������qemu-x86-7.1.0-150500.49.27.4���������������������������������������������������������������������<���>�������,���������������������������������������������������؉�����gbp9|����Jv}�
z�n,�Q5|S̭aaM b*̐^{Jo�c&mFF}P/3W�i#� �zk[3�`[2w](O5�P�+)0a̴o��h*M�7PCa�MeOpw��RlVN,%jj$(�t?Wq�d~+�|(Hd��)Z_M�#s�In�q�ǯaYVrr�R�)���������������������A��jT���?������jD�������d��������������������������������������������������������������� ��� ���������� ���W������������������������������������������������������������������������������������������������������������� ���������������������������������������������������������������
��������������
��� �����������
���
������� ���
�����������H���
��������������
���
����������
��������������
��������������
�����������(���������������L���
�����������t������������������q�����������T���q��������������q���(�������]�������8�������d������9�������d������:������;A������F������az�������G������a���
���H������a���
���I������a���
���X������a�������Y������a�������\������b ���
���]������bH���
���^������b�������b������c.�������c������c�������d������dV�������e������d[�������f������d^�������l������d`�������u������dt���
���v������d�������w������fH���
���x������fp���
���y������f������z������i�������������i�������������i�������������i�������������i�������������i�������������i�������������j@����C�qemu-x86�7.1.0�150500.49.27.4�Machine emulator and virtualizer for x86 architectures�
QEMU provides full machine emulation and cross architecture usage. It closely
integrates with KVM and Xen virtualization, allowing for excellent performance.
Many options are available for defining the emulated environment, including
traditional devices, direct host device access, and interfaces specific to
virtualization.
This package provides i386 and x86_64 emulation.��gbh03-ch2b�����,eSUSE Linux Enterprise 15�SUSE LLC �BSD-2-Clause AND BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIT�https://www.suse.com/�System/Emulators/PC�https://www.qemu.org/�linux�x86_64������x�����������$���������������������A큤��������������������gbgbgbgbgb(gb(gb(gb(gb(gb(ab412ed204786cae56dd095430aeea487ae61aca5bd84a8e32fd7c5102b2de99�27edf2cd3613bafb348e4954722f60e080fc9ede54a215bce4bc119cb83d2cb3��173f200b35f8331acac3db18c48722bded603305cc37700192c21e0147bdf417�8bbe341af0ab06c3008d65b29fb961f21f63a1419297dd4db80632261046cd98�1ecfb26c19da9dc00cdec0d0d738db69aeea4f1231c0c0ffc483ff69b3cda6ce�65a1cc943b2309cae86f0bf0237ab7314125b47f8cfa0c4f91d9b62701ba323d�13a3f9f119797b8776105f020f36572ce6a20fa2c60d3b8112818bfaefcdd348�e01667420ee78a318ea44627d2dd68058d3377d024e6eb7237700afe2e86507d�7e2ce545757fe42b5a3d19c4a5a547e0e00bdb7dfa24a86d0409f2dd93898603���������������������������������������������������root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�root�qemu-7.1.0-150500.49.27.4.src.rpm���qemu-x86�qemu-x86(x86-64)�����@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@���@��������������������������������
���
���
���
libaio.so.1()(64bit)�libaio.so.1(LIBAIO_0.1)(64bit)�libaio.so.1(LIBAIO_0.4)(64bit)�libbpf.so.1()(64bit)�libbpf.so.1(LIBBPF_0.0.1)(64bit)�libbpf.so.1(LIBBPF_0.0.7)(64bit)�libc.so.6()(64bit)�libc.so.6(GLIBC_2.10)(64bit)�libc.so.6(GLIBC_2.11)(64bit)�libc.so.6(GLIBC_2.12)(64bit)�libc.so.6(GLIBC_2.14)(64bit)�libc.so.6(GLIBC_2.15)(64bit)�libc.so.6(GLIBC_2.17)(64bit)�libc.so.6(GLIBC_2.2.5)(64bit)�libc.so.6(GLIBC_2.27)(64bit)�libc.so.6(GLIBC_2.28)(64bit)�libc.so.6(GLIBC_2.3)(64bit)�libc.so.6(GLIBC_2.3.2)(64bit)�libc.so.6(GLIBC_2.3.4)(64bit)�libc.so.6(GLIBC_2.30)(64bit)�libc.so.6(GLIBC_2.4)(64bit)�libc.so.6(GLIBC_2.6)(64bit)�libc.so.6(GLIBC_2.7)(64bit)�libc.so.6(GLIBC_2.8)(64bit)�libc.so.6(GLIBC_2.9)(64bit)�libcapstone.so.4()(64bit)�libdaxctl.so.1()(64bit)�libdaxctl.so.1(LIBDAXCTL_1)(64bit)�libdaxctl.so.1(LIBDAXCTL_4)(64bit)�libdaxctl.so.1(LIBDAXCTL_5)(64bit)�libfdt.so.1()(64bit)�libfdt.so.1(LIBFDT_1.2)(64bit)�libgcc_s.so.1()(64bit)�libgcrypt.so.20()(64bit)�libgcrypt.so.20(GCRYPT_1.6)(64bit)�libgio-2.0.so.0()(64bit)�libglib-2.0.so.0()(64bit)�libgmodule-2.0.so.0()(64bit)�libgnutls.so.30()(64bit)�libgnutls.so.30(GNUTLS_3_4)(64bit)�libgobject-2.0.so.0()(64bit)�libibverbs.so.1()(64bit)�libibverbs.so.1(IBVERBS_1.0)(64bit)�libibverbs.so.1(IBVERBS_1.1)(64bit)�libibverbs.so.1(IBVERBS_1.8)(64bit)�libjpeg.so.8()(64bit)�libjpeg.so.8(LIBJPEG_8.0)(64bit)�liblzo2.so.2()(64bit)�libm.so.6()(64bit)�libm.so.6(GLIBC_2.2.5)(64bit)�libm.so.6(GLIBC_2.29)(64bit)�libnuma.so.1()(64bit)�libnuma.so.1(libnuma_1.1)(64bit)�libpam.so.0()(64bit)�libpam.so.0(LIBPAM_1.0)(64bit)�libpixman-1.so.0()(64bit)�libpmem.so.1()(64bit)�libpmem.so.1(LIBPMEM_1.0)(64bit)�libpng16.so.16()(64bit)�libpng16.so.16(PNG16_0)(64bit)�libpthread.so.0()(64bit)�libpthread.so.0(GLIBC_2.12)(64bit)�libpthread.so.0(GLIBC_2.2.5)(64bit)�libpthread.so.0(GLIBC_2.3.3)(64bit)�librdmacm.so.1()(64bit)�librdmacm.so.1(RDMACM_1.0)(64bit)�libsasl2.so.3()(64bit)�libseccomp.so.2()(64bit)�libslirp.so.0()(64bit)�libslirp.so.0(SLIRP_4.0)(64bit)�libslirp.so.0(SLIRP_4.1)(64bit)�libslirp.so.0(SLIRP_4.7)(64bit)�libsnappy.so.1()(64bit)�libudev.so.1()(64bit)�libudev.so.1(LIBUDEV_183)(64bit)�liburing.so.2()(64bit)�liburing.so.2(LIBURING_2.0)(64bit)�libutil.so.1()(64bit)�libutil.so.1(GLIBC_2.2.5)(64bit)�libvdeplug.so.3()(64bit)�libxenctrl.so.4.17()(64bit)�libxenctrl.so.4.17(VERS_4.17.0)(64bit)�libxendevicemodel.so.1()(64bit)�libxendevicemodel.so.1(VERS_1.0)(64bit)�libxendevicemodel.so.1(VERS_1.1)(64bit)�libxendevicemodel.so.1(VERS_1.2)(64bit)�libxenevtchn.so.1()(64bit)�libxenevtchn.so.1(VERS_1.0)(64bit)�libxenforeignmemory.so.1()(64bit)�libxenforeignmemory.so.1(VERS_1.0)(64bit)�libxenforeignmemory.so.1(VERS_1.2)(64bit)�libxenforeignmemory.so.1(VERS_1.3)(64bit)�libxengnttab.so.1()(64bit)�libxengnttab.so.1(VERS_1.0)(64bit)�libxengnttab.so.1(VERS_1.1)(64bit)�libxenstore.so.4()(64bit)�libxenstore.so.4(VERS_4.0)(64bit)�libxentoolcore.so.1()(64bit)�libxentoolcore.so.1(VERS_1.0)(64bit)�libz.so.1()(64bit)�libz.so.1(ZLIB_1.2.0)(64bit)�libzstd.so.1()(64bit)�qemu�qemu-accel-tcg-x86�qemu-ipxe�qemu-ovmf-x86_64�qemu-seabios�qemu-sgabios�qemu-vgabios�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�������������������������������������������������������������������������������������������������������7.1.0�������3.0.4-1�4.6.0-1�4.0-1�5.2-1�4.14.3�gH[@g @g�|fo@f@fJf!�@e,eg'd\@dx@doMdm@d @ccU@c&@c1cӼcӼccctck@cc@cY!@cV~@cD @c@�c=qc=qc< @c< @c< @c6@c6@c47@c47@c2c*c)@c#�b?b?b?b@bbҨ@bҨ@bVbbb@bw@b{@b^@bL/@bL/@bEbBbBbBb=b=b<]@b;�b9@b0b%b%b�@b�@b�@b�@b�@b�@aC@aZ@aa�@aa*@a*@a*@a*@a*@a@a@a5aLa@awa`2aC1a@a8a8a0a.�a(a'@a�j@a
$@a /`@`@`Q@`ݮ@`ݮ@`@`"@`P@`@`
@`@`@`Z`@`@`}p`x*`u`c�`Y@`Q@`P`OL@`KW`KW`B�@`?z@`8`/@`.V`-�@`+`!'`!'`�3@`�`�`�`��@`
@`�x@__T_j____^@_@__@_}_ts@_h_`_Z�@_Z�@_X_N7_FN_D@_>e_;_2@_�{_�_�@^z^@^n@^?@^^�^U@^U@^�^@^1^@^@^�^|@^y@^t@^t@^oj@^j$@^Nt^M#@^9\^8�@^0"@^*@^*@^�@^�@^�^�g@^��]+]]]e@]@]Γ@]X]�@]µ]�]5@]W]]�@]@]@]?]x]rJ@]rJ@]M`@]J@]Ik]H�@]9\\F@\Q\Q\t@\ޢ@\ޢ@\@\ڭ\ֹ@\g\�@\!\Ɋ@\�\e\\Y@\o@\n\f\ac\T4\Q\J@\@n@\=@\�@[>�@[>�@[�o[��@[�[
@[�ZnZ�@Z�Z�Z@ZZ̧@Z�Z�Z�Z�Zw@Z@ZX0>X%X lW_@WWv@WWίWW:WQWWWWW�@W~W~WWzOWZWZWQq@WN@WN@WF@WEW!@W!@W��@W�o@VbVV@V@V@VVuV]VQ@VQ@VMVMV0V&,V�V�ZV�ZV�ZU6@U5@U(U@U@UUlI@Ud`@UT@UQ@U@U7@U4@U.RU-�@U-�@U)�U'@U&iU&iU%�@U%�@U�U�U��@U
]@U��T@TTD@TZ@T@dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�li.zhang@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�li.zhang@suse.com�dmueller@suse.com�dfaggioli@suse.com�giecrilj@stegny.2a.pl�schwab@suse.de�dfaggioli@suse.com�dfaggioli@suse.com�hpj@urpla.net�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dmueller@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dimstar@opensuse.org�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�lma@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�mliska@suse.cz�dmueller@suse.com�li.zhang@suse.com�li.zhang@suse.com�li.zhang@suse.com�li.zhang@suse.com�li.zhang@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�li.zhang@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�li.zhang@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�li.zhang@suse.com�li.zhang@suse.com�li.zhang@suse.com�li.zhang@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�lma@suse.com�li.zhang@suse.com�dfaggioli@suse.com�li.zhang@suse.com�li.zhang@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dfaggioli@suse.com�dmueller@suse.com�dfaggioli@suse.com�guillaume.gardet@opensuse.org�jose.ziviani@suse.com�li.zhang@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�dmueller@suse.com�jose.ziviani@suse.com�jose.ziviani@suse.com�brogers@suse.com�jose.ziviani@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�dimstar@opensuse.org�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�lma@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�milsav92@outlook.com�brogers@suse.com�lyan@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�dimstar@opensuse.org�brogers@suse.com�lyan@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�mliska@suse.cz�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�lyan@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�lyan@suse.com�dimstar@opensuse.org�brogers@suse.com�brogers@suse.com�dimstar@opensuse.org�brogers@suse.com�ohering@suse.de�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�guillaume.gardet@opensuse.org�brogers@suse.com�brogers@suse.com�stefan.bruens@rwth-aachen.de�brogers@suse.com�lnussel@suse.de�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�lyan@suse.com�brogers@suse.com�stefan.bruens@rwth-aachen.de�lyan@suse.com�cgoll@suse.com�brogers@suse.com�brogers@suse.com�tchvatal@suse.com�brogers@suse.com�brogers@suse.com�schwab@suse.de�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�guillaume.gardet@opensuse.org�guillaume.gardet@opensuse.org�brogers@suse.com�brogers@suse.com�brogers@suse.com�lyan@suse.com�brogers@suse.com�brogers@suse.com�lyan@suse.com�brogers@suse.com�brogers@suse.com�olaf@aepfle.de�brogers@suse.com�olaf@aepfle.de�lma@suse.com�brogers@suse.com�olaf@aepfle.de�brogers@suse.com�brogers@suse.com�ldewey@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�ldewey@suse.com�brogers@suse.com�ldewey@suse.com�matz@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�lma@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�lma@suse.com�kwalter@suse.com�brogers@suse.com�lyan@suse.com�brogers@suse.com�lma@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�jfehlig@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�lyan@suse.com�brogers@suse.com�brogers@suse.com�henrik.kuhn@origenis.de�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�lyan@suse.com�brogers@suse.com�brogers@suse.com�jfehlig@suse.com�brogers@suse.com�brogers@suse.com�schwab@suse.de�brogers@suse.com�schwab@suse.de�brogers@suse.com�lyan@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�lyan@suse.com�brogers@suse.com�brogers@suse.com�lyan@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�brogers@suse.com�brogers@suse.com�ohering@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�brogers@suse.com�afaerber@suse.de�afaerber@suse.de�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�agraf@suse.com�afaerber@suse.de�brogers@suse.com�agraf@suse.com�brogers@suse.com�glin@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�brogers@suse.com�agraf@suse.com�brogers@suse.com�brogers@suse.com�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�olaf@aepfle.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�stefan.bruens@rwth-aachen.de�agraf@suse.com�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�tampakrap@opensuse.org�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�agraf@suse.com�crrodriguez@opensuse.org�agraf@suse.com�jslaby@suse.com�afaerber@suse.de�agraf@suse.com�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�agraf@suse.com�afaerber@suse.de�agraf@suse.com�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�brogers@suse.com�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�afaerber@suse.de�mpluskal@suse.com�afaerber@suse.de�agraf@suse.com�afaerber@suse.de�- Fix bsc#1228079 and boo#1231166:
* target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest (bsc#1228079)
* [openSUSE][RPM] The qemu translation is not being installed (boo#1231166)�- Fix bsc#1229007 (CVE-2024-7409) and bsc#1230834 (CVE-2024-8354):
* nbd/server: CVE-2024-7409: Close stray clients at server-stop (bsc#1229007, CVE-2024-7409)
* nbd/server: CVE-2024-7409: Drop non-negotiating clients (bsc#1229007, CVE-2024-7409)
* nbd/server: CVE-2024-7409: Cap default max-connections to 100 (bsc#1229007, CVE-2024-7409)
* nbd/server: Plumb in new args to nbd_client_add() (bsc#1229007, CVE-2024-7409)
* nbd: Minor style and typo fixes (bsc#1229007, CVE-2024-7409)
* aio-wait.h: introduce AIO_WAIT_WHILE_UNLOCKED (bsc#1229007, CVE-2024-7409)
* hw/usb/hcd-ohci: Fix #1510, #303: pid not IN or OUT (bsc#1230834, CVE-2024-8354)�- Fix bsc#1230915, CVE-2024-8612:
* softmmu: Support concurrent bounce buffers (bsc#1230915, CVE-2024-8612)
* system/physmem: Per-AddressSpace bounce buffering (bsc#1230915, CVE-2024-8612)
* system/physmem: Propagate AddressSpace to MapClient helpers (bsc#1230915, CVE-2024-8612)
* system/physmem: Replace qemu_mutex_lock() calls with QEMU_LOCK_GUARD (bsc#1230915, CVE-2024-8612)�- Properly fix bsc#1230140 (patch also submitted upstream):
* [openSUSE] target/ppc: Fix lxvx/stxvx facility check (bsc#1230140)�- Fix bsc#1230140 (and bsc#1229814 & bsc#1230008):
* target/ppc: Fix lxv/stxv MSR facility check (bsc#1230140, bsc#1229814, bsc#1230008)
- Fix a build issue of ipxe with newer binutils:
* [openSUSE] roms/ipxe: Backport patches to fix the build with binutils 2.41
- Misc:
* [openSUSE] Update hash of the sgabios submodule�- Fix bsc#1227322, CVE-2024-4467:
* qcow2: Don't open data_file with BDRV_O_NO_IO�- Backports and bugfixes:
* net: Update MemReentrancyGuard for NIC (bsc#1213269, CVE-2023-3019)
* net: Provide MemReentrancyGuard * to qemu_new_nic() (bsc#1213269, CVE-2023-3019)
* ui/clipboard: add asserts for update and request (bsc#1218889, CVE-2023-6683)
* ui/clipboard: mark type as not available when there is no data (bsc#1218889, CVE-2023-6683)
* hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
* hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
* hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446)
* hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446)
* apic: disable reentrancy detection for apic-msi (bsc#1222843, CVE-2024-3446)
* raven: disable reentrancy detection for iomem (bsc#1222843, CVE-2024-3446)
* bcm2835_property: disable reentrancy detection for iomem (bsc#1222843, CVE-2024-3446)
* lsi53c895a: disable reentrancy detection for script RAM (bsc#1222843, CVE-2024-3446)
* hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (bsc#1222843, CVE-2024-3446)
* checkpatch: add qemu_bh_new/aio_bh_new checks (bsc#1222843, CVE-2024-3446)
* async: Add an optional reentrancy guard to the BH API (bsc#1222843, CVE-2024-3446)
* memory: prevent dma-reentracy issues (bsc#1222843, CVE-2024-3446)
* hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447)�- Bugs and CVEs fixes:
* hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)
* pcie: Introduce pcie_sriov_num_vfs (bsc#1220065, CVE-2024-26328)
* virtio-net: correctly copy vnet header when flushing TX (bsc#1218484, CVE-2023-6693)
* hw/pvrdma: Protect against buggy or malicious guest driver (bsc#1209554, CVE-2023-1544)
* pcie_sriov: Validate NumVFs (bsc#1220062, CVE-2024-26327)
* esp: restrict non-DMA transfer length to that of available data (bsc#1220134, CVE-2024-24474)
* s390x/ap: Wire up the device request notifier interface (bsc#1205316)
* linux-headers: update to v6.5-rc1 (bsc#1205316)
* Update linux headers to v6.3rc5 (bsc#1205316)
* linux-headers: Update to v6.2-rc8 (bsc#1205316)
* linux-headers: Update to v6.1 (bsc#1205316)
- Backport of SapphireRapids CPU Models (jsc#PED-8113):
* target/i386: add support for VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE
* target/i386: Export MSR_ARCH_CAPABILITIES bits to guests
* docs: re-generate x86_64 ABI compatibility CSV
* target/i386: Add new CPU model GraniteRapids
* target/i386: Add few security fix bits in ARCH_CAPABILITIES into SapphireRapids CPU model
* target/i386: Add new bit definitions of MSR_IA32_ARCH_CAPABILITIES
* target/i386: Allow MCDT_NO if host supports
* target/i386: Add support for MCDT_NO in CPUID enumeration
* target/i386: Adjust feature level according to FEAT_7_1_EDX
* target/i386: Add support for PREFETCHIT0/1 in CPUID enumeration
* target/i386: Add support for AVX-NE-CONVERT in CPUID enumeration
* target/i386: Add support for AVX-VNNI-INT8 in CPUID enumeration
* target/i386: Add support for AVX-IFMA in CPUID enumeration
* target/i386: Add support for AMX-FP16 in CPUID enumeration
* target/i386: Add support for CMPCCXADD in CPUID enumeration
* target/i386: add support for FB_CLEAR feature
* target/i386: add support for FLUSH_L1D feature
* i386: Add new CPU model SapphireRapids
* target/i386: KVM: allow fast string operations if host supports them
* target/i386: add FZRM, FSRS, FSRC
* target/i386: add FSRM to TCG
- Backport of EPYC-Genoa CPU Model (jsc#PED-7366):
* target/i386: Add EPYC-Genoa model to support Zen 4 processor series
* target/i386: Add VNMI and automatic IBRS feature bits
* target/i386: Add missing feature bits in EPYC-Milan model
* target/i386: Add feature bits for CPUID_Fn80000021_EAX
* target/i386: Add a couple of feature bits in 8000_0008_EBX
* target/i386: Add new EPYC CPU versions with updated cache_info
* target/i386: allow versioned CPUs to specify new cache_info�- Fix bsc#1188609, bsc#1213925, bsc#1212850, bsc#1215311, bsc#1213210:
* hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638)
* virtio-crypto: verify src&dst buffer length for sym request (CVE-2023-3180)
* io: remove io watch if TLS channel is closed during handshake (CVE-2023-3354)
* [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41
* [openSUSE][RPM] pass -p1 to autosetup in qemu.spec
* target/s390x: Fix the "ignored match" case in VSTRS
* linux-user/elfload: Enable vxe2 on s390x�- Fix bsc#1213414, bsc#1207205, bsc#1212968, bsc#1179993,
bsc#1181740, bsc#1213001
* vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (CVE-2023-3301)
* hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330)
* 9pfs: prevent opening special files (CVE-2023-2861)
* hw/ide/piix: properly initialize the BMIBA register
* ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)
* [openSUSE][OBS] Refine the OBS workflow for 15-SP5�- Fix bsc#1211000
- Patches added:
* Run fstat asynchronously inside coroutines (bsc#1211000)
* Allow bdrv_get_allocated_file_size to run in bdrv context (bsc#1211000)
* Convert query-named-block-nodes to coroutine (bsc#1211000)
* Convert query-block/info_block to coroutine (bsc#1211000)
* block: Convert bdrv_get_allocated_file_size() to co_wrapper (bsc#1211000)
* block-coroutine-wrapper.py: support also basic return types (bsc#1211000)
* [openSUSE][RPM] Backport some spec-file improvements from Factory�- Fix bsc#bsc#1211697
* Patches added:
smbios: sanitize type from external type before checking have_fields_bitmap (bsc#1211697)
hw/smbios: fix field corruption in type 4 table (bsc#1211697)
linux-user: fill out task state in /proc/self/stat
test-vmstate: fix bad GTree usage, use-after-free
qemu/osdep: Switch position of "extern" and "G_NORETURN"�- Switch the packaging workflow to git, like the one we have in place
already for Factory.
* Patches no longer present as patch files, but applied as commits:
Disable-some-tests-that-have-problems-in.patch
Make-char-muxer-more-robust-wrt-small-FI.patch
Make-installed-scripts-explicitly-python.patch
Makefile-fix-build-with-binutils-2.38.patch
PPC-KVM-Disable-mmu-notifier-check.patch
Raise-soft-address-space-limit-to-hard-l.patch
Revert-linux-user-fix-compat-with-glibc-.patch
Revert-roms-efirom-tests-uefi-test-tools.patch
Revert-tests-qtest-enable-more-vhost-use.patch
Update-linux-headers-to-v6.0-rc4.patch
accel-abort-if-we-fail-to-load-the-accel.patch
ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch
bios-tables-test-add-test-for-number-of-.patch
bios-tables-test-teach-test-to-use-smbio.patch
block-Handle-curl-7.55.0-7.85.0-version-.patch
block-io_uring-revert-Use-io_uring_regis.patch
configure-Add-Wno-gnu-variable-sized-typ.patch
dmg-warn-when-opening-dmg-images-contain.patch
dump-Add-architecture-section-and-sectio.patch
dump-Refactor-dump_iterate-and-introduce.patch
dump-Reintroduce-memory_offset-and-secti.patch
dump-Rename-write_elf-_phdr_note-to-prep.patch
dump-Rename-write_elf_loads-to-write_elf.patch
dump-Reorder-struct-DumpState.patch
dump-Replace-opaque-DumpState-pointer-wi.patch
dump-Rework-dump_calculate_size-function.patch
dump-Rework-filter-area-variables.patch
dump-Rework-get_start_block.patch
dump-Split-elf-header-functions-into-pre.patch
dump-Use-a-buffer-for-ELF-section-data-a.patch
dump-Write-ELF-section-headers-right-aft.patch
hw-acpi-erst.c-Fix-memory-handling-issue.patch
hw-display-qxl-Avoid-buffer-overrun-in-q.patch
hw-display-qxl-Document-qxl_phys2virt.patch
hw-display-qxl-Have-qxl_log_command-Retu.patch
hw-display-qxl-Pass-requested-buffer-siz.patch
hw-pvrdma-Protect-against-buggy-or-malic.patch
hw-scsi-megasas-check-for-NULL-frame-in-.patch
hw-smbios-add-core_count2-to-smbios-tabl.patch
hw-smbios-handle-both-file-formats-regar.patch
hw-smbios-support-for-type-8-port-connec.patch
include-elf.h-add-s390x-note-types.patch
increase-x86_64-physical-bits-to-42.patch
linux-user-Fake-proc-cpuinfo.patch
linux-user-lseek-explicitly-cast-non-set.patch
linux-user-remove-conditionals-for-many-.patch
linux-user-use-max-as-default-CPU-model-.patch
linux-user-use-target_ulong.patch
meson-install-ivshmem-client-and-ivshmem.patch
meson-remove-pkgversion-from-CONFIG_STAM.patch
module-add-Error-arguments-to-module_loa.patch
module-removed-unused-function-argument-.patch
module-rename-module_load_one-to-module_.patch
net-tulip-Restrict-DMA-engine-to-memorie.patch
openSUSE-Basetools-Ignore-spurious-GCC-1.patch
openSUSE-Makefile-Fix-csum8-to-be-built-.patch
openSUSE-Makefile-define-endianess-for-c.patch
openSUSE-Makefile-fix-issues-of-build-re.patch
openSUSE-add-cross.ini-file-to-handle-aa.patch
openSUSE-build-Makefile-fix-issues-of-bu.patch
openSUSE-build-Silence-GCC-12-spurious-w.patch
openSUSE-build-be-explicit-about-mx86-us.patch
openSUSE-build-enable-cross-compilation-.patch
openSUSE-pc-q35-Bump-max_cpus-to-1024.patch
openSUSE-pcbios-stub-out-the-SAN-req-s-i.patch
openSUSE-switch-to-python3-as-needed.patch
openSUSE-test-help-compiler-out-by-initi.patch
qemu-binfmt-conf-Modify-default-path.patch
qemu-bridge-helper-reduce-security-profi.patch
roms-Makefile-add-cross-file-to-qboot-me.patch
roms-Makefile-pass-a-packaging-timestamp.patch
roms-change-cross-compiler-naming-to-be-.patch
s390x-Add-KVM-PV-dump-interface.patch
s390x-Add-protected-dump-cap.patch
s390x-Introduce-PV-query-interface.patch
s390x-pci-add-routine-to-get-host-functi.patch
s390x-pci-don-t-fence-interpreted-device.patch
s390x-pci-enable-adapter-event-notificat.patch
s390x-pci-enable-for-load-store-interpre.patch
s390x-pci-let-intercept-devices-have-sep.patch
s390x-pci-reflect-proper-maxstbl-for-gro.patch
s390x-pci-reset-ISM-passthrough-devices-.patch
s390x-pci-shrink-DMA-aperture-to-be-boun.patch
s390x-pv-Add-dump-support.patch
s390x-tod-kvm-don-t-save-restore-the-TOD.patch
scsi-generic-check-for-additional-SG_IO-.patch
scsi-generic-replace-logical-block-count.patch
tests-acpi-allow-changes-for-core_count2.patch
tests-acpi-update-tables-for-new-core-co.patch
tests-change-error-message-in-test-162.patch
tests-qemu-iotests-Triple-timeout-of-i-o.patch
ui-vnc-clipboard-fix-integer-underflow-i.patch
xen-add-block-resize-support-for-xen-dis.patch
xen-ignore-live-parameter-from-xen-save-.patch
xen_disk-Add-suse-specific-flush-disable.patch�- Fix bsc#1209064
* Patches added:
s390x-pci-reset-ISM-passthrough-devices-.patch
s390x-pci-shrink-DMA-aperture-to-be-boun.patch�- Fix build issue with Linux 6.2's headers (bsc#1208657) by dropping
linux-user-add-more-compat-ioctl-definit.patch and adding
Revert-linux-user-fix-compat-with-glibc-.patch
- Patches meson-enforce-a-minimum-Linux-kernel-hea.patch and
linux-user-drop-conditionals-for-obsolet.patch were added
as downstream patches as they were part of a series, but
they never made it upstream, so we don't want them here
either
* Patches dropped:
linux-user-add-more-compat-ioctl-definit.patch
linux-user-drop-conditionals-for-obsolet.patch
meson-enforce-a-minimum-Linux-kernel-hea.patch
* Patches added:
Revert-linux-user-fix-compat-with-glibc-.patch�- Fixes bsc#1197653, CVE-2022-1050
* Patches added:
block-Handle-curl-7.55.0-7.85.0-version-.patch
hw-pvrdma-Protect-against-buggy-or-malic.patch�- Fixes: jsc#PED-1716 Add S390 features from IBM requirements
* Patches added:
dump-Add-architecture-section-and-sectio.patch
dump-Refactor-dump_iterate-and-introduce.patch
dump-Reintroduce-memory_offset-and-secti.patch
dump-Rename-write_elf_loads-to-write_elf.patch
dump-Rename-write_elf-_phdr_note-to-prep.patch
dump-Reorder-struct-DumpState.patch
dump-Replace-opaque-DumpState-pointer-wi.patch
dump-Rework-dump_calculate_size-function.patch
dump-Rework-filter-area-variables.patch
dump-Rework-get_start_block.patch
dump-Split-elf-header-functions-into-pre.patch
dump-Use-a-buffer-for-ELF-section-data-a.patch
dump-Write-ELF-section-headers-right-aft.patch
include-elf.h-add-s390x-note-types.patch
s390x-Add-KVM-PV-dump-interface.patch
s390x-Add-protected-dump-cap.patch
s390x-Introduce-PV-query-interface.patch
s390x-pv-Add-dump-support.patch�- Fixed: bsc#1205847 (CVE-2022-4172), bsc#1203788 (CVE-2022-3165),
bsc#1205808 (CVE-2022-4144), bsc#1206527, bsc#1208139
- Improved handling of: bsc#1202282 (jsc#PED-2592)
* Patches dropped:
pc-q35-Bump-max_cpus-to-1024.patch
* Patches added:
accel-abort-if-we-fail-to-load-the-accel.patch
bios-tables-test-add-test-for-number-of-.patch
bios-tables-test-teach-test-to-use-smbio.patch
dmg-warn-when-opening-dmg-images-contain.patch
hw-acpi-erst.c-Fix-memory-handling-issue.patch
hw-display-qxl-Avoid-buffer-overrun-in-q.patch
hw-display-qxl-Document-qxl_phys2virt.patch
hw-display-qxl-Have-qxl_log_command-Retu.patch
hw-display-qxl-Pass-requested-buffer-siz.patch
hw-smbios-add-core_count2-to-smbios-tabl.patch
hw-smbios-support-for-type-8-port-connec.patch
module-add-Error-arguments-to-module_loa.patch
module-removed-unused-function-argument-.patch
module-rename-module_load_one-to-module_.patch
openSUSE-pc-q35-Bump-max_cpus-to-1024.patch
s390x-tod-kvm-don-t-save-restore-the-TOD.patch
tests-acpi-allow-changes-for-core_count2.patch
tests-acpi-update-tables-for-new-core-co.patch
ui-vnc-clipboard-fix-integer-underflow-i.patch�- Refactor building and installing SeaBIOS docs�- Rename submodule patches so that it's clear which ones
are backports and which ones are downstream only fixes;
- No functional change intended.
* Patches dropped:
Ignore-spurious-GCC-12-warning.patch
roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
Makefile-define-endianess-for-cross-buil.patch
ipxe-Makefile-fix-issues-of-build-reprod.patch
qboot-add-cross.ini-file-to-handle-aarch.patch
sgabios-Makefile-fix-issues-of-build-rep.patch
Silence-GCC-12-spurious-warnings.patch
build-be-explicit-about-mx86-used-note-n.patch
enable-cross-compilation-on-ARM.patch
stub-out-the-SAN-req-s-in-int13.patch
help-compiler-out-by-initializing-array.patch
seabios-switch-to-python3-as-needed.patch
* Patches added:
openSUSE-Basetools-Ignore-spurious-GCC-1.patch
openSUSE-Makefile-Fix-csum8-to-be-built-.patch
openSUSE-Makefile-define-endianess-for-c.patch
openSUSE-Makefile-fix-issues-of-build-re.patch
openSUSE-add-cross.ini-file-to-handle-aa.patch
openSUSE-build-Makefile-fix-issues-of-bu.patch
openSUSE-build-Silence-GCC-12-spurious-w.patch
openSUSE-build-be-explicit-about-mx86-us.patch
openSUSE-build-enable-cross-compilation-.patch
openSUSE-pcbios-stub-out-the-SAN-req-s-i.patch
openSUSE-switch-to-python3-as-needed.patch
openSUSE-test-help-compiler-out-by-initi.patch�- Fixes jsc#PED-1716
* Patches added:
configure-Add-Wno-gnu-variable-sized-typ.patch
s390x-pci-add-routine-to-get-host-functi.patch
s390x-pci-don-t-fence-interpreted-device.patch
s390x-pci-enable-adapter-event-notificat.patch
s390x-pci-enable-for-load-store-interpre.patch
s390x-pci-let-intercept-devices-have-sep.patch
s390x-pci-reflect-proper-maxstbl-for-gro.patch
Update-linux-headers-to-v6.0-rc4.patch�- install binfmt-misc handlers for systemd (bsc#1206838)�- Raise the maximum number of vCPUs a VM can have to 1024 (jsc#PED-2592)
* Patches added:
pc-q35-Bump-max_cpus-to-1024.patch�- install SeaBIOS documentation�- Enable KVM support on riscv64�- qtests test are not realiable when run inside OBS builders, so
let's disable that part of the testsuite for now. There is work
ongoing to run it somewhere else (on dedicated hosts) to avoid
loosing coverage. (bsc#1204566)�- Improve dependency handling (e.g., what's recommended vs. what's
required.
- Add a subpackage (qemu-headless) that brings in all the packages
that are needed for creating VMs with tools like virt-install
or VirtManager, run either locally or from a remote host.
(bsc#1202166)�- Build fails due to exceeding 10 GB disk limit (10430 MB):
raise disk space contraint to 12 GB�- Fixes bsc#1204082
* Patches added:
block-io_uring-revert-Use-io_uring_regis.patch�- Due to change in where some documentation files are, if
qemu-guest-agent is installed, we need to make sure we update it
to our version (bsc#1203995)�- The links in the forsplit dirs, in each subpackage, born to deal with
package & subpackage splitting, are not really used. In fact, they're
"Provides:"-ed by a bunch of subpackages, but there's no "Requires:"
for any of them. Let's just get rid of them.�- The old qemu-binfmt weappers around the various qemu-$ARCH Linux
user emulation binaries (see, e.g., bsc#1186256) are not necessary
any longer, and bsc#1143725 can now be considered fixed.
* Patches dropped:
linux-user-add-binfmt-wrapper-for-argv-0.patch
linux-user-binfmt-support-host-binaries.patch�- Fix bsc#1204001. Patches are not upstream, and have been picked up
and backported from the ML. This is something we usually prefer to
avoid, but this is urgent, and the patches looks fine, with high
chances for them to be included as they are (and if they're not, we
will revisit this, i.e., drop them and re-include the ones that are
actually committed)
* Patches added:
linux-user-add-more-compat-ioctl-definit.patch
linux-user-drop-conditionals-for-obsolet.patch
linux-user-remove-conditionals-for-many-.patch
meson-enforce-a-minimum-Linux-kernel-hea.patch�- Improve the output of update_git.sh, by including the list of
repos to which we have downstream patches.�- Fix: bsc#1202665, CVE-2022-2962
* Patches added:
net-tulip-Restrict-DMA-engine-to-memorie.patch�- skip tests that don't work under qemu-linux-user emulation�- Runs of the test-suite seem much more stable now, in this version
of QEMU. (bsc#1203610) We are also fine re-enabling running them
in parallel.�- Switch QEMU Linux user to emulate the same CPU as the one of the
host by default. This is a bit conrtoversial and tricky, when
thinking about system emulation/virtualization. But for linux-user,
it should be just fine. (bsc#1203684)
* Patches added:
linux-user-use-max-as-default-CPU-model-.patch�- Be less verbose when packaging documentation. In fact, with just
a couple of (minor) re-arrangements, we can get rid of having to
list all the files all the time
- Package /etc/qemu/bridge.conf as '%config(noreplace). Next step
will probably be to move it to /usr/etc/qemu (bsc#1201944)�- Switch to %autosetup for all products (this required some changes
in update_git.sh)
- Run check-qtest sequentially, as it's more reliable, when in OBS
- Build with libbpf, fdt and capstone support
- Drop the patch adding our support document, and deal with that
in the spec file directly
* Patches dropped:
doc-add-our-support-doc-to-the-main-proj.patch�- Updated to latest upstream version 7.1
* https://wiki.qemu.org/ChangeLog/7.1
Be sure to also check the following pages:
* https://qemu-project.gitlab.io/qemu/about/removed-features.html
* https://qemu-project.gitlab.io/qemu/about/deprecated.html
Some notable changes:
* [x86] Support for architectural LBRs on KVM virtual machines
* [x86] The libopcode-based disassembler has been removed. Use
Capstone instead
* [LoongArch] Add initial support for the LoongArch64 architecture.
* [ARM] The emulated SMMUv3 now advertises support for SMMUv3.2-BBML2
* [ARM] The xlnx-zynqmp SoC model now implements the 4 TTC timers
* [ARM] The versal machine now models the Cortex-R5s in the Real-Time
Processing Unit (RPU) subsystem
* [ARM] The virt board now supports emulation of the GICv4.0
* [ARM] New emulated CPU types: Cortex-A76, Neoverse-N1
* [HPPA] Fix serial port pass-through from host to guest
* [HPPA] Lots of general code improvements and tidy-ups
* [RISC-V] RISC-V
* [RISC-V] Add support for privileged spec version 1.12.0
* [RISC-V] Use privileged spec version 1.12.0 for virt machine by default
* [RISC-V] Allow software access to MIP SEIP
* [RISC-V] Add initial support for the Sdtrig extension
* [RISC-V] Optimisations and improvements for the vector extension
* [VFIO] Experimental support for exposing emulated PCI devices over the
new vfio-user protocol (a vfio-user client is not yet available
in QEMU, though)
* [QMP] The on-cbw-error option for copy-before-write filter, to specify
behavior on CBW (copy before write) operation failure.
* [QMP] The cbw-timeout option for copy-before-write filter, to specify
timeout for CBW operation.
* [QMP] New commands query-stats and query-stats-schema to retrieve
statistics from various QEMU subsystems (right now only from
KVM).
* [QMP] The PanicAction can now be configured to report an exit-failure
(useful for automated testing)
* [Networking] QEMU can be compiled with the system slirp library even
when using CFI. This requires libslirp 4.7.
* [Migration] Support for zero-copy-send on Linux, which reduces CPU
usage on the source host. Note that locked memory is needed
to support this
* Patches added:
Revert-tests-qtest-enable-more-vhost-use.patch
meson-remove-pkgversion-from-CONFIG_STAM.patch
* Patches dropped:
AIO-Reduce-number-of-threads-for-32bit-h.patch
Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Revert-8dcb404bff6d9147765d7dd3e9c849337.patch
Revert-qht-constify-qht_statistics_init.patch
XXX-dont-dump-core-on-sigabort.patch
acpi_piix4-Fix-migration-from-SLE11-SP2.patch
configure-only-populate-roms-if-softmmu.patch
configure-remove-pkgversion-from-CONFIG_.patch
coroutine-ucontext-use-QEMU_DEFINE_STATI.patch
coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch
hostmem-default-the-amount-of-prealloc-t.patch
hw-usb-hcd-ehci-fix-writeback-order.patch
i8254-Fix-migration-from-SLE11-SP2.patch
intc-exynos4210_gic-replace-snprintf-wit.patch
modules-generates-per-target-modinfo.patch
modules-introduces-module_kconfig-direct.patch
pc-bios-s390-ccw-net-avoid-warning-about.patch
pci-fix-overflow-in-snprintf-string-form.patch
qemu-cvs-gettimeofday.patch
qemu-cvs-ioctl_debug.patch
qemu-cvs-ioctl_nodirection.patch
qht-Revert-some-constification-in-qht.c.patch
qom-handle-case-of-chardev-spice-module-.patch
scsi-lsi53c895a-fix-use-after-free-in-ls.patch
scsi-lsi53c895a-really-fix-use-after-fre.patch
softmmu-Always-initialize-xlat-in-addres.patch
sphinx-change-default-language-to-en.patch
test-add-mapping-from-arch-of-i686-to-qe.patch
tests-Fix-block-tests-to-be-compatible-w.patch
tests-qtest-Move-the-fuzz-tests-to-x86-o.patch
usb-Help-compiler-out-to-avoid-a-warning.patch�- pcre-devel-static is only needed when building against
glib2 < 2.73. After that, glib2 was migrated to pcre2.�- Substantial rework of the spec file:
* the 'make check' testsuite now runs in the %check section of
the main package, not in a subpackage
* switched from %setup to %autosetup
* rearranged the content in order to minimize the use of %if,
%ifarch, etc�- Properly fix bsc#1198038, CVE-2022-0216
* Patches added:
scsi-lsi53c895a-really-fix-use-after-fre.patch
tests-qtest-Move-the-fuzz-tests-to-x86-o.patch�- Make temp dir (for update_git.sh) configurable
- Added new subpackages (audio-dbus, ui-dbus)
- bsc#1199018 was never fixed in Factory's QEMU 6.2. It is
now (since the patches are already in SeaBIOS 1.16.0)
- Some tests are having issues when run in OBS. They seem to be
due to race conditions, triggered by resource constraints of
OBS workers. Let's disable them for now, while looking for a fix
- Update to v7.0.0 (bsc#1201307). For full release notes, see:
* https://wiki.qemu.org/ChangeLog/7.0
Be sure to also check the following pages:
* https://qemu-project.gitlab.io/qemu/about/removed-features.html
* https://qemu-project.gitlab.io/qemu/about/deprecated.html
Some notable changes:
* [ARM] The virt board has gained a new control knob to disable passing a RNG seed in the DTB (dtb-kaslr-seed)
* [ARM] The AST2600 SoC now supports a dummy version of the i3c device
* [ARM] The virt board can now run guests with KVM on hosts with restricted IPA ranges
* [ARM] The virt board now supports virtio-mem-pci
* [ARM] The virt board now supports specifying the guest CPU topology
* [ARM] On the virt board, we now enable PAuth when using KVM or hvf and the host CPU supports it
* [RISC-V] Add support for ratified 1.0 Vector extension
* [RISC-V] Support for the Zve64f and Zve32f extensions
* [RISC-V] Drop support for draft 0.7.1 Vector extension
* [RISC-V] Support Zfhmin and Zfh extensions
* [RISC-V] RISC-V KVM support
* [RISC-V] Mark Hypervisor extension as non experimental
* [RISC-V] Enable Hypervisor extension by default
* [x86] Support for Intel AMX.
* [PCI/PCIe] Q35: fix PCIe device becoming disabled after migration when ACPI based PCI hotplug is used (6b0969f1ec)
* [PCI/PCIe] initial bits of SR/IOV support (250346169)
* [PCI/PCIe] arm/virt: fixed PXB interrupt routing (e609301b45)
* [PCI/PCIe] arm/virt: support for virtio-mem-pci (b1b87327a9)
* [virtiofs] Fix for CVE-2022-0358 - behaviour with supplementary groups and SGID directories
* [virtiofs] Improved security label support
* [virtiofs] The virtiofsd in qemu is now starting to be deprecated; please start using and contributing to Rust virtiofsd
* Patches dropped:
acpi-validate-hotplug-selector-on-access.patch
block-backend-Retain-permissions-after-m.patch
block-qdict-Fix-Werror-maybe-uninitializ.patch
brotli-fix-actual-variable-array-paramet.patch
display-qxl-render-fix-race-condition-in.patch
doc-Add-the-SGX-numa-description.patch
hw-i386-amd_iommu-Fix-maybe-uninitialize.patch
hw-intc-exynos4210_gic-provide-more-room.patch
hw-nvme-fix-CVE-2021-3929.patch
hw-nvram-at24-return-0xff-if-1-byte-addr.patch
iotest-065-explicit-compression-type.patch
iotest-214-explicit-compression-type.patch
iotest-302-use-img_info_log-helper.patch
iotest-303-explicit-compression-type.patch
iotest-39-use-_qcow2_dump_header.patch
iotests-60-more-accurate-set-dirty-bit-i.patch
iotests-bash-tests-filter-compression-ty.patch
iotests-common.rc-introduce-_qcow2_dump_.patch
iotests-declare-lack-of-support-for-comp.patch
iotests-drop-qemu_img_verbose-helper.patch
iotests-massive-use-_qcow2_dump_header.patch
iotests-MRCE-Write-data-to-source.patch
iotests.py-filter-out-successful-output-.patch
iotests.py-img_info_log-rename-imgopts-a.patch
iotests.py-implement-unsupported_imgopts.patch
iotests.py-qemu_img-create-support-IMGOP.patch
iotests.py-rewrite-default-luks-support-.patch
iotests-specify-some-unsupported_imgopts.patch
meson-build-all-modules-by-default.patch
numa-Enable-numa-for-SGX-EPC-sections.patch
numa-Support-SGX-numa-in-the-monitor-and.patch
python-aqmp-add-__del__-method-to-legacy.patch
python-aqmp-add-_session_guard.patch
python-aqmp-add-SocketAddrT-to-package-r.patch
python-aqmp-add-socket-bind-step-to-lega.patch
python-aqmp-add-start_server-and-accept-.patch
python-aqmp-copy-type-definitions-from-q.patch
python-aqmp-drop-_bind_hack.patch
python-aqmp-fix-docstring-typo.patch
python-aqmp-Fix-negotiation-with-pre-oob.patch
python-aqmp-fix-race-condition-in-legacy.patch
Python-aqmp-fix-type-definitions-for-myp.patch
python-aqmp-handle-asyncio.TimeoutError-.patch
python-aqmp-refactor-_do_accept-into-two.patch
python-aqmp-remove-_new_session-and-_est.patch
python-aqmp-rename-accept-to-start_serve.patch
python-aqmp-rename-AQMPError-to-QMPError.patch
python-aqmp-split-_client_connected_cb-o.patch
python-aqmp-squelch-pylint-warning-for-t.patch
python-aqmp-stop-the-server-during-disco.patch
python-introduce-qmp-shell-wrap-convenie.patch
python-machine-raise-VMLaunchFailure-exc.patch
python-move-qmp-shell-under-the-AQMP-pac.patch
python-move-qmp-utilities-to-python-qemu.patch
python-qmp-switch-qmp-shell-to-AQMP.patch
python-support-recording-QMP-session-to-.patch
python-upgrade-mypy-to-0.780.patch
qcow2-simple-case-support-for-downgradin.patch
qemu-binfmt-conf.sh-should-use-F-as-shor.patch
tests-qemu-iotests-040-Skip-TestCommitWi.patch
tests-qemu-iotests-Fix-051-for-binaries-.patch
tests-qemu-iotests-testrunner-Quote-case.patch
tools-virtiofsd-Add-rseq-syscall-to-the-.patch
ui-cursor-fix-integer-overflow-in-cursor.patch
vhost-vsock-detach-the-virqueue-element-.patch
virtiofsd-Drop-membership-of-all-supplem.patch
virtio-net-fix-map-leaking-on-error-duri.patch
Disable-some-tests-that-have-problems-in.patch
* Patches added:
intc-exynos4210_gic-replace-snprintf-wit.patch
Revert-8dcb404bff6d9147765d7dd3e9c849337.patch�- Fix bsc#1197084
* Patches added:
hostmem-default-the-amount-of-prealloc-t.patch�- Get rid of downstream patches breaking s390 modules. Replace
them with the upstream proposed and Acked (but never committed)
solution (bsc#1199015)
* Patches added:
modules-generates-per-target-modinfo.patch
modules-introduces-module_kconfig-direct.patch
* Patches dropped:
Fix-the-module-building-problem-for-s390.patch
modules-quick-fix-a-fundamental-error-in.patch�- backport patches for having coroutine work well when LTO is used
* Patches added:
coroutine-ucontext-use-QEMU_DEFINE_STATI.patch
coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch�- seabios: drop patch that changes python in python2.
Just go to python3 directly.
* Patches dropped:
seabios-use-python2-explicitly-as-needed.patch�- Fix the following bugs:
- bsc#1198037, CVE-2021-4207
- bsc#1198038, CVE-2022-0216
- bsc#1201367, CVE-2022-35414
- bsc#1198035, CVE-2021-4206
- bsc#1198712, CVE-2022-26354
- bsc#1198711, CVE-2022-26353
* Patches added:
display-qxl-render-fix-race-condition-in.patch
scsi-lsi53c895a-fix-use-after-free-in-ls.patch
softmmu-Always-initialize-xlat-in-addres.patch
ui-cursor-fix-integer-overflow-in-cursor.patch
vhost-vsock-detach-the-virqueue-element-.patch
virtio-net-fix-map-leaking-on-error-duri.patch�- Fix usb ehci boot failure (bsc#1192115)
* Patches added:
hw-usb-hcd-ehci-fix-writeback-order.patch�- Fix bugs boo#1200557 and boo#1199924
- Now that boo#1199924 is fixed, re-enable FORTIFY_SOURCE=3
* Patches added:
pci-fix-overflow-in-snprintf-string-form.patch
sphinx-change-default-language-to-en.patch�- It has been observed that building QEMU with _FORTIFY_SOURCE=3
causes problem (see bsc#1199924). Force it to =2 for now, while
we investigate the issue.�- Backport a GCC 12 aarch64 build fix (bsc#1199625)
* Patches added:
block-qdict-Fix-Werror-maybe-uninitializ.patch�- Filter out rpmlint error that is valid for qemu, but will
have its badness increased in the future.�- enable aio=io_uring on all kvm architectures (bsc#1197699)�- Backport aqmp patches from upstream which can fix iotest issues
* Patches added:
python-aqmp-add-__del__-method-to-legacy.patch
python-aqmp-add-_session_guard.patch
python-aqmp-add-SocketAddrT-to-package-r.patch
python-aqmp-add-socket-bind-step-to-lega.patch
python-aqmp-add-start_server-and-accept-.patch
python-aqmp-copy-type-definitions-from-q.patch
python-aqmp-drop-_bind_hack.patch
python-aqmp-fix-docstring-typo.patch
python-aqmp-Fix-negotiation-with-pre-oob.patch
python-aqmp-fix-race-condition-in-legacy.patch
Python-aqmp-fix-type-definitions-for-myp.patch
python-aqmp-handle-asyncio.TimeoutError-.patch
python-aqmp-refactor-_do_accept-into-two.patch
python-aqmp-remove-_new_session-and-_est.patch
python-aqmp-rename-accept-to-start_serve.patch
python-aqmp-rename-AQMPError-to-QMPError.patch
python-aqmp-split-_client_connected_cb-o.patch
python-aqmp-squelch-pylint-warning-for-t.patch
python-aqmp-stop-the-server-during-disco.patch
python-introduce-qmp-shell-wrap-convenie.patch
python-machine-raise-VMLaunchFailure-exc.patch
python-move-qmp-shell-under-the-AQMP-pac.patch
python-move-qmp-utilities-to-python-qemu.patch
python-qmp-switch-qmp-shell-to-AQMP.patch
python-support-recording-QMP-session-to-.patch
python-upgrade-mypy-to-0.780.patch�- Drop the patches which are workaround to fix iotest issues
* Patches dropped:
Revert-python-iotests-replace-qmp-with-a.patch
Revert-python-machine-add-instance-disam.patch
Revert-python-machine-add-sock_dir-prope.patch
Revert-python-machine-handle-fast-QEMU-t.patch
Revert-python-machine-move-more-variable.patch
Revert-python-machine-remove-_remove_mon.patch�- Support the SGX feature (bsc#1197807)
* Patches added:
doc-Add-the-SGX-numa-description.patch
numa-Enable-numa-for-SGX-EPC-sections.patch
numa-Support-SGX-numa-in-the-monitor-and.patch�- Backport CVE-2021-3929 (bsc#1193880)
* Patches added:
hw-nvme-fix-CVE-2021-3929.patch�- The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528)
* Patches added:
Revert-python-iotests-replace-qmp-with-a.patch
Revert-python-machine-add-instance-disam.patch
Revert-python-machine-add-sock_dir-prope.patch
Revert-python-machine-handle-fast-QEMU-t.patch
Revert-python-machine-move-more-variable.patch
Revert-python-machine-remove-_remove_mon.patch�- Add missing patch from a PTFs (bsc#1194938)
* Patches added:
scsi-generic-check-for-additional-SG_IO-.patch�- Kill downstream patches around bifmt handling that makes
cumbersome to run multi-arch containers, and switch to the
upstream behavior, which is well documented and valid on
all other distros. This is possible thanks to Linux kernel
commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so
it can only work on Leap/SLE 15.4 and higher). (bsc#1197298)
* Patches dropped:
qemu-binfmt-conf.sh-allow-overriding-SUS.patch
qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch�- Fix update_git.sh wiping all the package file of the local
checkout while cloning the git repository on demand (in case they
don't exist and the user as to do so).�- Improve test reliability
* Patches added:
Fix-the-module-building-problem-for-s390.patch
tests-qemu-iotests-040-Skip-TestCommitWi.patch
tests-qemu-iotests-testrunner-Quote-case.patch�- Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall
(bsc#1196924)
* Patches added:
tools-virtiofsd-Add-rseq-syscall-to-the-.patch�- Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503
(bsc#1197018)
* Patches added:
hw-i386-amd_iommu-Fix-maybe-uninitialize.patch
Silence-GCC-12-spurious-warnings.patch
Ignore-spurious-GCC-12-warning.patch�- Proactive fix
* Patches added:
hw-nvram-at24-return-0xff-if-1-byte-addr.patch�- Build PPC firmwares from sources on non-PPC builds as well
(bsc#1193545)
- Build RiscV firmwares on non-RiscV builds as well
- While there, refactor (and simplify!) the firmware building
logic and code
* Patches added:
Makefile-define-endianess-for-cross-buil.patch
Makefile-fix-build-with-binutils-2.38.patch�- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host
bus adapter (bsc#1180432, CVE-2020-35503)
* Patches added:
hw-scsi-megasas-check-for-NULL-frame-in-.patch�- Include vmxcap in the qemu-tools package (is being very useful
for debugging bsc#1193364)�- The qemu package should require qemu-x86, qemu-arm, etc, as there's
no point installing it without _any_ of them. Additionally, right
now, the user does not get a working qemu, if recommended packages
are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087�- Give clearer instructions on how to modify the package patches
from the output of update_git.sh (docs change only, no functional
change)�- qemu,kvm: potential privilege escalation via virtiofsd
(bsc#1195161, CVE-2022-0358)
* Patches added:
virtiofsd-Drop-membership-of-all-supplem.patch�* Patches added:
block-backend-Retain-permissions-after-m.patch
iotest-065-explicit-compression-type.patch
iotest-214-explicit-compression-type.patch
iotest-302-use-img_info_log-helper.patch
iotest-303-explicit-compression-type.patch
iotest-39-use-_qcow2_dump_header.patch
iotests-60-more-accurate-set-dirty-bit-i.patch
iotests-bash-tests-filter-compression-ty.patch
iotests-common.rc-introduce-_qcow2_dump_.patch
iotests-declare-lack-of-support-for-comp.patch
iotests-drop-qemu_img_verbose-helper.patch
iotests-massive-use-_qcow2_dump_header.patch
iotests-MRCE-Write-data-to-source.patch
iotests.py-filter-out-successful-output-.patch
iotests.py-img_info_log-rename-imgopts-a.patch
iotests.py-implement-unsupported_imgopts.patch
iotests.py-qemu_img-create-support-IMGOP.patch
iotests.py-rewrite-default-luks-support-.patch
iotests-specify-some-unsupported_imgopts.patch
qcow2-simple-case-support-for-downgradin.patch
tests-qemu-iotests-Fix-051-for-binaries-.patch�-Backport patch from upstream, bsc#1194063 CVE-2021-4158
* Patches added:
acpi-validate-hotplug-selector-on-access.patch�- Enable modules for testsuite�* Patches added:
meson-build-all-modules-by-default.patch�- It's time to really start requiring -F when using -b in
qemu-img for us as well. Users/customers have been warned
in the relevant release notes (bsc#1190135)
* Patches dropped:
Revert-qemu-img-Improve-error-for-rebase.patch
Revert-qemu-img-Require-F-with-b-backing.patch�- Fix testsuite failures by not using modules when building tests
(and some other, also testsuite related, spec file problems)�- [JIRA] (SLE-20965) Make QEMU guests more failsafe when resizing
SCSI passthrough disks
* Patches added:
scsi-generic-replace-logical-block-count.patch�- Add an audio-oss sub-package�- Add some new (mostly documentation) files in the package�- Remove option --audio-drv-list because audio is detected by
meson automatically in latest version.�- Remove options --disable-jemalloc and --disable-tcmalloc
which are changed in v6.2.0.�- Update to v 6.2.0. For full release notese, see:
* https://wiki.qemu.org/ChangeLog/6.2.
Be sure to also check the following pages:
* https://qemu-project.gitlab.io/qemu/about/removed-features.html
* https://qemu-project.gitlab.io/qemu/about/deprecated.html
Some notable changes:
* virtio-mem: guest memory dumps are now fully supported, along
with pre-copy/post-copy migration and background guest snapshots
* QMP: support for nw DEVICE_UNPLUG_GUEST_ERROR to detect
guest-reported hotplug failures
* TCG: improvements to TCG plugin argument syntax, and multi-core
support for cache plugin
* 68k: improved support for Apple’s NuBus, including ability to
load declaration ROMs, and slot IRQ support
* ARM: macOS hosts with Apple Silicon CPUs now support ‘hvf’
accelerator for AArch64 guests
* ARM: emulation support for Fujitsu A64FX processor model
* ARM: emulation support for kudo-mbc machine type
* ARM: M-profile MVE extension is now supported for Cortex-M55
* ARM: ‘virt’ machine now supports an emulated ITS (Interrupt
Translation Service) and supports more than 123 CPUs in
emulation mode
* ARM: xlnx-zcu102 and xlnx-versal-virt machines now support
BBRAM and eFUSE devices
* PowerPC: improved POWER10 support for the ‘powernv’ machine type
* PowerPC: initial support for POWER10 DD2.0 CPU model
* PowerPC: support for FORM2 PAPR NUMA descriptions for ‘pseries’ machine type
* RISC-V: support for Zb[abcs] instruction set extensions
* RISC-V: support for vhost-user and numa mem options across all boards
* RISC-V: SiFive PWM support
* x86: support for new Snowridge-v4 CPU model
* x86: guest support for Intel SGX
* x86: AMD SEV guests now support measurement of kernel binary when doing
direct kernel boot (not using a bootloader)
* Patches dropped:
9pfs-fix-crash-in-v9fs_walk.patch
block-introduce-max_hw_iov-for-use-in-sc.patch
hmp-Unbreak-change-vnc.patch
hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
hw-i386-acpi-build-Deny-control-on-PCIe-.patch
i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
net-vmxnet3-validate-configuration-value.patch
pcie-rename-native-hotplug-to-x-native-h.patch
plugins-do-not-limit-exported-symbols-if.patch
plugins-execlog-removed-unintended-s-at-.patch
qemu-nbd-Change-default-cache-mode-to-wr.patch
qemu-sockets-fix-unix-socket-path-copy-a.patch
target-arm-Don-t-skip-M-profile-reset-en.patch
target-i386-add-missing-bits-to-CR4_RESE.patch
tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
uas-add-stream-number-sanity-checks.patch
vhost-vsock-fix-migration-issue-when-seq.patch
virtio-balloon-don-t-start-free-page-hin.patch
virtio-mem-pci-Fix-memory-leak-when-crea.patch
virtio-net-fix-use-after-unmap-free-for-.patch�- Reinstate Lin Ma's fixes for bsc#1192147 as they were
submitted only to IBS.
* Patches added:
hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
hw-i386-acpi-build-Deny-control-on-PCIe-.patch
pcie-rename-native-hotplug-to-x-native-h.patch�- Rename the Guest Agent service qemu-guest-agent, like in other
distros (and upstream). bsc#1185543�- disable QOM cast debug outside the testsuite as the corresponding
asserts show up occassionally as top #1 in perf(1) traces under
heavy virtio load
- enable LTO when we'd like to use LTO�* Patches added (bsc#1186256):
qemu-binfmt-conf.sh-allow-overriding-SUS.patch�- cross-i386-binutils and cross-i386-gcc are not needed and were
dropped from Factory - boo#1193424�- qemu: virtio-net: heap use-after-free in virtio_net_receive_rcu
(bsc#1189938 CVE-2021-3748)
solved by virtio-net-fix-use-after-unmap-free-for-.patch
- kvm,qemu: out-of-bounds write in UAS (USB Attached SCSI) device emulation
(bsc#1189702 CVE-2021-3713)
* Patches added:
uas-add-stream-number-sanity-checks.patch�- Stable fixes from upstream
* Patches added:
block-introduce-max_hw_iov-for-use-in-sc.patch
hmp-Unbreak-change-vnc.patch
qemu-nbd-Change-default-cache-mode-to-wr.patch
target-arm-Don-t-skip-M-profile-reset-en.patch
vhost-vsock-fix-migration-issue-when-seq.patch
virtio-mem-pci-Fix-memory-leak-when-crea.patch
virtio-net-fix-use-after-unmap-free-for-.patch�- Fix testsuite dependencies (bsc#1190573)
* Patches added:
modules-quick-fix-a-fundamental-error-in.patch�- Replace patch to fix hardcoded binfmt handler
(bsc#1186256)
* Patches dropped:
qemu-binfmt-conf.sh-allow-overriding-SUS.patch
* Patches added:
qemu-binfmt-conf.sh-should-use-F-as-shor.patch
- Stable fixes from upstream
* Patches added:
9pfs-fix-crash-in-v9fs_walk.patch
i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
plugins-do-not-limit-exported-symbols-if.patch
plugins-execlog-removed-unintended-s-at-.patch
qemu-sockets-fix-unix-socket-path-copy-a.patch
target-i386-add-missing-bits-to-CR4_RESE.patch
virtio-balloon-don-t-start-free-page-hin.patch�- Fix qemu build on ARMv7 (bsc#1190211)
* Patches added:
tcg-arm-Fix-tcg_out_vec_op-function-sign.patch�- Update supported file for ARM machines.�- Keep qemu-img without backing format still deprecated
(bsc#1190135)
* Patches added:
Revert-qemu-img-Improve-error-for-rebase.patch
Revert-qemu-img-Require-F-with-b-backing.patch
- Update the support files to reflect the deprecation.�- Update build dependencies versions: libgcrypt >= 1.8.0,
gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7�- Fix hardcoded binfmt handler doesn't play well with containers
(bsc#1186256)
* Patches added:
qemu-binfmt-conf.sh-allow-overriding-SUS.patch�- Update to v6.1: see https://wiki.qemu.org/ChangeLog/6.1
For a full list of formely deprecated features that are removed,
consult: https://qemu-project.gitlab.io/qemu/about/removed-features.html
For a list of new deprecated features, consult:
https://qemu-project.gitlab.io/qemu/about/deprecated.html
Some noteworthy changes:
* Removed moxie CPU.
* Removed lm32 CPU.
* Removed unicore32 CPU.
* Removed 'info cpustats'.
* Added Aspeed machines: rainier-bmc, quanta-q7l1-bmc.
* Added npcm7xx machine: quanta-gbs-bmc.
* Model for Aspeed's Hash and Crypto Engine.
* SVE2 is now emulated, including bfloat16 support
* FEAT_I8MM, FEAT_TLBIOS, FEAT_TLBRANGE, FEAT_BF16, FEAT_AA32BF16, and
FEAT_MTE3 are now emulated.
* Improved hot-unplug failures on PowerPC pseries machine.
* Implemented some POWER10 instructions in TCG.
* Added shakti_c RISC-V machine.
* Improved documentation for RISC-V machines.
* CPU models for gen16 have been added for s390x.
* New CPU model versions added with XSAVES enabled:
Skylake-Client-v4, Skylake-Server-v5, Cascadelake-Server-v5,
Cooperlake-v2, Icelake-Client-v3, Icelake-Server-v5, Denverton-v3,
Snowridge-v3, Dhyana-v2
* Added ACPI based PCI hotplug support to Q35 machine. Enabled and
used by default since pc-q35-6.1 machine type.
* Added support for the pca9546 and pca9548 I2C muxes.
* Added support for PMBus and several PMBus devices.
* Crypto subsystem:
The preferred crypto backend driver now gnutls, with libgcrypt as the
second choice, and nettle as third choice, with ordering driven mostly
by performance of the ciphers.
* Misc doc improvements.
* Patches removed:
block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch
hw-block-nvme-align-with-existing-style.patch
hw-block-nvme-consider-metadata-read-aio.patch
hw-net-can-sja1000-fix-buff2frame_bas-an.patch
hw-nvme-fix-missing-check-for-PMR-capabi.patch
hw-nvme-fix-pin-based-interrupt-behavior.patch
hw-pci-host-q35-Ignore-write-of-reserved.patch
hw-rdma-Fix-possible-mremap-overflow-in-.patch
hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
hw-usb-Do-not-build-USB-subsystem-if-not.patch
hw-usb-host-stub-Remove-unused-header.patch
linux-user-aarch64-Enable-hwcap-for-RND-.patch
module-for-virtio-gpu-pre-load-module-to.patch
monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
pvrdma-Ensure-correct-input-on-ring-init.patch
pvrdma-Fix-the-ring-init-error-flow-CVE-.patch
qemu-config-load-modules-when-instantiat.patch
qemu-config-parse-configuration-files-to.patch
qemu-config-use-qemu_opts_from_qdict.patch
runstate-Initialize-Error-to-NULL.patch
sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
target-i386-Exit-tb-after-wrmsr.patch
target-sh4-Return-error-if-CPUClass-get_.patch
tcg-Allocate-sufficient-storage-in-temp_.patch
tcg-arm-Fix-tcg_out_op-function-signatur.patch
tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch
ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
usb-hid-avoid-dynamic-stack-allocation.patch
usb-limit-combined-packets-to-1-MiB-CVE-.patch
usb-mtp-avoid-dynamic-stack-allocation.patch
usb-redir-avoid-dynamic-stack-allocation.patch
usbredir-fix-free-call.patch
vfio-ccw-Permit-missing-IRQs.patch
vhost-user-blk-Check-that-num-queues-is-.patch
vhost-user-blk-Don-t-reconnect-during-in.patch
vhost-user-blk-Fail-gracefully-on-too-la.patch
vhost-user-blk-Get-more-feature-flags-fr.patch
vhost-user-blk-Make-sure-to-set-Error-on.patch
vhost-user-gpu-abstract-vg_cleanup_mappi.patch
vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch
vhost-user-gpu-fix-leak-in-virgl_resourc.patch
vhost-user-gpu-fix-memory-disclosure-in-.patch
vhost-user-gpu-fix-memory-leak-in-vg_res.patch
vhost-user-gpu-fix-memory-leak-while-cal.patch
vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch
vhost-user-gpu-fix-resource-leak-in-vg_r.patch
vhost-vdpa-don-t-initialize-backend_feat.patch
virtio-blk-Fix-rollback-path-in-virtio_b.patch
virtio-Fail-if-iommu_platform-is-request.patch
virtiofsd-Fix-side-effect-in-assert.patch
vl-allow-not-specifying-size-in-m-when-u.patch
vl-Fix-an-assert-failure-in-error-path.patch
vl-plug-object-back-into-readconfig.patch
vl-plumb-keyval-based-options-into-readc.patch
x86-acpi-use-offset-instead-of-pointer-w.patch�- usb: unbounded stack allocation in usbredir
(bsc#1186012, CVE-2021-3527)
hw-usb-Do-not-build-USB-subsystem-if-not.patch
hw-usb-host-stub-Remove-unused-header.patch
usb-hid-avoid-dynamic-stack-allocation.patch
usb-limit-combined-packets-to-1-MiB-CVE-.patch
usb-mtp-avoid-dynamic-stack-allocation.patch�- usbredir: free call on invalid pointer in bufp_alloc
(bsc#1189145, CVE-2021-3682)
usbredir-fix-free-call.patch�- Add stable patches from upstream:
block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
hw-net-can-sja1000-fix-buff2frame_bas-an.patch
hw-pci-host-q35-Ignore-write-of-reserved.patch�- Disabled skiboot building for PowerPC due to the following issue:
https://github.com/open-power/skiboot/issues/265�- Fix possible mremap overflow in the pvrdma
(CVE-2021-3582, bsc#1187499)
hw-rdma-Fix-possible-mremap-overflow-in-.patch
- Ensure correct input on ring init
(CVE-2021-3607, bsc#1187539)
pvrdma-Ensure-correct-input-on-ring-init.patch
- Fix the ring init error flow
(CVE-2021-3608, bsc#1187538)
pvrdma-Fix-the-ring-init-error-flow-CVE-.patch�- Fix qemu-supportconfig network-manager verification�- Fix stable issues found in upstream:
hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch
hw-block-nvme-align-with-existing-style.patch
hw-nvme-fix-missing-check-for-PMR-capabi.patch
hw-nvme-fix-pin-based-interrupt-behavior.patch
linux-user-aarch64-Enable-hwcap-for-RND-.patch
qemu-config-load-modules-when-instantiat.patch
qemu-config-parse-configuration-files-to.patch
qemu-config-use-qemu_opts_from_qdict.patch
runstate-Initialize-Error-to-NULL.patch
target-i386-Exit-tb-after-wrmsr.patch
tcg-Allocate-sufficient-storage-in-temp_.patch
tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch
vhost-vdpa-don-t-initialize-backend_feat.patch
vl-allow-not-specifying-size-in-m-when-u.patch
vl-Fix-an-assert-failure-in-error-path.patch
vl-plug-object-back-into-readconfig.patch
vl-plumb-keyval-based-options-into-readc.patch
x86-acpi-use-offset-instead-of-pointer-w.patch�- Update qemu-supportconfig plugin�- Fix an update-alternative warning when removing qemu-skiboot package
bsc#1178678�- Use doc directive to build QEMU documentation�- Improve compatibility with gcc 11:
target-sh4-Return-error-if-CPUClass-get_.patch
tcg-arm-Fix-tcg_out_op-function-signatur.patch�- Enable zstd compression option to qcow2�- Fix out-of-bounds write in virgl_cmd_get_capset
CVE-2021-3546 bsc#1185981
vhost-user-gpu-abstract-vg_cleanup_mappi.patch
- Fix memory leaks found in the virtio vhost-user GPU device
CVE-2021-3544 bsc#1186010
vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch
vhost-user-gpu-fix-leak-in-virgl_resourc.patch
vhost-user-gpu-fix-memory-disclosure-in-.patch
vhost-user-gpu-fix-memory-leak-in-vg_res.patch
vhost-user-gpu-fix-memory-leak-while-cal.patch
vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch
- Fix information disclosure due to uninitialized memory read
CVE-2021-3545 bsc#1185990
vhost-user-gpu-fix-resource-leak-in-vg_r.patch�- disable sheepdog, it was dropped upstream (
https://gitlab.com/qemu-project/qemu/-/commit/09ec85176e4095be15f233ebc870d5680123f024)
and fails to build with gcc 11 on non-x86�- Fix CVE-2021-3527 in usb/redir:
usb-redir-avoid-dynamic-stack-allocation.patch
- Fix issues found upstream:
hw-block-nvme-consider-metadata-read-aio.patch
sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
vfio-ccw-Permit-missing-IRQs.patch
vhost-user-blk-Check-that-num-queues-is-.patch
vhost-user-blk-Don-t-reconnect-during-in.patch
vhost-user-blk-Fail-gracefully-on-too-la.patch
vhost-user-blk-Get-more-feature-flags-fr.patch
vhost-user-blk-Make-sure-to-set-Error-on.patch
virtio-blk-Fix-rollback-path-in-virtio_b.patch
virtio-Fail-if-iommu_platform-is-request.patch
virtiofsd-Fix-side-effect-in-assert.patch
monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch�- Brotli VLA error was already fixed in v5.2 but the patches wasn't
included in v6.0. This change fixed that
- Patches added:
brotli-fix-actual-variable-array-paramet.patch
hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch�- For the record, these issues are fixed in this package already.
Most are alternate references to previously mentioned issues:
(CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,
CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,
CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975)�- Update to v6.0: see https://wiki.qemu.org/ChangeLog/6.0
For a full list of formely deprecated features that are removed now,
consult: https://qemu-project.gitlab.io/qemu/system/removed-features.html.
For a list of new deprecated features, consult:
https://qemu-project.gitlab.io/qemu/system/deprecated.html
Some noteworthy changes:
* Removed tileGX CPU (linux-user mode).
* Removed ide-drive device (use ide-hd or ide-cd instead).
* Removed scsi-disk device (use scsi-hd or scsi-cd instead).
* Removed pc-1.0, pc-1.1, pc-1.2, and pc-1.3 machine types.
* Added emulation of Arm-v8.1M arch and Cortex-M55 CPU.
* Added boards mps3-an524 (Cortex-M33) and mps3-an547 (Cortex-M55).
* x86: Support for running SEV-ES encrypted guests; TCG can emulate
the PKS feature; WHPX accelerator supports accelerated APIC.
* ARM: ARMv8.4-TTST, ARMv8.4-SEL2, FEAT_SSBS, and ARMv8.4-DIT emulation
are now supported; Added ARMv8.5-MemTag extension is now supported formely
linux-user. Additional device emulation support for xlnx-zynqmp, xlnx-versal,
sbsa-ref, npcm7xx, and sabrelite board models.
* PowerPC: powernv now allows external BMC; pseries can send QAPI message
if it detects a memory hotplug failure; CPU unplug request can be retried.
* s390: TCG works with Linux kernels built with clang-11 and clang12.
* RISC-V: OpenSBI upgraded to v0.9; Support the QMP dump-guest-memory
command; Add support for the SiFive SPI controller (sifive_u); Add QSPI
NOR flash to Microchip PFSoC.
* Misc doc improvements.
* Multiprocess: Add experimental options to support out-of-process device
emulation.
* ACPI: support for assigning NICs to known names in guest OS independently of
PCI slot placement.
* NVMe: new emulation support for v1.4 spec with many new features, experimental
support for Zoned Namespaces, multipath I/O, and End-to-End Data Protection.
* Xen: New guest loader for testing of Xen-like hypervisors booting kernels.
* virtiofs: misc. security fixes and performance improvements.
* Tools: FUSE block exports to allow mounting any QEMU block device node
as a host file.
* Migration: query/info-migrate now display the migration blocker status and
the reasons for blocking.
* User-mode: Added support for the Qualcomm Hexagon processor.
* TCG: Added support for Apple Silicon hosts (macOS).
* QMP: backup jobs now support multiple asynchronous requests in parallel
* VNC: virtio-vga support for scaling resolution based on client window size
* Patches added:
doc-add-our-support-doc-to-the-main-proj.patch
* Patches removed:
9pfs-Fully-restart-unreclaim-loop-CVE-20.patch
audio-add-sanity-check.patch
block-Fix-deadlock-in-bdrv_co_yield_to_d.patch
block-Fix-locking-in-qmp_block_resize.patch
blockjob-Fix-crash-with-IOthread-when-bl.patch
block-nfs-fix-int-overflow-in-nfs_client.patch
block-rbd-fix-memory-leak-in-qemu_rbd_co.patch
block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch
block-Separate-blk_is_writable-and-blk_s.patch
block-Simplify-qmp_block_resize-error-pa.patch
brotli-fix-actual-variable-array-paramet.patch
build-no-pie-is-no-functional-linker-fla.patch
cadence_gem-switch-to-use-qemu_receive_p.patch
cpu-core-Fix-help-of-CPU-core-device-typ.patch
docs-add-SUSE-support-statements-to-html.patch
dp8393x-switch-to-use-qemu_receive_packe.patch
e1000-fail-early-for-evil-descriptor.patch
e1000-switch-to-use-qemu_receive_packet-.patch
hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch
hw-arm-virt-Disable-pl011-clock-migratio.patch
hw-block-fdc-Fix-fallback-property-on-sy.patch
hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
hw-isa-Kconfig-Add-missing-dependency-VI.patch
hw-isa-piix4-Migrate-Reset-Control-Regis.patch
hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch
hw-s390x-fix-build-for-virtio-9p-ccw.patch
hw-sd-sd-Actually-perform-the-erase-oper.patch
hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch
hw-sd-sdhci-Correctly-set-the-controller.patch
hw-sd-sdhci-Don-t-transfer-any-data-when.patch
hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch
hw-sd-sdhci-Limit-block-size-only-when-S.patch
hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch
hw-sd-sd-Move-the-sd_block_-read-write-a.patch
hw-sd-sd-Skip-write-protect-groups-check.patch
hw-timer-slavio_timer-Allow-64-bit-acces.patch
hw-virtio-pci-Added-AER-capability.patch
hw-virtio-pci-Added-counter-for-pcie-cap.patch
i386-acpi-restore-device-paths-for-pre-5.patch
iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch
lan9118-switch-to-use-qemu_receive_packe.patch
lsilogic-Use-PCIDevice-exit-instead-of-D.patch
Make-keycode-gen-output-reproducible-use.patch
memory-clamp-cached-translation-in-case-.patch
monitor-Fix-assertion-failure-on-shutdow.patch
mptsas-Remove-unused-MPTSASState-pending.patch
msf2-mac-switch-to-use-qemu_receive_pack.patch
net-Fix-handling-of-id-in-netdev_add-and.patch
net-introduce-qemu_receive_packet.patch
pcnet-switch-to-use-qemu_receive_packet-.patch
qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch
qemu-storage-daemon-Enable-object-add.patch
rtl8139-switch-to-use-qemu_receive_packe.patch
s390x-add-have_virtio_ccw.patch
s390x-css-report-errors-from-ccw_dstream.patch
s390x-Fix-stringop-truncation-issue-repo.patch
s390x-modularize-virtio-gpu-ccw.patch
s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch
s390x-pci-restore-missing-Query-PCI-Func.patch
spice-app-avoid-crash-when-core-spice-mo.patch
sungem-switch-to-use-qemu_receive_packet.patch
target-arm-Don-t-decode-insns-in-the-XSc.patch
target-arm-Fix-MTE0_ACTIVE.patch
target-arm-Introduce-PREDDESC-field-defi.patch
target-arm-Update-PFIRST-PNEXT-for-pred_.patch
target-arm-Update-REV-PUNPK-for-pred_des.patch
target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch
target-xtensa-fix-meson.build-rule-for-x.patch
tcg-Use-memset-for-large-vector-byte-rep.patch
tools-virtiofsd-Replace-the-word-whiteli.patch
tx_pkt-switch-to-use-qemu_receive_packet.patch
ui-vnc-Add-missing-lock-for-send_color_m.patch
update-linux-headers-Include-const.h.patch
Update-linux-headers-to-5.11-rc2.patch
util-fix-use-after-free-in-module_load_o.patch
vfio-ccw-Connect-the-device-request-noti.patch
vhost-user-blk-fix-blkcfg-num_queues-end.patch
viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch
virtiofsd-extract-lo_do_open-from-lo_ope.patch
virtiofsd-optionally-return-inode-pointe.patch
virtiofsd-prevent-opening-of-special-fil.patch
virtiofs-drop-remapped-security.capabili.patch
virtiofsd-Save-error-code-early-at-the-f.patch
virtio-move-use-disabled-flag-property-t.patch
virtio-pci-compat-page-aligned-ATS.patch
xen-block-Fix-removal-of-backend-instanc.patch�- Include upstream patch designated as stable material and reviewed
for applicability to include here
mptsas-Remove-unused-MPTSASState-pending.patch
- Clarify in support documents that cpu-add was removed in this
release from both the human monitor protocol (HMP) and QMP
interfaces�- 6.0.0 qemu is about to be released. Add comments to the in-
package support documents (supported..txt) about the new
deprecations as of that release as an early head's up for qemu
users. These deprecations include these command-line options:
- M option: kernel-irqchip=off
- chardev tty
- chardev paraport
- enable-fips
- writeconfig
- spice password=string�- Include upstream patches designated as stable material and
reviewed for applicability to include here. NOTE that the
PIIX4 patch has migration implications: the change will also be
applied to the SLE-15-SP2 qemu, and a live migration from that
version to this SLE-15-SP3 qemu would require this patch to be
applied for a successful migration if PIIX4 southbridge is used
in the machine emulation (x86 i440fx)
block-rbd-fix-memory-leak-in-qemu_rbd_co.patch
block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch
cpu-core-Fix-help-of-CPU-core-device-typ.patch
hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch
hw-block-fdc-Fix-fallback-property-on-sy.patch
hw-isa-Kconfig-Add-missing-dependency-VI.patch
hw-isa-piix4-Migrate-Reset-Control-Regis.patch
hw-virtio-pci-Added-AER-capability.patch
hw-virtio-pci-Added-counter-for-pcie-cap.patch
s390x-css-report-errors-from-ccw_dstream.patch
target-xtensa-fix-meson.build-rule-for-x.patch
util-fix-use-after-free-in-module_load_o.patch
virtio-pci-compat-page-aligned-ATS.patch�- Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a
module to what was accepted upstream (bsc#1181103)
* Patches dropped:
hw-s390x-modularize-virtio-gpu-ccw.patch
* Patches added:
s390x-add-have_virtio_ccw.patch
s390x-modularize-virtio-gpu-ccw.patch
s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch�- Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144,
CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282)
hw-sd-sd-Actually-perform-the-erase-oper.patch
hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch
hw-sd-sdhci-Correctly-set-the-controller.patch
hw-sd-sdhci-Don-t-transfer-any-data-when.patch
hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch
hw-sd-sdhci-Limit-block-size-only-when-S.patch
hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch
hw-sd-sd-Move-the-sd_block_-read-write-a.patch
hw-sd-sd-Skip-write-protect-groups-check.patch
- Fix potential privilege escalation in virtiofsd tool
(CVE-2021-20263, bsc#1183373)
tools-virtiofsd-Replace-the-word-whiteli.patch
viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch
virtiofsd-extract-lo_do_open-from-lo_ope.patch
virtiofsd-optionally-return-inode-pointe.patch
virtiofsd-prevent-opening-of-special-fil.patch
virtiofs-drop-remapped-security.capabili.patch
virtiofsd-Save-error-code-early-at-the-f.patch
- Fix OOB access (stack overflow) in rtl8139 NIC emulation
(CVE-2021-3416, bsc#1182968)
net-introduce-qemu_receive_packet.patch
rtl8139-switch-to-use-qemu_receive_packe.patch
- Fix OOB access (stack overflow) in other NIC emulations
(CVE-2021-3416)
cadence_gem-switch-to-use-qemu_receive_p.patch
dp8393x-switch-to-use-qemu_receive_packe.patch
e1000-switch-to-use-qemu_receive_packet-.patch
lan9118-switch-to-use-qemu_receive_packe.patch
msf2-mac-switch-to-use-qemu_receive_pack.patch
pcnet-switch-to-use-qemu_receive_packet-.patch
sungem-switch-to-use-qemu_receive_packet.patch
tx_pkt-switch-to-use-qemu_receive_packet.patch
- Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686)
memory-clamp-cached-translation-in-case-.patch
- Include upstream patches designated as stable material and
reviewed for applicability to include here
hw-arm-virt-Disable-pl011-clock-migratio.patch
xen-block-Fix-removal-of-backend-instanc.patch
- Fix package scripts to not use hard coded paths for temporary
working directories and log files (bsc#1182425)�- Fix s390x "mediated device is in use" error condition
(bsc#1183634)
update-linux-headers-Include-const.h.patch
Update-linux-headers-to-5.11-rc2.patch
vfio-ccw-Connect-the-device-request-noti.patch�- Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577)
e1000-fail-early-for-evil-descriptor.patch�- Fix incorrect guest data in s390x PCI passthrough (bsc#1183372)
s390x-pci-restore-missing-Query-PCI-Func.patch�- Include upstream patches designated as stable material and
reviewed for applicability to include here
lsilogic-Use-PCIDevice-exit-instead-of-D.patch
vhost-user-blk-fix-blkcfg-num_queues-end.patch
- Fix potential privilege escalation in virtfs (CVE-2021-20181
bsc#1182137)
9pfs-Fully-restart-unreclaim-loop-CVE-20.patch
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
net-vmxnet3-validate-configuration-value.patch�- Add #!ForceMultiversion to qemu.spec:
+ As the spec file defines different Version: fiels for various
subpackages, we must instruct OBS to not ever reset the
checkin-counter, as it would by defalut on a version increase.
Resetting the version counter results in sub-packages reusing
their VERSION-RELEASE from the past (e.g. qemu-ipxe is version
1.0.0+, and upon checkin of a new qemu version, RELEASE is
reset to 1.1, thus again producing
qemu-ipxe-1.0.0+-1.1.noarch.rpm.�- Fix GCC11 compiler issue in brotli (edk2) code (boo#1181922)
brotli-fix-actual-variable-array-paramet.patch
- Tweak a few submodule descriptions and summaries
- Fix a backward compatibility issue in ACPI data
i386-acpi-restore-device-paths-for-pre-5.patch�- Add patch from IBM to improve modularization situation on s390
where a new qemu module, hw-s390x-virtio-gpu-ccw.so, and a
corresponding new qemu-hw-s390x-virtio-gpu-ccw subpackage, is
split out (this parallels the hw-display-virtio-gpu-pci.so module).
Split-provides file is also used to track this functionality
splitout. Both the packages supplying the above mentioned modules
now have a Requires on the qemu-hw-display-virtio-gpu package. It
is anticipated that this change is going in upstream as well, and
if done differently the plan is to update to the upstream
implementation if possible (bsc#1181103)
hw-s390x-modularize-virtio-gpu-ccw.patch�- Added a few more usability improvements for our git packaging
workflow�- Fix issue of virtio-9p-ccw having been mistakenly dropped from
qemu (bsc#1182496)
hw-s390x-fix-build-for-virtio-9p-ccw.patch�- Tweaked some spec file details to be again compatible with quilt
setup using the spec file as input
- Remove BuildRequires that were added in anticipation of building
ovmf within this package. We have not taken that route�- Fix uninitialized variable in ipxe driver code (boo#1181922)
ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch
- Add a few improvements to the git-based package workflow scripts�- Include additional upstream patches designated as stable material
and reviewed for applicability to include here
blockjob-Fix-crash-with-IOthread-when-bl.patch
monitor-Fix-assertion-failure-on-shutdow.patch
qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch
qemu-storage-daemon-Enable-object-add.patch�- Switch the modules qemu-ui-display-gpu and qemu-ui-display-gpu-pci
from being an x86 only Recommends, to a Recommends for all arch's
except s390x (boo#1181350)
- Fix qemu-hw-usb-smartcard to not be a Recommends for s390x
- Minor spec file tweaks for compatibility with upcoming spec file
formatter�- Make note that this patch takes care of an OOB access in ARM
interrupt handling (CVE-2021-20221 bsc#1181933)
hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch�- Include upstream patches designated as stable material and
reviewed for applicability to include here
block-Separate-blk_is_writable-and-blk_s.patch
hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch
hw-timer-slavio_timer-Allow-64-bit-acces.patch
net-Fix-handling-of-id-in-netdev_add-and.patch
target-arm-Don-t-decode-insns-in-the-XSc.patch
target-arm-Fix-MTE0_ACTIVE.patch
target-arm-Introduce-PREDDESC-field-defi.patch
target-arm-Update-PFIRST-PNEXT-for-pred_.patch
target-arm-Update-REV-PUNPK-for-pred_des.patch
target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch
tcg-Use-memset-for-large-vector-byte-rep.patch
ui-vnc-Add-missing-lock-for-send_color_m.patch
virtio-move-use-disabled-flag-property-t.patch�- binutils v2.36 has changed the handling of the assembler's
- mx86-used-note, resulting in a build failure. To compensate, we
now explicitly specify -mx86-used-note=no in the seabios Makefile
(boo#1181775)
build-be-explicit-about-mx86-used-note-n.patch�- Additional tweaks to ensure libvirt runs ok when
qemu-hw-display-virtio-gpu package is not installed�- Use '%service_del_postun_without_restart' instead of
'%service_del_postun' to avoid "Failed to try-restart
qemu-ga@.service" error while updating the qemu-guest-agent.
(bsc#1178565)�- Fix two additional cases of qemu crashing due to qemu module
packages not being loaded.
qom-handle-case-of-chardev-spice-module-.patch
spice-app-avoid-crash-when-core-spice-mo.patch�- Fix issue of qemu crashing (abort called) when virtio-gpu device
is asked for and the qemu-hw-display-virtio-gpu package isn't
installed. (bsc#1181103)
module-for-virtio-gpu-pre-load-module-to.patch
- Add additional inter-module package dependencies, to reflect the
current module dependencies (see qemu source file: util/module.c)
- As of v3.1.0 virt-manager, new VM's are created by default with
audio/sound enabled, so it's time to reflect the need, at least
in the spice case, by having spice-audio available when spice in
general is used (boo#1180210 boo#1181132)
- Further refine package Recommends/Suggests based on architecture
- Remove no longer needed dependency on pwdutils (boo#1181235)�- Fix qemu-testsuite issue where white space processing gets
handled differently under bash 5.1 (boo#1181054)
iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch�- Convert qemu-kvm from a script to a symlink. Using qemu-kvm to
invoke the QEMU emulator has been deprecated for some time,
but is still provided. It has as it's ancient origins a version
of QEMU which had KVM acceleration enabled by default, and then
recently, until now, it is a shell script which execs the QEMU
emulator, adding '-machine accel=kvm' to the beginning of the
list of command line options passed to the emulator.
This method collides with the now preferred method of specifying
acceleration options by using -accel. qemu-kvm is now changed to
simply be a symlink to the same QEMU binary which the prior
script exec'd. This new approach takes advantage of a built-in
QEMU feature where if QEMU is invoked using a program name ending
in 'kvm', KVM emulation is enabled. This approach is better in
that it is more compatible with any other command line option
that may be added for describing acceleration.
For those who have modified qemu-kvm to add additional command
line options, or take other actions in the context of the script
you will now need to create an alternate script "emulator" to
achieve the same result. Note that it's possible there may be
some very subtle behavioral difference in the switch from a
script to a symlink, but given that qemu-kvm is a deprecated
package, we're not going to worry about that.�- Fix crash when spice used and the qemu-audio-spice package isn't
installed (boo#1180210)
audio-add-sanity-check.patch
- Add some stable patches from upstream
block-Fix-deadlock-in-bdrv_co_yield_to_d.patch
block-Fix-locking-in-qmp_block_resize.patch
block-nfs-fix-int-overflow-in-nfs_client.patch
block-Simplify-qmp_block_resize-error-pa.patch
build-no-pie-is-no-functional-linker-fla.patch�- Update to v5.2.0: See http://wiki.qemu.org/ChangeLog/5.2
Take note that ongoing feature deprecation is tracked at both
http://wiki.qemu-project.org/Features/LegacyRemoval and in
the deprecated.html file installed with the qemu package
Some noteworthy changes:
* Dropped system emulators: qemu-system-lm32, qemu-system-unicore32
* Dropped linux user emulator: qemu-ppc64abi32
* Added linux user emulator: qemu-extensaeb
* Unicore32 and lm32 guest support dropped
* New sub-packages (most due to ongoing modularization of QEMU):
qemu-audio-spice, qemu-hw-chardev-spice, qemu-hw-display-virtio-vga,
qemu-hw-display-virtio-gpu, qemu-hw-display-virtio-gpu-pci,
qemu-ui-spice-core, qemu-ui-opengl, qemu-ivshmem-tools
* x86: A new KVM feature which improves the handling of asynchronous page
faults is available with -cpu ...,kvm-async-pf-int (requires Linux 5.8)
* s390: More instructions emulated under TCG
* PowerPC: nvdimm= machine option now functions correctly; misc improvements
* ARM: new boards: mps2-an386 (Cortex-M4 based) and mps2-an500
(Cortex-M7 based), raspi3ap (the Pi 3 model A+), raspi0 (the Pi Zero)
and raspi1ap (the Pi A+)
* RISC-V: OpenSBI v0.8 included by default; Generic OpenSBI platform used
when no -bios argument is supplied; Support for NUMA sockets on Virt
and Spike Machines; Support for migrating machines; misc improvements
* Misc NVMe improvements
* The 'vhost-user-blk' export type has been added, allowing
qemu-storage-daemon to act as a vhost-user-blk device backend
* The SMBIOS OEM strings can now come from a file
* 9pfs - misc performance related improvements
* virtiofs - misc improvements
* migration: The default migration bandwidth has been increased to 1Gbps
(users are still encouraged to tune it to their own hardware); The new
'calc-dirty-rate' and 'query-dirty-rate' QMP commands can help determine
the likelihood of precopy migration success; TLS+multifd now supported
for higher bandwidth encrypted migration; misc minor features added
* Misc minor block features added
* Misc doc improvements
* qemu-microvm subpackage change: the bios-microvm.bin is now SeaBIOS based,
and the qboot based on is now qboot.rom
* elf2dmp is no longer part of qemu-tools (it was never intended to be
a packaged binary)
* Some subpackages which were 'Requires' are now 'Recommends', allowing for
a smaller qemu packaging footprint if needed
* Patches dropped (included in release tarball, unless otherwise noted):
docs-fix-trace-docs-build-with-sphinx-3..patch (fixed differently)
hw-hyperv-vmbus-Fix-32bit-compilation.patch
linux-user-properly-test-for-infinite-ti.patch
Switch-order-of-libraries-for-mpath-supp.patch (fixed differently)
Conditionalize-ui-bitmap-installation-be.patch (fixed differently)
hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch (no longer using gcc9)
hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch (no longer using gcc9)
roms-Makefile-enable-cross-compile-for-b.patch (fixed with different patch)
libvhost-user-handle-endianness-as-manda.patch
virtio-add-vhost-user-fs-ccw-device.patch
Fix-s-directive-argument-is-null-error.patch
build-Workaround-compilation-error-with-.patch
build-Be-explicit-about-fcommon-compiler.patch
intel-Avoid-spurious-compiler-warning-on.patch
golan-Add-explicit-type-casts-for-nodnic.patch
Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
ensure-headers-included-are-compatible-w.patch
Enable-cross-compile-prefix-for-C-compil.patch (fixed differently)
hw-net-net_tx_pkt-fix-assertion-failure-.patch
hw-net-xgmac-Fix-buffer-overflow-in-xgma.patch
s390x-protvirt-allow-to-IPL-secure-guest.patch
usb-fix-setup_len-init-CVE-2020-14364.patch
* Patches added:
meson-install-ivshmem-client-and-ivshmem.patch
Revert-roms-efirom-tests-uefi-test-tools.patch
Makefile-Don-t-check-pc-bios-as-pre-requ.patch
roms-Makefile-add-cross-file-to-qboot-me.patch
qboot-add-cross.ini-file-to-handle-aarch.patch
usb-Help-compiler-out-to-avoid-a-warning.patch
- In spec file, where reasonable, switch BuildRequires: XXX-devel
to be pkgconfig(XXX') instead
- No longer disable link time optimization for qemu for x86. It looks like
either the build service, qemu code changes and/or the switch to meson
have resolved issues previously seen there. We still see problems for
other architectures however.
- For the record, the following issues reported for SUSE SLE15-SP2
are either fixed in this current package, or are otherwise no longer
an issue: bsc#1172384 bsc#1174386 bsc#1174641 bsc#1174863 bsc#1175370
bsc#1175441 bsc#1176494 CVE-2020-13361 CVE-2020-14364 CVE-2020-15863
CVE-2020-16092 CVE-2020-24352
and the following feature requests are satisfied by this package:
jsc#SLE-13689 jsc#SEL-13780 jsc#SLE-13840
- To be more accurate, and to align with other qemu packaging
practices, rename the qemu-s390 package to qemu-s390x. The old
name (in the rpm namespace) is provided with a "Provides"
directive, and an "Obsoletes" done against that name for prior
qemu versions, as is standard practice (boo#1177764 jsc#SLE-17060)
- Take this opportunity to remove some ancient Split-Provides
mechanisms which can't conceivably be needed any more:
qemu-block-curl provided: qemu:%_libdir/%name/block-curl.so
qemu-guest-agent provided: qemu:%_bindir/qemu-ga
qemu-tools provided: qemu:%_libexecdir/qemu-bridge-helper�- Disable linux-user 'ls' test on 32 bit arm. It's failing with
"Allocating guest commpage: Cannot allocate memory" error, which
we should hunt down, but for now we don't want it to prevent the
package from being built�- Be more careful about what directives are used for qemu-testsuite�- Fix some spec file 'Requires' statements to be accurate to the
new model of relying on system-user-qemu and system-group-kvm to
provide the needed users and groups�- Added io_uring support.�- A patch has been applied to virt-manager to handle qemu spice
related modules not being present, so undo the change from Sep
30, 2020. Once again qemu-hw-display-qxl and qemu-hw-usb-redirect
are Recommends and not Required by the qemu package
(boo#1157320 boo#1176517, boo#1178141)
- For jsc#SLE-11629, change qemu, qemu-tools, and qemu-guest-agent
to rely on system-user-qemu and system-group-kvm to provide now
static system UIDs and GID's for qemu user and group, and kvm
group. This will make guest migration more seamless for new
installations since there is no chance of having required ID's
differ in value.�- Add virtio-fs support for s390x (jsc#SLE-13822)
libvhost-user-handle-endianness-as-manda.patch
virtio-add-vhost-user-fs-ccw-device.patch�- Note: As part of the "Close the Leap Gap" effort, it's been
decided that our SDL2 support in qemu is not worth trying
to maintain. Long ago SLE qemu stopped including SDL2 support and
now we will do the same for the openSUSE releases going forward.
Accordingly SDL2 options are now configured out, and the two sub-
packages which are SDL2 specific, namely qemu-audio-sdl and
qemu-ui-sdl, are no longer generated, and due to the rpm package
conflicts used for those packages, they will be uninstalled from
systems as qemu updates move forward
- Drop e2fsprogs-devel and libpcap-devel as BuildRequires packages.
They have not actually been needed to build qemu for a very long
time
- Add more forsplits files�- Create qemu-skiboot sub-package. Use update-alternatives mechanism
to coordinate with opal-firmware (provided with skiboot package set)
on the provider of the /usr/share/qemu/skiboot.lid firmware file.
qemu-skiboot uses a priority of 15, while opal-firmware uses a
priority of 10 (jsc#SLE-13240)�- Undo part of the split-provides recently done. We have to wait on
virt-manager to handle qemu modularization better before we make
qemu-hw-display-qxl and qemu-hw-usb-redirect non-required
(boo#1157320 boo#1176517)�- Fix spec file, where a conditional macro didn't have the correct
syntax (bsc#1176766)�- Change qemu-x86 packaging relationship with qemu-microvm from
Requires to Recommends�- In an effort to "Close the Leap Gap", remove use of is_opensuse
from the spec file, so that the same packages built for SLE can
be reused for Leap. Some sub-packages will not be included for
SLE which are included for Leap. They wil be provided in Package
Hub for SLE users as unsupported packages. (jsc#SLE-11660,
jsc#SLE-11661, jsc#SLE-11662, jsc#SLE-11691, jse#SLE-11692,
jsc#SLE-11894)�- Add infrastructure to do package splits when split-off package
isn't required and doesn't (otherwise) include any previously
installed files. This version of qemu has split out non-essential
functionality into loadable modules, as noted in Aug 20, 2020 log
entry, which describes the emergency Split-Provides. That approach
will be superseded by this planned approach, and those dummy doc
files will be removed in time
Here is the new mapping:
subpackage continuity file provided (files are dummies)
========== ============================================
qemu-chardev-baum /usr/share/qemu/forsplits/00
qemu-hw-display-qxl /usr/share/qemu/forsplits/01
qemu-hw-usb-redirect /usr/share/qemu/forsplits/02
qemu-hw-usb-smartcard /usr/share/qemu/forsplits/03�- Fix path of qemu-pr-helper. It was a mistake to move it from
%_bindir to _libexecdir. In more recent qemu code it's been moved
back, so undo this mistake by providing it at the same location
as it has been all along�- For SLE15-SP3, note that this update to v5.1.0 is a step towards
fulfilling jsc#SLE-13689, which asks for qemu v5.2.0 or higher�- Fix some shell syntax in update_git.sh, esp. an issue exposed by
the most recent patch added�- Fix OOB access while processing USB packets (CVE-2020-14364
bsc#1175441)
usb-fix-setup_len-init-CVE-2020-14364.patch
- Re-sync openSUSE and SUSE SLE qemu packages. This changes file
is the openSUSE one with this entry providing the intervening
SLE CVE, JIRA, and bugzilla references, which are still addressed
in this package, and not yet called out in this changes file.
* CVE-2020-1983 CVE-2020-10761 CVE-2020-13361 CVE-2020-13362
CVE-2020-13659 CVE-2020-13800
* bsc#1167816 bsc#1170940 boo#1171712 bsc#1172383 bsc#1172384
bsc#1172386 bsc#1172495 bsc#1172710
* Patches dropped (SLE) (included in current release tarball):
exec-set-map-length-to-zero-when-returni.patch
i386-acpi-Remove-_HID-from-the-SMBus-ACP.patch
megasas-use-unsigned-type-for-reply_queu.patch�- Fix compilation errors seen with pre-release gcc 11
qht-Revert-some-constification-in-qht.c.patch
Revert-qht-constify-qht_statistics_init.patch
help-compiler-out-by-initializing-array.patch
s390x-Fix-stringop-truncation-issue-repo.patch
- Add Split-Provides mechanism, using doc files which were moved
in v5.1.0. This allows for the new subpackages to be selected for
install when the v5.0.0 qemu is updated. These new subpackages are
not marked as "Required" by any packages, in an effort to reduce
the dependencies of the core qemu components (boo#1175320)
v5.0.0 qemu file mapping is provided as follows:
subpackage continuity file provided (files are dummies)
========== ============================================
qemu-chardev-baum /usr/share/doc/packages/qemu/qemu-ga-ref.html
qemu-hw-display-qxl /usr/share/doc/packages/qemu/qemu-ga-ref.txt
qemu-hw-usb-redirect /usr/share/doc/packages/qemu/qemu-qmp-ref.html
qemu-hw-usb-smartcard /usr/share/doc/packages/qemu/qemu-qmp-ref.txt�- Fix wrong usage of %{_libexecdir} for systemd owned paths below
%{_prefix}/lib.�- Update to v5.1.0: See http://wiki.qemu.org/ChangeLog/5.1
Take note that ongoing feature deprecation is tracked at both
http://wiki.qemu-project.org/Features/LegacyRemoval and in
the deprecated.html file installed with the qemu package
Some noteworthy changes:
* s390: Protected virtualization (secure execute) is fully merged
upstream
* s390: vfio-ccw devices no longer require setting the allow
prefetch bit in the ORB, but is still dependent on host kernel
support
* s390: vfio-ccw now has basic support for relaying path state
changes to the guest
* PowerPC: pseries: NVDIMMs require label-size property
* PowerPC: pseries: POWER10 support
* PowerPC: added interface to inject POWER style NMIs
* ARM: new board: sonorapass-bmc
* ARM: new emulated features: ARMv8.2-TTSUXN, ARMv8.5-MemTag
* ARM: Raspberry Pi boards now support a USB controller
* ARM: virt board now supports hot-remove memory
* RISC-V lots of improvements
* qemu-img resize now requires -shrink to shrinking raw images
* The mem parameter of the -numa option is no longer recognized
starting with 5.1 machine types - instead use the memdev parameter
* The ACPI WAET table is now exposed to guests
* The max blocksize for virtual storage device is now 2 MiB
* NVMe improvements
* Crypto subsystem improvements
* Block backends and tools: Numerous improvements and fixes
* Firmware updates: SeaBIOS (essentially v1.14.0), OpenBIOS, SLOF
(20200717), OpenSBI (v0.7)
* Patches dropped (upstream unless otherwise noted):
ati-vga-check-mm_index-before-recursive-.patch
audio-fix-wavcapture-segfault.patch
es1370-check-total-frame-count-against-c.patch
exec-set-map-length-to-zero-when-returni.patch
gcc10-maybe-uninitialized.patch
hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch
megasas-use-unsigned-type-for-reply_queu.patch
nbd-server-Avoid-long-error-message-asse.patch
ppc-spapr_caps-Don-t-disable-cap_cfpc-on.patch
s390x-Add-SIDA-memory-ops.patch
s390x-Add-unpack-facility-feature-to-GA1.patch
s390x-Move-diagnose-308-subcodes-and-rcs.patch
s390x-protvirt-Add-migration-blocker.patch
s390x-protvirt-Disable-address-checks-fo.patch
s390x-protvirt-Handle-SIGP-store-status-.patch
s390x-protvirt-Inhibit-balloon-when-swit.patch
s390x-protvirt-KVM-intercept-changes.patch
s390x-protvirt-Move-diag-308-data-over-S.patch
s390x-protvirt-Move-IO-control-structure.patch
s390x-protvirt-Move-STSI-data-over-SIDAD.patch
s390x-protvirt-SCLP-interpretation.patch
s390x-protvirt-Set-guest-IPL-PSW.patch
s390x-protvirt-Support-unpack-facility.patch
s390x-s390-virtio-ccw-Fix-build-on-syste.patch
Sync-pv.patch
tests-Disable-some-block-tests-for-now.patch (no longer needed)
vga-fix-cirrus-bios.patch
virtiofsd-add-rlimit-nofile-NUM-option.patch
virtiofsd-stay-below-fs.file-max-sysctl-.patch
* Patches renamed:
build-Do-not-apply-WORKAROUND_CFLAGS-for.patch
- > Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
build-Fix-s-directive-argument-is-null-e.patch
- > Fix-s-directive-argument-is-null-error.patch
* Patches added:
hw-hyperv-vmbus-Fix-32bit-compilation.patch
- New subpackages, due to modularization: qemu-chardev-baum,
qemu-hw-display-qxl, qemu-hw-usb-redirect, qemu-hw-usb-smartcard
- Configure to use "system" libslirp and libdaxctl (libnvdimm)
when available�- Don't disable cap_cfpc on POWER8 by default (bsc#1174374)
ppc-spapr_caps-Don-t-disable-cap_cfpc-on.patch�- Updating to Sphinx v3.1.2 in Factory is exposing an issue in
qemu doc sources. Fix it
docs-fix-trace-docs-build-with-sphinx-3..patch�- Fix DoS possibility in ati-vga emulation (CVE-2020-13800
bsc#1172495)
ati-vga-check-mm_index-before-recursive-.patch
- Fix DoS possibility in Network Block Device (nbd) support
infrastructure (CVE-2020-10761 bsc#1172710)
nbd-server-Avoid-long-error-message-asse.patch
- Fix null pointer dereference possibility (DoS) in MegaRAID SAS
8708EM2 emulation (CVE-2020-13659 bsc#1172386)
exec-set-map-length-to-zero-when-returni.patch
- Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation
(CVE-2020-13362 bsc#1172383)
megasas-use-unsigned-type-for-reply_queu.patch
- Fix legacy IGD passthrough
hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch�- The latest gcc10 available in Factory has the fix for the
issue this patch was created to avoid, so drop it
build-Work-around-gcc10-bug-by-not-using.patch�- Switch to upstream versions of some patches we carry
add-enum-cast-to-avoid-gcc10-warning.patch
- > golan-Add-explicit-type-casts-for-nodnic.patch
Be-explicit-about-fcommon-compiler-direc.patch
- > build-Be-explicit-about-fcommon-compiler.patch
Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
- > build-Do-not-apply-WORKAROUND_CFLAGS-for.patch
Fix-s-directive-argument-is-null-error.patch
- > build-Fix-s-directive-argument-is-null-e.patch
Workaround-compilation-error-with-gcc-9..patch
- > build-Workaround-compilation-error-with-.patch
work-around-gcc10-problem-with-zero-leng.patch
- > intel-Avoid-spurious-compiler-warning-on.patch
- Fix vgabios issue for cirrus graphics emulation, which
effectively downgraded it to standard VGA behavior
vga-fix-cirrus-bios.patch�- Fix OOB access possibility in ES1370 audio device emulation
(CVE-2020-13361 bsc#1172384)
es1370-check-total-frame-count-against-c.patch�- Work around gcc 10 bug (boo#1172411)
build-Work-around-gcc10-bug-by-not-using.patch�- Now that gcc10 compatibility is figured out, remove NO_WERROR=1
again from ipxe make.�- Fix segfault when doing HMP wavcapture (boo#1171712)
audio-fix-wavcapture-segfault.patch�- Fix DoS in virtiofsd, where a FUSE client could exhaust the
number of available open files on the host (CVE-2020-10717
bsc#1171110)
virtiofsd-add-rlimit-nofile-NUM-option.patch
virtiofsd-stay-below-fs.file-max-sysctl-.patch�- Add more fixes for gcc10 compatibility: Use NO_WERROR=1 when
building ipxe sources, at least until we get gcc10 compatibility
figured out. Also add patch for explicitly using -fcommon
(boo#1171140)
Be-explicit-about-fcommon-compiler-direc.patch
and fix for tighter enum compatibility checking (boo#1171139)
add-enum-cast-to-avoid-gcc10-warning.patch
and a work around for what seems to be a compiler regression
(boo#1171123)
work-around-gcc10-problem-with-zero-leng.patch�- Update to v5.0.0: See http://wiki.qemu.org/ChangeLog/5.0
Take note that ongoing feature deprecation is tracked at both
http://wiki.qemu-project.org/Features/LegacyRemoval and in
the deprecated.html file installed with the qemu package
Some noteworthy changes:
* x86: EPYC-Rome vcpu model
* x86: vcpu model fixes for EPYC, Denverton, and Icelake-Server
* s390: (as previously mentioned) Protected Virtualization support:
start and control guest in secure mode (bsc#1167075 jsc#SLE-7407)
* s390: support for Adapter Interrupt Suppression while running in
KVM mode
* PowerPC: pseries: NVDIMMs with file backend supported
* PowerPC: powernv: KVM guests now runnable under TCG emulation
* PowerPC: powernv: Basic POWER10 support
* ARM: new boards: tacoma-bmc, Netduindo Plus 2, Orangepi PC
* ARM: 'virt' machine now supports vTPM and virtio-iommu devices
* ARM:Cortex-M7 CPU support
* ARM: Lots of architecture features now emulated
* ARM: TPM supported
* ARM: Timekeeping improvements
* ARM: LOTS more - refer to upstream changelog
* virtio-iommu
* VNC compatibility with noVNC improved
* Support for using memory backends for main/"built-in" guest RAM
* hostmem backends can now specify prealloc thread count
* Better Azure compatibility of VHD images
* Ceph namespaces supported
* Compress block filter driver can create compressed backup images
* virtiofsd availble for host filesystem passthrough
* Improved html based documentation is provided with this release
* Live migration support for external processes running on QEMU D-Bus
* Patches dropped (upstream unless otherwise noted):
i386-Add-MSR-feature-bit-for-MDS-NO.patch
i386-Add-macro-for-stibp.patch
i386-Add-new-CPU-model-Cooperlake.patch
arm-arm-powerctl-set-NSACR.-CP11-CP10-bi.patch
iotests-Skip-test-060-if-it-is-not-possi.patch
iotests-Skip-test-079-if-it-is-not-possi.patch
Revert-qemu-options.hx-Update-for-reboot.patch
iotests-Provide-a-function-for-checking-.patch
Fix-double-free-issue-in-qemu_set_log_fi.patch
iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch
virtio-blk-fix-out-of-bounds-access-to-b.patch
block-Activate-recursively-even-for-alre.patch
i386-Resolve-CPU-models-to-v1-by-default.patch
numa-properly-check-if-numa-is-supported.patch
vhost-user-gpu-Drop-trailing-json-comma.patch
display-bochs-display-fix-memory-leak.patch
hw-arm-smmuv3-Apply-address-mask-to-line.patch
hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MAS.patch
hw-arm-smmuv3-Check-stream-IDs-against-a.patch
hw-arm-smmuv3-Align-stream-table-base-ad.patch
hw-arm-smmuv3-Use-correct-bit-positions-.patch
hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch
block-Add-bdrv_qapi_perm_to_blk_perm.patch
blkdebug-Allow-taking-unsharing-permissi.patch
virtio-add-ability-to-delete-vq-through-.patch
virtio-update-queue-size-on-guest-write.patch
virtio-don-t-enable-notifications-during.patch
numa-Extend-CLI-to-provide-initiator-inf.patch
numa-Extend-CLI-to-provide-memory-latenc.patch
numa-Extend-CLI-to-provide-memory-side-c.patch
hmat-acpi-Build-Memory-Proximity-Domain-.patch
hmat-acpi-Build-System-Locality-Latency-.patch
hmat-acpi-Build-Memory-Side-Cache-Inform.patch
tests-numa-Add-case-for-QMP-build-HMAT.patch
qcow2-bitmaps-fix-qcow2_can_store_new_di.patch
backup-top-Begin-drain-earlier.patch
virtio-mmio-update-queue-size-on-guest-w.patch
virtio-net-delete-also-control-queue-whe.patch
intel_iommu-a-fix-to-vtd_find_as_from_bu.patch
target-i386-Add-new-bit-definitions-of-M.patch
target-i386-Add-missed-features-to-Coope.patch
hw-i386-pc-fix-regression-in-parsing-vga.patch
migration-test-ppc64-fix-FORTH-test-prog.patch
target-arm-Return-correct-IL-bit-in-merg.patch
target-arm-Set-ISSIs16Bit-in-make_issinf.patch
runstate-ignore-finishmigrate-prelaunch-.patch
migration-Rate-limit-inside-host-pages.patch
m68k-Fix-regression-causing-Single-Step-.patch
Revert-vnc-allow-fall-back-to-RAW-encodi.patch
vnc-prioritize-ZRLE-compression-over-ZLI.patch
target-i386-kvm-initialize-feature-MSRs-.patch
s390x-adapter-routes-error-handling.patch
iscsi-Cap-block-count-from-GET-LBA-STATU.patch
block-backup-fix-memory-leak-in-bdrv_bac.patch
tpm-ppi-page-align-PPI-RAM.patch
hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch
target-arm-fix-TCG-leak-for-fcvt-half-do.patch
block-fix-memleaks-in-bdrv_refresh_filen.patch
block-backup-top-fix-failure-path.patch
iotests-add-test-for-backup-top-failure-.patch
audio-oss-fix-buffer-pos-calculation.patch
target-arm-monitor-query-cpu-model-expan.patch
block-fix-crash-on-zero-length-unaligned.patch
block-Fix-VM-size-field-width-in-snapsho.patch
target-arm-Correct-definition-of-PMCRDP.patch
block-nbd-extract-the-common-cleanup-cod.patch
block-nbd-fix-memory-leak-in-nbd_open.patch
virtio-crypto-do-delete-ctrl_vq-in-virti.patch
virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch
vhost-user-blk-delete-virtioqueues-in-un.patch
hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch
pc-bios-s390x-Save-iplb-location-in-lowc.patch
iotests-Fix-nonportable-use-of-od-endian.patch
block-qcow2-threads-fix-qcow2_decompress.patch
job-refactor-progress-to-separate-object.patch
block-block-copy-fix-progress-calculatio.patch
block-io-fix-bdrv_co_do_copy_on_readv.patch
scsi-qemu-pr-helper-Fix-out-of-bounds-ac.patch
target-ppc-Fix-rlwinm-on-ppc64.patch
compat-disable-edid-on-correct-virtio-gp.patch
ppc-ppc405_boards-Remove-unnecessary-NUL.patch
block-Avoid-memleak-on-qcow2-image-info-.patch
block-bdrv_set_backing_bs-fix-use-after-.patch
hmp-vnc-Fix-info-vnc-list-leak.patch
migration-colo-fix-use-after-free-of-loc.patch
migration-ram-fix-use-after-free-of-loca.patch
qcow2-List-autoclear-bit-names-in-header.patch
sheepdog-Consistently-set-bdrv_has_zero_.patch
target-arm-Fix-PAuth-sbox-functions.patch
tcg-i386-Fix-INDEX_op_dup2_vec.patch
net-tulip-check-frame-size-and-r-w-data-.patch
target-i386-do-not-set-unsupported-VMX-s.patch
spapr-Fix-failure-path-for-attempting-to.patch
ati-vga-Fix-checks-in-ati_2d_blt-to-avoi.patch
xen-block-Fix-double-qlist-remove-and-re.patch
vpc-Don-t-round-up-already-aligned-BAT-s.patch
target-xtensa-fix-pasto-in-pfwait.r-opco.patch
aio-wait-delegate-polling-of-main-AioCon.patch
async-use-explicit-memory-barriers.patch
tcg-mips-mips-sync-encode-error.patch
vhost-user-gpu-Release-memory-returned-b.patch
vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch (no pc-0.15)
hw-i386-disable-smbus-migration-for-xenf.patch
s390x-Don-t-do-a-normal-reset-on-the-ini.patch
s390x-Move-reset-normal-to-shared-reset-.patch
s390x-Move-initial-reset.patch
s390x-Move-clear-reset.patch
s390x-kvm-Make-kvm_sclp_service_call-voi.patch
s390x-ipl-Consolidate-iplb-validity-chec.patch
s390x-Beautify-diag308-handling.patch
s390x-Add-missing-vcpu-reset-functions.patch
s390-sclp-improve-special-wait-psw-logic.patch
vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch
util-add-slirp_fmt-helpers.patch
slirp-use-correct-size-while-emulating-I.patch
tcp_emu-Fix-oob-access.patch
slirp-use-correct-size-while-emulating-c.patch
tcp_emu-fix-unsafe-snprintf-usages.patch
- For SLE builds, leverage the html documentation by adding a link
to the SUSE specific support documentation (the *.txt support doc
was slightly tweaked to be acceptable as reStructuredText for
conversion to html)
docs-add-SUSE-support-statements-to-html.patch�-Fix potential DoS in ATI VGA emulation (CVE-2020-11869
bsc#1170537)
ati-vga-Fix-checks-in-ati_2d_blt-to-avoi.patch�- Minor tweaks to patches and support doc�- Add gcc10-maybe-uninitialized.patch in order to fix
boo#1169728.�- Include upstream patches targeted for the next stable release
(bug fixes only)
spapr-Fix-failure-path-for-attempting-to.patch
target-i386-do-not-set-unsupported-VMX-s.patch
target-xtensa-fix-pasto-in-pfwait.r-opco.patch
tcg-i386-Fix-INDEX_op_dup2_vec.patch
tcg-mips-mips-sync-encode-error.patch
vhost-user-gpu-Release-memory-returned-b.patch
vpc-Don-t-round-up-already-aligned-BAT-s.patch
xen-block-Fix-double-qlist-remove-and-re.patch
- Fix bug causing weak encryption in PAuth for ARM
(CVE-2020-10702 bsc#1168681)
target-arm-Fix-PAuth-sbox-functions.patch
- Fix OOB in tulip NIC emulation (CVE-2020-11102 bsc#1168713
net-tulip-check-frame-size-and-r-w-data-.patch
- Note that previously included patch addresses CVE-2020-1711
and bsc#1166240
iscsi-Cap-block-count-from-GET-LBA-STATU.patch
- Include performance improvement (and related?) patch
aio-wait-delegate-polling-of-main-AioCon.patch
async-use-explicit-memory-barriers.patch
- Rework previous patch at Olaf H.'s direction
hw-i386-disable-smbus-migration-for-xenf.patch
- Eliminate is_opensuse usage in producing seabios version string
what we are doing here is just replacing the upstream string
with one indicating that the openSUSE build service built it,
and so just leave it as "-rebuilt.opensuse.org"
- Alter algorithm used to produce "unique" symbol for coordinating
qemu with the optional modules it may load. This is a reasonable
relaxation for broader compatibility
configure-remove-pkgversion-from-CONFIG_.patch
- Tweak supported.*.txt for latest deprecations, and other fixes
- Tweak update_git.sh, config.sh�- One more fix is needed for: s390x Protected Virtualization support
- start and control guest in secure mode (bsc#1167075 jsc#SLE-7407)
s390x-s390-virtio-ccw-Fix-build-on-syste.patch�- Include upstream patches targeted for the next stable release
(bug fixes only)
block-Avoid-memleak-on-qcow2-image-info-.patch
block-bdrv_set_backing_bs-fix-use-after-.patch
hmp-vnc-Fix-info-vnc-list-leak.patch
migration-colo-fix-use-after-free-of-loc.patch
migration-ram-fix-use-after-free-of-loca.patch
ppc-ppc405_boards-Remove-unnecessary-NUL.patch
qcow2-List-autoclear-bit-names-in-header.patch
scsi-qemu-pr-helper-Fix-out-of-bounds-ac.patch
sheepdog-Consistently-set-bdrv_has_zero_.patch�- Note The previous set of s390x patches also includes the fix for:
bsc#1167445�- Include upstream patches targeted for the next stable release
(bug fixes only)
block-io-fix-bdrv_co_do_copy_on_readv.patch
compat-disable-edid-on-correct-virtio-gp.patch
target-ppc-Fix-rlwinm-on-ppc64.patch
vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch
- s390x Protected Virtualization support - start and control guest
in secure mode. (note: binary patch from patch series dropped since
for s390x we rebuild the patched binary anyways) (bsc#1167075
jsc#SLE-7407)
s390-sclp-improve-special-wait-psw-logic.patch
s390x-Add-missing-vcpu-reset-functions.patch
s390x-Add-SIDA-memory-ops.patch
s390x-Add-unpack-facility-feature-to-GA1.patch
s390x-Beautify-diag308-handling.patch
s390x-Don-t-do-a-normal-reset-on-the-ini.patch
s390x-ipl-Consolidate-iplb-validity-chec.patch
s390x-kvm-Make-kvm_sclp_service_call-voi.patch
s390x-Move-clear-reset.patch
s390x-Move-diagnose-308-subcodes-and-rcs.patch
s390x-Move-initial-reset.patch
s390x-Move-reset-normal-to-shared-reset-.patch
s390x-protvirt-Add-migration-blocker.patch
s390x-protvirt-Disable-address-checks-fo.patch
s390x-protvirt-Handle-SIGP-store-status-.patch
s390x-protvirt-Inhibit-balloon-when-swit.patch
s390x-protvirt-KVM-intercept-changes.patch
s390x-protvirt-Move-diag-308-data-over-S.patch
s390x-protvirt-Move-IO-control-structure.patch
s390x-protvirt-Move-STSI-data-over-SIDAD.patch
s390x-protvirt-SCLP-interpretation.patch
s390x-protvirt-Set-guest-IPL-PSW.patch
s390x-protvirt-Support-unpack-facility.patch
Sync-pv.patch�- Fix the issue that s390x could not read IPL channel program when using
dasd as boot device (bsc#1163140)
pc-bios-s390x-Save-iplb-location-in-lowc.patch�- Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018
bsc#1161066 CVE-2020-7039)
slirp-use-correct-size-while-emulating-c.patch
slirp-use-correct-size-while-emulating-I.patch
tcp_emu-Fix-oob-access.patch
tcp_emu-fix-unsafe-snprintf-usages.patch
util-add-slirp_fmt-helpers.patch
- Replace this patch with upstream version
target-arm-monitor-query-cpu-model-expan.patch�- Include upstream patches targeted for the next stable release
(bug fixes only)
audio-oss-fix-buffer-pos-calculation.patch
blkdebug-Allow-taking-unsharing-permissi.patch
block-Add-bdrv_qapi_perm_to_blk_perm.patch
block-backup-top-fix-failure-path.patch
block-block-copy-fix-progress-calculatio.patch
block-fix-crash-on-zero-length-unaligned.patch
block-fix-memleaks-in-bdrv_refresh_filen.patch
block-Fix-VM-size-field-width-in-snapsho.patch
block-nbd-extract-the-common-cleanup-cod.patch
block-nbd-fix-memory-leak-in-nbd_open.patch
block-qcow2-threads-fix-qcow2_decompress.patch
hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch
hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch
iotests-add-test-for-backup-top-failure-.patch
iotests-Fix-nonportable-use-of-od-endian.patch
job-refactor-progress-to-separate-object.patch
target-arm-Correct-definition-of-PMCRDP.patch
target-arm-fix-TCG-leak-for-fcvt-half-do.patch
tpm-ppi-page-align-PPI-RAM.patch
vhost-user-blk-delete-virtioqueues-in-un.patch
virtio-add-ability-to-delete-vq-through-.patch
virtio-crypto-do-delete-ctrl_vq-in-virti.patch
virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch�- Add Obsoletes directive for qemu-audio-sdl and qemu-ui-sdl since
for a qemu package upgrade from SLE12-SP5, support for SDL is
dropped�- Fix xenfv migration from xen host with pre-v4.0 qemu. We had
previously dropped a similar patch, but have decided that for now
we need to go with this type of solution (bsc#1159755)
hw-i386-disable-smbus-migration-for-xenf.patch�- Avoid query-cpu-model-expansion crashed qemu when using
machine type none, patch is queued in upstream now, will
update commit id later (bsc#1159443)
target-arm-monitor-query-cpu-model-expan.patch�- BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow
OBS to shortcut through -mini flavors.�- Stop using system membarriers (ie switch from --enable-membarrier
to --disable-membarrier). This is a blocker for using qemu in the
context of containers (boo#1130134 jsc#SLE-11089)
- Drop this recently added patch - in consultation with upstream it
was decided it needed to be solved a different way (bsc#1159755)
hw-i386-disable-smbus-migration-for-xenf.patch
- Include upstream patches targeted for the next stable release
(bug fixes only)
block-backup-fix-memory-leak-in-bdrv_bac.patch
iscsi-Cap-block-count-from-GET-LBA-STATU.patch
s390x-adapter-routes-error-handling.patch
target-i386-kvm-initialize-feature-MSRs-.patch�- Include upstream patches targeted for the next stable release
(bug fixes only)
hw-i386-pc-fix-regression-in-parsing-vga.patch
m68k-Fix-regression-causing-Single-Step-.patch
migration-Rate-limit-inside-host-pages.patch
migration-test-ppc64-fix-FORTH-test-prog.patch
Revert-vnc-allow-fall-back-to-RAW-encodi.patch
runstate-ignore-finishmigrate-prelaunch-.patch
target-arm-Return-correct-IL-bit-in-merg.patch
target-arm-Set-ISSIs16Bit-in-make_issinf.patch
vnc-prioritize-ZRLE-compression-over-ZLI.patch�- BuildRequire pkconfig(systemd) instead of systemd: allow OBS to
shortcut through the -mini flavors.
- Use systemd_ordering in place of systemd_requires: systemd is
never a strict requirement for qemu; but when installing qemu on
a systemd-managed system, we want system to be present first.�- Fix xenfv migration from xen host with pre-v4.0 qemu (bsc#1159755)
hw-i386-disable-smbus-migration-for-xenf.patch�- Create files within bundles.tar.xz with fixed timestamp and uid�- Add a %bcond_without system_membarrier along with related
processing to the spec file, to better investigate running QEMU
with the --disable-membarrier configure option�- Include upstream patches targeted for the next stable release
(bug fixes only)
arm-arm-powerctl-set-NSACR.-CP11-CP10-bi.patch
backup-top-Begin-drain-earlier.patch
block-Activate-recursively-even-for-alre.patch
display-bochs-display-fix-memory-leak.patch
Fix-double-free-issue-in-qemu_set_log_fi.patch
hw-arm-smmuv3-Align-stream-table-base-ad.patch
hw-arm-smmuv3-Apply-address-mask-to-line.patch
hw-arm-smmuv3-Check-stream-IDs-against-a.patch
hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MAS.patch
hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch
hw-arm-smmuv3-Use-correct-bit-positions-.patch
i386-Resolve-CPU-models-to-v1-by-default.patch
intel_iommu-a-fix-to-vtd_find_as_from_bu.patch
iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch
iotests-Provide-a-function-for-checking-.patch
iotests-Skip-test-060-if-it-is-not-possi.patch
iotests-Skip-test-079-if-it-is-not-possi.patch
numa-properly-check-if-numa-is-supported.patch
qcow2-bitmaps-fix-qcow2_can_store_new_di.patch
Revert-qemu-options.hx-Update-for-reboot.patch
vhost-user-gpu-Drop-trailing-json-comma.patch
virtio-blk-fix-out-of-bounds-access-to-b.patch
virtio-mmio-update-queue-size-on-guest-w.patch
virtio-net-delete-also-control-queue-whe.patch
virtio-update-queue-size-on-guest-write.patch
- Include performance improvement
virtio-don-t-enable-notifications-during.patch
- Repair incorrect packaging references to Jira tracked features�- Add Cooperlake vcpu model (jsc#SLE-7923)
i386-Add-MSR-feature-bit-for-MDS-NO.patch
i386-Add-macro-for-stibp.patch
i386-Add-new-CPU-model-Cooperlake.patch
target-i386-Add-new-bit-definitions-of-M.patch
target-i386-Add-missed-features-to-Coope.patch
- Add HMAT support (jsc#SLE-8897) (the test case for this series
isn't included because we aren't set up to handle binary patches)
numa-Extend-CLI-to-provide-initiator-inf.patch
numa-Extend-CLI-to-provide-memory-latenc.patch
numa-Extend-CLI-to-provide-memory-side-c.patch
hmat-acpi-Build-Memory-Proximity-Domain-.patch
hmat-acpi-Build-System-Locality-Latency-.patch
hmat-acpi-Build-Memory-Side-Cache-Inform.patch
tests-numa-Add-case-for-QMP-build-HMAT.patch�- Update to v4.2.0: See http://wiki.qemu.org/ChangeLog/4.2
Take note that ongoing feature deprecation is tracked at both
http://wiki.qemu-project.org/Features/LegacyRemoval and in
Appendix B of the qemu-doc.* files installed with the qemu package
Some noteworthy changes:
* x86: Denverton, Snowridge, and Dhyana CPU models added
* x86: Latest version of all CPU models how have TSX (HLE and RTM)
disabled by default
* x86: Support for AVX512 BFloat16 extensions
* x86: VMX features exposed more accurately and controllably
* s390: TCG now implements IEP (Instruction Execution Protection)
* PowerPC: POWER8 and POWER9 non-virtualized machines separated out
* PowerPC: RTAS now comes from SLOF instead of QEMU itself
* PowerPC: Unplug of multifunction PCI devices now unplugs the
whole slot, as in x86
* ARM: Support for >256 CPUs with KVM is fixed
* ARM: Memory hotplug now supported , when using UEFI, ACPI, for
virt machine type
* ARM: SVE support possuble now for KVM guests
* ARM: ACPI generic event device can now deliver powerdown event
* The backend device can be specified for a guest audio device
* virtio v1.1 packed virtqueues supported
* Socket based character device backends now support TCP keep-alive
* Use encryption library cipher mode facilities, allowing improved
performance for eg. AES-XTS encrption
* Misc block device improvements, esp. with nbd
- See the following few release-candidate changelog entries for
additional changes related to this release
- Switched package build to be out-of-tree�- Update to v4.2.0-rc5: See http://wiki.qemu.org/ChangeLog/4.2�- Update to v4.2.0-rc4: See http://wiki.qemu.org/ChangeLog/4.2
* Update the support documents used for SUSE SLE releases to cover
this qemu release�- Update to v4.2.0-rc3: See http://wiki.qemu.org/ChangeLog/4.2
* Patches dropped (upstream unless otherwise noted):
ati-add-edid-support.patch
ati-vga-add-rage128-edid-support.patch
ati-vga-fix-ati_read.patch
ati-vga-make-i2c-register-and-bits-confi.patch
ati-vga-make-less-verbose.patch
ati-vga-try-vga-ddc-first.patch
Disable-Waddress-of-packed-member-for-GC.patch
hdata-vpd-fix-printing-char-0x00.patch
target-i386-add-PSCHANGE_NO-bit-for-the-.patch
target-i386-Export-TAA_NO-bit-to-guests.patch
vbe-add-edid-support.patch
vga-add-ati-bios-tables.patch
vga-add-atiext-driver.patch
vga-make-memcpy_high-public.patch
vga-move-modelist-from-bochsvga.c-to-new.patch
* Patches added:
Enable-cross-compile-prefix-for-C-compil.patch
ensure-headers-included-are-compatible-w.patch
roms-Makefile-enable-cross-compile-for-b.patch
* Add qemu-ui-spice-app package containing ui-spice-app.so
* Add qemu-microvm package containing bios-microvm.bin
- Add descriptors for the 128k and 256k SeaBios firmware images
- For the record, the following issues reported for SUSE SLE15-SP1
are either fixed in this current package, or are otherwise not an
issue: bsc#1079730 bsc#1098403 bsc#1111025 bsc#1128106 bsc#1133031
bsc#1134883 bsc#1135210 bsc#1135902 bsc#1136540 bsc#1136778
bsc#1138534 bsc#1140402 bsc#1143794 bsc#1145379 bsc#1144087
bsc#1145427 bsc#1145436 bsc#1145774 bsc#1146873 bsc#1149811
bsc#1152506 bsc#1155812 bsc#1156642 CVE-2018-12207 CVE-2019-5008
CVE-2019-11135 CVE-2019-12068 CVE-2019-12155 CVE-2019-13164
CVE-2019-14378 CVE-2019-15890, and the following feature requests
are satisfied by this package: fate#327410 fate#327764 fate#327796
jsc#SLE-4883 jsc#SLE-6132 jsc#SLE-6237 jsc#SLE-6754�- Expose pschange-mc-no "feature", indicating CPU does not have
the page size change machine check vulnerability (CVE-2018-12207
bsc#1155812)
target-i386-add-PSCHANGE_NO-bit-for-the-.patch
- Expose taa-no "feature", indicating CPU does not have the
TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506)
target-i386-Export-TAA_NO-bit-to-guests.patch
Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1�- Update to v4.1.1, a stable, bug-fix-only release
* Besides incorporating the following fixes we already carried, it
includes about the same number of other, similar type fixes
which we hadn't yet incorporated.
* Patches dropped (subsumed by stable update):
block-Add-bdrv_co_get_self_request.patch
block-create-Do-not-abort-if-a-block-dri.patch
block-file-posix-Let-post-EOF-fallocate-.patch
block-file-posix-Reduce-xfsctl-use.patch
block-io-refactor-padding.patch
blockjob-update-nodes-head-while-removin.patch
block-Make-wait-mark-serialising-request.patch
block-nfs-tear-down-aio-before-nfs_close.patch
coroutine-Add-qemu_co_mutex_assert_locke.patch
curl-Check-completion-in-curl_multi_do.patch
curl-Handle-success-in-multi_check_compl.patch
curl-Keep-pointer-to-the-CURLState-in-CU.patch
curl-Keep-socket-until-the-end-of-curl_s.patch
curl-Pass-CURLSocket-to-curl_multi_do.patch
curl-Report-only-ready-sockets.patch
hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch
hw-core-loader-Fix-possible-crash-in-rom.patch
make-release-pull-in-edk2-submodules-so-.patch
memory-Provide-an-equality-function-for-.patch
mirror-Keep-mirror_top_bs-drained-after-.patch
pr-manager-Fix-invalid-g_free-crash-bug.patch
qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch
qcow2-Fix-corruption-bug-in-qcow2_detect.patch
qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
qcow2-Fix-the-calculation-of-the-maximum.patch
roms-Makefile.edk2-don-t-pull-in-submodu.patch
s390-PCI-fix-IOMMU-region-init.patch
s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch
target-alpha-fix-tlb_fill-trap_arg2-valu.patch
target-arm-Don-t-abort-on-M-profile-exce.patch
target-arm-Free-TCG-temps-in-trans_VMOV_.patch
util-iov-introduce-qemu_iovec_init_exten.patch
vhost-Fix-memory-region-section-comparis.patch
vpc-Return-0-from-vpc_co_create-on-succe.patch
Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1�- Fix %arm builds�- Fix two issues with qcow2 image processing which could affect
disk integrity
qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch
qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch�- Work around a host kernel xfs bug which can result in qcow2 image
corruption
block-io-refactor-padding.patch
util-iov-introduce-qemu_iovec_init_exten.patch
block-Make-wait-mark-serialising-request.patch
block-Add-bdrv_co_get_self_request.patch
block-file-posix-Let-post-EOF-fallocate-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1�- Correct package names in _constraints after switch to multibuild.�- Address potential corruption when using qcow2 images
coroutine-Add-qemu_co_mutex_assert_locke.patch
qcow2-Fix-corruption-bug-in-qcow2_detect.patch
- Include more tweaks to our packaging workflow scripts - this will
continue as we refine the scripts
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1�- use %gcc_version for cross compilers (boo#1153703)�- Add upstream edk2 submodule fix for creating tarball
- Switch to upstream patch for avoiding git ref in edk2 makefile
- Fix failing block tests which aren't compatible with the configure
option --enable-membarrier
* Patches dropped:
roms-Makefile.edk2-don-t-invoke-git-sinc.patch
tests-block-io-test-130-needs-some-delay.patch
* Patches added:
make-release-pull-in-edk2-submodules-so-.patch
roms-Makefile.edk2-don-t-pull-in-submodu.patch
tests-Fix-block-tests-to-be-compatible-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1�- Reduce the cross compiler versions we rely on
- Fix some qemu-testsuite issues, reducing known error cases
test-add-mapping-from-arch-of-i686-to-qe.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1�- Since our spec file has bashisms, include the following in the
spec file: %define _buildshell /bin/bash�- Disable some block tests which randomly fail. This is in context
of the build service build of qemu-testsuite
tests-Disable-some-block-tests-for-now.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1�- Add some post v4.1.0 upstream stable patches
* Patches added:
mirror-Keep-mirror_top_bs-drained-after-.patch
s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch
target-alpha-fix-tlb_fill-trap_arg2-valu.patch
target-arm-Free-TCG-temps-in-trans_VMOV_.patch
target-arm-Don-t-abort-on-M-profile-exce.patch
qcow2-Fix-the-calculation-of-the-maximum.patch
block-file-posix-Reduce-xfsctl-use.patch
pr-manager-Fix-invalid-g_free-crash-bug.patch
vpc-Return-0-from-vpc_co_create-on-succe.patch
block-nfs-tear-down-aio-before-nfs_close.patch
block-create-Do-not-abort-if-a-block-dri.patch
curl-Keep-pointer-to-the-CURLState-in-CU.patch
curl-Keep-socket-until-the-end-of-curl_s.patch
curl-Check-completion-in-curl_multi_do.patch
curl-Pass-CURLSocket-to-curl_multi_do.patch
curl-Report-only-ready-sockets.patch
curl-Handle-success-in-multi_check_compl.patch
blockjob-update-nodes-head-while-removin.patch
memory-Provide-an-equality-function-for-.patch
vhost-Fix-memory-region-section-comparis.patch
hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch
s390-PCI-fix-IOMMU-region-init.patch
hw-core-loader-Fix-possible-crash-in-rom.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1�- Include more tweaks to our packaging workflow scripts
- Produce qemu-linux-user and qemu-testsuite via the build service
multibuild capability, instead of duplicating the spec file and
using package link in build service
* combine qemu-linux-user spec file into main qemu spec file. Since
this model uses a single changelog, here are some historicial
mentions from the now unused qemu-linux-user.changes (delta from
qemu's was quite minimal):
- Adjust to a v5.2 linux kernel change regarding SIOCGSTAMP
- Fix pwrite64/pread64 to return 0 over -1 for a
zero length NULL buffer in qemu (bsc#1121600)
* bsc#1112499
* Since qemu-testsuite.spec and qemu-testsuite.changes were just
copies of the main qemu version nothing needs to be done there�- Build opensbi from source on riscv64�- Update to v4.1.0: See http://wiki.qemu.org/ChangeLog/4.1
Take note that ongoing feature deprecation is tracked at both
http://wiki.qemu-project.org/Features/LegacyRemoval and in
Appendix B of the qemu-doc.* files installed with the qemu package
Some noteworthy changes:
* x86: CPU models are now versioned
* x86: CPU die topology can now be configured
* x86: New Hygon Dhyana and Intel Snowridge CPU models
* s390: The bios now supports IPL (boot) from ECKD DASD assigned
to the guest via vfio-ccw
* s390: The bios now tolerates the presence of bootmap signature
entries written by zipl
* PowerPC: pseries machine now supports KVM acceleration
(kernel_irqchip=on) of the XIVE interrupt controller
* PowerPC: pseries now supports hot-plug of PCI bridges and hot-plug
and unplug of devices under PCI bridges
* ARM: QEMU now supports emulating an FPU for Cortex-M CPUs, and the
Cortex-M4 and Cortex-M33 now provide the FP
* Python 2 support is deprecated
* UEFI platform firmware binaries, and matching variable store
templates are now installed
* Now it's possible to specify memory-less NUMA node when using
"-numa node,memdev" options
* Possible to trigger self announcement on specific network interfaces
* Default memory distribution between NUMA nodes is now deprecated
* Fallback to normal RAM allocation if QEMU is not able to allocate
from the "-mem-path" provided file/filesystem is now deprecated
* virtio-gpu 2d/3d rendering may now be offloaded to an external
vhost-user process, such as QEMU vhost-user-gpu
* QEMU will automatically try to use the MAP_SYNC mmap flag for memory
backends configured with pmem=on,share=on
* Additional SeaVGABIOS patches added for vga-ati compatibility
- Drop attempt at build compatibility with SLE12
- New sub-packages: qemu-edk2, qemu-vhost-user-gpu
- Conditionalize building of qemu-edk2 (and leave unbuilt for now)
- Implement new packaging workflow, includes no longer numbering
patches, and having the "current git repo" stored with the package
in the form of git bundles
* Patches dropped (upstream unless otherwise noted):
0027-tests-test-thread-pool-is-racy-add-.patch
0032-tests-Fix-Makefile-handling-of-chec.patch
0034-Revert-target-i386-kvm-add-VMX-migr.patch
0036-sockets-avoid-string-truncation-war.patch
0039-linux-user-avoid-string-truncation-.patch
0040-linux-user-elfload-Fix-GCC-9-build-.patch
0041-qxl-avoid-unaligned-pointer-reads-w.patch
0042-libvhost-user-fix-Waddress-of-packe.patch
0043-target-i386-define-md-clear-bit.patch
0045-kbd-state-fix-autorepeat-handling.patch
0046-target-ppc-ensure-we-get-null-termi.patch
0049-qxl-check-release-info-object.patch
0050-qemu-bridge-helper-restrict-interfa.patch
0051-linux-user-fix-to-handle-variably-s.patch
ipxe-use-gcc6-for-more-compact-code.patch (no longer needed)
(the next three are replaced by the upstream equivalent)
ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
ipxe-build-Disable-gcc-address-of-packed-member-warning.patch
ipxe-efi-Avoid-string-op-warning-with-cross-gcc-7-compile.patch
slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input.patch
* Patches renamed:
0001-XXX-dont-dump-core-on-sigabort.patch
- > XXX-dont-dump-core-on-sigabort.patch
0002-qemu-binfmt-conf-Modify-default-pat.patch
- > qemu-binfmt-conf-Modify-default-path.patch
0003-qemu-cvs-gettimeofday.patch
- > qemu-cvs-gettimeofday.patch
0004-qemu-cvs-ioctl_debug.patch
- > qemu-cvs-ioctl_debug.patch
0005-qemu-cvs-ioctl_nodirection.patch
- > qemu-cvs-ioctl_nodirection.patch
0006-linux-user-add-binfmt-wrapper-for-a.patch
- > linux-user-add-binfmt-wrapper-for-argv-0.patch
0007-PPC-KVM-Disable-mmu-notifier-check.patch
- > PPC-KVM-Disable-mmu-notifier-check.patch
0008-linux-user-binfmt-support-host-bina.patch
- > linux-user-binfmt-support-host-binaries.patch
0009-linux-user-Fake-proc-cpuinfo.patch
- > linux-user-Fake-proc-cpuinfo.patch
0010-linux-user-use-target_ulong.patch
- > linux-user-use-target_ulong.patch
0011-Make-char-muxer-more-robust-wrt-sma.patch
- > Make-char-muxer-more-robust-wrt-small-FI.patch
0012-linux-user-lseek-explicitly-cast-no.patch
- > linux-user-lseek-explicitly-cast-non-set.patch
0013-AIO-Reduce-number-of-threads-for-32.patch
- > AIO-Reduce-number-of-threads-for-32bit-h.patch
0014-xen_disk-Add-suse-specific-flush-di.patch
- > xen_disk-Add-suse-specific-flush-disable.patch
0015-qemu-bridge-helper-reduce-security-.patch
- > qemu-bridge-helper-reduce-security-profi.patch
0016-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
- > qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
0017-linux-user-properly-test-for-infini.patch
- > linux-user-properly-test-for-infinite-ti.patch
0018-roms-Makefile-pass-a-packaging-time.patch
- > roms-Makefile-pass-a-packaging-timestamp.patch
0019-Raise-soft-address-space-limit-to-h.patch
- > Raise-soft-address-space-limit-to-hard-l.patch
0020-increase-x86_64-physical-bits-to-42.patch
- > increase-x86_64-physical-bits-to-42.patch
0021-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
- > vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch
0022-i8254-Fix-migration-from-SLE11-SP2.patch
- > i8254-Fix-migration-from-SLE11-SP2.patch
0023-acpi_piix4-Fix-migration-from-SLE11.patch
- > acpi_piix4-Fix-migration-from-SLE11-SP2.patch
0024-Switch-order-of-libraries-for-mpath.patch
- > Switch-order-of-libraries-for-mpath-supp.patch
0025-Make-installed-scripts-explicitly-p.patch
- > Make-installed-scripts-explicitly-python.patch
0026-hw-smbios-handle-both-file-formats-.patch
- > hw-smbios-handle-both-file-formats-regar.patch
0028-xen-add-block-resize-support-for-xe.patch
- > xen-add-block-resize-support-for-xen-dis.patch
0029-tests-qemu-iotests-Triple-timeout-o.patch
- > tests-qemu-iotests-Triple-timeout-of-i-o.patch
0030-tests-block-io-test-130-needs-some-.patch
- > tests-block-io-test-130-needs-some-delay.patch
0031-xen-ignore-live-parameter-from-xen-.patch
- > xen-ignore-live-parameter-from-xen-save-.patch
0033-Conditionalize-ui-bitmap-installati.patch
- > Conditionalize-ui-bitmap-installation-be.patch
0035-tests-change-error-message-in-test-.patch
- > tests-change-error-message-in-test-162.patch
0037-hw-usb-hcd-xhci-Fix-GCC-9-build-war.patch
- > hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch
0038-hw-usb-dev-mtp-Fix-GCC-9-build-warn.patch
- > hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch
0044-hw-intc-exynos4210_gic-provide-more.patch
- > hw-intc-exynos4210_gic-provide-more-room.patch
0047-configure-only-populate-roms-if-sof.patch
- > configure-only-populate-roms-if-softmmu.patch
0048-pc-bios-s390-ccw-net-avoid-warning-.patch
- > pc-bios-s390-ccw-net-avoid-warning-about.patch
keycodemapdb-make-keycode-gen-output-reproducible.patch
- > Make-keycode-gen-output-reproducible-use.patch
ipxe-stub-out-the-SAN-req-s-in-int13.patch
- > stub-out-the-SAN-req-s-in-int13.patch
sgabios-fix-cross-build.patch deleted
- > roms-sgabios-Fix-csum8-to-be-built-by-ho.patch
sgabios-stable-buildid.patch
- > sgabios-Makefile-fix-issues-of-build-rep.patch
skiboot-gcc9-compat.patch
- > Disable-Waddress-of-packed-member-for-GC.patch
ipxe-stable-buildid.patch
- > ipxe-Makefile-fix-issues-of-build-reprod.patch
seabios-fix_cross_compilation.patch
- > enable-cross-compilation-on-ARM.patch
* Patches added:
roms-change-cross-compiler-naming-to-be-.patch
roms-Makefile.edk2-don-t-invoke-git-sinc.patch
vga-move-modelist-from-bochsvga.c-to-new.patch
vga-make-memcpy_high-public.patch
vga-add-atiext-driver.patch
vga-add-ati-bios-tables.patch
vbe-add-edid-support.patch
ati-add-edid-support.patch
ati-vga-make-less-verbose.patch
ati-vga-fix-ati_read.patch
ati-vga-make-i2c-register-and-bits-confi.patch
ati-vga-try-vga-ddc-first.patch
ati-vga-add-rage128-edid-support.patch
Fix-s-directive-argument-is-null-error.patch
Workaround-compilation-error-with-gcc-9..patch
Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch
hdata-vpd-fix-printing-char-0x00.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1�- Since we build seabios, take advantage of ability to add our own
identifying version info by changing SEABIOS_EXTRAVERSION from
"-prebuilt.qemu.org" to "-rebuilt.suse.com" (or
"-rebuilt.opensuse.org for openSUSE releases)�- Security fix for heap overflow in ip_reass on big packet input
(CVE-2019-14378, bsc#1143794)
slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input.patch�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0
* Patches added:
0051-linux-user-fix-to-handle-variably-s.patch�- Make keycode-gen output reproducible (use SOURCE_DATE_EPOCH timestamp)
keycodemapdb-make-keycode-gen-output-reproducible.patch�- Security fix for null pointer dereference while releasing spice resources
(CVE-2019-12155, bsc#1135902)
0049-qxl-check-release-info-object.patch
- Security fix for qemu-bridge-helper ACL can be bypassed when names are too long
(CVE-2019-13164, bsc#1140402)
0050-qemu-bridge-helper-restrict-interfa.patch
- Replace patch 0043 with an upstream version
0043-target-i386-define-md-clear-bit.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0�- fixed regression for ksm.service was (bsc#1112646)�- Content of packaged %_docdir/%name/interop/_static/ dir depends
on python-Sphinx version, so lets just wildcard specifying
those files, rather than trying to manage a specific file list�- Last change exposed that we still do rely on python2. Make
spec file adjustment�- Switch from python-Sphinx to Sphinx from python variant we are
building with (new Sphinx is for python3 only)�- Fix a number of compatibility issues with the stricter gcc9 checks
* Disable warning for taking address of packed structure members
0048-pc-bios-s390-ccw-net-avoid-warning-.patch
* Fix case of strncpy where null terminated string not guaranteed
0046-target-ppc-ensure-we-get-null-termi.patch
* Disable warning for taking address of packed structure members
and fix case of passing null pointer as "%s" format parameter
skiboot-gcc9-compat.patch
- Fix configure script which caused firmware to be built in
linux-user only build.
0047-configure-only-populate-roms-if-sof.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0�- Fix regression in autorepeat key handling
0045-kbd-state-fix-autorepeat-handling.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0�- Fix file list�- Yet another gcc9 related code fix (bsc#1121464)
0044-hw-intc-exynos4210_gic-provide-more.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0�- Switch to now upstreamed version of patch and add one more
gcc9 related patch
* Patches renamed:
0041-qxl-fix-Waddress-of-packed-member.patch
- > 0041-qxl-avoid-unaligned-pointer-reads-w.patch
0042-libvhost-user-fix-Waddress-of-packe.patch
- Add x86 cpu feature "md-clear" (CVE-2018-12126 CVE-2018-12127
CVE-2018-12130 CVE-2019-11091 bsc#1111331)
0043-target-i386-define-md-clear-bit.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0�- Correct logic of which ipxe patches get included based on
suse_version. We were wrongly excluding a gcc9 related patch for
example�- Switch to now upstreamed version of some patches
* Patches renamed:
0036-util-qemu-sockets-Fix-GCC-9-build-w.patch
- > 0036-sockets-avoid-string-truncation-war.patch
0039-linux-user-uname-Fix-GCC-9-build-wa.patch
- > 0039-linux-user-avoid-string-truncation-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0�- Create /usr/share/qemu/firmware and /etc/qemu/firmware directories
in support of the firmware descriptor feature now in use as of
libvirt v5.2�- Disable LTO as suggested by Martin Liska (boo#1133281)
- Remove and obsolete qemu-oss-audio subpackage. OSS audio is very
old, and we didn't really even configure the package properly for
it for a very long time, so presumably there can't be any users
of it as far as qemu is concerned
- Avoid warnings which gcc9 complains about
0036-util-qemu-sockets-Fix-GCC-9-build-w.patch
0037-hw-usb-hcd-xhci-Fix-GCC-9-build-war.patch
0038-hw-usb-dev-mtp-Fix-GCC-9-build-warn.patch
0039-linux-user-uname-Fix-GCC-9-build-wa.patch
0040-linux-user-elfload-Fix-GCC-9-build-.patch
0041-qxl-fix-Waddress-of-packed-member.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0�- Update to v4.0.0: See http://wiki.qemu.org/ChangeLog/4.0
Take note that ongoing feature deprecation is tracked at both
http://wiki.qemu-project.org/Features/LegacyRemoval and in
Appendix B of the qemu-doc.* files installed with the qemu package
Some noteworthy changes:
* ARM: ARMv8+ extensions for SB, PredInv, HPD, LOR, FHM, AA32HPD,
PAuth, JSConv, CondM, FRINT, and BTI
* ARM: new emulation support for "Musca" and "MPS2" development boards
* ARM: virt: support for >255GB of RAM and u-boot "noload" image types
* ARM: improved emulation of ARM PMU
* HPPA: support for TLB protection IDs and TLB trace events
* MIPS: support for multi-threaded TCG emulation
* MIPS: emulation support for I7200 I6500 CPUs, QMP-base querying of
CPU types, and improved support for SAARI and SAAR configuration registers
* MIPS: improvements to Interthread Communication Unit, Fulong 2E
machine types, and end-user documentation.
* PowerPC: pseries/powernv: support for POWER9 large decrementer
* PowerPC: pseries: emulation support for XIVE interrupt controller
* PowerPC: pseries: support for hotplugging PCI host bridges (PHBs)
* PowerPC: pseries: Spectre/Meltdown mitigations enabled by default,
additional support for count-cache-flush mitigation
* RISC-V: virt: support for PCI and USB
* RISC-V: support for TSR, TW, and TVM fields of mstatus, FS field now
supports three stats (dirty, clean, and off)
* RISC-V: built-in gdbserver supports register lists via XML files
* s390: support for z14 GA 2 CPU model, Multiple-epoch and PTFF
features now enabled in z14 CPU model by default
* s390: vfio-ap: now supports hot plug/unplug, and no longer inhibits memory
ballooning
* s390: emulation support for floating-point extension facility and
vector support instructions
* x86: HAX accelerator now supported POSIX hosts other than Darwin,
including Linux and NetBSD
* x86: Q35: advertised PCIe root port speeds will now optimally default
to maximum link speed (16GT/s) and width (x32) provided by PCIe 4.0 for
QEMU 4.0+ machine types; older machine types will retain 2.5GT/x1
defaults for compatibility.
* x86: Xen PVH images can now be booted with "-kernel" option
* Xtensa: xtfpga: improved SMP support for linux (interrupt
distributor, IPI, and runstall) and new SMP-capable test_mmuhifi_c3
core configuration
* Xtensa: support for Flexible length instructions extension (FLIX)
* GUI: new '-display spice-app' to configure/launch a Spice client GUI with
a similar UI to QEMU GTK. VNC server now supports access controls via
tls-authz/sasl-authz options
* QMP: support for "out-of-band" command execution, can be useful for
postcopy migration recovery. Additional QMP commands for working with
block devices and dirty bitmaps
* VFIO: EDID interface for supported mdev (Intel vGPU for kernel 5.0+),
allows resolution setting via xres/yres options.
* Xen: new 'xen-disk' device which can create a Xen PV disk backend,
and performance improvements for Xen PV disk backend.
* Network Block Device: improved tracing and error diagnostics, improved
client compatibility with buggy NBD server implementations, new
- -bitmap, --list, --tls-authz options for qemu-nbd
* virtio-blk now supports DISCARD and WRITE_ZEROES
* qemu-test-suite output is now in TAP format
* Sphinx now used for part of qemu documentation
* A few more configure features are enabled: iconv, lzfse (for openSUSE)
* Provide better logo icons
- Made these package building changes:
* Removed this token from spec file: #!BuildIgnore: gcc-PIE
* Created ability to build qemu source out-of-tree
* Added BSD-2-Clause license clause due to EDK II code inclusion
* Patches dropped (upstream unless otherwise noted):
0010-Remove-problematic-evdev-86-key-fro.patch
0025-Fix-tigervnc-long-press-issue.patch
0026-string-input-visitor-Fix-uint64-par.patch
0027-test-string-input-visitor-Add-int-t.patch
0028-test-string-input-visitor-Add-uint6.patch
0029-tests-Add-QOM-property-unit-tests.patch
0030-tests-Add-scsi-disk-test.patch
0033-smbios-Add-1-terminator-if-any-stri.patch (different approach used)
0034-qemu-io-tests-comment-out-problemat.patch (not as needed)
0039-xen_disk-Avoid-repeated-memory-allo.patch
0041-vfio-ap-flag-as-compatible-with-bal.patch
0042-hw-s390x-Fix-bad-mask-in-time2tod.patch
0043-pcie-set-link-state-inactive-active.patch
0044-pc-piix4-Update-smbus-I-O-space-aft.patch
0045-hw-usb-fix-mistaken-de-initializati.patch
0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch
0047-pvrdma-release-device-resources-in-.patch
0048-rdma-check-num_sge-does-not-exceed-.patch
0049-pvrdma-add-uar_read-routine.patch
0050-pvrdma-check-number-of-pages-when-c.patch
0051-pvrdma-check-return-value-from-pvrd.patch
0052-pvrdma-release-ring-object-in-case-.patch
0053-block-Fix-hangs-in-synchronous-APIs.patch
0054-linux-user-make-pwrite64-pread64-fd.patch
0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
0056-slirp-check-data-length-while-emula.patch
0057-s390x-Return-specification-exceptio.patch
0059-memory-Fix-the-memory-region-type-a.patch
0060-target-i386-sev-Do-not-pin-the-ram-.patch
0061-slirp-check-sscanf-result-when-emul.patch
0062-ppc-add-host-serial-and-host-model-.patch
0063-i2c-ddc-fix-oob-read.patch
0064-device_tree.c-Don-t-use-load_image.patch
0065-spapr-Simplify-handling-of-host-ser.patch
ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch
ipxe-fix-build.patch
skiboot-hdata-i2c.c-fix-building-with-gcc8.patch
* Patches renamed:
0011-linux-user-use-target_ulong.patch
- > 0010-linux-user-use-target_ulong.patch
0012-Make-char-muxer-more-robust-wrt-sma.patch
- > 0011-Make-char-muxer-more-robust-wrt-sma.patch
0013-linux-user-lseek-explicitly-cast-no.patch
- > 0012-linux-user-lseek-explicitly-cast-no.patch
0014-AIO-Reduce-number-of-threads-for-32.patch
- > 0013-AIO-Reduce-number-of-threads-for-32.patch
0015-xen_disk-Add-suse-specific-flush-di.patch
- > 0014-xen_disk-Add-suse-specific-flush-di.patch
0016-qemu-bridge-helper-reduce-security-.patch
- > 0015-qemu-bridge-helper-reduce-security-.patch
0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
- > 0016-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
0018-linux-user-properly-test-for-infini.patch
- > 0017-linux-user-properly-test-for-infini.patch
0019-roms-Makefile-pass-a-packaging-time.patch
- > 0018-roms-Makefile-pass-a-packaging-time.patch
0020-Raise-soft-address-space-limit-to-h.patch
- > 0019-Raise-soft-address-space-limit-to-h.patch
0021-increase-x86_64-physical-bits-to-42.patch
- > 0020-increase-x86_64-physical-bits-to-42.patch
0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
- > 0021-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0023-i8254-Fix-migration-from-SLE11-SP2.patch
- > 0022-i8254-Fix-migration-from-SLE11-SP2.patch
0024-acpi_piix4-Fix-migration-from-SLE11.patch
- > 0023-acpi_piix4-Fix-migration-from-SLE11.patch
0031-Switch-order-of-libraries-for-mpath.patch
- > 0024-Switch-order-of-libraries-for-mpath.patch
0032-Make-installed-scripts-explicitly-p.patch
- > 0025-Make-installed-scripts-explicitly-p.patch
0035-tests-test-thread-pool-is-racy-add-.patch
- > 0027-tests-test-thread-pool-is-racy-add-.patch
0036-xen-add-block-resize-support-for-xe.patch
- > 0028-xen-add-block-resize-support-for-xe.patch
0037-tests-qemu-iotests-Triple-timeout-o.patch
- > 0029-tests-qemu-iotests-Triple-timeout-o.patch
0038-tests-block-io-test-130-needs-some-.patch
- > 0030-tests-block-io-test-130-needs-some-.patch
0040-xen-ignore-live-parameter-from-xen-.patch
- > 0031-xen-ignore-live-parameter-from-xen-.patch
0058-Revert-target-i386-kvm-add-VMX-migr.patch
- > 0034-Revert-target-i386-kvm-add-VMX-migr.patch
* Patches added:
0026-hw-smbios-handle-both-file-formats-.patch
0032-tests-Fix-Makefile-handling-of-chec.patch
0033-Conditionalize-ui-bitmap-installati.patch
0035-tests-change-error-message-in-test-.patch
ipxe-efi-Avoid-string-op-warning-with-cross-gcc-7-compile.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0�- Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest
upstream adjustments for the same. Basically now the security fix
is to provide a dummy host-model and host-serial value, which
overrides getting that value from the host
0065-spapr-Simplify-handling-of-host-ser.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1�- Tweak last spec file change to guard new Requires with conditional
- Fix DOS possibility in device tree processing (CVE-2018-20815
bsc#1130675)
0064-device_tree.c-Don-t-use-load_image.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1�- Remove an unneeded BuildRequires which impacts bsc#1119414 fix
Also add a corresponding Recommends for qemu-tools as part of
this packaging adjustment (bsc#1130484)
- Fix information leak in slirp (CVE-2019-9824 bsc#1129622)
0061-slirp-check-sscanf-result-when-emul.patch
- Add method to specify whether or not to expose certain ppc64 host
information, which can be considered a security issue
(CVE-2019-8934 bsc#1126455)
0062-ppc-add-host-serial-and-host-model-.patch
- Fix OOB memory access and information leak in virtual monitor
interface (CVE-2019-03812 bsc#1125721)
0063-i2c-ddc-fix-oob-read.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1�- Again address ipxe GCC 9 incompatibilities. Previously included
patch to disable unneeded warning got muffed somehow (bsc#1121464)�- Package and cross-build rom files for aarch64 from
SLE15/Leap15.0 to fix boo#1125964
- Add patch to fix seabios cross-compilation:
* seabios-fix_cross_compilation.patch
- Add patch to fix sgabios cross-compilation:
* sgabios-fix-cross-build.patch�- Fix _constraints to include all architectures for disk size
(fix aarch64)�- Revert upstream patch which declares x86 vmx feature a migration
blocker. Given the proliferation of using vm's with host features
passed through and the general knowledge that nested
virtualization has many usage caveats, but still gets put in use
in restricted scenarios, this patch did more harm than good, I
feel. So despite this relaxation, please consider yourself warned
that nested virtualization is not yet a supportable feature.
(bsc#1121604)
0058-Revert-target-i386-kvm-add-VMX-migr.patch
- Fix SEV VM device assignment (bsc#1123205)
0059-memory-Fix-the-memory-region-type-a.patch
0060-target-i386-sev-Do-not-pin-the-ram-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1�- Remove 71-sev.rules, which modifies the default permissions of
/dev/sev by adding the kvm group as reader/writer. Upstream
decided to take a different approach for libvirt to manage SEV
due to security concerns which I agree overrides the convenience
of providing /dev/sev access to all the kvm group (bsc#1124842
bsc#1102604)�- Increase memory needed to build qemu-testsuite for ppc* arch's
in _constraints file�- Return specification exception for unimplemented diag 308 subcodes
rather than a hardware error (bsc#1123179)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
* Patches added:
0057-s390x-Return-specification-exceptio.patch�- Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156)
0056-slirp-check-data-length-while-emula.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Fix ipxe GCC 9 incompatibilities (bsc#1121464)
ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch
ipxe-build-Disable-gcc-address-of-packed-member-warning.patch�- Tweak Xen interface to be compatible with upcoming v4.12 Xen
0055-xen-Add-xen-v4.12-based-xc_domain_c.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
* Patches added:
0054-linux-user-make-pwrite64-pread64-fd.patch
(bsc#1121600)�- Clarify that move to include v3.1.0 in qemu package corresponds
with fate#327089, which of course builds on v3.0.0 mentioned
previously, and that among other patches which this change
obsoletes (because functionality is included in base version) I
will mention one pointed out by reviewers:
0094-s390x-cpumodels-add-z14-Model-ZR1.patch�- include post v3.1.0 patches marked for next stable release:
0041-vfio-ap-flag-as-compatible-with-bal.patch
0042-hw-s390x-Fix-bad-mask-in-time2tod.patch
0043-pcie-set-link-state-inactive-active.patch
0044-pc-piix4-Update-smbus-I-O-space-aft.patch
0045-hw-usb-fix-mistaken-de-initializati.patch
- Address various security/stability issues
* Fix host access vulnerability in usb-mtp infrastructure
(CVE-2018-16872 bsc#1119493)
0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch
* Fix DoS in pvrdma interface (CVE-2018-20123 bsc#1119437)
0047-pvrdma-release-device-resources-in-.patch
* Fix OOB access issue in rdma backend (CVE-2018-20124 bsc#1119840)
0048-rdma-check-num_sge-does-not-exceed-.patch
* Fix NULL pointer reference in pvrdma emulation (CVE-2018-20191
bsc#1119979)
0049-pvrdma-add-uar_read-routine.patch
* Fix DoS in pvrdma interface (CVE-2018-20125 bsc#1119989)
0050-pvrdma-check-number-of-pages-when-c.patch
* Fix DoS in pvrdma interface (CVE-2018-20216 bsc#1119984)
0051-pvrdma-check-return-value-from-pvrd.patch
* Fix DoS in pvrdma interface (CVE-2018-20126 bsc#1119991)
0052-pvrdma-release-ring-object-in-case-.patch
- one more post v3.1.0 patches marked for next stable release:
0053-block-Fix-hangs-in-synchronous-APIs.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
* Patches added:
0040-xen-ignore-live-parameter-from-xen-.patch
(bsc#1079730, bsc#1101982, bsc#1063993)�- Follow up on ideas prompted by last change: clean up the patches
generated by git workflow. There is no value to the first line
(mbox From line), or [PATCH] on subject line. Get rid of those
- Other minor fixes and improvements to update_git.sh�- Modify update_git.sh script:
pass --zero-commit to format-patch
This removes needless noise in the buildservice when the same set
of patches is imported/exported at different times by different users.
pass --no-signature to format-patch
Remove sed call which used to remove the signature, use mv instead�- Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646)�- fix memory leak in xen_disk (bsc#1100408)
0039-xen_disk-Avoid-repeated-memory-allo.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1�- building against xen-devel requires the XC_* compat macros to be
set because this version of QEMU will be built against many
versions of Xen. configure will decide on the appropriate function
names it knows about today. To actually call these functions,
future versions of Xen may require XC_* to be set.
Furthermore, fix a bug in QEMU: xen_common.h undefines the XC_*
macros unconditionally.�- Update to v3.1.0: See http://wiki.qemu.org/ChangeLog/3.1
Take note that ongoing feature deprecation is tracked at both
http://wiki.qemu-project.org/Features/LegacyRemoval and in
Appendix B of the qemu-doc.* files installed with the qemu package
Some noteworthy changes:
* x86 IceLake-Server and IceLake-Client cpu models added
* Document recommendations for choosing cpu modesl for x86 guests
* Support for Hyper-V enlightened VMCS
* stdvga and bochs-display devices can expose EDID information to the
guest. stdvga xres and yres properties are exposed in the EDID information
* s390 improvements: vfio-ap crypto device support, max-cpu model added,
etoken support, huge page backing support
* ARM: ARMv6M architecture and Cortex-M0 cpu host support added,
Cortex-A72 cpu model added, GICv2 virtualization extensions, emulation
of AArch32 virtualization, Scalable Vector Extension implemented
* Support for AMD IOMMU interrupt remapping and guest virtual APIC mode
* Multithreaded TCG on x86 is considered supportable
* Add a patch to triple timeout of block io tests, since the obs
environment is fickle
* x86 save/restore and live migration is prohibited if Intel KVM nested
virtualization is enabled
* Patches dropped (upstream unless otherwise noted):
0033-migration-warn-about-inconsistent-s.patch (shouldn't be needed anymore)
0035-configure-Modify-python-used-for-io.patch (upstream now python3 friendly)
0039-tests-boot-serial-test-Bump-timeout.patch
0040-linux-headers-update.patch
0041-s390x-kvm-add-etoken-facility.patch
0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch
0043-configure-require-libseccomp-2.2.0.patch
0044-seccomp-set-the-seccomp-filter-to-a.patch
0045-sandbox-disable-sandbox-if-CONFIG_S.patch
0046-seccomp-check-TSYNC-host-capability.patch
0047-linux-user-init_guest_space-Try-to-.patch
0048-ne2000-fix-possible-out-of-bound-ac.patch
0049-rtl8139-fix-possible-out-of-bound-a.patch
0050-pcnet-fix-possible-buffer-overflow.patch
0051-net-ignore-packet-size-greater-than.patch
0052-lsi53c895a-check-message-length-val.patch
0053-nvme-fix-oob-access-issue-CVE-2018-.patch (fixed differently upstream)
* Patches renamed:
0034-smbios-Add-1-terminator-if-any-stri.patch
- > 0033-smbios-Add-1-terminator-if-any-stri.patch
0036-qemu-io-tests-comment-out-problemat.patch
- > 0034-qemu-io-tests-comment-out-problemat.patch
0037-tests-test-thread-pool-is-racy-add-.patch
- > 0035-tests-test-thread-pool-is-racy-add-.patch
0038-xen-add-block-resize-support-for-xe.patch
- > 0036-xen-add-block-resize-support-for-xe.patch
* Patches added:
0037-tests-qemu-iotests-Triple-timeout-o.patch
0038-tests-block-io-test-130-needs-some-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
- Update includes the following bug fixes: bsc#1108474, bsc#1117615
- Update includes the following SLE requested functionality: FATE#324810,
FATE#325875, FATE#326369, FATE#326378, FATE#326379, FATE#326401,
FATE#326672, FATE#326829
- Make the following packaging changes related to the new release
* Enable libpmem, pvrdma, vhost-crypto features and qemu-block-nfs
subpackage
* New roms available: vgabios-bochs-display.bin, vgabios-ramfb.bin
* New binary tool included (qemu-edid) for testing the new qemu edid
generator
- Tweaked patches we carry to pass qemu's checkpatch checker
- Modify update_git.sh script to enable packaging qemu from development
time sources, not just at release time
- Removed erroneous (and now useless) tests for tar and gzip formats
- Don't exclude s390x anymore from building the qemu-testsuite
- Based on current OBS building observations make changes to storage
and memory requires specified in the _constraints file�- Re-sync openSUSE and SUSE SLE qemu packages. This changes file
is the openSUSE one with this entry providing the intervening
SLE CVE, FATE, and bugzilla references, which are still addressed
in this package, and not yet called out in this changes file.
* CVE-2018-10839 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962
CVE-2018-17963 CVE-2018-18849
* bsc#1110910 bsc#1111006 bsc#1111010 bsc#1111013 bsc#1114422
bsc#1114529
* Patches added:
0047-linux-user-init_guest_space-Try-to-.patch
0048-ne2000-fix-possible-out-of-bound-ac.patch
0049-rtl8139-fix-possible-out-of-bound-a.patch
0050-pcnet-fix-possible-buffer-overflow.patch
0051-net-ignore-packet-size-greater-than.patch
0052-lsi53c895a-check-message-length-val.patch
0053-nvme-fix-oob-access-issue-CVE-2018-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0�* Adding changes to mitigate seccomp vulnerability
(CVE-2018-15746 bsc#1106222)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0
* Patches added:
0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch
0043-configure-require-libseccomp-2.2.0.patch
0044-seccomp-set-the-seccomp-filter-to-a.patch
0045-sandbox-disable-sandbox-if-CONFIG_S.patch
0046-seccomp-check-TSYNC-host-capability.patch�- Do more misc spec file fixes:
* Be explicit in spec file about Version used for all subpackages
(again, to avoid subpackage ordering issues). Default Release
tag is also brought in by obs format_spec_file service
* Delete binary blob s390-netboot.img, which we rebuild
* Don't provide separate Url for qemu-kvm package - the main qemu
website provides easily findable link for kvm specifics
* Associate petalogix-ml605.dtb with qemu-extra instead of qemu-ppc
* More entry sorting�- Correct some versioning as follows:
* Accurately reflect the qemu-ipxe package version value by adding
"+" at the end
* Don't overwrite seabios .version file, since now (for quite some
time actually) upstream tarball creation creates this file and
the value we are writing to it is actually wrong
- Make spec file improvements, including the following:
* Add qemu.keyring to enable package source verification
* Create srcname macro to identify source file name separately from
package name
* Create alternate to %version to avoid subpackage ordering
causing inadvertantly wrong %version value at point of use
* Sort some entries
* Be more consistent with macro syntax usage
* Minor file tweaks as done by osc format_spec_file service�- Re-sync openSUSE and SUSE SLE qemu packages. This changes file
is the openSUSE one with this entry providing the intervening
SLE CVE, FATE, and bugzilla references, which are still addressed
in this package, and not yet called out in this changes file.
* CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746
* fate#325467
* bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735
bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489
* Patches added:
* only enable glusterfs for openSUSE
0040-linux-headers-update.patch
0041-s390x-kvm-add-etoken-facility.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0�- Increase timeout for boot-serial-test, since we've hit the timeout
for armv7l arch in qemu-testsuite.
0039-tests-boot-serial-test-Bump-timeout.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0�- Drop legacy kvm_stat script and man page. We'll rely on the kvm_stat
package only going forward
kvm_stat
kvm_stat.1.gz
- Update SLE support documentation to match v3.0.0 release�- Update to v3.0.0: See http://wiki.qemu.org/ChangeLog/3.0
Don't read anything into the major version number update. It's
been decided to increase the major version number each year.
Take note that ongoing feature deprecation is tracked at both
http://wiki.qemu-project.org/Features/LegacyRemoval and in
Appendix B of the qemu-doc.* files installed with the qemu package.
Some noteworthy changes:
* Support for additional x86/AMD mitigations against Speculative
Store Bypass (Spectre Variant 4, CVE-2018-3639)
* Improved support for nested KVM guests running on Hyper-V
* Block device support for active disk-mirroring, which avoids
convergence issues which may arise when doing passive/background
mirroring of busy devices
* Improved support for AHCI emulation, SCSI emulation, and persistent
reservations / cluster management
* OpenGL ES support for SDL front-end, additional framebuffer
device options for early boot display without using legacy VGA
emulation
* Live migration support for TPM TIS devices, capping bandwidth
usage during post-copy migration, and recovering from a failed
post-copy migration
* Improved latency when using user-mode networking / SLIRP
* ARM: support for SMMUv3 IOMMU when using 'virt' machine type
* ARM: v8M extensions for VLLDM and VLSTM floating-point instructions,
and improved support for AArch64 v8.2 FP16 extensions
* ARM: support for Scalable Vector Extensions in linux-user mode
* Microblaze: support for 64-bit address sizes and translation bug
fixes
* PowerPC: PMU support for mac99 machine type and improvements for
Uninorth PCI host bridge emulation for Mac machine types
* PowerPC: preliminary support for emulating POWER9 hash MMU mode when
using powernv machine type
* RISC-V: improvement for privileged ISA emulation
* s390: support for z14 ZR1 CPU model
* s390: bpb/ppa15 Spectre mitigations enabled by default for z196 and
later CPU models
* s390: support for configuring consoles via -serial options
* Patches dropped (upstream unless otherwise noted):
0008-linux-user-fix-segfault-deadlock.patch (no longer needed)
0039-blockjob-Fix-assertion-in-block_job.patch
0041-seccomp-allow-sched_setscheduler-wi.patch
Make-installed-scripts-explicitly-python3.patch (we now make
python3 explicit in other patch)
* Patches renamed:
0009-linux-user-binfmt-support-host-bina.patch
- > 0008-linux-user-binfmt-support-host-bina.patch
0010-linux-user-Fake-proc-cpuinfo.patch
- > 0009-linux-user-Fake-proc-cpuinfo.patch
0011-Remove-problematic-evdev-86-key-fro.patch
- > 0010-Remove-problematic-evdev-86-key-fro.patch
0012-linux-user-use-target_ulong.patch
- > 0011-linux-user-use-target_ulong.patch
0013-Make-char-muxer-more-robust-wrt-sma.patch
- > 0012-Make-char-muxer-more-robust-wrt-sma.patch
0014-linux-user-lseek-explicitly-cast-no.patch
- > 0013-linux-user-lseek-explicitly-cast-no.patch
0015-AIO-Reduce-number-of-threads-for-32.patch
- > 0014-AIO-Reduce-number-of-threads-for-32.patch
0016-xen_disk-Add-suse-specific-flush-di.patch
- > 0015-xen_disk-Add-suse-specific-flush-di.patch
0017-qemu-bridge-helper-reduce-security-.patch
- > 0016-qemu-bridge-helper-reduce-security-.patch
0018-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
- > 0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
0019-linux-user-properly-test-for-infini.patch
- > 0018-linux-user-properly-test-for-infini.patch
0020-roms-Makefile-pass-a-packaging-time.patch
- > 0019-roms-Makefile-pass-a-packaging-time.patch
0021-Raise-soft-address-space-limit-to-h.patch
- > 0020-Raise-soft-address-space-limit-to-h.patch
0022-increase-x86_64-physical-bits-to-42.patch
- > 0021-increase-x86_64-physical-bits-to-42.patch
0023-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
- > 0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0024-i8254-Fix-migration-from-SLE11-SP2.patch
- > 0023-i8254-Fix-migration-from-SLE11-SP2.patch
0025-acpi_piix4-Fix-migration-from-SLE11.patch
- > 0024-acpi_piix4-Fix-migration-from-SLE11.patch
0026-Fix-tigervnc-long-press-issue.patch
- > 0025-Fix-tigervnc-long-press-issue.patch
0027-string-input-visitor-Fix-uint64-par.patch
- > 0026-string-input-visitor-Fix-uint64-par.patch
0028-test-string-input-visitor-Add-int-t.patch
- > 0027-test-string-input-visitor-Add-int-t.patch
0029-test-string-input-visitor-Add-uint6.patch
- > 0028-test-string-input-visitor-Add-uint6.patch
0030-tests-Add-QOM-property-unit-tests.patch
- > 0029-tests-Add-QOM-property-unit-tests.patch
0031-tests-Add-scsi-disk-test.patch
- > 0030-tests-Add-scsi-disk-test.patch
0032-Switch-order-of-libraries-for-mpath.patch
- > 0031-Switch-order-of-libraries-for-mpath.patch
0033-Make-installed-scripts-explicitly-p.patch
- > 0032-Make-installed-scripts-explicitly-p.patch (python2->python3)
0034-migration-warn-about-inconsistent-s.patch
- > 0033-migration-warn-about-inconsistent-s.patch
0035-smbios-Add-1-terminator-if-any-stri.patch
- > 0034-smbios-Add-1-terminator-if-any-stri.patch
0036-configure-Modify-python-used-for-io.patch
- > 0035-configure-Modify-python-used-for-io.patch
0037-qemu-io-tests-comment-out-problemat.patch
- > 0036-qemu-io-tests-comment-out-problemat.patch
0038-tests-test-thread-pool-is-racy-add-.patch
- > 0037-tests-test-thread-pool-is-racy-add-.patch
0040-xen-add-block-resize-support-for-xe.patch
- > 0038-xen-add-block-resize-support-for-xe.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0�- Update QEMU to allow kvm group access to /dev/sev (bsc#1102604).
71-sev.rules�- Update to v2.12.1, a stable, (mostly) bug-fix-only release
* This update contains new mitigation functionality for
CVE-2018-3639 (Speculative Store Bypass) in x86. There are also
bug fixes for migration, Intel IOMMU emulation, block layer/image
handling, ARM emulation, and various other areas.
(Note that a number of 2.12.1 patches were already included by us
previously) (CVE-2018-3639 bsc#1092885)
* Patches dropped (subsumed by stable update):
0039-device_tree-Increase-FDT_MAX_SIZE-t.patch
0040-vnc-fix-use-after-free.patch
0041-ccid-Fix-dwProtocols-advertisement-.patch
0042-tcg-arm-Fix-memory-barrier-encoding.patch
0043-s390-ccw-force-diag-308-subcode-to-.patch
0044-nbd-client-fix-nbd_negotiate_simple.patch
0045-migration-block-dirty-bitmap-fix-me.patch
0046-nbd-client-Fix-error-messages-durin.patch
0047-nbd-client-Relax-handling-of-large-.patch
0048-qxl-fix-local-renderer-crash.patch
0049-tcg-Limit-the-number-of-ops-in-a-TB.patch
0050-target-arm-Clear-SVE-high-bits-for-.patch
0051-cpus-tcg-fix-never-exiting-loop-on-.patch
0052-s390x-css-disabled-subchannels-cann.patch
0053-pc-bios-s390-ccw-struct-tpi_info-mu.patch
0054-virtio-ccw-common-reset-handler.patch
0055-s390x-ccw-make-sure-all-ccw-devices.patch
0056-blockjob-expose-error-string-via-qu.patch
0058-qemu-io-Use-purely-string-blockdev-.patch
0059-qemu-img-Use-only-string-options-in.patch
0060-nfs-Remove-processed-options-from-Q.patch
0061-i386-define-the-ssbd-CPUID-feature-.patch
0062-i386-Define-the-Virt-SSBD-MSR-and-h.patch
0063-i386-define-the-AMD-virt-ssbd-CPUID.patch
0064-ahci-fix-PxCI-register-race.patch
0065-ccid-card-passthru-fix-regression-i.patch
* Patches renamed:
0057-blockjob-Fix-assertion-in-block_job.patch
- > 0039-blockjob-Fix-assertion-in-block_job.patch
0066-xen-add-block-resize-support-for-xe.patch
- > 0040-xen-add-block-resize-support-for-xe.patch
0067-seccomp-allow-sched_setscheduler-wi.patch
- > 0041-seccomp-allow-sched_setscheduler-wi.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12�- Fixing seccomp resourcecontrol defunct issue (bsc#1102627)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12
* Patches added:
0067-seccomp-allow-sched_setscheduler-wi.patch�- Add ipxe-fix-build.patch to not error out with
binutils >= 2.31 .�- Remove linux-user patch which is no longer needed (bsc#1098056)
* Patches dropped:
0011-linux-user-XXX-disable-fiemap.patch
* Patches renamed:
0036-Remove-problematic-evdev-86-key-fro.patch
- > 0011-Remove-problematic-evdev-86-key-fro.patch
0037-configure-Modify-python-used-for-io.patch
- > 0036-configure-Modify-python-used-for-io.patch
0038-qemu-io-tests-comment-out-problemat.patch
- > 0037-qemu-io-tests-comment-out-problemat.patch
0039-tests-test-thread-pool-is-racy-add-.patch
- > 0038-tests-test-thread-pool-is-racy-add-.patch
0040-device_tree-Increase-FDT_MAX_SIZE-t.patch
- > 0039-device_tree-Increase-FDT_MAX_SIZE-t.patch
0041-vnc-fix-use-after-free.patch
- > 0040-vnc-fix-use-after-free.patch
0042-ccid-Fix-dwProtocols-advertisement-.patch
- > 0041-ccid-Fix-dwProtocols-advertisement-.patch
0043-tcg-arm-Fix-memory-barrier-encoding.patch
- > 0042-tcg-arm-Fix-memory-barrier-encoding.patch
0044-s390-ccw-force-diag-308-subcode-to-.patch
- > 0043-s390-ccw-force-diag-308-subcode-to-.patch
0045-nbd-client-fix-nbd_negotiate_simple.patch
- > 0044-nbd-client-fix-nbd_negotiate_simple.patch
0046-migration-block-dirty-bitmap-fix-me.patch
- > 0045-migration-block-dirty-bitmap-fix-me.patch
0047-nbd-client-Fix-error-messages-durin.patch
- > 0046-nbd-client-Fix-error-messages-durin.patch
0048-nbd-client-Relax-handling-of-large-.patch
- > 0047-nbd-client-Relax-handling-of-large-.patch
0049-qxl-fix-local-renderer-crash.patch
- > 0048-qxl-fix-local-renderer-crash.patch
0050-tcg-Limit-the-number-of-ops-in-a-TB.patch
- > 0049-tcg-Limit-the-number-of-ops-in-a-TB.patch
0051-target-arm-Clear-SVE-high-bits-for-.patch
- > 0050-target-arm-Clear-SVE-high-bits-for-.patch
0052-cpus-tcg-fix-never-exiting-loop-on-.patch
- > 0051-cpus-tcg-fix-never-exiting-loop-on-.patch
0053-s390x-css-disabled-subchannels-cann.patch
- > 0052-s390x-css-disabled-subchannels-cann.patch
0054-pc-bios-s390-ccw-struct-tpi_info-mu.patch
- > 0053-pc-bios-s390-ccw-struct-tpi_info-mu.patch
0055-virtio-ccw-common-reset-handler.patch
- > 0054-virtio-ccw-common-reset-handler.patch
0056-s390x-ccw-make-sure-all-ccw-devices.patch
- > 0055-s390x-ccw-make-sure-all-ccw-devices.patch
0057-blockjob-expose-error-string-via-qu.patch
- > 0056-blockjob-expose-error-string-via-qu.patch
0058-blockjob-Fix-assertion-in-block_job.patch
- > 0057-blockjob-Fix-assertion-in-block_job.patch
0059-qemu-io-Use-purely-string-blockdev-.patch
- > 0058-qemu-io-Use-purely-string-blockdev-.patch
0060-qemu-img-Use-only-string-options-in.patch
- > 0059-qemu-img-Use-only-string-options-in.patch
0061-nfs-Remove-processed-options-from-Q.patch
- > 0060-nfs-Remove-processed-options-from-Q.patch
0062-i386-define-the-ssbd-CPUID-feature-.patch
- > 0061-i386-define-the-ssbd-CPUID-feature-.patch
0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch
- > 0062-i386-Define-the-Virt-SSBD-MSR-and-h.patch
0064-i386-define-the-AMD-virt-ssbd-CPUID.patch
- > 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch
0065-ahci-fix-PxCI-register-race.patch
- > 0064-ahci-fix-PxCI-register-race.patch
0066-ccid-card-passthru-fix-regression-i.patch
- > 0065-ccid-card-passthru-fix-regression-i.patch
0067-xen-add-block-resize-support-for-xe.patch
- > 0066-xen-add-block-resize-support-for-xe.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12�- Fix build failure of skiboot with gcc8 compiler
skiboot-hdata-i2c.c-fix-building-with-gcc8.patch�- Tweak build service constraints information to avoid failures�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12
* Patches added:
0067-xen-add-block-resize-support-for-xe.patch�- Tweak patch file generation to be more git version agnostic.
Also change update_git.sh to not reformat spec file by default.�- Looks like the right fix for the AHCI issue has been identified
upstream. Turns out to also affect Linux guests as well.
(bsc#1094406)
* Patches dropped:
0065-Revert-replay-don-t-process-async-e.patch
0066-Revert-replay-avoid-recursive-call-.patch
0067-Revert-replay-check-return-values-o.patch
0068-Revert-replay-push-replay_mutex_loc.patch
* Patches added:
0065-ahci-fix-PxCI-register-race.patch
- Fix a regresssion introduced in v2.12.0 for ccid-card-passthrough
(bsc#1095419)
0066-ccid-card-passthru-fix-regression-i.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12�- Fix qemu-guest-agent service issue (bsc#1094898)�- Spectre v4 vulnerability mitigation support for KVM guests.
High level description of vulnerability: Systems with microprocessors
utilizing speculative execution and speculative execution of memory
reads before the addresses of all prior memory writes are known may
allow unauthorized disclosure of information to an attacker with
local user access via a side-channel analysis.
This change permits the new x86 cpu feature flag named "ssbd" to be
presented to the guest, given that the host has this feature, and
KVM exposes it to the guest as well.
For this feature to be enabled, via adding it to the qemu commandline
(eg: -cpu ,+spec-ctrl,+ssbd), so the guest OS can take advantage
of the feature, spec-ctrl and ssbd support is also required in the host.
Another new x86 cpu feature flag named "virt-ssbd" is also added to
handle this vulnerability for AMD processors.
(CVE-2018-3639 bsc#1092885)
0062-i386-define-the-ssbd-CPUID-feature-.patch
0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch
0064-i386-define-the-AMD-virt-ssbd-CPUID.patch
- Replay code introduced an issue for AHCI emulation, where on Windows 10
I/O would stop randomly, and Windows would then reset the AHCI device.
The issue is not yet fully identified, but reverting some of those
changes is at least for now a workaround. (bsc#1094406)
0065-Revert-replay-don-t-process-async-e.patch
0066-Revert-replay-avoid-recursive-call-.patch
0067-Revert-replay-check-return-values-o.patch
0068-Revert-replay-push-replay_mutex_loc.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12�- Add some upstream fixes targeted for the next stable release
0040-device_tree-Increase-FDT_MAX_SIZE-t.patch
0041-vnc-fix-use-after-free.patch
0042-ccid-Fix-dwProtocols-advertisement-.patch
0043-tcg-arm-Fix-memory-barrier-encoding.patch
0044-s390-ccw-force-diag-308-subcode-to-.patch
0045-nbd-client-fix-nbd_negotiate_simple.patch
0046-migration-block-dirty-bitmap-fix-me.patch
0047-nbd-client-Fix-error-messages-durin.patch
0048-nbd-client-Relax-handling-of-large-.patch
0049-qxl-fix-local-renderer-crash.patch
0050-tcg-Limit-the-number-of-ops-in-a-TB.patch
0051-target-arm-Clear-SVE-high-bits-for-.patch
0052-cpus-tcg-fix-never-exiting-loop-on-.patch
0053-s390x-css-disabled-subchannels-cann.patch
0054-pc-bios-s390-ccw-struct-tpi_info-mu.patch
0055-virtio-ccw-common-reset-handler.patch
0056-s390x-ccw-make-sure-all-ccw-devices.patch
0057-blockjob-expose-error-string-via-qu.patch
0058-blockjob-Fix-assertion-in-block_job.patch
0059-qemu-io-Use-purely-string-blockdev-.patch
0060-qemu-img-Use-only-string-options-in.patch
0061-nfs-Remove-processed-options-from-Q.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12�- Fix qemu-guest-agent uninstall (bsc#1093169)
- Minor tweak to qemu spec file�- Update to v2.12.0: See http://wiki.qemu.org/ChangeLog/2.12
Some noteworthy changes:
CLI options removed: -tdf, -no-kvm-pit, -drive boot, -net channel,
- net dump, -hdachs, -drive,if=scsi
HMP commands removed: usb_add, usb_del, host_net_add, host_net_remove
Q35 default nic now e1000e
AMD SEV support
- smbios supports setting data for type 11 tables
audio and display support split out as modules
- nic for simple creation of guest NIC and host back-end
QMP monitor "out-of-band" capability
lots of ARM and s390 improvements
- Include more of upstream's in-tree tests in the qemu-testsuite
package
* Patches dropped:
0033-memfd-fix-configure-test.patch
0034-qapi-use-items-values-intead-of-ite.patch
0035-qapi-Use-OrderedDict-from-standard-.patch
0036-qapi-adapt-to-moved-location-of-Str.patch
0037-qapi-Adapt-to-moved-location-of-mak.patch
0038-qapi-remove-q-arg-to-diff-when-comp.patch
0039-qapi-ensure-stable-sort-ordering-wh.patch
0040-qapi-force-a-UTF-8-locale-for-runni.patch
0041-scripts-ensure-signrom-treats-data-.patch
0042-configure-allow-use-of-python-3.patch
0043-input-add-missing-JIS-keys-to-virti.patch
0045-pc-fail-memory-hot-plug-unplug-with.patch
0046-memattrs-add-debug-attribute.patch
0047-exec-add-ram_debug_ops-support.patch
0048-exec-add-debug-version-of-physical-.patch
0049-monitor-i386-use-debug-APIs-when-ac.patch
0050-machine-add-memory-encryption-prope.patch
0051-kvm-update-kvm.h-to-include-memory-.patch
0052-docs-add-AMD-Secure-Encrypted-Virtu.patch
0053-target-i386-add-Secure-Encrypted-Vi.patch
0054-qmp-add-query-sev-command.patch
0055-sev-i386-add-command-to-initialize-.patch
0056-qmp-populate-SevInfo-fields-with-SE.patch
0057-sev-i386-register-the-guest-memory-.patch
0058-kvm-introduce-memory-encryption-API.patch
0059-hmp-add-info-sev-command.patch
0060-sev-i386-add-command-to-create-laun.patch
0061-sev-i386-add-command-to-encrypt-gue.patch
0062-target-i386-encrypt-bios-rom.patch
0063-sev-i386-add-support-to-LAUNCH_MEAS.patch
0064-sev-i386-finalize-the-SEV-guest-lau.patch
0065-hw-i386-set-ram_debug_ops-when-memo.patch
0066-sev-i386-add-debug-encrypt-and-decr.patch
0067-target-i386-clear-C-bit-when-walkin.patch
0068-include-add-psp-sev.h-header-file.patch
0069-sev-i386-add-support-to-query-PLATF.patch
0070-sev-i386-add-support-to-KVM_SEV_GUE.patch
0071-qmp-add-query-sev-launch-measure-co.patch
0072-tests-qmp-test-blacklist-query-sev-.patch
0073-sev-i386-add-migration-blocker.patch
0074-cpu-i386-populate-CPUID-0x8000_001F.patch
0075-migration-warn-about-inconsistent-s.patch
0076-smbios-support-setting-OEM-strings-.patch
0077-smbios-Add-1-terminator-if-any-stri.patch
0078-Remove-problematic-evdev-86-key-fro.patch
0079-tpm-lookup-cancel-path-under-tpm-de.patch
0080-vga-fix-region-calculation.patch
skiboot-GCC7-fixes-for-Wimplicit-fallthr.patch
skiboot-libc-stdio-vsnprintf.c-add-expli.patch
skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch
ui-keycodemapdb-Add-missing-QKeyCode-val.patch
ui-keycodemapdb-Fix-compat-with-py3-dict.patch
* Patches renamed:
0044-Make-installed-scripts-explicitly-p.patch
- > 0033-Make-installed-scripts-explicitly-p.patch
0075-migration-warn-about-inconsistent-s.patch
- > 0034-migration-warn-about-inconsistent-s.patch
0077-smbios-Add-1-terminator-if-any-stri.patch
- > 0035-smbios-Add-1-terminator-if-any-stri.patch
0078-Remove-problematic-evdev-86-key-fro.patch
- > 0036-Remove-problematic-evdev-86-key-fro.patch
* Patches added:
0037-configure-Modify-python-used-for-io.patch
0038-qemu-io-tests-comment-out-problemat.patch
0039-tests-test-thread-pool-is-racy-add-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12�- Fix autoinstall of qemu-guest-agent by getting the modalias string
right (bsc#1091143)�- Guard strncpy call with GCC pragma to disable warning about possible
incorrect usage, when in fact it is correct. This is for gcc 8
compatibility (bsc#1090355)
ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch�- Add WantedBy for enable qemu-ga@.service auto start (bsc#1090369)�- fix qemu-ga service file name (bsc#1089067)�- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604)
0080-vga-fix-region-calculation.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11�- Add new look up path "sys/class/tpm" for tpm cancel path based
on Linux 4.0 change (commit 313d21eeab9282e)(bsc#1070615)
0079-tpm-lookup-cancel-path-under-tpm-de.patch�- Fix issue with key codes in qemu v2.11
0078-Remove-problematic-evdev-86-key-fro.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11
* Patches added:
0077-smbios-Add-1-terminator-if-any-stri.patch
bsc#994082 and bsc#1084316�- Add support for setting OEM strings table (fate#323624)
0076-smbios-support-setting-OEM-strings-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11�- SLE15 KVM (as targeted for RC1) now has the feature exposed.
Drop the patch. (bsc#1082276)
0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11�- Change example qemu-ifup script to not depend on bridge-utils.
Also update the paths used for ip binary.�- Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've
carried since the initial Spectre v2 patch was added. EDX bit
27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and
not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the
guest is wrong in general, since the VM doesn't directly control
the scheduling of physical hyperthreads. This is left strictly to
the L0 hypervisor.�- Update to v2.11.1, a stable, (mostly) bug-fix-only release
In addition to bug fixes, of necessity fixes are needed to
address the Spectre v2 vulnerability by passing along to the
guest new hardware features introduced by host microcode updates.
A January 2018 release of qemu initially addressed this issue
by exposing the feature for all x86 vcpu types, which was the
quick and dirty approach, but not the proper solution. We remove
that initial patch and now rely on the upstream solution. This
update instead defines spec_ctrl and ibpb cpu feature flags as
well as new cpu models which are clones of existing models with
either -IBRS or -IBPB added to the end of the model name. These
new vcpu models explicitly include the new feature(s), whereas
the feature flags can be added to the cpu parameter as with other
features. In short, for continued Spectre v2 protection, ensure
that either the appropriate cpu feature flag is added to the QEMU
command-line, or one of the new cpu models is used. Although
migration from older versions is supported, the new cpu features
won't be properly exposed to the guest until it is restarted with
the cpu features explicitly added. A reboot is insufficient.
A warning patch is added which attempts to detect a migration
from a qemu version which had the quick and dirty fix (it only
detects certain cases, but hopefully is helpful.)
s390x guest vulnerability to Spectre v2 is also addressed in this
update by including support for bpb and ppa/stfle.81 features.
(CVE-2017-5715 bsc#1068032)
For additional information on Spectre v2 as it relates to QEMU,
see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
- Unfortunately, it was found that our current KVM isn't correctly
indicating support for the spec-ctrl feature, so I've added a patch
to still detect that support within QEMU. This is of course a
temporary kludge until KVM gets fixed. (bsc#1082276)
- The SEV support patches are updated to the v9 series.
- Fix incompatibility with recent glibc (boo#1081154)
- Add Supplements tags for the guest agent package in an attempt to
auto-install for QEMU and Xen SUSE Linux guests (fate#323570)
* Patches dropped (subsumed by stable update, or reworked in v9):
0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
0050-target-i386-add-memory-encryption-f.patch
0054-accel-add-Secure-Encrypted-Virtuliz.patch
0072-sev-Fix-build-for-non-x86-hosts.patch
* Patches added:
0033-memfd-fix-configure-test.patch
0053-target-i386-add-Secure-Encrypted-Vi.patch
0056-qmp-populate-SevInfo-fields-with-SE.patch
0072-tests-qmp-test-blacklist-query-sev-.patch
0073-sev-i386-add-migration-blocker.patch
0074-cpu-i386-populate-CPUID-0x8000_001F.patch
0075-migration-warn-about-inconsistent-s.patch
0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch
* Patches renamed (plus some minor code changes):
0051-machine-add-memory-encryption-prope.patch
- > 0050-machine-add-memory-encryption-prope.patch
0052-kvm-update-kvm.h-to-include-memory-.patch
- > 0051-kvm-update-kvm.h-to-include-memory-.patch
0053-docs-add-AMD-Secure-Encrypted-Virtu.patch
- > 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch
0055-sev-add-command-to-initialize-the-m.patch
- > 0055-sev-i386-add-command-to-initialize-.patch
0056-sev-register-the-guest-memory-range.patch
- > 0057-sev-i386-register-the-guest-memory-.patch
0057-kvm-introduce-memory-encryption-API.patch
- > 0058-kvm-introduce-memory-encryption-API.patch
0058-qmp-add-query-sev-command.patch
- > 0054-qmp-add-query-sev-command.patch
0060-sev-add-command-to-create-launch-me.patch
- > 0060-sev-i386-add-command-to-create-laun.patch
0061-sev-add-command-to-encrypt-guest-me.patch
- > 0061-sev-i386-add-command-to-encrypt-gue.patch
0063-sev-add-support-to-LAUNCH_MEASURE-c.patch
- > 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch
0064-sev-Finalize-the-SEV-guest-launch-f.patch
- > 0064-sev-i386-finalize-the-SEV-guest-lau.patch
0066-sev-add-debug-encrypt-and-decrypt-c.patch
- > 0066-sev-i386-add-debug-encrypt-and-decr.patch
0069-sev-add-support-to-query-PLATFORM_S.patch
- > 0069-sev-i386-add-support-to-query-PLATF.patch
0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch
- > 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11�- Add AMD SEV (Secure Encrypted Virtualization) support by taking
the v7 series of the patches posted to qemu ml. (fate#322124)
0046-memattrs-add-debug-attribute.patch
0047-exec-add-ram_debug_ops-support.patch
0048-exec-add-debug-version-of-physical-.patch
0049-monitor-i386-use-debug-APIs-when-ac.patch
0050-target-i386-add-memory-encryption-f.patch
0051-machine-add-memory-encryption-prope.patch
0052-kvm-update-kvm.h-to-include-memory-.patch
0053-docs-add-AMD-Secure-Encrypted-Virtu.patch
0054-accel-add-Secure-Encrypted-Virtuliz.patch
0055-sev-add-command-to-initialize-the-m.patch
0056-sev-register-the-guest-memory-range.patch
0057-kvm-introduce-memory-encryption-API.patch
0058-qmp-add-query-sev-command.patch
0059-hmp-add-info-sev-command.patch
0060-sev-add-command-to-create-launch-me.patch
0061-sev-add-command-to-encrypt-guest-me.patch
0062-target-i386-encrypt-bios-rom.patch
0063-sev-add-support-to-LAUNCH_MEASURE-c.patch
0064-sev-Finalize-the-SEV-guest-launch-f.patch
0065-hw-i386-set-ram_debug_ops-when-memo.patch
0066-sev-add-debug-encrypt-and-decrypt-c.patch
0067-target-i386-clear-C-bit-when-walkin.patch
0068-include-add-psp-sev.h-header-file.patch
0069-sev-add-support-to-query-PLATFORM_S.patch
0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch
0071-qmp-add-query-sev-launch-measure-co.patch
0072-sev-Fix-build-for-non-x86-hosts.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11�- Update python3 related patches now that they are upstream�- guest agent: change service file to a template so it can be
used by Xen as well. Adjust udev rule accordingly.
FATE#324963�- Fix machine inconsistency with -no-acpi and nvdimm (bsc#1077823)
0045-pc-fail-memory-hot-plug-unplug-with.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11�- Modify BuildRequires python references
- seabios also needed tweaks for python2 vs python3
* Patches added:
seabios-use-python2-explicitly-as-needed.patch
seabios-switch-to-python3-as-needed.patch�- Try to get our story right wrt python2 vs python3 (bsc#1077564)
* Get rid of use of #!/usr/bin/env python in scripts we install
* include proposed upstream build system changes needed for building
with python2 or python3
* Patches dropped:
0032-scripts-avoid-usr-bin-python-refere.patch
* Patches renamed:
0033-Switch-order-of-libraries-for-mpath.patch
- > 0032-Switch-order-of-libraries-for-mpath.patch
0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
- > 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
* Patches added:
0034-qapi-use-items-values-intead-of-ite.patch
0035-qapi-Use-OrderedDict-from-standard-.patch
0036-qapi-adapt-to-moved-location-of-Str.patch
0037-qapi-Adapt-to-moved-location-of-mak.patch
0038-qapi-remove-q-arg-to-diff-when-comp.patch
0039-qapi-ensure-stable-sort-ordering-wh.patch
0040-qapi-force-a-UTF-8-locale-for-runni.patch
0041-scripts-ensure-signrom-treats-data-.patch
0042-configure-allow-use-of-python-3.patch
0043-input-add-missing-JIS-keys-to-virti.patch
0044-Make-installed-scripts-explicitly-p.patch
Make-installed-scripts-explicitly-python3.patch
ui-keycodemapdb-Add-missing-QKeyCode-val.patch
ui-keycodemapdb-Fix-compat-with-py3-dict.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11�- Fix packaging dependencies (coreutils) for qemu-ksm package
(bsc#1040202)�- Pass through to guest info related to x86 security vulnerability
(CVE-2017-5715 bsc#1068032)
0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11�- Update to v2.11.0: See http://wiki.qemu.org/ChangeLog/2.11
Some noteworthy changes:
- nodefconfig is now deprecated
legacy pci-assignment code removed
qemu-pr-helper added for handling guest persistant reservations (bsc#891066,
bsc#910704, bsc#943807)
qemu-keymap tool added for generating keymap files
throttle block filter driver added
support for a TPM emulator
qcow2 image shrink support
better support for >=64 vcpus for Windows guests
nested KVM related improvements
s390 pgste handling now done better
EPYC cpu model added (bsc#1052825)
improvements in qcow2 buffer handling
vhost-user resume issue fixed
migration hardening
ARMv8-M security extension support
more seccomp/sandboxing options available
s390 cpu hot-plug improvements
misc. virtfs improvements
nbd improvements
MTTCG improvements
misc. TCG improvements
scsi correctness improvements
SEABIOS now has serial output option
* Includes fixes for CVE-2017-15118 bsc#1070147, CVE-2017-15119 bsc#1070144
* Adds KASLR support (fate#323473, bsc#1070281)
* Update SLE support docs to match this release
* simplify spec file to expect at least sle_version >= 1315
* Patches dropped (upstream):
0013-console-add-question-mark-escape-op.patch
0020-configure-Fix-detection-of-seccomp-.patch
0034-target-i386-cpu-Add-new-EPYC-CPU-mo.patch
0035-chardev-baum-fix-baum-that-releases.patch
0036-io-fix-temp-directory-used-by-test-.patch
0037-io-fix-check-for-handshake-completi.patch
0038-crypto-fix-test-cert-generation-to-.patch
0039-vhost-user-disable-the-broken-subpr.patch
0040-io-monitor-encoutput-buffer-size-fr.patch
0041-cirrus-fix-oob-access-in-mode4and5-.patch
0042-9pfs-use-g_malloc0-to-allocate-spac.patch
* Patches renamed:
0014-Make-char-muxer-more-robust-wrt-sma.patch
- > 0013-Make-char-muxer-more-robust-wrt-sma.patch
0015-linux-user-lseek-explicitly-cast-no.patch
- > 0014-linux-user-lseek-explicitly-cast-no.patch
0016-AIO-Reduce-number-of-threads-for-32.patch
- > 0015-AIO-Reduce-number-of-threads-for-32.patch
0017-xen_disk-Add-suse-specific-flush-di.patch
- > 0016-xen_disk-Add-suse-specific-flush-di.patch
0018-qemu-bridge-helper-reduce-security-.patch
- > 0017-qemu-bridge-helper-reduce-security-.patch
0019-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
- > 0018-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
0021-linux-user-properly-test-for-infini.patch
- > 0019-linux-user-properly-test-for-infini.patch
0022-roms-Makefile-pass-a-packaging-time.patch
- > 0020-roms-Makefile-pass-a-packaging-time.patch
0023-Raise-soft-address-space-limit-to-h.patch
- > 0021-Raise-soft-address-space-limit-to-h.patch
0024-increase-x86_64-physical-bits-to-42.patch
- > 0022-increase-x86_64-physical-bits-to-42.patch
0025-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
- > 0023-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0026-i8254-Fix-migration-from-SLE11-SP2.patch
- > 0024-i8254-Fix-migration-from-SLE11-SP2.patch
0027-acpi_piix4-Fix-migration-from-SLE11.patch
- > 0025-acpi_piix4-Fix-migration-from-SLE11.patch
0028-Fix-tigervnc-long-press-issue.patch
- > 0026-Fix-tigervnc-long-press-issue.patch
0029-string-input-visitor-Fix-uint64-par.patch
- > 0027-string-input-visitor-Fix-uint64-par.patch
0030-test-string-input-visitor-Add-int-t.patch
- > 0028-test-string-input-visitor-Add-int-t.patch
0031-test-string-input-visitor-Add-uint6.patch
- > 0029-test-string-input-visitor-Add-uint6.patch
0032-tests-Add-QOM-property-unit-tests.patch
- > 0030-tests-Add-QOM-property-unit-tests.patch
0033-tests-Add-scsi-disk-test.patch
- > 0031-tests-Add-scsi-disk-test.patch
0043-scripts-avoid-usr-bin-python-refere.patch
- > 0032-scripts-avoid-usr-bin-python-refere.patch
* We need the multipath libraries link order switched
0033-Switch-order-of-libraries-for-mpath.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11�- Avoid ref to /usr/bin/python in vmstate-static-checker.py script
0043-scripts-avoid-usr-bin-python-refere.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10�- For SLE15, it's been decided to stop providing SDL based graphics
due to packaging constraints. Long ago GTK became the default,
and there is little benefit to providing both. For now, keep it
enabled for openSUSE (Tumblweed and Leap), but consider it marked
deprecated there and if no one complains it will be removed for
openSUSE as well in the near future. (fate#324465)
- Fix problem building skiboot.lid
skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch�- Wrap analyze-migration and vmstate-static-checker into tools from
qemu scripts folder, also changed introduction of qemu-tools in
spec file
- Move supportplugin position in spec file�- Add announcement in support docs about qed storage format no
longer being supported in next major SLE release (SLE15)
(fate#324200)
- Address various security/stability issues
* Fix DoS in I/O channel websockets (CVE-2017-15268 bsc#1062942)
0040-io-monitor-encoutput-buffer-size-fr.patch
* Fix OOB access in cirrus vga device emulation (CVE-2017-15289
bsc#1063122)
0041-cirrus-fix-oob-access-in-mode4and5-.patch
* Fix information leak in 9pfs interface (CVE-2017-15038 bsc#1062069)
0042-9pfs-use-g_malloc0-to-allocate-spac.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10�- Don't tie glusterfs support to specific arch
- Build skiboot firmware (OPAL), particularly since it's fairly
easy to do so
skiboot-GCC7-fixes-for-Wimplicit-fallthr.patch
skiboot-libc-stdio-vsnprintf.c-add-expli.patch�- Added the global macro 'with_glusterfs' in order to re-enable
glusterfs support. The macro enable easier future adjustments
for various ARCH/targets/requiremnets.
At first glusterfs support is enabled for openSUSE Leap 42.x and
Factory for ARCH x86_64.�- Add dependencies on ovmf (uefi) for the qemu-x86 and qemu-arm
packages
- Fix s390-netboot.img to be included with qemu-s390 package, not
qemu-ppc�- Update to v2.10.1, a stable, bug-fix-only release
* fixes bsc#1056386 CVE-2017-13673, bsc#1056334 CVE-2017-13672,
bsc#1057585 CVE-2017-14167
* Patches dropped (upstream):
0034-slirp-fix-clearing-ifq_so-from-pend.patch
0035-s390-ccw-Fix-alignment-for-CCW1.patch
0038-s390x-ais-for-2.10-stable-disable-a.patch
0039-s390x-cpumodel-remove-ais-from-z14-.patch
* Patches renamed:
0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch
- > 0034-target-i386-cpu-Add-new-EPYC-CPU-mo.patch
0037-chardev-baum-fix-baum-that-releases.patch
- > 0035-chardev-baum-fix-baum-that-releases.patch
0040-io-fix-temp-directory-used-by-test-.patch
- > 0036-io-fix-temp-directory-used-by-test-.patch
0041-io-fix-check-for-handshake-completi.patch
- > 0037-io-fix-check-for-handshake-completi.patch
0042-crypto-fix-test-cert-generation-to-.patch
- > 0038-crypto-fix-test-cert-generation-to-.patch
0043-vhost-user-disable-the-broken-subpr.patch
- > 0039-vhost-user-disable-the-broken-subpr.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10�- Fix failures and potential failures in qemu-testsuite
0040-io-fix-temp-directory-used-by-test-.patch
0041-io-fix-check-for-handshake-completi.patch
0042-crypto-fix-test-cert-generation-to-.patch
0043-vhost-user-disable-the-broken-subpr.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10�- Fix migration issue on s390
0038-s390x-ais-for-2.10-stable-disable-a.patch
0039-s390x-cpumodel-remove-ais-from-z14-.patch
- Fix case of not being able to build from rpm sources due to
undefined macro (boo#1057966)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10�- Fix baum that release brlapi twice (bsc#1060045)
0037-chardev-baum-fix-baum-that-releases.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10�- For SLE15 pre-release testing, add support for the EPYC processor.
This will be officially supported once it is included in the v2.11
release. (bsc#1052825)
0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch
- Fix some support statements in our SLE support documents.�- Update BuildRequires packages libibverbs-devel and librdmacm-devel
to the more correct rdma-core-devel
- Enable seccomp for s390x, aarch64, and ppc64le
- Fix OOB issue (use after free) in slirp network stack (CVE-2017-13711
bsc#1056291)
0034-slirp-fix-clearing-ifq_so-from-pend.patch
- Fix a misalignment in the s390 ccw firmware (bsc#1056680)
0035-s390-ccw-Fix-alignment-for-CCW1.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10�- Add a supportconfig plugin
qemu-supportconfig
FATE#323661�- Update to v2.10.0: See http://wiki.qemu.org/ChangeLog/2.10
- Dropped internal only patches used to support SUSE Studio
Testdrive as well as other miscellaneous patches deemed unused
and not worth carrying (bsc#1046783, bsc#1055125, bsc#1055127)
- Update SLE support statements in anticipation of SLE15
- disable SAN boot capability from virtio pxe rom used in v1.4 and
older pc machine types due to rom size requirements. Hopefully
a better solution can be found which doesn't impact functionality
* Patches added:
ipxe-stub-out-the-SAN-req-s-in-int13.patch
* Patches renamed:
0006-qemu-cvs-gettimeofday.patch -> 0003-qemu-cvs-gettimeofday.patch
0007-qemu-cvs-ioctl_debug.patch -> 0004-qemu-cvs-ioctl_debug.patch
0008-qemu-cvs-ioctl_nodirection.patch -> 0005-qemu-cvs-ioctl_nodirection.patch
0009-linux-user-add-binfmt-wrapper-for-a.patch -> 0006-linux-user-add-binfmt-wrapper-for-a.patch
0010-PPC-KVM-Disable-mmu-notifier-check.patch -> 0007-PPC-KVM-Disable-mmu-notifier-check.patch
0011-linux-user-fix-segfault-deadlock.patch -> 0008-linux-user-fix-segfault-deadlock.patch
0012-linux-user-binfmt-support-host-bina.patch -> 0009-linux-user-binfmt-support-host-bina.patch
0013-linux-user-Fake-proc-cpuinfo.patch -> 0010-linux-user-Fake-proc-cpuinfo.patch
0014-linux-user-XXX-disable-fiemap.patch -> 0011-linux-user-XXX-disable-fiemap.patch
0017-linux-user-use-target_ulong.patch -> 0012-linux-user-use-target_ulong.patch
0021-console-add-question-mark-escape-op.patch -> 0013-console-add-question-mark-escape-op.patch
0022-Make-char-muxer-more-robust-wrt-sma.patch -> 0014-Make-char-muxer-more-robust-wrt-sma.patch
0023-linux-user-lseek-explicitly-cast-no.patch -> 0015-linux-user-lseek-explicitly-cast-no.patch
0025-AIO-Reduce-number-of-threads-for-32.patch -> 0016-AIO-Reduce-number-of-threads-for-32.patch
0027-xen_disk-Add-suse-specific-flush-di.patch -> 0017-xen_disk-Add-suse-specific-flush-di.patch
0028-qemu-bridge-helper-reduce-security-.patch -> 0018-qemu-bridge-helper-reduce-security-.patch
0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0019-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
0030-configure-Fix-detection-of-seccomp-.patch -> 0020-configure-Fix-detection-of-seccomp-.patch
0031-linux-user-properly-test-for-infini.patch -> 0020-linux-user-properly-test-for-infini.patch
0033-roms-Makefile-pass-a-packaging-time.patch -> 0022-roms-Makefile-pass-a-packaging-time.patch
0034-Raise-soft-address-space-limit-to-h.patch -> 0023-Raise-soft-address-space-limit-to-h.patch
0035-increase-x86_64-physical-bits-to-42.patch -> 0024-increase-x86_64-physical-bits-to-42.patch
0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0025-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0037-i8254-Fix-migration-from-SLE11-SP2.patch -> 0026-i8254-Fix-migration-from-SLE11-SP2.patch
0038-acpi_piix4-Fix-migration-from-SLE11.patch -> 0027-acpi_piix4-Fix-migration-from-SLE11.patch
0039-Fix-tigervnc-long-press-issue.patch -> 0028-Fix-tigervnc-long-press-issue.patch
0041-string-input-visitor-Fix-uint64-par.patch -> 0029-string-input-visitor-Fix-uint64-par.patch
0042-test-string-input-visitor-Add-int-t.patch -> 0030-test-string-input-visitor-Add-int-t.patch
0043-test-string-input-visitor-Add-uint6.patch -> 0031-test-string-input-visitor-Add-uint6.patch
0044-tests-Add-QOM-property-unit-tests.patch -> 0032-tests-Add-QOM-property-unit-tests.patch
0045-tests-Add-scsi-disk-test.patch -> 0033-tests-Add-scsi-disk-test.patch
* Patches dropped (upstream unless otherwise noted):
0003-qemu-cvs-alsa_bitfield.patch (deemed not needed)
0004-qemu-cvs-alsa_ioctl.patch (deemed not needed)
0005-qemu-cvs-alsa_mmap.patch (deemed not needed)
0015-slirp-nooutgoing.patch (bsc#1055125)
0016-vnc-password-file-and-incoming-conn.patch (bsc#1055127)
0018-block-Add-support-for-DictZip-enabl.patch (bsc#1046783)
0019-block-Add-tar-container-format.patch (bsc#1046783)
0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch (bsc#1046783)
0024-configure-Enable-PIE-for-ppc-and-pp.patch (obsolete)
0026-dictzip-Fix-on-big-endian-systems.patch (bsc#1046783)
0032-linux-user-remove-all-traces-of-qem.patch
0040-fix-xen-hvm-direct-kernel-boot.patch (bsc#970791)
0046-RFC-update-Linux-headers-from-irqs-.patch
0047-ARM-KVM-Enable-in-kernel-timers-wit.patch
0048-input-Add-trace-event-for-empty-key.patch
0049-ACPI-don-t-call-acpi_pcihp_device_p.patch
0050-i386-Allow-cpuid-bit-override.patch (was for testing only)
0051-input-limit-kbd-queue-depth.patch
0052-audio-release-capture-buffers.patch
0053-scsi-avoid-an-off-by-one-error-in-m.patch
0054-vmw_pvscsi-check-message-ring-page-.patch
0055-9pfs-local-forbid-client-access-to-.patch
0056-jazz_led-fix-bad-snprintf.patch
0057-slirp-smb-Replace-constant-strings-.patch
0058-altera_timer-fix-incorrect-memset.patch
0059-Hacks-for-building-on-gcc-7-Fedora-.patch
0060-9pfs-local-fix-unlink-of-alien-file.patch
0061-megasas-do-not-read-DCMD-opcode-mor.patch
0062-megasas-always-store-SCSIRequest-in.patch
0063-nbd-Fully-initialize-client-in-case.patch
0064-9pfs-local-remove-use-correct-path-.patch
0065-hid-Reset-kbd-modifiers-on-reset.patch
0066-input-Decrement-queue-count-on-kbd-.patch
0067-xhci-only-update-dequeue-ptr-on-com.patch
0068-vnc-Set-default-kbd-delay-to-10ms.patch
0069-qemu-nbd-Ignore-SIGPIPE.patch
0070-usb-redir-fix-stack-overflow-in-usb.patch
0072-slirp-check-len-against-dhcp-option.patch
0071-exec-use-qemu_ram_ptr_length-to-acc.patch
0073-xen-mapcache-store-dma-information-.patch
0074-exec-Add-lock-parameter-to-qemu_ram.patch
0075-Replace-struct-ucontext-with-uconte.patch
ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch
ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch
ipxe-ath-Add-missing-break-statements.patch
ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10�- Fix package build failure as of glibc v2.26 update in Factory
(boo#1055587)
0075-Replace-struct-ucontext-with-uconte.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Remove redundant prerequire for pwdutils�- Postrequire acl for setfacl�- Prerequire shadow for groupadd�- The recent security fix for CVE-2017-11334 adversely affects Xen.
Include two additional patches to make sure Xen is going to be OK.
0073-xen-mapcache-store-dma-information-.patch
0074-exec-Add-lock-parameter-to-qemu_ram.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Pre-add group kvm for qemu-tools (bsc#1011144)�- Fixed a few more inaccuracies in the support docs.�- Address various security/stability issues
* Fix DOS vulnerability in qemu-nbd (bsc#1046636 CVE-2017-10664)
0069-qemu-nbd-Ignore-SIGPIPE.patch
* Fix DOS from stack overflow in debug messages of usb redirection
support (bsc#1047674 CVE-2017-10806)
0070-usb-redir-fix-stack-overflow-in-usb.patch
* Fix OOB access during DMA operation (CVE-2017-11334 bsc#1048902)
0071-exec-use-qemu_ram_ptr_length-to-acc.patch
* Fix OOB access parsing dhcp slirp options (CVE-2017-11434 bsc#1049381)
0072-slirp-check-len-against-dhcp-option.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Fix support docs to indicate ARM64 is now fully L3 supported in
SLES 12 SP3. Apply a few additional clarifications in the support
docs. (bsc#1050268)
- Adjust to libvdeplug-devel package naming changes.�- Fix migration with xhci (bsc#1048296)
0067-xhci-only-update-dequeue-ptr-on-com.patch
- Increase VNC delay to fix missing keyboard input events (bsc#1031692)
0068-vnc-Set-default-kbd-delay-to-10ms.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Remove build dependency package iasl used for seabios�- Fixed stuck state during usb keyboard reset (bsc#1044936)
0065-hid-Reset-kbd-modifiers-on-reset.patch
- Fixed keyboard events getting lost (bsc#1044936)
0066-input-Decrement-queue-count-on-kbd-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Use most recent compiler to build size-critical firmware, instead
of hard-coding gcc6 for all target versions (bsc#1043390)
* A few upstream ipxe patches were needed for gcc7 compatibility:
ipxe-ath-Add-missing-break-statements.patch
ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch
- Add --no-renames to the git format-patch command in the git
workflow script for better patch compatibility
- Address various security/stability issues
* Fix potential privilege escalation in virtfs (CVE-2016-9602
bsc#1020427)
0060-9pfs-local-fix-unlink-of-alien-file.patch
* Fix DOS in megasas device emulation (CVE-2017-9503 bsc#1043296)
0061-megasas-do-not-read-DCMD-opcode-mor.patch
0062-megasas-always-store-SCSIRequest-in.patch
* Fix DOS in qemu-nbd server (CVE-2017-9524 bsc#1043808)
0063-nbd-Fully-initialize-client-in-case.patch
* Fix regression introduced by recent virtfs security fixes (bsc#1045035)
0064-9pfs-local-remove-use-correct-path-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Backport ipxe to support FirstBurstLength (bsc#1040476)
ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch�- Fixes for gcc7 compatability (bsc#1040228) (in behalf of Liang Yan)
0056-jazz_led-fix-bad-snprintf.patch
0057-slirp-smb-Replace-constant-strings-.patch
0058-altera_timer-fix-incorrect-memset.patch
0059-Hacks-for-building-on-gcc-7-Fedora-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Protect access to metadata in virtio-9pfs (CVE-2017-7493 bsc#1039495)
0055-9pfs-local-forbid-client-access-to-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Address various security/stability issues
* Fix DOS potential in vnc interface (CVE-2017-8379 bsc#1037334)
0051-input-limit-kbd-queue-depth.patch
* Fix DOS potential in vnc interface (CVE-2017-8309 bsc#1037242)
0052-audio-release-capture-buffers.patch
* Fix OOB access in megasas device emulation (CVE-2017-8380
bsc#1037336)
0053-scsi-avoid-an-off-by-one-error-in-m.patch
* Fix DOS in Vmware pv scsi emulation (CVE-2017-8112 bsc#1036211)
0054-vmw_pvscsi-check-message-ring-page-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Fix building packages for some older distros.
- Further refine our handling of building firmware (or not) for
the various arch's and distro versions we build for. Note that
if we don't build x86 firmware, (eg: x86 Leap 42.1) the upstream
binary blobs are used, which may have migration incompatibilities
with previous versions of qemu provided.�- Fix issue in shipping qemu v2.9.0, where pci-passthrough for Xen
HVM guests got broken (bsc#1034131)
0049-ACPI-don-t-call-acpi_pcihp_device_p.patch
- Include experimental, unsupported feature to assist in some
performance analysis work.
0050-i386-Allow-cpuid-bit-override.patch�- Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9
* Includes fix for CVE-2017-7471, a virtfs security issue.
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Add empty keyboard queue tracepoint to help openQA testing work
better (bsc#1031692)
0048-input-Add-trace-event-for-empty-key.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9
- Enable ceph/rbd support for s390x (bsc#1030068)
- Enable ceph/rbd support for ppc* as available
- Update ARM in-kernel-timers patch (bsc#1033416)
* Patches renamed:
0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch
0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch
0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch
0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch
0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch
0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch
* Patches added (support patch):
0046-RFC-update-Linux-headers-from-irqs-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9
* Patches dropped (included in upstream source archive):
0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch
0048-i386-Replace-uint32_t-with-FeatureW.patch
0049-i386-Don-t-override-cpu-options-on-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Added additional documentation provided with v2.9.0
- Fix build failure with gcc7 (bsc#1031340)
ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch
- Made miscellaneous spec file refinements�- The support documents included are now fairly accurate for the
arm and s390 world, and the x86 version also received a few
tweaks. Also included in those docs is a url reference to upstream
qemu deprecation plans and discussions.
(fate#321146)
- Add post v2.9.0-rc2 upstream patches which fix -cpu host and -cpu
max feature overrides for libvirt compatability.
0048-i386-Replace-uint32_t-with-FeatureW.patch
0049-i386-Don-t-override-cpu-options-on-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9
* Includes fix for in guest privilege escalation when using TCG
(bsc#1030624)
* Patches dropped (equivalent included in upstream source archive):
0047-linux-user-exclude-cpu-model-code-w.patch
- Fix failure booting SLE12-SP2 Aarch64 guest (bsc#1031384)
0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9
* Patches dropped (no longer needed based on what we now build for):
0024-virtfs-proxy-helper-Provide-__u64-f.patch
* Patches dropped (included in upstream source archive):
0034-dma-rc4030-limit-interval-timer-rel.patch
* Patches renamed:
0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch
0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch
0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch
0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch
0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch
0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch
0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch
0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch
0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch
0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch
0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch
0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch
0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch
0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch
0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch
0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch
0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch
0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch
0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch
0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch
0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch
0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9
* Updated version carries fixes for the following reported issues:
CVE-2016-9602 bsc#1020427, CVE-2016-9923 bsc#1014703,
CVE-2017-2630 bsc#1025396, CVE-2017-2633 bsc#1026612,
CVE-2017-5579 bsc#1021741, CVE-2017-5931 bsc#1024114,
CVE-2017-5973 bsc#1025109, CVE-2017-5987 bsc#1025311,
CVE-2017-6058 bsc#1025837, CVE-2017-6505 bsc#1028184
* Patches dropped:
seabios_128kb.patch (no longer required)
* Patches dropped (included in upstream source archive):
0035-net-imx-limit-buffer-descriptor-cou.patch
0045-virtio-gpu-call-cleanup-mapping-fun.patch
0051-virtio-gpu-fix-information-leak-in-.patch
0052-display-cirrus-ignore-source-pitch-.patch
0053-s390x-kvm-fix-small-race-reboot-vs..patch
0054-target-s390x-use-qemu-cpu-model-in-.patch
0056-tests-check-path-to-avoid-a-failing.patch
0057-display-virtio-gpu-3d-check-virgl-c.patch
0058-watchdog-6300esb-add-exit-function.patch
0059-virtio-gpu-3d-fix-memory-leak-in-re.patch
0060-virtio-gpu-fix-memory-leak-in-resou.patch
0061-virtio-fix-vq-inuse-recalc-after-mi.patch
0062-audio-es1370-add-exit-function.patch
0063-audio-ac97-add-exit-function.patch
0064-megasas-fix-guest-triggered-memory-.patch
0065-cirrus-handle-negative-pitch-in-cir.patch
0066-cirrus-fix-blit-address-mask-handli.patch
0067-cirrus-fix-oob-access-issue-CVE-201.patch
0068-usb-ccid-check-ccid-apdu-length.patch
0069-sd-sdhci-check-data-length-during-d.patch
0070-virtio-gpu-fix-resource-leak-in-vir.patch
0071-cirrus-fix-patterncopy-checks.patch
0072-cirrus-add-blit_is_unsafe-call-to-c.patch
* Patches renamed:
0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch
0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch
0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch
0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch
0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch
0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch
0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch
0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch
0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch
0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch
0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch
0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch
0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch
0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9�- Buildignore for the global gcc-PIE, as this package enables PIE
on its own and has troubles if all use it. (meissner@suse.com)�- Address various security/stability issues
* Fix OOB access in virito-gpu-3d (CVE-2016-10028 bsc#1017084
bsc#1016503)
0057-display-virtio-gpu-3d-check-virgl-c.patch
* Fix DOS in Intel 6300ESB device emulation (CVE-2016-10155 bsc#1021129)
0058-watchdog-6300esb-add-exit-function.patch
* Fix DOS in virtio-gpu-3d (CVE-2017-5552 bsc#1021195)
0059-virtio-gpu-3d-fix-memory-leak-in-re.patch
* Fix DOS in virtio-gpu (CVE-2017-5578 bsc#1021481)
0060-virtio-gpu-fix-memory-leak-in-resou.patch
* Fix cause of infrequent migration failures from bad virtio device
state. (bsc#1020928)
0061-virtio-fix-vq-inuse-recalc-after-mi.patch
* Fix DOS in es1370 emulated audio device (CVE-2017-5526 bsc#1020589)
0062-audio-es1370-add-exit-function.patch
* Fix DOS in ac97 emulated audio device (CVE-2017-5525 bsc#1020491)
0063-audio-ac97-add-exit-function.patch
* Fix DOS in megasas device emulation (CVE-2017-5856 bsc#1023053)
0064-megasas-fix-guest-triggered-memory-.patch
* Fix various inaccuracies in cirrus vga device emulation
0065-cirrus-handle-negative-pitch-in-cir.patch
0066-cirrus-fix-blit-address-mask-handli.patch
* Fix OOB access in cirrus vga emulation (CVE-2017-2615 bsc#1023004)
0067-cirrus-fix-oob-access-issue-CVE-201.patch
* Fix DOS in usb CCID card device emulator (CVE-2017-5898 bsc#1023907)
0068-usb-ccid-check-ccid-apdu-length.patch
* Fix OOB access in SDHCI device emulation (CVE-2017-5667 bsc#1022541)
0069-sd-sdhci-check-data-length-during-d.patch
* Fix DOS in virtio-gpu-3d (CVE-2017-5857 bsc#1023073)
0070-virtio-gpu-fix-resource-leak-in-vir.patch
* Fix cirrus patterncopy checks
0071-cirrus-fix-patterncopy-checks.patch
* Fix OOB access in cirrus vga emulation (CVE-2017-2620 bsc#1024972)
0072-cirrus-add-blit_is_unsafe-call-to-c.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8�- Fix name of s390x specific sysctl configuration file to end with
.conf (bsc#1026583)�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8
* Check that sysfs path exists before running test which requires
it. This allows qemu-testsuite to succeed in local build service
chroot based package build.
0056-tests-check-path-to-avoid-a-failing.patch�- Factory and SLE12-SP3 got a name change in the dtc devel package:
libfdt1-devel -> libfdt-devel. Adjust our spec file accordingly.�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8
* Patches added:
0055-linux-user-exclude-cpu-model-code-w.patch�- Make sure qemu guest agent is usable as soon as qemu-guest-agent
package is installed. The previous post script was still not
doing the job.
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8
* Fix potential hang/crash rebooting s390x guest
0053-s390x-kvm-fix-small-race-reboot-vs..patch
* Fix s390x linux-user failure since v2.8.0 update
0054-target-s390x-use-qemu-cpu-model-in-.patch�- Merge qemu packages from openSUSE and SUSE SLE releases together
for the v2.8 qemu update. The qemu.changes file is the openSUSE
version with this entry providing CVE, FATE, and bugzilla
references from the SUSE SLE qemu package to date (see below)
- Updated to v2.8.0: See http://wiki.qemu-project.org/ChangeLog/2.8
* For SUSE SLE-12-SP3, update relates to fate#319684, fate#321331,
fate#321335, fate#321339, fate#321349, fate#321857
* For best compatibility, qemu-ifup and kvm_stat scripts now owned
by qemu package
* Build ipxe roms with gcc6 to maintain SLE legacy migration
compatibility requirements
* qmp-commands.txt file removed, to resurface in future doc reorganization
* qemu-tech.html file merged into other existing doc
* trace-events renamed to trace-events-all
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8
* Patches dropped (upstream):
0013-linux-user-lock-tcg.patch
0014-linux-user-Run-multi-threaded-code-.patch
0015-linux-user-lock-tb-flushing-too.patch
0017-linux-user-implement-FS_IOC_GETFLAG.patch
0018-linux-user-implement-FS_IOC_SETFLAG.patch
0034-xen-SUSE-xenlinux-unplug-for-emulat.patch
0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch
0041-vmsvga-correct-bitmap-and-pixmap-si.patch
0042-scsi-mptconfig-fix-an-assert-expres.patch
0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch
0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch
0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch
0046-scsi-mptsas-use-g_new0-to-allocate-.patch
0047-scsi-pvscsi-limit-process-IO-loop-t.patch
0048-virtio-add-check-for-descriptor-s-m.patch
0049-net-mcf-limit-buffer-descriptor-cou.patch
0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch
0051-xhci-limit-the-number-of-link-trbs-.patch
0052-9pfs-allocate-space-for-guest-origi.patch
0053-9pfs-fix-memory-leak-in-v9fs_link.patch
0054-9pfs-fix-potential-host-memory-leak.patch
0055-9pfs-fix-information-leak-in-xattr-.patch
0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch
0057-9pfs-fix-memory-leak-in-v9fs_write.patch
0058-char-serial-check-divider-value-aga.patch
0059-net-pcnet-check-rx-tx-descriptor-ri.patch
0060-net-eepro100-fix-memory-leak-in-dev.patch
0061-net-rocker-set-limit-to-DMA-buffer-.patch
0062-net-vmxnet-initialise-local-tx-desc.patch
0063-net-rtl8139-limit-processing-of-rin.patch
0064-audio-intel-hda-check-stream-entry-.patch
0065-virtio-gpu-fix-memory-leak-in-virti.patch
0066-9pfs-fix-integer-overflow-issue-in-.patch
slof_xhci.patch
* Patches renamed:
0016-linux-user-Fake-proc-cpuinfo.patch -> 0013-linux-user-Fake-proc-cpuinfo.patch
0019-linux-user-XXX-disable-fiemap.patch -> 0014-linux-user-XXX-disable-fiemap.patch
0020-slirp-nooutgoing.patch -> 0015-slirp-nooutgoing.patch
0021-vnc-password-file-and-incoming-conn.patch -> 0016-vnc-password-file-and-incoming-conn.patch
0022-linux-user-use-target_ulong.patch -> 0017-linux-user-use-target_ulong.patch
0023-block-Add-support-for-DictZip-enabl.patch -> 0018-block-Add-support-for-DictZip-enabl.patch
0024-block-Add-tar-container-format.patch -> 0019-block-Add-tar-container-format.patch
0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch
0026-console-add-question-mark-escape-op.patch -> 0021-console-add-question-mark-escape-op.patch
0027-Make-char-muxer-more-robust-wrt-sma.patch -> 0022-Make-char-muxer-more-robust-wrt-sma.patch
0028-linux-user-lseek-explicitly-cast-no.patch -> 0023-linux-user-lseek-explicitly-cast-no.patch
0029-virtfs-proxy-helper-Provide-__u64-f.patch -> 0024-virtfs-proxy-helper-Provide-__u64-f.patch
0030-configure-Enable-PIE-for-ppc-and-pp.patch -> 0025-configure-Enable-PIE-for-ppc-and-pp.patch
0031-AIO-Reduce-number-of-threads-for-32.patch -> 0026-AIO-Reduce-number-of-threads-for-32.patch
0032-dictzip-Fix-on-big-endian-systems.patch -> 0027-dictzip-Fix-on-big-endian-systems.patch
0033-xen_disk-Add-suse-specific-flush-di.patch -> 0028-xen_disk-Add-suse-specific-flush-di.patch
0035-qemu-bridge-helper-reduce-security-.patch -> 0029-qemu-bridge-helper-reduce-security-.patch
0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
0037-configure-Fix-detection-of-seccomp-.patch -> 0031-configure-Fix-detection-of-seccomp-.patch
0038-linux-user-properly-test-for-infini.patch -> 0032-linux-user-properly-test-for-infini.patch
0040-linux-user-remove-all-traces-of-qem.patch -> 0033-linux-user-remove-all-traces-of-qem.patch
0067-dma-rc4030-limit-interval-timer-rel.patch -> 0034-dma-rc4030-limit-interval-timer-rel.patch
0068-net-imx-limit-buffer-descriptor-cou.patch -> 0035-net-imx-limit-buffer-descriptor-cou.patch
0069-roms-Makefile-pass-a-packaging-time.patch -> 0036-roms-Makefile-pass-a-packaging-time.patch
* Patches added:
0037-Raise-soft-address-space-limit-to-h.patch
0038-increase-x86_64-physical-bits-to-42.patch
0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0040-i8254-Fix-migration-from-SLE11-SP2.patch
0041-acpi_piix4-Fix-migration-from-SLE11.patch
0042-Fix-tigervnc-long-press-issue.patch
0043-fix-xen-hvm-direct-kernel-boot.patch
0044-ARM-KVM-Enable-in-kernel-timers-wit.patch
0045-virtio-gpu-call-cleanup-mapping-fun.patch
0046-string-input-visitor-Fix-uint64-par.patch
0047-test-string-input-visitor-Add-int-t.patch
0048-test-string-input-visitor-Add-uint6.patch
0049-tests-Add-QOM-property-unit-tests.patch
0050-tests-Add-scsi-disk-test.patch
0051-virtio-gpu-fix-information-leak-in-.patch
0052-display-cirrus-ignore-source-pitch-.patch
ipxe-use-gcc6-for-more-compact-code.patch
* SLE patches dropped (accounted for in above listed changes):
0002-qemu-0.9.0.cvs-binfmt.patch
0009-block-vmdk-Support-creation-of-SCSI.patch
0010-linux-user-add-binfmt-wrapper-for-a.patch
0011-PPC-KVM-Disable-mmu-notifier-check.patch
0012-linux-user-fix-segfault-deadlock.patch
0013-linux-user-binfmt-support-host-bina.patch
0014-linux-user-Ignore-broken-loop-ioctl.patch
0015-linux-user-lock-tcg.patch
0016-linux-user-Run-multi-threaded-code-.patch
0017-linux-user-lock-tb-flushing-too.patch
0018-linux-user-Fake-proc-cpuinfo.patch
0019-linux-user-implement-FS_IOC_GETFLAG.patch
0020-linux-user-implement-FS_IOC_SETFLAG.patch
0021-linux-user-XXX-disable-fiemap.patch
0022-slirp-nooutgoing.patch
0023-vnc-password-file-and-incoming-conn.patch
0024-linux-user-add-more-blk-ioctls.patch
0025-linux-user-use-target_ulong.patch
0026-block-Add-support-for-DictZip-enabl.patch
0027-block-Add-tar-container-format.patch
0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch
0029-console-add-question-mark-escape-op.patch
0030-Make-char-muxer-more-robust-wrt-sma.patch
0031-linux-user-lseek-explicitly-cast-no.patch
0032-virtfs-proxy-helper-Provide-_u64-f.patch
0033-configure-Enable-PIE-for-ppc-and-pp.patch
0034-Raise-soft-address-space-limit-to-h.patch
0035-increase-x86_64-physical-bits-to-42.patch
0036-vnc-provide-fake-color-map.patch
0037-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0038-i8254-Fix-migration-from-SLE11-SP2.patch
0039-acpi_piix4-Fix-migration-from-SLE11.patch
0040-qtest-Increase-socket-timeout-to-ac.patch
0041-dictzip-Fix-on-big-endian-systems.patch
0043-xen_disk-Add-suse-specific-flush-di.patch
0044-Split-large-discard-requests-from-b.patch
0045-fix-xen-hvm-direct-kernel-boot.patch
0046-xen-introduce-dummy-system-device.patch
0047-xen-write-information-about-support.patch
0048-xen-add-pvUSB-backend.patch
0049-xen-move-xen_sysdev-to-xen_backend..patch
0050-vnc-add-configurable-keyboard-delay.patch
0051-xen-SUSE-xenlinux-unplug-for-emulat.patch
0052-configure-add-echo_version-helper.patch
0053-configure-support-vte-2.91.patch
0054-scsi-esp-fix-migration.patch
0055-hw-arm-virt-mark-the-PCIe-host-cont.patch
0056-xen-when-removing-a-backend-don-t-r.patch
0057-xen-drain-submit-queue-in-xen-usb-b.patch
0058-qcow2-avoid-extra-flushes-in-qcow2.patch
0059-qemu-bridge-helper-reduce-security-.patch
0060-xen-use-a-common-function-for-pv-an.patch
0061-xen_platform-unplug-also-SCSI-disks.patch
0062-virtio-check-vring-descriptor-buffe.patch
0063-net-vmxnet3-check-for-device_active.patch
0064-net-vmxnet-initialise-local-tx-desc.patch
0065-scsi-pvscsi-avoid-infinite-loop-whi.patch
0066-ARM-KVM-Enable-in-kernel-timers-wit.patch
0067-hw-net-Fix-a-heap-overflow-in-xlnx..patch
0068-vmsvga-correct-bitmap-and-pixmap-si.patch
0069-usb-xhci-fix-memory-leak-in-usb_xhc.patch
0070-virtio-add-check-for-descriptor-s-m.patch
0071-net-mcf-limit-buffer-descriptor-cou.patch
0072-usb-ehci-fix-memory-leak-in-ehci_pr.patch
0073-xhci-limit-the-number-of-link-trbs-.patch
0074-9pfs-allocate-space-for-guest-origi.patch
0075-9pfs-fix-memory-leak-in-v9fs_link.patch
0076-9pfs-fix-potential-host-memory-leak.patch
0077-9pfs-fix-memory-leak-in-v9fs_write.patch
0078-char-serial-check-divider-value-aga.patch
0079-net-pcnet-check-rx-tx-descriptor-ri.patch
0080-net-eepro100-fix-memory-leak-in-dev.patch
0081-net-rocker-set-limit-to-DMA-buffer-.patch
0082-net-rtl8139-limit-processing-of-rin.patch
0083-audio-intel-hda-check-stream-entry-.patch
0084-virtio-gpu-fix-memory-leak-in-virti.patch
0085-9pfs-fix-integer-overflow-issue-in-.patch
0086-dma-rc4030-limit-interval-timer-rel.patch
0087-net-imx-limit-buffer-descriptor-cou.patch
0088-target-i386-Implement-CPUID-0xB-Ext.patch
0089-target-i386-present-virtual-L3-cach.patch
0090-migration-fix-inability-to-save-VM-.patch
0091-ui-gtk-Fix-a-runtime-warning-on-vte.patch
0092-gtk-don-t-leak-the-GtkBorder-with-V.patch
0093-xen-fix-ioreq-handling.patch
0094-macio-Use-blk_drain-instead-of-blk_.patch
0095-rbd-Switch-rbd_start_aio-to-byte-ba.patch
0096-virtio-blk-Release-s-rq-queue-at-sy.patch
0097-virtio-blk-Remove-stale-comment-abo.patch
0098-block-reintroduce-bdrv_flush_all.patch
0099-qemu-use-bdrv_flush_all-for-vm_stop.patch
0100-block-backend-remove-blkflush_all.patch
0101-char-fix-missing-return-in-error-pa.patch
0102-rbd-shift-byte-count-as-a-64-bit-va.patch
0103-mirror-use-bdrv_drained_begin-bdrv_.patch
0104-block-curl-Use-BDRV_SECTOR_SIZE.patch
0105-block-curl-Fix-return-value-from-cu.patch
0106-block-curl-Remember-all-sockets.patch
0107-block-curl-Do-not-wait-for-data-bey.patch
0108-virtio-allow-per-device-class-legac.patch
0109-virtio-net-mark-VIRTIO_NET_F_GSO-as.patch
0110-vhost-adapt-vhost_verify_ring_mappi.patch
0111-ivshmem-Fix-64-bit-memory-bar-confi.patch
0112-intel_iommu-fix-incorrect-device-in.patch
0113-9pfs-fix-information-leak-in-xattr-.patch
0114-9pfs-fix-memory-leak-in-v9fs_xattrc.patch
0115-net-mcf-check-receive-buffer-size-r.patch
0116-virtio-gpu-fix-memory-leak-in-updat.patch
0117-virtio-gpu-fix-information-leak-in-.patch
0118-9pfs-adjust-the-order-of-resource-c.patch
0119-9pfs-add-cleanup-operation-in-FileO.patch
0120-9pfs-add-cleanup-operation-for-hand.patch
0121-9pfs-add-cleanup-operation-for-prox.patch
0122-virtio-gpu-call-cleanup-mapping-fun.patch
0123-string-input-visitor-Fix-uint64-par.patch
0124-test-string-input-visitor-Add-int-t.patch
0125-test-string-input-visitor-Add-uint6.patch
0126-tests-Add-QOM-property-unit-tests.patch
0127-tests-Add-scsi-disk-test.patch
0128-usb-ehci-fix-memory-leak-in-ehci_in.patch
0129-usbredir-free-vm_change_state_handl.patch
0130-virtio-gpu-fix-information-leak-in-.patch
ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch
ipxe-ath-Fix-building-with-GCC-6.patch
ipxe-efi-fix-garbage-bytes-in-device-path.patch
ipxe-efi-fix-uninitialised-data-in-HII.patch
ipxe-legacy-Fix-building-with-GCC-6.patch
ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch
ipxe-sis190-Fix-building-with-GCC-6.patch
ipxe-skge-Fix-building-with-GCC-6.patch
ipxe-util-v5.24-perl-errors-on-redeclare.patch
- SLE CVE, FATE, and bugzilla references not otherwise listed in
this changelog file. The intent of this list is to indicate that
the fix or feature continues the line of inheritance in the
development stream of this package. The list is intended to
satisfy searches only - refer to the SLE-12-SP2 changelog file
for additional details.
* fate#314468 fate#314497 fate#315125 fate#315467 fate#317015
fate#317741 fate#317763 fate#318349 fate#319660 fate#319979
fate#321010
* bnc#812983 bnc#869026 bnc#869746 bnc#874413 bnc#875582 bnc#875870
bnc#877642 bnc#877645 bnc#878541 bsc#882405 bsc#886378 bnc#893339
bnc#893892 bnc#895369 bnc#896726 bnc#897654 bnc#905097 bnc#907805
bnc#908380 bnc#914521 bsc#924018 bsc#929339 bsc#932267 bsc#932770
bsc#933981 bsc#936537 bsc#937125 bsc#938344 bsc#940929 bsc#942845
bsc#943446 bsc#944697 bsc#945404 bsc#945987 bsc#945989 bsc#946020
bsc#947159 bnc#953518 bsc#954864 bsc#956829 bsc#957162 bsc#958491
bsc#958917 bsc#959005 bsc#959386 bsc#960334 bsc#960708 bsc#960725
bsc#960835 bsc#961333 bsc#961556 bsc#961691 bsc#962320 bsc#963782
bsc#964413 bsc#970791 bsc#974141 bsc#978158 bsc#979473 bsc#982365
bsc#989655 bsc#991466 bsc#994771 bsc#994774 bsc#996441 bsc#997858
bsc#999212
bsc#1001151 bsc#1002116 bsc#1005353 boo#1007263 bsc#1007769
bsc#1008519 bsc#1009109 bsc#1013285 bsc#1013341 bsc#1013764
bsc#1013767 bsc#1014109 bsc#1014110 bsc#1014111 bsc#1014112
bsc#1014256 bsc#1014514 bsc#1014702 bsc#1015169 bsc#1016779
* CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840
CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-4037 CVE-2015-5154
CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815
CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345
CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613
CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568
CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710
CVE-2016-6490 CVE-2016-6833 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155
CVE-2016-7161 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846
CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913
CVE-2016-9921 CVE-2016-9922�- Despite the previous entry about re-enabling ceph on Nov 19, 2016
the change wasn't actually done. Do it now.�- sgabios-stable-buildid.patch: Use geeko@buildhost�- slof_xhci.patch: XHCI fixes (boo#977027)�- Recommend x86 ROMs for emulated PCI cards on ppc, arm, others
(bsc#1005869, michals)�- Tidy SLOF patch boilerplate (michals)�- Build with spice on all archs. (boo#1009438, michals)�- Refine the approach to producing stable builds in our ROM based
packages. All built roms which have hostname or date calls now
produce consistent results build to build via patch changes, so
remove the hostname and date call workarounds. (bsc#1011213)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
* Patches added:
0069-roms-Makefile-pass-a-packaging-time.patch
sgabios-stable-buildid.patch�- Re-enable ceph (rbd) functionality in OBS builds as we've been told
the issues which prompted us to disable it are resolved
- Address various security/stability issues
* Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516)
0041-vmsvga-correct-bitmap-and-pixmap-si.patch
* Fix DOS in LSI SAS1068 emulation (CVE-2016-7157 bsc#997860)
0042-scsi-mptconfig-fix-an-assert-expres.patch
0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch
* Fix DOS in Vmware pv scsi interface (CVE-2016-7156 bsc#997859)
0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch
* Fix DOS in USB xHCI emulation (CVE-2016-7466 bsc#1000345)
0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch
* Fix OOB access in LSI SAS1068 emulation (CVE-2016-7423 bsc#1000397)
0046-scsi-mptsas-use-g_new0-to-allocate-.patch
* Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661)
0047-scsi-pvscsi-limit-process-IO-loop-t.patch
* Fix NULL pointer dereference in virtio processing
(CVE-2016-7422 bsc#1000346)
0048-virtio-add-check-for-descriptor-s-m.patch
* Fix DOS in ColdFire Fast Ethernet Controller emulation
(CVE-2016-7908 bsc#1002550)
0049-net-mcf-limit-buffer-descriptor-cou.patch
* Fix DOS in USB EHCI emulation (CVE-2016-7995 bsc#1003612)
0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch
* Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878)
0051-xhci-limit-the-number-of-link-trbs-.patch
* Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894)
0052-9pfs-allocate-space-for-guest-origi.patch
* Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494)
0053-9pfs-fix-memory-leak-in-v9fs_link.patch
* Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893)
0054-9pfs-fix-potential-host-memory-leak.patch
* Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454)
0055-9pfs-fix-information-leak-in-xattr-.patch
* Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450)
0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch
* Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495)
0057-9pfs-fix-memory-leak-in-v9fs_write.patch
* Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707)
0058-char-serial-check-divider-value-aga.patch
* Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557)
0059-net-pcnet-check-rx-tx-descriptor-ri.patch
* Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391)
0060-net-eepro100-fix-memory-leak-in-dev.patch
* Fix OOB access in Rocker switch emulation (CVE-2016-8668 bsc#1004706)
0061-net-rocker-set-limit-to-DMA-buffer-.patch
* Plug data leak in vmxnet3 emulation (CVE-2016-6836 bsc#994760)
0062-net-vmxnet-initialise-local-tx-desc.patch
* Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538)
0063-net-rtl8139-limit-processing-of-rin.patch
* Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536)
0064-audio-intel-hda-check-stream-entry-.patch
* Fix DOS in virtio-gpu (CVE-2016-7994 bsc#1003613)
0065-virtio-gpu-fix-memory-leak-in-virti.patch
* Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493)
0066-9pfs-fix-integer-overflow-issue-in-.patch
* Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702)
0067-dma-rc4030-limit-interval-timer-rel.patch
* Fix DOS in i.MX NIC emulation (CVE-2016-7907 bsc#1002549)
0068-net-imx-limit-buffer-descriptor-cou.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7�- Use fixed timestamps and stable build_id in ipxe and other ROMs
* Patches added:
ipxe-stable-buildid.patch�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
* Patch updated:
0040-linux-user-skip-0-flag-from-proc-se.patch -> 0040-linux-user-remove-all-traces-of-qem.patch�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
* Patches added:
0040-linux-user-skip-0-flag-from-proc-se.patch�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
* Patches added:
0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch�- Document two new options, but leave jemalloc disabled for now
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
* Patches dropped:
0034-build-link-with-libatomic-on-powerp.patch
* Patches renamed:
0035-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch
0036-qemu-bridge-helper-reduce-security-.patch -> 0035-qemu-bridge-helper-reduce-security-.patch
0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
0038-configure-Fix-detection-of-seccomp-.patch -> 0037-configure-Fix-detection-of-seccomp-.patch
0039-linux-user-properly-test-for-infini.patch -> 0038-linux-user-properly-test-for-infini.patch�- Updated to v2.7.0: See http://wiki.qemu-project.org/ChangeLog/2.7
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
* Patches added:
0039-linux-user-properly-test-for-infini.patch�- Use new kvm_stat package where available, else provide updated
kvm_stat script.�- Update to v2.7.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.7�- Updated to v2.7.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.7
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7
* Patches dropped:
0002-qemu-0.9.0.cvs-binfmt.patch (script rewritten upstream)
0009-block-vmdk-Support-creation-of-SCSI.patch (deprecated)
0014-linux-user-Ignore-broken-loop-ioctl.patch (implemented upstream)
0024-linux-user-add-more-blk-ioctls.patch (more implemented upstream)
0034-qtest-Increase-socket-timeout.patch (increased further upstream)
0036-configure-Enable-libseccomp-for-ppc.patch (enabled upstream)
0038-block-split-large-discard-requests-.patch
0041-xen-introduce-dummy-system-device.patch
0042-xen-write-information-about-support.patch
0043-xen-add-pvUSB-backend.patch
0044-xen-move-xen_sysdev-to-xen_backend..patch
0045-vnc-add-configurable-keyboard-delay.patch
0046-configure-add-echo_version-helper.patch
0047-configure-support-vte-2.91.patch
0048-hw-arm-virt-mark-the-PCIe-host-cont.patch
0050-scsi-esp-fix-migration.patch
0051-xen-when-removing-a-backend-don-t-r.patch
0052-xen-drain-submit-queue-in-xen-usb-b.patch
0053-qcow2-avoid-extra-flushes-in-qcow2.patch
0055-xen-use-a-common-function-for-pv-an.patch
ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch
ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch
ipxe-sis190-Fix-building-with-GCC-6.patch
ipxe-skge-Fix-building-with-GCC-6.patch
ipxe-ath-Fix-building-with-GCC-6.patch
ipxe-legacy-Fix-building-with-GCC-6.patch
ipxe-util-v5.24-perl-errors-on-redeclare.patch
ipxe-efi-fix-garbage-bytes-in-device-path.patch
ipxe-efi-fix-uninitialised-data-in-HII.patch
* Patches renamed:
0010-linux-user-add-binfmt-wrapper-for-a.patch -> 0009-linux-user-add-binfmt-wrapper-for-a.patch
0011-PPC-KVM-Disable-mmu-notifier-check.patch -> 0010-PPC-KVM-Disable-mmu-notifier-check.patch
0012-linux-user-fix-segfault-deadlock.patch -> 0011-linux-user-fix-segfault-deadlock.patch
0013-linux-user-binfmt-support-host-bina.patch -> 0012-linux-user-binfmt-support-host-bina.patch
0015-linux-user-lock-tcg.patch -> 0013-linux-user-lock-tcg.patch
0016-linux-user-Run-multi-threaded-code-.patch -> 0014-linux-user-Run-multi-threaded-code-.patch
0017-linux-user-lock-tb-flushing-too.patch -> 0015-linux-user-lock-tb-flushing-too.patch
0018-linux-user-Fake-proc-cpuinfo.patch -> 0016-linux-user-Fake-proc-cpuinfo.patch
0019-linux-user-implement-FS_IOC_GETFLAG.patch -> 0017-linux-user-implement-FS_IOC_GETFLAG.patch
0020-linux-user-implement-FS_IOC_SETFLAG.patch -> 0018-linux-user-implement-FS_IOC_SETFLAG.patch
0021-linux-user-XXX-disable-fiemap.patch -> 0019-linux-user-XXX-disable-fiemap.patch
0022-slirp-nooutgoing.patch -> 0020-slirp-nooutgoing.patch
0023-vnc-password-file-and-incoming-conn.patch -> 0021-vnc-password-file-and-incoming-conn.patch
0025-linux-user-use-target_ulong.patch -> 0022-linux-user-use-target_ulong.patch
0026-block-Add-support-for-DictZip-enabl.patch -> 0023-block-Add-support-for-DictZip-enabl.patch
0027-block-Add-tar-container-format.patch -> 0024-block-Add-tar-container-format.patch
0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch
0029-console-add-question-mark-escape-op.patch -> 0026-console-add-question-mark-escape-op.patch
0030-Make-char-muxer-more-robust-wrt-sma.patch -> 0027-Make-char-muxer-more-robust-wrt-sma.patch
0031-linux-user-lseek-explicitly-cast-no.patch -> 0028-linux-user-lseek-explicitly-cast-no.patch
0032-virtfs-proxy-helper-Provide-__u64-f.patch -> 0029-virtfs-proxy-helper-Provide-__u64-f.patch
0033-configure-Enable-PIE-for-ppc-and-pp.patch -> 0030-configure-Enable-PIE-for-ppc-and-pp.patch
0035-AIO-Reduce-number-of-threads-for-32.patch -> 0031-AIO-Reduce-number-of-threads-for-32.patch
0037-dictzip-Fix-on-big-endian-systems.patch -> 0032-dictzip-Fix-on-big-endian-systems.patch
0039-xen_disk-Add-suse-specific-flush-di.patch -> 0033-xen_disk-Add-suse-specific-flush-di.patch
0040-build-link-with-libatomic-on-powerp.patch -> 0034-build-link-with-libatomic-on-powerp.patch
0049-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch
0054-qemu-bridge-helper-reduce-security-.patch -> 0036-qemu-bridge-helper-reduce-security-.patch
* Patches added:
0002-qemu-binfmt-conf-Modify-default-pat.patch
0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
* Package renamed trace-events-all file and linuxboot_dma.bin
* Handle building and packaging roms for e1000e and vmxnet3 (Bruce)
* Remove ipxe patches which are now enabled upstream (Bruce)
* Enable seccomp for s390x (Mark Post):
0038-configure-Fix-detection-of-seccomp-.patch�- Update to v2.6.1 a stable, bug-fix-only release (fate#316228)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Patches dropped (upstreamed):
0041-net-mipsnet-check-packet-length-aga.patch
0042-i386-kvmvapic-initialise-imm32-vari.patch
0043-esp-check-command-buffer-length-bef.patch
0044-esp-check-dma-length-before-reading.patch
0045-scsi-pvscsi-check-command-descripto.patch
0046-scsi-mptsas-infinite-loop-while-fet.patch
0047-vga-add-sr_vbe-register-set.patch
0048-scsi-megasas-use-appropriate-proper.patch
0049-scsi-megasas-check-read_queue_head-.patch
0050-scsi-megasas-null-terminate-bios-ve.patch
0051-vmsvga-move-fifo-sanity-checks-to-v.patch
0052-vmsvga-don-t-process-more-than-1024.patch
0053-block-iscsi-avoid-potential-overflo.patch
0054-scsi-esp-check-TI-buffer-index-befo.patch
0060-scsi-megasas-initialise-local-confi.patch
0065-scsi-esp-check-buffer-length-before.patch
0066-scsi-esp-respect-FIFO-invariant-aft.patch
0067-pci-assign-Move-Invalid-ROM-error-m.patch
0068-Xen-PCI-passthrough-fix-passthrough.patch
0069-scsi-esp-make-cmdbuf-big-enough-for.patch
0071-virtio-error-out-if-guest-exceeds-v.patch
* Patches renamed:
0055-xen-introduce-dummy-system-device.patch
- > 0041-xen-introduce-dummy-system-device.patch
0056-xen-write-information-about-support.patch
- > 0042-xen-write-information-about-support.patch
0057-xen-add-pvUSB-backend.patch
- > 0043-xen-add-pvUSB-backend.patch
0058-xen-move-xen_sysdev-to-xen_backend..patch
- > 0044-xen-move-xen_sysdev-to-xen_backend..patch
0059-vnc-add-configurable-keyboard-delay.patch
- > 0045-vnc-add-configurable-keyboard-delay.patch
0061-configure-add-echo_version-helper.patch
- > 0046-configure-add-echo_version-helper.patch
0062-configure-support-vte-2.91.patch
- > 0047-configure-support-vte-2.91.patch
0063-hw-arm-virt-mark-the-PCIe-host-cont.patch
- > 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch
0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
- > 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch
0070-scsi-esp-fix-migration.patch
- > 0050-scsi-esp-fix-migration.patch
0072-xen-when-removing-a-backend-don-t-r.patch
- > 0051-xen-when-removing-a-backend-don-t-r.patch
0073-xen-drain-submit-queue-in-xen-usb-b.patch
- > 0052-xen-drain-submit-queue-in-xen-usb-b.patch
0074-qcow2-avoid-extra-flushes-in-qcow2.patch
- > 0053-qcow2-avoid-extra-flushes-in-qcow2.patch
0075-qemu-bridge-helper-reduce-security-.patch
- > 0054-qemu-bridge-helper-reduce-security-.patch
0076-xen-use-a-common-function-for-pv-an.patch
- > 0055-xen-use-a-common-function-for-pv-an.patch�- Temporarily disable ceph (rbd) functionality in OBS due to staging
issues.�- use upstream solution for building xen-usb.c correctly
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Patches dropped:
0058-usb-Fix-conditions-that-xen-usb.c-i.patch
* Patches added:
0058-xen-move-xen_sysdev-to-xen_backend..patch�- Incorporate patch carried in Xen's qemu to get same support
as Xen switches to use the qemu package (bsc#953339, bsc#953362,
bsc#953518, bsc#984981)
0064-xen-SUSE-xenlinux-unplug-for-emulat.patch
- Fix more potential OOB accesses in 53C9X emulation
(CVE-2016-5238 bsc#982959)
0065-scsi-esp-check-buffer-length-before.patch
0066-scsi-esp-respect-FIFO-invariant-aft.patch
- Avoid "Invalid ROM" error message when it is not appropriate
(bsc#982927)
0067-pci-assign-Move-Invalid-ROM-error-m.patch
- Fix failure in Xen HVM PCI passthrough (bsc#981925, bsc#989250)
0068-Xen-PCI-passthrough-fix-passthrough.patch
- Fix OOB access in 53C9X emulation (CVE-2016-6351 bsc#990835)
0069-scsi-esp-make-cmdbuf-big-enough-for.patch
0070-scsi-esp-fix-migration.patch
- Avoid potential for guest initiated OOM condition in qemu through
virtio interface (CVE-2016-5403 bsc#991080)
0071-virtio-error-out-if-guest-exceeds-v.patch
- Fix potential crashes in qemu from pvusb bugs (bsc#986156)
0072-xen-when-removing-a-backend-don-t-r.patch
0073-xen-drain-submit-queue-in-xen-usb-b.patch
- Avoid unneeded flushes in qcow2 which impact performance (bsc#991296)
0074-qcow2-avoid-extra-flushes-in-qcow2.patch
- Finally get qemu-bridge-helper the permissions it needs for non-
root usage. The kvm group is leveraged to control access. (boo#988279)
0075-qemu-bridge-helper-reduce-security-.patch
- Fix pvusb not working for HVM guests (bsc#991785)
0076-xen-use-a-common-function-for-pv-an.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
- Minor spec file formatting fixes�- Fix ARM PCIe DMA coherency bug (bsc#991034)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Patches added:
0063-hw-arm-virt-mark-the-PCIe-host-cont.patch�- Clean up the udev ifdeffery to cover systemd as well (boo#860275)
- Trigger udev rules also under systemd (boo#989655)
- Suppress s390x sysctl in chroot
- Ignore s390x sysctl failures (agraf)�- Build SLOF for SLE12 now that we have gcc fix (bsc#949000)
- Add script for loading kvm module on s390x
- Enable seccomp and iscsi support in more configurations
- Enable more support for virtio-gpu
- Fix /dev/kvm permissions problem with package install and no
reboot (bnc#867867)
- Remove libtool dependency
- Disable more aggressive stack protector for performance reasons
- Enable vte to be used again in more configurations (bsc#988855)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Patches added:
0061-configure-add-echo_version-helper.patch
0062-configure-support-vte-2.91.patch�- Remove deprecated patch "work-around-SA_RESTART-race" (boo#982208)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Patches dropped:
0002-XXX-work-around-SA_RESTART-race-wit.patch
0003-qemu-0.9.0.cvs-binfmt.patch
0004-qemu-cvs-alsa_bitfield.patch
0005-qemu-cvs-alsa_ioctl.patch
0006-qemu-cvs-alsa_mmap.patch
0007-qemu-cvs-gettimeofday.patch
0008-qemu-cvs-ioctl_debug.patch
0009-qemu-cvs-ioctl_nodirection.patch
0010-block-vmdk-Support-creation-of-SCSI.patch
0011-linux-user-add-binfmt-wrapper-for-a.patch
0012-PPC-KVM-Disable-mmu-notifier-check.patch
0013-linux-user-fix-segfault-deadlock.patch
0014-linux-user-binfmt-support-host-bina.patch
0015-linux-user-Ignore-broken-loop-ioctl.patch
0016-linux-user-lock-tcg.patch
0017-linux-user-Run-multi-threaded-code-.patch
0018-linux-user-lock-tb-flushing-too.patch
0019-linux-user-Fake-proc-cpuinfo.patch
0020-linux-user-implement-FS_IOC_GETFLAG.patch
0021-linux-user-implement-FS_IOC_SETFLAG.patch
0022-linux-user-XXX-disable-fiemap.patch
0023-slirp-nooutgoing.patch
0024-vnc-password-file-and-incoming-conn.patch
0025-linux-user-add-more-blk-ioctls.patch
0026-linux-user-use-target_ulong.patch
0027-block-Add-support-for-DictZip-enabl.patch
0028-block-Add-tar-container-format.patch
0029-Legacy-Patch-kvm-qemu-preXX-dictzip.patch
0030-console-add-question-mark-escape-op.patch
0031-Make-char-muxer-more-robust-wrt-sma.patch
0032-linux-user-lseek-explicitly-cast-no.patch
0033-virtfs-proxy-helper-Provide-__u64-f.patch
0034-configure-Enable-PIE-for-ppc-and-pp.patch
0035-qtest-Increase-socket-timeout.patch
0036-AIO-Reduce-number-of-threads-for-32.patch
0037-configure-Enable-libseccomp-for-ppc.patch
0038-dictzip-Fix-on-big-endian-systems.patch
0039-block-split-large-discard-requests-.patch
0040-xen_disk-Add-suse-specific-flush-di.patch
0041-build-link-with-libatomic-on-powerp.patch
0042-net-mipsnet-check-packet-length-aga.patch
0043-i386-kvmvapic-initialise-imm32-vari.patch
0044-esp-check-command-buffer-length-bef.patch
0045-esp-check-dma-length-before-reading.patch
0046-scsi-pvscsi-check-command-descripto.patch
0047-scsi-mptsas-infinite-loop-while-fet.patch
0048-vga-add-sr_vbe-register-set.patch
0049-scsi-megasas-use-appropriate-proper.patch
0050-scsi-megasas-check-read_queue_head-.patch
0051-scsi-megasas-null-terminate-bios-ve.patch
0052-vmsvga-move-fifo-sanity-checks-to-v.patch
0053-vmsvga-don-t-process-more-than-1024.patch
0054-block-iscsi-avoid-potential-overflo.patch
0055-scsi-esp-check-TI-buffer-index-befo.patch
0056-xen-introduce-dummy-system-device.patch
0057-xen-write-information-about-support.patch
0058-xen-add-pvUSB-backend.patch
0059-usb-Fix-conditions-that-xen-usb.c-i.patch
0060-vnc-add-configurable-keyboard-delay.patch
0061-scsi-megasas-initialise-local-confi.patch
* Patches added:
0002-qemu-0.9.0.cvs-binfmt.patch
0003-qemu-cvs-alsa_bitfield.patch
0004-qemu-cvs-alsa_ioctl.patch
0005-qemu-cvs-alsa_mmap.patch
0006-qemu-cvs-gettimeofday.patch
0007-qemu-cvs-ioctl_debug.patch
0008-qemu-cvs-ioctl_nodirection.patch
0009-block-vmdk-Support-creation-of-SCSI.patch
0010-linux-user-add-binfmt-wrapper-for-a.patch
0011-PPC-KVM-Disable-mmu-notifier-check.patch
0012-linux-user-fix-segfault-deadlock.patch
0013-linux-user-binfmt-support-host-bina.patch
0014-linux-user-Ignore-broken-loop-ioctl.patch
0015-linux-user-lock-tcg.patch
0016-linux-user-Run-multi-threaded-code-.patch
0017-linux-user-lock-tb-flushing-too.patch
0018-linux-user-Fake-proc-cpuinfo.patch
0019-linux-user-implement-FS_IOC_GETFLAG.patch
0020-linux-user-implement-FS_IOC_SETFLAG.patch
0021-linux-user-XXX-disable-fiemap.patch
0022-slirp-nooutgoing.patch
0023-vnc-password-file-and-incoming-conn.patch
0024-linux-user-add-more-blk-ioctls.patch
0025-linux-user-use-target_ulong.patch
0026-block-Add-support-for-DictZip-enabl.patch
0027-block-Add-tar-container-format.patch
0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch
0029-console-add-question-mark-escape-op.patch
0030-Make-char-muxer-more-robust-wrt-sma.patch
0031-linux-user-lseek-explicitly-cast-no.patch
0032-virtfs-proxy-helper-Provide-__u64-f.patch
0033-configure-Enable-PIE-for-ppc-and-pp.patch
0034-qtest-Increase-socket-timeout.patch
0035-AIO-Reduce-number-of-threads-for-32.patch
0036-configure-Enable-libseccomp-for-ppc.patch
0037-dictzip-Fix-on-big-endian-systems.patch
0038-block-split-large-discard-requests-.patch
0039-xen_disk-Add-suse-specific-flush-di.patch
0040-build-link-with-libatomic-on-powerp.patch
0041-net-mipsnet-check-packet-length-aga.patch
0042-i386-kvmvapic-initialise-imm32-vari.patch
0043-esp-check-command-buffer-length-bef.patch
0044-esp-check-dma-length-before-reading.patch
0045-scsi-pvscsi-check-command-descripto.patch
0046-scsi-mptsas-infinite-loop-while-fet.patch
0047-vga-add-sr_vbe-register-set.patch
0048-scsi-megasas-use-appropriate-proper.patch
0049-scsi-megasas-check-read_queue_head-.patch
0050-scsi-megasas-null-terminate-bios-ve.patch
0051-vmsvga-move-fifo-sanity-checks-to-v.patch
0052-vmsvga-don-t-process-more-than-1024.patch
0053-block-iscsi-avoid-potential-overflo.patch
0054-scsi-esp-check-TI-buffer-index-befo.patch
0055-xen-introduce-dummy-system-device.patch
0056-xen-write-information-about-support.patch
0057-xen-add-pvUSB-backend.patch
0058-usb-Fix-conditions-that-xen-usb.c-i.patch
0059-vnc-add-configurable-keyboard-delay.patch
0060-scsi-megasas-initialise-local-confi.patch
- Enable ceph (rbd) support for aarch64�- Enable ceph (rbd) support�- Fix OVMF iPXE network menu (bsc#986033, boo#987488)
ipxe-efi-fix-garbage-bytes-in-device-path.patch
ipxe-efi-fix-uninitialised-data-in-HII.patch�- Fix host information leak to guest in MegaRAID SAS 8708EM2 Host
Bus AdapterMegaRAID SAS 8708EM2 Host Bus Adapter emulation support
(CVE-2016-5105 bsc#982017)
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
0061-scsi-megasas-initialise-local-confi.patch�- Address various security/stability issues
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Fix OOB access in megasas emulated device (CVE-2016-5106 bsc#982018)
0049-scsi-megasas-use-appropriate-proper.patch
* Fix OOB access in megasas emulated device (CVE-2016-5107 bsc#982019)
0050-scsi-megasas-check-read_queue_head-.patch
* Fix OOB access in megasas emulated device (CVE-2016-5337 bsc#983961)
0051-scsi-megasas-null-terminate-bios-ve.patch
* Correct the vmvga fifo access checks (CVE-2016-4454 bsc#982222)
0052-vmsvga-move-fifo-sanity-checks-to-v.patch
* Fix potential DoS issue in vmvga processing (CVE-2016-4453 bsc#982223)
0053-vmsvga-don-t-process-more-than-1024.patch
* Fix heap buffer overflow flaw when iscsi protocol is used
(CVE-2016-5126 bsc#982285)
0054-block-iscsi-avoid-potential-overflo.patch
* Fix OOB access in 53C9X emulation (CVE-2016-5338 bsc#983982)
0055-scsi-esp-check-TI-buffer-index-befo.patch
- Add support to qemu for pv-usb under Xen (fate#316612)
0056-xen-introduce-dummy-system-device.patch
0057-xen-write-information-about-support.patch
0058-xen-add-pvUSB-backend.patch
0059-usb-Fix-conditions-that-xen-usb.c-i.patch
- Provide ability to rate limit keyboard events from the vnc server.
This is part of the solution to an issue affecting openQA testing,
where characters are lost, resulting in unexpected failures
(bsc#974914)
0060-vnc-add-configurable-keyboard-delay.patch�- Adjust to parallel changes in virglrenderer packages - no longer
"BuildRequires" virglrenderer directly, just the devel package.�- Fix build compatibility with gcc6 wrt ipxe rom where compiler
warnings are treated as errors.
ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch
ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch
ipxe-sis190-Fix-building-with-GCC-6.patch
ipxe-skge-Fix-building-with-GCC-6.patch
ipxe-ath-Fix-building-with-GCC-6.patch
ipxe-legacy-Fix-building-with-GCC-6.patch
- Fix ipxe build script which fails under perl v5.24
ipxe-util-v5.24-perl-errors-on-redeclare.patch
- Specify build time disk space requirements for ppc64 and ppc64le�- Add sysctl script and %post on s390x to allow kvm usage (bsc#975331)�- Address various security/stability issues
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Fix OOB access in MIPSnet emulated controller CVE-2016-4002 (bsc#975136)
0042-net-mipsnet-check-packet-length-aga.patch
* Fix possible host data leakage to guest from TPR access
CVE-2016-4020 (bsc#975700)
0043-i386-kvmvapic-initialise-imm32-vari.patch
* Avoid OOB access in 53C9X emulation CVE-2016-4439 (bsc#980711)
0044-esp-check-command-buffer-length-bef.patch
* Avoid OOB access in 53C9X emulation CVE-2016-4441 (bsc#980723)
0045-esp-check-dma-length-before-reading.patch
* Avoid OOB access in Vmware PV SCSI emulation CVE-2016-4952 (bsc#981266)
0046-scsi-pvscsi-check-command-descripto.patch
* Avoid potential DoS in LSI SAS1068 emulation CVE-2016-4964 (bsc#981399)
0047-scsi-mptsas-infinite-loop-while-fet.patch
* Fix regression in vga behavior - introduced in v2.6.0 CVE-2016-3712 (bsc#978160)
0048-vga-add-sr_vbe-register-set.patch�- Update to v2.6.0: See http://wiki.qemu-project.org/ChangeLog/2.6
- Enable SDL2, virglrenderer (for use with virtio-gpu), xfsctl, and
tracing using default log backend
- Build efi pxe roms on x86_64�- Check modules for conflicting release versions
- Suggest recently added block modules�- Bump copyright in qemu.spec.in
- Enable libiscsi for Factory
- Enable seccomp for ppc64le as well�- Update to v2.6.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.6
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Patches dropped (upstreamed):
0041-tests-Use-correct-config-param-for-.patch
* Patches renamed:
0042-build-link-with-libatomic-on-powerp.patch -> 0041-build-link-with-libatomic-on-powerp.patch�- Partially revert the last change's cleanup
- Indicate SUSE version�- Update to v2.6.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.6
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6
* Accept every size in DISCARD request from a guest (bsc#964427)
0039-block-split-large-discard-requests-.patch
* Recognize libxl flag to disable flush in block device (bsc#879425)
0040-xen_disk-Add-suse-specific-flush-di.patch
* Use correct flag for crypto tests
0041-tests-Use-correct-config-param-for-.patch
* Fix build on powerpc:
0042-build-link-with-libatomic-on-powerp.patch
* Patches dropped (upstreamed):
seabios_checkrom_typo.patch
seabios_avoid_smbios_signature_string.patch�- Disable vte for Leap, fixing build�- Don't drop u-boot.e500 yet - breaks testsuite�- Re-enable libcacard support
- Clean up configured features�- Clean up qemu-tools libcacard Provides/Obsoletes - separate again
- Drop u-boot.e500 - being packaged as u-boot-ppce500�- Update to v2.5.0: See http://wiki.qemu-project.org/ChangeLog/2.5
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5
* Patches dropped (upstreamed):
0039-tests-Fix-check-report-qtest-target.patch�- Fix build on openSUSE 13.2�- Fix testsuite on 32bit systems (bsc#957379)�- Update to v2.5.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.5
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5
* Rebase libseccomp enablement:
0037-Revert-Revert-seccomp-tests-that-al.patch -> 0037-configure-Enable-libseccomp-for-ppc.patch
* Provide qemu-ga and qemu-ipxe for qemu-testsuite
- Clean up qemu-ksm recommendation�- Fix SLE11 build by fixing systemd conditionalization (from olh)�- Update to v2.5.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.5
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5
* Patches dropped (upstream):
0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch
0039-tests-Unique-test-path-for-string-v.patch
gcc5-ipxe-add-missing-const-qualifiers.patch
gcc5-ipxe-ath9k-Remove-confusing-logic-inversion-in-an-ANI-var.patch
SLOF_ppc64le.patch
* Patch renamed:
0040-dictzip-Fix-on-big-endian-systems.patch -> 0038-dictzip-Fix-on-big-endian-systems.patch
* --enable-smartcard-nss -> --enable-smartcard
Needs an external libcacard, so drop it for now.
* Drop --enable-vnc-tls
* Require xz-devel for ipxe build
* Package qemu-ga(8) man page
* Package ivshmem-{client,server}
* Patches added:
0039-tests-Fix-check-report-qtest-target.patch�- Add systemd unit file and udev rules for qemu guest agent
- taken from the SLE12 / Leap package, see boo#955707�- Add _constraints file (based on work by kenljohnson)�- Enable SLOF build for ppc64le, too, now (bsc#949000, bsc#949016)�- Allow building SLOF on ppc64le (bsc#949016)
SLOF_ppc64le.patch
- Add two checks for DictZip and tar qemu-img behavior (bsc#945778)
* Clean up qemu-testsuite build/installation�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4
* Fix endianness issues in DictZip block driver (bsc#937572, bsc#945778)
0027-block-Add-support-for-DictZip-enabl.patch
0028-block-Add-tar-container-format.patch
0040-dictzip-Fix-on-big-endian-systems.patch�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4
* Fix qemu-testsuite for glib2-2.46.0 by assuring uniqueness of paths
0039-tests-Unique-test-path-for-string-v.patch�- Build SLOF on ppc64 (bsc#949016, thanks to k0da)
* Simplify x86 fw logic while at it
- No need to enable KVM for armv6hl
- Add notice about pre_checkin.sh to update_git.sh�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4
* Fix aarch64 TCG:
0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch�- Update to v2.4.0: See http://wiki.qemu-project.org/ChangeLog/2.4�- Update to v2.4.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.4
* Provide qemu-img symlink instead of passing QTEST_QEMU_IMG�- Update to v2.4.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.4
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4
* Patches dropped:
0037-linux-user-Allocate-thunk-size-dyna.patch
0039-s390x-Fix-stoc-direction.patch
0040-s390x-Add-interlocked-access-facili.patch
0041-fdc-force-the-fifo-access-to-be-in-.patch
0042-rules.mak-Force-CFLAGS-for-all-obje.patch
0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch
0044-hw-arm-boot-Increase-fdt-alignment.patch
* Patches renamed:
0038-Revert-Revert-seccomp-tests-that-al.patch -> 0037-Revert-Revert-seccomp-tests-that-al.patch
* Package new vgabios-virtio.bin
* target-x86_64.conf was dropped
* Add qemu-block-dmg module sub-package
* Set QTEST_QEMU_IMG variable for ahci-test
* --enable-quorum and --enable-vnc-ws are no longer available�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
- Fix -kernel boot for AArch64
* Patches added:
0044-hw-arm-boot-Increase-fdt-alignment.patch�- Use libusb-1_0-devel as buildrequires, not the old
unused compatibility layer in libusb-devel�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
- Fix qemu2 cow caching (bsc#933132)
* Patches added:
0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch�- Patch queue updated from git://github.com/jirislaby/qemu.git opensuse-2.3
* Patches added:
0042-rules.mak-Force-CFLAGS-for-all-obje.patch
gcc5-ipxe-add-missing-const-qualifiers.patch
gcc5-ipxe-ath9k-Remove-confusing-logic-inversion-in-an-ANI-var.patch�- Fix CVE-2015-3456 (boo#929339)
0041-fdc-force-the-fifo-access-to-be-in-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
* Patches added:
0040-s390x-Add-interlocked-access-facili.patch
- Disable dependency on libnuma for s390x (not available in SLE12)�- Update to v2.3.0: See http://wiki.qemu-project.org/ChangeLog/2.3
- Disable iotests for now�- Update to v2.3.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.3�- Update seabios_avoid_smbios_signature_string.patch with version
applied upstream�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
- Fix s390x stoc instructions
0039-s390x-Fix-stoc-direction.patch�- Update to v2.3.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.3
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
* Patches dropped (applied upstream):
0037-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch
* Patches renamed:
0038-linux-user-Allocate-thunk-size-dyna.patch -> 0037-linux-user-Allocate-thunk-size-dyna.patch
* Revert -rc3 change to disable seccomp on non-x86 architectures
0038-Revert-Revert-seccomp-tests-that-al.patch�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
- Fix qemu-linux-user on powerpc
* Patches added:
0038-linux-user-Allocate-thunk-size-dyna.patch�- Split off qemu-testsuite.spec
* Package check-report.html and check-report.xml
* Enable quick iotests
- Dropped 0030-net-Warn-about-default-MAC-address.patch
The warning is relevant only for bridged setups, not for the
default SLIRP based -net user / -netdev user setup,
and it breaks output expectations of some iotests.
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
* Patches renamed:
0031-console-add-question-mark-escape-op.patch -> 0030-console-add-question-mark-escape-op.patch
0032-Make-char-muxer-more-robust-wrt-sma.patch -> 0031-Make-char-muxer-more-robust-wrt-sma.patch
0033-linux-user-lseek-explicitly-cast-no.patch -> 0032-linux-user-lseek-explicitly-cast-no.patch
0034-virtfs-proxy-helper-Provide-__u64-f.patch -> 0033-virtfs-proxy-helper-Provide-__u64-f.patch
0035-configure-Enable-PIE-for-ppc-and-pp.patch -> 0034-configure-Enable-PIE-for-ppc-and-pp.patch
0036-qtest-Increase-socket-timeout.patch -> 0035-qtest-Increase-socket-timeout.patch
0037-AIO-Reduce-number-of-threads-for-32.patch -> 0036-AIO-Reduce-number-of-threads-for-32.patch
0038-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch -> 0037-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch
- Re-enable glusterfs on Factory (updated from v3.6.1 to v3.6.2)
- Re-enable seccomp for armv7l (libseccomp submission pending)�- Suppress seccomp for Factory armv7l (broken in libseccomp v2.2.0)
- Disable glusterfs explicitly on Factory, SLE12 and before 13.1�- Enable glusterfs and package as qemu-block-gluster
glusterfs post-v3.5.3 and v3.6.1/v3.6.2 have switched the
glusterfs-api.pc version incompatibly, so only 13.1+13.2 for now
- Use macro for module Conflicts�- Tidy configure options:
* Move --enable-modules to build options
* Sort libusb alphabetically
* Explicitly enable attr, bluez, fdt, lzo, tpm, vhdx, vhost-net,
vnc, xen-pci-passthrough
* Enable bzip2
* Enable libssh2 where possible and package as qemu-block-ssh
* Enable numa where a compatible numactl is available
* Enable quorum where a compatible gnutls is available
* Enable snappy where possible
* Prepare to enable glusterfs
* Explicitly enable the nop tracing backend (to be revisited)
* Explicitly disable Archipelago, as we don't have libxseg and it's
incompatibly GPL-3.0+
* Explicitly disable libiscsi, libnfs, netmap and rbd
as we don't have packages
* Drop deprecated --enable-virtio-blk-data-plane (now default)�- Fix 64-bit TCG stores on 32-bit Big Endian hosts (ppc)
0038-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3�- Update to v2.3.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.3
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
* Patches dropped (upstreamed):
0038-fw_cfg-test-Fix-test-path-to-includ.patch
0039-rcu-tests-fix-compilation-on-32-bit.patch�- make check was failing due to a bogus SMBIOS signature being
encountered within SeaBIOS. Avoid having that signature stored
randomly within the SeaBIOS image.
* seabios_avoid_smbios_signature_string.patch�- Build x86 firmware only from 13.1 on (11.4 was broken, surpassing 128 KB)
- Update to v2.3.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.3
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
* Patches dropped (upstreamed):
0038-linux-user-Fix-emulation-of-splice-.patch
0039-ide-fix-cmd_write_pio-when-nsectors.patch
0040-ide-fix-cmd_read_pio-when-nsectors-.patch
0041-ahci-Fix-sglist-offset-manipulation.patch
0042-ahci-test-improve-rw-buffer-pattern.patch
0045-linux-user-fix-broken-cpu_copy.patch
* Patches renamed:
0043-fw_cfg-test-Fix-test-path-to-includ.patch -> 0038-fw_cfg-test-Fix-test-path-to-includ.patch
0044-rcu-tests-fix-compilation-on-32-bit.patch -> 0039-rcu-tests-fix-compilation-on-32-bit.patch�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
* Patches added:
0045-linux-user-fix-broken-cpu_copy.patch�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
* Make test path for fw_cfg-test unique (including architecture)
0043-fw_cfg-test-Fix-test-path-to-includ.patch
* Fix rcu tests build on ppc (undefined reference to `__sync_fetch_and_add_8')
0044-rcu-tests-fix-compilation-on-32-bit.patch
- Fix typo in SeaBIOS size check
seabios_checkrom_typo.patch�- Update to v2.3.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.3
* Updated update_git.sh accordingly
* Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3
* seabios_128kb.patch: Added patch to squeeze SeaBIOS into 128 KB
with our gcc 4.8.3 (brogers@suse.com)
- Renamed 0030-Legacy-Patch-kvm-qemu-preXX-report-.patch to
0030-net-Warn-about-default-MAC-address.patch:
Suppress warning for accel=qtest, to sanitize make check results.
- Added patches to fix ahci-test:
0039-ide-fix-cmd_write_pio-when-nsectors.patch
0040-ide-fix-cmd_read_pio-when-nsectors-.patch
0041-ahci-Fix-sglist-offset-manipulation.patch
0042-ahci-test-improve-rw-buffer-pattern.patch�- Update company name in spec file templates
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2
* Patches added:
0038-linux-user-Fix-emulation-of-splice-.patch�- Add user kvm when installing guest-agent.
- Use macro to update udev_rules when available�- Fix packaging of e500 U-Boot
- Don't rely on wildcard with explicit excludes�- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2
* Patches added:
0037-AIO-Reduce-number-of-threads-for-32.patch�- Update to v2.2.0: See http://wiki.qemu-project.org/ChangeLog/2.2
* Updated DictZip and Tar block backends accordingly
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2
* Patches dropped:
0015-target-arm-linux-user-no-tb_flush-o.patch (tb_flush() not called)
0037-tests-Don-t-run-qom-test-twice.patch (superseded)
0039-linux-user-Cast-validity-checks-on-.patch (helper function introduced)
0040-linux-user-Convert-blkpg-to-use-a-s.patch (upstreamed)
* Patched renumbered:
0016-linux-user-Ignore-broken-loop-ioctl.patch -> 0015-linux-user-Ignore-broken-loop-ioctl.patch
0017-linux-user-lock-tcg.patch -> 0016-linux-user-lock-tcg.patch
0018-linux-user-Run-multi-threaded-code-.patch -> 0017-linux-user-Run-multi-threaded-code-.patch
0019-linux-user-lock-tb-flushing-too.patch -> 0018-linux-user-lock-tb-flushing-too.patch
0020-linux-user-Fake-proc-cpuinfo.patch -> 0019-linux-user-Fake-proc-cpuinfo.patch
0021-linux-user-implement-FS_IOC_GETFLAG.patch -> 0020-linux-user-implement-FS_IOC_GETFLAG.patch
0022-linux-user-implement-FS_IOC_SETFLAG.patch -> 0021-linux-user-implement-FS_IOC_SETFLAG.patch
0023-linux-user-XXX-disable-fiemap.patch -> 0022-linux-user-XXX-disable-fiemap.patch
0024-slirp-nooutgoing.patch -> 0023-slirp-nooutgoing.patch
0025-vnc-password-file-and-incoming-conn.patch -> 0024-vnc-password-file-and-incoming-conn.patch
0026-linux-user-add-more-blk-ioctls.patch -> 0025-linux-user-add-more-blk-ioctls.patch
0027-linux-user-use-target_ulong.patch -> 0026-linux-user-use-target_ulong.patch
0028-block-Add-support-for-DictZip-enabl.patch -> 0027-block-Add-support-for-DictZip-enabl.patch
0029-block-Add-tar-container-format.patch -> 0028-block-Add-tar-container-format.patch
0030-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0029-Legacy-Patch-kvm-qemu-preXX-dictzip.patch
0031-Legacy-Patch-kvm-qemu-preXX-report-.patch -> 0030-Legacy-Patch-kvm-qemu-preXX-report-.patch
0032-console-add-question-mark-escape-op.patch -> 0031-console-add-question-mark-escape-op.patch
0033-Make-char-muxer-more-robust-wrt-sma.patch -> 0032-Make-char-muxer-more-robust-wrt-sma.patch
0034-linux-user-lseek-explicitly-cast-no.patch -> 0033-linux-user-lseek-explicitly-cast-no.patch
0035-virtfs-proxy-helper-Provide-__u64-f.patch -> 0034-virtfs-proxy-helper-Provide-__u64-f.patch
0036-configure-Enable-PIE-for-ppc-and-pp.patch -> 0035-configure-Enable-PIE-for-ppc-and-pp.patch
0038-qtest-Increase-socket-timeout.patch -> 0036-qtest-Increase-socket-timeout.patch�h03-ch2b 1734509741������������������������������������������������������������������������������ ���
��������������������7.1.0-150500.49.27.4�7.1.0-150500.49.27.4�������������������������������������������qemu-system-i386�qemu-system-x86_64�qemu-x86�supported.txt�kvmvapic.bin�linuxboot.bin�linuxboot_dma.bin�multiboot.bin�multiboot_dma.bin�pvh.bin�/usr/bin/�/usr/share/doc/packages/�/usr/share/doc/packages/qemu-x86/�/usr/share/qemu/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:36771/SUSE_SLE-15-SP5_Update/eb9ca7bc49af1363cfdd82537287f4f8-qemu.SUSE_SLE-15-SP5_Update�drpm�xz�5�x86_64-suse-linux�������������������������������������������ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=2c8f7f2da792a01fd0a10e2dd5f56174231b02e6, for GNU/Linux 3.2.0, stripped�ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ae74bb3a15f950db9d27487b5016581402b08076, for GNU/Linux 3.2.0, stripped�directory�ASCII text���������f�����������������������������������f���f��������������������������������R��4R��LR��6R��NR��bR��2R��1R��^R��]R���R���R���R��AR��.R��JR��=R��>R��?R��`R���R��GR��FR��ER��dR���R���R��'R��QR��;R��WR���R���R�� R���R���R���R���R���R���R���R���R���R���R���R���R���R���R��
R���R��
R��,R��*R��+R��ZR��YR��[R��TR��UR��SR��9R��"R��7R��PR��_R��XR��\R��VR��RR��aR��HR��/R���R��:R��cR��-R��&R��BR���R��IR��8R���R��CR��3R��#R��(R��$R��@R��)R��eR��DR��OR���R��KR��%R��!R��5R���R��MR��0R�� R��R��?R��`R���R��GR��FR��ER��dR���R���R��'R��QR��;R��WR���R���R�� R���R���R���R���R���R���R���R���R���R���R���R���R���R���R��
R���R��
R��,R��*R��+R��ZR��YR��[R��TR��UR��SR��9R��"R��7R��PR��_R��XR��\R��VR��RR��aR��HR��/R���R��:R��cR��-R��&R��BR���R��IR��8R���R��CR��3R��#R��(R��$R��@R��)R��eR��DR��OR���R��KR��%R��!R��5R���R��MR��0R�� R���Nɞ=۸E�����ovmf�qemu-microvm�����������utf-8�e35f5c64e1db456753d28f0beda5bca5dc313886d8589f3cb11e9f93db29ddb3���������?��������7zXZ��
���!�����t/]�"��k%՝RM�
;xDg� BW 744�Fݱ�SQ�VG?��f(̟�
A@N6�6jv{POaм\pYtb]q�8wc��{��T}'�r�Ƣ`�z`B�a\ F}u){L˙o�?f�e�N%v?�o��&E
O�%K"�pk.�d |a��4ͧ�B!YF�)W���{Xe7f06���E�42YF<`���4*}7LI�~\.9H��f*%\e7[kJZTqT�dgDUvW'< p#ہ�y ?{j-_2YOH�4b^^
,\{BFUAh��^e RC(� k ;mZV/)/��;��� 0yHa.[uׂ˔`A�� r,@Qi
#h�`Uo4O��͡.YS<�O:f6�+}.>mpՖ�u?MW_�{Rb�?>�+:PY�('dW
n 8`<+m8�%J{FD1#CO�3�~:3^�8���M�(�RU�R:/>K;A�Tk�t:j\�j8`M]#1DA��_~5��]�_o\�%�\bK1/I1"Iy>�Su�s$�7@*.�uiAX�EI|mvb�WܚlChϤ9Oۉ�m1F�'J�hyȂ1
fC+$�qW�Mf}x[�?Rc_"��_Rk�
jƅi}9~"LyTl�c�x�� _Ox�]օ DwaHpzvu7Tf�7aCX8x+ !s ]4{%D��V>MC�HΏ{�bM�Mw(�P۹�@�jH��H֡�)bN{v��{\:(v#t��N7^V�jTqt�ס&J?Q01d�PE�}X�@�Uɰ̴�2
Q;�auw]kN��Y{K��O))ß87!S!�m�6%
A[�,gȡ-VXGرsF_-e9Dܑc�,Ԃ/cPݢ�6�z�$4>JE�*8�jM`XJnƷ#�˂;CDۀG�n؝h
~(8E�-T,�nv�RcBn�
{/�`D"ˤN�7�S�i��N/�Y�XR/5
S$)h3nLUx"�CZ/5J�r2R<�=)[I'j֡o[�{fHNHu��-o
�ٲW
q�*De(o-eI~�ۿ\P.
DVXß�6p_"���a�'?�x8?헎g?D
>$*$ai>]n��}�_�b"V�pGҚ=q�3E�w߯1!�\��C9^Ggb�kk.5G�U)P�B ëTc�qka$"=GȲ ]0@
iZd|zM#\Ce}�!ې~a�CI:76�SMt_2SLKXBo59
"`~&�瘛.�sv :*h0-;�]%S;+�6ϯ\�4ޥ&pX*�p
H=w5-l+z:B�%K
�?`жxЌrBJRZzj-m[V
pTzRrA]#�)ֈ!5��uN¦gꊛG�5|FYLX�5Ub����_��譹|ĉ!LN�%%VB&FnD�>�(77�
K*宖Σ\����=[`8O{�sQ�0V�EVsSӣsh϶L�S�閨ESы=CzNBjy!a�q��BL��r59*`=#d۪8���V�Ux�VM�
f*ۉu�Hu
\5��V�([eK�i?~3�҇iv"��b*w
��~3y��0I�WG�Wdm��t֤�H�e]L2S(cK6ݚdW�| [$���~y|U�KP�^i�!?T,|e�TGl:3�{�Q~#h�_ .]h8
PU?dx0:,�#�{6��5ԆЭ{��}L:@bQ�˫}wOCEWc�Zòi^,f^fU6s�hO%bĈCY�^
*- la3c K8m2,lbA!o�:av�ǯ�}�yŐ+�M7B[ Rm�ꓣmw/V�u>^1]�i8Z�N�Fx�(:�99mm1yҠ�,TO}ŋ�Ae6�jD;Ecțq Fr�mm'/;99S�
PBآ�Q@'^i�npŜVz�F�x���}8oϏ$��3p"TY.v�@۫��o1����R��&>tNȶ6]�,h
nxoң@mW,uVx
�S� sq��j�D+
'A�Ӫlu?u&�`�&$.(e�MIaab\*Du�KED]YZ`�bpIm W
>
�n�XǸ�7d�Hd@E]K~�+&3cX`Y��$al_\'*KnpabD�B&M�L�\6PWpLvʣ��.OT�Y\A�z3�˝�,mn��i�o�'e�\�ӋdhZ��I{sQڊd�bܷio�?WT/,η}��~H_�wxޡ5�mu�3SD�B10'^5,*Ij �S*�C�
�)Eo�e_rA�9 =x�1f}d�^A�U��[#es'%�5�I+n/]��V"P�+�~w2fU M1G]C>HtD�gOQ;ؤig>�4
ae�T"�=��K�-BNwY3VP\%m%*U
�3a����^9jL�Dbw)]�C�t�W Y�xX ~)�v�
��dm�OL8r_��ӝ^֢OFED�^颮��L"U3z/䝇�~�#h.@5>Qjb��fvK4�ԏ��Rῼ٥B�4N@ՂaT�r侕"ml/c�gl!j[,\ơյ05p�U99
9b�J�9�j�602&�9u��&FK+_UlBGЄ�( q$F1l|@?3a�}X1({S%\jXF_�'��E)$�bh<[�VmT�[PP�MD+M?fv=k^=�(&�ID��>u�kǜj�rk|! ǟ�rϊX��QMY��DZɣtaoz):XH{E��j>�$!UQ�Y=k2@9Y�#o΅!=hgۜ�)�{@1vVRtTP(rPʐ(�V=Nyq1q0�h!ÕG+n7"s@w2,�^i�kcwfa|틃ϊ�{;l�8�lO7�
[QZ�]~��cRݐ)EvK��zEI�|OJA���3�}L����@(�Ki���z.-q/�D+�|Hg=wt'O
Fu"(�S�+3_dm Oᨃǚ?F�d%�R�,O-Wt��axZ�z> p `?��vzK)r#:j|
^�Xn/X�f��4��@9;d8lI�� j>63�o-&80٠qS_`eIAS<#!Wz z-}{�)ǝH`y+!pzи�>93#sSrYmHפiE]}/Z�ߴ*��WD�U1�V�5�sR)��T몖�34;�j_y��@��NxP9sg��h>�,�Hc��t$79❟Kn!GnLw�lc1NFZρ�E�vP�i1�. @̝�d3�K�x'$�φ�PX�T49k�EDԎ&g(�&ww|0�[kj��$"1��b+Dk6J5KTH@ýF] �&�ko�^�^�x)TVcN� MM1o
Gv R:?�P�'�ˮ/JG<+�Kt&�Is�FK\L0ؕGVn�D�~1D�04$5~gdT7�L |,rWڕ?8K�4~I+~Y@ ň����R^q>Y`%�+jXBN�K�Pؘ�
o7i8^Q�yb��`a�KE*ıg��xd1
do��LLMU fe��bˡ�4_�SU�mؽ�2,EPwAe� p�>ܤ]z�0zgM�/Pk$ܚzmܐO��S��y|�_U�Z;t녤n���Ær�G1\i,op���_D։�ZsWA(#x4ܛ��ں>C�fqa�ftGa�P�tzfR1��<�WunI/!:�X�d)z,U:Mp�ԝgP
Z�(BI*sVn'@%�zc:�#9��!���}Xw֠FM4W�Xncex�e&mda�Ez�POZ YKp��U �pp6
w? tGm��S%:�:Mr�S�3�#��}ُ6�/f?!z ��0eFYp�,cOl"5j/:_IA_L ѳ�>���Cs5%��(a|(�}*'8%dNֺ�߽=2�|JmQ�t0&/G�T!��qdRn�F��h)�!jΕC'zۅVM:ie2�i�*>!,I[�Z�S2+@�
cR�� 7wT�+l`y{NqQ�t�h]'6t �2Y@:^2k=�p_,92=*�"!`M9.H�i:�lw
9bb`N�}�+�"ц�.�H5��=$o$�u.Ѝm º-ڈ�tz!t͊uSCI5`bf;J�xS:uc(v3G��Є.*�5- }'�|r�ֱAo
VʓBGH<��w_ʰ�T6�=��kK}$
f~nʆ];�?uqJއVf I�}KJ�:�"ND�q6xB,_ !1@��BvfH�WgLy_3�&P9Ne �_�Ac:>�-'Lԋk
́�t�9_F_^NuKF
��l9Qo�IŇ��w)An4Ik��>s8u�̘JcoSԚ~y7dDly�]�lV�aO�A�Sa�@U^�*:�3���V\��GH;z9(qځ۽w J+ʓ� R��
�T e,ev�^̄�qM-g��'�f�gݣ& eV3��#{#d��h+�}�hרit�39 >�X%�χ;=5�~g�hp�uXqR��W7VJH+�G��) "�H`}n@y&y,�Ehh3d�͝en
ðKЌ߂5M]ZUEI���U�x�*�"A"Ƨ[f$���*�~�ɱK?.
:,�-al1l�ȅ6�1I,ΪX�
� ��B7�ob^1@ô8MWͳdl&x�v@H,GlW�>-��9$ę�Qt'΄�!xF�
��2ܔ'��`�ܡ>N�u0!:݄X�W�=�,9�]^�,t?�\U�1�?k�6>��qrBl���UL�+S�d*���Tܙjss�1rN�<1a*]r\xʳw��9B�s*rca?�$JV^EͿ}�()q{~�97 ,�/*JRij�h(8��gɓQ���vb�
��Ǩ|Ꭶ�Bۋ�.z6#$!� �s/�r|cSaaG8/#Fp�A�i,Je'@u,G�rWZJ|?1g)i�*p�B{y&ɭ6�%!7�
5+I�27Y~l�9v)Ql:]�;�֑">� ^_gKط^Ā��{'+`([ge/zg�2̅H+Jt��u+#^F:]�ANc6Nj��:ZkD~c��
x;`֏Vfܬ@9) I�c@$鷲o2Y0\�$Ӯ(LoT�L12o09�&6]XKLw ��
A)?-4V]s)Wp�1˚��h}L
QԽzZ
��6�̶`�w#peRж!S�\[M}~s|Ǹ)�:j�bj8�
n�huyƮ�`n}��Z^
)*��פl�"==�dk �q@B��,�Y`ǘ[xjɲ2!Z��}�;M\gR�6�(E�rμ��D3OS\5��97�Ԇ"�Ǣ}�I܈�U��7
�8�a_7*ve�=c'ߣPϳꈶ� ��`��:1?x@qx�!)}MbΪ5�snqN5_P7W�Vv�D2(~q{¼Ef.�7k&:jhZL͟
�znE$�3p!s>�6=63Y�@_)<ۇ���0;\�#�/d~:�#fQ=_zA��Nh|��\si/&8hVr{#7f�dckUF0HzД(eRn
"3*GS*]CUhx��5��Ξas&v!7勵W�*ܡ�eW3���8||�`>w㈿,M�.>x,�bE�}IU�T�J11L-%sU�6�}E��NJUZK,d%ͨ�
MsX�.+M�o�O}9ky�% /3bw�1Z�'�VYWj�k 2tTu�X�@tC_g��@Jy`MQOw(W�*
Mxs/ps$q�psN�5X%*1x8<2,�\wSi��xhj�ൠ"$�~__80Ҳv5{O�)gp\(Z2Gz_��*KgTʓʞnD'PgA]i�;��{ks��4<*'���8iW�d/хo&[ b'J6IDU/mFDU0Xf&E�ثv
�/�JFMh(�v��6
S��EOf�Swh�eݘ��ۊN�싐�Ρ/T
�M�iP*�A]
8#j�\YdH,(�2xs*,`-t$
x:����&�W��R n'�
WM[8'�H� 5�L{)*EN�"%w#9�WrKfe�
Wm(T>/cѠ+KS�MuñظK�R̟9Q� g@O�mB?q铣HiT`~D�{�rlKd�3Brv�[0�oG��حVt�%_�*Խ5�Gk�>+9�N�oN%)D}q�=!�!mf&C�'>/0q<;z2�?J�3_�=E9"�=bsQnTUhe4�@tD%GqSV!Wu̗�ֵZ<�9W�>@�{1Aǝ/��eB��B�Y+nΘ202Ԗ_�˜�
Ie{��"1 #,�̢�B*?#'d�}bRj�=�Cc�cAz
U.5E�~w�MrUr�OUKJґ@"7O�x8rܭF��Z7l��"y&�/`2D9eڥ�҃\o�<�)NJcP9�7K&pzAM�e�Cx9R�p�_/@V�>1�yz|�e$�<�
j&}L'cY)]`��)hkU��@9lOL�+�-��ې��~l`+)�V'Pݩ×,A@\���\7_09Wʤ��e=stSx2v YbRn:z/�f*Xw(1>-i(L?�K\
i�7n�y?~ߚtA*p08���Z\QHгwnFT1y�BZx\Pz]y|0) ++u�f_1OfY[J%Kx0/���UtBM5�ք
��uNM+,=�Ǜ4z�
hfu=k3fxcK'Қ"
)8[nю?d~{Yɗl؎x/%V2(:EHGb�hE�"�r>�p�_�d:�"\'4b,VWPY�1#�G'��z��xgq� I�)>�Iq�C�&~�� U@�\:w"�({UQ?O^]h}ltA`
�4�7Moa8�C��'Yl5GM�UN`^R�˷�D(�fAB~=^շf|�uz8�
;|/%�mc�k���6,��$>M�զEgr/)�QmA�ALc�w���38L[Ǧ1�oʪ-�-$�0S �1U��GR41�_]��]�V�zݭ9Pd�*}=79;"���
#��qSAE>vQڥs)%m#{_XyhK�-2* ����t[j
6�D^QkZ�lʲ�dRv{Z�id>r 0�3��:?�䢠8h�9ȷ�x^`Mo��Tݰ3�҅1�.HeY2/+�4tH0Sgyd3Kx�w;Z'0$��mi�a3'Z߽y۷2P7w%")_�äT`@RRo_w9�=�s2�/*:U��̙bHhփ'f�"�_U|@c~j�]Y´� e0�}��x�"0�&ü]:v��4���o^�Ivni6C5|Zo
!BC4է}�;KcĒ(O9?^6)�~d X2g�,�jMC�/i9���B�-��SV�,lB<�Q�~N�m2g>��c�gx�id�z��&I9\GKJ7:En�f�8'9DѦNz\S9EwiW.zX>Z~�ԓ2sR{]�hFq
Mbɾ7N�9쒕���,Q�uk]Qe!�ݙ}=B�h �вZoJ�N�T@p�Cq�ې'OXT^~8Ѣ�{�HSbm�fOyX�=_?`G�]Kx-{+6=霕�@��.dm`Dފ��_վBְ;]@g��-=Grlh�?^![\LhCa^/Ё��..@:�fLt_>Rb1������I}@& T4FMB5�R�|cR4h}�btK�Y!gjO:[p0p^b4�D0Q'9<ߓ:èL3e��Ǖ(D,q5S0a˪1{�U.J)ξ3,ղ2$�Z6pY,o�bGό,G|dy@!g cY>x�5e�*^+2w ϋU.��u2W-S&\I��&\*
�]e�]@D�%O>[K&�<�*Wt~%PSf=`ba_>gj[x��
3¤`P/�aƭt]v�B`�r(oK̵�"Q8N-
@ !VM$�cRu�DX@��0ЖYsh~e\"�fK">9'Pc�k?w;��)eD)Š#1Y��6FC�r`ii;by)v�֧�| �4��do~U` }lu05:�|�\N�AzmJT=~6SHXK-/*аVky�s��z�5�cG�+_϶Yχy�q�~M>�zI���`13:�43%9[]!�>[�\{�[�2$ �żN:r/[�HqT7�❿""A�R�Ob3tyĒc|VK@M#W��rӃs��2"|vmMj(Es�U,�&x�sn+"��^J�JmȚi>��D�^A"�a`XQ�Eh%�?GIzHː>C8�$;*_-�}��۬=mm*K�~iH�8JΥ�/=
#�>I��2$%]+T��(��bZ/I2>=|`�>�_�94hh�_e��p,��Ê��Q$r�Lڟ�]�Ef&�;{ѕ��l��(5|p�!F�T�9iq�4R6!gT��hiQ�wi��.7�yFt@(n.h(
Tb� c֤�,9J qjW^-w[R�JZ�˦乼Y6(�S5MXG7伣pN(QȔjm>(3v]*!��";]z 6�RP#�Q1�EO�#6ӭ6,�jWR344�ڧ{P�]ݏ�a�(D[T�X�/�� t=�2mօTz0��ᠮ�gu&<<ɣ�Mx
�A!a��O�^lI�H)#gcB0_Q}%|CGS|?ߪm�a3]Pu6嶆vf:u�NCAM�'�Lߪ�1�E];հZ5 ��L����Юs��0AS_b1 L
G26UA}>�Q�vi#���k?Aaѧ2#M#3;�U~�)i>V_;Mc}є�a/)>n?^|�rJ�r,
:�oh"@���'_r{bGGj�m%gP�Z�ܓB�yۑ�H{/6��R��A�Uk~Rk�(c5lR0TSޔIJ|\됄ory�F�f#�TN=qy�c�v}p�Y:ԬJ:j{BgEO�@(�Z@6Νq�Nn�jp.׳BP�%`icMz�-H�.F=okiK�MH��=�+b۳. �˨վqD\H.
,�`[{y>)3�?n�(�[t1p�닝ګSRm�a N��>GlE6\Kg}.��C�%31�q=O5ZGɭ�Jx�u*�x9>�C�ӉqXI4��I��3Wo�x~v1xfoU��(�� �R�It����D=t4Z��wSA�7F[帙U;c<]%OO>0D:-m�lnSk"j/S 4ƶpb[0k݅G�xţ*g�xk`5�'ȵ\$�tS6x4%݉:ˠxN;CٵTCM~D z"(�E2�LFZߏVY?r-�&85W��ݬC�
xcg�Pw-s,Uk!9vwLE[vJHɰ[^Y7HqQ9e2X%�(aj��]�n�E7ea��CqKgIl�ː�^2�;< rd\�S0ЕI
=*Q�� m졨Ck&J,�b�lE0(/d
�5=O͍blEUB�T*�$b8F�~j*�eh�2|,q7aoTf�&Rc��?P{VK+c
B*H{�'�Wh�z8N�ƾ�>s6uk'z}iՉи��(M�w�rps�0h5�9s&7oo[.oȼ�?�KRZTC!pt"(Vf,h4l6E.3]�*�Ç./q$QBI�8SAn="dq4g5b('n/gե� ,D�y%㐳mibBX!f}Ó� X�3(Lva�ߚ :[�XNEe[z�~
�rw221� 6�G�m#�:֊
��a*�I
Ŝr+pg1j":y0�O)\#\S�\
�+?q��~RzH�V!y$ȁqOvG{F�B\�W��uU�ON~�%pOIMB!?;8r #�x0⨶�J,�ك�C
Z�@#PƖTX Sޖ?8_=63(:%wJR`�P�ȰpD89��BjVcu/^b"U
DSQ⺧0#-3O؇jWmo6Q���=z:U%T�qȤj%
T2�`�+!��iҲ�p]!�M�UL/~N^�0zݞ�`M�ħI�⣟�W'|_];ƕ�{G^e֗7O�Akq�Jo�#ˑ7ɵE"&~��/̽9��CJ�/�"�Lp^hbmzc�s2'��ܶT��Y�
0�C*\d�Ȭd�S'Mz#vct�rƘ�6�d�gb8�Cޓ�8}Ǥ=lҟ�IJ�4M�n;���F
��צ �a�i" oQB6m7�2r
`�iFù^j��֊ד!Tu\5`o��i�Z�p"ߴ&EbK3䬂j>s̩4GuC~&g�oZF%�2$;za��ڠsGA}ؼh7^TV4{�di;ʓ;h^;5yW^h�
<:+?XK肓
��fĈbͦƲ���F^�X!l�5s]g�d,�/(@��|"ey݃�PR[XooIAve��y|օ"#:c3a+�9�����E|jgK�fm-0`/7��vU Dw�!h�ޛt\
E�%B{JϏ%7n�/l?"x*�m��*�!ի4A7�T�ȓv�ı'8?}O�0(�A�]lUD��1G#DJѸ`᠗l
�'Ah�ԊL�ѺQܡNdN1;'U@�7N��G`0y���u
W?(p�2V�Q�od̄nO,n�O~փ�@�M\%!?�n�/��[7YVgGH<�S ,q�)�=�n6�@�NU�<}�D 湠
Uz&i�a~۰7=3?-3e�Hm4�3,.si?M{8p�czqc<$�Cws@rQ
�2�;Jrh9�jT6�\�(RK(00ҷrj3bkYR�M�~Aw]BtڡHΕ)%ܾ.�qqo{T"sR�Xz63>'Oq6ST�N,@NI�e_8"o+-u AQ0hXף��|�-oO^�A_�ppW|+}kli@�Wz�Rz}6-.5w�jY/em!\��nC�:h+`�)X=G>R4rUʉ)O�˗>k
f,]�^]yq�1w~W
H>�[w*ra�D qXcwQZ�r)i�&�C0���ق{$Q_Pj 0=K��q2A9tB)c&<�T;gBN C;��V7�MDx!8BՑtl L���1���� \�*ieG @]%�]Z��0<4Yȳuk6Ƶc
�j-Ur#lD2��GFD|Q[55 J#3Ñ�}N]��SDPkL�=�k^McqmDToV(PP.s�mgОh�Vzi*��~*U�?6�)0o�t岢�_����!]2+jpd*?j*Ih*RQ9LLq~i(^y~�&IgPwi
+0*)sX�8��̧�rY�Zf����l-.ر�� ޔ1zk� Ȗ1N�KQe\�`2վ%d�G{,���9?^`��#HKzzLUP龠�=vuOUMlF��?�_xl�sr;7@dbi�Fa�
���9_ŋ`
gfW[o=7Ǝ_֜|
�bU"O:^�X�D�5b+ޛl,�5�r<0K-T=�'<}m4$"�C<,��'v1j-]Wxc��=6^ؾՅ��4BX:I@3l K][1�T�IQ��li�Jx��tYr�UCb|5.p/}cP�乽
Bqűf+rʕ3N��NUK
[|N�ʕMF4RHѮ過x5P
*w uZG��/7�u)�E��&��Dx�' M%s7/mqE����dQ߾P>ɡ�'"�!)%�DHJעe >XO�t��:6'}/z& N_FQ]��>x皊lKF0Ld
S*m3?�6K_x_中z[Z��w?9nZMiz
ߨLF"|'n/;- 4ퟁCi&+gj"Cs�G,�|J-q�4z�z\Zɢ2(m!ǟwQv\[ːFޣi?+˓4�"켏` @Qn
{yO_lGS���sy�)
m|nsW
>���Nb*˦��M,��)V}Nj�Z`N�~LH�A;0- ?{'1UF1w�)�#W
@5%q[�MQc!�̓N%Qmr�HN�q�
�dB_kI��*]� RnȻ��o-e`�q'&{��|=`�(Q%oV�
%PWE�Q)�u;Ь�!w�Yݏ~�.�>ȓȱL�i�nVY#MWŵ��i1Ȑʺ��4Ŭtum��M>[
v˪X��NG���;���� R�;4BNml7�c%x3�]6��N�m1\m�s$�F�=e@FS0�Rj.�=VŌ_ҜB�:�FY�
�-�
64��H%?�&�Α�L�dՒ�/�F6�I�̧M�8ůn^y@auۙa/�8p2�`dp6ǐM/QUfq�yȼt���I5}E@d-^:)��C[d,
5� ܚc���qTNS�q`Dy9Z~�ƽm8X���I�<4#WHAq�;��?`d�7�Anx�QðFM~Y] yB�Z& }"�b1!c�
�F/8艪:!tj�hlU�Tn٪j&
ʼn:˺S#a�kW�v=l:�L)�xNA|P,S�)hPIGk}ZwQKNSb/'&(w|
p2j+z6��_ںHh1�]�ZU��7�:�w(�
i˖
)"C�F�3ۿ]Vې�OOiod�U�s�NGE+Ö.`�Rj/��!Vp�ѥ6:Wbad�pg����d!\Mt^귁s%Qg�Tu_L�M�S]ݕ�L�tƝ{NN,
�L\#/pbx�Y;LtՐyT�\m�ϳc4�$K�j(^K8F#��b��>."34yF{@�)dk&[' �]u]z�-zFYv�dX0 ̮4�=rTc/CO8gO�~�)*uo�=�C`8��
}�syX�> ~&=�R@�Ta@%%�-8.�E�nƾf�&AE8Į9܍�)(WsMk���MakRh0lE�8yf�8+J�G
0��
S0s^@-{L&V{->}O�[>0P�e=::p.1!}1k�q�a���QD �<CZo�b`Vq��jMQF-ĕ�uh\߀:dG.l>9]D?%Ow��hk �T�f�>Wӌ�Ը|%SZ�@
QuA
!q��߂d&�(\v qd�Ȉ�^,��f�]g[� v�pw�߭h�.CBX^rN:ehvti^TZ:�E�<�kfؐ"%�'_�/ucSRP$5}b_+�d5Q�g:H�$E0պHh(+=Å��ҊXuA\2/Bg�6ײ'A)Tj1H%5�OoRV��15 &V��{�1Y}rg>̬ �I7cP
}�*��g-5��;VkAx�g0�n� ,>(�t=RC,j/VPz��Hp?P}n�1(��-�r�U��#>Vݠc(UwW]>9L-f*�VRx=z��Pv��/�YL�vڗ͊�ܬ �&rO2B�fkw XnZ5L[{(ky08p��&�ł\�c�5VXa.�BH`�+ ҩXBG���*^*=<*Юu�`ܚ'!Ίi,six�#Y?���^6@&e�l--��/E$p61Vn$/c˩Xl/za�: zx{\�tǣX%�ggz=c{s�
�N,dQ6b�_7j?{�<50J%�̀Je^�o�W{%\vUۺQC�Ƥ5��~N՛-ƍ���Յ|kŠI(5&ޏ�Gpi-r�+�Oi~f�+j�]�"�L+ K_6sUG7^ζ}s�&��a�w鐼Ypkj4��ih0�X'}�vʛ'�'BBca�;rKMzp8k����ۤ�G�d���eW^Z:K6�EƏ�O'f у4mo��[ N*��(W;�n1W`c˞c.MCH~R xeEƾa�!s�i%!aؓN1~D9(o oym�P�l�
Ke|�;~g#Շʀ dË�8s�!wpX>XxdS�ӟz+%ӧ��M&rdO@3hG{^�l���XT��KU,�Eg|�)(�Py��]3aC��c=��iJ]��^2k��lЗF"� ӉA
��R��_8h��VN=p�]ӧ�@>ӆ�6
eڐ@|8�e�6�iJaJ��d�*�;ü_�s47v0^ 7]i{bu}L?Z{,R-V63k�gubb
�
`/zq$�{�IܹVM!dԍu�gЭ-z7q�P|[Z4�&LR$#c*�%s4�- o '|M Qu<4Кΐ[�X^�T;-�24(Hi���@�ɍanp�e2*l1GNm�b_�e|'3j E�s�qh>dž̑7^/K1xB>?�ߘ'�-nb*W=<_RiW&6)�aXJ�GIh>-(k58:y�*r�$Y����sv|00Rp^��υ9:Dbp\"Gd3+�}�v;�:��be~�9ǬɄ
`�a_/oe D+�Ɣ_?Э�f=�*a\��ZY |_9rLyZ{[��[p��_BW�q}_�
��y�̳/Ph��~)R- C�1rioOZHrVYQ"i8.>\R�fm}c�@1�\As4ՌQK6 Ǩ̚b!T�kgfx'�SJ&� �
(?��L̤xB �Du>6wPQ�,7:�ɬ믹�{!=�1�G�QxϤ5�V68NDji�hhiKk�fy�8���pLP)�G��!:�;XK� !��mGt,�7�ȆI{γO�5O��k߯o&fH�$g?lbp{Xتz�ZӑZ55
k+Ƕ)ř߀�,db?^xƇ�7�ts
Ebh$2�bњ'b�t�0uv]Z�9Ʊ,��n�Hյ5y�Tg�ԕ�kZa`�. p�fB3(K�ʂZBZ�4[bw��D(^��5;:Y�jM^*�+\,G澯c�4^�Zg#tZSE9ZN-l( �gs6=��k*፝J|KF=Պ�S o�˓3-ӎ/m�.v3ޫ3as��o�5b$zwY�H�:�M&%s3����6�enL4u�ǽ���
uOq"gi� $ޓe
��7AL~ͻ^Wba ;
:X)}ϡ�4�PI�A
=Hg(ˀ)|�qy=i��=MY<� Y�dLzf%8�TB&k;,= ��5eݥ1iʳB㉺.&R`$Ē)�mhJ�|#�v
Sh^Q0��.�P06S{G�BSj�~��L SV\\Ag{l�u͌�ATʎ" P��04SP}P
,�HJ���̃��F~
-
��T@a �i¤�o
b*/=*�SF[eZ~>�~Ի�L
d�1�n/ϛe)v+?R
G_WpG�q\ȌϣxrvV2�jq.6\�-[;��W1]݂l=:�$x�e��jɀ^y/U0O@˒k7__ �؈�o`^~�0ϫ%_;3i�uv\]Y/I9;ފ7k qVLc]�T$f`ɪlB�Zq5��[U4]q3D8{oԆUԑɓ?=�8K�B˟�ddhk�(ΰkj*,]ձ9�.} ^�)^$&y@h� ƾ53m5v��1g,Ds�N1jGYM1SX50�}VV�0,ȟOH��qm*H۹cg0�Dp,ZT(co�P:oW7�]U��n
D�ġk3zmuȃG�e+�sI뙾 t�M�s *Q��/T]
Zk4_ު/�ڔǿcu(O)-cN
9/bna
�=
�*?h=M=�DDDP>�\L�kZ�ׅ,�j
}�M6j�pd(=U�x"U@I,\E>�8~I:�!UiM�F;7e O(*�q~pIsE/T�W�7�#-aU�hAh�`G�\T~l�\
'.h$�h^5G�lM�Yo�xǖB&Hm>
�]��U(}ןu>!SP�#2Lm}2p���ZV߉ލ+Գf/Փm'4S(q\w4�r]r�k�vv�PLhH�^�WE̫D�{�t�v(u�p�9q$��rgVXƢ�m:=Hf*.B�-bXT0&_SVo�%��6UF?{�N'�&�u>$$gD%6����yvSԶHh<ߊ}q
;�TAsU����8Nkڿ�.ڨ�u.h*A���C�\� աucW#�mCmPAe%
�h{tm��C�IhR��?U^��vޜo}W��OrZќ�d��:aƶUjWrfz. L�B�N}}�ySq�:�O!q/C /pjx�A��v)�9/<īYN<<_�Li(mu澝 ��Oރ
�]��e��jOSF\s�HnZ=٫#unjnjw(ii�;94�(�j?^V#Xϝ@�&a:�0�8�C~&jV�u57͋g1,ʸo�-�z,ЍZBXg�d�c2;3;a,l�%㊢�b.a�ź�78yc�B@�7 @(Vy�!��$EA6i]�3ʌ"@D^�]w�|@�n,5ARR�;$"h�!�R��J�}ј�)%�,39/|ؾ&B�ڞ�wC�בGQ2B�Ń58߬��� j|�;r9�!U]ñH(�pc����1߾#ґ)� �l��5��Qxb 9Z�M��]W4.I$�l22.od0NW�ڿwɫ�Sʻ��gw�Ҵ�3�~R�TDXK-@eK�%RrgEp~-pB$"*&%EIr�Ol�0wivwx"h�T?-b�qі7D���/o1 F�#@hCiȀL8͓�ڡ�~y�Lt�{~3h�A��hlE'�cZ-3X+v�U*yƎ#�q(Œ4�0ɨ�"#S[{1~`q�vs��`�}Hu"&�2iM.LlTI[#\Lw�Ғl=�&Y�|c-;?)J,D@�X0�PF��ERsۢSC5�\���J@1{�YA±��Z�2FO
6�Mb[m-k=Q���!b�5�J`p/z�I6GҸ�����N�Aw:�)A~фK!bdq0��5dHl�9�#��Q��ÇPeJ9|_�o5
'7NL!恴�G�h��@SZ�9פ�TP3ӭ
R�\�vn`Zz�0h8&nSPG"_2s���˹��=oYB7ӝ$X[Ϧ=f.37}�g�ors+ቈWQXC-3aݞ�Q¬W�HPN*��&2ҏE�`]�&<پ�p#C�2?YOSN�>�,B1�Fd�+76|e4�k'�5lr=q#<�_�
u�k~#�٨�)e�Zl?Sl4M,Tp*��/l@(p1cF(%�V%}t�PeG vt�n3fب�bh
�U2t�@no�2W[�.��b�ز K &߱$=j�&rO@Ɓ70qb� 29�2o#Ԛ�zײmUKԡN5kLV�Xz,86��N|ڑBF�A${��U`gj"r͘�O2|o�ʅW3��ִGxwIAև��QM6�ڑ==nU�C;w��ޫ(@O�$�|�($Ń1D�b�O&�úAv�:�зEL}cD_ܒn*E�,�� �^c�JԳ4tj�@$�σ�?RzqxR
s�
miK�p�߇˾
��E"{֪L85:n7$P�-�\o�1ĞN})B:�iɨ�vyn�ͫ\[}. C�
�6THG-!���gT�%�;T3\� dd-K%;͝2K}��L2xf 7;tQ�pj�H�TD�#��q%|$wM�HT�{BM\�7jcў;I�~�pS��
͏:1r�(yK#%a"�k�p)%\�9�} ^џ�6&B>j�?,˯*�$,1v��s��/�Ax���d�I��$R�8ן���T㴻/jɘ^�N³Z�&^�+'�pъn�HIܯv샷TJr}-T8`p)�~l 洦Er�/FpצqB'L8(/,⒜��
18z�Y+#5��ƶU_T��HCJ�A/SXC>�ܾoM�)D^?�۸E�=;i/Q�*:s4Qg>B=) ٦�6��m2/z0j�&05ɕR(�aIC[.[*0{#{�tMm)M:�n[jв�O:~�%LyLX˱V7Dv-qV33���z���\P�Kjz�3wn�Ko���%��A3���4U�ZS��28�Л�k�ꯛk&hp8QIG웛`Y4�
Pjp$?{�ۇ8Z��r&�:G�|bQr)��xE k� GF3�8d~o�(`5W I`ď4,Kq�߬&�F�%Z,o3|^�'MQǔ%K�!H8m9g+cD֯_?,� ģx1HvZ$;��[�N*
Wg<(ۣq�lI#:وr,+yEypy8�@:#uuv)6Ŝvun܋ eT!ٯ$/R(kn֤�\ kl^ �)_�jr%"13RY]"&Biu[TCy T5W&
��Ʊ'�;D�u@F�PDX�Nؑ⩝h&�õ3\{ْ�!$:ٓ�i9n_�pO�]�SV/Q�XWŏ��~�!��Y��Rz(c'G)Xp�a]F��2(-TJCplg%�`;��5y)nPE3�1�
#sl)'oy�6M��O�8ĎpUh�]=v�\٧���[6/ъJ�ȣ%C+S&++�~�?�,`�ԞȬ4hE_���uW̿�@h7\p�؉wS胎6��t[q50's&���;`��a\1OUQ"vY�x?"F}�Xu_=�$'Etv�(n,%͟�]K\Ý阀*�G{hR�[?S�#*�f�o�Oq>p� IU�T�-?(rg��P��IKT*{|_%<���
@h.;%U{�.4$�4(c�[#2r�%+I݊
];�{)Qxh�@i@ЈT0�(po{/�Fq�д{`ꡧ�ߪT@8^�'=-kګm�C�#Ax5H1U9�6-dP?mݵ�:��s1dJ�t�@j
S�:##Q�!`�Pnx6x1#8\»�Y'}��3Nv\�5"&4��$tI���}o=2gJUN%�`FHl2wC�Eư�ߧC!sompϩf[�@Q���~dJ?sx�X^?iͶ
e��;���LBbSV<@E�Fq{�dy�mW?r)'q��-:�<>Z�#�]<8Im�{'(ޕcM[Nqk6JR}s ��]�SE�V\yWLw*�K
�JZc5-迦Tj
�ӡ$=}[)ݼa_
�wV�r@;!jO'G-F灏"Ⴛ'I7;=Re,%)�jD"I�C�ۭId"��Pfj;if0
T;('y�N&#o7U(��2�kGՆ*W3?$ƏDpEH�y�I>~[w�Fa3dՖ\2l!f<
�y"�>Y3Ժ1ҽA CY*e0h�!pšD�Qk*oH>�0T�`z%K�Lj3-�@D�إ��%Nڣр4qݻoR(
�3ؤ�\��HwQV �v3��nCӋbFjH�zɻn��O_om!;j�8&t;T:��q%TSЁTD>�ǕUj]�7h`�}�Tʖ��5$�(KK6;�W|�t4霜[!�.wE(wx��ޮPY|jǨr(|
|o�O7n C~|��>�DٕU��k�&U
��N/De�8L��p0�gf:6mX]k=�Uv�� u`�Ij� �^Eȓ,W �Ϡ-�LvgrYӯ!��Q� �#0�2bߴ ç3y8�Trb�9rfG^�v�>(;w�O�ڴI](�XUR;xu^sv�'OkU#�f0yyInoЭ�Z%�e]gti�l4$D�(ƪ�.$�O�B��X♒F7.a�j�P-HCd*_phK|�&kp
�D[�/�Qtl�ÆJP#|ULBJ{�"o,�3v�ŌhY�*�Ce8Ve&tF= M�eJkU}1[Za@�l]9#WN}2@`T{D�-|˛�fӃ3u�
t�kΑ*
Ć8oa\GӱITNn,Cd�b*l�aM{
D%̝�
hG�( ݫػ"�5q�1 c?(�(G�SF'ńyo�MQf� j�6I"�::\{����f0�%}�[:c_Y7"�1J$.��gEGTy�k!m�^ ɛ8�m�
7,U���9Ss�~K�<>lMyF�#CcQ@ƮÐ�3?
7Fl~mviat��@G���m >-��!Pt�$h6-z2=�'�fY�D�gaj�߯��B˭�j�RQLΓrOA��@Q5Ѓw�)η�t3�V`@iH? 3qhwSF�.Ӹq\Ͻ<
O]s�X�=XJpwX?ݩB���K�LԻ��;��?{0:t2ookËN0(�V2%(PWx�upFo�V�W;+#qL
چ���_$6?ҳ�E��Ш@��jS(K��(T
D�5E
�)Q[J~i9OE2�Mo�Kp pll<�pm&�'m>��w4?#]4Ͱ:R��E|�Tl/��[�,|c5�
x.⽦��$g_�\ҮZN4C^[� g�o?k����w`zIeg�l�7�³`Y�`e8�v+�G�'C?�:8Z��ۣ7�-cS1DXO�$�<6�}Gv v?ALrM7@b�
�<��k-rV!��@7#"S�>�P`�D<�2yy��]v_Cz"�v^G3!e�Ͻfg���VRr~.bВt8̥sWR�yЩMx~1�/.䊱�C}Q+�چ� ��k(�B&_(krMztc�x�ezĄlPV_
ŸC�(yhtOufpd!4�
at\X�N )�wm�%ޕKm�\,Fm-v#�?Az�
Bm.Smɂ�O涶#�$l�cA x�e�M��yWH�4�@֮!8[+#�OO�-�϶pZj�݉[IaiC{UZ���I�Tw1r:̮¼>l_y-�&i�
0!osk7�QvO{A
q�
J�*��W)8I+0[{�}GN}G�NO#$l'܂Iԡ�Ő�-?gw�X��.�
$�.�$x"�le �O.8~�#y���%�Qx1Ǝ��OOl̝D��m)nr*!l:PG�fo8h�e&IL*D]�71e¢r,
:N1W"ٞ'Cp@&z�Kzx*EJ-=F�ubϪأ+�y+2mGiH�r:#_9cYB2hSn,C|Qj2JX8O_nx�HE�
-�7�*MM�D�i�)17��:���YaRS(m/lۨk<�1�`nN{~[bn׳Q���ؗD9Gos*>\��?�I�}`�yc>f���_>/'P^�C��dK�{�N[ř��9�9t�z�£[A�_6ª��MXD�_�v=!��f^fcZc�])ug�-o5 ]�p
rSp\�-�S)�Ω5Lt�E��Xk8)y"4��,B#KҎi�cc:"Ko2�qtGT"�etJ+-' ݤ^a
�o|<�ƳLMT1~'
�j�Rɑ̱Ŗ?v�H�Ν*;'0Ox�M�Z��O`TGݜ|C8-�y|ޔ�eh8|Ԝ6Q3��|JcA6BaB�|~@pK?oJW!�!xWb]qXek]V^u�1vLcDwUi,`6D�8z@ݣ�
\8
2GGUjdrl%�'�0 3;7�T?����ϧYM۶j�U|PHl?-x�cCw!t&t��\e��/s��f�XuJ�ȣmRh"1��۾[]wdS>Q!["�F|_~Eɲ-!�K�㸏�ZU�ZCΗN|a^!
�U��]�S�Ɖ~��"+᎗1,�?��UhΙiQ!Fp֮5Rl`�Q�2a,�}P$�)}W�)�n\`uJ�E�0�Q�o.5ZDU?!
-#��afd�HmA�H�f�$w6ϥ�~�|��|ڭwI�Gr!'�&zR�� T`.;�QEpF5&[*:�G{f¢&râfcf4@㭀 ƸxF`AnÊ"s`@��ҟ�fȡ9'6l*=t2�:pʏ*TU_�WF.�rF
��Xh4J؊Xq{7�oc PZ$C(e�ue�\z�k@!g�1aZ�s�R%6}�/�=��R.���|~V/J�\I|�>�laNuPf��O�1����)=T
\4ԾK7<�1�A*;-CDF�_m*O1Oa�^�hq^�?�iG��v7�qr�S��O�I�Y�
7�
"��;9#�j9U�7�76?bpŧq%&�B8�=�>Z19I@�y��yPӺ-0v�Gt�-pSx�0{��?M/T8��8X�;�5<)Q+� `0snKXz`Qveė8�@YH�#DA'<20l!e���~2y2UVK^v{(fv]pdX?8�a�3�
C,m+�r/awG!łޕ
Rۖs1O3%a!M\3 n(l�~J5�tS:�g�kZja^"�S ;3
P�-�j1uL)z��xfJQ̀��9~�KI�Y;�>,n��|-���A�Ky?,��#�D�Κ�@O�`% �>�YFrb݇G\ذ( ���yg�l<{6[ԥ7A-��!K~Mn�[lҹѭꍟB(NpY� /&v -
8#OL,Ns{fBjBg*_N
;�3�=��/o,|}v�n/xTbB.���Q�.EV*Xs
qsJG�G M�iQ08�.O5c.�e)��}p/ПٯhmQюT+|Ki̩ncшyJK0zك�;�T��ںMY�;y��%xO-H,�u�jF�㈜T��,����
cd_5:X�J��uwb1)!ޗ![_K$/�͇?Nbhpf(5R.\=xOP�<,H'�KE&Z���T5.>�`
U�Bp
�z�OuP?l]pH,A9�m�_�c�_I.zDD
'!uN~@I؟"Ȼa��BDo���vЃ/mKl]!J�F,J���y��~F��{<=�lk('ۛ4��^DHϹs��u"̝E��ruQYVs�cӵU?b��ףگu]OtȬrΔÓj�z'O{�BaUbzd,"s=]N$u \L7UaG5]O�).�kpFVM=T+]ѷ#�5w:L�OM�y+n6[,/�MJp?FD�(HjAU
&semE MX/h���ZF�H��X�mH�O^Y�7ʣղjzv$iHX+#~[.h KFd4KuF��vv�2� `�v� �ЫuըG7RuP/EɆJ9L�8If::1�JE�J5�cA gJ6)/(j$�[rOQ��[�)HT
,�d�!4
�,�=ox���^يt�`me�,o),�h'7L�
3
BRƅ�3vv}<�XN&�opH�F Zu�=._*5X�d07"��:%_p('ވj�s$�ã�w=�xtx�EVO`�Ku�w@:'KX��]�Ma^풨tThOSzgK{s&
؈ot��?7^6TDjf1ǀr92]�KEa]-XrٙZ�'6bz6wY���rEqچ l·��0=;=Ϥ.R1�so��RMEP�0^'R�|0šŻ[>��2j߹~�G/-g`E���:Ji�Pvj��8*�쏒*SH*z:�p1���"���_ph_7��<;)U26K7'l0|��A>RO|
���+��KE84_~�ݠ2q�M|aWƲ@;Gϓ?!`j@ ?N?.%Z�ݔTkOaڡe��s2%�Ek`�8�b^A@Q}
0�6@,�ڐ<م5Z5L�zjڟUA
(#�ˡ`P�Sգ~!)#C>T}=_u5cN�M $?%�4526<[mg݃*9h*M��Ǐ�[ʤ4�v-w?ԃ*�W�8'iCF)oT4#.
?O{BuъVHfY�N[ ���dnE�t7n0�
5ӊu�P|o�?����kݥLAb�D�И�Ft\!MZf�d"Si0N�?776f��`A�N��Q}UZn>6ڑ��
uB9|m<&UIi/j
;}i&Iwv&.,�"6�� $ғі�nm1�-�4-}�MQ}�g ��JWֻwvנܻR�[2v6|u�+YWJoBU_;*FeM~ڀ���9�:_«h^x�"P|vN6 C~`z;gwN=�S&(5��|=C�O#�7&�y؟{�j�mI�de�|cgúh�gʃO�J���P�E&�FhR��8�!��EI�RcU�K��E?Ua2<ޤe,J;g@8Ⴄե���ESwlO12�xP�0xK׃u]M�!�@
�1}�3,�d�%O/�N܆ԏ>AEDSh7x�BBы���m�cu!sB8m�̳2�[%�CA}p&KD%6=���b
�~� ��Ä2s
X"d;(م1c�9��rmid�dݍiT��5�++�E#�]S�IP.s�[~Ľ�d��,X�[/�KFUK}�d%ǚQ33y^y�K�h�kC�z_L7uwZ�i
:;{R,�r��L�A&FXd-e�z\,G[h�<^!�Q/�KD0}1t0Q;��^�L�פꁝ��sN��$Do:}�?}ȳ0�iגsx�g+� ̈́(OG�:L :_Sk=�tރx?ȹ0042J�S~J(&Wz��!fJ}䆷iΈ�_�.kpS�qER���B8~ζ�u_x7w��/8'ʏ>߳>XS��M*#~�Qo�v�rC"LH�s��g
6E38 ���bi�!./ZpwE7� ^_c&�?]E B4CΛ%/�Rx� �e�pmO
q
ȿz �ؚL-_����pI44,M��\c6�udܐ��5b�I\]Z>W%f+=���;�%`�\s.Xc�ܿd0fjq̣]��(p7fXND_JO�Lk5v�{vڢ?\o���߱�p>7$�lj)�Po'䘗g��jzEzk9aMe�aV��+Oj5"{K�2��==TdԬuθ˼5+VN82G~Q[=�s}P I�g�ažd�Z�R+v��*9X�eE2�1▻uKq3�wF)'7��ȩZd0AX]N�2�Gm]��2U�SaU.tM`A<(��8SԹ_nZmG
r0,ߵ֡G�:U�9.5q?BkKV�/Q?�,D^>L|q'fS4FOF�Y᧲6`_�I^kaItYGU:Sdl9X.� q@$[>�!p�ա�Qe�>Zƙv�*1�m�F+gh=�)�wO��jMq.�6�pj/,
I���58�`�(��q��w�i5$�&7>�:7A�Kk�(1,8@LDhkjciv4_#���|�/W
_2?fSCxo.Go+8J�_yݮ$z�ڴT4{bR�25qi
ܦ(p@؟֩60u+�.̽ͮS0`��fy�`W
g�xH_Q=4�&D �KY]Ɓ0?=0Rvbs0� � mfV��:x)S�CPVǛP�-`Y@U G����~�YVĉS�?�7j{��Cn�S�`zo# p&�WiǏ<2ARhmZU�/7�|ľ\\R{�q79� LܸM%Rw��R S5+y#R��uVeHS�H
reg`,��l5oTh$.�t;%��L`;3>JxdR�e�p"*DKPr[aI�b` rH"Gt{{��±C�ʷ-�?W>2y��::zt+zPZ{Ƃ|z0kl�ٕyWIHcizʦ\g�MS���~~ZkaM���frWjez
�T/3-�4[��(7��g�F05J�,{쟷ZrΜ`_�^A*c#EwR:�@ۛ,:$l��c2n,2H�VH�
��_�~��qӵ\H�e#r50
Lh!H!�<��:О`O`�]�d/5TnIF�-Ls�OҾK&S�EWJF��ID���9��[�dMEգ�馑. ��ΰlĤ�d�AYIDǢ2BTdÞ�x=U9BN(ZwAd/*qЋC�̱6:ȷ&MSrt?9Y[ ��\ដOqN��^^U�9D�.t!2ZpZ,X�$بKFGu�6Mdu �]��mM�OoiYU)G�'�cp��^�`:�6K! /LҎ;(e8HCto@�j��?L2L)�"rm[U�6~md�"`Q�z�أ:=|ÞC�^jd.崽�ȉGf7?�Fkh5Ҋ_ҳ�s4yUQL XI0I� qJ�{%�cqyQ4mbd�hK�pY�ۑwJuޝL8)Pk�1?TfR8�s�!{銡^UO�l d �Xǃ�7�4ݘdW[��?zNO�+�Yw 62\zK_w��u荕#
W�"�{��3R��|+FU@j7vA+��8QFKLh@uxc|�5W$#J�25R"lQ�v�n�uGC<[V�xL�DvY�faV�6�2��OqTPUJ<�{i8!�O"��b@bAE�ہH�}ֺՎ0�!9,ⁱqQکX�>5)�k�}DW�hG%�|V\*p;e�Z?CX�vQ#�~㼘6܉ad5CBcם|�qy`Mk��s��?aȂpQUn@`|Ÿ$���j"@18wͰX|�#@{Kw\9eݭ>|Rw�6-WK �G �;pmJ�[LȜ�U( ➐|�+�Hye:[��gO3XE�=z9�t)8
_]S@!CiG7I��TqcWE�
��r#%��;5:ȷ0F]*^@P�]ͯT�cu�@7Н4��X*4e)�HHMY&F�XZ�z=3Y
�Yq��S纹A�vsdP6;$4�my{ @�a~:JݜB-x{?:t
٪Y��<@MuR'1X,~F^�8�-U7�>�I+KX m�6ӘR�T%5
n0Jbnөe|<*,/>cds�
6ŇV$#�ivXj{��eR�_mei�&�Nۉ~q^3�>&�
�
�`c�]
l��?N�n.z2lŰ�0"+ʃ/5�aVb�=� �1_O5w�}}D:5�}�?�2�ҋJ
6�
�PD`%"=g\־V3-�;dƊg>d2��{^r3
��TMau�ё�+o!%�b�M' 4I~=�9]5y)4ZJnW��sdw�.n��Ǽ�P&��k�mc8 �(mgG{�3B2
O3E((��q3�u=%�LO�$-�$�7n="}UtoE�\|u͐�6URo#
}�p�01_&HOc
/ۼ�-ӤOc@g.�p\+*Zfʮ?Xgw�$ӣY`18/��FP5WpHCBw2�ha0 5Rw�CW+ {T_�I�
Zv$�X~xY{z�[|YbD3��rE]i=L�qخ.}H�1R4WeK��ԛc�uKdqZWqR;`tW�f�ji�FmX�.p�VXhإ)H�%l:r9r%fZ5 1�!,O\ʘgI^}_��l]9^�竓?�5j��6��u�}gۖRlCs�|ϱx4j)GUX�A=�a�E}ׁ�S���3�aFV/���v�0�]�!%�e�wFMiOB�>c-HHz&vpOHVhYj>�BB�vfbVګ)X:9訅b�a0�$P)Ý$�,@,eK"t�+�C(E递w^j`a3�=Md.t% nɜsT*BA�g*B�zj.�۴
]j[ƿޜ鱧����Rr �@�onT1c�bB/�~8H�+3��~wi�axΚk��TW�e'Rb�a&�#��}Ƃ�x>RY$}nu_X$ڦFENC�z�4m�!|O��e-E
*,e��]wSr5�FWvʐ3B�M4^�
&l4ۇh G'ɌmqUEccN43yk<'&I�֯PҮG[-?ho�qؿ8q�^�˘AUl^wbiB��և��`V*|+(z$��d}��}ݓwǷc~f��tE[͛+F�:-6 ��ya i^τ ��)t]s#1�fKr�kU9&Uw
�ND��tD�Fֺ*�DSj{T;իd?gB%Z,WN:S
7Y�t\�\띎IñV76RS\%e�zY���W$����B�˿JU\H�/Dtw�IioXP=}'Ś7]&n^%e᷋ $3FJ96 ՚^�J6$8ڨJc
~�о&2n�1|gWB"uvH
r>&.W.�=�I:���V`V=1�>�f0䬧ϖܰ��qxcvG�i�ǫ75:tH7$$�M�-֦1�>x�M)$BT)wZ��V 1�n|sb^z��3
K�$b�간bIF$R�rDs*p��dV50,X:>z5`)R>��eO��5�OLzL��|�D76�w$>ۜ{5v��dÅદx{z�{-�F:Z
& -?kf�-a9Ȣ'zOu�6���i ~0\5/M_�◘DԤ�ˍ�"�Wj%R�P"
ayK*�Pͬ^=�*�nP�+#jn;ǘ�mf'~65(�{4�LU5x�ߒgY�tՉ�e3Ѓm0t)Ů,)��/��^x*R�]Y�*G.Ğ;�`*XbZu9�%``P����YNGq�b,UqyXsNc��a�&�C��\\R>�n�
db��o�\54>�GR3�wOUa>Cj�L#zn��H��4�ŋ.ΕcaZ� 8sh�|�d�Z�vM,ǓE;m�ZWP9�e�c&2#%�%4HP�0g j�ؐ4S6.�Cs)*�)��#4l8*_d|� �;�XBF.zj%ՙFЦXϊq�.E#S �� �a�p �h�diX�$G�?���`o=gavS)纖ld'g)���G��1�Sy%?��F.%���s�ҿ L}ب��7'�
�3F63jy,[�I(BqCy�; h�?ϒMF˅S�}ww3Q(�?�
*u�0q�U�6�AKYX+s;e}cW�*쉲
f�mHz�r 5_�V?wcU+�̇����ԗ�Wݏ��a*!m}��&m+dIK"7Gu�f{�$6mhNty[-�^="wo7dϪ/f�gQafW��2P�xo{�T/|��=
_ye+%|o�,x<ƣ��
/9qk>XU-N�a.~�)}3LfԻ/=�+rFZV
'�JS�X�5 6[�,.lh��pj kіvZ`tFГ3d%�}UL
.4~Or�-9r�Qo�OE�ŀdÊ�1%V�K��N���fu!�e˅Z&�.EA3#k#.O Di�XHX Hz]|Q6\ f'avh iJh4�o@AG[Ȝp5,\dW``%Z!�u��9��%}VF(!C<$iKo�����fO8iCrh�^J@Tbip>���yFGF
x*ٴư̽:g�?n+YXj@[rR0q?zs|2MK5%����`m9-�Nr}t7 �d�B�q�Z�nd=X�*{;�^͑6[;տM'I�@�6?ٰ:$4@x`�FN�z�w%E
67ի�*o
��5�jl=�^T7�л�D���6ߡmu?-8[D-5>��_
Se#Xm��_�wA4�
V[_4+1�z��XL=�P�Ҿ�>ّ%��?& AXW=V;A;�,�&nΑ8SJSM�|O���|?ݬfWWC_�?6b$3ԙtRr?j5�`a5]d:�i��9/�=rGG
+��A<�1_rP��P�yg!+Nt*5�OWx3HR3"wpo^tg�g
�c`�f9'b!OqZ!J|0^at(�UR8c;�Qۅ�Aʄ1G|ٸ��1鱻{GFݳB���F�(|Zh�M�K%:ߤ#Æ�}3�p7N\�Kg>Y�f� L�r/7ֽ�cL�5�=�NL��N.y�;?�-P;�Cf�VL� u$癣$#1nG9%ShͲ0o ub�4G
2�Q��Ax&�X��s*̛�٭p-s��}Ϻ?�텝Fv&B��[s;;TY�K.�eOs� &�eU �)2BI�BH�r9d�`�rtWҚfk�}1Wo\9h&78Nb�*'?JK$��*�:�C�ڏ7pq�z�S��&,P�k��f�D�u}~&po�}�l2/1fL{gF�A@ʮ�.x�%ܝfLiV)W@0��_4�M,0�tB
֒G*�ݙ�9�x5%X
S�Vkl?C=�~���h1AN�+��㉃wpӪ.�&�S�ʞ�` "yx=��N$�eEIYC�lB�\��7:+*e-e�LX#�nLL�MNG@Bsj�6g�qv��i~ccd�;Ԫ:?ἭG�7t �ݝ��V�&EEK_O?N��QKt�*p:x�K4
��xy:C�:5�Q FWSQ�f~ ԁ�͖YGQ&W"K�^h
o�* ci~ύ�])'ˮ4y#PX��znLLt�(p/M#�:�yH)_� \�?lY;M��énD'v2i�۲f0�$=He$ݘG�gMNߋ%jKy�̛��;�\�ʾΚ�$Z*:vۺl|JTy@z":St9��O
J,(` ́m&�
#Lj�)�Trx)bH%R�Z��ox-֏���F�0]J<|!{YˑM��έ|Ϻa&63ҷXʜ�8lJ�Pn�WXR@�nCp@o_���RV�5;y��fV2�6�aժ�&'ӌ�Ɵ\0+ =�,�͏a^ߛ.K�DY!y�$�L�t�0Y0F��~I#BNj�Ak�OcG17gnM�6S�DUlK']�)"2I9۪M-�Q�
y!At~H O�횊GT)s�mP݃�����%>�#aN^eLoeLTIYfG?Y�NjhUyjBθ`b'A���el\9R�t53�иGLēƒ'4R͎DnAj%;}m�{ LϥR Ȏ�ҖK:mj]r6I��2^b+OSQ Ӫ�fӾ8C�)3?~�Y<2e�v/Rf?=ŨSڀ_'%P|�(�5#1y:i'̦ yC44 ��lDv{Ƌ!�圞��69Ds^]$鏡fD?u~Z,}=*'a�z0MKklKyVff+jvxo-Pz5`���ѱA�
HyߤPbsy�iFd�D���(t fd@��<�fc�R�3Ν��M�eS=}Zwa�OCl2751>IG��$HM
G�M�ď5 {Nl�|�cGA]�=%)F36>��F��O~TOj,�:C%8B
e[ڽr�Z7R4||�J88PH>�{s{�ەZnK"g*j{�$�
�l�x+k!>@/
UtQ�t�1ŗٟ���|�Geӫ�nx-�wM+�G`ٷoJވ�;%9`J*#%dШW�]vw,_�h�j@b?`ϸu8*Au�kg7c7�O \8,UXY3ޘf책�F7�faޘ�ӪvK�҉Bedž|{0zXwԂ9z/0"�c�sp(�$Ȃr�%{p˫#w0d7FF5A�犊\Z��(��˲#GO&\LO�2 �x\�'�vsh_l�9!m�Ȁ5�ޮk�W/Hz:c��\#�c �4�0n�3�!�t}}ȍس@�0��n|75
(Z^`AzE%bVF�83�GHͳ{^y<[ժ�
'OQ,�,�J(վ�'3*/7;�gn
EzDJ5̱3~9i6�%xW9�A~)��Hd�qg�r�]i5|rϮ` 1��6&�",/�Ps8Zi�R�kRX3̀q뼴�4N^�c9ZҒ'P
ېK%Ør=y|=�=�N��"JA�".0seDYb���Bzj5y3~FaC�*{/XPG*��\9$l�PI�ā4 �#M)lNe%�rQ2�3 IU6װt%8�"| �-Ŕu
Rnh]##d��ޱp��9s%
)<�
-+�
"cb,6�(g>1MVor-g8s{0яcpʸ'p|/΄
��4�*}7]49��
U�lDq �ݕ�Hr9M)~S�R�>]kغ�aPPDß�'3Qr�Z�v>(?o�̔��<3G멣^ r~7&=sX)X�jT+LL��E>x�\ML9�Je��UEO�0aT2�o0XDZ��DpP*{i7q̷b΄ԕCp%�u�Hr��̅t�^'X]EK���~�s1dČ�tח�_WO
�9{��x�*[W}逽%q�wpgA7�/X
q$bQyI�@�H^B A+�Z?kL|_]�
v8�N$)x��JɧsV`ʮǾq�$<`O�)� \Mj1C>$3�8(aeA1ʈʏ\�$��:7ȩͅ%;+]5&Y���_qj(��k%�+I�Z�w|-B
y S���ڽW Z�!�sLHҞeo|W՞bwk4u"0J0'ݴU�ytUu0oK)�H?�CL涘CPږ�O⫻
�34eU�UH!F��a�Q4�Z3RRрɤ$�|ŭ��`S_?<�mk��NDyEFp߄�0n�)1m�|xԳ`Iy'/miU78/��ޣ�T�C.[w�]�Ȳ�) ,�!!;U�'A$zۢ��T�$d�R0\-f���m2�;�c�!'qN+j:wl�(ݝn]�.q"+�IᢼIkݱ.mr.ܹ5yX;mqt�M睏%s.w&.2;]�ˢ�
$��B��H!ŭ(X�$pܨ1.F*,a�5zInjz:�QE�0er�H1\d�Ad(8&I�XdbI���HFI$a20r'�
w$8��;wutwq1;@�sgrJ�;\5'N8ӊuȱR1�B)5�$��_OS]#Nws|qZ�ɊSDD
�U@�ٮW��j-O 2z�,*[8K�%�e`E9H5��؝zm͵hh�П�V�bǫ:gצ]-�>:l�䷧'tHgf29v*�0�*UƁLuOfLM|�\x |i;ª�їndzAS4T�Q"�rPT\LהVjm��ϰɚ(_g1mk�/X2&Fr`kXJi�Sգǐt�8WCpGCT&촧<ƓK�1:TU,Tpm%&"GݽW}�v{W5Q4�ڊ6f�J�2#�)3��Z_Hɮ�<+?%{=֝+�0YY�4�`qat�
d�)L3!L�ɘ6WD4p�D(~9>ݟs"G�-)�(f�,^wS�2�{:̬YihR*�B�6�wW�rɰF"-�QOk+v�H* B�>UaӪ*�]pYLZ
λDY2&LakV�.zyָwbJ)�i HT�25\}bz]*�,�-kD �"&�6x � s� WѠ!�^�w�$FC�'yH�wFLr��*g3͖I~[By�Y,{cbә�Ƃu��堺ڴYYjUn�3�`%ˠTl�RCΧGv��Qm�Ed4¹vu,datz�tšc+�F�X�jM�lĞ5Kb�AִY_B��6:Pרrz��B4,}@C+me$PC#*47t}Lg$@RP@��Hq� fbC>���� S)2$Yo.�.@x<�z45�"Ex1�wG�HBH�*��Tѱ]c@TaJ�g�KߟoI:C�NY3!1�y&;T
�Me!|Z�U4YX3d��@SO2_!!�*B9ī$�iT�i{.Bf�ʿ�ZTv��?ljF"
ځU�J,�
�/8#?)AO̴8j4G>Sr'v|GZ;�a�B�3,**L���L'��/HXt�_QV��-�[(�d6_giL �bX81�s֞P�EIƜ4�bbe9EU1ߝ^Y?U�A�w5yZz�O6SWa�7�Oӵ)I=T]ʧ�థh=s.f}b-aƸw�aL�ɪ^e~�x�B\_̹h
oU"aP�0f{trTR'��T<4E"&1��
�tFZف or�S��;nKmT&vPc0� �)g:VZ`Nk;Gh��
,�){I2;*-WB9]Dٱg¨eg!�q䳭]5;3� ʷz}�$HM6b�*RDj}$羹7AVKmX߿SWPQ0mHiLR'ϦE(iʑKS`j;U�s��)!}u4q*yvo>Ncɪ\weAUU!p{_Qcs�zxn!T}4�7R�hZ�U7��eC61��jhٙ;W/y|}+Gu"[o�//q�i1/o}f6*|}�V�-lJ,ft<8�Ֆw��O/]�ꍊ2{^q4hs�P~I1`.�>]xx"Lo:e���Q}~3Z|=�57\垳cFFcM�tߪweevwVg
9ł
Н_���z|.%�+lˈ6X/Isuz��'۬sQ5NJ:C|ά<ݢmvU~�z}�ٹ�5^J�,bw�d7nvtR-3YWDZp(�2����OCe|-U;֣]ǽx�|2
w$2+��/U*��EC�7kWsu:A�S}/SA�PseZلx?{(�?u7*{Y�ͦ��϶A;
=7v�S�ŠTy7B�~U5
oM'^�OMd{˞� @!9^%Zuv5t̔{e{[knj#�[*]��d/SE9}�m_4�ݻܦ�8�7�7k67-j:x?됇
=
Wh15ڼʁ�>~ھSᷰ+�?FyěE>)RG��s�~';Dz��)Ied�,/1{F�9|�v:Ʊ�w��'�I���
�n̚{K�X㢌ѤѷP:_~jd;h6�a~|��qI�'Fk˲`lu :gK쒖�Yd}�Y^�??o���;
]�*DJ=�/"'�_f>Ofmo_Y?r�-
,sgc4���7F��=~Na+߭C�s �XS͟1vWstOak>kڸn4��&?X�%S|�Woj�Z~ _=eks>;>m>2g�#m/�65]���c��'MNES4a.jv�mE(t6ˬtΫLz}tnr>k�W�ma5��~)2 C�3.y*�+<@3BL$S1BC�c�z>2d�%R @JeFki�Ni�n7jx6mUY�6ScAfat]1¨͝;KLG�#NNn"Z+^!h�YAE�-�8>e*�V�
T�0RY1eˣ6��Sɟ?�\_Y0H�&5T&Lh�pk��.N��sD',cYOگI<�,͂\&} mvN_OxS$mWRkwm���4CA0Fycn~�߉�zIFyEJ�adH_ioҔ v\�Sф5ƫʂ��pldN��CWXe�SqqU^Dӿҿ='k@2*>wȯf(XIK;� wx5�D6�r,�Ӡ|XDo9*-q@Sk<&Hb��&�ߒp
bcT4
'7ָGϛU;Cʏ`]z'�-.�K9oNVԁ;=,/\_�e7^ޓ:o_Em{<Ҥ}Wo<멘Ba,GOWVq�H�\b�\_ou=ͮ(y(}o2ף$��֢;2x4pc(LF�ӈ�o
"R$Q�*'+KZT
x��!QgiឝtI{֕OI+[`vk~z
ޔH�
agwyR`{dЧQW%��ak&rXT5ݺӜ�a�)����^QW�f�����NP�ܡgz@�;GY�jCrQk}wJ9 �qmJ=P;Q־;~
Nۼ�9��/s'ǁz��Z�q�;n4s` vKa,t�knI1��O҃zZ?�����WGV9%PLF) Vn���+Q%�[A{ 3�wYZy
US�Y2\-Xƾ���X"U{"��~t0yS�'P�`{AHO)�p+{1Kv}�W���s9N)_w7q��lƋV�K9^jC1�M�}./WրG">�_ M%�d9MT}p7&*�
����&�E�~;�˱���髂!4d@9?e�`=vz{E*�x�Z�n�'77ip8oo�)
|v�9�IV?"\H4S"#�
�{9�;�8��H@U8fv9Tށ��ރΏSs�;_UQ:7{KǏ+#�<]`,!�ׄSF.E@a��Nb�%g@���A�Q{�D g��ij�ѲGh�372ŗ7$�Rq͞y̨ ^yJ͡�EȄh�n4j��zo'
I}f:uHy,�ygR5z�xӷCY+Xf_6{OYRo$Q SÝ0�B�Pb/Z1*_o{.`y1@Z65`ᐼoOFvZW�˽n�
ܩ~t�!т{]!y҃Z=+{(���g,䛄.3x'\LI�ygY{g�i5<ōh4
˜+d:�%�4fWл�fT9oeRDƴ^27)�CF
Ohdjy.FiT`tD
@9e*;>%i�.42�0r(ƙK���?�r��W�2o:�&�2nfK=[>V�:��.{agj��Qa�|)!H(�ƐL�(9{�#`r`i�)�F3 染cW/Η{�w7u(݉wK4.ŝv0�}4��55z�=,
̽zgF2umc���ah6*I��H`݇Bɝ?o4Tt;*3Rm&$Ln�ªKVKH`�F(3�7'�KW:zVx�)$80B,��Ͻxr nsVh1�q=�ag+:MSbK�@7DŽ�{#N�`,�i]�w-[jɩRݣ;4sVncH��z:ɰuv�L�ꢝi=~.��Y,��JSuQ��E��H,�#b3٢1:;�aْQLhR
.>��8;2�I�I�bsJljbW@
b3p&
�w3q�M��N5�<�3l"�R&S��2AN��M`͠ϣCOtshPb�
Ԧ\�0qrya�Bc',y44vN>� �ulp4\<]�6Ćnr�jCNy�z
�\\]tI˹I\G07擮sM��C)ojҬ;Jo�1LƑ}_�[P%߮іD�7�Sp@@kR%�c8S��IqS[��sҺQ�ٹUZCbsփ@GI8tc)<.%(*� .KܗKh0|�W"?`}ݲ�yz�j B)
yB�pS�ԞiG8МU-a�c�)%Y<4xȤt�ṡBg(j�8EzeG���OMSD�$�k��f_�Qǂm K�$ҳ#Q�p6�\E̚�o?[[O㙏�wS~h�
ڼ$Iͪqfb� }�D6R�$WM�
uA,�-�_
"ҷ [�t�7'�AbN>���R#[]d
��Ţ8�y��@:!2D%@UX:$쎄{,�sNeMv6 oPHiF���˛jSۡWOhe3pW# ��Cᠧ]8zŠ0�,,@YRy
Q=@9}Ss~Tpdz-�5O93dfU�rOx-�hqh�x#!�|O�:�"e�sܗ·<
�AGe-#y,4cp�a�S�B�'}]�CuO.LP.'}okP}�ӥ,uE�Q�$,�cDDLE@VGuH6o#��Yz(iߴ�Sn=*/ڬ�*3(Ծ�۳w&�D"dD\i-MB�YA4�
�HnL
-�B��7x=ޟ)R�Vޝ�� �Ej- �{R�=&�n/tj8o��62I 4$�Xc0Eg_�v-yPs2.d5:Ʀ'�'d>k,]Zǔ#'Q�CU9�V8M�4K^[}@M%��PV]��L4(^Ub�W>�o&vh�F")p68�\$�ڽ|\j
-ۼ|�N��mNo o�>��`)�'�;fɁmyH�V
wP��-ϝzõ<~��O^{$9e$eDڿ<�qdu�/�p���-� `��!!t�_�6�s'sQ[kV;���]�yy;]<�aҟ0qΠ췂Yd�b#�u؎�e9�Z~d]qbatT� "O��Ɉ_�' /FL�2a)�CR Zvi�!��$wLa�@L]��@'cb'g*l�!�D
M��zz��~�켗l�#/:�*�}�`ȭ�⮨(J
b_�=�a;'`hwUġsiL=vCRRl�X?t';
�Si �Y hj�K4�_SG'^Q.I)
:�6!ՄhxD�]�8@t
���}5Aa`7� ~I:횗oK f>P�^Oz#�]�8uTWcb{PpB!glI9?ũ!iI�_w}4?�ӆ;sM78�"!GViIt!3̊�Z$L2*y-V~��:SU������}ō_fK�uqڳ^�FX .*�u�5
�ʳL�{Oy�;
�ih�JJw�Ru6?º5e-.ԥD�p.s6Xvh�qҥɡxqR6B��.�>~Pe�U!�[2殴tk�b!aRG�dJE0'�AL�nC�ruz�JggE_u-
61
ٿtX=�1N;[~�k��(�W�Y�>yNbal�S�#
]��֚j␄�/]־Qc
|Cͦxnl���n�#&)"圱8D
�W4;�A�S�\'}\OצRk�A{fL��bĦ��Bp@"w(��$&kYUڳ
�Un%rd*]n;+<*��d��5��H��!#-w
~r���o7p9a�`Cx��t+D3(X;I�psr�ěƆ'5&mzZ�U}2И�
p8�H�)hho#bκ�$�{DDhG18X�?Ojte6i�rUIō3j_��
.=d��u^ԍ|'3n�er�}ƶ�4-SJq~wGZKqᔵ]"�#I+s"p[9֫]@hY<�0Cw��ZtmSߗ &�k^u瑏Q,�g?wK�|$`xے]mf �ӷ>Ué�2;A����t�EzM>Yzy�B�v#
RJ�N�X"dq0@d|uE4PvP$)P�ν$M��ib�O뱆&@�]�q8ܟIL/�2FCSj
���Р� K+3,k{Z*CLp.��hĞ9Dz-+lyQ��ITn9� &F6aCe�4nC��L
/utD
Ix?vI,�ŗH�z�[YmD4Ӓ()MC�y�Wm{ռuyBoc{�Qu��^R!��٦SD�+٢%8ˣۑXP�u"[o�����Z@+f~�"�#u�mrJ&��?@P ͩtH��
�QΫ&Ν+H'n<7QO_\�է8aU&ʋq\�^F�{N}C�BBFԕb��SF�"̷h�Y]-^V��L�/f4�Tc^>ڑ̺
tMI&�qLڶZmFzп�iTNl�n$jYcp�"/F<.D�>�GwxR%Y/!Fa(ia�K�fjYfr��5�E>�3K�+ZIumth[.�5g�/�npGI�MǾޚZtx/o�V�ك6$
�T 3�A'ۀ�mdG`_�n!�,2F�kuܼ6*B@�OB/h4n�ݞ6�xblg֔y+g#w�mc:zXZ]�Ր˧(c> 8BQ�c!mĆ'�YLŌPl[����_����aіqu��g Yt�5Y�vk\jc夃WƆbYg��X*ǣ1cgCHA!�
i�ӣ]��:�܇'~:&=49&)d&Ru �:{5e3�{fc@ij�6���҂��s~#{I蜍U�& �TyQZmA%,��c
jI1o1�wXV�ףzMr{4_�6ɺw��n�h 7td�u�0]�Mi�Eh���8NȆX^��vj�'kʏG�9o;G]͚\0_Ke6D�u/��^ $6Ƨ�ị ��2^P
W1K9>�Cq�ۇk*ne[>^$p[¾ܢFOEr5C/��~c)m^=�<�wu3G�Ȓn6B3�˶$fG4Ӊ"#n(إ!L(gU9H%%Zy'��+I� ��ۛR)�D�tYޖ/L*5�~r�!�F�Fu-RfV*q(p�]]]Lgf=S/C7s:�NXO{oݤ|�ϪNk)4.�*R�~;�N�� �P�u6e4��#0TE%�
�ה��1+.Nè-X+)�h� P8��B>�MdG8Sb8^oC逥��g-e�rj5+�.Ovx��Lp,L)ЊR~g�Q20f!��CpJ�ߪ�LԤ&=iKsԍD�
L�lg���,�s�.DUogBv�R�=�JZ@c��YƖ<^}!*.�;L>W��zCV�-)
搹]:>Q!j8J�d�Q
)�T�7OQ
3u_Y��thW y�Sakc��BgydۥU0oa�&"ښ@�+s/1%5�ș,Wc8ޱ#r21\1qQrU%Ũ+{y|ͣ6�A$�G�v\=��j�?k54^!�hmGij(giy7pY��m�%b@H<94cNm멝j 88%iN2[H�)��L�҇�4?NN�+}�A����p&12bkV�5W ݉@.�*@̑"!9z6~[��(>���@JՂO컂ߕ �9
\g:|!�EY�'Xgѳ� C�n�v6-.K��4;fA`"�"f(�Uiåg3)"
��+�Bh<�_5R�9�a4��H�!6BVc,�Z�]zf�[i>*|�TTBttV&[М%�Y|J{&W���-Fl���\@1˜rf�(#լvrpyѕjOz�Kp5?m���h0j�2 �B"O�>�
��V@�S.#.eiE?ѵN}�s͜D��)pr��$�"|n1Pf�l!�OHA�HBbvLx_6>!HL �"34ևn.�($*��nO6+XݏOV"|2)�qxH�!�Ӑ��,�Lf;?J
c0�v�~O+X ���w'6)):p�jFz�3@D.B<��P09���VǚD7$uM1c5%=&}A&Vx{��ea%�`��
<� �vdFRR�k���a�s=sk1�2:Gx4oqg`FTc30Ì3�1qNA8�4bh�R3���M1`�@{}�*3]$�^:pnt,KFC+�< 2H09���u[lY�#/p̑�{ΊN)xŻEWWє�=Y�°A,LM2A:s't@ʈܻ)R)zk� �\�{��i.v'83DC�*x"bCW/U��N@����38���f5f|�
JD�!DC,l��(TMBh�Ī!�,�^~T5j
Ł> H�����7tF^|� �@4Ƃ1ɺQS �BK U'�a�Nn��a`6'BICT ݁Ys ��5
�tX��kks6exD}r9[|2Nb�qK;����_ۚ�5reiy �"un>W{D����CLN^o
ڢ�(-ag�eX�`!
HQeI IyЛ#�Ŗ'T����=Io.g@诎@�No3<:��ƎcQS`Ld��CCؚaڼ:P
1Ԁ��zAUY&lg��- ;��I�o�L8J/W�=!FB�9\>wR>*��9D�,yf?jyޚ�Sq�(�x���VSOT,�p&<0ŀ$�b��&�3&xtk]�SD�"�BLG.@) �phN�m�z`'2ýB@6:B`�ٴ��q�Hѡ�4 �)ƻ9�g�����+�(\*E4CB�'F
�1I��&HS>q8C�:v7"�
7p뚪N~έ�Q|Tf|GQUPE
�N
�� S�xҍ(=�i�Ĝ%z]_
o@6mJ@Q�b�z�}16nK��Ba^?��QN4�gzh{J�(,,?�+麒�LH(
��G��{�UcE;1|Pի!2���@!d qZC��ue�۔6f.Ą�`\�Q|�&�Wyk=B40G2� �A~3L45GLJ��9P
$*2%R(�"��,C�iV�ooQH-
�[B�,',4� �vi0�\��rQr !B�?à�()0�##6s�4;-9�pfzs6Z/pea.LT5b@5FD } <̋)F|d�(~z-��ъvu�7$��j�L(/����zYfb�,�4Ѷ?�ɮ!� D�jd!'�>.:2یV�-AOwP@A��@/7(9GPH
��-J
�>^I�X3�*^Yu&r/�({]=9FJ�=O`�$�7O(j0 ��<%�Cɨ[�i�i?�ƫ`Yf���i��U&{l�eTea�a�|���LM-7EF} ^RXD�͂nΛD�H&[(!�R
�w<)�d�#MZ?���S�v@^JIBCW?�6ٳ�ӵ9JZjwvBhL b��Y2S.4xn�:6ä�H,AvcOZYɎCC�~Y{/�a#B8�g��h�N!7\LG]~I4�(�=qS�m��5Bb��*gP+<:892k֟wܒe5�玣$��)L
l�&*V5㔉�ݐ�Wk4f#R$�TȜ�>.=�w&/��$�?dM�c u[y�.3t�ZdYߟ�nQ;��>�p �
w��DJIzDžr!H!#�)tn#Lp�k�{K�)d�SN�>�[^x�6rB���#-D�E>�1W%ICYHYp_�&7ty=inomzxM~� ,Ƞ,WE H�mno?�<<=7�� m5GZܵ5DQ�éYuu3���
5lrxQkGNg"5k.���uǚf9�k &�Y@@a�g^!gy�F�c4(_nɏvבAƫ
fbȳa28#��Kԡ?'�'ٸߋTdHvUQ�1zdNz�NjU?+UQ"yҪ0�q1
c TӚW�%7 ,NSO`��*=5g@�2:'f�{ⓣ�q'Fvc�D8ȧ6?gg"M�?};�E5E=��,)�r~��Tr3CA�҄��X�3OB_j8Z<��MG�~�.r$�I�0�8�2*Xׅ�o {Ok�PC��B]4s��LoM:vE%b3P���,E(�#/#@�MO�APSާ��h6u[}ɓ-q*գh�gd041UXuB�8BPPPxv-w�=:2,Qw�h?�5i"˴:H,Sp/>l �PR':.w|AIecܴ+\[s7dbC�!�� 6�� "͖6UOl
�m�Zo"K;};_MRxk2ʪ��̸X�Ȩ�Iaۓ�}b1��߃ʘTUf{Q!7>;Ə�YM̈<�J
Zj뻱Zc�(fz�<�awv�*���棥8�7~@q|FemOk$\\s�8V\�`tG\nfoƄpKY�ܪeW�TRjkb{G:��s۞̀ٻT{���fC�_�,iT7Ti555_[93V{5���g
�hT+[B�o+L3e�aR왐%=�9�Q9x+;[iDXk�z�
6<]�缲.ҭq�GAwz�JnOGkjڭQ}y�y?}|VKF�4hu�H �2A
*�t[�Z-e]4h�\nK^Y?DvK�k7�A:Pw�e�\.TJt=�K(TV_m|&4%jOQ[z���y�Z;î5UhnKp)<+`L�=%%\β�ÝellQ(Ƞ-�L�0fH(�ce�=a+�̍WPC�"6J\l�H@gzEla3f�Ŭf'b�x��mPIpƃPI�ih$�Ǭ�dRK$ڣt5%M*[db,�yRQ,d�4&W&Yj�u,uO 6�YU@IaF��Z�(T�. Rr�#�{O�>
jDLN>2�y[%���F�ꂢQIM!U�J7w�o�7�BphmNو�4wrgIs��oOCm
�3b$(Bh럒iP�4~&q��+��{�n�Sm�a��C�Yb2cQ�\T[�'�YP6'��Ÿ|q<0h$;rU˽KE�'�A�L���t||\ޙcOJ Df
��G]nkqf~po;1ԄJ?C�S��JݞJ4i 2t. ɥZ�>6ܒ�Ҕkc���njL�~Cw2i Ҋ4u�G]k}c(Iy�\dgqWUA7Q����&AA� X&No69 ʣp_b�|֣+�WpJ)ƒX`+yc�5z>q܁1gՠ�a n?|cWE�I0:�|���y��L
H���y�%�3z][7T����q@VU�E!�w%1ĩT��f��i}IȠ�P~~=Q:ɹRNb)�.qWl5[z��@>yn˞f�/p���B7��}� lȌ'1�& �/OcFM>�σ={^�h�[S'zswMc(?sA3,6fcOA�v}!Mۑ�ax[h�>Ryt+m&UFvtѓ*
D��CT(�@z D0Il&~
D�}һ]_BT�fğ4�Q@~�2z��t!P$15853��͐�"g�!h %JNJfK�H4D�f;c%n��CQf4�~e�iW]yhGBH YnD � -^ݹ1E~��ء5@�\�jz [Y�a#�1��tx)>1cŷ3�-M>�7a>5c^6|#]�#`Mt�����*7'MQ1�%7W�xgQt�AZ��e(*{�B��SD�("
ϭ�Lc~����0��K<)r:�{e�7��,Nʘ�ZJ.:
3H��تWh�LP~����=�+{r &{B_*[�`.\WOgҗ|9Nx�{�W�}�G��T�"̶d7�n:rGd�iSN���3�5oglX=?O~YÐL0}tH�a6|w���t%w��ţN+L�h ObW��Ob9X܈�6$}DNBhLW�\�RNpM�a�םh@>Op�nS1��5,f';$S��Y�9h9\ \�ut>gs�Grb� iX@,ns<"�Bp�>M�톉g86>2ң<�_`"C<{y'0� C2;7zqL+OW0M}U�.Pܱ3��\LC'skm7zÊh~m�q5}&XOJ�1��;4�&g�Cl耈7j'" <ߥA*}=_�9tmN�;A/}DM0D i�7jܦ� k�$\E2rEǟӮnB�\��H��3$R.qpm]z
]v%���f�i:Vq�O�,
x�hd@c6T(���T/Pn >�0�mן�Q?N97v
7�O��)�Cm�`A�3Nܺ߸;�f�`o��x��B�b&(>`ukjhlD=uAq5�wIy �!��t?5Y5)��3I�Xa�p?LPU� �?�dhƩiC L@@�@
K''jO%ذ��~6ky{W�_JY�@ȨH죺��0҈AF}=H
zU�j�/I��9Uu�H��W|
ECPe0ae�Ŷ���H`<�4
;V-6e}mG$ʩW�Lq~B!xǞ���g
#fB݇O��8ME_EPp���3#�rZtHA�dRd6�y��RlWН$ Otg�~Bލ1x#$ue63�/iUڟZ?av� L ɕS�.>�ƔO�%SH8#$�u(��|~ڡ
~@��S�K&?$ ��.Loai_vDmlv��ȐI���QzY4�%9iF\ Q/�C=�.�?N����e\r*ݹ��֜pcc�)wm"��
.�CIk~z:W��a�|zG,
C
Xy]�KFi4ޣLMNl;NQmR̈A줺;[`p㿷qP&�]�ӟQ�^Yu]hP���l[���ow +"�1O͛,HB&"}�&uH L��.X��@�^8*���@~DHb�R}n�B6CV�kYRB��2O> |.qOw3m�7�#L{0�ޣK<74�.�6u��Ư�mKб�;F~^;Mf��fsLZeˇ4=�ulyO됸{�'aRoVH�w;@"5Gv~[ia\-V즶ʺ?luL�1�֟�M ��ڑh�"߹7,(��>�zj~Ú��H� \g�h��jMUuSM�EO:�eE�+;y,Vb DgjwRFM sdt9�y_ykt�<�>C/w?o2ϱ,,jZM}(ҕqd )6T*�~{ri�'�Iޠe7j}y'L:�^:���dW3OE{@>C<><薅7N�c�
blL%^2Q.֯KyzK^i�{�("�l^*3Η��W+cM%H*֞�=v�U.���[jBW1,ʓa'XU^U�;�ZȄpLJ~U0!�[�X'�uE�[5][�XXɻPN9(PŏwR&m4C5ݴUUH̿WICo�'XP�<�S {�||�X^价�(әQ˙IYQζh�zHOHU[f��2ښsO2%,3QL#<}Z:kFc.�%n[�b&
?�m~ou[{yTTճnU�ܡ�-�I~7�cqֻ'\]� Ӓ|ʼ.2�+UV}ˉ^dm
:;tm�OKb:f5G�#Q~e1Q@gϔ(�
Q{���%rU_>VNY嚦[͛-?Do�^R>�Sء��<
y�~
8[Sm8_mQI4�J|{P7LrO�g|g_L7�]LJ7�sr}|*ͽ~|uz~�Os5(H�*BټF�UR'Z;E(a@Z=�'� '8k&T}w?qw�ll\v. "`z׀'�{j�}��o?Oe+k7�=M��]=$yATHƿ? 3aS� Zvf0*|0A(�D�kh/�^s��̒8^{)>W̮E�qw�n@qT(+Jo%7�ևtOL7�j;mSҶiP_�='2}V58ox{x~7w/kS�'I�+���輯i6z,MgQ|mEdKz�D�}ޭ�3#iɗ/5+y]_/x�{-"X�\_-\��ަ<ϮsԦ~_̬ ,e( ?�˅Iy}퇓_b|ׇvx"#xQ�6[Iw곩156N<�7la;+T�sQ6C]A�Lm�N+851\�v&Z`7**-d|~�ǹ-,_�|R9�OiN*X0Ud�pJ}5%I�uKBdPSw_cZ@m�J�qWKG�1g}?==l�GK4�(:?ĉ�ñyc�ŵ�5C�m�:dTlAUpmK�_c�c'*$U2پW�m/,L��l=Us1>%[+][A��H+ZB;b(֘lGz_�wj(k]#]xP!:@oX�IϞW\{jL�c�WOlD3 v*O�1P.wu(:;W�c+Ժȡ龫W%Do<,�^mp�jӑz¬vq8] ��WyU>2� �mYڞkz5v6IC
XHnGKL�rG|Մܓ���DJऱW��î
ωBC�r��B�&ZLqΤ8�?ijҟ*Ն�@Vk�;wzu~���D+.vȴ;�>9*�ǘ]r3ϲc1�#C> Hsy4s iW9&O�b[��ic��3lPl!�#ʔzKDrg:_E1�F�fyeVsf'mP:/䴇�
m4?��}%!E'bˡtv
>5lZ@WDW*l}zvO=�~�>Zѣ?a�#C�4MPY s�}Lw;h4qG�)�tK�RԸC>�TP\�o̰y)�[��E�}Gԭ2�qC6u��|qD@@�Beϡa[
M|٢�rS7m�p�3,ghKF�9e3�h��cY));2����f�}�VMd�)�ý^N*�6<����>fgm2Yh��g>Mq�X"|U;iǷƭP';���誖ݎ
K1c�09�,>.;TeW
B{�b~�z�hdmO՟4Ǽm~#:'� �f2\uq۲fqeP�kk��oyN�x�� -9{77o
'Q�{;Cx ='7�4<��U�~]Io�,mv_jx�E߅~�e˄edS9W[c 1i�yH6t).�KҵR3iC1'jO3�9�O.``i6
w@4O o4�CRk
(~���!z/|*MH{�e>@Ϥ�x(y(�+hI�f�NIh5_ϻCCoq�/Ʋ�5g/�fW֟Qh�s:[~ʷ!\��XMOpV�0d�T5qJl3"_�9}:� T)�eӚE&2cq)U��� e;�ė@2۞�93u[�O;�Ohڧ(>ZZω3o�CDWtpz3)g?��nt>bqa�zA;y\�#�L�_4@OjI�aE!*d9<��gzj�ȶסo5Sv~~%=L|"g;K�|>^fo�~NT��)ۘqHoq-_RwW�{2dF�yAZ-EON��oEJ_Ѱ]^oW]]��5V:�F꾢j&w[�������0_Ѳi0�2M�+�:�=O$!$�ul�HQ !!�'$.&D$l?.bRj
84ACת'95[/mRqٝ3|#���S!ۼVcJu\V}͏c9��/l�jK��H�W�jqXi8ze�L�SU,JmXN�s�>w�ܘj�\`|cG?BVd4�I~JLSaխ/`kD�"e@ �JA<�1�BƖ2�w�:�j� ��"&.L+x�unNN>Df7A<2zOcqQ4Y4J]�}oI+ }�p���֓azgT6�� �ޣ/n[�dPoژ�@�Q"�D=X̰Gو�I��*P��h&Pb[��ő�e�jɾ�O9#)Y���co^��e��n;wvGefԕ.z�>0O7ܡ�O/ti;�}
}:� >N�L0y0 mD
�0Khv,V\�kJIKW(їC�b:۰;KQꝫ�Fms{.!{gs�#ꆄFl_dϖw
]}L+)IhZ~L;w[o֩~7T�SL��a
m�,XVI��gU��.��b6�Wܿv��UZ>Z��p
?' -nZOl4ݏ�n#z}ncd�7z�s-#d�sA糊v�*1�8(�v =7㘊x~z����Y/e��~d�NvOgg[B>zSodݪǶMZ3Cchg:-;�k{J,5*i���˲�����'?�klo۱
R+,$�@��2^Ou<�)Rwfڱx�1�0oD�59�p�W۵
^�/:��8b
�DB v/KW~�5��W{;ȕK{VG#�!0�}nif0��NݏVz��2Y�8[m\
@Yk;
|^#2�/Yw?@7c�l25rVJ5kP� .���ILO��D��M�w®~b_6v5ZA4l6p5n��0);�v�^�}ϴvT�|Fۆ:,
T�q=! .d
�=����֎qb?WżTQ�(!�k�zAgKpPbpV�gkGzM͠,3�(dos-6S�h^iaﴪ�oO+jTITbN��58B|�3n_ī+0"�M�q�iڋǍ�ӗg+^���0�*xoÊJ�LL�!337F�&T4$L=Z(3z�Ȁ-
�b@13/Lz��MΛm"�"�E$��QH��G?�Rc(̦\ͱsh�ca�B�D'{ DVX�E� :<4�D&��o}2G@C͍Ԍi�؝�9MC�g�Dj�C4p���Obw5_hm?$�cq�@q]t~�#{d+;�7!CnR0��O�}E`z&['h#�z^q��%(By6U4p�_>G JZ�"TO'NBԨ� ڤQ�kL�c挖`DA ;T�96~h�J`)8;^�ȞB��3| ���N)���VU�̀�� &��*(#�TTA`y8 f.qic��دN! D��C[\j!44k=MmPQ�my߉�ba8u�nI��CXitz[3Ic4
��
��o-6ƅ�H&Ji
4�@?b;G�6��q2�5z�n!eg�Sm-�(aB%`�,�(��TN%5tr�^^u=�i�
!�� $$��eר3�K:?"_\�ӝ:u/�mbO'���_:eGq�fa>]�c�"�!@�@�(�Obl�Px�vE|0͡&E躜\Fu����B�Ja�?Tmf�Bgo[ū82m ͈3�m)9&�r�4}xGJHǶm��3å|h�X7)@)IrG�;�x6il�TW$=�[t�L��'&K`q�A(Ay�,b6�-Fjs`L�$<>WzgQXe(�C�EtLY^K :I�@#r�ʅ;&�Q黒p&i/[UmԵ�F�2R蔷�=XQwʌՌl_�Y[5sWm+E#p@�CjP�;
*��G^npCb}�iy^ȹ{SWWP0O)zm44p�k%�q�?upאN&ץe ;?}��B&�Ϡy�r�ӫ~|O0,-kZ8I'�;O;��(y߆ 7m!u�NB
pH��/�Gx�/EEbe|)qg�#�E�dSE[[!U�D8�����!I1<�I9Xަ�羜}��ߡ?yt_S�?+O0ϩKK-Xk:|TR9
F�-be_URq�-�:�boڿ,#�2V��6;��pXW}��_ɢ)Vjls.j���կd*V+,[Xj;%x�:=3&"�Ѣ';>�J�t�|Wp.�K�!�کt;GF#4I&OMvCzl18t�3�O]1ɮ<�g>f3�!c>�_Q|u�Co�~��Nx2A,yI�_?f)0N2N�ϵAwR}�tz^:fd�;a Ԉxp��IB�I�@ET8D�0�o<�x���7Zh&"lt+eZ
īz(fDDm�$0` �Ba<_cZ�Y.G/ٌ9Ӷ,^eX#�Aol_�Jlɪz�NOw���-�bhnRx}EuubE^�E$}q"]F�lb���~Y&}^68?oW!ΐ�9U�/wRuL+#
e�Nd��%];��Ƀ"*0y�Yjk�?�uL^�ϩM.}gxl$i��}
?2TﻮJzǵ)t;{)��_^}-i93�nAJaȉkWZ>eiw�3:O��eM4wmC
! �
E4�a5�E-0^�O�@xz8�DgL��?�n߁j9)<�e~�H&W&=L²Ұq=*cªު{�[C!X}'Fm�,>(w����%#q>{!�|�įة&b�Q֗i�LM�l�� 2fvb�G�r=J� <�\�Er�(�kDƺ��]AfLH�Fwф�|û"�ͪI7/~�w3�T�pX1z��b�k��6��1�jd��0XNG֛�NUQ^�;�y|%!:v �c}?y߁p[N@XF�Yuڎ}?S-\"f1X|48z8;Xnd͵~j6m�)
�:�8E
8U
D-Tb�b~�sʼ_s).V+\X~G��b�ڒiӑ#+��@A>返�D
Ё4d�Q4�ʏ<%&wc9�BM#BL5`c�RɝX[ ч2G o'os�).1<'ۋ*&}uFc;}&uV.�kz�BI>·I&M1�ߦ}G!��*QF/Kۺ75 6\cj|/UsG-ͽIyzǗ2�8M�c9zwY 4=�yb;� HM;IЛ��9m癲s�
�\dY��G1B`�;aIpՕn}C\ӮO/�[kԪ4�@�]$�XЬjzZ+F2kedTZEE!A�
1ߞ~MO&�MTdg�aX$8�䝾�9P�$6Rek�
h1��
(H9�D@/\DY0�BjՆP@�PDF4zLb9P��\cT�zw*綝.]Ӫ1YHE��Yi,ұjU�U"ns{؏A{3Bo_^()&�y[�\�HO0r�~�*>Ӯg�Fóh,Q�H6FA�Ig�>=̜_cH�cmZu{3ʛ\£9dgp}y~SH�296
�*(�
E���%#�ٖ�OELVD�sk�MQA@""zbTC h��>�NFc�c1�**>\\\s`*cJ`P
"+=|Yl�-�c9g�@&��_Y(,�$C-AT�]�0� YM�Q�,$A,K�X)��}ǜz0PU{ᅼN<88iF��~2ܽZj�*_��3�!0{�W&ytywo2F*G?C-Vc�le,0M
$ ��SF6v(20崑XL@�*3��q��%�Vʓ~r
K�`,ʂ
j:T(xBYWYr�Tw;�'F+Ujx}Z a�%(`Baj�-M`�yP������#
b�%R|�
�g�̠M�
#������8jC8}�Qz|XSsGZ(Q�d�ՌV�2ָޞAjYwz�Knq}�5;in�\�]]s=�1{I�#r�_&}�cfge8Y�K3d/{
J5S.6h>o� Z7nsRUP}ҥ�<6k�q)s�)�
/b tůwE��S�VO
�xi��}�Y?Ca�rv?&��}�0�V!5�$\YHjn�݈-NrO_X:WN|��R$51:V�f;W�N��R.Z@aÕ\t�{ߛz�T=�Rocвi�ë&5E
\Io��Lhl�vO�ŏSxg\>~ڶ&^=Y
f!�djiT�8Bz�-֟f�QZo�8QŠ\$~*'7;�fx��0 ��˅ʃ��S+��3d��W�E�꺹�<�Mw�Uw'�]97W
%HI� :1bR{ϷeV;�5f
v�3h�aQb�߷A#(9�ؙ�[D>W�̨0�x*eU{+�RƑ(D`:%;.-
Y3nE�jdW6�V;ۛ0*Һu<[
YLW �fCʽ�sg+_%7?=irPުa(6" 6"eOK+{Ȉ-�:^C A�
vl��۠8�BI륧xfs!&5^{6�~"
HA(t*(~qnj:Ͳ';��c2"j6BfB~IFc'8#+�PD5{&�,�&orx{5W#MUn�fA0D%)-tfII۔ٍ?�|�Zt/6:p�#g2Z= �:>�Đ?�pC#w��pt9%c:{+TAɦj+@A�k��hicRTF
�DQ1IF̍hFLRS4m�"#XE�"!4`j@Fe�*5�j(U�5�4Q�Z6b*d(F��E���hь�hѰ* I�Ɍ� U�&lQ�166K6h5�Z�EQ`����DEY�dd6i�!%Db4PHlTIF`IDb�ѨbME� رj4Q�c�QDi5�1I�Q�`lRh#b**4b��2آ�+�ddZ66"RJ#F�I���*0i$h*1Q�b%��&m2JQQHm�lZ,AcE�2F,b����FT+b(Z*B5�IQc�hT
Ɠ�""i0FĘcX(E�
��1��B(Ť1F64%��L�dY+Qdih(�4XclQ-���&#FE!��1��E�X4ɗ6#$�F#Y2i-� Li,�J,Ti1!Q4Y#bD�MJ-FJ4lF��LX�!1*X(k�l��d����d4ZL�(*�$6
66J4lQ��2*0F�bCb���wkAlj�6,4F�Fđ�.s`
�MQ(M&�Xb(�L�hɍ�(hY4FE1lbѣb 15(I@���2*6`$F�Ad,Q�EE�HE�Z4LZK�``A(#�TZe�%AF1SQ-bAb(,lE�"F4h6(1lj"RQ`QF#T$Tll�2Ic�b4cXf1h��`-�E�*jMQhI0F4X-�*(
�ij5FѠF$&5DV`�Hl&RZ-sƌTj�Q��6`5�2$ѱ�*Lml�
�!D��B,FLh&2�E&#F4P�4XQFhѓ�d"Lgv1E��RE$�E�*(4EIlI%E�
1L4čk�2b&DA
�Z$�ERQ��b$mAV0XRmDIIl�6Q&�&QIC d1Tb�ٖZ661���h5�QFKTh(,i,h
mʂE4U!�
66*Ci
�kD"h1Pcb(�FQ�cF$�$kERVLDb̓�[hA����h(h�d5��ؒ4IR��X"�S&m&œ3Ih�FldJJ1D�cQFl$-�XHQ��Eɍ�6D4(Ic�E���IM![IADQ��4�"*4Q�Dlh5T�jdJMJX,`[��d,&4Xh`HTH�,blbѭ�lb�K�zX
��&#EEԙ("\FE�D#chōlY
ňؒDlTfZ1&�$ب�h 4V-&5���k�AFbaAQEF(b1`1V)6dT`SLY
ɨ
�TQѴHPPBE�64IlX(Ѥhؠ��W"5b*4hLXld-Tch"�
QI�6LDT�) 1Qb4`�4d5FAc@llTlc"`B�#&"@�IQQ6ض-��J0��EY1ccZ1e�F6#Tj(ѫI5Iش!61PEmG+kJэd5�b*Y"&#"(,e|.6�[_4߁�+3;O
>9Y+/sT٘���R��dƋ��؋FK�,cZ#P#A��(hX��hRh61%dڌѬTj5c0ThQF+���lMbI��6fXmFŢ@l0m�61ьjJM�,FL[��EX��JŤI��XhR�4XƋEcc&QF�D�F-�Tm�A1TX�bجX�A�F�LF�Ѷ#E%� ((m�E��j*I(J�ɶ�j6M�Z66Scci�h4QP�Q�cD6�X
#EF5�e�b
4Qi
m)��2Thش�4Tm�j,i1cRDhU�EllEXbFъW5U6IF4��Fh���$�-Lu���~�;ƋxTԋc(�J;�
�g�G
P�5��� M51�aO
�j5�4fYL6TKJۮvT�0�Y5O+4g]YdV�
*vޛ7+5y�NAosM{^cv\h�j��tNUp�IshNJeSueKULʼn.itl)W_f�Y̌!{~�>b=ۉ%X(g[�GRMIG@PboM![DݶRBr�OC=T픣+P&�:`$E4[RY��AkX_t֗yzza�1x2pA 0�P.t�x%%�!^b^ŵS=jEmH9GxfyJ[�j;Ǔ'3APF9i2ly|f,�e\-8d[ Y1R-��!~7T�1U*��x���DǔLz���.%N[U�hN��9ĎuO*ްk��qiS�|z�Q"U$>�"(��Zc$�H1Ȃə¢E_ ?!\�RYpʕ(k�
�ͬ/Ĉ"l#̙z߿Wm\�e7<�͊��w+z ?� we��K�$h߰i6�(ܛ<[�6��20 ��0DD�x/+6'X_��6��EWTت/��7M��PS,{`_Vv"դr5��s��|όҊ�Tu�>r3jn<#@bsfv-{ �D
�mV}�a^sa0�dܺ H�4'U:w��dEּOE�qޏ[9;6�5�]])`�wU�[��I=/1\˅1Η:��YElַx8;=kvz?�c@)x�h c�ۉ��t$�הh[##E;w#OW
�r
~Qo#:g&e_",ʄ*'E#V8FJEa��e z1k�yYs#NbC�f{}/�|u1:ݟ{pI%p|yzC{�co]sn{CIqӆ߯[8Z6=��R/Q�Qx
X0[]h4jݨE>S��PU�k!�� �deGT
&
rS�V45�.�:Fwp۾w�۳^,k-<+�R2�1K�س#(t-$nC���-]Ғ�r}�,$w)MnDf8�0�křHpy ,�o�Fb v�}�ryg;vt%eoCh��"0`@Xh �'�S29t&ߨq�J(yeڇ
"%�Ė4 []�Ud4��L@�|_ڪ�'iI7Pz(
�ڂ))�2iB7rZij(75rhoo:+Gm�#kwçQC2l-~,.ٮG4lysY+T=Wr(ȵ=.=Q�D�rM�,\Q9A;鸆rS?�d&6IEZ*&���ܵk1~S=�FZ
��(gp7T}O dN1��HA[Ȼ}Um[J/GٱuKxC�j7?՞vXP{4^GJS���� a-c<&%Åf_En
rTО �aA+.Ć�YRH�MVzgQqh]MQ;l�m\t<%l*|���ʶwj2:WhP% I�KO`N~F3AbN�{6
N2S9iD!m2N(J3uh�ζnMv��m�o.oqнaNd*fR[>h����`4+ �uJ00�g�I�⺑~Z|[0V汊Mhvo܊{֚蚂O5-�̋RF�wtqZ*7ܿR�W='۬h}7mx�-�I C�/�hB.!�,)fÜ?b�ogj١T9m;|A+e-eQ"��i���aeI#=ҩkd �
pڨ�8LgoV#b3gAk/ZoY�ji
YV�8<5<5^Y?K�[Җe4Ie~%�J|�p# _{^ŝ�B��+iVzL#YW+gQp�ť!)h=G�D�.8N'Y+$Sˍm�ixTc�hd(*�$b��w�'\�38¥{!ɠөxGbGE�l�>�4Ij5k�$�^}`a'
ZFw8HK�@(OK~V
Y:=vlI[AMt�S�e��jni%irX%m=Oy�+=K>Ԫ\&$˵y-,�+`}+O}mE<ήS.ǥm<�u�!f3xM)��l)*nm=mC�,z��)VXN�hrVdh ;NdJ'��*>Nv�}1zk%>6h1FBa!<�5H�"�`�qow%|yu%�B1k�W7C�QI
��
%��+�2�2J
P|��`c+PPLf�IMaP��)=�f7c�SBP�#A�{Oq_yCt�*hhID�I�Dar[ĘM~��ΨRa�.F�=s<��N�g���w�3=�+%
QA�I�J?džX,?�&d���w_�yj�D`F?v67xܕW~]�X c<�B"����X��BG#�'wM.V@*�b���a'z
�JV~By`c/AY1� e$)5ZVK4۷�A
G~���@tZ��0@d6(͓�ԋ�Edj MC_+qu?FZu*M��XPxkP q I�az7pG0E��R!?f
Oƺ'7Z�uPD=3%�5ϿB?Jr~�&-d�fw5�{�!J`?_jZ?mPUF+��5id<|u�2N]'a(1�?o~/{r`Og
~}BAA�}|l+!=aאrL]|z0]ͧw=\\FWrJ�yi7ra�SHU��D@��'M(]xo�cJ2O4�1ƿfAu�Ef��0�K(Thдƙ)Q>n_�*Fۨ{g&�HW!fIUu7R�p��b�4d
3)�O?�"t�3G˱/,ns;%st֛%^�J�\z�[ٷR.c��ؚ�)@e6lԷȯ�}�=V+x-V-sߧPB�zfq"�K#nҟ%+5�w"�vON)AU:C&Β!^M
�v� �)J`K&Y+�e��"hZ
I{?XC"ׇjԁ��� @G� �
"z$ÜaIZh83�v
Т�A�QQFO�/֚��G,�!I!�ӹ]ɽφlٹRv]o1V̍43N4O#T*�T*s��Gzg�e]ϫ;){U�=Z)0�:j,����N�%�~哑QQAX}CDƼ珈~�K`��yg�`]�� ' �,V�JJ0ZO-� ��n{ٸW(o=2�wO�WxX]+WG^TG�;|[�Կbۊ:2����k^i�U.U��唺�6(i.~ -�|]cg�u2�bw'�+]`tX3Jrɴ-tOJ�t Ke3�0N( Z29C> �K #;���Ai*uu�ɝPIa�G
Dz&T|�s-K>鐤��jPx@�$8'}~w埲�kE}cI�8Iq0?TS�CJ�WKh�M$�#V$g-�*p�uFZhZ���Ϙ]�vd1ێټ&K_1@іyy֖Z\,(��D�A�K
#KdA668jT:��ܔƮzfۼ_S'FPZ�l]4�@P�1}Ɋ:X�RwB�g�66+=;2-aw.^B�Fs/j��OOອ0�VM`hdp|%b7�)o�J�:'s/\;n-<^�uxRB}d��� U.$PXpY�B7r�PTi����@�a%0͟AH_-�2^kH
�
4�
ǟk u3��q^'6�4_�ֲCLH]�Hylϱ!@l;{�zܗ`�̓U�a`��ˠfD)&&�Rk�vXg;,S
d��cG��b6�؇`)[�dS|Z�E
|u�ᐭ
d3՜&SlQ2T�`
`bi�ƛ�Q1 �qYdFMl�%�MeVw�?5=8(|t_;&�@�$BMMt�LI1<;d�f4�Qjv]LI�Vf�A,
�E1ZRʆ%�d5Ҡ:H H2�x)fb2@�kb� =2�=�EeC@E!�\jv1T8�C"LT�HYN�T6]t.5�u3 P|�s`�ց�;D�ۂ4�/ ���6�H?D̖H:UL[QsȽ�.T��&�j�P���kL�PQf�,i1Ϳ�֓AZ,�j�%%^̏!6
_b
C~�� #.�7}z1.5{�%QI\JL�@tVp..�"=� ��Q#X�{` :�racC"X��
h,
B /L@KP orEj#*7}��h"�!�A��֣�ڦW>d,� =6dbkp�o̙��B͎.�fgߔDa Pj4hi� b< _ԉk�D�'_$�V$-Ў{Vb1�{yJ"\'�gY9ImJ&>1lofrkR*A@dNϱȠ'(Mە��iT1$pHed���r7F.h���|m[ jPD쵫�3ǓVd;�Z�UhOѫ"b�!�p-*(��q,T,z�7%%%d�"x�ABY"Z*�,��}��:ftjL^^
F"#""1dQ�R�Zz6�Cw}X@ʶ!K), $J�q%$U�굦DM$P�-�@w%#x1�54k>$�
�ȶ�Mk��5H�G+�}4h"��2Ҍq^3"�M,brX�B��t;�j*0#`l+K#JK$B�xRaf%M:�Ԋ2j�d"s-�O\X���5|%ap�Q)-
G7�6�1�Z�%m�a?&'gLa�ED�c}?IwK܄;�OM;U�F0.d�c�HQ"� '0,�}h��tH699D�hֹ�ˋ6HȻ5͓b�gU9AN͆j"^m�`%�X#SE&j+&`N`�s*N㙳�hj@#�c%w�K�C�qJPԕU).�rheb�"r
Qy9*Q\E&ST-Ň�g9���am��mUw�^J)�}+^{Yx-08jh5dh�aDjb�p�h淁BHޝ�UUMt~���qcHGX�4+<�7l?G�sM&p
l,;
)p+YP�/bI`|=^)ʞ�}R6�^&���@)�A6��8Igy ,0VV�b!0O
$�n�6h9pdm/AE54��d؋�:!F:Y
z[sg*UlPb 6 1�I!�U�P(3P�S_�-5QV_7BT:%:WI9�U6yf}Y�_�#�5�i`=}۸"z)
�<Ʃ<�vdҟ{AZzAA u
a:�6(=m6�bgͿ��Az�߷66*nrgu�LF�/��F<1}|p�qg�v&`�:;8�wSR;�ԙwli)o5M�QXMM6; -�A|Jg�[t0"�9�:c��.! a= �.l#)iJWU8�ձA;Vy��H� KT٦�o5[Y4p1Vue��ْMgJ"SR�!fPysc�{\�#صt4Ќg�ng0[%زڟ@Ϩ>&(P'��
'�@S
̃=
3P'XLH}] {�d{�3.nVbK�lj*GQؾAsҥ�UƇ3'W3IK1qi.Fk]8BHg�Y�W�*rkS�\E�-�A�nJHy3Ժ{!:}Bs\Ԛ�20rQ:�Ȝ2I渉�,C�96�0%�b3!D%�[
aܲଉ�T�a>�&wz}E�kTռodnuś��> BAUXK�Ib"�P ol
�"�~)�$s4_Nh>�+MK,J�迍8;��ҽ�@Nps�et!5j&{m�9.�R}�DI(�A�2�\d�n9v,1�+͉{N7d=ЌU�rth�\n~3mLr4�B�W7:J���D$WURU,%
%գ=�&k�q-/#]߃?kH["Zqњ�|šVR|��BIq[�}�',�(9
HώK>wPD_�Nq`m5(
�8�~�B�*u�[�Nőc
�,NٍY�㹇�Jkqr_e0�Q�T�aV/G ����J�4
9�4q19�ngejں
�g&V3e�D&ꊖumTf����3Umv�CmR4Yy#~
APlRh
*-HAZϱ\�GWX]{zr�Oaq�FVہ)k2�rjiYl;/wLM�9RNBNwл_�Fd:r4?Ū'%=�^�!:�U`v�OS�_7R-$E�dq�KA�
�nD� !��@K�y&l�Mc�?Z�\�?�53Oՠ'4�s9wV/
2N15bL¡�R
1�eBt�x v�F�ֺD=�%+ǽ(Q���F\/f0Z��BeJZ�1�8 �s�"y`o%$I{]y(X4�ejSHJWLdo>vHdX���FD4^^aJF0�lES̐C"La pb㐱#<^:�"�RihM10\61Ɔؿ`�(u%-|'Viswo;R��E�Qj-&��Ơ6arX %MOU#hM:E'KfYt�F}sܻ5c5�r%%�~fާ-TrLYZ�ZǪMpп
�mF9 3x��t v&�)棵�sC]pѼ�|KZȍ�θ ;ӆ:KW*&N&O{r��3z*ܝ^}�x~��7e�ᖵJ1]ޣ�%�04RuZ�id#�ň8L%�KQN0!�X@$mJ��VsG.�L(|pcJȪc�08W�i>lO6�)�9W�jJR�M�t#~��ZRXz_۱l^U=wG�DHBlK��/cMfkk=
Et
e �
+
C��~
K}fKŕ:^* 0{S5G�rgZW0:PA
y�9RZ��g|k2VD٠ׇ/�?x=!;sv� =�Sr;DgN6�e@?�r).)gCţLdzrhV]kZ\ޫ͆�9L=F]T߳"}>4E9YI�����Ԍ�XݏZG|RBFTff@h;/_�Fn^,eY<�S_:>aC!
0PٺD�d��I�;5B�Z# C�T�ʋ)L^{aqgX8T'�`f&ozЬA�ǠS$[VM�ֺ��:��9�Z��t^!B@P&J�Oj��0G@=�H�/(Ez`j~*w`֦ [kr
iϿ+H]aEm&QZg*�_A1K>3af9)|�f|)*,%8Cw*IIF$`9*ѷ���Q�!4n2砝j�t"�Nmx� R>lw}?TYW)�ش�"�R��Z�A�ep_ϪYM_b7F ARPT(j!'�bƐ)B`܊RҐ@��^ЋP٪�Ζ�^kX*{�@u� X�,q|,��2C���f'U�uɕ� L9�P�ז�pyxg%T|-sҮp5.4�މw7NPg�br9+u`V\r]ݳB�#kr@�%v
Tx_
6�N呫h0ah:}�%L!�/`s{IkI#B\W^P Jn[<ڌW)dM
+6�Q,fZU,���{s,1W}6C�3i0hrl[Cq�s]u65�u�1oJ8v4&t�BnV_n�YAFP*ԯ*Y s6pق�뱧,BEW"1�2I? 7f_o߂E�+PHY{q�ݩ|�QK˗=Aܪ��!/ a�:GgQ�ZY^�Zhp1�eƀ>qXma"m]7~t[>uMt�ާso):56O�5~��K�Å1ԻhHTvmQFY\i�@ k:ӻLV:jcʢհlq2"5stx�!v���^w65>r�V߽Ohz+سcTj�E3�S%wJ�-w�a[.B��Nl9]E�)1YqA}�뜨U��:M;�li%S
2B+�F\㐗F�[�J`�
\�[�;Z[䠽ܠߺCi�+���"A%'Xa>5Pu83*�lh�4 ХZ�o?Ӯ?G8#*B6F�b|Q ('u|v<T*x�aIX
/Z¨`FƿmӑtM-b7TK*R.;T5vOi�ꑊ"!��B5,l;ΛU`ZY�yԷ.zp�3�;-�Eg;�6�l35Flm|N�"L
뽔|a�נR%_5dQ=�F.ۓqI��Ͳ);�p�Ö�~�sgIc1�0�:�eV#k?[y54h{Μٴ�O!N�6G�[2FV�9:=pL7հPS~ܛ-:K�i{ٿxۡ�'Iy>m~"p9�T:yH���Z;O*ffJҳ7lz_rssI�ǿP(;%��D��
ºМغfկ�0WPE���bZ$v?XPI ȃ2�KEV~u
�zH*Jφ2\T蒢1ܠ�YWfEyU̓�mT8e'+.O|hT�XUJnm�Q=�g�?ȟ�|��ř{{~qjE:Ee=
�)UJy+V(,ލt��-j�p6I?;5+av_zƐ�iۙ�s{WRZc�ZԨLk�{U-^h@U�#,�=6z-Kٜ=
v5Ͼ6],ŭ�t0
x8M;FV.qqtNºc&g)<ƺ7ە�@6G35L�dVhp�3&\�LD��R@O �-;�ؒA p/<>ރvOj`Y�TW5g*Zs\���h�բ�
�}5Ϣ/8.0y0�AZ�@5c^}l�Z0c+M7knp�-X?��6'3=!J>3l�9Gj:<��Ufdͥ;p{t,Jx�ka3t�ɧk2_uaͭ.�o
.TϢ믺m�Vj3Ѓat7fuz ~zo873iKFZMzZˋJgZTa�C��MMlҲݯI�!g^c;zNpZG!W_6�\?S�YB9l|�[ÈgۦȽ0Y#etŻd NӮcmSE
��~
{*v:
SSa�g#�
jCzV|aW`�XlDu-�h/E�g�i.5�MF
&~�J%S�gŪ�{%պ:g8JϼEA9~h6g\fŴ}e)WZ�y�m~jz|1/7R�:�Gf;ͧ{>(��Np�}�ԟD{W9<��e�P:Kħ8��"gsJ-
u���Ѵ^W�{wu_K?ewZJ>t�>n�4j5>Ufnn.OBƢ]PEC3ॶ8
E>M�t�B��#V{qW1
NS�=uVsў陞�vH�Q5d*�V}xO$0f"&��{]9�o�ϫj^P�W �c~�,}�Ρ�d|iIr�6*,��%d
ꍄTwnV�f:ǚ{('
,[њX NriGTT7)`j@,�NZJ�ʙ`*�ܸSA��ɲS_ثڰ1zLs��ZR�o[#+mFw"ذ53tIjcՖ�[jX_Ԥm9`U�e)a|in3=V�BG8MJ$O�YjlT:}W�ssy͵�lu�|��
kς#rKZ[қ�f-�gs1��je3drګWM
�>2iKv�5�GStƴh((&,42IӽnB�Yf~��,b��Ӎџ"+e>87>xU6%z(ϡsTPhm93Hi�7�t#�X>T&�-7YOF�;:&_�)m�6Q鼶�oelt�Q}S֮i[]|3$�MU�ۙ],ڔƅ,S"e
2ʣrk�9/[g-�СtafK>�Wif�J]U�^t09i3Jz-}ךk�MHݫvJ3U��8%SmY,ѧ-�띝u�LM�:-
�.4l�$}dt$a݄~\83$N��AHC!uko&\瘟dE��V[K+6eՔ�f7�m�Yt/gÃe'e~d,�C)vY;6
ř՛N)g{F8+u)l�h&I}mlCH&�ǛAƏכ��O{SÚ`�)s(c
a|IWnʣ��,c��ЮtWZLac0�g?IS|l�܍>l�u)`.5mh+;̮�]��KLvi;j-^nGobS}�N�/N9;�D#_Tϗ�NO[nU{^oUB_C|y0ʺ?n�]ܞg.�m�&u*5F}G5˼W<|EPda-M6߳x7xp}�{d�-}%Y �Qڄ�\8�'gpRns1>T8YEDr,9qj}{,14Fj(A#"rC��L
G8TcU�Q�?3?&
�%>�!;I/)t3M]hЍ'Tn�)?Ef8�=SO�yFU�^iԥ9�kwKl��.]S.YXOesRJO-J`�y
jӲ�<
c�;��lޅ-ғM@~eLM2R7K�<�Th�V}'WOY_y��{,/Io]x_Wxފǽqh&ON+xRU'xE}?K�E9ߓGn=죷kA-8���'Et�vr�f=*�|�XScPby;V_ijcպ)7��4V'O/!dd@ބX[7#P��U��Fe,BJ'\NŏeB`fц�R�.?'�ϊmW5gJR8�bn�S^f??&,#cuxbϳQ�U|6ihPJ8me>HVoz~De�E�!f�,4\wlL �%ƈnR8^IW�-�MF��I<¾f�{G�JNl3i5Ǯ6n9O�oE5�.��ίN0^)ᅵΧJ*<�ج
�Q�lh^zH��um./���S48۠��IcӗD{8F-QOpk�
X]UjjXLӬ�*i7�$e|~@Dw`P-tFq"�=xW)�(XSSi__;�e�ã�QCvTܦE9']نGW>r�sG~YB�х�:;Xi_s$ѭ$��ϮK
)<��D@Zֱ>/�Mq٫}k�o}kS�0Տ:j�xvu~rCnsD-��PFcu-ګ
LD�H㒼^~4ܦS��!e&dT�~rPF=K��Fj�V#e0@zzM�P.�,)9Z^3_(iR�nܖK.�CGGY�%V�V
�c)�|5Ғf20�:M֣.�c=]MHi;%�ĺL�0�ovv�"�4�D+rCՀg>&)% [ʃVr*%^�n�ә'њ�ײd+{QmV\|$=w mj�c|q`
�=/(?|�j�i 8�@g=>�)mDgZd7C�M�)BF��ϑ0RH�CO!v�.�P@W4Ov]~˿y;,ӈ\d�#[c]:%� �P��� �ak`�v13t"V�"�z0mc�1ߚ�{ԢA�gf�$⎝q""�u3vξo18��̰���$us��t�^%y,2��M\|\+t0nkrWNBwgyFs�z=u2:7aQٽ��_?�نg
Yun
�[h���o95fSh3\�_xE|?+zQVt>s\Z+WOe�ҋn-[X��}Qo���J~#|/:�{bxRQ�17Â6N+#/Ɣ�^;<'nV>ulyr 1Г,ͼ^Hw=ioڛ\*$smc>ɾ:uin��mk�z]ת
�~�e 5r&WE4�(ao/�W`�[mz{i�GxVdnt=:3kUzV�z�heJ}�Aד �у5f
cɓi.֚w]ڳؖ�eT&֝c�gelL�-7읶Ib Hʝ,3[~}t�,5g YU�l�@}ϒRe�prƭ9J0} wǖ�/�~ln�GK�CJ�_�1PIR!D$jj"k/QcJYo�I��Vfߎ�2���Tdd�DUH�23$Ë:3;&gcnY��"jt*sśO�Tg�aKK09-Z\*3�%6�y�}�{NDI#�эT,fj~3X�ۡz[�p[_fԖ&~m{b--m6l�dz;ug�?�^�'W63-�PRiƎߒL�=I~}w�'� 8�xW\#U�OeZ|[�G�hgeu&ԃsm#ȓӯ5�B���T|
e۾Fë�>+TW#ʉN�G:�?9f%�Y5^ vg4)
fA' ��aɊÅ*p#F? Pi|qǿȀq+$�QZ~cR3m�~
�M(͎l�<�Ι{K\jP;*>iQow�tՍQ\/&`k@RF�
@yzHѿn\]|�;KWùp/1w�J���]u/ ��*x�%�A8!$汴4Q��
IEs4D.{RItK`AFDǤ��0JcS.W) ڿ]T�?y�=+�ı7t_��]�>O�7�*�8W8�-Tk�i$�*1*Y:O��[ȸ}<�a3w[oW5oe90�ց�~ ~/J�ng�r&e�wW�s>Yu�o
AVi.�ð`TI�ርx�5O kCY�b.nUwqgUw�/msjʙ�&/VR&A{lj/ySýVisM^[Ê//YZ_0L+B-�ɤl �u1E�łuD�g�E:i_M0^**mֱ�4`�wiX)^vcÄ[#%GF5�Ekk*k�+r_�ЬE�*Tr8 [��XYDY뽉m��Z�{̦DPqƖ4��>F�qVqrszmKƶRU�`Wu+TV�c�B_Fk 椼%>;rJ�^�^%�Z&9�m-_�ƙ$Tj[_>f]!Z.Ȧ�ZkY
""P:CX�tӻMq�"dzoɽ~:wp L:�OTps1'��W+Of*2�79@'fj�/vNƿ&£�wmF�n+쫓k3k�[yS�:/=jrmһwAW~Q_ف.t��_c�J<\J�GaT�BD[�SHFUMزn㾿+F �\Un[SvtM
݆K�af.t��b\Zڤהf{�]*iw�?}z
/s,dHOkyUgF
W4�j�M7q>QJ�[ZBHB.UݜEkJ�ԗvjVaeGgwNd�|M#gS43�ډ/��l�WK"�\J"]k.N�MuV'�/C>?CJi�=<1=�ig�Zpw*voI0&#�U(l?QWN>Mo*�i�]vG65�j�y�g~�M*8c�t�9meq~#{a�3ZۄہnBNƛnZ
lUD0�ca4TQ1*/�٠ۍ9gwqI'rrZ�z>$MS=#kVxM}�Mu'tM�O1cuC�iL7�oO쬩]ʐK�IaUgəºׯV_%/XO{
��漽x/maci�s]]UWdj<-/gS
�O_G俼T- m ,h(DO�A�n��z_Iڛ�"U��5^�~��a_y���/\4v٤2E_eQ07�'}ӺW\�m9+q*�ΥҽWMH̶>d]p+8hn=/Ro
b3#k³cM@={ly9�.ףY4| TRz?�*M߄�io;t)imy�yU|ڍ1ʚ$4&l�}�Z>I݇r�q
3η\_')d)wX]����4m=�Y{7�Or�}cv>g�ّ:o1��چ_�T�Bޣ+�)۷{�˳�n:K_�>}c{ߛɶhHQwk?�w㓻yR��RT_ST]�ךMN|5ЫTc@:]zෟY<8U[�9ăh.o�a{'�UU06�kIgg\m;�M8!U]p}.ǭjKv.�YD4*uZ�;L+
ޓ ]oet;T~.R�wo\ie�Gdl9^_?dz]OAWWBM=<�;T
<.+juOy�Kyeu�Ioc[?͜o1TájNm�1-F}y@�wو m��Ǻwo7%1dہc�{?o=�U;wNE-:/
k>J݇o_{\D��M{~;u�/!~i�i/*7xZ#&
vSEhZ.}&2ޥoެn�=|�˩br�hE]|Λ����;ePU�3R}c]˓vb�De/>zՍ�kO �R�9ܞ
%Q�:"_bl�i"/s^>t�s4{ ?u#M6H}7,�]Y�#�ANjxG&wiBxdI2ܛA�\u˱N~&qim x�O2+�EU"m�G�и08o@*��UG�+כ
|-
�T
$o�h=RH�Z�T?C�G:�g�=g
hW+�uS;2�A"�Bgx:H<
F-9�s^2:E/{��^zM�{�p&ᙹ6
TT;K�TSլ�bG�8ٚż%6�GQ6o����;P1�o�5㗔VM9��(T���Ĝm[u[pOS8}�U�=W}~oGĄ��a0G8Nn찶Lw;�͂edv2>}6R<}y�߅cJ!�@ sGsnmsXR�~?�rA�-)��Z�T1ࠀ4g,Va�8KJ[-�(��(<$$ .�(�ke��Lmgm^u|yKKG9c=]=,'aB�Gr=PH'zR]~5=G4yxvwGq;҈Or
%fPOT$V)oV̖�{=h1�WΚfC�c�}Z}ִo�e�n��T#?%V?,�qcft�+$T脛���Ѱ_�xK~i{Ɨ7fcO"ԁ J&*�;;��P't�S�*NB}8>1|༬`���4KB �4_A��v���84$HpNUP@�~b���EB}B7֝7
'sUQc�>QN;UBJˡ��LP]%=jGO1k{�sSzkb\UV4uيSO�`m$ӧZBNK��u�,בp6t1PΦbP�!sL�P�$)Z(�gϘM1<�hAk.v�)+~܁XE4���&��ȑ�:�Y�fvlbi(^J7RjcAd0}M�ґny3H8��veii5XWl%����ODZ;ϥ2*9�2���:@
UmR.#��G43Q�M<5~Tr����בKJZz(SO�I[�ް!V}]o#ʜ_e]@*ѥx'Nj�g'u�X~ot�iVǗx@pvM=Q� nboQ�&/�e3a?:{n{>n~+�h)W1�uoth�}7O�q$Z磛xgWHK*l)եKu$zWFJkf|3B7P!L�}1]>v+H~le@ĂU"LifG�hԡ%츭3v~��\�,>f5��2H�ch]�V�U��[g&�*uzMgc�yObM��yژ5s(O�AQvJMsROí|~FPi�[eVV38h)�.ykdRq<ԟ�]Tb\^l��BڹX{^0Ƈ�hM�W
ܦFL�Ԅ7kUlY�io'lo�js�Q�F�b_9yי9ȭbzs��`"6cfZdC&]-xNXR494�9hOjr~�/i&e\lhz8=S*)?>�n͝t�GbRӻ1%S�A;k2i"В
wR(��+p��[ixc�]F(u�_IK��(bLh�%/+B?�<2[�Jc(�z.ϒ8�!wj{�Gɷn|,lj|�]R7*4�3Pf<
Rw�\TP'}[ܘL_Ul"E��WmO.iq)ős7+ړF+;z�Z[dnyt9KMY5AѽtK��ps_%�FE�≠jb&NМOlx9l[�rɻjf~�aQ�+ox9��,%w���#Uc0WHDNBiML&(zQ+>-u
T MbڽR�n;m�aK(7Mov]�f՝$V
dƕ8�u+H��y
r"`�Y*\�5Ƿ;�åyϠ>wxI Z*kg
�OE享U~�>dҾi/�jIˌF9ɡ�7�w3Adn}8z�ƅc�u�ޕ7�<Ȕ�'gZS#MК�{]�u�-z�*rsE
az,ǖid(b8:�h_�k+SYߑ^Rm��i@d&�&[:PeM�Ph۲c�F�ӑEh^.P
�E�P*)U��ӇΈYd9�,Ų J�0eKx1���!b��94gy;�S_�h:�ㅟy��n8o_��M�fY%cIO�*˂֩gkKW
�Cw�
,_�)��cm
10G&,ۆt5v�m7,^olKxdOʶhȩWC6
v_ZέԥG{t��,"1�L�ht���RO)%gW{_`_F7�j sK?�!čodS�[��&�m�g>W,t�aiV�Oc�f�HUM4�-�I�1PrzݸTv˟Yk0,i{b]
W d�P��*�l>=
3bz(|�9vbψ%6�d��-s
GQf�6r4 t5~/IQ:yGAƇغ\.ρ�C@TMLgԦ,%7q*Sr�8�v_Nw����;Up}un_�#tWU�}z-H}EgoߡIhȋnIJ=�ߖE}�w5PO7bӯnV덽�>�8ͼ�'^)TU.J�o햖f~_�,�'ֿ�n=Fs1�%e�<#zG?߱U%ںp;wZ�́7Wߥc{˛K˥l=&d{~n�9~fwwލ�7߹>� �qͿ;]E{=\p���0����B�}�P�hG҃��� ��r��4)�{&�Tb�QRa�Rѵ[Ej)�B� @P���+�T
�H(҂
(�P�% R� 4"�����e5_[8ëӆ�R���REH%� ZA�h0�@�Vy�hr@
T�D$
@�(UYZնϻ{{f=sxz��v��`o`���@P��
����
��k�H >���fP(P�ʂvwmpwwv�z]+1�x��es}\z�fvϨ�_gW�{ܵJ����m>{�5$��l:l�N{v-h L@�M2d�2jy��=4ڣ�OS�M�COS@�Gh��ODB$��L)1Q�4���������
���OII@ɵ�j4�@���������������OT2)'d��4
4�������������B2 =ShG⧩PQy�#���2d0�����#L�JD�O�SiM
6ѐ�4�Ph�� ���h���h
�|l")z
(ބ("�Q"��(\AJ�̌���C�R
Qa4r@�4�[T�l͵.�BdFZZͱ*t�TlD�)QJBiYǒ�F!�W�3pj*eh0b%ګ7
5X6�V1�QVѢյ%j5QpU�٫W,VTZ-n2F�Ul�7lZ Z&bI
fPT���l�M�hnVcXi*Z
Qk5[FhD�Z�ZY0NXb�6Q[q�f,hM�ڍE�D1@bҳ�J%XVX*RͶQ-�RRZU��6�Y,d1b( kBY$R�F"���DE�&�T�EV#�)Ԙ +vuLb-E�%�K)jIPF5Iha�alZhIђ&E�lFK�jlHd::�4fnܤc
0X;NK2xa#��JTA
Q�}�{ !h�h�S
,B8M&L̪i P�ь-*V(*hEC�mVʪ5Z
l��JR6A6dXY"e44�Ű�",֭eiVmH"�"�I:C@�΄b�H�
�dD�I�mlDM�$P�
2��T
�V%u�(Ѣt3C��b
Fd6%ZSZe65$TD҉s�����$�Z%4QF�$d%kUwtK@�'�^�Q>Ԗ�^ˑX"d�;-%@XDm�I,�X](F�0IdEF�dP!vm
Z3�6�
Fa�eĻp*R��GXڝ�(+��rxAKM&>��(�&B�+ɢZ*.ݬJJ�a6h��PiP�
]��U�J) B4��kfi *� [c�P)@�D�ֺ%&'t[ȒLF&�"tBt R4� Ћ`))�
�(4
��SN`t�+�*`֮&W(EÛ\5bՍJm56h-JM1jI4��$�
3ecbkxX�tZ�:6��LHv)C@4!]4�ZEt*4"��[r5hXַ�*-dK�ji�Z�BR!sθ�E5 !U1
&P
!U�6 i�҉B<ƭC2�jMtKnlV�n[m#.m4U
9h�(hB�*���z]貭EK[sZ\(B\Fbӌ)"2�!٠!nlÝ4a�lr5UݜEYb�ca$�tݧw$e�v�LC�W+KpJ&1Ѩ,V�`w��"
�@(i4���J�#J )�ҡ(iZ�1�i)���m+@!br5iZ)k$
�Aj�4ɳ%�w�]X㜢4U�v\ltP$���JD
�M!WUc[a(*2v4VSm�iT�xįWm�-Y^��+ȥZUhUhi�)@
�IUVjڢ[i J��� BҢҖ6h5X�
�%�/$t'%i�t,+m7-]"i�mJ�:I$(�H�={y� hNw""�fP֣�lQb5�)-�S&�P�(
Ri"��͍�,Fw^]h\M}�����C
w2e!ɝ�HE �l��D!�J�RAM*�
EM!+KZ�R<ڀpJh�ٍh�("k^q�(be9��v*�@60u
�*(�PJP$B4!H(�A@P��@P
�NTA�.Ƭ��P'\\�J�5uW\w%Q&hcm�U�Z
JѶ" cc]SsBk�l.�t"̑
v5�dA#BmEƺ4Pc;f%`n/Z�N!ˬ
���|@�@�He�J�91�S^`��_ȨU��ǩ����:�/�̀*�u�#�H! UCS"��8��W|jkU�U9ģFfȵ#EĤT?4J�(^k
�[ԉx�߸mKPQ8M=a�)�)
&3�^�qzK0nkI5�j�=v[kIw�ϡ�HB
����G"�\��_D53����~l$]2<�j]I);b��L=� �G<�R۟CQ�1[��1
�YAkA 8կ>^B4��)M`AV��(��AFH&gﶱd�h� *�d�+Ue/Io.J[SutVvz�P���5 ښ Y-"G�ǚ��v(�D6/;ך�d*�U�+�wh�U&
��$V
fĢ&*�*�c?X+Qu˪:��dۨ�7P^
�aBDZ..�;鮟Q54J'kb[F/wkDl3ou�m1�4l���H�F#խofQ~A%|C-bnFMp� -f各BF6d�I.YI0o�8L�k�શRIe�V
-��>�b Db%D\�B�!�IX��BH��M-̖(ێ!tWs^h�R� c�&�V-qݍ/�E%υ#w�Ɵ�i�B$�3$¬U,kokrMAW{\DWZ:���7mSc�PK@Zҕ,=�L:u�W> ܳs@c��b<7V+iøDжns.1mw,��jHG@#0pP���* S^w�1x.RzoQ1l�p�Ըw�XT)v�_DRK|hn�ni��\_e׳oJX�Η[۹t^��D^m�#�Z {�5uMۀ+[E{�&}nT�[Z5l@zibݦ�z#XDʵ�uXh cdsWeJnq/IZ%z9}7HE�^4(%tlb�8^^-ԄLh$
34&c�CO7Vv:�\U�Q"лƼ�h�OO:j4n8,��+v<�^nMG$Y,N�%3.@+iEeAi暵cB.c,�9�8B,LN4E�Po[�;7^ޓ.*�&k���O#i6iي(l9ml
hV�HPs3!
Nڄ�v�xXй顟�nm͗��c1�`�rQ=w�F�unZkc
?̸8�kq>|�kW�%[Vʻk�^#5ε��?g��{ӏ|uB^�cmo˳X+I�Zۅ��Lͽ[X,=KLWw�\�ܦ,�zӆfE�n�$!
�9R�Nk�e].y˻ PL$^�*�w^b�o$)s>K�%NY#��ѱWÛC�c��J)AA@fDS��rj IɭCԧ]k��ۅ G[+x<
Wۭ1}{V*�!Eท9}P
@Z�E5o.Z�$ł|BM�.>GvS[l�oQDS�ʰȓ(o8`u3Γ{rh]_����Q5�|�BkեP~%ǯ�a��8b²�|bV<=
6QD- )*5X.jǭ-aUKi'd.�i�Ӥ-(m..X�Dv%�/
bU7r?X�/yd6�s̱c>o�v�"c+ЅMDSɿevX�Fj*DV#�X6(1Z2(E�|'Ͼ]�(lj�&
G:.՟X�%1#xҪt�Vء1mc{ŮvԱLComD֎y:V/WL��i9V[i;�j֝)�Y]溌��FWi2�ё�Ijup5q5j[r�b]�r�� mD�7+`{Pm_1YZ4BW^׃Ш.b�h��qN]'�=��:�˱��۪M@���@�0^k^�xŞ���;eG:-B\CxkrmԞs�RUO 4,+ 햋�tH>&pȮrT�
6ntZӐ�+W@ch_�_vJ���>sT�h~uv' `[+^^�~QEƆW��AWWg'Z0"Vn/7�$Mp[�� V�W2B�n]Ŗܻԓ\zkCs$~Xgh�=0H�J��[�7�n`5�16P{xhm�/KdH����X[uK`d'l�ԩ"wu�i2MӔ;�w#�د5uQ�
T1g2UCVn
�E&[9ml�5�%is
ϯI.Se1{վ|B�_JGi,\pYjQ�-\y$`?ކH&XwF\Ij�Go2ihRB[պ
�O'"3RheYb$�T"�cG'[{mpWw{f�vm1ӐXW�6{.qڶ 7)hO~_K|n@���w�Mup̊šX�G7%pP^5BQZ\:*b*#Q[څXfYS
bn��˼wz[&G�@d`wJ�}(#][E7�Wv�|�clmB
Z�LȠ� cB��ûkbd<'ǯgʝ"
���p�֨w҆(�� ��
�Ml,%EI]u.F5� 9wT��V$u^e�Н5Yj"4g'-Z;K�aˬrƗ7oY>"bmeYFK4M)=rh�t�ܓ}:OM̖��iv?]K+Eƥʿ��Ɵ�R�Ӛ4"FrpU0$_S�3D-
Qpjփ�[\%�kG�s(-��2*�W[%�YqIe&ǂ-l�H:>�J�~VV�n++y�h8b}�yL�6H�ӑRB��jz�V~�}%}=놡u'̣B�+�xrͮ��:-4�"̋6Q�
�$[�31�?'�@��6%�N�ܑmݒ»tCP};N�Q��%uz2�3Uk�ήJLc2�&�
�)m$i\<櫚�Ұ��D �$B
)N>Dž<�T�wj4nW`|�1ԄmS8W��RPPH�w֊𠧍}�v`
�$41!BI@)�\b�"��nR@B*CTCեϠq"c7��"]
֝f>(,fZx>QC+�QL$0ݧ1j46/ȕZBT
X'{r!"O
�Zn/Ƹ���"bq+B�^�:{�W�+7���n&~lK����5,��ʠAAI(y-�d#@3\ �1IA1sy,<;+e�XU4/ۿ��xuKQ�$kZ8(4#Y2�bǨsmK+A�+oq[4eb⼋bC&]ق_V;ƁM5¡nL^y�b�EK<=��wԍVD�-2��)4l�Ѹ�W�j&.�`����(F}N�ȡ�Cb#Öf�VEP@%�i]�[K�BFU�bRr(&oy4tJ@Mh� H�UU��fH�~e�;t�[ia�:t_�`E�-_~(�([dW_�#�dXZ5-1 �l]D)�1�-�)xb@ЬHՍ�ظ$DŽ�۳�xo��
Zeq�.elјUNEԢ,qE�]0p.i-Y �mo8A'<�W}. g�^d-Qo�,��˜{PM]2]_"14-�kLDId�]zN*_]G]�6wQY]�f5_{pKh5dF56��
icI\E.'<*-%�=+'uErH0%�E�4�4jB4L@xמ^.w.zIx<�G��č�fhX4�*J
�(]q*�gxw�{<=.]�I)�Qʚh5ʞI�=w�p.J*))
5��b$lk�,V"ŭXcQlmcZ4VhQ�,nj$��và1��h4/'\R%::Gv:�cB�A�V�.DcH��HW-@�T҅1'��$z*aJ[m鈏�
�vU�R�9E�Ʒ4QIEH�2j"�������)��Y0P�4C@(2ƍ!{zy+a:�DlY0X^ػ` ƌqy*"'.*/6y�t~,RP$$@��\{Q(BB�+>ey%�'vO72-pU��4@w6�J H�C�D|�$eڍ�-E�/}�oS쌵罹ݶQF4�fn\hgE�}.�W�0��Z�
qqC6O;V8 >4sFdQW�βM�e&�j
{Uw�eDh$h+E��(Jyc:9�R���9="�{ה��v䔻m{xD'2I�@LLm3*)G1�t(�hg_5��7^WT|�>��\ p� ێR}z)3?$R�%�Όmҽ) ��CBAC_jE)�=�F�Җ�ULNBWE�p`�D[F
�'_`|7yyyH65�@rhJ��?S||^M�9xB'A~N
Tb(I�a�N=U*ʍ.�M4:(�2UV@Z�W&ZAb-[sk]"Z��(DMk7G�LF^��HFc*�0~-H5cA�Db�K�D�љAjCY�PlDi*""4Q5��b
PQ�Fb
�ۘAI�Q�Mcm�-jX&]5Q�[F7X،Hi��[/tny:C�%h=ry kSA
�H�qjL26&#�aV$I,B�Y`�7��pĐ5�2lT1ElIS15
^܆ Z
_�{2'�=�R�d]%%R EX�e|�GeYT jE�JϷsFg\,lm�v�Iu5K%_8%�F
@s(=JHw(�3t�AlP\;s:b��A_##�w3��Z�"6
%�D�IRͳ@~V^@{�| >>CP�dG2$g1,Y|c��C4
j5�QB4L#h%M_K%�pL3d<�_?
��tNǣXB�S�E>-(&�K� dwp zퟶi
Z�fqJpu""kݓDP_��G4r�AGJ�90ᅭȫ4ـ-NtWw�`�I��B�6IP`$" �Db ��FLE ɑHNZz&gn-x8#f�)H���
�l[�HHr[`�M!L '[: tyvE-�5�T�ǡ"GR#wr]L捬kpsrs�.hMi1uGAQ�"J�AN�INۓlr�uɉ幋Xn�EE�1QrG4�F�x+�b%2<ו4K;ȉ]#���
FI46�`(rƤR8�;t{|o4�-(Х��@P4�;[`y:6C�]3""Md�`�Č�B�ߙ�xU7�Xn."K�ˎ��DA#Eof~?d4K3�i
X4H)�1�Pd2�BfME��RbD5(!BL5&0#��&,�2�06,Q�EQ4�4m�6�ƨڐ-RTU�mSl^64hXƶأQEECl�`�hڀƋF֓hDMcW�E�jV!
�)w **j5E�cXR_"z$IU�EEUkE�U"Bhh�I!`mI�U0�^G�TɸbfSPm�lQAB%(ЈM7&;�܄M-DQIx.sJ��M^.`k( �oߝ��>(c"/4ǿH-?�p?6
]Kf��U/@�s'vݙ+jW�6 B#R�-&",s�AASB.�Cb')$8}*v[?ozR�+P E�4��J�/vY �
e`�^%�D�@�#�W!ϓC� i�v~ݙ>XC~'`ZH0[+yT>/C"5� �V=v�.zH�S�~J�P%+vi
!
4F�mѣ*{9k��V
�8Y�:Qߢw2��cI�hFQ6j�mAdFJGXȋl%LBFZ^X#b�]N)$y�|M/m�T0GE'O}�V~b�HB=�Wi'{ӧ[^*ҹLXNI%��4iY|ߖF�Q�=M-�CM-%#~>oOyK;�$"k5ܠQ�i{B,9h֎'\$-T
a�7ܡs1_t!2SCԥ ~�~^{DR{�߫�#(�BQ� %Ű;K]wM6d+N1Xl��Oa�;'AeTV<%U ;t�R}�5s"
Q
��1�T׳emXTid(xҫ��;�Tr<[(ԡ*k0M�F� Tm�ŰiP�I�����+VDzǎ�u��1I`h�EE��#~μEY(ƭFQ˚BPӡO@v�nG9ֹ)���8x9�Z4nsr
�fjw�E;\�L6�#E
I��Q;i6�q7�ukb1C[sD:-gFcn����UJ��6Ӊn:j7D$v((i��"ZU��m�m�WLi[�+�jIhN&+�/sHH׆hq�s����ACS}9�}{m_2ݔȔj16l5E�KV0&� �DdQT�hĚAҠ&f��7w%�Zi69Xh��PW Ѥ9/WRb<ۛ:ܱO"�
UruTѱkӖCAr�9J%�IZ�wOS%{uD�M� 4pQD�>P�'XלY~�3@fllE�pǂJ%SAz�����W�9�Ԛ̀�S�BvH�"DGR2&1ȡ#L�LrڕX@@ bh@��>&Z[U�h��h,ft�S
>&$QX*phwb.ǎ�GuɁ�].;z
C!7tir�K}#@d�H�BH(˕-J�ʱ6tDw�dhJp~�jb#;Gb
"߮*}2Y(=^$y#0�=wΝzT;�m��A�6�Ǣ�[��].�.�WK]��81vקߞ�ULT�ls^*R}]��ѨФzƣE[j� JȐȣHrN]I���Q�uLHb�б�TmvAF��j��$1!Bn&FJZjNˍAt\�gvIM仫%dƚ��B�Lpn�h�wn%4R�4-'*D��$iD�Zb��)Jǂ,(*"'�EC#I.չ� #PAi���拶�N;nZTK�d7CL+m�H��dpm�nҴZ�6M$%QS.&%ZD�A֦(,d*"g�Xr#_]D�ؤ|1nL8%rlVO/O{3�
���fН�ȱ�!+2P*8u?",b!� "=|%D/gEmDK,�x�k͊�t{>?ht'ox�!+-_$B�r:�sHqD�ʾ
E'x9r:=Kn�_�ۈ� ՇG�@{y˧ծ]AB�S
D]BGNg�/ONx9̎C�ꤟ�QNs,��Sԩl4�6
�jhڞe� "�3ί}؉Pi� A,hWJ�|�^3szc�G#�V�*�
�P^VWD.�^F��B8D24PTH1P�HVAK�xES߾Y
$/%�9o浣0[�:T�
qdzeN^&]0y0*
�P�$�%J
1
jA~_ i��Ɉ�QB�ċc%bJJɬ[cblV52$c�4&K$#
,I m3E&QQ�L�Qc�6F�1!I-$ƚ&�F21��F-��XƒQ%�HlcR��!Q�1Q�F`l��m2a)FԔS&�mF�
�I(){ÿ�_+(l#hȞL/��D-,\gVǍ!"��U
��MT46pwÞGJn#�b(::QKG�0BIdK%d*JRRZJ%jZTS�)Α^�fUM%��3��3D|S �TQ�D�,hFHH3L42S&6i6,PT³,QPF C�ƒR�Ah"̤!*1,X�dE�B6, M�^Os׳b��,R�b
$H, �$ҊB
�i�(��A$�dBDȆ���AOk-�]��&#^C��,�y@dBi7zZ��(s�rw\`�B%24�_ZVP,� "R4Y�|'B�Sꃶ�#m���T4A�^5ңQ|ܷ-.H��wU
Uˎ->O}9諠2+dUh�Ԛ5~/U�5Aп钃�
A8,EƷ�
1L�cּL:w�^[�-ە=q-�Ȣ>TPT]q�fsݾ�P&$=�x'SI
h>Hzo^�
V&#W^}SN堠pȣBԈ�c�D
�*U
NP]+����ŐTշ7 �ӀJ��"8rZc{fX(?*c`�q�nCXS~=^u"#DWf��6�A
pkJ]�3��E7L[w�OB�cjD%cM�&!
"�!�P\g.ۗw��єG���+$E`_�/>uU�dz�+}]_j��a-�R=3/+YLn,b�l:*Ƀ8-�m�q��&؆U� 0|�cANe�n���<�_ ^`D�<��?� OC?(*)W�c�p�+(�Eh�4����h����P�Zi
2�*e@
��BI�fViRHJ�((J%�e6@!E�R�U
�R� ����������@Zm,m��,
j�)�V"%QM��lUU�(T$
�
�@�@$�m�@��)B)E
��4�����BTAB������(�����������������4����
I4�Z�.��%��*45@hօ
$@Q%��:=oC:�(�4�M5�k@4h�-Dʗ�TQB�AB�U�4�H�M���T^Ң��� k��3aӠU
���@*@�f1t�ٌ�R�(��K["�S�����*V-)@�>�@�-m2(
�0vGR;V굔U��%@R��T�����Q@(������������k(�2r�����������������j٪Ĭ� �(����`
$&Ke3L�c4TDH�Lٳ6�PQ�� +=�����S������������M4�4h������&�ɓ&@�
�����)@HA��F���`�A�����4�h&&�a�SC�
�AS�4iS&&Ș��'6hH%O*IR����0�224���� d4��d�����ɠh
��A����OTjmOM#@���=@��������@���h�����������h$ԐF&�2hL`M44)1OF�)&dS4�Oԍ
dbf4�S�z@ѦG�S i��J�ORM�
4�i��� �
�@��4����������d������5��!+*�Ne
D(Z@4H�4-*WB)ѺHt=uIJhLP+D TTF Ȟ�|^6+$X4b$;=opNGBt-*i
P�^a�*`"*��E-IH#H�IC@�4CJ�@hRСB��@M
HCH�l� l��DϭT H̴@h�@�e*cj"1[xs�QTS&SKB.p@�a<ɍs4ѦӦ�t�@�D&(i1-DޒT7$�H4Ua)h�5��IDQh�iݙJ4(c+&"2gl8M#MVRNR�[AcZ5itB��Lf,ЮLu.:6�] tӹ]�c'�˝lYY�a\˚��N6�_�ћ>'rQ\;qL��E+$dev�R��c�:�K�vSDBhۻtUîq2@4r額0ܮZ5�F9I0b(Ʋa&ō$�\]Z�V(=GI�^��qݪiSYfke$w�L$Tl\G]�$T2;
rR65N�eF1tnQ�c�R5,n\)wrFTATi�ۖH#%"QAIT2@ڻaM$Y#DwW�6.��Puئ(aBź\e��jK�dw0l�AI�F'�4]&)rhp�� -@A(&\&�.1nsi5ȄQq-�'vGw0[B+�3�hNUC!� �i�v݊�jyuc;9u),!��D�O<'v�)5ؑ9R��P3(0f0LDKQ3%�w]r��Y9wnYܚ&-
AZq1I"�),
d� ]ܡ4&&sq$,�)J;vtۚ�fJM+ ��
1��w\Er˩IC2IM�dj�X)"4 ]ۡS4QbLA�A�'.�:ȗw`Hț��Y&MF�M�F3&XF�$bLR�/7'6vVdpZ�+|y�(ŴY-�6-$_^[;E�5>ut�-m�K"�y{JeA1DԤپ8��ӻO\#�롩3��o2)yy&=<�33���MMO9µ�QϺe�IyR0Yr�Yx�"�fZ���suwjn"ZSX�%4�i�4S�ME\I�k��Xp.Dm�!DQ]'vLɄc�waG5�s�2c�I�ZMr m�4ZX,bkFN.;ʥ77$6r)�TX
<=չstVѫ�VѪ6 6U��Wwhڼ�+椲֜0PbG�F #i� 60eM2���Xdp͖n뺊96�S;l\��d@�ebe3X˹vȲwW�Y9�I�Z%5$Mi)5]6Jm$tJ(6l.\.nG��N7.:2:SwW#2J;1t�δ
,;'rDRRPD]:멝Pb)�w
6nM-Jdv�m
""u;t]�ۅ��b́3�SBܫ\ѨE4"AfCX%MHDRji\ɍY.II�Ti�
a
Gw�614�M� 2{�("H�J�nPwc( �9vs;vl(��ljiF)�h� I�
Li,Vf#BŲWd4�U�bs]ܗSr ˻ۣs.҈�Z�JBbhl#9g��`*mѡjzs5n�
(> #�l
b>'0o;ˮ_�_�B=�GN�dS@uH�(^ڽǯ�pJt=�0T�Vo+Q��u�:=t�no�}ޠ_Tmo]g{x\\R#iE]x<�
/0hQҒ@i�M7q/T�Hi҆��J�AI@h�H4�JTt U
bM+lљi4[!�ʇI��^Dr�hܘ�*ѽlGLv;l���\L�}ڶ�>cY�ϪBvCA[d1I�
K/F"l�!ZM{ٯs}H=v(g�y{!M�
�{>wu\BQ&psG�=Af�h*|Itg}h3#I!�l f�}FvZkc.ELьQXIl�b�X�6]܋� *�41N�7 �4]1|GuץHT�!_^7U�Dvϑw��E'\oyràS]{Gx�hHEEvHPFGFlh!gK�dUa�4%g�;�T=cVk#/M�kX۪��J@
�Q��qj|Hv�/'ycݯW|hXM-O*Pz
11U Ѩ8>(�!rvC>T"s%%!ESwљ�`s@
$IF=�Dv̐�І:�t E�=�Bdz+�xtݹ֩JMŎ�=+7�V91�-5P{h�4\ssOO@�Whq��;�A]�
th+���hG@W5�]wjQZ7{�^�G@R��&�l�zD:^
A)�4(�4)Q] �L�ЈhQ�=�(>��%65IQQ�|j9jD
JC@҅"hRow{�Lo{Tރr94`nQ5-*۷D�R&ׯI3 z�-Ztuؤv`Bt3{�Pl$��@5�J%�T*��6�"R�2l4Ulm)��A�PЫ�4J�R0�HB�H�bPҦ��톅sz}+Ё�5ajR�hrs�#E�-w\ƹ4ʄX4%�BQ�J��K�kCH��RFXE�s�EEFڒ:j�4ht%
iSOĠRt�hӶSJz�%44
"֮QT��V4F6U|7�9w:�5Hi3v�H�:�!z=9YD�5oIN,eò>C{�ewv�+̂e(͝==ݨ�YDQYc��
{:G9b8�>AiУBbml!hH]f"ĺ@Tnoti:iZOI��l%IBi7{adxr{��Q:54qqݗ\vq ,t^�d��Bkω
�VkiD0B�sq{v=v<�unq��R�BEV5Xܷū��}&혀�Z*6&ht�� ��QWJ`WPBz%[�AM^ͲLz���@ѣNȦ �h3�"ω6=d;Ζ
(v{tE̦z}ʩCŞ:#��SV1ݴ@k��P]%�c�KW5õ�^\{��jj
�I<ϗ+gފ��t)THІ$
4�|&� DJd�DTWȢ�۱ۧs>I_cD}[x'*j9}�E�m\{٩m{xNǔ"n�-d/}̂
�]g]g
b�(Oƭ
#G5R@�*E�ØpK�Iy'KB�vNۈmT��dz+ҳ+>dS>�^\|\g{]^5}w;9�^o&{�smzV"AIJ�M+ӏup�+�bMsr|n1�9_�bA+פmR�|``Q56+nm̑F�:z�]�� {>B�E!$WhI
i5ogS��GXA�bX(zb>�v6E1�^,1%kkO1�S5y}B�Ăqj�5l5џcݡtP�Mx:��U
HB�<&rH�uy$u��$2.�ā�cpү�k1Kϻɉ!I[[ݼ[��J"b=��gd�zJ
H^xQ��6E|�K/vDzxZ]$qlkQ\c9MB0'3>3'# A>^sQ=F!6�&�ќU��McDN(D�5լA5ZMQ3IO]
�j�Ρr�>ϲ��^nķv!^�>,䥝�aQtJGw]*�+wҋ.\�^sōpYjn�(η(�ݩװkw(GY"؍m�[�"^"t>J�H�Ƕ�Bb^ n�e{G{^G>C$Gڸ�ۮ.+qA=� Ga-6ב=Qy�lcDIV9ɨGއxY�ϛf�!FI:3GAHټdDUZ�$� f1�La�m�e�I-�q=
:W�N*:4q��OxD-'Bu��b`4[elC���E��}%K后_s:�c5�
EI&�834v웓ȦHUŜI"H6*/=cGx*)�m�+q1ϳxɕڣQW
W.g9$�>9g�-1{nzf(("Cݳ�E�Aw$C�ɔ:I�ՙ"{ݗTQ�w'`ݲmܦ���F7JݞuDF:�>!y$ץW"JD��=337Pϧ϶4( $/ �0�SE*�j�wc|$佒/EKK#Cѓ18|9,m9j��xN:@53�]�A}�(Sx�hлcAvX=4S
J�Y#�W�ҭ�:41s�O+NhkV>*~�QJ%:-�5F6,QJ1j6�I����ms]54i(P$��Dk��b3$�6�%s:08:T64E$XkdŬdJf5�X-Z-��9
Ŝ�I&k;nXԴ+(q4CmFlا�lcb�&MkeQ
iiubەnmcD.iۮu(c`l�ltP�4`
2Q5
7wur鑖�h�6F-!�L[%"X͚��J,�Ql"ƋJZ\2�)�Ce*rD�K��I4�m,Q2%E$42n�9º�6��*"Q�QD[F��ɭ�&-$2Rѡ5t�vV[a� �mZ45bU�sksٵ��92;J 8�R\9ܐkWqf6�$(3�֪j7O*�@%h]WsRS�bw[s;\ch3UT"
UvDѤP��4��TҁJ�ڍTj-shE�X)ع)*ە]j�FwWl�(II�h�ʸjQ��&UDmF5m�E�j
��G:0fWm�:'fs]unY)%QmIB��R�AŚ
5+3s0D�tH+V0Dh6&1hhm6]s�5tw]B3]#�J#X�@QfI�ҹIGj֝�˵ViВА�rܭݮ�lfunIX4JL"��M�w1B,,&f]&(%MasG�t�qJ)[Xw1�-Gw5֢(1` (JDV`�u*iP;sps�d(ۥA5]Esni؊-Y�J@ԖUIVkA"5E, m�clN٪)
)VT��Wwn�ZXHYcbU�J6\; ��r�Q+ѤC8;ʺ�DH:,ܑW`��whINih[Tئg� Z��U˖���@S@IB+J�@�]�C�Њh��)�B�"�t���Ut�h�@��ш(]���SKA&B+�PTi)]�iUFɫ�Z-[ZFe*)6-c�X@�JX)J5��f-) +$I�ŌĆ"Ƥ3
(D�*M�E��*LlPR3�d�cB[EWwU�S Lj�b3#�$DFVŎjvܫ,d &dc2c&jLXFJ)']\`QD2Jla�H�J��ۥ3RbL�kE�f�Zr]nnbZ6݊&VF(6]\+q&wt�M�qˌ\\2b9Z \��(JhT1���lm)p%S\ܢ+EdѠl��acE�-%
id&2Xf��
6&)6dlYF&ض)5E"ѨV6(Q1(62B0�Q6ZMFђF5r(�Z5�(ʠcHcADPB�S
f̢�"dEBa�(�
!$0��B�H�DF
b4PI-FQ5�QmѐM���%&��2a�J� bJ(XP� e�K hdF,lT�`1DbąE�P�eF��l�H%&R�b�4ԙح��b�JZ�AdMI(�Kpwn�ڱ��lN()mih&(�4b#5[I
�k�2C7]�$ W;Ɏ\ks
l!JS$ +(j1ɵ�Tf��!C2b2ِ�(b�DH"IJ 2H�dJh��Ab,lhm Q4"T�%A�A0DBfS2d1b1�D26Hٔi1h�Q�24� 2,"�ILĢ&BMD0�m2Q&Z#�ZK��Huve�,i�P$J�h&�H# @%�1��TFMD#�V$PEbTHX$nk�X3� �cKeJA�щZD�:mu][4c�E��a �h�!Tar�RXcHX@DQ2�B"$JJ &�,6ղ�(�O�IRP}}ƭ�FE6Xw6&�!|K.E��B赑К(Sð*,X$בy�)=�HJ�ҁ`솕/(EjjEΖ.ꇠ
I�|b[(h ��mO4&�qBCT�G�FX6m%�sHy]B� >55�[X@̘O�hi'MrhC�a�Ʒgr{��DP_xŶJm`�RcN�HS]"J�!d)��FZ)h���r+s�ۚċE3w&pf�_��ѣV'�GIg�S
��ׯieR{�ɇ�p�;|{c�Gz�"!_*%�232�].0Ŋ0�̻oБm�F�|+'ϞXTD�NM�|�PϥL-
)
)JKa�SOE�lhҚ]�˻|xN93W�H`�HSc>R��PP�y}1^�yT!ϻ>�kQm/k1��c)m.vȞib|UAݹ�1&`Ub&*�ZT�:r�ќJ�VT�l
(xLa�Fx�RGRȯ�qI϶^�c�:YD�-ti^3rO4:x�=iz}��"[�nmV.Ÿi&}@{qK瞫ʩޥ!&}��屃��ژ)4��йv)#Guz
:=bAi琟UC
zr�,�v�OA4LM@s팂�'{2}۟Zt72kj���ށ''s>3km+//GI24{>
zIO=yL�4E�Ƣ`4Y+�E��i5V#ʹW{ޣbd)^z
Ӣ:P4�݃�&_!��W'}���j3>ڻTS$KGPVAw6ݰԻ]��NN�ިF��jmtj=:_A �:!s�vQ�}�iGݺ�<:(8.q{w63NN맫bb
mQHgr -^E|d^;-�͔2a}) �%�KiUga�m"!*�Fv�OdDx�C�quJ�E̦m�*^X'vuz2l=�wւ�"�.dϏ4B�8[!$fVOlw�R��c�Dt��Fn��Y'ȾYE]�ϗ/\jƝu\�&[Wn)
�:=z
qw臼;K�ԎH(^l!>>�>X�II3\u{[v�y5=Υu��A^s5�ޅ0/�hAB"s�DWր*@|(�&+]1r�"s5�zQ��\\�Ig�t�|XVj_/ItpQ�OI&qi:�=;a^aGdϖr�R<`6y.�_.NڨlԾF�/UXQ �>V%�ʅ^��H"I�=}uZѴ�}϶/�n�'�モϹLl {EGӨmF&";ctX Ѯ��/�>נF�7ҭ뜹`UY0\wS7�Wz��:�&R%!*
Og
�x=�ch|dv5�n8
3�O�ѐ_tv$OWI�Ga�1�W�hy8"sl
!��xJ!&LpԮ۸�qSMb>mal�A].v1�:XL8L�ֈ= J4�%=�ʚRf2%�"ϳmܠ}Eϸϯ:)UQ|{�H2kw{T7g��
�j�Jj5ѥ��l�< g!]�u
xr�|/$ 33}EB=!]>#C;���):��M�']�U0�SB Шi�
{qi8XE�Hrnsy{.NC[:-ώ�cO{�]m㷧0_+y%ѝq><ɣ��QE
[+Amlv=ԂNј�V&`^sŬ;v:ڇFѲ�*�}<�y+�FzdYy>u�xTT�q�dAQ}λz}k)
�Q�ś�O@zZA�l-7dv^t.MGB<[{H&�Ly(k;ce�h{{I�JF��ww6ސtzM� _I�) Z��Qhڈ�K�LADA1kjEFhhlZ-F)HJ��PNVы�h+ck�ƭ 15EF-E��QE�U�ƬXѵ-j
mQj�nb�ŨQZVJF6-DdDl��b�F]4F�q%
��@:�B�]k�MF#�Eb
�As6K�%ElbКDF(@J �$�Y,E4[�AUsj5�$l&u�q�`ɍwnj116a�A&L�l�҇up���s��ĉ"�d3"H)�cB�FF�7�KLft!4Ip-]vQ�$�\ݕu��("D)��ku͂λq��];�2\\Hl.1;@�\CZHX��Hjh5F5��W2�s�U
wk�6*�Iq bͱFƒ*5nV6ܭZ"ۗ+�TkU�ƣV*5E[bەr�FŲZ\rr
RPB�H�i4!B҃Z�r7�TV1Zm��űͷ
hUѶŵl�r�[�X�4cbbص͍j:M"M��AU[i24@BkJP:ZSHP4
�At�Q*ƣY@Ak�>O)[^}Q6>d �F:JZ)g>j3u�]t3�DIoL�L�]�>J{{�;oCu%܂�uݬ$<{RK{nRP$sS]4U�S)6OA�sUsћ]gyEd��v�qO^&r^hV�>QN�mmbGB^DUKI|D*f6OI�#x�;%CY$Ț̋L7noPP!>;K^��5q
>$ak ^(jS�up{TF�-)6k�qZʵ>ۥ$mctjIHNpPr *l^cٕiEjJN|2gd�JdN�Eu|6OVT�|3<ʥB=Xnvɑ{H뜹
]�$㪽w^*;
T*�|}K!�G$P9<���FSzm׃QW1=�`n>�Lq�^ݵ[CU�ɨ{}ͨGc1wc�^#rr"��N��f�&|
H=d_,ϧ��b\Ȼʧ{PUx-݇nϕ�su{�wor#>I5u�ϋѨR d�>x�T`ޣ�&pn7�06Kq]v&+Q�,gw+Hg ^�s�_��Xq�5�DS��z'Q��{Ժ��-wWG�3\"6��
}=lQ7M4}>!��SO3k�<5k&mz�^ۇvd2�hS[LS3սϼz4o/16�X]='KZMu'cu9OkM7oowc[H=ۻzI}ݲMF�ڮj! f{:GgcOzӞu+sp:�$�DAh�^�|rna+ѻ>.%&`۹{amؓ}7Hm{p\ZZ6}&_!=l�C9=�Ag::]�:�l[^1�(lE��)#u�=�sW�y1=ק;CR5|DXi '3I
cۣppWSLȆK2;qWNU�rwksgċ_iaGv�BVy},>y�.ٶ2CD眜|خ%ha{\v���Qmɷ7;�Ίr��:7aӧ\5�v[={یH)�Lۣ
22
Aױ3>:�-Gm۞mq]Im!hm*�>wg/�o7l��=>P9-xʄdE/E;�˙S�Υ*HOW"*
z뷽*dHUnSJ�wJ>х/�m#ؼb�ό}d3{eaF �P)[}�Y(,w�$ ,lm.Za��v;;ݝqmd�eۭ�(Zt8%�Qn��{m���hvڻv\�9}՜3㵐G.ѳ6s�D>�yw�.0Rn�'^y0ϸ�7DݺwF�u:9"mu7��m^˛houk^ݲCk(r5ʞ݈�;5^�)�l;q;˗4732
(eqw��ө1s�lʫ{0={8}!EE�Q$�"2ss9-c3ܩ;5Sx_�+,AUNn%}DeԎE8K[R)dogvGs|ޝ>��9eD̫S*Itzkk^��|9_*!5/`{VSR<=k'יS�9 L>,(m�.m�uwM dݣ>D9H|/�v
�-&pD{�rLxԄ6U3ɎWcF|�"}�{w[c�%�C&Wk�t��9t.9'G{nor�ќe{ϔ[&�u{Y{wetQG*hKx�(9-s�ηmR7uτ0��>ݥ�ڜŜnrnAh'Z_>D^3^WePrl.&o>1aS^1F�{�q}MϚ�1&2sG^�[F}�95ɪKs��q�aM!m=o(
x{ܖ�Qz1㰹�W<,ײHWwU:!ٸQLk'wgUɴ3#^k<5kN�G̽۸&p�Ku^٘m5Y�Ϫ�ݮ9a66^q4P�cwmu;r���Igz��N�';zى0ϳ�9tymsTg0Wɺ{8Wʥ�KZv1Xl>pGR"wN-�\!=w� 9�Q;./Tn{qt'J�zGknX�{aI\K��{svf�Lr�;Gy�SK[Kpc�:uCkn��Թ�WXi\=;ۋ1lܖ�f=�ёkλmIIȝB�M:دK혼]0ջhw�UPwG>�q�n�Ɨ}#g�\nkc>y a\=VFa_�F7�۸5#k�ݹ�uqYoN���qY.mD+��7zow�II;etr2į�+2%Q�'Ͻf۳ŶQukumg�a+hjr^dBgytHỌ|E:-vb|s�Wn0n]V,t[;�u9RGAer/=dzݹ7:1f9{��\]�ѽ*>:ͮ (S�ggۘͶ�ލch^vڍ��bY3㹐T-�PcWִTQkyM&2^Ճ8ީkľLK��Wu0=/+>v'/,^W�u/$]okȝPNoqnL=1N{966��5NN&2>PnU㛣J헸w�$'w�vƻ۵�9a:>ɺdW#7�Qs
po" lsXm:c3G>|ݤ7l�|msN�N}u�5yKXZ�4u�kmza�sa.g7[�s]V{}'[-q"Ȑ%b윧
us1m)\n.-w79EM�Nz�q�;wn8^9-kg{({�{s(.-bZH�#Uvk�7/n3$J;VK�{[>][=ëh__M[88կ=74'X]oupjˍh2Jd!
qn֥cɉ9Öqu&mwY+8CD$7>b�[��>{rN|ծ4;oi+
g2.N6φCO)�A=껽ޞ�;z.,dn;3CTJjUksw8ԯz'$7z&R��wT^Nݻι>9r9!�}1۹W�rS<-!ɊؓЖDb,ӧnnl%vޱ&]�RLC5-8Jξ�;Ds'k,;'f
[UŵeF��7�2�k�#آMGTSE6CXnF�8ϱb_!'}}|o݇\-'Y'ormzF$Cg7EƢB۬8Fé�*S3�0vEác�cط,!W�]&=yu6Q�;L�:ܝ;$*Ik{9�5N�Jkݓ'0BHu�k�h3aSWy^E]c#}mшKo>Sc\ۻ�*-/,ۙ�EI�(raVkg�c��_{0Ep6d;ݍY5rUiȂ>E#Az!�GmǾ5su J��^z3_Qؼ{Yp^>f(]>U+|9L˵_;t�"�l^LʞTQSLFyd*-2�Ԩe]Z�J3fvʓmWy��|I'Alqlc1�z=uUU1[�Jtzˣ\Kz2o2]ʤBj>op�t1�8u|S�BN��ggD8Q}v>���X�"|x�+LzzZsCm9w|xni5Ge{5vw�mӻ�'$,ѴgsSrI3>%){=>7�T;lB64�yZ"�^%aPNOH>P[|I+Z$ɱ">'>+�7մTϜv7E�ddYSAu\ JrJJj\{^kqG�6^Üʮ׳QN�sg:]|gО'6C"*�9�C&E'ޒO)�!I==4bt�{e�5|I_QϨZmiu]�:=�OƎ$E wF��2/$�dP/;a= H\0)G\JV
='�F;i�]�z}�rmSW�\z�_�=S]!It��V=.>.�ѥ;e�/'B4��Ŀ�&���@!@�Ј0t!z��B�B� ���AE�GЦضh�#euwl."�qLh��EWv�Q@
(��I!ƭQ)*P��eT����A�ZHI�cVQlQK� �P(*�hM Ib���-)Q��Uu��uB]%iO.�
EJPb � d�B ,@(�YlEQ/\���6�α]TDR (�Q%A]�If+kYo\H���@�cʘ��Ȇ)F�I�$�R@'m1M¯A8| ��\z4ʘz�1Rj��<�^p=@Ȋ&�&N�vu$6@jdi�{";�y4:`@�X$�o�V
Q*�%-�6�ȅ �{>�B�щL
"C4�aDd1�mq���
H�)L�-y
fz�%#�!Ujy�l��gD7K-˨W:+d)@6[B�VNk�:;�!a��Sk%�-"�@F7׆ z.㯴d�a!LL�y�}Drԑ~aW=Ʉ��LgN`�"P3�WsٴT9ʗd�B;2�����F��bSυ@�Ab�.lMazi) ��p~
a-)x{�jIa:)��j|B��!�@tGVJb!4aze��FO�CE~עr�r$�|[�� q��%�� �#{�!.u
!vִEĔC5�70�Bή�
Jӻ�&�RXǙHy�w54�IV�.eBjP%II̹ui;�]j�e!<4%
"PPl�՟T䵤]|
�'g?[�ڔ5���8�8.LB3�.8t\4i�U)N(d�b4¶:KdM_D�:fȶ#`[E/L9M-3.;Ba{D��5�3n&==@w*k�>z#.�#E^�i嘍NMg%�fCzT�i#\r�V}ED;h6F�DQ.i%o]̽H4ӢW�YL '%ӱhk])QKǒpAii?.RmE�֝C7r{.ZAV!dr0yJowᮕ=daL#"x��2{j)��i_�\X'�B7�]��.cRlWj�XI3E,7�9Iki':'D+DJM&md�kwJ�WΝF[l4"-њ,&S�"{(Ys+teV��mت>{Yxz�Nut�ڄq_�QxXѳNu;m�öemD�B+G}?L¡_E9j 9�j�;��3ebvX�gK�?VFʠ7I=�l��Y=�ހ�W+9{x_٨p��Qކ�n'�Y{Rݪ�r=�u�Ԧa97ܤY/P�]1�=�'Ďzk~y�U�7YI�'-a��UM#l0U+oɕ�=ZQI%eEf2j|�Vo�U�B
0��F@ʵϜ�'kbr#}J.]7h�Rϕ)"i.\&x{ं�hU{GP7Ǜ�e"|[�7ol.]"9���6UGD%Ϙ/v!DJ(���$"
bR|_i~O˴|=צvOk!P.Hӝt�w/�WjyK{Oㅌ^wd�n83�4+�ԾSNL@ۨq�P=8,,�A�PsI Os2݉�(3�#<*$Eꒊ�Wݽ��Qpdj�f��a��a]:߱'̮Nc}ķ
nlVz^m}��)RZ0��;&kZʝ^嘆�^x[JB`�|
AF�Ӫ#De�qEAHժ�rұK�RDB"^0p?
ćթTj�u,�w�gz칧Q<)RC�86oT��"-�;Qo/{z&Gk�Xe�OY})ק`fx#=#S.lkg4�،+Ykk�v�/*"x� �8�bU4FHrc�+�ʮIugG
X�-Ն蛘�F.,��]2PغxrceE3v�)/ �+7Fm�*@_�@ї,Q�j��)Db\�`!���rW+c4nfU.�RMuij_
)@7e
T�Kyδu:�֡4�ֿvF.#[�c�%YB�M>ef~-*>l��i�/\A_�O�{CZ̚6�XD�ř-H�y9e
-]vSK2h\5�#r�k?+&`9Q鹨{�vMXOт.E?�� V3~Έf/=}c�.f5S5TxŦv�Ϛ�s i�ZBC{,�r9O`ȧ#ux|&@�xTڻ|"O}B��}912ER'~*E�eTN7MZ��'
8b[RD fA1�~Wk'v*
F32^ʕv-�d��Úߕ�F�Ɯa�Tgv�[snzS"�?��.W0լDC5y=5TϸFy4k�aQ��BL�tUѐ|WX\CC`#�D��8DS[&8fw��5+�*WZ;SmE�Vȁ��E-PBjs!TȒ,d �szq��"�XSp>=/%d-s҆L*m5)ݖT4ފ�J9
-._�AAH$rҠ 2[ANO܈->])Y9dantt��ӷkOX�`�ƥZOT�RX8DP�.S.c=GA6W/5�&e_,誈��!�,d\ o IX07���(�(퐃Z>?ݫ��'Q��Rˣ.Tj-W��F�Sưulg0�hy<���)D�ʳ�nvu{Z7~qWCU`6ñ12Ü闲��b`ħ2:ɏ#�EW˾lrI~s�|d�Pc�yE=�3Y MF-iOݔu�#UزJe:KT\��m1;(kqXVF'�,�'D�r2u�Ex��0/�>٫�)�|�G.#[8,cA|0a�4>8Tm[lk(Eāf;E!"�ef�X�#ɤF8X�y.=O�h[Y'QTck_HŠ*d5*ުd
z3�Ke���>���,jN�譅�|Y�{{dI0��]Wũ~{6XxN?:~| n�� A�\[23��<^G^�cB"0XVBƑ���0�fm̾CұL�]J�M-\Iw�!3E��S�ZjG�ҩ�IF��ڗUW;r��""\94
$B�R%��8o͒"P_Ixwz_ϳO`�O8�X Og�V�*@<%�m
�}>b^Il�!�$\GʫxD�~T�- )�PKZG\R�a,@Y��<6+faH ,aƶ|m0`8�A`�,�Dfڋ��QbU +6i']\�SQ�Ӷ�a'cF�5T�vrݳ0֒jre`D%
SQ*PE��"` �RPch-\ٕ�˻\D,A(��(� "$đS*:QH�СH�
jRLMnW))$�BD.U\-$5sX$hH1FcUmC5�'Nv;\葵CRdɭ�;�VґD[1(:Ur0Db��C T�r%˒�wr:W*Q7w](m.đ�H�P�M�1�"��d-EjĒQT
kM[FIZ[mC
�HQ
T�X�&-�ɪ*#U)m�E22$$la&�FBPk� 0H�%&S)5j1ƋhΤfi4ʬQvY9TbnHd%C�]sb
m��e� $RH�5!b[�m�Vrj%5m�)(C..`pa&K-h��LV�h/M\բ(EqN1H(>5~äɑ<-;Br&)P+�t29P�א {�b\;nY�6d`{rG
j�*+��HU5ݮ)1_Hlt{,���|1wV�
@*aP#Ejt�s}d&l'�}�J���J�h�"*#JniF�HK��)@CuڻǞ}��2�-nXnPb�MVmu0-�;6~mN=F-JMz�(�F«e�C~?d�:
iШm.lN�.IM2>n�g�IHd�ՙ:>�cy�jF㻺��-0
1ftt�0�fM<�9(fb�t6ѭQa�ر)9^H�RAA\I 5&FD�j3IJQ~̌0Y�"1T�9?EW�ģ%�Y�.b�~G�B )vb���Le�QK�x꤂Jht%.mTDPf(+r���Zeh]gXw(&сnƙ�l*L*莒��P��=묯zζk�T��hvЛΣ1�X-U�KY�3okE'���A'Mx��Flb�{KY\%�ʷ')%Sç�ש�M$�8|^6&_Em�w%E?j
p�QpL��PV%�#ESBL�kv3�McBj��I)Z�qy5QTSV �+g"5{="Enl�8�p"sE%b".4>+�rV�naR4ZTY^6xU0�}T�Qa0I6�E_T@Ne\|�V�wFcFqC"'�DeQŔÃ\�MLyAIU�KX7�KƝ~8F�GgCU`*b#h[���!@(O6Q �%W͆;+?x��Ewl�oT�±ΘYXϡRz¿1瀭Sby@ �&�iV� X_:eńSoc��(jy+"�]E�1��pDF�Y#�ՇE��$�I71.zmk�#1biX8LJξoP#7e<"@}:FՐ,%t+!4j,��7=Ir��Ep$Y*)3;� E6ޜ"ކ
I�Hƚ*a,PYʮX5O(3;ӐRܯJ.dxQF[LNlmMO
}%b/M)rmN}g?SO�DYMןkwq�It{{fNٶ-\7H+i-2�jg��9Q#�U�e%oqp&D]'�V�,څΆ}R3%sΥ?ˍ.TpjӬSB�:\<:�Q�ҧvi�W9V"lή�ŨCM[gt,ͮ�]+ j?h.2vy�wjN
Ms�>R0Xj[%N�Og��D;6��(PۃuKpTWW�CFO]X:4��iD�J(.
xeN�[\��P�.:�3ѲVv$tcf��{%M4K4z$7
a@veenUL|n"X։� ߬c,� �DUI�dh<�tx:=
6݊�[gd6�Р0UF ɽx7H�{t~W�e$2Y*�A̚MH)Ӱjν,G
�5H@n
*ƘP=�"4N˰֥Q��zcG�^f��B\r#<`
D�0�Z#8@�b1KH~'�!E&B5]irIo?�?*A�V�D�!^�� iM; 5FKQ8Hr�\Ұ�H?#�˪;?۪4�1RF+Nxf3`�)|`(1ɢ5%��J,9�s,���\t0�wG:
Քk#07�i�.yYTG7�1,� 4Zb")�EUG1_���*_r
HziΛ"EjG:K���yo�fcKVj�76[Z3Z�^
��gmbU\,�Lxֵ��CQ�Pؖd<�2ruh1D+� ��4$ȥY�ԜI m�בA56�)^LGIČ�59�`͊ƱEu0
rȡ-c�b7 #�R)�o$O#�LûQ?f=B=bIW�S&(m��Xq)tB�մ2C�;V̸�JY*^§`ɧT{.N�,��Z=eAۘ��%V^ɋ�*k6^��̅I�֘Oǥ2.a�0$a;^JD[}m�^JUX]tW#eu$@(ojP�?ߺc$qWW[iZ!! �nj!K2(o|_kakb̮AQhƂG>�+�U�'轑i
(93y�y�Q{�l�ǚ7U_a6�Be{W �BxyQeḧ|Z2"�i8>*T'��ZB��*`a�V`ղs4J%��rZ$�˚ʅ Dǧ`t&>}L��혧$�+�i2�MK+/��Ue�"Jg�}l;![�6�P=_&2?`/9A���
lGD/9t6ku�ʬ:px�{�`no;QDR�"œ�}{nn5L�ltt@�Ƭ�Q}�=-1U�ե�@lH;G=�G�a�>;"Ev�H�VO,&T?7њ̽;�(nԂJlUU�� )A�6zq*R�mnJBNn�ol>�:%4oN3�anF4ͭhŵdazXD�ڻyƷ!M0�(���-*�5({W��vJ}8+Y`��AI^{ˁ�2elӕ#^]�=68�t��(l�TH kYɥ-M0ت�
w+xkE22��
l�YBU�qGw��^,�Ww2 I�íU.T,>-uQh]��pb�/v�YG<["�+;mҚZ�|�*-���@`.n6VeVV��,.�nx�x�a�k1�x��f,dhl6q>L�5;B~W84)^NG5ջ4jzZ|엧}�WUU"I�8�W)ySG?ѹA�c/YYI�sثt��/��R!yљSXI�rp�pJ�
ůL~�fzS}}.f+4�O쟥Y��\*L�D��
b [~q=}E�[dP]ju@h?�
w:$�@-�_j�U1q*7:)QP�BIW[o��cPuwJb'Uw
ZYk�ˑ�[MrǾ++dE�z�LV�E��-?5yx�Xvm�)5�>p�7�|7ܒ
$H^U:Kk4'�{WY��f0�7�dhf�\;uA]oaƸ27=Z]Q8]�I!�}�^/2�af�a����ָ�1+SϿQ�q�z�AÔ>;y*[%lT,P\:��&Bĩ��qH_`?f&Ie,E{GOhې���jJ&ɤh1ްMx�4u�EV!9o�#qk;�9TvːRe
h!_$�\PL�UѪ~ؼ�^TʹKg�
�#^b9Z7Ζ [q|ߥZe㖫(V�]�k9~�֏7jLT-u4D>_ ��m*η�ob�ˊ��SXjg/�ٙD<8�hˁ$9&�h߳TC�L~b�%xI@:!fe*"��4լ�cVP�ד!sH@%me7�\�mQ0-3S]
kg"M/<��^Lߌ&s)QiQ�0�ˇ�U�ыֹA�+6KZg@4B鈮rb8�(zհlyX,)pİۘr�uײ���?|F�(��:3uuׯ�]�b�xymn8v]hf }J=ʺUf.��{'�j�Cg/M߈�&)sZAOuRٺCHXC`MAz/7S�8IJ(v(�^`u!2
&k�ѿZGN\%Z|թP8-<�!妼o0Qf��Xoا�jYoͮw�v!"^ݩ۵b�6^ߗ�E�F �{�[&^Efh쳹�ga*=@ʈ�jN�VL
�$_@끴�ܑ�� "
rƽ(xMwXangv@�0q�0v^�
HKHC�
11.a+H)1�)���*-�ҹ9�c5{}m,1L�`Y*+{�Z[!vk!8T�°�BR:ںb�"�s?v�ȶ�-�G0�!�E݃iGs��h� Osy'\�( l;�5gSJn
_~i�\c�yk
��,֖FQ24xZ#WB�Uy�dϷ���#g7�W_0Yfd�>�=�P[b��_Xkz�
NaTz*��"p5E'-7tfWI�%YL8T�$&P¿�^R@0+#���YWƌC!�ћ��kuH ,SkP*7�Va`nU��Y���ߟ6n�[la�EPN�ȵ�ۻQ%BP$˩,��V�l
]�n�u�T[𱗽��Чf3.gV2kDˀ�FwUNG�jqk�4>-�<5�Pe_jrج$V�S6Ho��YW_odj^2r(Ֆ�Dr߿[�`a`Y�yG`\�_H娣�+�=�Ȭ_@�8D/`�]�K^�-0�87gQ=Ggh[}�C2r���[$+~!Ԩ:0*a`p�<�iڼ�g4N뿏_�Ea�vYh��($Ym�Sk[+%cZ[-eAtlkVq
H"]&�
+{'b� U{3`>]&��֓y]�:<_<�".6-kj�>�=Պ=�1Cb�ΪrJ�sm�$eT�AO\.Lox$���M�@YS[�:)14GA<&W�
&jS6{>>^$@Sj/hRIe$�>����j{fC�L�'�K
H���v
CdUs
Hz���[[
شZwU!@m�`icϰ�b4j1F1lͯ�dF4
�Q�TS
Hf]�EV�k�D�R+T�OՐ?�j�C'�Z�oRjvEfj/ $�&hch�ԩi@ԯ5�X�"[�0lP)Zh[nU)"cQ*���B}%,?\8_A�gV
�q�f2R���5l1ho^EGK!7>6(J#vMi{af&,b4�Qh�MSW,t1F�EX)�
4R�q��w{Uo�b�6AX4l6�d-c[E�h5Z5p�Wus"mU\TT٤f��*�e�2oQ*O�U(P� �h�j-BZѵV-m�ō m0�ѵVaŪUt,�JJ1�'E.M.$дM� ��.3!C@kaGmcAp�̊d`.�T[o�.A�brPŋ�BwqĢ��i3a3aQ0Ey{(Ԝ鋻\+�Nurc!�nj
�QHCZM�Q1&�Ċ3L&�IS�,:]\뚍i-h7e�#�վM2�&K
���I"�c�Jh&� b�� F6!,�!�F�h
$@*+�$j�ŃFыEF@�i1dhƉ2bUk\6"mXEV-��ڪ65�+�BѶ5�ckj�66'ЪXlU+��1EW[E(ڍ@mF:E�}*P}ϢiUW]o-Fۃ"[bM5_�7}E]1E/-5ݓZiJKg
zJ�\4I�Q(>�?i0OyS�GK_wXNuq��_o]aTk�6s:�IwUH,i�I1or~2QUEKTH,�ë;
NZmͣ~;DQ&Ők+Dl%iYmjHB%BQR2�??!4��6"*�ى@a�d
Fhc0$(I"�@0`^\ѱZ6lZE�[~�|���>{ni슈"*���5TcjM�4Q,QDI��WKDFnkETmtJN뚢¨D;Rj6 (P�ZD��QƢ4XFƦ��/A(Z�(�`�aeЁ%FAT߅뱼6wܾ_�\XrﷶQE%Ed|AZ}
�l!HP�}u/w�(˺W�|yFŢ�op֔�0VBƤڊ"qndBP�鍾t�(4EtPi(@%�X�irŒ7퍊KAE�-p7*J%h��Ɉnh&!�co7KI��9DQ�];6κ�22$E�"6FrysVk�
�mHlh6,mQ�Q[�zەj-Ehؾ9&ŨH6J4XڣQ�,A�6)(�Eh-�:|m���-!$rtr8WU�X�ɨH�4�J�m] %ܫ�|d�AFQ}6hdطk�Z4V&Eb(*H$ȕY{*)@h�1`�P;��r�{̻^]Pk '1��;�)fBhh}:\lQwv��#�`7~�$�QX->n[sܮh
ƢiRV+A�yrؘi4�@XDٖlZ��Qd*�ѵ���wush�d7w]2}k��X)""&JDd64h(Ѳb��h*4Pk0h
Ai6 ڃdZ1ḻP��6��RldTF[y�Ҵ�b.sE&�0�Nlm��%E�ZX�-ru{{8
~d8S SJ vʔ:*�MW�m*+J!AJ*ATJ3&R^LEb{^�H"�㲄1PHRʟv�K;t�.S��+O.F��Jf(6"iib��a#��h�JI6mlZՍ�mLԲ�Ʊ2dړdd�#0YMJ�+b��b#j(ѰUKcccYQ, 6�*5T1"Ț`4��HXR�TV�}WjE�56)4H}mA�--hE�����Ѫ}u�KLR�"_�kTdlڨV�J�Ōű�djM�*(-%,Ė1I)R
***S!EPUͤ؈QmLZM3�b1R[�-�l[DYdhƦ_* lQ�B�ʹ�J!A2d)Y �hZ �n
q�=�}{m@4׆(~>KvGCV1_t˯MϮ
9~u�tϱQ_P�b�!}=kO�|8U|п#K��
�Q/A:7C+ZtQ�
،ańdSn��(L\ʒ^-[>QH=�/�Dz����䅹}}uŀ6kk��C@Ҕ��R�B��ǰ���h�)>n씟TR(i:M*ZuBh�[s\EspQQ.k�CTъMvn\blj+�ojU5r-ox�bl�t.>
=?¿IG2it(}�E=%�Ct�FOaq(҅
MRVw�sDd- JW@hA_|Wɍ{Ei,mh"G�BTCH+V|JQ:E�S�/u�_J��lOIɭoE{ fM�WIjO2-�H$-�B!h�Q4i`Q+ljKD ,XS�E$�H*�mj"Xƨ�+��� �B1���,*;+QY�{eE�64-�XŶI5F*#�c�FFmZ+�mAJabTĕ%TZ5%�Ĩi�TGBbE4
sV5�4m��k�*�*5bQb-�bFѶ幨*܍cG-sTZR;6%5фfkQ,Db�$Ѓ@%�(CbɨEQX�hmڀMlűIl�VhI�*61QFh�
,XKAD �/3E��R�6ʓFi2Z[�k�Ahf�4Il$d\%I��N(mQQ2��Q!cy[���yE�(64jIȪKJj�X4!�Ū�t[��һn79k&��}]4�wݹ�j5�ccPFj5�Eh6MEE�HD�&vە(TIZei*Il�*
2�p�5j,Up1Dc@3DV(I�Ak�k��L�i�hڍ��ƍ�RTk5�(V-XhR�,VeER�YZV-D%S4ѫ�d1�dJDc�a� ��F7{B�*VZmAM[T�4,�T��ʽ�IL��4miBȖDQL$bJX-
1�Xڢ**Q
+DVM
+(݉QmѶkF-����JJfRRK>Sv
\.^vۻ�o$]0FmI^Q�W:Bb٠%&MD���(淋>j~$_� D&w�
`pc}ƣΤ!`
>\i)�Hd^٠ԉ�(�f0/\˜$}
�k&-2�hڏG~�La���2��D�@�BB""� .uY?:Ⱥt!^
z]aH\�ȉtB-^W~��pm*'y��/^CuN�]!D@tjeRr֊j`l�ɷ9fR87]b7&$o,m�%fl$fWgUq�A��5ٿ;AgH�mX0�@Sr?[R�AdhnZsyE(E�MD�\j[���U:
��vԩ]b@#AEj:n�J=lK��usj[Ĩ\!{^f�~P!H._ɈbIHRP`��X��Ⱦ f/dRi&Uv���ͳZ"Z4IIa݊CD�;?v`W�~q�^-�'�}⦚VW&Pl$V%ొ�7ik3Uk8YX*Sr�Q�:ڗS4z/Qe\ϻq1,pq!va>M\9�=>K@��ԫ�%`Ӧ�+�G̋�OgtgFDEH<�C0"�=1A�jc~�hR\����j�c4A��ZsGO�4<}Z[݆�)|X O�gēZ�TX
v=)e̋cL,K�h�^�QJ]�CE�r�u"pg�c_Uj^
$�4oJB ~�yf합xtKK܉b?7�hK��]W�\יe))vI.DH93#�O��t�|4ƼJ�ږGA�#Z|j%?5
L�z\r6���ѳ+Ml�ElO���H1�0.X36C�gD
xc�=E`� E]S�=Om8�Z�]?8w�]Re�<~_�OM@@�q&B(�tK�jHQJ"�J!phn\k�8�W�Q+K~o0ܪnV6k
"uO&St�0�kSN9$$
;=ڭE�
7я�zK�ts�CA!hI]E ͺ,�1pZLe-7Q�\M(ֲNb"`wL1p3;FU"ł"u}vMP+�]-ϱ�_$(`[ tb(-d%d,��HV:9}^snI
(N)0;
"BTȧ2dBEse�Sw1�JE�"4D�m@W�pSuZȢi�bO�kv#{�?C_��.C�֤�q�_c�(CaYum-�jx�F(�/n�~!__0Xs?{p5&$ne~^/w�Έ̈�HH$! �zQA�.+
�6!ٳs;\͵
j|pd�5ZB%pzգtkY%�M�hJTQ�5bS�ssVHʽC�qs�ؑ
UQ���!Yw�q沄ulݭ�x s���
%wld,|u6�fo�x��,O�̒=i`@�Q�{8�cm/X"NʙLSMIQ�A�N��Η1[d<ԿpN>4>]l e �C��@jf,_i�)Ԣc^hR˕��vi�'�Ct���džg1jXͧ: i(CI �tD�0�}/.w_BsŬ�Y�)ZS~ߺ&/9'sdDTh۹B�U��itY�Ʃ>a*0[@5UJ�z�$m 2ʣ[!`)0�b¯Ӳ]0F3mBQ2oWv
>VA\NAIƉwBK�M�K:PгrnLER�Ƞi
�+d90w2*&v�y)
jTKF,aLL|Wxhµ�2�R7ٵ�y3/4�Yl2.]lݡ�je!NmxD&i- �E[9��"P!#�D��x c3-Y%D&kj��P$bXmr)۟eG�Yoo�{H�!ԫ#���lI^ώ"~=.(hʑE�E]J�@�e�� $e]M+nEoǢ4ݎ]Zt*s�wR�S7Z4є*_y;8��(@
Bz�G dJ��Hj�j!E�,"
6ŕ
�Q-dc.Rn"9z)mA .�V}֖w�l�7J̸%=�s|eW��ĖQqC7L>eD}^,���P�P
O�hi$�� DF�gwwz�r��E�j%�|7ql4E3���5�q .;-�
'qsь(h�nVi0,X=1ɹ]-�7T-0*�/��i5�imN6y{2�`NGdxƓ~|d$�7��v,A,ɍ^polh��ܷlL;ĪG(�@��MIC�<ȦMU2_Q.9;IF3�k2;9��/�K� G˒m~ܝ�>ڤ�Q#bd$/P ;oLKs=�)6SӒBU:�Mj{^g�Y䴶+��~6x.�)�s+q`0|$kz4=iOAfx}�Uc
��7�bcYgR'G$�(z-�]�R����(�"6?t@�Cy�_a�jt_Cc/n;w�)�OLĻ>K�uDJ�G�wWϟ'�!=(�'IZ{s�nOnnYC.�dFJOI[y�%JQwF2NQ�7ҡ"x,6)YJ3ᜎWw*zb8B%gd�r�ՅdS$KI&op8&`T$Of╘.oZK1;�\t�rF7i-��1�A�A�:-��w�Yx>ݎw+_El]�Kw>\/��xk)@ToF: GS�WSC3|QɐF0�xl
�D!(�P
kZ�?nYs� 嗀]W\4^ZJjnyx~M^O5Ҟ(�ҺԶ̐�V;
�S?W{C7�9}�ϿO(Y�X
��P$,�1-ϭg̅��Rd/ )&S��GsapcB(1q,�Fz81�,�~MUr
�"(ԙ!Ps��5�5ZRwH�)5Hr�hV;iԆi@j*4K"�Pn/�>V,j�K��zdI!i�kS�V'*2|FH`)q�
c�KT99o|Ԧ"*by5ć5+zXv8%Rn3}j�DԚ/XbAy\mKǍ~8X�ϹcJ "NN�dֺCc�'kh!h^��tBi%�VܡmUuS~�guƃ��!�_ �8�R(2 #hU5GΥ]G d�- 5"ˠ!{y\kM��t�Ak!sfPc}-C=�@�Gm=yмsM?tܬ
ٯy�&h�X)B-ic/I(/8LX8alEj��aK%'~u_`rYSY+ooזgU�j5~�&d擲{Oes:g!��B�!<*x����&;�UiUF�$()�T
_Q�g�IBQ0=GUqVd�X:jy^aAib|Y�E3j;�U*ʮ-PD4�r+��Z5yE4^�d$rDv&Ȃ��`²���l+�P2V(a}3�R|G2Y$濌r�ԑ@K��߀U7YYe4r�&+l�kZbP2�W5H5�b�/ZŢ/�+Uw}��LĽ:f$Vz 3?{dI?c7�"T]iؽ;�ﴻ�)V##sqd�~42 ��)P˗W�/�r\�hG9P1��o#�t2icYl�P\/2Td�*�UbքVai%O2}Jk�`B�M���^W>_rkanߪQd��=j֯U7%WPV�VWw��u���rU磤���:a²U
",wOʏafWh!��ܙh:ꍟh��j wܪԱqI5L-j
IT y3�wH"X@g>~9*�/C�q�ݕ@ZdB~Q"懆huO2�Io&{]}�ω{eD�Чz�)He��&��vEq(J'O��tZ$h!���gc8Q$�,D���,"I7PU6I���G�}}I��U41�+� Zĉ.Go$4^�(_pce�y
".VIn4�زFLfVF*)[�@@+?,n��d�E�Q8qy~''{Vxk+.W}QmM�,<�t-Ly��ǤC9OF�㖉�5$6��@G.�e}�15v^N 2�ų}K�=n9ظb>�'t190�9oj�E��YI)_H{~rͭ!M��چ/K��l>nI�]\_AB�T۲3~7]}lHM.-
I�8�h0�C産JH`Z*�=y�)~囬IV(7�ƿ`�ЗbM=YuH gW#z;3ZI:qzqB�m�n
\�L�_�2`<]�3�=�,A U,l�59bGNQ��Q(eU�1|`Hه�hB/��$ʯ=:xVsMg�Aa`҈1[G@j�|�,Px;�b)u�p�/de(�Cb/:3ӓ\�&;LLբ[]#3E @�Fy;�WG� j�>DD^Di,dN��e�)@IߥqnU^\;�|,N3��Nj Q��!0V~adW��k,�a�+9�5s0{2aC,r�X�Q<��yX�! zS͠/�lץfA���,� F
aDZIYEM;SFiKM[3=u5~]؉ٌzh*4�oU�Q��qX�L�)ШzFѪ�x��6K:+�By-EL3��n5�'APO@�FA7Eh=<5a���YR1Wc�5�)�u5�Ȯ\w3XE|��"e�#7~\�4$S��KdFSƠ�+0뼃�7lU&/NWc䄏~jN˶nqQ6�g_�� UfB��:�@N�d#$RCi2p�%�Y�QR�ӄuT>g)|R)p._w]7�H؟�˞`P+:ފɩK6]ず����*,[K�>(bA �� s:v��f]ecv�һK)3w
��쩮*���8+#eU+^O/a�z3`^Y85rdl�l̬��\V�vIVgӯ
ud�nJwbg�'p�)uo6�Hی%m?C�4k{7_�erփ�.�))">R�d/~I�m>BLX?e`x&W̛= )z|�\BT� 82'��nSfP�r"r�i:dz<�G�(^ǡ97Y=�?Gsh.7̦]L�GW'��3!54e 7Q.p+p@�H��fY1M�$�*@ 8N/67Dʱ2oNgW��E6n$0Q#w
C
{3�Wmc|:�o�ɠݽg c<��A;
|]�NP>$R
�\`�
�eGjfvf]lq{�5zg�T6�F~��$^�T+ȳ\oór`ɼ�8bnjqdii�/5nAd�EImv:<�3T}\P�hk^KmɍVu:�Y%'Kll���PQH|d7+HN0E0\���q��g! &�^
5QP#i5N/9?OMF,͆/hʸOQ_�1�QK>k�.N-49�&N���@�ZEso3UR��T*y�%I?w�:%�\��Y<.D7��@$�YnvyTе�u�IM��ˎ3ٵzzȜB�wIK�S$M Cm��#h T4�y#01v=V?-z�ugPR���k
pkXXS( �AN9�^bo
E�Y��\/wWo�r~D=_ys�Y�Ag\¬�,-X#%�䇭�sGi#78щխ!��Ay/E^mH(c8]I�^ M9ۃzh�OQ��S5�Q]19RӚ*lfA�qP"�ٌN]�rIBdej0_& VJ4Ӑ'�khUP��{Z$jo/c3�Py=>ۏ�Err�y�ӾHYKNrNjy��zصi���-{~+?16;�P,,�Q�Rz3|���uI5]ab=�c�I� E�B��($3
��9*
�f�3n�
C�~�IS�{;܅bz�7ke3kop4:�E�;3��S*]7WAf3#/��v:{WT�#P�
Y+�s��ʍ&m~ZW�(5JӢw�V6~wzfH�XRi��$�n�YğvºԔQ/'c~|>k�d(����yf�xFB_:=بdf%*H.Q6ODE}�͗'?#k/+Ǐe|%7djsg0�X�且&*oo=p\VNO(;���y)1Mn3�R�}
F^�N]l]WH?g�Y>k'4Dc@ۤ۷ wm}?-E 51�z̕e3*�^@qǍ�R&FO.(i <�>R9yse��j�3o���@EPJf�!nEE�[om�ZG%ޣK�i<;):tݰJE.clZ�)ڞKvǾt;y*�]R�ňz�y9J-L��]��ST]W�]�b_o(�iu佚w1�8BYޯ�< E|0>tzj."m/a�^^*yv<9.QE$>�&Ɔ)(�bkf���uxh>z�Q2I��SPy5�)Fn2��r-;s=�q%�bt~:�Bqq*�nvJ�3G:ޏ5(d뫃Cʦf�]xuF �~�9xyU7�3�C�rߟW,y%=f,3Ah �ϛKߢ�%N6$zf;]�m�"�?!y�HN&QN.E�jlQ;
UŮy�eה>T5^I�4wYxP-86,T
Ck�Xpbg_C�
䵼L5��/3hc}[�WT=o5
qom݄cޝ_dEI3ha푞_zwάYg3��bx+齓D��,K'4;�HмFka�{
�i�@]I,mx'FA�}?tWs#8��cНM�|o/CԤ�v{dqU�r�
VeIrSJ�çā}�:g��B!���ܔ:J�4>O[@Z6g<�;�NM<=0쬎�*I#n�^
]8�ێnTމ>%Kܹѝ�(>йg\r{ggn:R->_R͔=�%�;MA�b��5ɴC&qϿy]M�&q.8Ȱw:&uD�pY{U�jzX?|Õx�[��mp:;}q$Һ�T]�\?NT�wcm#�jav=�K`��\&go%�4�]jyzuc��f�5Y{Nψ���Y����0پ���ceg�e[Z f&a�m 2Vg-�agI͓MPcu& 'pQ�~q5u�{&ྈ}�xjLQ�~?,m<�"ڭ"#lV@ \0s8epk�|ۛ�~k�Ι�Umi8�-1o$Dr*m�C��GI�b3ݷ@hJ�cdn^�__*Fe{CWѺY?�h�6y;/<ɝ~}9 }�ӵ$R��BscQv33˫�F0�ny|iO�e-d�KW̙SʷBzRN&ly?Xc!gN[f��0�7.oZ3f-Ʀ/#�a5jCr][)*�!r== �tE$˜��ڊDH��˸xl]���B_�yڜ.��j�a�0"fk}xQeq3*���8ְCm&�%�8���IpR&v��C9-nz"�t9luIm $.�5zˣ'C?/_j<�b������
�a�
OP_ѡ3Gq�E~w3}�mҪ_H��\[}�iDGbhYs2ߵ�4Z�6�{㖗>=n1�Oa7y!7�ۉؤ2AS"iHC;�ZD�MJ�X�LGҙiS�^m1os�A��J>{�<)�#cuRǐ=���)z%#BkH�&LXw�>�Y}yA�T�쮯ЋQiW�P��)$mSŻ�
|M�~2A3ٜHLk1w#s8=��#ux
��/C_\H�tH:BX&KI+%I8+ף"z1
%/�!��3@Uz>Tz!�P#X%<�!Plz�P]5���ײ:j
G�'B�O� �74`YvH[vw+:Hcz�n� 9_)nB! 4(�6�,iwhv' �2�.R[�7}��!w�ϖ(0=tfeX�<1݊fn0>q�U�Qy�]_հ`+:�oL;ӓ.aZ�J-F56{�f)}"�n1l1���yeW�v??t06��I�^�Ca.7�rp���"��vdf{P^?ѷ7�zV�봊u&h����se=z)IJV��G"J+7�:UV�Z>H93\��"\]5�Qہ�7k/3�+p�Sݮ33e�V?9U-g5|*>4~5K ��6 GR�,@�o#
p锺 |�P�/� �Me�:irz^e
S_ȂS!_C*ū�nf�6}�?ꉎ窣v$�Ep"-�y}���$�o "a@Xp�$w�E�OМ:�X�{�5��2&�p7]zѸ64�Qz#l蓀I�"+X~
sCh_+F
a�Cܪsa��V),�B�,Ј?$9
zꎎ
�06H�+�� q�j\>1n�7NhʽKo))��םIU`K=F�49-؛� �nf$v/ (Ld�]c�FҾ{�OUܥIElG'Mr�H��nk�L�l�FufG#;Cg!�Fo�ʚHҰ�{w���KM��[�!@oVS9~=s@B0U�h4c2�(�(��%}�s�2o,K>�U%?괽wIiL��ꕻ�O�n9�id̴uʨjղu{�Oߥ<3ӋI�zVyo5{}Fs
�'�1l(
a=��7ߖAn/ޕv/M
4pwQZ,[�rK0
fL+3�=dʏ�C48�RTMBJ`^6F7ʍ%y�}
xDCHz*?lKsj=~ޕ�zxJEp)�jT�sM�:�%F*].t�>.kҕWJA@]/ԉ��Z_X1+0wYc YYffR��~mm�iE-���!ڮ]Ь^$Ϗ8&3o*9�Us�TS�)N|`~݅>��R(�w 4��+�=TY,��~J]CPyJ0(c��F231}�O�W<ʛ�Ee(^{ț8w%��ѐ�
_EޙeuA��L
vXS�%;ԇ�Amj5(P�� K,4�4�OfvD@�6("?oy�&�O2�I�S�MgABpU}ؾ_Yܚ Zj�J�C�fy-�HBq"_=="pb}}[7\yn�W]&H︓5֘�B C4���!PMSfdw@nX
s8�0TmP{i9w9v鞔!JPZPթ%6e"&��Gq��ч#�<<�F%"l(d{��<-Z[Ikh�
]�@iDU3R�$`tc0C�~~u�ҥx\�ݗG4EH��'
(ZEX8q06�K=���K)Qa��TSV{~Tlmr�i=yLQ�!��U~�Vz7�7_ya1d��.a�a�V�*�Pw\ٮ^dN*,gĿК���C'5cO�٪
HFA#*SbB�AX--�drE��ِ��M"�q�j����
]jNqsi��'jT���%�*VBu��:Zj�-L�î)MByks�5Ꜹ9QA�%iBWiM
�dJA�'ت�W4�-T��lv�(^n=i5�q�-Z&:"%��@�"�Sѡ{�6z}ٲR�,4bdoj^C #(ЛloW>ٵbpT0�.dJ0xCFj��EݧciH̤-3� 6}mu��K���3W�Kr�CBA�,�x8�Zə�Wqgw�7PGDjiK�iΣQz;�A���(1D��ʪ���wx=\mJ/*W"�{y;r,���
)�?|�/�yd��];ʖN�>= [éKeR'իtX*2p~Y��BO�#�P,b;1A�s&SI�^Ѥ(deA��n�ޛwEҁ(sVM~|E헊fZY�5T�6]�ƃg)�`~0Y?Œ7F.$&W^+ K
dǵ/SF2[
�NeW�&J
!Je/sm]C -|��v4�X2
ߖ>n5�] $ۓx;�N劳=�oXdWl~,&G&P
@NͬaD"sP6�Y�DTn,|xRJ"�l+^9c
SJn0h_ܵ09MbN�_wG=���G�Y}l*C6�O5r�(jO^��/ViGRd�ʪ6kA$�[����]_oIH3G9�Yc��@�q1k;"�V�eN3iŬ165d@�)�#qH_L��v#2߽X|!ؼo:Q�',�z�?խ�TbR,�Y
^Ʈ�x����ҡ�?f*L��5v&$n2K2"�bʮ#;%j�Ju�T�;ڄ�2�G=40wa(��ʟ6Aw,(���9g�WYl�Is926�ҡ���PD& $~��}�[1�Xy[�
7���r@芕l)KVL� �O:K-�}EG9%;��҂Bު^]]D��7ISc�L�|�2mt{
-fLj%g���ؾ7H��ORR<[Bu'F-.!6$C�`(��
NY��eL�kN�L)&s�2�]L�pQ�ŕN%;�\\Oy#�^�=_EF�C1� )?D+l%!=%?ra�h�!� �d:;:$�%I/;KV�.H(LyY*:i~i�Q%$z5#U䎫@fw|D@bH��7��=~b�E)�/��J[�K�
z~Wc)ڬ�N)�tWqgϲ7mqTfSf ԨB^c7.l]�xX+t0B i\W[EW�o}o�A&]ϙIizߙ7AS�WJLIR$]a�4Ը)9MW@� �`�%4Q�C�Ds��(JěpE&�I3q
ܪ�tӐ�2/�ڲ6 LS�'�jO�nUxesq��b2
O}r-6+*_Nmâ9>�d�e�27c1T$a��XÓ&j$j�sN�k,�.vzvdofdձwrxntT>X+(,�j�bܞT0��}x3wB\vBHe�Pe%|;Q�*==lU6GTI�!�~g]-��?MɛFO�K8|=-f?v�-�3J*滪0(�ߛyȇaFޢ @����MO({��u�WhFFPEQDΖ�'ꃲ!I�D%�8
�ӗs�Dx7m.'`�cVa$!`QrF`^
� yx�b9�~o;oYP�_z��bF{3ˌ}\Zp�,CGd8>@Z�R!8� [ C>O@aF_^lIhtTSv4�]oMb3hq")wvȏ=l�q�紂K�>!�uW"`> "`f_+�o8]>{�$҃��\�uS�}l=g^ou~)��__f�:�{GH
!&/K]a+�7i�P}L&��ZmI�rcTj]f�>yH'� 4ђ$�0dZ铅BE]!�"v2,�{n>]/ڌ7�-%U�E+�47� )w=w#�]jPU[Һ�}?M),�)팳 ܥo'k3W�D�)�)r-(HV��G�!#��#a�F1}+Ү�~q���`bG*�Wcf�ҧEm?��1^K9�V#1/#1~~_M�G�c�مKM{MM('5�qss@=:}wR}d<��ްŻ�oR\w.쀢bZ,Γ>J��ub�Fdk:=�:S�9GdQ4=>`^[��yiBߥ>֞F?d~֖ԭyw�xi4r-y*�R�.+ :
'#(+ɸROpw]f7i
S)g@
։Y}։?˿ӪAa{syP��h+ �,[�?!#�˚/�2-2iuގ[fa=pb#mG�Z?*o+'dYBK.qVg?�F1��-"z=;\"e1�b�Zܴ
Ai-3°TA�D���K�
Z;=6Z38nwCdniLvӘ`@0q�l~�B3VT2D`�9gp[�H92��OT$μм{ςc
~o�o+ۿ�l&��5]�IfLȕ�_x�Awm�VuJvCr<͚<
&k]zUY60:?kz=ڋh�ˍ$EA]�th�d8PWy,?�ñ�Z(E=i�Q,h{14*z^cevTx;s�u#z�٥z=X�V��)�olW5�}3�TXh2��zHWz
L<:[cP_WO�LYw lmZ?̻�$F�=�SevZ�i
58>�~=��#�C{ݦ�O\#^_&ʷ+NC�F,a�3Lf~�T?5&gǏA%+\3?�lj3;KTa
Ojf|Oy��w�ɾZ�02@MؐI^H�ݘ)ڪ= )Ly@xj�?���b7M},Ɵe@�щcILWL�F���hE:z1fL-g�C&"c�)�#1Ŧ��_�{,�u=ӛB?q%Qz*3;L1DҦb.gN~1CTLČP�;|]J��:r�Ӕ,b�̟R�FʼB8B�K:K�ɱD'2pݿ% A�q4Dž:�OlM
�ya�En5~)�JI[ d�݉Xo_X0�(.h{�w&X��-x}.K� �qcOK8btĶ�|؈AkW;Y&ɓ>Iv*���P�O$0i/.0UJ��o}z�yLJL-\ܳhVlmƚY&Gf�(ϚȹEK~y�p� Whљ�Do����릶 Lb=͢S;c�6OD�'�o)N(���[�/Q�) Pp$!��4.+8jl[�=76^/Mj��ezc�|#dlYhLr,G>gJi�r�R闛XDZ�-Bijʓ�,~ii�DYsKِĞLotfSI�#,Ҽ-IB5]LЖa'8z�lF|ϻ�3�5IkiL��_S9/o$��Y;/)�Q�@Ɲ3Ne?eǐt��5h=ȏY`Hbz̈8U3
oiv�
[/�SI�5ku}f��_+,kP*Z�;�or�ϗ�W�7�^O�
fV�eɎ�Xʾߗh^>tw�C���2�G�rsK{���{:o5'FpWk��4��3��q17zC8gƺbB>dw�F mS��"2jRnТ��1rdH���/�(�Ɍ�Ln�DB-�KV9�c`X\=R�6aW+(vq�@�SmU6ls|�G�^[p9�*�m�X7%�J�>E Q|ޯhG^��k�I�p�_B:j/BP\JC7In@Lk���S@%mt=�ZC/˖ٵucwg������Ef^���V]#]XoJ$s1\٦��Ӭ"k3;
�ֶ]%gT#�A�St ��D���x*�1�Bڻ � �Oyq�8p
ld&VtYOzayӞ�O)!�I�U �Zp92*7�9�+V@J�,FNc_"JFI�4o�^(s�a^$10IC(��TȤc%j���QE�aN�
6xS/j٭ok~"oy;y(r?RGb2�b�Ά2 dgND�h=�yiJKp}?\ߚ?)Q@uLY>r�k'o/N*~�9c>u�Cxé?_vJ�bq�a(�(0�HZ/P�6ԯMz#H'7h?X㾟[�
e�[n,-f.}L)[ھMlβ3j{T'�Y���Pb(6}�Ocl`�7U53O'Gxιi&z��R�$$�㨠i5Q.)���*dŤh�y�ȐRJݧ�ᔏf+y��636Oa9��Ѣk�LD�1#n8EcV2$�"*q7��ȃ䏇
/>VG_�����s4=/uos7
#5ꬻ%;'n}$I6�YF繊1'M�}��$�^sh`}o!P5R(
Abr>7ԻM�mqk�}De�fcg���?]n3GR|�\d�;h�YQtb{*<�٨~aP�~[nu�7�t�i
BljU_�u&Q�ZyZ)8�_~F3�M*4YLev,@Y!ʙ��tr��At<[
� n1NH�"UG\Qk6ޖC��*y���wnl5ܺ2x䜙t(tnP�6u8$?19|:)o@I Y(�xG`T(ǟ'%e�RȻ$^iu�!��܅C�vd78&VzG%̞��Y[M)|ՔO�
1u.!.�'$ə#B�- j'|;h��i��I,,aR5cY�D%Fd���K{�sLuY._2sZ�F0�E�e\F<$�*_:J�tn`@*r)�aTY\%?c�"
߀YR>V%TɊ �Ap|Uj� �]
U�I�Y�Ra`oroj�D��0�[Hve&KU0P1A &�,"7{�Yoo�ῗ3�>O���ZZXiMqk8�2gTm#2HFuDy%s5,�u=;KE9q�%ByT��I ]ֱ9u,l�DU���[apɵ"�xKtTXk\-[Q-�ůd|�8P'$v�it2*Fv=�y
�Rn9�8YEc|��WGʽ�[MLL'H�Cᵳm m<�\!͝KՏȡ4F�E0�&Է]4I=轭=M&ӹ}�Ao^(>^�4+N'֍fp�
F\e�3!
֤3d"ib"b+�N [Q��W0Bu�L
i>rjCc`@MC6�)˒Sl4 �a���_�3¥z�T����I@� nF`��9��)KCZPV)=KhHֵ5%Ԓ-g&k̎ę9�[J{�Ɣ�"�F4uQ.#t1&6DXG�B
Y:glkCz$ҋp~VDoޟ}� ����͟_ԷV='ѷ�P�yqd{cR{��g 4hO) �ﵛ!'��E�AU��`6b^xR˵Lf�*
��$1%W
0uC�noW%Bl\%]=H%�a6rՠ࢞
/nq~Y�q
P;�a&S��:{6/?o.r]F>�v<�ۦb{iۃӒoB|w`�N[).J]~I&Q�txc�/+Nf/SM�q&g�x�,�x
gqtubh�I9輽�oF�Y2\��OV$�g9iL�S\&.+p30V�KzGd1j>:4m%׳U_*i1y�w�BNp#v/v
�E�E�4H�F��\usZ~Z
�T{v�SͮV��_MMɭ#,3oI$&LkM�d�x [N�~^�^��1}H6?UNX8PE*ԅ%�:;|C�i kŜC{tISG0C�ێ�Q}Npc&R(�@4$Y�B4'WҊNlI
|=8IK�snyIy^SMBJq,�
��sӁ?Ƕ[&)�1J9(0G1G7uw|�8�F)RϦ{͚Z�bMA�_WndpI6.d�nk�\XAmkS�Vڭ#(5"�|"uEh*%cR=VF�
e$l�
'I�5a(�z+.V=lLVCMrdmY !C_WMiӊhyGs[abg�*��?jyn9ۈl,��"dW�ŷZנkŋk�4�QZR`P͏؉}_I.~GhT_܊�hN�]*^�+k_6�7Uf>FL[�k>l��*BVW@&���i,)�G�X?iDR4IkTy:Uw։sWov,�U
יj&ݢQ5�[~�sV"Wp,pt�0����ۡ��LwVLI�7%q�Yr(97e�ejɒnT��͉ͩ!Օf$t>JXÛ}eum�F\@E5ѿVqjl�x y� X�I�:��Dl�VB\čv�&"|�(�o}�Ȕ]�w>TvvkdG�cԂP�3�JB&֍UYHE!MF���a�Cd'6�'
�in#^ԕHY`̅��
p"\_-1VH�w}`.+t5[+��b_�X_R�jHX��t//8wYQ�t)13�~}@�Hrr/�HQ)G=
1Ы1XLB�]~+�j,�8�\َ3tC8`�FHTp����Փɺ-:4
I@)��
;�ElF>xKXD
mL:�tg#Z1�0P<2Rr�.YQN<:z,@`�7v3G|?Sϒ"ñ? \)=PnӰkY@PV� f 'h3#O11*I��ѕ�咘
3���b<ώl�&P`����@;yVyUm�٪�6
T:i�E
�#VZ^4㵬�˳�T
|Ě�S,5+By<2�FWi6^QP[�-U�$.Z�)B��:<+��iR$S5~$>?pS0DݔhZJMy�(W[�XYߝ*{:_�E>_jz/0d*"�ت�vg"/;m #'�Sۧиh;�ܑi��ݢy
E�O[\Oyԁ�~*+NK��� �W3?HgWlB?̈C�a�HFjX_զ,%�O I��R{5
>!(丢D)Ʒ#dT�6%08MOP4&0t��?�\#ݾzK�]J���L(gn{�}]C�wV(=���^d"�Bq�80@C3$\k.xD�4�_G(2�T���3"8>��n��UW5|�t�DK�q
�쇘�7�co�y�~��b�IJ#a�pEޤ917�
H́{'ZnVm�\O[?p0OG���A�M/bE4 9&l�T.d$u�yR'儦|n>=j�[C6bۯ��tF�8GgTw; {Hq=4}GܱƢ5g�H}~qzU�noA$�lOӭOce�b �� �O'Ƚ_}Nf��3z{bZU3'1�ef!$.B#,�b�O/&5�ڤ8+C*|TDrzM77چw8nU�XKA�Uk!|[b }5TJ�Q�Xr2"
8HqvP~J_$|R�Q^ bψU2nu;D!nVZp3 ߮}ƙ^>̳~$SÒ1�ݲI:+X��A~���ׯ
ko~W�za�b�v�~]f�=`��caS,A��vKV}塰ȑZ�*KVw6NɃ|S1=We%)]M|g~l_ۜB�ZMLt<$�pHWgq5P<�*>@��SY_mݼ=Kz#"*k�S%E�6L퇗+�́��lU��&%9�r[sW6UC1ʹ)Rb0Ѝc�S{
�P6��rOL`a־i��?mL�H"Эcx}]63:R��7#> =�~�c@x4��3�h�R}˵yM#ƙ%,$7p0O�:G˞ �'|=]�%SCn���v��ZǢ]g=�%Dw>΄(
3Vq6#UA �)�$sks]�fGBbEM5+c�s?kb%�U|Z}KWJT�ҳzo֞�&EG�̍�
�
�S1c`9歟_9m]|gV�)�U\,N}�5
h.�9/1[F�B�X�g�}DᱥRw'
�/:]Ä�_�!0w'W1|0� �*֓�61-R�JؓHFԄFم�4Q4�F
D�4�6U chY�Rdi�5E�5Ǹ&Z(ŪS�$�7-d4S�&]�T��*itD3BjKbJ#QJ6QD�3MQK&ّmhiDIF�HU\e(mQa�ntcjiP$B-k$-d"e
"h˔dl"-�a�+�b�5�7:3*�&mMj��dQ��k�)j�Գ1FLQi3$۳F"JKBDmQhIh+FFiHՊĄ
,m�hM(Kh�L�jJ6�bͣ&�*\ֹMBDQ6*cҚ6V5&�(-�dE4*
Vmksd Jf5ch6m\&W*li*K�-�$Ѱm��#��-kn��2jdlU�M��d[�6FZw\X�%F4h"1+�$�"A�dMd���ゝ{��6�(�8�Y;Ps��g\�����A�,0
t
�@���������:�r�TB����� z
�
$��E��w�
�����
����P����Kf�m��
����b�����@�����������������h�����>_^��|%�P!4Eum�Snk{m9�r�bs�m�-mMd�1�w[0W+��z��������������/�DЁ���F�4�� �ɣ��S������ �4���LLLd4#�h5�OA� �����M1�44$SMz�zP�@
�CA�4���6���S$IM0&&�
�4����ɐh����@��������������� =Rz�
0 dd4�ɐ��M�@��iM��CL����4F�Ʉ��R"dzM0�i4dLi�S'a
4�b����A�h����@�����4h!I��M�h4djz'ɍ5��iM
�4��b�����i24��h�����@�
�tHF8�1�E���dD"
"1A�2_H"�ي�!JHb9�+2dq-0�H,ȎQ�amTT�3#\1���ѣQJhؚEHL�'wh��F
�I�.L�ћd�awWh[��C4I ��ƙ9Q33hWC�;t;]uӇFJ.n Ȼ��*5t)��J6[)�vLD��3�&!&c�M $M�mЅ3�b�8D�a�1^�Wmp��w.F2�#�RvBjJQS�pP"��0SS%i�LR]vLԉG1YӷNd�%@�X�,_k��0��|zZƣbرX[֖st(Ť)(�I&"e������jT$TAf)B̑ L2hJ�Gde++wWm7M-%-�c`&78])u]d("*
�SB% �f#T$ks[QU]3wmnKP͕#.,I@4�#22i:ncmW-l"��jMj)MWukmM
Uv�aB��mu$�dQrE3Q�m$
�k�hUF,VEj1lm"Qks�mb̲Qi+�屃"�Q�i %RAw
]&mE]ۭYlaW\56Ŵfһ�TRjC�nrlDR�&iSDiiֶٶKE$鴚�kyb��e{�Ek�$N\m¨v�"-Uf˰�H�d�ar!�9���� �m�
\�eAjh���5HXB W�I�Acٙ��T\P¸�HPhjj�%FU&f�G5� �2�Ac�*.)�\HĊIsfnȎwF-7ռ-rKw\gw]˹bb3 �c�i��APn�s\l[��"���9�ـRN@�J@@�J�#R8"em#,U4"��L0
@�L�Rh%V(k�W-¢XɱP�+FWa�6L�;��H䈒)�0jTucG���Y#��ⱀ6Jd2Zw`͆a� T��\DQwƷ��n6ik
ٮeMBv� AH-d�0$�\$$X99Ć&�,b�@.m+\kTUh@d�E2��j]ڮQ+RmetJֆԲ"#S嫕R�Emtڻ65$hգ[IY+i65j��QU11dfKj2�P@bDr)�Ǧa�-^s*b)\W7,dݹWAR%@ԋhR"9�qIԒ�:]�hۅb���;�XDc"*HXd��B,۶�dqH䄛H5"Uc ���0˳,&(��2
h�Idi�4FI1b���f�7f]E1bpcT@6y�Nò�
vDٕRb�V2YkmD$u�6�]+6,-W��n6吰sBI6aD#A�lԺPjn衚`U�[mv[�8)(��E(��rD�x|d-H$qQ$�/�l&#�H
l,"k�3-FB3"mBag��m*���XaDB�j�6�\vjf`
mI�Z@�-rq3ȣ�!��$E�6�̥Jf�!ۮAT1ts]3��Å9PY!�.*
v8DwvjKj텰+�YF�ܥ5�33��!v&eG:/w
]� &d:Ѯ�.k�D6�&pR5``r���u��T%�o�:" 8FNVIBq�GRp�
T+Io#���!@))paa8w�[hJ
J��FB!�w:�(��7r� �H��h�6�2.����4H+RAHRI�hMI� N@P-�@P8BPP�H� ǖ�T�0�LAT�@E5�*�.8����T[rk�FCi@�D�H�
"B�a(*Д Q"�
�"�+I@�(ЋH�JڍQ�k�[�Q[EZ-EPPP(@@@ R
( *�R(҉�% JR��!H
B41�Ђ� P4QZXkQ5�Tj
m�UIj6ţUclkX�-+�6,B�ҍ�
�%(,XֲU[Qk�R@)J!@�JҁJ((*Ҋ���mEAmbbK�X"СJ�
� J4�+65�VhŬTTU�E��T(�)@hUQ5UQj6մXѢVQbV-6ѵjm�Z5�hj
BBPH*P$U�Qj5FңJҥ- !H4�-h֣[E[�E6Zlh-ThTQ�F-D�[i65kEFUBjƍlU6#Dmj6FA�#[QƶH �օ���Ѥ#�I[M,Z4dѨѓQS%�m��5�DY(ƊJ6�ThȚ!1fh�I* LPX-�D)�4A&i�BM�IhFHXьX�%hVhli+�IQ5�FƴbňF٭�E�"P@��"�TU)��P�A1|^�O�WOU5J�
Sv�[hkAp^�X`s���x�4�ςqѥI���z|_! �_�M |##1P�|A�^�Bt�p}6�.6^W<9z�y$v3ou��,��V>JڿmO
UZ�~Phȑ��%
C~kwwWrUwW6&rɍje-�ZFc�hՊU��\:i
ˁZ-scXkfguF6历bC$�k]L"i+E�^%]�.3T/d��ԮAK<|?Svĵm$R�(mؠWCt-8[a(r�Ghb՝բꬡU8KxyCئ-{*�<_1�qr�ۼ6�c''ō[|ݯb�ಛ|�^�
1�^|E좇Ơ3��8�|]^�ZVo9n�SZCϽo1YkRvd/�;ŧWRǡ�֜+F?��_Tg"A
M=Z�уA0�&�qO+A�3`�$X �Wp 6Z-<J41Kue'Dhә�i:�с�^�s��T@"@ٽú��)dz��xC 2?��z1i�[Mk*�ΩF�(d�[H�oҺ{=orVç\tw9ED��B�%LS1�[��rjE�2\̰G�D��B""A�{}�b!ү4|J'o.lW>NJ�f�:QIͮi���Ph��aU
sA��WjO=21_{�3F^Ʈg�wL�GhӰGE�Pp!�B���W<�,<
�}&PcYcuL�Pږ4e���,ؘ�H;�KU� C
cEU"Q35� ��(7�@�`�ޠz@1�wPcє��Ai�N�Enf2h;0���:��ʻu�u&XT���7Ώ]3-���A~qc'+�K�Z�L7�5\MXi
a�qC#"q�FfS�v
0"#A
�L�o��XZ��9Y�Qxv;]w��tp��FUFF�`%+2[nVݶ]qq�VTxpF�u�4�l10E3H
:dR�$Y-�\]6vu��L�10tOsۖ��_әC1&͙\a;Ќa&x�0nhҼ@��H� 9W
֚�DאbPR�5o>77�neO`:*�r/*�
<@���J�豖AĉaK(�|φ]̴/!�ߧBhSjQHg(^�l'�H�@� �@O&�ZSK;GneL�͘<�>k="HQ�^;t(`� @� ��"��Dܧ��#E'$�ba�� �$ �Xh@�0��Ɯ�cҀ]R���q�ǃDl�H-xt���B�$�"!@�\C U�0(\Ŗ;GFoh�`pPpB�,
~+@�dt@Ѥ梏b&� 1�NH@)-0�$�.fQ@HZ�p+D
!�$7T}*4cb��"d(f����#��\�I�Lj@�+P � Ӯ0l�)iI iS�[�H��Tl����$A���Ip}&t)��s����HH�@/�)D�ZA�.@"5U!�@UI~0@��`��mC���'�$Ȕ�oGԠY�f�$RUg���t6˩h\�H�%G�Aq���Ã6p�cG9H<�E &B,5�߬S^,
փ)M��|�-wljNgnĎb�G��+7�Oufl'/BA2>ҿl�D(L��2q32�NN�t���@��}7�\xi&!c:"��,f=)ߖ,AT��Ādd� Z
�Ron]?؇+!x(MK{D$*?)
��Ee�vD�[���1i0S��c�C�#.���T.Q!0Ťzqz
�>N H�Hq͈�Ax(_cTP@A�_.A�
ԕթ`�����T1@)%i�1�-��j�<�I�")X�S��/lnA��,S286D68(��ʡ�4%^u�9/F?2U«U�Ѫ3�&@tTL₱�SU@�
@y��;,(��!
�ќW+�PT��AZENjyFl%��?I�(�ßlg&�ѷ[��i5"�IE/«@�5YAN+Ā�h�Hp�Q�Phb�P�Z"aH�D�Tp0'`�BGo�QWNZ�v̐�@��2%"��ęO]}㯉֥u9�M *��@��TV-db-m�kQ[�ƨ#TZ�h-��mQj#X-&؍Q�+Qm6hQXd(m0lmZ(6ƱZj�V4j#h�Ƌ�lF&5Q!FƱXQ�QcZQmb5E��Ŋ6�j4mEkFƊ)*5�5%F+X6mhѬ�Z5Ej4j"�*
Z5hh�ЫB(�H!@Ŵdl-EFAm�h6+DX�ƣkF�*1Z*�h��XƍZJ*6QQcmEcZ5beFŭAmX6F5�Z1FشkETZ�ƐX֊hձ%-�hhت*ѓXh6(6XՊ+�U[D[�ɭfQQZ6Ƣڋ��(�ckEQk�Z(��D[%
j5V5%FQ�5k��lV6hFţj5�FŶJ�+%�j1�cb6ƭ�h�Qbڍ[�V6M֍�ъQV6#V�XfF֍ jō[�F�EdZ-QQX61X��QFlZ6X*QTVF��FXֈ!��,�Qm*-F(bQj+�F5MZ+h+Fm�Xcj-EXQ+bbűU�E��+�Ŷ���-%�ƋEcFƏ5[Dj*V5�ѱk�V5��6XZѵHmhjMlZFEm�ڊ5c\h[h-Q+�XFڍ��4eUiT��i�MTXƤ֍�FcEXb�U�cj6*Y(1cmb4mlc�b+Qj�ZZA)�iJ��6ڊ*+�j+F5E�66chUEQjf0Ej*cZ6�m�TQI�XcTV*-5X4m��j6ъ6
5Ʃ(�U�*
Qjljj--�4Q[��EcTQlVƣBZ-�ƱchŃhƋ�EX�cmQ[��cFDT�i-�E�ƋQb6U*b*(dūQQjŋb+Fڊ*ѶVk�ZƴcV+�d5lX�QEd*hZQQV-b5V+&6`U&+�VJh�hѪ4V*lm66*cV*FQcmkEV5%[XE+hjhk��QZDZU�DZXDd#bhhF�F�*ƨF�ch�U�ЈPҴR4JmE�b�E�cm�hwhmE�6Ѣcm-Xk&b*Ѩѭ+�U�ŬkFƱmTU[�cVc`-Q[�Q%��ՍQ�ZP
)RvC#w��N2P2uҚ$^~~��$ߠ�jQ-���B%��%C y^�P�mPC5��/R:;x�G�'I�!N�JG�t5�;s��m3'O�yݛ��A�~v
I'#�[o<҇{.0!;2�.P�yd!mw={2MqhVx�Nd6 Hyj��}I
� x`y< 9��G�4;KAu5�m��Ca�d>9�ԮcA瓬:�kHo�8[J~rv>�Mʑ.}P5>��݁=_��(r�zNOl�{��"}-p>�9DŽc:υR剖�[RA�NyFNM�=4zڎsAO䧵WC�|yC:ɇ~u{^Pq6=W��hO��C�d�뙮��=]Ns]>�ފSX�_Q!"C)v,&R?���y5 �rM�W�VY#72mn�(^\�44-w0�B(A㓅݇g,i|ÿ]v
�c�'h((�@^MUBf`���R��C
z"H @8!+s'8�&],Wl><^y;qkׁs=>ƞjACT��P]`!D@����Hʃ-�r)O3/Ήg0V2�oe-$�};Ӈ"xG�&l]{+�w|CORG=�f{�
Q>c� xy��A�K����pI�#!�D1`t��ΚG�*1ꋩ�fscM�d 7?wE`g�;�(�#�J�7�C�c8c˚�n�!p8$q�
(εR/��F_R>86lXS�\e tM.ҟ4X�]b ��18�I@ȍ#���F.LDNV�"s�/DWN
V�0@9��J�yyWhpF�VK)'"�?28eI8
WQ,M,�z�~84c3*kA�x7}$�.$Xl;4<���l��٤��xf�'v�eS*ie��P"D}�h�ؒ�'�|QQí'C�~fJ&�[)!�`i��Q0[lZ�{�%4OG�s'#� "8�Y>nsķZ)ӏg�Yn,&,�7�VFH71�8
�� @E)*�>&D
k?DwL�\�
Q<щ6.ST�ৈL@�o{ąޗPiA��QKÄ
�s5#)+���؈�=�ae;P2"�@�֎@v7>=$h����|TG�$3MM!*\LBg��]3yȄ%>hJwܖ�Cdk)G9��v�|�bfx8�j
5l(4z��=�%F$B�d;��C���s�X@)KJX�%�4D�qd�X�B�@sL�B|@�;B["7 DG��?RF�+C$�0�[jLplaxIԷ>�/1 ˘/0baZ=G.fF�
˛�
�.Q�Gydz
���FǷ=ƌ;-ygɬ�{A,�B!�ԡW)D^_Sx6݇IZ5m�9KUiCʏR@{3w]{�h��)Ǣ45&>>�~ח]�r@�D#ٌ "\D �&R�ք�,�i��$TWB@J
eDzXsD$$~�=$uyLeg�\yh0�z�{569�Ȇ�[x\-#\`Zoɞ_}k<_~�-M2&<٬s�H2�p�֊Q TG��-c|Z*Qjzi钰8,]F/!eyvTN:H?\qy@~$wm7�Ȁp���#��/�掔
ހE@)yN/ڪE�f˧f=�i{c'R�C�H���b�CT+%ت;�BMx�te8DWXQf�� *��
,�:�p�%6� ^у)B2E7�()1<��j��&?SO��P ��kwʏ�B�SC=|"P�44) -gNjq=:ic�a�z5[�<����<̊jw~s�YX[Hx�Cdffhl۶\:�!3+��$6blL���g�;RkQ]:h?o8Պ:�FKc'�2�� �#Yyo'�S~^(|x>=c��9��3�5+ofAVgOz!A*��U���N8]y\��{:D�E0=�VXbBG�qJW:ia����@)<�jcHENEr��7j�RU0�W�}K >R< I�I
KJ��MWر۳*Z�q*03�-ZB�3�Lcd#Jq6>���4�U��I�ɕ]noz!3z j]\�{x[@I
iY�r�SD ~s0N�p@d�ƉԐ�?y ֆNn�$�6I�Xhg�b��r�`" �V!ZD j'ięI�oA7=I�
0Ʊ�!$�̦p�*(XQi�|,5�2Aa�*Bs��!\Q �+Gʏ%5|4ܛs�Ͱ(!6%|>ݽX�,4B(q�+;گ~�9�N3bMuVy5L>b�<7t|dmӪ|��*��f)���?R��ӄުh��i�#
sIM�_fb,!=֊12X^~xg[q�MJ}�ȷ<;'ٔ:NR|s;3f'4O�v⾫@oÒ#%\t�;1"�;g�](�!Ξt2��tNCؤlgr<�* �,�4!ğ�p}��=�aZWN�W1X�ybL��{�j�~I*d:�7�+=Ʉ}{NMi�X��:� s��Xg$��i+qԗ$c��2@d9�ࣙ�p����P�#�l�!$x
7yz 2JNFR�a�ԖʷfRY䐼���p{g }W-7)R5�~�47:�}MHvI|ɵv{?e7L-!h?Dc!?Wܹő*T�Lx)<�dlQ��1�̜{riep ܥ�?�Hvqᆙ\�@m`xJ}YU8 Q/C<{L
z'�7/\#^�
=4'_(�㚴H |pmI/G�C\w)bfi�)Qb:贛xx*I�8%sˮ��F9T4hBAiH�2iY{zք�O
|RJ�ޚo[G�g!X�ˤZWW|)�i#X6�jF.ۮ�'~�RY05�$ te~H]tBc}q�8abI]��8M
�;Bl0__*e1R-o9^luԷbAs�oU~뱕cU[a;A|!HFG 2={b{yiLGig2/]����K욆T�l=?HO#'ʋreq/k�)�U9gb��z֠bbh�y�LK^/VLakZNPtl��O�]EB E�c.]^_1doFK�KGyI��TO���;}5�?ͳ�@i�@g4e}'��|~�F E�xhG:w`C/Ne܋@`n�O�Ew�4/+m�]4_.P묜LlDVzJ?W[`z�ou�㟆[#N��b��IK<�]�X�p�"Oqouz 6�UT�k�6dvr1�%7��3�a*E[͐X*�{Q.}�Zz�Eg�ܻ�fߣ~-4 �DfY[���vi�v�Fe]
�>gMk�t(3G�*#}by꾳tl3˹OTs�B���A0fƸ���B�vw..\���eb�ׂn枥Ʊik=7���v+'jJlFN���{G .:�lU')~s{3VU�jT/֛�X1͛Ħ'[\m%�M�T`DZw�U2`L6x]j��Cb畿��~��]�շ�j<+T!n�,H�ZwIw��d#r\F��
[�Q`;.I$�;n�ɥq3�8%�oGrq,�p@Z��U#CDqm#3�E�ݏ4,$tQԼ�z-S>xÑ�%bY5@�A�7RXtg_�h/v�JٟzE˷F\4N~(x�D
`;IR.�})x�E�6Y٢de�
� f�ٶ/+,m'�\[�#
9W¢`(p`s|IO(q�+v3@�q�Z| ֳa*M]dU�`ʙ*1�q;4~;sR]7n}y_�/ZC'�7:\bcVD*V�3Dg�nhsC��z>��H�HD���>~x�
]R�h��F_ܽJ-�\&�s(���E�
H(?LN[ieLP�C_RJC;cF)]5iD7�l$ą3Y�Ӱ�5B]0�YoaH��(�?+f��n�X�pv珛5�qĥIBg�5hF.u~�/�*X$G摎2)q�1H8O8O3��r폞jDM1*32G/ėI#c��yq E9�cHaY9���9�Ymc�GyԱ��??J5pŨ�?A� ��R(W9K��j*L/�i���F?
�\�6CࡎPg�
qttJA{/u8&걟"u6[z;wxWe3Cwd6sU?J?���(Zwno�4W
R�ۦ� T�MWK2�rep
6
0 R�3�Ue�|pF�>�"n1�
]=`L(�[G #e��"!sՂV�0fsؒͶt]߰Mqf6-�~o�IfmU.ϒ'7WzO�o;'�(c%J־�T�ʘ�f5{�@��&=Wd�>D�澘fg5l|5^1@�_�FH-DF^~'�Jyb�x��+8Hql2;1'��ƙ�"W:f@`F3ޝ
{s�B�Y�qN�<�L3DЁW�)�]Ĵ�]gD<~2}$>T+�J�O%1m5/ҩec�Z��pqt�Jv<�U�t� �o=�a꾄+ȋ>3�r�z2��rYj�}<"]TM�j(Q�?c�uoںJ.TmykX|E,9*l@*xQ�cf52SlѰ/�8]e�!!bVm'��1
^gƾ e,f�]�M�#E�O|�A
|��Bvvs0lpɮQU�RNQ�y�4[lii;ۤ)j(H��cl܅9;*�f��ө�� ^27ʋ<0 T/r��G,Tҹ
i)'8u�2H�kAiQ�)`Aq@킈46/��"wI�KE@Pɑ=ܣ$ч�0Z,b~aq�d���B&^ C3DU�0QNi��VZ8,�*>��aw�%݅�ǯ=We�4I8(J`EP9\geK��G1�@0h���p�Y%:%*�45}}N.Bl$!ZrtK�?8IAz>/�T/�|;Ra/ }D0J�xг2OovԽE��0bG'n�GOnVS�ހ/駛buj�%z��0�C]��CF2&iɽK?|(�. d{r�Q$�\ڊc6Q0ڿ2MajjrURzâSG١�7@rM>4:uf��Nm˂; }}WGؙd�NuSyv/a��G+VQ�Q~Ʉ�WM楊�UgF0A`H�fPq#[�k�mjd�ٟZ8�i8M�p Z�����~,ĩ�f�!hL�g�n|�!�gr/@ @yiԤ�#6^$� w�DrQ!KlAoMj榖ߟ.4\;�!�ߒ!)i+�)��