#)sA58{uUcž94Q!l 瘌qLo`E ̂~6qVبҏ`f$uaay}^}8 WcdaSc7m}i OH\s?~J?i=pl9YQH3s? 0֌p}ak[uSBpUX;+k/5"$b&MW6fv A*FSCۖa=8tk4U `ōFğOu6hߞ:ٔ@uL9FEm's=X{yh5mTZ|1ÔirV Nއ+Cv),E:lJ |0}Gh o&pߓAA|GxƾVI䧜0 4esy D<2086e_TEJy& Px\Byُ[nkO t_\h.Ozjެ4L&HGKXZ_k' yLGm H"sׇsp<ж }@,~U' ^Vr4i4ih*`&`_ݽ$ :f ̂4>#׸keqoŸpM?qhz^;#FXīd!BRӚe6d iCj6/^L]m_Crkvc+lgY:w=w?q0'pIޙht.DBx'բߍb=W2@2t\Kk*4BG`;:bWXGq' ORO!j$gġ$ cjy<͚[#|ShN\g[˛ ? },)Di@32KCgXN')HMpt0T?/T^TRGSo w?Ey <-\вGPob~!KDjHr~H3Ix_odc*t;tc7yv>F"Xf齽tfnPx@ L?i:ԑ"˘v$š…2|5l4fJ[Eo%ˉ^ROȚ94Ɩ yk :+%d4 LWfBsʝEe џx ]쐛+eҷ|;2M8Cd2_6CU^v`[i%Aw&>@ QQ0:-f HvT<>ЎmG+qmST. XK`iזd'dO][jܛ. ;8'߾7b:Bk2V\Ц5m!&~ x4 +݆5P61n$Vc\//dAW+7wva)(9p+p/?;H=7a;܂jKz_jJ#Z;֩!Y)8#79v+X9M=k[A܎ e{sK9L;,K<82 ]gc_z`n 3A@]&j趺\cLN}%Y0(|*tՍo# x_l sH2wd eX\6Fv}Q>tT^3x$巖mŒQ  ?K89Scr敢4lvELH x$25-ӣtAU8꺉o-A<Ӫ`̶DPP]6{Ndۗ%é%S,ynmUTJ寁P#EG~|ԖqFaF6|4NHx+ȕLOX/qqU:xteK}a &)S|9~ߨ3ޕüBor߼w aw/R`|+n6԰c;ui{Gg#f,/B x ?}"j7 XO0O7H4¦J[W. A<\9T!?:L c/-=֙/y'u?˦A\44DgRbdeq=Ө!3gT_p=:=[o 7LKȫGFKo_Ρ")I>KsjQۮ[vFG3hK)lG{up?Uc(kuiSs|$v^^p2-V$<_~R}uEƕO"l'W<|[LV`2"mte6E4K7F8۶킖F,jH/u. +TxjA?h,3ĜL+>v͠#:^, onžOO")ڻqMmr~CiȻ^֥SPWڵ-mVL<>&t{VJ7}$s9ȁrwXf6tɹh8jR]lI&Uͭ^\$1~Ѫ7{2pgAK=ci oGw@҈g1HZ=z *ޮ0ƪoH(\>:_}MB!J0 "HBmj@tz$˼7 pV- 4g14"ĀQXuj?fz; ?1-g1=5ZL&6HpL\=f6)"T0)jE`Q4Co(`&{^>:F8 ;54X1eu!OAOZ?P:4;M׸WS(j#e&lK5TIFFN/I/FjGßR-ō13Wk B}Y}JZ;76jG&ĺFݰaLHJeD>v/}A^ʲmIςdEO{zbJ7'/p:*g3aYK.xV~ֈ^bZu* Hq*e;nTюVcO_z>RgPT@e1lurGٖ?i"-K22}s;(Wڝk/?!)W ) R}yцTFu:P@OW[Ⱦ5)D'&<_T|ۡ`72EIs'K  7-8Ƣi}3".LbB}dvPA#:i "(ݛ?yuysI؛v/baн@|㸎S6ɀai _mWhzU7GF^GJVԊ ruW%yM0Սnd%F3"&ؾ^+Z2@]eMȘ1vNXc5W~`y΄i68e07V'$KEo:|mӺSX 1l|7`@aT={`83Jo*-Mh0<^fB-Lq2O5H#Xqz+c9,i7K\k'P'0X返9$#\/ՠ*RO[N _8)~g]%4<0 GTRѐD@_+lhsS+ PF.x~l:UW4Y:ay(R6yѶHne\!zsUJܦp!$p)P>yA?WIM΄v7rFWp,B8:#qZf+M@EBXڡ_5FlggaV|EW|| {x#9wًg{B X,C]WVͶNI2w:S*֤L_S`߳Q>r!JM#8y?=٨<'tƳ5'߉`7 TŒY/C %;ͲInprlbsoߓ֑ЊksRl]C,}⸠-!&y'Q.CjyNgrSχ\w4y] GSyA@I6˺:AZUZFKB.I1RI=x D@iA&+rd$&C<ˑĒbuxL7h6CXT<>ֈj]$8jaiwt`G@TX{%O>*?l}O.TtΉ^{7#G5v[3GKy[V|ZSY6uudxu*HhOepJ (@^tN`i5ڤsMʺpաi䌂 [PNe[$^dokR`}m i|MB蓁]5bcu\fM{m۰o_}{g*?ry;OVCrn`l[k.!yr/:c- X&]<1>!UJPFF-/e\7 xAv?Bޗ}Clk> cG9ՠhI0<[;0$ě"%& g3l8R!by6fbs]F)*NgQ#=K[Zxi2tjpߔ:7?ɦkbԆs`x9Vn(A) \h*s|KvT[k3Ͷ{VPCrj"-n+ F[Fs+A[XP73M#϶kt̰J/WR\Cs)f72%)z2o,1`i ˂f.ENU"s!F官 z|ce \/M["c?o9!y:pK |XsxYG=pݼC 7 .42Đ1YʟSDvD1 ×U0ù|bly=S@r rvƚdeCxlQVGc/㵝]C$bOʢ辯-t:).֬j-OYh9 %7(4M†NU& ,5quN#'_T62љ3'sgSovMILM&| @߁R) $Fqƶ+0D`?ɖEV(PCX~dSE*+r\8b>~9^yu`%~H_5bO+]"9l,`#l#o\zM0:·9瀻DR& 8O mL\_@~!U Lv28? &G a[1!dSx)Uc9HX}]r :ۡ+\a{{d 3+὘k1kըHL@,#}g|2+:Bڧ-YW!${-8,%dLwQ#. s؝1%FX0݅#lgvQ@$0C&"qWM{/azL3W@X!@p]094&sR/7"HZi+;h:z_keER\}ssŐ,"3_ޚVu98v)9 29əq7$X1Ƕ`w6Om1i!,Q5.`>/bkxͬn8 V~CE!KGqlm|1$ y^Gq北e_mU/bN@r?NjHGcѓklKྩǼ!ʞ<5S3=sICcվώB:E6svp|w-ͰD38#=̑P@Jus> 6e}g[m8C#oփC熈99:ifFT6/: ӰN u! õ?ɱmLQ0&*.ˎ# a{BT_|5Ě@ֻ#fzYq;O 8Y6i')bE ߺxs,BN5ºk@ `U|(}MBzl/-߅sh˓`':KvyX k1gc*!qiQzBA{MD ɭm l<(M>#q$Ye[mE&J#Dɜ V4Wˍs;b'}I0KfiWuf3~RQ^!Jې~%y\$hpW6{ E5]Tbn[dm݌[+O5i_|k*635ֲ 2d+(Wyķ#]leLGaVO 5 jRu,=uYjTsVRZ~f @[3*1"d=a yX5~Э>3Q8GTA 8VJ< -&hˎFG2]HNoIQ`|5U:(px"S XߊQ73J\ʮ:E݅D-s'*^TCO؟ml6"QA!R ˪tDb!QYmsV` WN1'n2[?YJ"ЖY6L!ƝxX G1|nD;">R:2"< g-aR6R, ڗs(}1'IIxb,z 2UA7}YQGL{P}=@J2i8;kr+l({9{f0DEu}-ˆ{9 l'=C3Cm4N! FMa]SرG Mm*3"O{S_ $zѫN=1vM˘Tݣɟ&t:7?ٻTة9tΡ]3Hi.ؘ'PH}]i >?*'}%^؜maru;[ WJ SB3c(p|xzPzF\uzy|yn16G?i5];zT2r[06`;[.i%i4/"%Ћ`11AV.! @4OMfz$ņ$_c״>YpE8S6| 9NfZK?k1RU O 3) X, A'0pwC<Գ [A*"-pQa]Iq=P4&DQ?g4;G aAE+!qA2c\Sph|TN͕NmO4T65XPrNtB lw{2 kZm(5D LzTj —ËYסqҲJ38C>3W}SG:/沒_Tg9@ ˮ?3aά Cq V/''qڲG7ڒ 9qcS-,'&5S͜2w8n Yq [=EA ³v} jd`i5EʾrI5~>meнsT밐2 d:ϔ`(Ҍ`nYq|(Wi7r]-^s!*zڭ"@$7™&Xu,ٶٞm7-F V3f+D_2idxiRv(h#X垒h38}EB}?$TKE*o3,U=H\7#.c-ti'хNae^Q|Ff;6iC<}UJXe|ņ#R\pM)fMM6R&xFJ Eᐝ/ʆ+}|T|Hk7h^BQvIP1l5ݫYOP;vA,7veNDBOnm nnFu2j۠.oyvM| ?)lDH~R9Gw-w;{e,'IO`gPRf,r7#=D>9!/H{ܦ6F:*W 6zNƧH0z@O89 gru2hpܩUIҁ EXkIF2-Pn霸RK2u<ߐ7W:}oF0AkN 33awTƉ2pͭFԻӹ.Yv/ DwI(3(Ev:^;0Ɔ"b iO+)8Bl>`iP}!KM%oyr (-?=um7Y~tiw*+4cV5O`ȇ#!4p*wyhGa'[_ ao5ˇELFȪ珼/ 8n8PU,M:c._ k3 ČlWNG`T.k֏+.v g3F+GSimqysucm*^H "(o[0)6N꘲S"[( m3*o`vgx+Y&}-)e=?hA$jk#\HqˁA]1 $I$e$k!h =zV$~Pt߃7O[S,HQ%6V =n %Rh 0-0%irY;0 *e3B) K#n5h4^Q'%1E.UH-ldӒ W J)$IVn&9%uq/c}ƍ';%D:NZGHG*5.YoS{o6AL8_T?+`y-K~BX߯BaY GDg-Qgrmgqlv#(EhS$-@g-XiBdy.z4S,JΦükGX)*'0oQmja-B~@/)%dd3٢!|%U"aWgMTdKʽ_dzd4KڂaIR`sEvUI.1)EQ6AM~ J IG'?k3٢B od*ju:Cni+ &%/sO6h6,8#Tc`x؈.M$%Z>liN}[;'m=c0͋O^)4xH17u4EQs)yKL\D)pPeۉu+z"?-0#c67fm%]2`Mr+IɩۮCX1gQpq$WV4!=cEXDrQ-`/>XI }9^ٵ8dNy nmTm~Xc4Q@p }"T&OC110,qJx!bZibkti(!]T3 "cP4NPh7a%5UV´'Wd:I\xJJð}UiB2vtgfhGn*k5+3j%=os[CwSžFtFASrc8k7tH<2e[+NnDṽd~Vx{#LD f8Gk.[B,Hث+Q|ASX24ꊷvJRbr&==<(/M܆ ^Iw;ŋZ@"kl#S6ԟIЌptTK 7tCD{(;#[G#kX?z^D}*nӉ4J)5pZ~Z tC)oq5$yyQ8 .躠Crp,/3KԃzSTf%Tz%N-hz d| ˹s4B:}zISy%r%<ܤ볜Qu:Qe{> P69KB wu| +5RJtT*"=R&fљ :E).Wȷ;Fx֨}k~~t +c~- fyUo@%_|:#( 7T,9:ȢDM'h:7>zc-[$ln(ՆKt;T8 6pQVJ.`(̢O˴ R?;L(Pe\꣟-6#4ZTS$2MZ/U6sPoLڕjo$ r5jIjEZf;mE]zih,Fp{;DdS8!7Rh &{oa;64)Q2,]xj9waG! q%zIucmD{h mK b`3RT|rjOq@e\y;}zƵ4ŦT9)k01b]|(LS J}z2vï`ț-̄///g=ҼW< wS}>=^yKu"vH@ؠ4ЬSK)FڕCr%13ٕiuVi,ƣ/]փ(kXR655(g4O/v<~/m?dRR4i0 ;7RQ&[FsVj1RBlƏv1tޕUg-@ osJE:U#9a ^nTN{_cC>cM2t\thD7q̙x(b nb&{@ HGQZ,౛b!^?p(-|ؼLtOW^7Z *EP4VK)܆.Ha# .YcMAReW| CHbg,zϲs@f,)h$jwV|[Udާ]8f;yj?J;~alw.ERzX\.aVK6 JI}YÆ~.@@wry_ teA ً (y5.+K𖂿GRXumҜ뙯}l$H8x^46G`1$Ġ,10s׈f?J$13M8MC $C|򚢦}2|oL"dFuP V!;-Q`R`NjdF MD[f#pM6ɜ1dNH<: !grb%7G\-O=[!ǭgоGc4$17L[FyV^p^]8V:qgWk>GL !bK 痉9g 9ԟ$NOmη7)'k!ycO QMtbǧVr(0!<~h`g`Zօ'P!lz{D :^@L!{VB@I\0|Q>F\ξ~kQj2d&U1nhwI$sۜ YKDal-Tvo^a fH4{$n/CտL/)8MݫaSp8(eQ)𠺓Ux'>`@rt@nZ=e,@ΈVHחvgX: .c>`3o/0;2.u[xY:eD[M?O!5 NK3GVdCh +[ A-EYw|,Ҽ@ 79 "Fuk#}`с3y O[A!UU3n .^xOr E^ jȣԀ-<sA+}—}+PR~\%c)VD.QԻp~={{$q!5$Ɍs7s }RI]x n0S4. a%㐣 h"'7d=2tK(4>m(ۢJ %{Qz8SVs:&kWwztЃr h,H2 K5tXEpw_&ʯ 1Bm!5YxZ1y5@r*%BK+d9gsO>T<~dL`Ȉˑɶ YZ