������libexpat1-2.4.4-150400.3.17.1���������������������������������������������������������������������<���>�������,���������������������������������������������������������ep9|�����[�4#`9D�ti���5EPí`e�ւ,0#$ݡI�.XI�Ѹ]�AT@cz�F�w)Ä�Qu�COee� �5ݚ�+�\&s;{�Fu1?.4qRڒ?wŢ�' 쓈/s
F�n KH+QR}$���;++GH�G̶VxmB���lI|?C{K�S}\k,;sXsǤUw���>��������������������@��h����?������g�������d��������������������������������������������������������������� ��� ���������� ���3������������������������������������������������������������������������!��������������B��������������F���������� ���\��������������m����������������������������������������������������������������� ��������������
��������������������������������������������
�������������������������������������������������������$���������������H���������������P����������������������������������������������������(��������������8����������$���9����������$���:�������V���$���>������d�������@������d�������F������d�������G������e��������H������e��������I������e��������X������e��������Y������e(�������\������eT�������]������e\�������^������e|�������b������e�������c������f1�������d������f�������e������f�������f������f�������l������f�������u������f�������v������f�������w������gl�������x������gt�������y������g|�������z������g�������������g�������������g�������������g�������������g����C�libexpat1�2.4.4�150400.3.17.1�XML Parser Toolkit�Expat is an XML parser library written in C. It is a stream-oriented
parser in which an application registers handlers for things the
parser might find in the XML document (like start tags).���eh02-armsrv1����SUSE Linux Enterprise 15�SUSE LLC �MIT�https://www.suse.com/�System/Libraries�https://libexpat.github.io�linux�aarch64��������������ee�4e83a7575560bbc10ce5c314e19004524e37877d00d8d1f83dcbbc9545045064�libexpat.so.1.8.4�������������root�root�root�root�expat-2.4.4-150400.3.17.1.src.rpm���libexpat.so.1()(64bit)�libexpat1�libexpat1(aarch-64)��������������@���@���@���@���@����
���
���
���
/sbin/ldconfig�/sbin/ldconfig�ld-linux-aarch64.so.1()(64bit)�ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)�libc.so.6()(64bit)�libc.so.6(GLIBC_2.17)(64bit)�libc.so.6(GLIBC_2.25)(64bit)�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)��������3.0.4-1�4.6.0-1�4.0-1�5.2-1�4.14.3�e,eN@cY!@c1@b#Pb�~a a@aZ@aɪa7T@`@`@`u`lM@_y@]�@]y@]o@]�G@\\�\-@[@Z
}Z
}Z�Y@YYdY[@WW~W=2.4.5] Fix to CVE-2022-25236
breaks biboumi, ClairMeta, jxmlease, libwbxml,
openleadr-python, rnv, xmltodict
- Added expat-CVE-2022-25236-relax-fix.patch�- Security fixes:
* (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs
- Added expat-CVE-2022-25236.patch
* (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
2.4.5 does not check whether a UTF-8 character is valid in a
certain context.
- Added expat-CVE-2022-25235.patch
* (CVE-2022-25313, bsc#1196168) Stack exhaustion in
build_model() via uncontrolled recursion
- Added expat-CVE-2022-25313.patch
- The fix upstream introduced a regression that was later
amended in 2.4.6 version
+ Added expat-CVE-2022-25313-fix-regression.patch
* (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
- Added expat-CVE-2022-25314.patch
* (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
- Added expat-CVE-2022-25315.patch�- Update to latest version 2.4.4 in SLE-15-SP4 [jsc#SLE-21253]�- update to 2.4.4 (bsc#1195217, bsc#1195054):
* Security fixes:
- CVE-2022-23852 -- Fix signed integer overflow
(undefined behavior) in function XML_GetBuffer
that is also called by function XML_Parse internally)
for when XML_CONTEXT_BYTES is defined to >0 (which is both
common and default).
Impact is denial of service or more.
- CVE-2022-23990 -- Fix unsigned integer overflow in function
doProlog triggered by large content in element type
declarations when there is an element declaration handler
present (from a prior call to XML_SetElementDeclHandler).
Impact is denial of service or more.
* Bug fixes:
- xmlwf: Fix a memory leak on output file opening error
* Other changes:
- Version info bumped from 9:3:8 to 9:4:8;
see https://verbump.de/ for what these numbers do
* Drop unused file valid-xhtml10.png�- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474,
bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
* CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
for XML documents with >=2^27+1 prefixed attributes
on a single XML tag a la
""
where XML_ParserCreateNS is used to create the parser
(which needs argument "-n" when running xmlwf).
Impact is denial of service, or more.
* CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
* CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
near memory allocation at multiple places. Mitre assigned
a dedicated CVE for each involved internal C function:
- CVE-2022-22822 for function addBinding
- CVE-2022-22823 for function build_model
- CVE-2022-22824 for function defineAttribute
- CVE-2022-22825 for function lookup
- CVE-2022-22826 for function nextScaffoldPart
- CVE-2022-22827 for function storeAtts
Impact is denial of service or more.�- update to 2.4.2:
* Link againgst libm for function "isnan"
* Include expat_config.h as early as possible
* Autotools: Include files with release archives:
- buildconf.sh
- fuzz/*.c
* Autotools: Sync CMake templates
* docs: Document that function XML_GetBuffer may return NULL
when asking for a buffer of 0 (zero) bytes size
* docs: Fix return value docs for both
XML_SetBillionLaughsAttackProtection* functions
* Version info bumped from 9:1:8 to 9:2:8�- Update to 2.4.1 in SLE-15-SP4 [jsc#SLE-21253]
* Remove expat-CVE-2018-20843.patch upstream�- Update to 2.4.1:
* Bug fixes:
- Autotools: Fix installed header expat_config.h for multilib
systems; regression introduced in 2.4.0 by pull request #486
* Other changes:
- Version info bumped from 9:0:8 to 9:1:8; see
https://verbump.de/ for what these numbers do�- Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"]
* Security fixes:
- CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
(denial-of-service; flavors targeting CPU time or RAM or both,
leveraging general entities or parameter entities or both)
by tracking and limiting the input amplification factor
( := ( + ) / ).
By conservative default, amplification up to a factor of 100.0
is tolerated and rejection only starts after 8 MiB of output bytes
(= + ) have been processed.
The fix adds the following to the API:
- A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
signals this specific condition.
- Two new API functions ..
- XML_SetBillionLaughsAttackProtectionMaximumAmplification and
- XML_SetBillionLaughsAttackProtectionActivationThreshold
.. to further tighten billion laughs protection parameters
when desired. Please see file "doc/reference.html" for details.
If you ever need to increase the defaults for non-attack XML
payload, please file a bug report with libexpat.
- Two new XML_FEATURE_* constants ..
- that can be queried using the XML_GetFeatureList function, and
- that are shown in "xmlwf -v" output.
- Two new environment variable switches ..
- EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
- EXPAT_ENTITY_DEBUG=(0|1)
.. for runtime debugging of accounting and entity processing.
Specific behavior of these values may change in the future.
- Two new command line arguments "-a FACTOR" and "-b BYTES"
for xmlwf to further tighten billion laughs protection
parameters when desired.
If you ever need to increase the defaults for non-attack XML
payload, please file a bug report with libexpat.
* Bug fixes:
- For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
for UTF-16 payloads containing CDATA sections.
- Autotools: Fix generated CMake files for non-64bit and
non-Linux platforms (e.g. macOS and MinGW in particular)
that were introduced with release 2.3.0
* Other changes:
- xmlwf: Improve help output and the xmlwf man page
- xmlwf: Improve maintainability through some refactoring
- xmlwf: Fix man page DocBook validity
- CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
and CMAKE_INSTALL_INCLUDEDIR
- CMake: Add support for standard variable BUILD_SHARED_LIBS
- Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
- Resolve macro HAVE_EXPAT_CONFIG_H
- Delete unused legacy helper file "conftools/PrintPath"
- doc/reference.html: Fix XHTML validity
- doc/reference.html: Replace the 90s look by OK.css
- Version info bumped from 8:0:7 to 9:0:8 due to addition of
new symbols and error codes; see https://verbump.de/ for
what these numbers do�- Do not BuildRequire cmake: expat is part of the distro bootstrap
cycle and any additional dependency makes the ring larger. In
this case here, cmake was even only used to own a directory.�- update to 2.3.0:
* When calling XML_ParseBuffer without a prior successful call to
XML_GetBuffer as a user, no longer trigger undefined behavior
(by adding an integer to a NULL pointer) but rather return
XML_STATUS_ERROR and set the error code to (new) code
XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
of Clang 11 (but not Clang 9).
* xmlwf: Exit status 2 was used for both:
- malformed input files (documented) and
- invalid command-line arguments (undocumented).
case of invalid command-line arguments now
has its own exit status 4, resolving the ambiguity.
* Other changes�- Update to 2.2.10:
* Bug fixes:
- Fix undefined behavior during parsing caused by pointer
arithmetic with NULL pointers
- Fix reading uninitialized variable during parsing
- xmlwf: Add missing check for malloc NULL return
* Other changes:
- xmlwf: Document exit codes in xmlwf manpage and exit with code 3
(rather than code 1) for output errors when used with "-d DIRECTORY"
- Autotools: Use -Werror while configure tests the compiler for
supported compile flags to avoid false positives
- Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS, e.g.
ensure that they have the last word over flags added while
running ./configure
- CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
- CMake: Detect and deny unsupported build combinations
involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
- CMake: Install pre-compiled shipped xmlwf.1 manpage in case
of -DEXPAT_BUILD_DOCS=OFF
- CMake: Fix use of Expat by means of add_subdirectory
- CMake: Keep expat target name constant at "expat" (i.e. refrain
from using the target name to control build artifact filenames)
- CMake: Expose man page compilation as target "xmlwf-manpage"
- CMake: Introduce option EXPAT_BUILD_PKGCONFIG to control
generation of pkg-config file "expat.pc"
- CMake: Add minimalistic support for building binary packages
with CMake target "package"; based on CPack
- CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with default
OFF to build fuzzer code against OSS-Fuzz and related
environment variable LIB_FUZZING_ENGINE
- Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF
- Address compiler warnings
- Address pngcheck warnings with doc/*.png images: Version info
bumped from 7:11:6 to 7:12:6�- Version update to 2.2.9
* Other changes:
- examples: Drop executable bits from elements.c
[#349] Windows: Change the name of the Windows DLLs from expat*.dll
to libexpat*.dll once more (regression from 2.2.8, first
fixed in 1.95.3, issue #61 on SourceForge today,
was issue #432456 back then); needs a fix due
case-insensitive file systems on Windows and the fact that
Perl's XML::Parser::Expat compiles into Expat.dll.
[#347] Windows: Only define _CRT_RAND_S if not defined
Version info bumped from 7:10:6 to 7:11:6�- Version update to 2.2.8
* Security fixes: (CVE-2019-15903, bsc#1149429)
- CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber
(or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype;
* Bug fixes:
- Fix cases where XML_StopParser did not have any effect
when called from inside of an end element handler
- xmlwf: Fix exit code for operation without "-d DIRECTORY";
previously, only "-d DIRECTORY" would give you a proper exit code:
Now both cases return exit code 2.
* Other changes:
- examples: Improve elements.c
- Autotools: Add argument --enable-xml-attr-info
- Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom
- Autotools: Fix linking issues with "./configure LD=clang"
- Autotools: Fix "make run-xmltest" for out-of-source builds
- CMake: Pull all options from Expat <=2.2.7 into namespace
- CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF
- CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF
- CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF
- CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
- CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
- CMake: Install expat_config.h to include directory
- CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..])
- CMake: Now produces a summary of applied configuration
- CMake: Require C++ compiler only when tests are enabled
- CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
- CMake: Port "make run-xmltest" from GNU Autotools to CMake
- CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
- Removed patches fixed in the update:
* expat-CVE-2019-15903.patch
* expat-CVE-2019-15903-tests.patch�- Security fix (CVE-2019-15903, bsc#1149429)
* Crafted XML input results in heap-based buffer over-read by fooling
the parser into changing from DTD parsing to document parsing
* Added patches:
- expat-CVE-2019-15903.patch
- expat-CVE-2019-15903-tests.patch�- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937)
* Security fixes:
- CVE-2018-20843 - Fix extraction of namespace prefixes from
XML names; XML names with multiple colons could end up in
the wrong namespace, and take a high amount of RAM and CPU
resources while processing, opening the door to use for
denial-of-service attacks
* Other changes:
- Autotools/CMake: Utilize -fvisibility=hidden to stop
exporting non-API symbols
- Autotools: Add --without-examples and --without-tests
- Autotools: Modernize configure.ac
- Autotools: Fix check for -fvisibility=hidden for Clang
- Autotools: Fix compilation for lack of docbook2x-man
- CMake: Make libdir of pkgconfig expat.pc support multilib
- CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
- Remove fallback to bcopy, assume that memmove(3) exists
- Removed expat-2.2.6-fix-make-clean.patch�- Add expat-2.2.6-fix-make-clean.patch
- Allow profile guided optimization again�- Drop docbook2x dependency, the manpages are generated in
the upstream archive and this way we break buildcycle�- Version update to 2.2.6 Sun August 12 2018
* Bug fixes:
- Avoid doing arithmetic with NULL pointers in XML_GetBuffer
- Fix 2.2.5 regression with suspend-resume while parsing
a document like ''
* Other changes:
- Autotools: Fix docbook-related configure syntax error
- Autotools: Avoid grep option `-q` for Solaris
- Autotools: Support
./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
- Autotools: Support DOCBOOK_TO_MAN command which produces
xmlwf.1 rather than XMLWF.1; also covers case insensitive
file systems
- Autotools: Drop -rpath option passed to libtool
- Autotools: Detect and deny SGML docbook2man as ours is XML
- Autotools/CMake: Support command db2x_docbook2man as well
- CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
- CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
- CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
both defaulting to OFF
- CMake: Prefer check_symbol_exists over check_function_exists
- CMake: Create the same pkg-config file as with GNU Autotools
- CMake: Use GNUInstallDirs module to set proper defaults for
install directories
- CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
- Address compiler warnings
- Fix miscellaneous typos�- Expand description of expat-devel.�- Do not generate manpages from docbook
- Temporarily disable profiling due to bug in build system�- Version update to 2.2.5 Tue October 31 2017
* Bug fixes:
- If the parser runs out of memory, make sure its internal
state reflects the memory it actually has, not the memory
it wanted to have.
- The default handler wasn't being called when it should for
a SYSTEM or PUBLIC doctype if an entity declaration handler
was registered.
- Fix a case of mistakenly reported parsing success where
XML_StopParser was called from an element handler
- Function XML_ErrorString was returning NULL rather than
a message for code XML_ERROR_INVALID_ARGUMENT
introduced with release 2.2.1
* Other changes:
- Add argument -N adding notation declarations
- various compiler-specific fixes
- Improve docbook2x-man detection
- drop expat-docbook.patch
* fixed in 0f5186c7b8e503c669e332d944712de010b265f3
- switch to github for release tarballs and website�- Version update to 2.2.4 Sat August 19 2017
* Bug fixes:
[#115] Fix copying of partial characters for UTF-8 input
* Other changes:
[#109] Fix "make check" for non-x86 architectures that default
to unsigned type char (-128..127 rather than 0..255)
[#109] coverage.sh: Cover -funsigned-char
Autotools: Introduce --without-xmlwf argument
[#65] Autotools: Replace handwritten Makefile with GNU Automake
[#43] CMake: Auto-detect high quality entropy extractors, add new
option USE_libbsd=ON to use arc4random_buf of libbsd
[#74] CMake: Add -fno-strict-aliasing only where supported
[#114] CMake: Always honor manually set BUILD_* options
[#114] CMake: Compile man page if docbook2x-man is available, only
[#117] Include file tests/xmltest.log.expected in source tarball
(required for "make run-xmltest")
[#111] Fix some typos in documentation
Version info bumped from 7:5:6 to 7:6:6
- Release 2.2.3 Wed August 2 2017
* Bug fixes:
[#85] Fix a dangling pointer issue related to realloc
* Other changes:
[#91] Linux: Allow getrandom to fail if nonblocking pool has not
yet been initialized and read /dev/urandom then, instead.
This is in line with what recent Python does.
[#86] Check that a UTF-16 encoding in an XML declaration has the
right endianness
[#4] #5 #7 Recover correctly when some reallocations fail
Repair "./configure && make" for systems without any
provider of high quality entropy
and try reading /dev/urandom on those
Ensure that user-defined character encodings have converter
functions when they are needed
Fix mis-leading description of argument -c in xmlwf.1
Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
for CloudABI
[#100] Fix use of SIPHASH_MAIN in siphash.h
[#23] Test suite: Fix memory leaks
Version info bumped from 7:4:6 to 7:5:6
- Release 2.2.2 Wed July 12 2017
* Security fixes:
[#43] Protect against compilation without any source of high
quality entropy enabled, e.g. with CMake build system;
* [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
resulted in NULL dereference, previously;
* Bug fixes:
[#69] Fix improper use of unsigned long long integer literals
* Other changes:
[#73] Start requiring a C99 compiler
[#49] Fix "==" Bashism in configure script
[#58] Address compile warnings
[#68] Fix "./buildconf.sh && ./configure" for some versions
of Dash for /bin/sh
[#72] CMake: Ease use of Expat in context of a parent project
with multiple CMakeLists.txt files
[#72] CMake: Resolve mistaken executable permissions
[#76] Address compile warning with -DNDEBUG (not recommended!)
[#77] Address compile warning about macro redefinition
* Added patch expat-docbook.patch to compile the man pages with
docbook-to-man
* Cleaned spec file with spec-cleaner�- Allow building when do_profiling is undefined�- Build with profiling when possible�- Version update to 2.2.1 Sat June 17 2017
- Security fixes:
CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS
Details: https://libexpat.github.io/doc/cve-2017-9233/
Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
- [MOX-002] CVE-2016-9063 / bsc#1047240 -- Detect integer overflow;
(Fixed version of existing downstream patches!)
- (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
longer tag names;
[#25] More integer overflow detection (function poolGrow);
- [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse;
- [MOX-005] #30 Use high quality entropy for hash initialization:
* arc4random_buf on BSD, systems with libbsd
(when configured with --with-libbsd), CloudABI
* RtlGenRandom on Windows XP / Server 2003 and later
* getrandom on Linux 3.17+
In a way, that's still part of CVE-2016-5300.
https://github.com/libexpat/libexpat/pull/30/commits
- [MOX-005] For the low quality entropy extraction fallback code,
the parser instance address can no longer leak,
- [MOX-003] Prevent use of uninitialised variable; commit
- [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
Add missing parameter validation to public API functions
and dedicated error code XML_ERROR_INVALID_ARGUMENT:
- [MOX-006] * NULL checks; commits
* Negative length (XML_Parse); commit
- [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
- [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
to go further with fixing CVE-2012-0876.
https://github.com/libexpat/libexpat/pull/39/commits
- Bug fixes:
[#32] Fix sharing of hash salt across parsers;
relevant where XML_ExternalEntityParserCreate is called
prior to XML_Parse, in particular (e.g. FBReader)
[#28] xmlwf: Auto-disable use of memory-mapping (and parsing
as a single chunk) for files larger than ~1 GB (2^30 bytes)
rather than failing with error "out of memory"
[#3] Fix double free after malloc failure in DTD code; commit
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
[#17] Fix memory leak on parser error for unbound XML attribute
prefix with new namespaces defined in the same tag;
found by Google's OSS-Fuzz; commits
xmlwf on Windows: Add missing calls to CloseHandle
- New features:
[#30] Introduced environment switch EXPAT_ENTROPY_DEBUG=1
for runtime debugging of entropy extraction
Bump version info from 7:2:6 to 7:3:6�- Remove pointless --with-pic (for static only)�- Version update to 2.2.0:
* Fixes bnc#983215 CVE-2012-6702
* Fixes bnc#983216 CVE-2016-5300
* Various cmake and autotools script updates
* Fix detection of utf8 character boundaries
- Remove all patches merged upstream:
* expat-2.1.1-avoid_relying_on_undef_behaviour.patch
* expat-2.1.1-parser_crashes_on_malformed_input.patch
* expat-alloc-size.patch
* expat-visibility.patch�- add expat-2.1.1-avoid_relying_on_undef_behaviour.patch to avoid
relying on undefined behavior in the original CVE-2015-1283 fix
[bnc#980391], [bnc#983985], [CVE-2016-4472]
- add expat-2.1.1-parser_crashes_on_malformed_input.patch to fix
Expat XML parser that mishandles certain kinds of malformed input
documents [bnc#979441], [CVE-2016-0718]
- use spec-cleaner to clean specfile�- After simplification of expat-visibility.patch, it became
uneffective as no symbols are getting hidden. add
- fvisibility=hidden to CFLAGS again.
- expat-alloc-size.patch: fix braino, realloc()-like functions
should not take __attribute__(malloc)�- Update to version 2.1.1
* Fixes CVE-2015-1283 — Multiple integer overflows in the
XML_GetBuffer function
* Fix potential null pointer dereference
* Symbol XML_SetHashSalt was not exported
* Output of xmlwf -h was incomplete
* Document behavior of calling XML_SetHashSalt with salt 0
* Minor improvements to man page xmlwf(1)
- Simplify expat-visibility.patch, refresh expat-alloc-size.patch
- Drop config-guess-sub-update.patch, fixed upstream.�- Cleanup spec file with spec-cleaner
- Remove old ppc obsoletes/provides�/sbin/ldconfig�/sbin/ldconfig�h02-armsrv1 1710749839����������������������������������2.4.4-150400.3.17.1�2.4.4-150400.3.17.1������������libexpat.so.1�libexpat.so.1.8.4�/usr/lib64/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:32868/SUSE_SLE-15-SP4_Update/25076609447c9113fea917c2cb786238-expat.SUSE_SLE-15-SP4_Update�drpm�xz�5�aarch64-suse-linux������������ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a167250b992caee8a6def35aa8ce5e5a6c6c1a64, stripped������������������P���R���R���R���R���R���7�?,]k����utf-8�3dea0fc5a5de07ce6c49031e77a6b7ea1f96f898bb43e42fd809142e76b17296���������?���������7zXZ��
���!�����t/༚k]�"��k%{U}d�tb3z,n褖ks�i;-l�1ƌ�XzG(�u1B{DZ�P�X�]E^�moF��88Mc.?�#x#͙vgnu����Z%8ٜ)fy5Dz;ӡ 0jS"㵄7��[[I�@lQ~+vXEg�`6S)@�СFq6c��=(�7gH�(D1� \l8#Z�04�l
�&�lq{}h_ҽH|�8R��3BQC�c`A璨Ӽ� UҠhfv]a 9��!E<{T�Q?�t~؆�dU욯y
a��2Gg]F�-$K2BFbVD�uCّ$y?uD�&�^&|����~Ԁ6gR�݂My5
V��X^5{h
w|�Ϙ���$-_1~�RВ`e"�h~5\MJ�ٶg%��3Q*40G2͙MŲ|ņ�<{қ3K3lYp9�^�VKT%(-qJؽw��EXu�`BYz^,/Wg;+�"*04nأ��ňS:U7a<��m�MGKM נ묖�wLs�Cz�*�N'cG�nҳ]9=͜i�RUצpPIGnѹ
r-)'0~��h�f8}{ ]�p� P x},�!~3�yDq 2�Z,lC4o��]{�)Tv�Ka8ā-
V��[
�F]åK��-�K�+kyɌ:��i*�e ӓ�@C4�GމjZ%fC�.h@�-�H�-XOiMw,_�״n��elЇhf]R=-g�B+5_/ܳ�R()���^+D@7SQmRFiɄhޭU�=C�;T3#[�d=3{�7�f�D�ZED=8xe��}#
hǟi[�O5{u :'�Ь"�*jwS,--WCA{r#٥�p'%6fH���^��yC�|`4u\q>K�?]oɗR�d_��
7.sA$FU)�g�(it����ܖiP4�습v�>VeL6Y��d`!<-�&ֆI/èd'W�mCS3�Ӫ%�W�,E�r��A����:���ch�S2z� I�
�� ��y;lymW@ޗˣ]�b�=Q8Y�/+ j�T3ۙq6=FE_۰5Xmc,>;�K
}u=eKO�oik`K�5/O60o~'bgfO] �~�H�z֥3uRDH-�o�� Qb3
p|�� ֍ù+j_\�ͨoCf�r@Ȅ; ¹n�pxf=J�c�u�R=�'I�\ �DʋJ+��~�,+W�9+\(zp�%ģ&�G\^�TSc=T�Fh}�xؓ�(��?>JͿG��1.�e�;����nH=mLE6:La؆>-yq|<Ľj_@gJЊ�lmE%�!#>�Z~�]%B�+;KJ>+6=Ko£`>уԏ�8]տ*~źě\gp1Xk�D�{0.I�[HƎo
/I"\R��(۬�*QL=;O�^TZ�1��UCK�_&i�~��˵J@��;ͻv�p@8Bt�ef#\c�\�i��k� "�s_I�!#65K2Wvgwd#Hj\8:��~#甒�qXLK%_�G7'$ p��9G8nȰ.6�1,$
)vC��4��z�H0*'��'Oű�-,BMl*���xqPVnlY�C
b(KUH]6����bc]!�gl1t雄e/�dI�Q��t
���^Eue�Ԗ�J J
�-j4jyD\LFMV|�H?&QE9\$�Zm��p��"(�7P"�cbF3XLVjoC:߹+ E!�7BE<��oH8�]�-|o�[�m@֓I{Q�M�/o]�Y┬�fM'x́�%ý�-� �YsbY.s7?y쟵s5�fR�s�["c}+Gs&Cj%WK D�5z�H]3>6-V@�x~Ixl3F&@"P
:?#'',yq��t_�v847�V�Ͽ_ ૾>�S�Ŷruk �&N�"$VpHr#%F[�4}$GFå��k"��rQZ*P2Wr>�%! �.&k$% O8[�BWÌ*��}���Y#���m(-�ꄊvU1$��\c�۸��,bu
8C!ktye�&�挼IlҦ ]^Y}2�yl;5�r�zYHP,e_en H[-9P.�%RE�U-�>Q r@oY{֧섶d�<="I3�mJ��"$=SkbCs)|&eӶq�+.Lĺg�RSyRR�},P�Ltu)6�1}nVAh�) 259~ǿjv2|rFrR螅CsB�ˤt_�'$
j!͢�X 8!"n+��l(G< �cؒcܜJ�,+5�Sd�?f:#�٬4Oa;Ջo,@μ丑5ek.���-$�,_"Z6<}V�F�DT��6Ě`�ݶ
},w5�Eހ�%)XA,F3U6f^ˢ\�Hfj>âh�kc9;žh/��UW<%g|,3�NmN2MP'mL�5u��LJ x#%"F{�݄c{Ȝ�u6FBYsl4L���aRu�5B�ރ/�
1��U3(!Ǜ�\r�{JlbnE^D="qz�*HJ.k�u"�IT`*C�:3<9�eqI�^.�η<���~Ox��|V)�V|*z;Ob@R�D,Ud\Y/^r|,��;_�5+=TSAs`S77q#����y,τ2VuTQI丶P}F�I
qo�%Y�
C�_X�=f�I#"�,�=#{V{r�rH�zF�PU;���Mӿ��θ鄞Ki��S
�
�Y�oסk-ʼ_�٣9ʷxDoÙ�X�읒E�ѻU��De!RfC�K\}qi �/SW�N�-?�rj<{ܪ�,ܩa�H�4l�Qq��ŝ�GX~(2oV,YP.�4LI�C,nҺ3'�2qzC�}�E�"�I.ID�&��AiPZ;[Pn@T�2?c
E>Ovo".�œ�5f_�JDwZY~|DV`�#�e1�&�X3�!A8^L`&LX"�8F�^*��6X�7$�,G}�0"cklČlzR�;�zH;�cl�T�-0t !y(!dԫxd&_�\w'R.W'
�/��j�z)5
CX�;,px.r"D�
H�e;^rEoO
W)ۯ!{2F:)��BEq�<>���� \,z4 pn�:^$'o4ŜSMTi�60avT�i�O�h(/ƗP/O��hBO/
˶��t�R,s��y,�=�?~2W- v¦voa��C_Ɣ�.Ay:f}� >L$?t�^32hK-�@kecxu�ebio.(S�l}.P�D�v}C#7�[$Z�DM_&`x[KW+Cbvw[úzr�k][6V(gS�_k�AqN��)]\Z(VN;e�/-J��Y(��hPm�e�+�X]cR^C伐8�x|(7uakWԿG58frze�5X�s9U�X�s*ٗy.�@ҎX]V"h�-9ϖR�F'Wa*dul�D�t3}l'90"ՅKl�Sh4Gnq"A[1e)�YAqʂ'3�6�Ck8q�p �d#É䎆f?�Y*'CA� i:k�t^֨z�PJq"w bzKio�qpпw�8NCrs��y0
ɑg�qG�pc΄QgE�PÕ�:�`;"KϯE=�1XU*b��RYD Tg킍g[Y{|AfPz0n$�X}E�}m eBj`g�rF,R}*rFT�r�f1]t�%cB�gV%d�>!VLX#_'{]$AXc�_K 2sltKY��!6+T:0w%sl·N�='��t+l5bc��ν@ KFp�!a$ޅy#M{gF/f1&z�ϵ{mF
�gNZ�,ԾU#a�ڶ��{<_gK�aQWW+a�AYnK�MLv�hQ
#f50:3>k7*oF4��d5N�>�~qo:zu]`E@d!xi%z(Df�OkDX/퇷u&\.$=kq<ӗ��D/�Y_z=�]/E�)cwa�b�2 �tr
(}@6W13:��ϕQi+!>cI�@rco{H㤷f$�YǕ9_
69#T'}1}eOaH}/m)x`is YE,Eأ�^�zbq$"z8#;FF#W>>}|E?�L&ϝߢm-lPy%"<$UA�d*TQp3Ͷx1t"O1=MZ3L��]$2װ;qGY,Kqmk�`O%�uMŴd+�[Ul�:*p4(/Z;O�c�&�wϥ)t^VԴfðv �DԊ:
:N`�QL'8"2 o$�pp�9z�z(݊6|qW
_|%wu� Y���� �o�fIoY+�1�c*;LQ]};fuuF�=5!}ɻk~eR�"F4wS�ᵂ%J�^��=H eDX� !xѫ՜DZYYޟ"%�%�Ƥh\ޚ�:[�b1y,(MɁ��9�ȥеN]4�Z4l�k�"cw,a]/N2̵&�g/Uq�,D@��C`i�Qky"�hL�O��%�X�:n묐�^<�AWS�tP(̨ɏ
k�MY�hf*c�Fl1#y��o �$Tťk0U|�,iba/@!Cl�-�Lz��0� Bz]y�f(Rz��(p�6B%MV�#G�b"r�*2ۡJEw� �~�5�o`e���`L�;)o)�=uh_a;#/4�3WX
��խ8eX~2�#,(`L�0C�7��":.g%��0Kz\P`e
��z"�6i�[/;}н~�^4d12!Yq7:KS�S�}S�TrHD;�; 3/BXKb
/<+Ķ�iX2!�{c�0
^+³;�U�b��>68}c ��R��f&T)�c5p"}.
Jkju}Ɇ\6�WS�
d.5���1\ApYߧieNY拙�xAFk[org�ܚ��~K�=#�Ϲ�Nn-g)*OeX�^�M[G-֖k)���OHR�:S��3%�]{щ�ا�H4]13�}��sTҫ�C8r%#�;+v= "CUy��X)BZ4f�s�1��q��:-[��bHp�C�z�Z�(ڏ
Ƈ0݈TNh/DgNaag#Qf>%ɀM3�N��{C[f2o#O M���_?Che�UDʼuWcW/k[m��¢7�Bl��1�}��u3wr�C\im˾1�RZ 4��W���;@v&rë
�iBpmnS\�>2�؎#�v6pCM�<�XE!WLB֑Y�͐s�4'�
,!!yS�I6�~/BS�ׅ�-Zz
L8�!��vn+~Lik�5Ql2�ʄ
2@|�ڐ��b8E��~GāaC�_7HAUS�fD�<$?(`Hbϴb RGc5-s#�Mb� 3ZÓKIn��3RjX�i9r3��}ܐ��?]\!ZT�Is�@\4FԷX�+`F@ni|lin@pyMB�=�[z�A56wW@EEy�`bZ5p)uaw`a�p�;3UzC?W��r�9ZWן
�óy.t�G�tmř~�D(D]�+�>V^$�NZbปch�5H߅ $y�M%Ͳۍ m^j6I-�)üf�ߏ�_#�hQx����,v�E
r5B%IkIk,_{mOZ�>/.;}��(e�̻څ,%c�� #/ʞir**1'?�͐@Xɘ�Fc-x�^R�2%B)n�'|tǴ9jOh�>ŽD0���5�IU*�P=n҇;#�d 鸋X?H`7��8�7x6��A*\A��'DLڧ �*N#�uNl��K2$I�{Г6N\�$MO8�ڤRI-ˠ8K�kl'k$ݜ, 2 F?9=5~� L\KS�MhE(�e<�.*�4-T�r{uyCF݄��=J܋rA.{W�V�y�E��:F&a�#
kkgQ%�+.oP?ה
bg��7K1r&Ed!Ƭ�j5>UR/bC^dBda��y�1Y�N�A\"%&�M%aj[#X]=v 8�� Z0֒H�S�\A��/�OvYUZ*A0�~gne@d.˅qb;�4NҮS[H0Jxe@hK_.5�hr0,:_?'K aP@o[̃�b_�ư]�@0iqm�Mp1pPb��M'sP]Pxy餈gEMSeN6J6jH@'Gw
hW���#xN\z�dc+S܆q/N�:tHޗ���7n�Ӭ��e����ڊ�_oƑp��靕UTx�{
}N�EḘ�ږ�uey~=)��+塵�яQ�$dl�r|4#4 HPn|�3Tn
H4ջ��%�}�W&��Hk]}n�mE�7yDz{6"�\Tm|d
7�,Uلf�Uqܮ3�,[J���r�uh�[-�LRj&'g#ZOJ;�i�HI`�B?d4#W״.Ex'�>�wa0`��<(k��
�D�3 f4PʍFJKtMr߾�u?[rL`Yn�]Cޓ R�6j�;bgxk|dLٔ?o�FGyC�XQ��ݛ�P�;F�vF?v�W �IXX4]F��1ɾ>3
Ё6vE�~;�8�kTFDHy@I7�=л�ܱo$_�,�Q_�+896I�&:�8�)6'�f,Xy{TOP�}ur]`-�öY�i���~j_od=N
DAgS�|�6�A9CwÀ?0Qx%:�ppX���z@J7X�K�Tx��SEfT/11p#? "��:fqm�Q�-RAОZ50v$r?]&�8:�EAE�B�a�&3p'm҅�� � M�6wY8�73T.�Ո�w6'r5U8|�LH�)�b��:dp[��a�a`zc7==�,|G}Zs-�|u�O(Ph;`;=5yc`�S5q5E:
E/G6*V=
a�`SGMks�5EO
�-9^�f)DY|�J�q!��.�UQ�>�/9��J-Wܪ�ҏ�7E!ɌE�5SzS^1XO�dM�U�K4sOK4weAGP\G;=#g�1V!���j��Egd@T���
YDDm0nX{RȔ;@\�Dbjۤq{u�R(8m9`Ltckp�E'qn];
v_O+{;@�B���d?WF ^�EO��@� eıP6܄Ud��QۜnOv����:G!y�֯d
Ԩ�l7ogE�u^v�&9~��y`z�Uag�9:]ě�jt6J�5rm&p�*(9wf�|p�4&2e_8q���Q�#ޘls�)v��=^kX��ى�&|�q.Z^_KJɱ�%#jK*:�ėEҤ�g/RzJ?!n'D:4"@z�;h� lOu4v�nbY+_q~\rMyA)auR��"2![ Ւ6"x4�����62
�%N
[C::w�'-'ABPL}xW8�Q_SGn:=cĘC;ن[�� 5Q3�p2{nha2OMb8S(zp�V:~Z�!Vy}S̀fO����a�䁊a>ʑ3e�4^
�|{�);}0]3Rm�۫ŝ>T��&3E;YPp-@~&/�ǻD�<((�Sc�T��_��Q,ǰ+��|.}}uY�߰
X
ΫZh�T�Jt�-9:\�T�ۋ��8f,XDw5u�2Q_�*evg]gZ>QCbΥ�z�pbR\*
8dY\�@;
ʣBA�ԅ�S�bDˑDm�zg�sjq۬jR�n5[;:n�G2�M�?mO\359ƀy) ���}m��&]M�p��2�,*
k
F}�e
Q܆[.�h-J3=LD�)}13!MOsE.6(ked(ff*6�Js[VpQ9�xx�ؗF����gx�=4c&U�[Lp� wý�ݟ�/O;�16l_u'7bw^0�|�Twa�&jsq��d~�ײR��r,�WVLQ9PM:nf˞PM�]b\$m+H(=j9�1y$2y0=
"O�xޫ��cȝ�}eہ�f�
ӣI�Z,;˝m駛9"OXF�tQQK|Κ*bT,ޙ�MtB���S-pm3ojv�>6��֨�cˠqNKr;"I&H��h&Am�u.x%�B(o�>.�wuL@*^~ jsأ?0v�tf紧�4�eSsE�Lf�4A �r��'9z~rְ �Gu-@B
t"�S(g�{b�"Ț\d$@^E9Ǡ�V�5�s���Ǐލ�|A]o"8oe(F<
YS's���P�t=sO}R� 4"VնJNb�(rp�Vr߸(p^o�t'ȇn��Bg���;:ä���'�⾰"�Ux���o�J>79�J��/.�gP2"Tų"�P)#q��^òͧ���MJͯëF�LzIް�0�[I�h[�m%ٿK��APQ3�
G<�o�5U˧��f�
;0orv8J/r~�:l�ԇˊ&{i'ǨNjVV�jNTbItGMW�B��Py�����}& wg�}IPa0'�~FٞE�#�!>eeFeoӦ9A�Ndΰp��%T@�ae��6R�w;9�\��ʸij̏=G�"KM^St���z֠T��}F#|frz Q]6�raGZ��'
ᾫ~Ž`jof�wҕ|§
ξ鿭��E�W)۸z|.9'L|!@��G�A?B9+�3gK��P$�M�=�ݫyCU[yQ>3(OQⷨرc{�8TׄJ�Z�J~|� /hdТJ1Sy�Cz|��.w!Kh�*%�rA@c�Jҹ&h���s��q8�����;5}ui$\�h}��O7P:p
, WY��zNi{eT,/h�%´�aEK(c=oB"�םN,�]-='m2�j��uQ�N$2�U.V`5oćPT]ρz$QmaC[iG�ַ]>+~BEp�~��"~�{V7D�pp�_3SG"I8XјZI_E�MRyϛg/*8D�$z^^ 8ǭ�!�Rל�MTz�?T@i�(1={oZ:J6c��qȽx��\�R�~�p+&h"\QqW�\m$�6@' YU".D@GskTT�b?7Yjw-Z�ߤq~Wӻx
*��3jю|95Jr<�^#_ڴ��20A13jJZ/{Fԇۮz��gI1ɑ93{�W���S@-¯g0�wu�A�)p-R�0h>fi@0(y�.(.uoyx�Ik�+8Yq@E*J� �d"P��kR-wL�cx[A��ϑW��K�Si�ŗ�1à zI /D7V)��_[�.^(!6=K"*E"ts)w-/4J
|h4lf�QM9\595~~gQz"�8-��?%2]|@3O^��O/i7�FSv��2ˎ3s2%�p2#�- N=g�<�;ї%�-�f�� }�G'�hI�v�ʞvfR\JϑGIb�b}��u#!vsC�<0�[�=B��{E0PWowyeHpF�{2ݧ�De�?%a#p)'[m]6]Q�R�zv!IX�4V2Y@
p$��m�j-8m#.`��oy0�S2O8"p/�C"Xq1NC )1�D0$sO�@愖ݖ_�Rܠ�yT�cA$ JY¯B�O15ч�5�7n]=+.�LB2W��$S7��/!n����t!v=vPƐW�G�e.Ż=�.*WqMN��VV%�oӜ4O }k#j�:{`R
�?-�O] mf�KipމCzIkP�'X��_[8a'X�9%�x�L5m:dž[]%��?�d�%1.J@�pCY-�EϢ�l`x(+긝�a>?/_nM�LhK1ѵer�%M�b�Kp r|;M،�3�V�J�,Z"Ps)at˝,�Ԓ+M
{;KcfrùxL=ŎF�kdcC�/�~
Cy2\hgBIy"].W#Y��djW�(#+u&j�>5J�Cj%&*\ <�3b�[b��Y]y�Uoz�>}<-�E�fI�]xL?H)�p
3��y6�1طTR�:IPai�9b6P�L�96C3l$
:o?+%y�R%��}R-~m_�Zb[c}�Ky�J/?D0.8���P/���ŝ8K�&l+1)O�Q ���pp�lð���g�[!;9]�9Y~m⨱4��q%!s��
���NpV �-u��=>N�{13��cF�[=H�V:~��{�x, ᕌB
Ա��"Z? }]�_(}̨{eh<|t|k��I~bȮͱ cT˔+�2*�Ii^CJ#d��Z)���Z86[�O?p5"%2Yn33ͤ`L�峀t?M?L�P9 cޛwlgcLAԵ$=J�LYㄅ5y,Av@U�@�3,�v6-\�L�T3pф�*
+V�Dٍ|�M�D��%v$�.86|6_�k1Xo�G1
L
��=?W+S�ÔڵcN6Qy2dt�-zJwὬ9�ԓFm�Q~_oV��ohR�{���R�`:HIJzt�Cnltb-v�/_�MT;դCMkX�sg����ƅR�g G�!i/٪�4nft�ٶ{0k)Lނ#sa)XtusP513v�G�w=~9��pC7vDYVsB$��ܹ]jl?˲|om֖%T��j!��vN`TqCa_Don@.~ԉ뜏.}l7�~d}h�m\$sSqC7zb%rmzvBb�ۘ�;z!P���}L,ᄋ?HK�H�p�C�VkBҥm`M`��Q̀]�űZ��^J�Մ]ZS#أa;|V� ݽ2`>f�ldTWf�52�Q�h"5Q}��iM{f�E��h�8k=6o=�=��:́=Č�Jx�J�\P[-j)�Ή~�npMJc�A�+SVs!xym�VLKcٯ@=@�&�b@1ڪ"mX�J�nw�-Og�B�@_ r絗U&� d��~g@<=�$xUdIJg<ΨJ#/;>hÂ�.v%ETeH�zs]ػq1b��aЩ$gZ�c[ٌ!F;OqkU�GLl�ゑ�ed�{Wx1'M2eA�wʼz6ـEG.O�18'�۶+EB�z�-<7GSk#_�hKƻ5@�!#nb��C�o� 4R 'N{J��<�oXր�MI
&3`K�*�xzg:s@ƉUR0Y��fy�9�S�XO3'~�*~D.^�~
&=�2e�,ӛ�Rlw{4w�e$ut�bdD�
o�aB�a�k8au�y4|>/�v>v܆/XhM@�+@"
~�B/8M�]]� R8r�Ƒcr�~3QWO )%�z�qOjz�LjV&avP��fdōh�@�'~|ahȷum^cd~YoԿj7Ԛ�A= a$�>y0(O��JeM?���GW@�l3��Clr�?�f EǧIk�'q& �-mP
GTGc�#cX~\[_k�R���C]�*ŀ�T+i!�a팵H1�
{[{`BSM.-M�r*؉pѝ"[�$��1!k�+r!;wŎ4-mu.�
fuǖ)�1]�A'��ak+2�Z)XXe㟀0g(R|-v�E6Yw'b�LP]+��Ml�)Ț7Yg�%jw8fl�Ƒ)Qu>5OU>s/qqE�$%jbX3��<^zșf8�f[E>�ERVB?8}W�`BưXv�v��)g�fgTFt��%8}љ�)!^�֖A;֞1eW �M,u&eɹ�yIx7�"M~G'^,s,!T�[ަcY�̈́FŇ�+I�##<�2)37[
cZSLInE6"� M�X�
�ѩy �1F�%�qF(�]ŧXOϿ|2&jGHV
�̩(~zkY[S�� o#:�tEn><�J��H0k�]+Unr�rg�;߈'��S@A!sCce>)�1x�d�sx4z�!33:.;#^-$2�lw끕fCoy>r2^cH`���-q@�c2/bl;I�(�k��zw:Z:l
ϩ�M}#4K{ݣBw�;O3Q�j�urEv�s臊sxI4!�Kߒ/T�!/j˅D.CBS���ٳR�\N͍̾T:G'1٪-im 9:l7#�&�bM��#HHWsNxF!*MJd�)G��C�,G.4.��cT%[9��,&ck
`#r�5��x1%ϙS'�oe{��0�Wzlլri�
�ŀ�0^�a�-J
��!&F+X~"�.-X�,`�x�j�彰&%_�J_�,Ϛn��y@Zclygk%m<���c<^1�V�2APnGHL-ZPz9�v Lqa3o#�zj�q@ӭf$(=`$Qz
%̋x}&m@YlvD P@�.{dPq�9A/."w��q��?!
����p;[V~~ �F\EZY���k˴_v2a2QJR>�0�n��֠́v[gZX/'`@|kONQ╵yYEK2��Ω #t&ML:ݧqКX='lT?o�>j �g+bK%�o@��w; 'ӺW��{rv\`1'K�W9�syUEE�0E@ћ�*�.D%niKE]E`�sÞcZzR^ۅ:
Y �_-O3GA���Dw:�ID�9�9ڜ�K)�Xn`{C��T*8(Y1Țkr}w��>:?<&ʰ+_�pj�x˖��sл�c{l�A[�j?fr�.�i�.� e㓙j=OD#$mmD%"�8BA#M'�:4a^$˳Ϭ�D<3%R{j��F�5'�O�gHF^Y >l`,6}��!=nԥbQbm�3��2
-�|6�E��f�{fxi*뺱cnx�(]�KGh NIz
~l��\zPՎf#6W>s眠\B�."f,\ͬ��@M�`5n`^Uc<]wWy.TC)i:F˛?�}Ҏ�D�ّV#�NIف͟]g6$A<96|а6`0ת|>^��C~�
h�S�b:AW[#RlxD+ww6S�<�CQ^e6KZC6,&5ߐn6'&+0<���z �,*���*ƥ9f|�,�NY#U� �G(NU�TrLr,de�f�5#�lf�ӷ�Z�5�&q�B[�,XPoO'cn� *PbTٯ:�[jyӒ50��
F6*}:w #ZE,7�Ya)xobͩT@�w �2�k�E
&� /�Be�zˡK}�,KZiӝ�XI,7�pg�H֝V@D|S^qe�8!��ZC�ØgN_SZF�nsH0dT���0CYz;-�$pDD}҂m@�Q�wK�t�J独]��XC1ź{&6oz0��v]RIKSDdK�H[�xv�TՉJэs�a��MgZavu�bmUrQ��Yv=�'YOJ�":�*@SK"%W~z�{MBނr�=Pk
ėMy&}if@OVZ_jC�YRV:4�!�Vܶ-|_8-=�MuDqHI!
>+.fx�4ɠ�EwWs&�*ce�$W{�Q!Pp)h@0�C;�㯑qxS�[6�DDк6:PJ`ܡQ?7~l~`O�2r�Yj\�y~!�cIyO�U飻Ljǣ\Z^5I RԾ�h�@F+myؿ�wj
fߗ΅�ED��R����Zݟ=sU!}t�NzLJ�T�ˀOl�yv0�Z�brX"i
Q,Bbϑ� EY)οӚ�0�)lշ.{ Z"ٓ|�j�[{�Ԉ\ź E٢�-WN�5ufh|:xjuP3oIg�gR*M>8ϥ?ab�Brv^Xo$�x�N<�5'I-\Z~g>J#�LX�߽�GZ5�0Υ�X'PT8[{1qтGi[}l��'G� ,�xN��,ZY#n��$s1H*��cX�'S@��%?PwIK[ǫiM0w|(dt�N15<7
���Ɗ�@|6h{]!`��U%(�dyj k��X~}W$
{2Gx&g�I�0Ve@n՟>mt�M-9XvꃞW������v1;cq&p��y8��Q%v%�fU��CLG�)�W�$t(COeީ/�!
yV ��P
v��09W&l=�((ى)+Ti'o�M{bS!O
j ~�r�~�LX�#��wr(���~�S=S�X+m5%W�ePQ틋�3�FƶXh+K�)�[�y^1a^l��nӀ=S�@z_c,�Ipu#�E'׀+ou�M�R��N�ˁs�R1-{_ ��}�ۣg\f9'2��6
�v[K/
k_�tS#G�aҚ[<%>BgN^?ڪ�|Q�O�o�7*|@-B�udBBt9$��b]�9lM�3 |tG!S�s�b{Ö
�Ծ4K�$�+!�v\{C0Y>P�]vSYv�xl66����X WgFNql3x�KV��Q�R*�_�1&PTY Y"M�^$tqi��c��-s ��w��lACZyH-DIFaߤp+j�ad�4b���D�p6� ӰB��!<&kϊ[L[#BڴԮ�zt2ug�0 2ɢTq�fʈt��7Iل�xw�=AX1(\b"�!�tqmc+�Hl���Z*Z
Ru5�>U ��i�2Uѷ!=1��WIo%3i�f�����.k�I�RU&�l Q�5Y%�6R)m6Zʒ.i;���1|�q9k\
5zEM�")[�5�[+��F\x����6w�̳֘7Hҏ#b�����s4������
YZ