������libjasper7-4.2.8-150600.4.5.1���������������������������������������������������������������������<���>�������,���������������������������������������������������������i�p9|��-q�Ld8Mqs8r�S#c!�2Z�4��T{w+`�CrrB.�Jw2jW�(h38oPf0i��#INr
c�!^#x*|^GMqQ�%�W�@�"ww`�Z:t_4�8aY�x])�$.(~]x-}ETOb�[�"{
�%r|#s¢v�T.}Lk�y[rHVDς��fj$��H:¼ ӡ� eA���>��������������������@��w����?������w��������d�������������������������������������
������������������������� ��� ���������� ���2������������������������������������������������������������������������������������������������������������ ������������������,��������������U��������������[���������������d���������������l������� �������p�������
�������t���������������|����������������������
���������������������������������������������������������������������������������������������������T������������������������������.�������(�������V�������8�������`���B���9�������h���B���:������ ���B���>������s�������@������s�������F������s�������G������t��������H������t��������I������t��������X������t��������Y������t$�������\������tL�������]������tT�������^������tv�������b������t�������c������u+�������d������u�������e������u�������f������u�������l������u�������u������u�������v������u�������w������vh�������x������vp�������y������vx�������z������v�������������v�������������v�������������v�������������w�����C�libjasper7�4.2.8�150600.4.5.1�JPEG-2000 library�This package contains libjasper, a library implementing the JPEG-2000
image compression standard Part 1.��i�h02-armsrv3����SUSE Linux Enterprise 15�SUSE LLC �JasPer-2.0�https://www.suse.com/�Productivity/Graphics/Convertors�https://jasper-software.github.io/jasper�linux�aarch64�������������i�i��7d18d9b852dd6466a6b0ae4faa7fe71a083e1b897fcb25c1ff186e5d73f984fb�libjasper.so.7.0.0������������root�root�root�root�jasper-4.2.8-150600.4.5.1.src.rpm���libjasper.so.7()(64bit)�libjasper7�libjasper7(aarch-64)�����������@���@���@���@���@���@���@���@���@���@����
���
���
���
/sbin/ldconfig�/sbin/ldconfig�ld-linux-aarch64.so.1()(64bit)�ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)�libc.so.6()(64bit)�libc.so.6(GLIBC_2.17)(64bit)�libc.so.6(GLIBC_2.34)(64bit)�libjpeg.so.8()(64bit)�libjpeg.so.8(LIBJPEG_8.0)(64bit)�libm.so.6()(64bit)�libm.so.6(GLIBC_2.17)(64bit)�libm.so.6(GLIBC_2.29)(64bit)�rpmlib(CompressedFileNames)�rpmlib(FileDigests)�rpmlib(PayloadFilesHavePrefix)�rpmlib(PayloadIsXz)�������������3.0.4-1�4.6.0-1�4.0-1�5.2-1�4.14.3����hChhg@f,f P@eCeԔ@e�@e@eg'eGeGcgc$e@b�@bUbb1@b
D@b
D@b�@b� a}a�S@`}p`}p`a@`S@`B�@`!'_�@_j_|\@_k8_i@_V _ �@^p]�\�@\\|\@Z@Z@Yf�@YdYdX@Xg@XX~@XO@XZnXOX�=X�X
V@V�VUVT7T�@T@mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�wbauer@tmo.at�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�kieltux@gmail.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�mvetter@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�sbrabec@suse.com�fstrba@suse.com�fstrba@suse.com�jengelh@inai.de�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�fstrba@suse.com�badshah400@gmail.com�nadvornik@suse.com�nadvornik@suse.com�nadvornik@suse.com�- Update to 4.2.8:
* Fixed a bug in the JPC decoder that could cause bad memory
accesses if the debug level is set sufficiently
high (#402, #403) bsc#1247901 (CVE-2025-8837)�- Update to 4.2.7:
* Added some missing range checking on several coding parameters in
the JPC encoder (#401) bsc#1247902 (CVE-2025-8836)�- Update to 4.2.6:
* Added a check for a missing color component in the jas_image_chclrspc
function (#400) bsc#1247904 (CVE-2025-8835).
* Fixed a minor build problem related to the use of -Wstrict-prototypes
with Clang.�- Update to 4.2.5:
* Made a change to a configuration header file in order to avoid
undesirable compiler warnings when JasPer is used in C++ code (#393).�- Update to 4.2.4:
* Added some missing checks to the jas_heic_decode function in the
HEIC codec (#383).�- Update to 4.2.3:
* Added a missing check in the JPC codec (#381) bsc#1223155 (CVE-2024-31744)�- Update to 4.2.2:
* Fix minor build issue (#374).�- Update to 4.2.1:
* Fix a build problem for the DJGPP/MS-DOS environment (#372).�- Update to 4.2.0:
* Add the JAS_PACKAGING option to the CMake build in an attempt to allow
easier control over rpath settings by packagers of JasPer.
* Remove a number of obsolete scripts.
* Make some cosmetic changes to the code for the JPC codec in order
to improve readability (#371).
* Fix a portability bug related to threads/atomics.
* Replace some lingering uses of strtok in the JPC coder with jas_strtok,
since the use of strtok is problematic in multithreading contexts.�- Update to 4.1.2:
* Fix invalid memory write bug (#367) bsc#1218802 (CVE-2023-51257).
* Fix missing range check in the JPC encoder (#368).�- Update to 4.1.1:
* Disallow in-source builds by default #364
* Fix a potential integer overflow problem in the
jas_get_total_mem_size function (for the Windows platform) #363�- Update to 4.1.0:
* Add support for building several JasPer application programs for
WebAssembly target with WASI support.�- Update to 4.0.1:
* Fix integer overflow bug in PNM decoder (#353).
* Fix a few minor build issues.�- Update to 4.0.0:
* Improve static linking (##336).
* Fix path relocation in mingw environment (#335).
* Improve logging and build scripts.
* Improve JPEG-2000 conformance test results.
* Enable PIC by default.
* Fix memory leaks in function cmdopts_parse (#332) (CVE-2022-2963).
* imgcmp:
+ Add quiet (-q) option.
+ Add debug-level option.
+ Fix memory leak.
imginfo:
+ Add quiet (-q) option.
* Fix bug in parsing PGX header.
* Fix integer overflow bug (#345) (CVE-2022-40755).
- Remove jasper-CVE-2022-2963.patch�- security update:
* CVE-2022-2963 [bsc#1202642]
+ jasper-CVE-2022-2963.patch�- Update to 3.0.6:
* Fix bug in manual deployment script.�- Update to 3.0.5:
* Fix a minor build issue (#328).�- Update to 3.0.4:
* Eliminate some bogus calls to abort.
* Fix a typo in jas_safeui64_div (#323).
* Add some additional logging messages.
* Fix the source of a potential compiler warning (#321).�- Update to 3.0.3:
* Fix some portability issues in a few scripts.�- Add back missing Requires to the devel package�- Update to 3.0.2:
* Fix a build issue that occurs when a cross-compiler is
used (e.g., #319).�- Update to 3.0.1:
* Fix some build/portability issues (e.g., #317, #318).
- Drop jasper-cmake-warnings.patch: contained in upstream release�- Update to 3.0.0:
* Introducing some API changes please refer to the "News" section
of the JasPer manuel: https://jasper-software.github.io/jasper-manual
* Greatly improve documentation.
* Add support for multithreading.
* Add some customization points in the library, such as the
memory allocator and error logging function.
* Add improved memory usage tracking and limiting.
* Add experimental partial encoding/decoding support for the
HEIC format.
* Fix some longstanding issues in the JasPer I/O streams API.
* Fix many bugs (e.g., #305, #307, #308, #309, #312, #314, and
many others not associated with any issue numbers).
- Remove jasper-freeglut.patch: not needed anymore
- Add jasper-cmake-warnings.patch: fix cmake warnings
- Remove legacy provides/obsoletes related to sle11 and bsc#437293�- Add jasper-freeglut.patch, fixes freeglut detection and linking
- Run spec-cleaner
- Change license from SUSE-Public-Domain to JasPer-2.0
- Cleanup docdir, only package the html and pdf docs and not
the sources�- Update to 2.0.33:
* Fix a JP2/JPC decoder bug (#291)
* Fix a build issue impacting some platforms (#296)�- Update to 2.0.32:
* Between 2.0.29 and 2.0.32 were only experiments with
GitHub Actions�- Update to 2.0.29:
* Loosen some overly tight restrictions on JP2 codestreams,
which caused some valid codestreams to be rejected. (#289)�- Update to 2.0.28:
* Fix potential null pointer dereference in the JP2/JPC decoder.
(#269) (CVE-2021-3443) bsc#1184798
* Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time.
(#286)
* Fix integral type sizing problem in JP2 codec. (#284)�- Update to 2.0.27:
* Check for an image containing no samples in the PGX
decoder. (#271, #272, #273, #274, #275, #276, #281)
* Check for dimensions of zero in the JPC and JPEG decoders.
* Fix an arguably incorrect type for an integer literal
in the PGX decoder. (#270)
* Check for an invalid component reference in the
JP2 decoder. (#269)
* Check on integer size in JP2 decoder. (#278)�- Update to 2.0.26:
* Fix JP2 decoder bug that can cause a null pointer dereference
for some invalid CDEF boxes. (#268) (CVE-2021-3467) bsc#1184757�- Update to 2.0.25:
* Fix memory-related bugs in the JPEG-2000 codec resulting from
attempting to decode invalid code streams. (#264, #265)
This fix is associated with CVE-2021-26926 bsc#1182105 and
bsc#1182104 CVE-2021-26927.
* Fix wrong return value under some compilers (#260)
* Fix bsc#1181483 CVE-2021-3272 heap buffer overflow
in jp2_decode (#259)�- Update to 2.0.24:
* Add JAS_VERSION_MAJOR, JAS_VERSION_MINOR, JAS_VERSION_PATCH
for easier access to the JasPer version.
* Fixes stack overflow bug on Windows, where variable-length
arrays are not available. (#256)�- Update to 2.0.23:
* Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c (#252)
bsc#1179748�- Update to 2.0.22:
* Update manual
* Remove JPEG dummy codec
* Fix test suite build failure regarding disabled MIF codec (#249)
* Fix OpenGL/glut detection (#247)
- Remove jasper-2.0.21-glut.patch: upstreamed�- Add jasper-2.0.21-glut.patch: Fix glut.h detection
See https://github.com/jasper-software/jasper/issues/247�- Update to 2.0.21:
* Fix ZDI-15-529
https://github.com/jasper-software/jasper/pull/245
* Fix CVE-2018-19541 in decoder
https://github.com/jasper-software/jasper/pull/244�- Update to 2.0.20:
* Fixed several ISO/IEC 15444-4 conformance bugs
* Fixed new variant of CVE-2016-9398
* Disabled the MIF codec by default for security reasons (but it is still
included in the library);
in a future release, the MIF codec may also be excluded from the
library by default
* Added documentation for the I/O streams library API
* Improved adherance to specification
- Move to GitHub repo https://github.com/jasper-software/jasper
- Update URL to https://jasper-software.github.io/jasper�- Update to 2.0.19:
* CVE-2021-27845 bsc#1188437
https://github.com/mdadams/jasper/issues/194 (part 1)
* Fix CVE-2018-9154
https://github.com/jasper-software/jasper/issues/215
https://github.com/jasper-software/jasper/issues/166
https://github.com/jasper-software/jasper/issues/175
https://github.com/jasper-maint/jasper/issues/8
* Fix CVE-2018-19541
https://github.com/jasper-software/jasper/pull/199
https://github.com/jasper-maint/jasper/issues/6
* Fix CVE-2016-9399 bsc#1010980, CVE-2017-13751
https://github.com/jasper-maint/jasper/issues/1
* Fix CVE-2018-19540
https://github.com/jasper-software/jasper/issues/182
https://github.com/jasper-maint/jasper/issues/22
* Fix CVE-2018-9055
https://github.com/jasper-maint/jasper/issues/9
* Fix CVE-2017-13748
https://github.com/jasper-software/jasper/issues/168
* Fix CVE-2017-5503 bsc#1020456, CVE-2017-5504 bsc#1020458, CVE-2017-5505 bsc#1020460
https://github.com/jasper-maint/jasper/issues/3
https://github.com/jasper-maint/jasper/issues/4
https://github.com/jasper-maint/jasper/issues/5
https://github.com/jasper-software/jasper/issues/88
https://github.com/jasper-software/jasper/issues/89
https://github.com/jasper-software/jasper/issues/90
* Fix CVE-2018-9252 bsc#1088278
https://github.com/jasper-maint/jasper/issues/16
* Fix CVE-2018-19139 bsc#1115637
https://github.com/jasper-maint/jasper/issues/14
* Fix CVE-2018-19543 bsc#1117328, CVE-2017-9782 bsc#1045450
https://github.com/jasper-maint/jasper/issues/13
https://github.com/jasper-maint/jasper/issues/18
https://github.com/jasper-software/jasper/issues/140
https://github.com/jasper-software/jasper/issues/182
* Fix CVE-2018-20570 bsc#1120807
https://github.com/jasper-maint/jasper/issues/11
https://github.com/jasper-software/jasper/issues/191
* Fix CVE-2018-20622 bsc#1120805
https://github.com/jasper-maint/jasper/issues/12
https://github.com/jasper-software/jasper/issues/193
* Fix CVE-2016-9398 bsc#1010979
https://github.com/jasper-maint/jasper/issues/10
* Fix CVE-2017-14132 bsc#1057152
https://github.com/jasper-maint/jasper/issues/17
* Fix CVE-2017-5499 bsc#1020451
https://github.com/jasper-maint/jasper/issues/2
https://github.com/jasper-software/jasper/issues/63
* Fix CVE-2018-18873 bsc#1114498
https://github.com/jasper-maint/jasper/issues/15
https://github.com/jasper-software/jasper/issues/184
* Fix https://github.com/jasper-software/jasper/issues/207
* Fix https://github.com/jasper-software/jasper/issues/194 part 1
* Fix CVE-2017-13750
https://github.com/jasper-software/jasper/issues/165
https://github.com/jasper-software/jasper/issues/174
* New option -DJAS_ENABLE_HIDDEN=true to not export internal symbols in the public symbol table
* Fix various memory leaks
* Plenty of code cleanups, and performance improvements
- Remove because contained in upstream:
* jasper-CVE-2016-9398.patch
* jasper-CVE-2018-19540.patch
* jasper-CVE-2018-19541.patch
* jasper-CVE-2018-19542.patch
* jasper-CVE-2018-9055.patch
* jasper-CVE-2018-9154.patch�- bsc#1092115 CVE-2018-9154: Fix possible denial of service
Add jasper-CVE-2018-9154.patch: dont abort in jpc_dec_process_sot()�- bsc#1117507 CVE-2018-19541: Properly fix heap based overread
in jas_image_depalettize. Original fix caused segfaults.
Update jasper-CVE-2018-19541.patch�- bsc#1117508 CVE-2018-19540: Fix heap based overflow in jas_icctxtdesc_input
Add jasper-CVE-2018-19540.patch: Make sure asclen is at least 1
- bsc#1117507 CVE-2018-19541: Fix heap based overread in jas_image_depalettize
Add jasper-CVE-2018-19541.patch: Check number of lutents�- Update to 2.0.16:
* Fix assertion failure JPC_NOMINALGAIN (CVE-2016-9396) (#50) bsc#1010783
* Fix build on Windows 10 (#162)
* Improve README
* Fix build with CMake 2.x
* Add missing dereference operators (#178, #157)
* Check data in jas_image (CVE-2018-19539) (#196)
- Remove because contained in new release:
* jasper-CVE-2018-19539.patch
* 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
* Remove 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
- Run spec-cleaner�- bsc#1117505 CVE-2018-19542:
* Add jasper-CVE-2018-19542.patch�- bsc#1117511 CVE-2018-19539:
* Add jasper-CVE-2018-19539.patch�- Added patch:
* jasper-CVE-2018-9055.patch
+ fix CVE-2018-9055, bsc#1087020: jasper: denial of service via
a reachable assertion in the function jpc_firstone in
libjasper/jpc/jpc_math.c.�- Upgrade to 2.0.14
* Soname and package name change libjasper1 to libjasper4
* Security fixes:
+ CVE-2016-9557 jasper: Signed integer overflow in jas_image.c
- Removed patches:
* jasper-1.900.1-uninitialized.patch
+ not needed any more
* jasper-CVE-2016-10251.patch
* jasper-CVE-2016-8654.patch
* jasper-CVE-2016-9262.patch
* jasper-CVE-2016-9395.patch
* jasper-CVE-2016-9560.patch
* jasper-CVE-2016-9583.patch
* jasper-CVE-2016-9591.patch
* jasper-CVE-2016-9600.patch
* jasper-CVE-2017-1000050.patch
* jasper-CVE-2017-5498.patch
* jasper-CVE-2017-6850.patch
+ Fixed upstream
- Added patches:
* 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
+ fix assertion failure JPC_NOMINALGAIN() which can be caused
by a crafted JP2 file.
* 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
+ allow JasPer to be build with CMake 2.x as well as CMake 3.x.�- Other bugs fixed by existing patches:
* jasper-CVE-2016-9395.patch
- bsc#1010756, CVE-2016-9394: assertion in jas_matrix_t
* jas_seq2d_create(int, int, int, int): Assertion
`xstart <= xend && ystart <= yend'
- bsc#1010757, CVE-2016-9392: pc_dec.c:1637: void
calcstepsizes(uint_fast16_t, int, uint_fast16_t *):
Assertion `!((expn + (numrlvls - 1) - (numrlvls - 1 -
((bandno > 0) ? ((bandno + 2) / 3) : (0)))) & (~0x1f))'
failed.
- bsc#1010766, CVE-2016-9393: jpc_t2cod.c:297: int
jpc_pi_nextrpcl(jpc_pi_t *): Assertion
`pi->prcno pirlvl->numprcs' failed.
- bsc#1010977, CVE-2016-9395: jas_seq.c:90: jas_matrix_t
* jas_seq2d_create(int, int, int, int): Assertion `xstart
<= xend && ystart <= yend' failed.
- Other bugs fixed in current version:
* bsc#1010774, CVE-2016-9390: jas_seq.c:90: jas_matrix_t
* jas_seq2d_create(int, int, int, int): Assertion `xstart <=
xend && ystart <= yend' failed.
* bsc#1010782, CVE-2016-9391: jpc_bs.c:197: long
jpc_bitstream_getbits(jpc_bitstream_t *, int): Assertion
`n >= 0 && n < 32' failed.
* bsc#1010968, CVE-2016-9389: Assertion `((c1)->numcols_) ==
numcols && ((c2)->numcols_) == numcols' failed.
* bsc#1010975, CVE-2016-9388: ras_dec.c:330: int
ras_getcmap(jas_stream_t *, ras_hdr_t *, ras_cmap_t *):
Assertion `numcolors <= 256' failed.
* bsc#1010960, CVE-2016-9387: jas_seq.c:90: jas_matrix<= yend'
failed.�- Added patch:
* jasper-CVE-2016-9262.patch
+ Fix for Multiple overflow vulnerabilities leading to use
after free (bsc#1009994, CVE-2016-9262)�- Added patch:
* jasper-CVE-2017-1000050.patch
+ Upstream fix for NULL Pointer Dereference jp2_encode
(bsc#1047958, CVE-2017-1000050)�- Modified patch:
* jasper-CVE-2016-9583.patch
+ integrate upstream change
99a50593254d1b53002719bbecfc946c84b23d27, which fixed a null
pointer dereferencing crash.�- Added patches:
* jasper-CVE-2016-9583.patch
- Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400,
CVE-2016-9583)
* jasper-CVE-2017-6850.patch
- NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c)
(bsc#1021868, CVE-2017-6850)�- Added patches:
* jasper-CVE-2017-5498.patch
- Upstream changes putting braces and belts around
CVE-2017-5498, bsc#1020353, left-shift undefined behaviour
* jasper-CVE-2016-9600.patch
- Upstream fix for "Null Pointer Dereference due to missing
check for UNKNOWN color space in JP2 encoder" (CVE-2016-9600,
bsc#1018088)�- Added patch:
* jasper-CVE-2016-10251.patch
- Upstream fix for bsc#1029497, CVE-2016-10251: Use of
uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c)�- Add -D_BSD_SOURCE to fix redefinition of system types in
jas_config.h and breakage in ppc64le, s390 and s390x
(bsc#1028070).�- Added patch:
* jasper-CVE-2016-9591.patch
- Fix for bsc#1015993, CVE-2016-9591: Use-after-free on heap in
jas_matrix_destroy�- Added patches:
* jasper-CVE-2016-8654.patch
- Upstream fix for bsc#1012530, CVE-2016-8654: Heap-based
buffer overflow in QMFB code in JPC codec
* jasper-CVE-2016-9395.patch
- Upstream fix for bsc#1010977, CVE-2016-9395: jas_seq.c:90:
jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion
'xstart <= xend && ystart <= yend' failed
* jasper-CVE-2016-9398.patch
- Fix for bsc#1010979, CVE-2016-9398: jpc_math.c:94: int
jpc_floorlog2(int): Assertion 'x > 0' failed
* jasper-CVE-2016-9560.patch
- Upstream fix for bsc#1011830, CVE-2016-9560: stack-based
buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)�- Update summaries. Use %_smp_mflags for parallel build.�- Updated to bugfix release 1.900.14
* Security fixes
+ bsc#941919, CVE-2015-5203
+ bsc#1006591, CVE-2016-8880
+ bsc#1006593, CVE-2016-8881
+ bsc#1006597, CVE-2016-8882
+ bsc#1006598, CVE-2016-8883
+ bsc#1007009, CVE-2016-8884, CVE-2016-8885
+ bsc#1006599, CVE-2016-8886
+ bsc#1006836, bsc#1006839, CVE-2016-8887
* Changes
+ Add another data file for testing (Michael Adams)
+ Ensure that not all tiles lie outside the image area (Michael
Adams)
+ Added a note on sanitizer options (Michael Adams)
+ Added a simple test script (Michael Adams)
+ Added an --enable-memory-limit configure option (Michael
Adams)
+ Manually merged and edited a few changes from Bob Friesenhahn
(GraphicsMagick Maintainer) for Windows (Michael Adams)
+ Added some new mostly small image files (many of which are
corrupt/invalid) that are useful for testing purposes
(Michael Adams)
+ The debugging function jpc_dec_dump did not consider the case
that a band can have a null data pointer (when a band
contains no samples). This caused a null pointer to be
dereferenced (Michael Adams)
+ Changed the JPC bitstream code to more gracefully handle a
request for a larger sized integer than what can be handled
(i.e., return with an error instead of failing an assert).
(Michael Adams)
+ The component domains must be the same for the ICT/RCT in the
JPC codec. This was previously enforced with an assertion.
Now, it is handled in a more graceful manner (Michael Adams)
+ Fixed a few bugs in the RAS encoder and decoder where errors
were tested with assertions instead of being gracefully
handled (Michael Adams)�- Updated to bugfix release 1.900.13
* Changes
+ Fixed another problem with incorrect cleanup of JP2 box data
upon error. (Michael Adams)
+ Fixed another integer overflow problem. (Michael Adams)
+ Replaced the remaining left and right shifts in the QMFB/MCT
code that can result in undefined behavior (due to shifting
negative values) with call to inline functions.
These functions collect all of the undefined behavior in one
place and also allow code sanitizers to ignore this ugliness
(via function attributes). (Michael Adams)
+ Fixed a bug in the row/column split operations for QMFBs.
(Michael Adams)
+ Made the PNM decoder more gracefully handle the not-fully-
supported feature of signed sample data. (Michael Adams)
+ The PNM decoder did not gracefully handle an invalid magic
number in the PNM header. (Michael Adams)
+ Fixed a MIF decoder bug. (Michael Adams)
+ The imginfo command did not correctly handle an image with
zero components. (Michael Adams)
+ Fixed an integer overflow problem. (Michael Adams)
+ A new experimental memory allocator has been introduced. The
allocator is experimental in the sense that its API is not
considered stable and the allocator may change or disappear
entirely in future versions of the code. This new allocator
tracks how much memory is being used by jas_malloc and friends.
A maximum upper bound on the memory usage can be set via the
experimental API provided and a default value can be set at
build time as well. Such functionality may be useful in
run-time environments where the user wants to be able to limit
the amount of memory used by JasPer. This allocator is not
used by default. (Michael Adams)
+ Changed the configure setup so that if GCC is used warnings
and pedantic errors are enabled. (Michael Adams)
+ Fixed a bug that resulted in the destruction of JP2 box data
that had never been constructed in the first place. (Michael
Adams)
+ The memory stream interface allows for a buffer size of zero.
The case of a zero-sized buffer was not handled correctly, as
it could lead to a double free (bsc#1005242, CVE-2016-8693).
(Michael Adams)
+ Fixed a small memory leak for CRG marker segments. (Michael
Adams)
+ Fixed a problem with a null pointer dereference in the BMP
decoder. (Michael Adams)
+ Introduced jas_fast32_asl, jas_fast32_asr, and friends in
order to pull all undefined behavior for left and right shift
of (negative) integers into a small number of places and
provide a means to have UBSAN ignore this ugliness. (Michael
Adams)
+ Fixed an integral type promotion problem by adding a JAS_CAST.
Modified the jpc_tsfb_synthesize function so that it will be a
noop for an empty sequence (in order to avoid dereferencing a
null pointer). (Michael Adams)
+ Added some extra debugging log messages for memory
allocation/deallocation. (Michael Adams)
+ The RCT and ICT require at least three components. Previously,
this was enforced with an assertion. Now, the assertion has
been replaced with a proper error check. (Michael Adams)
+ The member (pi) in tiles was not properly initialized. This is
now corrected. Also, each tile is now only cleaned up once.
(Michael Adams)
+ Initialize uninitialized variable. (Michael Adams)
+ Added some options to configure for enabling various code
sanitizers. (Michael Adams)
+ Added some range checks on parameters in some JPC marker
segments. (Michael Adams)
+ Fixed potential integer overflow problem. (Michael Adams)
+ Added some functions for safe integer arithmetic (for size_t)
in jas_math.h. (Michael Adams)
+ Fixed some indentation issues. (Michael Adams)
+ Converted a few raw mallocs to use jas_alloc2. Added code in
the jas_* memory allocation/deallocation functions to generate
debugging log messages. Only disable JAS_DBGLOG message if
NDEBUG is defined. (Michael Adams)
+ Added more error/log messages for debugging in the JPEG
decoder. (Michael Adams)
+ Added some extra log messages for debugging. Added check of
value returned by jas_matrix_create. (Michael Adams)
+ Applied fix for VPATH builds (Michael Adams)
+ Did some configure.ac cleanup (Michael Adams)
+ Fixed 'inline' for older version of Visual Studio. (dirk)
+ Fix a potential double fclose of a FILE* in the JPEG decoder.
(Michael Adams)
+ Changed jas_types.h to assume that header files required by
the C99 standard are present. (Michael Adams)
+ Incorporated changes from patch
jasper-1.900.3-libjasper-stepsizes-overflow.patch (Michael
Adams)
+ Incorporated changes from patch
jasper-1.900.3-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch
(Michael Adams)
+ Incorporated changes from patch
jasper-1.900.3-Coverity-RESOURCE_LEAK.patch (Michael Adams)
+ Incorporated patch jasper-1.900.3-Coverity-NULL_RETURNS.patch
(Michael Adams)
+ Fixed memory leak in jiv. (Michael Adams)
+ Fixed a sanitizer failure in the BMP codec (bsc#1005084,
CVE-2016-8690). Also, added a --debug-level command line
option to the imginfo command for debugging purposes.
(Michael Adams)
+ Added some missing type casts to ensure promotion to the
correct unsigned type to avoid undefined behavior (and stop
warnings from USAN). (Michael Adams)
+ Fixed a linking problem with newer versions of GCC. (Michael
Adams)
+ Changed --enable-debug configure option to enable some GCC
sanitizers. (Michael Adams)
+ Added range check on XRsiz and YRsiz fields of SIZ marker
segment (bsc#1005090, CVE-2016-8691, CVE-2016-8692). (Michael
Adams)
+ At many places in the code, jas_malloc or jas_recalloc was
being invoked with the size argument being computed in a
manner that would not allow integer overflow to be detected.
Now, these places in the code have been modified to use
special-purpose memory allocation functions (e.g., jas_alloc2,
jas_alloc3, jas_realloc2) that check for overflow.
(Michael Adams)
+ Add fixes for CVE-2014-8137. (Michael Adams)
+ Added fix for CVE-2016-2089. (Michael Adams)
+ Moved abort into default case of switch statement. (Michael
Adams)
+ Remove auto-generated file aclocal.m4 from repository.
(Michael Adams)
+ Removed HAVE_VLA stuff from various configuration and build
files. Also, changed a few INCLUDES to AM_CPPFLAGS in automake
files (since INCLUDES is deprecated). (Michael Adams)
+ 1.701.0-GL (Richard Hughes)
+ pkgconfig (Richard Hughes)
+ Coverity-UNREACHABLE (Richard Hughes)
+ CVE-2016-1867 (Richard Hughes)
+ CVE-2014-9029 (Richard Hughes)
+ CVE-2014-8158 (Richard Hughes)
+ CVE-2014-8157 (Richard Hughes)
+ CVE-2014-8138 (Richard Hughes)
+ CVE-2015-5221 (Richard Hughes)
+ CVE-2016-2116 (Richard Hughes)
+ Coverity-FORWARD_NULL (Richard Hughes)
+ jpc_dec.c (Richard Hughes)
+ Coverity-CHECKED_RETURN (Richard Hughes)
+ CVE-2016-1577 (Richard Hughes)
+ Coverity-UNUSED_VALUE (Richard Hughes)
+ Coverity-BAD_SIZEOF (Richard Hughes)
+ CVE-2008-3522 (Richard Hughes)
- Removed patches:
* jasper-1.900.1-bug258253.patch
* jasper-1.900.1-bug392410.patch
* jasper-1.900.1-no-undef-true-false.patch
* jasper-1.900.1-bug725758.patch
* jasper-overflow-bnc906364.patch
* jasper-CVE-2014-8137.patch
* jasper-CVE-2014-8138.patch
* jasper-CVE-2014-8157.patch
* jasper-CVE-2014-8158.patch
* jasper-jpc_dec.patch
* jasper-CVE-2016-1867.patch
* jasper-CVE-2016-2089.patch
+ Fixed upstream
- Force -std=c99, since the upstream sources assume C99�- Modified patch
* jasper-CVE-2016-2089.patch
+ Use the new version of patch from
https://bugzilla.redhat.com/show_bug.cgi?id=1302636
with more targetted checks.
- Version the Obsoletes/Provides so that the package does not
obsolete itself�- Add jasper-CVE-2016-2089.patch
* CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip()
function (bsc#963983)�- Add jasper-CVE-2016-1867.patch
* CVE-2016-1867: Out-of-bounds Read in the JasPer's
jpc_pi_nextcprl() function (bsc#961886)�- Add jasper-jpc_dec.patch to fix failure when manipulating images
with 4 component color using reversible color translation
(deb#469786); patch taken from Fedora.�- fixed CVE-2014-8157, CVE-2014-8158 (bnc#911837)
+ jasper-CVE-2014-8157.patch
+ jasper-CVE-2014-8158.patch�- fixed CVE-2014-8137, CVE-2014-8138 (bnc#909474, bnc#909475)
+ jasper-CVE-2014-8137.patch
+ jasper-CVE-2014-8138.patch�- fixed possible overflow CVE-2014-9029 (bnc#906364)
+ jasper-overflow-bnc906364.patch�/sbin/ldconfig�/sbin/ldconfig�h02-armsrv3 1761904279����������������������������������4.2.8-150600.4.5.1�4.2.8-150600.4.5.1����������libjasper.so.7�libjasper.so.7.0.0�/usr/lib64/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:41419/SUSE_SLE-15-SP6_Update/e567bb653628089eeb7b8a97a2eee001-jasper.SUSE_SLE-15-SP6_Update�drpm�xz�5�aarch64-suse-linux�������������ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=be47b54372d8ffc0eab959383f87c8c6b11505b1, stripped������������������P���R���R��
R���R���R���R���R���R�� R���R���Q?�eؒ,I�����utf-8�030d66552fc4ec17709cb987c8ef991b8859c861b05775b7b4285ec1e14f3946���������?���������7zXZ��
���!�����t/o`N]�"��k%{U}d�
y*zAje]D����`awX5�q=֓vcV��v,ԉ['C$/D!Pg+��-ǜ+J^L�}���Q|ёb���H�:�m99iD!j|)��JtFOޔvYfI=t��X�NU�3g Q鯕��Ί�N�|�nQ��HkP0A��OYtU�NWO
�=�"3^6oa�vSKNJ��QRDnAH|4
^ vE�iooTXIA^f59~�b"���
MJw��|��jb/t<�bly�i}p�&YS�r˅b�I���.�ǦI���nr�zHЄ<:���9�M"*hz1a�wIBhf#J�:�U4(A"7�>�`�?�3l|7;b3QM5pC4?1��uN�-˓�:
�]{�5N6.��uCRA�+ٟO�Bd&ʰ��uIdeΓ���
D%ro�qҮ2qAN+[kޝ`6άS%�{z���r~�T7߇+]5C�5ӝD ;EF�׆f�ݦ4�ӪMY7�S�u�r!5BF�C}��bVQvzn@ :85חy"z,�r,�qln�p<$���6��V�?ԃ�hD��I�lp�CBU;e
iK�P22R1߸,>*H6
ܠ�p�hHDtuI>#P#M( k �ݥ8h=Z_�n�Q5Y-Y}�>�[�<0'"�uh!>��_��·ǝ܍VS)zk�c uf�} ,'Vvb4*b��꽣bgGY]&a�X7u9-ӵ�%
PߊPzI2?�(X�^7B={]𨖦}yB�_C\VgLz�(*f8ffgIgcgmƥLA\�:y8!�R0d|�I(qܟ#oI^fF+�s�H8�_�xNT�w*5 mF4M F(
DoO]�
:�\'_|Yc>*S`
NSݨ?�HwN҉�GsYr�Kѫu+L�]NWe�hq?�oPϤ�]��cc蟈LCYy`U;
�V@b:G)E+�RE�]iW�.@lHMq���CRs{tN[[(Zmp�[B֙0pN�8Wgl�aC@sM?[M觖'R?�=
�UG��K��8�O�煮�Sﶌ+`bOq_xd�Y�Gj�,��z3�:1��t�4�A0 inuo;O*D&��/=mWNr0xb@���25:\�!zװ2ȩpތN'I�@��c:v'a?
)c��˸Xj~�Q�l5x��YDVH��G~t*SE11>EiѥG�l
2#'�X XE_$�Wb�K>��=t�0!ϽD�u߹x�UR'r^�4l��3?C-Ev�3Ul;+�Cyר�cB4\)G/L$ˈ8�[%&$kC��{P~<�nΖ/$�/>
�KUw,�Z+.i(B$@�D)N�O�^Eq�~a�X%q�҄lWe߸EO{�iJy��a,�P+yRc��
abK\�x�h6R`xsI|�IfF!�@5r^�&:6�47�ܟ�6 gy(7BqE�ş?f&K�&hs]W4@o�;//)f`+�Nj��x:uy�qEg:
�N1?k<�G!6�"�e�{$ WprZ˚*}I"WyPr̕@]!
��uHƕ�d+-=*��O�:.,="Q\DMaN�6/�7�Rm1�r�I�a)�1�H58n¼R㐥o.NiDb
fulCz9nL*6uEzp*A��hWG`-BQx�AW�=kՍ�9�V1x�[�DgεD�Y2��!ww"S+
�_+)ʰN\GļrV�_�j7gb&�W�ǔ��=E0�d�ϵv7퉢*Yx�h+�
ۨ`�k8!4O557W}64Q|�g8(��0(�uÒ5�BzV��l4�3OԌ[�`J0*dzg<�K�'hӂ)|��?B3~x.j
E�t��AA#x^1S�T,t!MNzES(Bn}U:*�D��:YA�<\4,X��rmeaA3\h�K?
�s뿁�Yu�L
�L�
l:F�Z��I�)nŴg/jF~Uu��bp\�q
UP�9KHO�x �Y|Lu-B.x�Vy|3�̤[5�Ժ>ʻ+hs�I_��&eB�iGReEY�`���]�)Vp'�)Fb[�xsZm E8�%z&:y�n*AOϵ�I׆&�7Z�=+d.�`�'�yYxJeb#��wsh!�rQe2k�̈́eD ;/Ã+�*`գ0B1]�@4P|g�nA
a�qq1O
7�\!n��%dض�D2To`�'��m!�
b��9Ӧ
l\�xK�,"AbGMoӠ^UTVS%)��hH
��)~�jH'�o��8f4���G�e:I1�K�-u@�w�tk[5.�R���x.�(Zd\+HΓӡz�LɫǨB
��u+nVQ!��1t�[�NcJD�
�h$n(KCد8_2*f�8YHB!chQ2D^nJeDjюYA�z͡�Xi�;P
6�o+@yJV3.�2%kg2}7!;6N`,L�[b%cZ-�Qi:.�sGJs*XR\�/e|>3�PˈϚe�RSzZC8�::<=o��\&�$&Ԉ�h@Qe@�VzE6�$A
�3�{/P?EVs^)Y@I
"r2D\-���<�QO31X�qJwno؝H��>{�1Ũ$oM*;�0t̴,��_R�ص6ϝsV'R��-7&�/�>n�nV�r.�r>��! �7s@@zSWk=RcK�C
�1OJ4��BwuhhaP�e1�nSBFUv[p��R uM("?Xs�{ U�e�C��kKZF
�?�:K4Wք;<�8\Qw݀p3v֕D=:Q]5he'g:6.P#�%~0e$OBȗk|Nw$[>k?�Vʻd@��Db�V--OrN'Sk�lk_g8��E79dp!?`I H�P�pgʊtE�HfTx�HzE�'�VQjlcDlZf�lظ`,oZ!L4Luk�~\4k�G�*C,O��:UVu��O
�ӯ�wjX�NPb:E���>'�Jj/~nX�T�ck7)ud(4"�Qm����Gw|��h��FP)��:t*�X'~P%=�kS NOPd[.V[�TA�GV8�zfk���D3<�FD
V
`%K%P�
Bؐa�TuD�*:{in;.ZN{0iD��5� Y�s0/^v?��1-*\:ZD|.��ADF7
ryd1q��[/n�R1�4S�,`ƙvRJ��m���脸���>�FNt�74'@FicGgԌ9I�-x?�?���/ARX.XSP'e�`ҭx[�̾a(I0}SԵ��ǛCI1OKq=�c�j��Z]�a]:�&2_0�Y5Z3:MTn"Ɛ..h%vXL^#t�*DA_�㟎T]�`n@Uu�GJ1㶝Ш�oO]�@DƩ˒Aօe?r��n�g��0z&�x>�b�VHYD紒�W�cur*N=n
4gÀٷjSzqq*h��Rߗ69o?FA^bgSnV�nh0tx}<�=C��X9+Z.�_ "?2�U7�ifz�}ZnQ1148n&=ѯ`�R��磳J�je��',=F�lq-F9mfhLU4qY�3Kť�Z�� �/#�j�E%�B�6Dzf2[&v*�l"ӱB3X,|&YAa=��0C F^in%�!�-L|���Pf&i.+1>�2x{x#Cs�)ءYjWAI2YL8[t1Z߁x�*0)ɚeBkDגZ�*gU��ܠiHq50`Y��q>�>?ŋĕ";*mR�Ђ*Ѿ�^-=ԭ|P�W�KrJ���t�h?1Þ;>CC}[MBғL5,�O�i-H?[Xb J?D]�T�N�ׯiJhkC��um^�ɤq�QCD�=�T0%�O(+h��(
�+{jO-�J]yr\P>vTR�Yx*8\%h}�eFѮ"�ru9�q��Q|6Y։5�N�~f.g:X`ݮByD |a/[Џ
�[@2�3���ؚΠ9>а/`& ohT/��6�4ځU�q.g
O��
#]ha�,Ԇf|o�弯oTƀG:J�_Br.�RxWN�=;�=�6W;/t)Hu\�C!/S�
M+�q=�zNʾmTh M5S<8PI�wlY{bEB�%QӶ.f<,GhS�(wIC:�L!J�)�]�`gdǦ<]�Ǣ�>C��b ς^�Ai?�(D��7hxH3��*0��2 T䎰Y 8|V��
n4I?�VBbr
[皜c�5G\mI,ŋs颂qXŔb
b�ql9֡Ml
^_t�=�Q��V謂/�q!�O��~A'K�Dh̶�WXʙW�E-�,dlÑ&?��rAxb�1M>[C�7o7⌥kAknӭ
�,)e�oGȵh*vݕфP%{*Ҙ4Ph�K�kN
S �PA#v2(��,(��3)-hɩܼIM6I�AQ+/Y?�նbjyCuN^�/ek(Wv�85�;��<&�{��ޑ6~��pLGz
,T1��蛎FYG�q4*,]Z2g$-^1Qp��AH0n'�b.ƫ̅F\{6�o�f,9
�ldy)yHq�2牭\W��ql95v�h'6�ڍ\��*iZT!@'L+禮qJ]TUJk^G)�FuKmzYr.r)%VKiBՂ5��B/#�ݢ@;|GJ4hg�\t�-,$�jpjtfj�VU_z�hԈ+)VM:yL",]]�?IUFfʻ�/2;7�w%6S�}'PvI���4MB���h
Kdb=Dl9��Yx�YG�A�3F<ߩ�T6�pr,ZPOT >�.# ګ2ɵ�GX�Wؿ#�Q>�3E߆-
�))Uo-a߹@] U[[RHdzF�aկPi�x�j"AM3T!=6�NSwLS8\rcR[KD]b�mm�v�t֍�#�,Gϥsf�(H�v�92T.eڊE|>�ćP]{��\~�OQ09ǷuK1A6+f�WbY>,^�MӔUSյBCCU�WG��zu[ێ8+�;6�S�U)O>�.DfJ5eRԃ0!۞
@�A�wv8ʙeL>럓|*�ޙ9$(_��rS4��E��~��gL�Bvٕv��xU��T_ytY,Cn�["0$-��6.TVaP�(/K��(Q
Nr�&lR�q<>�ր|ؙ0* +�u�*�[�h�x"ۂ8}��4:�_x!r?J*�f�2ؾtQs�& #�\ âUmhf�]SYJ��XhDC�{{�(osx!�Yid10WK|:��t�VƗUY�\d�<ދ]�ӳ�z%>8�@z:wK/C�@5"#m�3ˈDW?陧�%�_��6�fqDF!ҵδATtJ��X/u���uwy-38;:�x3g b|T��п�d�L2�3ꧫ(rD�@}���z
k�ouY�KT(�U�7Y&��-WWy=�����,>�}F64df�J)+ȀtP+��I娦�Ai^�F3q;�cqdaU�UH/~ѫ@KqD9�jtVe-jvI/[SDf�Z,E�$�e봣Fk(�EE. 8�?ܯִ`q:�2�K=�
h�/=ֲM��j5�j����F�/Ҫ O�4� k��of0z&7�`dt}1� a:m�wh³�c���nfVer0$@zhagdP�"@'M"[hb�O�~RZҟbU�l�h�2L3S%�:L+(g�8R&\)̠^r6ݽdꥬ�`'R��/SKO*^ʵ,#h|
T8�h*q0�Xny��.C0φ �˳t߬RPU->�AB�1xO|ƊPNQ:2z"G�$8¸m#�aOY&�(�0ȯ-{-j@fZ FTz/�dhA: <)o$S�/1�5�(q�HH\Eo5�=#�/OH��~ս�Am�Hh4�`sйG�=�z] 1wJϏ(]�nplM0Q䛇g�Qw-
k[5�GW ��Μ-�I]/t�ą��NWU�FuJ�aƉԇ@\g8nfn2𩩵�|ˤ~o*o�6c�XF�Ki�V#�q�7e� w#]1�Y]Ym[!#�%@ɼ�IdB�n_l�mwX
o���b�Qǣ?4sD�<�]�)B��D�
` ���ІkQS��#@�O�S�b};y���ҹ5l$q/[>^a*NdҠ�N
_PZO])I�Y3g5ͪ%~L /u52�;��3_e)#"]p+mU��p
Qûm�?�#�*^eeW{�b���6IoU>)�E��h��|��ac
m�܃U~g�H��<
OV[xU�+��Ҙ�7�%UUb��)ma�ǩp�|�MwfջU~vVd1+ 䊱p,eq�A�B�h=M9F�:���66� ;5Ӫ@u
.z�([��f'^"B#n1r=J�}��{ #�EI��_3]Oٓ@gcC9Y>n'7k�^H�d_~�
g�$+O �Bogǘ2�nƿ >�,>�G#���aUD**'ưxg
a�LnvC�~�u�[mPZ��\���G�<��Beby$gg�0@nl�N�<�b?xF�iVB]^uj&r�1۽Q/�BL`\5Ow�f4�I�C7!AH5l
�g*=z2��a3Z佽ʳ8B/v�7josr�#p0l��8L`HMQ(eJ'�H||P�t�Ec�_U��$W�EB܁>o
B/Z ]yҟ/nE%~;y�%�/AmV/|Mma�GpZ�e!lq̨߯w(�X�Lư*5 �)�5lrM�3cj($QgG+X_90�Y~a���M'�#I(5?ޮ)f~|-=Eqbm2qē�6!�����ډ¼q�`嗝dN�U�Hkz!^MH^�� �,On2[j�suw;ڑ.5L�� �4K��^K-�yelj�ZV㏭N�(_k���]wJ{EW�v(\Z�Kj`M k��{xW#J<�2o�9A�|;2o�h,]]�/p6&ۢk:T/�c�1Xۏ�됢ɜ���+oeel�@}F�HHoYP{.".@OD�2%�!$SpUޅ>�2ozDž�S㴣+��:2Q�?l~�
h�V 1φ�a�BdAtyOd2G�Lv�iE�$VRGz8}�t8.�`bCu:��՜5JXfWpf�B
Ej$Yp2��L<#9�0
!=P34�N/�_�<|v-�IIBOK1M�0y¯�dX1St�k�;ӟ�q�Lv?G eAjI�I!rj%\�cm/:bF}��m���yTiS|8(��$~ ,1Mu�da�}ϼ����"_�b�wɸɃMp�:q4ic|]-ٜ_-С'@5rm�XV#cpSٶw�lNj�Zǽ(SǓ@φq�#wۭ96?S@|X�6N'h~+!hX\8v<�[sk5{e�7
F&HP窩ٻ#4jm9-FfMYʭ77�^&lhc�ǧ閄�ʱ?%��zo;?�x VO0O00bIs�&+""�eĐ^#k�bkܻp�=�!!%vץ��>�0�ml�
,yS�X�G!6�U]! ,vC4�1�a����A�8^�9�L�4�Jjx�]�on ,$�ld={R!��4x7٘)H�L"�QX�84a�}|?�El=;���)���\
I6<'��B_Y��.�]Ʃ{�q�CԜ $ �(\d%w*�1c`6�sǏbMu,xG�K5Jy־V�x�b4��VGT%߆8)pʺMQ귈`0S-"�5n 9t5P�UX�FJ�h�
xb`.ջNͰ93㛋�Ļ�k~�s$?P�ߕbm+WP,`#2<1nIߎ�+�#�
_mOB�@�UC0�`it%;vȬ3?w��� �TP�Ki8�$ lp#I`s��zH-�����h�3؏0ǾY3!tHs[&e{4�A&��tL�˛y}5��;(�`#��OHs#�|&N�
s*rΞ��_7uz䍪4cY;�S
\*�ZGqq
C��RtW��؈�XuLp JE��9�5Qpc3 �j-�63.&k�6X��G(G���! �Cs
M�_
),].K���,Y� x,R�uߒ2*�њ�R/<�t3IJY:;AnS(E1i�p�x ��YԴq/i�x։|NܯO!U5I+k-o00VϬ:ͣ8DwӅD(<㵱~⣮�v�:Kڮ�3TZhK5�4)6�#eF�_r�s1nwVc1sЕ�=@�*07sb)K�,2ٚJ8�4P(E�7khJbf~߮qOwzT��zAN#dP{҉V����Ďy
W#f��jK WjY#�^qn:G%'T\Cu_t'y�A{Y
ɪF |i,v3�`�0!]Kd6]d`nYs-dU�y5'K�=�Zb0"�z�tٷLY'��\h!з��`Ɵ2%37LvcL4&0U�MO��fhxֵֹ~bҏРmX�o=zƠ+!tCp�Y枻�F=��SHR5r]G۹ j�֙�Pg}jte�3u�*$%;k8}���W@u�27�91g�5DHsĔѬQ���v�;�v5_�I�/wq#B?j#[�j�U9Dɢz&s/z7K^?�o\3����A%��XukA s7&M(ᔿٛV)s<+�W/u5ƧN�T�*8�FlY�q{ߦyc`r(l�G<"�8\lë���Ş gC����x�Ѧ(d5/gF��\'kJ�4x��88^A/@^XNp��pv�vF긝_k:�\x*!F�)R�Aˏ��{�egb}]�l ƃ]=u`�hvz�h�H
�`�#����9X.(Y���v#;�IOL
�?xu#mC-p �2>ت`��N$ �)Az�Κ��+bSmZ/]�L7pB*JPk=��+2�;�5fuy]z>�sBPB(BgD�"VS'Z�`NE��%GPdž@{0Tw6=3zr'vF]|߭ض9~k���R#o6OT`%{N"t7��m
Cûc1/'gmv<ޙ2tC�,e��i0d19���{y�eEKaXX氇J]� HZDfAaeaqE�0�ާ=z}�RAZu���Lf�A$2�adI ?S�Wh�
�q7!�P_e}UH-Τ+���WW;8i�>E�'ß�ZX�9X�~]D5S0�릅zy[`ŋ�*\��EҥRY�襟90[�CgL^�E
3�2N��o�(vbM�` E�!cX9�2 u6
GC�`�xڐP�t,
��q"H2".,{ꊽ04<ؙt;�NX'48<]B�}K9<<{�U9�3vW�OW0`�籆1ŚLwZ{H�T�"
xDi�UX;9�+ͽ->5۬D,&t>e4�K#�8�v
;NJ�3v.]զ+��NL�.tJ̡\�A�T���%4k^YRiRS�*VG1�A�3Ifi3�;Ja9)4moy?\�:G�<1 u9�F?\Q'"*Oq.+&m֧\o˰&s�i�nrQ�3#<@qO~��9z�!Ҋv�%\*ueE�Z�8�93��9S3Nl�U�2�B`Ndފ��ȭ!FG��b�:) +Gr{\��yv�F�46@�V/]Vq�EzM�<%�z�N8znp˂JD���V�w=~Փ7T%^t�N0hĂWKN7dËhC�"��ׯ}_
!rr%%�ٔ#w��$cΗ j(�)w���[3h7��5Ƈ��ͩD��U%e�k�BC8hHl�Z�LIZ
�5_7f5`B'�eYInq��D&tW�K
Gan
7CCkjV�)�y0kAbjC0_"vxpߠژd�pt�X�:p��ٌw[,υ{�#vEf�BEg+�%6��wY1f9kR�z{pȦ�:�YOW8`�V�-b![X/�Aƍ&
�Ŀ:Ih_�U�BWY@4n!TZ�H>u]!>4(%i7詊:M-��C) PV~��{�;quRw+:U-g)O9<8*m,iˏS�Gx#J7Ɩ�Gb3o`q:3��OXEOn�vlbց6�ʣy
�LdN7'A yZT K]�u�D`Ka��{'Fc��e�eb���iDj˥�I_4AGr��Yd�JN�>���2%��[.�:b.;�sׄoЁ�76|Y�.µ>3�ܱ�`�[P��#P�V_>;��&8()meݺTx�I���th;OHfY6q8*�ץ�L<#�Y}l>A8;O.lRdWJp����6�,(ikNq2+�m����WH������
YZ