qemu-5.2.0-150300.118.3<>,c>p9|S$]HHe6ģu`d_ "k1ҷi ]j[d&| tK͐ lxǣ^$^|m[nڸM/rT.[G^y2pǹ=pdtdsm1?ybYy]qD/fi%v4gxc(MJD7I+L;|!Se-[Qz%OvGm}=>T`2>L%<?%,d   ;| _ |_  :_ _ t_ J_ X_^(_e_kl_q|qqr(r8re9xDe:$e>4B<FfG|_H_It_XYZ[\$_]_^3b Sc d {e f l u _vw\_x_y"Tz"\"l"p"x"|" #n # #$$$$%(Cqemu5.2.0150300.118.3Machine emulator and virtualizerQEMU provides full machine emulation and cross architecture usage. It closely integrates with KVM and Xen virtualization, allowing for excellent performance. Many options are available for defining the emulated environment, including traditional devices, direct host device access, and interfaces specific to virtualization. This package acts as an umbrella package to the other QEMU sub-packages.c>ibs-arm-4iɕSUSE Linux Enterprise 15SUSE LLC BSD-2-Clause AND BSD-3-Clause AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND MIThttps://www.suse.com/System/Emulators/PChttps://www.qemu.org/linuxaarch64# Do not execute operations affecting host devices while running in a chroot if [ $(stat -L -c "%i" /proc/1/root/) = $(stat -L -c "%i" /) ]; then setfacl --remove-all /dev/kvm &> /dev/null || : [ -x /usr/bin/udevadm ] && /usr/bin/udevadm control --reload || : /usr/bin/udevadm trigger -y kvm || : fi()m*=*$aIR*_ZZ+:`/lc L%*J1;xQ$z3hn,?%#('! !.&%&"$)#$#KE)!9zYy0!%#('! !.&%&"$)#$#2+ 3&!e6"f/dV &#p# !~*!HH#u&Fp^3\x9'!4b$]sY9 #,d# 2{?c>c>c>c>c>c>c>̰_ϱ_ϱc>īc>˽c>c>˽\c>c>\\\W+ϑ\c>\\\ȩ\ȩ`Bٸc>\ȩ\ȩc>\\{\{\\\c>c>c>c>c>c>c>c>c>c> c>c>c>c>c>c>˽c>c>̖c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̕c>̖c>̖c>̖c>̖c>c>c>c>c>c>c>c>c>c>c>c>˽c>c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>˽c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>˽c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>˽c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>c>˽c>c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>c>c>c>c>c>c>c>c>c>c>c>˽c>c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>̖c>c>c>c>c>c>c>c>c>_ϱc>c>_ϱc>c>_ϱc>c>_ϱc>c>_ϱ_ϱc>c>_ϱc>c>_ϱc>c>_ϱc>c>_ϱc>̰_ϱ_ϱ_ϱc>c>c>c>c>/c>8c>c>c>c>c>c>c>c>c>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿc>ɿ_ϱ_ϱc>ɿc>ɿc>_ϱc>c>c>Ĩ530e9abc7732e3a995891d56f4adbfa7f6ae909b4fdf93c8a12f80fc09c054ab8af29561ca2cda6dce1c1b85f435fbf21cdaea1f162d112f3673494fe044c6220b004ffa8fd99fa8ffd6f28102b4686b6796df03d98cc8af6bcad1326ee9c12cef2d5ff2af8efe941c5c05287b994dc70cb04b149b1d6d43617cd4a43de4337de791457c25b99d69f3d5ca028f6a7f6d88f7e2d85af5162a92a8c5f3aecf59b054e9f526c4fc30ca4c3cc2ebdff61cd2b77012690abe6cf044b0a21a3cec5c465193ec7daca31f0707628c43ed63366908b4620da66adb2f5bac247dad603e7c5d045fd991ddf2b208dd9bf39a591f50e6ec793416e2867f54e8c6c7e89b68c29120822e8b2eee887fe451cb15f5e600db64ab59af7f1313dfc6920e4bd8cb68fa3d6cf351f97f403ee8128e55317e4ab17d88010ff3408bf10224deba6d77860737b92f8825f5ed0740482819f3fba7826297908bbd44ff00b64ee95d262d60866319c7cf09c3d5b2926ea9d9f068801c8ee0724dac66604b03ac50b18295775fb8b0b215a51fc05bc152a12ab32d44cda758721c5df53f2aeab1b1e3490aa539f23a6561786e3cb4e33e4a96562a1305a8b74c0d45dc215a64018692cd5d4cf63a9274a946b68069af217f81e270b89473c8c61280d4fd5dc663d46a00bc6e605dd072544e22d18404d748fa65b82d93add628c58aa09b746349baaa02162fc89ca40639d0bb71502306afdbc8646f6ef362b79c54a8f9211aa290ad8b363575fc30ab04aa494f8ab239fba636663b950ccff763bd3b95a3c214ee2344ec895c4bc9a16aebf38c4b950f59b8e501ca36495328cb9eb622218bce9064a35e3e0d9027289ffa5d9f6c8b4e0782bb31bbff2cef5ee3708ccbcb7a22df9128bb2187083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de4cd39856438b0eae2c0155ad15e281513959f7ccf998784e83e803b9be5b1b4747e7fc50db3699f1ca41ce9a2ffa202c00c5d1d5180c55f62ba859b1bd6cc00854115199b96a130cba02147c47c0deb43dcc9b9f08b5162bba8642b34980ac63c67b5260b50a0f434e9b26585479ce67ab2184adc7b31c26d665642d3512835faf21e4e3f5dd5c44358c0e41840e73c7e9617bd6c5ef05ee30a46b2b9c066259f808f0aa32fbe90fb9c9c846917faff3fdd4e236c284b76c02dd33753dc9017742d8fad13bc28fc726775196ec9ab953febf9bde175c5845128361c953fa17f4cfe678a4446900f4081ab8d74ef3d1f8b1002edbf8cae3db292fcca0637310ed108f280badfe5ec5168738c4f70a59bc6ea9d1e9243ff2b951386fb668e93502180fb63dc404b6f3d32584692fdd10755edc8f0a2b79e60ff73cf40e689b4c1f71849120aece8821c0e8037559fdd244996053ccf238fbaff8478a31cdffe8c269dc07ab9f155a9783ee716cd8f28116483faa3ec16320cf1a1689eae14d87f6bce4e0002f84084d72e4cd2824ab64d084b4b3205001ddbfb42e9f6a3b56192540090cb13d50350da4a9b8cd54e39b1b9c87f0d303793df10e9d95a47fa89c796435bac370d721186e4bdb30d61f47aee952a6e84db86e09bdcd17885db8e16b6b4adc77fb68de5a38c122f1f0c65aabed9bb2968326a710ba1056ace9a9f3e7f5d65149c135b3137980a74f448ccf13b397bbcf4c7f1d486161500ad9fdb5142ded593969b0256e6926117bdf9c9848548de345d33ab501335a1ec18188208cbd5509eed11275efb1ca374e134e47809a297468f4479695c91e873a9a8bdced43b490161174bdb959e3765dbb1d7a4e9e298fedb883a7cf9703670a79b4afc059177b30947376617e30b75e3425e6a5b0eccbb7bacb355e41107d0b0b28896f2e8347c705fdd5780e589f5f71ae883a10175855f43f1b5b215b0c42c068361ef1673b97b3ffa9b6c0993fc932deb35b4423843f8eba6c942261ea4091d5617ac2e8b2e84fc79ac1f7380adf164acb2c1398c36f0d1410303878fa8356e88f1af917b7f122a4d6fbd2e570f10131e992f444ef9ef6ff7d53704bb60c3fdd53708ca3e83a4e6e688b9a8c179e4438540d56cb01205339462d87833c4602077bc47e50f92438227de7dec0dffa0f4be982eb94b600812fcdaef774b8f8b286c2cc20325441b78f64857bf14226763ce848cd1dc25726538f4ddcbc979e2b8a9f5f79c6e67952d10b122029f40de87717e010be8c1ac5ac431c5e832e095b884fe605a43e3e6da22831696212351ec36b3c643d408abacb2e531aaca11e2863b08e4b6fbf365742ac6a3fb56b13ff0aa886ea800b03c4eadf5f80d4c3723ab529967ccbcc0200d01d8935136e01a380e027ba1511b49371ab9a70349914f86eef0bcbb16fbb783aff74737e6cddc4c2a935b19ca53618ae0bbf7f12b017f8bec9c26d4417d87c5a3234b178d44a8ba37be5fd8466d8b2968ac58236b65b51789eb26c85c4be28e2c0064a450aeaf60efbb9c56d1dd76db520a13f3ce87b975b57b8d6678ab5b72208101eb3f1e99e6fae8c8e994d5e34a52f5fa0381a79ed14f0ba748a9757466f031816b49fc32e111357aeb57f0584ee7ad230b62de4cc414cea978d675282b56d2a0e1a64d7771d83fd1d8ee63910945aaf0142311cc83dc4ca274390e4333e19e0ba43b01721c5c9dd24aff2bf6ef798ae33a6b8db2250328c521490e83bcfeb31106ec90d42a245b6771a6a4e6f22f8bce26d5c8bcd26f6c6c75977d238a75b379e9bfdd85fa419698a3323caee4c7939ed913132cf8d888cca6c0916d8272375b885275f73e097cddd2985a4d257883c3afd1635d5cd761cd6fd664ccb99ab8359ca4b61eb12034c8b95a7119506a616ecf1cf164bea417e253f3ee413d77977f4a756c29abb008e472d28dee3a6f41df2733120d5ecbd3d54631bbdaa938756a738617123017f6361acf143c50cf5976b7ba4c83d2ba2303109c1123d9878d4702411524eda0c0fb1300981262f0fa41cc4b653a5328798066f1fcea064402121bc254869d41de12c8ef5b26728796372103cf405d378002a467d747692102e93568653a11d531cfc5ee71918c84e2dffa5ad88e7aade2a5e72435260e7dfe56018d0693fef5f4272e29c1e767ef465552abe75da6f5da42376bbbd1041a6c9cdfe655205d05b4ada8428d2c962ca3f7d192e62459c9a7cd9f3ae3d6e895a86bbaefcd04d2ce14af42b32fbfda13f932a6d1ba4b15b76087c7bf8dc9cbaeccf82c9e842e7411bc5c05cb445c4fa1e6d93b2ddc9fcf49981557bb32b78e2c7c098c1528071186639572a6f85cbf4b9a59eaf3c4fc5ba822aba4b7482b3fe5c755ccd644daeec212b5b6a762e7b1052ce6e9404fb2c2624ba0f11ae29436bf234a654dbc29bfb77bd508e81a4a0791495e161ed31cc0b0066c5bf45fb555300a2329dfab1cf14a57149bd2fb80b2f15f4e5fb27307500da90c9de665216289d1799f70b7f1a2ed1dc57ab6140ff07cb1ad9d459d2e84427fa5aa7ada4d043516f5a3c255ddded601950bb49f600f7b7df502b391616fc5157a2a9fd6fd5c959bc2630d8cd8186e513f73548fd4a8814b24197669572453ad7e598152bfd805a6812db953e298d5fe25370bf5d4037535d07b0588591493c04aff485933b0cb1c255c09c60f09e0bba4ec617a65657a848b5abd4860897008c31144e8b85e2f2b5a39567e96878e53d8434232f4997abf70b211f0cfa424db5da9519bf5817d7adda5b7943114bb13170dcd593e307b65d751b9b15e995a06f4bf376a70c29480a3533baab1ac9f64751902e154271e4b6fc19f747773b101206dce7bd7e52160e252fc7d14c4a7df7e673409081f15f8f50d94e4535d742ca1279760f30d49cfec7936eaa93581361bcc6584b2a41775a0105680998673598748012d0b6a9d8fde4c9e2c73971afdbc4cd20ea7b97290bf7eb5ba9012b72e8fc62a2a6d755840fb8e7a649286370a3a8dd903761aa1f8eba6b78f72824c6ac82cebdf6ba2a77b8bad28de41524f16b7910f0886f9559d7d371b13b3a3141b2a957072c74a930831b042d84434b63f781c19f559060fd4ae97796c815c597ea0094f8131f8d5e58fcb003d02c20a8c4d0dc121f2ef43187402e83fd4a33ca3d15a59e818563ee575d93f090f8e31ce6ca482ef8bdf68a045c94a3f2246ee75b6afa11ffb76301a19276b6c32f50b27a1d64674f482c7164bbba8ae21f7ae8e727720eed60002e60ab2bafbd634684b3797fcaedfd7e578daf64282d6fd3897331ef8beca0681a641d3b51b9cae68cbd0860e1523c3bf2b78cd511219b8e79909d98d0f6e568ab402c61af295e503d01fcf65d56c2036f7fd8e688ba2d79954a17e0ac23c55dc8d7bc3f3e8371bc391715c29dfdf0746d63f7367e973802bd71c585045742de9615293fe1688afccf158fc5954b9703f6a338db9613df6aebc55350b72000e8989c42d9e7d64365572417d260edb8d0b126c49a12f958b83764c1fa921263e356654d366d09dfedbe4e91bb5a9a2e7677e29270c361e8fdc2955e91f061e3e3f83df30ecca519c15fdae5ec392a6ffcdc74ccd5e0b0616eef2966a93a8fe5bf19d0a5dab1f7c609a985ee2421a16cbe6a7e418a1fdb54ff8fcfa1b9dc2af2f1eefdafe3738dbbab0acee75668c03a2d2055563b806d7502bb4edb05de39293e5c3cf12f380c49b5b86836312dabcd76090a03497e4c3fb7a1cba56ede282ce0b3481df3c7357e43d1684a7171f70ed5aeb65d90a56971d6ef0e40981dcfa5fae7c3f42dfe47fed26db7a3764518ec5a1b6ae0e373f2a2b7ba4abd0be700b9991094955174d23af914aa103907ca8fe13d6befe71c842321527575c1b2ea74386fdbb9c190cb23e053eb5928e9c0bb4e0b51124429971273913e0aed5b8e179d068326b725ecfa0ecf1b069b25facfc652cfde03d0b2320bfa8a00f9902f7c09cbb8b7c3067aea79ce2d208979fdeeff5629c556fe66d1bf96725952f612593840ac435d5322644319738082e31aca158eb237b7061e6aab4eed0e116852427964ef8b3732828d9ec7c49ee3b0e7df4c1010f883da244d12e90e62093b30d70c2c3c19235350828a49e093f5134755aa478d19e50fdcf51c1f4761e3090ab55919f7e2d36c4155cd1e626e2c0e622e12549c5da485d6d7041dcb0f34673d3e0c2eeab45ecf85c7c3b493b42eb701ca77aba900848ab9e45f6a1cced84e8c02cd0b9dc3358a11c5268b3b374ca63173942eb100a9c74d010860b315c718ec9406697354a3dccce9ccc249a08301d4b7e3ea51ccc94a27c74727f94443673e0f9615fc94f235d1c468e22a4b149f9dd082f95b9d6a6ff70099f76241b8afa4065c6b5473962c8b37b0653d97760a08a2116ed7932e27be08d9baf4e1168f81e21b29e7e8094875a13c8a212aa9ff71a7fa95cc176c1a951b56b8afff07b661d7b545ce76bf6104dfba991bdae53a428db4e6dfead6d349973fc2e22871be0e83f93899fb07b98c7718a9d14e191d5df94d11e0498a9f4fce4e92396d2759ffdc571c4057e9a2887c766a8e82c26b331b55948218b168f5f12d6a20f2d607ba7b69ace009b8dc0a74c3b2eeb66f457666be8fd7eef67002b7da07eebb0c76c14db654d6ff3efe32f4428eb4e46f29ef70f7e406a15b6a125384fe8836946f3bb82e7abbd53bc9182c78ac2da638a768dabd7a9347cd4dbf4bcd6ec3ac1748f02c9c7fb43a7c25040d95b6448ba315a2b3d3a8e4b5ef0f92695dfd611d94efe6e9e2d296f8c4bc658ccb32e874ee26bab810aee265f58709babd1b737ff9b03790501fbe4493fa286451fe5eed17486015862c301e5b061eb7d0aa1d5accb0c6b4621aef71bce0d9a40e407ed801adc298e886c82ec39c7373d77d49572d9dafb1d95c4c915ca34d35c1c5307cef2ca2eb35e70ddbc64f4e1f7ea5766b1e0fc2e376caf9c0370b653916ee4971812c14cd7a9d28e78a7b42bb5b8f06bf1afc923089b95d3ebeec4ceb175461f1dcdee6d5c8d938698b3b743040cb1f2478f4e61ab1d8493b7d72d35805bd21e77a94568410b6d639313a288751b0f1501dd3a3bcb2152c92793dfcfde4529d24eb0129a32e64817809bb9e2ae35c27a1eceb0e5c0163e118cecd357412990d4a2b6b8207b3686ea7d87739ead43c25569acbe5a8a7aa0d59cfdb353164f3636ee8e32ac532a89595a426b5a55f48e7c2d2c6b8fd10fc5035b1f6ea385f0505e229e4b6eff5bacc6795bb29e95c4bf2ef9e8b5cbec90519f54a6fe70df27c7460b6548fdae9b78a4cb77873ac8abed2818fef785454d0bd4111dd459f640c5f4e3bc97cea7dab169016bca4eca9988b666a20b7c6a61e8a9077ddf3c8328f0a53a91bfd1785a7598a828017993884e2f5960d2561a2bcb412f263f807a43c5c049e2ca5ab923831da6ab90a6f59bfd30b2da1b4e758351bb55c469124d94ebf22ada99650e77ddfaf23b8e5cefd1d06c48cf856174201e044cdeb3c78318a67d1459a17bacdadb4bacc9eeade3d4f987a311f4f6ce62bfdb2710191fd2517cd809603ddec99e8db4d53adc626812401c0d9fca3720d1501d0d99688257713316924c24dcfc03a6bff8bf6e17ff532a3d18f0c5a72a6af1e0cf30a5dd590e12cbd8768f5288c85dd9207fbb87f5a248b9d553cfecf4b1675e001ba9ea91b0a25e84f0a22d674949e631440f74be53bbd5f0fee2ddd2245c235b3040a4da66052c5f3695218894d7e1242935c574c947f109c4f8643dc81e68122a3adc13abf5187e846cbb35c0ad49dbff1a4b2edc0c3a5ea1ec84fd9e0391a7ccacc2cba10a83359c903a01e61a62fec4ea187c9f473bbfd0eea8b278ec0f4d967c7a817f728bc96c053c37006550058b2788d88169a1fd838e5e966750df9b754739a7e70de5dafee1bd1056b1ca61e5eeb4a343f4c07011ea166e4fbcdd1cd12574886b5e2b7f5d294916b9dddc8c41cf78ed4ecd47d7295855b3f05812c8b136dba310ac5154aea306ee119bc9d3fb873f1e9058a8b67cc8c79b815395bc255fc70638997df6d7b0fc23e0f05ebd00b3744ab89b7a2891273e6db7bdb816e3c16c19e39d608e49bae6ff8d048c3d32581aa7b0c5d5f23cfe16038c524b67b24ca1c32676316c3d3cfac9346e8bf7c57298ce1a2284f15c0460789ca35e09d51f620c933764a46b80a04ab968af3ad50d6060b4b9c5b4e644a65a75a9f1a0dbcf27848421964caeb59d1e9543e97238de8c8cf86166f04ae8364d0079a192b14635f4b1da294ce18724c034c39a6a41d1b09df6100dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551139c64b7a9ae62858ff969aae622ecfcf4f1519655bd92d2e70a1a2fb615690ecd880f16a73606670a3f3541ad4722c28dabb56ead479a3c7d6995ccd81470da27cd49b08bfe2dd674aeba20ffa7530fe8e02d13054114ebd6ad32e098e6704b96b30a87988aab8b4862b6fd82ef67375b1f983500ae034ce2ef59d6825854ae0796e2f4652686998e41624e3610442c09e57a229da9a8a062ee730f07c128d4dba2d807140361a86d8b4ddf0b0f8ea22cf7188246be8b7c9933bb1d479b5ca02a78a6c3abf770df110b33bd72968f7a73ef1513cd6837ec3787ba9a7008cf1fdb0f8da7c1edc1e1e9ba078c8b1db72d5a0652d685065cf4ceb8852edf5c2a49059ab719df4296edb800d399501e3823e1e6f470cc06a3a4564f4bb2dbd5c1fc01ccdb7e2d0b20f517e03d39cc70802ad83dfc1ed2e5d50ff9b4a4f77e37a9f83664b3f13e6cfff0e6d05f12000aa6610eff04f570707261ec35ca830ded6c3695ef0c168f0b25e936a7ff944da820a43af8028b515cc6709724f457e105c187cda7dc9656f007ca3e88e5bac50f20c7f61f934bcec2e87c6d61859e632ddb983260cb64fdcdf48e2b53c5d0573dc2a9410d7d3aae227ed42dda945f9ab74e06e14229b7f9165bf226bf4de968fd5f6a504014a2179de08c2b2184cefe68174e52cf4c523e686078699ed58761c7e1443080305237a5f67a3716832570c5c8e5d9b1da8193232882705bd4a312c0923b6d91268f1e1a8eed2afbd7fc37681c0695af1e25132185e3cb271d491086ccf09cb667033afb718f1a11e974e80a838f4c5cd5359c18635187d7af9570088a7bbd21f96d961aedbc4c9fb1e5df0992813750b8090caea3cf6c827b97f5ecc2d1172c33d960141c50f96e61c53f682ccf60d9baa3565b7727b4178704100bffb02cbd5b527a9dcc9f9ca76d76767b166e522b5e758375e3d796fba096a46077766bd44548c8c61a4abe946e3116c1ad979ee3fc13beec6e74f40fb6d150d7fe3b0afe4557fdf0769601e662a122a88cc07b2ad2929f3b7b4f5d60176bd7e1852f91efbcfe2700e8df9bc9b891609a7170e8391ed09015ce8459a98e3470daddd3a6d95c4c7e93b750098f5a321fd57482763a938ed2fdd224b9cb8ad606d02aabc93a0e3fb7a5e5e9caafa0ec8c05d4226eb4e5bd93ca2f7a2059a31fd014444108eb684ecd97902da2492b0a0f6e3cdc12d090cdcb6af0e95a0c0330b8b7f0ac0446ab8cf7140b4f8c6c797c08e9c219a4561aefcc2fd2f4ba01604001c9c0dc67469514ea0a665063b72e79d5d9c6870bfc98e913451c0b9082d0317deffa03c6f0c53a1422cb4f4c1ef64dc3939d2fbe4f1e28325ae2ea927bd51e31863a327e64c0a938725fd02c2a7260660bdf7771068ffe163ce6684b35f423e897e00c97debe0c3df555c43d26b46a79ca68e770cb1b41f184d61520867e639e6b69cddea4b0e2458c5502c7c40512301876c795b3fe5258264b827ba01acc7a774bd9edbaec52c54e582a0737c33087a925145f3da802f81f385c58179272e48c4f8680dfdfe55383c504a6d84b3b7a8aadfb29161e1b8b61b761c3f3bff237ca73ce4ee3316a99090890b32469824b5eed8afbb9491c0bfc4253cced9d8a20965aca98d0249c4626fe6e7d31358b24e34e8dafa015a736cd935fc38a0df62fd6ab2f3c64b44c48b3e6d95969cbbfcdc43e91bea8fe8ac0ca281038ac0e1788c39f090507ff0646bd4f57cc18f6873b03014797731fbe91f254d81c005ffc232180a8dd7baeb6d699f0f0fc15e341672f96b36dd9562a2b10c81f658ad96075fd87832777e87357620e89c7d070e4097fbbb9f59f8cc154f0dc8b45166b524b9c1e649ba027e39381aac286663ad2227ddce8a62bf6b2d2aaae2d993ec447eebf804b8d9816796b187d27b78a8b959977ca7493f79a2b6e0f97bc7b7c75ded89a3c4c7657af37c087cf067470771e0affda9c65e6d4bfedb575b891286810de4f0da6a3bbb5cfc4016f0af1216bd8954f66f7b9b53269a0677f3a63705e554f6f0f1e6ed460f3bbe867b240b8db75186204b7../../interop/_static/ajax-loader.gif../../interop/_static/alabaster.css../../interop/_static/basic.css../../interop/_static/comment-bright.png../../interop/_static/comment-close.png../../interop/_static/comment.png../../interop/_static/custom.css../../interop/_static/doctools.js../../interop/_static/documentation_options.js../../interop/_static/down-pressed.png../../interop/_static/down.png../../interop/_static/file.png../../interop/_static/jquery-3.2.1.js../../interop/_static/jquery.js../../interop/_static/language_data.js../../interop/_static/minus.png../../interop/_static/plus.png../../interop/_static/pygments.css../../interop/_static/searchtools.js../../interop/_static/underscore-1.3.1.js../../interop/_static/underscore.js../../interop/_static/up-pressed.png../../interop/_static/up.png../../interop/_static/websupport.js../../interop/_static/ajax-loader.gif../../interop/_static/alabaster.css../../interop/_static/basic.css../../interop/_static/comment-bright.png../../interop/_static/comment-close.png../../interop/_static/comment.png../../interop/_static/custom.css../../interop/_static/doctools.js../../interop/_static/documentation_options.js../../interop/_static/down-pressed.png../../interop/_static/down.png../../interop/_static/file.png../../interop/_static/jquery-3.2.1.js../../interop/_static/jquery.js../../interop/_static/language_data.js../../interop/_static/minus.png../../interop/_static/plus.png../../interop/_static/pygments.css../../interop/_static/searchtools.js../../interop/_static/underscore-1.3.1.js../../interop/_static/underscore.js../../interop/_static/up-pressed.png../../interop/_static/up.png../../interop/_static/websupport.js../../interop/_static/ajax-loader.gif../../interop/_static/alabaster.css../../interop/_static/basic.css../../interop/_static/comment-bright.png../../interop/_static/comment-close.png../../interop/_static/comment.png../../interop/_static/custom.css../../interop/_static/doctools.js../../interop/_static/documentation_options.js../../interop/_static/down-pressed.png../../interop/_static/down.png../../interop/_static/file.png../../interop/_static/jquery-3.2.1.js../../interop/_static/jquery.js../../interop/_static/language_data.js../../interop/_static/minus.png../../interop/_static/plus.png../../interop/_static/pygments.css../../interop/_static/searchtools.js../../interop/_static/underscore-1.3.1.js../../interop/_static/underscore.js../../interop/_static/up-pressed.png../../interop/_static/up.png../../interop/_static/websupport.js../../interop/_static/ajax-loader.gif../../interop/_static/alabaster.css../../interop/_static/basic.css../../interop/_static/comment-bright.png../../interop/_static/comment-close.png../../interop/_static/comment.png../../interop/_static/custom.css../../interop/_static/doctools.js../../interop/_static/documentation_options.js../../interop/_static/down-pressed.png../../interop/_static/down.png../../interop/_static/file.png../../interop/_static/jquery-3.2.1.js../../interop/_static/jquery.js../../interop/_static/language_data.js../../interop/_static/minus.png../../interop/_static/plus.png../../interop/_static/pygments.css../../interop/_static/searchtools.js../../interop/_static/underscore-1.3.1.js../../interop/_static/underscore.js../../interop/_static/up-pressed.png../../interop/_static/up.png../../interop/_static/websupport.jspkg-split.txtpkg-split.txtpkg-split.txtrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootqemu-5.2.0-150300.118.3.src.rpmqemuqemu(aarch-64)@@    /bin/bash/bin/sh/bin/shaclcoreutilsgroup(kvm)group(qemu)qemu-armrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)udevuser(qemu)3.0.4-14.6.0-14.0-15.2-14.14.3bVbbbb~H@b(b(bb b adada@a@apa\>@aUa@a2@a $@a@``@`@`` @`@`@`}p`x*`u`c`Y@`Q@`P`OL@`KW`KW`B@`?z@`8`/@`.V`-@`+`!'`!'`3@````@` @`x@__T_j____^@_@__@_}_ts@_h_`_Z@_Z@_X_N7_FN_D@_>e_;_2@_{__@^z^@^n@^?@^^^U@^U@^^@^1^@^@^^|@^y@^t@^t@^oj@^j$@^Nt^M#@^9\^8 @^0"@^*@^*@^@^@^^g@^]+]]]e@]@]Γ@]X]@]µ]]5@]W]]@]@]@]?]x]rJ@]rJ@]M`@]J@]Ik]H@]9\\F@\Q\Q\t@\ޢ@\ޢ@\@\ڭ\ֹ@\g\@\!\Ɋ@\\e\\Y@\o@\n\f\ac\T4\Q\J@\@n@\=@\@[>@[>@[o[@[[ @[ZnZ@ZZZ@ZZ̧@ZZZZZw@Z@ZX0>X%X lW_@WWv@WWίWW:WQWWWWW@W~W~WWzOWZWZWQq@WN@WN@WF@WEW!@W!@W@Wo@VbVV@V@V@VVuV]VQ@VQ@VMVMV0V&,VVZVZVZU6@U5@U(U@U@UUlI@Ud`@UT@UQ@U@U7@U4@U.RU-@U-@U) U'@U&iU&iU%@U%@UUU@U ]@U T@TTD@TZ@T@dfaggioli@suse.comlma@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comlma@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comdfaggioli@suse.comlma@suse.comjose.ziviani@suse.comjose.ziviani@suse.comlma@suse.comlma@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comjose.ziviani@suse.comacho@suse.comjose.ziviani@suse.comjose.ziviani@suse.comacho@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comdimstar@opensuse.orgbrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlma@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.commilsav92@outlook.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comdimstar@opensuse.orgbrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.commliska@suse.czbrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.comdimstar@opensuse.orgbrogers@suse.combrogers@suse.comdimstar@opensuse.orgbrogers@suse.comohering@suse.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comguillaume.gardet@opensuse.orgbrogers@suse.combrogers@suse.comstefan.bruens@rwth-aachen.debrogers@suse.comlnussel@suse.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.comstefan.bruens@rwth-aachen.delyan@suse.comcgoll@suse.combrogers@suse.combrogers@suse.comtchvatal@suse.combrogers@suse.combrogers@suse.comschwab@suse.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comguillaume.gardet@opensuse.orgguillaume.gardet@opensuse.orgbrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comolaf@aepfle.debrogers@suse.comolaf@aepfle.delma@suse.combrogers@suse.comolaf@aepfle.debrogers@suse.combrogers@suse.comldewey@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comldewey@suse.combrogers@suse.comldewey@suse.commatz@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlma@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlma@suse.comkwalter@suse.combrogers@suse.comlyan@suse.combrogers@suse.comlma@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comjfehlig@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comhenrik.kuhn@origenis.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comjfehlig@suse.combrogers@suse.combrogers@suse.comschwab@suse.debrogers@suse.comschwab@suse.debrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.comlyan@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.combrogers@suse.comohering@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.comafaerber@suse.deafaerber@suse.debrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comagraf@suse.comafaerber@suse.debrogers@suse.comagraf@suse.combrogers@suse.comglin@suse.combrogers@suse.combrogers@suse.combrogers@suse.combrogers@suse.comagraf@suse.combrogers@suse.combrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deolaf@aepfle.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.destefan.bruens@rwth-aachen.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.detampakrap@opensuse.orgafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deagraf@suse.comcrrodriguez@opensuse.orgagraf@suse.comjslaby@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deagraf@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.debrogers@suse.comafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.deafaerber@suse.dempluskal@suse.comafaerber@suse.deagraf@suse.comafaerber@suse.de- Fix bsc#1198038, CVE-2022-0216 - Fix bsc#1201367, CVE-2022-35414 * Patches added: scsi-lsi53c895a-fix-use-after-free-in-ls.patch softmmu-Always-initialize-xlat-in-addres.patch- Fix usb ehci boot failure (bsc#1192115) * Patches added: hw-usb-hcd-ehci-fix-writeback-order.patch- Fix bsc#1198037, CVE-2021-4207 - Fix bsc#1198035, CVE-2021-4206 - Fix bsc#1198712, CVE-2022-26354 * Patches added: display-qxl-render-fix-race-condition-in.patch ui-cursor-fix-integer-overflow-in-cursor.patch vhost-vsock-detach-the-virqueue-element-.patch- Fix bsc#1199924 and bsc#1197084 * Patches added: hostmem-default-the-amount-of-prealloc-t.patch pci-fix-overflow-in-snprintf-string-form.patch- Backport SeaBIOS patches for fixing bsc#1199018 * Patches added: pci-let-firmware-reserve-IO-for-pcie-pci.patch pci-reserve-resources-for-pcie-pci-bridg.patch- Fix "QEMU direct kernel boot cmdline can corrupt guest kernel data" (bsc#1196737) * Patches added: s390x-ipl-check-kernel-command-line-size.patch- Build PPC firmwares from sources on non-PPC builds as well (bsc#1193545) - Build RiscV firmwares on non-RiscV builds as well - While there, refactor (and simplify!) the firmware building logic and code - Include vmxcap in the qemu-tools package (is being very useful for debugging bsc#1193364) - The qemu package should require qemu-x86, qemu-arm, etc, as there's no point installing it without _any_ of them. Additionally, right now, the user does not get a working qemu, if recommended packages are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087 - Give clearer instructions on how to modify the package patches from the output of update_git.sh (docs change only, no functional change) * Patches added: Makefile-define-endianess-for-cross-buil.patch- Add the qemu patches in bsc#1178049(sles 15 sp2) to qemu v5.2. (bsc#1178049, bsc#1194938) * Patches added: scsi-add-tracing-for-SG_IO-commands.patch scsi-disk-fold-SG_IO-errors-back-into-re.patch scsi-disk-set-default-I-O-timeout-to-30-.patch scsi-disk-trace-rw-errors.patch scsi-generic-check-for-additional-SG_IO-.patch scsi-make-io_timeout-settable.patch virtio-scsi-change-DID-TIMEOUT-handling.patch virtio-scsi-trace-events.patch virtio-scsi-translate-SG_IO-host-status.patch- Fix "qemu,kvm: potential privilege escalation via virtiofsd" (bsc#1195161, CVE-2022-0358) * Patches added: virtiofsd-Drop-membership-of-all-supplem.patch- Fix "kvm,qemu: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c" (bsc#1192525, CVE-2021-3930) * Patches added: hw-scsi-scsi-disk-MODE_PAGE_ALLS-not-all.patch- Fix "block/fdc: null pointer dereference may lead to guest crash" (CVE 2021-20196, bsc#1181361) * Patches added: hw-block-fdc-Kludge-missing-floppy-drive.patch hw-block-fdc-Extract-blk_create_empty_dr.patch- Amend .changes file: avoid declaring a still unfixed CVE, as fixed (bsc#1187529)- Rename the Guest Agent service qemu-guest-agent, like in other distros (and upstream). bsc#1185543- update_git.sh: make sure special directories are defined and created before they're used- Introduce max_hw_iov for use in scsi-generic (bsc#1190425) * Patches added: block-introduce-max_hw_iov-for-use-in-sc.patch- Fix QEMU upgrade from 15-SP2 to 15-SP3.- Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702, CVE-2021-3713) uas-add-stream-number-sanity-checks.patch - Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938, CVE-2021-3748) virtio-net-fix-use-after-unmap-free-for-.patch- Add transfer length item in block limits page of scsi vpd (bsc#1190425) * Patches added: block-add-max_hw_transfer-to-BlockLimits.patch block-backend-align-max_transfer-to-requ.patch file-posix-fix-max_iov-for-dev-sg-device.patch file-posix-try-BLKSECTGET-on-block-devic.patch osdep-provide-ROUND_DOWN-macro.patch scsi-generic-pass-max_segments-via-max_i.patch- Fix qemu crash while deleting xen-block (bsc#1189234) * Patches added: xen-remove-BlockBackend-object-reference.patch- usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) usbredir-fix-free-call.patch- NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) esp-always-check-current_req-is-not-NULL.patch esp-don-t-reset-async_len-directly-in-es.patch esp-ensure-cmdfifo-is-not-empty-and-curr.patch esp-ensure-that-do_cmd-is-set-to-zero-be.patch - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) hw-scsi-megasas-check-for-NULL-frame-in-.patch - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) net-eepro100-validate-various-address-va.patch - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) hw-usb-host-stub-Remove-unused-header.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch usb-redir-avoid-dynamic-stack-allocation.patch- Use max host physical address if -cpu max is used (bsc#1188299) x86-cpu-Use-max-host-physical-address-if.patch- Fix possible mremap overflow in the pvrdma (CVE-2021-3582, bsc#1187499) hw-rdma-Fix-possible-mremap-overflow-in-.patch - Ensure correct input on ring init (CVE-2021-3607, bsc#1187539) pvrdma-Ensure-correct-input-on-ring-init.patch - Fix the ring init error flow (CVE-2021-3608, bsc#1187538) pvrdma-Fix-the-ring-init-error-flow-CVE-.patch* Fix intel-hda segmentation fault due to stack overflow (bsc#1187529) qom-code-hardening-have-bound-checking-w.patch- Enable zstd compression option for qemu-img- Fix out-of-bounds write in virgl_cmd_get_capset CVE-2021-3546 bsc#1185981 vhost-user-gpu-abstract-vg_cleanup_mappi.patch - Fix memory leaks found in the virtio vhost-user GPU device CVE-2021-3544 bsc#1186010 vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch vhost-user-gpu-fix-leak-in-virgl_resourc.patch vhost-user-gpu-fix-memory-disclosure-in-.patch vhost-user-gpu-fix-memory-leak-in-vg_res.patch vhost-user-gpu-fix-memory-leak-while-cal.patch vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch - Fix information disclosure due to uninitialized memory read CVE-2021-3545 bsc#1185990 vhost-user-gpu-fix-resource-leak-in-vg_r.patch- QEMU BIOS fails to read stage2 loader (on s390x)(bsc#1186290) * Patches added: pc-bios-s390-ccw-don-t-try-to-read-the-n.patch- For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975)- Include upstream patch designated as stable material and reviewed for applicability to include here mptsas-Remove-unused-MPTSASState-pending.patch - Clarify in support documents that cpu-add was removed in this release from both the human monitor protocol (HMP) and QMP interfaces- 6.0.0 qemu is about to be released. Add comments to the in- package support documents (supported..txt) about the new deprecations as of that release as an early head's up for qemu users. These deprecations include these command-line options: - M option: kernel-irqchip=off - chardev tty - chardev paraport - enable-fips - writeconfig - spice password=string- Include upstream patches designated as stable material and reviewed for applicability to include here. NOTE that the PIIX4 patch has migration implications: the change will also be applied to the SLE-15-SP2 qemu, and a live migration from that version to this SLE-15-SP3 qemu would require this patch to be applied for a successful migration if PIIX4 southbridge is used in the machine emulation (x86 i440fx) block-rbd-fix-memory-leak-in-qemu_rbd_co.patch block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch cpu-core-Fix-help-of-CPU-core-device-typ.patch hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch hw-block-fdc-Fix-fallback-property-on-sy.patch hw-isa-Kconfig-Add-missing-dependency-VI.patch hw-isa-piix4-Migrate-Reset-Control-Regis.patch hw-virtio-pci-Added-AER-capability.patch hw-virtio-pci-Added-counter-for-pcie-cap.patch s390x-css-report-errors-from-ccw_dstream.patch target-xtensa-fix-meson.build-rule-for-x.patch util-fix-use-after-free-in-module_load_o.patch virtio-pci-compat-page-aligned-ATS.patch- Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream (bsc#1181103) * Patches dropped: hw-s390x-modularize-virtio-gpu-ccw.patch * Patches added: s390x-add-have_virtio_ccw.patch s390x-modularize-virtio-gpu-ccw.patch s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch- Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144, CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282) hw-sd-sd-Actually-perform-the-erase-oper.patch hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch hw-sd-sdhci-Correctly-set-the-controller.patch hw-sd-sdhci-Don-t-transfer-any-data-when.patch hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch hw-sd-sdhci-Limit-block-size-only-when-S.patch hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch hw-sd-sd-Move-the-sd_block_-read-write-a.patch hw-sd-sd-Skip-write-protect-groups-check.patch - Fix potential privilege escalation in virtiofsd tool (CVE-2021-20263, bsc#1183373) tools-virtiofsd-Replace-the-word-whiteli.patch viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch virtiofsd-extract-lo_do_open-from-lo_ope.patch virtiofsd-optionally-return-inode-pointe.patch virtiofsd-prevent-opening-of-special-fil.patch virtiofs-drop-remapped-security.capabili.patch virtiofsd-Save-error-code-early-at-the-f.patch - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) net-introduce-qemu_receive_packet.patch rtl8139-switch-to-use-qemu_receive_packe.patch - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) cadence_gem-switch-to-use-qemu_receive_p.patch dp8393x-switch-to-use-qemu_receive_packe.patch e1000-switch-to-use-qemu_receive_packet-.patch lan9118-switch-to-use-qemu_receive_packe.patch msf2-mac-switch-to-use-qemu_receive_pack.patch pcnet-switch-to-use-qemu_receive_packet-.patch sungem-switch-to-use-qemu_receive_packet.patch tx_pkt-switch-to-use-qemu_receive_packet.patch - Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686) memory-clamp-cached-translation-in-case-.patch - Include upstream patches designated as stable material and reviewed for applicability to include here hw-arm-virt-Disable-pl011-clock-migratio.patch xen-block-Fix-removal-of-backend-instanc.patch - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)- Fix s390x "mediated device is in use" error condition (bsc#1183634) update-linux-headers-Include-const.h.patch Update-linux-headers-to-5.11-rc2.patch vfio-ccw-Connect-the-device-request-noti.patch- Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577) e1000-fail-early-for-evil-descriptor.patch- Fix incorrect guest data in s390x PCI passthrough (bsc#1183372) s390x-pci-restore-missing-Query-PCI-Func.patch- Include upstream patches designated as stable material and reviewed for applicability to include here lsilogic-Use-PCIDevice-exit-instead-of-D.patch vhost-user-blk-fix-blkcfg-num_queues-end.patch - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) 9pfs-Fully-restart-unreclaim-loop-CVE-20.patch - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) net-vmxnet3-validate-configuration-value.patch- Add #!ForceMultiversion to qemu.spec: + As the spec file defines different Version: fiels for various subpackages, we must instruct OBS to not ever reset the checkin-counter, as it would by defalut on a version increase. Resetting the version counter results in sub-packages reusing their VERSION-RELEASE from the past (e.g. qemu-ipxe is version 1.0.0+, and upon checkin of a new qemu version, RELEASE is reset to 1.1, thus again producing qemu-ipxe-1.0.0+-1.1.noarch.rpm.- Fix GCC11 compiler issue in brotli (edk2) code (boo#1181922) brotli-fix-actual-variable-array-paramet.patch - Tweak a few submodule descriptions and summaries - Fix a backward compatibility issue in ACPI data i386-acpi-restore-device-paths-for-pre-5.patch- Add patch from IBM to improve modularization situation on s390 where a new qemu module, hw-s390x-virtio-gpu-ccw.so, and a corresponding new qemu-hw-s390x-virtio-gpu-ccw subpackage, is split out (this parallels the hw-display-virtio-gpu-pci.so module). Split-provides file is also used to track this functionality splitout. Both the packages supplying the above mentioned modules now have a Requires on the qemu-hw-display-virtio-gpu package. It is anticipated that this change is going in upstream as well, and if done differently the plan is to update to the upstream implementation if possible (bsc#1181103) hw-s390x-modularize-virtio-gpu-ccw.patch- Added a few more usability improvements for our git packaging workflow- Fix issue of virtio-9p-ccw having been mistakenly dropped from qemu (bsc#1182496) hw-s390x-fix-build-for-virtio-9p-ccw.patch- Tweaked some spec file details to be again compatible with quilt setup using the spec file as input - Remove BuildRequires that were added in anticipation of building ovmf within this package. We have not taken that route- Fix uninitialized variable in ipxe driver code (boo#1181922) ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch - Add a few improvements to the git-based package workflow scripts- Include additional upstream patches designated as stable material and reviewed for applicability to include here blockjob-Fix-crash-with-IOthread-when-bl.patch monitor-Fix-assertion-failure-on-shutdow.patch qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch qemu-storage-daemon-Enable-object-add.patch- Switch the modules qemu-ui-display-gpu and qemu-ui-display-gpu-pci from being an x86 only Recommends, to a Recommends for all arch's except s390x (boo#1181350) - Fix qemu-hw-usb-smartcard to not be a Recommends for s390x - Minor spec file tweaks for compatibility with upcoming spec file formatter- Make note that this patch takes care of an OOB access in ARM interrupt handling (CVE-2021-20221 bsc#1181933) hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch- Include upstream patches designated as stable material and reviewed for applicability to include here block-Separate-blk_is_writable-and-blk_s.patch hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch hw-timer-slavio_timer-Allow-64-bit-acces.patch net-Fix-handling-of-id-in-netdev_add-and.patch target-arm-Don-t-decode-insns-in-the-XSc.patch target-arm-Fix-MTE0_ACTIVE.patch target-arm-Introduce-PREDDESC-field-defi.patch target-arm-Update-PFIRST-PNEXT-for-pred_.patch target-arm-Update-REV-PUNPK-for-pred_des.patch target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch tcg-Use-memset-for-large-vector-byte-rep.patch ui-vnc-Add-missing-lock-for-send_color_m.patch virtio-move-use-disabled-flag-property-t.patch- binutils v2.36 has changed the handling of the assembler's - mx86-used-note, resulting in a build failure. To compensate, we now explicitly specify -mx86-used-note=no in the seabios Makefile (boo#1181775) build-be-explicit-about-mx86-used-note-n.patch- Additional tweaks to ensure libvirt runs ok when qemu-hw-display-virtio-gpu package is not installed- Use '%service_del_postun_without_restart' instead of '%service_del_postun' to avoid "Failed to try-restart qemu-ga@.service" error while updating the qemu-guest-agent. (bsc#1178565)- Fix two additional cases of qemu crashing due to qemu module packages not being loaded. qom-handle-case-of-chardev-spice-module-.patch spice-app-avoid-crash-when-core-spice-mo.patch- Fix issue of qemu crashing (abort called) when virtio-gpu device is asked for and the qemu-hw-display-virtio-gpu package isn't installed. (bsc#1181103) module-for-virtio-gpu-pre-load-module-to.patch - Add additional inter-module package dependencies, to reflect the current module dependencies (see qemu source file: util/module.c) - As of v3.1.0 virt-manager, new VM's are created by default with audio/sound enabled, so it's time to reflect the need, at least in the spice case, by having spice-audio available when spice in general is used (boo#1180210 boo#1181132) - Further refine package Recommends/Suggests based on architecture - Remove no longer needed dependency on pwdutils (boo#1181235)- Fix qemu-testsuite issue where white space processing gets handled differently under bash 5.1 (boo#1181054) iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch- Convert qemu-kvm from a script to a symlink. Using qemu-kvm to invoke the QEMU emulator has been deprecated for some time, but is still provided. It has as it's ancient origins a version of QEMU which had KVM acceleration enabled by default, and then recently, until now, it is a shell script which execs the QEMU emulator, adding '-machine accel=kvm' to the beginning of the list of command line options passed to the emulator. This method collides with the now preferred method of specifying acceleration options by using -accel. qemu-kvm is now changed to simply be a symlink to the same QEMU binary which the prior script exec'd. This new approach takes advantage of a built-in QEMU feature where if QEMU is invoked using a program name ending in 'kvm', KVM emulation is enabled. This approach is better in that it is more compatible with any other command line option that may be added for describing acceleration. For those who have modified qemu-kvm to add additional command line options, or take other actions in the context of the script you will now need to create an alternate script "emulator" to achieve the same result. Note that it's possible there may be some very subtle behavioral difference in the switch from a script to a symlink, but given that qemu-kvm is a deprecated package, we're not going to worry about that.- Fix crash when spice used and the qemu-audio-spice package isn't installed (boo#1180210) audio-add-sanity-check.patch - Add some stable patches from upstream block-Fix-deadlock-in-bdrv_co_yield_to_d.patch block-Fix-locking-in-qmp_block_resize.patch block-nfs-fix-int-overflow-in-nfs_client.patch block-Simplify-qmp_block_resize-error-pa.patch build-no-pie-is-no-functional-linker-fla.patch- Update to v5.2.0: See http://wiki.qemu.org/ChangeLog/5.2 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in the deprecated.html file installed with the qemu package Some noteworthy changes: * Dropped system emulators: qemu-system-lm32, qemu-system-unicore32 * Dropped linux user emulator: qemu-ppc64abi32 * Added linux user emulator: qemu-extensaeb * Unicore32 and lm32 guest support dropped * New sub-packages (most due to ongoing modularization of QEMU): qemu-audio-spice, qemu-hw-chardev-spice, qemu-hw-display-virtio-vga, qemu-hw-display-virtio-gpu, qemu-hw-display-virtio-gpu-pci, qemu-ui-spice-core, qemu-ui-opengl, qemu-ivshmem-tools * x86: A new KVM feature which improves the handling of asynchronous page faults is available with -cpu ...,kvm-async-pf-int (requires Linux 5.8) * s390: More instructions emulated under TCG * PowerPC: nvdimm= machine option now functions correctly; misc improvements * ARM: new boards: mps2-an386 (Cortex-M4 based) and mps2-an500 (Cortex-M7 based), raspi3ap (the Pi 3 model A+), raspi0 (the Pi Zero) and raspi1ap (the Pi A+) * RISC-V: OpenSBI v0.8 included by default; Generic OpenSBI platform used when no -bios argument is supplied; Support for NUMA sockets on Virt and Spike Machines; Support for migrating machines; misc improvements * Misc NVMe improvements * The 'vhost-user-blk' export type has been added, allowing qemu-storage-daemon to act as a vhost-user-blk device backend * The SMBIOS OEM strings can now come from a file * 9pfs - misc performance related improvements * virtiofs - misc improvements * migration: The default migration bandwidth has been increased to 1Gbps (users are still encouraged to tune it to their own hardware); The new 'calc-dirty-rate' and 'query-dirty-rate' QMP commands can help determine the likelihood of precopy migration success; TLS+multifd now supported for higher bandwidth encrypted migration; misc minor features added * Misc minor block features added * Misc doc improvements * qemu-microvm subpackage change: the bios-microvm.bin is now SeaBIOS based, and the qboot based on is now qboot.rom * elf2dmp is no longer part of qemu-tools (it was never intended to be a packaged binary) * Some subpackages which were 'Requires' are now 'Recommends', allowing for a smaller qemu packaging footprint if needed * Patches dropped (included in release tarball, unless otherwise noted): docs-fix-trace-docs-build-with-sphinx-3..patch (fixed differently) hw-hyperv-vmbus-Fix-32bit-compilation.patch linux-user-properly-test-for-infinite-ti.patch Switch-order-of-libraries-for-mpath-supp.patch (fixed differently) Conditionalize-ui-bitmap-installation-be.patch (fixed differently) hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch (no longer using gcc9) hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch (no longer using gcc9) roms-Makefile-enable-cross-compile-for-b.patch (fixed with different patch) libvhost-user-handle-endianness-as-manda.patch virtio-add-vhost-user-fs-ccw-device.patch Fix-s-directive-argument-is-null-error.patch build-Workaround-compilation-error-with-.patch build-Be-explicit-about-fcommon-compiler.patch intel-Avoid-spurious-compiler-warning-on.patch golan-Add-explicit-type-casts-for-nodnic.patch Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch ensure-headers-included-are-compatible-w.patch Enable-cross-compile-prefix-for-C-compil.patch (fixed differently) hw-net-net_tx_pkt-fix-assertion-failure-.patch hw-net-xgmac-Fix-buffer-overflow-in-xgma.patch s390x-protvirt-allow-to-IPL-secure-guest.patch usb-fix-setup_len-init-CVE-2020-14364.patch * Patches added: meson-install-ivshmem-client-and-ivshmem.patch Revert-roms-efirom-tests-uefi-test-tools.patch Makefile-Don-t-check-pc-bios-as-pre-requ.patch roms-Makefile-add-cross-file-to-qboot-me.patch qboot-add-cross.ini-file-to-handle-aarch.patch usb-Help-compiler-out-to-avoid-a-warning.patch - In spec file, where reasonable, switch BuildRequires: XXX-devel to be pkgconfig(XXX') instead - No longer disable link time optimization for qemu for x86. It looks like either the build service, qemu code changes and/or the switch to meson have resolved issues previously seen there. We still see problems for other architectures however. - For the record, the following issues reported for SUSE SLE15-SP2 are either fixed in this current package, or are otherwise no longer an issue: bsc#1172384 bsc#1174386 bsc#1174641 bsc#1174863 bsc#1175370 bsc#1175441 bsc#1176494 CVE-2020-13361 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092 CVE-2020-24352 and the following feature requests are satisfied by this package: jsc#SLE-13689 jsc#SEL-13780 jsc#SLE-13840 - To be more accurate, and to align with other qemu packaging practices, rename the qemu-s390 package to qemu-s390x. The old name (in the rpm namespace) is provided with a "Provides" directive, and an "Obsoletes" done against that name for prior qemu versions, as is standard practice (boo#1177764 jsc#SLE-17060) - Take this opportunity to remove some ancient Split-Provides mechanisms which can't conceivably be needed any more: qemu-block-curl provided: qemu:%_libdir/%name/block-curl.so qemu-guest-agent provided: qemu:%_bindir/qemu-ga qemu-tools provided: qemu:%_libexecdir/qemu-bridge-helper- Disable linux-user 'ls' test on 32 bit arm. It's failing with "Allocating guest commpage: Cannot allocate memory" error, which we should hunt down, but for now we don't want it to prevent the package from being built- Be more careful about what directives are used for qemu-testsuite- Fix some spec file 'Requires' statements to be accurate to the new model of relying on system-user-qemu and system-group-kvm to provide the needed users and groups- Added io_uring support.- A patch has been applied to virt-manager to handle qemu spice related modules not being present, so undo the change from Sep 30, 2020. Once again qemu-hw-display-qxl and qemu-hw-usb-redirect are Recommends and not Required by the qemu package (boo#1157320 boo#1176517, boo#1178141) - For jsc#SLE-11629, change qemu, qemu-tools, and qemu-guest-agent to rely on system-user-qemu and system-group-kvm to provide now static system UIDs and GID's for qemu user and group, and kvm group. This will make guest migration more seamless for new installations since there is no chance of having required ID's differ in value.- Add virtio-fs support for s390x (jsc#SLE-13822) libvhost-user-handle-endianness-as-manda.patch virtio-add-vhost-user-fs-ccw-device.patch- Note: As part of the "Close the Leap Gap" effort, it's been decided that our SDL2 support in qemu is not worth trying to maintain. Long ago SLE qemu stopped including SDL2 support and now we will do the same for the openSUSE releases going forward. Accordingly SDL2 options are now configured out, and the two sub- packages which are SDL2 specific, namely qemu-audio-sdl and qemu-ui-sdl, are no longer generated, and due to the rpm package conflicts used for those packages, they will be uninstalled from systems as qemu updates move forward - Drop e2fsprogs-devel and libpcap-devel as BuildRequires packages. They have not actually been needed to build qemu for a very long time - Add more forsplits files- Create qemu-skiboot sub-package. Use update-alternatives mechanism to coordinate with opal-firmware (provided with skiboot package set) on the provider of the /usr/share/qemu/skiboot.lid firmware file. qemu-skiboot uses a priority of 15, while opal-firmware uses a priority of 10 (jsc#SLE-13240)- Undo part of the split-provides recently done. We have to wait on virt-manager to handle qemu modularization better before we make qemu-hw-display-qxl and qemu-hw-usb-redirect non-required (boo#1157320 boo#1176517)- Fix spec file, where a conditional macro didn't have the correct syntax (bsc#1176766)- Change qemu-x86 packaging relationship with qemu-microvm from Requires to Recommends- In an effort to "Close the Leap Gap", remove use of is_opensuse from the spec file, so that the same packages built for SLE can be reused for Leap. Some sub-packages will not be included for SLE which are included for Leap. They wil be provided in Package Hub for SLE users as unsupported packages. (jsc#SLE-11660, jsc#SLE-11661, jsc#SLE-11662, jsc#SLE-11691, jse#SLE-11692, jsc#SLE-11894)- Add infrastructure to do package splits when split-off package isn't required and doesn't (otherwise) include any previously installed files. This version of qemu has split out non-essential functionality into loadable modules, as noted in Aug 20, 2020 log entry, which describes the emergency Split-Provides. That approach will be superseded by this planned approach, and those dummy doc files will be removed in time Here is the new mapping: subpackage continuity file provided (files are dummies) ========== ============================================ qemu-chardev-baum /usr/share/qemu/forsplits/00 qemu-hw-display-qxl /usr/share/qemu/forsplits/01 qemu-hw-usb-redirect /usr/share/qemu/forsplits/02 qemu-hw-usb-smartcard /usr/share/qemu/forsplits/03- Fix path of qemu-pr-helper. It was a mistake to move it from %_bindir to _libexecdir. In more recent qemu code it's been moved back, so undo this mistake by providing it at the same location as it has been all along- For SLE15-SP3, note that this update to v5.1.0 is a step towards fulfilling jsc#SLE-13689, which asks for qemu v5.2.0 or higher- Fix some shell syntax in update_git.sh, esp. an issue exposed by the most recent patch added- Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) usb-fix-setup_len-init-CVE-2020-14364.patch - Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, JIRA, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2020-1983 CVE-2020-10761 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 * bsc#1167816 bsc#1170940 boo#1171712 bsc#1172383 bsc#1172384 bsc#1172386 bsc#1172495 bsc#1172710 * Patches dropped (SLE) (included in current release tarball): exec-set-map-length-to-zero-when-returni.patch i386-acpi-Remove-_HID-from-the-SMBus-ACP.patch megasas-use-unsigned-type-for-reply_queu.patch- Fix compilation errors seen with pre-release gcc 11 qht-Revert-some-constification-in-qht.c.patch Revert-qht-constify-qht_statistics_init.patch help-compiler-out-by-initializing-array.patch s390x-Fix-stringop-truncation-issue-repo.patch - Add Split-Provides mechanism, using doc files which were moved in v5.1.0. This allows for the new subpackages to be selected for install when the v5.0.0 qemu is updated. These new subpackages are not marked as "Required" by any packages, in an effort to reduce the dependencies of the core qemu components (boo#1175320) v5.0.0 qemu file mapping is provided as follows: subpackage continuity file provided (files are dummies) ========== ============================================ qemu-chardev-baum /usr/share/doc/packages/qemu/qemu-ga-ref.html qemu-hw-display-qxl /usr/share/doc/packages/qemu/qemu-ga-ref.txt qemu-hw-usb-redirect /usr/share/doc/packages/qemu/qemu-qmp-ref.html qemu-hw-usb-smartcard /usr/share/doc/packages/qemu/qemu-qmp-ref.txt- Fix wrong usage of %{_libexecdir} for systemd owned paths below %{_prefix}/lib.- Update to v5.1.0: See http://wiki.qemu.org/ChangeLog/5.1 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in the deprecated.html file installed with the qemu package Some noteworthy changes: * s390: Protected virtualization (secure execute) is fully merged upstream * s390: vfio-ccw devices no longer require setting the allow prefetch bit in the ORB, but is still dependent on host kernel support * s390: vfio-ccw now has basic support for relaying path state changes to the guest * PowerPC: pseries: NVDIMMs require label-size property * PowerPC: pseries: POWER10 support * PowerPC: added interface to inject POWER style NMIs * ARM: new board: sonorapass-bmc * ARM: new emulated features: ARMv8.2-TTSUXN, ARMv8.5-MemTag * ARM: Raspberry Pi boards now support a USB controller * ARM: virt board now supports hot-remove memory * RISC-V lots of improvements * qemu-img resize now requires -shrink to shrinking raw images * The mem parameter of the -numa option is no longer recognized starting with 5.1 machine types - instead use the memdev parameter * The ACPI WAET table is now exposed to guests * The max blocksize for virtual storage device is now 2 MiB * NVMe improvements * Crypto subsystem improvements * Block backends and tools: Numerous improvements and fixes * Firmware updates: SeaBIOS (essentially v1.14.0), OpenBIOS, SLOF (20200717), OpenSBI (v0.7) * Patches dropped (upstream unless otherwise noted): ati-vga-check-mm_index-before-recursive-.patch audio-fix-wavcapture-segfault.patch es1370-check-total-frame-count-against-c.patch exec-set-map-length-to-zero-when-returni.patch gcc10-maybe-uninitialized.patch hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch megasas-use-unsigned-type-for-reply_queu.patch nbd-server-Avoid-long-error-message-asse.patch ppc-spapr_caps-Don-t-disable-cap_cfpc-on.patch s390x-Add-SIDA-memory-ops.patch s390x-Add-unpack-facility-feature-to-GA1.patch s390x-Move-diagnose-308-subcodes-and-rcs.patch s390x-protvirt-Add-migration-blocker.patch s390x-protvirt-Disable-address-checks-fo.patch s390x-protvirt-Handle-SIGP-store-status-.patch s390x-protvirt-Inhibit-balloon-when-swit.patch s390x-protvirt-KVM-intercept-changes.patch s390x-protvirt-Move-diag-308-data-over-S.patch s390x-protvirt-Move-IO-control-structure.patch s390x-protvirt-Move-STSI-data-over-SIDAD.patch s390x-protvirt-SCLP-interpretation.patch s390x-protvirt-Set-guest-IPL-PSW.patch s390x-protvirt-Support-unpack-facility.patch s390x-s390-virtio-ccw-Fix-build-on-syste.patch Sync-pv.patch tests-Disable-some-block-tests-for-now.patch (no longer needed) vga-fix-cirrus-bios.patch virtiofsd-add-rlimit-nofile-NUM-option.patch virtiofsd-stay-below-fs.file-max-sysctl-.patch * Patches renamed: build-Do-not-apply-WORKAROUND_CFLAGS-for.patch - > Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch build-Fix-s-directive-argument-is-null-e.patch - > Fix-s-directive-argument-is-null-error.patch * Patches added: hw-hyperv-vmbus-Fix-32bit-compilation.patch - New subpackages, due to modularization: qemu-chardev-baum, qemu-hw-display-qxl, qemu-hw-usb-redirect, qemu-hw-usb-smartcard - Configure to use "system" libslirp and libdaxctl (libnvdimm) when available- Don't disable cap_cfpc on POWER8 by default (bsc#1174374) ppc-spapr_caps-Don-t-disable-cap_cfpc-on.patch- Updating to Sphinx v3.1.2 in Factory is exposing an issue in qemu doc sources. Fix it docs-fix-trace-docs-build-with-sphinx-3..patch- Fix DoS possibility in ati-vga emulation (CVE-2020-13800 bsc#1172495) ati-vga-check-mm_index-before-recursive-.patch - Fix DoS possibility in Network Block Device (nbd) support infrastructure (CVE-2020-10761 bsc#1172710) nbd-server-Avoid-long-error-message-asse.patch - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386) exec-set-map-length-to-zero-when-returni.patch - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) megasas-use-unsigned-type-for-reply_queu.patch - Fix legacy IGD passthrough hw-vfio-pci-quirks-Fix-broken-legacy-IGD.patch- The latest gcc10 available in Factory has the fix for the issue this patch was created to avoid, so drop it build-Work-around-gcc10-bug-by-not-using.patch- Switch to upstream versions of some patches we carry add-enum-cast-to-avoid-gcc10-warning.patch - > golan-Add-explicit-type-casts-for-nodnic.patch Be-explicit-about-fcommon-compiler-direc.patch - > build-Be-explicit-about-fcommon-compiler.patch Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch - > build-Do-not-apply-WORKAROUND_CFLAGS-for.patch Fix-s-directive-argument-is-null-error.patch - > build-Fix-s-directive-argument-is-null-e.patch Workaround-compilation-error-with-gcc-9..patch - > build-Workaround-compilation-error-with-.patch work-around-gcc10-problem-with-zero-leng.patch - > intel-Avoid-spurious-compiler-warning-on.patch - Fix vgabios issue for cirrus graphics emulation, which effectively downgraded it to standard VGA behavior vga-fix-cirrus-bios.patch- Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) es1370-check-total-frame-count-against-c.patch- Work around gcc 10 bug (boo#1172411) build-Work-around-gcc10-bug-by-not-using.patch- Now that gcc10 compatibility is figured out, remove NO_WERROR=1 again from ipxe make.- Fix segfault when doing HMP wavcapture (boo#1171712) audio-fix-wavcapture-segfault.patch- Fix DoS in virtiofsd, where a FUSE client could exhaust the number of available open files on the host (CVE-2020-10717 bsc#1171110) virtiofsd-add-rlimit-nofile-NUM-option.patch virtiofsd-stay-below-fs.file-max-sysctl-.patch- Add more fixes for gcc10 compatibility: Use NO_WERROR=1 when building ipxe sources, at least until we get gcc10 compatibility figured out. Also add patch for explicitly using -fcommon (boo#1171140) Be-explicit-about-fcommon-compiler-direc.patch and fix for tighter enum compatibility checking (boo#1171139) add-enum-cast-to-avoid-gcc10-warning.patch and a work around for what seems to be a compiler regression (boo#1171123) work-around-gcc10-problem-with-zero-leng.patch- Update to v5.0.0: See http://wiki.qemu.org/ChangeLog/5.0 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in the deprecated.html file installed with the qemu package Some noteworthy changes: * x86: EPYC-Rome vcpu model * x86: vcpu model fixes for EPYC, Denverton, and Icelake-Server * s390: (as previously mentioned) Protected Virtualization support: start and control guest in secure mode (bsc#1167075 jsc#SLE-7407) * s390: support for Adapter Interrupt Suppression while running in KVM mode * PowerPC: pseries: NVDIMMs with file backend supported * PowerPC: powernv: KVM guests now runnable under TCG emulation * PowerPC: powernv: Basic POWER10 support * ARM: new boards: tacoma-bmc, Netduindo Plus 2, Orangepi PC * ARM: 'virt' machine now supports vTPM and virtio-iommu devices * ARM:Cortex-M7 CPU support * ARM: Lots of architecture features now emulated * ARM: TPM supported * ARM: Timekeeping improvements * ARM: LOTS more - refer to upstream changelog * virtio-iommu * VNC compatibility with noVNC improved * Support for using memory backends for main/"built-in" guest RAM * hostmem backends can now specify prealloc thread count * Better Azure compatibility of VHD images * Ceph namespaces supported * Compress block filter driver can create compressed backup images * virtiofsd availble for host filesystem passthrough * Improved html based documentation is provided with this release * Live migration support for external processes running on QEMU D-Bus * Patches dropped (upstream unless otherwise noted): i386-Add-MSR-feature-bit-for-MDS-NO.patch i386-Add-macro-for-stibp.patch i386-Add-new-CPU-model-Cooperlake.patch arm-arm-powerctl-set-NSACR.-CP11-CP10-bi.patch iotests-Skip-test-060-if-it-is-not-possi.patch iotests-Skip-test-079-if-it-is-not-possi.patch Revert-qemu-options.hx-Update-for-reboot.patch iotests-Provide-a-function-for-checking-.patch Fix-double-free-issue-in-qemu_set_log_fi.patch iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch virtio-blk-fix-out-of-bounds-access-to-b.patch block-Activate-recursively-even-for-alre.patch i386-Resolve-CPU-models-to-v1-by-default.patch numa-properly-check-if-numa-is-supported.patch vhost-user-gpu-Drop-trailing-json-comma.patch display-bochs-display-fix-memory-leak.patch hw-arm-smmuv3-Apply-address-mask-to-line.patch hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MAS.patch hw-arm-smmuv3-Check-stream-IDs-against-a.patch hw-arm-smmuv3-Align-stream-table-base-ad.patch hw-arm-smmuv3-Use-correct-bit-positions-.patch hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch block-Add-bdrv_qapi_perm_to_blk_perm.patch blkdebug-Allow-taking-unsharing-permissi.patch virtio-add-ability-to-delete-vq-through-.patch virtio-update-queue-size-on-guest-write.patch virtio-don-t-enable-notifications-during.patch numa-Extend-CLI-to-provide-initiator-inf.patch numa-Extend-CLI-to-provide-memory-latenc.patch numa-Extend-CLI-to-provide-memory-side-c.patch hmat-acpi-Build-Memory-Proximity-Domain-.patch hmat-acpi-Build-System-Locality-Latency-.patch hmat-acpi-Build-Memory-Side-Cache-Inform.patch tests-numa-Add-case-for-QMP-build-HMAT.patch qcow2-bitmaps-fix-qcow2_can_store_new_di.patch backup-top-Begin-drain-earlier.patch virtio-mmio-update-queue-size-on-guest-w.patch virtio-net-delete-also-control-queue-whe.patch intel_iommu-a-fix-to-vtd_find_as_from_bu.patch target-i386-Add-new-bit-definitions-of-M.patch target-i386-Add-missed-features-to-Coope.patch hw-i386-pc-fix-regression-in-parsing-vga.patch migration-test-ppc64-fix-FORTH-test-prog.patch target-arm-Return-correct-IL-bit-in-merg.patch target-arm-Set-ISSIs16Bit-in-make_issinf.patch runstate-ignore-finishmigrate-prelaunch-.patch migration-Rate-limit-inside-host-pages.patch m68k-Fix-regression-causing-Single-Step-.patch Revert-vnc-allow-fall-back-to-RAW-encodi.patch vnc-prioritize-ZRLE-compression-over-ZLI.patch target-i386-kvm-initialize-feature-MSRs-.patch s390x-adapter-routes-error-handling.patch iscsi-Cap-block-count-from-GET-LBA-STATU.patch block-backup-fix-memory-leak-in-bdrv_bac.patch tpm-ppi-page-align-PPI-RAM.patch hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch target-arm-fix-TCG-leak-for-fcvt-half-do.patch block-fix-memleaks-in-bdrv_refresh_filen.patch block-backup-top-fix-failure-path.patch iotests-add-test-for-backup-top-failure-.patch audio-oss-fix-buffer-pos-calculation.patch target-arm-monitor-query-cpu-model-expan.patch block-fix-crash-on-zero-length-unaligned.patch block-Fix-VM-size-field-width-in-snapsho.patch target-arm-Correct-definition-of-PMCRDP.patch block-nbd-extract-the-common-cleanup-cod.patch block-nbd-fix-memory-leak-in-nbd_open.patch virtio-crypto-do-delete-ctrl_vq-in-virti.patch virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch vhost-user-blk-delete-virtioqueues-in-un.patch hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch pc-bios-s390x-Save-iplb-location-in-lowc.patch iotests-Fix-nonportable-use-of-od-endian.patch block-qcow2-threads-fix-qcow2_decompress.patch job-refactor-progress-to-separate-object.patch block-block-copy-fix-progress-calculatio.patch block-io-fix-bdrv_co_do_copy_on_readv.patch scsi-qemu-pr-helper-Fix-out-of-bounds-ac.patch target-ppc-Fix-rlwinm-on-ppc64.patch compat-disable-edid-on-correct-virtio-gp.patch ppc-ppc405_boards-Remove-unnecessary-NUL.patch block-Avoid-memleak-on-qcow2-image-info-.patch block-bdrv_set_backing_bs-fix-use-after-.patch hmp-vnc-Fix-info-vnc-list-leak.patch migration-colo-fix-use-after-free-of-loc.patch migration-ram-fix-use-after-free-of-loca.patch qcow2-List-autoclear-bit-names-in-header.patch sheepdog-Consistently-set-bdrv_has_zero_.patch target-arm-Fix-PAuth-sbox-functions.patch tcg-i386-Fix-INDEX_op_dup2_vec.patch net-tulip-check-frame-size-and-r-w-data-.patch target-i386-do-not-set-unsupported-VMX-s.patch spapr-Fix-failure-path-for-attempting-to.patch ati-vga-Fix-checks-in-ati_2d_blt-to-avoi.patch xen-block-Fix-double-qlist-remove-and-re.patch vpc-Don-t-round-up-already-aligned-BAT-s.patch target-xtensa-fix-pasto-in-pfwait.r-opco.patch aio-wait-delegate-polling-of-main-AioCon.patch async-use-explicit-memory-barriers.patch tcg-mips-mips-sync-encode-error.patch vhost-user-gpu-Release-memory-returned-b.patch vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch (no pc-0.15) hw-i386-disable-smbus-migration-for-xenf.patch s390x-Don-t-do-a-normal-reset-on-the-ini.patch s390x-Move-reset-normal-to-shared-reset-.patch s390x-Move-initial-reset.patch s390x-Move-clear-reset.patch s390x-kvm-Make-kvm_sclp_service_call-voi.patch s390x-ipl-Consolidate-iplb-validity-chec.patch s390x-Beautify-diag308-handling.patch s390x-Add-missing-vcpu-reset-functions.patch s390-sclp-improve-special-wait-psw-logic.patch vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch util-add-slirp_fmt-helpers.patch slirp-use-correct-size-while-emulating-I.patch tcp_emu-Fix-oob-access.patch slirp-use-correct-size-while-emulating-c.patch tcp_emu-fix-unsafe-snprintf-usages.patch - For SLE builds, leverage the html documentation by adding a link to the SUSE specific support documentation (the *.txt support doc was slightly tweaked to be acceptable as reStructuredText for conversion to html) docs-add-SUSE-support-statements-to-html.patch-Fix potential DoS in ATI VGA emulation (CVE-2020-11869 bsc#1170537) ati-vga-Fix-checks-in-ati_2d_blt-to-avoi.patch- Minor tweaks to patches and support doc- Add gcc10-maybe-uninitialized.patch in order to fix boo#1169728.- Include upstream patches targeted for the next stable release (bug fixes only) spapr-Fix-failure-path-for-attempting-to.patch target-i386-do-not-set-unsupported-VMX-s.patch target-xtensa-fix-pasto-in-pfwait.r-opco.patch tcg-i386-Fix-INDEX_op_dup2_vec.patch tcg-mips-mips-sync-encode-error.patch vhost-user-gpu-Release-memory-returned-b.patch vpc-Don-t-round-up-already-aligned-BAT-s.patch xen-block-Fix-double-qlist-remove-and-re.patch - Fix bug causing weak encryption in PAuth for ARM (CVE-2020-10702 bsc#1168681) target-arm-Fix-PAuth-sbox-functions.patch - Fix OOB in tulip NIC emulation (CVE-2020-11102 bsc#1168713 net-tulip-check-frame-size-and-r-w-data-.patch - Note that previously included patch addresses CVE-2020-1711 and bsc#1166240 iscsi-Cap-block-count-from-GET-LBA-STATU.patch - Include performance improvement (and related?) patch aio-wait-delegate-polling-of-main-AioCon.patch async-use-explicit-memory-barriers.patch - Rework previous patch at Olaf H.'s direction hw-i386-disable-smbus-migration-for-xenf.patch - Eliminate is_opensuse usage in producing seabios version string what we are doing here is just replacing the upstream string with one indicating that the openSUSE build service built it, and so just leave it as "-rebuilt.opensuse.org" - Alter algorithm used to produce "unique" symbol for coordinating qemu with the optional modules it may load. This is a reasonable relaxation for broader compatibility configure-remove-pkgversion-from-CONFIG_.patch - Tweak supported.*.txt for latest deprecations, and other fixes - Tweak update_git.sh, config.sh- One more fix is needed for: s390x Protected Virtualization support - start and control guest in secure mode (bsc#1167075 jsc#SLE-7407) s390x-s390-virtio-ccw-Fix-build-on-syste.patch- Include upstream patches targeted for the next stable release (bug fixes only) block-Avoid-memleak-on-qcow2-image-info-.patch block-bdrv_set_backing_bs-fix-use-after-.patch hmp-vnc-Fix-info-vnc-list-leak.patch migration-colo-fix-use-after-free-of-loc.patch migration-ram-fix-use-after-free-of-loca.patch ppc-ppc405_boards-Remove-unnecessary-NUL.patch qcow2-List-autoclear-bit-names-in-header.patch scsi-qemu-pr-helper-Fix-out-of-bounds-ac.patch sheepdog-Consistently-set-bdrv_has_zero_.patch- Note The previous set of s390x patches also includes the fix for: bsc#1167445- Include upstream patches targeted for the next stable release (bug fixes only) block-io-fix-bdrv_co_do_copy_on_readv.patch compat-disable-edid-on-correct-virtio-gp.patch target-ppc-Fix-rlwinm-on-ppc64.patch vhost-correctly-turn-on-VIRTIO_F_IOMMU_P.patch - s390x Protected Virtualization support - start and control guest in secure mode. (note: binary patch from patch series dropped since for s390x we rebuild the patched binary anyways) (bsc#1167075 jsc#SLE-7407) s390-sclp-improve-special-wait-psw-logic.patch s390x-Add-missing-vcpu-reset-functions.patch s390x-Add-SIDA-memory-ops.patch s390x-Add-unpack-facility-feature-to-GA1.patch s390x-Beautify-diag308-handling.patch s390x-Don-t-do-a-normal-reset-on-the-ini.patch s390x-ipl-Consolidate-iplb-validity-chec.patch s390x-kvm-Make-kvm_sclp_service_call-voi.patch s390x-Move-clear-reset.patch s390x-Move-diagnose-308-subcodes-and-rcs.patch s390x-Move-initial-reset.patch s390x-Move-reset-normal-to-shared-reset-.patch s390x-protvirt-Add-migration-blocker.patch s390x-protvirt-Disable-address-checks-fo.patch s390x-protvirt-Handle-SIGP-store-status-.patch s390x-protvirt-Inhibit-balloon-when-swit.patch s390x-protvirt-KVM-intercept-changes.patch s390x-protvirt-Move-diag-308-data-over-S.patch s390x-protvirt-Move-IO-control-structure.patch s390x-protvirt-Move-STSI-data-over-SIDAD.patch s390x-protvirt-SCLP-interpretation.patch s390x-protvirt-Set-guest-IPL-PSW.patch s390x-protvirt-Support-unpack-facility.patch Sync-pv.patch- Fix the issue that s390x could not read IPL channel program when using dasd as boot device (bsc#1163140) pc-bios-s390x-Save-iplb-location-in-lowc.patch- Fix potential OOB accesses in slirp (CVE-2020-8608 bsc#1163018 bsc#1161066 CVE-2020-7039) slirp-use-correct-size-while-emulating-c.patch slirp-use-correct-size-while-emulating-I.patch tcp_emu-Fix-oob-access.patch tcp_emu-fix-unsafe-snprintf-usages.patch util-add-slirp_fmt-helpers.patch - Replace this patch with upstream version target-arm-monitor-query-cpu-model-expan.patch- Include upstream patches targeted for the next stable release (bug fixes only) audio-oss-fix-buffer-pos-calculation.patch blkdebug-Allow-taking-unsharing-permissi.patch block-Add-bdrv_qapi_perm_to_blk_perm.patch block-backup-top-fix-failure-path.patch block-block-copy-fix-progress-calculatio.patch block-fix-crash-on-zero-length-unaligned.patch block-fix-memleaks-in-bdrv_refresh_filen.patch block-Fix-VM-size-field-width-in-snapsho.patch block-nbd-extract-the-common-cleanup-cod.patch block-nbd-fix-memory-leak-in-nbd_open.patch block-qcow2-threads-fix-qcow2_decompress.patch hw-arm-cubieboard-use-ARM-Cortex-A8-as-t.patch hw-intc-arm_gicv3_kvm-Stop-wrongly-progr.patch iotests-add-test-for-backup-top-failure-.patch iotests-Fix-nonportable-use-of-od-endian.patch job-refactor-progress-to-separate-object.patch target-arm-Correct-definition-of-PMCRDP.patch target-arm-fix-TCG-leak-for-fcvt-half-do.patch tpm-ppi-page-align-PPI-RAM.patch vhost-user-blk-delete-virtioqueues-in-un.patch virtio-add-ability-to-delete-vq-through-.patch virtio-crypto-do-delete-ctrl_vq-in-virti.patch virtio-pmem-do-delete-rq_vq-in-virtio_pm.patch- Add Obsoletes directive for qemu-audio-sdl and qemu-ui-sdl since for a qemu package upgrade from SLE12-SP5, support for SDL is dropped- Fix xenfv migration from xen host with pre-v4.0 qemu. We had previously dropped a similar patch, but have decided that for now we need to go with this type of solution (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch- Avoid query-cpu-model-expansion crashed qemu when using machine type none, patch is queued in upstream now, will update commit id later (bsc#1159443) target-arm-monitor-query-cpu-model-expan.patch- BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow OBS to shortcut through -mini flavors.- Stop using system membarriers (ie switch from --enable-membarrier to --disable-membarrier). This is a blocker for using qemu in the context of containers (boo#1130134 jsc#SLE-11089) - Drop this recently added patch - in consultation with upstream it was decided it needed to be solved a different way (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch - Include upstream patches targeted for the next stable release (bug fixes only) block-backup-fix-memory-leak-in-bdrv_bac.patch iscsi-Cap-block-count-from-GET-LBA-STATU.patch s390x-adapter-routes-error-handling.patch target-i386-kvm-initialize-feature-MSRs-.patch- Include upstream patches targeted for the next stable release (bug fixes only) hw-i386-pc-fix-regression-in-parsing-vga.patch m68k-Fix-regression-causing-Single-Step-.patch migration-Rate-limit-inside-host-pages.patch migration-test-ppc64-fix-FORTH-test-prog.patch Revert-vnc-allow-fall-back-to-RAW-encodi.patch runstate-ignore-finishmigrate-prelaunch-.patch target-arm-Return-correct-IL-bit-in-merg.patch target-arm-Set-ISSIs16Bit-in-make_issinf.patch vnc-prioritize-ZRLE-compression-over-ZLI.patch- BuildRequire pkconfig(systemd) instead of systemd: allow OBS to shortcut through the -mini flavors. - Use systemd_ordering in place of systemd_requires: systemd is never a strict requirement for qemu; but when installing qemu on a systemd-managed system, we want system to be present first.- Fix xenfv migration from xen host with pre-v4.0 qemu (bsc#1159755) hw-i386-disable-smbus-migration-for-xenf.patch- Create files within bundles.tar.xz with fixed timestamp and uid- Add a %bcond_without system_membarrier along with related processing to the spec file, to better investigate running QEMU with the --disable-membarrier configure option- Include upstream patches targeted for the next stable release (bug fixes only) arm-arm-powerctl-set-NSACR.-CP11-CP10-bi.patch backup-top-Begin-drain-earlier.patch block-Activate-recursively-even-for-alre.patch display-bochs-display-fix-memory-leak.patch Fix-double-free-issue-in-qemu_set_log_fi.patch hw-arm-smmuv3-Align-stream-table-base-ad.patch hw-arm-smmuv3-Apply-address-mask-to-line.patch hw-arm-smmuv3-Check-stream-IDs-against-a.patch hw-arm-smmuv3-Correct-SMMU_BASE_ADDR_MAS.patch hw-arm-smmuv3-Report-F_STE_FETCH-fault-a.patch hw-arm-smmuv3-Use-correct-bit-positions-.patch i386-Resolve-CPU-models-to-v1-by-default.patch intel_iommu-a-fix-to-vtd_find_as_from_bu.patch iotests-Fix-IMGOPTSSYNTAX-for-nbd.patch iotests-Provide-a-function-for-checking-.patch iotests-Skip-test-060-if-it-is-not-possi.patch iotests-Skip-test-079-if-it-is-not-possi.patch numa-properly-check-if-numa-is-supported.patch qcow2-bitmaps-fix-qcow2_can_store_new_di.patch Revert-qemu-options.hx-Update-for-reboot.patch vhost-user-gpu-Drop-trailing-json-comma.patch virtio-blk-fix-out-of-bounds-access-to-b.patch virtio-mmio-update-queue-size-on-guest-w.patch virtio-net-delete-also-control-queue-whe.patch virtio-update-queue-size-on-guest-write.patch - Include performance improvement virtio-don-t-enable-notifications-during.patch - Repair incorrect packaging references to Jira tracked features- Add Cooperlake vcpu model (jsc#SLE-7923) i386-Add-MSR-feature-bit-for-MDS-NO.patch i386-Add-macro-for-stibp.patch i386-Add-new-CPU-model-Cooperlake.patch target-i386-Add-new-bit-definitions-of-M.patch target-i386-Add-missed-features-to-Coope.patch - Add HMAT support (jsc#SLE-8897) (the test case for this series isn't included because we aren't set up to handle binary patches) numa-Extend-CLI-to-provide-initiator-inf.patch numa-Extend-CLI-to-provide-memory-latenc.patch numa-Extend-CLI-to-provide-memory-side-c.patch hmat-acpi-Build-Memory-Proximity-Domain-.patch hmat-acpi-Build-System-Locality-Latency-.patch hmat-acpi-Build-Memory-Side-Cache-Inform.patch tests-numa-Add-case-for-QMP-build-HMAT.patch- Update to v4.2.0: See http://wiki.qemu.org/ChangeLog/4.2 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * x86: Denverton, Snowridge, and Dhyana CPU models added * x86: Latest version of all CPU models how have TSX (HLE and RTM) disabled by default * x86: Support for AVX512 BFloat16 extensions * x86: VMX features exposed more accurately and controllably * s390: TCG now implements IEP (Instruction Execution Protection) * PowerPC: POWER8 and POWER9 non-virtualized machines separated out * PowerPC: RTAS now comes from SLOF instead of QEMU itself * PowerPC: Unplug of multifunction PCI devices now unplugs the whole slot, as in x86 * ARM: Support for >256 CPUs with KVM is fixed * ARM: Memory hotplug now supported , when using UEFI, ACPI, for virt machine type * ARM: SVE support possuble now for KVM guests * ARM: ACPI generic event device can now deliver powerdown event * The backend device can be specified for a guest audio device * virtio v1.1 packed virtqueues supported * Socket based character device backends now support TCP keep-alive * Use encryption library cipher mode facilities, allowing improved performance for eg. AES-XTS encrption * Misc block device improvements, esp. with nbd - See the following few release-candidate changelog entries for additional changes related to this release - Switched package build to be out-of-tree- Update to v4.2.0-rc5: See http://wiki.qemu.org/ChangeLog/4.2- Update to v4.2.0-rc4: See http://wiki.qemu.org/ChangeLog/4.2 * Update the support documents used for SUSE SLE releases to cover this qemu release- Update to v4.2.0-rc3: See http://wiki.qemu.org/ChangeLog/4.2 * Patches dropped (upstream unless otherwise noted): ati-add-edid-support.patch ati-vga-add-rage128-edid-support.patch ati-vga-fix-ati_read.patch ati-vga-make-i2c-register-and-bits-confi.patch ati-vga-make-less-verbose.patch ati-vga-try-vga-ddc-first.patch Disable-Waddress-of-packed-member-for-GC.patch hdata-vpd-fix-printing-char-0x00.patch target-i386-add-PSCHANGE_NO-bit-for-the-.patch target-i386-Export-TAA_NO-bit-to-guests.patch vbe-add-edid-support.patch vga-add-ati-bios-tables.patch vga-add-atiext-driver.patch vga-make-memcpy_high-public.patch vga-move-modelist-from-bochsvga.c-to-new.patch * Patches added: Enable-cross-compile-prefix-for-C-compil.patch ensure-headers-included-are-compatible-w.patch roms-Makefile-enable-cross-compile-for-b.patch * Add qemu-ui-spice-app package containing ui-spice-app.so * Add qemu-microvm package containing bios-microvm.bin - Add descriptors for the 128k and 256k SeaBios firmware images - For the record, the following issues reported for SUSE SLE15-SP1 are either fixed in this current package, or are otherwise not an issue: bsc#1079730 bsc#1098403 bsc#1111025 bsc#1128106 bsc#1133031 bsc#1134883 bsc#1135210 bsc#1135902 bsc#1136540 bsc#1136778 bsc#1138534 bsc#1140402 bsc#1143794 bsc#1145379 bsc#1144087 bsc#1145427 bsc#1145436 bsc#1145774 bsc#1146873 bsc#1149811 bsc#1152506 bsc#1155812 bsc#1156642 CVE-2018-12207 CVE-2019-5008 CVE-2019-11135 CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890, and the following feature requests are satisfied by this package: fate#327410 fate#327764 fate#327796 jsc#SLE-4883 jsc#SLE-6132 jsc#SLE-6237 jsc#SLE-6754- Expose pschange-mc-no "feature", indicating CPU does not have the page size change machine check vulnerability (CVE-2018-12207 bsc#1155812) target-i386-add-PSCHANGE_NO-bit-for-the-.patch - Expose taa-no "feature", indicating CPU does not have the TSX Async Abort vulnerability. (CVE-2019-11135 bsc#1152506) target-i386-Export-TAA_NO-bit-to-guests.patch Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Update to v4.1.1, a stable, bug-fix-only release * Besides incorporating the following fixes we already carried, it includes about the same number of other, similar type fixes which we hadn't yet incorporated. * Patches dropped (subsumed by stable update): block-Add-bdrv_co_get_self_request.patch block-create-Do-not-abort-if-a-block-dri.patch block-file-posix-Let-post-EOF-fallocate-.patch block-file-posix-Reduce-xfsctl-use.patch block-io-refactor-padding.patch blockjob-update-nodes-head-while-removin.patch block-Make-wait-mark-serialising-request.patch block-nfs-tear-down-aio-before-nfs_close.patch coroutine-Add-qemu_co_mutex_assert_locke.patch curl-Check-completion-in-curl_multi_do.patch curl-Handle-success-in-multi_check_compl.patch curl-Keep-pointer-to-the-CURLState-in-CU.patch curl-Keep-socket-until-the-end-of-curl_s.patch curl-Pass-CURLSocket-to-curl_multi_do.patch curl-Report-only-ready-sockets.patch hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch hw-core-loader-Fix-possible-crash-in-rom.patch make-release-pull-in-edk2-submodules-so-.patch memory-Provide-an-equality-function-for-.patch mirror-Keep-mirror_top_bs-drained-after-.patch pr-manager-Fix-invalid-g_free-crash-bug.patch qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch qcow2-Fix-corruption-bug-in-qcow2_detect.patch qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch qcow2-Fix-the-calculation-of-the-maximum.patch roms-Makefile.edk2-don-t-pull-in-submodu.patch s390-PCI-fix-IOMMU-region-init.patch s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch target-alpha-fix-tlb_fill-trap_arg2-valu.patch target-arm-Don-t-abort-on-M-profile-exce.patch target-arm-Free-TCG-temps-in-trans_VMOV_.patch util-iov-introduce-qemu_iovec_init_exten.patch vhost-Fix-memory-region-section-comparis.patch vpc-Return-0-from-vpc_co_create-on-succe.patch Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Fix %arm builds- Fix two issues with qcow2 image processing which could affect disk integrity qcow2-Fix-QCOW2_COMPRESSED_SECTOR_MASK.patch qcow2-bitmap-Fix-uint64_t-left-shift-ove.patch- Work around a host kernel xfs bug which can result in qcow2 image corruption block-io-refactor-padding.patch util-iov-introduce-qemu_iovec_init_exten.patch block-Make-wait-mark-serialising-request.patch block-Add-bdrv_co_get_self_request.patch block-file-posix-Let-post-EOF-fallocate-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Correct package names in _constraints after switch to multibuild.- Address potential corruption when using qcow2 images coroutine-Add-qemu_co_mutex_assert_locke.patch qcow2-Fix-corruption-bug-in-qcow2_detect.patch - Include more tweaks to our packaging workflow scripts - this will continue as we refine the scripts - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- use %gcc_version for cross compilers (boo#1153703)- Add upstream edk2 submodule fix for creating tarball - Switch to upstream patch for avoiding git ref in edk2 makefile - Fix failing block tests which aren't compatible with the configure option --enable-membarrier * Patches dropped: roms-Makefile.edk2-don-t-invoke-git-sinc.patch tests-block-io-test-130-needs-some-delay.patch * Patches added: make-release-pull-in-edk2-submodules-so-.patch roms-Makefile.edk2-don-t-pull-in-submodu.patch tests-Fix-block-tests-to-be-compatible-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Reduce the cross compiler versions we rely on - Fix some qemu-testsuite issues, reducing known error cases test-add-mapping-from-arch-of-i686-to-qe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Since our spec file has bashisms, include the following in the spec file: %define _buildshell /bin/bash- Disable some block tests which randomly fail. This is in context of the build service build of qemu-testsuite tests-Disable-some-block-tests-for-now.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Add some post v4.1.0 upstream stable patches * Patches added: mirror-Keep-mirror_top_bs-drained-after-.patch s390x-tcg-Fix-VERIM-with-32-64-bit-eleme.patch target-alpha-fix-tlb_fill-trap_arg2-valu.patch target-arm-Free-TCG-temps-in-trans_VMOV_.patch target-arm-Don-t-abort-on-M-profile-exce.patch qcow2-Fix-the-calculation-of-the-maximum.patch block-file-posix-Reduce-xfsctl-use.patch pr-manager-Fix-invalid-g_free-crash-bug.patch vpc-Return-0-from-vpc_co_create-on-succe.patch block-nfs-tear-down-aio-before-nfs_close.patch block-create-Do-not-abort-if-a-block-dri.patch curl-Keep-pointer-to-the-CURLState-in-CU.patch curl-Keep-socket-until-the-end-of-curl_s.patch curl-Check-completion-in-curl_multi_do.patch curl-Pass-CURLSocket-to-curl_multi_do.patch curl-Report-only-ready-sockets.patch curl-Handle-success-in-multi_check_compl.patch blockjob-update-nodes-head-while-removin.patch memory-Provide-an-equality-function-for-.patch vhost-Fix-memory-region-section-comparis.patch hw-arm-boot.c-Set-NSACR.-CP11-CP10-for-N.patch s390-PCI-fix-IOMMU-region-init.patch hw-core-loader-Fix-possible-crash-in-rom.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Include more tweaks to our packaging workflow scripts - Produce qemu-linux-user and qemu-testsuite via the build service multibuild capability, instead of duplicating the spec file and using package link in build service * combine qemu-linux-user spec file into main qemu spec file. Since this model uses a single changelog, here are some historicial mentions from the now unused qemu-linux-user.changes (delta from qemu's was quite minimal): - Adjust to a v5.2 linux kernel change regarding SIOCGSTAMP - Fix pwrite64/pread64 to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600) * bsc#1112499 * Since qemu-testsuite.spec and qemu-testsuite.changes were just copies of the main qemu version nothing needs to be done there- Build opensbi from source on riscv64- Update to v4.1.0: See http://wiki.qemu.org/ChangeLog/4.1 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * x86: CPU models are now versioned * x86: CPU die topology can now be configured * x86: New Hygon Dhyana and Intel Snowridge CPU models * s390: The bios now supports IPL (boot) from ECKD DASD assigned to the guest via vfio-ccw * s390: The bios now tolerates the presence of bootmap signature entries written by zipl * PowerPC: pseries machine now supports KVM acceleration (kernel_irqchip=on) of the XIVE interrupt controller * PowerPC: pseries now supports hot-plug of PCI bridges and hot-plug and unplug of devices under PCI bridges * ARM: QEMU now supports emulating an FPU for Cortex-M CPUs, and the Cortex-M4 and Cortex-M33 now provide the FP * Python 2 support is deprecated * UEFI platform firmware binaries, and matching variable store templates are now installed * Now it's possible to specify memory-less NUMA node when using "-numa node,memdev" options * Possible to trigger self announcement on specific network interfaces * Default memory distribution between NUMA nodes is now deprecated * Fallback to normal RAM allocation if QEMU is not able to allocate from the "-mem-path" provided file/filesystem is now deprecated * virtio-gpu 2d/3d rendering may now be offloaded to an external vhost-user process, such as QEMU vhost-user-gpu * QEMU will automatically try to use the MAP_SYNC mmap flag for memory backends configured with pmem=on,share=on * Additional SeaVGABIOS patches added for vga-ati compatibility - Drop attempt at build compatibility with SLE12 - New sub-packages: qemu-edk2, qemu-vhost-user-gpu - Conditionalize building of qemu-edk2 (and leave unbuilt for now) - Implement new packaging workflow, includes no longer numbering patches, and having the "current git repo" stored with the package in the form of git bundles * Patches dropped (upstream unless otherwise noted): 0027-tests-test-thread-pool-is-racy-add-.patch 0032-tests-Fix-Makefile-handling-of-chec.patch 0034-Revert-target-i386-kvm-add-VMX-migr.patch 0036-sockets-avoid-string-truncation-war.patch 0039-linux-user-avoid-string-truncation-.patch 0040-linux-user-elfload-Fix-GCC-9-build-.patch 0041-qxl-avoid-unaligned-pointer-reads-w.patch 0042-libvhost-user-fix-Waddress-of-packe.patch 0043-target-i386-define-md-clear-bit.patch 0045-kbd-state-fix-autorepeat-handling.patch 0046-target-ppc-ensure-we-get-null-termi.patch 0049-qxl-check-release-info-object.patch 0050-qemu-bridge-helper-restrict-interfa.patch 0051-linux-user-fix-to-handle-variably-s.patch ipxe-use-gcc6-for-more-compact-code.patch (no longer needed) (the next three are replaced by the upstream equivalent) ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch ipxe-build-Disable-gcc-address-of-packed-member-warning.patch ipxe-efi-Avoid-string-op-warning-with-cross-gcc-7-compile.patch slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input.patch * Patches renamed: 0001-XXX-dont-dump-core-on-sigabort.patch - > XXX-dont-dump-core-on-sigabort.patch 0002-qemu-binfmt-conf-Modify-default-pat.patch - > qemu-binfmt-conf-Modify-default-path.patch 0003-qemu-cvs-gettimeofday.patch - > qemu-cvs-gettimeofday.patch 0004-qemu-cvs-ioctl_debug.patch - > qemu-cvs-ioctl_debug.patch 0005-qemu-cvs-ioctl_nodirection.patch - > qemu-cvs-ioctl_nodirection.patch 0006-linux-user-add-binfmt-wrapper-for-a.patch - > linux-user-add-binfmt-wrapper-for-argv-0.patch 0007-PPC-KVM-Disable-mmu-notifier-check.patch - > PPC-KVM-Disable-mmu-notifier-check.patch 0008-linux-user-binfmt-support-host-bina.patch - > linux-user-binfmt-support-host-binaries.patch 0009-linux-user-Fake-proc-cpuinfo.patch - > linux-user-Fake-proc-cpuinfo.patch 0010-linux-user-use-target_ulong.patch - > linux-user-use-target_ulong.patch 0011-Make-char-muxer-more-robust-wrt-sma.patch - > Make-char-muxer-more-robust-wrt-small-FI.patch 0012-linux-user-lseek-explicitly-cast-no.patch - > linux-user-lseek-explicitly-cast-non-set.patch 0013-AIO-Reduce-number-of-threads-for-32.patch - > AIO-Reduce-number-of-threads-for-32bit-h.patch 0014-xen_disk-Add-suse-specific-flush-di.patch - > xen_disk-Add-suse-specific-flush-disable.patch 0015-qemu-bridge-helper-reduce-security-.patch - > qemu-bridge-helper-reduce-security-profi.patch 0016-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch 0017-linux-user-properly-test-for-infini.patch - > linux-user-properly-test-for-infinite-ti.patch 0018-roms-Makefile-pass-a-packaging-time.patch - > roms-Makefile-pass-a-packaging-timestamp.patch 0019-Raise-soft-address-space-limit-to-h.patch - > Raise-soft-address-space-limit-to-hard-l.patch 0020-increase-x86_64-physical-bits-to-42.patch - > increase-x86_64-physical-bits-to-42.patch 0021-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > vga-Raise-VRAM-to-16-MiB-for-pc-0.15-and.patch 0022-i8254-Fix-migration-from-SLE11-SP2.patch - > i8254-Fix-migration-from-SLE11-SP2.patch 0023-acpi_piix4-Fix-migration-from-SLE11.patch - > acpi_piix4-Fix-migration-from-SLE11-SP2.patch 0024-Switch-order-of-libraries-for-mpath.patch - > Switch-order-of-libraries-for-mpath-supp.patch 0025-Make-installed-scripts-explicitly-p.patch - > Make-installed-scripts-explicitly-python.patch 0026-hw-smbios-handle-both-file-formats-.patch - > hw-smbios-handle-both-file-formats-regar.patch 0028-xen-add-block-resize-support-for-xe.patch - > xen-add-block-resize-support-for-xen-dis.patch 0029-tests-qemu-iotests-Triple-timeout-o.patch - > tests-qemu-iotests-Triple-timeout-of-i-o.patch 0030-tests-block-io-test-130-needs-some-.patch - > tests-block-io-test-130-needs-some-delay.patch 0031-xen-ignore-live-parameter-from-xen-.patch - > xen-ignore-live-parameter-from-xen-save-.patch 0033-Conditionalize-ui-bitmap-installati.patch - > Conditionalize-ui-bitmap-installation-be.patch 0035-tests-change-error-message-in-test-.patch - > tests-change-error-message-in-test-162.patch 0037-hw-usb-hcd-xhci-Fix-GCC-9-build-war.patch - > hw-usb-hcd-xhci-Fix-GCC-9-build-warning.patch 0038-hw-usb-dev-mtp-Fix-GCC-9-build-warn.patch - > hw-usb-dev-mtp-Fix-GCC-9-build-warning.patch 0044-hw-intc-exynos4210_gic-provide-more.patch - > hw-intc-exynos4210_gic-provide-more-room.patch 0047-configure-only-populate-roms-if-sof.patch - > configure-only-populate-roms-if-softmmu.patch 0048-pc-bios-s390-ccw-net-avoid-warning-.patch - > pc-bios-s390-ccw-net-avoid-warning-about.patch keycodemapdb-make-keycode-gen-output-reproducible.patch - > Make-keycode-gen-output-reproducible-use.patch ipxe-stub-out-the-SAN-req-s-in-int13.patch - > stub-out-the-SAN-req-s-in-int13.patch sgabios-fix-cross-build.patch deleted - > roms-sgabios-Fix-csum8-to-be-built-by-ho.patch sgabios-stable-buildid.patch - > sgabios-Makefile-fix-issues-of-build-rep.patch skiboot-gcc9-compat.patch - > Disable-Waddress-of-packed-member-for-GC.patch ipxe-stable-buildid.patch - > ipxe-Makefile-fix-issues-of-build-reprod.patch seabios-fix_cross_compilation.patch - > enable-cross-compilation-on-ARM.patch * Patches added: roms-change-cross-compiler-naming-to-be-.patch roms-Makefile.edk2-don-t-invoke-git-sinc.patch vga-move-modelist-from-bochsvga.c-to-new.patch vga-make-memcpy_high-public.patch vga-add-atiext-driver.patch vga-add-ati-bios-tables.patch vbe-add-edid-support.patch ati-add-edid-support.patch ati-vga-make-less-verbose.patch ati-vga-fix-ati_read.patch ati-vga-make-i2c-register-and-bits-confi.patch ati-vga-try-vga-ddc-first.patch ati-vga-add-rage128-edid-support.patch Fix-s-directive-argument-is-null-error.patch Workaround-compilation-error-with-gcc-9..patch Do-not-apply-WORKAROUND_CFLAGS-for-host-.patch hdata-vpd-fix-printing-char-0x00.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.1- Since we build seabios, take advantage of ability to add our own identifying version info by changing SEABIOS_EXTRAVERSION from "-prebuilt.qemu.org" to "-rebuilt.suse.com" (or "-rebuilt.opensuse.org for openSUSE releases)- Security fix for heap overflow in ip_reass on big packet input (CVE-2019-14378, bsc#1143794) slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0 * Patches added: 0051-linux-user-fix-to-handle-variably-s.patch- Make keycode-gen output reproducible (use SOURCE_DATE_EPOCH timestamp) keycodemapdb-make-keycode-gen-output-reproducible.patch- Security fix for null pointer dereference while releasing spice resources (CVE-2019-12155, bsc#1135902) 0049-qxl-check-release-info-object.patch - Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (CVE-2019-13164, bsc#1140402) 0050-qemu-bridge-helper-restrict-interfa.patch - Replace patch 0043 with an upstream version 0043-target-i386-define-md-clear-bit.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- fixed regression for ksm.service was (bsc#1112646)- Content of packaged %_docdir/%name/interop/_static/ dir depends on python-Sphinx version, so lets just wildcard specifying those files, rather than trying to manage a specific file list- Last change exposed that we still do rely on python2. Make spec file adjustment- Switch from python-Sphinx to Sphinx from python variant we are building with (new Sphinx is for python3 only)- Fix a number of compatibility issues with the stricter gcc9 checks * Disable warning for taking address of packed structure members 0048-pc-bios-s390-ccw-net-avoid-warning-.patch * Fix case of strncpy where null terminated string not guaranteed 0046-target-ppc-ensure-we-get-null-termi.patch * Disable warning for taking address of packed structure members and fix case of passing null pointer as "%s" format parameter skiboot-gcc9-compat.patch - Fix configure script which caused firmware to be built in linux-user only build. 0047-configure-only-populate-roms-if-sof.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Fix regression in autorepeat key handling 0045-kbd-state-fix-autorepeat-handling.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Fix file list- Yet another gcc9 related code fix (bsc#1121464) 0044-hw-intc-exynos4210_gic-provide-more.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Switch to now upstreamed version of patch and add one more gcc9 related patch * Patches renamed: 0041-qxl-fix-Waddress-of-packed-member.patch - > 0041-qxl-avoid-unaligned-pointer-reads-w.patch 0042-libvhost-user-fix-Waddress-of-packe.patch - Add x86 cpu feature "md-clear" (CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 bsc#1111331) 0043-target-i386-define-md-clear-bit.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Correct logic of which ipxe patches get included based on suse_version. We were wrongly excluding a gcc9 related patch for example- Switch to now upstreamed version of some patches * Patches renamed: 0036-util-qemu-sockets-Fix-GCC-9-build-w.patch - > 0036-sockets-avoid-string-truncation-war.patch 0039-linux-user-uname-Fix-GCC-9-build-wa.patch - > 0039-linux-user-avoid-string-truncation-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Create /usr/share/qemu/firmware and /etc/qemu/firmware directories in support of the firmware descriptor feature now in use as of libvirt v5.2- Disable LTO as suggested by Martin Liska (boo#1133281) - Remove and obsolete qemu-oss-audio subpackage. OSS audio is very old, and we didn't really even configure the package properly for it for a very long time, so presumably there can't be any users of it as far as qemu is concerned - Avoid warnings which gcc9 complains about 0036-util-qemu-sockets-Fix-GCC-9-build-w.patch 0037-hw-usb-hcd-xhci-Fix-GCC-9-build-war.patch 0038-hw-usb-dev-mtp-Fix-GCC-9-build-warn.patch 0039-linux-user-uname-Fix-GCC-9-build-wa.patch 0040-linux-user-elfload-Fix-GCC-9-build-.patch 0041-qxl-fix-Waddress-of-packed-member.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Update to v4.0.0: See http://wiki.qemu.org/ChangeLog/4.0 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * ARM: ARMv8+ extensions for SB, PredInv, HPD, LOR, FHM, AA32HPD, PAuth, JSConv, CondM, FRINT, and BTI * ARM: new emulation support for "Musca" and "MPS2" development boards * ARM: virt: support for >255GB of RAM and u-boot "noload" image types * ARM: improved emulation of ARM PMU * HPPA: support for TLB protection IDs and TLB trace events * MIPS: support for multi-threaded TCG emulation * MIPS: emulation support for I7200 I6500 CPUs, QMP-base querying of CPU types, and improved support for SAARI and SAAR configuration registers * MIPS: improvements to Interthread Communication Unit, Fulong 2E machine types, and end-user documentation. * PowerPC: pseries/powernv: support for POWER9 large decrementer * PowerPC: pseries: emulation support for XIVE interrupt controller * PowerPC: pseries: support for hotplugging PCI host bridges (PHBs) * PowerPC: pseries: Spectre/Meltdown mitigations enabled by default, additional support for count-cache-flush mitigation * RISC-V: virt: support for PCI and USB * RISC-V: support for TSR, TW, and TVM fields of mstatus, FS field now supports three stats (dirty, clean, and off) * RISC-V: built-in gdbserver supports register lists via XML files * s390: support for z14 GA 2 CPU model, Multiple-epoch and PTFF features now enabled in z14 CPU model by default * s390: vfio-ap: now supports hot plug/unplug, and no longer inhibits memory ballooning * s390: emulation support for floating-point extension facility and vector support instructions * x86: HAX accelerator now supported POSIX hosts other than Darwin, including Linux and NetBSD * x86: Q35: advertised PCIe root port speeds will now optimally default to maximum link speed (16GT/s) and width (x32) provided by PCIe 4.0 for QEMU 4.0+ machine types; older machine types will retain 2.5GT/x1 defaults for compatibility. * x86: Xen PVH images can now be booted with "-kernel" option * Xtensa: xtfpga: improved SMP support for linux (interrupt distributor, IPI, and runstall) and new SMP-capable test_mmuhifi_c3 core configuration * Xtensa: support for Flexible length instructions extension (FLIX) * GUI: new '-display spice-app' to configure/launch a Spice client GUI with a similar UI to QEMU GTK. VNC server now supports access controls via tls-authz/sasl-authz options * QMP: support for "out-of-band" command execution, can be useful for postcopy migration recovery. Additional QMP commands for working with block devices and dirty bitmaps * VFIO: EDID interface for supported mdev (Intel vGPU for kernel 5.0+), allows resolution setting via xres/yres options. * Xen: new 'xen-disk' device which can create a Xen PV disk backend, and performance improvements for Xen PV disk backend. * Network Block Device: improved tracing and error diagnostics, improved client compatibility with buggy NBD server implementations, new - -bitmap, --list, --tls-authz options for qemu-nbd * virtio-blk now supports DISCARD and WRITE_ZEROES * qemu-test-suite output is now in TAP format * Sphinx now used for part of qemu documentation * A few more configure features are enabled: iconv, lzfse (for openSUSE) * Provide better logo icons - Made these package building changes: * Removed this token from spec file: #!BuildIgnore: gcc-PIE * Created ability to build qemu source out-of-tree * Added BSD-2-Clause license clause due to EDK II code inclusion * Patches dropped (upstream unless otherwise noted): 0010-Remove-problematic-evdev-86-key-fro.patch 0025-Fix-tigervnc-long-press-issue.patch 0026-string-input-visitor-Fix-uint64-par.patch 0027-test-string-input-visitor-Add-int-t.patch 0028-test-string-input-visitor-Add-uint6.patch 0029-tests-Add-QOM-property-unit-tests.patch 0030-tests-Add-scsi-disk-test.patch 0033-smbios-Add-1-terminator-if-any-stri.patch (different approach used) 0034-qemu-io-tests-comment-out-problemat.patch (not as needed) 0039-xen_disk-Avoid-repeated-memory-allo.patch 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0045-hw-usb-fix-mistaken-de-initializati.patch 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch 0047-pvrdma-release-device-resources-in-.patch 0048-rdma-check-num_sge-does-not-exceed-.patch 0049-pvrdma-add-uar_read-routine.patch 0050-pvrdma-check-number-of-pages-when-c.patch 0051-pvrdma-check-return-value-from-pvrd.patch 0052-pvrdma-release-ring-object-in-case-.patch 0053-block-Fix-hangs-in-synchronous-APIs.patch 0054-linux-user-make-pwrite64-pread64-fd.patch 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch 0056-slirp-check-data-length-while-emula.patch 0057-s390x-Return-specification-exceptio.patch 0059-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch 0061-slirp-check-sscanf-result-when-emul.patch 0062-ppc-add-host-serial-and-host-model-.patch 0063-i2c-ddc-fix-oob-read.patch 0064-device_tree.c-Don-t-use-load_image.patch 0065-spapr-Simplify-handling-of-host-ser.patch ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch ipxe-fix-build.patch skiboot-hdata-i2c.c-fix-building-with-gcc8.patch * Patches renamed: 0011-linux-user-use-target_ulong.patch - > 0010-linux-user-use-target_ulong.patch 0012-Make-char-muxer-more-robust-wrt-sma.patch - > 0011-Make-char-muxer-more-robust-wrt-sma.patch 0013-linux-user-lseek-explicitly-cast-no.patch - > 0012-linux-user-lseek-explicitly-cast-no.patch 0014-AIO-Reduce-number-of-threads-for-32.patch - > 0013-AIO-Reduce-number-of-threads-for-32.patch 0015-xen_disk-Add-suse-specific-flush-di.patch - > 0014-xen_disk-Add-suse-specific-flush-di.patch 0016-qemu-bridge-helper-reduce-security-.patch - > 0015-qemu-bridge-helper-reduce-security-.patch 0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0016-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0018-linux-user-properly-test-for-infini.patch - > 0017-linux-user-properly-test-for-infini.patch 0019-roms-Makefile-pass-a-packaging-time.patch - > 0018-roms-Makefile-pass-a-packaging-time.patch 0020-Raise-soft-address-space-limit-to-h.patch - > 0019-Raise-soft-address-space-limit-to-h.patch 0021-increase-x86_64-physical-bits-to-42.patch - > 0020-increase-x86_64-physical-bits-to-42.patch 0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0021-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0023-i8254-Fix-migration-from-SLE11-SP2.patch - > 0022-i8254-Fix-migration-from-SLE11-SP2.patch 0024-acpi_piix4-Fix-migration-from-SLE11.patch - > 0023-acpi_piix4-Fix-migration-from-SLE11.patch 0031-Switch-order-of-libraries-for-mpath.patch - > 0024-Switch-order-of-libraries-for-mpath.patch 0032-Make-installed-scripts-explicitly-p.patch - > 0025-Make-installed-scripts-explicitly-p.patch 0035-tests-test-thread-pool-is-racy-add-.patch - > 0027-tests-test-thread-pool-is-racy-add-.patch 0036-xen-add-block-resize-support-for-xe.patch - > 0028-xen-add-block-resize-support-for-xe.patch 0037-tests-qemu-iotests-Triple-timeout-o.patch - > 0029-tests-qemu-iotests-Triple-timeout-o.patch 0038-tests-block-io-test-130-needs-some-.patch - > 0030-tests-block-io-test-130-needs-some-.patch 0040-xen-ignore-live-parameter-from-xen-.patch - > 0031-xen-ignore-live-parameter-from-xen-.patch 0058-Revert-target-i386-kvm-add-VMX-migr.patch - > 0034-Revert-target-i386-kvm-add-VMX-migr.patch * Patches added: 0026-hw-smbios-handle-both-file-formats-.patch 0032-tests-Fix-Makefile-handling-of-chec.patch 0033-Conditionalize-ui-bitmap-installati.patch 0035-tests-change-error-message-in-test-.patch ipxe-efi-Avoid-string-op-warning-with-cross-gcc-7-compile.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-4.0- Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest upstream adjustments for the same. Basically now the security fix is to provide a dummy host-model and host-serial value, which overrides getting that value from the host 0065-spapr-Simplify-handling-of-host-ser.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Tweak last spec file change to guard new Requires with conditional - Fix DOS possibility in device tree processing (CVE-2018-20815 bsc#1130675) 0064-device_tree.c-Don-t-use-load_image.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Remove an unneeded BuildRequires which impacts bsc#1119414 fix Also add a corresponding Recommends for qemu-tools as part of this packaging adjustment (bsc#1130484) - Fix information leak in slirp (CVE-2019-9824 bsc#1129622) 0061-slirp-check-sscanf-result-when-emul.patch - Add method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue (CVE-2019-8934 bsc#1126455) 0062-ppc-add-host-serial-and-host-model-.patch - Fix OOB memory access and information leak in virtual monitor interface (CVE-2019-03812 bsc#1125721) 0063-i2c-ddc-fix-oob-read.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Again address ipxe GCC 9 incompatibilities. Previously included patch to disable unneeded warning got muffed somehow (bsc#1121464)- Package and cross-build rom files for aarch64 from SLE15/Leap15.0 to fix boo#1125964 - Add patch to fix seabios cross-compilation: * seabios-fix_cross_compilation.patch - Add patch to fix sgabios cross-compilation: * sgabios-fix-cross-build.patch- Fix _constraints to include all architectures for disk size (fix aarch64)- Revert upstream patch which declares x86 vmx feature a migration blocker. Given the proliferation of using vm's with host features passed through and the general knowledge that nested virtualization has many usage caveats, but still gets put in use in restricted scenarios, this patch did more harm than good, I feel. So despite this relaxation, please consider yourself warned that nested virtualization is not yet a supportable feature. (bsc#1121604) 0058-Revert-target-i386-kvm-add-VMX-migr.patch - Fix SEV VM device assignment (bsc#1123205) 0059-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Remove 71-sev.rules, which modifies the default permissions of /dev/sev by adding the kvm group as reader/writer. Upstream decided to take a different approach for libvirt to manage SEV due to security concerns which I agree overrides the convenience of providing /dev/sev access to all the kvm group (bsc#1124842 bsc#1102604)- Increase memory needed to build qemu-testsuite for ppc* arch's in _constraints file- Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0057-s390x-Return-specification-exceptio.patch- Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156) 0056-slirp-check-data-length-while-emula.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Fix ipxe GCC 9 incompatibilities (bsc#1121464) ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch ipxe-build-Disable-gcc-address-of-packed-member-warning.patch- Tweak Xen interface to be compatible with upcoming v4.12 Xen 0055-xen-Add-xen-v4.12-based-xc_domain_c.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0054-linux-user-make-pwrite64-pread64-fd.patch (bsc#1121600)- Clarify that move to include v3.1.0 in qemu package corresponds with fate#327089, which of course builds on v3.0.0 mentioned previously, and that among other patches which this change obsoletes (because functionality is included in base version) I will mention one pointed out by reviewers: 0094-s390x-cpumodels-add-z14-Model-ZR1.patch- include post v3.1.0 patches marked for next stable release: 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0045-hw-usb-fix-mistaken-de-initializati.patch - Address various security/stability issues * Fix host access vulnerability in usb-mtp infrastructure (CVE-2018-16872 bsc#1119493) 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch * Fix DoS in pvrdma interface (CVE-2018-20123 bsc#1119437) 0047-pvrdma-release-device-resources-in-.patch * Fix OOB access issue in rdma backend (CVE-2018-20124 bsc#1119840) 0048-rdma-check-num_sge-does-not-exceed-.patch * Fix NULL pointer reference in pvrdma emulation (CVE-2018-20191 bsc#1119979) 0049-pvrdma-add-uar_read-routine.patch * Fix DoS in pvrdma interface (CVE-2018-20125 bsc#1119989) 0050-pvrdma-check-number-of-pages-when-c.patch * Fix DoS in pvrdma interface (CVE-2018-20216 bsc#1119984) 0051-pvrdma-check-return-value-from-pvrd.patch * Fix DoS in pvrdma interface (CVE-2018-20126 bsc#1119991) 0052-pvrdma-release-ring-object-in-case-.patch - one more post v3.1.0 patches marked for next stable release: 0053-block-Fix-hangs-in-synchronous-APIs.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0040-xen-ignore-live-parameter-from-xen-.patch (bsc#1079730, bsc#1101982, bsc#1063993)- Follow up on ideas prompted by last change: clean up the patches generated by git workflow. There is no value to the first line (mbox From line), or [PATCH] on subject line. Get rid of those - Other minor fixes and improvements to update_git.sh- Modify update_git.sh script: pass --zero-commit to format-patch This removes needless noise in the buildservice when the same set of patches is imported/exported at different times by different users. pass --no-signature to format-patch Remove sed call which used to remove the signature, use mv instead- Use /bin/bash to echo value into sys fs for ksm control (bsc#1112646)- fix memory leak in xen_disk (bsc#1100408) 0039-xen_disk-Avoid-repeated-memory-allo.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1- building against xen-devel requires the XC_* compat macros to be set because this version of QEMU will be built against many versions of Xen. configure will decide on the appropriate function names it knows about today. To actually call these functions, future versions of Xen may require XC_* to be set. Furthermore, fix a bug in QEMU: xen_common.h undefines the XC_* macros unconditionally.- Update to v3.1.0: See http://wiki.qemu.org/ChangeLog/3.1 Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package Some noteworthy changes: * x86 IceLake-Server and IceLake-Client cpu models added * Document recommendations for choosing cpu modesl for x86 guests * Support for Hyper-V enlightened VMCS * stdvga and bochs-display devices can expose EDID information to the guest. stdvga xres and yres properties are exposed in the EDID information * s390 improvements: vfio-ap crypto device support, max-cpu model added, etoken support, huge page backing support * ARM: ARMv6M architecture and Cortex-M0 cpu host support added, Cortex-A72 cpu model added, GICv2 virtualization extensions, emulation of AArch32 virtualization, Scalable Vector Extension implemented * Support for AMD IOMMU interrupt remapping and guest virtual APIC mode * Multithreaded TCG on x86 is considered supportable * Add a patch to triple timeout of block io tests, since the obs environment is fickle * x86 save/restore and live migration is prohibited if Intel KVM nested virtualization is enabled * Patches dropped (upstream unless otherwise noted): 0033-migration-warn-about-inconsistent-s.patch (shouldn't be needed anymore) 0035-configure-Modify-python-used-for-io.patch (upstream now python3 friendly) 0039-tests-boot-serial-test-Bump-timeout.patch 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch 0047-linux-user-init_guest_space-Try-to-.patch 0048-ne2000-fix-possible-out-of-bound-ac.patch 0049-rtl8139-fix-possible-out-of-bound-a.patch 0050-pcnet-fix-possible-buffer-overflow.patch 0051-net-ignore-packet-size-greater-than.patch 0052-lsi53c895a-check-message-length-val.patch 0053-nvme-fix-oob-access-issue-CVE-2018-.patch (fixed differently upstream) * Patches renamed: 0034-smbios-Add-1-terminator-if-any-stri.patch - > 0033-smbios-Add-1-terminator-if-any-stri.patch 0036-qemu-io-tests-comment-out-problemat.patch - > 0034-qemu-io-tests-comment-out-problemat.patch 0037-tests-test-thread-pool-is-racy-add-.patch - > 0035-tests-test-thread-pool-is-racy-add-.patch 0038-xen-add-block-resize-support-for-xe.patch - > 0036-xen-add-block-resize-support-for-xe.patch * Patches added: 0037-tests-qemu-iotests-Triple-timeout-o.patch 0038-tests-block-io-test-130-needs-some-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Update includes the following bug fixes: bsc#1108474, bsc#1117615 - Update includes the following SLE requested functionality: FATE#324810, FATE#325875, FATE#326369, FATE#326378, FATE#326379, FATE#326401, FATE#326672, FATE#326829 - Make the following packaging changes related to the new release * Enable libpmem, pvrdma, vhost-crypto features and qemu-block-nfs subpackage * New roms available: vgabios-bochs-display.bin, vgabios-ramfb.bin * New binary tool included (qemu-edid) for testing the new qemu edid generator - Tweaked patches we carry to pass qemu's checkpatch checker - Modify update_git.sh script to enable packaging qemu from development time sources, not just at release time - Removed erroneous (and now useless) tests for tar and gzip formats - Don't exclude s390x anymore from building the qemu-testsuite - Based on current OBS building observations make changes to storage and memory requires specified in the _constraints file- Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2018-10839 CVE-2018-16847 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 * bsc#1110910 bsc#1111006 bsc#1111010 bsc#1111013 bsc#1114422 bsc#1114529 * Patches added: 0047-linux-user-init_guest_space-Try-to-.patch 0048-ne2000-fix-possible-out-of-bound-ac.patch 0049-rtl8139-fix-possible-out-of-bound-a.patch 0050-pcnet-fix-possible-buffer-overflow.patch 0051-net-ignore-packet-size-greater-than.patch 0052-lsi53c895a-check-message-length-val.patch 0053-nvme-fix-oob-access-issue-CVE-2018-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0* Adding changes to mitigate seccomp vulnerability (CVE-2018-15746 bsc#1106222) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 * Patches added: 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch- Do more misc spec file fixes: * Be explicit in spec file about Version used for all subpackages (again, to avoid subpackage ordering issues). Default Release tag is also brought in by obs format_spec_file service * Delete binary blob s390-netboot.img, which we rebuild * Don't provide separate Url for qemu-kvm package - the main qemu website provides easily findable link for kvm specifics * Associate petalogix-ml605.dtb with qemu-extra instead of qemu-ppc * More entry sorting- Correct some versioning as follows: * Accurately reflect the qemu-ipxe package version value by adding "+" at the end * Don't overwrite seabios .version file, since now (for quite some time actually) upstream tarball creation creates this file and the value we are writing to it is actually wrong - Make spec file improvements, including the following: * Add qemu.keyring to enable package source verification * Create srcname macro to identify source file name separately from package name * Create alternate to %version to avoid subpackage ordering causing inadvertantly wrong %version value at point of use * Sort some entries * Be more consistent with macro syntax usage * Minor file tweaks as done by osc format_spec_file service- Re-sync openSUSE and SUSE SLE qemu packages. This changes file is the openSUSE one with this entry providing the intervening SLE CVE, FATE, and bugzilla references, which are still addressed in this package, and not yet called out in this changes file. * CVE-2018-11806 CVE-2018-12617 CVE-2018-7550 CVE-2018-15746 * fate#325467 * bsc#1091695 bsc#1094725 bsc#1094913 bsc#1096223 bsc#1098735 bsc#1103628 bsc#1105279 bsc#1106222 bsc#1106222 bsc#1107489 * Patches added: * only enable glusterfs for openSUSE 0040-linux-headers-update.patch 0041-s390x-kvm-add-etoken-facility.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Increase timeout for boot-serial-test, since we've hit the timeout for armv7l arch in qemu-testsuite. 0039-tests-boot-serial-test-Bump-timeout.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Drop legacy kvm_stat script and man page. We'll rely on the kvm_stat package only going forward kvm_stat kvm_stat.1.gz - Update SLE support documentation to match v3.0.0 release- Update to v3.0.0: See http://wiki.qemu.org/ChangeLog/3.0 Don't read anything into the major version number update. It's been decided to increase the major version number each year. Take note that ongoing feature deprecation is tracked at both http://wiki.qemu-project.org/Features/LegacyRemoval and in Appendix B of the qemu-doc.* files installed with the qemu package. Some noteworthy changes: * Support for additional x86/AMD mitigations against Speculative Store Bypass (Spectre Variant 4, CVE-2018-3639) * Improved support for nested KVM guests running on Hyper-V * Block device support for active disk-mirroring, which avoids convergence issues which may arise when doing passive/background mirroring of busy devices * Improved support for AHCI emulation, SCSI emulation, and persistent reservations / cluster management * OpenGL ES support for SDL front-end, additional framebuffer device options for early boot display without using legacy VGA emulation * Live migration support for TPM TIS devices, capping bandwidth usage during post-copy migration, and recovering from a failed post-copy migration * Improved latency when using user-mode networking / SLIRP * ARM: support for SMMUv3 IOMMU when using 'virt' machine type * ARM: v8M extensions for VLLDM and VLSTM floating-point instructions, and improved support for AArch64 v8.2 FP16 extensions * ARM: support for Scalable Vector Extensions in linux-user mode * Microblaze: support for 64-bit address sizes and translation bug fixes * PowerPC: PMU support for mac99 machine type and improvements for Uninorth PCI host bridge emulation for Mac machine types * PowerPC: preliminary support for emulating POWER9 hash MMU mode when using powernv machine type * RISC-V: improvement for privileged ISA emulation * s390: support for z14 ZR1 CPU model * s390: bpb/ppa15 Spectre mitigations enabled by default for z196 and later CPU models * s390: support for configuring consoles via -serial options * Patches dropped (upstream unless otherwise noted): 0008-linux-user-fix-segfault-deadlock.patch (no longer needed) 0039-blockjob-Fix-assertion-in-block_job.patch 0041-seccomp-allow-sched_setscheduler-wi.patch Make-installed-scripts-explicitly-python3.patch (we now make python3 explicit in other patch) * Patches renamed: 0009-linux-user-binfmt-support-host-bina.patch - > 0008-linux-user-binfmt-support-host-bina.patch 0010-linux-user-Fake-proc-cpuinfo.patch - > 0009-linux-user-Fake-proc-cpuinfo.patch 0011-Remove-problematic-evdev-86-key-fro.patch - > 0010-Remove-problematic-evdev-86-key-fro.patch 0012-linux-user-use-target_ulong.patch - > 0011-linux-user-use-target_ulong.patch 0013-Make-char-muxer-more-robust-wrt-sma.patch - > 0012-Make-char-muxer-more-robust-wrt-sma.patch 0014-linux-user-lseek-explicitly-cast-no.patch - > 0013-linux-user-lseek-explicitly-cast-no.patch 0015-AIO-Reduce-number-of-threads-for-32.patch - > 0014-AIO-Reduce-number-of-threads-for-32.patch 0016-xen_disk-Add-suse-specific-flush-di.patch - > 0015-xen_disk-Add-suse-specific-flush-di.patch 0017-qemu-bridge-helper-reduce-security-.patch - > 0016-qemu-bridge-helper-reduce-security-.patch 0018-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0017-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0019-linux-user-properly-test-for-infini.patch - > 0018-linux-user-properly-test-for-infini.patch 0020-roms-Makefile-pass-a-packaging-time.patch - > 0019-roms-Makefile-pass-a-packaging-time.patch 0021-Raise-soft-address-space-limit-to-h.patch - > 0020-Raise-soft-address-space-limit-to-h.patch 0022-increase-x86_64-physical-bits-to-42.patch - > 0021-increase-x86_64-physical-bits-to-42.patch 0023-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0022-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0024-i8254-Fix-migration-from-SLE11-SP2.patch - > 0023-i8254-Fix-migration-from-SLE11-SP2.patch 0025-acpi_piix4-Fix-migration-from-SLE11.patch - > 0024-acpi_piix4-Fix-migration-from-SLE11.patch 0026-Fix-tigervnc-long-press-issue.patch - > 0025-Fix-tigervnc-long-press-issue.patch 0027-string-input-visitor-Fix-uint64-par.patch - > 0026-string-input-visitor-Fix-uint64-par.patch 0028-test-string-input-visitor-Add-int-t.patch - > 0027-test-string-input-visitor-Add-int-t.patch 0029-test-string-input-visitor-Add-uint6.patch - > 0028-test-string-input-visitor-Add-uint6.patch 0030-tests-Add-QOM-property-unit-tests.patch - > 0029-tests-Add-QOM-property-unit-tests.patch 0031-tests-Add-scsi-disk-test.patch - > 0030-tests-Add-scsi-disk-test.patch 0032-Switch-order-of-libraries-for-mpath.patch - > 0031-Switch-order-of-libraries-for-mpath.patch 0033-Make-installed-scripts-explicitly-p.patch - > 0032-Make-installed-scripts-explicitly-p.patch (python2->python3) 0034-migration-warn-about-inconsistent-s.patch - > 0033-migration-warn-about-inconsistent-s.patch 0035-smbios-Add-1-terminator-if-any-stri.patch - > 0034-smbios-Add-1-terminator-if-any-stri.patch 0036-configure-Modify-python-used-for-io.patch - > 0035-configure-Modify-python-used-for-io.patch 0037-qemu-io-tests-comment-out-problemat.patch - > 0036-qemu-io-tests-comment-out-problemat.patch 0038-tests-test-thread-pool-is-racy-add-.patch - > 0037-tests-test-thread-pool-is-racy-add-.patch 0040-xen-add-block-resize-support-for-xe.patch - > 0038-xen-add-block-resize-support-for-xe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0- Update QEMU to allow kvm group access to /dev/sev (bsc#1102604). 71-sev.rules- Update to v2.12.1, a stable, (mostly) bug-fix-only release * This update contains new mitigation functionality for CVE-2018-3639 (Speculative Store Bypass) in x86. There are also bug fixes for migration, Intel IOMMU emulation, block layer/image handling, ARM emulation, and various other areas. (Note that a number of 2.12.1 patches were already included by us previously) (CVE-2018-3639 bsc#1092885) * Patches dropped (subsumed by stable update): 0039-device_tree-Increase-FDT_MAX_SIZE-t.patch 0040-vnc-fix-use-after-free.patch 0041-ccid-Fix-dwProtocols-advertisement-.patch 0042-tcg-arm-Fix-memory-barrier-encoding.patch 0043-s390-ccw-force-diag-308-subcode-to-.patch 0044-nbd-client-fix-nbd_negotiate_simple.patch 0045-migration-block-dirty-bitmap-fix-me.patch 0046-nbd-client-Fix-error-messages-durin.patch 0047-nbd-client-Relax-handling-of-large-.patch 0048-qxl-fix-local-renderer-crash.patch 0049-tcg-Limit-the-number-of-ops-in-a-TB.patch 0050-target-arm-Clear-SVE-high-bits-for-.patch 0051-cpus-tcg-fix-never-exiting-loop-on-.patch 0052-s390x-css-disabled-subchannels-cann.patch 0053-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0054-virtio-ccw-common-reset-handler.patch 0055-s390x-ccw-make-sure-all-ccw-devices.patch 0056-blockjob-expose-error-string-via-qu.patch 0058-qemu-io-Use-purely-string-blockdev-.patch 0059-qemu-img-Use-only-string-options-in.patch 0060-nfs-Remove-processed-options-from-Q.patch 0061-i386-define-the-ssbd-CPUID-feature-.patch 0062-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch 0064-ahci-fix-PxCI-register-race.patch 0065-ccid-card-passthru-fix-regression-i.patch * Patches renamed: 0057-blockjob-Fix-assertion-in-block_job.patch - > 0039-blockjob-Fix-assertion-in-block_job.patch 0066-xen-add-block-resize-support-for-xe.patch - > 0040-xen-add-block-resize-support-for-xe.patch 0067-seccomp-allow-sched_setscheduler-wi.patch - > 0041-seccomp-allow-sched_setscheduler-wi.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fixing seccomp resourcecontrol defunct issue (bsc#1102627) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-seccomp-allow-sched_setscheduler-wi.patch- Add ipxe-fix-build.patch to not error out with binutils >= 2.31 .- Remove linux-user patch which is no longer needed (bsc#1098056) * Patches dropped: 0011-linux-user-XXX-disable-fiemap.patch * Patches renamed: 0036-Remove-problematic-evdev-86-key-fro.patch - > 0011-Remove-problematic-evdev-86-key-fro.patch 0037-configure-Modify-python-used-for-io.patch - > 0036-configure-Modify-python-used-for-io.patch 0038-qemu-io-tests-comment-out-problemat.patch - > 0037-qemu-io-tests-comment-out-problemat.patch 0039-tests-test-thread-pool-is-racy-add-.patch - > 0038-tests-test-thread-pool-is-racy-add-.patch 0040-device_tree-Increase-FDT_MAX_SIZE-t.patch - > 0039-device_tree-Increase-FDT_MAX_SIZE-t.patch 0041-vnc-fix-use-after-free.patch - > 0040-vnc-fix-use-after-free.patch 0042-ccid-Fix-dwProtocols-advertisement-.patch - > 0041-ccid-Fix-dwProtocols-advertisement-.patch 0043-tcg-arm-Fix-memory-barrier-encoding.patch - > 0042-tcg-arm-Fix-memory-barrier-encoding.patch 0044-s390-ccw-force-diag-308-subcode-to-.patch - > 0043-s390-ccw-force-diag-308-subcode-to-.patch 0045-nbd-client-fix-nbd_negotiate_simple.patch - > 0044-nbd-client-fix-nbd_negotiate_simple.patch 0046-migration-block-dirty-bitmap-fix-me.patch - > 0045-migration-block-dirty-bitmap-fix-me.patch 0047-nbd-client-Fix-error-messages-durin.patch - > 0046-nbd-client-Fix-error-messages-durin.patch 0048-nbd-client-Relax-handling-of-large-.patch - > 0047-nbd-client-Relax-handling-of-large-.patch 0049-qxl-fix-local-renderer-crash.patch - > 0048-qxl-fix-local-renderer-crash.patch 0050-tcg-Limit-the-number-of-ops-in-a-TB.patch - > 0049-tcg-Limit-the-number-of-ops-in-a-TB.patch 0051-target-arm-Clear-SVE-high-bits-for-.patch - > 0050-target-arm-Clear-SVE-high-bits-for-.patch 0052-cpus-tcg-fix-never-exiting-loop-on-.patch - > 0051-cpus-tcg-fix-never-exiting-loop-on-.patch 0053-s390x-css-disabled-subchannels-cann.patch - > 0052-s390x-css-disabled-subchannels-cann.patch 0054-pc-bios-s390-ccw-struct-tpi_info-mu.patch - > 0053-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0055-virtio-ccw-common-reset-handler.patch - > 0054-virtio-ccw-common-reset-handler.patch 0056-s390x-ccw-make-sure-all-ccw-devices.patch - > 0055-s390x-ccw-make-sure-all-ccw-devices.patch 0057-blockjob-expose-error-string-via-qu.patch - > 0056-blockjob-expose-error-string-via-qu.patch 0058-blockjob-Fix-assertion-in-block_job.patch - > 0057-blockjob-Fix-assertion-in-block_job.patch 0059-qemu-io-Use-purely-string-blockdev-.patch - > 0058-qemu-io-Use-purely-string-blockdev-.patch 0060-qemu-img-Use-only-string-options-in.patch - > 0059-qemu-img-Use-only-string-options-in.patch 0061-nfs-Remove-processed-options-from-Q.patch - > 0060-nfs-Remove-processed-options-from-Q.patch 0062-i386-define-the-ssbd-CPUID-feature-.patch - > 0061-i386-define-the-ssbd-CPUID-feature-.patch 0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch - > 0062-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0064-i386-define-the-AMD-virt-ssbd-CPUID.patch - > 0063-i386-define-the-AMD-virt-ssbd-CPUID.patch 0065-ahci-fix-PxCI-register-race.patch - > 0064-ahci-fix-PxCI-register-race.patch 0066-ccid-card-passthru-fix-regression-i.patch - > 0065-ccid-card-passthru-fix-regression-i.patch 0067-xen-add-block-resize-support-for-xe.patch - > 0066-xen-add-block-resize-support-for-xe.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix build failure of skiboot with gcc8 compiler skiboot-hdata-i2c.c-fix-building-with-gcc8.patch- Tweak build service constraints information to avoid failures- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12 * Patches added: 0067-xen-add-block-resize-support-for-xe.patch- Tweak patch file generation to be more git version agnostic. Also change update_git.sh to not reformat spec file by default.- Looks like the right fix for the AHCI issue has been identified upstream. Turns out to also affect Linux guests as well. (bsc#1094406) * Patches dropped: 0065-Revert-replay-don-t-process-async-e.patch 0066-Revert-replay-avoid-recursive-call-.patch 0067-Revert-replay-check-return-values-o.patch 0068-Revert-replay-push-replay_mutex_loc.patch * Patches added: 0065-ahci-fix-PxCI-register-race.patch - Fix a regresssion introduced in v2.12.0 for ccid-card-passthrough (bsc#1095419) 0066-ccid-card-passthru-fix-regression-i.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix qemu-guest-agent service issue (bsc#1094898)- Spectre v4 vulnerability mitigation support for KVM guests. High level description of vulnerability: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This change permits the new x86 cpu feature flag named "ssbd" to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled, via adding it to the qemu commandline (eg: -cpu ,+spec-ctrl,+ssbd), so the guest OS can take advantage of the feature, spec-ctrl and ssbd support is also required in the host. Another new x86 cpu feature flag named "virt-ssbd" is also added to handle this vulnerability for AMD processors. (CVE-2018-3639 bsc#1092885) 0062-i386-define-the-ssbd-CPUID-feature-.patch 0063-i386-Define-the-Virt-SSBD-MSR-and-h.patch 0064-i386-define-the-AMD-virt-ssbd-CPUID.patch - Replay code introduced an issue for AHCI emulation, where on Windows 10 I/O would stop randomly, and Windows would then reset the AHCI device. The issue is not yet fully identified, but reverting some of those changes is at least for now a workaround. (bsc#1094406) 0065-Revert-replay-don-t-process-async-e.patch 0066-Revert-replay-avoid-recursive-call-.patch 0067-Revert-replay-check-return-values-o.patch 0068-Revert-replay-push-replay_mutex_loc.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Add some upstream fixes targeted for the next stable release 0040-device_tree-Increase-FDT_MAX_SIZE-t.patch 0041-vnc-fix-use-after-free.patch 0042-ccid-Fix-dwProtocols-advertisement-.patch 0043-tcg-arm-Fix-memory-barrier-encoding.patch 0044-s390-ccw-force-diag-308-subcode-to-.patch 0045-nbd-client-fix-nbd_negotiate_simple.patch 0046-migration-block-dirty-bitmap-fix-me.patch 0047-nbd-client-Fix-error-messages-durin.patch 0048-nbd-client-Relax-handling-of-large-.patch 0049-qxl-fix-local-renderer-crash.patch 0050-tcg-Limit-the-number-of-ops-in-a-TB.patch 0051-target-arm-Clear-SVE-high-bits-for-.patch 0052-cpus-tcg-fix-never-exiting-loop-on-.patch 0053-s390x-css-disabled-subchannels-cann.patch 0054-pc-bios-s390-ccw-struct-tpi_info-mu.patch 0055-virtio-ccw-common-reset-handler.patch 0056-s390x-ccw-make-sure-all-ccw-devices.patch 0057-blockjob-expose-error-string-via-qu.patch 0058-blockjob-Fix-assertion-in-block_job.patch 0059-qemu-io-Use-purely-string-blockdev-.patch 0060-qemu-img-Use-only-string-options-in.patch 0061-nfs-Remove-processed-options-from-Q.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix qemu-guest-agent uninstall (bsc#1093169) - Minor tweak to qemu spec file- Update to v2.12.0: See http://wiki.qemu.org/ChangeLog/2.12 Some noteworthy changes: CLI options removed: -tdf, -no-kvm-pit, -drive boot, -net channel, - net dump, -hdachs, -drive,if=scsi HMP commands removed: usb_add, usb_del, host_net_add, host_net_remove Q35 default nic now e1000e AMD SEV support - smbios supports setting data for type 11 tables audio and display support split out as modules - nic for simple creation of guest NIC and host back-end QMP monitor "out-of-band" capability lots of ARM and s390 improvements - Include more of upstream's in-tree tests in the qemu-testsuite package * Patches dropped: 0033-memfd-fix-configure-test.patch 0034-qapi-use-items-values-intead-of-ite.patch 0035-qapi-Use-OrderedDict-from-standard-.patch 0036-qapi-adapt-to-moved-location-of-Str.patch 0037-qapi-Adapt-to-moved-location-of-mak.patch 0038-qapi-remove-q-arg-to-diff-when-comp.patch 0039-qapi-ensure-stable-sort-ordering-wh.patch 0040-qapi-force-a-UTF-8-locale-for-runni.patch 0041-scripts-ensure-signrom-treats-data-.patch 0042-configure-allow-use-of-python-3.patch 0043-input-add-missing-JIS-keys-to-virti.patch 0045-pc-fail-memory-hot-plug-unplug-with.patch 0046-memattrs-add-debug-attribute.patch 0047-exec-add-ram_debug_ops-support.patch 0048-exec-add-debug-version-of-physical-.patch 0049-monitor-i386-use-debug-APIs-when-ac.patch 0050-machine-add-memory-encryption-prope.patch 0051-kvm-update-kvm.h-to-include-memory-.patch 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch 0053-target-i386-add-Secure-Encrypted-Vi.patch 0054-qmp-add-query-sev-command.patch 0055-sev-i386-add-command-to-initialize-.patch 0056-qmp-populate-SevInfo-fields-with-SE.patch 0057-sev-i386-register-the-guest-memory-.patch 0058-kvm-introduce-memory-encryption-API.patch 0059-hmp-add-info-sev-command.patch 0060-sev-i386-add-command-to-create-laun.patch 0061-sev-i386-add-command-to-encrypt-gue.patch 0062-target-i386-encrypt-bios-rom.patch 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch 0064-sev-i386-finalize-the-SEV-guest-lau.patch 0065-hw-i386-set-ram_debug_ops-when-memo.patch 0066-sev-i386-add-debug-encrypt-and-decr.patch 0067-target-i386-clear-C-bit-when-walkin.patch 0068-include-add-psp-sev.h-header-file.patch 0069-sev-i386-add-support-to-query-PLATF.patch 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch 0071-qmp-add-query-sev-launch-measure-co.patch 0072-tests-qmp-test-blacklist-query-sev-.patch 0073-sev-i386-add-migration-blocker.patch 0074-cpu-i386-populate-CPUID-0x8000_001F.patch 0075-migration-warn-about-inconsistent-s.patch 0076-smbios-support-setting-OEM-strings-.patch 0077-smbios-Add-1-terminator-if-any-stri.patch 0078-Remove-problematic-evdev-86-key-fro.patch 0079-tpm-lookup-cancel-path-under-tpm-de.patch 0080-vga-fix-region-calculation.patch skiboot-GCC7-fixes-for-Wimplicit-fallthr.patch skiboot-libc-stdio-vsnprintf.c-add-expli.patch skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch ui-keycodemapdb-Add-missing-QKeyCode-val.patch ui-keycodemapdb-Fix-compat-with-py3-dict.patch * Patches renamed: 0044-Make-installed-scripts-explicitly-p.patch - > 0033-Make-installed-scripts-explicitly-p.patch 0075-migration-warn-about-inconsistent-s.patch - > 0034-migration-warn-about-inconsistent-s.patch 0077-smbios-Add-1-terminator-if-any-stri.patch - > 0035-smbios-Add-1-terminator-if-any-stri.patch 0078-Remove-problematic-evdev-86-key-fro.patch - > 0036-Remove-problematic-evdev-86-key-fro.patch * Patches added: 0037-configure-Modify-python-used-for-io.patch 0038-qemu-io-tests-comment-out-problemat.patch 0039-tests-test-thread-pool-is-racy-add-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.12- Fix autoinstall of qemu-guest-agent by getting the modalias string right (bsc#1091143)- Guard strncpy call with GCC pragma to disable warning about possible incorrect usage, when in fact it is correct. This is for gcc 8 compatibility (bsc#1090355) ipxe-efi-guard-strncpy-with-gcc-warning-ignore-pragma.patch- Add WantedBy for enable qemu-ga@.service auto start (bsc#1090369)- fix qemu-ga service file name (bsc#1089067)- Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604) 0080-vga-fix-region-calculation.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Add new look up path "sys/class/tpm" for tpm cancel path based on Linux 4.0 change (commit 313d21eeab9282e)(bsc#1070615) 0079-tpm-lookup-cancel-path-under-tpm-de.patch- Fix issue with key codes in qemu v2.11 0078-Remove-problematic-evdev-86-key-fro.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 * Patches added: 0077-smbios-Add-1-terminator-if-any-stri.patch bsc#994082 and bsc#1084316- Add support for setting OEM strings table (fate#323624) 0076-smbios-support-setting-OEM-strings-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- SLE15 KVM (as targeted for RC1) now has the feature exposed. Drop the patch. (bsc#1082276) 0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Change example qemu-ifup script to not depend on bridge-utils. Also update the paths used for ip binary.- Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor.- Update to v2.11.1, a stable, (mostly) bug-fix-only release In addition to bug fixes, of necessity fixes are needed to address the Spectre v2 vulnerability by passing along to the guest new hardware features introduced by host microcode updates. A January 2018 release of qemu initially addressed this issue by exposing the feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on the upstream solution. This update instead defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) s390x guest vulnerability to Spectre v2 is also addressed in this update by including support for bpb and ppa/stfle.81 features. (CVE-2017-5715 bsc#1068032) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ - Unfortunately, it was found that our current KVM isn't correctly indicating support for the spec-ctrl feature, so I've added a patch to still detect that support within QEMU. This is of course a temporary kludge until KVM gets fixed. (bsc#1082276) - The SEV support patches are updated to the v9 series. - Fix incompatibility with recent glibc (boo#1081154) - Add Supplements tags for the guest agent package in an attempt to auto-install for QEMU and Xen SUSE Linux guests (fate#323570) * Patches dropped (subsumed by stable update, or reworked in v9): 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch 0050-target-i386-add-memory-encryption-f.patch 0054-accel-add-Secure-Encrypted-Virtuliz.patch 0072-sev-Fix-build-for-non-x86-hosts.patch * Patches added: 0033-memfd-fix-configure-test.patch 0053-target-i386-add-Secure-Encrypted-Vi.patch 0056-qmp-populate-SevInfo-fields-with-SE.patch 0072-tests-qmp-test-blacklist-query-sev-.patch 0073-sev-i386-add-migration-blocker.patch 0074-cpu-i386-populate-CPUID-0x8000_001F.patch 0075-migration-warn-about-inconsistent-s.patch 0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch * Patches renamed (plus some minor code changes): 0051-machine-add-memory-encryption-prope.patch - > 0050-machine-add-memory-encryption-prope.patch 0052-kvm-update-kvm.h-to-include-memory-.patch - > 0051-kvm-update-kvm.h-to-include-memory-.patch 0053-docs-add-AMD-Secure-Encrypted-Virtu.patch - > 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch 0055-sev-add-command-to-initialize-the-m.patch - > 0055-sev-i386-add-command-to-initialize-.patch 0056-sev-register-the-guest-memory-range.patch - > 0057-sev-i386-register-the-guest-memory-.patch 0057-kvm-introduce-memory-encryption-API.patch - > 0058-kvm-introduce-memory-encryption-API.patch 0058-qmp-add-query-sev-command.patch - > 0054-qmp-add-query-sev-command.patch 0060-sev-add-command-to-create-launch-me.patch - > 0060-sev-i386-add-command-to-create-laun.patch 0061-sev-add-command-to-encrypt-guest-me.patch - > 0061-sev-i386-add-command-to-encrypt-gue.patch 0063-sev-add-support-to-LAUNCH_MEASURE-c.patch - > 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch 0064-sev-Finalize-the-SEV-guest-launch-f.patch - > 0064-sev-i386-finalize-the-SEV-guest-lau.patch 0066-sev-add-debug-encrypt-and-decrypt-c.patch - > 0066-sev-i386-add-debug-encrypt-and-decr.patch 0069-sev-add-support-to-query-PLATFORM_S.patch - > 0069-sev-i386-add-support-to-query-PLATF.patch 0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch - > 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Add AMD SEV (Secure Encrypted Virtualization) support by taking the v7 series of the patches posted to qemu ml. (fate#322124) 0046-memattrs-add-debug-attribute.patch 0047-exec-add-ram_debug_ops-support.patch 0048-exec-add-debug-version-of-physical-.patch 0049-monitor-i386-use-debug-APIs-when-ac.patch 0050-target-i386-add-memory-encryption-f.patch 0051-machine-add-memory-encryption-prope.patch 0052-kvm-update-kvm.h-to-include-memory-.patch 0053-docs-add-AMD-Secure-Encrypted-Virtu.patch 0054-accel-add-Secure-Encrypted-Virtuliz.patch 0055-sev-add-command-to-initialize-the-m.patch 0056-sev-register-the-guest-memory-range.patch 0057-kvm-introduce-memory-encryption-API.patch 0058-qmp-add-query-sev-command.patch 0059-hmp-add-info-sev-command.patch 0060-sev-add-command-to-create-launch-me.patch 0061-sev-add-command-to-encrypt-guest-me.patch 0062-target-i386-encrypt-bios-rom.patch 0063-sev-add-support-to-LAUNCH_MEASURE-c.patch 0064-sev-Finalize-the-SEV-guest-launch-f.patch 0065-hw-i386-set-ram_debug_ops-when-memo.patch 0066-sev-add-debug-encrypt-and-decrypt-c.patch 0067-target-i386-clear-C-bit-when-walkin.patch 0068-include-add-psp-sev.h-header-file.patch 0069-sev-add-support-to-query-PLATFORM_S.patch 0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch 0071-qmp-add-query-sev-launch-measure-co.patch 0072-sev-Fix-build-for-non-x86-hosts.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Update python3 related patches now that they are upstream- guest agent: change service file to a template so it can be used by Xen as well. Adjust udev rule accordingly. FATE#324963- Fix machine inconsistency with -no-acpi and nvdimm (bsc#1077823) 0045-pc-fail-memory-hot-plug-unplug-with.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Modify BuildRequires python references - seabios also needed tweaks for python2 vs python3 * Patches added: seabios-use-python2-explicitly-as-needed.patch seabios-switch-to-python3-as-needed.patch- Try to get our story right wrt python2 vs python3 (bsc#1077564) * Get rid of use of #!/usr/bin/env python in scripts we install * include proposed upstream build system changes needed for building with python2 or python3 * Patches dropped: 0032-scripts-avoid-usr-bin-python-refere.patch * Patches renamed: 0033-Switch-order-of-libraries-for-mpath.patch - > 0032-Switch-order-of-libraries-for-mpath.patch 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch - > 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch * Patches added: 0034-qapi-use-items-values-intead-of-ite.patch 0035-qapi-Use-OrderedDict-from-standard-.patch 0036-qapi-adapt-to-moved-location-of-Str.patch 0037-qapi-Adapt-to-moved-location-of-mak.patch 0038-qapi-remove-q-arg-to-diff-when-comp.patch 0039-qapi-ensure-stable-sort-ordering-wh.patch 0040-qapi-force-a-UTF-8-locale-for-runni.patch 0041-scripts-ensure-signrom-treats-data-.patch 0042-configure-allow-use-of-python-3.patch 0043-input-add-missing-JIS-keys-to-virti.patch 0044-Make-installed-scripts-explicitly-p.patch Make-installed-scripts-explicitly-python3.patch ui-keycodemapdb-Add-missing-QKeyCode-val.patch ui-keycodemapdb-Fix-compat-with-py3-dict.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Fix packaging dependencies (coreutils) for qemu-ksm package (bsc#1040202)- Pass through to guest info related to x86 security vulnerability (CVE-2017-5715 bsc#1068032) 0034-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Update to v2.11.0: See http://wiki.qemu.org/ChangeLog/2.11 Some noteworthy changes: - nodefconfig is now deprecated legacy pci-assignment code removed qemu-pr-helper added for handling guest persistant reservations (bsc#891066, bsc#910704, bsc#943807) qemu-keymap tool added for generating keymap files throttle block filter driver added support for a TPM emulator qcow2 image shrink support better support for >=64 vcpus for Windows guests nested KVM related improvements s390 pgste handling now done better EPYC cpu model added (bsc#1052825) improvements in qcow2 buffer handling vhost-user resume issue fixed migration hardening ARMv8-M security extension support more seccomp/sandboxing options available s390 cpu hot-plug improvements misc. virtfs improvements nbd improvements MTTCG improvements misc. TCG improvements scsi correctness improvements SEABIOS now has serial output option * Includes fixes for CVE-2017-15118 bsc#1070147, CVE-2017-15119 bsc#1070144 * Adds KASLR support (fate#323473, bsc#1070281) * Update SLE support docs to match this release * simplify spec file to expect at least sle_version >= 1315 * Patches dropped (upstream): 0013-console-add-question-mark-escape-op.patch 0020-configure-Fix-detection-of-seccomp-.patch 0034-target-i386-cpu-Add-new-EPYC-CPU-mo.patch 0035-chardev-baum-fix-baum-that-releases.patch 0036-io-fix-temp-directory-used-by-test-.patch 0037-io-fix-check-for-handshake-completi.patch 0038-crypto-fix-test-cert-generation-to-.patch 0039-vhost-user-disable-the-broken-subpr.patch 0040-io-monitor-encoutput-buffer-size-fr.patch 0041-cirrus-fix-oob-access-in-mode4and5-.patch 0042-9pfs-use-g_malloc0-to-allocate-spac.patch * Patches renamed: 0014-Make-char-muxer-more-robust-wrt-sma.patch - > 0013-Make-char-muxer-more-robust-wrt-sma.patch 0015-linux-user-lseek-explicitly-cast-no.patch - > 0014-linux-user-lseek-explicitly-cast-no.patch 0016-AIO-Reduce-number-of-threads-for-32.patch - > 0015-AIO-Reduce-number-of-threads-for-32.patch 0017-xen_disk-Add-suse-specific-flush-di.patch - > 0016-xen_disk-Add-suse-specific-flush-di.patch 0018-qemu-bridge-helper-reduce-security-.patch - > 0017-qemu-bridge-helper-reduce-security-.patch 0019-qemu-binfmt-conf-use-qemu-ARCH-binf.patch - > 0018-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0021-linux-user-properly-test-for-infini.patch - > 0019-linux-user-properly-test-for-infini.patch 0022-roms-Makefile-pass-a-packaging-time.patch - > 0020-roms-Makefile-pass-a-packaging-time.patch 0023-Raise-soft-address-space-limit-to-h.patch - > 0021-Raise-soft-address-space-limit-to-h.patch 0024-increase-x86_64-physical-bits-to-42.patch - > 0022-increase-x86_64-physical-bits-to-42.patch 0025-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch - > 0023-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0026-i8254-Fix-migration-from-SLE11-SP2.patch - > 0024-i8254-Fix-migration-from-SLE11-SP2.patch 0027-acpi_piix4-Fix-migration-from-SLE11.patch - > 0025-acpi_piix4-Fix-migration-from-SLE11.patch 0028-Fix-tigervnc-long-press-issue.patch - > 0026-Fix-tigervnc-long-press-issue.patch 0029-string-input-visitor-Fix-uint64-par.patch - > 0027-string-input-visitor-Fix-uint64-par.patch 0030-test-string-input-visitor-Add-int-t.patch - > 0028-test-string-input-visitor-Add-int-t.patch 0031-test-string-input-visitor-Add-uint6.patch - > 0029-test-string-input-visitor-Add-uint6.patch 0032-tests-Add-QOM-property-unit-tests.patch - > 0030-tests-Add-QOM-property-unit-tests.patch 0033-tests-Add-scsi-disk-test.patch - > 0031-tests-Add-scsi-disk-test.patch 0043-scripts-avoid-usr-bin-python-refere.patch - > 0032-scripts-avoid-usr-bin-python-refere.patch * We need the multipath libraries link order switched 0033-Switch-order-of-libraries-for-mpath.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11- Avoid ref to /usr/bin/python in vmstate-static-checker.py script 0043-scripts-avoid-usr-bin-python-refere.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- For SLE15, it's been decided to stop providing SDL based graphics due to packaging constraints. Long ago GTK became the default, and there is little benefit to providing both. For now, keep it enabled for openSUSE (Tumblweed and Leap), but consider it marked deprecated there and if no one complains it will be removed for openSUSE as well in the near future. (fate#324465) - Fix problem building skiboot.lid skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch- Wrap analyze-migration and vmstate-static-checker into tools from qemu scripts folder, also changed introduction of qemu-tools in spec file - Move supportplugin position in spec file- Add announcement in support docs about qed storage format no longer being supported in next major SLE release (SLE15) (fate#324200) - Address various security/stability issues * Fix DoS in I/O channel websockets (CVE-2017-15268 bsc#1062942) 0040-io-monitor-encoutput-buffer-size-fr.patch * Fix OOB access in cirrus vga device emulation (CVE-2017-15289 bsc#1063122) 0041-cirrus-fix-oob-access-in-mode4and5-.patch * Fix information leak in 9pfs interface (CVE-2017-15038 bsc#1062069) 0042-9pfs-use-g_malloc0-to-allocate-spac.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Don't tie glusterfs support to specific arch - Build skiboot firmware (OPAL), particularly since it's fairly easy to do so skiboot-GCC7-fixes-for-Wimplicit-fallthr.patch skiboot-libc-stdio-vsnprintf.c-add-expli.patch- Added the global macro 'with_glusterfs' in order to re-enable glusterfs support. The macro enable easier future adjustments for various ARCH/targets/requiremnets. At first glusterfs support is enabled for openSUSE Leap 42.x and Factory for ARCH x86_64.- Add dependencies on ovmf (uefi) for the qemu-x86 and qemu-arm packages - Fix s390-netboot.img to be included with qemu-s390 package, not qemu-ppc- Update to v2.10.1, a stable, bug-fix-only release * fixes bsc#1056386 CVE-2017-13673, bsc#1056334 CVE-2017-13672, bsc#1057585 CVE-2017-14167 * Patches dropped (upstream): 0034-slirp-fix-clearing-ifq_so-from-pend.patch 0035-s390-ccw-Fix-alignment-for-CCW1.patch 0038-s390x-ais-for-2.10-stable-disable-a.patch 0039-s390x-cpumodel-remove-ais-from-z14-.patch * Patches renamed: 0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch - > 0034-target-i386-cpu-Add-new-EPYC-CPU-mo.patch 0037-chardev-baum-fix-baum-that-releases.patch - > 0035-chardev-baum-fix-baum-that-releases.patch 0040-io-fix-temp-directory-used-by-test-.patch - > 0036-io-fix-temp-directory-used-by-test-.patch 0041-io-fix-check-for-handshake-completi.patch - > 0037-io-fix-check-for-handshake-completi.patch 0042-crypto-fix-test-cert-generation-to-.patch - > 0038-crypto-fix-test-cert-generation-to-.patch 0043-vhost-user-disable-the-broken-subpr.patch - > 0039-vhost-user-disable-the-broken-subpr.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix failures and potential failures in qemu-testsuite 0040-io-fix-temp-directory-used-by-test-.patch 0041-io-fix-check-for-handshake-completi.patch 0042-crypto-fix-test-cert-generation-to-.patch 0043-vhost-user-disable-the-broken-subpr.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix migration issue on s390 0038-s390x-ais-for-2.10-stable-disable-a.patch 0039-s390x-cpumodel-remove-ais-from-z14-.patch - Fix case of not being able to build from rpm sources due to undefined macro (boo#1057966) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix baum that release brlapi twice (bsc#1060045) 0037-chardev-baum-fix-baum-that-releases.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- For SLE15 pre-release testing, add support for the EPYC processor. This will be officially supported once it is included in the v2.11 release. (bsc#1052825) 0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch - Fix some support statements in our SLE support documents.- Update BuildRequires packages libibverbs-devel and librdmacm-devel to the more correct rdma-core-devel - Enable seccomp for s390x, aarch64, and ppc64le - Fix OOB issue (use after free) in slirp network stack (CVE-2017-13711 bsc#1056291) 0034-slirp-fix-clearing-ifq_so-from-pend.patch - Fix a misalignment in the s390 ccw firmware (bsc#1056680) 0035-s390-ccw-Fix-alignment-for-CCW1.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Add a supportconfig plugin qemu-supportconfig FATE#323661- Update to v2.10.0: See http://wiki.qemu.org/ChangeLog/2.10 - Dropped internal only patches used to support SUSE Studio Testdrive as well as other miscellaneous patches deemed unused and not worth carrying (bsc#1046783, bsc#1055125, bsc#1055127) - Update SLE support statements in anticipation of SLE15 - disable SAN boot capability from virtio pxe rom used in v1.4 and older pc machine types due to rom size requirements. Hopefully a better solution can be found which doesn't impact functionality * Patches added: ipxe-stub-out-the-SAN-req-s-in-int13.patch * Patches renamed: 0006-qemu-cvs-gettimeofday.patch -> 0003-qemu-cvs-gettimeofday.patch 0007-qemu-cvs-ioctl_debug.patch -> 0004-qemu-cvs-ioctl_debug.patch 0008-qemu-cvs-ioctl_nodirection.patch -> 0005-qemu-cvs-ioctl_nodirection.patch 0009-linux-user-add-binfmt-wrapper-for-a.patch -> 0006-linux-user-add-binfmt-wrapper-for-a.patch 0010-PPC-KVM-Disable-mmu-notifier-check.patch -> 0007-PPC-KVM-Disable-mmu-notifier-check.patch 0011-linux-user-fix-segfault-deadlock.patch -> 0008-linux-user-fix-segfault-deadlock.patch 0012-linux-user-binfmt-support-host-bina.patch -> 0009-linux-user-binfmt-support-host-bina.patch 0013-linux-user-Fake-proc-cpuinfo.patch -> 0010-linux-user-Fake-proc-cpuinfo.patch 0014-linux-user-XXX-disable-fiemap.patch -> 0011-linux-user-XXX-disable-fiemap.patch 0017-linux-user-use-target_ulong.patch -> 0012-linux-user-use-target_ulong.patch 0021-console-add-question-mark-escape-op.patch -> 0013-console-add-question-mark-escape-op.patch 0022-Make-char-muxer-more-robust-wrt-sma.patch -> 0014-Make-char-muxer-more-robust-wrt-sma.patch 0023-linux-user-lseek-explicitly-cast-no.patch -> 0015-linux-user-lseek-explicitly-cast-no.patch 0025-AIO-Reduce-number-of-threads-for-32.patch -> 0016-AIO-Reduce-number-of-threads-for-32.patch 0027-xen_disk-Add-suse-specific-flush-di.patch -> 0017-xen_disk-Add-suse-specific-flush-di.patch 0028-qemu-bridge-helper-reduce-security-.patch -> 0018-qemu-bridge-helper-reduce-security-.patch 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0019-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0030-configure-Fix-detection-of-seccomp-.patch -> 0020-configure-Fix-detection-of-seccomp-.patch 0031-linux-user-properly-test-for-infini.patch -> 0020-linux-user-properly-test-for-infini.patch 0033-roms-Makefile-pass-a-packaging-time.patch -> 0022-roms-Makefile-pass-a-packaging-time.patch 0034-Raise-soft-address-space-limit-to-h.patch -> 0023-Raise-soft-address-space-limit-to-h.patch 0035-increase-x86_64-physical-bits-to-42.patch -> 0024-increase-x86_64-physical-bits-to-42.patch 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0025-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0037-i8254-Fix-migration-from-SLE11-SP2.patch -> 0026-i8254-Fix-migration-from-SLE11-SP2.patch 0038-acpi_piix4-Fix-migration-from-SLE11.patch -> 0027-acpi_piix4-Fix-migration-from-SLE11.patch 0039-Fix-tigervnc-long-press-issue.patch -> 0028-Fix-tigervnc-long-press-issue.patch 0041-string-input-visitor-Fix-uint64-par.patch -> 0029-string-input-visitor-Fix-uint64-par.patch 0042-test-string-input-visitor-Add-int-t.patch -> 0030-test-string-input-visitor-Add-int-t.patch 0043-test-string-input-visitor-Add-uint6.patch -> 0031-test-string-input-visitor-Add-uint6.patch 0044-tests-Add-QOM-property-unit-tests.patch -> 0032-tests-Add-QOM-property-unit-tests.patch 0045-tests-Add-scsi-disk-test.patch -> 0033-tests-Add-scsi-disk-test.patch * Patches dropped (upstream unless otherwise noted): 0003-qemu-cvs-alsa_bitfield.patch (deemed not needed) 0004-qemu-cvs-alsa_ioctl.patch (deemed not needed) 0005-qemu-cvs-alsa_mmap.patch (deemed not needed) 0015-slirp-nooutgoing.patch (bsc#1055125) 0016-vnc-password-file-and-incoming-conn.patch (bsc#1055127) 0018-block-Add-support-for-DictZip-enabl.patch (bsc#1046783) 0019-block-Add-tar-container-format.patch (bsc#1046783) 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch (bsc#1046783) 0024-configure-Enable-PIE-for-ppc-and-pp.patch (obsolete) 0026-dictzip-Fix-on-big-endian-systems.patch (bsc#1046783) 0032-linux-user-remove-all-traces-of-qem.patch 0040-fix-xen-hvm-direct-kernel-boot.patch (bsc#970791) 0046-RFC-update-Linux-headers-from-irqs-.patch 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch 0048-input-Add-trace-event-for-empty-key.patch 0049-ACPI-don-t-call-acpi_pcihp_device_p.patch 0050-i386-Allow-cpuid-bit-override.patch (was for testing only) 0051-input-limit-kbd-queue-depth.patch 0052-audio-release-capture-buffers.patch 0053-scsi-avoid-an-off-by-one-error-in-m.patch 0054-vmw_pvscsi-check-message-ring-page-.patch 0055-9pfs-local-forbid-client-access-to-.patch 0056-jazz_led-fix-bad-snprintf.patch 0057-slirp-smb-Replace-constant-strings-.patch 0058-altera_timer-fix-incorrect-memset.patch 0059-Hacks-for-building-on-gcc-7-Fedora-.patch 0060-9pfs-local-fix-unlink-of-alien-file.patch 0061-megasas-do-not-read-DCMD-opcode-mor.patch 0062-megasas-always-store-SCSIRequest-in.patch 0063-nbd-Fully-initialize-client-in-case.patch 0064-9pfs-local-remove-use-correct-path-.patch 0065-hid-Reset-kbd-modifiers-on-reset.patch 0066-input-Decrement-queue-count-on-kbd-.patch 0067-xhci-only-update-dequeue-ptr-on-com.patch 0068-vnc-Set-default-kbd-delay-to-10ms.patch 0069-qemu-nbd-Ignore-SIGPIPE.patch 0070-usb-redir-fix-stack-overflow-in-usb.patch 0072-slirp-check-len-against-dhcp-option.patch 0071-exec-use-qemu_ram_ptr_length-to-acc.patch 0073-xen-mapcache-store-dma-information-.patch 0074-exec-Add-lock-parameter-to-qemu_ram.patch 0075-Replace-struct-ucontext-with-uconte.patch ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch ipxe-ath-Add-missing-break-statements.patch ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10- Fix package build failure as of glibc v2.26 update in Factory (boo#1055587) 0075-Replace-struct-ucontext-with-uconte.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Remove redundant prerequire for pwdutils- Postrequire acl for setfacl- Prerequire shadow for groupadd- The recent security fix for CVE-2017-11334 adversely affects Xen. Include two additional patches to make sure Xen is going to be OK. 0073-xen-mapcache-store-dma-information-.patch 0074-exec-Add-lock-parameter-to-qemu_ram.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Pre-add group kvm for qemu-tools (bsc#1011144)- Fixed a few more inaccuracies in the support docs.- Address various security/stability issues * Fix DOS vulnerability in qemu-nbd (bsc#1046636 CVE-2017-10664) 0069-qemu-nbd-Ignore-SIGPIPE.patch * Fix DOS from stack overflow in debug messages of usb redirection support (bsc#1047674 CVE-2017-10806) 0070-usb-redir-fix-stack-overflow-in-usb.patch * Fix OOB access during DMA operation (CVE-2017-11334 bsc#1048902) 0071-exec-use-qemu_ram_ptr_length-to-acc.patch * Fix OOB access parsing dhcp slirp options (CVE-2017-11434 bsc#1049381) 0072-slirp-check-len-against-dhcp-option.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12 SP3. Apply a few additional clarifications in the support docs. (bsc#1050268) - Adjust to libvdeplug-devel package naming changes.- Fix migration with xhci (bsc#1048296) 0067-xhci-only-update-dequeue-ptr-on-com.patch - Increase VNC delay to fix missing keyboard input events (bsc#1031692) 0068-vnc-Set-default-kbd-delay-to-10ms.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Remove build dependency package iasl used for seabios- Fixed stuck state during usb keyboard reset (bsc#1044936) 0065-hid-Reset-kbd-modifiers-on-reset.patch - Fixed keyboard events getting lost (bsc#1044936) 0066-input-Decrement-queue-count-on-kbd-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Use most recent compiler to build size-critical firmware, instead of hard-coding gcc6 for all target versions (bsc#1043390) * A few upstream ipxe patches were needed for gcc7 compatibility: ipxe-ath-Add-missing-break-statements.patch ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch - Add --no-renames to the git format-patch command in the git workflow script for better patch compatibility - Address various security/stability issues * Fix potential privilege escalation in virtfs (CVE-2016-9602 bsc#1020427) 0060-9pfs-local-fix-unlink-of-alien-file.patch * Fix DOS in megasas device emulation (CVE-2017-9503 bsc#1043296) 0061-megasas-do-not-read-DCMD-opcode-mor.patch 0062-megasas-always-store-SCSIRequest-in.patch * Fix DOS in qemu-nbd server (CVE-2017-9524 bsc#1043808) 0063-nbd-Fully-initialize-client-in-case.patch * Fix regression introduced by recent virtfs security fixes (bsc#1045035) 0064-9pfs-local-remove-use-correct-path-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Backport ipxe to support FirstBurstLength (bsc#1040476) ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch- Fixes for gcc7 compatability (bsc#1040228) (in behalf of Liang Yan) 0056-jazz_led-fix-bad-snprintf.patch 0057-slirp-smb-Replace-constant-strings-.patch 0058-altera_timer-fix-incorrect-memset.patch 0059-Hacks-for-building-on-gcc-7-Fedora-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Protect access to metadata in virtio-9pfs (CVE-2017-7493 bsc#1039495) 0055-9pfs-local-forbid-client-access-to-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Address various security/stability issues * Fix DOS potential in vnc interface (CVE-2017-8379 bsc#1037334) 0051-input-limit-kbd-queue-depth.patch * Fix DOS potential in vnc interface (CVE-2017-8309 bsc#1037242) 0052-audio-release-capture-buffers.patch * Fix OOB access in megasas device emulation (CVE-2017-8380 bsc#1037336) 0053-scsi-avoid-an-off-by-one-error-in-m.patch * Fix DOS in Vmware pv scsi emulation (CVE-2017-8112 bsc#1036211) 0054-vmw_pvscsi-check-message-ring-page-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Fix building packages for some older distros. - Further refine our handling of building firmware (or not) for the various arch's and distro versions we build for. Note that if we don't build x86 firmware, (eg: x86 Leap 42.1) the upstream binary blobs are used, which may have migration incompatibilities with previous versions of qemu provided.- Fix issue in shipping qemu v2.9.0, where pci-passthrough for Xen HVM guests got broken (bsc#1034131) 0049-ACPI-don-t-call-acpi_pcihp_device_p.patch - Include experimental, unsupported feature to assist in some performance analysis work. 0050-i386-Allow-cpuid-bit-override.patch- Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9 * Includes fix for CVE-2017-7471, a virtfs security issue. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Add empty keyboard queue tracepoint to help openQA testing work better (bsc#1031692) 0048-input-Add-trace-event-for-empty-key.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9 - Enable ceph/rbd support for s390x (bsc#1030068) - Enable ceph/rbd support for ppc* as available - Update ARM in-kernel-timers patch (bsc#1033416) * Patches renamed: 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch 0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch 0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch 0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch 0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch 0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch * Patches added (support patch): 0046-RFC-update-Linux-headers-from-irqs-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (included in upstream source archive): 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Added additional documentation provided with v2.9.0 - Fix build failure with gcc7 (bsc#1031340) ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch - Made miscellaneous spec file refinements- The support documents included are now fairly accurate for the arm and s390 world, and the x86 version also received a few tweaks. Also included in those docs is a url reference to upstream qemu deprecation plans and discussions. (fate#321146) - Add post v2.9.0-rc2 upstream patches which fix -cpu host and -cpu max feature overrides for libvirt compatability. 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9 * Includes fix for in guest privilege escalation when using TCG (bsc#1030624) * Patches dropped (equivalent included in upstream source archive): 0047-linux-user-exclude-cpu-model-code-w.patch - Fix failure booting SLE12-SP2 Aarch64 guest (bsc#1031384) 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (no longer needed based on what we now build for): 0024-virtfs-proxy-helper-Provide-__u64-f.patch * Patches dropped (included in upstream source archive): 0034-dma-rc4030-limit-interval-timer-rel.patch * Patches renamed: 0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch 0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch 0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch 0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch 0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch 0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch 0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch 0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch 0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch 0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch 0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch 0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch 0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch 0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch 0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch 0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch 0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch 0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch 0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9 * Updated version carries fixes for the following reported issues: CVE-2016-9602 bsc#1020427, CVE-2016-9923 bsc#1014703, CVE-2017-2630 bsc#1025396, CVE-2017-2633 bsc#1026612, CVE-2017-5579 bsc#1021741, CVE-2017-5931 bsc#1024114, CVE-2017-5973 bsc#1025109, CVE-2017-5987 bsc#1025311, CVE-2017-6058 bsc#1025837, CVE-2017-6505 bsc#1028184 * Patches dropped: seabios_128kb.patch (no longer required) * Patches dropped (included in upstream source archive): 0035-net-imx-limit-buffer-descriptor-cou.patch 0045-virtio-gpu-call-cleanup-mapping-fun.patch 0051-virtio-gpu-fix-information-leak-in-.patch 0052-display-cirrus-ignore-source-pitch-.patch 0053-s390x-kvm-fix-small-race-reboot-vs..patch 0054-target-s390x-use-qemu-cpu-model-in-.patch 0056-tests-check-path-to-avoid-a-failing.patch 0057-display-virtio-gpu-3d-check-virgl-c.patch 0058-watchdog-6300esb-add-exit-function.patch 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch 0060-virtio-gpu-fix-memory-leak-in-resou.patch 0061-virtio-fix-vq-inuse-recalc-after-mi.patch 0062-audio-es1370-add-exit-function.patch 0063-audio-ac97-add-exit-function.patch 0064-megasas-fix-guest-triggered-memory-.patch 0065-cirrus-handle-negative-pitch-in-cir.patch 0066-cirrus-fix-blit-address-mask-handli.patch 0067-cirrus-fix-oob-access-issue-CVE-201.patch 0068-usb-ccid-check-ccid-apdu-length.patch 0069-sd-sdhci-check-data-length-during-d.patch 0070-virtio-gpu-fix-resource-leak-in-vir.patch 0071-cirrus-fix-patterncopy-checks.patch 0072-cirrus-add-blit_is_unsafe-call-to-c.patch * Patches renamed: 0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch 0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch 0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch 0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch 0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch 0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch 0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch 0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch 0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch 0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch 0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch 0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9- Buildignore for the global gcc-PIE, as this package enables PIE on its own and has troubles if all use it. (meissner@suse.com)- Address various security/stability issues * Fix OOB access in virito-gpu-3d (CVE-2016-10028 bsc#1017084 bsc#1016503) 0057-display-virtio-gpu-3d-check-virgl-c.patch * Fix DOS in Intel 6300ESB device emulation (CVE-2016-10155 bsc#1021129) 0058-watchdog-6300esb-add-exit-function.patch * Fix DOS in virtio-gpu-3d (CVE-2017-5552 bsc#1021195) 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch * Fix DOS in virtio-gpu (CVE-2017-5578 bsc#1021481) 0060-virtio-gpu-fix-memory-leak-in-resou.patch * Fix cause of infrequent migration failures from bad virtio device state. (bsc#1020928) 0061-virtio-fix-vq-inuse-recalc-after-mi.patch * Fix DOS in es1370 emulated audio device (CVE-2017-5526 bsc#1020589) 0062-audio-es1370-add-exit-function.patch * Fix DOS in ac97 emulated audio device (CVE-2017-5525 bsc#1020491) 0063-audio-ac97-add-exit-function.patch * Fix DOS in megasas device emulation (CVE-2017-5856 bsc#1023053) 0064-megasas-fix-guest-triggered-memory-.patch * Fix various inaccuracies in cirrus vga device emulation 0065-cirrus-handle-negative-pitch-in-cir.patch 0066-cirrus-fix-blit-address-mask-handli.patch * Fix OOB access in cirrus vga emulation (CVE-2017-2615 bsc#1023004) 0067-cirrus-fix-oob-access-issue-CVE-201.patch * Fix DOS in usb CCID card device emulator (CVE-2017-5898 bsc#1023907) 0068-usb-ccid-check-ccid-apdu-length.patch * Fix OOB access in SDHCI device emulation (CVE-2017-5667 bsc#1022541) 0069-sd-sdhci-check-data-length-during-d.patch * Fix DOS in virtio-gpu-3d (CVE-2017-5857 bsc#1023073) 0070-virtio-gpu-fix-resource-leak-in-vir.patch * Fix cirrus patterncopy checks 0071-cirrus-fix-patterncopy-checks.patch * Fix OOB access in cirrus vga emulation (CVE-2017-2620 bsc#1024972) 0072-cirrus-add-blit_is_unsafe-call-to-c.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8- Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583)- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Check that sysfs path exists before running test which requires it. This allows qemu-testsuite to succeed in local build service chroot based package build. 0056-tests-check-path-to-avoid-a-failing.patch- Factory and SLE12-SP3 got a name change in the dtc devel package: libfdt1-devel -> libfdt-devel. Adjust our spec file accordingly.- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Patches added: 0055-linux-user-exclude-cpu-model-code-w.patch- Make sure qemu guest agent is usable as soon as qemu-guest-agent package is installed. The previous post script was still not doing the job. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Fix potential hang/crash rebooting s390x guest 0053-s390x-kvm-fix-small-race-reboot-vs..patch * Fix s390x linux-user failure since v2.8.0 update 0054-target-s390x-use-qemu-cpu-model-in-.patch- Merge qemu packages from openSUSE and SUSE SLE releases together for the v2.8 qemu update. The qemu.changes file is the openSUSE version with this entry providing CVE, FATE, and bugzilla references from the SUSE SLE qemu package to date (see below) - Updated to v2.8.0: See http://wiki.qemu-project.org/ChangeLog/2.8 * For SUSE SLE-12-SP3, update relates to fate#319684, fate#321331, fate#321335, fate#321339, fate#321349, fate#321857 * For best compatibility, qemu-ifup and kvm_stat scripts now owned by qemu package * Build ipxe roms with gcc6 to maintain SLE legacy migration compatibility requirements * qmp-commands.txt file removed, to resurface in future doc reorganization * qemu-tech.html file merged into other existing doc * trace-events renamed to trace-events-all - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.8 * Patches dropped (upstream): 0013-linux-user-lock-tcg.patch 0014-linux-user-Run-multi-threaded-code-.patch 0015-linux-user-lock-tb-flushing-too.patch 0017-linux-user-implement-FS_IOC_GETFLAG.patch 0018-linux-user-implement-FS_IOC_SETFLAG.patch 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch 0041-vmsvga-correct-bitmap-and-pixmap-si.patch 0042-scsi-mptconfig-fix-an-assert-expres.patch 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch 0046-scsi-mptsas-use-g_new0-to-allocate-.patch 0047-scsi-pvscsi-limit-process-IO-loop-t.patch 0048-virtio-add-check-for-descriptor-s-m.patch 0049-net-mcf-limit-buffer-descriptor-cou.patch 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch 0051-xhci-limit-the-number-of-link-trbs-.patch 0052-9pfs-allocate-space-for-guest-origi.patch 0053-9pfs-fix-memory-leak-in-v9fs_link.patch 0054-9pfs-fix-potential-host-memory-leak.patch 0055-9pfs-fix-information-leak-in-xattr-.patch 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch 0057-9pfs-fix-memory-leak-in-v9fs_write.patch 0058-char-serial-check-divider-value-aga.patch 0059-net-pcnet-check-rx-tx-descriptor-ri.patch 0060-net-eepro100-fix-memory-leak-in-dev.patch 0061-net-rocker-set-limit-to-DMA-buffer-.patch 0062-net-vmxnet-initialise-local-tx-desc.patch 0063-net-rtl8139-limit-processing-of-rin.patch 0064-audio-intel-hda-check-stream-entry-.patch 0065-virtio-gpu-fix-memory-leak-in-virti.patch 0066-9pfs-fix-integer-overflow-issue-in-.patch slof_xhci.patch * Patches renamed: 0016-linux-user-Fake-proc-cpuinfo.patch -> 0013-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-XXX-disable-fiemap.patch -> 0014-linux-user-XXX-disable-fiemap.patch 0020-slirp-nooutgoing.patch -> 0015-slirp-nooutgoing.patch 0021-vnc-password-file-and-incoming-conn.patch -> 0016-vnc-password-file-and-incoming-conn.patch 0022-linux-user-use-target_ulong.patch -> 0017-linux-user-use-target_ulong.patch 0023-block-Add-support-for-DictZip-enabl.patch -> 0018-block-Add-support-for-DictZip-enabl.patch 0024-block-Add-tar-container-format.patch -> 0019-block-Add-tar-container-format.patch 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0020-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0026-console-add-question-mark-escape-op.patch -> 0021-console-add-question-mark-escape-op.patch 0027-Make-char-muxer-more-robust-wrt-sma.patch -> 0022-Make-char-muxer-more-robust-wrt-sma.patch 0028-linux-user-lseek-explicitly-cast-no.patch -> 0023-linux-user-lseek-explicitly-cast-no.patch 0029-virtfs-proxy-helper-Provide-__u64-f.patch -> 0024-virtfs-proxy-helper-Provide-__u64-f.patch 0030-configure-Enable-PIE-for-ppc-and-pp.patch -> 0025-configure-Enable-PIE-for-ppc-and-pp.patch 0031-AIO-Reduce-number-of-threads-for-32.patch -> 0026-AIO-Reduce-number-of-threads-for-32.patch 0032-dictzip-Fix-on-big-endian-systems.patch -> 0027-dictzip-Fix-on-big-endian-systems.patch 0033-xen_disk-Add-suse-specific-flush-di.patch -> 0028-xen_disk-Add-suse-specific-flush-di.patch 0035-qemu-bridge-helper-reduce-security-.patch -> 0029-qemu-bridge-helper-reduce-security-.patch 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0037-configure-Fix-detection-of-seccomp-.patch -> 0031-configure-Fix-detection-of-seccomp-.patch 0038-linux-user-properly-test-for-infini.patch -> 0032-linux-user-properly-test-for-infini.patch 0040-linux-user-remove-all-traces-of-qem.patch -> 0033-linux-user-remove-all-traces-of-qem.patch 0067-dma-rc4030-limit-interval-timer-rel.patch -> 0034-dma-rc4030-limit-interval-timer-rel.patch 0068-net-imx-limit-buffer-descriptor-cou.patch -> 0035-net-imx-limit-buffer-descriptor-cou.patch 0069-roms-Makefile-pass-a-packaging-time.patch -> 0036-roms-Makefile-pass-a-packaging-time.patch * Patches added: 0037-Raise-soft-address-space-limit-to-h.patch 0038-increase-x86_64-physical-bits-to-42.patch 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0040-i8254-Fix-migration-from-SLE11-SP2.patch 0041-acpi_piix4-Fix-migration-from-SLE11.patch 0042-Fix-tigervnc-long-press-issue.patch 0043-fix-xen-hvm-direct-kernel-boot.patch 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch 0045-virtio-gpu-call-cleanup-mapping-fun.patch 0046-string-input-visitor-Fix-uint64-par.patch 0047-test-string-input-visitor-Add-int-t.patch 0048-test-string-input-visitor-Add-uint6.patch 0049-tests-Add-QOM-property-unit-tests.patch 0050-tests-Add-scsi-disk-test.patch 0051-virtio-gpu-fix-information-leak-in-.patch 0052-display-cirrus-ignore-source-pitch-.patch ipxe-use-gcc6-for-more-compact-code.patch * SLE patches dropped (accounted for in above listed changes): 0002-qemu-0.9.0.cvs-binfmt.patch 0009-block-vmdk-Support-creation-of-SCSI.patch 0010-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch 0014-linux-user-Ignore-broken-loop-ioctl.patch 0015-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch 0024-linux-user-add-more-blk-ioctls.patch 0025-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-_u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch 0034-Raise-soft-address-space-limit-to-h.patch 0035-increase-x86_64-physical-bits-to-42.patch 0036-vnc-provide-fake-color-map.patch 0037-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0038-i8254-Fix-migration-from-SLE11-SP2.patch 0039-acpi_piix4-Fix-migration-from-SLE11.patch 0040-qtest-Increase-socket-timeout-to-ac.patch 0041-dictzip-Fix-on-big-endian-systems.patch 0043-xen_disk-Add-suse-specific-flush-di.patch 0044-Split-large-discard-requests-from-b.patch 0045-fix-xen-hvm-direct-kernel-boot.patch 0046-xen-introduce-dummy-system-device.patch 0047-xen-write-information-about-support.patch 0048-xen-add-pvUSB-backend.patch 0049-xen-move-xen_sysdev-to-xen_backend..patch 0050-vnc-add-configurable-keyboard-delay.patch 0051-xen-SUSE-xenlinux-unplug-for-emulat.patch 0052-configure-add-echo_version-helper.patch 0053-configure-support-vte-2.91.patch 0054-scsi-esp-fix-migration.patch 0055-hw-arm-virt-mark-the-PCIe-host-cont.patch 0056-xen-when-removing-a-backend-don-t-r.patch 0057-xen-drain-submit-queue-in-xen-usb-b.patch 0058-qcow2-avoid-extra-flushes-in-qcow2.patch 0059-qemu-bridge-helper-reduce-security-.patch 0060-xen-use-a-common-function-for-pv-an.patch 0061-xen_platform-unplug-also-SCSI-disks.patch 0062-virtio-check-vring-descriptor-buffe.patch 0063-net-vmxnet3-check-for-device_active.patch 0064-net-vmxnet-initialise-local-tx-desc.patch 0065-scsi-pvscsi-avoid-infinite-loop-whi.patch 0066-ARM-KVM-Enable-in-kernel-timers-wit.patch 0067-hw-net-Fix-a-heap-overflow-in-xlnx..patch 0068-vmsvga-correct-bitmap-and-pixmap-si.patch 0069-usb-xhci-fix-memory-leak-in-usb_xhc.patch 0070-virtio-add-check-for-descriptor-s-m.patch 0071-net-mcf-limit-buffer-descriptor-cou.patch 0072-usb-ehci-fix-memory-leak-in-ehci_pr.patch 0073-xhci-limit-the-number-of-link-trbs-.patch 0074-9pfs-allocate-space-for-guest-origi.patch 0075-9pfs-fix-memory-leak-in-v9fs_link.patch 0076-9pfs-fix-potential-host-memory-leak.patch 0077-9pfs-fix-memory-leak-in-v9fs_write.patch 0078-char-serial-check-divider-value-aga.patch 0079-net-pcnet-check-rx-tx-descriptor-ri.patch 0080-net-eepro100-fix-memory-leak-in-dev.patch 0081-net-rocker-set-limit-to-DMA-buffer-.patch 0082-net-rtl8139-limit-processing-of-rin.patch 0083-audio-intel-hda-check-stream-entry-.patch 0084-virtio-gpu-fix-memory-leak-in-virti.patch 0085-9pfs-fix-integer-overflow-issue-in-.patch 0086-dma-rc4030-limit-interval-timer-rel.patch 0087-net-imx-limit-buffer-descriptor-cou.patch 0088-target-i386-Implement-CPUID-0xB-Ext.patch 0089-target-i386-present-virtual-L3-cach.patch 0090-migration-fix-inability-to-save-VM-.patch 0091-ui-gtk-Fix-a-runtime-warning-on-vte.patch 0092-gtk-don-t-leak-the-GtkBorder-with-V.patch 0093-xen-fix-ioreq-handling.patch 0094-macio-Use-blk_drain-instead-of-blk_.patch 0095-rbd-Switch-rbd_start_aio-to-byte-ba.patch 0096-virtio-blk-Release-s-rq-queue-at-sy.patch 0097-virtio-blk-Remove-stale-comment-abo.patch 0098-block-reintroduce-bdrv_flush_all.patch 0099-qemu-use-bdrv_flush_all-for-vm_stop.patch 0100-block-backend-remove-blkflush_all.patch 0101-char-fix-missing-return-in-error-pa.patch 0102-rbd-shift-byte-count-as-a-64-bit-va.patch 0103-mirror-use-bdrv_drained_begin-bdrv_.patch 0104-block-curl-Use-BDRV_SECTOR_SIZE.patch 0105-block-curl-Fix-return-value-from-cu.patch 0106-block-curl-Remember-all-sockets.patch 0107-block-curl-Do-not-wait-for-data-bey.patch 0108-virtio-allow-per-device-class-legac.patch 0109-virtio-net-mark-VIRTIO_NET_F_GSO-as.patch 0110-vhost-adapt-vhost_verify_ring_mappi.patch 0111-ivshmem-Fix-64-bit-memory-bar-confi.patch 0112-intel_iommu-fix-incorrect-device-in.patch 0113-9pfs-fix-information-leak-in-xattr-.patch 0114-9pfs-fix-memory-leak-in-v9fs_xattrc.patch 0115-net-mcf-check-receive-buffer-size-r.patch 0116-virtio-gpu-fix-memory-leak-in-updat.patch 0117-virtio-gpu-fix-information-leak-in-.patch 0118-9pfs-adjust-the-order-of-resource-c.patch 0119-9pfs-add-cleanup-operation-in-FileO.patch 0120-9pfs-add-cleanup-operation-for-hand.patch 0121-9pfs-add-cleanup-operation-for-prox.patch 0122-virtio-gpu-call-cleanup-mapping-fun.patch 0123-string-input-visitor-Fix-uint64-par.patch 0124-test-string-input-visitor-Add-int-t.patch 0125-test-string-input-visitor-Add-uint6.patch 0126-tests-Add-QOM-property-unit-tests.patch 0127-tests-Add-scsi-disk-test.patch 0128-usb-ehci-fix-memory-leak-in-ehci_in.patch 0129-usbredir-free-vm_change_state_handl.patch 0130-virtio-gpu-fix-information-leak-in-.patch ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch ipxe-legacy-Fix-building-with-GCC-6.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-util-v5.24-perl-errors-on-redeclare.patch - SLE CVE, FATE, and bugzilla references not otherwise listed in this changelog file. The intent of this list is to indicate that the fix or feature continues the line of inheritance in the development stream of this package. The list is intended to satisfy searches only - refer to the SLE-12-SP2 changelog file for additional details. * fate#314468 fate#314497 fate#315125 fate#315467 fate#317015 fate#317741 fate#317763 fate#318349 fate#319660 fate#319979 fate#321010 * bnc#812983 bnc#869026 bnc#869746 bnc#874413 bnc#875582 bnc#875870 bnc#877642 bnc#877645 bnc#878541 bsc#882405 bsc#886378 bnc#893339 bnc#893892 bnc#895369 bnc#896726 bnc#897654 bnc#905097 bnc#907805 bnc#908380 bnc#914521 bsc#924018 bsc#929339 bsc#932267 bsc#932770 bsc#933981 bsc#936537 bsc#937125 bsc#938344 bsc#940929 bsc#942845 bsc#943446 bsc#944697 bsc#945404 bsc#945987 bsc#945989 bsc#946020 bsc#947159 bnc#953518 bsc#954864 bsc#956829 bsc#957162 bsc#958491 bsc#958917 bsc#959005 bsc#959386 bsc#960334 bsc#960708 bsc#960725 bsc#960835 bsc#961333 bsc#961556 bsc#961691 bsc#962320 bsc#963782 bsc#964413 bsc#970791 bsc#974141 bsc#978158 bsc#979473 bsc#982365 bsc#989655 bsc#991466 bsc#994771 bsc#994774 bsc#996441 bsc#997858 bsc#999212 bsc#1001151 bsc#1002116 bsc#1005353 boo#1007263 bsc#1007769 bsc#1008519 bsc#1009109 bsc#1013285 bsc#1013341 bsc#1013764 bsc#1013767 bsc#1014109 bsc#1014110 bsc#1014111 bsc#1014112 bsc#1014256 bsc#1014514 bsc#1014702 bsc#1015169 bsc#1016779 * CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-6490 CVE-2016-6833 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7161 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922- Despite the previous entry about re-enabling ceph on Nov 19, 2016 the change wasn't actually done. Do it now.- sgabios-stable-buildid.patch: Use geeko@buildhost- slof_xhci.patch: XHCI fixes (boo#977027)- Recommend x86 ROMs for emulated PCI cards on ppc, arm, others (bsc#1005869, michals)- Tidy SLOF patch boilerplate (michals)- Build with spice on all archs. (boo#1009438, michals)- Refine the approach to producing stable builds in our ROM based packages. All built roms which have hostname or date calls now produce consistent results build to build via patch changes, so remove the hostname and date call workarounds. (bsc#1011213) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0069-roms-Makefile-pass-a-packaging-time.patch sgabios-stable-buildid.patch- Re-enable ceph (rbd) functionality in OBS builds as we've been told the issues which prompted us to disable it are resolved - Address various security/stability issues * Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516) 0041-vmsvga-correct-bitmap-and-pixmap-si.patch * Fix DOS in LSI SAS1068 emulation (CVE-2016-7157 bsc#997860) 0042-scsi-mptconfig-fix-an-assert-expres.patch 0043-scsi-mptconfig-fix-misuse-of-MPTSAS.patch * Fix DOS in Vmware pv scsi interface (CVE-2016-7156 bsc#997859) 0044-scsi-pvscsi-limit-loop-to-fetch-SG-.patch * Fix DOS in USB xHCI emulation (CVE-2016-7466 bsc#1000345) 0045-usb-xhci-fix-memory-leak-in-usb_xhc.patch * Fix OOB access in LSI SAS1068 emulation (CVE-2016-7423 bsc#1000397) 0046-scsi-mptsas-use-g_new0-to-allocate-.patch * Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661) 0047-scsi-pvscsi-limit-process-IO-loop-t.patch * Fix NULL pointer dereference in virtio processing (CVE-2016-7422 bsc#1000346) 0048-virtio-add-check-for-descriptor-s-m.patch * Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550) 0049-net-mcf-limit-buffer-descriptor-cou.patch * Fix DOS in USB EHCI emulation (CVE-2016-7995 bsc#1003612) 0050-usb-ehci-fix-memory-leak-in-ehci_pr.patch * Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878) 0051-xhci-limit-the-number-of-link-trbs-.patch * Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894) 0052-9pfs-allocate-space-for-guest-origi.patch * Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494) 0053-9pfs-fix-memory-leak-in-v9fs_link.patch * Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893) 0054-9pfs-fix-potential-host-memory-leak.patch * Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454) 0055-9pfs-fix-information-leak-in-xattr-.patch * Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450) 0056-9pfs-fix-memory-leak-in-v9fs_xattrc.patch * Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495) 0057-9pfs-fix-memory-leak-in-v9fs_write.patch * Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707) 0058-char-serial-check-divider-value-aga.patch * Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557) 0059-net-pcnet-check-rx-tx-descriptor-ri.patch * Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391) 0060-net-eepro100-fix-memory-leak-in-dev.patch * Fix OOB access in Rocker switch emulation (CVE-2016-8668 bsc#1004706) 0061-net-rocker-set-limit-to-DMA-buffer-.patch * Plug data leak in vmxnet3 emulation (CVE-2016-6836 bsc#994760) 0062-net-vmxnet-initialise-local-tx-desc.patch * Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538) 0063-net-rtl8139-limit-processing-of-rin.patch * Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536) 0064-audio-intel-hda-check-stream-entry-.patch * Fix DOS in virtio-gpu (CVE-2016-7994 bsc#1003613) 0065-virtio-gpu-fix-memory-leak-in-virti.patch * Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493) 0066-9pfs-fix-integer-overflow-issue-in-.patch * Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702) 0067-dma-rc4030-limit-interval-timer-rel.patch * Fix DOS in i.MX NIC emulation (CVE-2016-7907 bsc#1002549) 0068-net-imx-limit-buffer-descriptor-cou.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7- Use fixed timestamps and stable build_id in ipxe and other ROMs * Patches added: ipxe-stable-buildid.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patch updated: 0040-linux-user-skip-0-flag-from-proc-se.patch -> 0040-linux-user-remove-all-traces-of-qem.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0040-linux-user-skip-0-flag-from-proc-se.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0039-Fix-tlb_vaddr_to_host-with-CONFIG_U.patch- Document two new options, but leave jemalloc disabled for now - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches dropped: 0034-build-link-with-libatomic-on-powerp.patch * Patches renamed: 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0034-xen-SUSE-xenlinux-unplug-for-emulat.patch 0036-qemu-bridge-helper-reduce-security-.patch -> 0035-qemu-bridge-helper-reduce-security-.patch 0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0036-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0038-configure-Fix-detection-of-seccomp-.patch -> 0037-configure-Fix-detection-of-seccomp-.patch 0039-linux-user-properly-test-for-infini.patch -> 0038-linux-user-properly-test-for-infini.patch- Updated to v2.7.0: See http://wiki.qemu-project.org/ChangeLog/2.7 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches added: 0039-linux-user-properly-test-for-infini.patch- Use new kvm_stat package where available, else provide updated kvm_stat script.- Update to v2.7.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.7- Updated to v2.7.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.7 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.7 * Patches dropped: 0002-qemu-0.9.0.cvs-binfmt.patch (script rewritten upstream) 0009-block-vmdk-Support-creation-of-SCSI.patch (deprecated) 0014-linux-user-Ignore-broken-loop-ioctl.patch (implemented upstream) 0024-linux-user-add-more-blk-ioctls.patch (more implemented upstream) 0034-qtest-Increase-socket-timeout.patch (increased further upstream) 0036-configure-Enable-libseccomp-for-ppc.patch (enabled upstream) 0038-block-split-large-discard-requests-.patch 0041-xen-introduce-dummy-system-device.patch 0042-xen-write-information-about-support.patch 0043-xen-add-pvUSB-backend.patch 0044-xen-move-xen_sysdev-to-xen_backend..patch 0045-vnc-add-configurable-keyboard-delay.patch 0046-configure-add-echo_version-helper.patch 0047-configure-support-vte-2.91.patch 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch 0050-scsi-esp-fix-migration.patch 0051-xen-when-removing-a-backend-don-t-r.patch 0052-xen-drain-submit-queue-in-xen-usb-b.patch 0053-qcow2-avoid-extra-flushes-in-qcow2.patch 0055-xen-use-a-common-function-for-pv-an.patch ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-legacy-Fix-building-with-GCC-6.patch ipxe-util-v5.24-perl-errors-on-redeclare.patch ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch * Patches renamed: 0010-linux-user-add-binfmt-wrapper-for-a.patch -> 0009-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch -> 0010-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch -> 0011-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch -> 0012-linux-user-binfmt-support-host-bina.patch 0015-linux-user-lock-tcg.patch -> 0013-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch -> 0014-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch -> 0015-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch -> 0016-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch -> 0017-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch -> 0018-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch -> 0019-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch -> 0020-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch -> 0021-vnc-password-file-and-incoming-conn.patch 0025-linux-user-use-target_ulong.patch -> 0022-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch -> 0023-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch -> 0024-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0025-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch -> 0026-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch -> 0027-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch -> 0028-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-__u64-f.patch -> 0029-virtfs-proxy-helper-Provide-__u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch -> 0030-configure-Enable-PIE-for-ppc-and-pp.patch 0035-AIO-Reduce-number-of-threads-for-32.patch -> 0031-AIO-Reduce-number-of-threads-for-32.patch 0037-dictzip-Fix-on-big-endian-systems.patch -> 0032-dictzip-Fix-on-big-endian-systems.patch 0039-xen_disk-Add-suse-specific-flush-di.patch -> 0033-xen_disk-Add-suse-specific-flush-di.patch 0040-build-link-with-libatomic-on-powerp.patch -> 0034-build-link-with-libatomic-on-powerp.patch 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch -> 0035-xen-SUSE-xenlinux-unplug-for-emulat.patch 0054-qemu-bridge-helper-reduce-security-.patch -> 0036-qemu-bridge-helper-reduce-security-.patch * Patches added: 0002-qemu-binfmt-conf-Modify-default-pat.patch 0037-qemu-binfmt-conf-use-qemu-ARCH-binf.patch * Package renamed trace-events-all file and linuxboot_dma.bin * Handle building and packaging roms for e1000e and vmxnet3 (Bruce) * Remove ipxe patches which are now enabled upstream (Bruce) * Enable seccomp for s390x (Mark Post): 0038-configure-Fix-detection-of-seccomp-.patch- Update to v2.6.1 a stable, bug-fix-only release (fate#316228) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped (upstreamed): 0041-net-mipsnet-check-packet-length-aga.patch 0042-i386-kvmvapic-initialise-imm32-vari.patch 0043-esp-check-command-buffer-length-bef.patch 0044-esp-check-dma-length-before-reading.patch 0045-scsi-pvscsi-check-command-descripto.patch 0046-scsi-mptsas-infinite-loop-while-fet.patch 0047-vga-add-sr_vbe-register-set.patch 0048-scsi-megasas-use-appropriate-proper.patch 0049-scsi-megasas-check-read_queue_head-.patch 0050-scsi-megasas-null-terminate-bios-ve.patch 0051-vmsvga-move-fifo-sanity-checks-to-v.patch 0052-vmsvga-don-t-process-more-than-1024.patch 0053-block-iscsi-avoid-potential-overflo.patch 0054-scsi-esp-check-TI-buffer-index-befo.patch 0060-scsi-megasas-initialise-local-confi.patch 0065-scsi-esp-check-buffer-length-before.patch 0066-scsi-esp-respect-FIFO-invariant-aft.patch 0067-pci-assign-Move-Invalid-ROM-error-m.patch 0068-Xen-PCI-passthrough-fix-passthrough.patch 0069-scsi-esp-make-cmdbuf-big-enough-for.patch 0071-virtio-error-out-if-guest-exceeds-v.patch * Patches renamed: 0055-xen-introduce-dummy-system-device.patch - > 0041-xen-introduce-dummy-system-device.patch 0056-xen-write-information-about-support.patch - > 0042-xen-write-information-about-support.patch 0057-xen-add-pvUSB-backend.patch - > 0043-xen-add-pvUSB-backend.patch 0058-xen-move-xen_sysdev-to-xen_backend..patch - > 0044-xen-move-xen_sysdev-to-xen_backend..patch 0059-vnc-add-configurable-keyboard-delay.patch - > 0045-vnc-add-configurable-keyboard-delay.patch 0061-configure-add-echo_version-helper.patch - > 0046-configure-add-echo_version-helper.patch 0062-configure-support-vte-2.91.patch - > 0047-configure-support-vte-2.91.patch 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch - > 0048-hw-arm-virt-mark-the-PCIe-host-cont.patch 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch - > 0049-xen-SUSE-xenlinux-unplug-for-emulat.patch 0070-scsi-esp-fix-migration.patch - > 0050-scsi-esp-fix-migration.patch 0072-xen-when-removing-a-backend-don-t-r.patch - > 0051-xen-when-removing-a-backend-don-t-r.patch 0073-xen-drain-submit-queue-in-xen-usb-b.patch - > 0052-xen-drain-submit-queue-in-xen-usb-b.patch 0074-qcow2-avoid-extra-flushes-in-qcow2.patch - > 0053-qcow2-avoid-extra-flushes-in-qcow2.patch 0075-qemu-bridge-helper-reduce-security-.patch - > 0054-qemu-bridge-helper-reduce-security-.patch 0076-xen-use-a-common-function-for-pv-an.patch - > 0055-xen-use-a-common-function-for-pv-an.patch- Temporarily disable ceph (rbd) functionality in OBS due to staging issues.- use upstream solution for building xen-usb.c correctly - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped: 0058-usb-Fix-conditions-that-xen-usb.c-i.patch * Patches added: 0058-xen-move-xen_sysdev-to-xen_backend..patch- Incorporate patch carried in Xen's qemu to get same support as Xen switches to use the qemu package (bsc#953339, bsc#953362, bsc#953518, bsc#984981) 0064-xen-SUSE-xenlinux-unplug-for-emulat.patch - Fix more potential OOB accesses in 53C9X emulation (CVE-2016-5238 bsc#982959) 0065-scsi-esp-check-buffer-length-before.patch 0066-scsi-esp-respect-FIFO-invariant-aft.patch - Avoid "Invalid ROM" error message when it is not appropriate (bsc#982927) 0067-pci-assign-Move-Invalid-ROM-error-m.patch - Fix failure in Xen HVM PCI passthrough (bsc#981925, bsc#989250) 0068-Xen-PCI-passthrough-fix-passthrough.patch - Fix OOB access in 53C9X emulation (CVE-2016-6351 bsc#990835) 0069-scsi-esp-make-cmdbuf-big-enough-for.patch 0070-scsi-esp-fix-migration.patch - Avoid potential for guest initiated OOM condition in qemu through virtio interface (CVE-2016-5403 bsc#991080) 0071-virtio-error-out-if-guest-exceeds-v.patch - Fix potential crashes in qemu from pvusb bugs (bsc#986156) 0072-xen-when-removing-a-backend-don-t-r.patch 0073-xen-drain-submit-queue-in-xen-usb-b.patch - Avoid unneeded flushes in qcow2 which impact performance (bsc#991296) 0074-qcow2-avoid-extra-flushes-in-qcow2.patch - Finally get qemu-bridge-helper the permissions it needs for non- root usage. The kvm group is leveraged to control access. (boo#988279) 0075-qemu-bridge-helper-reduce-security-.patch - Fix pvusb not working for HVM guests (bsc#991785) 0076-xen-use-a-common-function-for-pv-an.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 - Minor spec file formatting fixes- Fix ARM PCIe DMA coherency bug (bsc#991034) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches added: 0063-hw-arm-virt-mark-the-PCIe-host-cont.patch- Clean up the udev ifdeffery to cover systemd as well (boo#860275) - Trigger udev rules also under systemd (boo#989655) - Suppress s390x sysctl in chroot - Ignore s390x sysctl failures (agraf)- Build SLOF for SLE12 now that we have gcc fix (bsc#949000) - Add script for loading kvm module on s390x - Enable seccomp and iscsi support in more configurations - Enable more support for virtio-gpu - Fix /dev/kvm permissions problem with package install and no reboot (bnc#867867) - Remove libtool dependency - Disable more aggressive stack protector for performance reasons - Enable vte to be used again in more configurations (bsc#988855) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches added: 0061-configure-add-echo_version-helper.patch 0062-configure-support-vte-2.91.patch- Remove deprecated patch "work-around-SA_RESTART-race" (boo#982208) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped: 0002-XXX-work-around-SA_RESTART-race-wit.patch 0003-qemu-0.9.0.cvs-binfmt.patch 0004-qemu-cvs-alsa_bitfield.patch 0005-qemu-cvs-alsa_ioctl.patch 0006-qemu-cvs-alsa_mmap.patch 0007-qemu-cvs-gettimeofday.patch 0008-qemu-cvs-ioctl_debug.patch 0009-qemu-cvs-ioctl_nodirection.patch 0010-block-vmdk-Support-creation-of-SCSI.patch 0011-linux-user-add-binfmt-wrapper-for-a.patch 0012-PPC-KVM-Disable-mmu-notifier-check.patch 0013-linux-user-fix-segfault-deadlock.patch 0014-linux-user-binfmt-support-host-bina.patch 0015-linux-user-Ignore-broken-loop-ioctl.patch 0016-linux-user-lock-tcg.patch 0017-linux-user-Run-multi-threaded-code-.patch 0018-linux-user-lock-tb-flushing-too.patch 0019-linux-user-Fake-proc-cpuinfo.patch 0020-linux-user-implement-FS_IOC_GETFLAG.patch 0021-linux-user-implement-FS_IOC_SETFLAG.patch 0022-linux-user-XXX-disable-fiemap.patch 0023-slirp-nooutgoing.patch 0024-vnc-password-file-and-incoming-conn.patch 0025-linux-user-add-more-blk-ioctls.patch 0026-linux-user-use-target_ulong.patch 0027-block-Add-support-for-DictZip-enabl.patch 0028-block-Add-tar-container-format.patch 0029-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0030-console-add-question-mark-escape-op.patch 0031-Make-char-muxer-more-robust-wrt-sma.patch 0032-linux-user-lseek-explicitly-cast-no.patch 0033-virtfs-proxy-helper-Provide-__u64-f.patch 0034-configure-Enable-PIE-for-ppc-and-pp.patch 0035-qtest-Increase-socket-timeout.patch 0036-AIO-Reduce-number-of-threads-for-32.patch 0037-configure-Enable-libseccomp-for-ppc.patch 0038-dictzip-Fix-on-big-endian-systems.patch 0039-block-split-large-discard-requests-.patch 0040-xen_disk-Add-suse-specific-flush-di.patch 0041-build-link-with-libatomic-on-powerp.patch 0042-net-mipsnet-check-packet-length-aga.patch 0043-i386-kvmvapic-initialise-imm32-vari.patch 0044-esp-check-command-buffer-length-bef.patch 0045-esp-check-dma-length-before-reading.patch 0046-scsi-pvscsi-check-command-descripto.patch 0047-scsi-mptsas-infinite-loop-while-fet.patch 0048-vga-add-sr_vbe-register-set.patch 0049-scsi-megasas-use-appropriate-proper.patch 0050-scsi-megasas-check-read_queue_head-.patch 0051-scsi-megasas-null-terminate-bios-ve.patch 0052-vmsvga-move-fifo-sanity-checks-to-v.patch 0053-vmsvga-don-t-process-more-than-1024.patch 0054-block-iscsi-avoid-potential-overflo.patch 0055-scsi-esp-check-TI-buffer-index-befo.patch 0056-xen-introduce-dummy-system-device.patch 0057-xen-write-information-about-support.patch 0058-xen-add-pvUSB-backend.patch 0059-usb-Fix-conditions-that-xen-usb.c-i.patch 0060-vnc-add-configurable-keyboard-delay.patch 0061-scsi-megasas-initialise-local-confi.patch * Patches added: 0002-qemu-0.9.0.cvs-binfmt.patch 0003-qemu-cvs-alsa_bitfield.patch 0004-qemu-cvs-alsa_ioctl.patch 0005-qemu-cvs-alsa_mmap.patch 0006-qemu-cvs-gettimeofday.patch 0007-qemu-cvs-ioctl_debug.patch 0008-qemu-cvs-ioctl_nodirection.patch 0009-block-vmdk-Support-creation-of-SCSI.patch 0010-linux-user-add-binfmt-wrapper-for-a.patch 0011-PPC-KVM-Disable-mmu-notifier-check.patch 0012-linux-user-fix-segfault-deadlock.patch 0013-linux-user-binfmt-support-host-bina.patch 0014-linux-user-Ignore-broken-loop-ioctl.patch 0015-linux-user-lock-tcg.patch 0016-linux-user-Run-multi-threaded-code-.patch 0017-linux-user-lock-tb-flushing-too.patch 0018-linux-user-Fake-proc-cpuinfo.patch 0019-linux-user-implement-FS_IOC_GETFLAG.patch 0020-linux-user-implement-FS_IOC_SETFLAG.patch 0021-linux-user-XXX-disable-fiemap.patch 0022-slirp-nooutgoing.patch 0023-vnc-password-file-and-incoming-conn.patch 0024-linux-user-add-more-blk-ioctls.patch 0025-linux-user-use-target_ulong.patch 0026-block-Add-support-for-DictZip-enabl.patch 0027-block-Add-tar-container-format.patch 0028-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0029-console-add-question-mark-escape-op.patch 0030-Make-char-muxer-more-robust-wrt-sma.patch 0031-linux-user-lseek-explicitly-cast-no.patch 0032-virtfs-proxy-helper-Provide-__u64-f.patch 0033-configure-Enable-PIE-for-ppc-and-pp.patch 0034-qtest-Increase-socket-timeout.patch 0035-AIO-Reduce-number-of-threads-for-32.patch 0036-configure-Enable-libseccomp-for-ppc.patch 0037-dictzip-Fix-on-big-endian-systems.patch 0038-block-split-large-discard-requests-.patch 0039-xen_disk-Add-suse-specific-flush-di.patch 0040-build-link-with-libatomic-on-powerp.patch 0041-net-mipsnet-check-packet-length-aga.patch 0042-i386-kvmvapic-initialise-imm32-vari.patch 0043-esp-check-command-buffer-length-bef.patch 0044-esp-check-dma-length-before-reading.patch 0045-scsi-pvscsi-check-command-descripto.patch 0046-scsi-mptsas-infinite-loop-while-fet.patch 0047-vga-add-sr_vbe-register-set.patch 0048-scsi-megasas-use-appropriate-proper.patch 0049-scsi-megasas-check-read_queue_head-.patch 0050-scsi-megasas-null-terminate-bios-ve.patch 0051-vmsvga-move-fifo-sanity-checks-to-v.patch 0052-vmsvga-don-t-process-more-than-1024.patch 0053-block-iscsi-avoid-potential-overflo.patch 0054-scsi-esp-check-TI-buffer-index-befo.patch 0055-xen-introduce-dummy-system-device.patch 0056-xen-write-information-about-support.patch 0057-xen-add-pvUSB-backend.patch 0058-usb-Fix-conditions-that-xen-usb.c-i.patch 0059-vnc-add-configurable-keyboard-delay.patch 0060-scsi-megasas-initialise-local-confi.patch - Enable ceph (rbd) support for aarch64- Enable ceph (rbd) support- Fix OVMF iPXE network menu (bsc#986033, boo#987488) ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch- Fix host information leak to guest in MegaRAID SAS 8708EM2 Host Bus AdapterMegaRAID SAS 8708EM2 Host Bus Adapter emulation support (CVE-2016-5105 bsc#982017) * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 0061-scsi-megasas-initialise-local-confi.patch- Address various security/stability issues * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Fix OOB access in megasas emulated device (CVE-2016-5106 bsc#982018) 0049-scsi-megasas-use-appropriate-proper.patch * Fix OOB access in megasas emulated device (CVE-2016-5107 bsc#982019) 0050-scsi-megasas-check-read_queue_head-.patch * Fix OOB access in megasas emulated device (CVE-2016-5337 bsc#983961) 0051-scsi-megasas-null-terminate-bios-ve.patch * Correct the vmvga fifo access checks (CVE-2016-4454 bsc#982222) 0052-vmsvga-move-fifo-sanity-checks-to-v.patch * Fix potential DoS issue in vmvga processing (CVE-2016-4453 bsc#982223) 0053-vmsvga-don-t-process-more-than-1024.patch * Fix heap buffer overflow flaw when iscsi protocol is used (CVE-2016-5126 bsc#982285) 0054-block-iscsi-avoid-potential-overflo.patch * Fix OOB access in 53C9X emulation (CVE-2016-5338 bsc#983982) 0055-scsi-esp-check-TI-buffer-index-befo.patch - Add support to qemu for pv-usb under Xen (fate#316612) 0056-xen-introduce-dummy-system-device.patch 0057-xen-write-information-about-support.patch 0058-xen-add-pvUSB-backend.patch 0059-usb-Fix-conditions-that-xen-usb.c-i.patch - Provide ability to rate limit keyboard events from the vnc server. This is part of the solution to an issue affecting openQA testing, where characters are lost, resulting in unexpected failures (bsc#974914) 0060-vnc-add-configurable-keyboard-delay.patch- Adjust to parallel changes in virglrenderer packages - no longer "BuildRequires" virglrenderer directly, just the devel package.- Fix build compatibility with gcc6 wrt ipxe rom where compiler warnings are treated as errors. ipxe-ath9k-Fix-buffer-overrun-for-ar9287.patch ipxe-mucurses-Fix-GCC-6-nonnull-compare-errors.patch ipxe-sis190-Fix-building-with-GCC-6.patch ipxe-skge-Fix-building-with-GCC-6.patch ipxe-ath-Fix-building-with-GCC-6.patch ipxe-legacy-Fix-building-with-GCC-6.patch - Fix ipxe build script which fails under perl v5.24 ipxe-util-v5.24-perl-errors-on-redeclare.patch - Specify build time disk space requirements for ppc64 and ppc64le- Add sysctl script and %post on s390x to allow kvm usage (bsc#975331)- Address various security/stability issues * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Fix OOB access in MIPSnet emulated controller CVE-2016-4002 (bsc#975136) 0042-net-mipsnet-check-packet-length-aga.patch * Fix possible host data leakage to guest from TPR access CVE-2016-4020 (bsc#975700) 0043-i386-kvmvapic-initialise-imm32-vari.patch * Avoid OOB access in 53C9X emulation CVE-2016-4439 (bsc#980711) 0044-esp-check-command-buffer-length-bef.patch * Avoid OOB access in 53C9X emulation CVE-2016-4441 (bsc#980723) 0045-esp-check-dma-length-before-reading.patch * Avoid OOB access in Vmware PV SCSI emulation CVE-2016-4952 (bsc#981266) 0046-scsi-pvscsi-check-command-descripto.patch * Avoid potential DoS in LSI SAS1068 emulation CVE-2016-4964 (bsc#981399) 0047-scsi-mptsas-infinite-loop-while-fet.patch * Fix regression in vga behavior - introduced in v2.6.0 CVE-2016-3712 (bsc#978160) 0048-vga-add-sr_vbe-register-set.patch- Update to v2.6.0: See http://wiki.qemu-project.org/ChangeLog/2.6 - Enable SDL2, virglrenderer (for use with virtio-gpu), xfsctl, and tracing using default log backend - Build efi pxe roms on x86_64- Check modules for conflicting release versions - Suggest recently added block modules- Bump copyright in qemu.spec.in - Enable libiscsi for Factory - Enable seccomp for ppc64le as well- Update to v2.6.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.6 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Patches dropped (upstreamed): 0041-tests-Use-correct-config-param-for-.patch * Patches renamed: 0042-build-link-with-libatomic-on-powerp.patch -> 0041-build-link-with-libatomic-on-powerp.patch- Partially revert the last change's cleanup - Indicate SUSE version- Update to v2.6.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.6 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.6 * Accept every size in DISCARD request from a guest (bsc#964427) 0039-block-split-large-discard-requests-.patch * Recognize libxl flag to disable flush in block device (bsc#879425) 0040-xen_disk-Add-suse-specific-flush-di.patch * Use correct flag for crypto tests 0041-tests-Use-correct-config-param-for-.patch * Fix build on powerpc: 0042-build-link-with-libatomic-on-powerp.patch * Patches dropped (upstreamed): seabios_checkrom_typo.patch seabios_avoid_smbios_signature_string.patch- Disable vte for Leap, fixing build- Don't drop u-boot.e500 yet - breaks testsuite- Re-enable libcacard support - Clean up configured features- Clean up qemu-tools libcacard Provides/Obsoletes - separate again - Drop u-boot.e500 - being packaged as u-boot-ppce500- Update to v2.5.0: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Patches dropped (upstreamed): 0039-tests-Fix-check-report-qtest-target.patch- Fix build on openSUSE 13.2- Fix testsuite on 32bit systems (bsc#957379)- Update to v2.5.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Rebase libseccomp enablement: 0037-Revert-Revert-seccomp-tests-that-al.patch -> 0037-configure-Enable-libseccomp-for-ppc.patch * Provide qemu-ga and qemu-ipxe for qemu-testsuite - Clean up qemu-ksm recommendation- Fix SLE11 build by fixing systemd conditionalization (from olh)- Update to v2.5.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.5 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.5 * Patches dropped (upstream): 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch 0039-tests-Unique-test-path-for-string-v.patch gcc5-ipxe-add-missing-const-qualifiers.patch gcc5-ipxe-ath9k-Remove-confusing-logic-inversion-in-an-ANI-var.patch SLOF_ppc64le.patch * Patch renamed: 0040-dictzip-Fix-on-big-endian-systems.patch -> 0038-dictzip-Fix-on-big-endian-systems.patch * --enable-smartcard-nss -> --enable-smartcard Needs an external libcacard, so drop it for now. * Drop --enable-vnc-tls * Require xz-devel for ipxe build * Package qemu-ga(8) man page * Package ivshmem-{client,server} * Patches added: 0039-tests-Fix-check-report-qtest-target.patch- Add systemd unit file and udev rules for qemu guest agent - taken from the SLE12 / Leap package, see boo#955707- Add _constraints file (based on work by kenljohnson)- Enable SLOF build for ppc64le, too, now (bsc#949000, bsc#949016)- Allow building SLOF on ppc64le (bsc#949016) SLOF_ppc64le.patch - Add two checks for DictZip and tar qemu-img behavior (bsc#945778) * Clean up qemu-testsuite build/installation- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix endianness issues in DictZip block driver (bsc#937572, bsc#945778) 0027-block-Add-support-for-DictZip-enabl.patch 0028-block-Add-tar-container-format.patch 0040-dictzip-Fix-on-big-endian-systems.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix qemu-testsuite for glib2-2.46.0 by assuring uniqueness of paths 0039-tests-Unique-test-path-for-string-v.patch- Build SLOF on ppc64 (bsc#949016, thanks to k0da) * Simplify x86 fw logic while at it - No need to enable KVM for armv6hl - Add notice about pre_checkin.sh to update_git.sh- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix aarch64 TCG: 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch- Update to v2.4.0: See http://wiki.qemu-project.org/ChangeLog/2.4- Update to v2.4.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.4 * Provide qemu-img symlink instead of passing QTEST_QEMU_IMG- Update to v2.4.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.4 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches dropped: 0037-linux-user-Allocate-thunk-size-dyna.patch 0039-s390x-Fix-stoc-direction.patch 0040-s390x-Add-interlocked-access-facili.patch 0041-fdc-force-the-fifo-access-to-be-in-.patch 0042-rules.mak-Force-CFLAGS-for-all-obje.patch 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch 0044-hw-arm-boot-Increase-fdt-alignment.patch * Patches renamed: 0038-Revert-Revert-seccomp-tests-that-al.patch -> 0037-Revert-Revert-seccomp-tests-that-al.patch * Package new vgabios-virtio.bin * target-x86_64.conf was dropped * Add qemu-block-dmg module sub-package * Set QTEST_QEMU_IMG variable for ahci-test * --enable-quorum and --enable-vnc-ws are no longer available- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix -kernel boot for AArch64 * Patches added: 0044-hw-arm-boot-Increase-fdt-alignment.patch- Use libusb-1_0-devel as buildrequires, not the old unused compatibility layer in libusb-devel- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix qemu2 cow caching (bsc#933132) * Patches added: 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch- Patch queue updated from git://github.com/jirislaby/qemu.git opensuse-2.3 * Patches added: 0042-rules.mak-Force-CFLAGS-for-all-obje.patch gcc5-ipxe-add-missing-const-qualifiers.patch gcc5-ipxe-ath9k-Remove-confusing-logic-inversion-in-an-ANI-var.patch- Fix CVE-2015-3456 (boo#929339) 0041-fdc-force-the-fifo-access-to-be-in-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches added: 0040-s390x-Add-interlocked-access-facili.patch - Disable dependency on libnuma for s390x (not available in SLE12)- Update to v2.3.0: See http://wiki.qemu-project.org/ChangeLog/2.3 - Disable iotests for now- Update to v2.3.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.3- Update seabios_avoid_smbios_signature_string.patch with version applied upstream- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix s390x stoc instructions 0039-s390x-Fix-stoc-direction.patch- Update to v2.3.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (applied upstream): 0037-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch * Patches renamed: 0038-linux-user-Allocate-thunk-size-dyna.patch -> 0037-linux-user-Allocate-thunk-size-dyna.patch * Revert -rc3 change to disable seccomp on non-x86 architectures 0038-Revert-Revert-seccomp-tests-that-al.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 - Fix qemu-linux-user on powerpc * Patches added: 0038-linux-user-Allocate-thunk-size-dyna.patch- Split off qemu-testsuite.spec * Package check-report.html and check-report.xml * Enable quick iotests - Dropped 0030-net-Warn-about-default-MAC-address.patch The warning is relevant only for bridged setups, not for the default SLIRP based -net user / -netdev user setup, and it breaks output expectations of some iotests. * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches renamed: 0031-console-add-question-mark-escape-op.patch -> 0030-console-add-question-mark-escape-op.patch 0032-Make-char-muxer-more-robust-wrt-sma.patch -> 0031-Make-char-muxer-more-robust-wrt-sma.patch 0033-linux-user-lseek-explicitly-cast-no.patch -> 0032-linux-user-lseek-explicitly-cast-no.patch 0034-virtfs-proxy-helper-Provide-__u64-f.patch -> 0033-virtfs-proxy-helper-Provide-__u64-f.patch 0035-configure-Enable-PIE-for-ppc-and-pp.patch -> 0034-configure-Enable-PIE-for-ppc-and-pp.patch 0036-qtest-Increase-socket-timeout.patch -> 0035-qtest-Increase-socket-timeout.patch 0037-AIO-Reduce-number-of-threads-for-32.patch -> 0036-AIO-Reduce-number-of-threads-for-32.patch 0038-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch -> 0037-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch - Re-enable glusterfs on Factory (updated from v3.6.1 to v3.6.2) - Re-enable seccomp for armv7l (libseccomp submission pending)- Suppress seccomp for Factory armv7l (broken in libseccomp v2.2.0) - Disable glusterfs explicitly on Factory, SLE12 and before 13.1- Enable glusterfs and package as qemu-block-gluster glusterfs post-v3.5.3 and v3.6.1/v3.6.2 have switched the glusterfs-api.pc version incompatibly, so only 13.1+13.2 for now - Use macro for module Conflicts- Tidy configure options: * Move --enable-modules to build options * Sort libusb alphabetically * Explicitly enable attr, bluez, fdt, lzo, tpm, vhdx, vhost-net, vnc, xen-pci-passthrough * Enable bzip2 * Enable libssh2 where possible and package as qemu-block-ssh * Enable numa where a compatible numactl is available * Enable quorum where a compatible gnutls is available * Enable snappy where possible * Prepare to enable glusterfs * Explicitly enable the nop tracing backend (to be revisited) * Explicitly disable Archipelago, as we don't have libxseg and it's incompatibly GPL-3.0+ * Explicitly disable libiscsi, libnfs, netmap and rbd as we don't have packages * Drop deprecated --enable-virtio-blk-data-plane (now default)- Fix 64-bit TCG stores on 32-bit Big Endian hosts (ppc) 0038-tcg-tcg-op.c-Fix-ld-st-of-64-bit-va.patch * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3- Update to v2.3.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (upstreamed): 0038-fw_cfg-test-Fix-test-path-to-includ.patch 0039-rcu-tests-fix-compilation-on-32-bit.patch- make check was failing due to a bogus SMBIOS signature being encountered within SeaBIOS. Avoid having that signature stored randomly within the SeaBIOS image. * seabios_avoid_smbios_signature_string.patch- Build x86 firmware only from 13.1 on (11.4 was broken, surpassing 128 KB) - Update to v2.3.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.3 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches dropped (upstreamed): 0038-linux-user-Fix-emulation-of-splice-.patch 0039-ide-fix-cmd_write_pio-when-nsectors.patch 0040-ide-fix-cmd_read_pio-when-nsectors-.patch 0041-ahci-Fix-sglist-offset-manipulation.patch 0042-ahci-test-improve-rw-buffer-pattern.patch 0045-linux-user-fix-broken-cpu_copy.patch * Patches renamed: 0043-fw_cfg-test-Fix-test-path-to-includ.patch -> 0038-fw_cfg-test-Fix-test-path-to-includ.patch 0044-rcu-tests-fix-compilation-on-32-bit.patch -> 0039-rcu-tests-fix-compilation-on-32-bit.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Patches added: 0045-linux-user-fix-broken-cpu_copy.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * Make test path for fw_cfg-test unique (including architecture) 0043-fw_cfg-test-Fix-test-path-to-includ.patch * Fix rcu tests build on ppc (undefined reference to `__sync_fetch_and_add_8') 0044-rcu-tests-fix-compilation-on-32-bit.patch - Fix typo in SeaBIOS size check seabios_checkrom_typo.patch- Update to v2.3.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.3 * Updated update_git.sh accordingly * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.3 * seabios_128kb.patch: Added patch to squeeze SeaBIOS into 128 KB with our gcc 4.8.3 (brogers@suse.com) - Renamed 0030-Legacy-Patch-kvm-qemu-preXX-report-.patch to 0030-net-Warn-about-default-MAC-address.patch: Suppress warning for accel=qtest, to sanitize make check results. - Added patches to fix ahci-test: 0039-ide-fix-cmd_write_pio-when-nsectors.patch 0040-ide-fix-cmd_read_pio-when-nsectors-.patch 0041-ahci-Fix-sglist-offset-manipulation.patch 0042-ahci-test-improve-rw-buffer-pattern.patch- Update company name in spec file templates - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches added: 0038-linux-user-Fix-emulation-of-splice-.patch- Add user kvm when installing guest-agent. - Use macro to update udev_rules when available- Fix packaging of e500 U-Boot - Don't rely on wildcard with explicit excludes- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches added: 0037-AIO-Reduce-number-of-threads-for-32.patch- Update to v2.2.0: See http://wiki.qemu-project.org/ChangeLog/2.2 * Updated DictZip and Tar block backends accordingly - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.2 * Patches dropped: 0015-target-arm-linux-user-no-tb_flush-o.patch (tb_flush() not called) 0037-tests-Don-t-run-qom-test-twice.patch (superseded) 0039-linux-user-Cast-validity-checks-on-.patch (helper function introduced) 0040-linux-user-Convert-blkpg-to-use-a-s.patch (upstreamed) * Patched renumbered: 0016-linux-user-Ignore-broken-loop-ioctl.patch -> 0015-linux-user-Ignore-broken-loop-ioctl.patch 0017-linux-user-lock-tcg.patch -> 0016-linux-user-lock-tcg.patch 0018-linux-user-Run-multi-threaded-code-.patch -> 0017-linux-user-Run-multi-threaded-code-.patch 0019-linux-user-lock-tb-flushing-too.patch -> 0018-linux-user-lock-tb-flushing-too.patch 0020-linux-user-Fake-proc-cpuinfo.patch -> 0019-linux-user-Fake-proc-cpuinfo.patch 0021-linux-user-implement-FS_IOC_GETFLAG.patch -> 0020-linux-user-implement-FS_IOC_GETFLAG.patch 0022-linux-user-implement-FS_IOC_SETFLAG.patch -> 0021-linux-user-implement-FS_IOC_SETFLAG.patch 0023-linux-user-XXX-disable-fiemap.patch -> 0022-linux-user-XXX-disable-fiemap.patch 0024-slirp-nooutgoing.patch -> 0023-slirp-nooutgoing.patch 0025-vnc-password-file-and-incoming-conn.patch -> 0024-vnc-password-file-and-incoming-conn.patch 0026-linux-user-add-more-blk-ioctls.patch -> 0025-linux-user-add-more-blk-ioctls.patch 0027-linux-user-use-target_ulong.patch -> 0026-linux-user-use-target_ulong.patch 0028-block-Add-support-for-DictZip-enabl.patch -> 0027-block-Add-support-for-DictZip-enabl.patch 0029-block-Add-tar-container-format.patch -> 0028-block-Add-tar-container-format.patch 0030-Legacy-Patch-kvm-qemu-preXX-dictzip.patch -> 0029-Legacy-Patch-kvm-qemu-preXX-dictzip.patch 0031-Legacy-Patch-kvm-qemu-preXX-report-.patch -> 0030-Legacy-Patch-kvm-qemu-preXX-report-.patch 0032-console-add-question-mark-escape-op.patch -> 0031-console-add-question-mark-escape-op.patch 0033-Make-char-muxer-more-robust-wrt-sma.patch -> 0032-Make-char-muxer-more-robust-wrt-sma.patch 0034-linux-user-lseek-explicitly-cast-no.patch -> 0033-linux-user-lseek-explicitly-cast-no.patch 0035-virtfs-proxy-helper-Provide-__u64-f.patch -> 0034-virtfs-proxy-helper-Provide-__u64-f.patch 0036-configure-Enable-PIE-for-ppc-and-pp.patch -> 0035-configure-Enable-PIE-for-ppc-and-pp.patch 0038-qtest-Increase-socket-timeout.patch -> 0036-qtest-Increase-socket-timeout.patch/bin/shqemu-audio-ossqemu-audio-sdlqemu-ui-sdlibs-arm-4 1665060068  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_5.2.0-150300.118.35.2.0-150300.118.35.2.05.2.05.2.0        !!"#$%&'()*+++,,----.//0000/1111111111111111111111111111111111////2qemufirmwaresupportconfigpluginsqemu80-kvm.rulesqemu.desktopqemuREADME.rstVERSIONindex.htmlinterop.buildinfo_staticajax-loader.gifalabaster.cssbasic.csscomment-bright.pngcomment-close.pngcomment.pngcustom.cssdoctools.jsdocumentation_options.jsdown-pressed.pngdown.pngfile.pngjquery-3.2.1.jsjquery.jslanguage_data.jsminus.pngplus.pngpygments.csssearchtools.jsunderscore-1.3.1.jsunderscore.jsup-pressed.pngup.pngwebsupport.jsbitmaps.htmldbus-vmstate.htmldbus.htmlgenindex.htmlindex.htmllive-block-operations.htmlobjects.invpr-helper.htmlqemu-ga-ref.htmlqemu-qmp-ref.htmlsearch.htmlsearchindex.jsvhost-user-gpu.htmlvhost-user.htmlvhost-vdpa.htmlspecs.buildinfo_staticajax-loader.gifalabaster.cssbasic.csscomment-bright.pngcomment-close.pngcomment.pngcustom.cssdoctools.jsdocumentation_options.jsdown-pressed.pngdown.pngfile.pngjquery-3.2.1.jsjquery.jslanguage_data.jsminus.pngplus.pngpygments.csssearchtools.jsunderscore-1.3.1.jsunderscore.jsup-pressed.pngup.pngwebsupport.jsacpi_hest_ghes.htmlacpi_hw_reduced_hotplug.htmlgenindex.htmlindex.htmlobjects.invppc-spapr-numa.htmlppc-spapr-xive.htmlppc-xive.htmlsearch.htmlsearchindex.jstpm.htmlsystem.buildinfo_staticajax-loader.gifalabaster.cssbasic.csscomment-bright.pngcomment-close.pngcomment.pngcustom.cssdoctools.jsdocumentation_options.jsdown-pressed.pngdown.pngfile.pngjquery-3.2.1.jsjquery.jslanguage_data.jsminus.pngplus.pngpygments.csssearchtools.jsunderscore-1.3.1.jsunderscore.jsup-pressed.pngup.pngwebsupport.jsarmaspeed.htmlcollie.htmlcpu-features.htmldigic.htmlgumstix.htmlintegratorcp.htmlmps2.htmlmusca.htmlmusicpal.htmlnseries.htmlnuvoton.htmlorangepi.htmlpalm.htmlraspi.htmlrealview.htmlsbsa.htmlstellaris.htmlsx1.htmlversatile.htmlvexpress.htmlvirt.htmlxlnx-versal-virt.htmlxscale.htmlbuild-platforms.htmlcpu-hotplug.htmldeprecated.htmlgdb.htmlgenindex.htmli386microvm.htmlpc.htmlimages.htmlindex.htmlinvocation.htmlivshmem.htmlkeys.htmllicense.htmllinuxboot.htmlmanaged-startup.htmlmonitor.htmlmux-chardev.htmlnet.htmlobjects.invpr-manager.htmlqemu-block-drivers.htmlqemu-cpu-models.htmlqemu-manpage.htmlquickstart.htmls390x3270.htmlbootdevices.htmlcss.htmlprotvirt.htmlvfio-ap.htmlvfio-ccw.htmlsearch.htmlsearchindex.jssecurity.htmltarget-arm.htmltarget-avr.htmltarget-i386.htmltarget-m68k.htmltarget-mips.htmltarget-ppc.htmltarget-rx.htmltarget-s390x.htmltarget-sparc.htmltarget-sparc64.htmltarget-xtensa.htmltargets.htmltls.htmlusb.htmlvirtio-net-failover.htmlvirtio-pmem.htmlvnc-security.htmltools.buildinfo_staticajax-loader.gifalabaster.cssbasic.csscomment-bright.pngcomment-close.pngcomment.pngcustom.cssdoctools.jsdocumentation_options.jsdown-pressed.pngdown.pngfile.pngjquery-3.2.1.jsjquery.jslanguage_data.jsminus.pngplus.pngpygments.csssearchtools.jsunderscore-1.3.1.jsunderscore.jsup-pressed.pngup.pngwebsupport.jsgenindex.htmlindex.htmlobjects.invqemu-img.htmlqemu-nbd.htmlqemu-pr-helper.htmlqemu-trace-stap.htmlsearch.htmlsearchindex.jsvirtfs-proxy-helper.htmlvirtiofsd.htmluser.buildinfo_staticajax-loader.gifalabaster.cssbasic.csscomment-bright.pngcomment-close.pngcomment.pngcustom.cssdoctools.jsdocumentation_options.jsdown-pressed.pngdown.pngfile.pngjquery-3.2.1.jsjquery.jslanguage_data.jsminus.pngplus.pngpygments.csssearchtools.jsunderscore-1.3.1.jsunderscore.jsup-pressed.pngup.pngwebsupport.jsgenindex.htmlindex.htmlmain.htmlobjects.invsearch.htmlsearchindex.jshicolor128x128appsqemu.png16x16appsqemu.png24x24appsqemu.png256x256appsqemu.png32x32appsqemu.bmpqemu.png48x48appsqemu.png512x512appsqemu.png64x64appsqemu.pngscalableappsqemu.svgqemuCOPYINGCOPYING.LIBLICENSEqemu.1.gzvirtiofsd.1.gzqemu-block-drivers.7.gzqemu-cpu-models.7.gzqemu-ga-ref.7.gzqemu-qmp-ref.7.gzqemufirmwareforsplits141516pkg-split.txtkeymapsarbepoczdadede-chen-gben-usesetfifofrfr-befr-cafr-chhrhuisitjaltlvmknlnoplptpt-brruslsvthtrqemu-ifupqemu-nsis.bmptrace-events-allvhost-user50-qemu-virtiofsd.json/etc//etc/qemu//usr/lib//usr/lib/supportconfig//usr/lib/supportconfig/plugins//usr/lib/udev/rules.d//usr/share/applications//usr/share/doc/packages//usr/share/doc/packages/qemu//usr/share/doc/packages/qemu/interop//usr/share/doc/packages/qemu/interop/_static//usr/share/doc/packages/qemu/specs//usr/share/doc/packages/qemu/specs/_static//usr/share/doc/packages/qemu/system//usr/share/doc/packages/qemu/system/_static//usr/share/doc/packages/qemu/system/arm//usr/share/doc/packages/qemu/system/i386//usr/share/doc/packages/qemu/system/s390x//usr/share/doc/packages/qemu/tools//usr/share/doc/packages/qemu/tools/_static//usr/share/doc/packages/qemu/user//usr/share/doc/packages/qemu/user/_static//usr/share/icons//usr/share/icons/hicolor//usr/share/icons/hicolor/128x128//usr/share/icons/hicolor/128x128/apps//usr/share/icons/hicolor/16x16//usr/share/icons/hicolor/16x16/apps//usr/share/icons/hicolor/24x24//usr/share/icons/hicolor/24x24/apps//usr/share/icons/hicolor/256x256//usr/share/icons/hicolor/256x256/apps//usr/share/icons/hicolor/32x32//usr/share/icons/hicolor/32x32/apps//usr/share/icons/hicolor/48x48//usr/share/icons/hicolor/48x48/apps//usr/share/icons/hicolor/512x512//usr/share/icons/hicolor/512x512/apps//usr/share/icons/hicolor/64x64//usr/share/icons/hicolor/64x64/apps//usr/share/icons/hicolor/scalable//usr/share/icons/hicolor/scalable/apps//usr/share/licenses//usr/share/licenses/qemu//usr/share/man/man1//usr/share/man/man7//usr/share//usr/share/qemu//usr/share/qemu/forsplits//usr/share/qemu/keymaps//usr/share/qemu/vhost-user/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:26277/SUSE_SLE-15-SP3_Update/9ac0d4fd8f92b6b1cbbbeb798941f57b-qemu.SUSE_SLE-15-SP3_Updatedrpmxz5aarch64-suse-linux                 directoryBourne-Again shell script, ASCII text executableASCII textHTML document, ASCII textGIF image data, version 89a, 16 x 16PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedPNG image data, 16 x 16, 8-bit gray+alpha, non-interlacedASCII text, with very long linesPNG image data, 11 x 11, 8-bit grayscale, non-interlacedHTML document, UTF-8 Unicode text, with very long linesHTML document, UTF-8 Unicode textASCII text, with very long lines, with no line terminatorsHTML document, ASCII text, with very long linesPNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedPNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedSVG Scalable Vector Graphics imagetroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)POSIX shell script, ASCII text executableRR4?f`>zV.systemdkvm_statqemu-block-curlqemu-hw-display-qxlqemu-hw-display-virtio-gpuqemu-hw-display-virtio-gpu-pciqemu-hw-display-virtio-vgaqemu-hw-usb-redirectqemu-hw-usb-smartcardqemu-ksmqemu-toolsqemu-ui-cursesqemu-ui-gtkqemu-ui-spice-app5.2.0qemu-block-dmgqemu-block-glusterqemu-block-iscsiqemu-block-nfsqemu-block-rbdqemu-block-sshqemu-chardev-baumqemu-extraqemu-langqemu-microvmqemu-ppcqemu-s390xqemu-skibootqemu-vhost-user-gpuqemu-x86systemdutf-8da617216a4c9df00ae64480fdd45b2951255352e8525df06c8dfb960bf98f0dd?@7zXZ !t/7]"k%juݬRFǰӄf0b!mkpp;^0SwgNwQj18b+N$y!m"\6Qt+!z姰jw8KC7 8& v$OZKŻ̗~XWmE\-=(MAPFEM4WC\!k7p2yf];yxJFܥ-q/񰷯o Dv UUh-A Hq{3ߑ Npfhd-|isfa,ti5nhJKGGȷ~ g%&ː)zw "3z'4,p 7y v5|%X-\:j8k)w#i/B:rZIU=bx@1Ƀ$pq`vQ틾=k/'Nj_=N72fӪgз2o/ʌ,13y,kYivrg 2=CsbT ̈́ fp8ӳ Ty-KYA X~fDon2-L?s̒B f)1mL/ژFG/涕1%_B ]m%#gAR0H@.D/;̓>MxM 3V2oB骪붼C˅i2z;Ff_dlK7HN7+8\Py`$*Rk*.ir".55oj/rR_c  mFtK{aS՟ JY~N WiNG'b2E?vJR~,N|Ӏ9}HYϰ1:A3Tl1(},+)\}'+h-tt <4 7g'}hG[L3]8:/P^.ոW'H0pqW$zT' /%%u }O8HxvRRi `QB{[1}?HCМn6ڿˆgJ<]`X󧂟y:l#E&#~y3;:6t+.pLı܉:*dE̐nGTL bo'_l]1?*1^46~X+:K7tW [hH,os"[27(OFW*0 X/=Kis=B;&O:C!0r7EE)U_A]#߻73%0!@`e45Wy}vRW"xQd`v n2-7^ $%2jҊw4.6z LÇ<?&s2Tl" ;O![V$@ Gm U~F5ʰ[io9[/2ep{ ҵ!]Ɲ&/|.\41)5f ,45Y?GJ|m(.4W)$?k#G3_`qlxVQ=X] I ց蛽_#L-dざ*00?~4C4Z v&5@[GCY{\ ZgE=;b݌s"L^FRPN] ByAeO#Ge'zo9 Γ{!KHd]矢qPΔ)Ǒ0r ˂Oz:Dxqa;ǘ .mݔH/D)$}QFnͿ\\I(:f'GM"Y'b4[3s@0zgÿ\s!u-N쮐6 )6+k$nxzRP!9aT6Ÿ(MQyk~FӚ}x#JR|$ה]l`.U/=݇2Ntez7'ؐȾ veW\稏]S^W;Ӭg.び}) !Ωʁ`/FVsR~aj}O@7\(S$bW> [QXfzVǮ²ibȓ[^LTth53s)7 H5-N`| ,zQ:a4w6ֺ .n!6@­4i`D`R)n?K1mb>FJGδ|:W,hl[)] ePBHA-J-`pe cI.ޟZ50F_Uz8mҌ ' >&*`ϱc}*G\AW©1F>_zdod,ACL/Xob&@*½if:p;< "R\Pk޵P 5"K_ 2$RG $[!L[Բ^?&du9Bt +1eVzZHIi4p Ps;B ,_Ir tpOm`fm @ lh.xB jֻ-W%n%~}X1.]źL^؋!(." smk)1c0;LOvU3W)&GhhqKY7I=bPzxAbf;02kcZwG-KRb`9AÝ5DUkB'"t+[FkϠ\vP;dDiލ3 x`&-"*U$ƣwoLT?C; Nvi@K7d@Em\6Mbگ5rߴq%-(f83J?PXJVz:.} O.,tȟWq)*?$ʻrP^mdZV A*T,+M`I f""9US=mfN_ީl ֮{i؀:ꤡWO, 9W 7 V s?&DwH= !aZh`*TU[6tҴQ A+ۏR+]uBV]Jx]Oe0^a8 79& >ē+r]}o/ڒW9|>I]37i5LQ8#O>ʣ (;`wW ,O=[\rqmyg~Ca$׳Jt:ل2WpqJ]ڂȀb_v3OMdC>, P j4AQiCçR\e#<:@yZǂǗH<I86c*ʉ{!J8yAR]n^^jVī]h^ :eZƏ*6AExj{KUM(@\{=Ē.^uoΞ}/( SlSͿ#P&_[[fdg'ٍvFJP/LW__uzEcvd#cJuE:X:^ȾHq"~G%csǿKivׇbpa s:uDѣ34VixUÐ@Obp|PAdU]xe[6,@&M|ޥdq[~2{[|j]z˭]IyL δNGSdGi~OMӠrF$1O1{4U|+#@(]Y:IBG9E 2IDŽ]\rQLµG[3@V j|}S/ٯ%ĝ̍!s򫃏{{cUKvzBID;Wb=̹q(<݇φJqD -VNJGY>fܓ*;Q1;ϸiFGGuiAď owb)u{8ouρ$`ɽOR^V>sIs_iNJ\^V2̶s,g435IiE~?H q6jGEl>J&C^v1g8)xe2q'D[&׍FlA-ש{f;2Z#^ӛCOCjA7_C ux\uPPZ!<5qlz{nEh~ݍ^  նò2+B-bp6 T7(J:as/U$[' 05MIS='EpJ av6լ%w`MC;b pwfm!HF%Z|!?Z"wq"ޚOIC{>wSecB9SVJuܓr_0GxÚ e[rA<dӸG@SvA-ɅI6ݳOtVG8+3L8U:ZkiF6gF+p,Fn79n: L ^%k9pV\A8X7e\!7-R[Ja(8!0TΎ7tR~2K *VNys<۔%- cV3N\`gWaGQ4pNM/TIpSIF)_5}ÉAiT5" S_U+MXdPfuTkn,? 6| x +:[FQ wÀPL^#~Y"B3(RWF, $Aۦp^P^/a0FǝL\j\ER`}IXY iJ7Y#_ p(G<:KĮשD5eq 7"FA#P=:k&AjpP-:耞Gq$D0^,~bS1 rhMyډA ^_(|[[ifRfDժĖ 8\(00 =j3S1{HɚXOaCը@$,~,qip XwIq83|aks'V;hߍGD4"m/4"HVIS* _VlЎ!v~ڋ_?EDV>UhC />90n`l` L[ =VŤR a5sfY 1\0֘%2ɦ |_S6#.qk)C'2'pGŠ@"G]]Wv='9ͮ}DW܊f0<'6!&!~0)VCFh 09e3Fn`dfUJ{6FDm׆ T5{lQ!Z3z^D^?jH -G'_.=~%&f__aq /ᛙZbgEUҢNk=e)>S:v6##݃l}t_zGf?GV*Idw'&vVh;XB5W(X/tSCe D}~Rx4ET.禽pa˗ m>.9 BzHhoYeQ5<`AeW4E)blP38(![Y\S(H];UŤgٖ鏹hU ! -zQL̷dmUF2y(P^n(!J A,d=L5CJ#1HC`t*,#0扛XA;^ꗹe=9oQ+훱kr;[EU ACW Ï2:nhF̿eorٌ;F+pYWR@\ C8A01HT7g4YQW: uB~ZZƚ[R@' I<g*ZL $'=Yml~nW8xm |11 @a[%y6qR'}jI] \^6 H xH,*C{"=;3@ bg遑Fd. uN\ޕ} MipB3]!!CRr5{ew( `8֣=E?g& &rJǨP~!± :(ݰcmLQ Ǡ2ޞDQ{`Gx<]]fᛪ@QQ6,h=_U˛\4U؁{.[u0FǼIzJK21n%G vj0X-҉YT$;z0z4dzxu,슝uD EΘ@8l$YS<(D@cü}%(7CuIԦ6c|8o~1BF=YcH? 5w|ҥ4^$ċQҿp YsUhQ^9x)ubOzN^yڳ%,)af6EY SD7QSQ*}` "IG_*WΎ[n5W_XsZEMך pϻtB`LܜX ܋Np`",!qISXZ!Ju2}(C^cӡpyD2:>Dgݐݻfeq%mx`!¡74u?|XBcGL%,(ZO!{\5i CTMv#j–E9{OqVAN"Z\%B{e~!#EРtzʁ]j `R b mr4.f4ױ: ,{i]~Wo.A'VEzY+sڞTi=v譡k%4iI Zźpyt4v ,OuCۢTI RC#/ ОW2)XYKn:ńVn@>pA), ўt{պ% hS`/d68= 43K `q]M ,$n;rp5s92RȠ,TF9SDʹT?#Q/H =e1Ϯg[ p@;CI~i?801%U곒!s -3{YmBw X"d [[PUmTD;/W o'WK0ۢh@+n2~\:&`ovᲧv.%YX$v6d»iXgJ] ^&B i.ixgƜr$lCES_~3V]ë'{ө렖Q-dt/82+%R$?(i_,zM\zҶXo^([.ؑO7ܱOxVtʃBV~4$[;#;C*4x]T_؉Od" )%}]K;aXs;m+*Nf!P_k}qmTo,LђbG9gGK0O#?[>(tr&ڀ*ȼ$'Fq` 7n\nk"%CLe/y{x.:Slg$K )̪`[Zk{;ʒbKrF\ ~KkZi}O.vNjSL" u& 1jrOvSM2i1yŎƛ`d˾(B*-0aXnT[Zn|G).\S3kꩢƶŞ:6;a4$\:,-GɖP!fްv:DCJnNI2>KYeLMlVZ  5α~B1*8CQRdN!\?:Y~A eOU5}Pzw+aiDQ `2ɟh7sSO{7hvE`>rس)SU/zIDcaMF8~с),Cwgoz>M$KFMHq8hQ|5 #q$Ik<:K뺘{ xm;2\ ћ:p ; HG\g*Lm.52SJ]p z-QQWeca5>$z:~yuP)bI,h;U-i NuXO lƐwZIs]@0jA"YGPl <ob` t7oZ!~4DM /d H:zQ #$Z c| =doT|G#Ve,FSlF5kV/9uCaqˆ,(T{Glt- qҼT@j̸v]bP2^^6r2߰SX$4 7Wuҳ~Diqs7rԺvc ,ۢQ?ͭf,+ɝPXV_sgv[Q䖴t#ӥ d=uKuq`Ş_GKܜon9*$ɞM|&+EΧi"Sd#Q]eZW^x7XwW'*es v(+4,r[%Ι=H95(}EM١iC7Hk)~VM3 tݒCG=-ĊES53gwϸ)iE6Y2a0/(աjwr;_3-Gtؕ +UǠRTY!f0>l(!M`)Mi ?)_ڿNF4@WNo#,b"T4urs5\%\BdYWƉeca6ʦ\ aq}=9k_p#%4Q\/ :g_px?DD;OTu@,^3@o5W4PwkTCGEEraD }vҔbڞd4v(b b ̫zPwQu(|x<.T^01ڨ|kA|#p^oci=c86U42K){gH5 Pg]䇮xP_C8e۸v(Q;<ƕ*2BX&X &G(YƳjvF$7u_aIakhxQ: sC.|C:e! &W&?g)5fA0F FdrHִ<iv1dk6;L{A:wÈ|LY3T1YPaz$jV3;c:gQ+_B@4ۨY @ǩ5I]$<b Xo◻9*nÓ S~_{?W@9!xq*^B[ȅPj`sNLԵ(L`nLc ~:~g UGb4 [)i"r%Gǹ+UQQ6;+ tc=vxHf6@\ @uw5v~ԏQroo7Na@㮤pJBE,xvDμ?66 1 0O"=j4OT9ɜy H}mԿJ ~M[ёU>״y .u܊mAnq*B㉃xڜ>9 Gz~8!5Wm2Mؘ$oF. -^kS,VU)2;q13ҭs8R!p*|[VJ/ 1:vmR D |ݯzE"U2|VXsy>:6BsM.4w[eE;řw7XYȓĩl܍B_qT/pLyv3xjGQzyMPAK&6l.#O.'#v}h 17ȃV@efVh) kXYO ;R85z7#GћZYebun>!;n˘9Xjv*|C{o߷5[GQ9^Ls„$QA|VXZ=שO[mɈUֶì=E*CqqY% m6jPŘ>zF`H%)iXSޓIܛ(zs塖kaȯP\ }3k@K+Y 5Z&_=.S˩MEq{ؔiY$~ V{U)CF,JDTҨJyW6cH_NV)sx* +X!ӳlWL?Mp'vIMbl )%+ݼZmŧfD]H?F]ۏqQ76!:م >OMB&h+_binޜRPŸ|Qk>o}V!V;.DKνTͩ/h[H.y}α)m|n M(5߬ua@o {3CB͘F=Kqg.wi=Bc̹a}nL_'僨ed*t) ܈S(6&;SrAzqgeeWiV?&!S&FiC`)H7(1,bsU<Yb'KwG`g'@) ~1V3b׾Դz9ܙRS88PWt%bWBgv[CK CyV`[n ^Tw=AH7~ht5$9O.*8%ꭲr-Q2FWC!Yr 6 kNOAP% طT,6T4/ 8EZ:r7zvaW=idZ"fْuA*PDSIX??M/}DNL]a핑:kV< AOGAM&ȭD!״M3g Od&$9cTADU%U鋿)MP x, k7` 61N3y<M xN¥uiWxE_T;~-kĘi[#&;x#CV8r V7,o0H7ua?58e؝.9'(eh `7FssWGf'x]oW1QGWAz|)odv@uMX6+|~ &çRӕ=$k $@BN󗔴D5/#.x:}8>?:~r.bXkr 3Xl"|6*t(̈́:Zsp iF'Aw,#et.E)`!; J1c RW*l% h)}9Xo@zBis o}ZîD}7N;Bwg8zw#;Uڳ&1K2N2b ]m6eP̉y!CBf?$^=wK%R$؋s64B|BZΑ9i @r0^[ uZuϝ:Ddbj:;c3JF fEEsS&h;h4SRG3s˽T7i0[ w >2^/GU_y4>]Is-Ntj,sy0 DVvt2$U d yIU1ܝ= {PXUs팭B$Wk2ZCg=zgfDB젽vHl:܅\|8駼31qgҞkfQ2Yd#.84ˇ P=蟚B09Ĝڿlffe^M;>>-v7)Ya6s(H!+в1d\Vp@VFmq "aV~_%f84w([pAi0_>LK-Rɻx&mJj?o}/+ۉfbA=1%j#ZR< `(+NUV4bHHb#nNB^V)MuO&z՜]/y^p5: Z^H}(rI["3_W'͊6u 5q9(f nRMMAldOSj-X1mЙRA:̻~ >\~ PL>zsO1hqmWkU0JeqC2c C}}OJv t(g%Uk5w\3ICUNkiڀ$f\cs"ゆ"CCL7F:rZ&]$T1fT( 8}m$D.ܣ >& n%FPIP9!YPGKnsHNj7U):WbWvƯDc8|:ZǶMn$7JOކZ vAÏ@ٶZc%]_ƝQxR=9 |^|(\=VK=wl%! t12}d^jç7/JMz%A<~0vp?P IwX KtDĉߋ8]b@Ptk7jٵ;)Sv6H 6j[&^Q^;U¬L(?Qg*-[{ɗG[v9tkxL1r. ɒ ڃL㷗m#F R ce\N!(3ڴ9a>2Ws3*%W(Ȓ$1]Ȇ/QWXyױ+]t{FE]I"+΅A8bf-R2 T0.۷Z ɤ0 ]_YN<ÝաyvW{MԧDL7`^t rI}*GaILvو|@6oi|DE[玵>wgWI`Nˤ0=! =.1ͦ˟7atS"J|O<,cWVH=0fyËF}Kb_Yg~%eՇ;qNEz\ý:pz 6HC$ z>i>K݄wqbu\"aF.f 8 \7ڭ6SymxIfEϔ)X bс=8|vwMBP6UG*-^Z #푑PYO_ e7ABJD&ij@7 `"`o3x#,ϥEWQuq_z?$"ΌjT Mʲs/{3 c^KM@՝^o}>KW;e\@%>e#m  y>͎4\T|^Z/) Ϲ1Vq)ei,۱>0#pmD}*NS=P6Q׿8Ņ>tKER$!*;olr,矠0ty j#y7w5jȶ jG1x1h Yu8Rȍat_z30X|grVchᗯٞ쯫YTɶ=U#yZ@ ;wkt>1!/ӮJF39/1.t6V]_,%^õ=qu&3Y瘀ǙD@ni"=D`Mox}k52fآvEG/9(倉ŨYU A#Ue;܄gz<@$"89ZL&4+=T4/"|1EwPU&b,ȧQ@ap}OSfr*\`+} mWSQq+2-$u Q[ [`e?m [s-.ֽd \ sf?:ahk.-8+ rՁ-ȹωh|PV]HN*nq=2V(RO-Ԉj]m W,',9PP;J7#" 1SQs_\EiTI~(d{I=q[*z߳n5j*В;.I$Kj9O+\"/Äг9CSycg'0LA4ih(: qWu0 VZشRGT׉S.?ƌgndlQ5ٟ]yKwW"4|:.ِ9= թpǵ\HG:m <%nH <If{HbkZOZ2M44}ngQo0&fNYiRl.8݁R [5 QB6榸x0 reP}voeGݩS/P(^w& Z  KzɄ:.j r+ #4MSuJ@\C[־wb* ^AU;W|qŃ?tP3r&g,1qgnJG޽Fsk7Sܐ7:U'{@06S"m~ JuGoLӵ! :ա[:>kv,wgƈIIGb&>T2!'H1uȐg8 3 `ULuu}GUbWn\F~A\xh$dQ@*٦4")kU%싳90eW ,~blDĕ|pJ&P|ƙARH .Zo \>z{)L$^~jxt0Xz 򽣽-АX~i.>P8j~¼ya6e{T{(M94T qc{\F .GƤqN ^ {kn G+z<,1r]6T`m-N*P R`Dד Q?.?n:b x*\`ѪHlMUQ*<9}e=yz*,aBL7F/@ǚ-oj(&#m^ %"Y&}~庌DqgyI9ѴAwK@uckdžƱOB@r)ƣ gܳq1135!1Y MYDMv4oTܛr+4IA69)O}r*]E jF2]CV F]DT{ 3 CXHɦ@s:Z-}^E>O#e=S eeB>a2L >'U:v[fk_xw/ZA[+ZP%tzl9zS*kb8s1Hr&I@ ԩpLؿ!*m1gsĬ eW|zl :#+jH9S!v&!?B g9SUlZf2MetP+ 2gIg#/oL2qZ#P8rb- -8jL!2=@ nc1 z"8B@R@q.W()|r]ZRX`UȖn>|E:=&xWR_M|]BXG\ S^ y&7Rh첃(_Ԃ`nTӤ8w4"wF]D]KzY*.X5}~sHTE:hbT`4hZKyE7R"9nG AݲKn;=rwGkӘ]J-()=W'.BtT@(PٸOz~x1[ sb^qzHz}wGly\2#2d(On32$|.$+jiyOpKAP?y7&+Sb?neC@ -LJE|M$  ܟwxEθO,$M$oVTzi`rIow,bTlZ'|zrzթP1\?`_$$يM`Ե3r8 յN d/ 3 XO"Py0i9p(&37 3[5?F6}JK9qzR7mvnI|]AmLB%uyȎw{e1*ƨ8䳦YnzDr+/@g u#O}.֐8-e{~Zd :c?k9tټ4 BbI^]MDkأ0?+ QS)f1)|U7'vdJ9h/!3?S-~Cblyڎ`|;[,.օ' aH,aĮK[%RQnp3Yű)ڽj`.@a:86U^HQ՜:RМ/8~{+0Uk Ois9 k2ߙ'IM+o4L'1+1`X$FF%:)WYG)-l ,ML}E#Vy6sq>x5ْ+e ofDZ<2 ]JBu84Vݙ +K9LOT|क6ɹ,HȓWF~Lj+Bd`[Fm<$ţ{f2@d9}&H{M$vj.0ÛX%jb{ ᣷7(~)ෘ>\/YuHP|5I~hFY69 k>/g=2Qq*N L?g,;A5  Z:Wߤ<'jі䄰Tk{c8=?@#ƑglQ *x{|ܰ?G(p\-Hp7$鿹eA @QȾ~'Ib ߃Tp(1t4(X[#|@?${[-1hjޓ7̱Jʡs"6 IrMI9O@|z.P|{|*nvE4M[, pyVU0K )pG;փrnd/uZEH: ۃ@]( ԬsWP:k4& ^ԇ H)O$@C,Ke$< è+/cߪts~FOObzi9dG-t@!rkƵFH^a%7ۆd!Pr."d(̭&^.GfzIFe%}[ylw@h! „vs1zŝS:ulVfxןbS`#jC4򫮼d61Ƴ%TGm;.rMIGw|5B ՏIjJF 6ov%P[(¹Q(9RzPO^j2qvdh(~qLځFrq ^{}r,2a>fhBasGu6Y@f}|Z|.}|L3" pٶea]_:J3yWd4kt7XJ\e,Hyf'GW=$\d"G+gUU.RZAEU`>x7,OZj/T5"d2W>knUF;l;`?N<IR|&ut. ]i3y%rkobYU¾g^E ߈%PZؠQ z. -FA }Nkչlrœ cS ?2'0qрN :n;Eż]4{3lWMg~fkC+ڙ2< ,jB*(HJH4ذN"#R =59҄.2!\ (Dʇ6,`"d<>6-XIU[f׾c҇~$ ܯy c|x{6q|LD ݊Q7&s[)s{./fn+D9 ;7]N60eNw-.6+FI*>;#(JknIE gM-0,x!em [ze@H5&K5ܗ$->fN47WK>nQ?cJ<cv䤹R0aI;j t#y>0Mc:o;!P EF\ / ɲ.v3Կ&cc Ud Yꥤ@&Hr0Ed/uVmS"VJ6Ι,l^)G 8z wU=LlHڷ{+̰~h|* eݖIKi8ңZDc"me vEmj%A7psލNO?rى1=Y_GLmACD# \gF۲}ďJo1,[4a;_5ҵ JԼLcE5ǩ6Ը>U<&~Lf!.M0%PVB[ m2-Vy 퀾4 5 ( BEW^KWE_~hs[wz`j\ <7왊?2"p Ir5IGkqי=NK4:xZ?ElrÓsKh5BNUt K)&. hp/Sd. X>Nu[u@oX.&{+ݩ SoYu^vOFJhn qҌSc3#7_{vT賂)x R&]lme"L?-Z"Sv e @ ъfZж*eLJ5@ Xb+?VʻNsA~w9H5K#y4 W5.%XHWnZX-'%-eՋ$6|#wembn'qrq d1D̛OUL%iҸsWQ4w {nV9 ؗ?qg&r~^Pu@yJ1]f5 ySQ FFCz݀I(2C:31wnt}9D09u3ļfl ,(a|s<4v=towը8Jy4`2E҄žo'̷n*LR*L62:2[щY{6gIvb?~Bǜ(*]un;N)Hғ@n%Rgg$mU|K2B(MK0$*{`o'O0#[ 0\4" ?rYPѪEC3 ƳYϑYۋwHÓad#_xw.bEϘu+ECG,R7|Aqe U.:Y}zւ^Eˠ]81h4Iw=9INѬo,cX)gg4/"b=,jRV]n}۠.d3oːԨ,2qj: zE= )CmA eH%+c iL|Uj$}Gi|/Q#x<7״r.p 1t0Pw3?̧$yo<5_?0FQmQTRܠHyDtyJD_T[LUCVg7P6vG*FRX3B@"jm14,^*LEPG˝gZIP*Hgː*X,RÍ#ڵ$C^@̖47tkAƜ)jL hg atTsZ0d_5bt @ yk44Ń0PGURx,;_f 5-su D'^egiv`Ρ #&:;l4EطSespiF% iP&J3~aXgA8: LդSV̂舘V=hD J_&[Z tQNȏ_!ϝB_G7qAoPSi{i&8j6N0TQPUy:I\x#ж>ե!q ^$94T~|}0ጴ\ڍ]|JqV Z!AmU9Yڛeg#ټ!M(@ygR> ElDkk.5Qb^ g88˗k%Jz;[pziF e0rg6 6VKGMo@/Z5u)X0Ο ALO-> / g%x@c߼ SsNOcbfCoHJ7!H{؝2Zւu̐۴+s11)S\rbA7 ꆲ/@o.ũM7Jωc4FhݯauBv;9X{NaQ-⽚XK?s-NrF;pX35BfPJ\k-{v|ͶT|xɁ7zmaj f$Dç%6ةh 7M>%iI.YIټ>ioSpE!3"P!?|}jKԖ&s \aOfv8OėPKT\Yc7MV'p1.Cu7s %ד"C`R  ŗ?Q!yϔ~!"4ԏ6 =x7'<٩J}*1Z3]`pE@@U d~s.: pڴ-1oFlF;CAf!+ۡ2+plІN 4 -$}䚄Z%ƥS=q~*ibxPA6Σ[_M)|>Lr׷v{/S2D|+̃C0!X EiNgfp(jaߣZxlrV;hkf5074q:DYUtuA*,o^}LhLvR= l!kbo&r|)ܪL-z䟭x. Fk5BIz8l\ǒ mjzk%Yg1/΋ԷQ}A"(,|:(y)?fsa<OڂE d&8pnpüE E"h^J JU^,7I\w uqY36*?'xgݝi\GUx>P]Sw@Yޙݶ0D +:GGֹt(Dr$9~YQt{=""AkeV؊;IJ alhYH}@[jwXٲTJnyH%c'ͳxKGAxp'"KOAC44o\V. ~I= 7"$eG 6x;lQ=$UI+43^{O u3Ke4zKSZaٱI^ՠcʧȐKAJ} g/8P)|ت$I@2%Fd@>EPk+1#6[@EZ]+lkEtQK>Gib'EEM6Y9MNz*ly _y0po LKJWaC&O=cL5EbZmIlCmF0Yu#d+c)x%UAd)*UH^HcYF}U=`gHıtb@eĆ2@ɆyvUsO+0iɲ`lT&뙲1ȄԾ[;l*J|:aKO72ZdB~1|y谮 Ѝ;7NF<~\RYC 8#6S`z{CE9H$ +T -h O0 M }/Ym6Vo' t>cg1f"} /,|[di<\x;]]x~q)XDTĹujsw]x &l3@1+p1ʋ9BYyw!HB(VchX%=~BZ1KP Jҝz73'3>xX:@EyyqHV%j) @J!(0q<-ʴV#$sX4"K]$rWp_ˇVqu,d<\HKX^Ny_gINZrY83c>#/Z SȆFj,i)Ntv|j6։.'xÚp\/}YHe{ 0G8owDdHʧťp4AIRs9y,5ޕsVφh*{aEpKQ[R |Q$lemKUL`ƀ,T8_%![NN Q]oSPZ?ꛦp fqJ{kѫDË`#\F FA:JQf}jw] j{ D~mHgqsե vrnϯ.X(#@hW%ց?ϵ(-S5"hr0xIQƕybTWNLGUPv%:L26ʎi-w`1 J,.ߜ<\?6O4LB9yн䘑^41ʝ>݊b=G7XɐX~0x:j FH nG,/CٺE G48IpX@4. \LwTgÈ 4Ň,4ˀ?&THx/a#򡕦#";5PRQ{CgrX. njP-1/Yu**a:0cƝcՐpQ'6£Z(IUuM\ָc:z q*|<[؞֥҉أ ~W€9AuY}= 7UhehXWf/P WBbyLc[ B\YN/p[5]&˼xhDܸ>~O|1)tӥ#vTs_yyc pS2I܊|V|P ]L#Ml> .Hxs_ #dY56Eru_z6ź)z hyܝSj aXMWps44sZï=p7o>-ғ9TF&7'TyÌоb햟o9>^ґѩR9v`7WV"_ċ}_+l ?6=+:6Cx7O'kc{ K6NLMI@A7]췗Eo@lLGF55{#KYo20TSY:$g $3@Je7NL,/L;DŽ=s-{չh'nu#z@i6Lu Bn_=p&F6;)tVdQgϻ,|{4\iU떂+\W8IƦ 8na*,O١W(Q4^ƒLugMS뗱,Fй26`x@Ik転Cub 3KTzUI8$3E_r5'HwhG=1=:m/L!R<'Hxj?a oPyB rbt)?tP+V@)pਃE]{E)??1,\-h|YEisbZI!Tl_h"N9.  ^.^goIq*",CjQ!@>cb^.34(: Dʾ} thi -!*[<~ p@nJ+cP֮i#!"vI`MM^F8;ѽ“$=a?8,&~t wg*)R4'!7#yN:(%3M߉D?c2AQ@L B}Xx+Оm|6K'9 imN[<[ rxlL,s祒|DޗdkdmhJ~ '6 Tdj#o┑X8w*2bnL1'HA [n2i܂%q5Q8ce=@ԺNk+fA:5ە"4UR |pr9=]G#]S€s-ޠ |c9`Ol\ѠY*mͨW|0T YȈXSg[G Ěx$GBWfHMi=mzBfe'u'ļ)\! ΐzKi;i1ЅCW %)=HanB&6xf{yMExO yaeg}m]>xR;WM06vVkd2q``J8oH cȃ@;S]_3AJLz=[&)60ʒAD ccJL?GD07^oZ၎|Fx#XVQ? E}[򔲈9S'b+VCUzDT5 CEiyH;:f3fA!3[_=syĚ=9$a*vye0~VJ˺< SE#2j;L_~1K  _ Έ.^d#D@.-ZhT@#M*,S r/>g̓[9ͦlm&Tj]μ[YE<⑵VB *ʹx2=5ʃ+P QF=F ɷ?r45}0}y9> tq.(yhyiZ(ƌfD/lLI;,Ml 5-$ cIB@/(p9]^}Z?aLC[" *pfSr1p@!dؼUb 8-w2Փ| ͉t x|<סc,d;o6͜ _{+#Rh bD!{{ZH+-&k@SR$lゥ;>aKiPUR"2x̫K V&ERVDhBߘ4mX]tIAG92̓R!n+_wx,5 b~ۢ^:yA>"'1*YV*Ra0yϡغ$_c,}tTp *F?%7 )D=GVq"JA J-%>iSϣBne7l;]IC]XzW}k`&B Y;'ejjC͎w; w.Qḡ: NɺX8*/GrMņ@v{` [ܳi(z7YMib #%o(ۚ)u|Z Ozq((X*E>Z=A@bYKsqWZ+[lP:.4^n bo A=] <2 Zh⌻⯩u߄zM0.9VҝsP\.Ytmrf&&C>X Z. ˭c_dl>x';DVouYb΃tܙ̸;FD! \;^pOg@y|}8B==E[A./U;ˣw-U)4'щs%hM=QfWN 0H*&8--fx`"wJL |C&'d(!B[?eӥb+U{mE;bPkc@ڟZxZ8"/|/?se>!v)]FNfPpa.9Sow#Stݿ`5@fqх@lC0u6K%>sEβPriqPƟ,nVoj-!Rmnavr'rH[kC(oVSd+ 6YQWgX!7C Ī[>.2%Dg( BN0}3Re;+:n?|ZA^Ĥ<&k ]4 !BDpKҒ|W&rEn@CFVfyɶ%Q)?*4׹DFr>^8-lC#sPt^Ae4s6~=d94 xͶ# <G~D{-VYxg|4`.M0#b3ssH #wˏk4:k 2]= x6~c 9^% ;~&J>fM"=Z?,/iw6dW'`EluUc9U/c܌s褕beE 6{W$<yu_ :gF.נgdJ"K5s[r0oz19zr\8+)')2/C:7wHIY$+eoD.jiRM /m)0֊ώ2fK4B^[/B)/9=P>6&44➺aN(5&͔ U7'Kr!}Mj;@D X2{@t@|*,I eLČ yAO٠⧹JC/:_jU&MKB!'LҖ=/WլcY E] ܒ: DK~})Ry]/b!ܼ!3kVzޕ)l,]鍨rQ-}xxAW%8[4 rZw^E1o>u(/7.[)A0#w孛!e=.8d[OIǨ"xsq h+MaA*|-=\&hйk%5f1~Tb$UD%VX! qi&˦0dńI^!C,# j{V;Ƚ)CdT &c7N0܈6%=ͥ071`MtU/ӵ_9rz6YBmOjSImZsN(ZPc✹?JUD{E-n&gǰS[dtbq{HY޲oC/`&M6JM6ׂ|Ud#~vco=Sn"lMwB1?rBC0 ji4lMs0ޡ9Kd:[:Ka(/2&>c )7@^&=[=LŮ:#ɧ'ͣm /|}7)yb+쎭Q/:qc!J+xU38Tu2`2CZ ;Rog>hw$),z5>ݒ䯪_αMfٳzڗԇ0K ԼUn0^mnt6A7'z ¨e P_J7ftHXZT5cvapwJ 6ރQR>w~P4Ӫr 3GV0ϒAOE^2.Vμ>SYPYo3]RAV9>,7x4O#(0c#=6ws!g8xt볥h-2C[G|͒¹$FOQbn=)K voSf;^Ap|P]7Ĕ:*W&L?;V8,KR XhϿW G|y<5b}GF;nBmL;zLx  0R*yȀwFMmI4a˹W卑Bgi!h8LeKOftӀfo33]m#2ޒidV_{dҰ&JO>53/n|A-;{k>ɖWr) :%iSZBfxŝ@[Zk!LРd%+ϥpdM$NR5/V Sծ%vaQڹBb^s>Əel0]w.~Y/^4 4n*2[?s i8zi z|Cݫmj&p^_{qۆk>|l A:im>:\?\*XVM!r>uk; 7~Z |_- 1T6çaJv1kbDn({0IEIK mel[O  *x`h :%6)aSfR2˂vn:ύ^VUj)2k88t껬  #^X{^qW| 7YهzCl1{JK8 \sr60edO)ۤP+ˬ9V^sG G&! ԊkƩYA]ip+We,Fx39hZc0cvڮ:%NkKLdC#֚on.}z 8fO.]?|هQdz}:'mh rV@c=D*ם|qfP̦C- QIćѲ]$n2zpEt]66R8)IK4ڽ~򆽈X0CTsZ@Ǒj'Oc.7Kt oO,yI=`x0d<0TܻHvk%A^$ Fz_E:s(JTH+X@8%@xf-;!U Oy]:#?82uڇܬ_E+|:΢.ơ|W Wt(0籱 a_Mټ9&i4|GʍbFC94pZKZG217|@X|#mT^͡-FԕE"c]ECܰ)M?CV`)QfֳrfUN͇4L8HyV ;zZK\jO:q1c5A+ Ipwm!p>`ɲ XX8O|ʮhX#g4#7{DTlL%B7%\wC wv]y[%e5ŭP<0Va܏\WPdnC3Wxk#IY;sv d/4'*Aޗ4"IxhK!!Q1hݤ~s`Xp]Y>;-mOeb:qs Y[ o."#0|i'Mп|Z э)ո2,fH2MZ#-TM vp/'Q#OQWSg}@"[cˀ,٦.kWI%24(\Ɇ1# ؠ^b"Փ[lY&d.S#>,'rF}^7xS"]8mLG'q. "N_0K?w19"y ,/g]XЫwxh*2cF{+*ejKy+Z fy<0*.qO4-4ZGcߵb>"efԙ:{*.c7XBܻXxC{1f͙<#'r%k]03l"k .] vd*È͎hp_.%ޭhBD)v&ueL'<[$]e1pC4s/s MF)7-tS0ԭ/[ko(pwqȺa~,Zߕ!NdRH9ݟtV'x[L ۀ*Sh[˂ne v]A".1FcRh#$IfJIq~A2Cly{Ӫv`-f |Oa<1+F&iKWKy.>M/ /}jw_ȋn9Yc@_ 1ڑKB}В\M}p咹٤3Lfv~.Wdn$|g=a- t# v^Ss 3Ґgx مgӟ @5YGFC̩j+?a/ By#tK/M-*.$(???w %۾܉RA]K~>D 7؜^ep|Z "#(pq GQG tZ.#42/TZu6GT]Y]^ XH\:בe,Zk}Rt Hp ?+{Aw8aƊyMҋq+`vvzyxn^2NIV+5~}r ?͙B2D}CX7Q&d&zt7oLơm.j5|jBOn} 9AN8eD!g*sTt8ծ 8Pe ޘ>Y ^}lHŃ7gjO*YhbT TCA28 LC<U@089mwIiny;ˈ0%BYi7-_O jZ1ԘR"5[[ Aq>-u w *E^vPe'7i]/DO> ԧEc4=MxT'죽$'F JU'ٴ-aݙ( Ris]$ɲ,#/ߔ-y.\f ϟ@hS.$Q;뀈͏`l3f=@3ɈR oŲcl3bdXh{FWlYW1U;AtX@(%]Y1zVhokzQOшkQWMD#VBaDdR9+HlهǗXm1M:SP {~1kNͯd'2 3mzLCȵy4|b|vZ43qb#;&_e:&~r8dN4Ub([ƈ|ةvlRVHJA[vRl;U9"\O]kߘW7*] 6(YGi;.v_S )a7 D_nXKRI\B|9% BA2 ;2>MӼy: L 4m;u"h5e_ IihZpg187-|㘉6rk^9'Z0Aͤ"ʨ(^֜)p*6ǤYӰDov|!f} (A`5tS Y =WNذGq&S?CN`EM76e2ZI"jghzE\|~X؎X#D1Oi?iJ5 h:L'*.7+IhI52Q>{{j ])kϑU)ʞIEXC>ךW4mhHCBM|b׽i u-> B̵֘G P׷buLK+4Wr*;ml Ipdf sl#6HD9՚a|?J9;Or,{'~Eߡ2$w8Ndl.M{pzI5.- ,-{PuDnѕ &s`EFYj:Wﮈj2p֚ f%"H_VxxKbv'C&@X 3Jxuj_)@U3\e2oD2ļd{SWؕ6,# u, [bo3OH8)n6'Ĉޡŕ nϸ=ݴsO-}א䚙aÖy ^wI>֦0% lӵGŨhFk}?<@e0 _ܣ}S~`P.ˁ4"W #'3^OzxgEEf_V"aQ߅Y[i|ma1AM,4dxP )K|FXhUu\YM2MPQ+a%D1[Či񎓋uSm9: 7>!Px%llEMrko.)EC )"[uu Z"jpt n0sfNŞC4m7H/D G8#h*,?Qh˜&ݹ!z WMZi[렒DfҀdmJUJ^,# K-y%_;d00!oV5Ő &*7ur F;W!sa^VqRu(uBl.xjR֦ -P6qɟ,_fִN%K %H(r qХw$<'y59-]>l5C Wnf)E2Q[!kd)ډqQ9"~'H۫S+QKs CӺ+n 2H΀S V?G9YG%&ɼE@BoO$Sš-K#᪭}xa?Ԝ齎X ENx."X^st0xm+V U{ny=9ZZ >ؼ]zo‘)~#-Ip:*c`/_ИH񬈣+,;N !!( O230&w?mt )Lz3RxR`8 HzG{Wl3_-a*¼#)N?(MvŘX4FBP-4w"%ߠqm{Xl(-g{yMCuLA1,Unu6ЫJ1~'u ¸ 4(Tٛ$qa؏IYȓ+]G}\¶V8Z9.("/~1uϹ[05QpLsGjR;?6NTiGA#CuV<X;O*b ľ]7z% SA)l TWk=A=?2z!]zB"bRgkX3T|^#LL@X(iXJBPx5fG_ o"/'>y `Zs;D  uk`L~ߣ:50觇Qv+@j1FpJLs6w3u^d'M2P1A!gyI/b U>vՀ4HY;.=QE"zK\C%1L v R:/)Y_^&]tn.oٷvȱۚ #h[10WR\UM<#FV:[kS'p0{zl=Lvs(WsDhvadzvUY0)/Bz9RW:,Er[ ɧB6싺E/m)tˇL$ Z, ̚usy4jhyŘ VrBv  ~xDsR5 64\($X#qLJ& TpL[ʍjb! 8F3>VjlR _IN-nj`/k1rDF=ZcZo9|MIo;e&2yoƱQ+ҭ dU[Heen1EzȖ 8 ;?rZ8EsD-.,2,DXϔWl>tLi:cn'"̓-4SR=c6h]w %Ⳡ:y [g)"F@$.wJ`l%)^a6 @k2b=Ssm^=˵5I%yyQ9<!6&n*4~k؊8Ml@f;Ryj6pKBDB3ڏ﻾}7J L$^K>!'5PcY[ԛf=+ dNy6W_(P= d5 X5-JlLcuVMkYNDR=bJ.>rS𵴇sI tcIG= 2h<Lq HpFNIaԄ=EDGtdLdSߌ_tl:ewNo/2wfP c|G6Xh=Ka\}ȍ+D@4%v|:'V՜1©<4V8qq/riD/ :mh B߀[!nw-WL :cQ .Oo;!7A *txAY}T+B눁ɳ ^@^O|L$S)B $uPߐ H c6J4^Z*  ĸI+켤ex(~gےqCגmmҲ2,W*r Рy1څ?29-j>&4s^KY݆zJ`k'qbΎ(vF!bQֻQqO-QDLR]G霶>IL`ʟ:B2cWR x}B\禺≄[40'cFv9$˙ Q; U*ƣɪl!ںjRX}tޙOwe3v!5Fӡ&,Ds?Y!?hiO,>'2ݛtyS^Ў,cL Q=;źi$hD2O ޭ%ITFL=d.?dI vs4w4Uoe8=k<;3P0/I%` pv$A'쌏cRsNSW8,Lz~b(6tBi'4)jSiB:_EL/1ŽxFEh 4P:91$sB. ՇnOz]_ A~g:|3 0Y&E} M̷7ԡAqe"y{H30XtU /pV/V6pX Hpxw|: [* yp)dg.rI@x#wb>hԥBC`~=UaPߟPY4l76^> oO\h?|tз@,bH(II>rC5hHv M<+'-Wrsj-/Cf+V[_J 3cHQc="aQ":$< *񟡾>zRa^^r48RUFڼdSAFjG;{P aƏA ǻg>m%_l^{\Mct73ʕ3$䎚?6A(^&rfVęgBP;EaFc `բ͋C@[ԶSnm<` 4FsO8&;5akXAFa Q?nBR?K_p'#M ZSCe7F];4E93Ѕk~T7D@3h~E<[r&X9e٥e@ĵ`OѫzPZt2 F) `Yڞœ}[9n|lPqsȗ 3Xr[/K퀄kح؃âiG"qJu Tm _ Ғ*Lv /"^ުW,~e6H> bQFc8w\ ד4)$9 s{ҷе^ 7SL@T`` d"$VmG`LTR:ͧߨ[3eϡ[qT"YMass#>]њIc9!IERK9ؕ]@MĖ=gvIU>RxC/-Rڜ8"?B0lމp*  ɥsJVo/^?4Ϡk#gDr6N>n5NF߁byHmP(]H#݋̓>:lKkz3rᡩ/V(g xy2nQPیBRH!t1msVCq)#qdM{vST #f˼or'`fkax2U.FĔc5ͯr}4AjP574my@4Suоv*|MwFK+Q`xUӈ9`Ii>93Y7MWnJvI+(AcTv {~+N(Elxn*d枩8d6$|Jb;l:/]L`2:6d2]aAc<^u﹐T*&ޒA~WҘx#7\(~;ks'O %N JW/5A9Nސ 2}#<^$vhR6([Ca%M~"=LMSMNcJŸ$ju%T @[Q5Ή~Őm^-Yg.hu*@+MS'{en:FT(q$XuDƤ7S1\P6+u2cȏC{'U_E\G1Xs0veCq"5,,l0TS簽pD&id6D]D'w@SB47rgPS<_k1M1j;c̈́aA jNg,9!Mqť~5^!:Ye|W({1=;@ћ-GzaN@ 85 GޓZ<Yp}-[U98gR$NFϑ~dKʬA0B89ͤ2vӌ(ӺYqޔ*^䰿$(b-zy6Vw ;fXb6n?'MV Ƙje\ްnw:fU\οu@\*W2TGGNPg D-\YhTr6%oiHJ{mkZ6\5Bjh\ 28/=)Ch%D7)qv وBvTp@Ȏ5 Hhx%jK4ps4s n߯;N1Xdƈ}2]Y!ש#F,Ka/c504R4% [%SX>w2UT, (.T^c%J|ltk&;-PeƭOVSh W޿=pgT&V\mPc?.h)hu P׍v%Cx3ɘ2_׬rvPېs/ n_‰AR0OmS/OW( uz|\vֻm`9?lDZ7 4^e4UR"zK+Ƒ-d;Bs$̼X6[O1gN¡b,'jpowD/J(DP+l O]~Fe(oB%&Tx(G!`2BͻmNÄa@CJ |*XK_~v ^83Y܂86<()H:S)0t(r.[>N0 rSG?zӀ E][g(WJt溂$, "ր|@6x(xg&p24̝߽K xWrI1_hV#8JΚ!lb_ {MSr=wHz7_Fˢy,r@L7~[p_2jcޖ.iܟ/#ၘ%w96PQu2o3q6߭Kd%J3" #ͷRk$YzFd"J-VSe qILȹ`ERJ1k1LS@gff0H^*?j2}!p =0ʖ-nZ\>3h)0u_b9B]zU4q0Td0 W eU}&ZE )rޏ8fG Gy7gIM/SEi$A;TÓ !~ C+ȱRP,D/Q?ks'b&_ƣ.YBr;V`A PqNm˖"!® Nhݸ>@(I@X-<[-g{Zaϋt{ ~2W$8@Ty /{F䈵$$gy]P GD玃aFk ܖ}ֆ q#f]W5ak4&.&mW.擽*2:%Y2Y2H XX̅,™S*;m8@#as| q̻ll?ʉxʰC9 fs|5e~)( dVTI?ߧ 8ڦNlʠ*1,=} ^rԌ0} ' ~H!Ivl,v *UJz"p8EV=K&kTX+VA. *"_h^ǽ\Þv쓅qj)Iڹ5{ՌȖ^PM/l0SI=Sm}J;aYck.NϫϴR5TI_?)2Xipΰ;f8 OX or0v^4@l_40[}:)I(Z"C^jB(b Ǜ! /ig 3"8sɸ(ydQQ52sFG"pdeLD?Tcl!^M1 .˶S27!iy!g/.zKQ[\klM؞6Z<(ؙx?N% UJL94 \οɗL. e/_L 37dm{X9-@q>8x{,n%\Un:A>.(FcMC>pkɶJY%Coġ8!Ysmds Nm=ȄM%AhE6CriNێMxӳOg;\@'z#6a.5 @ 2EL\0CByyMPsN]_R|CN0;4J 숐l^O9ea+0y );VxnY}Dfm-\q 6w xE +@M3Z`QsDs- 5J[* so#aP0`R&#kҸ9pbT&-n*4^80Ș441mf^&g`Lwk떚LK⼓oK Bɹ2sx|IJ]'fg}'c"{NVt#dbr:e`ҕ. ip4ێ7=>iY JZ=[}ǫ:3ǒH0U&Xç+?0-h^Fl/^6NZhd@*Vxg" zl|bp5LlT+t@ ,@#HrXgҔ?P<#d۲n˱C~:ln!nL1pDHHv^-;q|8Vk WV`ﻳ;Aisʷտ,b}=!v)EMa5Hi(4fOeUspF0L ,T2~!J([6PID;ͯ#e7ZF$-P ֺ!#k!pW V4Tܐmb8Հ^yqtiB4 E׌(Ƴagx ƚIq?Η-a)xf}C“j$05>K ܿhxYgx40x7mEfh{TP2%mmv|v}nfs!ҁ/Z Zdŧ}1ޙOPCdӈTZ`|P>]אW: M[SÔY6)^VlSpN2s_QǭTp]g[f>1s'J|JbFr2;H ] % WzWg58^iҹä,tkxJG/- ZjR9o==nLndSb&pP#b >b$R%QKyu 3&vq*v+@Yo =>+=$*Fy[oJRDP:o^$bDh/vn^:7 E]կN (2LbBi{I-N'T$h;.tN^rc]V9b C*ف=-yF[ ˍoI<wMp?~9D<4`] qoxWk^5y(Hˈ i$ft&%DHvD.9 ӆFVfׂT"%|{l]V1'Z,|KhQwaObXAeFQGI?0OM%][`Oyjt/y75ZJQbEtdnl)wl11Q[$롰<a*jBe(ըK?M-N؆'f.XdxkmfGJr @8w4~NOP~^<E_xr#'(cZ:0c #'#C1T/=i/=&T;{EWXOJΉ' ۪'%B$5qe\j8[~_jD2?4 WV/|CźnRJ4!#֏1LxɅ FđhћՉ-G<`rcMIU6wcӖx3A, d;`] IUkLk9K!~xy[2ǮP6 6ohf~JgZ8.{Zݺ mxМ~~o5RvL:Dž>O0u渤1|IX1iV3rTI#?zK d[/鷚 9d.+^wɧ>IF\@nay[GB>@Q/򝙨)hFgk P[C* ]*R&_?6yaƑ5H66|9tҨ +q2qdwRIO)\Z+vTx+a͗E, /IE-iUJ}e˺G]ަ>eJYME+NSs=f2J4 2#xHZ.urFP$,ۤr0!@"9tv d:ṧKA:#n!$[42?61=̆F`A!3 NCR1q&bZVpJG/S!]ӡ[7EmmHʆ!DAF=RhVYl꾊n +xvG'^ɢ8icrNii~2$_Ri~u)ߥ,ҊTn8${Q̴[?}=d;qRyf VԀ8-EiDU۝|.fwbF:qϟ~_~yĠ|S*PcW%NSt2yuڊdž܁bwp8BDu[FKAcƕY\ mgo:b]gGTj~4wuY庻ޣ)7PS_iֳrk5փ̦Zfk_#TUH=^uj,gồELAQv=ݡ׬%V`(TZDwK(c05.@roG"XHPJT)V H=N8BjuHQ/uąO !i}xI4lly[N8| jJOQBE>G QHjx)8Y(]WyeUp̳sG"ٱiMnF 0rA{FoœPj9t<{=k's}Þj:v1sSC:^Nyy}N-r%ee+S_O&vLln N]آYhIHr1Zβ8wF?>X(3,IL3Ym3 0hq?1kflR)!f(񏭏!_;Vw Q_ @S-ļ 7U=27O6s[fQIY K=F\/Ku D*.OXax|0ܬMgVTa jDt^d# BGX]T#~G4eOz'v 1xT  Y%8x7uo *w.'( KCٳS1ʥx' ?Sr]H]Wnh o}CC]GtJ"=V{6dZ87?YC HP"C+_v2#G.u#07RT/45HPs^+co3kuBmꠂSn$l  dSys ;_AYڰxRojd\ǫ/-l ٤Sh2X YnSSfYh{(Im0}ف ָ8,mA/jI,j1wֺiŷ[FKaeWBG~LpCUŜ7[pW@ZӣCB:("_!26!nI<5m{>يoQCYr.63 Q;]X6l^nE%"=M]d:: ݧM#׺A-@`ʦ1;W tͦ{呓kPќDdbuDjE^ft%~3s"ݕW{^f/2d>兇 k+.}¤{@bUg{|R}6oMp@1HPyh7bC7tEF_ZoJFӌ(9K!Rd}d:U)R/xzaMeh"46)jWH*/E)D +?gx X0I% ku mwbȴ8v@Ե 5J83”2q]$/\zmՈd<-82AOc BoBva᧔P:0J M¹/'ETd 1Ht yCl:ӥH_X9lEDNhpI!b]ɚw-VKTs~j(1%IQBO'mE̠fA׹7QӺ< R>YAĩԿ{p'E3j"#✕%rZ_algߣ -U`VZA~hDb7\Ð;!jBsӑE D' ]˲FlQmrJDœOL=R }j5[X쿢qNk1O,)l36%_=#cޡKʠ\iQut:fCB!}J )W(zmB[{+ 5Z/K5or.Si ~07E{ϐ+ |hw%s #zORe2h{X0 T$- /eFD F~H%nU݃B|>X&^ ETC@^5X:'䔈nZs䃥mZuI,3F:IBEuOel48O@TW+ 78uqv)\L'`V4q:OqXޮ檩6wס yCySw ndš"5 H']D(hѤj/`-V% {=CΝ*~b,5nJQTA,(ϤI}>gO-If.:wG/m%6z7VBu!sr¹34$*)ď6{jtSj = MP|ڂR4)&xRa_D3nLlsbeTaۛ  Y6g=gٟJlF_C/E=V(( Ht]$vXKυ0,e.WampwϦ*ޑ-V]WQ4 7uBc 4x_&뗯4a+9H~. O'm wS#U~$iސJ7x!./׬]r®S ]YRįo.2!GLF]Q'J7h%Ho٣vʞ&|܊)3վ4@b{e2>`IAdx|el:iIYWntwM_X h7pn`g.D3t = Wt2/ٜ [6l'4FoG\DdO6SH\cDgvuf/lB GwNճs`:@I#s%;OSAF8?|pGL=uprxڌ`5aڛAѤw7Bv{mޢo8yώ 9ߞ?&aW0m@KM1Nzjef KP*~^|#8[yOE axȎQ1NRoyk@~0 28'KwblyImMTsRc1^5HZ{SPFf@J NbokPno$H)k7T");c=|8Oxw@3D^2MctbFw䵁fYqLga ܃k͠F[] 2jO˖QeX#\DC"l]Q4D_-ANq˂D1-Xje h. r1gѽ1"wfj$u珹7]^ٺMm%'Mϭ.oS;!6F &_s ̡ʹyO'ė@64NWԂ ؀7?@8:XjCT=.+}5Nr3C:iDFpz'3pRg%wudmc|ne0k2|*Dl,&q(zSJ)K1^o@LqٝxD2P_HF_)Pzv&7B#-%3<)rHoBPD3Ȱ@3AVOE9k6%A{ 5os/u9O@<4OC܄<^xTm^BϚ{f:pAF'y?|ԭ[>@T)Qپ/F>U%JV'r}9 &.StTd\v0ؚ-fan+G5zX"_hA_iptE**trDs2U+x\H9}lkQl0gIi=C]+93؜w?ȏk)׼h< btK,ۖE#m Œ m_:7/~F;J^Iߘb섗%>'NeU#_z:W]0##i֣8,$9 AfXcDQ-&jF-8K]W3j3ijFC4CeUDc %qS϶2bMͦ7E5=C\t&dpW'i3x(IzK.qb(QPuWĺ-L7㓘]}KL' aBs8sI]9ǡ:e=Bρjm]KG[#\?`tYBr~J/mʏoMtxT!ᥛIg[hK % \r+ň+ ,F95jƥ+bpW>/{1^XP J}pB9{OR^VPPX7pJ01oM'u AK<+Qm0XB“sWyp i$ckQÿN LyDncIǗA̧GL(deñ2-\͝!Rj+.a7dǿG0XH{I~xuA0-\{:ƚ3SHÂρpOml-v%ѿG ?vG%gr\W8eTibb w("Y.F{xj=NK=1&!>gl3;T K IͮC`ZwH 3xaT}|%/g>~8UE—n,_ynɲ6 0ܥh#ΜL:d*a ֎\D\T ^(4+ ;Wm$ڶy%!9S4;֛F9 #ɇ(6ݧNJpg$MK8%z. Y/j#~JC7myܓ(+ #8%Z<5@}"\hSؾItNf]]1dv_MZ*& ɠ= 7tW{Ѐ:Vb.]BQ^X=!!0l&7cuW%o%7߰& 4bÂd !XS@0ع?. xm m+TzAW2|3y-VE`"5q'jvC:YקtWjxD}ޭ\NkKNcދĝڝo{m`j=jWÐ.#3w_ ]1M[,˻z*vE8Z!w2SIkڹt. b>+aCodd!bx{4/42qvC<͋er֏+~Fm^ȇQIQ;ϩZ ͂'*vb6Fq\m7I6Z>yiһ"ߎpe9韑uXUhN->nrƋK٢pMbb)+1(OE@E&#:p+( 6Jϡ ?I(7wqw;%zrxP0`?zjͰ^-< Q>Y c ME 6WԸX1ß ?uNœ"`6R05iƄ>ZdN]987VSEFQ$@ PwwdJx8{y35蟩R cٌZ]?Xp-ETK m =_Km+#;tUzf$PWD%}` ZW! SDz_G}^DijO,bmp)t9>fi΂9Tb _ot&?D^6/`cH,2>șaT`NnI NsTg wPyO#xZ[Zd^7gV7߳Hi9?eF–>\  R,BqMRm P7TBILPSzk"wx^nE`j7Vv7u#Y4@ #@G19eQɮC/$F^O>]qI Kпy:[LTk!6~wѴ!ۅX,)-T51/0וxo,9DL(ۦ0ġJܵjx/.`pOvssԼ FZR  Y}oG0ıb8%fvvB8̥-, K$R_Gu|!k[o :S]] h3lWcDsaeki1@6 WSX)`a/`0S}V9άIǝt>MmQYNS#MHXj{0G*LDJ d-9D5>ix䨣\Fh<딄|y;/>t2-hMᱨ$0ao*Nz^8;2R}')ԓEƦx2cf}d#L=W&!ϡP!բ?K;"w*q9ȼOYPq՟["wEUS!+!w1쫄MHFdhz2[5vfqν>G:8*L9.&*縯x㷢ߗ5|ŷjMu}^\O5Ͳ^4%oV H+.]JmK!^hXnwބ(lh<7ʹ0'Ok~1鲜<\vj (5ksc2O%rM/G)n∻o[Ց, t!Ĵ|h<bܡ8Ile2[7f2hr8(d (ѿn`lv:(xC7%/ive ȼMf^+W2-  ё Gc(9(1<*r4Bi>󛴎 2c^SJ&)#9+X_)! aJ|W>(RYaUE~Y `īZ?k.P*6M.ψmىL _Y3vCg={x) LwLE# *j?N>GtT3X0h崑k.Ɛl!D ĒFu&j'`]Ywo(AfH`suJF%\}8ӞdHjs.2lЍWM}1prW\ӞS70Md:+7FhplbL%)= TJ/rPuRm -Ϩ}iBI *6# FMs1>FJ[0UnDw'_zEY,5Y>)Jʻc؛:@O/]a0zOgBթv!Ut;,Fe1klTsɱ_W+BB(Us33⛑={\+:0Edcؚ}\\B8T3lrlbTPxԎؼ|Q϶-)TXk @UFq!3FݬϺÐ.ZwL긔8fwd2{;hv=pOޓٲ?o@=(ܞC$-Yg˰}Gj&-&ÒUeWڛ]ZV(C4 &H;%=جC)+b}&цi)]/sJ퉗 Qh%5/t`mMrTD)Z9qy77Z\(+k4@< W #< 3{X`; ybÎmqNڭ8j"l-=y @υ"-Вou$sqbM(o8/Kj%o56{^ U6U u|-j/\Ibg eC0=e{hL4 a/&ds̗m&͒luԎPn_o#nbqAAHSlG{w3O Th'Y uami,4JO&0#=Il€^:*6%';U犣lmT8}! BHI@c5 }5 "ݾT 4sb0SI Gۯ0D}ec4`Zx1 \qr![6-(ejD.1|h.z ID+qroo8 V{D~fNTje4nP̘=)WH'>n-sP5oхg{!gTet;7pa!qH_)!{њ>XT ".%@ `wHaX>bwHbYKw;lSKaU^—^L:/ g1ZCylv*А܃'XaFL3"to<:&ڢ9&H򯔄FvW0ҩ{ќǯ7wJΏ]|&viDchXw(`],vbV0%1gLx #z$&a8K&oVy>| \9P8_jMzkÇ1h k&( =WU.7䌌D\tKeN1(&9GƠ!˒KkZV5x-rY {!R;327F:["L^٬1uVՌcږ͂XL+GݢCMpWHpeht`o˟ڈ9c%-IYKtm!Np8噴$F5,1-}7Cy\1B&SX q6P>N~/T0[K;Wls@Y[<3xZz.J7%.4(W;KH 3/l'uaiF҉I%^s=&&>_7(1d!+`Y[g\XQc?2̈́MLoEk$)ŗuyN,TTZdU#dD/ul)4Z~#UtQ=z򣹃"7=4tel9L`*:PfD7^e?U[֐R'l*YɀMQC5NAc>I}Wn>#1blO:Qn%cwfON߬;ڢDv#zFG+JCVb{Ȥ zFsBiߞ}wpZ!Ȉ=_pn }^-$ͨn,nU?ɡ&s0(@eu6ĈT0SaIoӀ2V#I<{䏤V6=4;&eGM-4h'8l o8n]vݑޯ-4 ٚl<>{&,NMxp؅In>gۗ)lBxS[zUZ% g(ho}uN7QV%bUpZAjQ)&y&,U,찕nfUHb6ݜ [w L4D$:Uq=Ja˫ʈMU-4ӮA{$\j뼅z -m@ǰskjWQG>;2۫ ;i9\z'%-@@b$v\,;}VgC9i*J0}n_a׽ƪ0zϝ'9~_ע,w#öf)?y21=)z(CfL.|m2I'RJ_ o 5 (h ~ D=1>A I)E(%<^:\٣\$@5Kv Cx^NbcI(v6²i!ܰͣ]N$P%% 7@a£Ͷ T?>I߃(w֡"q㋎%V5A=$,T$Mŭ"N崜vhN-VHUrp=J4ZzՆwk\jL-P7(J~M(!7-/DޝԳOyFIyֶ % ~c֓}s/oWݕ 8:&J\''*WXd[d T.gP-}+KRVgq# 1 vs*{7Nz+=q.NQ + m1ffPL(BE5޲$FxW>Tqe%~V"eÂy2=WXk4ݞWVR{ .3x czbU XOnp"AT̶r/3ky W~gsV[J9! (DUٍ8 +=,p1iG!G/wU,7,81!mmc ߦ W Ryd>vE#5Ap1 s/ ,q4j̖'Jl5ڻ㥪iZž3Xq@?)OJ p{Gm܎3<=ǯg$`AzAjtD\!H[>߯nⴚࣴ+SşrT殚L Q/AٞB%ŵrneX@bB-73bCJU j>KYGZ\NZ2SV xuX_V XTf|]]ɔDCA˗%~z-T2txoR1_.JGJ5_B$tj<#n:[y j5{J!5)⫉ͩDXa(R<=YChv$#D/`oȶ7 _}-R40J\%%ua>HftZ趑Zz?-04܋!1Uۛ(vNj`ǤyVi1"5:ȩ [A_8^^c8YD??7WXZd™|M>ŷۈa V vAD怣ѻqgb] 7hY-]>EIH2<$A)N..fD`5(fY$6"e*h,PE:ƨmXV>ib]4:IkaM)8S1]g-2|}Ne`P?s@ Th Mx,'YY-|OJP_7HKiU#UmCUkbwU/@\VY)pf11!ᱰz :W!F84 PV 5tYπ`:*g%P\ FbǻMQ!U*'X(eV[&acB} <Ud|>*8=^N<]w/UNl?X lɟ`{j?E`wZvhP/1H nt4 lf#=I(pݮ@Zs6Ypr?LSYMS,I9}Ŷߟgyk%I,1,r  kщ裆'f8'ewZ0L~wjspg^?"(C-lvxl t4DC/׹zX1ߚcr2|On'_yK߸.Fv|D jPeFO`_eA^V9F:D}B+c`f\r0O-B2cRY|f{гi,!xH`=ŕ3ע}ZD(Ae*sb!w!>|t騯mr "ߔ /Q N=.K9݁cWkFFoT\J: 5yEְHq՜$~M.piٛ~Pڗ;CjeAۛUR`br<4n E~d߁TKοmڔ /DաҪ,vГXPB)E a<G C|M}JP =E$~QƝ5'ի^=NW=e5ܣfr Kts{„ 2ƶ!U9]?!*"#u=hPW'1Z8ͬ%UfϋeG,Jl&H/G,`y 3&>5(:уVEnGjIC2>sýop,|,Р|"[zgd76{b~$JNiZ2pb~1ylY l)~ Ÿ3Z'JqB8Cq: B)@ݚ* m.NMɨd]jD^xޘ]yp*Lؠq_}MgK$')N9en*~ZwL=S/z@smW=@Z'XU&([:^WSZ+gӷۀߺ)J,!Ɛ퇀:õPVv;ݓ(wٱ'qWYw*fLȘWv&;£u3Bpj%|lC!!1h:X? 6_ă r8W>G7tS׃M:Q/"h͌SP6^tC3z$rr Lzb|ʨY"Im@áxUlO[K[ozQןLFMLܿym\fح1𩾖j88 M2e ``q k˿\!]ԫ[wI,I^^ng@4/.{<Û^՘&iB&G Uܘۤuo[VUAT$a?(^DHۤ*B HR!olo}RpSc}%GHD1NAQc+6HS$=QVV0u=z%*~CV&^:H SXC*.f\meVKb@Y1>˿θ#3S }3L3d7=QPTn`k_!kKH⾐<7)<j0{;uٰ[Md^qn*EW|ioTfzZJrZ;"#sϹy'p#)V'ۀ&5Z.d_TX_Z^%(׆&vE ATԣE7Q> vfr !- ]jxմX-erٓF86ջX*}v"ޝ6P}~@_mO\GLRy r2H%ekjB*TS.u怅u<'Ѭ x6+t6p@D|w}R^ sRS!iLu)lChK1#闠'*bIUUulA򮳌eGo%b*7؇ts~%)&ٺ i􇥍3俣#ZƷ65fمټџ ޱ -[5F&]#yմnpp?ś{82!T9Z6ĺrW 8Fs 4P ='ҮX0D ry!jw/{ 2ۧd,`cbSmrR$VY;crCh}zrU /"1~0;!Ԥo=\缻T֫yC[I'_sidIXNp!0_^'Y"Ax4 q-~aCmĹEn쳟&)b/zH1q{7 5?W%ߑ֓kq k(G{"Gs4[uUlAl yy@oeZLR7] "\bڋTM*e|4g|̶8,D@L&:% &.~stv%q4=O*BK`4Mu%[S(%^@Xп`Gn_{t~6?B٭ i+`Xړ>P=2W3pEk7Sa;O>=:lWhq}KA:ˠgnϔP4G!=&,_OCԷs^i4<]PqQyW nYPqSͯrjmGWc s񉭔$e0h7B~ɉp 63vkdlkp}V*T'yuɹRRg^{[ky!ux +c![ qb3ٻjThv=Q] ?u]%5;l8F/cO}Ssy&3Б\ݔK8G ߳oBO .4@~}{X(x`۩  acv1S \`UŔs|tHDnA)#ZA dO|"E9 Ώ ǘF= 'TZ*NCp^@kWΦ!,FmBᱩPܼ'#0B'ZkoU1QWu%mVnq&q0YԦJqv- Pi`wG+ϴ k:Y2=1si>Bv&ja' Ç/o_rJEARP¡M$QRk6> œ&O]62F '> =-uZS\֭͒$dwuf&4՜Y bUcKilչSehFr>{)󱻥4F *GZtVN`[=&شgJ5 l,_'gy$CE$aMe=W͡^zd_OWarp*Dgwr$)zR3䯳l;If`=Muwرhrk`_Amn#6Y霬M6LI۵*b򬩍' "CA H"Ns M2F!I3,s9mzn -_s&u!#^-J"0˾#,r߉Y:G&LtD]֯=du]e906e{GN1 WʵC)~$a/ ]ϩ57SyJ:kWc .|ҨWpw;0}9h<4Xܹje;rBڞy0.`"ߏ!2+O;%|ß>mH>{"y"ŖsneU؃Z ?F@U"?4N:3\,iӎC%Et0TV:e7`J;Vڒ ڮPfH@n`xV 8r+{,_ D=2oR鷅% f:Sv㢑WQeG3!_* Ɠ44!6JgGXԵڅwY,Ev@6;uo hӚ;1})90&+d9,DH n`G CԮ(jrQ'z]Ye*"@M$@ZtD0]M7?ZWw@ɦB/1 M,R pSْfA_߽ (fL>мbu\1q TDCm3BB_}!zC_{ tbzph7 ZsG8D {Ylҕsa?AGi?57ek8)EF#M( ΰ>\eG?Y<װ"GgepGx=Լ,O9VcR $t7ijsF$(ׅڝsl;`D3Ѩ:eE$f#7L-P]DhIMjcu@E覨 4OY2gcEG n@]LƘ)0گ!{-Kq0L` Ugy^qu lj8o.rC4Ө* 2 }[јM9v}S;[b禲>!qoP'uzЇFYwuQ/Y7rJ&W ,Z^BmG !beR}!M|^:d6az$ Y%fQyοl!EgTMU1,Q$mU/^#Xe T(tZ 2qSmuIPT5li9+>;YPE9%5~M1~ {[{',Ϳ4!0^m.|ˊa~(+i K?x﫼@P5sFs~kqiŽ+-I3FWb_xR-rTr A+>,u̿=u{Kx"%-=Tm(7TlX[bLݛw5 >@5uu7S%Um\Aq̦4 ΜPr.**K2 P:y^/v ?3+ut7cj阤G&›1`;!'?Gѻ@m_vhyII4krbtv1Ys plDYXվկER:?Fml33̊ߋ4U|UX)+./4ّ%[QS\) Ўؓc z+wa=l{G;YA]d`nfq& wV-]1(Yӵ|jH_8sv4 Y[$ !dnF6 )Ztyu/N"WUNY~ EHz{5n [^Y-kЇXIK!+)Ad G48ṡ$(d QnݯV[" W$.zy&w{LI\3Gv 9XKkwp4][h6j7Rz#+k"35Hծ~3/&mԀS-ߋDAԿ@['_o5DU\2YpuMɑJ~`:H%^w/lvwU1LM'i1~-̳R0 {cm@Ԫw3'rA5J`@Wg3 vk5fY$P 66ۅ W辻nq@ts[O[V8o*ò3}n!HrS"r<~NٜO1RO̼/TYO*$TL~&:>7Ue ~7cVES{Z JLxKUVr$ ÒrjuAl+7/iInPVB>$ đq2F +oe| -JlzM3J| 3Dzud{)x];koE^~ h吓@ va;\8((SrSWh/xxL*D[a|XRBA"¼mJ*-zaI<Cඊ)8ؕIB! +{Opc +!>Uy?tf0wܮB(>s3%Qc~0Hnյ3Qc[g 5 o =?ia4ۖԧYsX@l{_Iu3% SArBYzLI8.)/;"oY)AkPFnhCO'GZ{1ĭxzrG^[d)S$A#-6[dW*'P> y7j꟢K`Jn=N̏b)ákyи2&/53bI{gU[´ŁK1(̖? ͎ ww'rE Gk3 ?TV:lM:",VJުTcEBJ"R?C|Jd :^QǖA4yX?Ґ).x Rm5rJ8 לseyq@fNrFՑv$YhG1"wةre̢!o: BR yP7 ʁB_Ծ(ՌB<rV5Ğ_zShÞaJdzCAEՑ\HOC^;o/̢CkWqkeƩΚ $ %N\tjwi~ vX]R&.pvuBYg&XdGEP#II<}dMdSS+LizDcO^5a[䓍ռuݰ%+c@/1]4yuYIJW!7Пv} J#GqAHw $R\dGei2BYTs>MV.&Xz vf?ӟ =%S(@D˘6+M-:/dч'aCh4s7 qDu3 +gjfh,!x&䉿lPazq)?|@͍J^6NCf12ܲ夿2O{qs)%_]ŔArbj&0RۭQlNUh3z㢒 &qىݮN՟s$/F=ܘY:"skƺOZfdI?2mf6AZX`^B99meD&Y8_Pg >Q9|R ,ڴSluCH߈ X>rF?QI굦8y%f!MXup!8<(mNYO#U /;N/
l; ͫ$Qr}8BJBvIBǘ$7 iZ}cmkr`m<^&:S\85U;>8*~;|&j2)7[]J84 | aF5;=5z>&hi^Ӫ_! d_/z4[v@V0 jqGJO o2q>x wGKu \!zA~+d1s!>Df!-m:&1iJ9D$WUO$v:; AnS.Jco>eTRD@mS(/~.2 2RM KYL߲(YQ XQ~Sd9 ,fnB,k/+bV99=|;Hꭦ1" {`tϊ{Fa>us/)yV9hCg=$!*/hpfƭWmM|OS)q9- _ŀ-ӦFvd((1?>@z FELmceէ 6Ğ?5=/X[sPDaәRFNW!\m@GҜvbQմ"X;57eֲq|\h|=c{gA[ad00u<$7AX.9A::Fz\ѳ|lǙؤ,+4:j6Q מQ䀅|oJ K/V!?zzŷ'8GV܀sdj _X% خRL#<TXV%jRF<ʨs:i#Ue>vZ?R N2dDW+)gF {hU[Rp =xMJKUe'ř`QeSQ m>DJ_ zQ؝PUKwJ( 1=_#m%U}Q2 GaC'Ulxaw20IR AM8&XR-o .v`UCʊW@.7-)ڌd;\>rS/ N8Ck }qҦҗ ډNSx. ]'2ae_!(|rmm+_W+Cy-g [B ~_1Ň桳wI].UdބuRX}gYGodvk,w.mg ^3H$hOp܆A*ϟ;PYVO:]}d͚>^K_!r&a:(tkuWR"O,#gwvx+(г嫸Eή> Lt͹|17zϯ{ų 9 4lJ'[I#qku PL+˒`ͺXx'}%ߚX}xH뮟C*ݸ&(Z)c~ns-aE\]՝h$r=`cLAcI>LgW6Fv:cHvy@:ts"Ipc&Z*?[NBh(?" #~M^0~u&(oiNw6q$Ң+uyj;Xs& h{ĐTA͊eb̫HgG$af5B۔x0ST1'G.tR%V>4]0cɻ\Ӓ*r?,k&,jͧITX&萇OrhPpo! Xj)?O/dvr}y" hkp]QF?0,h5fA,[$w*+cd>mS {#ϭR[e>ͽϰ~V H Yp KtaOZ~P p^SbZg=-<:O6Ap_24[åkQbRA%瘟,|$:0$PAOC~64ۭtS4SsdWJGb% g A%QLϐq)1V7]%urdqy+H3>EZ"5uf%L9@Y|+cbWI[H]o^P* >6gblF$Fgv~0%7$׭"rN< ZTyj"j1Neώ5cy+`nicsdCUMQt4`=޽fOrz_񲂾LBUmǐ8H-#Qn _Dv%iq-(0 +]B)uŹ{AP00f_Ae N~t_Sl9Oى]ѳׄ~+XV4,b@3twcA57aI9lSc0Kא ԣ=vp>,Gv!-[, 롫xH Mm5gg)Vky̨wc'rf]>au'P[N35Z~K5IwKfFFp=*gfCZ0/(K=xH $'0pnL<ʟҬ Ξ7*46]!Ùnbb֩~2|b}2@ " {zYCW@HEvmt׳3d]Y7Bum pj+[ ʾzMnry 7& N8u;x&C"ulN7,+Tz'Wf9s ;Zl]mvd:A~0':G Л#7]P?ߤø>k!ML̮ئαE|J5E5ǪrWwX\MJvkvm%pTZcJTTܰ@x== w|Ww#Eo=M, 1>!#ݚ+fH$1@ r]^T-@!gE&mh}'x&3CǣLa|G$̓"t'9ׅ7@l}wIe3XT0(tk֬[z7Z?"P7ǥ]Y~MQ %5S}C=7l]<6/fQ[fOAeR,,ڥu'SN'zkrBkP6Bn$'ӗu6O[|4rJKuZ_IO1bb|C½clMB]3s)3PEuq{;@At:dX"k<)RĊwiX͇c|J #Y|`7q HJ3χ~(տ jJB]Dͱ=iakqk;V1MNEV+fu6^m-*! =$Gq'_8*_?,m..\mi=.]sc| E(@w,O90h]0}4Ig8ޞ0]"(݁MfbFدG)?Is `W姱!@;]$̶)G=B$95?ڄwH.Q[4tۣά~{d ~gHiKVQH~ijԻn `}դۛHY$ o'( @ƨX]$-2sh:77%/M>Ӳ(ʸqEF>r%(iRqܞ1|ZRX`ΣQ bKїn9^QlɅRXMIwz F`R`Z#QpT=f(֑C&5P Ho6@L^ E@K-=n媒+퓣g]W1c.џoBrb)p,zv0 >NeMTɴ}!P?scqZEXĵ_Q xyhusȕ|*~d Vȑ'@ޭ:5Y,i;FDI±;rOLAY@Oke+?9LK/߲;C:gRuz;&p #YNmł n4/ifwe(g5}^!->%$0weF ).JDn%2cw?!ba%+͵d~ߓKsEhRj[oRB|C,Pg kz1{^(xir[8Yq"Va;,<3>زV~y' Pvo_C"ch$ Q>Q.C6_2ԑlE#4.'i',R@5sOUaT"$NdS(2^nqsuH JKMm4#5r5 ȺF7~H~28;sH2ioVyucN'DŽ<˕RHV&KӼș-08'فj3e$$JE FX(4޾ ;aD"/ϪPїhL'ʴjxb-WWu+_hXNVJ91L!x֪$ .t_bt~m=qA ;5hImZm"r!R @5 Ⱥ4>͎W 9wP0OixW2 GD06?0Yt*vp?7\NI- ά@Hk|%:pQgۼAoNU~,c.,c)܊ˑHX1fMYإ_M\tb`B K[N=PQkBJ95$2Fmk)didW\VGm8/ПOVˉWqHVzqYY=eAH֪ݗDOHMX[!\ַx+CH[WM(t]A*졧y"!!izâ~4JϷf-C#v-柕գ_&tX^hcV"_jD"y&e(j/.c FzI .^~ .<.W;U葖a{ 6I;bp{?(қ+/ؓG;=zw!ldrlIG nw2+E'+)qeg vr4ƿ|,i<ĹɯKfip͇jShCm#]Q1)^Gy82떮`$6H<#i ȖQ{VzRPXM|홥>S()2 ! 2ΞlʮVoĐOfp9*ĿA&wiHV޼G12d0_ss[`1` d&锳l)@+kၽnRCPH,|'gXUNck^sp؎i P1ʚz*\?~r C84o-͢hf}Lԍgpsbw :v/XW7:"x!3ww :iNZpt,φ${ 2)Re~yO&oiW6UxfX; J)xԑ[?"MϙufmX ?68>Z_4LˉayBSX欪O@,\XEFOJXȬ< {! ۾-!25nlQ-I`eK C?1\L/”{1e1/]_נ,Y18gD3L0M3\.k@w=6]kbH*[ՍJl|Ϣ.LNr9k+yCi_>QEQ,28~]{n"l=-g&˅c7-DZ/B#d'b_TE' Tij&!pR}F 8}&ս$hJcЮ]5C<>]qBExG HHjoأGWhev<Wk;y#g?ՙi+zn(b8ǻH<[,YZ1)q27Ԕ<|8`4(0 {*b#Ąi{]k^yr=xpdj0]0M'V~a U&.xk*~g;vhJn$cҪa*49qk/g@}<܋r 9]TLK}a͙f{3ZaK "fJYK4!w,*">'72OR-/.xy#='T6mR+MiF,(W5^>̃oRj#t#1.jlKEA#$ z%Oʺ6$'+Q@RCjqȃdjȯO&8m5iuPV He֔t!_-&ǭpg=k <\0aC3l,q=hAƢ7K'S'" k.0D.-"(!F)\FHձ&1,E\Q7J}/#dT!(nN)ZVAR7wH6>OsB tkW{[tvL&Oz(v>+Tm ) 0iq@+o"(|Ntnʐz3֒M> \=%w !Z3 UM6aqMS$dxdie>lO0tȃhy;O)ҧf+^F{5. ]{;d#_P05&K|& Sċ=W|,t-U`bh]\wYngPQZ ЖuJ:QLFW-xg!g#Qqps8#MJs)Q$ wѣi(neաxUAvNk')-E/{VT c3LC8Zؼ6v#5PqJrx%ShL +2B۩{#T|s| UFȱyuOŻ=WXʧHW湰‡wp$c0;$б0TK E͐]qfavV!M8# x]`H$gr_rr!9|9ߜN+4IDA8e4oӨu|KoS ZN %:gd1sS?R/><[tB? HWcǧ_\Y]MQ'e31yP}*(9a6_"(MkUʳCa (?+Oا\0S%o{L2 QI.B=l8|վՕUʧJg?n%RZkcuP]fګ^ I?ґl5ůT=}i$6pnjZ7uk" 3 I۟DOA]} 5 V^ Zu;zIk`d$p]G!y6vpicc s}3H9;~-BJY퓄Df,*(o@ܽn%狘5(Rƨ=MUyBŤXcvO+wKԈ}4X35&jr%]LSL)ܔr`!X \]{3A (P\,& h}{ȽDsbXp aI:G_:t8d߻0i xAGиKIlB@1ppPj3j%įV~Ulh SIU' +zL6豚wj!}z3,qσK&"FXk9>?֞ك?|fS3VYh*yI\N'Dve]KNÏdc~Z>mC,eT vCAFl&ZB?x4ngFE'>:WO-Ğˣ\`eˬ¾h2VD7Bhw.V~B*AF$T-Dߌ;v_ 6rOR\ǪβuCDNFT_.^{N7rrɣOL H`<ڳkDG|wJp*?|e'u[$ iF cg\սצos; w6R>umvp^XZQ #<-,"D9xv>8Eb2Y̨Z<c{#&>(:'˄ Nldp*P3Vy}&ےFbkq}$N}?p`C[O5q;+K(>Dר\/8S3.y5?"4 P_I((Q1Ԭ:\kz:4+ۉ>Bؒ:?*}җe"{-%?r$PaWdh?0Ű Z{s!X2i ,dž`0AQ`$_Le{ܰv%u Lf\l)+|I(ZBG;W}v&'L1l"qy\fBh걯oKy6 ?~G}q[>:{*4.aXƌu,q:'BcNn,^7atwH,Y7] Wv5kq43Wm L,(OF|v4iRf'9 =9v.E&GVTn$D+vlfK{w]W1zq qO͢,Vmf $9GjB#%bmfB4pwD]dE(Ӆő%QP<:=:k}bs*_n߸]² AdAy+jcL47j꼾9p >yзӋѼkʁ杒`ʮ"O&wPq8?f9W9wf?.rxK=XD5MHlSRJ'Wō#p|R,{~ ]]PPB8˩DI3đOe(.YC<@Clv.|i#VeBycN$@;,/SMS7?FrSB?,{e.':[1U`*pSdUMeQ΢A*qf_ST\dNWaqC 9WO x`rCC24x<ꞬhTV,5cQ$*M@ۇ Ȏw9yoԑШqѡ"J3+Nx.atU4~K.,=_sٯ%Aoe׶x'plLaKލ9v5*Iꪥ׌Lo Ű F$vzjRR:\PJ&g$TKz99D^Tmxm |qRioɜ4lg;n0gU 3Bblq!rh@<&j' t;nLʏvJid>kJOV/&|:" `-a/v`j5m_D659!17#<ԅKKxթ+5jVoBD/*^lvdE]GPakGa]!mxmylD- VПPU_ܔn} ǚ+ǒ\Fh]n}oPHPJ٫y'-sⶉ1+5QMym<VXV;]rg(z̉Pڠ) #3M(bGc~A&'S >O,<'"0"ً "¸XˀZj'|91ԃ3MYat$T@ _7Am[GЊIo\3w!2jL;ܖ(\5=b: 1P#&aꐮ0uPf,rHSU)ArzCuXcP7j0;sͲx%u %B=O{AJ BVкY蔐P2Æ*9Yd֩pM/!+s(6$[F7=d,|~`=f͢ɟ;>6BR4bį ֵ;wLx"(>YK :Aa62;<](]!1NDtť""DPd~,.;P JxS@@kLk<3%I4R"ٝgU4nR\-Znbb}ѝ<[pY;xіqw_t$*aZ71f%8{DyV;SfL4 "!QGc-Y#;_ؗtBP_R^?_ZLH/*((>}όs(:-Z:W#w=OG~+n}O.tsmv HPN-V3/wsv+fP*vʩ&Ή|4YÅT.c'zFwx~K|niYӑ$؇5gc!*3w'b b20m,Wu:!}G\ V+#+MX'V,#4n*BѻjZldzV|m`U``4qz1~樏~aiI#H]XU(Z^ע< Ż!/]w̠E( R{`׉mdf7[fJQWNrP_? n&6DdR`JT߀a,VK"|L9 G=?'Aqp&:{95E|8hK~>(I1Caͬü/hU4ےŊeфѤpR*vnfg`ӧ8ڒ:)#R9K8i!ݭ"T .Ծd 1)~"t;y R̰#cDObLkd)oT-UwKs&maamFPZ;AȞ\~bsސD(HJt죖WdǏ1,5Q޵cO. C5Zd nlGa(Z$%OGIy'LڇuGjD2ۦn3qWn&+ a<.YɌy8>%7H{ʽAܺ)})bj#(oz뺂13RӾ' ۝̜%M׆Ԙ-dPOMFEgs]-&IpmNTYU8@5$?9e wmTN 鯓[(sp D:)ߐukJ%HXО 9ܸ\EewaW3-*f¥>>rÿ Ug`1.Ÿq 1x=-HAwgM''(fۀid,re5F&*dV4dI%0sRt9ق@8f 9` -;}bF 50˹Җ6%JQA?vR| kYe2M%8j#IY"9!a (M֝p6ElUtET[Y<`nmNS.=f1By?C'a6=NgD"H`O%eLoTjtyN5ĭaS8'TlA88bV%usl7 n&U ،c7?!"1pwsr`gOzeXlmϒf,׹]7PAfkIwK-EQsY^?/!OzԩNHU0g7 ˷0"j/wshQFZ[.hL6F 8OEx"OГ'zyq41C&]@;2I_R$Y᲼(vP-ъ;5*=Dzgfl9HX{ڄp~ark fQNP;z^fίۉJ1_`Ȉ=Sqx뉌vY4X>zV`ِ!+kh⽊'pilƀмn!7Nq%[5F]jpL]5v u&g=oDžFg\xmo;}[-J#~oѺR3_V ɥ\eU S¡.)zZim@٧nV[Q$s8?SLXzr-pMvu7 ШL;{nK8c].IPbL^_NX㠽ǒRTj8$ b0 &>%餷'&GcO{9( ]%>-ps5%쳮Q麭P hnHi3 ޗB3kڱ #=r b '( {K 6Yq;3}h~vj;ܴܣjm 7,E~`_vur/Qn A=.SutOxhgRª޵TF'`8 D- UԚ3:]H_cڧtNXzj&CUutpٍr|4f?d(FB DK<' >7p!o*^=:gPixX)&j=dG~*ӋKډc=sgtH9?lmUZ67-z7f'hk7<mQX}TPGNd`[7rUi,pEayj=۳Fb(h"JIAiUj^43d ^QO>pB : aU+:w@ӂQMy2}}SOL#4oe4jjF۪ucV.oAګu}Li6:(W4-Y﬋;~1% kw-*bQK5=h.tLR)%?'? ٴnANkP Zփ5x ci`GsOU9ָsl:W:=ⱘv*](Sibj*2qM\ua+XbBIJoߨX]]:(/w \u)C䐯 %@6BH矒 wOVd+>R2{hTYN~o~iV G3f-2L|E1HR7#"j hzraEiL|q<~(<h>-xZf@ +>*uC$Ks hAv J8fK]= NzȔ4C-~~ h]E>_s_ǽЛ͙JFsM؝!j'/] g"/bTC[=oY}:.GNp6=T"U&p|E5\=t"t$5qϠr"JI+Ւ׶µhmxfMs)h1K:sr?Kc;ЫAQnDBLz1-gO6eE;V|qVTJV2#B˄ |9 ]{ܲJwmbB 9$vcÏ1p0%%ß_|@Crэ5^ii \_ :^:%dEt`?qK@o7}n\AU*T {aQ6mL>9/*3_V49 `-W;#ƛkXj&Yj )U ?Wd]nRR6z@&h\A庫N<˰zW+nLnm']zԩ{IOv:K.EvqLX wTK aXQhQۚFˡ:)oikwꈷa3'Rt=xOkؖuV΁$(Gn{wklhP86Ci4€VXsRaGBzTYHOF.N[R^ K# Sc?BMDCQWIU;XC}HB4S"Ajޭ޼Qi2]ѪINbҌp e %РbYwVfY)${C.w޽&t'x%%cוX y!?REM.7Δ^Dμ=Z= ʩŖ3Qbs*}vO' /iZ^ Wv*оXKȊW%ZuHcH5%# KԛmǴ ?mX-Hdo'_w,jvocLj)Q`)̒X3^1a txxzr2d;i8}! uS^S QBF41ZeOXZ!: gBU"{$ĉ.U=QAp1Xv^ꕈShLJOr$1+EĶYn۵~E<۪~;hYFRS oVgOLwLcbpoҎ6oNomiL}^40I㭥1y0*=nЗ#ZN7U adk^!F,YYJSr0tU ?4kVEaZq,]u{á ifcXuiXb;/YA(w+#qLإXƪ(7OU̙2]e(41 cÁ|B(O%j/!JH]A'抾Sօm c46߻{*nt9=؉8倳 X "ȕ >QF^ Ƙ(Ш LH{//OYp>.Bdh=}TR랈V^z]V|s[3ag K}]uïJ27_; aKhݸIFM{E6;>HnGB&}wc;"Y[IH~t)*H ?*:"Ώߪ*IHƦp*ڳ҅VONa4יŠ |r8!8D?7] s<.$Ye66}Diڐy^%YMFPqv-%4& svpGk M(Rd`yHEpt}u"2nS,f),po˧I"uMV~F1 GGoghGf,6, 7ݩ8&wnƝ~'1?| ~JpDA5 Z5tK}.ShնX oz[{m '2yίV52e.[gc+u &Τ ݔbqN,n=Ύ6RLɫ ]Pi ޸~oD.vo3NȡJ?398N\c;ZIJKDHR1̰}m)f8`R-[+`on>|7['pGPq3T O4]aiMfWFc+'dvBbefzuwÜ0_MEhSS>H> 4U@v)0>SH1>|-_Ijm^h<(>){e!QYv0뤀؈/k5,G캺FAփO%Y]rR;_JaU248$ޡze~TP][TPY&d28+Rp~ܚҦmg}wǹZ S?+<<[N,rS&y*Nl#]@9Y-C}ZuVV2ӳdhzxnUA("6v.n,j8H[2yƸ6WVG5lWUB x$lTDVNإK KGh,ŝ'xգy  n@bw@hRKFgy !Q:*p[-y6?q~mvm~9PR=&2VqsmXE pF{hh [;zmO18G08*VG'HɹԔ>X 2*5AR40d t0ԬLܒ#gDkT} Ǩ5LAD Et-}σsS4~"#!3: %"BMCXOv⌮>ʝT>4D@j2/yf 7jnvY>_', p,ѹ8{W/[u ; '7 z1`xJVB這oZ?S?ʠ75GYN.ӇI7Z}1g@΄L}g|uSyyeG&Ҡ\&AlɔDsbEO zK$AaAIw /t:)ffUsDYj! e2kDߖUk@Lg ;ˬ5=nams,V [[=Hiƴk;4Zʪ)(@X,$%Ƙ3bz0bqL, d6 uoY] rP]3޻WY?ڈ*id栖Uh9 GdKqJzM.ـDS5dU-l ϶F8/vNvZ!pmg">8Ƅ*[hK$Gj! ۔CwXk鍀t,|`k`%$,Q_ ců9.OY@gi vgBdT3S!`?jJf=fq h;W,=D@u/R=i?X6Fqcn0ZZњ4%YJnV.Ƀ~ #_ܙǒF%p;ۅ;G,we/BR>5j߿l!T غi~<+]< ?A´RbԑQ`t\d. >_UG b'۱ Я*rA.F0TT l. $#q{(p{'M`|N]oTF} <~ 2Qt8SvM)%je+>xFxLCqZktK/_?{"rh?J~Hw'ᗐ:}A4} ዴ5:HC p@pǣY>e|-~heVǟd,)Hg4|nL8H |NXs>ҷE<g*]n ޲' zZ>*<#^)nXg SWsc 36!a gbv&Qv]MDk5*j6B?%rjخ>RKe iC i}o(k&),&\Pĥ8!(''Vo5Fᦐ e%51eug D@:'~ ͓ywm\!v~Mr2UdA ̧;p(9pۊЂ2sޅTE;LK\GQEXr(iŎۻ,oMyF"4eKX _?h0E)vq+w'J8~fNi .2. C%ʅf /)dR`cr<y'_ XTژh҃}f+ Sý'ĺuH@P$mtctm ݭ\+ -<ɒaIi< Y<(=l{%Q^)9*Y'>ω^ ,s]ߠлLx9\%M<2u!-raD2|s -]׋} r`44j+ZpUlq_ON42QTG~6(g#\ D@E["JЗR!@5Gr7tu;eB<*K5#+Gjzt"[)^(Zkr=lSYOS 6m.AO6sbdYu9 8OۨV E>YG ^ 'T6{ަ7V=RaɲE}9]f;Ax9HLsAϕ.: x B`~ R@&XJ:]Pm-GypM>l? @k0f{tD%/ۘ]$f/<0>U)0)/>yg(efL{/6w$\9Oj]d߄GJe}JLg%Q "/ލboNFx sixy͒-)$=-TL~!z|rv%) @3(>.TTā?.7)*F!ȠrNo^yen.3+%Ӗ$s#oWr7I;r50c*v]=[rxy$Oj =߲ Uɔ*Y=+|ptc9cu ,;6,A~V#:/`M-zA  rYrƠ7|L{o`[};b X}cC#M*d{"12|w̑n>ngmXnv;aq伛wlַsB:~\!⥒!@ pJ E1KNj~mSp RKnnFKA}h!=P3l:MR|Ԟ߳?br;g6Uy${xlZ8(LuSQ9az:lAخʩ4={ZJbТV,4aH̶m9eaq,e_x!@J{i]CBJ0Ag z͊[]N:2::>}gJ>Wk7EM NۼFM!)LoT"9iO@.Z윙U7 vC{k@D0?A\\?>~ MT@5UΓث-I) X쒴yn{~d=Kc4UpǐE?UF!MvbHTCXQ%3VKEO%qu̎[~TĻ^ɡ~s' 7Pyf1?lTY*Vޯ>rfZ"ɺ%x}n D-bۭ^Uv;ܟمR]r6TM ?u#Υ\Y> үY p-L8&4$}u0)ST9w|_%_(T GX*ԙ$.ӲA V(t]\H =ݩ&K=c*([ -9飅aϹduf_OX]D-..)'9rtVS??K; H Kf^;oH3L3Z!Z2rQFJ#۔.t[ӛ/ ˑqG{Y7\ȁIP.q">Am-d0fl贩N 7׹݅C=`vYaCRɻd7-^_,//dJ3p(v\|Pq=Q3yY&|~?BĻ?{vd$u)#_0:Wa'\'{hCiQq!O"l FW)tK͙[^^Cw#koRdWs!1yUAuyӡiCLg3*ڗ \S@wylw$BjZ B/S.P|tF.C˔ a p*wyn*7:cCɜaTx;5.ZRv~1G4*5[Ў`pXRj]<7Ͳuo8L"uT6 G!gC6& *TNwӨXw`y^jy}& 7[*G /ˆ6"kjzMlq{ +Y(K_?h[DM/U10lQrGqeb%U4,>w`צtƌ1Z5sr8_*j ffqbXy72e3\ČvZW PpToK E@oWCVL<_x6{$Xq SG7Aayv4IW ʙ >w#$2/aPIёt0n3c:ߒ#շ.Hg\OssoFlɫal^]1QH_TMW3CY8J͑ ~99zBOTO[8.l/$Nr S";q7|j]1&YCF(B=b7q=[-t#|RbIsM;腏UrbkG0/֚Õプ` g}?]m1]eZ7dMpgp,22jD!E*B5y˅IVquqգМhg"?}F},{d{qD-̿ Ͽnh=@iqY]W@iv+ʴQJ'M}#-:-9@9i6UW d%NCkAEgr 2HLx#3D|?j=͉-E'yˌ׏%bZOx_e|4<ןMވ߱L(lK)qV鷇J28o$IN,j'[0sJ!lrN!'ϑ };^@A\k>CqԬ?@rC~BʣeK3-VɁ Lbg|hSz#"$&Q~RϥUn\p{Z|T3ZOxg*9DNile>A7#o! V+'9^՜e,nMM3.zPFfa"RaEמz2RYFۼR Bm%X]“Ej6 [k6&2:МZ &o']FV'mBASļ3 .s/:cz48eRBƋ\[*²"ΩOVU {t!1 IdžG;J՝%b57d+WO8?+yZrjDǻkLlrb:a-Nl !x ̕9KBM~9N}kT\0&`S ~ِIe]B<x_ +clVZDdxܷ!4EAL7ś/X4ckK{X>HQIA 2Oqk~|tHsb ꌜ2@ .i 6bKQc>+PŦ!1JtmoXwZK9<89uWPZ=axkγgH')J~3 &0|S̳̎p,kӲ~U/;I"qRsS|&*f?919 b-j~x_!B#p8 PFJ V5kR;jЁ zT6cvՂ&|y4Cd4+kEzԽn $ CUB[OB 'Sl\߾ǬW%WCMXq[u-M8gdٜ[[?T(K8S:_ WpbR\.ԸpJQc6|q0P!srR!_!-($g)EX0}8dSv"C"@*6d3vkkI(B4n]QheIho6&~(%/r^F3YK&'?VA<NP9͙lx$FT. }?p9qķQ8*P#xW^m-gU?nxkm$iEj;/PPEI輁 lGKeB? N0nxm\RJCxf )sR*H4,x^. ?ߨ#K{k&*$+{]DHͧ52q"D\I=ҌjJ󯑎B[*}9{ ܵ$ɂPoA;p(~2Hz)\wT c̘ 3WJИ׍KHROz60knq3$sf fnF+KW[x˾1 UfZswO#K>3Bč>#Hy)Vɿ3͔1͹Hx;9);4բ3^jR a ߐY$3bå,:j" '0Zl78qƅP64xڛ 4a4{p M4 N}zt+\o _lRΑ1^~q0KD:$@F+p݋f \! j[J#jT?e+ykҽ֋GA`^*ISF(A.I#>pTB^hCկU7LX ,eٱ4vkA5w`ӱ]lk@ay} HsX"{76ԁbƾIn''K..-ZISi:XP?K݃sVf@!)"` R܋"#F ͷ#9A15ذ|dRpqC l$Q1͏Bv\a\Q4.rMb>]t@$Zv8Y9G7pu*Aw屨G@IN !QdQRVxRHbxlݿUɕ [SYmއIؚp|y}{\hf ce&ƖO +IKqoFJG UI0,DSse"5ޅdee3Z٢{!8|++ C几/f@D?鑢1Oސ/n4^s\?u QW5[5Ke_͸qڳ3V!zm#f4?([HBr>^7Y.<}>g_3D L-Ad)]4ɡ.$w'Zöc 34\W+J,*6'<0?;m p ܹY%9qJOt<(I/%bĨsb.0ߕn1 )*bJVĶ^P'朲"p/d[+dibc_~LPG'5~qns/3+>eq*߿gJp'% DY/!㴋s84Sn%̻e(Kid:)O^#fYȬJo^-\A7n!AG9mq>2u{29j:p*i/vRLAD_QxʈUҙN\qp1 i,1e@hdbm`?/9Gg$ʼnx|<НN\Hk=- a8hBWyH*ǣ5&rZe^(0s%"\4oD&Vo'-)9)]5 Ea˄1}؂}dag322v0[Nb+^ɼ6NJz_0In ? ƅ/@OɤƉcؙ1yxpG-➏ VSC`Nv9ז-:'`k,t k.nuC!# :׊=oD <~_mW?AXJ}Q]![/jZ3_P)~J˵^*S],$ϙF!L/OޡxՈI3 XrLM>w &=і C=@l=a53ړcܮqN[X63Ru^ڼjA=;~ƞfzF k4.$NopYWŐm \G+C ^*7w19*hh2uYK^GTjBͶz+I g;ڧ35muq@H%M|H;DTce}F}8WId(˜$E0EwK4K5K}*E2vzvѐGF[DUT#=*z&ݬd HJ+ pGL&Y44_N~q!2# t$] xD‰}>+̓ۓr ػ} Y,]g>'~͊[F#zƩ^kϠ +14&=1+Sqҏ,rq/'{n6fןat5l5Vm-E㫋)kf~Gžgڸf i |&'3fPE~ 7;Kt{Ύ)Mo5X;vR"vٞ0 ĸȥK h=C4_h !*c_PL!E6[j%}]Bʙ{uF(/(=X"P߈w(J&_S-yqz_uk %IH6/:_ϴnLVxA1g/ZJU>!;" hDt#TxA)+F'<ц@ l-ZxS`fWz̙\7U&H5$P#״ax y2"g`L{o)ɾs1Lp6͒xEaCRk7LJi}#jDb}J6QK,6X+|`/%gXw\ga8[5s X,y%]bO %1hp ?$c!FX]dzu7nh^Q$[!WQS*'q2kQ,1GMh^ҁ pgp)īq5,Fcd6̡ʭ޹]7fΧ1F)Ь@G%"}Wn#$٭DQ* S3lX`򝅆- Y%'hO+J@F1Q}K->}F3:,u?X"d]b73]}~Śd#0'G'hcͩ@qs b$rktl߯x)lt0dIGhZm(zˇ>3mguk6ڞVSp8z# 6?\JgIKM95*-8Hi9,<-քChq N.2s$wQň3jZ[T<.wj}]{ ¾axf@#ha0QR$dwiZM^Nj.Qn&0; gc6 Kr综}r F_AdǤ^lXK#q|<|s?]@Tbܫ7@({9Ii'J+b[[:1K˦CJѧ]+{q3P2VC|.F)p-|eə AЮ{Kv=ˇxl. e !?YL_τĕJ`hF:*f#(.~pOaANCk5qyI ;mlĤ?B#–klg&@30LËw^2҈Tf0i^=;IW kHO`NƠQ\ ! C@Fߋ=vԞ'+Оĝ|o^XkXBw{q"0sLb!:0 -ŋFiP*TpVU&2u߮@_$j߱a\Riy0>BNT1E:qeحZ`h.?he6e,U8*ԡ!Ja͠?΢SڠE(<Գg d9 |P7N^_?b &4:f)x(ꕘåWIz"^i((\R"z} x&bmI#H2>a2`^>[|,5Q|UOԔkR6*WF(!rȧ<:)=ѷPr?ZCEwd)v(bg1-qg)OlP?{ldj?C+wE}*R1-mځ^Pk6Vuڦ@iF2:4VK_6:?T'.C ;{x{J9 T"ϕ V刞9vF (q2M^X`S1+-R֩WzA+uYLV`5Hե*)>(ȰyF\{'){& T:֭Ӟ⓾6CF@N ^R~xt !t'f$w?—-Rw}ݲ|1_AMgRUy*8S)GtU TIY8Б +a_HުL.l/mb{[6y- 3&ԖAg{5'F!ktVs||jTЬbj9NǬIVY5{[ .p" >Å\_U ZMI6&}Pu7nDP $9ri3}*Ul/xgVC](2炗B.]jrbf QqT۩BlKI|g0ϼDG9fY4yg[ʧuɄ z#|Jb 7|͡`mu࢏7Kp6S@3zYK!5p 㐕iWӅ%ނms<+pJi<VbP咹&+Z?a ?jg#t'}I>썟mdcM[LA "ENo@٨0ﰤY]h^ڏYJyy0rWs?Ov^}S6K`YrJx3[O^2an3| ԒF\YUCDn l}&DZa̫dYlTEig+9\Tãi=\]4N)6KnF]s?qBNГ ?.8c8{MȢ܀ԥ~eZ,u/R,k\7 r6eXEat %TUQ!h5$@xX4M(ps4l!^hr޳cs _5e&h|"B; y>(mG>zA"6NJj%G(g ?;U))@q3W~ zbYp()W)2$Z਋%,'q|t2K[̑vI.pddp# ^UʼnP NP{l3왂mY8I- _*ͷ5pEG+.%rr*!lN*2v`]| Vq,F|iW&_[1Td(RBwv#%b˴Xfa8O5 )]Ίz=&:۱(ߟzDC,-y)2ό5f& XؖVgLDhVi2:TR;LHًQfQwiA0g>\ˡuaKrI:ڊ >[B,#!kYO 4Je-}oD^[n<\kw.l8݂SqŚ"Lq$&6i@L>\G{@KK\^=_&E?z=V([ BƲz"'hX]̦aN S۫ۚYE-xZR`Yt)N'OtO ȴ|R+, b%eD٩scF9p!EZ@4 =dHȝg~7qmA"͢i fx jA2QʽA|+ڏ[{%mxӸ~>"nf+ᔝcDHsT*Xs!?8#ڞ\{e7\,Ҕ:AU;2MCyǡߌ|dy^)2.7vFg NV̾O ZGJt++(btklK"R흅v6ԷF&Q.D-t |ԥ8+v}T Fe6pC0L'\v|:ҳZl)09DϰvT|SFJ2`B6ejh祦NNŵUSdF.&1HP% Q(\CfcazDA%ޔ"јt,$GcSl][Fe%UwcBOߝ& ?t"jd5]`1Avx7~Lfda\D=aTx۽73;0Wx?hY)J zE@iX]NA%@4iI]L(=Bq=]x3~˪BRR46x%,(IJ'͟ula xmc(=v|VW`xjڅH>v:XOfid\eXeqy6GSQN9D]Kˆ SC߉,&ߙލcʰ%`>x TF$P]&W;R%[b=cx NY7O)Dӓ9#&Lܡ*eEbKo\j^՗& c6|xrY)czIJ8qԯ>O?lOU8^XJK?xS -,TT.:̃P>jPd7o9 CzMSQ΀C TqFDH8aTVW/ S>KNNcad hLجL2XF?{X3ȶfռ{E0 ew݀ 2A(Yt;$kIjh- 8K^8ĄM A . 8pF[TqG`cXnWrV(m $#X6 CCɗ'z]`l36V;Ÿ[Ӯ tRvέPq:6@a ~^uKԗӡ$Zk.iO1bco+ 4Ni#[/C|nlhU$1Ay{".CQ;AzGYOԕ[|9j!šrbn.?7B½eH};Su3>ߟ4Wcr yܘ,p/d餐1{cV54X}ڽ;{Jk U8\EI8Z6O5K4P)ݗa2-FPn\&2R9ARBծsf]8}fJ#yK P EE#ȡUAr HEF,A:Q + 9X\h,Ąs)alY펉s)v8fơ%u꼻 CR=;vRh|]<2nL^am_z"P@z)u]u@* x^Dg礄hi7AAYSC-пod;,"U&ɸx.; 5ap=7_Ojn=Uғ=:TS=/:l EP+ S& ¬T;`%M! l) tV~O L=sↁҬi٨.ܥ5+a˫'uE jynMHnLɅ <~ĻZ%^Nԧ$1-@7 Jw}{fws~y%o-5Wb?l~+xy:.}[. fdwƳd@Cֱ&_wKOuirg7o_s;U$0ELxxG|L1Uـg]iT t[ӗ7@ل8iًhl1ZvvlGُhÜ 9+w}zq'<}&yˍ1 v \zN6ރSoLA$Bj1̀TX:BDO$z" Gew/+|&NY!,ɯ(=B*THsO.Bq鳕nB\Esw I3Aw;K4} 9i->nv \M)ʼA٩KL 2T>() ['_(-4RJc0OQ T㋣suE0,=>PX4zz_Q1 NTwK"p:[6dY$Si54=>?w\p7:[)S"u9jq rcF\wq;?LzPwy$p:5݆(R0pUG </n1ɘHeW*aX*)M7-4 ,+#lҳ^!")G{'5sMEP[dŔw2q>}2#IK 4z\#,`t)ČK7:hٞd[W9!+,@wM[ʪYlM>E/ʻ gqM/n|}i Ȩ w"*wi_>*V1pMٹj`uYEw Y IE?\$g20ԫ)xN&?)KP /hTuٞ%#HfTۧܣb+Zu!NeM}KZֻ`7H5 Ky׭½u:!$9ry`0vqL<Ā ̙#R2]t!R8,O|R Z[6X {[Ɨ lj>7S%sәT#C+nڇ9zֱn, Uʧ#:HnৌwT^OH̭k_m!U!m`~[$fj&+z;PeU<1D3*]y#/̐^޲*|C#y(.-ZTi곾Yu@f8F&E%4qJB~+"ឮtQ‚nHD_8H$5woq(4A<ˌ`؊K'u.4ȴSy=z|1yߜ/x \t=~+orJ݂e6rdQ;~ل 8'Zjj h3C5*Suȏ"PD:,mL)Ff4+VSSkHI46DVEygHˋ4y;0Dw o✊ RGv$׶<?s+=Fqf?hJpbzeؘ9 ٌ C7LȁWQx]]SbV(^)P~!K眮h̉غhĸЇe<N.Wfeg@ !fc!$%@h3ZW¤te쥊n#%(.m}k ^BC}U=l(\\ K v\c?k3}*dj␄W) n@o&I)^o Qk{RdYv_vHr oCe/m6T`R$  /G~훢>9+^i(èL[<5عaWCQv&c{&_rtN#@:UٖnEMh_y{aNӢL %G^ zCfk.ADOa?8PHӀMdq(,,󘱜勒܏v|b=q7d1$E0  ](%CGsʢĐyvG#Ɓm*1kqUrQWw3КOaڃgSu:mcP.fLz8W !Q$rX̀il3x@̵1[ om_kp<ru;rUvnꜬrM*˘r BF+`Gv +jQ+1D"lC-(V0y\ǪM4{d9+\,.vQ 2A6}QfENwX⍵nvȢ {ov5/J ֶ/ }C_ݺANtŕe~fnԵUBD~g-U3![uΥJTqT ?Sz~%4z'oR lx(@`jUq/SXpI۟6YIhd&(!ŝ]BԄ^y9 H0lIh7+"I PB;ORlJH=-U0|oLFb)ksoR?v bdތ\)|Bu$5;&zo */}m~u;/l R(W̊r6#M)Y?RIm*`*^>R$bÊ^x+fܦ OežtjW$TLj״7PA.={ǕzOfYbKe:A=CxB+{ywH B헊4s &,@z)zeihXP{̝Sn3c"].j3W@߆3M9ehlgrG|M0~]Mɫ~7?0qyQwG^J9m;) Av$%_TXY>~R)Vt+`uD128!-HϺi=U29{'ƈ|E)1}.s>0Uoo2 J㾶Ix].TDVb:rSDkY?' }Hϱ8!Z zR*TLK4>UZ^I @ !*'qe,)#f P8!pl`VȆU7Gbшg*-qfCE]OE2$ZMq9hviت`~tj4#/T ʀ( $8@؃Tn E%\G1jPQ%$֊yviC4`AYm})qjZzr\V]=6 xc跏?ᚼ w-q=&-:VҮzOpXD;*@ ,&ɱX9VZ|5hJ~NvZWI"v9IT= <=(J#9.'ڮ S1m꾽ttg6( F[XM@B,qR0T ,švJÚGBU-hOLmuۏ&c9?4n'ťWoI$l~M/XcZx:]٠uS|mlL>On& 0>eb!o;;kl= /xnzHg KLlYtFa&ݷ\2KBYm0lAE?~  |OH  7CQBn(F7I_]XP_ уҎ)У[Æ(]n$4fE~?je ^4dT8Ǭfخ9yd^? (VF:킽 [o1WTT%>I~7mg%~ή˪ |;0i$<|jWNfV%fs@MBϕf9F|k?%e7N }t"` yMsi\РwG=kPOXDj/Vb4  PTסw;Į> Y;Wtv #)QY\!Eo0Bckgd)2g#4;_pרxw“,bIDyl̓f$k저X5o}:ʎ>JK({ Js~شUmG4%aSR, qf dDnJJFJ68:8M}gL3p3SiN\7a@@qgL2W&A-YlXM`~=K}--OŞ˗]:o.A)oGV KLȁ )x_ 9jMUCvl?ؓuVpf//>f\P&ib . 2\Y4':[ZB*~ n*R╅CH: `V,)SSV-\4ZF>Y\\\y>d!ג |* DmUZaF#Jywć?7m.lfn-,GLr,e=mBݲ>4I-2;ʃ@W&[8y3,ZɔnV5F; 1ɈZ ww>kVN\qzwVf]pc$ew~6$zlL8Dr=~K)K%iQ@o%6 G `Nmhn53::qcnU=Ӡ+zsJ"Y> E0}*PqG/+̵6۷p僬$ޘrk_GqQNG+ _1ݳ2Uêd'>nduO{48穃x6".ɿY] i(-9W )GGNͪgVJ8! s5Fؗ@ꗮ/o=ȼ ϡb=?L<5Gy=B1\摖n]u8NS!dot[{BE;MZ$ m1]hA2>aYGh+MFA]e_D!OT1Aq"RPl> T]ϑt^VEۻ=o Ӓzw~gF79df0:ek:VmDYsn/Ez<m0-Q aT l?Uen s-^fP"=p R,J8і'n:#’DX+n1Lm+vOxi#i K-J$a7bG?KT;[_*yd}l [?8ǽj8KgBCٍ 9\Pb jٖM!mٮw 0,w \UA#1RXM~VF/)77i.5ViCV{lg8mrQ `kuj U׉?6SPR(r,< Cv%kƜSu*nŰc::5{ |9mv ^hrV#e 6 D/skF07Y7 svͤފy}=4hB'fko׆Fv|1&5}7¦J!npc`E/pedR\7gABK!KAgpj5?]nq49-e?jqS6-XdE<_<ҡLA8SZ<:Im7p]$ooߛ t<%f*-6kd˒ 8 [> u(6R s^{CG6aIv3* FG_Umb&,GZHqǙcud ,/M4E-hx)AKti*q\'"M `!k!4aT9K[9K3))X85[t/ o ]g\{$7%uP(1W\Ua#"2j#8OrMAu:\+TQI?PJMV0q%/NVzrN͖b0wғ\ q#Z' ְmVɓ~r3bFsUM~D{~{> 528l}]Qw &)b6ǤoCjM?b3l[e"9'ʀqpLei"uD|GvŒH-uz>Q)Gq6(cV B23nbF6g@S8^cP_f++;*1 PFڋ<*Iuypr1$Y滶] OMSmr"5o$ ҊCȒ-:ӾXjaDDnyÈyx e\\}{PX'ŋi^MeKُ@ʙ VK:WlLzh9SiV_n{ܚzO ӻMpul)g备ٿXde[U{>+#GّGC 9"##e6ᾍ& v"( u4SV<3*Gjl_42`,fLoIl `Ɇ\?؃`)<xɬXH+|hse:lWedUPzD9M: gԹFZ.8z^m"ɔv2ouG"N+c1[.?'!u5ε+7żs.,5:w.Ru8 ɡiȸmb aaP-H.;l*H7y]Ml^:T(7Vp@i V4@?{ͱH{i\Ƌ_ V k-:"~Bl{l.>nO i9AP/|}ڛmκ킷ӄ&Hbԣ*eӭYPm.sƗC8G‡F(RP5))5:<@s.s]H/$19j7IC'ʃPdR×5y3u3}bcW-O47u<>5)uﴘcAkgVWcM݂l=ҝ:xo^A+z*$ S#J ci1-@8u<Ջ:2(B~̎ʕ2aևS,N@7PpI7SK ,=0d'rFg! uWdUkcOCr[R+qM-mDhtȍ(:sh2;\ \mkc9y33|Jݫֈ!hmYVAҌ#tP*X@#kW]&Bx/VuV:`cZr#%$M}AfVqnj9]wwMxɩj> =)xXA0S:un%ծyk8n8%-avϢVgS碪䬽(͂B5,/fӬR?էra b,Y{B(VL]jhB |T2Yx|]2nu،˶ԻR["mV}37ĭ۵lmBOZۤ9It#ELp>ThbWDmZ"$ĭԥPhjWH%mrO޲ ;ryR"VǭWV̀dɵ*֯Jd Hm$R$ZkFaxvٍ_l`wMp湊$B{{вQwT2679\Xd>B @8;﹇qeD귬/v2=Xxo4^R}`&I\hbQ/,ׅ&qA~1KI1ge*ҺnV-5&@nL̯ǭ7ROGADUUc#[=8V]ĠO]wҞL +i #~G9@->UHUikE?cWbųsL}}.~[m3tid@#7HRӂ[_岶H}QeLZ>^,gpڱPν 㟜k5ގPt} w]?v֖J?y5I.BT*9JK̔3CS- Q"|?6AUE.ehrr7ώzK?VFڛ'J 2> jv !Pnlᚼdʝlx1r0i$Q~>^=A?jp,z\-5%9: cth3ؔ1 (ywe O&q[Ά| LL%@jH_0]lFB>?-mv<([n&.l-]Ȕ/y!D8z\rswCQmh:c=;$BB_ĥmأq`|^\NUxп:v( Dޙ: E2BV} l}{[ fsbF+7FXRSD7C;w*Ӝiˤabvf`!'Q`)N3VJcnskW WHdH!$g'w[; v{2OF֨^Od z6\% |MJbl{H`P?iM5_L.!߁r?~OreQ~1tшGG@ f@g[FtGi֯kX8 0*da-Q<ƤVf${xIO(  ' ^lR7c3\Iq}|83j2FvX)>`0r*GHB^$n.<(a8)Ž/˭}#;ph/}Zk H Ouߐ:ȼ}%dZ>iUܔjA`ڍt0DO2J` wL<{òY=Z}>hJiěkMEZDqSܮ>C啉> 6Ln>~rp;\zSٝr&>QNذmmL0='6sW=W4Mh:ݙrL/}%[1pm4JشSÀ$ԥfRn ^d?{,z -㞆!;0l*4ߗZOcs|ى\^Pc&g ]]䷻g˷}3DbG!)_eC70I~m-t0jB}f^!ޔK~,ϗ4]u1;k +8 n4+`m 5b,l (k2SU&l,dB)E`g˟JOE|`+Ʒd'wܘ]JȄc?.+P52p߀7ajyaگl^;V^5MQf`ۿFc4dy &Ɵ") a|wsjxEDBJc!BVڡtKIy!- ~[Oܓ @q 3q>nj=ޤtS1D_Vjδ54K Ȝr]:OEAz 2 h0N¹p$76ʱ]"+]zTMBsIj/HMcqQuE_xX< ̔u$^uQc:Ruj;I˰NP<bMdF~>lJ B<0_CSp쳚I bG R^mv{M*ުaFJ|,z:l͆BTQw͂NbQB-,yLk^13C@hvؿ/ǜA 6z# UhB~ivn(`QHchCQf J̋쿰֣G@LM_t" LL?0QԪSF&@9Qk^e|S(֕ @8{vy Z"BNȵl&]QvpQ|$A邭}#X K!vr#u>5gzyߏN6/5wvHqIl p F#UThpQk8mo^-#{(%)ʎ! &.[s@=ga1t}'ˣ(AHXcZ2>~V!͋W:)"&I>8gVcR)DAESWBhvC0 ӳ4RTPPDzV#3w1< D-JSrs[UM1(-ߌWxrN@+ 6ۈQ=A[yi;% &|a lޏ[uvW^&8 9oC3Bp KhP_ p]eD,qXzz9c;I]S7xS9,Z"7>8@GLl!.xEʲy:˗DDG5sҐP8#@kX(ETR;~:_t%t/%ɿpgBpuS]~FJ{e<4:P\B:9=8Qٴ1 n46lJf1"@K |IcZ s0@qP-l61a{X{"=v!,'TП;]?<^kw x5O!4_}:,߱̒X"8Tq9(N|`$֪龲TQLBD8.'$ţ]fŭE¯D0;ok3pRSjtwsX:Df?fͦkǚvrU t|Leʡ*MyD@[+_)3p%ܖOhuIlaW|Ū[c]Z۲)P?c5?gP̳υt##UqU:p]-CAĊ6#k1/VtA `Ah_WnH이 O+:SaȷI ;>w 5Rx JkRb)LDnN n~qDW q C0տ  :W~,j&mEgip"Z; r>xEPfZlʥy7s,-eO{M\X0k̃*m&1}>~,iwh=\|kE",a-f4C¾)W@}l0p}K갊E`F^SYuk+~Y՝4scd}٩&hJmE>&/C@\Yʪk%moZ%ems.Φj]!v\JC|o߮&kSF01>o]t%á+gwe"ڎ}>HWf cur^iByƺGGW܂!Y%O$YLVʲKGHn""8N5ioэO6z;F"* r)+cD!6ћ0 O6Q|N0)%lCzy\LFlg9nFCBIΕоs&d XO=A5Jd{xS7DlN1,# -f#yU≜_4&]2̍)2 ʒ̺9EykBĂ1P4ܰ{bBv;B/lZ,g@|KŠqD$Ja9hy}۠99Ժ6i̶3MP(տ 2mǰF*jZI`t.UZQ y~y/>Q〉N5(]x)g7fN$lo.J*>(w4!+3ճewYQ=|7䴂=NFcQ.0cp``~-"moDl7Sm6bݧD>LlvKʄoXêʯH):"]HrрYR{Z"+FE^2+|xF-@"r0+uoPeyO!aoU(E}6; W]N{;jQ?AC䩣>aȼ?9"5V,`XU?$/20fD܂$Xbp:9jB7ܞp6IPvzE; Ԫ}d|,,Xj3ԽfqQZٲ})]~n8YJf:4pV%=ٱ=uvSɪeġ7J,6t݊$N+Q-FxAlS ^^?+p1PW0%Oܬ)?J7+z\{B{ᰋ6lju!>B`֐ez$֙A OZ%_cbxA7Ea<3;W8q(5R-;kqˮ렾2eu^ sɩ/O4c\/->} heʼ"Xr Boy&c57, [r̹)m8*1&Ugڽ9rym;u~n XfA /`}t'h OG*LdXBrWN>%P~t;TzԯV#_hFv`zϲ!eAnpoi,*; +jXn%Y6?/u2PmB<8}&!sbb9ϗH2@Cu!wkG/F;d(}\R~ Oܳq3i0;^? c^ZGx\49.T3m} .Y07U9sNFp Ns \QWKy&nk}o8@G̫g3!JqчT\' ѭZ!{@IH2rxQר揭 @Ujkd[cجW4'Nbu%n]`Y%D0'k-iž:+.-1Kud~"\. #Mc,[q;"@RǜNeIϹT>=uhhS,:Zr-2+qb;KO&⣚]pAn vzd*d* ?Cҭ\CЕ\Q'P^bve|td89pJOɭ~NF oCM9H--p:jB Kyq{vØ4LJog@`=/koUߋHHvק#sHSl=: 2ަkJ -ak={=q"ij+0Ñ֪G5#ȉ`vEz' t- LAFV5 GH f%4б耨8VMz]p@%j=8v6 %\2njH:>Vp#(vu/ 2ubJ1}K0ndK14LS$F=DXXТ,6.wkGk5qz Z|tuyBl@ǬN+;0VUFu칌zk-bҒoru>T T C:K3FWkZ{dv3t" fnw&I2BoX6f*ͰKMȐq^(j/yX?(vtʇTe[sx 8Rv$ɹ K^OZ^]sWgKI4;;\Ѵn\/q4M_V^)1&ɭC jF`()zlCT4,r;< L̸ TQ#Jo.l3q-W,.0 O}v?٫f.F|鏒kg21{nVqocɮo@RrS :#K9 wke-{Yn:Tt0M=N5迹\HFyqy&s sUAKuDL\@~nT&%>b2`1DpeKp"4VunѓD>}Zu j{i.8i\Z{u؊!HFO_'QAл(3KjdUTVFtQ+>"&mounE{i2+L~( %"}LZߒA+QA%4OtV_)9O=( Nw"(LkGꖋgp/Hg}dUڊ3#(<מ32PVdQ?jNն&Ҋ)/η6q+9';,B+[o7!)EK𥩡C_e5C5Ud=Ra޺3$`pw{UТFW¿98t;0Rj1msoߋHQ }!@l5+A3*n'"OK@1N6*tՐJe L"۸q8ӢNxd;iK ٜ1R~9{Š˒{ T` _¢\3L϶_5^/*܈  ] xuW/Wz~I]yu4=ctJӄk8 뀮@CI1K]h-/ 7R7H{ urƯ  돴sY&X9XEO+ڱ,9T|!| 6Z)Co\tB,\F :L@Wg7r(ݹI<ȗ,>!V'2H3H3oQ7 aЄBR\FVǦ2r?]e.2nX+۬wø0KrFe&)aW.5G3 q3Q(*>=lqbnZ3y,?ꡌR5Q6ۗ l Xh89^@0<RQ']!g /4$'(21%\.>Q;*ƨS'+'_XBU)!j5y!S87ݮ k E70po7F"8b8ǔ!KW&i 捫 ` A 1x yUS+h!hRՃh 4|[{;U#:&Pp٤8awh+X:izlˌ~~s2i|&%?%/E:qɊ"@,aPoȟ^S'<`iHG8uf:#H$Q f\Cy9^Cel#wVP8Xġ\iW0'% {a !y8a2Cئ:=~EτN;1\hXJ4n\Yh$pf4}U=A>Jr̹#7E+jL^l5%fʇog|HtZ-Mh{)'F)^fe&#I*$Nu.Ã%d&/BH|},+Wf:dhE?iLp =7ZT(?s17fukak H,CV2o7yUQ1VDDH #DܺbBN ܨvW,jF?z.#{ 0^<+cѻүԥIw eΉw7EY !>197m*a"]LX.j)e4j bj[K]}am@#Ya~b3Ea%4`42W<>%KᩅOeu1u ^89y40 o {үTZG1e'D+rj~Y^Rʢ'`e3RiUC2o L"˟B9*`m-;\KQBls*yVEAQBKt=Zʽ17C Hlb0ƭA3"3ac+{w cl`оȒ% Oߪ@OI&uzO%9%\W Ч&pfsdC@p ǨB|8%m5$$Zk"&g,Mm~S VjM+\NTY z֎W7 I.T׌Y:HeH0_>wk+$~^@VfU\qBUgnZ+ o#^ cc(^s?BM"*CncN;o#ǝÂxNj K͊*#$2n Orlu`*gZ K|EШl<;;pjy@<6zNR#Oِ̡I~[w}|DjP0%1"rܛ5K cqfOsa !6)пߍ[pV{'b{=Đ8ҩPʗMnx;Hb`p7[t=(2Vs@¤CYsB|t-tBLNAaUM DY.v7(/Eϳ\kТ=ړrr['a5pOKL+"w&A`PLТ0{bQ{CG=?&;@R-4lLzxŷ rtO?]tPC8w7ҦX,fmOuжq6%pT_¹_5O$ׁ>Ř~`uC1Y=b\¢0 Q )eP3B 3 ,1bwײp9ivNs z'\̗d "\d<~#ӗ)ĜljN 2:].@H XM/; 2<'dsRDlk\j*TX "QU م?[YG_+)o)\WoSn*-v/ze] zMY f'SIaխ?okhTS(ΑK0|KywD%%|uW]Z\c!mq #z`=M5p(ɆA׶F|݇ºxAN$=,I-Ҡ.jʟN/ 7 BAw~B>Mo$SkVUA^t<Ƭa[*[!!2n.2 ߚ2/ >pkWH8bg&akMP湕F,)_TYDŽꏷQTu$G~*f>LNjd۹Ib&fM6QC* ʶ?N{-%C\G^ ӅEEEn]΢I Wlf ]&=@Tyv_Yŕ tM1V@mקp'rn]u?wt<)̎V%Mqn4.i&ě*4Ւz}ΓEcWg*BE-yo\'9Gݏ7h89gH8ƺ|7d-0[(s6WOVW HT~(ěN/t`#x 7qa&Pvvl-Me%s30[91e)q.z uQF9'^zxiEdiS$w1q#̔J D0rHi~`R[,8ڄ\bAe@g4?6oY3僣D\aߠtwlr\TXL%Oy0c0gTBz^*׸< c!@u="_J*JljDŽ_V p~t@89)!F5VL $op]CN.\\C⧖LL\py9վ놇r~y:g: GB(.);&9|Xq㠸QGUaf(c+I)[vtOq6czhGe]NzNZ,']4/omz* ϏO.i57v&mRT hb O̤;B\l*Y)\ P@dbEų>#UKeV8F+WS$rӕG!""Y߾A9CaŝCAI@SzC?7$4Zsgǧ[X7xYrfM E*&=PpeH$B}G!9:iV-g<<P|ewƺ55Fb45*`BM\#?v0G0>Nj"uNu[}!6x>L :=JD>\l8Oن]Wn!`Yѕ 8[&QX(0G5ۍ旄-\ɎXdk+!o"۔q[610 EOFٝ<&5IEc=}Hě`̔fFPՆFk!r2Vj`/&XaKT{;"N 0h έHၛY9Oa5^=Pߒ} *~@ti(3:7[RlSKWġ (O+hF0%/`'QX~&dJ{27,ubpg|Nsn$d갺 ?BGN)zCw̹IJO#pӮУWio<%z ,*YykGMg:s4譒pwX'ͣ"^8k"_SkǦqA|b؟/rUj[qg?Rѹl3ZvJc*>K:^wh^& Qi8:t:}VP3r%vLiO87oߤ)vIuf$X<],c5y<J0: I- 9:%yJE֗DYn](`!Jعp!h}\V%ap |3nޕzj6KM.TFT;=5WHX3zo3br4r+>-P:oF[j 㓇O*RYzCJ6VuD GzG;?oPMbf1ݘV{1I]]iVL heW`8&X7{2Ӗ@sa)F*2B~?!v)dx.aYChl2y+VOtS!{Xj|kkKCJ52ptIJoN)ͤ~؟->BЮ$ʅG=1huzv?<  R1 ]D s0Am* ffIlaVزT<0#D,i׷"I:۔ZLʸ7SfZm)ѧ߈+м;k*`7O"x_q[wYz)L|uj[ms|k@fS3.EʄoD2, #9 !7,UBVL(׮?9>۸Za 6r=fzO?.9(.-E0 Oggx\>β5e0=>a4C~lxj$df}od._)чa>m[fLM>`.ALH!..:HN$$P`@^2S?u%[vb]1?f)|;ȟ-`?3xrsxWT)O8ۧ h#׵O[peAC[)bP[t%< Ҧ%A8!)Ofzqp{5\T6F=fO"#ЫI|U#6NPcתJm'(a vo$CETۙ6F&qы dm?SG1idNTq*ho/ {[P_5mЩη<qϿ hwO %H8-+i &C3wCtruɦg؈m_qDt0~0` 6=DLnR r%%$̨K|.oRC|:lK^1Y NPzB4Em4OG?(?\iZ|۸RrK AM2Z3 F R=P9xJۏ`ўcnc3P yO@tyu'vX8@mLp"iĜ̥?E$Uus7dJi-w K>헽P΁TX@q^Pk?ʒ<#Ye+;^WWg:HFd_Fy(;k2h rà[EmKxHz&bvc7ӭ} [|*˃1  GL ^h/<< Z`ײ]}i<mz<SUhbh5 Fr&`t(j$>2cAP4mB t9P񷎳Az47@rZ !]ֈCDLZřfmǶȔ!5o3?eX܁%fʍ p V=OUL[VG a R&wz5!Qf=dI`JD;)Vφ >#h?G6䙓D83e+NY) pkPx, :%JfxJj˶,x1D޿2߿, Э`gu-v/1j!B|n^Eό }2"@Y!{R¹drF7V>|KgoǏsʁkSAy\'62gۘ>t eoԤ0XdS>:DۡOGLs\-?@2upٵY?id 8m/Ee[e|)n2zSi;C!&WFg0lئL b/< @ CFz[qi_~w۾}{8x5x=^a;{UT-#2uˀo#6Nľ?ax2|&n,|/|hJj~֩sREXJ#5b}P`:?iFHal<*A6YGcļ6m@)ݸ 0$-y"X?3-Y[e.֦J s>;* .D;æ|sd)^Ow| @3[~ śN 1FL|f,$ Ul 4 Y "dq2QvYbneڠ䧶4F̀KZwz/yS-(0Eѭ-qC5L TY$cۯ=br-U:XeA&];FePT" <>7a7(^l{>.FxSm8.i.*ꟉGZ.Xz\?na 5t |"Od6|rBk^ H}l6v{OmQXZ<҅=kr?Өl5/:a~LH4M SRϣ%Ɛq}.Cӻ6X3e!OnǏI'>Dh\I+RGuƼ ڇ_8^M$"V_3~INID.JjyjxmCSeoxڿװl@kiwo86?d`0/{ᣊygb|IO|lfq.m:%-$B\K|9e(hY>> 6dت-t|i `Ŗ9W5|Iķ0fWK(oEf+{輓sPHK,6"v/hTy|0'eTϽk䯝 |<Ջ`IAU ~`;X2䡹dxYe&_fcQU߈+~+l*K #_:Mi,鴽$u N<`.p:DשzX.6yL´]Zuĵ6S5x1Qӑ&y-FRZ㦈f X&ks-#{`Uxu|YBzѸ+ 643fh&GjI?,br=X;$I6yQl"=(X61TdǢ¥+׸AXiI=< O#/1ٽ;}Ԉ"q7 k.qXKY'tluƼ'AW14!K9xnk`*;⍙Oo)P Jl3Tp\G=#]ķ'H5ySY!Zp)W(6 VI_Gmx@ˋ hfFd԰ls0K~1Ʉ+$n9a'X=UXlSN]?KJ TOdߌhm#K-ZL{\rfƸŠk|+/#@bHޖf"OJo d+fԛAe; zxEyQBTj! GYG\_!vL%5F&M'qb{-67@v}?FUŕT22f;K#kv3Q[=*١֡ӓ) QO4/΀ H{J0#W떱 E t#ABY"^> ,NS&m>A+.Rf81E_B6x#'b13xZLz4 >!E UEӍtVƇMCAaxFA+ZKL豘zI']BP?mgZZeŒ2sxT\'27B2c d_~vyηly㏒x QM[KVs _Q/Q>h `6,Bf lD)00d؉TJAP*M5g6hѱyqt>3W=J-lH1 6Zx,\fXA'ŁXqNMPklms~VwsۚdhfۦI3 EvVkfغ;Ϋ)7?9HҒĥ}1DQ m(C6y nfG@kpy2R-B< ??߱0: V,b)MG;삟.Bx:s3Eҙc mt{24Uf*\\k#B]^ýVk2uNj>Jlz\+@;uRz7>2=E-]R(iѯ^`{Xcj[v &ǾC$2T#kPb^4ZTQ2jbtFRt965e:O pt "r>A֍ժ_WτNf Dg+ EW=i?*9m$DIj}ő:I Fn#V9pgĹh+u5a_JRuBڪdT9Sī2N͎x@`wLhXa 4v° \<5*`]R-oQwB&߃F\`JTEVsTm%UTugr"+-#Ӧ,Lڵ?ƏX;V^ֻ4d?0绺=}qZY('WNC`9"9C1(kq *{0M;C uHv[ԕ$K~#[%]~ḧ́yP&~Œ`?b$S!iKݤqz(@zϬS!Y%ݛ7о++p2 :b$;@4/XeN;i" \~鿏(r9*Zj | i;QL2 a |j|Fc6/sٖՏheE_.{"мKdARN:e/H)e 8u$AiHN6-XY^~`Y~, Y _rB,zBnהՃ RLCE<M ~zJn-Ն D8nkO z&b zaV2 JMGBuVҎ ])aG 6jqX"D sgVH$L`ϓX qt8TT/2o׈i;Pc!.c6Aukky\uBpr}@%%e ֚ժsҘX|@{L-#.8W! .>dݰ埇6O(Lw1?_bNOO5éL⧚'4V/TQQ\<tjp gn6'8 Pz_\"c o\sJdi[v;F+2|BZ쟌cL;J5:HӴ9 "ttEg,OʉaN9K_Wjq%3V3AdL7`b?6z7Jn6Jd*|[(10р|,)굎(-Sjd;a;Ml>4BVB>ձHMӚ+|B K~üp3RRYAE/N7 mP&r\Y'-JCIҜ^}ԏ\ DUK/Z<p1 ˊHyX] BO&$m`1`1]sQWbCxOؽׯWvH1h|.Ffp6X bޫ,6UZtbjcپqWS[f+K[Lݿd0+[}~YZ'sւd^߂Q%WśpT\gȻN#62;u'PYs%Ð? GpkeoZ~[;jTő+ub?dQIIS)$h/Ş2aFpSË܇yF_R_@-JU?u& şן-y5g#xvr䱅ͭ={Ͻ䮘iq۞ so4=nIzx15](xpXa?ʒTWmc ~`abCKpPJ2 ~Sm|OB0z)5eYL>;:=>8 $W$*;g"7K֧&+~Ɍ aVuәi+C0yk2BhffB~HaQݹM&z!-/|>NikAG(8ԇ*XĜZ IML`t=@;V/۷U}BROHTٱpIσhS;g۶uZW-5}WC?ߝ1("YSڰp)V+~g/q;W C$k"UӟC5XjϒWP`SΣ5٥(c6JTG@~'_Y!4_.^͢缕oS*:^>'0DŽ7\ !Og{%h2 gtdZ'x~\ud y)!p5'#./#LcRrd;ЗTTfV-=\H=qF%fְ^N3} IS*- үzԛ?9w jGPqR rSL%x1Bn{huGU&ٝj& L*@/xNgæV@}u#Pu\}5>_c}7َBÛXZ}A3K<ݍI.'䀏 3;~S]}-@|_*DqKO|w`Ў [@#*dMG!Fj ؃TVe(H*T5T"+=*v7aeX #IM)MnKA+L=X6=g$?zJMBI}CS--ӝ\a1\LA3/PL||E+XqZ ss1^m$ ƃ3 zcT-}wZa!TBpOORֈP"|qE% ޗ")neB$&h/jOwzHUݧʁN4! m!G"IN$Z@$He۟ب0v\WR *BwʪDv۩ޡi'T=ZB8/8nl-^|uacփkeA~0XZre*IGƒ/ dTfE$F HaϭWΞ- k̶\tzfg~> C΢p'e^ }RW@ݿ(̚IMEx %#/{16Ghjd FI`Vº W(F8#kM&,dd"["h}Rh+Gژ zՍ5ⰝW "9f7ŗ1q\#Xp՟$BQnF8!Fxvw٣zՌjUC8+h͈ZS1Vۑ4I(~d hFU[;-hﮨa' I{%y2b×N4`%/룚 kE0zXSt½DnnDy(nho“_~KxiՍ&^4L ur9dWm>spN x/U /[&7?ʫqCDfhtVa!B乕h8CSHS6CQAPbgnȔ_K"^ߕ6C#>Pw ~hDg}eؼh ?ÊJ[ #o5+0@O |D= '-nN.ٹҒ :TѭǕ])Y-/gBB퇇 iP\fːMXqK9\N=,Vt6=mg#6)R(' bBL?"RXH|b(&2LJr , oѡ6mbղ_4˔I4ý|0i)4f2&. Cl[:+M}#$B|2~z]- 'jrىf,t*<@cUaC/ĔeNgEV U>g$S#%8i'E2`|עJ&$wCIF*-\[id…Bfz <2:2vFxF⥙ J("e'm>.HG+I3x߇V6j/| j4qZiacZkAPgw6'rDq*+.Sݾ<_tU{[Eb/=3Jx.!o oO݁ɉ$̇4mLzTrw6THfXLO' 8[AxʈN0񞻭m))pKekJ