python-xml-2.7.18-150000.62.1<>,eap9|= soLUߚfr/mڡ?8h}݀"~ͯ@o,W|ߘ 0ZO#UU8{׼& ܈n4jIM٫eͮnš tBU?O!H1S op إ?CJa^q{*֐][ {Xd"7HsSa "eQti8bL;{Q.3S݃kYQcϤg,ÒR);4(ܬL_6N0C=8/>A?d   7  #@X^hHH H H H H H8HH0HP   (>8Hj9j:&jBFGHHHI4HX|YZ[\H]H^bpcdefluHvwHxHyIz 04:|Cpython-xml2.7.18150000.62.1A Python XML InterfaceThe expat module is a Python interface to the expat XML parser. Since Python2.x, it is part of the core Python distribution.eah02-armsrv3SUSE Linux Enterprise 15SUSE LLC Python-2.0https://www.suse.com/Development/Libraries/Pythonhttps://www.python.org/linuxaarch64p66ffOO 8 8~n  f E.3301;;%|D>::r"=;E;E6a22-$991XKKA큤A큤A큤A큤A큤e_e^eeWeWe^eeWeWeeWeWeeWeWeeWeYeeWeYeeWeYeeWeWeeWeYe^eeWeWeeWeWeeWeYeeWeWeeWeWe^eeWeWeeWeWe^eeWeWeeWeWeeWeWeeWeWeeWeWeeWeWe981d20b1c9afa317ad408c44c745cf02d1438b8f710786a897ea9d412d73699f7505dd698b46cea1c33df6f6271deb6d258dae44ea81a98ac0a5843f4628a2ae2b64f3587874247fa61399c2039c0696f49f1e9ff332a101d3b687d316ca4dbe2b64f3587874247fa61399c2039c0696f49f1e9ff332a101d3b687d316ca4dbc300c6604ca93b1881c195521d78458291e6ae7f920dff5f44e954459cdfff6c6efc20b391b45eb78b1929d535917b13c64dbe6623c87b27ea764c5d563ec3e36efc20b391b45eb78b1929d535917b13c64dbe6623c87b27ea764c5d563ec3e341794fd3de8a997f9de757b93b1f4d6b9ae39d714bc50d6ceab32507df4baaf5aac920f43a3adcda0890511af76fafc97a4c194df415f2f7d44221de2cd38778aac920f43a3adcda0890511af76fafc97a4c194df415f2f7d44221de2cd3877868c663a1ad47fb12cc385e67fe2c11780059182ea466b5dbf34036f7b930c58a3f9025b33a9ad7b2c12d93f0cb27ffb723c65527d631e3916dadbcee48484e8e3f9025b33a9ad7b2c12d93f0cb27ffb723c65527d631e3916dadbcee48484e8edd0de3cefc0bca763ba5960533725891337b75fedb138c68e3e72d5511b1c2b7c458ebe731f1cee91b07bf1c929d9d4bbada76c30302e4082bba3acf991b9eb92ed83229caefbd55e96d3c7265ad2d8d8f7bde92840184f56fb7fe720a38a9b4e3c0e9f2a2cecbd7a6f1cfed48d0bae2db90f6bb3f9a15867ed707bea12243301b40a0a45475b909253ab2c9719486a0453b004ca6b99ad4be4e31b2ec1deea61b348924960d56ce458b0995ccc67aa17db451cdbd1b540dcc3c964f7d6bf8cb2091e8e2450e35f82b8bd2de80073b0154adb7b05f0db188ef2364588ad964eb5f8f976d68212a10dd293e51883cabcab8ea013e0a4668c7b61755ec7aa1501dfed3ffdcd3bd6eebf5ae0bf1ca8151265d9c2de75da4ede69e70a43217470c3b9facce33207f01be7b88a107b78d2f8d33bf23e4975e23825efc360a8af0b2a0407ac45018293d24b7b7a84594e22892efc8a1de12de6f6d72456e636b27c894407ac45018293d24b7b7a84594e22892efc8a1de12de6f6d72456e636b27c894bb6440075a2fcdd80185e0265c09bb12286fb13b70817ef8d76ad45445a81d50f93bbf04466397b3cb920055a422f1daabaa0ed82b2af656a76abd4bc17b6fa3d99c60dab93cfc55464b20eca2c6a0eb60f8947d91112f5a9f7380bdfde47ecb0d595a393babd9c3177bb515f43d235dd03ceed56d50c782b760f3053eb22e65f3ea7288890dd498692e58644292fe46de8bd4173e683adc0ae1800a0a9f283df3ea7288890dd498692e58644292fe46de8bd4173e683adc0ae1800a0a9f283d9e16e5386f600efb224c83f2e3230ac100834a72e8a677137d55a62ffbc86d23b930954dc1abe501c1bb4bbff185394cbf0aa3906497f2c8fb2fa31084bf8251b930954dc1abe501c1bb4bbff185394cbf0aa3906497f2c8fb2fa31084bf8251bbeb0c1a116bec837081f4e82613ab6bede16a48a19b20312cb15e4c89cd71b580fca46363bccc51bb01532b694a08dba648afcf9086c2a281dcd87619078d8ab04a9678d8db508fc6881fffda492226e20e8fe0a89185a5c1ca084e8d3d8810171cc64fd9c7ba894922a35cdec74c4e34ebfd1e7973ad25c01b80ddde35b4cdb9ffebef4bd1379b055df93b9b36728b35192737a19f9baf68c2181503e1c519b9ffebef4bd1379b055df93b9b36728b35192737a19f9baf68c2181503e1c519fdba1d27306b4a2b6ce4e2e8ce516d72ae54b0b9e55e8c274e69debe942ba277315a286937499bd9c88622d756436051025e1b4845266b028d07512d641adb3a315a286937499bd9c88622d756436051025e1b4845266b028d07512d641adb3ab88497adc30d5d5eda7789c25a2206ee9270c932d584d7ac42680325651da45c4cb435f06667bfb103b1c38ba52a4c5e390afe8ab9d8049c646507179f281c2b4cb435f06667bfb103b1c38ba52a4c5e390afe8ab9d8049c646507179f281c2b6502ce9343156221b8e55e21216460d7c21904db826de630d2ca38359bfe4027bca668d5fc0e3c00d593125a4603b1d01a823d181f2b9d8a6369ae949d8f1279bca668d5fc0e3c00d593125a4603b1d01a823d181f2b9d8a6369ae949d8f1279aa479baa3b683edad7021ef0f6b9382370a5b5db2f066c47e00414ab9b1fe97b4e98a72f8dba937d6e67162882c225b90a0f3641a42d94f5400c72d8082f953d4e98a72f8dba937d6e67162882c225b90a0f3641a42d94f5400c72d8082f953dcfa45778e457731e0988d9ceef29cf9eeef916f22d7bd53f4cb08c7a2b8b2ce27b20550869635dea05488502e797e6b5c40a61b97a21173cf44842d5e0d2359a7b20550869635dea05488502e797e6b5c40a61b97a21173cf44842d5e0d2359ad185c615c70af11f0fc3cb45b0cf078b4aeb65606f8190e99d1a3885395faa5b7b2ed5025d16cb6e9ec46c3f92202151fd345c3aa8f37bd3303876cb55078d387b2ed5025d16cb6e9ec46c3f92202151fd345c3aa8f37bd3303876cb55078d386970baec6fcab81adb5559a12759069007c34a990cd1211a5823719c23c7ac71caba02b32e5e0bada95ccc96837cbecee09bc9de7869fed5ea0271fa0970572ecaba02b32e5e0bada95ccc96837cbecee09bc9de7869fed5ea0271fa0970572eb8cbed9b8679ed5978d71c4a371f3632a7a8a1893bbc849baf1ba5a1fe79083f6af8b6d1e1f0af21b57adf77579babfdf9b4c18ae02e28a5efddb87a297616a16af8b6d1e1f0af21b57adf77579babfdf9b4c18ae02e28a5efddb87a297616a1471a6007b26231c95ac286b8fcd9236b201c04ed8308d4ddb6141027270f59866b2ab1cded6b3f2188b5dc2d594c03c5be5cbac54f2a5059bb633289618c24c96b2ab1cded6b3f2188b5dc2d594c03c5be5cbac54f2a5059bb633289618c24c9rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpython-base-2.7.18-150000.62.1.src.rpmpython-xmlpython-xml(aarch-64)python2-xmlpyxml@@@@@@@     ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libpthread.so.0()(64bit)libpython2.7.so.1.0()(64bit)python(abi)python-baserpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)2.72.7.18-150000.62.13.0.4-14.6.0-14.0.4-14.0-15.2-14.14.1ee eeRd˖dD@dq@du@dtdm@dxdc>@cӼc0c|ck@c pcbbb@b@b@ba@a@a(@aim@aI@a'@a#aj@a`t`8`_T^J^@^@^>^>^;^8 @^.^g@^ @]f@]@]]]d@]d@]@]z@]V]y@]9]1]\t@\\7\7\\J@\J@\C@\2[[#@[6@[@[ @[Za@Z@ZxG@ZtRZp^@Z CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (boo#1189241, CVE-2021-3737)- Renamed patch for assigned CVE: * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch (boo#1189287, CVE-2021-3733) - Fix python-doc build (bpo#35293): * sphinx-update-removed-function.patch - Update documentation formatting for Sphinx 3.0 (bpo#40204).- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in request (bpo#43075, boo#1189287). - Add missing security announcement to bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch which fixes http client infinite line reading (DoS) after a http 100 (bpo#44022, boo#1189241).- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids use of semicolon as a query string separator (bpo#42967, bsc#1182379, CVE-2021-23336).- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution.- (bsc#1180125) We really don't Require python-rpm-macros package. Unnecessary dependency.- Add patch configure_PYTHON_FOR_REGEN.patch which makes configure.ac to consider the correct version of PYTHON_FO_REGEN (bsc#1078326).- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).- Update to 2.7.18, final release of Python 2. Ever.: - Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process. - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben Caller. - Fixed line numbers and column offsets for AST nodes for calls without arguments in decorators. - bsc#1155094 (CVE-2019-18348) Disallow control characters in hostnames in http.client. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. - Fix urllib.urlretrieve failing on subsequent ftp transfers from the same host. - Fix problems identified by GCC's -Wstringop-truncation warning. - AddRefActCtx() was needlessly being checked for failure in PC/dl_nt.c. - Prevent failure of test_relative_path in test_py_compile on macOS Catalina. - Fixed possible leak in `PyArg_Parse` and similar functions for format units "es#" and "et#" when the macro `PY_SSIZE_T_CLEAN` is not defined. - Remove upstreamed patches: - CVE-2019-18348-CRLF_injection_via_host_part.patch - python-2.7.14-CVE-2017-1000158.patch - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch - CVE-2018-1061-DOS-via-regexp-difflib.patch - CVE-2019-10160-netloc-port-regression.patch - CVE-2019-16056-email-parse-addr.patch- Add CVE-2019-9674-zip-bomb.patch to improve documentation warning about dangers of zip-bombs and other security problems with zipfile library. (bsc#1162825 CVE-2019-9674)- Change to Requires: libpython%{so_version} == %{version}-%{release} to python-base to keep both packages always synchronized (add %{so_version}) (bsc#1162224).- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug "Python urrlib allowed an HTTP server to conduct Regular Expression Denial of Service (ReDoS)" (bsc#1162367)- Provide python-testsuite from devel subkg to ease py2->py3 dependencies- Add python-2.7.17-switch-off-failing-SSL-tests.patch to switch off tests coliding with the combination of modern Python and ancient OpenSSL on SLE-12.- libnsl is required only on more recent SLEs and openSUSE, older glibc supported NIS on its own.- Add provides in gdbm subpackage to provide dbm symbols. This allows us to use %%{python_module dbm} as a dependency and have it properly resolved for both python2 and python3- Drop appstream-glib BuildRequires and no longer call appstream-util validate-relax: eliminate a build cycle between as-glib and python. The only thing would would gain by calling as-uril is catching if upstream breaks the appdata.xml file in a future release. Considering py2 is dying, chances for a new release, let alone one breaking the xml file, are slim.- Unify packages among openSUSE:Factory and SLE versions. (bsc#1159035) ; add missing records to this changelog. - Add idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830)- Add python2_split_startup Provide to make it possible to conflict older packages by shared-python-startup.- Move /etc/pythonstart script to shared-python-startup package.- Add bpo-36576-skip_tests_for_OpenSSL-111.patch (originally from bpo#36576) skipping tests failing with OpenSSL 1.1.1. Fixes bsc#1149792- Add adapted-from-F00251-change-user-install-location.patch fixing pip/distutils to install into /usr/local.- Update to 2.7.17: - a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. - Removed patches included upstream: - CVE-2018-20852-cookie-domain-check.patch - CVE-2019-16935-xmlrpc-doc-server_title.patch - CVE-2019-9636-netloc-no-decompose-characters.patch - CVE-2019-9947-no-ctrl-char-http.patch - CVE-2019-9948-avoid_local-file.patch - python-2.7.14-CVE-2018-1000030-1.patch - python-2.7.14-CVE-2018-1000030-2.patch - Renamed remove-static-libpython.diff and python-bsddb6.diff to remove-static-libpython.patch and python-bsddb6.patch to unify filenames.- Add CVE-2019-16935-xmlrpc-doc-server_title.patch fixing bsc#1153238 (aka CVE-2019-16935) fixing a reflected XSS in python/Lib/DocXMLRPCServer.py- Add bpo36302-sort-module-sources.patch (boo#1041090)- Add CVE-2019-16056-email-parse-addr.patch fixing the email module wrongly parses email addresses [bsc#1149955, CVE-2019-16056]- boo#1141853 (CVE-2018-20852) add CVE-2018-20852-cookie-domain-check.patch fixing http.cookiejar.DefaultPolicy.domain_return_ok which did not correctly validate the domain: it could be tricked into sending cookies to the wrong server.- Skip test_urllib2_localnet that randomly fails in OBS- bsc#1138459: add CVE-2019-10160-netloc-port-regression.patch which fixes regression introduced by the previous patch. (CVE-2019-10160) Upstream gh#python/cpython#13812- Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package.- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised.- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch removing unnecessary (and potentially harmful) URL scheme local-file://.- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch Characters in the netloc attribute that decompose under NFKC normalization (as used by the IDNA encoding) into any of ``/``, ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the URL is decomposed before parsing, or is not a Unicode string, no error will be raised (CVE-2019-9636). Upstream commits e37ef41 and 507bd8c.- (bsc#1111793) Update to 2.7.16: * bugfix-only release: complete list of changes on https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch which are fully included in the tarball. * Updated patches to apply cleanly: CVE-2019-5010-null-defer-x509-cert-DOS.patch bpo36160-init-sysconfig_vars.patch do-not-use-non-ascii-in-test_ssl.patch openssl-111-middlebox-compat.patch openssl-111-ssl_options.patch python-2.5.1-sqlite.patch python-2.6-gettext-plurals.patch python-2.7-dirs.patch python-2.7.2-fix_date_time_compiler.patch python-2.7.4-canonicalize2.patch python-2.7.5-multilib.patch python-2.7.9-ssl_ca_path.patch python-bsddb6.diff remove-static-libpython.patch * Update python-2.7.5-multilib.patch to pass with new platlib regime.- bsc#1109847 (CVE-2018-14647): add CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing bpo-34623.- bsc#1073748: add bpo-29347-dereferencing-undefined-pointers.patch PyWeakref_NewProxy@Objects/weakrefobject.c creates new isntance of PyWeakReference struct and does not intialize wr_prev and wr_next of new isntance. These pointers can have garbage and point to random memory locations. Python should not crash while destroying the isntance created in the same interpreter function. As per my understanding, both wr_prev and wr_next of PyWeakReference instance should be initialized to NULL to avoid segfault.- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch fixing bpo-35746 (CVE-2019-5010). An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.- Use upstream-recommended %{_rpmconfigdir}/macros.d directory for the rpm macros.- Add patch openssl-111.patch to work with openssl-1.1.1 (bsc#1113755)- Apply "CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch" which converts shutil._call_external_zip to use subprocess rather than distutils.spawn. [bsc#1109663, CVE-2018-1000802]- Apply "CVE-2018-1061-DOS-via-regexp-difflib.patch" to prevent low-grade poplib REDOS (CVE-2018-1060) and to prevent difflib REDOS (CVE-2018-1061). Prior to this patch mail server's timestamp was susceptible to catastrophic backtracking on long evil response from the server. Also, it was susceptible to catastrophic backtracking, which was a potential DOS vector. [bsc#1088004 and bsc#1088009, CVE-2018-1061 and CVE-2018-1060]- Apply "CVE-2017-18207.patch" to add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this check, attackers could cause a denial of service (divide-by-zero error and application crash) via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207]- Apply "python-sorted_tar.patch" (bsc#1086001, boo#1081750) sort tarfile output directory listing- update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch- Add gcc8-miscompilation-fix.patch (boo#1084650).- Apply "python-2.7.14-CVE-2017-1000158.patch" to prevent integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution. [bsc#1068664, CVE-2017-1000158]- exclude test_socket & test_subprocess for PowerPC boo#1078485 (same ref as previous change)- Add python-skip_random_failing_tests.patch bypass boo#1078485 and exclude many tests for PowerPC- Add patch python-fix-shebang.patch to fix bsc#1078326- exclude test_regrtest for s390, where it does not segfault as it should (fixes bsc#1073269) - fix segfault while creating weakref - bsc#1073748, bpo#29347 (this is actually fixed by the 2.7.14 update; mentioning this for purposes of bugfix tracking)- update to 2.7.14 * dozens of bugfixes, see NEWS for details * fixed possible integer overflow in PyString_DecodeEscape (CVE-2017-1000158, bsc#1068664) * fixed segfaults with dict mutated during search * fixed possible free-after-use problems with buffer objects with custom indexing * fixed urllib.splithost to correctly parse fragments (bpo-30500) - drop upstreamed python-2.7.13-overflow_check.patch - drop unneeded python-2.7.12-makeopcode.patch - drop upstreamed 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch - Apply "python-2.7.14-CVE-2018-1000030-1.patch" and "python-2.7.14-CVE-2018-1000030-2.patch" to remedy a bug that would crash the Python interpreter when multiple threads used the same I/O stream concurrently. This issue is not classified as a security vulnerability due to the fact that an attacker must be able to run code, however in some situations -- such as function as a service -- this vulnerability can potentially be used by an attacker to violate a trust boundary. [bsc#1079300, CVE-2018-1000030]- Call python2 instead of python in macros- Fix test broken with OpenSSL 1.1 (bsc#1042670) * add 0001-2.7-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3094.patch- drop SUSE_ASNEEDED=0 as it is not needed anymore- Add libnsl-devel build requires for glibc obsoleting libnsl- obsolete/provide python-argparse and provide python2-argparse, because the argparse module is available from python 2.7 up- SLE package update (bsc#1027282) - refresh python-2.7.5-multilib.patch - dropped upstreamed patches: python-fix-short-dh.patch python-2.7.7-mhlib-linkcount.patch python-2.7-urllib2-localnet-ssl.patch CVE-2016-0772-smtplib-starttls.patch CVE-2016-5699-http-header-injection.patch CVE-2016-5636-zipimporter-overflow.patch python-2.7-httpoxy.patch - Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1. (dimstar@opensuse.org)- Add reproducible.patch to allow reproducible builds of various python packages like python-amqp Upstream: https://github.com/python/cpython/pull/296- update to 2.7.13 * dozens of bugfixes, see NEWS for details * updated cipher lists for openssl wrapper, support openssl >= 1.1.0 * properly fix HTTPoxy (CVE-2016-1000110) * profile-opt build now applies PGO to modules as well - update python-2.7.10-overflow_check.patch with python-2.7.13-overflow_check.patch, incorporating upstream changes (bnc#964182) - add "-fwrapv" to optflags explicitly because upstream code still relies on it in many places- provide python2-* symbols, for support of new packages built as python2-foo - rename macros.python to macros.python2 accordingly - require python-rpm-macros package, drop macro definitions from macros.python2- initial packaging of `python27` side-by-side variant (fate#321075, bsc#997436) - renamed `python` to `python27` in package names and requires - removed Provides and Obsoletes clauses - dropped SLE12-only patch python-2.7.9-sles-disable-verification-by-default.patch, companion sle_tls_checks_policy.py file and the python-strict-tls-checks subpackage - dropped profile files - removed /usr/bin/python and /usr/bin/python2, along with other unversioned aliases - rewrote macros file to enable stand-alone packages depending on py2.7 - re-included downloaded version of HTML documentation- update to 2.7.12 * dozens of bugfixes, see NEWS for details * fixes multiple security issues: CVE-2016-0772 TLS stripping attack on smtplib (bsc#984751) CVE-2016-5636 zipimporter heap overflow (bsc#985177) CVE-2016-5699 httplib header injection (bsc#985348) (this one is actually fixed since 2.7.10) - removed upstreamed python-2.7.7-mhlib-linkcount.patch - refreshed multilib patch - python-2.7.12-makeopcode.patch - run newly-built python interpreter to make opcodes, in order not to require pre-built python - update LD_LIBRARY_PATH to use $PWD instead of "." because the test process escapes to its own directory - modify shebang-fixing scriptlet to ignore makeopcodetargets.py- CVE-2016-0772-smtplib-starttls.patch: smtplib vulnerability opens startTLS stripping attack (CVE-2016-0772, bsc#984751) - CVE-2016-5636-zipimporter-overflow.patch: heap overflow when importing malformed zip files (CVE-2016-5636, bsc#985177) - CVE-2016-5699-http-header-injection.patch: incorrect validation of HTTP headers allow header injection (CVE-2016-5699, bsc#985348) - python-2.7-httpoxy.patch: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (CVE-2016-1000110, bsc#989523)- Add python-2.7.10-overflow_check.patch to fix broken overflow checks. [bnc#964182]- copy strict-tls-checks subpackage from SLE to retain future compatibility (not built in openSUSE) - do this properly to fix bnc#945401 - update SLE check to exclude Leap which also has version 1315, just to be sure- Add python-ncurses-6.0-accessors.patch: Fix build with NCurses 6.0 and OPAQUE_WINDOW set to 1.- add missing ssl.pyc and ssl.pyo to package - implement python-strict-tls-checks subpackage * when present, Python will perform TLS certificate checking by default. it is possible to remove the package to turn off the checks for compatibility with legacy scripts. * as discussed in fate#318300 * this is not built for openSUSE, but retained here in case we want to build the package for a SLE system- python-fix-short-dh.patch: Bump DH parameters to 2048 bit to fix logjam security issue. bsc#935856- add __python2 compatibility macro (used by Fedora) (fate#318838)- update to 2.7.10 - removed obsolete python-2.7-urllib2-localnet-ssl.patch- Reenable test_posix on aarch64- python-2.7.4-aarch64.patch: Remove obsolete patch - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64- update to 2.7.9 * contains full backport of ssl module from Python 3.4 (PEP466) * HTTPS certificate validation enabled by default (PEP476) * SSLv3 disabled by default (bnc#901715) * backported ensurepip module (PEP477) * fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 * dozens of minor bugfixes - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional "import ssl" from test_urllib2_localnet that caused it to fail without ssl- skip test_thread in qemu_linux_user modepyxmlh02-armsrv3 1707796833  !!#$$&'()**,--/0113446788:;;=>>@AACDDFGG2.7.18-150000.62.12.7.18-150000.62.12.7.180.8.50.8.5pyexpat.soxml__init__.py__init__.pyc__init__.pyodomNodeFilter.pyNodeFilter.pycNodeFilter.pyo__init__.py__init__.pyc__init__.pyodomreg.pydomreg.pycdomreg.pyoexpatbuilder.pyexpatbuilder.pycexpatbuilder.pyominicompat.pyminicompat.pycminicompat.pyominidom.pyminidom.pycminidom.pyopulldom.pypulldom.pycpulldom.pyoxmlbuilder.pyxmlbuilder.pycxmlbuilder.pyoetreeElementInclude.pyElementInclude.pycElementInclude.pyoElementPath.pyElementPath.pycElementPath.pyoElementTree.pyElementTree.pycElementTree.pyo__init__.py__init__.pyc__init__.pyocElementTree.pycElementTree.pyccElementTree.pyoparsers__init__.py__init__.pyc__init__.pyoexpat.pyexpat.pycexpat.pyosax__init__.py__init__.pyc__init__.pyo_exceptions.py_exceptions.pyc_exceptions.pyoexpatreader.pyexpatreader.pycexpatreader.pyohandler.pyhandler.pychandler.pyosaxutils.pysaxutils.pycsaxutils.pyoxmlreader.pyxmlreader.pycxmlreader.pyo/usr/lib64/python2.7/lib-dynload//usr/lib64/python2.7//usr/lib64/python2.7/xml//usr/lib64/python2.7/xml/dom//usr/lib64/python2.7/xml/etree//usr/lib64/python2.7/xml/parsers//usr/lib64/python2.7/xml/sax/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:32576/SUSE_SLE-15_Update/c42c9c60349e24d7db57de982a5d7ed3-python-base.SUSE_SLE-15_Updatedrpmxz5aarch64-suse-linuxELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2dd07d1088f60e39607a65ccf4141388d4a45b04, strippeddirectoryPython script, ASCII text executablepython 2.7 byte-compiledASCII text  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRCx96ݾutf-8b32f205ea5ad7bdaee33f5156ae0f96d89d9033339dd86422b22b7362eee3f51?7zXZ !t/䁖]"k%f9%) ֎lIG}ӭ1Y7s5ݦZU `+eq#i؅2:woy~K#%ݧEtԛ\Hs c,NE-OTp~saeZ)Af$\ݪo2ܖ^';Mddp.G7pRFL,%-AKP?Ab֧riUŧWzUM,ﵶ][@⤝ߵ{0)( Ww=p*gJ%sQ0Q D℮ ^ԱJ(q:>:E]1N\[ Ù%p8#gq$J81:=dHZv 8T,zKt(*[BGνEODG@ـ(-cłj)W0%mEX(-&זDc6!8BQȔ% )!%Dl=pwDfU2L!Oz)`aW|pk~tQ_q2uNqS_5 rri#o'2`ɑV1p9Pѱ|^\9lx>Z=:oO9bK翆b6i)R|xg('*Ng?ܐc\`#YF+p cө-qr;-es]XlCWڵLJm#ݚ=&]1ɥ=eMy% Z &/K24m=Cja_H~hKĎ+֚Vo*XKbjw_J1ͪ|kƂf^0~e|o2Ϡ+0jڵ[P<,,y~eTYy SѳD#Ni V"Z2 gIPjU xr!vno n1"izt~_;K+DhNU򁣠u茱q#nu (.=wB|}#|)=&tm|NĵVfk!Iޜ2XJ?軄j퍛o jK״{4OgͷA1AGM9T#}~@"n ׺wy1 $,ؼ7--Ȇ~%p]D&{c͑115|wgdi= Ny{,GsCa L.Fle`3cIeK,ИsIB 'ƈmT! ko'֝ iMUsK 4Ma!ET7k׶|ƹqd²qy T;Nr+Q*Wq%j_'S+˃e &\mbr_IFZ7Je}E@}`j Jlj~/Lߠc+SHV GL# ~tM8ӾjXWY I[hxDtcPQ}a7Uw8S[.QR%,*U '3PoR/Ք>ԚS@H)xrx'_/俍1hEËOrfK4ӵpO&r/P!M7CNLJƂG zhPr4Z_3yg4h¢4Q۴^ZS'ᕘ߈sWܰ9^ [xLu_MW+xQ=ҍmuGN<W_vy9_U߂l?(VA o-K91\9:*c[9Ε]2n#XGmg}n>զ:(w=ӡĤ10"\; <} *(hZ.,u/ /(QZa5S5ge{ ;B`U?糷Cm L!ljɵQK:>0}#*6ϚX;3-3)WҧLuBF_qDMNߋOp tMm@xc`~*fC(pu&Utk!IYhcȽ78=xj[lЕUP [9ͦ&cM2w WtpzxGaW{>1oOoS}[^V ڛ LNrhhжŻhK)rTDEGUw_>a.YȌ}h1y <|+cHV oX{%ҽٯڭSRikbQ(}ĥ>{,~@x <y9$efS%7MV£j%mg@kI (-k639;aFVl3y:;h!WݔHl&XolʶȠ YO0ɚm d zKu:?ũDnx}phFvi`^Z.(S NtN?,,F!v >L@wx/l1NleyLŗGuLAqm_a"-aV=^ ?gʥ؛- #b"Ywܮvtz`;AOHl{dKsk /Jd\w 9Qnn<0AȬ0V=1YI|ߖʾr?^1b'\;}H%k𿙄S,<s>q>)CrJS+w/3vzk2?VB|Bdñk!~mFT@IvLZ,l扠I tQc= Rxr`}1, R𫺒L0:F`5Ob]O#wX^"w~2.. (4}`GE"P^boi̶vmgI*,:'JXJ=w4J媉I=dq3gJS?tɚjF4}neC t}?|j=kk\~>802Ģk+- bZ7fZ+=-n#-wPdlj R*D=ΜlgkTecZ4d "DrG:zUߚgmG-[H|rFk"ͽMe]+FŰ2 ϥY2'?mG+s(bñZC ]"FH+E27 ^(ER"]G_79뮸hp_+i֪ IPrVdnȴp+Xx(dhߟ6t1pu k5]*~V@ꩶW>u{8 {TΩ ΢sޯNW2.> *8` T8Opej|:?Dnh"0VIwڑ.]}WnG"pmT\Vj l"M $5K aѐyp G4"=m0y2bwL%DiשEK? 8~E5q)-3,^: 6p^Bm>6B/rjo¤/v+u:=7]ޘ ,^9蒎0ƫNBqQmgG;*/F,i_!v~3 xT޼L)7q1!=Rnׁ}c]pM`IVN0Fr1@2n2q5mB8 g!an&I G2K,')۷E17` }'mݮ/fufUF3 ((o}x, cTНQ߯h@|jpkZm1aL$W5!si4&[ȄO\ a 8/*=6ؗRv,K̅56!ЮEGHڭM!"Eu1į/ |,nwu}?'Qh=SS"N}>FH~MtV$!>d"e]ɀJ'.Aʲh-FϺɀik=R."FrK$*č鬖Y ;λnu@:OR>['zs}g.oWeAˆ"uM?%feT|á&>E=rG϶NYH{$ m/Hkc>Բ*qЅ 0yB  -lj|StI;͊K-kn,h/MʋU\ށb]~|ESh1=4}Fɲ-?nASEiRU]]-ًWukt}og+7B[q\~x~#,LuxèKd }E$8l5 HNLn'Bʦ!?*=hE[IIl7(b'W(% ycVG$ kxT2 -7/X۪{'1 qkeϷ/D /FS;r#]fYDGbaq3$!D:-_Y# >c%YîZpJ1 >Fvb| ePItid2ld(y~7M$m֋\ٶvJ L4_F)P#k,(j-ΥW(v.? 5(dB6(W8'})p+Jm/2Pq:s;+F$>;UoLY,%fYԢ~M0W+Ps j_UaW!9A__?HiC?*@Y9qrJnۺTDm-Zcu%UT)cعi=@[vɍ1J17ީSJa)xX|Q-|p20a"m4]V`SC{Wts.iXjezRW^uϖZ% oZV&oYA34vm{6"`seFNp f,>Yqgvj^Fqj 2 ͓qm16M}9τ^FږYֶ E)4IHyr&<a.H)"We{~ëRh AI~f zҔ%LK,(s+.vRqDfKfTRJr򟱊nXc2sp5bZmS.PCKmvo}u3iw#$Fx8`1z1G=~CR] |GC}oXgasм0zR|'N_7$آO b|LdųaEFyj鞅Vb"&0 i1 Rjy ϰ'p4PBXRLm-(GGU6vKTE pUYaG;Nj;5Hm UuS3n#JosGi(nFTSTx5r񩗖ɷGT{5ZYs|cHt08k=\M.t\w0>.1%TdGDAze0=_(UĽ)]L)T%jA .lnM}lnS!%]F4_@^hV5= t+gv<ΨL:y8lFg{v6 Ϳy3Ū 'Īco6uSrqaq( 8ci+8:=)5H xMr&96y+%h~9:7$'[#nO6ً bX6o7$=r2+LVkY{S־b1 ۿ픽݉# Mr ]@yܡ|_^uXͻb@\l.`غ89w/< -wC39Q֊,Ļ%XYF.eu?Y4~hi+֜"xc/DuڻLqXyd$>Se}f;pWG@Sc#ҫ޳>/w'lj(MP`z8-A*(۫&y\@60YqUmh*8\VwC^>IIZfe9Aq}a;ϿHme{*Z꾝7).i&(*Ҧdr Tn0Mw8@Her)zoW8,NM"bֵ~LxiS<Ӂ^>AyGgFhc(U jJUL}b%|PXAмiq%7oJTK6:>X#0TIƘLQXAMټ~~yT"{ '9X  ,p`ǃ pID/D6B@ZGV|HɢoŲ~ ZՇzw!"f(NQ73vyI`(]%>n7Nu}"劎]ާEՒ[0th>]`8jO^a&KJpśY Ϩy4#KXv"j}e9Z<FnNHjp?ë#9JTCiF #ҽ+_מgc]k<[|7$1'z#/,N*HfvreRF"=nIh 6-= GLwx F0[~I2Bm4zģQE]h;k6uⴄ1ٲc୍PEBi7YRE2鸣o9kdž0+Ҝ j%Pg1PiH/uз vRr"?2?{Ԓr`lK8BD2}rw ~8W򼃠Fo֩fKòM kt:U^#z݂׷'4w2C"z`&qڶoZ(@pAy;l@~q;MsFw:|NETّ~hCt*\9 4z?w>Q)%c KL!_g|a΃.%$whXV˃FِدHPsRPicBiV#N7>!QvGPNogݷ7ZSg'-0uMVN2IL!E!Se>~ 2%?T_W"2Z$@_o[[DXqMe# VMK3)Nj/`a~DK +{}g X$2Ό'z6^&GZbAk@HA3^jU>)eG[[V.γ;)+]\)C`@'LiS(`s߆[{0s&k#P]<_IF󝖣;C CW86m鏧 m"dߚ ] FXR4f}z0hN=x o#v:nMh^¶Ea"̓ A>0 !v"G @KFu2ͼDy=EDCy 3lς8bj?XnR07"b]ItЕn¦an#}K2d\E7X'AaRz%g[eb+νSR5_xM]T63=]7@@]xkSY%Ode"b14t "IvYvѯ\Je5SjaE_h ͤКoVV !G~^0creLj[λ u=iޮo'>zZ> Hl=I(l*^qbU̱'n9:5Bu3> 7L p_SJ1]dF>S iŻ2552"lc[㚠-wOzNpY:npg p\i'M z>h!x+)ft{yce- C,=>%g8ȱ뉳a2PL{q]ˍi\8} +fu~cp$cd${D*6jmO5"$5nf=+J~,Y t S) 4YX6?)P((gC_0}HS3\Id ~T}rQ3kvA2MF)ߋJ/s?m .b3;S*]v`μ%ʗFt0' k[H# A&;VKeBu0i6d}/$i^p'=fmȱڑ+?GEeQUpp;+k\1^6MC$7ł)_ czʚt~zKty_pJ*`9@/@fz]E+/.=1|7!pA3bۤ`O !eyZ;17!1!x^kE _.[ %"6dZ;(3Г/ʳpWKD{caiZEkl9ҘWņLg!POd~A9|TI[`W"Dgf>0K%毱!Ȼl]q]a됝x'"y\mW Ÿ"#T!T`{"RYnC9F<H6^㌗B)U ΂L:ZiHL)<8YK1RjY4^&޽|ǩQ kH h 0/H `zjh<O$y,S']r.qoz6~!dIw/ '?sʍֆX1nQ6 :J.srEC U1 XZODuiVhKgt2jms@PnD8 F/C r(Ȱm5nCo4M!#nȆQtp.N$;M7>!5yDiahOTanḥXT:i7JW5 h5 eހV8ͯβʋӱ%P蕀ѵ\C"5ݲ3vzچyNlZiCfJdMk$\á;{M`$]í?>#&[H!>!#k_NiE\÷!OIO >BΊMGMɴXO]e7<0M Xh\k(Mެ*k̽H5yW/_"wUO"'O; :(ȎP aˠ_ʼ%pJgR=bs|sgZ>^`(vkм>Br@hU⫝̸D$sR'q4Ц=mQfoHGVPvjn@JCƅ5q]OD] ųv&oYYAc\u$tݦz+QA9sl ]>hTE EGa֓*TKl0q ˥|Ę2guU5-#!w }BM \p~d ݬ&qyHս^\,34](Q4('q+HlR;OL(!; 3gcsRpbLz g0 ;1&* NثWdL$lV$TXU4HS I'vNCn/ vW壳-oτ7)E饨#ݕ4MtZ b_auUiqD60N7EH<9A\IJt+@)a4M>v\Uy< fqy+Va=YGvG^޲^U+{2 pz:Id?z{ s]4Yv 1,R \<'Wn4]Dy4({TJB%lb4{#YL&'2 VY,H:D;՜B^W I1zID'ԘbsDi8{m@4W--t+q˙ا0f|o^pY3vZJ eF_Y&9]ͪc>M9W]$^,wm seD1i^? ]rdXRYs5{:.ʨo*E@lc%/{ۜX2U%F)(kLŔD,B $TCVȎ >.$7&KqL|H!z"SpYpBW|RޑQ΍V}:SdWK>ީshxs%pbNd!x04߈v]ܦ`.g],K t}7VܑmCOg/~{5:a_G50vժ/g *),NܹBBo}1{O)ں>mڮsM&R!~^mKuYUS3kyԝ"vUaٲF" մJl'RW^/W5L6O "?R7,†|PWٍic>[[U0L5諹b7#夦+ЈosLY| <.{7,}!"VOxp#>y%p Ѳ۟e1P2#\2^5|91M\XbWZ^"z8^mFnpq! .bHT[9)Z9N[>gT6Nٕ`zij^@~yXkV̎Tp^|9dz;ݠS4Qf81yFR7^W&n xr*3as@90,|&QK E,=ߪB ͶΉF+J ^8r[zVbҴB V8ae@>M޺oQUgrˤE`!ϛͅ*R$9, -FkD@\C&1V0wff&:S E1G Sց+N;ٙ߀<[ tA衉5G^q^EPfY S3^`+Cm#e4TAG։Mv7QćTC|m읰w5ֶX 5 ۉͼ+B89O+q|w4rߌfUڿi@2?uρTQ +h̍4sKOgK-9|H)VW:^Y&[7UBs*H5whIqrb;.c?-=mQsyg "2-$XwV 5K?H_X`8q8QPY+Q'{ҥPWW\v(IJ; kk->F_N{ZF<? ,+"3äSj iX Zuγ ݔDvͮ }>D=YyߔjQ:لI!4Bq6P귖C_]R%x}/C%'՘5YW^:;E[r.'4#BN>eݑSݬqDk%5ڴU>Gϥg>߁˿>hgK/9N-r(^Z$"lXYzXjUqaJ@בZFbu7Pdw n֊3&2:H䡇۾Zh*ԬQr\|\7V~ p=zq0;ĕض&|=҄Ǽy>0s+e-Sղ3"JsK-2瞫?8iQωrี2ވ{|y@4Yr)ulBr>.ꫂh Q%Hyi0^9,WxX* A=9Zm8xsqUT>~P. mՃW2).q÷1 nkd );yNVk'I?;$bW6}8VF\؀Q)9إhݼgyJTFJ&h|7I*#D0{{wJr:}_JH4Q$,W+l`f"ʤC+[֚XhkX/#.\uŶP/wc(K6Ox:e^/BrM^c=}h(aIPnH>hu< A0e;9}EtA:~b4ڮ 8F?0o#g}$'"64^_]G-Hp?huLS@ .+6_bqRF7!.wT $^Prh4Mo4!ʓpT՗E0ltw7ZZ=5}2Q, `w> Œ" ܪ}PxK)h ZuQGƚh^dtڥZW _DЩonZTC!!Y#H6AvM5%.݈yQl{}|iPCaVUe+}7'/b6J:I|lTEm|^ hƃ`Bp.dDoϫ8YUQ9'Ie\b]ǁkXil6ni1"9m`|3/ahWgJ&YLzHs*>T Rn o;_ҹn-N&L~V'#ת[n];j"t8w%^pVC7X0 ZlA; dlV0 gtf 05& qR[@,@( O>KL̙^2ÛFDt"}г$~FC~ڿ6ۂ 9rPRxÇ?`+R;j+疮 YFo7`Lt1ʣ&,Jjq%2ٻ"1?oxKi[^Z,~k}+"S6gKai*q>hQd;$IbG{x;39ʐW5d(Q;9<;\ut+Rp  $GCw]<&˱;cGWeEN' YҟǢNij'3 #'HN6w!*j1\[zQ4˧\bBȀ2aTQ&O[-~ ]w+ ݥ0Ag6qcQ죤`[n3~x`*|D^spzzf%Z1"EH*@IwXV5!;[f9/ q(05JnZ#6lMIHeGTA)D45'Ai6KoyI$hye~a'oŒR@ͩ'!(n]m#[ _{=Nx2ڽhiwk,8)5A#ɬ }Pшi٥΀pHu'r~> ?]e.08 ׹A`d"=%888XA!wQ;IĪxlَZ,7"۞~M$C*t H]6^agQ,)cs[@R8Mo7C^MCT註͂Ir9wU<ע{ *jw8 Vif<")ϏL+u;"2csʖ/՜o4]VZunTDAө,Q 31Jj~ncUyE-#Sѧ8\lDXۛ@Z`Yў?:S y0DwkbғTn8p%_yJU5wS'BUjelH]ͣ>JC+y =K54Ya`g*N4߽(;' {y[I(bCgCp Y^ͯ9<|%NJ9i@*"B6]r+1&'C[Ƅ[11~y&G<{X6tqjj)CXޱJ g^ fc;Z'`8i\A P36y]r=5^1<&OG|t(EhN( Ke3{EfwLɁw"U%~6>ޖŦC?(~] ۩% ˴i#W|h€ څ"KOT\ st}Mg-=6p!vtlFt&!,: N,ڦD 93((O"6!#}!cϮbZѕi6~𴓫JpzqM|Fu*rHUT!!w8ߋdL)$}ӐeH8W$碜97mҟ P ʯ~>4ѕWX 83ٓr:hpA!с Wh\\ 9<(Gc=ujp9iݑʺ :/a&6UWl΋f+p]-UhkOa)2SF@2@} w yj.OP_GB HZlE?08?s7#ZPv*9z쫖J(XA;E˟Ͽ.׽|υmԑ(uOsГEɽE*ƞG,ؿ>68$n[w~+@;W}E##/PfbpZR5Pz.8dÁMJ;3H *(/Hg|vv,DJg[b;cz7Vy+e`g6L<]P;j2 8N")CDmCeP>*Qcԅ&r!C(6DAKvT3j}q-&}/[h1]Ml U8N:+?Pkoy;t!΢FMEv sd咠5(8Kc+'v(M޷,OCWn+wXK9џ+~ÎVi>Hn\x;*Ec)=,E,d4 ԴH ΢t&M5[9|҉Kձss}(Ĭ&spCVqK NǒD1] duq"3iE]i cs by˦YLbJ^&O# ' >.SRl+*Ψɪ؄C,qw:r`lt_ _ߙǥ~П6Iд/`}F(qyx ƈh~w^[ㅉΎ.Lx,ǡ"ƛ b0 n>{ٟc;Wux*U5'8Dv MV9QD&/V_@S45"(4,`Q(]q$OPJ/UkFt6L &#UA,lWش9 GΘXk#Zd/'_r[A ]- {O\u͛\]]H=Ǝ<C@aH>*ClT3:hs  Ԟ3-LPB@{gGkQ.?$9_LKwEse )B޶wJO QSAK;ppKo闆9u$7<{҅Y ̼rhC:@ )\WG1o!05+4T3NSA?m[h{wnO;$U2O;ApJz< \E$Μd)r,^&Vɲp,! 褊hw"?GU3[ ~u6RhQJ>]$\tFwFߧ -f n0 ^SG!NMT?u˔>by'E]Ê;i.mgH.ޫ%B+Mhح/EVewo3ȫb_+ d'M nfD s' ?v6,@X ƥxO\ d=lC78s=K8A3xn4`0+R08;uz,=4B=+q7lHQYE4cٴJdu4˥?EWr,v%t5S쵓}@Ŋƥ_ţȈ>i750 oQbx|8Hsy+&ny!4_,.ռVq-QI~0m%ZyȮl.]+^ė`dy4,| HBdCq(EJ"7-eblC=8vH8&h|γZB}XhI5fW ;#$40&iflLĻR+j%͂ ܴŌU\u7 JJ":4xdbQ;ŝf@7ۼ2# Ae~pKTX#7-;EQl:q֫+-U~xxmTE ZBG􁺽{Jj *S/p_pY~pLJkmLdN9_eDb7{FlI 8肣LU'W"o"zNyu?k}uix(/_x 2Ӆ`"3|2|75"Ug;1ӔW0NXm~/vDHG  B0A~JC$.%q͜l4g'äMs]rQ%RAAdQڑ)ܴ@I&o:w$k:0&Ֆ`yK\NZ@ %N@I V#{ W WVHIG'в~|纈̛فQ/`#1[7悟[Da&^7@џt{ W-e9OQ~]Ӯ7o{GΩe@?aTfR c+KβqTnD~ %w$7/VcK^:VVjfBmN3Ƈ̺aŀ|jbm:p).2ˏ8m0ͬYL0KNVByk9%2u^d2^%ie@.y#3$cv:sƟr7)JwOQ$_ףWqD&<qf4Lgҁx.7 S(rcU tqPC/ AM0DcP>R۷?P'or(n뙕9*hFyLvmb<,]rp瘟s.OZCnQЂdt80x"c@QbԹ3(A*{EpGS֑-G[jV]o7ژB uF)$!+WHGe)VG,udYyӶ"v}(Prx։X+o3:뚂_HlM/ k$EʖS .mE30R ZOx%<BҬ~63]|e+}S+E/ Wܹ"]k%4N>?SGg$s@"#V_mdĖ'%F;͒2AOm)*O|y~Sbp,\fd2%6=AQPϽR?V*i%ʾYżƬkG˵Q%7exGyksvV⣐`8& ']@9XcYŬk6~Gl!+gd2*n.FIcgEk&sk}0NXZ\lӸaFe&rmv*&`鎖(+N (eC37W! F|dl<5<ʌW+Qܟ\ʌXFD)C``-=d䎆i xy[oEkw* -FJݦҤP!/HŔTuٳ^rdGQE UkL/6Xtx5W_rjh*.yfɮ_X d>=ш'ʠqWnU~_hÚ)!K[ (fp3j`Gѡȷ>4<#2ntVH 0du.%eSpQϕv w]ʸ Bp(Cq?*@/:ƢiF++1*cq,d R1ZR}e|.f0kP֫bU*HqBkgH:] w^Yn"Hv/= bwa1'60udAt"H8 }ȇM :T];RnxqI!M _GWgbe?C75*s0BMf)K;4ӨnPAXp <$r UnHZuE} +ܼmibC.S W}'QtU>|5?hlL_f_a +Yh3` \/к:8(UUlÞ"Ĥ܀(?l,69M_ZpD Ą_5h cXz&zkpt H67m.k=PQ娥K}X{c *dZQ:YT\rۨ|w8>Cӷ;ks>V/_Uڤ i nOީ#w(c<U?QtP(3%)lZeXۦҁ'nWN=1p? *a loQVc̣O12Z%IZ[5Ⳅkai4p xw8v.ʬfR22ElĤfPE2#M4%P7Cw fw{^j..\xUbn`lsS &Q&\hXԺ!qBv(iU\>YQ6$eR<k+bk; gm~l~r3`44lxe?)Ld1XєX Q JI0荠zts|Af-uioJq]5i7ԍ9ܦQC=c)vdvW5MA.;fklPk ҷWH$(+j?Em=%#O\|u0=%WVMo-p9 `iYs87c7W8AP}\XI !X]{*W5¡ӡ4#o wIG aף:+RZXI7t% Haj d_:w@. }RcA/ gR~˵%|*x61)ODchNue`UP_&OdZmwuыڡǰz/ R3h<ӯ!'_>b L) y{"-VJ94SHSA~D]GG8yqٟ 'ߗ=5険,j?2>8#l[S\Uv(u/LK]&mK*ڙ3wx61!;\Zs l\~Fi38MeCj}$re'r"3T ׅ(:&2E (˵sѠx[LČ'=`:ZhgM)Q(.c(J7f5G4't⑧,ZQk`J~#Yn0^HGd嚔e@k|JmzD`]&O8"h' `VfԺ]pcKXP!L13EJB0{D %` -ܫ^VNY3Aгs`x>8! oT( usCrmojeR.zvm+i!ʧu*9 L:MZ柅=-,agE{7%2!!o< W/fMi)@kȬWi|&²Ӛ$ߵ|A1O&N;# oGSB ͑??AwdYt0))@.XG6(=1ssOG"ݸ5%@6 ?ems >ѡxIג.<D^MI!j`G7z:D Pǽ8)9#ޖ.No<9]lvq$Y4 Ex-i#b9p"9*p9eJfgT%,^h8!8r=vKv~ѼH+ #{}ۚkF$vX}Q?YmȶKjh֬G$Mzw:-Og Ǒ,^uǫO>w 'qI|>]G.@^M_D!5̉1=1#o?{(Zxe#+Qqbl"m;`q݉az7 ;N@p6䅥^(!$QJf71E `p29U EUobrnYi>rxɻߣl8XngR(|eB~u\T`.494̒iJUK%l1a kXioX%V2ezj .RO𿇒,"^;"v;G&-LZ*ږŐ4&v:5;(NatВF&.^M@@ԛ?N16xsN|Y YI+ַG9m}{mo9=mݢCA& 3vUz uZ8Bʬ%L6 tI8k1|ap4\n\ @SоaDmXٽ(~}M9[T;b5~1?FϹGqkIGB†B9X)eL{A@v 6~b.s(4ՆK :i  jSA|AGdIjꅨ:>,zm@G#hre}M@I}(!% ۩^;@ hV YV' } rlstvn/̴VIӻS-OMUD~eKơF~'kwZ KYmM[ (dPl'Wz&^''+? ??h^cOOgH@ٮn^/BZ#tV`m"- Kt$HmjˆQyM\撄 `[G;zZFMj-:z9᳕^`S'÷ z3M މd2`V~I .2Վ1w`Uq1BoQj"[rE?#o}u(Y܆;,`1 %OIa)-9:0hs*3Ѳ䋸3qA"-ۑ~#|}81VZrUm '=; . =ͪH\ -I8Pi*ladYϖpJw8]P!D/#AǕ#\g^p`c\H3E53Ep(e$1!F <R#2^0UK={` LCUOI~`A>fU̐f#tRQj/T 9q5e\C6+>^}ҟ-Q^WF@0;l͋4`=& % pqB4j5A&kc ЩY!֘e'Y;1&:j~r[H.ŏѭk<>T.R}Cܷ2BY^!Hmٵ(ț$ÚU+e/RkjlB->c Rߥjqeζ}ja%Hcl\rl'6Uwn8MZ{nsqث۹%ʝ=nb`/|x+Yg85f{K%zȇ4KHe<̩)B`d~Cyl|s[s#Nh4T%*}.{A { /o]7WP?F$:bFpzJ~%M,gfJPK_Mb\/k 1<ZX"Ȭx  MEWlk`fBT;',e%64c!5xX Pϔfyjá' zg8G\XG;ڿ:1OcCxNfʗf%V|tՏl78xl/$A nN @+{~F@Qtn]%"~b] t_ҙ3t_!Rɻc0~ַ-J4JⅉI 9ڤB*+/n݂oJ-aK"QUجSHv."Wqmmwt8N.y9`CD6{9 BҦFD]IMU!_ l iB8'Z8XT)}WԊ}99]a?Yyh̴rү3YѭᡈEluPaZN˽;ԂLe•,-jgjۤX=Ww:_OM9Ԕj ,xVDM*4]O 2O7D ߞS82fč*_up'hhz~r `#E탽dR=|7o_4pċ<cw~7a)`n5C73Hԅ+ ڲ IzF_yO-EsFw`OvgQ _hVhůN4Nk(ϵo<%qQ!=k{kZ8Ow7R+Ki"4,oHD\0aĥ4vFFL44cjpfW3]"&'yyouܫĠ2D\qXL; YuT[K]2Mm :e8[2a'#$\"%7}V\v lZI@&ϘMmyXP yգU2!08=Q s gΈ$ig|^)ɝ{15w| u8L)p񦟮+U++{w@fJ7ׇ[ّ#ӥ^KblN'bwɠ__ebZ&*I1PbrMIﴱljouO~36oY]Sj9DW>&Jr+~ia٠rvvdG}>fb Yv:8:#,@-)ʍ