apparmor-profiles-3.0.4-150500.11.9.1<>,W e%p9|L.7Lk* y$][ ,/(zE;5lyEZ VOVm$?F+rA)aHp8"։X(|@W;U3CH0G^.A8; ddkwA4y:Q}ݖ7|x[myZ51Nc0h9΅Q&stXc MC˺w "OiӬ\cLfuja^m)%8D}7aT]ay}dH"K>@?d ( j  #9X^hD 2     Ks LlPHUYZ]^0^P_(_?8_H9aH:jBFGHIXYZ[\]^bcc defluvz6@DJCapparmor-profiles3.0.4150500.11.9.1AppArmor profiles that are loaded into the apparmor kernel moduleBase profiles. AppArmor is a file and network mandatory access control mechanism. AppArmor confines processes to the resources allowed by the systems administrator and can constrain the scope of potential security vulnerabilities. This package is part of a suite of tools that used to be named SubDomain.e%h03-ch2cSUSE Linux Enterprise 15SUSE LLC GPL-2.0-only AND LGPL-2.1-or-laterhttps://www.suse.com/Productivity/Securityhttps://launchpad.net/apparmorlinuxnoarch%^V7:>69<9AA9=;BDCEFCKJCICBJPCIKID?D??>=<<<<ZGB@4;^ czU? 2 ""PT  Tc2xc~xG!ͩA2G!89MyFN!PiMK!F2!~b15%E "uvw A =< : 9 u S-41(vd Q OTe&( V--D^$ D'7. MA큤AAA큤A큤eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee68cbc7e271bed8160fb1dd96370f817f3ab61a65d405a542655a52223174de99643fa79788045b100be192345ef6c378ff97cfab0303593bf27e829bdc0e22b4a9459f44b42bed989146a7785a3e7a9a9beb5a4319d91007ff7938ebec6f6fdaab7f52de2a49c322ca22deaff676af8ebb909a0efd83b6d5e27579897a4c1c5d2f579e0bd229638c353f722be5d569088f55b297ee02cf32fae8226c1865aa04b845a39f39b6dd89fd194798b6e256f06cf57246796ecd525322851748748c1f064a9ff9902223b85a08a9030d4868215f93b1aed0262d81ae378c0887e7c2d733b4b1aeeb0e6f34197add8e90d04a7b51b3f800e146e1001b5a79ad37b9f2b52bdae8b831a46f381f541f563215ad6e1cc571daca13ba16aa597806e0225249796b6e6410e773021be2c82ad6fff7243e2e6f0d3c5c11adff61da073cb14d21dcc1af994578aa541041dc4f1a5a5e902f5bacddf783f1e08c0fb22fe622f8737823281bc7c0cc0f8c1181ba00768822bee344a885561e0fa17eb85ede3454ff81107f79fbb30188f8cef12435b9e584a686c26415c874b634f6fbbb5dac1a8c9713a9701599cf6cf610dc6fbaa85e6ccc7fdfa7261a25d3d213996aeae2757ba7d679d783bcaa5363764c16869f9ba995b36f0986db0b9d064025916e79ae86c1ab19fa9edb110815e8afb1c90319ca5b468739300300adc013a121ee29da1811a5461ef85490aae0379a3723288539c21a200072453e1230511b0fc1a518a593dab4a141a620b249b52bea5ac8eebd27408df7ca56e67a1b5716adbc1d90ba7706b520236a3653e795b5b1762ff2c633719ec920734063fbb64ddff9c9e57cb514c5e90ef1727523ef832079ec02c8817f3b852ac8953ea05fa6b2601f2e3b676067207d5f4d60777308fd7e88ddc912b9d1e9562077c6438a23d925a31a075a7fb8cbefda399fb3fd255417615c3fa1c026cfa7eed06fd7ba58c3b5cb0bc6478e6e27f75774172214494235ca00fc058966387c2824f9eaff8ea60ed7888be8ac96d5ed6d93eb94ca995979b604dd8813bc6b8d0a01d031fc4162766b75079cb034a0cb660a8448e7cbfaa59ceb8fd72a6a50167edcac82906a9f01e62d67347db7d402c98e4471548a029b8d424fc31cfc4083f0ed342b72eab2accc2c655c95272813199f06a2f7db93a231375902860e4306e561ee09896fcf381c76cd4af8b2f08bb90dc0f5ee2b1aee758841a2496c7c0055416cc85ea95377d139965eac9fc58403f411d821c6a95456bad8fe07226de1edb128f5a85fe7a7774a193e97afe6d695bee2568226c3b19d7e103a201cc9f29a52c6e2a2cdcb7ce6a6a2c640cce70ae04999ed60b0a976026a416e2856961882e06bc68abc16d4037cebf7e02d233b9c252fe3ac767418bc35c95495954e2b36360b6de78ad77b7087ea38bb71ce0001c53644edcdc9afa09bf30260e4f7138525b1b8f65346e4b08c563b54759c0de72e4d112d07d3c65d36bb7bcd4ea9e8dedc811ac6e210efaeaf8c60eed8037dd30e6f6369ef74ba934438af33bb871e90584b9414f96f40e2b256b44710f72406f551fd9d86871d8f1c1b5c233b8356803b1768faae8e283a1c13698e8fdda52b1010a543290090131c2bf4ea878c446001285f5e53b98b355fcf78948c03e657e5d7334a929a1f3446fe1e3bf8dbf56e3b9e9ecab57c19a61ad31c12c8281a0fc2ecf3d49ef6dd542dc59849b5516988e7cac473dcbcbc4628940aff93a667d8e2fc0450279e04715f9977ddf0e4e0c53328159da9746a43ae08c12d6436bcafa4ab95794a993d0d8ca24cf1d334d4c9fce0a84854e0474de26c7cfa3a1e67cff4bf1034b7503fb8df38e5ace76607c853cb8dfc4d9d129bb262946919381c08d32151ce4a403c73ad22dcd5f9bca21be455587383e756a0343384c88f267a8aed928ddac0a62daa61229a0ec7b8e3fd91c5abf6e20c7c2093172b061126a386642e3e87a53366807829b3fbcca0df3efc6a70b6fe61c398e31e7df09c62a842da2aca7ab3049602aa4bbab8e95d7fdf25fccc3850f632b1cd0e4dd334507ac60d2e082c748d020a3c74dcc8f3f59da612eb93f1a811525eb2a9d8b58ab063a16077d5287f1ab8991cf18cae17ec149579e45f958c0724a1fb4a488bf1224ba412138927a02ba056b1d92445bf519394709b24cc23a11ac20c9377fb9c3c91803c7d954db17bb0f07154f969ce625b6cdb595dd511dadc2a7f6b19e003a3251682c5d255921c1583713531f3c461bd85cbb88aa5a795e95d0193623884212ad299d00c7e82a75d1d9ac0914e6555cdfcdd80d3bc383bf01a81cfd5413834085b2aaa4382794d6dd538e49e87209ec579e9b10cb2d3ed21a4bbe4e41963b1523712fbc9b607642a0b95627cb6bb96189b81c2569e7f7d7915d548fee71e217ba04df1b5468ab8582e4dfec1ed71c07d69bc78c651238fd2a25a3c5835e3dca756e4e0a3923c729d257593a0f5a054eae0a0a041d5c31e67c03711b3a06ff21353aeae062497f5b9ff2b5887d3891667b083b8dfc55416e083d282a9ecd96a261485d1635cd7475181d451e01d1a52c5d970c37c22dc79c87562650ea1f374c59fe968ee9561b8fa970da3698bcfeda65b6a426f7cb57d2a1dac8807c2de4d10af44391b471b5f0aec003490939dabfdce9618ca2fc0edb5190dcceaab57d929d9a000ffaab9b4cb6f9bee94658e6884c80a7f4f1db9d9b8eba884488c3bcb1ad9370136b2d6cbf7c36ef73cffd9de0cf20070d6e1f31a1eb8b6a7897a697ab09833a53a94d987bfc7d83e3ba0a187438eb4c810500303bb7778bdeb42c827a3e3e8a1e9d51b962d4d5e9f6f5008380a04ef5912a7a628ef0dbdf2b01cc10638df83429953bfe2893b4fa1dea8ce6a69902a112f08b7d0a18e223db7e9f2f41a222d3e183bb7c58e67a31f6dcce458a50d6dbed40b6f0995cc5405d1063eb55809be4658805cbb7c7e07ee34bacd2260380fc65a50ad318136c93c2a61ba248876dfd4b4603519ffd885a75cbdfa02ce059bdc2213b81c3c8a9d68c528b655bca2213c55b08f1b21a23bc5eda2e69fc3ecc785854b3ebfc3f6c2c9ec6ab15e67fea51f71b659e36ac8fdff5efbc2caf95e029fd331788aaa99775392fd6f8339ab45b5cc7834d7ab8a293fbce89558ae63e47c00ddc35f662788419abac9f2bf3cdc90a18ba405408cdb6c772b370738344007e0b8ea930e2857ff4dcc6ff9c8656310d56cda70e6a4e2aee549fb00aaa05b64dd067a64b97e1d2570ef2cc19888e763cde95605dc1d95fdd147734462dbb47c8f553c7c76dcd5aff06173a915a070fb27fbf70e52e44d66e55a50082852325362495559ca5f9eb60cbaeb15d6366bfd086b9e066db6bcda0d6ee177d7ba69bb056a75083b860083bc9d2ad006d61aea11d1271576efa531f77a6351ee1ce8eef45c6de6920e1612234327a4ddbda97f099ac51fb660fdb1c5c39866cf3af30ce1c4b535cc63b965d404d1fd293fe1fecfc0e08ad851de43d98799c7a0235145c7f708f6493764b869282433394c92f94fc8df46263a990a019ca25e8c3fa34565f63fd4b53f70bc65cce855722d5c366eab8392b46879811a093c1de5d0389d967c19f356a0363a3d6979ffcf2dc13b36556449f73542c267f8ffcdc82bdedf792bcc69647b96f02396a3839e181ac7a62a287db4ae40b28cb466b1cb4e4a7ef1441ac1f47f855f7b1a8c6c9c45572c7eae2cc2f379ddce887cbdabba8a506ac3db9708af24255285ae855101dd7056c52d0747bb53c582d487cb2ef1cdd3e84d57d8646a2190b296ec88d0841b6cd505076f75a88d7aa9f187921111cff5c1be0811253704f44116db2cf8c43314f1278de47340c255a3cce61043cd01ef2350a4db436995d67b3109665bb6b192534d0155e9a831b2a1e3d7e85b04120c5e7a933332e89de7eb274a9d9977ddc448e1e12115cdce749863c39a5d423ba0225e79011148309beea073ef177dd293d5789aed24f6022723253412be87eb28dfc5db7f039a3da535a665ad2f08cb3629ee3f0d3e7e17a12a6eb323ee0e123033925bd5d57a345e0fdc9839bc9f274c913fbb747e73bca912e1083e66c89097dc514389cd1041cd7d388f01f9487038f6bb201a96339aff9b4298571bd09dd59654d5d51f845e165e94a1e30c6cac739c1d4a82582df7fe8d7dcd394aa1067e173c903bc6e246aea40222c66875ff6ad86c1ab918bc97fc726565fcbe5b17e7579f50d60a7f4a66bcdac0cfe1d3abfa6c4d54e848199ef87a94082b5b16ee65914278ab9462bd563afb3c6ec29fe925a5ef920fc12f589d943f2f8877451e30bbcaf9d49a12857a2ed9990f1ce74777bacccddc7170c07a4c3ae978db6df4c32add026e776f4f6abf62c196852fc6828a51e9b260062862fd5ab27eb5f83226185571d3ad9133993460408fcc996330a4ed854d4deb8ab3ec093b527a557f7496417dcc37dd396abe90edcc1c5d27e2f55a79e35b0af1ec1bd402f92a06b099e5bb2845f193745824d0f4e4f13d266a07fef63f2c49bfbeae3f827e22a577e7debeaaac1fbb120303118eb82cfc10a856aa8e1dbcc904435d36c625e337e674698810849663be09f5d9b8b31057d32d1be301ee6042f81842bb644c8754821b581f374277e5924a5dd147877f000ca9e58610f92d56de8f44638d86a7233d43da76480bce34a09919dafa7c45df0ec1e331a4aaeb597030362462764495c34049bddd0170f57a853d484475520a4cf9b221c264bd4395e29696e22764bf5d8a093460b3cf110cc3d5a20ba5855ae0be8d3842677ec4d3a179f9cec985b6475ded3019efbfa000e884d64a126bf03fa5e75fbbb2b01fcc232b620d9947952d35d7297a17b782fa018d625fe611aba7d3b19dd99c85e94ca0d9d76f598a42ca36825028b18100362d254e5e923755fab9033197509067d6811abdf79a7934d478940f6a2de66cf9025ed6121eb445183c90d45f5314ccca4b27888b00357479bc221c2d4c96427716f55ee28bf68a81d30954d844c4b4669bf1f18d3a4ddd35d29a5bcbc510a12f12410ef07cb4493e2c2eaa50a2e7dbdf5d7c6c6a7f3aa29c463fbb73a5aca2b7d880ce1f8ea43a7235e24b1e905682fa20eb2a31eb78da7f37a1a10d8ed362518609f30ba1c2228211a512a0ccd9936b7b1f91b40db29024c38074a2c6b6005a7418fab442130eeb0d0c6d6ebacbca4e2737144edbc5fcb649f412c6ed73f6bcd378a1f9aac80eed352a011d5710e8c4850785f8c0c88c22d88704e9b6a01548de76593c7a751d5b1300010d4a0d9a8618bd950aead9e36cd7fb1f84542f72b8aff23dcf7c69714105b175f945eadde6df13669a499627fa111bf9cabd561e5ffbba09082c084540cfdbb16131a5dce45baedc37776ee79f75180b3c6e362edd5e19a91aaa8aebf532ec0db75f89c4cdea86c602ef0a975b874eccd2c665e8a420642ece25f5b509c3fcd4dbb8e438a86fb296aabbb6a48d7c5f2c9c21ec72e5605e4ab046dee4877fe28491141443226524a595c3a048b92e2ec68151b2dfaad9dec61ca91d2b98e3a48d79bcabf2fb5d3d69988b1c3fce8d3698efc53148a50cc4dc9e39cd620bc28159c91873296ea85b26b81483593c82e42f1641ccf180e550828b05652b091088f39dd46c777852bb26e68e5a852959e4a584fb759c80bdd9d4193395392439e09b0aa791d6d0dd1f690652723f102cf6126e50b54035feb2f07be65c3e4ccfc213388b19cf2cc147cd7d04a25ba57f0109f1cb514c98eb1efde6a7bc14ad407bb8e61b3b8dcab6c8266c2745d88099ef610c8c050f58820fc27b7fbead77b58a61231377c359bfb9a0234d9155e2ac8c299447d74538c1fd69c3575156032c08e03b385e7a4794708918d0c59147b5e892abb097b775bae94875109a4f538574e39501e927213ede6c4a4b4fdaad3e8bafcf352ed9248a539d25a92c4f166204b8e59b81e91d899393735769e00798972d482e3c61c57fb2150130ee405a83aeaf1a314f090e3acbe8b3f3810c46f747fd7d8b8a1c5f3824eeca36015c93e3c531b56bb706aa270d2e97c1550450807f1d64daf05d95ff9bc4fdfd09189eaaf2339e2d0507ea708a672ecf1901182dbfc07c4d181af59ba4a9d5786ad4fdf0d2f028fcda136fe2805e8cc2a35ae90879c390350e5ef92428951567f76b435b14d1ef4fd4cdf62211c7120f18d2e7dc152e82d51f406c0da04fe5017b356227ddc57ddcb489e75e6437c6e2d2972c0a8545af437734124c833f725357bfd06753938640128ac94722441e47c8d9d00a8bb5acc524d9f20931cd07e81427a749da6ccf1c0102c7b07cd9053cdbc4ed918142102e2052822a9dd859b1453389037ddf6b702d0f593653c6c6655401946f6c19187dc788631eb798e4d731db1a8e9cc6bc9edd0b4ffe2f094d68a942d726b5a51154916e9e8482ac663a24ba232422a3323ccb1ce8d5a9c0f79de098adab426e0d454e425df7a53f20fa5121f44f9e60ba626c5e98bca63044293642ee161bd7b9a28cf3cf0e7f9982502afe1c68d03b33a194068321ef9f323f608fba940e3fa4c15d79af98830dbe04343ca18c034fba3d85644124376641fee90a9775520c576672633ed33d8b703731838f2828fee8235f28ef3a9f0133da5ac08180ea809039783b9872acae721714f7967aa945af2a07506e809ac79ddcb9b4452679caf83d16d2300fcc4fff5fdec110d5519bd17a208bee2e609bab58179a4c57e3f8b2e749bd575326cf0cc1f66e03b608d5d0622f7cb52cc5bb276589b8235c1bb88a706331033d5b200034660cf2af394d0eb0ac622b0b9ec9ec4b9df7d9a5a4848b96abcb0a205c251d07e2483d7fcff57e5c67b9086de4543df77f051cea4139462e8cd1e63b5d70e524bd0d0b9ff835b870609cec1e645eb1ff591247ff90e6cf0e70d77d3854984ff24d79922aab5935f32c81cf52e86c5d55edf66fb3fa95706e194021b1a4ee38b13ec5f223ff721bd61e997a632e761e6ff93a5fcba09e8fdb265f0dbbea45d818abce32bbda679ab195885e572368fc4fc3b85b7da93b627544742cdcec04f488635a30f843b257ace18489ed7b94dd5a3f77ea5aaf15248a2571b76aa25752b8dd59d6caabebe497aa18e127c4591616f05fc768174fbb457b0f37eb46d4a89d7ae44b1c9c7875c7a05f60c590213aea716281454bb631a442ea29e49fd655d6f00a05b5f34b7d92db40ed2d7500ae186b2943a13c0763c48631489e3211ab251fe362e339b667c34d00dc0909e9c643ebd8306271c873dd1a7118d1afa4baefed687bcc6233c3ed3d77911e2f19f02d242e1fffb9ebb522d0b7eebb029be4c210a682e42fc7daa329031ae2b01bef0c5efbb0ed8bf5c3b8848c8c94f57a76d27a637645e52de54d6af74cb69d0b224e12943337d9d6d210cf05e0781dc4ad75926f9f9627130fa6b850e0cedfe84cbe6d9fc4ce854a33239d9fd096d2f3f4486e436e158e3a39f6f95765181c6e29bb1864cbbe65e2f8dfc1d0f1e25dfa7bf3e4718d5ccab67cb1058b124911281fcd8d60db13a5814e844f3a7d40310967bc3e6eddb4e4324e08f7e22e289f355490ce76afddaefcb7d5c02bd1778a4275e8710be2f77e88b9828fc22f7b4414fa13c54d076b89a16e780fcd9ceb1d19b9af83399eb901adee39f7736caea835f024ad54db5d71fa5de6e51a264c58da9c199db653909a9d0ccebed84d58761882360c97f4a678befda3eac4efa5a711050d0cf59a5b4dbdec7493a4afd6456802451e4d0860c23469f008b5641c39f4720cde46b03f850f9fd67f599804bff1eb97b2710c1cd056d6df52c56c36f7612813d3f4c4cc7a2bb10fee1560bd907d2f37c4a98306e1b71cf315ae307990d00e344dc347a7b4e42bc8149287d02cfabc79ff6bf157250e28ac534b354eb6554f91c4d37031694af10a014ba3f34e5b0d5caf8f2ffc60ad6920d173ab0341b8983bcb9c6fe8ae8a6d5745b82a85bf1f61b1a871094ce7b33d1c12d60577760cc466f9ffca74808f83a1f91c26bd66f954cfef892ad1e37885259c9079df76ca2b08f200f55c6ae3b92914383d664a6f4e1d78918c465c64f109162faa7996451695c0ca9a423e0df23d97a5c5762dd520fdc0ffd191e45917b525ab7b2926cfae3ade29a6f962c6d4308781efc8fa22dd8ec5855e208f0def367fae704a2a8461f9a3cce49b16d11d718e4125bef822021e097a61d37e689c439aadc01dd5b914670729e5c4ed038281897d331493bacfed20106244d43a4189bce46d2edfbf1dbb9658da3e6e56aabcc236e24d7832f7bcc312a0e95fd6aa1738082644461dd5b5e1c60b837ce9b61200246b58027580fdb4ee6285417b476ea37664c24d771dcac21adfc0ed46f07e99f4b8ef93816d001f8c0cba54828f5fce8a44944174785cf479c00e9386959d75b6b00afa15940181eccdafff1ae7912af444a5355c32594ee8010b7711521927616f50e3016174ae9ac87a9f8a5692e3dde6cd2c7a0690a15e3807e84f7503bbb9f4899c8bd1a5c05045a3b8f214a37b5599e24f68e8c8b932072ed642907f859d875cd7110e1268798814cd49ac516213307c2a7d0367c8999d4af694c022031e88f69c407381f33a82f3d45e5f80ab02cc8dfb52bd5624d8e244af6f0393a2adf498297b45ec92d2ebe838412c72b7374c898cb36115d36ba7fa086c8483f7ac2550828182ef419ffec762b0fbeae80643a9f21305e5cd1fe7654debcbc708867acd573d989b49d2252eb9aba31263ad151124f6bf387f6350181e937c1172554df4ddbeb9aa62eb5dd2556d68649897c845cbc49888726df402916e0100e4f0880d5764872bfcd2e652e21536536868154f9bba57682e3a2bab520088f1e00e0a4a37777c690605470139f633e49b0f91ebaf76c436f27ebf97926ba40f68cb1c23372fc89d94823fbb9f8096c26a23db904b90105e156efad02da27e663f8f8f49794712a28aae8ef497f0830ffb9ea20913cefe3188b444737169462fd3b35373c02ff6b9bd32377d3be047bec6f3303c3cc47f1367cc42d2cbef442dcba9567e5744062ec41b49c1d32fb8c074fe843d7408bb6b925e9e6bcb94158c02512a277163f9e399e25277566bc4fd32abeea982cfcfadbf84352489f2b0dbff6f85d5955d3a39d3373f2793620cc6f358983cc39a740734e1d2c902d799e1f577396de6ce82b1d1a02e429ed99e285b2465601d1645b3d22524180d721ddd4c6cc65a0a097f26f1c48d9ac3f50230d49e5b555975104025843e0ea50ff686c84b5fcac65d2355765c2106585783e412c1b41a24574f3bd998914e0c97e9e9b81f798877475dc60764b02d28f550b74d153af0ff6476f85f162637f9faf2d4ae8502718eacb35af135112be40445c59f26d467c49149f45b888165f961a4357701ca01e28117d38f6a21fd7cda810db083b0bfa87e6bec0b8d199ab5ea7b971bc632527faeeb57f65aeba639d2b5f0ae1c749aff9be1084f331161912926b4a7caaa6f87eb3ba00e18f0fe313a95c214136504fd950d508dc0128eb6cc89d124c3feb604cd484fe65d5f8e62ba8488f898166a54414896bd2b6320c1e393cf8c87e0327fec1b7304ece13f2f210f0591f8bb49015d818d52c571e2c0feae951c5a4e44ef057d949978b088dbb6fb870a08822748c87ba42ee1d64091c7181cc859f50970f18d1e54e4d3c43c6214f556e3bb0d3930ba28f71e1cf9304aa4852b95bfa5e103bc62b1c159f4b865df29fed0e22197bca2443760671867b0ed364bad400e6e48d94ae27ebaca6bdea3cc86f7b171167438eeba5e8d00069d791f867d04c8e512eea4039a322e723e629a802f79ffceda38ccf7747bdb6db299334807bea57a8e593f5de1ba5fb577f65a9c78b1ceaae9cc4445ebfabfdca8121052f3c450495d047d8c9d81fb9c9bd01ad71fa2b9a224e386696a1d288d8703a6282f5e444944bc5b2808b49923b1e698b44d2676caecae9eb0ad62b0842711bc8eabc408c92d396b4c74865f528c4e16479a58e3f48e946373ae0d385b05ad469af5fbb305ac742f1f6bb543d330b6c9c7ac2308693f5bd8a5968c8b82705fe65d3c157b47986921e9d3f647a20d89829cc768c3e67142d5cb88e9e14f5cceb655d660e54c6c46e5d07f1cf8486209c2506ddb80b639d186effd8e991a71da7a0f24df5a424d03ce47b45e9930b36fef8da149d857c63fba2cb9b5163f7cde77b8cd4d5e65d48dddbb3c85c4070507892b22c2b3072b9453513eb9893835892e9d12f22f1dbb1582df19dd42e565faa4cea0880d4e94cedd65a536ba551cce5e2288f0f24b9713aaf795896a6cf45af82da40d3228b94c297b2399ab9c2575cde3b9870e49f86efc034853434f326c6babcb5eb59eafc8c35989a8b9a03c6a7e520c5af6fb60afb0c6ae1d44d61379d4c15614433f4ebd0b5fedfc728f516d8c86471cb42c04e534830136b56f1019c617a5d748b0f43713108f683c1cb478f03666e08ad61be002032cee2685d35c8f0b9355181621e62424ee21a5fb6203e48b9e80a014d1177c0db10c7b99441cbcc1e75b608efb0ef47902948b766727ebbc6b94cb3c837d92c845172c5996da78af9739efb6bb685c466cdf722344ce50cde43d4d1e11a9a2f09ec2e87003eacc956af9cf9a3c120980142c58ae23bea3f078c167ab0539f527fc1e95ba45c684d5ec448347f47633fd5e15ab9035ad3a2b1339095131cc95e27d10dde9893fb2caa7becc1756bb081e1704c5913f13363dda2163fd2063adb345ecce1fe754718fcf32d7c48906165725fd99964a825105008f76800b484b1227c8c4a839a5b2849fd7301crootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootapparmor-3.0.4-150500.11.9.1.src.rpmapparmor-profilesconfig(apparmor-profiles)subdomain-profiles     /bin/shapparmor-abstractionsapparmor-parser(CAP_SYSLOG)config(apparmor-profiles)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.43.0.4-150500.11.9.13.0.4-14.6.0-14.0-15.2-14.14.3ev@d@d@c@cbk@bi0@bZbV@bT@bRbBb<]@b@a7aZ@ap@aabaim@aEaaua $@`#@` @````_@`%@`!'`>` @__ǁ_ǁ_Q_h__@_~@_[f_P_-B@_@^m@^@^<@^j$@^,-]҇]o](]K@]]@\\@\ \\v{\I\ include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527)- prepare usrmerge (boo#1029961) * use %_pamdir- update to AppArmor 3.0.1 - minor additions to profiles and abstractions - some bugfixes in libapparmor, apparmor_parser and the aa-* utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1 for the detailed upstream changelog - removed upstream(ed) patches: - changes-since-3.0.0.diff - extra-profiles-fix-Pux.diff - utils-fix-hotkey-conflict.diff- Use apache provided variables for the module_directry: + Use %apache_libexecdir + Add apache-rpm-macros BuildRequires- add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in de, id and sv translations (and fix the test) (MR 675) - add extra-profiles-fix-Pux.diff to fix an inactive profile - prevents a crash in aa-logprof and aa-genprof when creating a new profile (MR 676)- update to AppArmor 3.0.0 - introduce feature abi declaration in profiles to enable use of new rule types (for openSUSE: dbus and unix rules) - support xattr attachment conditionals - experimental support for kill and unconfined profile modes - rewritten aa-status (in C), including support for new profile modes - rewritten aa-notify (in python), finally dropping the perl requirement at runtime - new tool aa-features-abi for extracting feature abis from the kernel - update profiles to have profile names and to use 3.0 feature abi - introduce @{etc_ro} and @{etc_rw} profile variables - new profile for php-fpm - several updates to profiles and abstractions (including boo#1166007) - fully support 'include if exists' in the aa-* tools - rewrite handling of alias, include, link and variable rules in the aa-* tools - rewrite and simplify log handling in the aa-logprof and aa-genprof - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0 for the detailed upstream changelog - patches: - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0 release up to 3e18c0785abc03ee42a022a67a27a085516a7921 - drop upstreamed usr-etc-abstractions-base-nameservice.diff - drop 2.13-only libapparmor-so-number.diff - refresh apparmor-enable-profile-cache.diff - partially upstreamed - update apparmor-samba-include-permissions-for-shares.diff and apparmor-lessopen-profile.patch - switch to "include if exists" - apparmor-lessopen-profile.patch: add abi rule to lessopen profile - refresh apparmor-lessopen-nfs-workaround.diff - move away very loose apache profile that doesn't even match the apache2 binary path in openSUSE to avoid confusion (boo#872984) - move rewritten aa-status from utils to parser subpackage - add aa-features-abi to parser subpackage - replace perl and libnotify-tools requires with requiring python3-notify2 and python3-psutil (needed by the rewritten aa-notify) - drop ancient cleanup for /etc/init.d/subdomain from parser %pre - drop (never enabled) conditionals to build with python2 and to build the python-apparmor subpackage (upstream dropped python2 support) - drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed - set PYFLAKES path for utils check - add precompiled_cache build conditional to allow faster local builds without using kvm - remove duplicated BuildRequires: swig- update to AppArmor 2.13.5 - add missing permissions to several profiles and abstractions - bugfixes in parser and tools - fix two potential build failures in libapparmor - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog - remove upstream(ed) patches - changes-since-2.13.4.diff - abstractions-X-xauth-mr582.diff - sevdb-caps-mr589.diff - libvirt-leaseshelper.patch - cap_checkpoint_restore.diff - add libapparmor-so-number.diff to fix libapparmor so version (!658)- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, cap_checkpoint_restore.diff)- %service_del_postun_without_restart only works for Tumbleweed, keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x- Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete.- libvirt-leaseshelper.patch: add /usr/libexec as a path to the libvirt leaseshelper script (jsc#SLE-14253)- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON to severity.db (lp#1890547)- add abstractions-X-xauth-mr582.diff to allow reading the xauth file from its new sddm location (boo#1174290, boo#1174293)- add changes-since-2.13.4.diff with upstream changes and fixes since 2.13.4 up to 5f61bd4c: - add several abstractions related to xdg-open: dbus-network-manager-strict, exo-open, gio-open, gvfs-open, kde-open5, xdg-open - introduce @{run} variable - update dnsmasq and winbindd profile - update mdns, mesa and nameservice abstraction - some bugfixes in the aa-* tools, including a remote bugfix in the YaST AppArmor module (boo#1171315) - drop upstream(ed) patches (now part of changes-since-2.13.4.diff): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-fix-utils-network-test.diff - make-4.3-network.diff - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch - apply usr-etc-abstractions-base-nameservice.diff only for Tumbleweed, but not for Leap 15.x where it's not needed - refresh usr-etc-abstractions-base-nameservice.diff- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch (bsc#1168306)- fix build with make 4.3 by backporting some commits from upstream master (boo#1167953): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-network.diff - make-4.3-fix-utils-network-test.diff- update to AppArmor 2.13.4 - several abstraction updates (including boo#1153162) - disallow writing to fontconfig cache in abstractions/fonts - some bugfixes in the aa-* tools - fix log parsing for logs with an embedded newline - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog - drop upstreamed patches: - abstractions-ssl-certbot-paths.diff - apparmor-krb5-conf-d.diff - libapparmor-python3.8.diff - usr-etc-abstractions-authentification.diff - refresh usr-etc-abstractions-base-nameservice.diff- add usr-etc-abstractions-base-nameservice.diff to adjust abstractions/base and nameservice for /usr/etc/ (boo#1161756)- Properly pull in full python3 interpreter- add libapparmor-python3.8.diff to fix building the libapparmor python bindings (deb#943657)- add usr-etc-abstractions-authentification.diff to allow reading /usr/etc/pam.d/* and some other authentification-related files (boo#1153162)- add abstractions-ssl-certbot-paths.diff - add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys- add apparmor-krb5-conf-d.diff for kerberos client- update to 2.13.3 - profile updates for dnsmasq, dovecot, identd, syslog-ng - new "lsb_release" profile (only used when using "Px -> lsb_release") - fix buggy syntax in tunables/share - several abstraction updates - parser: fix "Px -> foo-bar" (the "-" was rejected before) - several bugfixes in aa-genprof and aa-logprof - some fixes in cache handling - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3 for the detailed upstream changelog - drop upstream(ed) patches: - apparmor-nameservice-resolv-conf-link.patch - profile_filename_cornercase.diff - dnsmasq-libvirtd.diff - dnsmasq-revert-alternation.diff - usrmerge-fixes.diff - libapparmor-swig-4.diff - re-number remaining patches- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig 4.0 (boo#1135751)- Disable LTO (boo#1133091).- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877)- add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile to match the newly added libvirtd profile name (boo#1118952#c3)- Use %license instead of %doc [bsc#1082318]- add apparmor-lessopen-nfs-workaround.diff: allow network access in lessopen.sh for reading files on NFS (workaround for boo#1119937 / lp#1784499)- add profile_filename_cornercase.diff: drop check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (boo#1120472)- netconfig: write resolv.conf to /run with link to /etc (fate#325872, boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]- update to AppArmor 2.13.2 - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (boo#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 for the detailed upstream changelog - remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch- update to 2.13.1 - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - ignore "abi" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including boo#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 for the detailed upstream changelog - remove upstream(ed) patches: - aa-teardown-path.diff - fix-apparmor-systemd-perms.diff - logprof-skip-cache-d.diff - fix-samba-profiles.patch - make-pyflakes-happy.diff - dnsmasq-Add-permission-to-open-log-files.patch - refresh apparmor-samba-include-permissions-for-shares.diff - add fix-syntax-error-in-rc.apparmor.functions.patch- update rpmlintrc: - whitelist .features file which is part of the pre-compiled cache - comment out filters for the disabled tomcat_apparmor subpackage- Backport dnsmasq fix: 025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch (boo#1111342)- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099)- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing (logprof-skip-cache-d.diff)- add fix-apparmor-systemd-perms.diff - fix permissions of /lib/apparmor/apparmor.systemd (boo#1090545)- create and package precompiled cache (/usr/share/apparmor/cache, read-only) (boo#1069906, boo#1074429) - change (writeable) cache directory to /var/cache/apparmor/ - with the new btrfs layout, the only reason for using /var/lib/apparmor/cache/ (which was "it's part of the / subvolume") is gone, and /var/cache makes more sense for the cache - adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both cache locations - clear cache also in %post of abstractions package- update to AppArmor 2.13 - add support for multiple cache directories and cache overlays (boo#1069906, boo#1074429) - add support for conditional includes in policy - remove group restrictions from aa-notify (boo#1058787) - aa-complain etc.: set flags for profiles represented by a glob - aa-status: split profile from exec name - several profile and abstraction updates - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13 for the detailed upstream changelog - drop upstreamed patches and files: - aa-teardown - apparmor.service - apparmor.systemd - 32-bit-no-uid.diff - disable-cache-on-ro-fs.diff - dovecot-stats.diff - parser-write-cache-warn-only.diff - set-flags-for-profiles-represented-by-glob.patch - fix-regression-in-set-flags.patch - drop spec code that handled installing aa-teardown, apparmor.service and apparmor.systemd (now part of upstream Makefile) - simplify "make -C profiles parser-check" call (upstream Makefile bug that required to call "cd" was fixed) - add aa-teardown-path.diff - install aa-teardown in /usr/sbin/ - move 'exec' symlink to parser package (belongs to aa-exec)- Set flags for profiles represented by glob (bsc#1086154) set-flags-for-profiles-represented-by-glob.patch fix-regression-in-set-flags.patch- add dovecot-stats.diff: - add dovecot/stats profile and allow dovecot to run it (boo#1088161) - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753) - update 32-bit-no-uid.diff with upstream fix- Change of path of rpm in lessopen.sh (boo#1082956)- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don't bail out (bsc#1069906, bsc#1074429)- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429) - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests" to avoid pulling in several Gnome packages on servers (boo#1067477)- update to AppArmor 2.12 - add support for 'owner' rules in aa-logprof and aa-genprof - add support for includes with absolute path in aa-logprof etc. (lp#1733700) - update aa-decode to also decode PROCTITLE (lp#1736841) - several profile and abstraction updates, including boo#1069470 - preserve errno across aa_*_unref() functions - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12 for the detailed upstream changelog - drop upstreamed patches: - read_inactive_profile-exactly-once.patch - utils-fix-sorted-save_profiles-regression.diff - lessopen profile: change all 'rix' rules to 'mrix' - add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems - no longer package static libapparmor.a- update to AppArmor 2.11.95 aka 2.12 beta1 - add JSON interface to aa-logprof and aa-genprof (used by YaST) - drop old YaST interface code - update audio, base and nameservice abstractions - allow @{pid} to match 7-digit pids - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95 for the detailed upstream changelog - drop upstreamed patches - apparmor-yast-cleanup.patch - apparmor-json-support.patch - nameservice-libtirpc.diff - drop obsolete perl modules (YaST no longer needs them) - drop patches that were only needed by the obsolete perl modules: - apparmor-utils-string-split - apparmor-abstractions-no-multiline.diff - drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in apparmor_parser - refresh utils-fix-sorted-save_profiles-regression.diff - add aa-teardown (new script to unload all profiles) - make ExecStop in apparmor.service a no-op (workaround for a systemd restriction, see boo#996520 and boo#853019 for details) - lessopen profile: allow capability dac_read_search and dac_override, allow groff to execute several helpers (boo#1065388)- read_inactive_profile-exactly-once.patch (bsc#1069346) Perform reading of inactive profiles exactly once.- update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of 'unix' rules (will be supported in kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog - remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff - refresh apparmor-yast-cleanup.patch - add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the "changed profiles" list in aa-logprof- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)- profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195)- add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26- do not require exact X.Y version of "python3" - require also matching python(abi) which is arguably more important- don't rely on implementation details for reload in %post- add JSON support. Required for FATE#323380. (apparmor-yast-cleanup.patch, apparmor-json-support.patch)- add upstream-changes-r3629..3648.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - update nvidia abstraction for newer nvidia drivers - don't enforce ordering of dbus rule attributes in utils (lp#1628286) - add --parser, --base and --Include option to aa-easyprof to allow non-standard paths (useful for tests) (lp#1521031) - move initialization code in apparmor.aa to init_aa(). This allows to run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser don't exist. - several improvements in the utils tests - drop upstreamed python3-drop-re-locale.patch - no longer delete/skip some of the utils tests (to allow this, add parser-tests-dbus-duplicated-conditionals.diff) - add var.mount dependeny to apparmor.service (boo#1016259#c34)- Cleanup spec file: - don't use insserv if we afterwards call systemd, this can have bad side effects - remove dead code - remove now obsolete 'distro' checks - Replace init.d script with new wrapper working with systemd- add python3-drop-re-locale.patch: remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766)- Fix RPM groups- add upstream-changes-r3616..3628.diff: - update abstractions/base, abstractions/apache2-common and dovecot profiles - merge ask_the_questions() of aa-logprof and aa-mergeprof - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor - adjust deleting the cache in profiles %post to the new cache location - silence errors when deleting the cache (boo#976914)- split libapparmor into separate spec to get rid of build loop involving mariadb, systemd, apparmor, libapr and mariadb again (see the discussion in SR 448871 for details) - libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but with minimum BuildRequires- update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog - patches: - add sshd-profile-drop-local-include-r3615.diff to fix 'make check' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff - spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren't used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed'ing python3 into aa-* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof "add hat" endless loop (lp#1538306) - honor 'chown' file events in logparser.py - ignore log file events with a request mask of 'send' or 'receive' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2) - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff) - refresh apparmor-abstractions-no-multiline.diff - drop upstreamed profiles-ping-inet6-r3449.diff - add %check section - runs libapparmor (including swig bindings), parser and profiles tests - add BuildRequires: perl(Locale::gettext) - needed for parser tests- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff - replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition) - add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)- only install apparmor.service for openSUSE > 13.2- Add a native systemd unit which *at the moment* only wraps/masks the early boot script.- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage - drop upstreamed dnsmasq-profile-fixes.patch - update expired GPG key- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes - refresh dnsmasq-profile-fixes.patch- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- fix bashism in post script- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don't warn about rules not supported by the kernel - fix logging of "audit capability" (lp#1378091) - add support for the "hat" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 - update apparmor-abstractions-no-multiline.diff - remove upstreamed apparmor-profiles-ntpd-pid-location.diffsubdomain-profilesh03-ch2c 1696247589  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~3.0.4-150500.11.9.13.0.4-150500.11.9.13.0.42.9apache2.dphpsysinfobin.pingREADMEbin.pinglsb_releasenvidia_modprobephp-fpmsamba-bgqdsamba-dcerpcdsamba-rpcdsamba-rpcd-classicsamba-rpcd-spoolsssbin.klogdsbin.syslog-ngsbin.syslogdusr.bin.lessopen.shusr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.script-loginusr.lib.dovecot.ssl-paramsusr.lib.dovecot.statsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbd-sharesusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddzgreplsb_releasenvidia_modprobephp-fpmsamba-bgqdsamba-dcerpcdsamba-rpcdsamba-rpcd-classicsamba-rpcd-spoolsssbin.klogdsbin.syslog-ngsbin.syslogdusr.bin.lessopen.shusr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.script-loginusr.lib.dovecot.ssl-paramsusr.lib.dovecot.statsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddzgrepapparmorcached29c4283.0.featuresbin.pinglsb_releasenvidia_modprobephp-fpmsamba-bgqdsamba-dcerpcdsamba-rpcdsamba-rpcd-classicsamba-rpcd-spoolsssbin.klogdsbin.syslog-ngsbin.syslogdusr.bin.lessopen.shusr.lib.dovecot.anvilusr.lib.dovecot.authusr.lib.dovecot.configusr.lib.dovecot.deliverusr.lib.dovecot.dictusr.lib.dovecot.dovecot-authusr.lib.dovecot.dovecot-ldausr.lib.dovecot.imapusr.lib.dovecot.imap-loginusr.lib.dovecot.lmtpusr.lib.dovecot.logusr.lib.dovecot.managesieveusr.lib.dovecot.managesieve-loginusr.lib.dovecot.pop3usr.lib.dovecot.pop3-loginusr.lib.dovecot.script-loginusr.lib.dovecot.ssl-paramsusr.lib.dovecot.statsusr.sbin.apache2usr.sbin.avahi-daemonusr.sbin.dnsmasqusr.sbin.dovecotusr.sbin.identdusr.sbin.mdnsdusr.sbin.nmbdusr.sbin.nscdusr.sbin.ntpdusr.sbin.smbdusr.sbin.smbldap-useraddusr.sbin.tracerouteusr.sbin.winbinddzgrepextra-profilesREADMEbin.netstatetc.cron.daily.logrotateetc.cron.daily.slocate.cronetc.cron.daily.tmpwatchpostfix-anvilpostfix-bouncepostfix-cleanuppostfix-discardpostfix-dnsblogpostfix-errorpostfix-flushpostfix-lmtppostfix-localpostfix-masterpostfix-nqmgrpostfix-oqmgrpostfix-pickuppostfix-pipepostfix-postscreenpostfix-proxymappostfix-qmgrpostfix-qmqpdpostfix-scachepostfix-showqpostfix-smtppostfix-smtpdpostfix-spawnpostfix-tlsmgrpostfix-trivial-rewritepostfix-verifypostfix-virtualsbin.dhclientsbin.dhclient-scriptsbin.dhcpcdsbin.portmapsbin.resmgrdsbin.rpc.lockdsbin.rpc.statdusr.NX.bin.nxclientusr.bin.acroreadusr.bin.aproposusr.bin.chromium-browserusr.bin.dumpcapusr.bin.evolution-2.10usr.bin.famusr.bin.freshclamusr.bin.gaimusr.bin.manusr.bin.mlmmj-bounceusr.bin.mlmmj-maintdusr.bin.mlmmj-make-ml.shusr.bin.mlmmj-processusr.bin.mlmmj-receiveusr.bin.mlmmj-recieveusr.bin.mlmmj-sendusr.bin.mlmmj-subusr.bin.mlmmj-unsubusr.bin.operausr.bin.passwdusr.bin.procmailusr.bin.skypeusr.bin.spamcusr.bin.svnserveusr.bin.wiresharkusr.bin.xfsusr.lib.GConf.2.gconfd-2usr.lib.RealPlayer10.realplayusr.lib.apache2.mpm-prefork.apache2usr.lib.bonobo.bonobo-activation-serverusr.lib.evolution-data-server.evolution-data-server-1.10usr.lib.firefox.firefoxusr.lib.firefox.firefox.shusr.lib.firefox.mozilla-xremote-clientusr.lib.man-db.manusr.lib64.GConf.2.gconfd-2usr.sbin.cupsdusr.sbin.dhcpdusr.sbin.httpd2-preforkusr.sbin.imapdusr.sbin.in.fingerdusr.sbin.in.ftpdusr.sbin.in.ntalkdusr.sbin.ipop2dusr.sbin.ipop3dusr.sbin.lighttpdusr.sbin.mysqldusr.sbin.oidentdusr.sbin.popperusr.sbin.postaliasusr.sbin.postdropusr.sbin.postmapusr.sbin.postqueueusr.sbin.sendmailusr.sbin.sendmail.postfixusr.sbin.sendmail.sendmailusr.sbin.spamdusr.sbin.squidusr.sbin.sshdusr.sbin.useraddusr.sbin.userdelusr.sbin.vsftpdusr.sbin.xinetd/etc/apparmor.d//etc/apparmor.d/apache2.d//etc/apparmor.d/local//usr/share//usr/share/apparmor//usr/share/apparmor/cache//usr/share/apparmor/cache/d29c4283.0//usr/share/apparmor/extra-profiles/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:30900/SUSE_SLE-15-SP5_Update/bf7fc34cc3d034d75e6790157f5ae668-apparmor.SUSE_SLE-15-SP5_Updatedrpmxz5x86_64-suse-linuxdirectoryASCII textC source, ASCII textASCII text, with very long linesUTF-8 Unicode text!TN^CLA;# workaround for bnc#904620#c8 / lp#1392042 # old cache location up to 2.12 rm -f /var/lib/apparmor/cache/* 2>/dev/null # cache location starting with 2.13 rm -f /var/cache/apparmor/* 2>/dev/null #restart_on_update apparmor - but non-broken (bnc#853019) systemctl is-active -q apparmor && systemctl reload apparmor ||:/bin/shutf-84ef7d30e3baa31c7661a02b7c9a7c46f6b331fe95aebdc3d5265df6ae2513dee?7zXZ !t/Z9]"k%ֻR~S4)I&EUV9MJ9~p %VnD"0zosjA1 . 6 [ o 4w=}m<$Zi.6SޓʋJ,.nXo00*Њ&.8$K}Uq:MdN!&_vӈy!7jČM5cu lDϬXjˆL)jH 21Wk0(4G2! RA5[rV!ĉhИÇf6Ő4FrP-N'vW! lZ׌p?"dMuzA!K}yZkiɬly/R @@:JT+dCa"Z8;y Mpo Kce24m?[ˌBLoԔ;5ڍ=fy *C?h{$c8@{X cm)Vįyz(4O\# ff+[Ͷnn?9&E^ŠPң-Vuٶa2Vw!+nۻĒ/f^_D#w7iiGOJ8 $k tFGiuԧu)@:r)ȟ QB?*m=eP R"' EglWp:Y%]V*|>PP_Gz<*N!OvBmi!/oj2L?ks-3{ 󣇖Mi}ZCr~-G2t@>{9'QAO5 7Փ훕@.59e}!k<-G`o? ߲qPHUUvgt(/M^$$-R7ȻveVػH~"XGm)# ё N2]zcvta7Gڋr!=oσA߰Q4T(S=}Лq8Sl6q MU}88`ӔP'NW9~0ng9aBP[YAP ˽;i؏n3&NR%)F&J4c>Jծi@(QX Aum*zf빜,Eg#Haj!N Dq[Us">GIk̈ա+y}WDt1lCLFy=XD?SR-oXivqֿY `Ay$"mvH9:wo#k#e6[W7A92.>ʋU IgȋzԖ [=L\/Lp@Rfkj˘Ǿ1s<.NDح b̮+ {Oj{k@fpǥtcM]Wmc ">1)  l>oHAQbIv3J!ܠS\g}-(Qwg닭|MԴ2Z1^?'9'EYmr+; ĭg-/*42'uk : ނy_s8T rY4/F6Nd5 7Z-I63fq+=;$߉L,2GPhB&nO-!0-{زz jL@) ` 53ʪ8ڱ#3w-3b &&6}@zKp5Lߍ,N NkyU+zR'+D#]%L г3Uu(wؒeZ7.=OH~.8[^xfӴzeX7zrspھ\>FEO& U$Hg:s B> =ENk|k2D$Gp: &@!54|AF^JC2G@8/N']zbQ.\[ Z$qAћ}F4t0/? As.ZR \d+<'Ktߦo[ܐU Rr]Ѹ*Z5/hk:)[;!8a,a ɫo'M3_vu#rNqjO&n䤻ϡ*..W;13X~p}GskE SYEI/g-;oY GO+k ISc& Yb鄥3_}Fjiif]R Xh XG,ON,ZѠɑ0e15:rȖ*eo*ʪs&1PA8k8/! %{"W,2[y"!1QE5^ -(e`MM0kοE$8w:lSCfzḎNfEΘ-g=ԑ ѨOYmn&cYWk\bǤKk`+2- l~fw >j=Ú-JjvzǦf4^֬Ai.=IE ĂѺ mP@+F#: _rwo(\X fh'ofd2TeɛXξy )Pz$Eqh4LQ/4N&u91{#(`#{RrĪԳgYկ/4US*$6!o#2V&֒ʾaM [j̐Y @! EE/OoPNo_VCJT|c }0HD(+1 .Ӿ(ÙZ[ӛ[U>hJ X6"Ap T1ԧ!V!+)oN8_qpHchRKnҡ80X+Jif}-WRG}δLok7@dJcvΠcGBsU| _zĔ3v£JgRV0G0 q( ac#Q@$uhH d#Y'osG0\ )zK.<7d:NYe,K#ɽ%"j}_wCTPөlQWkԶCgl{i )`x.zY% ug Q#,iP&K_%1KTlT(#_czSci.?_A>cz[2/IԣxxXиUJEx= ԿɨE{W<=ۑT %Sب}M,@C(SHHĖ+mr0<ot?NHH"N_~R#܀r[үnY5Y Spu,L`R7x,}DZfCJ%U&Pw^hvܵQ.Ma8 _ )P 1a8ǰ%=Bl܃ 6o?NRcq] @v(D8ߏfBptb bj"/$1!EIhao"> z헺u =bGxwwmm_ BC@z濑rG#|D}'2ɧJgv2ʟ;7 y*Ƌ%7}MLV~MwTēDSP\} G8XG-@Gž~vsh>1e];)fa];]~'u S9dQL\j Te ~RÐkEMQ۵P[#1wH{vgG\H_2u`f r dIU#ttyfAmog-$b+ԭ[,1ΗWҖ *X%a:L5U%tbiJʚRQuϠ7ֻr166A1Ҍל]z6}O45r6T"'Ү @rF" 7%8M? yO0JW<0apLRm?h!}/K[On ˇtś]R- :ثɦ,NMNj:JI@S ͵s66gb9DM_ `Îͩz񡦍2%~S}wtZR~2ɮ :aȣZ`eiU9X?0shQ.8K]T]:m~!)etpUc\Bl:\Cc2 *TmX[;cn;{+ IQ#q>gm\r!ʆ ~AnXP!яfǾ :fƺ={*fq8zW=D)EҪ/@SUJeE)?jUp9 vzML0Svk U9X=3v Phm"g#O.*gDZHyY$.i%+<󇻴JT1 >>mf$aC<8pժ'f@u]ԑ&0D.F\٨Ыhe=ix⡥3*8?Z+n7fK`RL|G|(?q$; SnLcl-LMw\^I1lh"5cX*Fp9cr-:ǿL< U#j}z3JWdOX[` L]y P{+`n9wPe5M?s|RlQ@2a#+M%?_1;p>r hY!N#ôdie#aZPohtxH j+&ZBSRm3w^)( y&i(=3<pIS0q(9Cۘ 6bԟOj"Ef9FZtEY̐@'g^ \yn%TnʸKr_7'jhm%ad#GG [A*pz /2"rRcu t7j ,a'~GdTv { f@&{¶5]_ɯi;d"12o`A9+{?ӯ1r23M0a\ۼx1voE66Rt!uX DnEU}Tu,QrX;jՓVÑAGTnkT;PvK8S꒨yWb Q9|{LAgcCq# cE6]RD{{jlAu <<]wOv*8"ܮs(8KDSRoˣ,l;>axY{Q{*[~ZmaeR6}:w?9'Ttw aYg<{v$*h񒸖Ȇ3 {Ma˛[]̞̒Ef%>ɨEP Ĕlo2ldȢyj+ 6-f"7-_>MЍrڶ'3WXYэ.ʪO1x6ѣLK]X-Гj!ǭ~ŭl mѫ}S}γl8J>5 q3E JS/9ci"ZĵшWoQ2Q?;zr6Ey"×:j-w Y,K+< ĠϞx2"E6lH EM LQQ/P~4E c> =:U5MU=Gueidـa,x>j܀j0d)WBΧjC˖TY_^;1 Xz"NU{ Qorwu| uh]=|#M)u(c$F$kijP<,DE'YI)fSq8 >wfG ȸ 7s2+c3#B:] tU4?4^Y$X M4\&j/F z7tw(#~) :EP#vkBYx߅noi g} 7*(+ zZ[<>6i$8T|WmRI1'7DpG.d w*+08$##!a6чZgFy!Oke*'i,? 0!*j)@%JնLPKpxKGƺ9h?u$9@_qC:Ϡ(I} ň!n{.p)U0n5@ A_4{oObQnXo_:tjz@]TOJlLCM/#)"3'o n?ƹZ[b>2lHzHp؄ k)A5y1? DU>Կf!W6dϤ"WS`rR I2BGla"5o,CpgJ>fLt;NLEc>ZjSY$v0љluwBZGyQݯLMYwa:m2 ,tȅb3b΀:- `v+Ө?k`}ga*w,PqsCFƤw@KS5 ̔I"Bjc7a,uU`kQ906 ,vu4(ުah҅=;#^4m@{ ?i|B BTjUĬ:#4;lH/kIKYGV+`%CUS`"J` GXFWeO<ڝH+#qPG0I_II=3 c@p Ja}M~`NSŵR_I.?]"j_[eWvuH? eփ|ƘsȢ/ztAciЍE1wi=X892KMBCp<= r J^q`hՓGs]KiKE)[wQݡb\@Y|q,14ow*sԷ@XĻ| #-:ݾ0'G,68c;LZ}=ѧZ@lO x<*X"5ߴpB TH:Fg#/MoyIHji<zbf@Xp7%-1Yg &|䓉l^+H@Dxq.׽VORb_WIDTi$8]`pء $'[9[&MoK&Xzc0 6[PRj`AthҶ:rCPQ^kj4iܻ!)|L O B5$%"rxUD^)Z/ZXhz,KLq4z bMn1AŊ[uoucur TF;^.C1Cu:@XE^t'ݴҏW-l)Ѯx rUVIglV6 =ŒZ餧;S8hb}9:2rp 7mE6sxxUkոT %i?Bȸ`٪BuKw+4˿ %?uLZUĜV2h{VuH2UgB$5w&l4et#RN.m>gyOi Xvr5=匋ؾCBDONs4Idx'_vQSuTo G:փPRC!3`;dZ_0] BpVL3y/$!4 x3s8D!yP^GiBOae|R&@|zQ|vn<1koA@cy609jRGᵪr1v>8ԨaQ \ 80VfrIp5Ѕ7=wIIP@;b\RFO%31htA<o:N^dAs"`l7uRqum!-u@z0uY){slࠀoޗE4qle*(/jbP}a{E)0/-3wB;tLB3X³0yt%xB># ?a@$1P$cWgr?fT9LIg}_2S۞]N#ῧgC X?( N+ṗT\*\ y&q|dI~ CMoK ^:1Lܪ&Ur~mɌ\EX(QYbcRxXuLe(Ӽꞧ&HWH$QקfOwk{K@x'&.P~ 0P+-VxKCܵn !kE_wԃ׳E2sSx+1`>Pwwg 4z>+!@?Pa:⢢ovo^Hg09՜{aRJ*漮Q&XDNh  ~/`SH@ь"&&0?5*IsiaSNM+(,rR."^AL maW<{nXep'QÔ{e6SՅ(WsBOÃ$q6ir(N>Ǡi"' Ѐʇ@zg^Wl,~/Q3`zoEXZ9N%~^m|!z 5c$O #oM!uWvX+`%X E-M_3 rϩRIq]>J++N.Q?=UQֹ^5t}7yVW^B+/WuW3h Jh1/~Z^eւ4ߎ+(O% fզxjmVb8hSWX+,E>q?'V4PL.&]O1-FBAJA sHcZ遑#y-^eΣ[8ߥIƇDϪNY68PqOoy=#+?HT)[Vk ~XRz9Nab0DG凍2n]h4Cc C!TmAdGXqL[5}">Q:؞ۣ-gz$s{4)C BF\2/* Y:ާfV-y}N}Q#HޚPu=.n焎4hV fa'>;wΊ:eǮo82'v#@/tJ\,e5F|0n~%V_ܟ?i#)d%ED4w`71;ʋ r%V3kpg?w>jجuNK*Cf(+kD=Dٞmk 1N_Tۺ2ÿ[Kͻ$L'I(NR; tM0 @ٗYp0x]6d73s.4.VU9 0:_6yB N:pb'z Kb;;q,2<FA]] @E'_(qHȭj x|kbe,bgu a%FmڟvLHDP5aHhdL>8Soѱ-u/j*X$斔WK Y!Lxֳ_뻹RgzSZHG6z˷3mBw7Rbޅe淃!)[!)$A?ξ-79i]r?r