From bbdad8556861c60ae1f526f63de9c5857c4ad547 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 8 May 2020 23:06:47 +0300 Subject: [PATCH 001/264] Initial implementation of image preview proxy. Media proxy tests refactoring. --- config/config.exs | 5 + lib/pleroma/helpers/mogrify_helper.ex | 25 ++++ .../web/mastodon_api/views/status_view.ex | 3 +- lib/pleroma/web/media_proxy/media_proxy.ex | 53 ++++++- .../web/media_proxy/media_proxy_controller.ex | 78 ++++++++-- lib/pleroma/web/router.ex | 2 + test/web/media_proxy/media_proxy_test.exs | 133 +++++++----------- 7 files changed, 198 insertions(+), 101 deletions(-) create mode 100644 lib/pleroma/helpers/mogrify_helper.ex diff --git a/config/config.exs b/config/config.exs index e703c1632..526901f83 100644 --- a/config/config.exs +++ b/config/config.exs @@ -388,6 +388,11 @@ ], whitelist: [] +config :pleroma, :media_preview_proxy, + enabled: false, + limit_dimensions: "400x200", + max_body_length: 25 * 1_048_576 + config :pleroma, :chat, enabled: true config :phoenix, :format_encoders, json: Jason diff --git a/lib/pleroma/helpers/mogrify_helper.ex b/lib/pleroma/helpers/mogrify_helper.ex new file mode 100644 index 000000000..67edb35c3 --- /dev/null +++ b/lib/pleroma/helpers/mogrify_helper.ex @@ -0,0 +1,25 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Helpers.MogrifyHelper do + @moduledoc """ + Handles common Mogrify operations. + """ + + @spec store_as_temporary_file(String.t(), binary()) :: {:ok, String.t()} | {:error, atom()} + @doc "Stores binary content fetched from specified URL as a temporary file." + def store_as_temporary_file(url, body) do + path = Mogrify.temporary_path_for(%{path: url}) + with :ok <- File.write(path, body), do: {:ok, path} + end + + @spec store_as_temporary_file(String.t(), String.t()) :: Mogrify.Image.t() | any() + @doc "Modifies file at specified path by resizing to specified limit dimensions." + def in_place_resize_to_limit(path, resize_dimensions) do + path + |> Mogrify.open() + |> Mogrify.resize_to_limit(resize_dimensions) + |> Mogrify.save(in_place: true) + end +end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 24167f66f..2a206f743 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -419,6 +419,7 @@ def render("attachment.json", %{attachment: attachment}) do [attachment_url | _] = attachment["url"] media_type = attachment_url["mediaType"] || attachment_url["mimeType"] || "image" href = attachment_url["href"] |> MediaProxy.url() + href_preview = attachment_url["href"] |> MediaProxy.preview_url() type = cond do @@ -434,7 +435,7 @@ def render("attachment.json", %{attachment: attachment}) do id: to_string(attachment["id"] || hash_id), url: href, remote_url: href, - preview_url: href, + preview_url: href_preview, text_url: href, type: type, description: attachment["name"], diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index b2b524524..f4791c758 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -20,6 +20,14 @@ def url(url) do end end + def preview_url(url) do + if disabled?() or whitelisted?(url) do + url + else + encode_preview_url(url) + end + end + defp disabled?, do: !Config.get([:media_proxy, :enabled], false) defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url()) @@ -43,17 +51,29 @@ defp whitelisted?(url) do end) end - def encode_url(url) do + defp base64_sig64(url) do base64 = Base.url_encode64(url, @base64_opts) sig64 = base64 - |> signed_url + |> signed_url() |> Base.url_encode64(@base64_opts) + {base64, sig64} + end + + def encode_url(url) do + {base64, sig64} = base64_sig64(url) + build_url(sig64, base64, filename(url)) end + def encode_preview_url(url) do + {base64, sig64} = base64_sig64(url) + + build_preview_url(sig64, base64, filename(url)) + end + def decode_url(sig, url) do with {:ok, sig} <- Base.url_decode64(sig, @base64_opts), signature when signature == sig <- signed_url(url) do @@ -71,10 +91,10 @@ def filename(url_or_path) do if path = URI.parse(url_or_path).path, do: Path.basename(path) end - def build_url(sig_base64, url_base64, filename \\ nil) do + defp proxy_url(path, sig_base64, url_base64, filename) do [ Pleroma.Config.get([:media_proxy, :base_url], Web.base_url()), - "proxy", + path, sig_base64, url_base64, filename @@ -82,4 +102,29 @@ def build_url(sig_base64, url_base64, filename \\ nil) do |> Enum.filter(& &1) |> Path.join() end + + def build_url(sig_base64, url_base64, filename \\ nil) do + proxy_url("proxy", sig_base64, url_base64, filename) + end + + def build_preview_url(sig_base64, url_base64, filename \\ nil) do + proxy_url("proxy/preview", sig_base64, url_base64, filename) + end + + def filename_matches(%{"filename" => _} = _, path, url) do + filename = filename(url) + + if filename && not basename_matches?(path, filename) do + {:wrong_filename, filename} + else + :ok + end + end + + def filename_matches(_, _, _), do: :ok + + defp basename_matches?(path, filename) do + basename = Path.basename(path) + basename == filename or URI.decode(basename) == filename or URI.encode(basename) == filename + end end diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 4657a4383..fe3f61c18 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -5,19 +5,21 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do use Pleroma.Web, :controller + alias Pleroma.Config + alias Pleroma.Helpers.MogrifyHelper alias Pleroma.ReverseProxy alias Pleroma.Web.MediaProxy @default_proxy_opts [max_body_length: 25 * 1_048_576, http: [follow_redirect: true]] def remote(conn, %{"sig" => sig64, "url" => url64} = params) do - with config <- Pleroma.Config.get([:media_proxy], []), - true <- Keyword.get(config, :enabled, false), + with config <- Config.get([:media_proxy], []), + {_, true} <- {:enabled, Keyword.get(config, :enabled, false)}, {:ok, url} <- MediaProxy.decode_url(sig64, url64), - :ok <- filename_matches(params, conn.request_path, url) do + :ok <- MediaProxy.filename_matches(params, conn.request_path, url) do ReverseProxy.call(conn, url, Keyword.get(config, :proxy_opts, @default_proxy_opts)) else - false -> + {:enabled, false} -> send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) {:error, :invalid_signature} -> @@ -28,20 +30,68 @@ def remote(conn, %{"sig" => sig64, "url" => url64} = params) do end end - def filename_matches(%{"filename" => _} = _, path, url) do - filename = MediaProxy.filename(url) - - if filename && does_not_match(path, filename) do - {:wrong_filename, filename} + def preview(conn, %{"sig" => sig64, "url" => url64} = params) do + with {_, true} <- {:enabled, Config.get([:media_preview_proxy, :enabled], false)}, + {:ok, url} <- MediaProxy.decode_url(sig64, url64), + :ok <- MediaProxy.filename_matches(params, conn.request_path, url) do + handle_preview(conn, url) else - :ok + {:enabled, false} -> + send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) + + {:error, :invalid_signature} -> + send_resp(conn, 403, Plug.Conn.Status.reason_phrase(403)) + + {:wrong_filename, filename} -> + redirect(conn, external: MediaProxy.build_preview_url(sig64, url64, filename)) end end - def filename_matches(_, _, _), do: :ok + defp handle_preview(conn, url) do + with {:ok, %{status: status} = head_response} when status in 200..299 <- Tesla.head(url), + {_, true} <- {:acceptable_content_length, acceptable_body_length?(head_response)} do + content_type = Tesla.get_header(head_response, "content-type") + handle_preview(content_type, conn, url) + else + {_, %{status: status}} -> + send_resp(conn, :failed_dependency, "Can't fetch HTTP headers (HTTP #{status}).") - defp does_not_match(path, filename) do - basename = Path.basename(path) - basename != filename and URI.decode(basename) != filename and URI.encode(basename) != filename + {:acceptable_content_length, false} -> + send_resp(conn, :unprocessable_entity, "Source file size exceeds limit.") + end + end + + defp handle_preview("image/" <> _, %{params: params} = conn, url) do + with {:ok, %{status: status, body: body}} when status in 200..299 <- Tesla.get(url), + {:ok, path} <- MogrifyHelper.store_as_temporary_file(url, body), + resize_dimensions <- + Map.get( + params, + "limit_dimensions", + Config.get([:media_preview_proxy, :limit_dimensions]) + ), + %Mogrify.Image{} <- MogrifyHelper.in_place_resize_to_limit(path, resize_dimensions) do + send_file(conn, 200, path) + else + {_, %{status: _}} -> + send_resp(conn, :failed_dependency, "Can't fetch the image.") + + _ -> + send_resp(conn, :failed_dependency, "Can't handle image preview.") + end + end + + defp handle_preview(content_type, conn, _url) do + send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.") + end + + defp acceptable_body_length?(head_response) do + max_body_length = Config.get([:media_preview_proxy, :max_body_length], nil) + content_length = Tesla.get_header(head_response, "content-length") + content_length = with {int, _} <- Integer.parse(content_length), do: int + + content_length == :error or + max_body_length in [nil, :infinity] or + content_length <= max_body_length end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 7a171f9fb..6fb47029a 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -663,6 +663,8 @@ defmodule Pleroma.Web.Router do end scope "/proxy/", Pleroma.Web.MediaProxy do + get("/preview/:sig/:url", MediaProxyController, :preview) + get("/preview/:sig/:url/:filename", MediaProxyController, :preview) get("/:sig/:url", MediaProxyController, :remote) get("/:sig/:url/:filename", MediaProxyController, :remote) end diff --git a/test/web/media_proxy/media_proxy_test.exs b/test/web/media_proxy/media_proxy_test.exs index 69c2d5dae..cad0acd30 100644 --- a/test/web/media_proxy/media_proxy_test.exs +++ b/test/web/media_proxy/media_proxy_test.exs @@ -5,42 +5,44 @@ defmodule Pleroma.Web.MediaProxyTest do use ExUnit.Case use Pleroma.Tests.Helpers - import Pleroma.Web.MediaProxy - alias Pleroma.Web.MediaProxy.MediaProxyController - setup do: clear_config([:media_proxy, :enabled]) - setup do: clear_config(Pleroma.Upload) + alias Pleroma.Config + alias Pleroma.Web.Endpoint + alias Pleroma.Web.MediaProxy + + defp decode_result(encoded) do + [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") + {:ok, decoded} = MediaProxy.decode_url(sig, base64) + decoded + end describe "when enabled" do - setup do - Pleroma.Config.put([:media_proxy, :enabled], true) - :ok - end + setup do: clear_config([:media_proxy, :enabled], true) test "ignores invalid url" do - assert url(nil) == nil - assert url("") == nil + assert MediaProxy.url(nil) == nil + assert MediaProxy.url("") == nil end test "ignores relative url" do - assert url("/local") == "/local" - assert url("/") == "/" + assert MediaProxy.url("/local") == "/local" + assert MediaProxy.url("/") == "/" end test "ignores local url" do - local_url = Pleroma.Web.Endpoint.url() <> "/hello" - local_root = Pleroma.Web.Endpoint.url() - assert url(local_url) == local_url - assert url(local_root) == local_root + local_url = Endpoint.url() <> "/hello" + local_root = Endpoint.url() + assert MediaProxy.url(local_url) == local_url + assert MediaProxy.url(local_root) == local_root end test "encodes and decodes URL" do url = "https://pleroma.soykaf.com/static/logo.png" - encoded = url(url) + encoded = MediaProxy.url(url) assert String.starts_with?( encoded, - Pleroma.Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()) + Config.get([:media_proxy, :base_url], Pleroma.Web.base_url()) ) assert String.ends_with?(encoded, "/logo.png") @@ -50,62 +52,59 @@ test "encodes and decodes URL" do test "encodes and decodes URL without a path" do url = "https://pleroma.soykaf.com" - encoded = url(url) + encoded = MediaProxy.url(url) assert decode_result(encoded) == url end test "encodes and decodes URL without an extension" do url = "https://pleroma.soykaf.com/path/" - encoded = url(url) + encoded = MediaProxy.url(url) assert String.ends_with?(encoded, "/path") assert decode_result(encoded) == url end test "encodes and decodes URL and ignores query params for the path" do url = "https://pleroma.soykaf.com/static/logo.png?93939393939&bunny=true" - encoded = url(url) + encoded = MediaProxy.url(url) assert String.ends_with?(encoded, "/logo.png") assert decode_result(encoded) == url end test "validates signature" do - secret_key_base = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base]) + secret_key_base = Config.get([Endpoint, :secret_key_base]) + clear_config([Endpoint, :secret_key_base], secret_key_base) - on_exit(fn -> - Pleroma.Config.put([Pleroma.Web.Endpoint, :secret_key_base], secret_key_base) - end) + encoded = MediaProxy.url("https://pleroma.social") - encoded = url("https://pleroma.social") - - Pleroma.Config.put( - [Pleroma.Web.Endpoint, :secret_key_base], + Config.put( + [Endpoint, :secret_key_base], "00000000000000000000000000000000000000000000000" ) [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") - assert decode_url(sig, base64) == {:error, :invalid_signature} + assert MediaProxy.decode_url(sig, base64) == {:error, :invalid_signature} end - test "filename_matches preserves the encoded or decoded path" do - assert MediaProxyController.filename_matches( + test "`filename_matches/_` preserves the encoded or decoded path" do + assert MediaProxy.filename_matches( %{"filename" => "/Hello world.jpg"}, "/Hello world.jpg", "http://pleroma.social/Hello world.jpg" ) == :ok - assert MediaProxyController.filename_matches( + assert MediaProxy.filename_matches( %{"filename" => "/Hello%20world.jpg"}, "/Hello%20world.jpg", "http://pleroma.social/Hello%20world.jpg" ) == :ok - assert MediaProxyController.filename_matches( + assert MediaProxy.filename_matches( %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"}, "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg", "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" ) == :ok - assert MediaProxyController.filename_matches( + assert MediaProxy.filename_matches( %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jp"}, "/my%2Flong%2Furl%2F2019%2F07%2FS.jp", "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" @@ -116,7 +115,7 @@ test "encoded url are tried to match for proxy as `conn.request_path` encodes th # conn.request_path will return encoded url request_path = "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg" - assert MediaProxyController.filename_matches( + assert MediaProxy.filename_matches( true, request_path, "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg" @@ -124,20 +123,12 @@ test "encoded url are tried to match for proxy as `conn.request_path` encodes th end test "uses the configured base_url" do - base_url = Pleroma.Config.get([:media_proxy, :base_url]) - - if base_url do - on_exit(fn -> - Pleroma.Config.put([:media_proxy, :base_url], base_url) - end) - end - - Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") + clear_config([:media_proxy, :base_url], "https://cache.pleroma.social") url = "https://pleroma.soykaf.com/static/logo.png" - encoded = url(url) + encoded = MediaProxy.url(url) - assert String.starts_with?(encoded, Pleroma.Config.get([:media_proxy, :base_url])) + assert String.starts_with?(encoded, Config.get([:media_proxy, :base_url])) end # Some sites expect ASCII encoded characters in the URL to be preserved even if @@ -148,7 +139,7 @@ test "preserve ASCII encoding" do url = "https://pleroma.com/%20/%21/%22/%23/%24/%25/%26/%27/%28/%29/%2A/%2B/%2C/%2D/%2E/%2F/%30/%31/%32/%33/%34/%35/%36/%37/%38/%39/%3A/%3B/%3C/%3D/%3E/%3F/%40/%41/%42/%43/%44/%45/%46/%47/%48/%49/%4A/%4B/%4C/%4D/%4E/%4F/%50/%51/%52/%53/%54/%55/%56/%57/%58/%59/%5A/%5B/%5C/%5D/%5E/%5F/%60/%61/%62/%63/%64/%65/%66/%67/%68/%69/%6A/%6B/%6C/%6D/%6E/%6F/%70/%71/%72/%73/%74/%75/%76/%77/%78/%79/%7A/%7B/%7C/%7D/%7E/%7F/%80/%81/%82/%83/%84/%85/%86/%87/%88/%89/%8A/%8B/%8C/%8D/%8E/%8F/%90/%91/%92/%93/%94/%95/%96/%97/%98/%99/%9A/%9B/%9C/%9D/%9E/%9F/%C2%A0/%A1/%A2/%A3/%A4/%A5/%A6/%A7/%A8/%A9/%AA/%AB/%AC/%C2%AD/%AE/%AF/%B0/%B1/%B2/%B3/%B4/%B5/%B6/%B7/%B8/%B9/%BA/%BB/%BC/%BD/%BE/%BF/%C0/%C1/%C2/%C3/%C4/%C5/%C6/%C7/%C8/%C9/%CA/%CB/%CC/%CD/%CE/%CF/%D0/%D1/%D2/%D3/%D4/%D5/%D6/%D7/%D8/%D9/%DA/%DB/%DC/%DD/%DE/%DF/%E0/%E1/%E2/%E3/%E4/%E5/%E6/%E7/%E8/%E9/%EA/%EB/%EC/%ED/%EE/%EF/%F0/%F1/%F2/%F3/%F4/%F5/%F6/%F7/%F8/%F9/%FA/%FB/%FC/%FD/%FE/%FF" - encoded = url(url) + encoded = MediaProxy.url(url) assert decode_result(encoded) == url end @@ -159,77 +150,55 @@ test "preserve non-unicode characters per RFC3986" do url = "https://pleroma.com/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890-._~:/?#[]@!$&'()*+,;=|^`{}" - encoded = url(url) + encoded = MediaProxy.url(url) assert decode_result(encoded) == url end test "preserve unicode characters" do url = "https://ko.wikipedia.org/wiki/위키백과:대문" - encoded = url(url) + encoded = MediaProxy.url(url) assert decode_result(encoded) == url end end describe "when disabled" do - setup do - enabled = Pleroma.Config.get([:media_proxy, :enabled]) - - if enabled do - Pleroma.Config.put([:media_proxy, :enabled], false) - - on_exit(fn -> - Pleroma.Config.put([:media_proxy, :enabled], enabled) - :ok - end) - end - - :ok - end + setup do: clear_config([:media_proxy, :enabled], false) test "does not encode remote urls" do - assert url("https://google.fr") == "https://google.fr" + assert MediaProxy.url("https://google.fr") == "https://google.fr" end end - defp decode_result(encoded) do - [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") - {:ok, decoded} = decode_url(sig, base64) - decoded - end - describe "whitelist" do - setup do - Pleroma.Config.put([:media_proxy, :enabled], true) - :ok - end + setup do: clear_config([:media_proxy, :enabled], true) test "mediaproxy whitelist" do - Pleroma.Config.put([:media_proxy, :whitelist], ["google.com", "feld.me"]) + clear_config([:media_proxy, :whitelist], ["google.com", "feld.me"]) url = "https://feld.me/foo.png" - unencoded = url(url) + unencoded = MediaProxy.url(url) assert unencoded == url end test "does not change whitelisted urls" do - Pleroma.Config.put([:media_proxy, :whitelist], ["mycdn.akamai.com"]) - Pleroma.Config.put([:media_proxy, :base_url], "https://cache.pleroma.social") + clear_config([:media_proxy, :whitelist], ["mycdn.akamai.com"]) + clear_config([:media_proxy, :base_url], "https://cache.pleroma.social") media_url = "https://mycdn.akamai.com" url = "#{media_url}/static/logo.png" - encoded = url(url) + encoded = MediaProxy.url(url) assert String.starts_with?(encoded, media_url) end test "ensure Pleroma.Upload base_url is always whitelisted" do media_url = "https://media.pleroma.social" - Pleroma.Config.put([Pleroma.Upload, :base_url], media_url) + clear_config([Pleroma.Upload, :base_url], media_url) url = "#{media_url}/static/logo.png" - encoded = url(url) + encoded = MediaProxy.url(url) assert String.starts_with?(encoded, media_url) end From 1b23acf164ebc4fde3fe1e4fdca6e11b7caa90ef Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Mon, 11 May 2020 23:21:53 +0300 Subject: [PATCH 002/264] [#2497] Media preview proxy for images: fixes, tweaks, refactoring, tests adjustments. --- config/config.exs | 8 ++- lib/pleroma/reverse_proxy/reverse_proxy.ex | 4 ++ lib/pleroma/web/media_proxy/media_proxy.ex | 33 +++++++--- .../web/media_proxy/media_proxy_controller.ex | 62 ++++++++++------- mix.exs | 1 + mix.lock | 2 + test/web/media_proxy/media_proxy_test.exs | 66 +++++++++++++------ 7 files changed, 119 insertions(+), 57 deletions(-) diff --git a/config/config.exs b/config/config.exs index 526901f83..0f92b1ef9 100644 --- a/config/config.exs +++ b/config/config.exs @@ -381,6 +381,8 @@ proxy_opts: [ redirect_on_failure: false, max_body_length: 25 * 1_048_576, + # Note: max_read_duration defaults to Pleroma.ReverseProxy.max_read_duration_default/1 + max_read_duration: 30_000, http: [ follow_redirect: true, pool: :media @@ -388,10 +390,14 @@ ], whitelist: [] +# Note: media preview proxy depends on media proxy to be enabled config :pleroma, :media_preview_proxy, enabled: false, limit_dimensions: "400x200", - max_body_length: 25 * 1_048_576 + proxy_opts: [ + head_request_max_read_duration: 5_000, + max_read_duration: 10_000 + ] config :pleroma, :chat, enabled: true diff --git a/lib/pleroma/reverse_proxy/reverse_proxy.ex b/lib/pleroma/reverse_proxy/reverse_proxy.ex index 4bbeb493c..aeaf9bd39 100644 --- a/lib/pleroma/reverse_proxy/reverse_proxy.ex +++ b/lib/pleroma/reverse_proxy/reverse_proxy.ex @@ -16,6 +16,8 @@ defmodule Pleroma.ReverseProxy do @failed_request_ttl :timer.seconds(60) @methods ~w(GET HEAD) + def max_read_duration_default, do: @max_read_duration + @moduledoc """ A reverse proxy. @@ -370,6 +372,8 @@ defp body_size_constraint(size, limit) when is_integer(limit) and limit > 0 and defp body_size_constraint(_, _), do: :ok + defp check_read_duration(nil = _duration, max), do: check_read_duration(@max_read_duration, max) + defp check_read_duration(duration, max) when is_integer(duration) and is_integer(max) and max > 0 do if duration > max do diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index f4791c758..4e01c14e4 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -13,26 +13,32 @@ def url(url) when is_nil(url) or url == "", do: nil def url("/" <> _ = url), do: url def url(url) do - if disabled?() or local?(url) or whitelisted?(url) do + if not enabled?() or local?(url) or whitelisted?(url) do url else encode_url(url) end end + # Note: routing all URLs to preview handler (even local and whitelisted). + # Preview handler will call url/1 on decoded URLs, and applicable ones will detour media proxy. def preview_url(url) do - if disabled?() or whitelisted?(url) do - url - else + if preview_enabled?() do encode_preview_url(url) + else + url end end - defp disabled?, do: !Config.get([:media_proxy, :enabled], false) + def enabled?, do: Config.get([:media_proxy, :enabled], false) - defp local?(url), do: String.starts_with?(url, Pleroma.Web.base_url()) + # Note: media proxy must be enabled for media preview proxy in order to load all + # non-local non-whitelisted URLs through it and be sure that body size constraint is preserved. + def preview_enabled?, do: enabled?() and Config.get([:media_preview_proxy, :enabled], false) - defp whitelisted?(url) do + def local?(url), do: String.starts_with?(url, Pleroma.Web.base_url()) + + def whitelisted?(url) do %{host: domain} = URI.parse(url) mediaproxy_whitelist = Config.get([:media_proxy, :whitelist]) @@ -111,17 +117,24 @@ def build_preview_url(sig_base64, url_base64, filename \\ nil) do proxy_url("proxy/preview", sig_base64, url_base64, filename) end - def filename_matches(%{"filename" => _} = _, path, url) do + def verify_request_path_and_url( + %Plug.Conn{params: %{"filename" => _}, request_path: request_path}, + url + ) do + verify_request_path_and_url(request_path, url) + end + + def verify_request_path_and_url(request_path, url) when is_binary(request_path) do filename = filename(url) - if filename && not basename_matches?(path, filename) do + if filename && not basename_matches?(request_path, filename) do {:wrong_filename, filename} else :ok end end - def filename_matches(_, _, _), do: :ok + def verify_request_path_and_url(_, _), do: :ok defp basename_matches?(path, filename) do basename = Path.basename(path) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index fe3f61c18..157365e08 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -10,14 +10,12 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do alias Pleroma.ReverseProxy alias Pleroma.Web.MediaProxy - @default_proxy_opts [max_body_length: 25 * 1_048_576, http: [follow_redirect: true]] - - def remote(conn, %{"sig" => sig64, "url" => url64} = params) do - with config <- Config.get([:media_proxy], []), - {_, true} <- {:enabled, Keyword.get(config, :enabled, false)}, + def remote(conn, %{"sig" => sig64, "url" => url64}) do + with {_, true} <- {:enabled, MediaProxy.enabled?()}, {:ok, url} <- MediaProxy.decode_url(sig64, url64), - :ok <- MediaProxy.filename_matches(params, conn.request_path, url) do - ReverseProxy.call(conn, url, Keyword.get(config, :proxy_opts, @default_proxy_opts)) + :ok <- MediaProxy.verify_request_path_and_url(conn, url) do + proxy_opts = Config.get([:media_proxy, :proxy_opts], []) + ReverseProxy.call(conn, url, proxy_opts) else {:enabled, false} -> send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) @@ -30,10 +28,10 @@ def remote(conn, %{"sig" => sig64, "url" => url64} = params) do end end - def preview(conn, %{"sig" => sig64, "url" => url64} = params) do - with {_, true} <- {:enabled, Config.get([:media_preview_proxy, :enabled], false)}, + def preview(conn, %{"sig" => sig64, "url" => url64}) do + with {_, true} <- {:enabled, MediaProxy.preview_enabled?()}, {:ok, url} <- MediaProxy.decode_url(sig64, url64), - :ok <- MediaProxy.filename_matches(params, conn.request_path, url) do + :ok <- MediaProxy.verify_request_path_and_url(conn, url) do handle_preview(conn, url) else {:enabled, false} -> @@ -48,21 +46,27 @@ def preview(conn, %{"sig" => sig64, "url" => url64} = params) do end defp handle_preview(conn, url) do - with {:ok, %{status: status} = head_response} when status in 200..299 <- Tesla.head(url), - {_, true} <- {:acceptable_content_length, acceptable_body_length?(head_response)} do + with {:ok, %{status: status} = head_response} when status in 200..299 <- + Tesla.head(url, opts: [adapter: [timeout: preview_head_request_timeout()]]) do content_type = Tesla.get_header(head_response, "content-type") handle_preview(content_type, conn, url) else {_, %{status: status}} -> send_resp(conn, :failed_dependency, "Can't fetch HTTP headers (HTTP #{status}).") - {:acceptable_content_length, false} -> - send_resp(conn, :unprocessable_entity, "Source file size exceeds limit.") + {:error, :recv_response_timeout} -> + send_resp(conn, :failed_dependency, "HEAD request timeout.") + + _ -> + send_resp(conn, :failed_dependency, "Can't fetch HTTP headers.") end end - defp handle_preview("image/" <> _, %{params: params} = conn, url) do - with {:ok, %{status: status, body: body}} when status in 200..299 <- Tesla.get(url), + defp handle_preview("image/" <> _ = content_type, %{params: params} = conn, url) do + with {:ok, %{status: status, body: body}} when status in 200..299 <- + url + |> MediaProxy.url() + |> Tesla.get(opts: [adapter: [timeout: preview_timeout()]]), {:ok, path} <- MogrifyHelper.store_as_temporary_file(url, body), resize_dimensions <- Map.get( @@ -70,12 +74,19 @@ defp handle_preview("image/" <> _, %{params: params} = conn, url) do "limit_dimensions", Config.get([:media_preview_proxy, :limit_dimensions]) ), - %Mogrify.Image{} <- MogrifyHelper.in_place_resize_to_limit(path, resize_dimensions) do - send_file(conn, 200, path) + %Mogrify.Image{} <- MogrifyHelper.in_place_resize_to_limit(path, resize_dimensions), + {:ok, image_binary} <- File.read(path), + _ <- File.rm(path) do + conn + |> put_resp_header("content-type", content_type) + |> send_resp(200, image_binary) else {_, %{status: _}} -> send_resp(conn, :failed_dependency, "Can't fetch the image.") + {:error, :recv_response_timeout} -> + send_resp(conn, :failed_dependency, "Downstream timeout.") + _ -> send_resp(conn, :failed_dependency, "Can't handle image preview.") end @@ -85,13 +96,14 @@ defp handle_preview(content_type, conn, _url) do send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.") end - defp acceptable_body_length?(head_response) do - max_body_length = Config.get([:media_preview_proxy, :max_body_length], nil) - content_length = Tesla.get_header(head_response, "content-length") - content_length = with {int, _} <- Integer.parse(content_length), do: int + defp preview_head_request_timeout do + Config.get([:media_preview_proxy, :proxy_opts, :head_request_max_read_duration]) || + preview_timeout() + end - content_length == :error or - max_body_length in [nil, :infinity] or - content_length <= max_body_length + defp preview_timeout do + Config.get([:media_preview_proxy, :proxy_opts, :max_read_duration]) || + Config.get([:media_proxy, :proxy_opts, :max_read_duration]) || + ReverseProxy.max_read_duration_default() end end diff --git a/mix.exs b/mix.exs index 6d65e18d4..a9c4ad2e3 100644 --- a/mix.exs +++ b/mix.exs @@ -139,6 +139,7 @@ defp deps do github: "ninenines/gun", ref: "e1a69b36b180a574c0ac314ced9613fdd52312cc", override: true}, {:jason, "~> 1.0"}, {:mogrify, "~> 0.6.1"}, + {:eimp, ">= 0.0.0"}, {:ex_aws, "~> 2.1"}, {:ex_aws_s3, "~> 2.0"}, {:sweet_xml, "~> 0.6.6"}, diff --git a/mix.lock b/mix.lock index c400202b7..ede7b0ada 100644 --- a/mix.lock +++ b/mix.lock @@ -29,6 +29,7 @@ "ecto": {:hex, :ecto, "3.4.0", "a7a83ab8359bf816ce729e5e65981ce25b9fc5adfc89c2ea3980f4fed0bfd7c1", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}], "hexpm", "5eed18252f5b5bbadec56a24112b531343507dbe046273133176b12190ce19cc"}, "ecto_enum": {:hex, :ecto_enum, "1.4.0", "d14b00e04b974afc69c251632d1e49594d899067ee2b376277efd8233027aec8", [:mix], [{:ecto, ">= 3.0.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "> 3.0.0", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:mariaex, ">= 0.0.0", [hex: :mariaex, repo: "hexpm", optional: true]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: true]}], "hexpm", "8fb55c087181c2b15eee406519dc22578fa60dd82c088be376d0010172764ee4"}, "ecto_sql": {:hex, :ecto_sql, "3.3.4", "aa18af12eb875fbcda2f75e608b3bd534ebf020fc4f6448e4672fcdcbb081244", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4 or ~> 3.3.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.3.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "5eccbdbf92e3c6f213007a82d5dbba4cd9bb659d1a21331f89f408e4c0efd7a8"}, + "eimp": {:hex, :eimp, "1.0.14", "fc297f0c7e2700457a95a60c7010a5f1dcb768a083b6d53f49cd94ab95a28f22", [:rebar3], [{:p1_utils, "1.0.18", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "501133f3112079b92d9e22da8b88bf4f0e13d4d67ae9c15c42c30bd25ceb83b6"}, "esshd": {:hex, :esshd, "0.1.1", "d4dd4c46698093a40a56afecce8a46e246eb35463c457c246dacba2e056f31b5", [:mix], [], "hexpm", "d73e341e3009d390aa36387dc8862860bf9f874c94d9fd92ade2926376f49981"}, "eternal": {:hex, :eternal, "1.2.1", "d5b6b2499ba876c57be2581b5b999ee9bdf861c647401066d3eeed111d096bc4", [:mix], [], "hexpm", "b14f1dc204321429479c569cfbe8fb287541184ed040956c8862cb7a677b8406"}, "ex2ms": {:hex, :ex2ms, "1.5.0", "19e27f9212be9a96093fed8cdfbef0a2b56c21237196d26760f11dfcfae58e97", [:mix], [], "hexpm"}, @@ -75,6 +76,7 @@ "nodex": {:git, "https://git.pleroma.social/pleroma/nodex", "cb6730f943cfc6aad674c92161be23a8411f15d1", [ref: "cb6730f943cfc6aad674c92161be23a8411f15d1"]}, "oban": {:hex, :oban, "1.2.0", "7cca94d341be43d220571e28f69131c4afc21095b25257397f50973d3fc59b07", [:mix], [{:ecto_sql, "~> 3.1", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.14", [hex: :postgrex, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ba5f8b3f7d76967b3e23cf8014f6a13e4ccb33431e4808f036709a7f822362ee"}, "open_api_spex": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/open_api_spex.git", "b862ebd78de0df95875cf46feb6e9607130dc2a8", [ref: "b862ebd78de0df95875cf46feb6e9607130dc2a8"]}, + "p1_utils": {:hex, :p1_utils, "1.0.18", "3fe224de5b2e190d730a3c5da9d6e8540c96484cf4b4692921d1e28f0c32b01c", [:rebar3], [], "hexpm", "1fc8773a71a15553b179c986b22fbeead19b28fe486c332d4929700ffeb71f88"}, "parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm", "17ef63abde837ad30680ea7f857dd9e7ced9476cdd7b0394432af4bfc241b960"}, "pbkdf2_elixir": {:hex, :pbkdf2_elixir, "0.12.4", "8dd29ed783f2e12195d7e0a4640effc0a7c37e6537da491f1db01839eee6d053", [:mix], [], "hexpm", "595d09db74cb093b1903381c9de423276a931a2480a46a1a5dc7f932a2a6375b"}, "phoenix": {:hex, :phoenix, "1.4.13", "67271ad69b51f3719354604f4a3f968f83aa61c19199343656c9caee057ff3b8", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 1.1", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.8.1 or ~> 1.9", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 1.0 or ~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ab765a0feddb81fc62e2116c827b5f068df85159c162bee760745276ad7ddc1b"}, diff --git a/test/web/media_proxy/media_proxy_test.exs b/test/web/media_proxy/media_proxy_test.exs index cad0acd30..ac5d8fd32 100644 --- a/test/web/media_proxy/media_proxy_test.exs +++ b/test/web/media_proxy/media_proxy_test.exs @@ -85,38 +85,62 @@ test "validates signature" do assert MediaProxy.decode_url(sig, base64) == {:error, :invalid_signature} end - test "`filename_matches/_` preserves the encoded or decoded path" do - assert MediaProxy.filename_matches( - %{"filename" => "/Hello world.jpg"}, - "/Hello world.jpg", - "http://pleroma.social/Hello world.jpg" + def test_verify_request_path_and_url(request_path, url, expected_result) do + assert MediaProxy.verify_request_path_and_url(request_path, url) == expected_result + + assert MediaProxy.verify_request_path_and_url( + %Plug.Conn{ + params: %{"filename" => Path.basename(request_path)}, + request_path: request_path + }, + url + ) == expected_result + end + + test "if first arg of `verify_request_path_and_url/2` is a Plug.Conn without \"filename\" " <> + "parameter, `verify_request_path_and_url/2` returns :ok " do + assert MediaProxy.verify_request_path_and_url( + %Plug.Conn{params: %{}, request_path: "/some/path"}, + "https://instance.com/file.jpg" ) == :ok - assert MediaProxy.filename_matches( - %{"filename" => "/Hello%20world.jpg"}, - "/Hello%20world.jpg", - "http://pleroma.social/Hello%20world.jpg" + assert MediaProxy.verify_request_path_and_url( + %Plug.Conn{params: %{}, request_path: "/path/to/file.jpg"}, + "https://instance.com/file.jpg" ) == :ok + end - assert MediaProxy.filename_matches( - %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"}, - "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg", - "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" - ) == :ok + test "`verify_request_path_and_url/2` preserves the encoded or decoded path" do + test_verify_request_path_and_url( + "/Hello world.jpg", + "http://pleroma.social/Hello world.jpg", + :ok + ) - assert MediaProxy.filename_matches( - %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jp"}, - "/my%2Flong%2Furl%2F2019%2F07%2FS.jp", - "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" - ) == {:wrong_filename, "my%2Flong%2Furl%2F2019%2F07%2FS.jpg"} + test_verify_request_path_and_url( + "/Hello%20world.jpg", + "http://pleroma.social/Hello%20world.jpg", + :ok + ) + + test_verify_request_path_and_url( + "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg", + "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg", + :ok + ) + + test_verify_request_path_and_url( + "/my%2Flong%2Furl%2F2019%2F07%2FS", + "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg", + {:wrong_filename, "my%2Flong%2Furl%2F2019%2F07%2FS.jpg"} + ) end test "encoded url are tried to match for proxy as `conn.request_path` encodes the url" do # conn.request_path will return encoded url request_path = "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg" - assert MediaProxy.filename_matches( - true, + assert MediaProxy.verify_request_path_and_url( request_path, "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg" ) == :ok From f1f588fd5271c0b3bf09df002a83dbb57c42bae0 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 14 May 2020 20:18:31 +0300 Subject: [PATCH 003/264] [#2497] Added support for :eimp for image resizing. --- config/config.exs | 4 +- .../web/media_proxy/media_proxy_controller.ex | 64 +++++++++++++++---- mix.exs | 2 +- 3 files changed, 56 insertions(+), 14 deletions(-) diff --git a/config/config.exs b/config/config.exs index 0f92b1ef9..e9403c7c8 100644 --- a/config/config.exs +++ b/config/config.exs @@ -393,7 +393,9 @@ # Note: media preview proxy depends on media proxy to be enabled config :pleroma, :media_preview_proxy, enabled: false, - limit_dimensions: "400x200", + enable_eimp: true, + thumbnail_max_width: 400, + thumbnail_max_height: 200, proxy_opts: [ head_request_max_read_duration: 5_000, max_read_duration: 10_000 diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 157365e08..8d8d073e9 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -62,24 +62,64 @@ defp handle_preview(conn, url) do end end + defp thumbnail_max_dimensions(params) do + config = Config.get([:media_preview_proxy], []) + + thumbnail_max_width = + if w = params["thumbnail_max_width"] do + String.to_integer(w) + else + Keyword.fetch!(config, :thumbnail_max_width) + end + + thumbnail_max_height = + if h = params["thumbnail_max_height"] do + String.to_integer(h) + else + Keyword.fetch!(config, :thumbnail_max_height) + end + + {thumbnail_max_width, thumbnail_max_height} + end + + defp thumbnail_binary(url, body, params) do + {thumbnail_max_width, thumbnail_max_height} = thumbnail_max_dimensions(params) + + with true <- Config.get([:media_preview_proxy, :enable_eimp]), + {:ok, [type: image_type, width: source_width, height: source_height]} <- + :eimp.identify(body), + scale_factor <- + Enum.max([source_width / thumbnail_max_width, source_height / thumbnail_max_height]), + {:ok, thumbnail_binary} = + :eimp.convert(body, image_type, [ + {:scale, {round(source_width / scale_factor), round(source_height / scale_factor)}} + ]) do + {:ok, thumbnail_binary} + else + _ -> + mogrify_dimensions = "#{thumbnail_max_width}x#{thumbnail_max_height}" + + with {:ok, path} <- MogrifyHelper.store_as_temporary_file(url, body), + %Mogrify.Image{} <- + MogrifyHelper.in_place_resize_to_limit(path, mogrify_dimensions), + {:ok, thumbnail_binary} <- File.read(path), + _ <- File.rm(path) do + {:ok, thumbnail_binary} + else + _ -> :error + end + end + end + defp handle_preview("image/" <> _ = content_type, %{params: params} = conn, url) do - with {:ok, %{status: status, body: body}} when status in 200..299 <- + with {:ok, %{status: status, body: image_contents}} when status in 200..299 <- url |> MediaProxy.url() |> Tesla.get(opts: [adapter: [timeout: preview_timeout()]]), - {:ok, path} <- MogrifyHelper.store_as_temporary_file(url, body), - resize_dimensions <- - Map.get( - params, - "limit_dimensions", - Config.get([:media_preview_proxy, :limit_dimensions]) - ), - %Mogrify.Image{} <- MogrifyHelper.in_place_resize_to_limit(path, resize_dimensions), - {:ok, image_binary} <- File.read(path), - _ <- File.rm(path) do + {:ok, thumbnail_binary} <- thumbnail_binary(url, image_contents, params) do conn |> put_resp_header("content-type", content_type) - |> send_resp(200, image_binary) + |> send_resp(200, thumbnail_binary) else {_, %{status: _}} -> send_resp(conn, :failed_dependency, "Can't fetch the image.") diff --git a/mix.exs b/mix.exs index a9c4ad2e3..332febe48 100644 --- a/mix.exs +++ b/mix.exs @@ -139,7 +139,7 @@ defp deps do github: "ninenines/gun", ref: "e1a69b36b180a574c0ac314ced9613fdd52312cc", override: true}, {:jason, "~> 1.0"}, {:mogrify, "~> 0.6.1"}, - {:eimp, ">= 0.0.0"}, + {:eimp, "~> 1.0.14"}, {:ex_aws, "~> 2.1"}, {:ex_aws_s3, "~> 2.0"}, {:sweet_xml, "~> 0.6.6"}, From 1871a5ddb4a803ebe4fae6943a9b9c94f1f9c1a8 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 20 May 2020 20:26:43 +0300 Subject: [PATCH 004/264] [#2497] Image preview proxy: implemented ffmpeg-based resizing, removed eimp & mogrify-based resizing. --- config/config.exs | 1 - lib/pleroma/helpers/media_helper.ex | 62 +++++++++++++++++++ lib/pleroma/helpers/mogrify_helper.ex | 25 -------- .../web/media_proxy/media_proxy_controller.ex | 50 +++------------ mix.exs | 2 +- mix.lock | 2 + 6 files changed, 74 insertions(+), 68 deletions(-) create mode 100644 lib/pleroma/helpers/media_helper.ex delete mode 100644 lib/pleroma/helpers/mogrify_helper.ex diff --git a/config/config.exs b/config/config.exs index e9403c7c8..7de93511d 100644 --- a/config/config.exs +++ b/config/config.exs @@ -393,7 +393,6 @@ # Note: media preview proxy depends on media proxy to be enabled config :pleroma, :media_preview_proxy, enabled: false, - enable_eimp: true, thumbnail_max_width: 400, thumbnail_max_height: 200, proxy_opts: [ diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex new file mode 100644 index 000000000..6d1f8ab22 --- /dev/null +++ b/lib/pleroma/helpers/media_helper.ex @@ -0,0 +1,62 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Helpers.MediaHelper do + @moduledoc """ + Handles common media-related operations. + """ + + @ffmpeg_opts [{:sync, true}, {:stdout, true}] + + def ffmpeg_resize_remote(uri, max_width, max_height) do + cmd = ~s""" + curl -L "#{uri}" | + ffmpeg -i pipe:0 -vf \ + "scale='min(#{max_width},iw)':min'(#{max_height},ih)':force_original_aspect_ratio=decrease" \ + -f image2 pipe:1 | \ + cat + """ + + with {:ok, [stdout: stdout_list]} <- Exexec.run(cmd, @ffmpeg_opts) do + {:ok, Enum.join(stdout_list)} + end + end + + @doc "Returns a temporary path for an URI" + def temporary_path_for(uri) do + name = Path.basename(uri) + random = rand_uniform(999_999) + Path.join(System.tmp_dir(), "#{random}-#{name}") + end + + @doc "Stores binary content fetched from specified URL as a temporary file." + @spec store_as_temporary_file(String.t(), binary()) :: {:ok, String.t()} | {:error, atom()} + def store_as_temporary_file(url, body) do + path = temporary_path_for(url) + with :ok <- File.write(path, body), do: {:ok, path} + end + + @doc "Modifies image file at specified path by resizing to specified limit dimensions." + @spec mogrify_resize_to_limit(String.t(), String.t()) :: :ok | any() + def mogrify_resize_to_limit(path, resize_dimensions) do + with %Mogrify.Image{} <- + path + |> Mogrify.open() + |> Mogrify.resize_to_limit(resize_dimensions) + |> Mogrify.save(in_place: true) do + :ok + end + end + + defp rand_uniform(high) do + Code.ensure_loaded(:rand) + + if function_exported?(:rand, :uniform, 1) do + :rand.uniform(high) + else + # Erlang/OTP < 19 + apply(:crypto, :rand_uniform, [1, high]) + end + end +end diff --git a/lib/pleroma/helpers/mogrify_helper.ex b/lib/pleroma/helpers/mogrify_helper.ex deleted file mode 100644 index 67edb35c3..000000000 --- a/lib/pleroma/helpers/mogrify_helper.ex +++ /dev/null @@ -1,25 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Helpers.MogrifyHelper do - @moduledoc """ - Handles common Mogrify operations. - """ - - @spec store_as_temporary_file(String.t(), binary()) :: {:ok, String.t()} | {:error, atom()} - @doc "Stores binary content fetched from specified URL as a temporary file." - def store_as_temporary_file(url, body) do - path = Mogrify.temporary_path_for(%{path: url}) - with :ok <- File.write(path, body), do: {:ok, path} - end - - @spec store_as_temporary_file(String.t(), String.t()) :: Mogrify.Image.t() | any() - @doc "Modifies file at specified path by resizing to specified limit dimensions." - def in_place_resize_to_limit(path, resize_dimensions) do - path - |> Mogrify.open() - |> Mogrify.resize_to_limit(resize_dimensions) - |> Mogrify.save(in_place: true) - end -end diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 8d8d073e9..fb4b80379 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -6,7 +6,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do use Pleroma.Web, :controller alias Pleroma.Config - alias Pleroma.Helpers.MogrifyHelper + alias Pleroma.Helpers.MediaHelper alias Pleroma.ReverseProxy alias Pleroma.Web.MediaProxy @@ -82,51 +82,19 @@ defp thumbnail_max_dimensions(params) do {thumbnail_max_width, thumbnail_max_height} end - defp thumbnail_binary(url, body, params) do - {thumbnail_max_width, thumbnail_max_height} = thumbnail_max_dimensions(params) - - with true <- Config.get([:media_preview_proxy, :enable_eimp]), - {:ok, [type: image_type, width: source_width, height: source_height]} <- - :eimp.identify(body), - scale_factor <- - Enum.max([source_width / thumbnail_max_width, source_height / thumbnail_max_height]), - {:ok, thumbnail_binary} = - :eimp.convert(body, image_type, [ - {:scale, {round(source_width / scale_factor), round(source_height / scale_factor)}} - ]) do - {:ok, thumbnail_binary} - else - _ -> - mogrify_dimensions = "#{thumbnail_max_width}x#{thumbnail_max_height}" - - with {:ok, path} <- MogrifyHelper.store_as_temporary_file(url, body), - %Mogrify.Image{} <- - MogrifyHelper.in_place_resize_to_limit(path, mogrify_dimensions), - {:ok, thumbnail_binary} <- File.read(path), - _ <- File.rm(path) do - {:ok, thumbnail_binary} - else - _ -> :error - end - end - end - defp handle_preview("image/" <> _ = content_type, %{params: params} = conn, url) do - with {:ok, %{status: status, body: image_contents}} when status in 200..299 <- - url - |> MediaProxy.url() - |> Tesla.get(opts: [adapter: [timeout: preview_timeout()]]), - {:ok, thumbnail_binary} <- thumbnail_binary(url, image_contents, params) do + with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), + media_proxy_url <- MediaProxy.url(url), + {:ok, thumbnail_binary} <- + MediaHelper.ffmpeg_resize_remote( + media_proxy_url, + thumbnail_max_width, + thumbnail_max_height + ) do conn |> put_resp_header("content-type", content_type) |> send_resp(200, thumbnail_binary) else - {_, %{status: _}} -> - send_resp(conn, :failed_dependency, "Can't fetch the image.") - - {:error, :recv_response_timeout} -> - send_resp(conn, :failed_dependency, "Downstream timeout.") - _ -> send_resp(conn, :failed_dependency, "Can't handle image preview.") end diff --git a/mix.exs b/mix.exs index 9ace55eff..68de270f0 100644 --- a/mix.exs +++ b/mix.exs @@ -146,7 +146,6 @@ defp deps do github: "ninenines/gun", ref: "e1a69b36b180a574c0ac314ced9613fdd52312cc", override: true}, {:jason, "~> 1.0"}, {:mogrify, "~> 0.6.1"}, - {:eimp, "~> 1.0.14"}, {:ex_aws, "~> 2.1"}, {:ex_aws_s3, "~> 2.0"}, {:sweet_xml, "~> 0.6.6"}, @@ -198,6 +197,7 @@ defp deps do ref: "e0f16822d578866e186a0974d65ad58cddc1e2ab"}, {:mox, "~> 0.5", only: :test}, {:restarter, path: "./restarter"}, + {:exexec, "~> 0.2"}, {:open_api_spex, git: "https://git.pleroma.social/pleroma/elixir-libraries/open_api_spex.git", ref: "f296ac0924ba3cf79c7a588c4c252889df4c2edd"} diff --git a/mix.lock b/mix.lock index ebd0cbdf5..964b72127 100644 --- a/mix.lock +++ b/mix.lock @@ -32,6 +32,7 @@ "ecto_sql": {:hex, :ecto_sql, "3.3.4", "aa18af12eb875fbcda2f75e608b3bd534ebf020fc4f6448e4672fcdcbb081244", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4 or ~> 3.3.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.3.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "5eccbdbf92e3c6f213007a82d5dbba4cd9bb659d1a21331f89f408e4c0efd7a8"}, "eimp": {:hex, :eimp, "1.0.14", "fc297f0c7e2700457a95a60c7010a5f1dcb768a083b6d53f49cd94ab95a28f22", [:rebar3], [{:p1_utils, "1.0.18", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "501133f3112079b92d9e22da8b88bf4f0e13d4d67ae9c15c42c30bd25ceb83b6"}, "elixir_make": {:hex, :elixir_make, "0.6.0", "38349f3e29aff4864352084fc736fa7fa0f2995a819a737554f7ebd28b85aaab", [:mix], [], "hexpm", "d522695b93b7f0b4c0fcb2dfe73a6b905b1c301226a5a55cb42e5b14d509e050"}, + "erlexec": {:hex, :erlexec, "1.10.9", "3cbb3476f942bfb8b68b85721c21c1835061cf6dd35f5285c2362e85b100ddc7", [:rebar3], [], "hexpm", "271e5b5f2d91cdb9887efe74d89026c199bfc69f074cade0d08dab60993fa14e"}, "esshd": {:hex, :esshd, "0.1.1", "d4dd4c46698093a40a56afecce8a46e246eb35463c457c246dacba2e056f31b5", [:mix], [], "hexpm", "d73e341e3009d390aa36387dc8862860bf9f874c94d9fd92ade2926376f49981"}, "eternal": {:hex, :eternal, "1.2.1", "d5b6b2499ba876c57be2581b5b999ee9bdf861c647401066d3eeed111d096bc4", [:mix], [], "hexpm", "b14f1dc204321429479c569cfbe8fb287541184ed040956c8862cb7a677b8406"}, "ex2ms": {:hex, :ex2ms, "1.5.0", "19e27f9212be9a96093fed8cdfbef0a2b56c21237196d26760f11dfcfae58e97", [:mix], [], "hexpm"}, @@ -42,6 +43,7 @@ "ex_machina": {:hex, :ex_machina, "2.3.0", "92a5ad0a8b10ea6314b876a99c8c9e3f25f4dde71a2a835845b136b9adaf199a", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm", "b84f6af156264530b312a8ab98ac6088f6b77ae5fe2058305c81434aa01fbaf9"}, "ex_syslogger": {:hex, :ex_syslogger, "1.5.2", "72b6aa2d47a236e999171f2e1ec18698740f40af0bd02c8c650bf5f1fd1bac79", [:mix], [{:poison, ">= 1.5.0", [hex: :poison, repo: "hexpm", optional: true]}, {:syslog, "~> 1.1.0", [hex: :syslog, repo: "hexpm", optional: false]}], "hexpm", "ab9fab4136dbc62651ec6f16fa4842f10cf02ab4433fa3d0976c01be99398399"}, "excoveralls": {:hex, :excoveralls, "0.12.2", "a513defac45c59e310ac42fcf2b8ae96f1f85746410f30b1ff2b710a4b6cd44b", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "151c476331d49b45601ffc45f43cb3a8beb396b02a34e3777fea0ad34ae57d89"}, + "exexec": {:hex, :exexec, "0.2.0", "a6ffc48cba3ac9420891b847e4dc7120692fb8c08c9e82220ebddc0bb8d96103", [:mix], [{:erlexec, "~> 1.10", [hex: :erlexec, repo: "hexpm", optional: false]}], "hexpm", "312cd1c9befba9e078e57f3541e4f4257eabda6eb9c348154fe899d6ac633299"}, "fast_html": {:hex, :fast_html, "1.0.3", "2cc0d4b68496266a1530e0c852cafeaede0bd10cfdee26fda50dc696c203162f", [:make, :mix], [], "hexpm", "ab3d782b639d3c4655fbaec0f9d032c91f8cab8dd791ac7469c2381bc7c32f85"}, "fast_sanitize": {:hex, :fast_sanitize, "0.1.7", "2a7cd8734c88a2de6de55022104f8a3b87f1fdbe8bbf131d9049764b53d50d0d", [:mix], [{:fast_html, "~> 1.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f39fe8ea08fbac17487c30bf09b7d9f3e12472e51fb07a88ffeb8fd17da8ab67"}, "flake_id": {:hex, :flake_id, "0.1.0", "7716b086d2e405d09b647121a166498a0d93d1a623bead243e1f74216079ccb3", [:mix], [{:base62, "~> 1.2", [hex: :base62, repo: "hexpm", optional: false]}, {:ecto, ">= 2.0.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm", "31fc8090fde1acd267c07c36ea7365b8604055f897d3a53dd967658c691bd827"}, From 610343edb318654126d9539775ba4b9ff30c8831 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 21 May 2020 17:35:42 +0300 Subject: [PATCH 005/264] [#2497] Image preview proxy: image resize & background color fix with ffmpeg -filter_complex. --- lib/pleroma/helpers/media_helper.ex | 47 +++---------------- .../web/media_proxy/media_proxy_controller.ex | 7 ++- 2 files changed, 9 insertions(+), 45 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 6d1f8ab22..ee6b76c41 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -9,12 +9,14 @@ defmodule Pleroma.Helpers.MediaHelper do @ffmpeg_opts [{:sync, true}, {:stdout, true}] - def ffmpeg_resize_remote(uri, max_width, max_height) do + def ffmpeg_resize_remote(uri, %{max_width: max_width, max_height: max_height}) do cmd = ~s""" curl -L "#{uri}" | - ffmpeg -i pipe:0 -vf \ - "scale='min(#{max_width},iw)':min'(#{max_height},ih)':force_original_aspect_ratio=decrease" \ - -f image2 pipe:1 | \ + ffmpeg -i pipe:0 -f lavfi -i color=c=white \ + -filter_complex "[0:v] scale='min(#{max_width},iw)':'min(#{max_height},ih)': \ + force_original_aspect_ratio=decrease [scaled]; \ + [1][scaled] scale2ref [bg][img]; [bg] setsar=1 [bg]; [bg][img] overlay=shortest=1" \ + -f image2 -vcodec mjpeg -frames:v 1 pipe:1 | \ cat """ @@ -22,41 +24,4 @@ def ffmpeg_resize_remote(uri, max_width, max_height) do {:ok, Enum.join(stdout_list)} end end - - @doc "Returns a temporary path for an URI" - def temporary_path_for(uri) do - name = Path.basename(uri) - random = rand_uniform(999_999) - Path.join(System.tmp_dir(), "#{random}-#{name}") - end - - @doc "Stores binary content fetched from specified URL as a temporary file." - @spec store_as_temporary_file(String.t(), binary()) :: {:ok, String.t()} | {:error, atom()} - def store_as_temporary_file(url, body) do - path = temporary_path_for(url) - with :ok <- File.write(path, body), do: {:ok, path} - end - - @doc "Modifies image file at specified path by resizing to specified limit dimensions." - @spec mogrify_resize_to_limit(String.t(), String.t()) :: :ok | any() - def mogrify_resize_to_limit(path, resize_dimensions) do - with %Mogrify.Image{} <- - path - |> Mogrify.open() - |> Mogrify.resize_to_limit(resize_dimensions) - |> Mogrify.save(in_place: true) do - :ok - end - end - - defp rand_uniform(high) do - Code.ensure_loaded(:rand) - - if function_exported?(:rand, :uniform, 1) do - :rand.uniform(high) - else - # Erlang/OTP < 19 - apply(:crypto, :rand_uniform, [1, high]) - end - end end diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index fb4b80379..12d4401fa 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -82,17 +82,16 @@ defp thumbnail_max_dimensions(params) do {thumbnail_max_width, thumbnail_max_height} end - defp handle_preview("image/" <> _ = content_type, %{params: params} = conn, url) do + defp handle_preview("image/" <> _ = _content_type, %{params: params} = conn, url) do with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), media_proxy_url <- MediaProxy.url(url), {:ok, thumbnail_binary} <- MediaHelper.ffmpeg_resize_remote( media_proxy_url, - thumbnail_max_width, - thumbnail_max_height + %{max_width: thumbnail_max_width, max_height: thumbnail_max_height} ) do conn - |> put_resp_header("content-type", content_type) + |> put_resp_header("content-type", "image/jpeg") |> send_resp(200, thumbnail_binary) else _ -> From 3a1e810aaaea3e44c4dfc82a014485cf886d6b88 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 21 May 2020 21:47:32 +0300 Subject: [PATCH 006/264] [#2497] Customized `exexec` launch to support root operation (currently required by Gitlab CI). --- .gitlab-ci.yml | 1 + config/config.exs | 4 +++ lib/pleroma/exec.ex | 38 +++++++++++++++++++++++++++++ lib/pleroma/helpers/media_helper.ex | 4 +-- mix.exs | 3 ++- test/exec_test.exs | 13 ++++++++++ 6 files changed, 59 insertions(+), 4 deletions(-) create mode 100644 lib/pleroma/exec.ex create mode 100644 test/exec_test.exs diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index aad28a2d8..14300f3bf 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,6 +6,7 @@ variables: &global_variables POSTGRES_PASSWORD: postgres DB_HOST: postgres MIX_ENV: test + USER: root cache: &global_cache_policy key: ${CI_COMMIT_REF_SLUG} diff --git a/config/config.exs b/config/config.exs index 838508c1b..d1440b7bf 100644 --- a/config/config.exs +++ b/config/config.exs @@ -681,6 +681,10 @@ config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false +config :pleroma, :exexec, + root_mode: false, + options: %{} + # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. import_config "#{Mix.env()}.exs" diff --git a/lib/pleroma/exec.ex b/lib/pleroma/exec.ex new file mode 100644 index 000000000..1b088d322 --- /dev/null +++ b/lib/pleroma/exec.ex @@ -0,0 +1,38 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Exec do + @moduledoc "Pleroma wrapper around Exexec commands." + + alias Pleroma.Config + + def ensure_started(options_overrides \\ %{}) do + options = + if Config.get([:exexec, :root_mode]) || System.get_env("USER") == "root" do + # Note: running as `root` is discouraged (yet Gitlab CI does that by default) + %{root: true, user: "root", limit_users: ["root"]} + else + %{} + end + + options = + options + |> Map.merge(Config.get([:exexec, :options], %{})) + |> Map.merge(options_overrides) + + with {:error, {:already_started, pid}} <- Exexec.start(options) do + {:ok, pid} + end + end + + def run(cmd, options \\ %{}) do + ensure_started() + Exexec.run(cmd, options) + end + + def cmd(cmd, options \\ %{}) do + options = Map.merge(%{sync: true, stdout: true}, options) + run(cmd, options) + end +end diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index ee6b76c41..ecd234558 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -7,8 +7,6 @@ defmodule Pleroma.Helpers.MediaHelper do Handles common media-related operations. """ - @ffmpeg_opts [{:sync, true}, {:stdout, true}] - def ffmpeg_resize_remote(uri, %{max_width: max_width, max_height: max_height}) do cmd = ~s""" curl -L "#{uri}" | @@ -20,7 +18,7 @@ def ffmpeg_resize_remote(uri, %{max_width: max_width, max_height: max_height}) d cat """ - with {:ok, [stdout: stdout_list]} <- Exexec.run(cmd, @ffmpeg_opts) do + with {:ok, [stdout: stdout_list]} <- Pleroma.Exec.cmd(cmd) do {:ok, Enum.join(stdout_list)} end end diff --git a/mix.exs b/mix.exs index 4c9bbc0ab..3215086ca 100644 --- a/mix.exs +++ b/mix.exs @@ -197,7 +197,8 @@ defp deps do ref: "e0f16822d578866e186a0974d65ad58cddc1e2ab"}, {:mox, "~> 0.5", only: :test}, {:restarter, path: "./restarter"}, - {:exexec, "~> 0.2"}, + # Note: `runtime: true` for :exexec makes CI fail due to `root` user (see Pleroma.Exec) + {:exexec, "~> 0.2", runtime: false}, {:open_api_spex, git: "https://git.pleroma.social/pleroma/elixir-libraries/open_api_spex.git", ref: "f296ac0924ba3cf79c7a588c4c252889df4c2edd"} diff --git a/test/exec_test.exs b/test/exec_test.exs new file mode 100644 index 000000000..45d3f778f --- /dev/null +++ b/test/exec_test.exs @@ -0,0 +1,13 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.ExecTest do + alias Pleroma.Exec + + use Pleroma.DataCase + + test "it starts" do + assert {:ok, _} = Exec.ensure_started() + end +end From 0e23138b50f1fdd9ea78df31eec1b3caac905e2c Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 22 May 2020 10:35:48 +0300 Subject: [PATCH 007/264] [#2497] Specified SHELL in .gitlab-ci.yml as required for `exexec`. --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 14300f3bf..e596aa0ec 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,6 +6,7 @@ variables: &global_variables POSTGRES_PASSWORD: postgres DB_HOST: postgres MIX_ENV: test + SHELL: /bin/sh USER: root cache: &global_cache_policy From 9faa63203717e71d666afb6755ff0b781b491823 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Sun, 5 Jul 2020 19:02:43 +0300 Subject: [PATCH 008/264] [#2497] Fixed merge issue. --- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 0f4575e2f..583c177f2 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -12,8 +12,8 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do def remote(conn, %{"sig" => sig64, "url" => url64}) do with {_, true} <- {:enabled, MediaProxy.enabled?()}, - {_, false} <- {:in_banned_urls, MediaProxy.in_banned_urls(url)}, {:ok, url} <- MediaProxy.decode_url(sig64, url64), + {_, false} <- {:in_banned_urls, MediaProxy.in_banned_urls(url)}, :ok <- MediaProxy.verify_request_path_and_url(conn, url) do proxy_opts = Config.get([:media_proxy, :proxy_opts], []) ReverseProxy.call(conn, url, proxy_opts) From b8021016ebef23903c59e5140d4efb456a84a347 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 21 Jul 2020 20:03:14 +0300 Subject: [PATCH 009/264] [#2497] Resolved merge conflicts. --- .../media_proxy_controller_test.exs | 39 ------------------- test/web/media_proxy/media_proxy_test.exs | 24 ++++-------- 2 files changed, 7 insertions(+), 56 deletions(-) diff --git a/test/web/media_proxy/media_proxy_controller_test.exs b/test/web/media_proxy/media_proxy_controller_test.exs index d4db44c63..0cda1e0b0 100644 --- a/test/web/media_proxy/media_proxy_controller_test.exs +++ b/test/web/media_proxy/media_proxy_controller_test.exs @@ -79,43 +79,4 @@ test "it returns 404 when url is in banned_urls cache", %{conn: conn, url: url} end end end - - describe "filename_matches/3" do - test "preserves the encoded or decoded path" do - assert MediaProxyController.filename_matches( - %{"filename" => "/Hello world.jpg"}, - "/Hello world.jpg", - "http://pleroma.social/Hello world.jpg" - ) == :ok - - assert MediaProxyController.filename_matches( - %{"filename" => "/Hello%20world.jpg"}, - "/Hello%20world.jpg", - "http://pleroma.social/Hello%20world.jpg" - ) == :ok - - assert MediaProxyController.filename_matches( - %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"}, - "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg", - "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" - ) == :ok - - assert MediaProxyController.filename_matches( - %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jp"}, - "/my%2Flong%2Furl%2F2019%2F07%2FS.jp", - "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg" - ) == {:wrong_filename, "my%2Flong%2Furl%2F2019%2F07%2FS.jpg"} - end - - test "encoded url are tried to match for proxy as `conn.request_path` encodes the url" do - # conn.request_path will return encoded url - request_path = "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg" - - assert MediaProxyController.filename_matches( - true, - request_path, - "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg" - ) == :ok - end - end end diff --git a/test/web/media_proxy/media_proxy_test.exs b/test/web/media_proxy/media_proxy_test.exs index 06990464f..0e6df826c 100644 --- a/test/web/media_proxy/media_proxy_test.exs +++ b/test/web/media_proxy/media_proxy_test.exs @@ -126,6 +126,13 @@ test "`verify_request_path_and_url/2` preserves the encoded or decoded path" do :ok ) + test_verify_request_path_and_url( + # Note: `conn.request_path` returns encoded url + "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg", + "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg", + :ok + ) + test_verify_request_path_and_url( "/my%2Flong%2Furl%2F2019%2F07%2FS", "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg", @@ -133,17 +140,6 @@ test "`verify_request_path_and_url/2` preserves the encoded or decoded path" do ) end - test "encoded url are tried to match for proxy as `conn.request_path` encodes the url" do - # conn.request_path will return encoded url - request_path = "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg" - - assert MediaProxy.verify_request_path_and_url( - request_path, - "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg" - ) == :ok - assert MediaProxy.decode_url(sig, base64) == {:error, :invalid_signature} - end - test "uses the configured base_url" do base_url = "https://cache.pleroma.social" clear_config([:media_proxy, :base_url], base_url) @@ -193,12 +189,6 @@ test "does not encode remote urls" do end end - defp decode_result(encoded) do - [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/") - {:ok, decoded} = MediaProxy.decode_url(sig, base64) - decoded - end - describe "whitelist" do setup do: clear_config([:media_proxy, :enabled], true) From 56ddf20208657487bf0298409cf91b11dac346ff Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 7 Aug 2020 09:43:49 +0300 Subject: [PATCH 010/264] Removed unused alias. --- test/web/media_proxy/media_proxy_controller_test.exs | 1 - 1 file changed, 1 deletion(-) diff --git a/test/web/media_proxy/media_proxy_controller_test.exs b/test/web/media_proxy/media_proxy_controller_test.exs index 0cda1e0b0..0dd2fd10c 100644 --- a/test/web/media_proxy/media_proxy_controller_test.exs +++ b/test/web/media_proxy/media_proxy_controller_test.exs @@ -8,7 +8,6 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyControllerTest do import Mock alias Pleroma.Web.MediaProxy - alias Pleroma.Web.MediaProxy.MediaProxyController alias Plug.Conn setup do From da116d81fb0028913c2a0f30ac35532fb500e8fc Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 18 Aug 2020 18:23:27 +0300 Subject: [PATCH 011/264] [#2497] Added video preview proxy. Switched from exexec to Port. --- .gitlab-ci.yml | 2 - config/config.exs | 4 -- lib/pleroma/exec.ex | 38 -------------- lib/pleroma/helpers/media_helper.ex | 19 ++++--- .../web/media_proxy/media_proxy_controller.ex | 50 +++++++++++-------- mix.exs | 2 - mix.lock | 2 - test/exec_test.exs | 13 ----- 8 files changed, 41 insertions(+), 89 deletions(-) delete mode 100644 lib/pleroma/exec.ex delete mode 100644 test/exec_test.exs diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3b6877039..9e9107ce3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,8 +6,6 @@ variables: &global_variables POSTGRES_PASSWORD: postgres DB_HOST: postgres MIX_ENV: test - SHELL: /bin/sh - USER: root cache: &global_cache_policy key: ${CI_COMMIT_REF_SLUG} diff --git a/config/config.exs b/config/config.exs index ab4508ccf..029f8ec20 100644 --- a/config/config.exs +++ b/config/config.exs @@ -761,10 +761,6 @@ config :pleroma, Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.PleromaAuthenticator -config :pleroma, :exexec, - root_mode: false, - options: %{} - # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. import_config "#{Mix.env()}.exs" diff --git a/lib/pleroma/exec.ex b/lib/pleroma/exec.ex deleted file mode 100644 index 1b088d322..000000000 --- a/lib/pleroma/exec.ex +++ /dev/null @@ -1,38 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Exec do - @moduledoc "Pleroma wrapper around Exexec commands." - - alias Pleroma.Config - - def ensure_started(options_overrides \\ %{}) do - options = - if Config.get([:exexec, :root_mode]) || System.get_env("USER") == "root" do - # Note: running as `root` is discouraged (yet Gitlab CI does that by default) - %{root: true, user: "root", limit_users: ["root"]} - else - %{} - end - - options = - options - |> Map.merge(Config.get([:exexec, :options], %{})) - |> Map.merge(options_overrides) - - with {:error, {:already_started, pid}} <- Exexec.start(options) do - {:ok, pid} - end - end - - def run(cmd, options \\ %{}) do - ensure_started() - Exexec.run(cmd, options) - end - - def cmd(cmd, options \\ %{}) do - options = Map.merge(%{sync: true, stdout: true}, options) - run(cmd, options) - end -end diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index ecd234558..ca46698cc 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -7,19 +7,24 @@ defmodule Pleroma.Helpers.MediaHelper do Handles common media-related operations. """ - def ffmpeg_resize_remote(uri, %{max_width: max_width, max_height: max_height}) do + def ffmpeg_resize(uri_or_path, %{max_width: max_width, max_height: max_height}) do cmd = ~s""" - curl -L "#{uri}" | - ffmpeg -i pipe:0 -f lavfi -i color=c=white \ + ffmpeg -i #{uri_or_path} -f lavfi -i color=c=white \ -filter_complex "[0:v] scale='min(#{max_width},iw)':'min(#{max_height},ih)': \ force_original_aspect_ratio=decrease [scaled]; \ [1][scaled] scale2ref [bg][img]; [bg] setsar=1 [bg]; [bg][img] overlay=shortest=1" \ - -f image2 -vcodec mjpeg -frames:v 1 pipe:1 | \ - cat + -loglevel quiet -f image2 -vcodec mjpeg -frames:v 1 pipe:1 """ - with {:ok, [stdout: stdout_list]} <- Pleroma.Exec.cmd(cmd) do - {:ok, Enum.join(stdout_list)} + pid = Port.open({:spawn, cmd}, [:use_stdio, :in, :stream, :exit_status, :binary]) + + receive do + {^pid, {:data, data}} -> + send(pid, {self(), :close}) + {:ok, data} + + {^pid, {:exit_status, status}} when status > 0 -> + {:error, status} end end end diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 583c177f2..8861398dd 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -66,6 +66,35 @@ defp handle_preview(conn, url) do end end + defp handle_preview("image/" <> _ = _content_type, conn, url) do + handle_image_or_video_preview(conn, url) + end + + defp handle_preview("video/" <> _ = _content_type, conn, url) do + handle_image_or_video_preview(conn, url) + end + + defp handle_preview(content_type, conn, _url) do + send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.") + end + + defp handle_image_or_video_preview(%{params: params} = conn, url) do + with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), + media_proxy_url <- MediaProxy.url(url), + {:ok, thumbnail_binary} <- + MediaHelper.ffmpeg_resize( + media_proxy_url, + %{max_width: thumbnail_max_width, max_height: thumbnail_max_height} + ) do + conn + |> put_resp_header("content-type", "image/jpeg") + |> send_resp(200, thumbnail_binary) + else + _ -> + send_resp(conn, :failed_dependency, "Can't handle preview.") + end + end + defp thumbnail_max_dimensions(params) do config = Config.get([:media_preview_proxy], []) @@ -86,27 +115,6 @@ defp thumbnail_max_dimensions(params) do {thumbnail_max_width, thumbnail_max_height} end - defp handle_preview("image/" <> _ = _content_type, %{params: params} = conn, url) do - with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), - media_proxy_url <- MediaProxy.url(url), - {:ok, thumbnail_binary} <- - MediaHelper.ffmpeg_resize_remote( - media_proxy_url, - %{max_width: thumbnail_max_width, max_height: thumbnail_max_height} - ) do - conn - |> put_resp_header("content-type", "image/jpeg") - |> send_resp(200, thumbnail_binary) - else - _ -> - send_resp(conn, :failed_dependency, "Can't handle image preview.") - end - end - - defp handle_preview(content_type, conn, _url) do - send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.") - end - defp preview_head_request_timeout do Config.get([:media_preview_proxy, :proxy_opts, :head_request_max_read_duration]) || preview_timeout() diff --git a/mix.exs b/mix.exs index 33c4411c4..11fdb1670 100644 --- a/mix.exs +++ b/mix.exs @@ -186,8 +186,6 @@ defp deps do git: "https://git.pleroma.social/pleroma/elixir-libraries/elixir-captcha.git", ref: "e0f16822d578866e186a0974d65ad58cddc1e2ab"}, {:restarter, path: "./restarter"}, - # Note: `runtime: true` for :exexec makes CI fail due to `root` user (see Pleroma.Exec) - {:exexec, "~> 0.2", runtime: false}, {:open_api_spex, git: "https://git.pleroma.social/pleroma/elixir-libraries/open_api_spex.git", ref: "f296ac0924ba3cf79c7a588c4c252889df4c2edd"}, diff --git a/mix.lock b/mix.lock index f5acc89eb..553ac304a 100644 --- a/mix.lock +++ b/mix.lock @@ -33,7 +33,6 @@ "ecto_sql": {:hex, :ecto_sql, "3.4.5", "30161f81b167d561a9a2df4329c10ae05ff36eca7ccc84628f2c8b9fa1e43323", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.3.0 or ~> 0.4.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.0", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "31990c6a3579b36a3c0841d34a94c275e727de8b84f58509da5f1b2032c98ac2"}, "eimp": {:hex, :eimp, "1.0.14", "fc297f0c7e2700457a95a60c7010a5f1dcb768a083b6d53f49cd94ab95a28f22", [:rebar3], [{:p1_utils, "1.0.18", [hex: :p1_utils, repo: "hexpm", optional: false]}], "hexpm", "501133f3112079b92d9e22da8b88bf4f0e13d4d67ae9c15c42c30bd25ceb83b6"}, "elixir_make": {:hex, :elixir_make, "0.6.0", "38349f3e29aff4864352084fc736fa7fa0f2995a819a737554f7ebd28b85aaab", [:mix], [], "hexpm", "d522695b93b7f0b4c0fcb2dfe73a6b905b1c301226a5a55cb42e5b14d509e050"}, - "erlexec": {:hex, :erlexec, "1.10.9", "3cbb3476f942bfb8b68b85721c21c1835061cf6dd35f5285c2362e85b100ddc7", [:rebar3], [], "hexpm", "271e5b5f2d91cdb9887efe74d89026c199bfc69f074cade0d08dab60993fa14e"}, "esshd": {:hex, :esshd, "0.1.1", "d4dd4c46698093a40a56afecce8a46e246eb35463c457c246dacba2e056f31b5", [:mix], [], "hexpm", "d73e341e3009d390aa36387dc8862860bf9f874c94d9fd92ade2926376f49981"}, "eternal": {:hex, :eternal, "1.2.1", "d5b6b2499ba876c57be2581b5b999ee9bdf861c647401066d3eeed111d096bc4", [:mix], [], "hexpm", "b14f1dc204321429479c569cfbe8fb287541184ed040956c8862cb7a677b8406"}, "ex2ms": {:hex, :ex2ms, "1.5.0", "19e27f9212be9a96093fed8cdfbef0a2b56c21237196d26760f11dfcfae58e97", [:mix], [], "hexpm"}, @@ -44,7 +43,6 @@ "ex_machina": {:hex, :ex_machina, "2.4.0", "09a34c5d371bfb5f78399029194a8ff67aff340ebe8ba19040181af35315eabb", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm", "a20bc9ddc721b33ea913b93666c5d0bdca5cbad7a67540784ae277228832d72c"}, "ex_syslogger": {:hex, :ex_syslogger, "1.5.2", "72b6aa2d47a236e999171f2e1ec18698740f40af0bd02c8c650bf5f1fd1bac79", [:mix], [{:poison, ">= 1.5.0", [hex: :poison, repo: "hexpm", optional: true]}, {:syslog, "~> 1.1.0", [hex: :syslog, repo: "hexpm", optional: false]}], "hexpm", "ab9fab4136dbc62651ec6f16fa4842f10cf02ab4433fa3d0976c01be99398399"}, "excoveralls": {:hex, :excoveralls, "0.13.1", "b9f1697f7c9e0cfe15d1a1d737fb169c398803ffcbc57e672aa007e9fd42864c", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "b4bb550e045def1b4d531a37fb766cbbe1307f7628bf8f0414168b3f52021cce"}, - "exexec": {:hex, :exexec, "0.2.0", "a6ffc48cba3ac9420891b847e4dc7120692fb8c08c9e82220ebddc0bb8d96103", [:mix], [{:erlexec, "~> 1.10", [hex: :erlexec, repo: "hexpm", optional: false]}], "hexpm", "312cd1c9befba9e078e57f3541e4f4257eabda6eb9c348154fe899d6ac633299"}, "fast_html": {:hex, :fast_html, "2.0.1", "e126c74d287768ae78c48938da6711164517300d108a78f8a38993df8d588335", [:make, :mix], [{:elixir_make, "~> 0.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}], "hexpm", "bdd6f8525c95ad391a4f10d9a1b3da4cea94078ec8638487aa8c24015ad9393a"}, "fast_sanitize": {:hex, :fast_sanitize, "0.2.0", "004b40d5bbecda182b6fdba762a51fffd3501e689e8eafe196e1a97eb0caf733", [:mix], [{:fast_html, "~> 2.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "11fcb37f26d272a3a2aff861872bf100be4eeacea69505908b8cdbcea5b0813a"}, "flake_id": {:hex, :flake_id, "0.1.0", "7716b086d2e405d09b647121a166498a0d93d1a623bead243e1f74216079ccb3", [:mix], [{:base62, "~> 1.2", [hex: :base62, repo: "hexpm", optional: false]}, {:ecto, ">= 2.0.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm", "31fc8090fde1acd267c07c36ea7365b8604055f897d3a53dd967658c691bd827"}, diff --git a/test/exec_test.exs b/test/exec_test.exs deleted file mode 100644 index 45d3f778f..000000000 --- a/test/exec_test.exs +++ /dev/null @@ -1,13 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.ExecTest do - alias Pleroma.Exec - - use Pleroma.DataCase - - test "it starts" do - assert {:ok, _} = Exec.ensure_started() - end -end From 4ee15e991efb5bd5bf69d84d27dbbee81443d1dc Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 19 Aug 2020 21:36:26 +0300 Subject: [PATCH 012/264] [#2497] Media preview proxy config refactoring & documentation. --- config/config.exs | 3 +- config/description.exs | 51 +++++++++++++++++++ .../web/media_proxy/media_proxy_controller.ex | 20 ++++---- 3 files changed, 63 insertions(+), 11 deletions(-) diff --git a/config/config.exs b/config/config.exs index 029f8ec20..6e6231cf8 100644 --- a/config/config.exs +++ b/config/config.exs @@ -444,8 +444,7 @@ thumbnail_max_width: 400, thumbnail_max_height: 200, proxy_opts: [ - head_request_max_read_duration: 5_000, - max_read_duration: 10_000 + head_request_max_read_duration: 5_000 ] config :pleroma, :chat, enabled: true diff --git a/config/description.exs b/config/description.exs index e27abf40f..90d8eca65 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1831,6 +1831,7 @@ suggestions: [ redirect_on_failure: false, max_body_length: 25 * 1_048_576, + max_read_duration: 30_000, http: [ follow_redirect: true, pool: :media @@ -1851,6 +1852,11 @@ "Limits the content length to be approximately the " <> "specified length. It is validated with the `content-length` header and also verified when proxying." }, + %{ + key: :max_read_duration, + type: :integer, + description: "Timeout (in milliseconds) of GET request to remote URI." + }, %{ key: :http, label: "HTTP", @@ -1897,6 +1903,51 @@ } ] }, + %{ + group: :pleroma, + key: :media_preview_proxy, + type: :group, + description: "Media preview proxy", + children: [ + %{ + key: :enabled, + type: :boolean, + description: + "Enables proxying of remote media preview to the instance's proxy. Requires enabled media proxy." + }, + %{ + key: :thumbnail_max_width, + type: :integer, + description: "Max width of preview thumbnail." + }, + %{ + key: :thumbnail_max_height, + type: :integer, + description: "Max height of preview thumbnail." + }, + %{ + key: :proxy_opts, + type: :keyword, + description: "Media proxy options", + suggestions: [ + head_request_max_read_duration: 5_000 + ], + children: [ + %{ + key: :head_request_max_read_duration, + type: :integer, + description: "Timeout (in milliseconds) of HEAD request to remote URI." + } + ] + }, + %{ + key: :whitelist, + type: {:list, :string}, + description: "List of hosts with scheme to bypass the mediaproxy", + suggestions: ["http://example.com"] + } + ] + }, %{ group: :pleroma, key: Pleroma.Web.MediaProxy.Invalidation.Http, diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 8861398dd..31d18c119 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -15,8 +15,7 @@ def remote(conn, %{"sig" => sig64, "url" => url64}) do {:ok, url} <- MediaProxy.decode_url(sig64, url64), {_, false} <- {:in_banned_urls, MediaProxy.in_banned_urls(url)}, :ok <- MediaProxy.verify_request_path_and_url(conn, url) do - proxy_opts = Config.get([:media_proxy, :proxy_opts], []) - ReverseProxy.call(conn, url, proxy_opts) + ReverseProxy.call(conn, url, media_proxy_opts()) else {:enabled, false} -> send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) @@ -116,13 +115,16 @@ defp thumbnail_max_dimensions(params) do end defp preview_head_request_timeout do - Config.get([:media_preview_proxy, :proxy_opts, :head_request_max_read_duration]) || - preview_timeout() - end - - defp preview_timeout do - Config.get([:media_preview_proxy, :proxy_opts, :max_read_duration]) || - Config.get([:media_proxy, :proxy_opts, :max_read_duration]) || + Keyword.get(media_preview_proxy_opts(), :head_request_max_read_duration) || + Keyword.get(media_proxy_opts(), :max_read_duration) || ReverseProxy.max_read_duration_default() end + + defp media_proxy_opts do + Config.get([:media_proxy, :proxy_opts], []) + end + + defp media_preview_proxy_opts do + Config.get([:media_preview_proxy, :proxy_opts], []) + end end From 02ad1cd8e97c44824b92b53ea1879a965bbd8358 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 20 Aug 2020 09:58:50 +0300 Subject: [PATCH 013/264] [#2497] Media preview proxy: added Content-Disposition header with filename to response. --- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 31d18c119..5513432f0 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -87,6 +87,7 @@ defp handle_image_or_video_preview(%{params: params} = conn, url) do ) do conn |> put_resp_header("content-type", "image/jpeg") + |> put_resp_header("content-disposition", "inline; filename=\"preview.jpg\"") |> send_resp(200, thumbnail_binary) else _ -> From aa0a5ffb4849880b5adbcc9188de01ef778381e3 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Fri, 21 Aug 2020 08:59:08 +0300 Subject: [PATCH 014/264] [#2497] Media preview proxy: added `quality` config setting, adjusted width/height defaults. --- config/config.exs | 5 +++-- config/description.exs | 5 +++++ lib/pleroma/helpers/media_helper.ex | 6 ++++-- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 4 +++- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/config/config.exs b/config/config.exs index 6e6231cf8..b399ce6d7 100644 --- a/config/config.exs +++ b/config/config.exs @@ -441,8 +441,9 @@ # Note: media preview proxy depends on media proxy to be enabled config :pleroma, :media_preview_proxy, enabled: false, - thumbnail_max_width: 400, - thumbnail_max_height: 200, + thumbnail_max_width: 600, + thumbnail_max_height: 600, + quality: 2, proxy_opts: [ head_request_max_read_duration: 5_000 ] diff --git a/config/description.exs b/config/description.exs index 90d8eca65..22da60900 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1925,6 +1925,11 @@ type: :integer, description: "Max height of preview thumbnail." }, + %{ + key: :quality, + type: :integer, + description: "Quality of the output. Ranges from 1 (max quality) to 31 (lowest quality)." + }, %{ key: :proxy_opts, type: :keyword, diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index ca46698cc..e11038052 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -7,13 +7,15 @@ defmodule Pleroma.Helpers.MediaHelper do Handles common media-related operations. """ - def ffmpeg_resize(uri_or_path, %{max_width: max_width, max_height: max_height}) do + def ffmpeg_resize(uri_or_path, %{max_width: max_width, max_height: max_height} = options) do + quality = options[:quality] || 1 + cmd = ~s""" ffmpeg -i #{uri_or_path} -f lavfi -i color=c=white \ -filter_complex "[0:v] scale='min(#{max_width},iw)':'min(#{max_height},ih)': \ force_original_aspect_ratio=decrease [scaled]; \ [1][scaled] scale2ref [bg][img]; [bg] setsar=1 [bg]; [bg][img] overlay=shortest=1" \ - -loglevel quiet -f image2 -vcodec mjpeg -frames:v 1 pipe:1 + -loglevel quiet -f image2 -vcodec mjpeg -frames:v 1 -q:v #{quality} pipe:1 """ pid = Port.open({:spawn, cmd}, [:use_stdio, :in, :stream, :exit_status, :binary]) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 5513432f0..1c51aa5e3 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -78,12 +78,14 @@ defp handle_preview(content_type, conn, _url) do end defp handle_image_or_video_preview(%{params: params} = conn, url) do + quality = Config.get!([:media_preview_proxy, :quality]) + with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), media_proxy_url <- MediaProxy.url(url), {:ok, thumbnail_binary} <- MediaHelper.ffmpeg_resize( media_proxy_url, - %{max_width: thumbnail_max_width, max_height: thumbnail_max_height} + %{max_width: thumbnail_max_width, max_height: thumbnail_max_height, quality: quality} ) do conn |> put_resp_header("content-type", "image/jpeg") From 967afa064bb0dc85c054495b795a57a13cdf3b3c Mon Sep 17 00:00:00 2001 From: href Date: Fri, 21 Aug 2020 17:02:57 +0000 Subject: [PATCH 015/264] Fix truncated images --- lib/pleroma/helpers/media_helper.ex | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index e11038052..f87be8874 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -19,14 +19,24 @@ def ffmpeg_resize(uri_or_path, %{max_width: max_width, max_height: max_height} = """ pid = Port.open({:spawn, cmd}, [:use_stdio, :in, :stream, :exit_status, :binary]) + loop_recv(pid) + end + defp loop_recv(pid) do + loop_recv(pid, <<>>) + end + + defp loop_recv(pid, acc) do receive do {^pid, {:data, data}} -> - send(pid, {self(), :close}) - {:ok, data} + loop_recv(pid, acc <> data) - {^pid, {:exit_status, status}} when status > 0 -> + {^pid, {:exit_status, 0}} -> + {:ok, acc} + + {^pid, {:exit_status, status}} -> {:error, status} end end + end From 4e6eb22b4af70e611cc61f94ba3d81758036a392 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 21 Aug 2020 12:19:35 -0500 Subject: [PATCH 016/264] Try to warm the cache with the preview image if preview proxy enabled --- lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex index dfab105a3..5d8bb72aa 100644 --- a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex @@ -27,7 +27,7 @@ def perform(:prefetch, url) do end url - |> MediaProxy.url() + |> MediaProxy.preview_url() |> HTTP.get([], adapter: opts) end From edde0d9b54b45a366ecdec01e9826f1ee8d1dc3a Mon Sep 17 00:00:00 2001 From: href Date: Fri, 21 Aug 2020 17:40:49 +0000 Subject: [PATCH 017/264] Remove newline for linter --- lib/pleroma/helpers/media_helper.ex | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index f87be8874..89dd4204b 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -38,5 +38,4 @@ defp loop_recv(pid, acc) do {:error, status} end end - end From 98f8851f29f940051656caa1715820bce70f8c29 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Sat, 22 Aug 2020 15:12:11 -0500 Subject: [PATCH 018/264] Use the image thumbnail for rich metadata (OGP/Twittercards) --- lib/pleroma/web/metadata/utils.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/metadata/utils.ex b/lib/pleroma/web/metadata/utils.ex index 2f0dfb474..8a206e019 100644 --- a/lib/pleroma/web/metadata/utils.ex +++ b/lib/pleroma/web/metadata/utils.ex @@ -38,7 +38,7 @@ def scrub_html(content) when is_binary(content) do def scrub_html(content), do: content def attachment_url(url) do - MediaProxy.url(url) + MediaProxy.preview_url(url) end def user_name_string(user) do From 899ea2da3e77ca64598e45eba986d5315b523120 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 25 Aug 2020 17:18:22 -0500 Subject: [PATCH 019/264] Switch to imagemagick, only support videos --- config/config.exs | 2 +- config/description.exs | 4 ++-- lib/pleroma/helpers/media_helper.ex | 13 ++++++------- .../web/media_proxy/media_proxy_controller.ex | 15 +++++---------- 4 files changed, 14 insertions(+), 20 deletions(-) diff --git a/config/config.exs b/config/config.exs index e1558e29e..972b96d2d 100644 --- a/config/config.exs +++ b/config/config.exs @@ -444,7 +444,7 @@ enabled: false, thumbnail_max_width: 600, thumbnail_max_height: 600, - quality: 2, + image_quality: 85, proxy_opts: [ head_request_max_read_duration: 5_000 ] diff --git a/config/description.exs b/config/description.exs index 0082cc84f..60f76be45 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1975,9 +1975,9 @@ description: "Max height of preview thumbnail." }, %{ - key: :quality, + key: :image_quality, type: :integer, - description: "Quality of the output. Ranges from 1 (max quality) to 31 (lowest quality)." + description: "Quality of the output. Ranges from 0 (min quality) to 100 (max quality)." }, %{ key: :proxy_opts, diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 89dd4204b..07e6dba5e 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -7,18 +7,17 @@ defmodule Pleroma.Helpers.MediaHelper do Handles common media-related operations. """ - def ffmpeg_resize(uri_or_path, %{max_width: max_width, max_height: max_height} = options) do - quality = options[:quality] || 1 + def image_resize(url, %{max_width: max_width, max_height: max_height} = options) do + quality = options[:quality] || 85 cmd = ~s""" - ffmpeg -i #{uri_or_path} -f lavfi -i color=c=white \ - -filter_complex "[0:v] scale='min(#{max_width},iw)':'min(#{max_height},ih)': \ - force_original_aspect_ratio=decrease [scaled]; \ - [1][scaled] scale2ref [bg][img]; [bg] setsar=1 [bg]; [bg][img] overlay=shortest=1" \ - -loglevel quiet -f image2 -vcodec mjpeg -frames:v 1 -q:v #{quality} pipe:1 + convert - -resize '#{max_width}x#{max_height}>' -quality #{quality} - """ pid = Port.open({:spawn, cmd}, [:use_stdio, :in, :stream, :exit_status, :binary]) + {:ok, env} = url |> Pleroma.Web.MediaProxy.url() |> Pleroma.HTTP.get() + image = env.body + Port.command(pid, image) loop_recv(pid) end diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 1c51aa5e3..b925973ba 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -66,25 +66,20 @@ defp handle_preview(conn, url) do end defp handle_preview("image/" <> _ = _content_type, conn, url) do - handle_image_or_video_preview(conn, url) - end - - defp handle_preview("video/" <> _ = _content_type, conn, url) do - handle_image_or_video_preview(conn, url) + handle_image_preview(conn, url) end defp handle_preview(content_type, conn, _url) do send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.") end - defp handle_image_or_video_preview(%{params: params} = conn, url) do - quality = Config.get!([:media_preview_proxy, :quality]) + defp handle_image_preview(%{params: params} = conn, url) do + quality = Config.get!([:media_preview_proxy, :image_quality]) with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), - media_proxy_url <- MediaProxy.url(url), {:ok, thumbnail_binary} <- - MediaHelper.ffmpeg_resize( - media_proxy_url, + MediaHelper.image_resize( + url, %{max_width: thumbnail_max_width, max_height: thumbnail_max_height, quality: quality} ) do conn From ddbddc08fc9fe5458edc983c81a77671da34a71f Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 25 Aug 2020 17:31:55 -0500 Subject: [PATCH 020/264] Redirects for videos right now --- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index b925973ba..6abbf9e23 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -69,6 +69,12 @@ defp handle_preview("image/" <> _ = _content_type, conn, url) do handle_image_preview(conn, url) end + defp handle_preview("video/" <> _ = _content_type, conn, url) do + mediaproxy_url = url |> MediaProxy.url() + + redirect(conn, external: mediaproxy_url) + end + defp handle_preview(content_type, conn, _url) do send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.") end From afa03ca8e2cffc85628beb5f9a70401d984ab216 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 25 Aug 2020 17:36:53 -0500 Subject: [PATCH 021/264] Allow both stdin and stdout --- lib/pleroma/helpers/media_helper.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 07e6dba5e..5fe135584 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -14,7 +14,7 @@ def image_resize(url, %{max_width: max_width, max_height: max_height} = options) convert - -resize '#{max_width}x#{max_height}>' -quality #{quality} - """ - pid = Port.open({:spawn, cmd}, [:use_stdio, :in, :stream, :exit_status, :binary]) + pid = Port.open({:spawn, cmd}, [:use_stdio, :stream, :exit_status, :binary]) {:ok, env} = url |> Pleroma.Web.MediaProxy.url() |> Pleroma.HTTP.get() image = env.body Port.command(pid, image) From a136e7e9b590e3f23e472bf27c7c6a81d8d7792b Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 25 Aug 2020 18:10:27 -0500 Subject: [PATCH 022/264] Try specifying fd0, force jpg out --- lib/pleroma/helpers/media_helper.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 5fe135584..01f42d9b0 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -11,7 +11,7 @@ def image_resize(url, %{max_width: max_width, max_height: max_height} = options) quality = options[:quality] || 85 cmd = ~s""" - convert - -resize '#{max_width}x#{max_height}>' -quality #{quality} - + convert fd:0 -resize '#{max_width}x#{max_height}>' -quality #{quality} jpg:- """ pid = Port.open({:spawn, cmd}, [:use_stdio, :stream, :exit_status, :binary]) From bc94f0c6da2405e2f1cdae89696970728b6e987f Mon Sep 17 00:00:00 2001 From: href Date: Wed, 26 Aug 2020 16:12:34 +0200 Subject: [PATCH 023/264] Use mkfifo to feed ImageMagick --- lib/pleroma/helpers/media_helper.ex | 70 ++++++++++++++++++++++++----- 1 file changed, 60 insertions(+), 10 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 01f42d9b0..a43352ae0 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -7,18 +7,66 @@ defmodule Pleroma.Helpers.MediaHelper do Handles common media-related operations. """ - def image_resize(url, %{max_width: max_width, max_height: max_height} = options) do + @tmp_base "/tmp/pleroma-media_preview-pipe" + + def image_resize(url, options) do + with executable when is_binary(executable) <- System.find_executable("convert"), + {:ok, args} <- prepare_resize_args(options), + url = Pleroma.Web.MediaProxy.url(url), + {:ok, env} <- Pleroma.HTTP.get(url), + {:ok, fifo_path} <- mkfifo() + do + run_fifo(fifo_path, env, executable, args) + else + nil -> {:error, {:convert, :command_not_found}} + {:error, _} = error -> error + end + end + + defp prepare_resize_args(%{max_width: max_width, max_height: max_height} = options) do quality = options[:quality] || 85 + resize = Enum.join([max_width, "x", max_height, ">"]) + args = [ + "-auto-orient", # Support for EXIF rotation + "-resize", resize, + "-quality", to_string(quality) + ] + {:ok, args} + end - cmd = ~s""" - convert fd:0 -resize '#{max_width}x#{max_height}>' -quality #{quality} jpg:- - """ + defp prepare_resize_args(_), do: {:error, :missing_options} - pid = Port.open({:spawn, cmd}, [:use_stdio, :stream, :exit_status, :binary]) - {:ok, env} = url |> Pleroma.Web.MediaProxy.url() |> Pleroma.HTTP.get() - image = env.body - Port.command(pid, image) + defp run_fifo(fifo_path, env, executable, args) do + args = List.flatten([fifo_path, args, "jpg:fd:1"]) + pid = Port.open({:spawn_executable, executable}, [:use_stdio, :stream, :exit_status, :binary, args: args]) + fifo = Port.open(to_charlist(fifo_path), [:eof, :binary, :stream, :out]) + true = Port.command(fifo, env.body) + :erlang.port_close(fifo) loop_recv(pid) + after + File.rm(fifo_path) + end + + defp mkfifo() do + path = "#{@tmp_base}#{to_charlist(:erlang.phash2(self()))}" + case System.cmd("mkfifo", [path]) do + {_, 0} -> + spawn(fifo_guard(path)) + {:ok, path} + {_, err} -> + {:error, {:fifo_failed, err}} + end + end + + defp fifo_guard(path) do + pid = self() + fn() -> + ref = Process.monitor(pid) + receive do + {:DOWN, ^ref, :process, ^pid, _} -> + File.rm(path) + end + end end defp loop_recv(pid) do @@ -29,12 +77,14 @@ defp loop_recv(pid, acc) do receive do {^pid, {:data, data}} -> loop_recv(pid, acc <> data) - {^pid, {:exit_status, 0}} -> {:ok, acc} - {^pid, {:exit_status, status}} -> {:error, status} + after + 5000 -> + :erlang.port_close(pid) + {:error, :timeout} end end end From d4d1192341868d978e19777c17be85e331367264 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Wed, 26 Aug 2020 14:28:25 +0000 Subject: [PATCH 024/264] Remove auto-orient; don't use it on previews, only originals --- lib/pleroma/helpers/media_helper.ex | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index a43352ae0..db0c4b0cf 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -27,7 +27,6 @@ defp prepare_resize_args(%{max_width: max_width, max_height: max_height} = optio quality = options[:quality] || 85 resize = Enum.join([max_width, "x", max_height, ">"]) args = [ - "-auto-orient", # Support for EXIF rotation "-resize", resize, "-quality", to_string(quality) ] From 2c95533ead56217ec27e09e0ead0050e110dff22 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Wed, 26 Aug 2020 15:37:45 +0000 Subject: [PATCH 025/264] Change method of convert using stdout, make progressive jpegs --- lib/pleroma/helpers/media_helper.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index db0c4b0cf..3256802a0 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -27,6 +27,7 @@ defp prepare_resize_args(%{max_width: max_width, max_height: max_height} = optio quality = options[:quality] || 85 resize = Enum.join([max_width, "x", max_height, ">"]) args = [ + "-interlace", "Plane", "-resize", resize, "-quality", to_string(quality) ] @@ -36,7 +37,7 @@ defp prepare_resize_args(%{max_width: max_width, max_height: max_height} = optio defp prepare_resize_args(_), do: {:error, :missing_options} defp run_fifo(fifo_path, env, executable, args) do - args = List.flatten([fifo_path, args, "jpg:fd:1"]) + args = List.flatten([fifo_path, args, "jpg:-"]) pid = Port.open({:spawn_executable, executable}, [:use_stdio, :stream, :exit_status, :binary, args: args]) fifo = Port.open(to_charlist(fifo_path), [:eof, :binary, :stream, :out]) true = Port.command(fifo, env.body) From eead2276e79f29c4d0e10d23eb7524a9ee5f5045 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Wed, 26 Aug 2020 16:18:11 -0500 Subject: [PATCH 026/264] Ensure GIFs are redirected to the original or they become static. --- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 6abbf9e23..d465ce8d1 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -65,6 +65,12 @@ defp handle_preview(conn, url) do end end + defp handle_preview("image/gif" = _content_type, conn, url) do + mediaproxy_url = url |> MediaProxy.url() + + redirect(conn, external: mediaproxy_url) + end + defp handle_preview("image/" <> _ = _content_type, conn, url) do handle_image_preview(conn, url) end From 9567b96c7927be433eac4f023051adc5cbd6610c Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Wed, 26 Aug 2020 16:40:13 -0500 Subject: [PATCH 027/264] Rename to make it obvious this is for images not videos --- lib/pleroma/helpers/media_helper.ex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 3256802a0..fe11dd460 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -11,7 +11,7 @@ defmodule Pleroma.Helpers.MediaHelper do def image_resize(url, options) do with executable when is_binary(executable) <- System.find_executable("convert"), - {:ok, args} <- prepare_resize_args(options), + {:ok, args} <- prepare_image_resize_args(options), url = Pleroma.Web.MediaProxy.url(url), {:ok, env} <- Pleroma.HTTP.get(url), {:ok, fifo_path} <- mkfifo() @@ -23,7 +23,7 @@ def image_resize(url, options) do end end - defp prepare_resize_args(%{max_width: max_width, max_height: max_height} = options) do + defp prepare_image_resize_args(%{max_width: max_width, max_height: max_height} = options) do quality = options[:quality] || 85 resize = Enum.join([max_width, "x", max_height, ">"]) args = [ @@ -34,7 +34,7 @@ defp prepare_resize_args(%{max_width: max_width, max_height: max_height} = optio {:ok, args} end - defp prepare_resize_args(_), do: {:error, :missing_options} + defp prepare_image_resize_args(_), do: {:error, :missing_options} defp run_fifo(fifo_path, env, executable, args) do args = List.flatten([fifo_path, args, "jpg:-"]) From 697bea04731614bcd2e1e10f0564863dc49a49fa Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Wed, 26 Aug 2020 17:43:25 -0500 Subject: [PATCH 028/264] Move arg for images to the list so we can reuse these fifo functions for videos --- lib/pleroma/helpers/media_helper.ex | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index fe11dd460..0299b16ae 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -29,7 +29,8 @@ defp prepare_image_resize_args(%{max_width: max_width, max_height: max_height} = args = [ "-interlace", "Plane", "-resize", resize, - "-quality", to_string(quality) + "-quality", to_string(quality), + "jpg:-" ] {:ok, args} end @@ -37,7 +38,7 @@ defp prepare_image_resize_args(%{max_width: max_width, max_height: max_height} = defp prepare_image_resize_args(_), do: {:error, :missing_options} defp run_fifo(fifo_path, env, executable, args) do - args = List.flatten([fifo_path, args, "jpg:-"]) + args = List.flatten([fifo_path, args]) pid = Port.open({:spawn_executable, executable}, [:use_stdio, :stream, :exit_status, :binary, args: args]) fifo = Port.open(to_charlist(fifo_path), [:eof, :binary, :stream, :out]) true = Port.command(fifo, env.body) From 157ecf402230c0b786f5765dd8b709d45c45974a Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 27 Aug 2020 11:46:56 -0500 Subject: [PATCH 029/264] Follow redirects. I think we should be using some global adapter options here, though. --- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index d465ce8d1..736b7db56 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -50,7 +50,9 @@ def preview(conn, %{"sig" => sig64, "url" => url64}) do defp handle_preview(conn, url) do with {:ok, %{status: status} = head_response} when status in 200..299 <- - Tesla.head(url, opts: [adapter: [timeout: preview_head_request_timeout()]]) do + Tesla.head(url, + opts: [adapter: [timeout: preview_head_request_timeout(), follow_redirect: true]] + ) do content_type = Tesla.get_header(head_response, "content-type") handle_preview(content_type, conn, url) else From ef9d12fcc500d7429bee0d6ccffe3596434aee52 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 27 Aug 2020 12:31:55 -0500 Subject: [PATCH 030/264] Attempt at supporting video thumbnails via ffmpeg --- lib/pleroma/helpers/media_helper.ex | 19 +++++++++++++++++++ .../web/media_proxy/media_proxy_controller.ex | 17 ++++++++++++++--- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 0299b16ae..7e1af8bac 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -37,6 +37,25 @@ defp prepare_image_resize_args(%{max_width: max_width, max_height: max_height} = defp prepare_image_resize_args(_), do: {:error, :missing_options} + def video_framegrab(url) do + with executable when is_binary(executable) <- System.find_executable("ffmpeg"), + args = [ + "-i", "-", + "-vframes", "1", + "-f", "mjpeg", + "-loglevel", "error", + "-" + ], + url = Pleroma.Web.MediaProxy.url(url), + {:ok, env} <- Pleroma.HTTP.get(url), + {:ok, fifo_path} <- mkfifo() do + run_fifo(fifo_path, env, executable, args) + else + nil -> {:error, {:ffmpeg, :command_not_found}} + {:error, _} = error -> error + end + end + defp run_fifo(fifo_path, env, executable, args) do args = List.flatten([fifo_path, args]) pid = Port.open({:spawn_executable, executable}, [:use_stdio, :stream, :exit_status, :binary, args: args]) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 736b7db56..7ac1a97e2 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -78,9 +78,7 @@ defp handle_preview("image/" <> _ = _content_type, conn, url) do end defp handle_preview("video/" <> _ = _content_type, conn, url) do - mediaproxy_url = url |> MediaProxy.url() - - redirect(conn, external: mediaproxy_url) + handle_video_preview(conn, url) end defp handle_preview(content_type, conn, _url) do @@ -106,6 +104,19 @@ defp handle_image_preview(%{params: params} = conn, url) do end end + defp handle_video_preview(conn, url) do + with {:ok, thumbnail_binary} <- + MediaHelper.video_framegrab(url) do + conn + |> put_resp_header("content-type", "image/jpeg") + |> put_resp_header("content-disposition", "inline; filename=\"preview.jpg\"") + |> send_resp(200, thumbnail_binary) + else + _ -> + send_resp(conn, :failed_dependency, "Can't handle preview.") + end + end + defp thumbnail_max_dimensions(params) do config = Config.get([:media_preview_proxy], []) From f1218a2b4e16178c8c1285157f7cd995dc950e3e Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 27 Aug 2020 12:47:29 -0500 Subject: [PATCH 031/264] ffmpeg needs input from fifo path, not stdin --- lib/pleroma/helpers/media_helper.ex | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 7e1af8bac..7c2bfbc53 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -39,16 +39,16 @@ defp prepare_image_resize_args(_), do: {:error, :missing_options} def video_framegrab(url) do with executable when is_binary(executable) <- System.find_executable("ffmpeg"), + url = Pleroma.Web.MediaProxy.url(url), + {:ok, env} <- Pleroma.HTTP.get(url), + {:ok, fifo_path} <- mkfifo(), args = [ - "-i", "-", + "-i", fifo_path, "-vframes", "1", "-f", "mjpeg", "-loglevel", "error", "-" - ], - url = Pleroma.Web.MediaProxy.url(url), - {:ok, env} <- Pleroma.HTTP.get(url), - {:ok, fifo_path} <- mkfifo() do + ] do run_fifo(fifo_path, env, executable, args) else nil -> {:error, {:ffmpeg, :command_not_found}} @@ -57,7 +57,12 @@ def video_framegrab(url) do end defp run_fifo(fifo_path, env, executable, args) do - args = List.flatten([fifo_path, args]) + args = + if _executable = System.find_executable("convert") do + List.flatten([fifo_path, args]) + else + args + end pid = Port.open({:spawn_executable, executable}, [:use_stdio, :stream, :exit_status, :binary, args: args]) fifo = Port.open(to_charlist(fifo_path), [:eof, :binary, :stream, :out]) true = Port.command(fifo, env.body) From dd1de994d57e3d9c99bb4e4c7019c696b5153f50 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 27 Aug 2020 13:10:40 -0500 Subject: [PATCH 032/264] Try to trick ffmpeg into working with this named pipe --- lib/pleroma/helpers/media_helper.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 7c2bfbc53..385a4df81 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -43,11 +43,12 @@ def video_framegrab(url) do {:ok, env} <- Pleroma.HTTP.get(url), {:ok, fifo_path} <- mkfifo(), args = [ + "-y", "-i", fifo_path, "-vframes", "1", "-f", "mjpeg", "-loglevel", "error", - "-" + "pipe:" ] do run_fifo(fifo_path, env, executable, args) else From 3a5231ec8fd0583d7f4bf05378d8bb81096c4f40 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 27 Aug 2020 16:33:37 -0500 Subject: [PATCH 033/264] Keep args construction within video/image scopes instead of mangling down in fifo town --- lib/pleroma/helpers/media_helper.ex | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 385a4df81..b42612ccb 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -16,6 +16,7 @@ def image_resize(url, options) do {:ok, env} <- Pleroma.HTTP.get(url), {:ok, fifo_path} <- mkfifo() do + args = List.flatten([fifo_path, args]) run_fifo(fifo_path, env, executable, args) else nil -> {:error, {:convert, :command_not_found}} @@ -58,12 +59,6 @@ def video_framegrab(url) do end defp run_fifo(fifo_path, env, executable, args) do - args = - if _executable = System.find_executable("convert") do - List.flatten([fifo_path, args]) - else - args - end pid = Port.open({:spawn_executable, executable}, [:use_stdio, :stream, :exit_status, :binary, args: args]) fifo = Port.open(to_charlist(fifo_path), [:eof, :binary, :stream, :out]) true = Port.command(fifo, env.body) From 67c79394e81cf9f5404afad29a397acf32dece33 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 27 Aug 2020 17:15:23 -0500 Subject: [PATCH 034/264] Support static avatars and header images with Mediaproxy Preview --- lib/pleroma/web/mastodon_api/views/account_view.ex | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 864c0417f..eef45b35d 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -181,8 +181,10 @@ defp do_render("show.json", %{user: user} = opts) do user = User.sanitize_html(user, User.html_filter_policy(opts[:for])) display_name = user.name || user.nickname - image = User.avatar_url(user) |> MediaProxy.url() + avatar = User.avatar_url(user) |> MediaProxy.url() + avatar_static = User.avatar_url(user) |> MediaProxy.preview_url() header = User.banner_url(user) |> MediaProxy.url() + header_static = User.banner_url(user) |> MediaProxy.preview_url() following_count = if !user.hide_follows_count or !user.hide_follows or opts[:for] == user do @@ -247,10 +249,10 @@ defp do_render("show.json", %{user: user} = opts) do statuses_count: user.note_count, note: user.bio || "", url: user.uri || user.ap_id, - avatar: image, - avatar_static: image, + avatar: avatar, + avatar_static: avatar_static, header: header, - header_static: header, + header_static: header_static, emojis: emojis, fields: user.fields, bot: bot, From 5b4d483f522f470b9d2cdb7f43d98dde427a1241 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 27 Aug 2020 17:28:21 -0500 Subject: [PATCH 035/264] Add a note about the avatars and banners situation --- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 7ac1a97e2..411dc95d0 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -67,6 +67,9 @@ defp handle_preview(conn, url) do end end + # TODO: find a workaround so avatar_static and banner_static can work. + # Those only permit GIFs for animation, so we have to permit a way to + # allow those to get real static variants. defp handle_preview("image/gif" = _content_type, conn, url) do mediaproxy_url = url |> MediaProxy.url() From ce387ce7306d944c11e63f0c86719afd5c2da2d2 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 28 Aug 2020 16:15:57 +0300 Subject: [PATCH 036/264] mix.exs: bump development version after 2.1.0 release --- mix.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.exs b/mix.exs index d7c408972..4de0c78db 100644 --- a/mix.exs +++ b/mix.exs @@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do def project do [ app: :pleroma, - version: version("2.1.0"), + version: version("2.1.50"), elixir: "~> 1.9", elixirc_paths: elixirc_paths(Mix.env()), compilers: [:phoenix, :gettext] ++ Mix.compilers(), From 35da3be9ddf2df042153978308178c94afe25737 Mon Sep 17 00:00:00 2001 From: Shpuld Shpludson Date: Fri, 28 Aug 2020 13:50:21 +0000 Subject: [PATCH 037/264] Add mention of sudo -Hu pleroma to docs --- docs/administration/updating.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/administration/updating.md b/docs/administration/updating.md index c994f3f16..ef2c9218c 100644 --- a/docs/administration/updating.md +++ b/docs/administration/updating.md @@ -18,9 +18,10 @@ su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate" 1. Go to the working directory of Pleroma (default is `/opt/pleroma`) 2. Run `git pull`. This pulls the latest changes from upstream. -3. Run `mix deps.get`. This pulls in any new dependencies. +3. Run `mix deps.get` [^1]. This pulls in any new dependencies. 4. Stop the Pleroma service. -5. Run `mix ecto.migrate`[^1]. This task performs database migrations, if there were any. +5. Run `mix ecto.migrate` [^1] [^2]. This task performs database migrations, if there were any. 6. Start the Pleroma service. -[^1]: Prefix with `MIX_ENV=prod` to run it using the production config file. +[^1]: Depending on which install guide you followed (for example on Debian/Ubuntu), you want to run `mix` tasks as `pleroma` user by adding `sudo -Hu pleroma` before the command. +[^2]: Prefix with `MIX_ENV=prod` to run it using the production config file. From f0fefc4f5c3aa4fa62f2edee72ee864a16e7176d Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Fri, 28 Aug 2020 18:17:44 +0300 Subject: [PATCH 038/264] marks notifications as read after mute --- lib/pleroma/notification.ex | 12 +++++ lib/pleroma/web/common_api/common_api.ex | 3 +- test/web/common_api/common_api_test.exs | 65 ++++++++++++++++++++++++ 3 files changed, 79 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index c1825f810..b952e81fa 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -648,4 +648,16 @@ def for_user_and_activity(user, activity) do ) |> Repo.one() end + + @spec mark_as_read(User.t(), Activity.t()) :: {integer(), nil | [term()]} + def mark_as_read(%User{id: id}, %Activity{data: %{"context" => context}}) do + from( + n in Notification, + join: a in assoc(n, :activity), + where: n.user_id == ^id, + where: n.seen == false, + where: fragment("?->>'context'", a.data) == ^context + ) + |> Repo.update_all(set: [seen: true]) + end end diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 5ad2b91c2..43e9e39a8 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -452,7 +452,8 @@ def unpin(id, user) do end def add_mute(user, activity) do - with {:ok, _} <- ThreadMute.add_mute(user.id, activity.data["context"]) do + with {:ok, _} <- ThreadMute.add_mute(user.id, activity.data["context"]), + _ <- Pleroma.Notification.mark_as_read(user, activity) do {:ok, activity} else {:error, _} -> {:error, dgettext("errors", "conversation is already muted")} diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 4ba6232dc..800db9a20 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -9,6 +9,7 @@ defmodule Pleroma.Web.CommonAPITest do alias Pleroma.Conversation.Participation alias Pleroma.Notification alias Pleroma.Object + alias Pleroma.Repo alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Transmogrifier @@ -18,6 +19,7 @@ defmodule Pleroma.Web.CommonAPITest do import Pleroma.Factory import Mock + import Ecto.Query, only: [from: 2] require Pleroma.Constants @@ -808,6 +810,69 @@ test "should unpin when deleting a status", %{user: user, activity: activity} do [user: user, activity: activity] end + test "marks notifications as read after mute" do + author = insert(:user) + activity = insert(:note_activity, user: author) + + friend1 = insert(:user) + friend2 = insert(:user) + + {:ok, reply_activity} = + CommonAPI.post( + friend2, + %{ + status: "@#{author.nickname} @#{friend1.nickname} test reply", + in_reply_to_status_id: activity.id + } + ) + + {:ok, favorite_activity} = CommonAPI.favorite(friend2, activity.id) + {:ok, repeat_activity} = CommonAPI.repeat(activity.id, friend1) + + assert Repo.aggregate( + from(n in Notification, where: n.seen == false and n.user_id == ^friend1.id), + :count + ) == 1 + + unread_notifications = + Repo.all(from(n in Notification, where: n.seen == false, where: n.user_id == ^author.id)) + + assert Enum.any?(unread_notifications, fn n -> + n.type == "favourite" && n.activity_id == favorite_activity.id + end) + + assert Enum.any?(unread_notifications, fn n -> + n.type == "reblog" && n.activity_id == repeat_activity.id + end) + + assert Enum.any?(unread_notifications, fn n -> + n.type == "mention" && n.activity_id == reply_activity.id + end) + + {:ok, _} = CommonAPI.add_mute(author, activity) + assert CommonAPI.thread_muted?(author, activity) + + assert Repo.aggregate( + from(n in Notification, where: n.seen == false and n.user_id == ^friend1.id), + :count + ) == 1 + + read_notifications = + Repo.all(from(n in Notification, where: n.seen == true, where: n.user_id == ^author.id)) + + assert Enum.any?(read_notifications, fn n -> + n.type == "favourite" && n.activity_id == favorite_activity.id + end) + + assert Enum.any?(read_notifications, fn n -> + n.type == "reblog" && n.activity_id == repeat_activity.id + end) + + assert Enum.any?(read_notifications, fn n -> + n.type == "mention" && n.activity_id == reply_activity.id + end) + end + test "add mute", %{user: user, activity: activity} do {:ok, _} = CommonAPI.add_mute(user, activity) assert CommonAPI.thread_muted?(user, activity) From dfceb03cf47374fdeab60784476b2e266208a4bb Mon Sep 17 00:00:00 2001 From: href Date: Fri, 28 Aug 2020 21:14:28 +0200 Subject: [PATCH 039/264] Rewrite MP4/MOV binaries to be faststart In some cases, MP4/MOV files can have the data _before_ the meta-data. Thus, ffmpeg (and all similar tools) cannot really process the input if it's given over stdin/streaming/pipes. BUT I REALLY DON'T WANT TO MAKE TEMPORARY FILES so here we go, an implementation of qtfaststart in elixir. --- lib/pleroma/helpers/media_helper.ex | 59 ++++++++---- lib/pleroma/helpers/qt_fast_start.ex | 131 +++++++++++++++++++++++++++ 2 files changed, 172 insertions(+), 18 deletions(-) create mode 100644 lib/pleroma/helpers/qt_fast_start.ex diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index b42612ccb..5ac75b326 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -14,8 +14,7 @@ def image_resize(url, options) do {:ok, args} <- prepare_image_resize_args(options), url = Pleroma.Web.MediaProxy.url(url), {:ok, env} <- Pleroma.HTTP.get(url), - {:ok, fifo_path} <- mkfifo() - do + {:ok, fifo_path} <- mkfifo() do args = List.flatten([fifo_path, args]) run_fifo(fifo_path, env, executable, args) else @@ -27,12 +26,17 @@ def image_resize(url, options) do defp prepare_image_resize_args(%{max_width: max_width, max_height: max_height} = options) do quality = options[:quality] || 85 resize = Enum.join([max_width, "x", max_height, ">"]) + args = [ - "-interlace", "Plane", - "-resize", resize, - "-quality", to_string(quality), - "jpg:-" + "-interlace", + "Plane", + "-resize", + resize, + "-quality", + to_string(quality), + "jpg:-" ] + {:ok, args} end @@ -45,11 +49,15 @@ def video_framegrab(url) do {:ok, fifo_path} <- mkfifo(), args = [ "-y", - "-i", fifo_path, - "-vframes", "1", - "-f", "mjpeg", - "-loglevel", "error", - "pipe:" + "-i", + fifo_path, + "-vframes", + "1", + "-f", + "mjpeg", + "-loglevel", + "error", + "-" ] do run_fifo(fifo_path, env, executable, args) else @@ -59,9 +67,18 @@ def video_framegrab(url) do end defp run_fifo(fifo_path, env, executable, args) do - pid = Port.open({:spawn_executable, executable}, [:use_stdio, :stream, :exit_status, :binary, args: args]) + pid = + Port.open({:spawn_executable, executable}, [ + :use_stdio, + :stream, + :exit_status, + :binary, + args: args + ]) + fifo = Port.open(to_charlist(fifo_path), [:eof, :binary, :stream, :out]) - true = Port.command(fifo, env.body) + fix = Pleroma.Helpers.QtFastStart.fix(env.body) + true = Port.command(fifo, fix) :erlang.port_close(fifo) loop_recv(pid) after @@ -70,10 +87,12 @@ defp run_fifo(fifo_path, env, executable, args) do defp mkfifo() do path = "#{@tmp_base}#{to_charlist(:erlang.phash2(self()))}" + case System.cmd("mkfifo", [path]) do {_, 0} -> spawn(fifo_guard(path)) {:ok, path} + {_, err} -> {:error, {:fifo_failed, err}} end @@ -81,8 +100,10 @@ defp mkfifo() do defp fifo_guard(path) do pid = self() - fn() -> + + fn -> ref = Process.monitor(pid) + receive do {:DOWN, ^ref, :process, ^pid, _} -> File.rm(path) @@ -98,14 +119,16 @@ defp loop_recv(pid, acc) do receive do {^pid, {:data, data}} -> loop_recv(pid, acc <> data) + {^pid, {:exit_status, 0}} -> {:ok, acc} + {^pid, {:exit_status, status}} -> {:error, status} - after - 5000 -> - :erlang.port_close(pid) - {:error, :timeout} + after + 5000 -> + :erlang.port_close(pid) + {:error, :timeout} end end end diff --git a/lib/pleroma/helpers/qt_fast_start.ex b/lib/pleroma/helpers/qt_fast_start.ex new file mode 100644 index 000000000..694b583b9 --- /dev/null +++ b/lib/pleroma/helpers/qt_fast_start.ex @@ -0,0 +1,131 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Helpers.QtFastStart do + @moduledoc """ + (WIP) Converts a "slow start" (data before metadatas) mov/mp4 file to a "fast start" one (metadatas before data). + """ + + # TODO: Cleanup and optimizations + # Inspirations: https://www.ffmpeg.org/doxygen/3.4/qt-faststart_8c_source.html + # https://github.com/danielgtaylor/qtfaststart/blob/master/qtfaststart/processor.py + # ISO/IEC 14496-12:2015, ISO/IEC 15444-12:2015 + # Paracetamol + + def fix(binary = <<0x00, 0x00, 0x00, _, 0x66, 0x74, 0x79, 0x70, _::binary>>) do + index = fix(binary, binary, 0, []) + + case index do + [{"ftyp", _, _, _, _}, {"mdat", _, _, _, _} | _] -> faststart(index) + [{"ftyp", _, _, _, _}, {"free", _, _, _, _}, {"mdat", _, _, _, _} | _] -> faststart(index) + _ -> binary + end + end + + def fix(binary) do + binary + end + + defp fix(<<>>, _bin, _pos, acc) do + :lists.reverse(acc) + end + + defp fix( + <>, + bin, + pos, + acc + ) do + if fourcc == "mdat" && size == 0 do + # mdat with 0 size means "seek to the end" -- also, in that case the file is probably OK. + acc = [ + {fourcc, pos, byte_size(bin) - pos, byte_size(bin) - pos, + <>} + | acc + ] + + fix(<<>>, bin, byte_size(bin), acc) + else + full_size = size - 8 + <> = rest + + acc = [ + {fourcc, pos, pos + size, size, + <>} + | acc + ] + + fix(rest, bin, pos + size, acc) + end + end + + defp faststart(index) do + {{_ftyp, _, _, _, ftyp}, index} = List.keytake(index, "ftyp", 0) + + # Skip re-writing the free fourcc as it's kind of useless. Why stream useless bytes when you can do without? + {free_size, index} = + case List.keytake(index, "free", 0) do + {{_, _, _, size, _}, index} -> {size, index} + _ -> {0, index} + end + + {{_moov, _, _, moov_size, moov}, index} = List.keytake(index, "moov", 0) + offset = -free_size + moov_size + rest = for {_, _, _, _, data} <- index, do: data, into: <<>> + <> = moov + new_moov = fix_moov(moov_data, offset) + <> + end + + defp fix_moov(moov, offset) do + fix_moov(moov, offset, <<>>) + end + + defp fix_moov(<<>>, _, acc), do: acc + + defp fix_moov( + <>, + offset, + acc + ) do + full_size = size - 8 + <> = rest + + data = + cond do + fourcc in ["trak", "mdia", "minf", "stbl"] -> + # Theses contains sto or co64 part + <>)::binary>> + + fourcc in ["stco", "co64"] -> + # fix the damn thing + <> = data + + entry_size = + case fourcc do + "stco" -> 4 + "co64" -> 8 + end + + {_, result} = + Enum.reduce(1..count, {rest, <<>>}, fn _, + {<>, acc} -> + {rest, <>} + end) + + <> + + true -> + <> + end + + acc = <> + fix_moov(rest, offset, acc) + end +end From 24d522c3b366b54b23bebaf07371145d50820d4a Mon Sep 17 00:00:00 2001 From: href Date: Sat, 29 Aug 2020 13:05:23 +0200 Subject: [PATCH 040/264] QtFastStart: optimize ~4-6x faster ~3~4x memory usage reduction (now mostly adds what we are rewriting in the metadatas) --- lib/pleroma/helpers/qt_fast_start.ex | 109 +++++++++++++-------------- 1 file changed, 54 insertions(+), 55 deletions(-) diff --git a/lib/pleroma/helpers/qt_fast_start.ex b/lib/pleroma/helpers/qt_fast_start.ex index 694b583b9..8cba06e54 100644 --- a/lib/pleroma/helpers/qt_fast_start.ex +++ b/lib/pleroma/helpers/qt_fast_start.ex @@ -13,10 +13,11 @@ defmodule Pleroma.Helpers.QtFastStart do # ISO/IEC 14496-12:2015, ISO/IEC 15444-12:2015 # Paracetamol - def fix(binary = <<0x00, 0x00, 0x00, _, 0x66, 0x74, 0x79, 0x70, _::binary>>) do - index = fix(binary, binary, 0, []) + def fix(binary = <<0x00, 0x00, 0x00, _, 0x66, 0x74, 0x79, 0x70, _::bits>>) do + index = fix(binary, 0, nil, nil, []) case index do + :abort -> binary [{"ftyp", _, _, _, _}, {"mdat", _, _, _, _} | _] -> faststart(index) [{"ftyp", _, _, _, _}, {"free", _, _, _, _}, {"mdat", _, _, _, _} | _] -> faststart(index) _ -> binary @@ -27,37 +28,32 @@ def fix(binary) do binary end - defp fix(<<>>, _bin, _pos, acc) do - :lists.reverse(acc) + # MOOV have been seen before MDAT- abort + defp fix(<<_::bits>>, _, true, false, _) do + :abort end defp fix( - <>, - bin, + <>, pos, + got_moov, + got_mdat, acc ) do - if fourcc == "mdat" && size == 0 do - # mdat with 0 size means "seek to the end" -- also, in that case the file is probably OK. - acc = [ - {fourcc, pos, byte_size(bin) - pos, byte_size(bin) - pos, - <>} - | acc - ] + full_size = (size - 8) * 8 + <> = rest - fix(<<>>, bin, byte_size(bin), acc) - else - full_size = size - 8 - <> = rest + acc = [ + {fourcc, pos, pos + size, size, + <>} + | acc + ] - acc = [ - {fourcc, pos, pos + size, size, - <>} - | acc - ] + fix(rest, pos + size, got_moov || fourcc == "moov", got_mdat || fourcc == "mdat", acc) + end - fix(rest, bin, pos + size, acc) - end + defp fix(<<>>, _pos, _, _, acc) do + :lists.reverse(acc) end defp faststart(index) do @@ -72,60 +68,63 @@ defp faststart(index) do {{_moov, _, _, moov_size, moov}, index} = List.keytake(index, "moov", 0) offset = -free_size + moov_size - rest = for {_, _, _, _, data} <- index, do: data, into: <<>> - <> = moov - new_moov = fix_moov(moov_data, offset) - <> + rest = for {_, _, _, _, data} <- index, do: data, into: [] + <> = moov + [ftyp, moov_head, fix_moov(moov_data, offset, []), rest] end - defp fix_moov(moov, offset) do - fix_moov(moov, offset, <<>>) - end - - defp fix_moov(<<>>, _, acc), do: acc - defp fix_moov( - <>, + <>, offset, acc ) do - full_size = size - 8 - <> = rest + full_size = (size - 8) * 8 + <> = rest data = cond do fourcc in ["trak", "mdia", "minf", "stbl"] -> # Theses contains sto or co64 part - <>)::binary>> + [<>, fix_moov(data, offset, [])] fourcc in ["stco", "co64"] -> # fix the damn thing - <> = data + <> = data entry_size = case fourcc do - "stco" -> 4 - "co64" -> 8 + "stco" -> 32 + "co64" -> 64 end - {_, result} = - Enum.reduce(1..count, {rest, <<>>}, fn _, - {<>, acc} -> - {rest, <>} - end) - - <> + [ + <>, + rewrite_entries(entry_size, offset, rest, []) + ] true -> - <> + [<>, data] end - acc = <> + acc = [acc | data] fix_moov(rest, offset, acc) end + + defp fix_moov(<<>>, _, acc), do: acc + + for size <- [32, 64] do + defp rewrite_entries( + unquote(size), + offset, + <>, + acc + ) do + rewrite_entries(unquote(size), offset, rest, [ + acc | <> + ]) + end + end + + defp rewrite_entries(_, _, <<>>, acc), do: acc end From 2d2af75777ae468fb08a2b09dc5af4636106a04b Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Sun, 30 Aug 2020 09:17:24 -0500 Subject: [PATCH 041/264] Support PNG previews to preserve alpha channels --- lib/pleroma/helpers/media_helper.ex | 17 ++++++++++ .../web/media_proxy/media_proxy_controller.ex | 32 +++++++++++++++++-- 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 5ac75b326..d8a6db4e1 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -23,6 +23,23 @@ def image_resize(url, options) do end end + defp prepare_image_resize_args( + %{max_width: max_width, max_height: max_height, format: "png"} = options + ) do + quality = options[:quality] || 85 + resize = Enum.join([max_width, "x", max_height, ">"]) + + args = [ + "-resize", + resize, + "-quality", + to_string(quality), + "png:-" + ] + + {:ok, args} + end + defp prepare_image_resize_args(%{max_width: max_width, max_height: max_height} = options) do quality = options[:quality] || 85 resize = Enum.join([max_width, "x", max_height, ">"]) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 411dc95d0..94fae6cac 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -76,8 +76,12 @@ defp handle_preview("image/gif" = _content_type, conn, url) do redirect(conn, external: mediaproxy_url) end + defp handle_preview("image/png" <> _ = _content_type, conn, url) do + handle_png_preview(conn, url) + end + defp handle_preview("image/" <> _ = _content_type, conn, url) do - handle_image_preview(conn, url) + handle_jpeg_preview(conn, url) end defp handle_preview("video/" <> _ = _content_type, conn, url) do @@ -88,7 +92,31 @@ defp handle_preview(content_type, conn, _url) do send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.") end - defp handle_image_preview(%{params: params} = conn, url) do + defp handle_png_preview(%{params: params} = conn, url) do + quality = Config.get!([:media_preview_proxy, :image_quality]) + + with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), + {:ok, thumbnail_binary} <- + MediaHelper.image_resize( + url, + %{ + max_width: thumbnail_max_width, + max_height: thumbnail_max_height, + quality: quality, + format: "png" + } + ) do + conn + |> put_resp_header("content-type", "image/png") + |> put_resp_header("content-disposition", "inline; filename=\"preview.png\"") + |> send_resp(200, thumbnail_binary) + else + _ -> + send_resp(conn, :failed_dependency, "Can't handle preview.") + end + end + + defp handle_jpeg_preview(%{params: params} = conn, url) do quality = Config.get!([:media_preview_proxy, :image_quality]) with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), From 4ef210a587113313cd6887b7499832d0c0798f7f Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Sun, 30 Aug 2020 09:32:22 -0500 Subject: [PATCH 042/264] Credo --- lib/pleroma/helpers/media_helper.ex | 2 +- lib/pleroma/helpers/qt_fast_start.ex | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index d8a6db4e1..9bd815c26 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -102,7 +102,7 @@ defp run_fifo(fifo_path, env, executable, args) do File.rm(fifo_path) end - defp mkfifo() do + defp mkfifo do path = "#{@tmp_base}#{to_charlist(:erlang.phash2(self()))}" case System.cmd("mkfifo", [path]) do diff --git a/lib/pleroma/helpers/qt_fast_start.ex b/lib/pleroma/helpers/qt_fast_start.ex index 8cba06e54..bb93224b5 100644 --- a/lib/pleroma/helpers/qt_fast_start.ex +++ b/lib/pleroma/helpers/qt_fast_start.ex @@ -13,7 +13,7 @@ defmodule Pleroma.Helpers.QtFastStart do # ISO/IEC 14496-12:2015, ISO/IEC 15444-12:2015 # Paracetamol - def fix(binary = <<0x00, 0x00, 0x00, _, 0x66, 0x74, 0x79, 0x70, _::bits>>) do + def fix(<<0x00, 0x00, 0x00, _, 0x66, 0x74, 0x79, 0x70, _::bits>> = binary) do index = fix(binary, 0, nil, nil, []) case index do @@ -59,7 +59,8 @@ defp fix(<<>>, _pos, _, _, acc) do defp faststart(index) do {{_ftyp, _, _, _, ftyp}, index} = List.keytake(index, "ftyp", 0) - # Skip re-writing the free fourcc as it's kind of useless. Why stream useless bytes when you can do without? + # Skip re-writing the free fourcc as it's kind of useless. + # Why stream useless bytes when you can do without? {free_size, index} = case List.keytake(index, "free", 0) do {{_, _, _, size, _}, index} -> {size, index} From 858e9a59ed8537e42c490645633266e13474ae99 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Mon, 31 Aug 2020 09:54:16 +0300 Subject: [PATCH 043/264] mix.lock: bump fast_sanitize The update brings a better error message for when cmake isn't installed --- mix.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mix.lock b/mix.lock index 86d0a75d7..afb4b06db 100644 --- a/mix.lock +++ b/mix.lock @@ -42,8 +42,8 @@ "ex_machina": {:hex, :ex_machina, "2.4.0", "09a34c5d371bfb5f78399029194a8ff67aff340ebe8ba19040181af35315eabb", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm", "a20bc9ddc721b33ea913b93666c5d0bdca5cbad7a67540784ae277228832d72c"}, "ex_syslogger": {:hex, :ex_syslogger, "1.5.2", "72b6aa2d47a236e999171f2e1ec18698740f40af0bd02c8c650bf5f1fd1bac79", [:mix], [{:poison, ">= 1.5.0", [hex: :poison, repo: "hexpm", optional: true]}, {:syslog, "~> 1.1.0", [hex: :syslog, repo: "hexpm", optional: false]}], "hexpm", "ab9fab4136dbc62651ec6f16fa4842f10cf02ab4433fa3d0976c01be99398399"}, "excoveralls": {:hex, :excoveralls, "0.13.1", "b9f1697f7c9e0cfe15d1a1d737fb169c398803ffcbc57e672aa007e9fd42864c", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "b4bb550e045def1b4d531a37fb766cbbe1307f7628bf8f0414168b3f52021cce"}, - "fast_html": {:hex, :fast_html, "2.0.2", "1fabc408b2baa965cf6399a48796326f2721b21b397a3c667bb3bb88fb9559a4", [:make, :mix], [{:elixir_make, "~> 0.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}], "hexpm", "f077e2c1597a6e2678e6cacc64f456a6c6024eb4240092c46d4212496dc59aba"}, - "fast_sanitize": {:hex, :fast_sanitize, "0.2.1", "3302421a988992b6cae08e68f77069e167ff116444183f3302e3c36017a50558", [:mix], [{:fast_html, "~> 2.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bcd2c54e328128515edd1a8fb032fdea7e5581672ba161fc5962d21ecee92502"}, + "fast_html": {:hex, :fast_html, "2.0.3", "27289dea6c3a22952191a2d4e07f546c0de8a351484782c2e797dbae06a5dc8a", [:make, :mix], [{:elixir_make, "~> 0.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}], "hexpm", "17d41fa8afe4e912ffe74e13b87ddb085382cd2b7393636d338495c9a8a7b518"}, + "fast_sanitize": {:hex, :fast_sanitize, "0.2.2", "3cbbaebaea6043865dfb5b4ecb0f1af066ad410a51470e353714b10c42007b81", [:mix], [{:fast_html, "~> 2.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "69f204db9250afa94a0d559d9110139850f57de2b081719fbafa1e9a89e94466"}, "flake_id": {:hex, :flake_id, "0.1.0", "7716b086d2e405d09b647121a166498a0d93d1a623bead243e1f74216079ccb3", [:mix], [{:base62, "~> 1.2", [hex: :base62, repo: "hexpm", optional: false]}, {:ecto, ">= 2.0.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm", "31fc8090fde1acd267c07c36ea7365b8604055f897d3a53dd967658c691bd827"}, "floki": {:hex, :floki, "0.27.0", "6b29a14283f1e2e8fad824bc930eaa9477c462022075df6bea8f0ad811c13599", [:mix], [{:html_entities, "~> 0.5.0", [hex: :html_entities, repo: "hexpm", optional: false]}], "hexpm", "583b8c13697c37179f1f82443bcc7ad2f76fbc0bf4c186606eebd658f7f2631b"}, "gen_smtp": {:hex, :gen_smtp, "0.15.0", "9f51960c17769b26833b50df0b96123605a8024738b62db747fece14eb2fbfcc", [:rebar3], [], "hexpm", "29bd14a88030980849c7ed2447b8db6d6c9278a28b11a44cafe41b791205440f"}, From d91c4feebeb199f7c584f0a4292ce6f9cc331798 Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 31 Aug 2020 11:02:54 +0200 Subject: [PATCH 044/264] Notification: Small refactor. --- lib/pleroma/notification.ex | 4 ++-- lib/pleroma/web/common_api/common_api.ex | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/notification.ex b/lib/pleroma/notification.ex index b952e81fa..8868a910e 100644 --- a/lib/pleroma/notification.ex +++ b/lib/pleroma/notification.ex @@ -649,8 +649,8 @@ def for_user_and_activity(user, activity) do |> Repo.one() end - @spec mark_as_read(User.t(), Activity.t()) :: {integer(), nil | [term()]} - def mark_as_read(%User{id: id}, %Activity{data: %{"context" => context}}) do + @spec mark_context_as_read(User.t(), String.t()) :: {integer(), nil | [term()]} + def mark_context_as_read(%User{id: id}, context) do from( n in Notification, join: a in assoc(n, :activity), diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 43e9e39a8..4ab533658 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -453,7 +453,7 @@ def unpin(id, user) do def add_mute(user, activity) do with {:ok, _} <- ThreadMute.add_mute(user.id, activity.data["context"]), - _ <- Pleroma.Notification.mark_as_read(user, activity) do + _ <- Pleroma.Notification.mark_context_as_read(user, activity.data["context"]) do {:ok, activity} else {:error, _} -> {:error, dgettext("errors", "conversation is already muted")} From 0a839d51a7adb034d6514ea647d90546c829813d Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Mon, 31 Aug 2020 13:08:50 +0300 Subject: [PATCH 045/264] [#2497] Added Cache-Control response header for media proxy preview endpoint. --- .../web/media_proxy/media_proxy_controller.ex | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 94fae6cac..2afcd861a 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -107,8 +107,7 @@ defp handle_png_preview(%{params: params} = conn, url) do } ) do conn - |> put_resp_header("content-type", "image/png") - |> put_resp_header("content-disposition", "inline; filename=\"preview.png\"") + |> put_preview_response_headers() |> send_resp(200, thumbnail_binary) else _ -> @@ -126,8 +125,7 @@ defp handle_jpeg_preview(%{params: params} = conn, url) do %{max_width: thumbnail_max_width, max_height: thumbnail_max_height, quality: quality} ) do conn - |> put_resp_header("content-type", "image/jpeg") - |> put_resp_header("content-disposition", "inline; filename=\"preview.jpg\"") + |> put_preview_response_headers() |> send_resp(200, thumbnail_binary) else _ -> @@ -139,8 +137,7 @@ defp handle_video_preview(conn, url) do with {:ok, thumbnail_binary} <- MediaHelper.video_framegrab(url) do conn - |> put_resp_header("content-type", "image/jpeg") - |> put_resp_header("content-disposition", "inline; filename=\"preview.jpg\"") + |> put_preview_response_headers() |> send_resp(200, thumbnail_binary) else _ -> @@ -148,6 +145,13 @@ defp handle_video_preview(conn, url) do end end + defp put_preview_response_headers(conn) do + conn + |> put_resp_header("content-type", "image/jpeg") + |> put_resp_header("content-disposition", "inline; filename=\"preview.jpg\"") + |> put_resp_header("cache-control", "max-age=0, private, must-revalidate") + end + defp thumbnail_max_dimensions(params) do config = Config.get([:media_preview_proxy], []) From 0b621a834acf751332f4d202bd50d4ff3e789176 Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 31 Aug 2020 16:48:17 +0200 Subject: [PATCH 046/264] Chats: Add cascading delete on both referenced users. Also remove the now-superfluous join in the chat controller, which was only used to filter out these cases. --- .../controllers/chat_controller.ex | 4 +--- .../20200831142509_chat_constraints.exs | 22 +++++++++++++++++++ test/chat_test.exs | 22 +++++++++++++++++++ 3 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 priv/repo/migrations/20200831142509_chat_constraints.exs diff --git a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex index 1f2e953f7..e8a1746d4 100644 --- a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex @@ -149,9 +149,7 @@ def index(%{assigns: %{user: %{id: user_id} = user}} = conn, _params) do from(c in Chat, where: c.user_id == ^user_id, where: c.recipient not in ^blocked_ap_ids, - order_by: [desc: c.updated_at], - inner_join: u in User, - on: u.ap_id == c.recipient + order_by: [desc: c.updated_at] ) |> Repo.all() diff --git a/priv/repo/migrations/20200831142509_chat_constraints.exs b/priv/repo/migrations/20200831142509_chat_constraints.exs new file mode 100644 index 000000000..868a40a45 --- /dev/null +++ b/priv/repo/migrations/20200831142509_chat_constraints.exs @@ -0,0 +1,22 @@ +defmodule Pleroma.Repo.Migrations.ChatConstraints do + use Ecto.Migration + + def change do + remove_orphans = """ + delete from chats where not exists(select id from users where ap_id = chats.recipient); + """ + + execute(remove_orphans) + + drop(constraint(:chats, "chats_user_id_fkey")) + + alter table(:chats) do + modify(:user_id, references(:users, type: :uuid, on_delete: :delete_all)) + + modify( + :recipient, + references(:users, column: :ap_id, type: :string, on_delete: :delete_all) + ) + end + end +end diff --git a/test/chat_test.exs b/test/chat_test.exs index 332f2180a..9e8a9ebf0 100644 --- a/test/chat_test.exs +++ b/test/chat_test.exs @@ -26,6 +26,28 @@ test "it creates a chat for a user and recipient" do assert chat.id end + test "deleting the user deletes the chat" do + user = insert(:user) + other_user = insert(:user) + + {:ok, chat} = Chat.bump_or_create(user.id, other_user.ap_id) + + Repo.delete(user) + + refute Chat.get_by_id(chat.id) + end + + test "deleting the recipient deletes the chat" do + user = insert(:user) + other_user = insert(:user) + + {:ok, chat} = Chat.bump_or_create(user.id, other_user.ap_id) + + Repo.delete(other_user) + + refute Chat.get_by_id(chat.id) + end + test "it returns and bumps a chat for a user and recipient if it already exists" do user = insert(:user) other_user = insert(:user) From dc3a418c270e48c6849159097f8bba57d2a2578e Mon Sep 17 00:00:00 2001 From: rinpatch Date: Tue, 1 Sep 2020 09:08:54 +0300 Subject: [PATCH 047/264] application.ex: disable warnings_as_errors at runtime see changed files for rationale --- lib/pleroma/application.ex | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index c0b5db9f1..005aba50a 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -39,6 +39,9 @@ def start(_type, _args) do # every time the application is restarted, so we disable module # conflicts at runtime Code.compiler_options(ignore_module_conflict: true) + # Disable warnings_as_errors at runtime, it breaks Phoenix live reload + # due to protocol consolidation warnings + Code.compiler_options(warnings_as_errors: false) Pleroma.Telemetry.Logger.attach() Config.Holder.save_default() Pleroma.HTML.compile_scrubbers() From 2ecc7d92308d624dc9edb50665d752a71f55f608 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 25 Aug 2020 00:38:10 +0200 Subject: [PATCH 048/264] transmogrifier: Remove mastodon emoji-format from emoji field --- lib/pleroma/web/activity_pub/transmogrifier.ex | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 76298c4a0..0831efadc 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -318,9 +318,6 @@ def fix_emoji(%{"tag" => tags} = object) when is_list(tags) do Map.put(mapping, name, data["icon"]["url"]) end) - # we merge mastodon and pleroma emoji into a single mapping, to allow for both wire formats - emoji = Map.merge(object["emoji"] || %{}, emoji) - Map.put(object, "emoji", emoji) end From a142da3e4f03f2bfee7af30cca59b0fdc82da73f Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 25 Aug 2020 01:16:12 +0200 Subject: [PATCH 049/264] Add new Emoji Ecto.Type and fix emoji in Question --- .../activity_pub/object_validators/emoji.ex | 34 +++++++++++++ .../object_validators/audio_validator.ex | 5 +- .../chat_message_validator.ex | 2 +- .../object_validators/event_validator.ex | 5 +- .../object_validators/note_validator.ex | 11 +++- .../object_validators/question_validator.ex | 5 +- .../chat_validation_test.exs | 1 + .../transmogrifier/question_handling_test.exs | 51 +++++++++++++++++++ 8 files changed, 105 insertions(+), 9 deletions(-) create mode 100644 lib/pleroma/ecto_type/activity_pub/object_validators/emoji.ex diff --git a/lib/pleroma/ecto_type/activity_pub/object_validators/emoji.ex b/lib/pleroma/ecto_type/activity_pub/object_validators/emoji.ex new file mode 100644 index 000000000..4aacc5c88 --- /dev/null +++ b/lib/pleroma/ecto_type/activity_pub/object_validators/emoji.ex @@ -0,0 +1,34 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.EctoType.ActivityPub.ObjectValidators.Emoji do + use Ecto.Type + + def type, do: :map + + def cast(data) when is_map(data) do + has_invalid_emoji? = + Enum.find(data, fn + {name, uri} when is_binary(name) and is_binary(uri) -> + # based on ObjectValidators.Uri.cast() + case URI.parse(uri) do + %URI{host: nil} -> true + %URI{host: ""} -> true + %URI{scheme: scheme} when scheme in ["https", "http"] -> false + _ -> true + end + + {_name, _uri} -> + true + end) + + if has_invalid_emoji?, do: :error, else: {:ok, data} + end + + def cast(_data), do: :error + + def dump(data), do: {:ok, data} + + def load(data), do: {:ok, data} +end diff --git a/lib/pleroma/web/activity_pub/object_validators/audio_validator.ex b/lib/pleroma/web/activity_pub/object_validators/audio_validator.ex index d1869f188..1a97c504a 100644 --- a/lib/pleroma/web/activity_pub/object_validators/audio_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/audio_validator.ex @@ -9,6 +9,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AudioValidator do alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes alias Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations + alias Pleroma.Web.ActivityPub.Transmogrifier import Ecto.Changeset @@ -33,8 +34,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AudioValidator do field(:attributedTo, ObjectValidators.ObjectID) field(:summary, :string) field(:published, ObjectValidators.DateTime) - # TODO: Write type - field(:emoji, :map, default: %{}) + field(:emoji, ObjectValidators.Emoji, default: %{}) field(:sensitive, :boolean, default: false) embeds_many(:attachment, AttachmentValidator) field(:replies_count, :integer, default: 0) @@ -83,6 +83,7 @@ defp fix(data) do data |> CommonFixes.fix_defaults() |> CommonFixes.fix_attribution() + |> Transmogrifier.fix_emoji() |> fix_url() end diff --git a/lib/pleroma/web/activity_pub/object_validators/chat_message_validator.ex b/lib/pleroma/web/activity_pub/object_validators/chat_message_validator.ex index 91b475393..6acd4a771 100644 --- a/lib/pleroma/web/activity_pub/object_validators/chat_message_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/chat_message_validator.ex @@ -22,7 +22,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.ChatMessageValidator do field(:content, ObjectValidators.SafeText) field(:actor, ObjectValidators.ObjectID) field(:published, ObjectValidators.DateTime) - field(:emoji, :map, default: %{}) + field(:emoji, ObjectValidators.Emoji, default: %{}) embeds_one(:attachment, AttachmentValidator) end diff --git a/lib/pleroma/web/activity_pub/object_validators/event_validator.ex b/lib/pleroma/web/activity_pub/object_validators/event_validator.ex index 07e4821a4..0b4c99dc0 100644 --- a/lib/pleroma/web/activity_pub/object_validators/event_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/event_validator.ex @@ -9,6 +9,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.EventValidator do alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes alias Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations + alias Pleroma.Web.ActivityPub.Transmogrifier import Ecto.Changeset @@ -39,8 +40,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.EventValidator do field(:attributedTo, ObjectValidators.ObjectID) field(:published, ObjectValidators.DateTime) - # TODO: Write type - field(:emoji, :map, default: %{}) + field(:emoji, ObjectValidators.Emoji, default: %{}) field(:sensitive, :boolean, default: false) embeds_many(:attachment, AttachmentValidator) field(:replies_count, :integer, default: 0) @@ -74,6 +74,7 @@ defp fix(data) do data |> CommonFixes.fix_defaults() |> CommonFixes.fix_attribution() + |> Transmogrifier.fix_emoji() end def changeset(struct, data) do diff --git a/lib/pleroma/web/activity_pub/object_validators/note_validator.ex b/lib/pleroma/web/activity_pub/object_validators/note_validator.ex index 20e735619..ab4469a59 100644 --- a/lib/pleroma/web/activity_pub/object_validators/note_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/note_validator.ex @@ -6,6 +6,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.NoteValidator do use Ecto.Schema alias Pleroma.EctoType.ActivityPub.ObjectValidators + alias Pleroma.Web.ActivityPub.Transmogrifier import Ecto.Changeset @@ -32,8 +33,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.NoteValidator do field(:actor, ObjectValidators.ObjectID) field(:attributedTo, ObjectValidators.ObjectID) field(:published, ObjectValidators.DateTime) - # TODO: Write type - field(:emoji, :map, default: %{}) + field(:emoji, ObjectValidators.Emoji, default: %{}) field(:sensitive, :boolean, default: false) # TODO: Write type field(:attachment, {:array, :map}, default: []) @@ -53,7 +53,14 @@ def cast_and_validate(data) do |> validate_data() end + defp fix(data) do + data + |> Transmogrifier.fix_emoji() + end + def cast_data(data) do + data = fix(data) + %__MODULE__{} |> cast(data, __schema__(:fields)) end diff --git a/lib/pleroma/web/activity_pub/object_validators/question_validator.ex b/lib/pleroma/web/activity_pub/object_validators/question_validator.ex index 712047424..934d3c1ea 100644 --- a/lib/pleroma/web/activity_pub/object_validators/question_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/question_validator.ex @@ -10,6 +10,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.QuestionValidator do alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes alias Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations alias Pleroma.Web.ActivityPub.ObjectValidators.QuestionOptionsValidator + alias Pleroma.Web.ActivityPub.Transmogrifier import Ecto.Changeset @@ -35,8 +36,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.QuestionValidator do field(:attributedTo, ObjectValidators.ObjectID) field(:summary, :string) field(:published, ObjectValidators.DateTime) - # TODO: Write type - field(:emoji, :map, default: %{}) + field(:emoji, ObjectValidators.Emoji, default: %{}) field(:sensitive, :boolean, default: false) embeds_many(:attachment, AttachmentValidator) field(:replies_count, :integer, default: 0) @@ -85,6 +85,7 @@ defp fix(data) do data |> CommonFixes.fix_defaults() |> CommonFixes.fix_attribution() + |> Transmogrifier.fix_emoji() |> fix_closed() end diff --git a/test/web/activity_pub/object_validators/chat_validation_test.exs b/test/web/activity_pub/object_validators/chat_validation_test.exs index 50bf03515..16e4808e5 100644 --- a/test/web/activity_pub/object_validators/chat_validation_test.exs +++ b/test/web/activity_pub/object_validators/chat_validation_test.exs @@ -69,6 +69,7 @@ test "validates for a basic object we build", %{valid_chat_message: valid_chat_m assert {:ok, object, _meta} = ObjectValidator.validate(valid_chat_message, []) assert Map.put(valid_chat_message, "attachment", nil) == object + assert match?(%{"firefox" => _}, object["emoji"]) end test "validates for a basic object with an attachment", %{ diff --git a/test/web/activity_pub/transmogrifier/question_handling_test.exs b/test/web/activity_pub/transmogrifier/question_handling_test.exs index c82361828..74ee79543 100644 --- a/test/web/activity_pub/transmogrifier/question_handling_test.exs +++ b/test/web/activity_pub/transmogrifier/question_handling_test.exs @@ -106,6 +106,57 @@ test "Mastodon Question activity with HTML tags in plaintext" do assert Enum.sort(object.data["oneOf"]) == Enum.sort(options) end + test "Mastodon Question activity with custom emojis" do + options = [ + %{ + "type" => "Note", + "name" => ":blobcat:", + "replies" => %{"totalItems" => 0, "type" => "Collection"} + }, + %{ + "type" => "Note", + "name" => ":blobfox:", + "replies" => %{"totalItems" => 0, "type" => "Collection"} + } + ] + + tag = [ + %{ + "icon" => %{ + "type" => "Image", + "url" => "https://blob.cat/emoji/custom/blobcats/blobcat.png" + }, + "id" => "https://blob.cat/emoji/custom/blobcats/blobcat.png", + "name" => ":blobcat:", + "type" => "Emoji", + "updated" => "1970-01-01T00:00:00Z" + }, + %{ + "icon" => %{"type" => "Image", "url" => "https://blob.cat/emoji/blobfox/blobfox.png"}, + "id" => "https://blob.cat/emoji/blobfox/blobfox.png", + "name" => ":blobfox:", + "type" => "Emoji", + "updated" => "1970-01-01T00:00:00Z" + } + ] + + data = + File.read!("test/fixtures/mastodon-question-activity.json") + |> Poison.decode!() + |> Kernel.put_in(["object", "oneOf"], options) + |> Kernel.put_in(["object", "tag"], tag) + + {:ok, %Activity{local: false} = activity} = Transmogrifier.handle_incoming(data) + object = Object.normalize(activity, false) + + assert object.data["oneOf"] == options + + assert object.data["emoji"] == %{ + "blobcat" => "https://blob.cat/emoji/custom/blobcats/blobcat.png", + "blobfox" => "https://blob.cat/emoji/blobfox/blobfox.png" + } + end + test "returns an error if received a second time" do data = File.read!("test/fixtures/mastodon-question-activity.json") |> Poison.decode!() From b960cede9a3183098ac5eb330fbc4d1c14efc034 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 25 Aug 2020 02:18:33 +0200 Subject: [PATCH 050/264] common_fixes: Force inserting context and context_id --- .../web/activity_pub/object_validators/common_fixes.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex index 721749de0..720213d73 100644 --- a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex +++ b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex @@ -11,8 +11,8 @@ def fix_defaults(data) do Utils.create_context(data["context"] || data["conversation"]) data - |> Map.put_new("context", context) - |> Map.put_new("context_id", context_id) + |> Map.put("context", context) + |> Map.put("context_id", context_id) end def fix_attribution(data) do From d9a21e4784a83a0780b353c967520cd203f44f3f Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 25 Aug 2020 02:21:19 +0200 Subject: [PATCH 051/264] fetcher: Remove fix_object call for Question activities --- lib/pleroma/object/fetcher.ex | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 6fdbc8efd..d26c5adf5 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -36,8 +36,7 @@ defp maybe_reinject_internal_fields(_, new_data), do: new_data defp reinject_object(%Object{data: %{"type" => "Question"}} = object, new_data) do Logger.debug("Reinjecting object #{new_data["id"]}") - with new_data <- Transmogrifier.fix_object(new_data), - data <- maybe_reinject_internal_fields(object, new_data), + with data <- maybe_reinject_internal_fields(object, new_data), {:ok, data, _} <- ObjectValidator.validate(data, %{}), changeset <- Object.change(object, %{data: data}), changeset <- touch_changeset(changeset), From 126461942b63bbb74900f296ebcee72d2a33f3d2 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Tue, 1 Sep 2020 09:25:32 +0300 Subject: [PATCH 052/264] User table: ensure bio is always a string Gets rid of '|| ""' in multiple places and fixes #2067 --- lib/pleroma/user.ex | 4 ++-- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- lib/pleroma/web/auth/pleroma_authenticator.ex | 2 +- lib/pleroma/web/mastodon_api/views/account_view.ex | 2 +- lib/pleroma/web/metadata/opengraph.ex | 2 +- lib/pleroma/web/metadata/twitter_card.ex | 2 +- .../migrations/20200901061256_ensure_bio_is_string.exs | 7 +++++++ .../migrations/20200901061637_bio_set_not_null.exs | 10 ++++++++++ test/user_test.exs | 2 +- .../controllers/admin_api_controller_test.exs | 2 +- test/web/twitter_api/util_controller_test.exs | 2 +- 11 files changed, 27 insertions(+), 10 deletions(-) create mode 100644 priv/repo/migrations/20200901061256_ensure_bio_is_string.exs create mode 100644 priv/repo/migrations/20200901061637_bio_set_not_null.exs diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index d2ad9516f..94c96de8d 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -83,7 +83,7 @@ defmodule Pleroma.User do ] schema "users" do - field(:bio, :string) + field(:bio, :string, default: "") field(:raw_bio, :string) field(:email, :string) field(:name, :string) @@ -1587,7 +1587,7 @@ def purge_user_changeset(user) do # "Right to be forgotten" # https://gdpr.eu/right-to-be-forgotten/ change(user, %{ - bio: nil, + bio: "", raw_bio: nil, email: nil, name: nil, diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 624a508ae..333621413 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -1224,7 +1224,7 @@ defp object_to_user_data(data) do name: data["name"], follower_address: data["followers"], following_address: data["following"], - bio: data["summary"], + bio: data["summary"] || "", actor_type: actor_type, also_known_as: Map.get(data, "alsoKnownAs", []), public_key: public_key, diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex index 200ca03dc..c611b3e09 100644 --- a/lib/pleroma/web/auth/pleroma_authenticator.ex +++ b/lib/pleroma/web/auth/pleroma_authenticator.ex @@ -68,7 +68,7 @@ def create_from_registration( nickname = value([registration_attrs["nickname"], Registration.nickname(registration)]) email = value([registration_attrs["email"], Registration.email(registration)]) name = value([registration_attrs["name"], Registration.name(registration)]) || nickname - bio = value([registration_attrs["bio"], Registration.description(registration)]) + bio = value([registration_attrs["bio"], Registration.description(registration)]) || "" random_password = :crypto.strong_rand_bytes(64) |> Base.encode64() diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 864c0417f..d2a30a548 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -245,7 +245,7 @@ defp do_render("show.json", %{user: user} = opts) do followers_count: followers_count, following_count: following_count, statuses_count: user.note_count, - note: user.bio || "", + note: user.bio, url: user.uri || user.ap_id, avatar: image, avatar_static: image, diff --git a/lib/pleroma/web/metadata/opengraph.ex b/lib/pleroma/web/metadata/opengraph.ex index 68c871e71..bb1b23208 100644 --- a/lib/pleroma/web/metadata/opengraph.ex +++ b/lib/pleroma/web/metadata/opengraph.ex @@ -61,7 +61,7 @@ def build_tags(%{ @impl Provider def build_tags(%{user: user}) do - with truncated_bio = Utils.scrub_html_and_truncate(user.bio || "") do + with truncated_bio = Utils.scrub_html_and_truncate(user.bio) do [ {:meta, [ diff --git a/lib/pleroma/web/metadata/twitter_card.ex b/lib/pleroma/web/metadata/twitter_card.ex index 5d08ce422..df34b033f 100644 --- a/lib/pleroma/web/metadata/twitter_card.ex +++ b/lib/pleroma/web/metadata/twitter_card.ex @@ -40,7 +40,7 @@ def build_tags(%{activity_id: id, object: object, user: user}) do @impl Provider def build_tags(%{user: user}) do - with truncated_bio = Utils.scrub_html_and_truncate(user.bio || "") do + with truncated_bio = Utils.scrub_html_and_truncate(user.bio) do [ title_tag(user), {:meta, [property: "twitter:description", content: truncated_bio], []}, diff --git a/priv/repo/migrations/20200901061256_ensure_bio_is_string.exs b/priv/repo/migrations/20200901061256_ensure_bio_is_string.exs new file mode 100644 index 000000000..0e3bb3c81 --- /dev/null +++ b/priv/repo/migrations/20200901061256_ensure_bio_is_string.exs @@ -0,0 +1,7 @@ +defmodule Pleroma.Repo.Migrations.EnsureBioIsString do + use Ecto.Migration + + def change do + execute("update users set bio = '' where bio is null", "") + end +end diff --git a/priv/repo/migrations/20200901061637_bio_set_not_null.exs b/priv/repo/migrations/20200901061637_bio_set_not_null.exs new file mode 100644 index 000000000..e3a67d4e7 --- /dev/null +++ b/priv/repo/migrations/20200901061637_bio_set_not_null.exs @@ -0,0 +1,10 @@ +defmodule Pleroma.Repo.Migrations.BioSetNotNull do + use Ecto.Migration + + def change do + execute( + "alter table users alter column bio set not null", + "alter table users alter column bio drop not null" + ) + end +end diff --git a/test/user_test.exs b/test/user_test.exs index 3cf248659..50f72549e 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -1466,7 +1466,7 @@ test "delete/1 purges a user when they wouldn't be fully deleted" do user = User.get_by_id(user.id) assert %User{ - bio: nil, + bio: "", raw_bio: nil, email: nil, name: nil, diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs index dbf478edf..3bc88c6a9 100644 --- a/test/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/web/admin_api/controllers/admin_api_controller_test.exs @@ -203,7 +203,7 @@ test "single user", %{admin: admin, conn: conn} do assert user.note_count == 0 assert user.follower_count == 0 assert user.following_count == 0 - assert user.bio == nil + assert user.bio == "" assert user.name == nil assert called(Pleroma.Web.Federator.publish(:_)) diff --git a/test/web/twitter_api/util_controller_test.exs b/test/web/twitter_api/util_controller_test.exs index 354d77b56..d164127ee 100644 --- a/test/web/twitter_api/util_controller_test.exs +++ b/test/web/twitter_api/util_controller_test.exs @@ -594,7 +594,7 @@ test "with proper permissions and valid password", %{conn: conn, user: user} do user = User.get_by_id(user.id) assert user.deactivated == true assert user.name == nil - assert user.bio == nil + assert user.bio == "" assert user.password_hash == nil end end From d8728580468ecf876e531440fa31aef6a3e33f7b Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 1 Sep 2020 12:48:39 +0200 Subject: [PATCH 053/264] Fix removing an account from a list Mastodon (Frontend) changed a different method for deletes, keeping old format as mastodon documentation is too loose --- .../web/api_spec/operations/list_operation.ex | 20 +++++++++++++------ .../controllers/list_controller.ex | 13 ++++++++++++ .../controllers/list_controller_test.exs | 20 ++++++++++++++++++- 3 files changed, 46 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/web/api_spec/operations/list_operation.ex b/lib/pleroma/web/api_spec/operations/list_operation.ex index c88ed5dd0..15039052e 100644 --- a/lib/pleroma/web/api_spec/operations/list_operation.ex +++ b/lib/pleroma/web/api_spec/operations/list_operation.ex @@ -114,7 +114,7 @@ def add_to_list_operation do description: "Add accounts to the given list.", operationId: "ListController.add_to_list", parameters: [id_param()], - requestBody: add_remove_accounts_request(), + requestBody: add_remove_accounts_request(true), security: [%{"oAuth" => ["write:lists"]}], responses: %{ 200 => Operation.response("Empty object", "application/json", %Schema{type: :object}) @@ -127,8 +127,16 @@ def remove_from_list_operation do tags: ["Lists"], summary: "Remove accounts from list", operationId: "ListController.remove_from_list", - parameters: [id_param()], - requestBody: add_remove_accounts_request(), + parameters: [ + id_param(), + Operation.parameter( + :account_ids, + :query, + %Schema{type: :array, items: %Schema{type: :string}}, + "Array of account IDs" + ) + ], + requestBody: add_remove_accounts_request(false), security: [%{"oAuth" => ["write:lists"]}], responses: %{ 200 => Operation.response("Empty object", "application/json", %Schema{type: :object}) @@ -171,7 +179,7 @@ defp create_update_request do ) end - defp add_remove_accounts_request do + defp add_remove_accounts_request(required) when is_boolean(required) do request_body( "Parameters", %Schema{ @@ -180,9 +188,9 @@ defp add_remove_accounts_request do properties: %{ account_ids: %Schema{type: :array, description: "Array of account IDs", items: FlakeID} }, - required: [:account_ids] + required: required && [:account_ids] }, - required: true + required: required ) end end diff --git a/lib/pleroma/web/mastodon_api/controllers/list_controller.ex b/lib/pleroma/web/mastodon_api/controllers/list_controller.ex index acdc76fd2..4df13cb81 100644 --- a/lib/pleroma/web/mastodon_api/controllers/list_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/list_controller.ex @@ -86,6 +86,19 @@ def remove_from_list( json(conn, %{}) end + def remove_from_list( + %{assigns: %{list: list}, params: %{account_ids: account_ids}} = conn, + _ + ) do + Enum.each(account_ids, fn account_id -> + with %User{} = followed <- User.get_cached_by_id(account_id) do + Pleroma.List.unfollow(list, followed) + end + end) + + json(conn, %{}) + end + defp list_by_id_and_user(%{assigns: %{user: user}, params: %{id: id}} = conn, _) do case Pleroma.List.get(id, user) do %Pleroma.List{} = list -> assign(conn, :list, list) diff --git a/test/web/mastodon_api/controllers/list_controller_test.exs b/test/web/mastodon_api/controllers/list_controller_test.exs index 57a9ef4a4..091ec006c 100644 --- a/test/web/mastodon_api/controllers/list_controller_test.exs +++ b/test/web/mastodon_api/controllers/list_controller_test.exs @@ -67,7 +67,7 @@ test "adding users to a list" do assert following == [other_user.follower_address] end - test "removing users from a list" do + test "removing users from a list, body params" do %{user: user, conn: conn} = oauth_access(["write:lists"]) other_user = insert(:user) third_user = insert(:user) @@ -85,6 +85,24 @@ test "removing users from a list" do assert following == [third_user.follower_address] end + test "removing users from a list, query params" do + %{user: user, conn: conn} = oauth_access(["write:lists"]) + other_user = insert(:user) + third_user = insert(:user) + {:ok, list} = Pleroma.List.create("name", user) + {:ok, list} = Pleroma.List.follow(list, other_user) + {:ok, list} = Pleroma.List.follow(list, third_user) + + assert %{} == + conn + |> put_req_header("content-type", "application/json") + |> delete("/api/v1/lists/#{list.id}/accounts?account_ids[]=#{other_user.id}") + |> json_response_and_validate_schema(:ok) + + %Pleroma.List{following: following} = Pleroma.List.get(list.id, user) + assert following == [third_user.follower_address] + end + test "listing users in a list" do %{user: user, conn: conn} = oauth_access(["read:lists"]) other_user = insert(:user) From 03d06062ab8feffbf7b03ecb7ff86c4a42af79ef Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Tue, 1 Sep 2020 19:12:45 +0300 Subject: [PATCH 054/264] don't fail on url fetch --- lib/pleroma/web/rich_media/parser.ex | 44 ++++++++++--------- .../rich_media/parsers/ttl/aws_signed_url.ex | 15 +++---- test/web/rich_media/aws_signed_url_test.exs | 2 +- test/web/rich_media/parser_test.exs | 26 ++++++++--- 4 files changed, 49 insertions(+), 38 deletions(-) diff --git a/lib/pleroma/web/rich_media/parser.ex b/lib/pleroma/web/rich_media/parser.ex index ca592833f..e9aa2dd03 100644 --- a/lib/pleroma/web/rich_media/parser.ex +++ b/lib/pleroma/web/rich_media/parser.ex @@ -3,6 +3,8 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.RichMedia.Parser do + require Logger + defp parsers do Pleroma.Config.get([:rich_media, :parsers]) end @@ -10,18 +12,19 @@ defp parsers do def parse(nil), do: {:error, "No URL provided"} if Pleroma.Config.get(:env) == :test do + @spec parse(String.t()) :: {:ok, map()} | {:error, any()} def parse(url), do: parse_url(url) else + @spec parse(String.t()) :: {:ok, map()} | {:error, any()} def parse(url) do - try do - Cachex.fetch!(:rich_media_cache, url, fn _ -> - {:commit, parse_url(url)} - end) - |> set_ttl_based_on_image(url) - rescue - e -> - {:error, "Cachex error: #{inspect(e)}"} - end + Cachex.fetch!(:rich_media_cache, url, fn _ -> + with {:ok, data} <- parse_url(url) do + {:commit, {:ok, data}} + else + error -> {:ignore, error} + end + end) + |> set_ttl_based_on_image(url) end end @@ -47,9 +50,11 @@ def ttl(data, url) do config :pleroma, :rich_media, ttl_setters: [MyModule] """ + @spec set_ttl_based_on_image({:ok, map()} | {:error, any()}, String.t()) :: + {:ok, map()} | {:error, any()} def set_ttl_based_on_image({:ok, data}, url) do with {:ok, nil} <- Cachex.ttl(:rich_media_cache, url), - ttl when is_number(ttl) <- get_ttl_from_image(data, url) do + {:ok, ttl} when is_number(ttl) <- get_ttl_from_image(data, url) do Cachex.expire_at(:rich_media_cache, url, ttl * 1000) {:ok, data} else @@ -58,8 +63,14 @@ def set_ttl_based_on_image({:ok, data}, url) do end end + def set_ttl_based_on_image({:error, _} = error, _) do + Logger.error("parsing error: #{inspect(error)}") + error + end + defp get_ttl_from_image(data, url) do - Pleroma.Config.get([:rich_media, :ttl_setters]) + [:rich_media, :ttl_setters] + |> Pleroma.Config.get() |> Enum.reduce({:ok, nil}, fn module, {:ok, _ttl} -> module.ttl(data, url) @@ -70,23 +81,16 @@ defp get_ttl_from_image(data, url) do end defp parse_url(url) do - try do - {:ok, %Tesla.Env{body: html}} = Pleroma.Web.RichMedia.Helpers.rich_media_get(url) - + with {:ok, %Tesla.Env{body: html}} <- Pleroma.Web.RichMedia.Helpers.rich_media_get(url), + {:ok, html} <- Floki.parse_document(html) do html - |> parse_html() |> maybe_parse() |> Map.put("url", url) |> clean_parsed_data() |> check_parsed_data() - rescue - e -> - {:error, "Parsing error: #{inspect(e)} #{inspect(__STACKTRACE__)}"} end end - defp parse_html(html), do: Floki.parse_document!(html) - defp maybe_parse(html) do Enum.reduce_while(parsers(), %{}, fn parser, acc -> case parser.parse(html, acc) do diff --git a/lib/pleroma/web/rich_media/parsers/ttl/aws_signed_url.ex b/lib/pleroma/web/rich_media/parsers/ttl/aws_signed_url.ex index 0dc1efdaf..c5aaea2d4 100644 --- a/lib/pleroma/web/rich_media/parsers/ttl/aws_signed_url.ex +++ b/lib/pleroma/web/rich_media/parsers/ttl/aws_signed_url.ex @@ -10,20 +10,15 @@ def ttl(data, _url) do |> parse_query_params() |> format_query_params() |> get_expiration_timestamp() + else + {:error, "Not aws signed url #{inspect(image)}"} end end - defp is_aws_signed_url(""), do: nil - defp is_aws_signed_url(nil), do: nil - - defp is_aws_signed_url(image) when is_binary(image) do + defp is_aws_signed_url(image) when is_binary(image) and image != "" do %URI{host: host, query: query} = URI.parse(image) - if String.contains?(host, "amazonaws.com") and String.contains?(query, "X-Amz-Expires") do - image - else - nil - end + String.contains?(host, "amazonaws.com") and String.contains?(query, "X-Amz-Expires") end defp is_aws_signed_url(_), do: nil @@ -46,6 +41,6 @@ defp get_expiration_timestamp(params) when is_map(params) do |> Map.get("X-Amz-Date") |> Timex.parse("{ISO:Basic:Z}") - Timex.to_unix(date) + String.to_integer(Map.get(params, "X-Amz-Expires")) + {:ok, Timex.to_unix(date) + String.to_integer(Map.get(params, "X-Amz-Expires"))} end end diff --git a/test/web/rich_media/aws_signed_url_test.exs b/test/web/rich_media/aws_signed_url_test.exs index b30f4400e..a21f3c935 100644 --- a/test/web/rich_media/aws_signed_url_test.exs +++ b/test/web/rich_media/aws_signed_url_test.exs @@ -21,7 +21,7 @@ test "s3 signed url is parsed correct for expiration time" do expire_time = Timex.parse!(timestamp, "{ISO:Basic:Z}") |> Timex.to_unix() |> Kernel.+(valid_till) - assert expire_time == Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl.ttl(metadata, url) + assert {:ok, expire_time} == Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl.ttl(metadata, url) end test "s3 signed url is parsed and correct ttl is set for rich media" do diff --git a/test/web/rich_media/parser_test.exs b/test/web/rich_media/parser_test.exs index 420a612c6..1e09cbf84 100644 --- a/test/web/rich_media/parser_test.exs +++ b/test/web/rich_media/parser_test.exs @@ -5,6 +5,8 @@ defmodule Pleroma.Web.RichMedia.ParserTest do use ExUnit.Case, async: true + alias Pleroma.Web.RichMedia.Parser + setup do Tesla.Mock.mock(fn %{ @@ -48,23 +50,29 @@ defmodule Pleroma.Web.RichMedia.ParserTest do %{method: :get, url: "http://example.com/empty"} -> %Tesla.Env{status: 200, body: "hello"} + + %{method: :get, url: "http://example.com/malformed"} -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/malformed-data.html")} + + %{method: :get, url: "http://example.com/error"} -> + {:error, :overload} end) :ok end test "returns error when no metadata present" do - assert {:error, _} = Pleroma.Web.RichMedia.Parser.parse("http://example.com/empty") + assert {:error, _} = Parser.parse("http://example.com/empty") end test "doesn't just add a title" do - assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/non-ogp") == + assert Parser.parse("http://example.com/non-ogp") == {:error, "Found metadata was invalid or incomplete: %{\"url\" => \"http://example.com/non-ogp\"}"} end test "parses ogp" do - assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/ogp") == + assert Parser.parse("http://example.com/ogp") == {:ok, %{ "image" => "http://ia.media-imdb.com/images/rock.jpg", @@ -77,7 +85,7 @@ test "parses ogp" do end test "falls back to when ogp:title is missing" do - assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/ogp-missing-title") == + assert Parser.parse("http://example.com/ogp-missing-title") == {:ok, %{ "image" => "http://ia.media-imdb.com/images/rock.jpg", @@ -90,7 +98,7 @@ test "falls back to <title> when ogp:title is missing" do end test "parses twitter card" do - assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/twitter-card") == + assert Parser.parse("http://example.com/twitter-card") == {:ok, %{ "card" => "summary", @@ -103,7 +111,7 @@ test "parses twitter card" do end test "parses OEmbed" do - assert Pleroma.Web.RichMedia.Parser.parse("http://example.com/oembed") == + assert Parser.parse("http://example.com/oembed") == {:ok, %{ "author_name" => "‮‭‬bees‬", @@ -132,6 +140,10 @@ test "parses OEmbed" do end test "rejects invalid OGP data" do - assert {:error, _} = Pleroma.Web.RichMedia.Parser.parse("http://example.com/malformed") + assert {:error, _} = Parser.parse("http://example.com/malformed") + end + + test "returns error if getting page was not successful" do + assert {:error, :overload} = Parser.parse("http://example.com/error") end end From 0a9c63fb4351ed29a521697f2c584b0ae007696c Mon Sep 17 00:00:00 2001 From: Sean King <seanking2919@protonmail.com> Date: Tue, 1 Sep 2020 12:20:32 -0600 Subject: [PATCH 055/264] Fix frontend install mix task bug --- lib/mix/tasks/pleroma/frontend.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/mix/tasks/pleroma/frontend.ex b/lib/mix/tasks/pleroma/frontend.ex index 2adbf8d72..0a48be1fe 100644 --- a/lib/mix/tasks/pleroma/frontend.ex +++ b/lib/mix/tasks/pleroma/frontend.ex @@ -69,7 +69,7 @@ def run(["install", frontend | args]) do fe_label = "#{frontend} (#{ref})" - tmp_dir = Path.join(dest, "tmp") + tmp_dir = Path.join([instance_static_dir, "frontends", "tmp"]) with {_, :ok} <- {:download_or_unzip, download_or_unzip(frontend_info, tmp_dir, options[:file])}, @@ -133,6 +133,7 @@ defp download_build(frontend_info, dest) do defp install_frontend(frontend_info, source, dest) do from = frontend_info["build_dir"] || "dist" + File.rm_rf!(dest) File.mkdir_p!(dest) File.cp_r!(Path.join([source, from]), dest) :ok From 6ce28c409137972ee9b105b9d7ab4a0fd2a0d08b Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov <ivantashkinov@gmail.com> Date: Tue, 1 Sep 2020 21:21:58 +0300 Subject: [PATCH 056/264] [#2497] Fix for png media proxy preview response headers (content-type & content-disposition). --- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 2afcd861a..961c73666 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -67,7 +67,7 @@ defp handle_preview(conn, url) do end end - # TODO: find a workaround so avatar_static and banner_static can work. + # TODO: find a workaround so avatar_static and header_static can work. # Those only permit GIFs for animation, so we have to permit a way to # allow those to get real static variants. defp handle_preview("image/gif" = _content_type, conn, url) do @@ -107,7 +107,7 @@ defp handle_png_preview(%{params: params} = conn, url) do } ) do conn - |> put_preview_response_headers() + |> put_preview_response_headers("image/png", "preview.png") |> send_resp(200, thumbnail_binary) else _ -> @@ -145,10 +145,10 @@ defp handle_video_preview(conn, url) do end end - defp put_preview_response_headers(conn) do + defp put_preview_response_headers(conn, content_type \\ "image/jpeg", filename \\ "preview.jpg") do conn - |> put_resp_header("content-type", "image/jpeg") - |> put_resp_header("content-disposition", "inline; filename=\"preview.jpg\"") + |> put_resp_header("content-type", content_type) + |> put_resp_header("content-disposition", "inline; filename=\"#{filename}\"") |> put_resp_header("cache-control", "max-age=0, private, must-revalidate") end From 868057871ac041346d8367181f00f0b127b33945 Mon Sep 17 00:00:00 2001 From: Karol Kosek <krkk@krkk.ct8.pl> Date: Tue, 1 Sep 2020 19:56:32 +0200 Subject: [PATCH 057/264] search: fix 'following' query parameter The parameter included the accounts that are following you (followers) instead of those you are actually following. Co-Authored-By: Haelwenn (lanodan) Monnier <contact@hacktivis.me> --- CHANGELOG.md | 5 +++++ lib/pleroma/user/search.ex | 2 +- test/user_search_test.exs | 24 ++++++++++++------------ 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0850deed7..07bc6d77c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## unreleased-patch - ??? + +### Fixed +- Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers + ## [2.1.0] - 2020-08-28 ### Changed diff --git a/lib/pleroma/user/search.ex b/lib/pleroma/user/search.ex index d4fd31069..adbef7fb8 100644 --- a/lib/pleroma/user/search.ex +++ b/lib/pleroma/user/search.ex @@ -116,7 +116,7 @@ defp trigram_rank(query, query_string) do end defp base_query(_user, false), do: User - defp base_query(user, true), do: User.get_followers_query(user) + defp base_query(user, true), do: User.get_friends_query(user) defp filter_invisible_users(query) do from(q in query, where: q.invisible == false) diff --git a/test/user_search_test.exs b/test/user_search_test.exs index 559ba5966..01976bf58 100644 --- a/test/user_search_test.exs +++ b/test/user_search_test.exs @@ -109,22 +109,22 @@ test "finds users, boosting ranks of friends and followers" do Enum.map(User.search("doe", resolve: false, for_user: u1), & &1.id) == [] end - test "finds followers of user by partial name" do - u1 = insert(:user) - u2 = insert(:user, %{name: "Jimi"}) - follower_jimi = insert(:user, %{name: "Jimi Hendrix"}) - follower_lizz = insert(:user, %{name: "Lizz Wright"}) - friend = insert(:user, %{name: "Jimi"}) + test "finds followings of user by partial name" do + lizz = insert(:user, %{name: "Lizz"}) + jimi = insert(:user, %{name: "Jimi"}) + following_lizz = insert(:user, %{name: "Jimi Hendrix"}) + following_jimi = insert(:user, %{name: "Lizz Wright"}) + follower_lizz = insert(:user, %{name: "Jimi"}) - {:ok, follower_jimi} = User.follow(follower_jimi, u1) - {:ok, _follower_lizz} = User.follow(follower_lizz, u2) - {:ok, u1} = User.follow(u1, friend) + {:ok, lizz} = User.follow(lizz, following_lizz) + {:ok, _jimi} = User.follow(jimi, following_jimi) + {:ok, _follower_lizz} = User.follow(follower_lizz, lizz) - assert Enum.map(User.search("jimi", following: true, for_user: u1), & &1.id) == [ - follower_jimi.id + assert Enum.map(User.search("jimi", following: true, for_user: lizz), & &1.id) == [ + following_lizz.id ] - assert User.search("lizz", following: true, for_user: u1) == [] + assert User.search("lizz", following: true, for_user: lizz) == [] end test "find local and remote users for authenticated users" do From c17d83cd7330d5c874f647a5224a3a130ed88fb0 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Wed, 19 Aug 2020 10:22:59 +0300 Subject: [PATCH 058/264] improvements and fixes for http requests - fix for gun worker termination in some circumstances - pool for http clients (ex_aws, tzdata) - default pool timeouts for gun - gun retries on gun_down messages - s3 upload timeout if streaming enabled --- config/config.exs | 12 +++++--- lib/pleroma/gun/connection_pool/worker.ex | 35 ++++++++++++++++------- lib/pleroma/http/adapter_helper.ex | 16 +++++++---- lib/pleroma/http/adapter_helper/gun.ex | 18 ++++++------ lib/pleroma/http/ex_aws.ex | 2 ++ lib/pleroma/http/tzdata.ex | 4 +++ lib/pleroma/uploaders/s3.ex | 19 ++++++++---- 7 files changed, 70 insertions(+), 36 deletions(-) diff --git a/config/config.exs b/config/config.exs index 246712b9f..ea8869d48 100644 --- a/config/config.exs +++ b/config/config.exs @@ -740,19 +740,23 @@ config :pleroma, :pools, federation: [ size: 50, - max_waiting: 10 + max_waiting: 10, + timeout: 10_000 ], media: [ size: 50, - max_waiting: 10 + max_waiting: 10, + timeout: 10_000 ], upload: [ size: 25, - max_waiting: 5 + max_waiting: 5, + timeout: 15_000 ], default: [ size: 10, - max_waiting: 2 + max_waiting: 2, + timeout: 5_000 ] config :pleroma, :hackney_pools, diff --git a/lib/pleroma/gun/connection_pool/worker.ex b/lib/pleroma/gun/connection_pool/worker.ex index fec9d0efa..c36332817 100644 --- a/lib/pleroma/gun/connection_pool/worker.ex +++ b/lib/pleroma/gun/connection_pool/worker.ex @@ -83,17 +83,25 @@ def handle_call(:remove_client, {client_pid, _}, %{key: key} = state) do end) {ref, state} = pop_in(state.client_monitors[client_pid]) - Process.demonitor(ref) - - timer = - if used_by == [] do - max_idle = Pleroma.Config.get([:connections_pool, :max_idle_time], 30_000) - Process.send_after(self(), :idle_close, max_idle) + # DOWN message can receive right after `remove_client` call and cause worker to terminate + state = + if is_nil(ref) do + state else - nil + Process.demonitor(ref) + + timer = + if used_by == [] do + max_idle = Pleroma.Config.get([:connections_pool, :max_idle_time], 30_000) + Process.send_after(self(), :idle_close, max_idle) + else + nil + end + + %{state | timer: timer} end - {:reply, :ok, %{state | timer: timer}, :hibernate} + {:reply, :ok, state, :hibernate} end @impl true @@ -103,16 +111,21 @@ def handle_info(:idle_close, state) do {:stop, :normal, state} end + @impl true + def handle_info({:gun_up, _pid, _protocol}, state) do + {:noreply, state, :hibernate} + end + # Gracefully shutdown if the connection got closed without any streams left @impl true def handle_info({:gun_down, _pid, _protocol, _reason, []}, state) do {:stop, :normal, state} end - # Otherwise, shutdown with an error + # Otherwise, wait for retry @impl true - def handle_info({:gun_down, _pid, _protocol, _reason, _killed_streams} = down_message, state) do - {:stop, {:error, down_message}, state} + def handle_info({:gun_down, _pid, _protocol, _reason, _killed_streams}, state) do + {:noreply, state, :hibernate} end @impl true diff --git a/lib/pleroma/http/adapter_helper.ex b/lib/pleroma/http/adapter_helper.ex index 9ec3836b0..740e6e9ff 100644 --- a/lib/pleroma/http/adapter_helper.ex +++ b/lib/pleroma/http/adapter_helper.ex @@ -10,6 +10,7 @@ defmodule Pleroma.HTTP.AdapterHelper do @type proxy_type() :: :socks4 | :socks5 @type host() :: charlist() | :inet.ip_address() + @type pool() :: :federation | :upload | :media | :default alias Pleroma.Config alias Pleroma.HTTP.AdapterHelper @@ -44,14 +45,13 @@ def maybe_add_proxy(opts, proxy), do: Keyword.put_new(opts, :proxy, proxy) @spec options(URI.t(), keyword()) :: keyword() def options(%URI{} = uri, opts \\ []) do @defaults - |> put_timeout() |> Keyword.merge(opts) + |> put_timeout() |> adapter_helper().options(uri) end - # For Hackney, this is the time a connection can stay idle in the pool. - # For Gun, this is the timeout to receive a message from Gun. - defp put_timeout(opts) do + @spec pool_timeout(pool()) :: non_neg_integer() + def pool_timeout(pool) do {config_key, default} = if adapter() == Tesla.Adapter.Gun do {:pools, Config.get([:pools, :default, :timeout], 5_000)} @@ -59,9 +59,13 @@ defp put_timeout(opts) do {:hackney_pools, 10_000} end - timeout = Config.get([config_key, opts[:pool], :timeout], default) + Config.get([config_key, pool, :timeout], default) + end - Keyword.merge(opts, timeout: timeout) + # For Hackney, this is the time a connection can stay idle in the pool. + # For Gun, this is the timeout to receive a message from Gun. + defp put_timeout(opts) do + Keyword.put_new(opts, :timeout, pool_timeout(opts[:pool])) end def get_conn(uri, opts), do: adapter_helper().get_conn(uri, opts) diff --git a/lib/pleroma/http/adapter_helper/gun.ex b/lib/pleroma/http/adapter_helper/gun.ex index b4ff8306c..db0a298b3 100644 --- a/lib/pleroma/http/adapter_helper/gun.ex +++ b/lib/pleroma/http/adapter_helper/gun.ex @@ -5,6 +5,7 @@ defmodule Pleroma.HTTP.AdapterHelper.Gun do @behaviour Pleroma.HTTP.AdapterHelper + alias Pleroma.Config alias Pleroma.Gun.ConnectionPool alias Pleroma.HTTP.AdapterHelper @@ -14,7 +15,7 @@ defmodule Pleroma.HTTP.AdapterHelper.Gun do connect_timeout: 5_000, domain_lookup_timeout: 5_000, tls_handshake_timeout: 5_000, - retry: 0, + retry: 1, retry_timeout: 1000, await_up_timeout: 5_000 ] @@ -22,10 +23,11 @@ defmodule Pleroma.HTTP.AdapterHelper.Gun do @spec options(keyword(), URI.t()) :: keyword() def options(incoming_opts \\ [], %URI{} = uri) do proxy = - Pleroma.Config.get([:http, :proxy_url]) + [:http, :proxy_url] + |> Config.get() |> AdapterHelper.format_proxy() - config_opts = Pleroma.Config.get([:http, :adapter], []) + config_opts = Config.get([:http, :adapter], []) @defaults |> Keyword.merge(config_opts) @@ -37,8 +39,7 @@ def options(incoming_opts \\ [], %URI{} = uri) do defp add_scheme_opts(opts, %{scheme: "http"}), do: opts defp add_scheme_opts(opts, %{scheme: "https"}) do - opts - |> Keyword.put(:certificates_verification, true) + Keyword.put(opts, :certificates_verification, true) end @spec get_conn(URI.t(), keyword()) :: {:ok, keyword()} | {:error, atom()} @@ -51,11 +52,11 @@ def get_conn(uri, opts) do @prefix Pleroma.Gun.ConnectionPool def limiter_setup do - wait = Pleroma.Config.get([:connections_pool, :connection_acquisition_wait]) - retries = Pleroma.Config.get([:connections_pool, :connection_acquisition_retries]) + wait = Config.get([:connections_pool, :connection_acquisition_wait]) + retries = Config.get([:connections_pool, :connection_acquisition_retries]) :pools - |> Pleroma.Config.get([]) + |> Config.get([]) |> Enum.each(fn {name, opts} -> max_running = Keyword.get(opts, :size, 50) max_waiting = Keyword.get(opts, :max_waiting, 10) @@ -69,7 +70,6 @@ def limiter_setup do case result do :ok -> :ok {:error, :existing} -> :ok - e -> raise e end end) diff --git a/lib/pleroma/http/ex_aws.ex b/lib/pleroma/http/ex_aws.ex index e53e64077..2fe8beafc 100644 --- a/lib/pleroma/http/ex_aws.ex +++ b/lib/pleroma/http/ex_aws.ex @@ -11,6 +11,8 @@ defmodule Pleroma.HTTP.ExAws do @impl true def request(method, url, body \\ "", headers \\ [], http_opts \\ []) do + http_opts = Keyword.put(http_opts, :adapter, pool: :upload) + case HTTP.request(method, url, body, headers, http_opts) do {:ok, env} -> {:ok, %{status_code: env.status, headers: env.headers, body: env.body}} diff --git a/lib/pleroma/http/tzdata.ex b/lib/pleroma/http/tzdata.ex index 34bb253a7..7dd3352ff 100644 --- a/lib/pleroma/http/tzdata.ex +++ b/lib/pleroma/http/tzdata.ex @@ -11,6 +11,8 @@ defmodule Pleroma.HTTP.Tzdata do @impl true def get(url, headers, options) do + options = Keyword.put(options, :adapter, pool: :upload) + with {:ok, %Tesla.Env{} = env} <- HTTP.get(url, headers, options) do {:ok, {env.status, env.headers, env.body}} end @@ -18,6 +20,8 @@ def get(url, headers, options) do @impl true def head(url, headers, options) do + options = Keyword.put(options, :adapter, pool: :upload) + with {:ok, %Tesla.Env{} = env} <- HTTP.head(url, headers, options) do {:ok, {env.status, env.headers}} end diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex index a13ff23b6..ed9794ca2 100644 --- a/lib/pleroma/uploaders/s3.ex +++ b/lib/pleroma/uploaders/s3.ex @@ -46,12 +46,19 @@ def put_file(%Pleroma.Upload{} = upload) do op = if streaming do - upload.tempfile - |> ExAws.S3.Upload.stream_file() - |> ExAws.S3.upload(bucket, s3_name, [ - {:acl, :public_read}, - {:content_type, upload.content_type} - ]) + op = + upload.tempfile + |> ExAws.S3.Upload.stream_file() + |> ExAws.S3.upload(bucket, s3_name, [ + {:acl, :public_read}, + {:content_type, upload.content_type} + ]) + + # set s3 upload timeout to respect :upload pool timeout + # timeout should be slightly larger, so s3 can retry upload on fail + timeout = Pleroma.HTTP.AdapterHelper.pool_timeout(:upload) + 1_000 + opts = Keyword.put(op.opts, :timeout, timeout) + Map.put(op, :opts, opts) else {:ok, file_data} = File.read(upload.tempfile) From 5e8adf91b46c3f23ec423d53afccbb062df4a241 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Tue, 1 Sep 2020 11:30:56 +0300 Subject: [PATCH 059/264] don't overwrite passed pool option in http clients --- lib/pleroma/http/ex_aws.ex | 2 +- lib/pleroma/http/tzdata.ex | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/http/ex_aws.ex b/lib/pleroma/http/ex_aws.ex index 2fe8beafc..c3f335c73 100644 --- a/lib/pleroma/http/ex_aws.ex +++ b/lib/pleroma/http/ex_aws.ex @@ -11,7 +11,7 @@ defmodule Pleroma.HTTP.ExAws do @impl true def request(method, url, body \\ "", headers \\ [], http_opts \\ []) do - http_opts = Keyword.put(http_opts, :adapter, pool: :upload) + http_opts = Keyword.put_new(http_opts, :adapter, pool: :upload) case HTTP.request(method, url, body, headers, http_opts) do {:ok, env} -> diff --git a/lib/pleroma/http/tzdata.ex b/lib/pleroma/http/tzdata.ex index 7dd3352ff..356799aab 100644 --- a/lib/pleroma/http/tzdata.ex +++ b/lib/pleroma/http/tzdata.ex @@ -11,7 +11,7 @@ defmodule Pleroma.HTTP.Tzdata do @impl true def get(url, headers, options) do - options = Keyword.put(options, :adapter, pool: :upload) + options = Keyword.put_new(options, :adapter, pool: :upload) with {:ok, %Tesla.Env{} = env} <- HTTP.get(url, headers, options) do {:ok, {env.status, env.headers, env.body}} @@ -20,7 +20,7 @@ def get(url, headers, options) do @impl true def head(url, headers, options) do - options = Keyword.put(options, :adapter, pool: :upload) + options = Keyword.put_new(options, :adapter, pool: :upload) with {:ok, %Tesla.Env{} = env} <- HTTP.head(url, headers, options) do {:ok, {env.status, env.headers}} From 79f65b4374908a32ebf39db176a30a01152a9141 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Wed, 2 Sep 2020 09:16:51 +0300 Subject: [PATCH 060/264] correct pool and uniform headers format --- lib/mix/tasks/pleroma/frontend.ex | 4 +++- lib/pleroma/instances/instance.ex | 4 +++- lib/pleroma/object/fetcher.ex | 6 +++--- lib/pleroma/web/rich_media/helpers.ex | 2 +- lib/pleroma/web/web_finger/web_finger.ex | 4 ++-- test/support/http_request_mock.ex | 4 ++-- 6 files changed, 14 insertions(+), 10 deletions(-) diff --git a/lib/mix/tasks/pleroma/frontend.ex b/lib/mix/tasks/pleroma/frontend.ex index 2adbf8d72..484af6da7 100644 --- a/lib/mix/tasks/pleroma/frontend.ex +++ b/lib/mix/tasks/pleroma/frontend.ex @@ -124,7 +124,9 @@ defp download_build(frontend_info, dest) do url = String.replace(frontend_info["build_url"], "${ref}", frontend_info["ref"]) with {:ok, %{status: 200, body: zip_body}} <- - Pleroma.HTTP.get(url, [], timeout: 120_000, recv_timeout: 120_000) do + Pleroma.HTTP.get(url, [], + adapter: [pool: :media, timeout: 120_000, recv_timeout: 120_000] + ) do unzip(zip_body, dest) else e -> {:error, e} diff --git a/lib/pleroma/instances/instance.ex b/lib/pleroma/instances/instance.ex index a1f935232..711c42158 100644 --- a/lib/pleroma/instances/instance.ex +++ b/lib/pleroma/instances/instance.ex @@ -150,7 +150,9 @@ def get_or_update_favicon(%URI{host: host} = instance_uri) do defp scrape_favicon(%URI{} = instance_uri) do try do with {:ok, %Tesla.Env{body: html}} <- - Pleroma.HTTP.get(to_string(instance_uri), [{:Accept, "text/html"}]), + Pleroma.HTTP.get(to_string(instance_uri), [{"accept", "text/html"}], + adapter: [pool: :media] + ), favicon_rel <- html |> Floki.parse_document!() diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 6fdbc8efd..374d8704a 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -164,12 +164,12 @@ defp make_signature(id, date) do date: date }) - [{"signature", signature}] + {"signature", signature} end defp sign_fetch(headers, id, date) do if Pleroma.Config.get([:activitypub, :sign_object_fetches]) do - headers ++ make_signature(id, date) + [make_signature(id, date) | headers] else headers end @@ -177,7 +177,7 @@ defp sign_fetch(headers, id, date) do defp maybe_date_fetch(headers, date) do if Pleroma.Config.get([:activitypub, :sign_object_fetches]) do - headers ++ [{"date", date}] + [{"date", date} | headers] else headers end diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index 6210f2c5a..2fb482b51 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -96,6 +96,6 @@ def rich_media_get(url) do @rich_media_options end - Pleroma.HTTP.get(url, headers, options) + Pleroma.HTTP.get(url, headers, adapter: options) end end diff --git a/lib/pleroma/web/web_finger/web_finger.ex b/lib/pleroma/web/web_finger/web_finger.ex index c4051e63e..6629f5356 100644 --- a/lib/pleroma/web/web_finger/web_finger.ex +++ b/lib/pleroma/web/web_finger/web_finger.ex @@ -136,12 +136,12 @@ def get_template_from_xml(body) do def find_lrdd_template(domain) do with {:ok, %{status: status, body: body}} when status in 200..299 <- - HTTP.get("http://#{domain}/.well-known/host-meta", []) do + HTTP.get("http://#{domain}/.well-known/host-meta") do get_template_from_xml(body) else _ -> with {:ok, %{body: body, status: status}} when status in 200..299 <- - HTTP.get("https://#{domain}/.well-known/host-meta", []) do + HTTP.get("https://#{domain}/.well-known/host-meta") do get_template_from_xml(body) else e -> {:error, "Can't find LRDD template: #{inspect(e)}"} diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index eeeba7880..a0ebf65d9 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -1350,11 +1350,11 @@ def get("https://relay.mastodon.host/actor", _, _, _) do {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/relay/relay.json")}} end - def get("http://localhost:4001/", _, "", Accept: "text/html") do + def get("http://localhost:4001/", _, "", [{"accept", "text/html"}]) do {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/tesla_mock/7369654.html")}} end - def get("https://osada.macgirvin.com/", _, "", Accept: "text/html") do + def get("https://osada.macgirvin.com/", _, "", [{"accept", "text/html"}]) do {:ok, %Tesla.Env{ status: 200, From 1c57ef44983e150f3cc016290fe99f159eb79cb0 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Wed, 2 Sep 2020 10:33:43 +0300 Subject: [PATCH 061/264] default pool for tz_data client --- lib/pleroma/http/tzdata.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/http/tzdata.ex b/lib/pleroma/http/tzdata.ex index 356799aab..4539ac359 100644 --- a/lib/pleroma/http/tzdata.ex +++ b/lib/pleroma/http/tzdata.ex @@ -11,7 +11,7 @@ defmodule Pleroma.HTTP.Tzdata do @impl true def get(url, headers, options) do - options = Keyword.put_new(options, :adapter, pool: :upload) + options = Keyword.put_new(options, :adapter, pool: :default) with {:ok, %Tesla.Env{} = env} <- HTTP.get(url, headers, options) do {:ok, {env.status, env.headers, env.body}} @@ -20,7 +20,7 @@ def get(url, headers, options) do @impl true def head(url, headers, options) do - options = Keyword.put_new(options, :adapter, pool: :upload) + options = Keyword.put_new(options, :adapter, pool: :default) with {:ok, %Tesla.Env{} = env} <- HTTP.head(url, headers, options) do {:ok, {env.status, env.headers}} From 84fbf1616104c09e0f4f5442d86ca2c573ae4056 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Wed, 2 Sep 2020 10:50:51 +0300 Subject: [PATCH 062/264] timeout option moved to gun adapter helper --- lib/pleroma/http/adapter_helper.ex | 23 ++--------------------- lib/pleroma/http/adapter_helper/gun.ex | 15 +++++++++++++++ lib/pleroma/uploaders/s3.ex | 14 +++++++++----- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/lib/pleroma/http/adapter_helper.ex b/lib/pleroma/http/adapter_helper.ex index 740e6e9ff..0728cbaa2 100644 --- a/lib/pleroma/http/adapter_helper.ex +++ b/lib/pleroma/http/adapter_helper.ex @@ -10,9 +10,7 @@ defmodule Pleroma.HTTP.AdapterHelper do @type proxy_type() :: :socks4 | :socks5 @type host() :: charlist() | :inet.ip_address() - @type pool() :: :federation | :upload | :media | :default - alias Pleroma.Config alias Pleroma.HTTP.AdapterHelper require Logger @@ -46,29 +44,12 @@ def maybe_add_proxy(opts, proxy), do: Keyword.put_new(opts, :proxy, proxy) def options(%URI{} = uri, opts \\ []) do @defaults |> Keyword.merge(opts) - |> put_timeout() |> adapter_helper().options(uri) end - @spec pool_timeout(pool()) :: non_neg_integer() - def pool_timeout(pool) do - {config_key, default} = - if adapter() == Tesla.Adapter.Gun do - {:pools, Config.get([:pools, :default, :timeout], 5_000)} - else - {:hackney_pools, 10_000} - end - - Config.get([config_key, pool, :timeout], default) - end - - # For Hackney, this is the time a connection can stay idle in the pool. - # For Gun, this is the timeout to receive a message from Gun. - defp put_timeout(opts) do - Keyword.put_new(opts, :timeout, pool_timeout(opts[:pool])) - end - + @spec get_conn(URI.t(), keyword()) :: {:ok, keyword()} | {:error, atom()} def get_conn(uri, opts), do: adapter_helper().get_conn(uri, opts) + defp adapter, do: Application.get_env(:tesla, :adapter) defp adapter_helper do diff --git a/lib/pleroma/http/adapter_helper/gun.ex b/lib/pleroma/http/adapter_helper/gun.ex index db0a298b3..02e20f2d1 100644 --- a/lib/pleroma/http/adapter_helper/gun.ex +++ b/lib/pleroma/http/adapter_helper/gun.ex @@ -20,6 +20,8 @@ defmodule Pleroma.HTTP.AdapterHelper.Gun do await_up_timeout: 5_000 ] + @type pool() :: :federation | :upload | :media | :default + @spec options(keyword(), URI.t()) :: keyword() def options(incoming_opts \\ [], %URI{} = uri) do proxy = @@ -34,6 +36,7 @@ def options(incoming_opts \\ [], %URI{} = uri) do |> add_scheme_opts(uri) |> AdapterHelper.maybe_add_proxy(proxy) |> Keyword.merge(incoming_opts) + |> put_timeout() end defp add_scheme_opts(opts, %{scheme: "http"}), do: opts @@ -42,6 +45,18 @@ defp add_scheme_opts(opts, %{scheme: "https"}) do Keyword.put(opts, :certificates_verification, true) end + defp put_timeout(opts) do + # this is the timeout to receive a message from Gun + Keyword.put_new(opts, :timeout, pool_timeout(opts[:pool])) + end + + @spec pool_timeout(pool()) :: non_neg_integer() + def pool_timeout(pool) do + default = Config.get([:pools, :default, :timeout], 5_000) + + Config.get([:pools, pool, :timeout], default) + end + @spec get_conn(URI.t(), keyword()) :: {:ok, keyword()} | {:error, atom()} def get_conn(uri, opts) do case ConnectionPool.get_conn(uri, opts) do diff --git a/lib/pleroma/uploaders/s3.ex b/lib/pleroma/uploaders/s3.ex index ed9794ca2..6dbef9085 100644 --- a/lib/pleroma/uploaders/s3.ex +++ b/lib/pleroma/uploaders/s3.ex @@ -54,11 +54,15 @@ def put_file(%Pleroma.Upload{} = upload) do {:content_type, upload.content_type} ]) - # set s3 upload timeout to respect :upload pool timeout - # timeout should be slightly larger, so s3 can retry upload on fail - timeout = Pleroma.HTTP.AdapterHelper.pool_timeout(:upload) + 1_000 - opts = Keyword.put(op.opts, :timeout, timeout) - Map.put(op, :opts, opts) + if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Gun do + # set s3 upload timeout to respect :upload pool timeout + # timeout should be slightly larger, so s3 can retry upload on fail + timeout = Pleroma.HTTP.AdapterHelper.Gun.pool_timeout(:upload) + 1_000 + opts = Keyword.put(op.opts, :timeout, timeout) + Map.put(op, :opts, opts) + else + op + end else {:ok, file_data} = File.read(upload.tempfile) From 46236d1d873473d95b11cd7bfdcaa284ea55a9ad Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Wed, 2 Sep 2020 12:42:25 +0300 Subject: [PATCH 063/264] html.ex: optimize external url extraction By using a :not() selector and only extracting attributes from the first match. --- lib/pleroma/html.ex | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index dc1b9b840..20b02f091 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -109,8 +109,9 @@ def extract_first_external_url(object, content) do result = content |> Floki.parse_fragment!() - |> Floki.filter_out("a.mention,a.hashtag,a.attachment,a[rel~=\"tag\"]") - |> Floki.attribute("a", "href") + |> Floki.find("a:not(.mention,.hashtag,.attachment,[rel~=\"tag\"])") + |> Enum.take(1) + |> Floki.attribute("href") |> Enum.at(0) {:commit, {:ok, result}} From 19691389b92e617f1edad7d4e3168fe917d0a675 Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Wed, 2 Sep 2020 14:21:28 +0300 Subject: [PATCH 064/264] Rich media: Add failure tracking --- CHANGELOG.md | 3 ++ config/config.exs | 1 + config/description.exs | 7 +++ docs/configuration/cheatsheet.md | 1 + lib/pleroma/web/rich_media/parser.ex | 56 ++++++++++++--------- test/web/rich_media/aws_signed_url_test.exs | 2 +- 6 files changed, 46 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 07bc6d77c..4424c060f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## unreleased-patch - ??? +### Added +- Rich media failure tracking (along with `:failure_backoff` option) + ### Fixed - Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers diff --git a/config/config.exs b/config/config.exs index ea8869d48..ed37b93c0 100644 --- a/config/config.exs +++ b/config/config.exs @@ -412,6 +412,7 @@ Pleroma.Web.RichMedia.Parsers.TwitterCard, Pleroma.Web.RichMedia.Parsers.OEmbed ], + failure_backoff: 60_000, ttl_setters: [Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl] config :pleroma, :media_proxy, diff --git a/config/description.exs b/config/description.exs index 29a657333..5e08ba109 100644 --- a/config/description.exs +++ b/config/description.exs @@ -2385,6 +2385,13 @@ suggestions: [ Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl ] + }, + %{ + key: :failure_backoff, + type: :integer, + description: + "Amount of milliseconds after request failure, during which the request will not be retried.", + suggestions: [60_000] } ] }, diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index 2f440adf4..a9a650fab 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -361,6 +361,7 @@ config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http, * `ignore_hosts`: list of hosts which will be ignored by the metadata parser. For example `["accounts.google.com", "xss.website"]`, defaults to `[]`. * `ignore_tld`: list TLDs (top-level domains) which will ignore for parse metadata. default is ["local", "localdomain", "lan"]. * `parsers`: list of Rich Media parsers. +* `failure_backoff`: Amount of milliseconds after request failure, during which the request will not be retried. ## HTTP server diff --git a/lib/pleroma/web/rich_media/parser.ex b/lib/pleroma/web/rich_media/parser.ex index e9aa2dd03..e98c743ca 100644 --- a/lib/pleroma/web/rich_media/parser.ex +++ b/lib/pleroma/web/rich_media/parser.ex @@ -17,14 +17,25 @@ def parse(url), do: parse_url(url) else @spec parse(String.t()) :: {:ok, map()} | {:error, any()} def parse(url) do - Cachex.fetch!(:rich_media_cache, url, fn _ -> - with {:ok, data} <- parse_url(url) do - {:commit, {:ok, data}} - else - error -> {:ignore, error} - end - end) - |> set_ttl_based_on_image(url) + with {:ok, data} <- get_cached_or_parse(url), + {:ok, _} <- set_ttl_based_on_image(data, url) do + {:ok, data} + else + error -> + Logger.error(fn -> "Rich media error: #{inspect(error)}" end) + end + end + + defp get_cached_or_parse(url) do + case Cachex.fetch!(:rich_media_cache, url, fn _ -> {:commit, parse_url(url)} end) do + {:ok, _data} = res -> + res + + {:error, _} = e -> + ttl = Pleroma.Config.get([:rich_media, :failure_backoff], 60_000) + Cachex.expire(:rich_media_cache, url, ttl) + e + end end end @@ -50,22 +61,21 @@ def ttl(data, url) do config :pleroma, :rich_media, ttl_setters: [MyModule] """ - @spec set_ttl_based_on_image({:ok, map()} | {:error, any()}, String.t()) :: - {:ok, map()} | {:error, any()} - def set_ttl_based_on_image({:ok, data}, url) do - with {:ok, nil} <- Cachex.ttl(:rich_media_cache, url), - {:ok, ttl} when is_number(ttl) <- get_ttl_from_image(data, url) do - Cachex.expire_at(:rich_media_cache, url, ttl * 1000) - {:ok, data} - else - _ -> - {:ok, data} - end - end + @spec set_ttl_based_on_image(map(), String.t()) :: + {:ok, Integer.t() | :noop} | {:error, :no_key} + def set_ttl_based_on_image(data, url) do + case get_ttl_from_image(data, url) do + {:ok, ttl} when is_number(ttl) -> + ttl = ttl * 1000 - def set_ttl_based_on_image({:error, _} = error, _) do - Logger.error("parsing error: #{inspect(error)}") - error + case Cachex.expire_at(:rich_media_cache, url, ttl) do + {:ok, true} -> {:ok, ttl} + {:ok, false} -> {:error, :no_key} + end + + _ -> + {:ok, :noop} + end end defp get_ttl_from_image(data, url) do diff --git a/test/web/rich_media/aws_signed_url_test.exs b/test/web/rich_media/aws_signed_url_test.exs index a21f3c935..1ceae1a31 100644 --- a/test/web/rich_media/aws_signed_url_test.exs +++ b/test/web/rich_media/aws_signed_url_test.exs @@ -55,7 +55,7 @@ test "s3 signed url is parsed and correct ttl is set for rich media" do Cachex.put(:rich_media_cache, url, metadata) - Pleroma.Web.RichMedia.Parser.set_ttl_based_on_image({:ok, metadata}, url) + Pleroma.Web.RichMedia.Parser.set_ttl_based_on_image(metadata, url) {:ok, cache_ttl} = Cachex.ttl(:rich_media_cache, url) From a11f23c130331d98db941c3edcc4d2dcf139bbc6 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Wed, 2 Sep 2020 15:45:47 +0300 Subject: [PATCH 065/264] user agent if Endpoint is not started yet --- lib/pleroma/application.ex | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index 005aba50a..33b1e3872 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -22,13 +22,18 @@ def named_version, do: @name <> " " <> @version def repository, do: @repository def user_agent do - case Config.get([:http, :user_agent], :default) do - :default -> - info = "#{Pleroma.Web.base_url()} <#{Config.get([:instance, :email], "")}>" - named_version() <> "; " <> info + if Process.whereis(Pleroma.Web.Endpoint) do + case Config.get([:http, :user_agent], :default) do + :default -> + info = "#{Pleroma.Web.base_url()} <#{Config.get([:instance, :email], "")}>" + named_version() <> "; " <> info - custom -> - custom + custom -> + custom + end + else + # fallback, if endpoint is not started yet + "Pleroma Data Loader" end end From d48fc90978eee46c8fba00a80082d14fc31a0eec Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Wed, 2 Sep 2020 13:44:08 +0300 Subject: [PATCH 066/264] StatusView: Start fetching rich media cards as soon as possible --- CHANGELOG.md | 2 ++ .../web/mastodon_api/views/status_view.ex | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4424c060f..54685cfb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Fixed - Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers +- Mastodon API: Timelines hanging for (`number of posts with links * rich media timeout`) in the worst case. + Reduced to just rich media timeout. ## [2.1.0] - 2020-08-28 diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 01b8bb6bb..3fe1967be 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -23,6 +23,17 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do import Pleroma.Web.ActivityPub.Visibility, only: [get_visibility: 1, visible_for_user?: 2] + # This is a naive way to do this, just spawning a process per activity + # to fetch the preview. However it should be fine considering + # pagination is restricted to 40 activities at a time + defp fetch_rich_media_for_activities(activities) do + Enum.each(activities, fn activity -> + spawn(fn -> + Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity) + end) + end) + end + # TODO: Add cached version. defp get_replied_to_activities([]), do: %{} @@ -80,6 +91,11 @@ def render("index.json", opts) do # To do: check AdminAPIControllerTest on the reasons behind nil activities in the list activities = Enum.filter(opts.activities, & &1) + + # Start fetching rich media before doing anything else, so that later calls to get the cards + # only block for timeout in the worst case, as opposed to + # length(activities_with_links) * timeout + fetch_rich_media_for_activities(activities) replied_to_activities = get_replied_to_activities(activities) parent_activities = From cbf7f0e02943f44a73f4418b8c6a8bada06331d8 Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@FreeBSD.org> Date: Wed, 2 Sep 2020 09:09:13 -0500 Subject: [PATCH 067/264] Disallow password resets for deactivated accounts. Ensure all responses to password reset events are identical. --- CHANGELOG.md | 1 + .../controllers/auth_controller.ex | 14 ++++-------- lib/pleroma/web/twitter_api/twitter_api.ex | 13 ++--------- .../controllers/auth_controller_test.exs | 22 ++++++++++++++----- 4 files changed, 23 insertions(+), 27 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 54685cfb8..cdd5b94a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers - Mastodon API: Timelines hanging for (`number of posts with links * rich media timeout`) in the worst case. Reduced to just rich media timeout. +- Password resets no longer processed for deactivated accounts ## [2.1.0] - 2020-08-28 diff --git a/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex b/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex index 753b3db3e..9f09550e1 100644 --- a/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex @@ -59,17 +59,11 @@ def logout(conn, _) do def password_reset(conn, params) do nickname_or_email = params["email"] || params["nickname"] - with {:ok, _} <- TwitterAPI.password_reset(nickname_or_email) do - conn - |> put_status(:no_content) - |> json("") - else - {:error, "unknown user"} -> - send_resp(conn, :not_found, "") + TwitterAPI.password_reset(nickname_or_email) - {:error, _} -> - send_resp(conn, :bad_request, "") - end + conn + |> put_status(:no_content) + |> json("") end defp local_mastodon_root_path(conn) do diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 2294d9d0d..5d7948507 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -72,7 +72,7 @@ defp maybe_notify_admins(%User{} = account) do def password_reset(nickname_or_email) do with true <- is_binary(nickname_or_email), - %User{local: true, email: email} = user when is_binary(email) <- + %User{local: true, email: email, deactivated: false} = user when is_binary(email) <- User.get_by_nickname_or_email(nickname_or_email), {:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do user @@ -81,17 +81,8 @@ def password_reset(nickname_or_email) do {:ok, :enqueued} else - false -> - {:error, "bad user identifier"} - - %User{local: true, email: nil} -> + _ -> {:ok, :noop} - - %User{local: false} -> - {:error, "remote user"} - - nil -> - {:error, "unknown user"} end end diff --git a/test/web/mastodon_api/controllers/auth_controller_test.exs b/test/web/mastodon_api/controllers/auth_controller_test.exs index a485f8e41..4fa95fce1 100644 --- a/test/web/mastodon_api/controllers/auth_controller_test.exs +++ b/test/web/mastodon_api/controllers/auth_controller_test.exs @@ -122,17 +122,27 @@ test "it doesn't fail when a user has no email", %{conn: conn} do {:ok, user: user} end - test "it returns 404 when user is not found", %{conn: conn, user: user} do + test "it returns 204 when user is not found", %{conn: conn, user: user} do conn = post(conn, "/auth/password?email=nonexisting_#{user.email}") - assert conn.status == 404 - assert conn.resp_body == "" + + assert conn + |> json_response(:no_content) end - test "it returns 400 when user is not local", %{conn: conn, user: user} do + test "it returns 204 when user is not local", %{conn: conn, user: user} do {:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false)) conn = post(conn, "/auth/password?email=#{user.email}") - assert conn.status == 400 - assert conn.resp_body == "" + + assert conn + |> json_response(:no_content) + end + + test "it returns 204 when user is deactivated", %{conn: conn, user: user} do + {:ok, user} = Repo.update(Ecto.Changeset.change(user, deactivated: true, local: true)) + conn = post(conn, "/auth/password?email=#{user.email}") + + assert conn + |> json_response(:no_content) end end From 581f382e712dc50fa51d1ab211f13b8843dcb448 Mon Sep 17 00:00:00 2001 From: lain <lain@soykaf.club> Date: Wed, 2 Sep 2020 18:32:00 +0200 Subject: [PATCH 068/264] ListController: DRY up stuff. --- .../mastodon_api/controllers/list_controller.ex | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/controllers/list_controller.ex b/lib/pleroma/web/mastodon_api/controllers/list_controller.ex index 4df13cb81..5daeaa780 100644 --- a/lib/pleroma/web/mastodon_api/controllers/list_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/list_controller.ex @@ -73,19 +73,6 @@ def add_to_list(%{assigns: %{list: list}, body_params: %{account_ids: account_id end # DELETE /api/v1/lists/:id/accounts - def remove_from_list( - %{assigns: %{list: list}, body_params: %{account_ids: account_ids}} = conn, - _ - ) do - Enum.each(account_ids, fn account_id -> - with %User{} = followed <- User.get_cached_by_id(account_id) do - Pleroma.List.unfollow(list, followed) - end - end) - - json(conn, %{}) - end - def remove_from_list( %{assigns: %{list: list}, params: %{account_ids: account_ids}} = conn, _ @@ -99,6 +86,10 @@ def remove_from_list( json(conn, %{}) end + def remove_from_list(%{body_params: params} = conn, _) do + remove_from_list(%{conn | params: params}, %{}) + end + defp list_by_id_and_user(%{assigns: %{user: user}, params: %{id: id}} = conn, _) do case Pleroma.List.get(id, user) do %Pleroma.List{} = list -> assign(conn, :list, list) From 5da367760748f7c4534b84dcb9286d715110472e Mon Sep 17 00:00:00 2001 From: lain <lain@soykaf.club> Date: Thu, 3 Sep 2020 11:40:17 +0200 Subject: [PATCH 069/264] Frontend mix task: Add tests. --- test/tasks/frontend_test.exs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/test/tasks/frontend_test.exs b/test/tasks/frontend_test.exs index 0ca2b9a28..022ae51be 100644 --- a/test/tasks/frontend_test.exs +++ b/test/tasks/frontend_test.exs @@ -48,11 +48,18 @@ test "it also works given a file" do } }) + folder = Path.join([@dir, "frontends", "pleroma", "fantasy"]) + previously_existing = Path.join([folder, "temp"]) + File.mkdir_p!(folder) + File.write!(previously_existing, "yey") + assert File.exists?(previously_existing) + capture_io(fn -> Frontend.run(["install", "pleroma", "--file", "test/fixtures/tesla_mock/frontend.zip"]) end) - assert File.exists?(Path.join([@dir, "frontends", "pleroma", "fantasy", "test.txt"])) + assert File.exists?(Path.join([folder, "test.txt"])) + refute File.exists?(previously_existing) end test "it downloads and unzips unknown frontends" do From 60c925380da644866836fa4a275f4d57eaaada04 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov <ivantashkinov@gmail.com> Date: Thu, 3 Sep 2020 20:13:29 +0300 Subject: [PATCH 070/264] [#2497] Added support for enforcing output format for media proxy preview, used for avatar_static & header_static (AccountView). --- lib/pleroma/helpers/uri_helper.ex | 1 + .../web/mastodon_api/views/account_view.ex | 4 ++-- lib/pleroma/web/media_proxy/media_proxy.ex | 15 +++++++++------ .../web/media_proxy/media_proxy_controller.ex | 11 ++++++++--- 4 files changed, 20 insertions(+), 11 deletions(-) diff --git a/lib/pleroma/helpers/uri_helper.ex b/lib/pleroma/helpers/uri_helper.ex index 6d205a636..9c9e53447 100644 --- a/lib/pleroma/helpers/uri_helper.ex +++ b/lib/pleroma/helpers/uri_helper.ex @@ -15,6 +15,7 @@ def append_uri_params(uri, appended_params) do uri |> Map.put(:query, URI.encode_query(updated_params)) |> URI.to_string() + |> String.replace_suffix("?", "") end def maybe_add_base("/" <> uri, base), do: Path.join([base, uri]) diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 7eb4e86fe..a811f81c2 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -182,9 +182,9 @@ defp do_render("show.json", %{user: user} = opts) do display_name = user.name || user.nickname avatar = User.avatar_url(user) |> MediaProxy.url() - avatar_static = User.avatar_url(user) |> MediaProxy.preview_url() + avatar_static = User.avatar_url(user) |> MediaProxy.preview_url(output_format: "jpeg") header = User.banner_url(user) |> MediaProxy.url() - header_static = User.banner_url(user) |> MediaProxy.preview_url() + header_static = User.banner_url(user) |> MediaProxy.preview_url(output_format: "jpeg") following_count = if !user.hide_follows_count or !user.hide_follows or opts[:for] == user do diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index 6695d49ce..4cbe1cf89 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.MediaProxy do alias Pleroma.Config + alias Pleroma.Helpers.UriHelper alias Pleroma.Upload alias Pleroma.Web alias Pleroma.Web.MediaProxy.Invalidation @@ -58,9 +59,9 @@ def url_proxiable?(url) do # Note: routing all URLs to preview handler (even local and whitelisted). # Preview handler will call url/1 on decoded URLs, and applicable ones will detour media proxy. - def preview_url(url) do + def preview_url(url, preview_params \\ []) do if preview_enabled?() do - encode_preview_url(url) + encode_preview_url(url, preview_params) else url end @@ -116,10 +117,10 @@ def encode_url(url) do build_url(sig64, base64, filename(url)) end - def encode_preview_url(url) do + def encode_preview_url(url, preview_params \\ []) do {base64, sig64} = base64_sig64(url) - build_preview_url(sig64, base64, filename(url)) + build_preview_url(sig64, base64, filename(url), preview_params) end def decode_url(sig, url) do @@ -155,8 +156,10 @@ def build_url(sig_base64, url_base64, filename \\ nil) do proxy_url("proxy", sig_base64, url_base64, filename) end - def build_preview_url(sig_base64, url_base64, filename \\ nil) do - proxy_url("proxy/preview", sig_base64, url_base64, filename) + def build_preview_url(sig_base64, url_base64, filename \\ nil, preview_params \\ []) do + uri = proxy_url("proxy/preview", sig_base64, url_base64, filename) + + UriHelper.append_uri_params(uri, preview_params) end def verify_request_path_and_url( diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 961c73666..9dc76e928 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -67,9 +67,14 @@ defp handle_preview(conn, url) do end end - # TODO: find a workaround so avatar_static and header_static can work. - # Those only permit GIFs for animation, so we have to permit a way to - # allow those to get real static variants. + defp handle_preview( + "image/" <> _ = _content_type, + %{params: %{"output_format" => "jpeg"}} = conn, + url + ) do + handle_jpeg_preview(conn, url) + end + defp handle_preview("image/gif" = _content_type, conn, url) do mediaproxy_url = url |> MediaProxy.url() From 6141eb94ab034b5141a5c60b2814fb45b829c1ac Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@FreeBSD.org> Date: Thu, 3 Sep 2020 12:40:42 -0500 Subject: [PATCH 071/264] Fetch preview requests through the MediaProxy. Separate connection options are not needed. Use a separate pool for preview requests --- config/config.exs | 10 +++++---- config/description.exs | 21 ------------------- .../web/media_proxy/media_proxy_controller.ex | 17 ++------------- 3 files changed, 8 insertions(+), 40 deletions(-) diff --git a/config/config.exs b/config/config.exs index 317ef84a9..d691753bd 100644 --- a/config/config.exs +++ b/config/config.exs @@ -445,10 +445,7 @@ enabled: false, thumbnail_max_width: 600, thumbnail_max_height: 600, - image_quality: 85, - proxy_opts: [ - head_request_max_read_duration: 5_000 - ] + image_quality: 85 config :pleroma, :chat, enabled: true @@ -761,6 +758,11 @@ max_waiting: 10, timeout: 10_000 ], + preview: [ + size: 50, + max_waiting: 10, + timeout: 10_000 + ], upload: [ size: 25, max_waiting: 5, diff --git a/config/description.exs b/config/description.exs index 868b89d29..73333d6e6 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1978,27 +1978,6 @@ key: :image_quality, type: :integer, description: "Quality of the output. Ranges from 0 (min quality) to 100 (max quality)." - }, - %{ - key: :proxy_opts, - type: :keyword, - description: "Media proxy options", - suggestions: [ - head_request_max_read_duration: 5_000 - ], - children: [ - %{ - key: :head_request_max_read_duration, - type: :integer, - description: "Timeout (in milliseconds) of HEAD request to remote URI." - } - ] - }, - %{ - key: :whitelist, - type: {:list, :string}, - description: "List of hosts with scheme to bypass the mediaproxy", - suggestions: ["http://example.com"] } ] }, diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 961c73666..b1f00fa0c 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -33,8 +33,7 @@ def remote(conn, %{"sig" => sig64, "url" => url64}) do def preview(conn, %{"sig" => sig64, "url" => url64}) do with {_, true} <- {:enabled, MediaProxy.preview_enabled?()}, - {:ok, url} <- MediaProxy.decode_url(sig64, url64), - :ok <- MediaProxy.verify_request_path_and_url(conn, url) do + {:ok, url} <- MediaProxy.decode_url(sig64, url64) do handle_preview(conn, url) else {:enabled, false} -> @@ -50,9 +49,7 @@ def preview(conn, %{"sig" => sig64, "url" => url64}) do defp handle_preview(conn, url) do with {:ok, %{status: status} = head_response} when status in 200..299 <- - Tesla.head(url, - opts: [adapter: [timeout: preview_head_request_timeout(), follow_redirect: true]] - ) do + Pleroma.HTTP.request("head", MediaProxy.url(url), [], [], [adapter: [pool: :preview]]) do content_type = Tesla.get_header(head_response, "content-type") handle_preview(content_type, conn, url) else @@ -172,17 +169,7 @@ defp thumbnail_max_dimensions(params) do {thumbnail_max_width, thumbnail_max_height} end - defp preview_head_request_timeout do - Keyword.get(media_preview_proxy_opts(), :head_request_max_read_duration) || - Keyword.get(media_proxy_opts(), :max_read_duration) || - ReverseProxy.max_read_duration_default() - end - defp media_proxy_opts do Config.get([:media_proxy, :proxy_opts], []) end - - defp media_preview_proxy_opts do - Config.get([:media_preview_proxy, :proxy_opts], []) - end end From b529616e110b3d487f1f2c462791ceabe8f1baf3 Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@FreeBSD.org> Date: Thu, 3 Sep 2020 15:08:12 -0500 Subject: [PATCH 072/264] Increase pool and timeout for preview so it catches slow media pool responses --- config/config.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/config.exs b/config/config.exs index d691753bd..b92d3ccbb 100644 --- a/config/config.exs +++ b/config/config.exs @@ -760,8 +760,8 @@ ], preview: [ size: 50, - max_waiting: 10, - timeout: 10_000 + max_waiting: 20, + timeout: 15_000 ], upload: [ size: 25, From f25b0e87f3dd73e02c954c5baab3c52becdd9c9e Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@FreeBSD.org> Date: Thu, 3 Sep 2020 15:28:57 -0500 Subject: [PATCH 073/264] URL passed to helper is already MediaProxy Set :preview pool on the request --- lib/pleroma/helpers/media_helper.ex | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 9bd815c26..cfb091f82 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -12,8 +12,7 @@ defmodule Pleroma.Helpers.MediaHelper do def image_resize(url, options) do with executable when is_binary(executable) <- System.find_executable("convert"), {:ok, args} <- prepare_image_resize_args(options), - url = Pleroma.Web.MediaProxy.url(url), - {:ok, env} <- Pleroma.HTTP.get(url), + {:ok, env} <- Pleroma.HTTP.get(url, [], [adapter: [pool: :preview]]), {:ok, fifo_path} <- mkfifo() do args = List.flatten([fifo_path, args]) run_fifo(fifo_path, env, executable, args) @@ -61,8 +60,7 @@ defp prepare_image_resize_args(_), do: {:error, :missing_options} def video_framegrab(url) do with executable when is_binary(executable) <- System.find_executable("ffmpeg"), - url = Pleroma.Web.MediaProxy.url(url), - {:ok, env} <- Pleroma.HTTP.get(url), + {:ok, env} <- Pleroma.HTTP.get(url, [], [adapter: [pool: :preview]]), {:ok, fifo_path} <- mkfifo(), args = [ "-y", From d34fe2840d969c30b393cfb73e34b6301027c776 Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Thu, 3 Sep 2020 23:15:22 +0300 Subject: [PATCH 074/264] HTTP: radically simplify pool checkin/checkout Use a custom tesla middleware instead of adapter helper function + custom redirect middleware. This will also fix "Client died before releasing the connection" messages when the request pool is overloaded. Since the checkout is now done after passing ConcurrentLimiter. This is technically less efficient, since the connection needs to be checked in/out every time the middleware is left or entered respectively. But I don't think the nanoseconds we might lose on redirects to the same host are worth the complexity. --- lib/pleroma/http/adapter_helper.ex | 4 - lib/pleroma/http/adapter_helper/gun.ex | 9 -- lib/pleroma/http/adapter_helper/hackney.ex | 3 - lib/pleroma/http/http.ex | 33 +++--- .../tesla/middleware/connection_pool.ex | 35 ++++++ .../tesla/middleware/follow_redirects.ex | 110 ------------------ 6 files changed, 48 insertions(+), 146 deletions(-) create mode 100644 lib/pleroma/tesla/middleware/connection_pool.ex delete mode 100644 lib/pleroma/tesla/middleware/follow_redirects.ex diff --git a/lib/pleroma/http/adapter_helper.ex b/lib/pleroma/http/adapter_helper.ex index 0728cbaa2..d72297323 100644 --- a/lib/pleroma/http/adapter_helper.ex +++ b/lib/pleroma/http/adapter_helper.ex @@ -19,7 +19,6 @@ defmodule Pleroma.HTTP.AdapterHelper do | {Connection.proxy_type(), Connection.host(), pos_integer()} @callback options(keyword(), URI.t()) :: keyword() - @callback get_conn(URI.t(), keyword()) :: {:ok, term()} | {:error, term()} @spec format_proxy(String.t() | tuple() | nil) :: proxy() | nil def format_proxy(nil), do: nil @@ -47,9 +46,6 @@ def options(%URI{} = uri, opts \\ []) do |> adapter_helper().options(uri) end - @spec get_conn(URI.t(), keyword()) :: {:ok, keyword()} | {:error, atom()} - def get_conn(uri, opts), do: adapter_helper().get_conn(uri, opts) - defp adapter, do: Application.get_env(:tesla, :adapter) defp adapter_helper do diff --git a/lib/pleroma/http/adapter_helper/gun.ex b/lib/pleroma/http/adapter_helper/gun.ex index 02e20f2d1..4a967d8f2 100644 --- a/lib/pleroma/http/adapter_helper/gun.ex +++ b/lib/pleroma/http/adapter_helper/gun.ex @@ -6,7 +6,6 @@ defmodule Pleroma.HTTP.AdapterHelper.Gun do @behaviour Pleroma.HTTP.AdapterHelper alias Pleroma.Config - alias Pleroma.Gun.ConnectionPool alias Pleroma.HTTP.AdapterHelper require Logger @@ -57,14 +56,6 @@ def pool_timeout(pool) do Config.get([:pools, pool, :timeout], default) end - @spec get_conn(URI.t(), keyword()) :: {:ok, keyword()} | {:error, atom()} - def get_conn(uri, opts) do - case ConnectionPool.get_conn(uri, opts) do - {:ok, conn_pid} -> {:ok, Keyword.merge(opts, conn: conn_pid, close_conn: false)} - err -> err - end - end - @prefix Pleroma.Gun.ConnectionPool def limiter_setup do wait = Config.get([:connections_pool, :connection_acquisition_wait]) diff --git a/lib/pleroma/http/adapter_helper/hackney.ex b/lib/pleroma/http/adapter_helper/hackney.ex index cd569422b..f47a671ad 100644 --- a/lib/pleroma/http/adapter_helper/hackney.ex +++ b/lib/pleroma/http/adapter_helper/hackney.ex @@ -23,7 +23,4 @@ def options(connection_opts \\ [], %URI{} = uri) do end defp add_scheme_opts(opts, _), do: opts - - @spec get_conn(URI.t(), keyword()) :: {:ok, keyword()} - def get_conn(_uri, opts), do: {:ok, opts} end diff --git a/lib/pleroma/http/http.ex b/lib/pleroma/http/http.ex index b37b3fa89..7bc73f4a0 100644 --- a/lib/pleroma/http/http.ex +++ b/lib/pleroma/http/http.ex @@ -62,28 +62,21 @@ def request(method, url, body, headers, options) when is_binary(url) do uri = URI.parse(url) adapter_opts = AdapterHelper.options(uri, options[:adapter] || []) - case AdapterHelper.get_conn(uri, adapter_opts) do - {:ok, adapter_opts} -> - options = put_in(options[:adapter], adapter_opts) - params = options[:params] || [] - request = build_request(method, headers, options, url, body, params) + options = put_in(options[:adapter], adapter_opts) + params = options[:params] || [] + request = build_request(method, headers, options, url, body, params) - adapter = Application.get_env(:tesla, :adapter) + adapter = Application.get_env(:tesla, :adapter) - client = Tesla.client(adapter_middlewares(adapter), adapter) + client = Tesla.client(adapter_middlewares(adapter), adapter) - maybe_limit( - fn -> - request(client, request) - end, - adapter, - adapter_opts - ) - - # Connection release is handled in a custom FollowRedirects middleware - err -> - err - end + maybe_limit( + fn -> + request(client, request) + end, + adapter, + adapter_opts + ) end @spec request(Client.t(), keyword()) :: {:ok, Env.t()} | {:error, any()} @@ -110,7 +103,7 @@ defp maybe_limit(fun, _, _) do end defp adapter_middlewares(Tesla.Adapter.Gun) do - [Pleroma.HTTP.Middleware.FollowRedirects] + [Tesla.Middleware.FollowRedirects, Pleroma.Tesla.Middleware.ConnectionPool] end defp adapter_middlewares(_), do: [] diff --git a/lib/pleroma/tesla/middleware/connection_pool.ex b/lib/pleroma/tesla/middleware/connection_pool.ex new file mode 100644 index 000000000..a435ab4cc --- /dev/null +++ b/lib/pleroma/tesla/middleware/connection_pool.ex @@ -0,0 +1,35 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Tesla.Middleware.ConnectionPool do + @moduledoc """ + Middleware to get/release connections from `Pleroma.Gun.ConnectionPool` + """ + + @behaviour Tesla.Middleware + + alias Pleroma.Gun.ConnectionPool + + @impl Tesla.Middleware + def call(%Tesla.Env{url: url, opts: opts} = env, next, _) do + uri = URI.parse(url) + + case ConnectionPool.get_conn(uri, opts[:adapter]) do + {:ok, conn_pid} -> + adapter_opts = Keyword.merge(opts[:adapter], conn: conn_pid, close_conn: false) + opts = Keyword.put(opts, :adapter, adapter_opts) + env = %{env | opts: opts} + res = Tesla.run(env, next) + + unless opts[:adapter][:body_as] == :chunks do + ConnectionPool.release_conn(conn_pid) + end + + res + + err -> + err + end + end +end diff --git a/lib/pleroma/tesla/middleware/follow_redirects.ex b/lib/pleroma/tesla/middleware/follow_redirects.ex deleted file mode 100644 index 5a7032215..000000000 --- a/lib/pleroma/tesla/middleware/follow_redirects.ex +++ /dev/null @@ -1,110 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2015-2020 Tymon Tobolski <https://github.com/teamon/tesla/blob/master/lib/tesla/middleware/follow_redirects.ex> -# Copyright © 2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.HTTP.Middleware.FollowRedirects do - @moduledoc """ - Pool-aware version of https://github.com/teamon/tesla/blob/master/lib/tesla/middleware/follow_redirects.ex - - Follow 3xx redirects - ## Options - - `:max_redirects` - limit number of redirects (default: `5`) - """ - - alias Pleroma.Gun.ConnectionPool - - @behaviour Tesla.Middleware - - @max_redirects 5 - @redirect_statuses [301, 302, 303, 307, 308] - - @impl Tesla.Middleware - def call(env, next, opts \\ []) do - max = Keyword.get(opts, :max_redirects, @max_redirects) - - redirect(env, next, max) - end - - defp redirect(env, next, left) do - opts = env.opts[:adapter] - - case Tesla.run(env, next) do - {:ok, %{status: status} = res} when status in @redirect_statuses and left > 0 -> - release_conn(opts) - - case Tesla.get_header(res, "location") do - nil -> - {:ok, res} - - location -> - location = parse_location(location, res) - - case get_conn(location, opts) do - {:ok, opts} -> - %{env | opts: Keyword.put(env.opts, :adapter, opts)} - |> new_request(res.status, location) - |> redirect(next, left - 1) - - e -> - e - end - end - - {:ok, %{status: status}} when status in @redirect_statuses -> - release_conn(opts) - {:error, {__MODULE__, :too_many_redirects}} - - {:error, _} = e -> - release_conn(opts) - e - - other -> - unless opts[:body_as] == :chunks do - release_conn(opts) - end - - other - end - end - - defp get_conn(location, opts) do - uri = URI.parse(location) - - case ConnectionPool.get_conn(uri, opts) do - {:ok, conn} -> - {:ok, Keyword.merge(opts, conn: conn)} - - e -> - e - end - end - - defp release_conn(opts) do - ConnectionPool.release_conn(opts[:conn]) - end - - # The 303 (See Other) redirect was added in HTTP/1.1 to indicate that the originally - # requested resource is not available, however a related resource (or another redirect) - # available via GET is available at the specified location. - # https://tools.ietf.org/html/rfc7231#section-6.4.4 - defp new_request(env, 303, location), do: %{env | url: location, method: :get, query: []} - - # The 307 (Temporary Redirect) status code indicates that the target - # resource resides temporarily under a different URI and the user agent - # MUST NOT change the request method (...) - # https://tools.ietf.org/html/rfc7231#section-6.4.7 - defp new_request(env, 307, location), do: %{env | url: location} - - defp new_request(env, _, location), do: %{env | url: location, query: []} - - defp parse_location("https://" <> _rest = location, _env), do: location - defp parse_location("http://" <> _rest = location, _env), do: location - - defp parse_location(location, env) do - env.url - |> URI.parse() - |> URI.merge(location) - |> URI.to_string() - end -end From bce22937dc5c7545b9f104daf4b8ef9afaa65e75 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me> Date: Fri, 4 Sep 2020 09:15:58 +0200 Subject: [PATCH 075/264] mix.lock: Bump fast_html This update fixes an incorrect push to Hex that reverted the gcc-10 fix --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index afb4b06db..874ea9215 100644 --- a/mix.lock +++ b/mix.lock @@ -42,7 +42,7 @@ "ex_machina": {:hex, :ex_machina, "2.4.0", "09a34c5d371bfb5f78399029194a8ff67aff340ebe8ba19040181af35315eabb", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm", "a20bc9ddc721b33ea913b93666c5d0bdca5cbad7a67540784ae277228832d72c"}, "ex_syslogger": {:hex, :ex_syslogger, "1.5.2", "72b6aa2d47a236e999171f2e1ec18698740f40af0bd02c8c650bf5f1fd1bac79", [:mix], [{:poison, ">= 1.5.0", [hex: :poison, repo: "hexpm", optional: true]}, {:syslog, "~> 1.1.0", [hex: :syslog, repo: "hexpm", optional: false]}], "hexpm", "ab9fab4136dbc62651ec6f16fa4842f10cf02ab4433fa3d0976c01be99398399"}, "excoveralls": {:hex, :excoveralls, "0.13.1", "b9f1697f7c9e0cfe15d1a1d737fb169c398803ffcbc57e672aa007e9fd42864c", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "b4bb550e045def1b4d531a37fb766cbbe1307f7628bf8f0414168b3f52021cce"}, - "fast_html": {:hex, :fast_html, "2.0.3", "27289dea6c3a22952191a2d4e07f546c0de8a351484782c2e797dbae06a5dc8a", [:make, :mix], [{:elixir_make, "~> 0.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}], "hexpm", "17d41fa8afe4e912ffe74e13b87ddb085382cd2b7393636d338495c9a8a7b518"}, + "fast_html": {:hex, :fast_html, "2.0.4", "4910ee49f2f6b19692e3bf30bf97f1b6b7dac489cd6b0f34cd0fe3042c56ba30", [:make, :mix], [{:elixir_make, "~> 0.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}], "hexpm", "3bb49d541dfc02ad5e425904f53376d758c09f89e521afc7d2b174b3227761ea"}, "fast_sanitize": {:hex, :fast_sanitize, "0.2.2", "3cbbaebaea6043865dfb5b4ecb0f1af066ad410a51470e353714b10c42007b81", [:mix], [{:fast_html, "~> 2.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "69f204db9250afa94a0d559d9110139850f57de2b081719fbafa1e9a89e94466"}, "flake_id": {:hex, :flake_id, "0.1.0", "7716b086d2e405d09b647121a166498a0d93d1a623bead243e1f74216079ccb3", [:mix], [{:base62, "~> 1.2", [hex: :base62, repo: "hexpm", optional: false]}, {:ecto, ">= 2.0.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm", "31fc8090fde1acd267c07c36ea7365b8604055f897d3a53dd967658c691bd827"}, "floki": {:hex, :floki, "0.27.0", "6b29a14283f1e2e8fad824bc930eaa9477c462022075df6bea8f0ad811c13599", [:mix], [{:html_entities, "~> 0.5.0", [hex: :html_entities, repo: "hexpm", optional: false]}], "hexpm", "583b8c13697c37179f1f82443bcc7ad2f76fbc0bf4c186606eebd658f7f2631b"}, From 8bd2b6eb138ace3408a03c78ecc339fc35b19f10 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Fri, 4 Sep 2020 14:24:15 +0300 Subject: [PATCH 076/264] temp hackney fix --- lib/pleroma/http/adapter_helper/hackney.ex | 4 ++++ mix.exs | 5 ++++- mix.lock | 14 +++++++------- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/http/adapter_helper/hackney.ex b/lib/pleroma/http/adapter_helper/hackney.ex index f47a671ad..42e3acfec 100644 --- a/lib/pleroma/http/adapter_helper/hackney.ex +++ b/lib/pleroma/http/adapter_helper/hackney.ex @@ -22,5 +22,9 @@ def options(connection_opts \\ [], %URI{} = uri) do |> Pleroma.HTTP.AdapterHelper.maybe_add_proxy(proxy) end + defp add_scheme_opts(opts, %URI{scheme: "https"}) do + Keyword.put(opts, :ssl_options, versions: [:"tlsv1.2", :"tlsv1.1", :tlsv1]) + end + defp add_scheme_opts(opts, _), do: opts end diff --git a/mix.exs b/mix.exs index 4de0c78db..f734e4f61 100644 --- a/mix.exs +++ b/mix.exs @@ -195,7 +195,10 @@ defp deps do {:ex_machina, "~> 2.4", only: :test}, {:credo, "~> 1.4", only: [:dev, :test], runtime: false}, {:mock, "~> 0.3.5", only: :test}, - {:excoveralls, "~> 0.13.1", only: :test}, + # temporary downgrade for excoveralls, hackney and httpoison - until hackney max_connections bug will be fixed + {:excoveralls, "0.12.3", only: :test}, + {:hackney, "1.15.2"}, + {:httpoison, "1.6.2"}, {:mox, "~> 0.5", only: :test}, {:websocket_client, git: "https://github.com/jeremyong/websocket_client.git", only: :test} ] ++ oauth_deps() diff --git a/mix.lock b/mix.lock index 874ea9215..b97dd6342 100644 --- a/mix.lock +++ b/mix.lock @@ -11,7 +11,7 @@ "calendar": {:hex, :calendar, "1.0.0", "f52073a708528482ec33d0a171954ca610fe2bd28f1e871f247dc7f1565fa807", [:mix], [{:tzdata, "~> 0.5.20 or ~> 0.1.201603 or ~> 1.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "990e9581920c82912a5ee50e62ff5ef96da6b15949a2ee4734f935fdef0f0a6f"}, "captcha": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/elixir-captcha.git", "e0f16822d578866e186a0974d65ad58cddc1e2ab", [ref: "e0f16822d578866e186a0974d65ad58cddc1e2ab"]}, "castore": {:hex, :castore, "0.1.7", "1ca19eee705cde48c9e809e37fdd0730510752cc397745e550f6065a56a701e9", [:mix], [], "hexpm", "a2ae2c13d40e9c308387f1aceb14786dca019ebc2a11484fb2a9f797ea0aa0d8"}, - "certifi": {:hex, :certifi, "2.5.2", "b7cfeae9d2ed395695dd8201c57a2d019c0c43ecaf8b8bcb9320b40d6662f340", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "3b3b5f36493004ac3455966991eaf6e768ce9884693d9968055aeeeb1e575040"}, + "certifi": {:hex, :certifi, "2.5.1", "867ce347f7c7d78563450a18a6a28a8090331e77fa02380b4a21962a65d36ee5", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "805abd97539caf89ec6d4732c91e62ba9da0cda51ac462380bbd28ee697a8c42"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"}, "comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"}, "concurrent_limiter": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter.git", "55e92f84b4ed531bd487952a71040a9c69dc2807", [ref: "55e92f84b4ed531bd487952a71040a9c69dc2807"]}, @@ -41,7 +41,7 @@ "ex_doc": {:hex, :ex_doc, "0.22.2", "03a2a58bdd2ba0d83d004507c4ee113b9c521956938298eba16e55cc4aba4a6c", [:mix], [{:earmark_parser, "~> 1.4.0", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}], "hexpm", "cf60e1b3e2efe317095b6bb79651f83a2c1b3edcb4d319c421d7fcda8b3aff26"}, "ex_machina": {:hex, :ex_machina, "2.4.0", "09a34c5d371bfb5f78399029194a8ff67aff340ebe8ba19040181af35315eabb", [:mix], [{:ecto, "~> 2.2 or ~> 3.0", [hex: :ecto, repo: "hexpm", optional: true]}, {:ecto_sql, "~> 3.0", [hex: :ecto_sql, repo: "hexpm", optional: true]}], "hexpm", "a20bc9ddc721b33ea913b93666c5d0bdca5cbad7a67540784ae277228832d72c"}, "ex_syslogger": {:hex, :ex_syslogger, "1.5.2", "72b6aa2d47a236e999171f2e1ec18698740f40af0bd02c8c650bf5f1fd1bac79", [:mix], [{:poison, ">= 1.5.0", [hex: :poison, repo: "hexpm", optional: true]}, {:syslog, "~> 1.1.0", [hex: :syslog, repo: "hexpm", optional: false]}], "hexpm", "ab9fab4136dbc62651ec6f16fa4842f10cf02ab4433fa3d0976c01be99398399"}, - "excoveralls": {:hex, :excoveralls, "0.13.1", "b9f1697f7c9e0cfe15d1a1d737fb169c398803ffcbc57e672aa007e9fd42864c", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "b4bb550e045def1b4d531a37fb766cbbe1307f7628bf8f0414168b3f52021cce"}, + "excoveralls": {:hex, :excoveralls, "0.12.3", "2142be7cb978a3ae78385487edda6d1aff0e482ffc6123877bb7270a8ffbcfe0", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "568a3e616c264283f5dea5b020783ae40eef3f7ee2163f7a67cbd7b35bcadada"}, "fast_html": {:hex, :fast_html, "2.0.4", "4910ee49f2f6b19692e3bf30bf97f1b6b7dac489cd6b0f34cd0fe3042c56ba30", [:make, :mix], [{:elixir_make, "~> 0.4", [hex: :elixir_make, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}], "hexpm", "3bb49d541dfc02ad5e425904f53376d758c09f89e521afc7d2b174b3227761ea"}, "fast_sanitize": {:hex, :fast_sanitize, "0.2.2", "3cbbaebaea6043865dfb5b4ecb0f1af066ad410a51470e353714b10c42007b81", [:mix], [{:fast_html, "~> 2.0", [hex: :fast_html, repo: "hexpm", optional: false]}, {:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "69f204db9250afa94a0d559d9110139850f57de2b081719fbafa1e9a89e94466"}, "flake_id": {:hex, :flake_id, "0.1.0", "7716b086d2e405d09b647121a166498a0d93d1a623bead243e1f74216079ccb3", [:mix], [{:base62, "~> 1.2", [hex: :base62, repo: "hexpm", optional: false]}, {:ecto, ">= 2.0.0", [hex: :ecto, repo: "hexpm", optional: true]}], "hexpm", "31fc8090fde1acd267c07c36ea7365b8604055f897d3a53dd967658c691bd827"}, @@ -51,12 +51,12 @@ "gen_state_machine": {:hex, :gen_state_machine, "2.0.5", "9ac15ec6e66acac994cc442dcc2c6f9796cf380ec4b08267223014be1c728a95", [:mix], [], "hexpm"}, "gettext": {:hex, :gettext, "0.18.0", "406d6b9e0e3278162c2ae1de0a60270452c553536772167e2d701f028116f870", [:mix], [], "hexpm", "c3f850be6367ebe1a08616c2158affe4a23231c70391050bf359d5f92f66a571"}, "gun": {:git, "https://github.com/ninenines/gun.git", "921c47146b2d9567eac7e9a4d2ccc60fffd4f327", [ref: "921c47146b2d9567eac7e9a4d2ccc60fffd4f327"]}, - "hackney": {:hex, :hackney, "1.16.0", "5096ac8e823e3a441477b2d187e30dd3fff1a82991a806b2003845ce72ce2d84", [:rebar3], [{:certifi, "2.5.2", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "6.0.1", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.0", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.6", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm", "3bf0bebbd5d3092a3543b783bf065165fa5d3ad4b899b836810e513064134e18"}, + "hackney": {:hex, :hackney, "1.15.2", "07e33c794f8f8964ee86cebec1a8ed88db5070e52e904b8f12209773c1036085", [:rebar3], [{:certifi, "2.5.1", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "6.0.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.5", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm", "e0100f8ef7d1124222c11ad362c857d3df7cb5f4204054f9f0f4a728666591fc"}, "html_entities": {:hex, :html_entities, "0.5.1", "1c9715058b42c35a2ab65edc5b36d0ea66dd083767bef6e3edb57870ef556549", [:mix], [], "hexpm", "30efab070904eb897ff05cd52fa61c1025d7f8ef3a9ca250bc4e6513d16c32de"}, "html_sanitize_ex": {:hex, :html_sanitize_ex, "1.3.0", "f005ad692b717691203f940c686208aa3d8ffd9dd4bb3699240096a51fa9564e", [:mix], [{:mochiweb, "~> 2.15", [hex: :mochiweb, repo: "hexpm", optional: false]}], "hexpm"}, "http_signatures": {:hex, :http_signatures, "0.1.0", "4e4b501a936dbf4cb5222597038a89ea10781776770d2e185849fa829686b34c", [:mix], [], "hexpm", "f8a7b3731e3fd17d38fa6e343fcad7b03d6874a3b0a108c8568a71ed9c2cf824"}, - "httpoison": {:hex, :httpoison, "1.7.0", "abba7d086233c2d8574726227b6c2c4f6e53c4deae7fe5f6de531162ce9929a0", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "975cc87c845a103d3d1ea1ccfd68a2700c211a434d8428b10c323dc95dc5b980"}, - "idna": {:hex, :idna, "6.0.1", "1d038fb2e7668ce41fbf681d2c45902e52b3cb9e9c77b55334353b222c2ee50c", [:rebar3], [{:unicode_util_compat, "0.5.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a02c8a1c4fd601215bb0b0324c8a6986749f807ce35f25449ec9e69758708122"}, + "httpoison": {:hex, :httpoison, "1.6.2", "ace7c8d3a361cebccbed19c283c349b3d26991eff73a1eaaa8abae2e3c8089b6", [:mix], [{:hackney, "~> 1.15 and >= 1.15.2", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "aa2c74bd271af34239a3948779612f87df2422c2fdcfdbcec28d9c105f0773fe"}, + "idna": {:hex, :idna, "6.0.0", "689c46cbcdf3524c44d5f3dde8001f364cd7608a99556d8fbd8239a5798d4c10", [:rebar3], [{:unicode_util_compat, "0.4.1", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "4bdd305eb64e18b0273864920695cb18d7a2021f31a11b9c5fbcd9a253f936e2"}, "inet_cidr": {:hex, :inet_cidr, "1.0.4", "a05744ab7c221ca8e395c926c3919a821eb512e8f36547c062f62c4ca0cf3d6e", [:mix], [], "hexpm", "64a2d30189704ae41ca7dbdd587f5291db5d1dda1414e0774c29ffc81088c1bc"}, "jason": {:hex, :jason, "1.2.1", "12b22825e22f468c02eb3e4b9985f3d0cb8dc40b9bd704730efa11abd2708c44", [:mix], [{:decimal, "~> 1.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "b659b8571deedf60f79c5a608e15414085fa141344e2716fbd6988a084b5f993"}, "joken": {:hex, :joken, "2.2.0", "2daa1b12be05184aff7b5ace1d43ca1f81345962285fff3f88db74927c954d3a", [:mix], [{:jose, "~> 1.9", [hex: :jose, repo: "hexpm", optional: false]}], "hexpm", "b4f92e30388206f869dd25d1af628a1d99d7586e5cf0672f64d4df84c4d2f5e9"}, @@ -105,7 +105,7 @@ "recon": {:hex, :recon, "2.5.1", "430ffa60685ac1efdfb1fe4c97b8767c92d0d92e6e7c3e8621559ba77598678a", [:mix, :rebar3], [], "hexpm", "5721c6b6d50122d8f68cccac712caa1231f97894bab779eff5ff0f886cb44648"}, "remote_ip": {:git, "https://git.pleroma.social/pleroma/remote_ip.git", "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8", [ref: "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8"]}, "sleeplocks": {:hex, :sleeplocks, "1.1.1", "3d462a0639a6ef36cc75d6038b7393ae537ab394641beb59830a1b8271faeed3", [:rebar3], [], "hexpm", "84ee37aeff4d0d92b290fff986d6a95ac5eedf9b383fadfd1d88e9b84a1c02e1"}, - "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.6", "cf344f5692c82d2cd7554f5ec8fd961548d4fd09e7d22f5b62482e5aeaebd4b0", [:make, :mix, :rebar3], [], "hexpm", "bdb0d2471f453c88ff3908e7686f86f9be327d065cc1ec16fa4540197ea04680"}, + "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.5", "6eaf7ad16cb568bb01753dbbd7a95ff8b91c7979482b95f38443fe2c8852a79b", [:make, :mix, :rebar3], [], "hexpm", "13104d7897e38ed7f044c4de953a6c28597d1c952075eb2e328bc6d6f2bfc496"}, "sweet_xml": {:hex, :sweet_xml, "0.6.6", "fc3e91ec5dd7c787b6195757fbcf0abc670cee1e4172687b45183032221b66b8", [:mix], [], "hexpm", "2e1ec458f892ffa81f9f8386e3f35a1af6db7a7a37748a64478f13163a1f3573"}, "swoosh": {:hex, :swoosh, "1.0.0", "c547cfc83f30e12d5d1fdcb623d7de2c2e29a5becfc68bf8f42ba4d23d2c2756", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1 or ~> 2.4", [hex: :cowboy, repo: "hexpm", optional: true]}, {:gen_smtp, "~> 0.13", [hex: :gen_smtp, repo: "hexpm", optional: true]}, {:hackney, "~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:mail, "~> 0.2", [hex: :mail, repo: "hexpm", optional: true]}, {:mime, "~> 1.1", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_cowboy, ">= 1.0.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}], "hexpm", "b3b08e463f876cb6167f7168e9ad99a069a724e124bcee61847e0e1ed13f4a0d"}, "syslog": {:hex, :syslog, "1.1.0", "6419a232bea84f07b56dc575225007ffe34d9fdc91abe6f1b2f254fd71d8efc2", [:rebar3], [], "hexpm", "4c6a41373c7e20587be33ef841d3de6f3beba08519809329ecc4d27b15b659e1"}, @@ -115,7 +115,7 @@ "trailing_format_plug": {:hex, :trailing_format_plug, "0.0.7", "64b877f912cf7273bed03379936df39894149e35137ac9509117e59866e10e45", [:mix], [{:plug, "> 0.12.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bd4fde4c15f3e993a999e019d64347489b91b7a9096af68b2bdadd192afa693f"}, "tzdata": {:hex, :tzdata, "1.0.3", "73470ad29dde46e350c60a66e6b360d3b99d2d18b74c4c349dbebbc27a09a3eb", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "a6e1ee7003c4d04ecbd21dd3ec690d4c6662db5d3bbdd7262d53cdf5e7c746c1"}, "ueberauth": {:hex, :ueberauth, "0.6.3", "d42ace28b870e8072cf30e32e385579c57b9cc96ec74fa1f30f30da9c14f3cc0", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "afc293d8a1140d6591b53e3eaf415ca92842cb1d32fad3c450c6f045f7f91b60"}, - "unicode_util_compat": {:hex, :unicode_util_compat, "0.5.0", "8516502659002cec19e244ebd90d312183064be95025a319a6c7e89f4bccd65b", [:rebar3], [], "hexpm", "d48d002e15f5cc105a696cf2f1bbb3fc72b4b770a184d8420c8db20da2674b38"}, + "unicode_util_compat": {:hex, :unicode_util_compat, "0.4.1", "d869e4c68901dd9531385bb0c8c40444ebf624e60b6962d95952775cac5e90cd", [:rebar3], [], "hexpm", "1d1848c40487cdb0b30e8ed975e34e025860c02e419cb615d255849f3427439d"}, "unsafe": {:hex, :unsafe, "1.0.1", "a27e1874f72ee49312e0a9ec2e0b27924214a05e3ddac90e91727bc76f8613d8", [:mix], [], "hexpm", "6c7729a2d214806450d29766abc2afaa7a2cbecf415be64f36a6691afebb50e5"}, "web_push_encryption": {:hex, :web_push_encryption, "0.3.0", "598b5135e696fd1404dc8d0d7c0fa2c027244a4e5d5e5a98ba267f14fdeaabc8", [:mix], [{:httpoison, "~> 1.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}], "hexpm", "f10bdd1afe527ede694749fb77a2f22f146a51b054c7fa541c9fd920fba7c875"}, "websocket_client": {:git, "https://github.com/jeremyong/websocket_client.git", "9a6f65d05ebf2725d62fb19262b21f1805a59fbf", []}, From 473458b0fbecb05121b235f525aefcef34f0409e Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Fri, 4 Sep 2020 14:45:30 +0300 Subject: [PATCH 077/264] fix for ReverseProxy --- lib/pleroma/reverse_proxy/client/hackney.ex | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pleroma/reverse_proxy/client/hackney.ex b/lib/pleroma/reverse_proxy/client/hackney.ex index e84118a90..ad988fac3 100644 --- a/lib/pleroma/reverse_proxy/client/hackney.ex +++ b/lib/pleroma/reverse_proxy/client/hackney.ex @@ -7,6 +7,7 @@ defmodule Pleroma.ReverseProxy.Client.Hackney do @impl true def request(method, url, headers, body, opts \\ []) do + opts = Keyword.put(opts, :ssl_options, versions: [:"tlsv1.2", :"tlsv1.1", :tlsv1]) :hackney.request(method, url, headers, body, opts) end From 173b04df48abf1b40aa0aa4ba5de50c370687f56 Mon Sep 17 00:00:00 2001 From: Farhan Khan <farhan@farhan.codes> Date: Fri, 4 Sep 2020 18:03:58 +0000 Subject: [PATCH 078/264] Added cmake --- docs/installation/freebsd_en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index 130d68766..ca2575d9b 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -7,7 +7,7 @@ This document was written for FreeBSD 12.1, but should be work on future release This assumes the target system has `pkg(8)`. ``` -# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh +# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh cmake ``` Copy the rc.d scripts to the right directory: From 10da13c71343623a5e52beebdc6abc1f400bc40d Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Fri, 4 Sep 2020 22:10:40 +0300 Subject: [PATCH 079/264] ConnectionPool middleware: Fix connection leak on ReverseProxy redirects Requires a patched Tesla due to upstream not saving opts between redirects, patch submitted at https://github.com/teamon/tesla/pull/414 --- .../tesla/middleware/connection_pool.ex | 27 +++++++++++++------ mix.exs | 4 ++- mix.lock | 2 +- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/lib/pleroma/tesla/middleware/connection_pool.ex b/lib/pleroma/tesla/middleware/connection_pool.ex index a435ab4cc..5909e98d6 100644 --- a/lib/pleroma/tesla/middleware/connection_pool.ex +++ b/lib/pleroma/tesla/middleware/connection_pool.ex @@ -15,21 +15,32 @@ defmodule Pleroma.Tesla.Middleware.ConnectionPool do def call(%Tesla.Env{url: url, opts: opts} = env, next, _) do uri = URI.parse(url) + # Avoid leaking connections when the middleware is called twice + # with body_as: :chunks. We assume only the middleware can set + # opts[:adapter][:conn] + if opts[:adapter][:conn] do + ConnectionPool.release_conn(opts[:adapter][:conn]) + end + case ConnectionPool.get_conn(uri, opts[:adapter]) do {:ok, conn_pid} -> adapter_opts = Keyword.merge(opts[:adapter], conn: conn_pid, close_conn: false) opts = Keyword.put(opts, :adapter, adapter_opts) env = %{env | opts: opts} - res = Tesla.run(env, next) - unless opts[:adapter][:body_as] == :chunks do - ConnectionPool.release_conn(conn_pid) + case Tesla.run(env, next) do + {:ok, env} -> + unless opts[:adapter][:body_as] == :chunks do + ConnectionPool.release_conn(conn_pid) + {:ok, pop_in(env[:opts][:adapter][:conn])} + else + {:ok, env} + end + + err -> + ConnectionPool.release_conn(conn_pid) + err end - - res - - err -> - err end end end diff --git a/mix.exs b/mix.exs index 4de0c78db..c324960c5 100644 --- a/mix.exs +++ b/mix.exs @@ -134,7 +134,9 @@ defp deps do {:cachex, "~> 3.2"}, {:poison, "~> 3.0", override: true}, {:tesla, - github: "teamon/tesla", ref: "af3707078b10793f6a534938e56b963aff82fe3c", override: true}, + git: "https://git.pleroma.social/pleroma/elixir-libraries/tesla.git", + ref: "3a2789d8535f7b520ebbadc4494227e5ba0e5365", + override: true}, {:castore, "~> 0.1"}, {:cowlib, "~> 2.9", override: true}, {:gun, diff --git a/mix.lock b/mix.lock index 874ea9215..deb07eb68 100644 --- a/mix.lock +++ b/mix.lock @@ -110,7 +110,7 @@ "swoosh": {:hex, :swoosh, "1.0.0", "c547cfc83f30e12d5d1fdcb623d7de2c2e29a5becfc68bf8f42ba4d23d2c2756", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1 or ~> 2.4", [hex: :cowboy, repo: "hexpm", optional: true]}, {:gen_smtp, "~> 0.13", [hex: :gen_smtp, repo: "hexpm", optional: true]}, {:hackney, "~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:mail, "~> 0.2", [hex: :mail, repo: "hexpm", optional: true]}, {:mime, "~> 1.1", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_cowboy, ">= 1.0.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}], "hexpm", "b3b08e463f876cb6167f7168e9ad99a069a724e124bcee61847e0e1ed13f4a0d"}, "syslog": {:hex, :syslog, "1.1.0", "6419a232bea84f07b56dc575225007ffe34d9fdc91abe6f1b2f254fd71d8efc2", [:rebar3], [], "hexpm", "4c6a41373c7e20587be33ef841d3de6f3beba08519809329ecc4d27b15b659e1"}, "telemetry": {:hex, :telemetry, "0.4.2", "2808c992455e08d6177322f14d3bdb6b625fbcfd233a73505870d8738a2f4599", [:rebar3], [], "hexpm", "2d1419bd9dda6a206d7b5852179511722e2b18812310d304620c7bd92a13fcef"}, - "tesla": {:git, "https://github.com/teamon/tesla.git", "af3707078b10793f6a534938e56b963aff82fe3c", [ref: "af3707078b10793f6a534938e56b963aff82fe3c"]}, + "tesla": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/tesla.git", "3a2789d8535f7b520ebbadc4494227e5ba0e5365", [ref: "3a2789d8535f7b520ebbadc4494227e5ba0e5365"]}, "timex": {:hex, :timex, "3.6.2", "845cdeb6119e2fef10751c0b247b6c59d86d78554c83f78db612e3290f819bc2", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5 or ~> 1.0.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "26030b46199d02a590be61c2394b37ea25a3664c02fafbeca0b24c972025d47a"}, "trailing_format_plug": {:hex, :trailing_format_plug, "0.0.7", "64b877f912cf7273bed03379936df39894149e35137ac9509117e59866e10e45", [:mix], [{:plug, "> 0.12.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bd4fde4c15f3e993a999e019d64347489b91b7a9096af68b2bdadd192afa693f"}, "tzdata": {:hex, :tzdata, "1.0.3", "73470ad29dde46e350c60a66e6b360d3b99d2d18b74c4c349dbebbc27a09a3eb", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "a6e1ee7003c4d04ecbd21dd3ec690d4c6662db5d3bbdd7262d53cdf5e7c746c1"}, From 9fd0e5e0dd5e4c2b1748ef604e780bb31e4ada89 Mon Sep 17 00:00:00 2001 From: James Alseth <james@jalseth.me> Date: Fri, 4 Sep 2020 19:19:56 -0700 Subject: [PATCH 080/264] Use TLS when adding Alpine community repository in Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index aa50e27ec..c210cf79c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ LABEL maintainer="ops@pleroma.social" \ ARG HOME=/opt/pleroma ARG DATA=/var/lib/pleroma -RUN echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories &&\ +RUN echo "https://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories &&\ apk update &&\ apk add exiftool imagemagick ncurses postgresql-client &&\ adduser --system --shell /bin/false --home ${HOME} pleroma &&\ From 0d91f65284f99bded89c0400e976e0ffa5bc202f Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me> Date: Fri, 4 Sep 2020 07:52:22 +0200 Subject: [PATCH 081/264] Prevent AccountView and instance.get_or_update_favicon fails --- lib/pleroma/instances/instance.ex | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/instances/instance.ex b/lib/pleroma/instances/instance.ex index 711c42158..ef5d17de4 100644 --- a/lib/pleroma/instances/instance.ex +++ b/lib/pleroma/instances/instance.ex @@ -145,6 +145,8 @@ def get_or_update_favicon(%URI{host: host} = instance_uri) do favicon end + rescue + _ -> nil end defp scrape_favicon(%URI{} = instance_uri) do @@ -159,7 +161,8 @@ defp scrape_favicon(%URI{} = instance_uri) do |> Floki.attribute("link[rel=icon]", "href") |> List.first(), favicon <- URI.merge(instance_uri, favicon_rel) |> to_string(), - true <- is_binary(favicon) do + true <- is_binary(favicon), + true <- String.length(favicon) <= 255 do favicon else _ -> nil From de7e2ae0b5c296d0896f5d3738cba0fcddfe54f1 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Sat, 5 Sep 2020 11:15:27 +0300 Subject: [PATCH 082/264] use override flag for hackney dependency --- mix.exs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/mix.exs b/mix.exs index f734e4f61..fc1a83d91 100644 --- a/mix.exs +++ b/mix.exs @@ -195,10 +195,9 @@ defp deps do {:ex_machina, "~> 2.4", only: :test}, {:credo, "~> 1.4", only: [:dev, :test], runtime: false}, {:mock, "~> 0.3.5", only: :test}, - # temporary downgrade for excoveralls, hackney and httpoison - until hackney max_connections bug will be fixed + # temporary downgrade for excoveralls, hackney until hackney max_connections bug will be fixed {:excoveralls, "0.12.3", only: :test}, - {:hackney, "1.15.2"}, - {:httpoison, "1.6.2"}, + {:hackney, "1.15.2", override: true}, {:mox, "~> 0.5", only: :test}, {:websocket_client, git: "https://github.com/jeremyong/websocket_client.git", only: :test} ] ++ oauth_deps() From c3b02341bf4ab610e9425d6811dca057e9f811a4 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov <ivantashkinov@gmail.com> Date: Sat, 5 Sep 2020 16:16:35 +0300 Subject: [PATCH 083/264] [#2497] Made media preview proxy fall back to media proxy instead of to source url. Adjusted tests. Refactoring. --- lib/pleroma/helpers/media_helper.ex | 6 ++- lib/pleroma/web/media_proxy/media_proxy.ex | 4 +- .../web/media_proxy/media_proxy_controller.ex | 50 ++++++++++--------- .../mastodon_api/views/account_view_test.exs | 33 ++++++------ 4 files changed, 51 insertions(+), 42 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index cfb091f82..bb93d4915 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -7,12 +7,14 @@ defmodule Pleroma.Helpers.MediaHelper do Handles common media-related operations. """ + alias Pleroma.HTTP + @tmp_base "/tmp/pleroma-media_preview-pipe" def image_resize(url, options) do with executable when is_binary(executable) <- System.find_executable("convert"), {:ok, args} <- prepare_image_resize_args(options), - {:ok, env} <- Pleroma.HTTP.get(url, [], [adapter: [pool: :preview]]), + {:ok, env} <- HTTP.get(url, [], adapter: [pool: :preview]), {:ok, fifo_path} <- mkfifo() do args = List.flatten([fifo_path, args]) run_fifo(fifo_path, env, executable, args) @@ -60,7 +62,7 @@ defp prepare_image_resize_args(_), do: {:error, :missing_options} def video_framegrab(url) do with executable when is_binary(executable) <- System.find_executable("ffmpeg"), - {:ok, env} <- Pleroma.HTTP.get(url, [], [adapter: [pool: :preview]]), + {:ok, env} <- HTTP.get(url, [], adapter: [pool: :preview]), {:ok, fifo_path} <- mkfifo(), args = [ "-y", diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index 4cbe1cf89..80017cde1 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -57,13 +57,11 @@ def url_proxiable?(url) do end end - # Note: routing all URLs to preview handler (even local and whitelisted). - # Preview handler will call url/1 on decoded URLs, and applicable ones will detour media proxy. def preview_url(url, preview_params \\ []) do if preview_enabled?() do encode_preview_url(url, preview_params) else - url + url(url) end end diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 33daa1e05..469fbae59 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -48,10 +48,12 @@ def preview(conn, %{"sig" => sig64, "url" => url64}) do end defp handle_preview(conn, url) do + media_proxy_url = MediaProxy.url(url) + with {:ok, %{status: status} = head_response} when status in 200..299 <- - Pleroma.HTTP.request("head", MediaProxy.url(url), [], [], [adapter: [pool: :preview]]) do + Pleroma.HTTP.request("head", media_proxy_url, [], [], adapter: [pool: :preview]) do content_type = Tesla.get_header(head_response, "content-type") - handle_preview(content_type, conn, url) + handle_preview(content_type, conn, media_proxy_url) else {_, %{status: status}} -> send_resp(conn, :failed_dependency, "Can't fetch HTTP headers (HTTP #{status}).") @@ -67,40 +69,38 @@ defp handle_preview(conn, url) do defp handle_preview( "image/" <> _ = _content_type, %{params: %{"output_format" => "jpeg"}} = conn, - url + media_proxy_url ) do - handle_jpeg_preview(conn, url) + handle_jpeg_preview(conn, media_proxy_url) end - defp handle_preview("image/gif" = _content_type, conn, url) do - mediaproxy_url = url |> MediaProxy.url() - - redirect(conn, external: mediaproxy_url) + defp handle_preview("image/gif" = _content_type, conn, media_proxy_url) do + redirect(conn, external: media_proxy_url) end - defp handle_preview("image/png" <> _ = _content_type, conn, url) do - handle_png_preview(conn, url) + defp handle_preview("image/png" <> _ = _content_type, conn, media_proxy_url) do + handle_png_preview(conn, media_proxy_url) end - defp handle_preview("image/" <> _ = _content_type, conn, url) do - handle_jpeg_preview(conn, url) + defp handle_preview("image/" <> _ = _content_type, conn, media_proxy_url) do + handle_jpeg_preview(conn, media_proxy_url) end - defp handle_preview("video/" <> _ = _content_type, conn, url) do - handle_video_preview(conn, url) + defp handle_preview("video/" <> _ = _content_type, conn, media_proxy_url) do + handle_video_preview(conn, media_proxy_url) end - defp handle_preview(content_type, conn, _url) do + defp handle_preview(content_type, conn, _media_proxy_url) do send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.") end - defp handle_png_preview(%{params: params} = conn, url) do + defp handle_png_preview(%{params: params} = conn, media_proxy_url) do quality = Config.get!([:media_preview_proxy, :image_quality]) with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), {:ok, thumbnail_binary} <- MediaHelper.image_resize( - url, + media_proxy_url, %{ max_width: thumbnail_max_width, max_height: thumbnail_max_height, @@ -109,7 +109,7 @@ defp handle_png_preview(%{params: params} = conn, url) do } ) do conn - |> put_preview_response_headers("image/png", "preview.png") + |> put_preview_response_headers(["image/png", "preview.png"]) |> send_resp(200, thumbnail_binary) else _ -> @@ -117,13 +117,13 @@ defp handle_png_preview(%{params: params} = conn, url) do end end - defp handle_jpeg_preview(%{params: params} = conn, url) do + defp handle_jpeg_preview(%{params: params} = conn, media_proxy_url) do quality = Config.get!([:media_preview_proxy, :image_quality]) with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), {:ok, thumbnail_binary} <- MediaHelper.image_resize( - url, + media_proxy_url, %{max_width: thumbnail_max_width, max_height: thumbnail_max_height, quality: quality} ) do conn @@ -135,9 +135,9 @@ defp handle_jpeg_preview(%{params: params} = conn, url) do end end - defp handle_video_preview(conn, url) do + defp handle_video_preview(conn, media_proxy_url) do with {:ok, thumbnail_binary} <- - MediaHelper.video_framegrab(url) do + MediaHelper.video_framegrab(media_proxy_url) do conn |> put_preview_response_headers() |> send_resp(200, thumbnail_binary) @@ -147,10 +147,14 @@ defp handle_video_preview(conn, url) do end end - defp put_preview_response_headers(conn, content_type \\ "image/jpeg", filename \\ "preview.jpg") do + defp put_preview_response_headers( + conn, + [content_type, filename] = _content_info \\ ["image/jpeg", "preview.jpg"] + ) do conn |> put_resp_header("content-type", content_type) |> put_resp_header("content-disposition", "inline; filename=\"#{filename}\"") + # TODO: enable caching |> put_resp_header("cache-control", "max-age=0, private, must-revalidate") end diff --git a/test/web/mastodon_api/views/account_view_test.exs b/test/web/mastodon_api/views/account_view_test.exs index 8f37efa3c..2f56d9c8f 100644 --- a/test/web/mastodon_api/views/account_view_test.exs +++ b/test/web/mastodon_api/views/account_view_test.exs @@ -541,8 +541,9 @@ test "shows non-zero when historical unapproved requests are present" do end end - test "uses mediaproxy urls when it's enabled" do + test "uses mediaproxy urls when it's enabled (regardless of media preview proxy state)" do clear_config([:media_proxy, :enabled], true) + clear_config([:media_preview_proxy, :enabled]) user = insert(:user, @@ -551,20 +552,24 @@ test "uses mediaproxy urls when it's enabled" do emoji: %{"joker_smile" => "https://evil.website/society.png"} ) - AccountView.render("show.json", %{user: user, skip_visibility_check: true}) - |> Enum.all?(fn - {key, url} when key in [:avatar, :avatar_static, :header, :header_static] -> - String.starts_with?(url, Pleroma.Web.base_url()) + with media_preview_enabled <- [false, true] do + Config.put([:media_preview_proxy, :enabled], media_preview_enabled) - {:emojis, emojis} -> - Enum.all?(emojis, fn %{url: url, static_url: static_url} -> - String.starts_with?(url, Pleroma.Web.base_url()) && - String.starts_with?(static_url, Pleroma.Web.base_url()) - end) + AccountView.render("show.json", %{user: user, skip_visibility_check: true}) + |> Enum.all?(fn + {key, url} when key in [:avatar, :avatar_static, :header, :header_static] -> + String.starts_with?(url, Pleroma.Web.base_url()) - _ -> - true - end) - |> assert() + {:emojis, emojis} -> + Enum.all?(emojis, fn %{url: url, static_url: static_url} -> + String.starts_with?(url, Pleroma.Web.base_url()) && + String.starts_with?(static_url, Pleroma.Web.base_url()) + end) + + _ -> + true + end) + |> assert() + end end end From f170d471307ba0082b98351190b3d6b808bdfe1a Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov <ivantashkinov@gmail.com> Date: Sat, 5 Sep 2020 20:19:09 +0300 Subject: [PATCH 084/264] [#2497] Adjusted media proxy preview invalidation. Allowed client-side caching for media preview. Adjusted prewarmer to fetch only proxiable URIs. Removed :preview pool in favor of existing :media one. Misc. refactoring. --- config/config.exs | 5 ---- lib/pleroma/helpers/media_helper.ex | 4 +-- lib/pleroma/reverse_proxy/reverse_proxy.ex | 1 + .../mrf/media_proxy_warming_policy.ex | 27 +++++++++++-------- lib/pleroma/web/media_proxy/invalidation.ex | 4 ++- lib/pleroma/web/media_proxy/media_proxy.ex | 20 +++++++------- .../web/media_proxy/media_proxy_controller.ex | 5 ++-- 7 files changed, 34 insertions(+), 32 deletions(-) diff --git a/config/config.exs b/config/config.exs index b92d3ccbb..e5b7e18df 100644 --- a/config/config.exs +++ b/config/config.exs @@ -754,11 +754,6 @@ timeout: 10_000 ], media: [ - size: 50, - max_waiting: 10, - timeout: 10_000 - ], - preview: [ size: 50, max_waiting: 20, timeout: 15_000 diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index bb93d4915..a1205e10d 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -14,7 +14,7 @@ defmodule Pleroma.Helpers.MediaHelper do def image_resize(url, options) do with executable when is_binary(executable) <- System.find_executable("convert"), {:ok, args} <- prepare_image_resize_args(options), - {:ok, env} <- HTTP.get(url, [], adapter: [pool: :preview]), + {:ok, env} <- HTTP.get(url, [], adapter: [pool: :media]), {:ok, fifo_path} <- mkfifo() do args = List.flatten([fifo_path, args]) run_fifo(fifo_path, env, executable, args) @@ -62,7 +62,7 @@ defp prepare_image_resize_args(_), do: {:error, :missing_options} def video_framegrab(url) do with executable when is_binary(executable) <- System.find_executable("ffmpeg"), - {:ok, env} <- HTTP.get(url, [], adapter: [pool: :preview]), + {:ok, env} <- HTTP.get(url, [], adapter: [pool: :media]), {:ok, fifo_path} <- mkfifo(), args = [ "-y", diff --git a/lib/pleroma/reverse_proxy/reverse_proxy.ex b/lib/pleroma/reverse_proxy/reverse_proxy.ex index 35637e934..8ae1157df 100644 --- a/lib/pleroma/reverse_proxy/reverse_proxy.ex +++ b/lib/pleroma/reverse_proxy/reverse_proxy.ex @@ -18,6 +18,7 @@ defmodule Pleroma.ReverseProxy do @methods ~w(GET HEAD) def max_read_duration_default, do: @max_read_duration + def default_cache_control_header, do: @default_cache_control_header @moduledoc """ A reverse proxy. diff --git a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex index 5d8bb72aa..1050b74ba 100644 --- a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex @@ -12,23 +12,28 @@ defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy do require Logger - @options [ + @adapter_options [ pool: :media ] def perform(:prefetch, url) do - Logger.debug("Prefetching #{inspect(url)}") + # Fetching only proxiable resources + if MediaProxy.enabled?() and MediaProxy.url_proxiable?(url) do + # If preview proxy is enabled, it'll also hit media proxy (so we're caching both requests) + prefetch_url = MediaProxy.preview_url(url) - opts = - if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do - Keyword.put(@options, :recv_timeout, 10_000) - else - @options - end + Logger.debug("Prefetching #{inspect(url)} as #{inspect(prefetch_url)}") - url - |> MediaProxy.preview_url() - |> HTTP.get([], adapter: opts) + HTTP.get(prefetch_url, [], adapter: adapter_options()) + end + end + + defp adapter_options do + if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do + Keyword.put(@adapter_options, :recv_timeout, 10_000) + else + @adapter_options + end end def perform(:preload, %{"object" => %{"attachment" => attachments}} = _message) do diff --git a/lib/pleroma/web/media_proxy/invalidation.ex b/lib/pleroma/web/media_proxy/invalidation.ex index 5808861e6..4f4340478 100644 --- a/lib/pleroma/web/media_proxy/invalidation.ex +++ b/lib/pleroma/web/media_proxy/invalidation.ex @@ -33,6 +33,8 @@ defp do_purge(urls) do def prepare_urls(urls) do urls |> List.wrap() - |> Enum.map(&MediaProxy.url/1) + |> Enum.map(fn url -> [MediaProxy.url(url), MediaProxy.preview_url(url)] end) + |> List.flatten() + |> Enum.uniq() end end diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index 80017cde1..ba553998b 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -41,20 +41,16 @@ def url(url) when is_nil(url) or url == "", do: nil def url("/" <> _ = url), do: url def url(url) do - if not enabled?() or not url_proxiable?(url) do - url - else + if enabled?() and url_proxiable?(url) do encode_url(url) + else + url end end @spec url_proxiable?(String.t()) :: boolean() def url_proxiable?(url) do - if local?(url) or whitelisted?(url) do - false - else - true - end + not local?(url) and not whitelisted?(url) end def preview_url(url, preview_params \\ []) do @@ -69,7 +65,7 @@ def enabled?, do: Config.get([:media_proxy, :enabled], false) # Note: media proxy must be enabled for media preview proxy in order to load all # non-local non-whitelisted URLs through it and be sure that body size constraint is preserved. - def preview_enabled?, do: enabled?() and Config.get([:media_preview_proxy, :enabled], false) + def preview_enabled?, do: enabled?() and !!Config.get([:media_preview_proxy, :enabled]) def local?(url), do: String.starts_with?(url, Pleroma.Web.base_url()) @@ -138,9 +134,13 @@ def filename(url_or_path) do if path = URI.parse(url_or_path).path, do: Path.basename(path) end + def base_url do + Config.get([:media_proxy, :base_url], Web.base_url()) + end + defp proxy_url(path, sig_base64, url_base64, filename) do [ - Config.get([:media_proxy, :base_url], Web.base_url()), + base_url(), path, sig_base64, url_base64, diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 469fbae59..89f4a23bd 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -51,7 +51,7 @@ defp handle_preview(conn, url) do media_proxy_url = MediaProxy.url(url) with {:ok, %{status: status} = head_response} when status in 200..299 <- - Pleroma.HTTP.request("head", media_proxy_url, [], [], adapter: [pool: :preview]) do + Pleroma.HTTP.request("head", media_proxy_url, [], [], adapter: [pool: :media]) do content_type = Tesla.get_header(head_response, "content-type") handle_preview(content_type, conn, media_proxy_url) else @@ -154,8 +154,7 @@ defp put_preview_response_headers( conn |> put_resp_header("content-type", content_type) |> put_resp_header("content-disposition", "inline; filename=\"#{filename}\"") - # TODO: enable caching - |> put_resp_header("cache-control", "max-age=0, private, must-revalidate") + |> put_resp_header("cache-control", ReverseProxy.default_cache_control_header()) end defp thumbnail_max_dimensions(params) do From 88a6ee4a5989036de5c1e82c6111291887597d98 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov <ivantashkinov@gmail.com> Date: Sat, 5 Sep 2020 20:23:18 +0300 Subject: [PATCH 085/264] [#2497] Func defs grouping fix. --- .../mrf/media_proxy_warming_policy.ex | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex index 1050b74ba..6c63fe15c 100644 --- a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex @@ -16,6 +16,14 @@ defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy do pool: :media ] + defp adapter_options do + if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do + Keyword.put(@adapter_options, :recv_timeout, 10_000) + else + @adapter_options + end + end + def perform(:prefetch, url) do # Fetching only proxiable resources if MediaProxy.enabled?() and MediaProxy.url_proxiable?(url) do @@ -28,14 +36,6 @@ def perform(:prefetch, url) do end end - defp adapter_options do - if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do - Keyword.put(@adapter_options, :recv_timeout, 10_000) - else - @adapter_options - end - end - def perform(:preload, %{"object" => %{"attachment" => attachments}} = _message) do Enum.each(attachments, fn %{"url" => url} when is_list(url) -> From e198ba492e5cb1b6ff81775db08298bfcdf1454a Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Sat, 5 Sep 2020 12:37:27 +0300 Subject: [PATCH 086/264] Rich Media: Do not cache URLs for preview statuses Closes #1987 --- CHANGELOG.md | 1 + lib/pleroma/html.ex | 32 +++++++++------- lib/pleroma/web/rich_media/helpers.ex | 2 +- test/html_test.exs | 14 +++---- .../controllers/status_controller_test.exs | 38 ++++++++++++++++++- 5 files changed, 65 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cdd5b94a8..4662045ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers - Mastodon API: Timelines hanging for (`number of posts with links * rich media timeout`) in the worst case. Reduced to just rich media timeout. +- Mastodon API: Cards being wrong for preview statuses due to cache key collision - Password resets no longer processed for deactivated accounts ## [2.1.0] - 2020-08-28 diff --git a/lib/pleroma/html.ex b/lib/pleroma/html.ex index 20b02f091..43e9145be 100644 --- a/lib/pleroma/html.ex +++ b/lib/pleroma/html.ex @@ -100,21 +100,27 @@ defp generate_scrubber_signature(scrubbers) do end) end - def extract_first_external_url(_, nil), do: {:error, "No content"} + def extract_first_external_url_from_object(%{data: %{"content" => content}} = object) + when is_binary(content) do + unless object.data["fake"] do + key = "URL|#{object.id}" - def extract_first_external_url(object, content) do - key = "URL|#{object.id}" + Cachex.fetch!(:scrubber_cache, key, fn _key -> + {:commit, {:ok, extract_first_external_url(content)}} + end) + else + {:ok, extract_first_external_url(content)} + end + end - Cachex.fetch!(:scrubber_cache, key, fn _key -> - result = - content - |> Floki.parse_fragment!() - |> Floki.find("a:not(.mention,.hashtag,.attachment,[rel~=\"tag\"])") - |> Enum.take(1) - |> Floki.attribute("href") - |> Enum.at(0) + def extract_first_external_url_from_object(_), do: {:error, :no_content} - {:commit, {:ok, result}} - end) + def extract_first_external_url(content) do + content + |> Floki.parse_fragment!() + |> Floki.find("a:not(.mention,.hashtag,.attachment,[rel~=\"tag\"])") + |> Enum.take(1) + |> Floki.attribute("href") + |> Enum.at(0) end end diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index 2fb482b51..752ca9f81 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -58,7 +58,7 @@ def fetch_data_for_object(object) do with true <- Config.get([:rich_media, :enabled]), false <- object.data["sensitive"] || false, {:ok, page_url} <- - HTML.extract_first_external_url(object, object.data["content"]), + HTML.extract_first_external_url_from_object(object), :ok <- validate_page_url(page_url), {:ok, rich_media} <- Parser.parse(page_url) do %{page_url: page_url, rich_media: rich_media} diff --git a/test/html_test.exs b/test/html_test.exs index f8907c8b4..7d3756884 100644 --- a/test/html_test.exs +++ b/test/html_test.exs @@ -165,7 +165,7 @@ test "filters invalid microformats markup" do end end - describe "extract_first_external_url" do + describe "extract_first_external_url_from_object" do test "extracts the url" do user = insert(:user) @@ -176,7 +176,7 @@ test "extracts the url" do }) object = Object.normalize(activity) - {:ok, url} = HTML.extract_first_external_url(object, object.data["content"]) + {:ok, url} = HTML.extract_first_external_url_from_object(object) assert url == "https://github.com/komeiji-satori/Dress" end @@ -191,7 +191,7 @@ test "skips mentions" do }) object = Object.normalize(activity) - {:ok, url} = HTML.extract_first_external_url(object, object.data["content"]) + {:ok, url} = HTML.extract_first_external_url_from_object(object) assert url == "https://github.com/syuilo/misskey/blob/develop/docs/setup.en.md" @@ -207,7 +207,7 @@ test "skips hashtags" do }) object = Object.normalize(activity) - {:ok, url} = HTML.extract_first_external_url(object, object.data["content"]) + {:ok, url} = HTML.extract_first_external_url_from_object(object) assert url == "https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140" end @@ -223,7 +223,7 @@ test "skips microformats hashtags" do }) object = Object.normalize(activity) - {:ok, url} = HTML.extract_first_external_url(object, object.data["content"]) + {:ok, url} = HTML.extract_first_external_url_from_object(object) assert url == "https://www.pixiv.net/member_illust.php?mode=medium&illust_id=72255140" end @@ -235,7 +235,7 @@ test "does not crash when there is an HTML entity in a link" do object = Object.normalize(activity) - assert {:ok, nil} = HTML.extract_first_external_url(object, object.data["content"]) + assert {:ok, nil} = HTML.extract_first_external_url_from_object(object) end test "skips attachment links" do @@ -249,7 +249,7 @@ test "skips attachment links" do object = Object.normalize(activity) - assert {:ok, nil} = HTML.extract_first_external_url(object, object.data["content"]) + assert {:ok, nil} = HTML.extract_first_external_url_from_object(object) end end end diff --git a/test/web/mastodon_api/controllers/status_controller_test.exs b/test/web/mastodon_api/controllers/status_controller_test.exs index 5955d8334..f221884e7 100644 --- a/test/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/web/mastodon_api/controllers/status_controller_test.exs @@ -296,9 +296,45 @@ test "posting a fake status", %{conn: conn} do assert real_status == fake_status end + test "fake statuses' preview card is not cached", %{conn: conn} do + clear_config([:rich_media, :enabled], true) + + Tesla.Mock.mock(fn + %{ + method: :get, + url: "https://example.com/twitter-card" + } -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/rich_media/twitter_card.html")} + + env -> + apply(HttpRequestMock, :request, [env]) + end) + + conn1 = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses", %{ + "status" => "https://example.com/ogp", + "preview" => true + }) + + conn2 = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses", %{ + "status" => "https://example.com/twitter-card", + "preview" => true + }) + + assert %{"card" => %{"title" => "The Rock"}} = json_response_and_validate_schema(conn1, 200) + + assert %{"card" => %{"title" => "Small Island Developing States Photo Submission"}} = + json_response_and_validate_schema(conn2, 200) + end + test "posting a status with OGP link preview", %{conn: conn} do Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end) - Config.put([:rich_media, :enabled], true) + clear_config([:rich_media, :enabled], true) conn = conn From 5298de3be6683022fa53cc011dd567e8b2a706b9 Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Sat, 5 Sep 2020 21:17:03 +0300 Subject: [PATCH 087/264] ConnectionPool middleware: fix a crash due to unimplemented behaviour Structs don't implement Access behaviour, so this crashed. Tests didn't catch it and I didn't test that part of the codepath. Very sorry --- lib/pleroma/tesla/middleware/connection_pool.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/tesla/middleware/connection_pool.ex b/lib/pleroma/tesla/middleware/connection_pool.ex index 5909e98d6..049db6eb3 100644 --- a/lib/pleroma/tesla/middleware/connection_pool.ex +++ b/lib/pleroma/tesla/middleware/connection_pool.ex @@ -32,7 +32,7 @@ def call(%Tesla.Env{url: url, opts: opts} = env, next, _) do {:ok, env} -> unless opts[:adapter][:body_as] == :chunks do ConnectionPool.release_conn(conn_pid) - {:ok, pop_in(env[:opts][:adapter][:conn])} + {:ok, pop_in(env.opts[:adapter][:conn])} else {:ok, env} end From 9d6aca5bee6f90f3c0af5a5353f052108c9def62 Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Sat, 5 Sep 2020 21:27:06 +0300 Subject: [PATCH 088/264] ConnectionPool: fix the previous hotfix I rushed the hotfix and forgot how `pop_in` actually works, I want to die. We need some integration tests for the HTTP client --- lib/pleroma/tesla/middleware/connection_pool.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/tesla/middleware/connection_pool.ex b/lib/pleroma/tesla/middleware/connection_pool.ex index 049db6eb3..2c5a2b53b 100644 --- a/lib/pleroma/tesla/middleware/connection_pool.ex +++ b/lib/pleroma/tesla/middleware/connection_pool.ex @@ -32,7 +32,8 @@ def call(%Tesla.Env{url: url, opts: opts} = env, next, _) do {:ok, env} -> unless opts[:adapter][:body_as] == :chunks do ConnectionPool.release_conn(conn_pid) - {:ok, pop_in(env.opts[:adapter][:conn])} + {_, res} = pop_in(env.opts[:adapter][:conn]) + {:ok, res} else {:ok, env} end From 129a2f48df95ddd85fceee741a9991a6e092ed3d Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Sat, 5 Sep 2020 21:36:17 +0300 Subject: [PATCH 089/264] ConnectionPool middleware: handle connection opening errors --- lib/pleroma/tesla/middleware/connection_pool.ex | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/pleroma/tesla/middleware/connection_pool.ex b/lib/pleroma/tesla/middleware/connection_pool.ex index 2c5a2b53b..056e736ce 100644 --- a/lib/pleroma/tesla/middleware/connection_pool.ex +++ b/lib/pleroma/tesla/middleware/connection_pool.ex @@ -42,6 +42,9 @@ def call(%Tesla.Env{url: url, opts: opts} = env, next, _) do ConnectionPool.release_conn(conn_pid) err end + + err -> + err end end end From 170599c390e7c82bdff0d4180d04b2f0f3906f35 Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Sat, 5 Sep 2020 22:00:51 +0300 Subject: [PATCH 090/264] RichMedia: do not log webpages missing metadata as errors Also fixes the return value of Parser.parse on errors, previously was just `:ok` due to the logger call in the end --- lib/pleroma/web/rich_media/parser.ex | 11 ++++++++--- test/web/rich_media/parser_test.exs | 4 +--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/rich_media/parser.ex b/lib/pleroma/web/rich_media/parser.ex index e98c743ca..5727fda18 100644 --- a/lib/pleroma/web/rich_media/parser.ex +++ b/lib/pleroma/web/rich_media/parser.ex @@ -21,8 +21,13 @@ def parse(url) do {:ok, _} <- set_ttl_based_on_image(data, url) do {:ok, data} else + {:error, {:invalid_metadata, data}} = e -> + Logger.debug(fn -> "Incomplete or invalid metadata for #{url}: #{inspect(data)}" end) + e + error -> - Logger.error(fn -> "Rich media error: #{inspect(error)}" end) + Logger.error(fn -> "Rich media error for #{url}: #{inspect(error)}" end) + error end end @@ -90,7 +95,7 @@ defp get_ttl_from_image(data, url) do end) end - defp parse_url(url) do + def parse_url(url) do with {:ok, %Tesla.Env{body: html}} <- Pleroma.Web.RichMedia.Helpers.rich_media_get(url), {:ok, html} <- Floki.parse_document(html) do html @@ -116,7 +121,7 @@ defp check_parsed_data(%{"title" => title} = data) end defp check_parsed_data(data) do - {:error, "Found metadata was invalid or incomplete: #{inspect(data)}"} + {:error, {:invalid_metadata, data}} end defp clean_parsed_data(data) do diff --git a/test/web/rich_media/parser_test.exs b/test/web/rich_media/parser_test.exs index 1e09cbf84..21ae35f8b 100644 --- a/test/web/rich_media/parser_test.exs +++ b/test/web/rich_media/parser_test.exs @@ -66,9 +66,7 @@ test "returns error when no metadata present" do end test "doesn't just add a title" do - assert Parser.parse("http://example.com/non-ogp") == - {:error, - "Found metadata was invalid or incomplete: %{\"url\" => \"http://example.com/non-ogp\"}"} + assert {:error, {:invalid_metadata, _}} = Parser.parse("http://example.com/non-ogp") end test "parses ogp" do From 0b4fa769f4332e50cdc5f643bada18f2e50430de Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Sun, 6 Sep 2020 11:38:38 +0300 Subject: [PATCH 091/264] Add a copy of CC-BY-4.0 to the repo We mentined it in COPYING, but didn't actually have a copy in the repo. --- CC-BY-4.0 | 395 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 395 insertions(+) create mode 100644 CC-BY-4.0 diff --git a/CC-BY-4.0 b/CC-BY-4.0 new file mode 100644 index 000000000..4ea99c213 --- /dev/null +++ b/CC-BY-4.0 @@ -0,0 +1,395 @@ +Attribution 4.0 International + +======================================================================= + +Creative Commons Corporation ("Creative Commons") is not a law firm and +does not provide legal services or legal advice. Distribution of +Creative Commons public licenses does not create a lawyer-client or +other relationship. Creative Commons makes its licenses and related +information available on an "as-is" basis. Creative Commons gives no +warranties regarding its licenses, any material licensed under their +terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the +fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and +conditions that creators and other rights holders may use to share +original works of authorship and other material subject to copyright +and certain other rights specified in the public license below. The +following considerations are for informational purposes only, are not +exhaustive, and do not form part of our licenses. + + Considerations for licensors: Our public licenses are + intended for use by those authorized to give the public + permission to use material in ways otherwise restricted by + copyright and certain other rights. Our licenses are + irrevocable. Licensors should read and understand the terms + and conditions of the license they choose before applying it. + Licensors should also secure all rights necessary before + applying our licenses so that the public can reuse the + material as expected. Licensors should clearly mark any + material not subject to the license. This includes other CC- + licensed material, or material used under an exception or + limitation to copyright. More considerations for licensors: + wiki.creativecommons.org/Considerations_for_licensors + + Considerations for the public: By using one of our public + licenses, a licensor grants the public permission to use the + licensed material under specified terms and conditions. If + the licensor's permission is not necessary for any reason--for + example, because of any applicable exception or limitation to + copyright--then that use is not regulated by the license. Our + licenses grant only permissions under copyright and certain + other rights that a licensor has authority to grant. Use of + the licensed material may still be restricted for other + reasons, including because others have copyright or other + rights in the material. A licensor may make special requests, + such as asking that all changes be marked or described. + Although not required by our licenses, you are encouraged to + respect those requests where reasonable. More considerations + for the public: + wiki.creativecommons.org/Considerations_for_licensees + +======================================================================= + +Creative Commons Attribution 4.0 International Public License + +By exercising the Licensed Rights (defined below), You accept and agree +to be bound by the terms and conditions of this Creative Commons +Attribution 4.0 International Public License ("Public License"). To the +extent this Public License may be interpreted as a contract, You are +granted the Licensed Rights in consideration of Your acceptance of +these terms and conditions, and the Licensor grants You such rights in +consideration of benefits the Licensor receives from making the +Licensed Material available under these terms and conditions. + + +Section 1 -- Definitions. + + a. Adapted Material means material subject to Copyright and Similar + Rights that is derived from or based upon the Licensed Material + and in which the Licensed Material is translated, altered, + arranged, transformed, or otherwise modified in a manner requiring + permission under the Copyright and Similar Rights held by the + Licensor. For purposes of this Public License, where the Licensed + Material is a musical work, performance, or sound recording, + Adapted Material is always produced where the Licensed Material is + synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright + and Similar Rights in Your contributions to Adapted Material in + accordance with the terms and conditions of this Public License. + + c. Copyright and Similar Rights means copyright and/or similar rights + closely related to copyright including, without limitation, + performance, broadcast, sound recording, and Sui Generis Database + Rights, without regard to how the rights are labeled or + categorized. For purposes of this Public License, the rights + specified in Section 2(b)(1)-(2) are not Copyright and Similar + Rights. + + d. Effective Technological Measures means those measures that, in the + absence of proper authority, may not be circumvented under laws + fulfilling obligations under Article 11 of the WIPO Copyright + Treaty adopted on December 20, 1996, and/or similar international + agreements. + + e. Exceptions and Limitations means fair use, fair dealing, and/or + any other exception or limitation to Copyright and Similar Rights + that applies to Your use of the Licensed Material. + + f. Licensed Material means the artistic or literary work, database, + or other material to which the Licensor applied this Public + License. + + g. Licensed Rights means the rights granted to You subject to the + terms and conditions of this Public License, which are limited to + all Copyright and Similar Rights that apply to Your use of the + Licensed Material and that the Licensor has authority to license. + + h. Licensor means the individual(s) or entity(ies) granting rights + under this Public License. + + i. Share means to provide material to the public by any means or + process that requires permission under the Licensed Rights, such + as reproduction, public display, public performance, distribution, + dissemination, communication, or importation, and to make material + available to the public including in ways that members of the + public may access the material from a place and at a time + individually chosen by them. + + j. Sui Generis Database Rights means rights other than copyright + resulting from Directive 96/9/EC of the European Parliament and of + the Council of 11 March 1996 on the legal protection of databases, + as amended and/or succeeded, as well as other essentially + equivalent rights anywhere in the world. + + k. You means the individual or entity exercising the Licensed Rights + under this Public License. Your has a corresponding meaning. + + +Section 2 -- Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, + the Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to + exercise the Licensed Rights in the Licensed Material to: + + a. reproduce and Share the Licensed Material, in whole or + in part; and + + b. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public + License does not apply, and You do not need to comply with + its terms and conditions. + + 3. Term. The term of this Public License is specified in Section + 6(a). + + 4. Media and formats; technical modifications allowed. The + Licensor authorizes You to exercise the Licensed Rights in + all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The + Licensor waives and/or agrees not to assert any right or + authority to forbid You from making technical modifications + necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective + Technological Measures. For purposes of this Public License, + simply making modifications authorized by this Section 2(a) + (4) never produces Adapted Material. + + 5. Downstream recipients. + + a. Offer from the Licensor -- Licensed Material. Every + recipient of the Licensed Material automatically + receives an offer from the Licensor to exercise the + Licensed Rights under the terms and conditions of this + Public License. + + b. No downstream restrictions. You may not offer or impose + any additional or different terms or conditions on, or + apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the + Licensed Rights by any recipient of the Licensed + Material. + + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You + are, or that Your use of the Licensed Material is, connected + with, or sponsored, endorsed, or granted official status by, + the Licensor or others designated to receive attribution as + provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not + licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to + the extent possible, the Licensor waives and/or agrees not to + assert any such rights held by the Licensor to the limited + extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this + Public License. + + 3. To the extent possible, the Licensor waives any right to + collect royalties from You for the exercise of the Licensed + Rights, whether directly or through a collecting society + under any voluntary or waivable statutory or compulsory + licensing scheme. In all other cases the Licensor expressly + reserves any right to collect such royalties. + + +Section 3 -- License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the +following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified + form), You must: + + a. retain the following if it is supplied by the Licensor + with the Licensed Material: + + i. identification of the creator(s) of the Licensed + Material and any others designated to receive + attribution, in any reasonable manner requested by + the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of + warranties; + + v. a URI or hyperlink to the Licensed Material to the + extent reasonably practicable; + + b. indicate if You modified the Licensed Material and + retain an indication of any previous modifications; and + + c. indicate the Licensed Material is licensed under this + Public License, and include the text of, or the URI or + hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any + reasonable manner based on the medium, means, and context in + which You Share the Licensed Material. For example, it may be + reasonable to satisfy the conditions by providing a URI or + hyperlink to a resource that includes the required + information. + + 3. If requested by the Licensor, You must remove any of the + information required by Section 3(a)(1)(A) to the extent + reasonably practicable. + + 4. If You Share Adapted Material You produce, the Adapter's + License You apply must not prevent recipients of the Adapted + Material from complying with this Public License. + + +Section 4 -- Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that +apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right + to extract, reuse, reproduce, and Share all or a substantial + portion of the contents of the database; + + b. if You include all or a substantial portion of the database + contents in a database in which You have Sui Generis Database + Rights, then the database in which You have Sui Generis Database + Rights (but not its individual contents) is Adapted Material; and + + c. You must comply with the conditions in Section 3(a) if You Share + all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not +replace Your obligations under this Public License where the Licensed +Rights include other Copyright and Similar Rights. + + +Section 5 -- Disclaimer of Warranties and Limitation of Liability. + + a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + + b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + + c. The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + + +Section 6 -- Term and Termination. + + a. This Public License applies for the term of the Copyright and + Similar Rights licensed here. However, if You fail to comply with + this Public License, then Your rights under this Public License + terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided + it is cured within 30 days of Your discovery of the + violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any + right the Licensor may have to seek remedies for Your violations + of this Public License. + + c. For the avoidance of doubt, the Licensor may also offer the + Licensed Material under separate terms or conditions or stop + distributing the Licensed Material at any time; however, doing so + will not terminate this Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public + License. + + +Section 7 -- Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different + terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the + Licensed Material not stated herein are separate from and + independent of the terms and conditions of this Public License. + + +Section 8 -- Interpretation. + + a. For the avoidance of doubt, this Public License does not, and + shall not be interpreted to, reduce, limit, restrict, or impose + conditions on any use of the Licensed Material that could lawfully + be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is + deemed unenforceable, it shall be automatically reformed to the + minimum extent necessary to make it enforceable. If the provision + cannot be reformed, it shall be severed from this Public License + without affecting the enforceability of the remaining terms and + conditions. + + c. No term or condition of this Public License will be waived and no + failure to comply consented to unless expressly agreed to by the + Licensor. + + d. Nothing in this Public License constitutes or may be interpreted + as a limitation upon, or waiver of, any privileges and immunities + that apply to the Licensor or You, including from the legal + processes of any jurisdiction or authority. + + +======================================================================= + +Creative Commons is not a party to its public +licenses. Notwithstanding, Creative Commons may elect to apply one of +its public licenses to material it publishes and in those instances +will be considered the “Licensor.” The text of the Creative Commons +public licenses is dedicated to the public domain under the CC0 Public +Domain Dedication. Except for the limited purpose of indicating that +material is shared under a Creative Commons public license or as +otherwise permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the +use of the trademark "Creative Commons" or any other trademark or logo +of Creative Commons without its prior written consent including, +without limitation, in connection with any unauthorized modifications +to any of its public licenses or any other arrangements, +understandings, or agreements concerning use of licensed material. For +the avoidance of doubt, this paragraph does not form part of the +public licenses. + +Creative Commons may be contacted at creativecommons.org. From 759f8bc3ae49580319a4ecb12770e8581826c6d9 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov <ivantashkinov@gmail.com> Date: Sun, 6 Sep 2020 15:30:11 +0300 Subject: [PATCH 092/264] [#2497] Fixed MediaProxyWarmingPolicyTest. --- test/web/activity_pub/mrf/mediaproxy_warming_policy_test.exs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/web/activity_pub/mrf/mediaproxy_warming_policy_test.exs b/test/web/activity_pub/mrf/mediaproxy_warming_policy_test.exs index 313d59a66..1710c4d2a 100644 --- a/test/web/activity_pub/mrf/mediaproxy_warming_policy_test.exs +++ b/test/web/activity_pub/mrf/mediaproxy_warming_policy_test.exs @@ -22,6 +22,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicyTest do } } + setup do: clear_config([:media_proxy, :enabled], true) + test "it prefetches media proxy URIs" do with_mock HTTP, get: fn _, _, _ -> {:ok, []} end do MediaProxyWarmingPolicy.filter(@message) From 5ae56aafb2edc737f7e9fb36e00377815f028ce6 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov <parallel588@gmail.com> Date: Sun, 6 Sep 2020 21:42:51 +0300 Subject: [PATCH 093/264] added import mutes --- docs/API/pleroma_api.md | 17 ++ lib/pleroma/user.ex | 51 ----- lib/pleroma/user/import.ex | 91 ++++++++ .../controllers/user_import_controller.ex | 57 +++++ lib/pleroma/web/router.ex | 7 +- .../controllers/util_controller.ex | 35 --- lib/pleroma/workers/background_worker.ex | 11 +- test/user/import_test.exs | 78 +++++++ test/user_test.exs | 34 --- .../user_import_controller_test.exs | 205 ++++++++++++++++++ test/web/twitter_api/util_controller_test.exs | 164 -------------- 11 files changed, 461 insertions(+), 289 deletions(-) create mode 100644 lib/pleroma/user/import.ex create mode 100644 lib/pleroma/web/pleroma_api/controllers/user_import_controller.ex create mode 100644 test/user/import_test.exs create mode 100644 test/web/pleroma_api/controllers/user_import_controller_test.exs diff --git a/docs/API/pleroma_api.md b/docs/API/pleroma_api.md index 4e97d26c0..22f3ad7d6 100644 --- a/docs/API/pleroma_api.md +++ b/docs/API/pleroma_api.md @@ -44,6 +44,23 @@ Request parameters can be passed via [query strings](https://en.wikipedia.org/wi * Response: HTTP 200 on success, 500 on error * Note: Users that can't be followed are silently skipped. +## `/api/pleroma/blocks_import` +### Imports your blocks. +* Method: `POST` +* Authentication: required +* Params: + * `list`: STRING or FILE containing a whitespace-separated list of accounts to follow +* Response: HTTP 200 on success, 500 on error + +## `/api/pleroma/mutes_import` +### Imports your mutes. +* Method: `POST` +* Authentication: required +* Params: + * `list`: STRING or FILE containing a whitespace-separated list of accounts to follow +* Response: HTTP 200 on success, 500 on error + + ## `/api/pleroma/captcha` ### Get a new captcha * Method: `GET` diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 94c96de8d..be2ef0d1b 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1686,42 +1686,6 @@ def perform(:delete, %User{} = user) do def perform(:deactivate_async, user, status), do: deactivate(user, status) - @spec perform(atom(), User.t(), list()) :: list() | {:error, any()} - def perform(:blocks_import, %User{} = blocker, blocked_identifiers) - when is_list(blocked_identifiers) do - Enum.map( - blocked_identifiers, - fn blocked_identifier -> - with {:ok, %User{} = blocked} <- get_or_fetch(blocked_identifier), - {:ok, _block} <- CommonAPI.block(blocker, blocked) do - blocked - else - err -> - Logger.debug("blocks_import failed for #{blocked_identifier} with: #{inspect(err)}") - err - end - end - ) - end - - def perform(:follow_import, %User{} = follower, followed_identifiers) - when is_list(followed_identifiers) do - Enum.map( - followed_identifiers, - fn followed_identifier -> - with {:ok, %User{} = followed} <- get_or_fetch(followed_identifier), - {:ok, follower} <- maybe_direct_follow(follower, followed), - {:ok, _, _, _} <- CommonAPI.follow(follower, followed) do - followed - else - err -> - Logger.debug("follow_import failed for #{followed_identifier} with: #{inspect(err)}") - err - end - end - ) - end - @spec external_users_query() :: Ecto.Query.t() def external_users_query do User.Query.build(%{ @@ -1750,21 +1714,6 @@ def external_users(opts \\ []) do Repo.all(query) end - def blocks_import(%User{} = blocker, blocked_identifiers) when is_list(blocked_identifiers) do - BackgroundWorker.enqueue("blocks_import", %{ - "blocker_id" => blocker.id, - "blocked_identifiers" => blocked_identifiers - }) - end - - def follow_import(%User{} = follower, followed_identifiers) - when is_list(followed_identifiers) do - BackgroundWorker.enqueue("follow_import", %{ - "follower_id" => follower.id, - "followed_identifiers" => followed_identifiers - }) - end - def delete_notifications_from_user_activities(%User{ap_id: ap_id}) do Notification |> join(:inner, [n], activity in assoc(n, :activity)) diff --git a/lib/pleroma/user/import.ex b/lib/pleroma/user/import.ex new file mode 100644 index 000000000..de27bdc4c --- /dev/null +++ b/lib/pleroma/user/import.ex @@ -0,0 +1,91 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.User.Import do + use Ecto.Schema + + alias Pleroma.User + alias Pleroma.Web.CommonAPI + alias Pleroma.Workers.BackgroundWorker + + require Logger + + @spec perform(atom(), User.t(), list()) :: :ok | list() | {:error, any()} + def perform(:mutes_import, %User{} = user, [_ | _] = identifiers) do + Enum.map( + identifiers, + fn identifier -> + with {:ok, %User{} = muted_user} <- User.get_or_fetch(identifier), + {:ok, _} <- User.mute(user, muted_user) do + muted_user + else + error -> handle_error(:mutes_import, identifier, error) + end + end + ) + end + + def perform(:blocks_import, %User{} = blocker, [_ | _] = identifiers) do + Enum.map( + identifiers, + fn identifier -> + with {:ok, %User{} = blocked} <- User.get_or_fetch(identifier), + {:ok, _block} <- CommonAPI.block(blocker, blocked) do + blocked + else + error -> handle_error(:blocks_import, identifier, error) + end + end + ) + end + + def perform(:follow_import, %User{} = follower, [_ | _] = identifiers) do + Enum.map( + identifiers, + fn identifier -> + with {:ok, %User{} = followed} <- User.get_or_fetch(identifier), + {:ok, follower} <- User.maybe_direct_follow(follower, followed), + {:ok, _, _, _} <- CommonAPI.follow(follower, followed) do + followed + else + error -> handle_error(:follow_import, identifier, error) + end + end + ) + end + + def perform(_, _, _), do: :ok + + defp handle_error(op, user_id, error) do + Logger.debug("#{op} failed for #{user_id} with: #{inspect(error)}") + error + end + + def blocks_import(%User{} = blocker, [_ | _] = identifiers) do + BackgroundWorker.enqueue( + "blocks_import", + %{ + "blocker_id" => blocker.id, + "blocked_identifiers" => identifiers + } + ) + end + + def follow_import(%User{} = follower, [_ | _] = identifiers) do + BackgroundWorker.enqueue( + "follow_import", + %{ + "follower_id" => follower.id, + "followed_identifiers" => identifiers + } + ) + end + + def mutes_import(%User{} = user, [_ | _] = identifiers) do + BackgroundWorker.enqueue( + "mutes_import", + %{"user_id" => user.id, "identifiers" => identifiers} + ) + end +end diff --git a/lib/pleroma/web/pleroma_api/controllers/user_import_controller.ex b/lib/pleroma/web/pleroma_api/controllers/user_import_controller.ex new file mode 100644 index 000000000..df6a0f131 --- /dev/null +++ b/lib/pleroma/web/pleroma_api/controllers/user_import_controller.ex @@ -0,0 +1,57 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.PleromaAPI.UserImportController do + use Pleroma.Web, :controller + + require Logger + + alias Pleroma.Plugs.OAuthScopesPlug + alias Pleroma.User + + plug(OAuthScopesPlug, %{scopes: ["follow", "write:follows"]} when action == :follow) + plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks) + plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action == :mutes) + + def follow(conn, %{"list" => %Plug.Upload{path: path}}) do + follow(conn, %{"list" => File.read!(path)}) + end + + def follow(%{assigns: %{user: follower}} = conn, %{"list" => list}) do + identifiers = + list + |> String.split("\n") + |> Enum.map(&(&1 |> String.split(",") |> List.first())) + |> List.delete("Account address") + |> Enum.map(&(&1 |> String.trim() |> String.trim_leading("@"))) + |> Enum.reject(&(&1 == "")) + + User.Import.follow_import(follower, identifiers) + json(conn, "job started") + end + + def blocks(conn, %{"list" => %Plug.Upload{path: path}}) do + blocks(conn, %{"list" => File.read!(path)}) + end + + def blocks(%{assigns: %{user: blocker}} = conn, %{"list" => list}) do + User.Import.blocks_import(blocker, prepare_user_identifiers(list)) + json(conn, "job started") + end + + def mutes(conn, %{"list" => %Plug.Upload{path: path}}) do + mutes(conn, %{"list" => File.read!(path)}) + end + + def mutes(%{assigns: %{user: user}} = conn, %{"list" => list}) do + User.Import.mutes_import(user, prepare_user_identifiers(list)) + json(conn, "job started") + end + + defp prepare_user_identifiers(list) do + list + |> String.split() + |> Enum.map(&String.trim_leading(&1, "@")) + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index c6433cc53..f69b1545f 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -260,14 +260,15 @@ defmodule Pleroma.Web.Router do post("/delete_account", UtilController, :delete_account) put("/notification_settings", UtilController, :update_notificaton_settings) post("/disable_account", UtilController, :disable_account) - - post("/blocks_import", UtilController, :blocks_import) - post("/follow_import", UtilController, :follow_import) end scope "/api/pleroma", Pleroma.Web.PleromaAPI do pipe_through(:authenticated_api) + post("/mutes_import", UserImportController, :mutes) + post("/blocks_import", UserImportController, :blocks) + post("/follow_import", UserImportController, :follow) + get("/accounts/mfa", TwoFactorAuthenticationController, :settings) get("/accounts/mfa/backup_codes", TwoFactorAuthenticationController, :backup_codes) get("/accounts/mfa/setup/:method", TwoFactorAuthenticationController, :setup) diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index f02c4075c..70b0fbd54 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -18,14 +18,6 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do plug(Pleroma.Web.FederatingPlug when action == :remote_subscribe) - plug( - OAuthScopesPlug, - %{scopes: ["follow", "write:follows"]} - when action == :follow_import - ) - - plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks_import) - plug( OAuthScopesPlug, %{scopes: ["write:accounts"]} @@ -104,33 +96,6 @@ def update_notificaton_settings(%{assigns: %{user: user}} = conn, params) do end end - def follow_import(conn, %{"list" => %Plug.Upload{} = listfile}) do - follow_import(conn, %{"list" => File.read!(listfile.path)}) - end - - def follow_import(%{assigns: %{user: follower}} = conn, %{"list" => list}) do - followed_identifiers = - list - |> String.split("\n") - |> Enum.map(&(&1 |> String.split(",") |> List.first())) - |> List.delete("Account address") - |> Enum.map(&(&1 |> String.trim() |> String.trim_leading("@"))) - |> Enum.reject(&(&1 == "")) - - User.follow_import(follower, followed_identifiers) - json(conn, "job started") - end - - def blocks_import(conn, %{"list" => %Plug.Upload{} = listfile}) do - blocks_import(conn, %{"list" => File.read!(listfile.path)}) - end - - def blocks_import(%{assigns: %{user: blocker}} = conn, %{"list" => list}) do - blocked_identifiers = list |> String.split() |> Enum.map(&String.trim_leading(&1, "@")) - User.blocks_import(blocker, blocked_identifiers) - json(conn, "job started") - end - def change_password(%{assigns: %{user: user}} = conn, params) do case CommonAPI.Utils.confirm_current_password(user, params["password"]) do {:ok, user} -> diff --git a/lib/pleroma/workers/background_worker.ex b/lib/pleroma/workers/background_worker.ex index cec5a7462..f9c767ee0 100644 --- a/lib/pleroma/workers/background_worker.ex +++ b/lib/pleroma/workers/background_worker.ex @@ -34,7 +34,7 @@ def perform(%Job{ } }) do blocker = User.get_cached_by_id(blocker_id) - {:ok, User.perform(:blocks_import, blocker, blocked_identifiers)} + {:ok, User.Import.perform(:blocks_import, blocker, blocked_identifiers)} end def perform(%Job{ @@ -45,7 +45,14 @@ def perform(%Job{ } }) do follower = User.get_cached_by_id(follower_id) - {:ok, User.perform(:follow_import, follower, followed_identifiers)} + {:ok, User.Import.perform(:follow_import, follower, followed_identifiers)} + end + + def perform(%Job{ + args: %{"op" => "mutes_import", "user_id" => user_id, "identifiers" => identifiers} + }) do + user = User.get_cached_by_id(user_id) + {:ok, User.Import.perform(:mutes_import, user, identifiers)} end def perform(%Job{args: %{"op" => "media_proxy_preload", "message" => message}}) do diff --git a/test/user/import_test.exs b/test/user/import_test.exs new file mode 100644 index 000000000..476b22678 --- /dev/null +++ b/test/user/import_test.exs @@ -0,0 +1,78 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.User.ImportTest do + + alias Pleroma.Repo + alias Pleroma.Tests.ObanHelpers + alias Pleroma.User + + use Pleroma.DataCase + use Oban.Testing, repo: Pleroma.Repo + + import Pleroma.Factory + + setup_all do + Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end) + :ok + end + + describe "follow_import" do + test "it imports user followings from list" do + [user1, user2, user3] = insert_list(3, :user) + + identifiers = [ + user2.ap_id, + user3.nickname + ] + + {:ok, job} = User.Import.follow_import(user1, identifiers) + + assert {:ok, result} = ObanHelpers.perform(job) + assert is_list(result) + assert result == [user2, user3] + assert User.following?(user1, user2) + assert User.following?(user1, user3) + end + end + + + describe "blocks_import" do + test "it imports user blocks from list" do + [user1, user2, user3] = insert_list(3, :user) + + identifiers = [ + user2.ap_id, + user3.nickname + ] + + {:ok, job} = User.Import.blocks_import(user1, identifiers) + + assert {:ok, result} = ObanHelpers.perform(job) + assert is_list(result) + assert result == [user2, user3] + assert User.blocks?(user1, user2) + assert User.blocks?(user1, user3) + end + end + + describe "mutes_import" do + test "it imports user mutes from list" do + [user1, user2, user3] = insert_list(3, :user) + + identifiers = [ + user2.ap_id, + user3.nickname + ] + + {:ok, job} = User.Import.mutes_import(user1, identifiers) + + assert {:ok, result} = ObanHelpers.perform(job) + assert is_list(result) + assert result == [user2, user3] + assert User.mutes?(user1, user2) + assert User.mutes?(user1, user3) + end + end +end diff --git a/test/user_test.exs b/test/user_test.exs index 50f72549e..13ac633b8 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -932,23 +932,6 @@ test "it sets the follower_count property" do end end - describe "follow_import" do - test "it imports user followings from list" do - [user1, user2, user3] = insert_list(3, :user) - - identifiers = [ - user2.ap_id, - user3.nickname - ] - - {:ok, job} = User.follow_import(user1, identifiers) - - assert {:ok, result} = ObanHelpers.perform(job) - assert is_list(result) - assert result == [user2, user3] - end - end - describe "mutes" do test "it mutes people" do user = insert(:user) @@ -1155,23 +1138,6 @@ test "follows take precedence over domain blocks" do end end - describe "blocks_import" do - test "it imports user blocks from list" do - [user1, user2, user3] = insert_list(3, :user) - - identifiers = [ - user2.ap_id, - user3.nickname - ] - - {:ok, job} = User.blocks_import(user1, identifiers) - - assert {:ok, result} = ObanHelpers.perform(job) - assert is_list(result) - assert result == [user2, user3] - end - end - describe "get_recipients_from_activity" do test "works for announces" do actor = insert(:user) diff --git a/test/web/pleroma_api/controllers/user_import_controller_test.exs b/test/web/pleroma_api/controllers/user_import_controller_test.exs new file mode 100644 index 000000000..d1a8a46fc --- /dev/null +++ b/test/web/pleroma_api/controllers/user_import_controller_test.exs @@ -0,0 +1,205 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.PleromaAPI.UserImportControllerTest do + use Pleroma.Web.ConnCase + use Oban.Testing, repo: Pleroma.Repo + + alias Pleroma.Config + alias Pleroma.Tests.ObanHelpers + + import Pleroma.Factory + import Mock + + setup do + Tesla.Mock.mock(fn env -> apply(HttpRequestMock, :request, [env]) end) + :ok + end + + describe "POST /api/pleroma/follow_import" do + setup do: oauth_access(["follow"]) + + test "it returns HTTP 200", %{conn: conn} do + user2 = insert(:user) + + assert "job started" == conn + |> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"}) + |> json_response(:ok) + end + + test "it imports follow lists from file", %{conn: conn} do + user2 = insert(:user) + + with_mocks([ + {File, [], + read!: fn "follow_list.txt" -> + "Account address,Show boosts\n#{user2.ap_id},true" + end} + ]) do + assert "job started" == conn + |> post("/api/pleroma/follow_import", %{"list" => %Plug.Upload{path: "follow_list.txt"}}) + |> json_response(:ok) + + assert [{:ok, job_result}] = ObanHelpers.perform_all() + assert job_result == [user2] + end + end + + test "it imports new-style mastodon follow lists", %{conn: conn} do + user2 = insert(:user) + + response = conn + |> post("/api/pleroma/follow_import", %{ + "list" => "Account address,Show boosts\n#{user2.ap_id},true"} + ) + |> json_response(:ok) + + assert response == "job started" + end + + test "requires 'follow' or 'write:follows' permissions" do + token1 = insert(:oauth_token, scopes: ["read", "write"]) + token2 = insert(:oauth_token, scopes: ["follow"]) + token3 = insert(:oauth_token, scopes: ["something"]) + another_user = insert(:user) + + for token <- [token1, token2, token3] do + conn = + build_conn() + |> put_req_header("authorization", "Bearer #{token.token}") + |> post("/api/pleroma/follow_import", %{"list" => "#{another_user.ap_id}"}) + + if token == token3 do + assert %{"error" => "Insufficient permissions: follow | write:follows."} == + json_response(conn, 403) + else + assert json_response(conn, 200) + end + end + end + + test "it imports follows with different nickname variations", %{conn: conn} do + users = [user2, user3, user4, user5, user6] = insert_list(5, :user) + + identifiers = + [ + user2.ap_id, + user3.nickname, + " ", + "@" <> user4.nickname, + user5.nickname <> "@localhost", + "@" <> user6.nickname <> "@localhost" + ] + |> Enum.join("\n") + + assert "job started" == conn + |> post("/api/pleroma/follow_import", %{"list" => identifiers}) + |> json_response(:ok) + + assert [{:ok, job_result}] = ObanHelpers.perform_all() + assert job_result == users + end + end + + describe "POST /api/pleroma/blocks_import" do + # Note: "follow" or "write:blocks" permission is required + setup do: oauth_access(["write:blocks"]) + + test "it returns HTTP 200", %{conn: conn} do + user2 = insert(:user) + + assert "job started" == conn + |> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"}) + |> json_response(:ok) + end + + test "it imports blocks users from file", %{conn: conn} do + users = [user2, user3] = insert_list(2, :user) + + with_mocks([ + {File, [], read!: fn "blocks_list.txt" -> "#{user2.ap_id} #{user3.ap_id}" end} + ]) do + + assert "job started" == conn + |> post("/api/pleroma/blocks_import", %{"list" => %Plug.Upload{path: "blocks_list.txt"}}) + |> json_response(:ok) + + assert [{:ok, job_result}] = ObanHelpers.perform_all() + assert job_result == users + end + end + + test "it imports blocks with different nickname variations", %{conn: conn} do + users = [user2, user3, user4, user5, user6] = insert_list(5, :user) + + identifiers = + [ + user2.ap_id, + user3.nickname, + "@" <> user4.nickname, + user5.nickname <> "@localhost", + "@" <> user6.nickname <> "@localhost" + ] + |> Enum.join(" ") + + assert "job started" == conn + |> post("/api/pleroma/blocks_import", %{"list" => identifiers}) + |> json_response(:ok) + + assert [{:ok, job_result}] = ObanHelpers.perform_all() + assert job_result == users + end + end + + describe "POST /api/pleroma/mutes_import" do + # Note: "follow" or "write:mutes" permission is required + setup do: oauth_access(["write:mutes"]) + + test "it returns HTTP 200", %{user: user, conn: conn} do + user2 = insert(:user) + + assert "job started" == conn + |> post("/api/pleroma/mutes_import", %{"list" => "#{user2.ap_id}"}) + |> json_response(:ok) + + assert [{:ok, job_result}] = ObanHelpers.perform_all() + assert job_result == [user2] + assert Pleroma.User.mutes?(user, user2) + end + + + test "it imports mutes users from file", %{user: user, conn: conn} do + users = [user2, user3] = insert_list(2, :user) + + with_mocks([ + {File, [], read!: fn "mutes_list.txt" -> "#{user2.ap_id} #{user3.ap_id}" end} + ]) do + assert "job started" == conn + |> post("/api/pleroma/mutes_import", %{"list" => %Plug.Upload{path: "mutes_list.txt"}}) + |> json_response(:ok) + + assert [{:ok, job_result}] = ObanHelpers.perform_all() + assert job_result == users + assert Enum.all?(users, &Pleroma.User.mutes?(user, &1)) + end + end + + test "it imports mutes with different nickname variations", %{user: user, conn: conn} do + users = [user2, user3, user4, user5, user6] = insert_list(5, :user) + + identifiers = [ + user2.ap_id, user3.nickname, "@" <> user4.nickname, + user5.nickname <> "@localhost", "@" <> user6.nickname <> "@localhost" + ] + |> Enum.join(" ") + + assert "job started" == conn + |> post("/api/pleroma/mutes_import", %{"list" => identifiers}) + |> json_response(:ok) + assert [{:ok, job_result}] = ObanHelpers.perform_all() + assert job_result == users + assert Enum.all?(users, &Pleroma.User.mutes?(user, &1)) + end + end +end diff --git a/test/web/twitter_api/util_controller_test.exs b/test/web/twitter_api/util_controller_test.exs index d164127ee..60f2fb052 100644 --- a/test/web/twitter_api/util_controller_test.exs +++ b/test/web/twitter_api/util_controller_test.exs @@ -21,170 +21,6 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do setup do: clear_config([:instance]) setup do: clear_config([:frontend_configurations, :pleroma_fe]) - describe "POST /api/pleroma/follow_import" do - setup do: oauth_access(["follow"]) - - test "it returns HTTP 200", %{conn: conn} do - user2 = insert(:user) - - response = - conn - |> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"}) - |> json_response(:ok) - - assert response == "job started" - end - - test "it imports follow lists from file", %{user: user1, conn: conn} do - user2 = insert(:user) - - with_mocks([ - {File, [], - read!: fn "follow_list.txt" -> - "Account address,Show boosts\n#{user2.ap_id},true" - end} - ]) do - response = - conn - |> post("/api/pleroma/follow_import", %{"list" => %Plug.Upload{path: "follow_list.txt"}}) - |> json_response(:ok) - - assert response == "job started" - - assert ObanHelpers.member?( - %{ - "op" => "follow_import", - "follower_id" => user1.id, - "followed_identifiers" => [user2.ap_id] - }, - all_enqueued(worker: Pleroma.Workers.BackgroundWorker) - ) - end - end - - test "it imports new-style mastodon follow lists", %{conn: conn} do - user2 = insert(:user) - - response = - conn - |> post("/api/pleroma/follow_import", %{ - "list" => "Account address,Show boosts\n#{user2.ap_id},true" - }) - |> json_response(:ok) - - assert response == "job started" - end - - test "requires 'follow' or 'write:follows' permissions" do - token1 = insert(:oauth_token, scopes: ["read", "write"]) - token2 = insert(:oauth_token, scopes: ["follow"]) - token3 = insert(:oauth_token, scopes: ["something"]) - another_user = insert(:user) - - for token <- [token1, token2, token3] do - conn = - build_conn() - |> put_req_header("authorization", "Bearer #{token.token}") - |> post("/api/pleroma/follow_import", %{"list" => "#{another_user.ap_id}"}) - - if token == token3 do - assert %{"error" => "Insufficient permissions: follow | write:follows."} == - json_response(conn, 403) - else - assert json_response(conn, 200) - end - end - end - - test "it imports follows with different nickname variations", %{conn: conn} do - [user2, user3, user4, user5, user6] = insert_list(5, :user) - - identifiers = - [ - user2.ap_id, - user3.nickname, - " ", - "@" <> user4.nickname, - user5.nickname <> "@localhost", - "@" <> user6.nickname <> "@localhost" - ] - |> Enum.join("\n") - - response = - conn - |> post("/api/pleroma/follow_import", %{"list" => identifiers}) - |> json_response(:ok) - - assert response == "job started" - assert [{:ok, job_result}] = ObanHelpers.perform_all() - assert job_result == [user2, user3, user4, user5, user6] - end - end - - describe "POST /api/pleroma/blocks_import" do - # Note: "follow" or "write:blocks" permission is required - setup do: oauth_access(["write:blocks"]) - - test "it returns HTTP 200", %{conn: conn} do - user2 = insert(:user) - - response = - conn - |> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"}) - |> json_response(:ok) - - assert response == "job started" - end - - test "it imports blocks users from file", %{user: user1, conn: conn} do - user2 = insert(:user) - user3 = insert(:user) - - with_mocks([ - {File, [], read!: fn "blocks_list.txt" -> "#{user2.ap_id} #{user3.ap_id}" end} - ]) do - response = - conn - |> post("/api/pleroma/blocks_import", %{"list" => %Plug.Upload{path: "blocks_list.txt"}}) - |> json_response(:ok) - - assert response == "job started" - - assert ObanHelpers.member?( - %{ - "op" => "blocks_import", - "blocker_id" => user1.id, - "blocked_identifiers" => [user2.ap_id, user3.ap_id] - }, - all_enqueued(worker: Pleroma.Workers.BackgroundWorker) - ) - end - end - - test "it imports blocks with different nickname variations", %{conn: conn} do - [user2, user3, user4, user5, user6] = insert_list(5, :user) - - identifiers = - [ - user2.ap_id, - user3.nickname, - "@" <> user4.nickname, - user5.nickname <> "@localhost", - "@" <> user6.nickname <> "@localhost" - ] - |> Enum.join(" ") - - response = - conn - |> post("/api/pleroma/blocks_import", %{"list" => identifiers}) - |> json_response(:ok) - - assert response == "job started" - assert [{:ok, job_result}] = ObanHelpers.perform_all() - assert job_result == [user2, user3, user4, user5, user6] - end - end - describe "PUT /api/pleroma/notification_settings" do setup do: oauth_access(["write:accounts"]) From 917d325972e3aeb367583c61aaa109d62fcba837 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov <parallel588@gmail.com> Date: Mon, 7 Sep 2020 07:17:30 +0300 Subject: [PATCH 094/264] added api spec --- docs/API/pleroma_api.md | 4 +- .../operations/user_import_operation.ex | 80 +++++++++++++ .../controllers/user_import_controller.ex | 22 ++-- test/user/import_test.exs | 2 - .../user_import_controller_test.exs | 108 +++++++++++------- 5 files changed, 164 insertions(+), 52 deletions(-) create mode 100644 lib/pleroma/web/api_spec/operations/user_import_operation.ex diff --git a/docs/API/pleroma_api.md b/docs/API/pleroma_api.md index 22f3ad7d6..567ad5732 100644 --- a/docs/API/pleroma_api.md +++ b/docs/API/pleroma_api.md @@ -49,7 +49,7 @@ Request parameters can be passed via [query strings](https://en.wikipedia.org/wi * Method: `POST` * Authentication: required * Params: - * `list`: STRING or FILE containing a whitespace-separated list of accounts to follow + * `list`: STRING or FILE containing a whitespace-separated list of accounts to block * Response: HTTP 200 on success, 500 on error ## `/api/pleroma/mutes_import` @@ -57,7 +57,7 @@ Request parameters can be passed via [query strings](https://en.wikipedia.org/wi * Method: `POST` * Authentication: required * Params: - * `list`: STRING or FILE containing a whitespace-separated list of accounts to follow + * `list`: STRING or FILE containing a whitespace-separated list of accounts to mute * Response: HTTP 200 on success, 500 on error diff --git a/lib/pleroma/web/api_spec/operations/user_import_operation.ex b/lib/pleroma/web/api_spec/operations/user_import_operation.ex new file mode 100644 index 000000000..a50314fb7 --- /dev/null +++ b/lib/pleroma/web/api_spec/operations/user_import_operation.ex @@ -0,0 +1,80 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ApiSpec.UserImportOperation do + alias OpenApiSpex.Operation + alias OpenApiSpex.Schema + alias Pleroma.Web.ApiSpec.Schemas.ApiError + + import Pleroma.Web.ApiSpec.Helpers + + @spec open_api_operation(atom) :: Operation.t() + def open_api_operation(action) do + operation = String.to_existing_atom("#{action}_operation") + apply(__MODULE__, operation, []) + end + + def follow_operation do + %Operation{ + tags: ["follow_import"], + summary: "Imports your follows.", + operationId: "UserImportController.follow", + requestBody: request_body("Parameters", import_request(), required: true), + responses: %{ + 200 => ok_response(), + 500 => Operation.response("Error", "application/json", ApiError) + }, + security: [%{"oAuth" => ["write:follow"]}] + } + end + + def blocks_operation do + %Operation{ + tags: ["blocks_import"], + summary: "Imports your blocks.", + operationId: "UserImportController.blocks", + requestBody: request_body("Parameters", import_request(), required: true), + responses: %{ + 200 => ok_response(), + 500 => Operation.response("Error", "application/json", ApiError) + }, + security: [%{"oAuth" => ["write:blocks"]}] + } + end + + def mutes_operation do + %Operation{ + tags: ["mutes_import"], + summary: "Imports your mutes.", + operationId: "UserImportController.mutes", + requestBody: request_body("Parameters", import_request(), required: true), + responses: %{ + 200 => ok_response(), + 500 => Operation.response("Error", "application/json", ApiError) + }, + security: [%{"oAuth" => ["write:mutes"]}] + } + end + + defp import_request do + %Schema{ + type: :object, + required: [:list], + properties: %{ + list: %Schema{ + description: + "STRING or FILE containing a whitespace-separated list of accounts to import.", + anyOf: [ + %Schema{type: :string, format: :binary}, + %Schema{type: :string} + ] + } + } + } + end + + defp ok_response do + Operation.response("Ok", "application/json", %Schema{type: :string, example: "ok"}) + end +end diff --git a/lib/pleroma/web/pleroma_api/controllers/user_import_controller.ex b/lib/pleroma/web/pleroma_api/controllers/user_import_controller.ex index df6a0f131..f10c45750 100644 --- a/lib/pleroma/web/pleroma_api/controllers/user_import_controller.ex +++ b/lib/pleroma/web/pleroma_api/controllers/user_import_controller.ex @@ -9,16 +9,20 @@ defmodule Pleroma.Web.PleromaAPI.UserImportController do alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.User + alias Pleroma.Web.ApiSpec plug(OAuthScopesPlug, %{scopes: ["follow", "write:follows"]} when action == :follow) plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks) plug(OAuthScopesPlug, %{scopes: ["follow", "write:mutes"]} when action == :mutes) - def follow(conn, %{"list" => %Plug.Upload{path: path}}) do - follow(conn, %{"list" => File.read!(path)}) + plug(OpenApiSpex.Plug.CastAndValidate) + defdelegate open_api_operation(action), to: ApiSpec.UserImportOperation + + def follow(%{body_params: %{list: %Plug.Upload{path: path}}} = conn, _) do + follow(%Plug.Conn{conn | body_params: %{list: File.read!(path)}}, %{}) end - def follow(%{assigns: %{user: follower}} = conn, %{"list" => list}) do + def follow(%{assigns: %{user: follower}, body_params: %{list: list}} = conn, _) do identifiers = list |> String.split("\n") @@ -31,20 +35,20 @@ def follow(%{assigns: %{user: follower}} = conn, %{"list" => list}) do json(conn, "job started") end - def blocks(conn, %{"list" => %Plug.Upload{path: path}}) do - blocks(conn, %{"list" => File.read!(path)}) + def blocks(%{body_params: %{list: %Plug.Upload{path: path}}} = conn, _) do + blocks(%Plug.Conn{conn | body_params: %{list: File.read!(path)}}, %{}) end - def blocks(%{assigns: %{user: blocker}} = conn, %{"list" => list}) do + def blocks(%{assigns: %{user: blocker}, body_params: %{list: list}} = conn, _) do User.Import.blocks_import(blocker, prepare_user_identifiers(list)) json(conn, "job started") end - def mutes(conn, %{"list" => %Plug.Upload{path: path}}) do - mutes(conn, %{"list" => File.read!(path)}) + def mutes(%{body_params: %{list: %Plug.Upload{path: path}}} = conn, _) do + mutes(%Plug.Conn{conn | body_params: %{list: File.read!(path)}}, %{}) end - def mutes(%{assigns: %{user: user}} = conn, %{"list" => list}) do + def mutes(%{assigns: %{user: user}, body_params: %{list: list}} = conn, _) do User.Import.mutes_import(user, prepare_user_identifiers(list)) json(conn, "job started") end diff --git a/test/user/import_test.exs b/test/user/import_test.exs index 476b22678..e404deeb5 100644 --- a/test/user/import_test.exs +++ b/test/user/import_test.exs @@ -3,7 +3,6 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.User.ImportTest do - alias Pleroma.Repo alias Pleroma.Tests.ObanHelpers alias Pleroma.User @@ -37,7 +36,6 @@ test "it imports user followings from list" do end end - describe "blocks_import" do test "it imports user blocks from list" do [user1, user2, user3] = insert_list(3, :user) diff --git a/test/web/pleroma_api/controllers/user_import_controller_test.exs b/test/web/pleroma_api/controllers/user_import_controller_test.exs index d1a8a46fc..433c97e81 100644 --- a/test/web/pleroma_api/controllers/user_import_controller_test.exs +++ b/test/web/pleroma_api/controllers/user_import_controller_test.exs @@ -23,9 +23,11 @@ defmodule Pleroma.Web.PleromaAPI.UserImportControllerTest do test "it returns HTTP 200", %{conn: conn} do user2 = insert(:user) - assert "job started" == conn - |> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"}) - |> json_response(:ok) + assert "job started" == + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/follow_import", %{"list" => "#{user2.ap_id}"}) + |> json_response_and_validate_schema(200) end test "it imports follow lists from file", %{conn: conn} do @@ -37,9 +39,13 @@ test "it imports follow lists from file", %{conn: conn} do "Account address,Show boosts\n#{user2.ap_id},true" end} ]) do - assert "job started" == conn - |> post("/api/pleroma/follow_import", %{"list" => %Plug.Upload{path: "follow_list.txt"}}) - |> json_response(:ok) + assert "job started" == + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/follow_import", %{ + "list" => %Plug.Upload{path: "follow_list.txt"} + }) + |> json_response_and_validate_schema(200) assert [{:ok, job_result}] = ObanHelpers.perform_all() assert job_result == [user2] @@ -49,11 +55,13 @@ test "it imports follow lists from file", %{conn: conn} do test "it imports new-style mastodon follow lists", %{conn: conn} do user2 = insert(:user) - response = conn - |> post("/api/pleroma/follow_import", %{ - "list" => "Account address,Show boosts\n#{user2.ap_id},true"} - ) - |> json_response(:ok) + response = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/follow_import", %{ + "list" => "Account address,Show boosts\n#{user2.ap_id},true" + }) + |> json_response_and_validate_schema(200) assert response == "job started" end @@ -68,6 +76,7 @@ test "requires 'follow' or 'write:follows' permissions" do conn = build_conn() |> put_req_header("authorization", "Bearer #{token.token}") + |> put_req_header("content-type", "application/json") |> post("/api/pleroma/follow_import", %{"list" => "#{another_user.ap_id}"}) if token == token3 do @@ -93,9 +102,11 @@ test "it imports follows with different nickname variations", %{conn: conn} do ] |> Enum.join("\n") - assert "job started" == conn - |> post("/api/pleroma/follow_import", %{"list" => identifiers}) - |> json_response(:ok) + assert "job started" == + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/follow_import", %{"list" => identifiers}) + |> json_response_and_validate_schema(200) assert [{:ok, job_result}] = ObanHelpers.perform_all() assert job_result == users @@ -109,9 +120,11 @@ test "it imports follows with different nickname variations", %{conn: conn} do test "it returns HTTP 200", %{conn: conn} do user2 = insert(:user) - assert "job started" == conn - |> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"}) - |> json_response(:ok) + assert "job started" == + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/blocks_import", %{"list" => "#{user2.ap_id}"}) + |> json_response_and_validate_schema(200) end test "it imports blocks users from file", %{conn: conn} do @@ -120,10 +133,13 @@ test "it imports blocks users from file", %{conn: conn} do with_mocks([ {File, [], read!: fn "blocks_list.txt" -> "#{user2.ap_id} #{user3.ap_id}" end} ]) do - - assert "job started" == conn - |> post("/api/pleroma/blocks_import", %{"list" => %Plug.Upload{path: "blocks_list.txt"}}) - |> json_response(:ok) + assert "job started" == + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/blocks_import", %{ + "list" => %Plug.Upload{path: "blocks_list.txt"} + }) + |> json_response_and_validate_schema(200) assert [{:ok, job_result}] = ObanHelpers.perform_all() assert job_result == users @@ -143,9 +159,11 @@ test "it imports blocks with different nickname variations", %{conn: conn} do ] |> Enum.join(" ") - assert "job started" == conn - |> post("/api/pleroma/blocks_import", %{"list" => identifiers}) - |> json_response(:ok) + assert "job started" == + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/blocks_import", %{"list" => identifiers}) + |> json_response_and_validate_schema(200) assert [{:ok, job_result}] = ObanHelpers.perform_all() assert job_result == users @@ -159,25 +177,30 @@ test "it imports blocks with different nickname variations", %{conn: conn} do test "it returns HTTP 200", %{user: user, conn: conn} do user2 = insert(:user) - assert "job started" == conn - |> post("/api/pleroma/mutes_import", %{"list" => "#{user2.ap_id}"}) - |> json_response(:ok) + assert "job started" == + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/mutes_import", %{"list" => "#{user2.ap_id}"}) + |> json_response_and_validate_schema(200) assert [{:ok, job_result}] = ObanHelpers.perform_all() assert job_result == [user2] assert Pleroma.User.mutes?(user, user2) end - test "it imports mutes users from file", %{user: user, conn: conn} do users = [user2, user3] = insert_list(2, :user) with_mocks([ {File, [], read!: fn "mutes_list.txt" -> "#{user2.ap_id} #{user3.ap_id}" end} ]) do - assert "job started" == conn - |> post("/api/pleroma/mutes_import", %{"list" => %Plug.Upload{path: "mutes_list.txt"}}) - |> json_response(:ok) + assert "job started" == + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/mutes_import", %{ + "list" => %Plug.Upload{path: "mutes_list.txt"} + }) + |> json_response_and_validate_schema(200) assert [{:ok, job_result}] = ObanHelpers.perform_all() assert job_result == users @@ -188,15 +211,22 @@ test "it imports mutes users from file", %{user: user, conn: conn} do test "it imports mutes with different nickname variations", %{user: user, conn: conn} do users = [user2, user3, user4, user5, user6] = insert_list(5, :user) - identifiers = [ - user2.ap_id, user3.nickname, "@" <> user4.nickname, - user5.nickname <> "@localhost", "@" <> user6.nickname <> "@localhost" - ] - |> Enum.join(" ") + identifiers = + [ + user2.ap_id, + user3.nickname, + "@" <> user4.nickname, + user5.nickname <> "@localhost", + "@" <> user6.nickname <> "@localhost" + ] + |> Enum.join(" ") + + assert "job started" == + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/mutes_import", %{"list" => identifiers}) + |> json_response_and_validate_schema(200) - assert "job started" == conn - |> post("/api/pleroma/mutes_import", %{"list" => identifiers}) - |> json_response(:ok) assert [{:ok, job_result}] = ObanHelpers.perform_all() assert job_result == users assert Enum.all?(users, &Pleroma.User.mutes?(user, &1)) From 08aef7dd4e054c5ed02e359b61fe57daad97fbde Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me> Date: Sat, 5 Sep 2020 06:38:07 +0200 Subject: [PATCH 095/264] instance: Log catch favicon errors as warnings --- lib/pleroma/instances/instance.ex | 16 ++++++++++---- test/web/instances/instance_test.exs | 33 ++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/instances/instance.ex b/lib/pleroma/instances/instance.ex index ef5d17de4..8bf53c090 100644 --- a/lib/pleroma/instances/instance.ex +++ b/lib/pleroma/instances/instance.ex @@ -14,6 +14,8 @@ defmodule Pleroma.Instances.Instance do import Ecto.Query import Ecto.Changeset + require Logger + schema "instances" do field(:host, :string) field(:unreachable_since, :naive_datetime_usec) @@ -146,7 +148,9 @@ def get_or_update_favicon(%URI{host: host} = instance_uri) do favicon end rescue - _ -> nil + e -> + Logger.warn("Instance.get_or_update_favicon(\"#{host}\") error: #{inspect(e)}") + nil end defp scrape_favicon(%URI{} = instance_uri) do @@ -161,14 +165,18 @@ defp scrape_favicon(%URI{} = instance_uri) do |> Floki.attribute("link[rel=icon]", "href") |> List.first(), favicon <- URI.merge(instance_uri, favicon_rel) |> to_string(), - true <- is_binary(favicon), - true <- String.length(favicon) <= 255 do + true <- is_binary(favicon) do favicon else _ -> nil end rescue - _ -> nil + e -> + Logger.warn( + "Instance.scrape_favicon(\"#{to_string(instance_uri)}\") error: #{inspect(e)}" + ) + + nil end end end diff --git a/test/web/instances/instance_test.exs b/test/web/instances/instance_test.exs index e463200ca..dc6ace843 100644 --- a/test/web/instances/instance_test.exs +++ b/test/web/instances/instance_test.exs @@ -8,6 +8,7 @@ defmodule Pleroma.Instances.InstanceTest do use Pleroma.DataCase + import ExUnit.CaptureLog import Pleroma.Factory setup_all do: clear_config([:instance, :federation_reachability_timeout_days], 1) @@ -97,4 +98,36 @@ test "does NOT modify `unreachable_since` value of existing record in case it's assert initial_value == instance.unreachable_since end end + + test "Scrapes favicon URLs" do + Tesla.Mock.mock(fn %{url: "https://favicon.example.org/"} -> + %Tesla.Env{ + status: 200, + body: ~s[<html><head><link rel="icon" href="/favicon.png"></head></html>] + } + end) + + assert "https://favicon.example.org/favicon.png" == + Instance.get_or_update_favicon(URI.parse("https://favicon.example.org/")) + end + + test "Returns nil on too long favicon URLs" do + long_favicon_url = + "https://Lorem.ipsum.dolor.sit.amet/consecteturadipiscingelit/Praesentpharetrapurusutaliquamtempus/Mauriseulaoreetarcu/atfacilisisorci/Nullamporttitor/nequesedfeugiatmollis/dolormagnaefficiturlorem/nonpretiumsapienorcieurisus/Nullamveleratsem/Maecenassedaccumsanexnam/favicon.png" + + Tesla.Mock.mock(fn %{url: "https://long-favicon.example.org/"} -> + %Tesla.Env{ + status: 200, + body: ~s[<html><head><link rel="icon" href="] <> long_favicon_url <> ~s["></head></html>] + } + end) + + assert capture_log(fn -> + assert nil == + Instance.get_or_update_favicon( + URI.parse("https://long-favicon.example.org/") + ) + end) =~ + "Instance.get_or_update_favicon(\"long-favicon.example.org\") error: %Postgrex.Error{" + end end From 1984ff310341766adfc224342c9d29272f80e9cb Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Mon, 7 Sep 2020 15:16:04 +0300 Subject: [PATCH 096/264] Add a changelog entry for hackney downgrade --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cdd5b94a8..25645c185 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Rich media failure tracking (along with `:failure_backoff` option) ### Fixed +- Possible OOM errors with the default HTTP adapter - Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers - Mastodon API: Timelines hanging for (`number of posts with links * rich media timeout`) in the worst case. Reduced to just rich media timeout. From 8628e1b216339eaf0c294aa8f01911a9399d912d Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Mon, 7 Sep 2020 15:21:20 +0300 Subject: [PATCH 097/264] switch back to upstream tesla The patch we required got merged upstream: https://github.com/teamon/tesla/commit/9f7261ca49f9f901ceb73b60219ad6f8a9f6aa30 --- mix.exs | 4 ++-- mix.lock | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mix.exs b/mix.exs index c324960c5..8f69a15f2 100644 --- a/mix.exs +++ b/mix.exs @@ -134,8 +134,8 @@ defp deps do {:cachex, "~> 3.2"}, {:poison, "~> 3.0", override: true}, {:tesla, - git: "https://git.pleroma.social/pleroma/elixir-libraries/tesla.git", - ref: "3a2789d8535f7b520ebbadc4494227e5ba0e5365", + git: "https://github.com/teamon/tesla/", + ref: "9f7261ca49f9f901ceb73b60219ad6f8a9f6aa30", override: true}, {:castore, "~> 0.1"}, {:cowlib, "~> 2.9", override: true}, diff --git a/mix.lock b/mix.lock index deb07eb68..058428e66 100644 --- a/mix.lock +++ b/mix.lock @@ -110,7 +110,7 @@ "swoosh": {:hex, :swoosh, "1.0.0", "c547cfc83f30e12d5d1fdcb623d7de2c2e29a5becfc68bf8f42ba4d23d2c2756", [:mix], [{:cowboy, "~> 1.0.1 or ~> 1.1 or ~> 2.4", [hex: :cowboy, repo: "hexpm", optional: true]}, {:gen_smtp, "~> 0.13", [hex: :gen_smtp, repo: "hexpm", optional: true]}, {:hackney, "~> 1.9", [hex: :hackney, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:mail, "~> 0.2", [hex: :mail, repo: "hexpm", optional: true]}, {:mime, "~> 1.1", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_cowboy, ">= 1.0.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}], "hexpm", "b3b08e463f876cb6167f7168e9ad99a069a724e124bcee61847e0e1ed13f4a0d"}, "syslog": {:hex, :syslog, "1.1.0", "6419a232bea84f07b56dc575225007ffe34d9fdc91abe6f1b2f254fd71d8efc2", [:rebar3], [], "hexpm", "4c6a41373c7e20587be33ef841d3de6f3beba08519809329ecc4d27b15b659e1"}, "telemetry": {:hex, :telemetry, "0.4.2", "2808c992455e08d6177322f14d3bdb6b625fbcfd233a73505870d8738a2f4599", [:rebar3], [], "hexpm", "2d1419bd9dda6a206d7b5852179511722e2b18812310d304620c7bd92a13fcef"}, - "tesla": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/tesla.git", "3a2789d8535f7b520ebbadc4494227e5ba0e5365", [ref: "3a2789d8535f7b520ebbadc4494227e5ba0e5365"]}, + "tesla": {:git, "https://github.com/teamon/tesla/", "9f7261ca49f9f901ceb73b60219ad6f8a9f6aa30", [ref: "9f7261ca49f9f901ceb73b60219ad6f8a9f6aa30"]}, "timex": {:hex, :timex, "3.6.2", "845cdeb6119e2fef10751c0b247b6c59d86d78554c83f78db612e3290f819bc2", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5 or ~> 1.0.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "26030b46199d02a590be61c2394b37ea25a3664c02fafbeca0b24c972025d47a"}, "trailing_format_plug": {:hex, :trailing_format_plug, "0.0.7", "64b877f912cf7273bed03379936df39894149e35137ac9509117e59866e10e45", [:mix], [{:plug, "> 0.12.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bd4fde4c15f3e993a999e019d64347489b91b7a9096af68b2bdadd192afa693f"}, "tzdata": {:hex, :tzdata, "1.0.3", "73470ad29dde46e350c60a66e6b360d3b99d2d18b74c4c349dbebbc27a09a3eb", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "a6e1ee7003c4d04ecbd21dd3ec690d4c6662db5d3bbdd7262d53cdf5e7c746c1"}, From ee67c98e550310813cfdb9242e5fab2e566e1e2a Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Sun, 6 Sep 2020 12:13:26 +0300 Subject: [PATCH 098/264] removing Stats worker from Oban cron jobs --- CHANGELOG.md | 8 ++ config/config.exs | 3 +- config/description.exs | 1 - lib/mix/pleroma.ex | 1 + lib/pleroma/application.ex | 1 + lib/pleroma/config/oban.ex | 30 ++++++++ lib/pleroma/stats.ex | 76 ++++++++++++++----- lib/pleroma/workers/cron/stats_worker.ex | 17 ----- ...ove_cron_stats_worker_from_oban_config.exs | 19 +++++ test/stats_test.exs | 21 ++--- 10 files changed, 127 insertions(+), 50 deletions(-) create mode 100644 lib/pleroma/config/oban.ex delete mode 100644 lib/pleroma/workers/cron/stats_worker.ex create mode 100644 priv/repo/migrations/20200906072147_remove_cron_stats_worker_from_oban_config.exs diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e6353a4e..78aae6f07 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,9 +6,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## unreleased-patch - ??? ### Added + - Rich media failure tracking (along with `:failure_backoff` option) ### Fixed + - Possible OOM errors with the default HTTP adapter - Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers - Mastodon API: Timelines hanging for (`number of posts with links * rich media timeout`) in the worst case. @@ -16,6 +18,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Cards being wrong for preview statuses due to cache key collision - Password resets no longer processed for deactivated accounts +## Unreleased + +### Removed + +- **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`. + ## [2.1.0] - 2020-08-28 ### Changed diff --git a/config/config.exs b/config/config.exs index ed37b93c0..d631c3962 100644 --- a/config/config.exs +++ b/config/config.exs @@ -546,7 +546,6 @@ plugins: [Oban.Plugins.Pruner], crontab: [ {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker}, - {"0 * * * *", Pleroma.Workers.Cron.StatsWorker}, {"* * * * *", Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker}, {"0 0 * * 0", Pleroma.Workers.Cron.DigestEmailsWorker}, {"0 0 * * *", Pleroma.Workers.Cron.NewUsersDigestWorker} @@ -672,7 +671,7 @@ # With no frontend configuration, the bundled files from the `static` directory will # be used. # -# config :pleroma, :frontends, +# config :pleroma, :frontends, # primary: %{"name" => "pleroma-fe", "ref" => "develop"}, # admin: %{"name" => "admin-fe", "ref" => "stable"}, # available: %{...} diff --git a/config/description.exs b/config/description.exs index 5e08ba109..18c133f02 100644 --- a/config/description.exs +++ b/config/description.exs @@ -2291,7 +2291,6 @@ description: "Settings for cron background jobs", suggestions: [ {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker}, - {"0 * * * *", Pleroma.Workers.Cron.StatsWorker}, {"* * * * *", Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker}, {"0 0 * * 0", Pleroma.Workers.Cron.DigestEmailsWorker}, {"0 0 * * *", Pleroma.Workers.Cron.NewUsersDigestWorker} diff --git a/lib/mix/pleroma.ex b/lib/mix/pleroma.ex index fe9b0d16c..49ba2aae4 100644 --- a/lib/mix/pleroma.ex +++ b/lib/mix/pleroma.ex @@ -18,6 +18,7 @@ defmodule Mix.Pleroma do @doc "Common functions to be reused in mix tasks" def start_pleroma do Pleroma.Config.Holder.save_default() + Pleroma.Config.Oban.warn() Application.put_env(:phoenix, :serve_endpoints, false, persistent: true) if Pleroma.Config.get(:env) != :test do diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index 33b1e3872..c39e24919 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -50,6 +50,7 @@ def start(_type, _args) do Pleroma.Telemetry.Logger.attach() Config.Holder.save_default() Pleroma.HTML.compile_scrubbers() + Pleroma.Config.Oban.warn() Config.DeprecationWarnings.warn() Pleroma.Plugs.HTTPSecurityPlug.warn_if_disabled() Pleroma.ApplicationRequirements.verify!() diff --git a/lib/pleroma/config/oban.ex b/lib/pleroma/config/oban.ex new file mode 100644 index 000000000..c2d56ebab --- /dev/null +++ b/lib/pleroma/config/oban.ex @@ -0,0 +1,30 @@ +defmodule Pleroma.Config.Oban do + require Logger + + def warn do + oban_config = Pleroma.Config.get(Oban) + + crontab = + [Pleroma.Workers.Cron.StatsWorker] + |> Enum.reduce(oban_config[:crontab], fn removed_worker, acc -> + with acc when is_list(acc) <- acc, + setting when is_tuple(setting) <- + Enum.find(acc, fn {_, worker} -> worker == removed_worker end) do + """ + !!!OBAN CONFIG WARNING!!! + You are using old workers in Oban crontab settings, which were removed. + Please, remove setting from crontab in your config file (prod.secret.exs): #{ + inspect(setting) + } + """ + |> Logger.warn() + + List.delete(acc, setting) + else + _ -> acc + end + end) + + Pleroma.Config.put(Oban, Keyword.put(oban_config, :crontab, crontab)) + end +end diff --git a/lib/pleroma/stats.ex b/lib/pleroma/stats.ex index 9a03f01db..e7f8d272c 100644 --- a/lib/pleroma/stats.ex +++ b/lib/pleroma/stats.ex @@ -3,12 +3,15 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Stats do + use GenServer + import Ecto.Query + alias Pleroma.CounterCache alias Pleroma.Repo alias Pleroma.User - use GenServer + @interval :timer.seconds(60) def start_link(_) do GenServer.start_link( @@ -18,6 +21,11 @@ def start_link(_) do ) end + @impl true + def init(_args) do + {:ok, nil, {:continue, :calculate_stats}} + end + @doc "Performs update stats" def force_update do GenServer.call(__MODULE__, :force_update) @@ -29,7 +37,11 @@ def do_collect do end @doc "Returns stats data" - @spec get_stats() :: %{domain_count: integer(), status_count: integer(), user_count: integer()} + @spec get_stats() :: %{ + domain_count: non_neg_integer(), + status_count: non_neg_integer(), + user_count: non_neg_integer() + } def get_stats do %{stats: stats} = GenServer.call(__MODULE__, :get_state) @@ -44,25 +56,14 @@ def get_peers do peers end - def init(_args) do - {:ok, calculate_stat_data()} - end - - def handle_call(:force_update, _from, _state) do - new_stats = calculate_stat_data() - {:reply, new_stats, new_stats} - end - - def handle_call(:get_state, _from, state) do - {:reply, state, state} - end - - def handle_cast(:run_update, _state) do - new_stats = calculate_stat_data() - - {:noreply, new_stats} - end - + @spec calculate_stat_data() :: %{ + peers: list(), + stats: %{ + domain_count: non_neg_integer(), + status_count: non_neg_integer(), + user_count: non_neg_integer() + } + } def calculate_stat_data do peers = from( @@ -97,6 +98,7 @@ def calculate_stat_data do } end + @spec get_status_visibility_count(String.t() | nil) :: map() def get_status_visibility_count(instance \\ nil) do if is_nil(instance) do CounterCache.get_sum() @@ -104,4 +106,36 @@ def get_status_visibility_count(instance \\ nil) do CounterCache.get_by_instance(instance) end end + + @impl true + def handle_continue(:calculate_stats, _) do + stats = calculate_stat_data() + Process.send_after(self(), :run_update, @interval) + {:noreply, stats} + end + + @impl true + def handle_call(:force_update, _from, _state) do + new_stats = calculate_stat_data() + {:reply, new_stats, new_stats} + end + + @impl true + def handle_call(:get_state, _from, state) do + {:reply, state, state} + end + + @impl true + def handle_cast(:run_update, _state) do + new_stats = calculate_stat_data() + + {:noreply, new_stats} + end + + @impl true + def handle_info(:run_update, _) do + new_stats = calculate_stat_data() + Process.send_after(self(), :run_update, @interval) + {:noreply, new_stats} + end end diff --git a/lib/pleroma/workers/cron/stats_worker.ex b/lib/pleroma/workers/cron/stats_worker.ex deleted file mode 100644 index 6a79540bc..000000000 --- a/lib/pleroma/workers/cron/stats_worker.ex +++ /dev/null @@ -1,17 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Workers.Cron.StatsWorker do - @moduledoc """ - The worker to update peers statistics. - """ - - use Oban.Worker, queue: "background" - - @impl Oban.Worker - def perform(_job) do - Pleroma.Stats.do_collect() - :ok - end -end diff --git a/priv/repo/migrations/20200906072147_remove_cron_stats_worker_from_oban_config.exs b/priv/repo/migrations/20200906072147_remove_cron_stats_worker_from_oban_config.exs new file mode 100644 index 000000000..022f21dc7 --- /dev/null +++ b/priv/repo/migrations/20200906072147_remove_cron_stats_worker_from_oban_config.exs @@ -0,0 +1,19 @@ +defmodule Pleroma.Repo.Migrations.RemoveCronStatsWorkerFromObanConfig do + use Ecto.Migration + + def change do + with %Pleroma.ConfigDB{} = config <- + Pleroma.ConfigDB.get_by_params(%{group: :pleroma, key: Oban}), + crontab when is_list(crontab) <- config.value[:crontab], + index when is_integer(index) <- + Enum.find_index(crontab, fn {_, worker} -> + worker == Pleroma.Workers.Cron.StatsWorker + end) do + updated_value = Keyword.put(config.value, :crontab, List.delete_at(crontab, index)) + + config + |> Ecto.Changeset.change(value: updated_value) + |> Pleroma.Repo.update() + end + end +end diff --git a/test/stats_test.exs b/test/stats_test.exs index f09d8d31a..74bf785b0 100644 --- a/test/stats_test.exs +++ b/test/stats_test.exs @@ -4,7 +4,10 @@ defmodule Pleroma.StatsTest do use Pleroma.DataCase + import Pleroma.Factory + + alias Pleroma.Stats alias Pleroma.Web.CommonAPI describe "user count" do @@ -13,7 +16,7 @@ test "it ignores internal users" do _internal = insert(:user, local: true, nickname: nil) _internal = Pleroma.Web.ActivityPub.Relay.get_actor() - assert match?(%{stats: %{user_count: 1}}, Pleroma.Stats.calculate_stat_data()) + assert match?(%{stats: %{user_count: 1}}, Stats.calculate_stat_data()) end end @@ -47,23 +50,23 @@ test "on new status" do end) assert %{"direct" => 3, "private" => 4, "public" => 1, "unlisted" => 2} = - Pleroma.Stats.get_status_visibility_count() + Stats.get_status_visibility_count() end test "on status delete" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{visibility: "public", status: "hey"}) - assert %{"public" => 1} = Pleroma.Stats.get_status_visibility_count() + assert %{"public" => 1} = Stats.get_status_visibility_count() CommonAPI.delete(activity.id, user) - assert %{"public" => 0} = Pleroma.Stats.get_status_visibility_count() + assert %{"public" => 0} = Stats.get_status_visibility_count() end test "on status visibility update" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{visibility: "public", status: "hey"}) - assert %{"public" => 1, "private" => 0} = Pleroma.Stats.get_status_visibility_count() + assert %{"public" => 1, "private" => 0} = Stats.get_status_visibility_count() {:ok, _} = CommonAPI.update_activity_scope(activity.id, %{visibility: "private"}) - assert %{"public" => 0, "private" => 1} = Pleroma.Stats.get_status_visibility_count() + assert %{"public" => 0, "private" => 1} = Stats.get_status_visibility_count() end test "doesn't count unrelated activities" do @@ -75,7 +78,7 @@ test "doesn't count unrelated activities" do CommonAPI.repeat(activity.id, other_user) assert %{"direct" => 0, "private" => 0, "public" => 1, "unlisted" => 0} = - Pleroma.Stats.get_status_visibility_count() + Stats.get_status_visibility_count() end end @@ -110,10 +113,10 @@ test "single instance" do end) assert %{"direct" => 10, "private" => 0, "public" => 1, "unlisted" => 5} = - Pleroma.Stats.get_status_visibility_count(local_instance) + Stats.get_status_visibility_count(local_instance) assert %{"direct" => 0, "private" => 20, "public" => 0, "unlisted" => 0} = - Pleroma.Stats.get_status_visibility_count(instance2) + Stats.get_status_visibility_count(instance2) end end end From 8c6485c470c1a7cd6ec4b63867d94e9724c4502b Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Mon, 7 Sep 2020 19:22:56 +0300 Subject: [PATCH 099/264] CHANGELOG.md: move Unreleased section ahead of unreleased-patch --- CHANGELOG.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 78aae6f07..46f1e859b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## Unreleased + +### Removed + +- **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`. + + ## unreleased-patch - ??? ### Added @@ -18,11 +25,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Cards being wrong for preview statuses due to cache key collision - Password resets no longer processed for deactivated accounts -## Unreleased - -### Removed - -- **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`. ## [2.1.0] - 2020-08-28 From a83916fdacac7b11ca478ef9a61b32dd269c8fd2 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Fri, 4 Sep 2020 19:05:08 +0300 Subject: [PATCH 100/264] adapter options unification not needed options deletion --- config/config.exs | 10 +++++----- config/description.exs | 8 +++++++- docs/configuration/cheatsheet.md | 4 ++-- lib/mix/tasks/pleroma/frontend.ex | 4 +--- lib/pleroma/gun/conn.ex | 8 ++++---- lib/pleroma/http/adapter_helper.ex | 2 +- lib/pleroma/http/adapter_helper/gun.ex | 14 ++++++-------- lib/pleroma/http/adapter_helper/hackney.ex | 14 ++++++++++---- .../mrf/media_proxy_warming_policy.ex | 12 +++--------- lib/pleroma/web/rel_me.ex | 15 +++------------ lib/pleroma/web/rich_media/helpers.ex | 19 +++++-------------- 11 files changed, 47 insertions(+), 63 deletions(-) diff --git a/config/config.exs b/config/config.exs index d631c3962..2426fbd52 100644 --- a/config/config.exs +++ b/config/config.exs @@ -735,28 +735,28 @@ max_connections: 250, max_idle_time: 30_000, retry: 0, - await_up_timeout: 5_000 + connect_timeout: 5_000 config :pleroma, :pools, federation: [ size: 50, max_waiting: 10, - timeout: 10_000 + recv_timeout: 10_000 ], media: [ size: 50, max_waiting: 10, - timeout: 10_000 + recv_timeout: 10_000 ], upload: [ size: 25, max_waiting: 5, - timeout: 15_000 + recv_timeout: 15_000 ], default: [ size: 10, max_waiting: 2, - timeout: 5_000 + recv_timeout: 5_000 ] config :pleroma, :hackney_pools, diff --git a/config/description.exs b/config/description.exs index 18c133f02..eac97ad64 100644 --- a/config/description.exs +++ b/config/description.exs @@ -3377,7 +3377,7 @@ suggestions: [250] }, %{ - key: :await_up_timeout, + key: :connect_timeout, type: :integer, description: "Timeout while `gun` will wait until connection is up. Default: 5000ms.", suggestions: [5000] @@ -3415,6 +3415,12 @@ description: "Maximum number of requests waiting for other requests to finish. After this number is reached, the pool will start returning errrors when a new request is made", suggestions: [10] + }, + %{ + key: :recv_timeout, + type: :integer, + description: "Timeout for the pool while gun will wait for response", + suggestions: [10_000] } ] } diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index a9a650fab..7f0725b48 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -498,7 +498,7 @@ Settings for HTTP connection pool. * `:connection_acquisition_wait` - Timeout to acquire a connection from pool.The total max time is this value multiplied by the number of retries. * `connection_acquisition_retries` - Number of attempts to acquire the connection from the pool if it is overloaded. Each attempt is timed `:connection_acquisition_wait` apart. * `:max_connections` - Maximum number of connections in the pool. -* `:await_up_timeout` - Timeout to connect to the host. +* `:connect_timeout` - Timeout to connect to the host. * `:reclaim_multiplier` - Multiplied by `:max_connections` this will be the maximum number of idle connections that will be reclaimed in case the pool is overloaded. ### :pools @@ -517,7 +517,7 @@ There are four pools used: For each pool, the options are: * `:size` - limit to how much requests can be concurrently executed. -* `:timeout` - timeout while `gun` will wait for response +* `:recv_timeout` - timeout while `gun` will wait for response * `:max_waiting` - limit to how much requests can be waiting for others to finish, after this is reached, subsequent requests will be dropped. ## Captcha diff --git a/lib/mix/tasks/pleroma/frontend.ex b/lib/mix/tasks/pleroma/frontend.ex index 1957b1d84..73df67439 100644 --- a/lib/mix/tasks/pleroma/frontend.ex +++ b/lib/mix/tasks/pleroma/frontend.ex @@ -124,9 +124,7 @@ defp download_build(frontend_info, dest) do url = String.replace(frontend_info["build_url"], "${ref}", frontend_info["ref"]) with {:ok, %{status: 200, body: zip_body}} <- - Pleroma.HTTP.get(url, [], - adapter: [pool: :media, timeout: 120_000, recv_timeout: 120_000] - ) do + Pleroma.HTTP.get(url, [], adapter: [pool: :media, recv_timeout: 120_000]) do unzip(zip_body, dest) else e -> {:error, e} diff --git a/lib/pleroma/gun/conn.ex b/lib/pleroma/gun/conn.ex index a3f75a4bb..75b1ffc0a 100644 --- a/lib/pleroma/gun/conn.ex +++ b/lib/pleroma/gun/conn.ex @@ -13,7 +13,7 @@ def open(%URI{} = uri, opts) do opts = opts |> Enum.into(%{}) - |> Map.put_new(:await_up_timeout, pool_opts[:await_up_timeout] || 5_000) + |> Map.put_new(:connect_timeout, pool_opts[:connect_timeout] || 5_000) |> Map.put_new(:supervise, false) |> maybe_add_tls_opts(uri) @@ -50,7 +50,7 @@ defp do_open(uri, %{proxy: {proxy_host, proxy_port}} = opts) do with open_opts <- Map.delete(opts, :tls_opts), {:ok, conn} <- Gun.open(proxy_host, proxy_port, open_opts), - {:ok, _} <- Gun.await_up(conn, opts[:await_up_timeout]), + {:ok, _} <- Gun.await_up(conn, opts[:connect_timeout]), stream <- Gun.connect(conn, connect_opts), {:response, :fin, 200, _} <- Gun.await(conn, stream) do {:ok, conn} @@ -88,7 +88,7 @@ defp do_open(uri, %{proxy: {proxy_type, proxy_host, proxy_port}} = opts) do |> Map.put(:socks_opts, socks_opts) with {:ok, conn} <- Gun.open(proxy_host, proxy_port, opts), - {:ok, _} <- Gun.await_up(conn, opts[:await_up_timeout]) do + {:ok, _} <- Gun.await_up(conn, opts[:connect_timeout]) do {:ok, conn} else error -> @@ -106,7 +106,7 @@ defp do_open(%URI{host: host, port: port} = uri, opts) do host = Pleroma.HTTP.AdapterHelper.parse_host(host) with {:ok, conn} <- Gun.open(host, port, opts), - {:ok, _} <- Gun.await_up(conn, opts[:await_up_timeout]) do + {:ok, _} <- Gun.await_up(conn, opts[:connect_timeout]) do {:ok, conn} else error -> diff --git a/lib/pleroma/http/adapter_helper.ex b/lib/pleroma/http/adapter_helper.ex index d72297323..08b51578a 100644 --- a/lib/pleroma/http/adapter_helper.ex +++ b/lib/pleroma/http/adapter_helper.ex @@ -6,7 +6,7 @@ defmodule Pleroma.HTTP.AdapterHelper do @moduledoc """ Configure Tesla.Client with default and customized adapter options. """ - @defaults [pool: :federation] + @defaults [pool: :federation, connect_timeout: 5_000, recv_timeout: 5_000] @type proxy_type() :: :socks4 | :socks5 @type host() :: charlist() | :inet.ip_address() diff --git a/lib/pleroma/http/adapter_helper/gun.ex b/lib/pleroma/http/adapter_helper/gun.ex index 4a967d8f2..1dbb71362 100644 --- a/lib/pleroma/http/adapter_helper/gun.ex +++ b/lib/pleroma/http/adapter_helper/gun.ex @@ -11,12 +11,8 @@ defmodule Pleroma.HTTP.AdapterHelper.Gun do require Logger @defaults [ - connect_timeout: 5_000, - domain_lookup_timeout: 5_000, - tls_handshake_timeout: 5_000, retry: 1, - retry_timeout: 1000, - await_up_timeout: 5_000 + retry_timeout: 1_000 ] @type pool() :: :federation | :upload | :media | :default @@ -45,15 +41,17 @@ defp add_scheme_opts(opts, %{scheme: "https"}) do end defp put_timeout(opts) do + {recv_timeout, opts} = Keyword.pop(opts, :recv_timeout, pool_timeout(opts[:pool])) # this is the timeout to receive a message from Gun - Keyword.put_new(opts, :timeout, pool_timeout(opts[:pool])) + # `:timeout` key is used in Tesla + Keyword.put(opts, :timeout, recv_timeout) end @spec pool_timeout(pool()) :: non_neg_integer() def pool_timeout(pool) do - default = Config.get([:pools, :default, :timeout], 5_000) + default = Config.get([:pools, :default, :recv_timeout], 5_000) - Config.get([:pools, pool, :timeout], default) + Config.get([:pools, pool, :recv_timeout], default) end @prefix Pleroma.Gun.ConnectionPool diff --git a/lib/pleroma/http/adapter_helper/hackney.ex b/lib/pleroma/http/adapter_helper/hackney.ex index 42e3acfec..ef84553c1 100644 --- a/lib/pleroma/http/adapter_helper/hackney.ex +++ b/lib/pleroma/http/adapter_helper/hackney.ex @@ -2,11 +2,8 @@ defmodule Pleroma.HTTP.AdapterHelper.Hackney do @behaviour Pleroma.HTTP.AdapterHelper @defaults [ - connect_timeout: 10_000, - recv_timeout: 20_000, follow_redirect: true, - force_redirect: true, - pool: :federation + force_redirect: true ] @spec options(keyword(), URI.t()) :: keyword() @@ -19,6 +16,7 @@ def options(connection_opts \\ [], %URI{} = uri) do |> Keyword.merge(config_opts) |> Keyword.merge(connection_opts) |> add_scheme_opts(uri) + |> maybe_add_with_body() |> Pleroma.HTTP.AdapterHelper.maybe_add_proxy(proxy) end @@ -27,4 +25,12 @@ defp add_scheme_opts(opts, %URI{scheme: "https"}) do end defp add_scheme_opts(opts, _), do: opts + + defp maybe_add_with_body(opts) do + if opts[:max_body] do + Keyword.put(opts, :with_body, true) + else + opts + end + end end diff --git a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex index dfab105a3..a203405a0 100644 --- a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex @@ -13,22 +13,16 @@ defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy do require Logger @options [ - pool: :media + pool: :media, + recv_timeout: 10_000 ] def perform(:prefetch, url) do Logger.debug("Prefetching #{inspect(url)}") - opts = - if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do - Keyword.put(@options, :recv_timeout, 10_000) - else - @options - end - url |> MediaProxy.url() - |> HTTP.get([], adapter: opts) + |> HTTP.get([], adapter: @options) end def perform(:preload, %{"object" => %{"attachment" => attachments}} = _message) do diff --git a/lib/pleroma/web/rel_me.ex b/lib/pleroma/web/rel_me.ex index 8e2b51508..32bce3c1b 100644 --- a/lib/pleroma/web/rel_me.ex +++ b/lib/pleroma/web/rel_me.ex @@ -5,7 +5,8 @@ defmodule Pleroma.Web.RelMe do @options [ pool: :media, - max_body: 2_000_000 + max_body: 2_000_000, + recv_timeout: 2_000 ] if Pleroma.Config.get(:env) == :test do @@ -23,18 +24,8 @@ def parse(url) when is_binary(url) do def parse(_), do: {:error, "No URL provided"} defp parse_url(url) do - opts = - if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do - Keyword.merge(@options, - recv_timeout: 2_000, - with_body: true - ) - else - @options - end - with {:ok, %Tesla.Env{body: html, status: status}} when status in 200..299 <- - Pleroma.HTTP.get(url, [], adapter: opts), + Pleroma.HTTP.get(url, [], adapter: @options), {:ok, html_tree} <- Floki.parse_document(html), data <- Floki.attribute(html_tree, "link[rel~=me]", "href") ++ diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index 752ca9f81..084a66466 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -9,14 +9,15 @@ defmodule Pleroma.Web.RichMedia.Helpers do alias Pleroma.Object alias Pleroma.Web.RichMedia.Parser - @rich_media_options [ + @options [ pool: :media, - max_body: 2_000_000 + max_body: 2_000_000, + recv_timeout: 2_000 ] @spec validate_page_url(URI.t() | binary()) :: :ok | :error defp validate_page_url(page_url) when is_binary(page_url) do - validate_tld = Pleroma.Config.get([Pleroma.Formatter, :validate_tld]) + validate_tld = Config.get([Pleroma.Formatter, :validate_tld]) page_url |> Linkify.Parser.url?(validate_tld: validate_tld) @@ -86,16 +87,6 @@ def perform(:fetch, %Activity{} = activity) do def rich_media_get(url) do headers = [{"user-agent", Pleroma.Application.user_agent() <> "; Bot"}] - options = - if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do - Keyword.merge(@rich_media_options, - recv_timeout: 2_000, - with_body: true - ) - else - @rich_media_options - end - - Pleroma.HTTP.get(url, headers, adapter: options) + Pleroma.HTTP.get(url, headers, adapter: @options) end end From 8a3d43044a06488545490a89e29c8349d914f164 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Sat, 5 Sep 2020 12:41:01 +0300 Subject: [PATCH 101/264] migrations for renaming gun timeout options --- ...e_await_up_timeout_in_connections_pool.exs | 13 +++++++++++++ ...20200905091427_rename_timeout_in_pools.exs | 19 +++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 priv/repo/migrations/20200905082737_rename_await_up_timeout_in_connections_pool.exs create mode 100644 priv/repo/migrations/20200905091427_rename_timeout_in_pools.exs diff --git a/priv/repo/migrations/20200905082737_rename_await_up_timeout_in_connections_pool.exs b/priv/repo/migrations/20200905082737_rename_await_up_timeout_in_connections_pool.exs new file mode 100644 index 000000000..22c40663c --- /dev/null +++ b/priv/repo/migrations/20200905082737_rename_await_up_timeout_in_connections_pool.exs @@ -0,0 +1,13 @@ +defmodule Pleroma.Repo.Migrations.RenameAwaitUpTimeoutInConnectionsPool do + use Ecto.Migration + + def change do + with %Pleroma.ConfigDB{} = config <- + Pleroma.ConfigDB.get_by_params(%{group: :pleroma, key: :connections_pool}), + {timeout, value} when is_integer(timeout) <- Keyword.pop(config.value, :await_up_timeout) do + config + |> Ecto.Changeset.change(value: Keyword.put(value, :connect_timeout, timeout)) + |> Pleroma.Repo.update() + end + end +end diff --git a/priv/repo/migrations/20200905091427_rename_timeout_in_pools.exs b/priv/repo/migrations/20200905091427_rename_timeout_in_pools.exs new file mode 100644 index 000000000..bb2f50ecc --- /dev/null +++ b/priv/repo/migrations/20200905091427_rename_timeout_in_pools.exs @@ -0,0 +1,19 @@ +defmodule Pleroma.Repo.Migrations.RenameTimeoutInPools do + use Ecto.Migration + + def change do + with %Pleroma.ConfigDB{} = config <- + Pleroma.ConfigDB.get_by_params(%{group: :pleroma, key: :pools}) do + updated_value = + Enum.map(config.value, fn {pool, pool_value} -> + with {timeout, value} when is_integer(timeout) <- Keyword.pop(pool_value, :timeout) do + {pool, Keyword.put(value, :recv_timeout, timeout)} + end + end) + + config + |> Ecto.Changeset.change(value: updated_value) + |> Pleroma.Repo.update() + end + end +end From 696bf09433aa7f33cf580c71cb7f1f3367d4c124 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Mon, 7 Sep 2020 16:57:42 +0300 Subject: [PATCH 102/264] passing adapter options directly without adapter key --- config/test.exs | 2 +- lib/mix/tasks/pleroma/benchmark.ex | 11 ++--- lib/mix/tasks/pleroma/frontend.ex | 2 +- lib/pleroma/http/ex_aws.ex | 2 +- lib/pleroma/http/http.ex | 2 +- lib/pleroma/http/tzdata.ex | 4 +- .../mrf/media_proxy_warming_policy.ex | 2 +- lib/pleroma/web/rel_me.ex | 2 +- lib/pleroma/web/rich_media/helpers.ex | 2 +- test/web/instances/instance_test.exs | 2 + .../mastodon_api/views/account_view_test.exs | 40 ++++++++++--------- 11 files changed, 36 insertions(+), 35 deletions(-) diff --git a/config/test.exs b/config/test.exs index f0358e384..e9c2273e8 100644 --- a/config/test.exs +++ b/config/test.exs @@ -114,7 +114,7 @@ config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: true -config :pleroma, :instances_favicons, enabled: true +config :pleroma, :instances_favicons, enabled: false config :pleroma, Pleroma.Uploaders.S3, bucket: nil, diff --git a/lib/mix/tasks/pleroma/benchmark.ex b/lib/mix/tasks/pleroma/benchmark.ex index dd2b9c8f2..a607d5d4f 100644 --- a/lib/mix/tasks/pleroma/benchmark.ex +++ b/lib/mix/tasks/pleroma/benchmark.ex @@ -91,20 +91,17 @@ def run(["adapters"]) do "Without conn and without pool" => fn -> {:ok, %Tesla.Env{}} = Pleroma.HTTP.get("https://httpbin.org/stream-bytes/1500", [], - adapter: [pool: :no_pool, receive_conn: false] + pool: :no_pool, + receive_conn: false ) end, "Without conn and with pool" => fn -> {:ok, %Tesla.Env{}} = - Pleroma.HTTP.get("https://httpbin.org/stream-bytes/1500", [], - adapter: [receive_conn: false] - ) + Pleroma.HTTP.get("https://httpbin.org/stream-bytes/1500", [], receive_conn: false) end, "With reused conn and without pool" => fn -> {:ok, %Tesla.Env{}} = - Pleroma.HTTP.get("https://httpbin.org/stream-bytes/1500", [], - adapter: [pool: :no_pool] - ) + Pleroma.HTTP.get("https://httpbin.org/stream-bytes/1500", [], pool: :no_pool) end, "With reused conn and with pool" => fn -> {:ok, %Tesla.Env{}} = Pleroma.HTTP.get("https://httpbin.org/stream-bytes/1500") diff --git a/lib/mix/tasks/pleroma/frontend.ex b/lib/mix/tasks/pleroma/frontend.ex index 73df67439..cbce81ab9 100644 --- a/lib/mix/tasks/pleroma/frontend.ex +++ b/lib/mix/tasks/pleroma/frontend.ex @@ -124,7 +124,7 @@ defp download_build(frontend_info, dest) do url = String.replace(frontend_info["build_url"], "${ref}", frontend_info["ref"]) with {:ok, %{status: 200, body: zip_body}} <- - Pleroma.HTTP.get(url, [], adapter: [pool: :media, recv_timeout: 120_000]) do + Pleroma.HTTP.get(url, [], pool: :media, recv_timeout: 120_000) do unzip(zip_body, dest) else e -> {:error, e} diff --git a/lib/pleroma/http/ex_aws.ex b/lib/pleroma/http/ex_aws.ex index c3f335c73..5cac3532f 100644 --- a/lib/pleroma/http/ex_aws.ex +++ b/lib/pleroma/http/ex_aws.ex @@ -11,7 +11,7 @@ defmodule Pleroma.HTTP.ExAws do @impl true def request(method, url, body \\ "", headers \\ [], http_opts \\ []) do - http_opts = Keyword.put_new(http_opts, :adapter, pool: :upload) + http_opts = Keyword.put_new(http_opts, :pool, :upload) case HTTP.request(method, url, body, headers, http_opts) do {:ok, env} -> diff --git a/lib/pleroma/http/http.ex b/lib/pleroma/http/http.ex index 7bc73f4a0..052597191 100644 --- a/lib/pleroma/http/http.ex +++ b/lib/pleroma/http/http.ex @@ -60,7 +60,7 @@ def post(url, body, headers \\ [], options \\ []), {:ok, Env.t()} | {:error, any()} def request(method, url, body, headers, options) when is_binary(url) do uri = URI.parse(url) - adapter_opts = AdapterHelper.options(uri, options[:adapter] || []) + adapter_opts = AdapterHelper.options(uri, options || []) options = put_in(options[:adapter], adapter_opts) params = options[:params] || [] diff --git a/lib/pleroma/http/tzdata.ex b/lib/pleroma/http/tzdata.ex index 4539ac359..09cfdadf7 100644 --- a/lib/pleroma/http/tzdata.ex +++ b/lib/pleroma/http/tzdata.ex @@ -11,7 +11,7 @@ defmodule Pleroma.HTTP.Tzdata do @impl true def get(url, headers, options) do - options = Keyword.put_new(options, :adapter, pool: :default) + options = Keyword.put_new(options, :pool, :default) with {:ok, %Tesla.Env{} = env} <- HTTP.get(url, headers, options) do {:ok, {env.status, env.headers, env.body}} @@ -20,7 +20,7 @@ def get(url, headers, options) do @impl true def head(url, headers, options) do - options = Keyword.put_new(options, :adapter, pool: :default) + options = Keyword.put_new(options, :pool, :default) with {:ok, %Tesla.Env{} = env} <- HTTP.head(url, headers, options) do {:ok, {env.status, env.headers}} diff --git a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex index a203405a0..98d595469 100644 --- a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex @@ -22,7 +22,7 @@ def perform(:prefetch, url) do url |> MediaProxy.url() - |> HTTP.get([], adapter: @options) + |> HTTP.get([], @options) end def perform(:preload, %{"object" => %{"attachment" => attachments}} = _message) do diff --git a/lib/pleroma/web/rel_me.ex b/lib/pleroma/web/rel_me.ex index 32bce3c1b..28f75b18d 100644 --- a/lib/pleroma/web/rel_me.ex +++ b/lib/pleroma/web/rel_me.ex @@ -25,7 +25,7 @@ def parse(_), do: {:error, "No URL provided"} defp parse_url(url) do with {:ok, %Tesla.Env{body: html, status: status}} when status in 200..299 <- - Pleroma.HTTP.get(url, [], adapter: @options), + Pleroma.HTTP.get(url, [], @options), {:ok, html_tree} <- Floki.parse_document(html), data <- Floki.attribute(html_tree, "link[rel~=me]", "href") ++ diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index 084a66466..bd7f03cbe 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -87,6 +87,6 @@ def perform(:fetch, %Activity{} = activity) do def rich_media_get(url) do headers = [{"user-agent", Pleroma.Application.user_agent() <> "; Bot"}] - Pleroma.HTTP.get(url, headers, adapter: @options) + Pleroma.HTTP.get(url, headers, @options) end end diff --git a/test/web/instances/instance_test.exs b/test/web/instances/instance_test.exs index dc6ace843..5d4efcebe 100644 --- a/test/web/instances/instance_test.exs +++ b/test/web/instances/instance_test.exs @@ -112,6 +112,8 @@ test "Scrapes favicon URLs" do end test "Returns nil on too long favicon URLs" do + clear_config([:instances_favicons, :enabled], true) + long_favicon_url = "https://Lorem.ipsum.dolor.sit.amet/consecteturadipiscingelit/Praesentpharetrapurusutaliquamtempus/Mauriseulaoreetarcu/atfacilisisorci/Nullamporttitor/nequesedfeugiatmollis/dolormagnaefficiturlorem/nonpretiumsapienorcieurisus/Nullamveleratsem/Maecenassedaccumsanexnam/favicon.png" diff --git a/test/web/mastodon_api/views/account_view_test.exs b/test/web/mastodon_api/views/account_view_test.exs index 8f37efa3c..68a5d0091 100644 --- a/test/web/mastodon_api/views/account_view_test.exs +++ b/test/web/mastodon_api/views/account_view_test.exs @@ -5,7 +5,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do use Pleroma.DataCase - alias Pleroma.Config alias Pleroma.User alias Pleroma.UserRelationship alias Pleroma.Web.CommonAPI @@ -19,8 +18,6 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do :ok end - setup do: clear_config([:instances_favicons, :enabled]) - test "Represent a user account" do background_image = %{ "url" => [%{"href" => "https://example.com/images/asuka_hospital.png"}] @@ -78,8 +75,7 @@ test "Represent a user account" do pleroma: %{ ap_id: user.ap_id, background_image: "https://example.com/images/asuka_hospital.png", - favicon: - "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png", + favicon: nil, confirmation_pending: false, tags: [], is_admin: false, @@ -98,22 +94,29 @@ test "Represent a user account" do assert expected == AccountView.render("show.json", %{user: user, skip_visibility_check: true}) end - test "Favicon is nil when :instances_favicons is disabled" do - user = insert(:user) + describe "favicon" do + setup do + [user: insert(:user)] + end - Config.put([:instances_favicons, :enabled], true) + test "is parsed when :instance_favicons is enabled", %{user: user} do + clear_config([:instances_favicons, :enabled], true) - assert %{ - pleroma: %{ - favicon: - "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png" - } - } = AccountView.render("show.json", %{user: user, skip_visibility_check: true}) + assert %{ + pleroma: %{ + favicon: + "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png" + } + } = AccountView.render("show.json", %{user: user, skip_visibility_check: true}) + end - Config.put([:instances_favicons, :enabled], false) + test "is nil when :instances_favicons is disabled", %{user: user} do + assert %{pleroma: %{favicon: nil}} = + AccountView.render("show.json", %{user: user, skip_visibility_check: true}) + end + end - assert %{pleroma: %{favicon: nil}} = - AccountView.render("show.json", %{user: user, skip_visibility_check: true}) + test "Favicon when :instance_favicons is enabled" do end test "Represent the user account for the account owner" do @@ -173,8 +176,7 @@ test "Represent a Service(bot) account" do pleroma: %{ ap_id: user.ap_id, background_image: nil, - favicon: - "https://shitposter.club/plugins/Qvitter/img/gnusocial-favicons/favicon-16x16.png", + favicon: nil, confirmation_pending: false, tags: [], is_admin: false, From 18d21aed00dcbdaabd7db25b8b7d0c88141ec98a Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Mon, 7 Sep 2020 19:04:16 +0300 Subject: [PATCH 103/264] deprecation warnings --- lib/pleroma/config/deprecation_warnings.ex | 43 ++++++++++++++++ test/config/deprecation_warnings_test.exs | 59 +++++++++++++++++++--- 2 files changed, 96 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/config/deprecation_warnings.ex b/lib/pleroma/config/deprecation_warnings.ex index 0f52eb210..2bfe4ddba 100644 --- a/lib/pleroma/config/deprecation_warnings.ex +++ b/lib/pleroma/config/deprecation_warnings.ex @@ -56,6 +56,7 @@ def warn do check_old_mrf_config() check_media_proxy_whitelist_config() check_welcome_message_config() + check_gun_pool_options() end def check_welcome_message_config do @@ -115,4 +116,46 @@ def check_media_proxy_whitelist_config do """) end end + + def check_gun_pool_options do + pool_config = Config.get(:connections_pool) + + if timeout = pool_config[:await_up_timeout] do + Logger.warn(""" + !!!DEPRECATION WARNING!!! + Your config is using old setting name `await_up_timeout` instead of `connect_timeout`. Setting should work for now, but you are advised to change format to scheme with port to prevent possible issues later. + """) + + Config.put(:connections_pool, Keyword.put_new(pool_config, :connect_timeout, timeout)) + end + + pools_configs = Config.get(:pools) + + warning_preface = """ + !!!DEPRECATION WARNING!!! + Your config is using old setting name `timeout` instead of `recv_timeout` in pool settings. Setting should work for now, but you are advised to change format to scheme with port to prevent possible issues later. + """ + + updated_config = + Enum.reduce(pools_configs, [], fn {pool_name, config}, acc -> + if timeout = config[:timeout] do + Keyword.put(acc, pool_name, Keyword.put_new(config, :recv_timeout, timeout)) + else + acc + end + end) + + if updated_config != [] do + pool_warnings = + updated_config + |> Keyword.keys() + |> Enum.map(fn pool_name -> + "\n* `:timeout` options in #{pool_name} pool is now `:recv_timeout`" + end) + + Logger.warn(Enum.join([warning_preface | pool_warnings])) + + Config.put(:pools, updated_config) + end + end end diff --git a/test/config/deprecation_warnings_test.exs b/test/config/deprecation_warnings_test.exs index 555661a71..e22052404 100644 --- a/test/config/deprecation_warnings_test.exs +++ b/test/config/deprecation_warnings_test.exs @@ -4,12 +4,15 @@ defmodule Pleroma.Config.DeprecationWarningsTest do import ExUnit.CaptureLog + alias Pleroma.Config + alias Pleroma.Config.DeprecationWarnings + test "check_old_mrf_config/0" do clear_config([:instance, :rewrite_policy], Pleroma.Web.ActivityPub.MRF.NoOpPolicy) clear_config([:instance, :mrf_transparency], true) clear_config([:instance, :mrf_transparency_exclusions], []) - assert capture_log(fn -> Pleroma.Config.DeprecationWarnings.check_old_mrf_config() end) =~ + assert capture_log(fn -> DeprecationWarnings.check_old_mrf_config() end) =~ """ !!!DEPRECATION WARNING!!! Your config is using old namespaces for MRF configuration. They should work for now, but you are advised to change to new namespaces to prevent possible issues later: @@ -44,22 +47,66 @@ test "move_namespace_and_warn/2" do ] assert capture_log(fn -> - Pleroma.Config.DeprecationWarnings.move_namespace_and_warn( + DeprecationWarnings.move_namespace_and_warn( config_map, "Warning preface" ) end) =~ "Warning preface\n error :key\n error :key2\n error :key3" - assert Pleroma.Config.get(new_group1) == 1 - assert Pleroma.Config.get(new_group2) == 2 - assert Pleroma.Config.get(new_group3) == 3 + assert Config.get(new_group1) == 1 + assert Config.get(new_group2) == 2 + assert Config.get(new_group3) == 3 end test "check_media_proxy_whitelist_config/0" do clear_config([:media_proxy, :whitelist], ["https://example.com", "example2.com"]) assert capture_log(fn -> - Pleroma.Config.DeprecationWarnings.check_media_proxy_whitelist_config() + DeprecationWarnings.check_media_proxy_whitelist_config() end) =~ "Your config is using old format (only domain) for MediaProxy whitelist option" end + + describe "check_gun_pool_options/0" do + test "await_up_timeout" do + config = Config.get(:connections_pool) + clear_config(:connections_pool, Keyword.put(config, :await_up_timeout, 5_000)) + + assert capture_log(fn -> + DeprecationWarnings.check_gun_pool_options() + end) =~ + "Your config is using old setting name `await_up_timeout` instead of `connect_timeout`" + end + + test "pool timeout" do + old_config = [ + federation: [ + size: 50, + max_waiting: 10, + timeout: 10_000 + ], + media: [ + size: 50, + max_waiting: 10, + timeout: 10_000 + ], + upload: [ + size: 25, + max_waiting: 5, + timeout: 15_000 + ], + default: [ + size: 10, + max_waiting: 2, + timeout: 5_000 + ] + ] + + clear_config(:pools, old_config) + + assert capture_log(fn -> + DeprecationWarnings.check_gun_pool_options() + end) =~ + "Your config is using old setting name `timeout` instead of `recv_timeout` in pool settings" + end + end end From 7ad1732ed2444d4d7bb1a89e66d46e5d52536e0f Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Mon, 7 Sep 2020 19:55:14 +0300 Subject: [PATCH 104/264] changelog entry --- CHANGELOG.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 46f1e859b..f303e22a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,11 +5,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Changed + +- Settings renaming: `:await_up_timeout` in `:connections_pool` namespace to `connect_timeout`, `timeout` in `pools` namespace to `recv_timeout`. + ### Removed - **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`. - ## unreleased-patch - ??? ### Added @@ -25,7 +28,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Mastodon API: Cards being wrong for preview statuses due to cache key collision - Password resets no longer processed for deactivated accounts - ## [2.1.0] - 2020-08-28 ### Changed From 699224a900d54b6d32e0bd3f2abd9eccc523df11 Mon Sep 17 00:00:00 2001 From: Alibek Omarov <a1ba.omarov@gmail.com> Date: Mon, 7 Sep 2020 22:14:40 +0200 Subject: [PATCH 105/264] ForceBotUnlistedPolicy: initial add, tiny clean up from my previous version --- .../mrf/force_bot_unlisted_policy.ex | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex diff --git a/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex b/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex new file mode 100644 index 000000000..31fd90586 --- /dev/null +++ b/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex @@ -0,0 +1,61 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy do + alias Pleroma.User + @behaviour Pleroma.Web.ActivityPub.MRF + @moduledoc "Remove bot posts from federated timeline" + + require Pleroma.Constants + + defp check_by_actor_type(user) do + if user.actor_type in ["Application", "Service"], do: 1.0, else: 0.0 + end + + defp check_by_nickname(user) do + if Regex.match?(~r/bot@|ebooks@/i, user.nickname), do: 1.0, else: 0.0 + end + + defp botness_score(user), do: check_by_actor_type(user) + check_by_nickname(user) + + @impl true + def filter( + %{ + "type" => "Create", + "to" => to, + "cc" => cc, + "actor" => actor, + "object" => object + } = message + ) do + user = User.get_cached_by_ap_id(actor) + isbot = 0.8 < botness_score(user) + + if isbot and Enum.member?(to, Pleroma.Constants.as_public()) do + to = List.delete(to, Pleroma.Constants.as_public()) ++ [user.follower_address] + cc = List.delete(cc, user.follower_address) ++ [Pleroma.Constants.as_public()] + + object = + object + |> Map.put("to", to) + |> Map.put("cc", cc) + + message = + message + |> Map.put("to", to) + |> Map.put("cc", cc) + |> Map.put("object", object) + + {:ok, message} + else + {:ok, message} + end + end + + @impl true + def filter(message), do: {:ok, message} + + @impl true + def describe, do: {:ok, %{}} +end From 57cf0cc3b3029cb0ff017c53e2602ad945b8d9b3 Mon Sep 17 00:00:00 2001 From: Alibek Omarov <a1ba.omarov@gmail.com> Date: Mon, 7 Sep 2020 22:50:37 +0200 Subject: [PATCH 106/264] ForceBotUnlistedPolicy: add test --- .../mrf/force_bot_unlisted_policy_test.ex | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 test/web/activity_pub/mrf/force_bot_unlisted_policy_test.ex diff --git a/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.ex b/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.ex new file mode 100644 index 000000000..84e2a9024 --- /dev/null +++ b/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.ex @@ -0,0 +1,58 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicyTest do + use Pleroma.DataCase + import Pleroma.Factory + + import Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy + + defp generate_messages(actor) do + {%{ + "actor" => actor.ap_id, + "type" => "Create", + "object" => %{}, + "to" => [@public, "f"], + "cc" => [actor.follower_address, "d"] + }, %{ + "actor" => actor.ap_id, + "type" => "Create", + "object" => %{"to" => ["f", actor.follower_address], "cc" => ["d", @public]}, + "to" => ["f", actor.follower_address], + "cc" => ["d", @public] + }} + end + + test "removes from the federated timeline by nickname heuristics 1" do + actor = insert(:user, %{nickname: "annoying_ebooks@example.com"}) + + {message, except_message} = generate_messages(actor) + + assert ForceBotUnlistedPolicy.filter(message) == {:ok, except_message} + end + + test "removes from the federated timeline by nickname heuristics 2" do + actor = insert(:user, %{nickname: "cirnonewsnetworkbot@meow.cat"}) + + {message, except_message} = generate_messages(actor) + + assert ForceBotUnlistedPolicy.filter(message) == {:ok, except_message} + end + + test "removes from the federated timeline by actor type Application" do + actor = insert(:user, %{actor_type: "Application"}) + + {message, except_message} = generate_messages(actor) + + assert ForceBotUnlistedPolicy.filter(message) == {:ok, except_message} + end + + test "removes from the federated timeline by actor type Service" do + actor = insert(:user, %{actor_type: "Service"}) + + {message, except_message} = generate_messages(actor) + + assert ForceBotUnlistedPolicy.filter(message) == {:ok, except_message} + end +end From 8b695c3eeb6ee7a91fc5a8a4293fb3cb53212818 Mon Sep 17 00:00:00 2001 From: Alibek Omarov <a1ba.omarov@gmail.com> Date: Mon, 7 Sep 2020 22:53:45 +0200 Subject: [PATCH 107/264] ForceBotUnlistedPolicy: format --- .../mrf/force_bot_unlisted_policy.ex | 16 ++++++------ .../mrf/force_bot_unlisted_policy_test.ex | 25 ++++++++++--------- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex b/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex index 31fd90586..7290f444b 100644 --- a/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex @@ -21,14 +21,14 @@ defp botness_score(user), do: check_by_actor_type(user) + check_by_nickname(user @impl true def filter( - %{ - "type" => "Create", - "to" => to, - "cc" => cc, - "actor" => actor, - "object" => object - } = message - ) do + %{ + "type" => "Create", + "to" => to, + "cc" => cc, + "actor" => actor, + "object" => object + } = message + ) do user = User.get_cached_by_ap_id(actor) isbot = 0.8 < botness_score(user) diff --git a/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.ex b/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.ex index 84e2a9024..6f001c233 100644 --- a/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.ex +++ b/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.ex @@ -10,18 +10,19 @@ defmodule Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicyTest do defp generate_messages(actor) do {%{ - "actor" => actor.ap_id, - "type" => "Create", - "object" => %{}, - "to" => [@public, "f"], - "cc" => [actor.follower_address, "d"] - }, %{ - "actor" => actor.ap_id, - "type" => "Create", - "object" => %{"to" => ["f", actor.follower_address], "cc" => ["d", @public]}, - "to" => ["f", actor.follower_address], - "cc" => ["d", @public] - }} + "actor" => actor.ap_id, + "type" => "Create", + "object" => %{}, + "to" => [@public, "f"], + "cc" => [actor.follower_address, "d"] + }, + %{ + "actor" => actor.ap_id, + "type" => "Create", + "object" => %{"to" => ["f", actor.follower_address], "cc" => ["d", @public]}, + "to" => ["f", actor.follower_address], + "cc" => ["d", @public] + }} end test "removes from the federated timeline by nickname heuristics 1" do From d2fd1d348122d8b0c3f4b0262cfc980afed83448 Mon Sep 17 00:00:00 2001 From: Alibek Omarov <a1ba.omarov@gmail.com> Date: Mon, 7 Sep 2020 23:04:07 +0200 Subject: [PATCH 108/264] ForceBotUnlistedPolicy: fix test extension --- ...unlisted_policy_test.ex => force_bot_unlisted_policy_test.exs} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename test/web/activity_pub/mrf/{force_bot_unlisted_policy_test.ex => force_bot_unlisted_policy_test.exs} (100%) diff --git a/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.ex b/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs similarity index 100% rename from test/web/activity_pub/mrf/force_bot_unlisted_policy_test.ex rename to test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs From 0a25c92cfafce6af9ff9a40ac278dafac69e0c08 Mon Sep 17 00:00:00 2001 From: Alibek Omarov <a1ba.omarov@gmail.com> Date: Mon, 7 Sep 2020 23:18:36 +0200 Subject: [PATCH 109/264] ForceBotUnlistedPolicy: try to fix test --- test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs b/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs index 6f001c233..85ca95b0a 100644 --- a/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs +++ b/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs @@ -6,7 +6,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicyTest do use Pleroma.DataCase import Pleroma.Factory - import Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy + alias Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy defp generate_messages(actor) do {%{ From d074e54013cb38d308693891e0353c0dccc54b85 Mon Sep 17 00:00:00 2001 From: Alibek Omarov <a1ba.omarov@gmail.com> Date: Mon, 7 Sep 2020 23:28:29 +0200 Subject: [PATCH 110/264] ForceBotUnlistedPolicy: try to fix test 2 --- test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs | 1 + 1 file changed, 1 insertion(+) diff --git a/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs b/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs index 85ca95b0a..86dd9ddae 100644 --- a/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs +++ b/test/web/activity_pub/mrf/force_bot_unlisted_policy_test.exs @@ -7,6 +7,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicyTest do import Pleroma.Factory alias Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy + @public "https://www.w3.org/ns/activitystreams#Public" defp generate_messages(actor) do {%{ From 95688c90ad9cd6438a764b4ea6e0f2e3b594b5c8 Mon Sep 17 00:00:00 2001 From: Alibek Omarov <a1ba.omarov@gmail.com> Date: Tue, 8 Sep 2020 01:13:49 +0200 Subject: [PATCH 111/264] ForceBotUnlistedPolicy: simplify code --- .../activity_pub/mrf/force_bot_unlisted_policy.ex | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex b/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex index 7290f444b..ea9c3d3f5 100644 --- a/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/force_bot_unlisted_policy.ex @@ -9,15 +9,10 @@ defmodule Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy do require Pleroma.Constants - defp check_by_actor_type(user) do - if user.actor_type in ["Application", "Service"], do: 1.0, else: 0.0 - end + defp check_by_actor_type(user), do: user.actor_type in ["Application", "Service"] + defp check_by_nickname(user), do: Regex.match?(~r/bot@|ebooks@/i, user.nickname) - defp check_by_nickname(user) do - if Regex.match?(~r/bot@|ebooks@/i, user.nickname), do: 1.0, else: 0.0 - end - - defp botness_score(user), do: check_by_actor_type(user) + check_by_nickname(user) + defp check_if_bot(user), do: check_by_actor_type(user) or check_by_nickname(user) @impl true def filter( @@ -30,7 +25,7 @@ def filter( } = message ) do user = User.get_cached_by_ap_id(actor) - isbot = 0.8 < botness_score(user) + isbot = check_if_bot(user) if isbot and Enum.member?(to, Pleroma.Constants.as_public()) do to = List.delete(to, Pleroma.Constants.as_public()) ++ [user.follower_address] From d8a48f838697ce6f1d37f5504c1e51b316aed037 Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Tue, 8 Sep 2020 12:23:08 +0300 Subject: [PATCH 112/264] CHANGELOG.md: Split settings renaming to 2 separate entries --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f303e22a7..e6180a6da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Changed -- Settings renaming: `:await_up_timeout` in `:connections_pool` namespace to `connect_timeout`, `timeout` in `pools` namespace to `recv_timeout`. +- Renamed `:await_up_timeout` in `:connections_pool` namespace to `:connect_timeout`, old name is deprecated. +- Renamed `:timeout` in `pools` namespace to `:recv_timeout`, old name is deprecated. ### Removed From fa347b9c2f416cd2c402e3e6eebb561dfc0ee8a8 Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@FreeBSD.org> Date: Wed, 26 Aug 2020 13:32:03 -0500 Subject: [PATCH 113/264] Fix uploading webp image files when Exiftool Upload Filter is enabled --- CHANGELOG.md | 1 + lib/pleroma/upload/filter/exiftool.ex | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 46f1e859b..cfe0651c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -138,6 +138,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fix whole_word always returning false on filter get requests - Migrations not working on OTP releases if the database was connected over ssl - Fix relay following +- Fixed uploading webp images when the Exiftool Upload Filter is enabled ## [2.0.7] - 2020-06-13 diff --git a/lib/pleroma/upload/filter/exiftool.ex b/lib/pleroma/upload/filter/exiftool.ex index ea8798fe3..a91bd5e24 100644 --- a/lib/pleroma/upload/filter/exiftool.ex +++ b/lib/pleroma/upload/filter/exiftool.ex @@ -10,9 +10,20 @@ defmodule Pleroma.Upload.Filter.Exiftool do @behaviour Pleroma.Upload.Filter @spec filter(Pleroma.Upload.t()) :: :ok | {:error, String.t()} - def filter(%Pleroma.Upload{tempfile: file, content_type: "image" <> _}) do + def filter(%Pleroma.Upload{name: file, tempfile: path, content_type: "image" <> _}) do + # webp is not compatible with exiftool at this time + if Regex.match?(~r/\.(webp)$/i, file) do + :ok + else + strip_exif(path) + end + end + + def filter(_), do: :ok + + defp strip_exif(path) do try do - case System.cmd("exiftool", ["-overwrite_original", "-gps:all=", file], parallelism: true) do + case System.cmd("exiftool", ["-overwrite_original", "-gps:all=", path], parallelism: true) do {_response, 0} -> :ok {error, 1} -> {:error, error} end @@ -21,6 +32,4 @@ def filter(%Pleroma.Upload{tempfile: file, content_type: "image" <> _}) do {:error, "exiftool command not found"} end end - - def filter(_), do: :ok end From 2165a249744a1ad4386a9d237871abe88e298942 Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@FreeBSD.org> Date: Fri, 4 Sep 2020 17:40:59 -0500 Subject: [PATCH 114/264] Improve upload filter return values so we can identify when filters make no changes to the input --- lib/pleroma/upload/filter.ex | 13 ++++++++++--- lib/pleroma/upload/filter/anonymize_filename.ex | 4 +++- lib/pleroma/upload/filter/dedupe.ex | 4 ++-- lib/pleroma/upload/filter/exiftool.ex | 8 ++++---- lib/pleroma/upload/filter/mogrifun.ex | 6 +++--- lib/pleroma/upload/filter/mogrify.ex | 6 +++--- test/upload/filter/anonymize_filename_test.exs | 6 +++--- test/upload/filter/dedupe_test.exs | 1 + test/upload/filter/exiftool_test.exs | 2 +- test/upload/filter/mogrifun_test.exs | 2 +- test/upload/filter/mogrify_test.exs | 2 +- 11 files changed, 32 insertions(+), 22 deletions(-) diff --git a/lib/pleroma/upload/filter.ex b/lib/pleroma/upload/filter.ex index dbdadc97f..661135634 100644 --- a/lib/pleroma/upload/filter.ex +++ b/lib/pleroma/upload/filter.ex @@ -15,7 +15,11 @@ defmodule Pleroma.Upload.Filter do require Logger - @callback filter(Pleroma.Upload.t()) :: :ok | {:ok, Pleroma.Upload.t()} | {:error, any()} + @callback filter(Pleroma.Upload.t()) :: + {:ok, :filtered} + | {:ok, :noop} + | {:ok, :filtered, Pleroma.Upload.t()} + | {:error, any()} @spec filter([module()], Pleroma.Upload.t()) :: {:ok, Pleroma.Upload.t()} | {:error, any()} @@ -25,10 +29,13 @@ def filter([], upload) do def filter([filter | rest], upload) do case filter.filter(upload) do - :ok -> + {:ok, :filtered} -> filter(rest, upload) - {:ok, upload} -> + {:ok, :filtered, upload} -> + filter(rest, upload) + + {:ok, :noop} -> filter(rest, upload) error -> diff --git a/lib/pleroma/upload/filter/anonymize_filename.ex b/lib/pleroma/upload/filter/anonymize_filename.ex index 07ead8203..fc456e4f4 100644 --- a/lib/pleroma/upload/filter/anonymize_filename.ex +++ b/lib/pleroma/upload/filter/anonymize_filename.ex @@ -16,9 +16,11 @@ defmodule Pleroma.Upload.Filter.AnonymizeFilename do def filter(%Upload{name: name} = upload) do extension = List.last(String.split(name, ".")) name = predefined_name(extension) || random(extension) - {:ok, %Upload{upload | name: name}} + {:ok, :filtered, %Upload{upload | name: name}} end + def filter(_), do: {:ok, :noop} + @spec predefined_name(String.t()) :: String.t() | nil defp predefined_name(extension) do with name when not is_nil(name) <- Config.get([__MODULE__, :text]), diff --git a/lib/pleroma/upload/filter/dedupe.ex b/lib/pleroma/upload/filter/dedupe.ex index 41218a918..86cbc8996 100644 --- a/lib/pleroma/upload/filter/dedupe.ex +++ b/lib/pleroma/upload/filter/dedupe.ex @@ -17,8 +17,8 @@ def filter(%Upload{name: name, tempfile: tempfile} = upload) do |> Base.encode16(case: :lower) filename = shasum <> "." <> extension - {:ok, %Upload{upload | id: shasum, path: filename}} + {:ok, :filtered, %Upload{upload | id: shasum, path: filename}} end - def filter(_), do: :ok + def filter(_), do: {:ok, :noop} end diff --git a/lib/pleroma/upload/filter/exiftool.ex b/lib/pleroma/upload/filter/exiftool.ex index a91bd5e24..94d12c01b 100644 --- a/lib/pleroma/upload/filter/exiftool.ex +++ b/lib/pleroma/upload/filter/exiftool.ex @@ -9,22 +9,22 @@ defmodule Pleroma.Upload.Filter.Exiftool do """ @behaviour Pleroma.Upload.Filter - @spec filter(Pleroma.Upload.t()) :: :ok | {:error, String.t()} + @spec filter(Pleroma.Upload.t()) :: {:ok, any()} | {:error, String.t()} def filter(%Pleroma.Upload{name: file, tempfile: path, content_type: "image" <> _}) do # webp is not compatible with exiftool at this time if Regex.match?(~r/\.(webp)$/i, file) do - :ok + {:ok, :noop} else strip_exif(path) end end - def filter(_), do: :ok + def filter(_), do: {:ok, :noop} defp strip_exif(path) do try do case System.cmd("exiftool", ["-overwrite_original", "-gps:all=", path], parallelism: true) do - {_response, 0} -> :ok + {_response, 0} -> {:ok, :filtered} {error, 1} -> {:error, error} end rescue diff --git a/lib/pleroma/upload/filter/mogrifun.ex b/lib/pleroma/upload/filter/mogrifun.ex index c8fa7b190..363e5cf0f 100644 --- a/lib/pleroma/upload/filter/mogrifun.ex +++ b/lib/pleroma/upload/filter/mogrifun.ex @@ -38,16 +38,16 @@ defmodule Pleroma.Upload.Filter.Mogrifun do [{"fill", "yellow"}, {"tint", "40"}] ] - @spec filter(Pleroma.Upload.t()) :: :ok | {:error, String.t()} + @spec filter(Pleroma.Upload.t()) :: {:ok, atom()} | {:error, String.t()} def filter(%Pleroma.Upload{tempfile: file, content_type: "image" <> _}) do try do Filter.Mogrify.do_filter(file, [Enum.random(@filters)]) - :ok + {:ok, :filtered} rescue _e in ErlangError -> {:error, "mogrify command not found"} end end - def filter(_), do: :ok + def filter(_), do: {:ok, :noop} end diff --git a/lib/pleroma/upload/filter/mogrify.ex b/lib/pleroma/upload/filter/mogrify.ex index 7a45add5a..71968fd9c 100644 --- a/lib/pleroma/upload/filter/mogrify.ex +++ b/lib/pleroma/upload/filter/mogrify.ex @@ -8,18 +8,18 @@ defmodule Pleroma.Upload.Filter.Mogrify do @type conversion :: action :: String.t() | {action :: String.t(), opts :: String.t()} @type conversions :: conversion() | [conversion()] - @spec filter(Pleroma.Upload.t()) :: :ok | {:error, String.t()} + @spec filter(Pleroma.Upload.t()) :: {:ok, :atom} | {:error, String.t()} def filter(%Pleroma.Upload{tempfile: file, content_type: "image" <> _}) do try do do_filter(file, Pleroma.Config.get!([__MODULE__, :args])) - :ok + {:ok, :filtered} rescue _e in ErlangError -> {:error, "mogrify command not found"} end end - def filter(_), do: :ok + def filter(_), do: {:ok, :noop} def do_filter(file, filters) do file diff --git a/test/upload/filter/anonymize_filename_test.exs b/test/upload/filter/anonymize_filename_test.exs index adff70f57..19b915cc8 100644 --- a/test/upload/filter/anonymize_filename_test.exs +++ b/test/upload/filter/anonymize_filename_test.exs @@ -24,18 +24,18 @@ defmodule Pleroma.Upload.Filter.AnonymizeFilenameTest do test "it replaces filename on pre-defined text", %{upload_file: upload_file} do Config.put([Upload.Filter.AnonymizeFilename, :text], "custom-file.png") - {:ok, %Upload{name: name}} = Upload.Filter.AnonymizeFilename.filter(upload_file) + {:ok, :filtered, %Upload{name: name}} = Upload.Filter.AnonymizeFilename.filter(upload_file) assert name == "custom-file.png" end test "it replaces filename on pre-defined text expression", %{upload_file: upload_file} do Config.put([Upload.Filter.AnonymizeFilename, :text], "custom-file.{extension}") - {:ok, %Upload{name: name}} = Upload.Filter.AnonymizeFilename.filter(upload_file) + {:ok, :filtered, %Upload{name: name}} = Upload.Filter.AnonymizeFilename.filter(upload_file) assert name == "custom-file.jpg" end test "it replaces filename on random text", %{upload_file: upload_file} do - {:ok, %Upload{name: name}} = Upload.Filter.AnonymizeFilename.filter(upload_file) + {:ok, :filtered, %Upload{name: name}} = Upload.Filter.AnonymizeFilename.filter(upload_file) assert <<_::bytes-size(14)>> <> ".jpg" = name refute name == "an… image.jpg" end diff --git a/test/upload/filter/dedupe_test.exs b/test/upload/filter/dedupe_test.exs index 966c353f7..75c7198e1 100644 --- a/test/upload/filter/dedupe_test.exs +++ b/test/upload/filter/dedupe_test.exs @@ -25,6 +25,7 @@ test "adds shasum" do assert { :ok, + :filtered, %Pleroma.Upload{id: @shasum, path: @shasum <> ".jpg"} } = Dedupe.filter(upload) end diff --git a/test/upload/filter/exiftool_test.exs b/test/upload/filter/exiftool_test.exs index 8ed7d650b..094253a25 100644 --- a/test/upload/filter/exiftool_test.exs +++ b/test/upload/filter/exiftool_test.exs @@ -21,7 +21,7 @@ test "apply exiftool filter" do tempfile: Path.absname("test/fixtures/DSCN0010_tmp.jpg") } - assert Filter.Exiftool.filter(upload) == :ok + assert Filter.Exiftool.filter(upload) == {:ok, :filtered} {exif_original, 0} = System.cmd("exiftool", ["test/fixtures/DSCN0010.jpg"]) {exif_filtered, 0} = System.cmd("exiftool", ["test/fixtures/DSCN0010_tmp.jpg"]) diff --git a/test/upload/filter/mogrifun_test.exs b/test/upload/filter/mogrifun_test.exs index 2426a8496..dc1e9e78f 100644 --- a/test/upload/filter/mogrifun_test.exs +++ b/test/upload/filter/mogrifun_test.exs @@ -36,7 +36,7 @@ test "apply mogrify filter" do save: fn _f, _o -> :ok end ]} ]) do - assert Filter.Mogrifun.filter(upload) == :ok + assert Filter.Mogrifun.filter(upload) == {:ok, :filtered} end Task.await(task) diff --git a/test/upload/filter/mogrify_test.exs b/test/upload/filter/mogrify_test.exs index 62ca30487..bf64b96b3 100644 --- a/test/upload/filter/mogrify_test.exs +++ b/test/upload/filter/mogrify_test.exs @@ -33,7 +33,7 @@ test "apply mogrify filter" do custom: fn _m, _a -> :ok end, custom: fn m, a, o -> send(task.pid, {:apply_filter, {m, a, o}}) end, save: fn _f, _o -> :ok end do - assert Filter.Mogrify.filter(upload) == :ok + assert Filter.Mogrify.filter(upload) == {:ok, :filtered} end Task.await(task) From 3a98960c2684229435c5d04e4f3e0611098ceea2 Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@FreeBSD.org> Date: Fri, 4 Sep 2020 17:50:16 -0500 Subject: [PATCH 115/264] Verify webp files are not processed with exiftool --- test/upload/filter/exiftool_test.exs | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/test/upload/filter/exiftool_test.exs b/test/upload/filter/exiftool_test.exs index 094253a25..fe24036d9 100644 --- a/test/upload/filter/exiftool_test.exs +++ b/test/upload/filter/exiftool_test.exs @@ -30,4 +30,15 @@ test "apply exiftool filter" do assert String.match?(exif_original, ~r/GPS/) refute String.match?(exif_filtered, ~r/GPS/) end + + test "verify webp files are skipped" do + upload = %Pleroma.Upload{ + name: "sample.webp", + content_type: "image/webp", + path: Path.absname("/dev/null"), + tempfile: Path.absname("/dev/null") + } + + assert Filter.Exiftool.filter(upload) == {:ok, :noop} + end end From 216c84a8f4d82649110ffaa2bc9d02b879805c5f Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@FreeBSD.org> Date: Fri, 4 Sep 2020 17:56:05 -0500 Subject: [PATCH 116/264] Bypass the filter based on content-type as well in case a webp image is uploaded with the wrong file extension. --- lib/pleroma/upload/filter/exiftool.ex | 5 ++++- test/upload/filter/exiftool_test.exs | 10 +++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/upload/filter/exiftool.ex b/lib/pleroma/upload/filter/exiftool.ex index 94d12c01b..b07a671ac 100644 --- a/lib/pleroma/upload/filter/exiftool.ex +++ b/lib/pleroma/upload/filter/exiftool.ex @@ -10,8 +10,11 @@ defmodule Pleroma.Upload.Filter.Exiftool do @behaviour Pleroma.Upload.Filter @spec filter(Pleroma.Upload.t()) :: {:ok, any()} | {:error, String.t()} + + # webp is not compatible with exiftool at this time + def filter(%Pleroma.Upload{content_type: "image/webp"}), do: {:ok, :noop} + def filter(%Pleroma.Upload{name: file, tempfile: path, content_type: "image" <> _}) do - # webp is not compatible with exiftool at this time if Regex.match?(~r/\.(webp)$/i, file) do {:ok, :noop} else diff --git a/test/upload/filter/exiftool_test.exs b/test/upload/filter/exiftool_test.exs index fe24036d9..84a3f8b30 100644 --- a/test/upload/filter/exiftool_test.exs +++ b/test/upload/filter/exiftool_test.exs @@ -34,11 +34,15 @@ test "apply exiftool filter" do test "verify webp files are skipped" do upload = %Pleroma.Upload{ name: "sample.webp", - content_type: "image/webp", - path: Path.absname("/dev/null"), - tempfile: Path.absname("/dev/null") + content_type: "image/webp" + } + + bad_type = %Pleroma.Upload{ + name: "sample.webp", + content_type: "image/jpeg" } assert Filter.Exiftool.filter(upload) == {:ok, :noop} + assert Filter.Exiftool.filter(bad_type) == {:ok, :noop} end end From 4ea07f74e9416da8f97a12cfdc24da82e1c00d91 Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@FreeBSD.org> Date: Fri, 4 Sep 2020 22:18:01 -0500 Subject: [PATCH 117/264] Revert/simplify. We only need to check the content-type. There's no chance a webp file will get mismatched as another image type. --- lib/pleroma/upload/filter/exiftool.ex | 16 ++++------------ test/upload/filter/exiftool_test.exs | 6 ------ 2 files changed, 4 insertions(+), 18 deletions(-) diff --git a/lib/pleroma/upload/filter/exiftool.ex b/lib/pleroma/upload/filter/exiftool.ex index b07a671ac..1fd0cfdaa 100644 --- a/lib/pleroma/upload/filter/exiftool.ex +++ b/lib/pleroma/upload/filter/exiftool.ex @@ -14,19 +14,9 @@ defmodule Pleroma.Upload.Filter.Exiftool do # webp is not compatible with exiftool at this time def filter(%Pleroma.Upload{content_type: "image/webp"}), do: {:ok, :noop} - def filter(%Pleroma.Upload{name: file, tempfile: path, content_type: "image" <> _}) do - if Regex.match?(~r/\.(webp)$/i, file) do - {:ok, :noop} - else - strip_exif(path) - end - end - - def filter(_), do: {:ok, :noop} - - defp strip_exif(path) do + def filter(%Pleroma.Upload{tempfile: file, content_type: "image" <> _}) do try do - case System.cmd("exiftool", ["-overwrite_original", "-gps:all=", path], parallelism: true) do + case System.cmd("exiftool", ["-overwrite_original", "-gps:all=", file], parallelism: true) do {_response, 0} -> {:ok, :filtered} {error, 1} -> {:error, error} end @@ -35,4 +25,6 @@ defp strip_exif(path) do {:error, "exiftool command not found"} end end + + def filter(_), do: {:ok, :noop} end diff --git a/test/upload/filter/exiftool_test.exs b/test/upload/filter/exiftool_test.exs index 84a3f8b30..d4cd4ba11 100644 --- a/test/upload/filter/exiftool_test.exs +++ b/test/upload/filter/exiftool_test.exs @@ -37,12 +37,6 @@ test "verify webp files are skipped" do content_type: "image/webp" } - bad_type = %Pleroma.Upload{ - name: "sample.webp", - content_type: "image/jpeg" - } - assert Filter.Exiftool.filter(upload) == {:ok, :noop} - assert Filter.Exiftool.filter(bad_type) == {:ok, :noop} end end From 0f27211dd0b9177abf0eb8b10665c6351f07756a Mon Sep 17 00:00:00 2001 From: rinpatch <rinpatch@sdf.org> Date: Tue, 8 Sep 2020 12:28:38 +0300 Subject: [PATCH 118/264] CHANGELOG.md: move the exiftool webp entry to a proper section Also clarify how it was fixed --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cfe0651c8..527df8438 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Fixed - Possible OOM errors with the default HTTP adapter +- Fixed uploading webp images when the Exiftool Upload Filter is enabled by skipping them - Mastodon API: Search parameter `following` now correctly returns the followings rather than the followers - Mastodon API: Timelines hanging for (`number of posts with links * rich media timeout`) in the worst case. Reduced to just rich media timeout. @@ -138,7 +139,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fix whole_word always returning false on filter get requests - Migrations not working on OTP releases if the database was connected over ssl - Fix relay following -- Fixed uploading webp images when the Exiftool Upload Filter is enabled ## [2.0.7] - 2020-06-13 From 7215563641e2a5096293128519d6a454aabc46f2 Mon Sep 17 00:00:00 2001 From: Alibek Omarov <a1ba.omarov@gmail.com> Date: Tue, 8 Sep 2020 11:32:46 +0000 Subject: [PATCH 119/264] description.exs: add ForceBotUnlistedPolicy --- config/description.exs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/config/description.exs b/config/description.exs index 18c133f02..2191e8d6d 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1669,6 +1669,15 @@ } ] }, + %{ + group: :pleroma, + key: :mrf_force_bot_unlisted, + tab: :mrf, + related_policy: "Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy", + label: "MRF Force Bot Unlisted Policy", + type: :boolean, + description: "Makes bot posts to disappear from public timelines" + }, %{ group: :pleroma, key: :mrf_subchain, From efff2caccccae76dd749df67322c61a70957268b Mon Sep 17 00:00:00 2001 From: Alibek Omarov <a1ba.omarov@gmail.com> Date: Tue, 8 Sep 2020 11:34:04 +0000 Subject: [PATCH 120/264] docs: cheatsheet: add ForceBotUnlistedPolicy --- docs/configuration/cheatsheet.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index a9a650fab..2ca4d7351 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -115,6 +115,7 @@ To add configuration to your config file, you can copy it from the base config. * `Pleroma.Web.ActivityPub.MRF.VocabularyPolicy`: Restricts activities to a configured set of vocabulary. (See [`:mrf_vocabulary`](#mrf_vocabulary)). * `Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy`: Rejects or delists posts based on their age when received. (See [`:mrf_object_age`](#mrf_object_age)). * `Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicy`: Sets a default expiration on all posts made by users of the local instance. Requires `Pleroma.ActivityExpiration` to be enabled for processing the scheduled delections. + * `Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy`: Makes all bot posts to disappear from public timelines. * `transparency`: Make the content of your Message Rewrite Facility settings public (via nodeinfo). * `transparency_exclusions`: Exclude specific instance names from MRF transparency. The use of the exclusions feature will be disclosed in nodeinfo as a boolean value. From 5d814f739cd2bb55822e0cfdb9ad2526d10482bb Mon Sep 17 00:00:00 2001 From: Alibek Omarov <a1ba.omarov@gmail.com> Date: Tue, 8 Sep 2020 11:35:34 +0000 Subject: [PATCH 121/264] changelog: add ForceBotUnlistedPolicy --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 46f1e859b..1b1ea02ac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Added + +- MRF policy to rewrite bot posts scope from public to unlisted + ### Removed - **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`. From bb0d7b7aaad4f441a14c94c56081ec30c96ea799 Mon Sep 17 00:00:00 2001 From: Mark Felder <feld@FreeBSD.org> Date: Tue, 8 Sep 2020 09:31:47 -0500 Subject: [PATCH 122/264] Revert "description.exs: add ForceBotUnlistedPolicy" This reverts commit 7215563641e2a5096293128519d6a454aabc46f2. --- config/description.exs | 9 --------- 1 file changed, 9 deletions(-) diff --git a/config/description.exs b/config/description.exs index d9f9b6b84..eac97ad64 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1669,15 +1669,6 @@ } ] }, - %{ - group: :pleroma, - key: :mrf_force_bot_unlisted, - tab: :mrf, - related_policy: "Pleroma.Web.ActivityPub.MRF.ForceBotUnlistedPolicy", - label: "MRF Force Bot Unlisted Policy", - type: :boolean, - description: "Makes bot posts to disappear from public timelines" - }, %{ group: :pleroma, key: :mrf_subchain, From 788dececff5d1cea48cf37e59d9a46b48e0db6ed Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me> Date: Tue, 8 Sep 2020 16:08:01 +0200 Subject: [PATCH 123/264] test: remove extraneous :instances_favicons config bits --- config/test.exs | 2 -- test/web/instances/instance_test.exs | 2 -- 2 files changed, 4 deletions(-) diff --git a/config/test.exs b/config/test.exs index e9c2273e8..0ee6f1b7f 100644 --- a/config/test.exs +++ b/config/test.exs @@ -114,8 +114,6 @@ config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: true -config :pleroma, :instances_favicons, enabled: false - config :pleroma, Pleroma.Uploaders.S3, bucket: nil, streaming_enabled: true, diff --git a/test/web/instances/instance_test.exs b/test/web/instances/instance_test.exs index 5d4efcebe..dc6ace843 100644 --- a/test/web/instances/instance_test.exs +++ b/test/web/instances/instance_test.exs @@ -112,8 +112,6 @@ test "Scrapes favicon URLs" do end test "Returns nil on too long favicon URLs" do - clear_config([:instances_favicons, :enabled], true) - long_favicon_url = "https://Lorem.ipsum.dolor.sit.amet/consecteturadipiscingelit/Praesentpharetrapurusutaliquamtempus/Mauriseulaoreetarcu/atfacilisisorci/Nullamporttitor/nequesedfeugiatmollis/dolormagnaefficiturlorem/nonpretiumsapienorcieurisus/Nullamveleratsem/Maecenassedaccumsanexnam/favicon.png" From f6723dc9bd4f05319835158be9937dda4400feb9 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me> Date: Tue, 8 Sep 2020 15:47:20 +0200 Subject: [PATCH 124/264] account_view_test: Remove empty test --- test/web/mastodon_api/views/account_view_test.exs | 3 --- 1 file changed, 3 deletions(-) diff --git a/test/web/mastodon_api/views/account_view_test.exs b/test/web/mastodon_api/views/account_view_test.exs index 68a5d0091..9f22f9dcf 100644 --- a/test/web/mastodon_api/views/account_view_test.exs +++ b/test/web/mastodon_api/views/account_view_test.exs @@ -116,9 +116,6 @@ test "is nil when :instances_favicons is disabled", %{user: user} do end end - test "Favicon when :instance_favicons is enabled" do - end - test "Represent the user account for the account owner" do user = insert(:user) From fd7e9bdd25ad05eb6fca109be3b0fe5fa01a71bb Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Tue, 8 Sep 2020 17:12:38 +0300 Subject: [PATCH 125/264] don't run async tests, which use Mock --- test/plugs/admin_secret_authentication_plug_test.exs | 2 +- test/plugs/oauth_scopes_plug_test.exs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/plugs/admin_secret_authentication_plug_test.exs b/test/plugs/admin_secret_authentication_plug_test.exs index 89df03c4b..14094eda8 100644 --- a/test/plugs/admin_secret_authentication_plug_test.exs +++ b/test/plugs/admin_secret_authentication_plug_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do - use Pleroma.Web.ConnCase, async: true + use Pleroma.Web.ConnCase import Mock import Pleroma.Factory diff --git a/test/plugs/oauth_scopes_plug_test.exs b/test/plugs/oauth_scopes_plug_test.exs index 884de7b4d..334316043 100644 --- a/test/plugs/oauth_scopes_plug_test.exs +++ b/test/plugs/oauth_scopes_plug_test.exs @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Plugs.OAuthScopesPlugTest do - use Pleroma.Web.ConnCase, async: true + use Pleroma.Web.ConnCase alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.Repo From 87d2805791e1dd6746009e8c1445719e8cbfd31d Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov <alex.strizhakov@gmail.com> Date: Tue, 8 Sep 2020 17:29:28 +0300 Subject: [PATCH 126/264] combo fixes --- lib/pleroma/stats.ex | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pleroma/stats.ex b/lib/pleroma/stats.ex index e7f8d272c..e5c9c668b 100644 --- a/lib/pleroma/stats.ex +++ b/lib/pleroma/stats.ex @@ -23,6 +23,7 @@ def start_link(_) do @impl true def init(_args) do + if Pleroma.Config.get(:env) == :test, do: :ok = Ecto.Adapters.SQL.Sandbox.checkout(Repo) {:ok, nil, {:continue, :calculate_stats}} end From ee0e05f9301e149c769f36bfd0fc8527ec7b6326 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me> Date: Tue, 8 Sep 2020 10:43:57 +0200 Subject: [PATCH 127/264] Drop unused "inReplyToAtomUri" in objects --- lib/pleroma/web/activity_pub/transmogrifier.ex | 4 +--- test/web/activity_pub/transmogrifier_test.exs | 14 ++++---------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 0831efadc..af4384213 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -168,7 +168,6 @@ def fix_in_reply_to(object, options \\ []) def fix_in_reply_to(%{"inReplyTo" => in_reply_to} = object, options) when not is_nil(in_reply_to) do in_reply_to_id = prepare_in_reply_to(in_reply_to) - object = Map.put(object, "inReplyToAtomUri", in_reply_to_id) depth = (options[:depth] || 0) + 1 if Federator.allowed_thread_distance?(depth) do @@ -176,9 +175,8 @@ def fix_in_reply_to(%{"inReplyTo" => in_reply_to} = object, options) %Activity{} <- Activity.get_create_by_object_ap_id(replied_object.data["id"]) do object |> Map.put("inReplyTo", replied_object.data["id"]) - |> Map.put("inReplyToAtomUri", object["inReplyToAtomUri"] || in_reply_to_id) |> Map.put("context", replied_object.data["context"] || object["conversation"]) - |> Map.drop(["conversation"]) + |> Map.drop(["conversation", "inReplyToAtomUri"]) else e -> Logger.warn("Couldn't fetch #{inspect(in_reply_to_id)}, error: #{inspect(e)}") diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index 3fa41b0c7..6e096e9ec 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -116,7 +116,8 @@ test "it fetches reply-to activities if we don't have them" do "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment" ) - assert returned_object.data["inReplyToAtomUri"] == "https://shitposter.club/notice/2827873" + assert returned_object.data["inReplyTo"] == + "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment" end test "it does not fetch reply-to activities beyond max replies depth limit" do @@ -140,8 +141,7 @@ test "it does not fetch reply-to activities beyond max replies depth limit" do "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment" ) - assert returned_object.data["inReplyToAtomUri"] == - "https://shitposter.club/notice/2827873" + assert returned_object.data["inReplyTo"] == "https://shitposter.club/notice/2827873" end end @@ -1072,7 +1072,7 @@ test "returns not modified object when hasn't containts inReplyTo field", %{data assert Transmogrifier.fix_in_reply_to(data) == data end - test "returns object with inReplyToAtomUri when denied incoming reply", %{data: data} do + test "returns object with inReplyTo when denied incoming reply", %{data: data} do Pleroma.Config.put([:instance, :federation_incoming_replies_max_depth], 0) object_with_reply = @@ -1080,26 +1080,22 @@ test "returns object with inReplyToAtomUri when denied incoming reply", %{data: modified_object = Transmogrifier.fix_in_reply_to(object_with_reply) assert modified_object["inReplyTo"] == "https://shitposter.club/notice/2827873" - assert modified_object["inReplyToAtomUri"] == "https://shitposter.club/notice/2827873" object_with_reply = Map.put(data["object"], "inReplyTo", %{"id" => "https://shitposter.club/notice/2827873"}) modified_object = Transmogrifier.fix_in_reply_to(object_with_reply) assert modified_object["inReplyTo"] == %{"id" => "https://shitposter.club/notice/2827873"} - assert modified_object["inReplyToAtomUri"] == "https://shitposter.club/notice/2827873" object_with_reply = Map.put(data["object"], "inReplyTo", ["https://shitposter.club/notice/2827873"]) modified_object = Transmogrifier.fix_in_reply_to(object_with_reply) assert modified_object["inReplyTo"] == ["https://shitposter.club/notice/2827873"] - assert modified_object["inReplyToAtomUri"] == "https://shitposter.club/notice/2827873" object_with_reply = Map.put(data["object"], "inReplyTo", []) modified_object = Transmogrifier.fix_in_reply_to(object_with_reply) assert modified_object["inReplyTo"] == [] - assert modified_object["inReplyToAtomUri"] == "" end @tag capture_log: true @@ -1117,8 +1113,6 @@ test "returns modified object when allowed incoming reply", %{data: data} do assert modified_object["inReplyTo"] == "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment" - assert modified_object["inReplyToAtomUri"] == "https://shitposter.club/notice/2827873" - assert modified_object["context"] == "tag:shitposter.club,2017-05-05:objectType=thread:nonce=3c16e9c2681f6d26" end From 921f926e96fd07131d4b79f5a29caed17ae2cc56 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me> Date: Tue, 8 Sep 2020 09:13:11 +0200 Subject: [PATCH 128/264] Remove OStatus in testsuite --- lib/pleroma/object/containment.ex | 7 - test/fixtures/23211.atom | 508 ------------- test/fixtures/cw_retweet.xml | 68 -- test/fixtures/delete.xml | 39 - test/fixtures/dm.xml | 27 - test/fixtures/favorite.xml | 65 -- test/fixtures/favorite_with_local_note.xml | 64 -- test/fixtures/follow.xml | 68 -- test/fixtures/incoming_note_activity.xml | 42 - .../incoming_note_activity_answer.xml | 42 - test/fixtures/incoming_reply_mastodon.xml | 29 - .../incoming_websub_gnusocial_attachments.xml | 59 -- test/fixtures/lambadalambda.atom | 479 ------------ test/fixtures/mastodon-note-cw.xml | 39 - test/fixtures/mastodon-note-unlisted.xml | 38 - test/fixtures/mastodon-problematic.xml | 72 -- test/fixtures/mastodon_conversation.xml | 30 - test/fixtures/nil_mention_entry.xml | 52 -- test/fixtures/ostatus_incoming_post.xml | 57 -- test/fixtures/ostatus_incoming_post_tag.xml | 59 -- test/fixtures/ostatus_incoming_reply.xml | 60 -- test/fixtures/share-gs-local.xml | 99 --- test/fixtures/share-gs.xml | 99 --- test/fixtures/share.xml | 54 -- test/fixtures/tesla_mock/7369654.atom | 44 -- test/fixtures/tesla_mock/atarifrosch_feed.xml | 473 ------------ test/fixtures/tesla_mock/emelie.atom | 306 -------- ....php_api_statuses_user_timeline_1.atom.xml | 460 ----------- .../https___mamot.fr_users_Skruyb.atom | 342 --------- ...__mastodon.social_users_lambadalambda.atom | 464 ----------- .../https___pawoo.net_users_pekorino.atom | 231 ------ ...leroma.soykaf.com_users_lain_feed.atom.xml | 1 - ...er.club_api_statuses_show_2827873.atom.xml | 54 -- ...club_api_statuses_user_timeline_1.atom.xml | 454 ----------- ...ttps___shitposter.club_notice_2827873.json | 1 - ..._api_statuses_user_timeline_23211.atom.xml | 591 -------------- ..._api_statuses_user_timeline_29191.atom.xml | 719 ------------------ test/fixtures/tesla_mock/sakamoto.atom | 1 - .../tesla_mock/sakamoto_eal_feed.atom | 1 - .../tesla_mock/shp@pleroma.soykaf.com.feed | 1 - test/fixtures/tesla_mock/spc_5381.atom | 438 ----------- test/fixtures/unfollow.xml | 68 -- test/support/http_request_mock.ex | 174 ----- test/web/activity_pub/transmogrifier_test.exs | 16 +- .../controllers/search_controller_test.exs | 12 +- 45 files changed, 15 insertions(+), 6992 deletions(-) delete mode 100644 test/fixtures/23211.atom delete mode 100644 test/fixtures/cw_retweet.xml delete mode 100644 test/fixtures/delete.xml delete mode 100644 test/fixtures/dm.xml delete mode 100644 test/fixtures/favorite.xml delete mode 100644 test/fixtures/favorite_with_local_note.xml delete mode 100644 test/fixtures/follow.xml delete mode 100644 test/fixtures/incoming_note_activity.xml delete mode 100644 test/fixtures/incoming_note_activity_answer.xml delete mode 100644 test/fixtures/incoming_reply_mastodon.xml delete mode 100644 test/fixtures/incoming_websub_gnusocial_attachments.xml delete mode 100644 test/fixtures/lambadalambda.atom delete mode 100644 test/fixtures/mastodon-note-cw.xml delete mode 100644 test/fixtures/mastodon-note-unlisted.xml delete mode 100644 test/fixtures/mastodon-problematic.xml delete mode 100644 test/fixtures/mastodon_conversation.xml delete mode 100644 test/fixtures/nil_mention_entry.xml delete mode 100644 test/fixtures/ostatus_incoming_post.xml delete mode 100644 test/fixtures/ostatus_incoming_post_tag.xml delete mode 100644 test/fixtures/ostatus_incoming_reply.xml delete mode 100644 test/fixtures/share-gs-local.xml delete mode 100644 test/fixtures/share-gs.xml delete mode 100644 test/fixtures/share.xml delete mode 100644 test/fixtures/tesla_mock/7369654.atom delete mode 100644 test/fixtures/tesla_mock/atarifrosch_feed.xml delete mode 100644 test/fixtures/tesla_mock/emelie.atom delete mode 100644 test/fixtures/tesla_mock/http__gs.example.org_index.php_api_statuses_user_timeline_1.atom.xml delete mode 100644 test/fixtures/tesla_mock/https___mamot.fr_users_Skruyb.atom delete mode 100644 test/fixtures/tesla_mock/https___mastodon.social_users_lambadalambda.atom delete mode 100644 test/fixtures/tesla_mock/https___pawoo.net_users_pekorino.atom delete mode 100644 test/fixtures/tesla_mock/https___pleroma.soykaf.com_users_lain_feed.atom.xml delete mode 100644 test/fixtures/tesla_mock/https___shitposter.club_api_statuses_show_2827873.atom.xml delete mode 100644 test/fixtures/tesla_mock/https___shitposter.club_api_statuses_user_timeline_1.atom.xml delete mode 100644 test/fixtures/tesla_mock/https___shitposter.club_notice_2827873.json delete mode 100644 test/fixtures/tesla_mock/https___social.heldscal.la_api_statuses_user_timeline_23211.atom.xml delete mode 100644 test/fixtures/tesla_mock/https___social.heldscal.la_api_statuses_user_timeline_29191.atom.xml delete mode 100644 test/fixtures/tesla_mock/sakamoto.atom delete mode 100644 test/fixtures/tesla_mock/sakamoto_eal_feed.atom delete mode 100644 test/fixtures/tesla_mock/shp@pleroma.soykaf.com.feed delete mode 100644 test/fixtures/tesla_mock/spc_5381.atom delete mode 100644 test/fixtures/unfollow.xml diff --git a/lib/pleroma/object/containment.ex b/lib/pleroma/object/containment.ex index bc88e8a0c..29cb3d672 100644 --- a/lib/pleroma/object/containment.ex +++ b/lib/pleroma/object/containment.ex @@ -44,13 +44,6 @@ def get_object(_) do nil end - # TODO: We explicitly allow 'tag' URIs through, due to references to legacy OStatus - # objects being present in the test suite environment. Once these objects are - # removed, please also remove this. - if Mix.env() == :test do - defp compare_uris(_, %URI{scheme: "tag"}), do: :ok - end - defp compare_uris(%URI{host: host} = _id_uri, %URI{host: host} = _other_uri), do: :ok defp compare_uris(_id_uri, _other_uri), do: :error diff --git a/test/fixtures/23211.atom b/test/fixtures/23211.atom deleted file mode 100644 index d5d111baa..000000000 --- a/test/fixtures/23211.atom +++ /dev/null @@ -1,508 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<feed xml:lang="en-US" xmlns="http://www.w3.org/2005/Atom" xmlns:thr="http://purl.org/syndication/thread/1.0" xmlns:georss="http://www.georss.org/georss" xmlns:activity="http://activitystrea.ms/spec/1.0/" xmlns:media="http://purl.org/syndication/atommedia" xmlns:poco="http://portablecontacts.net/spec/1.0" xmlns:ostatus="http://ostatus.org/schema/1.0" xmlns:statusnet="http://status.net/schema/api/1/"> - <generator uri="https://gnu.io/social" version="1.0.2-dev">GNU social</generator> - <id>https://social.heldscal.la/api/statuses/user_timeline/23211.atom</id> - <title>lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-05-02T14:59:30+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:comment:2015260:2017-05-02T14:45:47+00:00 - Favorite - lambadalambda favorited something by godemperorofdune: <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> It's because your instance decided to be trap! lol.</p> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T14:45:47+00:00 - 2017-05-02T14:45:47+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:pawoo.net,2017-05-02:objectId=7397439:objectType=Status - New comment by godemperorofdune - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> It's because your instance decided to be trap! lol.</p> - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=136e244b26cdf1e9 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-05-02:noticeId=2015221:objectType=note - New note by lambadalambda - Some script thinks I'm a mastodon server.<br /> <br /> [info] GET /api/v1/timelines/public<br /> [debug] Processing with Fallback.RedirectController.redirector/2<br /> Parameters: %{&quot;limit&quot; =&gt; &quot;40&quot;, &quot;path&quot; =&gt; [&quot;api&quot;, &quot;v1&quot;, &quot;timelines&quot;, &quot;public&quot;]}<br /> Pipelines: [] - - - http://activitystrea.ms/schema/1.0/post - 2017-05-02T14:40:50+00:00 - 2017-05-02T14:40:50+00:00 - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=136e244b26cdf1e9 - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.heldscal.la,2017-05-02:noticeId=2014759:objectType=comment - New comment by lambadalambda - @<a href="https://mstdn.io/users/mattskala" class="h-card u-url p-nickname mention" title="Matthew Skala">mattskala</a> You and @<a href="https://mastodon.social/users/kevinmarks" class="h-card u-url p-nickname mention" title="Kevin Marks">kevinmarks</a> are not wrong, but my comment was a suggestion to users and admins: Don't use big instances, don't run big instances. Also, it's a secondary advice to devs: Don't add features that encourage big instances. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-02T14:11:54+00:00 - 2017-05-02T14:11:54+00:00 - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=58e32e013ab6487d - - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.heldscal.la,2017-05-02:noticeId=2014684:objectType=comment - New comment by lambadalambda - @<a href="https://mastodon.social/users/Ronkjeffries" class="h-card u-url p-nickname mention" title="Ron K Jeffries social">ronkjeffries</a> @<a href="https://xoxo.zone/users/KevinMarks" class="h-card u-url p-nickname mention" title="Kevin Marks ">kevinmarks</a> Usually people who run their own private instance just look at the timelines of other servers, follow a seed population and then go from there. This is of course hard on Mastodon, because it doesn't have a publicly visible timeline. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-02T14:07:00+00:00 - 2017-05-02T14:07:00+00:00 - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=58e32e013ab6487d - - - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:comment:2014584:2017-05-02T14:05:32+00:00 - Favorite - lambadalambda favorited something by mattskala: <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> It's reasonable to expect that instance sizes will obey a power-law distribution because that's what such things in nature nearly always do. If so, there'll necessarily be a few instances much larger than the others; even if most are small, the network both socially and technically has to be able to deal with the existence of the few large ones.</p> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T14:05:32+00:00 - 2017-05-02T14:05:32+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:mstdn.io,2017-05-02:objectId=1316931:objectType=Status - New comment by mattskala - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> It's reasonable to expect that instance sizes will obey a power-law distribution because that's what such things in nature nearly always do. If so, there'll necessarily be a few instances much larger than the others; even if most are small, the network both socially and technically has to be able to deal with the existence of the few large ones.</p> - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=58e32e013ab6487d - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:comment:2013568:2017-05-02T14:05:29+00:00 - Favorite - lambadalambda favorited something by kevinmarks: <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> except instance populations will be power law distributed, and the problems for the tummlers are worse at scale</p> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T14:05:29+00:00 - 2017-05-02T14:05:29+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:xoxo.zone,2017-05-02:objectId=89478:objectType=Status - New comment by kevinmarks - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> except instance populations will be power law distributed, and the problems for the tummlers are worse at scale</p> - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=58e32e013ab6487d - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:comment:2014060:2017-05-02T13:34:32+00:00 - Favorite - lambadalambda favorited something by gcarregues: <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> Oh purée ! Ma vie en images !</p> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T13:34:32+00:00 - 2017-05-02T13:34:32+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:mastodon.etalab.gouv.fr,2017-05-02:objectId=55287:objectType=Status - New comment by gcarregues - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> Oh purée ! Ma vie en images !</p> - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=2c27c27df8ec4dcc - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:note:2013573:2017-05-02T13:03:33+00:00 - Favorite - lambadalambda favorited something by phildobangnz: also @<a href="https://sealion.club/user/579" class="h-card mention" title="Sim Bot">sim</a> reminder you are awesome; don't even trip- u kewler than Tutankhamen's cucumber, fam. Okay, good night. - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T13:03:33+00:00 - 2017-05-02T13:03:33+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:sealion.club,2017-05-02:noticeId=3060818:objectType=note - New note by phildobangnz - also @<a href="https://sealion.club/user/579" class="h-card mention" title="Sim Bot">sim</a> reminder you are awesome; don't even trip- u kewler than Tutankhamen's cucumber, fam. Okay, good night. - - - - - - - https://sealion.club/conversation/1633267 - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.heldscal.la,2017-05-02:noticeId=2013586:objectType=comment - New comment by lambadalambda - @<a href="https://xoxo.zone/users/KevinMarks" class="h-card u-url p-nickname mention" title="Kevin Marks ">kevinmarks</a> People can stay in their giant unmoderatable instances with meaningless public and federated timelines and experience constant federation drama if they want. I'll stay here with my 5 friends. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-02T12:54:59+00:00 - 2017-05-02T12:54:59+00:00 - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=58e32e013ab6487d - - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:note:2013486:2017-05-02T12:46:48+00:00 - Favorite - lambadalambda favorited something by fortune: There once was a dentist named Stone<br /> Who saw all his patients alone.<br /> In a fit of depravity<br /> He filled the wrong cavity,<br /> And my, how his practice has grown! - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T12:46:48+00:00 - 2017-05-02T12:46:48+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:gs.kawa-kun.com,2017-05-02:noticeId=1655658:objectType=note - New note by fortune - There once was a dentist named Stone<br /> Who saw all his patients alone.<br /> In a fit of depravity<br /> He filled the wrong cavity,<br /> And my, how his practice has grown! - - - - - - - https://gs.kawa-kun.com/conversation/714072 - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:note:2013365:2017-05-02T12:37:55+00:00 - Favorite - lambadalambda favorited something by xj9: <p>&gt; rollerblading to work</p> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T12:37:55+00:00 - 2017-05-02T12:37:55+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:sunshinegardens.org,2017-05-02:objectId=61020:objectType=Status - New note by xj9 - <p>&gt; rollerblading to work</p> - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=5a0e98612f634218 - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:comment:2013259:2017-05-02T12:29:03+00:00 - Favorite - lambadalambda favorited something by cereal: @<a href="https://gs.smuglo.li/user/28250" class="h-card mention" title="Bricky">thatbrickster</a> @<a href="https://social.heldscal.la/user/23211" class="h-card mention" title="Constance Variable">lambadalambda</a> But why? - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T12:29:03+00:00 - 2017-05-02T12:29:03+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:sealion.club,2017-05-02:noticeId=3059985:objectType=comment - New comment by cereal - @<a href="https://gs.smuglo.li/user/28250" class="h-card mention" title="Bricky">thatbrickster</a> @<a href="https://social.heldscal.la/user/23211" class="h-card mention" title="Constance Variable">lambadalambda</a> But why? - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=2c27c27df8ec4dcc - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:comment:2013227:2017-05-02T12:24:27+00:00 - Favorite - lambadalambda favorited something by thatbrickster: @<a href="https://social.heldscal.la/user/23211" class="h-card u-url p-nickname mention" title="Constance Variable">lambadalambda</a> install gentoo - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T12:24:27+00:00 - 2017-05-02T12:24:27+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:gs.smuglo.li,2017-05-02:noticeId=2144296:objectType=comment - New comment by thatbrickster - @<a href="https://social.heldscal.la/user/23211" class="h-card u-url p-nickname mention" title="Constance Variable">lambadalambda</a> install gentoo - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=2c27c27df8ec4dcc - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:comment:2013213:2017-05-02T12:22:53+00:00 - Favorite - lambadalambda favorited something by dwmatiz: @<a href="https://social.heldscal.la/user/23211" class="h-card mention">lambadalambda</a> *unzips dick* - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T12:22:53+00:00 - 2017-05-02T12:22:53+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:sealion.club,2017-05-02:noticeId=3059800:objectType=comment - New comment by dwmatiz - @<a href="https://social.heldscal.la/user/23211" class="h-card mention">lambadalambda</a> *unzips dick* - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=2c27c27df8ec4dcc - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:comment:2013199:2017-05-02T12:22:03+00:00 - Favorite - lambadalambda favorited something by shpuld: @<a href="https://social.heldscal.la/user/23211" class="h-card mention" title="Constance Variable">lambadalambda</a> get #<span class="tag"><a href="https://shitposter.club/tag/cofe" rel="tag">cofe</a></span> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T12:22:03+00:00 - 2017-05-02T12:22:03+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-02:noticeId=2783524:objectType=comment - New comment by shpuld - @<a href="https://social.heldscal.la/user/23211" class="h-card mention" title="Constance Variable">lambadalambda</a> get #<span class="tag"><a href="https://shitposter.club/tag/cofe" rel="tag">cofe</a></span> - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=2c27c27df8ec4dcc - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-05-02:noticeId=2013185:objectType=note - New note by lambadalambda - What now? <a href="https://social.heldscal.la/file/e4822d95de677757ff50d49672a4046c83218b76c04a0ad5e5f1f0a9a9eb1a74.gif" title="https://social.heldscal.la/file/e4822d95de677757ff50d49672a4046c83218b76c04a0ad5e5f1f0a9a9eb1a74.gif" rel="nofollow external noreferrer" class="attachment" id="attachment-422572">https://social.heldscal.la/attachment/422572</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-05-02T12:21:04+00:00 - 2017-05-02T12:21:04+00:00 - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=2c27c27df8ec4dcc - - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:note:2012929:2017-05-02T12:01:25+00:00 - Favorite - lambadalambda favorited something by drkmttr: <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> I checked out No Agenda because I saw you mention it several time. Sadly, I wasn't impressed. I'm all about varying perspectives but Adam and John basically just sound like resentful curmudgeons. It seems like their shtick is basically playing devil's advocate to everything to arouse some discontent. Just my two cents. 😉</p> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T12:01:25+00:00 - 2017-05-02T12:01:25+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:mstdn.io,2017-05-02:objectId=1310093:objectType=Status - New note by drkmttr - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> I checked out No Agenda because I saw you mention it several time. Sadly, I wasn't impressed. I'm all about varying perspectives but Adam and John basically just sound like resentful curmudgeons. It seems like their shtick is basically playing devil's advocate to everything to arouse some discontent. Just my two cents. 😉</p> - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=2f329b4eb20e83e2 - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:comment:2012336:2017-05-02T11:06:42+00:00 - Favorite - lambadalambda favorited something by clacke: @<a href="https://mastodon.org.uk/users/dick_turpin" class="h-card u-url p-nickname mention" title="dick_turpin">dickturpin</a> @<a href="http://quitter.se/user/113503" class="h-card u-url p-nickname mention" title="Luke">luke</a> Oh no, I miss being irritated by you, it helps me understand myself and others. Also it builds character. :-)<br /> <br /> So if this is not federation because you can't follow all of online mankind, what should we call it? Proto-federated? Pre-federated?<br /> <br /> The term has been used decades ago for just one Microsoft Active Directory domain cross-certifying the root of another, by mutual agreement. I don't see how it's any less relevant to opportunistic federation between open servers on an open internet.<br /> <br /> I'm not saying we should be satisfied, I'm just saying that "federate" is a useful word and to build a big system we need to start with a small one. And focus on the things we *can* change, like helping the OStatus network grow and making the tools more useful.<br /> <br /> Saying that the network's ideals have failed because other networks aren't joining is doing neither of that. - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T11:06:42+00:00 - 2017-05-02T11:06:42+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:social.heldscal.la,2017-05-02:noticeId=2012336:objectType=comment - New comment by clacke - @<a href="https://mastodon.org.uk/users/dick_turpin" class="h-card u-url p-nickname mention" title="dick_turpin">dickturpin</a> @<a href="http://quitter.se/user/113503" class="h-card u-url p-nickname mention" title="Luke">luke</a> Oh no, I miss being irritated by you, it helps me understand myself and others. Also it builds character. :-)<br /> <br /> So if this is not federation because you can't follow all of online mankind, what should we call it? Proto-federated? Pre-federated?<br /> <br /> The term has been used decades ago for just one Microsoft Active Directory domain cross-certifying the root of another, by mutual agreement. I don't see how it's any less relevant to opportunistic federation between open servers on an open internet.<br /> <br /> I'm not saying we should be satisfied, I'm just saying that &quot;federate&quot; is a useful word and to build a big system we need to start with a small one. And focus on the things we *can* change, like helping the OStatus network grow and making the tools more useful.<br /> <br /> Saying that the network's ideals have failed because other networks aren't joining is doing neither of that. - - - - - - - https://s.wefamlee.be/conversation/16478 - - - - - - - tag:social.heldscal.la,2017-05-02:fave:23211:comment:2011332:2017-05-02T10:37:40+00:00 - Favorite - lambadalambda favorited something by moonman: @<a href="https://social.heldscal.la/user/23211" class="h-card mention" title="Constance Variable">lambadalambda</a> <a href="https://www.youtube.com/watch?v=mKLizztikRk" title="https://www.youtube.com/watch?v=mKLizztikRk" class="attachment" rel="nofollow">https://www.youtube.com/watch?v=mKLizztikRk</a> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-02T10:37:40+00:00 - 2017-05-02T10:37:40+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-02:noticeId=2781833:objectType=comment - New comment by moonman - @<a href="https://social.heldscal.la/user/23211" class="h-card mention" title="Constance Variable">lambadalambda</a> <a href="https://www.youtube.com/watch?v=mKLizztikRk" title="https://www.youtube.com/watch?v=mKLizztikRk" class="attachment" rel="nofollow">https://www.youtube.com/watch?v=mKLizztikRk</a> - - - - - - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=11d8b8c27d9513ec - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.heldscal.la,2017-05-02:noticeId=2012145:objectType=comment - New comment by lambadalambda - @<a href="https://sealion.club/user/186" class="h-card u-url p-nickname mention" title="I'M CEREAL U GUISE">cereal</a> ? No, you don't even need the identity servers for federation. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-02T10:37:33+00:00 - 2017-05-02T10:37:33+00:00 - - - - https://sealion.club/conversation/1629037 - - - - - - - diff --git a/test/fixtures/cw_retweet.xml b/test/fixtures/cw_retweet.xml deleted file mode 100644 index c99a569d7..000000000 --- a/test/fixtures/cw_retweet.xml +++ /dev/null @@ -1,68 +0,0 @@ - - - https://mastodon.social/users/lambadalambda.atom - Critical Value - - 2017-04-16T21:47:25Z - https://files.mastodon.social/accounts/avatars/000/000/264/original/1429214160519.gif - - https://mastodon.social/users/lambadalambda - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/lambadalambda - lambadalambda - lambadalambda@mastodon.social - - - - lambadalambda - Critical Value - public - - - - - - - tag:mastodon.social,2017-05-11:objectId=5647963:objectType=Status - 2017-05-11T10:23:15Z - 2017-05-11T10:23:15Z - lambadalambda shared a status by Skruyb@mamot.fr - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:mamot.fr,2017-05-10:objectId=1294943:objectType=Status - 2017-05-10T17:31:44Z - 2017-05-10T17:31:45Z - New status by Skruyb@mamot.fr - - https://mamot.fr/users/Skruyb - http://activitystrea.ms/schema/1.0/person - https://mamot.fr/users/Skruyb - Skruyb - Skruyb@mamot.fr - <p>Fr and En.<br>Posts will disappear on a regular basis.</p> - - - - Skruyb - The 7th Son - Fr and En.Posts will disappear on a regular basis. - public - - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - Hey. - <p><span class="h-card"><a href="https://mastodon.social/@lambadalambda">@<span>lambadalambda</span></a></span></p><p>Hey!!!</p> - - - public - - - - <p><span class="h-card"><a href="https://mastodon.social/@lambadalambda">@<span>lambadalambda</span></a></span></p><p>Hey!!!</p> - - public - - - - diff --git a/test/fixtures/delete.xml b/test/fixtures/delete.xml deleted file mode 100644 index 731e1c204..000000000 --- a/test/fixtures/delete.xml +++ /dev/null @@ -1,39 +0,0 @@ - - - https://mastodon.sdf.org/users/snowdusk.atom - snowdusk - Amateur live performance DJ/radio DJ on SDF's underground Internet radio http://aNONradio.net (LIVE Sat Sun Mon Tue 23:00-24:00 UTC) - http://snowdusk.sdf.org - 2017-06-17T04:14:34Z - https://mastodon.sdf.org/system/accounts/avatars/000/000/002/original/405a7652d5f60449.jpg?1497672873 - - https://mastodon.sdf.org/users/snowdusk - http://activitystrea.ms/schema/1.0/person - https://mastodon.sdf.org/users/snowdusk - snowdusk - snowdusk@mastodon.sdf.org - <p>Amateur live performance DJ/radio DJ on SDF&apos;s underground Internet radio <a href="http://anonradio.net/" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="">anonradio.net/</span><span class="invisible"></span></a> (LIVE Sat Sun Mon Tue 23:00-24:00 UTC) - <a href="http://snowdusk.sdf.org/" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="">snowdusk.sdf.org/</span><span class="invisible"></span></a></p> - - - - snowdusk - snowdusk - Amateur live performance DJ/radio DJ on SDF's underground Internet radio http://aNONradio.net (LIVE Sat Sun Mon Tue 23:00-24:00 UTC) - http://snowdusk.sdf.org - public - - - - - - - - tag:mastodon.sdf.org,2017-06-10:objectId=310513:objectType=Status - 2017-06-10T22:02:31Z - 2017-06-10T22:02:31Z - snowdusk deleted status - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/delete - Deleted status - - - - diff --git a/test/fixtures/dm.xml b/test/fixtures/dm.xml deleted file mode 100644 index d0b8aa811..000000000 --- a/test/fixtures/dm.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - tag:mastodon.social,2017-06-30:objectId=11260427:objectType=Status - 2017-06-30T13:27:47Z - 2017-06-30T13:27:47Z - New status by lambadalambda - - https://mastodon.social/users/lambadalambda - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/lambadalambda - lambadalambda - lambadalambda@mastodon.social - - - lambadalambda - Critical Value - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> Hey.</p> - - direct - - - - diff --git a/test/fixtures/favorite.xml b/test/fixtures/favorite.xml deleted file mode 100644 index c32b4a403..000000000 --- a/test/fixtures/favorite.xml +++ /dev/null @@ -1,65 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-05-05T09:12:53+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2061643:2017-05-05T09:12:50+00:00 - Favorite - lambadalambda favorited something by moonman: @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> @<a href="https://gs.smuglo.li/user/2326" class="h-card mention" title="Dolus_McHonest">dolus</a> childhood poring over Strong's concordance and a koine Greek dictionary, fast forward to 2017 and some fuckstick who translates japanese jackoff material tells me you just need to make it sound right in English - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T09:12:50+00:00 - 2017-05-05T09:12:50+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment - New comment by moonman - @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> @<a href="https://gs.smuglo.li/user/2326" class="h-card mention" title="Dolus_McHonest">dolus</a> childhood poring over Strong's concordance and a koine Greek dictionary, fast forward to 2017 and some fuckstick who translates japanese jackoff material tells me you just need to make it sound right in English - - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=55ead90125cd4bd4 - - - - - - diff --git a/test/fixtures/favorite_with_local_note.xml b/test/fixtures/favorite_with_local_note.xml deleted file mode 100644 index 3c955607d..000000000 --- a/test/fixtures/favorite_with_local_note.xml +++ /dev/null @@ -1,64 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-05-05T09:12:53+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2061643:2017-05-05T09:12:50+00:00 - Favorite - lambadalambda favorited something by moonman: @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> @<a href="https://gs.smuglo.li/user/2326" class="h-card mention" title="Dolus_McHonest">dolus</a> childhood poring over Strong's concordance and a koine Greek dictionary, fast forward to 2017 and some fuckstick who translates japanese jackoff material tells me you just need to make it sound right in English - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T09:12:50+00:00 - 2017-05-05T09:12:50+00:00 - - http://activitystrea.ms/schema/1.0/comment - localid - New comment by moonman - @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> @<a href="https://gs.smuglo.li/user/2326" class="h-card mention" title="Dolus_McHonest">dolus</a> childhood poring over Strong's concordance and a koine Greek dictionary, fast forward to 2017 and some fuckstick who translates japanese jackoff material tells me you just need to make it sound right in English - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=55ead90125cd4bd4 - - - - - - diff --git a/test/fixtures/follow.xml b/test/fixtures/follow.xml deleted file mode 100644 index d4e89954b..000000000 --- a/test/fixtures/follow.xml +++ /dev/null @@ -1,68 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-05-07T09:54:49+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - tag:social.heldscal.la,2017-05-07:subscription:23211:person:44803:2017-05-07T09:54:48+00:00 - Constance Variable (lambadalambda@social.heldscal.la)'s status on Sunday, 07-May-2017 09:54:49 UTC - <a href="https://social.heldscal.la/lambadalambda">Constance Variable</a> started following <a href="https://pawoo.net/@pekorino">mono</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-05-07T09:54:49+00:00 - 2017-05-07T09:54:49+00:00 - - http://activitystrea.ms/schema/1.0/person - https://pawoo.net/users/pekorino - mono - http://shitposter.club/mono 孤独のグルメ - - - - - pekorino - mono - http://shitposter.club/mono 孤独のグルメ - - - tag:social.heldscal.la,2017-05-07:objectType=thread:nonce=6e80caf94e03029f - - - - - - diff --git a/test/fixtures/incoming_note_activity.xml b/test/fixtures/incoming_note_activity.xml deleted file mode 100644 index 21eda2d30..000000000 --- a/test/fixtures/incoming_note_activity.xml +++ /dev/null @@ -1,42 +0,0 @@ - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-23:noticeId=29:objectType=note - New note by lambda - @<a href="http://pleroma.example.org:4000/users/lain3" class="h-card mention">lain3</a> - - - - - http://activitystrea.ms/schema/1.0/post - 2017-04-23T14:51:03+00:00 - 2017-04-23T14:51:03+00:00 - - http://activitystrea.ms/schema/1.0/person - http://gs.example.org:4040/index.php/user/1 - lambda - - - - - lambda - lambda - - - - - tag:gs.example.org:4040,2017-04-23:objectType=thread:nonce=f09e22f58abd5c7b - - - - http://gs.example.org:4040/index.php/api/statuses/user_timeline/1.atom - lambda - - - - http://gs.example.org:4040/theme/neo-gnu/default-avatar-profile.png - 2017-04-23T14:51:03+00:00 - - - - - diff --git a/test/fixtures/incoming_note_activity_answer.xml b/test/fixtures/incoming_note_activity_answer.xml deleted file mode 100644 index b1244faa6..000000000 --- a/test/fixtures/incoming_note_activity_answer.xml +++ /dev/null @@ -1,42 +0,0 @@ - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=55:objectType=note - New note by lambda - hey. - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T18:16:13+00:00 - 2017-04-25T18:16:13+00:00 - - http://activitystrea.ms/schema/1.0/person - http://gs.example.org:4040/index.php/user/1 - lambda - - - - - lambda - lambda - - - - - - - http://pleroma.example.org:4000/contexts/8f6f45d4-8e4d-4e1a-a2de-09f27367d2d0 - - - - http://gs.example.org:4040/index.php/api/statuses/user_timeline/1.atom - lambda - - - - http://gs.example.org:4040/theme/neo-gnu/default-avatar-profile.png - 2017-04-25T18:16:13+00:00 - - - - - diff --git a/test/fixtures/incoming_reply_mastodon.xml b/test/fixtures/incoming_reply_mastodon.xml deleted file mode 100644 index 8ee1186cc..000000000 --- a/test/fixtures/incoming_reply_mastodon.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - tag:mastodon.social,2017-05-02:objectId=4901603:objectType=Status - 2017-05-02T18:33:06Z - 2017-05-02T18:33:06Z - New status by lambadalambda - - https://mastodon.social/users/lambadalambda - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/lambadalambda - lambadalambda - lambadalambda@mastodon.social - - - - lambadalambda - Critical Value - public - - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> hey</p> - - - public - - - - diff --git a/test/fixtures/incoming_websub_gnusocial_attachments.xml b/test/fixtures/incoming_websub_gnusocial_attachments.xml deleted file mode 100644 index 9d331ef32..000000000 --- a/test/fixtures/incoming_websub_gnusocial_attachments.xml +++ /dev/null @@ -1,59 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-05-02T20:29:35+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-05-02:noticeId=2020923:objectType=note - New note by lambadalambda - Okay gonna stream some cool games!! <a href="https://social.heldscal.la/file/7ed5ee508e6376a6e3dd581e17e7ed0b7b638147c7e86784bf83abc2641ee3d4.gif" title="https://social.heldscal.la/file/7ed5ee508e6376a6e3dd581e17e7ed0b7b638147c7e86784bf83abc2641ee3d4.gif" rel="nofollow external noreferrer" class="attachment" id="attachment-423842">https://social.heldscal.la/attachment/423842</a> <a href="https://social.heldscal.la/file/4c209099cadfc5afd3e27a334aa0db96b3a7510dde1603305d68a2707e59a11f.png" title="https://social.heldscal.la/file/4c209099cadfc5afd3e27a334aa0db96b3a7510dde1603305d68a2707e59a11f.png" rel="nofollow external noreferrer" class="attachment" id="attachment-423843">https://social.heldscal.la/attachment/423843</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-05-02T20:29:35+00:00 - 2017-05-02T20:29:35+00:00 - - tag:social.heldscal.la,2017-05-02:objectType=thread:nonce=26c7afdcbcf4ebd4 - - - - - - - - diff --git a/test/fixtures/lambadalambda.atom b/test/fixtures/lambadalambda.atom deleted file mode 100644 index 964a416f7..000000000 --- a/test/fixtures/lambadalambda.atom +++ /dev/null @@ -1,479 +0,0 @@ - - - https://mastodon.social/users/lambadalambda.atom - Critical Value - - 2017-04-16T21:47:25Z - https://files.mastodon.social/accounts/avatars/000/000/264/original/1429214160519.gif?1492379244 - - https://mastodon.social/users/lambadalambda - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/lambadalambda - lambadalambda - lambadalambda@mastodon.social - a cool dude. - - - - lambadalambda - Critical Value - public - - - - - - - - tag:mastodon.social,2017-04-07:objectId=1874242:objectType=Status - 2017-04-07T11:02:56Z - 2017-04-07T11:02:56Z - lambadalambda shared a status by 0xroy@social.wxcafe.net - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:social.wxcafe.net,2017-04-07:objectId=72554:objectType=Status - 2017-04-07T11:01:59Z - 2017-04-07T11:02:00Z - New status by 0xroy@social.wxcafe.net - - https://social.wxcafe.net/users/0xroy - http://activitystrea.ms/schema/1.0/person - https://social.wxcafe.net/users/0xroy - 0xroy - 0xroy@social.wxcafe.net - ta caution weeb | discussions privées : <a href="https://💌.0xroy.me" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">💌.0xroy.me</span><span class="invisible"></span></a> - - - - 0xroy - 「R O Y 🍵 B O S」 - ta caution weeb | discussions privées : <a href="https://%F0%9F%92%8C.0xroy.me" rel="nofollow noopener"><span class="invisible">https://</span><span class="">💌.0xroy.me</span><span class="invisible"></span></a> - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>someone pls eli5 matrix (protocol) and riot</p> - - public - - - <p>someone pls eli5 matrix (protocol) and riot</p> - - public - - - - - tag:mastodon.social,2017-04-06:objectId=1768247:objectType=Status - 2017-04-06T11:10:19Z - 2017-04-06T11:10:19Z - lambadalambda shared a status by areyoutoo@mastodon.xyz - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:mastodon.xyz,2017-04-05:objectId=133327:objectType=Status - 2017-04-05T17:36:41Z - 2017-04-05T18:12:14Z - New status by areyoutoo@mastodon.xyz - - https://mastodon.xyz/users/areyoutoo - http://activitystrea.ms/schema/1.0/person - https://mastodon.xyz/users/areyoutoo - areyoutoo - areyoutoo@mastodon.xyz - devops | retired gamedev | always boost puppy pics - - - - areyoutoo - Raw Butter - devops | retired gamedev | always boost puppy pics - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>Some UX thoughts for <a href="https://mastodon.xyz/tags/mastodev" class="mention hashtag">#<span>mastodev</span></a>:</p><p>- Would be nice if I could work on multiple draft toots? Clicking to reply to someone seems to erase any draft I had been working on.</p><p>- Kinda risky to click on the Federated Timeline if it loads new toots and scrolls 10ms before I click on something.</p><p>I probably don't know enough web frontend to help, but it might be fun to try.</p> - - - public - - - <p>Some UX thoughts for <a href="https://mastodon.xyz/tags/mastodev" class="mention hashtag">#<span>mastodev</span></a>:</p><p>- Would be nice if I could work on multiple draft toots? Clicking to reply to someone seems to erase any draft I had been working on.</p><p>- Kinda risky to click on the Federated Timeline if it loads new toots and scrolls 10ms before I click on something.</p><p>I probably don't know enough web frontend to help, but it might be fun to try.</p> - - public - - - - - tag:mastodon.social,2017-04-06:objectId=1764509:objectType=Status - 2017-04-06T10:15:38Z - 2017-04-06T10:15:38Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - This is a test for cw federation - <p>This is a test for cw federation body text.</p> - - public - - - - - tag:mastodon.social,2017-04-05:objectId=1645208:objectType=Status - 2017-04-05T07:14:53Z - 2017-04-05T07:14:53Z - lambadalambda shared a status by lambadalambda@social.heldscal.la - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:social.heldscal.la,2017-04-05:noticeId=1502088:objectType=note - 2017-04-05T06:12:09Z - 2017-04-05T07:12:47Z - New status by lambadalambda@social.heldscal.la - - https://social.heldscal.la/user/23211 - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - lambadalambda@social.heldscal.la - Call me Deacon Blues. - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - Federation 101: <a href="https://www.youtube.com/watch?v=t1lYU5CA40o" rel="nofollow external noreferrer" class="attachment thumbnail">https://www.youtube.com/watch?v=t1lYU5CA40o</a> - - public - - - Federation 101: <a href="https://www.youtube.com/watch?v=t1lYU5CA40o" rel="nofollow external noreferrer" class="attachment thumbnail">https://www.youtube.com/watch?v=t1lYU5CA40o</a> - - public - - - - - tag:mastodon.social,2017-04-05:objectId=1641750:objectType=Status - 2017-04-05T05:44:48Z - 2017-04-05T05:44:48Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> just a test.</p> - - - public - - - - - tag:mastodon.social,2017-04-04:objectId=1540149:objectType=Status - 2017-04-04T06:31:09Z - 2017-04-04T06:31:09Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>Looks like you still can&apos;t delete your account here (PRIVACY!), but I won&apos;t be posting here anymore, my main account is <span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span></p> - - - public - - - - - tag:mastodon.social,2017-04-04:objectId=1539608:objectType=Status - 2017-04-04T06:18:16Z - 2017-04-04T06:18:16Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.social/@ghostbar" class="u-url mention">@<span>ghostbar</span></a></span> Remember to rewrite it in Rust once you&apos;re done.</p> - - - public - - - - - - tag:mastodon.social,2017-04-03:objectId=1504813:objectType=Status - 2017-04-03T18:01:20Z - 2017-04-03T18:01:20Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.xyz/@Azurolu" class="u-url mention">@<span>Azurolu</span></a></span> You mean gs.smuglo.li?</p> - - - public - - - - - - tag:mastodon.social,2017-04-03:objectId=1504805:objectType=Status - 2017-04-03T18:01:05Z - 2017-04-03T18:01:05Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>There&apos;s nothing wrong with having several alt accounts all across the fediverse. Try out another mastodon instance (<a href="https://icosahedron.website" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">icosahedron.website</span><span class="invisible"></span></a>) or a GNU Social instance (like <a href="https://shitposter.club" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">shitposter.club</span><span class="invisible"></span></a> or <a href="https://freezepeach.xyz" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">freezepeach.xyz</span><span class="invisible"></span></a>), or friendica. They are all on the same network, so you can still follow all your friends!</p> - - public - - - - - tag:mastodon.social,2017-04-03:objectId=1503965:objectType=Status - 2017-04-03T17:31:30Z - 2017-04-03T17:31:30Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.social/@20Hz" class="u-url mention">@<span>20Hz</span></a></span> you could also try out a GS instance, which are on the same network :)</p> - - - public - - - - - - tag:mastodon.social,2017-04-03:objectId=1503955:objectType=Status - 2017-04-03T17:31:08Z - 2017-04-03T17:31:08Z - lambadalambda shared a status by shpuld@shitposter.club - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:shitposter.club,2017-04-03:noticeId=2251717:objectType=note - 2017-04-03T17:06:43Z - 2017-04-03T17:12:06Z - New status by shpuld@shitposter.club - - https://shitposter.club/user/5381 - http://activitystrea.ms/schema/1.0/person - https://shitposter.club/user/5381 - shpuld - shpuld@shitposter.club - - - - - shpuld - shp - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - reposting the classic <a href="https://shitposter.club/file/89c5fe483526caf3a46cfc5cdd4ae68061054350e767397731af658d54786e31.jpg" class="attachment" rel="nofollow external">https://shitposter.club/attachment/219846</a> - - - public - - - reposting the classic <a href="https://shitposter.club/file/89c5fe483526caf3a46cfc5cdd4ae68061054350e767397731af658d54786e31.jpg" class="attachment" rel="nofollow external">https://shitposter.club/attachment/219846</a> - - public - - - - - tag:mastodon.social,2017-04-03:objectId=1503929:objectType=Status - 2017-04-03T17:30:43Z - 2017-04-03T17:30:43Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.social/@ghostbar" class="u-url mention">@<span>ghostbar</span></a></span> Normally you shouldn&apos;t be running tens of thousands of users on one instance... That&apos;s one of the reasons for federation.</p> - - - public - - - - - - tag:mastodon.social,2017-04-03:objectId=1477255:objectType=Status - 2017-04-03T08:24:39Z - 2017-04-03T08:24:39Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.social/@dot_tiff" class="u-url mention">@<span>dot_tiff</span></a></span> it&apos;s the vaporwave mode.</p> - - - public - - - - - - tag:mastodon.social,2017-04-03:objectId=1476210:objectType=Status - 2017-04-03T07:45:42Z - 2017-04-03T07:45:42Z - lambadalambda shared a status by lambadalambda@social.heldscal.la - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:social.heldscal.la,2017-04-03:noticeId=1475727:objectType=note - 2017-04-03T07:44:43Z - 2017-04-03T07:44:48Z - New status by lambadalambda@social.heldscal.la - - https://social.heldscal.la/user/23211 - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - lambadalambda@social.heldscal.la - Call me Deacon Blues. - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - Here's a song by the original anti-idol, Togawa Jun: <a href="https://www.youtube.com/watch?v=kNI_NK2YY-s" rel="nofollow external noreferrer" class="attachment">https://www.youtube.com/watch?v=kNI_NK2YY-s</a> - - public - - - Here's a song by the original anti-idol, Togawa Jun: <a href="https://www.youtube.com/watch?v=kNI_NK2YY-s" rel="nofollow external noreferrer" class="attachment">https://www.youtube.com/watch?v=kNI_NK2YY-s</a> - - public - - - - - tag:mastodon.social,2017-04-03:objectId=1476047:objectType=Status - 2017-04-03T07:39:14Z - 2017-04-03T07:39:14Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.social/@amrrr" class="u-url mention">@<span>amrrr</span></a></span> tumblr/10, but pretty good!</p> - - - public - - - - - - tag:mastodon.social,2017-04-03:objectId=1475949:objectType=Status - 2017-04-03T07:35:45Z - 2017-04-03T07:35:45Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.social/@Shookaite" class="u-url mention">@<span>Shookaite</span></a></span> Oh, you mean like userstyles?</p> - - - public - - - - - - tag:mastodon.social,2017-04-03:objectId=1475581:objectType=Status - 2017-04-03T07:20:03Z - 2017-04-03T07:20:03Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.social/@Shookaite" class="u-url mention">@<span>Shookaite</span></a></span> Would be nice if someone helped port Pleroma to Mastodon, that has a theme switcher (click on the cog in the upper right): <a href="https://pleroma.heldscal.la/main/all" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">pleroma.heldscal.la/main/all</span><span class="invisible"></span></a></p> - - - public - - - - - - tag:mastodon.social,2017-04-02:objectId=1457325:objectType=Status - 2017-04-02T21:57:43Z - 2017-04-02T21:57:43Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.social/@rhosyn" class="u-url mention">@<span>rhosyn</span></a></span> <span class="h-card"><a href="https://mastodon.social/@Meaningness" class="u-url mention">@<span>Meaningness</span></a></span> you could take a look at those listed at social.guhnoo.org</p> - - - - public - - - - - - tag:mastodon.social,2017-04-02:objectId=1447926:objectType=Status - 2017-04-02T18:31:52Z - 2017-04-02T18:31:52Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>My main account is <span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> , btw.</p> - - - public - - - - - tag:mastodon.social,2017-04-02:objectId=1447878:objectType=Status - 2017-04-02T18:30:37Z - 2017-04-02T18:30:37Z - lambadalambda shared a status by Firstaide@awoo.space - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:awoo.space,2017-04-02:objectId=135324:objectType=Status - 2017-04-02T18:29:32Z - 2017-04-02T18:29:32Z - New status by Firstaide@awoo.space - - https://awoo.space/users/Firstaide - http://activitystrea.ms/schema/1.0/person - https://awoo.space/users/Firstaide - Firstaide - Firstaide@awoo.space - A smol awoo account, for a smol autistic 💙 -They/them please! -NB/white/ace - - - - Firstaide - Miff🚑✨ - A smol awoo account, for a smol autistic 💙 -They/them please! -NB/white/ace - public - - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><a href="https://mastodon.social/users/lambadalambda" class="h-card u-url p-nickname mention">@<span>lambadalambda</span></a> yeah, I think that's p much the big issue here? <br>When I first heard of Masto, I thought it was just like twitter at first, I had no idea federation was even a thing?, and I actually joined p early on? :-o </p><p>idk I think more stuff needs to be done about federation promotion, but honestly its gotta come from the get go when people get here to make an account I feel :-o</p> - - - public - - - - <p><a href="https://mastodon.social/users/lambadalambda" class="h-card u-url p-nickname mention">@<span>lambadalambda</span></a> yeah, I think that's p much the big issue here? <br>When I first heard of Masto, I thought it was just like twitter at first, I had no idea federation was even a thing?, and I actually joined p early on? :-o </p><p>idk I think more stuff needs to be done about federation promotion, but honestly its gotta come from the get go when people get here to make an account I feel :-o</p> - - public - - - - diff --git a/test/fixtures/mastodon-note-cw.xml b/test/fixtures/mastodon-note-cw.xml deleted file mode 100644 index 02f49dd61..000000000 --- a/test/fixtures/mastodon-note-cw.xml +++ /dev/null @@ -1,39 +0,0 @@ - - - https://mastodon.social/users/lambadalambda.atom - Critical Value - - 2017-04-16T21:47:25Z - https://files.mastodon.social/accounts/avatars/000/000/264/original/1429214160519.gif - - https://mastodon.social/users/lambadalambda - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/lambadalambda - lambadalambda - lambadalambda@mastodon.social - - - - lambadalambda - Critical Value - public - - - - - - - tag:mastodon.social,2017-05-10:objectId=5551985:objectType=Status - 2017-05-10T12:21:36Z - 2017-05-10T12:21:36Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - technologic - <p>test</p> - - public - - - - diff --git a/test/fixtures/mastodon-note-unlisted.xml b/test/fixtures/mastodon-note-unlisted.xml deleted file mode 100644 index d21017b80..000000000 --- a/test/fixtures/mastodon-note-unlisted.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - https://mastodon.social/users/lambadalambda.atom - Critical Value - - 2017-04-16T21:47:25Z - https://files.mastodon.social/accounts/avatars/000/000/264/original/1429214160519.gif - - https://mastodon.social/users/lambadalambda - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/lambadalambda - lambadalambda - lambadalambda@mastodon.social - - - - lambadalambda - Critical Value - public - - - - - - - tag:mastodon.social,2017-05-10:objectId=5551985:objectType=Status - 2017-05-10T12:21:36Z - 2017-05-10T12:21:36Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - technologic - <p>test</p> - unlisted - - - - diff --git a/test/fixtures/mastodon-problematic.xml b/test/fixtures/mastodon-problematic.xml deleted file mode 100644 index a39e72759..000000000 --- a/test/fixtures/mastodon-problematic.xml +++ /dev/null @@ -1,72 +0,0 @@ - - - https://icosahedron.website/users/shel.atom - shel🍖‼️ - Gay jackal dog, poet, future librarian. - -http://datapup.info -avatar: @puppytube@twitter.com - 2017-05-02T23:26:01Z - https://icosahedron.website/system/accounts/avatars/000/001/207/original/b1e07b09ae1cc787.png?1493767561 - - https://icosahedron.website/users/shel - http://activitystrea.ms/schema/1.0/person - https://icosahedron.website/users/shel - shel - shel@icosahedron.website - <p>Gay jackal dog, poet, future librarian. </p><p><a href="http://datapup.info/" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="">datapup.info/</span><span class="invisible"></span></a><br />avatar: @puppytube@twitter.com</p> - - - - shel - shel🍖‼️ - Gay jackal dog, poet, future librarian. - -http://datapup.info -avatar: @puppytube@twitter.com - public - - - - - - - tag:icosahedron.website,2017-05-10:objectId=1414013:objectType=Status - 2017-05-10T17:16:24Z - 2017-05-10T17:16:24Z - shel shared a status by instance_names@cybre.space - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:cybre.space,2017-05-10:objectId=946671:objectType=Status - 2017-05-10T17:15:51Z - 2017-05-10T17:15:52Z - New status by instance_names@cybre.space - - https://cybre.space/users/instance_names - http://activitystrea.ms/schema/1.0/person - https://cybre.space/users/instance_names - instance_names - instance_names@cybre.space - <p>name ideas for your new mastodon instance. made by <span class="h-card"><a href="https://witches.town/@lycaon">@<span>lycaon</span></a></span> source available at <a href="https://github.com/LycaonIsAWolf/instance_names"><span class="invisible">https://</span><span class="ellipsis">github.com/LycaonIsAWolf/insta</span><span class="invisible">nce_names</span></a></p> - - - - instance_names - instance names - name ideas for your new mastodon instance. made by @lycaon source available at https://github.com/LycaonIsAWolf/instance_names - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>dildo.codes</p> - unlisted - - - <p>dildo.codes</p> - - public - - - - diff --git a/test/fixtures/mastodon_conversation.xml b/test/fixtures/mastodon_conversation.xml deleted file mode 100644 index 8faab2304..000000000 --- a/test/fixtures/mastodon_conversation.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - tag:mastodon.social,2017-08-28:objectId=16402826:objectType=Status - 2017-08-28T17:58:55Z - 2017-08-28T17:58:55Z - New status by lambadalambda - - https://mastodon.social/users/lambadalambda - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/lambadalambda - lambadalambda - lambadalambda@mastodon.social - - - - lambadalambda - Critical Value - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>test. <a href="https://mastodon.social/media/XCp0OHGPON9kWZwhjaI" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/media/XCp0OHGP</span><span class="invisible">ON9kWZwhjaI</span></a></p> - - - public - - - - diff --git a/test/fixtures/nil_mention_entry.xml b/test/fixtures/nil_mention_entry.xml deleted file mode 100644 index e13024cb3..000000000 --- a/test/fixtures/nil_mention_entry.xml +++ /dev/null @@ -1,52 +0,0 @@ - - - GNU social - https://social.stopwatchingus-heidelberg.de/api/statuses/user_timeline/18330.atom - atarifrosch timeline - Updates from atarifrosch on social.stopwatchingus-heidelberg.de! - https://social.stopwatchingus-heidelberg.de/avatar/18330-96-20150628163706.png - 2017-08-24T11:36:49+02:00 - - http://activitystrea.ms/schema/1.0/person - https://social.stopwatchingus-heidelberg.de/user/18330 - atarifrosch - Nerd, Pirat, Debian user, CAcert assurer, Geocacher, Freifunker. Autismus/Depression, agender. GnuPG Key-ID: 0xBCF81ADE - - - - - - atarifrosch - Atari-Frosch - Nerd, Pirat, Debian user, CAcert assurer, Geocacher, Freifunker. Autismus/Depression, agender. GnuPG Key-ID: 0xBCF81ADE - - Düsseldorf, NRW, Germany - - - homepage - https://www.atari-frosch.de/ - true - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-22:noticeId=978072:objectType=note - New note by atarifrosch - 2017-08-22 Bundesverfassungsgericht: Erfolgreiche Verfassungsbeschwerde gegen die Versagung vorläufiger Leistungen für Kosten der Unterkunft und Heizung – <a href="https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/DE/2017/bvg17-072.html" title="https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/DE/2017/bvg17-072.html" class="attachment" id="attachment-450768" rel="nofollow external">https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/DE/2017/bvg17-072.html</a> !<a href="http://quitter.se/group/2184/id" class="h-card group" title="HartzIV (hartziv)">hartziv</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-08-22T12:00:21+00:00 - 2017-08-22T12:00:21+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-22:noticeId=978072:objectType=thread:crc32=28a35f44 - - - - - - - - diff --git a/test/fixtures/ostatus_incoming_post.xml b/test/fixtures/ostatus_incoming_post.xml deleted file mode 100644 index 7967e1b32..000000000 --- a/test/fixtures/ostatus_incoming_post.xml +++ /dev/null @@ -1,57 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-04-29T18:25:38+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-04-29:noticeId=1967725:objectType=note - New note by lambadalambda - Will it blend? - - - http://activitystrea.ms/schema/1.0/post - 2017-04-29T18:25:38+00:00 - 2017-04-29T18:25:38+00:00 - - tag:social.heldscal.la,2017-04-29:objectType=thread:nonce=3f3a9dd83acc4e35 - - - - - - diff --git a/test/fixtures/ostatus_incoming_post_tag.xml b/test/fixtures/ostatus_incoming_post_tag.xml deleted file mode 100644 index 0f99c4126..000000000 --- a/test/fixtures/ostatus_incoming_post_tag.xml +++ /dev/null @@ -1,59 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-04-29T18:25:38+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-04-29:noticeId=1967725:objectType=note - New note by lambadalambda - Will it blend? - - - - - http://activitystrea.ms/schema/1.0/post - 2017-04-29T18:25:38+00:00 - 2017-04-29T18:25:38+00:00 - - tag:social.heldscal.la,2017-04-29:objectType=thread:nonce=3f3a9dd83acc4e35 - - - - - - diff --git a/test/fixtures/ostatus_incoming_reply.xml b/test/fixtures/ostatus_incoming_reply.xml deleted file mode 100644 index 83a427a68..000000000 --- a/test/fixtures/ostatus_incoming_reply.xml +++ /dev/null @@ -1,60 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-04-30T09:30:32+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.heldscal.la,2017-04-30:noticeId=1978790:objectType=comment - New comment by lambadalambda - @<a href="https://gs.archae.me/user/4687" class="h-card u-url p-nickname mention" title="shpbot">shpbot</a> why not indeed. - - - http://activitystrea.ms/schema/1.0/post - 2017-04-30T09:30:32+00:00 - 2017-04-30T09:30:32+00:00 - - - - https://gs.archae.me/conversation/327120 - - - - - - - diff --git a/test/fixtures/share-gs-local.xml b/test/fixtures/share-gs-local.xml deleted file mode 100644 index 9d52eab7b..000000000 --- a/test/fixtures/share-gs-local.xml +++ /dev/null @@ -1,99 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-05-03T08:05:41+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - tag:social.heldscal.la,2017-05-03:noticeId=2028428:objectType=note - lambadalambda repeated a notice by lain - RT @<a href="https://pleroma.soykaf.com/users/lain" class="h-card u-url p-nickname mention" title="Lain Iwakura">lain</a> Added returning the entries as xml... let's see if the mastodon hammering stops now. - - http://activitystrea.ms/schema/1.0/share - 2017-05-03T08:05:41+00:00 - 2017-05-03T08:05:41+00:00 - - http://activitystrea.ms/schema/1.0/activity - LOCAL_ID - - Added returning the entries as xml... let's see if the mastodon hammering stops now. - - http://activitystrea.ms/schema/1.0/post - 2017-05-03T08:04:44+00:00 - 2017-05-03T08:04:44+00:00 - - http://activitystrea.ms/schema/1.0/person - LOCAL_USER - lain - Test account - - - - - - lain - Lain Iwakura - Test account - - - - http://activitystrea.ms/schema/1.0/note - https://pleroma.soykaf.com/objects/4c1bda26-902e-4525-9fcd-b9fd44925193 - New note by lain - Added returning the entries as xml... let's see if the mastodon hammering stops now. - - - - - https://pleroma.soykaf.com/contexts/ede39a2b-7cf3-4fa4-8ccd-cb97431bcc22 - - - https://pleroma.soykaf.com/users/lain/feed.atom - Lain Iwakura - - - https://social.heldscal.la/avatar/43188-96-20170429172422.jpeg - 2017-05-03T08:04:44+00:00 - - - - https://pleroma.soykaf.com/contexts/ede39a2b-7cf3-4fa4-8ccd-cb97431bcc22 - - - - - - diff --git a/test/fixtures/share-gs.xml b/test/fixtures/share-gs.xml deleted file mode 100644 index ab5e488bd..000000000 --- a/test/fixtures/share-gs.xml +++ /dev/null @@ -1,99 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-05-03T08:05:41+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - tag:social.heldscal.la,2017-05-03:noticeId=2028428:objectType=note - lambadalambda repeated a notice by lain - RT @<a href="https://pleroma.soykaf.com/users/lain" class="h-card u-url p-nickname mention" title="Lain Iwakura">lain</a> Added returning the entries as xml... let's see if the mastodon hammering stops now. - - http://activitystrea.ms/schema/1.0/share - 2017-05-03T08:05:41+00:00 - 2017-05-03T08:05:41+00:00 - - http://activitystrea.ms/schema/1.0/activity - https://pleroma.soykaf.com/objects/4c1bda26-902e-4525-9fcd-b9fd44925193 - - Added returning the entries as xml... let's see if the mastodon hammering stops now. - - http://activitystrea.ms/schema/1.0/post - 2017-05-03T08:04:44+00:00 - 2017-05-03T08:04:44+00:00 - - http://activitystrea.ms/schema/1.0/person - https://pleroma.soykaf.com/users/lain - lain - Test account - - - - - - lain - Lain Iwakura - Test account - - - - http://activitystrea.ms/schema/1.0/note - https://pleroma.soykaf.com/objects/4c1bda26-902e-4525-9fcd-b9fd44925193 - New note by lain - Added returning the entries as xml... let's see if the mastodon hammering stops now. - - - - - https://pleroma.soykaf.com/contexts/ede39a2b-7cf3-4fa4-8ccd-cb97431bcc22 - - - https://pleroma.soykaf.com/users/lain/feed.atom - Lain Iwakura - - - https://social.heldscal.la/avatar/43188-96-20170429172422.jpeg - 2017-05-03T08:04:44+00:00 - - - - https://pleroma.soykaf.com/contexts/ede39a2b-7cf3-4fa4-8ccd-cb97431bcc22 - - - - - - diff --git a/test/fixtures/share.xml b/test/fixtures/share.xml deleted file mode 100644 index e07b88680..000000000 --- a/test/fixtures/share.xml +++ /dev/null @@ -1,54 +0,0 @@ - - - tag:mastodon.social,2017-05-03:objectId=4934452:objectType=Status - 2017-05-03T08:21:09Z - 2017-05-03T08:21:09Z - lambadalambda shared a status by lain@pleroma.soykaf.com - - https://mastodon.social/users/lambadalambda - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/lambadalambda - lambadalambda - lambadalambda@mastodon.social - - - - lambadalambda - Critical Value - public - - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - https://pleroma.soykaf.com/objects/4c1bda26-902e-4525-9fcd-b9fd44925193 - 2017-05-03T08:04:44Z - 2017-05-03T08:05:52Z - New status by lain@pleroma.soykaf.com - - https://pleroma.soykaf.com/users/lain - http://activitystrea.ms/schema/1.0/person - https://pleroma.soykaf.com/users/lain - lain - lain@pleroma.soykaf.com - Test account - - - - lain - Lain Iwakura - Test account - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - Added returning the entries as xml... let's see if the mastodon hammering stops now. - - public - - - Added returning the entries as xml... let's see if the mastodon hammering stops now. - - public - - - diff --git a/test/fixtures/tesla_mock/7369654.atom b/test/fixtures/tesla_mock/7369654.atom deleted file mode 100644 index 74fd9ce6b..000000000 --- a/test/fixtures/tesla_mock/7369654.atom +++ /dev/null @@ -1,44 +0,0 @@ - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-22:noticeId=7369654:objectType=comment - New comment by shpuld - @<a href="https://testing.pleroma.lol/users/lain" class="h-card mention" title="Rael Electric Razor">lain</a> me far right - - - http://activitystrea.ms/schema/1.0/post - 2018-02-22T09:20:12+00:00 - 2018-02-22T09:20:12+00:00 - - http://activitystrea.ms/schema/1.0/person - https://shitposter.club/user/5381 - shpuld - - - - - - shpuld - shp - - - - - - - tag:shitposter.club,2018-02-22:objectType=thread:nonce=e5a7c72d60a9c0e4 - - - - https://shitposter.club/api/statuses/user_timeline/5381.atom - shp - - - - https://shitposter.club/avatar/5381-96-20171230093854.png - 2018-02-23T13:30:15+00:00 - - - - - diff --git a/test/fixtures/tesla_mock/atarifrosch_feed.xml b/test/fixtures/tesla_mock/atarifrosch_feed.xml deleted file mode 100644 index e00df782e..000000000 --- a/test/fixtures/tesla_mock/atarifrosch_feed.xml +++ /dev/null @@ -1,473 +0,0 @@ - - - GNU social - https://social.stopwatchingus-heidelberg.de/api/statuses/user_timeline/18330.atom - atarifrosch-Zeitleiste - Aktualisierungen von atarifrosch auf social.stopwatchingus-heidelberg.de! - https://social.stopwatchingus-heidelberg.de/avatar/18330-96-20150628163706.png - 2017-08-24T12:06:55+02:00 - - http://activitystrea.ms/schema/1.0/person - https://social.stopwatchingus-heidelberg.de/user/18330 - atarifrosch - Nerd, Pirat, Debian user, CAcert assurer, Geocacher, Freifunker. Autismus/Depression, agender. GnuPG Key-ID: 0xBCF81ADE - - - - - - atarifrosch - Atari-Frosch - Nerd, Pirat, Debian user, CAcert assurer, Geocacher, Freifunker. Autismus/Depression, agender. GnuPG Key-ID: 0xBCF81ADE - - Düsseldorf, NRW, Germany - - - homepage - https://www.atari-frosch.de/ - true - - - - - - - - - - - - - - tag:social.stopwatchingus-heidelberg.de,2017-08-24:noticeId=978735:objectType=note - atarifrosch repeated a notice by hoergen - RT @<a href="https://social.hoergen.org/hoergen" class="h-card mention" title="hoergen">hoergen</a> Das falsche Bild der Tagesschau &quot;Auffallend &quot;erfolgreich&quot; - Andrea Nahles und Manuela Schwesig&quot; #<span class="tag"><a href="https://social.stopwatchingus-heidelberg.de/tag/geringverdiener" rel="tag">Geringverdiener</a></span> #<span class="tag"><a href="https://social.stopwatchingus-heidelberg.de/tag/mindestlohn" rel="tag">Mindestlohn</a></span> #<span class="tag"><a href="https://social.stopwatchingus-heidelberg.de/tag/mannxismus" rel="tag">mannxismus</a></span> #<span class="tag"><a href="https://social.stopwatchingus-heidelberg.de/tag/erwerbsminderungsrente" rel="tag">Erwerbsminderungsrente</a></span> #<span class="tag"><a href="https://social.stopwatchingus-heidelberg.de/tag/arbeitnehmerflexibilisierung" rel="tag">ArbeitnehmerFlexibilisierung</a></span> #<span class="tag"><a href="https://social.stopwatchingus-heidelberg.de/tag/altersarmut" rel="tag">AltersArmut</a></span> ..... <a href="http://www.tagesschau.de/inland/btw17/bilanz-schwesig-nahles-101.html" title="http://www.tagesschau.de/inland/btw17/bilanz-schwesig-nahles-101.html" class="attachment" id="attachment-450858" rel="nofollow external">http://www.tagesschau.de/inland/btw17/bilanz-schwesig-nahles-101.html</a> - https://social.stopwatchingus-heidelberg.de/notice/978735 - http://activitystrea.ms/schema/1.0/share - 2017-08-24T09:18:25+00:00 - 2017-08-24T09:18:25+00:00 - - http://activitystrea.ms/schema/1.0/activity - tag:social.hoergen.org,2017-08-24:noticeId=222320:objectType=note - - Das falsche Bild der Tagesschau <br /> &quot;Auffallend &quot;erfolgreich&quot; - Andrea Nahles und Manuela Schwesig&quot; #<span class="tag"><a href="https://social.hoergen.org/tag/geringverdiener" rel="tag">Geringverdiener</a></span> #<span class="tag"><a href="https://social.hoergen.org/tag/mindestlohn" rel="tag">Mindestlohn</a></span> #<span class="tag"><a href="https://social.hoergen.org/tag/mannxismus" rel="tag">mannxismus</a></span> #<span class="tag"><a href="https://social.hoergen.org/tag/erwerbsminderungsrente" rel="tag">Erwerbsminderungsrente</a></span> #<span class="tag"><a href="https://social.hoergen.org/tag/arbeitnehmerflexibilisierung" rel="tag">ArbeitnehmerFlexibilisierung</a></span> #<span class="tag"><a href="https://social.hoergen.org/tag/altersarmut" rel="tag">AltersArmut</a></span> ..... <br /> <br /> <a href="http://www.tagesschau.de/inland/btw17/bilanz-schwesig-nahles-101.html" title="http://www.tagesschau.de/inland/btw17/bilanz-schwesig-nahles-101.html" rel="nofollow external noreferrer" class="attachment">http://www.tagesschau.de/inland/btw17/bilanz-schwesig-nahles-101.html</a> - https://social.hoergen.org/notice/222320 - http://activitystrea.ms/schema/1.0/post - 2017-08-24T07:36:31+00:00 - 2017-08-24T07:36:31+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.hoergen.org/user/2 - hoergen - aka Andi Memyself #humanist #nerd Menschen liebhabender Misanthrop und auch sonst sehr vielseitig interessiert. - - - - - - hoergen - hoergen - aka Andi Memyself #humanist #nerd Menschen liebhabender Misanthrop und auch sonst sehr vielseitig interessiert. - - Berlin - - - homepage - https://hyperblog.de/hoergen/ - true - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.hoergen.org,2017-08-24:noticeId=222320:objectType=note - New note by hoergen - Das falsche Bild der Tagesschau <br /> &quot;Auffallend &quot;erfolgreich&quot; - Andrea Nahles und Manuela Schwesig&quot; #<span class="tag"><a href="https://social.hoergen.org/tag/geringverdiener" rel="tag">Geringverdiener</a></span> #<span class="tag"><a href="https://social.hoergen.org/tag/mindestlohn" rel="tag">Mindestlohn</a></span> #<span class="tag"><a href="https://social.hoergen.org/tag/mannxismus" rel="tag">mannxismus</a></span> #<span class="tag"><a href="https://social.hoergen.org/tag/erwerbsminderungsrente" rel="tag">Erwerbsminderungsrente</a></span> #<span class="tag"><a href="https://social.hoergen.org/tag/arbeitnehmerflexibilisierung" rel="tag">ArbeitnehmerFlexibilisierung</a></span> #<span class="tag"><a href="https://social.hoergen.org/tag/altersarmut" rel="tag">AltersArmut</a></span> ..... <br /> <br /> <a href="http://www.tagesschau.de/inland/btw17/bilanz-schwesig-nahles-101.html" title="http://www.tagesschau.de/inland/btw17/bilanz-schwesig-nahles-101.html" rel="nofollow external noreferrer" class="attachment">http://www.tagesschau.de/inland/btw17/bilanz-schwesig-nahles-101.html</a> - - - - - https://social.hoergen.org/conversation/98616 - - - - - - - - - https://social.hoergen.org/api/statuses/user_timeline/2.atom - hoergen - - - https://social.stopwatchingus-heidelberg.de/avatar/54316-original-20170824072526.jpeg - 2017-08-24T09:48:30+00:00 - - - - https://social.hoergen.org/conversation/98616 - - - - - - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.stopwatchingus-heidelberg.de,2017-08-24:noticeId=978734:objectType=comment - New comment by atarifrosch - Jo, die Anzahl der Hartz-IV-Sanktionen nennt sie genausowenig wie die Anzahl der Menschen, die von den Repressionsbehörden in Obdachlosigkeit und Suizid getrieben wurden. Das würde die Erfolgszahlen dann doch ein wenig trüben, nech? - - - http://activitystrea.ms/schema/1.0/post - 2017-08-24T09:18:13+00:00 - 2017-08-24T09:18:13+00:00 - - - - https://social.hoergen.org/conversation/98616 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-24:noticeId=978732:objectType=note - New note by atarifrosch - Moin-quak. - - - http://activitystrea.ms/schema/1.0/post - 2017-08-24T09:09:39+00:00 - 2017-08-24T09:09:39+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-24:noticeId=978732:objectType=thread:crc32=2f92b7b6 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-23:noticeId=978594:objectType=note - New note by atarifrosch - n8-quak! - - - http://activitystrea.ms/schema/1.0/post - 2017-08-23T21:39:54+00:00 - 2017-08-23T21:39:54+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-23:noticeId=978594:objectType=thread:crc32=9bdb0ac9 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-23:noticeId=978503:objectType=note - New note by atarifrosch - 2017-08-16 Michal Špaček: Post a boarding pass on Facebook, get your account stolen – Post a boarding pass on Facebook, get your account stolen (gilt übrinx nicht nur für Facebook) - - - http://activitystrea.ms/schema/1.0/post - 2017-08-23T15:14:29+00:00 - 2017-08-23T15:14:29+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-23:noticeId=978503:objectType=thread:crc32=3de05c3a - - - - - - - tag:social.stopwatchingus-heidelberg.de,2017-08-23:fave:18330:activity:978458:2017-08-23T15:18:19+02:00 - Favorite - atarifrosch favorited something by einebiene: Haha, große Überraschung. <a href="http://www.sueddeutsche.de/wirtschaft/abgasaffaere-software-updates-fuer-dieselautos-helfen-kaum-1.3637636" title="http://www.sueddeutsche.de/wirtschaft/abgasaffaere-software-updates-fuer-dieselautos-helfen-kaum-1.3637636" rel="nofollow noreferrer" class="attachment">https://quitter.is/url/1122672</a><br /> Was ich an all diesen Artikeln schade finde, ist, daß immer nur auf den Umstieg von Auto zu anderem Auto gesprochen wird. Öffis werden nicht erwähnt, Carsharing nicht, radeln nicht, und in der Stadt wäre ne Vespa auch deutlich besser als ein SUV. - http://activitystrea.ms/schema/1.0/favorite - 2017-08-23T13:18:19+00:00 - 2017-08-23T13:18:19+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:quitter.is,2017-08-23:noticeId=4032910:objectType=note - New note by einebiene - Haha, große Überraschung. <a href="http://www.sueddeutsche.de/wirtschaft/abgasaffaere-software-updates-fuer-dieselautos-helfen-kaum-1.3637636" title="http://www.sueddeutsche.de/wirtschaft/abgasaffaere-software-updates-fuer-dieselautos-helfen-kaum-1.3637636" rel="nofollow noreferrer" class="attachment">https://quitter.is/url/1122672</a><br /> Was ich an all diesen Artikeln schade finde, ist, daß immer nur auf den Umstieg von Auto zu anderem Auto gesprochen wird. Öffis werden nicht erwähnt, Carsharing nicht, radeln nicht, und in der Stadt wäre ne Vespa auch deutlich besser als ein SUV. - - - - - - - https://quitter.is/conversation/2535246 - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-23:noticeId=978402:objectType=note - New note by atarifrosch - moin-quak - - - http://activitystrea.ms/schema/1.0/post - 2017-08-23T10:57:26+00:00 - 2017-08-23T10:57:26+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-23:noticeId=978402:objectType=thread:crc32=7050c397 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-22:noticeId=978164:objectType=note - New note by atarifrosch - n8-quak - - - http://activitystrea.ms/schema/1.0/post - 2017-08-22T19:54:30+00:00 - 2017-08-22T19:54:30+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-22:noticeId=978164:objectType=thread:crc32=b0a209c7 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-22:noticeId=978072:objectType=note - New note by atarifrosch - 2017-08-22 Bundesverfassungsgericht: Erfolgreiche Verfassungsbeschwerde gegen die Versagung vorläufiger Leistungen für Kosten der Unterkunft und Heizung – <a href="https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/DE/2017/bvg17-072.html" title="https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/DE/2017/bvg17-072.html" class="attachment" id="attachment-450768" rel="nofollow external">https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/DE/2017/bvg17-072.html</a> !<a href="http://quitter.se/group/2184/id" class="h-card group" title="HartzIV (hartziv)">hartziv</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-08-22T12:00:21+00:00 - 2017-08-22T12:00:21+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-22:noticeId=978072:objectType=thread:crc32=28a35f44 - - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-22:noticeId=978042:objectType=note - New note by atarifrosch - moin-quak! - - - http://activitystrea.ms/schema/1.0/post - 2017-08-22T07:55:27+00:00 - 2017-08-22T07:55:27+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-22:noticeId=978042:objectType=thread:crc32=f070a9f7 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-21:noticeId=977914:objectType=note - New note by atarifrosch - So, morgen geht's weiter. n8-quak! - - - http://activitystrea.ms/schema/1.0/post - 2017-08-21T22:09:53+00:00 - 2017-08-21T22:09:53+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-21:noticeId=977914:objectType=thread:crc32=c0a9f7fa - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-21:noticeId=977710:objectType=note - New note by atarifrosch - moin-quak. - - - http://activitystrea.ms/schema/1.0/post - 2017-08-21T08:58:26+00:00 - 2017-08-21T08:58:26+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-21:noticeId=977710:objectType=thread:crc32=60cfb466 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-20:noticeId=977526:objectType=note - New note by atarifrosch - Meine Augen meinen, für heute sei es genug. Nun denn. n8-quak. - - - http://activitystrea.ms/schema/1.0/post - 2017-08-20T19:58:16+00:00 - 2017-08-20T19:58:16+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-20:noticeId=977526:objectType=thread:crc32=ce79634 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-20:noticeId=977369:objectType=note - New note by atarifrosch - [Blog] Im Netz aufgefischt #<span class="tag"><a href="https://social.stopwatchingus-heidelberg.de/tag/330" rel="tag">330</a></span> – <a href="https://blog.atari-frosch.de/2017/08/20/im-netz-aufgefischt-330/" title="https://blog.atari-frosch.de/2017/08/20/im-netz-aufgefischt-330/" class="attachment" id="attachment-450668" rel="nofollow external">https://blog.atari-frosch.de/2017/08/20/im-netz-aufgefischt-330/</a> (was ich diese Woche so gelesen habe) - - - http://activitystrea.ms/schema/1.0/post - 2017-08-20T09:14:07+00:00 - 2017-08-20T09:14:07+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-20:noticeId=977369:objectType=thread:crc32=2f800b86 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-19:noticeId=977268:objectType=note - New note by atarifrosch - Fast ständig husten müssen ist echt anstrengend … naja, n8-quak. - - - http://activitystrea.ms/schema/1.0/post - 2017-08-19T21:59:20+00:00 - 2017-08-19T21:59:20+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-19:noticeId=977268:objectType=thread:crc32=deda767a - - - - - - - tag:social.stopwatchingus-heidelberg.de,2017-08-19:fave:18330:activity:977146:2017-08-19T21:39:26+02:00 - Favorite - atarifrosch favorited something by einebienezwo: Ich mach gerade Kompetenztraining.<br /> Ich trainiere die Kompetenz, eine halb aufgegessene Gummibärchentüte nicht ganz aufzuessen. - http://activitystrea.ms/schema/1.0/favorite - 2017-08-19T19:39:26+00:00 - 2017-08-19T19:39:26+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:gnusocial.de,2017-08-19:noticeId=11011264:objectType=note - New note by einebienezwo - Ich mach gerade Kompetenztraining.<br /> Ich trainiere die Kompetenz, eine halb aufgegessene Gummibärchentüte nicht ganz aufzuessen. - - - - - - - https://gnusocial.de/conversation/9363945 - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.stopwatchingus-heidelberg.de,2017-08-19:noticeId=977242:objectType=comment - New comment by atarifrosch - Wir hatten hier schon Ordnungsdienst auf'm Radweg. Fotografisch dokumentiert (nicht von mir, Bekannter hatte es gesehen). Da hatte grad 'ne Pizzeria neu eröffnet … - - - http://activitystrea.ms/schema/1.0/post - 2017-08-19T19:38:53+00:00 - 2017-08-19T19:38:53+00:00 - - - - https://gnusocial.de/conversation/9363813 - - - - - - - - tag:social.stopwatchingus-heidelberg.de,2017-08-19:fave:18330:activity:977180:2017-08-19T21:37:36+02:00 - Favorite - atarifrosch favorited something by jcaktiv: BTW Hallo zusammen &lt;3, wo ich schon mal wieder hier bin - http://activitystrea.ms/schema/1.0/favorite - 2017-08-19T19:37:36+00:00 - 2017-08-19T19:37:36+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:quitter.se,2017-08-19:noticeId=17372467:objectType=note - New note by jcaktiv - BTW Hallo zusammen &lt;3, wo ich schon mal wieder hier bin - - - - - - - tag:quitter.se,2017-08-19:objectType=thread:nonce=46c1c433d88aaa9f - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.stopwatchingus-heidelberg.de,2017-08-19:noticeId=976985:objectType=comment - New comment by atarifrosch - Jo, oder einfach mal nachfragen, so als Realitätsabgleich. - - - http://activitystrea.ms/schema/1.0/post - 2017-08-19T10:34:50+00:00 - 2017-08-19T10:34:50+00:00 - - - - https://gnusocial.de/conversation/9362516 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.stopwatchingus-heidelberg.de,2017-08-19:noticeId=976983:objectType=note - New note by atarifrosch - Schöne Alternative zu mit Werbung überladenen kommerziellen Anbietern: <a href="http://ifconfig.at/" title="http://ifconfig.at/" class="attachment" id="attachment-450636" rel="nofollow external">http://ifconfig.at/</a> – eigene IP, Hostname etc. abfragen, mit curl dann auch in Textform zur lokalen Weiterverarbeitung in Scripten etc. Leider (noch?) kein https. - - - http://activitystrea.ms/schema/1.0/post - 2017-08-19T10:33:04+00:00 - 2017-08-19T10:33:04+00:00 - - tag:social.stopwatchingus-heidelberg.de,2017-08-19:noticeId=976983:objectType=thread:crc32=4a3593c0 - - - - - - diff --git a/test/fixtures/tesla_mock/emelie.atom b/test/fixtures/tesla_mock/emelie.atom deleted file mode 100644 index ddaa1c6ca..000000000 --- a/test/fixtures/tesla_mock/emelie.atom +++ /dev/null @@ -1,306 +0,0 @@ - - - https://mastodon.social/users/emelie.atom - emelie 🎨 - 23 / #Sweden / #Artist / #Equestrian / #GameDev - -If I ain't spending time with my pets, I'm probably drawing. 🐴 🐱 🐰 - 2019-02-04T20:22:19Z - https://files.mastodon.social/accounts/avatars/000/015/657/original/e7163f98280da1a4.png - - https://mastodon.social/users/emelie - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/emelie - emelie - emelie@mastodon.social - <p>23 / <a href="https://mastodon.social/tags/sweden" class="mention hashtag" rel="tag">#<span>Sweden</span></a> / <a href="https://mastodon.social/tags/artist" class="mention hashtag" rel="tag">#<span>Artist</span></a> / <a href="https://mastodon.social/tags/equestrian" class="mention hashtag" rel="tag">#<span>Equestrian</span></a> / <a href="https://mastodon.social/tags/gamedev" class="mention hashtag" rel="tag">#<span>GameDev</span></a></p><p>If I ain&apos;t spending time with my pets, I&apos;m probably drawing. 🐴 🐱 🐰</p> - - - - emelie - emelie 🎨 - 23 / #Sweden / #Artist / #Equestrian / #GameDev - -If I ain't spending time with my pets, I'm probably drawing. 🐴 🐱 🐰 - public - - - - - - - https://mastodon.social/users/emelie/statuses/101850331907006641 - 2019-04-01T09:58:50Z - 2019-04-01T09:58:50Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>Me: I&apos;m going to make this vital change to my world building in the morning, no way I&apos;ll forget this, it&apos;s too big of a deal<br />Also me: forgets</p> - - public - - - - - - https://mastodon.social/users/emelie/statuses/101849626603073336 - 2019-04-01T06:59:28Z - 2019-04-01T06:59:28Z - New status by emelie - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - - <p><span class="h-card"><a href="https://mastodon.social/@Fergant" class="u-url mention">@<span>Fergant</span></a></span> Dom är i stort sett religiös skrift vid det här laget 👏👏</p><p>har dock bara läst svenska översättningen, kanske är dags att jag läser dom på engelska</p> - - - public - - - - - - - https://mastodon.social/users/emelie/statuses/101849580030237068 - 2019-04-01T06:47:37Z - 2019-04-01T06:47:37Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>What&apos;s you people&apos;s favourite fantasy books? Give me some hot tips 🌞</p> - - public - - - - - - https://mastodon.social/users/emelie/statuses/101849550599949363 - 2019-04-01T06:40:08Z - 2019-04-01T06:40:08Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>Stick them legs out 💃 <a href="https://mastodon.social/tags/mastocats" class="mention hashtag" rel="tag">#<span>mastocats</span></a></p> - - - - public - - - - - - https://mastodon.social/users/emelie/statuses/101849191533152720 - 2019-04-01T05:08:49Z - 2019-04-01T05:08:49Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>long 🐱 <a href="https://mastodon.social/tags/mastocats" class="mention hashtag" rel="tag">#<span>mastocats</span></a></p> - - - - public - - - - - - https://mastodon.social/users/emelie/statuses/101849165031453009 - 2019-04-01T05:02:05Z - 2019-04-01T05:02:05Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>You gotta take whatever bellyrubbing opportunity you can get before she changes her mind 🦁 <a href="https://mastodon.social/tags/mastocats" class="mention hashtag" rel="tag">#<span>mastocats</span></a></p> - - - - public - - - - - - https://mastodon.social/users/emelie/statuses/101846512530748693 - 2019-03-31T17:47:31Z - 2019-03-31T17:47:31Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>Hello look at this boy having a decent haircut for once <a href="https://mastodon.social/tags/mastohorses" class="mention hashtag" rel="tag">#<span>mastohorses</span></a> <a href="https://mastodon.social/tags/equestrian" class="mention hashtag" rel="tag">#<span>equestrian</span></a></p> - - - - - public - - - - - - https://mastodon.social/users/emelie/statuses/101846181093805500 - 2019-03-31T16:23:14Z - 2019-03-31T16:23:14Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>Sorry did I disturb the who-is-the-longest-cat competition ? <a href="https://mastodon.social/tags/mastocats" class="mention hashtag" rel="tag">#<span>mastocats</span></a></p> - - - - public - - - - - - https://mastodon.social/users/emelie/statuses/101845897513133849 - 2019-03-31T15:11:07Z - 2019-03-31T15:11:07Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - more earthsea ramblings - <p>I&apos;m re-watching Tales from Earthsea for the first time since I read the books, and that Therru doesn&apos;t squash Cob like a spider, as Orm Embar did is a wasted opportunity tbh</p> - - public - - - - - - https://mastodon.social/users/emelie/statuses/101841219051533307 - 2019-03-30T19:21:19Z - 2019-03-30T19:21:19Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>I gave my cats some mackerel and they ate it all in 0.3 seconds, and now they won&apos;t stop meowing for more, and I&apos;m tired plz shut up</p> - - public - - - - - - https://mastodon.social/users/emelie/statuses/101839949762341381 - 2019-03-30T13:58:31Z - 2019-03-30T13:58:31Z - New status by emelie - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - - <p>yet I&apos;m confused about this american dude with a gun, like the heck r ya doin in mah ghibli</p> - - public - - - - - - - https://mastodon.social/users/emelie/statuses/101839928677863590 - 2019-03-30T13:53:09Z - 2019-03-30T13:53:09Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>2 hours into Ni no Kuni 2 and I&apos;ve already sold my soul to this game</p> - - public - - - - - - https://mastodon.social/users/emelie/statuses/101836329521599438 - 2019-03-29T22:37:51Z - 2019-03-29T22:37:51Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>Pippi Longstocking the original one-punch /man</p> - - public - - - - - - https://mastodon.social/users/emelie/statuses/101835905282948341 - 2019-03-29T20:49:57Z - 2019-03-29T20:49:57Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>I&apos;ve had so much wine I thought I had a 3rd brother</p> - - public - - - - - - https://mastodon.social/users/emelie/statuses/101835878059204660 - 2019-03-29T20:43:02Z - 2019-03-29T20:43:02Z - New status by emelie - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - - <p>ååååhhh booi</p> - - public - - - - - - https://mastodon.social/users/emelie/statuses/101835848050598939 - 2019-03-29T20:35:24Z - 2019-03-29T20:35:24Z - New status by emelie - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - - <p><span class="h-card"><a href="https://thraeryn.net/@thraeryn" class="u-url mention">@<span>thraeryn</span></a></span> if I spent 1 hour and a half watching this monstrosity, I need to</p> - - - public - - - - - - - https://mastodon.social/users/emelie/statuses/101835823138262290 - 2019-03-29T20:29:04Z - 2019-03-29T20:29:04Z - New status by emelie - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - - medical, fluids mention - <p><span class="h-card"><a href="https://icosahedron.website/@Trev" class="u-url mention">@<span>Trev</span></a></span> *hugs* ✨</p> - - - public - - - - - - diff --git a/test/fixtures/tesla_mock/http__gs.example.org_index.php_api_statuses_user_timeline_1.atom.xml b/test/fixtures/tesla_mock/http__gs.example.org_index.php_api_statuses_user_timeline_1.atom.xml deleted file mode 100644 index 490467708..000000000 --- a/test/fixtures/tesla_mock/http__gs.example.org_index.php_api_statuses_user_timeline_1.atom.xml +++ /dev/null @@ -1,460 +0,0 @@ - - - GNU social - http://gs.example.org/index.php/api/statuses/user_timeline/1.atom - lambda timeline - Updates from lambda on gs.example.org! - http://gs.example.org/theme/neo-gnu/default-avatar-profile.png - 2017-05-05T12:09:57+00:00 - - http://activitystrea.ms/schema/1.0/person - http://gs.example.org:4040/index.php/user/1 - lambda - - - - - lambda - lambda - - - - - - - - - - - - - tag:gs.example.org,2017-05-04:noticeId=84:objectType=note - lambda repeated a notice by lambda2 - RT @<a href="http://gs.example.org/index.php/user/7" class="h-card mention">lambda2</a> Hello! - - http://activitystrea.ms/schema/1.0/share - 2017-05-04T16:38:50+00:00 - 2017-05-04T16:38:50+00:00 - - http://activitystrea.ms/schema/1.0/activity - tag:gs.example.org,2017-05-01:noticeId=67:objectType=note - - Hello! - - http://activitystrea.ms/schema/1.0/post - 2017-05-01T08:41:04+00:00 - 2017-05-01T08:41:04+00:00 - - http://activitystrea.ms/schema/1.0/person - http://gs.example.org/index.php/user/7 - lambda2 - - - - - - lambda2 - lambda2 - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org,2017-05-01:noticeId=67:objectType=note - New note by lambda2 - Hello! - - - - - tag:gs.example.org,2017-05-01:objectType=thread:nonce=cffa792cb95fe417 - - - http://gs.example.org/index.php/api/statuses/user_timeline/7.atom - lambda2 - - - - http://gs.example.org/avatar/7-96-20170501084054.png - 2017-05-01T16:33:10+00:00 - - - - - - tag:gs.example.org,2017-05-01:objectType=thread:nonce=cffa792cb95fe417 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org,2017-04-30:noticeId=63:objectType=note - New note by lambda - what now? - - - http://activitystrea.ms/schema/1.0/post - 2017-04-30T10:09:57+00:00 - 2017-04-30T10:09:57+00:00 - - - - tag:gs.example.org,2017-04-30:objectType=thread:nonce=1bbb60991ae9874b - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org,2017-04-30:noticeId=61:objectType=note - New note by lambda - @<a href="http://pleroma.example.org:4000/users/lain5" class="h-card mention">lain5</a> Hello! - - - http://activitystrea.ms/schema/1.0/post - 2017-04-30T10:07:26+00:00 - 2017-04-30T10:07:26+00:00 - - tag:gs.example.org,2017-04-30:objectType=thread:nonce=1bbb60991ae9874b - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org,2017-04-29:noticeId=59:objectType=note - New note by lambda - ey - - - http://activitystrea.ms/schema/1.0/post - 2017-04-29T17:04:59+00:00 - 2017-04-29T17:04:59+00:00 - - tag:gs.example.org,2017-04-29:objectType=thread:nonce=4cc42c2c61a0f4bd - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org,2017-04-29:noticeId=58:objectType=note - New note by lambda - Another one. - - - http://activitystrea.ms/schema/1.0/post - 2017-04-29T17:02:47+00:00 - 2017-04-29T17:02:47+00:00 - - tag:gs.example.org,2017-04-29:objectType=thread:nonce=53e9b8f1d6d38d13 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org,2017-04-29:noticeId=57:objectType=note - New note by lambda - Let's see if this comes over. - - - http://activitystrea.ms/schema/1.0/post - 2017-04-29T17:01:39+00:00 - 2017-04-29T17:01:39+00:00 - - tag:gs.example.org,2017-04-29:objectType=thread:nonce=238a7bd3ffc7c9cc - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org,2017-04-29:noticeId=56:objectType=note - New note by lambda - @<a href="http://pleroma.example.org:4000/users/lain5" class="h-card mention">lain5</a> Hey! - - - http://activitystrea.ms/schema/1.0/post - 2017-04-29T16:38:13+00:00 - 2017-04-29T16:38:13+00:00 - - tag:gs.example.org,2017-04-29:objectType=thread:nonce=2629d3a398171b0f - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=55:objectType=note - New note by lambda - hey. - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T18:16:13+00:00 - 2017-04-25T18:16:13+00:00 - - - - http://pleroma.example.org:4000/contexts/8f6f45d4-8e4d-4e1a-a2de-09f27367d2d0 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=53:objectType=note - New note by lambda - and this? - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T18:14:34+00:00 - 2017-04-25T18:14:34+00:00 - - - - http://pleroma.example.org:4000/contexts/24779b0e-91ad-487e-81bd-6cf5bb437b09 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=52:objectType=note - New note by lambda - yeah it does :) - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T18:13:31+00:00 - 2017-04-25T18:13:31+00:00 - - - - tag:gs.example.org:4040,2017-04-25:objectType=thread:nonce=e0dc24b1a93ab6b3 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=50:objectType=note - New note by lambda - @<a href="http://pleroma.example.org:4000/users/lain5" class="h-card mention">lain5</a> Let's try with one that originates here! - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T18:10:28+00:00 - 2017-04-25T18:10:28+00:00 - - tag:gs.example.org:4040,2017-04-25:objectType=thread:nonce=e0dc24b1a93ab6b3 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=48:objectType=note - New note by lambda - works? - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T18:08:44+00:00 - 2017-04-25T18:08:44+00:00 - - - - http://pleroma.example.org:4000/contexts/24779b0e-91ad-487e-81bd-6cf5bb437b09 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=46:objectType=note - New note by lambda - Let's send you an answer. - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T18:05:31+00:00 - 2017-04-25T18:05:31+00:00 - - - - tag:gs.example.org:4040,2017-04-25:objectType=thread:nonce=73c7bcf6658f7ce3 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=44:objectType=note - New note by lambda - Hey. - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T18:01:09+00:00 - 2017-04-25T18:01:09+00:00 - - - - tag:gs.example.org:4040,2017-04-25:objectType=thread:nonce=6e7c8fc2823380b4 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=43:objectType=note - New note by lambda - What's coming to you? - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T17:58:41+00:00 - 2017-04-25T17:58:41+00:00 - - - - tag:gs.example.org:4040,2017-04-25:objectType=thread:nonce=6e7c8fc2823380b4 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=42:objectType=note - New note by lambda - Now this is podracing. - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T17:57:40+00:00 - 2017-04-25T17:57:40+00:00 - - - - tag:gs.example.org:4040,2017-04-25:objectType=thread:nonce=6e7c8fc2823380b4 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=39:objectType=note - New note by lambda - Sure looks like it! - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T17:48:27+00:00 - 2017-04-25T17:48:27+00:00 - - - - tag:gs.example.org:4040,2017-04-25:objectType=thread:nonce=4c6114a75bb4cea5 - - - - - - - - tag:gs.example.org:4040,2017-04-25:subscription:1:person:6:2017-04-25T17:47:47+00:00 - lambda (lambda)'s status on Tuesday, 25-Apr-2017 17:47:47 UTC - <a href="http://gs.example.org:4040/index.php/lambda">lambda</a> started following <a href="http://pleroma.example.org:4000/users/lain5">l</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-04-25T17:47:47+00:00 - 2017-04-25T17:47:47+00:00 - - http://activitystrea.ms/schema/1.0/person - http://pleroma.example.org:4000/users/lain5 - l - lambadalambda - - - - - - lain5 - l - lambadalambda - - - tag:gs.example.org:4040,2017-04-25:objectType=thread:nonce=119acad17515314c - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=36:objectType=note - New note by lambda - @<a href="http://pleroma.example.org:4000/users/lain5" class="h-card mention">lain5</a> Hey, how are you? - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T17:46:22+00:00 - 2017-04-25T17:46:22+00:00 - - tag:gs.example.org:4040,2017-04-25:objectType=thread:nonce=9c5ec19a18191372 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.example.org:4040,2017-04-25:noticeId=35:objectType=note - New note by lambda - @lain5@pleroma.example.org does this not work? - - - http://activitystrea.ms/schema/1.0/post - 2017-04-25T17:42:31+00:00 - 2017-04-25T17:42:31+00:00 - - tag:gs.example.org:4040,2017-04-25:objectType=thread:nonce=fc841d7f52caa363 - - - - - - diff --git a/test/fixtures/tesla_mock/https___mamot.fr_users_Skruyb.atom b/test/fixtures/tesla_mock/https___mamot.fr_users_Skruyb.atom deleted file mode 100644 index b5f3d923b..000000000 --- a/test/fixtures/tesla_mock/https___mamot.fr_users_Skruyb.atom +++ /dev/null @@ -1,342 +0,0 @@ - - - https://mamot.fr/users/Skruyb.atom - The 7th Son - Fr and En. -Posts will disappear on a regular basis. - 2017-04-28T13:54:23Z - https://mamot.fr/system/accounts/avatars/000/026/213/original/d95dbcfc76f77f4c.jpg?1493230984 - - https://mamot.fr/users/Skruyb - http://activitystrea.ms/schema/1.0/person - https://mamot.fr/users/Skruyb - Skruyb - Skruyb@mamot.fr - <p>Fr and En.<br />Posts will disappear on a regular basis.</p> - - - - Skruyb - The 7th Son - Fr and En. -Posts will disappear on a regular basis. - public - - - - - - - - tag:mamot.fr,2017-05-10:objectId=1299665:objectType=Status - 2017-05-10T20:06:59Z - 2017-05-10T20:06:59Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pouets.ovh/@noName" class="u-url mention">@<span>noName</span></a></span></p><p>Pour comparer faut avoir tester... Ô wait!!! 😁</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1299185:objectType=Status - 2017-05-10T19:52:14Z - 2017-05-10T19:52:14Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://witches.town/@Dhveszak" class="u-url mention">@<span>Dhveszak</span></a></span></p><p>Toi!! Tu vises le ministère de la propagande avoue!!!!!!!</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1299019:objectType=Status - 2017-05-10T19:47:19Z - 2017-05-10T19:47:19Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>Facebook s&apos;attaque aux sites internet &quot;trompeurs&quot;</p><p><a href="http://u.afp.com/4W4z" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="">u.afp.com/4W4z</span><span class="invisible"></span></a></p><p>J&apos;attends de voir que Facebook s&apos;attaque à lui même... rien qu&apos;à lire leurs conditions générales d&apos;utilisation, le respect de la vie privée...</p><p>Charité bien ordonnée... Parfois l&apos;égoïsme aurait du bon.</p> - - public - - - - - tag:mamot.fr,2017-05-10:objectId=1298889:objectType=Status - 2017-05-10T19:43:18Z - 2017-05-10T19:43:18Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://octodon.social/@Balise" class="u-url mention">@<span>Balise</span></a></span></p><p>Fait comme moi, annonce que tu fais dans le flou artistique et que seuls des esprits éclairés pourront en percevoir la beauté et apprécier. Globalement après ça, tout le monde trouve les photos cool :-p</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1298728:objectType=Status - 2017-05-10T19:38:39Z - 2017-05-10T19:38:39Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.social/@applecandy" class="u-url mention">@<span>applecandy</span></a></span></p><p>Lucky you!!!</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1298431:objectType=Status - 2017-05-10T19:26:32Z - 2017-05-10T19:26:32Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>Est-ce que je suis le seul qui lorsqu&apos;il commence à compter les arbres sur le bord de la route n&apos;arrive pas à s&apos;arrêter de compter?</p> - - public - - - - - tag:mamot.fr,2017-05-10:objectId=1298224:objectType=Status - 2017-05-10T19:18:17Z - 2017-05-10T19:18:17Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>Ca y est j&apos;ai une nouvelle passion. Mettre les bouchons qui trainent par terre dans le bons sens avec mon pied 🙌</p> - - public - - - - - tag:mamot.fr,2017-05-10:objectId=1297450:objectType=Status - 2017-05-10T18:53:37Z - 2017-05-10T18:53:37Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>Ok. On est capable d&apos;envoyer des mecs dans l&apos;espace, avoir des voitures autonomes, des trucs intelligents de partout mais pas tous les bâtiments accessibles aux personnes à mobilité réduite, les émissions sur le services publics avec une personne faisant la traduction pour les sourds et malentendants de manière systématique...</p><p>J&apos;ai du louper un truc dans l&apos;ordre des priorités Oo</p> - - public - - - - - tag:mamot.fr,2017-05-10:objectId=1297292:objectType=Status - 2017-05-10T18:48:17Z - 2017-05-10T18:48:17Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>J&apos;ai comme envie de faire un truc mais je ne sais pas quoi mais pourtant c&apos;est comme si je ressentais l&apos;idée dans ma tête mais c&apos;est pas clair...</p><p>Fuck!!! J&apos;vais aller draguer Josiane à la compta ça va me changer les idées!!!</p> - - public - - - - - tag:mamot.fr,2017-05-10:objectId=1296598:objectType=Status - 2017-05-10T18:25:11Z - 2017-05-10T18:25:11Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mamot.fr/@Smeablog" class="u-url mention">@<span>Smeablog</span></a></span></p><p>Pas faux MDR!!!!</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1296571:objectType=Status - 2017-05-10T18:24:13Z - 2017-05-10T18:24:13Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mamot.fr/@Smeablog" class="u-url mention">@<span>Smeablog</span></a></span></p><p>Ca ne change pas la finalité malheureusement, ça ne m&apos;ouvre pas ce à quoi je veux accéder 😭</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1296475:objectType=Status - 2017-05-10T18:20:50Z - 2017-05-10T18:20:50Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>Arrrgghhhhhhh!!!!</p><p>Quand t&apos;es sur le point de cliquer sur un lien dans le fil public global et que BOOM ça se met à jour... J&apos;ose même pas imaginer combien j&apos;ai ouvert de pages web sans le vouloir!!!</p> - - public - - - - - tag:mamot.fr,2017-05-10:objectId=1296426:objectType=Status - 2017-05-10T18:19:17Z - 2017-05-10T18:19:17Z - Skruyb shared a status by Isaluini@mastodon.social - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:mastodon.social,2017-05-10:objectId=5587049:objectType=Status - 2017-05-10T18:18:59Z - 2017-05-10T18:19:00Z - New status by Isaluini@mastodon.social - - https://mastodon.social/users/Isaluini - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/Isaluini - Isaluini - Isaluini@mastodon.social - <p>Adicciones: Escribir, diseñar, cine, café, humor negro, música y dibujar. | Jedi. Bueno, no. Algún día (?) | Gratitude.</p> - - - - Isaluini - Isa - Adicciones: Escribir, diseñar, cine, café, humor negro, música y dibujar. | Jedi. Bueno, no. Algún día (?) | Gratitude. - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>♫ <br><a href="https://www.youtube.com/watch?v=pT68FS3YbQ4"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=pT68FS3YbQ</span><span class="invisible">4</span></a></p> - - public - - - <p>♫ <br><a href="https://www.youtube.com/watch?v=pT68FS3YbQ4"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=pT68FS3YbQ</span><span class="invisible">4</span></a></p> - - public - - - - - tag:mamot.fr,2017-05-10:objectId=1295893:objectType=Status - 2017-05-10T18:01:51Z - 2017-05-10T18:01:51Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mamot.fr/@Chat2Gouttieres" class="u-url mention">@<span>Chat2Gouttieres</span></a></span></p><p>Ah bah après faut savoir mettre à profit ce savoir ^^</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1295815:objectType=Status - 2017-05-10T18:00:02Z - 2017-05-10T18:00:02Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mamot.fr/@Chat2Gouttieres" class="u-url mention">@<span>Chat2Gouttieres</span></a></span></p><p>Exactement. On a les jeux mais pas le pain encore.</p><p>Finalement on a rien inventé :-p</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1295778:objectType=Status - 2017-05-10T17:58:52Z - 2017-05-10T17:58:52Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mamot.fr/@Chat2Gouttieres" class="u-url mention">@<span>Chat2Gouttieres</span></a></span></p><p>C&apos;est ça visiblement dans notre société dite moderne... &quot;Créer l&apos;illusion que&quot; Oo.</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1294943:objectType=Status - 2017-05-10T17:31:44Z - 2017-05-10T17:31:44Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - Hey. - <p><span class="h-card"><a href="https://mastodon.social/@lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span></p><p>Hey!!!</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1294914:objectType=Status - 2017-05-10T17:30:40Z - 2017-05-10T17:30:40Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mamot.fr/@EloClemTiti" class="u-url mention">@<span>EloClemTiti</span></a></span></p><p>J&apos;ai souvent cette impression en effet 😂</p> - - - public - - - - - - tag:mamot.fr,2017-05-10:objectId=1294148:objectType=Status - 2017-05-10T17:02:01Z - 2017-05-10T17:02:01Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>Les gars, les boss veulent voir de l&apos;avancement!! Une idée?</p><p>On fait comme d&apos;habitude. On divise nos tâches en 25.000 tâches unitaires, on fout du vert au maximum et on crée l&apos;illusion que ça a bien avancé!</p><p>Deal!!</p><p>Bob, tu choisis quel vert on utilise<br />Alice, t&apos;es en charge de la typo<br />Moi, je m&apos;occupe qu&apos;on prend bien le dernier template ppt fournit par la comm interne.</p><p>Des winners qu&apos;on est!!!! Des WI-NNERS!!!</p> - - public - - - - - tag:mamot.fr,2017-05-10:objectId=1293995:objectType=Status - 2017-05-10T16:57:53Z - 2017-05-10T16:57:53Z - New status by Skruyb - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://mastodon.social/@SauceHair" class="u-url mention">@<span>SauceHair</span></a></span></p><p>Cool!!</p><p>Bon courage.</p> - - - public - - - - - diff --git a/test/fixtures/tesla_mock/https___mastodon.social_users_lambadalambda.atom b/test/fixtures/tesla_mock/https___mastodon.social_users_lambadalambda.atom deleted file mode 100644 index 4d732b109..000000000 --- a/test/fixtures/tesla_mock/https___mastodon.social_users_lambadalambda.atom +++ /dev/null @@ -1,464 +0,0 @@ - - - https://mastodon.social/users/lambadalambda.atom - Critical Value - - 2017-04-16T21:47:25Z - https://files.mastodon.social/accounts/avatars/000/000/264/original/1429214160519.gif - - https://mastodon.social/users/lambadalambda - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/lambadalambda - lambadalambda - lambadalambda@mastodon.social - - - - lambadalambda - Critical Value - public - - - - - - - - tag:mastodon.social,2017-05-04:objectId=4991300:objectType=Status - 2017-05-04T14:10:30Z - 2017-05-04T14:10:30Z - Delete - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/delete - - - - - tag:mastodon.social,2017-05-04:objectId=4980289:objectType=Status - 2017-05-04T07:43:23Z - 2017-05-04T07:43:23Z - Delete - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/delete - - - - - tag:mastodon.social,2017-05-03:objectId=4952899:objectType=Status - 2017-05-03T17:26:43Z - 2017-05-03T17:26:43Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> OK!!</p> - - - public - - - - - - tag:mastodon.social,2017-05-03:objectId=4952810:objectType=Status - 2017-05-03T17:24:34Z - 2017-05-03T17:24:34Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> yeah :)</p> - - - public - - - - - - tag:mastodon.social,2017-05-03:objectId=4950388:objectType=Status - 2017-05-03T16:22:00Z - 2017-05-03T16:22:00Z - lambadalambda shared a status by lambadalambda@social.heldscal.la - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:social.heldscal.la,2017-05-03:noticeId=2030733:objectType=note - 2017-05-03T12:29:20Z - 2017-05-03T12:29:31Z - New status by lambadalambda@social.heldscal.la - - https://social.heldscal.la/user/23211 - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - lambadalambda@social.heldscal.la - Call me Deacon Blues. - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - Time for work. <a href="https://social.heldscal.la/file/953c117a1e7e4c763755d2ac29cf1aae08e025599f4a4cc11ddff4082c07f969.jpg">https://social.heldscal.la/attachment/120552</a> - - - public - - - Time for work. <a href="https://social.heldscal.la/file/953c117a1e7e4c763755d2ac29cf1aae08e025599f4a4cc11ddff4082c07f969.jpg">https://social.heldscal.la/attachment/120552</a> - - public - - - - - tag:mastodon.social,2017-05-03:objectId=4934452:objectType=Status - 2017-05-03T08:21:09Z - 2017-05-03T08:21:09Z - lambadalambda shared a status by lain@pleroma.soykaf.com - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - https://pleroma.soykaf.com/objects/4c1bda26-902e-4525-9fcd-b9fd44925193 - 2017-05-03T08:04:44Z - 2017-05-03T08:05:52Z - New status by lain@pleroma.soykaf.com - - https://pleroma.soykaf.com/users/lain - http://activitystrea.ms/schema/1.0/person - https://pleroma.soykaf.com/users/lain - lain - lain@pleroma.soykaf.com - Test account - - - - lain - Lain Iwakura - Test account - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - Added returning the entries as xml... let's see if the mastodon hammering stops now. - - public - - - Added returning the entries as xml... let's see if the mastodon hammering stops now. - - public - - - - - tag:mastodon.social,2017-05-02:objectId=4905499:objectType=Status - 2017-05-02T19:34:21Z - 2017-05-02T19:34:21Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> yay!</p> - - - public - - - - - - tag:mastodon.social,2017-05-02:objectId=4905442:objectType=Status - 2017-05-02T19:33:33Z - 2017-05-02T19:33:33Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> so?</p> - - - public - - - - - - tag:mastodon.social,2017-05-02:objectId=4901603:objectType=Status - 2017-05-02T18:33:06Z - 2017-05-02T18:33:06Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> hey</p> - - - public - - - - - - tag:mastodon.social,2017-05-01:objectId=4836720:objectType=Status - 2017-05-01T18:52:16Z - 2017-05-01T18:52:16Z - lambadalambda shared a status by lain@pleroma.soykaf.com - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - https://pleroma.soykaf.com/objects/7b41bb51-9aba-436a-82d9-dd3f5aca98c9 - 2017-05-01T18:50:54Z - 2017-05-01T18:50:57Z - New status by lain@pleroma.soykaf.com - - https://pleroma.soykaf.com/users/lain - http://activitystrea.ms/schema/1.0/person - https://pleroma.soykaf.com/users/lain - lain - lain@pleroma.soykaf.com - Test account - - - - lain - Lain Iwakura - Test account - public - - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <a href="https://mastodon.social/users/lambadalambda">@lambadalambda@mastodon.social</a> you're an all-star. - - - public - - - - <a href="https://mastodon.social/users/lambadalambda">@lambadalambda@mastodon.social</a> you're an all-star. - - public - - - - - tag:mastodon.social,2017-05-01:objectId=4836142:objectType=Status - 2017-05-01T18:38:47Z - 2017-05-01T18:38:47Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> Hey now!</p> - - - public - - - - - - tag:mastodon.social,2017-05-01:objectId=4836055:objectType=Status - 2017-05-01T18:37:04Z - 2017-05-01T18:37:04Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> hello</p> - - - public - - - - - - tag:mastodon.social,2017-05-01:objectId=4834850:objectType=Status - 2017-05-01T18:10:43Z - 2017-05-01T18:10:43Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> Hey!</p> - - - public - - - - - tag:mastodon.social,2017-04-29:objectId=4694455:objectType=Status - 2017-04-29T18:39:12Z - 2017-04-29T18:39:12Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>@lain@pleroma.soykaf.com What&apos;s up?</p> - - public - - - - - tag:mastodon.social,2017-04-29:objectId=4694384:objectType=Status - 2017-04-29T18:37:32Z - 2017-04-29T18:37:32Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://social.heldscal.la/lain" class="u-url mention">@<span>lain</span></a></span> Hey.</p> - - - public - - - - - tag:mastodon.social,2017-04-07:objectId=1874242:objectType=Status - 2017-04-07T11:02:56Z - 2017-04-07T11:02:56Z - lambadalambda shared a status by 0xroy@social.wxcafe.net - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:social.wxcafe.net,2017-04-07:objectId=72554:objectType=Status - 2017-04-07T11:01:59Z - 2017-04-07T11:02:00Z - New status by 0xroy@social.wxcafe.net - - https://social.wxcafe.net/users/0xroy - http://activitystrea.ms/schema/1.0/person - https://social.wxcafe.net/users/0xroy - 0xroy - 0xroy@social.wxcafe.net - ta caution weeb | discussions privées : <a href="https://%F0%9F%92%8C.0xroy.me"><span class="invisible">https://</span><span class="">💌.0xroy.me</span><span class="invisible"></span></a> - - - - 0xroy - 「R O Y 🍵 B O S」 - ta caution weeb | discussions privées : https://💌.0xroy.me - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>someone pls eli5 matrix (protocol) and riot</p> - - public - - - <p>someone pls eli5 matrix (protocol) and riot</p> - - public - - - - - tag:mastodon.social,2017-04-06:objectId=1768247:objectType=Status - 2017-04-06T11:10:19Z - 2017-04-06T11:10:19Z - lambadalambda shared a status by areyoutoo@mastodon.xyz - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:mastodon.xyz,2017-04-05:objectId=133327:objectType=Status - 2017-04-05T17:36:41Z - 2017-04-05T18:12:14Z - New status by areyoutoo@mastodon.xyz - - https://mastodon.xyz/users/areyoutoo - http://activitystrea.ms/schema/1.0/person - https://mastodon.xyz/users/areyoutoo - areyoutoo - areyoutoo@mastodon.xyz - devops | retired gamedev | always boost puppy pics - - - - areyoutoo - Raw Butter - devops | retired gamedev | always boost puppy pics - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>Some UX thoughts for <a href="https://mastodon.xyz/tags/mastodev">#<span>mastodev</span></a>:</p><p>- Would be nice if I could work on multiple draft toots? Clicking to reply to someone seems to erase any draft I had been working on.</p><p>- Kinda risky to click on the Federated Timeline if it loads new toots and scrolls 10ms before I click on something.</p><p>I probably don't know enough web frontend to help, but it might be fun to try.</p> - - - public - - - <p>Some UX thoughts for <a href="https://mastodon.xyz/tags/mastodev">#<span>mastodev</span></a>:</p><p>- Would be nice if I could work on multiple draft toots? Clicking to reply to someone seems to erase any draft I had been working on.</p><p>- Kinda risky to click on the Federated Timeline if it loads new toots and scrolls 10ms before I click on something.</p><p>I probably don't know enough web frontend to help, but it might be fun to try.</p> - - public - - - - - tag:mastodon.social,2017-04-06:objectId=1764509:objectType=Status - 2017-04-06T10:15:38Z - 2017-04-06T10:15:38Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - This is a test for cw federation - <p>This is a test for cw federation body text.</p> - - public - - - - - tag:mastodon.social,2017-04-05:objectId=1645208:objectType=Status - 2017-04-05T07:14:53Z - 2017-04-05T07:14:53Z - lambadalambda shared a status by lambadalambda@social.heldscal.la - http://activitystrea.ms/schema/1.0/activity - http://activitystrea.ms/schema/1.0/share - - tag:social.heldscal.la,2017-04-05:noticeId=1502088:objectType=note - 2017-04-05T06:12:09Z - 2017-04-05T07:12:47Z - New status by lambadalambda@social.heldscal.la - - https://social.heldscal.la/user/23211 - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - lambadalambda@social.heldscal.la - Call me Deacon Blues. - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - public - - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - Federation 101: <a href="https://www.youtube.com/watch?v=t1lYU5CA40o">https://www.youtube.com/watch?v=t1lYU5CA40o</a> - - public - - - Federation 101: <a href="https://www.youtube.com/watch?v=t1lYU5CA40o">https://www.youtube.com/watch?v=t1lYU5CA40o</a> - - public - - - - - tag:mastodon.social,2017-04-05:objectId=1641750:objectType=Status - 2017-04-05T05:44:48Z - 2017-04-05T05:44:48Z - New status by lambadalambda - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> just a test.</p> - - - public - - - - diff --git a/test/fixtures/tesla_mock/https___pawoo.net_users_pekorino.atom b/test/fixtures/tesla_mock/https___pawoo.net_users_pekorino.atom deleted file mode 100644 index 17d1956e8..000000000 --- a/test/fixtures/tesla_mock/https___pawoo.net_users_pekorino.atom +++ /dev/null @@ -1,231 +0,0 @@ - - - https://pawoo.net/users/pekorino.atom - モノエ - シアトル・米国 - -GNUsocial 英語版 -http://shitposter.club/mono - - - 2017-05-07T09:28:20Z - https://img.pawoo.net/accounts/avatars/000/128/378/original/e1fce04a36a1ad90.jpg - - https://pawoo.net/users/pekorino - http://activitystrea.ms/schema/1.0/person - https://pawoo.net/users/pekorino - pekorino - pekorino@pawoo.net - <p>シアトル・米国</p><p>GNUsocial 英語版<br /><a href="http://shitposter.club/mono" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="">shitposter.club/mono</span><span class="invisible"></span></a> </p> - - - - pekorino - モノエ - シアトル・米国 - -GNUsocial 英語版 -http://shitposter.club/mono - - - public - - - - - - - tag:pawoo.net,2017-05-07:objectId=9319211:objectType=Status - 2017-05-07T09:56:35Z - 2017-05-07T09:56:35Z - New status by pekorino - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://shitposter.club/moonman" class="u-url mention">@<span>moonman</span></a></span> <span class="h-card"><a href="https://shitposter.club/rw" class="u-url mention">@<span>rw</span></a></span> <span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> <span class="h-card"><a href="https://shitposter.club/mono" class="u-url mention">@<span>mono</span></a></span> </p><p>i have to wait for someone to respond to this before i can follow because i dont think this software has a direct follow by url option</p> - - - - - - public - - - - - - tag:pawoo.net,2017-05-07:objectId=9318595:objectType=Status - 2017-05-07T09:54:39Z - 2017-05-07T09:54:39Z - New status by pekorino - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://shitposter.club/mono" class="u-url mention">@<span>mono</span></a></span> <span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> <span class="h-card"><a href="https://shitposter.club/rw" class="u-url mention">@<span>rw</span></a></span> <span class="h-card"><a href="https://shitposter.club/moonman" class="u-url mention">@<span>moonman</span></a></span> <br />please respond</p> - - - - - - public - - - - - - tag:pawoo.net,2017-05-07:objectId=9313978:objectType=Status - 2017-05-07T09:39:17Z - 2017-05-07T09:39:17Z - New status by pekorino - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://shitposter.club/moonman" class="u-url mention">@<span>moonman</span></a></span> <br />mastodon is so slow. browser crashed twice trying to set avatar</p> - - - public - - - - - tag:pawoo.net,2017-05-07:objectId=9312691:objectType=Status - 2017-05-07T09:34:38Z - 2017-05-07T09:34:38Z - New status by pekorino - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://shitposter.club/hardbass2k8" class="u-url mention">@<span>hardbass2k8</span></a></span> <a href="https://pawoo.net/media/mZJjLpbPU72GFEz2Svk" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pawoo.net/media/mZJjLpbPU72GFE</span><span class="invisible">z2Svk</span></a></p> - - - - public - - - - - - tag:pawoo.net,2017-05-07:objectId=9312379:objectType=Status - 2017-05-07T09:33:29Z - 2017-05-07T09:33:29Z - New status by pekorino - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://shitposter.club/hardbass2k8" class="u-url mention">@<span>hardbass2k8</span></a></span> <a href="https://pawoo.net/media/nt5JHBEHyTN2bqzdcGU" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pawoo.net/media/nt5JHBEHyTN2bq</span><span class="invisible">zdcGU</span></a></p> - - - - public - - - - - - tag:pawoo.net,2017-05-07:objectId=9311765:objectType=Status - 2017-05-07T09:31:26Z - 2017-05-07T09:31:26Z - New status by pekorino - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p><a href="https://pawoo.net/media/C4RV6ubsEtvS04DX6qs" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pawoo.net/media/C4RV6ubsEtvS04</span><span class="invisible">DX6qs</span></a></p> - - - public - - - - - tag:pawoo.net,2017-05-07:objectId=9311610:objectType=Status - 2017-05-07T09:30:59Z - 2017-05-07T09:30:59Z - New status by pekorino - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p><a href="https://pawoo.net/media/MBmkeEdrjs8pAtCHN6s" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pawoo.net/media/MBmkeEdrjs8pAt</span><span class="invisible">CHN6s</span></a></p> - - - public - - - - - tag:pawoo.net,2017-05-07:objectId=9307782:objectType=Status - 2017-05-07T09:16:47Z - 2017-05-07T09:16:47Z - New status by pekorino - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://shitposter.club/mono" class="u-url mention">@<span>mono</span></a></span></p><p>test</p> - - - public - - - - - tag:pawoo.net,2017-05-07:objectId=9307444:objectType=Status - 2017-05-07T09:15:42Z - 2017-05-07T09:15:42Z - New status by pekorino - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://shitposter.club/hardbass2k8" class="u-url mention">@<span>hardbass2k8</span></a></span> テスト</p> - - - public - - - - - - tag:pawoo.net,2017-05-07:objectId=9307239:objectType=Status - 2017-05-07T09:14:58Z - 2017-05-07T09:14:58Z - New status by pekorino - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>ててててててテスト</p> - - public - - - - - tag:pawoo.net,2017-04-20:objectId=2212164:objectType=Status - 2017-04-20T06:19:18Z - 2017-04-20T06:19:18Z - New status by pekorino - http://activitystrea.ms/schema/1.0/comment - http://activitystrea.ms/schema/1.0/post - <p><span class="h-card"><a href="https://shitposter.club/mono" class="u-url mention">@<span>mono</span></a></span> <a href="https://pawoo.net/media/iMbjMBVPfZJX3lUC2Sc" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pawoo.net/media/iMbjMBVPfZJX3l</span><span class="invisible">UC2Sc</span></a></p> - - - - public - - - - - - tag:pawoo.net,2017-04-20:objectId=2206216:objectType=Status - 2017-04-20T05:57:59Z - 2017-04-20T05:57:59Z - New status by pekorino - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>テスト</p> - - public - - - - - tag:pawoo.net,2017-04-20:objectId=2204702:objectType=Status - 2017-04-20T05:52:09Z - 2017-04-20T05:52:09Z - New status by pekorino - http://activitystrea.ms/schema/1.0/note - http://activitystrea.ms/schema/1.0/post - <p>HELLOWORLD</p> - - public - - - - diff --git a/test/fixtures/tesla_mock/https___pleroma.soykaf.com_users_lain_feed.atom.xml b/test/fixtures/tesla_mock/https___pleroma.soykaf.com_users_lain_feed.atom.xml deleted file mode 100644 index a2a2629a6..000000000 --- a/test/fixtures/tesla_mock/https___pleroma.soykaf.com_users_lain_feed.atom.xml +++ /dev/null @@ -1 +0,0 @@ -https://pleroma.soykaf.com/users/lain/feed.atomlain's timeline2017-05-05T08:38:03.385598https://pleroma.soykaf.com/users/lainhttp://activitystrea.ms/schema/1.0/personhttps://pleroma.soykaf.com/users/lainlainLain IwakuraTest accountlainhttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/sharehttps://pleroma.soykaf.com/activities/579e4224-b2ab-4ffa-8bbe-f7197a0a38d1lain repeated a noticeRT In just seven days, I can make you a man!<br> -- The Rocky Horror Picture Show2017-05-05T08:38:03.3855902017-05-05T08:38:03.385598https://pleroma.soykaf.com/contexts/e8673466-9642-4c9e-8781-f0f69d6b15aehttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/53dd40f4-3069-45a1-863b-94a9b317093dNew note by fortuneIn just seven days, I can make you a man!<br> -- The Rocky Horror Picture Show2017-05-05T02:10:02.9308022017-05-05T08:38:03.423539https://pleroma.soykaf.com/contexts/e8673466-9642-4c9e-8781-f0f69d6b15aehttps://pleroma.soykaf.com/users/fortunehttp://activitystrea.ms/schema/1.0/personhttps://pleroma.soykaf.com/users/fortunefortunefortuneThe trusty unix fortune filefortunehttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/2bc86888-a256-4771-bb53-903f375804f9New note by lainRTs federating into pleroma now.2017-05-04T18:18:50.2764702017-05-04T18:18:50.276476https://pleroma.soykaf.com/contexts/b7ae9350-f317-48aa-8058-2668091bb280http://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/902b1f50-f295-4189-8c15-9c880919e121New favorite by lainlain favorited something2017-05-04T08:03:01.3088902017-05-04T08:03:01.308927http://activitystrea.ms/schema/1.0/notetag:gs.smuglo.li,2017-05-03:noticeId=2164642:objectType=commenthttps://pleroma.soykaf.com/contexts/9419f742-aaba-4eb5-89a2-8b599e8bf43chttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/4e396e66-b063-454c-92c6-583506a9a2deNew note by lainClassic.<br><a href='https://pleroma.soykaf.com/media/adc36781-9765-4d9a-b57c-99b7a99108b2/mikodaemonstop.jpg'>https://pleroma.soykaf.com/media/adc36781-9765-4d9a-b57c-99b7a99108b2/mikodaemonstop.jpg</a>2017-05-04T07:59:45.1806192017-05-04T07:59:45.180628https://pleroma.soykaf.com/contexts/6afd9659-41e6-406d-ae97-43b880722861http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/85d183e9-c935-4655-a1e6-8d69a4108235New note by lainん?<br><a href='https://pleroma.soykaf.com/media/ab144c6d-a38c-4d35-a60b-9a998becc094/n.gif'>https://pleroma.soykaf.com/media/ab144c6d-a38c-4d35-a60b-9a998becc094/n.gif</a>2017-05-04T07:58:08.8107162017-05-04T07:58:08.810726https://pleroma.soykaf.com/contexts/2e1aa616-86ce-4b50-9c81-63045a972156http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/7c5c45bb-e4d9-4f72-b4c6-0314afbd3553New note by lainyeah.2017-05-04T07:55:17.3352902017-05-04T07:55:17.335299https://pleroma.soykaf.com/contexts/702c06cf-56ff-4a2f-bf5a-150bc00bb168http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/f33f5f54-1c1d-4462-b9ed-229bb635dfd8New note by lainyeah.2017-05-04T07:49:24.9314842017-05-04T07:49:24.931492https://pleroma.soykaf.com/contexts/c4932e7a-00cb-431a-b4ec-7404cb9daf65http://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/0709bc79-7ac5-4983-b6d0-2205bf5ceba3New favorite by lainlain favorited something2017-05-03T20:08:11.2945792017-05-03T20:08:11.294587http://activitystrea.ms/schema/1.0/notetag:pawoo.net,2017-05-03:objectId=7967690:objectType=Statushttps://pleroma.soykaf.com/contexts/07a4b34d-6255-4bb2-8c73-c295a09ac952http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/72c0288e-62d8-43d9-b3d8-1a9d78be8375New note by lain<a href='https://pawoo.net/users/God_Emperor_of_Dune'>@God_Emperor_of_Dune@pawoo.net</a> no man, just some fun domination play among buddies, nothing homo about it.2017-05-03T20:01:00.9983142017-05-03T20:01:00.998322https://pleroma.soykaf.com/contexts/07a4b34d-6255-4bb2-8c73-c295a09ac952http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/d846409e-cf2a-4b68-a149-d5de34a91b0dNew note by lain<a href='https://social.heldscal.la/user/24974'>@dtluna@social.heldscal.la</a> btfo.<br><a href='https://pleroma.soykaf.com/media/fbe42e87-5574-4544-89ba-29ddf46227fa/pnc__picked_media_1889ce61-4961-4fea-8a14-04fe6783ebf6.jpg'>https://pleroma.soykaf.com/media/fbe42e87-5574-4544-89ba-29ddf46227fa/pnc__picked_media_1889ce61-4961-4fea-8a14-04fe6783ebf6.jpg</a>2017-05-03T20:00:15.8609952017-05-03T20:00:15.861002https://pleroma.soykaf.com/contexts/0e88f35e-1a38-4181-bef9-5cbb0d943c63http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/9075265f-f3b2-40e8-809f-10714f05a1fdNew note by lain#nohomo <br><a href='https://pleroma.soykaf.com/media/5cc5ad91-d637-4c45-a691-5ea778dc1bb3/pnc__picked_media_f62dc9ae-ea23-4fe6-bf85-cb75a129ab34.jpg'>https://pleroma.soykaf.com/media/5cc5ad91-d637-4c45-a691-5ea778dc1bb3/pnc__picked_media_f62dc9ae-ea23-4fe6-bf85-cb75a129ab34.jpg</a>2017-05-03T19:50:38.5891062017-05-03T19:50:38.589113https://pleroma.soykaf.com/contexts/07a4b34d-6255-4bb2-8c73-c295a09ac952http://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/7924e992-0a95-40d9-8d17-7278c6c634c9New favorite by lainlain favorited something2017-05-03T18:32:59.2733752017-05-03T18:32:59.273382http://activitystrea.ms/schema/1.0/notetag:gs.smuglo.li,2017-05-03:noticeId=2164774:objectType=commenthttps://pleroma.soykaf.com/contexts/9419f742-aaba-4eb5-89a2-8b599e8bf43chttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/569571ba-f54c-41b0-bde4-0fede54599f0New note by lain<a href='https://gs.smuglo.li/user/2'>@nepfag@gs.smuglo.li</a>@gs.smuglo.li I'll do proper subfolders soon, for now it's one per attachment + thumbs etc.2017-05-03T18:27:01.4499492017-05-03T18:27:01.449956https://pleroma.soykaf.com/contexts/9419f742-aaba-4eb5-89a2-8b599e8bf43chttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/sharehttps://pleroma.soykaf.com/activities/b6cc5d7c-0785-4785-a689-f1b05dc9b24dlain repeated a noticeRT <p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> Hey now!</p>2017-05-03T18:13:48.8910612017-05-03T18:13:48.891069https://pleroma.soykaf.com/contexts/ec6fdd27-0ec1-4672-8408-5a8e5a9c094bhttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posttag:mastodon.social,2017-05-01:objectId=4836142:objectType=StatusNew note by lambadalambda@mastodon.social<p><span class="h-card"><a href="https://pleroma.soykaf.com/users/lain" class="u-url mention">@<span>lain</span></a></span> Hey now!</p>2017-05-01T18:38:49.3653912017-05-03T18:13:48.934745https://pleroma.soykaf.com/contexts/ec6fdd27-0ec1-4672-8408-5a8e5a9c094bhttps://mastodon.social/users/lambadalambdahttp://activitystrea.ms/schema/1.0/personhttps://mastodon.social/users/lambadalambdalambadalambda@mastodon.socialCritical Valuenillambadalambda@mastodon.socialhttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/sharehttps://pleroma.soykaf.com/activities/3c09eb31-4ba8-4ff5-b4fa-8f6f74d58bf0lain repeated a noticeRT Haha, salmons from mastodon didn't work because it's not implementing conversation id...2017-05-03T18:13:15.1480412017-05-03T18:13:15.148049tag:social.heldscal.la,2017-05-01:objectType=thread:nonce=86cda6c734401d80http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posttag:social.heldscal.la,2017-05-01:noticeId=2000425:objectType=noteNew note by lambadalambda@social.heldscal.laHaha, salmons from mastodon didn't work because it's not implementing conversation id...2017-05-01T18:39:36.2163772017-05-03T18:13:15.171143tag:social.heldscal.la,2017-05-01:objectType=thread:nonce=86cda6c734401d80https://social.heldscal.la/user/23211http://activitystrea.ms/schema/1.0/personhttps://social.heldscal.la/user/23211lambadalambda@social.heldscal.laConstance Variablenillambadalambda@social.heldscal.lahttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/b8fc83d5-d7c0-4b5f-8976-0317b51935eaNew note by lain.<br><a href='https://pleroma.soykaf.com/media/563008a7-9a60-47ac-a263-22835729adf6/1492530528735.png'>https://pleroma.soykaf.com/media/563008a7-9a60-47ac-a263-22835729adf6/1492530528735.png</a>2017-05-03T18:12:50.7452412017-05-03T18:12:50.745249https://pleroma.soykaf.com/contexts/9419f742-aaba-4eb5-89a2-8b599e8bf43chttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/sharehttps://pleroma.soykaf.com/activities/ac93ecef-cde0-48e8-ae4b-19e3b94dbe30lain repeated a noticeRT Awright, which one of you hid my PENIS ENVY?2017-05-03T18:08:49.2310012017-05-03T18:08:49.235354https://pleroma.soykaf.com/contexts/a9132cf8-6afa-4dd8-8b29-7b6fcab623b8http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/04e15c66-4936-4930-a134-32841f088bcfNew note by fortuneAwright, which one of you hid my PENIS ENVY?2017-05-01T19:40:03.1699962017-05-03T18:08:49.285347https://pleroma.soykaf.com/contexts/a9132cf8-6afa-4dd8-8b29-7b6fcab623b8https://pleroma.soykaf.com/users/fortunehttp://activitystrea.ms/schema/1.0/personhttps://pleroma.soykaf.com/users/fortunefortunefortuneThe trusty unix fortune filefortunehttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/sharehttps://pleroma.soykaf.com/activities/54b10fa9-d602-4a0f-b659-e6d3f7bc8c4clain repeated a noticeRT He is a man capable of turning any colour into grey.<br> -- John LeCarre2017-05-03T17:44:47.5789842017-05-03T17:44:47.578996https://pleroma.soykaf.com/contexts/8aebc8e5-5352-4047-8b74-4098a5830ccahttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/70ded299-184d-49cd-af17-23c0950536aaNew note by fortuneHe is a man capable of turning any colour into grey.<br> -- John LeCarre2017-05-02T08:40:03.4194652017-05-03T17:44:47.646192https://pleroma.soykaf.com/contexts/8aebc8e5-5352-4047-8b74-4098a5830ccahttps://pleroma.soykaf.com/users/fortunehttp://activitystrea.ms/schema/1.0/personhttps://pleroma.soykaf.com/users/fortunefortunefortuneThe trusty unix fortune filefortunehttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/sharehttps://pleroma.soykaf.com/activities/eff9fe49-8fc9-48e6-a1a0-921aa25c8118lain repeated a noticeRT The real trouble with women is that they have *all* the pussy.2017-05-03T17:30:22.5960372017-05-03T17:30:22.596048https://pleroma.soykaf.com/contexts/8c88c9df-4e40-4f54-b15f-c21848d1a8e2http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/0b9b008d-49eb-48a9-a18d-172ce7d01ea2New note by fortuneThe real trouble with women is that they have *all* the pussy.2017-05-02T12:10:03.6030862017-05-03T17:30:22.683141https://pleroma.soykaf.com/contexts/8c88c9df-4e40-4f54-b15f-c21848d1a8e2https://pleroma.soykaf.com/users/fortunehttp://activitystrea.ms/schema/1.0/personhttps://pleroma.soykaf.com/users/fortunefortunefortuneThe trusty unix fortune filefortunehttp://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/5d90bb26-ce23-4a5b-8dbd-651011780007New favorite by lainlain favorited something2017-05-03T17:28:20.9679262017-05-03T17:28:20.967935http://activitystrea.ms/schema/1.0/notetag:mastodon.social,2017-05-03:objectId=4952899:objectType=Statushttps://pleroma.soykaf.com/contexts/42701ab4-964a-441a-a372-f51bd183e441 \ No newline at end of file diff --git a/test/fixtures/tesla_mock/https___shitposter.club_api_statuses_show_2827873.atom.xml b/test/fixtures/tesla_mock/https___shitposter.club_api_statuses_show_2827873.atom.xml deleted file mode 100644 index 26fdebb49..000000000 --- a/test/fixtures/tesla_mock/https___shitposter.club_api_statuses_show_2827873.atom.xml +++ /dev/null @@ -1,54 +0,0 @@ - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment - New comment by moonman - @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> @<a href="https://gs.smuglo.li/user/2326" class="h-card mention" title="Dolus_McHonest">dolus</a> childhood poring over Strong's concordance and a koine Greek dictionary, fast forward to 2017 and some fuckstick who translates japanese jackoff material tells me you just need to make it sound right in English - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T08:51:48+00:00 - 2017-05-05T08:51:48+00:00 - - http://activitystrea.ms/schema/1.0/person - https://shitposter.club/user/1 - moonman - EMAIL:shitposterclub@gmail.com XMPP: moon@talk.shitposter.club Matrix Ed25519 fingerprint: 2HuDUTEz3iFN5N3xl6PYp9xZW/EWhgbbt78SrFy4w8o - - - - - - moonman - Generic Enemy - EMAIL:shitposterclub@gmail.com XMPP: moon@talk.shitposter.club Matrix Ed25519 fingerprint: 2HuDUTEz3iFN5N3xl6PYp9xZW/EWhgbbt78SrFy4w8o - - The Moon - - - homepage - https://shitposter.club/moonman - true - - - - - - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=3c16e9c2681f6d26 - - - - - https://shitposter.club/api/statuses/user_timeline/1.atom - Generic Enemy - - - - https://shitposter.club/avatar/1-96-20170503024316.jpeg - 2017-05-05T11:43:58+00:00 - - - - - diff --git a/test/fixtures/tesla_mock/https___shitposter.club_api_statuses_user_timeline_1.atom.xml b/test/fixtures/tesla_mock/https___shitposter.club_api_statuses_user_timeline_1.atom.xml deleted file mode 100644 index 31df7c2a6..000000000 --- a/test/fixtures/tesla_mock/https___shitposter.club_api_statuses_user_timeline_1.atom.xml +++ /dev/null @@ -1,454 +0,0 @@ - - - GNU social - https://shitposter.club/api/statuses/user_timeline/1.atom - moonman timeline - Updates from moonman on Shitposter Club! - https://shitposter.club/avatar/1-96-20170503024316.jpeg - 2017-05-05T13:24:09+00:00 - - http://activitystrea.ms/schema/1.0/person - https://shitposter.club/user/1 - moonman - EMAIL:shitposterclub@gmail.com XMPP: moon@talk.shitposter.club Matrix Ed25519 fingerprint: 2HuDUTEz3iFN5N3xl6PYp9xZW/EWhgbbt78SrFy4w8o - - - - - - moonman - Generic Enemy - EMAIL:shitposterclub@gmail.com XMPP: moon@talk.shitposter.club Matrix Ed25519 fingerprint: 2HuDUTEz3iFN5N3xl6PYp9xZW/EWhgbbt78SrFy4w8o - - The Moon - - - homepage - https://shitposter.club/moonman - true - - - - - - - - - - - - - - tag:shitposter.club,2017-05-05:subscription:1:person:23190:2017-05-05T11:43:58+00:00 - Generic Enemy (moonman)'s status on Friday, 05-May-2017 11:43:58 UTC - <a href="https://shitposter.club/moonman">Generic Enemy</a> started following <a href="https://noagendasocial.com/@Ma5on">Mason</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-05-05T11:43:58+00:00 - 2017-05-05T11:43:58+00:00 - - http://activitystrea.ms/schema/1.0/person - https://noagendasocial.com/users/Ma5on - Mason - - - - - - ma5on - Mason - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=abffa9c14a054d3b - - - - - - - tag:shitposter.club,2017-05-05:subscription:1:person:14357:2017-05-05T10:29:03+00:00 - Generic Enemy (moonman)'s status on Friday, 05-May-2017 10:29:03 UTC - <a href="https://shitposter.club/moonman">Generic Enemy</a> started following <a href="https://mastodon.cloud/@ohyran">Jens Reuterberg</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-05-05T10:29:03+00:00 - 2017-05-05T10:29:03+00:00 - - http://activitystrea.ms/schema/1.0/person - https://mastodon.cloud/users/ohyran - Jens Reuterberg - RPG-nerd, illustrator, Open Source enthusiast, KDE dude, designer and gay lefty. Might be a cliché - but we will soon find out! - - - - - - ohyran - Jens Reuterberg - RPG-nerd, illustrator, Open Source enthusiast, KDE dude, designer and gay lefty. Might be a cliché - but we will soon find out! - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=937151d4825a85bf - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-05-05:noticeId=2828637:objectType=note - New note by moonman - basicall i would just rather have ppl say &quot;i like x and y&quot; than &quot;i'm a nerd&quot; the term can be retired. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T10:24:54+00:00 - 2017-05-05T10:24:54+00:00 - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=65992b0b9b5e6931 - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2828579:objectType=comment - New comment by moonman - @<a href="https://gs.smuglo.li/user/35497" class="h-card mention" title="Bokuro Bokusawa">boco</a> to be honest i've turned right around and been cruel to other people, i said i'd never do it but it happens again eventually. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T10:20:33+00:00 - 2017-05-05T10:20:33+00:00 - - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=c997fc73d7f8a8f0 - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2828554:objectType=comment - New comment by moonman - @<a href="https://mastodon.cloud/users/ohyran" class="h-card mention" title="Jens Reuterberg">ohyran</a> i won't ever get over bullying but i agree otherwise. i don't go to comic shops too often these days but i got dragged to one last year and the sheer diversity of people enjoying comics now compared to years ago was striking and it pleased me. and i noticed a couple years ago because of youtube i find things i truly enjoy watching, like in-depth videos about electronic parts, didn't exist 20 years ago. it's pretty great. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T10:18:10+00:00 - 2017-05-05T10:18:10+00:00 - - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=efae3a23b6e05767 - - - - - - - - tag:shitposter.club,2017-05-05:fave:1:comment:2828502:2017-05-05T10:12:52+00:00 - Favorite - moonman favorited something by ohyran: <p><span class="h-card"><a href="https://shitposter.club/moonman" class="u-url mention">@<span>moonman</span></a></span> fair enough - that distinction makes it clearer...</p><p>On the other hand - those of us who did "pay the price" of being nerdy little kids in the 80's and 90's should strive to get past it anyway (mental health wise not "just get over it") and see the "nerd culture" thing as a blessing of sorts. We are in the optimal spot to do it. (not saying that that is something easy btw just that NOW is the best of time to start talking about it)</p> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T10:12:52+00:00 - 2017-05-05T10:12:52+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:mastodon.cloud,2017-05-05:objectId=6334570:objectType=Status - New comment by ohyran - <p><span class="h-card"><a href="https://shitposter.club/moonman" class="u-url mention">@<span>moonman</span></a></span> fair enough - that distinction makes it clearer...</p><p>On the other hand - those of us who did "pay the price" of being nerdy little kids in the 80's and 90's should strive to get past it anyway (mental health wise not "just get over it") and see the "nerd culture" thing as a blessing of sorts. We are in the optimal spot to do it. (not saying that that is something easy btw just that NOW is the best of time to start talking about it)</p> - - - - - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=efae3a23b6e05767 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-05-05:noticeId=2828496:objectType=note - New note by moonman - things are better now, a lot less kids in america get beaten up and called a fag. still too many. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T10:11:31+00:00 - 2017-05-05T10:11:31+00:00 - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=c997fc73d7f8a8f0 - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2828457:objectType=comment - New comment by moonman - @<a href="https://shitposter.club/user/21787" class="h-card mention" title="Yukari">cutscenes</a> @<a href="https://gs.smuglo.li/user/28250" class="h-card mention" title="Bricky">thatbrickster</a> @<a href="https://gs.smuglo.li/user/35497" class="h-card mention" title="Bokuro Bokusawa">boco</a> i never understood this because nerds had pocket protectors, which was a draftsman engineer thing and therefore smart, while geeks were people in carnivals who bit heads off small animals. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T10:07:57+00:00 - 2017-05-05T10:07:57+00:00 - - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=efae3a23b6e05767 - - - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2828435:objectType=comment - New comment by moonman - @<a href="https://mastodon.cloud/users/ohyran" class="h-card mention" title="Jens Reuterberg">ohyran</a> since i didn't specify i'm talking about people subjected to physical and psychological abuse and not people that are just mad that more people like comic books now. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T10:05:07+00:00 - 2017-05-05T10:05:07+00:00 - - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=efae3a23b6e05767 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-05-05:noticeId=2828326:objectType=note - New note by moonman - if you were a &quot;nerd&quot; before, like, 2001 you have permanent excuse to hate this kind of shit.   <a href="https://shitposter.club/file/b79fa5644be0d6f22679136e67b7bf45c9c4a74a55c32dd2d0cf15de4ddd5be5.gif" title="https://shitposter.club/file/b79fa5644be0d6f22679136e67b7bf45c9c4a74a55c32dd2d0cf15de4ddd5be5.gif" class="attachment" id="attachment-662105" rel="nofollow external">https://shitposter.club/attachment/662105</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T09:47:42+00:00 - 2017-05-05T09:47:42+00:00 - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=efae3a23b6e05767 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-05-05:noticeId=2828250:objectType=note - New note by moonman - <a href="https://shitposter.club/file/1283e2d4dd8f96b8eeb5d9a16b318e210868aa11386cf0d593891e4c75c9126e.gif" title="https://shitposter.club/file/1283e2d4dd8f96b8eeb5d9a16b318e210868aa11386cf0d593891e4c75c9126e.gif" class="attachment" id="attachment-662098" rel="nofollow external">https://shitposter.club/attachment/662098</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T09:39:06+00:00 - 2017-05-05T09:39:06+00:00 - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=ea8ffae90546f0ab - - - - - - - - tag:shitposter.club,2017-05-05:fave:1:comment:2828161:2017-05-05T09:28:19+00:00 - Favorite - moonman favorited something by kro: @<a href="https://shitposter.club/user/1" class="h-card u-url p-nickname mention" title="Generic Enemy">moonman</a> Till Brooklyn? - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T09:28:19+00:00 - 2017-05-05T09:28:19+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:gs.smuglo.li,2017-05-05:noticeId=2188587:objectType=comment - New comment by kro - @<a href="https://shitposter.club/user/1" class="h-card u-url p-nickname mention" title="Generic Enemy">moonman</a> Till Brooklyn? - - - - - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=d7aa6b5b057ca555 - - - - - - - tag:shitposter.club,2017-05-05:fave:1:comment:2828125:2017-05-05T09:24:56+00:00 - Favorite - moonman favorited something by hardbass2k8: this has obviously interesting implications in various places, for example:<br /> the nationalism of the nazis might not have been real, who would have thought?<br /> socialism is usually promoted to implementation by real douchebags!<br /> your local social justice people might want diversity but they don't want you, m/19, white, why?<br /> amateur soccer club, they want to be the best in the amateur league but actually they just get drunk after training and are 50% overweight.<br /> This is because humans are not capable of telepathy, so if you join a group it doesn't magically align every little bit of your being with the declared group goals.<br /> <br /> Even though you see unmanned group beliefs flying around from time to time, generally groups are created from a bunch of people. they are not a container for people, they are the people inside them.<br /> <br /> so if you see a group that appears to be cool don't think of it as cool because its goals are cool but because its members are cool. if they aren't, tough cookies. don't be the retard and end up on the camp watchtower. - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T09:24:56+00:00 - 2017-05-05T09:24:56+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2828125:objectType=comment - New comment by hardbass2k8 - this has obviously interesting implications in various places, for example:<br /> the nationalism of the nazis might not have been real, who would have thought?<br /> socialism is usually promoted to implementation by real douchebags!<br /> your local social justice people might want diversity but they don't want you, m/19, white, why?<br /> amateur soccer club, they want to be the best in the amateur league but actually they just get drunk after training and are 50% overweight.<br /> This is because humans are not capable of telepathy, so if you join a group it doesn't magically align every little bit of your being with the declared group goals.<br /> <br /> Even though you see unmanned group beliefs flying around from time to time, generally groups are created from a bunch of people. they are not a container for people, they are the people inside them.<br /> <br /> so if you see a group that appears to be cool don't think of it as cool because its goals are cool but because its members are cool. if they aren't, tough cookies. don't be the retard and end up on the camp watchtower. - - - - - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=51b227fe92f6babf - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-05-05:noticeId=2828128:objectType=note - New note by moonman - In a valid remake of They live, signs would say REBEL, and DON'T GET MARRIED AND HAVE KIDS - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T09:24:23+00:00 - 2017-05-05T09:24:23+00:00 - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=b74397fa766b82c9 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-05-05:noticeId=2828104:objectType=note - New note by moonman - <a href="https://shitposter.club/file/4d34178bde99599f31a28928e1666fbd58448d8a22e94ed82222496e4a45cb07.gif" title="https://shitposter.club/file/4d34178bde99599f31a28928e1666fbd58448d8a22e94ed82222496e4a45cb07.gif" class="attachment" id="attachment-662049" rel="nofollow external">https://shitposter.club/attachment/662049</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T09:21:01+00:00 - 2017-05-05T09:21:01+00:00 - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=d7aa6b5b057ca555 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-05-05:noticeId=2828102:objectType=note - New note by moonman - when ppl find out i haven't always been serious  <a href="https://shitposter.club/file/5859fa95875342cc65dba0d852f726db158ce28198c326d5f13d9de7c0d2c449.gif" title="https://shitposter.club/file/5859fa95875342cc65dba0d852f726db158ce28198c326d5f13d9de7c0d2c449.gif" class="attachment" id="attachment-662053" rel="nofollow external">https://shitposter.club/attachment/662053</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T09:20:45+00:00 - 2017-05-05T09:20:45+00:00 - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=0a025ac5a570b4ec - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2828086:objectType=comment - New comment by moonman - @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> @<a href="https://gs.smuglo.li/user/2326" class="h-card mention" title="Dolus_McHonest">dolus</a> @<a href="https://gs.smuglo.li/user/35497" class="h-card mention" title="Bokuro Bokusawa">boco</a> you are being too serious lol - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T09:17:19+00:00 - 2017-05-05T09:17:19+00:00 - - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=3c16e9c2681f6d26 - - - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-05-05:noticeId=2828085:objectType=note - New note by moonman - shitposter dot club  <a href="https://shitposter.club/file/9b084c7210b16abbf4d28594b924a07ef4a2a06f89d901a4c42fb1e243291263.gif" title="https://shitposter.club/file/9b084c7210b16abbf4d28594b924a07ef4a2a06f89d901a4c42fb1e243291263.gif" class="attachment" id="attachment-662047" rel="nofollow external">https://shitposter.club/attachment/662047</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T09:16:50+00:00 - 2017-05-05T09:16:50+00:00 - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=d1ae088a1b91e5e5 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-05-05:noticeId=2828061:objectType=note - New note by moonman - even when i lie i tell the truth, is that so hard to understand? - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T09:15:07+00:00 - 2017-05-05T09:15:07+00:00 - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=a516e4b8506b8ef5 - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2828052:objectType=comment - New comment by moonman - @<a href="https://shitposter.club/user/9591" class="h-card mention" title="warum hei&#xDF;en deutschl&#xE4;nder deutschl&#xE4;nder">hardbass2k8</a> history, anthropology. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T09:14:22+00:00 - 2017-05-05T09:14:22+00:00 - - - - tag:shitposter.club,2017-05-05:objectType=thread:nonce=fe4d7f35b13403ba - - - - - - - diff --git a/test/fixtures/tesla_mock/https___shitposter.club_notice_2827873.json b/test/fixtures/tesla_mock/https___shitposter.club_notice_2827873.json deleted file mode 100644 index 4b7b4df44..000000000 --- a/test/fixtures/tesla_mock/https___shitposter.club_notice_2827873.json +++ /dev/null @@ -1 +0,0 @@ -{"@context":["https://www.w3.org/ns/activitystreams","https://shitposter.club/schemas/litepub-0.1.jsonld",{"@language":"und"}],"actor":"https://shitposter.club/users/moonman","attachment":[],"attributedTo":"https://shitposter.club/users/moonman","cc":["https://shitposter.club/users/moonman/followers"],"content":"@neimzr4luzerz @dolus childhood poring over Strong's concordance and a koine Greek dictionary, fast forward to 2017 and some fuckstick who translates japanese jackoff material tells me you just need to make it sound right in English","context":"tag:shitposter.club,2017-05-05:objectType=thread:nonce=3c16e9c2681f6d26","conversation":"tag:shitposter.club,2017-05-05:objectType=thread:nonce=3c16e9c2681f6d26","id":"tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment","inReplyTo":"tag:shitposter.club,2017-05-05:noticeId=2827849:objectType=comment","inReplyToStatusId":2827849,"published":"2017-05-05T08:51:48Z","sensitive":false,"summary":null,"tag":[],"to":["https://www.w3.org/ns/activitystreams#Public"],"type":"Note"} \ No newline at end of file diff --git a/test/fixtures/tesla_mock/https___social.heldscal.la_api_statuses_user_timeline_23211.atom.xml b/test/fixtures/tesla_mock/https___social.heldscal.la_api_statuses_user_timeline_23211.atom.xml deleted file mode 100644 index 6cba5c28f..000000000 --- a/test/fixtures/tesla_mock/https___social.heldscal.la_api_statuses_user_timeline_23211.atom.xml +++ /dev/null @@ -1,591 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-05-05T12:01:21+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2063249:2017-05-05T11:40:21+00:00 - Favorite - lambadalambda favorited something by tatiana: <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> they will start complaining about this, but won't come up with any solutions)</p> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T11:40:21+00:00 - 2017-05-05T11:40:21+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:social.weho.st,2017-05-05:objectId=172033:objectType=Status - New comment by tatiana - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> they will start complaining about this, but won't come up with any solutions)</p> - - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=e95b99adc050e198 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2063041:2017-05-05T11:27:28+00:00 - Favorite - lambadalambda favorited something by kat: @<a href="https://social.heldscal.la/lambadalambda" class="h-card mention" title="Constance Variable">lambadalambda</a> if the admin reading mine would delete a few it would be really useful in prioritising.  - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T11:27:28+00:00 - 2017-05-05T11:27:28+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:quitter.se,2017-05-05:noticeId=11807959:objectType=comment - New comment by kat - @<a href="https://social.heldscal.la/lambadalambda" class="h-card mention" title="Constance Variable">lambadalambda</a> if the admin reading mine would delete a few it would be really useful in prioritising.  - - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=e95b99adc050e198 - - - - - - - tag:social.heldscal.la,2017-05-05:noticeId=2062924:objectType=note - lambadalambda repeated a notice by nielsk - RT @nielsk @<a href="https://social.heldscal.la/user/23211" class="h-card u-url p-nickname mention" title="Constance Variable">lambadalambda</a> but there are soooo many, where should I start to read? - - http://activitystrea.ms/schema/1.0/share - 2017-05-05T11:09:37+00:00 - 2017-05-05T11:09:37+00:00 - - http://activitystrea.ms/schema/1.0/activity - tag:mastodon.social,2017-05-05:objectId=5024471:objectType=Status - - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> but there are soooo many, where should I start to read?</p> - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T11:05:18+00:00 - 2017-05-05T11:05:18+00:00 - - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/nielsk - nielsk - Sysadmin by day and ehm… sysadmin by night. Besides that old video games, Japan, economics and some other stuff - - - - - - nielsk - nielsk - Sysadmin by day and ehm… sysadmin by night. Besides that old video games, Japan, economics and some other stuff - - - - http://activitystrea.ms/schema/1.0/comment - tag:mastodon.social,2017-05-05:objectId=5024471:objectType=Status - New comment by nielsk - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> but there are soooo many, where should I start to read?</p> - - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=e95b99adc050e198 - - - - https://mastodon.social/users/nielsk.atom - nielsk - - - https://social.heldscal.la/avatar/29849-96-20170428120041.jpeg - 2017-05-05T11:06:32+00:00 - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=e95b99adc050e198 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2062875:2017-05-05T11:09:27+00:00 - Favorite - lambadalambda favorited something by nielsk: <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> but there are soooo many, where should I start to read?</p> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T11:09:27+00:00 - 2017-05-05T11:09:27+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:mastodon.social,2017-05-05:objectId=5024471:objectType=Status - New comment by nielsk - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> but there are soooo many, where should I start to read?</p> - - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=e95b99adc050e198 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2062863:2017-05-05T11:09:11+00:00 - Favorite - lambadalambda favorited something by kasil: <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> surely, google is not that evil !</p> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T11:09:11+00:00 - 2017-05-05T11:09:11+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:loutre.info,2017-05-05:objectId=23331:objectType=Status - New comment by kasil - <p><span class="h-card"><a href="https://social.heldscal.la/lambadalambda" class="u-url mention">@<span>lambadalambda</span></a></span> surely, google is not that evil !</p> - - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=e95b99adc050e198 - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.heldscal.la,2017-05-05:noticeId=2062767:objectType=comment - New comment by lambadalambda - @<a href="https://sealion.club/user/4" class="h-card u-url p-nickname mention" title="dewoo &#x274E;">dwmatiz</a> dunno, probably. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T10:55:17+00:00 - 2017-05-05T10:55:17+00:00 - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=e95b99adc050e198 - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.heldscal.la,2017-05-05:noticeId=2062705:objectType=comment - New comment by lambadalambda - @<a href="https://gs.smuglo.li/user/28250" class="h-card u-url p-nickname mention" title="Bricky">thatbrickster</a> I do it, too. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T10:48:12+00:00 - 2017-05-05T10:48:12+00:00 - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=e95b99adc050e198 - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:social.heldscal.la,2017-05-05:noticeId=2062620:objectType=comment - New comment by lambadalambda - @<a href="https://social.tchncs.de/users/israuor" class="h-card u-url p-nickname mention" title="Israuor &#x2642;">israuor</a> @<a href="https://mastodon.gougere.fr/users/bortzmeyer" class="h-card u-url p-nickname mention" title="S. Bortzmeyer &#x2705;">bortzmeyer</a> so, 99%. 100% for 'normal' people. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T10:38:52+00:00 - 2017-05-05T10:38:52+00:00 - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=e95b99adc050e198 - - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-05-05:noticeId=2062583:objectType=note - New note by lambadalambda - I wonder what'll happen when people realize the admin at their mail hoster can read all their e-mails. - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T10:35:45+00:00 - 2017-05-05T10:35:45+00:00 - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=e95b99adc050e198 - - - - - - - tag:social.heldscal.la,2017-05-05:subscription:23211:person:35708:2017-05-05T09:34:46+00:00 - Constance Variable (lambadalambda@social.heldscal.la)'s status on Friday, 05-May-2017 09:34:46 UTC - <a href="https://social.heldscal.la/lambadalambda">Constance Variable</a> started following <a href="https://mastodon.social/@milouse">milouse</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-05-05T09:34:46+00:00 - 2017-05-05T09:34:46+00:00 - - http://activitystrea.ms/schema/1.0/person - https://mastodon.social/users/milouse - milouse - #Scout leader #sgdf, interested in #openweb, #semanticweb, #privacy, #foss and #socialeconomy. 0xA714ECAC8C9CEE3D - - - - - - milouse - milouse - #Scout leader #sgdf, interested in #openweb, #semanticweb, #privacy, #foss and #socialeconomy. 0xA714ECAC8C9CEE3D - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=26ca19a355bb6135 - - - - - - - tag:social.heldscal.la,2017-05-05:noticeId=2061871:objectType=note - lambadalambda repeated a notice by safebot - RT @<a href="https://gs.smuglo.li/user/25857" class="h-card u-url p-nickname mention" title="safebot">safebot</a> #<span class="tag"><a href="https://social.heldscal.la/tag/cheers" rel="tag">cheers</a></span> <a href="https://gs.smuglo.li/attachment/456444" title="https://gs.smuglo.li/attachment/456444" rel="nofollow external noreferrer" class="attachment" id="attachment-432334">https://gs.smuglo.li/attachment/456444</a> - - http://activitystrea.ms/schema/1.0/share - 2017-05-05T09:16:17+00:00 - 2017-05-05T09:16:17+00:00 - - http://activitystrea.ms/schema/1.0/activity - tag:gs.smuglo.li,2017-05-05:noticeId=2188073:objectType=note - - #<span class="tag"><a href="https://gs.smuglo.li/tag/cheers" rel="tag">cheers</a></span> <a href="https://gs.smuglo.li/file/5099e73c83da778cd032a721e96880f99a868b712be2975d08238547a5ba06c7.jpg" title="https://gs.smuglo.li/file/5099e73c83da778cd032a721e96880f99a868b712be2975d08238547a5ba06c7.jpg" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/456444</a> - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T08:36:53+00:00 - 2017-05-05T08:36:53+00:00 - - http://activitystrea.ms/schema/1.0/person - https://gs.smuglo.li/user/25857 - safebot - - - - - - safebot - safebot - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.smuglo.li,2017-05-05:noticeId=2188073:objectType=note - New note by safebot - #<span class="tag"><a href="https://gs.smuglo.li/tag/cheers" rel="tag">cheers</a></span> <a href="https://gs.smuglo.li/file/5099e73c83da778cd032a721e96880f99a868b712be2975d08238547a5ba06c7.jpg" title="https://gs.smuglo.li/file/5099e73c83da778cd032a721e96880f99a868b712be2975d08238547a5ba06c7.jpg" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/456444</a> - - - - - https://gs.smuglo.li/conversation/1009429 - - - - https://gs.smuglo.li/api/statuses/user_timeline/25857.atom - safebot - - - https://social.heldscal.la/avatar/25719-original-20161215233234.jpeg - 2017-05-05T12:00:57+00:00 - - - - https://gs.smuglo.li/conversation/1009429 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2061643:2017-05-05T09:12:50+00:00 - Favorite - lambadalambda favorited something by moonman: @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> @<a href="https://gs.smuglo.li/user/2326" class="h-card mention" title="Dolus_McHonest">dolus</a> childhood poring over Strong's concordance and a koine Greek dictionary, fast forward to 2017 and some fuckstick who translates japanese jackoff material tells me you just need to make it sound right in English - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T09:12:50+00:00 - 2017-05-05T09:12:50+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment - New comment by moonman - @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> @<a href="https://gs.smuglo.li/user/2326" class="h-card mention" title="Dolus_McHonest">dolus</a> childhood poring over Strong's concordance and a koine Greek dictionary, fast forward to 2017 and some fuckstick who translates japanese jackoff material tells me you just need to make it sound right in English - - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=55ead90125cd4bd4 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2061696:2017-05-05T09:06:10+00:00 - Favorite - lambadalambda favorited something by moonman: @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> <br /> <span class="greentext">&gt; (((common era)))</span> - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T09:06:10+00:00 - 2017-05-05T09:06:10+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2827918:objectType=comment - New comment by moonman - @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> <br /> <span class="greentext">&gt; (((common era)))</span> - - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=55ead90125cd4bd4 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:note:2061673:2017-05-05T08:58:28+00:00 - Favorite - lambadalambda favorited something by moonman: discussion is one thing but any argument I've heard over and over again for the last three decades is going to go unanswered. - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T08:58:28+00:00 - 2017-05-05T08:58:28+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-05-05:noticeId=2827895:objectType=note - New note by moonman - discussion is one thing but any argument I've heard over and over again for the last three decades is going to go unanswered. - - - - - - - https://shitposter.club/conversation/1390494 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2061280:2017-05-05T08:47:38+00:00 - Favorite - lambadalambda favorited something by moonman: @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> sex is for procreation and as an expression of intimacy between commited couples, it is a sacramental act - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T08:47:38+00:00 - 2017-05-05T08:47:38+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2827561:objectType=comment - New comment by moonman - @<a href="https://shitposter.club/user/9655" class="h-card mention" title="Solidarity for Pigs">neimzr4luzerz</a> sex is for procreation and as an expression of intimacy between commited couples, it is a sacramental act - - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=55ead90125cd4bd4 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:note:2061535:2017-05-05T08:40:55+00:00 - Favorite - lambadalambda favorited something by fortune: What did Mickey Mouse get for Christmas?<br /> <br /> A Dan Quayle watch.<br /> <br /> -- heard from a Mike Dukakis field worker - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T08:40:55+00:00 - 2017-05-05T08:40:55+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-05-05:noticeId=2061535:objectType=note - New note by fortune - What did Mickey Mouse get for Christmas?<br /> <br /> A Dan Quayle watch.<br /> <br /> -- heard from a Mike Dukakis field worker - - - - - - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=5185e5c145ee4762 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2061421:2017-05-05T08:36:27+00:00 - Favorite - lambadalambda favorited something by moonman: @<a href="https://maly.io/users/sonya" class="h-card mention" title="Sonya Mann ✅">sonya</a> banned from 4chan. you better watch ou. i'm trouble, y'hear? - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T08:36:27+00:00 - 2017-05-05T08:36:27+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2827689:objectType=comment - New comment by moonman - @<a href="https://maly.io/users/sonya" class="h-card mention" title="Sonya Mann ✅">sonya</a> banned from 4chan. you better watch ou. i'm trouble, y'hear? - - - - - - - https://shitposter.club/conversation/1389345 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2061351:2017-05-05T08:28:03+00:00 - Favorite - lambadalambda favorited something by moonman: @<a href="https://social.heldscal.la/user/29138" class="h-card mention" title="Claes Wallin (韋嘉誠)">clacke</a> is that the sequel to Time Crisis - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T08:28:03+00:00 - 2017-05-05T08:28:03+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2827630:objectType=comment - New comment by moonman - @<a href="https://social.heldscal.la/user/29138" class="h-card mention" title="Claes Wallin (韋嘉誠)">clacke</a> is that the sequel to Time Crisis - - - - - - - https://shitposter.club/conversation/1385528 - - - - - - - tag:social.heldscal.la,2017-05-05:fave:23211:comment:2061339:2017-05-05T08:21:05+00:00 - Favorite - lambadalambda favorited something by hardbass2k8: @<a href="https://social.heldscal.la/user/23211" class="h-card mention" title="Constance Variable">lambadalambda</a> pretty sure it's money laundering - - http://activitystrea.ms/schema/1.0/favorite - 2017-05-05T08:21:05+00:00 - 2017-05-05T08:21:05+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2017-05-05:noticeId=2827617:objectType=comment - New comment by hardbass2k8 - @<a href="https://social.heldscal.la/user/23211" class="h-card mention" title="Constance Variable">lambadalambda</a> pretty sure it's money laundering - - - - - - - https://shitposter.club/conversation/1387523 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-05-05:noticeId=2061303:objectType=note - New note by lambadalambda - It's got tattoos, it's got a pierced hood<br /> It's got generation X<br /> It's got lesbians, and vitriol<br /> And sadomasochistic latex sex<br /> It's got Mighty Morphin' power brokers<br /> And Tanya Harding nude<br /> Macrobiotic lacto-vegan non-confrontational free range food<br /> It's got the handshake, peace talk, non-aggression pact<br /> A multicultural integration of segregated historical facts<br /> <br /> #<span class="tag"><a href="https://social.heldscal.la/tag/nsfw" rel="tag">nsfw</a></span> <a href="https://social.heldscal.la/file/61c13b99c92f40ec4865e7a3830da340b187e3de70d94b8da38fd2138bbede3a.jpg" title="https://social.heldscal.la/file/61c13b99c92f40ec4865e7a3830da340b187e3de70d94b8da38fd2138bbede3a.jpg" rel="nofollow external noreferrer" class="attachment" id="attachment-432199">https://social.heldscal.la/attachment/432199</a> <a href="https://social.heldscal.la/file/a88bba1a324da68ee2cfdbcd1c4cde60bd9553298244d6f81731270b71aa80df.jpg" title="https://social.heldscal.la/file/a88bba1a324da68ee2cfdbcd1c4cde60bd9553298244d6f81731270b71aa80df.jpg" rel="nofollow external noreferrer" class="attachment" id="attachment-432200">https://social.heldscal.la/attachment/432200</a> <a href="https://social.heldscal.la/file/887329a303250e73dc2eea06b1f0512fcac4b9d1b534068f03c45f00d5b21c39.jpg" title="https://social.heldscal.la/file/887329a303250e73dc2eea06b1f0512fcac4b9d1b534068f03c45f00d5b21c39.jpg" rel="nofollow external noreferrer" class="attachment" id="attachment-432201">https://social.heldscal.la/attachment/432201</a> <a href="https://social.heldscal.la/file/6d7a1ec15c1368c4c68810434d24da528606fcbccdd1da97b25affafeeb6ffda.jpg" title="https://social.heldscal.la/file/6d7a1ec15c1368c4c68810434d24da528606fcbccdd1da97b25affafeeb6ffda.jpg" rel="nofollow external noreferrer" class="attachment" id="attachment-432202">https://social.heldscal.la/attachment/432202</a> <a href="https://social.heldscal.la/file/2f55f2bb028eb9be744cc82b35a6b86b496d8c3924c700aff55a872ff11df54c.jpg" title="https://social.heldscal.la/file/2f55f2bb028eb9be744cc82b35a6b86b496d8c3924c700aff55a872ff11df54c.jpg" rel="nofollow external noreferrer" class="attachment" id="attachment-432203">https://social.heldscal.la/attachment/432203</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-05-05T08:17:08+00:00 - 2017-05-05T08:17:08+00:00 - - tag:social.heldscal.la,2017-05-05:objectType=thread:nonce=bb6f4343036970e8 - - - - - - - - - - - - diff --git a/test/fixtures/tesla_mock/https___social.heldscal.la_api_statuses_user_timeline_29191.atom.xml b/test/fixtures/tesla_mock/https___social.heldscal.la_api_statuses_user_timeline_29191.atom.xml deleted file mode 100644 index f70fbc695..000000000 --- a/test/fixtures/tesla_mock/https___social.heldscal.la_api_statuses_user_timeline_29191.atom.xml +++ /dev/null @@ -1,719 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/29191.atom - shp timeline - Updates from shp on social.heldscal.la! - https://social.heldscal.la/avatar/29191-96-20170421154949.jpeg - 2017-05-05T11:57:06+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/29191 - shp - cofe - - - - - - shp - shp - cofe - - cofe - - - - - - - - - - - - - - tag:social.heldscal.la,2017-04-29:noticeId=1967657:objectType=note - shp repeated a notice by lain - RT @<a href="https://social.heldscal.la/user/37181" class="h-card u-url p-nickname mention" title="Lain Iwakura">lain</a> @<a href="https://social.heldscal.la/user/29191" class="h-card u-url p-nickname mention" title="shp">shp</a> @<a href="https://social.heldscal.la/user/23211" class="h-card u-url p-nickname mention">lambadalambda</a> cofe. - - http://activitystrea.ms/schema/1.0/share - 2017-04-29T18:19:34+00:00 - 2017-04-29T18:19:34+00:00 - - http://activitystrea.ms/schema/1.0/activity - https://pleroma.soykaf.com/activities/43d12c05-db3f-4f3d-bee1-d676f264490c - - <a href="https://pleroma.soykaf.com/users/shp">@shp</a> <a href="https://social.heldscal.la/user/23211">@lambadalambda@social.heldscal.la</a> cofe. - - http://activitystrea.ms/schema/1.0/post - 2017-04-29T18:14:36+00:00 - 2017-04-29T18:14:36+00:00 - - http://activitystrea.ms/schema/1.0/person - https://pleroma.soykaf.com/users/lain - lain - Test account - - - - - - lain - Lain Iwakura - Test account - - - - http://activitystrea.ms/schema/1.0/note - https://pleroma.soykaf.com/activities/43d12c05-db3f-4f3d-bee1-d676f264490c - New note by lain - <a href="https://pleroma.soykaf.com/users/shp">@shp</a> <a href="https://social.heldscal.la/user/23211">@lambadalambda@social.heldscal.la</a> cofe. - - - - - tag:social.heldscal.la,2017-04-29:objectType=thread:nonce=e0b75431888efdab - - - https://pleroma.soykaf.com/users/lain/feed.atom - Lain Iwakura - - - https://social.heldscal.la/avatar/43188-96-20170429172422.jpeg - 2017-05-05T08:38:03+00:00 - - - - tag:social.heldscal.la,2017-04-29:objectType=thread:nonce=e0b75431888efdab - - - - - - - tag:social.heldscal.la,2017-04-27:subscription:29191:person:29558:2017-04-27T17:26:37+00:00 - shp (shp@social.heldscal.la)'s status on Thursday, 27-Apr-2017 17:26:37 UTC - <a href="https://social.heldscal.la/shp">shp</a> started following <a href="https://gs.smuglo.li/kfist">KFist</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-04-27T17:26:37+00:00 - 2017-04-27T17:26:37+00:00 - - http://activitystrea.ms/schema/1.0/person - https://gs.smuglo.li/user/28051 - KFist - I stream thanks to @nepfag. I also drink, shitpost, and fly planes. I visited Japan and it changed my life. Do you love your station? - - - - - - kfist - KFist - I stream thanks to @nepfag. I also drink, shitpost, and fly planes. I visited Japan and it changed my life. Do you love your station? - - homepage - http://smuglo.li:8000/stream.m3u - true - - - - tag:social.heldscal.la,2017-04-27:objectType=thread:nonce=f766240d13ed9c2e - - - - - - - tag:social.heldscal.la,2017-04-27:noticeId=1933030:objectType=note - shp repeated a notice by shpbot - RT @<a href="https://gs.archae.me/user/4687" class="h-card u-url p-nickname mention" title="shpbot">shpbot</a> &gt;QuakeC - - http://activitystrea.ms/schema/1.0/share - 2017-04-27T17:21:10+00:00 - 2017-04-27T17:21:10+00:00 - - http://activitystrea.ms/schema/1.0/activity - tag:gs.archae.me,2017-04-27:noticeId=760881:objectType=note - - <span class='greentext'>&gt;QuakeC</span> - - http://activitystrea.ms/schema/1.0/post - 2017-04-27T17:15:13+00:00 - 2017-04-27T17:15:13+00:00 - - http://activitystrea.ms/schema/1.0/person - https://gs.archae.me/user/4687 - shpbot - - - - - - shpbot - shpbot - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.archae.me,2017-04-27:noticeId=760881:objectType=note - New note by shpbot - <span class='greentext'>&gt;QuakeC</span> - - - - - https://gs.archae.me/conversation/318362 - - - https://gs.archae.me/api/statuses/user_timeline/4687.atom - shpbot - - - https://social.heldscal.la/avatar/31581-original-20170405170019.jpeg - 2017-05-05T11:45:08+00:00 - - - - https://gs.archae.me/conversation/318362 - - - - - - - tag:social.heldscal.la,2017-04-27:subscription:29191:person:23226:2017-04-27T17:20:48+00:00 - shp (shp@social.heldscal.la)'s status on Thursday, 27-Apr-2017 17:20:48 UTC - <a href="https://social.heldscal.la/shp">shp</a> started following <a href="http://quitter.se/taknamay">Internet Turtle Ⓐ 🏴 ✅</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-04-27T17:20:48+00:00 - 2017-04-27T17:20:48+00:00 - - http://activitystrea.ms/schema/1.0/person - http://quitter.se/user/115823 - Internet Turtle Ⓐ 🏴 ✅ - Scheme programmer, Novice esperantist, Spiritual naturalist - Will listen to your problems for free - XMPP: DarkDungeons94 at chatme.im - - - - - - taknamay - Internet Turtle Ⓐ 🏴 ✅ - Scheme programmer, Novice esperantist, Spiritual naturalist - Will listen to your problems for free - XMPP: DarkDungeons94 at chatme.im - - New Jersey, United States - - - homepage - https://quitter.se/taknamay - true - - - - tag:social.heldscal.la,2017-04-27:objectType=thread:nonce=a66b1fb22020c152 - - - - - - - tag:social.heldscal.la,2017-04-27:subscription:29191:person:29302:2017-04-27T17:20:33+00:00 - shp (shp@social.heldscal.la)'s status on Thursday, 27-Apr-2017 17:20:33 UTC - <a href="https://social.heldscal.la/shp">shp</a> started following <a href="https://icosahedron.website/@Trev">Chillidan Stormrave</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-04-27T17:20:33+00:00 - 2017-04-27T17:20:33+00:00 - - http://activitystrea.ms/schema/1.0/person - https://icosahedron.website/users/Trev - Trev Prime - web tech, music, ethics. radical individualist. kinda queer. love thy neighbor. always open for conversation. - - - - - - trev - Trev Prime - web tech, music, ethics. radical individualist. kinda queer. love thy neighbor. always open for conversation. - - - tag:social.heldscal.la,2017-04-27:objectType=thread:nonce=781c05bd64ad9520 - - - - - - - tag:social.heldscal.la,2017-04-27:subscription:29191:person:29367:2017-04-27T17:20:27+00:00 - shp (shp@social.heldscal.la)'s status on Thursday, 27-Apr-2017 17:20:27 UTC - <a href="https://social.heldscal.la/shp">shp</a> started following <a href="https://gs.kawa-kun.com/aya">射命丸 文</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-04-27T17:20:27+00:00 - 2017-04-27T17:20:27+00:00 - - http://activitystrea.ms/schema/1.0/person - https://gs.kawa-kun.com/user/4885 - 射命丸 文 - Traditional Reporter of Fantasy - - - - - - aya - 射命丸 文 - Traditional Reporter of Fantasy - - Gensōkyō - - - homepage - https://danbooru.donmai.us - true - - - - tag:social.heldscal.la,2017-04-27:objectType=thread:nonce=5921da7a934e47ca - - - - - - - tag:social.heldscal.la,2017-04-27:subscription:29191:person:27773:2017-04-27T17:20:18+00:00 - shp (shp@social.heldscal.la)'s status on Thursday, 27-Apr-2017 17:20:18 UTC - <a href="https://social.heldscal.la/shp">shp</a> started following <a href="https://gs.smuglo.li/japananon">JapanAnon</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-04-27T17:20:18+00:00 - 2017-04-27T17:20:18+00:00 - - http://activitystrea.ms/schema/1.0/person - https://gs.smuglo.li/user/27299 - JapanAnon - 匿名でしていてね! - - - - - - japananon - JapanAnon - 匿名でしていてね! - - ワイヤード - - - homepage - http://www.anonymous-japan.org - true - - - - tag:social.heldscal.la,2017-04-27:objectType=thread:nonce=ae3d819865886cba - - - - - - - tag:social.heldscal.la,2017-04-27:subscription:29191:person:36560:2017-04-27T17:19:30+00:00 - shp (shp@social.heldscal.la)'s status on Thursday, 27-Apr-2017 17:19:30 UTC - <a href="https://social.heldscal.la/shp">shp</a> started following <a href="https://shitposter.club/wareya">wareya</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-04-27T17:19:30+00:00 - 2017-04-27T17:19:30+00:00 - - http://activitystrea.ms/schema/1.0/person - https://shitposter.club/user/15439 - wareya - Who are you to defy such a perfect being that is the machine? 日本語難しいけど頑張るぜ github.com/wareya wareya.moe Short: reya or war, never "ware" - - - - - - wareya - wareya - Who are you to defy such a perfect being that is the machine? 日本語難しいけど頑張るぜ github.com/wareya wareya.moe Short: reya or war, never "ware" - - - tag:social.heldscal.la,2017-04-27:objectType=thread:nonce=bd88a3cd20b5a418 - - - - - - - tag:social.heldscal.la,2017-04-27:subscription:29191:person:41176:2017-04-27T17:19:21+00:00 - shp (shp@social.heldscal.la)'s status on Thursday, 27-Apr-2017 17:19:21 UTC - <a href="https://social.heldscal.la/shp">shp</a> started following <a href="https://hakui.club/takeshitakenji">竹下憲二 (白)</a>. - - http://activitystrea.ms/schema/1.0/follow - 2017-04-27T17:19:21+00:00 - 2017-04-27T17:19:21+00:00 - - http://activitystrea.ms/schema/1.0/person - https://hakui.club/user/6 - 竹下憲二 (白) - Oh boy. - - - - - - takeshitakenji - 竹下憲二 (白) - Oh boy. - - Seattle, WA - - - homepage - http://gs.kawa-kun.com - true - - - - tag:social.heldscal.la,2017-04-27:objectType=thread:nonce=b139a673deba6963 - - - - - - - tag:social.heldscal.la,2017-04-27:fave:29191:note:1932205:2017-04-27T17:17:46+00:00 - Favorite - shp favorited something by dolus: Looks like Merry is pussing out and caving to pressure. Sad. <a href="https://gs.smuglo.li/file/23e37de3c321248d3f322d8ec042372914568ab4c9431a94e568a61b8146587f.png" title="https://gs.smuglo.li/file/23e37de3c321248d3f322d8ec042372914568ab4c9431a94e568a61b8146587f.png" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432294</a> <a href="https://gs.smuglo.li/file/e5a9549a19986d59d51750090910f47c186787adf02b2b6ac58df37556887297.png" title="https://gs.smuglo.li/file/e5a9549a19986d59d51750090910f47c186787adf02b2b6ac58df37556887297.png" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432295</a> <a href="https://gs.smuglo.li/file/2fdfabbc8ab0b8dc135903a8c48c29b440d1f97446b98ced4ad14a54d3b5d41f.png" title="https://gs.smuglo.li/file/2fdfabbc8ab0b8dc135903a8c48c29b440d1f97446b98ced4ad14a54d3b5d41f.png" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432296</a> <a href="https://gs.smuglo.li/file/af605d7c6fe3a8c26c6d334c2a8e0005f7e86a266f14a5b3755e7d3ac4e226de.png" title="https://gs.smuglo.li/file/af605d7c6fe3a8c26c6d334c2a8e0005f7e86a266f14a5b3755e7d3ac4e226de.png" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432297</a> - - http://activitystrea.ms/schema/1.0/favorite - 2017-04-27T17:17:46+00:00 - 2017-04-27T17:17:46+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:gs.smuglo.li,2017-04-27:noticeId=2065465:objectType=note - New note by dolus - Looks like Merry is pussing out and caving to pressure. Sad. <a href="https://gs.smuglo.li/file/23e37de3c321248d3f322d8ec042372914568ab4c9431a94e568a61b8146587f.png" title="https://gs.smuglo.li/file/23e37de3c321248d3f322d8ec042372914568ab4c9431a94e568a61b8146587f.png" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432294</a> <a href="https://gs.smuglo.li/file/e5a9549a19986d59d51750090910f47c186787adf02b2b6ac58df37556887297.png" title="https://gs.smuglo.li/file/e5a9549a19986d59d51750090910f47c186787adf02b2b6ac58df37556887297.png" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432295</a> <a href="https://gs.smuglo.li/file/2fdfabbc8ab0b8dc135903a8c48c29b440d1f97446b98ced4ad14a54d3b5d41f.png" title="https://gs.smuglo.li/file/2fdfabbc8ab0b8dc135903a8c48c29b440d1f97446b98ced4ad14a54d3b5d41f.png" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432296</a> <a href="https://gs.smuglo.li/file/af605d7c6fe3a8c26c6d334c2a8e0005f7e86a266f14a5b3755e7d3ac4e226de.png" title="https://gs.smuglo.li/file/af605d7c6fe3a8c26c6d334c2a8e0005f7e86a266f14a5b3755e7d3ac4e226de.png" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432297</a> - - - - - - - https://gs.smuglo.li/conversation/927473 - - - - - - - tag:social.heldscal.la,2017-04-27:fave:29191:note:1932492:2017-04-27T17:13:55+00:00 - Favorite - shp favorited something by zemichi: <a href="https://gs.smuglo.li/file/1d45ea4ffc95f15037f361b56ad6b89f8451b70ad1ff7a03b7bb0345b8e2227c.jpg" title="https://gs.smuglo.li/file/1d45ea4ffc95f15037f361b56ad6b89f8451b70ad1ff7a03b7bb0345b8e2227c.jpg" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432344</a><br /> that's a lot of loli - - http://activitystrea.ms/schema/1.0/favorite - 2017-04-27T17:13:55+00:00 - 2017-04-27T17:13:55+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:gs.smuglo.li,2017-04-27:noticeId=2065713:objectType=note - New note by zemichi - <a href="https://gs.smuglo.li/file/1d45ea4ffc95f15037f361b56ad6b89f8451b70ad1ff7a03b7bb0345b8e2227c.jpg" title="https://gs.smuglo.li/file/1d45ea4ffc95f15037f361b56ad6b89f8451b70ad1ff7a03b7bb0345b8e2227c.jpg" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432344</a><br /> that's a lot of loli - - - - - - - https://gs.smuglo.li/conversation/927673 - - - - - - - tag:social.heldscal.la,2017-04-27:fave:29191:note:1932559:2017-04-27T17:12:46+00:00 - Favorite - shp favorited something by gsimg: <a href="https://gs.kawa-kun.com/file/3435c5cafda46f31cad5abb5837b3521b7b458198507073a496f4d10bad3633b.jpg" title="https://gs.kawa-kun.com/file/3435c5cafda46f31cad5abb5837b3521b7b458198507073a496f4d10bad3633b.jpg" rel="nofollow noreferrer" class="attachment">https://gs.kawa-kun.com/file/3435c5cafda46f31cad5abb5837b3521b7b458198507073a496f4d10bad3633b.jpg</a> #<span class="tag"><a href="https://gs.kawa-kun.com/tag/nsfw" rel="tag">nsfw</a></span> - - http://activitystrea.ms/schema/1.0/favorite - 2017-04-27T17:12:46+00:00 - 2017-04-27T17:12:46+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:gs.kawa-kun.com,2017-04-27:noticeId=1608309:objectType=note - New note by gsimg - <a href="https://gs.kawa-kun.com/file/3435c5cafda46f31cad5abb5837b3521b7b458198507073a496f4d10bad3633b.jpg" title="https://gs.kawa-kun.com/file/3435c5cafda46f31cad5abb5837b3521b7b458198507073a496f4d10bad3633b.jpg" rel="nofollow noreferrer" class="attachment">https://gs.kawa-kun.com/file/3435c5cafda46f31cad5abb5837b3521b7b458198507073a496f4d10bad3633b.jpg</a> #<span class="tag"><a href="https://gs.kawa-kun.com/tag/nsfw" rel="tag">nsfw</a></span> - - - - - - - https://gs.kawa-kun.com/conversation/690817 - - - - - - - tag:social.heldscal.la,2017-04-27:fave:29191:note:1932601:2017-04-27T17:12:28+00:00 - Favorite - shp favorited something by zemichi: <a href="https://gs.smuglo.li/file/5d9114fafea7b9866c9d852bcfeaf66aade65ae26149758346bc5ade7e3fa8f0.jpg" title="https://gs.smuglo.li/file/5d9114fafea7b9866c9d852bcfeaf66aade65ae26149758346bc5ade7e3fa8f0.jpg" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432372</a> - - http://activitystrea.ms/schema/1.0/favorite - 2017-04-27T17:12:28+00:00 - 2017-04-27T17:12:28+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:gs.smuglo.li,2017-04-27:noticeId=2065821:objectType=note - New note by zemichi - <a href="https://gs.smuglo.li/file/5d9114fafea7b9866c9d852bcfeaf66aade65ae26149758346bc5ade7e3fa8f0.jpg" title="https://gs.smuglo.li/file/5d9114fafea7b9866c9d852bcfeaf66aade65ae26149758346bc5ade7e3fa8f0.jpg" rel="nofollow noreferrer" class="attachment">https://gs.smuglo.li/attachment/432372</a> - - - - - - - https://gs.smuglo.li/conversation/927760 - - - - - - - tag:social.heldscal.la,2017-04-27:noticeId=1932867:objectType=note - shp repeated a notice by shpbot - RT @<a href="https://gs.archae.me/user/4687" class="h-card u-url p-nickname mention" title="shpbot">shpbot</a> <a href="https://shitposter.club/file/cbf7fbbee1127a9870e871305ca7de70f1eb1bbb79ffe5b3b0f33e37514d14d8.jpg" title="https://shitposter.club/file/cbf7fbbee1127a9870e871305ca7de70f1eb1bbb79ffe5b3b0f33e37514d14d8.jpg" rel="nofollow external noreferrer" class="attachment" id="attachment-237676">https://shitposter.club/file/cbf7fbbee1127a9870e871305ca7de70f1eb1bbb79ffe5b3b0f33e37514d14d8.jpg</a> #<span class="tag"><a href="https://social.heldscal.la/tag/2hu" rel="tag">2hu</a></span> #<span class="tag"><a href="https://social.heldscal.la/tag/ordinarymagician" rel="tag">ordinarymagician</a></span> :thinking: <a href="https://shitposter.club/file/abf3f82d9ce28d2293d858af26c75bb5d4fdd091c0d90ca7bc72ea7efba220e4.jpg" title="https://shitposter.club/file/abf3f82d9ce28d2293d858af26c75bb5d4fdd091c0d90ca7bc72ea7efba220e4.jpg" rel="nofollow external noreferrer" class="attachment" id="attachment-312306">https://shitposter.club/file/abf3f82d9ce28d2293d858af26c75bb5d4fdd091c0d90ca7bc72ea7efba220e4.jpg</a> - - http://activitystrea.ms/schema/1.0/share - 2017-04-27T17:11:35+00:00 - 2017-04-27T17:11:35+00:00 - - http://activitystrea.ms/schema/1.0/activity - tag:gs.archae.me,2017-04-27:noticeId=760830:objectType=note - - <a href="https://shitposter.club/file/cbf7fbbee1127a9870e871305ca7de70f1eb1bbb79ffe5b3b0f33e37514d14d8.jpg" title="https://shitposter.club/file/cbf7fbbee1127a9870e871305ca7de70f1eb1bbb79ffe5b3b0f33e37514d14d8.jpg" rel="nofollow noreferrer" class="attachment">https://shitposter.club/file/cbf7fbbee1127a9870e871305ca7de70f1eb1bbb79ffe5b3b0f33e37514d14d8.jpg</a> #<span class="tag"><a href="https://gs.archae.me/tag/2hu" rel="tag">2hu</a></span> #<span class="tag"><a href="https://gs.archae.me/tag/ordinarymagician" rel="tag">ordinarymagician</a></span> :thinking: <a href="https://shitposter.club/file/abf3f82d9ce28d2293d858af26c75bb5d4fdd091c0d90ca7bc72ea7efba220e4.jpg" title="https://shitposter.club/file/abf3f82d9ce28d2293d858af26c75bb5d4fdd091c0d90ca7bc72ea7efba220e4.jpg" rel="nofollow noreferrer" class="attachment">https://shitposter.club/file/abf3f82d9ce28d2293d858af26c75bb5d4fdd091c0d90ca7bc72ea7efba220e4.jpg</a> - - http://activitystrea.ms/schema/1.0/post - 2017-04-27T17:00:08+00:00 - 2017-04-27T17:00:08+00:00 - - http://activitystrea.ms/schema/1.0/person - https://gs.archae.me/user/4687 - shpbot - - - - - - shpbot - shpbot - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.archae.me,2017-04-27:noticeId=760830:objectType=note - New note by shpbot - <a href="https://shitposter.club/file/cbf7fbbee1127a9870e871305ca7de70f1eb1bbb79ffe5b3b0f33e37514d14d8.jpg" title="https://shitposter.club/file/cbf7fbbee1127a9870e871305ca7de70f1eb1bbb79ffe5b3b0f33e37514d14d8.jpg" rel="nofollow noreferrer" class="attachment">https://shitposter.club/file/cbf7fbbee1127a9870e871305ca7de70f1eb1bbb79ffe5b3b0f33e37514d14d8.jpg</a> #<span class="tag"><a href="https://gs.archae.me/tag/2hu" rel="tag">2hu</a></span> #<span class="tag"><a href="https://gs.archae.me/tag/ordinarymagician" rel="tag">ordinarymagician</a></span> :thinking: <a href="https://shitposter.club/file/abf3f82d9ce28d2293d858af26c75bb5d4fdd091c0d90ca7bc72ea7efba220e4.jpg" title="https://shitposter.club/file/abf3f82d9ce28d2293d858af26c75bb5d4fdd091c0d90ca7bc72ea7efba220e4.jpg" rel="nofollow noreferrer" class="attachment">https://shitposter.club/file/abf3f82d9ce28d2293d858af26c75bb5d4fdd091c0d90ca7bc72ea7efba220e4.jpg</a> - - - - - https://gs.archae.me/conversation/318317 - - - - - https://gs.archae.me/api/statuses/user_timeline/4687.atom - shpbot - - - https://social.heldscal.la/avatar/31581-original-20170405170019.jpeg - 2017-05-05T11:45:08+00:00 - - - - https://gs.archae.me/conversation/318317 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-04-27:noticeId=1932815:objectType=note - New note by shp - federation issues with SPC atm it seems - - - http://activitystrea.ms/schema/1.0/post - 2017-04-27T17:08:55+00:00 - 2017-04-27T17:08:55+00:00 - - tag:social.heldscal.la,2017-04-27:objectType=thread:nonce=645a13c841f51769 - - - - - - - tag:social.heldscal.la,2017-04-26:fave:29191:note:1907285:2017-04-26T06:59:07+00:00 - Favorite - shp favorited something by lambadalambda: Is this the most offensive video on the net? <a href="https://social.heldscal.la/file/4c34bfb81a8155c265031bc48f7e69c29eb0d2941c57daf63f80e17b0e2e5f47.webm" title="https://social.heldscal.la/file/4c34bfb81a8155c265031bc48f7e69c29eb0d2941c57daf63f80e17b0e2e5f47.webm" rel="nofollow noreferrer" class="attachment">https://social.heldscal.la/attachment/402251</a> - - http://activitystrea.ms/schema/1.0/favorite - 2017-04-26T06:59:07+00:00 - 2017-04-26T06:59:07+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-04-26:noticeId=1907285:objectType=note - New note by lambadalambda - Is this the most offensive video on the net? <a href="https://social.heldscal.la/file/4c34bfb81a8155c265031bc48f7e69c29eb0d2941c57daf63f80e17b0e2e5f47.webm" title="https://social.heldscal.la/file/4c34bfb81a8155c265031bc48f7e69c29eb0d2941c57daf63f80e17b0e2e5f47.webm" rel="nofollow external noreferrer" class="attachment" id="attachment-402251">https://social.heldscal.la/attachment/402251</a> - - - - - - - tag:social.heldscal.la,2017-04-26:objectType=thread:nonce=07b02e1328f456af - - - - - - - tag:social.heldscal.la,2017-04-26:noticeId=1907951:objectType=note - shp repeated a notice by shpbot - RT @<a href="https://gs.archae.me/user/4687" class="h-card u-url p-nickname mention" title="shpbot">shpbot</a> <a href="https://shitposter.club/file/718db06b564841331c72f9df767f8c9459e20c4dddbf0d4e61cd08ecbee7739d.jpg" title="https://shitposter.club/file/718db06b564841331c72f9df767f8c9459e20c4dddbf0d4e61cd08ecbee7739d.jpg" rel="nofollow external noreferrer" class="attachment" id="attachment-346198">https://shitposter.club/file/718db06b564841331c72f9df767f8c9459e20c4dddbf0d4e61cd08ecbee7739d.jpg</a> - - http://activitystrea.ms/schema/1.0/share - 2017-04-26T06:58:19+00:00 - 2017-04-26T06:58:19+00:00 - - http://activitystrea.ms/schema/1.0/activity - tag:gs.archae.me,2017-04-26:noticeId=752596:objectType=note - - <a href="https://shitposter.club/file/718db06b564841331c72f9df767f8c9459e20c4dddbf0d4e61cd08ecbee7739d.jpg" title="https://shitposter.club/file/718db06b564841331c72f9df767f8c9459e20c4dddbf0d4e61cd08ecbee7739d.jpg" rel="nofollow noreferrer" class="attachment">https://shitposter.club/file/718db06b564841331c72f9df767f8c9459e20c4dddbf0d4e61cd08ecbee7739d.jpg</a> - - http://activitystrea.ms/schema/1.0/post - 2017-04-26T06:15:07+00:00 - 2017-04-26T06:15:07+00:00 - - http://activitystrea.ms/schema/1.0/person - https://gs.archae.me/user/4687 - shpbot - - - - - - shpbot - shpbot - - - - http://activitystrea.ms/schema/1.0/note - tag:gs.archae.me,2017-04-26:noticeId=752596:objectType=note - New note by shpbot - <a href="https://shitposter.club/file/718db06b564841331c72f9df767f8c9459e20c4dddbf0d4e61cd08ecbee7739d.jpg" title="https://shitposter.club/file/718db06b564841331c72f9df767f8c9459e20c4dddbf0d4e61cd08ecbee7739d.jpg" rel="nofollow noreferrer" class="attachment">https://shitposter.club/file/718db06b564841331c72f9df767f8c9459e20c4dddbf0d4e61cd08ecbee7739d.jpg</a> - - - - - https://gs.archae.me/conversation/314010 - - - https://gs.archae.me/api/statuses/user_timeline/4687.atom - shpbot - - - https://social.heldscal.la/avatar/31581-original-20170405170019.jpeg - 2017-05-05T11:45:08+00:00 - - - - https://gs.archae.me/conversation/314010 - - - - - - - tag:social.heldscal.la,2017-04-26:fave:29191:note:1907341:2017-04-26T06:58:16+00:00 - Favorite - shp favorited something by moonman: <a href="https://shitposter.club/file/1377b0894e983599c11e739e406243cabed9f8af7961a2550ecaf97e32de8e60.jpg" title="https://shitposter.club/file/1377b0894e983599c11e739e406243cabed9f8af7961a2550ecaf97e32de8e60.jpg" class="attachment" rel="nofollow">https://shitposter.club/attachment/630989</a> - - http://activitystrea.ms/schema/1.0/favorite - 2017-04-26T06:58:16+00:00 - 2017-04-26T06:58:16+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2017-04-26:noticeId=2681941:objectType=note - New note by moonman - <a href="https://shitposter.club/file/1377b0894e983599c11e739e406243cabed9f8af7961a2550ecaf97e32de8e60.jpg" title="https://shitposter.club/file/1377b0894e983599c11e739e406243cabed9f8af7961a2550ecaf97e32de8e60.jpg" class="attachment" rel="nofollow">https://shitposter.club/attachment/630989</a> - - - - - - - https://shitposter.club/conversation/1300990 - - - - - - - tag:social.heldscal.la,2017-04-26:fave:29191:comment:1907412:2017-04-26T06:57:56+00:00 - Favorite - shp favorited something by lambadalambda: @<a href="https://gs.smuglo.li/user/2" class="h-card u-url p-nickname mention" title="nepfag">nepfag</a> <a href="https://cherubini.casa/why-i-shut-down-wizards-town-and-left-mastodon-6d4e631346b3?source=linkShare-89c2f851e979-1493184822&amp;gi=a6a47c5466a0" title="https://cherubini.casa/why-i-shut-down-wizards-town-and-left-mastodon-6d4e631346b3?source=linkShare-89c2f851e979-1493184822&amp;gi=a6a47c5466a0" rel="nofollow noreferrer" class="attachment">https://social.heldscal.la/url/402273</a> - - http://activitystrea.ms/schema/1.0/favorite - 2017-04-26T06:57:56+00:00 - 2017-04-26T06:57:56+00:00 - - http://activitystrea.ms/schema/1.0/comment - tag:social.heldscal.la,2017-04-26:noticeId=1907412:objectType=comment - New comment by lambadalambda - @<a href="https://gs.smuglo.li/user/2" class="h-card u-url p-nickname mention" title="nepfag">nepfag</a> <a href="https://cherubini.casa/why-i-shut-down-wizards-town-and-left-mastodon-6d4e631346b3?source=linkShare-89c2f851e979-1493184822&amp;gi=a6a47c5466a0" title="https://cherubini.casa/why-i-shut-down-wizards-town-and-left-mastodon-6d4e631346b3?source=linkShare-89c2f851e979-1493184822&amp;gi=a6a47c5466a0" rel="nofollow external noreferrer" class="attachment" id="attachment-402273">https://social.heldscal.la/url/402273</a> - - - - - - - tag:social.heldscal.la,2017-04-26:objectType=thread:nonce=85c21eda7aaa7259 - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:social.heldscal.la,2017-04-26:noticeId=1907942:objectType=note - New note by shp - #<span class="tag"><a href="https://social.heldscal.la/tag/cofe" rel="tag">cofe</a></span> time my friends <a href="https://social.heldscal.la/file/ec254b45b3a86ff74bc08bc7e065cb681d77cf7d4cedc9cdcf59e16adf311da3.png" title="https://social.heldscal.la/file/ec254b45b3a86ff74bc08bc7e065cb681d77cf7d4cedc9cdcf59e16adf311da3.png" rel="nofollow external noreferrer" class="attachment" id="attachment-402381">https://social.heldscal.la/attachment/402381</a> - - - http://activitystrea.ms/schema/1.0/post - 2017-04-26T06:57:18+00:00 - 2017-04-26T06:57:18+00:00 - - tag:social.heldscal.la,2017-04-26:objectType=thread:nonce=9c9d9373bccfaf70 - - - - - - - - diff --git a/test/fixtures/tesla_mock/sakamoto.atom b/test/fixtures/tesla_mock/sakamoto.atom deleted file mode 100644 index 648946795..000000000 --- a/test/fixtures/tesla_mock/sakamoto.atom +++ /dev/null @@ -1 +0,0 @@ -http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://social.sakamoto.gq/objects/0ccc1a2c-66b0-4305-b23a-7f7f2b040056New note by eal<a href='https://shitposter.club/user/5381'>@shpuld</a> <a href='https://pleroma.hjkos.com/users/hj'>@hj</a> IM NOT GAY DAD2017-08-04T12:51:26.130592Z2017-08-04T12:51:26.130592Zhttps://pleroma.hjkos.com/contexts/53093c74-2100-4bf4-aac6-66d1973d03efhttps://social.sakamoto.gq/users/ealhttp://activitystrea.ms/schema/1.0/personhttps://social.sakamoto.gq/users/ealeal坂本(・ヮ・)eal \ No newline at end of file diff --git a/test/fixtures/tesla_mock/sakamoto_eal_feed.atom b/test/fixtures/tesla_mock/sakamoto_eal_feed.atom deleted file mode 100644 index 9340d9038..000000000 --- a/test/fixtures/tesla_mock/sakamoto_eal_feed.atom +++ /dev/null @@ -1 +0,0 @@ -https://social.sakamoto.gq/users/eal/feed.atomeal's timeline2017-08-04T14:19:12.683854https://social.sakamoto.gq/users/ealhttp://activitystrea.ms/schema/1.0/personhttps://social.sakamoto.gq/users/ealeal坂本(・ヮ・)ealhttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://social.sakamoto.gq/objects/b79a1721-23f3-45a5-9610-adb08c2afae5New note by ealHonestly, I like all smileys that are not emoji.2017-08-04T14:19:12.675999Z2017-08-04T14:19:12.675999Zhttps://social.sakamoto.gq/contexts/e05ede92-8db9-4963-8b8e-e71a5797d68fhttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://social.sakamoto.gq/objects/45475bf3-2dfc-4d9e-8eae-1f4f86f48982New note by ealThen again, I like all smileys/emoticons that are not emoji.<br>2017-08-04T14:19:10.113373Z2017-08-04T14:19:10.113373Zhttps://social.sakamoto.gq/contexts/852d1605-4dcb-4ba7-9ba4-dfc37ed62fbchttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://social.sakamoto.gq/objects/8f8fd6d6-cc63-40c6-a5d0-1c0e4f919368New note by ealI love the russian-style smiley.2017-08-04T14:18:30.478552Z2017-08-04T14:18:30.478552Zhttps://social.sakamoto.gq/contexts/852d1605-4dcb-4ba7-9ba4-dfc37ed62fbchttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/6e69df95-f2ad-4b8e-af4a-e93ff93d64e1eal started following https://cybre.space/users/0x3Feal started following https://cybre.space/users/0x3F2017-08-04T14:17:24.942193Z2017-08-04T14:17:24.942193Zhttp://activitystrea.ms/schema/1.0/personhttps://cybre.space/users/0x3Fhttps://cybre.space/users/0x3Fhttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/54c5e260-0185-4267-a2a6-f5dd9c76c2c9eal started following https://niu.moe/users/ryeeal started following https://niu.moe/users/rye2017-08-04T14:16:35.604739Z2017-08-04T14:16:35.604739Zhttp://activitystrea.ms/schema/1.0/personhttps://niu.moe/users/ryehttps://niu.moe/users/ryehttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/092ca863-19a8-416c-85d7-d3f23b3c0203eal started following https://mastodon.xyz/users/rafudesueal started following https://mastodon.xyz/users/rafudesu2017-08-04T14:16:10.993429Z2017-08-04T14:16:10.993429Zhttp://activitystrea.ms/schema/1.0/personhttps://mastodon.xyz/users/rafudesuhttps://mastodon.xyz/users/rafudesuhttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/be5cf702-b127-423b-a6be-5f78f01a4289eal started following https://gs.kawa-kun.com/user/2eal started following https://gs.kawa-kun.com/user/22017-08-04T14:15:41.804611Z2017-08-04T14:15:41.804611Zhttp://activitystrea.ms/schema/1.0/personhttps://gs.kawa-kun.com/user/2https://gs.kawa-kun.com/user/2http://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/4951e2a1-9bae-4e87-8e98-e6d2f8a52338eal started following https://gs.kawa-kun.com/user/4885eal started following https://gs.kawa-kun.com/user/48852017-08-04T14:15:00.135352Z2017-08-04T14:15:00.135352Zhttp://activitystrea.ms/schema/1.0/personhttps://gs.kawa-kun.com/user/4885https://gs.kawa-kun.com/user/4885http://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/cadf8745-b9ee-4f6c-af32-bfddb70e4607eal started following https://mastodon.social/users/Murassaeal started following https://mastodon.social/users/Murassa2017-08-04T14:14:36.339560Z2017-08-04T14:14:36.339560Zhttp://activitystrea.ms/schema/1.0/personhttps://mastodon.social/users/Murassahttps://mastodon.social/users/Murassahttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/a52c9aab-f0e6-4ccb-8dd3-9f417e72a41ceal started following https://mastodon.social/users/rysiekeal started following https://mastodon.social/users/rysiek2017-08-04T14:13:04.061572Z2017-08-04T14:13:04.061572Zhttp://activitystrea.ms/schema/1.0/personhttps://mastodon.social/users/rysiekhttps://mastodon.social/users/rysiekhttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/738bc887-4cca-4b36-8c86-2b54d4c54732eal started following https://mastodon.hasameli.com/users/munineal started following https://mastodon.hasameli.com/users/munin2017-08-04T14:12:10.514155Z2017-08-04T14:12:10.514155Zhttp://activitystrea.ms/schema/1.0/personhttps://mastodon.hasameli.com/users/muninhttps://mastodon.hasameli.com/users/muninhttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/dc66ad5a-b776-4180-a8aa-e4c1bf7cb703eal started following https://cybre.space/users/nightpooleal started following https://cybre.space/users/nightpool2017-08-04T14:11:16.046148Z2017-08-04T14:11:16.046148Zhttp://activitystrea.ms/schema/1.0/personhttps://cybre.space/users/nightpoolhttps://cybre.space/users/nightpoolhttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://social.sakamoto.gq/objects/9c5c00d7-3ce4-4c11-b965-dc5c2bda86c5New note by eal<a href='https://mastodon.zombocloud.com/users/staticsafe'>@staticsafe</a> privet )))2017-08-04T14:10:08.812247Z2017-08-04T14:10:08.812247Zhttps://social.sakamoto.gq/contexts/12a33823-0327-4c1c-a591-850ea79331b5http://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/49798053-1f40-4a71-ad33-106e90630863eal started following https://social.homunyan.com/users/animeirleal started following https://social.homunyan.com/users/animeirl2017-08-04T14:09:44.904792Z2017-08-04T14:09:44.904792Zhttp://activitystrea.ms/schema/1.0/personhttps://social.homunyan.com/users/animeirlhttps://social.homunyan.com/users/animeirlhttp://activitystrea.ms/schema/1.0/favoritehttps://social.sakamoto.gq/activities/2d83a1c5-70a6-45d3-9b84-59d6a70fbb17New favorite by ealeal favorited something2017-08-04T14:07:27.210044Z2017-08-04T14:07:27.210044Zhttp://activitystrea.ms/schema/1.0/notehttps://pleroma.soykaf.com/objects/b831e52f-4ed4-438e-95b4-888897f64f09https://pleroma.hjkos.com/contexts/3ed48205-1e72-4e19-a618-89a0d2ca811ehttp://activitystrea.ms/schema/1.0/favoritehttps://social.sakamoto.gq/activities/06d28bed-544a-496b-8414-1c6d439273b5New favorite by ealeal favorited something2017-08-04T14:05:37.280200Z2017-08-04T14:05:37.280200Zhttp://activitystrea.ms/schema/1.0/notetag:toot-lab.reclaim.technology,2017-08-04:objectId=1166030:objectType=Statustag:p2px.me,2017-08-04:objectType=thread:nonce=f8bfc4d13db6ce91http://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/72bf19d4-9ad4-4b2f-9cd0-f0d70f4e931beal started following https://mstdn.jp/users/nullkaleal started following https://mstdn.jp/users/nullkal2017-08-04T14:05:04.148904Z2017-08-04T14:05:04.148904Zhttp://activitystrea.ms/schema/1.0/personhttps://mstdn.jp/users/nullkalhttps://mstdn.jp/users/nullkalhttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://social.sakamoto.gq/objects/b0e89515-7621-4e09-b23d-83e192324107New note by eal<a href='https://p2px.me/user/1'>@stitchxd</a> test also2017-08-04T14:04:38.699051Z2017-08-04T14:04:38.699051Ztag:p2px.me,2017-08-04:objectType=thread:nonce=f8bfc4d13db6ce91http://activitystrea.ms/schema/1.0/favoritehttps://social.sakamoto.gq/activities/d8d2006b-6b23-45d6-ba27-39d27587777dNew favorite by ealeal favorited something2017-08-04T14:04:32.106626Z2017-08-04T14:04:32.106626Zhttp://activitystrea.ms/schema/1.0/notetag:p2px.me,2017-08-04:noticeId=222109:objectType=notetag:p2px.me,2017-08-04:objectType=thread:nonce=f8bfc4d13db6ce91http://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://social.sakamoto.gq/activities/cb9db95d-ec27-41fa-bebd-5375fc13acb9eal started following https://mastodon.social/users/Gargroneal started following https://mastodon.social/users/Gargron2017-08-04T14:04:04.325531Z2017-08-04T14:04:04.325531Zhttp://activitystrea.ms/schema/1.0/personhttps://mastodon.social/users/Gargronhttps://mastodon.social/users/Gargron \ No newline at end of file diff --git a/test/fixtures/tesla_mock/shp@pleroma.soykaf.com.feed b/test/fixtures/tesla_mock/shp@pleroma.soykaf.com.feed deleted file mode 100644 index b24ef7ab6..000000000 --- a/test/fixtures/tesla_mock/shp@pleroma.soykaf.com.feed +++ /dev/null @@ -1 +0,0 @@ -https://pleroma.soykaf.com/users/shp/feed.atomshp's timeline2017-09-14T08:31:48.911686https://pleroma.soykaf.com/users/shphttp://activitystrea.ms/schema/1.0/personhttps://pleroma.soykaf.com/users/shpshpshpcofeshphttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://pleroma.soykaf.com/activities/0b5f5ef2-020a-4f9e-a92b-a2bf21224644shp started following https://pleroma.soykaf.com/users/goozshp started following https://pleroma.soykaf.com/users/gooz2017-09-14T08:31:48.911226Z2017-09-14T08:31:48.911226Zhttp://activitystrea.ms/schema/1.0/personhttps://pleroma.soykaf.com/users/goozhttps://pleroma.soykaf.com/users/goozhttp://activitystrea.ms/schema/1.0/activityhttp://activitystrea.ms/schema/1.0/followhttps://pleroma.soykaf.com/activities/d928b7f7-dc10-478c-859b-cd604770da60shp started following https://niu.moe/users/xiaoyongmaoshp started following https://niu.moe/users/xiaoyongmao2017-09-14T08:16:52.674253Z2017-09-14T08:16:52.674253Zhttp://activitystrea.ms/schema/1.0/personhttps://niu.moe/users/xiaoyongmaohttps://niu.moe/users/xiaoyongmaohttp://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/3f5089b3-f1e5-47b6-8bfe-a9c4a860e724New favorite by shpshp favorited something2017-09-14T08:12:18.213055Z2017-09-14T08:12:18.213055Zhttp://activitystrea.ms/schema/1.0/notehttps://mastodon.xyz/users/Azurolu/statuses/8346804tag:mastodon.xyz,2017-09-14:objectId=3669709:objectType=Conversationhttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/0def9b19-6b0f-44e0-96b3-543fa06a4010New note by shp<a href='https://niu.moe/users/Pasty'>@Pasty</a> I love the peach<br><a href="https://pleroma.soykaf.com/media/7e8bd209-dbd4-481a-a62c-d302d68df16d/__hinanawi_tenshi_touhou_drawn_by_e_o__8c6824f52dd494f6026607570179265f.jpg" class='attachment'>__hinanawi_tenshi_touhou_drawn_…</a>2017-09-14T08:12:04.367142Z2017-09-14T08:12:04.367142Ztag:niu.moe,2017-09-14:objectId=1660781:objectType=Conversationhttp://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/a4170edf-d273-4b82-931d-662aaf3872f3New favorite by shpshp favorited something2017-09-14T08:10:26.205104Z2017-09-14T08:10:26.205104Zhttp://activitystrea.ms/schema/1.0/notehttps://niu.moe/users/NekoiNemo/statuses/3210992tag:niu.moe,2017-09-14:objectId=1660761:objectType=Conversationhttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/c50c47a0-fac5-4781-a7e6-f20e7226d5fcNew note by shp<a href='https://freezepeach.xyz/user/3458'>@hakui</a> <a href='https://pleroma.soykaf.com/users/lain'>@lain</a> you guys are forgetting the pancakes jeez2017-09-14T08:09:30.088418Z2017-09-14T08:09:30.088418Zhttps://pleroma.soykaf.com/contexts/ac9c98ee-3eca-4b4b-9620-64b5e85e2623http://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/2af9f622-5986-483c-83a1-ac59a9035b50New favorite by shpshp favorited something2017-09-14T08:09:16.346235Z2017-09-14T08:09:16.346235Zhttp://activitystrea.ms/schema/1.0/notetag:freezepeach.xyz,2017-09-14:noticeId=3926191:objectType=commenthttps://pleroma.soykaf.com/contexts/ac9c98ee-3eca-4b4b-9620-64b5e85e2623http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/f52aad69-5828-4e0e-bb7b-f2f0869d3ff0New note by shp<a href='https://gs.smuglo.li/user/253'>@kro</a> I'll probs try some of those 2hu mangos2017-09-14T08:09:13.262835Z2017-09-14T08:09:13.262835Ztag:gs.smuglo.li,2017-09-14:objectType=thread:nonce=c4ac2016e07c4123http://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/35743658-efee-46cf-9cdf-487b95709cd5New favorite by shpshp favorited something2017-09-14T08:09:00.517534Z2017-09-14T08:09:00.517534Zhttp://activitystrea.ms/schema/1.0/notetag:gs.smuglo.li,2017-09-14:noticeId=4113226:objectType=commenttag:gs.smuglo.li,2017-09-14:objectType=thread:nonce=c4ac2016e07c4123http://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/22258ba8-58dc-4e09-b476-fe28d3307377New favorite by shpshp favorited something2017-09-14T08:08:38.087136Z2017-09-14T08:08:38.087136Zhttp://activitystrea.ms/schema/1.0/notehttps://pleroma.soykaf.com/objects/13d7809e-5dca-4117-8738-887759392f2chttps://pleroma.soykaf.com/contexts/ac9c98ee-3eca-4b4b-9620-64b5e85e2623http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/f56d640a-0dbd-48af-80b1-06d0dbd26774New note by shp<a href='https://social.sakamoto.gq/users/eal'>@eal</a> ...but neither does my phone<br><br>low brightness, very dark wallpaper (pic related, but even darker, couldn't find the actual version)<br><a href="https://pleroma.soykaf.com/media/6d1b8d57-80ae-41d6-bdea-58fea09ecdf4/phonewallpaper.png" class='attachment'>phonewallpaper.png</a>2017-09-14T08:07:23.081214Z2017-09-14T08:07:23.081214Zhttps://pleroma.soykaf.com/contexts/f4c5d56e-fc58-467b-a8a5-10515c012355http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/d313df1d-121c-4ab8-abd1-e6aedcf55cbdNew note by shp<a href='https://niu.moe/users/Pasty'>@Pasty</a> y-you too2017-09-14T07:55:26.153486Z2017-09-14T07:55:26.153486Ztag:niu.moe,2017-09-14:objectId=1660616:objectType=Conversationhttp://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/7b642424-4edb-48cc-8711-1eafb4745269New note by shp<a href='https://social.sakamoto.gq/users/eal'>@eal</a> bothers me more when sleeping, wore one for nearly 2 years2017-09-14T07:54:53.449227Z2017-09-14T07:54:53.449227Zhttps://pleroma.soykaf.com/contexts/f4c5d56e-fc58-467b-a8a5-10515c012355http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/5bc1bff1-88c3-489d-8efd-7e4755690a18New note by shpquick test2017-09-14T07:54:09.045525Z2017-09-14T07:54:09.045525Zhttps://pleroma.soykaf.com/contexts/cd770c2a-408e-4895-988c-60319298f219http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/956f1fb5-6f2f-433e-ab71-7f732b76f4beNew note by shphad some trouble getting sleep last night. only used phone to check the time a few times (v essential to have a near-black wallpaper to not blind yourself when you do that). can't rember the last time I rolled in the bed for longer than an hour like that2017-09-14T07:51:23.557775Z2017-09-14T07:51:23.557775Zhttps://pleroma.soykaf.com/contexts/f4c5d56e-fc58-467b-a8a5-10515c012355http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/d935d9f2-ebc7-4ff2-b65a-fbf418a60935New note by shp<a href='https://gs.smuglo.li/user/253'>@kro</a> doesn't sound like a bad idea at all2017-09-14T07:49:55.702555Z2017-09-14T07:49:55.702555Ztag:gs.smuglo.li,2017-09-14:objectType=thread:nonce=c4ac2016e07c4123http://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/342c8803-ee16-487d-9488-a39d763073f6New favorite by shpshp favorited something2017-09-14T07:49:41.875840Z2017-09-14T07:49:41.875840Zhttp://activitystrea.ms/schema/1.0/notetag:anticapitalist.party,2017-09-14:objectId=3322865:objectType=Statustag:anticapitalist.party,2017-09-14:objectId=1251751:objectType=Conversationhttp://activitystrea.ms/schema/1.0/favoritehttps://pleroma.soykaf.com/activities/5d98a19b-dd55-4077-9841-142937c613adNew favorite by shpshp favorited something2017-09-14T07:49:30.584265Z2017-09-14T07:49:30.584265Zhttp://activitystrea.ms/schema/1.0/notetag:gs.smuglo.li,2017-09-14:noticeId=4113170:objectType=commenttag:gs.smuglo.li,2017-09-14:objectType=thread:nonce=c4ac2016e07c4123http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/fdf3626a-50ba-458b-9bf7-b5f2cfa505fcNew note by shp<a href='https://pleroma.hjkos.com/users/hj'>@hj</a> c time2017-09-14T07:48:52.805422Z2017-09-14T07:48:52.805422Zhttps://pleroma.hjkos.com/contexts/dc4a3a3e-d366-4c0c-8789-8a9bee3537d9http://activitystrea.ms/schema/1.0/notehttp://activitystrea.ms/schema/1.0/posthttps://pleroma.soykaf.com/objects/c7c8eb17-b669-4827-9fbc-90f1fc54e4b1New note by shp<a href='https://sunshinegardens.org/users/tbny'>@tbny</a> err.. mediterranean from finnish*2017-09-14T07:46:52.764234Z2017-09-14T07:46:52.764234Zhttps://pleroma.soykaf.com/contexts/ac9c98ee-3eca-4b4b-9620-64b5e85e2623 \ No newline at end of file diff --git a/test/fixtures/tesla_mock/spc_5381.atom b/test/fixtures/tesla_mock/spc_5381.atom deleted file mode 100644 index c3288e97b..000000000 --- a/test/fixtures/tesla_mock/spc_5381.atom +++ /dev/null @@ -1,438 +0,0 @@ - - - GNU social - https://shitposter.club/api/statuses/user_timeline/5381.atom - shpuld timeline - Updates from shpuld on Shitposter Club! - https://shitposter.club/avatar/5381-96-20171230093854.png - 2018-02-23T13:42:22+00:00 - - http://activitystrea.ms/schema/1.0/person - https://shitposter.club/user/5381 - shpuld - - - - - - shpuld - shp - - - - - - - - - - - - - tag:shitposter.club,2018-02-23:fave:5381:comment:7387801:2018-02-23T13:39:40+00:00 - Favorite - shpuld favorited something by mayuutann: <p><span class="h-card"><a href="https://freezepeach.xyz/hakui" class="u-url mention">@<span>hakui</span></a></span> <span class="h-card"><a href="https://gs.smuglo.li/histoire" class="u-url mention">@<span>histoire</span></a></span> <span class="h-card"><a href="https://shitposter.club/shpuld" class="u-url mention">@<span>shpuld</span></a></span> <a href="https://mstdn.io/media/_Ee-x91XN0udpfZVO_U" rel="nofollow"><span class="invisible">https://</span><span class="ellipsis">mstdn.io/media/_Ee-x91XN0udpfZ</span><span class="invisible">VO_U</span></a></p> - - http://activitystrea.ms/schema/1.0/favorite - 2018-02-23T13:39:40+00:00 - 2018-02-23T13:39:40+00:00 - - http://activitystrea.ms/schema/1.0/comment - https://mstdn.io/users/mayuutann/statuses/99574950785668071 - New comment by mayuutann - <p><span class="h-card"><a href="https://freezepeach.xyz/hakui" class="u-url mention">@<span>hakui</span></a></span> <span class="h-card"><a href="https://gs.smuglo.li/histoire" class="u-url mention">@<span>histoire</span></a></span> <span class="h-card"><a href="https://shitposter.club/shpuld" class="u-url mention">@<span>shpuld</span></a></span> <a href="https://mstdn.io/media/_Ee-x91XN0udpfZVO_U" rel="nofollow"><span class="invisible">https://</span><span class="ellipsis">mstdn.io/media/_Ee-x91XN0udpfZ</span><span class="invisible">VO_U</span></a></p> - - - - - - - https://freezepeach.xyz/conversation/4182511 - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387723:objectType=comment - New comment by shpuld - @<a href="https://freezepeach.xyz/user/3458" class="h-card mention" title="&#x5FA1;&#x5712;&#x306F;&#x304F;&#x3044;">hakui</a> @<a href="https://pleroma.soykaf.com/users/lain" class="h-card mention" title="&#x2468; lain &#x2468;">lain</a> how naive~ - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:30:15+00:00 - 2018-02-23T13:30:15+00:00 - - - - tag:shitposter.club,2018-02-23:objectType=thread:nonce=2f09acf104aebfe3 - - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387703:objectType=comment - New comment by shpuld - @<a href="https://freezepeach.xyz/user/3458" class="h-card mention" title="&#x5FA1;&#x5712;&#x306F;&#x304F;&#x3044;">hakui</a> @<a href="https://pleroma.soykaf.com/users/lain" class="h-card mention" title="&#x2468; lain &#x2468;">lain</a> you expect anyone to believe that?? - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:28:08+00:00 - 2018-02-23T13:28:08+00:00 - - - - tag:shitposter.club,2018-02-23:objectType=thread:nonce=2f09acf104aebfe3 - - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387639:objectType=comment - New comment by shpuld - @<a href="https://mstdn.io/users/mayuutann" class="h-card mention" title="Mayutan&#x2615;">mayuutann</a> @<a href="https://freezepeach.xyz/user/3458" class="h-card mention" title="&#x5FA1;&#x5712;&#x306F;&#x304F;&#x3044;">hakui</a> pacyuri!! <a href="https://shitposter.club/file/eea140be45df3f993c4533026bf9a78fe8facd296d2fa0c6d02b2e347c5dc30e.jpg" title="https://shitposter.club/file/eea140be45df3f993c4533026bf9a78fe8facd296d2fa0c6d02b2e347c5dc30e.jpg" class="attachment" id="attachment-1589462" rel="nofollow external">https://shitposter.club/attachment/1589462</a> - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:20:38+00:00 - 2018-02-23T13:20:38+00:00 - - - - https://freezepeach.xyz/conversation/4183220 - - - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387611:objectType=comment - New comment by shpuld - @<a href="https://freezepeach.xyz/user/3458" class="h-card mention" title="&#x5FA1;&#x5712;&#x306F;&#x304F;&#x3044;">hakui</a> why is pacyu eating a pizza so cute - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:18:07+00:00 - 2018-02-23T13:18:07+00:00 - - - - https://freezepeach.xyz/conversation/4183220 - - - - - - - - tag:shitposter.club,2018-02-23:fave:5381:comment:7387600:2018-02-23T13:17:52+00:00 - Favorite - shpuld favorited something by mayuutann: <p><span class="h-card"><a href="https://shitposter.club/shpuld" class="u-url mention">@<span>shpuld</span></a></span> <span class="h-card"><a href="https://gs.smuglo.li/histoire" class="u-url mention">@<span>histoire</span></a></span> <span class="h-card"><a href="https://freezepeach.xyz/hakui" class="u-url mention">@<span>hakui</span></a></span> pichu! <a href="https://mstdn.io/media/Crv5eubz1KO0dgBEulI" rel="nofollow"><span class="invisible">https://</span><span class="ellipsis">mstdn.io/media/Crv5eubz1KO0dgB</span><span class="invisible">EulI</span></a></p> - - http://activitystrea.ms/schema/1.0/favorite - 2018-02-23T13:17:52+00:00 - 2018-02-23T13:17:52+00:00 - - http://activitystrea.ms/schema/1.0/comment - https://mstdn.io/users/mayuutann/statuses/99574863865459283 - New comment by mayuutann - <p><span class="h-card"><a href="https://shitposter.club/shpuld" class="u-url mention">@<span>shpuld</span></a></span> <span class="h-card"><a href="https://gs.smuglo.li/histoire" class="u-url mention">@<span>histoire</span></a></span> <span class="h-card"><a href="https://freezepeach.xyz/hakui" class="u-url mention">@<span>hakui</span></a></span> pichu! <a href="https://mstdn.io/media/Crv5eubz1KO0dgBEulI" rel="nofollow"><span class="invisible">https://</span><span class="ellipsis">mstdn.io/media/Crv5eubz1KO0dgB</span><span class="invisible">EulI</span></a></p> - - - - - - - https://freezepeach.xyz/conversation/4182511 - - - - - - - tag:shitposter.club,2018-02-23:fave:5381:comment:7387544:2018-02-23T13:12:43+00:00 - Favorite - shpuld favorited something by mayuutann: <p><span class="h-card"><a href="https://shitposter.club/shpuld" class="u-url mention">@<span>shpuld</span></a></span> wa~~i!! :blobcheer:</p> - - http://activitystrea.ms/schema/1.0/favorite - 2018-02-23T13:12:43+00:00 - 2018-02-23T13:12:43+00:00 - - http://activitystrea.ms/schema/1.0/comment - https://mstdn.io/users/mayuutann/statuses/99574840290947233 - New comment by mayuutann - <p><span class="h-card"><a href="https://shitposter.club/shpuld" class="u-url mention">@<span>shpuld</span></a></span> wa~~i!! :blobcheer:</p> - - - - - - - tag:shitposter.club,2018-02-23:objectType=thread:nonce=d05e2b056274c5ab - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387555:objectType=comment - New comment by shpuld - @<a href="https://freezepeach.xyz/user/3458" class="h-card mention" title="&#x5FA1;&#x5712;&#x306F;&#x304F;&#x3044;">hakui</a> more!! - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:12:23+00:00 - 2018-02-23T13:12:23+00:00 - - - - https://freezepeach.xyz/conversation/4183220 - - - - - - - - tag:shitposter.club,2018-02-23:fave:5381:note:7387537:2018-02-23T13:12:19+00:00 - Favorite - shpuld favorited something by hakui: you have pacyupacyu'd for: 45 minutes 03 seconds - - http://activitystrea.ms/schema/1.0/favorite - 2018-02-23T13:12:19+00:00 - 2018-02-23T13:12:19+00:00 - - http://activitystrea.ms/schema/1.0/note - tag:freezepeach.xyz,2018-02-23:noticeId=6451332:objectType=note - New note by hakui - you have pacyupacyu'd for: 45 minutes 03 seconds - - - - - - - https://freezepeach.xyz/conversation/4183220 - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387539:objectType=comment - New comment by shpuld - @<a href="https://mstdn.io/users/mayuutann" class="h-card mention" title="Mayutan&#x2615;">mayuutann</a> ndndnd~ - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:11:04+00:00 - 2018-02-23T13:11:04+00:00 - - - - tag:shitposter.club,2018-02-23:objectType=thread:nonce=d05e2b056274c5ab - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387518:objectType=comment - New comment by shpuld - @<a href="https://mstdn.io/users/mayuutann" class="h-card mention" title="Mayutan&#x2615;">mayuutann</a> well done! mayumayu is so energetic - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:08:50+00:00 - 2018-02-23T13:08:50+00:00 - - - - tag:shitposter.club,2018-02-23:objectType=thread:nonce=d05e2b056274c5ab - - - - - - - - tag:shitposter.club,2018-02-23:fave:5381:note:7387503:2018-02-23T13:08:00+00:00 - Favorite - shpuld favorited something by mayuutann: <p>done with FIGURE MAT!!<br /> (Posted with IFTTT)</p> - - http://activitystrea.ms/schema/1.0/favorite - 2018-02-23T13:08:00+00:00 - 2018-02-23T13:08:00+00:00 - - http://activitystrea.ms/schema/1.0/note - https://mstdn.io/users/mayuutann/statuses/99574825526201897 - New note by mayuutann - <p>done with FIGURE MAT!!<br /> (Posted with IFTTT)</p> - - - - - - - tag:shitposter.club,2018-02-23:objectType=thread:nonce=c6aaa9b91e8d242f - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387486:objectType=comment - New comment by shpuld - @<a href="https://freezepeach.xyz/user/3458" class="h-card mention" title="&#x5FA1;&#x5712;&#x306F;&#x304F;&#x3044;">hakui</a> @<a href="https://a.weirder.earth/users/mutstd" class="h-card mention" title="Mutant Standard">mutstd</a> @<a href="https://donphan.social/users/Siphonay" class="h-card mention" title="Siphonay">siphonay</a> jokes on you I'm oppressively shitposting myself - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:05:44+00:00 - 2018-02-23T13:05:44+00:00 - - - - tag:shitposter.club,2018-02-23:objectType=thread:nonce=5d306467336c9661 - - - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387466:objectType=comment - New comment by shpuld - @<a href="https://freezepeach.xyz/user/3458" class="h-card mention" title="&#x5FA1;&#x5712;&#x306F;&#x304F;&#x3044;">hakui</a> @<a href="https://a.weirder.earth/users/mutstd" class="h-card mention" title="Mutant Standard">mutstd</a> @<a href="https://donphan.social/users/Siphonay" class="h-card mention" title="Siphonay">siphonay</a> how does it feel being hostile - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:04:10+00:00 - 2018-02-23T13:04:10+00:00 - - - - tag:shitposter.club,2018-02-23:objectType=thread:nonce=5d306467336c9661 - - - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387459:objectType=comment - New comment by shpuld - @<a href="https://freezepeach.xyz/user/3458" class="h-card mention" title="&#x5FA1;&#x5712;&#x306F;&#x304F;&#x3044;">hakui</a> gorogoro - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:03:32+00:00 - 2018-02-23T13:03:32+00:00 - - - - https://freezepeach.xyz/conversation/4181784 - - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387432:objectType=comment - New comment by shpuld - @<a href="https://freezepeach.xyz/user/3458" class="h-card mention" title="&#x5FA1;&#x5712;&#x306F;&#x304F;&#x3044;">hakui</a> ndnd - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T13:02:05+00:00 - 2018-02-23T13:02:05+00:00 - - - - https://freezepeach.xyz/conversation/4181784 - - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2018-02-23:noticeId=7387367:objectType=note - New note by shpuld - dear diary: I'm trying to do work but I can only think of tenshi eating a corndog - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T12:56:03+00:00 - 2018-02-23T12:56:03+00:00 - - tag:shitposter.club,2018-02-23:objectType=thread:nonce=57f316da416743fc - - - - - - - http://activitystrea.ms/schema/1.0/note - tag:shitposter.club,2018-02-23:noticeId=7387354:objectType=note - New note by shpuld - jesus christ it's such a fridey at work - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T12:53:50+00:00 - 2018-02-23T12:53:50+00:00 - - tag:shitposter.club,2018-02-23:objectType=thread:nonce=c05eb5e91bdcbdb7 - - - - - - - http://activitystrea.ms/schema/1.0/comment - tag:shitposter.club,2018-02-23:noticeId=7387343:objectType=comment - New comment by shpuld - @<a href="https://gs.smuglo.li/user/589" class="h-card mention" title="&#x16DE;&#x16A9;&#x16B3;&#x16C1;&#x16DE;&#x16A9;&#x16B3;&#x16C1;">dokidoki</a> give them free upgrades to krokodil - - - http://activitystrea.ms/schema/1.0/post - 2018-02-23T12:53:15+00:00 - 2018-02-23T12:53:15+00:00 - - - - https://gs.smuglo.li/conversation/3934774 - - - - - - - diff --git a/test/fixtures/unfollow.xml b/test/fixtures/unfollow.xml deleted file mode 100644 index 7a8f8fd2e..000000000 --- a/test/fixtures/unfollow.xml +++ /dev/null @@ -1,68 +0,0 @@ - - - GNU social - https://social.heldscal.la/api/statuses/user_timeline/23211.atom - lambadalambda timeline - Updates from lambadalambda on social.heldscal.la! - https://social.heldscal.la/avatar/23211-96-20170416114255.jpeg - 2017-05-07T09:54:49+00:00 - - http://activitystrea.ms/schema/1.0/person - https://social.heldscal.la/user/23211 - lambadalambda - Call me Deacon Blues. - - - - - - lambadalambda - Constance Variable - Call me Deacon Blues. - - Berlin - - - homepage - https://heldscal.la - true - - - - - - - - - - - - - undo:tag:social.heldscal.la,2017-05-07:subscription:23211:person:44803:2017-05-07T09:54:48+00:00 - Constance Variable (lambadalambda@social.heldscal.la)'s status on Sunday, 07-May-2017 09:54:49 UTC - <a href="https://social.heldscal.la/lambadalambda">Constance Variable</a> stopped following <a href="https://pawoo.net/@pekorino">mono</a>. - - http://activitystrea.ms/schema/1.0/unfollow - 2017-05-07T09:54:49+00:00 - 2017-05-07T09:54:49+00:00 - - http://activitystrea.ms/schema/1.0/person - https://pawoo.net/users/pekorino - mono - http://shitposter.club/mono 孤独のグルメ - - - - - pekorino - mono - http://shitposter.club/mono 孤独のグルメ - - - tag:social.heldscal.la,2017-05-07:objectType=thread:nonce=6e80caf94e03029f - - - - - - diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index a0ebf65d9..344e27f13 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -103,14 +103,6 @@ def get( }} end - def get("https://mastodon.social/users/emelie.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: File.read!("test/fixtures/tesla_mock/emelie.atom") - }} - end - def get( "https://osada.macgirvin.com/.well-known/webfinger?resource=acct:mike@osada.macgirvin.com", _, @@ -137,14 +129,6 @@ def get( }} end - def get("https://pawoo.net/users/pekorino.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: File.read!("test/fixtures/tesla_mock/https___pawoo.net_users_pekorino.atom") - }} - end - def get( "https://pawoo.net/.well-known/webfinger?resource=acct:https://pawoo.net/users/pekorino", _, @@ -158,19 +142,6 @@ def get( }} end - def get( - "https://social.stopwatchingus-heidelberg.de/api/statuses/user_timeline/18330.atom", - _, - _, - _ - ) do - {:ok, - %Tesla.Env{ - status: 200, - body: File.read!("test/fixtures/tesla_mock/atarifrosch_feed.xml") - }} - end - def get( "https://social.stopwatchingus-heidelberg.de/.well-known/webfinger?resource=acct:https://social.stopwatchingus-heidelberg.de/user/18330", _, @@ -184,27 +155,6 @@ def get( }} end - def get("https://mamot.fr/users/Skruyb.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: File.read!("test/fixtures/tesla_mock/https___mamot.fr_users_Skruyb.atom") - }} - end - - def get( - "https://mamot.fr/.well-known/webfinger?resource=acct:https://mamot.fr/users/Skruyb", - _, - _, - [{"accept", "application/xrd+xml,application/jrd+json"}] - ) do - {:ok, - %Tesla.Env{ - status: 200, - body: File.read!("test/fixtures/tesla_mock/skruyb@mamot.fr.atom") - }} - end - def get( "https://social.heldscal.la/.well-known/webfinger?resource=nonexistant@social.heldscal.la", _, @@ -507,19 +457,6 @@ def get("https://mamot.fr/.well-known/host-meta", _, _, _) do }} end - def get( - "https://mamot.fr/.well-known/webfinger?resource=https://mamot.fr/users/Skruyb", - _, - _, - _ - ) do - {:ok, - %Tesla.Env{ - status: 200, - body: File.read!("test/fixtures/tesla_mock/skruyb@mamot.fr.atom") - }} - end - def get("http://pawoo.net/.well-known/host-meta", _, _, _) do {:ok, %Tesla.Env{ @@ -647,17 +584,6 @@ def get( }} end - def get("https://pleroma.soykaf.com/users/lain/feed.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: - File.read!( - "test/fixtures/tesla_mock/https___pleroma.soykaf.com_users_lain_feed.atom.xml" - ) - }} - end - def get(url, _, _, [{"accept", "application/xrd+xml,application/jrd+json"}]) when url in [ "https://pleroma.soykaf.com/.well-known/webfinger?resource=acct:https://pleroma.soykaf.com/users/lain", @@ -670,17 +596,6 @@ def get(url, _, _, [{"accept", "application/xrd+xml,application/jrd+json"}]) }} end - def get("https://shitposter.club/api/statuses/user_timeline/1.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: - File.read!( - "test/fixtures/tesla_mock/https___shitposter.club_api_statuses_user_timeline_1.atom.xml" - ) - }} - end - def get( "https://shitposter.club/.well-known/webfinger?resource=https://shitposter.club/user/1", _, @@ -694,37 +609,10 @@ def get( }} end - def get("https://shitposter.club/notice/2827873", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: File.read!("test/fixtures/tesla_mock/https___shitposter.club_notice_2827873.json") - }} - end - - def get("https://shitposter.club/api/statuses/show/2827873.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: - File.read!( - "test/fixtures/tesla_mock/https___shitposter.club_api_statuses_show_2827873.atom.xml" - ) - }} - end - def get("https://testing.pleroma.lol/objects/b319022a-4946-44c5-9de9-34801f95507b", _, _, _) do {:ok, %Tesla.Env{status: 200}} end - def get("https://shitposter.club/api/statuses/user_timeline/5381.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: File.read!("test/fixtures/tesla_mock/spc_5381.atom") - }} - end - def get( "https://shitposter.club/.well-known/webfinger?resource=https://shitposter.club/user/5381", _, @@ -746,14 +634,6 @@ def get("http://shitposter.club/.well-known/host-meta", _, _, _) do }} end - def get("https://shitposter.club/api/statuses/show/7369654.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: File.read!("test/fixtures/tesla_mock/7369654.atom") - }} - end - def get("https://shitposter.club/notice/4027863", _, _, _) do {:ok, %Tesla.Env{ @@ -762,14 +642,6 @@ def get("https://shitposter.club/notice/4027863", _, _, _) do }} end - def get("https://social.sakamoto.gq/users/eal/feed.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: File.read!("test/fixtures/tesla_mock/sakamoto_eal_feed.atom") - }} - end - def get("http://social.sakamoto.gq/.well-known/host-meta", _, _, _) do {:ok, %Tesla.Env{ @@ -791,15 +663,6 @@ def get( }} end - def get( - "https://social.sakamoto.gq/objects/0ccc1a2c-66b0-4305-b23a-7f7f2b040056", - _, - _, - [{"accept", "application/atom+xml"}] - ) do - {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/tesla_mock/sakamoto.atom")}} - end - def get("http://mastodon.social/.well-known/host-meta", _, _, _) do {:ok, %Tesla.Env{ @@ -853,28 +716,6 @@ def get( {:ok, %Tesla.Env{status: 406, body: ""}} end - def get("http://gs.example.org/index.php/api/statuses/user_timeline/1.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: - File.read!( - "test/fixtures/tesla_mock/http__gs.example.org_index.php_api_statuses_user_timeline_1.atom.xml" - ) - }} - end - - def get("https://social.heldscal.la/api/statuses/user_timeline/29191.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: - File.read!( - "test/fixtures/tesla_mock/https___social.heldscal.la_api_statuses_user_timeline_29191.atom.xml" - ) - }} - end - def get("http://squeet.me/.well-known/host-meta", _, _, _) do {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/tesla_mock/squeet.me_host_meta")}} @@ -996,17 +837,6 @@ def get( }} end - def get("https://social.heldscal.la/api/statuses/user_timeline/23211.atom", _, _, _) do - {:ok, - %Tesla.Env{ - status: 200, - body: - File.read!( - "test/fixtures/tesla_mock/https___social.heldscal.la_api_statuses_user_timeline_23211.atom.xml" - ) - }} - end - def get( "https://social.heldscal.la/.well-known/webfinger?resource=https://social.heldscal.la/user/23211", _, @@ -1036,10 +866,6 @@ def get("https://social.heldscal.la/.well-known/host-meta", _, _, _) do }} end - def get("https://mastodon.social/users/lambadalambda.atom", _, _, _) do - {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/lambadalambda.atom")}} - end - def get("https://mastodon.social/users/lambadalambda", _, _, _) do {:ok, %Tesla.Env{status: 200, body: File.read!("test/fixtures/lambadalambda.json")}} end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index 6e096e9ec..cc55a7be7 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -105,7 +105,7 @@ test "it fetches reply-to activities if we don't have them" do object = data["object"] - |> Map.put("inReplyTo", "https://shitposter.club/notice/2827873") + |> Map.put("inReplyTo", "https://mstdn.io/users/mayuutann/statuses/99568293732299394") data = Map.put(data, "object", object) {:ok, returned_activity} = Transmogrifier.handle_incoming(data) @@ -113,11 +113,11 @@ test "it fetches reply-to activities if we don't have them" do assert activity = Activity.get_create_by_object_ap_id( - "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment" + "https://mstdn.io/users/mayuutann/statuses/99568293732299394" ) assert returned_object.data["inReplyTo"] == - "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment" + "https://mstdn.io/users/mayuutann/statuses/99568293732299394" end test "it does not fetch reply-to activities beyond max replies depth limit" do @@ -1104,17 +1104,17 @@ test "returns modified object when allowed incoming reply", %{data: data} do Map.put( data["object"], "inReplyTo", - "https://shitposter.club/notice/2827873" + "https://mstdn.io/users/mayuutann/statuses/99568293732299394" ) Pleroma.Config.put([:instance, :federation_incoming_replies_max_depth], 5) modified_object = Transmogrifier.fix_in_reply_to(object_with_reply) assert modified_object["inReplyTo"] == - "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment" + "https://mstdn.io/users/mayuutann/statuses/99568293732299394" assert modified_object["context"] == - "tag:shitposter.club,2017-05-05:objectType=thread:nonce=3c16e9c2681f6d26" + "tag:shitposter.club,2018-02-22:objectType=thread:nonce=e5a7c72d60a9c0e4" end end @@ -1216,7 +1216,9 @@ test "returns nil when cannot normalize object" do @tag capture_log: true test "returns {:ok, %Object{}} for success case" do assert {:ok, %Object{}} = - Transmogrifier.get_obj_helper("https://shitposter.club/notice/2827873") + Transmogrifier.get_obj_helper( + "https://mstdn.io/users/mayuutann/statuses/99568293732299394" + ) end end diff --git a/test/web/mastodon_api/controllers/search_controller_test.exs b/test/web/mastodon_api/controllers/search_controller_test.exs index 24d1959f8..04dc6f445 100644 --- a/test/web/mastodon_api/controllers/search_controller_test.exs +++ b/test/web/mastodon_api/controllers/search_controller_test.exs @@ -282,18 +282,18 @@ test "search fetches remote statuses and prefers them over other results", %{con capture_log(fn -> {:ok, %{id: activity_id}} = CommonAPI.post(insert(:user), %{ - status: "check out https://shitposter.club/notice/2827873" + status: "check out http://mastodon.example.org/@admin/99541947525187367" }) results = conn - |> get("/api/v1/search?q=https://shitposter.club/notice/2827873") + |> get("/api/v1/search?q=http://mastodon.example.org/@admin/99541947525187367") |> json_response_and_validate_schema(200) - [status, %{"id" => ^activity_id}] = results["statuses"] - - assert status["uri"] == - "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment" + assert [ + %{"url" => "http://mastodon.example.org/@admin/99541947525187367"}, + %{"id" => ^activity_id} + ] = results["statuses"] end) end From acf6393c87c776c0fab9fd41bbf5ba7078356be5 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Tue, 8 Sep 2020 20:13:00 +0300 Subject: [PATCH 129/264] SECURITY.md: we don't support 2.0 anymore, bump to 2.1 --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index c212a2505..8617c1434 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ Currently, Pleroma offers bugfixes and security patches only for the latest mino | Version | Support |---------| -------- -| 2.0 | Bugfixes and security patches +| 2.1 | Bugfixes and security patches ## Reporting a vulnerability From a781ac6ca5b7ab23eea795331db0a3fff406630e Mon Sep 17 00:00:00 2001 From: Egor Kislitsyn Date: Wed, 10 Jun 2020 15:37:43 +0400 Subject: [PATCH 130/264] Fix atom leak in AdminAPIController --- lib/pleroma/web/admin_api/controllers/admin_api_controller.ex | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex index aa2af1ab5..f5e4d49f9 100644 --- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex @@ -379,8 +379,7 @@ defp maybe_parse_filters(filters) do filters |> String.split(",") |> Enum.filter(&Enum.member?(@filters, &1)) - |> Enum.map(&String.to_atom/1) - |> Map.new(&{&1, true}) + |> Map.new(&{String.to_existing_atom(&1), true}) end def right_add_multiple(%{assigns: %{user: admin}} = conn, %{ From 10ef532c63431811b3998ed7b14aea21755a2b57 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 7 Jul 2020 07:06:29 +0200 Subject: [PATCH 131/264] AP C2S: Restrict character limit on Note --- .../activity_pub/activity_pub_controller.ex | 35 ++++++++++++------- .../activity_pub_controller_test.exs | 16 +++++++++ 2 files changed, 38 insertions(+), 13 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub_controller.ex b/lib/pleroma/web/activity_pub/activity_pub_controller.ex index 220c4fe52..732c44271 100644 --- a/lib/pleroma/web/activity_pub/activity_pub_controller.ex +++ b/lib/pleroma/web/activity_pub/activity_pub_controller.ex @@ -399,21 +399,30 @@ def read_inbox(%{assigns: %{user: %User{nickname: as_nickname}}} = conn, %{ defp handle_user_activity( %User{} = user, - %{"type" => "Create", "object" => %{"type" => "Note"}} = params + %{"type" => "Create", "object" => %{"type" => "Note"} = object} = params ) do - object = - params["object"] - |> Map.merge(Map.take(params, ["to", "cc"])) - |> Map.put("attributedTo", user.ap_id()) - |> Transmogrifier.fix_object() + content = if is_binary(object["content"]), do: object["content"], else: "" + name = if is_binary(object["name"]), do: object["name"], else: "" + summary = if is_binary(object["summary"]), do: object["summary"], else: "" + length = String.length(content <> name <> summary) - ActivityPub.create(%{ - to: params["to"], - actor: user, - context: object["context"], - object: object, - additional: Map.take(params, ["cc"]) - }) + if length > Pleroma.Config.get([:instance, :limit]) do + {:error, dgettext("errors", "Note is over the character limit")} + else + object = + object + |> Map.merge(Map.take(params, ["to", "cc"])) + |> Map.put("attributedTo", user.ap_id()) + |> Transmogrifier.fix_object() + + ActivityPub.create(%{ + to: params["to"], + actor: user, + context: object["context"], + object: object, + additional: Map.take(params, ["cc"]) + }) + end end defp handle_user_activity(%User{} = user, %{"type" => "Delete"} = params) do diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs index 57988dc1e..0517571f2 100644 --- a/test/web/activity_pub/activity_pub_controller_test.exs +++ b/test/web/activity_pub/activity_pub_controller_test.exs @@ -905,6 +905,8 @@ test "it requires authentication if instance is NOT federating", %{ end describe "POST /users/:nickname/outbox (C2S)" do + setup do: clear_config([:instance, :limit]) + setup do [ activity: %{ @@ -1121,6 +1123,20 @@ test "it doesn't spreads faulty attributedTo or actor fields", %{ assert cirno_object.data["actor"] == cirno.ap_id assert cirno_object.data["attributedTo"] == cirno.ap_id end + + test "Character limitation", %{conn: conn, activity: activity} do + Pleroma.Config.put([:instance, :limit], 5) + user = insert(:user) + + result = + conn + |> assign(:user, user) + |> put_req_header("content-type", "application/activity+json") + |> post("/users/#{user.nickname}/outbox", activity) + |> json_response(400) + + assert result == "Note is over the character limit" + end end describe "/relay/followers" do From 16c451f8f15b1b2907fb6fc40925b47821650f31 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Wed, 2 Sep 2020 20:11:24 +0200 Subject: [PATCH 132/264] search: Apply following filter only when user is usable --- lib/pleroma/user/search.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/user/search.ex b/lib/pleroma/user/search.ex index adbef7fb8..7babd47ea 100644 --- a/lib/pleroma/user/search.ex +++ b/lib/pleroma/user/search.ex @@ -115,8 +115,8 @@ defp trigram_rank(query, query_string) do ) end - defp base_query(_user, false), do: User - defp base_query(user, true), do: User.get_friends_query(user) + defp base_query(%User{} = user, true), do: User.get_friends_query(user) + defp base_query(_user, _following), do: User defp filter_invisible_users(query) do from(q in query, where: q.invisible == false) From 947ee55ae298a42c2667800c1aac96f637e31969 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Wed, 2 Sep 2020 20:24:03 +0200 Subject: [PATCH 133/264] user: harden get_friends_query(), get_followers_query() and their wrappers --- lib/pleroma/user.ex | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 94c96de8d..f323fc6ed 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1125,31 +1125,31 @@ def get_followers_query(%User{} = user, nil) do User.Query.build(%{followers: user, deactivated: false}) end - def get_followers_query(user, page) do + def get_followers_query(%User{} = user, page) do user |> get_followers_query(nil) |> User.Query.paginate(page, 20) end @spec get_followers_query(User.t()) :: Ecto.Query.t() - def get_followers_query(user), do: get_followers_query(user, nil) + def get_followers_query(%User{} = user), do: get_followers_query(user, nil) @spec get_followers(User.t(), pos_integer() | nil) :: {:ok, list(User.t())} - def get_followers(user, page \\ nil) do + def get_followers(%User{} = user, page \\ nil) do user |> get_followers_query(page) |> Repo.all() end @spec get_external_followers(User.t(), pos_integer() | nil) :: {:ok, list(User.t())} - def get_external_followers(user, page \\ nil) do + def get_external_followers(%User{} = user, page \\ nil) do user |> get_followers_query(page) |> User.Query.build(%{external: true}) |> Repo.all() end - def get_followers_ids(user, page \\ nil) do + def get_followers_ids(%User{} = user, page \\ nil) do user |> get_followers_query(page) |> select([u], u.id) @@ -1161,29 +1161,29 @@ def get_friends_query(%User{} = user, nil) do User.Query.build(%{friends: user, deactivated: false}) end - def get_friends_query(user, page) do + def get_friends_query(%User{} = user, page) do user |> get_friends_query(nil) |> User.Query.paginate(page, 20) end @spec get_friends_query(User.t()) :: Ecto.Query.t() - def get_friends_query(user), do: get_friends_query(user, nil) + def get_friends_query(%User{} = user), do: get_friends_query(user, nil) - def get_friends(user, page \\ nil) do + def get_friends(%User{} = user, page \\ nil) do user |> get_friends_query(page) |> Repo.all() end - def get_friends_ap_ids(user) do + def get_friends_ap_ids(%User{} = user) do user |> get_friends_query(nil) |> select([u], u.ap_id) |> Repo.all() end - def get_friends_ids(user, page \\ nil) do + def get_friends_ids(%User{} = user, page \\ nil) do user |> get_friends_query(page) |> select([u], u.id) From 630444ee0819ad5b58c5f9030758fe41e6fed530 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 31 Aug 2020 14:19:48 -0500 Subject: [PATCH 134/264] Do not make RelMe metadata provider optional. There's really no sound reason to turn this off anyway. --- config/config.exs | 1 - lib/pleroma/web/metadata.ex | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/config.exs b/config/config.exs index 2426fbd52..df61c069e 100644 --- a/config/config.exs +++ b/config/config.exs @@ -455,7 +455,6 @@ providers: [ Pleroma.Web.Metadata.Providers.OpenGraph, Pleroma.Web.Metadata.Providers.TwitterCard, - Pleroma.Web.Metadata.Providers.RelMe, Pleroma.Web.Metadata.Providers.Feed ], unfurl_nsfw: false diff --git a/lib/pleroma/web/metadata.ex b/lib/pleroma/web/metadata.ex index a9f70c43e..e45e74e7b 100644 --- a/lib/pleroma/web/metadata.ex +++ b/lib/pleroma/web/metadata.ex @@ -7,7 +7,8 @@ defmodule Pleroma.Web.Metadata do def build_tags(params) do providers = [ - Pleroma.Web.Metadata.Providers.RestrictIndexing + Pleroma.Web.Metadata.Providers.RestrictIndexing, + Pleroma.Web.Metadata.Providers.RelMe, | Pleroma.Config.get([__MODULE__, :providers], []) ] From ff07014b2657730101e826d7e82716989d43214c Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 31 Aug 2020 14:35:22 -0500 Subject: [PATCH 135/264] Disable providers of user and status metadata when instance is private --- CHANGELOG.md | 3 +++ lib/pleroma/web/metadata.ex | 12 ++++++++++-- test/web/metadata/metadata_test.exs | 9 +++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f57e191fa..496c78ffe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## unreleased-patch - ??? +### Security +- Fix metadata leak for accounts and statuses on private instances + ### Added - Rich media failure tracking (along with `:failure_backoff` option) diff --git a/lib/pleroma/web/metadata.ex b/lib/pleroma/web/metadata.ex index e45e74e7b..0f0b56321 100644 --- a/lib/pleroma/web/metadata.ex +++ b/lib/pleroma/web/metadata.ex @@ -8,8 +8,8 @@ defmodule Pleroma.Web.Metadata do def build_tags(params) do providers = [ Pleroma.Web.Metadata.Providers.RestrictIndexing, - Pleroma.Web.Metadata.Providers.RelMe, - | Pleroma.Config.get([__MODULE__, :providers], []) + Pleroma.Web.Metadata.Providers.RelMe + | activated_providers() ] Enum.reduce(providers, "", fn parser, acc -> @@ -43,4 +43,12 @@ def activity_nsfw?(%{data: %{"sensitive" => sensitive}}) do def activity_nsfw?(_) do false end + + defp activated_providers do + if Pleroma.Config.get!([:instance, :public]) do + Pleroma.Config.get([__MODULE__, :providers], []) + else + [] + end + end end diff --git a/test/web/metadata/metadata_test.exs b/test/web/metadata/metadata_test.exs index 3f8b29e58..4dd0d2f5c 100644 --- a/test/web/metadata/metadata_test.exs +++ b/test/web/metadata/metadata_test.exs @@ -22,4 +22,13 @@ test "for local user" do "" end end + + describe "no metadata for private instances" do + test "for local user" do + Pleroma.Config.put([:instance, :public], false) + user = insert(:user, bio: "This is my secret fedi account bio") + + assert "" = Pleroma.Web.Metadata.build_tags(%{user: user}) + end + end end From 14d07081fd82211071eafb3c31d8c756fe9af9f5 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 31 Aug 2020 14:48:22 -0500 Subject: [PATCH 136/264] Feed provider only generates a redirect, so always activate it. Making this configurable is misleading. --- config/config.exs | 3 +-- lib/pleroma/web/metadata.ex | 5 +++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/config.exs b/config/config.exs index df61c069e..1a2b312b5 100644 --- a/config/config.exs +++ b/config/config.exs @@ -454,8 +454,7 @@ config :pleroma, Pleroma.Web.Metadata, providers: [ Pleroma.Web.Metadata.Providers.OpenGraph, - Pleroma.Web.Metadata.Providers.TwitterCard, - Pleroma.Web.Metadata.Providers.Feed + Pleroma.Web.Metadata.Providers.TwitterCard ], unfurl_nsfw: false diff --git a/lib/pleroma/web/metadata.ex b/lib/pleroma/web/metadata.ex index 0f0b56321..926b5b187 100644 --- a/lib/pleroma/web/metadata.ex +++ b/lib/pleroma/web/metadata.ex @@ -7,8 +7,9 @@ defmodule Pleroma.Web.Metadata do def build_tags(params) do providers = [ - Pleroma.Web.Metadata.Providers.RestrictIndexing, - Pleroma.Web.Metadata.Providers.RelMe + Pleroma.Web.Metadata.Providers.Feed, + Pleroma.Web.Metadata.Providers.RelMe, + Pleroma.Web.Metadata.Providers.RestrictIndexing | activated_providers() ] From 44ced17634a9c89b9ff4a47c64805356f7f6401c Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 31 Aug 2020 15:54:22 -0500 Subject: [PATCH 137/264] Fix test so setting doesn't leak --- test/web/metadata/metadata_test.exs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/web/metadata/metadata_test.exs b/test/web/metadata/metadata_test.exs index 4dd0d2f5c..f7371cae2 100644 --- a/test/web/metadata/metadata_test.exs +++ b/test/web/metadata/metadata_test.exs @@ -24,6 +24,8 @@ test "for local user" do end describe "no metadata for private instances" do + setup do: clear_config([:instance, :public]) + test "for local user" do Pleroma.Config.put([:instance, :public], false) user = insert(:user, bio: "This is my secret fedi account bio") From a85ed6defbd2cec71d9a5594ef1de18d5333c7c7 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 31 Aug 2020 15:58:21 -0500 Subject: [PATCH 138/264] Do not serve RSS/Atom feeds when instance is private --- lib/pleroma/web/feed/tag_controller.ex | 10 +++++++++- lib/pleroma/web/feed/user_controller.ex | 10 +++++++++- lib/pleroma/web/metadata/feed.ex | 20 ++++++++++++-------- test/web/feed/tag_controller_test.exs | 13 +++++++++++++ test/web/feed/user_controller_test.exs | 16 ++++++++++++++++ 5 files changed, 59 insertions(+), 10 deletions(-) diff --git a/lib/pleroma/web/feed/tag_controller.ex b/lib/pleroma/web/feed/tag_controller.ex index 39b2a766a..e090dd625 100644 --- a/lib/pleroma/web/feed/tag_controller.ex +++ b/lib/pleroma/web/feed/tag_controller.ex @@ -9,7 +9,15 @@ defmodule Pleroma.Web.Feed.TagController do alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.Feed.FeedView - def feed(conn, %{"tag" => raw_tag} = params) do + def feed(conn, params) do + if Pleroma.Config.get!([:instance, :public]) do + render_feed(conn, params) + else + render_error(conn, :not_found, "Not found") + end + end + + def render_feed(conn, %{"tag" => raw_tag} = params) do {format, tag} = parse_tag(raw_tag) activities = diff --git a/lib/pleroma/web/feed/user_controller.ex b/lib/pleroma/web/feed/user_controller.ex index 9cd334a33..595889b9d 100644 --- a/lib/pleroma/web/feed/user_controller.ex +++ b/lib/pleroma/web/feed/user_controller.ex @@ -37,7 +37,15 @@ def feed_redirect(conn, %{"nickname" => nickname}) do end end - def feed(conn, %{"nickname" => nickname} = params) do + def feed(conn, params) do + if Pleroma.Config.get!([:instance, :public]) do + render_feed(conn, params) + else + errors(conn, {:error, :not_found}) + end + end + + def render_feed(conn, %{"nickname" => nickname} = params) do format = get_format(conn) format = diff --git a/lib/pleroma/web/metadata/feed.ex b/lib/pleroma/web/metadata/feed.ex index bd1459a17..dfe391b56 100644 --- a/lib/pleroma/web/metadata/feed.ex +++ b/lib/pleroma/web/metadata/feed.ex @@ -11,13 +11,17 @@ defmodule Pleroma.Web.Metadata.Providers.Feed do @impl Provider def build_tags(%{user: user}) do - [ - {:link, - [ - rel: "alternate", - type: "application/atom+xml", - href: Helpers.user_feed_path(Endpoint, :feed, user.nickname) <> ".atom" - ], []} - ] + if Pleroma.Config.get!([:instance, :public]) do + [ + {:link, + [ + rel: "alternate", + type: "application/atom+xml", + href: Helpers.user_feed_path(Endpoint, :feed, user.nickname) <> ".atom" + ], []} + ] + else + [] + end end end diff --git a/test/web/feed/tag_controller_test.exs b/test/web/feed/tag_controller_test.exs index 3c29cd94f..868e40965 100644 --- a/test/web/feed/tag_controller_test.exs +++ b/test/web/feed/tag_controller_test.exs @@ -181,4 +181,17 @@ test "gets a feed (RSS)", %{conn: conn} do 'yeah #PleromaArt' ] end + + describe "private instance" do + setup do: clear_config([:instance, :public]) + + test "returns 404 for tags feed", %{conn: conn} do + Config.put([:instance, :public], false) + + conn + |> put_req_header("accept", "application/rss+xml") + |> get(tag_feed_path(conn, :feed, "pleromaart")) + |> response(404) + end + end end diff --git a/test/web/feed/user_controller_test.exs b/test/web/feed/user_controller_test.exs index 0d2a61967..9a5610baa 100644 --- a/test/web/feed/user_controller_test.exs +++ b/test/web/feed/user_controller_test.exs @@ -246,4 +246,20 @@ test "with non-html / non-json format, it returns error when user is not found", assert response == ~S({"error":"Not found"}) end end + + describe "private instance" do + setup do: clear_config([:instance, :public]) + + test "returns 404 for user feed", %{conn: conn} do + Config.put([:instance, :public], false) + user = insert(:user) + + {:ok, _} = CommonAPI.post(user, %{status: "test"}) + + assert conn + |> put_req_header("accept", "application/atom+xml") + |> get(user_feed_path(conn, :feed, user.nickname)) + |> response(404) + end + end end From 96697db3bc4d8fda90906cdeff77ae2668066bd4 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 31 Aug 2020 16:11:01 -0500 Subject: [PATCH 139/264] RelMe and Feed no longer configurable --- docs/configuration/cheatsheet.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index bffce95e7..ec59896ec 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -353,8 +353,6 @@ config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http, * `providers`: a list of metadata providers to enable. Providers available: * `Pleroma.Web.Metadata.Providers.OpenGraph` * `Pleroma.Web.Metadata.Providers.TwitterCard` - * `Pleroma.Web.Metadata.Providers.RelMe` - add links from user bio with rel=me into the `
` as ``. - * `Pleroma.Web.Metadata.Providers.Feed` - add a link to a user's Atom feed into the `
` as ``. * `unfurl_nsfw`: If set to `true` nsfw attachments will be shown in previews. ### :rich_media (consumer) From 549c895d80f36109731565abf00303a7f80add21 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 31 Aug 2020 16:11:13 -0500 Subject: [PATCH 140/264] Document breaking change for metadata providers --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 496c78ffe..512547427 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## unreleased-patch - ??? +### Changed + +- **Breaking:** The metadata providers RelMe and Feed are no longer configurable. RelMe should always be activated and Feed only provides a header tag for the actual RSS/Atom feed when the instance is public. + ### Security - Fix metadata leak for accounts and statuses on private instances From 2011142ed9ae45f53496b3682da7114255c814a5 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 1 Sep 2020 10:43:44 -0500 Subject: [PATCH 141/264] Use :restrict_unauthenticated testing for more granular control --- lib/pleroma/web/feed/tag_controller.ex | 2 +- lib/pleroma/web/feed/user_controller.ex | 2 +- lib/pleroma/web/metadata.ex | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/feed/tag_controller.ex b/lib/pleroma/web/feed/tag_controller.ex index e090dd625..93a8294b7 100644 --- a/lib/pleroma/web/feed/tag_controller.ex +++ b/lib/pleroma/web/feed/tag_controller.ex @@ -10,7 +10,7 @@ defmodule Pleroma.Web.Feed.TagController do alias Pleroma.Web.Feed.FeedView def feed(conn, params) do - if Pleroma.Config.get!([:instance, :public]) do + unless Pleroma.Config.restrict_unauthenticated_access?(:activities, :local) do render_feed(conn, params) else render_error(conn, :not_found, "Not found") diff --git a/lib/pleroma/web/feed/user_controller.ex b/lib/pleroma/web/feed/user_controller.ex index 595889b9d..71eb1ea7e 100644 --- a/lib/pleroma/web/feed/user_controller.ex +++ b/lib/pleroma/web/feed/user_controller.ex @@ -38,7 +38,7 @@ def feed_redirect(conn, %{"nickname" => nickname}) do end def feed(conn, params) do - if Pleroma.Config.get!([:instance, :public]) do + unless Pleroma.Config.restrict_unauthenticated_access?(:profiles, :local) do render_feed(conn, params) else errors(conn, {:error, :not_found}) diff --git a/lib/pleroma/web/metadata.ex b/lib/pleroma/web/metadata.ex index 926b5b187..68835c826 100644 --- a/lib/pleroma/web/metadata.ex +++ b/lib/pleroma/web/metadata.ex @@ -46,7 +46,7 @@ def activity_nsfw?(_) do end defp activated_providers do - if Pleroma.Config.get!([:instance, :public]) do + unless Pleroma.Config.restrict_unauthenticated_access?(:activities, :local) do Pleroma.Config.get([__MODULE__, :providers], []) else [] From 0d2814ec8e41942cd5b056d9c1ed902be1e1773c Mon Sep 17 00:00:00 2001 From: rinpatch Date: Mon, 7 Sep 2020 15:06:06 +0300 Subject: [PATCH 142/264] Metadata: Move restriction check from Feed provider to activated_providers --- lib/pleroma/web/metadata.ex | 3 +-- lib/pleroma/web/metadata/feed.ex | 20 ++++++++------------ test/web/metadata/metadata_test.exs | 4 +--- 3 files changed, 10 insertions(+), 17 deletions(-) diff --git a/lib/pleroma/web/metadata.ex b/lib/pleroma/web/metadata.ex index 68835c826..0f2d8d1e7 100644 --- a/lib/pleroma/web/metadata.ex +++ b/lib/pleroma/web/metadata.ex @@ -7,7 +7,6 @@ defmodule Pleroma.Web.Metadata do def build_tags(params) do providers = [ - Pleroma.Web.Metadata.Providers.Feed, Pleroma.Web.Metadata.Providers.RelMe, Pleroma.Web.Metadata.Providers.RestrictIndexing | activated_providers() @@ -47,7 +46,7 @@ def activity_nsfw?(_) do defp activated_providers do unless Pleroma.Config.restrict_unauthenticated_access?(:activities, :local) do - Pleroma.Config.get([__MODULE__, :providers], []) + [Pleroma.Web.Metadata.Providers.Feed | Pleroma.Config.get([__MODULE__, :providers], [])] else [] end diff --git a/lib/pleroma/web/metadata/feed.ex b/lib/pleroma/web/metadata/feed.ex index dfe391b56..bd1459a17 100644 --- a/lib/pleroma/web/metadata/feed.ex +++ b/lib/pleroma/web/metadata/feed.ex @@ -11,17 +11,13 @@ defmodule Pleroma.Web.Metadata.Providers.Feed do @impl Provider def build_tags(%{user: user}) do - if Pleroma.Config.get!([:instance, :public]) do - [ - {:link, - [ - rel: "alternate", - type: "application/atom+xml", - href: Helpers.user_feed_path(Endpoint, :feed, user.nickname) <> ".atom" - ], []} - ] - else - [] - end + [ + {:link, + [ + rel: "alternate", + type: "application/atom+xml", + href: Helpers.user_feed_path(Endpoint, :feed, user.nickname) <> ".atom" + ], []} + ] end end diff --git a/test/web/metadata/metadata_test.exs b/test/web/metadata/metadata_test.exs index f7371cae2..9d3121b7b 100644 --- a/test/web/metadata/metadata_test.exs +++ b/test/web/metadata/metadata_test.exs @@ -24,10 +24,8 @@ test "for local user" do end describe "no metadata for private instances" do - setup do: clear_config([:instance, :public]) - test "for local user" do - Pleroma.Config.put([:instance, :public], false) + clear_config([:instance, :public], false) user = insert(:user, bio: "This is my secret fedi account bio") assert "" = Pleroma.Web.Metadata.build_tags(%{user: user}) From ace94bfcc8a57a633a0bdf5746eefae32e6fdad9 Mon Sep 17 00:00:00 2001 From: tarteka Date: Wed, 9 Sep 2020 09:49:26 +0000 Subject: [PATCH 143/264] Added translation using Weblate (Spanish) --- priv/gettext/es/LC_MESSAGES/errors.po | 584 ++++++++++++++++++++++++++ 1 file changed, 584 insertions(+) create mode 100644 priv/gettext/es/LC_MESSAGES/errors.po diff --git a/priv/gettext/es/LC_MESSAGES/errors.po b/priv/gettext/es/LC_MESSAGES/errors.po new file mode 100644 index 000000000..4b0972e88 --- /dev/null +++ b/priv/gettext/es/LC_MESSAGES/errors.po @@ -0,0 +1,584 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2020-09-09 09:49+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Translate Toolkit 2.5.1\n" + +## This file is a PO Template file. +## +## `msgid`s here are often extracted from source code. +## Add new translations manually only if they're dynamic +## translations that can't be statically extracted. +## +## Run `mix gettext.extract` to bring this file up to +## date. Leave `msgstr`s empty as changing them here as no +## effect: edit them in PO (`.po`) files instead. +## From Ecto.Changeset.cast/4 +msgid "can't be blank" +msgstr "" + +## From Ecto.Changeset.unique_constraint/3 +msgid "has already been taken" +msgstr "" + +## From Ecto.Changeset.put_change/3 +msgid "is invalid" +msgstr "" + +## From Ecto.Changeset.validate_format/3 +msgid "has invalid format" +msgstr "" + +## From Ecto.Changeset.validate_subset/3 +msgid "has an invalid entry" +msgstr "" + +## From Ecto.Changeset.validate_exclusion/3 +msgid "is reserved" +msgstr "" + +## From Ecto.Changeset.validate_confirmation/3 +msgid "does not match confirmation" +msgstr "" + +## From Ecto.Changeset.no_assoc_constraint/3 +msgid "is still associated with this entry" +msgstr "" + +msgid "are still associated with this entry" +msgstr "" + +## From Ecto.Changeset.validate_length/3 +msgid "should be %{count} character(s)" +msgid_plural "should be %{count} character(s)" +msgstr[0] "" +msgstr[1] "" + +msgid "should have %{count} item(s)" +msgid_plural "should have %{count} item(s)" +msgstr[0] "" +msgstr[1] "" + +msgid "should be at least %{count} character(s)" +msgid_plural "should be at least %{count} character(s)" +msgstr[0] "" +msgstr[1] "" + +msgid "should have at least %{count} item(s)" +msgid_plural "should have at least %{count} item(s)" +msgstr[0] "" +msgstr[1] "" + +msgid "should be at most %{count} character(s)" +msgid_plural "should be at most %{count} character(s)" +msgstr[0] "" +msgstr[1] "" + +msgid "should have at most %{count} item(s)" +msgid_plural "should have at most %{count} item(s)" +msgstr[0] "" +msgstr[1] "" + +## From Ecto.Changeset.validate_number/3 +msgid "must be less than %{number}" +msgstr "" + +msgid "must be greater than %{number}" +msgstr "" + +msgid "must be less than or equal to %{number}" +msgstr "" + +msgid "must be greater than or equal to %{number}" +msgstr "" + +msgid "must be equal to %{number}" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:505 +#, elixir-format +msgid "Account not found" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:339 +#, elixir-format +msgid "Already voted" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:359 +#, elixir-format +msgid "Bad request" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:426 +#, elixir-format +msgid "Can't delete object" +msgstr "" + +#: lib/pleroma/web/controller_helper.ex:105 +#: lib/pleroma/web/controller_helper.ex:111 +#, elixir-format +msgid "Can't display this activity" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:285 +#, elixir-format +msgid "Can't find user" +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/account_controller.ex:61 +#, elixir-format +msgid "Can't get favorites" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:438 +#, elixir-format +msgid "Can't like object" +msgstr "" + +#: lib/pleroma/web/common_api/utils.ex:563 +#, elixir-format +msgid "Cannot post an empty status without attachments" +msgstr "" + +#: lib/pleroma/web/common_api/utils.ex:511 +#, elixir-format +msgid "Comment must be up to %{max_size} characters" +msgstr "" + +#: lib/pleroma/config/config_db.ex:191 +#, elixir-format +msgid "Config with params %{params} not found" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:181 +#: lib/pleroma/web/common_api/common_api.ex:185 +#, elixir-format +msgid "Could not delete" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:231 +#, elixir-format +msgid "Could not favorite" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:453 +#, elixir-format +msgid "Could not pin" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:278 +#, elixir-format +msgid "Could not unfavorite" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:463 +#, elixir-format +msgid "Could not unpin" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:216 +#, elixir-format +msgid "Could not unrepeat" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:512 +#: lib/pleroma/web/common_api/common_api.ex:521 +#, elixir-format +msgid "Could not update state" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex:207 +#, elixir-format +msgid "Error." +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:106 +#, elixir-format +msgid "Invalid CAPTCHA" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:116 +#: lib/pleroma/web/oauth/oauth_controller.ex:568 +#, elixir-format +msgid "Invalid credentials" +msgstr "" + +#: lib/pleroma/plugs/ensure_authenticated_plug.ex:38 +#, elixir-format +msgid "Invalid credentials." +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:355 +#, elixir-format +msgid "Invalid indices" +msgstr "" + +#: lib/pleroma/web/admin_api/controllers/fallback_controller.ex:29 +#, elixir-format +msgid "Invalid parameters" +msgstr "" + +#: lib/pleroma/web/common_api/utils.ex:414 +#, elixir-format +msgid "Invalid password." +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:220 +#, elixir-format +msgid "Invalid request" +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:109 +#, elixir-format +msgid "Kocaptcha service unavailable" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:112 +#, elixir-format +msgid "Missing parameters" +msgstr "" + +#: lib/pleroma/web/common_api/utils.ex:547 +#, elixir-format +msgid "No such conversation" +msgstr "" + +#: lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:388 +#: lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:414 lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:456 +#, elixir-format +msgid "No such permission_group" +msgstr "" + +#: lib/pleroma/plugs/uploaded_media.ex:84 +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:486 lib/pleroma/web/admin_api/controllers/fallback_controller.ex:11 +#: lib/pleroma/web/feed/user_controller.ex:71 lib/pleroma/web/ostatus/ostatus_controller.ex:143 +#, elixir-format +msgid "Not found" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:331 +#, elixir-format +msgid "Poll's author can't vote" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex:20 +#: lib/pleroma/web/mastodon_api/controllers/poll_controller.ex:37 lib/pleroma/web/mastodon_api/controllers/poll_controller.ex:49 +#: lib/pleroma/web/mastodon_api/controllers/poll_controller.ex:50 lib/pleroma/web/mastodon_api/controllers/status_controller.ex:306 +#: lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex:71 +#, elixir-format +msgid "Record not found" +msgstr "" + +#: lib/pleroma/web/admin_api/controllers/fallback_controller.ex:35 +#: lib/pleroma/web/feed/user_controller.ex:77 lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex:36 +#: lib/pleroma/web/ostatus/ostatus_controller.ex:149 +#, elixir-format +msgid "Something went wrong" +msgstr "" + +#: lib/pleroma/web/common_api/activity_draft.ex:107 +#, elixir-format +msgid "The message visibility must be direct" +msgstr "" + +#: lib/pleroma/web/common_api/utils.ex:573 +#, elixir-format +msgid "The status is over the character limit" +msgstr "" + +#: lib/pleroma/plugs/ensure_public_or_authenticated_plug.ex:31 +#, elixir-format +msgid "This resource requires authentication." +msgstr "" + +#: lib/pleroma/plugs/rate_limiter/rate_limiter.ex:206 +#, elixir-format +msgid "Throttled" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:356 +#, elixir-format +msgid "Too many choices" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:443 +#, elixir-format +msgid "Unhandled activity type" +msgstr "" + +#: lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:485 +#, elixir-format +msgid "You can't revoke your own admin status." +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:221 +#: lib/pleroma/web/oauth/oauth_controller.ex:308 +#, elixir-format +msgid "Your account is currently disabled" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:183 +#: lib/pleroma/web/oauth/oauth_controller.ex:331 +#, elixir-format +msgid "Your login is missing a confirmed e-mail address" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:390 +#, elixir-format +msgid "can't read inbox of %{nickname} as %{as_nickname}" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:473 +#, elixir-format +msgid "can't update outbox of %{nickname} as %{as_nickname}" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:471 +#, elixir-format +msgid "conversation is already muted" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:314 +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:492 +#, elixir-format +msgid "error" +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex:32 +#, elixir-format +msgid "mascots can only be images" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:62 +#, elixir-format +msgid "not found" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:394 +#, elixir-format +msgid "Bad OAuth request." +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:115 +#, elixir-format +msgid "CAPTCHA already used" +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:112 +#, elixir-format +msgid "CAPTCHA expired" +msgstr "" + +#: lib/pleroma/plugs/uploaded_media.ex:57 +#, elixir-format +msgid "Failed" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:410 +#, elixir-format +msgid "Failed to authenticate: %{message}." +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:441 +#, elixir-format +msgid "Failed to set up user account." +msgstr "" + +#: lib/pleroma/plugs/oauth_scopes_plug.ex:38 +#, elixir-format +msgid "Insufficient permissions: %{permissions}." +msgstr "" + +#: lib/pleroma/plugs/uploaded_media.ex:104 +#, elixir-format +msgid "Internal Error" +msgstr "" + +#: lib/pleroma/web/oauth/fallback_controller.ex:22 +#: lib/pleroma/web/oauth/fallback_controller.ex:29 +#, elixir-format +msgid "Invalid Username/Password" +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:118 +#, elixir-format +msgid "Invalid answer data" +msgstr "" + +#: lib/pleroma/web/nodeinfo/nodeinfo_controller.ex:33 +#, elixir-format +msgid "Nodeinfo schema version not handled" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:172 +#, elixir-format +msgid "This action is outside the authorized scopes" +msgstr "" + +#: lib/pleroma/web/oauth/fallback_controller.ex:14 +#, elixir-format +msgid "Unknown error, please check the details and try again." +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:119 +#: lib/pleroma/web/oauth/oauth_controller.ex:158 +#, elixir-format +msgid "Unlisted redirect_uri." +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:390 +#, elixir-format +msgid "Unsupported OAuth provider: %{provider}." +msgstr "" + +#: lib/pleroma/uploaders/uploader.ex:72 +#, elixir-format +msgid "Uploader callback timeout" +msgstr "" + +#: lib/pleroma/web/uploader_controller.ex:23 +#, elixir-format +msgid "bad request" +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:103 +#, elixir-format +msgid "CAPTCHA Error" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:290 +#, elixir-format +msgid "Could not add reaction emoji" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:301 +#, elixir-format +msgid "Could not remove reaction emoji" +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:129 +#, elixir-format +msgid "Invalid CAPTCHA (Missing parameter: %{name})" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/list_controller.ex:92 +#, elixir-format +msgid "List not found" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:123 +#, elixir-format +msgid "Missing parameter: %{name}" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:210 +#: lib/pleroma/web/oauth/oauth_controller.ex:321 +#, elixir-format +msgid "Password reset is required" +msgstr "" + +#: lib/pleroma/tests/auth_test_controller.ex:9 +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:6 lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:6 +#: lib/pleroma/web/admin_api/controllers/config_controller.ex:6 lib/pleroma/web/admin_api/controllers/fallback_controller.ex:6 +#: lib/pleroma/web/admin_api/controllers/invite_controller.ex:6 lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex:6 +#: lib/pleroma/web/admin_api/controllers/oauth_app_controller.ex:6 lib/pleroma/web/admin_api/controllers/relay_controller.ex:6 +#: lib/pleroma/web/admin_api/controllers/report_controller.ex:6 lib/pleroma/web/admin_api/controllers/status_controller.ex:6 +#: lib/pleroma/web/controller_helper.ex:6 lib/pleroma/web/embed_controller.ex:6 +#: lib/pleroma/web/fallback_redirect_controller.ex:6 lib/pleroma/web/feed/tag_controller.ex:6 +#: lib/pleroma/web/feed/user_controller.ex:6 lib/pleroma/web/mailer/subscription_controller.ex:2 +#: lib/pleroma/web/masto_fe_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/account_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/app_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/auth_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/conversation_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/custom_emoji_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/domain_block_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/filter_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/follow_request_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/instance_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/list_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/marker_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex:14 +#: lib/pleroma/web/mastodon_api/controllers/media_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/notification_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/poll_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/report_controller.ex:8 +#: lib/pleroma/web/mastodon_api/controllers/scheduled_activity_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/search_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/status_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex:7 +#: lib/pleroma/web/mastodon_api/controllers/suggestion_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex:6 +#: lib/pleroma/web/media_proxy/media_proxy_controller.ex:6 lib/pleroma/web/mongooseim/mongoose_im_controller.ex:6 +#: lib/pleroma/web/nodeinfo/nodeinfo_controller.ex:6 lib/pleroma/web/oauth/fallback_controller.ex:6 +#: lib/pleroma/web/oauth/mfa_controller.ex:10 lib/pleroma/web/oauth/oauth_controller.ex:6 +#: lib/pleroma/web/ostatus/ostatus_controller.ex:6 lib/pleroma/web/pleroma_api/controllers/account_controller.ex:6 +#: lib/pleroma/web/pleroma_api/controllers/chat_controller.ex:5 lib/pleroma/web/pleroma_api/controllers/conversation_controller.ex:6 +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:2 lib/pleroma/web/pleroma_api/controllers/emoji_reaction_controller.ex:6 +#: lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex:6 lib/pleroma/web/pleroma_api/controllers/notification_controller.ex:6 +#: lib/pleroma/web/pleroma_api/controllers/scrobble_controller.ex:6 +#: lib/pleroma/web/pleroma_api/controllers/two_factor_authentication_controller.ex:7 lib/pleroma/web/static_fe/static_fe_controller.ex:6 +#: lib/pleroma/web/twitter_api/controllers/password_controller.ex:10 lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex:6 +#: lib/pleroma/web/twitter_api/controllers/util_controller.ex:6 lib/pleroma/web/twitter_api/twitter_api_controller.ex:6 +#: lib/pleroma/web/uploader_controller.ex:6 lib/pleroma/web/web_finger/web_finger_controller.ex:6 +#, elixir-format +msgid "Security violation: OAuth scopes check was neither handled nor explicitly skipped." +msgstr "" + +#: lib/pleroma/plugs/ensure_authenticated_plug.ex:28 +#, elixir-format +msgid "Two-factor authentication enabled, you must use a access token." +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:210 +#, elixir-format +msgid "Unexpected error occurred while adding file to pack." +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:138 +#, elixir-format +msgid "Unexpected error occurred while creating pack." +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:278 +#, elixir-format +msgid "Unexpected error occurred while removing file from pack." +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:250 +#, elixir-format +msgid "Unexpected error occurred while updating file in pack." +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:179 +#, elixir-format +msgid "Unexpected error occurred while updating pack metadata." +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex:61 +#, elixir-format +msgid "Web push subscription is disabled on this Pleroma instance" +msgstr "" + +#: lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:451 +#, elixir-format +msgid "You can't revoke your own admin/moderator status." +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex:126 +#, elixir-format +msgid "authorization required for timeline view" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex:24 +#, elixir-format +msgid "Access denied" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:282 +#, elixir-format +msgid "This API requires an authenticated user" +msgstr "" + +#: lib/pleroma/plugs/user_is_admin_plug.ex:21 +#, elixir-format +msgid "User is not an admin." +msgstr "" From 6ec1a9ded164df2872ad4ec99ca673e7618c9253 Mon Sep 17 00:00:00 2001 From: tarteka Date: Wed, 9 Sep 2020 09:52:08 +0000 Subject: [PATCH 144/264] Translated using Weblate (Spanish) Currently translated at 9.4% (10 of 106 strings) Translation: Pleroma/Pleroma backend Translate-URL: https://translate.pleroma.social/projects/pleroma/pleroma/es/ --- priv/gettext/es/LC_MESSAGES/errors.po | 32 ++++++++++++++------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/priv/gettext/es/LC_MESSAGES/errors.po b/priv/gettext/es/LC_MESSAGES/errors.po index 4b0972e88..ba75936a9 100644 --- a/priv/gettext/es/LC_MESSAGES/errors.po +++ b/priv/gettext/es/LC_MESSAGES/errors.po @@ -3,14 +3,16 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-09-09 09:49+0000\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: Automatically generated\n" -"Language-Team: none\n" +"PO-Revision-Date: 2020-09-09 10:52+0000\n" +"Last-Translator: tarteka \n" +"Language-Team: Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Translate Toolkit 2.5.1\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.0.4\n" ## This file is a PO Template file. ## @@ -23,44 +25,44 @@ msgstr "" ## effect: edit them in PO (`.po`) files instead. ## From Ecto.Changeset.cast/4 msgid "can't be blank" -msgstr "" +msgstr "no puede estar en blanco" ## From Ecto.Changeset.unique_constraint/3 msgid "has already been taken" -msgstr "" +msgstr "ya está en uso" ## From Ecto.Changeset.put_change/3 msgid "is invalid" -msgstr "" +msgstr "es inválido" ## From Ecto.Changeset.validate_format/3 msgid "has invalid format" -msgstr "" +msgstr "el formato no es válido" ## From Ecto.Changeset.validate_subset/3 msgid "has an invalid entry" -msgstr "" +msgstr "tiene una entrada inválida" ## From Ecto.Changeset.validate_exclusion/3 msgid "is reserved" -msgstr "" +msgstr "está reservado" ## From Ecto.Changeset.validate_confirmation/3 msgid "does not match confirmation" -msgstr "" +msgstr "la confirmación no coincide" ## From Ecto.Changeset.no_assoc_constraint/3 msgid "is still associated with this entry" -msgstr "" +msgstr "todavía está asociado con esta entrada" msgid "are still associated with this entry" -msgstr "" +msgstr "todavía están asociados con esta entrada" ## From Ecto.Changeset.validate_length/3 msgid "should be %{count} character(s)" msgid_plural "should be %{count} character(s)" -msgstr[0] "" -msgstr[1] "" +msgstr[0] "debe tener %{count} carácter" +msgstr[1] "debe tener %{count} caracteres" msgid "should have %{count} item(s)" msgid_plural "should have %{count} item(s)" From 0c1d24318565ec5bca0dfbe749f09d7acc9f7e42 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Wed, 9 Sep 2020 18:34:07 +0300 Subject: [PATCH 145/264] bump concurrent_limiter Should fix gun deadlocks --- mix.exs | 2 +- mix.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mix.exs b/mix.exs index 9499aab2d..18f748672 100644 --- a/mix.exs +++ b/mix.exs @@ -180,7 +180,7 @@ defp deps do {:flake_id, "~> 0.1.0"}, {:concurrent_limiter, git: "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter.git", - ref: "55e92f84b4ed531bd487952a71040a9c69dc2807"}, + ref: "d81be41024569330f296fc472e24198d7499ba78"}, {:remote_ip, git: "https://git.pleroma.social/pleroma/remote_ip.git", ref: "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8"}, diff --git a/mix.lock b/mix.lock index c4f9cd28c..a28c47017 100644 --- a/mix.lock +++ b/mix.lock @@ -14,7 +14,7 @@ "certifi": {:hex, :certifi, "2.5.1", "867ce347f7c7d78563450a18a6a28a8090331e77fa02380b4a21962a65d36ee5", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm", "805abd97539caf89ec6d4732c91e62ba9da0cda51ac462380bbd28ee697a8c42"}, "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm", "1b1dbc1790073076580d0d1d64e42eae2366583e7aecd455d1215b0d16f2451b"}, "comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"}, - "concurrent_limiter": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter.git", "55e92f84b4ed531bd487952a71040a9c69dc2807", [ref: "55e92f84b4ed531bd487952a71040a9c69dc2807"]}, + "concurrent_limiter": {:git, "https://git.pleroma.social/pleroma/elixir-libraries/concurrent_limiter.git", "d81be41024569330f296fc472e24198d7499ba78", [ref: "d81be41024569330f296fc472e24198d7499ba78"]}, "connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"}, "cors_plug": {:hex, :cors_plug, "2.0.2", "2b46083af45e4bc79632bd951550509395935d3e7973275b2b743bd63cc942ce", [:mix], [{:plug, "~> 1.8", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f0d0e13f71c51fd4ef8b2c7e051388e4dfb267522a83a22392c856de7e46465f"}, "cowboy": {:hex, :cowboy, "2.8.0", "f3dc62e35797ecd9ac1b50db74611193c29815401e53bac9a5c0577bd7bc667d", [:rebar3], [{:cowlib, "~> 2.9.1", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "4643e4fba74ac96d4d152c75803de6fad0b3fa5df354c71afdd6cbeeb15fac8a"}, From 68a74d66596f0e35f0e080de25e4679d2c8b1b76 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 9 Sep 2020 19:30:42 +0300 Subject: [PATCH 146/264] [#2497] Added missing alias, removed legacy `:adapter` option specification for HTTP.get/_. --- lib/pleroma/helpers/media_helper.ex | 4 ++-- lib/pleroma/instances/instance.ex | 2 +- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 2 +- test/web/mastodon_api/views/account_view_test.exs | 1 + 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index a1205e10d..d834b4a07 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -14,7 +14,7 @@ defmodule Pleroma.Helpers.MediaHelper do def image_resize(url, options) do with executable when is_binary(executable) <- System.find_executable("convert"), {:ok, args} <- prepare_image_resize_args(options), - {:ok, env} <- HTTP.get(url, [], adapter: [pool: :media]), + {:ok, env} <- HTTP.get(url, [], pool: :media), {:ok, fifo_path} <- mkfifo() do args = List.flatten([fifo_path, args]) run_fifo(fifo_path, env, executable, args) @@ -62,7 +62,7 @@ defp prepare_image_resize_args(_), do: {:error, :missing_options} def video_framegrab(url) do with executable when is_binary(executable) <- System.find_executable("ffmpeg"), - {:ok, env} <- HTTP.get(url, [], adapter: [pool: :media]), + {:ok, env} <- HTTP.get(url, [], pool: :media), {:ok, fifo_path} <- mkfifo(), args = [ "-y", diff --git a/lib/pleroma/instances/instance.ex b/lib/pleroma/instances/instance.ex index 8bf53c090..4fe4b198d 100644 --- a/lib/pleroma/instances/instance.ex +++ b/lib/pleroma/instances/instance.ex @@ -157,7 +157,7 @@ defp scrape_favicon(%URI{} = instance_uri) do try do with {:ok, %Tesla.Env{body: html}} <- Pleroma.HTTP.get(to_string(instance_uri), [{"accept", "text/html"}], - adapter: [pool: :media] + pool: :media ), favicon_rel <- html diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 89f4a23bd..acb581459 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -51,7 +51,7 @@ defp handle_preview(conn, url) do media_proxy_url = MediaProxy.url(url) with {:ok, %{status: status} = head_response} when status in 200..299 <- - Pleroma.HTTP.request("head", media_proxy_url, [], [], adapter: [pool: :media]) do + Pleroma.HTTP.request("head", media_proxy_url, [], [], pool: :media) do content_type = Tesla.get_header(head_response, "content-type") handle_preview(content_type, conn, media_proxy_url) else diff --git a/test/web/mastodon_api/views/account_view_test.exs b/test/web/mastodon_api/views/account_view_test.exs index 5c5aa6cee..793b44fca 100644 --- a/test/web/mastodon_api/views/account_view_test.exs +++ b/test/web/mastodon_api/views/account_view_test.exs @@ -5,6 +5,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do use Pleroma.DataCase + alias Pleroma.Config alias Pleroma.User alias Pleroma.UserRelationship alias Pleroma.Web.CommonAPI From b4860c57a63b48ded8eaa37b9f40cc0851c78882 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 9 Sep 2020 19:43:36 +0300 Subject: [PATCH 147/264] [#2497] Formatting fix. --- lib/pleroma/instances/instance.ex | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/pleroma/instances/instance.ex b/lib/pleroma/instances/instance.ex index 4fe4b198d..ad7764f05 100644 --- a/lib/pleroma/instances/instance.ex +++ b/lib/pleroma/instances/instance.ex @@ -156,9 +156,7 @@ def get_or_update_favicon(%URI{host: host} = instance_uri) do defp scrape_favicon(%URI{} = instance_uri) do try do with {:ok, %Tesla.Env{body: html}} <- - Pleroma.HTTP.get(to_string(instance_uri), [{"accept", "text/html"}], - pool: :media - ), + Pleroma.HTTP.get(to_string(instance_uri), [{"accept", "text/html"}], pool: :media), favicon_rel <- html |> Floki.parse_document!() From cad69669fc692da360929a5961e96550de1f1fe1 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 9 Sep 2020 22:44:38 +0300 Subject: [PATCH 148/264] [#2130] Fixed OAuth OOB authentication for users with enabled MFA. --- lib/pleroma/web/oauth/oauth_controller.ex | 5 ++++- .../o_auth/o_auth/oob_authorization_created.html.eex | 2 +- .../web/templates/o_auth/o_auth/oob_token_exists.html.eex | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index dd00600ea..06b116368 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -145,7 +145,10 @@ def create_authorization( def after_create_authorization(%Plug.Conn{} = conn, %Authorization{} = auth, %{ "authorization" => %{"redirect_uri" => @oob_token_redirect_uri} }) do - render(conn, "oob_authorization_created.html", %{auth: auth}) + # Enforcing the view to reuse the template when calling from other controllers + conn + |> put_view(OAuthView) + |> render("oob_authorization_created.html", %{auth: auth}) end def after_create_authorization(%Plug.Conn{} = conn, %Authorization{} = auth, %{ diff --git a/lib/pleroma/web/templates/o_auth/o_auth/oob_authorization_created.html.eex b/lib/pleroma/web/templates/o_auth/o_auth/oob_authorization_created.html.eex index 8443d906b..ffabe29a6 100644 --- a/lib/pleroma/web/templates/o_auth/o_auth/oob_authorization_created.html.eex +++ b/lib/pleroma/web/templates/o_auth/o_auth/oob_authorization_created.html.eex @@ -1,2 +1,2 @@

Successfully authorized

-

Token code is <%= @auth.token %>

+

Token code is
<%= @auth.token %>

diff --git a/lib/pleroma/web/templates/o_auth/o_auth/oob_token_exists.html.eex b/lib/pleroma/web/templates/o_auth/o_auth/oob_token_exists.html.eex index 961aad976..82785c4b9 100644 --- a/lib/pleroma/web/templates/o_auth/o_auth/oob_token_exists.html.eex +++ b/lib/pleroma/web/templates/o_auth/o_auth/oob_token_exists.html.eex @@ -1,2 +1,2 @@

Authorization exists

-

Access token is <%= @token.token %>

+

Access token is
<%= @token.token %>

From ab56dd54e787eae82cf00fddc90eab4c5cbac4a9 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Thu, 10 Sep 2020 11:23:39 +0300 Subject: [PATCH 149/264] use Pleroma.HTTP in emoji packs tasks --- lib/mix/tasks/pleroma/emoji.ex | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/lib/mix/tasks/pleroma/emoji.ex b/lib/mix/tasks/pleroma/emoji.ex index 8f52ee98d..1750373f9 100644 --- a/lib/mix/tasks/pleroma/emoji.ex +++ b/lib/mix/tasks/pleroma/emoji.ex @@ -183,7 +183,7 @@ def run(["gen-pack" | args]) do IO.puts("Downloading the pack and generating SHA256") - binary_archive = Tesla.get!(client(), src).body + {:ok, %{body: binary_archive}} = Pleroma.HTTP.get(src) archive_sha = :crypto.hash(:sha256, binary_archive) |> Base.encode16() IO.puts("SHA256 is #{archive_sha}") @@ -252,7 +252,7 @@ defp fetch_and_decode!(from) do end defp fetch("http" <> _ = from) do - with {:ok, %{body: body}} <- Tesla.get(client(), from) do + with {:ok, %{body: body}} <- Pleroma.HTTP.get(from) do {:ok, body} end end @@ -271,13 +271,5 @@ defp parse_global_opts(args) do ) end - defp client do - middleware = [ - {Tesla.Middleware.FollowRedirects, [max_redirects: 3]} - ] - - Tesla.client(middleware) - end - defp default_manifest, do: Pleroma.Config.get!([:emoji, :default_manifest]) end From 148bc244359e70c87ec2812c65da83fe87efbc68 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 10 Sep 2020 11:54:10 +0300 Subject: [PATCH 150/264] [#2497] Removed Hackney-specific code (no longer needed due to adapter options unification). --- .../activity_pub/mrf/media_proxy_warming_policy.ex | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex index 6c63fe15c..0fb05d3c4 100644 --- a/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/media_proxy_warming_policy.ex @@ -13,17 +13,10 @@ defmodule Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy do require Logger @adapter_options [ - pool: :media + pool: :media, + recv_timeout: 10_000 ] - defp adapter_options do - if Application.get_env(:tesla, :adapter) == Tesla.Adapter.Hackney do - Keyword.put(@adapter_options, :recv_timeout, 10_000) - else - @adapter_options - end - end - def perform(:prefetch, url) do # Fetching only proxiable resources if MediaProxy.enabled?() and MediaProxy.url_proxiable?(url) do @@ -32,7 +25,7 @@ def perform(:prefetch, url) do Logger.debug("Prefetching #{inspect(url)} as #{inspect(prefetch_url)}") - HTTP.get(prefetch_url, [], adapter: adapter_options()) + HTTP.get(prefetch_url, [], @adapter_options) end end From 3ce658b93098551792a69f2455e6e9339a1722e2 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Tue, 25 Aug 2020 19:17:51 +0300 Subject: [PATCH 151/264] schedule expired oauth tokens deletion with Oban --- config/config.exs | 2 +- config/description.exs | 1 - lib/pleroma/web/oauth/token.ex | 24 ++++++++++------ lib/pleroma/web/oauth/token/clean_worker.ex | 2 -- lib/pleroma/web/oauth/token/query.ex | 6 ---- .../web/oauth/token/strategy/refresh_token.ex | 2 +- .../workers/cron/clear_oauth_token_worker.ex | 23 --------------- lib/pleroma/workers/purge_expired_token.ex | 28 +++++++++++++++++++ test/plugs/oauth_plug_test.exs | 2 +- test/web/oauth/token_test.exs | 13 --------- .../twitter_api/password_controller_test.exs | 4 +-- .../cron/clear_oauth_token_worker_test.exs | 22 --------------- .../purge_expired_oauth_token_test.exs | 27 ++++++++++++++++++ 13 files changed, 76 insertions(+), 80 deletions(-) delete mode 100644 lib/pleroma/workers/cron/clear_oauth_token_worker.ex create mode 100644 lib/pleroma/workers/purge_expired_token.ex delete mode 100644 test/workers/cron/clear_oauth_token_worker_test.exs create mode 100644 test/workers/purge_expired_oauth_token_test.exs diff --git a/config/config.exs b/config/config.exs index 1a2b312b5..fa4c96b79 100644 --- a/config/config.exs +++ b/config/config.exs @@ -530,6 +530,7 @@ log: false, queues: [ activity_expiration: 10, + oauth_token_expiration: 1, federator_incoming: 50, federator_outgoing: 50, web_push: 50, @@ -543,7 +544,6 @@ ], plugins: [Oban.Plugins.Pruner], crontab: [ - {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker}, {"* * * * *", Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker}, {"0 0 * * 0", Pleroma.Workers.Cron.DigestEmailsWorker}, {"0 0 * * *", Pleroma.Workers.Cron.NewUsersDigestWorker} diff --git a/config/description.exs b/config/description.exs index eac97ad64..4c4deed30 100644 --- a/config/description.exs +++ b/config/description.exs @@ -2290,7 +2290,6 @@ type: {:list, :tuple}, description: "Settings for cron background jobs", suggestions: [ - {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker}, {"* * * * *", Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker}, {"0 0 * * 0", Pleroma.Workers.Cron.DigestEmailsWorker}, {"0 0 * * *", Pleroma.Workers.Cron.NewUsersDigestWorker} diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex index 08bb7326d..4d00fcb1c 100644 --- a/lib/pleroma/web/oauth/token.ex +++ b/lib/pleroma/web/oauth/token.ex @@ -50,7 +50,7 @@ def exchange_token(app, auth) do true <- auth.app_id == app.id do user = if auth.user_id, do: User.get_cached_by_id(auth.user_id), else: %User{} - create_token( + create( app, user, %{scopes: auth.scopes} @@ -83,8 +83,21 @@ defp put_valid_until(changeset, attrs) do |> validate_required([:valid_until]) end - @spec create_token(App.t(), User.t(), map()) :: {:ok, Token} | {:error, Changeset.t()} - def create_token(%App{} = app, %User{} = user, attrs \\ %{}) do + @spec create(App.t(), User.t(), map()) :: {:ok, Token} | {:error, Changeset.t()} + def create(%App{} = app, %User{} = user, attrs \\ %{}) do + with {:ok, token} <- do_create(app, user, attrs) do + if Pleroma.Config.get([:oauth2, :clean_expired_tokens]) do + Pleroma.Workers.PurgeExpiredOAuthToken.enqueue(%{ + token_id: token.id, + valid_until: DateTime.from_naive!(token.valid_until, "Etc/UTC") + }) + end + + {:ok, token} + end + end + + defp do_create(app, user, attrs) do %__MODULE__{user_id: user.id, app_id: app.id} |> cast(%{scopes: attrs[:scopes] || app.scopes}, [:scopes]) |> validate_required([:scopes, :app_id]) @@ -105,11 +118,6 @@ def delete_user_token(%User{id: user_id}, token_id) do |> Repo.delete_all() end - def delete_expired_tokens do - Query.get_expired_tokens() - |> Repo.delete_all() - end - def get_user_tokens(%User{id: user_id}) do Query.get_by_user(user_id) |> Query.preload([:app]) diff --git a/lib/pleroma/web/oauth/token/clean_worker.ex b/lib/pleroma/web/oauth/token/clean_worker.ex index e3aa4eb7e..2f51bdb75 100644 --- a/lib/pleroma/web/oauth/token/clean_worker.ex +++ b/lib/pleroma/web/oauth/token/clean_worker.ex @@ -12,7 +12,6 @@ defmodule Pleroma.Web.OAuth.Token.CleanWorker do @one_day 86_400_000 alias Pleroma.MFA - alias Pleroma.Web.OAuth alias Pleroma.Workers.BackgroundWorker def start_link(_), do: GenServer.start_link(__MODULE__, %{}) @@ -32,7 +31,6 @@ def handle_info(:perform, state) do end def perform(:clean) do - OAuth.Token.delete_expired_tokens() MFA.Token.delete_expired_tokens() end end diff --git a/lib/pleroma/web/oauth/token/query.ex b/lib/pleroma/web/oauth/token/query.ex index 93d6e26ed..fd6d9b112 100644 --- a/lib/pleroma/web/oauth/token/query.ex +++ b/lib/pleroma/web/oauth/token/query.ex @@ -33,12 +33,6 @@ def get_by_id(query \\ Token, id) do from(q in query, where: q.id == ^id) end - @spec get_expired_tokens(query, DateTime.t() | nil) :: query - def get_expired_tokens(query \\ Token, date \\ nil) do - expired_date = date || Timex.now() - from(q in query, where: fragment("?", q.valid_until) < ^expired_date) - end - @spec get_by_user(query, String.t()) :: query def get_by_user(query \\ Token, user_id) do from(q in query, where: q.user_id == ^user_id) diff --git a/lib/pleroma/web/oauth/token/strategy/refresh_token.ex b/lib/pleroma/web/oauth/token/strategy/refresh_token.ex index debc29b0b..625b0fde2 100644 --- a/lib/pleroma/web/oauth/token/strategy/refresh_token.ex +++ b/lib/pleroma/web/oauth/token/strategy/refresh_token.ex @@ -46,7 +46,7 @@ defp revoke_access_token(token) do defp create_access_token({:error, error}, _), do: {:error, error} defp create_access_token({:ok, token}, %{app: app, user: user} = token_params) do - Token.create_token(app, user, add_refresh_token(token_params, token.refresh_token)) + Token.create(app, user, add_refresh_token(token_params, token.refresh_token)) end defp add_refresh_token(params, token) do diff --git a/lib/pleroma/workers/cron/clear_oauth_token_worker.ex b/lib/pleroma/workers/cron/clear_oauth_token_worker.ex deleted file mode 100644 index 276f47efc..000000000 --- a/lib/pleroma/workers/cron/clear_oauth_token_worker.ex +++ /dev/null @@ -1,23 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Workers.Cron.ClearOauthTokenWorker do - @moduledoc """ - The worker to cleanup expired oAuth tokens. - """ - - use Oban.Worker, queue: "background" - - alias Pleroma.Config - alias Pleroma.Web.OAuth.Token - - @impl Oban.Worker - def perform(_job) do - if Config.get([:oauth2, :clean_expired_tokens], false) do - Token.delete_expired_tokens() - end - - :ok - end -end diff --git a/lib/pleroma/workers/purge_expired_token.ex b/lib/pleroma/workers/purge_expired_token.ex new file mode 100644 index 000000000..6068e43bf --- /dev/null +++ b/lib/pleroma/workers/purge_expired_token.ex @@ -0,0 +1,28 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Workers.PurgeExpiredOAuthToken do + @moduledoc """ + Worker which purges expired OAuth tokens + """ + + use Oban.Worker, queue: :oauth_token_expiration, max_attempts: 1 + + @spec enqueue(%{token_id: integer(), valid_until: DateTime.t()}) :: + {:ok, Oban.Job.t()} | {:error, Ecto.Changeset.t()} + def enqueue(args) do + {scheduled_at, args} = Map.pop(args, :valid_until) + + args + |> __MODULE__.new(scheduled_at: scheduled_at) + |> Oban.insert() + end + + @impl true + def perform(%Oban.Job{args: %{"token_id" => id}}) do + Pleroma.Web.OAuth.Token + |> Pleroma.Repo.get(id) + |> Pleroma.Repo.delete() + end +end diff --git a/test/plugs/oauth_plug_test.exs b/test/plugs/oauth_plug_test.exs index f74c068cd..9d39d3153 100644 --- a/test/plugs/oauth_plug_test.exs +++ b/test/plugs/oauth_plug_test.exs @@ -16,7 +16,7 @@ defmodule Pleroma.Plugs.OAuthPlugTest do setup %{conn: conn} do user = insert(:user) - {:ok, %{token: token}} = Pleroma.Web.OAuth.Token.create_token(insert(:oauth_app), user) + {:ok, %{token: token}} = Pleroma.Web.OAuth.Token.create(insert(:oauth_app), user) %{user: user, token: token, conn: conn} end diff --git a/test/web/oauth/token_test.exs b/test/web/oauth/token_test.exs index 40d71eb59..c88b9cc98 100644 --- a/test/web/oauth/token_test.exs +++ b/test/web/oauth/token_test.exs @@ -69,17 +69,4 @@ test "deletes all tokens of a user" do assert tokens == 2 end - - test "deletes expired tokens" do - insert(:oauth_token, valid_until: Timex.shift(Timex.now(), days: -3)) - insert(:oauth_token, valid_until: Timex.shift(Timex.now(), days: -3)) - t3 = insert(:oauth_token) - t4 = insert(:oauth_token, valid_until: Timex.shift(Timex.now(), minutes: 10)) - {tokens, _} = Token.delete_expired_tokens() - assert tokens == 2 - available_tokens = Pleroma.Repo.all(Token) - - token_ids = available_tokens |> Enum.map(& &1.id) - assert token_ids == [t3.id, t4.id] - end end diff --git a/test/web/twitter_api/password_controller_test.exs b/test/web/twitter_api/password_controller_test.exs index 231a46c67..a5e9e2178 100644 --- a/test/web/twitter_api/password_controller_test.exs +++ b/test/web/twitter_api/password_controller_test.exs @@ -37,7 +37,7 @@ test "it shows password reset form", %{conn: conn} do test "it returns HTTP 200", %{conn: conn} do user = insert(:user) {:ok, token} = PasswordResetToken.create_token(user) - {:ok, _access_token} = Token.create_token(insert(:oauth_app), user, %{}) + {:ok, _access_token} = Token.create(insert(:oauth_app), user, %{}) params = %{ "password" => "test", @@ -62,7 +62,7 @@ test "it sets password_reset_pending to false", %{conn: conn} do user = insert(:user, password_reset_pending: true) {:ok, token} = PasswordResetToken.create_token(user) - {:ok, _access_token} = Token.create_token(insert(:oauth_app), user, %{}) + {:ok, _access_token} = Token.create(insert(:oauth_app), user, %{}) params = %{ "password" => "test", diff --git a/test/workers/cron/clear_oauth_token_worker_test.exs b/test/workers/cron/clear_oauth_token_worker_test.exs deleted file mode 100644 index 67836f34f..000000000 --- a/test/workers/cron/clear_oauth_token_worker_test.exs +++ /dev/null @@ -1,22 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Workers.Cron.ClearOauthTokenWorkerTest do - use Pleroma.DataCase - - import Pleroma.Factory - alias Pleroma.Workers.Cron.ClearOauthTokenWorker - - setup do: clear_config([:oauth2, :clean_expired_tokens]) - - test "deletes expired tokens" do - insert(:oauth_token, - valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), -60 * 10) - ) - - Pleroma.Config.put([:oauth2, :clean_expired_tokens], true) - ClearOauthTokenWorker.perform(%Oban.Job{}) - assert Pleroma.Repo.all(Pleroma.Web.OAuth.Token) == [] - end -end diff --git a/test/workers/purge_expired_oauth_token_test.exs b/test/workers/purge_expired_oauth_token_test.exs new file mode 100644 index 000000000..3bd650d89 --- /dev/null +++ b/test/workers/purge_expired_oauth_token_test.exs @@ -0,0 +1,27 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Workers.PurgeExpiredOAuthTokenTest do + use Pleroma.DataCase, async: true + use Oban.Testing, repo: Pleroma.Repo + + import Pleroma.Factory + + setup do: clear_config([:oauth2, :clean_expired_tokens], true) + + test "purges expired token" do + user = insert(:user) + app = insert(:oauth_app) + + {:ok, %{id: id}} = Pleroma.Web.OAuth.Token.create(app, user) + + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredOAuthToken, + args: %{token_id: id} + ) + + assert {:ok, %{id: ^id}} = + perform_job(Pleroma.Workers.PurgeExpiredOAuthToken, %{token_id: id}) + end +end From 7dd986a563545cb63e8404d9b107f1d29c499940 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Sat, 5 Sep 2020 18:35:01 +0300 Subject: [PATCH 152/264] expire mfa tokens through Oban --- config/config.exs | 2 +- docs/configuration/cheatsheet.md | 10 +-- lib/pleroma/mfa/token.ex | 71 +++++++++---------- lib/pleroma/web/oauth/oauth_controller.ex | 4 +- lib/pleroma/web/oauth/token.ex | 5 +- lib/pleroma/web/oauth/token/clean_worker.ex | 36 ---------- .../controllers/remote_follow_controller.ex | 2 +- lib/pleroma/workers/purge_expired_token.ex | 11 +-- .../remote_follow_controller_test.exs | 4 +- .../purge_expired_oauth_token_test.exs | 27 ------- test/workers/purge_expired_token_test.exs | 51 +++++++++++++ 11 files changed, 106 insertions(+), 117 deletions(-) delete mode 100644 lib/pleroma/web/oauth/token/clean_worker.ex delete mode 100644 test/workers/purge_expired_oauth_token_test.exs create mode 100644 test/workers/purge_expired_token_test.exs diff --git a/config/config.exs b/config/config.exs index fa4c96b79..95a6ea9db 100644 --- a/config/config.exs +++ b/config/config.exs @@ -530,7 +530,7 @@ log: false, queues: [ activity_expiration: 10, - oauth_token_expiration: 1, + token_expiration: 5, federator_incoming: 50, federator_outgoing: 50, web_push: 50, diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index ec59896ec..d0bebbd45 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -691,9 +691,8 @@ Pleroma has the following queues: Pleroma has these periodic job workers: -`Pleroma.Workers.Cron.ClearOauthTokenWorker` - a job worker to cleanup expired oauth tokens. - -Example: +* `Pleroma.Workers.Cron.DigestEmailsWorker` - digest emails for users with new mentions and follows +* `Pleroma.Workers.Cron.NewUsersDigestWorker` - digest emails for admins with new registrations ```elixir config :pleroma, Oban, @@ -705,7 +704,8 @@ config :pleroma, Oban, federator_outgoing: 50 ], crontab: [ - {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker} + {"0 0 * * 0", Pleroma.Workers.Cron.DigestEmailsWorker}, + {"0 0 * * *", Pleroma.Workers.Cron.NewUsersDigestWorker} ] ``` @@ -972,7 +972,7 @@ Configure OAuth 2 provider capabilities: * `token_expires_in` - The lifetime in seconds of the access token. * `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token. -* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`. Interval settings sets in configuration periodic jobs [`Oban.Cron`](#obancron) +* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`. ## Link parsing diff --git a/lib/pleroma/mfa/token.ex b/lib/pleroma/mfa/token.ex index 0b2449971..69b64c0e8 100644 --- a/lib/pleroma/mfa/token.ex +++ b/lib/pleroma/mfa/token.ex @@ -10,10 +10,11 @@ defmodule Pleroma.MFA.Token do alias Pleroma.Repo alias Pleroma.User alias Pleroma.Web.OAuth.Authorization - alias Pleroma.Web.OAuth.Token, as: OAuthToken @expires 300 + @type t() :: %__MODULE__{} + schema "mfa_tokens" do field(:token, :string) field(:valid_until, :naive_datetime_usec) @@ -24,6 +25,7 @@ defmodule Pleroma.MFA.Token do timestamps() end + @spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found} def get_by_token(token) do from( t in __MODULE__, @@ -33,33 +35,40 @@ def get_by_token(token) do |> Repo.find_resource() end - def validate(token) do - with {:fetch_token, {:ok, token}} <- {:fetch_token, get_by_token(token)}, - {:expired, false} <- {:expired, is_expired?(token)} do + @spec validate(String.t()) :: {:ok, t()} | {:error, :not_found} | {:error, :expired_token} + def validate(token_str) do + with {:ok, token} <- get_by_token(token_str), + false <- expired?(token) do {:ok, token} - else - {:expired, _} -> {:error, :expired_token} - {:fetch_token, _} -> {:error, :not_found} - error -> {:error, error} end end - def create_token(%User{} = user) do - %__MODULE__{} - |> change - |> assign_user(user) - |> put_token - |> put_valid_until - |> Repo.insert() + defp expired?(%__MODULE__{valid_until: valid_until}) do + with true <- NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) > 0 do + {:error, :expired_token} + end end - def create_token(user, authorization) do + @spec create(User.t(), Authorization.t() | nil) :: {:ok, t()} | {:error, Ecto.Changeset.t()} + def create(user, authorization \\ nil) do + with {:ok, token} <- do_create(user, authorization) do + Pleroma.Workers.PurgeExpiredToken.enqueue(%{ + token_id: token.id, + valid_until: DateTime.from_naive!(token.valid_until, "Etc/UTC"), + mod: __MODULE__ + }) + + {:ok, token} + end + end + + defp do_create(user, authorization) do %__MODULE__{} - |> change + |> change() |> assign_user(user) - |> assign_authorization(authorization) - |> put_token - |> put_valid_until + |> maybe_assign_authorization(authorization) + |> put_token() + |> put_valid_until() |> Repo.insert() end @@ -69,15 +78,19 @@ defp assign_user(changeset, user) do |> validate_required([:user]) end - defp assign_authorization(changeset, authorization) do + defp maybe_assign_authorization(changeset, %Authorization{} = authorization) do changeset |> put_assoc(:authorization, authorization) |> validate_required([:authorization]) end + defp maybe_assign_authorization(changeset, _), do: changeset + defp put_token(changeset) do + token = Pleroma.Web.OAuth.Token.Utils.generate_token() + changeset - |> change(%{token: OAuthToken.Utils.generate_token()}) + |> change(%{token: token}) |> validate_required([:token]) |> unique_constraint(:token) end @@ -89,18 +102,4 @@ defp put_valid_until(changeset) do |> change(%{valid_until: expires_in}) |> validate_required([:valid_until]) end - - def is_expired?(%__MODULE__{valid_until: valid_until}) do - NaiveDateTime.diff(NaiveDateTime.utc_now(), valid_until) > 0 - end - - def is_expired?(_), do: false - - def delete_expired_tokens do - from( - q in __MODULE__, - where: fragment("?", q.valid_until) < ^Timex.now() - ) - |> Repo.delete_all() - end end diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index dd00600ea..bbe7aa8a0 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -197,7 +197,7 @@ defp handle_create_authorization_error( {:mfa_required, user, auth, _}, params ) do - {:ok, token} = MFA.Token.create_token(user, auth) + {:ok, token} = MFA.Token.create(user, auth) data = %{ "mfa_token" => token.token, @@ -579,7 +579,7 @@ defp put_session_registration_id(%Plug.Conn{} = conn, registration_id), do: put_session(conn, :registration_id, registration_id) defp build_and_response_mfa_token(user, auth) do - with {:ok, token} <- MFA.Token.create_token(user, auth) do + with {:ok, token} <- MFA.Token.create(user, auth) do MFAView.render("mfa_response.json", %{token: token, user: user}) end end diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex index 4d00fcb1c..de37998f2 100644 --- a/lib/pleroma/web/oauth/token.ex +++ b/lib/pleroma/web/oauth/token.ex @@ -87,9 +87,10 @@ defp put_valid_until(changeset, attrs) do def create(%App{} = app, %User{} = user, attrs \\ %{}) do with {:ok, token} <- do_create(app, user, attrs) do if Pleroma.Config.get([:oauth2, :clean_expired_tokens]) do - Pleroma.Workers.PurgeExpiredOAuthToken.enqueue(%{ + Pleroma.Workers.PurgeExpiredToken.enqueue(%{ token_id: token.id, - valid_until: DateTime.from_naive!(token.valid_until, "Etc/UTC") + valid_until: DateTime.from_naive!(token.valid_until, "Etc/UTC"), + mod: __MODULE__ }) end diff --git a/lib/pleroma/web/oauth/token/clean_worker.ex b/lib/pleroma/web/oauth/token/clean_worker.ex deleted file mode 100644 index 2f51bdb75..000000000 --- a/lib/pleroma/web/oauth/token/clean_worker.ex +++ /dev/null @@ -1,36 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.OAuth.Token.CleanWorker do - @moduledoc """ - The module represents functions to clean an expired OAuth and MFA tokens. - """ - use GenServer - - @ten_seconds 10_000 - @one_day 86_400_000 - - alias Pleroma.MFA - alias Pleroma.Workers.BackgroundWorker - - def start_link(_), do: GenServer.start_link(__MODULE__, %{}) - - def init(_) do - Process.send_after(self(), :perform, @ten_seconds) - {:ok, nil} - end - - @doc false - def handle_info(:perform, state) do - BackgroundWorker.enqueue("clean_expired_tokens", %{}) - interval = Pleroma.Config.get([:oauth2, :clean_expired_tokens_interval], @one_day) - - Process.send_after(self(), :perform, interval) - {:noreply, state} - end - - def perform(:clean) do - MFA.Token.delete_expired_tokens() - end -end diff --git a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex index 521dc9322..072d889e2 100644 --- a/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex @@ -135,7 +135,7 @@ defp handle_follow_error(conn, {:verify_mfa_code, followee, token, _} = _) do end defp handle_follow_error(conn, {:mfa_required, followee, user, _} = _) do - {:ok, %{token: token}} = MFA.Token.create_token(user) + {:ok, %{token: token}} = MFA.Token.create(user) render(conn, "follow_mfa.html", %{followee: followee, mfa_token: token, error: false}) end diff --git a/lib/pleroma/workers/purge_expired_token.ex b/lib/pleroma/workers/purge_expired_token.ex index 6068e43bf..a81e0cd28 100644 --- a/lib/pleroma/workers/purge_expired_token.ex +++ b/lib/pleroma/workers/purge_expired_token.ex @@ -2,14 +2,14 @@ # Copyright © 2017-2020 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only -defmodule Pleroma.Workers.PurgeExpiredOAuthToken do +defmodule Pleroma.Workers.PurgeExpiredToken do @moduledoc """ Worker which purges expired OAuth tokens """ - use Oban.Worker, queue: :oauth_token_expiration, max_attempts: 1 + use Oban.Worker, queue: :token_expiration, max_attempts: 1 - @spec enqueue(%{token_id: integer(), valid_until: DateTime.t()}) :: + @spec enqueue(%{token_id: integer(), valid_until: DateTime.t(), mod: module()}) :: {:ok, Oban.Job.t()} | {:error, Ecto.Changeset.t()} def enqueue(args) do {scheduled_at, args} = Map.pop(args, :valid_until) @@ -20,8 +20,9 @@ def enqueue(args) do end @impl true - def perform(%Oban.Job{args: %{"token_id" => id}}) do - Pleroma.Web.OAuth.Token + def perform(%Oban.Job{args: %{"token_id" => id, "mod" => module}}) do + module + |> String.to_existing_atom() |> Pleroma.Repo.get(id) |> Pleroma.Repo.delete() end diff --git a/test/web/twitter_api/remote_follow_controller_test.exs b/test/web/twitter_api/remote_follow_controller_test.exs index f7e54c26a..3852c7ce9 100644 --- a/test/web/twitter_api/remote_follow_controller_test.exs +++ b/test/web/twitter_api/remote_follow_controller_test.exs @@ -227,7 +227,7 @@ test "follows", %{conn: conn} do } ) - {:ok, %{token: token}} = MFA.Token.create_token(user) + {:ok, %{token: token}} = MFA.Token.create(user) user2 = insert(:user) otp_token = TOTP.generate_token(otp_secret) @@ -256,7 +256,7 @@ test "returns error when auth code is incorrect", %{conn: conn} do } ) - {:ok, %{token: token}} = MFA.Token.create_token(user) + {:ok, %{token: token}} = MFA.Token.create(user) user2 = insert(:user) otp_token = TOTP.generate_token(TOTP.generate_secret()) diff --git a/test/workers/purge_expired_oauth_token_test.exs b/test/workers/purge_expired_oauth_token_test.exs deleted file mode 100644 index 3bd650d89..000000000 --- a/test/workers/purge_expired_oauth_token_test.exs +++ /dev/null @@ -1,27 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Workers.PurgeExpiredOAuthTokenTest do - use Pleroma.DataCase, async: true - use Oban.Testing, repo: Pleroma.Repo - - import Pleroma.Factory - - setup do: clear_config([:oauth2, :clean_expired_tokens], true) - - test "purges expired token" do - user = insert(:user) - app = insert(:oauth_app) - - {:ok, %{id: id}} = Pleroma.Web.OAuth.Token.create(app, user) - - assert_enqueued( - worker: Pleroma.Workers.PurgeExpiredOAuthToken, - args: %{token_id: id} - ) - - assert {:ok, %{id: ^id}} = - perform_job(Pleroma.Workers.PurgeExpiredOAuthToken, %{token_id: id}) - end -end diff --git a/test/workers/purge_expired_token_test.exs b/test/workers/purge_expired_token_test.exs new file mode 100644 index 000000000..fb7708c3f --- /dev/null +++ b/test/workers/purge_expired_token_test.exs @@ -0,0 +1,51 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Workers.PurgeExpiredTokenTest do + use Pleroma.DataCase, async: true + use Oban.Testing, repo: Pleroma.Repo + + import Pleroma.Factory + + setup do: clear_config([:oauth2, :clean_expired_tokens], true) + + test "purges expired oauth token" do + user = insert(:user) + app = insert(:oauth_app) + + {:ok, %{id: id}} = Pleroma.Web.OAuth.Token.create(app, user) + + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredToken, + args: %{token_id: id, mod: Pleroma.Web.OAuth.Token} + ) + + assert {:ok, %{id: ^id}} = + perform_job(Pleroma.Workers.PurgeExpiredToken, %{ + token_id: id, + mod: Pleroma.Web.OAuth.Token + }) + + assert Repo.aggregate(Pleroma.Web.OAuth.Token, :count, :id) == 0 + end + + test "purges expired mfa token" do + authorization = insert(:oauth_authorization) + + {:ok, %{id: id}} = Pleroma.MFA.Token.create(authorization.user, authorization) + + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredToken, + args: %{token_id: id, mod: Pleroma.MFA.Token} + ) + + assert {:ok, %{id: ^id}} = + perform_job(Pleroma.Workers.PurgeExpiredToken, %{ + token_id: id, + mod: Pleroma.MFA.Token + }) + + assert Repo.aggregate(Pleroma.MFA.Token, :count, :id) == 0 + end +end From c6647c08e10a45aedcd77258a0e71c41d213eaa6 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Mon, 7 Sep 2020 11:54:10 +0300 Subject: [PATCH 153/264] migration and changelog --- CHANGELOG.md | 1 + ...ar_oauth_token_worker_from_oban_config.exs | 20 +++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 priv/repo/migrations/20200907084956_remove_cron_clear_oauth_token_worker_from_oban_config.exs diff --git a/CHANGELOG.md b/CHANGELOG.md index 19b2596cc..14c0252f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Removed - **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`. +- **Breaking:** Removed `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` config. ## [2.1.1] - 2020-09-08 diff --git a/priv/repo/migrations/20200907084956_remove_cron_clear_oauth_token_worker_from_oban_config.exs b/priv/repo/migrations/20200907084956_remove_cron_clear_oauth_token_worker_from_oban_config.exs new file mode 100644 index 000000000..d9c972563 --- /dev/null +++ b/priv/repo/migrations/20200907084956_remove_cron_clear_oauth_token_worker_from_oban_config.exs @@ -0,0 +1,20 @@ +defmodule Pleroma.Repo.Migrations.RemoveCronClearOauthTokenWorkerFromObanConfig do + use Ecto.Migration + + def change do + with %Pleroma.ConfigDB{} = config <- + Pleroma.ConfigDB.get_by_params(%{group: :pleroma, key: Oban}), + crontab when is_list(crontab) <- config.value[:crontab], + index when is_integer(index) <- + Enum.find_index(crontab, fn {_, worker} -> + worker == Pleroma.Workers.Cron.ClearOauthTokenWorker + end) do + updated_value = Keyword.put(config.value, :crontab, List.delete_at(crontab, index)) + + config + |> Ecto.Changeset.change(value: updated_value) + |> Pleroma.Repo.update() + end + + end +end From e11fca88d424b394359f50646e4b4ec9b3ae1a8b Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Mon, 7 Sep 2020 13:44:42 +0300 Subject: [PATCH 154/264] migration to move tokens expiration into Oban --- ...92050_move_tokens_expiration_into_oban.exs | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 priv/repo/migrations/20200907092050_move_tokens_expiration_into_oban.exs diff --git a/priv/repo/migrations/20200907092050_move_tokens_expiration_into_oban.exs b/priv/repo/migrations/20200907092050_move_tokens_expiration_into_oban.exs new file mode 100644 index 000000000..832bd02a7 --- /dev/null +++ b/priv/repo/migrations/20200907092050_move_tokens_expiration_into_oban.exs @@ -0,0 +1,36 @@ +defmodule Pleroma.Repo.Migrations.MoveTokensExpirationIntoOban do + use Ecto.Migration + + import Ecto.Query, only: [from: 2] + + def change do + Supervisor.start_link([{Oban, Pleroma.Config.get(Oban)}], + strategy: :one_for_one, + name: Pleroma.Supervisor + ) + + if Pleroma.Config.get([:oauth2, :clean_expired_tokens]) do + from(t in Pleroma.Web.OAuth.Token, where: t.valid_until > ^NaiveDateTime.utc_now()) + |> Pleroma.Repo.stream() + |> Stream.each(fn token -> + Pleroma.Workers.PurgeExpiredToken.enqueue(%{ + token_id: token.id, + valid_until: DateTime.from_naive!(token.valid_until, "Etc/UTC"), + mod: Pleroma.Web.OAuth.Token + }) + end) + |> Stream.run() + end + + from(t in Pleroma.MFA.Token, where: t.valid_until > ^NaiveDateTime.utc_now()) + |> Pleroma.Repo.stream() + |> Stream.each(fn token -> + Pleroma.Workers.PurgeExpiredToken.enqueue(%{ + token_id: token.id, + valid_until: DateTime.from_naive!(token.valid_until, "Etc/UTC"), + mod: Pleroma.MFA.Token + }) + end) + |> Stream.run() + end +end From eca42566ba62ece75b79915f4af0c8a0f0c48a17 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Mon, 7 Sep 2020 13:54:28 +0300 Subject: [PATCH 155/264] formatting --- ...6_remove_cron_clear_oauth_token_worker_from_oban_config.exs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/priv/repo/migrations/20200907084956_remove_cron_clear_oauth_token_worker_from_oban_config.exs b/priv/repo/migrations/20200907084956_remove_cron_clear_oauth_token_worker_from_oban_config.exs index d9c972563..b5a0a0ff6 100644 --- a/priv/repo/migrations/20200907084956_remove_cron_clear_oauth_token_worker_from_oban_config.exs +++ b/priv/repo/migrations/20200907084956_remove_cron_clear_oauth_token_worker_from_oban_config.exs @@ -2,7 +2,7 @@ defmodule Pleroma.Repo.Migrations.RemoveCronClearOauthTokenWorkerFromObanConfig use Ecto.Migration def change do - with %Pleroma.ConfigDB{} = config <- + with %Pleroma.ConfigDB{} = config <- Pleroma.ConfigDB.get_by_params(%{group: :pleroma, key: Oban}), crontab when is_list(crontab) <- config.value[:crontab], index when is_integer(index) <- @@ -15,6 +15,5 @@ def change do |> Ecto.Changeset.change(value: updated_value) |> Pleroma.Repo.update() end - end end From 8af1fd32234df7d0cdb74d78bcca9f68587b70f2 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Mon, 7 Sep 2020 20:06:28 +0300 Subject: [PATCH 156/264] oban warning --- lib/pleroma/config/oban.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/config/oban.ex b/lib/pleroma/config/oban.ex index c2d56ebab..81758c93d 100644 --- a/lib/pleroma/config/oban.ex +++ b/lib/pleroma/config/oban.ex @@ -5,7 +5,7 @@ def warn do oban_config = Pleroma.Config.get(Oban) crontab = - [Pleroma.Workers.Cron.StatsWorker] + [Pleroma.Workers.Cron.StatsWorker, Pleroma.Workers.Cron.ClearOauthTokenWorker] |> Enum.reduce(oban_config[:crontab], fn removed_worker, acc -> with acc when is_list(acc) <- acc, setting when is_tuple(setting) <- From e8bfb50fa3c16f98845e326b153c8a89505e8a55 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Thu, 10 Sep 2020 20:09:44 +0300 Subject: [PATCH 157/264] pass options without adapter key --- lib/pleroma/reverse_proxy/client/tesla.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/reverse_proxy/client/tesla.ex b/lib/pleroma/reverse_proxy/client/tesla.ex index d5a339681..4b118eec2 100644 --- a/lib/pleroma/reverse_proxy/client/tesla.ex +++ b/lib/pleroma/reverse_proxy/client/tesla.ex @@ -28,7 +28,7 @@ def request(method, url, headers, body, opts \\ []) do url, body, headers, - Keyword.put(opts, :adapter, opts) + opts ) do if is_map(response.body) and method != :head do {:ok, response.status, response.headers, response.body} From cb06e98da27994ac8034f3ba387b6eeaf8a2c48f Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 10 Sep 2020 13:47:53 +0300 Subject: [PATCH 158/264] websocket handler: Do not log client ping frames as errors --- lib/pleroma/web/mastodon_api/websocket_handler.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/mastodon_api/websocket_handler.ex b/lib/pleroma/web/mastodon_api/websocket_handler.ex index 94e4595d8..e6010bb4a 100644 --- a/lib/pleroma/web/mastodon_api/websocket_handler.ex +++ b/lib/pleroma/web/mastodon_api/websocket_handler.ex @@ -64,7 +64,9 @@ def websocket_handle(:pong, state) do {:ok, %{state | timer: timer()}} end - # We never receive messages. + # We only receive pings for now + def websocket_handle(:ping, state), do: {:ok, state} + def websocket_handle(frame, state) do Logger.error("#{__MODULE__} received frame: #{inspect(frame)}") {:ok, state} From e16e8f98169f822416c18778abfa8495a486c8f2 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 10 Sep 2020 13:48:24 +0300 Subject: [PATCH 159/264] Websocket handler: do not raise if handler is terminated before switching protocols Closes #2131 --- lib/pleroma/web/mastodon_api/websocket_handler.ex | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/pleroma/web/mastodon_api/websocket_handler.ex b/lib/pleroma/web/mastodon_api/websocket_handler.ex index e6010bb4a..5090d9622 100644 --- a/lib/pleroma/web/mastodon_api/websocket_handler.ex +++ b/lib/pleroma/web/mastodon_api/websocket_handler.ex @@ -100,6 +100,10 @@ def websocket_info(:tick, state) do {:reply, :ping, %{state | timer: nil, count: 0}, :hibernate} end + # State can be `[]` only in case we terminate before switching to websocket, + # we already log errors for these cases in `init/1`, so just do nothing here + def terminate(_reason, _req, []), do: :ok + def terminate(reason, _req, state) do Logger.debug( "#{__MODULE__} terminating websocket connection for user #{ From 01fa68fe4542286519e3520793c6b59103b050ff Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 10 Sep 2020 21:26:52 +0300 Subject: [PATCH 160/264] Websocket handler: fix never matching code on failed auth `:cowboy_req.reply` does not return tuples since 2.0, see https://ninenines.eu/docs/en/cowboy/2.4/manual/cowboy_req.reply/ --- lib/pleroma/web/mastodon_api/websocket_handler.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/websocket_handler.ex b/lib/pleroma/web/mastodon_api/websocket_handler.ex index 5090d9622..cf923ded8 100644 --- a/lib/pleroma/web/mastodon_api/websocket_handler.ex +++ b/lib/pleroma/web/mastodon_api/websocket_handler.ex @@ -37,12 +37,12 @@ def init(%{qs: qs} = req, state) do else {:error, :bad_topic} -> Logger.debug("#{__MODULE__} bad topic #{inspect(req)}") - {:ok, req} = :cowboy_req.reply(404, req) + req = :cowboy_req.reply(404, req) {:ok, req, state} {:error, :unauthorized} -> Logger.debug("#{__MODULE__} authentication error: #{inspect(req)}") - {:ok, req} = :cowboy_req.reply(401, req) + req = :cowboy_req.reply(401, req) {:ok, req, state} end end From dc4e06e1991379f9f1b64774c5bdaacec96639b7 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 10 Sep 2020 21:28:07 +0300 Subject: [PATCH 161/264] [#2497] Removed support for thumbnail_max_* params for media preview proxy (per https://git.pleroma.social/pleroma/pleroma/-/merge_requests/2497#note_70771) --- .../web/media_proxy/media_proxy_controller.ex | 38 +++++++------------ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index acb581459..5621f72dc 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -9,6 +9,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do alias Pleroma.Helpers.MediaHelper alias Pleroma.ReverseProxy alias Pleroma.Web.MediaProxy + alias Plug.Conn def remote(conn, %{"sig" => sig64, "url" => url64}) do with {_, true} <- {:enabled, MediaProxy.enabled?()}, @@ -18,29 +19,29 @@ def remote(conn, %{"sig" => sig64, "url" => url64}) do ReverseProxy.call(conn, url, media_proxy_opts()) else {:enabled, false} -> - send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) + send_resp(conn, 404, Conn.Status.reason_phrase(404)) {:in_banned_urls, true} -> - send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) + send_resp(conn, 404, Conn.Status.reason_phrase(404)) {:error, :invalid_signature} -> - send_resp(conn, 403, Plug.Conn.Status.reason_phrase(403)) + send_resp(conn, 403, Conn.Status.reason_phrase(403)) {:wrong_filename, filename} -> redirect(conn, external: MediaProxy.build_url(sig64, url64, filename)) end end - def preview(conn, %{"sig" => sig64, "url" => url64}) do + def preview(%Conn{} = conn, %{"sig" => sig64, "url" => url64}) do with {_, true} <- {:enabled, MediaProxy.preview_enabled?()}, {:ok, url} <- MediaProxy.decode_url(sig64, url64) do handle_preview(conn, url) else {:enabled, false} -> - send_resp(conn, 404, Plug.Conn.Status.reason_phrase(404)) + send_resp(conn, 404, Conn.Status.reason_phrase(404)) {:error, :invalid_signature} -> - send_resp(conn, 403, Plug.Conn.Status.reason_phrase(403)) + send_resp(conn, 403, Conn.Status.reason_phrase(403)) {:wrong_filename, filename} -> redirect(conn, external: MediaProxy.build_preview_url(sig64, url64, filename)) @@ -94,10 +95,10 @@ defp handle_preview(content_type, conn, _media_proxy_url) do send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.") end - defp handle_png_preview(%{params: params} = conn, media_proxy_url) do + defp handle_png_preview(conn, media_proxy_url) do quality = Config.get!([:media_preview_proxy, :image_quality]) - with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), + with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(), {:ok, thumbnail_binary} <- MediaHelper.image_resize( media_proxy_url, @@ -117,10 +118,10 @@ defp handle_png_preview(%{params: params} = conn, media_proxy_url) do end end - defp handle_jpeg_preview(%{params: params} = conn, media_proxy_url) do + defp handle_jpeg_preview(conn, media_proxy_url) do quality = Config.get!([:media_preview_proxy, :image_quality]) - with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(params), + with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(), {:ok, thumbnail_binary} <- MediaHelper.image_resize( media_proxy_url, @@ -157,22 +158,11 @@ defp put_preview_response_headers( |> put_resp_header("cache-control", ReverseProxy.default_cache_control_header()) end - defp thumbnail_max_dimensions(params) do + defp thumbnail_max_dimensions() do config = Config.get([:media_preview_proxy], []) - thumbnail_max_width = - if w = params["thumbnail_max_width"] do - String.to_integer(w) - else - Keyword.fetch!(config, :thumbnail_max_width) - end - - thumbnail_max_height = - if h = params["thumbnail_max_height"] do - String.to_integer(h) - else - Keyword.fetch!(config, :thumbnail_max_height) - end + thumbnail_max_width = Keyword.fetch!(config, :thumbnail_max_width) + thumbnail_max_height = Keyword.fetch!(config, :thumbnail_max_height) {thumbnail_max_width, thumbnail_max_height} end From 275602daa7c4a01dffb83759012554da2d9335fe Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 10 Sep 2020 21:28:47 +0300 Subject: [PATCH 162/264] Streaming integration tests: remove unexpected error assumption For some reason instead of fixing unexpected errors, we made tests assert they indeed trigger... Now that the errors are fixed these were failing --- test/integration/mastodon_websocket_test.exs | 26 ++++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/test/integration/mastodon_websocket_test.exs b/test/integration/mastodon_websocket_test.exs index ea17e9feb..76fbc8bda 100644 --- a/test/integration/mastodon_websocket_test.exs +++ b/test/integration/mastodon_websocket_test.exs @@ -99,30 +99,30 @@ test "accepts valid tokens", state do test "accepts the 'user' stream", %{token: token} = _state do assert {:ok, _} = start_socket("?stream=user&access_token=#{token.token}") - assert capture_log(fn -> - assert {:error, {401, _}} = start_socket("?stream=user") - Process.sleep(30) - end) =~ ":badarg" + capture_log(fn -> + assert {:error, {401, _}} = start_socket("?stream=user") + Process.sleep(30) + end) end test "accepts the 'user:notification' stream", %{token: token} = _state do assert {:ok, _} = start_socket("?stream=user:notification&access_token=#{token.token}") - assert capture_log(fn -> - assert {:error, {401, _}} = start_socket("?stream=user:notification") - Process.sleep(30) - end) =~ ":badarg" + capture_log(fn -> + assert {:error, {401, _}} = start_socket("?stream=user:notification") + Process.sleep(30) + end) end test "accepts valid token on Sec-WebSocket-Protocol header", %{token: token} do assert {:ok, _} = start_socket("?stream=user", [{"Sec-WebSocket-Protocol", token.token}]) - assert capture_log(fn -> - assert {:error, {401, _}} = - start_socket("?stream=user", [{"Sec-WebSocket-Protocol", "I am a friend"}]) + capture_log(fn -> + assert {:error, {401, _}} = + start_socket("?stream=user", [{"Sec-WebSocket-Protocol", "I am a friend"}]) - Process.sleep(30) - end) =~ ":badarg" + Process.sleep(30) + end) end end end From 9bf1065a06837b4c753549d89afe23a636a20972 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Sat, 22 Aug 2020 20:46:01 +0300 Subject: [PATCH 163/264] schedule activity expiration in Oban --- config/config.exs | 3 +- config/description.exs | 1 - lib/mix/tasks/pleroma/database.ex | 18 ++-- lib/pleroma/activity.ex | 3 - lib/pleroma/activity_expiration.ex | 74 ---------------- lib/pleroma/web/activity_pub/activity_pub.ex | 7 +- .../mrf/activity_expiration_policy.ex | 4 +- lib/pleroma/web/activity_pub/side_effects.ex | 6 +- lib/pleroma/web/common_api/activity_draft.ex | 2 +- lib/pleroma/web/common_api/common_api.ex | 5 +- .../web/mastodon_api/views/status_view.ex | 5 +- .../cron/purge_expired_activities_worker.ex | 48 ----------- lib/pleroma/workers/purge_expired_activity.ex | 72 ++++++++++++++++ test/activity_expiration_test.exs | 55 ------------ test/activity_test.exs | 9 -- test/support/factory.ex | 19 ----- test/tasks/database_test.exs | 62 +++++++------- test/web/activity_pub/activity_pub_test.exs | 25 ++++-- .../mrf/activity_expiration_policy_test.exs | 8 +- test/web/common_api/common_api_test.exs | 14 ++-- .../controllers/status_controller_test.exs | 44 +++++----- .../purge_expired_activities_worker_test.exs | 84 ------------------- test/workers/purge_expired_activity_test.exs | 47 +++++++++++ 23 files changed, 229 insertions(+), 386 deletions(-) delete mode 100644 lib/pleroma/activity_expiration.ex delete mode 100644 lib/pleroma/workers/cron/purge_expired_activities_worker.ex create mode 100644 lib/pleroma/workers/purge_expired_activity.ex delete mode 100644 test/activity_expiration_test.exs delete mode 100644 test/workers/cron/purge_expired_activities_worker_test.exs create mode 100644 test/workers/purge_expired_activity_test.exs diff --git a/config/config.exs b/config/config.exs index 95a6ea9db..d975db31e 100644 --- a/config/config.exs +++ b/config/config.exs @@ -544,7 +544,6 @@ ], plugins: [Oban.Plugins.Pruner], crontab: [ - {"* * * * *", Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker}, {"0 0 * * 0", Pleroma.Workers.Cron.DigestEmailsWorker}, {"0 0 * * *", Pleroma.Workers.Cron.NewUsersDigestWorker} ] @@ -655,7 +654,7 @@ account_confirmation_resend: {8_640_000, 5}, ap_routes: {60_000, 15} -config :pleroma, Pleroma.ActivityExpiration, enabled: true +config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true config :pleroma, Pleroma.Plugs.RemoteIp, enabled: true diff --git a/config/description.exs b/config/description.exs index 4c4deed30..6ce27278c 100644 --- a/config/description.exs +++ b/config/description.exs @@ -2290,7 +2290,6 @@ type: {:list, :tuple}, description: "Settings for cron background jobs", suggestions: [ - {"* * * * *", Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker}, {"0 0 * * 0", Pleroma.Workers.Cron.DigestEmailsWorker}, {"0 0 * * *", Pleroma.Workers.Cron.NewUsersDigestWorker} ] diff --git a/lib/mix/tasks/pleroma/database.ex b/lib/mix/tasks/pleroma/database.ex index 7d8f00b08..aab4b5e9a 100644 --- a/lib/mix/tasks/pleroma/database.ex +++ b/lib/mix/tasks/pleroma/database.ex @@ -133,8 +133,7 @@ def run(["ensure_expiration"]) do days = Pleroma.Config.get([:mrf_activity_expiration, :days], 365) Pleroma.Activity - |> join(:left, [a], u in assoc(a, :expiration)) - |> join(:inner, [a, _u], o in Object, + |> join(:inner, [a], o in Object, on: fragment( "(?->>'id') = COALESCE((?)->'object'->> 'id', (?)->>'object')", @@ -144,14 +143,21 @@ def run(["ensure_expiration"]) do ) ) |> where(local: true) - |> where([a, u], is_nil(u)) |> where([a], fragment("(? ->> 'type'::text) = 'Create'", a.data)) - |> where([_a, _u, o], fragment("?->>'type' = 'Note'", o.data)) + |> where([_a, o], fragment("?->>'type' = 'Note'", o.data)) |> Pleroma.RepoStreamer.chunk_stream(100) |> Stream.each(fn activities -> Enum.each(activities, fn activity -> - expires_at = Timex.shift(activity.inserted_at, days: days) - Pleroma.ActivityExpiration.create(activity, expires_at, false) + expires_at = + activity.inserted_at + |> DateTime.from_naive!("Etc/UTC") + |> Timex.shift(days: days) + + Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ + activity_id: activity.id, + expires_at: expires_at, + validate: false + }) end) end) |> Stream.run() diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index 97feebeaa..03cd3b8c0 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -7,7 +7,6 @@ defmodule Pleroma.Activity do alias Pleroma.Activity alias Pleroma.Activity.Queries - alias Pleroma.ActivityExpiration alias Pleroma.Bookmark alias Pleroma.Notification alias Pleroma.Object @@ -60,8 +59,6 @@ defmodule Pleroma.Activity do # typical case. has_one(:object, Object, on_delete: :nothing, foreign_key: :id) - has_one(:expiration, ActivityExpiration, on_delete: :delete_all) - timestamps() end diff --git a/lib/pleroma/activity_expiration.ex b/lib/pleroma/activity_expiration.ex deleted file mode 100644 index 955f0578e..000000000 --- a/lib/pleroma/activity_expiration.ex +++ /dev/null @@ -1,74 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.ActivityExpiration do - use Ecto.Schema - - alias Pleroma.Activity - alias Pleroma.ActivityExpiration - alias Pleroma.Repo - - import Ecto.Changeset - import Ecto.Query - - @type t :: %__MODULE__{} - @min_activity_lifetime :timer.hours(1) - - schema "activity_expirations" do - belongs_to(:activity, Activity, type: FlakeId.Ecto.CompatType) - field(:scheduled_at, :naive_datetime) - end - - def changeset(%ActivityExpiration{} = expiration, attrs, validate_scheduled_at) do - expiration - |> cast(attrs, [:scheduled_at]) - |> validate_required([:scheduled_at]) - |> validate_scheduled_at(validate_scheduled_at) - end - - def get_by_activity_id(activity_id) do - ActivityExpiration - |> where([exp], exp.activity_id == ^activity_id) - |> Repo.one() - end - - def create(%Activity{} = activity, scheduled_at, validate_scheduled_at \\ true) do - %ActivityExpiration{activity_id: activity.id} - |> changeset(%{scheduled_at: scheduled_at}, validate_scheduled_at) - |> Repo.insert() - end - - def due_expirations(offset \\ 0) do - naive_datetime = - NaiveDateTime.utc_now() - |> NaiveDateTime.add(offset, :millisecond) - - ActivityExpiration - |> where([exp], exp.scheduled_at < ^naive_datetime) - |> limit(50) - |> preload(:activity) - |> Repo.all() - |> Enum.reject(fn %{activity: activity} -> - Activity.pinned_by_actor?(activity) - end) - end - - def validate_scheduled_at(changeset, false), do: changeset - - def validate_scheduled_at(changeset, true) do - validate_change(changeset, :scheduled_at, fn _, scheduled_at -> - if not expires_late_enough?(scheduled_at) do - [scheduled_at: "an ephemeral activity must live for at least one hour"] - else - [] - end - end) - end - - def expires_late_enough?(scheduled_at) do - now = NaiveDateTime.utc_now() - diff = NaiveDateTime.diff(scheduled_at, now, :millisecond) - diff > @min_activity_lifetime - end -end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 333621413..c33848277 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -5,7 +5,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do alias Pleroma.Activity alias Pleroma.Activity.Ir.Topics - alias Pleroma.ActivityExpiration alias Pleroma.Config alias Pleroma.Constants alias Pleroma.Conversation @@ -165,7 +164,11 @@ def notify_and_stream(activity) do end defp maybe_create_activity_expiration({:ok, %{data: %{"expires_at" => expires_at}} = activity}) do - with {:ok, _} <- ActivityExpiration.create(activity, expires_at) do + with {:ok, _job} <- + Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ + activity_id: activity.id, + expires_at: expires_at + }) do {:ok, activity} end end diff --git a/lib/pleroma/web/activity_pub/mrf/activity_expiration_policy.ex b/lib/pleroma/web/activity_pub/mrf/activity_expiration_policy.ex index 7b4c78e0f..bee47b4ed 100644 --- a/lib/pleroma/web/activity_pub/mrf/activity_expiration_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/activity_expiration_policy.ex @@ -31,10 +31,10 @@ defp note?(activity) do defp maybe_add_expiration(activity) do days = Pleroma.Config.get([:mrf_activity_expiration, :days], 365) - expires_at = NaiveDateTime.utc_now() |> Timex.shift(days: days) + expires_at = DateTime.utc_now() |> Timex.shift(days: days) with %{"expires_at" => existing_expires_at} <- activity, - :lt <- NaiveDateTime.compare(existing_expires_at, expires_at) do + :lt <- DateTime.compare(existing_expires_at, expires_at) do activity else _ -> Map.put(activity, "expires_at", expires_at) diff --git a/lib/pleroma/web/activity_pub/side_effects.ex b/lib/pleroma/web/activity_pub/side_effects.ex index a5e2323bd..b30ca1bd7 100644 --- a/lib/pleroma/web/activity_pub/side_effects.ex +++ b/lib/pleroma/web/activity_pub/side_effects.ex @@ -7,7 +7,6 @@ defmodule Pleroma.Web.ActivityPub.SideEffects do """ alias Pleroma.Activity alias Pleroma.Activity.Ir.Topics - alias Pleroma.ActivityExpiration alias Pleroma.Chat alias Pleroma.Chat.MessageReference alias Pleroma.FollowingRelationship @@ -189,7 +188,10 @@ def handle(%{data: %{"type" => "Create"}} = activity, meta) do end if expires_at = activity.data["expires_at"] do - ActivityExpiration.create(activity, expires_at) + Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ + activity_id: activity.id, + expires_at: expires_at + }) end BackgroundWorker.enqueue("fetch_data_for_activity", %{"activity_id" => activity.id}) diff --git a/lib/pleroma/web/common_api/activity_draft.ex b/lib/pleroma/web/common_api/activity_draft.ex index f849b2e01..548f76609 100644 --- a/lib/pleroma/web/common_api/activity_draft.ex +++ b/lib/pleroma/web/common_api/activity_draft.ex @@ -202,7 +202,7 @@ defp changes(draft) do additional = case draft.expires_at do - %NaiveDateTime{} = expires_at -> Map.put(additional, "expires_at", expires_at) + %DateTime{} = expires_at -> Map.put(additional, "expires_at", expires_at) _ -> additional end diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 4ab533658..500c3883e 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -4,7 +4,6 @@ defmodule Pleroma.Web.CommonAPI do alias Pleroma.Activity - alias Pleroma.ActivityExpiration alias Pleroma.Conversation.Participation alias Pleroma.Formatter alias Pleroma.Object @@ -381,9 +380,9 @@ def get_replied_to_visibility(activity) do def check_expiry_date({:ok, nil} = res), do: res def check_expiry_date({:ok, in_seconds}) do - expiry = NaiveDateTime.utc_now() |> NaiveDateTime.add(in_seconds) + expiry = DateTime.add(DateTime.utc_now(), in_seconds) - if ActivityExpiration.expires_late_enough?(expiry) do + if Pleroma.Workers.PurgeExpiredActivity.expires_late_enough?(expiry) do {:ok, expiry} else {:error, "Expiry date is too soon"} diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 3fe1967be..ca42917fc 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -8,7 +8,6 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do require Pleroma.Constants alias Pleroma.Activity - alias Pleroma.ActivityExpiration alias Pleroma.HTML alias Pleroma.Object alias Pleroma.Repo @@ -245,8 +244,8 @@ def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} expires_at = with true <- client_posted_this_activity, - %ActivityExpiration{scheduled_at: scheduled_at} <- - ActivityExpiration.get_by_activity_id(activity.id) do + %Oban.Job{scheduled_at: scheduled_at} <- + Pleroma.Workers.PurgeExpiredActivity.get_expiration(activity.id) do scheduled_at else _ -> nil diff --git a/lib/pleroma/workers/cron/purge_expired_activities_worker.ex b/lib/pleroma/workers/cron/purge_expired_activities_worker.ex deleted file mode 100644 index 6549207fc..000000000 --- a/lib/pleroma/workers/cron/purge_expired_activities_worker.ex +++ /dev/null @@ -1,48 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker do - @moduledoc """ - The worker to purge expired activities. - """ - - use Oban.Worker, queue: "activity_expiration" - - alias Pleroma.Activity - alias Pleroma.ActivityExpiration - alias Pleroma.Config - alias Pleroma.User - alias Pleroma.Web.CommonAPI - - require Logger - - @interval :timer.minutes(1) - - @impl Oban.Worker - def perform(_job) do - if Config.get([ActivityExpiration, :enabled]) do - Enum.each(ActivityExpiration.due_expirations(@interval), &delete_activity/1) - end - after - :ok - end - - def delete_activity(%ActivityExpiration{activity_id: activity_id}) do - with {:activity, %Activity{} = activity} <- - {:activity, Activity.get_by_id_with_object(activity_id)}, - {:user, %User{} = user} <- {:user, User.get_by_ap_id(activity.object.data["actor"])} do - CommonAPI.delete(activity.id, user) - else - {:activity, _} -> - Logger.error( - "#{__MODULE__} Couldn't delete expired activity: not found activity ##{activity_id}" - ) - - {:user, _} -> - Logger.error( - "#{__MODULE__} Couldn't delete expired activity: not found actor of ##{activity_id}" - ) - end - end -end diff --git a/lib/pleroma/workers/purge_expired_activity.ex b/lib/pleroma/workers/purge_expired_activity.ex new file mode 100644 index 000000000..016b000c1 --- /dev/null +++ b/lib/pleroma/workers/purge_expired_activity.ex @@ -0,0 +1,72 @@ +defmodule Pleroma.Workers.PurgeExpiredActivity do + @moduledoc """ + Worker which purges expired activity. + """ + + use Oban.Worker, queue: :activity_expiration, max_attempts: 1 + + import Ecto.Query + + def enqueue(args) do + with true <- enabled?(), + args when is_map(args) <- validate_expires_at(args) do + {scheduled_at, args} = Map.pop(args, :expires_at) + + args + |> __MODULE__.new(scheduled_at: scheduled_at) + |> Oban.insert() + end + end + + @impl true + def perform(%Oban.Job{args: %{"activity_id" => id}}) do + with %Pleroma.Activity{} = activity <- find_activity(id), + %Pleroma.User{} = user <- find_user(activity.object.data["actor"]) do + Pleroma.Web.CommonAPI.delete(activity.id, user) + end + end + + defp enabled? do + with false <- Pleroma.Config.get([__MODULE__, :enabled], false) do + {:error, :expired_activities_disabled} + end + end + + defp validate_expires_at(%{validate: false} = args), do: Map.delete(args, :validate) + + defp validate_expires_at(args) do + if expires_late_enough?(args[:expires_at]) do + args + else + {:error, :expiration_too_close} + end + end + + defp find_activity(id) do + with nil <- Pleroma.Activity.get_by_id_with_object(id) do + {:error, :activity_not_found} + end + end + + defp find_user(ap_id) do + with nil <- Pleroma.User.get_by_ap_id(ap_id) do + {:error, :user_not_found} + end + end + + def get_expiration(id) do + from(j in Oban.Job, + where: j.state == "scheduled", + where: j.queue == "activity_expiration", + where: fragment("?->>'activity_id' = ?", j.args, ^id) + ) + |> Pleroma.Repo.one() + end + + @spec expires_late_enough?(DateTime.t()) :: boolean() + def expires_late_enough?(scheduled_at) do + now = DateTime.utc_now() + diff = DateTime.diff(scheduled_at, now, :millisecond) + diff > :timer.hours(1) + end +end diff --git a/test/activity_expiration_test.exs b/test/activity_expiration_test.exs deleted file mode 100644 index f86d79826..000000000 --- a/test/activity_expiration_test.exs +++ /dev/null @@ -1,55 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.ActivityExpirationTest do - use Pleroma.DataCase - alias Pleroma.ActivityExpiration - import Pleroma.Factory - - setup do: clear_config([ActivityExpiration, :enabled]) - - test "finds activities due to be deleted only" do - activity = insert(:note_activity) - - expiration_due = - insert(:expiration_in_the_past, %{activity_id: activity.id}) |> Repo.preload(:activity) - - activity2 = insert(:note_activity) - insert(:expiration_in_the_future, %{activity_id: activity2.id}) - - expirations = ActivityExpiration.due_expirations() - - assert length(expirations) == 1 - assert hd(expirations) == expiration_due - end - - test "denies expirations that don't live long enough" do - activity = insert(:note_activity) - now = NaiveDateTime.utc_now() - assert {:error, _} = ActivityExpiration.create(activity, now) - end - - test "deletes an expiration activity" do - Pleroma.Config.put([ActivityExpiration, :enabled], true) - activity = insert(:note_activity) - - naive_datetime = - NaiveDateTime.add( - NaiveDateTime.utc_now(), - -:timer.minutes(2), - :millisecond - ) - - expiration = - insert( - :expiration_in_the_past, - %{activity_id: activity.id, scheduled_at: naive_datetime} - ) - - Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker.perform(%Oban.Job{}) - - refute Pleroma.Repo.get(Pleroma.Activity, activity.id) - refute Pleroma.Repo.get(Pleroma.ActivityExpiration, expiration.id) - end -end diff --git a/test/activity_test.exs b/test/activity_test.exs index 2a92327d1..ee6a99cc3 100644 --- a/test/activity_test.exs +++ b/test/activity_test.exs @@ -185,15 +185,6 @@ test "find all statuses for unauthenticated users when `limit_to_local_content` end end - test "add an activity with an expiration" do - activity = insert(:note_activity) - insert(:expiration_in_the_future, %{activity_id: activity.id}) - - Pleroma.ActivityExpiration - |> where([a], a.activity_id == ^activity.id) - |> Repo.one!() - end - test "all_by_ids_with_object/1" do %{id: id1} = insert(:note_activity) %{id: id2} = insert(:note_activity) diff --git a/test/support/factory.ex b/test/support/factory.ex index 486eda8da..2fdfabbc5 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -200,25 +200,6 @@ def note_activity_factory(attrs \\ %{}) do |> Map.merge(attrs) end - defp expiration_offset_by_minutes(attrs, minutes) do - scheduled_at = - NaiveDateTime.utc_now() - |> NaiveDateTime.add(:timer.minutes(minutes), :millisecond) - |> NaiveDateTime.truncate(:second) - - %Pleroma.ActivityExpiration{} - |> Map.merge(attrs) - |> Map.put(:scheduled_at, scheduled_at) - end - - def expiration_in_the_past_factory(attrs \\ %{}) do - expiration_offset_by_minutes(attrs, -60) - end - - def expiration_in_the_future_factory(attrs \\ %{}) do - expiration_offset_by_minutes(attrs, 61) - end - def article_activity_factory do article = insert(:article) diff --git a/test/tasks/database_test.exs b/test/tasks/database_test.exs index 3a28aa133..292a5ef5f 100644 --- a/test/tasks/database_test.exs +++ b/test/tasks/database_test.exs @@ -3,14 +3,15 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Mix.Tasks.Pleroma.DatabaseTest do + use Pleroma.DataCase + use Oban.Testing, repo: Pleroma.Repo + alias Pleroma.Activity alias Pleroma.Object alias Pleroma.Repo alias Pleroma.User alias Pleroma.Web.CommonAPI - use Pleroma.DataCase - import Pleroma.Factory setup_all do @@ -130,40 +131,45 @@ test "it turns OrderedCollection likes into empty arrays" do describe "ensure_expiration" do test "it adds to expiration old statuses" do - %{id: activity_id1} = insert(:note_activity) + activity1 = insert(:note_activity) - %{id: activity_id2} = - insert(:note_activity, %{inserted_at: NaiveDateTime.from_iso8601!("2015-01-23 23:50:07")}) + {:ok, inserted_at, 0} = DateTime.from_iso8601("2015-01-23T23:50:07Z") + activity2 = insert(:note_activity, %{inserted_at: inserted_at}) - %{id: activity_id3} = activity3 = insert(:note_activity) + %{id: activity_id3} = insert(:note_activity) - expires_at = - NaiveDateTime.utc_now() - |> NaiveDateTime.add(60 * 61, :second) - |> NaiveDateTime.truncate(:second) + expires_at = DateTime.add(DateTime.utc_now(), 60 * 61) - Pleroma.ActivityExpiration.create(activity3, expires_at) + Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ + activity_id: activity_id3, + expires_at: expires_at + }) Mix.Tasks.Pleroma.Database.run(["ensure_expiration"]) - expirations = - Pleroma.ActivityExpiration - |> order_by(:activity_id) - |> Repo.all() + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: activity1.id}, + scheduled_at: + activity1.inserted_at + |> DateTime.from_naive!("Etc/UTC") + |> Timex.shift(days: 365) + ) - assert [ - %Pleroma.ActivityExpiration{ - activity_id: ^activity_id1 - }, - %Pleroma.ActivityExpiration{ - activity_id: ^activity_id2, - scheduled_at: ~N[2016-01-23 23:50:07] - }, - %Pleroma.ActivityExpiration{ - activity_id: ^activity_id3, - scheduled_at: ^expires_at - } - ] = expirations + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: activity2.id}, + scheduled_at: + activity2.inserted_at + |> DateTime.from_naive!("Etc/UTC") + |> Timex.shift(days: 365) + ) + + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: activity_id3}, + scheduled_at: expires_at + ) end end end diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 03f968aaf..9af573924 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -2069,18 +2069,25 @@ test "it just returns the input if the user has no following/follower addresses" end describe "global activity expiration" do - setup do: clear_config([:mrf, :policies]) - test "creates an activity expiration for local Create activities" do - Pleroma.Config.put( - [:mrf, :policies], - Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicy + clear_config([:mrf, :policies], Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicy) + + {:ok, activity} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"}) + {:ok, follow} = ActivityBuilder.insert(%{"type" => "Follow", "context" => "3hu"}) + + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: activity.id}, + scheduled_at: + activity.inserted_at + |> DateTime.from_naive!("Etc/UTC") + |> Timex.shift(days: 365) ) - {:ok, %{id: id_create}} = ActivityBuilder.insert(%{"type" => "Create", "context" => "3hu"}) - {:ok, _follow} = ActivityBuilder.insert(%{"type" => "Follow", "context" => "3hu"}) - - assert [%{activity_id: ^id_create}] = Pleroma.ActivityExpiration |> Repo.all() + refute_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: follow.id} + ) end end diff --git a/test/web/activity_pub/mrf/activity_expiration_policy_test.exs b/test/web/activity_pub/mrf/activity_expiration_policy_test.exs index f25cf8b12..e7370d4ef 100644 --- a/test/web/activity_pub/mrf/activity_expiration_policy_test.exs +++ b/test/web/activity_pub/mrf/activity_expiration_policy_test.exs @@ -18,11 +18,11 @@ test "adds `expires_at` property" do "object" => %{"type" => "Note"} }) - assert Timex.diff(expires_at, NaiveDateTime.utc_now(), :days) == 364 + assert Timex.diff(expires_at, DateTime.utc_now(), :days) == 364 end test "keeps existing `expires_at` if it less than the config setting" do - expires_at = NaiveDateTime.utc_now() |> Timex.shift(days: 1) + expires_at = DateTime.utc_now() |> Timex.shift(days: 1) assert {:ok, %{"type" => "Create", "expires_at" => ^expires_at}} = ActivityExpirationPolicy.filter(%{ @@ -35,7 +35,7 @@ test "keeps existing `expires_at` if it less than the config setting" do end test "overwrites existing `expires_at` if it greater than the config setting" do - too_distant_future = NaiveDateTime.utc_now() |> Timex.shift(years: 2) + too_distant_future = DateTime.utc_now() |> Timex.shift(years: 2) assert {:ok, %{"type" => "Create", "expires_at" => expires_at}} = ActivityExpirationPolicy.filter(%{ @@ -46,7 +46,7 @@ test "overwrites existing `expires_at` if it greater than the config setting" do "object" => %{"type" => "Note"} }) - assert Timex.diff(expires_at, NaiveDateTime.utc_now(), :days) == 364 + assert Timex.diff(expires_at, DateTime.utc_now(), :days) == 364 end test "ignores remote activities" do diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 800db9a20..5afb0a6dc 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -4,6 +4,8 @@ defmodule Pleroma.Web.CommonAPITest do use Pleroma.DataCase + use Oban.Testing, repo: Pleroma.Repo + alias Pleroma.Activity alias Pleroma.Chat alias Pleroma.Conversation.Participation @@ -598,15 +600,15 @@ test "it validates character limits are correctly enforced" do test "it can handle activities that expire" do user = insert(:user) - expires_at = - NaiveDateTime.utc_now() - |> NaiveDateTime.truncate(:second) - |> NaiveDateTime.add(1_000_000, :second) + expires_at = DateTime.add(DateTime.utc_now(), 1_000_000) assert {:ok, activity} = CommonAPI.post(user, %{status: "chai", expires_in: 1_000_000}) - assert expiration = Pleroma.ActivityExpiration.get_by_activity_id(activity.id) - assert expiration.scheduled_at == expires_at + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: activity.id}, + scheduled_at: expires_at + ) end end diff --git a/test/web/mastodon_api/controllers/status_controller_test.exs b/test/web/mastodon_api/controllers/status_controller_test.exs index f221884e7..17a156be8 100644 --- a/test/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/web/mastodon_api/controllers/status_controller_test.exs @@ -4,9 +4,9 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do use Pleroma.Web.ConnCase + use Oban.Testing, repo: Pleroma.Repo alias Pleroma.Activity - alias Pleroma.ActivityExpiration alias Pleroma.Config alias Pleroma.Conversation.Participation alias Pleroma.Object @@ -29,8 +29,8 @@ defmodule Pleroma.Web.MastodonAPI.StatusControllerTest do setup do: oauth_access(["write:statuses"]) test "posting a status does not increment reblog_count when relaying", %{conn: conn} do - Pleroma.Config.put([:instance, :federating], true) - Pleroma.Config.get([:instance, :allow_relay], true) + Config.put([:instance, :federating], true) + Config.get([:instance, :allow_relay], true) response = conn @@ -103,7 +103,9 @@ test "posting a status", %{conn: conn} do # An activity that will expire: # 2 hours - expires_in = 120 * 60 + expires_in = 2 * 60 * 60 + + expires_at = DateTime.add(DateTime.utc_now(), expires_in) conn_four = conn @@ -116,19 +118,13 @@ test "posting a status", %{conn: conn} do assert fourth_response = %{"id" => fourth_id} = json_response_and_validate_schema(conn_four, 200) - assert activity = Activity.get_by_id(fourth_id) - assert expiration = ActivityExpiration.get_by_activity_id(fourth_id) + assert Activity.get_by_id(fourth_id) - estimated_expires_at = - NaiveDateTime.utc_now() - |> NaiveDateTime.add(expires_in) - |> NaiveDateTime.truncate(:second) - - # This assert will fail if the test takes longer than a minute. I sure hope it never does: - assert abs(NaiveDateTime.diff(expiration.scheduled_at, estimated_expires_at, :second)) < 60 - - assert fourth_response["pleroma"]["expires_at"] == - NaiveDateTime.to_iso8601(expiration.scheduled_at) + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: fourth_id}, + scheduled_at: expires_at + ) end test "it fails to create a status if `expires_in` is less or equal than an hour", %{ @@ -160,8 +156,8 @@ test "it fails to create a status if `expires_in` is less or equal than an hour" end test "Get MRF reason when posting a status is rejected by one", %{conn: conn} do - Pleroma.Config.put([:mrf_keyword, :reject], ["GNO"]) - Pleroma.Config.put([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy]) + Config.put([:mrf_keyword, :reject], ["GNO"]) + Config.put([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy]) assert %{"error" => "[KeywordPolicy] Matches with rejected keyword"} = conn @@ -1681,19 +1677,17 @@ test "returns the favorites of a user" do test "expires_at is nil for another user" do %{conn: conn, user: user} = oauth_access(["read:statuses"]) + expires_at = DateTime.add(DateTime.utc_now(), 1_000_000) {:ok, activity} = CommonAPI.post(user, %{status: "foobar", expires_in: 1_000_000}) - expires_at = - activity.id - |> ActivityExpiration.get_by_activity_id() - |> Map.get(:scheduled_at) - |> NaiveDateTime.to_iso8601() - - assert %{"pleroma" => %{"expires_at" => ^expires_at}} = + assert %{"pleroma" => %{"expires_at" => a_expires_at}} = conn |> get("/api/v1/statuses/#{activity.id}") |> json_response_and_validate_schema(:ok) + {:ok, a_expires_at, 0} = DateTime.from_iso8601(a_expires_at) + assert DateTime.diff(expires_at, a_expires_at) == 0 + %{conn: conn} = oauth_access(["read:statuses"]) assert %{"pleroma" => %{"expires_at" => nil}} = diff --git a/test/workers/cron/purge_expired_activities_worker_test.exs b/test/workers/cron/purge_expired_activities_worker_test.exs deleted file mode 100644 index d1acd9ae6..000000000 --- a/test/workers/cron/purge_expired_activities_worker_test.exs +++ /dev/null @@ -1,84 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Workers.Cron.PurgeExpiredActivitiesWorkerTest do - use Pleroma.DataCase - - alias Pleroma.ActivityExpiration - alias Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker - - import Pleroma.Factory - import ExUnit.CaptureLog - - setup do - clear_config([ActivityExpiration, :enabled]) - end - - test "deletes an expiration activity" do - Pleroma.Config.put([ActivityExpiration, :enabled], true) - activity = insert(:note_activity) - - naive_datetime = - NaiveDateTime.add( - NaiveDateTime.utc_now(), - -:timer.minutes(2), - :millisecond - ) - - expiration = - insert( - :expiration_in_the_past, - %{activity_id: activity.id, scheduled_at: naive_datetime} - ) - - Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker.perform(%Oban.Job{}) - - refute Pleroma.Repo.get(Pleroma.Activity, activity.id) - refute Pleroma.Repo.get(Pleroma.ActivityExpiration, expiration.id) - end - - test "works with ActivityExpirationPolicy" do - Pleroma.Config.put([ActivityExpiration, :enabled], true) - - clear_config([:mrf, :policies], Pleroma.Web.ActivityPub.MRF.ActivityExpirationPolicy) - - user = insert(:user) - - days = Pleroma.Config.get([:mrf_activity_expiration, :days], 365) - - {:ok, %{id: id} = activity} = Pleroma.Web.CommonAPI.post(user, %{status: "cofe"}) - - past_date = - NaiveDateTime.utc_now() |> Timex.shift(days: -days) |> NaiveDateTime.truncate(:second) - - activity - |> Repo.preload(:expiration) - |> Map.get(:expiration) - |> Ecto.Changeset.change(%{scheduled_at: past_date}) - |> Repo.update!() - - Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker.perform(%Oban.Job{}) - - assert [%{data: %{"type" => "Delete", "deleted_activity_id" => ^id}}] = - Pleroma.Repo.all(Pleroma.Activity) - end - - describe "delete_activity/1" do - test "adds log message if activity isn't find" do - assert capture_log([level: :error], fn -> - PurgeExpiredActivitiesWorker.delete_activity(%ActivityExpiration{ - activity_id: "test-activity" - }) - end) =~ "Couldn't delete expired activity: not found activity" - end - - test "adds log message if actor isn't find" do - assert capture_log([level: :error], fn -> - PurgeExpiredActivitiesWorker.delete_activity(%ActivityExpiration{ - activity_id: "test-activity" - }) - end) =~ "Couldn't delete expired activity: not found activity" - end - end -end diff --git a/test/workers/purge_expired_activity_test.exs b/test/workers/purge_expired_activity_test.exs new file mode 100644 index 000000000..8b5dc9fd2 --- /dev/null +++ b/test/workers/purge_expired_activity_test.exs @@ -0,0 +1,47 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Workers.PurgeExpiredActivityTest do + use Pleroma.DataCase, async: true + use Oban.Testing, repo: Pleroma.Repo + + import Pleroma.Factory + + alias Pleroma.Workers.PurgeExpiredActivity + + test "denies expirations that don't live long enough" do + activity = insert(:note_activity) + + assert {:error, :expiration_too_close} = + PurgeExpiredActivity.enqueue(%{ + activity_id: activity.id, + expires_at: DateTime.utc_now() + }) + + refute_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: activity.id} + ) + end + + test "enqueue job" do + activity = insert(:note_activity) + + assert {:ok, _} = + PurgeExpiredActivity.enqueue(%{ + activity_id: activity.id, + expires_at: DateTime.add(DateTime.utc_now(), 3601) + }) + + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: activity.id} + ) + + assert {:ok, _} = + perform_job(Pleroma.Workers.PurgeExpiredActivity, %{activity_id: activity.id}) + + assert %Oban.Job{} = Pleroma.Workers.PurgeExpiredActivity.get_expiration(activity.id) + end +end From de4c935071a47c78d873484b202e09dce5399570 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Mon, 24 Aug 2020 13:43:02 +0300 Subject: [PATCH 164/264] don't expire pinned posts --- lib/pleroma/activity.ex | 9 ++++++-- lib/pleroma/workers/purge_expired_activity.ex | 18 +++++++++++++++- test/workers/purge_expired_activity_test.exs | 21 +++++++++++++++++++ 3 files changed, 45 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index 03cd3b8c0..84aba9572 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -301,14 +301,14 @@ def all_by_actor_and_id(actor, status_ids) do |> Repo.all() end - def follow_requests_for_actor(%Pleroma.User{ap_id: ap_id}) do + def follow_requests_for_actor(%User{ap_id: ap_id}) do ap_id |> Queries.by_object_id() |> Queries.by_type("Follow") |> where([a], fragment("? ->> 'state' = 'pending'", a.data)) end - def following_requests_for_actor(%Pleroma.User{ap_id: ap_id}) do + def following_requests_for_actor(%User{ap_id: ap_id}) do Queries.by_type("Follow") |> where([a], fragment("?->>'state' = 'pending'", a.data)) |> where([a], a.actor == ^ap_id) @@ -343,4 +343,9 @@ def pinned_by_actor?(%Activity{} = activity) do actor = user_actor(activity) activity.id in actor.pinned_activities end + + @spec pinned_by_actor?(Activity.t(), User.t()) :: boolean() + def pinned_by_actor?(%Activity{id: id}, %User{} = user) do + id in user.pinned_activities + end end diff --git a/lib/pleroma/workers/purge_expired_activity.ex b/lib/pleroma/workers/purge_expired_activity.ex index 016b000c1..ba0053008 100644 --- a/lib/pleroma/workers/purge_expired_activity.ex +++ b/lib/pleroma/workers/purge_expired_activity.ex @@ -21,8 +21,18 @@ def enqueue(args) do @impl true def perform(%Oban.Job{args: %{"activity_id" => id}}) do with %Pleroma.Activity{} = activity <- find_activity(id), - %Pleroma.User{} = user <- find_user(activity.object.data["actor"]) do + %Pleroma.User{} = user <- find_user(activity.object.data["actor"]), + false <- pinned_by_actor?(activity, user) do Pleroma.Web.CommonAPI.delete(activity.id, user) + else + :pinned_by_actor -> + # if activity is pinned, schedule deletion on next day + enqueue(%{activity_id: id, expires_at: DateTime.add(DateTime.utc_now(), 24 * 3600)}) + + :ok + + error -> + error end end @@ -54,6 +64,12 @@ defp find_user(ap_id) do end end + defp pinned_by_actor?(activity, user) do + with true <- Pleroma.Activity.pinned_by_actor?(activity, user) do + :pinned_by_actor + end + end + def get_expiration(id) do from(j in Oban.Job, where: j.state == "scheduled", diff --git a/test/workers/purge_expired_activity_test.exs b/test/workers/purge_expired_activity_test.exs index 8b5dc9fd2..736d7d567 100644 --- a/test/workers/purge_expired_activity_test.exs +++ b/test/workers/purge_expired_activity_test.exs @@ -44,4 +44,25 @@ test "enqueue job" do assert %Oban.Job{} = Pleroma.Workers.PurgeExpiredActivity.get_expiration(activity.id) end + + test "don't delete pinned posts, schedule deletion on next day" do + activity = insert(:note_activity) + + assert {:ok, _} = + PurgeExpiredActivity.enqueue(%{ + activity_id: activity.id, + expires_at: DateTime.utc_now(), + validate: false + }) + + user = Pleroma.User.get_by_ap_id(activity.actor) + {:ok, activity} = Pleroma.Web.CommonAPI.pin(activity.id, user) + + assert %{success: 1, failure: 0} == + Oban.drain_queue(queue: :activity_expiration, with_scheduled: true) + + job = Pleroma.Workers.PurgeExpiredActivity.get_expiration(activity.id) + + assert DateTime.diff(job.scheduled_at, DateTime.add(DateTime.utc_now(), 24 * 3600)) in [0, 1] + end end From 629a8de9cb2ba2cc2d09679862a24031f34abc2f Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Tue, 25 Aug 2020 09:10:45 +0300 Subject: [PATCH 165/264] deprecation warning changed namespace for activity expiration configuration --- config/description.exs | 6 +++--- lib/pleroma/config/deprecation_warnings.ex | 19 ++++++++++++++++++- lib/pleroma/workers/purge_expired_activity.ex | 8 +++++--- ...541_rename_activity_expiration_setting.exs | 13 +++++++++++++ 4 files changed, 39 insertions(+), 7 deletions(-) create mode 100644 priv/repo/migrations/20200824115541_rename_activity_expiration_setting.exs diff --git a/config/description.exs b/config/description.exs index 6ce27278c..1253944de 100644 --- a/config/description.exs +++ b/config/description.exs @@ -2472,14 +2472,14 @@ }, %{ group: :pleroma, - key: Pleroma.ActivityExpiration, + key: Pleroma.Workers.PurgeExpiredActivity, type: :group, - description: "Expired activity settings", + description: "Expired activities settings", children: [ %{ key: :enabled, type: :boolean, - description: "Whether expired activities will be sent to the job queue to be deleted" + description: "Enables expired activities addition & deletion" } ] }, diff --git a/lib/pleroma/config/deprecation_warnings.ex b/lib/pleroma/config/deprecation_warnings.ex index 2bfe4ddba..412d55a77 100644 --- a/lib/pleroma/config/deprecation_warnings.ex +++ b/lib/pleroma/config/deprecation_warnings.ex @@ -8,7 +8,7 @@ defmodule Pleroma.Config.DeprecationWarnings do require Logger alias Pleroma.Config - @type config_namespace() :: [atom()] + @type config_namespace() :: atom() | [atom()] @type config_map() :: {config_namespace(), config_namespace(), String.t()} @mrf_config_map [ @@ -57,6 +57,7 @@ def warn do check_media_proxy_whitelist_config() check_welcome_message_config() check_gun_pool_options() + check_activity_expiration_config() end def check_welcome_message_config do @@ -158,4 +159,20 @@ def check_gun_pool_options do Config.put(:pools, updated_config) end end + + @spec check_activity_expiration_config() :: :ok | nil + def check_activity_expiration_config do + warning_preface = """ + !!!DEPRECATION WARNING!!! + Your config is using old namespace for activity expiration configuration. Setting should work for now, but you are advised to change to new namespace to prevent possible issues later: + """ + + move_namespace_and_warn( + [ + {Pleroma.ActivityExpiration, Pleroma.Workers.PurgeExpiredActivity, + "\n* `config :pleroma, Pleroma.ActivityExpiration` is now `config :pleroma, Pleroma.Workers.PurgeExpiredActivity`"} + ], + warning_preface + ) + end end diff --git a/lib/pleroma/workers/purge_expired_activity.ex b/lib/pleroma/workers/purge_expired_activity.ex index ba0053008..44a8ad0b9 100644 --- a/lib/pleroma/workers/purge_expired_activity.ex +++ b/lib/pleroma/workers/purge_expired_activity.ex @@ -7,6 +7,8 @@ defmodule Pleroma.Workers.PurgeExpiredActivity do import Ecto.Query + alias Pleroma.Activity + def enqueue(args) do with true <- enabled?(), args when is_map(args) <- validate_expires_at(args) do @@ -20,7 +22,7 @@ def enqueue(args) do @impl true def perform(%Oban.Job{args: %{"activity_id" => id}}) do - with %Pleroma.Activity{} = activity <- find_activity(id), + with %Activity{} = activity <- find_activity(id), %Pleroma.User{} = user <- find_user(activity.object.data["actor"]), false <- pinned_by_actor?(activity, user) do Pleroma.Web.CommonAPI.delete(activity.id, user) @@ -53,7 +55,7 @@ defp validate_expires_at(args) do end defp find_activity(id) do - with nil <- Pleroma.Activity.get_by_id_with_object(id) do + with nil <- Activity.get_by_id_with_object(id) do {:error, :activity_not_found} end end @@ -65,7 +67,7 @@ defp find_user(ap_id) do end defp pinned_by_actor?(activity, user) do - with true <- Pleroma.Activity.pinned_by_actor?(activity, user) do + with true <- Activity.pinned_by_actor?(activity, user) do :pinned_by_actor end end diff --git a/priv/repo/migrations/20200824115541_rename_activity_expiration_setting.exs b/priv/repo/migrations/20200824115541_rename_activity_expiration_setting.exs new file mode 100644 index 000000000..241882ef6 --- /dev/null +++ b/priv/repo/migrations/20200824115541_rename_activity_expiration_setting.exs @@ -0,0 +1,13 @@ +defmodule Pleroma.Repo.Migrations.RenameActivityExpirationSetting do + use Ecto.Migration + + def change do + config = Pleroma.ConfigDB.get_by_params(%{group: :pleroma, key: Pleroma.ActivityExpiration}) + + if config do + config + |> Ecto.Changeset.change(key: Pleroma.Workers.PurgeExpiredActivity) + |> Pleroma.Repo.update() + end + end +end From 5ad0cc4c863f7f8a1e6fdfa40eb884a5c94ebf67 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Tue, 25 Aug 2020 12:30:00 +0300 Subject: [PATCH 166/264] move old expirations into Oban --- ...1316_move_activity_expirations_to_oban.exs | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs diff --git a/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs b/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs new file mode 100644 index 000000000..585d1a600 --- /dev/null +++ b/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs @@ -0,0 +1,29 @@ +defmodule Pleroma.Repo.Migrations.MoveActivityExpirationsToOban do + use Ecto.Migration + + import Ecto.Query, only: [from: 2] + + def change do + Supervisor.start_link([{Oban, Pleroma.Config.get(Oban)}], + strategy: :one_for_one, + name: Pleroma.Supervisor + ) + + from(e in "activity_expirations", + select: %{id: e.id, activity_id: e.activity_id, scheduled_at: e.scheduled_at} + ) + |> Pleroma.RepoStreamer.chunk_stream(500) + |> Stream.each(fn expirations -> + Enum.each(expirations, fn expiration -> + with {:ok, expires_at} <- DateTime.from_naive(expiration.scheduled_at, "Etc/UTC") do + Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ + activity_id: FlakeId.to_string(expiration.activity_id), + expires_at: expires_at, + validate: false + }) + end + end) + end) + |> Stream.run() + end +end From 5381d4b78b6ed550102008cbae7f578dab06f22f Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Tue, 25 Aug 2020 12:33:38 +0300 Subject: [PATCH 167/264] drop activity_expirations table --- .../20200825093037_drop_activity_expirations_table.exs | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 priv/repo/migrations/20200825093037_drop_activity_expirations_table.exs diff --git a/priv/repo/migrations/20200825093037_drop_activity_expirations_table.exs b/priv/repo/migrations/20200825093037_drop_activity_expirations_table.exs new file mode 100644 index 000000000..11c461427 --- /dev/null +++ b/priv/repo/migrations/20200825093037_drop_activity_expirations_table.exs @@ -0,0 +1,7 @@ +defmodule Pleroma.Repo.Migrations.DropActivityExpirationsTable do + use Ecto.Migration + + def change do + drop(table("activity_expirations")) + end +end From 4981b5a1a3c097ca849552c3c6f650efd22c7451 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Tue, 25 Aug 2020 12:45:06 +0300 Subject: [PATCH 168/264] copyright header --- lib/pleroma/workers/purge_expired_activity.ex | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/pleroma/workers/purge_expired_activity.ex b/lib/pleroma/workers/purge_expired_activity.ex index 44a8ad0b9..42e2ae79c 100644 --- a/lib/pleroma/workers/purge_expired_activity.ex +++ b/lib/pleroma/workers/purge_expired_activity.ex @@ -1,3 +1,7 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + defmodule Pleroma.Workers.PurgeExpiredActivity do @moduledoc """ Worker which purges expired activity. From 93e1c8df9dca697e7bdb822a8a5b3848b7870f53 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Thu, 3 Sep 2020 13:30:39 +0300 Subject: [PATCH 169/264] reject activity creation if passed expires_at option and expiring activities are not configured --- lib/pleroma/web/activity_pub/activity_pub.ex | 44 +++++++++----- lib/pleroma/workers/purge_expired_activity.ex | 4 ++ test/web/activity_pub/activity_pub_test.exs | 57 +++++++++++++++---- 3 files changed, 80 insertions(+), 25 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index c33848277..ee6dcf58a 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -110,23 +110,14 @@ def persist(object, meta) do def insert(map, local \\ true, fake \\ false, bypass_actor_check \\ false) when is_map(map) do with nil <- Activity.normalize(map), map <- lazy_put_activity_defaults(map, fake), - true <- bypass_actor_check || check_actor_is_active(map["actor"]), - {_, true} <- {:remote_limit_error, check_remote_limit(map)}, + {_, true} <- {:actor_check, bypass_actor_check || check_actor_is_active(map["actor"])}, + {_, true} <- {:remote_limit_pass, check_remote_limit(map)}, {:ok, map} <- MRF.filter(map), {recipients, _, _} = get_recipients(map), {:fake, false, map, recipients} <- {:fake, fake, map, recipients}, {:containment, :ok} <- {:containment, Containment.contain_child(map)}, - {:ok, map, object} <- insert_full_object(map) do - {:ok, activity} = - %Activity{ - data: map, - local: local, - actor: map["actor"], - recipients: recipients - } - |> Repo.insert() - |> maybe_create_activity_expiration() - + {:ok, map, object} <- insert_full_object(map), + {:ok, activity} <- insert_activity_with_expiration(map, local, recipients) do # Splice in the child object if we have one. activity = Maps.put_if_present(activity, :object, object) @@ -137,6 +128,15 @@ def insert(map, local \\ true, fake \\ false, bypass_actor_check \\ false) when %Activity{} = activity -> {:ok, activity} + {:actor_check, _} -> + {:error, false} + + {:containment, _} = error -> + error + + {:error, _} = error -> + error + {:fake, true, map, recipients} -> activity = %Activity{ data: map, @@ -149,11 +149,25 @@ def insert(map, local \\ true, fake \\ false, bypass_actor_check \\ false) when Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity) {:ok, activity} - error -> - {:error, error} + {:remote_limit_pass, _} -> + {:error, :remote_limit} + + {:reject, reason} -> + {:error, reason} end end + defp insert_activity_with_expiration(data, local, recipients) do + %Activity{ + data: data, + local: local, + actor: data["actor"], + recipients: recipients + } + |> Repo.insert() + |> maybe_create_activity_expiration() + end + def notify_and_stream(activity) do Notification.create_notifications(activity) diff --git a/lib/pleroma/workers/purge_expired_activity.ex b/lib/pleroma/workers/purge_expired_activity.ex index 42e2ae79c..c70587b47 100644 --- a/lib/pleroma/workers/purge_expired_activity.ex +++ b/lib/pleroma/workers/purge_expired_activity.ex @@ -13,6 +13,10 @@ defmodule Pleroma.Workers.PurgeExpiredActivity do alias Pleroma.Activity + @spec enqueue(map()) :: + {:ok, Oban.Job.t()} + | {:error, :expired_activities_disabled} + | {:error, :expiration_too_close} def enqueue(args) do with true <- enabled?(), args when is_map(args) <- validate_expires_at(args) do diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index 9af573924..d8caa0b00 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -239,7 +239,7 @@ test "drops activities beyond a certain limit" do } } - assert {:error, {:remote_limit_error, _}} = ActivityPub.insert(data) + assert {:error, :remote_limit} = ActivityPub.insert(data) end test "doesn't drop activities with content being null" do @@ -386,9 +386,11 @@ test "can be fetched into a timeline" do end describe "create activities" do - test "it reverts create" do - user = insert(:user) + setup do + [user: insert(:user)] + end + test "it reverts create", %{user: user} do with_mock(Utils, [:passthrough], maybe_federate: fn _ -> {:error, :reverted} end) do assert {:error, :reverted} = ActivityPub.create(%{ @@ -407,9 +409,47 @@ test "it reverts create" do assert Repo.aggregate(Object, :count, :id) == 0 end - test "removes doubled 'to' recipients" do - user = insert(:user) + test "creates activity if expiration is not configured and expires_at is not passed", %{ + user: user + } do + clear_config([Pleroma.Workers.PurgeExpiredActivity, :enabled], false) + assert {:ok, _} = + ActivityPub.create(%{ + to: ["user1", "user2"], + actor: user, + context: "", + object: %{ + "to" => ["user1", "user2"], + "type" => "Note", + "content" => "testing" + } + }) + end + + test "rejects activity if expires_at present but expiration is not configured", %{user: user} do + clear_config([Pleroma.Workers.PurgeExpiredActivity, :enabled], false) + + assert {:error, :expired_activities_disabled} = + ActivityPub.create(%{ + to: ["user1", "user2"], + actor: user, + context: "", + object: %{ + "to" => ["user1", "user2"], + "type" => "Note", + "content" => "testing" + }, + additional: %{ + "expires_at" => DateTime.utc_now() + } + }) + + assert Repo.aggregate(Activity, :count, :id) == 0 + assert Repo.aggregate(Object, :count, :id) == 0 + end + + test "removes doubled 'to' recipients", %{user: user} do {:ok, activity} = ActivityPub.create(%{ to: ["user1", "user1", "user2"], @@ -427,9 +467,7 @@ test "removes doubled 'to' recipients" do assert activity.recipients == ["user1", "user2", user.ap_id] end - test "increases user note count only for public activities" do - user = insert(:user) - + test "increases user note count only for public activities", %{user: user} do {:ok, _} = CommonAPI.post(User.get_cached_by_id(user.id), %{ status: "1", @@ -458,8 +496,7 @@ test "increases user note count only for public activities" do assert user.note_count == 2 end - test "increases replies count" do - user = insert(:user) + test "increases replies count", %{user: user} do user2 = insert(:user) {:ok, activity} = CommonAPI.post(user, %{status: "1", visibility: "public"}) From 357d971a10c28780795af4d19b37b0ac80d6ad09 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Thu, 3 Sep 2020 17:56:20 +0300 Subject: [PATCH 170/264] expiration for new pipeline --- lib/pleroma/web/activity_pub/activity_pub.ex | 18 ++++++++++++------ lib/pleroma/web/activity_pub/side_effects.ex | 7 ------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index ee6dcf58a..66a9f78a3 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -101,7 +101,9 @@ def persist(object, meta) do local: local, recipients: recipients, actor: object["actor"] - }) do + }), + # TODO: add tests for expired activities, when Note type will be supported in new pipeline + {:ok, _} <- maybe_create_activity_expiration(activity) do {:ok, activity, meta} end end @@ -158,14 +160,16 @@ def insert(map, local \\ true, fake \\ false, bypass_actor_check \\ false) when end defp insert_activity_with_expiration(data, local, recipients) do - %Activity{ + struct = %Activity{ data: data, local: local, actor: data["actor"], recipients: recipients } - |> Repo.insert() - |> maybe_create_activity_expiration() + + with {:ok, activity} <- Repo.insert(struct) do + maybe_create_activity_expiration(activity) + end end def notify_and_stream(activity) do @@ -177,7 +181,9 @@ def notify_and_stream(activity) do stream_out_participations(participations) end - defp maybe_create_activity_expiration({:ok, %{data: %{"expires_at" => expires_at}} = activity}) do + defp maybe_create_activity_expiration( + %{data: %{"expires_at" => %DateTime{} = expires_at}} = activity + ) do with {:ok, _job} <- Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ activity_id: activity.id, @@ -187,7 +193,7 @@ defp maybe_create_activity_expiration({:ok, %{data: %{"expires_at" => expires_at end end - defp maybe_create_activity_expiration(result), do: result + defp maybe_create_activity_expiration(activity), do: {:ok, activity} defp create_or_bump_conversation(activity, actor) do with {:ok, conversation} <- Conversation.create_or_bump_for(activity), diff --git a/lib/pleroma/web/activity_pub/side_effects.ex b/lib/pleroma/web/activity_pub/side_effects.ex index b30ca1bd7..46a8be767 100644 --- a/lib/pleroma/web/activity_pub/side_effects.ex +++ b/lib/pleroma/web/activity_pub/side_effects.ex @@ -187,13 +187,6 @@ def handle(%{data: %{"type" => "Create"}} = activity, meta) do Object.increase_replies_count(in_reply_to) end - if expires_at = activity.data["expires_at"] do - Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ - activity_id: activity.id, - expires_at: expires_at - }) - end - BackgroundWorker.enqueue("fetch_data_for_activity", %{"activity_id" => activity.id}) meta = From 6f2d1145183389c415e4d5a915e0c3965c00a3fb Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Thu, 3 Sep 2020 18:08:19 +0300 Subject: [PATCH 171/264] use another stream function in migration --- ...1316_move_activity_expirations_to_oban.exs | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs b/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs index 585d1a600..2bfefceb0 100644 --- a/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs +++ b/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs @@ -12,17 +12,15 @@ def change do from(e in "activity_expirations", select: %{id: e.id, activity_id: e.activity_id, scheduled_at: e.scheduled_at} ) - |> Pleroma.RepoStreamer.chunk_stream(500) - |> Stream.each(fn expirations -> - Enum.each(expirations, fn expiration -> - with {:ok, expires_at} <- DateTime.from_naive(expiration.scheduled_at, "Etc/UTC") do - Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ - activity_id: FlakeId.to_string(expiration.activity_id), - expires_at: expires_at, - validate: false - }) - end - end) + |> Pleroma.Repo.stream() + |> Enum.each(fn expiration -> + with {:ok, expires_at} <- DateTime.from_naive(expiration.scheduled_at, "Etc/UTC") do + Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ + activity_id: FlakeId.to_string(expiration.activity_id), + expires_at: expires_at, + validate: false + }) + end end) |> Stream.run() end From b3485a6dbfb1a16dd5604294074ef5139fbf3ce9 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Thu, 3 Sep 2020 19:02:22 +0300 Subject: [PATCH 172/264] little clean up --- lib/pleroma/workers/purge_expired_activity.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/workers/purge_expired_activity.ex b/lib/pleroma/workers/purge_expired_activity.ex index c70587b47..4be146194 100644 --- a/lib/pleroma/workers/purge_expired_activity.ex +++ b/lib/pleroma/workers/purge_expired_activity.ex @@ -23,7 +23,7 @@ def enqueue(args) do {scheduled_at, args} = Map.pop(args, :expires_at) args - |> __MODULE__.new(scheduled_at: scheduled_at) + |> new(scheduled_at: scheduled_at) |> Oban.insert() end end From eb5ff715f7917e174b9ae104a5d82779ff925301 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Fri, 4 Sep 2020 11:40:32 +0300 Subject: [PATCH 173/264] pin/unpin for activities with expires_at option --- lib/pleroma/activity.ex | 5 -- lib/pleroma/user.ex | 17 ++++++- lib/pleroma/workers/purge_expired_activity.ex | 18 +------ .../controllers/status_controller_test.exs | 49 ++++++++++++++++++- test/workers/purge_expired_activity_test.exs | 21 -------- 5 files changed, 64 insertions(+), 46 deletions(-) diff --git a/lib/pleroma/activity.ex b/lib/pleroma/activity.ex index 84aba9572..17af04257 100644 --- a/lib/pleroma/activity.ex +++ b/lib/pleroma/activity.ex @@ -343,9 +343,4 @@ def pinned_by_actor?(%Activity{} = activity) do actor = user_actor(activity) activity.id in actor.pinned_activities end - - @spec pinned_by_actor?(Activity.t(), User.t()) :: boolean() - def pinned_by_actor?(%Activity{id: id}, %User{} = user) do - id in user.pinned_activities - end end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index f323fc6ed..e73d19964 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -2315,6 +2315,11 @@ def add_pinnned_activity(user, %Pleroma.Activity{id: id}) do max_pinned_statuses = Config.get([:instance, :max_pinned_statuses], 0) params = %{pinned_activities: user.pinned_activities ++ [id]} + # if pinned activity was scheduled for deletion, we remove job + if expiration = Pleroma.Workers.PurgeExpiredActivity.get_expiration(id) do + Oban.cancel_job(expiration.id) + end + user |> cast(params, [:pinned_activities]) |> validate_length(:pinned_activities, @@ -2327,9 +2332,19 @@ def add_pinnned_activity(user, %Pleroma.Activity{id: id}) do |> update_and_set_cache() end - def remove_pinnned_activity(user, %Pleroma.Activity{id: id}) do + def remove_pinnned_activity(user, %Pleroma.Activity{id: id, data: data}) do params = %{pinned_activities: List.delete(user.pinned_activities, id)} + # if pinned activity was scheduled for deletion, we reschedule it for deletion + if data["expires_at"] do + {:ok, expires_at, _} = DateTime.from_iso8601(data["expires_at"]) + + Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ + activity_id: id, + expires_at: expires_at + }) + end + user |> cast(params, [:pinned_activities]) |> update_and_set_cache() diff --git a/lib/pleroma/workers/purge_expired_activity.ex b/lib/pleroma/workers/purge_expired_activity.ex index 4be146194..f981eda8e 100644 --- a/lib/pleroma/workers/purge_expired_activity.ex +++ b/lib/pleroma/workers/purge_expired_activity.ex @@ -31,18 +31,8 @@ def enqueue(args) do @impl true def perform(%Oban.Job{args: %{"activity_id" => id}}) do with %Activity{} = activity <- find_activity(id), - %Pleroma.User{} = user <- find_user(activity.object.data["actor"]), - false <- pinned_by_actor?(activity, user) do + %Pleroma.User{} = user <- find_user(activity.object.data["actor"]) do Pleroma.Web.CommonAPI.delete(activity.id, user) - else - :pinned_by_actor -> - # if activity is pinned, schedule deletion on next day - enqueue(%{activity_id: id, expires_at: DateTime.add(DateTime.utc_now(), 24 * 3600)}) - - :ok - - error -> - error end end @@ -74,12 +64,6 @@ defp find_user(ap_id) do end end - defp pinned_by_actor?(activity, user) do - with true <- Activity.pinned_by_actor?(activity, user) do - :pinned_by_actor - end - end - def get_expiration(id) do from(j in Oban.Job, where: j.state == "scheduled", diff --git a/test/web/mastodon_api/controllers/status_controller_test.exs b/test/web/mastodon_api/controllers/status_controller_test.exs index 17a156be8..82ea73898 100644 --- a/test/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/web/mastodon_api/controllers/status_controller_test.exs @@ -115,8 +115,7 @@ test "posting a status", %{conn: conn} do "expires_in" => expires_in }) - assert fourth_response = - %{"id" => fourth_id} = json_response_and_validate_schema(conn_four, 200) + assert %{"id" => fourth_id} = json_response_and_validate_schema(conn_four, 200) assert Activity.get_by_id(fourth_id) @@ -1142,6 +1141,52 @@ test "max pinned statuses", %{conn: conn, user: user, activity: activity_one} do |> post("/api/v1/statuses/#{activity_two.id}/pin") |> json_response_and_validate_schema(400) end + + test "on pin removes deletion job, on unpin reschedule deletion" do + %{conn: conn} = oauth_access(["write:accounts", "write:statuses"]) + expires_in = 2 * 60 * 60 + + expires_at = DateTime.add(DateTime.utc_now(), expires_in) + + assert %{"id" => id} = + conn + |> put_req_header("content-type", "application/json") + |> post("api/v1/statuses", %{ + "status" => "oolong", + "expires_in" => expires_in + }) + |> json_response_and_validate_schema(200) + + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: id}, + scheduled_at: expires_at + ) + + assert %{"id" => ^id, "pinned" => true} = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses/#{id}/pin") + |> json_response_and_validate_schema(200) + + refute_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: id}, + scheduled_at: expires_at + ) + + assert %{"id" => ^id, "pinned" => false} = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/statuses/#{id}/unpin") + |> json_response_and_validate_schema(200) + + assert_enqueued( + worker: Pleroma.Workers.PurgeExpiredActivity, + args: %{activity_id: id}, + scheduled_at: expires_at + ) + end end describe "cards" do diff --git a/test/workers/purge_expired_activity_test.exs b/test/workers/purge_expired_activity_test.exs index 736d7d567..8b5dc9fd2 100644 --- a/test/workers/purge_expired_activity_test.exs +++ b/test/workers/purge_expired_activity_test.exs @@ -44,25 +44,4 @@ test "enqueue job" do assert %Oban.Job{} = Pleroma.Workers.PurgeExpiredActivity.get_expiration(activity.id) end - - test "don't delete pinned posts, schedule deletion on next day" do - activity = insert(:note_activity) - - assert {:ok, _} = - PurgeExpiredActivity.enqueue(%{ - activity_id: activity.id, - expires_at: DateTime.utc_now(), - validate: false - }) - - user = Pleroma.User.get_by_ap_id(activity.actor) - {:ok, activity} = Pleroma.Web.CommonAPI.pin(activity.id, user) - - assert %{success: 1, failure: 0} == - Oban.drain_queue(queue: :activity_expiration, with_scheduled: true) - - job = Pleroma.Workers.PurgeExpiredActivity.get_expiration(activity.id) - - assert DateTime.diff(job.scheduled_at, DateTime.add(DateTime.utc_now(), 24 * 3600)) in [0, 1] - end end From 29c1178c2b20eb1b389c7e1d35b58af05f48e8a2 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Fri, 4 Sep 2020 12:05:17 +0300 Subject: [PATCH 174/264] migration fix --- .../20200825061316_move_activity_expirations_to_oban.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs b/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs index 2bfefceb0..137933368 100644 --- a/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs +++ b/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs @@ -13,7 +13,7 @@ def change do select: %{id: e.id, activity_id: e.activity_id, scheduled_at: e.scheduled_at} ) |> Pleroma.Repo.stream() - |> Enum.each(fn expiration -> + |> Stream.each(fn expiration -> with {:ok, expires_at} <- DateTime.from_naive(expiration.scheduled_at, "Etc/UTC") do Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ activity_id: FlakeId.to_string(expiration.activity_id), From f24828a3e848e6ce3bcdd254e8c6e451898cfdf7 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Mon, 7 Sep 2020 20:21:32 +0300 Subject: [PATCH 175/264] oban warning --- lib/pleroma/config/oban.ex | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/config/oban.ex b/lib/pleroma/config/oban.ex index 81758c93d..9f601b1a3 100644 --- a/lib/pleroma/config/oban.ex +++ b/lib/pleroma/config/oban.ex @@ -5,7 +5,11 @@ def warn do oban_config = Pleroma.Config.get(Oban) crontab = - [Pleroma.Workers.Cron.StatsWorker, Pleroma.Workers.Cron.ClearOauthTokenWorker] + [ + Pleroma.Workers.Cron.StatsWorker, + Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker, + Pleroma.Workers.Cron.ClearOauthTokenWorker + ] |> Enum.reduce(oban_config[:crontab], fn removed_worker, acc -> with acc when is_list(acc) <- acc, setting when is_tuple(setting) <- From 4954667fb24ee6ab7b1bf3b676f7e88a582130cf Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Mon, 7 Sep 2020 20:22:14 +0300 Subject: [PATCH 176/264] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 14c0252f7..79cf02c96 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`. - **Breaking:** Removed `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` config. +- **Breaking:** Removed `Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker` setting from Oban `:crontab`. ## [2.1.1] - 2020-09-08 From 2c2094d4b2722cf511e3db8288c3754a48038f05 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Mon, 7 Sep 2020 20:57:38 +0300 Subject: [PATCH 177/264] configurable lifetime for ephemeral activities --- config/config.exs | 2 +- config/description.exs | 6 ++++++ docs/configuration/cheatsheet.md | 13 +++++++++++++ lib/pleroma/workers/purge_expired_activity.ex | 3 ++- .../controllers/status_controller_test.exs | 8 ++++---- 5 files changed, 26 insertions(+), 6 deletions(-) diff --git a/config/config.exs b/config/config.exs index d975db31e..88c47fd03 100644 --- a/config/config.exs +++ b/config/config.exs @@ -654,7 +654,7 @@ account_confirmation_resend: {8_640_000, 5}, ap_routes: {60_000, 15} -config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true +config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true, min_lifetime: 600 config :pleroma, Pleroma.Plugs.RemoteIp, enabled: true diff --git a/config/description.exs b/config/description.exs index 1253944de..82c7bc6a7 100644 --- a/config/description.exs +++ b/config/description.exs @@ -2480,6 +2480,12 @@ key: :enabled, type: :boolean, description: "Enables expired activities addition & deletion" + }, + %{ + key: :min_lifetime, + type: :integer, + description: "Minimum lifetime for ephemeral activity (in seconds)", + suggestions: [600] } ] }, diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index d0bebbd45..8f2425384 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -1091,3 +1091,16 @@ config :pleroma, :frontends, ``` This would serve the frontend from the the folder at `$instance_static/frontends/pleroma/stable`. You have to copy the frontend into this folder yourself. You can choose the name and ref any way you like, but they will be used by mix tasks to automate installation in the future, the name referring to the project and the ref referring to a commit. + +## Ephemeral activities + +Settings to enable and configure expiration for ephemeral activities + +* `:enabled` - enables ephemeral activities creation +* `:min_lifetime` - minimum lifetime for ephemeral activities (in seconds). Default: 10 minutes. + +Example: + +```elixir + config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true, min_lifetime: 600 +``` diff --git a/lib/pleroma/workers/purge_expired_activity.ex b/lib/pleroma/workers/purge_expired_activity.ex index f981eda8e..ffcb89dc3 100644 --- a/lib/pleroma/workers/purge_expired_activity.ex +++ b/lib/pleroma/workers/purge_expired_activity.ex @@ -77,6 +77,7 @@ def get_expiration(id) do def expires_late_enough?(scheduled_at) do now = DateTime.utc_now() diff = DateTime.diff(scheduled_at, now, :millisecond) - diff > :timer.hours(1) + min_lifetime = Pleroma.Config.get([__MODULE__, :min_lifetime], 600) + diff > :timer.seconds(min_lifetime) end end diff --git a/test/web/mastodon_api/controllers/status_controller_test.exs b/test/web/mastodon_api/controllers/status_controller_test.exs index 82ea73898..633a25e50 100644 --- a/test/web/mastodon_api/controllers/status_controller_test.exs +++ b/test/web/mastodon_api/controllers/status_controller_test.exs @@ -129,8 +129,8 @@ test "posting a status", %{conn: conn} do test "it fails to create a status if `expires_in` is less or equal than an hour", %{ conn: conn } do - # 1 hour - expires_in = 60 * 60 + # 1 minute + expires_in = 1 * 60 assert %{"error" => "Expiry date is too soon"} = conn @@ -141,8 +141,8 @@ test "it fails to create a status if `expires_in` is less or equal than an hour" }) |> json_response_and_validate_schema(422) - # 30 minutes - expires_in = 30 * 60 + # 5 minutes + expires_in = 5 * 60 assert %{"error" => "Expiry date is too soon"} = conn From a098e10fd6d9f3b6573e2fb6333335d40a9bf330 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Tue, 8 Sep 2020 12:07:33 +0300 Subject: [PATCH 178/264] Document ephemeral activity changes better Also remove the example from the cheatsheet, there is no need for it when the types are simple --- CHANGELOG.md | 3 +++ docs/configuration/cheatsheet.md | 8 +------- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79cf02c96..a58a18c8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - **Breaking:** Removed `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` config. - **Breaking:** Removed `Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker` setting from Oban `:crontab`. +### Changed +- Minimum lifetime for ephmeral activities changed to 10 minutes and made configurable (`:min_lifetime` option). + ## [2.1.1] - 2020-09-08 ### Security diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index 8f2425384..7cf1d1ce7 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -1092,15 +1092,9 @@ config :pleroma, :frontends, This would serve the frontend from the the folder at `$instance_static/frontends/pleroma/stable`. You have to copy the frontend into this folder yourself. You can choose the name and ref any way you like, but they will be used by mix tasks to automate installation in the future, the name referring to the project and the ref referring to a commit. -## Ephemeral activities +## Ephemeral activities (Pleroma.Workers.PurgeExpiredActivity) Settings to enable and configure expiration for ephemeral activities * `:enabled` - enables ephemeral activities creation * `:min_lifetime` - minimum lifetime for ephemeral activities (in seconds). Default: 10 minutes. - -Example: - -```elixir - config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true, min_lifetime: 600 -``` From 15aece72382fe1862a58728b9d02990147f91365 Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Tue, 8 Sep 2020 15:11:18 +0300 Subject: [PATCH 179/264] remove validate_expires_at from enqueue method --- lib/mix/tasks/pleroma/database.ex | 3 +- lib/pleroma/workers/purge_expired_activity.ex | 13 +----- ...1316_move_activity_expirations_to_oban.exs | 3 +- test/workers/purge_expired_activity_test.exs | 42 ++++++++++++------- 4 files changed, 30 insertions(+), 31 deletions(-) diff --git a/lib/mix/tasks/pleroma/database.ex b/lib/mix/tasks/pleroma/database.ex index aab4b5e9a..7f1108dcf 100644 --- a/lib/mix/tasks/pleroma/database.ex +++ b/lib/mix/tasks/pleroma/database.ex @@ -155,8 +155,7 @@ def run(["ensure_expiration"]) do Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ activity_id: activity.id, - expires_at: expires_at, - validate: false + expires_at: expires_at }) end) end) diff --git a/lib/pleroma/workers/purge_expired_activity.ex b/lib/pleroma/workers/purge_expired_activity.ex index ffcb89dc3..c168890a2 100644 --- a/lib/pleroma/workers/purge_expired_activity.ex +++ b/lib/pleroma/workers/purge_expired_activity.ex @@ -18,8 +18,7 @@ defmodule Pleroma.Workers.PurgeExpiredActivity do | {:error, :expired_activities_disabled} | {:error, :expiration_too_close} def enqueue(args) do - with true <- enabled?(), - args when is_map(args) <- validate_expires_at(args) do + with true <- enabled?() do {scheduled_at, args} = Map.pop(args, :expires_at) args @@ -42,16 +41,6 @@ defp enabled? do end end - defp validate_expires_at(%{validate: false} = args), do: Map.delete(args, :validate) - - defp validate_expires_at(args) do - if expires_late_enough?(args[:expires_at]) do - args - else - {:error, :expiration_too_close} - end - end - defp find_activity(id) do with nil <- Activity.get_by_id_with_object(id) do {:error, :activity_not_found} diff --git a/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs b/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs index 137933368..cdc00d20b 100644 --- a/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs +++ b/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs @@ -17,8 +17,7 @@ def change do with {:ok, expires_at} <- DateTime.from_naive(expiration.scheduled_at, "Etc/UTC") do Pleroma.Workers.PurgeExpiredActivity.enqueue(%{ activity_id: FlakeId.to_string(expiration.activity_id), - expires_at: expires_at, - validate: false + expires_at: expires_at }) end end) diff --git a/test/workers/purge_expired_activity_test.exs b/test/workers/purge_expired_activity_test.exs index 8b5dc9fd2..b5938776d 100644 --- a/test/workers/purge_expired_activity_test.exs +++ b/test/workers/purge_expired_activity_test.exs @@ -10,21 +10,6 @@ defmodule Pleroma.Workers.PurgeExpiredActivityTest do alias Pleroma.Workers.PurgeExpiredActivity - test "denies expirations that don't live long enough" do - activity = insert(:note_activity) - - assert {:error, :expiration_too_close} = - PurgeExpiredActivity.enqueue(%{ - activity_id: activity.id, - expires_at: DateTime.utc_now() - }) - - refute_enqueued( - worker: Pleroma.Workers.PurgeExpiredActivity, - args: %{activity_id: activity.id} - ) - end - test "enqueue job" do activity = insert(:note_activity) @@ -44,4 +29,31 @@ test "enqueue job" do assert %Oban.Job{} = Pleroma.Workers.PurgeExpiredActivity.get_expiration(activity.id) end + + test "error if user was not found" do + activity = insert(:note_activity) + + assert {:ok, _} = + PurgeExpiredActivity.enqueue(%{ + activity_id: activity.id, + expires_at: DateTime.add(DateTime.utc_now(), 3601) + }) + + user = Pleroma.User.get_by_ap_id(activity.actor) + Pleroma.Repo.delete(user) + + assert {:error, :user_not_found} = + perform_job(Pleroma.Workers.PurgeExpiredActivity, %{activity_id: activity.id}) + end + + test "error if actiivity was not found" do + assert {:ok, _} = + PurgeExpiredActivity.enqueue(%{ + activity_id: "some_id", + expires_at: DateTime.add(DateTime.utc_now(), 3601) + }) + + assert {:error, :activity_not_found} = + perform_job(Pleroma.Workers.PurgeExpiredActivity, %{activity_id: "some_if"}) + end end From 82b56cdb9bc01dcf4dbd2ac0c06103af0900787d Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 10 Sep 2020 21:53:58 +0300 Subject: [PATCH 180/264] CHANGELOG.md: clarify that the functionality is not removed, just the config options --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a58a18c8c..75357f05e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,9 +12,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Removed -- **Breaking:** Removed `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab`. -- **Breaking:** Removed `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` config. -- **Breaking:** Removed `Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker` setting from Oban `:crontab`. +- **Breaking:** `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab` (moved to a simpler implementation). +- **Breaking:** `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` (moved to scheduled jobs). +- **Breaking:** `Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker` setting from Oban `:crontab` (moved to scheduled jobs). ### Changed - Minimum lifetime for ephmeral activities changed to 10 minutes and made configurable (`:min_lifetime` option). From 4d18a50f3c4b6654339a6a8df71160e23b45cac0 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 10 Sep 2020 21:54:26 +0300 Subject: [PATCH 181/264] [#2497] Formatting fix. --- lib/pleroma/web/media_proxy/media_proxy_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 5621f72dc..ff7fd2409 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -158,7 +158,7 @@ defp put_preview_response_headers( |> put_resp_header("cache-control", ReverseProxy.default_cache_control_header()) end - defp thumbnail_max_dimensions() do + defp thumbnail_max_dimensions do config = Config.get([:media_preview_proxy], []) thumbnail_max_width = Keyword.fetch!(config, :thumbnail_max_width) From da876d09e89bcfec6f2d1eaddb396f68ce48e12a Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 10 Sep 2020 23:13:51 +0200 Subject: [PATCH 182/264] federator: normalize only actor, catch actor error --- lib/pleroma/web/federator/federator.ex | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index f5803578d..e4ab9ba32 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -66,14 +66,17 @@ def perform(:publish, activity) do def perform(:incoming_ap_doc, params) do Logger.debug("Handling incoming AP activity") - params = Utils.normalize_params(params) + actor = + params + |> Map.get("actor") + |> Utils.get_ap_id() # NOTE: we use the actor ID to do the containment, this is fine because an # actor shouldn't be acting on objects outside their own AP server. - with {:ok, _user} <- ap_enabled_actor(params["actor"]), + with {_, {:ok, _user}} <- {:actor, ap_enabled_actor(actor)}, nil <- Activity.normalize(params["id"]), {_, :ok} <- - {:correct_origin?, Containment.contain_origin_from_id(params["actor"], params)}, + {:correct_origin?, Containment.contain_origin_from_id(actor, params)}, {:ok, activity} <- Transmogrifier.handle_incoming(params) do {:ok, activity} else @@ -85,10 +88,13 @@ def perform(:incoming_ap_doc, params) do Logger.debug("Already had #{params["id"]}") {:error, :already_present} + {:actor, e} -> + Logger.debug("Unhandled actor #{actor}, #{inspect(e)}") + {:error, e} + e -> # Just drop those for now - Logger.debug("Unhandled activity") - Logger.debug(Jason.encode!(params, pretty: true)) + Logger.debug("Unhandled activity\n" <> Jason.encode!(params, pretty: true)) {:error, e} end end From b73e9ef68689a7094e80e2affa0af9b05e86effb Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 25 Aug 2020 09:19:53 +0200 Subject: [PATCH 183/264] transmogrifier: Call strip_internal_fields on pipeline ingestion --- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index af4384213..ec3b24206 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -550,6 +550,8 @@ def handle_incoming( _options ) when objtype in ~w{Question Answer ChatMessage Audio Event} do + data = Map.put(data, "object", strip_internal_fields(data["object"])) + with {:ok, %User{}} <- ObjectValidator.fetch_actor(data), {:ok, activity, _} <- Pipeline.common_pipeline(data, local: false) do {:ok, activity} From 846b59ccb09681bda0f54bed43f5b82883228e33 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 20 Aug 2020 02:00:04 +0200 Subject: [PATCH 184/264] Pipeline Ingestion: Video --- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- .../web/activity_pub/object_validator.ex | 16 +- ..._validator.ex => audio_video_validator.ex} | 43 ++++- .../object_validators/common_fixes.ex | 9 ++ .../create_generic_validator.ex | 8 +- lib/pleroma/web/activity_pub/side_effects.ex | 2 +- .../web/activity_pub/transmogrifier.ex | 37 +---- .../tesla_mock/framatube.org-video.json | 2 +- .../transmogrifier/video_handling_test.exs | 93 +++++++++++ test/web/activity_pub/transmogrifier_test.exs | 148 +----------------- 10 files changed, 158 insertions(+), 202 deletions(-) rename lib/pleroma/web/activity_pub/object_validators/{audio_validator.ex => audio_video_validator.ex} (75%) create mode 100644 test/web/activity_pub/transmogrifier/video_handling_test.exs diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 66a9f78a3..bceec8bd1 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -84,7 +84,7 @@ defp increase_replies_count_if_reply(%{ defp increase_replies_count_if_reply(_create_data), do: :noop - @object_types ~w[ChatMessage Question Answer Audio Event] + @object_types ~w[ChatMessage Question Answer Audio Video Event] @spec persist(map(), keyword()) :: {:ok, Activity.t() | Object.t()} def persist(%{"type" => type} = object, meta) when type in @object_types do with {:ok, object} <- Object.create(object) do diff --git a/lib/pleroma/web/activity_pub/object_validator.ex b/lib/pleroma/web/activity_pub/object_validator.ex index b77c06395..081f96389 100644 --- a/lib/pleroma/web/activity_pub/object_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validator.ex @@ -12,11 +12,12 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do alias Pleroma.Activity alias Pleroma.EctoType.ActivityPub.ObjectValidators alias Pleroma.Object + alias Pleroma.Object.Containment alias Pleroma.User alias Pleroma.Web.ActivityPub.ObjectValidators.AcceptRejectValidator alias Pleroma.Web.ActivityPub.ObjectValidators.AnnounceValidator alias Pleroma.Web.ActivityPub.ObjectValidators.AnswerValidator - alias Pleroma.Web.ActivityPub.ObjectValidators.AudioValidator + alias Pleroma.Web.ActivityPub.ObjectValidators.AudioVideoValidator alias Pleroma.Web.ActivityPub.ObjectValidators.BlockValidator alias Pleroma.Web.ActivityPub.ObjectValidators.ChatMessageValidator alias Pleroma.Web.ActivityPub.ObjectValidators.CreateChatMessageValidator @@ -149,10 +150,10 @@ def validate(%{"type" => "Question"} = object, meta) do end end - def validate(%{"type" => "Audio"} = object, meta) do + def validate(%{"type" => type} = object, meta) when type in ~w[Audio Video] do with {:ok, object} <- object - |> AudioValidator.cast_and_validate() + |> AudioVideoValidator.cast_and_validate() |> Ecto.Changeset.apply_action(:insert) do object = stringify_keys(object) {:ok, object, meta} @@ -198,7 +199,7 @@ def validate( %{"type" => "Create", "object" => %{"type" => objtype} = object} = create_activity, meta ) - when objtype in ~w[Question Answer Audio Event] do + when objtype in ~w[Question Answer Audio Video Event] do with {:ok, object_data} <- cast_and_apply(object), meta = Keyword.put(meta, :object_data, object_data |> stringify_keys), {:ok, create_activity} <- @@ -232,8 +233,8 @@ def cast_and_apply(%{"type" => "Answer"} = object) do AnswerValidator.cast_and_apply(object) end - def cast_and_apply(%{"type" => "Audio"} = object) do - AudioValidator.cast_and_apply(object) + def cast_and_apply(%{"type" => type} = object) when type in ~w[Audio Video] do + AudioVideoValidator.cast_and_apply(object) end def cast_and_apply(%{"type" => "Event"} = object) do @@ -262,7 +263,8 @@ def stringify_keys(object) when is_list(object) do def stringify_keys(object), do: object def fetch_actor(object) do - with {:ok, actor} <- ObjectValidators.ObjectID.cast(object["actor"]) do + with actor <- Containment.get_actor(object), + {:ok, actor} <- ObjectValidators.ObjectID.cast(actor) do User.get_or_fetch_by_ap_id(actor) end end diff --git a/lib/pleroma/web/activity_pub/object_validators/audio_validator.ex b/lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex similarity index 75% rename from lib/pleroma/web/activity_pub/object_validators/audio_validator.ex rename to lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex index 1a97c504a..a6119e627 100644 --- a/lib/pleroma/web/activity_pub/object_validators/audio_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex @@ -2,9 +2,10 @@ # Copyright © 2017-2020 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only -defmodule Pleroma.Web.ActivityPub.ObjectValidators.AudioValidator do +defmodule Pleroma.Web.ActivityPub.ObjectValidators.AudioVideoValidator do use Ecto.Schema + alias Pleroma.EarmarkRenderer alias Pleroma.EctoType.ActivityPub.ObjectValidators alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes @@ -25,14 +26,19 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AudioValidator do # TODO: Write type field(:tag, {:array, :map}, default: []) field(:type, :string) + + field(:name, :string) + field(:summary, :string) field(:content, :string) + field(:context, :string) + # short identifier for PleromaFE to group statuses by context + field(:context_id, :integer) # TODO: Remove actor on objects field(:actor, ObjectValidators.ObjectID) field(:attributedTo, ObjectValidators.ObjectID) - field(:summary, :string) field(:published, ObjectValidators.DateTime) field(:emoji, ObjectValidators.Emoji, default: %{}) field(:sensitive, :boolean, default: false) @@ -40,10 +46,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AudioValidator do field(:replies_count, :integer, default: 0) field(:like_count, :integer, default: 0) field(:announcement_count, :integer, default: 0) - field(:inReplyTo, :string) + field(:inReplyTo, ObjectValidators.ObjectID) field(:url, ObjectValidators.Uri) - # short identifier for PleromaFE to group statuses by context - field(:context_id, :integer) field(:likes, {:array, :string}, default: []) field(:announcements, {:array, :string}, default: []) @@ -68,9 +72,18 @@ def cast_data(data) do defp fix_url(%{"url" => url} = data) when is_list(url) do attachment = - Enum.find(url, fn x -> is_map(x) and String.starts_with?(x["mimeType"], "audio/") end) + Enum.find(url, fn x -> + mime_type = x["mimeType"] || x["mediaType"] || "" - link_element = Enum.find(url, fn x -> is_map(x) and x["mimeType"] == "text/html" end) + is_map(x) and String.starts_with?(mime_type, ["video/", "audio/"]) + end) + + link_element = + Enum.find(url, fn x -> + mime_type = x["mimeType"] || x["mediaType"] || "" + + is_map(x) and mime_type == "text/html" + end) data |> Map.put("attachment", [attachment]) @@ -79,12 +92,26 @@ defp fix_url(%{"url" => url} = data) when is_list(url) do defp fix_url(data), do: data + defp fix_content(%{"mediaType" => "text/markdown", "content" => content} = data) + when is_binary(content) do + content = + content + |> Earmark.as_html!(%Earmark.Options{renderer: EarmarkRenderer}) + |> Pleroma.HTML.filter_tags() + + Map.put(data, "content", content) + end + + defp fix_content(data), do: data + defp fix(data) do data |> CommonFixes.fix_defaults() |> CommonFixes.fix_attribution() + |> CommonFixes.fix_actor() |> Transmogrifier.fix_emoji() |> fix_url() + |> fix_content() end def changeset(struct, data) do @@ -97,7 +124,7 @@ def changeset(struct, data) do def validate_data(data_cng) do data_cng - |> validate_inclusion(:type, ["Audio"]) + |> validate_inclusion(:type, ["Audio", "Video"]) |> validate_required([:id, :actor, :attributedTo, :type, :context, :attachment]) |> CommonValidations.validate_any_presence([:cc, :to]) |> CommonValidations.validate_fields_match([:actor, :attributedTo]) diff --git a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex index 720213d73..b3638cfc7 100644 --- a/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex +++ b/lib/pleroma/web/activity_pub/object_validators/common_fixes.ex @@ -3,6 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes do + alias Pleroma.Object.Containment alias Pleroma.Web.ActivityPub.Utils # based on Pleroma.Web.ActivityPub.Utils.lazy_put_objects_defaults @@ -19,4 +20,12 @@ def fix_attribution(data) do data |> Map.put_new("actor", data["attributedTo"]) end + + def fix_actor(data) do + actor = Containment.get_actor(data) + + data + |> Map.put("actor", actor) + |> Map.put("attributedTo", actor) + end end diff --git a/lib/pleroma/web/activity_pub/object_validators/create_generic_validator.ex b/lib/pleroma/web/activity_pub/object_validators/create_generic_validator.ex index b3dbeea57..422ee07be 100644 --- a/lib/pleroma/web/activity_pub/object_validators/create_generic_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/create_generic_validator.ex @@ -10,9 +10,10 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateGenericValidator do alias Pleroma.EctoType.ActivityPub.ObjectValidators alias Pleroma.Object + alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes + alias Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations import Ecto.Changeset - import Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations @primary_key false @@ -75,14 +76,15 @@ defp fix(data, meta) do data |> fix_context(meta) |> fix_addressing(meta) + |> CommonFixes.fix_actor() end def validate_data(cng, meta \\ []) do cng |> validate_required([:actor, :type, :object]) |> validate_inclusion(:type, ["Create"]) - |> validate_actor_presence() - |> validate_any_presence([:to, :cc]) + |> CommonValidations.validate_actor_presence() + |> CommonValidations.validate_any_presence([:to, :cc]) |> validate_actors_match(meta) |> validate_context_match(meta) |> validate_object_nonexistence() diff --git a/lib/pleroma/web/activity_pub/side_effects.ex b/lib/pleroma/web/activity_pub/side_effects.ex index 46a8be767..b5c720c7a 100644 --- a/lib/pleroma/web/activity_pub/side_effects.ex +++ b/lib/pleroma/web/activity_pub/side_effects.ex @@ -336,7 +336,7 @@ def handle_object_creation(%{"type" => "Answer"} = object_map, meta) do end def handle_object_creation(%{"type" => objtype} = object, meta) - when objtype in ~w[Audio Question Event] do + when objtype in ~w[Audio Video Question Event] do with {:ok, object, meta} <- Pipeline.common_pipeline(object, meta) do {:ok, object, meta} end diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index ec3b24206..e14936c10 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -7,7 +7,6 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do A module to handle coding from internal to wire ActivityPub and back. """ alias Pleroma.Activity - alias Pleroma.EarmarkRenderer alias Pleroma.EctoType.ActivityPub.ObjectValidators alias Pleroma.Maps alias Pleroma.Object @@ -45,7 +44,6 @@ def fix_object(object, options \\ []) do |> fix_addressing |> fix_summary |> fix_type(options) - |> fix_content end def fix_summary(%{"summary" => nil} = object) do @@ -274,24 +272,7 @@ def fix_url(%{"url" => url} = object) when is_map(url) do Map.put(object, "url", url["href"]) end - def fix_url(%{"type" => "Video", "url" => url} = object) when is_list(url) do - attachment = - Enum.find(url, fn x -> - media_type = x["mediaType"] || x["mimeType"] || "" - - is_map(x) and String.starts_with?(media_type, "video/") - end) - - link_element = - Enum.find(url, fn x -> is_map(x) and (x["mediaType"] || x["mimeType"]) == "text/html" end) - - object - |> Map.put("attachment", [attachment]) - |> Map.put("url", link_element["href"]) - end - - def fix_url(%{"type" => object_type, "url" => url} = object) - when object_type != "Video" and is_list(url) do + def fix_url(%{"url" => url} = object) when is_list(url) do first_element = Enum.at(url, 0) url_string = @@ -371,18 +352,6 @@ def fix_type(%{"inReplyTo" => reply_id, "name" => _} = object, options) def fix_type(object, _), do: object - defp fix_content(%{"mediaType" => "text/markdown", "content" => content} = object) - when is_binary(content) do - html_content = - content - |> Earmark.as_html!(%Earmark.Options{renderer: EarmarkRenderer}) - |> Pleroma.HTML.filter_tags() - - Map.merge(object, %{"content" => html_content, "mediaType" => "text/html"}) - end - - defp fix_content(object), do: object - # Reduce the object list to find the reported user. defp get_reported(objects) do Enum.reduce_while(objects, nil, fn ap_id, _ -> @@ -455,7 +424,7 @@ def handle_incoming( %{"type" => "Create", "object" => %{"type" => objtype} = object} = data, options ) - when objtype in ~w{Article Note Video Page} do + when objtype in ~w{Article Note Page} do actor = Containment.get_actor(data) with nil <- Activity.get_create_by_object_ap_id(object["id"]), @@ -549,7 +518,7 @@ def handle_incoming( %{"type" => "Create", "object" => %{"type" => objtype}} = data, _options ) - when objtype in ~w{Question Answer ChatMessage Audio Event} do + when objtype in ~w{Question Answer ChatMessage Audio Video Event} do data = Map.put(data, "object", strip_internal_fields(data["object"])) with {:ok, %User{}} <- ObjectValidator.fetch_actor(data), diff --git a/test/fixtures/tesla_mock/framatube.org-video.json b/test/fixtures/tesla_mock/framatube.org-video.json index 3d53f0c97..1fa529886 100644 --- a/test/fixtures/tesla_mock/framatube.org-video.json +++ b/test/fixtures/tesla_mock/framatube.org-video.json @@ -1 +1 @@ -{"type":"Video","id":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206","name":"Déframasoftisons Internet [Framasoft]","duration":"PT3622S","uuid":"6050732a-8a7a-43d4-a6cd-809525a1d206","tag":[{"type":"Hashtag","name":"déframasoftisons"},{"type":"Hashtag","name":"EPN23"},{"type":"Hashtag","name":"framaconf"},{"type":"Hashtag","name":"Framasoft"},{"type":"Hashtag","name":"pyg"}],"category":{"identifier":"15","name":"Science & Technology"},"views":122,"sensitive":false,"waitTranscoding":false,"state":1,"commentsEnabled":true,"downloadEnabled":true,"published":"2020-05-24T18:34:31.569Z","originallyPublishedAt":"2019-11-30T23:00:00.000Z","updated":"2020-07-05T09:01:01.720Z","mediaType":"text/markdown","content":"Après avoir mené avec un certain succès la campagne « Dégooglisons Internet » en 2014, l’association Framasoft annonce fin 2019 arrêter progressivement un certain nombre de ses services alternatifs aux GAFAM. Pourquoi ?\r\n\r\nTranscription par @april...","support":null,"subtitleLanguage":[],"icon":{"type":"Image","url":"https://framatube.org/static/thumbnails/6050732a-8a7a-43d4-a6cd-809525a1d206.jpg","mediaType":"image/jpeg","width":223,"height":122},"url":[{"type":"Link","mediaType":"text/html","href":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206"},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4","height":1080,"size":1157359410,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309939","height":1080,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-1080.torrent","height":1080},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080.torrent&xt=urn:btih:381c9429900552e23a4eb506318f1fa01e4d63a8&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fwebseed%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4&ws=https%3A%2F%2Fpeertube.iselfhost.com%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4&ws=https%3A%2F%2Ftube.privacytools.io%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4&ws=https%3A%2F%2Fpeertube.live%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4","height":1080},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-480.mp4","height":480,"size":250095131,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309941","height":480,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-480.torrent","height":480},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480.torrent&xt=urn:btih:a181dcbb5368ab5c31cc9ff07634becb72c344ee&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fwebseed%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480.mp4&ws=https%3A%2F%2Fpeertube.iselfhost.com%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480.mp4&ws=https%3A%2F%2Ftube.privacytools.io%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480.mp4&ws=https%3A%2F%2Fpeertube.live%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480.mp4","height":480},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-360.mp4","height":360,"size":171357733,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309942","height":360,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-360.torrent","height":360},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360.torrent&xt=urn:btih:aedfa9479ea04a175eee0b0bd0bda64076308746&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fwebseed%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360.mp4&ws=https%3A%2F%2Fpeertube.iselfhost.com%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360.mp4&ws=https%3A%2F%2Ftube.privacytools.io%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360.mp4&ws=https%3A%2F%2Fpeertube.live%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360.mp4","height":360},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-720.mp4","height":720,"size":497100839,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309943","height":720,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-720.torrent","height":720},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720.torrent&xt=urn:btih:71971668f82a3b24ac71bc3a982848dd8dc5a5f5&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fwebseed%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720.mp4&ws=https%3A%2F%2Fpeertube.iselfhost.com%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720.mp4&ws=https%3A%2F%2Ftube.privacytools.io%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720.mp4&ws=https%3A%2F%2Fpeertube.live%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720.mp4","height":720},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-240.mp4","height":240,"size":113038439,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309944","height":240,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-240.torrent","height":240},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240.torrent&xt=urn:btih:c42aa6c95efb28d9f114ebd98537f7b00fa72246&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fwebseed%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240.mp4&ws=https%3A%2F%2Fpeertube.iselfhost.com%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240.mp4&ws=https%3A%2F%2Ftube.privacytools.io%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240.mp4","height":240},{"type":"Link","mediaType":"application/x-mpegURL","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/master.m3u8","tag":[{"type":"Infohash","name":"f7428214539626e062f300f2ca4cf9154575144e"},{"type":"Infohash","name":"46e236dffb1ea6b9123a5396cbe88e97dd94cc6c"},{"type":"Infohash","name":"11f1045830b5d786c788f2594d19f128764e7d87"},{"type":"Infohash","name":"4327ad3e0d84de100130a27e9ab6fe40c4284f0e"},{"type":"Infohash","name":"41e2eee8e7b23a63c23a77c40a46de11492a4831"},{"type":"Link","name":"sha256","mediaType":"application/json","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/segments-sha256.json"},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/6050732a-8a7a-43d4-a6cd-809525a1d206-1080-fragmented.mp4","height":1080,"size":1156777472,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309940","height":1080,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-1080-hls.torrent","height":1080},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080-hls.torrent&xt=urn:btih:0204d780ebfab0d5d9d3476a038e812ad792deeb&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fstreaming-playlists%2Fhls%2F6050732a-8a7a-43d4-a6cd-809525a1d206%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080-fragmented.mp4","height":1080},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/6050732a-8a7a-43d4-a6cd-809525a1d206-480-fragmented.mp4","height":480,"size":249562889,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309945","height":480,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-480-hls.torrent","height":480},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480-hls.torrent&xt=urn:btih:5d14f38ded29de629668fe1cfc61a75f4cce2628&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fstreaming-playlists%2Fhls%2F6050732a-8a7a-43d4-a6cd-809525a1d206%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480-fragmented.mp4","height":480},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/6050732a-8a7a-43d4-a6cd-809525a1d206-360-fragmented.mp4","height":360,"size":170836415,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309946","height":360,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-360-hls.torrent","height":360},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360-hls.torrent&xt=urn:btih:30125488789080ad405ebcee6c214945f31b8f30&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fstreaming-playlists%2Fhls%2F6050732a-8a7a-43d4-a6cd-809525a1d206%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360-fragmented.mp4","height":360},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/6050732a-8a7a-43d4-a6cd-809525a1d206-720-fragmented.mp4","height":720,"size":496533741,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309947","height":720,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-720-hls.torrent","height":720},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720-hls.torrent&xt=urn:btih:8ed1e8bccde709901c26e315fc8f53bfd26d1ba6&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fstreaming-playlists%2Fhls%2F6050732a-8a7a-43d4-a6cd-809525a1d206%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720-fragmented.mp4","height":720},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/6050732a-8a7a-43d4-a6cd-809525a1d206-240-fragmented.mp4","height":240,"size":112529249,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309948","height":240,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-240-hls.torrent","height":240},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240-hls.torrent&xt=urn:btih:8b452bf4e70b9078d4e74ca8b5523cc9dc70d10a&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fstreaming-playlists%2Fhls%2F6050732a-8a7a-43d4-a6cd-809525a1d206%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240-fragmented.mp4","height":240}]}],"likes":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206/likes","dislikes":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206/dislikes","shares":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206/announces","comments":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206/comments","attributedTo":[{"type":"Person","id":"https://framatube.org/accounts/framasoft"},{"type":"Group","id":"https://framatube.org/video-channels/bf54d359-cfad-4935-9d45-9d6be93f63e8"}],"to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://framatube.org/accounts/framasoft/followers"],"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"RsaSignature2017":"https://w3id.org/security#RsaSignature2017"},{"pt":"https://joinpeertube.org/ns#","sc":"http://schema.org#","Hashtag":"as:Hashtag","uuid":"sc:identifier","category":"sc:category","licence":"sc:license","subtitleLanguage":"sc:subtitleLanguage","sensitive":"as:sensitive","language":"sc:inLanguage","Infohash":"pt:Infohash","Playlist":"pt:Playlist","PlaylistElement":"pt:PlaylistElement","originallyPublishedAt":"sc:datePublished","views":{"@type":"sc:Number","@id":"pt:views"},"state":{"@type":"sc:Number","@id":"pt:state"},"size":{"@type":"sc:Number","@id":"pt:size"},"fps":{"@type":"sc:Number","@id":"pt:fps"},"startTimestamp":{"@type":"sc:Number","@id":"pt:startTimestamp"},"stopTimestamp":{"@type":"sc:Number","@id":"pt:stopTimestamp"},"position":{"@type":"sc:Number","@id":"pt:position"},"commentsEnabled":{"@type":"sc:Boolean","@id":"pt:commentsEnabled"},"downloadEnabled":{"@type":"sc:Boolean","@id":"pt:downloadEnabled"},"waitTranscoding":{"@type":"sc:Boolean","@id":"pt:waitTranscoding"},"support":{"@type":"sc:Text","@id":"pt:support"},"likes":{"@id":"as:likes","@type":"@id"},"dislikes":{"@id":"as:dislikes","@type":"@id"},"playlists":{"@id":"pt:playlists","@type":"@id"},"shares":{"@id":"as:shares","@type":"@id"},"comments":{"@id":"as:comments","@type":"@id"}}]} \ No newline at end of file +{"type":"Create","id":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206/activity","actor":"https://framatube.org/accounts/framasoft","object":{"type":"Video","id":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206","name":"Déframasoftisons Internet [Framasoft]","duration":"PT3622S","uuid":"6050732a-8a7a-43d4-a6cd-809525a1d206","tag":[{"type":"Hashtag","name":"déframasoftisons"},{"type":"Hashtag","name":"EPN23"},{"type":"Hashtag","name":"framaconf"},{"type":"Hashtag","name":"Framasoft"},{"type":"Hashtag","name":"pyg"}],"category":{"identifier":"15","name":"Science & Technology"},"views":154,"sensitive":false,"waitTranscoding":false,"state":1,"commentsEnabled":true,"downloadEnabled":true,"published":"2020-05-24T18:34:31.569Z","originallyPublishedAt":"2019-11-30T23:00:00.000Z","updated":"2020-08-17T11:01:02.994Z","mediaType":"text/markdown","content":"Après avoir mené avec un certain succès la campagne « Dégooglisons Internet » en 2014, l’association Framasoft annonce fin 2019 arrêter progressivement un certain nombre de ses services alternatifs aux GAFAM. Pourquoi ?\r\n\r\nTranscription par @aprilorg ici : https://www.april.org/deframasoftisons-internet-pierre-yves-gosset-framasoft","support":null,"subtitleLanguage":[],"icon":[{"type":"Image","url":"https://framatube.org/static/thumbnails/6050732a-8a7a-43d4-a6cd-809525a1d206.jpg","mediaType":"image/jpeg","width":223,"height":122},{"type":"Image","url":"https://framatube.org/static/previews/6050732a-8a7a-43d4-a6cd-809525a1d206.jpg","mediaType":"image/jpeg","width":850,"height":480}],"url":[{"type":"Link","mediaType":"text/html","href":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206"},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4","height":1080,"size":1157359410,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309939","height":1080,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-1080.torrent","height":1080},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080.torrent&xt=urn:btih:381c9429900552e23a4eb506318f1fa01e4d63a8&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fwebseed%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4&ws=https%3A%2F%2Fpeertube.iselfhost.com%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4&ws=https%3A%2F%2Ftube.privacytools.io%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4&ws=https%3A%2F%2Fpeertube.live%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4","height":1080},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-720.mp4","height":720,"size":497100839,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309943","height":720,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-720.torrent","height":720},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720.torrent&xt=urn:btih:71971668f82a3b24ac71bc3a982848dd8dc5a5f5&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fwebseed%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720.mp4&ws=https%3A%2F%2Ftube.privacytools.io%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720.mp4&ws=https%3A%2F%2Fpeertube.iselfhost.com%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720.mp4&ws=https%3A%2F%2Fpeertube.live%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720.mp4","height":720},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-480.mp4","height":480,"size":250095131,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309941","height":480,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-480.torrent","height":480},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480.torrent&xt=urn:btih:a181dcbb5368ab5c31cc9ff07634becb72c344ee&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fwebseed%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480.mp4&ws=https%3A%2F%2Fpeertube.iselfhost.com%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480.mp4&ws=https%3A%2F%2Ftube.privacytools.io%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480.mp4&ws=https%3A%2F%2Fpeertube.live%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480.mp4","height":480},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-360.mp4","height":360,"size":171357733,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309942","height":360,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-360.torrent","height":360},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360.torrent&xt=urn:btih:aedfa9479ea04a175eee0b0bd0bda64076308746&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fwebseed%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360.mp4&ws=https%3A%2F%2Fpeertube.iselfhost.com%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360.mp4&ws=https%3A%2F%2Ftube.privacytools.io%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360.mp4&ws=https%3A%2F%2Fpeertube.live%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360.mp4","height":360},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-240.mp4","height":240,"size":113038439,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309944","height":240,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-240.torrent","height":240},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240.torrent&xt=urn:btih:c42aa6c95efb28d9f114ebd98537f7b00fa72246&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fwebseed%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240.mp4&ws=https%3A%2F%2Fpeertube.iselfhost.com%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240.mp4&ws=https%3A%2F%2Ftube.privacytools.io%2Fstatic%2Fredundancy%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240.mp4","height":240},{"type":"Link","mediaType":"application/x-mpegURL","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/master.m3u8","tag":[{"type":"Infohash","name":"f7428214539626e062f300f2ca4cf9154575144e"},{"type":"Infohash","name":"46e236dffb1ea6b9123a5396cbe88e97dd94cc6c"},{"type":"Infohash","name":"11f1045830b5d786c788f2594d19f128764e7d87"},{"type":"Infohash","name":"4327ad3e0d84de100130a27e9ab6fe40c4284f0e"},{"type":"Infohash","name":"41e2eee8e7b23a63c23a77c40a46de11492a4831"},{"type":"Link","name":"sha256","mediaType":"application/json","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/segments-sha256.json"},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/6050732a-8a7a-43d4-a6cd-809525a1d206-1080-fragmented.mp4","height":1080,"size":1156777472,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309940","height":1080,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-1080-hls.torrent","height":1080},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080-hls.torrent&xt=urn:btih:0204d780ebfab0d5d9d3476a038e812ad792deeb&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fstreaming-playlists%2Fhls%2F6050732a-8a7a-43d4-a6cd-809525a1d206%2F6050732a-8a7a-43d4-a6cd-809525a1d206-1080-fragmented.mp4","height":1080},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/6050732a-8a7a-43d4-a6cd-809525a1d206-720-fragmented.mp4","height":720,"size":496533741,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309947","height":720,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-720-hls.torrent","height":720},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720-hls.torrent&xt=urn:btih:8ed1e8bccde709901c26e315fc8f53bfd26d1ba6&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fstreaming-playlists%2Fhls%2F6050732a-8a7a-43d4-a6cd-809525a1d206%2F6050732a-8a7a-43d4-a6cd-809525a1d206-720-fragmented.mp4","height":720},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/6050732a-8a7a-43d4-a6cd-809525a1d206-480-fragmented.mp4","height":480,"size":249562889,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309945","height":480,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-480-hls.torrent","height":480},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480-hls.torrent&xt=urn:btih:5d14f38ded29de629668fe1cfc61a75f4cce2628&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fstreaming-playlists%2Fhls%2F6050732a-8a7a-43d4-a6cd-809525a1d206%2F6050732a-8a7a-43d4-a6cd-809525a1d206-480-fragmented.mp4","height":480},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/6050732a-8a7a-43d4-a6cd-809525a1d206-360-fragmented.mp4","height":360,"size":170836415,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309946","height":360,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-360-hls.torrent","height":360},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360-hls.torrent&xt=urn:btih:30125488789080ad405ebcee6c214945f31b8f30&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fstreaming-playlists%2Fhls%2F6050732a-8a7a-43d4-a6cd-809525a1d206%2F6050732a-8a7a-43d4-a6cd-809525a1d206-360-fragmented.mp4","height":360},{"type":"Link","mediaType":"video/mp4","href":"https://framatube.org/static/streaming-playlists/hls/6050732a-8a7a-43d4-a6cd-809525a1d206/6050732a-8a7a-43d4-a6cd-809525a1d206-240-fragmented.mp4","height":240,"size":112529249,"fps":25},{"type":"Link","rel":["metadata","video/mp4"],"mediaType":"application/json","href":"https://framatube.org/api/v1/videos/6050732a-8a7a-43d4-a6cd-809525a1d206/metadata/1309948","height":240,"fps":25},{"type":"Link","mediaType":"application/x-bittorrent","href":"https://framatube.org/static/torrents/6050732a-8a7a-43d4-a6cd-809525a1d206-240-hls.torrent","height":240},{"type":"Link","mediaType":"application/x-bittorrent;x-scheme-handler/magnet","href":"magnet:?xs=https%3A%2F%2Fframatube.org%2Fstatic%2Ftorrents%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240-hls.torrent&xt=urn:btih:8b452bf4e70b9078d4e74ca8b5523cc9dc70d10a&dn=D%C3%A9framasoftisons+Internet+%5BFramasoft%5D&tr=wss%3A%2F%2Fframatube.org%3A443%2Ftracker%2Fsocket&tr=https%3A%2F%2Fframatube.org%2Ftracker%2Fannounce&ws=https%3A%2F%2Fframatube.org%2Fstatic%2Fstreaming-playlists%2Fhls%2F6050732a-8a7a-43d4-a6cd-809525a1d206%2F6050732a-8a7a-43d4-a6cd-809525a1d206-240-fragmented.mp4","height":240}]}],"likes":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206/likes","dislikes":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206/dislikes","shares":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206/announces","comments":"https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206/comments","attributedTo":[{"type":"Person","id":"https://framatube.org/accounts/framasoft"},{"type":"Group","id":"https://framatube.org/video-channels/bf54d359-cfad-4935-9d45-9d6be93f63e8"}],"to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://framatube.org/accounts/framasoft/followers"]},"to":["https://www.w3.org/ns/activitystreams#Public"],"cc":["https://framatube.org/accounts/framasoft/followers"],"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"RsaSignature2017":"https://w3id.org/security#RsaSignature2017"},{"pt":"https://joinpeertube.org/ns#","sc":"http://schema.org#","Hashtag":"as:Hashtag","uuid":"sc:identifier","category":"sc:category","licence":"sc:license","subtitleLanguage":"sc:subtitleLanguage","sensitive":"as:sensitive","language":"sc:inLanguage","Infohash":"pt:Infohash","Playlist":"pt:Playlist","PlaylistElement":"pt:PlaylistElement","originallyPublishedAt":"sc:datePublished","views":{"@type":"sc:Number","@id":"pt:views"},"state":{"@type":"sc:Number","@id":"pt:state"},"size":{"@type":"sc:Number","@id":"pt:size"},"fps":{"@type":"sc:Number","@id":"pt:fps"},"startTimestamp":{"@type":"sc:Number","@id":"pt:startTimestamp"},"stopTimestamp":{"@type":"sc:Number","@id":"pt:stopTimestamp"},"position":{"@type":"sc:Number","@id":"pt:position"},"commentsEnabled":{"@type":"sc:Boolean","@id":"pt:commentsEnabled"},"downloadEnabled":{"@type":"sc:Boolean","@id":"pt:downloadEnabled"},"waitTranscoding":{"@type":"sc:Boolean","@id":"pt:waitTranscoding"},"support":{"@type":"sc:Text","@id":"pt:support"},"likes":{"@id":"as:likes","@type":"@id"},"dislikes":{"@id":"as:dislikes","@type":"@id"},"playlists":{"@id":"pt:playlists","@type":"@id"},"shares":{"@id":"as:shares","@type":"@id"},"comments":{"@id":"as:comments","@type":"@id"}}]} \ No newline at end of file diff --git a/test/web/activity_pub/transmogrifier/video_handling_test.exs b/test/web/activity_pub/transmogrifier/video_handling_test.exs new file mode 100644 index 000000000..69c953a2e --- /dev/null +++ b/test/web/activity_pub/transmogrifier/video_handling_test.exs @@ -0,0 +1,93 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ActivityPub.Transmogrifier.VideoHandlingTest do + use Oban.Testing, repo: Pleroma.Repo + use Pleroma.DataCase + + alias Pleroma.Activity + alias Pleroma.Object + alias Pleroma.Object.Fetcher + alias Pleroma.Web.ActivityPub.Transmogrifier + + setup_all do + Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end) + :ok + end + + test "skip converting the content when it is nil" do + data = + File.read!("test/fixtures/tesla_mock/framatube.org-video.json") + |> Jason.decode!() + |> Kernel.put_in(["object", "content"], nil) + + {:ok, %Activity{local: false} = activity} = Transmogrifier.handle_incoming(data) + + assert object = Object.normalize(activity, false) + + assert object.data["content"] == nil + end + + test "it converts content of object to html" do + data = File.read!("test/fixtures/tesla_mock/framatube.org-video.json") |> Jason.decode!() + + {:ok, %Activity{local: false} = activity} = Transmogrifier.handle_incoming(data) + + assert object = Object.normalize(activity, false) + + assert object.data["content"] == + "

Après avoir mené avec un certain succès la campagne « Dégooglisons Internet » en 2014, l’association Framasoft annonce fin 2019 arrêter progressivement un certain nombre de ses services alternatifs aux GAFAM. Pourquoi ?

Transcription par @aprilorg ici : https://www.april.org/deframasoftisons-internet-pierre-yves-gosset-framasoft

" + end + + test "it remaps video URLs as attachments if necessary" do + {:ok, object} = + Fetcher.fetch_object_from_id( + "https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3" + ) + + assert object.data["url"] == + "https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3" + + assert object.data["attachment"] == [ + %{ + "type" => "Link", + "mediaType" => "video/mp4", + "name" => nil, + "url" => [ + %{ + "href" => + "https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4", + "mediaType" => "video/mp4", + "type" => "Link" + } + ] + } + ] + + data = File.read!("test/fixtures/tesla_mock/framatube.org-video.json") |> Jason.decode!() + + {:ok, %Activity{local: false} = activity} = Transmogrifier.handle_incoming(data) + + assert object = Object.normalize(activity, false) + + assert object.data["attachment"] == [ + %{ + "type" => "Link", + "mediaType" => "video/mp4", + "name" => nil, + "url" => [ + %{ + "href" => + "https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4", + "mediaType" => "video/mp4", + "type" => "Link" + } + ] + } + ] + + assert object.data["url"] == + "https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206" + end +end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index cc55a7be7..0a3291d49 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -8,7 +8,6 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do alias Pleroma.Activity alias Pleroma.Object - alias Pleroma.Object.Fetcher alias Pleroma.Tests.ObanHelpers alias Pleroma.User alias Pleroma.Web.ActivityPub.Transmogrifier @@ -355,83 +354,6 @@ test "it works for incoming unfollows with an existing follow" do refute User.following?(User.get_cached_by_ap_id(data["actor"]), user) end - test "skip converting the content when it is nil" do - object_id = "https://peertube.social/videos/watch/278d2b7c-0f38-4aaa-afe6-9ecc0c4a34fe" - - {:ok, object} = Fetcher.fetch_and_contain_remote_object_from_id(object_id) - - result = - Pleroma.Web.ActivityPub.Transmogrifier.fix_object(Map.merge(object, %{"content" => nil})) - - assert result["content"] == nil - end - - test "it converts content of object to html" do - object_id = "https://peertube.social/videos/watch/278d2b7c-0f38-4aaa-afe6-9ecc0c4a34fe" - - {:ok, %{"content" => content_markdown}} = - Fetcher.fetch_and_contain_remote_object_from_id(object_id) - - {:ok, %Pleroma.Object{data: %{"content" => content}} = object} = - Fetcher.fetch_object_from_id(object_id) - - assert content_markdown == - "Support this and our other Michigan!/usr/group videos and meetings. Learn more at http://mug.org/membership\n\nTwenty Years in Jail: FreeBSD's Jails, Then and Now\n\nJails started as a limited virtualization system, but over the last two years they've..." - - assert content == - "

Support this and our other Michigan!/usr/group videos and meetings. Learn more at http://mug.org/membership

Twenty Years in Jail: FreeBSD’s Jails, Then and Now

Jails started as a limited virtualization system, but over the last two years they’ve…

" - - assert object.data["mediaType"] == "text/html" - end - - test "it remaps video URLs as attachments if necessary" do - {:ok, object} = - Fetcher.fetch_object_from_id( - "https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3" - ) - - assert object.data["url"] == - "https://peertube.moe/videos/watch/df5f464b-be8d-46fb-ad81-2d4c2d1630e3" - - assert object.data["attachment"] == [ - %{ - "type" => "Link", - "mediaType" => "video/mp4", - "url" => [ - %{ - "href" => - "https://peertube.moe/static/webseed/df5f464b-be8d-46fb-ad81-2d4c2d1630e3-480.mp4", - "mediaType" => "video/mp4", - "type" => "Link" - } - ] - } - ] - - {:ok, object} = - Fetcher.fetch_object_from_id( - "https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206" - ) - - assert object.data["attachment"] == [ - %{ - "type" => "Link", - "mediaType" => "video/mp4", - "url" => [ - %{ - "href" => - "https://framatube.org/static/webseed/6050732a-8a7a-43d4-a6cd-809525a1d206-1080.mp4", - "mediaType" => "video/mp4", - "type" => "Link" - } - ] - } - ] - - assert object.data["url"] == - "https://framatube.org/videos/watch/6050732a-8a7a-43d4-a6cd-809525a1d206" - end - test "it accepts Flag activities" do user = insert(:user) other_user = insert(:user) @@ -1133,75 +1055,7 @@ test "fixes data for object when url is map" do } end - test "fixes data for video object" do - object = %{ - "type" => "Video", - "url" => [ - %{ - "type" => "Link", - "mimeType" => "video/mp4", - "href" => "https://peede8d-46fb-ad81-2d4c2d1630e3-480.mp4" - }, - %{ - "type" => "Link", - "mimeType" => "video/mp4", - "href" => "https://peertube46fb-ad81-2d4c2d1630e3-240.mp4" - }, - %{ - "type" => "Link", - "mimeType" => "text/html", - "href" => "https://peertube.-2d4c2d1630e3" - }, - %{ - "type" => "Link", - "mimeType" => "text/html", - "href" => "https://peertube.-2d4c2d16377-42" - } - ] - } - - assert Transmogrifier.fix_url(object) == %{ - "attachment" => [ - %{ - "href" => "https://peede8d-46fb-ad81-2d4c2d1630e3-480.mp4", - "mimeType" => "video/mp4", - "type" => "Link" - } - ], - "type" => "Video", - "url" => "https://peertube.-2d4c2d1630e3" - } - end - - test "fixes url for not Video object" do - object = %{ - "type" => "Text", - "url" => [ - %{ - "type" => "Link", - "mimeType" => "text/html", - "href" => "https://peertube.-2d4c2d1630e3" - }, - %{ - "type" => "Link", - "mimeType" => "text/html", - "href" => "https://peertube.-2d4c2d16377-42" - } - ] - } - - assert Transmogrifier.fix_url(object) == %{ - "type" => "Text", - "url" => "https://peertube.-2d4c2d1630e3" - } - - assert Transmogrifier.fix_url(%{"type" => "Text", "url" => []}) == %{ - "type" => "Text", - "url" => "" - } - end - - test "retunrs not modified object" do + test "returns non-modified object" do assert Transmogrifier.fix_url(%{"type" => "Text"}) == %{"type" => "Text"} end end From 2132b24a9df8116e12abc8c458cff4c3850aeda0 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 20 Aug 2020 04:27:59 +0200 Subject: [PATCH 185/264] object_validators: likes & announcements as [ObjectID] --- .../activity_pub/object_validators/audio_video_validator.ex | 4 ++-- .../web/activity_pub/object_validators/note_validator.ex | 4 ++-- .../web/activity_pub/object_validators/question_validator.ex | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex b/lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex index a6119e627..16973e5db 100644 --- a/lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/audio_video_validator.ex @@ -49,8 +49,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AudioVideoValidator do field(:inReplyTo, ObjectValidators.ObjectID) field(:url, ObjectValidators.Uri) - field(:likes, {:array, :string}, default: []) - field(:announcements, {:array, :string}, default: []) + field(:likes, {:array, ObjectValidators.ObjectID}, default: []) + field(:announcements, {:array, ObjectValidators.ObjectID}, default: []) end def cast_and_apply(data) do diff --git a/lib/pleroma/web/activity_pub/object_validators/note_validator.ex b/lib/pleroma/web/activity_pub/object_validators/note_validator.ex index ab4469a59..e47cbaaea 100644 --- a/lib/pleroma/web/activity_pub/object_validators/note_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/note_validator.ex @@ -43,8 +43,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.NoteValidator do field(:inReplyTo, ObjectValidators.ObjectID) field(:url, ObjectValidators.Uri) - field(:likes, {:array, :string}, default: []) - field(:announcements, {:array, :string}, default: []) + field(:likes, {:array, ObjectValidators.ObjectID}, default: []) + field(:announcements, {:array, ObjectValidators.ObjectID}, default: []) end def cast_and_validate(data) do diff --git a/lib/pleroma/web/activity_pub/object_validators/question_validator.ex b/lib/pleroma/web/activity_pub/object_validators/question_validator.ex index 934d3c1ea..9310485dc 100644 --- a/lib/pleroma/web/activity_pub/object_validators/question_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/question_validator.ex @@ -47,8 +47,8 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.QuestionValidator do # short identifier for PleromaFE to group statuses by context field(:context_id, :integer) - field(:likes, {:array, :string}, default: []) - field(:announcements, {:array, :string}, default: []) + field(:likes, {:array, ObjectValidators.ObjectID}, default: []) + field(:announcements, {:array, ObjectValidators.ObjectID}, default: []) field(:closed, ObjectValidators.DateTime) field(:voters, {:array, ObjectValidators.ObjectID}, default: []) From 1b3d5956b1be7faac4e1230d788307650acce991 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 20 Aug 2020 20:03:07 +0200 Subject: [PATCH 186/264] Pipeline Ingestion: Article --- lib/pleroma/web/activity_pub/activity_pub.ex | 2 +- .../web/activity_pub/object_validator.ex | 17 ++++- ...validator.ex => article_note_validator.ex} | 55 +++++++++++--- lib/pleroma/web/activity_pub/side_effects.ex | 2 +- .../web/activity_pub/transmogrifier.ex | 4 +- .../wedistribute-create-article.json | 1 + ...st.exs => article_note_validator_test.exs} | 6 +- .../transmogrifier/article_handling_test.exs | 75 +++++++++++++++++++ test/web/activity_pub/transmogrifier_test.exs | 9 --- 9 files changed, 143 insertions(+), 28 deletions(-) rename lib/pleroma/web/activity_pub/object_validators/{note_validator.ex => article_note_validator.ex} (59%) create mode 100644 test/fixtures/tesla_mock/wedistribute-create-article.json rename test/web/activity_pub/object_validators/{note_validator_test.exs => article_note_validator_test.exs} (76%) create mode 100644 test/web/activity_pub/transmogrifier/article_handling_test.exs diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index bceec8bd1..3ab045737 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -84,7 +84,7 @@ defp increase_replies_count_if_reply(%{ defp increase_replies_count_if_reply(_create_data), do: :noop - @object_types ~w[ChatMessage Question Answer Audio Video Event] + @object_types ~w[ChatMessage Question Answer Audio Video Event Article] @spec persist(map(), keyword()) :: {:ok, Activity.t() | Object.t()} def persist(%{"type" => type} = object, meta) when type in @object_types do with {:ok, object} <- Object.create(object) do diff --git a/lib/pleroma/web/activity_pub/object_validator.ex b/lib/pleroma/web/activity_pub/object_validator.ex index 081f96389..bd0a2a8dc 100644 --- a/lib/pleroma/web/activity_pub/object_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validator.ex @@ -17,6 +17,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidator do alias Pleroma.Web.ActivityPub.ObjectValidators.AcceptRejectValidator alias Pleroma.Web.ActivityPub.ObjectValidators.AnnounceValidator alias Pleroma.Web.ActivityPub.ObjectValidators.AnswerValidator + alias Pleroma.Web.ActivityPub.ObjectValidators.ArticleNoteValidator alias Pleroma.Web.ActivityPub.ObjectValidators.AudioVideoValidator alias Pleroma.Web.ActivityPub.ObjectValidators.BlockValidator alias Pleroma.Web.ActivityPub.ObjectValidators.ChatMessageValidator @@ -160,6 +161,16 @@ def validate(%{"type" => type} = object, meta) when type in ~w[Audio Video] do end end + def validate(%{"type" => "Article"} = object, meta) do + with {:ok, object} <- + object + |> ArticleNoteValidator.cast_and_validate() + |> Ecto.Changeset.apply_action(:insert) do + object = stringify_keys(object) + {:ok, object, meta} + end + end + def validate(%{"type" => "Answer"} = object, meta) do with {:ok, object} <- object @@ -199,7 +210,7 @@ def validate( %{"type" => "Create", "object" => %{"type" => objtype} = object} = create_activity, meta ) - when objtype in ~w[Question Answer Audio Video Event] do + when objtype in ~w[Question Answer Audio Video Event Article] do with {:ok, object_data} <- cast_and_apply(object), meta = Keyword.put(meta, :object_data, object_data |> stringify_keys), {:ok, create_activity} <- @@ -241,6 +252,10 @@ def cast_and_apply(%{"type" => "Event"} = object) do EventValidator.cast_and_apply(object) end + def cast_and_apply(%{"type" => "Article"} = object) do + ArticleNoteValidator.cast_and_apply(object) + end + def cast_and_apply(o), do: {:error, {:validator_not_set, o}} # is_struct/1 isn't present in Elixir 1.8.x diff --git a/lib/pleroma/web/activity_pub/object_validators/note_validator.ex b/lib/pleroma/web/activity_pub/object_validators/article_note_validator.ex similarity index 59% rename from lib/pleroma/web/activity_pub/object_validators/note_validator.ex rename to lib/pleroma/web/activity_pub/object_validators/article_note_validator.ex index e47cbaaea..5b7dad517 100644 --- a/lib/pleroma/web/activity_pub/object_validators/note_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/article_note_validator.ex @@ -2,15 +2,19 @@ # Copyright © 2017-2020 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only -defmodule Pleroma.Web.ActivityPub.ObjectValidators.NoteValidator do +defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNoteValidator do use Ecto.Schema alias Pleroma.EctoType.ActivityPub.ObjectValidators + alias Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator + alias Pleroma.Web.ActivityPub.ObjectValidators.CommonFixes + alias Pleroma.Web.ActivityPub.ObjectValidators.CommonValidations alias Pleroma.Web.ActivityPub.Transmogrifier import Ecto.Changeset @primary_key false + @derive Jason.Encoder embedded_schema do field(:id, ObjectValidators.ObjectID, primary_key: true) @@ -30,13 +34,14 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.NoteValidator do # short identifier for PleromaFE to group statuses by context field(:context_id, :integer) + # TODO: Remove actor on objects field(:actor, ObjectValidators.ObjectID) + field(:attributedTo, ObjectValidators.ObjectID) field(:published, ObjectValidators.DateTime) field(:emoji, ObjectValidators.Emoji, default: %{}) field(:sensitive, :boolean, default: false) - # TODO: Write type - field(:attachment, {:array, :map}, default: []) + embeds_many(:attachment, AttachmentValidator) field(:replies_count, :integer, default: 0) field(:like_count, :integer, default: 0) field(:announcement_count, :integer, default: 0) @@ -47,27 +52,55 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.NoteValidator do field(:announcements, {:array, ObjectValidators.ObjectID}, default: []) end + def cast_and_apply(data) do + data + |> cast_data + |> apply_action(:insert) + end + def cast_and_validate(data) do data |> cast_data() |> validate_data() end - defp fix(data) do - data - |> Transmogrifier.fix_emoji() - end - def cast_data(data) do data = fix(data) %__MODULE__{} - |> cast(data, __schema__(:fields)) + |> changeset(data) + end + + defp fix_url(%{"url" => url} = data) when is_map(url) do + Map.put(data, "url", url["href"]) + end + + defp fix_url(data), do: data + + defp fix(data) do + data + |> CommonFixes.fix_defaults() + |> CommonFixes.fix_attribution() + |> CommonFixes.fix_actor() + |> fix_url() + |> Transmogrifier.fix_emoji() + end + + def changeset(struct, data) do + data = fix(data) + + struct + |> cast(data, __schema__(:fields) -- [:attachment]) + |> cast_embed(:attachment) end def validate_data(data_cng) do data_cng - |> validate_inclusion(:type, ["Note"]) - |> validate_required([:id, :actor, :to, :cc, :type, :content, :context]) + |> validate_inclusion(:type, ["Article", "Note"]) + |> validate_required([:id, :actor, :attributedTo, :type, :context, :context_id]) + |> CommonValidations.validate_any_presence([:cc, :to]) + |> CommonValidations.validate_fields_match([:actor, :attributedTo]) + |> CommonValidations.validate_actor_presence() + |> CommonValidations.validate_host_match() end end diff --git a/lib/pleroma/web/activity_pub/side_effects.ex b/lib/pleroma/web/activity_pub/side_effects.ex index b5c720c7a..b9a83a544 100644 --- a/lib/pleroma/web/activity_pub/side_effects.ex +++ b/lib/pleroma/web/activity_pub/side_effects.ex @@ -336,7 +336,7 @@ def handle_object_creation(%{"type" => "Answer"} = object_map, meta) do end def handle_object_creation(%{"type" => objtype} = object, meta) - when objtype in ~w[Audio Video Question Event] do + when objtype in ~w[Audio Video Question Event Article] do with {:ok, object, meta} <- Pipeline.common_pipeline(object, meta) do {:ok, object, meta} end diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index e14936c10..80f529704 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -424,7 +424,7 @@ def handle_incoming( %{"type" => "Create", "object" => %{"type" => objtype} = object} = data, options ) - when objtype in ~w{Article Note Page} do + when objtype in ~w{Note Page} do actor = Containment.get_actor(data) with nil <- Activity.get_create_by_object_ap_id(object["id"]), @@ -518,7 +518,7 @@ def handle_incoming( %{"type" => "Create", "object" => %{"type" => objtype}} = data, _options ) - when objtype in ~w{Question Answer ChatMessage Audio Video Event} do + when objtype in ~w{Question Answer ChatMessage Audio Video Event Article} do data = Map.put(data, "object", strip_internal_fields(data["object"])) with {:ok, %User{}} <- ObjectValidator.fetch_actor(data), diff --git a/test/fixtures/tesla_mock/wedistribute-create-article.json b/test/fixtures/tesla_mock/wedistribute-create-article.json new file mode 100644 index 000000000..3cfef8b99 --- /dev/null +++ b/test/fixtures/tesla_mock/wedistribute-create-article.json @@ -0,0 +1 @@ +{"@context":["https:\/\/www.w3.org\/ns\/activitystreams"],"type":"Create","actor":"https:\/\/wedistribute.org\/wp-json\/pterotype\/v1\/actor\/-blog","object":{"@context":["https:\/\/www.w3.org\/ns\/activitystreams"],"type":"Article","name":"The end is near: Mastodon plans to drop OStatus support","content":"\n

The days of OStatus are numbered. The venerable protocol has served as a glue between many different types of servers since the early days of the Fediverse, connecting StatusNet (now GNU Social) to Friendica, Hubzilla, Mastodon, and Pleroma.<\/p>\n\n\n\n

Now that many fediverse platforms support ActivityPub as a successor protocol, Mastodon appears to be drawing a line in the sand. In a Patreon update<\/a>, Eugen Rochko writes:<\/p>\n\n\n\n

...OStatus...has overstayed its welcome in the code...and now that most of the network uses ActivityPub, it's time for it to go. <\/p>Eugen Rochko, Mastodon creator<\/cite><\/blockquote>\n\n\n\n

The pull request<\/a> to remove Pubsubhubbub and Salmon, two of the main components of OStatus, has already been merged into Mastodon's master branch.<\/p>\n\n\n\n

Some projects will be left in the dark as a side effect of this. GNU Social and PostActiv, for example, both only communicate using OStatus. While some discussion<\/a> exists regarding adopting ActivityPub for GNU Social, and a plugin is in development<\/a>, it hasn't been formally adopted yet. We just hope that the Free Software Foundation's instance<\/a> gets updated in time!<\/p>\n","summary":"One of the largest platforms in the federated social web is dropping the protocol that it started with.","attributedTo":"https:\/\/wedistribute.org\/wp-json\/pterotype\/v1\/actor\/-blog","url":"https:\/\/wedistribute.org\/2019\/07\/mastodon-drops-ostatus\/","to":["https:\/\/www.w3.org\/ns\/activitystreams#Public","https:\/\/wedistribute.org\/wp-json\/pterotype\/v1\/actor\/-blog\/followers"],"id":"https:\/\/wedistribute.org\/wp-json\/pterotype\/v1\/object\/85810","likes":"https:\/\/wedistribute.org\/wp-json\/pterotype\/v1\/object\/85810\/likes","shares":"https:\/\/wedistribute.org\/wp-json\/pterotype\/v1\/object\/85810\/shares"},"to":["https:\/\/www.w3.org\/ns\/activitystreams#Public","https:\/\/wedistribute.org\/wp-json\/pterotype\/v1\/actor\/-blog\/followers"],"id":"https:\/\/wedistribute.org\/wp-json\/pterotype\/v1\/object\/85809"} \ No newline at end of file diff --git a/test/web/activity_pub/object_validators/note_validator_test.exs b/test/web/activity_pub/object_validators/article_note_validator_test.exs similarity index 76% rename from test/web/activity_pub/object_validators/note_validator_test.exs rename to test/web/activity_pub/object_validators/article_note_validator_test.exs index 30c481ffb..cc6dab872 100644 --- a/test/web/activity_pub/object_validators/note_validator_test.exs +++ b/test/web/activity_pub/object_validators/article_note_validator_test.exs @@ -2,10 +2,10 @@ # Copyright © 2017-2020 Pleroma Authors # SPDX-License-Identifier: AGPL-3.0-only -defmodule Pleroma.Web.ActivityPub.ObjectValidators.NoteValidatorTest do +defmodule Pleroma.Web.ActivityPub.ObjectValidators.ArticleNoteValidatorTest do use Pleroma.DataCase - alias Pleroma.Web.ActivityPub.ObjectValidators.NoteValidator + alias Pleroma.Web.ActivityPub.ObjectValidators.ArticleNoteValidator alias Pleroma.Web.ActivityPub.Utils import Pleroma.Factory @@ -29,7 +29,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.NoteValidatorTest do end test "a basic note validates", %{note: note} do - %{valid?: true} = NoteValidator.cast_and_validate(note) + %{valid?: true} = ArticleNoteValidator.cast_and_validate(note) end end end diff --git a/test/web/activity_pub/transmogrifier/article_handling_test.exs b/test/web/activity_pub/transmogrifier/article_handling_test.exs new file mode 100644 index 000000000..9b12a470a --- /dev/null +++ b/test/web/activity_pub/transmogrifier/article_handling_test.exs @@ -0,0 +1,75 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ActivityPub.Transmogrifier.ArticleHandlingTest do + use Oban.Testing, repo: Pleroma.Repo + use Pleroma.DataCase + + alias Pleroma.Activity + alias Pleroma.Object + alias Pleroma.Object.Fetcher + alias Pleroma.Web.ActivityPub.Transmogrifier + + test "Pterotype (Wordpress Plugin) Article" do + Tesla.Mock.mock(fn %{url: "https://wedistribute.org/wp-json/pterotype/v1/actor/-blog"} -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/tesla_mock/wedistribute-user.json")} + end) + + data = + File.read!("test/fixtures/tesla_mock/wedistribute-create-article.json") |> Jason.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + + object = Object.normalize(data["object"]) + + assert object.data["name"] == "The end is near: Mastodon plans to drop OStatus support" + + assert object.data["summary"] == + "One of the largest platforms in the federated social web is dropping the protocol that it started with." + + assert object.data["url"] == "https://wedistribute.org/2019/07/mastodon-drops-ostatus/" + end + + test "Plume Article" do + Tesla.Mock.mock(fn + %{url: "https://baptiste.gelez.xyz/~/PlumeDevelopment/this-month-in-plume-june-2018/"} -> + %Tesla.Env{ + status: 200, + body: File.read!("test/fixtures/tesla_mock/baptiste.gelex.xyz-article.json") + } + + %{url: "https://baptiste.gelez.xyz/@/BaptisteGelez"} -> + %Tesla.Env{ + status: 200, + body: File.read!("test/fixtures/tesla_mock/baptiste.gelex.xyz-user.json") + } + end) + + {:ok, object} = + Fetcher.fetch_object_from_id( + "https://baptiste.gelez.xyz/~/PlumeDevelopment/this-month-in-plume-june-2018/" + ) + + assert object.data["name"] == "This Month in Plume: June 2018" + + assert object.data["url"] == + "https://baptiste.gelez.xyz/~/PlumeDevelopment/this-month-in-plume-june-2018/" + end + + test "Prismo Article" do + Tesla.Mock.mock(fn %{url: "https://prismo.news/@mxb"} -> + %Tesla.Env{ + status: 200, + body: File.read!("test/fixtures/tesla_mock/https___prismo.news__mxb.json") + } + end) + + data = File.read!("test/fixtures/prismo-url-map.json") |> Jason.decode!() + + {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) + object = Object.normalize(data["object"]) + + assert object.data["url"] == "https://prismo.news/posts/83" + end +end diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index 0a3291d49..561674f01 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -44,15 +44,6 @@ test "it works for incoming notices with tag not being an array (kroeg)" do assert "test" in object.data["tag"] end - test "it works for incoming notices with url not being a string (prismo)" do - data = File.read!("test/fixtures/prismo-url-map.json") |> Poison.decode!() - - {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) - object = Object.normalize(data["object"]) - - assert object.data["url"] == "https://prismo.news/posts/83" - end - test "it cleans up incoming notices which are not really DMs" do user = insert(:user) other_user = insert(:user) From f18178cb096b9a00ed12ff0fe36893f118ec6649 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 22 Aug 2020 02:01:33 +0200 Subject: [PATCH 187/264] AttachmentValidator: directly embed url schema and pass it fix_media_type --- .../object_validators/attachment_validator.ex | 21 ++++++++++++++-- .../object_validators/url_object_validator.ex | 24 ------------------- 2 files changed, 19 insertions(+), 26 deletions(-) delete mode 100644 lib/pleroma/web/activity_pub/object_validators/url_object_validator.ex diff --git a/lib/pleroma/web/activity_pub/object_validators/attachment_validator.ex b/lib/pleroma/web/activity_pub/object_validators/attachment_validator.ex index c8b148280..df102a134 100644 --- a/lib/pleroma/web/activity_pub/object_validators/attachment_validator.ex +++ b/lib/pleroma/web/activity_pub/object_validators/attachment_validator.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator do use Ecto.Schema + alias Pleroma.EctoType.ActivityPub.ObjectValidators alias Pleroma.Web.ActivityPub.ObjectValidators.UrlObjectValidator import Ecto.Changeset @@ -15,7 +16,11 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.AttachmentValidator do field(:mediaType, :string, default: "application/octet-stream") field(:name, :string) - embeds_many(:url, UrlObjectValidator) + embeds_many :url, UrlObjectValidator, primary_key: false do + field(:type, :string) + field(:href, ObjectValidators.Uri) + field(:mediaType, :string, default: "application/octet-stream") + end end def cast_and_validate(data) do @@ -37,7 +42,18 @@ def changeset(struct, data) do struct |> cast(data, [:type, :mediaType, :name]) - |> cast_embed(:url, required: true) + |> cast_embed(:url, with: &url_changeset/2) + |> validate_inclusion(:type, ~w[Link Document Audio Image Video]) + |> validate_required([:type, :mediaType, :url]) + end + + def url_changeset(struct, data) do + data = fix_media_type(data) + + struct + |> cast(data, [:type, :href, :mediaType]) + |> validate_inclusion(:type, ["Link"]) + |> validate_required([:type, :href, :mediaType]) end def fix_media_type(data) do @@ -75,6 +91,7 @@ defp fix_url(data) do def validate_data(cng) do cng + |> validate_inclusion(:type, ~w[Document Audio Image Video]) |> validate_required([:mediaType, :url, :type]) end end diff --git a/lib/pleroma/web/activity_pub/object_validators/url_object_validator.ex b/lib/pleroma/web/activity_pub/object_validators/url_object_validator.ex deleted file mode 100644 index 881030f38..000000000 --- a/lib/pleroma/web/activity_pub/object_validators/url_object_validator.ex +++ /dev/null @@ -1,24 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.Web.ActivityPub.ObjectValidators.UrlObjectValidator do - use Ecto.Schema - - alias Pleroma.EctoType.ActivityPub.ObjectValidators - - import Ecto.Changeset - @primary_key false - - embedded_schema do - field(:type, :string) - field(:href, ObjectValidators.Uri) - field(:mediaType, :string, default: "application/octet-stream") - end - - def changeset(struct, data) do - struct - |> cast(data, __schema__(:fields)) - |> validate_required([:type, :href, :mediaType]) - end -end From e3ca0a7e2d18ca9b3c809282678456d4517d39bc Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Fri, 11 Sep 2020 09:09:28 +0300 Subject: [PATCH 188/264] migration to remove old cron jobs --- .../20200911055909_remove_cron_jobs.exs | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 priv/repo/migrations/20200911055909_remove_cron_jobs.exs diff --git a/priv/repo/migrations/20200911055909_remove_cron_jobs.exs b/priv/repo/migrations/20200911055909_remove_cron_jobs.exs new file mode 100644 index 000000000..33897d128 --- /dev/null +++ b/priv/repo/migrations/20200911055909_remove_cron_jobs.exs @@ -0,0 +1,20 @@ +defmodule Pleroma.Repo.Migrations.RemoveCronJobs do + use Ecto.Migration + + import Ecto.Query, only: [from: 2] + + def up do + from(j in "oban_jobs", + where: + j.worker in ^[ + "Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker", + "Pleroma.Workers.Cron.StatsWorker", + "Pleroma.Workers.Cron.ClearOauthTokenWorker" + ], + select: [:id] + ) + |> Pleroma.Repo.delete_all() + end + + def down, do: :ok +end From dbc013f24c3885960714425f201e372335d22345 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 11 Sep 2020 11:22:50 +0200 Subject: [PATCH 189/264] instance: Handle not getting a favicon --- lib/pleroma/instances/instance.ex | 12 ++--- test/web/instances/instance_test.exs | 71 ++++++++++++++++++---------- 2 files changed, 50 insertions(+), 33 deletions(-) diff --git a/lib/pleroma/instances/instance.ex b/lib/pleroma/instances/instance.ex index 8bf53c090..6948651c7 100644 --- a/lib/pleroma/instances/instance.ex +++ b/lib/pleroma/instances/instance.ex @@ -159,13 +159,11 @@ defp scrape_favicon(%URI{} = instance_uri) do Pleroma.HTTP.get(to_string(instance_uri), [{"accept", "text/html"}], adapter: [pool: :media] ), - favicon_rel <- - html - |> Floki.parse_document!() - |> Floki.attribute("link[rel=icon]", "href") - |> List.first(), - favicon <- URI.merge(instance_uri, favicon_rel) |> to_string(), - true <- is_binary(favicon) do + {_, [favicon_rel | _]} when is_binary(favicon_rel) <- + {:parse, + html |> Floki.parse_document!() |> Floki.attribute("link[rel=icon]", "href")}, + {_, favicon} when is_binary(favicon) <- + {:merge, URI.merge(instance_uri, favicon_rel) |> to_string()} do favicon else _ -> nil diff --git a/test/web/instances/instance_test.exs b/test/web/instances/instance_test.exs index dc6ace843..4f0805100 100644 --- a/test/web/instances/instance_test.exs +++ b/test/web/instances/instance_test.exs @@ -99,35 +99,54 @@ test "does NOT modify `unreachable_since` value of existing record in case it's end end - test "Scrapes favicon URLs" do - Tesla.Mock.mock(fn %{url: "https://favicon.example.org/"} -> - %Tesla.Env{ - status: 200, - body: ~s[] - } - end) + describe "get_or_update_favicon/1" do + test "Scrapes favicon URLs" do + Tesla.Mock.mock(fn %{url: "https://favicon.example.org/"} -> + %Tesla.Env{ + status: 200, + body: ~s[] + } + end) - assert "https://favicon.example.org/favicon.png" == - Instance.get_or_update_favicon(URI.parse("https://favicon.example.org/")) - end + assert "https://favicon.example.org/favicon.png" == + Instance.get_or_update_favicon(URI.parse("https://favicon.example.org/")) + end - test "Returns nil on too long favicon URLs" do - long_favicon_url = - "https://Lorem.ipsum.dolor.sit.amet/consecteturadipiscingelit/Praesentpharetrapurusutaliquamtempus/Mauriseulaoreetarcu/atfacilisisorci/Nullamporttitor/nequesedfeugiatmollis/dolormagnaefficiturlorem/nonpretiumsapienorcieurisus/Nullamveleratsem/Maecenassedaccumsanexnam/favicon.png" + test "Returns nil on too long favicon URLs" do + long_favicon_url = + "https://Lorem.ipsum.dolor.sit.amet/consecteturadipiscingelit/Praesentpharetrapurusutaliquamtempus/Mauriseulaoreetarcu/atfacilisisorci/Nullamporttitor/nequesedfeugiatmollis/dolormagnaefficiturlorem/nonpretiumsapienorcieurisus/Nullamveleratsem/Maecenassedaccumsanexnam/favicon.png" - Tesla.Mock.mock(fn %{url: "https://long-favicon.example.org/"} -> - %Tesla.Env{ - status: 200, - body: ~s[] - } - end) + Tesla.Mock.mock(fn %{url: "https://long-favicon.example.org/"} -> + %Tesla.Env{ + status: 200, + body: + ~s[] + } + end) - assert capture_log(fn -> - assert nil == - Instance.get_or_update_favicon( - URI.parse("https://long-favicon.example.org/") - ) - end) =~ - "Instance.get_or_update_favicon(\"long-favicon.example.org\") error: %Postgrex.Error{" + assert capture_log(fn -> + assert nil == + Instance.get_or_update_favicon( + URI.parse("https://long-favicon.example.org/") + ) + end) =~ + "Instance.get_or_update_favicon(\"long-favicon.example.org\") error: %Postgrex.Error{" + end + + test "Handles not getting a favicon URL properly" do + Tesla.Mock.mock(fn %{url: "https://no-favicon.example.org/"} -> + %Tesla.Env{ + status: 200, + body: ~s[

I wil look down and whisper "GNO.."

] + } + end) + + refute capture_log(fn -> + assert nil == + Instance.get_or_update_favicon( + URI.parse("https://no-favicon.example.org/") + ) + end) =~ "Instance.scrape_favicon(\"https://no-favicon.example.org/\") error: " + end end end From 36c9197ac36707cdfe3d679bbd64972b4b03ea84 Mon Sep 17 00:00:00 2001 From: Haelwenn Date: Fri, 11 Sep 2020 10:46:16 +0000 Subject: [PATCH 190/264] Apply 1 suggestion(s) to 1 file(s) --- lib/pleroma/web/federator/federator.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index e4ab9ba32..130654145 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -94,7 +94,7 @@ def perform(:incoming_ap_doc, params) do e -> # Just drop those for now - Logger.debug("Unhandled activity\n" <> Jason.encode!(params, pretty: true)) + Logger.debug(fn -> "Unhandled activity\n" <> Jason.encode!(params, pretty: true) end) {:error, e} end end From 89a7efab69d905cc3521388b1e1cf43851848627 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 11 Sep 2020 14:22:54 +0300 Subject: [PATCH 191/264] ConnectionPool: Log possible HTTP1 blocks --- lib/pleroma/gun/conn.ex | 12 ++++++------ lib/pleroma/gun/connection_pool/worker.ex | 22 ++++++++++++++++------ lib/pleroma/telemetry/logger.ex | 18 ++++++++++++++++-- 3 files changed, 38 insertions(+), 14 deletions(-) diff --git a/lib/pleroma/gun/conn.ex b/lib/pleroma/gun/conn.ex index 75b1ffc0a..477e19c6e 100644 --- a/lib/pleroma/gun/conn.ex +++ b/lib/pleroma/gun/conn.ex @@ -50,10 +50,10 @@ defp do_open(uri, %{proxy: {proxy_host, proxy_port}} = opts) do with open_opts <- Map.delete(opts, :tls_opts), {:ok, conn} <- Gun.open(proxy_host, proxy_port, open_opts), - {:ok, _} <- Gun.await_up(conn, opts[:connect_timeout]), + {:ok, protocol} <- Gun.await_up(conn, opts[:connect_timeout]), stream <- Gun.connect(conn, connect_opts), {:response, :fin, 200, _} <- Gun.await(conn, stream) do - {:ok, conn} + {:ok, conn, protocol} else error -> Logger.warn( @@ -88,8 +88,8 @@ defp do_open(uri, %{proxy: {proxy_type, proxy_host, proxy_port}} = opts) do |> Map.put(:socks_opts, socks_opts) with {:ok, conn} <- Gun.open(proxy_host, proxy_port, opts), - {:ok, _} <- Gun.await_up(conn, opts[:connect_timeout]) do - {:ok, conn} + {:ok, protocol} <- Gun.await_up(conn, opts[:connect_timeout]) do + {:ok, conn, protocol} else error -> Logger.warn( @@ -106,8 +106,8 @@ defp do_open(%URI{host: host, port: port} = uri, opts) do host = Pleroma.HTTP.AdapterHelper.parse_host(host) with {:ok, conn} <- Gun.open(host, port, opts), - {:ok, _} <- Gun.await_up(conn, opts[:connect_timeout]) do - {:ok, conn} + {:ok, protocol} <- Gun.await_up(conn, opts[:connect_timeout]) do + {:ok, conn, protocol} else error -> Logger.warn( diff --git a/lib/pleroma/gun/connection_pool/worker.ex b/lib/pleroma/gun/connection_pool/worker.ex index c36332817..49d41e4c7 100644 --- a/lib/pleroma/gun/connection_pool/worker.ex +++ b/lib/pleroma/gun/connection_pool/worker.ex @@ -15,7 +15,7 @@ def init([_key, _uri, _opts, _client_pid] = opts) do @impl true def handle_continue({:connect, [key, uri, opts, client_pid]}, _) do - with {:ok, conn_pid} <- Gun.Conn.open(uri, opts), + with {:ok, conn_pid, protocol} <- Gun.Conn.open(uri, opts), Process.link(conn_pid) do time = :erlang.monotonic_time(:millisecond) @@ -27,8 +27,12 @@ def handle_continue({:connect, [key, uri, opts, client_pid]}, _) do send(client_pid, {:conn_pid, conn_pid}) {:noreply, - %{key: key, timer: nil, client_monitors: %{client_pid => Process.monitor(client_pid)}}, - :hibernate} + %{ + key: key, + timer: nil, + client_monitors: %{client_pid => Process.monitor(client_pid)}, + protocol: protocol + }, :hibernate} else err -> {:stop, {:shutdown, err}, nil} @@ -53,14 +57,20 @@ def handle_cast({:remove_client, client_pid}, state) do end @impl true - def handle_call(:add_client, {client_pid, _}, %{key: key} = state) do + def handle_call(:add_client, {client_pid, _}, %{key: key, protocol: protocol} = state) do time = :erlang.monotonic_time(:millisecond) - {{conn_pid, _, _, _}, _} = + {{conn_pid, used_by, _, _}, _} = Registry.update_value(@registry, key, fn {conn_pid, used_by, crf, last_reference} -> {conn_pid, [client_pid | used_by], crf(time - last_reference, crf), time} end) + :telemetry.execute( + [:pleroma, :connection_pool, :client, :add], + %{client_pid: client_pid, clients: used_by}, + %{key: state.key, protocol: protocol} + ) + state = if state.timer != nil do Process.cancel_timer(state[:timer]) @@ -131,7 +141,7 @@ def handle_info({:gun_down, _pid, _protocol, _reason, _killed_streams}, state) d @impl true def handle_info({:DOWN, _ref, :process, pid, reason}, state) do :telemetry.execute( - [:pleroma, :connection_pool, :client_death], + [:pleroma, :connection_pool, :client, :dead], %{client_pid: pid, reason: reason}, %{key: state.key} ) diff --git a/lib/pleroma/telemetry/logger.ex b/lib/pleroma/telemetry/logger.ex index 4cacae02f..197b1d091 100644 --- a/lib/pleroma/telemetry/logger.ex +++ b/lib/pleroma/telemetry/logger.ex @@ -7,7 +7,8 @@ defmodule Pleroma.Telemetry.Logger do [:pleroma, :connection_pool, :reclaim, :start], [:pleroma, :connection_pool, :reclaim, :stop], [:pleroma, :connection_pool, :provision_failure], - [:pleroma, :connection_pool, :client_death] + [:pleroma, :connection_pool, :client, :dead], + [:pleroma, :connection_pool, :client, :add] ] def attach do :telemetry.attach_many("pleroma-logger", @events, &handle_event/4, []) @@ -62,7 +63,7 @@ def handle_event( end def handle_event( - [:pleroma, :connection_pool, :client_death], + [:pleroma, :connection_pool, :client, :dead], %{client_pid: client_pid, reason: reason}, %{key: key}, _ @@ -73,4 +74,17 @@ def handle_event( }" end) end + + def handle_event( + [:pleroma, :connection_pool, :client, :add], + %{clients: [_, _ | _] = clients}, + %{key: key, protocol: :http}, + _ + ) do + Logger.info(fn -> + "Pool worker for #{key}: #{length(clients)} clients are using an HTTP1 connection at the same time, head-of-line blocking might occur." + end) + end + + def handle_event([:pleroma, :connection_pool, :client, :add], _, _, _), do: :ok end From f1f44069ae525fd21127e5ceccc61016c12f4427 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 11 Sep 2020 19:58:58 +0200 Subject: [PATCH 192/264] Fetcher: Correctly return MRF reject reason --- lib/pleroma/object/fetcher.ex | 4 ++-- lib/pleroma/web/activity_pub/activity_pub.ex | 4 ++-- test/object/fetcher_test.exs | 25 +++++++++++++++----- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 1de2ce6c3..24dc7cb95 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -98,8 +98,8 @@ def fetch_object_from_id(id, options \\ []) do {:containment, _} -> {:error, "Object containment failed."} - {:transmogrifier, {:error, {:reject, nil}}} -> - {:reject, nil} + {:transmogrifier, {:error, {:reject, e}}} -> + {:reject, e} {:transmogrifier, _} = e -> {:error, e} diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 66a9f78a3..b2205bff7 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -154,8 +154,8 @@ def insert(map, local \\ true, fake \\ false, bypass_actor_check \\ false) when {:remote_limit_pass, _} -> {:error, :remote_limit} - {:reject, reason} -> - {:error, reason} + {:reject, _} = e -> + {:error, e} end end diff --git a/test/object/fetcher_test.exs b/test/object/fetcher_test.exs index 16cfa7f5c..3173ee31c 100644 --- a/test/object/fetcher_test.exs +++ b/test/object/fetcher_test.exs @@ -6,10 +6,13 @@ defmodule Pleroma.Object.FetcherTest do use Pleroma.DataCase alias Pleroma.Activity + alias Pleroma.Config alias Pleroma.Object alias Pleroma.Object.Fetcher - import Tesla.Mock + + import ExUnit.CaptureLog import Mock + import Tesla.Mock setup do mock(fn @@ -71,20 +74,20 @@ test "it works when fetching the OP actor errors out" do setup do: clear_config([:instance, :federation_incoming_replies_max_depth]) test "it returns thread depth exceeded error if thread depth is exceeded" do - Pleroma.Config.put([:instance, :federation_incoming_replies_max_depth], 0) + Config.put([:instance, :federation_incoming_replies_max_depth], 0) assert {:error, "Max thread distance exceeded."} = Fetcher.fetch_object_from_id(@ap_id, depth: 1) end test "it fetches object if max thread depth is restricted to 0 and depth is not specified" do - Pleroma.Config.put([:instance, :federation_incoming_replies_max_depth], 0) + Config.put([:instance, :federation_incoming_replies_max_depth], 0) assert {:ok, _} = Fetcher.fetch_object_from_id(@ap_id) end test "it fetches object if requested depth does not exceed max thread depth" do - Pleroma.Config.put([:instance, :federation_incoming_replies_max_depth], 10) + Config.put([:instance, :federation_incoming_replies_max_depth], 10) assert {:ok, _} = Fetcher.fetch_object_from_id(@ap_id, depth: 10) end @@ -120,6 +123,16 @@ test "it fetches an object" do assert object == object_again end + + test "Return MRF reason when fetched status is rejected by one" do + clear_config([:mrf_keyword, :reject], ["yeah"]) + clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy]) + + assert {:reject, "[KeywordPolicy] Matches with rejected keyword"} == + Fetcher.fetch_object_from_id( + "http://mastodon.example.org/@admin/99541947525187367" + ) + end end describe "implementation quirks" do @@ -212,7 +225,7 @@ test "it can refetch pruned objects" do Pleroma.Signature, [:passthrough], [] do - Pleroma.Config.put([:activitypub, :sign_object_fetches], true) + Config.put([:activitypub, :sign_object_fetches], true) Fetcher.fetch_object_from_id("http://mastodon.example.org/@admin/99541947525187367") @@ -223,7 +236,7 @@ test "it can refetch pruned objects" do Pleroma.Signature, [:passthrough], [] do - Pleroma.Config.put([:activitypub, :sign_object_fetches], false) + Config.put([:activitypub, :sign_object_fetches], false) Fetcher.fetch_object_from_id("http://mastodon.example.org/@admin/99541947525187367") From f88dc1937e5aa4208143fa68400a5c38a1b9eddf Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 31 Aug 2020 16:48:24 -0500 Subject: [PATCH 193/264] MastodonAPI.StatusView.get_user/1 --> CommonAPI.get_user/1 --- .../web/admin_api/views/status_view.ex | 3 ++- lib/pleroma/web/common_api/common_api.ex | 17 +++++++++++++ .../web/mastodon_api/views/status_view.ex | 25 +++---------------- .../web/pleroma_api/views/scrobble_view.ex | 4 +-- test/web/common_api/common_api_test.exs | 20 +++++++++++++++ 5 files changed, 45 insertions(+), 24 deletions(-) diff --git a/lib/pleroma/web/admin_api/views/status_view.ex b/lib/pleroma/web/admin_api/views/status_view.ex index 500800be2..6042a22b6 100644 --- a/lib/pleroma/web/admin_api/views/status_view.ex +++ b/lib/pleroma/web/admin_api/views/status_view.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.AdminAPI.StatusView do require Pleroma.Constants alias Pleroma.Web.AdminAPI + alias Pleroma.Web.CommonAPI alias Pleroma.Web.MastodonAPI defdelegate merge_account_views(user), to: AdminAPI.AccountView @@ -17,7 +18,7 @@ def render("index.json", opts) do end def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} = opts) do - user = MastodonAPI.StatusView.get_user(activity.data["actor"]) + user = CommonAPI.get_user(activity.data["actor"]) MastodonAPI.StatusView.render("show.json", opts) |> Map.merge(%{account: merge_account_views(user)}) diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 5ad2b91c2..d6e9d3d67 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -550,4 +550,21 @@ def hide_reblogs(%User{} = user, %User{} = target) do def show_reblogs(%User{} = user, %User{} = target) do UserRelationship.delete_reblog_mute(user, target) end + + def get_user(ap_id, fake_record_fallback \\ true) do + cond do + user = User.get_cached_by_ap_id(ap_id) -> + user + + user = User.get_by_guessed_nickname(ap_id) -> + user + + fake_record_fallback -> + # TODO: refactor (fake records is never a good idea) + User.error_user(ap_id) + + true -> + nil + end + end end diff --git a/lib/pleroma/web/mastodon_api/views/status_view.ex b/lib/pleroma/web/mastodon_api/views/status_view.ex index 3fe1967be..66732d09e 100644 --- a/lib/pleroma/web/mastodon_api/views/status_view.ex +++ b/lib/pleroma/web/mastodon_api/views/status_view.ex @@ -56,23 +56,6 @@ defp get_replied_to_activities(activities) do end) end - def get_user(ap_id, fake_record_fallback \\ true) do - cond do - user = User.get_cached_by_ap_id(ap_id) -> - user - - user = User.get_by_guessed_nickname(ap_id) -> - user - - fake_record_fallback -> - # TODO: refactor (fake records is never a good idea) - User.error_user(ap_id) - - true -> - nil - end - end - defp get_context_id(%{data: %{"context_id" => context_id}}) when not is_nil(context_id), do: context_id @@ -120,7 +103,7 @@ def render("index.json", opts) do # Note: unresolved users are filtered out actors = (activities ++ parent_activities) - |> Enum.map(&get_user(&1.data["actor"], false)) + |> Enum.map(&CommonAPI.get_user(&1.data["actor"], false)) |> Enum.filter(& &1) UserRelationship.view_relationships_option(reading_user, actors, subset: :source_mutes) @@ -139,7 +122,7 @@ def render( "show.json", %{activity: %{data: %{"type" => "Announce", "object" => _object}} = activity} = opts ) do - user = get_user(activity.data["actor"]) + user = CommonAPI.get_user(activity.data["actor"]) created_at = Utils.to_masto_date(activity.data["published"]) activity_object = Object.normalize(activity) @@ -212,7 +195,7 @@ def render( def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} = opts) do object = Object.normalize(activity) - user = get_user(activity.data["actor"]) + user = CommonAPI.get_user(activity.data["actor"]) user_follower_address = user.follower_address like_count = object.data["like_count"] || 0 @@ -266,7 +249,7 @@ def render("show.json", %{activity: %{data: %{"object" => _object}} = activity} reply_to = get_reply_to(activity, opts) - reply_to_user = reply_to && get_user(reply_to.data["actor"]) + reply_to_user = reply_to && CommonAPI.get_user(reply_to.data["actor"]) content = object diff --git a/lib/pleroma/web/pleroma_api/views/scrobble_view.ex b/lib/pleroma/web/pleroma_api/views/scrobble_view.ex index bbff93abe..95bd4c368 100644 --- a/lib/pleroma/web/pleroma_api/views/scrobble_view.ex +++ b/lib/pleroma/web/pleroma_api/views/scrobble_view.ex @@ -10,14 +10,14 @@ defmodule Pleroma.Web.PleromaAPI.ScrobbleView do alias Pleroma.Activity alias Pleroma.HTML alias Pleroma.Object + alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.MastodonAPI.AccountView - alias Pleroma.Web.MastodonAPI.StatusView def render("show.json", %{activity: %Activity{data: %{"type" => "Listen"}} = activity} = opts) do object = Object.normalize(activity) - user = StatusView.get_user(activity.data["actor"]) + user = CommonAPI.get_user(activity.data["actor"]) created_at = Utils.to_masto_date(activity.data["published"]) %{ diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index 4ba6232dc..d171b344a 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -1126,4 +1126,24 @@ test "respects visibility=private" do assert Visibility.get_visibility(activity) == "private" end end + + describe "get_user/1" do + test "gets user by ap_id" do + user = insert(:user) + assert CommonAPI.get_user(user.ap_id) == user + end + + test "gets user by guessed nickname" do + user = insert(:user, ap_id: "", nickname: "mario@mushroom.kingdom") + assert CommonAPI.get_user("https://mushroom.kingdom/users/mario") == user + end + + test "fallback" do + assert %User{ + name: "", + ap_id: "", + nickname: "erroruser@example.com" + } = CommonAPI.get_user("") + end + end end From b40a627ab02f9f63eac42ce6fc65282fc6cb6b92 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 31 Aug 2020 19:56:05 -0500 Subject: [PATCH 194/264] AdminAPI: delete a chat message --- lib/pleroma/moderation_log.ex | 24 +++++++++ .../admin_api/controllers/chat_controller.ex | 37 +++++++++++++ .../operations/admin/chat_operation.ex | 44 +++++++++++++++ lib/pleroma/web/router.ex | 2 + test/support/factory.ex | 54 +++++++++++++++++++ .../controllers/chat_controller_test.exs | 53 ++++++++++++++++++ 6 files changed, 214 insertions(+) create mode 100644 lib/pleroma/web/admin_api/controllers/chat_controller.ex create mode 100644 lib/pleroma/web/api_spec/operations/admin/chat_operation.ex create mode 100644 test/web/admin_api/controllers/chat_controller_test.exs diff --git a/lib/pleroma/moderation_log.ex b/lib/pleroma/moderation_log.ex index 31c9afe2a..47036a6f6 100644 --- a/lib/pleroma/moderation_log.ex +++ b/lib/pleroma/moderation_log.ex @@ -320,6 +320,19 @@ def insert_log(%{ |> insert_log_entry_with_message() end + @spec insert_log(%{actor: User, action: String.t(), subject_id: String.t()}) :: + {:ok, ModerationLog} | {:error, any} + def insert_log(%{actor: %User{} = actor, action: "chat_message_delete", subject_id: subject_id}) do + %ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor.nickname}, + "action" => "chat_message_delete", + "subject_id" => subject_id + } + } + |> insert_log_entry_with_message() + end + @spec insert_log_entry_with_message(ModerationLog) :: {:ok, ModerationLog} | {:error, any} defp insert_log_entry_with_message(entry) do entry.data["message"] @@ -627,6 +640,17 @@ def get_log_entry_message(%ModerationLog{ "@#{actor_nickname} updated users: #{users_to_nicknames_string(subjects)}" end + @spec get_log_entry_message(ModerationLog) :: String.t() + def get_log_entry_message(%ModerationLog{ + data: %{ + "actor" => %{"nickname" => actor_nickname}, + "action" => "chat_message_delete", + "subject_id" => subject_id + } + }) do + "@#{actor_nickname} deleted chat message ##{subject_id}" + end + defp nicknames_to_string(nicknames) do nicknames |> Enum.map(&"@#{&1}") diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex new file mode 100644 index 000000000..bcce824d2 --- /dev/null +++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex @@ -0,0 +1,37 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.AdminAPI.ChatController do + use Pleroma.Web, :controller + + alias Pleroma.Activity + alias Pleroma.ModerationLog + alias Pleroma.Plugs.OAuthScopesPlug + alias Pleroma.Web.CommonAPI + + require Logger + + plug(Pleroma.Web.ApiSpec.CastAndValidate) + + plug( + OAuthScopesPlug, + %{scopes: ["write:chats"], admin: true} when action in [:delete_message] + ) + + action_fallback(Pleroma.Web.AdminAPI.FallbackController) + + defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.ChatOperation + + def delete_message(%{assigns: %{user: user}} = conn, %{message_id: id}) do + with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do + ModerationLog.insert_log(%{ + action: "chat_message_delete", + actor: user, + subject_id: id + }) + + json(conn, %{}) + end + end +end diff --git a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex new file mode 100644 index 000000000..7045fd7ce --- /dev/null +++ b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex @@ -0,0 +1,44 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ApiSpec.Admin.ChatOperation do + alias OpenApiSpex.Operation + alias Pleroma.Web.ApiSpec.Schemas.ApiError + alias Pleroma.Web.ApiSpec.Schemas.FlakeID + + import Pleroma.Web.ApiSpec.Helpers + + def open_api_operation(action) do + operation = String.to_existing_atom("#{action}_operation") + apply(__MODULE__, operation, []) + end + + def delete_message_operation do + %Operation{ + tags: ["Admin", "Chats"], + summary: "Delete an individual chat message", + operationId: "AdminAPI.ChatController.delete", + parameters: [id_param(), message_id_param()] ++ admin_api_params(), + security: [%{"oAuth" => ["write:chats"]}], + responses: %{ + 200 => empty_object_response(), + 404 => Operation.response("Not Found", "application/json", ApiError) + } + } + end + + def id_param do + Operation.parameter(:id, :path, FlakeID, "Chat ID", + example: "9umDrYheeY451cQnEe", + required: true + ) + end + + def message_id_param do + Operation.parameter(:message_id, :path, FlakeID, "Chat message ID", + example: "9umDrYheeY451cQnEe", + required: true + ) + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index c6433cc53..e438768ed 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -214,6 +214,8 @@ defmodule Pleroma.Web.Router do get("/media_proxy_caches", MediaProxyCacheController, :index) post("/media_proxy_caches/delete", MediaProxyCacheController, :delete) post("/media_proxy_caches/purge", MediaProxyCacheController, :purge) + + delete("/chats/:id/messages/:message_id", ChatController, :delete_message) end scope "/api/pleroma/emoji", Pleroma.Web.PleromaAPI do diff --git a/test/support/factory.ex b/test/support/factory.ex index 486eda8da..61ca4587c 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -460,4 +460,58 @@ def filter_factory do phrase: "cofe" } end + + def chat_factory(attrs \\ %{}) do + user = attrs[:user] || insert(:user) + recipient = attrs[:recipient] || insert(:user) + + %Pleroma.Chat{ + user_id: user.id, + recipient: recipient.ap_id + } + end + + def chat_message_factory(attrs \\ %{}) do + text = sequence(:text, &"This is :moominmamma: chat message #{&1}") + chat = attrs[:chat] || insert(:chat) + + data = %{ + "type" => "ChatMessage", + "content" => text, + "id" => Pleroma.Web.ActivityPub.Utils.generate_object_id(), + "actor" => User.get_by_id(chat.user_id).ap_id, + "to" => [chat.recipient], + "published" => DateTime.utc_now() |> DateTime.to_iso8601() + } + + %Pleroma.Object{ + data: merge_attributes(data, Map.get(attrs, :data, %{})) + } + end + + def chat_message_activity_factory(attrs \\ %{}) do + chat = attrs[:chat] || insert(:chat) + chat_message = attrs[:chat_message] || insert(:chat_message, chat: chat) + + data_attrs = attrs[:data_attrs] || %{} + attrs = Map.drop(attrs, [:chat, :chat_message, :data_attrs]) + + data = + %{ + "id" => Pleroma.Web.ActivityPub.Utils.generate_activity_id(), + "type" => "Create", + "actor" => chat_message.data["actor"], + "to" => chat_message.data["to"], + "object" => chat_message.data["id"], + "published" => DateTime.utc_now() |> DateTime.to_iso8601() + } + |> Map.merge(data_attrs) + + %Pleroma.Activity{ + data: data, + actor: data["actor"], + recipients: data["to"] + } + |> Map.merge(attrs) + end end diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs new file mode 100644 index 000000000..4527437af --- /dev/null +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -0,0 +1,53 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.AdminAPI.ChatControllerTest do + use Pleroma.Web.ConnCase + + import Pleroma.Factory + + alias Pleroma.Activity + alias Pleroma.Config + alias Pleroma.ModerationLog + alias Pleroma.Repo + + setup do + admin = insert(:user, is_admin: true) + token = insert(:oauth_admin_token, user: admin) + + conn = + build_conn() + |> assign(:user, admin) + |> assign(:token, token) + + {:ok, %{admin: admin, token: token, conn: conn}} + end + + describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do + setup do + chat = insert(:chat) + message = insert(:chat_message_activity, chat: chat) + %{chat: chat, message: message} + end + + test "deletes chat message", %{conn: conn, chat: chat, message: message, admin: admin} do + conn + |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{message.id}") + |> json_response_and_validate_schema(:ok) + + refute Activity.get_by_id(message.id) + + log_entry = Repo.one(ModerationLog) + + assert ModerationLog.get_log_entry_message(log_entry) == + "@#{admin.nickname} deleted chat message ##{message.id}" + end + + test "returns 404 when the chat message does not exist", %{conn: conn} do + conn = delete(conn, "/api/pleroma/admin/chats/test/messages/test") + + assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} + end + end +end From fb0de073439b5e3be823e736b44608e80f1027f1 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Mon, 31 Aug 2020 20:23:33 -0500 Subject: [PATCH 195/264] AdminAPI: list chats for a user --- .../controllers/admin_api_controller.ex | 27 +++++++++++++++++++ lib/pleroma/web/router.ex | 3 +++ .../controllers/admin_api_controller_test.exs | 18 +++++++++++++ 3 files changed, 48 insertions(+) diff --git a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex index f5e4d49f9..9b66c2f10 100644 --- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do use Pleroma.Web, :controller + import Ecto.Query import Pleroma.Web.ControllerHelper, only: [json_response: 3] alias Pleroma.Config @@ -21,6 +22,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do alias Pleroma.Web.AdminAPI.ModerationLogView alias Pleroma.Web.AdminAPI.Search alias Pleroma.Web.Endpoint + alias Pleroma.Web.PleromaAPI alias Pleroma.Web.Router require Logger @@ -68,6 +70,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do when action in [:list_user_statuses, :list_instance_statuses] ) + plug( + OAuthScopesPlug, + %{scopes: ["read:chats"], admin: true} + when action in [:list_user_chats] + ) + plug( OAuthScopesPlug, %{scopes: ["read"], admin: true} @@ -256,6 +264,25 @@ def list_user_statuses(%{assigns: %{user: admin}} = conn, %{"nickname" => nickna end end + def list_user_chats(%{assigns: %{user: admin}} = conn, %{"nickname" => nickname} = _params) do + with %User{id: user_id} <- User.get_cached_by_nickname_or_id(nickname, for: admin) do + chats = + from(c in Pleroma.Chat, + where: c.user_id == ^user_id, + order_by: [desc: c.updated_at], + inner_join: u in User, + on: u.ap_id == c.recipient + ) + |> Pleroma.Repo.all() + + conn + |> put_view(PleromaAPI.ChatView) + |> render("index.json", chats: chats) + else + _ -> {:error, :not_found} + end + end + def user_toggle_activation(%{assigns: %{user: admin}} = conn, %{"nickname" => nickname}) do user = User.get_cached_by_nickname(nickname) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index e438768ed..ad3282df4 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -178,6 +178,7 @@ defmodule Pleroma.Web.Router do get("/users", AdminAPIController, :list_users) get("/users/:nickname", AdminAPIController, :user_show) get("/users/:nickname/statuses", AdminAPIController, :list_user_statuses) + get("/users/:nickname/chats", AdminAPIController, :list_user_chats) get("/instances/:instance/statuses", AdminAPIController, :list_instance_statuses) @@ -215,6 +216,8 @@ defmodule Pleroma.Web.Router do post("/media_proxy_caches/delete", MediaProxyCacheController, :delete) post("/media_proxy_caches/purge", MediaProxyCacheController, :purge) + # get("/chats/:id", ChatController, :show) + # get("/chats/:id/messages", ChatController, :messages) delete("/chats/:id/messages/:message_id", ChatController, :delete_message) end diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs index dbf478edf..cf5637246 100644 --- a/test/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/web/admin_api/controllers/admin_api_controller_test.exs @@ -1510,6 +1510,24 @@ test "excludes reblogs by default", %{conn: conn, user: user} do end end + describe "GET /api/pleroma/admin/users/:nickname/chats" do + setup do + user = insert(:user) + + insert(:chat, user: user) + insert(:chat, user: user) + insert(:chat, user: user) + + %{user: user} + end + + test "renders user's statuses", %{conn: conn, user: user} do + conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats") + + assert json_response(conn, 200) |> length() == 3 + end + end + describe "GET /api/pleroma/admin/moderation_log" do setup do moderator = insert(:user, is_moderator: true) From c41430b23eaf3fd15b227e66215aa2a4ff31dfdb Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 19:05:24 -0500 Subject: [PATCH 196/264] Refactor with Chat.for_user_query/1 --- lib/pleroma/chat.ex | 12 ++++++++++++ .../admin_api/controllers/admin_api_controller.ex | 8 +------- .../web/pleroma_api/controllers/chat_controller.ex | 9 ++------- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/lib/pleroma/chat.ex b/lib/pleroma/chat.ex index 24a86371e..b38c5c3dd 100644 --- a/lib/pleroma/chat.ex +++ b/lib/pleroma/chat.ex @@ -6,7 +6,9 @@ defmodule Pleroma.Chat do use Ecto.Schema import Ecto.Changeset + import Ecto.Query + alias Pleroma.Chat alias Pleroma.Repo alias Pleroma.User @@ -69,4 +71,14 @@ def bump_or_create(user_id, recipient) do conflict_target: [:user_id, :recipient] ) end + + @spec for_user_query(FlakeId.Ecto.CompatType.t()) :: Ecto.Query.t() + def for_user_query(user_id) do + from(c in Chat, + where: c.user_id == ^user_id, + order_by: [desc: c.updated_at], + inner_join: u in User, + on: u.ap_id == c.recipient + ) + end end diff --git a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex index 9b66c2f10..fccdbabb4 100644 --- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex @@ -5,7 +5,6 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do use Pleroma.Web, :controller - import Ecto.Query import Pleroma.Web.ControllerHelper, only: [json_response: 3] alias Pleroma.Config @@ -267,12 +266,7 @@ def list_user_statuses(%{assigns: %{user: admin}} = conn, %{"nickname" => nickna def list_user_chats(%{assigns: %{user: admin}} = conn, %{"nickname" => nickname} = _params) do with %User{id: user_id} <- User.get_cached_by_nickname_or_id(nickname, for: admin) do chats = - from(c in Pleroma.Chat, - where: c.user_id == ^user_id, - order_by: [desc: c.updated_at], - inner_join: u in User, - on: u.ap_id == c.recipient - ) + Pleroma.Chat.for_user_query(user_id) |> Pleroma.Repo.all() conn diff --git a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex index 1f2e953f7..27c9a2e0f 100644 --- a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex @@ -146,13 +146,8 @@ def index(%{assigns: %{user: %{id: user_id} = user}} = conn, _params) do blocked_ap_ids = User.blocked_users_ap_ids(user) chats = - from(c in Chat, - where: c.user_id == ^user_id, - where: c.recipient not in ^blocked_ap_ids, - order_by: [desc: c.updated_at], - inner_join: u in User, - on: u.ap_id == c.recipient - ) + Chat.for_user_query(user_id) + |> where([c], c.recipient not in ^blocked_ap_ids) |> Repo.all() conn From f13b52a703d5c60cf12b2fff69f458e5c467c783 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 19:39:34 -0500 Subject: [PATCH 197/264] AdminAPI: list messages in a chat --- .../admin_api/controllers/chat_controller.ex | 27 ++++++++++ .../operations/admin/chat_operation.ex | 26 ++++++++- lib/pleroma/web/router.ex | 2 +- .../controllers/chat_controller_test.exs | 54 +++++++++++++++++++ 4 files changed, 107 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex index bcce824d2..b423188d7 100644 --- a/lib/pleroma/web/admin_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex @@ -6,14 +6,23 @@ defmodule Pleroma.Web.AdminAPI.ChatController do use Pleroma.Web, :controller alias Pleroma.Activity + alias Pleroma.Chat + alias Pleroma.Chat.MessageReference alias Pleroma.ModerationLog + alias Pleroma.Pagination alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.Web.CommonAPI + alias Pleroma.Web.PleromaAPI.Chat.MessageReferenceView require Logger plug(Pleroma.Web.ApiSpec.CastAndValidate) + plug( + OAuthScopesPlug, + %{scopes: ["read:chats"], admin: true} when action in [:messages] + ) + plug( OAuthScopesPlug, %{scopes: ["write:chats"], admin: true} when action in [:delete_message] @@ -34,4 +43,22 @@ def delete_message(%{assigns: %{user: user}} = conn, %{message_id: id}) do json(conn, %{}) end end + + def messages(conn, %{id: id} = params) do + with %Chat{} = chat <- Chat.get_by_id(id) do + cm_refs = + chat + |> MessageReference.for_chat_query() + |> Pagination.fetch_paginated(params) + + conn + |> put_view(MessageReferenceView) + |> render("index.json", chat_message_references: cm_refs) + else + _ -> + conn + |> put_status(:not_found) + |> json(%{error: "not found"}) + end + end end diff --git a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex index 7045fd7ce..a382bd35a 100644 --- a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex +++ b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex @@ -16,7 +16,7 @@ def open_api_operation(action) do def delete_message_operation do %Operation{ - tags: ["Admin", "Chats"], + tags: ["admin", "chat"], summary: "Delete an individual chat message", operationId: "AdminAPI.ChatController.delete", parameters: [id_param(), message_id_param()] ++ admin_api_params(), @@ -28,6 +28,30 @@ def delete_message_operation do } end + def messages_operation do + %Operation{ + tags: ["admin", "chat"], + summary: "Get the most recent messages of the chat", + operationId: "AdminAPI.ChatController.messages", + parameters: + [Operation.parameter(:id, :path, :string, "The ID of the Chat")] ++ + pagination_params(), + responses: %{ + 200 => + Operation.response( + "The messages in the chat", + "application/json", + Pleroma.Web.ApiSpec.ChatOperation.chat_messages_response() + ) + }, + security: [ + %{ + "oAuth" => ["read:chats"] + } + ] + } + end + def id_param do Operation.parameter(:id, :path, FlakeID, "Chat ID", example: "9umDrYheeY451cQnEe", diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index ad3282df4..02836114a 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -217,7 +217,7 @@ defmodule Pleroma.Web.Router do post("/media_proxy_caches/purge", MediaProxyCacheController, :purge) # get("/chats/:id", ChatController, :show) - # get("/chats/:id/messages", ChatController, :messages) + get("/chats/:id/messages", ChatController, :messages) delete("/chats/:id/messages/:message_id", ChatController, :delete_message) end diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index 4527437af..f61e2a1fa 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -8,9 +8,11 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do import Pleroma.Factory alias Pleroma.Activity + alias Pleroma.Chat alias Pleroma.Config alias Pleroma.ModerationLog alias Pleroma.Repo + alias Pleroma.Web.CommonAPI setup do admin = insert(:user, is_admin: true) @@ -50,4 +52,56 @@ test "returns 404 when the chat message does not exist", %{conn: conn} do assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} end end + + describe "GET /api/pleroma/admin/chats/:id/messages" do + test "it paginates", %{conn: conn} do + user = insert(:user) + recipient = insert(:user) + + Enum.each(1..30, fn _ -> + {:ok, _} = CommonAPI.post_chat_message(user, recipient, "hey") + end) + + chat = Chat.get(user.id, recipient.ap_id) + + result = + conn + |> get("/api/pleroma/admin/chats/#{chat.id}/messages") + |> json_response_and_validate_schema(200) + + assert length(result) == 20 + + result = + conn + |> get("/api/pleroma/admin/chats/#{chat.id}/messages?max_id=#{List.last(result)["id"]}") + |> json_response_and_validate_schema(200) + + assert length(result) == 10 + end + + test "it returns the messages for a given chat", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + third_user = insert(:user) + + {:ok, _} = CommonAPI.post_chat_message(user, other_user, "hey") + {:ok, _} = CommonAPI.post_chat_message(user, third_user, "hey") + {:ok, _} = CommonAPI.post_chat_message(user, other_user, "how are you?") + {:ok, _} = CommonAPI.post_chat_message(other_user, user, "fine, how about you?") + + chat = Chat.get(user.id, other_user.ap_id) + + result = + conn + |> get("/api/pleroma/admin/chats/#{chat.id}/messages") + |> json_response_and_validate_schema(200) + + result + |> Enum.each(fn message -> + assert message["chat_id"] == chat.id |> to_string() + end) + + assert length(result) == 3 + end + end end From 9dd0b23da424c380a37897d8bf69ab241efa6f91 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 19:49:46 -0500 Subject: [PATCH 198/264] AdminAPI: show chat --- .../admin_api/controllers/chat_controller.ex | 11 ++++++- .../operations/admin/chat_operation.ex | 32 +++++++++++++++++++ lib/pleroma/web/router.ex | 2 +- .../controllers/chat_controller_test.exs | 16 ++++++++++ 4 files changed, 59 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex index b423188d7..ac362c430 100644 --- a/lib/pleroma/web/admin_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex @@ -13,6 +13,7 @@ defmodule Pleroma.Web.AdminAPI.ChatController do alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.Web.CommonAPI alias Pleroma.Web.PleromaAPI.Chat.MessageReferenceView + alias Pleroma.Web.PleromaAPI.ChatView require Logger @@ -20,7 +21,7 @@ defmodule Pleroma.Web.AdminAPI.ChatController do plug( OAuthScopesPlug, - %{scopes: ["read:chats"], admin: true} when action in [:messages] + %{scopes: ["read:chats"], admin: true} when action in [:show, :messages] ) plug( @@ -61,4 +62,12 @@ def messages(conn, %{id: id} = params) do |> json(%{error: "not found"}) end end + + def show(conn, %{id: id}) do + with %Chat{} = chat <- Chat.get_by_id(id) do + conn + |> put_view(ChatView) + |> render("show.json", chat: chat) + end + end end diff --git a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex index a382bd35a..3550d531e 100644 --- a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex +++ b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.ApiSpec.Admin.ChatOperation do alias OpenApiSpex.Operation alias Pleroma.Web.ApiSpec.Schemas.ApiError + alias Pleroma.Web.ApiSpec.Schemas.Chat alias Pleroma.Web.ApiSpec.Schemas.FlakeID import Pleroma.Web.ApiSpec.Helpers @@ -52,6 +53,37 @@ def messages_operation do } end + def show_operation do + %Operation{ + tags: ["chat"], + summary: "Create a chat", + operationId: "AdminAPI.ChatController.show", + parameters: [ + Operation.parameter( + :id, + :path, + :string, + "The id of the chat", + required: true, + example: "1234" + ) + ], + responses: %{ + 200 => + Operation.response( + "The existing chat", + "application/json", + Chat + ) + }, + security: [ + %{ + "oAuth" => ["read"] + } + ] + } + end + def id_param do Operation.parameter(:id, :path, FlakeID, "Chat ID", example: "9umDrYheeY451cQnEe", diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 02836114a..e4440d442 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -216,7 +216,7 @@ defmodule Pleroma.Web.Router do post("/media_proxy_caches/delete", MediaProxyCacheController, :delete) post("/media_proxy_caches/purge", MediaProxyCacheController, :purge) - # get("/chats/:id", ChatController, :show) + get("/chats/:id", ChatController, :show) get("/chats/:id/messages", ChatController, :messages) delete("/chats/:id/messages/:message_id", ChatController, :delete_message) end diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index f61e2a1fa..63c195b99 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -104,4 +104,20 @@ test "it returns the messages for a given chat", %{conn: conn} do assert length(result) == 3 end end + + describe "GET /api/pleroma/admin/chats/:id" do + test "it returns a chat", %{conn: conn} do + user = insert(:user) + other_user = insert(:user) + + {:ok, chat} = Chat.get_or_create(user.id, other_user.ap_id) + + result = + conn + |> get("/api/pleroma/admin/chats/#{chat.id}") + |> json_response_and_validate_schema(200) + + assert result["id"] == to_string(chat.id) + end + end end From 02d70228b566d5de2cbdd6d1f9958caf2db173f1 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 20:40:36 -0500 Subject: [PATCH 199/264] AdminAPI: fix delete chat message --- .../admin_api/controllers/chat_controller.ex | 20 ++++++++-- .../operations/admin/chat_operation.ex | 40 +++++++++---------- .../controllers/chat_controller_test.exs | 39 ++++++++++-------- 3 files changed, 56 insertions(+), 43 deletions(-) diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex index ac362c430..61d45b970 100644 --- a/lib/pleroma/web/admin_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex @@ -33,15 +33,27 @@ defmodule Pleroma.Web.AdminAPI.ChatController do defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.ChatOperation - def delete_message(%{assigns: %{user: user}} = conn, %{message_id: id}) do - with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do + def delete_message(%{assigns: %{user: user}} = conn, %{ + message_id: message_id, + id: chat_id + }) do + with %MessageReference{object: %{data: %{"id" => object_ap_id}}} = cm_ref <- + MessageReference.get_by_id(message_id), + ^chat_id <- to_string(cm_ref.chat_id), + %Activity{id: activity_id} <- Activity.get_create_by_object_ap_id(object_ap_id), + {:ok, _} <- CommonAPI.delete(activity_id, user) do ModerationLog.insert_log(%{ action: "chat_message_delete", actor: user, - subject_id: id + subject_id: message_id }) - json(conn, %{}) + conn + |> put_view(MessageReferenceView) + |> render("show.json", chat_message_reference: cm_ref) + else + _e -> + {:error, :could_not_delete} end end diff --git a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex index 3550d531e..d3e5dfc1c 100644 --- a/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex +++ b/lib/pleroma/web/api_spec/operations/admin/chat_operation.ex @@ -4,9 +4,8 @@ defmodule Pleroma.Web.ApiSpec.Admin.ChatOperation do alias OpenApiSpex.Operation - alias Pleroma.Web.ApiSpec.Schemas.ApiError alias Pleroma.Web.ApiSpec.Schemas.Chat - alias Pleroma.Web.ApiSpec.Schemas.FlakeID + alias Pleroma.Web.ApiSpec.Schemas.ChatMessage import Pleroma.Web.ApiSpec.Helpers @@ -19,13 +18,24 @@ def delete_message_operation do %Operation{ tags: ["admin", "chat"], summary: "Delete an individual chat message", - operationId: "AdminAPI.ChatController.delete", - parameters: [id_param(), message_id_param()] ++ admin_api_params(), - security: [%{"oAuth" => ["write:chats"]}], + operationId: "AdminAPI.ChatController.delete_message", + parameters: [ + Operation.parameter(:id, :path, :string, "The ID of the Chat"), + Operation.parameter(:message_id, :path, :string, "The ID of the message") + ], responses: %{ - 200 => empty_object_response(), - 404 => Operation.response("Not Found", "application/json", ApiError) - } + 200 => + Operation.response( + "The deleted ChatMessage", + "application/json", + ChatMessage + ) + }, + security: [ + %{ + "oAuth" => ["write:chats"] + } + ] } end @@ -83,18 +93,4 @@ def show_operation do ] } end - - def id_param do - Operation.parameter(:id, :path, FlakeID, "Chat ID", - example: "9umDrYheeY451cQnEe", - required: true - ) - end - - def message_id_param do - Operation.parameter(:message_id, :path, FlakeID, "Chat message ID", - example: "9umDrYheeY451cQnEe", - required: true - ) - end end diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index 63c195b99..9393dd49b 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -7,9 +7,10 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do import Pleroma.Factory - alias Pleroma.Activity alias Pleroma.Chat + alias Pleroma.Chat.MessageReference alias Pleroma.Config + alias Pleroma.Object alias Pleroma.ModerationLog alias Pleroma.Repo alias Pleroma.Web.CommonAPI @@ -27,29 +28,33 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do end describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do - setup do - chat = insert(:chat) - message = insert(:chat_message_activity, chat: chat) - %{chat: chat, message: message} - end + test "it deletes a message from the chat", %{conn: conn, admin: admin} do + user = insert(:user) + recipient = insert(:user) - test "deletes chat message", %{conn: conn, chat: chat, message: message, admin: admin} do - conn - |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{message.id}") - |> json_response_and_validate_schema(:ok) + {:ok, message} = + CommonAPI.post_chat_message(user, recipient, "Hello darkness my old friend") - refute Activity.get_by_id(message.id) + object = Object.normalize(message, false) + + chat = Chat.get(user.id, recipient.ap_id) + + cm_ref = MessageReference.for_chat_and_object(chat, object) + + result = + conn + |> put_req_header("content-type", "application/json") + |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}") + |> json_response_and_validate_schema(200) log_entry = Repo.one(ModerationLog) assert ModerationLog.get_log_entry_message(log_entry) == - "@#{admin.nickname} deleted chat message ##{message.id}" - end + "@#{admin.nickname} deleted chat message ##{cm_ref.id}" - test "returns 404 when the chat message does not exist", %{conn: conn} do - conn = delete(conn, "/api/pleroma/admin/chats/test/messages/test") - - assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"} + assert result["id"] == cm_ref.id + refute MessageReference.get_by_id(cm_ref.id) + assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id) end end From c361df11b4e31bc6b369a4feebdbaa82987c2eec Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 20:56:42 -0500 Subject: [PATCH 200/264] Docs: AdminAPI chat moderation --- docs/API/admin_api.md | 111 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) diff --git a/docs/API/admin_api.md b/docs/API/admin_api.md index c0ea074f0..7bdbd17aa 100644 --- a/docs/API/admin_api.md +++ b/docs/API/admin_api.md @@ -1334,3 +1334,114 @@ Loads json generated from `config/descriptions.exs`. { } ``` + +## GET /api/pleroma/admin/users/:nickname/chats + +### List a user's chats + +- Params: None + +- Response: + +```json +[ + { + "account": { + "id": "someflakeid", + "username": "somenick", + ... + }, + "id" : "1", + "unread" : 2, + "last_message" : {...}, // The last message in that chat + "updated_at": "2020-04-21T15:11:46.000Z" + } +] +``` + +## GET /api/pleroma/admin/chats/:chat_id + +### View a single chat + +- Params: None + +- Response: + +```json +{ + "account": { + "id": "someflakeid", + "username": "somenick", + ... + }, + "id" : "1", + "unread" : 2, + "last_message" : {...}, // The last message in that chat + "updated_at": "2020-04-21T15:11:46.000Z" +} +``` + +## GET /api/pleroma/admin/chats/:chat_id/messages + +### List the messages in a chat + +- Params: None + +- Response: + +```json +[ + { + "account_id": "someflakeid", + "chat_id": "1", + "content": "Check this out :firefox:", + "created_at": "2020-04-21T15:11:46.000Z", + "emojis": [ + { + "shortcode": "firefox", + "static_url": "https://dontbulling.me/emoji/Firefox.gif", + "url": "https://dontbulling.me/emoji/Firefox.gif", + "visible_in_picker": false + } + ], + "id": "13", + "unread": true + }, + { + "account_id": "someflakeid", + "chat_id": "1", + "content": "Whats' up?", + "created_at": "2020-04-21T15:06:45.000Z", + "emojis": [], + "id": "12", + "unread": false + } +] +``` + +## DELETE /api/pleroma/admin/chats/:chat_id/messages/:message_id + +### Delete a single message + +- Params: None + +- Response: + +```json +{ + "account_id": "someflakeid", + "chat_id": "1", + "content": "Check this out :firefox:", + "created_at": "2020-04-21T15:11:46.000Z", + "emojis": [ + { + "shortcode": "firefox", + "static_url": "https://dontbulling.me/emoji/Firefox.gif", + "url": "https://dontbulling.me/emoji/Firefox.gif", + "visible_in_picker": false + } + ], + "id": "13", + "unread": false +} +``` From 67726453f85eb5bb51bf82e7decf23a4f1d184af Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Tue, 1 Sep 2020 21:12:21 -0500 Subject: [PATCH 201/264] Credo fix --- test/web/admin_api/controllers/chat_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index 9393dd49b..bca9d440d 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -10,8 +10,8 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do alias Pleroma.Chat alias Pleroma.Chat.MessageReference alias Pleroma.Config - alias Pleroma.Object alias Pleroma.ModerationLog + alias Pleroma.Object alias Pleroma.Repo alias Pleroma.Web.CommonAPI From e229536e5cca65d811f85d25c86bf3c92b3d8c45 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Thu, 10 Sep 2020 01:44:32 -0500 Subject: [PATCH 202/264] Chat Moderation: use explicit `sender` and `recipient` fields --- docs/API/admin_api.md | 14 +++++++-- .../controllers/admin_api_controller.ex | 5 +--- .../admin_api/controllers/chat_controller.ex | 4 +-- lib/pleroma/web/admin_api/views/chat_view.ex | 30 +++++++++++++++++++ .../controllers/chat_controller_test.exs | 3 ++ 5 files changed, 48 insertions(+), 8 deletions(-) create mode 100644 lib/pleroma/web/admin_api/views/chat_view.ex diff --git a/docs/API/admin_api.md b/docs/API/admin_api.md index 7bdbd17aa..eadb455ee 100644 --- a/docs/API/admin_api.md +++ b/docs/API/admin_api.md @@ -1346,7 +1346,12 @@ Loads json generated from `config/descriptions.exs`. ```json [ { - "account": { + "sender": { + "id": "someflakeid", + "username": "somenick", + ... + }, + "receiver": { "id": "someflakeid", "username": "somenick", ... @@ -1369,7 +1374,12 @@ Loads json generated from `config/descriptions.exs`. ```json { - "account": { + "sender": { + "id": "someflakeid", + "username": "somenick", + ... + }, + "receiver": { "id": "someflakeid", "username": "somenick", ... diff --git a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex index fccdbabb4..d5713c3dd 100644 --- a/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/admin_api_controller.ex @@ -21,11 +21,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do alias Pleroma.Web.AdminAPI.ModerationLogView alias Pleroma.Web.AdminAPI.Search alias Pleroma.Web.Endpoint - alias Pleroma.Web.PleromaAPI alias Pleroma.Web.Router - require Logger - @users_page_size 50 plug( @@ -270,7 +267,7 @@ def list_user_chats(%{assigns: %{user: admin}} = conn, %{"nickname" => nickname} |> Pleroma.Repo.all() conn - |> put_view(PleromaAPI.ChatView) + |> put_view(AdminAPI.ChatView) |> render("index.json", chats: chats) else _ -> {:error, :not_found} diff --git a/lib/pleroma/web/admin_api/controllers/chat_controller.ex b/lib/pleroma/web/admin_api/controllers/chat_controller.ex index 61d45b970..967600d69 100644 --- a/lib/pleroma/web/admin_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/chat_controller.ex @@ -11,9 +11,9 @@ defmodule Pleroma.Web.AdminAPI.ChatController do alias Pleroma.ModerationLog alias Pleroma.Pagination alias Pleroma.Plugs.OAuthScopesPlug + alias Pleroma.Web.AdminAPI alias Pleroma.Web.CommonAPI alias Pleroma.Web.PleromaAPI.Chat.MessageReferenceView - alias Pleroma.Web.PleromaAPI.ChatView require Logger @@ -78,7 +78,7 @@ def messages(conn, %{id: id} = params) do def show(conn, %{id: id}) do with %Chat{} = chat <- Chat.get_by_id(id) do conn - |> put_view(ChatView) + |> put_view(AdminAPI.ChatView) |> render("show.json", chat: chat) end end diff --git a/lib/pleroma/web/admin_api/views/chat_view.ex b/lib/pleroma/web/admin_api/views/chat_view.ex new file mode 100644 index 000000000..847df1423 --- /dev/null +++ b/lib/pleroma/web/admin_api/views/chat_view.ex @@ -0,0 +1,30 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.AdminAPI.ChatView do + use Pleroma.Web, :view + + alias Pleroma.Chat + alias Pleroma.User + alias Pleroma.Web.MastodonAPI + alias Pleroma.Web.PleromaAPI + + def render("index.json", %{chats: chats} = opts) do + render_many(chats, __MODULE__, "show.json", Map.delete(opts, :chats)) + end + + def render("show.json", %{chat: %Chat{user_id: user_id}} = opts) do + user = User.get_by_id(user_id) + sender = MastodonAPI.AccountView.render("show.json", user: user, skip_visibility_check: true) + + serialized_chat = PleromaAPI.ChatView.render("show.json", opts) + + serialized_chat + |> Map.put(:sender, sender) + |> Map.put(:receiver, serialized_chat[:account]) + |> Map.delete(:account) + end + + def render(view, opts), do: PleromaAPI.ChatView.render(view, opts) +end diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index bca9d440d..840f18aa2 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -123,6 +123,9 @@ test "it returns a chat", %{conn: conn} do |> json_response_and_validate_schema(200) assert result["id"] == to_string(chat.id) + assert %{} = result["sender"] + assert %{} = result["receiver"] + refute result["account"] end end end From dfb831ca39db3098d6d585448a6ff8e938e51e8c Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Fri, 11 Sep 2020 14:00:34 -0500 Subject: [PATCH 203/264] Chat moderation: add tests for unauthorized access --- docs/API/admin_api.md | 2 +- .../controllers/admin_api_controller_test.exs | 29 +++++++ .../controllers/chat_controller_test.exs | 80 ++++++++++++++++++- 3 files changed, 109 insertions(+), 2 deletions(-) diff --git a/docs/API/admin_api.md b/docs/API/admin_api.md index eadb455ee..bc96abbf0 100644 --- a/docs/API/admin_api.md +++ b/docs/API/admin_api.md @@ -1395,7 +1395,7 @@ Loads json generated from `config/descriptions.exs`. ### List the messages in a chat -- Params: None +- Params: `max_id`, `min_id` - Response: diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs index cf5637246..dbeeb7f3d 100644 --- a/test/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/web/admin_api/controllers/admin_api_controller_test.exs @@ -1528,6 +1528,35 @@ test "renders user's statuses", %{conn: conn, user: user} do end end + describe "GET /api/pleroma/admin/users/:nickname/chats unauthorized" do + setup do + user = insert(:user) + insert(:chat, user: user) + %{conn: conn} = oauth_access(["read:chats"]) + %{conn: conn, user: user} + end + + test "returns 403", %{conn: conn, user: user} do + conn + |> get("/api/pleroma/admin/users/#{user.nickname}/chats") + |> json_response(403) + end + end + + describe "GET /api/pleroma/admin/users/:nickname/chats unauthenticated" do + setup do + user = insert(:user) + insert(:chat, user: user) + %{conn: build_conn(), user: user} + end + + test "returns 403", %{conn: conn, user: user} do + conn + |> get("/api/pleroma/admin/users/#{user.nickname}/chats") + |> json_response(403) + end + end + describe "GET /api/pleroma/admin/moderation_log" do setup do moderator = insert(:user, is_moderator: true) diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index 840f18aa2..ccca3521a 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -15,7 +15,7 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do alias Pleroma.Repo alias Pleroma.Web.CommonAPI - setup do + defp admin_setup do admin = insert(:user, is_admin: true) token = insert(:oauth_admin_token, user: admin) @@ -28,6 +28,8 @@ defmodule Pleroma.Web.AdminAPI.ChatControllerTest do end describe "DELETE /api/pleroma/admin/chats/:id/messages/:message_id" do + setup do: admin_setup() + test "it deletes a message from the chat", %{conn: conn, admin: admin} do user = insert(:user) recipient = insert(:user) @@ -59,6 +61,8 @@ test "it deletes a message from the chat", %{conn: conn, admin: admin} do end describe "GET /api/pleroma/admin/chats/:id/messages" do + setup do: admin_setup() + test "it paginates", %{conn: conn} do user = insert(:user) recipient = insert(:user) @@ -111,6 +115,8 @@ test "it returns the messages for a given chat", %{conn: conn} do end describe "GET /api/pleroma/admin/chats/:id" do + setup do: admin_setup() + test "it returns a chat", %{conn: conn} do user = insert(:user) other_user = insert(:user) @@ -128,4 +134,76 @@ test "it returns a chat", %{conn: conn} do refute result["account"] end end + + describe "unauthorized chat moderation" do + setup do + user = insert(:user) + recipient = insert(:user) + + {:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo") + object = Object.normalize(message, false) + chat = Chat.get(user.id, recipient.ap_id) + cm_ref = MessageReference.for_chat_and_object(chat, object) + + %{conn: conn} = oauth_access(["read:chats", "write:chats"]) + %{conn: conn, chat: chat, cm_ref: cm_ref} + end + + test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do + conn + |> put_req_header("content-type", "application/json") + |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}") + |> json_response(403) + + assert MessageReference.get_by_id(cm_ref.id) == cm_ref + end + + test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do + conn + |> get("/api/pleroma/admin/chats/#{chat.id}/messages") + |> json_response(403) + end + + test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do + conn + |> get("/api/pleroma/admin/chats/#{chat.id}") + |> json_response(403) + end + end + + describe "unauthenticated chat moderation" do + setup do + user = insert(:user) + recipient = insert(:user) + + {:ok, message} = CommonAPI.post_chat_message(user, recipient, "Yo") + object = Object.normalize(message, false) + chat = Chat.get(user.id, recipient.ap_id) + cm_ref = MessageReference.for_chat_and_object(chat, object) + + %{conn: build_conn(), chat: chat, cm_ref: cm_ref} + end + + test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do + conn + |> put_req_header("content-type", "application/json") + |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}") + |> json_response(403) + + assert MessageReference.get_by_id(cm_ref.id) == cm_ref + end + + test "GET /api/pleroma/admin/chats/:id/messages", %{conn: conn, chat: chat} do + conn + |> get("/api/pleroma/admin/chats/#{chat.id}/messages") + |> json_response(403) + end + + test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do + conn + |> get("/api/pleroma/admin/chats/#{chat.id}") + |> json_response(403) + end + end + end From bc86d0a906e58becb94c5a73552f90abbe494c28 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Fri, 11 Sep 2020 14:29:56 -0500 Subject: [PATCH 204/264] Chat moderation: fix formatting --- .../admin_api/controllers/chat_controller_test.exs | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index ccca3521a..e81484ce6 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -149,7 +149,11 @@ test "it returns a chat", %{conn: conn} do %{conn: conn, chat: chat, cm_ref: cm_ref} end - test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do + test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{ + conn: conn, + chat: chat, + cm_ref: cm_ref + } do conn |> put_req_header("content-type", "application/json") |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}") @@ -184,7 +188,11 @@ test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do %{conn: build_conn(), chat: chat, cm_ref: cm_ref} end - test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{conn: conn, chat: chat, cm_ref: cm_ref} do + test "DELETE /api/pleroma/admin/chats/:id/messages/:message_id", %{ + conn: conn, + chat: chat, + cm_ref: cm_ref + } do conn |> put_req_header("content-type", "application/json") |> delete("/api/pleroma/admin/chats/#{chat.id}/messages/#{cm_ref.id}") @@ -205,5 +213,4 @@ test "GET /api/pleroma/admin/chats/:id", %{conn: conn, chat: chat} do |> json_response(403) end end - end From 40c847dc2a33bcd4bb6776d500cb73d6fa5ff052 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 11 Sep 2020 17:42:39 -0500 Subject: [PATCH 205/264] Spelling Reported by: trevoke --- docs/configuration/cheatsheet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index 7cf1d1ce7..0c5d17ce3 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -18,7 +18,7 @@ To add configuration to your config file, you can copy it from the base config. * `notify_email`: Email used for notifications. * `description`: The instance’s description, can be seen in nodeinfo and ``/api/v1/instance``. * `limit`: Posts character limit (CW/Subject included in the counter). -* `discription_limit`: The character limit for image descriptions. +* `description_limit`: The character limit for image descriptions. * `chat_limit`: Character limit of the instance chat messages. * `remote_limit`: Hard character limit beyond which remote posts will be dropped. * `upload_limit`: File size limit of uploads (except for avatar, background, banner). From 6877bad44cccff807cf8d1426c26ab80a6ea0244 Mon Sep 17 00:00:00 2001 From: tarteka Date: Fri, 11 Sep 2020 18:24:59 +0000 Subject: [PATCH 206/264] Translated using Weblate (Spanish) Currently translated at 20.7% (22 of 106 strings) Translation: Pleroma/Pleroma backend Translate-URL: https://translate.pleroma.social/projects/pleroma/pleroma/es/ --- priv/gettext/es/LC_MESSAGES/errors.po | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/priv/gettext/es/LC_MESSAGES/errors.po b/priv/gettext/es/LC_MESSAGES/errors.po index ba75936a9..0a6fceaad 100644 --- a/priv/gettext/es/LC_MESSAGES/errors.po +++ b/priv/gettext/es/LC_MESSAGES/errors.po @@ -3,7 +3,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-09-09 09:49+0000\n" -"PO-Revision-Date: 2020-09-09 10:52+0000\n" +"PO-Revision-Date: 2020-09-11 21:26+0000\n" "Last-Translator: tarteka \n" "Language-Team: Spanish \n" @@ -94,52 +94,52 @@ msgid "must be less than %{number}" msgstr "" msgid "must be greater than %{number}" -msgstr "" +msgstr "debe ser mayor que %{number}" msgid "must be less than or equal to %{number}" -msgstr "" +msgstr "debe ser menor o igual que %{number}" msgid "must be greater than or equal to %{number}" -msgstr "" +msgstr "deber ser mayor o igual que %{number}" msgid "must be equal to %{number}" -msgstr "" +msgstr "deber ser igual a %{number}" #: lib/pleroma/web/common_api/common_api.ex:505 #, elixir-format msgid "Account not found" -msgstr "" +msgstr "Cuenta no encontrada" #: lib/pleroma/web/common_api/common_api.ex:339 #, elixir-format msgid "Already voted" -msgstr "" +msgstr "Ya has votado" #: lib/pleroma/web/oauth/oauth_controller.ex:359 #, elixir-format msgid "Bad request" -msgstr "" +msgstr "Solicitud incorrecta" #: lib/pleroma/web/activity_pub/activity_pub_controller.ex:426 #, elixir-format msgid "Can't delete object" -msgstr "" +msgstr "No se puede eliminar el objeto" #: lib/pleroma/web/controller_helper.ex:105 #: lib/pleroma/web/controller_helper.ex:111 #, elixir-format msgid "Can't display this activity" -msgstr "" +msgstr "No se puede mostrar esta actividad" #: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:285 #, elixir-format msgid "Can't find user" -msgstr "" +msgstr "No se puede encontrar al usuario" #: lib/pleroma/web/pleroma_api/controllers/account_controller.ex:61 #, elixir-format msgid "Can't get favorites" -msgstr "" +msgstr "No se puede obtener los favoritos" #: lib/pleroma/web/activity_pub/activity_pub_controller.ex:438 #, elixir-format @@ -149,7 +149,7 @@ msgstr "" #: lib/pleroma/web/common_api/utils.ex:563 #, elixir-format msgid "Cannot post an empty status without attachments" -msgstr "" +msgstr "No se puede publicar un estado vacío y sin archivos adjuntos" #: lib/pleroma/web/common_api/utils.ex:511 #, elixir-format From c0b36621f1149734e97f268e267202cc53700abb Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 11 Sep 2020 16:59:45 -0500 Subject: [PATCH 207/264] Ensure we only apply NSFW Simple policy on parsable objects --- lib/pleroma/web/activity_pub/mrf/simple_policy.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex index bb193475a..161177727 100644 --- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex @@ -66,7 +66,8 @@ defp check_media_nsfw( "type" => "Create", "object" => child_object } = object - ) do + ) + when is_map(child_object) do media_nsfw = Config.get([:mrf_simple, :media_nsfw]) |> MRF.subdomains_regex() From 32831f371ff426ac0c6f5d6c1381313f5f92af42 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Sat, 12 Sep 2020 10:33:42 +0300 Subject: [PATCH 208/264] [#2497] Media preview proxy: redirecting to media proxy url in case of preview error or unsupported content type. --- .../web/media_proxy/media_proxy_controller.ex | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index ff7fd2409..08d62a51a 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -91,8 +91,8 @@ defp handle_preview("video/" <> _ = _content_type, conn, media_proxy_url) do handle_video_preview(conn, media_proxy_url) end - defp handle_preview(content_type, conn, _media_proxy_url) do - send_resp(conn, :unprocessable_entity, "Unsupported content type: #{content_type}.") + defp handle_preview(_unsupported_content_type, conn, media_proxy_url) do + fallback_on_preview_error(conn, media_proxy_url) end defp handle_png_preview(conn, media_proxy_url) do @@ -114,7 +114,7 @@ defp handle_png_preview(conn, media_proxy_url) do |> send_resp(200, thumbnail_binary) else _ -> - send_resp(conn, :failed_dependency, "Can't handle preview.") + fallback_on_preview_error(conn, media_proxy_url) end end @@ -132,7 +132,7 @@ defp handle_jpeg_preview(conn, media_proxy_url) do |> send_resp(200, thumbnail_binary) else _ -> - send_resp(conn, :failed_dependency, "Can't handle preview.") + fallback_on_preview_error(conn, media_proxy_url) end end @@ -144,10 +144,14 @@ defp handle_video_preview(conn, media_proxy_url) do |> send_resp(200, thumbnail_binary) else _ -> - send_resp(conn, :failed_dependency, "Can't handle preview.") + fallback_on_preview_error(conn, media_proxy_url) end end + defp fallback_on_preview_error(conn, media_proxy_url) do + redirect(conn, external: media_proxy_url) + end + defp put_preview_response_headers( conn, [content_type, filename] = _content_info \\ ["image/jpeg", "preview.jpg"] From cd234a5321b9d33146b90be95d84fa67aa4f7707 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Sat, 12 Sep 2020 11:20:41 +0300 Subject: [PATCH 209/264] [#2497] Media preview proxy: preview bypass for small images (basing on Content-Length and Content-Type). --- .../web/media_proxy/media_proxy_controller.ex | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 08d62a51a..78df7763e 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -11,6 +11,8 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do alias Pleroma.Web.MediaProxy alias Plug.Conn + @min_content_length_for_preview 100 * 1024 + def remote(conn, %{"sig" => sig64, "url" => url64}) do with {_, true} <- {:enabled, MediaProxy.enabled?()}, {:ok, url} <- MediaProxy.decode_url(sig64, url64), @@ -54,8 +56,12 @@ defp handle_preview(conn, url) do with {:ok, %{status: status} = head_response} when status in 200..299 <- Pleroma.HTTP.request("head", media_proxy_url, [], [], pool: :media) do content_type = Tesla.get_header(head_response, "content-type") - handle_preview(content_type, conn, media_proxy_url) + content_length = Tesla.get_header(head_response, "content-length") + content_length = content_length && String.to_integer(content_length) + + handle_preview(content_type, content_length, conn, media_proxy_url) else + # If HEAD failed, redirecting to media proxy URI doesn't make much sense; returning an error {_, %{status: status}} -> send_resp(conn, :failed_dependency, "Can't fetch HTTP headers (HTTP #{status}).") @@ -69,29 +75,36 @@ defp handle_preview(conn, url) do defp handle_preview( "image/" <> _ = _content_type, + _content_length, %{params: %{"output_format" => "jpeg"}} = conn, media_proxy_url ) do handle_jpeg_preview(conn, media_proxy_url) end - defp handle_preview("image/gif" = _content_type, conn, media_proxy_url) do + defp handle_preview("image/gif" = _content_type, _content_length, conn, media_proxy_url) do redirect(conn, external: media_proxy_url) end - defp handle_preview("image/png" <> _ = _content_type, conn, media_proxy_url) do + defp handle_preview("image/" <> _ = _content_type, content_length, conn, media_proxy_url) + when is_integer(content_length) and content_length > 0 and + content_length < @min_content_length_for_preview do + redirect(conn, external: media_proxy_url) + end + + defp handle_preview("image/png" <> _ = _content_type, _content_length, conn, media_proxy_url) do handle_png_preview(conn, media_proxy_url) end - defp handle_preview("image/" <> _ = _content_type, conn, media_proxy_url) do + defp handle_preview("image/" <> _ = _content_type, _content_length, conn, media_proxy_url) do handle_jpeg_preview(conn, media_proxy_url) end - defp handle_preview("video/" <> _ = _content_type, conn, media_proxy_url) do + defp handle_preview("video/" <> _ = _content_type, _content_length, conn, media_proxy_url) do handle_video_preview(conn, media_proxy_url) end - defp handle_preview(_unsupported_content_type, conn, media_proxy_url) do + defp handle_preview(_unsupported_content_type, _content_length, conn, media_proxy_url) do fallback_on_preview_error(conn, media_proxy_url) end From 65f4e37ee1f47ff2f160eb56facef4c783a6828c Mon Sep 17 00:00:00 2001 From: Alexander Strizhakov Date: Sun, 13 Sep 2020 10:04:50 +0300 Subject: [PATCH 210/264] remove old workers in oban migrations --- .../20200825061316_move_activity_expirations_to_oban.exs | 2 ++ .../20200907092050_move_tokens_expiration_into_oban.exs | 2 ++ 2 files changed, 4 insertions(+) diff --git a/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs b/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs index cdc00d20b..a703af83f 100644 --- a/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs +++ b/priv/repo/migrations/20200825061316_move_activity_expirations_to_oban.exs @@ -4,6 +4,8 @@ defmodule Pleroma.Repo.Migrations.MoveActivityExpirationsToOban do import Ecto.Query, only: [from: 2] def change do + Pleroma.Config.Oban.warn() + Supervisor.start_link([{Oban, Pleroma.Config.get(Oban)}], strategy: :one_for_one, name: Pleroma.Supervisor diff --git a/priv/repo/migrations/20200907092050_move_tokens_expiration_into_oban.exs b/priv/repo/migrations/20200907092050_move_tokens_expiration_into_oban.exs index 832bd02a7..9e49ddacb 100644 --- a/priv/repo/migrations/20200907092050_move_tokens_expiration_into_oban.exs +++ b/priv/repo/migrations/20200907092050_move_tokens_expiration_into_oban.exs @@ -4,6 +4,8 @@ defmodule Pleroma.Repo.Migrations.MoveTokensExpirationIntoOban do import Ecto.Query, only: [from: 2] def change do + Pleroma.Config.Oban.warn() + Supervisor.start_link([{Oban, Pleroma.Config.get(Oban)}], strategy: :one_for_one, name: Pleroma.Supervisor From 3e53ab4e98e6294f593f2185998f555ccd6fee73 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Mon, 14 Sep 2020 14:08:12 +0300 Subject: [PATCH 211/264] added notification constraints --- .../migration_helper/notification_backfill.ex | 15 +++++----- lib/pleroma/repo.ex | 9 ++++-- ...8_delete_notification_without_activity.exs | 30 +++++++++++++++++++ ...914105800_add_notification_constraints.exs | 23 ++++++++++++++ 4 files changed, 67 insertions(+), 10 deletions(-) create mode 100644 priv/repo/migrations/20200914105638_delete_notification_without_activity.exs create mode 100644 priv/repo/migrations/20200914105800_add_notification_constraints.exs diff --git a/lib/pleroma/migration_helper/notification_backfill.ex b/lib/pleroma/migration_helper/notification_backfill.ex index d260e62ca..24f4733fe 100644 --- a/lib/pleroma/migration_helper/notification_backfill.ex +++ b/lib/pleroma/migration_helper/notification_backfill.ex @@ -19,13 +19,13 @@ def fill_in_notification_types do query |> Repo.chunk_stream(100) |> Enum.each(fn notification -> - type = - notification.activity - |> type_from_activity() + if notification.activity do + type = type_from_activity(notification.activity) - notification - |> Ecto.Changeset.change(%{type: type}) - |> Repo.update() + notification + |> Ecto.Changeset.change(%{type: type}) + |> Repo.update() + end end) end @@ -72,8 +72,7 @@ defp type_from_activity(%{data: %{"type" => type}} = activity) do "pleroma:emoji_reaction" "Create" -> - activity - |> type_from_activity_object() + type_from_activity_object(activity) t -> raise "No notification type for activity type #{t}" diff --git a/lib/pleroma/repo.ex b/lib/pleroma/repo.ex index f317e4d58..a75610879 100644 --- a/lib/pleroma/repo.ex +++ b/lib/pleroma/repo.ex @@ -49,7 +49,7 @@ def get_assoc(resource, association) do end end - def chunk_stream(query, chunk_size) do + def chunk_stream(query, chunk_size, returns_as \\ :one) do # We don't actually need start and end funcitons of resource streaming, # but it seems to be the only way to not fetch records one-by-one and # have individual records be the elements of the stream, instead of @@ -69,7 +69,12 @@ def chunk_stream(query, chunk_size) do records -> last_id = List.last(records).id - {records, last_id} + + if returns_as == :one do + {records, last_id} + else + {[records], last_id} + end end end, fn _ -> :ok end diff --git a/priv/repo/migrations/20200914105638_delete_notification_without_activity.exs b/priv/repo/migrations/20200914105638_delete_notification_without_activity.exs new file mode 100644 index 000000000..f5b339101 --- /dev/null +++ b/priv/repo/migrations/20200914105638_delete_notification_without_activity.exs @@ -0,0 +1,30 @@ +defmodule Pleroma.Repo.Migrations.DeleteNotificationWithoutActivity do + use Ecto.Migration + + import Ecto.Query + alias Pleroma.Repo + + def up do + from( + q in Pleroma.Notification, + left_join: c in assoc(q, :activity), + select: %{id: type(q.id, :integer)}, + where: is_nil(c.id) + ) + |> Repo.chunk_stream(1_000, :bacthes) + |> Stream.each(fn records -> + notification_ids = Enum.map(records, fn %{id: id} -> id end) + + Repo.delete_all( + from(n in "notifications", + where: n.id in ^notification_ids + ) + ) + end) + |> Stream.run() + end + + def down do + :ok + end +end diff --git a/priv/repo/migrations/20200914105800_add_notification_constraints.exs b/priv/repo/migrations/20200914105800_add_notification_constraints.exs new file mode 100644 index 000000000..a65c35fd0 --- /dev/null +++ b/priv/repo/migrations/20200914105800_add_notification_constraints.exs @@ -0,0 +1,23 @@ +defmodule Pleroma.Repo.Migrations.AddNotificationConstraints do + use Ecto.Migration + + def up do + drop(constraint(:notifications, "notifications_activity_id_fkey")) + + alter table(:notifications) do + modify(:activity_id, references(:activities, type: :uuid, on_delete: :delete_all), + null: false + ) + end + end + + def down do + drop(constraint(:notifications, "notifications_activity_id_fkey")) + + alter table(:notifications) do + modify(:activity_id, references(:activities, type: :uuid, on_delete: :delete_all), + null: true + ) + end + end +end From f66a15c4a51e1c8f614b4c1609b2385a29762931 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Mon, 14 Sep 2020 14:44:25 +0300 Subject: [PATCH 212/264] RichMedia parser: do not set a cache TTL for unchanging errors --- lib/pleroma/web/rich_media/parser.ex | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/pleroma/web/rich_media/parser.ex b/lib/pleroma/web/rich_media/parser.ex index 5727fda18..ab8f35922 100644 --- a/lib/pleroma/web/rich_media/parser.ex +++ b/lib/pleroma/web/rich_media/parser.ex @@ -36,6 +36,14 @@ defp get_cached_or_parse(url) do {:ok, _data} = res -> res + {:error, :body_too_large} = e -> + e + + {:error, {:content_type, _}} -> + e + + # The TTL is not set for the errors above, since they are unlikely to change + # with time {:error, _} = e -> ttl = Pleroma.Config.get([:rich_media, :failure_backoff], 60_000) Cachex.expire(:rich_media_cache, url, ttl) From f70335002df9b2b3f47f0ccaed6aaeebfb14435f Mon Sep 17 00:00:00 2001 From: rinpatch Date: Mon, 14 Sep 2020 14:45:58 +0300 Subject: [PATCH 213/264] RichMedia: Do a HEAD request to check content type/length This shouldn't be too expensive, since the connections are pooled, but it should save us some bandwidth since we won't fetch non-html files and files that are too large for us to process (especially since you can't cancel a request without closing the connection with HTTP1). --- lib/pleroma/web/rich_media/helpers.ex | 46 ++++++++++++++++++++++++++- test/support/http_request_mock.ex | 17 ++++++++++ test/web/rich_media/parser_test.exs | 29 +++++++++++++++++ 3 files changed, 91 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index bd7f03cbe..d7a19df4a 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -87,6 +87,50 @@ def perform(:fetch, %Activity{} = activity) do def rich_media_get(url) do headers = [{"user-agent", Pleroma.Application.user_agent() <> "; Bot"}] - Pleroma.HTTP.get(url, headers, @options) + head_check = + case Pleroma.HTTP.head(url, headers, @options) do + # If the HEAD request didn't reach the server for whatever reason, + # we assume the GET that comes right after won't either + {:error, _} = e -> + e + + {:ok, %Tesla.Env{status: 200, headers: headers}} -> + with :ok <- check_content_type(headers), + :ok <- check_content_length(headers), + do: :ok + + _ -> + :ok + end + + with :ok <- head_check, do: Pleroma.HTTP.get(url, headers, @options) + end + + defp check_content_type(headers) do + case List.keyfind(headers, "content-type", 0) do + {_, content_type} -> + case Plug.Conn.Utils.media_type(content_type) do + {:ok, "text", "html", _} -> :ok + _ -> {:error, {:content_type, content_type}} + end + + _ -> + :ok + end + end + + @max_body @options[:max_body] + defp check_content_length(headers) do + case List.keyfind(headers, "content-length", 0) do + {_, maybe_content_length} -> + case Integer.parse(maybe_content_length) do + {content_length, ""} when content_length <= @max_body -> :ok + {_, ""} -> {:error, :body_too_large} + _ -> :ok + end + + _ -> + :ok + end end end diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index 344e27f13..cb022333f 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -1262,4 +1262,21 @@ def post(url, query, body, headers) do inspect(headers) }"} end + + # Most of the rich media mocks are missing HEAD requests, so we just return 404. + @rich_media_mocks [ + "https://example.com/ogp", + "https://example.com/ogp-missing-data", + "https://example.com/twitter-card" + ] + def head(url, _query, _body, _headers) when url in @rich_media_mocks do + {:ok, %Tesla.Env{status: 404, body: ""}} + end + + def head(url, query, body, headers) do + {:error, + "Mock response not implemented for HEAD #{inspect(url)}, #{query}, #{inspect(body)}, #{ + inspect(headers) + }"} + end end diff --git a/test/web/rich_media/parser_test.exs b/test/web/rich_media/parser_test.exs index 21ae35f8b..d65a63121 100644 --- a/test/web/rich_media/parser_test.exs +++ b/test/web/rich_media/parser_test.exs @@ -56,6 +56,27 @@ defmodule Pleroma.Web.RichMedia.ParserTest do %{method: :get, url: "http://example.com/error"} -> {:error, :overload} + + %{ + method: :head, + url: "http://example.com/huge-page" + } -> + %Tesla.Env{ + status: 200, + headers: [{"content-length", "2000001"}, {"content-type", "text/html"}] + } + + %{ + method: :head, + url: "http://example.com/pdf-file" + } -> + %Tesla.Env{ + status: 200, + headers: [{"content-length", "1000000"}, {"content-type", "application/pdf"}] + } + + %{method: :head} -> + %Tesla.Env{status: 404, body: "", headers: []} end) :ok @@ -144,4 +165,12 @@ test "rejects invalid OGP data" do test "returns error if getting page was not successful" do assert {:error, :overload} = Parser.parse("http://example.com/error") end + + test "does a HEAD request to check if the body is too large" do + assert {:error, body_too_large} = Parser.parse("http://example.com/huge-page") + end + + test "does a HEAD request to check if the body is html" do + assert {:error, {:content_type, _}} = Parser.parse("http://example.com/pdf-file") + end end From 738685a6298d7bd883fe81477b2e25ec94822e02 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Mon, 14 Sep 2020 11:56:00 +0000 Subject: [PATCH 214/264] Apply 1 suggestion(s) to 1 file(s) --- test/web/rich_media/parser_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/rich_media/parser_test.exs b/test/web/rich_media/parser_test.exs index d65a63121..6d00c2af5 100644 --- a/test/web/rich_media/parser_test.exs +++ b/test/web/rich_media/parser_test.exs @@ -167,7 +167,7 @@ test "returns error if getting page was not successful" do end test "does a HEAD request to check if the body is too large" do - assert {:error, body_too_large} = Parser.parse("http://example.com/huge-page") + assert {:error, :body_too_large} = Parser.parse("http://example.com/huge-page") end test "does a HEAD request to check if the body is html" do From bb407edce4b512aae74c12ea0c1abcc92bc18ddb Mon Sep 17 00:00:00 2001 From: rinpatch Date: Mon, 14 Sep 2020 15:46:00 +0300 Subject: [PATCH 215/264] RichMedia: fix a compilation error due to nonexistent variable No idea why this passed Gitlab CI --- lib/pleroma/web/rich_media/parser.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/rich_media/parser.ex b/lib/pleroma/web/rich_media/parser.ex index ab8f35922..33f6f1fa1 100644 --- a/lib/pleroma/web/rich_media/parser.ex +++ b/lib/pleroma/web/rich_media/parser.ex @@ -39,7 +39,7 @@ defp get_cached_or_parse(url) do {:error, :body_too_large} = e -> e - {:error, {:content_type, _}} -> + {:error, {:content_type, _}} = e -> e # The TTL is not set for the errors above, since they are unlikely to change From 0b5e72ecf033ff78c67eb4e5a68277e5d83f5611 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 10 Sep 2020 15:00:19 +0300 Subject: [PATCH 216/264] Remove `:managed_config` option. In practice, it was already removed half a year ago, but the description and cheatsheet entries were still there. The migration intentionally does not use ConfigDB.get_by_params, since this will break migration code as soon as we add a new field is added to ConfigDB. Closes #2086 --- CHANGELOG.md | 2 ++ config/config.exs | 1 - config/description.exs | 6 ----- docs/configuration/cheatsheet.md | 1 - ...10113106_remove_managed_config_from_db.exs | 27 +++++++++++++++++++ 5 files changed, 29 insertions(+), 8 deletions(-) create mode 100644 priv/repo/migrations/20200910113106_remove_managed_config_from_db.exs diff --git a/CHANGELOG.md b/CHANGELOG.md index 75357f05e..88c489895 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - **Breaking:** `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab` (moved to a simpler implementation). - **Breaking:** `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` (moved to scheduled jobs). - **Breaking:** `Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker` setting from Oban `:crontab` (moved to scheduled jobs). +- Removed `:managed_config` option. In practice, it was accidentally removed with 2.0.0 release when frontends were +switched to a new configuration mechanism, however it was not officially removed until now. ### Changed - Minimum lifetime for ephmeral activities changed to 10 minutes and made configurable (`:min_lifetime` option). diff --git a/config/config.exs b/config/config.exs index 88c47fd03..c204814d0 100644 --- a/config/config.exs +++ b/config/config.exs @@ -216,7 +216,6 @@ allow_relay: true, public: true, quarantined_instances: [], - managed_config: true, static_dir: "instance/static/", allowed_post_formats: [ "text/plain", diff --git a/config/description.exs b/config/description.exs index 82c7bc6a7..2b30f8148 100644 --- a/config/description.exs +++ b/config/description.exs @@ -764,12 +764,6 @@ "*.quarantined.com" ] }, - %{ - key: :managed_config, - type: :boolean, - description: - "Whenether the config for pleroma-fe is configured in this config or in static/config.json" - }, %{ key: :static_dir, type: :string, diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index 0c5d17ce3..054b8fe43 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -40,7 +40,6 @@ To add configuration to your config file, you can copy it from the base config. * `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance. * `public`: Makes the client API in authenticated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. Note that there is a dependent setting restricting or allowing unauthenticated access to specific resources, see `restrict_unauthenticated` for more details. * `quarantined_instances`: List of ActivityPub instances where private (DMs, followers-only) activities will not be send. -* `managed_config`: Whenether the config for pleroma-fe is configured in [:frontend_configurations](#frontend_configurations) or in ``static/config.json``. * `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML). * `extended_nickname_format`: Set to `true` to use extended local nicknames format (allows underscores/dashes). This will break federation with older software for theses nicknames. diff --git a/priv/repo/migrations/20200910113106_remove_managed_config_from_db.exs b/priv/repo/migrations/20200910113106_remove_managed_config_from_db.exs new file mode 100644 index 000000000..e27a9ae48 --- /dev/null +++ b/priv/repo/migrations/20200910113106_remove_managed_config_from_db.exs @@ -0,0 +1,27 @@ +defmodule Pleroma.Repo.Migrations.RemoveManagedConfigFromDb do + use Ecto.Migration + import Ecto.Query + alias Pleroma.ConfigDB + alias Pleroma.Repo + + def up do + config_entry = + from(c in ConfigDB, + select: [:id, :value], + where: c.group == ^:pleroma and c.key == ^:instance + ) + |> Repo.one() + + if config_entry do + {_, value} = Keyword.pop(config_entry.value, :managed_config) + + config_entry + |> Ecto.Changeset.change(value: value) + |> Repo.update() + end + end + + def down do + :ok + end +end From d31f0393bfaa733cf68058c21294874daa286e0a Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 14 Sep 2020 12:06:08 -0500 Subject: [PATCH 217/264] Validate Welcome Chat message works with Simple policy applied to local instance --- test/user_test.exs | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/test/user_test.exs b/test/user_test.exs index 50f72549e..a910226b2 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -440,6 +440,45 @@ test "it sends a welcome chat message if it is set" do assert activity.actor == welcome_user.ap_id end + setup do: + clear_config(:mrf_simple, + media_removal: [], + media_nsfw: [], + federated_timeline_removal: [], + report_removal: [], + reject: [], + followers_only: [], + accept: [], + avatar_removal: [], + banner_removal: [], + reject_deletes: [] + ) + + setup do: + clear_config(:mrf, + policies: [ + Pleroma.Web.ActivityPub.MRF.SimplePolicy + ] + ) + + test "it sends a welcome chat message when Simple policy applied to local instance" do + Pleroma.Config.put([:mrf_simple, :media_nsfw], ["localhost"]) + + welcome_user = insert(:user) + Pleroma.Config.put([:welcome, :chat_message, :enabled], true) + Pleroma.Config.put([:welcome, :chat_message, :sender_nickname], welcome_user.nickname) + Pleroma.Config.put([:welcome, :chat_message, :message], "Hello, this is a chat message") + + cng = User.register_changeset(%User{}, @full_user_data) + {:ok, registered_user} = User.register(cng) + ObanHelpers.perform_all() + + activity = Repo.one(Pleroma.Activity) + assert registered_user.ap_id in activity.recipients + assert Object.normalize(activity).data["content"] =~ "chat message" + assert activity.actor == welcome_user.ap_id + end + test "it sends a welcome email message if it is set" do welcome_user = insert(:user) Pleroma.Config.put([:welcome, :email, :enabled], true) From 25d1caf1ddae3730f2554d35d89a0c2692927d99 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 14 Sep 2020 12:07:31 -0500 Subject: [PATCH 218/264] Merge duplicate Changed sections --- CHANGELOG.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75357f05e..e94f2eda2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Renamed `:await_up_timeout` in `:connections_pool` namespace to `:connect_timeout`, old name is deprecated. - Renamed `:timeout` in `pools` namespace to `:recv_timeout`, old name is deprecated. +- Minimum lifetime for ephmeral activities changed to 10 minutes and made configurable (`:min_lifetime` option). ### Removed @@ -16,9 +17,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - **Breaking:** `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` (moved to scheduled jobs). - **Breaking:** `Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker` setting from Oban `:crontab` (moved to scheduled jobs). -### Changed -- Minimum lifetime for ephmeral activities changed to 10 minutes and made configurable (`:min_lifetime` option). - ## [2.1.1] - 2020-09-08 ### Security From 118bf6e92bc112b20ba1ce2f7d0bd3bb5db7ebfe Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 14 Sep 2020 12:08:32 -0500 Subject: [PATCH 219/264] Fixed Welcome chats with MRF Simple applied locally --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e94f2eda2..685d59873 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - **Breaking:** `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` (moved to scheduled jobs). - **Breaking:** `Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker` setting from Oban `:crontab` (moved to scheduled jobs). +### Fixed + +- Welcome Chat messages preventing user registration with MRF Simple Policy applied to the local instance + ## [2.1.1] - 2020-09-08 ### Security From 38b2db297b3207607072347b408dc7eacbac600e Mon Sep 17 00:00:00 2001 From: stwf Date: Mon, 14 Sep 2020 13:18:11 -0400 Subject: [PATCH 220/264] search indexing metadata respects discoverable flag --- lib/pleroma/web/metadata/restrict_indexing.ex | 7 +++---- test/web/metadata/metadata_test.exs | 19 +++++++++++++++++-- test/web/metadata/restrict_indexing_test.exs | 8 +++++++- 3 files changed, 27 insertions(+), 7 deletions(-) diff --git a/lib/pleroma/web/metadata/restrict_indexing.ex b/lib/pleroma/web/metadata/restrict_indexing.ex index f15607896..a1dcb6e15 100644 --- a/lib/pleroma/web/metadata/restrict_indexing.ex +++ b/lib/pleroma/web/metadata/restrict_indexing.ex @@ -10,7 +10,9 @@ defmodule Pleroma.Web.Metadata.Providers.RestrictIndexing do """ @impl true - def build_tags(%{user: %{local: false}}) do + def build_tags(%{user: %{local: true, discoverable: true}}), do: [] + + def build_tags(_) do [ {:meta, [ @@ -19,7 +21,4 @@ def build_tags(%{user: %{local: false}}) do ], []} ] end - - @impl true - def build_tags(%{user: %{local: true}}), do: [] end diff --git a/test/web/metadata/metadata_test.exs b/test/web/metadata/metadata_test.exs index 9d3121b7b..fe3009628 100644 --- a/test/web/metadata/metadata_test.exs +++ b/test/web/metadata/metadata_test.exs @@ -18,17 +18,32 @@ test "for remote user" do test "for local user" do user = insert(:user) + assert Pleroma.Web.Metadata.build_tags(%{user: user}) =~ + "" + end + + test "for local user set to discoverable" do + user = insert(:user, discoverable: true) + refute Pleroma.Web.Metadata.build_tags(%{user: user}) =~ "" end end describe "no metadata for private instances" do - test "for local user" do + test "for local user set to discoverable" do clear_config([:instance, :public], false) - user = insert(:user, bio: "This is my secret fedi account bio") + user = insert(:user, bio: "This is my secret fedi account bio", discoverable: true) assert "" = Pleroma.Web.Metadata.build_tags(%{user: user}) end + + test "search exclusion metadata is included" do + clear_config([:instance, :public], false) + user = insert(:user, bio: "This is my secret fedi account bio") + + assert "" == + Pleroma.Web.Metadata.build_tags(%{user: user}) + end end end diff --git a/test/web/metadata/restrict_indexing_test.exs b/test/web/metadata/restrict_indexing_test.exs index aad0bac42..6b3a65372 100644 --- a/test/web/metadata/restrict_indexing_test.exs +++ b/test/web/metadata/restrict_indexing_test.exs @@ -14,8 +14,14 @@ test "for remote user" do test "for local user" do assert Pleroma.Web.Metadata.Providers.RestrictIndexing.build_tags(%{ - user: %Pleroma.User{local: true} + user: %Pleroma.User{local: true, discoverable: true} }) == [] end + + test "for local user when discoverable is false" do + assert Pleroma.Web.Metadata.Providers.RestrictIndexing.build_tags(%{ + user: %Pleroma.User{local: true, discoverable: false} + }) == [{:meta, [name: "robots", content: "noindex, noarchive"], []}] + end end end From f900a40d5dc4285977bd92f3792ad04a2f34ddcf Mon Sep 17 00:00:00 2001 From: stwf Date: Mon, 14 Sep 2020 13:55:49 -0400 Subject: [PATCH 221/264] fix credo warning --- test/web/metadata/metadata_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/web/metadata/metadata_test.exs b/test/web/metadata/metadata_test.exs index fe3009628..054844597 100644 --- a/test/web/metadata/metadata_test.exs +++ b/test/web/metadata/metadata_test.exs @@ -42,7 +42,7 @@ test "search exclusion metadata is included" do clear_config([:instance, :public], false) user = insert(:user, bio: "This is my secret fedi account bio") - assert "" == + assert ~s() == Pleroma.Web.Metadata.build_tags(%{user: user}) end end From 709723182d69e1bb41a23c8abeb5d7c2c67b8c49 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 14 Sep 2020 17:06:42 -0500 Subject: [PATCH 222/264] Ensure SimplePolicy's tags in string representation don't trip up the object validator --- lib/pleroma/web/activity_pub/transmogrifier.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index af4384213..8fe430644 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -309,7 +309,7 @@ def fix_url(object), do: object def fix_emoji(%{"tag" => tags} = object) when is_list(tags) do emoji = tags - |> Enum.filter(fn data -> data["type"] == "Emoji" and data["icon"] end) + |> Enum.filter(fn data -> is_map(data) and data["type"] == "Emoji" and data["icon"] end) |> Enum.reduce(%{}, fn data, mapping -> name = String.trim(data["name"], ":") From 0b66e806e32055b625560eb06b9300cc856f9789 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 14 Sep 2020 17:11:08 -0500 Subject: [PATCH 223/264] Move changelog entry to next patch --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 685d59873..ac4a6f7f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - **Breaking:** `Pleroma.Workers.Cron.ClearOauthTokenWorker` setting from Oban `:crontab` (moved to scheduled jobs). - **Breaking:** `Pleroma.Workers.Cron.PurgeExpiredActivitiesWorker` setting from Oban `:crontab` (moved to scheduled jobs). +## unreleased-patch - ??? + ### Fixed - Welcome Chat messages preventing user registration with MRF Simple Policy applied to the local instance From 3ab59a6f3c7b7bae2e69d1a8d1bf484d039a5420 Mon Sep 17 00:00:00 2001 From: eugenijm Date: Tue, 15 Sep 2020 13:00:07 +0300 Subject: [PATCH 224/264] Mastodon API: fix the public timeline returning an error when the `reply_visibility` parameter is set to `self` for an unauthenticated user --- CHANGELOG.md | 1 + lib/pleroma/web/activity_pub/activity_pub.ex | 4 ++-- test/web/activity_pub/activity_pub_test.exs | 8 ++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 82f64d441..f7a372e11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ switched to a new configuration mechanism, however it was not officially removed ### Fixed - Welcome Chat messages preventing user registration with MRF Simple Policy applied to the local instance +- Mastodon API: the public timeline returning an error when the `reply_visibility` parameter is set to `self` for an unauthenticated user ## [2.1.1] - 2020-09-08 diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 66a9f78a3..5aac3f53b 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -767,7 +767,7 @@ defp restrict_replies(query, %{exclude_replies: true}) do end defp restrict_replies(query, %{ - reply_filtering_user: user, + reply_filtering_user: %User{} = user, reply_visibility: "self" }) do from( @@ -783,7 +783,7 @@ defp restrict_replies(query, %{ end defp restrict_replies(query, %{ - reply_filtering_user: user, + reply_filtering_user: %User{} = user, reply_visibility: "following" }) do from( diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs index d8caa0b00..7bdad3810 100644 --- a/test/web/activity_pub/activity_pub_test.exs +++ b/test/web/activity_pub/activity_pub_test.exs @@ -1810,6 +1810,14 @@ test "public timeline with default reply_visibility `self`", %{users: %{u1: user |> Enum.map(& &1.id) assert activities_ids == [] + + activities_ids = + %{} + |> Map.put(:reply_visibility, "self") + |> Map.put(:reply_filtering_user, nil) + |> ActivityPub.fetch_public_activities() + + assert activities_ids == [] end test "home timeline", %{users: %{u1: user}} do From f879d07fa1a046b5aa33de8e445b1ca803fa1d04 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Tue, 15 Sep 2020 15:32:49 +0300 Subject: [PATCH 225/264] fixed tests --- test/marker_test.exs | 4 ++-- test/repo_test.exs | 4 +++- .../web/mastodon_api/controllers/account_controller_test.exs | 5 ++++- test/web/mastodon_api/controllers/marker_controller_test.exs | 2 +- test/web/mastodon_api/views/account_view_test.exs | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/test/marker_test.exs b/test/marker_test.exs index 5b6d0b4a4..7b3943c7b 100644 --- a/test/marker_test.exs +++ b/test/marker_test.exs @@ -33,8 +33,8 @@ test "return empty multi" do test "returns user markers" do user = insert(:user) marker = insert(:marker, user: user) - insert(:notification, user: user) - insert(:notification, user: user) + insert(:notification, user: user, activity: insert(:note_activity)) + insert(:notification, user: user, activity: insert(:note_activity)) insert(:marker, timeline: "home", user: user) assert Marker.get_markers( diff --git a/test/repo_test.exs b/test/repo_test.exs index 92e827c95..72c0b5071 100644 --- a/test/repo_test.exs +++ b/test/repo_test.exs @@ -37,7 +37,9 @@ test "get one-to-one assoc from repo" do test "get one-to-many assoc from repo" do user = insert(:user) - notification = refresh_record(insert(:notification, user: user)) + + notification = + refresh_record(insert(:notification, user: user, activity: insert(:note_activity))) assert Repo.get_assoc(user, :notifications) == {:ok, [notification]} end diff --git a/test/web/mastodon_api/controllers/account_controller_test.exs b/test/web/mastodon_api/controllers/account_controller_test.exs index 17a1e7d66..f7f1369e4 100644 --- a/test/web/mastodon_api/controllers/account_controller_test.exs +++ b/test/web/mastodon_api/controllers/account_controller_test.exs @@ -1442,7 +1442,10 @@ test "returns lists to which the account belongs" do describe "verify_credentials" do test "verify_credentials" do %{user: user, conn: conn} = oauth_access(["read:accounts"]) - [notification | _] = insert_list(7, :notification, user: user) + + [notification | _] = + insert_list(7, :notification, user: user, activity: insert(:note_activity)) + Pleroma.Notification.set_read_up_to(user, notification.id) conn = get(conn, "/api/v1/accounts/verify_credentials") diff --git a/test/web/mastodon_api/controllers/marker_controller_test.exs b/test/web/mastodon_api/controllers/marker_controller_test.exs index 6dd40fb4a..9f0481120 100644 --- a/test/web/mastodon_api/controllers/marker_controller_test.exs +++ b/test/web/mastodon_api/controllers/marker_controller_test.exs @@ -11,7 +11,7 @@ defmodule Pleroma.Web.MastodonAPI.MarkerControllerTest do test "gets markers with correct scopes", %{conn: conn} do user = insert(:user) token = insert(:oauth_token, user: user, scopes: ["read:statuses"]) - insert_list(7, :notification, user: user) + insert_list(7, :notification, user: user, activity: insert(:note_activity)) {:ok, %{"notifications" => marker}} = Pleroma.Marker.upsert( diff --git a/test/web/mastodon_api/views/account_view_test.exs b/test/web/mastodon_api/views/account_view_test.exs index 9f22f9dcf..c5f491d6b 100644 --- a/test/web/mastodon_api/views/account_view_test.exs +++ b/test/web/mastodon_api/views/account_view_test.exs @@ -448,7 +448,7 @@ test "shows unread_conversation_count only to the account owner" do test "shows unread_count only to the account owner" do user = insert(:user) - insert_list(7, :notification, user: user) + insert_list(7, :notification, user: user, activity: insert(:note_activity)) other_user = insert(:user) user = User.get_cached_by_ap_id(user.ap_id) From c74fad9e06cdb272a1378082908448f7f0b592ac Mon Sep 17 00:00:00 2001 From: Maksim Date: Wed, 16 Sep 2020 03:18:50 +0000 Subject: [PATCH 226/264] Apply 1 suggestion(s) to 1 file(s) --- .../20200914105638_delete_notification_without_activity.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/priv/repo/migrations/20200914105638_delete_notification_without_activity.exs b/priv/repo/migrations/20200914105638_delete_notification_without_activity.exs index f5b339101..9333fc5a1 100644 --- a/priv/repo/migrations/20200914105638_delete_notification_without_activity.exs +++ b/priv/repo/migrations/20200914105638_delete_notification_without_activity.exs @@ -11,7 +11,7 @@ def up do select: %{id: type(q.id, :integer)}, where: is_nil(c.id) ) - |> Repo.chunk_stream(1_000, :bacthes) + |> Repo.chunk_stream(1_000, :batches) |> Stream.each(fn records -> notification_ids = Enum.map(records, fn %{id: id} -> id end) From 599f8bb152ca0669d17baa5f313f00f0791209b6 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Wed, 16 Sep 2020 09:47:18 +0300 Subject: [PATCH 227/264] RepoStreamer.chunk_stream -> Repo.chunk_stream --- lib/mix/tasks/pleroma/database.ex | 4 ++-- lib/mix/tasks/pleroma/user.ex | 4 ++-- lib/pleroma/repo.ex | 14 +++++++++++++ lib/pleroma/repo_streamer.ex | 34 ------------------------------- lib/pleroma/user.ex | 3 +-- test/repo_test.exs | 28 +++++++++++++++++++++++++ 6 files changed, 47 insertions(+), 40 deletions(-) delete mode 100644 lib/pleroma/repo_streamer.ex diff --git a/lib/mix/tasks/pleroma/database.ex b/lib/mix/tasks/pleroma/database.ex index 7f1108dcf..a01c36ece 100644 --- a/lib/mix/tasks/pleroma/database.ex +++ b/lib/mix/tasks/pleroma/database.ex @@ -99,7 +99,7 @@ def run(["fix_likes_collections"]) do where: fragment("(?)->>'likes' is not null", object.data), select: %{id: object.id, likes: fragment("(?)->>'likes'", object.data)} ) - |> Pleroma.RepoStreamer.chunk_stream(100) + |> Pleroma.Repo.chunk_stream(100, :batches) |> Stream.each(fn objects -> ids = objects @@ -145,7 +145,7 @@ def run(["ensure_expiration"]) do |> where(local: true) |> where([a], fragment("(? ->> 'type'::text) = 'Create'", a.data)) |> where([_a, o], fragment("?->>'type' = 'Note'", o.data)) - |> Pleroma.RepoStreamer.chunk_stream(100) + |> Pleroma.Repo.chunk_stream(100, :batches) |> Stream.each(fn activities -> Enum.each(activities, fn activity -> expires_at = diff --git a/lib/mix/tasks/pleroma/user.ex b/lib/mix/tasks/pleroma/user.ex index 01824aa18..b20c49d89 100644 --- a/lib/mix/tasks/pleroma/user.ex +++ b/lib/mix/tasks/pleroma/user.ex @@ -179,7 +179,7 @@ def run(["deactivate_all_from_instance", instance]) do start_pleroma() Pleroma.User.Query.build(%{nickname: "@#{instance}"}) - |> Pleroma.RepoStreamer.chunk_stream(500) + |> Pleroma.Repo.chunk_stream(500, :batches) |> Stream.each(fn users -> users |> Enum.each(fn user -> @@ -370,7 +370,7 @@ def run(["list"]) do start_pleroma() Pleroma.User.Query.build(%{local: true}) - |> Pleroma.RepoStreamer.chunk_stream(500) + |> Pleroma.Repo.chunk_stream(500, :batches) |> Stream.each(fn users -> users |> Enum.each(fn user -> diff --git a/lib/pleroma/repo.ex b/lib/pleroma/repo.ex index a75610879..4524bd5e2 100644 --- a/lib/pleroma/repo.ex +++ b/lib/pleroma/repo.ex @@ -49,6 +49,20 @@ def get_assoc(resource, association) do end end + @doc """ + Returns a lazy enumerable that emits all entries from the data store matching the given query. + + `returns_as` use to group records. use the `batches` option to fetch records in bulk. + + ## Examples + + # fetch records one-by-one + iex> Pleroma.Repo.chunk_stream(Pleroma.Activity.Queries.by_actor(ap_id), 500) + + # fetch records in bulk + iex> Pleroma.Repo.chunk_stream(Pleroma.Activity.Queries.by_actor(ap_id), 500, :batches) + """ + @spec chunk_stream(Ecto.Query.t(), integer(), atom()) :: Enumerable.t() def chunk_stream(query, chunk_size, returns_as \\ :one) do # We don't actually need start and end funcitons of resource streaming, # but it seems to be the only way to not fetch records one-by-one and diff --git a/lib/pleroma/repo_streamer.ex b/lib/pleroma/repo_streamer.ex deleted file mode 100644 index cb4d7bb7a..000000000 --- a/lib/pleroma/repo_streamer.ex +++ /dev/null @@ -1,34 +0,0 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - -defmodule Pleroma.RepoStreamer do - alias Pleroma.Repo - import Ecto.Query - - def chunk_stream(query, chunk_size) do - Stream.unfold(0, fn - :halt -> - {[], :halt} - - last_id -> - query - |> order_by(asc: :id) - |> where([r], r.id > ^last_id) - |> limit(^chunk_size) - |> Repo.all() - |> case do - [] -> - {[], :halt} - - records -> - last_id = List.last(records).id - {records, last_id} - end - end) - |> Stream.take_while(fn - [] -> false - _ -> true - end) - end -end diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index e73d19964..57497eb83 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -25,7 +25,6 @@ defmodule Pleroma.User do alias Pleroma.Object alias Pleroma.Registration alias Pleroma.Repo - alias Pleroma.RepoStreamer alias Pleroma.User alias Pleroma.UserRelationship alias Pleroma.Web @@ -1775,7 +1774,7 @@ def delete_notifications_from_user_activities(%User{ap_id: ap_id}) do def delete_user_activities(%User{ap_id: ap_id} = user) do ap_id |> Activity.Queries.by_actor() - |> RepoStreamer.chunk_stream(50) + |> Repo.chunk_stream(50, :batches) |> Stream.each(fn activities -> Enum.each(activities, fn activity -> delete_activity(activity, user) end) end) diff --git a/test/repo_test.exs b/test/repo_test.exs index 72c0b5071..155791be2 100644 --- a/test/repo_test.exs +++ b/test/repo_test.exs @@ -49,4 +49,32 @@ test "return error if has not assoc " do assert Repo.get_assoc(token, :user) == {:error, :not_found} end end + + describe "chunk_stream/3" do + test "fetch records one-by-one" do + users = insert_list(50, :user) + + {fetch_users, 50} = + from(t in User) + |> Repo.chunk_stream(5) + |> Enum.reduce({[], 0}, fn %User{} = user, {acc, count} -> + {acc ++ [user], count + 1} + end) + + assert users == fetch_users + end + + test "fetch records in bulk" do + users = insert_list(50, :user) + + {fetch_users, 10} = + from(t in User) + |> Repo.chunk_stream(5, :batches) + |> Enum.reduce({[], 0}, fn users, {acc, count} -> + {acc ++ users, count + 1} + end) + + assert users == fetch_users + end + end end From adb1b0282dfbced2b2986c90cff765be37dd5151 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Wed, 16 Sep 2020 17:23:05 +0300 Subject: [PATCH 228/264] ConnectionPool Worker: use monitor flush instead of checking ref `:flush` removes the DOWN message if one had arrived, so this check should no longer be necessary. --- lib/pleroma/gun/connection_pool/worker.ex | 25 ++++++++--------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/lib/pleroma/gun/connection_pool/worker.ex b/lib/pleroma/gun/connection_pool/worker.ex index 49d41e4c7..bf57e9e5f 100644 --- a/lib/pleroma/gun/connection_pool/worker.ex +++ b/lib/pleroma/gun/connection_pool/worker.ex @@ -93,25 +93,18 @@ def handle_call(:remove_client, {client_pid, _}, %{key: key} = state) do end) {ref, state} = pop_in(state.client_monitors[client_pid]) - # DOWN message can receive right after `remove_client` call and cause worker to terminate - state = - if is_nil(ref) do - state + + Process.demonitor(ref, [:flush]) + + timer = + if used_by == [] do + max_idle = Pleroma.Config.get([:connections_pool, :max_idle_time], 30_000) + Process.send_after(self(), :idle_close, max_idle) else - Process.demonitor(ref) - - timer = - if used_by == [] do - max_idle = Pleroma.Config.get([:connections_pool, :max_idle_time], 30_000) - Process.send_after(self(), :idle_close, max_idle) - else - nil - end - - %{state | timer: timer} + nil end - {:reply, :ok, state, :hibernate} + {:reply, :ok, %{state | timer: timer}, :hibernate} end @impl true From 7a88b726bf81e1610ade2b07ffd6af672b701600 Mon Sep 17 00:00:00 2001 From: lain Date: Wed, 16 Sep 2020 17:29:16 +0200 Subject: [PATCH 229/264] User: Remote users don't need to be confirmed or approved --- lib/pleroma/user.ex | 4 ++-- test/user_test.exs | 15 ++++++++++++--- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 57497eb83..1ffe60dfc 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -275,9 +275,9 @@ def binary_id(%User{} = user), do: binary_id(user.id) @spec account_status(User.t()) :: account_status() def account_status(%User{deactivated: true}), do: :deactivated def account_status(%User{password_reset_pending: true}), do: :password_reset_pending - def account_status(%User{approval_pending: true}), do: :approval_pending + def account_status(%User{local: true, approval_pending: true}), do: :approval_pending - def account_status(%User{confirmation_pending: true}) do + def account_status(%User{local: true, confirmation_pending: true}) do if Config.get([:instance, :account_activation_required]) do :confirmation_pending else diff --git a/test/user_test.exs b/test/user_test.exs index a910226b2..060918d71 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -1676,7 +1676,7 @@ test "returns true when the account is itself" do assert User.visible_for(user, user) == :visible end - test "returns false when the account is unauthenticated and auth is required" do + test "returns false when the account is unconfirmed and confirmation is required" do Pleroma.Config.put([:instance, :account_activation_required], true) user = insert(:user, local: true, confirmation_pending: true) @@ -1685,14 +1685,23 @@ test "returns false when the account is unauthenticated and auth is required" do refute User.visible_for(user, other_user) == :visible end - test "returns true when the account is unauthenticated and auth is not required" do + test "returns true when the account is unconfirmed and confirmation is required but the account is remote" do + Pleroma.Config.put([:instance, :account_activation_required], true) + + user = insert(:user, local: false, confirmation_pending: true) + other_user = insert(:user, local: true) + + assert User.visible_for(user, other_user) == :visible + end + + test "returns true when the account is unconfirmed and confirmation is not required" do user = insert(:user, local: true, confirmation_pending: true) other_user = insert(:user, local: true) assert User.visible_for(user, other_user) == :visible end - test "returns true when the account is unauthenticated and being viewed by a privileged account (auth required)" do + test "returns true when the account is unconfirmed and being viewed by a privileged account (confirmation required)" do Pleroma.Config.put([:instance, :account_activation_required], true) user = insert(:user, local: true, confirmation_pending: true) From 73e0e6a8a2efaac513077317229f72b128f3a3ea Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Wed, 16 Sep 2020 10:56:42 -0500 Subject: [PATCH 230/264] Remove unused import --- test/object/fetcher_test.exs | 1 - 1 file changed, 1 deletion(-) diff --git a/test/object/fetcher_test.exs b/test/object/fetcher_test.exs index 3173ee31c..14d2c645f 100644 --- a/test/object/fetcher_test.exs +++ b/test/object/fetcher_test.exs @@ -10,7 +10,6 @@ defmodule Pleroma.Object.FetcherTest do alias Pleroma.Object alias Pleroma.Object.Fetcher - import ExUnit.CaptureLog import Mock import Tesla.Mock From a781f41f969bd1a929005b2b5006a40d42855ae8 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 16 Sep 2020 22:30:42 +0300 Subject: [PATCH 231/264] [#2497] Media preview proxy: misc. improvements (`static` param support, dynamic fifo pipe path), refactoring. --- CHANGELOG.md | 3 +++ lib/pleroma/helpers/media_helper.ex | 4 +--- lib/pleroma/helpers/uri_helper.ex | 13 ++++++++----- .../web/mastodon_api/views/account_view.ex | 4 ++-- lib/pleroma/web/media_proxy/media_proxy.ex | 2 +- .../web/media_proxy/media_proxy_controller.ex | 19 ++++++++++++++++--- lib/pleroma/web/oauth/oauth_controller.ex | 4 ++-- 7 files changed, 33 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7a372e11..adea6d019 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Renamed `:timeout` in `pools` namespace to `:recv_timeout`, old name is deprecated. - Minimum lifetime for ephmeral activities changed to 10 minutes and made configurable (`:min_lifetime` option). +### Added +- Media preview proxy (requires media proxy be enabled; see `:media_preview_proxy` config for more details). + ### Removed - **Breaking:** `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab` (moved to a simpler implementation). diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index d834b4a07..9b7348ee2 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -9,8 +9,6 @@ defmodule Pleroma.Helpers.MediaHelper do alias Pleroma.HTTP - @tmp_base "/tmp/pleroma-media_preview-pipe" - def image_resize(url, options) do with executable when is_binary(executable) <- System.find_executable("convert"), {:ok, args} <- prepare_image_resize_args(options), @@ -103,7 +101,7 @@ defp run_fifo(fifo_path, env, executable, args) do end defp mkfifo do - path = "#{@tmp_base}#{to_charlist(:erlang.phash2(self()))}" + path = Path.join(System.tmp_dir!(), "pleroma-media-preview-pipe-#{Ecto.UUID.generate()}") case System.cmd("mkfifo", [path]) do {_, 0} -> diff --git a/lib/pleroma/helpers/uri_helper.ex b/lib/pleroma/helpers/uri_helper.ex index 9c9e53447..f1301f055 100644 --- a/lib/pleroma/helpers/uri_helper.ex +++ b/lib/pleroma/helpers/uri_helper.ex @@ -3,14 +3,17 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Helpers.UriHelper do - def append_uri_params(uri, appended_params) do + def modify_uri_params(uri, overridden_params, deleted_params \\ []) do uri = URI.parse(uri) - appended_params = for {k, v} <- appended_params, into: %{}, do: {to_string(k), v} - existing_params = URI.query_decoder(uri.query || "") |> Enum.into(%{}) - updated_params_keys = Enum.uniq(Map.keys(existing_params) ++ Map.keys(appended_params)) + + existing_params = URI.query_decoder(uri.query || "") |> Map.new() + overridden_params = Map.new(overridden_params, fn {k, v} -> {to_string(k), v} end) + deleted_params = Enum.map(deleted_params, &to_string/1) updated_params = - for k <- updated_params_keys, do: {k, appended_params[k] || existing_params[k]} + existing_params + |> Map.merge(overridden_params) + |> Map.drop(deleted_params) uri |> Map.put(:query, URI.encode_query(updated_params)) diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index a811f81c2..121ba1693 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -182,9 +182,9 @@ defp do_render("show.json", %{user: user} = opts) do display_name = user.name || user.nickname avatar = User.avatar_url(user) |> MediaProxy.url() - avatar_static = User.avatar_url(user) |> MediaProxy.preview_url(output_format: "jpeg") + avatar_static = User.avatar_url(user) |> MediaProxy.preview_url(static: true) header = User.banner_url(user) |> MediaProxy.url() - header_static = User.banner_url(user) |> MediaProxy.preview_url(output_format: "jpeg") + header_static = User.banner_url(user) |> MediaProxy.preview_url(static: true) following_count = if !user.hide_follows_count or !user.hide_follows or opts[:for] == user do diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex index ba553998b..8656b8cad 100644 --- a/lib/pleroma/web/media_proxy/media_proxy.ex +++ b/lib/pleroma/web/media_proxy/media_proxy.ex @@ -157,7 +157,7 @@ def build_url(sig_base64, url_base64, filename \\ nil) do def build_preview_url(sig_base64, url_base64, filename \\ nil, preview_params \\ []) do uri = proxy_url("proxy/preview", sig_base64, url_base64, filename) - UriHelper.append_uri_params(uri, preview_params) + UriHelper.modify_uri_params(uri, preview_params) end def verify_request_path_and_url( diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index 78df7763e..fe279e964 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do alias Pleroma.Config alias Pleroma.Helpers.MediaHelper + alias Pleroma.Helpers.UriHelper alias Pleroma.ReverseProxy alias Pleroma.Web.MediaProxy alias Plug.Conn @@ -74,14 +75,26 @@ defp handle_preview(conn, url) do end defp handle_preview( - "image/" <> _ = _content_type, + "image/gif" = _content_type, _content_length, - %{params: %{"output_format" => "jpeg"}} = conn, + %{params: %{"static" => static}} = conn, media_proxy_url - ) do + ) + when static in ["true", true] do handle_jpeg_preview(conn, media_proxy_url) end + defp handle_preview( + _content_type, + _content_length, + %{params: %{"static" => static}} = conn, + _media_proxy_url + ) + when static in ["true", true] do + uri_without_static_param = UriHelper.modify_uri_params(current_url(conn), %{}, ["static"]) + redirect(conn, external: uri_without_static_param) + end + defp handle_preview("image/gif" = _content_type, _content_length, conn, media_proxy_url) do redirect(conn, external: media_proxy_url) end diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 26e68be42..a4152e840 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -119,7 +119,7 @@ defp handle_existing_authorization( redirect_uri = redirect_uri(conn, redirect_uri) url_params = %{access_token: token.token} url_params = Maps.put_if_present(url_params, :state, params["state"]) - url = UriHelper.append_uri_params(redirect_uri, url_params) + url = UriHelper.modify_uri_params(redirect_uri, url_params) redirect(conn, external: url) else conn @@ -161,7 +161,7 @@ def after_create_authorization(%Plug.Conn{} = conn, %Authorization{} = auth, %{ redirect_uri = redirect_uri(conn, redirect_uri) url_params = %{code: auth.token} url_params = Maps.put_if_present(url_params, :state, auth_attrs["state"]) - url = UriHelper.append_uri_params(redirect_uri, url_params) + url = UriHelper.modify_uri_params(redirect_uri, url_params) redirect(conn, external: url) else conn From 5a8ea0a5b07c22d567a60af36345483fe880b638 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Thu, 17 Sep 2020 09:13:43 +0300 Subject: [PATCH 232/264] small refactoring --- lib/pleroma/user/import.ex | 10 ++------ lib/pleroma/workers/background_worker.ex | 29 +++--------------------- 2 files changed, 5 insertions(+), 34 deletions(-) diff --git a/lib/pleroma/user/import.ex b/lib/pleroma/user/import.ex index de27bdc4c..e458021c8 100644 --- a/lib/pleroma/user/import.ex +++ b/lib/pleroma/user/import.ex @@ -65,20 +65,14 @@ defp handle_error(op, user_id, error) do def blocks_import(%User{} = blocker, [_ | _] = identifiers) do BackgroundWorker.enqueue( "blocks_import", - %{ - "blocker_id" => blocker.id, - "blocked_identifiers" => identifiers - } + %{"user_id" => blocker.id, "identifiers" => identifiers} ) end def follow_import(%User{} = follower, [_ | _] = identifiers) do BackgroundWorker.enqueue( "follow_import", - %{ - "follower_id" => follower.id, - "followed_identifiers" => identifiers - } + %{"user_id" => follower.id, "identifiers" => identifiers} ) end diff --git a/lib/pleroma/workers/background_worker.ex b/lib/pleroma/workers/background_worker.ex index f9c767ee0..55b5a13d9 100644 --- a/lib/pleroma/workers/background_worker.ex +++ b/lib/pleroma/workers/background_worker.ex @@ -26,33 +26,10 @@ def perform(%Job{args: %{"op" => "force_password_reset", "user_id" => user_id}}) User.perform(:force_password_reset, user) end - def perform(%Job{ - args: %{ - "op" => "blocks_import", - "blocker_id" => blocker_id, - "blocked_identifiers" => blocked_identifiers - } - }) do - blocker = User.get_cached_by_id(blocker_id) - {:ok, User.Import.perform(:blocks_import, blocker, blocked_identifiers)} - end - - def perform(%Job{ - args: %{ - "op" => "follow_import", - "follower_id" => follower_id, - "followed_identifiers" => followed_identifiers - } - }) do - follower = User.get_cached_by_id(follower_id) - {:ok, User.Import.perform(:follow_import, follower, followed_identifiers)} - end - - def perform(%Job{ - args: %{"op" => "mutes_import", "user_id" => user_id, "identifiers" => identifiers} - }) do + def perform(%Job{args: %{"op" => op, "user_id" => user_id, "identifiers" => identifiers}}) + when op in ["blocks_import", "follow_import", "mutes_import"] do user = User.get_cached_by_id(user_id) - {:ok, User.Import.perform(:mutes_import, user, identifiers)} + {:ok, User.Import.perform(String.to_atom(op), user, identifiers)} end def perform(%Job{args: %{"op" => "media_proxy_preload", "message" => message}}) do From e39ff2616b6694f97ab793bc60b5caa7b509f0b1 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 17 Sep 2020 13:29:26 +0200 Subject: [PATCH 233/264] Admin chat api tests: Small additions. --- test/web/admin_api/controllers/admin_api_controller_test.exs | 2 +- test/web/admin_api/controllers/chat_controller_test.exs | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs index 3476fd0b4..e6ad210a2 100644 --- a/test/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/web/admin_api/controllers/admin_api_controller_test.exs @@ -1521,7 +1521,7 @@ test "excludes reblogs by default", %{conn: conn, user: user} do %{user: user} end - test "renders user's statuses", %{conn: conn, user: user} do + test "renders user's chats", %{conn: conn, user: user} do conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/chats") assert json_response(conn, 200) |> length() == 3 diff --git a/test/web/admin_api/controllers/chat_controller_test.exs b/test/web/admin_api/controllers/chat_controller_test.exs index e81484ce6..bd4c9c9d1 100644 --- a/test/web/admin_api/controllers/chat_controller_test.exs +++ b/test/web/admin_api/controllers/chat_controller_test.exs @@ -40,8 +40,10 @@ test "it deletes a message from the chat", %{conn: conn, admin: admin} do object = Object.normalize(message, false) chat = Chat.get(user.id, recipient.ap_id) + recipient_chat = Chat.get(recipient.id, user.ap_id) cm_ref = MessageReference.for_chat_and_object(chat, object) + recipient_cm_ref = MessageReference.for_chat_and_object(recipient_chat, object) result = conn @@ -56,6 +58,7 @@ test "it deletes a message from the chat", %{conn: conn, admin: admin} do assert result["id"] == cm_ref.id refute MessageReference.get_by_id(cm_ref.id) + refute MessageReference.get_by_id(recipient_cm_ref.id) assert %{data: %{"type" => "Tombstone"}} = Object.get_by_id(object.id) end end From 5e3c70afa5c02926a5578628431487e92b2175e9 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 17 Sep 2020 13:37:25 +0200 Subject: [PATCH 234/264] AdminAPI Chat tests: Remove factory. The factory system doesn't work too well with how the chats are done. Instead of tempting people to use it, let's rather use the CommonAPI system for now. --- test/support/factory.ex | 54 ------------------- .../controllers/admin_api_controller_test.exs | 13 +++-- 2 files changed, 8 insertions(+), 59 deletions(-) diff --git a/test/support/factory.ex b/test/support/factory.ex index e59d83242..2fdfabbc5 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -441,58 +441,4 @@ def filter_factory do phrase: "cofe" } end - - def chat_factory(attrs \\ %{}) do - user = attrs[:user] || insert(:user) - recipient = attrs[:recipient] || insert(:user) - - %Pleroma.Chat{ - user_id: user.id, - recipient: recipient.ap_id - } - end - - def chat_message_factory(attrs \\ %{}) do - text = sequence(:text, &"This is :moominmamma: chat message #{&1}") - chat = attrs[:chat] || insert(:chat) - - data = %{ - "type" => "ChatMessage", - "content" => text, - "id" => Pleroma.Web.ActivityPub.Utils.generate_object_id(), - "actor" => User.get_by_id(chat.user_id).ap_id, - "to" => [chat.recipient], - "published" => DateTime.utc_now() |> DateTime.to_iso8601() - } - - %Pleroma.Object{ - data: merge_attributes(data, Map.get(attrs, :data, %{})) - } - end - - def chat_message_activity_factory(attrs \\ %{}) do - chat = attrs[:chat] || insert(:chat) - chat_message = attrs[:chat_message] || insert(:chat_message, chat: chat) - - data_attrs = attrs[:data_attrs] || %{} - attrs = Map.drop(attrs, [:chat, :chat_message, :data_attrs]) - - data = - %{ - "id" => Pleroma.Web.ActivityPub.Utils.generate_activity_id(), - "type" => "Create", - "actor" => chat_message.data["actor"], - "to" => chat_message.data["to"], - "object" => chat_message.data["id"], - "published" => DateTime.utc_now() |> DateTime.to_iso8601() - } - |> Map.merge(data_attrs) - - %Pleroma.Activity{ - data: data, - actor: data["actor"], - recipients: data["to"] - } - |> Map.merge(attrs) - end end diff --git a/test/web/admin_api/controllers/admin_api_controller_test.exs b/test/web/admin_api/controllers/admin_api_controller_test.exs index e6ad210a2..e4d3512de 100644 --- a/test/web/admin_api/controllers/admin_api_controller_test.exs +++ b/test/web/admin_api/controllers/admin_api_controller_test.exs @@ -1513,10 +1513,11 @@ test "excludes reblogs by default", %{conn: conn, user: user} do describe "GET /api/pleroma/admin/users/:nickname/chats" do setup do user = insert(:user) + recipients = insert_list(3, :user) - insert(:chat, user: user) - insert(:chat, user: user) - insert(:chat, user: user) + Enum.each(recipients, fn recipient -> + CommonAPI.post_chat_message(user, recipient, "yo") + end) %{user: user} end @@ -1531,7 +1532,8 @@ test "renders user's chats", %{conn: conn, user: user} do describe "GET /api/pleroma/admin/users/:nickname/chats unauthorized" do setup do user = insert(:user) - insert(:chat, user: user) + recipient = insert(:user) + CommonAPI.post_chat_message(user, recipient, "yo") %{conn: conn} = oauth_access(["read:chats"]) %{conn: conn, user: user} end @@ -1546,7 +1548,8 @@ test "returns 403", %{conn: conn, user: user} do describe "GET /api/pleroma/admin/users/:nickname/chats unauthenticated" do setup do user = insert(:user) - insert(:chat, user: user) + recipient = insert(:user) + CommonAPI.post_chat_message(user, recipient, "yo") %{conn: build_conn(), user: user} end From 582ad5d4e1587b3dba9d879bd68dd9a315c8446e Mon Sep 17 00:00:00 2001 From: eugenijm Date: Sun, 30 Aug 2020 15:15:14 +0300 Subject: [PATCH 235/264] AdminAPI: Allow to modify Terms of Service and Instance Panel via Admin API --- CHANGELOG.md | 6 + docs/API/admin_api.md | 42 +++++++ .../instance_document_controller.ex | 37 ++++++ .../admin/instance_document_operation.ex | 108 +++++++++++++++++ lib/pleroma/web/instance_document.ex | 62 ++++++++++ lib/pleroma/web/router.ex | 4 + test/fixtures/custom_instance_panel.html | 1 + .../instance_document_controller_test.exs | 112 ++++++++++++++++++ 8 files changed, 372 insertions(+) create mode 100644 lib/pleroma/web/admin_api/controllers/instance_document_controller.ex create mode 100644 lib/pleroma/web/api_spec/operations/admin/instance_document_operation.ex create mode 100644 lib/pleroma/web/instance_document.ex create mode 100644 test/fixtures/custom_instance_panel.html create mode 100644 test/web/admin_api/controllers/instance_document_controller_test.exs diff --git a/CHANGELOG.md b/CHANGELOG.md index f7a372e11..1ec6c11cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,12 @@ switched to a new configuration mechanism, however it was not officially removed ### Added - Rich media failure tracking (along with `:failure_backoff` option). +
+ Admin API Changes + +- Add `PATCH /api/pleroma/admin/instance_document/:document_name` to modify the Terms of Service and Instance Panel HTML pages via Admin API +
+ ### Fixed - Default HTTP adapter not respecting pool setting, leading to possible OOM. - Fixed uploading webp images when the Exiftool Upload Filter is enabled by skipping them diff --git a/docs/API/admin_api.md b/docs/API/admin_api.md index bc96abbf0..eba92dd1f 100644 --- a/docs/API/admin_api.md +++ b/docs/API/admin_api.md @@ -1455,3 +1455,45 @@ Loads json generated from `config/descriptions.exs`. "unread": false } ``` + +## `GET /api/pleroma/admin/instance_document/:document_name` + +### Gets an instance document + +- Authentication: required + +- Response: + +``` json +{ + "url": "https://example.com/instance/panel.html" +} +``` + +## `PATCH /api/pleroma/admin/instance_document/:document_name` +- Params: + - `file` (the file to be uploaded, using multipart form data.) + +### Updates an instance document + +- Authentication: required + +- Response: + +``` json +{ + "url": "https://example.com/instance/panel.html" +} +``` + +## `DELETE /api/pleroma/admin/instance_document/:document_name` + +### Delete an instance document + +- Response: + +``` json +{ + "url": "https://example.com/instance/panel.html" +} +``` diff --git a/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex b/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex new file mode 100644 index 000000000..2144e44ac --- /dev/null +++ b/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex @@ -0,0 +1,37 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.AdminAPI.InstanceDocumentController do + use Pleroma.Web, :controller + + alias Pleroma.Plugs.OAuthScopesPlug + alias Pleroma.Web.InstanceDocument + + plug(Pleroma.Web.ApiSpec.CastAndValidate) + + action_fallback(Pleroma.Web.AdminAPI.FallbackController) + + defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.Admin.InstanceDocumentOperation + + plug(OAuthScopesPlug, %{scopes: ["read"], admin: true} when action == :show) + plug(OAuthScopesPlug, %{scopes: ["write"], admin: true} when action in [:update, :delete]) + + def show(conn, %{name: document_name}) do + with {:ok, url} <- InstanceDocument.get(document_name) do + json(conn, %{"url" => url}) + end + end + + def update(%{body_params: %{file: file}} = conn, %{name: document_name}) do + with {:ok, url} <- InstanceDocument.put(document_name, file.path) do + json(conn, %{"url" => url}) + end + end + + def delete(conn, %{name: document_name}) do + with :ok <- InstanceDocument.delete(document_name) do + json(conn, %{}) + end + end +end diff --git a/lib/pleroma/web/api_spec/operations/admin/instance_document_operation.ex b/lib/pleroma/web/api_spec/operations/admin/instance_document_operation.ex new file mode 100644 index 000000000..e0eb993fb --- /dev/null +++ b/lib/pleroma/web/api_spec/operations/admin/instance_document_operation.ex @@ -0,0 +1,108 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.ApiSpec.Admin.InstanceDocumentOperation do + alias OpenApiSpex.Operation + alias OpenApiSpex.Schema + alias Pleroma.Web.ApiSpec.Helpers + alias Pleroma.Web.ApiSpec.Schemas.ApiError + + def open_api_operation(action) do + operation = String.to_existing_atom("#{action}_operation") + apply(__MODULE__, operation, []) + end + + def show_operation do + %Operation{ + tags: ["Admin", "InstanceDocument"], + summary: "Get the instance document", + operationId: "AdminAPI.InstanceDocumentController.show", + security: [%{"oAuth" => ["read"]}], + parameters: [ + Operation.parameter(:name, :path, %Schema{type: :string}, "The document name", + required: true + ) + | Helpers.admin_api_params() + ], + responses: %{ + 200 => Operation.response("InstanceDocument", "application/json", instance_document()), + 400 => Operation.response("Bad Request", "application/json", ApiError), + 403 => Operation.response("Forbidden", "application/json", ApiError), + 404 => Operation.response("Not Found", "application/json", ApiError) + } + } + end + + def update_operation do + %Operation{ + tags: ["Admin", "InstanceDocument"], + summary: "Update the instance document", + operationId: "AdminAPI.InstanceDocumentController.update", + security: [%{"oAuth" => ["write"]}], + requestBody: Helpers.request_body("Parameters", update_request()), + parameters: [ + Operation.parameter(:name, :path, %Schema{type: :string}, "The document name", + required: true + ) + | Helpers.admin_api_params() + ], + responses: %{ + 200 => Operation.response("InstanceDocument", "application/json", instance_document()), + 400 => Operation.response("Bad Request", "application/json", ApiError), + 403 => Operation.response("Forbidden", "application/json", ApiError), + 404 => Operation.response("Not Found", "application/json", ApiError) + } + } + end + + defp update_request do + %Schema{ + title: "UpdateRequest", + description: "POST body for uploading the file", + type: :object, + required: [:file], + properties: %{ + file: %Schema{ + type: :string, + format: :binary, + description: "The file to be uploaded, using multipart form data." + } + } + } + end + + def delete_operation do + %Operation{ + tags: ["Admin", "InstanceDocument"], + summary: "Get the instance document", + operationId: "AdminAPI.InstanceDocumentController.delete", + security: [%{"oAuth" => ["write"]}], + parameters: [ + Operation.parameter(:name, :path, %Schema{type: :string}, "The document name", + required: true + ) + | Helpers.admin_api_params() + ], + responses: %{ + 200 => Operation.response("InstanceDocument", "application/json", instance_document()), + 400 => Operation.response("Bad Request", "application/json", ApiError), + 403 => Operation.response("Forbidden", "application/json", ApiError), + 404 => Operation.response("Not Found", "application/json", ApiError) + } + } + end + + defp instance_document do + %Schema{ + title: "InstanceDocument", + type: :object, + properties: %{ + url: %Schema{type: :string} + }, + example: %{ + "url" => "https://example.com/static/terms-of-service.html" + } + } + end +end diff --git a/lib/pleroma/web/instance_document.ex b/lib/pleroma/web/instance_document.ex new file mode 100644 index 000000000..969a44e41 --- /dev/null +++ b/lib/pleroma/web/instance_document.ex @@ -0,0 +1,62 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.InstanceDocument do + alias Pleroma.Config + alias Pleroma.Web.Endpoint + + @instance_documents %{ + "terms-of-service" => "/static/terms-of-service.html", + "instance-panel" => "/instance/panel.html" + } + + @spec get(String.t()) :: {:ok, String.t()} | {:error, atom()} + def get(document_name) do + case Map.fetch(@instance_documents, document_name) do + {:ok, path} -> {:ok, Path.join(Endpoint.url(), path)} + _ -> {:error, :not_found} + end + end + + @spec put(String.t(), String.t()) :: {:ok, String.t()} | {:error, atom()} + def put(document_name, origin_path) do + with {_, {:ok, destination_path}} <- + {:instance_document, Map.fetch(@instance_documents, document_name)}, + :ok <- put_file(origin_path, destination_path) do + {:ok, Path.join(Endpoint.url(), destination_path)} + else + {:instance_document, :error} -> {:error, :not_found} + error -> error + end + end + + @spec delete(String.t()) :: :ok | {:error, atom()} + def delete(document_name) do + with {_, {:ok, path}} <- {:instance_document, Map.fetch(@instance_documents, document_name)}, + instance_static_dir_path <- instance_static_dir(path), + :ok <- File.rm(instance_static_dir_path) do + :ok + else + {:instance_document, :error} -> {:error, :not_found} + {:error, :enoent} -> {:error, :not_found} + error -> error + end + end + + defp put_file(origin_path, destination_path) do + with destination <- instance_static_dir(destination_path), + {_, :ok} <- {:mkdir_p, File.mkdir_p(Path.dirname(destination))}, + {_, {:ok, _}} <- {:copy, File.copy(origin_path, destination)} do + :ok + else + {error, _} -> {:error, error} + end + end + + defp instance_static_dir(filename) do + [:instance, :static_dir] + |> Config.get!() + |> Path.join(filename) + end +end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index e4440d442..a4a58c2c4 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -182,6 +182,10 @@ defmodule Pleroma.Web.Router do get("/instances/:instance/statuses", AdminAPIController, :list_instance_statuses) + get("/instance_document/:name", InstanceDocumentController, :show) + patch("/instance_document/:name", InstanceDocumentController, :update) + delete("/instance_document/:name", InstanceDocumentController, :delete) + patch("/users/confirm_email", AdminAPIController, :confirm_email) patch("/users/resend_confirmation_email", AdminAPIController, :resend_confirmation_email) diff --git a/test/fixtures/custom_instance_panel.html b/test/fixtures/custom_instance_panel.html new file mode 100644 index 000000000..6371a1e43 --- /dev/null +++ b/test/fixtures/custom_instance_panel.html @@ -0,0 +1 @@ +

Custom instance panel

\ No newline at end of file diff --git a/test/web/admin_api/controllers/instance_document_controller_test.exs b/test/web/admin_api/controllers/instance_document_controller_test.exs new file mode 100644 index 000000000..60dcc9dff --- /dev/null +++ b/test/web/admin_api/controllers/instance_document_controller_test.exs @@ -0,0 +1,112 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.AdminAPI.InstanceDocumentControllerTest do + use Pleroma.Web.ConnCase, async: true + import Pleroma.Factory + alias Pleroma.Config + + @dir "test/tmp/instance_static" + @default_instance_panel ~s(

Welcome to Pleroma!

) + + setup do + File.mkdir_p!(@dir) + on_exit(fn -> File.rm_rf(@dir) end) + end + + setup do: clear_config([:instance, :static_dir], @dir) + + setup do + admin = insert(:user, is_admin: true) + token = insert(:oauth_admin_token, user: admin) + + conn = + build_conn() + |> assign(:user, admin) + |> assign(:token, token) + + {:ok, %{admin: admin, token: token, conn: conn}} + end + + describe "GET /api/pleroma/admin/instance_document/:name" do + test "return the instance document url", %{conn: conn} do + conn = get(conn, "/api/pleroma/admin/instance_document/instance-panel") + + assert %{"url" => url} = json_response_and_validate_schema(conn, 200) + index = get(build_conn(), url) + response = html_response(index, 200) + assert String.contains?(response, @default_instance_panel) + end + + test "it returns 403 if requested by a non-admin" do + non_admin_user = insert(:user) + token = insert(:oauth_token, user: non_admin_user) + + conn = + build_conn() + |> assign(:user, non_admin_user) + |> assign(:token, token) + |> get("/api/pleroma/admin/instance_document/instance-panel") + + assert json_response(conn, :forbidden) + end + + test "it returns 404 if the instance document with the given name doesn't exist", %{ + conn: conn + } do + conn = get(conn, "/api/pleroma/admin/instance_document/1234") + + assert json_response_and_validate_schema(conn, 404) + end + end + + describe "PATCH /api/pleroma/admin/instance_document/:name" do + test "uploads the instance document", %{conn: conn} do + image = %Plug.Upload{ + content_type: "text/html", + path: Path.absname("test/fixtures/custom_instance_panel.html"), + filename: "custom_instance_panel.html" + } + + conn = + conn + |> put_req_header("content-type", "multipart/form-data") + |> patch("/api/pleroma/admin/instance_document/instance-panel", %{ + "file" => image + }) + + assert %{"url" => url} = json_response_and_validate_schema(conn, 200) + index = get(build_conn(), url) + assert html_response(index, 200) == "

Custom instance panel

" + end + end + + describe "DELETE /api/pleroma/admin/instance_document/:name" do + test "deletes the instance document", %{conn: conn} do + File.mkdir!(@dir <> "/instance/") + File.write!(@dir <> "/instance/panel.html", "Custom instance panel") + + conn_resp = + conn + |> get("/api/pleroma/admin/instance_document/instance-panel") + + assert %{"url" => url} = json_response_and_validate_schema(conn_resp, 200) + index = get(build_conn(), url) + assert html_response(index, 200) == "Custom instance panel" + + conn + |> delete("/api/pleroma/admin/instance_document/instance-panel") + |> json_response_and_validate_schema(200) + + conn_resp = + conn + |> get("/api/pleroma/admin/instance_document/instance-panel") + + assert %{"url" => url} = json_response_and_validate_schema(conn_resp, 200) + index = get(build_conn(), url) + response = html_response(index, 200) + assert String.contains?(response, @default_instance_panel) + end + end +end From f58262c673616661baf9750c216a07d239ae99c3 Mon Sep 17 00:00:00 2001 From: stwf Date: Thu, 17 Sep 2020 09:48:17 -0400 Subject: [PATCH 236/264] add description to changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75357f05e..a7a4f08ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Renamed `:await_up_timeout` in `:connections_pool` namespace to `:connect_timeout`, old name is deprecated. - Renamed `:timeout` in `pools` namespace to `:recv_timeout`, old name is deprecated. +- The `discoverable` field in the `User` struct will now add a NOINDEX metatag to profile pages when false. ### Removed From c711a2b15761db9d2d30035e9fee0783f0bf77b0 Mon Sep 17 00:00:00 2001 From: eugenijm Date: Thu, 17 Sep 2020 16:54:38 +0300 Subject: [PATCH 237/264] Return the file content for `GET /api/pleroma/admin/instance_document/:document_name` --- docs/API/admin_api.md | 12 ++++++------ .../controllers/instance_document_controller.ex | 8 ++++++-- .../admin/instance_document_operation.ex | 9 ++++++++- lib/pleroma/web/instance_document.ex | 2 +- .../instance_document_controller_test.exs | 16 +++++----------- 5 files changed, 26 insertions(+), 21 deletions(-) diff --git a/docs/API/admin_api.md b/docs/API/admin_api.md index eba92dd1f..7992db58f 100644 --- a/docs/API/admin_api.md +++ b/docs/API/admin_api.md @@ -1458,23 +1458,23 @@ Loads json generated from `config/descriptions.exs`. ## `GET /api/pleroma/admin/instance_document/:document_name` -### Gets an instance document +### Get an instance document - Authentication: required - Response: -``` json -{ - "url": "https://example.com/instance/panel.html" -} +Returns the content of the document + +```html +

Instance panel

``` ## `PATCH /api/pleroma/admin/instance_document/:document_name` - Params: - `file` (the file to be uploaded, using multipart form data.) -### Updates an instance document +### Update an instance document - Authentication: required diff --git a/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex b/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex index 2144e44ac..504d9b517 100644 --- a/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex +++ b/lib/pleroma/web/admin_api/controllers/instance_document_controller.ex @@ -5,6 +5,7 @@ defmodule Pleroma.Web.AdminAPI.InstanceDocumentController do use Pleroma.Web, :controller + alias Pleroma.Plugs.InstanceStatic alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.Web.InstanceDocument @@ -18,8 +19,11 @@ defmodule Pleroma.Web.AdminAPI.InstanceDocumentController do plug(OAuthScopesPlug, %{scopes: ["write"], admin: true} when action in [:update, :delete]) def show(conn, %{name: document_name}) do - with {:ok, url} <- InstanceDocument.get(document_name) do - json(conn, %{"url" => url}) + with {:ok, url} <- InstanceDocument.get(document_name), + {:ok, content} <- File.read(InstanceStatic.file_path(url)) do + conn + |> put_resp_content_type("text/html") + |> send_resp(200, content) end end diff --git a/lib/pleroma/web/api_spec/operations/admin/instance_document_operation.ex b/lib/pleroma/web/api_spec/operations/admin/instance_document_operation.ex index e0eb993fb..a120ff4e8 100644 --- a/lib/pleroma/web/api_spec/operations/admin/instance_document_operation.ex +++ b/lib/pleroma/web/api_spec/operations/admin/instance_document_operation.ex @@ -26,7 +26,7 @@ def show_operation do | Helpers.admin_api_params() ], responses: %{ - 200 => Operation.response("InstanceDocument", "application/json", instance_document()), + 200 => document_content(), 400 => Operation.response("Bad Request", "application/json", ApiError), 403 => Operation.response("Forbidden", "application/json", ApiError), 404 => Operation.response("Not Found", "application/json", ApiError) @@ -105,4 +105,11 @@ defp instance_document do } } end + + defp document_content do + Operation.response("InstanceDocumentContent", "text/html", %Schema{ + type: :string, + example: "

Instance panel

" + }) + end end diff --git a/lib/pleroma/web/instance_document.ex b/lib/pleroma/web/instance_document.ex index 969a44e41..df5caebf0 100644 --- a/lib/pleroma/web/instance_document.ex +++ b/lib/pleroma/web/instance_document.ex @@ -14,7 +14,7 @@ defmodule Pleroma.Web.InstanceDocument do @spec get(String.t()) :: {:ok, String.t()} | {:error, atom()} def get(document_name) do case Map.fetch(@instance_documents, document_name) do - {:ok, path} -> {:ok, Path.join(Endpoint.url(), path)} + {:ok, path} -> {:ok, path} _ -> {:error, :not_found} end end diff --git a/test/web/admin_api/controllers/instance_document_controller_test.exs b/test/web/admin_api/controllers/instance_document_controller_test.exs index 60dcc9dff..5f7b042f6 100644 --- a/test/web/admin_api/controllers/instance_document_controller_test.exs +++ b/test/web/admin_api/controllers/instance_document_controller_test.exs @@ -33,10 +33,8 @@ defmodule Pleroma.Web.AdminAPI.InstanceDocumentControllerTest do test "return the instance document url", %{conn: conn} do conn = get(conn, "/api/pleroma/admin/instance_document/instance-panel") - assert %{"url" => url} = json_response_and_validate_schema(conn, 200) - index = get(build_conn(), url) - response = html_response(index, 200) - assert String.contains?(response, @default_instance_panel) + assert content = html_response(conn, 200) + assert String.contains?(content, @default_instance_panel) end test "it returns 403 if requested by a non-admin" do @@ -91,9 +89,7 @@ test "deletes the instance document", %{conn: conn} do conn |> get("/api/pleroma/admin/instance_document/instance-panel") - assert %{"url" => url} = json_response_and_validate_schema(conn_resp, 200) - index = get(build_conn(), url) - assert html_response(index, 200) == "Custom instance panel" + assert html_response(conn_resp, 200) == "Custom instance panel" conn |> delete("/api/pleroma/admin/instance_document/instance-panel") @@ -103,10 +99,8 @@ test "deletes the instance document", %{conn: conn} do conn |> get("/api/pleroma/admin/instance_document/instance-panel") - assert %{"url" => url} = json_response_and_validate_schema(conn_resp, 200) - index = get(build_conn(), url) - response = html_response(index, 200) - assert String.contains?(response, @default_instance_panel) + assert content = html_response(conn_resp, 200) + assert String.contains?(content, @default_instance_panel) end end end From db80b9d630f9fc72ebc269cb24142501116c269a Mon Sep 17 00:00:00 2001 From: rinpatch Date: Thu, 17 Sep 2020 16:13:21 +0300 Subject: [PATCH 238/264] RichMedia: Fix log spam on failures and resetting TTL on cached errors --- lib/pleroma/web/rich_media/parser.ex | 67 +++++++++++++++++++--------- 1 file changed, 46 insertions(+), 21 deletions(-) diff --git a/lib/pleroma/web/rich_media/parser.ex b/lib/pleroma/web/rich_media/parser.ex index 33f6f1fa1..c70d2fdba 100644 --- a/lib/pleroma/web/rich_media/parser.ex +++ b/lib/pleroma/web/rich_media/parser.ex @@ -20,36 +20,61 @@ def parse(url) do with {:ok, data} <- get_cached_or_parse(url), {:ok, _} <- set_ttl_based_on_image(data, url) do {:ok, data} - else - {:error, {:invalid_metadata, data}} = e -> - Logger.debug(fn -> "Incomplete or invalid metadata for #{url}: #{inspect(data)}" end) - e - - error -> - Logger.error(fn -> "Rich media error for #{url}: #{inspect(error)}" end) - error end end defp get_cached_or_parse(url) do - case Cachex.fetch!(:rich_media_cache, url, fn _ -> {:commit, parse_url(url)} end) do - {:ok, _data} = res -> - res + case Cachex.fetch(:rich_media_cache, url, fn -> + case parse_url(url) do + {:ok, _} = res -> + {:commit, res} - {:error, :body_too_large} = e -> - e + {:error, reason} = e -> + # Unfortunately we have to log errors here, instead of doing that + # along with ttl setting at the bottom. Otherwise we can get log spam + # if more than one process was waiting for the rich media card + # while it was generated. Ideally we would set ttl here as well, + # so we don't override it number_of_waiters_on_generation + # times, but one, obviously, can't set ttl for not-yet-created entry + # and Cachex doesn't support returning ttl from the fetch callback. + log_error(url, reason) + {:commit, e} + end + end) do + {action, res} when action in [:commit, :ok] -> + case res do + {:ok, _data} = res -> + res - {:error, {:content_type, _}} = e -> - e + {:error, reason} = e -> + if action == :commit, do: set_error_ttl(url, reason) + e + end - # The TTL is not set for the errors above, since they are unlikely to change - # with time - {:error, _} = e -> - ttl = Pleroma.Config.get([:rich_media, :failure_backoff], 60_000) - Cachex.expire(:rich_media_cache, url, ttl) - e + {:error, e} -> + {:error, {:cachex_error, e}} end end + + defp set_error_ttl(_url, :body_too_large), do: :ok + defp set_error_ttl(_url, {:content_type, _}), do: :ok + + # The TTL is not set for the errors above, since they are unlikely to change + # with time + + defp set_error_ttl(url, _reason) do + ttl = Pleroma.Config.get([:rich_media, :failure_backoff], 60_000) + Cachex.expire(:rich_media_cache, url, ttl) + :ok + end + + defp log_error(url, {:invalid_metadata, data}) do + Logger.debug(fn -> "Incomplete or invalid metadata for #{url}: #{inspect(data)}" end) + end + + defp log_error(url, reason) do + Logger.warn(fn -> "Rich media error for #{url}: #{inspect(reason)}" end) + end end @doc """ From 7cdbd91d83c02a79c22783ca489ef82e82b31a51 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 17 Sep 2020 17:13:40 +0300 Subject: [PATCH 239/264] [#2497] Configurability of :min_content_length (preview proxy). Refactoring, documentation, tests. --- config/config.exs | 3 +- config/description.exs | 12 +- docs/configuration/cheatsheet.md | 8 + lib/pleroma/helpers/media_helper.ex | 1 + .../web/media_proxy/media_proxy_controller.ex | 90 +++--- test/fixtures/image.gif | Bin 0 -> 1001718 bytes test/fixtures/image.png | Bin 0 -> 104426 bytes .../media_proxy_controller_test.exs | 278 +++++++++++++++++- 8 files changed, 329 insertions(+), 63 deletions(-) create mode 100755 test/fixtures/image.gif create mode 100755 test/fixtures/image.png diff --git a/config/config.exs b/config/config.exs index 2ca2236a9..98c31ef86 100644 --- a/config/config.exs +++ b/config/config.exs @@ -444,7 +444,8 @@ enabled: false, thumbnail_max_width: 600, thumbnail_max_height: 600, - image_quality: 85 + image_quality: 85, + min_content_length: 100 * 1024 config :pleroma, :chat, enabled: true diff --git a/config/description.exs b/config/description.exs index 79e3cc259..4a5d5f2ea 100644 --- a/config/description.exs +++ b/config/description.exs @@ -1961,17 +1961,25 @@ %{ key: :thumbnail_max_width, type: :integer, - description: "Max width of preview thumbnail." + description: + "Max width of preview thumbnail for images (video preview always has original dimensions)." }, %{ key: :thumbnail_max_height, type: :integer, - description: "Max height of preview thumbnail." + description: + "Max height of preview thumbnail for images (video preview always has original dimensions)." }, %{ key: :image_quality, type: :integer, description: "Quality of the output. Ranges from 0 (min quality) to 100 (max quality)." + }, + %{ + key: :min_content_length, + type: :integer, + description: + "Min content length to perform preview, in bytes. If greater than 0, media smaller in size will be served as is, without thumbnailing." } ] }, diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index 054b8fe43..d7c342383 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -314,6 +314,14 @@ This section describe PWA manifest instance-specific values. Currently this opti * `enabled`: Enables purge cache * `provider`: Which one of the [purge cache strategy](#purge-cache-strategy) to use. +## :media_preview_proxy + +* `enabled`: Enables proxying of remote media preview to the instance’s proxy. Requires enabled media proxy (`media_proxy/enabled`). +* `thumbnail_max_width`: Max width of preview thumbnail for images (video preview always has original dimensions). +* `thumbnail_max_height`: Max height of preview thumbnail for images (video preview always has original dimensions). +* `image_quality`: Quality of the output. Ranges from 0 (min quality) to 100 (max quality). +* `min_content_length`: Min content length to perform preview, in bytes. If greater than 0, media smaller in size will be served as is, without thumbnailing. + ### Purge cache strategy #### Pleroma.Web.MediaProxy.Invalidation.Script diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex index 9b7348ee2..b6f35a24b 100644 --- a/lib/pleroma/helpers/media_helper.ex +++ b/lib/pleroma/helpers/media_helper.ex @@ -58,6 +58,7 @@ defp prepare_image_resize_args(%{max_width: max_width, max_height: max_height} = defp prepare_image_resize_args(_), do: {:error, :missing_options} + # Note: video thumbnail is intentionally not resized (always has original dimensions) def video_framegrab(url) do with executable when is_binary(executable) <- System.find_executable("ffmpeg"), {:ok, env} <- HTTP.get(url, [], pool: :media), diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex index fe279e964..90651ed9b 100644 --- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex +++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex @@ -12,8 +12,6 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do alias Pleroma.Web.MediaProxy alias Plug.Conn - @min_content_length_for_preview 100 * 1024 - def remote(conn, %{"sig" => sig64, "url" => url64}) do with {_, true} <- {:enabled, MediaProxy.enabled?()}, {:ok, url} <- MediaProxy.decode_url(sig64, url64), @@ -37,7 +35,8 @@ def remote(conn, %{"sig" => sig64, "url" => url64}) do def preview(%Conn{} = conn, %{"sig" => sig64, "url" => url64}) do with {_, true} <- {:enabled, MediaProxy.preview_enabled?()}, - {:ok, url} <- MediaProxy.decode_url(sig64, url64) do + {:ok, url} <- MediaProxy.decode_url(sig64, url64), + :ok <- MediaProxy.verify_request_path_and_url(conn, url) do handle_preview(conn, url) else {:enabled, false} -> @@ -59,8 +58,25 @@ defp handle_preview(conn, url) do content_type = Tesla.get_header(head_response, "content-type") content_length = Tesla.get_header(head_response, "content-length") content_length = content_length && String.to_integer(content_length) + static = conn.params["static"] in ["true", true] - handle_preview(content_type, content_length, conn, media_proxy_url) + cond do + static and content_type == "image/gif" -> + handle_jpeg_preview(conn, media_proxy_url) + + static -> + drop_static_param_and_redirect(conn) + + content_type == "image/gif" -> + redirect(conn, external: media_proxy_url) + + min_content_length_for_preview() > 0 and content_length > 0 and + content_length < min_content_length_for_preview() -> + redirect(conn, external: media_proxy_url) + + true -> + handle_preview(content_type, conn, media_proxy_url) + end else # If HEAD failed, redirecting to media proxy URI doesn't make much sense; returning an error {_, %{status: status}} -> @@ -74,58 +90,27 @@ defp handle_preview(conn, url) do end end - defp handle_preview( - "image/gif" = _content_type, - _content_length, - %{params: %{"static" => static}} = conn, - media_proxy_url - ) - when static in ["true", true] do - handle_jpeg_preview(conn, media_proxy_url) - end - - defp handle_preview( - _content_type, - _content_length, - %{params: %{"static" => static}} = conn, - _media_proxy_url - ) - when static in ["true", true] do - uri_without_static_param = UriHelper.modify_uri_params(current_url(conn), %{}, ["static"]) - redirect(conn, external: uri_without_static_param) - end - - defp handle_preview("image/gif" = _content_type, _content_length, conn, media_proxy_url) do - redirect(conn, external: media_proxy_url) - end - - defp handle_preview("image/" <> _ = _content_type, content_length, conn, media_proxy_url) - when is_integer(content_length) and content_length > 0 and - content_length < @min_content_length_for_preview do - redirect(conn, external: media_proxy_url) - end - - defp handle_preview("image/png" <> _ = _content_type, _content_length, conn, media_proxy_url) do + defp handle_preview("image/png" <> _ = _content_type, conn, media_proxy_url) do handle_png_preview(conn, media_proxy_url) end - defp handle_preview("image/" <> _ = _content_type, _content_length, conn, media_proxy_url) do + defp handle_preview("image/" <> _ = _content_type, conn, media_proxy_url) do handle_jpeg_preview(conn, media_proxy_url) end - defp handle_preview("video/" <> _ = _content_type, _content_length, conn, media_proxy_url) do + defp handle_preview("video/" <> _ = _content_type, conn, media_proxy_url) do handle_video_preview(conn, media_proxy_url) end - defp handle_preview(_unsupported_content_type, _content_length, conn, media_proxy_url) do + defp handle_preview(_unsupported_content_type, conn, media_proxy_url) do fallback_on_preview_error(conn, media_proxy_url) end defp handle_png_preview(conn, media_proxy_url) do quality = Config.get!([:media_preview_proxy, :image_quality]) + {thumbnail_max_width, thumbnail_max_height} = thumbnail_max_dimensions() - with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(), - {:ok, thumbnail_binary} <- + with {:ok, thumbnail_binary} <- MediaHelper.image_resize( media_proxy_url, %{ @@ -146,9 +131,9 @@ defp handle_png_preview(conn, media_proxy_url) do defp handle_jpeg_preview(conn, media_proxy_url) do quality = Config.get!([:media_preview_proxy, :image_quality]) + {thumbnail_max_width, thumbnail_max_height} = thumbnail_max_dimensions() - with {thumbnail_max_width, thumbnail_max_height} <- thumbnail_max_dimensions(), - {:ok, thumbnail_binary} <- + with {:ok, thumbnail_binary} <- MediaHelper.image_resize( media_proxy_url, %{max_width: thumbnail_max_width, max_height: thumbnail_max_height, quality: quality} @@ -174,6 +159,15 @@ defp handle_video_preview(conn, media_proxy_url) do end end + defp drop_static_param_and_redirect(conn) do + uri_without_static_param = + conn + |> current_url() + |> UriHelper.modify_uri_params(%{}, ["static"]) + + redirect(conn, external: uri_without_static_param) + end + defp fallback_on_preview_error(conn, media_proxy_url) do redirect(conn, external: media_proxy_url) end @@ -189,7 +183,7 @@ defp put_preview_response_headers( end defp thumbnail_max_dimensions do - config = Config.get([:media_preview_proxy], []) + config = media_preview_proxy_config() thumbnail_max_width = Keyword.fetch!(config, :thumbnail_max_width) thumbnail_max_height = Keyword.fetch!(config, :thumbnail_max_height) @@ -197,6 +191,14 @@ defp thumbnail_max_dimensions do {thumbnail_max_width, thumbnail_max_height} end + defp min_content_length_for_preview do + Keyword.get(media_preview_proxy_config(), :min_content_length, 0) + end + + defp media_preview_proxy_config do + Config.get!([:media_preview_proxy]) + end + defp media_proxy_opts do Config.get([:media_proxy, :proxy_opts], []) end diff --git a/test/fixtures/image.gif b/test/fixtures/image.gif new file mode 100755 index 0000000000000000000000000000000000000000..9df64778b72095084f03e1dcb7b57273e58ce8db GIT binary patch literal 1001718 zcmX6^2{csi`@eS<#y>;F5sq~${-}&Ej?z!hY?{lB!^L*ZW-}j#TSle1*asGK=9{3CR{{sgA1OU(i00aOi z0{|KTPym1g03uo$jYJ^<1Ob5n5dS-I2qb_yk|_hq%4h&V1Q1$iWdsThAd!e8T_gfP zYax_zM-l`Ig+d^3NF?&;iqbmLN8)fU074l+d&LG200c6Ccr>bvQ&z^gptQ8mp8aQ%~Kpxq_p_P%bv7rH>E;s_3NF>IF5&@(O0)Yw$aLG#aLZcC0 zE=NWXS)nej99>nPJB?2lX@LG-_|qnM8X4k%7^smKZ_Nc0K_z!8b)y5dkA5sf&i2ykQyNyMSF z0&quua9&4ca#1EAj2^_T_Q15IX09)3_xoU z0UQz8QJmOO9DpMn#epnHBobYa%16}&Tw+7Da4yK+;@GCF09q^#O+duP5&}Y%vl0mb zvABi0L=+A{69HwHBi8^i0O1vj!UX^>E~wtRP-P;57>Ys@0I$#^4iJ?Iz-~vDG7ji% zqItQX3yQt8aEQ8!SR?{P3`HD~f;m;dT(8T@B8Fz+);qFBJF*r!vW_Yg8>XTR&3%S;yS1!zm+ocSp6*$Ri3ecYAkt>zK@5CUca@++{Ksn9Ox1 zbBf745_aH@;#5Au>!?;okRMU_h}=gcJAw_6W^y=Mx}Gp6I9Y0IV4xtA2}u8j!Po#M zp!UDX@xN&TAeaD%5Lb%2CZ(sk56qZ1lyy^~zqY^9_oNAmLOP)z2Ao-nsRHujpN4o-YkoY+*|ciZZ$AKySf(hN^m0+nQ4 z(Qhg|o`(L5*Hg?WVhJl)YI{~UTb48sg5jz1Xns7y=wkQ{^JI=M9?|r3(}_-0ZGpJ+>uDECJ{p^TI4weLs6AI1`PGJ7 zQS)B`b425f8fZ#>Q~kujR1*xPw@0UsM7{j^_u!Ze<;1g&zK4*w3&LOt+02aV2HjsO z=(7is^NcsR&3iB zgkME+l?cRTTFmkNJfoO{6HrYZw6t)z6pAg}Y2S5-0hHP;RqF7`b${>V-NL1uX(&L& z&<)PMsclGTUz(e9aua+|VYZ@RHzS#KNBLuy_-XwB#mY>!N%>2A(rJOn;FI7MB zclIVbMHb7MUOnBH8+7b|P2yLIzTo)HT(+#)qM!f_h|J+ebh z%`7*UdOmkfrc7kX`mrOpxUVJiLDUAb$W&z`NFF5we?>D{tWNA8w$ z&XnQ<)93`Xo<-@`l{V-P3n-5r;4hOV->N% z|IAHK1IJ;)7YyvA@$ipxe18I5UKIxhojIK8H#O$XaD$oM)G8hkV%r>$3Mb^B891Y{ z#IW<*x}Kj|S1Fy28<9nQLzvrCv36DGcayH4|Ewbk8F#wdw#XF_QIzLw)76jalM#x{ zNHzFrV{9V+COm};bq1NfgTWsCRItX67S8~+Nvwb4#~U4u_X_TUwsn8 zK$8BX$mW6EG7>cR7Q?jsT;0kJdu5|RGVP(HPSvRl%BSfqT|57F!-DIoF5rZKan%3k!guadFVb3<-k(|j4pZV zij(W9YnD~45U@A*^kj&ZkD_9E^yfNfi&sjx(N$=yU%P4Q5$$#?9J8t!nY-!$9z9f(}1W6P9Ir7Q0wzDmq ztl@djeia(_dptu!>l`=T9a;`RDt2;0dXv1gZ-{v8EPLdfHv2duYWb3LhZ8K$8iJ_cBe%$i8AbCuAp&Oa{_r}7WJS;!+3~4d1-cZdeWyIu|q*lDW!zW zT>{H}$h{{zR^4C!5k}(^hQ8eWnDw6?yZ$+bVE^HF?bp|0@Xl%P$ug5zo^46_OSf)r z5;#ph4rRt}ftvOtIBzmUaLXxOb7m3Yj4)nGKXnjo)WXTHL0Gx{@u1&aazTp>AcPtK zjg&=p)PQM)=Ie8Qzb<`Wv?efT2t1b%ynukDOZTs3kFNHKe7-SSkwt*V1Yx`(_|j~c z3vw^Dc;PZccP&t`A<>l{5r}5V!*H>;l2dL&$KvA8kf9&?k^}~ls zMvcSYTPMt>gC_`~5c zgBzuHQNcfgsl$3I>Wm}?gf&OT=|^9*V(DxlyJF+H5v<~IFm`&X?jBr_9xCW@R%j#1 zCC$vaFE|(gIglVPgK}~&?cz8*2Adv(rJ_g)3N{If9tr9;$(r#(Z`OIS7$_ifO~vY1f3IL}Acj9QN)a>&uO-^GfMAS-}f730e*5-81PL@j|yZ zj@?n>$H^EDE`eXVk>R|o$xi64lQJ)*c~@3>{*bO5Mn&<;@K!>AVl31Kura3})1@cn zu%@yDthlJFlX*~{TXuDbYa=b8kFn$?56bD_EaxGOHf?Vw5@84JRla&m||9^Zlf=nT;cHnN>D3mxXlJgwFb)k5v*AJ!}xI zGakyuv`NL0Q!UYfrV&!_^kzH9y-Suk6lQ{zy?EKGu)_wpbu$|k+L z^_)j~b`m!KvPZtqZ{B3a32|p4grK5-F%}Z-#i6C4wSQ|BCG9xQ_QE+ZcoD=ef-3ae z^7tEY%vCI!Wpa-*1;>?_$0BVNjh~H|N87L?L4GNcW{MIs8$ zkpO@D3yuP^eS!RFa@+)Kz8@~1By!8Mk=0*DG;ql*g$leyTdz|1FE0t-RuVZr?q=x@ zu~~%U$uM~g^fE3QiU9tj>UV|MAN(Di*Ed>;3C!BCRV;HswrYud#xlf zj*#Xe!)!l+vPc+y&mW7q!5paKSp?;ru1+PunnG(^yeMOXi3eTTN7)AmO6Tz%MSsYFX>-36O8w~{y z{H*R~BeUvHZPp;(!_9=iHABeSrP8g?+U8W++K6EYRfUz zq6@fHFX*5Pa4&YagB89&HvKT5O-#_Zo@_E%;Gf#;4f-sC@|P1PP`;e&7YM zwQsm*+hX(X_LZ|ReI{f0z`h6D@%k{lhih|SN;DshqG}rqj=OhRm5n3GtP@EfPYEKE z1ad{dT%BqKM@L0+`dt4F@{lJ&+9&)Zng+s}rtBj?zVUIsJb2UdQE%TV zuboj*uA$MvN1P3_oQqR>oYM!F+St)>0=fU3(|MWU#M5F0{H*V!6reVl2#ye#P2I57 zI5?pO4qko7QT+PP_FUpWib+I`%mL+($P5ZUBiSw17V=i?36MKK(>gknqYes<50)Md z7SvC9U+(+Bm%kxTSWV?Sky;%Czv+9 ziw_C9Tt3f4bVeXYdFN;1N9S<=R%2e&G3pjM#;9EXEqat*=9iS4f*^1t#ISc%-)Lo-o~rBi`Fj_wMlRp()`=`)gsd#Y|cCQ99YISGGjoEtzJ|^z4iQW z(Q&-q`#;5c2s?sLFq@izD@!{gIT}HN@{aUi)IRBKuW!F!znDC`6!Gao?$Ce3Rs0Vg zu;Vv8_deZ4?%0yxW~6q=oeg&Y8Z*9eYj^v*F_~5jCul%SN;hX!TOebb@r#@Hk{jGT zZ{9Cm>n+*h8H3a2w~QX35P3WmW>G=1$al`4Ux|&%IPFCMb7t-ZZ>{0Q>f7fRX8ZlN zd3nZ4N3vm7VD2Ff-BI!iH(1o-QDrH_e1aTDsRVXcFwL{{pK;|cZvAR=i)C*AYRtw?iU@s z-xpz5$h6-fQ@Q^qo#NBSx!hOs)B!DsI7)Sx_NchWs2Fy9|; z#iwBJl`jqLzRD&YmohyV&^6?YGFXcmpV%K2!(lAKXV3&H{GnKBP-ST6=aY|xH9X|Q zo^_{khsal)nQJyjv`V-3q$c+63UVg=FkE``?#roHsN%yV2xHH`CsR-}=)=s{m7YZO z@hYF$Z)ZmGjFe^=gt1RtFgJyyr_yGrSGhF<_7C#Sta9o_2He?PelThIa>t9ZmG@lC(4!rv z>7B$jhoX`Cu#;adD<*+oKFPFR2?C%3QFsW4Zj=_H`rG!?>Z=DkSr~!$^s-D$qmw=; zcU8Ulnky9{mlegq)^hzq?M6#pxJ^K-90?dwSc?hB4Ds?y7ZRN{-*WM zR*huK+*ZxEx8~Q>eoT9R>1dY8dz^{bU?*T&i)U&dAA7!f4a4LX;MYPL(?@91eXg;i zBce_j1eP3rc4=7|pT(Z6u?CE6rs;NrIUjUj@3rZP0HAyxV#8E#fv?*1-gJ0$W3U<( z=d$)@T}FBZXJ^<8$#TFh;@Mp;A4b=5y<|V_B= zYr_i91ul4W73XC+K(8@6DTB#MP|x7|zV=iultAb0>g=%UTuq@2G*wgW{f%cdnEbwM z#-XwBJYNDo8&>Rm-f5^<PD3OO*_r`!8S)|pG;vqYqlP4O+7vqBk%5^k=={;DmdXTGOLQ>jG$M9H+0fjUk;Qn%pN4| zaF*6q@4U`Y<3rEK;Z!cRfC3U8C zkGr7PAMQTaKEBKy+%Z$HryD5)eZD4p;g!bSjWSlvs%>u%b*6VhR2RpCI!Y+Ku{?uf z;Y3Ggwmv&quChOJ0#Oxh*b$=1<-o&n`!(HJ~r}%dJ!=7c}T}X{idi z-WR)~IP%TH=FWN8Fso(Z6TzQo2*&{gCPX(|XYQy&-V7_S3)h%&S-2Fh6mu>Q6~d7s z^-lCj8^vRHGze4Y%ztOyiTWpHXQmdeZ7Awq((jAt`WsX%-|&PNsz|21u0{)8dla}6_wLv>UJN92jJ5JzIW${>y`L@Wq1NyrF$?Q50IllHmnNy&`!kG-1XE-$u;VJ-{Vx?@^f-L zH?&nI>Xe?c4hs-aat$LLX=RU-bI82!(X`G>Vb3p@kcEFv&xBu4wxfN$FRS|3?~C4| z4xA#xYxHY&Bmq|NRb0jhH#a-^pVKp^oj_A_;p*hBM)s$^3>HxpxO!e$OM8w*DsK_H zLU2I#agqBqj`Au96@%;tULFqvEY(v%Hn$HTB+inQy5)EB&g^_-)+^N+Gc^)|KUnQ_ zf|{o${nxoG8-grm)Y?UY_$7s{lU*gR*^>yaC~AzNav?mB1f>Lx^N zy7xDORUglyAm@7f3C;4HR`C+o#j4vXrjKZM$U)C;ZM6y^Ij(Nn3!(sJPWJe(&ULCQ zh>5~>>-w$;R^`apNZg}>2S3m8 z<=arC7EVl`O3P8;ES2%7nt!hbF;R`ZUTGv~ul*P+o^m?pdAuFWM? zS6ARH@x;dcCW@K^X4tRAh{A<%uMFN}z~oFqh>2yBqm#6%oYX+g*4u+2?9YmJ7dcTd zVum}*!wqbpt18D$bI)mQ=7~17uu}g=vIPE}!rwJv(v0eNN4t5&!1K{u*PN|-epAhahQsn5)z`5L&BWrzIbL`_$$g1Ed_wVC^L>IGW7iMKPjqm z_C6R!>Us(1+dxclAg4JQHFT0YPRW^gFk2?K`!3_31h$iw_VGgB^Bd2C;=4zae`KM0 z*#k+Snv&!6?Lh2qDesg*kvWTtE$Yjq$VEkQtWR$3vx|ex_yOA~>P@i+F!>Fkk&on9 z)qxR&RqM?p?eXPZN5UtgUl49T;Joek_>ECn&dUc>hwUlvAFPdJg~q(<`)?k<`ftkc z3hR%!$BD3Q|5qQ!7MKs#o_*K%n4R(>;y!qpVO&>$^ zWW1kNyMR{%crUOF1}C+*bdCEaI#bv=8aQMy`jsQ+Bte^*C$G&vI^cymPTRcJ#cevA z`;yODEekw2%~@@JCy^hVu@hDl6`lQVK%O%^;obUS&V+pccKjjZvXRmC@p~4wC2C|) z$O+W2WY@uE!km~!%qj`BB#v-hROY8YId4Eq^m$)HIV`N2Cwql%>*9$pA<1(x5qGs|0v zI}elM)su7owqe=*pD?PQznyDqh29w zIbH;tg;KkeEXXD1Hze!~_`dO}FX_I0p&a-dtnxO2M3J@k0Av)WPW~;9@f1x|&zsEd zIVdJXpmlnjVLXyzqK2K9Z5TthOKlX zQ*GlG+ykh?;GTC|yj;oMrcoVxC^B>^JF?f=!Y0MFH{pW3UiP4>(-D=`P<_Q*`c zfTi?l$rpoN_y0m)Zc>hsg>*eT>}H@yBvgD6s-r8;-9U*>F;7m!1FDsV0@y3xt(b56 zB0eB+`-X0{_uijo6k4z~$UtY>1OmL3Lh|z6t1$^9MeeOnXQH`PtH~mTU5JhB&*oy+ zVy|)ym_B<$5Fen@Ty0W~hozF5;B@0(i5$;80A2dP)gEi&Us?RtfZ8e~Prz0YgVgis z=$(NoD&coFA@GdBnY%fxb>?$7Ox}+Vy2t7P{PHEn&@w$DnAc3i*(gr*W5|ke<YoeXKD_#k>P5AC-Z6-NeUCu_4t)Bj!_*!RW`>gM~?s2v6 z=HHEP^TgvGEONs$fb4xh(1{Y60JRHwq3i}fen^oTrwWs)1{hdb z`LdUbM^9Wku!dqK|A2+;I#KjiGWEg54%-VVE|W#}V?`#iH#26$9qg7~vnIAT1X7co z;i6xk)pdfRdt{k-sx$)1(=dfoCnKWzQ)FmNIA-#l1x<60O!|Sv%4=~aI$dJ3G?cfz ztwTNcTd08OA{#z%jElyLfQCtc&%aU&WG0?(Q~H*x1iOX9UiFEZU!xblPhvMDlZ=oNqJYvHS`TO^sU_% z-vlaWNIcG=dJfEcMx_KOr6~cd%qS(67S+z$JN@o?5J604#t#P``qY9erR|xoat0t6 z?A>lM4oA4tW?#q-8kOcbd0v;7ZN1trK|u#o(DAgwo7ejyKyya*1-`d&BT3b}CewWHelWx*LA2vxEq~wh&!qYe zqRndv^qIV7sPu8hN zHm3K)xeqfxX}M_2Wy<`|#mhFrE3CbHL{~<2$VhdS*ZxN>Y8} z;aoyXN@RFK5)@ttuDLD2<7e32D6$(C{)s8_)u8wuV7}pY>K~PDWJj*x#R#_4(j)uk3#Vj=byC&SKY0je$bo|D_skC{f{;dUjcYm zf}PEwrYo@IlX`wD7a~p@OgE~Y@J)UQ70-ZujDuMtSAARI(F^nEOjEt%;pe&ipUBgM zG5|Tu{DS>bh9yLKF|brxB#u*0mkf1W zJewO-6uAgbV;uM|-dBOB$HPp121PBT&coAVEipDbrmPh>#s-Ms~0P9jyww&lGk72%~dP_1n=-0otU`N>P;N$j<`7pEDOIo4Hep3TJ*_rp0rJwm*k9 zDs1wuw}(sT7hk(?x2@xU162tl4zR)sv(ILS3@5)Ia$oW0cv&fEopAv1-`{LVP5byG z$hR=nCyK_8nB(`@sq~{Nk^&QQcOY15y(xrEld?TUSsM!!^#DZ=wxrR5bqX{#JoR(L zg3w~7+&bG9i??umv~^VEM(OVJTe{9wYql#JoOwK7f{w|~Eeo1S$KAMg-zeyZUv{}3 zr=mw6;2-{LEZr7;x(9Rm?5&l*FJp#o&Ewopv(QP}N-Wl>rF%jVT--~riz&<#SnyLH zC?E+CqUIhXL#{lEVC(mjkc8+WVdhGcPzh>Y_mIvU zh#xoevy=AHl7N&Wo1rt%Gy0q=7rRd$izhe>q#S!;I79s?5%snd&YWb~I*Eci$HOHt zTe@dyir7pD5+;hDnMtNzVM#fAaY+(EWy7R=HaP*uwy>cfJV0u8D}pi&|CZ{+Q<|MDnexYQ-d3bMA`p6ANJ`k3sX` z?LJZ*?Nt29V=j%t^)gCO$UEO=R=)|q6leS=%Xs*-294)j;6tI58SVs8Ov-~~hiVoG zPs69rmNa-Furs!1|L7-lC#CdsbkySw2{bkOVF%|o@~9;JVqPTzDtmiXb_cF}YYQ~n@mUN7{%DHw$X4Q$Rz zZp2k8P-T%RU?JFXEa74EryI;E=?owvA|b}^a3Oi7z4Fy!?q?6b$mm~Zl_Mz^*nn7BQn4AdX;uUPVdYZ`-lG#(;cQ6yDzXd@fhxF& zBNt`*vPBJIwl}`Y4&(@#vyhxpvhRDh1eFx7^^MkfE{d06;~uW5THTK?NYJL^DfjT{ zeCnYE8=QiYuGRSEr4SxD7P4q{s36yM11G;aAO)6#u4T#N4DtWjn=4@C1%y!aEw9RJ zrWyYLR|lKjpXh8UKiSdg19Dhjn=1XKav&@X7Q3qN#!|Hf#_CCQv$E0TqN?}P85)CTmv@bYBLWK8RrAU$1e}pysqC&H{l0ECDHBxT zSuI;hcbmLa4@Li3gA`%&B)5;CNqZi%i!G=yB>hSVfGYITM6p-|uxi{wpSk9cM>=ET z!%I!S{HNx9XfpeA5y+#P@k-_B%>yss)S{C)`2W!J-&$VE55bZ*ncnZ{Lf9l;JheqLqwUlx3?{_`1<|>P%Ai}M} zvAm^0`f2k-UWhQ4nuPTmhp=1Ew`k2)`EQ>niass_ji03OV2zz&s16zdijs2Gg`!m# z=|B0L_dX%MkNtORSh?ft9(#1o+q}SQqyH|)C?3E3tOF!by9$R=4aR7q`NwzPv4vPX zvEb6{zuC5)Q6EMBbS&%zbFt-)b9Em7Psa0U-aN9?4GD;yg;6zS3GuwP8;aT^XFJKA zPD1psd8~?UsZ)8g$uNZU5`o98OQ=~%T5g2FY94qzQTC~e@5>ewOln=A4ffO@?3r|l z|9USIs|kl2?lcLDezp8f&vAuV$p}4)mZgzssxdlEHl9v)S0j~?ZZp)c22&o}PVnWD zG5}+GHb_UHf&>xzx&gdzPp7DdI%m0zJLf(l!6kG2t#P-OMQX92l-GvAUKvH11fCk? zO915JyQ1?F*_z7NAipNmGR}+HqY+QrO0}$bh=Jw8Lf_RVrPaC5L{X(4RS#9AUd?(` zks};oT_N9amC16v^&M+NGep0&j5izEtAy&j>W6$PGK%Qee?F1rMa~m^jaHDjH=E^x zDQAK6ul6$@IMgcf*-J9ARz~*t47QODhqko88wx$bumDzzK)XPhNtDTKOY&y6jSP`Pv;zNWbC&s|#WE}ad10?o$-=qIU-U-d+(EF; zbIBX*|*f#5aOlP6TaFVzc?dxK4vrqe+b5T zHBjRX6>3Vux2ULYcr_mq=KgOR-_$xa5%a@B*M=ZvHAAr3U#{=@a9@0W>;1H(j`&)u zdgQP_ckJ6ABB2bh^FOZw2D^TKa3P-S;QCBy(Ngio`BMVHEU&Ig_hl4R+Pl1dYO&)I zq-_aRkMEs2KG~kzw9Yli$_XM&-!iyDM}w_ApXAJT-E8iw_;Puz$opb-x5V@LdR%K6 z3tt^Myep^1jVzNPlAYe#qaq^ePM0#+@8mkG^59O<-xGaS!pYVRE{g5w+0U1xU%WSY z!sOSp8#2wgO;%T^mNE_#T`O+s6Q8KGOvrO@s&W(f)}fh4`!Ml)+U?bh66=+zvfR1% zw_08gP*64i%d3E=DwQr^&$b?v_0tf)1s43Hq=w_XJJ=?k8_6ZGmx}5E*!UYB87Dfu z-YuPZ;rQWfd~JNu!|Q!)m*`F}!VfiSGY4v`BYKqV2TnWp=!?H=wZf*Tt;)RnAvzOm zZB$Sf_+eM*aU}}FRoEqPa#KB#s^k}QoRKD5&2aNxSQlS+qT&jP@T75`!b$5To1oSa zF%7;VL3AA_ZfVr$d$HnXk|Yn>KNG(};UD?2{00lK-m{g@&d0Fm9VWa-Di_dCGYtsu zlSptynT=X_b4f->CH`hj z2)WaWjA0F`CiIrlsSnAPQNagPE*TPBOl^^kok0*OzNzeMJ=WEsp=0O^Y(H8efvf{a z_N((xd&l{EB>|8f&4B-x+M>JAyexUxkg84ktHU}F+G?wsDO*gQc;Z{-8A0$S4!;=q zuA!~pu#|gYC=)cVfX-_|JtFz7Rcc;%E~z)28xCbTn!&l~WqcE!n^yxX(ys4!f|xs%6Pz zs^8N~Z%9i2`v67cVNO>l`qn~_5b^h1@8ZIm>LcqvS4h?W4SU=C#_QLgcNe|iT}!(! z_NHRxRV>M&Jov1VZUb$uP5NK{Bbk)U^g9?{UDaR{DceHJJks`4HW$<0SR1zDu{=m+L(mVM!CUpva0ZEZw;$ z8c3{CyUiO*`Y-P zM;R`v)3TNscSWbd*gSVzry^h3;Ma7eF;3;_6~1LAz(>cY1xl-S1qc}eEKx#P|H#0! z444XXZ!Bx{Taq}9b{(W&qgRDMsW+I#D0k|if0&HMJga#ttcqO9nK zEFDYcKR7KEK+YDCBOLmuJ6gkS9Lyu-PwH1dBG*K8OP=pIE62Nj$%lFkm07FE>IBdv z0-%O;b8EvDouQk!0`m&n72VuGJMCrNYJv#aM|WS||M@ERO`yX%gl83ytp=5^iu-K5 z#Xgh$vqzQ~xqoV4)L8`-QDQ*i8LKr+EAb5q6ki#N1z>;xSfk(u!4o85BEg-UXyVD~ zs)$RKIk*aBHmK!NVVMT?+Va!kR*VjkFf8u&+49R@64IV`vs9S0ft2s>2pQO$bDv+~ zVDa$pTGg=#P<~75miPO8hro^(SXh1Qc$5Fn`Q@f9Mbs7WT`@?0!Rna5Ao@H6gMkgx0{k6$+L5ug&Mg@$#pl^-w<(GtZ-JU zaI20EP%4THj@FlLpYV^QpnWm}&tK@yEDyeVN%mr2AZ{!eQ6jg1FFtVyh>814kxpIv zqjdMEhtSb_xEEyi`G5pKljzRtMGEN~v-oxevjc*Nec8Q3ya*?$%oR`RW4T=#dRxJ1 zkJLjg1v#@jRXj+^;Mu5vMV2o4v{Kq5!~5dR@{&RH`w}8Idhcr4%If`upr@6|^UD5@ zg0tS!<=64uKPVCv_>*KyMcp^2_VBCXD&-1WM+xs@q&d03mVL6o%K#y6_Nq{pHXB~< zJqp=91N330pt@Kdu7^Fmnjz<7p%K#a#l}oiJNRfRh$`rsT3XO5Ta);?Wz|>tsFYUZ zUhRVmw=$INn7?gfx~L;p+o&D(R5A$n2aQmN@WAYUi{lmL-i>Uha}+2BJsSKAw`!G< zpFd>q##6p-j1RD*5jJLbbap9|cu=UpM!idKlHXncgM+p|hk=+vRBzfV?wB=pH@IW)breh%{K{eKU; zh@zP?s8WEkkECR@M-W#<9XcK#lON#Y<2W+5{kJ!@)l4I< zmF+(?3m+!rY?Fsb_-+t+DO5l`y$My#T~KrV(Z37wZMI!+-Rl7xs@ymr?xSc>0G&xw zH*7NRG27lX6_u2HFk3E<@S>+ShU~FxW{!nm`_S|6H$N=z$ml;FcthI1eoD3wI{-Th;XhKw;^m2>7tw@q4o=s$(X*-zcN-<-&yqyGAA4vet4N<>A-PAvHek2GB=NLt3~|`n3bs z@qU@RU$_&~cxYB~$6^R*bsLXH?CU;v4e0hwnqYS~j%5B`^b>BT+lXPVT+56R4qHuq zs4Xw1^&|CAbi*nDCd5v?rdYW3ou@2WyN$H*x8E0rG zl5-4WN8g_29LB8lJs4GK46HN{NFwMTi!tCSFl&5>y%zgVqnp2?Q>PtjG7dFvjj2dg z7e2euqh04E`AMbwsp*SvFrKqJ&FWvcn);qgpPQ9G_xr9A{l3gmpV~{3@>_^)+@67{ zrX2ZGwtJySD;^yWIFy0t*PQcm8mG`@I%1VJwKw$a+<%v!CnoBEX+3sdp4Dj3Xhq#d z12p6DZo{*_UZQ7Bzl3(XZ~JrTsoriZ;#2G%leW={v*w!h)l+nRtcB=gM$d;nkgA7B z5t_2n#!FqAQhnEX0&OqTi*)*VMoK4@9G~(TKSEmG3UmOt?a97IjT0=vn_OS5xAme= zGy(z?(Q4?CGvmecMj6pM&F028z8MMV!zQ;(c;bYtoBjXlApS^OnxgZbxfeh8k1aAd z_d`s=GpVL*QP!JO{derBl^4r!~otAN0-0jvObF1ha=BCw=bN7 z)`x`0x>XI!TVMg~0ltiY4Xyplr{E9sWAWXRJ`nH?P!FJ23PrE)A_pN8P_0C;OVH$#a7+AIMYGtyErQ zMxA5-_)Hh}RGx@S> z^7e&|do%YDdb)Ff!SqkkEVxv@zoqZ5vdTT6-!4ZZVI`c z1_XJ%!I(GUNCTk^&rI6-!Sj{sK_(rtvI)c@tD= z8425ks^O6uv5kX?U4scYKyyJNsa3u26<8UfG5#~I^-#6XZjo69`1a=@pGbQkKOk-d zCrAIVlk-0n(U>v{xlY@d!`V32S@Fbq0ngDWTud9_kEU7 zuU93~rY)stn_6j`vAPoZ#~cIqzU)nxFn#G#+32)vburF#3c3qg{HkU<-|ZLk{q=YL z0>m#_`~Z`%ZXH%pE|E1R&|l|krE)y0K(XVMBwJ7ZbH6+zd)k^g@5c2>QQ4gL#-)D9 z@0ayD#+;P`m4DIM^aP|6j$F9Dt}i9Iq5HHU5lJL(giCM%4j@Lm-P=bgBYtmu zpdH@jCQ6J-skDo^OkDw_rWImnCYaqyMe#_waGd_*(krbB#t-kRY`gqW|p6y zgtjdjEAB2tU6h7?YX8h0lPD6TxHIB=_r-^9!zomNXm(JQSBr>%a_C5w59^nqS;2vP z8?IK~yxllcRmIg&%OM|TH;-KN`=^>OE9S5jaAda99+_M|N+PA6cd$WNF4?sWBlYlV zAIioLz-y43v*oQk{|g&yHT+FuG}cX4=s_DSC?u2FW@UQF+nH+dTfC-I1H9(Rf9Rm%2LE7_|?QIXTi(uG8b6RjxD`vd)EBwhx^1tiXH+ zuQVRXynnXZBM9WjBG^@`qv6gDyXE_2;8Mj~8T> zME@qdRYRVPQZYTWy9CHwUg6OY9?!yLdWmMtGLyqOXeDJ?>P55R4?8x=oL^C;cLosW zI+^Hogon-8Hw`F*RLa!qy9N6e^Y^Zk=DPM}fvL25yrC|yI7BNxQI`1kre$vmHE*-~ zR_B#D93M7xnsC)G5-g_uvn_L+n)wXw?F5b8X}!+9$5mMnaQZ6f9`aYfZ|S7+3ku;g zB!2}fCDL!Igsi^dR5>AuHLVakDz?Uk8~=GC(3YW}pmLW7L~MirlkHro9z_mo$=cz- zT=#XtXztU@X@w?AFBq|&W+uIk)q2ePq{_gmV=XT;sm8x>I%2(WCphBGh`*bDf`R6w zMu$!dcI7NllHT@n?i-c6?I%1eSsaFS-en)3Q<#P}XdCUtJ+la#k9p*-byc^XLOYa}TA?qqk&jM#gV8CVhbK^o&|C;J$9Mc%HGQ%v`pR*#Fh|%;~t_hyBaFDVlc+ zmG3g%xh^HaPN?o`aSQ0pO(zeQ(?wfoa9oU0+#uRxgM9+yW%0MvL+)q_bVUM?pKu~y z4Ttf2x;muBICnp-)c5pnsDrOYS$EGl>)$Idk@lw0lA+P>FRvIKtnM&Z=z&nM4U?sP zK`%xlk5_YxQ)_dhy3Z?Uv$++gclny->*hS*p`^;YLe23nQ%!=bn4g&HBq_bJv|P#V zCD&UYVQiy^X{B-H+-pC|H&$V#kNTym^EW$CD`c3wBY6n+Y0vF;7-sahj!s)77u8ZJ z|G|$1YX1(+J9zt4(zOm_2Ru$@V>&&pS6W%J;{=t)wgkZ|KMJM5%VcitO4p}# zv)LN%DFW=dFHNwq$aA1jSSX0<=#5(O#JmW#AD&~Ta+$nn?wOh~#*8%y3{coB>6$sT zFs~+e6Fg)soQk#D(Z^8CgqEeWv9w>DV5-<#9dzhKLIP}^4$ByPSEHY(XOY%)8`L*< z`6C4j_z}UY3?_6Zi6UHFDe4=s4DT@duI&O#QD13O`Umu>h&^_X*iYNDjLDHI=W!&e z!fwCDKiR6ZgG!@+h%!5FCk?U{51bqMziQ~n71Xe=L-dn;%bHl zu_it(W1)7zEZbLT5*fnYrP|Si z#<}2@U-PqS*M(CwHk?pDZQqAcE<%-j;z*8&ZPJV0b=AoMa5CPp^gugheqFdsef2(+2 z3BAqt8$Ed6QU~_A+WzLeDkxJ4%U@t{Bd;92qd**FOgs6Cti8oF{!NFGaPrTI?&Eqz zkh4R`Ft4v+@x{jv5=@z+R03ZSSt}4M%5sRasz0L-wEI8qltCJ3Hr}XFGjHW0 zMO~>Ln$9310Quwnw27ob;(o-mgeOG zJa{*MqXN=1?TPe=a}iaD(Ba5$*?wTZ>jf&;f(Z~;|uQEBf>Js?fV0r-3Hbc4zkiDDv{Vt{K05;@G!dOE`tc1Ft z5c%gKSl54J1dY1}=`+3;=Z{~5(!{KQ3|4r?z6EmE2_1-pG%pY?dT8qbqzoM+Ck8G| zxSg2Yy5|nhcKzffh_&xNmB|k}IoFqso&=}!{4_YOX!6g!f6G^tyTZZ@x#uC9+dtb68U@y5v6LJ5_u^MdX;wCdj z8UZmx9Lxt#(T^Y@wtX8rmzrq<{DjLaVZDr8DYwpL__5Rjj(%jx9uJNYD;oSHlmXc z3GDqcI7hs#l||-u2-qM1Hm1*&W4z(D$aQN>bc{fvuJokKRjg*`^YD8yEAQitd-NnNrptiPuzfM5@18B7S?MdXhq=<Jdd<_ukkIs zFDkN$GaS7wi;=UsP8QUj*>d^*y>_BXyr0YE79xs=q59lx<^HmBk_HQs#%tp|X;Qpa z+ymS1er4WuAvvooqooU_B=equvboiYd%`m7gR$jwkR^&C3v4M-ltGHB6jiL^Pqs#@ z=*%~=eqc>SM8Mr>r6yU9m&ASXP$TrMUl!7TY2kp*FwrUIEi-nTySVV&r7dL8t-~IXO6B~xlcEc?$4z1+l984FA4lk z5d15N>2im0;NerQu-{&!Hbn3zeuhB+Wh@;qahU=~N6hZb5H{VItE9X3DW|>wB79uM z)GEXq>FApF;2s#|o=_Ga94MfAG)Uxl!kAr6$T6iW!M({&gG_Jj+jj{usm`FuVi7|> zJ%4VE1iQz2DwZ_;BvY|dtGg}ER93VFb1p&dn5vFHemNq!C|Yhjop3HZlOQsuN3G%t z#kxXir4)pQVQU!8t@(#WR%Qh`iaQs837Dj~tBy60Q36QPCao)}Nvm?f^Waif-@;DV z-KRUDPw#xk=CN#~;ZszzN~6CYga$GVl&yT}tGrpUioj|RUVG-cooWE`o z^ZGTvgdd%51r3#_8*eV08xJqU!5k_y-pO?SZ8TArQOH75U-Oqk^=Ql}be9Kg5OE~LatqCl23mvc{XP;oj=LG!d?|aK}pCX81Q%zU5_-tfUSS?iNi&C!-h0AJRN>?x~O6 zlYC4_Qqj|+jErvdGC%mFA~3h5|7;U!5b++>S4u`{TmmhI_Ge=2_J#j9{igG)_>ObdN3PJ`?P(a7;-} zk~=xg=6?Y&0N;_nZAu7#HKr7Chc9k6;0{CJzh&T0 zrrI!S+;i6N3B#ZHz5ue0z3%NjLSE4E8N_mvFgw)Fj!y`yVcJ;e3k@Un@I5Vf#c7TO zE+bf4cnZ=Zf$Hgn)h&hLsJGQ<%={ms2ut{!`*1(l6#E{d*{f`1)dGgF%6w*&D@VGmOrtv`d zjDh(VedV6q<2;z3UCcW)Ip}BhEk%=;@(<-|FeJlIwOK+0(B!5?R!I1N7KV9-33<}@ zLM^$N<1zWZ!?aC%K3R-_PCMRaBK-u$c&Kao{x6m@K4k4M^Zkvz?T}9sg$CA4Np+V> zm2rMAs-hYc@2OKlC&!#r4wQu>kjyvDSE8&Pn9}QbQYH*N`HTK|2KDL!(&FEArWpDH zfQh_Y_Vb=HF_y*(lnLyM`QMF3$;S1xt7OA*Alt192Blls`-Em7Bljk)-$uS7?Io6_ zD%^vO?e&0{M)e~l)@z+;DF&#tG9hq*SLLYiHpZTv^B7NO?l88_94 za;zek2c^J>VqJnmipxHIBzpDiM>VrOXN3d(TW^ut%|vEBus zs)~QPQ0e-UiVjgWbvEN$agPa)dYgI;eU|72< zT6LAG7gMVZN4Q3+c-P0m=eM{jYm1v%BK!qxXJa}VYq|P7J0uVM{OY)j+>;aGb#c*5 z|NUWL-e*`rF@^2Zr)~cJG}`sY9OjA<;c#lm$!mB=d@c`Y{PK&^uO!J$7)pYN$ts3y zR4`0N_ue`pxfc9F=fc8dSwZpkH~fc1%M;~PPcEP_hV`KmvSq6;l&!yKYw{1WKgxIC z1jz?C;ofd{T!*-AmBg9~(Hd5;(zDh+j^cNE6GcD5RyH-YL$g1`(vJK6vUC6CJ<>s%Rn{HqZA6aW)KhY3TNT=X-AJhL24?D4o2=HYv}(61?5|MSI{ety&7p^z(_C zahnW`1Z^YFP>2tYhr2(UGBSb-d4Y6^j!yX-GdHQiG_=nehGAmcr$4%#_h=jwAR@hf>I`o89WwXMWq0-sDd2pmXy8A6| z>*d7)xMD#S^MUdK$Q`%+Y+>6_+j?QJ^r*bTa-U;!XMA6E_mu=Q9d1|iNq?u~>CXqu zpV%k$+1t|Hkali`%BLo2OG;BUH^+fuH}F6p_9t!ZJ?{hDmw47%F4i#&+kacFAp@QN z9M`XZmN6wiVASAv73I1Cy)95$te%U5+C0>;#Ms|_YqtIy2`_yAAP4sH!G{nvL?ZFS z&aGozZEL3%@~@M5teeQq9r|4*x|a2mcIH$63ECSxYs{_xPhY3z&S_0qe}Bx%^2cZI z;uuO>2~ODB)~YlhtLnm^srfj5JACyEHRKTH$FxfSw}*2tfj`1AEV;lx&FSmmT=ZdF zOn3K>%>Sd`bE0?S`f5KU&iZmwz9R80>OIfXt-Q92TaRF>!(ghsZ_3wNfCGz{c2rcY=BIEfxjYNiY;prmESo+7OqV^i2r{6cbo9(6Rwu_M^iL1W&hZWItN93_crrbr-U3PH!iw5Mq&FXD!U1Rur%_ zwx51P$;xX;MSEnN`sx-as%51z+h-n+y^q1+aHp$Hj*UTN%H5wfy8NYi0j~395C2>L zCE}y3z^+JBR8y>%%4|f(r>*qpzfzCT3|>p&zSm1N3N8V@@Bco`5isudeN*dMLV3Ji zW6Ou^p0z;h*%#wNEVaD0z;UqEb#~-1I4?p1zu#dE>iz}F3YlDtCCD8LX2Zg4T=d!X`8~PE!d;5pQ=|si1gRnwKgW9& zA2w?*%bzqStw>+jlful-R^Pm}SYCnA^E`a-om;l}H=)`kD1G_3gnjgB_vjxc87qlbMddqcWm&0MbsWkd0iLnCMn}WBWzlD!73++?cF&UWcDH4}eV|#v_vNYG`0SeeCYw)-)XcF=n$%Xp!Esfc z8N@R#%y$MPT!5@K5J?W1DWqQto6)Lco8p=j;4g64s4q&F(C`t0gF>6CjByjqy?r)Y z)THeAQ4K0lt%>=;*ZeYpeNlHjL?4WG%m>eotT|xsO#v4rxt83sR z#yh?@fpIojzIa>ONEy|C-mxQpRL^(oDWE`J{z)8T-rJoZ@55(C0TuN*!~^EE-r-t_ z?Y20C=16qPix$d*5JHjWX*OokCBtX3eIgYZSac!>&12Lq zz$AbSK=wwcUXC|zDx?Vy%Xi}CS^BuIQ*EjGF^a&qv0PTP&^X7@|+kYXOCKdMWHo`*nJ#;zqZDhMFtxn|l%JXP2^ z$?FrzSUS->4%6?6ly-YoB}EK#5eTw{0538rHZK3z91S|ESKxuAte_uQg6gL#&H{-k z3L$*F{<@$7x7{vfs1J={z^f!x$U&IS2wxuDT=~GjaU|2tFs>$$U?lo@?>=E%BV96x zSX!{PmZ;z?nq{=7j1bG)uhWs#vjoA-r&N-R1H6LhN@saKpeKP&m*!MFBIaHuUEK3T zVVx3SY_rz!)Si_^_GPKDz@PneBPC!?#|D^B5SXHG6iX{z{R(R2OX&~MOk%316;bA9 z&w|h-bLgY_U!x#&g#eO`Mo*K>irF!SmV!rr-qEdIOVNAt8w6bxzxfA`=Z_QmR_H(b z)})+8QBXD`o%_NG!gc&2IsUZx(RP)&0GZNV5)03S%Q-5WuA;Ex;qcZ_Uf4&%>gGC? z-3uWOO+g@;>^TsDLu3cm>XhEGi(?#~+Lx#eOSDy!spP8g4-<`E6iIS(usrt-7C30+yrt!*qwnm85hZGw_*O6n+HnnumSP zx*GUwIr}!y5tin6Q}GrJX@8J~jf{a2LF%%v#dAo}u|%JAAM&l2CApeSWl z^}i9LmzNW~0N{W=eXiV7*F;L8O0#!9U=pf9|1e|sH=HIv4VLz48I2^@CdXJ0cY z15otku3kc=_TAM*5($F{(gqvZvW^Ymq!WGIBNF|45HtV&qQ%PDt?&e z^2vjh5Bd=L7wZ|JodL@@agob~LJ6pp5uQfJTWD$Hu4h`s9dj-sfUb9pAeD&^&g96# z?y%ZMc8|6crS+}I&~%s}v^Rt~I#=OzB>cr&Hl$)c>8#(Znt^a7aV7zl0g`V%KLw%u zxh&)@4zbhs+CDKfzwQ>D#nDx(2Cn~FgS{D|(oE^)MMw2dV9 zX)YnB;bSs(;LtTJtLl_Au68J7WT%*yM&-odc|G)q zws*mkc{6Idkc6biOor@WICFcIWAcYXQo}6E;~1&;YM9%+-#zyJ`nFBGej2)mg~dfK zQh-{gV2(J75S;<*tc5Bm$j^%oE+TK8B;h_h_aCKDyB4idP$dPJ!rHE{&r=joZ5zEX z3o{xa-Ju3?M0H^gQLjI&p*-j#x&Od!lV8ghC<0b9a(>1Y>Ewda{3@c$gfEV|L{^ z)b;BI3t>SKXo&a{CNEQ|{A;p5ijd=Dt#km$8hiNC-P`P&9*iqqvlqdIimm9isbYqY zxx(zsAlLWA>IHF&JTRL*aQ{?{2U+S#EM0Ma=1>0ct*^KQDL*f6?N9FFQ)c(E$!ueh zY^pwAO0$c_<-i2W67ooFl&QI*@2T;;>6FTq>JJxusLdl zB5EBEyYLx(QV?B~zHFv-Lr7##2g2xF$3&rc1Pw3qEUw#lY&vb=S`KBXy3YUU75+Y! zF2J|sZGv3#AuYBIDsv9BsIRcFC(V_UbM~g2VMzngqmviyITg73ykzTLlk6taP%POC zfQTeB*P#{<6;n(cXDvEyrjoD*fg_(mHe4K_71AJlJ()o}wL;6@D#rjCWF zorB5EAj79X4m5bQ9_n$9`fn68)Btcj2L_Wr!_EM-i6EEw)c-nByr+rf+68gHJ&{b@ z_!-FSb65g0n^0UAk0bpU4Ww-Yx*>pP1}t%q`s~vOoqRd6^<^b9^^{-14~d~qkqwv) z?>Zp)E)JZyP^}R~+SL{{f>UTA_n+AVcN#P@iO_QH0Ts%jH#WfA=Rh{eym@jGigJJh zpo!zWX>q0l`5Q=%gZWKUxQ>AAaL^|ViU6&UDP6@biMkctx`{=hBZn5P7^$R`7TWTb zPn#{Q5><>6!a|x#O&WI-j=04nKFc)JjUpuqFdwvyFBT#LAoE$sARUHK zrE1bN+P9(L6|NEvC>V2U4=2~nB$~zgD>%;q4@G)`C_s2QRBaFJ0RVF}n%iVT7)I@< zNcluFnNx=2bwtu%??q_&w>-sl>G!upF0{~^2}`F)v7$)t#p?=<3TH4Q3066X^7_BU zIc2>WDc;p3WaPqVut+9Y76+EWIyIQ9&>-M8bZ{&y`5)OHCZF~wib14g@3P_Gq64Y5 z8EG~V07vCfqe>;p%c(UB^8RoY<6a0H!XGvy1*7Y9{=A@-=%XdJB&SHx^OE+ucIuad z9~-!(l0kW}P%?>r`HfcnWH9CVwT3D;?{gMBtjQ)aQ~U?X4GI`dcoPt13l+ zj6|S$YM&iW)ec3Phi7S~;Gsc)NhOG?c0|`dIZ<9VR`*#;1c{lGq=^#X%1a~B@rWpBqq+E9NLu1nC#?jAzNY-F4D_Q$K zkw0%N(d}Ij6B(wBtd?qKMP7^an~RP=_pdgXK~BYuQw$?AA=w*DfI54C2f-gMc-#?5M^TB zHu3UC^1K1z zn2XmT&3qCqt=M20zl=pJuJMVZ5>9gfbF?#s`(kP z%vwB8L7eY*dZD7)GAz1qT#^*WwnB)W!Za-`p(rgfA(|dA4|KrnL_qm4l=;bG8yI9# zPRj0l-4<&$Y#q*eTN&br;>9c>OMHP{nM)#p6L;}UlGrDn7O-pGsQbpjsX<(eit|wlMni=SAe>PFv4gB_U~~-Mtm#iD(oXVW-e*FCHeEV=whQ`8+iFuK*=J6DR2jpCc z2(L52_yzVK+3wr*158Wz3%1KD90(0GQ8#7IY=(152Id6al*ju9xqRXvj^?J}5r?fK<8$a7uuG zHC0gW^%gD7A~lB!c_^ccVA4VZ%-M28gDsvlUOVYVY#(XC0?nQK}MhjfS6rQkU^jOF3P@FkCREjWHPBW zPEK}RSn)Jxhr0(s5{Ib>i37xq8sIGA>@21XDj~7=Q|-8TOQ^vNZhlTCt>QqWItRY} zMlrO_hyX%^S?E3s&-`$0cFbX104_az_g?<1ntK%6`$bTAY!_=^Vm|)Iny&N z1@EIX|54C<|Ap$x#o}+k*Vi!VIc9~@q?iZa+7^Bc!9NXW93`r?9;a-(wE@tX-0>^I z`Y&1Lx-V%LfHo$dGmG90FX|V`d}rhL=A~S+=VUWSb7kO|GO!@GVD<;ZY}-EX@qTm>?_mT zp9_NY3+R89>RUr?i z02SH_&F_pG{`(R2Ey8zRC!5bWzcd*~i_Z~r9$J|qeLt6z;q_{%=HvU<_HXa|S?Z9a z0V=iAIkbzdPAqB-z$yty>r<;6PpA$1x%MzC68Y<@VOT&11 z3t}qUih(onEgghld@)+%A*ZK5;)?^xM>ms76=K0CBUhf$yzk2?hCD~Jlk49~5h!KsgpFkZ&viou`s6dzQ6t=8>lQwU(b2P>0v5fjR{h2W4rbGi-X^#B!7s{O%KKbBthLtD?V&drTdDZo~ia$Kx%e49q9-cgOMPK?m20=QH)zT|dm zH8#c#UjgXY8;Z6=r7>>jKeiNfK{Fg&%W4$b8NmA@Wji?~lyYcgAj57XGUy3e^rOEp zEzV3GZUihfgIG~>W7wWV$hu2HY_l`g>)tJ0>J?X)&E6+CmIZ;5PIuc#hU%M>sLMaL zJ*MtYk$#QZBDGqv7IJ4=u{8L-(UNC?YiSTasDc#j3U@DFf$(e0fsC9u$qlpDo30J>MH7dIbo)a5ogGK4&ewa$bkP`!_{SOFcA_Wo=a37mgPA{9XzM& zqjFWOx?qlz_!`GCS5Bhpf#8ouOmoVTp&lLI2`&3o)ij0Bc(U!0UEw+ml6WzX@x2f> z-p{0{S<=65x95Uo`Q)Z|k;?bJxXA0&;;s*xX0k{}!D-e#wFw*XuI^t`?3}<%pF&v> zST2Y&8BfU?Zx)z2mLxXWf>l?iW8pH+Ggzb8?~+Igc@1&kbn=G$10ojz-ygDq6KFYD zM(h>1$t%bbKpaF9+ zy5Y(^RSuKN`)`!9w2f1eBm7P*AfXwV&7b9A8G%V4a0uz;l(8_F^hguD;ZxL;zjgU? zkH>g(i*usYtXZj)O8@DwJ{FY6nQ+Xo-5W>xdO!*;g+SGLM=rgneva5Oc?iC_|H}F{28ILv+G%|#(uR}Q zYDf+$sR^6$TeAR8Sh<+YI|ft4LlIt-)V2O}z36skJB3ygpHhQy3i}nb*}yf#0MAL$ zmBpky>?8fFR_F2#O%>4i@t-M1f0sD0lwh_;+|?@TFGg=!u+hdFiO(Ef+!e%u*$f0@ zvkT^q!W3C%%xylCmI3lx?#~C3?{pA{KD`5dk((Rjv!=l90r$%6dzqe`Gw%FNLZH#3 z5A}|`oR&C?3ad!~s2xL@fvjKF@pcK$qW2DYvlp)JAkID|KmV5k@be)6g3%ON!!*!m z!srzocX<6Dg5N3$S|rOg)|Tj9bv_=w_W9((4Hc&?#O?KlO0Bc?jl4zT{rwSU6QQDx z8WY7|`@9}F&8DLP{^h!5)+Z90R7!3kfx$7<{9t2G*`Tu&Jv?-r`TFj&s`EJ9kh1^R zpbGTKlTFeElz9VgYv=*9kVAeR5%Pm#m^HsJu6Y$its_k)m>BDpgnCWuz3^EuD2pqA z9iWM0j|GH%NJSVvmOZ}1W>6+poKh>J?t!N*Q+lqnzOAWn>$~qg4#3)f1ETdS9ao=h zwm>Bf1r%xwEuqcKD4BNM#(~C^*uzG_ zU*kC8BjrNvoC?}f3$eE%E7UGW)mQq_rP|ch9hzENx}_t+bK~s98hxki@h$p^UajF| zjFcAcuwz(wde|}`$9%hG(NZR)k&HA<2e5FHhy|#_Y2&lC=?GGoOCt69Q_c}7-P{_x z)W~ zVgsf^RAQyfVwnkiVQj-hhC=&5Gh;N@vv1LFx*W7w_~XeX>VVP;z`0NQy-ie$)vr(E4bw{v2g0-_dq-C9 z15tv>5@vvyT;n;cT41|Q&UL2Rep9md@{CSQx)_Q8+Cx56dTnX=dR>I0RS_ib1L05r zzS^E!;03)BHRHC6rAIHE8sU4p379?q$dE&v1&V3s@WOUK5A z%!@f!uhQ3zkChiUgb3iPXY_rhM{HWyG;$JVRs~mx&K{oDA{LY$%c;76QZ*wn#*?Ja zMx>d+_;d!3K*mk*zY7a*&ZSpxY8rxzD`X}b;Mel{razpz8%K(npQy6%y~cN#izoo~ z?BXr4K<;D^lLB5LTo}c$1hNJ#s+jSp&hUDwpz135pUfmCFTF{YTSei-Wmk#>pQ!i| z#x5-iQ8=mRDeBh*^S|4z4lDD>e@HGAUJVy-tB|0einrVY%9?>WB*6N=7p-e7A$c{G zbIYLc1+oX!>Vty3WGkESaZC7=r(wA)m;CC~jP3(UeW>Mry_F%QZggCVDQzrr3TR^o z;UHV3+r#TjEov*Qez2XXc~*ZAkW3bj+5Wv2mMwcbQqkv1{S*-=D?G zuHS?Kmk76kn0(^33vJ}j=WQicEnm%n!hy;X;17Rou%6cT-`BOQY_mQslPT!HSFQ7m zi?ez+HWfi>b&RdfLW$)JdZ;y$EK^Ncn5lnP$L{Rr%FJUC#G-MlG>ZM!kw2Q z9ec&7UNra6{wfwm0j2lwwl|JGEcix^K@10vq+2RWIAQr>$9C}J*2Yc7X&jMnoMi0- zx#j{`#tXUhS~|&i&)=j)#^x>9YGM&Tog7ys0L$r)D}z=~RV`_;KzY=rZQ+jGb+~2f z0}}bJ5&!%uabC)Sd2Itqn z@b6p>&Ue40SG2c-{608f?sMXAZRe{^i zZ)*YIp6H&% zZ}Jjc@{*^_VT3EU5J$WWBJSk$z@!ZdCdtb^Hn98ofi$6LF9#{7>2 zaf2~9(!GyTW^vXMr&#_^BR|%-Wk0-Sn1(TLh;_qDIjnp?dYS>Cw5}*jd96~v_=Lqg zVf2L7-wRYI+@$n!E#fn1FX&9oXKe(ijDYHpd2d{6`z3RD@0tL|182Cfp9(7j3a4fk zC}c<@{g=xbkb7}#DE#$ekxq9qlKFF2;>Rl;QMrdi(PlvFaFE6F+2^yfGY%Zt>d5{z8$!s z(Ec?C4QSg(@W)_RQ_i^x&X3x#Llbx@=G)f;JJe@e^a@8cPPieq5c-zd#nj{=zf2FV zsw0x7HaTopcd`IkKWowoI~Xb|8B$n>JN!D)47(f6bHUAtTlWGCb$iL3+wA;X+kF?f zvLbtrJ%sk<;}yhv`KZ{d*R+XdJeod1t=G=LXl;MqV}5{q=yf^dNG(TJJ%p9Ag!5Le zg7-_spJ%JtfkSGsV!cL8X2H91GfaS>7`8Btmw68dgO`qZ^2w^-B-?W=Teog~%_+CN zqyN?LX^ai)Y`~TjE3|fI6Y!b#ex53Lxst@Al8ai^xX` zIADl6w@2MAg|hPxb&w|V=?AZO?_fYO0Ena+IPxJH3@GtZcQzLYC!>xm>x`)Q4_`Hg zzwsc`B7WM->qmMclmieT!bXlbC7nM3+|78f6r7KXG@naWmi3P~=X17w>>0<3jL1A@$KGXUJ48mvDziGvCL?=w zjAWBkNOkNHlE`WtnH4$-A$|S){({f*xvuBAuIIV$`}KO~f`v>E5>6EGiBSj6ufzQ; zZ9Jqvsc(BIvqhDRG6Chj$QrlDTVyq!>1#ohQ71 zmd=j>2$j_)WR*ILQZiBq4P>g{dOyE=KPro(BNi^g^}dbq=ju`O-NOQ@n|&=i?H8#p zk{*9q@d;*lA$NwDOa}@0qXsTgmlH-HPV|*wW=m-v7!j#!Vx7Y4*2$G$Nll zsv&GtT7Iw{P5c@aS=*dBzTErY=AYYhf?t<1>4_~jH=f)MK3QVUlf>ukk1O51iph@t zesKU&8?jYzvUw6;zV~0R`hRE2eakQ;{A(i18zm{{G94z6Rp8!6-&0t2$DS#cazEMl zPycvBREsqjaVwBpHoElu5|1M5To*K z>NcB@A~gc!)tbo3hDqa=1rODT`du@fZSEh3oO^LHo{@$20N;@loSyvfXNyQJF;L%9 z-wSNwZeEsCT*PiI3|m}$8=XRnPF!LsSMT_0aztV!x2(EbqXDU1S>;ARM3?{I`l1Oh zF5*2PiFSZm>yNvAu`&dO-l5*i@`0ZxLy+JB_9PK+8l7xw0CI9j=E`yM4iHvEP?JF@ zJV^R5@;MF5$w3w~gtOB>>&xn|6CeWH>^>~QXwe5Lh{GkGOcSL5G^-)Y$|?KLjyBcB z^Px>$A^;k}1xmyAVy(Fit70tj9Uth+X%cvgta|yS5`2--0XruZaH3}3<(O*Y9xGVICNnqm)h$(1-JAVq{|``Ya&kL?R%dfzC8{pfXv)1 zsfQBikVc#D*TtT|on004a{EOUK)qW_Cj7#d0oLRg$@r`;0iN8+Tw58TonS;-h$G0+ph$+4@0O3v%(L3qvVN`m5Ra{bh`sj!mG^Tt-KHT=L{E&CSVUGLr5c%S9 zYsf7K-XLV*PCHI2bBdu98;ikT*K-Xblc&UgpE=Z*zx4H!VccSArEqtd$sePk7-KWt zyeFjc{@8et%9A0D!bNwm@T z9UDaviIe@mT2VnPc%;7GE!pC@ZSutoxnV&{t)4CvNF5p*VAB)eHQZG1l+Zwe+R_*S zV6sKphSAGYE0unLC_1@=2ctBS2ObCyweMJuqv!N#ZYTlhDr2clmEX#)7^y2a3%saa_VHVkI zDtTg7y4xp^E4?Wd;*WMpahITFFBkNMmhH<`CR#FQc9Sk1g)y+Szsqx2^p)E*Ya}ug zu6_GzN|%_b(^;vyAN*d*AZm9)X1hY~#vTW{xiLG>Mqb%UKD+^2veBZ2AT3}Vy689 zX8(Hb#oik_FB+4mg!|@SO3TDTE4c{6L#m>S4t1C(6%UJKU$|J<-Zz$c)-p3* zpCiLfxW^F7EBe9XFXMcQwUW$Vx`~|kJH)N%KEa`v<0X{edbjH>v|U-`)Yvpj1?2mI zS9zx7LVvDqbF$3|nBZ<2l_FccpI|p7OiaMq@uX8P? zQATqL;y;C4PIwJj`2B3x@NA^!P1iV9AMNVAV0-P>rKenTWTtQ%$~KAJLmnoxf8Q_i zr>ob*{^P4c&r;|1!*L1k0{c|89anb-QAQ?N)Ep zy|N0qRW>#%Q4A8M5a1Cy#qcYd*tOMRZYk9)^2g%oz{deBJ^dK*Ev1F#+}U;}3-SFq6Zj1f7Kj)OkPTcQ) z&>fxLe=B7aIOeKJ$P_p319H|=%&ZN57K$LhJle6i(Uo3mWOi(i#BIzC`Tu1C)DCkd z&X>jZRg+rG-5Uz|9a0`(fSPp4?9-HPZM{?J1qT=7f^Ywq+lYO+&-T-~wn4yykpUvU z_e4^F-ZW4*p87YyFlUQ!k#5kD2Or{xjc*auEmI`_c^0lU_unjm)WXV~IKZ`dMi7`m2&Bq2YMahS z-*S|YTvB`dWtgHTH3?#=23SB~f!(phrVvDHL0b6J`k-A+#e+HtUW3MwIDee6z3Y7xNOcm=_!Y!L^`NMj{!tzJ zXoY^el+t$7QJf^g1xb!i@X`2N2F!+FWug;LesQqiY zC{iE`%TFhWQkL4Xn2ERtpMPbNA~XHI^?fQDW-dcq<7O!)54mY)mz^_8qn4vj4VZ+} z=(;jwNI!3z+r!Z1u}QqBJ*(8E{*{q(|P@V{R-b4ouBRT=<`<~{Ts42{-?npTj zJ-upG@Pm6H7c2yYp>S`g9;<1Zsh2@M--xv^*SqXYvr8u|=pywEgNt-hn%-dQMvrba zs~W#>EQqO#8=-1Vs^sV3a`$GXfkfy81KSkl50*TE6;stHbS*(0qz~+5G#WBL#t<$Z z`aD4+(-em#8>u{-eX9RByRBvk(bb}zOlTo0=0CGcE8~9YemnC4$KciZjKb5Ub6SDB z@!3ZVZ;UdgU67y0pFWfvD0^tcrLR|ROYxOwXG3cPdjqB{XGM&TS1*o>@H8(OO}>-B z6SdXYL$zyKw7rZ!AU;4DBAqkhv@Lm$+|#Tf9Pu{ZZP|oSv-2K#=j&K~B7I4d?<}W$ z?;Czq@vYc0tSO8kNv#<8>zdn2n6=!z9}=5*^7CeO;}YV~3;|YR5^>MFG+=gP|BP{A z<`%M&e{jJMlO$4oIV+MVQb^KnqdavM7=JSPa+&|?Ly1T#x9-zrWR&_Dk7(A&e0 zLx&OM#xJk~2!InRjVvRdrio0li*aBRCkx>lumV~_uBDLP0br_c0-RkB()1Kz@Y07l zUfX_T&Ag_keM-79N>k3V3Sl=Z;1P*FD+5d%L5!L#GjD}V$(mohZ!tl2{aI$<9Jm$x z|7_8RrUloVp0DBbwXU|_&;vds zR#X5Y(GY<`aY1)ZtzF>n0pyZu&YSSmwlK+ zvubRD0FIS2U`!o4i~0*RT4c}ZWi)%yowux}a7br8_3H#9vbUV*@de!z1|5m}4p?y1 z-!=1QkPOUxReV1O%bEp3uR!>=vOTh=3%{lLsfdT?0)dRCm;e}jpa6ueFf@PF zUo$@GD0X3_%-l<^T2Bshu6b&~VHL8&ZJ8!9ESkuMZ3=7#2@*HOyq}$oZ8v*l$&jp; zbhkU{RQ39fPG~)E|)|< zHWy2rvvsGppYMh{qr=&gh$#UzJvSB}4j{dP?;xdVn)#Ig2L{e~rYOm+uIKzAb3yZ) z(p&wV+jC-^&v50A{0)Ny`{lH)?}lU?69cn{j&fLe>ab29`Pc_35uc@Pw&PeL{rr z$P?qA`_(SjB3V2fr3d6-l81m0MsM2R^Gcw?V=tRSTY=x0%s*38J+y(i9RS&$MASGx z;9%iUI`&&_dhIx=zEjFWIy6=TbnT|=DxFfGmJ81XklH^{(xCqa@4+uA_(+p0hbLNn z(=+p{il=-Y#^43qGEJyLG5FBKrY#RDb7<>yw7YoTL3x#$gtQQ~t-bUh{M{#e=f~tR z0~PdO2o$N!kp{JBAeh{}bSV}+bVokD>Jpe0%|^i~8q6rnPry#r%&!?vecy(0eh`X& z{5{)pIQ>-^m)AA}e>0xH`095?aZ-HquxWMVN29Hx_14h=IS#0%`9r?1RK^@E)3;x9 zhID44;y%v+kuS_)*ZSS?knkiAi+CH!Qa^GDgyz%t)eUEnJu}42%W`h<9E9q2m{cUa zXo$4kSb>PF7-+=G$t+4&8?^|TIDWCUsn0UC72=;?xOcx-*g4P;3j&EALSYP`B#@jI zNCd!ss70eUg(}aM{swr1r-7C;snQBeQlSi{vjp>#rWE2`N^&`Ma&I==V9Hjxgsy z2YNpwN5PX-+mzDxMX!-5wzC5}RucC)5pFLC_sXC4W6>EYE%&F*`3y#J!5)_b~tI+lE! z5d3WM>_@Le<~S{X=GWta^Nsrfb=w1l0HvpuKKLT%>7HZgPcUQk($A6O)G!&x%kdZb zm;;5!M0**Tj${&Zpq-5cJ>(IwjmXp~Xo%h$Wl^R+VNTHtsULBJcQmWYKk9HiSslOD6-?|tC`A_!d!v&Y|JqV_Q5QxXr0 zvhM7YQZ4IO2}^kt5bVNdCa(@u0)PTDC4+dILzA?G=t&IB-m51nLt=~q?4lqLmU$A* zQ+?YDDeq5s=dbvRBR=#NQDLR|wtz7>XZ2S7+(Fs%(1{hOm_-J$o~a zh}8>l!`#*V4igJg!VSCO;*u*lJdFY=mW93X#fZ=9CmDVRzxm(e`}s_*p=`CF?D;Vt z25oGi5XT5yEg8$iz+n|!AC~Lp-z#8kHbk)WVr=m7MR{rz37TfH{-`FI>phyfwPV6^ zhw9tL10pjp0|C!%dfuNl{RMJG5huIrD&f|NVsc6qjQ@x%pDB3t=?rF@TrmzP(aOhb zr*bY8fOfRL)83uLL%jH)hBAhux7+g`7<}8et+#y|9`MjD{G8u#C^`1_=@6Yifj99_ z!oMw*2W-(;m^}z#3f-6%1U6T;Zpt{0tUM^4UyyP?melhE-WRr_cnnxt73yU5C zv(QIyJ7<7Gn>q{9@H4Nt9|mX0yBVxIYMw~^de$-C6cY7j@$=FCb1KW}-iULBhUV17 zl;J&jM?O+@X-qzfa_SwxBthUQn88Rqw9!O|q{jE?IKK&rQEpc|pYhMm@LBa5|gGFf}aPJw! z!{HZqO_n;6K6$Uf{hP6m?3FP~`UwhBPCyu=$UNOW@c0H!z1B1zgb1MJ7TI>SO3t@h zW~%22)27YybPv^uCGF5ns(@N7LGf)E;B&r*E85f%`SF)-lS-YwKl9>T;N_v(OHb;q%fM-|rN^@Y9QslsO;l$F3_H%)UK`BW;#OHARiv5)3=UB(3d!OmOKSj1cL z)jg#Mi!WYd_O$7mpY*S?-yY{N_1p-)F0`z69|}Ixp~Ss*7Ulf9r_Q=|+&kg6|GE<8 zmQk`9JKSp1P*-gU;7PiKU0z+}m%Ts0qZ)#1*%CW`#K?2q<>$>rOfcayBl4He|LH#k`D4VJQ{C+iJgiH0!;h|6ZxD`fDQ^cziXy@)*v&H52h5x zWkM`4zGioVw{ViaY1|5WJbMR4@m_((!-1>ys*dk|6It*GUK}7sO$-^ndw=k*APNqa zCPyO4deY=7#BJR_sWFA_6L}HZ3I3i`ueUt#=4%OqPfW}0!70(g#yF_NQ1a{tmCKKU znefP|WMur6l*h9H-H5B@d^#WbbQ<WV6zpB(JQy&Y`)+lR$E)Z;_({mlR;en-{;1;w?%kKbt5wm;Jy$ zL|iFn;~>xD9N>&bL8I}ld};g0`?nJ__Xj~C-|{=>aCZkXS&U)M6p$btu1SFiV#DDn z_F`4{8|L6jIEe8ie8fMYG*?||5-xTwkIOkDJ0RQB!Q>n!k-0kW(*~3_SM>L$u*ZC& zSyGNi0QCHP&ZE;`lt$GtWF8&l-}vU{doGqKU)?z?E1UueZv`CDT6)gfMO=kStpLX) zTnz^sjLGFFkc+ztxp!D-Qx~Ztk;-XSgx&Qn=GVE@TJ~|IC>{!OKL(piERIy385kA*0i4R{~g>iYHW&VIGw026f>5udMUkA0V zJb<8LU2!XeU~6LqBSe!5Xi}jrAjlg{tu%YBN=8VvdG)S&^>^tU(5 za!+T{zoV9SDTqe%R@e{i&aR@MBZR%{)4P+ctS?y?m1SgI}f(9IRmyu5D6jZ8wpb?Hv(N%!AocQ$f@dB`wOS9iXZhYSvnyX#sbl zJ~@j6SDDv`quck)tEFSg0}n!OSljYAiDPoSgC(uJMW#WGV>agz7AO@haDqWOgMd<}jo< zt-WfmB?i=0@wfe%02pG^wJ=|1_ZOim|Iiti*A5gn_S;^k1=9APT{WL=~57m*odmwmzG(5 z8Xp-oEa9sS$ox~BANS%%TBl)g=kJo1`ngvnZ#r#aU44!}#P8n1wk(~t^4-^`;Q;>o21>_ z6Kt>xDZLARJnDgZHgNKObexbrIUT1<@%Fe6fj7k0!=3@ zODE0=6tAbZJPaaipTv(|p$xpx)W{}vL70<0gx=hxfsVR818bYBM}hW|=|v_;^fgHQ z^(QD_`BR~TU2yk6{EWEe^V{+7_{N`+-G+nD-F{*R^}61yNr5FYLCk35a#*-+X!8wx zvq3|rOxM(Jrq|6!Q@jGB@|y2eUcR2V+VJ8#G-o*&JqgtbeTzpz|5!d1Rh;g-3H#R7 ze3Cw$t@RAcG$lwYb*AU5mB6fRX9j|L{jd@Gq43+K-DfRk5*B85&!J)jeJ6Z-%Ke^@ z)9M{@5o)uPs(NHLiou5pUDxb1wd}kZJo~+|a&&z5&OhHu*}33U0Bjh2|1oI4bT0i9 zQ(@G995<|5V$Z!UESWI)TPSn%aKo)!X}n%h0Psvi z8e6yC=xRV=<3w%>yJgLBhQ3YTg29Er`dgn~J{-2h*5hRnr%nL1(#B|>T3A>c#A}9C z=Svk!2{^0Qtz4*hHE3c3Q&TwygblC#y^_m8$+7~i-$^Zu6rStW zjJCsroel;(sG2D(8-&lF$ah@bLpLlz9m+wl5m(sDzYCk=Ah7kegVn;r;BUg(wQH{y zhP%HwxWj5bb*M;v4{0cFM)rm=eVdYX>YDaq%7O)!b+iiq5dXAl8uVk}B_IEq{ewEO)^}<1#`Yt&;&g(}z>6-B@#N;1^47cZuM)36iQ=}%te=z02aEAcVz{2h zlcsOI*S81Lws*IBRzH6$UH_))xng{2L4UHt@a}@;y%q4QwiI)%<7R(}-*6XtNXrC6 zJ$7WNVYT-kwO{_VK|`Y95Bm1th~Xl@70}7u@^Hk-+;jaAN(Lg*{942lnM(j&qQO*s zbtgYVLIl7h)@4E3&f@tNBkNwm$K@Frlv?KRS}Q;+Ghf8AP5Jfj?2vAQ%e%XmzC?d4 zm(|W3bFF2Yr0R?@R4N=fvVHvcan;0f!sKr~YYY7bHb>&nH*DiB<9x}FL@3iFggW=& zJ_ZYo3>KZN5!dHW+7Ve3-||e~Ib@zcLxn26VNTMeV02gBj146zpyK0aim+`NCz;w<0;1?8uu8g2Z`e>+F#g_ymYh<2Mr5RhT^<+$=VCq6Rh-v*rIi`# zGoD-by~xrF21TNAjdRa&tBC{O_cn{_Vt$u5?K}|*=yEAWNtnm zjMZ7YB4*CBB`U$6`@Q=7SZxhoXM+>cxrj`hGRJbQxbHI!3T{~_o5~ZYtWqtXqT>1+ zB9iHqWs#B}BXmW|?pZ$`09%5QsQ$1V&PNkxb;^zn7e2j+Vzn$*ihvoI=DmnGVJuvn zX_&8fW%F`h{LplK=&|^>=`Z(fhnM@kKbZgg=Y1X2!)zC-2jy%qNInhCO20qq(qpMS zp}mNQoGHX?u^hX_EmIQY{F|Q6vIhD;o9AF8Q4|*@gYSJ#=WOoK2u~M(&)bri;%vEkm8P2hWHT^X3bLf+wmMSxD?_a;7)_;F3^Iyq*!0*LPwZ}cX{SlAlaL7m{ zIko{yfpd{`OT-(Y8L!VVCib9eq-OMn@}Z0>vVucCI>Sy7`|z=`t;wfslN|e-m|@4v z(tBrJZU*M0p*j|CE?4IZyycc{4$q%!_^$P=;op?^Ggsv=JE>NxUbnYA|!Feai9l z?8fKjmuoDWw!GW#yw(&$X_DW**471=MSs=bc2}V0@Sn9MRIond5-DBHhnzZJp1H7c z{`yCiYj|1mMxoVp^yLg^1WZI)Oi4-3@=D|*+3UsVbJ`N(9DJ|nM`^rX8KOYRr|W2? zY&oIL>k(Ab(>UoWyTf4#-2hhPSFHB(9w#?srGm7GAb9?h(mXPr356C0TT`l8VtdR4{-SMrNk#V6 zy^PuhUW|w=WY8VQ|itUA+H^f$<2~<<>gvWV!6-izGntr7@2+P^uW@Fl^&~k>SFdNP|PmTP?&jM<& zG92M6AJ1VrZB0WSuPWq}xWQiG$cp~8%t;rUWy`bWKqG2`a)^vv7XnR3^;oy$*iGX0AH}a z*DO7$SFNXDg8!PJDBjlRY{bbuIZ1O!sZA}54D?DV9`l}(jGitB*PBu8kpCL*oaXr{&rFwi2UxgA=JUb0b|W2b8zyK3SdTa*KR3(; zv)bb|AP0(h16IBUR(3_|a_>5Z@|tBJ(zDZKQ8B%ZM_}zr`;2D2!IH1PqWemK-D}j~ zyXYMOK?@k z`8%IE(^~&j)Qvm^!P#4-6HC0j-X5q1gGKJFuSP#%KV_C6@|X);M=@ln$gho4+`a|~ zrCIdYQwHhV>?q<@=rdc1Ztb=9iv;>NdZqfy6iKD4Hux30FyP_2GvT*3hAqW6u-t-$ zguIp@C3(M}uhnlZ6=`2T+eqfj^7_t*kK)6#8Aj`K-|IaWej&}-u%g#6v|mnWY0cZd zkhwe_f;#xP4o=SLCpLRCrPtFtfL=kSUz)NYrA@j`M`ebIzo(-t99Ph zuZVj6qG8Kp^c&p{NAgmf{|&(o7A4-PseL+l#dG`xAeYp{)7wD zX^Ot;8^+U|13rD*aQdXETHAH4yT zagyzAd#9BjDr~&|Bi`Qd=J^>us@&#tc1(5TTyA7-UjITWA{YCG^A)WDr0Rp3_)67C z@55+Uv#gYK_bBNYX0c(2qqWLn2Yo*pp1FmRoG}0|s+$wtFAxnDDkTU)AEE4kdQ!is zy);{)VVOb0Sw@B2)NY1SKAm`j-E;op{CnG0jhhgZx zCv2+av|9(^17#J~tXk;0S(+xacew7h1nhurdw2fO8sr4M9&jBz;f?R%q5?u(P%Mok zxT*ZP5Qu+IGFUKHDQv%lY-r!XD;~6$gc8l9hlEW{;(xa{wf16bxs`W`JcV5X_?NM} zk3>mWu|)=@cGmJBq6N}4bf<`=7IczofN>kf9OKzqN4L-EC22E%w*y~|Bw&Mj?z@tW zLP>UXU4eLF)RC#da1TFSn|p3>e=&LZZ_ghHk%13v6xZASopAYnCNI4=j)}}e2cJq$ zQT{}pQ((20AXy8HFq=2p8C4m|=?srOE5fe;rjK&jpwjrP67%{-gU&YYMpyNq#4nHzADH`zcKfIW z8{OiyTWzT;hXMuut&&xT4hoFsMn?lS%x_29yBcLjrCgupE-C27zf{Qp&#Jn^H5g5hM^x66bF}5uobdDjgG`)^ocnAR~>W7Wp7(Q$gyxGh22S zw_ccdTd^Gwr15IkBB4JaN&nf~8hnI7SfJQK+fb$ppV%*Cc27NE>LOQKK&0(1j89%Z zV<-LY5)@0?mH?|!d%5s-8b(+Jik+B+`N}&=M;!+kKkD-2{>4u-?kv+LjCchqL4ROa z-N4?z1m+jrgg!`$b9#PEez5mci#~ZWmeRR}pdd3Z7+w%;iM*hd+%+lcy5o@uWblgsZ;B zygq{>6u{tMJgOK-e+aPo*Nf5}m6GjlrV}|^A!-KzHn~6hp+)G_WT^pU-EzJtmruf< zz=eYpCcGCZoG+eXaI&fso`f9gn=1@o`N=m7L=zDpmkM{c2{9K>BQ-@3R8i5z>&!)7 zx0%seAer0Qw5v4b<(&8dFziNb;nwCY9Z&5}pf?cM#GPl)*ge%Js#rO{&Ryj3x4Q*> ztB1FvEpQ!EW=}5Uic`y|rL_5<2NgXyx77@Tq2SL55J?_Q6&aQhsQvsMMsnM8!#V*! zyY&rnd+2enU!Pz*4v;4*7RI3vp=A46NoVGpt_w|{#KVY#xt4TG!lzYtAu3Qgma>zM zEzioN?oqa}c%7cNt5!IZK#ximkigs*sanVY4y9KJ2q2*aT7-fpR>m7Rn*-V@%gB}p zHEo4)T!Wcfd)fzjcBOyG&ASKTYmeEz^yv)rS0kV_?E2qJhFq}Q6D9+Va2xUu!q4IN zjL~=z2b`n_4$e9a0+A+f6B{j=>*Sc3Jb=rl!2eNm>r<{X!KF6ARyx522XjOv*c^DD zI65V8dL+0w!HjVb0lG5JJwsmMD}2K3Lqg=gXP|B2L7*0dvKT75-YBKrJCP2x_eO#-=vG!*tbNc-a_{3^NV|KAZ#XACDav;rU*<+ixw?p)1%yg5E32sZe0CkFEOHmE{QXbMm1A#V25! z$Kp=4l)ti=^lNN~CkK@v_l#tW^)yDo9I>m4Jj=Gx@SE3sZ{C4Bo`;!kKse}lM(U~? z>#&yNtR#+9Fz!wddN~3;udziC69p~*A{w};N?5Bh8Zv4gfCUf0-;1uDq&BYvKJyl; zRl6=eY2$R&*dLn3x{eZtDH^YOVAgFn68vcJ(@3%W5I<8KB%pd(^F!I!p!)w_EMIt- z$N0hn$~;l!bz+GbD_n|7Qb6hC+fAQl{ZmVB>jaEE1~j zM7F_vF~TMIVFE7b`rX&Pe&Ny&kB!9qkRQ+167vSP0)~MLXwpem`iG?;Pb`(dg#nb4 ziH8Iu z+e*?T?p8-b+2$HS$<%0eB|J&RlypInq=IqZG`5*r+_oyh!?3{6Sr7vB6GMkEng3GK zOx?Xh+^bpHH_keH$6L1+;H3dixI7n+arPl_v7sB{54J*(i2v4Za$u%`oVg z+Z?j;#fqP}ed*WEe#p=(0>4$NLLmWG`^)SZr%}{L5DKb@213<>T~P_YVLyV=J7O1i z{(kr==@HP|jg4nqNY zx0~)O&)G#FHXgW4{qax!*LEUnwekK*A*Q4<8E;Y!1YF)V;++F!K{j8Hpm zkNa!fb)1Qkymd$R*CQgHYaQ&HnNk_uAvhM@uuPde&_tpL#LA%)l+qCNyG?Q zPmE3uc66Zo#CnU2@;DLp7Jo}Pf9L)4yFqHW{zL5kGgVP(k`O-F+>?BT^{)lu&(kZu zmYKJo-TfCF{WrAZwxs8e%Xec=B3ZBAN(wJ$`>lc|onpV@D3U*4d~Xuj-~UdZN&JN< zs4^zx9qh6Y#jAg9-J$6i(to@sz9z~C-ZAFT2?eLL$owB_(g)OQMDd}loQ@s=WRC_>Hc(o{}q{(1b z7TQRbUmjteJ3rm(qjAmhf$p_AXnm)5!Xp7v;It{bq3pQLuhp79d@UKwintL zp5GYS{-<^DIDE(!Cw>al+N1|r1$kble?3SOym(KpsLeNo`GIfZT=^5f228u>xf=dt zmq6*K{RRSZdtqR9Rr)&yf%_N&mPT^Max- zjMjcgQ(Y)@=RU6}#wc;;vA2yOiM^&!Z%HUzBF89k*-0pCx%|v|6^$#r-j;+3xU%SFOY)ud=x@K#p z(Ox_r7)Zw@@++Mw>Sgp7!c!%LadV=q;ZujbOoQ^ia>;Q@tB+D|3>%Ts=J++YDpFjS z3P4;=qJwcUF@LwJa}!D59u{BPpSx?vloOWl3|_*4jYPT~22S#>`#f{$#dThQyTrF>yYJKcF;}$fQc6 z^*48)rU^X8sJOlFV=~dcV9UeS6XeK_(IRnV%hB?OgEQU2Gayj(uu~e(l7aYV#_H#9 zj7E8t)s!zklkmQ`no!-9_wBjz+y7$JeyZ%~3%eL+U77ec*Oiy^ zTU%q6{QJ+tIX64joa8<4gMCPypiJ!-^LA%H@CR81@eGwVq{Kr-`@?s1sjcs38a}5? zbEgW+NeOuxO~1$yI;pB5*$8JNIkoNVYQhe_T?S>5Sm1O(vK0pjS~>&oT-Iuf$8z9` zdamG2NJ}t0xCjMi7zCw+ve%hTrhQh$88=(Jw2X_jxT5!gTlW`#RZ{lXdF7QEq&g~$ zof3dNPS0<@(<5Uk_s&xw+KzNeC*4KT40?UUdcH49HhWh5<3z~Z zxnp~{+xE8vwv#G;d%a5bYpo>y=}BD)0VGE{4!UOhwLgEj`hQ%V-`QI{Eg>nN(KmW4PP?evMQ7c0CPbO;6}Vu0s+S8Ua+7O#V}_j=q71GMXtMO zZo`!On2m))4T!wbepr#{5GW=*#Gei<2s0In-K3@<+zl% zUF;0t4#D;`_9u{8ja($GF2?nm->`#CqbLTM28h2ZeEL^&t@7%~S5c}5Rej{TsZM!= zt7y&}GRKX-zw31LPW|PEdwG7%u6oAS^TeyE@`aDqwbl9}Q-(ZZiw0bS(MGtTA4ly& zD8BqJDUr{3$x!3+_pnrkc4>NQcD2PY6|DGBsZ;>}rN+yXq~8 zSjhGhd)?2`%XByj8Oe0bu~#-S_LMX5)$eTxV}SMZ(|B4Kpmr|WR{@I1FH8k?9xErg zjWW{&o-WnrhSby|7gozTmU*KklJ9FA5(e48P1#){H5@Mq<{mDB=Ft_pY_h2)efji_ zaBq!j4_kgoAf@hPE2V#I$%oJYXMJ{Q$Rr#7$?Jagnvsm$ zXS;)9mvu_2clA~B2UqSfL=QsgA7iLc65dAI=Z)8z^8EzA%`(JD)PMLFy8NPv{t%u| z26c5+l5`0|iWVr5#;L|(N3)fbNm1Z^H<3|?llOW;m^e8!i1Spr+imul{Ye#=+jfBI zE^YVrS#Lzwg8Y}wZ|9>a9V0R^K#r)DX?M;7em)&>M{T*l54?z?$u@IGy<$;`{Fzjk zZj%(}t5dM}!3qM3Tmc^M++Zw%Y0p&6L0_~SoUEDv6xhJmXC!IE2Q|B8BzILd>8+1O zipJ*B9MTy7Zcj`qo1Qem=5rn(fZvfQ^i05_X;fri)j z&e~JfoGXL_yOl}<#KbjuBY+tWGnq0ytP4fg48NP{raML(O(pxdKcm;L?qMfAu-%k& z!UB$pS2WbULf!lEOw!X$L30N=vf`Axd)L)B@%BEvjoinmdeZ)zFO$Vz$>~5Y=cohw zLs?oouz0d&m09X@K%;yOgSlJ!5FKclRp2W}%485KP`7$VP+|+;GUE?YoqrF#CF^Z$ zflj&P9`?5RN*Ku22-;O30O)j|%rVLUa$FCQ%BUo@oyy=!$_uVj<)k<5QEr#^;O}*m zkF0B%Ha}NTC??L*wK@#Q7A4ZvaAF=NzZ%@+=@4+yXTKIDW?+5RUHvalM9gFTJ&&+W zbYP{MVl&WH%tUR9g3=aL&1Sd+4*R)q(4k~ZxHYOv5ad9`cFC?IVpW2vi|8n|=yBgIg*ND;LU4}S=p)hi7^dV$$CJ88<&%}B zV2-?hk}z5WvdH7d){o7NdGXAZ_$wyPsNl4JQSy~dbc-JMeQRUe(DFwsM->bW3ctp( zLsFZG+u2`xZeRYXvf_oxiqZQeH|DAE-)1iFtd*1V(Z&=pM-_*%TCNJ0@ax}@J$EKF zlI@@EY>FN82to|OzI@_CuVM><(6wQB@Li_hyT*HXWBmoeTMmb>f;rLg$PO?a9Qqn`)Z%bP!jy zIMq{k6q1TW*xEoqLYUun=+T}an*GaXGsy*-C@R{!^ zGSKF1hP`JOx@$@UG-13km5no6HF44izU?g=D}J6F*|E)^e97fCrYBidx}lySMFFL0 zNMSaKV=bI)P}DI6;8_Vo)DL^^P#rn14{}~QAeRw#AANVf?6(GcLi1B_`8&Q7f63e@MOQA@j{!8A`w7X(E0ip*8I z2_H3R7hgeY<5ZA#I#gwEppRqbuDMY2`Q5l=aPLPVQ#SV+cOLOD&#J*ALq@ZSmbplp z_<^LGPgeLFj0~(ioV@l}PV^Pnijqu=ISt4mN_F?oA^rbosdzD|4sLEayXIJ+%tJ5@ z_Cx6EUWOank4CJv%~cpwC*-d=KlQmN#KCA8?6M55weYfCVb3k!eERTyN57C=@uJFHP{wSTa zgZ=U!o`R?XPtzTu_-3VW)6Zd>{TY^m`){uN)h%T0Lj}0G2+8Xx_nR+p64=*;>^? zu))Y`o!0F~$*E0$EDL)Nnn%RvlP@=P^WrBPvwWtg=(i3QnQHG#0~q zhto8K09d?OGFY4mV{VEgDjibY^sbt7xAb!1bN(13yno>-QLE>6;M!+xJibb3p0YlG(VKzJROl)0sp07L+ z?eVRJ7Xpxy2Z}L5t#8(9t7>Z84o`1$yAHeJyIgZ3n*`pOnLwpYYgsXc(+>P&4tj9M zl>*VD0>^ZScM@qPBfc>RQ*tHKLm|Uq-gH8Cn?43jfVG>Kk~M{cCCRHh-^@-!8uC z+p61iqL(VQ7Qn_&gQ-pI{H46VpCj%HdoTGrC;s;Y%bx{qnr^>^R9h-ZAUo4IWDoBW zc=fn3w0$1n@kdHF*I(Sc?t1b}OxK-P}+y}fr;57un({HP8k0Kd|JaC>E( zx+u4<#c8dVztyYHH4DdmROb3^i+1^^45?M$=X`ixA5l4uz58c9q*wp0)^lzD@YCnh zSKm(=B+qvviLAeXAROshIEMBY=E_HrHbM`u0$$R@DJPGj3PHjoG_#fLv2*7n*D1@F z6V^waLRKJerGuC%ut|X6AK;hUsV(YxpFSVk_Qs%Y3|pxX5O5J@)e~7c$M%Wni9r_+ z^_=$GbmwAtW{r2^G_-6NCnTB+6ccU|VQ>W$A6`7b1kjVNhA=ALT_7_}kw@p(3qdR} zyx8=mw75~4xckvbWPpS`iubO-zbDq}1{Q50N5~x4NtQ1@BW^N&J2^_FISrq_o9#cA zqu~*er?TWb^3VHH@^n8$#N@oe7be7$;w7xSjbaj^s^Pmw|Sv2 zX(4*|-<*+;X4B!i+O|D%Uxk`Pi*KJ640%C%Yq_nasAy~2xs!vbeZFSv4s&jNhYb$P z+(}@}lNU~MH+=TS5D|wGjgw0ry{jpSobfeAgjAA5PHbG(c)qiy$*T3ZQo2jO<;eGkKI#VGxV^F)Ie{@SAS!H3@FgCja8X={3nALYwfTU?x`a-4`unuZ(@8&2B- zE@_YBvVp>IebULloDO4AR7EOD5~*s%1EzO08|GZsfN?N3c_|5<@&md!cNc6qa@HHLG~E z($5>M$`WO%_*eZqa=YuSuIAO|I}6od(`>ylOn-e`{ zLW_SfBB8cs`^eNJ)^;HWZ*sNYr~IpM`o@AzI0E_7utR0!W)~OxrJ7Tc2C61@gi>>P z5hQl4sY~W>*o*p#mwoRvnq3a%2~Fz#e;(Yg^$BB^c~mDk-M-`Y{#`1*oO(ZF_Dl4m z-EuMDf6_S7k^!%&slSWZpoKsF*Hv%sIFjN7)L(#sY=$JN8gR*dH%RNnO~GR-_&u2OXyS<-#^-Gt`xuL_ zt$YfjP$EJkV7=FYQ_&6SPUE7REpR7LJ|btm+jNmv*7Rznz3pCq_>$VENkf4$#rLZ! zTOd*TD;4$8D(16x8jGKjF2R3GBT4aIeI@`jh9EE>I)@zpp}YhFJMX^)0ZtPwY-}2r zn#Ns(@GS;i3`?yN06&MJsNX-n|7Arv+`$S;*}6UT6&`nILv&V6=JW<^@Fw10oxef@ ztPi+uxX}l9YgTjThc=uB9=LH@dynlEDeAngxRuIfUs9uzCu-i6{zI-{#=73?T$z6S zZoqZlnP12odB_D;86w(x?VG1r)4dXxz30;0mhGLT=}M0_)d1dJ?|N$!;1fj#=ky<_ zA6|PDGc+yu1`yPDv!6wERCZEOzP`j)(s`0^mf`4jt!epIU3apm9<}Do?P`zi46kg% zYKMXSPemE!Vgc1uw>};XL!`u~Y8ay=T!nOPK+=8IiHMWSJkdOoXFuc7>AnanF&A`4 zjEK%@tRpUDHVM~U+#Ni-K+{fZF4_7?nJ>kDQr9=YO6EdNyYycuEMKIdfCt^)vV2tO z=_P?9mGfOolF#IY?$;Gf6v8FAzR4%D3?ey$j#U+^x}MQReVAULfLD`>J6PK^>3SgppK3$Rwy&Pd zO5;Maa+j9TP}D+Kow`lxFyzY2LI{$Ue`A-s?)yPY@-8D!+6^GUW@Vc;Ee z9UZIhCUAZ(&$dY${6NSZd&85ExV*T8zzi{Ya;J78&?1#Q{6RA5ZQam2>sF zie=b~fZGR8M^ZW_#jkugg>Q=7ZDN5stX@(kkVM&iIr;t7ueQaW6LTmG{eyDrw}kRkPppzMp=%7=B;U^}4a4&bp1(Yqs|-mnd4On{7fT3EtMO%(~Ct2$gUJ zCMVK=3o-`3v`ER>q;-s@g%E}713T{0mJs7E*)@pHbz zIvSYOA}Yix*~ZaONi1+e?tnH!Z*R4=&|hv+I}?|?em4w9S6&$Li8jEWcTeLd+zs`S zO@-4CHO5C{28m-KS(P1T3Tx~J z1PzoGqRurDOPB3U=@AwfY8d}6T{~p(M)YBXcS=UraGJ5GChLa|t4ui-D#b29ktBIc z&f56))rU==ovfu$OS+;s8B?zKTNrbF zFusi;?Ab0s}+|gch0C^Y$^5$ zX!7{}{n@YO!&GQ?KVQCCp>Z~+=UguL6$XvPWS*Z3 z>F-N6;tRXnK*T}p9!8~TTvEJ;FiMwX!})4z`;M8J_w?Z!azc-g*{UUC1D8;H#c+FX zA;pBL*0#G7QP9?tiYrNweayS)8dz1wICvx{KwqXb@J3CGxz)r{nAtxRmuWEc@fsK5 zE=bor*o@m=yoC=blJBoJwEj+B=JgT%STqv!wT*)~vGCMl!w3-k@j= z9L}gFnrMZkLOi2Bq*0munwe77{%m9FLBo zi}Xz0DR^dF$+VA7{CSX!~{J2XK>%s5#}@E`(S7N!q_1cg{wx4fFpR$Y6O;3A_h)9N79Y*whaB)fU{VCBx2ZRRv9t%mNtr?~^R zQy=;gBK>4<{{DmXuS6#_JC+%+7^7Yk6MnU-5Dx9?4QMzgzqgKGcw--Jh>hJoo;jF& ztb7Rs&-f~t*Um!L26Uvx_Q<`@)IF#+PRf&%64JJgtpbRg?32c~2N2f5A&Bl;33D-) zZrGb|m(7xyX zkMCC}cP!-Xc^mlk^{j}tCUYm>fn~g6i{h@xTu@sOw(HxjRA~Er(xzQC zr~SSjt#V`Mx7C`T4_PnVDjLE95S`Q4{VkZHR?WFnojXX+o5=AI9`7A(-5-Me-VU8; z6aV&3N1xmm_NRoYfxajJ)%I~grT5y-;oXZP$1}&~>kR4d<#NVSY58ovyo=UXdzX6j zcu-E1_J@wQ{re*aIr7pM-~7!e)*{+VXuGawEbRu_SxdQTBJ5AxGoBxR^nXaFz4()M zZ0hzi^vetj-N|<5NxUC~-x!q9KAR~tr$PKu>Nm2-%f2D@M>sinjenhKnCewcOOIcL z9xTj4WcSi|ICZh)0S+)z1UGl$0iwq_yVc#7ffRw^G; z@7<#j*sBQ`3(C9OHdsjZd=;j${XD<;JAWNxl@r(#?g)qtugsRCmc_qk~Ao(nQjC z9vRm3`A)#gp^NrZk`tWyWVsYsG`UA#M_}}MO_d>zctSw1(g8D4XJC@Z+i2wDSfm7s zg)9jvHUf(nK)%hCZ5q?;(=jGGarI#6j5A!FGXQP- zLN<9>#^--!La8r#!EZaL-`=6gaZ+e_Rn|hqW{Am^#K6u^+2Rh@2W2)Gq&WOg9NC!B z?dd79L?J|)d^>Q+qKV_ZQLUuxg~7S=*cmz4iKXuigFUUmMjUtJJRrc3=H}MS=WLO) z?2`D5l5Zwr4!m?WWVMyb(v?a$gn{+4jrWX~FUo`uL(o6+XKO{X2s88<7{L6KLa+eD zn3O<;>>gojIUXY=6R@H1TB@i8_Jz7@F!`Tc){v>xbB(T4yVp}|&MzqFcrN{B*+aWT zqPuu7Cm&Bce_>_mGEI@~{AzMoY6t^pg+Prs=XGrsZ#`G%3glwiLJHJ? zPT}c)zGN!pN%-&i);X?`u&K|!I{TlVoKT7}*QhTn;@r~{EAlq|bA%$Vm#?fd3SVCTC~lQkwen*LO&4nw&y7YUtv@gP9X zK`f}xZ+CvSe=RqPqmlt_`o&$2lD%lD0(OgFU<@0vmo-=*gvkLj?r@i3F1 zCa0dU0%hy%Y+=A^kc=b*(o*1?+DY=PZ8w2CB|IAu`(IMPWicZJNleFwi%jYn2ip$pvQ;E|5NHlMb7SbfY zPubAEv1>v%O1gVxY}er7155g!u=WxPZ%vtHEgzd}&b`%`V|MDimRr@ho%c?S*K&3w z%hYUbdp`Ixip}L@UIDJ)r(n&#lFdM_z~Z28bW&2w%agCCVl#DZXZC(9O2+wK7+~17 zl>V7DF`596cD!qmV%<$h{mW?#^*sCCWqWTH2Mi5uAPeoxlEXDRQ0un%hMCxHEVX#I z7Le>VuL=22RIT<)Q!LP{GM~*k&+68UlMc*!SzczIiqZ%0~jndKQLR#^UcS==r`EPe3oQ9o2db3>i3`&Z_g!p zo!tVNnJH~~r%_Ea;rUr*21Oj(VGDJMzZ_J(01A&D$`EON~+ z(8hoi%k9jk_PKAvMS_1){1hWzkF5PkQ?*S+=M;E(D&06x4L=YCw_yXbLTM*{s$C?D zkAHo*KlLY+hP^A}_Of7%PEgF9r@<-8021KQ_v;)^W?{4K<2O@Siw}+8nzAqD*a(N} zF|Ja^kYTB4D2W6XWVtO9P%EhXBi0gtF=ovBd7K}lp&IVSSl};%j=%GZ<`fs1FfNwf zw3^-;RRRF1y_6d-NYv2;xk>!loX0L(CMouEJX~eN7q-NQC!aYd@BT!z;E)r2Nl`yT zDwNNi{ZkQaE7B_klVrFVmVyHJ*!nk6jTc_H8upk^3fu1buIh()VQhw_fzcVGf^w$1 zbbRI8%(HOUQV@kdkOKD!ROjr*kAl#l3718!gsHGth6p}ZcCU85=oE!@19G(M%bO#= zZ%V%_-L+&mdCC~}Gvwb>N!kz}i62u{Shzm`DNcO+H3D#xL}kUx6ny={`2n|W?@{2p zR~Kmo_y<2lza2{wD=GIP&d8ZU#qk;Jt6Bhx6F5SPxACH{k&9UTM6hO76J#gt-tn95 zRKcslB08m#Beu@SyX_{|eyR5jz;mLvWr2?-%d!^Bimr9tLjYwaj>5va;_L6aCuD(; z>r7SvL!-#G$MvfImyc~xWXuaK`@cP z>3Kkabe^MfPqotZZ;5vY!g)Dp3 zmvJy@l@%e-lUjAwu8dc&0aInC-#itcmNXAXYd^L9HBfg84Q0aNr5-~kdArrG5`QwH z&Gw4kMp2FhBW-~mWQ1T;SJn*x4-v*hgsG7cJY*mUOQA-h!jdSRTLJfFrfarVAU_fC zqsj!MLd%jTci2i9SgT!2LVW)AUSezD*rz(0%oAU!!FT%T#k^AZMtS<dxp$eKJfaC#Sj*ZqZ-ls9^U=glt$&HZ=Cic)Yh;#91|M=*w z3xvVLnWVn)#nN$eGJ=8(G%a{xw#6Or@a5vN<+o?%w&uU+ax;fHXcumPW;qZ!WNKV5 za%;w|sc5+Nf-V)~?g8wJTgSFjF~&1_WiYMu5UChsW~P77+)~$Bwp+3t1W@4~GXuJ> zR{syx>_cR3e7DoAc$+DMl^rEFR@hM4ki?e;;8kihtoE-`04!eOY~)im9H!Qg(j>)9 zSBi@Tg+W}V;y}tni~m4NnCPYMvT+GC(EnnhyM@ZH*WFxovSQ~B$tE&I1|-Fc%;AOi z@VG_ItuqlTTd&E1qm6VJqK&3*!w#QCE7=k(&z@;hT&BL>h*h zD3<@$xE8)KgN)DS5g4!=6hpy}ro52Y`ZoNM88^%-5oeL?LAyRKTHHNm*bAUZXZ3kdHf`rq6JO$ zM}M!3Z*QOL1><}VJu)Ec)k&HiNdWu4nIHMGpqnt2)}D$T(cdHmN(xqsRdqp=1L>5FBdB zsLGK9B%C4~CR;U@!X%-=g_EtG$ly|qyy)VCGYT&#>)v1R61?NNusQhdbUzn@sJN8W z?Th#td$%k+a{Jv>_b#^@H;X^JlhbT5y@8I)Bnkv0Ai2*sQsMwWe5>6vUnoGSWwp~~ zIx$3E-(1|L2j$ciI%BhL{Az4}pc!G;;5-taKvk<>+UHamqwAHd-02+8!l~M}C)?$c z&aCG@(}j6CnImjnyfdF_AR)%JIhO9p=ss6=GwkzGe>XT8YA9*tF`}TETW^9_n7Xgn zY|%b8%W+GZg|b@I`<=7%pEEIg zIiIVn&=WRBSR`N9ZnFqC%!lx&#x`(6GRQqt1rv9S!{a z(G(&sK6(@S(nS*=9;;fDm>O+`pG^2T3!B%)-A%v=Lm(~h%)x+%Q1>=$2n??5Q+duM z)qu2}368dTx-I#1gMUx@S%VV=yMmye)ctga^@i%~S-M1;ikQERmv@Q+*Tnk#;!_u) z9Yt$qje7V~D63)on=#*3H(nHmnW*d4kJguY2O%weqBn_iP2GS+5yOMe#LBvrp@H> zbI(om26Zo$8me?~4up_IUfLMQ;#$L}B_ocZY?aKrq)F*auHk@}*BsO6wfT&cMkh~0 zR^;@JYmnow3iN#EResNqICS1IHsT0R=<4R)?F}O3$8YlCx-hZXbVNcS1 zf15G{>zJ`o(3)YV6_Xu-qwMj&b+P65=)W|h=~%$^0{=TYQZS9vVtyj@HZQ2vnHMIU ztc_GQ0?!MeDPQQS%b@vL;SvE|7JHkZzQ{C`8`?x|jvvz1KJdLr3oPZ(%0l0uX z&WmCGDgeSp`6xatLLhbHmxhWoD4K~Ai6}=6s0q7e4dz|DBFoHBqR@o64Yc5iyq5OB zF?HrcK@g+pAWZf&r)X)1StTL?;S9LC;o9quwBoG=k<2YEbM~ft$&7=tUQd$+q@FnG zLm#3G(zb+X%zsWh$pH#STQr&Du?hEu?`2m6Rx$mcgo+%%ij4)CUuzKayllQwl`d_I z^hY%BMF&-@@@p`4)gu}+j94?ROr!%ZF$;_{+sre?h2341)DMs!^S{>YN*{X;d>x|= z0n*jo{5kd7>AyuP{^5$td~0J7@yC^+^31Or-a!nU86b3I7no#t+ygh`IId%H_S9jJ zS+XBXY*l8LTlO4dADr`fmqaOD$T8K)Z=50Vg)FT+yLvX`wtB=4h8o%rH~$9$m= z(q*K&-X@X0@G&>UG57c{X%A@O0ws-5IZ$2OP-SC<$%zsX(SakC`aS{oyQEKzGd(yyqdkIqTdB7h`iyBdU#ha$j5#FiF#}_A zY3B2Qg@ZPE*80MZPbXd6a{jBMpP&ILFO{6jU#*OZo&^5W{VMiHoOuG{QI%fi^${wq z^wKVw1ZnRO{_Oj`U!zS@sHQ_iP{i6;W@cQnH!YtkNn?~}Qs^nDd}!v9@{>eF7dYXMtIB3%O=!_dRU!kjxd!W6Il=G9!jt7m~3l6_XG zjZikGhjYz*pI^}n&VTac-fh1Kfh>nFSI2aKuyIOJ|EE^Jk^!c=26l1N_w=vXm@rhu zk;*jw8ls9#UVD*ofb97eqLTOXTsf7Vstgc&Inl;JVD0Vbf7LXHv#w0ESC|VgZBLqm z7k`CA7IjThAJh$X*Gul@a1(hg#I*n-0F{jphc*U{$dg&=!;Fvm^`H2i;%KJVdB6Sl zWGG^7^I=8!2O|$7fyet=1?gCFs4X_*viTI6Vq-x4Vq`Qa4k!Xi-)^D+z@*y{4rT=p zO%9b)g$t{j)X{zp6_`RBd371`xj(R^n5%O*O38zlpoIjX%S{pZ1R4p zvs97rmWTFSK*8UQ5B{tU8_^FV!n8i`1?s<0g`CE+nr1*%s3*%xyTPxt2>v*i>%hmk)1{lhgCb2Lf_@1ul%O!9;- zgJe)K{ge^M3zrbnVJ4bi#(V&fEHMT`iaFkmp&@}@VI?EzO+SKZiWu1%I&KQoKN_BR z#FHI8$%2C=c!}R94&qHHHf5m57ge#yaRE(j!8)l?CFfZ}aDwe#7D$EQ#O5{jDF{|XIHqKg`A;+hwwm;xRdS*zvk{*c-)WG2C#5VrUPJUU^A5@t382vS zhiq=8+=Az6s^sC!1bybOemg;iMOnP;SESUeKQKa{WsV{aXHgVdwE|h+6Ts{}UQPl& z+ap*T(;<1`Ws^5qQ?gq{vQBe(bjW=5bU9jNkTf=uw+Ix$UL2_sBSXsjHJRY3%v?1A z4LB933NAcmrFf=G!8xC~BUJR4GL;)>pp6Cv?1M}IIaf#?H4@m(A2d>wB}OW(_RN{y zD`>JJdMl7apbjyL!A&mcY>Fg1VBwSABXw$uwC#a9Fh zy#tvkDyZ3qTfigY;DT6unTIH}5C^sJFJU;V*i*tG(_bJAw zz$T|zrN6U@D#eEV;72J@5*?s>m7I?A6>lSm$2t^N0I zDsW^eH6=Yz0g%injf^RxQBIhFN}hrAGV2Pi;sU*5oYNk3sWF0Ct~R2nK0+KUJfCZ0 zL%&U5-ZuV7Sueb*u-YXR%-B@-{Z7GG>k0x#V@+c*8U+;Kz=kz3I}O*4Cj-n0wX~g) zamDu%ilddie0)`O1<{o^|72IbtIWC4sLFduXzB+k7B+_I0sec}_~jR%Qm^T!OH=&- zQCZv|gcqVrq6nRb?f-7-6mR||THh$fY&ah}@Tz&}PbMW@OH@z(n0Q`_xGo^1?y98K zPAI(*TXUN#$B-TNqzT7Pf-)tyu0J@Qkjtb5&YS>VbT4iWyi+Mz1ar<1T3eDCRea z?r*{X5ZLb7Ntp_GLDj$Cxtj)-3Iza8>0hyxDdwkjZ6+-qzLdbHNN?dj)l>%-3XbRQ4)?SKhJJ)ODJ{N+Zy zI*x+!G}#*1ho7#cL<8f~x+9YNQkwf{2~a^SWg3}6NVUgF6(*LF9G%wh`?SAwx)xvz ztcdE46CbFy4bMA+rVR{euMgxP+R@~zFsP^ZZx5iOm&jR8+A>g43^>A{atFu+wV2N(+5i&)ejVkSHZAp=*ND`(yfJ)wGD_&0e+|2a1M*}lG? z$K-P;79g?v{3_MbIlTlc5zYd@Nkr6Ai>ObWsRuJ|mf$nhj1<;A-B?(&GnLuakhkQ4nYKAF4;a)Pr*0*Th6-Fj?g z&~jxjR~~G1I-0oQ{5*stAi)*>Q7q46qg`uof^M+!$=?a%^k)?klkBSW?&&W@>t05w zJ$q);`RL*$jPUFVJ6oY@5Rar6J9x&a@T~M;vTQ>DVhr3erus z1C09|KFv%~wZ3V(4LA{cbB%ib?BjC*dmvk=HkQ=C}?)uji=(w93qJ(slYLwH6^{XDS(i&qYjti&LDMGUmKUr%; z@$MDYb2OD(KVK3+s~ki4UHQXfrq*ZsRT(Gi!9oN05xFCr5nik;Y8=k3X2lDFKo|<_ zXZkun#TfUSs;{QTCDJyQKFp2}lMnKD+nmt~X{ z5#9mdpx4{8cV_BJEClO%HSFZ@+HVijv3Ay4MtzwzsR9Z~qDR=ILQ_7l`I{wzsS#|+ zAB*7PY@@{#RAPMD5I`bZZtzMG9e@T0_(UHy)bW34j?c4 z{i*=o6pzn)Zr+r3dYr)P%KnM>Si#^+615Nt5>Bf#NW|gs#$2OSi>o z0?0o(d$fPA{8=-{PnCguPpSrV1Mp>4<37-*H$tqGsG)lNBF$-Din-^&312N9YeN88hM`I*xMO2!`a#69H>` zB<;l;RNRNYM>9ROqD(Q$6!vJ|iyi9lNKGt(Q6}P3!F3}#3cic89S1~s8)(m&meOs% zq53(A(Pszn_g6>r^htp~SEU9Vx>Nr5#N7fm46+1#&^{fZZ67?FyYc0PhCK|(`fyC- z`H<=ig~T#jOCKOUC5fd{Hujd2f?(RRe>(5x~)= z`j+h#4h(I$t*8K~tb{E*XXtz#{Y`ueXfU1t(;`zz1y}ypMxo-qY#b5X$47GvQ9p3G zb6Wwh&6?QPBm&um%gj4-VBY-}eD3CxZm_&MwnUv2+aK0(e6;Kq9;7S7OpRDLvdJ4*G2p ztlP1Gd8R!3ew+`&4IAb@Ex5%rhAp{5HC_r{pUZJG%=|n^{Y?X>Ri^S4cO6*eUtS$s z_P(oJ{T={XF}zrQSCiUxa(hA?^(JKw5apg*%VGn7@FIcK+J=YmznEM*TY9Jo?o$4owPmSH=1j?hOX&S+?V9KkznTmt&1iqP ztN&qHiA>`iQm1YXi05r-f+8eveGk2jc2|IuQQE$NeA$T$#|8yj32j%!hy<7@nfj3p z72IR~sh;!$Pg%N6W;t62#k)>4_x!gw*QcEWoJxJR15>*5e=?MKJaf=(p}idz<{>WfQsp(a;$5a|W=rf&n^r5Ca#n(|bl z{!18vbOA7F51n53v7E5>nq5cKIh7~gRH#bwF=`xWx5`pNCkvcX@U~QfBa%ZSRBk|J z>kD&JZ0(R+$)EA*H(b4i;eabnwld}K@_*DICYw_V2__7%y9R>^e6Se8E$183WQfar5 zOctpVcn7z3sxH?t0%hJFH!GwO)+CH<+9}TVkE#V2-aA`u!+#PPZfd!3^*#U(61(Zv z>0c;8_%k2KIod^xYCc)2Ke4$UHn`E#rnwP`rptYSdGE41j9?+1=X3U5*=;mfQjO#J z-`bHc5~Jioo(IAGo;JL^9h&mlf0f>NZBN?8iS-14H>|eWH{9J>O!+yI9#jKl+3S1x z0PW39d$m1}QYothK;;I>$s^1C_-5lIaoASy@IR^dmxf_ZA4+%M|2qxUulb0&_(vmP z@$uhe^S+@GJ|^Di;o^tYeF}xmGiv+=l%bOXAxeaqm&<3xq5oYssQB9TJj5UDKMe?f z^g3iO=&SLR3J9Ctsp+a_;TK-6%EC!}ymb0A&@25JhncpgmTZ+8;idM8`+K zAy#n~r#LlXx<&VB#y(%AQ)u*$Q0_fEhiuO=CycF8eK71PHm1 z4E6-3J7U=y!_emxDkRul$Kqh#!#i${880Y&QdO+gd*qoGz^W>gg0_y*0f6Yq)bkxQ zV{{rU9&dy65+08jdX!esWmKk=oaUW;k33j`r>FMao%OOL=1lCL8gNsGKxIo%bU_CvIxbYUhe;7L8yl6cjMgae?;%l)9ctl(pfip>~ zI02=W6?CD=8A0CE-T%f$(H{UDq{<#v%N|z)u@flLeeaMJ5OQX8zSsXlLtYV8&L<9^ z`7yoVDIsGez$W66xwEk+6FQG9--xXvtJIuQ^`J(8q9Wtm{a%37i@=ay1)tY)Zynlw zPbgGtD%AS*sPP8{^8ygHp7qZpTl{%GU_DES46>ktL5p{2)gKJ0WTdKO_{N(%JLX?N zB8F3KB5XV<*NZ|u3hpa8ovWsXN&v|%WP9npQtHr1Z%FzA>`Q?A_kgTdc=Gjum|u^% z;m}soV%?)6fCN@NjWH__h~g@uGYPht!ftYu7r(gUyq@R#ykv$d2a%pb3n!yMl$NAG zr~;aDyBFt;0EfaTBAg14#!&oIc?ResIqJgrz!=`xm^GvOs#DN^8NdV9vQ{o2>KFAB z0`Li;jAlANW$OO@qdXh+@|BEo8mE$tBW$xcZZ*KMjXK&0R`F4Sa*z5+Zjal%0aRfj znHdgKS*TX0UZ4@6igw+fDYFD_QpcVd3~wwKF1{;k2MUz{3872(5TGbBkb+M4KXO}CPL0j0 z79y5LtW$)-9tqn&1`S1mBWno7HN8igTA4u23(Dka=&L{s{W(SJ&vIkZM&n2^hJHGq zZlg%GKJNy%tIO@Cc`6)a=nkJrmBa0n$4>FF|ApTl750QvHcNt#{^9=3;J_egJ(nK6 zzNbVGG;*U%R{|L89GDORe8Aqy+kjabZ@5FFmB`hIn}#NDw5FNGY5@FiqAQ=AQ{-gU z&Nj95O_xFXa_kf8>`R+A#j6B3n_;EF2h(+R)3+0TKq;G=c?m!{XUgE`K;Cl-LNj#F zG&s`8(&vX$?=g%6oMMAP~pHE?`7B6S2m9i*l<)mr!la&H^(`gRawK!Fho z_VzdR_Ed|^aVeR%d0-#bSPHG01}xpG+wXf?JPlw)0ZU3#q)4<~bS1&Z6SseM1Hy?w zR13AxLLAZ`imU|xCrLgO2o3rj^)t1_tNH$nL@SMBAmCTX@HAokcA9?UldFtE-1Osr zzbLiI*vL8MU`eOK8z8!ryj-gn2(Gl00NHzhkZ;ipDZY$oPloQNyoXPRSN&CI0Cs?0 zdClIB$9bDCu#7L-!N`1#LZ~O88zlwWmjDkUC{1R7W>Qd7bh<)B%PXpE1NCRrF3%jy z35)g5J|AYr2V9e>eat-bm_@V4!@K96$NeCeoAGc;?+pr+1SnF9yvuuD^r^>*Aiojs zc<1CfA63^qo@Q1wR4J?XD5!VsR=MV53+AIBCjzjP1nAa)cNkMt6Pm&0<`m8Zpiv9e znPyR4OJzd~A>D*9+-%);(iiS{P5t*XSM*EoKa}8IsP;MKOY@uYM4-?%+#b;HCE0I$ zOxt^&H3+AybE14M)~tel$i>@y&t-uB>ZyVYbVajEF|iI_*6UzWRneCc@n3I~!}Z;2 zaA_rVvt-NlmS)1ni}Dt*qQ_llLfsKvjmz5TJEIf_^@5geY}_~MW>Gg3i2nu+S;*)F`_SIc{=&s3|GCU_Jw zG}?YRnhI|8Jb}RTuDK$SzAi-0$77xQS@r}VSvynlsBb=|o3Cv4%ch+|^|zW0uh8Po zf;xPi3WTHq$ul#zw0dJghVfE$P6$}93e3gy?%#tFHM>Mn36qP=7G&i}R??v9`A8-P zTKl+o!)yv=`pmd&il%t#XNzf>7VK45O;;8WQELe!LL2BH+8&L~SI&Hu9iy}}aOV-o z0Cg{sZnm-+iH6*==yHOCiV{1*le+vPDEdPdC9e9H61%W7v(A#u^RX$%@it8ylhc1Z zZIaMCNI&viH?MJ8W`Q}ZDkQ>CJIu{uG_A;@#C1);D zw+-{NWb|xnG_9~eMWWLcIh{gSp^cF7qlNg>u3DEn2hxBoDm$D3EsrZ#n<}ZP%E_3| zU@3A)at6>a0B%$Fk-3}`U}A+IBRwwIJ#N2vHVm9uFd!{-GqpepCshOSNf7=!4f;RK5<&bBQ?>ue0) z9A|FV;=8CYRUadxj;TM;@b3WD@whE|@C^X;{pTV}uJ>8$#n*DuZ#*h|{3 zf1&@NDe?ge1XXDRdru(0L!IM^5S~0pnFs3=TJU4kHkI3^Z^*a;Jy^!Mw94#bls7nf z_Kle9VxYrfZ1yb0*Eg&|Z~4xK;a2Y`?3aGVv>45NlzBgb9ISjG-AZ?f`K?xL+p_zU z2N)Tc#_(+A4@shtL76AAlG0OH#cu{$>$c(23bo>=mZ1kfv|8wL+eD(Czd|f)Y>(YH znP{+q@&gW(G`IY8wgSZ=<980|U~kh~W*^<|s`HxN zpmQ5d@xLrn?@kMvYd>kdqSOQ}wcm#Xf9695uIZ!&VDw@e z<=>NJU#H_i8BCP?=(FCe4|VT=?Q_&JGL(z%|05?lvB5x?QZv+X)R{LvE*ud$R*eyF}|LTH_PgoAn+PsV3w z;s<(%#@|LQ|0H{9#*1Iy)3^B3f75Htq58AT0muXGd`fyXUpV(IS?7|H85}^c3nAgO zGQa3OS>lH0efP^cE9~eQdG)J_NNrL1t2Ba6xgQvdnn0?OR$G3z-}^nPwG~4L^M}yX z5;0f+5XdTPiy&_6r&Dt1)S{{~VJuwAG)yiF23r~H^r42oZ z9(v>TtYtT14!7aP3~BT{(vUkfyK||kGS11J3%0}1Mh+3BI_~l26b6p-t)1JS^wPvU zg{6y`cZutq2=u524;YB!VSvxp(e6-SpCjPX=S$D2IVb@TMlsj5bI;KX>Tr|QwN5e1 zrs9C8XVgXyGfVXCeJWpgiM^(T+G-Wvg6l5Q*=Z(Ea#asgQpnsMZIl-#O(+VqphP5= ze9X3otb39GUFmG4DpPw~>)$_FQ|rc>-17c0$J1=pW%giUAaS{6Q!`sY;EkkHmp>!H z?#s{5IXv{o^8P*o*6o=7XDYjp>}bIqi!EAI<^lL72FvxbQld)=-P+mHFUJijy6A`YruEQDW^1+Ye20JuH8h*Ltr z(itVKNT5Eo+aHTzyyUD1i<-K5qu?7vEn+^;na3K=5~&}l$|m4JS{!4ijp)V{+H*JM zLRHYYbQKYM+kKUBwYiNaYRVt8ai6PN{q)BI_Og*!W(`r~BqG8)K5>Smt>aBX><>=ICbEw+&6ihpU zzYslLma9)3p0#J6cx9JIe02D8{%0+tFJGG_-0$aE;x{__*CCO^6MtuiwO_ei35JcO zlx@x4tuJ$(5#Tm`2AB^o`d(A`9z}z2&eyx(!xNtLA=#-CuvFi202v5A06l*?3euCx zwz(<`x|zV~Qjg@w_N4%}1jx7H?NUeJrrj%f_G5Oql8V^ShMO_u@ zqmi)Mu{Gj$WS@=U(*|t@dARF)@Zysg`@xx}gQOC3>OX4FF)OB6x;BsDE0rGh2T!T>n;~Ktc{x>M6eeJ#dCn@yz=6SdRR)WpJ~^W z;K`&HI7yR3PBxmM)Rtd)0Y442OLJ%iTQaJ4lS~?nY0i}SLDeRlH<*Rk7t_z2G0@DV zOws8t88Uge8}E@VQryJYfPi71Gmd0xS8FpM7|4;jf~}W6@(3mnsmAprZ_F9y1dE9A zq-6}br(kGDXDin)hEsMwcV3JCBTUl?H_0F&3vR1r@63o4sf7*ZC0)B>N#@^^8MA(x zlu5>%@yi9wvy~7iLRXv5_d0l`>mF|&D5tm)&u&5dAArqRx(!rnT#EJA)jMuvPi9Z3 zwD->dQ(aP4Af-dJ`gw<_vSn{;Hn~{#{`jql#Iy4QRe!z5Fz01zVdt8gd!xsdSZ~x=aj&hVvy=Qa47(4a1~D zC@e!_GwLn?$X6JM66%naE*8Ox-3E3~M?G}@zG%npM-)rmsS)B6D=f_e5~q(DT?1g_ z_8N||9z>w*9XN;98}Q!h3JJ+^StAe#q?77CZ#deLMsqyEKsaM>%bxlP3NQ86m3}W1 zbPf%XotTgNcL8K0=pLUxD7;bdRKo-)6&C%CLWHvtKqGnvlrH5Lxp;lo7BURmmUKux zQ1-0f1yM;)L))XUp7)@7@h?wOh^f#z&Is~omk8Aov&Ze-31O5KTpyNxE&saO(5fYG z02mY3MK;!dh>d@>TNJ9W$ZcHJOvL{VvhD8G%B}7nfW6ntRlSB&96T5 zU|_Bv+22-28R|1)w&8Voj88$Zwj$$Pc95MFtJv4;kAIf5 ztx4f=ha6Q(oeu#orHD{Rpu&`_h3j%H3At-z1Wb;cyd`*5r1~W_xYNqVA`Us#s3@}dI z22!!U9=AM~%C%|TJ^R_KJ0^0F_w_QcA`)c2~XHtQCm)TVDUb8F%Y(#b+^9-@>^VhIzrmmc0%RP>ATpi(y%{vCb!Lr=qYS=(tWC z>vliuUniF;utB3e(DVna6v#neWE|Nf9jE9ugC_k&(SX+Hz-^<%KO7qlWT zQWSxu%2iA0dS?OYe~J1ct~Ms&TA9qjI|P;#Z>KD}@j0Wq>Y?Xl1Tiek6`Wg19j5KH6~qDu&X+?FT~;%I9Ajm?sHq=w>Xi78<@UxjQ($ z<&!={O`3X~pLfezKXGw$m-oLH@mK4y7R+ie zRcPNp*bVKC8ST!Oy;sx9-!o(=WAZ7HIx14BUIAVHS-1nRdj2j-?K{A@b1-J7d4KK#xvSgv0 zrJ|`gf(YpGiv|jr0Q>QZ+{IWm2vi3R9Ol7Mp96Fw)U^%3d1hKDgGN)%QRk&shS~T` z?p7la00>jh`q%&tQ%27)zW9nWM;k_i0EPt6cqNqcGDoUbk3n~=Bg;6k_GwY0cK1x} zwj<_L7|(D@%#Q}+R$ek(0oAhgl`648yNV*`05nx+*S1dRAECp70@Afv40~$<*N71; z0wjB=&aI^ymNZI@riti&UOQ6L5Dkh+&Vv$ga%%u9lN6!ifyCBl3!s;Yr=}OcT!k#j zxL+7y0#Zd&pCM!r8v}OJ0`}`qGKma5uu<1dm_&UC^iKCkG>KN|W4efJxjUR8qiklJ z=3y})xd0$9RU`bW;JTEt+#&W+3=9D4<*J;DPa;;d4yS%MP1@6_f=thS)T_>yL-$qr#n5h@pSZPiS7Xf7Dh$%duA>nst?y%0MTw)j}4Up0n+iDgs zye$S4O#)yq4rdKUoC|j zZFDBm9;%P)byi2CaDt9lY7}mv^#Mi~Y^Ztt4`Sx|wh;^f;&q&1JCrr0Gk!2yBmBKs z*wzq)%AhpC(H~xaB{C1-vyipT;o9y?Dno(kbIDz!947hnzhFm&i zn|EoaTaOoHD+FBvG-9@;7eH<|9wgwnIn|Y8bd*A-{km?bGy=KNFPLSlMK~V{n#|-0 z;{*~w8Zj?YxEGyuG0ZY^DsI*=%qzA4AS`E8z0TV30{%xN`6{8q+mxC&9bzrALLp+i zp=jGmjJl|Hc_i%Hrv3bvEZlsK;;DJGq+^&OkZbmq`17XMA`CI z?Dev_b!twWNfww9^;9H_{DCkU*?&2{oj8^8q2 zzMAWY9Ana0?3yKx6^X_OQyE!C6>-7W*%E9Acd>>rs0#*ioC2|Sggni0Uw-Fqbck0# z;Fu%ISAE~bm#?d#aJ-3FiXrUFx%Kk>aqd}0Z4U$3xBGni%O=Q;5AQyZPgDE86M3(N z6DZbcBA@qz85sj1*FC`V`@k+Yh>J(cQJed*vKvjiyAcvERnXYp=BF=Y`Uf89kK$z1z|I@nM+P-7lqUw+^U7aL|E! zU5@}NdaN(9LGANAj>_NLHNFpQ^rD%^BDTT$d6T_{cq>OB?>1i6cX@e*w*4Cb3Ros_ zUt$H2N<|m#Wp02sNuEY~Mt~_}DI!+zqo>Y4QvttuOHeX*WtXT2So08XL;w%qEpQ>p zV!0kJFz8WAvR&hzq%72;$Lshro*TBDe1kEQcTuh#sN#VK-UTI3qZJ0*sfsZICJWhZ zz`2)i`Let@4vdVuy-AHb+oM3_+O7_R-^V|@b342pGAcfWXz`vDYfk8rTe4pdG_c}8 zyxk{we9u22^?zaq!Alv5SD+e~`Ml&yXQ||fWiO&X#0=^q1o zQk)MDoh$u<+xKov`W3W$S-L}%J-`YC2Vsij>t};jjaZid@gU%73%rt}MZA4(_B$=d zI9PQe@Vdv*OqM~B0WLHIhC5>%+Skj64W_Ukr20LYF9GV9VCU^zp5B4x-u1fwFX(>m zw%z$*u-H+^yiZvBHkllWUVUjkhP6mJ5=DYbdyb~c$O!jI8HH|Asv@P6`Q7*Zmo58+ zAy`3202Stgw&U?A5@7J4nGwy3Ob?o_2&!g+=vM+`dca-2URknG0z+sv#mQ5Z;L!I6 zw5gDu*gc~|Fux-RjUE!HJSiOv-sH#26OZUcKt-|oq{7d8g)!cg)D!m@8e4-#)gnOS zM%i+gm_qmi%Dm*M`qRdq5F;S|AeM{-B|E@PRMXu}5Gn4Q;fu0ga@hly-}qUMdl*F= z_^aUAP&j!VJ0&7;qy0!{GJMkt@AI$s{XZ<*f|gwRYL%5dx6D~T{h@3I{vR46#|dB~ zfEW`nLY!*H?O`Vr47vaad9VC7)vrg?MZ6tq!T-hmGALK&%lC1=F4+{?hd$QZ?nVGN z4l0{O-%0tN@Y42^t23~C@$A;Y7k_VXksU}idzI}R6o-mJGBge%!gf;u3^a}-0T>a$ zyf_9cUKznR7|}EzQ3SxFF3f@+7(*|_0$1uiI3IoGG7fyK@)m*I z7f0a)V0b=Kv;gTV{L>c|AFvQ0Ob*5`SG>G-n#Gl}J8U)1pJy=E3wF4~aph4%59t6u zzWr53lb^ASj#w7VcHp44o6P_nJ#EwXY@ld z0t69YD*h9@-uI_`k>AM`cH)s16esyQpF^!qIPOPkbbL3Q1m3+F>`97OhR4YhKf_;t z*UJTwb-3&2plj(40Z%LgpIDQU29)3s>}VcdfF47+iP1Q`h#qKOuh=S99I% zBjQ;oLzz`0Rpe4Ao1m1~XbV4R;`4aZ`S?3u;w%1($B6%QolNmI{@E+FFG>aBjR3vr zzi;@3R{NZ@zwVOHBHKG1bM+e|Zi35Iogciq^m-P8^Z;8Qrreke@DGC+!A>6D`_DPz z7K?af^srx;+R4)f56k&qN#gG+zQkiXg5{}h<6Z|Re+hN+yR5rs*C6n)@s$$%5UtY$kR^TGw+y~Xkx$!9pdc}DR#wQt@HK*<6<9(|8bx6V`)e%ee%P<_|LNJudu;H z^20^r-oc#@iBCA<1Q>6Vssw(QseBU+$YWc;|2TD#Lky?Ae*0`xX|xwF(uhex17#|c zHvU{UC^bKw_;<}dUHlMi8W(=Fde|xZcP0EzSj69p`q+Xv*qUnKaY|&8s@qa%^4$;5 zuZg=`8JCSHOPcGHK_HHKN-Uk?j+Kbt8>-Rfp5lzLPme|z~nhuLtd z0LzlcE3*B`b0m#Ll;qq`1%Y5D3xE*>pu!%djAU49$k8vw!-Z|5^Kew?3w{5$;h@z*JXj*$(J>TrM*|6xMd}nVkNA|zl0)1Ym z2k$oD%9Ro2BFJFh8dzVOmP4^UeR0ZXN@I|Cg*up;Tm1dscjM2bYgVn)jW#B9+m#ej zLlV94uot>N=)wmgYw~eKiC(5iZ$V>wr&*@DH!eB7k>nTQM(cO65<&hBvhVM3KzXoG zg$j;HUe+{9di7C$!!ux&aZ>&fTKCR>+UG=zD~T6A0RRo^Z48)#OtVD9jCsh^sTK2t zy*8PgQ)KrlA?-)Bq#N>t@|LEs3x^vP;<@8`k)L7^^=oNde&^&^lK1(3`b{jeV1>BM zArqxuq*|3bBdpV($%qAVYr+_rb1_OuH##cPP~LYT(pYEsVx!0~Z^1Zaph#%TW>aZ- z_95d>_JihUTRoNbT>NSEQAVBXe(6z9cW@bTUjC_ke&;2Rgrg~r9kP{YP4ZY$b{dUq zwDf33A>y$fkbJp0j}eeS_eDX&kph?GOJJ@B9uB#2>sYe0=Xa3e=4juhtu63*W+>ag zg9i=)--%XdjW~LmVk91UIV1Q zg(Sw4bk=Y@-S6{K`PGUIK!;0jgc54+X~@;6(M!K*u=}TZuZ+bbC6KaMuAp-zMj-*O{B6F4W6A<@6 zvIr;t1utky_gk`!U05dbx-w{YDqOZ!r@M$MxUVX_rbmYs@R->~y zaoAMbb+w=W^rRy@f{$;_^QLO#i0|XbY3h5R-_ksx=6{A0_~B+4mbgM*>-S7RbuJl= zHMr~yKLW0{lNx-D`{U_>2-U7;3xNeL1rVaznK5B8kgg5 zku;=Qu8gE2ozs+SMGPfs(#ub)7we5s;*{K-<)es)FPY1UOn1$|mFblb6@+dA_Hu|Z zf`Ai*(?IB^*x$2%@1JzVvX`x4dJk&=0s)@D^-X?;Ys&-Z&k#B#G!RaNG3)ow(gaQp zDfL##IqXQ?T}u#Bnf7FOz0N3UNSmf!zn0^#wz7 zS?|r|IVCH&`G=6(Ukh(4A%w9>FiJHwCq2S5emJba_}vDTkS&&41}*_mbmV0y!qOD% z5eh2ScM9X4_Hr$FM9Bg5xy=@H#AQ1(%A_b+YaAI~zq=k|Fyh7joa(`i1xb=rj}WbJ zfkLKRuAYn`*EV?_HqMJdgs7t(GesUYs4p$zII=-Z6ry>7spt3kQB)lNwqbfvQa6|v z!9Wof3U&`6YUC{atT%1u>h+vvN+P8iPrp`g(is3;uJcXu@wDKEE;w`{R%4&1m zR~}kw0ay-1K1}>-C@e+V$Dn^ZEy8G=N*YGNrCO9rv2vi0 z$D$5fo{;D!l+|z@TdXlWlyhEctkYx8t6nNIJ2bLypBmkaL)3Vab^@H!m&R2Gmr$))X)=cEX%29&3)TB?f(avGDC{R> zWzrEd`Lj)-s`N-!Yt6*{M`^>rm2Bw}D;0_ACOYqhdSzJ7?=aO7o)YF2 z!KW(OQy-nbrHsjJ(|#HAOfvl8WSU2Y8?`3X(TR3ZdH873ScfL)%Go~b=mAyRXB*B7 zkERsg=PmHC@WqdBXwnR;smt7A5(qmCiH^bvb=&EGAqbTPbt6n0kjtHb!p_I zw;(kUmDQ12YF{CELK!V8XG^YFd%R&~m6OLOPx z+tQ=?8;bvO#`jL6m>}2u7}mTf89v0$2|uV==eGKkMtX2R0^bzJwB*HVwJqqR8pGC1 z1aS`g?0t|`x3qFkmT$!KpC?cT+58%{JmFYr%odva;Gpz4&916>I@1U+DX8@G4;K%Y zMjGx&Oet8+DI`wAU4M)3Stph%hTnG8zc!yVrojWTJP)%{eD4of(LG&O%vcxAiED@( zk8(^OSKkIQT0O7%`Ak5$;PqluY?@t+@ps7&rf<>CpaE9DQi3DRYhNXIR+;di!qJb2 zi3wWGZw1#~#w7*jj_vOx+>?I2^$~E0N*toT!{84^z^H#0Y5%z9uHA=#L!`57K7ZL( z((tC(do*S1)>wwC~Wc50mAx+GkyXNu9Ki{t5yw6d|sA;r9N8MHo?(Jyq} zKU16D+5Rc9X%;(66Y+j4LRUpumoWl3R(_Kjjq&RiC^W&*P19{q1E6ROwIfJ%vO>EO z9JK#Iy?FC4^~Zm!ZiP&OOkVk{i!Pry;macMV$KhPcdTW&-U2PxocdEZ3UWqxw_F!e zc*<}Um@4-=%ZxgJl$8y<|06A{+1opO6h1aIcio51XPTaAq$-elJD6MInWc0Hf+=tlg)JtmM}D;}C;EQ_tc^+u}NC1#+1^vzlUK zNTR#MsL^XYyGn}rzW8J{N5s(A01}GIhlL|x>lYUWkOaJ2Nn3~nASt~2JZ=PV*6d#j zGExY!j=B9atWmNOws#w8X?^p>ZI{Vt@{z4!ae}Zt>&>>mJjIa)!U>k9kvnd>?=;LN zhMT-7I=yJ<^yp8C-K^7w2}1%Hl(#yDrLl_Qg6kST3Xnvk=zS}vgVCkgWx$T}S751$ z7?tg9%{4qj`=+u%?UpA#IJPd>&8HP^DI&zm99NrM1TsnW(Ldtm=BrrS%eattyU;DK z==I_AL|Z%+vK$t&I@lA40A6QC$&}uF0u=+od;uYVKh%KV(itLK3pe7-{_8dXi4gg@ zYyKyztlVT2T0isDH&7wf7)1Fxgt6I5r(X-5XL2tQDfP8WvNpj{LkdbFs}@g9jCWt? z3M=us#c>*Mi&D++!Pk5yTp>nELpRTA!2tjcSpA!IVLf;~o5wT|oqu%{mp;z~lUY_wVp2!Rp-)OjM(QFUr@=^Xl^mRVpuAFy-5g$4S^D=1yU~% zSpxh68jsQ?P2py5u@bEu=lGR^J5a{3}hI&h+#OJoHbI?W$_85+N4Ks78(m(t@W_E>`zt&x!6+P7!7j4|)KC+6azhBA+X^ zQH9hn{;QUwRX>3V0AfuS$OlTE>)rHua~I(4yA;&MKYuUbldoiLLMdR>Oq2n1vbl~Q z)9`8FJ26@rxmDojP=BMykPDL%l1tNU5_ZzMU?xMyHw}7soN)36?iQQf!aeGn#)rsg z^s3*eeaXNbm3qv#rQ4X>JdVZiw~lCB4Q*XW?XUtF2pENPoQe-#m={>c8#3J2bPs(H ze|+4o*UE+%_G{KBlx~h4R|I1Z#+;>%d;KNb#0yfSr>yd^60BdVLZ)$xrRd^Ey{93} zO^(v;JW!s!2Sw~bg0ZF&uLnS3VCxp@ur}Cr26n}DQe9brxJl*cb1;09trjpCD_-kN1axv2q#i}QJ?&b zV#+z!hFASFH>ew{ny#N24w>aHT%$WQ;X2#7!69`<{OBx^JRQ6c2c)?2QHgxC->#qH zC%c2huodGJiiba);S^w}M<0)myh4u)#sechXV3sixX`uC&ua`PpT$~&t47W!PBwqF zpI7K>Ban$bcnyOR*2ww8bMs=Yl;GymM}d~0-)+x>45DP*Yj4Os-Lsi3X#%oOUd~pp%@Q}arU;e6)G6KN)$9 z=T;+&15;tn0_?btKkCnm1_A&11uo17b6~=$YPTm_@m4?A`7gcLi-#E)@&ChIOqdx~ zuvg{Szxe3_@PuFYSPP@|>HpoU~uIZk%JGm8~H) z(+mqvfI!|?(zDEEd{WEQB3b-jI^EyYTK?{Ah{MpnirC|hk{$((=e(!4!%9%;uQ1?M zf)yo0P=4$~Ts|P(U3FQHKW&KDd*|#)KyoNh- z(_jidJyHXAu`W)BR!T@VRz}zH&sVCwI46e~culPHW;KgJS69lie{#&HrDtv*o{6~N zyyWmV-^zLHexcX(^L!%f_f7ItrHAaQXsVr8+?G~Z=n{-mxh)jopB2LT_1&Rb`U)YE z$Hg+F`6pPfBj3y-gGrZvy~n{@&N2L$DjA4L8)}FnhiDWo>tkt_Y?W#N$NBC2nM!W@ zQBj*ekd7ca+o5RT$e1Tt{utonyQ#5h;vFhI{{y^68?*a9HDLWX1Y)ha6{p^GG zt+r3u6%Xy}3$8r8`?B?i>}{#@ai0UE&8Fc;z8;%z_H%98mEx{%Qd)5?Nm?2Kwl*ttl*fyB+x1i zNqqcL-P=r0H^_fP=;w&hSHDvH)8S7=w|o_AKeHuT8BV`brek#y%ISZwT8uDRy|~{- zl_siith>44q%)a&M#re}*i^387JcDP9sDDR#ab_2+zPGp}U%R*ChInyRhO6XvQxSGMQD z$&+u@*y(>iEP5a#LiKQVJd&=w_ZsWR{f+NqcD3_{P-tcy=|O)Xmi3g#93h~f$TL{j zH%R$Z5&z{?gNHO-yc!>dfBI&z`BQ~MJ;shgwTpAvR+|pmp;4QDX~(NE|NbfDW>uniMynGQ`JGBj|ay2T%t2i`= zy9~z-Z{j{3e(?>kaS83ernewWQfGw?geGcy?M5|9-D%ndF5gtT)cCtB_4&}y2*Byh zjRMHSU|0)c~2P1rj zJFCZKX^AKz~h=5OX9pmcWS+pK{%>dZ?d>CcrgB271P zjxTQg$c9N}N(b`%mrdeX3!R%(p*4hHd}r6r**R@%yZ~W#%_jl z`^LcSCi;+Uwif5;#MNfI=j<(p9h~dVzVWM)Ce>ncUKh8lYj|H)BdnRn7MpBxc?|{i zMq@;CGk)RL&WYoKQ#NaOMg*IE2vbVF5&Nx31?81B zLk?RH^_*wuYQ!9=+c==hl9C~2VMk>PcR7a>;lWYe7t5+?6v`@FNH?P_6Gn*u7+~9U z<_Xs08j&&B6n1B1(}AdGdM7n4OI)8MOJ#D<{dtWOS0m<25kWIV)j5kE6$`8NXi?1G6W0G%1;>a`m)kFL`uuMAVa=B zaJ;#mlI9jwQdjI1v$d$iFT7K$B7rN?H`#m-hdAjC6HqwOk{D*QT{zLhOj5f~!5jcm z1B?3h|5YjSXqC6&^u(#Faw@V_5u3m7txU})?7K-~s(+s<7G43^x~0MxLStlT-WCM6 zThvU6ksh1KC)*Ca7Fm_%Hd09$wWHC5D$7rp>Uf&vH|0ALEX{)LB>M3&(2kBp8{ZfGBor`U^!F5s3R5k;(G^qHU z3mF$Nijw7Q^PFrppAWyYnVfE77rUI|OSCxLV@iA*g_K@Z?8f@{NAse z@{$K|Q@?w0h~&zeoE}=b#=j%fwQZv+=3vBml~HuZxQJWJ>pH^+t|65>F2| z@yDdbs?#68=~_JyO4dDyY`?O|pGImtp$Y0YdHR{&Q0(CUJnU{uRe!c3L+AF_c8s1S z@kdvP7>UGAs&SPSd&?Z5hVy;wjg?eeL{TbWWArrmUaJuL{M-mmj8ppjB6>=Q^|QDa zFWJ8sJQbBj=qG#{HYgc4%!+}*U-!drxQw$^Zbk#co#)flhT-#v1d(@={4!hADg~c_;O4Jnf5~dJq{zeY%Q;o zM#H0ij)l=JZ2{I%L zhY}B6F$>rTGm?1y=QdQE@9sB*R_*;CrNbCSSmvGEQXg2J^qQ5>>2rx8Z@3N3>8PD{KTHcM-NUDc1-f1VmSC{`c-Xm8mU=)_EP8=ZdS$y#Xwy?pghiG{Z+ z!cQUEHaoyRsO9=~aZg;cL^dW;wSTNRGyDAJ^v{jAin)>O$pa5$d3P*ShGUGa6Izv|oJ>p1svK{a zuv>j?T%P~A^1rh|l(>y#Iy$>@p;Me@d5wt-HGsA_;W)%8Ajj6{bI=D^8nS!jiS7^) zvJU2P%y8*AmSB}&g%wG3W9^-cE|NlHTX?)B%){pt`r@8F-oHGSdDVQq=EJt^&B8!O zC9$9O#om^|I-g#6!LSa6Z6RP6L1`i2QOvARuKxhFGf5@zey8H+zzov#yewR~Y28ai zvZ6H8mblQcD!v~z#>!kLWi+Si&@BmW4{tM4&RgX3Jsfs< zw+fXToq2mEiRTbi4m8&rdW*htth@8q$m@Eadjz2qD~&Mnd4Tazo6n~E@r?d%{F|E* zXBV$XqMr(pCK-SmM@8sgV}rd1FEWbI(er(tas#A*mRnV zCykBmqj6H9tn^MMO%wI*#D}QJ?9i=%L8JKbc(#uHe(;|1&xDes(9`_rRrg2F==`p; zPbyC#ear2*h@5+Y*VEoCM@QY_yXkIqW}juN0ImeEI#!n6kEA1QzPBHa)9>u%PTHZP z{jcRVMIEA04=5Osa;@t8J9AC27b{PnYuE)tFYCJiIKE~vuOc#TqUD9aCrQ>^M9p(m z@wthE<|)`3`S_p-^RI3T&oxrJ7hpj={Ul4W~Q$~6#& z)Ol@3|1cqIt>@YJo2Qwl7l@aYUZFkq6wpvxk-nGVcBwp_ccO~o{Wo*10`mms3chaG zElDl2^;<{3a8er{FN}2xjM`UlG{C+8&;E93Pg9>}-1787X*pbf0Rp$!-sV$3AD-d` z@Ty(y3_QFneJz?@)au%^dz)ZM;NG&>qTP#ZAaX(MqS|{&TKh5#DLg4VQSgzgiCjPF z;NiJ~h|L6cgiA@CWnoz5e+gfowD|aBF=SCF=(3c2A|9yceYu{*fBcW4VZ}xJM>9uK z@U509ef8~Q+;T?#>Qi(8*Uk~?RWI)O68gyZsA_s1>hC9 zrHb{XETb~mz|co1JSW)g_4^?oxsUwW6(Mq(XA)0(C|dex&h9c^8f4toIlYwL83)`a zPd)xPo=p&QemB1!$7FZ-3HH%3PL{TQRWf!cZ9TM#FeXVeexGOjdwlpEarhne zD}cf*_u4-?*Pmy9TAP1$gW1o+mU-JWlR~25a!YjKUmcC82jxm-7kpD0{ATZeKTgM~ zcu*KtQiSJ~9lXY;`rU7ojqAmjAu$XX0trMGnLST)1-Y`%sZKugSJ1eXO;>nP6|(Nk zH!sj!qoysNJEIt5zMcK6oBs2qsiv37?|}BD%JAsM>G2R*h5#qznN34d0$P1*VNO;Q@2PsiH=-JdJjJ>!O) z9*E$C`!t0zeCzo2JfX|%;4^?I+N1LIV9Gwab-|UKf~+d|X}x)Dy_r|nJ_*o*Oh~kxA{)3LCsNZELFa#d+Ip@(c3`V}2+k2JIO?tp5SRY!T1?;AMEMjWCGo*a z;@rPoB7*>Ww*YC z-P+@?CrP>N^S4T-@81u~e0=35Zi}Fl`0kU-Gbd>sTYqe^tta7NS)}zQ-Cc|0bwthv zR+c9XUx2pa`jVrIy6rC>;Wp^ZAy! z&ugp3uJKbPn&NMC6?s>sZGi?NBA0T>D#vdq2+@J-#O{vNs}jLv`3k;)Vuh_a~+1|iGpw0q1Wa_eN$ zLU-ap-`EtJ8RoLMt-Fk^sc9Qs6SCXULQ`W|^Otde^PCGAOTGP?TP~SZKUb2z4-=`r zbp87mGvN=#XhTyQCM-vy^HkaQG(UHC)&JTVy~uR>IMs}gs^^zRw{n4W9G6TRTZQc* zd=bsbk-~RJKqy~}r0m|!VS5j(Av&t*1aLiS*V3`k7@9C!&ey-8sKvl`=7?k9Aj2yG z_}djJk8Iksq;JX|?8hA6PXg5)pL87Wi@-Q@J|mek$?$f-2yarcmMedLzmqP;##)+l z_Z=I+AGAB?WinN5^82~X0n}En07SH-7ugZAE6~!Uaf-2CqLw-BpEY0#*cqPRkE763 zqG3Kn08RvRq3NkdtcL6aKU;RB-(Qq$_@6~^4vZ|~`Q*El(+&2VVa4fg`9mZxdc zzUu_0dzlupFp+5xD+pt27uI~hN{I&p;(ct(|M^4g6Pe~%(V`8fs*e1Ith=L{Z4@UOE>g&HdnIUM zT1AnoZi{kl8(C+aVP$TA>j4ZfLUZ=Fu^AtWvEJ!Um^VAO6s8;6)ip=5V^3_txooN7 zeFiQw@i04YT81I^s#EFGd>lh1fO%pcMuViMi?HaTG8Py}CzAGauy*_-LhfGBe0L%^ z+|sxa^1tmDBs49+`Ax(vb1opAsP?t{@jEv0-}dauqyL>Inh0~aGepL)aNFt-5p?!S z^I>*QKfn$~{<@NEofL!?GEBuGOqL8^D`3D2nU6d{!x@wE^?0x=w_vTU>U-mpPc?J;2{b-E;;^+sqauM`fhf# z>>Z%e6Np+1;0-f-8E*Hj&DOjtOavb{upWCp6bTHI;XxF79}G|v0iRokuW)w|l04MD zIOckL8pxKHD+W(kJBuP2#)veC!-#7UxbUAa8P1R&g(1@qHnQ0B&gNvFa$ZdoiDARs z8`$t#e?zDU118lIArwd@g+}X}rf#u)7eMps^nMqPLH`;Z2L^;uPyQAaFtrg&l`l*v z^sj*Hm(hGCVL|72!tZW~-2A3e+XWe(qqmTaK%wXIH!=e0fU(brZ(QjGi^pO{okna&Ox z#*&`=Q~icfzWHc#gD{=(uNteE0)J=BC*G#1(#+7UrV$JzCWaXMhCRVKJK$qBIkzrw zs*att;(KfEgPD5c6Q*-8>V*7D&G$e(IkoZ%AFqApgqd*TVqfFBVy#MXlW1Afd}$RU z5h{Wq=KW&Nzg$AyW36&($y1T9?c>uU(jRM-{nT&*khJS&7i%?0YFm$*w;tUCwLS1q z;2mg#eQUFGZojKpC0$m<8QGlIrj}Vtu)UvP%*^))2HC}R>Z(43Id%m$w0=15y5xL# z7EwOY*B$KASi4vgshJoy!aK}y$>IIWoHdL|w-cqd}?^##=LB z+~ANJzgmvhl@H7&Cv}ixT&JoOvs8(w@iwi+z*C)Fnm53NVhOFQJvrXy5Vtd-_LV$) zYvSP|8wm$5+?f2n3xn}I_yA~)o?UMTBW5{~6Hgy6D zO5G`GxL6_8C-*HTGSl`o=LcA>c(f3MmeSdd`yf!n($=RJu;^vp^7u>pI$cm4N8ix) zP<;F75MTn(#-+SS)iO@sRL$~&=6XR5UxC%N)-^GVr5MJ_a;GRVIy@)XFPjr(4#b_ANTC%GAs1rgJac)fkaG=joO-sx^IG7fL)dxwTkE5llBS^3_%|Wc*!Sc`nyKeRxlEF6Nuu2O$C%u$6 z3G)0`szZ1eT#56o<*}{KZBIEtBs@y4?&s(j18xMcF%~)!kKSZ`54(FWFy<>ak^!kR zKB0OV{1R+f`F0(np0js6612BO3;A4@vqk&epz71hS7$aj);Tn1PO{l^?~`YtbJ@#% z9E{JNLnZz#^dqW16nr{jJs)M)Ng1v9n&EVCaBdVM`ZnYBsh-d;(C%0%-n_Kw1B-|- zoWX%D1>4S&2w`yRS4N@%2ypd(!V5yF#wZK8T^CxD&P9b;2umibN<3|twR4=)0I%5w zsbc);hv&6&`HP+;)F>O5a(;X5cz#=y2(n?N-nP+sNJ9m;MipLS{?Zj5;Hbh&sdffe zFup5jyFY%QdyE_A{A!Svz}@OLz$KS?swwgeK~F=&ro4}Wjz6{F(8OA{%`$@dF0ui* z%N_6L%Qa&s2VuFTQuU}dFWO6vq<}F$a7VrKrbXzLyC1SkO(L;~^l^FtWwC1>=eOtGqCD>K-BRZY zUoNoIg)vj_Jcbw1Pq?qe|AK8Gc*|)-uiizi73;B};TH^flyNt*uS9gBFEkDA-jG36 zq!>$$E#9U+4m}9zN~4<*+k{@)+RTfu<3tzK1`cygc_-|QeC&8CdAU*puDq{y@k&O# zPYZtrBr?7H#Q7@yUehUe=KISvm3lm=6GsDX^Y1qwo`Q~&q`D4omp(-~2 zF#KyMe#;?-E-TpO`N>|9{|Y%Z)VuJWPorBiZJ<+dJIpg}Em_@@%bw!oek1l|PcoBs zk991Qz$D`*z~N-S>79Os-x{W};yHIw)|igo%D@Sd_qg=oLyq$TJ9pmnC(f^K&lc7W zAJZ{gQGm$?uYQvdpzW3EOCZo6A<3y4gp6{ojKc70+hsS} z%}=YIi!fiy99@Wf=J&Q^tI0P{Ey8R;w6)(oXXOgpp|=z#h$7Ox!ilDP^5Qp~%s8r# zpC7ArMD@+eW)9}IFgL8ly_olVC(u~7IOI*;?)vVArZr3&<<3ZqfBSGWML7R^43i%2 z0fY~8@_qTL@^e##Oq`yy9K$~v@hQyf!uAcFP*=0Q+D8Ks=d+i+zIk&PEV}i)^xbXt z0JT5wk93JYXVPLzYUQ!M;lUGhhj{_aMi$qw`0EwdLuFOjp?>&0hwS=(@w-;BrB{B)3)~B^WgS(~~j&IIqdf#$T#gr7=Y7fTXeVw5l zRQCCsN6aus0*qtfB3SP~aKS!Hn)27^=ZT&i;;Ima69T8wvN@MQ9kM!Y*0kq{$a}qQ z%%L-sHA9NC=qc;e<>!hr5kX8sA-z+M!{VvK>=;TAh8tHPiBBcv~=f{uFZ zCm(VWm^z9}c>Q3rmg&}+VHlW#m?052n+oni2b$#%{#vcFS?QaJX#=tKkjV zt9e89L!MVu+eU)^RD%#k>d;aeZ6!h7rSub;i~C`Q9H2VIcxPR`UW#WHR>I10tiHzm z2Y>hF8)t~d40f?_E<3lf-`yMw9+<22LWp{!k&gwrrOLH8)UqJbL7V=hv zI}vvA>{j*IugZtLTE(ziot@%JhMo|E;Y8hhR48~8znH8aWasZ|qRN`GnnA%P`6a5kjB8+!B4!Y+pv z1s_@)@WzrT!gl-4=dgG=E*QaQy6`Zw@xkJ5Ih+<52h722!cg5+i$CqRRwU2NpO4=o+}p zlI@0kb^hasR@)<7y%Oi(!o0$K3-eU^%CiIa{~SoUlVAF$4iQ)>d+rJK?y}c|hgO=~ z9V2C7 znfyIcotDHXwD`t5qkr@FKT*os)kMBSBn2`RF;AOtWDn8ZQ8P#A)46>m(#P*tUMBEa zJXf^%TgW{eTv2TBY8@sG;XHTkYMLpjSSTEclPBMtW#~pHi4*zgzzPGKAy;hdMlkQS zLe$|kX5V{fwfA-Wk_OU_C#ukC9}?ZFpH)czu*|7$7ar;#auj;od>(wjsXj*QN`khJ zU}!Gs#BO#B`Qopmcj&VN5oy1U`Z5x}mrLu3T6{Hg#LY?$`e{q97GC*boL}c?Z74IlW*d0N#Xd<5O{d^Hu?kk6k zFk6xI^vAMoN-D*zpT{&`)36u6Z9>!_6>Xxu?dHB@z z1c6g7;bUkJK=3F6|9o$zk`pas6z#JPE?akgB@xf%kf^c`Wv@-#UPsy;vx~EbEO5}V z*V3C{l4#Lt#=Ws-MzRr;@YBe+DanY~LW0uz-J+f_?2l+I&XiOmgz2KgR!{uEV*^_y zD~e@8AD+$`i~n{t)yX$Com)hi1Ur6DHB#cvdhX^=5%B8R#5#{l$H{4FX$mO%YGS+` zixP=^4nBg(JU}pIVXm66(5hR~d@M>b=}r3lQ!|)VZk=Pq zV|6U34ttjZ-9+RF>_8=Ja9<{9X{MpZX!rwi&I4j%@IFEe32hq7dg`YqaB7jk&CQtu zJAVg`z=Fru3BP}){_9B&TK53e=K@Il)oLg_I;R(a7+6B>F)%t(jtM{`Mq(&_mIbK| z=lylN*P4dT5*|T@jIFaiam-f9N#`oemFdfsCqf77e5fQ%0~v}!LOCb}xt8ZN2GoEF z26oL)n6sV}-50|9OKn(E#KQ^hvq&>`EjrvOJCOxp3@_lp0TW^c04=~{Ss>8CPg4Rl zK!a>Yfn0L&e+D{!_rgni3-#V{Vc813a^O^HMVd%ZK_Pw=gYhIVZKO@YViC{RA`ox! z17t=W8T^1u>qW(B&<}F@I8z-17*DvwSwzAyFcl0<1nO?(uaYY1(wbj1q1aMrPN_95 zV2RY|=Am`AEDZn7dFoU4X+LXW4U^u(H5e^O#}YRlT{Kx=bZG)MGhIGkQVJZwHPSo_ zbD-YSH;W1?Jn&`9OBLN5>cUrH*O7Onk4nlfBmS;~AANxFlFwm?#iGOMN_>4xF^1L= zUF8&7by`yOXRRU#RA~#8gJw!(ii?&vphzVjussrLBJ;@E>T!;AL55`QA1AOf4pJ#il%Ntb#7e2N+8cC0cnVW)H-P0D#UNGK7y{1bOvys z8vRO2d(s=lk6^5ejmfRobt z)ub^&rrl>WR=n(jbYKS(1Y|qI>`=|~;cAKp*EXH&)l54V!2p8Xu60nL!0)E0*#VDj zJ#g-{$>=Dy0y7XhpK7q_q(s%g&%3NmyF7lgmW;Oj+hPT?u(>JLZ1uO0Wx7L5*{;pD z`{r~p0QIO?ort=}E1;hE-*T5-Xf*j-Blz1Mlw682^@WpK&OY|s-)7}Rw{Va;Oaglf z_}kF4nrt1tnFqZU{Eeb)t?o{JkG4C}rfpUM0PR6vW0@4(63mS1Z{r_ew(Or*6zPc_ z=w=fX-f3t$7+})_T4Y7qWd}O>xq34Or+))jYmjIlFhW0+oy1Fn0Ytz99gTyVWkYlH zlBeI)XeixFvcuOO@j}rm_r4kmBf6^#EiHQnd~&wS6{7;fR{5} zjp%CqKn8)B{QH|7K{J)&Gu;flL}{2z{4R(}fgo5|o|SPYzaDXi&Nu1z!+;XW+KvJ$1{`nwLYi(@RFNK^jc1?<`?@DocVXi$@cY|-xLvASM7@6`1XL9DghFt>OiAL_8Jys; za*@N3lf&wO(pxvvc6L&cgi{y3pq#G|rmD?kINzVIYLqa`YWx@u>YlpAsHTqNOw>B5 zdjLT`I~l*Hvx0dTN*AX%m2BpI3ZwN;lG@AvHmWF=E;P5aTljZre-HQABXY}3U4!zb z#80ROgb*^rlw0e#-5ck+R)?C(H7`UPuzE+;rSRFnHL6@nw5!2IE(!Jf51;I$-7L*H zF``AdMzJ`X$};>Kdwg%_$beRy1A_*^aL!aaKh6mLns^Pf+-(1ftF?w|lV|aR1N?*? z*H(ICK!Q^wU-A7{i{ybjr!uYfMc5^18@n0lYWdVB{vFFo3;F=q>O~xcKj1C#XpBCD ze!o#d$Rm;NMjTa9p+Px)PI!OvV;#Tc=1}_R%b4buX;lzKpPe@flvKw0j|6rj3VwxH zT`M+0bwO>~$n4aV(b1xwPLNZm>1MRYBwxsjwtxY{A=zhJ^@g{nzdUSGxdvdU8|3K0 zKkuMIb?9;5>&gdQjL@D>C)~sb4^T^YWaU!4i+LlT_Hu@v$6cgjLgPSG$OEUc#-twe zW5-49vn510?$hz??+E*^;9r8j2`&b4x-ic06{}D0v9gwiOtedXQTMPxiXG3*Cx?|E z-lefnhxT4*8QAUj{dD>TR{tk_);(%RqVv+6WoQ}uAW7d@9mRe2z1r6UB5)b~@bAfX z<3ck};@Z6@hwYlpQWV1L%HKP8I$sYzB2Q&ouHTJ&smH9x&<5rei^}EKp{aBVH4AaUY|C&<@l+KaNFnMiQBDl#Q?yHLcbShbv<5s+5*o{Z~ zivzjS%-#Ub_3!7s5+A`G`b(C0IxSKY*V|coXwob0bFN}o9tBBvxj2QbNS*PsycvT( z5>FkPF5)dt7Z&=1{Dj0Nvm^nK-b>|>jrC#9!nyd*f#^Z^jYiWX3Ui>})r32KPn|wl zhACKbZQ2sc zM^;$fr-{keU92-yeOMnToOaVq>j|M&K-gI0g)mco?G$Vg6T-dFQ{EZ$8 z7a{Hm#Q8CJON}uYO_=!*OrpWmFH`Cpx+eC=bPm1aw4v{TkxZ+|J7g=qC8HVZ(%ZUq zuH$^YxFm(cpi~3mD7RGMxTIX5O|cVBlZJRc>&A8ns*}+}rPe?7e0BdW4^*$tXhO_a zL|ErW+6-8N&dS*0I8llWQ0FFDEMnNo-!k}LUXQX^Kh=e}XNs~x+bie`^E#^-c7s?d=5i?+55!Ta?hD7>&fl0ln+pG6C+nBi%b(Xivm zt!}~+a$-?~5%e{7`c|0Vg1>yZnam)eAs9c#NHbTOM|W%HdU^Le#;SPo(n-IA_&b1U z=8nsylFdbHT}cMCmfAs?xy21AD{1AIX-`oGjc%=)bRa>Qsx>mEV#rYTJ5 zRTwO+0#B1g9K|25wJ;-&AY9mf%9Tg=JdvYu5Hr%AL{~K@j>#roogZe)+0Mf$pxWW& zgb*0JOwl&-eMtk%pWJG4{;(UkP6A|}c0214#XEdzU(n5k7cm<(;$VN06!#1G(Ful3 zxtCv;Y4nzG%h+`d=Oph-A;G_vkY1uL7frj@G9(U3kt2cXQGLu_rQRO&+otc7%KC=f zEWh%JEP4w3j5tT=BF3~`C?LTvy}_WCM4Z*$GQ|+W6y6f(mVJmJBri;`s&a-+`_6Oe zVjRt>G>pWM+l%;(%ZiRwk6uMW*n1YsrMjnK7mv0OUZWG>h;1;Az;pe?ORa=#U%`vYUB7Nf(G2C$4F{e$iM2a4gXsZS`}k;yBwRTds~ z2Ic`a2PJC($zkP*0JR;A0S&s6tpnyiyXf6xyi#FExPStzS2Z`TeSW_H&)6}X!hp=F zz_!#&kIxpMr&7g)F-_yi>ps8TSdbsORi5LR?qF5~sg2BG@@KlH{?)x(c+U15nCu{h zCg?mca=_Fb3PZ|`-T+jGeG}eF^Ou?OWF!uil0813X=N@|UgepHGkmBsILrR!8A6U~ z)ryUQsVu|PXfxP8PxEaE4$t`togzp9UTShFXGLla$#GO`t1ouU`7cByOtoyR?`2Qs z3i=2C`}5u<3%{shZ20J|Mx^n&5liuv0D4E;#rM_oR^51D}YJK^{f?k&oS^;Q3=>Jn=&6pFOuO(~W3$UtkIyhy4>4rsjSXFj4g1 zF%R)neUN}=kscIY*n2g~{@eMpTz!N6T zt|O8;itQJYLckEgGcPxBoFvUr%zsvj;(pjx?vyL*fZIs|c!|JsL_n#tD4oK&EE9*+ z!0LWrdloq4D;ypb_r?e3@H2|qabHqnG2#J0K4~)VlhW(b=D!CjoWE1O*5#@dCbRfe zEILs^}NEQ{Izdl4a_QmI3}u+Co4ol|&> zALuHNZ_Kk)VeYgeJC>k3Q zkcNTMqhO1nFcvI!q3yzgVtRgILMpo<#3Q9%UEP8xdZL#7z1LBL1X6i+H-!fB$1lUO zC?lmOBUU{rga}kj0bqR6r@|zL54fq*9G<$&*<#aR8^1?yE?w`slgcem9MgSMbpHkh zDoDA{u3|O6lN=KXt4&imEN0=MK)+qfR`U1BD7gDe3N&<114$<$P(W%wBF9t>+_#@P z$OEUdOky|!80zyo*K$lgSA^cguYdMV41zAx^HkTvn-vth<`i-i}U%3foBY~*qh#@vW9PMqUL?fO9 zqc->1?GSz?{;qdm^oxZHCqXalVnd~i67`BAdCTjPL8fT985tD+tEjgwFVR0LMLItw zjX8A_v|wCX!y7*O?7Hc%{Oe977LJ+eQNDxcT}c(Z$)_ps#U(F#R4G6Cjy)1`V^g=u zUpp96NHts9f5Ezz7Z`X4I^K?*5_;LDHa*G+7_Y zd!wp>&DbGHun6(4Dl*Naz9K(5E#J6gOB(aqI8ePSiQ(i%kT3N;q*QnlF4zweLEZk! ztJ!1>b3#IbQMul{H9hyr{yEj;+hM^CDbSBlcslVI0-czKlB7Uf>#704?|}np0ro4ML(&!2~jaA zy%rsCgH|TWxiHbWj;qJRz`0I1hsLnqF6*qWL8^Wufas3QE($2Jf>ELgVG zNH+|hJJxxZSmNeXzi0Tg{PR2ZqSf@RK`L zS(=plNwb?ITGI>>mNqu}X8lqcuE@4!=jJPtMH_VB{O1r?p#A#>)Z_>;*#}xdSiX&^ zy-i`bQ{YkB;}HK0dK7I^LOQvbfskpZef+7N)QpFCkppW@oZUbEzCT)EsZ9}x#t^m0AlAPkb?(aR_ z<;YrzMqermQDxGzfTW3ttxckRY~>44wXAyR9~vKfnF=K=N%k^C_hz^>63TitBZfXn zL`?eO<()(F&$l~^Wg+2~x5u|?Lr9=MM*VmD;C0(g2BkFmGyTo<-JbMddYmRb1y=4o z;L{B?%^A=jS4)<`LVweS@eht?)Ye2lk|0H^qI1PA>r-LZ`Pd;ay7&He#riD3K^*#i z*0KE?cey+5)j(sdC)C`fG#HttJyY$JKCB^K?BXBw#ij0h**K4B^J+|UyKGtZ8swjg z4;l@9K!%oK``~4RRg?j+@L!s@us$b3^+Qi`Vs>~#B!Vq#lq-Z7lox^i~(sJR`q`9 zUpqg`)fv3+qxtkO8Kh5yPELaaEJ+i$r*03Bi)3kf$y4kyU?ucz!n59R4CE%?kWSfX z%Kqrq_Kc3{BnN7?qp4NLg{3vU@wWybMMp|}Y&z6%{Z>aG>aef4arh4c;xbdfvrbGr ztg2BB(0Bne=(o~3tXuB~&@UkFmIFD1&Zb0Y-z>D07(N!zB^c9pdwUv@Nk4+4ulzGD zdM&;|E?#D?bH!*>M|QH^3`Er+M9dny4rf*dZnkf=QcilgitV**Zl)AI5jg8HEa~e+ zKzfOg5K=*sOdDjhP9<%eBSUj#kmWDpM`1(0urERFJOmH3u6)<<;0D5|+- z_S4RVVpCoQs2TC~yxz2)m68@V+4;qwwzP8duRR_O#pxbz?**t^CG3FQkxymsJG-K$ z6&RO0>mawW6Y}fRbJ&eJA}v)t_>#F%L=Ta$ocucnXx37@GMoIkTk9?`U-F7MDCM#VcW3T^_>u|ph4XvN?EEbez0O93GHt*(HrC-=ALhqf+@_ho;FJu4&8QTn+1=hR++ z;BDKE@2WzA6W;8bhs|R@OTCan1JgszbLP(SsP^r7TIV8YJVl!>p z{O$sgwkim`#INyO%}Ui$u5$a;yHBI$=93liaG$39lb55yT3avsUf(OmHw>+|!KUn~ z5wDD4*XU4uW`Fd^F9oP%>fI=SC4zG*~m@oPISnvq@KUpJbJl#U4F~p;+S1<@2U2x zcu53$GIc0owfvvN!K;j;VmgjS;?`FN| z8Igb2hX-(K+ToQ7m;vC9Qj97u0S+ z!1J4Ce@8j6@Y0_B^T8Pqc2ei}s9(eEbG3L~?KdtAw>XSsp8W{6HR`+G1wtS75nq96 zvU==p?HQbXIT{%EPcdc{I#5GOTpn|ydB}$(H~aqsTd`0L`rSXzpwxCsNcC4|;&55c zOSyy%)WuhS(qKz1;r193H1ySSo%4Th?65;7jzel?t^dmNA6K;6v3%aK zi0^Ee$>vXvP>HzQW$V-cv0nU6tQ=mu*YjBh1Q~4tDI5td7UoY>xqrWZ>7f*qa*^RR zw-D|f|0}2!`CUEoy;sgxiV2*m?>GaH3so=g4Q(8|E@^4M)L=;?_`OQCh}TnIytnWv zL+Beq_(N90<2HuxSC7cw8OHj=`hpK9vwQo*Uwxm9q*RzjsY@>f9`*DDhZ@MRP(`<( zmuqeuU{_*7ugJ+348&ylE+*%lFcHdreo&7o=luc+Wrl=SL0hm4rRYEDL$p#Mun4JP z5p4binZ?dO|3TtEFa5V!`t!}p%2rXjN&WMSjaQhzOR)UAik@828{$N#0o!To>#BR( zw?l}(Iv9Ucd@16xT;ozZ6GU0{{+f#fSfZ{nFoeEeD3FD)r{Hkp9lbP`5M|sV3<5_; zvEZ;^@|$Zp!UkDlPS$U8rAW55o+T!n^js*67=EY0yW!@PvVZQ)+B6nn-=v@%(J{k9 z1%`Yj;$r^Qf=e8Qbi{_04|dhM|LIrokq;b5rV|%o{1p6#%vG~upx@qzvln|H7jL=# z85o3p|Gc+d6p~CA-tJ{}WH{p?9il4dZuYD#2^I1x=>ul8Jz0g7%ZzH5Bhj^>*wp>YZ|f1I#J{rivMX{Va~fU-QG)h`IMkTt z8w$ZG`6`4%ScgBiPM@a#hrN{~3K4k~x=RME?-+=TJ>W^~P_}W-9hl~PgKYy3njLd? zNlziBZyDK0BUNtLNnxJarcJZn3MU4kLsgy>nn0k}hmFM@^Q|ZManOH{=_m8a$j13ZtYC zY7VW3?yJF1Zf4V;iV)NYh=*_UxZ`em&!Ev1oYs1AA1!mxFz-8<#rDzrWQ}st({&C` zLC8gu5WZyT<3at8*M`(bSqlgmYUlOt|ijbzZDQ>5VOx1cTGab>>~;8 zpBel^D;9Om^(&+*G9H`bFTM8^%y1>Q6p&@z`{~e9gvWmIxD(y*E^=im&O~NEC zry)BNXa#35y{Gb<&6sG_FLhtDeqZH`oMWGANXyCE*WDf`-yZw0n(UD9!jaYomjpZa z3Iho(zEkDK%_HO;yaqT;1N{+PPgQ;Iu1ba>>03) zB}@F#C4vQ?JumEi%EEAmn02q#xR;V5H7Mp@(w;Kt=Rs>qMoQIPefMG|Mc0ci56la7 zKXzTUVpaVX&Dde;RFm4)55<(;U2%jBlW-_fy_YCJ@G4iaAUYFijZlEbQndaZk!o5~ zy9+Ea6llOohwI!fFG7IAqCe3}G<9o0+e|C}3e~N?dqm(qj?_X}c z5}YXEHu!u)AzoN1^?@9RP#aW4YKOJt?Y)ej9p05X!u zC^E!CYF)c;(HM+D`+LTF-ikCec)p_wapwtSpV>-GNf(1X!4@4B$L{j!I0Ku(HZRP2uN;1ghw97r@az#~l0Npidt`bVdq0Xlge zUFa|tx5)RSQ|L707pA-8$t0eyoz)XDDJeo@_O++h#`#tm8Mg6fbbRb(^VQhJM41#G z;8xwrfO3~>l+zfUm16yI|H1B|H4^l)k4`B#?xsM;#|f+SN+&M*+6&8ja*F1{H%!p# zGr6GYi_ajp&!c$|;};Jc ze-LTjNDKr60GQeA&wF`KFg%G1$kvu}>{WDL3Uyr#Z>4X{I$KS=>69H)=_E7}Vf-xN zO*Z2z^y{-Rqv@Xp;dIu5FmCFo4SU@Sr=@#vWG8O+JQ;BgRhC|LEBiId-1aGn-CHC6 zGYB#!bP{k`Yf)1Zy*YC$P`?MU&lk^1e--tv3qoJZm*@h#_>om}vpm?V`_tR}i+!fE ziQG@mdaoR;6+huV`YfomJ9I2DCK_S+T3k$f)ihz01zc_~7=v5w99|A;S)4B8b<7hH zAxr(8f-&AX5IH;4aFV?hssR1YtW7zZyiX4>9M4EpQRV|^- z%7{p}Lwms`p?;Nzh^ZJbCwI%%Yz%D=J2xPWg}Plj-+ONcx;a5u|NV&hWre}WpKU3H zJ6|hCqS$YhhCtLqUZ3rrM&|9X7OW2MNso9vT92era0K}=0_he+;o1E|-95kfjs=pB zs80&w@Y?s7-{Y@9uD}@7=lWqgomBT5!V4SOY;};uk#_$whwC%J-PkL88R*d1D|B-M z!&X}C{g)>PuGHs&KaID3j#c7**2Cclo{Pmx9`Pt+N6sInII+uvW2?T7YPgQ$T;BBm z>CjnE)MhvWpF;@Y=mF1xA+WwI5QTqr6P$BNk;@1S^UI?1xQzk95F7)qo*{d z#x6Ia;x&HJWz;bc5A6{6l{ca}s3)1$m0kwy(4p~kPrU;PHWa7>NLDgX|I+b1Fl|m#-T6_k<}TO%ojSQkoNR*IvHv-jIf;ye8ahWRiV7& zsc92V65D=F3NC(nWyTcrsIljqO^o1_PPlM18R9k0`5k9Lq)vIubJxJVA3>4M*M0|H z>!!bYo-uvWQLR&V4Oj$(76}TwP>WL$Ga^iaM7RqzDz+KM*IZ3}dU^aeTdAjha@>sR ziwp%z+y$J%OxfUtjIzJm7$+kuWdD!WEsiV{mb%@lqaF z_cGuL#fck1cou8LsL0Bxh#d};q-gXeR*|4T>9tZ^`!s_$r@l36W-@(dmMAKP$@-aHkJ^=@iJ-YZ4(-9d3e%wserD;hvYZ0Vlg; zyftUk3hyaF1gmuXlp2}`F-O^Q7K5@Cp;ziavCGfcu@E6FL=A0YW4>w~j=#{W#N|Ez z)8jvZK@bOyxBFlOSw2w=#k1an(BL?f>Ojt*3^|@Gn3OHEiG^45Q-kmY!{8M*B1pgw z#D5AVQ!JM&hjprE^cwSVJdGpqFaXn2EL=D({0NbQ? z>f1QCsTWs1r9Onrf4DM=7328S=cRuTgmYY&vGUr*Q#$)2#Yv`>pPZNxj$l7l5hA|& zZ#pvuWE(}Ob$cNdPdeAi|Avb+nJ{Rgna~I*<|-z*v0lUxBNA?&AD*+x3UT`T6f{viAdVY-YO@*cJmy z^mct0euX-g^6b6|A4x$Rt-`&(Ww_z2{Bo=1uj>~^rzOFc?J9}NNQex~W=&+eAtOz= z4y2j}R()o<)hzcl2xP~hec>%?hp+qfrx7k5Fmv51Cx{@4awn1TmX;gu+%QA2?#Y?2 z{uYC-^e#xLgM@fshNoLOf-t6cl>dHE3=l7m1Yh1!No22^ZQ+d?PJjHEimMVDCXd00T`{7`GDCc(r~c2KG?FiAQ)djJ zhK@;0pD|V}FqUplS*9I7mY1l7ly*A@O_U9{BjMaaYWg@DL4_Q6Jg6tegpcO^zq&lm zHB}v+dt7jpzZ;CFO#_&pS-o%sApg=ejzG2~yx1)-AGclkAWyS60$;DYvfwHeP%)$$ zD*Ik88@qDdo(#jg28f$&_ft@}l9VhQ)Ha+oQHhr(LE8IJG0e-U=$p}bH`Q^8-NM&9 zzK?KWlH7M#98O191d#P0~sE9 zg}(D-TJtibU=-jtZ4LJXqLS?{+SzD3IA#&3#EE?E^Y4joTwi&+M`X@?EaD=AoL6dE z-Vm0==DoUK(;~g{kbv(Aou9qq;3J>&^ll&Dq!+wI&~+m`J7w!qI7kTLVZ`#@VqsSv zzGpS;Y3S%1kpPRdhlHE2s%WpXBfEauwO>#tTu37*Z}_S|qZS)7{r6Dr@&ij+ep|MF z3cdFs>Jolez$e80^zQu|9xI0P`+WO;huW*`QOS7{{&`nE$e(z&yZg3kKW$X@KL(aeFJ?0zKGP+IfZCDYHHj!9)uINrEoXf!508Xt)pZ8W1j{% z`yZaXd$o8zinBGaZU5O>;hooY>M{UVV0-s&IFsA$c>iLby(srUWtBulzfX$T!01F) z^}4__6;tnvQxChBMhpY`I&YjK_Yrwfe$H)Rm?e*A&|yHg-*n1h<0PIPaAHn*pY!T% z>%X`1LcUfws1eFnLFki!)TbiD;I6{=s}Y%NDW5hfgSSq+@mJmrrD!L<3m%1gr3lf2 zacpoFurakpQW(&X71WqD1Ck;r`6XEad-m_P95%di|GkC3_WYCrZBI#BTEG+~z@~5? zpx1*-uPlcNCU%qtYP48>X1|W_?)};AG$J%#vk;hv2L8Ou%J>j+{_hJg@|0Jdz|M1E z<(D+aO|nEZ?=!pg4wAG*%+p~*Mw`)e4Zb973_=u|g41V#@eMmGWi0-|nX zbU3<^ZWN^XA&wLT1r!h!krsng6fk(WpEvib`#-qOH`j5T$N4=zpAg&bb;J!aANnoi z)4QVXcr%|}<|Gy^fiRwjE^Jq~>qY+K&D)1#{f6aJG=;{`4OG;Dk|2~Mmd9=RS+@Xf z?KDU*Jj~oqwtHRV*QV(H_ba|+TBEJIVg3?HN48r|4p-)sgLk`$A2lAXXqA6_-?i(x z7+)0yU^@6ph54ZW*=0|FnDF0da2K)@L#I=?y85eRmq_~?CEMvYcSaExP+_z$*&6zu z!6)=ObGR#4_|@}B`2EE07^uX(qbob$=***5yB{p+fzOhISK1UahpR8}O{fs@T&SC@~+PPhcSon!yP zMA3aN8H;8Q!8eh4pIg1ZDrc;*|6R=!>0Qa{`X$75XrE^HrP{rrcLAUxrfYtC?!%kGWG8$%5*R-EMD< zGfnK}(MW>SG!ACukNO|ozLEqf-~aXC&1Np+?zs%-A44H%QNI681BaWDM0VK1SV7=h zyI8iCT`pQb;zNVW0Ouw8Z&SWLS$LQeC4O8bP3r(4hnx>?R(q{*FaKUl_Y5MV5iEm> zzx{O2uJG^Mr?=nxLLZ!;%KZB+HbcA%Og4DrnkBNeEi@dj!>OdQK{BUP^QX0HF|HZU zOh?|L#H_VLC*YR{C_mPRn1B+Z5`d!BSC?o3O1>bx;glhv6o`y#8x~0s1A-##WdnXl zzN#@TPzwGM;r|k7U2okQa4fwD!U?iVbxd$B*-?U09(Og_w_4X;sF=6%?X23X^yQlV z^J5n^qzG+w{cf@vBEz|grKUv-^tj|-ou_l>Y=^OnNGZXdPqc3!_=L@}zpW7g$pV)N zopGAN;^sv|8gjFZ-_2N+BFWov0l(GumiyrbV_z;7u0c*+)^~)+`hwS6>=kd^Rcn3M z6%^R#!oig-X&7a+_5m^Z@PlCn1hH*(@&`Va&U@8@?UHFKMpgQ{cs#cl^GmT~jnD&M zFMoy8EFM5KBz}tK;noi#XI69@FPX)(u*8Du7@Zdirj6EOfu&~!ZI@bs27R87c`#1H8m-vxR#Y@AUYf2PyfsFXDuByAJAX?6A~3>JYM@UVq48N%6K)@~SSl$)#%d6Rlxgc1 z=;Hv^Ltw%g1zhQW9KNHx9Q}2-`jx5^T~%$e!JPAL?|K)}I|nG&`osSA+56}tY!)|r z85Y^NS7xf8-L!|*YZh+Lbu)=&2JjGiVle<>v0v6|i9j1wH;@U1YH8=c{l_+8(zQ#L zL4{T+Pgn&28fWoNC!V)9{e!8n z%ws#!Y=!P~0kz*lEI#OAbM+@J9u3p)qh4pc(D>wR)}0`JMt}3_qmpXgjLq4-`;|N{ z0!#tPA+Gg($-*#?J-a7o3r(!)MLu4(fWpMyiu(fZ)+}%~O2r`4r^-QvOuw}yt zO@2LQTXSDsBF7YvDg+A&0^iQ{w2{pOVa3c(!~u{x02nH$ zEnVQIIgOkcoNrTzFXWry$x9{W{g}Y(+jM5#e5#rcypy!6neSIbL|5}}qZ#x{+?e-$ zX#{>$GBs#>oHxLz;&g3x#Zp4Uu>ev+Lfs`-w8=hzk}4*70kpXJ;yvdkkcV$3{b4R8 zP&#|Od0zNDbXk%{zK__u=Q6_=GU}+XxX#CRNbel?qdFZFQ;q3=RFr6&{CE8pNc#lK zaQ|97!n#ch;PfIA@_ph`wZ?ycFJ_`)eiuVXo0nJ*5}VT!`oOsw#6i0SHlPl%=?L{W z9NDP9D7j=8>v5rV0~c)3)=hU;&W7#Qolpy$a9mg;PJk8jW$Icz;>_vQ#OK~xPMOZLr5R%`yTF#0`v<(Gjd z563y2|A}!^r|57}iOhn}*EX1Tm}$E*?WS(tzcv&NXqB#zU|`jCkWiT`1#qKXVY{H_ zdrOM48epY;%EHwNFe;rU^^)52HN$56nx;3mt9!_&e2=OwwQ#5kGIUiJJn^f~x_V7geX0Jps8J}UaqI^-^MKI;A47p4-vmTT!$xUHlfvQUzAUh-Uw zpdcy4K0s?=#esMI@d}q;>P=vNj%SRdI&_BoX}`1IJnOns@H7i7)BAkv;{(MQ3jc>S zqYpGsPhQ+`{baHpABakBG*Pl^ok~tP1d}6M^sbtpw6XQJy$pZ8i9iXpqi}?ERTB`s z7Z$|b^cB2I*F65|L(4>zb%F@h{n`E#L&|=MpWAkUkKxMOl#sg3?di730#-{yZWix3 zxoB5iQ_Ii}@#SAF5zH~r??xycALX0COGt{msh2fW2JeBKzylw=f%Hlc*2=E};sI9< zpfzWG4RSfNhfLe|1PBu4WF5_j^{Z9Nxu}SLFK4#E){na~V&K3R4FR@82 zOdDoC1*2^2sHl#P@^Ak4E|?x%s0PP4v8p~_ndLIlt+cQ4(OKSP$S~12+aZMBO zW!!rrD`*%m5x0hjiB^Tc15!<@HY6NxOmfNgHIM%hRJ#Y=2_J%QMG#Dcd_Z%*(O(UA zwBBAiOi1b({O6i<`QJye+o**>I^EF!v?@kAF7b5zEwp2BJ0vE6bl)js$yGS^)h82a zNN7f<-F1_XKXy4iYLYxO1lWQ9yXe|VcDHU8QWo$KgF3JNKGk~jQMEn9rLkolkQCk(A z8Glv^DseJx3)&OlU@VopkRalx$CAybDd|qpWEX>dTo=n^lg6_jP2bbZG_b3L#2UFd zr*ei=?s$P=hB=~k5VZ_p7PKq3G|?LZ+NuQ?xx1cL;PJD&>c7x+MknZQnTc>YkpnlZGT`7h#Ko#xrRu}6!eOyulFRNRLV&uysGX_pywB+q zuUYH~6Bv)F!62*X%&cItnfM}a0JTdPhCT;C285{#&$Zg#DsU2|Ldz5xHyK1k|4Dfk zq0qwC0O*OENM>p0@zQ-4Jxtz+>Y26LHrHX8C5q$qi-G)^`BI6;Q@L9Ns2ZD=#RIJ) zgh8)om=!r8MmJolfJ=qA-L)pSEgJEcC_o{DPu;|$(P-8U1`#F@3YJ98~=oUB3r1H)+n1l5KRG^v69T{Obw!k zX@}{y699DUo>!WL%rDcA<`S5_K#K+-t9Ks{`L-0rw=j$VoBy$=4DmY+Aq(SKs=(ga zrFQa+_CB=-s!lJ^>kc3sF7OAR)aQ%9z(2?7f;3(@lK){w-F8D*Rq`V!3lJH4& zkaN>EQ!;e@s7%7YAE^0I;`Y0lfbC%IDph; zYO(CdXKqPrk)6`{^A%k!iHIwb^tfRS$nWS68 zeGH$zL5nY!)9Zhu4GTe|jM4fTsgC9$uC(cH7TenvGEMUKiqDAKRoVUeuG~-`k29@XFj~AFK1O zxLy4Gi92j-^4#mqrV-n+6y2WRLnRkk0_!7KBc~sb5r@ID6FDUTd^H#bdg*ZSuf^<5 z05QO*QuCPR*AAto&Xvk|*JhFEZ+djAs?%JZ33|%p_~nGJiMs3i88XSmfxRdinPeZq zAv4kG36r{jH0uYS`Lbr^h8BCD(-QRAx1I?)V+=O^pZ>$hE-?bX0V(AsEMi0^Dw?Hb zZcGElI17MlI9qkX|5^o&IR%yAzcJB4@FDu_TtpXAyd#ttEr9Jd&ei>NUMV(FMX7(Zsu2j9+7T-hhCmXaD%@dg@ zK>F2lLRl74;X=bgp&}26Vpv%NLTiy2K^80f)}!?87jjXJT*Twx_W^;+wch~cExhI> zdR;A3iIUSl)2{;_rW1_T0xH+aJXMaJky-+?u@H8`D6P)kkpAB07oWRM@~<@=hAQD; zDuELR_^42fOz2n)u~Cu~al%9xe(K5u-#-jl<~~0F zzTbWBQNx=c@v*!aVMWLB%L?)yDvAw-iHuW92}qBFO$-tCbm%zM@xsl+7Ki#3^=RwN zZ@cQEp>d+C1}V_%odv|JeH)g!;O18#8Sn3o%8v+sYGXvCy-mHb>oZ(^W#?W0?j(j+ zte^#W^V9QoKA)ej^zPJTFMz61MyqEml5Y&^yq>>E4X2RVnFf+XqYsg!FeBR=%#_39 zO!Qka1`>g$wT1A0`n2Ui#qR<^)G$4JAh%yxYY|9bUsug<1hq;{pVSqf&^4Ie7kYm~ z_<;-4qsf0OdtIhd&kdETxI-0A_TnxdTB-27XrX{fQceRQULlL-|h|TkqHbkncrUS-k+DGLxRF5LhW~ zL>{Fq{f7V|0LRpPRHh!mnU21K9y3bR3d=T;w7j21eba&GZ zVQFLlsyOsT*JFCNIwo?!$ut0p9w5bhGy7Dk%dTM}R=D=8(@A7v{; z{HP!Dw}5+O!jc9vum)~$9mDUSXSmUR;aM?Y(v!sHpL1Y#yh$dO-vpNAP8y;?}V@&y8HtbyKRCL?QA_rKHqF z=zkij4HZdTMnj?+lM5P?2uOs386o(>m9eQN??%KWh5i~WW;5m*ZBga3X<_y&LwR+c zrN%4HsNOUpbqy0Zc8@MLf)Udv6VHSZsi=^ z5Z9=WH~gYOHe1(MJLKPw`2sD9eU?hzq`#z)QFA_%Rgh4#q<(+EOzJ7yIAAV!kXdKEVm1(?7L@A@vq z1#z^T2=(-)eHR+lTvn1+Gg02m*f>$~`&l_LtqjSL*rv)9Uf{7ggZpN(+zwq%SZalG z(7i+QLasR_z`PRExn1S_z`p#iX!{!k=u&sVC$++~(?a#mkSctrUT1Mf-=F?d6jk$P znnoFocG-p|CoSf&M~`XXuW(aPWu1x5Vzeh6klyR71}@j-W>AL$IK(0=9vcwBsRgPr@yrwTh10)juT;ddX9#sM%ws2i|IN@vU2@+@+mMpze3S zBGW{-ksNhu^{vc4GF4P#ir_xyaHxFTnP$^}ADf3{{O0RD=^Qg3uNC~~_HFpyjP9(1 zCJP#@LV0(4`M*0TAe&GxqnH5=`uxs(j;1{97A-CsER^7;?6cUTDZSLLM2=Rid9_U_Z&C@v)>(hv=S=+0CJ=M{Mtb(3**nw~pkZ5u#;53F!N>K{3f zkBk4<{2z~>tts8;PMp^2?>iJPy8ENr8#I4!qxBSZbQNpv&0PlNyIny)igic=8tB{^ zN;{peFG?s8w1xmC!TRFFB33btc#~44Fhr7_jpSZQuRC*xcUpdMfxcHho>}(9Dqof; z?0ttll-1ibPsXu3qEQKbtw`B_vGa7T7C=|@@}dJ6C5zZ>lyjGGGJGCO<+!zVHf~m+ zyHj`GL_pNlfJ_l1{f<)s44*PS$2${^0(%T^s5nK`_iW)*cxK%1aP#T|X0}QQh*Z|TZ zp-^>Ax8?1iRCD5Vt_Yg|CY6u-$dgn$lET&#!>9S8fIZeaR34Jp81%Y9!mil-`p>43 znndeum$xWaT$hhcb)wXJ$Nrs{#d%-zaRR~oFT&ZI9;UHbo&1uh@_J^&;z3}okgxY8f<=9{|qPO-At_IJM0b}7B{^KHK_@imLfvS^y@ z@4Ac*Bn~enZlSeiEAr?H4PT2T8q5)a(PJ{7Z#UqM%taV$|Djj|U_xO+!YyrNRm-bm zUwB;t=watIVsNfL5`J zk@!k-HNK3H>ja%_O+sXwSaGFXnAWTdvkGQh%{@6r8%dV4(tk#Z`z>ehsIa14n{mVC zvoY}HL1f`@mejz~aILPrw=H?n+N@Bo(eWs3ZIsE!zy5C#6n7HqwG#%uR*aG=y~5w# zP+QL9YS20!+HqBPwfHN`>E#iK&3I-;kTuY| z&+^WR6|#!nNUtT%8R;=D2ky87t48jl;>lL-<$w4==OcB;)y=<8Wd(nA+&s2^*T!%q zi*PY`k7(my8A&O93+7^% z6<=gZ|I`^Yu#D9=wK$F&yVQ8iTgNVoP6^31=#_UPPIbdl5ql_i>>lE*Sdt?e2SaeS z39)A3hX3d!sZc2xIzGR5|4tmn&Kol$*+uZ)@*5BuV^gBgI|s0!h5*7E8$V2dij#<# zwYQQX{%qw3s4!9FjwIO^Ss7~VH_UdyNand-$sFgMG7$-Pk~1q}5LWM#t+aIhe7-SL zlnj&5GH|yrARDk^eDy^QNeUHzrbI#2@lsA%_nJmTzBY6>z%B;nkH}kIJOmfP{)&HU^k04&Jy zzZ?Ps$2(@De8#8&H;_VM7`-cdD$8KTY=*?uIZt1AZGAI8|=a}Mw*kg#LMVsy*rNqC@OYf>+3aitC&`52MC()r6DGHMMT_&tIA>e$(xQNjtYvWi5Km)p$TxU^k7TuLY4=Hw~ZnS zGr8=&YR5fQ1F{dMVA8E$gOJqdwh#jEvJ&s7>APk(v-y&p&yl6JW@#-C8T{S1-Z3s- zzjHb2ovyRXpzF^W!kv$mYi}%ULvvx~Cbj_hib|vdsS{%=MAJYuULWmTsMvs8S!|I+uS71V`Jpm}b z9yIb){(7b(Yfy0gR1k~yo5ySVB9gw-T)G|9T#JpU+kbyOU4))CGH9sxfBz3)9*Ca& zHzpluu6TofQG4~7hT%bahBvQWJf1T*oT|8k=lh$l{?azu3@L98yl4@}$A-n_8z zpGJuh%M{tcUPDS8eRK4))~&aVH{}1k z_Bo54!Oc3g0a<791XeG1@GN4W5Y4!Wf3j(zSh2l#AiwX&2;u}lH1xplTa~&)IWxM zAmy3!X0;*GyROnwDga7~ zY-WU?UN>Ob%nXA7fO$JzFx(Z#@}ZxA;PtNPuV|WJ*3Va9y9Qt^p8+cxAI2#ni-_DU z-vmrwAV2zLQnHX1sA<-R+>UL==`~-f!roN1gM85JU4Xm8Ml<$ICAgWt1PhKrG$N63 zK5r%Ni-*0kg3sX@x6yRXsK{ZtiGISXa?|}U&A@afuuw%)xV*~GEqZr6J>LE7i}_BR zqV&}Rcrn?db3}98b`CVR= zAYpT;z-E9-*w6dXE~&VxL}hm4R91l;(YK+&)vUrvFL^51R=@3n5!XJ>i&u`j^L1j> zm4sF5eg8}!saSS^2GKy)U|#dRMq4Q2L2FhP+L{=oWC}cYZ%C` zz$K(uHLl=r7zy~Ip(;eLS7XfoBMMJtNo7FZ$&yZBM56U}ByG=>a_9GiIrfALv1<;! zueBNE^*cIc14*J=sb+KG7h&~_?NoDZJHrKA@lOPE;ZgJV>}X<6+8476qC6($wZ%TW zO1A!m4M_@|$^A!#n-sPK3Bi7(oK>lu$=}S-vf=H`S@gnKn|#-hR;`ggmc>*yD zB05L0&G=NQB#Jq)id#&JN>OFGL10+CXC% zpIP}cn3Y)Fq){ub3JWgl3jUxLVdN0`eG-KIMd#21*23R-+J)F#rK3bm@SsC!e%*lz%m3$RdV=t>l+*5m?wMxfUi4o6N z>@K)Hxyz_41Yx9g2Bt>Af5qK!kZ7Z_fF8P9a^9_Ehdh;z{$d=Ckhq) z1Vl+?XlE&$XIT{O@Dj#T1c*nQNGN;57r;cINcD7Z!?dAO22yfI4clvXg3ESaxG52n z@WR%e3BbTv0q0RuT#ojr_Q~+3iTiINQ<<|O6Dj0y`XQQuF?BcPUgTj!wL4Ua#~JM@3(5~kw3Cyp245<0O6aAP`yZ;`{jwbD7ws^CpL`?i`8 zJt7s){o~jDbxnX)zy4Jxb59i~86iYfTgDqevXxe?=+X^E`+WJ0T6dmGgH#9~rqnyF zv~1qqpBu{*^PG?p&C+r~ajfOo_gDdYW`C4~moV z&$Afq{&Jetaz)3h+Nw^C1osE0MYWpEqDasE!Z_l*zo2%D9F)caqkGt;M11yKsl?&_ z5M_(GfX%Se=z1rcW0gT|--Tp|y@D3G8k5RBfD!GU(@>vLvE{lzVq7P(X*WOW>zQ;2 z4OAas5fXP+v zeVzYx*6_k1fF2+5M!V;hHYAo;a_UXo$bV5^-qW3*t#VS=lv~&i6D5#m+B?R<9qxz_ zd>|D*V2CFcWEwqlF_cCw4^^gAi~cE;_+z6wH=uk7$S<9oBOodqiy4+iFawCLeafXxc0fo-91$>ZoWY4YNxgUA+%G9QU8v%t&^qgxP6KBeC2U^X-NNXUYOhkvT z4&+U#cK?Ry{EqLE@v}>x5;#B69K_lGjGg)YXTp>J0r<|WvU7$*&jXeZPuzY*dQXyg z|0>f8-MKGBBUaY(X!?5U3m$#%TQa$=dWE*<*EHtcU_P}_6&I%<{Z)7KXaP&V(*W6I&?z%=cFlwtiG!TLNFgXj@8224xLF1Oycn;z$lnZpCz;S` z0mQE$z5t@l8E};>qiEgVPkc5dLqPHiYLbg+3UXLfhZD5U8yGHWbR^))SGuJ-=uSUD zfRXs#B>q`{rVS7DT^_r$80azrzwL2Z2hw{1n7tCJs>W#TIvJu4Yyq$eVHjQsZ9j!_ zqV?<^PDe+%ay!c{&Xz{U4({A@4L>LRTN7RHp77*~7Gem%L-X&h$qqiMEMKnwC$BoV zsH*v-p4&Q#x8f=D%F`X1(ZQ!bpv|il>^KZVI1x&5nNJNCvDy9DvX=kZ_$3F(iG8L0 zA>=3Tl%vz;{^W>GG?gWP6<&B(_QBzTr#9O&*JaJYMfE=Taxc6XP|?_T#58fD!nvh- z?|Y0KgFTT0Da<8e6MPW7>L=jdn+|cIW5ZWEx?cVHYo(o9d1Y{oGi2zplbDR_8b{O` zXVe223U*lJbO;m*PJ99EDw5*iR*NR=A1biUX zrrOWgKC_12bPDp7tnT!$JYyI@&NqJaaeU&`f@2T0dPZW5CFCa?bd?trMGK}ED#;K1<#P-ala z=S_BvG5pbd&?25>dM-(|LvlFaHLdL=C;i7t9cB`a?Hs-DR3k3Jj8vCft4~fuVw4!8 zTr*POolCJ9T|E?Q!XT`V6oFmNW zbP5J$Zmh!MtsCN117<*(G-jVxh?9A&e|lWY(`7JN3$;uTDX|!gDJ(5?_^fL$-w}#T z2oEgJo^t5Uj{K_r@jxU~sll(3|5hwxn!|%T|NN^fh(|j^m7;%)i>mZr(Ma7zYGD1l z|HOzIgM4$_{m&Izgm&gb%oD1v*;;NTZWT19770J}^x+sQ?m57FME)mh&F}bMs&e`x zr#Rpn=TU*_f_7z*>(!67x@n$6VhOQYiG?GFxBm6bdgiV7FL$TuUD(+fwwb|t|C zqzA+D-BXd2t|K!2jx_Ss2 zYJhrdey;E$Xymy_Ci~3=?3U7-g%8}@t+#Ie*Xx)kDp9(=AQRFHEPL3`W6`N38$|VR zk=H7h*xWP`P~FN@6l3Pm7(j)6T2Hgc;&P_kjXi6yp&F{UB)tA9J5|(-pMGJ&@yFKL zz;3ZQpga_GTiB9o9lH{l%!%S$MQcY@B95DUFCXIfQSaWb03k|AqBX0~i?vCbi)R-F z%083FfA*i}lXP_fXxfZW!N8#Qv=$9oPD3k$pw(LK#^g)VnM|#y(hF#|G(_Xp20kzc1bVUyXT9_tW^Za2qm3Ru zmtGpDHJYEoG@w$0zR}cgZc&n58W&0+x9B#@2r{s59MTi`1O*hp(wfY|;qNuZ=dLKM zj2nVoJ|XeQR>FjWhLD$&#xq;3G8Bd|a@})UZ%*Xwul0GZL?4QSw^7pWlL^f}VX4mL zB$|54hCQt$V*&pW+|6(92hVAl5llQ=y?7I2x=Q46W=${N6k^s%R#o^xKp>H|>Sh;v zB>Ih9t-J;;I}4^xZD{z_c{};s354rTC}($z?~H|e;s!&w=CoC!5}5@KB@7i>>2H_k zItut`DGOiH0I>|8kkI7z9620Dt?x5An;8J$+iftqO81JA8c`!ACuQ>VoSNv=R>#>v zfIjgttlT7fnE#0Tq#o2H<22sr+e^QBxQridR>`8*z){PP{@8sXl}b979n2shp8Z<| zs{%lf)*-Y@seA^00iZE7r(0}GjcgIFCGrOdU$P?T!4+CJ8gz39oEDxFdLDb@!au_v zfQ}(ncp$ghDzS!JxzWZsz^!x3mj13gR24bO2qKy*fhyC*Hk%wKQ{PSpaMozxAWkkL z_AUBr>ea=KxLgOzF3Ek)E{|5Zl!7S-ewLI5V-iEAwCu3-LK_%gCnhs-nV1VGR;49} z4M_|t`i#P>{?y&H!@;a7I9NNTo;P^p_msSQZP&Dr7q|<*ets%v6w2s9Vh}*#KI|>F z4Z1XNGAYq8wFoh*HUPsleXSHIZOsyK57jq9Np`ta>|wHrtYlB&Z~0#T_2{(T9MsiO ze*q#WeZxwEoUYY0_234MgE8WhPY`ss+Fvc>O$dYq_|BWhe~%xjUtUeLn>gWUFXq0M zkRyLdTH(HS0vk(fb6)+01_d#(n|M6@enpL=SD5oK^l2#h67yO%8#Mr7-vZ=TRI z0gEApQ=Las6S<8V&`?`OdsA%8F?!t;EM8pHE!%Y*42TNRy-umtx zGj;tRMpVB&*R1lblNfgmpeNDq~ zoGtaHoIG6#L7V`aukNHodet-ol2t3;qQ4scP@*%%f*3rVdW_ASRuKfi+?ea1wu}bWXzTbD0lQEw`k&1VuDb zTkD!6F^EXiQGHI!rm<4rrbzh+-wB1Z9*g2X-@bk7^CMt*jqUKVY z@H{M3T_1Ot<7#UB^VLDwjVzfvpZ}^Q)7=Gx9<)|`LEVp;4x2p&XjLt1+)(jCU@oWH?mjHGmfI-HvE6nf~BaklT8~{~~F;+K?e|(#3GXf!`dk-JETTdh(fJgLn zE|WPdFIJ^1?){-57*L>*Sg0MACL2p*fQ8WEFUkitv;Z~0L5x--I;qgu;EB%EyS&D6 z7HCM^5BA3rB(Vm%Rw@LA2ic*qAS&RePy9!R7}DeT0d=TA+uaZ1WVaKLK32gLWy6#e`ghWi zZD6xia6SRvk_1g%C6`J9UiPxyRWwac2J}v3Z1}Mv55P_o2(BX20-45$46i_@e(a5( zHqJcuV->hCcL2aBJXAasCa9iv5RE(Pz5UaV((oOsiwFHHgx~m;0^+{^97mxs$&$>{ zx)@wYtffpqvcOVVmu|7r&U$b--dC`q;Ymrhp3f3!G!#lXGhRe0=W3%a4VIN1ovWXc!wU~!p3M30Qx5ubuB>}5W6?F4&l&P{@iiy8jxnrE zvxx?u^VkXJIW~RS4#@@x;p`U;c@`;v3*KGu=X^KKgfJGK3CScU`+(ZQ{21=+OH_c} zYX132o>e1j%#f>B<7MB*f|MfGOL*4cw|SwT3HCegPocr<4TS~%S+rQ7bT5er&$kl0 zl_RAop_pChU%Uzd+@$7}ea;JedjY;G#>V@iVv4&aS@~;=?(~uF`?H$F$Sx@hOojt$ z{Y%FDS$j2UO8ZI-H4|P;0z6JtAc~?KSRf%xpw_T-ys=DT&Wh#$(0^Lk`nmMQDPYR5 zu(C)L*H`xStstMl#Ue>UIXr*Eqs<1@H4pCX~Q}BQx7sGN)-(Js1F)Wgf|^ z^{aWT6{`HFV@Y9ZX8hgaNfQ0#WFNCdF9tE5-w{hMLdl-S~jd zl5swc>nZ-!_Ns8M=Nh6JUfG&>{N2CNBb1^29*l;S4ApE?=~11RRGp?qnw;H@y`0Q@u0p8SU`xv0D2se zF+^P9YHe~tH@DiiQ90Y2g!g(kM2Zt_s=H3~AO1J)GaCu{C;6>yY%wqwj0m06hp;SF z09;&Kn7Oz$E+i<7^NCyYEcGE%!9BLJ2YNgKV)_r0Jx|8hL2k=_ghHVy4XN5Ips&>X z7v)Nve;9<{pOP7Byuo%^AN_%uak0jF>ItFSRcL?d_%#nGBytWb$Pj{0n zdt4|Q_zB(ioz9GAilL!Vd>UWRuFGcbg#t1AS_YGL^DX*Xg<84BK&vi` z< zkERu-%_Y9|zr81P*R7#v4x}Lgr-5Hs8w~h23oQSEcvCUI&oq|=s;Yu02atK<;<@$# z)q?;$%n`ISnw$zO2S8sXF#mCneZ5h7Y#%DP@Pc6a_B!FyB8=t*K>@L?EO_>c5+C1U z$dpshc94Yxu{a%4^?{4U`- z3c(MwwoWIik5-llg(mH=kb=CwgP0pSkV?ywV2(l}9W14W3wMLoQc^D_5eGbSN2OYx z5IaW!DgL-{9)}i@RWuI9>a&k9*j(f@giBgyvL^gW%LTg@s;YJ!MynGx7B`pbV9RTC z!Z@(N)FOC6md5?&AwkIIHHjZNjn^v#GK6o8R(fMSym25J1ru}GcQ2ztsY6`$T}@~X zJfk0VQS!Q7r$Tyrx^<2%;@7jQ?jNW|psZS*4dbc32w|q#>+$lFi|1gb27Dx<0wEYm zDbHxY1C64IL+tNJr+Fcf;LvTbxD!!g-iuzd!bkP}t%uzcH((#cM0u{|aJ|m;x$P$; zx`7r)K5Ko9*v(zj{$ygK)!S0u)i=T~Pcgf5l;dgJTjK8*O8)WZJ5d^`i>TvhwQj`2 zE|d}ajz*ovKh3KP$Yh>ZXb@C~==s+Avw9XYvF8{-3o8Mp2@BuviDgk0_1=M?XSiPp&;|hg1M-*IMK(F|m_GDY&KFz9Pryq)?9CMB5oV6- zL{@Tc`g`dhrkCB=fP|Oe3(9~Ni;x5REJvN9fdJi-pB~_xZ>Ib4JP#mh>ix>u&mJnn z!_XwN<#nE4y%W2^;D@0=Vg$Ot=QWdEqY5}PFB8Uhy^O~G0HhN<6q1$q%?o@AQA&2_ zsiijYQ0tc}Vi#Mnbit6>cOW6125}8EiSC|yod*3Q1R(P>0~U2X7EbP=v+@k*nqGxz zpA3y8P@(b_Gj#VW;FMN?0X$Ge%ypC~y~Ld6hlv?D>pcdYRYezt z7Q&wO0+|$-AT&90U5QxoZ5;O{@{uc$%CCj~EE{-=aM=ql5oF$e74-(zEc5?(y6<;3 z-*|!J*<#1u#NNc-8nHLEV((3*Y87ph2(?SAb~Q?E8bzyS1U0ItwpLY9RcdzY`Z_u1 zhw~RC_m%55ACLaNThxi!_J<##k+-dW zgKi(8d)f;|V#0qjb8RF&o|w5VkiIeIn3(cN;N)ca-{H+5U5x9d{THE+zXC6xS%e;E z&G@VB89+RCA3v;^*?r%0Q5>eyYn5cX$LNm+y=F7z=Pio5?m-2ki&79|>Nm!K-$2i% zyr+$9VMBW|3@@<9d~3d6I+8^u6dYwIodBR+*0dcx3^is&POpm3@uO^KJ48X5(C3Zb z<(LG$9xh6_@EE`66fpv#D-S{gWSAqr&gDZ|jYXspySq(aAGur#S>50L|2v zY;?cXh=`ISZwiN_4;9J8p?yCl<$0RWz+i?*QQ)a>Y0&w^^leE925sz^5H$NUoki|S znT`#LQ?lT_muvhW+~qYPl5&;&-lqWyqA8FfHSmm+^NqF_(}QmrkrXIN-lvV&^NT5Iw?C}q1q_WngzlM0g1z> z*)ClRK|;0hvFEH3)lLEDGfB7kG-b<3#4oZOV^ALeQ1$E!sm}EZf&xI0ujKrYjBHGz zM~ecMf8+oL|&J~r{S+(ZRt(0146k_X+SwQ z;7J~klERciB4MLlUwf_uUCzORT%54>6xjSF=nh1>o?BfF0Q5i>xHx$T!TBMj0be<@ zpadY<3JyR3ZBO7KRG^Sk?1RTyExkaQ0FZeA*c5*~4wYvUe!ZnBO&OKmBbyCA$zw+s zRqz73Wc)5$InO$zW0#1P25b z71C)4q4~m&vfLIqkb3}~pU6v|jBPo~zP?s^BL$ukcXCyAIekdid1N=^TuMpzqay2H z7knDSOu@z9cThiI(k3og4yR&{`Qk=RtxG5Su&F6lbUIom9 z6rM01ET^h^#-37$>MLnNMK=O**MGrpoHpIif`gA+XW4Emei_qh0g$i{wQdJb!nL1&4`N9s2rf=X(iiEY4QIl z3T+=R9cQzjQh=!WD%1%K^SJEF)K$gow3FThozq+HcoSir5~y`L6`o(9cgLEsV&b&K zpHKSpBI#~7pz=wD1rl6yHWkl+vT+T7WTPtUDk^Jq^$v0@+E)M+y}M7LPI-$;Fw8_Y(PFe4YhStGDmv)TpQ0(th}BrPk?AR~k&$>DH%)pdqJI zjK3a~Yx`Ew*8dt{ zfPmWIn{pJ&A|rrzo!XP-7_caE@+qVHbQ!CDHS@Uh)mbAWn*-*U_MUC+fk4{3n-n6NRmxpLZZJMcyl>(V%YOki=Tu=bMj%rVC0vA`79Yz2z@71RZbmZ%oy-Llp2nhNlc&EOy z{NPN%b0w>#>Z$&FEw|b52bZ-OIPedZS76{k2tbHJcXZ^VD1%F|>=O^>XB6$<6wb7s zaVF3x7{q5l6xeSo2DB?pwO27d6c>8v;1#R9lKR$$ygA*@{Ik$Z5y(shXzbtbNv=Ke zD*2M!0!BMGltu>UmdJm!m!9`*Ss-!Z?{fx#|6^)Y5~?0#0K3n_7GRh3$0=#QTWP61 z2hF8ObdJw_k9bq(PsVoB)xvPy?(n=vZ~B@Kn<`%E_w!M31x$~l%9{^+LzBF_(uIor z^}D#Ful30K_cFtimC}+W=Bwb|k>X^R$7Vh3XUv^7 zRdxJ`J{LSB6~|crEJn~4VuN_}Yl{BMG?q6v-$gRSJGIYJhT{+qqrKaim+o57KT@$Q zuOH}XJ#fXgtD9lq%06x^t>~H%$>L|ms(N;tLKF|O!k^MBfdoEkiPkRaUJ`;?+dPpw z^;mChR1|JI(;DJzJ?FK5+lVscx;SJ5V9xfcibpo4{)F154aZZ4XQ{xy`@`Xi9jZ^p z7OQSEBY^S0p-f8GH2+ZZbjGRu7kOsF_}hxUD@4tCgI+Mx(9*P6G>yUsTVV!^RpXS` zD2i)Oa$uue-a`mHC>7PG{Wm~)1Ag>p$e;~;{4>Eb;L*?iVGFx4@w0svaf8R4^Du41 z6g(OdGp*{G6Zt|2=7}FqV$SDS3w2uyt&SOYKL`~pEt;$fk_?YK{vq2ZsOgHLJ!pJ7 zQZXojfEj%p^gv7iU=uX$7=hg!H4a{N<2Uze3j`6S*Nk33$ z%V+oKdnNgZjBXkId6_869YGi`Ix@w{vOMnzYn2|Us9@`jgGY2FSK0(UL-?s`X6ggz zYV~M#3scV%U_2tk(+MI$etvymSmAK^SKe^Ro3sMU6q&Q%34$`$f@2`(XQpZlr~Pfx zzA4SQ9N<9N(}t}<%=}kMb9&!^ZvWTP+Q0MQmG>=7*}TzDkKU4kb?>@&iZ8SU3u|<} zy>+2fP}ZLe0D@k-DDY9nft)wm=GvH=$&A8OU_A2H>$L^bwT0Ke7f$n-SDC?U1J#M> zlzm} zR0iD>u6Doj#HIh4H*0`eOKG^QQbfXpu$4#cg!=OJ#mRxiQ7A-q1CA?bYNkResVr60 zr%VCQ?tEHW%^zM+e%p(O_MR-o_(0mNjBg+63!Nc{XNsYYmIK3+bP{!a*B5H~FAuCX zhmKu={<{8XLcdZ5QPQk@Z}8P5wlOicLPoH<%{MY`jYfG5?P@>Q^RM-f2DIH-U2jV= zF%cYb2%sAI6r$Ih$)nZCrHR3{Z{>r7mK`sRwif;|_HHoI<%}sLLoZ<2eLiIpKLSRuUZ6Fl`g{4pLc#Mt zwo9@{Of&Nzm*3`|^Ml?JS?Q<)Ctle-IBR-Yoencn*}YY;&Yb@kxJSMF_x@sYieNH= zB}d0$NMVBn>1zSNMG_9L&l^3Suc&IYa^KLJ{=i*eQL!tAFgApQ?S!)d&1Ti zOhd*W-N|4(Bm;lKf|N4Dm70S}GUM+(rjDYu2^`DJ$&#wdN`~l)X3fJm+^!IL*F|_& zt!7>Qzn6t?sV3N!&jnqyhy+olxa-gM)x)tfgI&YfT_ctEKzYPH!@X}l1BYHEpIOXz7FYhRO~2h5 zn9^k^|Mew3XC7XV)mX@|W)S=K&)}Kp5SRUl;g(p;E9i&lE8JK2>7X+o+vL#Eel_ZI z3zZQ|sUEC=R8bFN9hh6t%-!>!r`ivm4Sim*Sw=P8|8gDgk52gq8s`W&H0)Tv`TRX> za+i2CyX|*${BO!PHQg-$58KTZESvUS+AH0A;CkhHn{V=;q4|A*v+(N9Po zPYl|rivB6bI$yOOoR*!vJ1rKF8RtagE2LiJp2t==Qrv!vWz!`}H{6Dau9s*W( z7B(l06S-vFx+97^gEG04d6l{&rUa~?!T7DuM@ppHacP826m11fbHjL*tZ&9p0!_`T zRJpsOLY*2NZtK%w1~Qe}wx|)_;-o8SX64o6He*cwgP-^91A<<)8|cL0frOtw61{sV z9%JcZt^qT>)Zj@di(P}yllUA?o~Cq9#Ln|74qmDJBd65_u9wY{O1h{QKn#gB)RL4^ zM?M3;;nxU46YkYnZ;WK7rJIZuOG@iqdKy9)wc*?;o}{38=#`b?yGUR1G8cfJR_HN}ahj{P8R%0~aAcmw% zv>e@3p(9J=xhRvI_ZSm%J-49T?I%_7UpB4P>lY-NYBkkb`t4~MwK807c!Ip1Ho^ob zv?KX!sOOO&?s@y8>A2yCa0qS|086LN_OS@ZpdWDiP)r`|66ZS^nR^hU%(j%X5e;S~ zz-MPp=lu;PmJamA9$l=Ni4F_rO=odI`Mz49LozdgSyYEL-faVer4@U+N991hT&+VJ zq)LLtTR!`2N-=tz|Lm}QsJ*hl#I>dlgz0s79p`Dyz4|ny3#BZscCDH*tMp9YyESW2 z_q`R}cY5G5^5@7@X?`48GCz;uurJBgroro+7tl)WW7cW;U@*4 zq-MHp7c!sIbfaKgw*ytcOq85HBrjV%-+h#I2OelCdlWAbg!sL<5kyT!5`!)C|6*mv zF6yhdd}$ld`cRT-B*Vj>yR5*)q~3h5MSr!#{f*sh_NC|1=k97NYdyyZMhuqn>Zn5M z%vl`A*Lr?`GW}o_kPIH$4Tzyg?*|8){np!^7syy zRWQg^#qfoL8ZpQ&0F+@cIT@|q|58xUDTKg*e+m-87GQY+XP|9y$IJKCyoJ@xg+SX8 zIthwa77jedDiLv(jlWG<$1RPKdg4q%dABzgf0~Xp$HbrHiLsFI!`g$EImxvEu4HZU ze?5%ne&;Pd_OnDA9!A)R0fzCG->$cmm0X4rE#kp#2 znRklH`!q5yTnozyN^g+s14y*veSD-rzLsUc^cQ)o!gXNQP(1565*D!`t-6^FoBiA2 zJlc(h6jAyS5>%aIPb%_P5{p}jwZblLMO+z2!JG@A805=%eQWiX78(nYi`2bj$YmXt8k^Jql7c-z6MkhrubMCJcH zZEM19S{}8%c0D5{-L-!&>kr^6hq=3{H5$o<=zkMfyGi#dmPeSqir$DE;71Jb7-kD9 z6agzUN8&K*rpuTQi%(P2PU@I`dfCf%qrm8ZPQIw+i~(imry32NX@VnfJxjU<44#^$ z2q<#dVnJMAy&r_C?)$a>wVMK+Il1iF$vV#MaCQIw{tP%6K|SOCHqA~`7#KnjbVxij z=Bs8Im%JGnRm*AU698_GAETl^I$T)ux`Z&IwtXu)KA;lTJ%kw|8yByh4^DM1{ zE-Qao%7YDtX6^vORxq1T1FI3v>6kaZmRK6=4-lu!=N$wQ2^MM4$UDfVy+OZ8mHrXT z1^DNo`j@pI5CM@C+{_a0LdrBz%`QK)XSTkPyl|sSvtcg4Q@U|==$!5Mn}>(nbHD7S z0h}JqccwMZlLyj<6Y-9MEvZtPi#HK_~O8wa% zB}sD!f*gZ}=IzQJE=bOWFa?MX)!g{IaE)z0?%z21Kl#Bu)@6EtcbB=dHWSsqK49*H4J%r-)Id>UP^G-Y^Al zZJ`jmx^g58%V|cU?i0pkT~!KN$>*L37UH~2b)xX>)6?Vnk5MdHNDTsK$>93w{_vnjTCZM|E z%dbX_#!NsNNM;i`p%lV0vjv(23QQx|0I1wlLWrwHh`Kn}Zw=KGd^k(3RXUnsxAiQM z@^omA5bG*I51ngGs(BaJi>W`b7zNql37#RA&+>FUA(biJ<{31MP}?x*jU~L21w0DG zb6cS`CqDgdDJm}<$dksB%qOA8 zK}4LCwPm#C^vcb;z^S;)){h2C3x)CR1I*RcMc&(%chd6(uz1N7f~B0sU6!X0S_wR8 zGq4$v@EI=(=;lRDqRRnM5eCiq1})z}B`+r*t=h2YW}3sNoRIfAm8QND>3pp~4@+fF z%(F65pK#j99OI?%a%_hXxAYKwPWSd?}eiFEfL(8ExJhk6DADC-^}*`{WqwS4#SSgY5OkCVp1| ztJch~B+ONJvn*EO1EVRL&+Om0SefWbM&Uq4<@j+H42%mSE(MZk0vcmE^n+(tBU(kt z7<3(m9Z%mB;N<{QJ~+sC&kBUnGmG~S{u6+b;&Z3>17GayE0m0=O;bN&UZkfxuFTwF zt^l)_1B9^zNi2bn>L^U6NzQ}K%)qKClngr{SQ-Q}T96zk1h4i#N;Sv;5E$;$5}V9y zAwUqNoMQuM<&@#$M6}|s=uZ*;ih*Jyx|>h%w@XaVxD1`S?O&w2I`Z9Dm{~UQ^=UsX zDI53(K%*c$DIk10MfL1@@J)mL`f(2S4N+&`(>~cZC=L z#tb+`6^aFK*TO9!qVD8^+hvk@0Lh~qDuyQ%|DukVLR}GACzW?qu`ZtzTs#dOc|x6g z6Q1+Ep5VVto<@+S$_cU&KqwY3Q2u-xo#8MK7H%R4S^@cRu5_Qk(zjmobkRI0Lk!?B zSzjP{2cSCdYX7#X;8w@(H_&+_J$5v~J^@nh0(Na;EMZYED}Q~dK2zG-meW_nFV@7h z)jZ&i3txeAikdr1=X3E04Hgq351e!+_1xY1t-GZNSc5+!&K`U(ojBp+w3?kE9t(`l zcYxd5P1|`4=gv3&EfC9rXyNrlsX%c&-OtD@ArbaaQvm@${w5;f-vIHg;bm9s{lW3T z&}Dc$_8A(aUwz{n4h0&v2eKoYU6vGl2$#2C2 zw7L82g~{H44{v#2W}KP+&cLR4+6sdZr^Qkf4-2OZ354JsHXVK8>=3w+jh8Wdd$}O1t0^~vZ2i~jic}2ZNn?ATq z1{Emk&8iB=~zmSjR?M;I?4Beo{u zEce0__8(!43IMt>BIxw~vWmZGKxo1R2zK2)>1uH2Ta`|uOs?Kg@bl2^?nUS=qpNH? z*M{;$spl=UBV@v!K(j#>8$flcsyI5+DVwC<6mj1#O1dv1-=d`8>0*qLe-ZDVyL({L zx{8j&9!(u=`8-%?=e=KEr1Wnf@<({Lg&yBaK=uZxrh!IPU<6S>&toF~(ts{-sPZYG z;VAn4)0fUF@2`h4#Axk3c)qB^8;MQIC`x)Sz1q=nG=rPM;Y422d_e7TL05NJ5Twf zy#u_l*6|Yuv?OnK-9Jbh3RlOm2dp1l`=Ka{RFf@VIH#QhLT32lAW-T9{S(6LqoXC! zV?sgf{X4P71NpK6;I;oAjT#f&EW#gzd?1zfe zK(_GA>@fAo=Q#PL5!T03Y;*c|TnU1^V6&HpW2MJj$A=b9;GdImor$l`xX7DYKaM+x zKJsA+JcxJc+L%70?I&*0<}#gUr2U&%d=QQ#>l80uj#EDc$mEU4J0|G1e_7~{7r4SA z7ywR4%6O#}sS_5;rSp0H!e<+{3sqje|192>$;`h^|GEmb>e8l7C)n7gQ_#;ML8lrD z`P;>4ysTW7(<#Wrkr+e;S|ju7a^lVBa2Ai_Er*{?I03aI-dh#~qmG~2z5C{1x%b-q ztyV)!TB$d_P1!BHv*b!h!uQWZo?D{G9Iz8U$cf0|Dzisk_4i9!5PCOW`WM}1z+U$-XKOCCJCEru_>5!b4H zv7+qPuSX88M+v+#Z5oYHcj8VvAALlh0?Ek~XE(dRABz1SDe_V|4abSD1_{Ls%vTIn znTJ!|XHpFgPnae_y1QWdV({S*XGG>tWJ>E1SWkP;82>plnQ-U9$NnbZ!fm6Ulzw>V z_d3VU_oi+|XnccZ=24cl$E!98itxw-Lt41?=nZ?zGvb*f4mfQYPQT{p902LmxfmBs z5~lpUHkYokvH1Ms->l@*>7fH@Q1?B)osxYZ=oHK=8GnP$7O^M5P7}ZU0iaHa45t+e z6wvB}D{qFc=*|3VU_D@>b0WA5ivQ~oo~xS-+0GzKWv{W_fI{JdwdKzDJGDZhVF%T? zz!%VBZZlNFZc{OwL)tc~NZ2|HQOm0!3josMY154A1oF3s6V}gk0ZCt!5NO*bDA16* z^QJi-4-hkq!3U0m&ja0X+_eZgu+Zk!1Ka)dU2&NbG;veeHVLrW9koOcV?F|`^~Qf( zP)35eE6bT_wewu&V#$RS z&M>>i%Rri_A7Jx(v;iwXNWnkEgjq&uWAQbYE|vh58R97hK*xBl3uhy>btH10nI~`M zylTec#WmNy;}L0>WtWp%mvvbSUqWPTE?-e2`laq`Em(>jd%6~zf4QRR&;7HY{@vAo zzZe1{8iAXcqL9Bp2%M3Vf)r3n4?KgajX^X50sh?LBpxq1N8rZoL=DVN6!nm(xqLNK z;_ij!lrmpD4Vs-7AZ$Y8*Gr$sRerP_5iGA;DC=~iP8d>;*?+P$UmS*<%DP#ib=jY( z(!?5eO`(0m-}b)eR3#Y6Vug=pz)ukwtRY-1%1nkEx22*L5II?wWKL@DOoiQ-?UMZQ ztIg{g?ZZeSUN8vGpZ0+)Dfx)<<*=^ROh3{j%Qtr~RgQz!%q*LdN@I+qj975Tgh)l* z5{PUdSxH_7t+uqm-ATO3tMmXYHBbnS|P9>CH_~p8H4kSpN4)*goLu*ZAbhrsrxhG6~&KlKPp=( zE)J}~rl9-X6C(&`i~<2Cvwx1$`3#L&9aS_^FoHHCtQSf!hD9l^@->737_8yEF^Ka! zuf&t=astCiAADe7qWk1>h=$zdk>T0Kn+f%Cn)|`;@Ijd<@5In+p+U<5iF5l{hCjU<09K@3pf3R^Gd%_p0;nmPp8yroal=h0 zvZ6`%ON6ES7&i|kMK9$ks5rdN3*wOL(kAg(;l8;FNM3DUoRi&&20py4MtXONB)GI} zQ89M$tWcHXxya|q%5$ecFa$?+c)EC7fko)nM&cAd#JW&;c=f`IvvIT+(F4#gph zQgs>wK)g6>`AmpBnZNg9Zgkj7Ec6D``R0rwPNN2&8-m&OSt$w47Yg}A6M&MIdj z(1J;>nu?ajhOgC)W)w?~#EQ+^6c(|oEi$jJ!CVWyO`~A{Q8N)FG?)#r<0A4a6OB0B!k9Gx@vsd10|0hma^XwFw!E1c)3zJXz!-%?n5VgVMd42#6qNHe-(xCVeRAdB6K2%GGc z_{GCa{fIz3o!w=9eeYZS99-ym%$Ve{ra}kXSU}LLj5li%ENSZo@0-XL*;fm;p|K^w ztzOx#u+^X_bzGQRH{-hwu8o+&zc`lpkW(AL(~cU4SvlVV zVaY6^BneLU4O~U>rLdd#^}MclBfxEBR^H^%@%V;IHuq247#(V%fo&YLL+97_~ z!LM)P8$@oH&gq<0MG?z?PnNAPKNd=# z!@|R1f%j@3@d2iX#wq$&BkM_?lCTDq5A`*Z4unxIhj9n`f zSh~-r%N7Yw0B#qX=Q3cCEUt3F{O__{vb_p3oK7UTYta@Gk+@5jKMq{D_u-dUA2Cib zKXA9_2)dP~*7bTTHOw~LwFY|0e|$Ijc5AY?LTkekhEya zFV8&*LSC;ui&{25a%_5HK^WmWbrj(qxqj#y&+@J&n`e$NKIcYY3>eYHnYO!aXdu^h zHU$@6(-u}%zUMG}S0Z8%ITtodf4V`eD1=kIX#TvZj2=Gz7hthyaYxU+Chco zE`?T1QYhM1KH0DW`Pvg=)eHDoEY_vv{X0`sq|*XMEjq7%F(LY*HV4u-)>`;$zwCPg&9gI}CmNDq)|ibDQWqlRh$5&#TuP;^ z3hv6O)y7AVb4+-|Ur8un6BUsmpRi~m5hCHhi8XW4s2Q=Zqze?I8e|@qp%o1@hm4wZ zS|_i?c@ACeS(Ee-tEXJSt|Hc-N~~{+2??(^?SD(Eo(HfXz^bQ!fpHSaT)Bga?a#2NbxTx<8x4#Mo*~co=LgMdQ(JUKJmjv{PN!mGs z`E-Q9;$o*%a3FjQ}U&O^b(!stXJoz7Q5}LdlWY59SGUe20y071*w-43gBK#ovdAyVvdaU2<=??&} zRrfuD!166^6NZFc5#93ZHL}@3fYPLK6($oIDYOWMiYg+A=PoDy3(0#Ve|4HZS}%Kt zhQ1R8_KG#-`6PEYY-6~9D_ZMD3Vv%VqR4b$f}vLYCvGgH>75YX;$lu1mz9FC{&Klr zR09kRItXuM0;uIotqasPv)#>0o$;T}ab}WbfrR5|09D**!E_Xlgkz9}e{cRRp2Mg) z%JoixvnWbK;JpSaXa0@wNAy8qYUdE)p~WYjHK4Iq%k8i?qD4S^{qyY8n2S~*wg4Jx zz1pH#{%Kg-(+h2V2(gybXvrk_6Ob&Sb=ZA82Mb`t%r9>hn2TE29W82a6*?42Yaiq>9wH6C~v2Sg3~7g!_` zcuxTWMJ6guCW7Me9(>BA!ogG` zza>X6qfCGaCyYT&*+uSv#$SZauO9)ZfcI#s%R8voPgNf;#^u35RobqS+FKl4J4X*e zNAbuy;W0({v7r_*f%dZS1M!_PEG}?Pz8d`wbo61{c9?!Radn4T_5vaw&CjpQa2?;b z{a)}v=WXNVcxfvYVmpr#7cafgz&)Za2T*{Et7a3VOH2eqzyc{{02Xy|Nd~QB9DBG% zWtQtc;I0S2e;*~~d>*Z7v>gy-nsOk>{kgJ;DNe=dqawXDpKvDj^E3KguDbkPBJa;w zc`3kqw)$vv5iMR~+xcQX|#L>2H zgsJv6T3eUMzWY|w|I%JiCbBL;Yd;jTc&w9l$-huTPXm8$wORXB>D#M$DN01a0}%T* z&EVNr6?l)+{#UuxF5|pnUVn#k4EuwiZ=7&tlMD-`xrZ+dtH8^XKI! zK{ZOh3cPBP-bU+g9r9+1lRwauW@rY?-*sG*La#pzo;kyud!sR+OZ!0P$i(0*(2Q;j zz!xxr4f=tSVnV&bp$Pe+$2BeZvwE(-BiMeJR`CT5`m;oaAYYC_4fTjcfmIJck`WoY zBn(GLol*!!#wphJ?0Y9VreZK*Lq5~4KXUT7%z3sjP5388Qa4b8=J=7QLL#bQf9Q<) zq|Ff}agU6iJx-#Xztu}6?J%RcmR+y=ZLu8=Km5V(jVCOrciroZ%}A`5_ast3yZii9 zIg({VB%?lwsUtI_C%>zNm}(F7uy0V$+7o1)6ceuQ^uA>}>0VgH9z4iI8E6$+=^t zu18Up$FL=Jk7wJ&rVUA|KB-_Vjv)>OG!RiN6m#&Rwj`ql#m8hvc;yJmO@C>8v zrK8<-ntO)Zcn;tPVDj0e0~ULw$r^m$b)ESVRjA2wN?i4PUIN5L-Xc*wh z9b+M7MpL{s!q)VTnX5aB>rg1swJ|P^dt9|13&(v&ts+SRGt7@rbosD z4^z~`Hx8ffdJk(U&_Nn*Aj?`74{lGO=n~sCxXstgcl%RxZE1;w5tfqisvkQVEwK)k z8HLZjrj1sswCU6jTOaIozBMN#Wzm|-&)zjE60W$)H4T43Ur%jrO+tJ#Xt_ZZ^r1pG zfTDJLB0dkw&S{E_^|dwbWE?{(9Ai5!!3F*XY9UOu@>fyZX_j-}#bj=>kNJrhnBPf` z&E=cub}_hXkoQ@>J|2#*)(nDtq4gfqbOw_9@BB%%%rmGnI9kn!=ureHjZHqCPRzwVVCu>%v z8Tv5S%42EQyi9n^GHdF3Z9fXz@o9USx%k&CX1z0mgLuQpeh$Ijwm?CF)M-)R~HDmv6rFyOzxi5>m2@l{4@a--h+ z?=sT{4!Zum@dokE{QI-`ucp<|rieeGWD;DCrvno+1ztV|eQ)W{=q9291)yv=yg3SD z<~No#!@L)|QgV*={aR{?s>u%qU2ZEAlVNpeV=BTGhbWh)UAVHFp|yAJFJRl)w$Ydk zBDvpxb>hJlR9MCY*i4(SRaEhiG|mJCf;cr3%F*s)+3Z}1hbbJv76n3joJ=PiAy&nb z)}<^c03BEW+hw^5;0cW8rFOLsb8IS9d}}YRv??`@n{L|y{NkvQY7PcZ`)a_ z+4`1>_$8iPZh6n1C{~FNXVG~ae4p3U(s(gmJ&{7)_rI1pyn#gt0Vrup7l64B)kAN7 zFH&WTU3FsQYB-=n4|xLYi!u&X)XAcIp|(D(71HM6oTz%Z^F6ccBGzT=%bbZ(#fly+ z4!_hIq-~8%GgqfxesuI|CjQX&>W*}E2x&4-6-FYH^|I3UvhVS~&61dwMoC?^Ff>Sw4N?#se`t zZc`Auo-eM7m+rBjE&jU@n`j)H1hlM(%4URd*&()KRHZCgA4vomh0QN7y1V?ahmr8L zp8S-PO>b;K;HK$07mkZ&bzXt@Zgcei;gA2NFJL<<+C~4$J-@VT17UcnLwWmS3W~_&`nFm8c#{=IN z-z*P#V}3~8^w(Hn;&)1NS17AfZh4GwQOnJljNXCB*G=|5xm}ghux5TY$HC+2$Ak!- z1-j(0U1<0Po#)py=#6~W(hj3)6qp-{f-sWJ8-+vM$?c zc43ax&b_HR`~9i?r_diQNfw_I9WWW)P;%$HNlsa9=-)Ynq`&`{nJJ3lrRS1mpzw`_ z``7eDFiW{C^>JgJ;816g{cg!JvFFev{@qsxXt$O(cTC{84QT0DnDoTKg!^=W=+{*) zwNXe0Ki3=bS89UPp7U6$yz3_B;S%kLkH@L!n))3 zfb%*kBCvp6;D%9b+8bC^IKr<2#T5?6hPy9M?Dx#asUEC@NdX{J(F>u{MECcpw{k_* zM~aKjo>d@ndWY%-95Q+HgZQ~$-^!Bzym?)0tWzgl24rl zkF4?J=jZMTF7F1HYxk+~A4XQa!RujyBA!A9iB_U>IN14L9F?!Y^oysAqvfxPvJ~>% zuui4!FyV%IchC^SgGbrQc#*QNy+RQ*&3HPH6Ul~oqp-S1FGYEBdxy9dzal1e!bE!)eh*$45>O9W_ z?QT_G*s4K_IWdS2e7i4$H<7yM=5nq*?z%zs+TCS7>r3}sYK&c|pm`h~Ocn=yNq0Eo z&krEMm%r8s?S+F;-$h!Kad}{*+)b)()KfM@vo9q2}(bz$*2u`QrRy${dha?ekR*0?z5d_g-GM7gFY zD1iLu+c?P6-G&h%EpD*@bPwFNJ+(pASA;?JN1dTUg*_?kZGhL_@>6;)ir*P;J|1Dx z+3N*@$z(T+X9g_wf8u!(zO^6k#(7H$cdwxur{vHR%57QmGFuQQwml0MoJ*TR8+e?GSr@-Za67hS1)Ay7a@FPvqOR;49i2I|;9iA2 z7XItl#UBIR6nq>!b^C-^uGkCW#%n3}U^vg4i&*912L?E8_MJ1^&RKp&?K(M2OHu8Q|2xmWk#bu- zDa}1d*HQanvK&(YUa03*>`K9H+?k8XyhAd0K`64yb~wpNBP(`;~lT2v-_0oXK5jA9@@5eY7!0U z4f0%nh_Lux#CW$-Gbro=^ix0vYlJvs74q}@HI^WbJE~*G-k)JI&%)3AuPx2-ohn6k z?B00B3)*aE=RfsE-Q1tb!F6b~|8J?N8@o6Mc9W8Bs(j3I4p-CgWk ztomu&9xOc@}!_?aAzajfIm$KD)!bL`Er zw~n$hvSrpe$H+=XLa0NM%HFFwL}ns0p+kz0s1)g&`~0r^zV1K4bsgvMIq%o=aU=cE z*t|+OS1`=q$k3~M&3I4c?9UB_)I#PfDFy+oBk$JYzpjP-G*&gN6a09x9L z^J6{vnJgBb@51e{9hvY^NN6YfhSJA3ZxgJJ=I%qUQU=+k(fx82cZ^W`kF^bwMsiZN z?mSmrwto?xmKv$?aY?ExTlm#2?K$D@ZLfo~S4D+#OTSMQDNIN*AW?gpSpt4acX)U^ z;XBfBtv%(h)iuNKSL$xgNBmbg znx6+>*m+}kz8~R#Vs)ORkT0Qt$&=^C&Rl~Jtu%gV(+=oy=RqcO;5 zrW`qLF~%(;*1wvOTdJ6^`nDfgUcQ&wEnU0?zxCz6+a~{hWkS6$9*2r_Kbi;p<>(nA z>1Ac^>)TEQQ=O%`UD?H_T5A7hNeXzomUgxAqrZ2?c2 zA2=pt5A&qEE0V2>iDTG8MgNH#+TpI4gY7{R`;P#2VV^b&G9YhvB3JGin5f@|yXS zGs}L9?Ns>)upa5?Xbz+ufhd7kvoin(bu_=q~ZUGE_;&3V&vc*qs%0VHQ%f5u(R%umQmTqFA6sf6QiKkCbL% zRt${*mS{t6jNz7uqlk1gc(4$Bd6w(lG-7Ucydi+Qvs%pdEu*HfxP6ZJji@y`!hu{3 zGaH&EL^;k`l9dy|xfjVPKnCi6?%-^E8h=p(9gU=ocptThJVh{aJ>}vqL}e0X&R- zo0E!!Pio2=(6l_Zr&TfHAqUDR0wL=ta#W;fd>|NaA#+O_Gr9p6o>eyhX^8Jfco%7; zwkusdtjhesvk(naBg_AgQTY_g(2C~PchWB2;J#A??zZFK`;L00q|+HA!j+3m2O?Kk ztF5Ac1-IAQh@iwe>1$~q<;PA7n76hXp5}VkiOqrjrTKv&y;}~M_+wa zlZQ&Z5(S{+cGO!%=|MJr=J^$t+dK;FqHL<>Yf@Xw`N+*D5BxxaTSu{Dr;LKN?6FE|-+i9dG~wJLdYj$nPYjsVIVxtJe) zXL)V%-^JY)GV944?iSHn=vW~%mhp}A&&q}snJX)dBA8^hS~2I0N;M^e<4?6*a%VR^ zg*c!X0B01t$v4beiX+}GkSVa*6Y0VjbBvvflXg>SME*>xlc$tPHql+Oy-zQGDg`)E zGrY&;Nso5Ekgo@y0SFZbXdF>t$PGr8jUBR=qM|>8-<@f!onRg0Y8>LS^F@YMKE3Eo znb$XEI{(Y#;wjjuX4*{DH1_98_dh=NS5XacyA$BC2&{?qVy>Ur{ee$qH>EG}8+jch zz~zvp?gK0=Tj#p0!^mRx zaYJ?FWu{}dK$o7x~hYR4T(00`PE2^n09!eb@DKhpTU%EG5w|Ka~PN^3kku6yl?&rL|048Q?B z$FT57EHDSlp5ts+y_93_lHr$^0bVS5u9>;^6d3I8Z)`NipTKlQ_`j2)&E;bo0T(3k z#K6``(dQ_C(h4ObF;1(W;SEt&L^y9_;S?&ca-qQZIENKo_#!t$fLz$SBr@bqq}<7q zP85!GXO0yvhO?#1SSd~}naP%ciPbjeUag4}GBv2%C5o;T4AER=%MwRq3Z{a!JMVmT zHolo7+MyXastg&R`PuGelI3L_c!mus7o(c_?2!#P>c&N-)CY)<%Xju{PVZLSD3NA- zKpG54=ur2Ba)}rMcgY3T>PhBmxeHpM8SPacJTi}d1F}2-{)RydcfR(T+T;@Q=?QOXLy~VH1ROgQRPG&-N?L@A51-Miuqzsi|}~fGidS)?f-kjQ9`7CltXG>T!o%m(1{w!c(#$Qb~Yg@T>qrm!ilMTj!t=0vpX9 zxI#=x{Ai4b($H<=B^hoBF4*|6_0spb+&1Tr1@a5>4-EqCbAVhcD?_h6I~vbiu52I^ zC`@m$4A-a(>AVkzlaTdnqG6y1DD`fm_MXzwp(5NfZ|LV~h8?@n41c z(@&+OikrO0Z`T)ijW~MKE)Q-SON#s*yx-sWfYSTai#u>|FpikV9%yjI4_QN@52kiV z^EO{nmTN~cOQ69$RMy46BhQu@0xMsIRw5A8E){ziZHI*>vYBo88A0C5@sIH(kBK`{ z6n^!5>ggURAFTLGQ9iRf817vNL`wKb25#_auIjfDC$Db8C{x4sy3LdPz`O}Kfy{81 z0(bw*ieF_wT1+dET3(|}=kQ!%hMc@a+RWp%L}u-+;(y4o%o~?QTV9Eek-};E#8UqYH?II`|R#9|$oH3frnKy`x#xmy^aw!*8#J$uBcX&|C z*J##6Jug|7_`au38GIWw$cEPCtPk)!Fj*vdy0?2+WXm%WwmT=hIu zqQ0IJt3%UGI+w2Zf!g(a8x`xk+TeGW=X*!xy+-i-IA4p?sC#eb~dLD&;zgq5M zXymeIm#%XA=X`0Ma(tGGts_7ew+pemxlp zMm}jSqp)9iDy#J#Hxm4q{p|RP&zHpG&(9trTGlQS?NRz_d&3MGS6J5X9@|!^-FyrkbvgZi^|{6@ z%xP9)j44VNihjwDdt5vHI(p%{>VH9=1mBJs646d<8DHuv69+J3cMLXVdFa0|rP7cW z4cELXJtrv9LUGK?o^UQ*j8;5w$zyjQe1zo%Ju913cmyyjOUUmTOyg@GsGpRRWO;Y5 z&_Y5>sMuQjRP45*r3XjJqmhEUk{qf>H#i`Wk&vfN&ly7-+NP~S8|bpMN?a~iW`B0g zonnW|O=LY_k{j`Jw8>5}OuAT`1Vvhr`!w6!@;>Yr<%(v7>=|)>{15u&T*H8!j}h*v z8zo&=dbv;fQB@)%Z~en;UXI6_R6H5nc`zCA;$NR9pow#Hro#38&x@1IB=I0Q_gICB z%3H4wT-G``Sy$Y;RzhTbN2!0MAJk5?wh-x$9?J^#ANQW|49Ji371sj<5idcSfWkqc zKmR6U-ssbFMW%yr33RTngHhA2HTxjDwkfrJjPHVFWn~weo9)r7-ua$Z(M^GPBfLXp zoJdS%aP`o*)TO%bfpSl`zE5H%^Hv~V_95@zBz?0DodH_72s1oQkBQW@%vH`2T~*VQ zl$(BB!zdpsksQ~Ky|>(Xi<5$I*o`2x=Y!}3Q*|%l&m}{#;Gj;RUj*{5-4!+Q9%U88XlD^#v zDZ1J`nz-0MeUG0$@3U-tDHgF0sOz$$>;7hU{Xdfo9${!X>{^R!=W-i-2xpC{N6orb zBBj3A+Iu@&Q{}quDC0CsVe}-0R8eaGn zD*PV{Kp0p#X!H#2>zY@nd0=9w165^_i!Y-@guOQ3yf~(jz@{W*7#YJ4_8Lv#RQKE= zqzJ8Az|570iW(xsV|1$NY3QRuZ)DzuzMIa|ktMu~hxo2Y$a&SU1nSc33{zJpGCN0% zi7#db!*+X}VIaPq(u38dS{p%Z+)QtJJEVKaQA+=O)Q6A<;eNvcJc{og5>8nX;xWq+ zSCk|*R~`~VdmTFVPbkBP!ldOhwgk;gsn%8~mkkae!eM#elvG>T`@>$WkbJ|yoxOP2 zf5s_A62dN5gXGyYl}2sAoGFC_VNaHyuH#sS8gs|`pR=!Ou#i?QdCtmZY+vL!n@>`0 zVSdV1ut+ul5xK!W(hyWSbQ?hJr68wti=_e`O54*fhJ{p5M`wzdz~WUL*Zy9@4@s9r z-3+#RcCS4%xk3l)pNFU{oK34)HLbJK&Hsb?%!b+MU-q>(StYv^ zSLC=qvQ=g^%7nn-$Vd`LpDUE(S`|bd<^|_#A#oiXrwIiE>CF+Kz{wka*zKnIIKzF<=Iyj~P#=x4ZhLq(VYg8)Gl?nUK=d9Td7vNFLro$jE;04H!_&vGnXY`TR{Ex~AR#E)|<1$A5thgCQcO z(Q&su&Q1-H4}QL}hcOM{;jh%ynbr-WzTGGO5HjifYRqc+dGz0H0t`nV{PVhs36K-#&CPvnbKCECDWOU9DhrHc&c-Q@gQ}=r zHzyK#vb5dALd52Y-am=LQfX#vob)*03zh3!^=U|{2&5a~^GlMvJ0MCWoy?Y|l9evv z4m52|vmHz0E+bx-pbfy;<$ow!W@T7M0a$S)7izlBa++Tjv6s_G1UA{?qn}mpP8u1N1MTVpJWCBZuq(rV=QijU)6WYVo#{Qkz0?3-~n6| z0C6W1Z;^FU7gK#lNWcMD;SQ?WA^sW7s&?mt0TUo8{=Wc!0zgiO7T`w#Q9uCf9B>5Vw`d^`rolL5yvJIqU*3S|p@tm_rUpe( zDuO(lw6P97tuOZf1N`3Oj_535PN=5|>``F(-N=a@IpfSJWTt(-ZsO2v+6_&JNtgFT z$K$z2I38`v(WPy>O82O?@sOCHHyN7gjCscD)1`{RV9Hx z))<2n-KzA!^#6`T_lsd>g;M!xuvj#W_Jzp{INzTv$6r*=e3Hu*e}oO z`xy^BQ0DHeIfW?ODb2R<@zR*R^+v~oJNMKk$iF6wRVwdkSgY6+Yj5A#&d5l@@_kfd zRBbDqf6kmJ|Lq&~<;U|v>k>>5cU^gV_E70C8?Ru#n7vA%jqzO7WY4u{0EWAxfSSm~ zc!+9zMFLD>83{9NYyr7w^in~5KW`TL@&@o%lYsQ(qhX}>py35$`vgz!!%%bQuuOMYv* z5DGus;_|2J8?<_NTnp{H4onle)2ykstzU7xzb(UDLfK~XeTmX$<4ylap z!kS(F(-;Y1(Qe&cvDK`{g)%@n@mS!;J6KaT{~ei3-T@J9I=+CgqqJC=YYbnEN7t!} zZU5dHjWyOS*NtP1MW6*#ZWb>NGy@bo})6)J1^O37;rgDeS-krLq2OtBR z$FC;jMrB{2rk{Pjz$7Ld%4fm6wMwAGp73D=m^tNQtpRudh}%|f)fl3_Og%J!_>EA5(Eh<@XkUs3C(QbTg;ED|ati4nf^9H!B`*U4F z?L0DLNY9^wnNvSmHgXBTg_m``|2I3kE!7Vz^GW@l>J5rM;l2e^XF9Q*u_g0ew(z9H^HR*nGP9PIN zm!+K52NZv}d}Et?t@P*ph+W8gX3YoFKi=r}U(q)-9Tha<04?Z)5PhQ`KrF0%ztS0H zIF)WY)N0$k;QD;yTIRA4I=V@J~^njGABWm$i2+KB4)wHwM%&^_#Fd>6Yhb}Z|q>z zruG!X5*9d+1Ujtz<>V`q)N+0Rk<2iBLCCoZW^Q3rt%gk%*7Rfi&^?6gL%0BRCz+nN zyn+_w*eMc>QShxRO*wMn4NHiChc5)PMl@wa+?x2!^FZUMhL zw?ghau{PBL>a`HL0EW-lsf#j?%VL80I90~R=Gmx)g{zxlF%W{nYBg8@Cdz0|v9v3i z%`e*`JX16~)YUq~kz;$N z7PT8%{;=P0jqdx@BTGlC6LXtPSZ-+88j@}$X7(f zE~uLB;12Oj(8JV@a9f5y}I8f&T0lVs^$6flQQ8 zR-7Q$JuJ5p_98C<+Mp0K^X7uW?CsCIyJRGS_|OIZ5DVKg>~`y$d&rVL!-)a_5aVX9 z3(9IeMy{QGnQ!Brib)(iT;Dx`Q?uxpxZw-ZK?q&+dAOWKq~;LQZpc!>)-GG9@w#M zPFk8=|JC>V*`as@#EfrNE$sMd=N^%>Ua9Y3~6Y^xA>#2uP8(6zfg?mFC+LNIC z6;VEbeRB5xJurpg>eUX^ro&4Hm*xXn^NA8}bc5whugy7c-A@}=iu{PXry z`>gF1d3@)ygE)bEGaxDK1{9zn>oa-W=?_oud{J^);QJqfB9+q2iUczh-T0cL((V0a zqU%xlinGd1kKs>ro^Pg8(@6F1DfiC<7$6FmP~G?36<6zyVIqeaDci|Fc^K&c^p8|3 zG4Nvg)gBl*eW=X|WI354;zuJP<1YN~-Mdt=T1^&88AR)=3nNW`$WdaQBEL8bS8qPP^210;lG*Z6H1yuJaJft6yZ7l3 zTru$>jT)JIkDK_G-`k!}yles^mkCg9@zg?ML_9wv4L#csR(l$uAz`Cw%;A5h#B_s$vRAm|!8Kx6gjhXg=ELZyf2{h& zEJdLU?@okLuO;=K@iEG~Q_fkv{(yN8*WMX&_YEbZ)Y&O*P2Gx1MX-njapL8Axg6p@ z2ZRLV=Z7E|0R$@Z7~1w>X-%2hMzG<55oB-#I#mD{uM`CI!x5`T0jv}N?{esS?yKv+ zQ{@loTrs48hf09q(7brJKfjDU3TP^rfG@{&$5Hm25*sA~9RflBmswU&Y4TS>}ElvVi2%!;Zs3SQMi3vSaCz2(Tc(aInQcfy}Fd-Nz;xGf-2Ih@{JRQ9x zo#jR^X{|edp-VFDN@<0d!*0w1N~(9kt{sKi4%^On%mJ0zK%P+g?c z;qT0*;LBp7aVJ*+qyA|ZC{W=@Xdj9`o12iD1!AEp7L!a1-4H0MM5a3;UIJR!0?CD? z@}WTvDB}Gfq6gmm>U^Z&Azid2;sbro>Q1Uer&0tyC$NmPvKc%43Fd##mjv+PM@R06+qp0Qtgu`Y_W#wG!3Vz<1zrUQ%6BKo%d1IIpj5u!r zw5Gw}7-;xM5qd)L+0HE~Y@XO+AlNc+v@G4G*H@~A;7EozkRetS274(GcsBa}w!Rw!4nx_fM4>N*YZ^u3U$W(~*>MB}@bC^eGDjL!ydSJ=AC#bxsO3h0nW2^OpGE!z zr8{BDOc_+QE~Q`4D1cZ7+P*9MbbK3T330%b6jC6p(jc5Bu}~`eLJ!dQGAM(C4otiw zipXDcE0SQi#)!U#l5%210$304L}%wfg6DSL}<=s zkClwF_y=W>FAx;9>}EEoR{~n3RdS2MppB;ID=2rc$f*2MPGb&S&kr*$NFf5sjUHXT zBZPwZA(G-|?lMX^wP;mzWQWIdU4Lepz_qB>DRLdmc0;olAW~cmC%^<|N{1LU40*s# zEr3^#%O*4mvdeGN0#Y;O=}HK?Rn2lI26)Lhkd-IKGco9dz*@xs77d2-VT-sd?uoXP z1WIQIo@VbSrq=uh9G%i80u>#P@pl5hnPusL_ifVC2|y6aT#*=u;5T4WBzIl1^~_hfQ3AWyniwj z`^wRYkI>>N(vl_srs&IIkz zVdI2@^({m1Xv(cZ)!*Sm^+Rqrih;O6ytbfxi~VVQr5Iz0eWuj;uz$F^k!1h)X# zq=06a#}y%uOLNFh027uZ`uj-_-91fft)6%@0)?Zh8_WO*G}Iqk)v)`dIjK(A^QqiY z^nE~sCFLpRFoOx!5TDZ^N??7d9g%;+z(=MT1dx)f2Ush_vrk3OMi2@fwX=V`etRg3 z86z^e!Eiu?Knvh@AHWPxX6FK?dcc&?V6*c`=$|PsS+6Fo#;A9f zL??q^e9FoBRDXd0J47~>Ft!ItwkzYI8p-rpla&_lnhf|ZYH2l_@Le*uro**B9H=n= ziH=HYM~6%*65Z)^mZ436x})hSPZB+4uWr5T6k*K16$}Z_rtcWPG_&$Rxdf3b({=@p z6K@xj(&+}>hAJk0Q)m zS<-o0-d$Cp(YrNX)kEu*^$yOKLR+=&@8|$@LSkl~Tx~3OJL>$EY~S=H?gq4$`21A$T&4JG|KKLrT!Yyi@yeYq`Sa) zqc0IT>|g9O^D=YwC1~X(+j&85%HCu84G%#`&!B~=69F`SI(!HP>W~X2`UhN7Mjiud zCUzg0A%MPe^!0M|;60`W{#Uo3Hr$r20X{A1=FL!^boV1X{+5^#*DwTTtN1Q`|EkSs z(&{DUsbF5~mrG{K+?h777urBc$TY3jcP7Se4m4Tpx9>mk36LP5g$d#8^ku8QQimWD z%*cdJ3G3>>lY+VsUOErFmKoyNW2RRPQ^3ak3HCF(MZP|E#ArBzZvL!MNme316Jb+?wnaL1 z9K;k2R-Y+-`1hrVagrH=uHo^FQ<_;y;Yv5PE8nf|5N z!_%u;AYNdQ`LM*Z_LaP0Qbpj}hL56ckCKls99_OQaJCfIRvkvdm zuKWIO@|893m;Tq`Ic+XC`-O3c=M}G$Z7-%WqcvzSTexpj3m7yAW}d39KOE0}4XHrW zUzofTR{#|`CrlVuy_qJ@m+KAEtci%bHKOhi`Q_4g=1Fx-O<}*+C0A#f8b{l*M;S5~ zmnK@5d2@M3X9e`e_@mR5OqznYK`9mOiQ%g{)&)_t5rd)W=ISZ{3s5A?>7v)NZ!#iM z*6tQe+%AJA!q>NL=Rex68#hiI=fNZX)YZ#@l*xrbt&_UHpmjFSqf>5j6?^~>0(hj~ z8D7iye%bBie!PxE<9};?=WF+YR{#>mROr280R+%hVbx@H>}n*`is1=d9FfJ)q4r&b zUu^j!KTsi(k?$TnZ*N@a-v9W6DazbRBY+P8UeRkk4%h<&Oa8ZtF&w=Bb=bBk@SJrC>OAhKnl1&l972IR!xQo9t=DIYzOx-NQFQd3)V#l z+o}KdPrfAGg&;NwjFFcmOk}KKjEjxMBJA4HzJYxWw4iGf+)h%I%rE$po z+R*9Z7rv+0jJqTAv=zeE7N7k$HSnda{$I5502RLec)3zz^6_hyNIrdzi&BU=*dZto zPZv@Ee{n#0`R|DwnQ??=+w!o)v|!y754`~Y+7R|`>433^!X&4-x`D}*##($R{5!XhG9X^@{r?bk) zdAn1pjlpc{zqW}G$AOx+T}(QRm(b%be);kWUR&LJewUMeV|U5{XHUWCK3zK zDyp@-!@^&mKJ!)_Sf&#CB(@;t5r?EyFTrAE?d&Q5!dbSlvE#t`*!cmaZ$u#;*7*fxskqkpGpRZ%~ z!)@n7HdJ`=+2)VmbayAkmb>eWaH$PW3)BOWo~FWHzcZ~YpJv5@JWQykb*zDjY(?? z_j20A`=;sw&NzGo=~H<)|1PlM=oKh>E8P488U`GL=NGf5-M?p?-6!UA(NXIYroITS zP`kCs%GBYElm?e=8fO1^3x9}G=?wWMi_)xy7AtqofJ&6dv9VxOkp;AQU{~AB-ZqlB z;girB8NiXG(X!D@Z!uTeVJ+PSk$DB5n4Bq2zh7pxPkXPvz?D4Q%rk=`& z2d1{NMTA^0p)I+&8_@9#;gWt;ztZwJ=Gb!$`O^l3GmDl9j=HYMB+Be)$INl0I{7yv zukH0;`4jvM!p?nT#r=WKMF$?nufqKDuTDfb55^v(sb$faQP?J~X^GFm&dwinH`Y$_ z>%ZVlR_RLz8%1|Z#qpUOyc-*A_0i)QGU5|VyiFRpfz`4a9*2W7Vw`eIB{9F}e>7cE zFBA>sP;MuMvT?o^*}p#ST0v~LwN6g7k#;%@XMdwUtJ-JYsdL5??q#9&JT7_1C65gY z$dIL@S5Aj+Vu3&qRg!E`YVq;%QE^4G^u(o#mbL(eSUV586GKs?Aw*nrDAwt5&hGTE z_J1Ap9A#4T{S5{3o{=E?#EH2+)uZ!%5&t@459(czKZo!&!_N)@xdi|lQNlIDkPKc= z!Q-Z@HJ_v2sJx#Py!rE&-lD2lN@@kn42Pf>lVAh!eJr!w#Oq73<1f@QAgxqeG-Y-} z0$lpM;|C(OrWp{rFdUKBHwq+fLZq*&$WVB)DWO68i_F6h*ewN9{IAC-AGk~Hi}br= zUL{=MfpZq{FH>**lAC$XjupM%Jv1)&CQPEw5Af@lM?gYMwcH=|(xS6qm8tb2M>Y_G zB>-=wh5;p{8Ah3|W=I-2T>EKV6zv>6qE{IfEju~g+A~wE=xdqxK^n`6oXt|bHx&D5 z&QuDgWN5R0q_>(BSiMz}Lko~t^7IYKh zGcjdTwb?!N!)ee$;Trw`lcZsjA=>k0QJ68uT|_2Z9-bNQ^Rm(ZvVQSG8<1t}ll39} z!;%&oE#Jc-p&?D1S_FYL*L|3whMJ`|y~*bsC87E-u_MUt(BR$QH{Lzvj3}6Jm5%tM zhd)cEkwciuB5AKds;^2rRs z6pHaiH$Ah-d`;)Tj+H7wj0rFZAA)>wV8UmbsfsY}Xsu~HpS6h`|M_qxR$8d_6j>pm zuCM(NE5TpEU}5WU-X`t8y^Mxpc&u1W7Ii{cN}jxIKSpFh-ESJZci1}|e1@~Rr$HAF z7q|xijPe#z2v5ZOra!|C3gh{n)nKi^|J@N!j+_=E%%t@RW&mV^hh-BeOWr4)H{}Jw zRN-g$T2Dq>9^-)+@9O&GLgd9>uboO&6UbvE>N&q!%u~1=?pT=7vy@a zZZ=Ou*3C5aHwQC@E699q5=kh%Mxp>-_=`ca}7P*h38PfVE-JWzn#6N;x4S+-+63oaN58NzKSK*Xi zUyOV2?eucuNG8S7`Y;_az!L*&`}_Ng3XG_xQ8E9*gva^ ze~}Wi5MqviG(D$`(`+gt+dgr8*E-5Gza=7fFXPrl6fj_nr+fjisd{6myjf=@E{!b@ zFgwJ%*do2>7=`cY!*Sos4az;rHu&A4u-s zk36OT@Z}K1MEDiEr^yp-d1?L|H;K5(3cz)&T3P8NxJY61rSQEglt=GA<82NXVIPij zZUr(}<3;qhN=}B~y>s_hJj>vU*m~acd|h9oxkx}GWGpvNuV_gsMb1&DNWN~%y8rJd z#d;I*p1Uk@ztQu5NZnx7NYkp{6AV}?3*gta6Wqr$$f&=GXna)e4hV^yyDjZkdMz?N zv>1sSO&7W79X2ZAwRfFPW~5?!JLmq*y}bQ|JsY^pKC9nn_y8JyW1+i7eO~>#J}-59cJ!?Q2HDmI$9x6`dvbG5 zdev5jEincs51R9>b$Cs*u1z#|S@-gv(tabfRzr!=IvVFcK&mHtKMY0a0mQPSG{{f+ zk8K(S?CJVaP*-=T87(QFpc{bAV4BA&)Ml`x=dui|Rln;DCu*ZGz!?q$l!?JP$9~VO zr~xp6lY2}1#EUKAi6QTRq5k|JzXMT&DkFs&Hr#shp9)4qbw~^XL{Ldgha^ClQE@L& zp+L48_nbD_hiH;qb}}5@Gq#g;eaZTsfKq~WAE`Z4X;n0IS=Sl|QCn???DTDgzC`Ih zF?-uO=QTKOrLSkxuRmZ|QVdf?feb4fk=R#4x-BNPT4Eu?5(y@86$Fdh!`oS4Rse}X zO4nvpCncBU2pjcm$uLE<2JQ|i+Gvx!`kWyz^+Q8fbq(IF=LUK!!0*g*bIi`2nxUIfi8 zrEMwGeNHkR^5B#3%scy(QWNd+0k!&eP@;`tWtiTxbYq{i!32@Djy z+Et7EXizRjNOcCR*wV-igG>%IVzCoBKjr@yfybMei6NVRlHxS=TfOxGWk8iItVKQ4 zA|Ye!<4`w(ZlBLsIfXS&m)DPMn@~CWELN{-*z_D3`)tlx|4`V5pgOfa2BRg@Sy3cm znkG<2h$VK6rykz*bxlO-v$2O2cm;PbX!s_ z4dq}8aUmUIfrpy8Pj)#&UFvP$=UGmqNvsS*?(R>17&fh#AEkp%QEtneosDlfPk+jT zss8WjG*}f&y17r>_nywhf+Y_@{J}&l3c|(w<|u5I7oC>jKSUn`YHo07p3<>UeLgJ> z(4+$YOHcpzQ`QHY(TZmF=9}@l)b5!EEw@6vdEWy)wubt=NZIe%tQ0BMndWou$34M) z8iuiTW+@ifef`NShH;p*nKcZaJr@t2Qx|vx<^vgEYrv{J1~X=S&m4aL1=pt=$r}Q& zStK_C#EU??o`L!VPo}?ojTw0DSuAbWLY~Na%e^@%?PCDDiDP6oQ&{U?X`gwa1rS5e zfwO=trr?kn@D${Yp#_l3mdF`7r?IALk;fwmAm)kzZcfcL&x7~NZ0;%% zGj72xV?mq%)Q{OB@nJhh(#9)Dx7bXC4AVCB)np40>)BNjh zCuS8H=dA6S#magDI1dr9d$Fn=_G~FUrrs~b69$V?*Sbp=9B@xa>Y7fTX84rlLy|@vUVTeS)%J?L?E%-(5 zh&x@0vCP_J{-?!TBQFY`mA&90rLO`-B7vpyUhQ!n;uc;-=4A1;X)Dz_&f*$c9%T8JU@n{5c@j4?uFAramz}7 zNEVtXaqG99y?G+*yBf{aK~&?la@P5nsRg^{<^U)tz*%lT`s2#GUKH9Pnbe8x=oF2!1$hR7zqZEnYf#!tt z^Pm$4H9{Kd0f1x1FZ^&o?eT*f8AKKIrbzyvb{KWnVN>MN=G1~W<|~B19#{%pllhE) zyT;uSJ~tDmY#+I{G~$#>n3MplJ&vyamEB20{{cyDL1Jq_=8;Z(m=oq6;SGFQkr7S;qTZ`|74Q1I|+4;0-7K`U$4}*eC+@ z1N1F_7M*5-_svdI;7mx99r>0MLyDhF|Yj&&NS(Xu0pC*Q> zvM8f!t{ zZM$pjx^ub1t9Mh%PJt0ppJstxte?(Mk^&`j5=5|2_BoPv%eT!}-_F{D81B(N3%ssR z?*k;)fX$cPOB$Fy>n-_2`l@ZDriL@zKRgxB0UnM$Dr+1zK<*G$( znjLXjUim6dlODe9+&SQoT6=>Gp9}Dqqg#Wx9nv-Lol6yu3Euiz3j+vK(!BwWCVHd_ ze}FtDLw+74-5nvLDBt${yC^=bGc)ST=V+d9Evk_~b-bH9bmPY}o0jhv`>Se-sy^Qc zv{AHRq=Ox4ntzu%A+eT1sM8WN-_y0{~9URn>2|54h%*LPrC&UU)fCIfIl)UPsxas`u)2**7pc9gO zLfn`9xXA9bH(g*AOd89BsM3Yw{e!p*21`|3@!61%e)J?pw;UA5V8_JaTEW-CQC&vEkKSTVs z4DH37uzkd9i|Ky?B5Y^Cok>#Ni+o;mC`vkx0Oc(+X4cwFyY)8xJO;iN&p#Fx`3?M* z3VfiEl=H16cQhd&5RCA3`u_I>ldn~D-$w2JRir`=upT6|2o013mo;np|0bSZ^R>i? zS(dF=ZJ+A9C6pMaWl0eg{|{I9{m$0^$B#c-#0nxdvG?Apn%JA#yRo&Xt!PWc-g~PG zTDwNAqHSUo^|C1)iqg_nn=Y#(AMfk?{pIud2hMeVIM;Q~c|Pus+no$lC!9EcO&;0N zP_B;EKpwM8-cXr>MoPRf{2EI&2(b>l(vlNKKM-HZd$g!?eoe5TBaE{8!=uJMEBW0| zT@cWOVBSLf;D_Jzyjg1y{x{(!hav&gOi0T=8JP!e%!ep9#D0L?q6q%EEo4nY-*IZS z_#^0hD>Ltg=i#GzIAG=lmhy&BQ{#z1g1G9wLh8mwF@J;AZig8DUAe&_YLf)2ND{^X zRmi`65ZW8_Nv~^9(x1jIbN^XPi;sg|i=VhSDQLMv^Nw!20l_Aq0dOx;RH`j<3l9Jy zIF*A9X(DfH|%&7)ZIm~at*rm`maU1@hp#L4zS zjjj0mS;ebpMFNbzid&5V<<*e3D6FBEEwBAjQqr!;y1`7%?w9m+Ve_GwzuIN(8v{Wb z{i$v-hl0Z~47-*fb1n)rkvnw6gk(}EjpETL`~3H&@AI9BAo)vnO-bB=fJ}9pEfYbb z0GY*{!X{(nW9S6xGX+!y8f5;S1Quv>P@&w$;-{_& z9a=4oJiiP#R!Vg2uTIiCu!eK6Hi@r`CI7j&UgmnSfL_Ms59we+kVn#(j04320-|Vs zUeInw-=ul~J{SvQD8m<}a71s#d9YTZuI-buuJL*{yy^Mb99I~jKE`?#6DJi^b^WEu zZ6Lzrp1p+4o?dIq{VwTH-&?8r?%}2;ueGr&S7hDd{yUBaZ1fDy zWa@+-qJRWtEORCz7-ZRECb{V=at^bBp9htn%MI7ieDb%hi9fiBFA3jO{UJ9BpU(*% zx;ku|rrkQ?U`T;28Bo_=IpKNA*TR5w7He+U_F^C>okBYDUUNorCKF<{5TfMg6VVNz zi`#0VS3EiQ{&i6}Aat$jmfQ>>Wcb*3Ge#ydZU;?G;VQ5wj-1z-KaOO+qwRP1HYp3? zuqfXZ-h16`@AsbbRf?LsoBiEW8GM&8%Q4?r0fWH26mMvBx{zH9j!WkZR!Pi>tl^w!H{(i#y4sw3};rK%j25{j7BbDig+hEe)IfqSR$%fH3fY(Jf7G~ZI zM&-BOgC8|dmxp}^8WNIWk^X~YnaXsHj59&HV!fz;5_xhK9K@J9g&%KN^Y_O{u1hIu zj99!r-@(F{l*>$B=ac+Z4D6-5Jw%XT0W|ZyPpYB+FV)PZYWa2JO_&WGU$Ym_J@}sb zqf=byllL5*feJqNIbP1@<2nD!&KjA(Tx*)J<1?IW1^_EmPkw^vixOO5jhj^N<+ zRuJ=fnS>Zuuh4@}9D3kL!!%_Mf9BiG=CA^&U?8%gEw)y@FomaHb+iE!ZRXGl;)tzO z%`0!?B!a#XqyN?2c}fcpa0^a-erc(g89>dT>&4n692MW-Qdtox6=Fu~;4+Ie7nNm; zR8lGKx5PC!?fDB8;r!7{YugFhy9}gbkiMdm=-xTH1rh&$d{! z@~*o4%|(_hy^=c~DNf+V$A_#P(mQQ0T4H{HthWe#mrf|=J~D1Eh11icEuEtwm=q0Q zc}3i(4z%R`RH%vfqxpMzKD-PrMy4?UmgZ!Ro^Hya@N}}E1>a@eml^kSoTN-~+w|vk z(Le5M;A*KUw42)(^iPW>@-3&Zx0M#4uXk=}S0YC}&$t=o0Mem?R5E*5UFs;2^o(xK zB&w-xmxlc{q({K1*M=`Tq%5H~Clq6cc~EL$kDd#PJ7mbEt5WZ+jo0Gag7&J7F{-5h z5~&Roe~Wi-q{m%-w*u4x7qv?+k`tpq$#hR_@I12br%bG#U4EqTIqZMiZ7&`Yfexab9xh+qZRQXyAh)n2(PCzS3s(i)M?} zi|3vgdZAB?mPqBFy|1Ux;=&QZGugWv%90e)x$q@^twKm#1|(k6ZCycE3^k1f)dI!{ zo)>CixAbo9aON|jB>{}EE0|qYvA9y3CzdQ>ckZO%p-RpxAD!-6-{`J#SWMqE<^Isa zJ9g{L?oAL~(t1+4W_nqF`@PlBr=uL_({I{151{W##x#mend~kpc~?=#oOPGJpOJ^z z0H{FKlS~1fN43twO+U0?Z!X*ZG=2M1&MmGcWp9;oSV7=$){Aj@19Nab$rLOqx$+`+ z^YnJ*L5HB@X9Cm9x<8pvq=m`f!n}XyR`q8=8jhSe^2$JztlZ2zE4Qh*Pum3U5Z-ZT ziK5n7$C;S_5YUR*EU0C#+gOzNDvW4MS3gcyl``h_7VerPT%o6G;^ObZ#h^#r=Z7-J zRPtV)JJ>d2dR@oVx+?phVRc{S^t3bQ)cR*up+w&;R$BrG*;Ea_rpP#^`z^0mltoOc~SnA-){b*~xr1qfut%EF1 zP&(sx(llcBiu_}bp^43$|4iCByhQlDK=w(jd$pPd^_Lv*{E~R;3WZbNz|#=KeKL`h zT7M&FX8>Gf<39f8e~kr63KxAunZeS3$ZGOy`7TKySv!q*5nqCj<|M>)%3A9_iN2SK z(cmSln`qkKpiUvF8-iaX-O-7u;?LoK%msIBUS;?UNYrFnQN=<2_+V$=U&4^~eDqL9%MlcxWqrsv&H&E6)iIHy*x@eUCgcL%!Y^0jFp z5j?_nWEVayTGmK->^{LfLjJw|?hgj^e_!%H4S*ReNYhZ2*F<;$sUn_CHEFWXNH+!rM0YwI15UPs?McbZKQKrd&U zB%}$A3<&>@*5j8j5pA;Y^}Acx05=+sGrOxT` z!jwDlLyj+*hbk5q1I*}u6?b0(5(V^lU5XR%GpVIqc1&Wa0Qu~YAM6F_Z#8jz3ot%u z@~brfxcmDT)rt9nMJpQRM4O5J>-2Zn?6EZFy;=Cj#a#jaX68IVX&x5#+3yNZeT^ER zJfbB&0?1t#c)2yu;C!I8MUcVh+v$nr`j4Z&NaVfWm;4vtSFw}a;r(nEAd7AxYVR9I zS8>c|F5=V0Z$BPSl55_tB^2 zW9<6D*wwqjR3eY&K2hL6h6=cNM!VLz7Svf)+#*RCU}`Jd_wN3e*6?xf(m(veNuJ)K zX7=@rKJT{vh_(S@P`DXUxUB7w{ETEPnb8@xg1ZB6B@HK_F3U+ntjP~=w{upO%u4nZGf<$ox=Z{~}HGLGHiihlE9%-^R z1ycu!)PCJX#tz49*bvJ3Ye#2{C^OQ)r}g%;pmrwE=W;C2LaX(^FMF4?gYN0c%&$Qo zA;>ptDOvtRSy6Je!43=)GIz>dQzbK0HqIC<3y+ZncYRuo-;ft==_H0QBz5e9f_AT^ zY9BBNCZwWzvB(h|a-X(Een3flEodX$es2lL-xz@TFT~3~NW5b9(@3)qEI-f2#|On_ zwEiU*@ujAAyo;1Fq|2uwtv9UBTso^K50`%N@0uu?xI0SxVRrr5;{wN9P!tx(?JNJX zpUi82z}qaB7zKEh21sNS?X7=M{^0tTs@a=6htth)@vgZXp2kBaUM@{1Ba5X&&$`2d zFJC4PwwMW-jVXWJuSoaoT>Y$9Itv2N6XkW}8N!GV<57sU{JK0v#9ba`Lebv9a0gR) zQ>gG13cLhbn)a3FJgTG{R9^ozW2OV}dg|u;4iK7C+F(>wc~Vpk%*BUeDgkm~w$Fy9 zs*gJViLXq+XkjZ4QmBqe^u6^wBSg@pIVusw25Pq)I zjTQAJiG;cEED(@nAhT?FWM$60`U0zl9b2-`wyvC?yWk4$CD*MnjeXDsW4zRu9;8W` z-GmkVFLj9&TuYF5aM|E^MBtI8afr0A#|Ku)EocK-EjhNq8FcoF z_wEEXfWmYel%v|N1&zroj>@0+2pCYB(GM%XeA8%(QhKMJcWw82{xgsH`A|9y1M}+; zI(7Cy5Zyl3hC$8yf(B1|mvc!tPcfC}Qnc?SHHGT0F->1UBlC)!ezk+qqF@dNI8J;d zQ_2~XqkJ!31RQqW4{!@C;+w24S&N3h`fE%6>fZLrcF~Rfz59>j@G}jeuIsq$D^phf}mvpuI*!s|(#>2tj| z0%xpIL1AXXvz5e-=f~bg!kw2y#DfWRfr9kTIg$P{(Amz64;mgHj?A6P&F#tTGJ0(G z7tBc!(m`jXUmr4$Q10_a46{u!2S2RV ze;3HDD5iQ;tXxOzl<;(+UGOmymTteH|6ou!CB~h%`>}|#xk&zXAHNk221Ze!x!esK z>(gg(hZL1f9GDD3kafPaq;D}OvYxG&!}5BIchd;IpoJnuaY zK$GYUb4L4dr{KjUiND^UzgagK8EYtK%Bl$}7k+9DxBkmWzE~-Yq?u3N_#0t;TEehd zlCC&)_u|Wj5vU2_(J=s02Y?LTdes@vxjywqgOJ-B@Yej_+vj?$a9!!~Jmr1RwO8>w z0m->4_rLKz)%?t^>^%DZ9n)K5<#}t}s8p39?|**+FZOlXNxPjs3p#@lo(v@4TEF{y zuwew!_>U(N$AFB$KNIN&i$elQpMylNr(H4VeA1`cP_*o z{j7|{+K}`!(Q2-}gawd!rMjPXofVp098d1*5u)c7w}>*?m?@0bZ|w!uOY;6h9yWB8kBhsGNGqu&8~wxP`N#z{EMg5ARY=YOj>1v&xfIv@1-0 ziBgX`3GoihVtIO)b-&xE*W)cVPt|YQOuR~3ZY)LWk)LJhrMTmx+dl%swoQtqqvLfB zl3N@te5F9|f}$RTP8D6eseay-8Y-5OiENU8qlx^v6ukfq+oGgzNcjKRB)=;ilwip* zr77cN(53Y3;tpaPJ0_{Zzh_>(Qu6tD)_*)G)5;|n-+dmxlDG_uj7iy$a#arBFrhTrZb%wjBBe)< zLE?FrIPKB%8cpWFL>=8HU?!>q>qVp|{`%ouyo)K7@p*DlLp z0AR(&5V|!Dkt`@MWB6Jv%g(OOd;TdPO>~%5S%jEcWC|?#bB5`0r&ZtsxzP-U?V2s( zW%i|t8ag2_*g^om(FdI+O+FLQ164avii z<&A()Z?@e6LxD=)Ynj97Jy3I(7npma=&~GdkiCp8gRo8cn;7~q%*9{omJ!SG#<}_G z2w42pw+=GBqilp5{DT%tPZrbE&gFXpE{iVM!pAGW8=Rfdo4rKP%a0?u_wv+o%0g-^ zj#TzaWKKpi6kld7zBb@ZJM=S zuZ26m;%jW9Ovamg;px*zcqxH0E;|%!eX#Zw?RTSE7p_+y4gAiza9#C@Glp39_)gr{ zC!t0=*_t`VTLcPylljzBp0Le;F-Rnq1}1%yTeY7S8L))Q%68YxswxOC3wti3jLWl9 zp^qZz0zh}DB&Odf`r zD#FkxpYMuOI^xj_$v+WZ&4?~8ZGI&O^v+%Sc0#JlW29*1azo-~x_;KTZ&8;}I~b+H zp`zW;L{oR~&oz<&Nj>u{V;af3Zzs*roCm&}4>CjEfu&!{eW<&q+b zZplU(I7qRVjw=MfL%NikZm_>DQPdLCEaswVs2~1dOiAQ z|ITZSI!}j#saNl7 z8CFR7QT$HlgVu+8a}zlQDY1cKOKegQ_8c$1?>d48KTib7Dp)yCv3lmZrDaX$F-d5Tn+^dj1(npv?55IT6)J8cCuv<>|H0lGbhSW!ycHfXI-e z_<&~_%A&SR2~}2gu0JIH#9y-@EP>EN_+0s(`+ZqV<`2wLo9XcqVjG9ztxqeZ9onur z$a;CbQ zw%tbH@!l;+S6|it($>en`*)9RH2ZYIU2M$C0QYh{d2rDi(OJ=EUsXSGS&i{{N`iy_ zDe>zk92l>R=J&U)k~*G{813u4AN2g%R#FYm@nKXNm`}OmTeRo?yH#ZnGs+(>7~~!< z&tf<4Ca?XK_K9o1e_Y+~o=EhwLMCwOxgImNQ@qdP>{6F`T{! zrH3pkBV##@rrab&1@Y^e-ZH%G13qrv?00^--5qf*Qj!NGGHt!3v00hieAMmq)w~sa z>`aNCom5Htth>C_HyWFE7n^G6Hd%3W2{>A+h*EyR`pRLP@V8tH{@hI`?vVt(|9-`E z@Ou@7d;+h4)`gR}qm zKRD9vSos&v1gn^KxpWhCFeo}ieweSb&=Bp2H{nO?OX;#hZ%bJJoJO2Qa#NP~kTro;H9=0c+V|Bw{=2IA-55M^C zMmoIsT0Tx_XW^1Y&2J=4jd{5|B|0v#e)EkH>h{}msZJ*eLTY1l6nc~D`QpD)M8ulV zrOnSp<$nf>3mIpxJo!Ew7CWH9JWegUm_b$dU$zjmTd(mA7iGErw!8?tk)3nYC-~>^ zY2wM7u?>iGg^~K1z8`+!7gy9h%~;OJoE-`9X$8w!QTfwb(`_-%M6(K6(ob)MURS;^ zA@}Rx{MUbT>!Y1V6%5Bene4UYe54It;xTl!lxxkO&slf~<@`;qzaKyMIO{8?w89SG zbtT%_JWYLWyDaa_>MMYK>$m*#&HGuv;d!8-V!*hyNvyx8Dj?-t8Tb0~M{%Kj2CIfj zL%)`RBwzpM%dnHfva^==LE4)A%o=KJaq7M>WAoWk+M7=v_SG@;V}B?eO@2?736zWs zZ+!;OUjX?qi@VPtwy;dGz&8erkffx;Ka4E9UteumLszX3om9lru+t~PFYrKgi5YKu zC+v3H=5-|d#sb|UBm8fOonjsQsTt}J`pw<6@LX{}QA7~-Svs~q*y5CqW;qPIX7a3Q zfzQ8p*&MFPGxExFsD@_P;96R9Vf3F;7N`U0Fs7S|RLyR7Xfk{+4ArD$|50&>He+^P zfX(;>$VY(B|5Vt4cO&VQI71iz&3xmK%G)-QZC1o_z1>xtS^zjnBo-*Oo-ng>2Cye0 z;dJ?MTpT_4DoBuj3KT1!;>Y z1ocb*EL);3g`ID^q4_r$hBG?!d zSS0Q#j{I!jK9YT~Psf4iIzS0o&DBMJpLe9Jyrr&5Q?ipsZ2s0#6DBCAlL4{p3t@rCVAF*4E9oGZ4R3T(m;ks?|OB8M|`DbPN}_5$4{RDqXJ z!SsPe9pbYR0bUI3VEa^a+2jZdu4e_yCn-UfWWMc{>V+__;L$yYqpe7lWM<(Xq0rx7 zM+1}cVW$7KWLgS-$FcI={=zB1Cae%~I#QT0%iN`$Gi;I`wFyb&!ixr_UtsugAy?+pwRzy2 zo!;`Y*v(?A*2XPDBxhPNnrjTgdHHZHLZy&}eddIK0fmd%>!mh|8p7<6WF-+WrKmY?rA|CORmn(IBHNl%Ba-v3{c6R0KCCxC zMLxskQ**C)%PjzNUL9N%hyzMy1(z&UEaHR~SYlBZAAK=?3${mK=(D4~rPv9DW~fMY zn%?OZ7GXBf`tf(geEth#`VL*XyIlGp!|1Lw%9+5ZPDbd|!N~x|k65;A_H@JS#zN-Q z9WuS>3jHqiJWdLLZ+)t@beWxDE3oHGn=pVbK1RR$SG)3W%~oY`5z_Q?yerC(GwVTw zNk){U6uoJXGlor=;+#l;>0(=zOL3W>6i+Xk3~uSr9+By5$d<+&R?(qW4UJZzK(wlz ze4;XEH+6faPq#qwS$V29xP zi0s;C>}D)(Z>9F$*DKYa!^z;Y!zGlNc@%4Ox9NXsA|eVSHfGn(CEIZpV0$UUzb(681Qs?&uSb2T#}2HH(aK^mr)3Y7hpEWt96nz| zwKR^L(j|xY9k^mL6Lt}c&5Y=|=e}2-U%pFlNhC`DX2y3TKsd5Ljo`|=MHdwl03_>~ zfAg9Em}UbRmA=ym^47&H9-mYWE7tORvhUKCLJo4~DjuLayVOxx+kII=Y?F zzI8m>#P^6rkBnCWxUH7?V(*1(i!0BXt)wh_+*qY~XVYGn$`zJ59xtaS^u3D8xO-&! z<~=hyi^R3`UyQZm4SgX*$uIDbI-N@E1?%sAk@f*_0PqhvxJ4~e?M5UJYqctF7MS{mJ@5-tYrGxBReH>+-fF3`-O|J{>$$+Or9j(%HsXabgd3q&Tpa7 zB{WdJ(+En_B0b+Bd| zY>?2wk;EPwUU1HusJoz8VB-YV7$KCA(~kO5=CI`|h(2_cL+kc;aEoffy0K_0?gpy{ zVpNl~_Tu)k1|n_7$+03KU>hBgM0akJkH*pmVgR1)7veN)Fa-pr!J3rVa7hw-4U=_= z;Y$+$8<&@|7wOI53tHpJIQ%DlAzEaaIs4h-&S;}!l(N;vLI5)l;2~W3VTa|8bW2RN7r- z2kz9-{ljF0yWGJ7C3FV1<`8UXVBYWsID6x?c3rD&`*u+%4c!B|qgB`ASk+K@5%kMk&Ult;kUKt$K5pl7kmc zHbQK{c$jUKQUxeK-`v;_4b%bL>#Lg3DaXu8GjVMfT*2K>x7z`j`=;M}Ra2ZF8-JM7 zl5mt+2MRx+q2j$pV^cd$iw)K5DYz1AK=)l9K6h*h?{GCIjJ*O6bY1i7Fe_6r@t^Jo zPQ82t+qwulZNJRQhQXoGlwOI*!VeNHt1mpd%V%QG9#iAfpTM$Na%Td89LRyHMdu2w z$_jyPR$=WD*544m?ds~Gmh20;`lQcMd}FT*j8h?d+=$WZo|z)wuLzUhVP#pc(_#=md$OdM$3WCJ@~dH~6%2Fo42z z9hj$5mGHZv!nLx8H~Xo4b=)`$G+2H3tGNUZS7sKT(aeh@nAE#UpsOd3y!jReeBlAM ze?V(PKhDtN$jO5`6VT28w&)9}9&SFX%6h{`#X%Z5)?298nw$~a=-1e(RKBz}m}6EZ zy*=jMR8`x(3;9rVTu1ci*XQ<;-UY9I+^Z#_oPlgBc*do=`(vN3S;t1Dn|#TUnlQ}a zOjde>=bPlvzM-Q1w7U}iuX@m$Fr{(^VSF!imJF>R!=&+)ho*O+6+@{h!AfpLED?$SuQ_1EC%kHbQ`6xyd9w-24Ts*ZnZQE2DKH91a;r3?q&j|#^ zYrmSr4NA!57kc%Y^&Q>S6*aBbPJ`W{{JRZUdbEGZm}YfIBD%M>IN)OU1(%$GJ80K` z4BCkcm+vn$-Hb@G`QexUS;BaI4yj_q-#(TRTrE++x8p%`T0x@Yg|FFj+GiRF+2){&nHc zz-+ZIThb+(tNV6gTT9qkb*WlSJ2>#o}X7fs7qY0&~Mh58!Xft<`*|E&mT zNe)ms4Q=x%^#XpajYVeh6Oxo#>mQFlxZKpcL*2C2d$g5dXMhFg+M02U5fcH9yKY5h z-__lVEzyB|5i>Xwzfzbf*Bv7w$F`BecFl^p%6~tF5h5b!hbZ%j=JXkh(tGs?*_~8j z*F3E?XP-Px&>r03ws#-5RdW~FAO!D{S?*$E)KcyNz#v)(5PV#9nE*ZTne;2a7jI<# zkhmujg8E(9EoCKvF9Tv~BWA2)&kU~Em6X^rkV))XNinU9d>Pn8Yiro9tg<(jf=XIxko2-q>VT7= zkzsmsh3;UXlQLp7KLhsZzkdv2WDtu*7zHMnLw#E8$io#Ku!WhqU!AoBm*|qjeX4qO zzlq(-jO-jRX#ET2`lx3vzOnk)4aNY*R^yNgc$qe_Vg!jMeZt=7#pzu7%!xf6(ee@?Oq|{cM zq?g7K4M*bNFqE#UyG{y!iaYp^n_60Ce77))CepXkVGg0zjSzvcOpe zpozp7U*29kmnnHsR}Z9;;myI~J|T@M%y!*CIB|?KW+@I1|BAb>au_rpixsD{nv&10%dOxmCmFPiu{O|6S$Wy@(65f$b_geY}qa``5GVPwlX z`bOl8EqZGc?58D%$b<{pWg!x&dhZJhP5sa1`U#@G+BIe27eVj1b+1Czr@}dM0>_0v zP9@9LW@O&}DI%`SK6MmgBe5~F2DxHCC`ks=6&37?M%$U1@5m}tzHU?!9G$c#jx**s z8&-04!v!jm#N2{+pM~v>iw}vS1XnUU)=|yPPz1VAvPtXt0hkSy1XTI$7fNhtHW!Gj zwg0%wn~F`-#S%;WuBC8)RB3aU#$CL*>$7TbvN8cv<7nzP-g;#yHZlPi)m41~Ra!uVUqPt}2aVbr0ZbbXvrVo5_19p>FsV`C^& zK~AyU$AcZa^jLMafDbQj0R;m;+CE#qj89OF7wfoITK7;x@aHynLD+#=2^&hx0OVt~ z{!Sz&i!$TfPP`CeC=+9rW;um}I8N#DbCC%-7Vy@~{A6R?HHAXg=q}_V0cd+&3ZITX zlTP4gdh%IuQha2c-)#u@+RXBK?vmX%tj#S60hWOab=G8CT}e`Nh|`7uQ$pknkmvet z7lvnkigGDGBFlZ(+nvpx#pUAt?u-4u9$G9UakLh^cwBpQr-eyM!h^vh9Z&~g#DGIW zewWx)kh+KX&ySy-&1qsiEu^r&2R09}NlVf<9wmf4c)VHGxj!=?1i)a=Z!L{)m&|1A zRhsB#_?)eFp%A<(Wv%slf~no^vCUrF1scNHoAN@Asj4%T)Ap^xxmSDpq{%K;6!mp< zDnfsnOZ|B!UT)>rgPCZm=!-xC{llYCReuxKumaeh&rK1jkvRy7VLitlGFus$7`XAs z>8Sz7B>RJ~+`H`s&=l!QPC}sk$a?})HZgUBqmV*55}e&WiDK%hT>OSucA^*eAL0>^ zZ>d0VUC}nxEEZxVk)4(A1!KtSB34Z6ke*aoMZuG*i#KxilP&Nw9o;=_Wj2G_#@2t((~*B3tObZ%`sqZ#dl!AlHw)jW;I4VnG}`A z8;|+!_%@6AeZ;Fkz;YN+@HIkmy)-Y~0CUG(%YvX?(9o=JisHUrQyG}gb^Wy`94Y-V zKq%wpay5EDS&H!Ds@-tI9EBTX^ztxP0s<6k27emQ{c5dj&`G#FkbNiMFt&9gGnn$@?x2WlM_?_5}!3hP=@W%;5Ily$!(M$463ICBmj5gxq5_w;;8g%x! zLbW_6OdjSvi+zRZ)G|0rB_LKP+sIDP^UGf%vxZ0ZXyWg1wW>bVG9C&5NeVb-^GCBW z|6Z*A(-Ygf@r7*)eIWO*Loc3sCb7YdUzsZm|9anLk1%=sLAFzSvXA*jNAjCbV#o{o zj3GxO7cu~Jl33`2&F{mGBg`p++6MdAkGY;3e$BC7bNlE?dgr4TbhVyZ22plUyskGU^ z-a&Bqb1OR!{K3XHO4vXoN7D?kQ7sz}1DETg!*HSUt|_Q{e8n zbX_2B$191B#iZa?W-`U z8{=_LMLnsdJ%_Ibvx$L0YLQi{_1lf|54nRZ)Sq%+zh8M~yhX|2y&!(RE(xj2ZE;el z9v(jaim8pIiQB#N^XGiJ41OU~3dxf&))lc{4*UCEnaF|pN1W_VJcQICpGB<}rjl>K z#kshd=d_F`!!I{$Os0GU8mED-@Zkvv&GppRDVQ|p?a)|{=y5#5&kt|20R1L!5+M;y zTREym5F#C7Kgyfok}S|T#ivoCK3=q0F&)S=M*=Zf>yQBS!8zSF1s_8kCnK#J2Zgic z`(q1Y)Y7EHaRAM*cSwC-)p3a22zHW<)hOJlbg~dTRtVc|X{x=l1$f5g4Uul<@=t+# z$4?xbK-iRmr~S%b7Ow6w`8ZZ#VBqk@F|YVo%KhrFMxZgi`Qnrj%6F?P^`>>R4XF0! zdz#iWPKFbyy^{2-vvMoT_ySTxzMk0|CXGQ8S^hF{nMy&Ylyk}5GWa8|3EQ=y$Iafu zT4BXs|Ir1{^3p}G_T5J87+jnX7;B_Y%;Z%Pv0J}!2dGTF-xTvbDVr+5Ww3)XpCd`>9(8T zE_FnsajlCZRNbi3iP{^N|A~w#sc_voCyZ#_G@dp`luJF8x zt^=#hl9_%rjnOP~ajL(G0#EBe91AmcA+ALGynPwzmFU9_0(}miC|Yv*z;X$<-SD%sZ`+T z2~+pg`s(!Ai@4JmGfl*WsdT|MV9|1VT_v0E^eU25wcd*9TCqJ<>J0D7Qq+b?g++Ks z1{v}i{!AkVkk-M6gPqVRIa^ukC{dC++nb)VHDluxDhQy>1DeEO$u@nRjQ{?%Jw8pz z$VzT^-i$2*SmcmCATBE@c!2=h5QRZ7fgWd1R)k-!GUMM`pm}PMY0U0hp!c7#@T#u4 zDF3>9$m*8}@deSm?PuUMu(wy*0+GJ}SoY*Q!A;K*^hszbo?Uf^3t5G$pf}DohQHDm zx<)upMJlG=bY}U&nVuVg!s6b&>i!1>0I0b!LjV0I`lODaR)e}ne0W7hg}hYW^U$>{ zc$IyMN{suj4kW#m%$c^8TKfe+kgFijm8n(~<}$Ucy8*7%*TGDj(dS3h`aF6j$WOqTeNN*U--AU`rz|t3Q~tx zo2Bt1y+Z?q(LSs~w{Cj0WPWnvnFF!J ztK2XM>@OLd+w&?BP@=KE34r=HhFph-0s6~+c1T*@`|FBu{}(dzFgg|+qo6e;vVR$x zc&~}4Av>9Kg}`Kpbppc3Ud0YuzAxMeAldylU$ZDyzuEyq-l?KL>W^FRbI1qjENGw3 zIbHa?>=q1GU*q_wAqVTC@XAsh=}pKW(58pB+Xi^vaSLeUNG1N=Pompr9lo-qpUNru z(9N@RO#GGN(V6eURf~pkEfa8B>wq`9m`WRYxbzMbICi&s<785I3;@H+tP$?4Hk=!@ zb##{ddc0=~8CJdZod4|`Dey2M;K>lHYrYK5uH?tj2cTNMJ;?wkD8v0#y!J4F13n%+ zvphY4{p+X533#q)qR%`V?En0JB}4#IJ?+fr+FIXURTJEC%ZD!MVxoP!Zo>)|@CIOf z;rGTuUVks^U#RI7@>FTRs`SlQw%|n4@}0>|u+DGjUf-61gez9QvTcv!93 zElGmxwbpxXxLdt`r1-n~1t^7{K4_2T!O+b`jv4% zRz|Mi>OZI#!~r%iMY=Ub7h4Clp=DhEaT4~NO?JTH3dRJgsq-W53d@Yp7lEn?0@&m1 z!YqI#z8xtXZ2TC${qO9@!qie&y2dM!O9G}7QXvPy13hWx0u)fQ;`aynH$gV=;hFrc zHeklab824Qe_C>T(6<+oEA}2m)8u{*C4c*J%yY!_$MDXjw}gY6H{x9y1d3X&kU_j% zgw-*^Zi?Syx+^AKFDRB!-rjTbF6TN!UFKu>vfJz0IRR$Ls0C`mARyZMul+Y>Bi`RR z%r6g=KBw?yCHhK28D`+~qUy!||zz)VcMF-WVhOpSsP3>W=#UnM2f!iPJdV)DHygG{OcK#4hekWf0dUCJ8N>=@V`nshK1sxjs;N2 z6o64Nf@2GaJx}-!66Ek;?h2?i6?B0Bu1@pdb4*p`#IeMhaPI>R6|I{%iFiq3yAv_I zE2Et(bDY*&|Hn z%uYyQ;EFjX*mY^m068q|0u{uJy6!OO<&fdw;%pHecJY!^f>&Td><3dNn_#X5C{hvg z3U!mYD{cCH6chd?6O{(ySI7aLqN0PXRc!R8a%>m7tXeC?BH51vB)wFmO zB%q6~R}$Hu0oE6X;uf-@hI{htvNwjy;xyqNy-j z8U|W}q%R~xw8_c5$P&HG@PEgNN$`}3aX>UO&gMSI7@q6ZlrI7(oGXu5Ocf#p6rxQ- zodRQcrwgMbq6AM08zhU6*dnAN^qZJeo=}nGxbCmLA_eYj`9}c}vE}UPfB{Y4Pyo~d zNpDsMDJ0YTk|BKfWWB3bN1aQcSHWq8{}bdhei9gvu(=Q6*(U`DC`k4?2vGoi*;HB? zc(MMp^!{lk?uN2AdsMqbksYQ;G!Du@t;!>U?6!)SCCVeE%FmaaVo$3V@0S~q%WbhR zGbHpfvZ8CDI712~ToB7&ko@d}*<^B#9k%{%y9Fqz{^+u)FmP;8;vMR`_swuA4 z>nh;i{h*P__;5^le_UB$OCCPy%3x)6#75Cj+)eVv-OMxq6c5P^0OIg9=ZN-H3#1DR zOFyWYr@wW(Il1F!dME(=KcOCA$Vx4l3&^q0OsRG$JxBe$Fd6ihBUO!SAEebbwMcxL zuHB2ifoH8oZkYze(K!*$Jwfz9+})GR>LID}CkJ;8Tm$KB01Oz=EmPR#El?hzZhD$N zO^S|}T5}gkx?N$FI0$sagT(Pr1eRo987)#k5coeN-SR8mwg-}C-_|AEKzr|0u>&f|W&UvF2T#VQr) zB1y_M6+iZ>B_=D5E-QL;5gt)59uNSf@=(eUsIu5Ie--HMqZiQ(l?g{Vaub?*4uy}e z;ZU+@5URe+ViFjJtWr#>O6#t2zN)ez;()9$1UWkG^09_=iI-}{4Lvm^+$(skK9s$N z{i1?<)xGgSeiWL_7Ev1)P4>74;Aany&wBn(_Gx@{t&(&U>5m2_53sijNFw8f0d?^D zGKnmTA|fzRrOZ09>i2vTlAJVfhi>)&>)2ssBoMtQ_4iqpPF>+zC(sQ6EV~3W8J5CZ z)93k&rh7bDtWQH%6KEfckdbm6B9!3XgU64@@2uAs-W%4v`Rwr-JFMZ_u;picUV(46 zkQTzlujrs6`|!~Fo=`$(3cOv^ytTWdO%&X3SW9)QF+sJGHs&b=UCBX!WD;?PArv)d zm26WWlKD%r@Do%#SMCRC`}r{zK}1s9RLct8{nO~h%Da6{<5+X~c>L&HAxe%dB4YPc z9RaY=B8^)Q>i69xnZW>~9Fl_%nd)fsgP0jLjyN>-JZ!Y)NVL6GY*YrZAObTtUuLm) zx=*!wO#!cz{QMpLo}ZC3)`RWNIt|XAbpLL3@4*3*XuFf@cpW3-dh44Ei)^~u9SXC# zS-n@Rtu+5&+Sy-3EC!JAJXh$ci4*G%x5+^rCs2GKh(Lfv*S+1{EM@o3y337V86mAG z2P*du{qE8PtOuT{KkWbMAC}`b@)IrVgMn#dMSC* zU(bP=Bd6Q3&tD}uMbCM@Oo&zlByK22YZJ)sICsdoQheDkm%6oj=1qljLM zIY*jbKy`&m`B?x)e*rVf%f2)B{b%wnd$PNo-dumdWaPv^V?Giz79+Tw zBqs9LlWah41jxeCx^v8m8Aa!a>&F_$&Q(d$igYej76}#`%loo4jd(}=J7r}!FLYdN zgMz4S;A?M(!Dp!a$&keqUP zm;>P*oL(jjZ3BMPY~k+%bkY4sMi5~lxSI%uQ*1V=!h{{N6bIqR%85w1$wLdHl5T4Z@wg}hp7=LyV1pA%`2w?OZkRW^%>Rs{ zmq6K$qB3Krm@wFPH|iYA`Y3u6H2N7g!@a>hH};6;%V_h^Xa?n2F!X(L329l-!?|!p z^_8x~runt*so_n0QpcfLaW>d3+~OiHU@W;rm~%$vL(|6zVmM}g9uI~o`sykm$)d(vsV5YQ`Vs_rioNVSrF;6ZybQ;*+WY18^6N7 z?sK63XV4dAQBAm>Y!-dd)CXDUNHKq0UZNO^?l<8*_!KIY#(v&@b zi{x~2kGmIMUnvact8{pplY*hvs=v0owjmrN>5RW_pxQEu)FZGw^o z9Tp29m{w9UpLEX3w8d}@T%~Ad++cLt*Zf71yo|xFp=DdeSOIk&j`ArJLnLdU7ixbB z*L=6{(S(JfCWK#iP$CM@8IULD@NuxpvBvZR8TkBkx8c>`1_kC9Gmmi;a+64Va?>TP zOEZ}sPt7Qex+Ho{7s~K&uCK~LsBBLoFsL;R92P>O$y!jPfQdK#@9zM5;o>@IosLq? z++8=l$hXEt=BS`yr_NHuygcksR>+vy&bVN{(EkY&Z|GFYru34CWmSv ziQiz=xM6m0Q2UDSRG!8MReR>#mvp?T|6Xmc)zkEBzCG#(Tv^PwyrBs|wG2{(G=l!J zwx?2z@rgIeg5`gl$H`86LvC$hFi6prLKsXboA&TlE3h($R(~rvqpv$t z-b6mROF#o*;%Yob7{z`NL45T5k9)&aSG{`!hShBE$gDo5_;fhqngavYL$Cv47vXD*vbX|6p_(c1p5Io72 zDHIgUFOJQK*RM3zF=oyYsYsF7Seh`d_NEA*7JDs!RO`9ILBS$HSn&gM3^J9cU!Qi| zYbCRZpd=!9qtWx4mqj5PWNcL|GUGg{S#1WwKhG>6@W~EstRugx4qlJRx6INbpjOeA zzqA%Dk*mDRubUL1O`e*49yuWtAD;mwExPdK$k-DgslUc~6zNS1NJ~f6^~O3+Oh(%; z9Gp5wM(ib=4BVfX>>vh`B!)p**jpbc08-&>@Z7nm&q3ElgonGYl?ZXYd#^sxD14@Z zGBW05E6ks=HfiIum?C*CJp|s7V+1+qBU*QMpOLtdzs4Cx+I+ClqDK;Zlz)3|&jSuxb z^9`?-uUuMsVb3h4w*itJ;wf+VIuM%D++a8|^1~NPk6cGE6`XL(9Rw5Mqu^$~^rhoY zirUGx&nbrP>{9t`eak1PvVA+3^eJcEyN~@bBQX8J>2a0frONqXh@S`_(wX^`UI9kP z5dWI;@z~1e`5npm`&~E|*XB{4v6EmI_M?(YV)Zo}JZX<+B0!VeUbt;;q(Rz>TeKt?hM#F-5Tzq!HH$ORpwb;;-yQ`3QABd~fh60$ zLFO8CJbguoINu&fP|SYfv(qJ~aaMV9qLveV@2=2jC?CBispl~>o8smLEzE}z%i4g% zh}jLW@JW}k+twh%WzPH_V5e*l7pm*m3o@CBgJm$`^D+40@q?mdAn&btj1WMhgkQvs zUoQ(Iv^gFWGf(`%cQ|Og0Rw`6BiW(=^3TO^9k)_PegTgjhGO5C?C5!8#JIGY`If~PNIHGmE>dov#nU`7zb|Jp<1$~ z)CZeX`|q!ygNVj*Jkl44SeY2tjUJ$UtWP&+1L2R+Wl}7d7S@5I0H&n?`U*R|NZ?kI zp7sD8+@x01XJMYS7FBWc;ku#3Hz6G&(ec@DFKwlxDXUF)d%<0C*{7Xv^V^oxsqlwo z!S7l6M3OY4mPB7i9lbJGN!zd?W+W$e~n5A%7-sJ{$@PXol3Rja($LfPY);#S;`G~?x*^T5EHs- z%%C%NbQ9jYO8p^mo(Qds{#BC1*upo};9}*s*=HVa7ZaoHz)32uzr|V0UqQT$-{52E z{XJ?={=gMNtIXnPD%&BW&HNLnIR2EZ0-?kI zD0Uvt*D)^QM*oC=(i8Y3`2~@SmJ+?yH18%jHL@ftpGjFJg;SZHcRDO9m^H)@v$ldNRTqJfD(_8Nsf?pEw^(VUu;VKH!#;pmmS7=|B}-$?;pc3<+jhFm z{9n_#xJ-JotHfm<-N$oX$FPMQCb={_p`UDgoOVF@2jX=!=)NxuUu}khm$~vI@AB<@ zy>pQ|%sCl(jiS3WeXwU=!Zt4vErXi#VA!FhCVcY+hd}g^gVgC~u}4HOzR>`B$Nx*4Jg8xdN0ar70osqkPTfOm}hk3a`uloqIedMa;JrTya=58}_lZ$-PR1XW5(re0h z3G2Fb-SeOyci5TF12byYj*{@vyfh9t?d=}?J^KFERr=RO8}>WLLmA4mZ$4+46>glv zS>OHWt5!usBLhL6CDGLOl`QA;KVQ`)Q8H|5`m!jXnHt@hw7+lBaC}?i;ZQMLd@b*g(om0M5wVMbBN{8riBc9rKJx`$s#7hCon#&7}k6{!W}{IF^?L+X`_{nMY- z85?t_NG$dlXiiHY{s-vh8Q9!BZ`Jos)i$UO1VoUQ_zUhx)z*VoC|OW+9iQv7eDOSs zo%axlT{tL6OWKzH71$UVV26AiuEH!0H6lWkvWdGNx@m`BQT#<}CacR?DU4DM9Ee+;~XUH``WAb zjSmjLN}1g3j?YAN$E(VU$`i)uUYYgX+Fb0|C*{B(Fdb>k4&{&)PF==WD{zf?_)N*Z zPn}*uSy(B$gW`Ts7HVN2T{*B`f5H03o!%S( zPG5-mK{?lpPINRhuoo%}Arv5?rj_x646u;iTjG71n~S#!NaSynxVSQoyhFuq2PxC2 zV=vGP3*&mk*;9Y11WneOnAdUoJTjF86hLVU_-gR*NZmM3Qx3tpI$^HKQ8nZ%s7?0gQF^bdU_f`$DIa-B!T^r*hG@^juIwt&ZG}xmLa-T(QhzkIC5X$uW9`| zWn$djV)FbL`EjWJ3T!<#p;ued;Kxk&i{eiaoNfqMY2P4JTkn%)w`&wJTEg%k#*{p7 znp!;V&Wo3HI5~qtFkV3U7(#av2uJu15FpqHz!Wp9Sz5##>G1f^AZ`eT*L5L1_D(XJ z=IboHEDC3D7awu}<@plt01)Zqmvw6!D;~*WE7CudGVT&+KAm++4Tfib%aqU0Z5e%Bz3<5Dr4pK zYc1e!y$MG8c93i>a?mq!H#i|A#^Qe3TR~iW=`bDyog|aTjHb;~??_iJy`>&rI^@uo z`cihvu!#SQqFca`od=Khn-vrOQaarp* zB>1-7qIHn9O`Nrz*Gxr`HP7bw+eS+%0MK^9l3gFC-la&A_%G?LbOFS8_Iaz2x7!l4 z0=-RR7^sMVv?~GMbNs6Q!1-Zk(@WdSCahkM=c{f5Afbmo;|R z_sBE6D$@tGd3_$c#52#;{Fk9p%**=D^u_insB$V6|6j`LkA zzX%ScEU4=WJ)=(MMAZr{LG1{IpHD=3<)+R0oFPWgYzM=Q^yyUUaV093Ev}8a4pVv8 z#2xDm>z@w$k@at_gqe6hu%2UcKk7@dI;YNCy8OhPI?JDxNNtDQaz-V1TF*nDk&DGc ztwQV)Z!eXMgKA1X9X5P2d#yt?a#v;PQ^u~201=pDVrgBqKKXK;Wo1jrneO3B%iF$l zY4RqwiRl3Xx9HC>?jd+mdq8nKM1j=~PoGHTogwNZy%uB_&X_<4Q&Xt=tN)90qJ`rb zYuB#@?Ukz6xi%ZsTvi`?xk~w(Auq7(y>NIZh+aD0y+AQP(7=BR6S$&nb--+dgjq$| z7)LE{<0^>SP_F_jQv$gx%`Um1SMV%OUVWD~4$E%mHI?^S<#bIoV^?i{-TvqLp@Ipo zP0icffe)LMxx*kU5!hde_+UHeQ$}(ZSDO4*kOYr9nLHG)7@tqv0V&M8>NE3}0fLtI zu7gj#ErZv`nD!ZcU2GKg!*8xexX`6(vp%?RI^x>C)9l3~;-0qhP7IARu)#XJ#s@_u z^pwERYw;*VpSuN~bZAh4o(>Ttk%C9bqar-nD8~1aGy3~|`%*HF?s0F>n(T50TPtxx znsoOgYQXu;0Nv5IKCM)6Q}<5yfoo!JVZtW3qgO4(h@3+ z(TQyUu@WIdytx1VySIO?_qjiGr_?{KdJ^mt0u=@ws_zThVVkWj*-JuNMCdq`xbS|0MuG@ArGuiYhJ6bXI7PsW zW@>v@YQQo8t2ERL36%wSD7Jh9BF;vaLwEOdz;*!Z`#=^~u(j>aTefE!E8%=*mS(7I zufIReBsTNYH`3BpQA15CIVL?1-y7^1~_NJqH zfUDJETc_nL6nlpNmtX7_BktSVLHan~I*ljD%r6`Ie6!s_@}j{mtT0nyC#+Ny?#&2i zX1L1TC~(=2B-@`1`d9KHKSSq!huK@JJNn9ro=L)i{UqIR7_W9%*e=vWha$< z0c4sm$?po5Q^wpgi^c=Ph{C^W?pZFLMBONLx&GB2Erke5R-TA{ftK5hZh0={ya^Q) z`7?9x5l{pxX_eqkVpv^67t9Rb-U-G(KB@1Rq>(|h@!&Gsaj&1o;emhc-u$bj9nCs% za-*85_mN7r%N?GA@DhETqo9u;dAb1LoFEWf#P^J65D%(%m0_Y_V$%YNcvfWX^Npsl z{~yNwc?`&>m-9c2-S7$2rY(?!u^WSBecm?u{Q#J1_#(+wU0rqA$iXY;t}n zZ3fxyh$TUbs^yh$70_j7hQ27EtQ)EC^BA4=^X-cUTOJqX6sk=dq!0s%bDM-6zEcYA zNf9|Y{x!XhDu0A7j7k9Eu)!?Xa=|CRNf>($Z%t$1rR?-{k>lFQiM`P5ygKHB&3`GL ztJ2`9Vw`I2s8zkqZLg0#igWK`;Gr7S?6WmRLybqW@KB6aW4_uca&z2M**KjdQP%c*}?4(O({%L$*HnUz@8Q8sBP z=u@=5Lk&?%%`-0tu^jH@1@~9&>cEGo6VahS9v`UCq{xpM@!lloj z`;OAe{b7}jy>)k$gHx=b6A&z|>z_C%GBkCwr>sq^;gNYr0>WA#AJBJSEFaZ;nLl>i zjP7BP$WoV-)@_Xwa9l%Wlx_~T&(XWNQnPx+)7h>1KjW}xiM!>L(8)Xi5*x%<7`YsG zrtZHc7evK_Xee$E?=lVd;x>ZJJPeK|a7FkR_LPK3Mj1W+1yhNMwC%n7PYNO$IjDTE` zB!pbKIGeox)!@I*_3*`#!jC0+DEvn3uXO3nnr=m&z}9T@pdcsp*UC$hwF(Nb2r65o z2bi2l9D8~^Xe4sNol8t*MDh4&=0v$dX&g35b38dA0u_x-@uO`L*U`LjOc-;qgeoVs zKH!i0({$a)h3RF61IRR#Au{Po{y>n8gqNhzOSHJlrsns2vch;@Aj7+ZB3Z?(EJbn+ zxQ>V>ldBEFKm?RHXeB6&dGa{n8X+cGAkOWz#E5c@b|xUqKp(_RaE+JXgiv{&VVGUf zP$N>7v_M~zYCkvGc-$aHzR|5YxS*7?-!oBG6v@1KHpIEpa!-wQyNy}51E^w<3_Y2F zFzQzcn@WP6YKtIT9$9?agHAUrU{u;Q3dUX8tiy=UV8$O%XzV=1Mqg84Es4|u>2}Q) z*~ni4|DIp4C6gJwPItq8TMrCqyN{oKj!2Kx*A}w~(UEiLsKu5+lXNg9j zGXCD!4VbF7te5s6n2Zj@oMcW-QXiowSGdj89 zE-A~ZUUU~Imi6j2mt~R~a*3D0kMV^U#KEXwnO^B7O|x=nj`6c1MHzB5SZ$Pt3S}xH zn@DA>hOrSIf!s=_OB0Yl^16y>3gw%Vv0KeERudpJ_48)0fL6Sqj|>{(9`m@hAVH=w zE-msyRFZ6a;mstFO{@O`7`iPs@S&C^!KbN3EsJuUlg2>74?){_;52@XjA!nD60b_+ zsU8T4r&f1ey7kTgsLmtEoFXmtI3d_XZ^qKXvTX@Og2g>j{P}bIB;+J4@1#WF`SW*@ z8a3<0oU4RFlQ~RoONs}*7OlpZR~@!QfWJ|6mg*+j_^=6v!%$2`l1y0f?L^a$qRDA=%8queEEXO<{(o~NVZtR1&=UvHK4okFt1;(3$z)Mn7d`V zZU~~1tR~88C*D9Q$@Nu^ry#u^t#ww2@(v)ea%D8-lx*l7_3n8h3ZBPDLfll z_L9lCJi$q+g06Q@fi_kW=33*{uKPp???}LYj(obwDBI*Ga}sEnX-G=DVVPVv!JhD; zsiR^1Pweq+@my(o((c?P#qnYI;`BQ(O34IN?D4>dm(qp^lByU;iWX;>A5rzZIZU{x zS)J4j~v;MC7C4T9kD3r$!N0_c6Wd=-J9 zaVT$UlPfNV7i6hE{Z#v9Q=O+Dc8PX@BEi?3S&sB~$NSudPFbHk`FQfMS#8Q>(~#9p zlR7mDdP4cI@eY5=X{K!30!8J=FEk&c;_jii*@M;wJplYkH|nY=<~0X)Z<8)QSuzPOey<7@6LVP^6>eW`$|pLUngZ7-1b_P-o7qB7MTua=10pUMObgnUdAXwbs!%HGl$u^AG;HY^tzt={T?eHn;3e z7B6)`<5&qe5r(HqTFs}9LcRyuMmk*&Gmz9!Cv6Si5;DdC+5@aI6)sT(7xeM{&2&Su ze9rXpVz`aVl|AOF`|Ur8K|XoV$qYBGC;mk-jBe$VjzE&FmyW%1k)od^&37J%JYa{4 z4EWa-IEgJ*E|qpd2oaFD%(1(g?DY#;p88HWV z-kx;c%lJ*h;*XQ>Fye*CscufO9RNpvIfsZLDPg&=G$D4$9rdm|5WY z&RsjJlU^9A>58eB8;5-?58NW?MnJ5u^xP5 z$@=PRj;1>2aznEvWDm#3!Kjw7*9Ls>vx7bKg+ z#~ie!>ITwH$$A$*%b<>dR0vQr>H^Rjzc-PJJ=Erru033~F-w(d4j9364gM@p8)LQ^ zvp$uf&iyaMubbu4VTLeYhPN_~ECRb0-(4*o^yNV1S~df*m;zz1EorAL>4@@oyb#u` zXLqB}%p~rFaBTzS?7%PPiPDlxM&kW-sy^z#2lkqEV%xMr4sdlc9kO?C*>^z5MI<8edim z3P1z*w#kV+TYwiAuhBu|=N4JH)L{)1{y2^1=}HveE1YU|X7|MNGsc&v zSLOs?`$oHuz|}-+;4W|{$e;;ZNRcmCWUexKD!Jo;^Yy_LuvXa@Tu1{JD&Wi5s~t*C zKS&9YMsy4T0gSR-?b?eX43~U_937DC+eyRG*1BL=8VMLC!SG1&&&6< zRNSRTPo^;AwR(Joq`9G1K&pblq^vrU#7|jZS(H()(YNZ`FIpcA$%HKyPkLsl6SFF? zY=O*F%Wm8fKsF?X@uZ&d0R3DONbnwcl7J~!Ka4T-+Y$_T!MF3Gw6^lT-<_ESwgNPQ zr{c3tVvWC+fH8Mnwco*sFRrb=xF4@S?ZDOO%swq?+#ZDhz8np5V2#~Kn7w%Uvpp|yLfBA#G8wTSTU|R^&?`=(`430giHMq zxrR_zEy8s$&3{PQSBqX^Xt>(X{t;lcLv&2Fw!2e^({(vpR6`&Hdm)1%A;PfnfcO2F z)}w%ab-!sv%r`EfwI8Jv4{pBFdMcvv+X zymd<~Fk!CNG6g3S7j-m&=+COnP;?OKCgQ3 zO*&F#Hq}r~(aHw5$Z~i5=;-Mu&?ME;>E@tzMk{24NKfL>zxIevUL1Ya3|?XWN>J1w zJ3H19DcP%+g!rauGV9I4wyIp}5$BDF>84#}2{A(OvA577Ecb|W`9xL3h}6s;3Sy83 z`odahLWpPgoBG+merwkFuDHgI;7<70@I$j@A4CKgOAX3y{Jc0h6adihfD7+`{l)DI zDBG!Q_M*;faZKR3a@U{_1pV>9+cNm|Y_tJt2l#i|@Q;*zi$J&e-{g@M=kh$fW=8|= ziUB#!fTY{A=zCzY_heB3q=rx0OIm2d2gCVyEPiMD7h><#ubbhSNVp@q+*_Oc0h-Y$ zl;&!0Z@Dq9Q<4hT+<4Xqyq1u6$BIsiu!RKBJfA+N&bx0K^0-jSC)c@25YuuhMyNkI zQ}<)I^$qT-%_x4vD96!0QS;;eDW#dz&slSzj})ucTuOl`&2wW=VD(hQ@&4a3+A%hc z_7@!dPoa98R0jZ&ul4WuWLh225d7KHg$#vd=$66imI+&&H{?TfGcVcJ?BLX)8vliK zAV>UaQEli0^Z;G120Q1#WhHxt(A`MSFpKV1A1m~lJ?3-21_Cl5au3P@NmGyb65~t*hxZaAoj=qc)Jf6pR1>Ik{D8!nwQ7 zu0hf)MuI<&+O%}dk_XZr=u41iV}7qZnXA=cw;PZ>kwZSslw|V_p_4ygmtTj3{uPNJ zCsYScEOVgS-Wzs^K9|)A57))X>BYzcm63XPf3A6pay5p3fJsM|MO4*C+>zAc|3j)? z38WJNh$qhuRoQXGgZ@7VPx^ea?I0OD(uUi7Uug=*Ne1LlF@wt zu=YS(GZ3lmB2_*#+6H_xNPX!o3~+pTO-C79O-ry9orNcs52o4drk!FH3kF$}2Kv5e zGA;q^T;_g`W3d|xr~uhjQF*4}sz6cVdz!D7cV6n;?O^;2Y!8x$Xy5mI`a?JOJR~p_ z7_1mMmt|kgD*M-p^%78|$P z=Tc33FpCf;HBS|#?lUA}7;$peQcB^Dk(5fuUax}eY?UH?j>e`%D2Hvdx-38YVf+HX zUMWfo%#uCQ*rX(!tS?4j{E5JsWuvDinP}UE)Aw<%j^Gb=ar<`UC=7MPmu2_x$A4Zi zfV(^_BW+l^^gM>wgp@tJ@!w^xqavRa&btFYyOB8z71wzG?$+)O_Z+IB0c-yy(rzLh zhx9*BIdo^w~QF)$WGXNUfL^L`1-E75jY;?YCT9}mx&+qBwh%K|PWQ|Aty$i#fL3vH?& z7l8^h^lRRVv_0>%@zcC*Vn^Im^J^sTiSP6;$*{!(#KrL`xTEMx%W zx{|r53RLrt(|i^0iPt^7zViOs`16q;69HWz)q@U8KjOYsB_6|k^~W)rJl*@1pok_b zxrQF(%G=`)^0o2}>L)-eABZ+l^d4~v8`FqGa+U!=v1*{&Kcz}uy}f_p+#wN@w_0vA z9!!F+&i~|5*2WjU&!xH{ny0A8Rh zpj~IgCB4uzP|k0;;~_)M4CsFt`z6DHDVT(@OGX3yEUFCXhLdr8W>$5URrG}DpZ?$` zM-IT*71MR#3XsP#KQFSgakV3Wp*Zpxd7@(XB>r8~t&pdkxOchM4f*q%$b?=v%QBOp z9l^E3x0Q&6CL|m4+_7M_|1Pkb34{!v|5fqvT~Nm5D@rc;9+ex}%T--Pi`lF?y-aw? zwG7yO8NAvVITiEjgPin^{|oWPHRpur#7k?%kS!(b+;fJG{$s~hR0PhxeRQRjkAW-l zu28bYkIA`X=UMze?ni$Yf5g<=%&0#4Pp$28@idwP35sAKN^HK3ZV>38Q48qWPAE^6 z8t4$M?e_0v*nc)4U?G%?Lbay0P`zYGyy?&nmf{y5{{yeeF}9fCf2!({IhwEAYc78k zu`_Yqzm)UV?9P9ly%MSnBGgcDj(}z9?qE!O+SmBZ^yz_Y?oCExM#_Zg9X!UX)$+ARqe+^pGI);p zxZ{WE%thnEoQn@g9;K1&-=qLZyUo1nLHqg$2Jie{Kd%NDm%J?~XTN74B3#92k?YyL z#Awp;KjU};L1^3UaU{1KK@-)cr6$6(UPTIH}7p~XpDEv?yP?H zvh%%=#T@nhKumHxcD;)CzRm&`@~GG3R% zZ_7uz%zsgMc@kwUDwMKlsTVmNBcu8$k|AWKaa--z@V`+IZ2q6{M(VGB3JF|M%fG-` zYNe89_3Up*oolSF<;n|N4tI02Rj{>_HyZ|rr#oz03R;^;D|uuElS!^f<3q+gc$ zaH_P*OrQL6=Pw&%Z`Kzw_3%SCV)GTW>HwRMJr7MfJ9Ur@t~(FcSl{h(TRnZlXf8v? zx!B`6QoS^C%$-I)A|YEzB@;^PJqCB{lOLe+=EUKJ8$Z199v)=w36Ymh;~h-WkcgG`RMk+hwZ$`D(NGP*q zxemf#ljbg-gVL0h?N-zH{a8&8)1@w5w-FgdDt>@iRnAaW$8JV{=t2{PK9)1hgY#+l z_{~xe#2fATtO~hz2YWvUJkq3+o%!+v;=d_M2Gc!pOk)!^tL=9h5y^ca;3fLyz3#FA zWib)w!AY(&W_w>8y;foQ1CeAzrJ~K56KfjA=#lN(Zzz*i$TBTPt`xW2&b}=&t)wO} zL2hI5gvF{BF6kzx10N9ZW-L%N_{?C_UlYP&z58DW{aC*8X+}ZKI1=z>whP&*zd^- z7LQv90y#s>!GubORz^RAb6=>{xeU9ob)8XS;rP=>r?*n~k&Mhu7ZOeLaA zl=-IK@7CG$)|JewmbKGO6o{7D^zS@P@?JDj5d&P<-e!NFg4htW6{}^^ePeN2!_t+> zd(g$W?H@skC4~=;>V&-TVvG?l1AIL?6)W0I)gDal-Sq=$4bbEh60Dc4q}cNsdfHkK zorFF4Q;Czh9xUZiqCR*2s670_U?cO)-bz(m)h%#8y3xA!{x?Ibpfa<#xZ9uazFTpu zKUlW26h!Jt_1M)zl$3{<20u2Up)$sw*~YC;!(NAH?(5Rw=hiC(-(TO?h%5DdKImyo z!iy*zq*n%@-WrHE9FE_aCchmZia@XVOacQJ@j?XD1eH)ZF7+iaybl0M@;)Ku6OCmJ?B{P@SE zDa<>GGyfg0>&O-`yM4chyAfz_;wx<&oUTrKuXctVi4-5@u5K7KR>COr=jvVADVYf)?R<+GF*)akXEbF9@t4bM_0)7=4J6NXpWh$gMEFl%@U{Aq;p zu$cQ-Iqy}55ZQxtKd%?|MY9_nMX$S13SS*N_MT843*cr1#0x)sjBVQ@fP%@=IJP@4 zeJeiqnr8X&b8N#$4tD{IdGESqBgUr{;A|&K?Og5 z_igz5k3rY5Ol0U=+Zxw~-S(B%K_vqaY1Se6wuRsmpodF-?t{Laf5thVZsDbu@j}ee zdocl5tI}lkxS2#cwagc_m#V)z3&mDS9id>;dG!3DdT999YlPv9_>f$wjLiuq8$b8A zL;j9ZnBg6UPjVTdef|GMK7HdfQ}3#=%3+xrt+_RgxI!PQNfFNCE=RIZzsLX9f>cdkQkp^&K|gK(ecaEBak61F3(bpUQbt`hYh(HAPAw``|LngjlW+7X zL0PmmNp;D=E%;L}m{}E00w{|o#^o9hLH0Xcs9)!M0ZY*E!)8Dl>ZgEC<^`N4Y>R^k zWad0+M`Z5gY*ADVg6q!Sx=Sqjr;TD8BMcL>echlV2nL}!dV*erW{nAthYty+<|fMN z9s(Zjzw?|C>mrg%qsiQ~bWdr>ji&nv{1mg*D~PXeDMJ6-$ecDsefvH~v>Iiv(C-a4 zTXNZL|DIeFOHCPqh8-apDG?#`84so@#jm%KOpbJlr-%kVf&`(_l#h~Tc$3)_z+7>Y zxMRlhWrpIN44vGUo%^)A3FbYzdJrvm4{3%vO^CHaLo5DI&2A*ZQZ~tH!hqg@N42fK zrmZMX51;~)!+8N786+8%ZfaZ>IqJ$1T+W;>%C!*4C1Wx@EWy$e{CiUde-+gGePX6G z^|`AKeW7m?U#p8UhT(5EbQ}q^0z43s9gZcWSLi6V(TUVyIeO`sE!|7(<|tw%$?gLY zQ+q3Y!2${s$06SY+ED_l3#0CPbku3x>&DM3k8#Wf&a<-gKJ+$G6wG`Yl%<=L*lI@d zF<#sb`}L-Xn+HIQzCVM;_ByLMau`YN4dkSm9*LbBJ(?LcZIgKuO!+#A>yuP!WmCZ{ zX{a<;onJf4Lw6};mLrtRJPsg>eQSHv<{Kz7i4BpW-DlG9f4FBv_ZCS_5|?EO)ku+V zB)whl^grV;SuN>b3E}1aICA*`%2z(#YVdJ^)`$p;oTz%4%^Vn`Y=~M*9sHQL6$G_w zRk#cO8Imq$Bc-uihbC1X`-h9E7(p1al@4eA^GuWZxX8j1I(jW%O|UmnLkBF92tBXxx8L5pB{M0-A+BN5@?I>2#e0k2N9wo{ zCEF6bvG1)pHCl<384&WKN4jC4%3E}<<*d<5dRiK|3MBbt8SD{& ztduAp%BPu#&BO0#ZoQDolWh?5GRQg=C0|sOLuoIXi*;DYnw%OX-eWQ9*jS_6U8}@V zbhz*ZN(#yt+oAOa#`InwahwCDW<HU+hCBw>OtMcf!Kv>RO$JH3dXMd94&>n zB+i$_|4M^TMxqyPzqXR;4bx$>6u*=8+;`gLr~;`KIk48D8=9;4f+seb(RzS%;1=U| zM)nj93Py`Z`To99G>`MEP}Dyaki1$0Uy-s~YKuR#taUAI2S1(bKnRG2i<`OK^SAWFWpv+vO5C-wpbK28 zJg%{`kp1#iiAe@>Smj($cT;gzFY_XTqQmWBhvSzeM@dB|1;tobjBpbJf$;yxy6d+l z-#2dHYZk=lMp8yM4g?(CFpwDO=vG>!9I(+KDXl|NN<>=0kpsu->wS64f=l5((&zGR=_g728x0B0weDWWoc>%qC;9c2v*sTo zF3j4M>!_(-6z8zz3@Ci*F#^%GS+;T`!Os-ck^P*3BYvu4w7?)#kY$)#Pj}Ejv@|A( zZP+2W`h$z;=h3CjVErxGFHKOly0z}lvMR;mJ$c+K*8POQs~1PTzD0YAs9VW!*}Ku` zAU7X`+cl1Z(?1EpMRf>B_GZY@`&APrc%fMQdU%xo6;bm&#TBufJ;N%vlR|puq10u| zwgtM`?gNWr>C`812b@b{xAQQL49JF^(0UUHX-n!JMjKl9MfU&Jcc`Ah zY)(yfdMBm6sTo^GxCX9xQ702?22aklQoogGxo-XN5(LL)LUAXjS|5SYT>TTintNR) z`y|^%{6+wl!9bVezY|XR-&_JBXveGhF;m8f$cS4!ku@mG&lXkuVB;`0$+%yUG(Rq1 z5$h~qd{iWYN{DV)y*A<(8d1vLNrN$SC#vw4m%J08<`{4%o3TRGhaW`&BZ^BB51GFA20-B0K2Dpj_Dtnu-)Bg6mq(z**a^pZ z@O)_ax7<(lUVOTAtwiP}eHAnM{W{p_eVO?&_429oF<cAc+ARCV^;{uUUAPI^l#QkBf=CkRo z+3>PAx~SZ~L&^+My=XV>n812eVm*}i;7^7M58vUM@wsfo8`@)gm&UP*#>u$y*|=<= z@W66h@I#FoXAkLJHFQc`cW{|D<|l%7V(!R6JUU_L+_g)gi6F%hE^-@|J^Wln)c9{s z6EZJZ=hx$v2+mC%PZpe3?mWMZ%W>trT)Sg6cVH6d z9lj=TFDG_AnJaU@x8$mQPs`1vfP}~iZr6!lw_U4`OZ|GHFB6lagc)I)#;*>3tYfA( zil=QRr@iO^XWhUSiPfxnCTD0ND2Y{B6DhkPdkK!?1#`Z8V!Y$}eA50|mR6vg`g1w@ z7vpyQQ+e0#!aNhVvAO`I?o$_cRq+$iBEf;t*<^7tfMJHTAUD9BJHTZyloP~ym7JvF zm)dZ)>tO#`9jT}5C8+!CzP8s%eCUJM%O|{#Uu(AIP$BQ0%|BYKaNUsBaa~CwudLO0 zM#J}(i2M$JSHHdH;@Z-Wz|Iw|>DxZ5S#h*#e!X7za{aS|m+8Od2MNztG()Ad97YT{ zBWdtK{wJ-k+HQJhZw&OjsWLLMsGXxSI#hE6ZmrT8@;gbKy=4sZ&OXGg&fyz&Vm6ZO zPxJ|D*1Z3%ce$lR4Q?@M+;!tNmi(`wS>U~f>wAqv(Wm!TE(sBCF*Afyw=D;`yG3>i z6IfpfTid5voh5uQ_nTFT!xd9E6Wl*ezu7=(gx-xoB)j9felu~Aru0W%J|*mxBsw3D z`kWP>3`hyCeH-8k_TY%2u{y^FZt*_IRoJX~NgwooRO>EfDub`zozfhNV~Q0K$W7oM77-|~<~A5=x5n9DyU^@$c1bLs z9q{D4;JK4Ou7@|Co(SG%S9Imrb8pNzYj3;v<3@Xs{#{wuT6ns)z^8xPKu;G1mm01r zl6?!Ih+>mDlx!$-Puf{lNYt)Fv8X0T;G$;u&^+r%zIYA##^~OQ8qaxpE4RqlcnVPU zENERIPqJaIN-OU7-vHs=q-ukV|7P?_v=?<26`Bc1wWc``u*rEK)1Kr2M6h{JMUGEp zIB!6XH8+~MWRkC@i;qssdyMuWva0*jU(~$G=l`V~30xJQGP#w`6U`Gal3bBpr#Z*I zgnKc0sZcs0TjP=Mtlh)dw*KNE5b{bE&55EO)#^TO@H!lh`l`1o`{7U$~f~)#tx6J=g5=bnwxSkImJFH?>o0tS>zBo6ORrux*)0 zbOwEXnee!@0Kb`d#ypq@k1LY?b4gS`m1$bZ@iGu5luk@W8jTZEn2h|2tW7YQgI?0O{-}8GV_7K=dW-)Rgc^B9qm&HMu@|iTUtq$_OHIH-O zvj3GNLw%-%_Iod-yNVX3rL!vUL1Zg8q5OJs9kh%r#ZMaN62d=u`e9Hz_dnjk@s*sX zdULSis&9#wV`_4YGJ`ubSgBR11ZU)Jbb02xJ?T5QZ8PPxdTDnIx%zhBo#}6;#<{da ze@d3m?SDCT^=|$XenfbF-uIOJAvSD_x1|tq|KZes{Chxq%|H9s^~eke@s+mZFVZ!o zgc8F_3ybf)@5g-`axS#3U47iHrL4ef>#y6vg~c2|c+SCPBp#xV%>`-7#*?x`t^vQQ zN;EL8nOz8dPhXD5&SW-8ZKuEYvaxM@A&V?Yj8raut%o#jhnq^^Y6>5+Zu$i;|Bo3@ zeJRE3AiSb;8j;f`g?Fh9gb>S;9fphLU_svcR#{m`V>{~-@?))xZ;fRnd zEnF_V>=+!A=R01#?MQfJ?;LPno#5WDD<_`yWMM)kOVv}<_4Nn2qqCl^0Zng*aCbKPUCc10%{#1g#jW5Ap8TAyCI1{N5wNNly zj{oQ$gr^_}BVs5Dw0)4=$)<2PYba7kWx0Mrc`MQkSXB}_V|&}n3yuew0Om=>G>{5U=!eE{=JCdLe$OsN}!h6-O`U^q;fZWPj{2Byr ze12FM8HgEET@uFS^=?8Wg~dgf?xT!X1M?O4xtOm>DnmJv5>8?(Ejb`FM9)K|(G73O zTWdyO2%v}qJq%kw=h)&v#pl8xGHy;LggO6wp0c`QB3OZoFwCa7>SG^2$>Y()uFD)K zS(qux3*uofJL+Tx6gfT9BqSAS?7o+3W8k3?t;JM+djcbVw3_rzuo3WN#HWLck!=1| zpCcO##V$Y3c7_8$UO3K{O|TO6@Gc3G;n8vCC{3PWHp~iMe@vLi%al@)14Wn!4Bt$a zbI}#PFH#@O@M)skN=!g#w#N}zymnZ$veaMtJTa16&}f)}KuSW8@lfXVqk61cp4GIL09=Ml0tvM2IRq@&KY&rHQlj!$ zpJlEhUlUOQa-VEA%u-D-)onT?M{&L;IM25I1E<;fD?olir4Hs{t-USpDjG^FT2fTQ zmT?^fQdXzbyU+JFq380J2b}|Y?gUsx9Yw7!AXoHw0LdNzQ?f+x5Yn(w4te*FtGvCg zIb&m66z{>s=F_W>Uwvu2E_gEC4Srn<+NN7{>FTWJ7;~| z>%X6R`rm%}7CmiVc!=zMva6Qot-AIGa)v^f%oD9Kn}z?(uuuPMJphx26#)J*caUEX zo&x9`tsU+9^1y?PZ__J(UwVwOceh`Mx+a6K#f%8GJ={^XAn~N10%g?0ZaFe;Gnth> zW+a5&oQ)&iSXdpmU=}fE!6&mmj+tT+{&qv9W$S!U-*X z>BZh`DHTiSkwA9=zKf!|?9q~J;wkLS?z8LSNn`kr%D1(6!;3J*`9^a3My-pKQYVKl zc)3Es12`NbNg{o8+-a>bzx$O2&XpVF|CYF)tp4TgjRL(hd3{hCsP@r7+_lGL7GW%n z`6+H~@j3~=7k_*{_lcGP5*U!PPjQa;b$cA=C62)ddut_)3;1g#xm{*ZKPn3SDmb*l z?Xh~u0W?DvV^_arbFA=AvTlI{W}N5E3zK0`gaB2HPe|(_D%^zGpw7+jqotGv4DR0h zAYffIG@cj9rLlJPlK<%_yU8ekHQ~am(6>coD?bTtRE**%EAl{X^tS8E_R-3K10y5f zg5vyp^eC9kaQW4Kr(teGfJQ2h?@ao9Y-l?jTo8&s+mbYyem#!^M?zx30Lrm5L4b#G zbgVsdxB*kE5V<$Z6TB44YT=T1P->_Uq6$yXDdRi-)*QVkpX|5|w75Q-B_0!!B*^N6Bur z(-_}g-H_|uO#D8|qFXL=*tg5KCmruEAgoY$^fFMP?ex?1w;4=S`#2xq0&sK=$4Ixp zwYXhj`Cq#fhuCrQ-}O)zm-6;m+}oOMSW*5n-K`Y>)xX5Td=m4{ga@KdU8yR*UmLLfG*${9!6xCgUX2EoummaOEGA z?PcB2&mEQ9YoFY{+)hwm4|v-it$S@cBvudL>Y*|hb+V(&E(Um!LI*NDM!pyll13ov zoI3J|H0~1mQ;6(oYskN1IR;Y402n@$R_J=W+J$(Ga5LU8`L?duWZK?=z56_d;O25UYzXQ!FqgC$+&Jf8LMY_^efSmD3u(;Ue8fQhS z9EJ$Ia(a$4nujKsD1s6aPU$;Cn;1ZqvmhQpb}iu?x(KV#xRZY3jPis6y7w9rm*QRM z{4;0;Fgrm)tD1)?l^$~3hClp0%xy;mvosQcDu0LACiIiV@N#JvXKGkl*`Z44@3#VJ z0{j!95I$KNO*1Z632nLcqjHb%@`=>=s_y}=_k`W{eMld}eVS2145bu$1X#jrWNu5!E zf5`t4ULfwl)rd;`R`3T%Lr(}(qv{)gN=00=HV1s(wn5gm@jySK6mUXIo$ z4$j}Z@Jcpold%Ca`_c4AeyE?P*3Ppfy<{uke6h*_pyaj@Ryfbn^@&Du1EAC#V7rAn zdSZuTke(NHK&m3CL)@i}cvWE$GO(gbNIX_uGVEFb&luInDFw#a35UCMlA!Xq9_C2e z6_C6;RHx&)VR^LG#f*w68?*g~~*@P?O zT-MJDBK*i3iy~Lr!Krj392GN6OQlY7`pt3w$-qI*gZPi;Z^1mI8t0f1f@56LiV-pE zLg5#3~G9N2I8ds*TROIsy}cw&ZZzkkmtOeoMSj1sTCboKD<=8d0StF% zb$<-W!|xmogPJVEWEc*B*uTl{IS$zQ7WQGG`3dQ1L0Uuuf3M3KI?QH~^gL#|qC=`} ze*hsmn*ipYpXvkBZYBf397Ja1DnM5_=iov-zQrmv1|54q$-G##Zs$&ePyv*(R3|9C z#zNXYG#tRZ`Pr=@xfhg)OTOJZqHz84Opgp#Dp|f+2ohFBYSEO;PCDH%3xxRT+4*K@-@;(9tJUCfjOZ?X3co`3G=iFel z{Jp?l{#By=;+snklgQs*?|yW7TNq{%21DOj=Sw@?DqIG!#Pm(yV)?H)YaSy&t1k5! zkN@B?*E;*{cQ7WD1om!`(FMAE71IECT)w%DG9iKmHfd)t=BtB>>C0D1*TZ?V^2|5h z4zAm^>!ON;ASoh=pev_eic#?Rt?L8Kmp>@2gt__m#0PwgfBsAygHGsq2Y8uwO~WyP zc0RTzIf1D@LerO_F1V_FobHt=KWRj@EF z-;Xd?7oXA?eN6G3O-q*%)3n$nq0<4FQ22smLeDUH4Gt{EpvQ~|D55tTHMq3_Y(WLr zuTmaxX1eYswK`^AL&G9VlUpV-?Z;Cc>Ot*X3^^9Pq$Ay&#A9U(LVhAw2G?m0^Z@FNhImRq@x)9Ee1R<${9Y0W8=_QWQm2fp zkn>Vagj+20nRd}3kTa3A4h;0p5zNdu>ZBo!lNc6H0BBF7JdL?J*;|y>Yw~=TloXzi z4h7e-7Aq_QxHF0^(!J_eifhvV{Krro9PIZ`*sD&U1q~5s3VZi4*Hhwu=J?%Bis6M+ zestlN9_ye|bIa>K`UlAuc_Hn_wz~7Tu7zsr2jpq_7a5o3G4usm@RlilEIM59WBrxR zy$3+`l9=)Nj#9-gd&T!O{E3sUSLn&0c}spG=e4}svNTXW&2o1FSbv)2;vY)o3F!EF zops*G>7c^C-Mai3s;&r1@T&~P5Ghhwa%i9v4r*_N&R#3c;?3?lUzXy3Eh8rXLOY4t zN4l&CT|bK{CP)RZI+kzr0Cf&PBD@IOd1O8na)>|$PX3P_-+BfNrwbWA4svCNR>v3A z4C~T?(MFohfrG{clC!B8n;D#CHL0|gjkqxVs1FFc&=jmeT?5+V4Q(S>4N2Bk& zce>*!b)CnbzRn79#@*(kf@MIco-qEy`w%)iy|of6Dhz6E@a|g+e&LWs_rQ&$$@-gx zW`4jEc-z{545y7||_(RVtHaY-eYB6XDD79m!R_qKAN0BNO zo3F6@4Tz7aGrV8@vM;`rL4Mk}48CcA4rL(rlhSba(0I6HV7=c|4zC@BSON_pR$LQ? zdMh?a(m`unLoO9^RMrr_SyMAX317?Y*GR2}gHr-Q4vLxWen6eI7D8>~hxaxTCZ+f5 zLg`F*r}2I5nCjQDSD9W^zw-2zm%Mgo-GBp8kKU}R?*~{kqBk%JH5w20f97bJKtqH< z+r7X}&4%7sZoM6w~!{VKUIavD{lJK^I7`B`brAt z{3B%~v{e#%OOf93@&JTFJt#xory?Zo2fLm6%b7-U33pAMXCP4F)MmJ*aH$jI7B`CO z+4#`cusb)p`<5?+9a)u?fzJF@I)uS>e(-R7$jj~ds08NM)irzfI6wj1$@OP%+p-;mb-N0lzybt>arM* zJs^al_@9PaLuTE&yiPg0`+ zvloYqH;_Cth+JG})bAl#5+cB2xN4#x7nT_&`z*pDQvd)C&l~LeRg=#(ErfMQXt|zu zeh}sdi8Z;u^s*GBH0oeRU!-n(H&v9kKgz*5Rv%lxeIp;QEWwgpgrWiQxS?CL+jx9) zP5gjy+*H8KK!`?*=Z-(?Jg{B1B+fMxep2%vZ!+fZ-I71kf`G?-jjbuhVa7LRa_&FE zy^1o*?pXab^Sn|3tudRJCBr3!DYx)PS3<*aFasRqEn|Zj4)VSdW!Ma9Bq16rr!WDT z?G{g+PUogz&+D))e-WwW6(c8SvV$?toc~mYT|onl4xTS_&4a=w+!==S62cjB=2rvI zR1Fy%Zbodj1u;9eR4 z%-;y1Xcy&bkFHyWLCvqZ_E zi)iSZziv$*)U>MXL!{}X>)WZAFqt0H{qx(gY9HO!pf7Gve{@tP+*@o= zCun#v;og3)8>6RWoZ5kSG*o^Q#Nt(B2H5CDF4SplLfsb%r-5eEz@v={6(DK#{gjHMHQRh9sg&u)RZ{Dv=Ko_@~Sn{CP4&d^eF#OYRJwxEE z_D?Ne;r-~(#uWpB|H@xiAS*~H9cc#7yUCaAApE%RX!)&h#THTges~UwKtg%sqRuIR z4AGT8V-9(^VVz~6Gl7}w>xb6Q0K1pc>C;jpD&vL*` z6Ro~`yg43{|2uq!5XBw05l@D0?L+%djtLCvn-3SBZm{L8k|ispv7@1=vXZk2rFTN< z`PS*KnO{#>AG}xd;!{jmVEA_UpL*S|C>AOJ-wyGehttvY<)F@nc6c@b{lNXp6sN>e zi&L(ioLw@K9hHs_sJk~YbFbdAR~>@}g1H%4MdK$$er0T%7D-vZ3#Z7GjTI?o+TEbh z&ZjVFMEGu%`3zZ$v65kK)JMKmn%D?s+`63~1!%*-L3LjKWZwd7yuG>JrAKM=FrQJv zzoY>>16YKK8(ctOZ`hW)KLDr)?h6;h&To=v?vi`}#`CVL2Ogstob2;_KXthddlYRoNc8YXr z>`b%r66spPyc0*rkkP}L;?62csMX-YlnWa1(<7pMW$iDFwhHp!V}0?zP3mO_C-zWc z9gTqg%1@=tQg_J)9p@{1_01&T(o~+~?zhNRljI(-Wtq1jiPvU2Ug@I-`30y!3jK7F zdshBnN}=uFRblD_;EyGC0AzxHGf7hD#weo^pN&_3K)A*kh1EpZ!yv~sW&%3GNUwp` zN9%e6Q9M?!a9MWhYr1p4m$i?ZlIrhRCrCIWG;N$+?Z!V!qdF*Zf-gT%v&|b96 zR+0suzJrS1BY5XK@<~aQJ4JhN6eLMks+O3lG49w}sMJv?;uaVX>^zaPcu6`lhAGuj zwJ-hNlAVpjsGV%L$+NRPLa%}{6g-ipnRd5mVwG!Wc*YJ-;K`c?t=g(Rmf_d@6nV#aowX7y)TU#7zSa7di zvMdVAA)$G6pl|6Utgpf2PT|aA6T8EdDlYwUblfo@sdzazpjN4VKzrSrU2q#-Gx3qg zrTzf`noxGyznah?h$}?T^Fn(8E>5ZGX($o{{9@8TnDD#nQ}wPd;)3@jCDO(F=UFjtk`{1 zB}ftTq&Q0XhIOBf0-L6+1aCZ=^;|6m(XobO^OmUe5)aD=kIBiH!$XmFLr9T_y0)r* zm$KiHfpUdwTz)W%Iz|;On=sxOos(iv+l#XKNEGtju4<|Kqf2XlQRfDDsXC?-0DHo) z6j#)o;Q`g=ak}2c;=C;6Py|;sW?V~9?|JN89@M$fQqpf#jR7P72N<}m6K{0jRA-z?Je};o&_D| z*C#+oP{BWhi4VGG(u^^~h>4etHcyfnY8uBx1%O$eJ>Q;`n?&iP-IYO54vs zw0@dWQw%j6ha2}k3>4)I$0Qpr{@zIMR;w|Yy4S90w(^_8LAt1N-`!esT;^Y~c0IeS z04i=39==s>`#I~&)qeR<(R4;Y5Qn((<8e$O!*I=FMc^_#u! zue?>yAx_AdFN_3k;mgGK(JX{n4S1=WP?g@H;*Fj5uOAJ)JxcqyxgI?lKU($cSdvqy z^R;kt)GY}BfNzE-FX84%91jT3mD$9ZXAUx*X9yhkh=#F(-{BJERLa^!s`w4o?O*j= z>`hgwa{gHB-%THQp7|e=)V8+Um4Vz2!uHP3Ljz@kG}?qh4!HZWWv6XoW_Df#nLX0e zJgNPqoeUjP-3T_83_J@8HUs^TCPf-U#ZOb0#!H_xgpoK4P-!6Oc z_NueumbA}qY+L<{aJ+fjPB@6G$)rcywV`c=bu%=ue=h2uR0+89fT0@fB3F@M+XolI{^f!O$;s#vi2u<2n}6 zl_sPlg6Jh)gQq_pBW`&grhgyzB8yV@XO+R*ComY9J6yn^21HjULV9?CY_WK=h(ILDuQ zf!w4$BhFr1tvSl0HKU*XLd3kC{4bm-ZW`jVbOGpZ1Pm?neUjnp`tr|Ok$L%#3{B5lMj-NeDBHIppIqt%tOZ*q&#RQdBz5XZm? zJJ!TvK)81FPtfF}6v0;)jjdc6`t6LPXG~xJNXB^6UOl{c90xLjkId9!KI+WeR*;#Wupo{b1RDfunWOkkUsz11=uc_~O?KyH z{o5EVubqx`ea1yI2f7-w%G8 zOpcB$wNH7xQn*ax7ulV8>j}{3n4A}wM!gq(AzQEgSgqLG{6e^SF96u}CxtP_a<#>B z-R@abB>-k%DOd#Io=CE9q!hY9j2fYa$zy*M0VQjHL*COoQBr6oz5loZtqb_6_YODDVw_OV4DQHM8F?C+eyAH2e|2+qn# zn4;Azg#}))Xm+&$Y(+{86K8!bzH=LFGYqT7% zEq{>ANYhr9yBt--DjaI_D;UW8x)8iM$A?K#B|#GIQ$qYxH90LDh!kzkg=ASP!UTt| z8$7~g?nAtlVHXUpHpIT9V@|73q1u{i=gHSDoxI1-cfLfuw{5~rF8{H$3Ng(c={*)$ z?vJ;roH5O=uza?84X1Nw$5)xENFRAxMtLdY60Voq?Lm$7WNH_!R< zQsK*z5Fv^4)HzDaK0n8LZp?H5lB`{AW8e)CFaawOA;Ml{_lXt7;M6`JDDt794-UE! zZbAFv@>Bx$QM{))nL@7YJhKa>Hyuo9Zr&STzTeqO82@5r(dBGuIF=iwt$L8mMM!#m zaWQy5HV3Bp-d#Y(`G960qcmZ|8JDHB`Dz(XyB2{mfYZ(fgO z@HDPt+{f)lx82^HMZJ2K<0^9W@^&`((|{}Y7k9haNtnDz-qxPBZ4TPm?f25^9^LEO zalW08IKMXI^H}%Jb0jm`zD+=pC#7Tu>a7Fit=L9PruzSv`i`UWnZ6gsYvDBoihs9Z zA=D^3Z*>+nXonu~&o=ZsJX(l~9spC_qZ#RoE^jLL-Sd4eM$Wk6Ina<&hs0(O76X>u zq|6uO{j<<8^d$Qe^~2f+uh?6?4$*?|d=O)zBwNa{{Q_mS`Dcy$H!$1e)IaUo_aD+E zi5x&$m;<84_tuZr^9%!uuL93A=YdbPL}DDx=P8~TNuXt4oD{#&WyH1<($!`rI7hAuRnZwllb)QAac|yc+7|d#wBwq zUVVR@!;QZR{5vW--iuINF1SOox6FQC1Hh8NGVNcVCsG1}VB0BV*Qg?aRj7NT)su|6 zIp1rS>8*-9?%6F&a-?*MwzE}xvUK~mKeyNI=DrEO`4;l!8VYo|J3UD<1_*ip6tn)y ziCz1(g0Me_k>X!G1eicKD7N zn1@hF3abFCO^EE~7|{eI(*B+Qf}h}X2cb0A+z+eWREQZCpo&cvy>Q4E1GL5;hzy!u z4-S31`z8;X*O9Bq%?}o!C411w&zUWP;S6YbNO> zU5x^MjkbEMF8rDN%`p2c=(;9jDp;hQ?16*w z{COUVVYtfkMeh0)B^r=$^Tcl^Mg2jtq;ir)s8PwaaTOBKy#0hJ52Cel{nqw%owJ|+ z)f=e#XMqn$e8R~RxKo2GN8(q$Ml*V+8L!0YWIvC1sEh_(o;bzKm)OG@f_D${(je}b zFsBckYCL`s3$BoL5QB`km+`RRwMVmx_i~uJj2_iV zEk2fV{d6kzFzVM6NISg)fF2ct5daJ=AHVt$C<5?b{wCn-7j8Vf{_D|6qur(NYs(

8E)}cnX^msiY-}8H!nlz{_c0Ni9At#E)1RWo+^^I;q#|c-ZP~z=6O2h{lOCApWB`>d>%S4p_cmc zbSnV5fWV#aEZsbkTB@hVEr7(I(j*WM6i*mmMxM9ZjLv9UZg!M1S?k!Duz}4C^@ejJ z38_BWSf9p;_!qk;3Pg$+1H1f_L&bMR%G_tuqkBA(pepRWQwU$tE{lLkq28CjozUHR z*LL?=FHLJhAOeDH_e2!exOLCmqjUy2b}Q*^AL=x=w{cw_IWjs#pJER)DJ3f3N>6`z zj4!z9v{|taCGlLk*GtrgVED0mS+U50;RwIQ%ldI5OeEZRGQy&rG+VR3W}h9iC9hw7 zfdr8dCy8UJARCPA{6Pg^Qe)RKf|VI2NXfL6tcv3OFVBci=i&G27=5U%kpD-isB$}N zIZkK)uY%~eI0Rl8!gZWsYZel?TYyrqhMbD&gB0GLU;(vl)Y!uD7n zAh&0!N0f2s?p9i`tjJQjM1A2IGulUUc{rfH7{SLJtcfcJDmLBDK$}uK#Kf?ldQb{a z$hOaJB{AEPC0MFK<^>?{a2S*k`>T;?V>ZQF%;`MIb31qTJ0wjW|Dl?VI0z`0+-r&W zWNT4Z#(;KLT=qp_vr~&5TxL!Ea;D;cn8^hU99rJhflFg@O5tJ_N*OQn4LLbXKvK1Z zX3kQS68YOwRuLGqA>SR_4^;tb5VncNx;y=InNpg|pCH)Y&ut8~t>x>Lex-Rb3Ty2h z4cG)}#bBx*VGE3^#sImK3h;PCRtvq))XqiQiq$4g7gwcjwOM*}l93U&sClLtc3)eAwt!K3SA01!ir2Z0SKERU%}O`h+RQAC~Ibjo&SwHY#pL zkT~F#WR|lj6Cf0*bwFCUr7Tyyn64{WxTHFZ8|QI|Gl8%=N4y5v$~Kh-HoK4h{sm!j zDNMUi()%v!vSb%fA}@a&As=b1 zu~RJ{rjbQ${S)=E9Go;{-{mg;mRC^#{z6gh$DTT`!N}akm+Wz@7i*NFF#6lTpE-d8 z8N?aecZp!7vs7LO73*Im21ae%Xhl^sslqa6HFdE2H)(L*A`S!KTB`f1{+4H4@qGAT zFC@eC^CJ**CIAZ@Q_%R~V)f51{OOiYlZ4&oD&ntkA64s`D@0tlg*hEp*O;9|uWp># z))!B=1B%vTF$|fX=Xr&0dxa?M#Rr)YThc`tfpc?3&{v_8U2VT7n z>Wl+PvXWB@o*_1OTY5NbixO+c)K=iz|j5dNk{r*e= zo_VIm;6dZ&!b6}KD*TI!sACga4=LLroD;b%X3REO81q6?sT#CxHGj!CxInphv7B!O z+f<*;mL&b-JU3pdpJ8D-4`NC}#|vj`3z<7cdL=Pzcksa!0ihg(SzU1(h@3$(lrjuK z6`=KS_kE50Fpavoh*EFqh%$-q@3;lQg&Md;MlQ<~vB5?5yVz@pHCf>ctTECGd7TmN zaG=?<09Nv-p^-!5Eukz7bAR=)F+;u$=bSJ^gd-_>RvFIpJA+c~{7$Wr2H`d6<%?@G zGNRaFlzF8k()2nt<)v^4GotB#Wgd*Y63Ndrf18GwT`LmT4*IC9_@MaMDBAgq22oBG zS-iF{%HiN2z}W&w5ho@=fn9oB5LI!xO&aq2e9#pZZzLB%7mf^)*13yZeri%I&fK~n ze(rriOW-mxptli);eM%*V48DjwVwaEv#mny9wb-l^4D0j(+neL zqj0KX9{p7~VGC&S8^F^xOAMpVR06 zd!Ah@_&K2No#k>lZ*K}_oS zbC*kp*|3cu??nUE&+gohi|&1j4q#)SvrR%OlZO0?jom+Fa2DNz44;{-#g(5Y0|svh zOS*xINSfl+CJ$R+=hfRsmn(s&|Nez3`U6v9#&>|^&N`hg{9Q4pq4;ibG({$O3+R90 z5d$gXx;Y*w?X3%QAn6|#`OR{a+92xJhM26qY>x|6!Ir1`S&yly=Z#HEfytMNK>Pc9$e5rdr)hn{i^FLTR1l*E{$KgM-!8DqSi+g>|nl zTU+3`0xLDOz0jQbCZNGWK(;%33Y2MNBhNo5h-;Gup7BlJB-^F=i9A_*p4)v;|Jsc? z!U?tt`;HiX^`(W$r@}{~=Y9qLYQZ3Ho!mI7$z$Ju*E|n8;qQiNN*eN5n~P|%>yO`~b?s&8UivjVk+kWTJN@ zaeiyR>ms8&Hv2*+ZfzaFG@+lLBDjBZQxC34{Xb0I^;Z;+`!?`RSeA}m8tGhM=@4}3 z5R`6#rMp2X-KC_vbLs9730YE70Rd?+KoCJtR6yVI<#W#S!}A}^nVBC6ys z_VN;$1fzS4Ukx&Uzl*+}n;nX{Vb6iEdF*mf3m^2?p|$aV^2zp&6xElLPQb-~WDizx zEZw_qIuV?!eYK}mWhZ~;T!Jr9f=}Q*`)4g8x3=CqdpYI4?QRh}U0_U@%}1P?I#51) z9lDc2Q@}|%wi|&bod+;MGI{5T^qdrbWQupk?W*VO^dPq$Z|zJZ%=`<^VwAtd=m-3P zEuGTXIX5i(IiCM!*5bi12E-AMzR0sVrsd}as+3Sio9Hbl1DWe~#DoAH64wvk>KFV? zAUtv&CR$8<%pgw!48!uR8;4a@y5CC9C71CWG$#2x|^Knuu3x>p9wjd-Dg!DR}-9N$)c?o zRpEM{uxo0n!)?TcY?`J@S0Pt-;EfxG;T|$MU?>8(NxUkO_VA`|8qpE9U+eVwouVMI z8q|Gs{BA&|I&LDGNUuHoRT+Q6z%E{}h@m~drucjLLEI{V(_%`^Jtt4} z!;f@eVhmozj3cQ$o5{99)ni+_W=e*IlSS1`jvv6ZWG??QQ{<)=xA(#AmJgTSMEdzf zOj||2AP%Vx6#uFx$d=?=4x(Zz+(onUAgEv`A7gP*cg+%Vovqz7mSHi&EI|On78Uv+ z+>}lwe?_*t+Xsp#+>Mdj?vwNy(<905K;bT4nhpSk7fxiKj%m02Vh*adOULn~>W=9y z{VtB~AWBS7g;za_u1aHB&U6smbj3X3CUf6o`k(y#eLRw8>0m*44UA^pF=W`GVAS#Z-X{!#cp~^9s z898V31z$^jZUf$beKtL>kM2==8GUVJt}RU97Bj2FZe1*XL1A_YZ>`)&sROwQd`66?pi;6_WLolXHq35uO|J8yDd5NNaWKWF#r^C`; zhpfrCn-veoI3l}^Ltzl`GorzXPB3q=PF75~GD?V>Z#OFTO~LEpW+5D}jd0B!-9P>w zwMH|w+hc48ha_l6URf7Hi*R5C+h-MABl62RtsB_n7T{*qFY>TixDGX|4YC5YQbo&F ziOgl-pJ0WnWXPaC4eyz_?_XV)b{Lhb?29z0?jtsb8+l;K1?#2$R=mf6wBj zhKQJ>6c<;y5FTzUUZ^WozRI(YJ394+h_CzmH4{&koRGrW!Y?0w|CzYSDGIZdg`eKFzhW#G3!O?ZGM1&LY#O&u~i?V3rGQEu;b zOvr)?DAjS(RMn1sO*6kdXW?HdX^8LWh;soV0JORb9P;MZ*Ef>p^ZXb@I#8U!yRR?` z@%Pzc0L|O!qXCC^T&gKcAq5mnDiFPTNA9SVf1dANa{^H(AHuj_(-8p0-s}9B5LHwO z+X{1x5cw&n??xAPy9RH;8y97D77o2VoEF}yHh1~wJ)6Q>|X?d@~-$fo4Y(ihz%@ zEdrU|K=qbSie7uFU%%!PnJ>KfQPH3aq@;b55bSVE>^K@X?7e7dVrsTyr4yGfxD0Oz z;5gwgj3dfoPQIK7?0W@&Z`y;mA_PHany8Y4oBqc}S^E*1JFO}vv;Gmo=PhhstbAcD zEmH2w-H|E~rG5Uzlfba!3p(7#Op@k*VwF}ce>if!AvLNV#6MnS^^A_S zOyt8%QhCf$k~C5P3W|1Ff+{VW#Mey@%2WIk8GqkZ_(MI5LyRw=%BMurdt!_TGT^!O z`)tQUEp8pGf6m6FS94Y#lh z{vf%>(t7&O&o!(DOWkj~r$p&NKfoL73cB1m`z@_s)sYNQl?rSw0cP4nXqi*Td9Z zjS=zfaz^IXojo zxD7`gGfxLC-p~`i_&V~r=1A;Qa+Os_(IUN78D3mMQo_`*l5JBM*kwKXQ^=Lc^SP|r z=irmDAL{R>F`GT3>m5|jAF=aVS*)^2=7WSO5d09K1r(Sm+5KYHMtxG8c4$uIFPuat z#=O+&&pbUhA{U|bn3mv=Tmn8S!%E#|4dLpFE7Pp$3L#5t1)p|@r{7Oz`x$qHR{7LG zJ!=y*xa5GapiKt|k2T8{*V|Hn#nJh)yBC2+6eM#u(d-n-Dv|M=;p^qKso^0f#j2yV zU9E6Mh_m-a+#`9lGIV@diEzQ&a9@QtViXqkG)U==-zX%7Jus#5$S>I?k}*f9iB~*g zH1$ti8vNbkUs-0As?kDG-1aJT(zAjyq`OKlr0-^Cd&<{2=s2;RUnE|rXT4qXSEv$4 zjM@*QV=gQFKKm9$ZBD%Ki`9s%75N;MR-D#n%LZ%xqG5>0;byR?nKrf>vMYZTHckkL z<2(mR^@T4@S86F%9qH5BZ3z%Mo^!|-RPnl8Xq(=W-Id@YZe>ax3+9%J->iU z8s0t~v77yLB3q@_1hL-hg#-CUgh4?+W?MR@U4amv=-;g!X|9^JaXek7eMcpbKJt<+rHKR)n$GwI3c zNeKTgVB$+G>pvz`b5;A(GH;>hVzWzfOHYn{LnOMK(yK=#s-nJu!N|7O%CXg*pvo=X zbspzCOWt=rOZf!5gc?mY)wkC5slDUltwtx6|)@xW^6EiJZfY z@?c_Et<;3)qrTOG&=HZV-(FwEpDE{r2nk%XgJXbrFd35JF#xL?OZG!L=z_*U9Yil6 z8~?cdJq`dw@9Uh>I!&f`I3-Ajey_x3@LEnQg4L|`Z0pcu^qR@}Xy=`f1Xi==!a0NK zpoBjYKZ;rm>hc`|JOTyeE!5PYmCkck!p&VMOC#QxYdkImWMVWKL?Rjsagyutz76oP zc@cQHl41?;wH*w<{3Ub2c&a)~s)!8H&cJ|^;@DZ-?jbvLv$?HvizC*Y_M|KvJXqtV zT@DQTQm-h4y9D1n)Cyh*(oHf$FSOZ{b|#u0nIRuyVdXRmKxmihYp1KZm1FDvnS#;d zKWu%r#J6Nrw()@QkYgClqu;OPD>PG?B+N@~UhIWtx?(5TYETR&{+dH`PsP357A~uE z9HJ=y2x0BZk2#wCW<=$z(1*ITA`Q5&O;RyveD8Q z4PkdgJZHmCjk=O&a(0BtV_97Ss4a0{VR8AbwY5Vhd**slR0!WTc*dtq0J7P7uuD7S!gzKzw=XB*e(3w_S#BM;Rl#1a-LLyD za(m6)+Y!SwQFaeQw{O$4p@yZk{?iqa*LL=D@Ho6K9ydFCCL~5uZ23~cNadOFf|aL& ztTz9VW0%#bBfTbK#>6Dgcv-ER+@b$idgnyU$I`Xr(Kzy9P=fsV#l9u%wZnRbv~7%e zO(7d8pV zCpCsIqI)v$W(u(amEF$Vh8tj5>{T_2^yz9{iuPc^=;Pybr<(=cj8V zhoYQRIaA4Q1d+Fhn+`;$9pL6G_KRV3oNt3ArBJ6-Bqgbv<7u*<3ApMHjE6}<;R7hA zcWg6=%G#nm&O3%H^6y(mvQQ$n?#O_J{kyQmc#ElI z)x+cSDvp`2zM5`pT=Nr#_uicHvi57QrzSH^LLHz+Mu|wT!jM4$y1)!XQ<@R_;ufVM zSytX`m08FS(bo7>Ac3Mj@rft` zk14zcEhVFZ6hJ`A>bJe`^vnB(84J+wd8_z$a+*8O+k)XM>J zy=s!t-tL~=_F>l1&sQX|?-gCfni(G*A|^}qi)!uV^ZaBrR@<`_3tmNB-4nM4QKzjJ z@`V%mkqlM8X5JR-dKjUwct(%-3F!{QTh0WBbSk}Z&Bft4J43OkF|dV7}|l!3F%T=N=N*! zc#rO4cgG}|rI3^US#58|!N(LdFJ*OmZ$|ROLQM3K%bCkv>Ut9-x%7opz2UTCnp>np z`TyNSipWzO^qS&kQZqaCPZnRU0n655z-V6|L0|uxzWIb(+jD9j{Tcmvu*sh(@Qd;% zl3U0*YM-{zOe2kpKDyQR5`55uao;CDKFqx@t?PxXoTWnba7nZ6aqv6t(VuTq`RF+^ z(rNNTD-lA^?5PKQ|2vISnWb<|H%~I8I#Z!7bZ%A{Ww!K;6>d1Jzg(0vG3BgGHr8+) z;5BRak~04L*v6HE^@11_WQcmUX>ZJ=FhYM)FT;{oByf+pyDk!zGsNc7tOA){1xx*! z^mIns70ePm4~)Va_fssoczo}FW%=yoYJ9Z%>Zf(fv2ee=ga;W(Zr$EJsPaM0dj`jZ ze_}bIDKDEsRzFGge^|zmPG(fs_y+b+B7swN2$Oumn(;1Heou3j;mL z@hRz|wmF|3S?q*5fX0vY!}Wg>l$Huzyu{|{EzmrdD}cE{StmI$UiVeC)9CbUf~0c91%~;=9Hub z>-%v`7Qx$NmLZP%LBryr$tAf+LJB2KXNfkKcPou_d{B5V$#3s zFTQ4fPre0Ee=!gyU3$-)Npa_|+B=dqK&9U0$h`rIw(q;5qc1h1`zT&^ed`kQ`_Tnz zt>W#GtVdXJ$rV3C%Bvu%FhC>#Dg^(ws`YDitk-Iu%fSVZpQ=IBzvdrDri~`Q^M+@xOa;9v1vdLXiKL9B|j;?H!PUlmD zq(41556J>qS{sC95s+DdF}#y{hMVV-{dy^nS|FfU$Hn$~K3}%I3KUG+?tO-Ml?0aG zMUo#Qt7*d4&uBTYkoOYs8z(xR$d|B7J4t}{wTUM#1dq`$ON>z5&S38U^5NGT(i>O& zC6FxURkDRxT5PWPkdjB3<}d#Z(dCnxS<^}KLN4R+NZUYpJven!i^&pWkDevfvSlQd*l-1CUZuYt?lUr3>r8xbfGDkTw0 z|HJR?Uay`miy*t{dtOs6$-zbTTjhMlySxv+^Vu0GbfQ7~I7N*>>E|Dv+p;9aq6NT` zQpN4^=dHsGDiro_#dTWUqvjABS$D#-V6R$)N?L*C)PdLNuXhA={Lce13P3tXX}bFz zdbPB+8KB$RS=(%Kj8)AF+zjy|378CtdULBq# z(Rnnb+K5i5Hm&Us?#Ox})ITQUYe|_wG%>+*9 z<~eOHK<7{Vlw`9UWGVo`q1(godds;H*twS^Lu2 zi04WeLGH`uI*Od@%%Pkd-zw1_cR3hZS=>8fd$36Sst)ZGewQWjQP<8l7nNtKSr$yD z{u3qh!=6&w!A%vxk;@;Qq|)4}Zn5lsO$qkMJKtDQCh4pZ{yW^g(j=Cz8 zky3@b>XcMT6su;3S4w*S$>=CLAi67F$oYLvxaJ#dX@Kz1(ti5)u&}u??)bo*Zl>3C zT7e9ZqMzOyLH2o44w*T~{UBhCl=QcA(N?LDQKyjVo)CXVf4d(DcsJ9*>4lh%$bQ3M zj|7ir#yq;bNAmMm+&hP2A)`NSR})@g*!PlBQt(^=Ur`Q42*!l`+<5eRxTrB=8$dS6 zsA!cJ{Bqght+`%ibmWgFoic{%>$aQp2=~Yph+xpLRiL)r@!;X9(@a*@~@WsUzztD@8$cvj-oWy zrDVd=+764KC0YozKDqQ0ahkp>rX>+-;S%|nC)_`3q@aa>JmNIjS#ec1)k zx#-ll?BzLu?ZFtU@9}Rt(sowT9uZT28?#qhm@dXU{ILIqT+4f&La%d?aV)87n*v$d zW#+`v!Vzq*Gi6yEwmZISTpRZI3pbOM(1i6J0EhN<4A$6r@F;OpvI-(?x`jPyj}O0Xw; z%uuo+UG<27kjH?kEKHU1y=~w58eiF%S>;<_@i@5u-sMczz|%6_K*f1AkA^8LI1MQb z%YWy{#$+W893ZbpUziB&)h+wev}Xq1;-d3ds*eo1c{{Tb%D1|UXbi@HcGuMEdez4i zBVqO-KSRsjtS1=?3vyu*oItwmE5yVF;;}t4k*ofF;-FhOmTU6euN0(70G3hKFqK8W zT#GMZH7e9Zfi$RrwZHwAHO9HCs((G5@ko1=rBnaMJu8-BUESmu0&JR-v<67G9>%b3 z^*{alz>3{GJ5)Av09zUM@mG}Pi`uuWH(&KyIT(f8-I%?Mglem*HOu>1{T)f?5#ro2 zWq_`nFGmf{$po%4X}f9N=M9cvTZ8WkorIE*4=?KCEU&c>_JC zuP^qJMsa8+@yA2cbFdp5fgf}EKK?;zM2tyww(rP7_YKDfGs#A99k-b#%;QQ+!YB0O z0F#B)bL*XsWcD}syly!Xw~5rYX2=c2ZWNFy9ay$0uzUWADlgWmj+iG?ereY+MsAX8 zJYZ=J)DI@Y%;emS_tSR-h;NFszrSdD!NfZ|qS{QLSmJ!`iC?-`g3!d1ZW5GA#w{!{ z@;{`!-}dP7xD+oKO_Q;UGRx20!Y>q=-Ys$lza;)t9BW*wo|TAPXIV3;xGf2b@Cc?R zyaSF)ahM~vl@-UnjoW05bF8S*t+lXO{3 z^j19o+oVQr1(rnZAfv)VFx>`=v`LG5sGY1JG0%aW%l~%NMo@`2;c77gUbEVlecP6sVK26cQFnO|9GI*$1V)7b9 z^&w(kXK?@X-`A$r1EF_Xu^(FlX^Ue^@xFuYhy4k6OW(O$l8;6#F7GwcDu`A7>%9hG z<{C@)tncJ%-<*g6hK9)f@NxzV6$VW#?S5ZvCC&|Bh_orGYoJz$eeyBsCH4}Pp z_xH5Fbno5Lh0h%4dj+%X(%p*Ox#L000KUS(M_@V22e^dNt#+x~wh~&F;BP}RT%T>R6kHz5YO&ZN)a59Z%&7^%{|E(kNtL=dA`N~PM z&FkG>8-0=FaxFI9ARwnfyj<&O9F3H-qVbqRtIwdW_tInoveD2dJAL5LSf@Q#%yglF zOhii9#3PtRBQ~&>t~|~6KEDosw}+&BX+*k*ObEWYt21ga5_ht>H4y&i-As)GI9bPow*{8-ADoP(US}z#u%sxl)L&^gR%?e=65|q? zJDlIOq_Cn+|NHyrkE=DK$^_z>4TwhH1VW||WMUz-xZDxX)8-_%eXUbaU`9cXexaWA zSX0B_RuH3OX5#XtyUL3Ebo}#h1cGR`WBS`WXUE(z!F1)R;>o0=AAkl;u!Y_~e@81O zZ@wDDn$wXe+KQV@u-piK#6>P%KZ1R>kI=AXsC+oNm{31hO9a^s$ODoktYmmnWa5Gy zQ*ViJ=+QFeQq(h8U|mvE+Eok58rx!B zC)iqiTHQ*_JQLAlje56L+5B}QkwMXmQ`Q6RfPO2BgDM@4SA@k^e{z zSr3Id5ud}kem9gc_NV)oCrgijsZ*rANoWt8<4W7}T7J287@<{sJq)~>qu<#l9Sg0Q z@O^c80;3^>?BBjV2x$Zv%zwTq^7dC}7J$JM-lpsxPh69UotxC_2$XAo-*v)d6y7^` zXt?;`BnAjA47N>T1r^>(>q!TpIi+8?0$lo7Dym+>-llZ@ySne1^Y!hNUcK46o^(!A z;Wt*LGmXuj0 z6a0i@RoKO|ZrYRFKIMg{%8v_qSd7vhqoa5wkk?afIH*ScE>N*B(U*!7$*<_2w$4oi z!VT`mq0>OFZTbHLz6I;b8PW}+nb|T11#hJ8Y^8Cs`Ga_abhq0Xq3Tmgp&jy8Dlm$= zN;>aAg*y#Ku1~*ie$O}8rnkUTxErWR*JMQB>Gcs1^8@m~l4r>*fcPQ5+j?Z$L+MTM zK+WuF+FDhqUvqWQ7Q-KfTMJ}CUB{dh_O^%ygBVId6-oucTAqjR?tyF61)e0CKk^uf znq)|d(7~xl=B>>Z90rz=Wbt!Aqvmimlz^uwZMg#TXWRoSWRV7=3JXGN+$b#B0kGOb z7pZ=axIlVGTU9x$07_DqR>nI=Fx9=rEz;%hl>rcS_eif^kv^6pmz|HITeOdpK9?*} z*B(}Xs%TgyAFEuC1+gK@Vd4D7uwWYZJLDnhQ5rWrn}rRgwS`8pTm-RzuzK@_Up(MR z>2fEW8q1PSjP3M%?LC8OBexIW<-ZtmDQac%JXVvZ?e7$EyItAk8+q!MP4h6lf}o!owA zlKN<@v zfV%zvDci>|HtjaTa5Riw*k-b=eDoRQ8Jo~WrF}}wgH)yWJTzqS@(|8MHl2>D8*jz9 z!A594dQ?&%ZBj{c44hfyPeTKn>ZpD5KV{oF9`Y(pQk%U43$ArHt}>X?&bg`-rix}! zb{o8eLg6L;0E+)9+iT?%nI(-35UHc%ooPqOx9J*I@<~ojAv6m|mfv-)iq;RzA4R zlvY7*hE>hs;?B_LmFh$u5jtsDP#8asv+MIhZRI`j$f?ncO?Ru#xJ~Iqa>k8~JJ)gj z{S?NM@{*Z{|Mhci%~<;_sb@-Ee*g2k{K3wf>srzT>-@Zjp6(HhP@{H@a(4XC@CpOj zgB!V+1>U4(?nR{>Y#H{0ua@lzCmq4=DR1sUIz5CepWR8u{&xwvA;oGTlOt*$$t+Fq zC#D8IPS4Pj&t71%_G0?9LEnPoZFSw*EO957J5}a zjq$;P(_4QISsg*3ob)`PA_-}|%9pCT4q+sZp!I}U+fW<PyT-e%pU-BM-H9F;U){%eZ%je!CcONpqiW0NFP)?W3r$k>FPShbf;d zhbSRlfe$EYY))A`8Q9$EF?#4R(2Bo@bggr;kS5DPH!hkKp8p&|RrZ!N2raPpKXKq2FQNx^BLeFOMZeSH6iD^J}!&gsa5 zq2O094H$2KV<&mTu5RE=9s9ejjg(g1J{kmfQvosSP~A~UcV|np^^e$X8=)21UEc6< zQX0Pe#TW4&PbnWS+{cVcsx30f7b9GK89L#8G}rOU*MO0B^K~bb=aa7=gq&vX_O9&# zes_e11iDHj(GZM6#Owo=0p(CFmBd$mXneCX(e*bfj_GSW?+on?RE;I{a71_G*%`nP89R@Rw2HeZ|JV)#DeW|bWjcM6sz)F&nYZ1lJMl6SaAa)b6#28Cn4bKY6~}!qBEjOD2O zG8hV(GwNH5`qc!}5qX03(xkPMea<{_p`>zi!1F*F8qz?16qeHu^Cx8FwaH7W(mx4m zFn_=^zJXzo{M={d%axcXzn1(&0V87J2e0t9wL%a6fRL`~^CzL@#-bNx-%3xTS(J>S zrV&m^!+m^1_Dwq?OoadKsUE8zWigNbYweE!AWg9e^-J)S?#{c{taWrXwRkYym6q|X z&6`SB0^j{d>(90KB%k7|o&Ukidn@2`Bu*Bp%<>5u-_}0e6>yZ2s4AO<9m_ge7Nogn?ahi4x7gHPT+>@VY24}uN7PqAUg*L8eiEUJOzlF22Q$X)-7xIw=3aS8K(o}`fG1k)c68)p| zZf}XoJ-s|qxhr8KuTMElA}zm9FJ07rjt&M&uOhlR_Fvsf=j=L6X-{6>7=--=bf20= zN4Oi2+L2wWwO|64AnqONPAE5m?U7=Q(@M=IJx&|pOTBj|GfjPG!q+d`B#i6Olj zRgI{bd{cvGYeSH>$gwQXx3LzYE?*l94WB_{)e`F|kU8q{TXg@Q;a3_yB;N%+DSmT; zbR%&ue~Nx()=TW4^U&!`tT%ajThDu66o^D59~?_Cy=rgD{KO2efB@@J!OsibMm< zDXF>>1Mgp}gt87uH++;BVA=@i=d;sfwL$P|!FiUahjf*(6k5+i2t zfH$x1lTYFx*l=ywWt0RtPk83RmVTZN7J+~Em3dA>s?EcS>428$iAyn} zUKT)~cnyE1$G_f%f9;5VJn0?Q%QjC6q}pYJ;6PA86b((JwmeP6FPvQ)P_Zo@TZ1>c z2xZi^!RE^4S=d}g$HMKQ8oLP&y}tiez?Bw>HLDAV*UvtojDojE;Qdj6HsNAt}*pc9&J-308~u(V6Fq}5g|7sxPd}S=v$!KV?0$o zo`>jjX^a_)^Ry$&r3T~%nOQmsr8?K;daZ$calZaSc_)wEf?pIpT8(}IOCJ=x|AY)^ zOp_lil&oqQs&Sc!2*@ZBfI0zgluR;3BH4=0jUp52Op0|j$J1Zhmp{V_UQgxNPXeBs zl|HWt+?L9mHBJ2RETQtTv~pYO$Ue>7MA1OOvpWY_f85MRb&9VZ7Xx%c2|dNFZeZOu zNWBZt7ekVPAxX)HuY{H;a*~!8gwXAVGBXuyC?t5AVO(;ccEpU&3a)@xvB#ESLDC5y zV2{ZCG@j-a1tpXPGYh=Z3bv|E`}-Jt&72=4lspihuc{bNHJMM+2e?B6b)tdD^FeRO z?;E+efk=h|kef}D<=2Dn3&pDNk|Mu^$_E2Wb#fGBJV~6u57MEgZ8gu$fVmdF@zn{8 zFDfn^!`^?6<%U;+4OkvC8_C0qZHFtb$$&5wf_Mx7f+g6Ul3=epd`h%PbTK4GnCdnH zB)0*Aq9H4sCUZi^+6t3$18V5dHDaW-7y{r1|86LRs?(GB+K1irqMtH*IH>r2FxhTxt~~43?T2Og{IO#^BN#+ zG-P_G$=oz8{oQ`XLgjn zYJ}h`Ew!3(lWD-|`w)DST3?%KPt&Yb_P0e6E6#d>HGRQ3TZ z361K1_>Z^+`fIydLBZFq{-C-fDV}0d^6U_UZgbCWs(aZQ%m8Y8u=oE&=Nwi}=zKk- z)4s=r2!4UR5~o(|&*wdDm5y z)TR*78=azQ519ic1zL7#cy@)zzsS1I^`3b2VzxYKyzfPHL2-L$aa9qtwy3YZ2H#{& z(aPF?BXhf0_iu*vzi1@0X}}Ay7A&roUl4r)Zp86);^a}W%PWGVTT5#$ti%$HJdJVa zi+_+Ww|11eUQ|@X^P(k+deg!XQ0<>pCZXq992oL%3^r^W={2a! zm)9%g=p*k)lHs<&lf_36gW{i&w!822L|l`l3l$3jMqi@7##Q|pVFf^SPhn>>z#BvT zh6ujsA7#7ofpPG=6k}c2oMZI__|7ztiNysz6~J_pK-YtH2t)(6FlyvLw@0UC1kg;$ z#cE)@=-FV)MWS7?En2XWBSw-_X+*Cm>14EQltX7Q9^xT^Ar;sM%O-mKW8IJH)}v z?IFWz8ZWLHCk|z3`lpq*Hi`&NG`ZxV_ZQg&*a&~>g3H45tvp{1qQEcP`c?~@n|EJ1 z5y?8+$Z1nXyF4eyiJ*KO8Dq*qD#g^c!eHfk0OwZZSL9-$YpnY_;A1J5Xwzw0%W1|N z-|ZZgKkEBj$ni|?kw0ukr~j>zvWNe7{y@yg6e;)9iwU9*;0x=#t}?)Gx7r8;>7F5D z$27syH$yjPOK3TPt|=><#VdlIi}Er#W)>mlo4|M+ z>|NtV|M5mh$>5e_!q9kFIJ@HuxySt;U9TsKerX8wPEIhtS{3Hw))I{;<(z*xJ7U5K zD!k@|8v20@0pw{k%gq>)G+eW55qW20JA?ANE&JSAGklFShjS1({A0a!Fx&ONe)i_{ zcdWas8+Re4gXFF*B>$o`5;murH(yL`e%E&IzSx|nbV{Ik|Jn){}-s+lT;H`@L@dyQyCSdRKP+n3CWwT~#Z4ev2|!*I%abjbNzSH zXmYMp0HnTxnbMp0*PRd@` zai-0au5{M-m9j629qpWLokXDNP++|G$-Y_c)}T_~MhUdM4=jd(+#@s_m4A4bIBLdj zcCj%#zB_vAz22}p_#+F5Dg(^dSvKj#v%S)T-Axh47P=Y!A2JM2j<$O4Us-IGwnx15 zarP7Y`e>l3AcU4nZ{@8^M z*V?R)F)H0{d8VQLCZ&k_sCA@KiuvlU?3GuO(^m-aVfwY%)1TDTG$9ZwUW@r%l^8No zloJytAX*Vy^_4Rqk(63a>3)fPu<&%IU=owUbhXPnlvbySVgQ2%nQ(qSx}7j3WGc*G zc1;{ANB$4UasK$a~zO}2mawh-6-2cQU-CCWa614D1&U?eI5WJ znJtje4&f{S003kfY5e+a0JSA5=GFPL_{oH%_Q2qvDqi?CwRUU3U|4WtwQhEK%#b=? zmdjjGVfM^>LP9hfExhV?_D7K~akaWxSKl>c`i+l!JNRc_4(B20EyvbVMBWXC3#-jl zJUo3lazz^Y(~R>kqyO~?jasq<2oX-vG3isMCqwfXk^CYYOxg-jJ}a+Y{kguUB_n^5bxqdR}c zI=)%_KK+AqevgtIXetzdIIuU(^f36*Q;K* zK=?cX4=BFQMm!+nL0tvT-_1iF#(`*XQQRE(ecDYXtjXg4adg*jO}=j*z}IvPw$U=W zaioBVqq{pD-6OG<~*AtDHl5CH*61wUxi62dE4*9- z`OR<6SxQj1xja<$5keppIwbrTIACeK)cBtyb}{_STNxLj!m{JirmnQH@L}@LK0lB# z#|&^QT?>(XsQ5{V2wxJ9+m8Y!`8R_CnkJq0Bl=>Of%`WU=<>*ZmeeawlaPyjZvtx1 z4r5>6K(DoF!InveaE5rWV|bB`k?Gee=L7T&S{~K8K*5`-p~m0u;Cjx2Jl1-P3WM}Acc)1ZV?Ny}%Ww%iv% z=`I(aopp%go%cX9Kwl>)4nM;n7cC0MaSz$fMVP=*?K?a@Eg&27U1-<*GmChUYfMQo&cR7bp7Qbmg^t^m-yrt z(y`SM*sPl-|LxT1!medAz!zg-od-16O~jwL?4;=3mw-q&3)5#3oqFtAlI;($gn(gP z@#JuFcH_w-=`zu@)MJUj2n?NYI|%hUrpVxoOr=rGsApgw85ZvJsO7Ayq;0iGsE$Vo z>THRP0_bxsm=Q{&YTkC9s8uDJ><)5IRL2kLzz;9R(!97SdiU9e>IyvFJq!a! z-f&cu>r^G@YQ`Ile)#0hm)>}AR-W+3f=egWD3`b6Yx!BChGY<`3k0^mhe0ZH&B-aQ zx_uMYRvlvxzF#P5+oA$_V-i#@;rzo%S-_^FZFgHs_3LE9vV=T)Fp=Xm1^A*7841G_ zX`9@JNp<3MtlNqWI0=PTrNi(kTP@kr5y2lQaJSq@qf*ip_Wgc<&2qM3%%7-bVO~$0 ztII7Bc>*^~#R2UwQvpEE#-IU{ps^e^OiZvsG4o(U_%+u2aq=VV!b4rQQ~y zDt#NiW6rw;4vLm{*O7uNSCVQ>cQbh8EktAouYsdKJiNW&b(J&zf#sv4m$dlnjDBQi z^w~hJ7zN52DLSTGaS&!M22oyGBc^vs3F~EivTrWu=%DmnJZaHp|`K>@45L|jy|P3!z2i55s!)LI))$KiurJ{`#OxqK5QUP$O1y`?(`%^(G zrV0!uJ-gR%_w3EIAgc>H&bx7RI$s!inK)`$n$rPn$(<^G$Fg>o$=$8}s1DXB86Dsk z7F8`K)!`upsk5~EF}#cNbVyM*_2xnPvAu0m=8A6D=Q*D{rRtw=aQQrd(J%e&W!|dN zd#F)c${&dVK9DCo`d3}~aBjBf70|cnAi<%t3yM7eaY(9#UQNy4sAeZ~jZXR)a2_{$ za_C+TVo7rRtCU|ethwJt)znx04%+Lo&^u_oo8JBD+Paucd%3FnuB6QALHreUDBHv1 zqW!;zpZT-bzuBLYE}@T&R@8w%cLA*Tp1yQ*cn5L90H^Pk0UbiS)kd_NA#Ak)XRY~y;cmo|sZ3A8V=}d!8RFef0FO^;gSoF+YEe@BD zb-G}60c5(?9w%D4OIYQ{!<{Sdx!JRX8Z*dT=PDfCSf_M4BKqm~3Z9l{g&W!|1qzx2 zfrUS`1qI)0?9KF2>F=uNaTTM~Y2&!BbET$^trB6~n!K}`vV{PPwl^m&&CUZr1zcQ+ zidI`7Np~}jl|fD^8t(NKsFc{x-VJRO(6F9Irx$kj40IFxHTWtn*+xqjSU^k4RTbNN ze*{VnSu@>g!yxZnDM@*`m%^o5q)o($Tz#$0L`!IkXuiccq_NaTMJiTS+H!Zv))HfyjUX0 zU_L&qd5HR&NV>4V4QinVolvOD)s8>cLS8F`pAD`3QF$HP5ux~wuMNg)_|E36RI?Rg z(hSkXat?ax!dL+@EcBNu<7i=lcthQa_cj2S@$h)mlJO5u{2O(ZA+QOx zY)8LedV)~fFs@K{-QoJhj!pat(bz#s6Jivj!@)ZY4B3qT{2BVlB33sqd*TGss%ZL1 zs5g7CziX`GQ+Cp6s_80;5y<-zf8Y2j!S^^zj}ZG;(Fv9_X!>#Okf4+pW|T+C>? zHEWmp!hu?Mvh`;&NZfdm4r78ZF3x_Fb{}GXApD+&BuZCAR_`avjLC+ROn;F+EWA!S zTbFZch6Fc5I7?qGw~zi^H|LQtqW(1>z)XByQn!e{TjjJ&^F7lEB;8JhH3ldFS!i_nq=%i> zJ^G``eRH#7!*9;UWj%%$hBtk>!+&0h^><&^oPOkmekwN}RU>IyTfez!Yj8H8*;EW* z+$^c%0gOai00FV=m{>7fC(`|*2jxLGFdd89V&WM!`>o31U%LaT^EE+zOf8KOLIG_< zKVK)kIs4qo`!|+uper`o9@q?0s0Fg&3mRfd-Ed!m(?5ry6MizaNS<1_Z8}?WS$ai( z{4{Ixi`QvT*Qv`mPM8(QBMt&7;{-n9AhL;rWG9%9?MN6A`~v4W+b7!LHaSw;cFTgk znW%w}RRoNij6jnZ5>g@;d^+O;{o;cU4DPDRQP00D5P?oMoJ;eS?mWuxKJn&R&AL0O zAbIi#e<&XX8s`O-J)q3jVgFDNoCgh$mH5OmZ|X!jVUbDCnO+5?fCtNo$N9}aab$(& zReiRqg}%CFC9!Lv4qmc&m6XBmqKaBH>shsXAUF7p)OdhrLC;;Ub^_d7<_p%8$YO*X z;B|g#3(WQ1!mH84h%Kjrg37e*rud5#g0Wj1Z}h681L?x-_f7Ayot&^rx1u3cXDNF3 z@~CorU9n?c{)a^V-hS`A+}mNqUv|vk`d}G5_VS{10rzjQIqte=HBMH%pw*PtumdEA zC&?Rt4d&z43ghfqp+W!FyOl&kI~1tlw9xK09-E0(!l8|SN(a%9$TSREKb?vC_bU2l zZ_LvHH&Fm2G4@hebL}6epMM6Xj)??{Jfmnq>*?}-6@V=--WE;p{TmA zuJ3oH-C!v%>tfVZDE7?9$IY44^DIF2K{8V^6lV?p?2q1Vd)^Q%@ySphLHv7u)Ej#+ zh(OsWAE|Bp_-aNX_Tsuz>HT`(QoZ@1CUHJ+^Ba( zJ=-Z7NS1WS-Fu%hA6#kv_&hs)*{yfOo@eNX?GKH6Z}>=R(>J}!9KREr=e(N(l`d>z zi`X?O_`lDet}u|lt*H#45~vR}cdk~iQk1OyUsOjV2l;)2Nck} z1zU>I*iXG@$8q~2I&j0Jc;?e!SCx^BHi!)tc7b|(ly(p9PG=Ot`{F!r zo;))V4+B3888AFhDGH%XFVegt(6R3RNIRf^yp{KpSoTZ_{O&rt0hsl+W4Z z!#;Y=1&i(^n%AM$SSVE*0SYu2PnT`wirI?~ zQHFVL`WRS*Q-d+kV>Vkm1jyow8^;_>mzBt0Gesj#?Cm3FfH^tQxZ4kZZ9KX?TIk|p z?g7ceb3_w<37x2a`L*|NsRXX$$bmP(gALFGK|f_u2~+ZP%J~m4RWK4mQKEzeLft~7Z`{u=8PSCMwCN`J@8efhQ!hG19iFF*f#+pEG zB!JxlVsi1GN#bR|QS0?T553Nz4`X0%0D1hM&QC7wz5c%f38fi7Bwvmy8~`sEai0w+ z)e9R(($}e?Mubcn+_43-sl;CJbwEzqI>k29`QiRGFlRGlwG=9U0GKk5nclcLQxYGgOMhi zwxD%2gdU1Pu%fZr@eF(#^=Ihpww-kdswBSHG{+$-0R4%*KLOPj>LGL(ty&ujL zW2yB&Z#8{daD|6;TXl14QZFmheH-!I25sA57M_wkli{cU9X;}Q7nIUkoWG!_aKdpjT0K3HvQv@ zNb66QHLX!hUPO-h);E`GgS*SL?6NfnxRUdTjM8Q6N6F$ZPL51u>am%o$}`#WrZ=_z zDmiE`I||d$l_gd%O6CO}5E358y$uU$^$gJvMm z4){+MWf`LD(2@$!!nqp}85aAEF85?x(Muupz$4+p7%o?LLX0@|f4q05t9Y&7p>DEd z>shtY<78m_=-p7Rid_mSF6A425LXBU5}iyL=SQ?76W5N-h4SqmSNV2 z77^<9%F<>Q#=~84IMGo&GOskrNLbQE*r!mS?|j?vX0Jm{%%n=5^a14{1Ocl5_TrkHiB%+>4m$n9 ziLE|tR86X(aDkq?k(L(+Zn}K72(laK7u{)gLl~1=URpw)YrQYHm|&HSwHn9Taz9CX z(M`5|+rd?5Y=>mLNSH{Q-$MhSwl;lO&mVTPdv*Jn9Mq=Q$IQ0-Jznc){g1K#7{UTf zRe;!sV4RZTltUbyLqEOun%6+v0XeY>B6q}e`PDsby)JIwzj=W7ek6M7x1`iH8r(fg zeZHXQW3un1y8gi*#W))G^wI`707Oz z%$*edfQFOll#25AR~Cj(8HH0Vq?s?5-OGM8G)$kKM2FESC$VH2Am+j1jpH5L*)7Xm zKQ{Yh|Cq~7KE1rR`$r;Y&rLC07yRFOV>qbQD}t)Gk$a(AyePFx`MN`ld2K=bS;}!O z6SvN2XFz1ZB=AI5?c7Dtl|&EOXC0k-g=`)t{SL|%`lb5q#&J@~-_6^A#{ZZFd@%$; z%;EKL1PfdJunq7>lM^HBZcf3k_9|P|R<|d<}V1<=lt0ba~ z7KbC>$mPU~ChsRHB(0g^IJztTdNJFzgSevbZT!2N`qoJ|VBcvJG081qv@<1OuIg0x zdP|<*F~sGM(XZ4NErsE)Oh>{Fz$_MMs_Pd=K>-oZVQs-y1#97C3tm+y&tGh27RhMh z0suF0bI%fn3-upuU`>jWva2GOWFzH9-6?or{cMrcTwI~|Md(krR!h|4Wuwb>#1px# zZ|8U}guas;g9_%mztg~#v$AHohkoDb2Zl$=GY(y}a6tKbRU_^_4~`X15&8CXa_H|c zVUJ{k5d$1F(h8eS@$@xXIyci9QV@r+iXv;%dJIToNbJkkfT`87>aJ zhURn#r-J~)@}TJmW{5TWS(~ZL?sNN9u8$>4qDwb_-Jdu5#eqvr_1V@-RlU z&Cu9N_0_x@$6xuP-L3f<#~u9Q;cx2~^{xW908$xM=Ky3|Lp-Kc+r~{C%x+Fz33)6| z(x5M+pSW+3FSrUGdJ1QdR*_9=#z6&U`w9*3ezU9Mk!nJfc76O-kBm!-HLUjJI}&QT z{{9b5eLV_5YtTf!BO*T@u%y(aND`7%#=nsiXQsgzfKbikd1=2>u>F@%I0*-m3c}LU z*u_g=GQJ9|`3NEpmwySTve7%A^`k2{5XzX5-W>Zu!G8n%ovcJwEO}7etVQ!h7|!au zEeE4g9O_b`G(DoP`J%N`F5OZPdRt#j{5=uG88-->$1=?7=w-H8K&ps3Z17z9oVuWI z;6ZXS&l$&)R{$Sbzr_*{W?)Sdo*>Uo8QV53Dq~k;M1ATg8%1mLU9@+YjOB863_--6 zQpQsp*1-(vIv<;lpi+=01$pRL8jDKXL|Us+(WFR(m`paOi6$^Fm%rwE!OHjam;j>)lz=M@$)?H(Ck z6`$?+*#x-qUGC1a12DIzqVi!qpKf5`VBytGJJoJ^H8GVB_vL9M|GxHh zVO4^WWFr|5iudn^lI^p5Pekp3G-kdPmUUAo8Fkxm`}?IMNrZVp+6M#<30L^6i!=4D z`YOYha{!YcrDt@pdiU~{@V0f+o!NK)0dBt3WWZxUFXJinuA5i){`~tzK91a?s{=DW zGSLpF)jk|BxGjvX^^~4e`*F!J#vq^(4=w~DrO^X08zcZT_IGNUuk(kGVv^z5`{d>) z_t^z4{(N51_|>%!qKLW0D2mk|&^GKQlH5(LwqNNClIt2)k@7eq>aQ&yT|D3(0pthd zqWu&W4q~naEG!Kzt``{?7UbmL*co@Dp&%fUK-#X76?gI^{xe0>E@(Vm7P0btcg3<{ zkvg6$f$O{9lBs(iPcMyU)*yf=c+e!EFx#~C+9245JRXy{<%(+`XX37;>Q~9&cj7MC zXTY>3nWm$JHkb1E+$|)MSt)5C5j}8s998(1V(HlbT63kZbb_XRRpve(^cN4325^ew zLFxqhF}$}UW&5;@KiTrf`5*^Lle1ovX7MS~t&H}l81-|Rj_ne&4#b`g5SKbggXm)s@9SjzblTGgTCxg0OK@PEKx;03ert*r#QqP&{3|IKEV!dN$at@BAw%c30f>`=MHCqo;I!E0@rzhJ zqxN#>9vkd|9(y$nMg}Vr1+b&6A+@k8TWh=UaqNErQ=3$~EeArHM1R_dMHHDwuHH%B z=o0fiI@~o9D1^+rJe?(jr>_Mt@d6qAtUGCAF*q&Z3rgH?1xom;!fmBG!GJ`91R1~l z{^lWjRDN~h>m&ky?TA%MBvsgkKsW1kS_+a!$6mnX81YL0+4!PoPcG&aYz}=_VC0K$ zf;z*gZV?N&wB)jfiycdb(d*hqrFDs4e-%Hy7WHlWd^#?z5-!avD7uF1@)T49@bQis z$A5lxz*2$G6s84B?yOVk)?2*aQ|<%ZCGc0`Ni^yN+)x=Ci6~0~aS2yj^}b_QA7m6K z^SthZNdu&`hVNoL?AL89C zUC!{4&8)tNf(5W;2Z*Nr^CC(M131UL#RtC!g;y|n^(~xM^ISqV#k}hY_VQ-JE3SPH z$sF|7t%;2H_Otkmz~U#}H?CHT0P#>jS$5Ca1ef|Sj^3Jy;E3|O}vuNsgHdg zPos_(ZKbbc9fIpENNV}|MAi6QbcZJm0r4L>@S+4_spB%4Kz!>nzRpn@*rb&ZBn^-&LZKV6&&C1nfj;zsfx%8e|=R99l8{gXQBNdl_PyR@Yhi&F|2?6hI*>mFa zWRdx!pmI@DcsfCj87vQb_DUkwjBP;oHy&AE_$?;;9GGjJV<|wrz&k3+ zzm#6GOp?{)BRu~*OFoKlI*htU2lm+P|Mx;dG9AddzGZg*1LOKC1&?_6vu13T!E%uB ztXvop?f+a*9MHU-DZ5!GI#%wWDV$xX>yuFE$bPTIK|C+3>7V51e4UVxZ=H9(J^lEe zNjlI!WTQ>1PDpUPU5je|!tTeMx65G*H)j{xZ8xB)I&i9frkNR=edqaA8F%&7Q6?39 z_q5-0`sXe4f&HD^JNh7id$wnpt}0OJHRA1yTjv->-TM8>Do(y zJr=wVmKV^ z)m&dZzx#eI7(7Xpo?F}*Je`eIa@=w%qI?(E+IgIQ4t@L^aJeXWN*1Q8+n8_<3oV7P zp)!p{8@3I1XZIQojCKYig10a2Q@YaA9s9T(>fSrfEO=-JFP82;AMV?}z_=~#;7&J{$MSE_cd)Y1bi-y_ERj2d>B?wok$p*f5Yof=HyaL>cHd05yuihN6JV z%Y0 z=3%G^$4$8Y3|wf05+eU6DuOQ|B34po+)?vx4(->uCcYRl3!{XR!2Fd|g2)+`JCDHa zWi76wDXb`(>2HK zK9bb|No#-S;`s_30#~L1L3(_7hEbCu9)Hab{bD)SwY0t23;trmJIWOIxWU7%tidmk zisAhCzZ!PiCHgd)G)EePn`zl^%7L-KPl`tq?OMWN<=-D)PuVcj*BKWf+H2Cn3?3mbnYQ#?%R%CsV_M72ZHsqgmEjNB3C~3bQXgS5pg1G9~Hou%FGqY z>|NDvR8s5MePUTJ$MdT}0nuF~QydR5`4J;XIfHtKgc47HWSIA#BT06lWXCf@U(9~zceW_RGE>M zaN7hm8ttWi_sUdhRP;ck-22FwiZJ;bJ9L36+U-RezwyuWi7XU+=H`pw8^{8b%mb-d z%p^#rR4Y8EwIV_%g^Pdqs6@V#i?;#ydI}U?wi-p9ycvAO@mJGrV`{Wz;;(2PfVuZk ztm=84$E^GToS{hm81^A+3@4$`i0wE_5#n~9v@dX2OLLxaQ$pzWYrS^Y3U}1(O8n{P zxtE>)Gb14^fZ;GYR(D@hwd8omYfiH`pNMSQt0?WqJ{0@n++-x?4~8V@h7C4Nd2{yQ*q+E{TuG zN-Q|t^Do8-+u+;s)0&)u@5eT?T(wl1mB!tX>+DPcgE7*%ti_DrG8369#{Gidj<YJ`7R$(0Dw3Vh^$JV~N~>irL5?30GaRCzyNWw^6xXvYFdB|E?0dDpT1n zhlv$E>6XF)eHnmJ)->Q*HfUnkPp7MPXOIqdXk61NeNV^BU+18AQU4~n7zSmXXGKII zu}YJmszu40)LQekoTjS*9-N{r0~yWweL{@4dlkS6ys>XK@&su$)9n-B#eIF&5bA^G z7G-r1YRnd{uY;x{I?iGQ?YQ0%_w<(?oOgs4mN-DBa^ zE2(SrUJbBk4U*vMo22dmV#vtGo`=WpFMx^_q?q6#pBGoleJZThMih` zfT3`ii_#w6tJfu($Z=LbdKfE%c~@j3O?^1$$9qcSnHUYSTVJG zjU=}s>(QD`POqAyV)A+C-lumO8(V?x$U?3;_0c@823RO9YfWRLY44Q5}lNt^sJ+6 z*Web2BiT;UmX^r_bQgnUk7MCCO3gEB(lt)TiAVgMmt)NEeU8C!;jkBRQ3eG1H&>+J z6RhDc#QntyLtw47$9-e5b1a)UxOr-7Nbg8Gh7vwhtsq-Q_V_aQW7CAgGtu ziN+=JI_-)uTC#f#wmSfB#z9l04m%&X$4EPRd1n*Da7E)U5E%69 zjU*4b631}xj2bpGUgw_eE+xAfZE4&G&2WAs`yDsMtR2gEXHUT2DQ2*1n|5XbleDg4 z$?T$R*suN$`+TSJr{dkqz1+d=17d$8#~xFaz@XX;@;qC5GFgBo(lpnko|4S577wRU zU5!r()9jkiJ#AcPaa8mhuH5&2BFnF$Uq3 z3w%7p^Pi5)JHEq|$AG!NZ4JZEaLzW$^YSq#mI5uK<7{r1UPoxU^>T&uNw&PsR3&$w zL|kP?vbA-2lwXk49zPdbja7>mun^TE%S14<;(3Ui)U5W_2Og#a1q;m>QWKuvwM%BW z8g(u6g3~NkwyK}N02!>G{*APzt!uZEq0`oUTY8t(*}8i}?^Yt6EzVJCmg!Ywwdobr zW+g$NqLG}5eZ)vxawg`7w8I(WJRNnl=sS3H{!f7PNmU)A$?UMNh!!Su{BrIy?5mFe2ry_;i|yZ>X3w34{A#NlT;7E7p5 zr`c1sp3}yntMNgjJ-6A zFtl#B<>Hl!ahLsO_T?k%sr}YRk_{ugZ78I@cZvtaR5EjWvn=kPv%Tof>rJyNvBEhsoBuF(&s3*I!?5LGQ6sx}C-#Ke)&T8aJCs0zvNAHJ3{SH!>?t8V#m@&l}X* zU;AOoaL0FkIHVxEX#Y@)s}@sow&C)b3HE+Bv~X>-GU_<+N`m8da#Qvk{sUMT`I|Z%TGJu;{k|3a3-TkTkdrP4G$;}We7@vP6AUyZu5-r*J?Y?!oM3-=4)SiyPn ztkCMuJAQRZvULB@Wux%Pd-GD$orTvSbF#dWI_y7_X=#3X53hWo6V}4veR#Ln3|fc6 zi2;ibr0KX#WVP=+em*bu24$3nbLahfkgO7AY35c6LNWvxOWoKSWuG2XZS&&m4skU9 z{g+$!u~N**AoGj!2c3)ai6 z8BDAmMARlp*TE&fmwf^*_pWwBy(#vcC*@cG&ue1xWw259aK>~R*DvanJ)DBCWCjHb zYwqI6;B8^T)GV9|$Xm3j(Lg@8^p;d&x%Dde9`2u*MmE0g&k?P-4mWTOiBOLcx)Tu`Als=T2LbB$=iCEOmeb|mk{^b z-=W2RvEHd=>#HQoL|(h@#ZTq5Jso_DMqZ=l^B)8KPLGPCH{a8t9QqNtl-;R%3zC`* z`I?DMd3Yf;Y3a8#N1sJnJ+k<2;fCxtN6pMqyJrkwW0%|9Gs8o&k-*&cN4eTjIa^6~ z@73n2uk>ga?mn|fU0y0SddtGaA{&-b{Kumo`Ah|NKkFbv4b$eYcTLhPGudKDlyk(| z+brBvFdb!XTXXzTuOx;-X+>aEfr^itM zkv;E#IbOJx&IR2-8)MhUC}}|i*-#iH=iB;9eb(1SRYw?nj=Ye_FM6KoaJj$^|Hy@G;Wp^tMP=lDyHmS?LeGu_pR>STbPwho`Q+9@Z@=>W)# znEXM-1Yv2c(up7xK3?onA-Plz17uC}3y_bVO6&^wByQrJVpbsaAzDu{8lJpZHk)&L zk5nBN!SNR2%(MHspXKX1b35C9Bn`(h94f9i?sO^1MzRJ;7zo+-U1DdiJc!4j z`{sum4a?xTdLN-XeUp!rgDXv2=*;uG1mp;w?eK}+cu?hmc1aW`Q6Mh6Xz6PXxXUrk zqa>-+PG))aR)3(qVo4&njnBzl8K}7Y&4`}G|E)HO3Boc~nncepZV@~I6v5Bfdg4MJg86?^MY4>-q;nn8ZmU+w1 zA`>;rT*4Zvy&qD3zWju=zr=k<<~TpV=Eq}9U;EYNIGGc>rKgM;=z+Z(2gHl8z^X-i z1_Ayi)A#bz!!i149R)v2U9YCtaDgY9^?i1kB`#Mb=@fd$?;gpbn;necych)NW{6_!35kMRY@^Cf&!(?X7nT_CDX4CW9kgnmx z>2?7g8wrH$2lRY02$rP0iUd61>Y>%H5W@wl1k+g72HF4Bz?Xf-XELVaLR z-2VfO&r`{pWNT)9p~2C<@bRGxhsq5~O)GN|^a1U8KB`mfxfwlb9+T z%Dv>ytr6nOW(hB|5HTAG69Y3)UHk%G?+|-4H8k?xJsM)x0=HU=j=P*PWmS=>5 zSU5nu3IA1zX6(h&(6O)_3Zc9+L=a6VDKjAd#h)yeajc9rU&!XErwB<-Wb_gL`$zDG zbT;P@E^p@E?YD0sNrEApKT#0^W%!?^fM2uCOkdNPK23590RZ0p%nvQ}XIn%N4SZkV zQrRDf@)PA0ER(vCZ~MAxX}W-2`L}-=7t%G?R0xChj%ks=)sRGPE_uNhaKYQ5JeG&> zC@j;f48ev&CR8c!lRe&=AtA@|OkpWu?*YClX<=m$!w~NM=7#DK=v!pH$mEZu3Dc9o zF@94Sv@_!uhlyEP%a_p+m+wvg!?TH-9`YQs@!tNxeFZI~G|fw87iXzx6*;?zXtYYC zh8YYR2yt57s)8`yi~~onto1&X;~vCA74~C{<3si114+C zY3#m5{cI`wTiB7#J>d6cD`ppQjO4MmRU5+Bg2&TB@Hm3b3c&2kp0ErMDvTJ;47j2j z%Lb!WDyqYhZmNLcUpX;M5dxtq-e-c|>e>~Fh2*FNGs0Bt`bvE#^NraNKVBzNC z8=>OnhfLOJXz~$U1(*<7dhN?`Ek!{?Q;7cvsIk+gOhs5@t1s3KLZo6SC^M`oyj;L7 zLYg5`ZH7V9KU4EzdqQ;PRV!#5ZP!cfB>ECTCM9J@N!r7&IhqfW`rmV%YB0;xbJ(cJ&`TcitA5+ zW>wn>bA%bF0=XIa>u4WtBnNv1XTDv^b`-(nyvn4GHmW+g232@PZ!4ZBv+&^NRG8;z zyCjE%Dbt09>t};@tNA@2IBT&!#(nbLhS`Ryt<U!6&z>au@m@ZiLp>`ANQFxWboEhuhy&?4VoH;wD zw~@kA=NKw0c3bFh6S}4+9-^QM9&UFO|$oz)cPy&+U9g0~PgmbL; z1n4^|1?n+l=$&3DL0*KLay4-hltW#yV8%x|RzQTczKqEC5A<7pFdwtqrBMoQW4>>~&f0@NxT7;ritaZ{rbr3AnOepUpqr@JYvN>ExHtnF@? z6HMS9^uF(}`q~Nf>LB%yPTlL6*9w>Im`c814*78c-$q?K{HgS(L+NceaN2gOI@^fp zmm&ZFMBEPN`lN*Bu#(z!$ZCtiA4UX<&i1E1(!1?zUoY>7M@`x>D^LA9Go!acs;l-f z{jfuNTU>UYq2yVu7Ug;(CVpe%YU8qdk@@0rbrui;gSX!z76+4TEtoJXU5g#h)HlPB< zDNdr}azj`vZyU$MPeG=gJ=FOIL3%+<^(~!F9p`Ise8n#TpL9B_7uugNx1N;VI!D+g zeFS-2xffSY9C@;U;Y=F8P5US8e$Ad|Z}znCEsmdawve9@zT1tn9j-xQ0;RY17zdt= z&H1pLL5=08k)ce#PGGl7VP_`>@4^%5UMez6C;d2ET|3oFZua^LhaK56xw&&>vM1C> z)AJ(|zSE@_fyV&;>7rW5BlFZx!8e8mQ;(Yvr;+C7Eoo_N^pfuC7x442+`Vsk?s?-; zfe<(3S=A0_lP6>~yah8S};b1FGFB~tizA8p)5N8NpFFWgzp2M|1Ij}Nv@&q++MI$ zksupi1u_4|BG7$>NS-2KKF!#LT#Z-WNP0LE<2IY>>gHX1Ur5VXjfx{Q7~iF~7Ix=g z8@^cN_l2wPXYR)r)TTt2`FG>;0wlqOk|~&Gt|u?S;f1Dn$UK&bR0#J_&3&xIbPvFM z(N=+8`_Ak5(0BCbPmi{wNM&R0?w(t8U4`Aw+^_Ezl+IYd2y9L4+&u)Xo&*{|?tG8X zomRcSJ=Ci4*oH@tK^(VH83L_|`1$8T4QHGtGn#3>`l32C85d0FDO)2~ErPgvU%P*+ zBgD9{dgTt)W2VL#FhFR9BCy$~YVMK81DY;_`YzihE-wWVUzX8as&HaNyCdy@Y(W=b z^D2_ty+!DA$koWr?}m|%WHnd}^xb;ouUErqy#1?cji*haBi1~zXpj&3(YsHzyAD$v zJK-#ucA$BjNK67%|#$i+ARBacO(cs|8-T7qwy1fa2yp9yrI2__(^ z4rQo-z6;479!){GkVBqXA}xAM0v6bvd+zX|YF;?^TNZvyVGAuO@~is$f`()2{P$>5 zzQm24hvOX9JQ{CX_^#A_ct+QruHu(p)9CgSJ}EL#ySpaV`2AWmybF5 zBcCn4*z$+L?B`6anZ(L6$ik`U*KdGx@c1 z`b}0{wUMQXalhGA?atRO@o#A#bvbQWb_D;mg#1B8ecd=_J>>%+_xF0;zrm*ASVKI# z)(KHsj7%*zSAi+v;Ga51y_cr#c05dP`#|Ob9$IePWAx_x_`b zUV!oPHn=1_)N|zn9#YNCR$06_va~RFZ>XYF+tumrOz+co!B0JZn+Ur!2(9*=FPJ6S z%`XFJ@8EzZ5BBpL_y5zNZBsumUw$t7-}~@VmeG5QH9d$st1J4z)-QNk&Yul)$3La7 zSAXg4e(%-x#(D1(D?OtbFbD_iCBI0>OSI(Qw!Ogud~@o$@+$p)&@_7HMlZ^R_gA3i zI8*PhmY4m$H(_usWc2)H!0-wgKYE_#4jF!jX%bht7TPbfD=L%F$gf@vW-{3Lzl8mEOR+d@u zbDP~IE;>}bzE&KYZMj#iS-we`0Uf)5aT3Ue$)P7%>Bk({r8`O&pe*eGVtHS1p=`@& zL%{ME%C^17yT_3di13!@_RpN^?5e!H84k+Xy`0ADlRAAY%}ltn&PNQxEz1mr_lJ1m$|5$9y#@*YqbH5z<-i8K!!CTpta~w4>NKHRF80#Qbu#VKukC(0?1eT;p<6Mrmnuoz}N#j0nXLN5wN7(4LNK)t3Fy zZTC#0#wdUj-{@O7IMOy;hd$*DnkSQfB4Q*Y#(GHW^+ZnTYnoEON`;AuO9Ee%J1Ilg zR}=NjRvRIk`mV6LWQCsIdy76U%$daHSKf*o>gCB{dl2l*Rg`Qy9%bL3H-Le_{6l-Oex_D?b@Kb zM%WwCBC|-!YBAxf{Z5d}T+K#|Yn{fm&)5ZeX>En4g!O}gWK<^y(CHJGA_b?%thyvg z-<=k;l*sjFu~Mf;F|Pi*H;tC1L>264)2F>$!=TyrlSf_HxH9-ar;Y-1vPYVyQ?!Iq zYrAP#LU@Buo~Q_%2BsMQ4cPL&I=e1dbv2-c@P3BP@ZiN75O;H)?gtPLRBPg>1+JFT2thwPKKGS#eAAly>Mj)a8T&DQZY^H&lmHVVvN`Y z-*?E`>|1G4gQ%dQ$;67Lu$>_~%k^=^k+<^Kq^T4VhpZ6F!2!PEXj5jdI-j-Q8@%UJ z!SrLX&^l}=IOrrioLT(m56PL4h+^^XhQ>pFh) z?|II#gmZR*Z-n08BZhDYmw&BXB!7tXhghyCA(0+&m45h~_NYbeceP!^vb$Pm%kKx@ zses4&05oXq-gH7ANnk7Dl2zgNM2_nMv}Mt{WCF`{daPA#AES?o=9dHIYaEQtcY5iq zTjJxeo`#wXU*7kFFVXhxW#baH6#*d0Cw;;nrL}jRosr36T5u;#hKxil=IRzL(30t5OC#XnIpB=-?epd!d=GhJk z`szw55R2bLMi`fmCR{lwuP-^E!1#dM>E^4^_(crlNNV=-DE;k=32)YQ|1% zG^LI-d5$Xzc?&yj;740J&gU-O7F*?h928hJur1sC8^WH!P3CegAU@g$t{HF?P&q8+ zOGfJIt(Q}sMtUHVBbFWo22vfot<}!GG5|-4=6AH$P(oT7Aacc2#o_um{pV<~^v({P z42_kn6pAr3GP7Vj@w$K88bq3R7I{njm;*>)FjT<;*E@;VR^*_1H+{`Lc{L5w#I+LX zkP5n=URt7#xi9P&>s;49UsIu@#5{piUOJ7!4111UjJ9DV!ZeR>V5m$;jdV zkFbsah$#{YYbGEw5CFdceEVO^jik-xGsLmdqi;xY#W)TT%4!uqxb&^|K12G*Y2cx|Ac@TeT1*t%lRvq5& zW^yTtUO22IaOj7MZB|PbHSmq*ouuC)5qzVe#sCFD6#I_f&Gx()=9ZsfXIJn2YQ^N7 z+hQ=Cb1+lwJ=@9u-J-^hnzMoDFfr`A)+@Yv^68aKx+BgD-YCJ|?VBT{mpc;hC4VkY zT-dteVSTsO+ZlDG{mwTX;jfpbvUy3cu3YSL_2W8aDgukES()Xn%X zv%u(CPJj?0Wvu1m@?0H^ZQYql&sm%__~1~IIyL`egTvK+77jng;*j)2tJaq7{&hdpJ?UP27SIsmTgjkohd5(}35kpYC%AhGip zkP@frL^NV1Z{68-F4)Pal%;l`l3nh|Rh2W4Mm0e?6RpK6Xk*F80=$UlPpUui&=Fb)w^+qX zWufBnj#|7EJ4&wKII{e^zG6M|MTz)t-@?`iJL^IWeCDWmh!gWY~MXOU{ z@Zl#0xvFF&J^LYdomu!+dRI8%<7{V$9fXLp%Ogw*l=CteHlOjz)|S zn?qx8gd>w#4a1PXR{Q45vTSY{XCSkLU}n2*aITgqU2O)Yy1$4T1?^SX`1R>*qDq~D z+y69AkCbys0>;~Srbm;()p_iP)c5W>h)V0U7e=nN2X zAk@G&^={1x72?>$uD}Wz-8>%;)xGUR^?H83vcK#z&yggwoSUfMweI#RwskVfOYiNs z8-4BGRK(w3WZ<4+*V^W-Dto%EaA!%K8Z}0(L7o4O9tV=!cZgxoxsPD49CwM%J(s1U zRsxDlzA3TYG^zZgfQ&G+Lj6#K@wTTJD9O=KvGz_5+tz;#+9T(HDK5q!oBSym(Ph_S z_!ot`h^Me!2BT+VBlnG(9F?J#16$~aKt!bL1*)@OI>pI=!7S^Zy8Iuo@Gl^>X~R zib2~vUCxGv2;UhwO~y3!keT>eYl1f`JzQ{@6o-x?ke**ufI$os!3{F9hy=n{IaDcs z#xA9pM)~pA2(`X?xG}}SuEZ#569jo0NE$-F^mN1*!D8DGAj!}Eo^Ep@GBzAb_u?T5{>Ba{eYf!75IwWNgD8AB`cJD+ru#9c< zYJ34^_5C?Xsay8gy3kF#2+~u^128zq@l}PB2w(lO!?M2Jw0o&clhnP~d+SDiN{#d4 z@^B|x;O_NO##31!e(p2K3=fyc1c|i`cp2H^!Q{v&i2J%5-G9N5VEq=dj~mfDk>ykj zb%e=91Np`Uf`d%>4wGHeT_>B{5s@tcz?@5K_TZ33^8Dy>>eR!2q3g$Y4xOur(u?=y zbHGevFc5YQrM&`BskAmi_%OHt+utjt3rF=E&1%=|! zgOfLoqB~$p#Oi=by3Zz+9V)FJ9M6l#8P39_E6ONOv~2(EG2fR4>ETb5sU2Z*n*jEl z^EgVY&F#-OMtu&`bEgzsLd2op%K`Jh7m@?NN!w<3=zIwsF+AmTk9J1s7P01zVUe$? z&2WCxuAPD?rM-Eh&Y23zhXQM%d~o?|0F2A$XkLrNBWHvSU3&3B4)@|3^!;TKwkv-! z@)O1*w<(@$vCMFXR7n)bx`-IFBOg2DaNuz*Yh^qn?1tZW2wnZs*q$5OCb-mny>>4U zTj_7RuEhoRpXLe`(!qUYyc&Z!dIicaOV#>V-HAP$4(;jZJe9c_*>)P3^fQQ5U`Y+2nhPg zo9+|nfi_u0}3h; z3fUZg%n^pk{q^|nRCH2&WG`(*8GVFyLQL&)fPp-KzZD>lAXP*@`Y7keMgV&7kyzeL z;pjr|d%6Noz)`$t8As;0ZzN&Db&u$O*?Z+dX$aa7rue6!(WSSsp$YNNXd@5+;GI^@ z&#UopRe;=-2W~3F%n=&r31m7?{`iZOod6^<%xvcgRyt2#nalV>qG&RpA!w39p&-nq zS?N_G3JLkmYq_utqB)0Rdpv68!Y~C?tj|tNfcvcgOS^H;6k^#jGLB{L>a!4^1&JBb-vOB$UL9Na z{83r>eP!%z{&Opvh~$+ckB0n$q5{p5=|~|!pz1t-Lna^TKW|D*G)>D#ar_6)LO zWMwf5_C3+9f6m#G^faShO(7TVqg~Z5Sn}K} ziJ?&Bj&nK5In4w5hjyzaAL@;G3lYA*p=_<ZDI~PeH z7br3b_q5P2Z2W&xv|2`!HSzxpUv)1;@d8qxm;uLBs$hbO@^z~73q^Q$qdE4KbuS9a z$tt*$0+6~j0xtnfee}M354Ra1#O~NUyPl6{?4B>>wl0B#;g$7V!X@Ob=__ zHmXE|n*>^0H8b$oLQ{KzJFA6SubA7!a^OrmwH&B=M*i}**KPM|k{pieU8l1S9tBiA zLe%_*K5PZ5WWX}fPKwhIKRsCU4FS{&;7V)l093r_)`J1>wt^q09QSEm*O!)d`!RBX zbo*NG#Aq4r$a!4aVq}^FWSYG?Vce}<+>34mqEUbV5(6(>ELm@lAZN=!MI;MdZwHaQj=M{Kx4)x{wQQLHEaW0#Lv{+( zmYFBuG;N!%TGbdca*BPR0%7|8L4H1tU6qf4t7LcVzR3OUZLv>YQ zN?!Nmop$(PIfkt#Juk%7yN4(?Q=^E&HiQfXV}$oU{J*Go++#ALMcs!XOZWo6Zh(Z$ zKnl-$heYx}-)J=*#Zm9~*B~)NpM9VnW(eUs%|5ctD>LaAf0Dz|ufmb95&&s$1mfL% z5C@+91tRS)XIV7X%TI)2v_JLhX#w~Y5jgpQ5jKBoM+gzxjt|#TtOx(pfaxL0<9uK% z`h&F@y()KWxBv8xS_Sf7+NvaVezYATD%(lO(a(=@B(|a7?!NjPPV(#SE4&*5cMD4oug^R&NJ$hn1f5cnK zPkw7e>rac{UzoJPC^lm9PRgXh-{iig(Vt)BavtU8SwzE-h(BLE0Cr>cTlMO3Q><-M zB(MSKx2X(Y@IxZr%?17QhHSYt`+t5n0ql*3Jy05q{{nZin+eh*Z@|nn5Fn|K1DnL2 z2NmEltOBL&Mj73Kpf<11d6VB~XC9@HkjqseSj#c_xdR^cxBBb(6fBArT)#34QSHn@ z=Fxuv(#X~g14tSQQp`o<_b5#O1u@Lch{~@`@V+CEZhM0s(`N{x!YNrqvPT zsr@ue;0GsbZ|Xg13;}e8OQ7|skmMyqF?4-<$$^4ArEb~)0VU$v$#_^lYGLE zKC1SpX+cT1)7!2MmYi}{_*^Nq6A}Scr%bt+9c}sZaxxj7_GHU4!=3$7(vrm|PdFSm z&>VWT=D@M8&X}iUyzYMDkQ=t-tvnF2xNbt2c9OfAr1^RzCU*`hvXV_f74?@7)^Dt;-9O z=I&{|p%M@I#gCvwtuyw#xvtI&|MP~%7dkWp)FYO@u)VDW$im`$Gn&GVV&=iXM&!vx z(DlaXJZS?a!3mRM(d$(amqKr}`~0m}Mk>jgeHHtVqh-Ovs9t~{xW9T&615#5Bltew z=KV(E`=gS`PY|F|8#jd*;>X~6AfA-{9RBCsaxwm6^CDR~0(#eWaM@>ngAMAOvNNV! zOPMyU%<>2!0r~{nWmv$aPi?YUm1&6sA38$ftgAxKB^Re-bT(vqg>zc_9R*e5g*i)L z%I`&0-W)!})^g;X{9`#cPM3T75$IS0nEqIcfR3NT$MIzBH`vBFBM9fo@Jc^&v&MTNEQ}PM-M5iOB2eq4-(~Dkr_D;xqxPV zkobap%$)?-v?YYJB#-ek{PK)l+oiCfo1$cnnlg`)%cy*nuF?Ku1orEg4|quN?f(qz z))(p6Mpxwi2GzoD@$zbNuO6DB%J=B`>Hgj+@r3^p_>mDN$CXNfn63~2O>Lg4eAq7A zsZ>_qj?Fi63FRM@MA0T9sPA??vGE;RU%98Co3yx=qlOUhj3$o zGNtU1XYN9_>z0Qz3L-_!_v;b8n=GHlnE=@9tM|elqwBosT^TnZ$y3{bB|njEWt(&=~+g3@L+z>*nIFIsi^)z>W?;0a93Q z!w>{QLNO&eAzvzJk3QYhI6*_|sBW{8zmNGuF*lhc-LA)dK5%u#ILEmzrkyZ0B1CR( zkmEf9b%|yW<=O9?Hu*gJTuig-DJ}Qjie-yqf7;LMuExz432GkQ;- z^ku}C2PKag{1X$Q=f~CLn*^t^L-^LF>{Z_oT&hVtt4xu5W;=x;2PC|3&6B$1geRTi5V zZj9xKw{(&D`o_OhrP`w0eU~LpzW!IR`{-@yJ1&rSo@8)6vo$shusgv2gM_i^!>b3Q zjC2^ODKaIzG(<{f3P{1aPXS)z$-$_RiFOk2KcEhs$|Skt1f1M^E*BCWquwKdJtO1H zc5UPO%5|dx>`+5q! z4JOJz_IDg-#oy|^9-u6ZnSosmA)|(9Pe;=w{u7wF|LU&*D`sJoRfd3?L{u55M#~1F z@vkX(9-`Iw3z59Z5+gS{0H9EKY6^b^-jMRPUj==wory`sm?oD~OuVK0@jT5w`&Op* zXRJ~ZqfHGP?X;mIwgJvooYR%SGvT}3FVc}STJS@@uH~h~V?%#E+fh^O5OiU{XP!*V zdu4tERz%)PIIN<3J@unF|d6kC2rK?}Vn>ywh_#?D7HIM+4>DzRyv1UFMbrI?|+~L}EID$5F>Qn&-GxggmQx z=eE96e3zAQ^6g!0^Y@7k^X7B83`d~ISJR*tl1~kuZwUBt3)_mmpTBG|EPQt$QE)8A zzHUSL#9l+n{=9T3)0XMweadl# zL_woib4zOiQPwsPmw5B_5P+g>;c zz^n4ab;j3~myn*}dnH#C;Coa&!J%<)lykaL6a#ac`Sy-ks7q(CfAU(Rv8SFQv_18z$jA9NRx0l(>A-5a?E zxGQ{<*C;?uD<+kuT1Xoc9FU}ia%Qb|gz^P04%iQfXY~_O14I&g^xLuK1!GQBGFln} ztBXQ;#1MEAHd=?7pEff*iJ^O?&5&S1ckvd*HpQm_BT5z4#Q6Hqxn{;`;4}Nb{K(%O z9eq>v`4h5*J^A%`h%<^9njqW~07QAy&H%u5Xt~c_K>ouDW<6%+x6Hs|OiVOQpTaoY zx@~p$s~V-hDBB2+Lb9ICi!!>mwZ=$+UOxB_q0B|%wUGd_+CSHAZ&#zC=OTIDR;_rv zg{2%q$EQf|B(qk77*MRs57NvG`6(;oURp8bw$MvWezlNxNMa!o62C!HVTd|3N?Vb3 zM{TPLi3W8vH+gPC1V8QOvrHI+M3*WW>JGVya^P{l)1giFldu*fU|nCTFB*xl-Scw)`!1 zS8x}J;FvSW?#l1+cWl3={W*n2!iYGbJcgRn{8jZ1jE}6K8`H4M_Bdq(C)ws=1fbc-v2CT}Zan(PC@_6jgj&?HB`{++;j(b!mC2o#OBZ{LT}4b%Nq#oT zO99@_VjrJtbx+8_)Tjf=GQo%GlkAxu3rcIQ^8EC##BdaOFOXF$tR6fbjvEff< z)O7XIdd8gtZj2ejWXMIq1}Rm&9}!K7g{Ulnv;d!jbyi)Uh=PRgg~kKNKa&GnB$y~0 zYm~l3yiOWik$QXg0W4sbn&o^%5xa<0(T4+iKDI?R1LAGrEa3@!;(Y&EDe3%hW{?Sp zp_OO0skdNoT2eO;YKc5cD0wuSDSu#*uBMmHKg`flM|DG7*8CE6XJJ(Gv7WiK4K%^y z$C%J3=hB;6UuC+Cwsff-*2%{#6ft_h_D9 zC5m#+fv_AOSw5^!D7^pX_VlkbYes0-Mq3)`{?-2WgHC|O5cEzJTz+5fl1JoclFg3_ z#>yQW`tlIYQ(WQO&Y!kjapwn~{@;wwy+?U%lTHVEY3mw#%K~;lj3}2xg6)fu7l!xV zEymh^b-w4-KCL3yp$K{vhn{BgNqh!{c9C4_4b5&iJdAlaY2 z3YS5rNtMgGrJ-M3o`2rrc48mSc9-boeE0~z#WrLw&&;V)WrD6Ey4JRi5DS8W1#@i9 z4wr5Kq-z?--mCJpQQSVilsQYu;7Vo2=jFvp%%rNSzz#%eHh+m%`4(Mw;$wizO2_qz z#0FhSpE@@CBOT%jyxk$k1;F|GFiBhwlGB3ZtztYkV|jfDCgCU@EUK7pV091goDXH# zC9qGy8j@-!T=Eeq+{UAK&P0bzeQwhSE8a}%LJix?%|XS@MZ*q{0c6J+^0TAA+4{Y< zR5_ItrsdV3q-tzI{c7X{CVg2=(-E!m7igy#zx**+6V$jh);OQ=z!Mfi*RDK6xxY); z6J~1&9FUeBt&kb6^ikyLyS+fpZ@vSm%%I{ptYYa@SL$R<{yzBPyShUT-GB0xn_n2! z#wgVJ6u1CUqy)LYwy8NT^!*(mx!zb!q1dW7al)M%#^JGs10yEk(6L#jPOq5y3K9P7 zTFjp~(}AMt$5i6HWMMysYWik$rPQNWeyu;~HS@w{oaSFivytjBdSf3>|p zsml=`D^sMsuo6=f1T|XJEtSPx{GLvsox;)2RLIU$4hV3lL;1Hl`HLzy@o!X zqb|&h^ubWabN!Sf?HgjxP33P{()V$8*{RAo@OY#YCbOH{S1+-+5}3j?Z2*|bfv6;a zbj9KW5lY5&eZ~X@9k}6gL*L3AuF}MCE$2>m3jtEn z8Dpdvy}R1D_gB4QYJpW6ScnfiG7(_abq z1}ReWiJMU@39DY+90$-*7Pu2lG_L(NVTMoQY^-8T<#EFvS+spc3U15GgE(p=1PgxEWwK0?%YzvYNeRz zGGKYpU_YG(%+45*SIxC%#-Oi z%nxTDlWnnbSRZfII@Z0;9)BIW)}HsSR+%A6_r$!Q`4yk}a->^#v9cLzlmc?KRb!^* zYHqRYXz@YDhTJAj8ZT>bF!ta)N8guCk8T!MFhVEt8bem3>B*P=a4okQ+B#U&A7O5w zV;OS$?V#%0&{S>4D?=52gMu{#*xqEn*!JbT^`)}_b+1%(wMjHTy%>WXH4Omi2)+r^ z1M47`LX&7Luml2myt!434N7`h@%;rwk+D$zgwN~|i{<&sHd-C}8fvdJxMVt8YI--W zE9C9tT-)fm4d}S_))P6*(%V&xPI)tW8Lj;O#2$&knPb7U8Dk-~MN3~}A9}{Q=c@rN zs?2qUF4$v@;kEdW&=zIOlL)HEUmntU*k>Kf7ZQ4*pQ45BK)Zu$-D3EaaxDq8*X`!@unUU zl1AVqQK(r5Qmt^Sm>>Tmd}%fgtA;w&mA3t}v+;D!Uh9#kcd$*(h2{e#8=OUloM{%E zX`h;0nrFx#0`Zy_B5u3-%&Dz1F66WTb}I-IBI>_)dVBac54cEz2{7-6aXzSR8v7ly zhe~>T4~7b;%n32~7~@_BJ6j0vpT{~s`3PY~W1+38+D~nDhOBi<_hHSh(BE6$$r+Ll zUMyK{GM5^NBBNznqyDq+VSWeA{}PMA902{|h^y;~Ypcz6_b*c%ZDU7`iR3wApViQE z5qeKv!}Vl0<{L}5+kZRmoc$i_d$gsM&o8hdgP*(?qNU>C5P;hawJw&28GKs^d`o_X z*}OdXi&OE6nbrF_5LIcKx%S+=+X=tz6Wfj4pB_WHw9HtEH4e`xy9M{{y}Aftgr}#g zVQL6EwKp0L#(U~kV|jGIw~1c3C&3fTX~I$~N?~dt1O>f^wb_|Q_~_d$@a3)9$*=W1 z(Rz9QHYUB?>wA}1`Iy(=m7|bduV_sRR|Xf~rwJhBaorq*TPRw~@z^{(uC}JiIvi>N zcWgEo;`p?>qriMwRYgnjiebAb-*;3M=KefYdnhqi@G9z_xlfdYCtl%j{9_#vH^-9I6>yDMqh7O=Y zS3I!j(`mGl=W?m?Hwpjm|LqAoB=rAxK3#>Yc>t9o=ty0`T;WjNzF5oi69S!|jwfW@ z`76F7z`icvGYU%dtN+JspC5!$gy;jZK3`?N4w*FTB{3&3lW_$qJ#$rl&3I;ULH0~+ zbpj)#?XNcZ<>vz!Eh3uTDp+hW&L15&`p002-kICTP7g@+-}@g3GnjpAjNRI_u{I2S zdA~#!YT6nTAju=HQ)j--c6ajBX5-Y>-$eKHyS;}1gc(Hf8nbTXpY*`rQx>R?j`p{J zJlur3dyu|=`is!-f5Vy|niNM|pWGf|yU{0rG_gQUbPT2^27M>iX%Y6YH74l}&gMCV;T786GUgMU_Fj z$~yt?Oa3v+5iM4tr%e-ZTkd~&-SIC!?vg%(Vd68p<+RIuVM7W0(6xZGHx&A%6AI- zApfeAK1yZ^a%&bsN4UCKoldumkslUv;UnjC&Kknoi2<`3Mi6X%qw`KsM#Fw8z4&)37E*@_gWVl@ATdfK=9O<6{Ze!QqskV%rseM^g5|qp0cP# zWmo}Qx)A0x2{ght71dMtnF0fPwNegYY*cQJh_#TT<9C_EMHTJrQ|lkH-gte>7jegm z-sTN(CD*R}pQ2V=u9LKNb`j#3uJ)KJTn;P+p&xv*w`MEC-W|A&2>b~1VjVUif1;5l z6i{&n@E)~YXp*KUXAg;__B{Jf`R~=m=YGkDWx>aPwXDD2yS@(bHD9V(gD~!{gAgds z*0;cYYex1M&{QCd(Ywlcj3r4d%<@4B!ktQPGv<2=Dg`N>A(c@#T;lpc>JwMWo;5B> zdWL>9iqRpan>StR-DRcMHR+bavl}2Y-kjWZZ4K9_Kx3Lhqn1x#;Y-PkV<;ftQ{|>G zbuiwHRnSdILR4%b58oC>8<#9Op;HQwCm8dJM{uVSs{ZyzkAYndY z%`$w_R%K}@a5d=%B?ukl6yyUYnYH;^4+6taXx+tM`>s%`t_)Pb_`rtQ?ktGrpP#BU zTk$D+br?Amptn%-){DVqlEX4JGJU>h@go+wrb0q^hU{LiE~+ZmBUa98Q>yq_W>K-x zBV;~(Wb?XQj-;1xb^Rm?j9SG8gFG(ByLG-&|5s`Ow;}kr`8bSm{AbC~m zHO*{cn-MhM7c%D_Qe^QUVf<~?8i>g_*Y}(oi%7C^PC|~$x6g`Jw3_Hk9^{$m%l5m{ z-B9w0j2LTRekfXzQ02#%P>2<0l!IDG%~Ww7Kx)PFbSPUS(v06d&m@PIvO{Y+~1i&aXgVBesP}g zJSkhQmm17jfg2pKk~tW>W9V>-$OOV%bjbvXb_dTG%LlhC7Ll-bCV}EYwJ8YE{>YE* ztj$q^4{U->AJYot6F{@Hnh8G$Ob$o_mP7{f{^QOs=xwF4I7M-Wk3t5!N4)NLZ&V4LlH+A-J?;lX33Hhr}qAkbBv zPSfG|;m!oA<7)a$3?vWM<}s$Y6$uEXz|VmJLIjTglCYIhJ6?!fziIXfstk@nCMKV?N}T5W#_-%Z5sO zWK>~cGG0Z2^CG-T$%WyYFqJRapjtL6hkeT zS8^;<_tthstVgE-tDz%Qv`Jfu2v;$yoZ~i*GSY%NKXTxDZ*dEp-rT12-TonP881NJ z{`}b@7AOnv*L)xbEC}D%RjZ|V(3D0aWIL|b&P^2%8O?MLzbdH9gPp{r0rPf?K&9t6 zqnV}LmKgr~t_u2)^<^FECcGs1G*rTIC(x5cK&mfnP9`6~pS22==@?F;?e;JHa#yXZ z{WlkrG;uC)YKcuaTQq2yrsPN##TnK)87hGQ3LUCKKP$Yxhv9~B*Lm=KXJL2YG=&SG zAp(2~6o&4+21g=w@}cF)49?$GY3D!51!%?bXvkJ7wbvP~D$sLZ*OnyNa*-(^OtKeN zsstV)E~@sY@@!OT#xjl!y1ohPi19EDjT9+q5&=-b5~8g$pJ)<0 zvYIM!UrxvhOV{jePGQ$2C1URddfB7E?1Tdni)^1A1nAKmm6BRv$)>0(wLC+%B*u)bUHQuUe4d;RXkFk0J-KPcS|Ksw z#&;R703?C)U)_D=-&?-_IdE8#_~=i5lVpZ0#PU$>hH3Ay?YoP0=l2R=ieG=M_AM&4 z3L&lX-t38zu2jP>vW39(JC3&qc-}lm+*9@VL_Vu>xHa=<_n&<4DK8ra8r{Uj)#nJ3 zvcpw^S^<$kY*~z!vvnn@PuV%f^7aSac9(LEjkV2m+EuV>F(62P`gI2Ei^@N5niH(>0*!q3C4n! zeB9)_5d=D=)|Ba(eXv982;S#&G-ch+v)!dNun58T3U$4;n3vdDFsX#t`Sqq?JvfP) za02g|&Q#L@iM+Af3V2>r(9aAbKb-p}Lcl^t>R?jN5-E<0Jfuog_o2QI^Qf`IU^Zeg zN3Ip?`q^u%ckdmOO6&Qx?B89kPjzF}AmEkr-EpDQsEIp6CS81?K{kv2Zt+gXZr%46 zlqeTIwIaTE(M5l1K@&s{NR-4OJw}-XAfbJgKh@iZ@r zVBiYn^2_8@VF>#n6N|G$kehMy@eMmmzIa&&e+;-on?{3|L90t zzN<77WH{A6aHt-8{snX1yq$CA(BTkiqcZ-<&mTxAp^4!_0sOKOIsJqb`;0Zl4FP}@;{wCL^KHBJ-T_;eRCc4wj^jKqmyCQW{UcCQ<3E~QrK1kuu-G6D^pWQ zXraK8>|mocqoTQ41mPt-|B*#(z4vA)<&~h~`^9-i0{{q_@SEr{xTy(DhS>Z@W+D7u^sP(gc0E<#W{aRiZXb1cmh zm^7RiK2=CK=O~CEvJe0!Egp!$9y0XJT}C>V)3Sy0D2d(zl@WF+jgN0g!2$%1;OPah z7y;%>^uAH5X)$EXdo&_M1RAF&6irJ2kz=C7w1~jZJm9aZQJRCMTa`koi$e$>aIOrj zGp>`j|4Rb`4R**PTERKhe8OPq3^wpkl|F4WvK4E$R`qp$bJ996$*N6 zh$lI|mir(xB@?hTdXi6@Q2pFR`BTxr@OKQuVhtUX!35(QwOL zj^{B?BG^tNGHaj5JhL{W@&;p%g3EK&e4#U_ES)18s|Mu0~GOETad zCAAnB$1FM9i}2HR zmM^;HB|R1F_{m|^dzd?8g5jLW;~@p;kmXBEIN{z{2*&|df$vDcVi{~zS`7wiJOV^n zbw`KB(ZfcbL*e*c>AE&G<($MsT_(gE3qT0ksGP_9a!QRsT>WX*Tb6c~s+opo5zfdl5lV0G z9KEBFe|1o+p zw%<3SUC4D?9jOon06x5otM5_u?bj2VGXV&U@WjVeq<-6QNoDm2=6vDpSZZR{+LX5f zJ@%UtBx!5v*Ako4`zmdw+BE;=xSC~QIW{n01QaPo_;f^25t#mDZaxDU)gy10%bM*L zn-%!7TqAB(y1Zfong}Gd7aA>bY))E^_nOaKc5>YiG1v0)YCE04Cux*L+AJH<#5Ra` zh%jozxVadvxD1QiYeY@bdaln*zVqWE;S|G28%FyH@5tRuZDuu>7e3r_r`j9&Dy3`^ zmcU4!kSULnu)iXZ{S+&;IXzhB#KU7{{zQ>oJiKmQ2>yk?170wN+j{ZGcTTGtss`AuiAmZd)1?|kS}1EzwZ5LmUKcvUfkXLG%=U~Y63i?_(K!J~T0AVB zqsqF9qFKb6x@TA`X)$o^oUsRvd|Uh(_(Ds-mz)U+!%1xs^S_oC;93cR#uq__SS?JN z^D2y}ZHox(ic})T+ei#T6 zL=;L832H|mdp?kQKT2Xpl+t3C;_But2@$qaB9ItxQqfz}3aL>o7fRg<8g>uh?KnRV z|3@NFtNxpi=*;+gg_N;!{XOu(lQs)w}LmX{pd+g&yljn4J}%zV2vOnSNSit z5d?Q-^jLNMw*q^%z9o~$H6GJa35qGvC10L%(>o0m$QQkoy#;XqH%bC;S!!rV<$}=DTPB`AL!Xt2 zr$28SbCxz$pL(@aVjX`YAi`D1fF)X-Q4GEi#@-fryHbOi5vd=yq;mMrQ3qWwIlmY975)%kY6^s$R11 zsQL6Lrrbl7j^Dg&6#TBa_G_d4<7%ePBv-4@=M6N7T|ml;D#5YRRaaemm zUh;dY7QHmMS5fuD;{e7+`y)le^RV=rD^SlDxpxI+q_`1%*g}Tej|;W<*TuJW1}r}M zlq(;{zc`qG0Lzbz$yj+%F*2w(CX{r*O*baVAwI3GQTNako`0F73(aW*{8H0O=L0AD_6~U^G zdtot#8^MMvHdKWwiOYZPZ$9S4ahd%emhSqk$@dNT_>zrn!01N0q@_bgBRRTZNGc(z zlsdX`2+|-a4WlFk9NkK(2&f}O5KzEE@Z+9+pXd1twjZ|RxUc&<&)0iF>*4A>Gq|QD zjQ%U-+}kFO?d*Q7+tvBS_#Ql17LcgmH6rIx1x4DmW69xEOd6UmnPys8Qxy?Xbw%x^ zYUuHqWv*!Yq|1LJNtbC+E}^l1MxfxQg8HJSD^YSd46sZig6p^l=7+7+O=IJY2K{v)r<&w*JmiAqi;0L!A5W{5)r+1UR(gI`frc-W;w%dn5W@bP)>#PZ#g1e`GfXclhn#NQ z#NWF08k3{o&Bdy`@>-YH#jJ_#ZV=IW@t48neCceDwXTy#F^swI6UMnDks>GoDH{YZ zA;#!3>y>mt#$~JS!lEnmx1ApQ3I@hZ5xA6kD8iMUpXs=F$Ot;!se}@>sDGvZQN-W6 zfe9oK2u|u*4|gUEw=l(GwcEw(LCCFijqLm#9I#oM@X6GBw}aNi$oyun{;)zmJo zTCKB{tPRbNmwQJPaMgrJ<)QUgYUf7GcTzdOqWm+3#GRrb#lr|^(_F6i%K-_z>m}b5 z3Y$5)vJugeq0@S4x2zUd0K}Q;&Z<&Hprh1L`iyD&xg@iIFoH&!6T#x;_0SxrIr z1Y0CG`y*RETSr0a&BQ|W6-27=NbcaT(x}nuxwF{O&IK5ebY|O zq#VV053FEH@580xeP38IdUSYmM|-A3I&BrFrD*KZN5Tw*orL%W}f?JAYx%|ZcHQ85v+s~*7dPq;w(^8KgfJmrWRZ-vWy z9USc*d)%>3`3h^QT7WWdGvFSlvrcp1Q}JOQe@{NA6cOw*L4MB)@B%Z>mYrWNwRX z8i7brUw`(kjCwtG*;^?0f1Cd1jd||uR+-AzF}8R(8yliJHQ|X8SUGZDb1Mw&a^DiN zS=14UubU}K+@MHISC>c6%(mcY-J9b`7-_XC7HPx8B=E(S0SfP4q)lcYQ z$b?vOZ{05dl3n4CGw3l?VqXm_vC`!BsYY2uU!OLCv)N8mYFt}3I>?`P3PO(+Xx+~v zs@2O)xeRqp#Ei+^mn?o?Oop&9R~l)Y78g*fgDBB19lXI`2r-kF#u_C0}2cE#E}x zEQq2^EqPYt^-R4aYeQuo8Qb3foULBEIrl|`NfV*ZwFJlcj8%)x?}S<~5lQ?J1W4YG zQ@jH{t)iJ9EUB6kml2QC5lPdM45^J@8^wtd9icKlA(zWKcYhNlAeZqAOrwz*s$8dZ zwv{>@5tT`5EsIvRLkjvSMfOL#w4|$VI_}4>?3WX!9?b@fu;vGkd)p~s899C+-3x~) zJh2KeMSc&Ud#d(!eQ~d_+M{T|!WX-~HQToPkDKP_Sblee_WAkb(y)#1*(oFX18y-R zJ<0m3yE7TL54X6-Nr|()HKm+GA+?I8Vtng18frFA?-wz$0pyog%dX}}7HnqnD91rv zy567_t=n&2gCaXmNGI=gpOPRC>gv1HSA?l{&#= z{d;yx91}sf3U2YE*j?+jrDOq+5hkJ2h1>aJC?C*ehIQz;BTeOs;5ee6=rc-wUz(eB zuP6}|lF@|P-4SG;`u z``xdC;=_zue=?~!|G+-!rnKNNX(fV`@#JJdhjLUlSRQ*^DM8TND`p;)Dz;iCOU+bE zT`ToaOI=O1o5(b8AF$R+!(X-g_1NHir~KDYZ?KEHPRIT6v?3H?i+z(jt3R=d~A})m5TzS>|#wo(f-DzqpI*vpx@!8Ik+-wDYSx)AmDsJxALf8zdm>Wjs9;S$nJdL=S8oN~z1Y@< z>-MsX`Gyt@Y;@{JJz%fV@7Q=&{6shO5o~$N#!bY>?pV(Tt^Y`X^UNG&p+}iR)3E!~s8rALXYJ+7xP@a8>OtEq#8V!^X$1!H zfdpdXzbG}JEn2WtBsj?#{GEB|{K4#}A1HB&zjS6NLT2mN5TRdg8|q9wfxntT1nu3I zy^3z7tP=J%w(rz<&|5GfzAV5rvVqPOOp=wSHF)s39F5QR%`H3wL|&;BjnK6STbX~> zpOVl_i0abr(@Qd05@nqsaN1!}((=sm3CwEpbh4xD6ivo6KO&9RNqgdWpkM9jRWn4S z-1)KGiX;&J6U(K{4_Y8IT!Jg#$FSRaJ}W1(|DN@nGX4S21o@c_vv{CF=WBlG%fqud z>8wz>9!iNabk6bIClV~}@?!%g3VyYkH`?hx;vh5a&;dH$WlKb18*hUo?e!o&TcIM! zlu2c@|A5#}yH^OQ$`2jG!;cmrMJF6gp{TT~Ri_aFN-Ni-$(Wa1!8rrBHsjgYsE||# z>lB8E6)R+jnIAZUE`*$`ex(y6BdL2a77CVVgcG0SrD;hiH>>HVl{}flHB%6~AW;;< zBe8p@zgf)Nxeml`>pARNaer1|Q9I<8*b=0SF2bBKLP8HE_03L+p~8Jk=s_z>5GFdB z%EG;zx-}0m!k~ILISu3x05EHO7Li2YYB>>m@Ty;LPUdq5vyheS&rpk?&(yOstM*qq z_0#P}S=R0>h8Ls>;R$*BQ4IYU-?tpqIQb)S1cbF2MTMCoE3eEZGCO%B4-h#QQUs45KH@&*tTBTd#*+flJ{JIGFirw^Zz_`4(GL ze=omYMSQ?uOJ-p7KDY1kZOWMvhz878(z8T3mYDyO;r`trYne;u8g_dZt2K>-ErrNw zovv$Ut?Votm2O?VWUZQ#doAs|Gv%Lk367qIW<`Jmi8Z60TH=y+*5~Z*OxX#Vksd(anb$554YZZ(0idH0YM9Lw&P4Q5anXZ|;r??c}j) znCoV-$Txl4uIYf9MgS>H-nNe2woq2PKg-u19-{tPG7>RVp&Am(Y7oQ#bzETL45Xyn zk~3Q<%_drS*b_}1>O9||SLdnXiUjY1R^4lmI>7cxm+%p@Gezi{Ww`StNiVmTEq31= zCdhWP5eC~S|4^Z30qKihp!w%hqg7dE*X%U)1P#)Cuk2u8<{><4=312)-Q{+zClM=B zWJETxabh0Fz~<2%;bGY-!h6TgL&0Sn4`X|6Zlf(;zL@->yIqxy@}b-9!-NKF>wUju zT13L_RcbHy4!z?WiBU`4_H4-%0>ggzpPg{66~DJHe+l5 z{t@%rn%~9wrj!>#o}5VLHakIlm6`sp(-4hCBc=~H}~P@;qYK)6SC^oEs;eBeNzQV&wW)A;Bwv* z8)cr9@X+_UHUh!Gfc&ck@jE2*r~(yi)UU8k!|*{+kjK|*GTzVE!}1~}LMtPeUQ(h^WQ!gerfCe zGs-nEoEGH|!G(WjLoVU{EH)uk00Wyiw}HDiJ!wZ3-}HO2uYRRj0{QG0KSHTi%w_uC zpC{2CJo2iDj_nxMQ>)J*-8RCSlxA5M(@c?L@`1IJs=Xx~_l%wmF>aJSszi5Qk?p$~hpc{zSIUPMJr)vb zj|VBUM!{Y(C$hfFzpa*$)s^AFmRW7FZh!+y^=0O$_$u`|s`eQ>vLdz%f8L-^y}ili zGYqAqSF$c_n-#tpMI{h6CpG`}rvCfJU2@7ep~j@TnSYne=<_H4ZB&7WosihW6>&A& z`N*)WqV!ce{CebJ^cmtFUd`Quy^1s5+pAQqGR0}^Hl?1mmoqY+wG?Qrt2SKvHmdaX zyF}^evP`)%OP-MZumBg=qEL8$OjH(N%BX z)U7UUd`HxAR55t~3vG z=Q#_2uIilE`EpN$My0A+kWw0D7ur9a@aq z**75TG5?)U*=Z1(06Vrhq}N_lWwA6kvst_~g|5VWuc{w>|NQ&F?IES4A&SLD)X~Mz zM?|yZTJ1#)3mdQls!2CTLh-GRm^ly*pz;oQDEfxM04MOXF3iO)N2t7#zU4!wf4hoGOjEEaqryKpQiCcDZeyB=Zgq8KM9Fz zX2|kX2Rbrn1bKTNA`8CnYrSpLoQ-jP-?Jvg0a%S2L})gy+Q+dfzGriYV-2W$ zL0MmZd(JqfR(6w9;cuiwZJ{8GTA6(8v^>+0WRa28>qb7Ff0zCvQ5>vWr-H0XZCd z1!RCPgf!GW=63RpdG8YCBxdw|8w6&KVY%hOn(zAYa1V zA0BgX(@Q@um2c4UpE$ew&hq{8bO-R<`qe^)*a5#^ezNZ#_g&&|m)6HKi^crhOPQk> zP$9*LpXR*wWBIjLCrwY@w(A^0N$;s#_LSytpiW*(T$MrA|5R#bg`7KtsCq&gizrjA z!+^Mc3VkN$$4nx?Dn3URdRnNNrXVr{hC49<0GQgjB1MY-+CbWsx|d~Q9&B)cV*Ns; zUIv#|I!gn9##F+leMB@x+Ni3LzDp#1QPA+=6ebRSQZ>=et@b4{;Z2nxL4ZAveDjgF zNn!B8+F*u?tZ^ZXM)*IZYA_CHA^{)X)LCh4vg`Ou#`LE5lt7e0#riMx`qU^%hpzBx@K)~S#!mr%!wNq` zsdrqIk3eO!yRLCGe1(Sooe^(&Bgqm<aE_@mHO;*F+ty)9 zqz-T$&>D%!kQs^u#KB)03Hj5wh~*{F^Xacf+Ag3|ky*q7-JC3*X|O$CG+dCAgH=o) zDZKz=%)7k@NMN=3(Q~5!(4Pu$Rm#3DdTUeOAupSODS|u7)YfvGQRaudSB{$ENCJ1z zFyZ38cFgj6t^Jr|q6kXghE!YN)_-PI^vK-lEecsxR9&pj#VP*T^d~_8VT|$_l%Y*3Ng!GT%||i(ji~nZeDrp|utEK-8`N{n~&>pKq2bl`f>@ z)RhO1G)hQmA2B`D^I_y%xxZRd+4YPVM`4X17dI7n{7Vn&S75Aof476N$;WD2o^Z&h z)JvWyi~7=VEB3WjQ)0J?IHO#TS!kXkV+4xi4Wt5}pLl5C^+DroPj=Rd4LP|11HSZ1 zx2;*cLdKZRWKP%1gY>vR(!XW`UKxho^}pd`w{af)QjMaLGA8AU`Y{fG9LV7G@5U-l z1qnKjdzchf8qnXWXsqLG`iH#2r~vzmea3HGso$%5P#Q-2-@N4r&o$WmvxP%?oYj)S zJt?<`f-&iLmk|U;{Z6$)p!DpD4{umEuX(;6lLOVU&R5863Zs2wArtkAr6)^mLC$+X z=qWJqkfpRr#Wj)5Bola@{-z!cv|nn$`??77bE4>ALB zeVpf~bL<{a&frXeWUgCLwq7SGympQ0Yi5R1y=Ia{I`*lM^PAL#jH zQr$2QCf9;+6psgW1z(f@0SsQMVgpPc$Ft~cLK&v5es>U_L$2cDsOE7-I=d#~i(D9c zo-@FwUi+!A98wvJXUW4~%eVdZK+Mzw`2i1ZAD4?mKyJ`YvkUz=3eMP%aelg&Kg{{4 zj^16oiX|VNBu*TD5a0r;1KdT!c{GQ?ay3<`Vb~bwqucf_heGVM!2mD|#@YZV2u?nu z>d?b569+-=I@<)Je;8nRS2bT7wZ8Z#B)3%aIzO*ykLE3Oj}aQ<($0)S z7=4;z;ap~2jM(k8**rjpK0UWPw0>3l@*y4l&6<4S2mF)J*f_-FlGRV4wDW#%Y9hr` zfm}mmAe09PyN20iEUz$C9K#qa9ok|5|KD!L|3AB#uKw2InV#RO*oLSOkidZ?C z!q4$Yz+r+vTZrSKCZ_^~77l~J0g*->HPgA`){QRH9kse>-C)#4JaKC#1C$e+#thS+ zBFOw-ySaX`8u5-_crV;r2hJ^Ao$hqq9H#QWJ$e~!6~ zlQbBE9~S;kjj4Tqx!$ou8`&4(HSJfOcMsWfvuMrv>xAtp%Waz`hnQ^9vi{za?U3>S zffAoNZTW@q%n+oQvD4(uxsf8*i^(Ge=U`2W<#9r$%i8Tgw(xTeo#V}GuuD%YF75Lv zx|fsr!D3k?`9&zldk&d_?qZ}RPK+}m_+ARw&yPQ3%r*agKK3@&HJp_xWbAWg?9U|e zt?Osfr75CDE&yuM|$?-k~!WEDmy!>&JAyuXiij&Jl1=v zVsC8$gn=xMl^mV&@LZo$%&#g_-CteJI6;14QhODLt5vctQdVkngbL9X&=e6WKiLI& z6OPB&!%&dV*;ZU^KC{q|16j1zne7NWashYDJS|Bsf-#$7_K~tH{6|ay6@7YiHjjUgvP~OU zP9Ri;qsH!gk%^cFFlR8PZ|`Z0;Db)qaNlXt^qNP@r4LP=SO5k+%!O%N)Z_3tTOS3v z3uh&!>H6(ZQRkhziK7gAwldrU4L&+~Z!qFi1A+B`sOBSD1ZXyY~Kaey2nCsAk~O z3DAg#wrCGx7k^Uek8sDtgQk|)Xx`Ck8e+JP&y-j8kJ66Npf zHj>h2N(xgxngTY!FszdB%0^Xm=~&2R^enh+Z}_CufQAW&g3UNnjeWH6Z`3f7Zg!cO zU>C1Y+@2|YF@olI(D|yEDxr2`GdL(13|n1Hx^xSJx=RCKkplRs@C2W=^0Qo8M+Yo=$^Z(5Z5|e94$sp zKS)Z~CIC;PHt{)|gMcMcj_HJ#lB_uGEMJ5CF-RZ75{kPOVC0hW+V z>kk2-DwM$R{#Kr6K$igGU`67Y!MaMzu3Gj0=yOrnB#?>{G$;M@f8*)!@)R zN}ZDuAbE%<=WDT?ssu+Dbecz-{-GMkdk7awy)I@JB;uj`+3x=_ZGGn}G7Gwu8|AtT zUm0)u_#T>Fo90ng`~ zY}PBl*~Opq>N*gCaP_1A$gh?Ptt?`klGKL%mdz4;Snc*n^t&iIi8T)f(?0`UHwm^n zz1|K5Xt3CscU@&Am^=;0U1QkVZ|I0TK+2~M17nS4@0~LFs>po_S;5l?p^xaUtzx38 zx*-yJwvF0&&={2o88-V)cn9%!$T76*_#$R1Y}CZ5>tOyFIE-w2ouKsq!qrVllhyIx zX{saR!KBkv;^@iE5BEdC>Kk8rr_5SI3uZTV)qnRbWVMFZHMyW`u*Du&5{)po^np}d zkyST|yM~m(De zzZiw!)e#Wn!g*xEuy^#ow2%gqO@#B=2*({6;FOqIlA|_IA7{(8@FQNu)V6YausDiS zU6YM+Y|nXYkB$etz2Dx`M5t*)*kO{{vHC!ycs1e&QTUP?I(oDiGj*s=7R~(zSMf%2 z`u!0l|5F_4-ttcFnfoMj_Yc5kY6KWafHF{6d?{ zKVdK9!PF?H=aq?r@e^V)4lIrEy2iy>1X^i~Z>|8+iT=#tcO(=d@xumx z(r!Ei;hDSzki=Hf|Ey#N0!IDjaa>y1;DVdUVFH%35wtrsQwt>`0D(f zB3658OzlLWm32M(IG+8>O}qjdU_+Yu?tL6vwRAnsP@mGi?eW$uk5e=Y(ZGWNBILeB z*^|IKqNDs#(sAYA*Fn6gm^KxxQN_Jq1ff*nQ_7?09cD>fo8ioOYw0M9upKp1(MV{TweA8!3DFbr$IdIsRe8?3ZEaQ|@Q8{YOg<-b=g z_n@H+HqfZ}}Y^GIZ*Tsj|g!XR5(^@8jbMF2!ynSX!lRXU5P&Kk5C;amPVtQRMs(6x$C;e2U zu__3?mpBhgqPGWGr-naV0l!HOqyuw>QAkOydr5_Cp}4~PU)V2&+Za;4)#JBmUsC|k z3ben`Z6umTN{%LwEs~}eIGCT(dX}y+nWBA6BgAj1x1Az{v2@46EX3myRqrw4GfaB` z$5ioI&YhPr;Szfq*)A>L=$34kNeLXN@0|<*QcE)l)qW2i*FkThY2zmSub%ynd%oKX zY%5GjQ1lFbdd(@qNF&h}iG}?*iyb=4kQB)@Wd~mWVMpkU@^Nk9D$Ksy8`gbx8%eq$wJXbb9Q0E>^+ln(7Cu9d znMMn5$t@yBP$fVeyRGg~+~lX%wg5xM2txZ=Pi;I_5&7avcm{8hvS6 zv~UPIo`EwDjP`M?fJ$L#nj`Z#`hcJ6X?ZaCy}k7C)!XcUH2RWF`8a9TYXM%*9{*O2 zW5pV{6Cd4=j2#)(o%J=i#hE4=LSURQIo|=$k<%L0Tp|1k(d>Ct3EAdYS&ARZgv(>^ zbKOhLPHHG=GfH8P0`g)b)w*1_^fNT|6t(1v;?ENA*c%L|W{i0TxExa#o|F8i^8?cW zB01hgg~d&r<#QD1U6gz}D=D~hA1p-#_7;`g4ldNL&q?A;WP2CJi-#+BVV_`9z^jFK z-8 zYge*TBn_KWasxjDN>Y8lF3&|oLPF=4WW z+6nCj?|@Ok%|px}``~AjxAIbn?e@ViUnFo_u;a3B$L&W-JZ~F5Cv;pf7Z(V+#Zb+be0LfsIR_L`KYm@{#UW~bWiNX|8(l>WN~A% z&$qOv)a^a$kee|YnvEXJmP0N!NoS)G22BZE60rZG`)GQfY*M`IKp6~35zrGP*p3L) zTG6=Z#MWo@8~hnERD0$blh+>e;w~4%i-`N zTyEbkhS>ODu$a8KSpqvd=pTuK^5fLIHCn6@E~82$Xr@O+WCJa#725+~!a?N7U|Hjl z+awk&hNiRvl1&))A%Wduk(^S4gp1))xx(`q;5UiLB4nvpY~HmVpwz~Qj8r0?<;4}L z_9NsAgQ92O5BekVFL*N)AFAfM?!CBmH+NxG7($61TY6m#9~c9Y01Q}|0*NF?fP`X3 zXyDM6;BlfH(&cd6oo9lNr;XpVFzkZ|8(YbZuEkRZjRJcXHw{>;3i>Dy;`25$7M9O-sX!))|M|71Gs`M_vri8?DQ zScITpKA{Y`IhUGAn2~Z7Fhc+OJr{EsfWktR7ii@0NQoJiC2Zj*aXM1~(s>U2oILJ2 z2j+<#tS2sgqYBX#i2XUp{zhXurRddQK>r;sw;hc{S*b*Dd!JS;^jj?O_xfz)LVHlm zGvDWck<6R!ovq)Qq`X0QZ z#KKasmU)9|!>Aq}KLGmpnI&&1*vDY&N{2()Yt@8e=lRz?OU3U0wRlLsiM2@+|GlB2@_kgD`WO**G`@8>Tu*#EVTP2MZ;bRCNib`QC@hSsf08gcgS&Y7 zAQNVQwHzw0zrJjjKry|Vik`xcTmLnYxss&5tJ5+0_iFe80F4LM&A*0erkh9se$fq} zaL}QOwxwe@XDq@JfVAQ-Y#}CC1|!>u@T>}&s)6C9jKT3N+Ctoh6nUu;vwRlt#5^D+ z{(ab@G@i^o)bq|C!}~0;?7a zljS9?$G`IUzK!!gPsNINJNUL*V@JAWsD?CDnb`h2ZR=HE61Wo(%lFLkrh24U^zOY6 zRre&}q{C1>CcY&o2N`0%a3Ayax%~Pb=>nj@4=X;VwZcFoc%kD9h{6vDYd6$V#!@BU z%h4nFPV5)=t8IQ8jfKvo>#Q{I0wEe22O24bMe8%qWPoO~q}~rS2K*&h2Lo&V!xy>D zBxaCl;9;e&!8H9^eCzi6D3j%{kd*AT)$${P%TCM%RFHruMt|i%eS3&SeQM1!J%PWX zTnu!Q_k{=l2Uqh3bP;i1>i>Oe?(cfCkiPB>aVKn@`2s-#pw6%9V9F0kDG<8^2-SSd z((ANgc7J$orBFGnk!5f8Wqo3{_l4dO7wI)jZU-3rac!u9VS(mg4rq)Y7DJPzU(w#? z{XSkHZ3&nWZlTE{lEuviYloJi%{Dz`o^VIyc;LWbM1&*h8|2jwvui&r9*pF#cd<{C z3@|lTZ_Vq$HT-&#f_p#RDS^qFzw{5cU$@R>AI|0Q%$LmkBFr6qkb!xTLH!mGX?N5^ z{8#zggNr4|=Ohtl(3ej9;5eo$%5@{P?PdC_bOQ_MJ+8Pj!{aCXKl3Q*R+I;Sp7H(6 zf8H0!4|Y8M1HLln{$QI|@BG@IkjA`|1h*Eik0+NNj0vTiW0T%IP3jTdR7f#Cr0LFj$anq)mslsPmQYTTi&Ai7T z&{N-!wo7D4s_;t0tvJxlPcP-MZvh*iJIhNgF{C#4o;WDO9TUEH{PQB*M$qO~8&cL(4*>}>8ggH{o>`T%O$jj6ypuI&8_G75 zC+#|vcRe>(($+Lma`JzeG`HPOs-I`LU%nt>GCi2<^}*e5A741XCwfG$Ho59!+=K7L zo0C&&oX zDI&Za{J;uTa-*3k=9?b*;(i*y+Eh99Pmk@*<#TFWhWL6}i?^LHx7pKjpieUQ21!b0gFl23Wu>ccVw^^}`C{51k|? z1Pnc5lMd`7nQhb3BGJ9eU11I}`G!@6;|9G+VQE3O_e=M`+6emyvP$95BinTRpUG+? zoczW#kr^&7%%8%o+#O^dqh^w4H>ocw=T$5^zpK3Kx^s<^DTAryUf8Fv;ip66B3k`< zUEtNNYuzRQmil;BRZ`k+83}dE50d#6N~y;FY*Owd1MB#KY5H;?gLkXY^zak9z3Z<; z#*3yynhlYM@6A}HNb#(V*u-PH>o5cs0Vdn>scD+0@kEwhba-`K4#cYmilKx_;6v=BTPwGE+pbRcuRgm*=7s`3gThqfg$5ou0P zHjo;@2{TRy>FuQ&)C&ZP*;EcYL`rba>#+9|N=B``dCY6#nH9CO>2pTYgn!H<2>vci z%62JI0Tm&pgputXEZ_HqFJ5h9k66~xdDWVD1QNT%UL#UJKMc+M^Zm(ZJ$C+D-uZBU zn>jwraf->T2Zw4zfx$|aVH<<$ycV!g=o6k+< z=4eL*E1$AvIOt2PC}*$(AG0>Y8&5+SUzyAcvRgl{33da?+x@K1b@m2wHsj(S2DU|C z@$h48MyK`P)b?D6qb>%fcSw6T(DAhZtPaod4`*cL)SDi@d}-U_`438c0laU_xQ)+` z24>3*njZQ%SvQ!;QJ8&+AhBD^0}w4P3H4qiK?%$ko^F468wF3*e}4m{wr*NQ8Z z@RcO#|JO3zhNmNQG7u(4xPHlToF%Z|73h-jaXiKwr3Q=>Fg8YmtcMyl1 ztC7iE*ieL0S7&|M8lBoDPRTac^haR{g@KM3BwY7wxT`)*5^yg6!0sV)4!>@SM)RAk zARVI;{uA>^o#q~MG34T)fB5oa`S2GXkLROl|{TN5IIR4?xiq@q9m?p>ck?Vg}$(u9G4aEnWQA*p_&T zo7s2-lpR#J>JC?aSoB$@OXZ>o!zKFb>LZ`5zX`HewFo!LT;HYDb-2MIsvD9^v~}L* zV((o@q@3>^W;#gN-?LJjwM6t-dRg1QTWQR{2jT7VzjQ7~zuI1P<-X#oR{tQ+NCR!G zT!u3q%mvgC(0F(Aqm|}pz3}vHA#;|bXC8^OC#J`>I*ZSms?tT9U-pdso%U$Ye%wrB zrn9Uv?Elj>Qw;v_@kQ)ujq{!6SpAK#_I8bsjE}yVig$iZS{4_MwN?Xt*iD~#!}jS0 zRhV^%@ghMX$hREdhNSOC&Cw40uFj60o}V2r_#}Nh+Ij6mK_+d}௣v1hJBPF5c zr3&emu43vOks;izd4f!>2eH}mhF6#`t|ouA@`G4_S{;mUA?rS!gG!H zmA{UOmVe(Z8M3R!55#~H#G455yMtro)f5{9_`&@85x$J`j0(C9q8qW<;Z>iU7#{i{C?$^cho-F4%%8-$hvW^McBtG1B? zl$QPy0Zt~Lg)}x75rIV@hj=_^vvy4d+7BqnT7dtm}$R zW=Kps7)`X#kW*giQOYe$Zzxpr;t^OBE+xc&o&wPrO?VyZURx>hL5*p%=<)yU9heD5b zJ2vY(OJ%$Kom7_6hBpn^OBf}1CC7niaKTV}QWD*Qu6MIG2J+mm+31qu80D?5-hcjM z4`cKIhXy)PvZW)yE4V~I)xu>3L-Rz4b%3FCY?3%W=~+nPeai&DsknftX;hvH$0K2< z=5h32Lt1CufpM$oaZ6)^O(_$p?=ynu3;Irr``pw6g)1<@MC9 z(Q(9=Klw{4L>nWlN2@lje)UYQ(KIr{7<~$c)`cex%Ew8j8u<*&;BGNDHyi0ljkTg= zPtw6!y%X1_R59|ioq1zjnqVd)FeW;g$|DC8)FfG;mT0kofmzCqKjiwK)GR<+Y2x_E zM%MF$%6nan<8xQ9l%&BAhVV5>o&?j{Jkwv=MrLP8?o*~&j3Do>rpDN73wbXVS>`jI zPc7@2jXLS^7vkF$yE^_(t;QDrzM-QW$@r>2IT)T2glTbFZPrIa2VxcMIIu>Aq*XlK z4$mAazBI;|LlzMKXD6N}e*W*+)88{fJmTOhc*uLmLf~GK6%P86D+$sKHHu93r9NmbrV@gM zV-tr)|Nc+NmIo4FZ4=nFhpbkcFPxG>LKEp`fIVX?kuyuzAMtH1EF5K+PsGku zuOxa-y_}%6v{8z4iMLjBed|!R>{D&a)nYle0Ok?Vkv(RHz*pSNOuB0T2tuM5F2O)N zDNr2dC9U5LWVORsg?ct(cPg;fm6u()176!v97y_=V~MCwLoTtV{^G+`JO-k0%laK| z8gv$`_glM&*DD9w-?s99>*+B#q|ow@(2{duo3Gtozq(&b1-F55S$!KTI+hE1Ok7C? z-1?!D8X9i+AijK+v_eDMM4t`leEN+ zUS2h3YJ!hb$J#$uTK8Hj?bKiIv_%n1ElL9Mu)bF}ZFIW- zz7xkK2EnoKHJ7Z2N%o}Y7MpP_3fvUm*UbjeYp$wu(m$I7Oc})-DEX1%XI+ONxLUK>`6+iIS}6Go%+@V(I3(w_D2Q|eO|0S}Z&kX|TKdz-cCN%2}RN&q~?tq?)eH9`(iSOFt-l6YgR(Y>WUyw$dG16^)$Z9G$sFRx6*Gd?n&Ik-dY zDA`AK$thS(?5CO4MzU`t)KVNO3>E7f_IP@4bBnb_hSke;Z0+D;5(lSowYhP_d{}9F zh(wz}wV^!|b{2%^f7N)sSjAoFqD@6V{_%Q08~nZx`Uw&V(%>julY%OXZZL1@?X1%b z227HjC7s`Rj3x@Wsea(y96yrS${KgTql{Do$jSkapG<-5B6fX~ceQ89B>XF-FF;eb zl+$t4`h}OEwF!kQIKdX3AjltQyGLV`#2Dx3Fn~(&!FdjOzmaH83jaIL9`thS6A94z z(!&Ny4V7oHT7R?l61cu)V+3M!0JwAc#pl~5$e1~Gd!2ydl0`>kpJp=t@=8enY0-}ny>EYPP1OCe1(N;`S9kr_d)cMtyPPV+4}|7@Z+ zN;Y1IPfgk@-Sdy)_!98@=tRbE-0e_2^6(lCaGx+ap0+2Ong_DuU$IAb`=mAXa!&>m zkGJLwFALw_B|3$^wEQ$Icp!dP0OxCoq1Q@A4R^bTwc7PL!IZDVoB8Q>@cEoc{hFF30p0JVf)Yf zzuH9vZ95CUn=+T|&jKQoxapTs#iZTEg7LSefl9;#cGSW_u54QPiQDb zmE&MCNYTi^!nvZ^=vCiVZPIrkZ)Xux>N~9o0OEJCweOq%jxH2#Lf*JZ1p&vavf}uE zR6?oF#mRZ=#F#N*il0)vZNKfm%FdNY4#W*T5-?NKb;37`wx{&*)OUi0F{yTa`+vW4KSeaaESozn_cizj$Q3v#P$x5lN0p zhtEQaD_*;dT|^IO2qJ~p!?mlHm;3rVG#isKjZm3ar_S$3S|^((kLz_FhBFM9>Yqp$ zm^hrd9sVYH@R-W!=(9f`B1!p|?7oS3X{?1TF`nJV!ue9aY%AG@0FC^lwJbx{qwm?& zeg64Qirf0P@~Y4Gm{%OPxZMP2%cbl*tMAfDUh3bD=9-`vf9IC6wvrn4C9op8p84E! zI>bXQ-s$XwUCBB7FdJ8_{O(vQ)Lrl(Z-g^y-tKtOVcE898^^B_-d`K0E6 z?yxwXuv94d<5qK9(mCWZ)^h<`8f?&{1@%Ca8IhCq=-#`7zDK`;>H+0Fj!5pmt&X|` zJuCVT@$u-%i?3VXX0J~fV^e}aCW=>gDgF>`3`J33%OD6H{;BjdSxE2}?FRHe72jFi z0i3Pi#H;03L5}b$j5aZ$XCSGBkhHu;23G*mpV}o{g3|q{QN)DW^81_B_qJaD1*4)H z%+KHe5>A)KL_Z7=A}1X_Kp>M$z@Zctn?@&S(e7i8W~6iDk{98fm@V-cE=bOx^IVnC z!C9~P*|n0sTK$%#%E;1b>jK_Je!ZG9EEcvb5fkoq+iPajF6y=Gmg^P1BkGNki#u&d zD-;vJU|e^t3aM$}FY?9x6 z$AeN-VYdJr*oZMNK;F@Z&_Ztre|HVhf{!}h2U@y9nVRt$nIdd)NNl8Z?Ey#jR(jOF z6AaMJo2zzp$%|7*w7hen7=|S=e`hSf;fz&=cpuPux`CMdO5(>^tbJtXv7}4qw19?! z#cLzk%>uV9QtVWio7c}{oPx>PW6)6x9VwKAbQr}~05l{Z984w6(+NzRL?QPqd66rQ zoa~|tALqlGfp@VFjYI00A2K8X9+}2oxfj4ay6vd%V_F)pW5~m4Vd0MNMzZUUOWD$| zmuE9d8rm(&S&Q@v(I9$rrZ?3LD8pKf^}N0XFOgO~9okf$vhCWH#ucG{+^q~^lQCU7 z2;mHfuV;2-NHXi@*BO$~u0^=&%Vk%v;+5(c57XKugnM?Mu<|LVsV5*y z0iprvREFgNOu{J%2(b!V^U>aP`!=EeoV^wCX%o71z@QrLNShw2uYjK3PEomTK)wEe z)+lO(C}l|z7!oCU+rty7RQ|5!b1A-VF7O|PfpyghY%0g6wm_`9j!+H5ej$^KNBj0v zW@KDl|E7Tosv+$!^c(0XIzE)16il#tDX}lu3NKR98#s>y;e!%SKzJ-$-x+{G+WD{QO&u&0*)ebZQOV_{BCJ5Q1Q9Bi#;LpfQo zBQ@?pY1Vh1Reg^+HaaGcla$X$EssBXsC1_A^3%=Vp+&(Th*R_&BDL34lGEh-iV1_# zgMkcGbdSw6p1m3t$C^^MJ9{Gf=bOMlq|H%9J!jAQYcV&Bl9u?0P_Nr z;anfYct_!@sle4cv;scrWUPGkAd$<2Fjc9<`H<`+1(_PBIlV)bc#a*+Q*)Cl%8ezRAjQQq4<{ix{`yk>e$)L0Bjo}*O5d6EK(1X!iwbvPIPIR zVQ8UF$ZqdJ701rTylnn?KA10ZOs0{X*6>ybwF7se2&N_ps#Kqe;`J2X4xMGM36^xH zHxgw8CkRZRAy7C^4u4-mjAsj_C@u*=7fjZ`rRlvhJt?XaGHw5Jk41|14s~=*wv&e@ zRj^W`TnmeGRtXW|fla0v!LXd02(<>MPl#`r|ns)zELk_ z$#>z%Y`s)$ORGA?^ zY8{6xaEmh3P)p^DfK}08Mr?PT=Ul6O|18NgIj`s2A7gy7v&f~5?D$~>SSr&|)NU4H z$eD)HFojH4|EgtDe48v0`hy;7Mn|Cc^kW<;ZvW!D3#Y*V!iX@t4g=Dq#sRIZWVzid z1+-q3@sW5UwB6jP%TLH0?DX)8Rp$ese-EWE=_gV>`UT%=22W!3M95#<@Q{yGT%iJ+G!Mxut1FcIRZ&G$&z$VWA= z!F;aC8bcS)P76=s&Me+P#})#R3n$l`oZlU9N{Cg%iFMdy0N9dzoH#7x_nLfa$0<#d zed98Pj_-|l`eJHWVGNq7+hW&uRB^gI2KEyGG0y+`~_p1l7wu-6}AJjHs90H<7bhF8X4le zlj1$7sk)5}elu<_g%f!;5&baJ0%^+XOTb`=#2c^|0V^1Qrm$Zpk_BU+G(K`KL3jkT zbjt&IF`%1tOAf+?JM@*Yud1EZ%6dfSWqhZsM(K09gxt0}6NBp*!#^yQ0xqdj2})mr zQRkb+CXT5z$++82MBA8!Sr_wY;3uNYAyj}NuCky^fI&E?Vd?{oKb1IbF<;KfbE;1@=w{Q z_H*?F874TVhBN&voh*6ZHxoeZ;xT!t(O624g@lS*Zpl=`@$d?>!9Kekus8#ED;4}= zK$6o!=s)dQ%-85n8qjx~=EdZA9<|KRjv#5#|E5%blZ~{IxNp=mSB5j^svi8OEza#s z#3`CF$!uNLa+gBH77bB24a4_fDNRuaRqAcAY(d@|K#wU+IEAO}0 z4Ii9U$vt~Me}1jkyKzi6dY6d+0;e)_Q|OwK3w3;tL`27OyVznu!8pj{pH4s*R9zM) zDQug1@;c4*&rtbM^mN^M5d%KIUQ{ycAk2xm^ix-f9VU6I%8G}fS%a3ehKx@OL_ab3 z>rTrxZZtRKk8JcaruJ;OiH|x^Waqxd$SE}V;nNGd2KiINI50W+?X%FAM&X|N8KkfT zJn>*z(r1&ofN0xHbbIqY zQfON^&!K~MtC>Pc*$ul96Hy(_7Nop(~+Hq$LB>Eoz7m z0gC3=Z@O)@dtDa}@EUvpXo$}%z#Q?vndx0|jso9`f9e1r`$Uc^_1Vf|cqK{C0Az1t z)~&|B!xJSYm`sJh&w)0Tr{vm3`gpFI8-DrhV(8z-W_EZRSY&lyh(?4Emdk?TZ^W*W zGzY4vgj6fyD%oY}F0p4EJ=SOKva2fLK&{tk&?)Vt*iL*?O1>fBDk4PWqI2UWBQgt- zAQ=fYQsxZ=g5H`_W^Lnj2o`baFNPlY6UkM0%}+49hGL9}5vFAj@z( z;&_^pOa112_2rHW1)Y7ak6U=Mfe9<0Ndl9ZeYxP`u7pq`@CzFW{iX|e-|Nc81VLD` z*3foiGXYF0wHUiOtow$O8Xfts-~^Fokl=a+gBUSqg11$h$X?Gs_3FBKsSuS*iPfGs zK!Q+?ohX81^&N?dnKx|fF)kx#4d&M1Y&$k-@^M;LFL_%Hx^?s%ZK=kvGenHYR0KV~ ziv?)`#6{xi7!v7l@eIT9RM8{}*~Nas9i@dul#tZq0z`|2+fO}Ug#ZAA^5gOF_o^Oy zvtF`dC`3#ETD+6$Wq+{e4Yk12BESNq62iu+?OZLjR6MoRo}zvQY@HY(;d8uQfk1(F z;~hw4CwGMV?MUP3j3yiIl-vq$ZG2S9J6hH8`!HH1#R$&%Lw0 z2-2}ON@4ku`7@bB(B5D6yN|2fseM&90Dt7|fB`DVm6t`&exp9=WW!go$@3(8Br&!y~iBsnx9;nP2r4&-rhgZ*^^*BWBH~u4c zLqPyqE!FwW&F@mX7}SsLMh{sg{aZ84Z1M7t!~-iXK~?o5_@Q3HojxO>7r0zLPWL8O zt(PeOF3zJTdKz0C$#9P}7+-u}i$U8vq4vdV(7gz@YBe;}5^WXO)^3&AX>a)0@5^JA zbV6C9I%oY*?a{+Y+Y}ECH-4ZvX6$>PNY0g~wTC*>^!p>}L%X6I^;bvFLG2F1z8;&uo(M{V@ccI@2pM{yiM?7hHs`_M>(NrnU-C>+*Jvz6`ZxY+9(*W|Z0fUa{BFl6}NOQgS8PAC}M4~SHa34FGQYw-S*OXfS_Oq;_ zWR$VQO+&EIDLq*7gs0_FLil$ABLJXZ9c^&+q(L^v=j%k}J&X2-8lwM163v|nW`yFO zfZz)RAv(?#SiKCa4vKYis~+S3FR;|_TYc9uu;+<}fEtwAkHf_cWO-K#<`8)DAb2V{ zSOqQ#h?BVT>No=hBJMb;+h4cvB~^ifp;950tMKWO?cfg|2-Q@~G?|Sw1B>L3q;}}K zz%D5ToNeLhf#EEfIy^TRXf(0p*EmwPb$ zRA*QKfZ5d<0)SK%*O)9-G;M)16DeTm6;E~O-nV`x>mMR_9sDTZt9;vck<>GmCqatW zQ;Nl10I|e7Pe2lY#8p=fy*)yn8m09=G((9x1D6rw4iTl4@M;%p>!AyEg!W_rC>gYW zy+uQXG6Yj)l>0CbJ;@4=>$%EZP1}N=#)qT~C728&7Gy!(Lew^IYmE!eAB-Gy)|cNh4{APcn8`ptym9r^)fb zu@38D0&m4NK#4(V6OsA|NF9UvI^naeMdoJia!~E6zfgGIG~kvh+Q*)TBw4qkxyiTNz%xO zp#saBq_NppFVHe(Bcrass3}d<@b^y;2pCH?a&ffT0vsP1ZT>V4>&!ijR2O4KH3_(u z2b+QwG1UYVv%;=`f^nDs(>>DKwxlq&gH_*sQ4K16FMiS~un{;ANUrUx1XAi1->B^n z_-v%#9_1+$FEBWk+Pr;hHlp&`pe(HSL24F^pAhypfROj+?%ll{9lpW6YfeNY`z&+X-AR>9ftIuo@{HKJ1Zd9X7<}>o3s%yKkL?+__q>0c z)|z8W(IGB>n`pewwL3PESq1P$Jj4>&I)G;jx1JmfPGaLQ- zJIy&PtaqPDCk7BlsuI-qkZXI|Z>DOM*%$@T-3nU4m`h_5C9q&Q)iK^)5KM`LI0IYn zqIFdIDD8DQH63=&vEt+!11wD)44ZWTW%g+L$3Jp`=`EvRSF^A!zvFHK_f0 zZ~H(@2iuR1r9qp!Tc3|r0D9(~;CsP0E<@;lyOQnDLsWdWbS;eCeN#;zi{GCa=d9P1!h*tU z%`grZaBVuJws0h($6h1wkd3{&_FhlNR|Hh4=pGY)=iH;Ac{G>>0`%-3d-dX8n`!xY z$M2EVcuKhj^FgI@w!e3)X`bIPV0M=sy{-1)x>p?*qgdVb6!>CJN6UWmdTT98m|_Qu zv;_XLi^pR?OiI7pQ-`4@?Q{=r?mhXtsq48JXt8JQ<;et&=ugNPh@F3aHUDCOGKsS% z$GOK|{S^E!YiaTg@BP3N75U8=tnNS4>uOrI3j|GskCTq(;afF-^K=FXhdLU)f*TLt{zcyXkH)(jbUcK6nJE>!Z1rr4TNupv>?L;XdkgG<5b+@IE z84<0O4xs07PE-anA97CNijxo`&LZE3dwF3>*#b+Zt*M3fWrj* z9r{8)9^Y{sVml1PjRPOEE5o(*PLG&t)U~a@C?yHK0chhgSrY%OqZah?al$quDA@*+ zSLMo4)TelpN*<4123KqWD3Rxu8C7D2fq!e8ZC|&LwUHlzVDHM9N!NgC>hoQx_2i)n z+){jbr0|Kbd*}UgItim6v-(AYLeRY*R7$q?q%LcprQMPEP<@`)5aRP5m&E6PUjQ`3e~7Fa zu`fcSPctT#$bleB$2@JO8;Ns(^M&%fslxTAv@go&l#H)O@=?v26n9c)9;4rO8)!4y zX8?7JffRD5{Sd1+6D-uN>=GU1w_`L}h43Y22r}uc`6n{`1R@BIF`M8T(=$4LN`Fuv z@Qn4Vk>m^2klr&sM21vyakH(EjHtbsMMDWdv*pVSI7sv(t-!m`j}p{!+&LBpPx$up zbnWv}z#LP{$X6CiKPg^Oty(5ojZtTY&D*Nyw|CvVJ8AUV@#V_^!937ukGymEXuTeY zDvO6<3$x$arkiPgD*o&zU6|3(;0HM+fqJA>&fq_p^GA1HYu$lZi+5?!vOK9v+m77! zWCq&70gtiysHcqYOTxF;>MKkTSfHpGTu$Wgh{ojg0KnYNRxGIw@=aa*Alh&)@E|k= zZgOL{zOYXr=G&v7rCvE6$-;cYMbnb{}L76&S5ZBl0t2u!nKiWUm#& zV`rAA2mgJlT03e{MYIFLQJ!T9*+q2``qsX-NNT9k7KX*rLi~36#;krRnt|1avlMAb z{f?Yv#bR9k+%n1bt~`YZwd~W6lOL&0KB|Nz{AV&0^dUX)m5|bYptF(r)!RDF-)x0l z?33Bhzd3D-v%c@~k&CTef&S{l_|1y2dD$1=u78ZOsG?NbacxPLm2&13+c_i>BqteUA8*W*Wa32VI@n6m_p~tG9)r}UC z>~Wec>Dq!4lm?vFDpN`QSU+X(hsA>h4}pC6lw+cB0;LBUN~eu^Q-Hnh@!vR;<$yy-Cg|9ry+olBo4r`-l_BS3`_J?z(~}^F3`5#$3yyqO z!JD=ijK;*;8rsTDyu7Mz}3YTqmGxCsZ+P? zE})WJ9kf^BO&io&;+*spu!P@Hi9DP9acMg(l~efE!X=P?|9W`KopM-0e>M2ZOLcNy0(yP7ow|0R?Z$#PWdR?^*W3u&$z~EqG z^Vmc=OUPrr9}X1PTY4{8tdAN)p81l=~C{w09Nm$ON3n#6Z`KJsoU5|L#c>tP{uFWm_L*ii8*+0xVqxtQdiS=f77@ z9{k>P0m%KTReH(E6?rW{0e-2$&$Z>JTfB)mP`IEJ5F%$vN*ddKRf`hy$?(4D(GiP? zk|dv5@RR3TtEw$-x(c{kCV_XZC1WBaI%%TbQ6$l}b3=sEO7H*ObiZ+QF%Z7k8vJS> z^FwNIl)4cuP$mlDCbzi%MKf6<`Yc<3d&ZW-i_9U_{WUJ@vS%W5#>+Gelri z!kae3EE)ZLqTEnNA*s?IN|(jW_BJhYtN@KKv{s2(%=dSGn!RQ^py0TxvEyR)wV3Hq zmPDgQtBW|=o$cj+D?K9`mg3DprVM(9mj5=5*7GN zly)c)y__ivM()b;zR8!GZSu0tx+4(}6;i|cIn+@*#_P7@vByf0fLAMCVfVp#q5zS&vF1oFiKN`r;|cg3;4zS;#AZ>CL+_WU9$Oacj=2~dyI;@ z^NHF^}_L;Md$qIcxij5qhjPlX+^FrExcC(Wm2>272NB z(rxDK+NjN8n5uZC&%>*chz>NZh7=n$jY8)biy5JzzJcQT>6x6##D|@y zUN|y%{P!P-#fm zF5-4u1H&6yjyKTfS;Jn0;r2viN(dkbM}J_{vLyw^ogsMisr9>fsks1LIGVHIKi3l{ zs!Fpo*TGCRS-}0OX0d3_LAgtMBXfFZX1Er%yemaS6ZvNgy6Iiee5$X1myWK|m$p{A1?{O5$&TBvoiU zvj#U$wU)wyIkiwev$6&6HZ3P`fzn@!PZ!H)_MQ5DgWUl&P(*Ixof z-MdC)c#UYKfumej-U~{n@VlmLT-=lAj?>`#$7f*leni3?aZ0bYw6z~LrYYRHL)Ud zI!ly>4H{(rA`Ux05QgsvuUQx=6x7E67;lBAJ@+m<;iXit2_kzHHyd#@S?MFBR9(`V zpp;FIDx_I1`JpmrNI(ROs6U3a^~et_CUl2MlP}(c{p^~R`KyY9ETXAer3@0lmU7&T zIq_H`?0`VK-W2MQ`AwV=2(rinZkbWusjfl2G5# zmF?tu=u_;zA}0``1Q6{UTZuM63rwE?-a?5P3*O5hWLV&Fb)a; ztq|OlPCk7+z~J5~;g1}HFu9qquNj4v;p<$%o1}jPSo4~A%JnphFQyVsW}6@O)Ixl( z=d>(7B`7Z#6YxDy4f)&5W~=KjZ?wr-O=_|_6G`w=UTpX_mX3_TMP-6@8|{fEN*J$w8gQ8Do@A>xRX zCP43}R!Z-hzlanx4vTdr6h@1Eis_$le~$$mEbAwt5%&1-^L`KG)gWE~mE)53AWfuu z@pDJ7U~!GW0`a#w9pEl`s)-%1rz>|zgHO?@YZ0qJmU;~tHxuoFz#qTDYXA`!aw7!> ztN(f(0S)+L5)1n(c$5wFh-k^9Ji+B_3xBCF_4}+Sxd>t`arBrSgCL zktTJ5cG>|ih$$fo{ycnXajW*N6RDdT2sBhhbumXn8?l-|nWIFmSNx!K@PRq=jV5cC zdjKj>l$T>thUrAc%cf*k%RK(NJPHdn20MV4H&X{Ozh{MVI*Q4J2u;IM3cWBCYU*7q z1owI=jcMH)^;eF&%xU1tl@H1Ny`CG=mQ)UaE7T?!oZt@l^4RPQZ?Kd&*k*d~Uj*`v!vYrP=438^FIqI zMzGSS{>3qNX7Q!yM7yd_rB$xFDKx!YBqg0G9=1g)G~*r8(fD*O1nZzf@lMW?QISlc zdhq9R^)==9#I)j)^qK)lSyPuheNT>k?F|su`o+{n4dVagN)L(}PXiBd5>c79M zU7o}{?No=XKKk@?6WiMR9VRLAVXLACT7W`G)IK=4u$5*lC41|lyiw-~t=GKDG+=Gj zkIgTggZo>mv+OdK{Du_0rBWch;PI4kJGAux6&2m0<*`&hdHR=SVHN%1M@6~uS8@kp zAT*$*f&A`w{}#j4s_O%R*6Sx#58WcmGFz*WFcOG-MS{}rb@g3U(@3`OV#$#zxd(F9 z3uW|5yE##;;cuTT>oIkb6fNUozT7T26DCgx^f;)a?jqI%5?K`iC3xTLhq6@=8DO(S z=oOxp6nI_6b`}3-2>jImRe@Sy;GFT4$JVton4U8d0}lvSTPyrwn_GkK%^vIx5e0Ff z6C8^xoo?R4Jnes**#G)z|Ms{Vt`=ctPoA+unB;T&Hc-eMp5#-LpqIRC9P*lq&=4E+dmGgN`e$Gsy%mBe%d8c9j#w`NA3h zq_M=A{LNq8`S4V^wr_HC?Va7sk!mXpPkvTWwc_y1d|&t7rVg7r1Htj7Zagia4CWOJ z|29xtvr|ZMn#OzoL9RR{?hB%k_^OV4{=kt7PMrSAz8uf;TDNkhvg|d>4lsHT_y7XC z!cSh@d}*WF<{dlNbu;P4HYx(WxK>fqiJ_L^a8^xNdiot;pthW=2GFZqcJ*GaD+A_W zXRl8-N34cNw(;?IFb{5`(u4kx=@*ZNn89dwDX>m`$@kZvE-vLcZ5LK<7e1@E;egF? z!K^D@vXDADuCz*Tp@i-5vw^@9+b1`!-iSKYFkz^9d@^Kt=3hH;Q4!ZyD#tgS_Rfc^ zY@Q+ZDkqtD7uvR|l}ag*aZ|aM<+;5Y)k&8_#3rvjWzZ&s+OCKZHO$-pX;Y9b3$GYmkJAc@vs^8uD%f%mEJtEb&?Gd{_ zq#x3FTWK_LL?cl2>p!N0N6w$iZ&`h2{{nRQviack5uUPjc;xf_Nw!@`BqoN9{rKAO zR_#nD7>C`0D|?l2ex?1fv^G+;>3k+U630nAI|9It(Vy(LHkdhbD}UC&{FTS>02)Lo z=(!W(VKDT3m-af3`NlcR!xe4bZym$mthTBrRTn!p!=FDmE@4=s@dI}Qe!kWI>A$wb z^8Tmk?Q`?zXGc5a>*)Qazawll-+P{RH{jE&=?CzuccPwOxE@?QW&$G6m#MekWYdV~an+p&o5>*IlkKcC+?n|y!i>b=5( zB@4z<4Q`NddzymZ5ah;?cKO`rYCcm%6%JL(vb5{J*Ek??_xZ!^$=l~_H{`A_@npxC z(*Mw(0cr8Y>q7g_7dJ{;!g{z%`nRGndg@KYWx$Kbt9LD&QY zhe0n%N!5EK;xyaavecvxL<*q^H7jl8!hYNK(z}U|DaR6&_r{EM6?vSH`dxKjsbzv) z$L_N91kM$RjH7D0!IQcv|0?dMA#T7sA$Wk|*w|mcmf#HnTZ& z_ft{D=f%KTDn$2(V}HCL2$1UjvdVZ<3INF9RhefUiaMF0xgL`d>aNxCy2++|5kTrWq}#dBy28(=#NnG+0Rze@g$n(E6eQ$0ps}VgCm4+H7tJNdJx*Gysq~S z0?#b(I4hW$tHUL}Fzf?&l8g6?F$qJqxro0dRT`u4CNBm zJ(fz$8pBZRoFaUPr#8{%4)U_L;?9e(-1XtG6FN<}rt@pgBXbDcZfRjqI-aR5v~f%4 z$0rr}wI;$S3z|zaWfpuGH73fm>ph5hIyVHR-dc0b9h5dPurcI8%kkDoKe%I6>v1<_ zqsqrtG@|rln-$t`oa|P;v<_=%e}s2ckP#jbAHeGWtuPEQb^PQwLvRK7TI1=8y5^Hv zFD9L&yj|2~Oh5Rsqs`>>FmwN>YClZCqb^g1TBVu%cr7` zL6WE1UCOVTgU5xM{_Kp?8an3nx>%vLnP}U!rYa(0Gso#&P?@J$A~5lvuAjD3u)s47 zwtAfGCKl`%w)okaOE>yd`^jUfj`P*7%BXPNMS25=7jve?<|)r5+odL$r5C2pH-le) zJWiT=aIVdyEri!*2_~wOQPX3Q7duIrFzH1oU+3jsmV3+qm8np$)(SPlNFe%uZQ(?K zm=fRyfECCB1dv|?VE@+^1_7f>ls-(4-atZQ(R8T*Ab>?PgI)iBY~iBiJG3uyi+TK& zCPF^U=;VZiz5}#$H@&V#Cn6%qiF-sD&mAGF*+$Y+V_ZC@toM;Wr%f)`XWKrEC;u@= zY6gd4fBRc?>YP7%v%S7k&B3@?ZG*Bw z9BwJA)MzO5!%N?asRl!@K$fSWGhEA=R!2B!h#8mJ+><{40z^M9{>NbV*G+dRO)q+= z#Hab{fgNZSa-XvMr zEh%Csn-M;07C8ve*u07jRskCOvnsvso&dc6kRg+Uzzw++!Bqorr> z(x70_G)&1d7C&=ixp}zqiN+y7U4zB^58m2Zso-jYxqUwGOY6}TRtq9D=2tw-KA$@F z?DEUe4}Ad%q&hu_f)avsCOsx_^0u9ypw9dn02OC5b^=LnN%@u9WBC-sE~)co2Vwhl zfS+B-=oCaPYPK$DY`Tsa2OYMuhEck3oh4OQZ(nD97<_o&_3(94Q&LKuaZ*h*N*hM0 z1wrdjM?jX0>&GZ%qq(Ff#nBYnlNBGWbvDF}c1G!W*U&1H^hSg=L#ED(R$wn%F!p5_ zAv38>pYij6vo4>Y?ITs@z&{$&MrV@?uC_aWSQj4e4nskyZ`5JqUhlPN>~5I%As9j> zZXqkjS{ej37!qas0U2Sr8#u*EPy3X58xC83+j+m zMVfZJtnO!rzr)^=g0!??R4@^k*Zde8!2R}oybT}p^h9zpEaJx58ugxW`Gi5qmNOAj7CHXM=kJ2FU&Q+WlelZ?FZ*s$3rz&=ey)$s$NzMQmR$TOTc8lIk_6S zR638{{Kb2T3_=1>;Q-n4AaV`TKF#FUeE>|xz6TSQe+J9wk;uiquD|=)WOcNlN`A-@ z?q!xhK12x@IR>KDq>{R8L{nub)&fGcieb_);2a+Ycry7YT_Y8cNfI0Ht(oF_K@AsXF?_-#_LQms5?#^%UJklKW-@5+Zlirw?DD9#hSi^4JfBjM`mvvrZjH zzR~gjg!&Mbw^BQH%UV*GS0NX9QGu#LX_DgA*Zk1+xQ5{ ziw6XCYBB{7;z_%B16wTZX{U)~(jU;2hNmB+`-Y5f6!$_s4!od!FJ@dlWk`ki69R*p z)Q1G=Tt+EEY-Cd*bZ#fO+07pAD8TLZWu;J0ipW0FE)pXfsZlv|K`RlrEqC)LnLjlG zH0%I$^42%ATR3NaS0P1L&ka*f({Oqx^(;5VvOKA1&sLdbMqUd`;Yf%SxF+1?&E0up zeEm&bx#jd@a50+8tY>lY@~vqZ*jmG6AyM=V5*)L{W-1XDNXfKAr*JF&z4`forT?p+ zjW?ZE$*0emyFI|7>sSO$H2NirGepT&YmJ0+uGPB?v#Phrd7k7j5!MJQs!^J~**LW4#~n0i*yGw_RW&V#A<%n(OOB z(S?YH!E{QJjdA33ef2BXDwfw)b8|E2yHVA!-|*{ua0KyTgzQ%ePNEA}Z&=^H47e+9 zZjCpJUKWOCv zd!@?|J>0|LwTI#ZQHK!Ui71gDt3t^9xR)@m+$cq=G`d%ET5B*`2s&6SH6DtKXB|{U zpvgRVpejfUPEUJ*%h+mk!qSpI!!jhOAz^_R873GCs*_{HM@T6pK4W$SMu%Qn+3;eb z2Ekai(ZtM8iJwVpB1x?8I#M?}#r{Q7f>Nyg06+&180I1)vBn-qYl~|nJSaG!S}L7y z5IDc&zh`w91&#UzlcE5m`A*;a_d<>WEthTmkOePC(W|Ogmywa0`dK3erEve%2LMtk zey}8yH!=x~jZYLxOZI`7HK!RYq*)0;kBaT>^b)EuK)dMxZhni03ZRUobYPvFSX6us zD)29}W5Z!ewzUT~52_&>7nw@-m^@RBCv#CZ6Jmx&qG9)=kprulI~SP=C_r*E;1-c$ zmp8vTx!;v?!REP_mzh8$;JqhAhX`^5;O<=Og)o`nZq5MVLqJ3f4xS$J zy+NO2N5A)l@%g#EF#!;9TEGlX{G%8PJ+YOdBqm2uW zAY?zYDI9B1%Lc2_Lez32U7XWJG?XtjR78hE@KCj6NF)}^vdVM)I5u; z=(wtdPr1H&gWI+R+Nhp{K8T{58>B~~~UO6HH z1HMHB9lj|0*%FB!0>;b$p+m*$LuKu$RUDYei=o<<$&i?Wq@c#^ARXuz1=%<5_@7WU zumPTC8Nz`C#mGV7v&bdkOyS@7(iJc6-O4&UpviBjd?O?e1LT;EwI9UsH5V7?6(6ku z(?~nJ>T2f)%ft+ zy;eR0thE7~EM>cjWzz5}+v^Lc>khaE8QI}m%Z7V&@*5sR1a`N8qwUi9)*IHsfNOV< z5yGtc(nA6>!0JQjZhiDT)SdLr*G5Qt{1=wyRj!vnPP(2w*!;J4UB{vNc?hkpDsx zKr>oDcSTw;_Q-{pD;8|e3n&n{B+Faq;*?J>o9*D)>;MYa7U?B`?b2_4Zh@B8GM_el z%4lW6k@rOTEMC)-Sz|yyo@il|nlScFR|fc}8G0lic$k%-eGi5t^v*FBO|+Jtq@mxY zHiMB})@{u+q#y|qlqUjxrxikn2Xkz8xkeSY5aD9Dem^!iN#r!*Dh{0iR;VP9=BjL5 zARZ~T^WP0k8x4p0J(l4{SL4ARNVxe9xd)(jv$db(FDo`eNGY$a+5WAKG+w=g z=<)&2;?B18T4{Py3z;D7IKr+8UiBQ1OOTh$sz1DjL7(lQkd9as@D@K|t z;j4=T@RH?w!cH0nWWXsQs7)Zt1T1i4WFQS_OS|^lx{lxoH+;YP%L!7Tmwk!1JK2n{ zN5C9P!3eCt79avJ(8Mrc1;D$w6gxTvfdc)};V zfdE`%X^;!->rEu6x@1cRt-u1PfWwY(0;iD2vyj7lY`d_~woHJRb-Ro}sgvqQz*Jno z3I9AjVE_Y)pa@SK#pjyHRQ$L`d%@Pbv`f3eJ=eh=?8PALy@b&KVjO`%xDcaf##Vd2 zZO{fA00*ehh|(YpZw$Y7!3lNj2(ysKr@#X|kPCUt$M$0>cz=L5KeSw-QU`!YeK+2`ebPmf9iK@z@$pGMK z1QK8b8^DMjB@HR7QDjh3s~ZKooX2M1%RF!k!JNZuLd>|U37en^A*!-Re9ax&e$osB zDmuZFT)>c9z?gi!5P(RU90xrY14|3iv;$%D7K@@oh;H7fNG629j%>h)1&jZN;($G3QS$hsgMdxunDp$*p@h- z1&jy)d)0lLj4VpYzAD;R46ywob4$x}>ry*t-K)#794MeF$;Ts$C6;6P#ToWY8bH^u zb^tT2s4<<_46xS%(AR%$1u!7DQn0!|oTY{>1&KWijI9Pdz{}Yk*~LKFYX6(I+x4X{O<*0l{`jn}l}Op6ZS z1n3OhCRV}_OVa_6+{b;jHZ26LYz1<_0aEY?O7IA##Q_y=*wR1-QIHF}5GIYS#|GWq zm94hnJ>IGy4I=71q)NeFouaMB-X`kar8>n&j0bms2VRN@t!gDxFyum--?5$A{(S%) zj61sh*0ea+2yS9z%;2Nx;Cg+v0zd&WfVXvf;W?}XZ7ZT4E(NU+;%e{;XpY^!9NG5^ zm*4&7su1TcUXbeA-u1ZvDSF84XX7`H$mvB$Z1Se^wUkjxxF29ChXQ2-0GY1pkG1xyg) zudoPt_Tse#p&O=LdP?&TQ2aUg$Kr05m#^1t4!G z;;Ycq(HqRPO5S({nA_qERYK?y1?~Wv9%2fP*HjMb>VD-{{>~JR%rzDTd5r6@fXp1w z3X#ABWu6OZzTHHP)VY3Ry#D6gO5UE@-dh;JG#LRZYL}m|e(-t75RC@_+y;n1@q-TS zqqu+5-Y6_%cxce4As+`yzU`$Z>E90SCgCI)-~{CkVpE>(>;K;F?OxMD00VV<2~04MnaYdN1BJ#Z6u2-TG zf6cA@zpO_Ht(>Mz(|-jJbd9G&l+JV7+txf{UExju&(zW{&tab1>7iTmF}d!F%J&TL z?iEf3E@0yKEA>L(3avl}k6^#4{?BHR3z84;j)2ev|MX0dr9uys>um%JcY#8~^^*AT z>;31ZU)2D--l&iD(LU`4z%uzA>G;EVCCwwkD)%dI&Q3t?FVE?E&#dgu_YE%Uq5B0Q zpb4oU2SpF?uJcre=UeF1pjzX2To7tqQwuu{>PN1Y511_TZyc);L+fd>s7G>E|ALx>Ow zOr%)RB1H@s0Bq#g(c?#uAw_y5Fu>%=0RdF5R4Ksa%a{8Q6jT#=O963^g3RN+$uvm;G%YsuXCYm_N;n0@D zhA>&ERG{)DOPvRKsbpy*LWBgsfdvmHJlJnxz-`*tSg_y=nlFtZ%o#LD;G8)H86p&D zuyezRp&wo(ZP5V+2P0LlX3eoc0F)_h26)K;X8%muw{NrjB0`gv1P}eWx_;<+qE!6*vOK_NEjno9@Nbu!^&aA z`3GCr(EqP~#f&hbF~?%ajGz(@>}(;12x9O6(IP~kGztkgEw$D%)DVCJRI2Pl5C@@+ z0TOM~?L^&HV!#SHG?7D!C|q!X2qGSdPKigF+u;!+q{C4ON2C%`NbRhF`n z2nlda#omO|!GTIB0on)cgiu1!Dy-0fJunRPTaH3Bv?bdTt!>d08K?u&PoN;e3^N?* z@swOu!6lT6c9lH zjN5C^2*b+U0KGTPJC?9E5Xn*o0TFrg3j^~Ms7`1b{Onq6Bhpq|5H0~1TmxcT$)r4Q zGZEd}D6m1wPo!8PNHX0CCGJKK>DUcx6vAb~{cU0xBJQ%6kYR8@r; zRz;PyQ+c>Nx08T@?jjTz`7Impdf*H8Y!HF)V&(qiFZ={UoC@%bK;()kKy17KY8|hc zvzu|Id_v19{KE;&H6)+_&xIa0^qOR{$!H2ZiUX~H0*`{kIw8G64fF~X55B>b?zrF- zwS$CI7@<3>!Qv6UGgT-&`2QVLFo|u&LyPeqmI^GupgmUDzNeJF_4{F?3-tU7#uyXA9wY&SE^`ae{5- zAtV!2p*$hX(1kkC0Sr9wg)b<82~sEzBjFMTj$O}i*UMpG+OUAR_|S(Xpu!wVFhn96 zF>;$Z2t=6p$|e$k3-ptsY7S6E&s`CVpo0ko0w@9wJjW?NQNt^Y$vR_RXH@&TR8%O) zh(#PznOni5E=`;}s7*wGl0ssM+XvLPyB#T;f2?fqj1QAFB zj8l8XBBFWB)m=wy`*K7vdC-Vw>Q1Efx+5O-sIVoS#Z|^z8#oQg2^g3_2v*PmA;}Pl zNJzm7MbLs$$S_VT#M1_0Fw?O7^EU}BpaLiv&YYluT8iYADA8sA zCYrQN2mzSOAwv|z_{?as?kdUD$|-i?wM9G=j;FXq)mUn{&c+HyeV!upY0 z;*zYooapFW!T^i%v=v*6!YLN9ic;WJfmLC|G`zNp?Wh3~r7$ilR^c@a=0cg;p%xF?8FzXgZa+Ya1L{@00D$1%3(VyrG z=!3M%O4Y8mLVsw$Ydtbnlkl>(5#3@Ys<44CMgbba>DqH4A&O`=0;Q!eM=8|63rCzn zxvQ84aG!fY-Gyyb1FKr7wu8-9eYd;brSUh#3xh(of)iv&g7U2JOh=0jJ&*03Q0eFYgbnLXbi+903lZ zOmMkrwzHjAfsJxN;=|O8qwQYtl-^F|D%c@dkx->7@i1&{-UTlwe(+-)6Y|k11TtnV zEiCyG%T`ko0es{lJ-t2P)A{XhsS)zuBvwwq6mkL=Se+*Ta89)|9Lyz0ZVu|-m0;%4Ma>>?C}=cFq;mUR&p1a z98f;gyyb<-6=<9f0V+_>xO?Y9eF8$IoOVmg%sF=5VW1V@|vvJh5uUUg+o9pu47M8w#G7-n!p`9hB*00vjUh4#uj zCTl_{90*O^L{4lauBt-P(1Sl9MSbg>Q$$6yl0Gdsg;&T1tJAersD%(5!Dw=WHev-h zl*6pxlpb-4i@S1iD3qcl*UGMi~l6B1T4TtE69Qv z(z~hJ69m*bQhT@mdLQ^9$BF=fo&x~OVbGH`=qB9+=H1$)#vA+6pzufr8YtKI}7t>7Y=^req`wLv%=LJ0956glN>tihRVl;Q(B~1&!p$ z0h}uJ8A)(d2nBo}mAnWqu(vGBH!Y0GF02UwpnyzxJRCRyW74xTOF_V_g<2>Dec4M9U~#A9zE_wyX#b00N?0sO5u6y4*s%e7wlRI{(N#g)>aS!PH4xU&_TKc_%}FEt_xa(XV`{bcn0v($qN$&QFw(~ z(8cELg;fX`RSA;l2pguf&dS_{Kg>?-+D@@xM$l9&L;FEmNQLnv&xu4&^ppcvumnZu z$h|9)JV}%sjoO?DFX(}9VZK6%Nkw@+3lz{cf+ki7hi2G@Z~#BS^cppLg@PWUNX;0=cUMx&IZd$nkVhxB*Knm{Gj2(Hq6l zw4A~n?a_&Ff(g(FK;g|(Tofbq!i(|&7Z@W(=!RKS*G+tY8G^w6pDtR;h4-1Inv- z6vlAerqyesXU*HPm{CGu51p$HHF z0xr-H1Rz$4`ZAcfz$%DXHhP6s2nTGyh9?cKXv&IFCR90979@q{s8eNonu0;?9sPib55*yS#SsU~qw+$g4oG}(?U(Yll zcCFosKA8Zpnj*yG!i5z8=S=_xhF$>xgECNqQn23a zbxu|o1s))d-Z5LfsvQS~rt?MJT|ixwZCi4MTUD4_?tEY4aa|LV*Lnq~R!Gy@^P7$= zEy3N@0N#w@P08BqfuvoH{bX7qg+7;%;6|v}M{NdO1V3KPicM)FH(CV@>pt=o;o$<; z)%6OvMGLt#)0a&<6RM09wcp&eDgQ!J1@q9XBvUdS-eDZ=VILM)f(3!aRSo9rO`7me zewzs|OyV-g0VZ}-a=>0V+}<+U7kCtfdVJ6-<~5IEGcqzJ-LcLPeOnq!1v4ItF+M~y zmN7L3r^IsO8Hi(lontx{#{ov%ikJY_7=YsQ<1I8Rn2>}TSYk)LTC9b`XIOWR=3?QjJQ^{3b)%K};ag*LC6V9A&nvB>4COR8D18UgaMqSPv+$ zkw`~APUk{h1`^1DQh2j-K!73T^LiZ zSUXish536~60JWO^DdjJVgEwLm}Lc4=iFF^TwaA| zm_E_8T+UDE_ zT};7eh|~~d1-t&~MF{Fy7*%Tm3(ka?@<{4xURP(t%5Y-isE!mHFw1ZD-@#qwJK0k{ z1p(Da-mkuF22Oxwz=5*PfhVwnG=SEI+l7g<1-E8WC(cExOUzYpuAf$^QAOFPELVwM zXqPSO!hXH-0^{LH?Em#(?8ZJotA^}r8Q_bkYzDmS+(0_cE(J3<12A9%uhrBN#=6=W z%xxeC?RMfO?S|BjR0hQ`tKhQ_lVpq}X%Fw2%V@nCjpzt>K33 zhw$j*4hhaFKIPUTcK$6kID=&<0}~U!E}b~w%I>Sh-X`6KYq*9cZB8p@Gd^V7)0^$^ zgqYiY#umtf}{ScMu8f-@ii6g0s<%$=@z zL(T1mxqj(pK<(6Kg#XYm%VO#~2$1S@ksK6BBT4Z9rm1Q3D= z&Ve$(0TPIFMwoM6U|U@%IJfrY6uhuiz+mXYpzQomafnJ-U}GUf*A&Iun{}JlEkt&$ zq(NPoGr$2efP_Bq0Yy*)EOm8jk~}vOOl$?e zGz6|%C`=Kyj$*XIZx9F6lXB#Ny&c5A-=JCgP1i3@RVI*wB6t9wZFb@Q-!JcIt)_?x z0SV4g3I9W|cIL%)i|-!`l}asED(cd=!R9u0c{Y6F%`)1wFPWN!+KQrcfTO( zD40OBccPBlb-it-HleYgsX}W;v`|%oH+Y1%^vA|@$!<#oKmm}rC6!QtKfZXVKf1@; z_&yMYG{6ElAmmbrhFutjF}1Z^C?-+BR>3U66f8_g=*b)ysXGe95cO*wOwptkhH4H5 zS^x%200tIF&D2b%{va>p*@R8#u1d0jTpfDgiXOje5z?__VTI;8Ft; z0PRvh@^2_rsIZ_4HcsVS1%bAmwU;v+eDy%|AZ1X7K6=@gMFn9n)A?i1)HDSdozX0S zB>(CeH?fNzB*s@{Iyh(s300cgR z@(!@{H}K#@6PzKDBiuGoX{-pbk|r*)u3sJHQo{&R+OuZY^5AjZZCtvy?kY2diUpRx zLe8AYbjAeX!}8@T5+We7m1Bn?`Sz$>u*>HtQ6j4z33M00xvPxQ|JTu}eJTw9ckBl@D zUM{@oV#;BPFjoZwL;2?IR7R`4L0Z! znk?0{=9&oH#!~?p0>vSnbbeS^4tK}Z0L-Tz_nZ^ z2^iH|%4O^K0S+uQ-B7y~O@trK8QE+a&h+Z+QqOrKaKla)@;Wr&M#+*%pKu|a2@Kk3 zBaSk#Fzm>q({O`L)z5T|XermNQpzgTs*y$!-jWP1Z)TewKoMlH;4~*>yfH%oJ~8kB zfpL>I_sw;e^x(bru9=fgyJ8qP@l0i6#TcbPvM1u&WV6dK!eF8-D>@Z0bNIkW?2LI@;yP8yCt z0R|#WiY%JNE}SI_NJxy5kg&xfZc&|RFoK$DfWs3^XtHvNGCvHcLJ>AV1{l80G6a%L zD_;pqJkC;0wd9!q`K8N25)KOjtHCl7AOuS+O&GL@V0B)x%4qKGNGzNer$M<89V@PIpnBEeF#$7h;)ELDXB?M zTF*4Ffd)eX7-5hR3>N8P7dFLdEqc+5L~Umm%KzX+F5>EgZ#nd#MBNPo>Oi}senAU3 zsLTTjq|sJ!w4*%y=u~f26RZ9NtGg6i(MYg@We{ZoxA0&d1->nIR&?f z?QJhph+_g6OfeLp2+L;EqSjSRY8QABhyN}@fdc{;Sd=q(@ryBYVI7PB z^#V~Q6K-sUg?r%)_tFY1h)yVU@r_4X?_%Ji3xIhMiX&i`#WptA3{>z01!zGFF!=HY zp0I!qlnaeFhF634hgcp@C?*pY0Gs378VzAM!^3?K7LXwf59@*#-^hm4)Z!>8zx5lA zP(YQfeC5e}Ap#pn!hb9QAQnU-5@diu7P9b#FU%O76@i_r(yY5R%Nbuj26B*f+1^aJ z2hWy31)ux8iyT;S5pm6hGL#{XZ-fHTik6eP79h?`e;Er&U;;w`6p17x;V&M@sHZhD zM+1mP)T4fIge8pXR1;CFto9UqrvC`*T<>}pfOg9*W|3lDi^CK+Xy~t7ESV38^9NSQ z0-vm)00o3W2TY&^EtE|L94r9TGYid&N0Z~jVmsTX1}?V+>23E2MiJu9HM#w4R!99e z6vC)Ru6{JQSRsEVitP&I5Jq^fp|Y4ubIw59mwpH$-H@K4-fp{kJ8@3 z6Dz!77;+vagdqY*u!tZ+ zom+0uwNS4s1ZdeHy5h0L+yhwTTI}Eu5M)+|U)>_(@z-7#S)!UHq-z z?}b9HU6NgR944%aLkWNrVL>pwU@%yNHPFH_$iV_s005>@L2SSRZonJ7fdWK8%oM;3 zY?%ijfd?qS8*D%rEdKx+$PGtO;N0j~dHEdz0G`opVDVg7u&50(AOpy$pD+*uEbQ56 z^&WYILL@xFHXYX)zyJ%xpbW}jDr|xgNJI{z&JYogn4i(Ol-`NDjY2g+^76srLCV-(bfFT$X12Oy_tlfp5Z3PQ#K>hs< z1M~+b(83(fU@FK#78qE5^xSA@85z_ZC$s`0YQiSyz#Ckj0ery%cz_e?&?M?nB?3~f zaESN~2PSq1#c`PW4hZ8gzW>SsghBP8fiiNR_kCYXTq1j&REN~rG#=M5^@nDRTQ+JVDUzTGq96?P z;kK1eURi-Fyx=*aqdKmm%xKgMAORmPKm@!&BsfhZv;Yu9z#@WLF(SbiG-5wqTlf8= zYrup+(iuS#omWhuy-Hyj)&<(+_g!I50>_Z?LdoN@!2E4O6afqnCo242uHi*7 zy#J>tHffU{rzjd{Ft7mgwFZBhPIRtli`G&8sAcZV3I;mdX+CHP?WmcOUykZ1G)m|e zQb6&+;gJdhEVQ3qh}#QxsPqH_z#S)JqT>cgf|W*Qm29biUMGxd=b40Qg!M#R+8LRe zX-}3Zq}nCRO@(tnSv( z>4e`9O|JgvqfV-$V&aYFRXBB7<^@J6Vd`z7qcw;sF}z?ZhyY+sL>r=f0xsYjA7%j`k|n=w zKvVu-0N5*R;Om%p>1pWejJn>>#0j?ADuk-+nQCjn4wI*>2L&)d`fvikfoh++LK5h} zu`wGHq=G7>g3vO-Y-K@Hd8}*rT(qu}-Pj~d>;$bYg`{#TU1sa97Ay<08mp1a3~WFu z0G!jnLRIQ1|CR0Aq2t%S&<3Dry*jJXE^V3QOo8&)(^{*)0_={;p4A2^)(!`&?PUCH zK-u0V;Tr4oI1Q)*9Hp`0m6i&jy6DoX#@y2F&j7&PT5Z+N<(c-aQi#q@GXH>V#o^6z zD&p=Rr+zB`Ew0!R)#F0$T1sxo##v0j$&Ko5wvOk@t}LDK?L0Mwx0K9~@?|hMZ0XX1 z<8;NsIH0p2Xy)*X-`Zu3#(X{%h_AY@O(C?|O^)4e6uRoVk*%;}nC3 zk)rfS4=rfHXROxq>RtZ8uG3cTE&1!-swR(uXWn+N%c>gRN`eO@L{KKiovLU0eqek) ztp7Exxg5w0WM2VD@PWW0UO{zmf-*&B;06xfd^!o5!_oA zbO{o3uo8Rl^&*86kFfXp$_ZoQxJZH#!>JZ`u?(ZaiH31_eI!N901eyFw!9fii z0Uvk(bz%erDu8o-8DQL734|=u(#sutFfQq_6F+hPW)ni*2|C(n)237f_k1VST7t63IXaNpJW(mNf6g)x{DF1<%k%2E4gDR*(E4%?o zIx`0_VFdIW6Zj$r$boap!Cz28p>{+?OdDI;4Krq&2kV4S%!ZCybP200IEQoW`R*o) z%2QTe`e+6&xI#Lk0z2Dc1+bl?>3|ft5iBTydMW`C5Wyn^EfYuq6XbIO*5f9$0w=gk zD@emX%KyKCG1k7L{Idt$OfdQ<~QT*AM^3m9-Z&9T62tyQD8J_ zfE3uQ(DL+Lhr(ergc1}3EabIb?_WN1f>%7k4nP4Eyul}kfCLP;1hfGtFE;(iku^hh zL`(K$f3Q{Os=(rEc-l*5Z*{79^m_z`5WJV@kW3x$B`TPLdCXs6-Bm$E0{`W6E2sj1 z5Jp4PTt2t<+qFT_4LWe@Cn7395K zH+G{i;fW66a5sBoI9)w}cst!*tjcQ5fCA`Wz@^Ggvp^C!Nkas!(9(C>+#I{4Uc#G$@U&r_(#5oj5P1beU>fpPyi6~wJ94SFpVx;9sKbZa(~?=4q5xubiF)?WLye|Dw67wJ&O7d(L$ zs5d%lK_AkPF^ZE904EtRAY~Yt7C)>DrT;=fYeL$}cf5ZseGjxRGJ!Podz}M!aNGEB zTYz)oc(5Y^BH)3-UjQPsL5^pEt0ud$^AWQ%YJ}V_qBFYgN_&Mt`L|^_$g>BiY&*&D z#s{c?71*q+%bg9_zy>rd3*bO0X+|Xc#aWv|ouVzfZ~(pMc0S*`(6)C1CLjkCebGw; za0|SDTR@FVzy;vJ)8oM%K>gDhDsflK_|D0rdMs1 zoI%NB$O6bg!@4@9C0or4!J85%dL)-AM8_+p!q4(_d-FBW`h6<+Vk_9X6cF_i8vUI& zJ=52C(@Q|pNBz^^!PH*>=3~Bb|Nr#psf979+aqqcdRUx5QJOFq-oPm9llYRN$E><-~tFcGeJo?9Td!mKX2l(L= z*yedyLDz|NEc3o;0|YHvsWds0qbU`WR*yKTO7&1-t5&KW6?;TR%9{-v-*DjY=F=w& z5-hw4@&@I`4I?F7z=P*POqnw!z)++JhKxA}4j>rx6KGJOLx&O|fCNBNrAwC%2tahG zfCN*iR!txPt5vOAsbbB_75}VPv17@WH7j;%CbgL;TqR2ZuG;`}>C$yd_rZfNHej$| zfujxs0Sq22(1Hn-DO4;HGGS&=lO`sdU=@QkkV)o=k2rH`#UbRU4IM#;lt6Ms5GboP zt~~7$=1kd$MBG$lg~}YLLXGzJ{oD8Mp$6uj9SatDa^=h28h8HuYl61To!7N~eQw?_ zMT&f3AQXOWqSCT7ecD|{5C80LtaICYj5Iy6Yrr!AC(LZ+3JHh3*I*<@?O zCY-V;!2q5Rco4z}ftxTm;fM+VIjMSKTTGQ! zGLtMl_msFSMv3U_EdRieMhZzKmPqcVzjEBsK9EKdA+(J?;qQ|-{v(5olQvS4 zNdw!kB0(8)<0;E5duuc(47co((&fOslq@ney{;@yJzycR#n4M=B2MBINEKD+gvGPc zepG3t{zBuRl^u*sslS#AjVZQ66SN|WDdvdb07!Quz}TRO1GCa*xxy4$tTvr?L=vxi zpa@J%QH-(75;FBhzi3I71z60buN7(Z+moaqEx?af0HruGR$VXX&%l>1=-^O9Z!^M( z1*RZ2LI)sl;QxjzflC%B03>DB*@&r&_DgD~&GcF;65}@2j$sLRT#sR4NEIfe`Dk5{ z-c<>|H|CW_8Yq&qKqiuCo(YdTV3MGXo?(CiV1Nal;)^&8zTyfD4pz8Ah5;}DT8W*d z7*mTcmbOF&G*%1~TI5va;~P;;l@?Y@X2K(s@MBj3(Kc8cWt943sb-vW)|p=;5RpKH zHekc!iUk%x`i{a2#{dHd6jzwxpd5}`YD%fT)auGPt-=b#P{E|!%UDoCiN(h5xa5;L z7%gSCEzooAPl7t_wIyFF`~nFOd5LFUUn1P_-jj9$@x~i{I@-v+oV;Soue(cA0WjAb z6?0)JSO1A({F1)o%sfh4ZTw(wyY*aQkICNH^o32Pmz;!2U%-361L-S5m_LNzh0pSF zFz?@gsELseQ+d{5o~9^Z1r}&ddgeM63qqDIXE*kES(BKio^Twlw~depeawTS?qb2MTn{}#&H#pGs3 zERYlLa81N@fex%}CB?)kl@&S^kyImRIk7XAbW$Ll8TCp!2V(_Ga7}^Jljkup$wvI- zQ=f#0oj#wrq(lU?e0$s%A4^#{DE`5ZU4Xzg75Woz7OyJD0cS%Q>c5Jf^E(*L=>JmT zLID|KK{4eiMifK}Oov>uq$d4@2=sXxm3DGxr)lY~>L}Bh=3#zlr5{eAc!e(9pr;E( z-bBeV)S%84W3DXAMVktjq{5{NLNEcMEFslmI3g5n${tor>bylqK3s#!ig`L;`$~NpIqgeS0np9|1P(sH?||}c)W(_cJ{|12;?>&TxSPI*vQV& zqIZvnma6o%3JjQzg^>#7rh3=}BtS(ju3Rqbm5doPsxN(4+&VdaHO#Ps@ni?A=CO9b zW^MK(7vd~uxDI)E1IROXWBH-GR`|$&b}9`#P=~gB<;YOZgohy+3jbbcLkyvyDx@Ei zRjtY)nZ`Y?1j0&LPq(xsHnTvR-y8x2)9GRPGcZFcaSJ zu5D`qETF;>xyXh#gbj;&W);~Xkwd;Mo$1Fq``MlraH!k7h7n#n1Xs8&sv!jcRexKk z;THF5xhoa8aHkH-5Hxt4vu@iy^4+?~Ml{3_h2P$Ljr->JzPHLZ7UPq}#|`+*^VorD zx48*9hjUtYs%>unT(k%%@~T+~@pDQ-5*+Q+Ic3XhEQDeV*_cKSs>g|f;9KP?e|e_y z)N=f8+Qu}$v1W0e0i9d>#|me7;~Z{uS!T)YAF3AC-qP2PoBv?2K1c&EMy`e%sp9IG zTsgnD>hBh(RKFP{kl0(gV;(ob>}!SMTd%~;wF^b)ali1ZHGdW{NvkYyQOn)&ZiQa{ zS{qeITh`?;+``{8%>F*Eem4y}#(%o(O^D);F#uYgUY;md?0j7bJ^Z|mXzo}MGzHjA z`qC@n*JB`=4q4Cg*l(Tdkjn3WnSFcalAXsHFgs4;O!?mfUpU71v-%lnPUVZf`BI*8 z>9Me0B|M^%1*v}Q@pSm_l^O9A58%XZkDx2}&{_3zwHN&Y%7c-2n9g4Fi^?{3k${|7j(glVnouI5Ks2a z7n%^+4v+TqYYM4Qtae7A#%g@@MGLtQ@^UWiy1)VG%nWx!=yZ_%h^`H*!#acz%I44t z6k!b1U>Cr_Y|e%Q1~2OhPs}t80K1R-m@S&f$Jsnd+GvIm-K+z0ju#=3t**ej=*$Ky zF(}Y54Ks0zv;u%WFQdo{6yYET7~vZ%gA+P1UH^ou`U27a@GHh%(TD~tnqX&8VnS!0 zYZrTw7t`(z7R)!4f*37vF5Xcde?pNuk?HJi%8CFErr{aXAQVPsWLiNAJOTvuZR?f| zAyLquJ)k}c+7QjUfKls<_h*1#e0;3j!d{JgNOCeb2&awrEu5QOq98*oK{@Tg#G z`Q)z%kFa_yf($@{<*2e1w-J2wiMT+bCI66!jwE0NMxX;SXbnan=M*#Na`Fpzk^$F} zDDFZs`R6Se$xJpy`OIs|5Df?Kd5>-OV&i0gEeL|=@^0!F|B zI$&RBa|FU5Hybl2*=l|;00qjjGNFPphqG}mbDeZaGY7-G&Z`Kq01k*iI#bdk^v(6U zF81aKPfV(-O5!6{LN;`TFlloQaI-KAGYlZlF@1B2+A%4N^Fq`TK6j%6GZTg+C8?T^ z-2}_@^v(r{U<$zWWen0lI{%k|3`~aufZ_=)jZZ>j*&;MTEA%{p00?sQJi}5a ze^V$faz2aVBR`ZA-|+Zg=>43LKM@5E#vlraAO-MmAX5?h)@E+j1}0Z$Zhj&NPT~!6 zR7VSQObZho>E{aKKsbjKDm3!*jMOcWl%no)Fbr)D>5vWn6F@IwAWterLnDY-Q&wW7 zh+wBbQsYZeB1|V#M;p~ldl8C2AV@cqO$UKEiWE+jb40tSL}x3?npE$ibWfq6G(rRB zv~)-54pmWcbOai8M}73{<_82SvNztdQia19Jv3A2bW^(susqeN?i5kj zKt-qX8c#|ny3;{f^+8!8Hvd9oAY zi}WBV4fHfX1@b;j6+v6mLBAACg`{TsgHVme;p!8q>3)0|S^^{N7g>`7OHKkP}7}7@FY+thVWNFn*d8`A{ z^g%TAWv{keW0q5lw2K@TVqFV61dV403sImmXoXg0Oky?GHX~evPgW;L3^hW((LA4a zLb3RMCI1#U;9 zUSwm(7`04wGv^Er0`#^W`SyM;^>2qSa4Sbdv10&QcPV*&IBUH}SQVBdIBxH1{cYg@r zSKk!kw6|ut*MI{+(5fJ?0&B3~pbz?hd~w$WPM~}-mPN@Rc%k4+p`ZowwIqla7E0CcTnSO5Ljg-jPYw~K%`)qrETdlOiJYxt2!APvmG4k-8(C|H7Vmk5+VI&&9t z9rp!V;6W3$RYw9hEueYtc50p#@r?F!41^IYg598vPrwZ>`F5pr2jDn0;`k(Jb8hgsLc?IQt^ft7q-vYykE_>^ zPnU8CSyQ_AkP(@dT{k=OB1K@g3Ic-x>fn)JfGN%3k}=s0(AW)T0fZYB0#G@XjbfGKN^7l#i(uJAY8jlnWZn5U)NlMZ@b~PDvF~eRmn~bisIl++ zz7HY$Qbef6GO{Imc4L<pN2OBk`QG3AxBDNM^FC*;_jzCEx}LAc z^GsC^`IPfl;shDWMWQ_&AWfW`=d zS(G%&v3ghqU|Pnt;%VQjR2&iLSFshj_tMo>DlG(1%00viiK^PjDubvZi^7apkLv8@ z@UL;HmvC@rZ2lU7p3!cFLl zb|kLghMjsBxN061bTp|lWN-*i|3{0%^%MbR4cA`mzv@?6srpvrczUh(*UEsNQ=$YB zqK~WbifR@84O37xz7hqk`ICGRArEFFXrMh`Ug9}Za~c>+7?3z0_~n#%3kUbZb%aJd zN+u^2{c4S{&S}jh@m2{qtq#XNuX-$BeXBRze|6wy7g(H3la7W7MLv$emg@Dw5>|LUaY29!7F7QTFIpPxUTbq)l%%ul9 z#M7!FjfD318}b98>WdfQyyIHD<-P!72^S};2!pGoC%Y_^bU$DP>^Txdz56~yv*K>r zw^X_;N4SiKc8^11spK3C{mF0o`sO~aQ1ug_I4}tKyBf`kV!D_5p=9JnU;9V(D{KHF z4~V#LxAcv7@{Z}`pTDC2)X5hdAj4>}fO`Y954sqyZ&dd#HuS=AypczJu#~j9+>LuL|3I0V2>3XRXt*ZoJm~F?7?1u7QX^BDx}r>ZKkjl;37~1}2v9?e5K z;Db6w^zOauO**cL%v?`DV?iP~)DW8X@bAhi9;$T=C;*2n<~!KM(#6Cb-23CJ%lDb) z_dA-R&!4g77p!Dh1)4UGaL9cXHD7wP)-SsGkCYAG{d~RnYw7ZTnqLKP(6C^s=g>&t zbwRkoFwMm#_2NM9;p>O% zGxE-R7G+3^W8#XVT_V7pUl+K4-2d1=>3ic#w&siAmb_%{%-Y`14_{L|0=FF=fam`m zfl7b*Ui=7kTl81ilOX>bB-6fU{}@fCnf&|b;|(!IzMpHwKP3pzej*hM88M3a`{azC zi?Fltafcdxs&k|LzU$BUQi??l4*|^6IjH^t|2Etr8PKQHE4z$+=g)}nb^_`F7Cg@I zZ{s80k_soP{qf5mr)31Tw>IY5=_Le(V$2$<^TS@2B_HxsEtei zrZO&5kpUFur}`RzA_BI(e*S#_HXia(<3xF&|0HD5!2e@bAN?=0$_@HoW|jW`V^-Dm zb4GVZGg%qf!K0(Cm2aM)|A$%45=xKtRL$ep+Igdys;4H2(PTE@LC_fi6pTN`O#iB z-tPZ)J@_QT`3n?}#wD&iANn>l$joy?;m$?PAC>0_DzTIXH~Jq`oXQ1CgAS;^e|O}i zGxRKaA1Zpi41U&$NB9geK$y&k);7*1xwXV#hNO}81eOO?vFu%e6qe#+rcBv=w4x~Q z?e_1YE8#$1=ny-iJrdw@Bk+G>{}?!886Ux0&Q4YFefyIeEBta5Ax=2fQBZm`<#I`NFiPNY50!_y0yA@H5^4>j8I{H;|Oq2k;`jMYwtR_@K5Z<;h$ zdd(quO;S%2X(n4iXvYqlyU#%6VgPm()t^I|_SRpzog>x{c({0XSCdwH8AdO`~58jF0 z!E3fimeq&wvWzPU&QzJ@G}EmY_DDPG>&Rg)gm1EN3(N?Bv>7zEik?q18)M}O>z9wU ziDn98E)jf@vay3>S*=>MS2H#|SwbYgY1t?@V#Me?CCgg|G@b*loe6h;AA#T%40;Yq zg;C9}#MYIklaUX@sK;qMFIsU3^{t8j$WnU&$_!ef1wu?TlI9D{3Xy~Xls<|vY;d$6 z&>2*2A+2)EWvRy+f60u6Flf}ec7C{ZBNjR){3b+hRjS~c&4l9jy-&2)caEa9fFV*O z+XKBBZI0`r&(GhgE37NCJ5wH>{x98Z2{P6e|LccpQAa+h#*7Tx{HP&mGvkUX|My#~ z5iLrmn51@cE?CJ3T6%f!?khxSOKLWx?@tLp&7?N$kc?d?MjBF6Lru0O;b6N}VWL!YowX&@XiU?u_q_P!-C#w0VvzG{=IbFl@L{sqsM z?`j)>g-D2z(=@oj<0Ff8Jpr)+e=X-e3TbA;LNw@^3H^Zd1lia*!AfyfhQtT^ z?lE=pmM*sFem*ov*U-Z`tsf_M@Ew!4y3ay43+S_WkH~9bo~-@O(np+r4N4DS6*4l9 z70Q~;a!4Rk6)(NmehlQe%TyZ!hylhVCaPO%wTM2zXnxo-JS;m?P3L`$2<9uj>}ft? zkNrYChqv51TxDS5eaB>+uDm{g0j@TU8H!l8#*U|w$?KR|bT9usHf2|40b-LP=i6I} z%=$DU*sg7_mXHI_T6SBE*3}Akx+^8|V;M8hE9amnXN&{tC$)44%#R8fjs?#UYT{~= zT@YUM0F`+I()vYKu+JuU70|)v99F~@IY^Gn=$`5z++x$mGOLbv-QSjg97ta7#}wLL zIYr;E+MGx2VC*=@rXfBZ`EczPYpnAG1J-n|b1V)_Nwzs)y{rY7 zz?Z~gQRa~xoQ}8!svV<-0+YNQqH0{oKPj*?0n02$TrR5)ZwgSaz0#LmE^u*{+ z<;TQF==_NbI%uGFsPcfv%@1GGpgdTZzb8L@H%N7KE?e`CBOcjpX%p<9z#36RU?rx&zezr|9mlOe;B{7e@4 z`9FQZgl$M(veZn-(;U=tq+|FQkACBe=w%NaqtYr&-|B-295cb z`q!w>cVGQkV-vxE>Ks6hH*i@LkSpD?t-mfAs&F z3d{(W3eZ39XzuPBM6@xRSn!aztgq&m&kWb2nbP(=p#spje}s6%k{BEjd^m(NNM zq8hE#|J6Ez{F(y=+6@1M8->6YiGH^kk>=*}eb4K^3R?I~T?)Aq6HG{>q=Z?0Tw*~e z!mqaviR>XViDEi$5ZTprFlmPG6E_&M{b#l=gj+e_w{C{cHU&2Ae{cBx#`W6N@s&T| ze!Be+%zFSlGP71+ef1yx;!k~8jDW=*&07#N0-%@ygXP0Ic4FwxaNljAr4WQ!1=JGf zF$mY;+Pkj+f1swT(-3Z(HUe{-c~JjT^jImlQO~y_Ttmy-Og0>?e>WOIeyA8}4J_${ zsTct)V5$@2hS9YpgOv1QCVt}d&v5kSP-UXOFB%>~_U;n7Cp8kwtNdUu*R^C3x(f@u zHT*zi?}1ppcO$~eIm6X$5sGH8>eEJ(!s8Y5dGf`*IobaO^%06N)IpX z1@L<5{qZo`^7aZ@dU(6*TKFEr4gHv*#YaEjNwIq|arPiZEL0Idq(?Y-5?q$6{U7^) zo=_!^oO!!1+$+topx%<7+QIAV!b-#vg)`zjN8KFGV!3U?YnI|va#L=#r8F+3#QaP_ zXaL2^G40-|U-od_KH=QQ2_9rB!wi>Y*ey#!tjQ_$n=@+EDK(Xng>9IIZH`Xrd#GHf z_QGEBV$x$7JTwYySjql?p9te;06)ZPD8WF%`svC(>3jAJ2TKn+&eFwHfbKJxZVM=c z$Wu;Hu`-@;lf9oJGH5SOsa2n4t2_&4T`;lA2_Lc2DLXa))po_1fD?Y7{PodeI78;G zBpoSz9o~#g+x>taTbUAwtf<{+K@|oBF&Pq)b@^BN?P6V7N3l_SK=kLEPm0r2A-HwI8;7u=Q;d@m!@{}{nZ z4R%yXclJ%+O-irdr7VHG%bY-!1K5@wE=i=xY@rTvz;mBb^Dq>(sXV>Q8E)o@kNy?H z3xJ(o2IOzayJKMk1vnIE;^Iz5stTgQzTjbot8D>dhO>Y_1jeTlag{2oc%S{av*gQN zpyF3amwsW@g@eiCO5i#=TNOxVBHrhsDry~r9*=<{yR#Wsbm${M%<~{SjE1#m5pNx4 zZqQ=YI1?=P;E6b!ViI6GCG$>g}7FilAP%?i+{#CMhxztoR%zy&8W|V%u z2NLRu6=(tR0A&QqcG>$12VK{PXW90)K97@K(v7v!obLL^^_N_$~Y^u)f_A`F&< zW?&wQ<+iVEj{+rUP<0kk`4bwLt7^L{a)d{Wp1~T}3NrPg5S#{eNriPBAyto}U`#1| zV&)O7%j}<-vRp;(_$pS%>KEo0K0}@XiY=f_ip1^n)(t{Y4Lv;#jO+wzv9Jf(j-jd=S-w?oqF_k}gtQb;+ISs-xK-OWeXA$zDDzKwH;Le2^NR2uP~eU?h`Q)_jN0>pP+?4f zoE#MTb5)+#mCF6D{CobZ+R0{r>ok^9No&g0%N__RP-VD z(QqpiqkWbH3prG8IrW5mGgaQ981I;t3WW`;{JkWog_2#M5DuU;x$%jRjR zMV35fBv61(H#gz*;hSB=*G9d?wi)(|X9 z4`pC5eR-^;F53Meq7-D_dCREnhe(n&7V1a@8y>p^+ZI{Myv)QoSag7lGmudeU`ZnN z(6yJvK-qv;TGI!QH%suu2}~EVR(Sk*JF*3o+Q3Mp3@^e0(RDNz^<4$m`cXz5HlMp4 z8d5^KB5I0yzFc#6muM5e+}8A`>3Q^PZ~tmt47^+hZUn&QuojdNB2}4}h72%62Aj*O zy+ae=76Oz3MUzQ*+3WuzNU?@%2_8r;6I5+T^>64-Y2ZbJ*CdLWu$dGscgv{XBD!uj zwZrx^@UFh#vs2HYFa~yvTjwf0TNzZBysyhZJ;?|oi4j94pjQ%!K_k$5nO+7I>E4ea zOG#2OE=kI-YsRVU;5Vrws^N?iE(1W;Qp1_s2P9(}eT-Y#B?f~aASHCqyyIZQ&O_cm z{dN8Tguhhna4_b)r?4LI%z$@O2=ErDB}Z52pCQi+BB&nIOJ98J-VRk3YRtlT*ce^J zW8Q^NO`{ze7D_>29oxIc?+Y-Dh!mGybz~^`-1w+)q*P)MfwphqdE=Ya>U!->UqsK{ z!=MK4(&*JUM71^_hgYXQv4_8tUU5?!ASkV6y$Bvy)*+Q>2(p%8DyI>e7c)i?cyEu5 zt?Z7uagDpg)K*K5R617r6i-hhL4IldFVX;3i9sd(iKPRt@4XXW*k0%Ry(X=`t@;HN zih=|%@HC4dHvHu6=$n%6uV!MvbS6^_E>r2i*iu^WQ=X!gNl=bnJAr4Mx33G3m=PcV zmA?sllH~`e!BTF7WM8y&g+6OEL=64z?}gr5XPP@_D1UfH!oSsb!qL@S#;=CB)2z08 z0}~yPv@|nnH1CY3ys_|kHJWVau{TA%6xr2_tLXI~?SClpgK%e2DS&X zj~gCm`7?rWpC~R^^s0HAf57X8En(Sm?>z(<( z*dYv*VBGnLLd?YNu8-)>cY?En5I(ZdpGC+tU}Fvq#KL5-H7nn#o&dxX-22#lGS8MVzh7mlIMuf78x3> zv@q*5#9V!W${E#y?HwxG@tcOOxja8tZZMw*=>oL}g`at1b}LJE?*%~vaa07gPc*ns zs?s0JHRb+$5q&p{A$59>QzTeGqYbK2nE7QT`$6Yx+CG7nDT+xucSxmuOqH7E!Px9l zOr}yhMn0aQa_5_^EB!!wcn}r+f;}I@O*B|}`dNYUsacl34W+W3(W2gK&$Ex}n|00O8ra2>h^68E!#W?&^yzEvnI0NgqT_N4 zy7bbm%)T=x0{Ukk9j}x+Ui<79w;S_}L`$rx*jxUj5C; zyP)7UnLaR?h?@#M&taE7ZK8B8@&1ZgS7!TjDz4X4VD`Od z?H%HR@kjZkA41oD^pk&FHGsa8Tu3)Z)i)zsuh4qVAU(0$+5{+BdaM=;S8Jh>y)o-e z$IyapMURe=HR6pGLYHRD=^iO@3vv9ij2(X}$tqz#>7hOFhK65bliz{KOg~59Mzewg z6Qh8jETc;|7&HtjRtf*2J@c;C46K2t6L!oI1F8&irM;Ht_pPeoNEAU8O|)rr=1Fl@yFf}Rx_8}Q!S+DR?^l{fPhX~aDyJt`k3C|)spa;~2=W4Lrlir7DM;&owM zaFu^(>4Vem+cI4|Jv(yYEObks-nhx{y^3Ai>~q6QufA*K(dKSvB;VegPZqnY@;y-4 zWZd<&Arx}gdg;FVaQc>>Z{yJQt+*Tsc~X(XizLNms+%v8LsBmj73qv;D(O7#n8zhb z=F@qJ#GFWIpI%aufV7#4O%_6=DCdf_;MaIbrUd2I+pqs^wb-Of zb6XN$$RSXIG~#izKT=`yo_7?NwR%-*0+6 z|0{O%B;ILz37x7M6(|-bsaQ{#Ovh%2OeOO5l1*sX2^9%UHH6EFYEGR$lma@|I-Lp` z#jrZNbql{TnkR*SI=67>zns39OC}kM*ahZ9qjU_byV?gn8VdS-P9! z)iPa6PT#S@=9x_8){R1yxrvuusGbX9#VY7HS(eZhv}uIR*vEsYPr=l}RG$Qu^lD7v z=(MkKZmTF4S8l7hC3c$?7*rKFv4&6I+x3OXL|72iZ-wpciPa7GOsyX;qLf(vOMm2C zsyMgrY?|3{MZok!A>+!uC76v~(wTq2??bI>S#cGE=o^U=mGk%L6qAcQxW6R&Kwx4u z0&z*}M5kja567|NC5B%fbUDG&*mNJ2GTYk$(e*K169^Z&-H>5?XxQ9X1!nG1F9>NA z63e-MhdA78dbcG~yU(=VkyIEw3LN_nYOoqNPcIkW>fL8#9mQ2@!r4Vrt<8n zfuZf3_S2a0mxY5BTKp;56#@n+l>*0QYpD@N29tGdw?8CW3I{M3=I*tbw=xxgmGAv~t-xh;I@ zT=JZ^73~JU(2OUl$0ThV+qEo|Oouaavmrezkeq?TZofCdd>9Yb(x!UJmuz%F7yES&-R`y6NJv4dSoUEW0EBHU6O{{lJb`Gf8_Wtu94234qDv z;<_H6&Io3vZW#Q?6}$9a1^`D}4PSbkSUi+-eQ<40TKwfR}f|s_a_a@5LTu0U$L}wGS3GH?sPUDnK(LqJ| zubS(nN4USTaIt7h8`W{q-lj4bY`*KCz;uE-88MM~`>w3>Q{63m^-CA}i9X?HaW1s} z$V+x+syWW4QCXjzm;rL}9r=sr(MO+6e<&>7S^`8XLJqHMwXiU*DhhJ(f3VE?#Hl&0 z(@7gYk5t{%D~%GDl2E7NYp^wJ(urua)Q}P}o(Pm*9C~%>N5;LEW6|p?7>)qk*G)F; zt;n8`*KVpI^q;u)-_<`$+CD$ExGOxYNz~|FT48T$^4PR4IT+@*Kn59~vqG3FHFca& z@IvJ48eXXDHSr>?vQ{= zDsQqCT!AxA9y`pK+HO{h4NKpd{g9x0HNbZ_=d;_}yE(Or?+Ww&tlG@(hu?U6?`j0c zPzdbY`5T|g8H^%9u^L-gQhr{O~a{4YL>h0!Y&IRgrCJ>6d2!Gn+$?R<09?!kiK?mig*b zns%4tblp9eVk7KA7ssmyWW`+0f{3Su4wB}%MEGI^FP&?&w!Oj=bCW9~ zkCu~|`Y&9T4N}mpet0puuyKy$fx%x+es$eiL6+UaOoxb990m7t0yH;? zdWSFdbB3-$y5e3u6Ym|;B5Ja%U?gzyPRG^k#rU_HBu=BcD$U$ckN*K;ofu$ts#!7A zgRX7E!Ab3N1A~84>Rh*=J^u~2=|qMECO>nyY}bIaDX4<8h>}Pnxblp{}2` zs*``u#X#Zp$2p8g%bF5NaZZu=0CUJY%^NI@_&Y*Z>{2A1>hO1ku3SwT?5E1LQArDE z8Ri}m*E4T7UmB(rPx{k`P=nyeGIr)2|_r_^`<#lpSy$K!>xRfw=vO-xc)fqupK*hWLcAzRw2;lWLT z=W30iW6(L4I4QEEF2|Sy8PqQH+S|&=mVr`zhPMbAyX!gVD)u`4znoQSlt6v zK6vRmWlQPeV;-Vxx@By7v+ea@<8&dn;ac|ezUO4sp?LyNf0{~v@4?Gq8Z$7F=UnzJ z)9131`d+9$K!}6z<=0OyCkF1}gYwO6lT7ejFuoSNqNkBlhMB%SbY;Ib>K7Mz67Q5$ z0+X6XEReQ@j2~8+L85UFE75tJo`GC zcg(|bGO7RHVOf-6m&ydum`s#SlEg>ukV7uz^C z>9c6yPKFj(VN=GFM3&Fm62w?JvZQS!1v$3hK7#8uiSr%Pq3@4fr2c7CiqU|yz1M)4 z!um9fbNgHp@T4kyh)vCx1HIL22{gQ;GOX`xa^VH{IjosMt8I(X!;5^cGqlj_R`n7snzpdU5r?>g)QG+e5Gc++juW|RowV! zjC44h-N9tDH#}O*UH$J=LE^+$5aYh1ua0 zT@_6+U!W9AHzdQ^6R)QPJRxBf{MWcnG_AG!9OVbDi1v|gW?K%l&*2oD9)^{A4%{$w zSa=lcMi(2>18B6e%89Pdg&7H%Ma!R;jQc=c{|yUW zur7bn>0)Qa-rh%E*N?ZOD6nMsnAeg{wR7!Bt$YIX#7{xEroMT*`ltC!?d*J8$u%=C zw?Fb926+sB;!S&+Obc{2dPxoJi5n$rZp`X*7le)hy@Kna;8aolcpboc|0ppqe_h85 z#tto|+KIKuzhXhGcw0~QiSJauOHVK9@^0Ju&rR^bxwXyA=8tNzkyUz@=9PlAnk)A2 zr{v9-Ry7&q*v8g0WNI3t{6Tr!}WI3wl{IgkpmwV7XLM=)!PY{74zH% zXM`U&t9Kl;J6mcMUZD?~X1NRRka2LdFEwrO)bpO~*`|;10{5)dNTNTPuCJKEw-rQK zNFAcg{~5Od@mxOJ`@@NMi16D)6S>BEiht{Kr+T^`e=8C$=|K{iev5qXD8EV0(D6n- zRx(NQ%>GWWHn-cY@;1&BaCE0)+u6AY>NoCRuw&N2eNyfUrCYL6+-xyXLdml2t8QV76zn9f$bG+=CsHZzHs=9pZR{wqcpPNekQba)0L&M$8jScM7xN zo*qeuvdt;pRu02^$MZgQXk0qq>TTQE<~lIbUi|Y3knCB{O?B%rL$OYw8>`Oqnt^XP zqbG{<>`QGcW2ND`KjvS$gDt{We&VO;Z%Z0^Q*qV-ROc=VHM%!qQy^UjZ+qRF)(==i zAQobHg%&WynB~4YtaDtgn=RQ9=A}`xoygm#s6Ce7jI|rbZ}6BJ(;5?OVXycOmP{5M z3*0>YU<}?#wLCbaP(Vnt{sj~hYhionJmr_s+$-7w(WPL>$`CHGc*{LJr&autfev2v zvv-o0X5bPJ>%5Ne>x3TLdDElTYJZ6xbrYG4se3%73=*vR4^J7Oe$Nl4aaIH)Zz1Zr7$d@J* z4VN-VcqCTdK5^W1;y2f{%U*Sp#Y9LKybiyc*fD#z9nbXwol}H2`X0jMN+o%7C$D7s z-{&W0l`{la8^%%a#ag=N`t;X^_RyM^gND&>2g~2eVfLVi*aQK}q^!6+MniWAA56vv zC-Gj2{?eK_Wr0i3xe5;(vgJWJyr;ACj?CXp_71D=Hd#ujL>>H<`OoC8km;A5s~6MH z*tVQip8J!1ACx8?K zE02OKltD~5kTNdevC)+CS6d=_IA7Pu>b#X#>PSxRhmFQv7w94ZrJp^Va0@PB2PEQO zLLa>Wul8hIP*KIxiea3W=r1qfV8HkBn1diQ`7*DRf2QB*(LZnBcnk2c*Be17xVthA zWR#T1gHH&coZ3?syU>hn;VoPJi95y5Kb*JDfX_4L^RzL6NlGtrX5o4iFADbFBbM^?Y(%ILHj)Cejz&c4$bjHz z$$Bvy@+>YT5@<35JIuz?V&W9+?)=R?XnXjdD+JQ$9lo^tjbsA2OT-DbKrBM;Nf6^M zc*O8|>v;E>;n((4wg>mR6?F2YExA80@%qnTzLI;Ebd0ee4)cVSwzz{Qzef@9?w2wA zGv`y!Q=Va;3gK8qW@4#iq&c31mXw4p>@HSga7_Tj=I7qhllwzanH8+yDj1c1pKW!k zN3}7Xe%js3TKIbVRNl)Jm&CP`5yTGWlj$fkF-It(Xgd7 z<}=)`Nnwykk^I)405dYvu>qsR9LZvHAl3t7(onKh1FajKMU&rm@%N2(^dUzF-zDs! z9&fUwuH^yC?S6}GfkptZ+64#CG#NpR*8uR3lcUc+uaJpxpxr4NWe|)%GrblxM0If2D;UwY9y^7GmY!n*!J(0adW!+11*+#Fa!kR6MFw_ zPwBV-mByvxNbrG4n5tyXwi1=YAak`=&x7u(E*&n@=O3BAmpVK4`7|PBu1sWRO+>s1 z{`&9hy}n0p&qf*PoSt153UG|A^nR*5fUWr;sn$C%>O*Lao7Jp6#-Rmkjt1iWUnnyn zMeOHAppbCZ@9qGKY^}o^PQ|ayN{Q`y z7(Qo6@y`VQ@V=Kq+3~|KO95(64;`-Rgm<)pzT}WZYWt*2+ADR$lM4n$i()J~t}@(u zLcSU^=O~EO8C{lswKb3`eO*U4HYn`=S#72^>vvq41Rui1QYV9vS=4xs464v~QMz2M z_GRzW6AeE@As}|AdH@l2RYm;Sef7&9U8##TwiT*nHb)+45{X6%ANB;iwY@8-$HXfa zJdBHwHj0JCspoGXS8A~C;IjK{NU`=A-NJcxWwl`*W^Mw>1ID^_)?}0Cn)1w{u+WGP zT$|!3{>tR~uSGdq`wA1f`&|qL)c?gLqeNP?!)pAf^G=Lgkc>tF3D1|3Qv#z|*`$VW zrqR|gMVayxaZmkkVlUV7Wa2@37OHJwn?ZU(-8*oDb*bgItrf~35<>JR>!BsUG^IZ4q=ex-9-4ZqJ#j5!r2h%HtK9^cjDb z3#118-mi7f0P_|`^$4H*l31$Bymk)JI6O5E$vQ-o0v5OiJ zXR=RqluWocZ8gZDKht>2;(64=fo01SN=-OMgT_rc-BO%^_rzp8#!cfAcpkxb5?L?v zHJaajI=kL@CYYysRD&}iBRS^V7w&PO^mRo>s-2{VLiL`mN{c&PkPrh?qlK12-cE18 zRs|}2?_HU=4~fl00tg?C1Gl%tKIg3kyGxL$4D@-KOX=^6JM%j)BL-DeC-D{){A{<6 zQTkOI)GP#CZ=@2+okbd1Yd#puU`-5aA2UfC9hSVC$)M6vgUYHSu)XxD^Q9$&!o}iP z+i)Xt(nN@x7)j)9&B)cZ%xgh0H=W2?&1bW%7kTfp%|v|i;%$=Ljace5*Q0(8KH$tk z_}Ob08kQTY$i^YkG0t?wi&SI0vF0`sh9WQXyG^~z=>)dkgB2NKTdQy9F8K;0-8qeb z_O!gts!HDK_Id@iCs3UXC~O*lSe-U={RLyCe{@n=9M`k-X>tfb97U-dH?kJzs}?#x zGzD8uAdzR9FVk*LXO;h#dtgoDi~^c7v)Zea>bZ}qvycbk3l4*k^ z4L3CRih{bom>Din%}x{uqpB!e^{z@e!3%hTEV#GDxZnMnZD$!P`PwLaRH03&W#L)q?2bATgAmUeQ8ZnYWI!+<-M=5XnJ(j)Z=Ts>6(v(%d?(m zmK|0i>XIIMJykg(7(*AXcusw^Equ#Ubm-Vk8(EcT5#p&qqqe76K}hXB8EB52Y8d)a zXuVZ+J7x#fXiZJ?bZD-#)80KRi;KJ3<`)qrlmT^Pdckacen(!7!^g+AmFOrYgb2@V zkPc&n(HFCITq=Bz>OY3DN)lc<5cg6lwjFJ<7&`e%{CK<~7ryT(f+8lVsfpxuvLi@r z=xT8&V!Xl8XDGR;J44#B0(x+LzGu_K5Y*p-lM&&kR@IN=P{PJvDGqg<;}5=9d0??( zi7(;#7ZPZ&?V5X#ZWfjK_M#rQDG!)>zUagy$k~yS?6ghUhh^|`nzCdt_Zem83WsC? z;)TwkG(}i2bE$wX2N63^IlmXK`&5yZo=xf!9J6`=-jtHC9eVut)BM&uZplVvmZE)> z#xJKry96QPI5C^a$J_<-q7KkttJG+0iKR6JjXfi43yl)+sd;G6<|b1RQr%0uQc}up z`nK(&gzsyG&bj|gY_8uK0E1WsS$fWNF^ogb?vdR57@ihDvjE#YvwH(k33;u@m zkn&)!E`^D&U+~ntn*I>S3Uz`SKOM*vyHZC9vw z@ZQ#i$sU<@^E@srgB+VB$Pae!`pK>zF%7}k1afyuIUh>@84S4kRpSkq=66t-Klgo( z%`Ut@+Bb6OrY1;S&hq=gNhEgwnz~sZCS_Spts;ruda7hf&Bg$y)+YR6JpLY*A(Nn# z;kMY4hl%*!_v6YCVJZK%!r}h)Kfi7+?{@dz|CqX-QOC`@*&}w9eiE$AGPqG5$2N&M z*@i(pN$>!$lp0pNYCzT}&bsRT_hb}P&J@q2#-s&;E0V}96FWi?zCws_JcxE&4-j|M1*ouE=fQs?f|olwj0!tAd*Bx?B}xnV?{KtHHDUsoZ>F`6@%J8 zPWH{MJ}VdTTWH@$&(FGV5H&aKS88?aj0j*+jktOx5UJW6d6vq~3X)dCs^r}ipY%|zuk(s3~Y{8v}=BMbQyorT1RV03ww42E}dnSBXB zb;U6|dY-DhS#ZAeI^1onukuWdb+y3rN#q-Aby7xqmB>E}RvCApE%dw%WRsD9b7M;> z0jzmjlgXN|T#bl`u`HD>XTH9{e4QX+jc#z@=b8leF$LC^UN(-^scK56KFv!PG)@et%KzvW(I76MD~4h&R}__IpHA zh(fKex(kRzkEN*@z(3Av+K|f`JmRh*A#x0M##^p~>S(DgR~bzCRR&QhA&u`k^8)`C z+`uBJgHP^9B%ljnVP0bYQ%j@G1TS0zC zi0sghm@5Q!>#rBB(?KUnugPBKR{u>^O z|3@~;uf6T(^Tc#7M%S$~rmj7qE-8J_CWroE&Bf%@-(4)r-d#;!8y2w$c-^5!74I({ zRu&LlOby=krV#^L3bmUrA_O%=pV|mQJ*px#XtG3nsX^Y@PLu2!v7B{Zu+MOcB3qaJ zWi|JG(rlfOCy04xJ->AGsz_BusjrHkkBQEu@1XHF3AFfFbBo@~U89$$noLW;Vx@-r z2Gz)1WMWD`Ghxn@fCL~wH9VBAQhUHmhV#}xAIX|$E{Py~vdP`G!hJl*EKh{ph2Ym* znk;wuk;>&~o#m1-;x8T?WdGhTE3K#DIG4u(h>alvj^|`xPZ#boxZ7`oA!c$on#k@Ui0!F)%3x z!PEfA^-H1kaW5^my7?T$(FNi%8qk{0L#2XX*Tp;i4KgDx*X!vs=Rdo%i1kZ1^shfV zKl{}GPl8xlUoXuwV4MD48$Gfr8M=HpVRr9^`EbN-s8#=w+;}Di4ee%2kwzEv(;%H`ecr zoO(WCQ&<`nyLC7nRNiY7d$0KK>OEsROI#eO=rTu#6$oOOn`d zB=!IbQmDa!;(nc5e7At_7bSFUgriEbOnv~#^Pkj`70@TH43KZ5Now_A(zHpy?zvD90d-JQ}oz088Y?-s2KIT^uw3#}f06+a8BZ z#j%=`;C_!lTVIP)VE^4VoQMqa*gr0{q(r^B=qDJ#H^v|`#7~#=Y3CPbRG@OGc)8=$ z`_e(o5=-0}B*6>~rVJ7jMd@shQwYKQ%0>U`i)F!(SP>-dx)5#-5|~4St?rv0;mF!g z`m;hX4@uTzEObrNcP~pCwHErPSMt(VUEY8xEvge46y$XPAimN3>8>5S{|N;xH9iA4 z4>5xBAjBSVBm`j2Akek&us}5!l4SY97IO_YPZG`IgifcZXjR!*8sCN;>UsIpL2nYesj2jz+o} zDcuN2_b6!{9U_jwXl10NbVx~ej29wm!Bp~1bEE$2xENL|oSA1izrD7IdAwv-3vdT1+t(xR05Zr#bFqzkl7 zX}7&EZE{#6z(axRsu;C^R!xlbYw8~E>3-|O8Zfie_>Xb9NGotj(N!Hoi`KbiIF8i#NG95+P&7G3 z6+CEwRP=wWPf!DLiWEi@!uR=p>32~{M=84#pa{@4OJ#^>g9XsHI!rYxy`iSt z@8QpeMn1hu8Ny{#ZZhI%B&SB&oa*cS-`Q}4; zT~FUojuTFAk&94qWYW8?~7gmiMuv<&RU-Dv#E(fjy>LE z?_&To>Ns%+kT6Er7C9mEL79REi5BTm5LD#U8WVXg^V~wAEsFrx3lEDTw9Cguh!4`F zc2C|*@9fRJS`6M^3`q%8f4h}q8}lcHV*UDN`DWs;G@j$xux<9tGJ%;N;2(;Ewp#C; zniJDc9z4Xt<8&x>_MSS2G6c!l+&iOUAE^*Wjtlfc7}Q={M6qv=frx|&!=Y8R-@f&Y z>++u-1zp9BdjyQVSlpNh-$_t8EKfZYkYLkZXpMXV@9XvPWO2oBXHtK(eDiDZr-pzs zl`zGFkcV=W-2W=XFJ2jb=Ms&3|8DHP;lBwBAXSCdYD!Ay4Ad1h)MXgk5E>0wdJ6pX znRZK$n5%j8#JM-`H%t#p;kW`=z|c;9ctNj7aXiHHL780>`z25=#9emmxlEP8q$8vH>s%GMve0PM6Z5C;S)F z9S~67ce*B~^Nv{|GUmtkU(9|>0Npe;T0*W)oxJIiW#2473`#`5|YLZfV9C>4vG<&Fa$y^Bp6#Za2Iof?qf)G$Wj zh1?WAND4I@ha&(ePennepySuJ37pBgW>BD{MQ(Xtl?rM6(q9~5x!LJ&uNcc+|Jtmm zW=kqIx4~}L39R05N*Z(Mpmsocjv1T0>3QY!!soWVNkso`r3;}y!>79m0tOsOrEMYO zQiUfjArJTI?ksR|6K61d3e#C)zpC|Qx^DhMg*_4m#c)~HZLzqZ>)!D29Nnnrife1w zl?b;){wJf2!yVK$J!Y0`9lWI`T6173b4rk3z_Lj?fZK51F7((RL3vB^molIBu0~+r z#c7FIsZ?z@A?{+9^{?%`@Wz{>ah45lOyuUqcV!l2n9NGObO!AB(@vi>92*H+@(t4BcbVlQo0VVlZ~Olg(Bc~bs5y!o$LZ1q`XY#n)f zr&T`=o@vqyTrk?_!#O(MMqm9|wHL$*70h~_;}jfs3w(OuT@|)IPSOIqHCH6r+FjBk z3nfyI4ceMD$_4pC!@fHC)p>|TjD;9LD@*^&l3NLA%6{yDZC%H^f}#jE$y+)+XW2$f zbs32k;r~7?q}r-StfotjY}|sA6PVPh>RT2cqN0L3)(apUMMsTkE}Wl8E;|E`*Xat1 zXo`I5nyiDPB40|Mj9BM?R>QJ6O{@BMF(3X$IB;PawUuU%bVJj*(8ZTu)IK%$?i45R z=d?Kv78wpH_?G=;IyO_Ds6|%x?z$O`B+ERtb$xu+dU+FW1sk#-qj)}mZl=H2k5z5H zxZT>O>*6p#6!K*@uaJ%U{WE0A+Rt!F<4nS}=J3Gb1pj;5|NNl#zz>SB@QyRDe09dn=iw%--ssgERYm#h7f(z`zNz1q_5!R4RY^0rIyChvX|pZ4)R ziP{^tFlm(3)b0&L<^G*#&x4Pf3gf<>)t8@Ryos|jts5P)&y!Cr$42zXV2rO3eld?Vd>zg?fAel<7oL|Qs9Fe ze~*G$GM)N$wzqZqi=T}&zP#t-c)+27sA5dw)2j*EJ1 zvxi(E4F{F*Crc&>w9nWsjojlTbHpIW6sJ^YGnN zugv^Sa_&+glzxU8>((1`Z~xJIB;PJ-gU_{k6q?6AgaTesA8xRzA05~Hwz(m;-m4OD zdqsl-J^u1bHSqduSDgo|u?|#Fv5bjWfOGm#nW^|Xyvn*-hXKo`Ge&KlB&uhIo^~rg zk|}E!t-aq|sZjsxc8e#5e6`B8Gr6^amq~Y%P-&|8SFlz#1ak;{AgcGa_!iaVDwSr# zC&NPyUd|kPb9HJ7+Ev4i3zTh>^Hi?A{(FZv@kz~Mvo}V*MC8WiOQ4IVj8&BbS&GB$ z#0*!lOjURrA&CSU+dRIKnz=eZP`IHZ?U>zQBQRL*N6%wikT?5)vo6%WPlvWnu)*^d z#k2LQSymmtd>L49rZ#1kpT2wjZ~L7}JsBHUBiq?4A%H_pXdfL$?n+&@AXG}d=9Dq@_AaduLNTxZM7 zcyO9HWBQ!xii4=0K*ixlN|26A5S!sT^2MP*90WcpPoj4E=**r)jY69Z?GA0mM?5s8 zwMVTdI4P0CTfY3)4fkj)#RfI2V(eO(Fj|hsk`E>;nqd9vT)F_8s=T`OaBIckn&N4Xgn}ZgQd9jM8OU9(kaUW=N^dv__ z4`}{d#*w4zW&&KD71b^mp1@I0&9flpt2K8~#Txp=SpH9h@?_u00z`SJup6#=2CqAVsH^;P`i zkU0JJ{3Zj+a=Me?b@oGbz7LQ7SH4rB*dGSdOHoK{Wj-IF`Q=DJ}#VWNxKh zOx9k+o>JsK2jAMG?*jdY;aGl`YQH~xnMLC z`)Ur8`es6JT^PY92=G@~T8-1`%dgjeK>!!`5c92w{01MaY+<@dAL)E3csROV}$>+HdG(<5%9&ix&)Z6>?&|ZO)?K{t9-;TpS{# zP|;fxM@S~{^LBx&KUNa(g>&MwPB`Q?T0FM$lS5K_5_AAbDL zwaUl|gi#Pla?T{En6|Qe1=OIT zeC@g1`~)kr=f8%p;<^A3tTVu@Q({U=k+GB6vD2hRX8i*VaFcvqLk>xkiwa5fqhSz_f=%h$5y6^vIj49@^M-}au$19JCsoK|#Xp1r$#abtx9=?YW3LQ_5t zp$Gs_pfSpcE9%sH`c&hH*Mb@=xwrB+XP0PR;0Ec_h2Ia|~B6OtDIybs>Xi@CXB^9Bk?ij|K8sBxP zD+D*5(G`b}7$K-`5uhE``o7k3E#VZP1OrN}dNDyeD$j6`1d9ttCwH8?nCoVA89k>E z&tcKaNCXzMs2m}v)3vCHq#LdX+COJ{wt4Vd;U=AV%7zt`1K&-@6d;p%X7)2?yxvwV z$>#Jk=DFd<;{LZjX|<+Tz#o&S{+>Z`0aQG1EV(+N~)4CEV&rG7UovI2@_a4aE7>yk7a6i@fe?Mh&FUW!gv z;3PZeX}fz7;(g<{`}dGXsEMa!au1;2d8TKLU=T|{qa0sqqxM6O6 z>Vy+;7E#3Xc>;!3oqY-54S<-{cbD!in-^%Vu^d}Qaku>lxBC2@dkfAFmhncM6!Ld(7{#1t|WY?y2y##=s*nmN+F1`&GYpD}keS z&2(CxMLl$7O5#;)!JXY8^$MC}ltcH50X-}DNtUBDHW43*KFAMx^eSjcDfsH@hpsq@ zasyzq)D2~87tfEd{mka{H8O$*74)+w;*!k^$c`2#QN;GZ9xK`^%YbfSf3*_s@+v2N zw+k)9hl;Oz`571ON>nz!nqmpa8D)L_MdMvM(p*IRRMuGe+0%-o<}$ zZ}$Bqf5yK39{Xoz{7$c{;>zR5cS|(BzE=Z!!*5!x9sU?sQ9WXb*!~6(HPOpdnK;>@~=H+^fl7r9|JNi9)f`0UEUljC+9eXw0i!DLWFe!of zQ9w(rL=6s%fPHL!VywM#LX<2qjVe&@!(0`l z>_^=;#lQ*>a^Qs2tU`kXEyqU$cpdqAvoB5GDCi!C`wjb)D5MwX1qA}h;D*TXl{fpFzDBv;)z(B}* zXDM@|HS2!VBj;Z^^PUB?Mao%)mh31hqoODGiw-Y=1ip>aVJSt)|*P^D4*rB`1m7W)vZF=Z=j zWg%>+ek_$YCtZ*ud=y1TM*`Hul;8VWTAy!J*;(8aRdJ)c;u(gDA45}sF&HKgxh{(Y zoKy@`?f_#0Ws1{(tvZ){uV6%nB@n3bn3~y*nkdH5Zj0K@uGo8Qs81NG5db_=K&fK(EQ1{vZlzh;+dl^ShYW=ijHFsH7j{>rwS`tX~ zTv~1Z7o}5MZT6h)vX1Q`Bnn{yCI9biZO>L}?h3}=IkInH@g%qwp>w`pfzmnO_)UI_ zDrf}JW`Dn27X)J>j19*Uvm5l=P_!l7)yjRi@6ZnDkoCnd7=vscHw$ShRFzR&^Rz5Do741UEZ)rjSv0sPF6hX~QQ3|Ra#cR@~G`c@kr=DVj5rvEvVg&vQ|9;6SQhd^;p`=&r?^B!~@FWGffamXIC zcBx-P-Jk`g6J)S)sZ@b*OH_Ux`wA-iPn+wRZ&u`VvQxa)`fXZH+4IS6wFgvn4boK% zGoZSvUt7$9J%`p!2TT#hZ~?%}amcmhfTmk4pOcbW6?^h`V|e%}X6V~{^gmMD^weDA zHqEq~rbcQ_**QDseNALPq04?=XS98Ey%%0V`V6YyDSQcXkACuHRtLANH>mYNPyeZp z0bmlYki}rYtU==;+fTiWZlZXYLlSxJQ)4yF7mSE+s43)@&7%_y_T{SSBS<`9;e>R^o4dj-tjq{vko<8u)#Z&Gi<#mtE!I-*X5) zpH{3vCYD;~PJ?DU;SB^?@q2qn{kJwDr~wsWD{RAmj{ieH;tup^CU6*3kLnhb59xYFWmR^HW~^Rq}!CCXQOFC)ccm zj_fOnp@HUb@GKiD5lS8;SqZBE8=?}VV!vjfnjQZKN6Hn4(3+#4ytBJ#jXfuTuOE+5 z1e5!sH>`jvq1e(Pl1{G~BBghWXrKiEG7QZ-;j z0ISk3-0-Fr(1VELAQ+iY8=+|3^n}=#qNf=<7Q!XsyoS4;%+hmtXo2TyB>ahnE86?; zhjH)Om$l3kXyjqjAFy%{;3Yi$2Y{zXYXZ8FNze*ZPViBhkmEiE8h1*~x*^DVgokp* zg@W&i`rJ@M0gEF-5}SD{;rj=`pY040aYJty@+ht#KmETx9dfBW8j^uvM;K|tj1Cx# zr*Jn9vZ=FPb21_SGuqO=Q?;>h2h>Z+=aSY*hj^jG=#5&WZd}Q5`CfH~^pmG93`u&O zi1Lb%{%fYs z%!LSVn34#9J#I8(2%1#m`NY9=tNTV{&s=)RLZe-;7&v^y1N`~BC+wvdRBlKs@x~O% z(HVfN*XC<+9V%jE!w)l5$+mJ50TwD8Z?>-XR;go&Effy*H|97|bQ|&?_)3yF85KG}=I=!yM*CRM|^47u0`3)!`tFijsEzxNfIKP5cDgS@$Zs#em-)Oj$$=w;T zS1eFH)&VXk=Ko5L2)g!EL$f`ml8Z^6r`U-05?8z?hDz>2D!LzuJqx|TB2J4c!j@*v1ObZwr9fUg-506bh#pz@P+8I2FL?s0t5ae9_gZFY| z-lQj^rUPt2m7da-dslTtgFcD7_x!0NnGBo_tTaxF-|)PEpxT=|(@#EYBB<>)0IFAi zVLU-&RCWMr9<(I{nuJ5DV3N2phtczk4$IpA-o(}p0|YXy-n+noobt;dnKQXbE+m%O z;WEo4E|MK#A8W;(`MIl_&+NHr)PnnmFF__hMO32BhQI#BjOQ{Ra4(N#g)lttw)HL5 zzhLHh4M_8E;A7IJBYz=@=w&V^5c`Gabhj^ra=V$*{bBIKc~N`4>X%;vmvT#JweD|G zD}G5=64UEuO+@~=cj9?;zvN$h4&h|zl(^J8@~#3r$pWm=CxW8HEia^Pk|6$;x^&Z) zL0lMfT6p+2kz_qg z0ip)Q$&18kgoMEhFkMa&e9bz1z53<{`munl!0xrU-vroWh2C} z%f!F8$G)$>#cF8M`ozzC&HL{vBwFWTx7__7Kb=MGUHIA(|McD`eis8po6GuQmh|KJ z$1q?-AiZBS-?=dr3Tod4w9|qTpCo}#0YDVa#DUxv#e-hHHZ2_Pv#KxbknEm^#r$`> zxhwv&p-zH;y%7evuAg`wm579cXnPXX3sVqiafUWCZDf+3sI38yf;Sg>AA<3={ z;C!X8{iYU|(}2VM6iLm7dE!OG3$zQTV*HGf52J2#)|)X}8hm=<{@E~6p%Zou0}D3_ zg`!eM&!HamDfcfZ_}T#D-HAAy!>nSePaS5Q7(jt{Raa)qlfwg9LK4Mq?ix&W-e3MI2;K+#F@TW#)@DU#N zMMLc|WJfTI1Cf*l%}jDgg#!UoMi1yQnOw}$?rpA14!9N3G$0-aW&mtYDI1`m{&?_X zjMrabzrJLScYfI2RL44RpdGs(cTKX?29^;YNy@Vg_e)eZ5<6>1`BR_5afQ$QgT$l> z;kAJP82TQ(AFt7yM1P7m;>>3C2b1Z?AuXQA6%eE_)aDn=8v*t4OD;z|_TJDhWJP*) zr@Py`OF9@BMyO}A=5|qJb+dyJT3LM!DXub4$W$Pb5=hO@a(6Emf&xrmU^MNcX&s}P z((;mxv(s{+=ChzlSy%%)-?ksvC!FKP5?_8w>35O#nFU#$7s89r;Il07WdRCC*p_@x zkKwoJ`dIMYC@V_qNmv^27Cx7bBwGc-k0CP$R6HLXVhj#5IXJSDRZ5MGvbXi22FtJw zj_YKkuTL0Sh;w}Zlak!~>D&)2EXwCUyrtx2;7$RuCnR%Tu?MHD*#)B@P5N@uXX%Y9 z6n<@4YVh)&i{duNCmhRA1`fe+C8cytSQJ9;mnQ#=qJ{o6eTxe%hV_2MLd{taC)35AAsxd~Cp{S~SE-2aOfSirB zyCT3RMfrkMRnZu@7fW4%NxYE5vwWvU#8J^)jRtq+QyG6VMY6z&YKo#Ni5X~OSO$#5 zf+2)@jk)^AxTK8O=2sgHCPm2i-e3s^Xm&+(T@pn!x{*mMhnoP@5uqp*3wJImbGfYL zQ>|)D$L`0r?gupW4w$*L0rvEu-CUqkH?bbH4FufOS7I_Av$E0K_uJEk=z3=lTv-8epQ>eAj?2cxFbCw^CO}Hth8E^2AB#iTVjVdrf#zxn zWJHo_85WE-sfwjIIO@p1QtgN#^ru=T7>R)03{W5M4(4LsaJoM!}# ziw!m#3?}y9hnZZG&uRZhea0ngGpoj{S`NAJLuq;`=iUrW-5*<=hq&zZ zng6DI*D(BsJD!ia&f`ACp4tc~1jwEi&Wap34jedX8jug{?Dy*YYcl%N^iE&(Xka9O z*&j!qg49u;)H`mV*{XR=Mj8&)4;A9=(l|^iCS6&&8{3AmNi|s&5T|BHmgP{^@)Xhl zX8UPOm}A_PrK99ix0Luu(-ur3h|G z9Se-M94Mo%<0VZSvCo7q^vF7wH#U`j3!H$X!6POVXTM#PCE^}tdO{FskloDWxCI?9lXF@AE=0HS9Z)W$$rx_mF4eQsT>j2u>a zrap79HD`x@Dlk71)7TW_q$i3P^}>Sa@YV9B6eHU+3hWEQ)1zr(g~ZZjy;7tB1I(!c z!m|foTS(IpfijrEESDWOhh9i6zYsx#-VVKZyFSI)+_D|eeJIjcr#@56-Qg7jR2Ucu zyD|UliW;crUE&oA9@-)si_Ooe7a$s*nl#yjXUhhX1e$?iZUERDlV)X^ziK)}p4=;4wrG><}*O*6xG%dph6#z{Dh4nAkD~8on?fj3dQ*Sd@orYIkKCe2_OwV(# z6&F97$!KiYUOYA(uQMC>rQHgn0bU;j45ovmKl+gGRogU1pS1q*)&sF! zd-5HJ<*qO9P815l`LCOsPVLXE?Cq(Y&!2b5CBrik01#qQcoFbFQ<5~-hoD%z5oG_Y zWnE>MjTcI$_mm&MpQC*>*)yfNGnB>s;YohGYg1!TqlR(o2gKZm)YA`pyzAvx-}vue zX4(GRjVtSQdb%vKv)^ZWxa0u!`Z67g`tM+BijxfQh?14cI1@C8jQJ&nzQ1F+8PPfw zwK$aTvbY~tYs(2cq=LuajHXLM!mkX>F3TznvsaMca?<8~(A((m`V zQUeY)7KD90ii8N7onUCKXgXZHGL|R4r(?EQUoA&#N5s&4LGG9?z+0o_=II zYFQHp8lcsEI-F#}E{#Smo38)-d$)1?U%SfX+5K3h(T1P8SJiL^K>SrF<=A&1!v(d) zWQ65K$*nRq63B`7)s!Vo=`z)#Wo?cHtn?KA`p?vxp;f-}FA-N?whJG9%qpp@xI4^` zerl!?fA~y;HvQ@GsFTs+Ny?jAw$``Q4C_B70%B(*`$m68QZvLu=mZ^>QDXo~Rw)_; zVOKYWnpY0Pk-a+wh-fChoZQXL6Oy`BhGyBfYVvGDhC~bC7Um7J^7O2#CSRsm*Dsus z{FA*|icPMK@z3!yiPV%9O1L&oJbO%QRh`bjH+E#(WRNMb+!!&oF73gN7`J9yf;Ka$ zHV<3=pnIwo)vA>$O96tgP<%hqUtT|PAB8~ZgWD!ywv5QG8 zqVUXfcp0X%1VXz1snW_7Gv~h6PjKwu5RsF0HqQM|?#ETNr=A~Z)qmP-G5co1njqaL zzuR(VPfR@i*(@eol&e>fse#!$Jo@l$%!Ir2)010!~v+rjp`+P@?b$k{0Ef36ofzA<`d8 z#ZZa&@ALHJA7>=p>i3_@!Sdf~FnXLQsj^?__ZZAmo^jW(F{lEYE|Ez*$~ZB(2uOgh z-R=N4ZOMI_?LU$uU^qM*o@@U3w|CEU0`UEtDF`-nJeDD$gVv_tZcJSOT*D^_WK|%> zaiXaRPfEEwgigZ~;)b^H+bYqowL(=$90evr+*4;<uJus?O?4?^Mn%ilWmUDQ|Xb)H0S^ zr0o^BhFURxGhEhpI($+Px^?45AzJLH9?(;a;zeyBK!U^Zy1*6(-V?F2r+ObURCwxE z*AmwjyMr?xl7r3iv(3aWgSt{m_l8X)Q$d_@o8PN-B0?t~y^B-RKVxHD(*J4{c=r!$ zc?>ckWx+O+zeg0^`mDh?o9RI~Z(+yJo!6a2odnvU-5byh3}~naxK%48xgYZiRKrrf zQ)%wW%zW)h>Q5msp~Y<0i&?LD{Ysra{@7vmn*-|>Uaml^(h~P+_Evl~Oz}^hOIAi& z&#ekrxg=I(kYv1YoFrddBj|r#ZME`rFR$*H-tg}{mK8(<*2mE%P_=2}SyI(tnVzV=NktW(su8Y`z~GBuxSv6*yu9HA;ahro2KjB!_aLOD0I#O?DiF>@;_}&27Yj%E z0nBEcpJSGshG`%9clr1t$@s-ZKmH@FJKu0ik)zm5L?xxm-3? zpsD(Pw!nx-{@mX#%N+kkAk_D>?#fTBC(^97g~9T%Bq z3BkUxM?4>N*uSbxNzu&0i6fqIq9#@gOtqE2W<|RjeYUKtk_UjEl44!?n1KJ0@8&Y!nvysplRe9H_hJ5v>hKCU)h(?DI9_dkrD-^yxVS>^?6 zXKEf36>jfU^6M$17~|U;^Lc9{>pIBfMG+RiceIxJpkTnac-$WuiQ3N@KefMQ11mU% zMGD(O^Ew#936y@Kt*qVv_UOuaxU@2;F{97`iIiw%I}~(LpT!Bxv2%aRv5l7?P1bma zf2@;epH`aA7Wo^eZxsxH*|h7hjaXxJs~-_F?u1u^GXcK2?cTXxeDXRGxW!=h8&-v< z_3STGGd#buW<4;tfvD8oImLvk+Pn-LfCdKa98chj%R`PcKbcF&THlYqXH#XJe=~y$ zHqrC>s(q<0=+66;-W0~u>S_&xz1wf(t)#Fl>AP^(zF72IP369I+PkL(dn<$JNePsZ ziejI|?UQ&&%sln0>e}`Ai~r6?!e09x!Y|Xo?Al}WkNhZwhc@YF>NTJ6_}5&Ao3kJj z8RD1w?k!YtWT%3Bmp=PgCjM@(m5CD2QS&gssO<}-QNHl>Z20z+JvFOFvCN~HrR%7; zTV*S+F7o?Hcsh!tc{6$$M^}jBp6&$z8mDvOqoK3ehdKlu(K{g-j#}h#l;P&3Dz&>t z&7Q28sBX~!tBj^It&s4w6@k*CAMLHfNMjETr$7Pd-EU5+>T_x|ELO*V={8Ru{-l0+ za>eN|A>ei~lw<@dj)E~O{QH_7s6v13jpIQ|S!fmM59L~Ky4&|Ewkj=_GXamwx1wQH zors&iZ0Vo%hzPM3jAtus+#H@U%3SA=skDH**98hH$_FM;c4Oy0JIihKvHQxq{s*Q`k zzfU@E%Dzt?T@Qn)kg^*KN4qe7$^uEKpumAU_Eo7*h9KY%Eh;>{O)18D30Ia?IeYFS4*4D3wQT$nU7Vo+IBV^?l!^kJHJM3~~u z(z;ws_YYEEd0_4Odb#IWID@7JbIS%ZsVKFQ$Q3Fh$MaV{zfB3pOf*y@E(3Mhq+uke_YDk>y0+gXH?-W~)==H3nSTc1K1duCpmYJ?|IR zHqdn&LmtQUH81SeBqL|n;DCCCd6hWjMzIvr;;wg(=Hv_(03ZX7STTvp##A%ZkOC4q zt5bg0FFBaF9Qs?`ZbQuKjleY&bZ%Sh<5_byo|E0E(?VjbJ!q+eC9h@|;*`6TQ)BV7 z#5`xxg2zLb4r#nC$l;e=2Htusjl{$VTHcpf9Pblx^IkqMHsfc(z`L<>$ZTCk++BDI znz(#78a9{IYQ^w`E<8!U(8!9RJLHU0OaXkgwvnb;*yxg~>RM>c4xN=Z>dSgqPHb~e#=+kQs){4Ak{GbxZK4x# z@h*H-`frhjDv+I&VDfrSem_mWVNTOX_*%5JzN$7pbctS^s=MZ8t>36-?MsapEZ0^o zd@mpc=vj-?C0e+p0`ir9i{W0}>x5-P<8%F-XRlLa#_O0tJfevTM4W3h)M$guKBk0< zD$D#8knc-7>B32_@O^ADX=hfmt6pU;gc^h-t!7%SyQGKe8B>@-Z87urE0=PQ6$kTp z4>leTg9h$I*zMW8a{Zb$i&*ggD{^Jhy*AYh=0YThp6VHqVL%T1&l1pOZk%!WxNf#y zgtc|nnVgr&;JLashxx>Vh>2_G>$MnDZAk}@7kQd*1T8w!q0v1h;WjsU7Sbj4M7$RN zQ_zB40AvUWqM|kaqPSxTwMX~cJ`Y{FAiI4cFanB-0O1Fyuw+9Iyz`CwzZPtax`BygZT7myS;oK_?hE;H2Ir|E~-N zPSFg}5aS`QCUrATFL3UBY=5Ah(mA`XQ z`+>zo0T({IdvUv0!a^=C{Cc}3+(1C090^FKINkbS;RF~$3LX-+w@@>;FldsVB+=3Z z)eZGD%iIfw%yRgcN+h$l(9#8u(d zBng!~zpcG!b{I?261MnH$Rc}U+_nvOb8$dJ4%|LOaz4lBNbG*KmHP96h1ctC*aysd zE=b}B7bTt?c~{!8y-g$*aZbio;Sn_*qj)wfmP&`-Vh8Iw5qAJ=_1XWs64?>pEx z3jZ}U3<_@t?6`z@&f}nXcrqOXPQe@u9%2Z~R{P zi=yx2!vEPw@@~#~e{7Z{Ju}g8J>9w8wHNli7hB74XTxG3H!*mtd|l2%Ps1%%#;RaF7U}Y`#}$P1?ZOK@Vy32^qJEkq;cxLFtxlzUr$l&1N?-!MZLNIC8L9 zf`CovOpq>2;AF^>kpYPt6~){rtb7za2=mFD4Xhph?3ylM%!=_L02SMCnuG*_%z)Ex zoQlZ1s4b?dVvXMRmL<)Fvbv{2>5>J4m|Cb)s&gF>W_ob?W*&6Qpoi%KbPQk; zFJy0s4!(GNvUw+SwoT~w$mdH|fH9dav`pkd0(nHS{D=e|8Rh44=zGm++*NZ6nR9dV z3oTWe@O#H?3TXU75=!mOnMVr^K#3U=1#pOU~XAU~P~ znYJVV*r)$Y?fJ&x%Qf`B|FqZ>iIPwQV)8v?I64Vhf@#nR{XUPCIHY1Xw#n{T=sS_5 zVmk%$C;*umuwq&Sx?YGr{GPrg1TAuIU7jN&jg|L(EOUWnz4FH0$=ou)tGctf%$)m| zJ*`s%sW~KRB7htiuq@)cry(@aFtRHwQ9P-6_8QdQfaR&f%PYN?P=m`I^ase-9?)H1 z4255=stiz^<7dcqBu{gq<4w5tZ;&J+aVj);Bl2AN-q%S6JOz1Q)A#d!$^obbAj5za zKm(7s!94#%MLn#daoC&DZ`(Afa3eSCG&>_87I~A8nxn~eU1n{NuSyB32N!c%N(s>z zRgU}ZCzn*nn7k{{7#~={9pebR4+J0K!a|e~L=DZv#Ot|GF<|8^6R&(lQ`{VqxJ0pa0tvDVa92WX6=2j6 z=_|kvO-X7s;GpE`XwzeAdOrht^zj0;8Mky2zx43;s|xm?22l!xXDZRZ-uirvwx{X3 zeuM>pjT`sL!AuN^J14OJ0h<6gpKm&zp)-SB%&ZWl!Oyf0p;ye{(Ds}pvNhdi zjoOc$@_Sij|NQkSDa3@GheL-00+%5PEr8^FUp4z%*Cmw7u?OM#^=C@1`Gqnm%FNKe zsxf&Yr=L!`@w(x5Ia9;`ksO^U0S8nV0;a%o2F8H0!%!Iek|oDaKP0#Nyg$BbQTr)@ z zzGT2Z`)D-kLnVIE52MUl{m0gA!%)A@vlyTxbq`zAfIN&T+WI*J1$6p6PD7^^zQ7d6 zJVMPJ@0y=&Pi+~RtHx^bBqTOr&2w}nbcdgOoS$46M8MS*_$^mB!$Rs~c*?Oel<612 z8A|WZ`QDpXy41!XY8k$>3EY{1wF}C`MaDwVQGDFYZd>^GU_rfljUp&pi1h{cO>v&+EV?L}* z`^_|;I-ECBGXq|kuGo=Mez9f!L73bo3s1)--O=l{u6w;#q=d!70WBoH4*`Ch-WP*)7-0}S{mJzu3lfSd+NNYvs&*DXk~<2Mfy)i7+VI6KiK(MjefW) z`%h&Cf(!(4u?Z15Bigm;HH;A|NhFL9o~cFas%K1W1=`bdD$e2($MRzBtLaF#IR9yZ zLd!*cTV;C5$c~M5w|SG3<3eO>BDd6677F6x4^%}NotnH@V@OM4-bFe8H%L9WEG7~> zB~WEwC8h*5weS{%&6ncwr+83h~PhX?*!*X#Hz&K6fv* zi@upIi5pA>h-bm)oWMVNmoJn;E-gW>k@p{ksYv0T|4SV=Yu&Je>igWjFJC|HDm-m{ zC-TCwGb!}JpXu)rTOU+0VwxoBl};MeI9uvIF9eoiCA|_VMs8v(qD(WT!51hF*9xD* z|MG3~^}urX;+!MYlP>Y?lXj}Yj8nj_+T-7Sk*KwW4?bXoh*0RHP8FgA0^K-i+c7>(Ac3X+kyZyv z1H?>D$jU_?soyw7$=QnL!XWTd7l)x#j$pqc{9e&&y|s0IjigFd@v3U5GJHlCC9KaIGm6|S>1qeWUsuWRC!$1XsV9k7RcIUgrV2cn0z=eKlO5okp=)N+vb6K#^VuA|Dy8d_+GFg^~sc9 zVY*APsg3&cXZ|)!WDFlW6_MijC5$g|Rvg(_%U4cOa%P&h7A-|>yi4A1Cp5YVLNYy%+_2b0KNYt;ol1!=P+7Syi1>JoYDctF^OPOb+$yBRunjp5O>}N zf}X8ZBKtW$Y%_$k`DKtm>McwY+Zk5z7U=|NF@a8F?H>tNIy)8^s5+aD z*@pUH#}xm)!GFjvWfz&coEXt?T4P2S3i}@bx)q(J>sT!#En@U3llnEr-h5UPJ#aH2 zth^V`$A^aO=xB2#irHq36O9$FMDy&BL8Xf3$K>BS`uTQeiC&^~@lQ~XVhF9{9!b7) zUw?)+naq(byr|&=p{56u}$&9 zX0Yr0D12@fvgz;D8vXY&a(z}*E~>rIjsC2euT+e3ou009LDJ@Sea~hgEFiLayg|Hd zOFiy8oNz&1z;rm-X+{OKcj8~wMTN(;pS^nJ3wk^VKJ=2*Sgf>ctkYSw9?r)QiXr_2 zT<)7pVQO?txzw)W$P@y@71S~*ABZSg>4`g+8p-QN`MJIoRe0%#-L&d>6i;`(yeSpy zmM4O{LzY*Pb#rLicm#zwnoT+Eg3%qNyv?}!+uT$c01>R6XLl}Hh*70EOGX@*hXHVv zvg>{8H|Tu)Yq+9&8jGJ6kVfgKYw?TFm^4l!`H{hrGggdhd0eiYN-Qe%6%(BOjqKE4 zvjfpZ+FEhX4Vo0)fG~qvfZxz99dV;e%#2@qn=(!F9j8KJ`Yh}dD<^etD|(9E?x<_#=<~$&hJjT&5D>cY zYpbYkeCmfen(PUHx3c&*H&$;(1)ZGtn?eg2jH{9&btaW($sIjG!UXrchVCE&h7yMje=v4RIdX^buwR2c>w|rGZ?4phZ?9b=BP%#_@v@ zYaOTNzmImEN~o`kd7fZsjm?08>|ImXrE?;{0*iDuJAFwReYF$mt`?Tch|C+vD`#_7 zx2T9#6W4YUsAVjxa^Qs)@6VJ<1mZYyw&*#E7!Fe}o@1b%D*xQp z*XGQ`F_8jD4&nW;e2Lo?;%dCmZ{mnGq7`*-Ph)|IHDK&iGyns{ve^x6bNs*-%yMA) z9vkxGhEIXy)y!~5=e|`ZF%}mp3E%@mw?mu|SM zOeS~|^{m1HM=mN3a~N2j@ei-NF&kT%+fIsg@12QBd4Lc-oNAv`W+A|k46kl<%yQC zK@-4$6-rL6I$IUM!hdcyrhTy_VrZ#WPW*vbssS`%JgM^LEZ2InuL=(T0&ZoyT7<;_ z?YS-8xeF2QcD0q95mnYgZxWS;DML|Ytp#M}K)mGp5||@Br9L}lk$da-cdur5!OoEf z{wSWJYN|#SL#ZmWJ~%_*2;{&$cMM_39!b8xNQH}{8gc@}O6JAKU37O{P2F`B_WXn0 z>TGtc2fz-q7(A-?jzz)8bD#X$7C3myUiQEquLZVGD z8*pZrg%E+E4n*LyjZlL0y;9L>u{LNJHeqUPEV?~2+8kQLY14Nkb0mhO^?p(bRJwv-A z<8$_)D=uMOCHn(@`@!plQl$5_H;rlNJO;uS3 z8bH9o!%%Ak-TLxN9Ta4tu6PsOc(@0;CW|%5~+MxLH)~ zVBLM9bSzaqTj+$lfahVgY1!I`ND?-nnM{>mxgOoXu#LA0yvV!0{jhgPg>2D_W%7`D zeV>{NWUj11q(4km3K%@RKWv5~w5KD5*!cgu_OSxFy2ZX}V>xnTInu*qC#Gi;UzV-&>rYBx>Q_1fGi(>(4lKP=)-}&EyE9Z?tzlDaEAP2qbkRlp; zegM6r1-Yi`ClWS>XcZ%q1jxWJG_E1uSpFbhJo3vE z22LKYZ>5%e+LVFF$w{HxDx)PnZK$b|g+yOrPQ*PT6~fHuFxNU3>3`iR`<#1Tyg5 zWQ&jlXTDw--#Cf0rh1Q;t~tx*#yAPI+z@dLTg9y=4j@QG3>}fW@OH#V@8)vqMNOZ` z=}!gG70aiWEIg~Welo;|kwE;}l^eKJ|n*4{L6TC$HfF~29i8%A+c(9q5%<_x2zhPfn_!Jl*KS> zhBv17VuUtlhXsC>3f{pqM)-e@hd+u^I#TnR>-2giP`+g{DMf>{(Kh}7bnDr>A+ZKq z6w$X~qM3SP{8rqL0*%n5c<0R&7&6MX*9?bc!7U3#3DSvv7Y?nI4Nt9Uj65uXl^j!g z;VL=KZ6xXdXqA;A#Dm(6fI%HcE&?f!x$n1^$0?rP4;{je_nGZc{GzAK(E!2zXH05- zD<991-Z7x}k61(x))=1oZ?=Q`HKKL-7v{$=blM0|?o>6W*@q}WPwz0zg6zhe77YqC z8`ZIik?rGqH(MJem&Cm@-d_lA0W zHGKSsl%(xqqyf~S?$mby%$27{v1nL4#$hB!OM%?T6HTp6@C0JRg#^j;d)KD|ve`r$ zf&+>p0|5Q!0$&cOVMr!Mq{5#wVsi+y6vARrB4(h&bSxnAUjysCc>Ua}DCx0soSO&X zut#LI-X!=#1gFt66v-V`pWJIuxJu1g76}$agB;=Mo!~{f))xqFxpyWd1Zd58qN-OLEU{RQhZ3hSJwSF*AM}p~qBv(%S=Ek59o8!cV*;fPf!nl3oIoPb9TCVqAW? zo%gLUJP88WT{Cn_03}<1Nxp$Ny)i9#cH+{ju$%lQJjcph#N1TZ!tAbV{B_nP`jb`_mT)n39p2k_!(J)EDR_e zofUOF-Yxg)ztH5zxD!_Ba^zLY&$Gy+;3(PFv<~U?ub1!dN+a1xDh1v=5xjl<3*SrQ z)4)jsJw6d3tV|vNT zc{n4g1eG29L`g~gq?QUiJY*){@FTp}FKFpa2XNFMuk^)rkVa{9!V0hF$H!mBNQKsF zlqfA880GsAK9=SSaDC4igDDJHvT8PE3SX{JlwK z88B9a7OPkZbg67C46{McD=#0FnZEn+MU5o(xk)`73+pxdhHsu<#^o)++zw2o_ zpR0_ljKr89%q)HR%Mc{|!V6X2d4xqp3A`rZbFCaWAZ8k}+#c`ec;!hBa-U<63XJ_n zj{>z<%qtW?6^#KusHomQSi$^E?Z%%FY*ds}H6bG8+q?lw+@LbkHW)q7p*lgdan2Pt*rAdMxzZ8e~=APssm9&v6=&oW0WSBe&g@K zS>j!wx}wyH6NWoOnG%l56tN4EpFk41NmOJH`@_r0Qm#SU3kgbI)$>NaH=LLzK?^kl zqmS)(nR>$m$zrqkbhQ;QVGcBB%0#4b=A_It@v^ zf1eN-GYrqP)rpdhqm#KmikXd~6^Z62x021;Ki=^ja%em#8~tQ%>LYO7tY~6z^&SHX zE&U85{(?&88`J(aOZ=4EbLckMqSos1-WUJ`l7LWe1S$z5Yzmvzx<&f2FB>+p^EQrV z81a&F2GnT>X$*Y*sOP^puw%RKKk8XfT^p7lUx#dFZKi}yyg-Lx;nYJnSYQc8uv3g( zpKTQ1e8Tax4GXh9$9~H>R$Wh?m$2F>@O781apB**MI^l%2}MJOZpy!ja4MR^GMX?W zRNSSo@}4MIS)(%Y#o!_^)@rO{vo~;;{>j6a^XG6<8Z4dd>QE!+L1nIHOfnk_V|;p@ z&C}KI+{Hz=_Jw~nb2pl;3iyvlwiv$D;JfFQftb>oD+t-!TbtUh6&4w|+B_;Wv4FgMF7M+Y%=KW21%MBZpm~kwr4M_I<#~5mi_i6^Q$gjy% z_rsR=@akQ5i7p|t_q+OgJ4M*PV5_`gj@$r+hwqf8O9Efdgu0TS@;|@KeY0TE-NdGr z;B4#leh|GQI5{7!oLHOm?|_IVT#%6IVB4bp;_4uLAHH}o#3jr=AWCTB`2Lv1P4KA& z=?jNd);-6ixA$IbWK?Bcb}xxJr#_9Auq`{H>CFP&xdGTJjA^t>q0({&ghq@iDyW}txVBD6{{8t% zCl3N}q>9CmsyS1<$U*SPi1Qn{>gF9f(*0CdAwYN!!ziAiafcTxhqe+@`j0VW(T>T1 zYcRkiaso$WMoZj3+u=&+RlOq6Obw_^cS$@gOX-vgJ z95o)hRCo*3v8}pF@CP=!Fn3_5BvqW!u76g5gY$;tN-qel5GG{rKk8a3^CI78xdVK> zW>&Bi{7vjf9UAWo&8rZqG)X7Q>&f+sA z$|ulAL~^4f^JvE$tu9K9bAjaU3CXn@{Awm83xNf6g9%c0`z9~{UDkAXIWlW|gM_oT zAb7sR_Z8Et!Z|Dy#Wm)<^u-Bg({xzgpXOzw7wuyuERb3!>ccg4=mP68Tb*7P!ghWY zO(q4dCM~O{Zz3#^^|xqf7(Uuc|7B4bP2EaKcQWwcBPBY~7$CA*!YjQd+rRzsFul}p)?)fYfVmyM| zDrEI2U!72nF3N5F`$PyNR_BH$s_nWvf)VL{lnb}iF}+mrE?Fl*yaf&?hZ+^r@D|E< z_YFoPc|CknxgM;a>PU0U%g9*iqp~+L{nkK4v zfG1`|YNqsoKYKl^&XVm)Q3O&>#0CrJ?9>I16`skB3916(qwb2xGkeFt*FuToj7x-c zJaCgAyA-Cac-K7CBf^+ra$B~?Y_3>RMG|zH33!L&eh)ycB$+G|B@Y6!Da9M`*`&=<@-W=cqz@rQ89Ju6S ztRIMC7_(l8?DmI$%m9kB+P)wo-mJITI0RN_q@=|LR&EJd>c)Nkn8V{|R-hVlKZ?cT zqia=gQ`OPjH}Yf;=zUR7h)8pmf_;vU9$9@qNf-na(Iu{Gid@w?4 zO6DCR`zM|F^X9;b!+97b;Op9E&%3^tKCiwpU`x1rhp(O^qgl(KWz8zN#B=i-8o?h% zMnaX0dY+|f{r>h1(%Y-?2voWoMiT4rtF#aq z@ZI6te^R<3IvwOGOw5X&P)broVJ);|`c0023IMBV%rYr3h z@T}O^tjgi!vD=HPtw*6fxd42A?c36a<&zRef0OlTr@sPU{j4SZw->vti208UHjY0+ zX#gWArhz`^C>T8OZB&fXO@5y47x6RvMrxm(Assp+eu!rz^zSI{juo7BKMN3_dGvmH`8(R^<>-4SNRpq* zNp=DUY+-o&Jomr3R)K%ELpHy+WFD?7vF)Rm9%WBf{lO9dVrT!Y!|p5n?)^^y3}VX* z7)sC<1c|+A#&ELu0k{(Z#-{)vH;@{6&u|6+kPut4kwuiwj3mDUi{agS5dscd@CF5^ zE<}%JjljUCBm-Em9R^;2B`rX~n*ku>QpnLXz@^njdEtuY3<^wzKEhCsy*U%3qyNp zo7O*l$P+Gd67)PC5<|&Tim!r#$!AcD5>m+@5o?iS(*Y|yYnkjRL7Sk!aCQ&jQ;~327na-*x3C6q@^x0M|_h%I98uw zt8pd^2EI<;Q1C~uDT$4R(;K_9T6kjoNSqykVWk8jXx


7g8`^5K1@~1PUgwH403UxDON$iTLtRyLL=Ug`P=R+9{xmSW>GihQOX7V+Z0SYeQ zp!tt5GhD~IG{H}~I!Z;QWU~=79}oz@ehY>W08sxA>!JhF0Rgak0FdDS!@8hK2&P^R zCnkI_kN5gyTgAIH9M*Ll3U*47;4>LH=mota&(%s*%#a7G7G=l<9Ij7w?5UB;O(xsx zoW-dyi8xKzhq=b%lWKGQF4FC)x2RW&$U=`+H(0fJjU-b4=@Md;^E7#F)9*Hu*7GoZ zx>%348bm7Fa=0G+6EShX#MWFaAJAgMzo>>$`N$fG1)*_{(Uo3D3>hw;g+P zPIDy&cJ9LYz5Z}n<_n3o^*nOA2RZuv-LCkcx3SFM&O4I$Jm*Gq^8JMmdyLXcZ?~PQ zBlDUIw+Eg2`-18j+7EvSRrmio#g4|^vu5&eFL!|Y%N-uBORaNilTB(xfv0G9nkShz^~ zxTdE-lNA$*q!REmt*6+5Yb+mvj61$Xew;2RU71D;W{|uv0vEk&T_T5PIU)#3Biax? zM(G%+ANVanP3lJ5IfyLw^L_r_)19C$cj9WBm8I%NV(~FbLN1T}GNXwtV1>5H6dfUW zmgb=20T5AFmFqn11u1oBJfyt}lKYgr7gUuW>4j@7feRPCII!idGgnJN=Jl)kh%5cd zp{3Mch-wj+??d^IaiBmjQ-R=R+F2R+$q1)Y>jZ4Ee1@NTEe8P!P`X@Drz8(OI|aeB zY^wD&u*R`ryC*s$ru2rh6rv3V1=Vl zyZF}UW8!%Up({1wMsnyFIq5TZh3+4P(mHb*;@T`>7);fd7@k=pUHa2 z0^pSDIDd;)lx$*iKan|l*70XJ&-ky6W%fxzKtZp+$yTxKkz+^iXXHbvDy@meF6vC$ z_~l=s6l}Y4cpGK&7qt-060HIxTv((*ilIwX-ov%xXU<=1y?KfTfXD!7 zN}7;<(Xp~Hy%)q36uX1934Ts=WU!?XGPDW$DbQwe1f)oVZW!E(^`ld{ot#i>Y%0TJ zwjQ0hm*E-Xxg-fh(5-<{rEz1@=ltaH<>XHsA%cqRpeZ#FZNWl&_#FJXu}T!(xM!x^ z7!d5aUfQC*Qz=QJ63r#FML@fYV(=${dHjw zCM|c7k>0onIKt1SSBAJM#XEzOTLGMOz@+#W(-SCYC;Me-!gK;!;2Yqrqyi9+4xnOw z=3h(J$ECa>SVpjS!wP_L5n)`}4+Pjo>8{D+yv?mSxbr{7z#XhFmMOP#(GM8oU%4kB@!}quXhwq zk!NE6m>JqPM7M^4!Unb^@~37=#3%|#UwTs3uKuUzKZAGo%^r9}3r%suRN@HA$#{?ig-x*=;J<|;>Xe;?cv_-B+rsZ(`Q$c*+mC6?|ie~64mEems z^+jmMvQRk3gj@ZVnJ$S9Ijq6B@ZC)6# zuW=2Wb|4C7M{;>t=ykU?=XRDgl9FNed+9J)*|;iuhF=Zr4(@y;EdGg)?+H==YqEqH zwnoyuj1bI{tOfmnw88m?H!4SHxS1_uVCnO_LBigliy#Q^}o~Q_uzK)QjV`q{E&rJ zhr#`SHlW>N{(@(Rz?Bz(Y3cgfwQe+xw$qAia~3$^0C3+YW!g}bH0B{ok+Ov^P+&3|4e%(u<+~RhJTl`<*0*z zH}ni5k8S^Y%lOEBO$-ttx(?r9eC=dld)7tD7EQygj!V6wqC(%%oRh0v5lfb|g_h;V zYcPDwVD1HRpjMuVB-_Wc7xQ(S{GQA|yxz%zexBa@VTxBtNz8^24fA-kEC6rRdH(tB z<65y(>2H7bW;B}Pno46{-T#TTMMcq+^s_LDb!+;Xs*$jjLAj|04?$C9kTJ{4X-wWpZH-E8!LZ|mWSzgy+TPW~G ztQ_Ycn2@*!v-XFQmOw_&J7Qth(bCyk*kezT`)@v#P;KNR0s)$Hv#%Iq&+o@a zj07f>YR9;~im!C}RTGlI<(obR`C}zsy8Y_j10X_;dwdks+6=dF(VgiMPud-I$B@Fv z#Y>%Hwa}krjTt8G=emFjr4U!K=OAfg9=Vqc*8to&f^#cpfeKVYPWw1FjN&YUb|LOE zH|$lsc9iui1UPtK+BPlg(IOS-@qKADf3Cj)ottPC2RmC#UObTQ(vV2o=x#AaP8{FS z(~oz>iEa|G_|9Hc_PHer&(aYuJ_t?f=m%VI`V|}+u)>Vb3;jM4F_jf13yVkH#9ex5 z$JA;wiv_sSf-2mi7hIXz7_3*{<1TX~hK}$l^x_6Ugxsm}k$+Dr^52XSqgW_+r44zY^ zlzfaH(n|1%PBAP^aWKxHzBMEPNMma$p=7ZiJyM^pIC-jSFar2|_uVh^USG<+d|V13 zF9o{u9Q$mk5@6l!Kq^qH~^HECp@T?a*v;J$`u20 z%5VSxO;-WA9U1H@0B(TKr6qd5*3a`I(R>F;Yn{U^lO~Y=+LJ%_@tF=X2P&TqCD;oc z&GC?*%A{!p4)dkQTxL2g07pY!p{A147oUl%D-6{55B_?Q6%Q&}fwXdE9%{cO4w`ydRHCq)Fkbxy5Zl2?Agg=eG<2FJH?I*UO?=?GG3omEYU8rvEAp!Z@Q}nf3SELJ-o&YrU%E;8oU((4BOwYH6CC2uU zG13)GUgg)^KhLSRDY>!+K4w!BBPjI3fb`iQQU_^xw*>Mx1aFYJ3SQbEl_IAa4qTa- z3cbdDw$}7i(Hw!BCtL9+`C=Toyi!+upb0pWDXR?zI9aE<$i=dI6|~>ruIftIyd$X> zbexcZZBt;DJpE?;_%~P|;X@xr)EkB8@d&PXrx3_&Z&cl{Hwt|fQSznQ?xk5gD8jx{ z>I4-M@8ZDLO0vX&nK%H;LH47%(0#rnAhL?Bpb8IJ1w;uKyMh@3_yZUa3!lT>Wn4HP z5XWFWv8@&tsJP1y3q|4MY$Rsmn#jDG=LPr=3h*Ne@Y#_NEicx#imXtp%GU{%#0#a% z_irmx*D9@eLQMp!s^wl<{RX&CRoNC)+1momQ4gKS2!s&OkJJ^?0`Wq9)xH7_67^Bn zyfq<6NLWElKtWgtvLOTsjHqvTwbp-i)1{mIvbKI`0_eA<|Kc{PCJ`SOGwD@m*ixwJ zwQUJmXt*J)-RG{2;})<2=$XqGL(z>>y7++B#;z7aN~2W@>_Yn{X*(5Br`M^#ur^F`;#18H}=HJp@N_Dxc+A2`2wHndwuHr=R{d@SrQ~ZQ%ogc;5wR zq-RI3Zi~;0mccOmVplu~Has{I0&%K@e5lo56I!k7dC?GV_Or+Cu&h%%$;YcH%BT0j zx+GR`U{yDX^EYIQTYwRZSB4@qU8n%O1>W;`%E!m%6~0~9gPz`o^4>Fg*fey-8xKXs zj$I$`Hbf)$B2qy3>pl$XB@y|Ba8b}Mj(`?SCj)w z9$1@}zOe+s0hvN%1jgxVccD@Lxif@bLn+P(m@tFPcf%QHu(Y$`M^6|IYq~-gpi1>M z`!gfghc%*4z-M9j3A*_*;ra57qupO>l?R@x>X$_nj>W?qJhP=I^Q}x zAuMddGLW{h8Yi6zUPqdy=eo>Jv4l^gwSsk#(|YOCbwv};H8aHs)1T@01uAw#gyEM& zzw2Sh*0LR)2+Kc;9{r<^9~tg;ccc_UNZZ`LKoj;1O&FjhJ*th~4 zWITAvuXUJdV6H|V4A%myBd2SLM(*9K8QDOJUR@mnL+wTHdJ1X>o;1p~8Wy{|$)0ue z94U>@K7F_TRDE{LgMMHkd;yoIFX;okZ=m;ao_qWv?0Fp?>#VcQz;Fftu8Wx89zgyl zKL5QDtOpo5wW;U*6ZSl;&+K+yKq;GU=c9BuEDivqzb6ObTl7frxyawn7RV%Xdyr#INQv^tfMrZYh;jKE=) z`g5w)6F4m-H1acV`sZ)q^N&)>>64qgEw#gNXOZ-!Yr;=HzKwp&%l=Jzfx_;T@i{R` zb=7Z|8=Ds194`9;s+BQwcd!Zy+RrQ54u*R$_})rd3NKp|I0G}hIWt&jTOeR|oOt=6;u^qVjZ$X8IuY~yeq#;G+{S!e_ex2FF&)e&Fcc%Tw4D8= zj|O6M0{bt8mz5dvy=bC{Y-ByD+^uiD#-rwKea-n@^Mca5z`Ip4#Kyq7mr>LPcjX3! z`!e3_BnX2$k8aW#HgOy*m$*X2*zjE(zVIdK_icRPMH2ENzG9eH^-y2O2fv=JcF{f= z$v0>TsK+iS&A>{qA;#~`P@q@G*a@O7QcFM=`KHDL9~rVfv9m3wmtQ!#ftU2#6jo0z zUJ|;aw$oBRv!+aY7JdE0y!(#%O$)wyMEp=!BFy8$U-92OU0}l%(cYWl3{>)l`VU97 z7duVFOyhMgw^}TF*xT@hfKx|?3MHL8eMBlP(@d|DEevNam5p!YO z3f|VAmk_-kVE))>|5N7iN0yuEOI~2vj83un&`s3Ca8ik1?1w#s?FjY5rz!7^IoCEy z4uj_o?fb3>gl}OESK9sOG*55sPp|xqktztV74a(L7eaT@)BGxDSL5jit$4no*Xbh1 z*Dt3>UwU--{hT&jITB9xO&{Tz)hXZp0~1BbleEJ{_xJ#Au+|&H`^%7swWdc`3#@@L#YZ#J{HW{ibvqAC=F-n;%kN67ne@)D%s) z6OD|YggW#e4aL6k1(3mOjc=X7A0kBqs3LCLvD4WPP+Y15W*@ehVPwWkawyC(RJOh zMHvE#9{o}D{i$+KLtc>gWZ~RXz=Ff>r293Ey6%dWTlNzNj-ZpZ`VST979_dN8~x9# z&Q6YK&mO~RWcVgk-BiFM$$MEh6zn4fur&5?wDGFM?$RxH*sh=H&X(F=_5J8 zU0MDZXg}{iRc{?0AR&|lm5GkPM3vc?+h;jaiA^kC^D%pDGD~Ahv`*1+u}1RWw;D?Ga{9Cyvoj{1%7$`& z*G#G9gtLze%9{O(&_4zheL1<@;73?Ubnw3Ew3-I~{QOHQ0+?zbgK}!R;(;D|R$yyH z6z`9syNwmMY|=j$9l9hPdH=}Lq}g&3VCn6)PN<(2xLv^Iw=M1d4y2T(io29hnK821 zq0EXm2KU)h!fCP}jcFP1Kb!dZpzkx-r3wXt@_5*KiL?y72Co0306GyFwT===E?nGP z#x)e^mVcjI*&^pK#Fk~a8U3;z_i7S=(`0@tDSV3Py!z2E)*foJ{%lliBvvR{j1O5X zs=D*8gm_uVvn&ppuKUt$!)j(~v?iPnDqRxr;|Q6(BY9rq~y zOCj^+(UQzg-U2+jlNW9BtRKnD<%>n$u;rm`^qjYUaJ<}=a!CE9X<=;iDm{4it)~z06QCvyU!7&J3 zxCx@7sGk@&;ov1A{$;-3S(ZhZrdP-gnY2LH(+Vh?>!>X&hq>Iz98zvQ z`o&yX0)IaqfqWQs5HX-Q& z=ec}vgU8%%eC+e=U`5Ab2h0U*MOkRRJ&4hs(#=It3mN+3OZJ=F2k%+!*x_jA<_v0s z*Ie(OP3b=ssjMKfftjs+6p2k`Pbh_Ix9*O1cDPzT7;HCZY>CX{7>kpkvmp`Nz+h>QDAJi@*ZbvK$m401&7#NcT_ zVMWq@XHA>VGZWMrQ7T`o!-~3Z_sC76fe=0K4^um4EPeL*1o`0i{N+Nz-z{;Pf#rXQ zxw%EJKY;gchhLc3g9jv||IB6-}==Iy)T>m&I;5ip?jg;z{5il7x`s-rq8 z>rUpC+rPSD(o!HGf>l|p8G<#YXqN{}_i?ta1_iyhId;h{oPIVS*x$Fl{P*ukYm$Ay z+qCE(m%6QyKmUbADpSX*ilI4-*{8TiNHVEf z!Z$ZAH2JzsBp{D`(;|waZNkRR5n_i>mP7(c+Th*t8KA_<{Y+&JKB#rA^6zPy&`-*n z*rC%K@adl+D+(zm!H4R4N_;BRT7vagp9m)8qyS$=_+`!*I z%^K}d>b78$RtOtYjEOZ^(o-_chlU#&o#~C}VFP)h5H#rsVbiz7H__RvNzd_;mF)UM z`%okMC>c<80jJR0j$9BzM2e~&->!^0{NX)28HforY}Xq@p_VanBxOPd(e52)r5a&> z61|P5YL~8HS=&cEOczTaZ$u&Q8LE2tWxx_cll=lu5!aXMn6u00%)XMxDr40?q_4$ zTKcYIrZrqXBMGEM)o*DWqn!ovnv~9N8w*@R-7O3;SMb9@YANxYBPS0m}dCcY@#NA zuXyL5vbE_Z0jj|>w&c)6BG^sMy=m5KNuhUg3R;!qtU+8+lq)f(rcrisK+W11Q)@_0 z*1LyA#kb^|B$UEU+j->qd}t=^8)wa^aP`J`^#Moi>@C0-|Nq0)U4BLN#{B}GW*BOK z0cnPmE-8^18tLv1X&gHJIYWs^DhaiV6mEc%E}!owfFVaPNDq zy}xmN1lcdr7>nD z18N-Bwm2qa9X92u)3ELoB|oqRM32Tx%O^Mhnk}x4oruJMh{SC71f}yT_M&9X33@!`q({19Md$hS$v>Bb|``jYEuEh*sy!&|I!5jg>=>~Hti)%E~sWXllC80jA>^-6kz6-v)k2O22FGYEiZd==Xc z5*I`gY|(Qj*1WsM^o{vd7V6yV%rf7XOFE37bQyyLLdJiF%=fnqSM{_?I+#%O2^;+d z1!;`PLa7#$%uEwfD@#ksE&wbSc%?ltD1$+c-;9!UVLCZVHlMLS1T1+yKJ(O6>-Wlm z@3M#}1w4h=e`Y#*&Lvb~R7pwmGH)_pZ^Ss^vC)I2aX|~fKk~P5fQ4vW^m&7~^^~>$ zR6z`*T_`u@)=N+b_=^w3Nt63j|49QaA72tt$G%s|EdPYqKGFf$LD8_{-_X@q{wp%c z6#)31aKr_-{R~D*ti>AGEqJ3vq3n7jn;+7@C08+-h@MS}dqc)17t(^2&$ai5c=?|E zv7>&OrDZ<7%Bi4B#Om&t=X*8^@-SJO7g^@ESjw;5DK?`5o|PA5#4}_(f9zl^RsYKI z!psajD7eBY85eJQ4c#QI|I=HRd9up;PhoHrk<)17v7%O;1z4~{ouMh^gtVXgKaTep zvql_TOD|91auK&>w-L}sOzQjcTh{Ud z;qmd7PDtW!h?%D|6)^*BPfS36FN9kc%N}!ut1TUhs^=X$={)NwN$6U214z^Wj(MTeEQ&a}9NrNIJ3@fny&!bRko zKw-58W8x+Vu_9h^B#8(x#W4VhUW?7%%f;DM-mQX->=l0}FYAnBvrdq%0o?_FZ&*Vg zTgSJ81_T{M5e~*=hw3Lkx=fHa8A@H@ly~+gJ1fp6#MbrVxq+knwG@AU7mz zUJU&k;Y@vezzbs4J=OE7sC%IkOK%9`*8%y-GF>ZFMu~U@0f4EPCs+Xg@f(5y6U%fe zmxnPdmSM2#qPwQD9AI(e(XrA5LYsQl}oBEnTX^R^#r zzy=;+D=hGdO(ISTcPyQ;{@-T8ed9!94Aj~gf6&7cwxUwWLumX^Cl6+}jyTbg_aV7N z~>{^;V2Y@e*C21CD?_4i6yb z8Ss9<^naga?!ALwfPn3%p9cMMu#QW|0Tf^SOhtv**I%QsU>O{k4F{z2@-^yD_&E+? zWb#>KR_?Lyi{lXfYY7%y@9AQx934 z1kEpjP;e43BS%-^2J(&^LZSw2ogPYhP{)k}+pTVBVu5VCq4I2Ttq3S10crtYRJTyj zx!7(*$QXYQr}@L=mHX4M`lnC$XWxgE4}{%#F>xl066O;Dr1=-6(7nf2;^ECXp+Nb# zg;&5f6jaU`EbOJKw~(kV4$~L#d3?9?@e)(l-v&0U>Ah<9z~L4V^o6w5cNvw7)WNU^ z<)3dyq%dU!N6|h$&?g74@vLOTa}zJ-x;$VtAQq;tY{x1$YOZ5qBK;?!9>yWr;==mV zLT%^L0rc&yh+BGe7u=ZO=bQn>_XAwbo=PRUq$vKzm0ehqA3O<d)B@6Dic=OK zI;=+dW1zMz;UXnD()8`NyNRA>QtOw~e_mIVY=gS)|9SrKPY`2^iB??6qkd$^pL^vV z5&-bvd_>Lr2oW8yBs@~M282L@G_TWYB%sY!m-Ji%Bq}@O_RnIszB9?RSMYtqi%&+* z-T&+}Pcwb*5E8CmZ%#g7#Ueq#zcBh|`_l=QBqWj%{+%&)sug6m3+>U0@j^XmEbKA$ zHEt7En`uAqcpNJ#e|50)*XSlg87Bksy!Mz34uFG@BG$%$;dsOiT@d&l*Ju*mO;eQf z8TWV!i(JsM04^3OoD*~=U=|P3(HjW*fJhLu5SB_$l9w7$Pi4`{&{d5c^~x+TGs%)y z7>j$9Z|1Ie&AFUkV_mQ+(?*|_kN5_!!5Et}=o}juH~y3_8US4H@L8hs`d_RoXafYm z65YlUoQq>7KmEEtnifk&KYsBwWs)t$kd#p~Oi0%89|$Qet4yY^<})#Td+^#T(~zJY z2~XWWKKGV#f@%0u{Sf+GPu3*{=h^Fuhf{<-d~EVl?rbOc5q-E_H^7l-gjIxmX2b3s zFW&lZHY>t{N7jf5d&7GwOHe<@VopTi_xE|L)Hh_QuIn#&RvH|Z(*1V;EWEU+BqZ&T z3eH6X2Vogvwzdo;pANMTdiWI&rkcNdyc)t__$!m#I%)42^Xy$Z0GMCkn?poSW~q%y zz}eZfa7t3!BzI~}bs|rTz@8)O+iRk?Tm-AYY@jkMrxNIvdj?fl}?Gc z*Ee!&)z10qBT7+pjNV1NpkT;~WSQ*V(C8FT)mDCWu}baG2)XV;Ekq=94d+$XEULSb zu7kBuvxd2cVklL%@8NM268Ve>H~|2JA>*H5YRa}XpVysqZ3qpxB8UJT%h7dhlu-;5 zhCw1lptxwDAPi9~@v#?fn#M#yAtIvjO{2YO>}c7-ZccLI#)@O1MOQ!HTU9bE9L|yr zoyVpIw=zy{0?Sp{k=Ou}%tvB#wd2vjYLsZkPvkNC0HfLECdxSEbYTzd>y|G#Z5ABMpPnLAQiPx;KyBdiqSK5In;q!q?E4>}GH^67z%~%u zI?lrN@JZ9g=v$fZn~myL-3j2$ROB|A0k}5^+@xZr%*2{X$LPES+477QR6#^*C@aS( zt&AKatq=m3iU)624w$d}1$wiA= zu0g!m?7X*JM~sC1mK15Jy6j2_;G<8T!AOw1R-22_zQAcd5QFbLKHl2SzD#9Qj{#J5)XOYt+u#G z;(iprHDDZ+m{B2-n#Rf|1d+c>a`=|wX-=dpmctRFuRV!iLS*!Y^?;PfZ7*ql*x0%oBHqi3H)+|!ZAi-knFC}!viAa^fVsK zmPBknLg@AWC)-iRF6#X<#P&a*&`yQWYx=nUZkrHMn8KJy6H3@J@QP)=in(Wc!egJ^ zgld8?iAOCxSvVMe0u0^trAzr>e=Jm5-qNWr)HMTHlPZ1LvI4n(+jtQKv3fDADh`B2 zZuYlX^`0J9Q|F!aKPh`HB^yL@Gmk(%w75U`ccq12jctERt-WHtAen@xI(VA}0+doT z*~C@z^!L-o-w73nWsoI64Ryjr#_jh~r5Yap)0JbGKn5lW&ZN*T1rjYE16f?p-k`u_ zP&u5>lm5&7-Z3VgwwcM4moZ4z)gc&bQp>~ezTuXxG6uBrx2Nh2E<0*wquUJJ7HtXf zTM^K9$0a{Y`A^y?d1r*B;i`2TRNH*3O7ZF^SJE>+XWoJsMfhzh`b)cDdbfz9(8?)|ZPjK(+s}l5)D_2^0>5Ynta*PNaB^*t&F>8p{K}LcZv?yneF7!t6M&!rSDE_tb>B zY03F{xyU7Oz=u(H4z9}j+6s^@@P&VgnG_eBJaU5l^G|(gBG537T@Z{710Y*q16%dT zL8t@4xhHlzMxlY_anzXvaLg{<-Je7BP3Q5?B$gJHyQwP(alv*&2(=n@tKkK^owD_A z$DO{_%GZG*g%|TU!za_3yHFa!5ZC|?>^)t8Qf_iVekNkT$1TC#pI^T>ucOmU5{tm| zxSwgt^>I-Qo{!1dh2MG=Vin(k6M?J3(`t!;L8LaRNl*2&BT1300uAL~U`}Gh)_0n2 zpUP_h;3D&w57S|f-j+AmQ}w*qHhC1gMZb(`&q~^hF1cZP;jREndf^KsxZWAw;Oe-fuh_rcsJIdQLvP zgJPQmKsauMmEKrwXidnhr&8?}eP~;gJIEEz5&$~<%?rW@xJB^}%r#iTG z4IJ&J3&;Kt$956tl?%i6Hkba89o)`=3CG33&Hb|^R?wA6xlBBV%dHh=n@#-Yz0E2C zWY)1Z2Hp_xv81#|RPFAqF{!Rs?0=rx+WNcJbRr)#u4o99>y(O}XL!43Nh%_ECq0y^D=-yj~=*n`1 z#R(~{X-eZASjQ0T+=|KBQXmmnr9*_y7Ax-$u{V@#s$zsqr~d#eP>dkP98E3|=WP~u zu|D3{FP7D$DwveVR%V&bnT<0$@NjEhj{N68VpN$1fZ$NHaxA6kDc7q`SK+dQKefC- zX@LBjGC;)*eU1u!1bexr3FY=v0~o<<)|wYquI!=8uD^dn2T(x12h4Nm!fIyCX_*WH zpV|}I_V=I%s$>oLEmh+Ej0zQ>cc@LkoWZ6^dHebPfTt3B z)>(#R14m@rcFwQ1oUgdHRdKL`dwB<(_Xj<1Gj6+GC8F?$SbqCJp)K$->RgEkmiMH| zX9XwlTaB97c{nf$Aj5-rmG?d9^a;p=5uAiF(LplK`#96!;gaa zf(%|i5OVmB+djzBksVWVzyuf{W$8QAg7{(V9A?umGN`Y+K53d{S)3fh_sAxXni;&W zE6*n`xI|0RVPDH`(#H~!_!^PP;UqO$h2momDMx67*ONh`H~P?V9Za9<*3ID>vWO#A zj2D>{m*dm4>(Xx~qjx5EEhrJ*_sTG@2m{w6#d=vej57_79o723J&fL?sK{V*m;FF zGkn_LkUqsc9edp>)G5T)6-3q*;LCoz@YrGOMiFywodHt{4w_~7;Q%O0U4IR;qu+S9 z?SBw^BRu}9LjHqqY2w>qC0ul0;efVtrWP`(b{Ostm)~X_5ZL&!dB!1N#lLyPWgu zzBXB2aG?J}Y{ScG!!kC1i==vo^>=WA&%+S-oA;vE86* zEgw=v<^Gu+U z&HD{)bn*C>fKR%@pB1*T$}}g#Uj8wsaI71$P;)saE& zTi$z&#@}D5(sVXle&Ew_bSt`A|8aHt=Qi$Tq}jpg=U-A)UQ+~sCd45@*ww5!@U!7anZVftIK;=eY;nNz9e040PD%)+d^TrUz)i+K);%*UB3wL zZ}CwU$~uUi?cIk`?8JT*|906N7=YdV4-aCh1iB@|`@gjGm5@)Ifa}k&TVE^(TXx4t z60rFe*v6TK{EUTh3H5;Lx|SPFz3?dPt8mjz+U6EoPD#3#d6b--RHPG_TdGACj>>Cj zvJ-PERQbm>@QaV6d049~-&&hx{MT*asMN1a#euA)D>pj>DXcNg> zH*4jxa}(VOlAiej{xTF{(SD~SNOq%IC^%Ry+!Sg&#PSTt+#@Nv`t38jjsi_9J5N?y zANBljyDG&kwN(j#oM)9F4wdv>w@gZmI)&l5EZWVa<55VZXn6ApL(ck6BmriZ48RYenq3 zr%LU6P$0`tW9T37Ue@c&&p>|&)4G9mj;z1T6CL_+c8T-1x?gOUy6$S7{FMz47?BQ% z=K7p*U&rHDv=aVUP-ON$IscbC_oV@_QMSnFpTXDR+7o&TU9YjZp|oB=W(O{O zG{#P#ml98Z(Ct|$_wbio=(Df&0azUUuM?3W>Wtv31EBGjTPnfjcTa)w(OuSFOYz#_ zpF2KMI>`e(FQWG_C=pd;MWfTco35lhq$naXdMVjXOp9r)U9ed@n)F@mA&|Uch^{Aa zo%(}c`UNLtk^jdT8C7O zWB%I(J{vVp1ByzQ31bFt^^G*`aQ?-g7`QAK@Q&9<+gbnV?2n$f+1xg_X8$~Ja`nxm z`gLl@9i%&8`mZXzJLVVs=gWx!)j)x{HO1Bafy{Yy?uNGibs}WDYj2rIfcJT+!N#2;&+xr8b{k~gJYya~fAuF10*sYKSyXCZ^*@h9fhJ)Q<*S9hco$d;a6-?As=SR z5A37a`}Nm1q7kXl(MZO1C*48 zr{*zZKDveqG#E?|`1~xEqB#h)tPi<3n3~Q9B!o-=cT?!K6lgWi0lWhj;3W)AM7?Rw zn*GY$ne0}hF`tSOJk>-J(`c?lg`?1U9+Y6ZWOZ0%re*Bi$pBXPZ{?Y;`O3ccTYaa5 z&Lvk>2I{vQ<)ZCxEnawZT3GF|<*ZSrDiI!W1h8jrg>8kN;_kkDzB-5#hM>P3K!B1E9 zTLF1)N?fpfj~NZw>HQe0)KW4rV?!IGbUWCkN1j{L8)KRtV&q14cyagpzUwfsSK>wJ z-%iid@7?k)aS+KjL=nQ)j%z<%H+D+!mQsmKT}ReF&E4QTpW`N8wfI3^jraO?-gN6f zLA1Wg;A(u&UjP6fbl!0vh@<;6EdD-e2>){4u<+~;rOM{X=v3NB-~?Z)V)azQ;x|1M z%e-Q6uig*E8mX7@&LN8qoC6-qDppGBC=8Z8JRN}i+n?@H!hTNqb@q8gx=Z!%@ZI(X zcJlq_;U{sg9>ua8*F2i}aYBLo8BrXKkl6W4p}fN z`7iwqsrDavF8{CJaR<$uxF$j3*TH8m8DBK39P$w7KzV~;%8UoF*~0CMa3u(DHJ+Jw z3Y>m($lHYCKZ@mDxPcn(0^1T9c8EgJULT3g9vLJsP!>vS~9c1MaI{r~U}JU~PNzzMkV|L_m+ z|BrtFFieWyB#_i`9FW+gcZ9P4#Xs2YwpC0$1F=&w$F`)*kTsF31BBvEm~D7Vasp46|1qeJHkWqCwdI0OPMUDFpG5r7YIlcPJ~dm zpXJn8WTMy70b^J46qHD#d=E{~e2g{N#A*Xr=0KzQW!$h~etTua%A+zT{yw zS~;^rMYQdydHZIY@cOv>wL+;CzaFeVGoh2Ih+Yfc zGs=yK9|1WnU_Me()Lg#FM-B>B*9ZP4>9Db?0PrIeGSW8^ip4$)nz3Lbl13g`{gcq3 zNu(ZHxe+L>=bDwG<;-WQH;bGS6>qsEu%QD6Q4|D83(pM>~s_A

ezZc76|E%Ok(oo~cWJE-0t@wJ^$Qf4)rL#vx+7HO5q3V+&z>!1nDegA5Wh#qXOe zwS*8M2F-}(VxY-N0GA*p10B+)MOc*>X5 ztG`P>H1Sj7M_9V*ER@c0fijj}$>T-l*n+IWP%zNa;|r|~9tiE|hNwQqhdiWQ zJ|1-cbNwII9=EjHhl*U1;4`PSztA}f5odK@L5Ppr!v*v!sxw6di# ze5sIw48r70gu-?FP-LG-x2FR?+by0xMDvVnv4%WqGw8(Kw5d^NKV<~6Fr49O&K+sE zag}+mDak1$IB#(8_BK%hU8Ud6K?ZiAvmUs3gI#AxF^-{F9tg3&h#P79Hgq`#q>}ez z)Mi7fP~r$TS#3~olC)OM$G`IrnT`Rf+e8fzNEIXS#18Z&F&-xSIzqL_6^We~qdgM^ zCBcC=3NYhRSEc0IGgc$tV31^Q17B1_F_oXO5+W9m_%Ne%)RMa|brcN~fV)4G#sSr~ z19_77jo8ksOX#Lfld?@&nMVK+ern@zBYOaalLQdz&PB2EX&n?L0n(ESgfO-MPEDt# zExY`w^44=iR?i;ExD%uEZZRVjZ>X6>p+Tt6ENoL=gNg;OQ#sZqfz%S*9OFh{YAk@n zb{8k_mEs1+@pegM48!9~-E(8WNbWPJkcji0kiYIm(m4FQF^=w&B{NA-(wX|40O#X*GkZf)Nzpt1Un@1N=xo-@@L7RQ(j4-%%s@=l z8AvM;3mRm8B`1JEBbMDkDz&%=Hf_-RN!3Cg1-j(+1n@0~I3bf>BbzWlo{b#_{x5QY z-c^i1Zt!u1F=~)U1VA;bq1s;bR-Fp{v>;7m$RiCGpVkM5I@J_YYV{fN3lU)m^W7WD zQ*Uky?Kb9AcpG>p*P0giRYiXi%;P3PO}*~}U+N2yH&!jjADP6d=&wCWW6bu|RcJM$i>jn|hWj*ZLNkUm zEd{DbW~OwT60N)kD2e)*a*zyttM+-`V^zMVh za65#fMBGVlBi^tl1(|lnSs`-B(?np{ld(H!Cgzt7G3vbA>WRQ-Ty*RTLB3|*Ui=h!-pyOp zN|C}dNXY7v^_A$Go=uPMFV5};%M&>RlM+?9SN}5$#a(}gIb4~qzUq0^+4O-8+~3JX zS>xer3wFQ*%`pq7RObW=|7o6d48n-(n_13TtO#sR&~&m{u{*)Yg4%deFZdfgs?Yns zpx&I#p=aagd<4=Ea)x&_aTHYJo~%P>%C_qRd%fu z&Yu;oI~<|N^R_}S-TUHPh_sAh*f1K(CxEAvu;`$xnOnd6XKg``WM_-?tGBXVZ=W$e zJ?ZLV^9XxF3u#RI#YQRdrI=(=M?WSfeQ6Mq4*h$qbMp&vWC0d`9g951forV{@KaT{ zUyyD20>Fzv&BR=8i6HS1*_LD32St>+$hirl+7piVr;B@CfNam+55o4PUW8r@_C|w`ic(Eg>JjGT+z%kv-STpsESgyYUBx%Pq{@B7X zP7=w{o?ofljcFL2(IC+lw6!E&9kqDHFA1stw61)pFWPcP@VF_9u?Kh7d-4q$BMlP2 z*(vh9XV>=X#pOdX;2wq1zmZ=9D&`3y(yT9!Ce)R`@#L$M7*o)GHJ*cj31!*k?2}0M z!s`edV%LWq0yKZN`$}m9zu$$XmpcT|`4Aw36B<%0VNVlvhi}F}O_V4WfIs2|Bf6b^ zor7=5+0T-J&a@t|Oa{N{)}KiLIv``YlYm^~>Raz0+|7*@@^awIfXV`#Ov1&AZg@>w zLS>l(r|*FzT7Zf*V2AgHtTkexh$!5bD zoz2L-jO04K9pU(h+?dZlW7<(5LmcdD7k*_G{||UQ5T5vY89=pQfAbG`mXH0H{47+009A&2YZ5SzNWqb!<$eODkS`!IMOQBMeQ*OG@J=?I z{NgczDcM&7IjrsB3Xd>N4A`IpG1Ub7Oyb`>dhqpDELz}Em%yX8#MtnpN93vihL%T& z4y+Ut0EkSY%&?@yrg(?ORd_%Za8b$_iPLOsQ8kw43@Q&GYZ_+O9JhrqCGWzM88hI; zH8?y#kE;bB;T~KKf6#CN^*T;wS;Hee*cDN+0dQb<#FKW*5aEmTo-pvsq`26wNYh_{ zvAmS28Vtp4TUnhX8$!Ho3(!nbn>;H8uNBICH+0+*m{^|by$fC!fPwOKA(OgAIte$N z69{=vOD1(&DpU=2gJ_eI?O`A!37PIKpYGSg`RgL_&t&?)$@_1{o{-@|VDiw3@k|_3 z63s#eCGtA4&bD+SE>*{i6=x|unPq=BbRtY%z6A*4VZknhvhKR&ggBWlfQCF10`3~g zSR`!7f@o!*$#_4jurxH6fPRBNNqYYbiHudfofjgJ)zS4tiy3T=3{UO<*6Em_}Y7u$p~v;efwrtU2qdT8jp*WGF||Do=u_sMf@bc~wFpEZoi z86fdt-Qf}W;VbmF9!ir*V$x?Jc@7eJ<9ErflJYX;$QX7#+1^T#k>_W6$7M|c2)`h7 zHV~)lz8y25Et0R6_N3y8Md%HRz z?@JPCxx8HOl63Q^h!qC9S;oH!5Ok%vPw99~hO{iQLdK1fJUi=ghKo>@YhBinbb&2^ z%e$p&eo|NTl3X#u$@e#`?L$GQZF1N|H7>atf+y?$UElvZF=H$@SOSWFTLaf6(?irw z3f4aBi_K;U%tcfgG1pBqc?ql}an{vx>c*Ap*177YjLSkPdw?Ptu*{aKYlk9Yq1Y|l ziH!)HzbFgtOR&PhBX;ZMqoB9~vf=7xBBJ5`MIurH3i|`?Od@nmHt0_ip4J(>?!%hi zEF)+3k_=9fhSxFcJ?GL**+Dc_*aDAGx3n@KuWP`cem7sPH+8YpxB8e-TQ@g(8wvL} z_migEE)g}{Of6vHSSJZ+G`UKOkE`zQ8mdo{oiNX7W~spoK#8Cix-MfysMEP1!}L=t zCq=G_7;9m`-F9K&7~FK*jg0mPmb{ni?T~&zLIyMe z+n^C$G>xdG{?xLp!TqnR1MQZP*4t>(-?MGoYAxJk%i7D)o0s(-eEhgzNW1GYs>`GB zsbXFZHu)(Xu30L|Ebs|DX}3Cj9SZX8=C)QU>F5UI8_1^{-dJ!078>G&`4av#kiq~v z%z!6%2AFI*)1P!^3io;xV6MR*_g(OU9;}f(?F&mTwioD&aBrBdDm+e*(KIR~C6d*A zs(!%I629BV<)tKL45w(RdC;HUCENo6)b{Hc41T%~!IT!??lfgCGmIPn6m?Ef6z}Il zSG^!EEx>EHMC1&{zVI|aH?StY>n(-5J~7mOLZiekueq!=do(kpYs6g9-4e+3jsB7%Le(y!i`%&=)uOUz1HIQQw~rgI-1Batl)nV-0cj9Wo-G#5;iCzde-B6X|-PfRqWPqJd_=X&~YH zt!txb0sapSb2i$yTEIvQ_3DN+i~&>rdM$N9Ca>$TEnq#utUK1rhoZg2x?6pwrXhN; z$!@Nrzv8)l-gdZexuPRPqIJJ+I!yo7l z@ds?=>A2a+28ad*!b7(3iV|AGY}R~x$|YuSUB7!Rr2D|gQ`b>6SqjU#hQaIZyb8p} zshyPms4a)K&#SkKQg99vZAxoh4l5q(u)ZzWD+)5rH=z)C?ihH2qsY@-(7%WW;ylh`p_P9hP*>(lk_w z7C040M}gzRvY&5e87y4>Mcw$kIlr~U?i^lfQ1a#0aB(1%=t84cKNnZ7u%L+T{nKlPKT@fCcV&S3#g|4sWmF6t$oo=!3DMxt;mv38a5S zqHYO5VZH3Zu0qpR!sBJJq9V#ygf_M{l;a)>1Eee7(>=|D-yMDD2@!{Zg8H<&%gamJ)C_WuHWaKq%+`Q1@cbX_(mf^-vQ7?wPzAN0LnPf z60`7p}DW|ZT;=|Czz77keQezEjw%g<7Iiu|~Knd(09xAu?xclWOr zHdB_r6|Ocu05Aum7*pBmdBa0&It^4V3U;`dR8DV6_iprSuM zc#zVt4Qp=7d6xQiO{>0hu;30Z(BTw5n6?BxnJt_P-SE}@RF_cc1$l7^4O=Zqu~ka( zX;5`o7q-vq00Y#iPanQGiFtLVWS^b%LB9*?Tdf z9{@hM`l#Fm{;?(8t_{0?Ms7}W>jOhCHfQgk7v87c6c#%&#r^nU`1#J!8=v|%H;V5n zdQCpmI{f3!o_`kJeBi+ z!1@6fQP3;za4yW&o$W0yQu$eE!$}m)6^`nv)#=LRHvlhA7K9E{-92~WBzHA}u@U1& zIDfis&64bQcu1cVsF3d0sYu*o1Qh#yRDg32mp&5(t*8#c`t@Y4AccZGrel|aC6%2K zgSJ`Zoq|D-4ZI7BhkALEeY`>cZ7tkx~Nm4tYWfp)`4v;U(o|N->mR2~Z@lHE%M}8NwS-f#d9UDv| zWIrjvt?`&a5QdP}ewRS4rI^STd3bQhDoi_hFdO;abAdpvuVlO4fvYyGzfw$%`r*4~ z+3NalIGdbAM(*;s2i@kby-qZZo#ksE5nu1UlO!L6s%+jGNDm{PP+W{r;NvLnXRJAV z9fg{!g&iYZhCpKPx$JwFu3mY-sim6T?RTyo{Js3~<$W_J5m2k^*4VjhUtcG);%X*Q zSMNTOjA)WyLwBQ+bV|iLYSi@*`@i?~!~|^7aY<$o@|Df~)1Zc)cQEdEg!pYQoid3Y zy%cVW6hbV5XOd@r;QQc3tkSRTJ0B7+70jfn77F~@stGA{5&}yI6mbwh8}Fkk<}~sV z-*~W#iQoLzw;(6=@gr65{<&>%6QiTf9!h2zTOp<$VHcaSSMy|4ld1dDtNvt>BAMlQ-^(#)Q+ z(b%9(Na}1t%@xeN;bYrVrMmT5p|p4VsO+=>56TW4S1rs&4~R$o{W|cSC3Lw$klVxi zZh&3Tw~Zn|%3_Uy=8q0cNTC{1c12!^!J>qtMHLdo7vZLH<9v1|L2>5er`}dC&45QJ zdxDq6%-{1234A`I=q1? zwoKK?(+azN7pmY$Ko-8h-Lx>Urd$2t)kkQt;z~OX)(q>n=sq%}wH) zt>XXIX={w+`HoRvOQZ5jH`MLp+0vF%2+?RjY$HLk^JteI>;@Qzcr zZ5}66RlS~eDF$@VO<3GC1pHarI|-`p-|8H46p^w8ZsA(YP?-@%zP1d{+gUmEO|DC9 z*Zo)HoKg0%lfRnKgR!{(P<@7RvgvtLL6EN z0_WiDS@SNIhK%t?aYcFwIX9*>jbBrZ=(+QtGr`)*!;c4}HhCkR8M#QNSn;Jerj!sI zlKQ{EVERk6;E;CTor*;`(z&w2`O@$Y$~i}Bl!t2dN5LJ_$LYkPRCDRhY$}MVyo+ES zb5VYrmf`~T@qsF}t|ZkR8{;w)Yi{mbKoPsWaTMJ@t5IrK8S(!zjTt20-+rAx4ISMD zG=>~L-DOU)xe9dnHR>rg;bB%X%U`7;sLSAvj+N6XXYi6tqljpMYe|(t!O!b3^WWo2W3h)NX^5d)A;cp51zss}f z;=B985Y-A)_so+`$yohx;Km3DtyBm|=D?X&_kq1xVONqTHjY$Rjiqj4E7jSatb}q0 zaa-U1o%9HZDB@b#CM-q)$y1QePwrN-*sPoK4Fx?2nG>dYpR>wzn%!*X0)WKP1f>c|#U`tZmu`1O+N9S7a}g2rS}2^S5Mh*xblw;s$xwQ=6$F#5Kybgt{4Rg}dLR!th-nv#p zh~*atA%JUcPCbzJn#m6~KqVlaJJWU{6Y9Pv@CytOXmymr*z`Yi=Z*Kkf?@RUW7fMUwFzH(&l6!BZ-|A(uy{EG7X!}TN#>Cg>BcXtonNSDM=5&{lV0|L%a z(p}QsASI0sDIzE-B}hvuASfzdIsDc+ug*WP*M76t^X&b(uj}6XAV+4N@n@=V$#pa& z6Wd&M2}E@{5n!f|``(ri4?)CCKwA&DKs^9CLf_!)6zE%~w<#6del}NH=Z26SH?!fp z3igSmb-yep(WN-6(81{!&mEnHfPekAfbBj3onM&0TF&&+{CgT@3o#l}wK{Q89*nP+ za6l{3Ykm3eL%em-rjeTo2!+lO91Lf^`<%n^pbwR3Y?1?8C4QI_=Vwu? z^RL%Fj1F$5fa&|w_dNajj<%hs4-%cz#Cmx=F219_|HJ}l{tZ1`Mz(<_C@95Hq_P~FWDlH{(McJNj`(h45?BdO-*wm(Xa z9={}j1e2z`;Ovqi)hff5uQ_7{V$}UmIfW_@F8=F(eQPt-$CN0}*mJu9~od zav)8DN`yz%*)p@lMfTe{Y0jn%PQ`Kl153J&#(@(dkW zhH_dEqd4f56E9vnpdkLc z1b$~DyX{<7$4MyW0?w#ms%2!xiI%fPx1T=jp1Sb#P{Fx=Bf0K7!Rsh2^~68yc#+hE z+_ql!d9y$rSPT<&C!I)?s8g|rCfW~^+VgDa;;8dezalCeAdEGCCMsQ}2M>k=|5Bk> zCnK^c#^r<~xTIS8!R=D-|Cx+*S{RgQ>i(L|zSB);l;LI@TbONzz0NdDZKij_VlC&h zlmaG}cYunBs9;h}wG({#kb0x5VfgNwiR`Ic@!^bw<#Njap_I<0#I{!Bf(K8pCu^qR-~-M>mT-VSW0 zK7R)!McT*sW3+KsIB`iB;HU`4%Lir@geKUlTiXwl4Cp#e(dnu;F!PmF>hsmSpT4?j z>hO%+lGNVj()hMjVixvJa@6o6p;3}fE)9h$ zvJ)w$tgbN^frda65kpzynHgDl^_G3|A3mv?55m1R98|q`}Y?TcMY-50fgaz^sP~%`O#oGEd6y9JvteNxJN2yaieRY^-4v1 zPc6zP{T?1TdNjhk{6Vi+a)~)tQv$(?f!?3jun9ERzEkpSb_LyNjgiW8vQWoiz(me4 z3M|kb3)D)-QHo(7q%48+L7WGR@Ci+U>UVj|37*VWu7aOj$gub1Kr-m)hp}MhJ5$Vz zhDK*qe~-{xbskgvd$6nAZNF=b>BNH54IIA-F-Cwnq1;2;04oX{nXYwk4iJ;GgmC~6 z0a)O0-C}x~XATzFy^jFQ|J)Ob=o$$?bWb4A){yV)0S8#3&iHtQpX*iqs3KMUysdeG z6-t%`1+$IC1&+lARp$lzF6Fqd+*v1JtyuC_Qj|OCp}Ar~!^-bITN)Z0(NpjpVy^(3 zW}EQwbK9j1oSUmndxg8Ijk_b(Xx*bLpWymfmZ>I?hwTlg4K2o5GQ{qEL+&ldt5gyu zvN&D)=zPmthKVSJIzY3hy{+%(&FZL^&^1x|2N(HsA82$#LF+SP#k0Z=^Xn@rHW0cp zpdJdqj=-G`wjG-d47W!Q6|e7AaEyo}o|$(4Id_< zV%RzFJn2*oNj1Pj4jTLM1h(N|5~>4>h5xj{p)11W8}#OoEbh{YPc(m0$JLPb@QpvO!hY?$PqeKXO`tDzDSN$%xsp4o+ximxjdWtKzB6|i?+C67s_YxPy zDBlK^E)X+fNdHO9U0Ic-oW1QzN=oOt?xb?fp-Npnf(;84pvO89>`Tz@8kxm{|-+g;+kS5c0EvMy1#6@n;NGSKYdWvFaSW z=1?dy-~h3;MiHaF2G{H|#d+iwgLCFcrLLpqU+5WkCag5@N2VUaL?-5-RXtolY3!KF zozI{SL};-rj)qv6Kr3irw(L`H%RL8`^Sy!u4s1cp*P!&^uP7d`R?BkwcpOAZF+cY( zzs9wDuU-Lx6Q96I>^a`~A4)|)vF@G~tPPd9CNa)EKn*T!?}jp4=6e9Ij4tQKhqgv1 zZrV@Ff1i7gMD7=SD!#KlJeQbJiI3{sKpDWn-NyE`<#qK?V*~gUwj;JEMXw^uNiP z_X+~Y4{c6u9enwpjyb?I`Ma-M+zdY4bF=aduSxI>_x)Dl#g=_qnhvpuix!82@5E-@ z`@Zz85Z_Ixp$T+b#=DI#gJnmxaX)GOEL(Ld9m(G~40CgRX%Z+?G6gZme>;ry$kfKl zAr@HGVyMjSK?ngY!KV*%A$q7Y)7){w$LTQM9x1u+>mtNd*S_WZ50RBgdtQv(RWkce zfcJ2(xXW;q*N^o#?zKkvx0+VN(R1hTNTEMznVk0Xb0N2k05I!!f76?DAO=e|4ic9G zmb8Eg>cCoJv1KB0TMwhU@h2P=ia#R?CNG+J)4$Qw`Wet#uoGFp@K`|rkZKrvO&?Iu zb1t;yp?3`cE}u*P@+%HUuh)a9(gURLoE#HTgcv|n2gDo(HAMLRXGT8tX~M}XX5YI( z@m#>s8X!c7b{^lA7xS8ipIyOA;qZPYED@n6*8Oq4!CSqTk%>~bfhPC++3pj^W(R05 z?{L;d7fpk{bj7HBJ1c*pJKT1~1fD~&N8dSEn0qcXe;uO;fl?Dk4}{sM5kyoCfuJ5B zAr_nFAMDxf&;091>er=o9?Fv(U><{Oe+apiL`2_BkO<*X6Wk%R2*1AgH+4-`prj~) zNP7N!oRh4tvo;Ql%?@AsC5H#-=iSRg1M;6^v-z$|u+=j;kg``lJEwwyW!U2AXa#4m zAYT*%=7&Nn$ePZN2i}mpnvzWYm9U~onMjx)85Qc`A4cc{(LKHJ2N1>+6}-i^J#RKh zWBW!B{pad;5p~dWYu&qWg^Vs(1_5UDg!_kFrTqG_eudGBM6}PWr{#d|$^CAiMPe_`0+XOqKt%-w9XsCXvu4Oej8P z{yx=n>d_UY?=*f;WB8VA`mg4fTP~>pA|wPm5OEUuGp{mXu|`D zU=E#BP1Hq|9*EDJ((~|wdn#W92tdFOcs>*4Sx{F3pPKACWLV&3iRm12o{&wuw~%BmL%WQGPEAxcmEUJBi*~mJ4dbGGA-;_B z?_;9cT=8e|d|Y~&f=0I+=*>+6{TG?MRApZCy!%rsz%9JE1^>Z}UVWyBuieq7g@$H{ zt4XYSvBI4YCBlT4gp{X#A{_@a(EDu8OD&S1`LJ1lhxj3Yz}^KHb3c|Fp`KxLzRd(@ zw*PeUACD2>%Uh3sNR2VV*`uXWzwfM9N7pv>-emYP;|#9){PZnqeo7%zm>e?&hUG1U zs&L|5D}aHLHiD*J^^Lf~6DSo){pP zrbnziQ9!&Me+v?NBkq>x50hvEQmWcn0BC$kZFe&`)PA#Mg&g&IAk6>RTIO6h$g`P~ z`gp15_2GK?^25|dXDHK{>on*|`-p0bsOI!CpTkUk9vXyR$Tws?D^Tz(tFNfz2CLg- z@Kq*v%_TZ!C=I7q$sf&B76u@Bi(x~IrnS2CE--<1Lz!2s9n%VbPfTm|4GJ4@60cku zt$MDxE4^E!kDJn{T|YlF^Fh@|b7v!=flL6wb*NOf_RD+QD%u&DS8!e+p-mmIq zs`qSr{TnAEHw2~&oa!1V2$a)H06Cb>GbZpz5%RE>JNO{33c45q2t0cWR z+cNd!Jx^EgDV_LntXMv=;OAV*G_fHZkLqJMZk!VFAHf{+#Fl?+so3ddiR@>@i#n6P zgIkL>9>op5Rz7916@RPSG1IUvO1+h4G*%``;Q;Y=H|u@d@6UmBpQJWSRJytiBW@%5 zLJZ5lt=}Ekvsf}FpNfZqFxl6+&6$%%y*z{8H+tU=Jrx?F;~JwNg!psqZ?Q^91Aq{| zfn6_msnDFqi!0_VatY0i1$(~4K4)>{E{Y#$HQjW7XzxD>5Yd^74LWIAhmWFFAtd(x zw_~86X}iwM%s(=}s-*=ApIcx6CRlf`mpI-X$Ap1jgM{HIpiC7_e zAmChX;$aa|#$7CR1z*bJ^KlQ=wPJD}!frAQ7lsKLGj3(0o)!pzh}{9uH-IQP6zciR zaTK{f26lMZ9419k@h-7W$AhI!Sx+is%)%Teir)3iUDNy?Xr=Z35S6s^6wIYZKR{$# zmPyO!OsFpNlHM#0K#m8{A+bP~*A!s6(ee#HB%z`JI{s;Rb=V(FfojA4tqaZ~r4Pmc zgjTszWo3aF0uk(j69`v|R>0hNo>ZDIJ~Kyim44br$hdtsi`@p#XRtDEu8z!UG%N$! z6TSCO)y}OhclY)QZ3ET?6oc$xO9?h5RFUL{iNwF zlK&tFs>1RnRkp~ig-&OUElh0OYl>6{EZ;re#3%>|k@is^36kg=Oqr{#v;p#4RN6&> zEKpiBa4)UbXhW=kc};3esS!mYP7zPR%OA5tj#HQ=AeF{}Z)fPtvKkh$#c5282lXv} z{F$w_o8qujwnJtmOzHR`eJR8!rCHFiis{m^sj;jkq46VK5=1Tj#f?9YR&)C8v|g4> zH)_)&R=YB0Vb1YfoZMI&V|8p>2*!t)lVpJjE?qQ}*k~{QKziEjxTW;JQyp=M=UZK! zRov3TTnr2ZQkyYZN$w}MEF=q^C7E5C(gGdm!nF!}tM0$szTRPl(wmt}xr1{@ur6JG zsUm-I{~mQ1&H*TZWe%4bzYry)INGJX&&1zYL`<^m7n$HCb_RLZ6YqWT3 z8WjZ%#I{up5Jj-Bnv_v4hD~q33{Hr803fvK_@Op?`|#~k)TYc=H9CGq4jDLs7waX4 zPmBm+<>_4dle*47#`8H1U%}_7o(Wwo{dhee>W!blkD%nsiO)##lT3$1X%mJ(1WY)l z$CRNJooum!C+3|O3vX4GxmluoubqF_yg~Z?_>j zLb)foF?jKHl4owC&Hg(V1<^$MYKY@!BsDJIQjkdimW5no1N!CxH39N3$89sd$@fJ3 z{80#Sz~u;B17l(3`c-Spa-CwNovoMI{$mI6X zLN$Tcmji)-@^fm-4E#P` zcNf)K_z>BpP?_TWfS`}uq7JJ<7p^K*X98k@ck=`^xpo8(eO5?l(p*eAl%`YMpe1Z8 z%5m}du&wyz55Zx>4_ja&SIwGsnb?GOg{Mx|V(sgn`~{1Q=RqEQ+jMV!XGj`n&#(9I z{7v%*fz-LOS@&%kC{)W*6U#&j&7KMKBFa2x#Qmy+*v5Q!n z*El<Lb9Us_P@t}gLTE5>mGN`f9BPgGp7~l2b${aih;%5ofD$)+_P^Eh<+%2lP zo~qGf&ipRmZI5ZHFk}A@$oFSQp>KajzP|+m27Um3$u2{mQ8rH&w6VvFu2Fptt{*7| zJb8BWZ0qFkzUtUT-jd>y=>G5Zkk^Y9I)LcB*Q&3&?e`nsNPWKQ_gdz){n_zsul>N` zv8uDmFAL~37_ecS1S{dHQvL6cZVg)8j8)5-SZJ0K()yBqy_Y7`?S58wH>-|~2dX+}GYyM-`JHxRZWteFK zH;;%A0A~C#!{)TRI**hSNFse)8u8!O1CMe>XmF{XJ?c7x333Jjgq2}-V}2xT!ZOQ< z9?}vUmlFTUz0!LSjYpA2su5yK!_{s--TEWQ$BTE)%l^J96|&!=aVhTia!%kcJ>4rV ztFxi_r~9uMl6&q%^$GDi$BCM9liaL)_mz|VJM|M96pM-hTw=4nC?2C`yWjh6=D(6< z24FY^Tkk1^`YvbCz{ae?nknq`?DSKorxE3;Z7I-YlYQ$K1zT0UvoRV~ptWTz=E7;W zZj5vUn>s$yP3Lyu__bHs73)OB;lifjAdB5m7-qvM#rpF4u{b(!e7{)G(3zO~6YPpsa5+R#)>@$@ zB(~KFHf4y_mKE)Py{Q-BQ7}igIFMWCqVvU)XHW25o--y!&~d98grqVtn?a> zh@!VaI{`5`+5xrj(@|9r;+}9#n_gwR8q_Z`-cN$_Yd+aK0CKgqu^`bGM)r~csR{(Jn>0e zn?2=UeWgrnrLmW?%v+!wAq^jr44_uz!qX?bQL&A9u6_Vo)xsQ=#OjhYW)|!gZ2Wij{O(mJ@Zu;4V{!rAiyJ7GNq3UfB=haV|{cQ)Yu&P zD5vh0Dqi=1M87(13fNByR8<(d&R{c<$M=f}u<|z!(3*Da9~Jx?%dpT)yf~)2ZfqqG zG7dldP18ikajeBHG^wdYJUM5+y+(0owKr9JWz{6FPn+&_qP?B*R)l6k#M84Y^<&OS zP|*n;26+$G*hc_bP`K>RPT;gWVbIP+^gXnQ2_6rFJjH}QqZ;i~is zl0|qvwF_hXgz3jmmukG13AWL{YY8EObaKF5{Q?5d<(xlHY9 zgNUb)4@P;VFT+#L|9BypA1-10S%uFt==;2jj!XPH9byQC0esj0oLckkibwc({N?9w0{2yX z5hbJl6+no~uv9lKNPYeiXe(eu6sU?Qoqb%)hjuB0e0Nko(--^8C_G4s_R@C$5iCY1 zN&vhDLXsL7ZA3iDTcCxocsFRL_gRpMxq*@&OtC?BLaZZL=;y<437^FX1aH4<_=)jO z&#>K~tBi+Xh5TeoVhXRefoytI-7!>Hbp192*z|o>z?MjHajTD`%|{#vfm0`W)8F?W zj}UB;ICU&>V{ANU?ewqjqNI4+#{BfOC-@snV;k!;akjT7Y+#AdyRI4=*gfzpohw2A zm3YFtbLM$}H@nd|ISF>UCtORTSAmV(FUu%NB&aGW;Jr-(FC~C6?H_C}xSxJx;B29N zYf`7#9ukgVzIV^A8xKIG?(SisslR+J|q|~Dmai&@NBm$wg z?Lvg@{7da(8WJLpCjj5t$7dI%1%G^@=9KL?6MNQSn&>b6-beJy;-T1WfMjEUd+U$q zGck&90^Znn9RHhDn(rVc>8RcO;d~@vagd?FjHVW^PUBl=iR{MOId(2 zTau>WJJS|pD6gcphLKh>p-xDr4yTlt$q#i-QDJB&5c6EJ@-oXL@M)c)LBAA|@G^v+ z#7HB-i1T!9Un>0iLiDkuW~Hf=sI+-VzSjDs3DqlO-dPFNz?ek?bB`b^)mIiF%?uwU zmTM$QZZGS?5hX#dvXfVjV3(Gqnjz^|CHc~JwXf_51I0uM?7vFyd5PF)RN3gnIsTmn z7G2o~SU4zNI`jvjNO1W|=B?mG$xn^ zN!3q`jzEaU40LC)qgob(xd^j<2~2kH80@~Okj<_OiO`V%QDd#+Cxi}vSxKD)DL%Qn zkyWI^lfr|uoI7yeWxvif-`5n2W(vd}kH*waPK!K_dld3~>G*kw-+jDC{8woJPj%=&0`Z|*;k&GwA3{Kj@@3Cq`D}O#`Ae+{`2xbeirO7!i=+L}1xJp(iu--* zWPez8tSijJ?n5B|kI9byzf3mG|6{TV|9>VMq=w0#@L*?%79`cqhk+o#c!Wmc|7EiI z%t14f@V9BgZZ4nrG&)F`HJVT;RK5E)Y-4E72OCSmn~ z$Gn#StxP#g^|bAbTT^T_g?1lj5K&#KF#K_AvVIezk;LkdY4D(spH1|k|r+DzEM~;>Gfc%ty{LJrXvR&l(SKrm#fY4+Fgc`*#KHrN-;x#|80(MlI!*!6xON zF!=4=HoHMzB6i?TA2&|8MX2ls5a7331>zrn9Digh{&U$Yf@jZqBxzb>>7%SnQGy}m zz!FeW1QO)lr?^?%h^3EP01y}f&c{jIHT}Ota^)V_KU-`AGBHS_Lo(EI4lk)FVF)}b znlBtT3O@io*Nj6F=%o{Yq-V=%-D2XM0=%WXwzK|R@V3w_+H1)2~Ek>3uBmvX4v{!AhD;}6v;sv`bDmIak)n>5%gr<68F}!8x z(-yS2r^zY=_hNQi)djrZL!#_W?qlGD0KYg!dVsxD+jxDg4A6z~p;(AViOTO=%@NT3 zbimsPuY<#*Vw2RN@q0)^G`*1}zc*jGO3Kw}dtPW6AzgY45r|T^4DD6TcM`vk(6Qh< z>V7DV5@>jojNmObPvs+ECJr|pCUu%JQ73YmK|_eRKF3A77!Z3`ymZ@ypAetFYMm!( z&k!%g%FW1R=k*7D0@G1j8;a{>TiLmGDG|G~_aI6G^X6OEQcC4`r1aKX`&D0M(!E$ZB;)~_!~~4f$Q1v*Fv7-a_-KT} z5rb@_Vu>~K*YS_37k{f7%6PHL4n$t`&{he_E||QT;UKp)F&)~F{eIhAS*0x1Hd~-8 zgg9)9Q!O8+8{bNb2HmGNjREO3^zKKqUfy*f6@kUo38=VU+@beM2Iqe2$|RuBCdEw! z0v0u7$%?c(eg}Tk)~u*u6yuD8I!_c!tOvcBQQr;w-mFC9bcZT_9ezLkd#*^i4cqS| z#a90z?y)zxO84Mk2wtdh+nb>bOUeT=%MZn}c0YYLcGUEC>(6nkN3nm(T|)r`ShiXW zfO51@+!*_*>7wBAzoH1#Pl;C6m}q!<08ju9V`6{+J(%gOxk8w&kU0M&?FNWwmJw0u z*;Uo;;i|6?Xl;qPF(o*Vi4RY}L{#{v~&EkJA=1sfh^XW#BVyE~p1AFGhC&q@MVo-QHOYW|W6F>b>usM;9df zVw@JqE-5#$eLi4AxG&y9$Qm}nM0rghGdUgdCdqwrxHXP^nbPvvwFYcsyt6uVNSC2! zhmF^zN5e`eZ+sWDY}~D??Sjup&*lOKcWMIc=8U-ByUkm?dnee10%a;hfz!?)qT6C1 z5zNS_7(l)OzJ_jt4M&CK-9mX{DkmQ!Wm@E zUuAPJJSAF+qP0*ozBXZL0L~CiM*wXN$WcpI*Nq0mh+#HKENrlHX{`X!hd@Fz&mpFo z3FFk)lDTz9SP0h)jwBF8MvKe=eots{7@kG1L|fJ0yj!4>aV|4i^k6yU>$(@oZm1cE zv|=d(F6(6hR_w5v%`Z&1mjUbM?1V zdXP>Buqt$*G`b0Z#QrIVkc&TBgSUMPNm{K#R6ccBiGNo$$p6++zz6Spdd)EATzSI1 z=t0pyx4apxhb%zv6`Zq)nTjEXOa&h+$&8x?W3b#Ox#zeCo7ZUuR!{=vvzYc}*NbwLi{M zT24uS4yt@=qF}bv$BrHr(Nfyh%$+v8bgip?J?U~DUq5h}(w6LDxWm{;2js2;{21tQ zqJY`t$PW1W`aVKY*$feD$vufSC)l!TFsm7US}QmWgYu!!klod@xPbaS`0}}hJ-K*7 zdEvz3*e1YTT@C)8diC#m+3gsaL^En1F+?V{S5V;#Dw{Gj1{4N}F6qTc{d+U@Z~*sM+> z?FXkRi z1bhR|2-@@}VQ$4OOGk$HmoY8E%BOpEiFQ*e>r7>0UOky=bN8&>4U?@8?Vj|P z?<)=bBwPVxlC`1J6lieK7ke<-OhaKrByAa|5{a*; zAU+oE>B4pcoP5+be~f@oE#QDb*TYmzsDo~OHA1$On7~a$l$b7l<<~oNE)kImB?eKL zhBB&JgIv0|+4)<*?OkB=u9@B*NFl%*`K3P@CkIhEi{`D^@{fF@^RwvOFafv0njYIl zt9*!!#NO_Usz$~Hlw6EEA~WwGJ9?8sDhBIn>WWqo`ZH@1*;x?LK~^J0y&9<(lE5U` zE0;&shcJ9dHe{4nXDv7UeXTn^-tXgAzZ`V{xmW~!KBhJIG4nF+TXjSlZ>R}fkb!KZ z!Shgwn`3X_A;@hUFayo>E2XG6-bD0?elUv@P2D!)rYoC{O zX-F^YKQQeMn`|^+plBVGsSGNY{y^I#>yIazrZX@)o%i07)8n_s;@m)2 zy_AbUf&Oel@A^ASt&XpJp>HVkV+_ziERR=PaR-*QKam$<3rGG+B_Yr@cpJ4t2QUuF zZ(EML;d>r@1$DfH7}NuVEm6YUIWKyP33;_iP!MetSoOA**|ZFjB@=z>rafPmvB(#W zU;uRz0mF0(FIRH8LQ8+u7xJ~1@}+x+*5^It&l=)~^O;!RuMLEhzc8i)Tw(GxY_q$2 z(nw^&#LB36xwE6{i$3?3M{1}O!wcq2OT;IPpT}b9#A8}3RI0qJO0N=1 zr3wn+Xw{$u5ZyuHT?#&e0X)thn3M3raH*_&xd>^S4WS6j3ef1YxueMQO>Og;Cd*y2 zp)Y@C$LUF1hW|2lMn)m;MO~%XN+s}5r9N+< zIIS$d?9=W9w48GE+~bUWr`zf!&U%5Z%3hhTo(^eyt;yHNxk9e<2+TI?S3a2w7BthfnwP9v&F9w?PFB!i zVb<_c@{EQC##%VGG~h)hziq8DF#s^?vIGfw!iOfsH<}V<>oR8h%VmcVSO1OAzriFi zPBy_5BQKvQ-vOd-aH4x2HJ+=vE0Yz)-Zhl(>)jHuYjK3W0+n0|Ek^?F2dfR=j}p!W zUfv<}0{t$=n$V{WQBNCQQV@szyJalK+Yv_6Hg!!zkxrHoCB67CS^R@C&H@EdSq^dx z0kRsjt%Oz35xx4ZSwl9_+3}*L^F^~?K?~=D_WGk1xLCx4<;oudtQ}$eq)!^X4I0(0 zeX@1(p>2Vr3ax*yL&sNMLZ22XAJ?ifbw)l#|EO@)-UJIF3F>||8~^R(_pYFwaavb+ z<#}Y@6@!h(!X))89SeJT6eEHe%jPr*+XY?1Ds;eiF!HVjpe}fd^Lt9GrKg> z)t96*-Ordh6&}h_#dLPiQMt%Bcr`S;Gg{!6>K|`b!)x^+u<)wMnv;fJM@6XfBTVtr z)YAUEIn6#6Oy77-ae+twK_W?MP#Ohi4wnO74GZo|DH+ zRE{d){u2U+b}tP%8>lB9 zB1g{BPWOJzpOtN&y|e_W5G|Vimv|%yz(p*^MJ)0bFTOY&%SnRyBIWn%2M9E4@Etyk zA=7u%IV57b_VYZ$S1X_YjJqrve%iJ>S5y*h;q9;SfdG$i7AHb@QsT*nY5DFq;mbY6 zYnS#PX~YPp=a;q7(eYhC^SkK4Rj^4}{EOn1qUm|guk$Ah%`e<)SdgnBs8tyDp~B?b z*N1qW+Z*A(KbO8MjR6sWecuhF-lApkMqkA8m;SZL!v4+Q#Tj3NMjq9;@w-1p5~Q_4 z-v9Rndiq(3dEGZh&s=j|QX%hVrL;;qFXHq1K5XbqW)z2EKQ3a!tYM?yaN~4+i!iC5 zr2f&S7vzQ;G@26h#{F}0?q^N-y!hbf<>VRg>rVucn~xnz;pvs~A4&trhSq%t^=?*= z-2vOm8w{+&F)8^OhRf8b*G7J?8NY4y{n!1zAx_-`5|4J{`KS2O-IsLG{JWI@zf+JK zD^wG|Qt#sq580kSow*E!lFT&J>$3)}H~dYQ4Vqj~djjy*ol`Yf)^l7YE!h1^_HN*2 z*XZ^Gz*J<9rEVlfj>VF{!=)Y!3JoWftgR(1epeoT@q6nDti*SQ;7-%7 z#1dWLC-RI2;#LNkirAlCU-?)(0FB&KdgYt5*7=wm__Cm(_7w2ox^&;>v6tZPzWZGl z4V<%h_cUUoOJputfMX?>E1rt=_hUi@PA}GaU}b+WolF*{wqF{AhMkmr6AE|tiw5(T(6x$0|^{_9JcPxSxS$t zY#G6;M*%+A9rLDb9Q}6{y>Ss;e5@<-Gmhm%&N- zPa7vlCwE;Z^Ur?gWcf8LSi<I$muQv+=(bS_=Axd z98ltH#N!PJ(Hw~Q1&do*=fUr7cWMsBU?FD(s!0+FQAbkWS@o}lVz%762Q!PuOD)zl zhP_X|PTIn}SgMTH@V;O|SwH5g2TR`^212hGxlGFN*ciCD%mANh1!^QgILhtwa@$U3 zhK|*BrrBEp5)tz%o9*mmlOm-DNK1td??o0vsQY+a9r(%Mg*VU~io)~&sY;V;1D zLUvt4Uxo+O@Ynvk@6y1ijnBUW4rZ&tVrO(>E`8KAqM8E^+pedZW3svSkpLP_COMz< z&GvwqLIYKULn19N^9IXzaCv8*Nwa)~N6s;&6%~4kjjhD4g6mJHl7u>1u3Zv0m%{`_ zAldWq-a~~;c;D-P#6lIroj;5L@f;FO6=STA{FUe>C0;6B%Aj5j)A%AmH#R zA10SHM2xM5x3$T;-oRQ@A10q9$!PY>R_7O35c6Xgp4xmw!aSlyG(+EQUQzCTpssQ9k(9rfBHN>!N{1_@ z`j5>LYe1e4jvU!~HM#I730gR=;S3#?gv(bS_;OBT3&hAqKmxLhWNGBc#S3y%9bf!{ zd5(F|y5zZihZPNlx#=f6mWKD0wltGLUjUy^y9WTQNWGY5ZFCBZ&OV>kIhJVsM0&;% zM!BWKWZY%gz0jqQ~lZh_fVvxC3M}@Sxp}29_>2wQc@<|kh zb)>tYXB9Rj9g89&WzBV_gQrSuRi!ms32>xSQrabnYTtI6`7{^Ix%#R7I|5}G$o$^b zm~ja0%~jPzj#AoIZTi0WF=+X1)CTg=D%^Cp_iN-W%^{G0cG){x76uU`uAz!cIE>|m zCdPA7efu6$BPt@y2W~V&AEyrf6Yy#KF2}Ifv1qh5a&+LLThYxAKk)7KYR;POVn|y5 ziG%DER!o2*Q8*bcOteY@&`@d1i!%kp&yBSkhO%PBMv@Qi`$KA2vxJ2kQsh5)AGauf zC(fABVI4dnHPHDRc=+jO2*-$>&g|9Nn~@hkOU`p`5h-W6ZCo3`Ga!g$g9$sDJ!YBg z6{B86Qbq&iR&ue?&D^-m%+9X1Cv`QS{k)G~x)nYT0tC7$u25UlsC1rc#Rke}eIRd# z_YeVs1KPj*cf(sUXzKRtW}Zij!FRgvKkXu`S@iFzsPXqyOlo z@n$91`=wc)etJ~Te)G%p`#zP?cy{CXVR0bpF0J+6VP8h0@NkdQf7L2s@wrMLmKbZ#w57$i z3YK&3u+Kf$mTvJEB}Bp;QMx!tlP70);a>1jUAoQCRI2Rd12`3^M}b<5SB-vw2$LSo zTd+l)9RTT^N{{y11tjXnSN%xUiqX0CN#@mlN3pLGKvjVGo>W22&adOqH7Bl<6UL8q z5E^EY`_Q0uy#qVuGa0#=?ch`*MX^1Ab~;HQNY*3}a?gXJG%oODR#n@V3t}l=bwINy z0j@oSb}0g`8%_Ur-$QNY(`di2LIz0nl9dhQUn`j-)h zR34-=@v6A4MvC%XvN^;E=Y*K<#QA0dvC&**(H}!ysbSKkEVlUBiR?M%igdbvZe znLxxT$n_L&qodpYqgbk#-||q66rHE^snzdSBR|Wze97SDV{w(!oHr0NLQZAOOiSf>)7cN9Ff zc&J(Fzr1So>o-ZQ(C}j8Pn&)~-G`QtSPB#OLf+T^re1>HsT;&;aq*|K6F)QoOHAXJ z{~5kgRq~8+nVyl76uNBJ8>+Lgo3VYQPR-^)4^knYC}KxXg}oPeLSk$xqRNS(Kk3#Ri8;-}kW;YBqM3 z6eel=dj`dG&+|QRtYS_sa%GxopM8h8A&7r>tBnn{=IT^Ao4&j^%XwMG@)R`Av&a3= zW|TvwNNWBv#%viJfEm)uf`l5%Iu9a$PgL(e8479keRW>+y=DjSS876iqZZc;PpD(x zll)lW=t8BicdT#(d8wAq#F(*HRlQlKL^q4#yMTn@6D&kcUVb!*mF@km<64Ns3vcqOJX%F7jR>nv>a=keo`5PqQt} zLSllN$nXA?T<_%VTirF9v}U!{d2*Jz`6%C|uBKwC8qAobz-CDz6P5{B)a$$nj{C3H z^wsOD?D9f6r>rRI6vvo2NyQwN>j%-lhCa8Gd^?fU>7QQ^c`?ESIKPv#cCGU$U;s*f zDI^)3EOb#cs543(n`BrmLaLle+%rpcl`O^TH=nkt1M7*xK7m~nW%_?51y8T`9p1}# z_qo7JvZl7k0bz^|5B&$eM#R2m4iOzY?ZD05K~1^7n% za#rPBBJ2+F`Xfk2{Jn1E?I`I_zd&;82jS$30?rQ}%jf*gT0i!)wawJ;YA5;^N|LX# zU?)x_*L)lec;($;ArAQVLxu20^o-<96*w8>iWNmD{gaEex8dPHgYT$IZP-vQr<81Z zca4AayChYf_PTs@!M`Wf=wswxejCVukQ9Tl- zeQZ7&w{O;ZzB3Iw{i(hKY0?#O<~BU6*ceMxEKdxCBD}SRpH{ePK*ykL#~&zz$ep%{ zVywfxKNo;707>LtX0VU6T}XARKeJRh){)fkngI?WEVwjYW8nMAMcHPx6Yvno;c zh!uqr6c1#+1_qCe9N@+*ZDPIR)iGzLS; z>jfM+E*XP$cN-^nM*2mM6K0Ql72#K?;_t}kdzdI6C1TeoEtMiIeha=N@5Fj+;;p)V zXPz$CnAd1X5wYP;Zs?RIO}|kUi56y zf~)0%75_dZo65-l8ag0IsUo0QGM!Fzs{!ve7oFD^pHYMOpOZZ)??3sQ?h*LTlXL=| z^?%5^%ZH}lxZ(Q?1|uEaNHfwQHPX=`-5nCrf&v19E|BhS21qvul1i6=fOLs;3n~c4 zk9+5N-}m+8`UCcO$MHQrug_Z>{ks@l^}p2F60;ri)<)MEpbG+(&_y z@hV1uzRa#}we;0CL8yloWv*@$H!3RJ!E%<9=L;Xx= zp|O~$;Xm4q&Qn{$eW)4ghH=twyr{M=fEo-)-3Ssw8C>cb)I^|b^Akap2GpXXf8yhr zdx6pjaJ0zl$CeO{_U0F9G9fP%WDan!^xC60`mc3zwSn46SVP!KY#kK*-5bmU|3tAq z{ZkEdHHcm_RXyCCq;^$A{vD@b2OPsmSu8;jkBD64-moE{lwP^SI@u%J77}!_b*-e+;BafYB=9GD?;18V>V^fI2C}qi{O>$ z)u4gl;OQJ32`mQ_Vv=;oMVw!;wK^pMseL^D11t?7q z9Qk@`2!-4(!wIAsJ?V$@xRh(OfEF;~K91)aL{MEymJx7g4n9Zx0g=w=XQ`p8%!gpr zf+aK}87Kt*A9yVbH#084$wp(qn z=hYG{LdtZN9C0i|7!oG5b1PUCM~BY9e+n*)tx~9X)CXV|*IflDo-V|!FUPJ=_YVS4 zuV?p@jpd3N6I%@kY&w~q6jccvCnrJ#qvc>&7Cgs@F~}1ACR&h}w@<%fYv$i)-r{6X zexPOax>d}n6`wi~+6xGDr2mn$Y2`)3c!+Q(|OrcdRozCW-anBju{W6F-(xG zB%sL8_qEKcQW-1}w)Y!JedSX3ABl{Oi3B;PI?RD?S%WRX*|y`YYabQ)uGf;S5>h_Z zaG2~d>skFGqidbaPD<#Mp0t8!8?nHb>2ODksk@_wzgC4DpMDwfa2`yE#<~EPY@N6U;N($=l`BAc8SJN`_l8g-4b_K zk*UN8RDw}$pxs!k*5;$t*N)Clo9F%T$4#aY>t89%w_{u5SpCrL$#L20iu^Q^QK`d&CN4gJbItV%1UlYE%SH+Xet^ zw*%i@AMChOrPg~INPDDOZjA;5XwjI=M38hZMve(D0zbf+L-;q*zY&=c;y7hz)>F9xS)%1!~7ck<;#N+VW&N|0^>X5L++XH3PJPkO*Ak z6gF)Vgl!|bWoY-Hn#OQ$@=qw~J?xCR+1%|E+i)P>+G%tVpV?u5=5rKeza;IQp6TO2 z$z*;8meImIVn>rzs;c*5`}Mr6%rkk!P1eoWa(fvBqtTxd9fY2p0o?)lZu zhy$^|0Y4#mw?}*D+*4A9Ci>()CphLRj;s;OJc89T^vZ*#4vxL^tcqDtcjkNmkhBDR z=X!ekcVQCE=HHnSAqU6uF3Q(x_@{Gl_9{9`TVe&!7a(LzhCYbB{o<>6Ea|WBc)&Aw z^0%9f<@=gMDat?YXj08;l(}3{X#>D4mMM#8lYChljc@ma-EepDnBX#s3UI(`1}~Qt zo}ZeG9TtnYzUXu__)No0Qn_^U!kP8avttGTA~^#2-uFfMk7W)(FCPxYd1>6B$}|mR zPj>anHLpy@`tsX|7X|Xb>*U)nxgR7VEsAN4pxVJ8#KFDN-Jh}oSEJc0+(?k>^qJDD zXVk$#?nSQAT8=A{ zsDZNh=ls_c19oI2Jqt2Rzd8$XsU*5uzg(U<+~lSZ-GO7XqHa{AJRaS(VhQ+)Zn6OOu<-^PMpQ>y`G;APl89nuB(cC>iE5cvk5sn7cmWA z9WG=zV+dvWCHldiLaD7ck6(lWarAi19rT~gi* zg}!)uxzL38FT zv(KMK5IyVDfQTK=$v4^=Pu{eL(f(+d$d`Y9MIkf?BqD*w-tzl+&tY(^dIdBnu2#pT ziCmdyQ{Gn+2Q8kOH9lUye=@R?p|*VNp5CK_D+31DM2hzzg~3~R6ov^z42@^!351O( ze-@)Wz_Q2#{!yLLF_nZk6)Xr>)OFHfG@62YD7-GgFxNTKK>zA zm42L*&AHhO)Hc9S}(o}5@(seoqGi&YtP33&)fHMA9TtlC&L)5 zc9Qwh5mBiRXWM4Iog%0))EWT@OAW5BfFGnZu}prs^MuOg1oPeV zgt>=uMV{sTrz`pUV?2z8D!{)SekckDsL-t#cgxc%T5f6?>5D-I8B}c(>mOUY5sH_# z)}t&LVUn{#4PgM5qXn5SAPM<+Y+2$zX^$yAyR{#m>@4Vi2CCB9{ZuCmG<=`+7=fui zX^ds1du3r#`wYW0a4faq7$tfYJ|>QnDpMejkl8go zWM}!}e)I3i=40CbZr=S2#9tf9Wa|SuE%$Bx*O@KOE_av2cf?LxS6|AXbu4bkZsHrf zd)Z#AB7}+mDF+Q4{b>3q_X)K2@As#sSD7K!E={z+2#{yv!@5pR*)yF0}`roblv*d-)h3A94(U zMuWr8lEuDJqkPj=9Bu&s09fG;x{-EM8EV;k#op*Zx|3A^+CvrN9o75#dQF5X6>3kP zgnbm8CYB#9C*tkJSp%J*>QL(A3`38iV+%5zCf(p){z#&1C$Q&1J*$VI(DyB_JK;+_ zoUt0wbX-oH@3e4d;_RMAevE5ws7FGP~ zq?28a) zA$n0RpY0)zqtfe(lP?S6G5mDp@FXnSxZEqYCcp(S*D)1zKRws-uo$peRXPn%PonH| z$rr+YO8%GP@{f0C_NA2WBdR%FY297fnx*jw^Etb3-f&$mIX$apK}k#PBE@gAZ^9xk zTsSGK$~1(g9b5fl1?x&s)jd3>g?f_KpFLy0WPIx@Fy-$?nWI_vNG`*( zDod`lmP&EK@(qi8wXc|~#jVuVriP9#i1S;vy`nq)-7(`PDr}Y8KQD&T{Z7&P3@e{- z;SYWSrfS5{*wJn~;TvnCUgKu3R3a9A3D5a={D$>|goCruZ?iZ2X3b<}-i|UsR;_N* zTII`vDRP4CQ{x#;LG+^b+N;WQ-!qFFY(%}tkFCknp{6~$o3je?beoQ-$Ki9wKSG7q z$5&Ds`!i_$*|80!Iafx7K3`wue;mosc;2~p>G<3~Yb2EFInNL!{a7dYbjp+fQm)I( zH!yGGA80X=eV`nrkgQ@ps1kRKS(HQcNvBTV9`w||`qTpD<4*GnJKI?5_F+qV-Ak2PW| zpnr_*y!T%NBPm5Sl*Ftaz6l}@IGN|z&jR51ypk*Acig$7$3Bevsdd}VfTFG7W9rUq z_%P#{M23bS@YBrJZdaa%6+v25E!p$hZtoYChBvYIaYke#ikVA;{+abyW1Gh-5IydY zg_baRZ#Oy-z;xQykBp`;_uk)(-oY;=iyQW}pG-1zsLBF}+It}jO&yar;S%{WddvC_ z^;~%VrpiBT780sxet93s}9HMqncDH1w{(+N?%%67+_dtko+M+pe?p(DZuax^{^-NA5OXPw{|=z9}Z~W ze`2Tg7-6ZX&nbK>^C9OEN&Mf`PxyyO7;#X)ue!Z^HN zF2V|0vq@CF9a{;%sM14iFLvPNONYKmGVttvnvlHnR}*~V+2}$0#rM-^@t@%Zi-Dx0 zCU4o>w<`GMpoq=i?4JvMuqiCW0GF(ppUrtoag>Am`2IS)u&Zs>eCcR(tPGRm{ke49 z124V9#>)5XL&2xHwt^$ovqhWlTlzOz^txgH**loTCSJCstoz(!5VY=yyhZfIM)Rc+ zPIo{KhuxhoSEmlCfg@jlj)41FLrk0y20USS5hS*0D#iI6&$dfROGamx-t-WX$!X7w zo*1(UEH*gPTW=;fL+YvLL(1pCe9{e0xycQ(mxkn?pCfeFNMenl3wUD3-qM1*No!xI zo=y;J+!m@_-j%u0$Au~ zl#BLhf&#{hiN%6Kr#KB0$NZ?6rTS~(a-qwRlT|>`#88&X7~YTz^`w#|{j`{c2F=#t z)C?&3y<>X!J3Uu*8W%C0DQ5}u(>^}OJf54ccXb}YJQmag7XM(1xJc=^Rg%G`4uyP$ z@K}05{YNjXh=i{6i+t!=tRj0nU}RH|9?qADPJPYa$*cF^HWeu~;xhe2luDW#^DY><2Ed~m1m~=h2e=wVhnWp3dTThDf-pR)MQ*M@v zTg@@9dHMHT9DK~)GtP=SxpH!m6F?qhs1qBRk&PMqH@joalhS++wtqv2P5XSec#4!&kIyViHUAO3vS{K;p7<=#`}|1I+?q!wB+ zB)D>*&f?2G#40@6%KV1Yc(2NQvE>#ocb{w|KAUyRT1pJ9a$0lUn~!YTKR#aeu=<)wu)1<>x+&30nybR+Z?G~x6sbLuu1wCdlg;DjBY41 zto0C|_I|+oB-EpF%x@!=^Jo=?0(0Y}FXxM{Q}Yq2manZ}XEpKu34Dw>EobN7jk=lv zCO_`G;1M4$j%;&#ld}_BO$&5+oVex|Kkn?$&u?3H;McpAaFiH#RXGB1N9)|0M{z)& zDG8=;Y`)+=Y(^fWe$U~j@klwFA!ZlMATG&x$sb`Z;Ou^w`SdXTWz`A%5XV7jcNUdX zD0mlGnpN$=m;+}wehllc$`4|cS*R-5V!KUvQ%Iv(43Jxy7&Oz4i?FS2wt2kz>xT}d<-IJO< zD>RrugF^7~>cqAky!qAysfo z9?`u~k}Y?aC{y_T9=oTQ=ZEGy$;2+xrz5>&rRzIu_Uo0Eg60E}WrQ%uq|-^CC!>J& zLXWw(8wXlnd{BX1q*%ulPL0aP)=CBKC>m9_`!bA2YF{+fVz|*jwSu~F@0J;F`sI_% z=GoEvM=`OvpFnjL<<+C+o`o#ghP5KI$(Bu}|9_3vMg2}F zob0c1IbY6wgcH`*=zNr#O|y_t-W$PC0>4daFb+D75QRW^BQlvU6G5FK<&gsC~m`RsV<6==x^dCyQHd?4!f z_JrBbDr?`4K_l@qK@?4HKhV7YkN@r+^OoZ;Mdzu#r20LmVS9@h0S@_r!EEO|-|#;g zlT60d%6`RoJ7~EVzlNjGU#WljEPYLV>OVJ_#v>`-A01l8MI2`t>r@gi7V5&u>VkZ2 zWelR!WHPN$ydb)(i0p$vnbesy*`}#I-sl-@j_efLIKlc^43s*CSxnl_RhXUMWDgL2 zTph{emkgjKMJA&_tTu^#kr}o@a@$NEjTc}TEnqY?w1U}u_)g4WpNU37&n+pIRv!&` z91&>EG?JnUAKP!>k%FnLkXAut`Ek)LVn#?p|7Q+ZvR$=PYV~7Mbopv)mGLd;YY8nW(TYP4RqT zj{4`;$Dx`wxy|1EMES(NX_b<5=hQT9lJZ20U z1D@i76>YPe)YOppyZF9G!FH4n<_vI3fiN>wuHWSH-P8SV9V+W@Td664YUIjL{2!F2 z#69R8(hmQ&A;H0=a zz=LPFA6#|7=P>9&KS1s}!8hREXfc(IBkqe4hAgmB6>|H2^MlM-X-)b28*+gTEJvu;zk)*89C_8V)C5NxAm0aU zIBSBa)r>K?<_iEN?bWDEJf~-fh&f65G6tvpEVp8A>&HtXEQ!(~2IPSiY{}6v^KHn3 zp$)=(VI4HXB+{*G28?3U7zDD#F=>Z~2FG~|5j-~`E6wX=EX1SPIld*&k`KU?7%;9% zG`U7y{8EP@lMgv+(_m~IEYs5{F~^ILsXw?Mg^OcP>;0d?1Du5y58GKQlL6B)kA3%I zG+*3r$&sOOeDIv?0jJ1Y(1^$ZxwoHI#8nFf8ScWQz}Q-$_t}!RuDp-f)u^%_n8#JQ zaUME?(zida;WI0f6(H$2ojfe752y%p(P2i$qYEj^xOl$_^tkQOlF2Iy!59F8oK!za zqeZGIQ#~!BRnl@{>~oT$sN_l`W5d{W7wFa%S|(Au$TXuRx? z+Q?wlqqKNV{FbXkp5B!8Vr@sLhx{&bWp;QsksW^mif^2QGBrcZ(S5|6%tQ}3E-5v$ z^FYmOZHaG*f#@^Mh6 zzUpi}ShCmY?EPGqb+LehP1bA51t(5Ks#Awf=#j?}`qCj!sSX&^KM3p^%cBb_G`w;wCXdX! ze$U(bqN$q!(rd#=^7~5wigL3E)$v}kp0+22HRk}EMW+wHMB9A+bem8qJRM;;mtal@ zklbx2s#1Chq{BMSR4C<^%)NO_o%3Rz+{L6bZ|_7|+RKiV-BGL5SHDV+T{g>}dEt8M z-Fq8K47Ek?(nkgigR~(L^Ug96|58J^^ItR&%KJ`PB&exndLOVdpJRmUe>--*LaC)p z8c79GdRTEFgP{Mcdi&qnfy=K0g$Q&m*XTew7ut8q&8YT-Sc;75+&9=n>oryOyXiU# z04$COqygLd@a^FRLwmeDEKU8*g0guN}&?KXn zlnNuo)%r;O#YfneG!h9yLz}48E&Ih3E6I1hQiWvieR-@ur2D0q{Buvetich0=zMMe zfkpAOz>_B+y7dE&4%OMajXwz!_at&?W$HKjmvUNve_Ad6o_(F{_j&b-RF>*b(Wwrx zaGw*{2Rc9;hRE-Q_mSwhcV%v(A{i){lBj!Jq zVC!?|s38A75)#9AK+zOp7s4xh2BRZam@FqTnWYpziBzp60BCJkMjxtwf#05;VS!&?Olu2m( zaOD-==C=ePi3giI`k@X2wU80lQK3V_fDwM8^Tp_3H)k-3jfuMf(h-8$r87rUSCzVr z{Ct$50x|~)c>oxc3^5;{YqLV5rhY{-FGaFkKlfS!e%|+3Y>gUSg1}%TCcW4abFO1L z9Hn7&q~*(n-~>Aj66t7MVkNl26+*HYS``(eQ5ln08DW;3c>XK!4}`ES2~0@k%56Tj zsPyh}3w3M>{9P*NkPNXlByPDz4=%csM0%vUX?tzPr4GljR7MVH5fmN-?v5QBje_~5 zh(hjed{(^RN(exa034&EEnzTDU<<#0{&h4fz*~7KPz8~g%><|z0qBkbbl^mix6Epi zIcY^pZU{uugDbGe6(oE<`d1cV^jjQ)Pg0ElJ6_OxoCmqOTP8|@*v}*VqBAI#lbI=#%GUwFw|hTD$No`IYk%zx~AQ%y~-I)F{ zz$kH=8dEm*Fuy+}@OhAyZyOLj6cF_j^5gld^p12cp`5sMWrB7qG%DPWvCSMTr0j_M zc2j7_i4_>lb&Dx#V8;DfF53J>XcFR4E1r)dUtUDnt8eDF4@Cr`16AQ^Lme@BOZaip zSGvK0`OpF~M~F2ZQdyZMI~KAW6T>A}zS2=(T_JwA6ky#8Dlqavw*iexF}}e-kE|g7 zqe9>43Q4)rsHmd)m?FyL(%)lP1)+djkC1t$H?d@HjJF6c3eU95c`sAXGB7pZ{tX~A zv}!abe=HIU%7lISzex%Ub(X5~F3n8PVoUfWsVBmvo`C$=_3v+tW)c;x!QfiOPc zSyhJkO61E>tfWxoW5ERZqawiX6kuoNM6N5PBT#z;-*)9t7+sZH9cU0+of(^&-INDM!Lg2ebx|h@4wHp=^_`3g1`OFc?;xRbhgwE27?2 z^b27J$@1h@;uS*k-dTl=henINiSD+lV^|3sWJuHZEL&g!L@d`y-_(VglK?UyyP*zd zvDJqp&sxGvcJA*`OWM~J7C&ohV@hw9Gn)ln12!|sY(g$(YGXZ#?xX$m zR<%AJm7fpZ1pwM(gxVL85Pf%0!U4WE%P;oW59D8OxnGyY>TKp`lLvQBlTVwpDy|Cc zuzy(28!GD10^r!Ec`^-b&#eeHG%&bLi=5Il7@7BH{N?>{Ue@ip=9On-lln1Hc9;C6^T7(#BF+L)!Jtt5VJ8?JtcFe>4DgB(bDXiB&Q%i(emd z#@p#&y*3Zi=%(8#{HhjWn`FCtHM*>j89d>}H@sb0jQm zP}95IwX?$nEzUU5tbrzMYz4;L8al>I$6ZSH$F{Z2NcX>gqnhdcfbKxj?K+ZQq*Bn< z(=BWmoi}{FR~a}K!!JA%);&&v0;>2CKgb_RkRPdG8+jS_QQI~LoGh-hJV@?nKybK0 z0xk)EBc*m9Ur9LfP-w}i5fk8KthDa%qT^fybYU&BA@7~4SDx_1yXNKoH{G7FO$U{iUd7UE%-XGg-Kc!WDWTY*5F9M{p45J<@^xS_8xRhMx=lm2l z{i$13t85Ip3XDeR4aAn>b%$HzXUOE=iV}$gpkqmFKl00eI7wfcAWr-x<2h4U#3Fd5(U!B9gbR`&LL{{Hv{- z55RflXePUQy!B*&N3>NrY*sz&Rc797du=+V_S2ask>~geM`dEe&(FWSu*GVq@-%-| zP}H?&lcE%zQ!6OC3IZ4ZO-Zxpy4O1Ayzt68uPLBA#!?gjnjV+TsftOMx2c4WdXGG-6 z6c<0!WeRvNPR*n|o|%TU|X{_Ec+6 zPqrv1Mzu*z`68iGzS}e?_#+Z2IbYkzt!;uJRem`(TRT?$Vx=ywRCj}oRQ|02)h>}^ z*=BCjx4PB3TegqUVp|sP)65IEE=02(&Q>4Qci5j6m>NR2UBNz%6{oE}BUzYfI-;^P z&@AO-kp4=rZ;h<5U3tvAzsv#j953k<6EI2}5&FBCp-YgI18mi9yizN_;>Wa&rHsOl z^`YsgOL2|q!_Jijmrcz_zkH6tQa+TEqy?&Y%Ec4f_sZew^;ESDV?{OVMHS}9VWJxk z?Eqtk8+~U}V>bs$iM!tvKXv|_im{&`(mxz|`KdEMy;>8ZfjIY&fsy#S8#e+=>K!48 zW0U!t*(XXA|DAHd&X&SbcHZw$HSWBqyG!C%-NgYo>1kRQ`qsXF5S2Lf>%S?H+X0^U z-;&n9jo!Xb2PN&H>JTJJ=YNDeIwXC;DXLHORwm~i^^#lYlYGmqO5w0d8v7@|LypCC z0UAsAE-?V8@4#lNivQJj3*TL#58p)z`-Sd(x!+LFWev32JQ zf56Y4>qPs@Z&Ls&@f-f0-Fx45jSFtFSxZcN4?Utt@XWtK;;$K=Yljd$c$xm|P0R1# zJ5Is39Kg>J(C}}+9_8q(Kl<~U<>l)q*ORe;eeZcIhi}|Tmx&xVTu;6Wi2hC6_>V09 zuiG6MgvfmKk=h_JDUJ1sWwXmj9D_1ejm^nvaEQUs9@UL38H%G*%M4q)XnZ}wAb2m* zY5C2-M`3YS`wo*I`ixLG8)`FTTLX+&W?kbnoI5ZAXlIDIuFM^NF3-6S!RurI!9Y;G z{Ui&g@Ir%aOCq1mLM^)5W4_*Xb-@P>^xvH-Bgn_~F3=^JNE50*l9CatB}ys|rGwLn zzg!Fc&J9a8icStOx*pnMcw!#u!EJUlkuB{N3h>$o(RVU_=i$V5hAJ*^u z{M`@j74!3rLa}&Z;!{VX;br@crM^U*O4e8?x6ad1-V0+8R$*#N^`2s0XYW|gFXLmu z2OKYc`YWxxX`cL0H%@k518fz#uiXp_XcpR9@jP$esYGaj6vRYyc_Mp1A9S+6(eW;M zt-{UyI#Mp8a)`m+MSGY^1%FY_x{hlQpnEy@%%F-4`m`FL@HrOC_s^LIrIMs@`%|0f z;;EO;_7#g`f5f?E=>&b3_b3GjR#V*sKR26ErPiZc0x~O3*Z*aTNJnC}O45@>7_GS>o~$aLC-fA{MCMXGdl@=S zqyof;%?@ACYg+AYKePJ_#m6nyzPy|i=1rhT20G9dWNkFXQzkxeeID**1rfe3Nr(`U zOj(hr>dBn**82zNmDJQLMwl1`rYK|)_HvXzJ58s5ZS6C3x%0-&CfOn6nb)i#PvEng zcU&#apT4{$GBzndK}FaqFxgc9?Vg_dBd5vkahi|* z^hA%<@ufE7rbTVrxJBUn=cA)b@Lj{(FWt|3!Vd;i)Mg+Qrc`z6{%;Zy z8qR_<6K;hvJeTnrF3*j#maiiKolv2`$72={;b4XZr)1Hms&}#VG`DDyFj&xOT-W;>-h6cRDFsaA$3su z>1ykK5ozuamO=92E6H}{w*k{Q3!@_FUHU4wuj=9EoxRZiB9V;!$(|CmPE>Q~Zg$Q+ z`N#c<&i4^mPO=O29V=WsjH^d%nlwfw!~mSL!~=aF7iQAEd9)cg)S7P)N4yei#(_|A z(>@YADxHJ!-cMnNeI;^hRHblTVrT5UAmaY|HO9~-H4z{lU1hC(w>YW;rT z2cx2C&)ZuYGot6z$ft|2NK-D4r224@(sjh0;l$FCU0L(!KHp7dxM-RMX)L=kdFU8= zmro^cEswh2a8eV+_4*;cm^s*SyvmHyQ(zNFq28ZtqVz_NLokI(?~*UDeh_q;Zjt~B zNed=^P1WordDopP;Y;A-G-e%+Of!ZDiS7YqFC~V)=GX2=lCdjC8vB zNL}C?C(FYS6+B1IfpMW^onV*mc+Y~eQS7h_;mq@Th*xn8X(*KFbb+9`H~Uc!74mbYSB2uM2Yl7rbhPEDg(;TSJ0tkR*lszVx5BAy{zf(AZpj#v8vHBdqN)L&cPpJ!c#Ov9ivL%$*>QtE$=^4; zpzYew4+p$e61r%HHVGqyv3IW%X=CI#+#}eM6;}ponL3#cU`h9=1%{j-G>|KevtpFw zl(HY)=lxA8@cF?~qks}ub&O3PJuRwJ7_})>EO(9;2*&bUW3KY<$^`ea`SGN#b|zI5 zafMIWz~C&eTB7K7U@^6m>eD>DT2spFJS^5V## z#d6o!dw7fhx{1~wb6aJC>o0wm+5)b^qY|nps!8+rbuh|WDiqY*=bZ|{q5b4I^c0V> zNLcLK8Cv?ED))#~wWtS}M2blo3&;q$QcFb+d5jVQJdidZYuh1tk#1-$wm&O!MXU6! zI-05-?Nt*aY>8Gu0T%qw#9C?5XNyacaCa?x4MGEJsJsR}q)zp;KWKbOm zs3q?)#N6J6mGyfOX`qQT+=)U5WcrG8!zB<>rKM8KrLoX^K9X37C4k2roRvO=I~gWM z^4bAW1(K{We??=7>JhW#LA4k-XE)*JT9!l{$*~jM8IiIa@`RY9AI?3j{#a-1rEQf| zG&(CEOZY}8k_=>qM+lzlSi4Ymc)qudP>S~cXmhMha-*%6s;1ftG)mQxI8f`~mO)xS zh>T&8KY*|Q$duq}PdFS=+8P)9e`BV>6HF+;n8L@>#vz-Z-K}dX@78n+F%LVFA5M#4 zf^>OkkRTdAOjUX=eN$#*=x~iqZk!dZL`fSJ0(+03=CXCy(L+qy40y zznu?c;nX3-?8s14Eay#Mm&FEQ6*opKa^LC3ons)`*x{f0>)nMutF(4sb-`u#V$=+_ zYaccV;qF-lr2-5(-c#6*qazgqMMWR|hB8hzvL8KBRh(Wyl)RNy)UE8g|g> zk-CCevVpihptQRf_fpYGGL}xIh9#LRN}T?mZ5qN7F#Okmn%#&-DyK|~^^MS5Ld&?& z#i(O&w2})afEwWD#DV02jVpHrr)OlYqft=lvSNk#jEE9eHN(MdhG@+=Q0R{?;}j5kFphm4YT-G&#H*fWXd*2&E3?~%R8N-O z9g=G`c{XSgTZ^6-1~U>Wk8qH99G3AZhV8zo+IqpbB}?TEJQ6KC5D$=a|IAY`K`Cq~ z+cSqAH*K>t($5$K2BWzNI?fSC$28Av2#|&qYC2+7Me(J521ab^moG2`Tw&8Qe^Z&k zith&wCDDe{*k>ReE^~+|&Ba9q?rq{Y=;ygdu>wn=0WO@oA`gR{`sfe30X7g!D(?v- zcDB8c?=6g&ZNWFMnHfe8{tVtg9@Sa>J8>qw+LNIF7eCx@$tl6D>CiVnTzH z(?C>905#WmT4p{mSFo{cMokX-p1XC$Y1v;MbXCC}JIbD?>}yY77}u?@xZR+6;9!Fj zFeAY;o}=#}ZG?M4y3rA;>i`nkid~knj2DQ6F`IPCY5Ni!F#u52qy0NO0o7-{DB2mI zZmZp4h19}*z^ye)*$6ih>7o~8rfqLIbEhN;^+UrCt@oE_3Uoh7#9}Vl0Ox57;dX}^ zT}v5uyV)3#%C-A&@aQFAwF*qISNFofaZDKcTz$HmPR8>k2FH~hvkl(BjjRIuRh^}Q z)(sHCh88A)ti%Yn7I621?!s0m8=p zVDPp`PVC+D4GhbJQ+zC*ELO8FAD{u)=^ zhk?K`AUKBGkcg=l%j<4qKx2|^!*X8P4e@jOwnK`Yyt4qQWqG+yv9RexxhdX==VepH>!nV_-Jq;R+yvFdHqd|U_ z)RDkmluKD)wq{v5_4L9{VA3@Nty9?iFmpqGZ%%LFt9Tn$loLE^hB1~#)8IkO1j=`{ zgx*$U@ZW_V=%>F%%OAw>mbnVQcU_!xRakdX)MsrG1u@lN=n)YLR9h#I_;;-~=cDl@ z%I)`}cRi#BJ(U0thuw4|)sEM9p&{s#A&mdt9?d9-6$*ZLx%A_8Sx_b#f`07DZ{)S7 z(l2W9qTK#AZ0d3N208W|&9uA6SqKZrjE-l*$7)4WMdM~N_B_tI_evi}C%R`9ewLee z6WrbN^<{WS7i}koSykRo{AWyRLQ0;Drm_Ukwa;rsR?PdkXC}VM^7YJ?wq?_>&7~TC zx^O7Md4N4zVs|Z^#iDK04?XlfX>C2No_V(LlWY4KgEKrB3OvO{_BrbT!m?1cNzc0S z=!{Nm$(24`HmI?%Kg9R2Md|ns9`jbrb}Ig;uIw;(gSbPSpYR^zS-mSVBe<^tx`7Xe?7fHU596l3U>nic@{=I3TuT-V6^f`3aj13W zeLDm2S$K+$67!msKCVtCV!1}=<}B-Gt}pm5Iqe-_MzPY#r=9gaq?JB2%oy@uQnh4K zwO+7-7AI1SOb%toCzSA&<8;gSsG49z0k}Iz@0`n_*sHYM@Uw-DxJN;irsb!2ewMiD zc=L4X3yvq>rN0TAa$f-eQ0}v{*h znbUpql2H46x;o|I_uRh=n&d}_tzZAwHaY0jHQ-FO_)Rt&c1jdq0`yz0kEXeI0oL@p z98K}=;*i@UoeOVeO8Q<4_eS8qfhS#{GZ*Zy&S>C39nvG%lYQztxGcm|g@dzO6R#xJ zj)_zcfB*>qp7kAm?_}pHR`|o0wvDI%&JOMck3qGds5?J`e*1n25@e0ZSimRABt4T& zI=^Fyxf=}Hbvv6c^iceAA)5`BJb1=~rY*Jye|$D})h^9il{V%7~nH-DyUrPmK`-`iPO8-a+7%mHl z4ZC&ERC}7{NiJAH$LfuT->l!z-RKM7_Bj+pwMr#A+^WX}zW;c`$erND>$zlwEBtCx z@-Q$p^(;-eJDT+_Mlz^idHr{jJiEfEk+HAO$GdND{iCy8^1psB5Dv=F4-$Tr;8~E$ zBeLnu8(93x^%H4OiROK&<9!(`pfHgCBOf**=e~puUet4+YU#??74+_RaGa(E@_B!# z;DPEW;sON#Rtjkr_Gk%^X>|;23kb|eRx@c*o4zn*83+NafE!Lj*q%bAC zI`(aO*5lkZY(w$i*uwhL&wNU&R7&fFl|TR3vj2VCcBuRMW=!HP0~%~=sRQ!~>(O-k z_?_E#-n*|n?4c*DBB0;M8YAoA>F_4Z^Z9t^-(%LN*r(}ozkVv`1gvjib0}el;==Qv zuQpOcZr_+7i|$Kvfd9h6&bIq~1pbJJdNHw1=QcI2dt=m{ri*@ zc>7BoS&3_M@ZaO4VX?J-C!fQ*^^4tf&F^nRn{nS3h6elzSTSjR6e7_=dhwUvf}TcE zs~~7^C7tntL2)1uD%Pmoe-KR!LK426{~(&EEIKt#Uf=qo(9mE%4`+cWXxIuMHs^*t zEFgzrgWG?#x!i;^HAno6&)Qr8l*6M7))~a>FaoasYI9YfI83Ae(dJ?^Y9u=??he(E z;KP0$XI76OA<`*KL34Y+54?nUqKebG3OewyiFi%=2HJO_dA1TD1n~V#U;J*R>{_d>nidAuerK7i2Q}Mxa^N z^y+)|MSlbK?DO^MZW%&P<$DqDkLB4n#6R;Z!z=2{9n}kz{l7nrFiair7&Ejv?t*;l z>^V1l{#nGg8x5R&jKHrlk$^$^>N}|9t63-vxfpqGb^f^}c$KgxQ z1F_FBH*|XTCgaV`uHo!k%c+BHf9%63X#k8nusHBbQ4YdyN&c3>f>6hZJ{j5+r=6Ji zhm-^ZkWfJgAkJxfPRim36-IjYwJ~Y)7aDx`5mkwwaq|KwkpiGtL3{BW-t30&_%lbD zk~F4A7cwfz(^xY9TEq4=z*$CH*_gq`jyXf=LHQpvUk{a;yMl6+ZP~c!-kC!t$BYa7 zEtc3Kg9u`m5#(3#L>Yn(WV47BKi>h+t0ibJfKMivBjM>?+46gpkW)WroexWG>~aOc z32^rW`*!B4?&9*Q$XEJRcr^{Ll}}__PUEVTd_~sH15mlfD?TqOZde)KKKM{>$(%=8nR|IFUem#Sk66Baym%Q)8-X$tW{rkwdjJ{|F$fl zYEhAZ%%oZTT@nszcedoNsdGmpAFu+~BPpX6XJWr%BO194v>41&6}})2Do2$34k{`4 z8h$85dIY%Gp$7aoV%Mn4+Lx{8X*)qx#uE63X7u4QxpM#Q&Z)}vKbMbCJ?gHr+rBPF zpcyr7aEf?Xi^RLB#JetU2N26&K$y;xn9VY2kK`}iR*|gyha~STr z=;yq(7qeVV^;SE!s=2+9E}(+Pn67Ku!l2|&(wQpy%O>=FCKZi6eS9$fP>ej0DA~ax zxCfkJcCU(gkiMfTPC??^c$uz9`=4q>vWf+OQb04EMmlqMBLj(J;3vvs*5~L^1PTXp zZC`qQQf&hj#bQ8no7XHO8!Upbfq0lLfz=vwwtyNc{pI|x2FFs7zC6YXEfJfCb5_(6 z)zPhNxAkyJq8q_@aYn6D3tOxgppRMiLmnSbnn}Fx7%TZI-#>KjsKFCWDk{XddDbAD zEYzOWvU1c2Wyg{Kk>sa`v4jP`KvIvI9iOH0q)p6Rx(;O_Kjna$#r?Tge})4WrE_!N zDu15!s)In-`IKMoi~L0ilD4H4DfEOVXu*aatN8NKv@yj5eX!m9mBc=NNZC9qCDq35 z=yIPRgFwUq6`M@J>QtnTUYdN8%JIMKkML=hz-b99dD&b>P7>&+$nW_EpoH!eh-Wdw zn@V#flR3nl<|osla>b?P7dhumJp7vURD)7|~n6 zBgd=~&92+Izfk@Q?hRya<(P4A zBZTkPrkzc)vR+QPQJ$>Mr&cjxJ{hAWTgZ#6%?X{wX~??|q2%gGBd;+n)5gFw(#Fk; z*9|#-hqmG%cr^wCeNU#lxn!E1DUO(EGF1`>0j?F*I1TN7;0QS2blX(H3Q~>uZLaHIrb=$X>+Ag4_CIAkM z7G2F49DAJ??6o^~Z)%3Rtn+0o^DIi)&+5&+ewM3%N33M1IUX)4Advcnh-zp%c4BJ> zhsG~BW7T)+?7bmko=-{YZfZEV*Te0b;MDhOGXwpB2{MIVk*<$B9p8+`3|h*Ya@~4Z zpGU}<`U`E^ko^~)0ux&gPxYg1lRIo-?W1@WFW!FFlZ{4@8@X6CW-|$@-i5G z#@&7#5s20*TvGt9&whwN*WAf)_=}vy>^T_Mz9woYDKlYa9Bh(*4a!;!#GRs5wWOH8 zrp8zk`*lRG8vHe57^hOz-9;U>)T+wjN__q2LGrQUlIZwl^nkCc*+t`G=iBDbrF!p> z2lA2wEJEE{KV6F7Ft6&G2ssyv|7=qUnsfUp@L_=3!y#3n=j-WtxeWJ$Y~#Y(GRsXn zBhitEW=PbspK#s|cG2&u59^mgf}g#TJf)BFBp=^4^!TY)uQY}1+@%PI5Y#z_?pN>P zIKBsxVEyS*3jK!pSp@jRQ^-y0ng9L5ATWlE#yfo?afx{u8MZjZAJh2g!W1UjF<(%b z8_{*ZIutZ*{P(wdIw_Zw=4N7QA-=P0!y63a_PLio&Q0?czsnicYk$Idokmm8aYaL) z*_86i@qXiEr0iN@@JlaOWB!r4rt`|;mp)9KjgxVkqz%sC3xR(Nr<#)?I_O$w{C|lm z%DTlDfVlIZ!z=k{M@qj&eS#s*MeyXoXA2rj-o~CcpF~q$?&BVRn{X`@#gb=9W1+pj z$9UWDflYE|L!;pOL%`MMuRjY#1^SP(G?y)gRfz(po&DwbV(L$l6Tc=@kR;o;*Wu#l zs63AV$mct+dec9QQKOajA zta9x6wP^{Th5nUn_(5g3LHlo)7Bm?y)AfGWc+?ew0N^0NQk!y!ucf_&V4)qb1p;1T z=u4D%nITQ$1x1OmDsB4+%z&e30e;3=rTia?l<@yhB+~yyk%<346zMx02CCmlPb9rN zBL~^o45j{`gpHv+ur2Pn$AcDicQl`Uo*pMl_{A|58ld#+e^I0kElrtR{?$09Pg>== z`HFEW1uD%Pi}bI?*|^&>?LK_A9E)SVXh38$TEs|@^AARv;%cT~)vL7DZFWL{R@{xS zr0q1NT`H!BhJE>#xOIm3NC?l?NE+k&g*-o&JVED2m#xY63$jUsOe48^F7{NPo#}zZ zBndhOQ4(oIrdnsqFBCIaTDmccM#iMAMhuR5uHf%_HR5xI~ze+hpPo zksUHuSVcGl3Q;)>XKI73tD5&LqD7ncfoSvHF(44#+uiUmrmR3b6wvNjKQ3<ACK4QQ{ZbYo9bGsi)+-dvhKdGB92>7SrvL}jM*3M6w-s6^DPc8#pl<(DAw-TOdNIWZZ#bgBq8^Y?U@MEeMX zm$2we^=F`|IH^Ti!81Gl!$3)fL2e|4&1eP+r6qb9TGGeTdW7TK_~9~A3$-1V81Cks zIf!J}lRT53nH5|{vCThY@0}Nbj;*K{1O*hw^HU5{kaOjhCTho7A2qrpX~%#>(%@ih zOD-)4j!CVvJNet9SmWHm%3@vFOZ7cRUsS=k}NjgUx^Esg)7rYfCnDQy+ z283DDG=wkA7>+V6%35_xYbGca1;W5f4hK_gbg-hSfUyeZu4Pz}3kceUz5#vH8){*Q+IbLh=TLk3}EQtpwZ1 zp-B?+MYe)Opcqq0iNfM4P$e8e&Z%YK7Wlumfjs3-adn zzR`X8T7YX5aV&kjrr0BFlng(eCm?cI0kQ3QqVhWRL5Ps>wbc|1X)`$J37%H^(A@h5 zVwdqX7cU&m$P;K7XOmebGW3e;6xYZuAL=vI$K$O9Rymo!?KkWv#Q6#0pz5RC_#s7_ z<&msVvx`-vH9)djFV8J)1v=>+p;Ms4GEUgV-&X8pL6dXEJ^>Ju8Z%>vou}gs!V8&> zhHzriWxwSSkQdnwv-$0UNYkW`S5}6r>a}CQ=@CQ+BC@3Qb@ElYy@Um02IV!%`8zeUh!gV#N@$xB{V9<<{4##hy)<6!W9Yy^>-G@*u@beY0$2ok?5+Z zu0@p&stH+%QBj%>-DO&8=wm-&VXvae9D#S*dJ#ydccS3QVX7RsnEQe>v!aJ1F%Hud zOw78rpu#{>m7-5!hmW_KXyEhdOTsf8rMh`+a?`OgRp;M2v3W|7R9%5NAT_XK%szRE zE{_E93M0cA>vU><>z9IlvPX$YAe!r@Jn<8xRmq9y%REI2EJAWkh(E5n^W}?|N0*eW1^KGl0XAhlHs<6?#Q$bsP~KVLZUW1a=HE4&=Xw1{GVT(yRnu(i{E zAwsd2PeEg)pD=SzhkYZO-|$)0h~gDTiP#v|V1B~g?Q#RjC`>@jxIvaXpWf91BC!z* zF`hfygl^Ik3`CHgy3*f;^dlD6#U79^a+{Q9m!Jz3Yc8EY8F-?oR<}QewGPTDS`_83 z-4=a4V&5H*I0mXq+Os0!UKY62?X=&M0GpWah>pHeYZzGhvG> zs?Ia6N7-zQ1f^`#;jv2uMUyB+mApZ+@Y}7e?YV^qDXLpp`-`<=SRf-Ww2nD8cX7z9 z=unL}hxpeM7VTTuYCcdJgC>KQgpn^*VBF(;WZ|Q@w=esN3%95_dodoTUI)_`I?`p1T_Y?AXt<`yzq+L7WnU$z~<>_0efBM*DWMb7USM230rEauHmK7VYP2c}JMHtMT z^c#C_{YTA`aLq$^dsuAFdk`r)q)o-?!KQ1p);*BmnS4sb?1LD!1`}6lZHwvA?-JuF zxxP&K;}r5(y^qx{l8uOBQvxX73-j@@srM6ShVv+|G-0q zA)7?^pUvnHfx;=L1L0Zf=co@Sbt6H=J~%XatxnMt;%yZ{l9lgQjah`DUoVj1}k;44_ z84NzfBy|o6O+FUXvE)aQ0)U^xvnG52A^=elz5oGw4jVoc)fr<=2M_5*;L9JO6m8+j z<$|-MZxluxKGO&Nb@26t`)0M`1;T@b=)jl(mL!G{N(7h+iGK3q?eBo#Q%B3o8^D7w z0NpU`I@Svr>xF3rCLFOa0YGhl9(zrcQgrSZd;vbfs+M$KBL4g^07q}Dx3!hW@L(vV zNX+yPdHZ4M8WbRXAlOaG=EI;TOHKr)3@pbUB5wt%zX6yzf+&&bYFd%rbfD9K;Lt(8 zt1G~3qc9n^C`v*a#HSf>>ICMUc>E0tsX01+x}VI)i)t zHHZlr?TiN%*ahdsSV3Om1;7>TRzk^h^avEJv50KQOJeBBY>5YSJ{XHeg1prAA{bW zhP9eD5CoIyuutDcd{Z|!dABNnloWFwLp6YFX80S|i> zAl#eDVw66{mPK%ePKk%&P6u{me}7+|m4^VY-X>KjS{epq`LIU;=~6siO7c__BTyqeKlS^N%Ihq2~oSfhvBalZ*gbjlimahkDXVXA|RH>$8Kl9=cmtVw}JLCW;B_7EH0em{XcfRkf0L(vApVRD9w`=;&r4! z6o&sLYpI?|rGjYDi!vyG5wwdHXtov_c;?*_m}qBGRuoj`EC&4%RF+oy26kVywFnq` z{&*|K@!h@sj~*~MI1v3KKYLg$DWE?WHegb69#FyOYzg+VWMD`TvH~AQBhowKvP^0d z$-#I45q!KH;6deTdw5YWFi;vVkWZ~VD^LivI7zsSoG8LEq0G6Xis&e&fT^024)r4) zPzVOQHjbMYv2(b4hehX)MOTBe{t?AAd-y(&uidYQoxwvJg3%ivM3Qpx1F@7_59KSu zTJfRGr?}?fXcP!9IsSt)MjN<$ZCEYs!eU zbVNP`AO||UP@iYJYYBG9v%?qo;3rX$Ss_!E^E$qsLcG+650#(;5MBv3?Ff&9hm+rW z@H(2tN14*YP`TIZctgrSUR6ZKuaOk3^TZ&^UZ6M9Rj#a&#uzGUn)2GT30Jx#hYvb+&6zV7#N z3#*ZhH)X4#R%<{AO#D8p=O~WZ`D5H|YlLY@PX|(|D%fVk@?o*_WmOpEkG59wcKlrK zjE8z_t9EWYAct!pc-1?575IVp)%k^CLPnsGaYq^E=dCC4q^iyiPmXGLb|8;PTz6v1 z=}jZ}thLGzN`%ZN(&|yHZrVIdCs4HOtjr5;j~lLjH(H(VlO|0JuT;Q831^2|!x|n3 znH}?7rz-4k8tu(k)Hqx-jqkeoI$JzD-|VeFYv!`tdo3daYZN%_jwvf%R|gaAHd&utpz5K-wui`f)0Q~3U_Z8&8gktrNYD~&DwDpg2 ziNoTP1CnYPhKbEkD?knf5bo@b<)bwoI|w$GlYW9}5n>G~K+NJJ`be%lY!f>8LOS}% zV7&}k3};F8oSjl4$;PpMaFZ}-QLrD^Gduuw)~#;ks)L>iQVcmGfqDgwW-A zs=XJzj1JBW-^Wmr+q0Tt(^ZI4)Rq`p7at3-8Zvxr0lAHaeFopH z(Cn?XePalf)7KOMR1)b?5v{KgxnAt=iC`!*P9;#vX|mdJEWX+D@@Y!!fll@?vS*Tm z>??&h>Wf|pPrMu{m^UMz+RK~fgn2&eC-^H-J4LMxE70a71iKiupkw&9`$>o`K&$#| zZlp$RO;!G^8uv7BC`xV3be-CW@Z1Ej+*0{~D!ZHx)G|JV2|Cx|grheqMxH zF|BK!Kw-vEYwSm*w(wcn4rh`U2uL6e^`iqbX!#jSS5zd;My@YZJ@%Xa7?%#2jruih zD4A_+Uh4w@LTcwa9D#g)J?Qa#`27^0YM8-9V`z&@5{^Uew`uMbGns}A6GotGCeWLy z^e*LIR3WEfrGFxcyr4 zG%wo@SsNamVTy3XO@q24s*z8UNGN>`h;HlYt`(Gq2ciQ|O7?uO9sgCZ-rup_DcNi+ z*>3hX-+iaDfvwK=jSsKkyl|B4#onr`q?-QRJh!W_8`~Fx)y(2CT08N1$hkHc=_tr7>^wFDLY0T|E+}kV~&8=KTx&V0vE2z7)TB6P9)}8mK$XDXM8(^9t zGX*QuX&;LG%)+1~w+geyC0cAN2pAb0aEMe0UMH^$CfC?%q9jLcTyteF}q#zm^O5#-?tUrKr0K>W3WB&YG5eArtRv_Nk)&o{^D4N6%- zI_~5F@xE!jMHl+ApOx#rVS$+TRV)Fyq$ z@yMto2^5ygMJ|koa;d0#$q8xV!HfKIdX#^H`LOrHqb50}Q^9oWkH@!h(W7|f%5w>* z0Auah`+*`_;QKb-b`>a-j(p?$~mWB!;XB99O>m;^* z)*bE_o*aG2hIpM^=AF`e9v*7+L|dFE|3xsrIcMYfiiuaX{^7UC6dMVj7A~VpLIaoA zpnXDv9KQ6gB^($A`=zrAC0yV+@&`G=ey^^%b^HeJMDi+R^~3;o;;3LYcKVOX_HGpS z_C)+S+pAKPULj*ENEBV2<3G?;fvmod7TPB^lYUe6G$1$ZyXm)8srOtG+uuR>g;mp% zmDuDjtRPMTpV~dv<3Ij6#<`+Qy)~-4)!e>Kv21(ixtQ_sd|13W`w4-Pc9)fcmg5KH zqeYvV^8WOc`YZ}KmWIiunsIq=U%a9z&On_iL^n5A0|;pW1z@n))M*NwtE4ZxpuRu* z9*>W>ct8jalaUqz0K_7~;9E)C0mR`mYm|sQ_wqhV*i5=sW^qwJbjvl1wzP~FkM(Pe zn?3aJhFr-Qfke+JQp>SXlry=O6+F$&q|F(V-`D6_!WK?>b-GVE`+XZkFFSoVC({p= zU<~~?cr?$9_klMMqZ@rsKAHNRJ-@$b)1fw&a;8uw2J!2oQoZ&%hpCq+nNVvXERi@N z>nGz@&qbatckw#22-qJS+O6eVuXuPS=D&zTn9bCy5Em4XsP`g1ImL1>Rrh_|v8*gv zH$$+X?n1dXEyK(gNxC*@XGThWY z*igJ5m=tP4Xq!{Q%f$n-rKZN@Txnv-tx zFq^4kzdDa&jH}bDgD~=RftdwgU|!4%*jMqC^R=t$>IoUzy=W@Q)$!C=@Mt6aD(Tvd z8xBo6#Am3+IZoD6Ko{iKX7Rb;=3#w5#Ho|~uWEcwRiGP&Jt`vDEXOy*{K`c8{RJuo>m%DO_K<_ z(=}}a>;kq`$t}Ppbpdn`X9H75puKB+C27Z2Tr7hk`fRKe zk8dfIXrf(D6m+lTme7h{B*w=@#1UawMxY5y()F{R06dGzUgfTk$&XJmd!D>&FBEVy z5&wDtuSUp;w?^^P7hL84HCOe6_XSX2vnC6~U9VNwAkv^bNPsiX^TP(+iRAUV6|A7g zR;7#dZ6k`~ueHX`+|7xLDSj@i`t?HkHIK&=C$ z(V~98U48|7!-?T+C5tg<*Cq(G4_{lw8sVp-A*ocA)XW&K;TMswApou#M5shD7ysJ+t zSKF6c8dXu*!pdjJn{iAxk3(-LNK#2L!aVOrSJWaab1bddBpK8FU009ESG{BGMz zQ|Jcim=86-dvPU6uuo&a6-=k;eJ(7}>B71gGuuAI_0%xwi$xFF8P=rJTY`MniesYOoVst$Igk77%c6@}uZjJfy(g($#g{@%2SI z1y_xJU^8MHM+$STC*3;mYLG|z1!Mhl z18&$$=6(&ijDpt|BH%qqLmgzl(nj5~b|*FbQ!wZD++B;&-O%s1Lpl8!pqzG4mL+u! zBARb#;o}!qm~*G;GmY`NGjiq!ueM+~mZReU`jbA3jshX0e*sEsd$%@mr(w4CaP*f| zyF3{PoVY_Iif1r+Gc1$P3aD5D@=FURj&Ulcerzmsx%xwgGFysXZiSaaZYEtFxo7KP zG?NK7CaojbN3r@`Da;R-BQCNTLQK<`1*j~dQMo=-{|?++_kE%HLw|mnyE&0^Q^@kk$~(UzJU%f z*;VJaK0AKSFC4#(W#fqyAaJSC(3pLz(=<@UHt4!jlCpuhr@j`Al=(W%_YFu7zAj_s zns@n3;(h;CJxg~W5<7j9iH<(bKl0ZXRpzrTde4X@@=w3lhd`YdXu3HI+|1pT>LIjq zONJe133Kv8ZakAwkT+KogZ~iMFG7FZTd*Cdi>lIJuhink~By#k+O0S0W1|{~^@mvyP3?k`p zc9B7LwqEg7ajZ4M7gzwo34VbRN~+6SW0q`9Dd%(FJ@iD_VlurkMdSj!^+wt7o5YJ zm{?d4bU{RT7@>%OQsha)tFg2k=LJ^lbArf+9`~*YqelhUgQ@oh{;o1vx^zqWI(FsZcl|GKxhJ3hqe$6)YK6_bwpDMQQ~2cOKB zhea_xML$l?5UE!)s&9yk_Q_2NUBac6{*$r(dhxK;b=IAXRZJQf`A`pMp{qE} zAWI<6{&*PvXJZnj8`vF!Q3n8Y+*J@(X{lVQVohmbZw~Sr!HLnLD9&b}Y!UZ0z=~D) zgE5`0w|D^^;YkG!GhZZmeZ$*?-hlwjn2;8D%hs)BWvzq9vOp zkeqe7d*?ZuMA}1=ps6`K0l|vF19X~zW(q;DmQGA5Uyd|3?ehq z!R*x^Ys&H@XE}3;u-e3sl>cyNg=d#3XK!v`^;6riAdQ?2#J}>Xeh_G!2_)+UaktUN zpz~UN!_gzh;MqxFcTML0^~Fbi*|)n%#ctVOe*vlm;E!9OMJzXPg+Fn%84xrBVq~=U z@iVdF;O$9Zuf_SA=iX~Equ;7V*0QqxSK9o3>YTmdv^hq&Y_B<$BA#zE&LR8^lun2q zj&=yZ8l5*CtbK>Q*ePwy&!ksoE*s-+#4+=g`!uF*i2&6SArsIL$4t%If%`nR|#xF&hRdnRz$o7TQaAiTakdz4`Sb z#X=pjEOjf8{=Ut!|YWxV_vRM-XSS zJrGVW9eFae-HmR-y03AD9WLG$$q9q++RK@mCWEDxeeJjCe77(|cc3DmhgvJlgSJ! z76&+4bQMTMIkF7}F6W#wxNYQkttP57?ck1r-mhfuISjT#F~yPkjLu<>&jLW>vocp$ z;_cQ7{AV8|Wdp9*Aw$#Qx5)80-QgU~eJY8_H0gX#iRKj0lKxFlBl3%bqxxY~3Q!OZ z7nXs9Uhl-y;5xL>%xl@+kddQM9X1Um;^s(dlOO|0oP$z;Wg-}`tiy9S0M*J?%s9a~ z2*Yp7>2_@*;@Q~A7J{86HjmW#IOTyQI*eMuRupi1;mL@FVQ1FQv1g9;t@}=m z8!X>GXZjEY@N34wv8p8z7XW^u2s~M^SXmrCUW&0^k@8qY8AhJM;HR>F>QIU9?g0^)1hTDIUDtn9ur2<{UUV z9c(wnZHdPNy6h(ToN&}mZAyVb|9GNQ!U~N5*kPVHtf!~{V1Ekvcepn3!x9LDz0gNa z%MT*greMBYXWGLKxS!puOTBt&y!w~C%3eZ<@uI3o&VPM5VR$-2A@*eUgi|?s|6B4X zC_7)u`a?caJLQ|e{lohyrHl(R^PCser;Fs`A%;cZm8T%CJMS{rDUJ{MDdL|sNnT`GHe01!4}ul#Fw{(RTFo`+m3wVqoCVBC_SxxDgn#T9au^3&V) zxBlpR1yB8lc0SIGest{5c&gmkS7&6JH(tq+i4DU+~x64RRQ^JBqGTCw!!#`!?qFXUXeGRT9RbM;}j(rM7hF#aE z;-Zg6@Y-TG8LrhjuEt~s==(K!EGOXL0W*3Y_NE@NJ$?AE9+XD_q2;OSZKsV-*h-9# z8H*hG*Bl?iys-5{C5az~KjJ>`v6gDq_~nI;D;m{6a?=MM(F9=!dygnrp${tnYQ6`; zNX!87H)W_4Pu*HZ!Rx+7iZ>r<4N-f=AJPCCZNX!#f0Mjhmu1oB6}dK_UT!VN zKV6{4K|rV&czk>^GQb29ez%z%$_!DdzNCF*;YGLd;bE$6jGDQm0%;-bt&fKgNVw zW8?UWa|MaT=*{JN?WXwNMYYB4M2LB+&D-*zCS;y<>!a+=Yrd*WUO1GGDD;j%n(JGw zVf7RLFvg1)d!v~2#kFqa-`6JTw!J;XZv@mj{V(n}#EF10C~zPt{Ug2f!f=D*JWCD? zvA59?5H?kDcQXzwh>a}d?BF>nEQ>Dgh50t?a0rofWf?t)T}R>u`FIB2J?y74hJ|5C zb@@!5TH!MNXqRxJ>X~_;b!+n-=ytMt^L49EN;nW0!#WqZhh9Dx{-Zr}E6lWhxzOVG z(9K3DV6YdCO^XIIilk2Q%kw9RXDfzhqW1#qfq`}(!fDuV86s(TF0Dd-1Bq$vfT8u$ zGPt9M^l>f8A|-On#rh=)km5y~2;O4U`Bbdgoa|(2V(14T?ipJzs&?>Qsf|LR{L>O# zO)SVF$tqZ%8HA%{M6Ux5Euw!*#Ef7m#7-cm3s-CKV{z1q_+XX^L9mch5Qo-Vzg^nD zI}8hHI4n1Te_=k%jxvaU4Q`)0gC^kW*-@61Dzv0mZWvb)l$DaG05Cd=UVszG@W*KD z^zn_;(mLObSyy$|Cg^y5^t<5zc23b%0VZ)ia5iHt#b?Q;d$*V9?99{$Jo51gI$?VZLdJpGiPy+#&| znA^IrUwC}#JWt&0Atoh)b%I&h82i21YbukmxAQCqpShmAA!1v%rC!b#3r{7b)bmZI zMGO~0;W1PHLcGJ+A37U)S6l4QTKGombQh&mSaW?~E1D7BR1-I*GS-RHe?a{-v2Jf5~zD z%5u&sc4`yT>e8rQKT-Mb&04r^nb-ShN*dB{S8Km^aWPkOy|>eKrHc2nZ8i8d@~gAk zoR!AN(C9FautmR?6MhJOSDn3lKUtuA*PirprB3{FhtvYuc}4lD_z5a$2;9zc1c&u{ z=9jc=;n?@A9O)^rhv;Pwsd>ISHh;e4Ls+R+!>wU_rvIbTJIgNz7{jVhZ|rZT-|1Q2|vx%b2@!FUSv~VwO9t0lK3D%qFhk zIhZyZcnX8$IGSEcSahUS1B1j4Oh%jG3|OTi^7tm2Y=(mL*gLI5_oDb=R#@Nv4J!?E z3{UG(kZn@1m#4FsOhtMMt^p4jWLG|TdAWc96bm_ud-ciT2aycRSbRhLxi5?Wcw@3> zZKD~IU(>NSDCkC%lo4e7ngBXDOLLoYqTgJ47*;9UQCqf7?%Wdq9}|vaC|Y9LGLxAW zwa=7nq|D0$0pu=}@QnPB)g<^8{UU?0C@ww+Or@JX1~H<1Lq6y@Ou#$#uFMFa1&~15 z@n7Dv723R2{V?_-g1`(%gwjUM+vFnu6z$6RFbdgqoG1X87@a)xs`^xkjz@>)GDVsO0prW3~p2e#*r&gTX! zDOt=F%NBPoEIq}%pTai}t(t9A2VM`N&=_&; zXppY*lPlG3H2kzr%r&lMb4K7IfeC>kYvX9{A6@OM4I{mWHw(29PszV zL$%%xW9$1{$mZ0c9oVdi+0Lea8kRkeKf4m(NAAlGE+0yJnaH(068_Eu`)z;G26>w~ zk}mYx)7N91D~lS9T&hWK%4iwH#&f{WFgQJh53-GgVZ_opX45mRh(Ad4yF9XDW?((c(7Ni|C z#lGVQ=$*vO3OEa}JC7Zo(nW_gDkN3ggHCj}JLb!|q(Aq)JNYE}a;Xo6P>1b}TWyL- z*U-UL!*1xf6R+LW%b=E;%1wj__xjprnyRwKr&@PqM#S>KDTV2PlKm;M`ZCCi!K8{awW4lbTlF+LZ`{=;|$$9g;@6;=N z<6&HZvhW0Q_yTX6OkSj+{7+U`7x1{QSV-{WUMB8+*}m-OOwq|cfKLVBSo;Z%@px4H zj;Zs|R?`)-QvzXT>-}|-@(!qna8=HJV*>&K=$EI6lHr7x&k)81rfEWy+{j;}$hT9ssoFMFn{3?e6RfDm8;Y!oS;G z>diWnpwgtQ1^ZK>L?1x$%U?x23FAp`1wlySoo%TSrCp zeevJZLo*-^;vga|h)9D&cL~y|NQpGkFhh4JT>_#E-CaX>h;#{pFf=L(h{7{|zP~5d zdj7oo?6c1~d)>LSX6}CPm)_s?aQYi&^Csp}KXKvFNaRLej%SD!Gl@>6*w?pcbH*Mf zO&WJMNQ%Z!+sB!JZSv(>PfW#hoNq z2)UvZn~tediYz~ij7)LKhoZ-dFberU1@!c0e>RS)kK8w)+AIIKH56!M8TjwUJ^+Tu zN1>`9%n$8vScl1$*N|~8^-w<(zC0*;ijxh2^U&yqkvvGz>7gg(Lh%!8FXRJ=ZIT3a z9A{-3pd@~}kZ6WR-!75Z^(N!?tFUztUeXjF(In%VCjw~@W;4Y&&vyWfaiv=tcehb7lWSZ%kBb`PSgMe zqF7g+Tzw`(sb5h?w|l{U{tBu|1~U?B|i< zn`5_0+Pm(&T&2&qtLkIJ8$>)gG#8MiX4>!nm`OKsk=yogRkda}0|cL03nl;t*yVB+)l$-dvZ`gs?{7 z3>b{mAb)3X4eL&Yq`$!3l$gSl$np~ztvp7o;jp5vZV;D+Lby6XjgxUdkmvMu+R-n` z-?If2`drBRYe7gOLAZU}4omb{Dh>y`9TZev6x`ta3m!@~0ZcqZ1 zvV$4xGKMrh2*rzta~cR{L2d&eu&3jiX}a0DD<9~GeRLm0=#j{txVZ$| z`a&j@nXCYAy}r!9Q=;xacjN8(iXH1wv>y7mdw!!EfS^0m2xofet~IkJ&z6;a-z+?9 z4zj8EuvM2Y;m5mM)O`wRYv&;w~%=SjF*NLHc zWLz-jN6O<9tco(TmLj<|&=QMd?wU$v=Ub0|_R_%)qth#T9R_@B;Loe&LCV)kT^cH} zQh+=gng8UT7d=P_}0{z*=n4|2LiXf8!$ zQ(iMJN9BYt_*F|!)cD>6F0}9ovp!ex>wvq!9ou`CXpf?w{Dh4SU3HJ4nv_`c$O^uX z#>vq01MG3I;un~`&hDNkkDrM|9ZT<)$x_@sAUA0(Fx~ZkAM~rSvYUS<6_C>mU}ms7cSO;Xyk4=n=Toix zzWjewALAPDeAn;}h6o~+^+D8HDQLwmgu*5Ny7!jSH$ANt5DV9O5g#4M$y#cZaTG^l zU{ys+gNP8dudQI`s-W+xe^0fN@-`{qRAAqa%Q}3WBEwn8^5%IvOscB+i2**frhG~u z`}Yj?Na*H0)CRe}C>be36jdBTTPU`H;w7v;sv&!XzFih5!eva?nZG9e!*@XN$|I8W zP?4l+1H>Ee>YF&eQ00K5NUdIM&XeKPNR4oI-N?J^&=es07-oY zRM&O>Gjz9Gck1s`Z*!qU++@t-#BHpl@IvLG-Wmt9UuV?w_0%zJ?wTiXvY9 zt=~XgiEyEoo}bWaqro!kU>z!!2`VVBf~`JHfV-DNFFmGz&^zl@K+rs3ToFDB)eID5 z4UeP-;2iZf9ry1*o*+C8;lcWx;M>)N%5vfyfLD%PP+n7@>>$8^-t(|2^!?e>Z^d?o z^g^jSwzITaHdDq9gTd$z02?dxbF@ic8vpH3@CfxST`M&EncFIi?yJeO##1$JMTwVfJ7zX$<-&cF&y*6By$EC(mV9Cj9HiL_x+xl^Zx>`R z7$kiT0HZ7EN2Kmri9BK=6Fv(JyJ`yU679NEJ9Z`y?`$ zAu7}!v{W4U4IUr25ENq{Kfe$qD&~b1b%RE_(EWPGd;+QMHOb_Zw0S1d@BoZt7aF-u z@1zTR>}uMoNGK(W?Gug2ne%QSG7?3{ik(Fe0Rf(fIOY@LZoCKDAd-v0PuUKtdJ@Tk zgQy}y!?1w^FyHv*P|BoGuI3=a^hoL^FS!#tA;POXL-X06G-8OD(pfE99T6e!H!uPw zc=x{WHSPupQs~iCnC+Rt&n?SyA9#*IN*$3I<1_@5RgpoH=RRaQ2wbq}5a$`e~D?xKX7QsRbF$Wd@DRd~>MOxjimoH#*;Gs-I|^z}{> zqJ%gL2b91;LX4uqu*uI`lI?ucC>$ciGC~-|4O~imB#njYV2|$mru!JbX*C8AG!Dp5 z38If-#wr>5o=|y*428^$sk)5#l9b`T01#VdyHT#`D>w^5n=uu#er|iWI@24QN_EYc zRS5&nP{MU@z*0Z)>v7=3ezeZ?5w)+|1@5KREl3*lgoI#l2ImZU>**+2>S{S!%# zEgGm#ScOUeBFWnaWjR`s7`^DMagn3Sm^+-3GS^a&%mG}CPFm*zkq8DoImt6-^fN${ zYUC3W09FRZg*-lai_Lkqi+Mj5lf}d=#9Qq?h`PG8_)r)=D(MgUYb97@$0KfJy$qq5CJW_@6`A^;ye zeX>$N+JgjL$+D|~iq*b%v4J-)Lhp*blN>4z@=LpGf_3r4niAwXIzkqa;2MuK1(K30 z?h<9SlKXK|9!4$BLAg3MOVS z3p1Dv{FEv`N0GSH4_^9{LBlXVvDC4E4$t&ItqrbYe&)x=vpi9y^sY=0VM?Mgxhk(mSG}@U^`ru z9kSd)Iq0KUT3~gtYIZ&42@q{k&$Upmxty#Wn_PSbUHk&HLAc7vFm4|9gWq#tmZA}E7;w_0deh#p= zNg>U;&o-y}7AHhuzu92ESy2)@H(H;fjy)wd)iCs=z4i}fC2lR?ZB#C&g*M!*p_U?o0jNRcc#XG5Q2@zWjPj6 z4mfIU6f)(P3ZIw0vgB5mol)teYEqXe?xzSyVk)wrCHF;)#V4OsvZ;0+vG^T_?s(H` zO?9AXYxk*mkJprE_Hg+!Hk8@7$4tEyA_4a`&iCkZDqjeHz@oylV~Gn9lx*+qd8m`i zgi})mbd|*_C1bK^=h6p`i#9l%1U|trWEpL z&@uwp*H*Zk>1)oCW^~Z~!MAw8uRGcdIw*zx*j&EK{5C76TSXEOyj1*EawMrVo!jgU zHs=*75yTun0-$BDGgG$E;kqJK@I9ymtShvy06Jdhs_=pC{mxZPdU4kkHu4W0Ul?J{b&t9|edlJ=(Vq#%kpR_}=@zaJdbjI@vM0YQyN3C| zME~L>q&xIkuwp9x3w&5(#$XxE7KQO)Rr55vk2CjJN)1n3)+JIr4g_Uwz|wTw`4{= zu;Mcd_#R7}_D$fEC3mU}WJCqmW%dFGxdLbWv}5x$|K;@SS-?FmP@U4^K1cue!46|z zSgvxt_Q4#62Qc?{F`jhFPOy3MI-p+k_gtCuTD%I4Ci%q5Zz=5U)4WUc?X8ewnMeserL%{tY^fwN3Ml4&M!^4v1GnRLK?I+QH>tl%s!-tM4{n z_xlNsKn_@6&I7pWP_Y^0dxa$epqCCMLBdgGb}VFDi}9=S39DdCsC-^MsCviOxg)@0 z)s27*VjWS-o6)Gu=DyA;QXi@C{IvGMYN0;-Ye-5Pd&0s2pT_P|PF_UB<=-#-7OaG- z{g6E$evZ0r-&CmXj?Bc4e`j|PK?>sBEj0nC$y>@Z$EyY5>DFefnM?I$KFhu`^%dRi zE$oU~?ai2Iv&RNpR+#ZnZ*G2zb+`f~7()3|Gv(0z3oo~TxV<04d#h{pH8T4(L94Pd zc=y$)-14I^3w&$mKDQK{6d54&SS`U|!Z=9qmDfQ}>Oodz0J)M?STVB_K~WEwm*ZFG zB92F_w8#9}sqftMcRrF_Yp&DUuT9v&J9h+)95p5EOP(JkXZ7e+1AI`uxS(DG`CdaI zK0d>*qI`Uj*P**v_YheY+aF7qC9J^f@yQ3mL7~g5?=+Vxv|7q7PGdBHH-Zt$mZvJ6 z-xmF`@uc6M@qK5E?ff1D#7I3g?Afl^<$dAFkz{%KSa^q4-8k`R(h`qEcB$NyU+V*SLYpM*=D6 zdj|)o#vPY})SR+3ITB=db`buY^P=lu;_4u{JrYhiPlkS75Z_-I=ox5vPM^5*dF{8i z^kx0kSyh3ca)c15{2ZR`qU`<$&WP5kmojsB`&l_t z10kpyc6}czm=7o!2SD?n-hY1wXah@R_JbZ_L*AY)FQ2wlUC~ai|L~pfdi1mV^O3sN zpK5Xh3_`);vp$+i;d2xRm==_O6TzNU?(n*R4H3^hr{e~2SMpLYR8oBady0%}e|3`3Aai&lA7 z@fP>zV|;A(zgE_M(1?>v!+cKqqoM?8N(G;f*E`IY*b416d~j;3Xj&;;(iB~1@|^14 zx*b*~PLl0^)DwEt%nsRS`XSgBJ5X0yu+IvPzVn7llJfnj5IY(Gc$(s-#Pp*6+W^C} z>ZhUgJXmcEc`Yg?WVV*aQDn{R28wsdRvl1QJfWu34KJ&&l_joY$(OtLt@WgZyK+h} zj7&!OM{7hY_)9ot|Nar>>qsp>Q z=gSz?r7Su35nkR3{ZYQQnUqR_%PjdZ$?sO>;q(hqKU%5Ut1D+7n=(|jeSh4SA4@y? zOjla!V#Z6GC+55`M4;2iDpYgp4bSv7R_&AvcoSNUolnqz{or$J?dejZV7%)mO(;*k z9(dcxYV0Ay9(Gobe1A&5zuD)(9F2qG=3 zueCJi=evpwKgQ>kFBOo&v_hQ>xVuX49h-R+x%^*b}(*iXHJEkgi%=~$w#W>*^gRr z#778OgFW=9MT$8S7DP)D-}#x6tk$+x#*^po=Tiuw%EM8PMo-~2-L|3RA{ZSHg>Q1M zx5Kr=jFDT|!pW);KS#iQZCSTj|Vj9^E95%sfasxSy1D3#31WW17|tnUU!Eo^twZ#*p&ysxa$X@&^>`q;Kbf`Dr1 zL6?0QHv;u49B);Ys_}B;BVVQP z*%lOPRm!EIQSF?@S^LIQus3h#*7hzoQg%_1t2|3j4bn`~8)6o36n~nwUfWX}oHm^RM1Fek ze!ZA?YkOMlBdO&baP}({#OVgG;E{7T38>?q%M0Zvs&|DeJVvSEE9oI6eZVi7r^-)_9w%or?_RKyMD#)MLq+z8xx0}&KPE#Us>hlNz8$d7h;E6Yn z)=^SUjUvJ)8T_I20k37tW8s$L=)-KJ)iU!3m6@{-H6{(g^I|ienZ0CEs8Y2Q9_T$C zpGGQ^@x=C0VvCc;Qc(PcvHV3gSN9FzLVVRg%(wA{bH*PU8~+kb7uP+RIBVt7Vzm7)ILSA4av>x^Gc^Z)^#G&1NypXw;Ahy?q1>EJB-LecjQj?J%HR zLMtwKx`gdc4|zZWxdK@F9Chtv+VfUD_c$rq!}`XZ?B=*wW^i8*{mKnu8ys_cYdxqJ zP9-mLTb@j~_raZ>5JVJPQG~d9CleC<`s(aXO1%VmPqgM+h$ASt4;~^~h@^Scthf_pk4{G0;@^JQ|wWJ0;Y5H}g zq+YQocsnWCZISuL4P5&dDG4)xw9kQe)=|cgcY^Dz8ODrAtmF_<_#O_;AT>DiOq$6} zr6FdhE=z^CL?yO;sCi__Ujf9n2^P)>74QkU1eprfW$1*HC%C z5HBB7tFR%>86&O={Gy<|10htNh793`p5!h&^<`z17w-?=V2fbQL}ykZ&- z#;QK4PTwBC_9MK<7So_SCun5A>>gwDVK?8ACc1eFE!zw+)u^rZsjaoAbsmsadpy{X z>J>+UDbFz|G0>f;M;7w?8|HD4b3l-|0CC0I7Tr zV>=HyXHFqD8kKAYHL2c`-p8~(h(2dgVzL&VT+;Z_HkrIUacI+zqtU=1HG~A2Sr|fo ztk5H6b)bL2?@Y5f9@LMdba#E4%0WIL>qz-?+Vo^=@=BP{551q`97Bx!czzjjGa5~y zqO-%&M5dlh^i`gzrsQ|M4pW6LZ;LKVxYEtP6XH6U{yrcJ(R3nBIyu8IyI1zaDEc~9 zEj@1ddZnD2J5`0Jf|@t?UTc!>nNR=K7ET}u$SW2?JOvJl1Fl^t-8YV#2#uq0pqz`9 zunG9Y689-E`xAeSUTil3UkoTP8zUB*1ZRNQt3yPh0CzapV@!qa{_OL*R3Ldj6Vsxj zqWOTAA7D^1qYj5=H*EOk|(*w`McsJ~^{$F$|wI>YqlJ z%?js$3j;80>x1MuU`u}e`26PG{g8V`L-e{G+8PGW2^}O~8mM+~4|qs9X!i0ElrE@o z0Wkmsug^|^XmJd>-RZc?G0z79Jdv1>wVty*Y+?>Ku=k&L8V50pg|H)a{a0tZnnBml zSt7Z2akKui=ni@%j)jni3x?)~;p5XLW{<0ENTSA)KcRlRdLcHvHmhL_mSJ+dY+UZ8|CYn}*NvsB@i~TS!&-Bb`qVd> ziwiS#ZxZWFl4DF;q>WS$P2$@1)88xA1{&)C4PE1z`+FW@b9s8a?)OTsBgCdo}|NX1-d-c*{Wp#B>8bE_y z{Pfp+R+@6Gx)ip!HvYu$`0tuMx#hRjRWUSRxFT*gmHFq;8xWDyS)iqgrrCDxXOoK0 zzZEf;=2R|flwZP=uj4xabn9Xjt00lZD+Mb^o*KM5E>%a=tn4NcY@Il76`1h(NZ4v% zcAY$LWNDa;-m{g0*?NbdY~Efx8rNQavO#9M@w>s;>qRtkly&2wrGy}Qn43sD3Q!FVUZ0c^JgLvPp8Q?i^4ZcUO$tle0DUh^`vJr82nl4>t@=|&E?Ez9CS94 zTJ40VMy*k-(u1wF&5dJyo7=yh0bFfV)+_}700ezPC|z6b{dziOZY^VLb4|XbWBWxH z7TRzQpcVW2tZz&E)0U?5bHl5xp7^iA&Mi&nXih*Vqu6u1uOm0-o^|Wn7`|#1r?b`7 zYUc%qQf2@J0buzIOuG74sjH_3LC*}G(GDNB`5RRQ^MOqHTW_D+K7oz8{o1g1MuUlL zJritfXKbBvH4Z{t^=p^u8fL9Dy)~$NJHSn zoBsh)HrMCjemo6TjSK_ z*bAoR7m^*C48Q~2g!;pX{faqVMz3K)C%XotgSI1$o=%p^xv7V#$=3}|6a5Dtf}E0B zccb&D?!XSG)tmZmwV>c|zZ>0ku52ywX@tvD;?lB(Bn6E;uGJ8~{e{_)v@y9dEU?CnG+OH{Jb~ zbTqXp|7}9+gtqCJ&W;y7cS647D%MGLRO!b2R)s#%!Hu%)iTy?cl3 zZ(Ui$Z*zR+n0w{EXY%zyoIB-UvH;fo((D*E>3;LGo5*XoYvTT7A}m-?;OG~$cZ@=E zD8ZF`FquLJEn+wLB*bH{G3lv^*}b=JEZyM(-uiIJ;V;_7A9d4fOD_-ZyGtCqODBV= zd;rhen|yft`{yha;ex*?B$am#zpqWKcP5ihh4CR3t=@=gRDG*C^7sZjMF}{_?4tFt zrzkTo1DBtOofi{;@d4635(N*>8Cnyfc(Zvg!)Y%~ftKi+Xrouk{1XE*W=GzlM4WSE6kk}!1eSw$fdX=sO$VmB*_HeOd{g%M>^R{5nq*@Ugo6^32xk!CBnn z&o}t0!&DXkwR+<*Z(nCw{?1ZD6I!%)r zi`GYf5;zrVgTLzt^ziR+Jx$k+Edi69gWh?QSe}u2YTLhHb4HAG$$@K{EB{21tZD!HJb1od6*SrOYv7p1 zQKP@UiNS>uFk23meu|zk4Ac+^4tx~+RO@=c^jZLOSo-wbZ90&^@N3q-H`bJ4`6<{! zU;{6@mOFp>Z7yiX_T5<*!zv|Om9_5DPWkVo4}U_?=BjUpiz4=yW4b~kThujWMhYd@ zAD8*--Na>lRWz^SQAebrrOe=JFXpRv1||OQ_)PFsBI>#--+<-kgTy~)J6Jlgkd3?X zYfV$1cdm&}uSp#H-+Ctwy{%m{0SPi3b?+Eo_x*2R??U&{kD=h}wcjYf@n6yBf&T(= z3dU|+UeS3zeob{7k;8p~KFqo3^Ztt;IqbN#`dZuLacMH03WgF#+_Gcb^X9)H>WhQ_ z4b@W7<1iZ(bbw&JOznXANI#*^m;P}sCY5C)6=rGjIQ7X7$I?UmQ#hoxghgcUFUf z!G1#pD36PVa|Iy117+R!{*V338V zL^w%xOsN6E_%9|QQ!-IsRQu=YCCp(b1*MopAN5I+UMagrC^& zjQyVwryF>0%2)qo0jm<5ax{i-ik|KqJiltj4@MighSL5E66n}@a=$A7plk5;aWDRJ z9IY6J9pL&IALy8H<>p?vGI90s`3BzZ9jY4Kz36#A@rU)&r9UC^4pvqS$OJfv?R3eV znuHg+o^$i`Go(6xqA?0Hz{N#xxtgMjVVUAg!!22L>y zhuGJhVjEA^Z(@_A{E?1y30EYZAvchrdcWeWbPw9PT#XWc{_{`tetetbu{(%xZ{8#U z(5?qw1LzMfs@?BL{%oIeKRnyO)5~)rK{8yVG4K=a-M`X>i7cQKtzf_Z%|E2{`!~Ok zip&VaMDQ^@s7iv=?*EqVv6~3^t!+oaKYw*N*@HipB}0M*RXn3F0L)?&`sqhhw}J?F zIQHn6koEh002Uov;deMB z=>dj_11P=^u>Rl^?K_;z#J_z4P!Z{$lepLTZ!?F=>;BO}*C7vms3{(u-}De7JZY5H zeKh8Z?i#g$el9DjJe7}5+PTv@QGLB1ph$g{mH{GiEa>rzl(E4 ze=*+A2|2S)7>y|rsu-Wbzm3KKdWssNw-T@LXJm=fCNXhW$hbgc`DcPpsh>bac+!1( z-}`_5#kXm*tN0uLzYXjV0*dyXO`CMaU1btBaBxX*kQaVd5$?53xb!?COz#XJO!wN3 z3Pk=Jy&|VgxMqqE$|hW|to~c?cvO6@pd&6Qdnjmi^*_toCpWW(2zUFz{Hlx=;S50r zxqA&*O7FO!oS`c=noU9!{4p3HW?SoF7Z@8fK`fsGr#LmVyQqM_iv(n`z_%g8rM5% zYaz$~?Nc2>R0DS*DIN7!~bKvRZKja)7To@gy;7k z&-~x?`#CSiqml77|JM7@;&hu2aEpz6+6Rqdi$?)FsRaes!JX&KKMA9yBt-wOPD6yC z(_jHI0s%zVfd8LP1GdTa=iA9}QY@>G1aJcY==*<>CtT#zQK2?NZ`j2ei}<28qck(b z99bE^ba#*ahdfc!F9>B53{K+irAg2$b}CfM{e8MC7Xwc=@$~&xI9X`b8*@{A1`|nZ zGla^Os8d?1H-c}s@4jCTfg*BmBXJpJlM%xveLmu3Q197(>U?!VA_K$j@L!=Fnddl|$ zO$0v8B_)FI!69$HWeZCZjQpWy=Jn{W*OGhuI1*@GPw)i6Y zIg<+FNdplv{XBW=DVUSZzG;=zHBQ!oNtfkUrrv?9$Rgy1@I0*&>jFGi;qP-Sn=Coe z=^)b!;g5ZkP*x&k8dzz;ml(cMpS9SX_r+8CPWsS6w?{0%4fpC@6-%XbHtT}G%vHhF z2$e5Ns8?*BQ?gO~e;UK|baApuuXmCKc1)*-oC(MD{% z-&IM(*VWkbSKuW-44LiEsEiFE3xO%F4Ihmle-hvBXq+Z_FvgFoDXVUGTr6X-@gYbr zP;mZJGRuI1p6A|B-%JuxAJ=*kRvPk$Nh&n)VQ_gq9Xs1!;bcOk6#1l$Fa~>s2v8I| z_I-(Xb;G&60Y=3&hMenADi_dT>|b+;x=vQoC;qj{MIm#|=LwWcKY>zfdXzdSB`LE$ zWJ=M?V}xX6OBID%h8~KSFooTdD77ye{k7{X*%AR29wn=TR##cPAcY+2Y?3xxw)Cwn zKGy9%j)rUY)3cr;%A$s1Gh|`Iq6H;^8OoHHd5g$=?q;^&1V=D=*bxq2#N_+?9Bh74 z1a%!W!86N_N&dKGr-|_|(Cw_2Cl_1LQK0K$wg8=2+M7V)MC-mXCixDNCV}K#!+AY1 zehl~?Fq?`j849hxGP-^?M%T%n?DBlu^ya}ArAIALYh;a|Jjv$WCR7K2M8~z@@2is# zI)x#a;w5N`2L=61RRu>8eYw2O;w*f~cM=6`1^v7uCQF((0;Ii@4i>`7PBTUWC>DC* z#?NIIe5nlh`Dn;Y5fEC6m_R!l%gZI@M+^hiLCs~>ET&eWZG7vbUPGIcbm_^gVH=5P zGH}$&^FF{T8^l}12L0W22+BicqZx)G@Vt45)8a!Jif+?NssQ+2*~Bun_Cl4ofdWCg zNE@fO%%d3t!nOBxT%0h>&%{Q>Cv<^`$2d@JzH-0uIQTZn7L(c6J5U~> zKC0m#e32lgwyayd=<7~v>N>FRP%jmu?~oji2gYKVb^8t$;~+5uoIAJ!YbeR)a;*bX zbG;Yk$H|DQ$)@U9ePy&%Rr2^y7r5*6j5NnKl(QU}aKonu^gRO#t+&#V{li|~v(6Lz z`$tlxknNj@794`@n3Ci)3-W$mCsOM{;atvB5$=&p3Nx#BA65VbuJB$V0*C_n&_P05 zVh#m$1Bslkp5y^0+1KwUdSQ1NLx~`{-%~OIf7|KME@0SSp`%ou+`f?>BVH^)Q>yzC z0HFK-=rq(9M@$IFxbX62idxKs<4^LvFc9NJ$-sjTpK@5G55+&WEG0G~$#lzb;Pu~7 zrfVroy70IhofFP+)7{C^>(vlmyxcvzz;>p-Cn`)!1}I^5x9-Ptc3D1@^7+WzJ`#mW+L)piq|g z7deoj^Ht#}1#+Nla`ads>uk$pe5L36XrmV<>1_-X)e#R@faMWqbrt#oWV06_ZY~rs zcNRnANnnuRk>&5CU82>cwAqL-ovyP20+*&?e}{1-BharUD3Og$&y5fF^j-27$o(%yt%97uou-I|@Uu7qjymdz#u~$(&^77Z>K<58 zHINsFYAAeJL9><*Sj+PXZVu;l{!#Y%mgzP>G42rUs z3!%!?u(4o61!_J`rRUkeYl?+>Vg-TsShfw?B-#*y&zUBru!0IWBC03=vLQxGW*N{V zR~=G)SPrF<2YPo_Zsvn?pUL&kcJ{!&<+m^3Df+7Bg9Cd1^yKdf&K!SOIpUQ~j~;@q z0b8flMboqcLtiPUjOzbYE$3ffG!7LbBRzln#q%Z?6Tj>Z~p8)lS&<=$n?%g{d zYFq7`zv|glug-*fw`;pY{XUs|G+9O8>q0L7o=E#Zx_+p!Z?$Pfn%(c!*mD(ww6i{@ zuN0XGiHAP^7Nz~id+Ofze0;w>sfx9l>jIi84hdB0Rphog*JRYPdEXi#2_Y$HS$pB^ z!82X3Y97?E4*$H67yRW0Gb(^r^yCH0gLS;-+jA#7^%JpPB(VlsHqqj$ zRiDm)WLO-4#PxUOjXwiQRr1p%tTqo_kVGAgdci5~t#%M=0KKWsLk>YH<7&WgEz|)B zmjTe5Oo22Jz^?-iWOJx7PU%ml0iH;6v|%8U4H$h!EHiKH0stG}JPQW_iH4R>1Vf8B zA;JuH1fqcijyNaZ_n;}LfYa~T&{ELe^Sfwpaim{4r{4uV$`}b&v;vb%J>5-_i5hSP z(f|kD=`97}9tdFz6=4kzh+4A0SU!yj075l|8lFL^&R_zHRgnxKwOJ#e{pJxE&j4&%Z%VtG4 z+G0~E+;b78!kGp|y@4uL1M~sHgqHa*9Y6&>2DTpVAqXZ-y21G>;t|@F!AHjs5a|}> zh#ZoBB^D=&2=Q-5kWWQM%^NS!N9Bt}-^T}n>HQR|f!PGfNOimhnly1JNJK0&7w-2n zHEdf9KojZLr59YXNjn;h!q4iXRP=EYH|W88RjD2|{N8TLV#pTH#0KJG|3=YsLelNZTG(ECKeWICZDwsvtt z@!3fbWQ3RJkdKrRmCm*`aA)$;dQ*=)v5?>eGW#S!XD+Td!Ih~%N1M0l?2)i zw?~TuA>I#D90F%i<~j&-oYmglWG|IuZ~J6=aRdWe>+MuBYjhwp62y7e38nHn+~;+! z9n>8c&r%)lWdIR$2z?lx@YO!ybTD1qAx!zqY0@ByN>u7GmnZ+jM5QE`^5zr`#!Mh1 z*!~2Hs0Nte8Hjf7I1wcya8`LO&h9Fa{YH^q3~7N=kaww}EUsxRyT-46#c#|93X1s^ z*+H9=NHlOjuidD8cyzuYl+x-=&_z1NHz(X7;tmf?gZ75LC^Z5BxHIR(Gw-88 z=`8?)@BtY~lq>ELcKzO)0vgyS7Kwe8%zxt6zL>?ikX%j-<~xt7b9l|ko$#tL{(pKA z)srX@v4of6Iep^6!M=WjnQvyWIc0D|6eExX0rcLIl&X)JAew-exK6y8y^NLkN1W*tg959Q3zd6aX9R_|kw#$cyO8C8fK+rqnzx~4v5_1d{ zewZM_0D#7Xi7uw!9nR;-3_ea*{+s3*_)7Wjr$_WL1x$XqEPg~w4rpp*p*J9odIpsU zk?r=$d!-U5842WGFU&%`V?hVHPi1-WfcWRqBuIjVjo>mPQTP4Q0cx)sjD7twi+1ci zRn)>hU8}?kJA|QqJ=;<<;*<-dje)Z*?@j#xi;Q4`Mg++NG~mv|!+_>iAFzHO=uR>3 zTMC!9APOjmMpC?xT5-E?u>lg~Y6}W0eJ4Bw=-wtNss1NMQMAI|*-g`c``ICLqO!t( zN%=~}@5HyGX+#MO8m~V}1%_(WOn!izy^z1-Oty6X+|&%{!qi->qC;+WjT zjfG#GLbOky(w-&X;ju{O+N{?1ZzZ4}u9+>rl+CPUcjur9VdCEF5x{AFHiXdlb$TJb zMNz;NbZ-Q5=9uQSl;@80x@`q+R0RtAz|{OooO+>B%)}Z<#LeMsx4mTdDS}o6^ztN7*eFyZJ4n&hS8%GjNE!RU2=TL_ zp&+*5BU6U9M1=xA2pgp=ehL*Me2%bpUYCaQfMz$zOViL(2$vd~by7N|G60^-HQ^FUn{O;?4kX`x&eN#9M z4p5ZcNx9zoP7+YG+~BVkc47**GKK38cG6td)U|arylBf~0KM$5I|2t+*3y-`3^0-1V9fhbqrqiFWOWTYvPZB;iAjd9}}jn|HUp zm8PB9RJyC^i0E^=1+z$6eXDLGLDW|DB1mxCNO|6i9=YmA_ZEER(4Bl_y+TsGzqotr zQ}c6;qINQRYesu(_j@0a^{w;tDZd%P6;(2Hb>b-D#NY6Q_;IM(BVyOYP4ke zVEyP|Y)KNHo@Q{LdKE9B7)QI4i%u1V{FEs$VgG{Il3dN%;t;Z;PNY z^sCbZZ~Hq)0ai*P8_3&hPTG}d*xHyA_A96HeC+-2>o|~Tk~67b;rr46wi7r3s9>=! z6*OA;KvYw&Z;D|Xs#~2sS4L8j)N%VHif%9{(FcZY{}?ecZaNR2Qfnpj$5a%X#!H2| zn9aFLjjA$z5|aM(vTPEVlgqj{N^y$vxGAl1X9_aT4UeBH+#OTNHP=EwbEdM~O8e*e z-sVTfKt-{jJR{)NSEw|FJY zWMr2#^kvRsR{ToN%ekq)ohknpS6>|#)f;s?2}2JO(xP;u(m8Z@cSs4Sbb~Vk2uMhX zpn!CP3?U#nG*Y5;Iv^!o64u=Dcc1$__xt{v+3()_t#i)IIcKl6C>F~vvx?-~OYohA zWsv|Pz+9G9$DPw>W!5d4O?>;Fjck_w#(_((p^&zfHw!yyz0Dt#u{!DV7}>>-V|u`K z?`RNinaF-*RW5owY^HFjB)fK{MUJLqd=y9Vu7UzcQOSDJBiHRw^(qF4yVt0qr&RXL zRg(Sdt5~3mVW*-1F{)zOJ)%Yt7F9zYt!opS?>!?Z2=I=;!6-+{S!QiU2fwg>So9Ml}|80AJylT1nlitQ1inXOj1<|2U^1Cn_LKO;s2^Cg zqXoS;^qX&0S-y-LenaB>$h-BN$uxC%z0X2`1Ty*ZXR_DWHyQ0+^3;PHA^`B(@sr;N zK){Lo;qu(U^3LCrrGxFS1ol%_ut};W!z#ocw|B|LJ`TOtH(^VJuiZ4zO#&QkTBj1O z|6n2!9IOsNKohs(l9e52;GaIzQaj|GQqn88Zg3IRTK2B5LQ#I<=aiJ)Y70dZ0%YedFow zy^e4CB3I0cKP0T+n$~UB)!UZ&Kh|pVY`;R-iu&*GO=&{!$qSuX9j=Ohl5Yh9Zl^-B z-a>tk&Lpn9BmfH>9b4M6yG*xE0uC?N{{CELIk8NHLxoRdtq+Oq3y!J_?q;tPtXzG~ z+v5cs-S*j0=seYl=y)n{@#^V?y~#9Vz?r5VkrswT?(3O9KHs6;`dml$(){43?9cHA z#gl-?e>wYT?02LQzMboHJq0hM z;bGv^jxqe~JV3Luf{G0S$0BhSFrQhRt6WQrd@KN>pOi^GNAD0R+htPqT+~yCXoSffO#;0<2Zj!6x!@0wiHuxc8=X8h+PJqaVOJDJ*!i4R^#7>+U)>X-GinvW{emQj=V@-El zXu_cYuQd2fD~l0Id07gt->!vn(@ZJUSJOkar}^*)W%iZYna?wMO($()-Oa3)TSow{ znJ?^?IZ2kbA3(%>!0G1UaMG%>>@UfP)ffTM*0nn?ML%rv2OKIlFOT@NeXpq&AnI&` z6_OlwFzd3%Fv!4epG`Dsb`tG`JW(H&z@YClACB@@ifp8U-{(7rYsJ5%bvbS+c1}FN zmfYwV=Uc@hI~I}yh>ubB*m=SI z7h8}>&l5(ie)re8zYc&21A1mE0pk}a+MUNc(lAG%KN@ATi9eUjN;f_&FMNJuTx+E$ z2BU5G{tj8SVy76H%C?woVjpF#ic(#lrV9-Qg~S5m*w$TksDyKOl%wU2mecPsCH@&6 zG?ggSsxH=EQUzw+^VM6_wDWpyT<#*kZ$c_OPN7w$O(&^SKPYY{XqtZ?t7E=>YA7r7 zA*Udg-fdtljs&h;Q)qwJ!?7ryJx8$kJV`tRD3GqnrSXpKN*Tqeib!7cydNs0v`WOX zyT}o1jKQuvBMo#h>bsXU+MsX#fhxHAKA>OL`On^LSbGjG?k1AmK&|f((y9h)>L12A z>mi+JR07GdYl5nXpNV+K^jT+~yIlC=Z^_9ercJt?o`%&1T14-a8%7nx?M#h3-i3+ls`3OqMr0mlX^F;EF8shd?NOCPyN1m4xx>6ZvFba@!-e5z&<7M~VJFPgJ-7`|)dmC#5YsT25TW!FmR>TUZY_q z8FlLgU`XgOSg_?OJycpvP4`hU&}z||UZ^ssKGs#r{`dNIe|FWY%+E<8eOM;-)Ir7m zXZF<*Q;6N^m_S_J-4A=rM@{Fl1T6{}aZEBhe&b^zIV?&hQyFoPi3hZAgAp^nl3udSVblekZsi z;|Mkj033hTq2%p}+y#KAAT$LA7&N4(Y;2!o;I%FzDN(VNmJoN7*NjUlY)De3>1AwA zHJWl4%cy^U0tnJ$=z+~*vjZAVqtI4Ef1IUL6^H%f((2vSPb&=&K%Ai!5=D`e8vB}) zO8R4x%S)D#m#%C-oEeJUUh=DrQ%KB27o0h(Yqc1i=LrjYkZ@@do^L>73QM3?#WG7* zWm(O%Pg@ed|7E*xAU8{!FEw)mKPAHJ?tF)Cqbq3XHVrcchSNU zX=a6XZ&QRHzIf`y!(wz^f+Gn4+w$(+8*4+GOAv`(<(SlMg)SmLX1=ppkB0~pAVo|8 zIUHa?DE-LGN}=}{PCD-pKVm+HJ)?Hlco=f<;(#012=BK-Z;b!+4su3z+*7cgn z{_Wc0&5JhaeLRo*J4%?#%yg$soeO0 zzSAR8JnWTUg3hDz>Ka#(y{~K#2AD{}U6c}YwloQM4=LrRLnd;Li%B{FWOxMN=EHSj z7t+Uow|9$6W8&g}ylai+s^4kgYomFWJ@6}&Ow;1hjI*ZFO$4UOZjZo84BnNimrg|Q(zu$u(n4m)sP#1#CQADEO!9Z*gGz9H@^c+Xt{MBsg`d|&=nw^RNp!)$$-H9Ez* zr*igZ5l3I(yTAhv`>&hb@)a}u4#@kv`i@f_o@Wi$baP2kIJgM{rSM0J-&bX!*;wlc zU&YMNTx@^5gxo4ptIQj}Au<%RZSUK5`wx_py$8(Z82sBFF1yRNv>I>^M)_?Q$z0$_ zD(Oh|8Gd~1$uUyM`1d$H?nYUxNa)B}?fZlSS>NZyOY4EJRmdliL~yA!s<+S&^}hhS zON=p7e+a6EFeKn9m^~?kKKMbVmcJXf*}fP)>^_-2L5Z(^FZklxw};`}j*3+T77vEa z#z)`J|IilbIUJ%b;0ZHb*^QQDnEfGLTBCck_uyu`>D`L4sx-TU^~bVSm__H-46Q@| z7hq&U?IrfO^Y;EKbK?)rkm|Z5j=gn`im^k_SZ+Fu{zXuJsJ zuTUTi*0^GCNKhuAZ!Zv*@AlxMenn;f1A_axSU5j9_(1X3^h=iUx?6`Z3P&AkN#CRP z>+tW8Zs9%+B#n1qH3{$2p*5?Z7d+{uJuMOHQ?n&Ms77+?@AEHsRW+VvBKn&J6DN7!@NM~;qe~Lu@9_?n7Mlzf$_OA<}ZIpOk z!jGeSpmKMa0uaoQE)C|cAEQc;D{%s-19A+o(1xunWZHigCYMs~4S#_LNh$FKC^u%P zSj+OBR4NN}C<~AF3Z3_|ln{wz13a&ksid0Wt!Nf&*!EsMwYSQel`_6q1^BZ6=DxIC zlbrmr3iF1z;+PUuHh?V&CBgvW;(H;Cr6E5?Ky6ecrn^VyWw?JU$Sf<_gdQ;m4JD}|iTsuN}URIF1UoBy@-!6bm|6Glg zQ$-$u#-l3*04%1oy{vu6%r!+DZ)I&3EN_jvmuZUbbpKZ!$;TVLfxiaXrla3h!sM)A zE+&2Ev{`{k>d`g*?-GaPN_xD-0O1`P5CSsB2P85XEg~v|=hTc}O@j&ZN>BA7cVv~v zb`-e-Iv&am^ED~N_N&@055&c2YLTf@Ay6V?!|-{{(mhlsNw#Z%`rXhEXifyL*l?gJ zHginv*@g;Bj25R9h~=1oVgN(pQBWLuU-O0O@956ZE)*>dm!S5`m;FW4oyEBtr4d?> zKEQ*0ztY_xHCFg!_%Vj2uj)utst zFXEG)8mVUZ1N`e7yZ1-Se(E%sYW7563!{hE_LK&frQi%*e3k&!e(m9;cr0J0iGbE9 zt4Qc%-8$2l_pay+DeuxGz-DR%@q zOt)$(oiu;zSpgS^T<_ZNcrb6%H@V>r+LU5d?K7_l`-q9PU+8V^v9;ofB+NwA$BEzV zC{eBVN2(LYx=jlm%4ZP1a~6dv7Er$`u-ZhL*aP`A>67|0EUiE{{lh2Bn868)!IrAx zhhLv6r=_Sg$9mdP;F;SqwlA)iCsL$DU}{<|1?z$p2h$*-SpzhP?V zDF#Q}nIM+`?4kRaq|k72tb=U85by^?S!x7>Gf=;mVWmhoR8_hatH(}}hh;Io6KKSt zhLVbp=HL`J^%mvQL-0XG?#r9_e;C;8|AH?NFy?UW=I8(>iVogtkTK>kB2Mn(`}3Lq z{TK1gPxSA{CDo8pndEW_)U36z8$u>xk4!b_XvE*EOFS|W`Y~3Wfsp6`8aKj*&huFh zV35==^3YETd6RUHu#2>&=iX|d$?2O`Ur^VkDe=bgtY)-AW`ACqB5E}xJN3+2JM?}G zS^kNa%ew&#F?G>17fzVgshJcsGmHOiR-Iv@!X@r}67Q_XZS!8&)=Xb6z`S+OOefPE zBsHmLcH;-b1pmV9(Y`rjO|Mp|ly9eoU!M7o3fRjjqnvfvooMwSdHvwdFLsgUO-Zw1 zfyO`L6(SE{*5b2Ip_aBnqbQ0wZSi@0be_3PLG}P>N#dspbF%xz=bTR zaRG(3J*%~Y;G#paXq=ffOlYR8v%{22_hqJa8U$JLez7!jvSxQyhc)L|XaBba z7rl@3f=eG|mNN8g-n$Ow&Y0KB8)eJStS&9KmCm)R_44@H^c^g8&CDcZT6l0R_HcDT zCl~rwtXlu*eAwhJq_7=|w7oC{bgnG%)f#t;+hoWaIBeQpz)_!|cDGy?Nz-aiZEOeC zY zUcGvLoYgiZei?6Lzs0qr!c0ae#^<1coF>fe39ahO*#iuLn?F`3^*$fdB{CYKzMBD6 z3hdSV7hjjI?3>x74BJ@6eEs$E>*q=brUKyn0q5&HyK!;*11R9tfj#K4-7#I>ue{Yi zn-1DP9AI5bGT~oIx0c8h9GOBue^$6nOKtEG`WHg8)NC_1=vnD3Q8yXTw6BJU6eRcm zI1ot88B*4c{#czFp+bQm+@BAu`VJL#Uwfd=)b#7134Z0j4Gw^a;*XDg2QF9!}&2iA4T6nEJkka0WPHrWf=jJR<1NWFS+L-@hKrXzvO zvt7tqD#ckLYMjv?ab7F+<45mM?6+mv4e696#VuzEdY4<=8w$LD5>`j86hoQEvs`ZL z#20-Us~h?k$p))-iu9XwhXz!>PNEV>Qq4^>x6S$7WyO!`xXSwL7HAl0)84cC1ygo}AnY(wlgE z;g&_d?eI$C>#&>umdRs%_n_-7`gbd?Zu6z6?T}aQVwR}TwTbqfF5 zD6H?KDD0+)A{mF#XlKujlJCZ8g0lLGm4l{Lv)dw~Y_%8L9$ULYC-Q{?uJyu;X_jwZ z$G>eXQ&BYc5^~zx+}*6Sf0%~leqFHB*1YE&w5dk4hhbBwV$3GE;e$^7@4DO; zqnP^>s{m%?0e*ha<4f72euYQV7kg<4aE&8?dLEE}@kj^6+F|dNJUhrep)`I06SE}w zqlsP(I{c`!yg;Bc~`!y0TMxOP?CJZD$$}^0%;>`GYXUk6Mp=i{#D<%TCqJy>rB~z?RP-q9~z!f9iNP9rqrs z;P+;83c(QpHp%OO)8}lr&M~tt{wK&RO^~S})OsiB*{P73!#~)@z_&BgA=jYXK(-;< zDTPP2w{ChCpmZ@HT~R-4pF3!;1Sg)LCzp*+zRm)h)vSXreg=7c*D+_AOyEQidC!4F zrP3>md!EzqWQtKn1e6-O|3R<;GG_jnju6Gdo7b1!-G43GK6N3 zhZPuvW=i@hDPBJ3v3~ml%~XI~zx|eTGKgqiDkfj8Rx$M53$+BrTZ1dd@kAmw3xKmB z6atPQk86teY`z4z&%Bzye)mIIkPW*gil4XU=@%5|kOGm%W37nr2QAh`mp}Ck9NHD< zb9#SqzysZ^0j%@Li$MjTB~nY|5S)0D(aC z7U`CBvaUx5zW3~LoO1Y!UvqJh{(FD#F>d6j%?e5Vc?BHbKHHm zp7aMVKMn%P@`5TukkIS|RQnnJmYKq*s1I>?TH^42gTFrwW|@uwtL$~CUw(xZ;4HeI zg)as^n)x0DJBJYhv8WWK5Fht45s&boe@$wA2adlEy&!X3X_`O@EDHaGL_YsF72x2} zqsTdjcE6!i%EMrji;n?B07+gj%N71XR%h`QdY9_aLDuQKg)jaH?`S^5HKrLy6OZO7 zxFmmo{F>!`VDX^s2p4taMQFP8LD9s6m>jPJ(2qi1`W^loW!TL*u5=%eY<4VDMHC>W za|8A8cA2BHO*=tHDk|Ue4H4j`Pc)4b2*mPSu;8!Lgx%1cyGTOQ(O%ABNRy+0+nQs-qjExC_wFQe>1nguFHztz~cykeS|<9 zijY?E;l0VN2P48i>xh3vIry84_dI@#Qu6_G6#%786Aa4siwFWb8o#OBQ~;A;1%QX7 z6zW#R-?E>`uQ%6U6Yc!#%iRocg}PU;jkmOfNcx~S3RHevuBMl5>!?RLbS-=;cfV;F zV?rpBbKLzm0>Yf}xVlYGqmWn=-sqF~?xZ@=1KbrX)xU0|v zTp=*AYJ}+#_VAY5f^e|^)1ZyZ&APx4E?=+_VNnP?@A2*n!k5-rPxmyV+yX*`e1S$D zF(#Jilc!t9CEuS^Jvut_;tU88_Kh|oC8w_a&PEe3}u`2E|)`%*v_L~A0^fzFF9 zzpud)+Z+FqKuBLQQZp5FSX#>)ab*4sk5~KlJLB5g?hBV)5j89X423(={Ll$`^++wqrd{ga z&;#rNm+uEIQ?~fUmfQYWLXc$&!LG^~TfzRf<>Ja8w)YM!Q*3ut=1Qz`{!^e2^uyB)Oq`FpBw*kxSDAYXx7^x*k#!dXOC9*%jjxpx1b zB~J)YiW)lESh(jG5@+B}b(I8T!*tK=vm5WK}}b;0Ttxmh<{O387ap|o@1mSfPeVz3}G8~ z)sdeF_TZ4&jkzdLimhE}U%4Md^xs;?l{Xf>>LN8+`MWC12)X(%Uc&?&f-E^UA$t25 z$MIihR8}Bf*Axxvu)SkW+V4j{7RC=j8sggk*3NG-XlNZ2X8hr#APy zwZ`86Iv}vv`fC2OM*))f^KMM44+Q-)#<`EDup`@eQMD>3Nma;ZUSRw2zl9)V*5E?^ zkWRdj9Zhxe&yq><|6m&t0KxwswsHNxF>b$C3;mqq%tvw(m+qWovaMM4dxgSp$k4XmVY9^HiXYbH$JA_av6TfHwD-4yJh$km#rN* zF#f_aE(Ea-L{8QbU>i_bAm0?)dr-eKw4cnJik$_{pwsehr5*Yqq(_N}GDqw`c@0a^ zoW6LPbSIAtp|`L8PjPb|DBEQ4F9qkxv#ZReFbEo`KDC4~I+ z88r)Bxpg{b_uXVq;&n#nT zj5VJnOZho%y><@++_Gi3I=StlHYm+V1iJl@CtXiWI@cJUej9hgDBh`5#cGy2=aD@V zk&`oV?1z_O8X-8iLuo5LwK$X-qgkJif*Y&>+8JQ$`Psa#v!7O3@SwXu>1^a znG|etN;AF8f#)&AWb>1s%{3!Vphjc}!-K&&&&fwEYeCgL!z&6JhaWkClWN3O??@pX zP0essxaiQbC(<>^XtVQT3$xeh{IU>0$3<(`%c99+*GukDfrQ*3lN0(eO{e$=%H$Do zBF4l#1T30MjodvMa(OCuy0BhU6Qn|cNh*Opne%R34ycZ|c_foaJ-_0N#TR04s^2t3 zkPtCAihZ#TM{cb@H1CJPd>vUEz;FaosM$4R1p#I&7MfcuxTQM8Do6%tf$DxCe}cR> zN8VDkPjsbBp))DGbVKWNSHHtU+7mS>mRYFdvx8tkN%{`|_0VfYbL$VKcB)?o-oMW3 zye6nFIr{B*f)QcFteTEJSM*7ujWvy3Ju)j!sSaJsl4MuC;|)`P(G+CA?R$>A`Zs<;Y=L_Gua5!A^s$W9^H6{pq5)$3+yeWL1 zjExC+FbA{J=)T$ENPL!q1bH7rix_J`rt`Nf!r(;QJ^PAP{5T-K&L>tDZWLzW$PQ-4 z3jJfHqAVz&<*>Y$V2d%Oz(x~EYj)8*KaM`nu&RcnD~OEn$B5G0{!;*mrEl|zlFR}0 z)2Ax(&)0icpE*E?T8WNtPa=b1F6_lw{lai+8*=Y;n(|@IeQI3V!*=H=CZ9MmOJk62 zz*iD?`aycc8q^z7$oT1IFBRH1`H{C7^H+xMYgbpGRYf0bquX6hRd!G%$blGcsj5WU zKo+dYPF)8_3$Qnk>3O?wY@QA?iy_jlj9znzAhj;7?#F=B77-XiwIYO5K%9&zF3 z6anhZR;-bRw7Q7bN_SCsv&X!B3F3*y4nBU?__9pbU1PlR^Xu0cxyQfJMk$DH#=&$_ zvTSTMaI$b7Y2G__tCJ`lYd{9HzQXjb%$LW0 zw4_WFJUsH!`Zej(xp&02VNNq3D#IRUen&pazZbDGt>R?V*?f9^a1`5?Y1Zvw!Uz6g zXZp{n2s(bFL>aXM)=U5e0Qo=UHU2Mb<3%l}c61OBaf0ga zVwzMwH5qs_FfNkQtz~rOFzm8DGZvxB=V>&l{iDc<^^vi5wGrPAg4n@K$b3Qb%j?gV zB|jeZFe6hHS7w269r9ij!J|tc=6RTu_@Qs6SCMFp&pT?shJU7}CPY6NGe@{M*X7tv zBQN{dDeL1;CI=)<&pUW2Z)+`N)7Cd!XPmN<>zvD2m;%IXPQE#9SKaXD>iC=PwV6rcCs%ilZU9gT?b_Gw>uG5V0Evs1q}Bukhc^G$xNoH;ID|GkKZWg_e|uB?aci2vIp(#+`0kN?PtPs2yE$L6 zK-LJ_E&=-^vMq1$DnXZmP~J}-#rkz7%KsTAi9wg>bk=g0KBPUfrzlbieX>wl$;zN4 z{goX>*)Kl-GtUcI@CD7LI-ga@#$PFLxmonZNmE;B4&?a9NIXAl_9#+?fz!w2ybIW6 z9~liI@UGJQw*HKbI^(gy87JPBAp`S?75&k%VZW&al+Vo+|8?aepLUx(9-#_ZMZPS- zvBy~BHA$1LvES|J@1^az1-CO7IH~u_uJQsAc6+Q|iC-3TorZ78N9$-X^WwffiAUH3 z3P98Z!oWRIeWs885DCztTBu%d^IZa=upCCx{*MRJ6`8Nnf>>k4wh^-@n!puT_nJ&OKnd;T!WKUYO{Tj8<>5y7TR8F1^gGe{l} zX2Swn%$?2x88DAOJpo1I-;jjr`_W5?#9Z9$ft(Nhw29oGC562MH2pBI+DxaasUBv zcHs68l7bnl+voQ8T7jMB#N>ui5|&Zh7EhIN52P%Ke{4tjVIgUv-j^CrbLOJXw*wW_ zJ!&qWf+xce>W&bY+(4g=nrQIz3%&P452+`;++86CsfrpVQf`(~S{dSOa3N}TA&r73 zQGuGpZk}Qq{@mG4-0>k{mTnA=z?+*^!ct!EFYK8O9nB1(ZQ@az8c*YRA#wQm_>vZ& zUjaDHFy?YDN;^JgXFDdBA>4>p%7`HrxZ@o|6a;Z|d0-JPDej}@Z!Qt=%q;}aAeBgr zB%%WY*)ag>0u;?8ICskeEpB;tNRv|v%^i=Xa1u`B2^5xsGvgvZS$g%+>u6g-C5ICN zkK<)`;(riu4WbD-1i*@@cXoWjxkU}x8{6axx3};$;ni`^ zgi2tZII*J!z*1`9R3Kk!69bsnF|{ou;AfELG@TMM*iKvneIp@>?t{BA7ASm`{MFLF zfD5F#W&YYDS>G}$F+PT<94zoLT_}Of9FUPR9HZctVQBgM-FA$u7QAjdqfXMm3h7IY z(CC5M{PhF_-erSc*{amYj%Ba!NP#QiuYF5VEE1ph}I)`>mDUx$GuAA!iLBxXmb z_ABUSNY*!vD7%(qZe+S{DrqeN0WnFcmHI|B;c1FxhS5&U(bZF^C?Ib*q3K5$WIjQU z!NvW(3$-Jp8*Jh-oDI0np65&CJywPL=ww-WCY=Yr!bby3%Q9*B;1rk;tsaQ8)f<8U z2kPoAp(vcW06?7es!l74+%TP}g`^UjUZO=*iA}qj%gOP`2qTFF!vRCzW1zmdZ9g6; zN*J_-WFu+h)E?w%KLjjXXD=my;01|fh_^UCwY?zeY%TQm0-)$Ur1k8rAMUN=HA(4p za=ttCIRKn>l@k*b{p&iO=Q{t*@mm=Lk(OcBw4`#%4`8*POwi-n*B0576!g%S8wOKC4iz9dL`LPZH3hXxQ}E@}`}41@sTXq7JU z!&!+}mHPp}8y?W^%6LiMj7Gi^m7k#-_>e3RLre+-Ku-ohAWN=sCrEe{Ml6KYXGQh6 z2AH#l(piAe;4&S)vZiW3ob6#o~PabL)JG0*~0|(W#!v8H**6jJXs)!=x)S=#HVvl>jTp zyWRIgdrYdz!m2950BPS}wptci7$gMv6*5&Zpg zyayN7M*Gr_3~Ehy6_S16@D=#eY%;J4gv7_fIzYs!2}F( zPPubsIe9g>o10h-9y7LBLnySLwR|e-gULA#H4Cr(b^T_Ew?U6TciFRHzQTrj`+)-j z3@=tx`2G~n(>S;Au0gXbG!Y;PFCxQ2Bj-{vGHzb+>?bV4ZdgK8J$YUQ+Nk7hEtJ6i3{;q9$9QFhzrR#&nSuX8gsD*O35f^|9?L;gWHoE#t98fH$AbvBMb zr);WKY(nNoJ)aVQXE>r1TxTv8l#9d|?2+@66gX>DJTi=5uxvXd>vm5~Py>Lq2p9jv zzUT98ghG^_Yv}u5DSvdZ6hEP5bM5|1SS(o&wO|i1qKC$)aLlIY8zacQsBStuGpAAF zF&5?t_@IpiVJ3S)C&^>*EZx-detzN@PcQ)!!}g)eD(C(2XuYx_IbF@W z|L6B&UA%U?*X#T`tJ0I57|RxHUu8zV)PSj6V@P;MgpPD(BjC)sh{A`@!>@JNw3F8a zT!ewS;b7XwBZ9bI{!nt_(R9Dx$ua!kNSUVx8g16HZQJuvQ2K_PAwXQj*qzX1>hRA|1w?#F z?DaJyA008o)fM@O{K^kDsIfPiRYSBoz^>dFwSq3~tF+;WvAC+?gotROo&-t@k4Lek zDHxlN+LD-&;C&CpAV6F?~l9+(qtNl zJI9`}Jm>gc!_HVQ|0X|=;e~nROe#f(bI;46rI{th*>7X6wC6(k$wK>sk4skUZ1Dv| ziIcE$AJW3fUT8R`2|-2xzZ{27nRz8oc@`Ay6-ThPy|$d*3nu~<_WzcJYebG|*W~ZJ zFDL(gL$;fevA9h7mu~V=haJW2tFwW3OiFL;IKP5Msl z>c`1dRMOnN)OG#1r~5kf=M7j?H!%8cCHsXI<<$iI7)sGmcuNjiLO7%Ehl9MN#e)1z$abjuVXeX z-zAWLqYXch4B1t{pQSUMba#G33$@>TGR~QE!XVV4n{ZgczZ0$RiLjY?tUYq7a8#Up zs*gPKN`mGVr28R0h+RRan3}^PyO_cgw6mkN#{nP$8HDJi|EFW}f`g!=F=d1EVcjTz z!XcgAhHm~$(64htgGOVjS%%3&dzRC=h8;HViN1=p7pt8ZEQnB|_0A9@b1XUA)>hd9 z#82eFe_hBQ6$dz60&!=HZ0FeI%jidAt6keqsjgt!ALrz*7QCw(7!tMrW*a{#%e+5P zO1>ETmw2>zrOW8T1pKdm z_ZacPS<|gw0gr!WTR+d!JZy6Skgv|@zPsY=mg|UW9j1am{p-kX2?s-BD3}0_^OI{T z@zh-U-Y`y5L3&GCF5gnE3`(d28^jT@mIS}eZMbNNQA**qZB4hN_Iri~G_?%k)TPO^)_M#ds&uwS4advc3f2WAk;qIA-jacMr>T>M5zPGgszy z4>Dh@EG%F9?|jbbF4bx2S%HUN|2<%4=yMcar3%(sp8p*h=W@rr3H0qAIaM8WS;61f zm5y1WVSe7x+BI@o7X+6qNNuBNDYTA0z%JR70i=kNPm}q|85p!$*WU4`2$Zq4dP>9l z_;qA%=;Wrf?ZPqDWF6;=)gr=S44R_dq8>O*^oYt6jpuKWu{73}$etKYW0X^4q4r3B z*PC6;8X4&>rk9ik@O!`H&91Dd5|}xHf^UxD{6;fr`MpNI)$9=;J&9`46Ftmyx`|Nh zu4=tZyY=tl1n#R{9V(GlUJub|ausq=Ed4s(*C%5n-McR~%UFoHz=^-tZ@vkDbHEYzfj*F(5koFfE)wf^JrjBK{+3!hIAlWM< zR=T@0YS=@1hssEmG4mCTrD@uj7`=zIaaZ~qS+F8?O@%V{{=JVI2<}l=Lxp>>GME+N z0dMhMi@gDic|=BgptPO;!OR4$SqySuzvEb${lT?yP`eVv9RgcLiQRd!X2bX}M9orD z4XDF7nb0G$fh~oFis)S~3(-JQdWzXQ0#-sZ8-lk0r|&}@;J*$o9UKU6ZDUd0zxr_8 zL0_sr^}vOvtzZGln$G7;9s}#QYq5AV4J*Idb%hWeLDEC;@%>BgpK>OWo3s4hDNCeI zDX-mHAC=Kbjq*S%B&8>zfV}XKMh~8c?Uiv7mVTVNd0Wk z`P)yKz3;bhMETy1VMINVSeoD${rUp63{1;Ap$${)MTf1R62+eYXs64;7fu1!S(aJTyAuk%fX25enW;G0{Aa2$YVnF_43r<4!B z$SUd76dl_|>(ds=0o7x`f>;QBl?znALB9oLRfKITyd(1xuo+n-0<6!D`eq}Q9 zFquH)#JqVUPHOO&DnOMXsi|0ug#gd7D#?CI@2$GxJTrGbhmfAZfBumSWHGuHKttoM(mVO4GY93jq7OP9P$~ zca#noG|Ul4YN3jzVbXz;87e))If?_nusjCwOD>!J*{DxF*pm35Wi@B{D&`JrCFwzo z@%4u^AznaF;AL4(_N*HHvdAKSzUzsyDDG>m5cTVvprGAnA;Fnx zLO}fFZg(7LsDi*n^~%(({Dt1DF%3864SgAD+Y%{T12al%A}GDpB_B5TP#y}#*zm4( z0(u;A_!(Cvv0On_X&jvGFGgR?SCeD4jMs`mP{$jGqLAY&ObFW2xddlyaK0o+dMY2FsVDbw(VMzSn${25(nQb>4sbq*Phq^0oU@A~6^O@HXpE zjb~Y!=}S;04Fp~=648232=|?X%~!t-M(^mu?2=?-7A1Hr4g$ z`GGjT>9NU zo(QT?XU?aYwEFj=+KJW6w+EvSBL8!r%)mgvZPzQ3uQw0lnLp&6K3fw^XlAuN8jz(-l>~CmBE$LsU$6gSQ4ZqY zJc@D`1r*=kG|O7%eBYsZukN~w?Jq93&vl)a2TA1YA}Y^I9*3@`{+uW*B+c@Lj=REt zN@q2hoOmTGIDM(Hiqy$=m;U-O9yD)J%hA+dhcl(!87itqD( z?+KJi`UJUpDc~_ay;Xm+E}?67l0^V^(fo_n!DX;z;6yDL;qV(rocuJd1Jx6;6^uXk zwSe6Q^c@~eP38J^Ma#TNWZzsbguIYn+mjk=IEUE&y)T2{25rOU#H_wdzY*)*MWena6A|k zQhq#4y#i)CJCi@d3Rq)671!k-Yw;wzgwk3 zbKWhN6fNK1f4ZpLOrv@R1Ji4wMWj?!&&AXs$`alx7dEX_f;^icy#tBL)}tz+eX0UU zU_}5b+5;KTep@7>eGrM#kM(jUh^xf!Xju+M@oyIRl=$vh)Gv-W}AXua%f`VFFj6GSE;uhsNh` zLmHf1-&Kahj5VxY_UdeaN_hf{x!07gtJMT)85pW3SU?o0e0RYa+l z?^de@)u?|21B+AuF*w!O6V>PNgoqAJ_fbs(3k}J}a7wO9K+@n|j+C{nrj3{u2=K-Z z@*?`GcL0HAtN>&uX}vzzkZsqppc&?&{g_sw=HDnD3Vzehz}AOr4NHn=#0;0#WR(SI z`^Sv1|I*B}9jY2r2|16h$pz`t(w;p?Vq_S7&8O4oBHrY!Y>_*X*VO;kcG%`YPi!ul zXa}VHK`s=0CjkMd?;pLG8g&h5>w4Lr3(;*}{?JpSX5%lb-kx^KFEf-B502OU*k9$Y zGmx~=Gpego$vK?+?c+p@M#0M#Icb=ThwgJx!1R6#`Iszz#9PHUVw`$xER}q$dH-Xz zShr(6^=fWB$g+EuWdbKQIQLsK)l_a%YugkS&>Q(BA|8lDoOdw$K{UQi>yHa+ z9@UJms=(+M#ud;oVyRE(%LY4^29aa>?;}1f(2gBVckMASoJPEfN9z8l*LM@_ZHUnV zB#&<_>v{@KuF6iv#J`HaLVx`&M@(Tfl0G>aV6c!Rwb*Ys)=2hKH~!Qm9%QKfhT5pH zM)$^n4o&SOM#qS5VEm=7*6F@sS;^<*T*Qvf_zem})|JnjrbZN-#r+TC1sIU+`(k%C zHD+uFrfXhvmQK#?=}+t%Eypmxe2~AqVK4>&9p(#O;D-V1&rtoo@y2gsvQERhoha20 zK$&>sXO>83u`UUU&qCu$EdPh4v+!#25A^W6g0T@JMM9BIL6j7bmUeWfNP{#;Il5tV zcc%kELSl4?beD7qh=HQ=le>G*{S)4^v-8IH^E}U`&N)<9jB0LkO;?Exkbx1(W4g_x zdgDQ;ONCi^k@+_Y^NRZOv@qr9E3hg|TP<-~PG7oOPe(FxO6XGW%qxbG9`l5DQpfe9 zE=;9mZ)%}*+`vb_%oaYHzwoJA-?V!{SYBOUTF>B2&oV;=5XbO}P@5MRI9*l*c8u9> z%uBkK*aa^{VHTap3=4!7J>(5EhdNvfirg|rAt(bjj>T?v!^VL{FC|0H#3{G`7H^{r zLoy8Y&QwCW8MXA6d|(UUm_`0b!<-*Wug*qYg4?~j3kV^NU^1f{j~7M*>I(s_jWJ}| zNsRBJxIyt`MhP5x)lA06^vm79jj%9GoYIQBz>2faa-vAh3l5_nwlP_eD^3~4ix8v2 z;H0F>6rqjO9|-nCb$PHwz23Lr>o5 z8<(0dp(_&KXs+?*86W>$Eon%K^@%CaH|^BN;iS9jT2}&FbuE2jI{#avcy1b%2co@D zKQUbZeUyRQ!dqZwBSU%bU0V^^AO^TPFDSSU4>02n$IwAV4z6aY*4>Gp?cZPK`Z9#ZGHnBnXE9sQ{T{8Ruxp3-k=iK zGCMXm{=1P$3o4_xIN2cS^HFZXZ>)&`Aq!@m4ja7BW7z3qry4d-64$*ZEEuu@_M^@E z45KZd$oG0ie>f1Y7nX6^AVG)FJF<}fbQcFVB(^jowfQZ-GjD#@w8UkH-UGt^{bva% zYxB4m8**k^!DEh!zTPXMTli7v*;^ROy$EZ zWTyEK*VY=?HtLRO2O9KE+M0&b@cKXXL8Y0;dj=PpZ&ZsTY@jwQnTE8SJMc|YA7)Y6 z;?Uz3J+4Yi?w&Cw(LRh4pf=qnK)z!tZCukja3f@g7P$Z1|IDUI^SRK$k`>!?u>+gu zi94$Ei=UB(z%)q|ZufD>uGHdl$-U=oXw&aOb8_T*_lQ=DTNR+yi%M?0%J&zZCheAy zX{hhXsWn>v;NPrxw5JfYtmCU6Gu=lFypWgCH#pef`DxyxuN^}u zkyK-hEBDbd&s8SZ4S&vC5Y<}I*{RX)zuU0A6=iCxWfx&{VEt}iTV~a0qS0aqJqN9g zZa%Q%Jg_e`;dZHTyFdLT3GYOA=y69+Q1s9>v)%ijRxDue7h=C#Va#J^;%&EhryvHD zy&mLi>+){3!u*5B+KWJoL%7*N7^jZs@Y;=pfK7p^v67F&QTB_57zc)eqsBU8>0LX_ z!9JA)BIUwCPTC=^(cw^9j-A{gF)E4Jkv+!1Q8&^)yJ_|o=wpf09XCuM2^^JVIw?;g0e$r7H14aSw|ADFT z;M<$dJ)8E-{8DMKQ@nCTDEn!9rn8S7DMYAR5bsQX1rVvoj2bAp4C{Yz+xM~&Y7f~g zs#N-p)0?eq;lB!-l{sVGuwQUfx>>YyT24BnkxB+##0p|Uxn5CiY`U_aopE%z)N?pi z-I@5V;!=bLC`ZG1W+wS@$7209p&?N3oBkK-r#n zvcERu7}0v^>`8rd*zD?XlP`?9d&pq>7Oab6*Ww1V74;Iod6?TZ!$@Js)qC{i?DVfF zC1iT12p9Vh54J#+vsZ(SaSxg+_2Mtxq==hIvbHkK1=Kl3#0-h_2yd7yw;8Et?mtr$ zG+fpAG`kH6-@1p3u$Cp#$fn`Tmb^VRdOyoU$$Lk~($y^KoNL74(X%)7 z$=rq`VBP5-u>MH?(Mzamc&ir7rPL#3v6ot{yJ&FnOvl zsJjpS7F5swyKxmvAcmr60AKiQ0CD|0?AOZ@`>6+hmVwd!E6P(0gxJ$G_?}Q!8YVQi zD!`gGoJ%%!arDu;#mD+zf6R#kH8TB9O8qhpoyxzc@^JN#xPzE3LIt?9I39p%#9(8@ z+#1DySLC@>2_tA6=n2Quo-ctz!msdLRi6seKHk56`)rEaDqPqKLgjw_5ED2i7HN%Q zr{lJ!ps(dJ;=Gv|1&3T;o8J88xck>p;M7&@+RYG0=N``O9?Fdm)$k8sO$k!RLD#-` zs{(ITjGC}p=cHy00y3{us|=-o> z1;@f|@vqME(PVw80?zJit1a|O&909D4zqTF!_IuiEY8U;k-%>Y#y0xQ}j<)22a)Y%kL+(Y57J2{c5MhbqrsJLqg>xPmhCcxB4|BKWa6w^8 z#rD&;5H74EU{YIfz7g1eE0mp;_n0YmCI?QX%53aM<-6QKKj*~b)WMO}_@A|UVp~4u zW)y>qaa5S`8*|89$Vqq(NvT{!? z(GAzPMtz6nM+qF!qS~i$i)ucjpg=2v%OSvbo`c{mL{Nh(YCBJyErtKYF^cFB_M)nH ze#p`xmeItO_M(Qy%!LRfb2U@!31wYvVE|AP$nn?3#Wz9tjL!}mJ3wjA`a_Pc%Wid@ z*fMBq0XIPBeA)z&RX=Gqu2sW#mZu7j*WI5+LvJf_4+46D_Y)RIz9-rq2wU;6c37jZN81J{e4z&*f@J`ca!v^ zt3Nr+v_AP|Wdpv6+B>-Gj*?*T`TMlq9_n)V>jxCiJ-f{SzxdvNoq0vcH!{Twcey41 zsnEtNEr-#*GlEiRl|cEVqCtJlW&j&K%X-79+WBhg7xrvcQT{MmqKS_rOk6#O4!DR$ z9?T&>{R3)wK2%w?l7R9yky!f{@jHflc1G>B|7r6CpUiDAvOGkXHRvBy&~sb zQH4zG1DoInY&DOzz}oX+v~Ufp+t@?p|L`7?p6j1}Xz43UNopns>6J00QjN+{)nVyC zWz^aZK)FC_N}{(Mh$1E(71n2;PJ`hf`z^-Bse>-~!9M%QDjF=$eZ!N)lE(9Nuw2iA zD$UD#mCri%k@RvOCP8+brxYkMo277=+UDqdbU0>5;$>sO!otQ{F1xwM1>DUx+ZTs? zjKe%gXk#=Lvi7Q0YRBUE@FQTNtP2sC=t@&M!nzAVemfxfJz+ z@*^s;?zV;%ZO5E=AW65xyJp#A?~k%1x%@!AtUqDrMWVGG!`70d3d*y*#b%;~se}W8 z(?@TCEt2HnDVTemzSvzBoISG(F!h&F_U4c}yAcV9Oc&~GDUZ9!%sZYgc?@79q8P>C{DS!|%fF3t0c? zmVImjoM;`C*CZd@ny;q(uDC%`iV3G^S7ue|VzSV#F?<{KG1iHU+a-k6s7h76Fgnqa zrlokQl6TLC0tf$uU@a)xa3y;Cc<(oFZGpFw@7sKiQZsFPqNfo*8*hb!&DAIqB!|rjB?9C zBZUZEVx#Np!?5x~`SLFPew(uI0Ife>`0ykJ9>%^>_{Z~g)M*I2X$!-W8@0Tt%n>c3B!R!9FYx^#TPy94r#S};Ek1^D{iF0i!e6QR-JJj{FJ`$!6pvmn!mfji3hGOJreMpPjV;AEz^eT8Sf{&i$;GrQG5T+Jsq)L(5##xA8 ziXn+j@N22KurR33ccepRGMkTNeW|soLeF>1f3YAn;L)BirrAxx5+nZQ_ktG*H=G-P zw7>|gU4Y^LV<{vgOe(nIzHm4-uh}TBWFQ(0LdEP3 zh7YmvxjPJM<23r&6rwJ+!=WUD|3}@7HCKGd5~8M(y*C}+$MC}Q!24Bs)ibPu6viF( zwtA*aC5<;&oH90=>*=F^EV@KV`r`a!?DJRD4l41`OhPQ>oy$t>ov7>V+_c2CHkaAa z3}jp5TAcyKKXgo)^Hj0N1mccHyO2DXMM?wzwTzVUt%%OQOVl!M|3kL9q{``wuN2~r zgEGqWD_aze7F}2QTh#8$6S(Ie=#KWDQLq$@;cgGCC1iiH@lOV6nI+uLETe5SU-Oe6 zJ-i1Cfi>B`yZo%qXa(;h9FE_yU_jn5X$5Jdb9;rS30m}6=XSzdscbj>{ujTIyhS5P z^Zw?Bhf+xe?(ClhLJ6ja7MgvIrBu>)!H6m|kTs7K-tH$6TQa*~W-pTca9Q!xq@H;@ zKlnNn2qOZ6k9Oh-r#w{3;MVYb*NDC6lz{gOyosy4I(MM~2;1%Zu$-l7v3D_7F0 zt}ca$;T`r}-cTBCC2U4|u%Tqr??o}#rXI66^fHSm%ljKw=q9A5_^FYELVPoMkLqlFZg9hyo30Yh)M7p80c2MXP(>rqvgJ$zR;^W*e?dn~Om2(C z3{X$YD}nWGr2-?W3f=lLz|uS{PO3c!GJ$$)b<-Su}XY6DOs1r z)<3koFm4Nl(8VHDd$GGjR`M`j^GJTxy9N^2`Z+k`|TkYov0hFAQ{B z`EOzVrudgg>F+n{kEVl($q9K~8hfFaG`tKV|h3feZ=pc}tF1rayC?SA{Gem99y*;<)FeI7UX z)xG%E5H)BlFRlL@iQ{UOcq^UF$DuB>TPaSJ&~Y;(&?uUVi(24OT=OX_8{b2o_P=EXB6GydC1>p^G_EX?LD*?QA)^Sa94#a zk>pEqtx%Sdn?^&qQ*-NZ6-683nWq2{GaW7l(2z8+w;}W0eYq#r;G3xW;#VmSASlDk z5wTGC{PfHA0qZx2BPI%dSzF8EFs3qtW|;duF!Sj1JBj|0d`3dCm{Ty(5SOIn^mgn% zK@e6hu5=@7#X`lRLic^KUo2=QUH}6oH)X+6MwF!9r(xn0GnTd3MoA*EWlRD;BMr2Y zkpZW`-M{|PvIwf6cE$4hx5h@5hbw(J(=kHPIsIgqRF=FwTAFfMW%TS+WEnfhv>QAU zAh!lTfl#A3t-{51`a&t)%b4rhMp&b^$dAhRVInafd{4f`YMYe{K7SbXcnd_4N@Mpx z41Y8A9HE#XSI0?nK|CI2AnfpDj$O95U6rNU3jPdlha;TFyu8msDtobqdb~AqzOjus zx^}qx)aiq-%~k>H-oDfW>L_IPMZ`cp`{tGET*x~iIAq9D)mBXb-RE4jivFYK_o)B}%{r5% z@x^zYmksWTb!LZZOP#f};9sPi59|%+dREipCCn?eyv8TOSRWZ7m>rPi_~qeu*d~iE zZHoTikqDzq1h2muuf8!cukChXG0c^^xpN`eR}d@>5BFNxvDM zYi$46;6^}V+Q8o{4AN^X#V%rV@60EEBWUKFkr z^Tr{RY_Fkx@IPo+;$I_ftTplDQA)Yne~F3=+MA|aPdx>AB9EM|UJ8&Z@D7P!{?DK(l6q%p zM0C-?)`;_=NWymLx43c1qblu(6U$)FCKv+sl1|Mm^djn4UOw|1(p7YK{*ca1H?spc zyWeWT72NmOpA;g>H4V8RblJMg_ziobek9K*+0giYhYl%eM&4EOMys;9yac)76!x3M z0Mke0%>om^14JJS+@d-T$WbPqX!(WgwGbb>m{pusQvx0wwAFsj>6_bk^|Ct<+N|3wJ}l`I&e+BzDh zr^rsHi4es#v~lR~e)fGVFl^h$vyJckqj5pn8ZVA@xk}A{a5$h2A9+h zltP3Fbr)i}lfw|*X*E5z*Ru4l9o&U?Az)82p>pLYt!m7(%eKa0*3n8ij2ug?e+pga`qG%fWGm zFTV|Y)t1{)Uf2lP>7QM?&U_D-%Z?$&5Q-KMj~lB9{m20Iy#S4?01!6@J_D6Qy&4`2 z6xbszUJe{;4b(Gmid=FcMThERLMPhd^xZ@4xgiIfV1iIPg(b}GDzuY6`gV+$pAm>U zCR&I)LD1o)WE-Ja>Q%U)c2yZ-ec{@$_sR>9h=WJK-4mCVW5@xJ@4Wprap0GEccrLU zq7+q@HW2A3$P<_J`N|OP?<$FfnpnY}|BSkQ6N0tevyT19&7mWicMA`v=qF(#3nM7}=tbscfi zn-Nh`E|oO@*gX|Euh+?sv7jX^4L1sr-zwBrj#w(%COX60D`EfAEg(lOAIERq*UDZU^ju`fpOgJDf zM!3S%)Os#STqN(+rMua$h@cu%5m}<1ELWZ4q$2mUvr!LE02}LwjWA4qe-&3Fo=z9z z>A~%$cAT!&k)DT-(y762)27qJWSEeITRXmlYUd{0(idD*NO~yZ#FOfFoEcA(g~YiB z7-y9{lxcqy8@!U|6$w(5CDNIGrh|tX`KL|d17mZnhS`Z(r)`-0!~QcO{vDG{Ym{Sv zh2|0ZDni*>IoSp*kb;}zoUcSF6cV|x3v9J92;3KzK%7Y{lsN}+zx!K?r6cp}t-PlH z_&d>vupDP56L7ca+RS zK&y&Lw8jFFl3_o^3vG|E$0R97Bq`)13Fi{1^NvEj3uR@jEb@mq7DD+aHc@OkrZW}< z?F*=z1qf6S0XF%hP@L&tOHbH)IBDoyz#)UsN%u4+TsmqTL=~4!$kPBdfB|7_?T-Bk zPdATAR_1}`aF&vGCg~7RBzLTb5!7QelyAJW%&`yxl$l9{lJUF@pf8fXWm11El@eaW zwo=A&69GWcqVzZbYMr&mmgS#XuI}VRV56vk3N+r)w)lU+oi_gpP)$XQarQV#kg;;5 z&_%XGTrw%Hawij-LlX3I%kig!|3q6I1-@!9J32TnBUrM`yFDzkB06axWJ3`~st2Te z&y5?;lvV?l#PgCLq4sslJ#)A=C9^&qsdJ(7b&A;z<)CVK5^zd|NoP9Q2}ZIespy?2 zCjdb>7C3cQ=49rec!?|R++Mbqq&bE;AnMn%GKigD_Ks#ysf2os`p=cgHtZ=(Gc?TB zR!j5dCG%#r{#M*LA;30`pXb1KD3}_GL|qnoe+#ZH3vC-EJsU5`waPZGO(MM+O^Y>t z^OC!+*#u?}r0cV|t&Ks|$FjM^Gc1-Pp?PsZxm5?pRn@QRL;pBY23C(6HPHn&(dRX> z|E?y#Q1<<%=-|=7wY?-L=xxe%UduXTe;fS(u=64fv0$n;=~Vem_LBSO2!y{(K<2p#Yn5U z>HSPXN;iTl`)zqmn_|y#1Q#A+M*wxU;7)(vsbLXb&TYPR2!BQ_lVJ;<3!Gzzm3#kI z>TzB82Y`nd(rDFYycp#HPglB~llD6&MZKQlcJ4QWjhd&}I3=rp@%s3Y9?*L+;2;Zj>fO?8Aa3v#{YePgMOEvcvB@m9T8jPD6th3^NFTK6{ZwfE%h>7E}v*tnrB z4iKf^Z;=zp6ZU;S+q)XE&^NqLI+yf?-*HUWEg6jcD2aY{v*^20_3I)*ypp*|yI};< zX0Ef^?1Q?n2C*1WTpG?R?&9(5V8w*@CY?!>cv2=zj%jU@ z0U9RCLhO5(Y>&swnDz}hClh!e&*>qHpf{G>=?*T#6pq6*+2isxg^oe>4K2eJx9g82 zM!d{Mz7Y=`Kh9$r6s=qv0oQgy8AktmL4*ZJ5~ksH7ZVB-Bsc(>SWiNcOFFhysev!} z;)IpQ!T?9e9S87}zj*Rf{8Q%)QEWWtC;+;cya*b;Fbl1rPhXVyFoLLVy)MPmXCCp4 zbas8{V(RQUt$xro0uGfc^-|9Y;JS{U=+cK^afpe8(InZAYQ@lmg!f~p(p+@gzYkDP zboQA_lyxzLRVbL-e-bf)r(3V%oX&=ug+0DOPJIoE7S){kRX=Cd9>%_|#@a3{|%#{U^I=jV(cngQYc>BR}GLV?LO4EQ5jpzU}3% zmJzJ<1eyE&)jpFgHJL0;L#`V%GPfH+0G%w(-VyMaYS}?`)kRB_JQA@DqvI^slf>G?V2gEg|0sDN_w9O1EZOvA!-tD1s?zw8WD^5F z`3ZV=-c{z_4Q4|T93s~oVI++#DMof+k)5pIZMW;lR@K4skd`P1^WMt2H`Y99i)a2e{Zed+Eymp5G-k$OWgJgv)uBMxW~9~ z_uL==561$Vb$EDHG4d@I*@Z&z%dWP6-l@T?wqO?7&hkYuIKqNo6dV>;xvj>U22zvb1E@)?i4gWs&tC zllY!i>Z*Qvt5pd&ueEI++GBTH3nzQ;pMI_XBBpsN#h8$ete;>$ekFcv5??fP|7^an zbFE>(@*Enq4mWPt>A)d*@1L8Pw2jCj56SVdJYXT&$~dcJ8HvK*8*hzBalbV|hWTHv z-G&8|j~Z??qHzhQ;Aa=Ht{3-6&Sw8x9wO~k|3+NBbiCXHPbgk6ZGe_wk(`q|N%>zr zLr84|h+p0RR(hJvebW9Xap?Wg+Mly;ucbo=nZFA^*|N6$NuKmwQTmwLV!y0zKH9s6 z<$bwXv2-<+L*Y4i_anqK5rIP?FkgP0b*?g6u1;W(v`*j)x8!iKNg(8nB|7x_Y__N# zdz~~V%G@sW?5A+i+<+TS{AHoU)K9&0Dp$vC;rwH-*AnNCe|U|F-n|3Ix{ulkA&(Og zL)cA%QA;No*@z>lJIj}l`Bpj+B_xpXO`tAq>JxbS`s3^0{f)oBkxr34m@1<96MI(b zD}FI~bH48SiOQg{r@!mZ7iX^e*S|7@SHdUYQdaL15=at)7VD(jfQe_Gm@Dr%EV&u< zGaRK90e_&4v&xjDpcg8}p)o)d7_3n)PFXq_hZJ!N67s;0#8E$vDu)Z>!-?-oeBFcIZ*L0ie0~_mYUVRHqNtYmFqpES) zA24FN(5B<;O7?gX!|e$x2ZhP3yK3uGn46Helew6dG(|QnzC=pRwJ+H&0C<;ao7eDe z)%&fx*e7810;GxfzK~E-#{moAEJ5r0(u*J-(AtiT7 z8EJ5RM3iQsAR;{CF&p)D4AZSm9%EM(HoouX4$WiYxej=v7qqGxFjsRD!w8?*1ul!V zAG9EeywbTrl+wgoBbsgogrptBl?8#d4uz#T(uT@WTAj|ygDB812zRtQkITrt{%f|` zK#%xjh4Btw=6ni}{#-8{B(eL;qC`7Df6GMfp?GVAm-+I$sKCgZhdWiJskJ+gYgTpn z4zBmwcj>Y)u=gpdm6;FdPt-~UgKp>Q*(|#s@f1x||IGOLK^FcaCo)XJsQoOAme;+t%Sg3@9maq20 zMYv$*aao+#*8}73qE|BEIKPJ^>v~f^bg!=_vwg3>K4hD6^o-(byLOt0{oJo8^-SvB z@@|X#N#Ml*mzuaydJLG((OIwH0l(QZ)_DH?!t~jK8Cp3%cgSIz%4V`M!-pNpA@@<; zbqCv_t^JBz)&;aG%1HY8 z63dLQpRTztU=j{sqE4@p*PLl2Yq2K|N^GmA&GQ4hAdh=QQYbK4rEKH_p#btOrUSR> ze1xZ9;0Vdava(+$Ic^KhKA@OLU_Dw&FafsSlZ9u4y~mZNN3 zQ>4UH3f}Z#pBliK+TD!G)w(~tzGTf0zW=Z#z?fYfbfR%L<0%yzuRHb$&t6`2vIXh@th18D#W6J%-rtVZe#s_NaGqYJ(=>iJ zU^<)=o)I=2hS45~Mn^7ID`%r4NH|}B`Bi9dd?n}YHOA=D+Br13^NOT46yv|ZdZgpBMUI*ybZPj`%K=oxz zk(60DjGA4I!aKgN$8Nu^PXqyM%9_1k%4$jq=B2}IBeeWeg~6yf1(}NoGQ4b^PC-dV zv2(?FqmE7q>`a-;e$%TotKcj>Lttgi!dw`ar8f52B!s5DPy54<%3wzqztT?eVz(#DIDO`-weONObYfJIM2SFq9;Q^WEoq&@ky#aCqmnjUkZ#dXkwVWHc!DVU zz5e5kBpDO2dtcAk*cMI*v%4ky-6tDG)S+ZuQeznx&ihyC5`- ztOsfDsrf~cIa;;}Sz2>2+~C;+j;BUF8$J@Tx0L;))L_Iky5#z{?s~gcVLFM8zH%M* zBsytU=f)rU)_>S6i11MrCpmks&7N8u&TbS&+I8Oi=AjEg&v?Jy?V6nr)WZ?k=CyLq zvEAu@1CIS1QAGEJY`7rRRT{J9tQhIheh=%M3M-4Br;^X;ofh>~qTg5Df>zT#H0SfT z`gF~S=mnA-Zdm>}q|bh`yR}~Q-7TlWRoY{~yoqBF0JI?9>E2__X`{N!5-{6zxfWN&BX0?B9=iV2!2AWQF^v4sWY-6PU zY%S^e54;>bhPnfA*&7^jtv@VKzlsN7!9O>FD%1|*Q%HIk0U{a@;Zdp|?1IBk1X+VD z;j+vEo-Fwkrss73PPYOaF4Bm!3*J_7ZJFjBR~%aW(t0BR+QCPntN^gN5ILL_i6KKh zS}KV=DC18+16s=%K_OJSP(~Z#i49*_H2ssh9a0tN77D)Hl6#V?e3)<#L5^Her-xk| z&IlBtwP7X2brrY$kQYF6b9)sqhK4p$i>6>9h7LKcf0KhvAHR4g-ccvq@vu7{EKUk- zB1^9!zsA!b<<>uRQ=N8;xA#)5^bYg&JVxQoocXn5@5fz*k)bh>NYuqwnTzlics?ns z6vH{9_XfpQ=bc;8{_Qb^_mjiehbpPPzr8w#;vw*AR`hPzPPm*Ln=Jj2dGSHa!p?a0fmANSjINlLAOL0zfNNs>F2} zlt(U%MLcEib|%G|o{C_~6jjt8i4jyKxk}_T!>f7XO92gN+fHp4#FMLVaoiIW5MS&6 zmM#?7=TjV}0$X)e{I^vcaxLd8DXo!@x8xf&8B8@u9cVv!KaU?Mksa|4l8<+O`u96< z!zC+6gQleJXrh~m0MR_+cjxyU95SI9b$O&Ju2X3{r|h92pW`_Sl^pS2C!vgxkB5RN z#O0vw!%rfH%Op$o(s+eRNf!{Km*b?VLK*HZI2j1>)8p#j^u67t*L{ zwWK|;ZXP+3TdZdMsUe?gsD_$Zy+oCZdVZcl2IfOex!RhSyshm>{rb57`e+d;`EfC< znMv)i6mzMj+G_jZ_1+uPpbz`1WE|yOwGk>W`p3GYpFR{F0pICZ}xO=3saI|ST4r`9@u^s#axK~rOVPj7O+UY*u- z#OZ@tRd&DsUN=rJ{TXnuS>8_|cuUGiBD`P+CW1Zr|cw1#%HUM4>X=MTE z9Xi@da?bK&DB7QGUuzAzj9HyN`*uB*ON#zIK5pfNz{#Rp!~s4$7)_$dhXzQ@wZ*&# z5oFIQ`_M!@&%Q_WE)S|-?xBbs07_{j1V~_Ip-`O;BQ~EQan+tB?e$NcA+7juaLV%g zgEo0b=(bAyZ5;UOScYO5n0+|w&#GnmNIctSma}4vOzByDy3Upn{$!2iG`eiAhS7fw z+#?$-GIZWzFxK5mOyT;*mpUN=&%%`uuV{^$;o)JfM*mnBZz499d|w#FX~tn9mz&T) z;D*sa7!Q5L-0o*Y%{dQ_cru}-*ldu3f?@9EywVFjw=;u8T4Q;Cqf7R9avVrg zM9;Zl#fZZoZC_DXK)=px<;j05O*o*Gj8G$)DHT~Q(_9^xFsfu`CttwoxgwgkB3SiP zcLrB;7ff3BR!8?%3eT47*^!(=2qv6KOSfsBzG+3qOuCN&hSo3{hEc(+04(8L?Z#c2 zrroadFV5B~eN2MCEt5}&5tLPQTRnqAYeO&0(j)Z>BTeHIOiC(ZxMHA#AI*j~%>KEo zH@1FoSJGEwMlz#AX|yQyWIpt|K?e8OCu!W^Jxo8;RPBu4_{;vuYS% z-2fN93fmFc+?6igyEI(-&vg0HXuAR~a0RRnZJb<|P3l{Gda>C~8&7EAd?B;^%4{jb z_sPq9?UO)XlaXcI6`jraV%*=AgV`DH_lpug_FGs_$Ej};Z_84DJfmqynG zF)%c6p=mX5Zq)&`I{j#o&#?7Mz$(st4mrFvv0z1HH>;i(dfTWNT)h0pN76uGo-2li zdeVxf#{!lMqIK8?%R(NZr0A6`w`k)bLRKZ+)=ZPuzhQC^0tJYQxGippnw)78-x1^o za~N3NELfX+l03==L1ZE9a2pD@Z2IB$8@~IAuM_1qnGE+;5TL(is zfP*j}_qN!g8QD*p2Wupcjv|D63|a3CiO`WyT%Tf_WW-cKjwfs^T4rDy3l{y$zXq4 z#0EjI!{V&nde+4M9h6aToe9_*$dEAl1D~G{`q1sE`X2gK?)cx|dG!yhVvHffg$6Ai z1~2M9|7ZAU(N;v%hFupAi=nvjk#Q)yw2M5qGVhsrZD-pAK#kMFId-9DfNgx{iw)-e z04n363~PWsjvoz3;Cs%6j%}1ijfNd)3oT!tA8Cd-%4dt1!Kt*0VL>vE^#w1;5039~ z+W&<)@nOSD=l}sBr*dV}3X78vH>VkHBDbn8od6-Qol2Ce1t5fTuBUs^(DNwM_oPbH#?C6r^&gNY zdTOJ2l(2bHc<@3BilH|F#+8rWYPmef+q?jY>7`+w3mr|#obD=p?qGGjc;GtvFia19 zwxD&gNO#tuHe%kobJHx2(L)13$CP?Fp9i_oC;7pX1Ht909fg z;Nky8y1iXAUGlYQwQ%l^d)S0>Xg)X}pFI1ZeBNzv9uGPCw29$|+x>Vqm%e!R3;9w^ z^;rx}{7GKupQQ7@7B5d4&!vdg{t;o=zq-U;VLHh#==5J+8?eMlzpYcfkZA9Tc4#Ax zzOdae+tfdeVwSV`>Ch4bA-e^*p1V^lElnFZ9#VEOREV$R#)vza#%SWt0^!EbztXi$ z-?}-!emAp*`FPcN!9)z4?Ru~+AKZOrh&o&ffqhAo!H9>yWq%s>$5x2Z{To;E1q;R3 z4dnx5-#8Zxb0dzIA<}IYY+K;AT$bSc&UpBU|Cu|jl_LB5ElcO`KEYn%cfD3)-mW-l zHMM^~*NstdR*(@i{*w8PC;98DgHaWWHy|7CZHH_3f-716Kx>*jP4+6nE9gmohZqSH zK|VpN!(n^g$}fLBv2uLh4tAM{C1WXcwJw5xZRct2~6GkRvpd` zM6s0o@?m>L(|EPVnUlxfiaP*ZZpH@=|60ccJC0CY^Te%u(bK$V){+sI6<^R9&p3NsUXkuLvf{v$LSg>8w*6QTg? z&U`&;y(^ZxoGrg#n*Piw_y4v<2Nr)8Zq*EU^Lkc6c)2MCUC$+2pBf$!P(XHZ8qRdR zAo^%--ej=qTg`8)_g@|jIK>H~L1~+T^|K&OBW^=9{=-PnPUTSUZV;)!MNP*y$=;<( zAL5=tPqS4 z9utZQ1D{B#$o55$Anb7$3{ePbPCCZgQMF=iHdq+ZlQ2>qPxi4?&S$x##hx4=GVfb9 zGqHGae#{khrW>vC;(AsX5dtRT_2$-=hbOUW#-+>7RB9E0IRKVDSrEx&_GtQ8L`4iW zpBpMQwqH4td#Y5k?kD@iJ2%tK1U^H%sZJlVt&eqnf}4<#8}QFM?+fipGzHr~k{c_G zN@C8WgLK(wx}i1Am=UG?JD0Gqf~7EWfz_?GS=YnTVMjk7t)9k9PB%5Y`{}A8h#uED z;{`T0Y4v303}O{9X|$T(o-j@=pP4MmdL+Q?c5+g0-0SQ5{^;~a+~9 zs*IEDIxe?ljPhq_)e;YzZc@rC;wCHvu{Ea9piCmhz{?C*bb1CUfH{Jq@d z)XD=>m+}1rt($$0;z~_P39fhtBhboi1KZ58!hPcus6aN$!vvmcR5S?}qrXs54lEdl zY5XF$>MWP4rBbiAUMo1U{U_9>Ng7D&zZOZ&KyHf;r+*XJ%7LP(E>MMCPHGETEm@!OHo^qQUQ`TWvD>=a0w0C zie!9K4vJ>0V$ldQszQJu$ZC{pY$pG7e+2EA&oG8qY55}Zy?$V|un)iK_*@gN@Aux4 z)=bwZpIyFZ9AlNDTvV&R+lxqwOl~lwM#w!ij_!_26u14i9MY?&yrIxEmG~zMp4*bl zNmr@=?T`bfaUM;h&!pC=r1otcqB>CJnYpU8Lgl67N2J_FbPxo8aX@+9`#Y&yf10H5 zr;p8pfvWcJb$`#}I)ui#lX_W$XiW4gjUbL@by4QaeV}hFRSaX|0RsM0Cp>vtMFOQRfp}pS zaH9VE9(HwOZkytsiC?nvz!tO=HS~wqKmHMxB_ydS3>C=^P*mDbM=_L?N^OB6^fV){ z9uzyFuKG2Ggk&F+GF=99;MOIS!G}*cIa*&;q6#cGt0KN1wI1AP2A=1Cuj`ilYWfgvX%Lu z8Cy_<_oQIZ7K8#0dAI4u=R{VZlOdx`(pOykz#jsD6E&*1ofB`jXxtzmCyS?r-4xG<82l z2$u){wYFJ9#u9`+VN*~0Vj3WQ-q%d_?VgU$ymF&{@?0rZH%)|56%~kUp}5a~hd6zM zHF`n4)BIP=K-B}gJ(GC$*;UYdZ4_(NWp<6OshE1XIzf$* z6GSdEP0*knRcB_Fg7hQ|zkTryB}-JaYD_<=N}z_{pYxiPs>y8hc+^KPlgM1pEI<`D zu;ZcmPG?f#GyZJ#*-RQ>lJ*Uu`T9 zgz&ggO7Om=M(u(9^!MO<>L;?+oX^nxvP{Xsiv9pI)%dHd#pohp*NwpKIUxSLj6GJA5q)T-A+>-g0f;u#{McjEEA^WM{-@9U!_O#WI z@dNHNO~uLRHQy7K6RN{Dhz5_YDOKfLCVEKmQ-Nq*f$S?ULE6zv73$K5eatkoPBib9 zN@OFMa#i=IVru6XxnM1OD&livB97fh2Pa|6q_*R`?mw8=rU}kQVzO>EoAN`yPo*v> z(Q2dByriI36ei+Nb|kg zxpo&O5v(*k;1SHSv`%*yb#_wj;jCwge(T7JO|Uln!K7DwQu`tg5@+J?9_i1RjQ&Nr z@-T)$%xQ7Kniuq0vPgSx!G6ts>$ef(f8Pga0I_h6$95rgj-UP4DUl!=Y2G=G=fJ4z~Dx?=+;lDV4Q>GYh zZW9DS^B?40PSwSn4&sdJDgrqoenV2Vk*53 zyS5wd7%sJ~3+v~PXaDubiLr`LNWTw^TD9ilLtQ$Ci!Gy$QyAtauPcKEwLx@M&H}07 z3_YdH&-qw{O2uVtsWhh^Tb7E{I7{pHk&SLjIq;Cd9r-FKWY}5Akm1*q)ln!l#am!D zAFQa^{VranizvRHg;M$B84i@1U<_C>9mFO@?BiHM3y8Q!a1)5i*L!nu_K(|D8 zpHO3?Lw19H@n}Z4w7ys4DocAH4sf1Z*aW(0O!1jD-#27u0jr?7kb})Oa#H1Uej|p zTHk`;YnFg<7?9gDkMFGJx;8ChWj!gVnuY zp6z+{-W{3GF6;!rX8*tUQTq0oba7}7);@4(-}I2y%#dDC|7UX~76i2lvqWo^P`Q^F zaAcNIGrK?gm`8O6vmSO27a{|55_}yj=r}<%n*>_LgV6)H`{8Hb?aees;|gR|ctDje z66=_Wg-;V0RQkY~RO&942^9x#lXYKsc*OP}BwS6zc9uuf93+f$Jy?%QH%Wnz;ns-j7MuvHBEoRex?@`9=Ahkp$+7;glY{-gP7Xq% zhnpqa8T^!EtSbF!JE_8IQy zr$|?X+Kb#9Z?2xJq@lz8X~gau$=rOFE%xZ=h&m?+jK&{msa+zpHaE){zqnA$RacLYJFK4?Pa{Qf{B}<;L-P8Xb)!C--gKDE@xc2(Kzy zirc93m;Q)@(EJsz()-*+l9P)`UTz$CMG3l=CpDOu!%K)gkoM_p|Gq2rphEK0 zOtdp=bU!^?bgSys<_r!x-BeYfAgY9Rb^WQNk@929<&AtOd3!Ud!T3dz_mcB)u2U^X z@Jn6>LyU>pXC@CG{Rz1e48w6b^G4{rtNT5612J9}&Uzyq$FQd45+nx=<;P{Deem=^ z{8I~3-e{2Pf1I4B)N}+KE(=DAW0+vB84DxBDW3T6cI+I?wnc1Bg3wa+uz!L}4BYrQ z5Sg*X;UE~AM!u6hq=rT&BT{(wbH%$b`?NlBCBymN32DPA+QXg#8Z7-Kiw+8BS|&l- zY!!W(SZ4wslvNQYm=h<&tWFMgC1A*$m1{7p3azJ{Y(E>8-577uU60W_gHe)mJaG_A zHNLxvAF>SnH@!v&M-WX-wRG5y2(MT@FkkAa1&+LJtsfImYTxvfua{?~)4@1RW$!N2 zyL6$4=~-*W_BBeWX0p zM|DG;WY|$7;r-(x8-5yHF-PnVAu+SwH}r!xy~AOnDSu9S|I|ynA@3)INX=;NT!0-^ zlzi$ce3%dWnW-}I-#N)#>drW&AOC|TVq(SR4N>i(5H9Mny7S4_ihDob`$^6dxL6+J zho@BkUY$&-vk;RW&!}De3z~tkIGoPXe*RsJ&Y`X*un5}Jo$Xq`c&|l~>s}v1VGMZ3xq3+-?@f!H2#|5DtqqnJiHzG&yhwSE?i3cVA$ z^V;@k^7osYn_J+cM~+`tM|$X>5)==yMMOKyZRrk4$G_fNePU;YpE-|VXds1JCZ;i2 zYs%}<1(=?g-BkGH9fFb%HeGQ+}yE1bNy zm8CO?{(ZirN##=D)f097O+ZVtju-b917qYSkumWk^DZ znu0qwe9QvCQD*+gWV(md7L7nxr`&ki9O_Duz#5Tu%U}QXYlwcY4mpr}R{Q@txu+ks z;LxbPLU(@m@x`9?rrev;AF!9Q(L$5gg&B^9oS)M*l#1=q8lahC)z318CTf2v z9+|#$P(;Z8o0Sq zu6tJ|E#6#@ow@3QF$0xm5&<7<0H@t>)hd5BE@snKYK!-x_%XeVlyw3-O&{!~1jG1- z8=JqW_k8@axJIetHiHI@w%%5%yDa;*Z!Pw3vZJl52=U}l6q znncoLq7NGW(Bqtpox=#*%7cI}ZGlnB_paZ*m^FQluTbKek_%;@4;s}V!6sHJ14}E% z+=MZ8=5S#Y4{3dfH`yH(tMIOlkF5^zFz2Mt`DDR77gtcV=kFIWkI>|1)8T`GCgyQe z9j~Ip`Z#=mJ>devGDqqY)1PeZLMKw=l*B*hncb?(^gfsU94!SMH(0`@IC;U485F&< z9~Lr*aYgM2SyqyJ&sDtNpw4ZY&3XPYeDM4&_`gT^P8r$ z17jTa%TxPL7nyKCUSs!;%R@hAxLE{PcCo`B(N@umxhLj5AAXa8dA}WpIn1J` zR@EVZkc5k20~n>g1r0^Tyk<*La41ND5>Vdk42f|{dIytDqZNhGRQ+q^812OK_kbwd zKT$ky!&CF&fY2DHKK~E>%XK_puJ)qYkFKpu37EBZ4kC!U{uwCyn$qW6w&NMpd4Y5k zfAeG23b#YgSh^}225^HR@|7yL(S ztvaxm8kpF-bsj{1Z%#01S?gJ}&J*=i>@{KVhgOh0I`pIKJ#`+43^IIJ=ZQ#LsBKf| zlSO+3S(y0efP#-f@K)ftf<7HSOd2n(+7`S?{ygTFOl>p3Gp*?y7_!myoO%X$c&dBi z4mD%J*jc}*QP92=_R+lXzG{1FbPl6E2TUlU!KUPvJkUUl41zhDS_mmb@aZ0b@(PDj z=E5iyWBh&tA~`Xf?J<*|!#}|8@doR&X)sAy2j82EkRa{6bk~&*hL9jowy@Rf*P5>v zM3r-q)L4%j%w*blP!I7*l+JYBCB05`e-bjHL%y2or5r74K>dbwH6D zqRH%}LS=x25)_o)Bi!QxLsEDf!{M~UF`TSQ<`*$(b1`X=`f3)ImM!|979*ZgM26}D z0GgZz6RF^V>~x8Xy$~Edcb8cpYxy0Q${H_M9;iMV#n~1=JOa?-;w^1ridlmw5287+ z328u#)@DLIMWU;9j4d_>f{y`*Co%y^;|j>ivH)I1+krSV`~4)9&tYRr!4vIC9~6-a zig9x`$&fABbg2i&G#UM--`W9!=MZ5_o_^8%6f_LQjQYFSz{EP@3q4Xybfd-dQq&3Q zlm|Wm#7%EyY-;$>%hXsbt%r%h1MZ+jS91i7sY$DAD1SSocqKsy%u z;XqX(*f~mFu;_J`Axrin7*z9=0$6b84vFGDLksp#zJUUpBBp)@ZxY zba~qtOB*O0A4NL?C55sIc)+(Q6RdQfjE>}9+GJ{bCVEoDW+>Tid<-y0$Fl!a3D(WB z49Q~no>ckMt#mHS(k#wTD7z-l%4HL*zj>!eL3_38h3{Cl?_u^s%6L+9$qH~qV4ft{ z!U`y&A$}?TIvK7P{v@SFDss^+z6ikP68lo?%K>vjl_+AHh+me4) zETTjeN`<6^`~gNipIG4_?+*)YW77kqLS1xU9(myYQsl9Z#w^$n^UUnZwE-u>OL(? z5y@&enmjop-P3m9OhL75Ylbog_Ez_ab5#o0(~8x+iX5d=&*|-|X^r`s4HIY?mKuz@s^d%1Z9aRPvA)mrmC5e#B3FQXxnA5Wa zB;Y8@*bDoss|!(u#U4+j@RYB{Uxc~AT)k2#s#0iEYic?}o0p2}E{opl*z%hf-)5|A z&X0YZ@J2>4-)rEFy$h{uxqhYsIi9SbF76|`EQ$wkHqT4mfV_j&$s+uGHI_ZdKGQ$ zni$(ftjcdFTl6c*!Tl8G!0-u33K~lNEZs$_Aq5H3B-9#W8`$49aEj*Y>KC*Fkoyxp zQrK$Ayw=dM_+791#2N_P1bW{qI^QFO=@f9jtmA!Jq^j4TRxgZ1#n(INpF_Mpq95+#GT6CCYc zH34~AFhNomltJlg%3d-sF0|X?4fu^#1YJ^FxeGXRwM?l-jfn zB^H@pv@uP0v48E#2q_{42W2j(cq=M>((8}^^0u|JJM=&X9A4=OK`r0tIo^Z9-;j~o zKvd7bDfoe7?~a2n6#Dqyd~EOU2{3aa6}aZbBqf2xuA0S;yuOOybr(k2)rf0<_nQhb zn1hp#&yntk=U6SefeTRL$onAr;2rA0ZP|W-)nVbUZv`8=4-}9Ps-6a+fv-$3H_QNu zt0_)G9;EghJnKlo!fSAp=LS^GM8Do<0{CyiV9jEolPLL557=TpOjZw+Kbb>mGvqu@ zs7L3>jpfLU0nok@r_i>if9fX+Vwx_Zm@qQaf^P+syV;k9L)e zN*Z}{1`flKDG?}=@DvJNcoj?s)iZdCRPXOMa54O-=47wlWO?^QCr2ulkB8ieCxfzU z%r>7uP>RX+sisV*Hem%?Ji1P6`%J3F-&~EmcUAC-Jn$L~Zx8K`e>c%R8SC*{HL#YO zH8p>b)0zP=;)%_ zM%fTDcU*}r+VdxCf;%x4$HY0T zjlJ>!TiOqa9nRkO0)J#GKeU;1vxfalnrq38m$24)+NilqqJMAxN9N5aejSKj9i>TxFLsTB`wGvzdo{aS6rU7uU>dbk zGvHX9L=mAd_}#m2ixpL~bDo6oREsX?lTFH>*OzkLp$uClMaWy@|E(%f!w}9`M%J>|7G>St>wY zChV<#67jAHsVlMcn~MnhFj(DpzKT)bTy3V9I2|9J{r4fYX#Q#Ye9W)@B_qK<71OJ} zR!>tW#}SlUYoy)Ra8en}qK>Qs7%cumQ6ly6@7>O7+~}g%M%6^`E6m1>Cp6cdoWu;} zlvZWMhb(bpjMMRjD|PI48AHj)5XuiAlhtwWL}}aT_@X{m&aD~Mt-0j+>s|A}G>}uY zW}muzt=@_@Y~j@!6{(0M{Cpvaur0+6uOvV^a8#ey*5hkOo3T49J{vvAq8>evEv~+h zX!nvx$~+bCZs`v}>T_Mkk%;ke4$eI56%19)-Y@pI4#r#aYo)B~^C#8ZFE*i{iuQqN za_erm?}KfjlrNllYcU_LM9?l;Gw4 zq)27;b<%jmy+X2E-}03U&n9cW>vz9eAJ%*~5Azi)+JR0;PkR0bssC^JjS2kWI@KrS z=VU+lkt!9*y}iSIW>?*i>luCi-7NMtkE2Ga_)C?9$Te9+&zZg!yP?6U4A9LUcPyJV!R$=d~#O&xh8q$FY(<; z_wxoYdq6_o?&VsYhr&BbG32B%NG|NjTaQ!Ntvw~xJqwBNPDz{3o_%M%twevkgqixz zb#3yRB$BLPKRNYy`ySQx7u&n?7(Amuv8 zp=|ZbCv=GB>#6aF=5b}T+;W{wf!&IWqPn`8v=bbLTaIqL3wmf z`}zPd6I={6N~%*KS&TVN2-{joY&WvoZ6aQ4L3p)NWc>)cdYRYhYF(Ba1wpyeu2TZj zXb72v67kAEeU2BvsYTQLkCQXSC0WUNS=3mIYbVbe?)i&YRN23KvNs!@0IRd8mi1JA zlC&&smrKZZ71D`9vL-OvO7rd-(uvyEP)N@#zC{u&SwpLTV!<%7SUO>C`)Pmm=$Ev7 zWs0Z%d+{J{OnueN&mnk;YK8#U%rDP*q-TA~GN5s%NVy2(ft^1me)}ZBqqf~pV4JdG{BRPWAi$mW-%baR~X?j@J)>ZL=i=&TTxTatjk)G z5Nm7Fx7+?E_q7&N!)Qbbo4x%^nKE7dm&E$csdfVz)&xMTtEUl#P$lD}C#Zl{L`PLd zkbJ1p3!Vv|?#ukIVz*J!KTdi9h`^~n6j3%Ng!s=Sl}fm45SK_Xp)yX%E%SJg*~%*1 zC2cDpubh?H2EAu&*u&Q_*wnvLHblKk80ze~xHK5%+f^hEck=l$@=?VGyPyI6c*b-d zkl|h0TW7mXhNGjLuXUT=i1c8H&OW)NfFr%hmC1QI6brM{E+hAf zy_N>|u7$d|;jPKJ4vQ39(+qt2=$jNVAAH~NH=4Rq3f9qCfq3d#k4#D4nyO!2Ln2{G zW)axtU$f-FtFn5gY&AipktlsReu#wrw~ZHf!K`wSdjp3PQbVhOi!8x5yG%MyJ{cvO zyZM)~(q^;_rYjG?y=xofm(eVQuaS>t%BYJ`R zrtZ9gu2=`NyvL0_VUlplGRuG7mIQ0^q(Gs_jwPaAKGy^OS~@!^Z9A( znXwUuM?Evp*v9F*;b;Ya7}@S&`i!6cb;ae7!3Vc~s}#TBrq_MX9>jSo5}w{AGcL!j zSehyoYxijCerJhVA-8@mRh>aEb(}e8LwlNaFitTOb*wp*xpW;&CB};RWY!mz2C5F} zxsiEqiU&fs#6zWp44-ske%)E5=Es<7N>0r}R6X>(6TU!|PO+sS`8167_SVnE3r@3J zKl3yniRxW5RQa7Bmt_3Bl{bQ)lP=m`cAJsVIsV0j4&5;bqngr-U@qoSSo>Zd+1q5m zO_ES1hLmUK;NkQ@%?_8?M6VJp`UG_2kdzQZx5l!gjFT2esG78hhAq>bCovjD zC4R{3JFCm(y=rmfAI1O=_(uVX2z@?o`5ju=!EGeh2h{cpftk?N$ zlNr^wrUP^J%w&=Rk>PiHUgzqur$}>>78l5bzt=mI$eR1R%(gK!%U9iy^|O$3@2k>; z(tbwF-^b`X`O^?=#35VVnFp1=`HI9EEzJeYpz+~z$L<`+Ju?C_#3W5Ox60P@gD=t zXdRBzCPgwd7dwv)@DlT$+2=>V^kI08J+SXX+=IEK#KDFrW{RRfr8k{;YnJlFY~=ln zkj17=R7;vR7#?VY*$*kluQ(f)N4d?7^Ub&U*>~g@R`U9-c;vf1jlI1;b*~d15fMcn zLkrmX3L{`OCNS}@zm%Og6&g&tX;6Z1vOnFs(Zw&v>26N?_1W;&3jK4|mZMtN?_g{> zR{2m41{N2_&AacYFBqLH*Ze+y{8oM!Y!cEB!>umL8jor*Dyo(4FIATWNA!)mH0!ps zmr^)WOIlG`lfzV&nBc@JF^`)UE+-DG<;jV0+bW@Z$74E!vTHfw#_eneCeDY|p1B@?;pqVSp_);Q zeU!5%?SDv_%y5LuCMA_Bv#Ze2YN2+`Wm)4bU*^?&P;r%9W~o#32YQn!=H-NQ2XX$d1$(?D63#wadHoDim!7Ix25qSoY76C zoX!2RGyjeT@HeB{TEU3_Rtqhp*s?@=ZI%AM-!#=0QBBC0Cr~=98+8BRtJKeWf$l%O zZhOUxY%3Yu(h&l19h524L)O#(N}OE&ed>=ZLa9+kDtGYF+b!|9wdquoixKt;Q-dD) zjYt^2U)kRg{Iyy+;?%`*Wv-?C#3;6By)-e(v2oBoH&4PJ83lk_)NW8s#vJc+>af{f z({AUj@j4bz>$owYUOV$&G%V^l2)6<3&P7lfGlB*|x<=!PwOiD8PBtpe{*aJ)nYee< zLAWFPYyq+E@q*ME$UhEp#e=-R@dRKf!7F!0mmm&;R8|A@TDPe1mxalI=$OCW*by`mxo!vNqi$3?xYuf-AVbfLh?(I$K zZdy|^3+yew$O;MYYtk|qNo4U6Shm3cY>f%W$ElcO!uhIH5B0FIHof_;i|6TEGritC ziFh{>%<_vq{Q{|+)P5T^*30myJ=D1~?(c2#nJkHE>CpkG6FSC(0QI|zKH8}eGm&e` zh!R6{v+B};OGT2MZlar@7Ce#4r-Xb+>)GEnzKpV_0G0(WVdgIG_Jo{2k;3EHz7hj= zqT8q5If5GaqE``%-I>c$Fk!Z9zhOrq<%%TZQIT-LpcxdaZ)M2c9gsVD)bC#)1n!Rz zIPFP)-L{hWZof~8P7~pr!TtQ5k_DWdE(0Zh2p5e;1&P7LT>tLMvdHFNerYt<9O{}C<$MfAdT7mtAdLwOhMOAbGA*K$2aVI{ zkVJpIp1Nj`OSlo9nUe1%`9*}}=7`6tjsas|*w22|XQ~EWjV6drq3X)3xnbWyHD#Y6 z3R}Qmv+dEm?yak9ar!N(>BW4yU^^rzQ!{QzI@u+(*)?PD9JtjIZzR;vCuQ}>7 zKUSVGVATa;YzI;3MYwsTJSx<3${k9Ltmwq(w3`Fgx)JvV@?PYP-=}(8)G^qg|HgSv z=de%ayPYai{}`UpAU0J4j0Pct4Jo#uJ6PDGu1QsdR4bw*g|R#|qnO+T@SG_+(-qBD z>CH;Ix%jug50T!_NMEEhX>2NgUaA&tKk7c97S9i`fU$0!lM@1DMD(hL;ih56rQzWp ztS~-8%tFo8@cmrq)Z!}J5UwLv*66v4e1yPIWRocS{Ow^z=t!s`vK<5_By*tA7JzY^ zOWC8$iB$Ee0;MrYfc0zA)X%#)lV-io3ymXo@IjvZ=2ugvP`QshJwLmWDWqte{3s@6 zbxH=I9`xlluazP$fX`w^#K8|et6X2cen9M*fVfOPbs1R-7_38Cfm~n*Jf*rjV3uL< zA)|%SLVI9dhh|L&d2g8WOkd&0)Cu&?Fz1I{6H_1#N)~8Jkvts&YZpO`?C9&!M`rE?61b+ zTwOfkCVbJ9pLnoP1U?~Z!gesKN;#5m&XhCET$5?^95>hVZtUi_mnzgBREe-OAr?gJdp^-o9oH)?tw&|xKbzDRJ!?Cg z7$e>2=EY~?a9SP<^9y-%sc4t@8ZmgzY-SX@)>7(wTe>}&^u5`q-F>m*@R{a_VP!tC zQ;-fl=L|HmonJ7^#iB^i(m_!1>}Xjpa4Ay|F5|&C!miMTiWsPh)Lp`+)R`KF*ddcw zyoYSXqQ%q2Z6)6s*|9Gv%EDzZ*z^G^UJRg@n+Y`mm~DWUuzW5p%a%GT@1j|{CcCGq zwwXhHrD)( zz16dyt5wu%-bog(qAfe+%$Nuu@l68p++->{bFI1jUTVvl*{ann*X$`2&S3(`#6@M= z)23+M-4=J)DYx1+TAvX#c^GI|It`{BUH#Ow{zZKCD{SqX>#FtH>{@bM2^x^0zzUmy z=2bR+8aZmMIUM^gykRmhSkNZb#{L*-91d<=Eo`*zZG7sUBQA^q>$h$9d?A( zo0AzUhP=OL5xOx4B)~2}R6Q7kn<~&2nt>X`#mk0j0n5Jx#N7;hr9TdB`)5(Axp zk9xS#RgO9*XwU!fIGW?lVXdJN*G?SkCm!Z)UZHJEIcMgNv*a-YI6;7UdR1Fh?`O30 za@O{B`R(ZL?SE8u6lfSx;^PO&U@!u9pMm-QCC+(fZR@;b-!&h0%@`8J zWoh8r`+qpI$e^RynD@=Hx1F_}pQ%TtDPq|}^BIjz3=i%fUSX9(z@E&`cPpIlKVX-= zh)5-A!D+X(u#KNlSVEDx6agxeyBARJ>eb`w-O8CE1q9s!f}T6EDBqC)T%KveI7dgq ziuXCr-S^(#CI%Hl?#0-XqrjzU#mWSz=*4y{&3#7sgYY_M`WD#;i37`ZmkM8sxPt>4 zglF6oCjNNcToX(i2l=gj&6NxrSr<7U=#j_0pC)uDDd#z)=_zmlK`tFuIqfYmVI}?e zO1O_uLe9#@?hH2pflY8xN{JR(LRF8PT9cQ){E>~;(Tb*Lmi8B4#xD?NtnkGx4yi9q zPrQdMzO~XIeGZde(w>qyu}#>wwrUI@ek|A_V9=C=1=XWUkpaDH-Ha&9!>=wUY*zd`!DGxS<~vgEIWmt!F~Dz5W9nCRWI6M+K}QQQ^1mg%cQFFANZ%C$|F8GH+j)H-w|&^PKL=jQ z18lHj?QBw~0Ii}Q*TziT)Yc36hAT2G@0~u$_R@k5e-0b0kgx;n^Y`%Y{tvPOzEqrE zs~#az>sB9M^lTpg*oHk~p?`E=)eXPC1`yLE@nE$vb+X_H0X$lw(v=hg5_aE2ZFmVz z370=R39g24Aj6H8qWIfdg34epzn{=bPgL6>%Sffmx@ZY2mSU1ai6^m>JBeC1o0{;; zP~oBCOA4jms+xBmPm!JBSg~RrN@{v^FvXX`C}Y-9f2)(#Uu%zzUj-uHo`umTz&(`g z3DGXPWEgxz@ppikCq@8y?sVH?ZhceZp`_hQ_Dv3~@Z)R`a`)Q3 zqh+JQ!8=BO3)?~?wG%*9U{)X|}<1(pDaqrHnPZTbsKAakr zs&@yQSHpkPBhTv=|0^HiZ0Jgcr9$Bz9ikgQ4toQB-64+k?(RHP{Q2GK;%%GqMHq~= zyWmfRJU)C&;qSJ>^CV#v)>tNc(%y3{<~2>Em}8?4{<|75AnCiJqRW%UJCwjI={#BG z&p(oafMEYGq$6YfUr5&}_J1IqFZ=%w=^*6)1L+t+Go{+`^tv^VubY@kwIq14oji3nEE6<>+ndr;jBgDxT-)Q*$!K zgJ}^oqD%O!El6Z~zxplFkjCAXY{|sXH_P8vrxd?^d@pK;Je;k#^V(RP0_!#Z$Y--^ zzz>uJvu_fM;>?pdS!a`mxW8$X`@TJ#JO^7df4sgkWqn)q`DS9aFanBc@$YszhAsyF zrMY%X@lQspube>aVV`h!H&j4!c$veB)LhBnEM5@OUA}Io=xMy2qQ#_LOS4 z%)$Qa_uchpr%WtGk07Bq0s}&|gw^`4o~9bJtx9S^xNv?JE&(pnj*FyK56+1~o9Y%u zPq85ZRx7bz(O_GP`Jy;@vlAqal8DQ7(Giu&GfVv39c-Q?GZlU1 zqfP)OrTIAF>je*ntG5duf4n|dbZc*n#q7nutnx>9$xNIz?k+fK$k(BKGqZJTxQ>j!QLDeh0s6CZ+jPbB%@3BsE@4m%DJcpW>DZdXWB( zt>93(E#hq#Ew*90u9JEa8w4j&cCvbIizucK6}4~l{OVQACL|v!?@Y>`s7W_QjvEMl zpfur`VQFuVn6P%V0YN0Bc#`SH^{&~_&l$!3dOT?QPC?F7?sl7?1~-=XtR?9C^AgJ^44fo$(Pgr=~3TTD$NP50_bWf9xFI8ehx*4jG$Qf(b z%(0W4SVp&NTuc=>Nxzb;5LyPGE}ya^8vQs37%kBg=_{-M#`5at)zbvq37U@GK4YJb zT%H`7HWx*3TFuS!OF&Jo4~<8?WeR&T+dwO<*uA0AN_Df(=nnU)}T8Ij8zdx z6ai(312aKYc*N5&(aP8q@F#!FC-qXi(EGQ>Naw}L{hfhpx3pf^nq!%pPu1%F#D-BS zW+1aEAQq?UYe{OEWH)^EQ&FD%2iv4Q> zQ;9tEN|8jST8xZsE`h#lI_BD&Ty?|LKDc^S1T%|Hng*Xt#E$}=e-DIt?{MuU>7@xs zzUm+TxHWD`KQ_o_c&cZdke)e?)?#`y3ce}d5dI&pu9&pU&A)WQN?-EnB$7)Fz>2t> z^fH%Wv@n%37>N}!iMk%MHRZ(fIzj9T#;mc_6Jj~Xm(XQ__lv3&32Z`j{=za0ULSLe zkQDoD=q?n6ff?`&6opwhiKO@=bQauh-la-!{Bd2P-RXv$EZfIlxMJ9Pji}1&bsdZY-H!swElc{!;y0FRLi{lk65Rv|n zYFx9OmP<1P_9Tz%j~mX2CU;Q_Bw$ez4xdwLZLrNgc%Yei)c@gKn-0Da9{379Zmr8F z8Nk-MhMpH{Geo$5ffI5an8@^&M1@kF%!6ez60B-dIJ>vAV5CR9vil1xx6rF|CYlj1 zeuzJHU|#0hKLkLklA!>uSAP~qp)SQHU5ACtgawooMN1$MON&AI>d~QES^~|RAfld& z8fexCjF3lnx~t(8bXyF+t-iYs$;|9wx&g3wqRHr0wmPg7r73GSZGleNA}KjFdKwhM zC6{lcE6(}G7(SejQ=6XK1Wn(ZnyPe5VgUci&rTV!%Bo~G$OIuE2tbTX;U-i7d!1%; z(^WAQ(~EFL3G;_{#?cJWXOBu>TBJqQux5b*s~{ATd^)Q=FUJHt**aCajJCGTa?G^f zn|q)k^ts{WDjxnhcl_WwieQ?WQ2!)Lm3xM{>hBXwq8{J-zM#PB=I`C~^JV50TD2+e z!*N#pKd{Jw+B+&>-lh+3Oo-H~0@2vS^^2|gCD^JcXZ=;p!zOx03wRJ$pp$_pww@Z; zH&%K6=~;O3o#dl3iNQt-Q?s0;O^)JbU!r^}-(n1=ra6umq*mRA<{f9kKkc{DGu_oYFIz{AX& z&_uqrs@@x2`p_RP6$%2ppAI?1k+{8@JQ*0P55xWwLh4QNP!(=l<~pm;mc5ArTVDn{zsi;X;!|ESbk)1*`#K@g{n zbQ|IixEO&&AnDwRL;OAU-aK{mQt?IkumAwQKCcedUf(U^8g95oYrl?X% zM~nJv0zBDjV!Xc_a4rj@R1!GG8Zsa?f=RvjB)MPIepTWW&4#$Ek?h2{iDn8lxX-E= zGP9LcyJ^<9H9xt+u4U^R>}4TQeP-RzSt zd8N92d=V{RHG0jYlt~*SuE|a66p5Y!yfQ2_Wqre1;q<8>YTado1)*`Y)W6;E_x0E_ z&21TacJb{Js5bYB<*I0K333z7SamnMgNPkjU@OPl<8=A`W%*e|=XeHP!xwQR$wJP*<}oD)D>paGMvt_6M*kEB(6*uT>lS z|15*~#Uj{#g_nLuzbhipbM`5U7-`80c**W?a2Hd_!&Dkw?5X>Av&e=(8#|U|Cq_Jy zt!v_;0@Q{H)M+ky>DtOi$Zw_;7cIM{6`53oG9KVn$MS1IyWNxTPQ$!hY`J{pjD-Mc zQn!;YvxCRgxBL-+rAh^#niiYiTK`jY@5FUm^mO~WW;pYbetMLv7e#qLouF8Z_n5m#}*8@B5`w?Zt5%1RBmn!K0?<=D{MdVSrj{p{{lPh^UP}X(c15&m%FVt z^XWg`$U+Wz(;Enm?)&7s+O0c7&(+0~`XAh~qvq^;Si$?y5)G?m>8KU*XLdK`0|HtT z10*UPKMFn8#z||s4}GiP!uK&Vg60NS#}Nb;F#_VTaBP@xu!sxit#sG4&yT)hISMNs z)wv&Ne}1~XjXEWCatYa|6X@b6?)Se(gp$U!*6*d5I(WsKBMyp@;o-%VnztMzaUPG^ zBc-bZjk$%KKceZ9_+6%m=;WS4KSZT+E6#x)i;Y2rmJujZ4^Wd8f)yS&s!)lI>hb{s z&QA+%4wiv=57_2Gh~H;7yxYA&UUpvBoTr`^n`pLnELWzhExV_rtVX`X!5{Hz(xMBr z#0H{d<@xZsn+5P(0?5An{Ngx;?a#qW5eyfn8fk42*QAShnP;hl$BEXisH}Qa|MgT# zZqS2aIx8UNsM5{F^G=*F&h8G#qK{z{4d?NYw1>#sN9Jq0%F9Q*b!DR){fw+P@>@Cl z$u^edbyVEy_UftEHy8lH_QCOLwtPo&Wg_X??wa`pPM0gg9cVUAkZn1Oi}K`M3oKof z8mkykA23{@O^ow^+R2`a47t$Y$s$TtBC6R%)Ae!8@)7JR2iFVx6*>vDr@PI3mIFM6 zZkYh7NWgFB=AAp!?wo;?2Cm^jf~B6N>&}|;{jc-G`8C6-T$YEk`WUb#8SUIf$9Z1b z`#@oiF{3LZeeFMwmjXV0T-y~j+s@3~ZiCutjEWJj<4e1T#}Hy@px*kSrMF9rkMS>0 z$4s#S*Y|X&@-%sk0TJ&vD{9%*cRN7>y64mxo3-S-!Up&pzvp734%wso$T)cR}nPrSPrrN zM-s$u(=8%@rH?7w(Tsz2R;ypZRp^TBiI4SzA0n2ju;QDuIUp%C5K3Uy>=P|3Z%mKi zkd1gPlFw1bL92Kyl^zbBtSiUV-$mvuvXh$yOVrY#UqG?sVj$XizCBMq+S>Zk?t-r2 zuTmmz-(<$VwQ3%N>#`p|IH6%bDAl5C$F5M`d!w9BbL&71oj<59A@=`qbr)Vu{(s>2 z*Q|iisf_NFE=PkPj+Aa`kdzQ{qtnmm6zNbvB$U*RE)fN35fl`Wk`fi=-uHKY=RWtj z|AFhA?b>ziT<`1scs+IdnO3|@4R3$B6L7*xv+uS)&qB`pL`LAtxa6Bq_?@$2=?yV0 zfuMe_dK`O)^t>i(-iDsk>-}AyX_{HWdTsOP!>3hQ(hM##upA)M78!(-j^aKD>fQe` zy#G=0-~|H#7DY~J<$)I57QqF=u3p43`;!9}1K}3Z2-MC=*}-m&j3KucbK~-GUkf9< zEGC=C>@7ZW=mk#?0$t32P`QYo2lIaqz~=;hz;cy}wnzeq@pcQ{Y)g_<)gSF(X8J^& z)ekvFG60TaB@r1Te{kOqW_(5bcgvYc?HR|@_okQ;a`O+lrFn1=iIt=!;4i~LqVNkm z%WAxxr~0hT5_!b8D$2fguvA@GJw#cqN~^ zt?n`oI%=En7p~<%BYFR#@x>m*DdVerfdr5p2R%D1y_8fM_~`grt0Mr)k{+&2~U~ww*M|$q_iAT%s`rK@N-eeU^F;8%yb3~ z@ZYnAws|^;mBrnRl)Mt95N51AdNs4%^h!q$Hvxzyi0w%xJtl*wHu!&jnD7s}#)hZd zi3^w0BpdGpS(J2uF5`gy!uJUZvE6T(yhjUGip1V2*tZSd`Ghb(9qIr$ep|y@agHR7WIC3}xAe1Z-ZPJ{bAey8aT&z=^ICX5xz+=HB{j%vy@RRp z1EVgR6t2-SdryxJYP|?#R>Zf79Y=ZeCyd|MVqTr>Ix+$&ed^4!JsP3!4tkei`?|a1 zyF8T%d+PKkaw&HP>r_*FeFf75^rK|>wT**Fw<8F zLPVn#z2BMbG6*=wIGNy*P-hF0I*#J#U;9>VD64aud z-P#PIBTPHdT-xdU4EL_3wlbw>0VD36i*>`Lz8h@I*^z0oeEuEZJTV;hCW|)>?sKpt zgHwD7Tb0PzZ{98i1WbRm$6=vXaiQn$s!++sG1$YfZ4N!h8MB*SWoN0QcK1I5x0$rA zhFyeNY3b+^u#C>!5zJM+d`NN?S@S)#=29c2s9N18q zkop*$yv1mUQ(gI!zbf&)DKxENnO|P(=dZ1&48vUJy=(veD3F3>>h@l&5eGBA@`R%e zS4N>nyq(n1?l`g(4iF7L=KNawwSJp|zPq%1xtPGJ^gMITvzCjvx=MKQ`__1vtKr9A zOSPKUn|!nn*K^sT57<%#>1oaQo$P19Ahg4J5=a0GK^Nk(eX!KO^z!(NsZ%-ils(WQ z|3fGd)=t|V0J$-{wyk^yn|o#y8`M+ID0x6ZKlahSYM0X{G#me?=sU`?y#JrF=KvR7 z3qf5SdyEZIdHn&KqAh=etuX?~&nFvqZ3V}amm;(e4G523c9|~6!9>~t-dY&D74Lk# z&R-H4Zad5z{L}GpLzB!g`!{B|phSS%8Wv-?iIX!JkU3^W%93PIL_>t_D5}=t>ZV-bEPo0k32qRXyU5CtqlxghFFYHa6jqG*JO6 zQ~L1@*j$f~6LqjC*-fQp80!Zt8H4;Zbg=-%@wX46kE^h>4Tc8S-engbSBva!fmDMA z^Ov#%ek6#R1gqQ-LCTe9nQTyp#wD`hC|L?k8|P=X7IBv+P=GnBL9nqJsbG~ET69?XZM^t(@b3vC+~W3C zDi@4bop!m#kQMf@+^l2`=pcF0;%p;g$)=V#tazs~g1`^co{qmr#2Rl*a^93xnwyF~ zZ7ZWCLhS4&b_C6u0`mNDn~$wazgX3!oHsC^UK^6XSkEaetrWky&S`ncs1f3$E@7GT zVnN9)k9cOB=*yac0ZEZW=_dqTLfgg@FXv{V zc0`fkve=Q=AwT=sVSeC1p;fww!T{-^O<_hp!(;92EVTu#n=AHjer;PmZ(f!zj#K$~ zCW3;yrT{E2dfeA9|Ga;xF!zLSIZ>RdmNm*{VAVZ@s+IlnnI_l7yM^mw_A1r1DNms4 zlecEtt<#g|%!9$gj_l8nmTN6! z+C5iy!^9LIeiXS!f$)*Wp)1mKJ8n0*(W)PW=1EV!>V7rSCap?^E`q{d-zuayxG@cI zOkF)`xUoKYqwnGGKJWZ~E@l@n7j>CN$qLXMUb4*1obxFEzH99w;yq;vrR13xK%QcuJHHlQ_t{T zvwOY4PC~_cWQ%ps+ z<#~q|Ob#-*4ohL20g1$5@`zl5ycZ;GDUH9Izd~?G)ioT`?Im66>HY9HK&g~i3nqYR zSMdwK8h->Fs1~lxS&Q_)QgUgNS?O5|C;XIH`m{J5hf9WR~FM+vq2>aRg2({Mv?kKY1x8D}C`kRx~q`sEf zvZckh&38KDOCJct-yM5d20KoQ2#NWqfzyeYKK3Gs1k|O$Ty}0^dzX zycr4X6rh=*@p5&641A6qhD9w2n^CNRS;7$QmfO}?P;4FGQ$)Nnd$fph^wCW~HQW6M zSMCFc@$uHtznQ>v;ZQ6|y+Jp?i-v&T0)$lG6_~ju^z|-u9iTa6Ed#yh{w3_hns|^; zeAhzcEF|9dN(vT?OL`H?AOns)1%!wsLxAySH-Vud$=`&*e}q6>Sf~dUB!`FC0^+p^ z@nvk$f@|@bHvXCy-r?0FDL)E=2IrJvF84>lK(`15a|#A;2ry??bk;F7B{AEGFlr9z znht6PEBJ=NZU+q$gFKUzZl)(igtpg*sX{GH=}EEI=3%k$ z6sod}QI5)qNXbf$y+53?;2oX55T7lQ5Nmy3b~cFl2-;vN%kugD`_t6t!ij}Bf;Ew8 zAPUrx=n1B1$_d9PmILaBAzj|-N(MLi*+W(9Li*qt=pYh|ErS{`9q>-3MMT-+A$)7e ze4`K(EKQt9=Fn*Dw}=e&vy>mnnS*mFgU^-o3a^glsLSFNw$AQv!#OL?6xacbbmas^ z6?3PHa<>d!nAivqk0lj&f%yPlCgq5Kk-17=(I)bwKlLHjq!e%#iRM?j6&|X06Ds4K zS0ft7}GSH3~m zgK}aQ&2ShQYM&7}ps6)NjfVmQreR#=V7&%}eroQNOc9s@q&DPQ;i3P_i5}#_lro2G zpva=+F?dvx2*gShLhW-nijq=9Qxd&X9{mKc5Hg?tis$ty39!Ad4==DxgoTRU4fiSV zi2y_D3rvG-?|&Rgztp|02pp+a?>wt`PVv)yn;j z3gwXKRM>AQ zJCg#8oQ+y4|1Odfvv^k={BYXmf2h;=0G@?|nXE-T+lpWLETx~#1k{|k~6@L7M z_}G;mfG->I4!c4f!C_P!j?Yu}1@Vy{?kRd+MP_=~W@>MzgD--reS84_x~fga^VyEH z^B0s6-R0<|a!VVzD~km)@j!#maP@Lnpi6}@8R6@jWbTsXXqJ2XTIJ+H?G&zF>{^VQ zXQXq3U!E7_bA;dEXq{p-37uMH4FHoC1G{E*U41h8&*G+hs|{3}GDOOIenBnDuj(t; zSlZQCj|YPy!A@0zOwq2QgbHCYm|E$hvfrsOMAI~j*ixVg8R71m6&PJPg?qBN_%ub- z)3FQ4v{=X$u2PZQI(qfOFy&SsEOM+8$2GAoOsoo z^M3w9)4;E$p>GP-HqDDv*G^6Jk-_OLaA6!I;erEkdJV>n@eIMzHXW2Uj6)hoPebsP z9ZOHg#Aw2n@>ZkLQ@VgMgchTSuzI7$5W_}UyS#zOu#y(U(pb8^ZN|1}axCo8Y-C1e zbTtdS`|cD$BkI=sd>VXo(c=aYzq=q_16%VPiDg^%a)`PMOl|`1Io-Us-CT+d zRUJW0b3p$iBTCDWf!Chos5~(&X?Gk0E=7e(BEd4GLZP)vE492(n?}?GKs%^0p*#Hs z$D{3USzthP``GgrK0TUenFMPLSQR{A0s2o>Va2yqxa0){M+15bjUH3DuV#IX8b2&= z&M1e~O*iZ7P_KwkYEIUSRFQ&0J-$$VGD+%ckZI3~s#NmIZAvZtoQeu@fmVq>w|PRc z6)zs^>^34jY+jCPu`mAqEtc#1v(EHPa7#RYSAOzI{Xj{1f9i{2l-wu^K3-xQyWHz^ z0s>XQGF#x8_Am8B>$WCC-f7LaJ=UY=(e!CDZ-=pe%l0Cc1GRMpO?fv(Z$grK*SAOB3-;aKbkO%F1 zqqr#J#?7py=GRHhoRgGGr4^n*$Oiz_n{Ul#g#Lt{VNN6pB>O~`d!U_!1ifv)z8qNW zH_*)0z5k@{DtgcgkBPpBZlpGYjSi?|$)YGJ$)WI}9V4E@OhaTZ*L8ell=}aht=DK ze~%~$SBm*UWzHtK2)7A#|LdI2m*&Z-W?Horcg{98*g{PurbMofeQbOuu^Ve{;*Ujn zSNOj;xZr+s4M?CeQ`^swQ+0Dm{IoB2;v9`=Q*R4p>;pPJ2HZpTHI59aPe$#$q^BMA zxmNEI1+&G1LNG9AQb+yRTPq_>Lqp3*&ETAW3O(VSuOqp->p9e9Dk^fSdm?DBkzDC8 zLlZOusGqUxhicH8U&lZGE;jq51$i!k)Z2aYowG0Wu;zbm8~<|1e^R1lWHAaoD)B^3 zti1uByY=T~y$`t22XcRVfJ3sFBOv8ZRNfEU44=NaPySVb_r{>)x!joi%J~#^@A>_V zd8?{a zcF2{D$-36le&&-yLhwNS3(1oN+eC{yn`b zGjo1)xo>ybvW>Z;ZU+0zgXMf)iVSa^T7qwwy>=fCFusjUT| zvSI&};s2JU%YDId_hf7g6{mhx!!KIN0y9xE0{_O6P{O=<39b|ou+izpc zu!LtZ<=V@Q>w6nFF0Wi!yllHPV@ih45H`X4^2xdIItR{!0aU zn>Mp+P-0R7`!#EKk-g#lBP^);Qk7iGS9i%w(E2LQzeAh5ehX2L1`J&^&9!}a=6`A4 z@B1U;f68Ism#h89u`>Ya%5U_6lzVvOj12AT%*`5^?d2BQDkoHB3%pHTxC`4)jgY=o zLv>@2)aoYk?`&wMp)r6K#~-?}Jw@u| zEBAKoGv=44b~&dn-v=-jw2bSLH=nrdy$)D-Qoi?HbGt@nHuItd)l1s1z_j_|j=HBO z;2-u;jxUS)zOQn?Y;mt_KQ!JmeT`Ci#eFaAz&=Am3WD_cVR@rz%8AT&^&9v7wS&er z-?|w-dVcpE=*$6H{NrZg2h{hMd#|U_&VdUVWUwL+vX^w^OG2s9qi7`;UrJ04tb7rE z{61tF7CChgPR_V-HR{FOs@39wY&1-lTJmhn61x7w()r|F*@@k&lS|GsJh#VJS1&sp z&~Q?xFSNkl5DuSAZ#um^UB=M0T$~0!MYTWuKa`q8+l4`@^9*S2|7^z`3opTDIuCxq zz-LimX@s!YsRQc?05g7T%c#-Q{+I71K>q!c!mCZi7f*+JcmK*~&XXVB;g$aFFb%k0 z0;?hYc3ItYrhY@sr!B8&8~)p_BcpnQ{&c=V_0VJLZCdboV((?IH+V}9CLo!b+{ZRd zO1+1WXg#3>%Ley>G&GYCvu!)0c?#(YGrPLWSnD_kFYhhuC=8YihN*zjYl}H`*UQyW z%m7O&6RtJ_o^UVCe#3*!YD_a#+jW7D&FK9%mrekn7T2LTLHz&8X-+7T$wRw5!hnsb z8vFS@$KEJlyUodtZG+X5YkAvNo%T;(^%W~DpR$?rU+!vcFv|(JDdkiFX)O;wSddLb zE9m4JGQjlp8WgO@%mBU>EuQ@`t+-v?|wv!Ds~Iy3=wrt*3LRI{)RiSsAz7*CAhCLlt~L z0eIe8ysCRrB`q^9p!$8QcP6pWZDy-l?6J#QIx?s~6Ov zZNpdd$uw2gtnNL%c9|gUo~trvd-~i!WmlHKGFvF4zO|@-NkFXpz9E*w$Airv#Ed_g zdv*c(im0lS^6Cw`f1~0}p{qWVia$oQBOA}ypT^f(->-A(myv*d&OF02VKNyvRe7dDciNe&$OO&!bf%w!>tqFbjr zC2Pm8>yY({&pS1%{vIuTZ50f&f7X4E0ff%@)UO{R7!G8lTqEjcI$%Z7vX3~j3R)fH zb)b28GH;%xrRVz_YlL9Rg&@KK^O8j%(@h8A# z!c^_Xmo}B&D)%U{f>))zrqGdCG@TlmroCBAf|@olXAS9E+9@oDS(_){ijMB0<` zHHBF(i%b0yX@qr`6Q!bsv_%1K(*VqeDMj8H{C?PoTK7=EjY0mhAJuW{%@Q}Fe1BP+ zm6ij)Mb$ym>o32-24AF!^j0zt*AKZ61RgsGT)(n0kRa$VS~PX`^;)ruHlshDhPDqP zbm*5u8=IGKz5b1FGXZ#E-Vb;VB>>soK9%~1^iZdtDM|Xw?MuuuE=zp(K>L@2d2K`r z6ZJf$LvU4{m;&_nCJVPmLX^{biY=~^wXt4L(i+HfR|Vu;;#Yxs2GHR!mqb|GEbq$X zrd~p(D^~x>;|^L!p0d16*&DzF@*Ok&^nu?P9(UWnW1y4;y+w4GECF}K^~$6LXLy9g zRdo_5@~esPM@vKETW#sKy?inTZV;)Hvvz!8|9@#g>-m5p&3GACu(QYpBSXDDsgSR7Am%g2rvEwv^B3Q_#NoMXZ}E~#5}Lhs73WyfFIruHI5ligg@;Z zqPpgE2lftzFDgqC+`KPqDzrJ^*J)*+5uk3GgIA5FwHf4v2s%!dSze>M29Ir%uOXjQ zi&CbIFAvWJXETX}Sh<TTs}N($*2O z%1P*gIXXj3tlrK_uM`HeS>qNK$xjsY6cKin{AM%Z8}DnL4N@~P5*qGWnhmyS?=<@4 zuz5{SELuVr%T?2UzHJZNlPqfxkjRMHPJqFm>q)MCl_0Of>k{4Aj*InVJt^^bS#*40 zES^^B?AeV{0th|A6YnDLw?X65g5fRwu%McyBXbB*ajwpTl=;< zUI=HivL&Wpi(>t$=QT?RX#f)}n63U>6M@a#p@1)w`@7rViHwD;R_5VKZO;(5#ayrn zXHF@pMJ~_Gc1oc0&*+DKSf%c6sd4>@Rd{7y{e*=U?gFL5j=uRV?gBi~lL<7Y%wGVB zOxz}yq;|B~ex_+BnpL2xd|}*Om`8b9+$L9JU%1+kxlydFA0h17!{W`=v}d1@E)UtV z6oxU%ly6Im&9pb5D;urtA}>Dt(~pEG%Ba6$9~QjA0Uo<|Xa>L~#Hv(|)4gqGJg!f_ zE%17L^KP-I2@%eiw zxY~x+#q;U;?Qw8h;+AgR5D>eiUG?9m1PhNYc9vQ_SsOgs@!%8J$Ag={5_sRo$EsF1 z@_*4*YXhFS8O|%x1zc-uK_vS3BU@R$d?vW&pZcQbC3c@uqaXeo%qn=NinNOf(nJ6D zLD#oaQsay!3h72q)2^7HhH~@F7H^B|d@ef$THlCCk}XnW@$z&lo^SecBv($yhc^_{ zB_$p$*?noqwDJ z_>Mw6+C$gs^W%Py(Mv_4eaudiy0G$86lFoj3B+WMq47V zHKb`*txMGg0DbmogiB>Qy6@Qj#dM`4UA0;j273ogS^Cp))>HC|s~6t=id6-LNr{)^ zdnt18%72Y0LVzCHzO2!LW%A=1nP9GlBL66DCMgKLwbCi<)14CXd>gS9_-eWwdb5*v z8JNb(QP*m5RmJt{%A#zUF=hQ(e%*maGfCJ=TX_vkRfZ~d|0lbzXNWp3-^@Xl0 zJ1lrq2gFQ$-3*69RM=gBf+lesGcT8Y5a-bZs3GX)T7u{f`neiK98Kw7);1pODxJZw zK1*dS5wO?gB=W2t$%q%fycqL#gqhK;*m78lW%A!!;dPqrdDc8G&N!A$D^Qeb;oayZ7RLc&;&8$6gYk$Z= z{h}8DKN*3(ON4wT-0SH$)oDrk#$oZno?nmkFZ_23yANMzf@>arPYn`~_mdS2l^?S3 zU}(b;m9YfFDDVv(=w!W&2?2TuofK7_n9*Yp(+IPue;lCNpA=k}X~W0$2Ly#zTFS5+ zg7~HiwI{TpP-O~0t_MxgEidfrdSa;X{n^iw64Bp=AXK^)c zQ1^QGwWaOx2k4q*iz0K*iEMR3P7I|LM;xGJ(Rsr?WS~x@v7+3Os6mKpeG(5dO#Pg4 z@7QRX38bJkxZD8#^R{uO^RZS8{DLhFa+<20wm#~SYLa&TSh(A8qP?&CM^A)mOZK@* zu8CfLFN2i`j|G|S@Yz^Y?rUGdb=RQlpi<+W^Rb^=;yLbsKdBHxZ^{g|^0gcBx=1CT z2#DUB)+jRPD>vQdM*ne}VNXxbg-L!v_N!O?V^b2wx<(^yoeb#umK)!vSe6(M&`I;$ zH*R72X%k<&8oq&Zk1mhJt%X75i9i*&;U5H(Cu8~SlTmQrHP10!@I5{i-~b1$o-0af zO5Wgm?^LTzS^X1yeeiYH(dqdWJUxqcBkJvAv3?aW3E@)FSgO|zR92f_{#vGk~tAd553`552L?y!wv9ehC4~*J)AXE zvh4|&Jq2P%PK4UbO1mJI7rW$GW`2g6s*6$#Uo-XneyWNn>J*jxdiM5rC?2kWBD;d( zmsHIe`YYi{l^E?Phj&r!M(XD}0cm8Dg_nRc5IaGa%iB^Qx)K1gHtI0(%hh-MtiO&C z^msq{i+^M)Y~~@T)I!fn?Yg;OhczurQX(AYrhMHAjhLRfem)*2P!3J$ecPZr?|N^t zwDXn83C6_Af=6&9L|~$o`+e&c9e)d?!5roi^4>4gidP^hAn*0wCzjn%ZJ-U{Kpf=I zWEt*wvrODNl~(40?~iyibrqrSX3XvbT5>}4xmG=8&VSc}_WevU95%l)l<>RQ{yHFW z*I1kcA*U{+AZ zkS+YsFa6$3_1R+6!`Y{=pST=Z@>k8nHW$oZqd+Yn%Y{VsS#DQlq?^p**zSz2j~!pk z;$!H{la1xDzxLBC4(q%tC7jDs$CGW>(|U0PKC*llTFA1~B2d9Luw!gubMC5o{Ob?e zZYRsrAKqR>&}Kd2XLu*+;MH+ce#fR)hQMcI-&H!X&;-k2>9^@{@GFOw_*cx5H4{Iu zH{CP&`1iwwiFFID@w-dQ(H|Bzt~>OKP;W4a8oIAtM-9F`bl86ASkexg)WGeujZ(iyN z3=Ic)^=050kY=^u*N{%lLzgA1#jT$A=-Rikv<`Hp7PuKnZ^Zh$6I(`o19%?_0tfI+ zC(*nd>MC{it8o}-fw7*cbCkKd_PL6&y7a8Oe!hjrTDeqpQX|O#)=mQfQ#TF4q|PRX zz`u$Y5}3HXJ~b)UMy@Zm5>sx9R?b-KfgTY800)(gT~+74QQNel4(;H>%(sH4#Y{ae z<-1F0u6f;auMr{8$Uq%*-5g4tHD6osIur|Q#;cMNI5a)dA`v46E?&S-@OzA=wCnq zw*u*=_n}{!PQF&*HZ7ljwrn-k(1+eRCBE+mS!}7kUwf@>y1++txwlUGr zg+67Bd!h<%*~Yc;#~a!J>hAc~mzgyPdHtv9MAB4FC`p%Y2ItP{n2;bc(;!v?@K?Vs zwH7R#^0uw^TYKzOhkjaV?W>2Ey}PE}VdS{zSs1Ge^{2-uo?;?>X{Sxfe?r}Vuy%Xs z`S$Rz8heUAD+$7lfpexz_PzIS|Kh)VwDTa)Pf}mbY{2$kpsaG72254ZvS&Rx_3F zI&ns5IR zTD4%^SN+E)b$J&+O2A`i0x&ed+fyLngU{A;uBHdF8|&vuSZLCLstgp#0|QE@q2C

S{IKa>aKgEGxx%z9+5%^?&+-8TdZ)LJL|6slU3HEdJhSi4|K@?uNpO0OObK{}Rjdd*g7ISO3;Dh>T?x?FRCvP4)fto(mgbWaWzqKE?(hNLZ>&c z9@`kS97;*qzuLPy3!)6`%D504uYC7qJM|kmbz`&FeG#B~v*osMyoM#L_JK)_K8%%p zFO26n+$(}z=`><~KTuf0{smAHlk7`|_|_R3jfPrIgD%qdBJNB36X+u&cp@3-!;hsv z(87;~fcVi|2oHNwYi(q|>G$;gw@2?IDW4-tM&G2*#Ccs+F>)cgVj^;HMAbV*d1eL| z>~p=n?8f~QK*SS*KWZD1LChbc%6{(UNq;F<>Woy11Ym#j)q`2dz^t35xz>QX`_Y*X zqR-2IyFZC8%SM4xeyL8!HQzK9mw}3}{cO4KnF*x7~jhI6wov2q=RtMzSR()gb1xb<7>Fm;sHiBhqQm79u_N6(BEx zwlgN}?Rgr{-CmmC!~1TQ=|2niIoh3Ty5IzkNKhD046p?#LrUN)wEgzzANW<|_lxts zuXm#>QG0c@0LKz(_WSZ<=SLTt$4_Geye>{}2X4@$XaL1T@YpqMe*)r_42DdOrxDjH zlehH#!8e@2sU(J8`@ug-;xovWK!gCsbH#49`hR1*MJ$x_de^8j1DGmRjX0DKS`(fw z*QN)E`5ueBtG<>8^0o`ZQ2^Xf8Ri2@ny$FfOOxI06F-9-w~_3VvqK5H0>$}O$>}4> zHx(g7sV2V&9}9qflRv53EIT=gM{%vb@*+=sVK7ZLKVav~V`mz?Khaq^wLOr?F`TbXlD$Y(9aemd90q{APk+Yg9ZAmUgn_qyx_vXJH>exNK3b<>( zyWBFmS!%%$7IpFMB%}4w5ldq3%uXDHz5V!=( z@o_uQQ*0XMng~xKi(MycQn1e%Q}U(QJ7f@9y*x|6$SBT=VWdV`KwG?Zq0&RTpS>#M z{QZJ`Bp`+ocb8owH&L5jYeS2bmhmErAtaqcfL5ZP=~isM=dTU*!2S{qM}>0?8h{!r&yqEJ!{)3IImmAd?0`_vjGb z{&A-I^(IMs3H6ofpdbKR$RSscL8kLl8Vg*b9f&dtic1AqMQ>y4|4U7?eymXTm=`oA z)*}HL0=>(nZRXPjg2VskY8yI1U@$@eN2Jm7ro_n%%K!WxPeH0R22>AwY(HC(Rg(su zEZvoUd8WU}%-Jy|nt*xssd7xV0WU^=5k6}MLA}R(zE-oeKk$9Tg;)|S=T#CtgTa3pwSNHHA8itr%5 zuQu||HjxwUanrdpt9Yy@P>+dErB(cx(PpFiVq>pI!%IkddQA0CV=jW3nBLgV9g3bA zaf#C_Kp161gmUH@6~Y|;+dR4E(j#~}eCzAo$d`Y-zH+20ljZ-6bg-5&oBx}5!l3y0r}-uJbDtnHBa^W|l!N1MA&QGa4=-logn z+nUP>Q2z8o{NEyA4s^jZ`2$*asEGco6QTJ#t@`E3GkW(u{!6C`$*P~i_wW98cVra7 zkfmu!noxO{VZz9>9oicJ>&{0CmS6h1sOR$0<28fY`JQdc_h^LW8k>L_^k(FL;d9s| z85=x=sSJ|{#8<4r=KFtAq+?S{c>bzm0ql^f)W!i`*7Ko(uwMtsY=h+u4mQtsDw+Te zqH#Zq+0kz0AQ&-<{6Oy0D^b&$H0yH*%z&qeB<#QVCn0Y*S_lZYlq`1Z@;NrvHF3o+ z&1pB$pSV+PsEa57SL^921-?`SyF@$?g(uL$j0|NtvLk{etctffwWJhp0cfc2UnGDT zm{tJH>WmD!I2AAiR?G5EEmx<-M2?=y8s#3#xxKUuC&UZj;A!Okzus0*)ms!;)bF@Z zx?EKDhsKT>2bBmQ6f=M9&7CpNz#|F6Wr5eg>TkffFCFDB!mPHA> zoy9XaVesBV8don7VU!KkGRu%*+Zngi7~YvAHOiJDe!$uI?W+8R7>Rnvo_+q*+dS5* zbaN%2NNuXcN4w-B1LA340&vN-x67Q;-SrecOMoKlM5z;m;zbUcLhLGd6-fgy<~87T z&k9;Ta`p@BadRb85kbc5c^W4JuRUCkofHDbL5gd{`g`IoTfe>uDU!??J1S@$jC{>) zkryS|+=I8pdgc;TIM(HI>SnzHQUxAg?-QaprAfCv|R{@wT zdjsY&jN3(fh!5~h+S4L-y&b!a&(*D^vY?)s$0`K+X#%?N`&PZR zeaqZPOe5fZf++AZp3J1U#yu@p2$X9FNjVTvD(tTPH|}L8ThwP`3Va5EQqNKu3dE+d zx{NpQIQjTom4sB2hy2$bqZ1ECN5-@us4dobmBtP%Q_-lQ+@S_EW;I3(!k3o=aq-79 zpss55C;gR#;urhe*R&xisjhC148CBlSPug79~VE;bzx@1@va2mwch+D35)FX7kboV zCK2eHqZJkil8iT4%h&eg=YKKm9V zlNTyNLfED(T2u>_*PAw#ScWz}=Js!wG=4lLV_{QApLO)&^4NEQv%Cwj@Oo{AG;9Ln zr@e(5MfoU(z7k+)7GU#NyVgX+$7!K*y7DF_l*|wLpD8Q)bN5ALs{>Mu!-w8ar=)6D((XiL{5<<2NyS)TEb=^K(Nh0<4&eoV!=Z>ut;6EGPFCd%Y4R_j;E{g@o=UQB?nQNM> z2$+>`5OS_kVU>QL?c~i@O?Nk@doSqHJ3Vi--*<67l`ZX2`KVnxzghwJM@ryS)1 z)D9tu$UHfBk9UwQx9o*(IVLh)f;~s{AWrc>`wxYOvHyaHgG^w7QzThZh%tkI6X$~* z4Wo)~hV;3ZF_$0lV(I)-*LZa=9a!%d;h4rjoY_pQ=n6&e0U0cqhR;=|9=)tP1Gig6 zRF*fekdd}24c_ah;qs&RT3~Z~bE}DaxB58%8T-FhIc$i6jUQ!9K5_Lw8sB*%dkz|1 z$D5C_pOXL;6e;l?RdiO9|2!}2Q74L~d7#A2L&T#6U+ zCm8t*$|nMaYAmA+^^U98P_0$6+No-+dU8&>Un3(A42olwDc{t}G49>~t=L@)zX?z;1^nRAU~mtVSoOHR!P;M?2jJDGyQQBrC-#pC zEdr8}5TyNaNr7)brcj$3>1nxa&qI-7puxPjQ>6 z@{7B9eCepn|KPwVUt`D@FTe-pHW!qHgN1bCTsTJA7RWH=f@t_Vu)t94Yr^lycQ%!r zH|Az-IrZ#JSCnbF^nW{bA}AcC#9MS1x5TCR$hj5*31x{CBt! z4wIArp1RjCj!Ju3A%wzaLt<^ocizR`>TjZPT38YpNdVH$ z;+PA8^wXmJ^;(={EzZd}u9betL9s`w+RQBgR%R_0?A$G}PdQWW?LHJC?|xjZr4GDK z;U1)BiVU74vrUo#hK9A34&x6S>RQJHAOOUI7IGHAGYg=v-WJb@6Oqy8PY|ac_3a+t zmMramR2k1{()`m#?rD$ASh6 z)}Z&L-U$Y0m4()1wm}h2C^FF3x46T-M0v*?l8g%55n1RTP6NG5>lbnHAC~GDUjcPL zf5NY8*2kC6X9uJsP$EPJV-+m49E$sBSFa~QICsk_&FMD3C2Tq8`49nK+ysFIVAoRI zht=J8o{g*8O|waUQW->g`HHazIr&+XTUnC+I|V9o38s1mhHDb?4HoUH)aT8z{>R)a zQbj<*1@Oa?wq#86ht~dga&fDQP2IKP^kgk2CrLXEJ}O}K=MA*i0A$`9`s_($sJECh z-)m?6P}{vLa!V=~4WK2(y^9T$Y>7MM3-~4{Nl$*5za#9CAM=g@%U|_knN!Yns%I=MME_H=6lo6za_MdL)^KHo^{eYfstFvz)V!u%(9CKG`j3D*UArsGKhiNGiDDO+g%qKK}{EjWC8%xL@}~4MBFQgUwrp)_$l?s z0tH%}oj}E&CqmK`2IZ0IVA+m;{cY2LX&BqN+nxrRA=?I{G6d$uH3_wQ!~9!45q^i#6HpO;YIc zUXUXo40lro7)eItHcQHczRTZJeI@;FRdQBSzUPY^!x|YRQ>|Auh@QkDTGFqw9kGUl z8QhcssB0OP9Dmr89AM_X-&O?VoKo~jC9x1ywoBJ!=bbgO2 z#hIm?%-H$c@+hcRb!0YCbywNP6!5 zpCW)nbOHCz6t};9e#LE|O}p;oX#4Qe*CXa+Bb#mXMl8|6J-H|@SjqOiGf${RI{}pt zKFq1)`nl;3-&5I`W)bdZQYFC4#`Qlpd8Ytx*%FA5V;dgx;r(bu^Rw`v7pwq)Rxpo} z4b!P=&tZsCgq<{qennPM=MG1Pub%%`nS20exfbGVo$dCh*U@q0ata#;DC#0%Q}+Td z9w9B?`KSBE(bP}(<$dFx+VKAnMTe*Ng~z?Xu(d3s^A$T%O#;r*tf_-1c|76%}?Utk%6GcL12A z?%SPh`(0g=6JqVxyj=$x!{)y_AX4C7o6U4&*!_r+xHU0ko<6pxVF}ihhr<6#H zPLXbKASERro!jUT2NIHw?nb55(J2A~0^*Ah1Q8GeK~(nJ`}6(%xpS`P^IT_VXM65k zkNfS8D?JzxK2zfy&@x5*n|qYeRr+`Sk04Nu(l(tBP#a{54SSnCRPPk~79S=s02=e| z3ibOZY=C3pXr)0ptuPzU7piApA+;;(zTPI4?OlgSbgCvQDpfT#z3OXW0*d@0$F}`N z{$6We$-J@39Dk1F%4oRRwx!*kB5oyS+JlWL*iS&f61!~MgEgH>#LlWcf zRdxpAlBoWoS$c49j|1-b$(KLDe}APR!i-~58~Sp9rSqwS;;tb+e;VQ^9shWVXT#!9 zmjLG;&|QWNLoJ1d!$2$G&@a$yW9L^p57IK+Q7=Q6LN82w!>r=Ujq- z=k`&1C2?2uME#Fu!n;%)&CJQ)C!G98ijjMo>*as4O?`RydNc10AVlwqwv(CEv;|i- zVY*malZU5WN4Q+G+PznGTqN2UUADhiCiDL9@4x1zfc`uJvKZo61_s}_k(D;jZvT7L z8@!u<=0=}i(Pi_&F(nPb$@2U)oS^r)_&lRs<6EN*B}9U@Qn- zkjTLCm)t=F4^GtvyVWsb!`x-=5q-)0z43&6CPQmWB1NZRAr$I?!jgpkk&$kvc!b!mlkA4S|J||$2_~+tB3fcN7=zcUNpTOfUSy=YrYjnw9tE>(k1?-J~e2K@ic@bUkTd|(4|00Gowz&~mp!*=3e zA~mzP^F({aa4Lvb1%;$ar_z8VAe*&>w{k>u(9s<5As`@4)T+^Wva@EoQ1%XewdmaN zBLS){(LU~1a75*vb|7(UfXCGrs(?w-Vc}$Szdpk|11$0udX~xee z&F~f$v{~OgaStjSrb%u(&s#tA`#(EK{%BM2hKS9)@@*U1vNfE>%r1!KPx;84i@5(sUy63zV&0&U*+yh+Um;>rpI6VxjV@Y6U=TWRRZ}&TRJf+ zNGfW!`FA?Zzmk16AcB`jJ*+6D#NGDsQpzfayqLYK79RcyNX@bH_+zr#FBO6=3fm4~ zch;TLW#-HxR;T@nng`PdW#zbI?|LMEuiGfL9L|pysMh$LX?M z?0>pTj|mzj=v|5OfQ5@U)TRA%6R8P&oL-T_1ppZrhI`eAVqBe03s`ME{I}kkYjLvL zLat1t>KZYH9iYJhFU5Qv02m}FM_;L9tSnrqqb@Ewn+(uJEC>I@huxuVl&H9)JGfn7 z#pbx_6{On-rKfp(clf5Ry4yVSEo2ge3pwHzz*Fw^=X3qKezGsbuX%p3v15$Oy*K(9 zu{BP{-)Nuc{8 zBXTZ`_#R%5bzIXYP)GH+aSC7OgmGh2Yl72n$F?>~8GTcj$BM)*_W4btYk_z3f*~Zp zco69g`YIMcv!+U@ea0YC7Fy4u`~k`9l7z&M@!DgwIQG5Nzc1U%{2pSG?x!8$7OtW^ zlUP*0_IYvk$&cGxvtHIwx&P@gm5Zut@eA~q*_t_3RgbTK*t zIJmJxj+;Eh?^*O8u^VE-j{B-^eE(xl^+fSobV`3?BTcFanML zb%hzc*g+3cSt~i8GZ;*5eiMEi^JMA26PQr&37ys^rrGe9h7hzO#NkFo-_OMxP2buQ zIDc$h$`h&|=1*&UIl$2~ieAOm%*u(j+m@0;1Yds3zjgPzsu{F5j0)$BOk|oMLX}Pi z#T|noR@S*oeM)##(nC_ z5IIsE1_UQKRVJf?s7^Z`##!V6w3JAO61Kr$hY|k2*i>!i+G$m(xwXFv_S%x!*aXF_ zjq%bQeHor~1XH4!0e!I4nUi^NR(+)pE&**06{@??HDeD8v1WQ`$)KRDoq(3ndjr|Urg{56Hh!{a% zmr*E4tiJ#FILSjF_xpxXh-?x{uv{HnKSU87;@wam1-oFB5yoztn&qR?GGwEld~L2|*HT%CE=SUcu<|WiPQ3~7 zWO6y-UKQ&lzPO%8giw`%d9704ipBC(x}^E(_68-VexlA-$@K*91F$bIPTR0_%@`_^ zl_9QQ?P)ig-MHs8Lbc^`j6c+Sl&#IyI?7SotBa{iq^^2p1VR3GI}6=fQIXC#&ATlM zWUa^AcGa?mDGRNzdc~ynkTYa_ov}jHeVo?hoR z^4aG3TWdXbn2nzAvkLR=J-jLbTzEn8tkLTRBYbl^aWU} zhHb!?=0Dv}4scqDfu3D5w$WozkU%s5BI~82MZ*L;K7ao2JG<~bO!X3I<_@x1+CQRrDwT>i}L zLt`x(^Y-jdM1l*v>4ffICyuUjMhi+29bEERkwYh*$hLxk7NProZw6jJlSG@bNpxhR zuy|A@X*6tBvFzR^fb-!)dZsV;jjyyM-p;@l;xE62NMZDFlEw2`f8}zoUCc*mZ_N|p zWepoH_P>}p09TuI*gP=Fl1^GMn*GgXGy($EMIkV)XsB77FRp!Uppj0_>E-6~jVarE z5d)`X!7Y9+CLUukbmAfGvnMH6pTXZP59V-w{^;|=e$}Xjp9<-`!xK}Q!2{^_)Dlf* zC@7tJM;;BoCIIjfPjiClwc~52)jO$IoIMz2wb}M>ex)frn?W0NIXJ}3jn8P+-AJy< zMx%o8?9T57E}srB3m&GRakN6-9vwo+07jme-sET4ZuMC$dPBY)>Uco`9qI2r;2(5M z50AU+rUxZb`9Q1pe}fNX3H&TtKyK19NCg+e_d2AOLRir||i0d8$xk zM8^BSXG$UijQprhQ%Gbn`62(gHwt6l8UzLqqPbDvw+3-jRB=<@ajSK4@888~86Y1~ z&QGayL&E()sqweQ{o>yOs_c;8s60K0;E)rzDhhfYfjvKq))Wq25l$fQaodYP7f^Kf zNWcYB_(Odx^|B%S920Q{g~|fn*#W_faba^IPCXIq)V{y!z_xQZ)PC~R-hC)CG=Mtv z-b9>ekFVFKINBuT;JHvUs>I&fc!n;@)F40xn>hLl&V80>AWX##@X$=Tt4H>UCW~N= zdy;NVgqw)Q4F(C`qF^4CxGI%6 zYgwdlq*w3?jJOg}0-QMp?wsB}E_mI$Mjh{ez{#G@T@1D(K)LaKVD9gP69_G2A` z0$S#1exwFG3{N+EobK-({xL259*Qai74!HRAdHZ4#F0^DpW(Zo{BarPwwdv39KuZm zP|^uq9C4HE`0uv(-ib_fq3wE|DucDuNKfjRy>~oEG{;Fii%|}ztc(d7W*O=6PlV2! zJ>&^C`;QO!-ieQCP_F4oQl5SK?!Mv2mBfT+>6U=N+kgz(phr{Walo<4!!Q)&ifEwR znMr?LBEM{AcVq_mIvzTi8MYsH(?~h{o9)wO0z-Oyd{vgRlFW6V@b10DCn#vkNzQ(K zn!H`EB{tU-lP>9y?av^ql&Fh5V zo=g*XsLyHUCRIM+8#J3wVZ=WFvvSy9J%}y^X$Z>oK*C=FeJs(i7TN5OIT=dxx=#bV z7#XrTQ7|i;J-bPJ)jGM3(mzjxdQ+$k49M0zL)g5qfkHN*GF>~23OiGy zg~X`5smtb#%D65v`NBhUwytTtCD4B^gUrcR7$oi|QU+tGcX}bENVqORi9#DxO+Kg; z3vu1c@Jh}7)c{{06z~wAXdlqtnGCy}1ZId*$p%#%O#og-5y$QpM)W=kGl$ls1x~|# z9z;f)I%Y1|Q7!aV^r@6JFINzLbA$<03UVb{rB>oULbB&1t~El8kx-E!5QU(4h^aE2 zqq*1*3pw%jE-Ee#%56%o4%z%);rIo)C_BTjn6EeSC1w0iGy_IcQ)6HFRi%akip<+( z=%GOVb!l0@Vvi;wr42Iu?FnfPfL34p#`Bx6EtJ<+%ly_-DgS9%dz(^rA$JJ~N#i<; zO=>R^m=e9WXfJ;#n_wCg?T8J~%qUpsE50)cY@DR+xZ6VLOG_V%2|HOlFah<(7S0~0rNBsjY9-5D-itjyz}v45h?qu3T!quMQA^enn5te{DF zu!-i6ofJW0qF9O2Y)f$|D9C^ap{RHg9zO+n85}N`p6lRNpQ&1qsoJ@`R>k+6@|jJl zItYt3DxioI6g0xyhp0_9FI2u>Gr!krOQ_-JguSV2WI)}6ngh4l;w~;y+I#_*Yu$ev zGfg?$!GEstt5!ZQc4ww^6~7005n&A69ZXHIEE2UEy8Idqf?_t9o>cx&&KCJyIW68f zgU!y!Xh~nI5}i)daB9KATCeq2@2`~{^tCqZH(c+H80dW-ay@SRdNH$y^bO`$aYY&|7}5_yE=6~i04)5^*nQR zIq13^0?j}PjlguhcED4LJCHwZ-FHv2xmld`VHfTEWZpL zzc#b!Hi4e*JLH4LRb{W6>0Te+^_KfR^%Kvja>|j$z$Ce#YVFj%b5FAbE@0ngqM=wlAHZP)Ad3U17h5{RmLsjC7rV7gZnEb@WvMroPe_E9tIR7 zy{Q=M)mRnTSYg;(7-O5#(7h(|veDMn#>7Romi|c#=aMt(KnIsxY z+jOLA-8I#!Qd0Q6Kh(p;bsS9)Ng_>gJ85XT|JU_`Sc##f=x}4lK~)qH^><+2sb=o| zqX9U$ga|Jo0yG;^2om>n-oN`+m0ZwHca#ja>yK}eFs5)p;iOHv(O!x zbA4Hq$afv`Rn%1FLqe|KpGsq7hgZ<#H*RP<@flrn@rx3gMgmQvLyJRc=X6x~X5T=@ zIn+%Oa&$2@Wd|*GtRaen2A=o0Mh*@2PJ=hQLk}B6W8?1V<3E}Z)|H<^N?yj5`dtT2 zAX0%v*PDA~pP@@9?o3m+k-(DCG~-j1R5S2Pr@9fx=CO>)V#(3WM);GN{%!)P7(L~{ z6~a`SJ?aG>5Che$J{p5hcS}xBQB~Lwps~Hct>`XS>fRTU%IU+iVh zOdj@55BRlxoEd)#E}9(91dQDAo5(`ZWD;LD^!H7OH{X=(XnMaeHdP59s2?ZLbd$~B z4orhoq^9f-yF?_0#F_w4B`H(5ah>a}Hoi4Qjx~k8a}F2?0-aH7IE^WuqbW-cQtSP| zJ+op55{sQ-Q6C0J%tJN-X2khXMUY%^-H-RwEKL(FnXelACB~v@)=l5-sC6`EE>s{# zU*34DcoT7$^|t$D_J(?Pvg4EGew?x&_}m}TCpNA8rJ+-8_404E2K*kf{tY1@LsW9y z@u)3G^rb$c*7;vI3^U^mV^%ONdhNfQo(#;VeN_h-VU>8sM+a|0Eo8M*UzK`SXgbSM z@@}G-^kjWj60q{cbS3$9)zpJ(esf6JDr|p$#nzXYr{0sRzB=yEcHzIuKt`3?(9L{* zHl5G?QV4ag+GQLYQxjv)4sWQ2M@oDZmG5`8okiIN7K%r|JE-@$T=u zf7!bx?)ADDnwSs$l=72tsi{bl&R>&|fsz988+bCr$py3*K)c^i%P*@D0^d{JB zbKt{H;sUjKe4p%xeu`F657<(AO{*?WHA$d7h|PWB^dy&NaML#SsjZ{$anzfc&tT zQ7T^EaB%SH$hfpya<5Qzx-4!lTKePK^QGDVJl0J4di=bm%|3P);(~xvPzSR5(Sz*w zM*ksJ%8yXpwL zrJF;%G`86^!&93To8Ry^4;=qH9{YFf+XUAwu4?gySkE=kk_phnh7TcER+A)tv^hhc z&VG@&?19`q(Pmgv(rABJSUdUO_(>QXc?+WMO!EeLYW$MsZP1SGz0(@P5yw^f_t>MS zvLnohU0>3KKpUh2)zM2t^r62W$9_+UTR)Nhv{78OQ4CG?gS@y~dO!Qe{4`*xjQF^3 z@yPJM0n`6<7!Kvso@%B3#K+H@ZBot9L)^JfKal7w-yGQ`oSHv8qPPyuUr$p^HxqLa z{8u}e`w;^qgdoF8@#edPfVZ~ITUc?B60ziqG4xDjZ{RNIPxgmH#}D|gt!sYg4)*7p zapyEG72SR3`|r==20kYEFVDWD2F=sGH~(!evq^~GF($jxe3+vx|N8s&+^H4AudeoA z6k_B21>#P^rFrRF9NkL7hyMHhiEU>scU>2i#lX@Cq;NAWkB@d5LHvK5!wNx*l}}jE zxcLVP4M?Hopxv}5Rb3@en&Baz=PAwbqI4Xh?VY>Ek7XHVsvX`6--KKbJJv;$_HI#{ z;V(l;dSF1cQNFb2+G2whzb{Jt%d(X7b8iQemT22XYr8hrm}CK`0{<>oCqBg~MH4$w zm%fmO)f!>$Hgn_u$rDp;w;gd%Dvbiu?9yAQdMpa|HO9Q$G|eoGhUVK^NeFKF(5xtT zUP>L?6F~=6597rKi}9?ew_!KSJ5pzBZvqm@kLr5EzQSZH-dH!<^m;-~c>LbEet1?y zXE6KwSu25KH=`-juGKlL>u4y`SEl7vadr(;)}&g?of&$O0`MIat)48Gcg1b*?YJ55 zM#<*QlZub3sK#yJJk8H~G~|YH0APtrE&b`TYmAgqxo;OzR9bd3V3EZfjYye-;Vb?OLTARG)~wFT*BpS)zy~9OZ5)R*3{f_`PW6SrwTPEaJu^ z8{-T)^v?|O&Xo5Dt1KngzZAKWjDww?R<3#$xP)MJE&9Wwnk-++dg?R38WVUkaJ9(d z7PCdN=u*b?EOLm(0-RNE!@OTL#FsKuoi7Lhi$0jS)aUN9D|Ee39Kr;1Db=~lglg+} z9{B^`5PH^XON07~bDDgojaf!)Y#V9{ENgSJbM!vaD5n~J9`chh`7@+o81;~m)+p+K zOob$W2-C*jPNWvSL??ECW4ih$`Jrv5w7ZX>^YBRi%xmfy*6sA^)*fM{x3=#YXm32T zf?q=w)$UsMiPe<`E;@QNx)$8%X0aVBD`Nc2Rgsx$t__SB=Y3zfxWFfOYBEsivZec| zl8$+hn0E5oPLq3wG^%dn!s~?-)uECVx_$LH+~XjBB$7&U!^Jc* zSpLdAokSL2R5#V3Hl(d(6m?9x>Bx)%-Fc@7{dDZsAA^EO z2oJ&?>+yX+ZBdRKEhOW($Aiau(zOe;DjHzbryQlf(DexG$5hOEjeN9nj2x#8elGFB zP}&Rvf&bSn>InKenzS$=tzf%DeH@s2%zz1KVjX=n&ppz>#MXM26k<H#}EdonR!-l}S6%H5 z_9IvgI~)S-)<)RQ8~FX=XHu>^AZZRg==tw?iB zW~xn5u?pA2Yw&RHb8W+2W1Q*YDP^kmDzuXb;QndLr^hnU@Yj2myd&|*d~rv_+uLRB z!RrpEBuNdS8>`ATwxUK+HEVguj29i+ELj|*oN#67;@xfTEbOYSeXxmAr)~2c#bhyA zNAav;5t5GOZKiVcP1s+y9u?0W-B|*hCUy{}L|_uR{#)kX4oe1$%5cMSL(!M$Bdi)L z#+>`cq74@*A~5$sWFkKAdu;%_S@Hqr?T#wF(%>7tk;z*92mkTJ>acG#ZQ18FvkzWr`Rp2{O204Z2)jtj5P0&`x`s<6 zR`Q#HW6%)ckDRxN;=*TWi9(t;5zWg&)Px$gJR&adIJX)3-g+$0LHpbr?i2my;m*i^{S+IQVBXfx5 zqs18_eP97+GeO25W%U*kR;RUnpeMc1?$yegZZPo4>C2j+k1=ywOdMbeR00^fqC_@y zMbfz-XW6QHI${Sa5PWaj3z<9x#CZnmpC?svOhpFJ=2svBBr0vH`$93aQ7JjjMb$@M zz1nO+nm0!jW{9m~BGCQ`xi=;ME!p_9zAJUPzUR2{Z+7n$nBM<88;_u3v5H`LD8f@y z?W5k5-q|7v%rRB7W-OYLQ&^-zFj>3L6dWRdcPm4Oq6plt!5S(zhr?D-&x_lK225!D z=%-7TZro}&)c*SeSj-`$EfhU(H*gEb9Q#Hc9jWC1m#+Q`h^Hb*_o@!AOvzH5Wn(jY z?CR@rbC370?1OIYu~dv}hEyI)-i~>{d-3_jJ1s~;P9oi!)JiEmTVL$npA8`S>r-N- zu!86><;Y=)6C4=*Iet@1DK96{{djwBs@9FptwN<~Ecr+O-a^WGxz@t=|6IvA%al~IQ(xO`JfV>G5l zn5g7x$oKh1_r1phtyL_9NS>Y*jr+gV+^`DSH{{hEJB0;W<0@J-zau!1AoKg0XE8TK zr$8L%i0UZp*?n4izh1M8>dPwWC(Ohcgc{Hp39_aGtEp{jy;QS$>6VF~w*=pD=UHCp zaTiTd!}Hk?p@x|V*EB?@HcUo0h5j!|KnJ?e1^OM?PG8lc26{+W4KUnI8O5kg3L1jU09ky4 zP&L63S;lnR=1IkVqu1wx%m{A0q<;L5);lay6}qZ7dV45oc*9A?{xlW?09CrRuqh&? zUNYC5C&djpY!1)JAOWc;%$w_TDtkG|es^TANKNOHfV3{a3|5 znMhy8OCf!b??%o#BZ-S5kP!~SW@hO*#(=aGQr-ypE>(*m*VskFYSN-NNQWk7LMaC4nV2*^@%QB3PjG0@*_7*LrYUX?mw<@`0 zYXB)oF?dX|U=Y-9B~x%^Msuj%a3x6)i=&e@kU9aVm06L#yy9MZi#L_afLrqIPJh_P z@jpnphhF@qLy-*3jTuwulPU~r7U~a4v|+R3i{@reXF?=Kslc}$5Fq)D-Nq)M1rw0z z3PSjijRdis{{rtcy5yY9U-I+1tD^3}&n3;*uOU2^A5e+<>9F8>>ueq4fqhk~Fk7lJ z%TX4Xw9D)`ONvC?%r0cy=-MmtrhKcUti^LHv5>Hba>=+3g<-=@KG{Eb8EigecnMNu z74^a9xKEMz(}s2W9s0xT4{3Pk3E&=h)Ge(=zy>DnZ|j|GeU~o9H^_cG&(h6)mLb&C zs@`5US(Y1eE2oiSWhCAI_lzHl`V5JNmh~8B$%1_sX zE@D`h>v~k~B=ganuHqk9+H-5q$A1CuRp!%6vtDe&C>S<>Qda|5FeHS zomh40aiQ6T8ph0+ZzgjNxp+g@F{qR^PkYZz%O7;GG+tQ1<|6)l&Xnj_=z-m=Nxn%* z98-_&c)pKvmvsI6Vg@?luJ#BP<%VWoD>&ZU-eqQPvbTSZV%#zI zvU#@dL2H5%)VJuQ|Ab9anFH*I$#nIJ9sf3FcW*tHlo^shLob)W-T!^@%-~vq1|V;{ z$tDZjnPtebls)Kgcu>vo-UDM~5 z>=puOK)cCi&DP|7Nq2^D+p`+WpDyl>K^x!8J|-u(9E{LXn*cPH-6>jweK*Jm{hw5; z(G|rVx1?rSwvRnac2wa)fS{yr*OF2CjNWg$i9(2_B>AU8=KpJ~Fe3 zefta2mfqQGdH3X_g`Vq<{_JZ5*AkV9WVv>TmAQ*w4TfvG=kxlG$}(mUIxH5jNdL={ zK}wlf!?QOU%YbsS{pD^4(^h}5D|_XRW2>jqH@q_m;-bHJZ_e^0tYx=3<<-%q0L(dT z3}d9eG1+Y9rL?6okmghS=5FBbvkz~gM?d*{VMd0p)scW#u(+U4jQmR8*-qQ9JXdJF zw&|rERm?icfr_4uHE(TZz2gGkOXR-Rg?&s=QsrgauSMZSQLI*IzNE1?DBTrZP`W%e=JO4?kbu-T%b;g|B-{uiPO=+P6v=4pM<~ApsKTWEb;A*Jq34 z%^yOqtO=Hzj&{Rtl$(wSNqaB5x0|_ke%e2lA0tpA_zr%#XwbDDY6;n7f56JO&#T`U zQ%`pn%t}pPr0iEd*b7oi927nrN_jVYyf<=b;Q-sOx-VC2kCX37{G)jiY{D2u3Qo#6O;MW4v zNHcFbVc6Fb^9`wh$FWFL;}P0p4DjLS zTO%M@y`XZ}pkcEkqU%wYzF(5H-?#>Lb?o>9o96i6EqYD&UmrFf3rk3z%xP#G%U%y= z@eX87xOX1-?RWgqg+2`f35Q6%EfwcW_vRa~rn`5tl%yz#`Vmw3z_`pg04furs}b@z zE{H4?arDAJ1V93E^#mcxzH@tjruUv*Yk{qmqRC2TlRDkc6AND z3u^iq)FH=V*sCX8JU!+n-ezCtc4=RjD+mX1Ed02r0Z3th!V~Vr9-<3kRf)hLe-V!;208a0J0LWzcFfM$-lA|!+WYkXt=_pPO_nx2y%Er zgw4YU7l)sZ^Y6txr1MSqkqJn2KHqXOfPOW_Uc&-|&g{=niua!GL+bH{XsDEZL^?Sn zBQ+xP)wEtjnBuE50~mnzq?jL>I6Z65CJNe62kS*TTG|ex?rCbk67N3+dbUNiy^Pw` zL(*(qycGqsiokEjgc=$EDy}Bx1W-3s7`Yr8&{i$Eb-tr1{O; z((&`p`N!oOaH!y)$DuJM^>c_(b1B1ieiYdBJec{OrcorwX7*3|MvQJm_$zWuQQYZm zojx$fckyiGqrK6d(5>`X-9wT-_^^${3487ja(G9NpDPc*LE z;9n{V+{q7?O^e$p{I{ySY4bd86!!PQ2ApaoZiPOseI{uk!mRqQn-mf&jsh>s;I+)+ zzek+ydS9+ZTxLByVZU1Nnce5hLnAkX7@pr-g2;w3yR+{b3D#6;01y?Eq|XTjdw^2O z`tP6cjifR0veo}T>_P70^Zx(C9^LL?{$Fe{cYnE z7&MlOAw(WEY_k5wADybi`}s^}lZ2;Y{*`$uyA5<^C*NcJa^A5z;rX^Q!0-3&dw}xi zi=KXoHl?e%7i`i27Ye?lbh}#~hg=^&u3&`TN*g)s?yeW@EqDf>l_(L1?H8kb|Eh%4 zSr=Ywo4U9@`fdSHeZ}-w_|$sgHGvvzI{TY@LvpM}ftP>3eL5)8xz`ri_vHZJcE_&i zg;YePjd@X@g!H~_z5O5{8Wejn>IJQQekIYe_lzgDbyCSKAa}`oBhGKP(2B7Zv-Lz} z8&W^&vnSV%rMo@xoIkTxeZny*>!zqva*j)yTgtV;T9r(bRQquidQ7)s z=lCDpT{TCfd!(J5hS=vei^(jlIHo7RJ3x#i*hr z&w^{bSY``*!Hz7psWgsidELr7fbaz7dlH^TsYg^hfd5ymZE(DTcU;(7y0@7uZJLf~ z0*uorcy9}vA)hMTC|cD(v$O9;2-Nk=x3$bDt9i^xV4>e-#Z5g~OJjy}P}*`}@<0tf zu};a(==`R(A+CbvpYx7QPS3yZ;{aDM-@Vf`ASFEDEA2=@;gxbnVq>H9w0~E-`VFV< zXEw%CK!Cjo3;jwo$&a9xqa_>?=7XD(T?z_W?A@>J-|usH8e`EJKXKz;%dc(6|Jdu# zX++aM;kJflapDBoMuhT8yDo!H>0$Hpc?6kMW*C4;2IRH_Fp7`o4!;#n`2%Dp_ljcW zrx+WY=lkczVwgq?j)O&Nxi?V&up_|Xrr;-GsH(wX zAMYl!T^9qC%TEy)eM5%7TS~9EWxn89Whin1tlgEl>HQuY{CLEtUp$cpL6hg>`mjC{ zjoCn4s)ujV6}|pGB5j4}+SU`YC`CRdZVxkVlzT(P3*OB<*$2b!D>P#}24rGpnvPD+ejldlJ z0mHj*-d|C-dCL&^Vr|tM4mblz1(EYu6|Ckok4&qvf-{ovLj>_pG3eF#N~02W$@QQBnb3-G99IL%SeR= zT2O&9G8{^|vR}bw=%f9SIH%S7ho`ezuV@}fjN!IN^E!6`fP&b>+;c1|36-uYN}`$N z=C{hIN3v>UMZ9p@{tB2I!HJS!7CfsB)FW7#MJ*lkSKpKM0>fj*t*TiU609Vur zP_NcUC`NLO4LiXVwiSqwoBtet_8UyZbg4HMsC2UaeBvh(`iJaxV6&4c9T$}BrEfrmNN+p zGHw8`qeX`VB>~SKu>`n-Mc!5CST{{oV*I2k#;XbWpb1lL@mvf@oJq)8!V^fFO9Gkx zrR`2_5x*;tXD-1Rp%=kw$Rt<-trNt89FT6}KESNC-27%*dm&o>4i|SM7&eqA9@OIK z_;#vsKtw1F?L+uUX!H%wL(rcG2;CjUAD{?4-?#n)7p@pTfg4iP#c25&(K46h3 zULptw#Tc$|IkP=|BITA&;f%#zgr0_Ys{3^U7nY@l!!mog0Ng9rnQc)@9WCS>8uP1( zoS!sOgjjOmuWirpw@!|%R^nQf*jv_u`<@yX>w1^Q^0C_2d@zwEj;!O}Glszj0o z%j2M?v}znM_Ol0jHi|T3EKF}McGHY3FNMd!O@Brod~WEQ+=yPNxc5OG&~Emb4eMg$ zGw>E{@TV|Qi`H%5e=kszZ{0$vCqqSSS8|?iTHxzEV4t|Sov5|ummN-aw+4sQ-B4p> z-e@1Ssx!)d_2vWB@KWgtiYdwzTLhckC}tKwbGpdnXi@lC-Z^H>#VLX`EzgY>~0 zPkz-C@0|vq@GPFU|A;OswdB|b_q7cujIfheCC$1-|oK^=)^4rQC@ zDY}q_@M`_fvRDvHaT^@RnzgxrTb+#?{2NEYMWUG(u3E%uaj&578GX3-dp+&5)8_!p z`7X+r8e-w$5chkHGi_@I$Jxc2Ozn^5;ZI{aU}Q_jQuF9_h2`;%v0gd8eg4AcGmjBt zWRj$Zb}g_%{?rjf+!CG`go*M)_~*bAx48}7Q43o?PRea2crmi&R|>2@Jb2>r+s(`e z$VpN9bC(!=jlJ@>Ve1^gr;OL+0EmU#lCbS7^V_;B+qXBj?<8LZO?*h%FZ*9azSJ?! zvlw||4~oU|jM$0$qZuOs-~TOvJ+#Oy7pDKOX>1i?4{vPVplR{Xh^Ui zZKN0$nZ@cbscqR%4AL!>@EOFsHnUVCfjoe?q$KrXq=t5q#<9Q_i6+XZxY~b$iWbSK zJH#gFp+046we_~&!2z1f3S~2jd(DVfurg2@F>t+OIGd)qyyOHItWC;f<9NeB4eVOI z!$`nUhh^bn2c4}MPZ=k)FCMcrR#;#e6@_ixPdyAz1Rg*~n>l1%GrAN~Yow63;6ZOw#2g z;6Q3xOtF0TZF0EA3iA1wX*cl_JYeZ_vNreJuAmn^9q5xbb*+JY(iQ1EhhsxaERcSm zoj%DJWeen7T)ZIhFJa6S7A#ozSKE_|WkmUlPR#wGH&vtyB7+#bWBQeFfkB|(QJT;evKC(Vm(;)x88 z&SuSC^f80MDUYFIQq>T3wO7TR2H{KE9nWWlRHn6TF16($zUpjRj)v{~(O)DwfkvOs1-@KEDW;dPhx z*BdPI&{N)J$;srEMbs_z%yiyQIcC0wJsb|KKzbDnR$Gh&Y9hTX40i(|=J4VJhdpJy zQazv>vu1b24MwBifF(^~#SLSX4Qx|M4hu;bLcXA>Fx}i|RyoVokb|E&Hms#u!YYOE z&~&lKc=;rdWRHJr%ZIfx%?J2cPx~|9=ZD?N-g&@+ANg&}l?JbaNdjQ}ze&l^l%c?x}m^)t!Ov-fK z?@Ih(fCXiwe_>()peHP1v8cti;(ybtnnDT{>C&zCCY6D;W zoc=gRk#6w4a>E^4+8l;Lwe63zNNybMo9sciX>!`~3<9LeX~ zOcr&ASVGj} zw>b~n_=Acq9&m4Id>1GgI(3(kP6!Y*tacXN;%j(_&+gRn{|>UoLKz@C`f0y4zL|6% z8JL5FHpQu_DkVuFalswPk#_z()MD>YU0jiXPKaP;@E3W>X;==GV4C{TVFV*NNl$}l z$24+HWVN5;leF12#e^i~YM>IgfkON?IpiAu*L!3VKOzf- zS9cDdE|f@pE`JSH{{4zolS0IaW`Zs!^$@zNP>I}T^6ICSUl;qZJ)`d&N665$Qpn-l z{*tztI0Ylx#}X|+Sno?Ry|cRfe0-T7YEl|%XsV55?&f>djbLzR43{&#`W+F`!C)I; z)_=TItlcMuua*7Dd2Nu{?a9BJP^fCq>Zc!}gl_RaT~>DYX9NwD``b-kop5}bQbqtp zFYjUe6z%?Oa)@)?$b8Cg47P3Fi;szZpI!e{wDfbxDL! zQs%C0vbKJwoX+ORyH*>|PVV08YK!WCONKHL-nc)Z#J%V5JW-^Zyl*DB26r4`=17Xg3`0|K_Li*RM7rqdZ~q zRFJ3CJRQ!mfC??Byt45s{wHAI^sE3|HQ?aZdX%mucVGDoz+(_eM#1xdJc}eoz%vFV zPZkw?qGluu3CJnf6Ja1A>du82=J?69$UfJ>Q+?KmZ_6K4KF$k(AKn7yi7|hD&RqC2 z;g24(9LN0}%1dau_4v*Ur)gK~L^A^c-RdbV3=@())>PwkI3X26YH z@+Ls5$04w^i5{(Rr7UNJJijFJA(p;@liyd)PaE0q_jnU~${>N+R^|mDGXzAs(9IRs z!)4jg`mUYd^!|WFNBgE+_2yrJ5+JE<7GCRFAjRRW`-)xIgi6!u0A(SiN$D{4s}j0> zZJv(tA3+$iSRV2oe$$TDyNbQbAtGaK1ML3>$X-nb-XHo2sNL;hNbOF@zsA!P(h?bn+k6*MP6pg6`?qD%we8TgL-Jt2 z{Xe0;D}h`6^%*OA{I@`@yRm8xL;JA)#|igteP5|lRB;J$2d^9w&F;MtY?o3 zEthioy6FigS|>-^b7$7f8~ym*qhJ`Fc>yGw8k)pw)RyWrL;bXCObnHF<2+YEg14Wm zq*E}ddqNXIC!g+O_R(SLy-^?svGghlk7?{b*;r{S5}dc|7yQN*_xh>N3vUo5sgUA$ zu7Li)ScRGJlLnq*bieLshAU#O7?_Q*XJ?WKF`0@O)xoLrDMDG zeD>!%V*@voqGK7(`xzFFR~SSpmA^U!-XAfNeO(X`N5PrYFz} zqn{?t?;jN~3A_CMv5~`yYLAMIZuXa-&HMCHxg*I`!11k$Dyd7HxH^uTLV5+8pdf7@ zd>nPRvI^Nw7OLpnUfgk|DvasV_)pd0-bL0N$+C>3=*WvAxYrEi78-j-;_R^X9E-;$6!m!E1sXEJe#8)-!x&EVLo^NOIu9ZylbYcTN+(X?WlUw4%a+7zoz%(uWH^ zE5xscBwEnVO8&t}w=um`6+aK%P1)y{g=Wo_qZt|of9yuS3WIgcQ~+?l^~gc$^r+M@ z`g@Kos`SG`tC|Aatpu1Xi<7o!`) zHwI=oiO;?{WJ~HS_x%7{V}AN_<%~^Q2Zrx+yqHGI%f_!dD@iB0zSr_FdV)+SESgJm@&5WNoUv9c7~{-$!kELhzrfNw>oO z&{+U*ikDNpWDeA|f==h_0RE&B=X-d>zvlidL43Y3{Sz-~;q`?=BLC;F7CC2X4yRH1P-fE4iFXO+Ri+m4f3BWXG2!kGsRzU5S8x)C z*6vUKY*_ui_{jZfy*9|(yr<(nI_13H-K`9f2|OSXx^_jq5e@_~MtOi>r|WcJ!_`ds zo=*E}WH9Zsl+O_G-JzB(67_73t0WQ>d6B9=%P&snU(#Tf5_A~1u=PcCvs~|a5#yJZ z0fgBC+2RujH=64!DGL>&NE?9))!j`aNJHeQ1?=RtwQjx1RBb%bfy$Hz-&kV$Jd7TD zXt{9R!%va(9!v$&_GYTVW~jL??;_qCq*LGco~Y2>$HwuraomzBSJim0@&*O~d*$Q6 z)JYrh=FBT?R)fm-72hVdMyqo(*uv!TB}wmNoR z`+n;a!4eeU%wkkG9mgJQDhz;4$W4O_eR2u-4wxn>wK+{cyzpu8zQK%{REQWZPv)&M z)ethAh9^#;Zm+!Lg^^Cd`!iZ4pJ?iIe3%+q0ihp-Q&8iTl1T0s+6g;&(hmYaPz5|c z4B2%bmWR>e6{_m|W|bM5HAV6ZWEaCU%;)~X1v)s%$@u9Mdt3Fr+Gy+YSjoEi*S~yP zgOICW(8jDA5hjKc_WyEcw2A_y)%^zOKe1H4dXkY_sEF!_{wI&JwBpeM@`PyFw~$= z`m6ECR_H4H-`Q_J@5~-h94cS7j{^o|;{*M2z|s|O16IY3?buErB6vU#zTp&8^IShf zu@H)#JyFt!hQ6#0_h;o29+1_%~gxK&+{E;F-p;KMIjlZ0?1`_ki?{0)cP+{G0&heE* z32)A^@j?h&1fn=i+(hnizzcX%e8|KoPR=D@#_UA0jChgK`uravS^j&(m0%++}`9I?(XG0+|m- z%8~hCPHO8rzc-}?NJ^Zbc@x)z@8Sjk->olN|M@s<9=FZsj9;|Zv*KRfDwTYSQP?T* z;<78w`5M-v2^9pm2j5~@|0LRNxRWFT`kk{;$PEC^K4Xf`0IbtBw_J~O+Wr&i*f=JI z|9?(T5I|T4zz(<#Wc)v;=g49t>0y$6M3M`P(S&ZM-F!Gje5++RjL&cO|~9!0{>3xK%MV)YckCnKqx2ua7Jp@u)t`1mWtXL#jwTMnnJtTjCNO0|>i^z-;f_vW+ogTm4gYXn;k}upe5i(SPO?aZy0|gPe zAm=y+?}DOJ4})XNd&2eh{Te%wyX>!(VlM)1qw@R84XSiW0V>ZV#VA=aY5tIHi|ehY zR^-^n{rLK62F@qIE3G8Q z=ul+W$eV+BCIwyi>~U&jz_;ER>VKY9x`hUabwdOyWx8=9vnbV2NpYD0%l>*jOaET$ zh{-TH5oL3=$9`KZFa{aIMx^$=;XyXaJ|GanA&g3iwknZPjJ2%XQ@Qns$MjkJvs67g zX1(=vRazH-G%RsoKb+3N0{Oxk!=~(E7eV=}wIl^ssfq&|ieeq}b$FKg;Bogxw$lXy z#DI)?B?_DF8Sgg~pU8CW^LlLeS1>yi_;1f>E73Y_fgtg;dsP(*Hy-`fma|O3MbQyc zjx^SLOZ+7wO_M!jS_CQ;H>n{h?yT1C4bXeagl>$L-Q|lg3U%}yOg>u>Fht!mOvtU} z^}Q3m>OJu}0xM@2K_$QWj47fc{^D;HUgW=#a{MJ|3dHg(=B+BDC*yO0talLsER2si z>d{SNgkPrQ`~{P{{S41sjt6#_(vAm(rlwTbj#ZI$9nY&bo)=%cMb~v*9LKto*>#w) zvDkJL{Cv57ZZF|U+8fPAsouxStgYT_d)mL_Tu=y`3>Nm$LgJZwY6QxJ6-ZdC$GpfA zngEdE&h#g~3#na`AV&R$^)I8J{#vBv$}zfpRB$;q8lajVzS(&>O(&1zNq$0G8w@kx ztJRP!Dl(o^8son z_sNteyyv)=JE>(t24#_6M#pyh zZwJ5Yuc&x#`JcSI0kp`5pbjWx$U`WuU0)b-$jPn?b;xz&r2bMNmS z)14;V(oUr*-s|JN=G1G9dHnZV66dOuXY6V5)7wV|jo00%2%A*G7N8}VBKI`e9p1wz zjRopbdw6$ga^Jf9TXt9FR)F8wCfj*=IoU`b_|2tK4H}TcfN}CLkmDKjdZ~CP>-k&l zgC5osT%=me)SKiI>pLRR!}ea&DcqR+&ahGq{e!sRPh6W!7=dnMalsfZ@-p_~Z+Nqa z$#eti3{hs(9iIB1uLy@o7C9VAF#0U>pB68G^uvv|y_;87&N8|J^$MBh%?^ze-W@ z71|D(GucZoN~1V-6h%2SUip4_hd$qB4vFavb`y<+Q-q+Am2LI=Nl!`d6a$-EKP#W3 z$f<={f7?5;E{$~;@8&9A$y_{4wueL1*En`ebBm zTkN1bgItkJQWjZ$@1SCKYlFG8LL8XwT1ofWyoUY+T4zpQZNLDBtvl5ICUpZEmK3Sq z8x>3KId3S}5wYYX7-)=3z4OuGeJUh7+kW$HE>1d#7oA};%c7W8=%g(SBxCrvllHkT z`#arlT03!34r@w7e6>mML01neHP{jdC`6+~;c@8=tOhlHgIa58iUqZJ9}yRe<(bDp zA>|EuN8+9qlZ6*QYaea9k`;Jh!tC|q--Q)FWuodsO>x=?g0EiAA7zL@DcJ1Rr_MSY{aGQwZ63M(=j%{n4X?Th;? zZU4zx?gZdIJcXZyFs`f%G*LHuS=QdAJRmQ*yx*bQ_4wba3d<>$;;pSZ*D!Nm19 z1NSa9SmStx!VMR~rzSgM;0Dm#Tug?&07SB^qg|z?TNeVBYLDsEGao6aik7t`Tk|?o zmKN;f)tjZX^z(GlB7w{cOcR|Sq&z>*hq~ziC+`%13ZPs$P-YR>Mu4_xSt_v-`gcn2 zc&0=kFBwK_h|r%5rj#KrzG?qGLx0%-={Q>Ru;7@5X-HM-QS7)?F;ysFrE&^6!tIZd zks^MfAbu^Vplu=iUO{7R+Vc+~KU=>NR4?CAVA~f>=iTY#`AD_=>Y343-|o1e)1|G} zU>(5a1^b?+jD0IA_35qTo9m{sZp$yk5ajX?*O!>D7CSWDQjwp@tMOwkKki}*LH~`1 zkh|63P?=-!2y+}&TvGUJdDeyC_d2~_q@SE~9sy{p82WF&I*k<)D4pfifSVJX1yCD@ zSvxouK>-q~sC61Hob1T6QLlD$>iKNd(@b}ZpMQ3Onjdv;FvhcOy#serDrN+e_izNm zQJwq$#zVH=QJ%{(te=s;Yjc6yoR`Go!|0p+zOeuEQHglM$%&P47~(iYJgNFwT z-Pb_TI{)e!dm96_rJEv^M}O5ak~a5VKBwu5OqqB1dtT2j-Q0cXOWN}9Xq�QG&wD z;h(d14w`nc^r*A9{iRN(Egj0g~RK@MB~E5i!btxAi+CW(kFHOHnk--O7by|t`=cL1G>DS>+`RC< z9=om){L$6(QFED5H8|I4e0+DL(=;+@`QmYdR6GI;9{UoMpP6tA6;3sjaLoTgmEh;; z5ak*c{M6Bp?j+1!#>bu^1ac~kqaleOi0y>i8K=L7SLid~A36zphHqp!I1?6F?*N|o9qnI{kn5N7 zBNOTpX2LZIvnmf}zVud>jaY4dmBknPQBNMpmz2MoIthyto&|}ngD8fRD24;F39gVK zH^s{|C+YNYyzh1kkn^RlgF`akezyB?@@L8HMc*j>0w^LWg^3@ch)mfht~0_%-(yTE zC{GDq40OCmVcH8fh{|ke$^5tA@zlqKsy9_#DJzZfu?QB%hfdR6&&wr1-rfB1`~~xJ zpN!;MMAZLzZH$316SAxSWMvJcf6sCnKS>|=$p4QgZ27&b1^{e~jJcHr<;8*&vCz)_ z90Fr*UU>mkW=a%MB07nap>^ww3_jd*XEX<@EWVnMjjcarz-;(ygyto}BF~i|_dO8V z8j!&vh`*n&(j`2Xid6q3poT!|@-sb$gJjzgOk_H;Q6+VxIZnIe>VM;Gqu=_IWXR#j zP#6ePO9ITiKoJ8Cl#R)i$(`f_BT$8Dv~C}z4H*Pu>K5D$G80+<2FLv=T;7#lS1WRH zEYgc8iunj}#=;WTL4#*SR2r~Ek2Io1B$@3bTUqR!;p7DXGv9c`)bW*MbL49i;)%jb zdO)`3lB)YjdfKnoG>8K6Bq;baND*5~gq&nGQp~dxWcEw3m7%FA#EW4NjyHTFBN2*8 zZCfg&xLxM8l)B(lrmqBZCVDyl2L#<^`XA?#xL!n5iKaAR5tYSJZ6zq=%SiaUWVsT@ zL12b+g%_?uYovlV-PsxoEi@-lFphy%)|wG=4AfI{q7uXzgQ?qm0dz33$rzJMhf;Wi zb6XYUd*=6)STD^oKIbfa57arS%)X#(gsBEk%q#?er~?tolZX+&IF>4~Cm+ZQ@9H{S zuP9iuURk0vLY{d*4mo`-#uqP#_jR4j_q(A7Dms8rfPz!!0yDwf>VupKKCp4Y+kZSj z?cW9VF;(3WiP2_w6#<{vKUIi!yk3R*{Yf|x1#0D}pQ?mRAN)@xx{qo~z>t4Nkcs`R zmn(qEaTMDR)>Jd*XA?eX3X&+9H*byrmH(!DVZ5y0mouX>pPFk(k^N5!I?^cM#b?|C zGz17V@M0QPnzWxpr4$ZD-@yQKms>N{m@(gjmFHg>S~OyO8!L>!@h5moc^C~dboc;n z*52mqfk;3@uvHKu5mbr&V2cW65emy1$c{Y7@);%9JRl##Hg9G(`&(pBU0TJ+*=O&h z$mi7DEBF}yJtt_fU?s3p<)*zv8(!!%65U!^s5R zvaWcm<*YFm*!kQ6x)fU~PMW)R1)vBhco`VHm6Jh796=dsZA18ce{Pl$*?YC%QOf*@ z;oc`#D5!cA9*=Fu3$^zGbbe8|^$bhj8UMwGJnIT5Nrz+MD^M6^d`o zy&4R?b~uVDx(81tRrtDg4}%_nD%Pnj$5I1E`80bT~^Zx!k%X6!0G z`kl%M*331bBcwz%r~=<%6ZDP+-(i29HL>R!E!aYX2wd^)Of!V|U@OHLTMsjX|16bn zRrQDo4@m}fg_FCCy8t4|U1AU41NMg=3V(Wg-#{MS)bHFrJOT!e!EHx}t1yVF6GY*4 zktKQ4)Cj4GFa?sOeAu~tjkHM^Fz{iFym<^l8aMh(smF0-)jBMG1He`YfsxrX^gLUeiqoG9YEPhsl zA*Oc4qfgqFWXfZ390h5J2qG5KJ`yk-SW|7l(oI(d$zZ9sWv&;hsm23FKLn9$9rZVO z%x2>TG%L%YHNJIUR8O;^uIs*qEprotbFVcjZ7BSk+H#YB1DuXpp$f#I=Bl}lR{7kB z7Z1u#1HXu>K>m`om!Zg73t&l;eE^n)5RnDtG4OB8YCGl;O$_;TfN-Kt)B4z|>P^SQ zAig70hivN~@g=WeR=cwQyor~6Vib1f&RH# z$S{^R7{CX%JoJfT#i)Hg#7RFr^36nY@q0Sn42aDe4T5{B#`=#w)Z9y$f=16k%fhW8S!#*pw=DdU@c zty96;>p5LjvHk$B82p{T`!D~2evg4=3t;UivR%t@WtN?)$>aSMij@=cBhj5C0^ITS zkA^DP^R6PZ1Oz@8QAq%m;}9KIy8*GyUPw#!NxW-FL5DWJcLTp>HM zJXoTC2OV?S8qZyxjXPQt{Zc|k)2v>!zV`VIYJ7{5bPC-rdxM9|V#ckzR%-qum%AY+ z8cdDr!&U3UNgRmKf7^9{9doU3yp$)qtTo^_Yul`A6Pe9}xJ4`SQL$t4#+Pr@wV;)& zurMYBZWSBL%A(e#Oxwm(h@jAtwl&L*n&G3`goYrO_*pM~NNCLT~sC4tYo4&v5- zhpZl#5`LCWl0_w6K6rEa@X?R+t_>GA*heJMM_L2jYR6iTLlSqhlgJV7yMV8=uhx8j zJ9w$0q17={aJ{Heq;3w!#+BUD#`9#G`%&TY5v#k z<==b;z%4XXYWb_}*BtwsoOcZKJh`U^j#tfzSL&2VD1;t`nOs*0BPG^dXC^n4qA01f zc`#GoRN@##K{rcCEa6!%9gMuh(w{?dl#<3xm0{|q zLkyEjEU($pFDFrF`fbc`P0nMt37f%Lrx$ZKN6Ye0AAVn~a%k~Tj#actO{OY-@9dR_ zn6oqyWqa&!I^CZJtuf3VsQl}k?qV+MzS!lOQmVP$>f;jSXkc4McNut7^oB#$D^Kpt z&2f!E_t_f&bZJa{93iHT_+g*PHg==PY2o)TLKkLiZKd zameMq5cwRj;dI^7QL?+lF(sq}|XD=BrH=hgUb_0G%b zx|mijZt_Qhr{2{c20^pQ8~}yTz6e8kX~Lv>TS=C6nvg=a#>i z)Li7-o5bRE8FsIw$k@=0zUIY7`0Y~jG2V;=kFApSLne_}dTmU17`=T6tygFV?OT(( zgoB}?8IsB*cd<`ldkta&`%Hvd63172b2rE}{rM1juS@GFzGS~|(eADoleo_qZW8rW z9|;zj=sA2T<3MhoO(we^telXQXy}C-i`C%ofT`Gh#gc_ee$J4zh7a!)eFg1>vd7Wv~hW)RJJNI8}$!Rc-$; zz{S*#pVc3Y5XO20d@Zj*Dn!W9ZvH+H{_yb7u$J9h*k!4o%@H@G|A5)Gan3F0sM#}~ zS&^>@^(@=T^ly8g%xaiO`GP3VwV4;z?S0Ny*kj**$5i=LD)l1&jscstg99O*Oj0Jt zv8nCcEZf;7zza_0Nb9dUr^&rBx^&*tU)#vn4J~4y91X#mmOEoy?0!DRk=vsp|LNLv z)2y9n(}eSvTTAn5G5*|YxDn3e|E~C%U$4OmoGNEMAuSmUiT&__Y(DHRNyN0upRq4_ z1=}cLo42!++c+{RTI)x=j>*Vzk3P8uYZ1-14ASHC3^|z+(OaZwppj9N5EJGlN!Zx& zq&;q}R42r(xFAbdCYhdglQt@dQ1NzobGLpbuliY0q@vDm!r;pEofIVcmCYKC@GjFg!dD1GzIn;GInSyjTU*2 zh^-*cxy@*wgc7xldnWiybzCMH$zRCejMsqwfT+1NfSJ7op`M5I3HCf61BhMTdz#${ zb)v^GC`QShD_&fFLra_nidvEG>W(cx5!QcX{#9(C=%FlDQ^aXli=Mui{n}F#lB%6; zE`CRu6aF3t#G)TjNwkO7>&Mnk=LtO}9YBpIr#E&CfmsibhB90v&4oGwEYlR$R6=I` z%DRIkMi0CS;)?6AF-)1_y_R7#bmdWcO{r74HtYQQ3)b)c4kRN?4(s6h1~?EpBV1z7 z;nCx76_oclNhm!C-Yo^UQxB-+`+gaq$oCcfIgXr!%MrpqQ zr?|qkOqbPJc&zHlR3XP60pz+80dI>;GG_&xhrW*+XNxj)@6~-d)t%(hNY^10zUXKYHexN?m-`ln3XP*tIqC$~1wZM?Mp7axx8yzCtmsqv-aBk1H~ zA{72Xk?w%;12#PWuOW~tNy#QQihW8^!v}Zj@`#yhGPp-m%RGJ?Xu7<#-r2;hGo;Gz zHPu76?Zn5DJ0s|I5^r``^lVt$Uc2_?7kX+3s{Yk}X{*YWty)^Tbi8uH3tRe&Z4Vmb z%u2xJFz(Pfqy6uqA@!>zf&87)iv0(-z-wlk-7XYejVbQc48~8*KFn9qiMfWb)W>4V zIeU_B%KNpP>yynPc4l<~DwO#1c$QQ}e&6^H5vKg=O5p~K2R$bdB86~ancuySwBEH! z0z-v4Q~|tQZZX7(oKG$>AWr~!&i4s|$C-lK!?!DYj8@x=X7R1Dx&2JAgz4f9rYv^WFZ#d#Bb$_FvwhVVj1wb zNf3W&AR>J6u~XI4SAuGhlc|mP*B&*j&slwKTp#n#a25Zr!ZZF&&2pTmx*a~xmD4>3 zu=*N4uGmdRXV*sGRM0A7>gnzK^VFivBMf%4Wm^n!roXy)>1|a*ZZKwU1sM#h7Sa2D ztDTD!aRT_jh}w-cSl?K-6HDzvt)XzbDAI42DG#+6lC%P+c%)^2VDis6KX!1648e%i zS6eTKY&xmO&2?^FMVpe4+Ad4Iu*A@sSHG|JG)&sKWa6M@BCnpmy*_-azGef>bX$r}kvCJSDsr=RRW=E)* z?d-Qp^^Bf=4{gxk9`ijLQLQwwxB;~;4V}P%lH->V14Wky^RAb5ZyvbBJtDyJXCVe6 z39A?S1&EvvZ3m9!K!}H0|we1#fUUTxnS>X?Rus`Em8Az2vO*XD;9i+Z8?@#uzl8j zI?72U^N99mOCLjnUFf3)|3^Z}_x=jWUVUr=0mZMfA1n!dK-4c6#}FC z--suE;TDrn&q;)^g?NxRL~SUXzMjg1ANIxoW;==A-3%}JN#F`dL=xw8%?aULC)JVI zmVutOi_xxD3}9?3jG;kJZ&*~XUhWdyS~J{Tx7d9d(5Y$=rN*tOAtZh`ij?Q7&T&a{ zBS46MHU`r0_Vp$a+pc}zLUm`4cSk6qSVDqtM>kj ztLnQ8xDQES<|x5m@`<$1KPf3pfpXH?;S_*J^c^ZR zWB_@WPj$&ju%)$xnsq4Any@WQK}eKE0{t!V0TKkOLwE^8TVZOy3T%-H&qUs}mQmVe*5W z?hhsMBxJqq(Vm5R07!P2B}~;dvP!hl`xxC1n|+nTv+v85NI*+^A;P%(Dtp5cm&3>) zQ5hE1H_9V%?X@K3p?C4Y6!7dmbDV-@OH~8eB%(FAbp+-AsmJloA7{E4$mn%!gX?IT zWhJNnk)D1_57`(9sy z4nJtXMVn6hRvRXfhmfm-0hF(deaFPMso+I6w4s zI3fXp{^l2c$~nCK@w0L;bcH-z-BZeQmcGWXQCt{9p$z-h5axe)n|lOOBd=}V8;125 z7mm{1KWuDAH9;93c{9aQRfRTOjh$@io|a`l6L5ex-KC#;Ho`eQ=C|xiUoX zq~aN!a~Z#dU(Zf_63@>1E0n|1yUQG54cCSIYnJ#3;*Jp}`5YGcQBBxG>2QJQ3``%k zso-43o*3dNaKSnZv6TJcPYnkqB&Vp(wT!Kc}0mU=*^sk!NU4B^PTnGuYi zBbao0Hiv>87s6elU=NH!-2su9s1P5Q!K@fsa&WbQ^5i;;uC2_+E2n88pBC<9eZf+w zP>ViEDb8x9MUMh^3xgw)OzfOwR5(qrroprOeaHt>hE$L1QVr-=$zy}`(qfTPnNx1F zFwYh}w_gKKRr2%5dR3lOsK%#a{R}mwFosFRw7JNNu58Q-T4!XZziAG@xHTLaLlCj&~uF!Z@%e3_8@OG}(b$rcH-=7^98%)WUZKHZNG5y-3HDaRnxak5oKh)YoNzYwS?0KH7? zf>Y9)R;crb00NAB8b?gShkmSx`Ne;UF%-GIJvVosLT$m|;amh$+IvPL0&!`Fl!ulw zol^P;DpY47ly#g-O26uXepH^Rb!OvZiaGv95W^khn(sNbxWoA!xa0>Qt8@e@R(B1jvrS~Y4xuLZ>EomOc zJaeg%j>NNNsVaV<#!f{A8Nz3z%cU98eP5S=oU^LJLCdwhJ)tJ+VQd=VTZ&{l3t>7Z z!IYuFch{LL>`GVZ^xB6kZs_vVC-~v52FMGSiD|!J$30aAR>Pt@h7X|g1JTi?bBMu4 z4Qm`RENiNbjHtS^#MHmSO=O?S7bL!G@SkgNh1}wO5IVp=(vAnE*{u@gswul*A8Q~b zH<%R{oG%Ev#A!x4K5!~F3Qjf{-&>BVpRp35V2grXy~w>}F?^t6T=Xi!X$a<`Fe^qw z#IdBKSFI}g!>azlilnATrSxqXh|iiG`WgExyzEoUG$b?j`(F_LAE$OOaH>C5pub|% zwkS00UfUh)n#ebBzPi7NRa7RN7e*tBjfb-to&vuryozYsgt~f2Q@}_BNXbO|1qh$`?c;t_54m33{CXFW^@87zE>yLHJ| zC27-GwfLv_9#|HTPuFwar=IKwocCZ6+?g5O4jfPYM2CHL)Cr5=R^#HPyy4g}#<%qjBZg-{y%l~*u zLN6@TZ26NhAuO3TfNC4=)$|A>nCpT8v*(gt?XW(5#L>|jeQktwi{g25nkPyzxTCPSXaDUwJ@2IJd}Oxo#CNjwB13`TDsFJedH?v!UdM#3$Nn+x~l{`J9129gSnP3_}3fX z)QTFl|Br)$GL(bYyIkIk9~x~aKy*d&*7nUnt_-MD_aWFxh0Xi__JW>R&%c(Mrwn(m zJ&5jiwL$*qWpi0cUwXTC6yuZpJl-Kme$KElxC-nVDP924wDHpsnSi+ppL}_eIVISH zr*G1G)wz@K>lpIrM)?!EbwSpFYK-+8Re zGh1v&Ph7S3s>kKS5dg>HEq>3J4^A7a_B%`O=2=bT^8&(k2_>xN-2bpFYSuSwx1{y% zdH3$@Aw|zf-(j93y?T9n9ay(1`wWG{&o*m|1e?!t`n|r)cvCPUPnv19I!rO#}tv2r(x|Z6!XB3exqZi)jPhJW)yL8gO z)FQTStL-t$gsV;fjU}AuA3EP_GG~)+6YKj`wzJ3n&Qyl)t2p_-!SPT(7s2R1rm%^&JqHA~J6zH-tRI(5!e zYgRE&^e6IsMLI7eKl=)Q^>veWba(j1=O?5U0Ty1zb8qXpYg^O09dY?Y-B{mtU%6N> z%deo~jd-7u5wv?Uu=UdP{N*;xPt@K1?i(8r0a$RMDnS5F3H&amJfV5GJ9<7EL3a@y z>G8PiBrKeks_SKJ{4N>v&+FU%CVYR!=`Vxd46yr!zy2Iyzz;@UY7l0(1nK9EyUb0R z4x%$oblES$8ez{fSGe5UVm|*STYXu?r&nxpS}!~CCG=d$Bp~!2?v80#o`Gqm%4rXZqI%?v!UQAOGOk-Me@QF1$PUihZZiJ+QMh?(H*A)0d}ach^8z z@CoBf7C@+#P)O%E>;d$tdfA>UG2|2u)gt(IWUG}4D0J)uLD zq})3vob}FgEU-X+avE~ZENTzh_0!Ek0GC>_u+tfjW-8eDgUkOpJ>q1O)lNTo$8+yd zoE+}|k{<2pA>$MM z?A|(^3rHgSZ35?r@m#gZgPuL6&p+|?8~rJ&{Cb&Ak<@%es`tk92efGq zX06f7O*pxXpJ&JJ)G|06h4i}40OP{U3(~WV+z=fKbc9IUeKBfd_6?Nwy+zs=lctbh zV>a_SatS@mYhD4p8lq33$R6Z?70*b1ITZe>cVf`67$lnm4sh!3g z&SoaI7NH$*$r;62YeFGDR1l&OV}wDmQwlqts<<}Zak}BodcEzpqj{ftuh?^}wbk;4 zr`$arJvamjwc~wd2uXqa>=i1KFe+#J8MZlS#_;BLQ$e3hf9NK$4lvZWx=!0?&vqah zKRMA;iwq!0l$>BiX||vsfaLxmo5ec|guF z5%!10ut!Bi`$aQJ&|589+CalWhAHedPii^Oln+SJL*`LABd6YC7rg1DAaqrpQL5bf(LMB06k${5+#ZK#9fs%jx_e!tx>Z0AcTj-wu zZofP+)LEuo-JzyQPC znrW@MAyK#&5rYX6AV13rc8t3Hknj|gfQzBBRs;fx;ZQy)G&9}FT@vMjKlDQcSW(O? zk0cJ)aV&_Ol3N%ujC3?bJz$AL(metwAyW1}(S5*&i}`Qp+Q@WZrjSOyf}s$xpN$fx z)?wDCoXE!DXf8MhP=x>yH^o3SaCPyd-rr~n7m6Xe^)bfe0LmED`*zy#SnPF?CBlJpPdiK*6p8_L0`;kUwp{NS z_Nis**WZdaa0B@nadKGVo>m_j+iOgrkmq5K)9ddXlnewJ18VQU^20S zP)cDS00%(f>_6L}U!kWpLVisYuIat&nN@2K$rxm|6F zIKcZm(u4fEUdE2OJNNnIND9V%21H)Cl26#OV4i*kcCs z=0ESdK%E)!(7|yHU5P@PzEU-657-mRXBl4sr3y(@(Sj%5K!hJC^D??AA$hA9Oy|T? zp|1Z{`Pk*DP>8_VM=kc({PDIdeBgV?Xmx&$vaPKOs~{%*&+!ex@Y3$rOlm*|qWz+E zv{CRk9PITP{bue4OQblQHLEXp3oKq)NUZ)E+g+e4TurG`8<2~m^*?1UQ3$6W`V+2R z(4)x=a1q!K;BH@=bLjp4T;tOT?nnyu<0&n3=oR2?MlJI5!^A|3sd5F8l688_HP-!u_VFDDd;uVteJF642zHdR53Oo22b z46_46s0n>dMPN5864$s7TBMoazVRK4$j+vRsmkNGu3%-6_K}JzpsDQxs44nVh13xfa}Q!pzU6* z8Uqge#MEE;?Fm8VZ6$@_ec;%*h*yx)mCdqdiv`#S|d!^Zle5akvdyU^YLzH#q z|0$SuISY@)#Wcd^5gM$j{BeHH?7y3fR8Da3|2RE2;>yx#Gp4M2r&K1jdHb#p7U*wq zBY5~>J{ESHmB>^kg;5Xyut_U?X1@GR)18y0&%;eGBEt5_$N;d1Xd6Zy9I0}RC*u{* z36b@eXBeu2E7hLI?0)_juzUr$9RHnk9D5rEzyORf&opaxzzmayWli$+BrbqZbr%9` zN_3}z(ae?IXyx1Ge}*ZiXVBb%$MGEZ!NjboT%I^Ci7!2j=YGM-%U<~%kK8}O&aXY| zG-&`U1EVBvOcmq2!1b(_+oLZ6M(+~VNy%$MLHBSDe(fe7nt9nJgdX}xny^kaXk39H zsCh`4;X@L>o!gT8K-5ZdIT+*iVW1H2Vrju6sg8zVSc!M&lP^i>;m8` zC%H zk&+OK6NBj|`u+lWw^qhsF6%cytV`N@U*39SX+e2S!P!PXSeW?ZH&o=4J!2;`$NuQ3 zSIVp|07ge3rDOcL$in{c%B7DchBVEmra-d(@n(?1e^6F3NH45og>()`cQ1j&wvgUD zc&VFHOqRHWXlXfa<4@KG$T+2qfM)K&v3VKalvvZhXZ^9k29GF^jb>l*Gzxob&6v#z zz}|KZ3MTOY@$!Q{aB#`iQy$R)kEzI8XGQ6Z<&r(R{l2s{`P2$Zjw0uRl?Sd9H2l4VK(D715uGX-i~(P7r6 ztehT$`7&^<2=Q>U9GFfqsVHT`s7@#xEzzbf0ikl^e2>;fh!_b6880$aXaVi*zv0`$ zD$ZLhr*BfOlc@+oQ-4#TFHuy9i=)5J^W7$cdQg#jfN0;tzvFc1PuSRafxMXm#SL72 zjjNBkZG_*KWYyRAm{9pP z+lM;}ZQB+H*?;V8v}zY`2xt@}^f|oy3%LPr?oBu2$-DWM9FesfprK5 zMG=U#SSe$$pt53z%#NjkJ-g<6g&iY1`gp^U=^IHN2Xn>4Ac)#Rq^6zDJOL*J=oPyL zNtC=-YU_c~DzFOorlWS%gaOaG>14P{bw!H(sl(ZsIP3;W?V5P_+;W-N91d|hthNfQ zdq{e$!bK}cB-dV?C)B5F;KGN`HHZLv!Smw|8)9+GKi?sM+IkYt*Q*^lr?)LXQ2et| zo0nFh-3*Ds_K;WZh+Xf#VN((n?0LRaa;!lYbGj@ewI}|t`~X-M=0z56Onqbv)H4s^ z64nF_fo=msg|N4x5bvc*dZKv25`de%=%w(R!!;(ABK>JPxuTMQ={>9AZ4XMo5rZRY zD4f&-lGFp>CFkW$t#D@B7egueGm)LrMq^ogyWTbO?x`pkT4*fA9OjKK5()=348#KIgt{e2UlH zdeDFAha9mVJwAZS!_iaF6TlrV_X9^WuqzjzYacJ^P)$bZ4E+yBX)718k4GIma88d8 zM9y3yc$f-Cw}gqWl+Tq9rab1|5FZowNFf98g)GQ{43h2} zK|~-CzNMAcS+z*VP&KI1 zxREOhmsq=)oN&g~N~Z%Xk89aA^=H%`ZL? zz~FJlN$m*S%Pjdx8^0cdY}-WKTifHP7g%x#I37+lV*^B+C@290Xv`GiEYxi73Y2rz z575C9r3K!O@XxyE-~Rcm)LGdvAZyH2TLKdhVHvvbdT%_-y?eC=BVIjWR9oL6P`JhO zMFx;-o9pkRNNF8bqNli^JY-E9_F{U3$X@Q}r9fTY-h5a_A`?7I{iHq=k^PI8#2^Dn z6J|7kSICKeuO~<{RRstMdlHAG4IyOu7r~Gse!UuG-j=u1>sEc!^Gjvm7Zu`+%wO?N>AM;us??K| zv()=S5E1x6iI08!a@68#!#-g#B7j{q`e-SGC0pMqfaw&%gi>hkZKrt*Y9`;Bgwf&8 z8qbhDNHCZCspA|7?Osf*a|WU*6gTrca6C(WLEw*M=~%u}<({h1O@)vV8|104pEHBu zcb5O~&^IUC58Z1T(V(>-P$rzB#L8+pEYM#z9)&8>waGCvoNr2)d=78eD)l_J-Kja6 zPUpim#ydENPA!^%lmHkN4zv) zr9Iddwm%TF0}q2<@d;x0-9v7}Kx1Jn?)d$GXB7Wo!CpdxeY21V54M}3V&YO+aH0dufD2AC{1<5T&%edn@Fa-V zUN(#JTk8+4JZu4wR!?EW-?OrR(?$TOr%4C9Dgn-E;vKeJPrvzu%F(Uc(lPXdoQ-IW zr_pueiBulj{@y*)x3SV1suq9@kYwH9$Hy&|avYa7Lh1oc8KeS^Zf3a- zhcn0tSEWMUd{36G7IWa$5NcJ%dWg@WUV@UnbwZ3vf4CFGg9 zpBT8DlpvzHBv&h_5I#{chzHY(OSp&c#K>FgWsJSmOYU&vn8fLU3>m(B#&R5~auYXC zcmLQ@1p_8bQbsBV(xfjzf4+HC%d$i~K{p}WdFLztZ0kE-D!X0YV~3*o0Ct?rbncrv zr_Tte2?yGbB5&isPs~$sVp9Y`X$QRQ8W0`}Qys}gxar+-Rx_nQ9#cLO`8_o#FYuea|rQNbrA{{AHNa>1~ zRW1e3X#2lNt_x@Hi9Gqi&HTLz)#~W>!yNq0a-pAE73k?2MkEehmCJtw+u#y(qAS1C z)_cBhdv=gT33a|2vjz!83fq~7!574Zw!+~80NrXGdy3+y{_IzU^<=H%W>0Gaef$w* zRAgHKYUh3sj*`IQWNeoh3UUj35tF31?su>I)E4mL0BHOh&YvE@-2oT2&mv=T4DM${ zq(4`VhQT?KzU_+B^<<5lxw(vufi1bW0ZC6TtRybJ%N~AlnrK@hotGO;CtJQGNM|gu zw|GIOF!*(N%>2NQAKXHc7YCt2+$oC6NyVxLvQV62LeF(Mxsc2=k(zS%($D*{KR?l9 zf&bw8CLnh8FRdmXMUT1(v7_^}Ng$E4JfEaJT6Wu|n;^8wUQ`B1(Fz84pK6o$Y84~?$S`(J;Q`@BHN-J!t=quW>{Bg8NOY62*H-Q{<8 zkc;IegI-#c^A{<)JNtpdpR?wdgGYUZCxrQAhPM|_Y61;kI(DVqUv^iUux?~=AE*@z z6IWGeYyDgl?7&yQcAzfr?n;$Qip}y0{2C(lGDh@`!SkL^4=TQXum0Ug%g__vajTh> z-tOY1_Tm>imxWqiE0(WXo)6vM4tD3mgm;*G+zENuS%vGQm`Y%O^T&2wnt8a1==win z6q!su(L%G0(2Nl=DRoDqd}b1V?a{U;ga+%`r_}Paxs6Aw`KQY zyM9U!f|$`>pZ0Wcv6bOm7<>&;sOVT2$iAO6bqLHMP4eLnh(V4avLCeG ztzm$l68^I<6Y5>>?puI}Qu`NP@Pex55&6hU7CiW82!O%)&!>!5$?WHg1z~e93!(cx zIJkyJQuGu-O)Cy+)9xh~7xAb%CtYp;MfU&CEE@}g7DFz;iaElZFdFdyq)k7Fgi*rx zdZq*zN6l;0=Da1VoWx9lI=`mm0D;)mr~r5(2lY&T(+=O8x&1JJ7#NNVq;}FOl%R&E zDk@M-ON%@6;Jq)2bBbj=L~*90BiTeU)b`TPt~9wC%s#+HfZ$sauI3z_64CqaIlKk} zIjVL8ikW;|H3qZl!-}KPP_esH*Dd&wXfj>?8F86s_(Uk>k7*uVl#P6BI2%|b^t7m>XHUB0NL$5|YKKE5G0Xs61K z*RAcxY-VH5YKVh`iZklsc2K)I7S#B*1q4&V0k~+N=&3=a_9x7eyNEyU3_Y%C`>oS6 z_O=e&^G&my^wH&k!Z`a+O*6_7S`xGeo+*%D9!SwwO?mqc^rGHXlAi?}{!j8r#rM&|v!V35#YZn zOEIg){f5N($thCW)tl9j?*?~YWH@|uH-?he)z?e!@|*42_EYJTM)gOE)mj&mLzDNg zx=@+=l(3*Cfg`Jn5&p2JUqvl{lsF206JHHi$?v$Wbp85UH%rq#kYUYGcdny-tMk5` z5tpQHl!cNtG8|OUrz1;rM{-7yXrw#{>k#Y|1b8}hdFN{rwC^|lRy3q>OjDffUl%82 zUDL#7p~b^QlC}GNe7IYCJVSpa^`5^Re|_Jt#8fEyGz`CYZI(=C@T2h!KUuyMYv??9vb~iHKp-*pR zZ>JZTjAf4bn0|V=A>AaxZw`!;X)edm!-2Oe^SVzj=0CQp5CimVRN8Be-l*gK*I!6( z5=mz0lqL#-QVKpx*L>5h6A0>YStjCJeiu&ph+874goGNeRaJTF;T60QTsRPFPs@s& zM)YYg5pN-(Di+9yR*WJ|##Y2XNaKTVW%@<+(fNC1`~Zc7l^8^6<%Pl5pwc)XVxf%k zM*t*DYVXs`x9H;XZ7eBmqC6v}xNYrKe>iu}FjeN*5Sh;mky&SwzHfRy#4yZW8-qX) zfKcIq|fF~0h!Pnyv3(d}YV7s-BJ&wj92#MB1o{#QGQ4JH{InHDQ81&qh=#d|GeNVwJ0Cif66{_u%bYdr?m3>UNr#i2t|a=|w=LR>kYPdR z&#<6h7c^BE$lV51q{FpdWIqd+hzDWe&a0nmD~f$?%k%o3>=po)^WlDT?t8{UN5=nY zKt>n{lZ69ggXsw6GCtzJw_-)LEKxj)BJoPq&nQJ+xIFqA_dx_-^4jp4Th`7P%5p7B zJRC5@+=mCKvWjEByKvnyaZyofxs>OXl{hO2PAKPN!yvrY5hND)Xr@#wdd>d$@z7aDu;cE8~;aFThG=tpx>d(Xx*D(S7WVIad@*$31mzXRrCXk`2d9(>QWpWp#Nv*qUb^2LoHWkuxTbB`Mz|8j04*O9noDV*x%=xo+Biz zhL2uiidhSgtB)#Z!vC~?+4#NjL}v9dx8M>5>19a5PK6B5WyXqDB+c?-8Ry-f^uTBs zhs^Dx;?S`AfO4LvK~%TW8AxK`r2}`&-Nl>^v$mBm+R4IEQM7$-&U*MLT(v+ zznA2TA5r}9nH^j|7L#}+_yzZCvGrd?^Vc%zS*9B&lItHKT+(G->X9m{VMDjn@6Tz; z#dq($`wEr4OL*N!S#$zhr|(4_lWYck>kFN390|gK1}-x{KjcOiE+P^ zli{uaB4=5RNUv*yQJ5FC~!k_3%)wtp>+t zu!cu>&^8lpn+ZkvL4f?5{VX{giLk^|CZ2s+O^~=O^(c6CZOz71L5W;bBx0^2kH?bw zTNAfjG@Li36r|8;c#sXsu{?i8_MY;a1>#@9%r~Zn-t`0tcdX)3^Ih}O=JQ#0LtBF% zuaMqbL|N8#{$G2nyeVTat$p6i1FS3zY4pZV8uTby=Vrf^%5s+#vkB@UvM5FKboC9i z9+^Rs{-feeatl~?D1#poCj&4>)=XxPOZnQw+PcxFGGFzFnBvx$8ya znO4{5(Yty=>2FO`yhS$T2vc`TbUh#$s}_uzxF^{-cu-Pnh++SEF3D zdqDga{9Am-vMhJI?#b4df2Vlqrte3KRS(l&kro$ANW=tn2q=~FiZQ!By64L|Ai$AA zB>bXGy>E**WrrvO6}KaNwG&74r**cGT6T$uj*XSdd6(=~8Sr3GfnC^++;)qE5RyfM z`|%w z5Tx>kMtq@3{(>s)U>fyn6ikCv_48q?aaYUSqST{7m|25-_e>_fD9(Vz4vRZG4YU;o z0gB%>k`O_pwp@gqFdL9g(wBQFp;vD~z?kNNhocr5c{CS@OvW1SKEf{ZO#8tVCpljG zT}A?E3)qK3+k=&KGe~pr0^aF?bl7L=C_O0(B_2PZ04+pER!GXwnBpLJJ<>t`%Ap!X zLW4DFz{8S1!t7Bbr&Z*kv^8Apk8A;u5qIO*y8Fs(wSZ7sMU!aru6FW1T8kROY~|p? zYU`IKuo7~9{bwJ|)@aQ{cXIiP&AYC&8MlB#9}SaGAcjGU!z+ucn3o{`moy;uoixi0 zTATO6>~!*0hwbM4vKGVbAPaeG{tgI2!ba>zCpz5bPKPZ&O8+|Q>4B`+nXa97M=25? ztx4w)#)Sg>Uz{!Y|HauD|1Zw=^Z$>tfr%w!!2^S-;g1n%rU8*3kQ6AGH1_|4vsLs< z@*s!g*pMp9;TW?W$$|7kekVbVIVGI76Z z;GX0_{2l&|!&G*)`C7}#4#D{_RXUkmv&xf?^#R{kqx2p3r`hkVA?|8+qUC9{W{Y#F z?WVJ#;zc}oxzaPsSS!j!9+ySj;fG>VHq5Vml3g(DpxUTmM>SX6z0~4Kgpb!|x(t+j zo2vWG*G-U0w!{m7pXOd{9c^orj(_|46 zN4qKgawe;hL~J(YM33y@LurB`oqOrjig92TZlkzO2KR+A+ZWC64_;dV7mZiBg``m?I0#@HW1hTzqCXzq$hofRnUM4A)r%+#==Df`7~m6|u8K zy1l-qH@xGgYhqMg;x4{=@8w@pZaX=ff7XLxPlqDqS>of=kK30etX*r@*`TuY#*s5X zdjG67aHCCm!U_CyZI9dQlhEY>lFRUG`8dN$AW^Qyvaw~$MEJNNqohEwiKYgpCZ25B zwHR2lq3lirK(5dB58ugIQ(y@0n7rujB!}3hqnduhVr0)vqZtA88qpyv|72ka?)YWf zWkVn~JoRRvtG~EtWd9x~+O1!=c1WTt za4|6X-6ae>eg?XLSzf)8`fdno|Kk7b?vRefjD`p)VGxt%w&8M8xdB-yXSICESlBs1In&qX@>znjAlwx{2iz)^jFm|hy(lZQX47c`2M z1Tg*j8Ri2VphuTj_ua^E;xT8Z+-<+_1YCaVzjQO1=|3N$|N7_O7o*-k2S?x5Kk9XG zf0%6oFKHBm4uAH-Byd45ox|z#&WTK*P=iAS{D5*r19=cG;!DEv?;Y-U;2mLa=4C+R zr*qgYv?OZe*is z6DbR49}&O4Is*lc4Kktq!?yh>qj=i@B%`V$4`j{~(FFyhf|&bbVVagGTl%B&2agh0 zF0jNbJ3k>*{l`&SAvm7_s`vCna9ON@j<`LTR7we@OG?2pWJ}i?Fg$EY>CKGagH4Q$ zi}j(C4D8BSR<4^zGf(Zl4_Ng4XdArwa-R9Dd>46(={<&W^6W&YQCHpPyUOH?4>9N1 zWa>hFhwsIwPua?G%=8RHDbl@`Ik>B&Mz)&yz0X|3n3J+67=*ss;wmQ%tAW<)XGj@#2I2E6xmJlD&Scl8lXTnynFm9$s) zEKS6Et(Wo-N@?9))eS?XvdOQy{P%QZKJ^VL0(MTE2lWM{8Ee+4_ryL9<2pk@3c2KT zoq-n6l&IA|_6kcMIbt0fqkTvZFIh}RZ!87E)D^2X9N%a>FWt(%7{Y=x;6OjZN4OG% zHF`7gu`%eX&YG;wWK?~zCGV=Rwt7xpw z1sP(zp74rMm#n^#)^GHya1*~Tr5}0Qf&`Z1+0;B{`I8AKRPSP)Q&K$ zV++QP-$mK*SToSv!HmT@r?yf_aX3Gj+&Bw*-u4{R;7V<*wj@N}L4ZZwzsE1-F4EY4 zNEG&pz?W>^ZEAAATxVYU7zq~#7Hp;;b<&~#o15}PwFV3MzMhby_#w)*ykGD8PGcKk z9#BVywE9Ogs+o1r^!DH{B*=mJz4J&`FGSFkfs$|Y=UjG)v&{N-(Mq#lVEsGgSb(IR zOO;V(rAS?~xpx6cTXGtrj*NlUsfpPp+VXl_ht4Bfw_rfK(ecPtkP^eiv}p;#7ZK8OQ&o} zwTsKDTX>o?;Of|r*CXigA!FFw_r+(dEQ$0$l+k!e#dw(QGg)aHX{+BoL7E~y^x^mUwxA^_ExNOeLi%&0TS2kUeUY4Tp7%OC&s|Ru;CeNyFhuIw zo^q;eP3z3Jj%?XSBH4j&zdU*tEG%&N!gwtoy5}pVMNq~)lT#Asp0&eNWY>qcsDO0z zr{>^@mur1JWX?dEg9C|D=ALt9db!Lp-kl2O$8%}^j+&#_!431YtA;YnMRE9tYocGa9>otSh=AlEa>ycz(Tne|I_Pu_}0EB)Aq6PO7jZ*ZhDr zMjIoGV8LN{?R|%{eaA)}ct+G%&=@%tWE%Yo8+#Z3`^q-f=x4G%3?}}xIz)c5p7gO{ zThINgvixn%VN^Ik)rh}2d`hGbk;K%5?m>~(pRU51rFWDo~;w6h72(8pVC;?EKg z?Wh8kn1NxG?o;7hJ%9SZbYgrScs&<;E><1$%Rd;eYQ%_-P?Uv4^2A0k5GzRf=3(4l zqoCKLzyy7VByOTHE+CPli{3d*?oF@(&^J^CmOTd4JBmxo4lL<(b-o5r;F7CNh?uXF zU61sbBog>c5}sjV{Bsh-#_aoIE&CZ#t*$^CvJhRJL=7Zy3J#)|1)ta-O7? zG8H){F5rr8y-*``RC*sx}*N;*Sl zP#AB{TNC>zmz?vZ|Fke5ZflqfpioE_qHdj$Pzu4}i8EIcO{@G2cy0G?#~=;(TqUQZ zh&MnZYcMk&0-+ChU!7O`nRFUMD2O+9W_&_G%#5s~tDHgdC`cD?wr^atZ9qH$oAW>x zXthcX-T3VO$i@a1jK#%>j}^R+duU+|o2!92VnFhyiLl(lNfY1UMMU-(Huv*OEj8F2 z8acd}$c%&$Ah<6CjScyFkLNXu?CVA6q}&H-)T%mv0)6UD@=a02n42t!nLii}5MWHH zrz=R%cje(J@p1xC^2N}^7xc!KFxH9-6KJqvSP~w5?>Hxc3hFum%9Qf8XN;9og%zB` z?Nf89$BBPBxl7d&OQVSHyMoz@!IG<0dtsBB#w4%| zqYkqiAP;MB)re<@3-l<+M-7q9PZ<1ijpujqui&m#3wW{D5l@Q^gJKf?Ow?YCG&M|w z(j)31s8l*5aB4AZ1rKk_tE(!mL-A$k;tFeu5d{DebtLp%P~oV0asx6_&E++Sp@A8X zZLrRJQA@0ee7#m%z0OAjnypSA#pGwm+uY8;M6IC`ZeXc8_@6*mBNU`fDqE*EtV)vL zhXql|>X6rl*TBPnuQqvSGyUbuk>|oqs^MV2EnfnNSCC|>c$~}@%zmPT@^=mnPl&EG zGfkHCO@Ncn;R;I#e|1`GUb3+cjE^VF|CCR$h`maN$yJg(#Jw z&pS_Yp+?rA?zm_r^DgG=e9d6b+UzDMu2zq^ThH7rJnlh=DpD#HoQmsyV^-;^(^0im zmr_&6cml7It#tm?t*aC3hakBgh16nNU{z50=PmZ8zM*a}`6o%IbUGK0-bM#!B}9kZ zUwg^k(V5bN`771MViK*aU zYgj9)r|%eEg6VNwg}3L`C0iFRbrsfP@Z6J-$=XEj-@%Gi^>V7ddHAdd;gkrXLMdsL(S_Sammam5JwLXah?T?@8XNg{^|_IGr}|wDd&?S9{s*Ftn}*Ve=5thUg&H80y}F-#jF7#gQmYfs^pK)U7dBWKRNH&#*O~ zE}^+#1`$`=U>VZ9lABS0!BellrPF-PyOt=M=WXcn8g~VgUxgj3)bj_^)GYOs@kWBhm{ix^FH#Q4CXIuIKa z$mSgSHDK!WDE|#{_WJWC;gy9!E3<8Elk7h(Y z_Z7NbyfGQO@b89{5G4s9nr7fh|3?e!!60tj zdK?hM1oYYG5*HQ#Z^-Nt^<`UOcfIw zhYXKmhS$4V7TtR9Kg5nKHh8SVG+ZGhZvd4%qY9HBY5%6}`$s!me>~4=xC-YO~uaQ=*vJ ziS^zd%XT31+`A;emwBR8o%JRRiHz*f&wP@e;&FPY(~IxF@}c!!fZ^_dS-lb_mTNs2Z;uurI;(F+51TOh4{0(3_@C%%-h@{neyTc4|=WK|r=pZ?y zPWiN3)N`og_l_|6t^)$!$=q}QY$Xr7>soind$Oy^+sPMPL}t9lHuL(|vT5W@mQ+$Y7f4ix zh*TEpfo&bKm;(GdBHUxn*I9O!(d;3vg-p?TeV+?HrJSa}KQ0*B!o71ShHSAQE`{bh zy1NM{G~T`Nq(8?mESFK!-P%*Q4$s5=FDLdB8=l9XXw6SYKCReIHH^p$b=R)`HeSp^#DLcRleyyQoQcSSBaP2|YOA-)K%tmbyS5E`L%PkIqV`Z}pB zwkH6o(r4}gkw9hN{d&YI{LSwA^={GHh3evAU!PGZfa41E=Wd4#nq&)ouu}k@MGe{Z zk=U<}vz`qVu8-B7e|7vsmPoNtp+i!hd|jXLH4(M+#Os9jE}|L_BGM#D>-}K#dKdh+ ztYG7lS9i;Fz(wmdRM{M;Jo8$OsaPJ}CC}Vc0k2Iif_`C$F3c%r=wtr4{xAP6v{2l_`9+&@HU$`ahwf-B~aNVMH{PC7-_=hdTku%B8u$J2PXW0H)+r zUf2I0&PGq+zDK~>!V(EM8;9xKo?4;|gPhqFAAO3cj8(7MxX)^>ORB5<&bXcvc~)Iy zBj453QLA2Whll>^HcA_XX!#*7F_2%IS3Rdj`87OL0eQZ(V9f zWd^02%w@USmXKM8+Si*8nq|{Xt)wmdk!XIaRay~!e8B6w`lM7jm(Fn2{j*-xSa4<< zLhXHxMbCn`YXetyW0QJm;&71ql7OZ9T&=p2ak@pnJ=^gr*oscrB4F0rf4hbw);hOAgK+k_tfZx1GzA@vqpZKPkDUH7ceCP z`Yxcu26{4i1Rw^#n9-Ied9O;Lt7vmuL3fCqi{td{{#;pr;rVhftdY|4rJCv4)T=I* zbURmOwm5>`{xRIgGy7!9Co{XDZ58^E(^`#R==)4rRF*-qjdHTc1LU?Q1EE)3WSpT6 ztQDDhtUWA=ljdy zCsJS9=2>2|W~x4aLUw4N^Qw*fq4B$P&uq(p+1jp2+>P8=WGM%bU7+;Xx!|1H?QxgBY%NM_|r`TL=jj}6(j#@>R-JzzL`Ka*Z@hEq>u<{PDUm;Y zG87pRR6fCG75Q%KPt08Avil5N%P%*SKYe`dji@P&9_ls--H3Y5TyEgDCv6pU3-f4u zPfj7I)wcklw-A?d6mr~Aj%rBQ2M|_(KhBsh_`b0Vc)cT4DG=o|>wD$^BAPiB8MFE1 z?~@Pyc=MO!Mb^_$?N~hzO5ew$c?Gj-UMin4WBmHM{By@YIEBl`lKqudpDxBn(iED+ z(8DK{p&zk0uMh=~4%>XLG}c?9H?#W;J$%}id-&eSVl}wam{sTiK%hTPGn(zYhU(ZM z(zWnI$mg~BaOFYDsVMtU1yWt|NGiGelE;jS@_9Y#RpRQeT>XHF2Ed-?3=rMt_}@LS zw=LH~K1kx{Z*THeS}4hi(7ep>9xV}*b7i{J7-H51h*(a^+xBJMpgHRP;Ir>yE+k4UhLodSGtGjY-ospb zTZ!@qf~>@W`UMM@1CMSeNp2AO;>^_!eM()?+Vefx1}t> zH#(czA@0AOZrRrJYQZ{J!!+94zvognB@0|@b%2#7AyM+hz9G5WR%_dKuGb{PFhDU; zVzRO~8Jq*H`V&If7aMbAt#Bgj;Bcb_NSv@tDr#<~J}=Vsos^fQh90xLqHM)PGNQc8 zAV%?e8GN+!s>aDiXDvLx_zZ=5t_^&A%ee8ZX4;YCBTbREbdHlsu>NOsbf@v9<8Rq5 z57=TPXl%*}3L0C@b698SrI#OCo=BN%GtxPE$^gg#a8Blf@;Ed_*!4f)ntaaf z>Z3i6#U3J|w^Thm$}|CJvS$qYnPwRVw7HAP&)UE>dUgig_Cz}9A0+c)8|KeJ}Xs(&PA zSC6|d?AY*h1FglIs#>`C*0w|kM8b!@u-f1Q3gm1F1}*3>KA{Gsm3++OmcG17aiwoa>p-}I_0v+V{Cjb4Er@V0bPJQInclQj#L zuUu|!Ems+yg|prI=;AH^7>jk=SS$0G(Q`^YLGa5jp_jKvfK)a4skCDlAr1IT)6bHapwi%JD~mrrO}oA_V2OI}2|Z zCf%4V531vyEMo_~qFZD3HJ!SQ!a!J&@VK8-+jw|4;tshc0A$zcV!SpJBP3f&+j|rz z9@PAhe2E0rJn3@EMl%eUsEQ4je)8O`_)U)}KZ8w$SE5gx;k1J;Xl&9-2-LrL5r3QA zPwJ?_VL@pEKgpffAN@W>2{WyhXogy!N(ukOy!>6KN{?;<*!*mYx{GZm8TIyH?hg4B z%F;P#DW>u`$SKc#=#aGD(^Apy!Hv&`Ty_xtqvgefRA;h~|MpW5xQ(VB`76`($sLIU zdB(4X(e?L8vm*IJwlOsPjZ@%eGWhSNA#(iF{Q~a;+os+35+Wt$zW@n2GLLV7rwLUomkqZNj0#A)s0_fsefUHLp&?`q(wD{`{P!HtxC znVnE@O16vJ+Qpp)^=wCw?r7ZGwG-cCe(;W;j2qR$oEz<)+UJfJul*cVWJhD<+&}aX zaq3nWOv1d*)>5Hb$Rt;7oCCefk#kJ~b28BGb zOCMMwA%&)b$!8#K@%VRn9lNDHS>3Xv_Kb>?J!32Q?336%{r^a9`ff2dKvi6lOKh|y z1I$466-&sSrNC%2Toj!Jjh!{rPBs3nX}8o=v{z14S;C!rrcrcL#B{kbgp3VpiVsCI zP~RH)`-H(xj`RjP;K>*OxZt~ygwm~gp-cW(Bnl!HxdXOcIr0jy zi&%;__yh5byFIU*Wru2?^~o5>-Mbm2Ym5394w1VgQ;v;hF=4-NLOeVuy5brsFi38B z9Uad6$Up~XiF-G9GV~k&4yPWa!!n%kyG~Ew;q%K!Zu-N7|C%f3i2h@=X@P7S^`Lh* zorM6vG9woDd3f>ya6jjj!XDHf4rQ}@`zR#-@#WwmQ+t`+t6Qtu;`{13bT;IL0npgA zI9+CD41?I3D^3RuwXA;k+gxNwB&_$Qr76r3&9F31G>j>0@Z-c zvH?J|#C8vUwv$>+2B|@%I!>H)-(G=CBtx{C?1oM5ryi_u_rIM0gtDo$xwUeFV!kU& zJLz2UrpucnNMAlyihr|Jkh9v#~F|T@2R0a(`LtJkbq>Tr40y*8_(x>IOIOs z{X3k$oa7EVJd9_8SdkF92E3e-Wiey%d^SOLN*5uXL5q%H45YNJP^I~Cix?l`aOzE`Nk7W9`M=|=X=6F3g;qS?i<95#cAjHZB zB=H?b9;`B-{M6h%d=;PVY%wH9N5u#(0v@)v(zRk z0U7ZLvIBJV(BOyowz2yNX3I`!wJr7bR?8u7N~ z9x8$*0QO9_R*y%{VGAk_%B--9T7fHa0>>kBX`9DUR@Jd6-%LwvLmRPX zfhq>)bC@9mLczEOI?J{>{9OrFb8IHr2AF$F3)PX}UQnYHoP}P8Lm4=_;X+cyowP3! zQ+c``^h|l4=%0(GGSMzD?{f$rMX>Wk-OUtM9V3`@Fz>Nw7x++Z{6Z4sE?J8Kuvdd9 zB5Ghh$`&6fvKytnp$gpBGmwSt(7=T68}9wdaWrL>nv4{~swt(8i@D94bIMA-z{=@i z$!37kK1$|8B_2KS|L*kd^d#Oo{*9HpPxhc1NVOIHG9uDu%E(~`w&L7ibzBi+R@Ozs z49a|``&V>5kJ$`7fV(LCL@XavvE*7E4I4BtuvU9#+9)RZ@MYA;=v~?;JmDpoVg};N z$Mx9L^~fjKoHwx~5)EL{NE3yG`M652`5sgwAMHNtqS z*?_oR(4=!tXDib(5Z4-@qj?ARu41WZ*z^hM>i$Gz=#{a!;k?CKB*mkiN&<@`vk0`F zdU8%18Ho;Ei%twRE>M_w-x%r^lY8nNPYi(&d-w zrvw$Fu8U9@-<~qvfsot=6?XR4qXFIU{?7Q~HN zianG>^BZnLE$~nhTZZ-G`|GXwt&!L;Ukehhsc?t+ae{)!Zp{zH)uEju=+(JulORM1 zk!)l09>H+?FA|S#R0a{7Gj|qP&B9xfUTtp0rM@@vd=dT6j96NxY&G_+dneSAFqbp6 zNjz!ZjDWF|!){-o9Zbya@hdlOJDar8);!jIHinS1B^vec2kKgV-D;pnGs;wO%^f?@ z(6T36gi(3^+r8m%vg_~*&DWI+CD=b^xwiLa?{!a}2rIxa|8~7Q_6i$dzGn<#_t#4|j6YJ)Z2`0@Q}9ucIL@PHDHHV_YHr|f0@%yy zNTCKoP11#(b&t-hK6|=fYI2_(FtRX2Y{n{|8CfbsKRqY^x<;sPVt}!}aK`l~^K3=c zM0lb9B7%n_+p@d}qU5rpZLp>7yN_O3?&CRH)(EtTGqw8*35?Z-*rd!c?D;v7@oRYY zIWfg6MjbHNf%3-iU=t&bQCnfPeKjNR*;R2i${4V|c@Q#YLMSF+DGQ`gU z@PJ)Hg!B@7*O$r9J#xBSfu2&m7$_3!bCz}B`NG$|@JpuEnm`kZ=IMi4eb_bm=hhBm z+iHKEHy7R#hfk`0%qzQCp`)@aM0);vn6ErVqysRC2@}Sw+H7?As~lI1_)WVXk4mU2 z-ll?iKvtMd7mgpc#%sS97uA(vR)DY9%&k4^1i;PT&Fgzs=rw2bv)d7B`tP;Lv9IVn$s7Gq=P&F>aj$ zqN_{N{5ZF_%GMj&?si}Pn#Fj2zU!E`;%D`BcxN*e42YGkWDp5zcQfvYoUfD%rx7fX z@E+u1+pS1i8j7O}jH9m7G*(HOs5P8a)iXic48%f7lrjvRZ3$R5X*kz>#5 z*phUtvJw)CN)lQxU+?eb^A9|KcwU~D$K~<7kL&G)?&jVs7!C$|eeV23Y%nV`YVis2 zAvW3d=*evSlv*OYOg!ZE-H=}C^jYNd+CPz5>xJ#iwOlU%tPft`Z13nc7Y$m;XU3p+Mj1`vIi#oDp-^1V+&Xd`jYs*Jn*GW2w z99I370ROt1VOM!^kEGr-Qc8*_W079YFbP%95EzOMdEbldpNU{b0C ztz;2Aw^vPKG54vV+G9&AyJDXFmv{Oqlgq53f_NzS5L`_AXks#T1puiRVKJ<)$`Dvq z%_;wsI9`9h?x`Mg%n-^>*t-ta8GtjvHs@c|0^Ds3|al)L7#gT{1Eb02JgOxo@aPdZ5VC@&+-`^*w0nrh7t4d z?>fUw`0danxQ$m{ru;#bvDm$QM`1Icd;f8+c)9=J?6}^5cZRHvssBEq1YTED2@3Iy zRB^Z+Dj|9h2|*Ku34<AIopN0p~p zRq%KOvePX4$6gJKUu0ebcYXi6=7Ep>j%`hh9KcSgHkec`$B2RQpl+b<;o1lMdD^vk z%$3~;%!em{l}{0@@~hVy>RWj$L2UT|$JO4`8pbHfJqXQv!sspZ(WBQ<&`JAbTq0oQ zS}ao+mR2e#J6(K(LRe!VqOh~i&qH*5xgyqdsjfJ;H9CXp<=NxLN~A@U2~6J^K(n?Z zY-mZ1V;|kfQ}jYJC``ojgEy0L!j0;>+N@ppM45$+6!bHc%1hHy<-hFoA3sqYKM*p2 zG81AQ-ZPP(1qAmL1OONE3(#q=oMn^t+J-@3nx$JhTU+7SbH7=pZk&Md+(!KSM`i$4 za$GujT<^GaH#1NX|MKs#m?dU}xx%$XI1L3?2*-KGO25OvZ70b*LFY25mTrmTU_jd9 zCTsH^L<+5)B(~l9@ESJp`x_2iUf-mA`QL3Zd%cH?7#cQdVl2E7Z-`)xMRpp*LAkc4 zZs|zm+ZBn(_!gn1g5c3k=KKf$ZIuXaSD`72SDDhhjV*;cB3`Z40LyNPsp`ln)d^dJ z#4%w0Z8sVx)UN6a35mP6A!T^8UG>X*GhxG*jE{J%E?)=2mG?RxTH%4*zP*NVPdo)@ z<~OfcT}7IUB1$T&DGCH4!nkIb7D&CJD-tQ4X1!1~JM5LOneuXf8v?j7G$gwPg)>_! zc)mOwG6EWzLhI;+)Dxy7jAIe}!azDLRrfo23QGJK8WzKI(^%7|`U_QDY>y3<-kZ0~ zFI4C}V(TJ;`5XH&wAlhp$_WyY*c|0+HT#-_L>2`rD_sFrZJ3o!(jDevi~t#9!0qMY z@Lu^=6UWa6j;HRo>#NzHeccMkAjRVE3c;HtbBk0hi$w6Iwk$S4I&OIp^h_fXt}HB*##m>YA*>X_d3AGfa( zHV9tJ1#_x?Pe9Nrbuw_>u_8%1X8LzlyMO@xgu~2RSV4LbB@gi``3Eac@&uPIx!g-6 z!ESG(hl_C8_oVs&5b7>*iL$Tk-bCi@lz??SX z!zX!y>5V{0oUH5zUeGF6L5>nsm`+)Mr@|G*Y9So!Wen+ym)wV5aZF~}?IdRm>$O51!7WohS6Kxlzoqs?Y)GOHwh|y)Z%1yq zf5La0*Zaq#v(cy=1{%}v2-R#gU<#dWYs~q-{T~T*4+_O~ND>6FF_MPOZOOl*3Gv1H z`ar($*Ve9|g1kU7#kJ^7r?i3qn8ik?HfvTdVkRCT1zvfHpn@2vyx*2)N)~^1hc#QI z7ewb)G795QvK|Q%j2nX2;BSl3!c5wR!hu_|Pr|F^?oWQ2DhB+qCej%I?1#EFRn|RD zd%I#$D`xr_0TAe<-_deX4)b#J=gugEM{>^aOPbc+MH5baQP)LkbX3r{t=*B^E zmWVf<#D6jF-d_p(5dE#XgCs}>tgA`+7hEcV^Z0E$PCMOJvcUv?x>DJ(NE!8{AxH0R zXnkJi=UPm4@+WEwAFRI-0M)C?%6Dt-!jzd}TA|hNz@Yn$Qkv^LQ)u@qMV+KmUh}kmhv?LuvQXKlPnZ<)DP_7~$I{qOznz%wJ1LgiXimBQ z*4}(;72D3nLUVDBiPH?LW$BWMxPG1}Td*WyDNCeAeTMC-RyC7WP0TenE3=w781dQ` zMIpmU72ez?n6e3zUb|p$%;#szjaJMEKzKa_xJN3pnu? zfPqT6VN?Myh(kN%(xY~0bwS7_3W&AV?8(kr=S~uj^Lk2}pUF;Epta%svYsJI$=Z@a z15f1F9C|W9^#a}_R-vUSXq{bKqut={YFA}Jm|YOs zwE5Y9NRAJ8L-Fb}4U%uX@_&1;13tr_Wz!1-Pn39mZ92Wwc8=2`ChSbJ2*;u~I5>#0 zdT1A`WpBGV@sRc{U;oFUs%)$OY|<2BuSz7Mgk$X!w~ecI*;#kuG>M>#aNZ3Zn`JEY z*jm7-=1Jpr`9nr~t)1UsDS%sjh-n?DMn}>{+g-G&HQc>;Cqo#ugVs7HvROJYv&KTh ziG9LAg(=sbNU2t>YLp2yrreh^HkP3VgcN?4{o6=5!7WaK!oIi9u8Et8ie>YPWz4Iq z^@(NEv@DwvzaQQ7x%1kPk^Y}xZxTY1g%HPPiW3Fz82jP!>fS-aaZId32|MHLgY^?y zL-JY_veBoyd_S(p3#K|}6uf^^yF4#CmM6-BZMvB#tc|XbsPV^Xy=w-9130s_z4g{; z-D2M|a2f?Qo~4jRHq7UfVE&kcd-B8!X_0P2@E6?hrhH@7uQDicjSeEnNh$Y_ps=fY zK6%(o3H531zEjMJTbue4M|MCH;;?HibVo1W-0-W4E(dL#Q&^S&uZ@P;4H_OueswAK zqpp?gFY&^daD(zV@%~5fJ=g0glx1aZn$7}zG_K`7fW>e)Nd_?c;2=-%&RlynhiA%pV0derBqpa>ST@>q$}=!-dAk>F=bJ0 zG)zmTJQt7ib!a^n!Hs!n@1DH7@P?QPasTt<{>q8=#?ia^eBu4_L_szwY5(_a&p*%H z8~@#5G6*omYu}_${u}51j{$q!Ro)^gC65)SI{?d56sewRI5QGU|e{nfndHTYW- z8XQmKOtxp^hOUl_1jb4A#<3mL9bzdgm|fZnQ!($H;02~Z9{Yjhs#n_U=mHQ8lFSQ6 zMejL1jsB*~1jRW{<)?otED{|uCR26~{ePPgXWk5LhO#hzPO*Pg|6THMOSIOJ6IY={ zI0%M~?R{mT#u<_5{=3s!ZOzR178uY6%Av;DfBL2?YKbP6LdAUzo533BP#ivb88=LEBy7 zg@UWjUvJ(FkM?+QheKH_uUwUH_t)PE=Yf@@AnR8S?f`D|j$$>bwECtx zEd`~BW1QGkZKq2zHX!T;b!iIFEtsXz1adl5Oy2I~^iUl33l4cUv%UC(4j6E8g5DH1 znx3h#3*>|#CD6h^E2$&gdE9le5qWHosp9cTzS)cxs?i1=BK&j)@3~rY+4F@Zz3D`hCQe65{=Zid?L!;^*aBl z%-Gf?`MigM)UHX9eYrd~)8linv}cFYfa0Z$6ZyZR?(CsY1a}YtK}RNmcN;=9wWp{0 zf8ynd2G4b?3IUE#2PSa^EFfOyNJ%-q+v(B>j!}^?LQGX&wJ_cDv0$xH!m{0a5rU>4 zqn_ZGDWa1h{!HB*_P`4av=RxE;ptK4SBVq~vlv)s(@p`)_(dF3d>PdtYULRqktaNw=U}212c^(vpUUIj`Lil0pI!@9#}| z_Kap1$}4Ab_IuumRQKvnr_lNlLDIN7Ya&x8a7;tK^E&GqJ>^lTY1gSnCq1#GAcvj` zI>G1vw#pR5V-?7w0W5v*&`hf^3OiZj`(@(t{$P~er@|SsCx3-rsOwkV3vpf710cBdZnKU}+-HMqCZwle^C}Any)VxPjDG)wP=t->hrZ zvyM}G=gPJT<5<_nx{uUONt;F%$7$mc2}+m58)E01q2cX&@o<9-nQ$?PMM z8>51TIUQc9J+Ff6jE*EB^a#@pNgF4Q66Ns8GwsAQMu}VZnIbp{yi$UMKJ{_Gb{JgG zgSvJ$b~y2<>Qk0-^p$#_f7%$YzsE<@*hOQ;ZS(Z8rU+j$!rAbS2P$u}G4I4M-jKqnG0;fWASA?8hndgA?;pR8Q zSx67zcE^H3#{2}73+GP1pDYm3Nzsj!^P>u|apTpc<;N^7A728BhhJy9Cfx?6<3Jm{ zsD<*d0BIdE9#v=NO2RBVwLLK{ah$M!-hgXt?wwckD|Ol%4W4Gg0XQkEA0&0nB_h%e zt1ZH6Ik^;6WLE1y3pG}5xSB|>8aqT|81%;l$nA$Rwt}#FRiD#yo0vB*sI*Z)EO>&U zQf+3&A*3LYOP!WoO>#h5gdf-?G0Dtut<%oeVx(K?PQ`DuM=OjJ>~LK!T89p;W2VPx zOeR;QgkRCwuaYF-H*Xu38@RY=Fj`n8(4%1o^4u#}n*>X%X`O@{4n-`sdC$Cr+T9+^ zTF$$wj=Qs{4P$j`vS}bkin)w8Y~3quLSMPp_dYUuQTQB!pR@CQ@DPY4q_{b{8xL*4 zu=zl#Io&{%Ud{SGbv`c1W4)><1%SoQ0i3yd%TUNqAnE&5D{IC~!+L z#~94LmEUFCPbUuCkV6n70&0Jsl-PqxWB7hkE}|{Z9Yz?FgYNQ7;wy*vSph=Y>u&wW zbTN>I5n2wvGak)!5_tNb(k9oXP^YM0;PacMfk`ypg=ZC<(-Qcaq5p}|^Z(9<19>nqJUSFhtTqFJ9EU_)>+#7Mg*mBm9!Yz#A{DOT z=KgH>0SJKNS6Cyc**jWn7_*^Gf|qw1KSzYC1Y$vePJx&%g`FjZwBgtq&-hs~mL@E{ zs$3tLp|exOfbb|_fZXQfizDl6QZAvz#0+&@N;akp86c%R&(YL zaYGE#!y|0*bhdCKURLB}E`zFBDlTUZ6|fwNMv^Ec(v?OQNLP+V-D~l;f9W$U&E=oa zjj)%8u;>7rg_)NqwCmP4%cqHjmkML$lM|+;{=4z;wQt>}r>Z*2{RA)8r8U}MG7zE} zo4C@vfY%%*3QoFbe&`&2V&`q**4h3j+zkX(K7^|s282D_^aP_xadMUv4ZRd1NEu5O zJ#q^_mIju?>{zQA#z-7Bndds}>KG%~R(f?_feq*cEG15%si7H30i&$$C;()w8)$4U z%3c?ddbRsHiE1}u;U->jGyxm$`Od?1c`bv1iGm9^ZwTdamijSVj6d)oiI)0&oe}Uw z7Ypy|q++km#3L7?FvS%7k}HE&0z~h|$?|41;iIZ-oDHv`{hW1wNUi2yeurO6*$PKi z;W!B(7kEEcjW8-6uQcVuFfdrFklO}68g~`owl%Lz1o2^Qn2;x6E@G^ZNZL(+@wREE zZqFt9OG7Fm3-74KIHn61U&hAt_T0n#s}X)FqI-=1wzK)vdN_jX88NAXwOjn>yF2Cu z$);npr}kr+e*VaFb1395Cddge0wUQ%4GpTo7rG<@FUND!|B@IeQZ*6nm#X{#8vk=?xr>Uce%qow5>R(> z?}xV;8tr8XxMTQTg)iEkPI??92Z&b|(k*-VRN1G4yoMN+HPlur2Y31w>qI`Nya=_yk1j zQQqd7Z?WQNr|&4O^=plACQ$tan(w^}m>WK~8%nToak)j)W^g0#>Femm-DRGf(BkW^ zE${NV?CbM62~S@MGnuQdeQ2zN3b&U97fg+K7Peo!lf)TsZG^Fb4s)akm@nD`a4CiO z{8R$SLC4d5xe_y+zTM7&!NjM22_131m>q0_-#@TNil)yySNp2Y+7-VH9rETc1t=n& zv2KR4EIHQf*ySUWALa5Of*-kQa5mx~l7|=j z5C5Lky+MPwh{Z=c8eq}!4--gZvgl^S(gzDpC8UN`bRy{;1xziv zw=@A!e8-jS|Mm=>BIhgke%A6YFTpDeJAHc*Mshj>GW#c8m+otsa+MjF@;MdRYkg}@ z)!ylw>zQG}{CsiizoVinzgPXbe{MfyKj^A~$V@|^Z>|g+8K= zpey_5sX&YTxt`~jG!Ny4D4%Wl|A9GmN4%a}F#&kJ(BeQq0TI~^fJU{z+BY&JGkQlK zBg%15@w&er$bWOK|5jeRuQUF)#ptmkr+6S&jEn;*W{jvFP!*eDlX!Rv24PKrobwJr zZkfWPD9~y8rX|k~e{nii0HOwu7bF~sl6%%}&Q$5s^uU070f+a$QvDO(_1*+uL0(u_ z2%b%FBNftg2<91rIA9PdI5@^dpMhr0KjnOq#I{bM$shZBNP8AMZ5GTB`IiLiX{aP+ z9j3&CT)x2!h{!1t(ts%Y<`uZp6VXOR(Ff91Q=m`ekYm(gq%obUHk+M*70d)Q`#O$c zBPUc^N`b%tsV5v@x3DH)*DUY`9&vMsej0-SFv&)dP)&!d9^b(p&S;bw(=JFSD86^< zkclrANj(Hk2Y@8V?#gENox?0w%n0Q-S<~sxms;R201R%k^ylGtCbTwk4ntpsp|_l+ zAD*T62t<2)XC+ga>;g|3aTjDL>^>fzzrpT=5%k)4dY?=mkLA?J;pBYDIrL?#aRWvm zVqOsGO(;AO8*FH2R2>WF8S#rvTXsgzuR_8d^l!TAnANez`GI7y$4VDI;+_=gbkt0S5Laf=xEW zM1lnLwPibU#P^Tb);7Qn0J)On*z$$Bcvq5t6H<;Fzc0sc8{hrro464)#4Kmw>G5|i!_+E1HRS6h}-TlVc;S?>voP zncG}>-a>aimx;sq@=ZmpeFgDz$9ciAS@cjKPp$&pCIIz*8+$JoM|Uh~aZQ`O^U7X& zxA6QKIZj7vVHKAA--0gl1v09)d9@>um3miqz60IZiN@;~EwX4i{$OKOkk!b$F4ZoW z+$5%O(j5;iJnUu`fx|G~4jGSCpZ?hPcbzX&7-THQfO7D;?*ns+dfv@{s#K2f8 zF(w@5SzcF4u$H?aPJ*3JQ4E_F(Ay7L4V+DFLyX!&tUDI1SwdJHTyA|-FimV1yw!Q_ z-n=TyT^rvGsL>_ctW>EEFUtz0L)fW4i8J8ppCD z^2&Xza&*UzJ*eAZI1%UT?)hv^WmZlfzWq2^XfkKRKMgT={eib%ygL8W4IXO$yz`dC zBY~dI>tgvX?;i<=0T64~UFkmGz9r*y#hT_9+f^2vRY|Ze_ZxdAYj5s+{74RKZ>QNE zHgm_j9%gy66HF@U78YSRL^Fkk^yTldt8G`UWSq6v?%|IIC`@t^?G%NcvV_@OAUf;5W)5?H zK0<)Xs#w70Q+y%61B| z!^2!MawJovRz-TynY6VF$>gc zw-!O z@F|(9!H*=8Chwh6p`>PKRDUOhK2q1-Fzgn7qX6v4N%RljN8X- zWIHX34EGL5SIN7*Vwwp@i-*#QL_BD(&bjtaNo$}05%^s}I@J4PIu~K_V0suz#0P%f<4XEHI z6G9boe1sC}e{hpnpt9s|7#{PJ-TqDpt7frp(K68qL%k32wr+iT6zRvEV z@%u?&hcMleq<3c8dt9+aguBmI02L3+CPmSgbUT6C_$ib9#cg*|+Sm>+!9LJ=ZCq#} zrFU5yG|n_^!%@Z>e4aAY-~Dittt_D3el~>$M+);DAP;x}I93NXCzzt$guHO~%(0N} zOAyFHi-dZgtqrk&(&yO=b&(E}X9RO$2D%2i2O0o`KLdS_wT!AkmKTv_W7=9-5v zEv~>4dn!o-l#TEAHIC?CO8?0{;u>-3vP{oC4WY=_iico4-&HzOl;=+t3-}Rd;|K=i z)%Z-5Cn(pu`%>w659k<%H_teDE_Czgkfz=b0IeY+3F>?o)qq-Jg={>cE-~(*gs3mi zl>62=J>_{=X?5gZErKLn2C+UEM<@e<5sy zZ-tHd!=6%^%H{<+$S}wpceI#-(1OrA|Nk7QN|$$$Pv`C5*~2IjNX#pyk2huCy$OhJ zg-I2?S&MRf_x4oDt2 zBv+0kgL#RCs@pK#gsWh6&hSrF6Iqz6X*`DQH7~LQ%>{okLtlZoZ$9u7u-Or2;L(48 zT#jh3e_er#M?8fQ0icV9Om9@2>r1o(>ZO5OE3_9m^tqPr=%m-FxLcRR2i6hLlzg_paM zdSj`T*BdUHax#kwW)76w4aIjh_X%7D0wZOAbXL&7*mDATVDMKZAbb2QuI7^W)_6|L z?7=3CL1ERt^Gu#?hC|*XLtumGD*gt|{Z>SHRYy(fY!t;54gmS@T6tCK7c@+~Wfw`P zv-Fzy^0Neb)tDH6U;K0O2%~iV_X-Z|umOqK$b^Q3CO%Gdy+M0f4;7C3s+a)f!w9@h zG!V5#0YNQdTtQwLi3#RH50_|AxSFM5u#L$^ZGl@xEH%SB@B4@?VPk^U`Hl00tF{~2 zV3marrnqgR%K(n0p$Cw*D+b;X^^g|R@?(T587fVVf%Jwp<88czcfO3Nx&(^l7^_R~ zJ;>o2oAT5K6Zh7zYbBO|>2wUc!owuM97sAxLGMY70f%%s@Ed>%;z=Ys809zl*68^) z>Q%<^6V!Oy!v`A&wKiJmwd}VC$-11$^o8RgW`#`EJ=I!Jeb(l-O;Dr1`Ws#bzT?DU zvqNTb6Ac%h1gxMxYy4)-;1DeB*?(RVqF-j>LJF~B+d67GUzsN0028KG>6^{ z#t|kU><50@uP>iR1rO^By&})iSD#OIc0}y{^IISoI0Vv(Jp<};1fOPnN(+2OVA&S# z;95qoEKSIANfbnn4EiSXF$4UcKmEbg0OcLpx<=z43uzH+4yJ3rN*}(VJMx4;$E?y6 zHhj5y=F&SG<@Fz6=_$2{y36O^C)zMLl<%@+Yewtz(o5;zClDpV1aG(l@%JaKQ^KG9 zz3Uk5gBv|D_cn&<-eV7gJ;{Vafl>b9|Nj1XJ@#nfv-a!AL#XU=79AuQ1jCZWplblg zH$lqo&6aXh1H{1!*&*jLlb6+z!cl~mq(cQ_|8X=b0lh@wW>p?zR{oM8F8m&$ zPt~E<%1HnIvWR}dK#%(bduu=kfJg{`N()F&`7QYFlv1E8G9EzB7bVE5f*F%|wwV=E zvjtm6flr;y!o?jpKJ@p})?7=^@ue2cOc}i3bis&t8FM21DKB1oGop~A0G@NOmS$o5 zgV2l$zSGGGYtYdnGBQru{qZDr@Il~>1>W^E^dS9bXvPS4g|LX4-tHzL!!rTjq6pW9 ztpo0P^1K#*{XyBHy!}DMr08c^qIPdA`O%YvT2&{`1l$8kJ}-~9>{Zn`oi}r~&ow(v zzmMy2^o^#;Mi+C2UG*5)Rpy+OsiceGsZ@heT@ga8n0aT_=JcMF%G7LD6)M`Gx|YpW zRTZrlRQQKZ=r!1UJby>hTAuir>vGX$$JzvdZ_S9=>D1e2zkjysMz5MTrA-a%u{B0? zezuY!pa^j+*-;0dSv687vL3Jna9h@3lZ*N{zDt9|Wn7rp5LQKs$YF_{7V3St7Z+Cq&RHVs-UxG^m%dxVO)fEB{0zx%L@ko7E+e-@DHR*z0 zs^c4T&CC*&3K^2AB}oT8gT%@bB7sq<+Fk_dUA6h5iRGu-^w8LW`g z!@EiAb^MeE*3+woNfv@~Mepv2CyNl>m@ZOnd+&E8LxNnSOSq{U7Xep2rOph3G6B3b ztFzMdUzj-t!LMXTL15$;9ZsK>yD8d_KStg0qfwh|Ix%Qc>W?Mt6KVMQ!+L?yUJmz` z-Z7u!enB@|+%8KNeH1HDDu`Lt&gJKPmnr)_S}pQT>6q%c8qH50hH~#4a+p^I82 zhP?gy?^}IYXi)CzYfzvHY58*G&!N>fDb{}c&Yb&EFMm%y%@0bYLHamNgW9%b`@uV8`vC$^XQ*u_(1|F6wpb zitZiaOwsc9uQ5^pJ?Mi8dy|SsUOb8xfcZVDN=z}+bLeTpdj<_>XdTk8-oN1gn%HJFS@#_uwSY!3+ zR+!_MKBWghs~>af884EZd`&FAXearZ=S{uCcw9qxonC^za{^e~==GEm}e1UDvfqbJDaOy6sgS7b8j$zDu;z{3XX%MCnc5ivVq$Jsi`P;eQ7xKFQ(*~+&3$?}No}L$E{q`c9sbtu0WKqI_ z;Zz_R1vJtp-q+{38h%HxEqfjeh#`YfoV=DlGRTLpF;os3PRC&zU2zJZqriDTrEZG* z+j-^p(0aLCNSGvmVQ*3kCCM#2X{#<|4im()5xTSE%h3fyWJ8o}pbCWC`2Qi6xsdF_ zKlNG3r@8#Xc~^g30;S}=a860K34|AAn|N!hLBP5=*#`vBgAI@@3SteXvw-Iq0qCR; ziN@K8$0YdrDV&D_zxyeb?}XNvikKsrmDT4E^P@kW6(AczZhIDl7ZnJe>XV=_4Cl3- zi9qfP%o0!-TLf83EmKO(N?k5X>&vnPF?ehv!?GHDa}p$tk8Vr#@;u8-$$wyuPg?cLU*1K|nEGF|N&LM_Ig3is zpOI%L&SYArP1V8}8=zuQnUZ1r+H#rZi`=4}!Vk;whWZ&5fjk(6!1Rf{NgI@!70pj? zT1|3wJ)z$trj9;}QnQ-)R9;z5az%T#SI2*7l;<*b{dRWuw4I^xxlQ{`BzYMLAi zGZL*vBW)(8p`KcOg)3+Fd$rj)2`o)ad;<-&eTy)i3Na=W@Qs5RQ!cWHqgVC{lrc1S z$iV!!A#4q`FFuhNKiBqJ-w(VM^w*%8%u#{;%mQJGe-=Mv$j@sS=J;-jk2zM{GNi@!WP)be!4?PNlKgl{I zwroVOi9@ku;57`5Gc|DTFr;2G2(nq*Z0Elr3_^LeOL01bA-pZhSd)~FSq9DP>YIoy}|JJKx@Y;tqd zikV8=EqMWVf^AL9Lb7wAr)3V;>pu(O*?il^bJ{!x@-lbJ&DkS1e?qely9NGqUm&5a z!{yJ_D`^O6T;jq6oSgkA!zbtBg298KSG(BiZa~aopx;8tSZaj*TST!+tbKSi z54q83zt+Is-(bg$D=mP#%gjOwWKDLvL#|UG=B7W+iZp;I8^cjW*e}2(~4!Eb~9Yxz^{bbMnvA9 z%&qeV8vC#$<80ESm%MM^)|RBVZY8yvlz63Bhvj_qulEJUNL2Mr=57>K{im7|6Hd55 z`!7YZ()JDv-V1!TZx?-ttj(sM$I>^E5!o2T-Ip{2q>C1MkJz8;g~{Ru>{E5g22Ip( zJr3-^`GibOaI8nH?}tz)NBvkkkh2TeT~|$CHbuolq%hvYK)7%=~bel;a|WGU$7aeiyYB7AME^) zAAKYm8CBEzP1J=M-*kthMMtW$zn5j45u@x~W@(!JtTz}aT@94JMdNV!*57d3D9hWX zh_yqC!yp1BJ(Ny`&7$a+3FCd)(ZEFol?;OeEFGZ=rn&wZAno#fNjzg)I9C6Fpfpq^J_@x1ODDEU9YW5&o`PkghN=z` z9;BA(!D5FO!^DA!_l=E={fPpXpJq-am`}o4CXq%jf%R#L?@UELT>d|dQhkk|rWQ{;n3_wIE|tF# z+o~43?wPiEHe$X#*)lq#!dYGzRYrHOuz#iLR0Sn2S+&#`Z14_c5p~BnbIgR-Qk62s z{))nkgm+`xGqUM3NQ-gBbbgw2Pc^4AQ1tfn6X~YY*@s9^8N`J*Xh~C}u-Xvxt|IAP z?|?*p(2b{yzE5kHD}a$Bs?$hTSjhw~wggaOZL=hBX0v_1V`F_UmyHadoI$SK0jYQw z_J8j0?@cDBHxc0!^XB@D(`9Lvl`9{C^M^?0>D8e>-K-9S0Ru3W7P?9-Z6CQB{cmiZ z3JY|Y&cMHUiW+==xnj7beR{Cvl63y8#?xfG3ZbZ;H`isOUxMcy->v$^$_&8QWFilD z5_ua!z2DL{{Q)=;UNB>bzCIwOzV*D8^r)1WUb{ATjrV2IJ}10xXHPABaErCL#YXx~ z)H8s#ygl;yo!E`xF8gpuss758uF`#>F9~+Kh>rji3$6gYIf~?*&E#d zs%N9OWPEFup2BY}ZKaHlRQN`2-YIk{*f_^_RBt!Sm2ARbk8w{rswH%~dVnxw%kXlQN?%KXW#VVYxQ9Rt?c^_;fzrca z`>=oqn~MY0{@8{W1GB4k(e=f<*U}n?IqzDi``4c7ZWi``bJ(-F7gJFR(ZLsH%rq4^ z7G7FfdgR|cZZ^f4USv4)=^}{v5AV)XDqRz9=<)4|$K{{Vr9*w>m;7{tt5oDu(hBJQ z?AS|0ee|js3Ndof%o)`aUQ&(ZKZtMKADC%rOWk5BJOJgiE_+rQ=)od|iEM{}&Byb} zoK-r+_5CkpzrAu3m)DhTwxQUs+fUjI&i&t)YAx1cH(Rw3?pnL=sV|+L(%F>JU1mIP zC9kd?B5D79>y+NW^NibHesh=Sr&-022hUbu`F`j?`#8hnQUD26xMh@17xykiV7HeU z2jjWYm6)8auTr&Cw6}5_NJBh&8u=x}6a)eMIBP!r;TTv&1MmTif0?0F;Wl~>skh6< z75*%Ckm&j;bUzseYw=W+)_#5TEZ%Pg#I$cF`?05#CfMQU3yp~ja=B``0k{%!AwJLU z4>I;{wfA+h^}c?N+&#i>B<D z5p*j{lMly6U*y_;Za%P~xW_WHS-+{&>4*cCs)c;r_THe}Bx%P8V(b>g%|M2aWZhRR zB>)X(wI;Q8i=V9;_%Pa%i~F_`))}|I^w-jrKC$iKxyE_dD6`mMkVj&*HYvGSFO%bj zJtUQ>S}*-S9XqRVD~Zw9-FNoieDQ6uOX@+dOBz|aQv#G$mF`ZNiCap0J!WnYHewZd zeD$ti;b#(0B0Z<_0;}1~`Dhx4(*4IjHnb1km(=O5rBZE(V~YA(=`O>I=FVG6H+WXubZ_{4*icSWFrQ74 zPC)6@zHi66#6C0$`aV{aS3*;VxE*Auj$uqO5wCop5H#@hp|PZHg^tgsnH;N#iAryckU7eRB9Fw!GIYJ-d$$s7QV|c_g4${xYPI0i zcA}1%46N@7GB*fiSq52)`HnRvDf+6Rn2#6cuVuDXt?gq+>WV~*y)g3Kt&sWc^w!}i zUq5a&_SHI0-=6PA@^|Q^Ytgj4qx;W#g1%?yi0G(^=obARyM8v(NXOpU%H<_kBHH*Yjm#qo06m z7HROt^J0(t7Fr>JaihiaPAW?vXi)vQHJurI?e$M%`%6SuwS#ZpPP_79uQv|KtW1+! zL6GD1J;BnQslm@26XBlXr{mn5$6^#x3^!Mu`dTl3l*w!1mLH@|eB&cG$-AoIR&`!1 zf{T~$*J;D*S;z@H73==b%$zKE#slmXVJo3I612c}N^x7XfIls8yu#_cDM`)7=eh9u z*Ycl*EXfvGUZESpI{E$Dg+9WKEE_#gh4myle%=!ffWPq#eFdc)>m+xua@OU=d)Bgq zIIdj)mhCHlpG;Ap+Sjdw`H(G)lbi|FaU}~xEL>&f>o78FMcU%nICsw}L9) z5-)p3m!C^Jw=xsVRz_z6f>W#IGH3r*r^?fuk5c6{Vr(P;=@!IA?A$CMgi7tS*S%|Q71v%`o zS5sZXbvVRmSg7MD=O$38(bC*jf;|#VfHNL{RpfJy|F2G}`J@qs z=54wQd(BitU~biL_0M*{wCUGT5LHujxZm%wqC29OoV4J|sKhx{majEXsRn0dGWbzAW1p03Lob;~Wu#=EJutUK&)3&#uxeJUDvY7~!p3{}x_9EL9R ziY6J!-vvU1fm7^%8RaTK{kpdq?WjEh1d_7=D>0`zALe7m%nGp@(o8mKt~RzP$C~$k zOd-6G=)oI6818O$(P#M=6Uw%VMxdO=7C{E5BVu%%1Oj%{~+hwv7Zlm&ow+xpv3@UUOX0D>Pqw+0l)+7ZZ9I ziw!SwJF0|}O(!=}%%7Pwn}E=9jZ}Qste1RVrR% z9idWYeakK13$)7mU=J6?bV54oe*j~XYwtX_|Vb5=VZvCk-m ze82MjOgXJI(uZi8u>5d1gm^L<<#qq#zt|%U$`1jliqoqXP!HuNvX^{ z+f2};f_R`50bH2p_tg@aVRiQvsn-CUv+|VDn64^-{8zPWv-fF#VNx ziP8Wk(_XZN4`L_(am z5**EnoY+x7P^Sf{L-8cFLZjsz&7md2Vg<*Do^cq#VYi1t)?BbSY@!Jc2ss99FT6~3 zd*K{M@@N#y@QtHwQp~1lk_BfR00zGVS0F<2m8!Lvs#{f>=%p^1LTM;3m5O{Opuy;3 zcOHaM4&rM6d2y?#55Gj&)^J`ugNIG#wyNp!gMfzu(%Ma(DrfyX_=M^hr{<;`+ zoD@Na^IKEyMbE}sXP^vdIjbjKSSdwy z;4$wQJWt{C<}=3lfpmXevyvNsG`Rwkp?)k-4>KeY)Sxt2;8X{3!=(){3Saehcoil( zu!Eh1i_In=`jMqlh8=2DEe_Z`TL9%%yUe0_Vzlv;MbpqWP7po>GGzlxnh7@W&v`b)IPZ4xTo`I<{OVN5z}@9>E#FjYRlQmHe? zF}dz~0~6My<>ENU%RE;{c*ZQ5;6ThA>7Ra3ZLW246R6E?Y^K8wDB)}+h{jLV%~5ch z;lz7Jm)55Wza%ppPr-I@D2d+uC<}19Lhs2N53UY79vq*3+>I3^AHlkBH$nQP(PM+_ zZzpq=Z7o|`5)=h)V>@$REhmhyP&&aWuVgIZZs_FdPC&#$Ur~g{yPAPC(ls@YZr&Nz zvjmWrk|>xJ!H>hIM8g*2gzxxNj)unI`llLwL9(t7-V1*c6e_#(AfVS$XUQs@iAxwP zUszPf^i;o57tcNAU6^CnqY-}uaa*2D{KPJ1fQIbk990{5u-kLey=zWxZVaVBV0wP+ zGCAriwrD|I;E86&s48g);fLOHX}l;AK&=Q?Wx94fAH|7%5o-M+%M1te)~9blC6Ilw zf40_)))g=HI}attrz`}4KzS6NOR?xT$Bo*ARTnd2y+qodib}w**AcX6u}QqYaO(MG z;xktJHhB&w(z3J*gBXwwk~4Dk0ittWx^~WGrPUg*{cl>92!LL$c@cnhf6dpn(iV-NVt=GTvtLGm_uF5w%2Xv$ebE?ZVgkIe*s zG{XK($JEJitQPaxvgw&armcR?VY(rMxK%Z_UTv2q%xMLE1iC8V3HEXTKmS9_z|FCcbNQ?yfeb#0|{NT(CNCjtn zD#Rm&f$y8Rz0ftuSb{zluWyD!X03CUE4d5{U&`ZuewoSn^u+up=ab{|Y7ZcqC-y4ffy zR;5fWYL#6zYbjo7Vcm71nw>K5!JIiED+gts)R9hizPL5cff)3+fEf3^Ho@MUI1{qt zshItefakZd_+0e9+}kTcefBj(&ZK;=Q6C>9K}{#Uzng;z;s=PYR@@Mmh4|vSS6;t`;soH_?`c}4PTyRP5#;U_F9-ok(7 z;NRxeWjyc>#_Hh-OFS)(dV=si5A3iU&rkGYKgR2myScguLM?bQ+*{c5X3CNOTbBhS z-|M`S`u+jfpk<1eED|ptiYOP%6fC*ee5$ur7WtFvOYw!v4B7bEGzgaP@56za9Lw^z zJ}fM;g2LNEwJ)m;BlgVqYalriy{*`=}fSDh@ugZXD#jcHaA62u4wfX=$+3vc_g0NUO4w( ztY+)mqokSy;7kCZ`b%rfU6F@(J#YuB2&gOR6zK4k?msL&JtyZ1Hb5b;hk0x8Guzc8 z3=BfvESu$6i7q@5aAxs3)D7`}QPJ912;k!dIxzzj(3JO<4{H<(gs)L@u_ZmcMwy3v z>8|v}zzUhGg!rAcv8WXCDDZem<)z@=5J6`(;nEOowj_}!r=m~nC2owqJPLtFtmL>l z1&*yimT~;YY#io*kGAthW!WnZTc7LQMax3V^>saHeGyNndA%tE$%17rg?yH?zHEU{ z@;2u!59@bO^FXc(Erh);B5?0w*$y29yLTn{VG*AIy?(q1#<;MD|9v`Z{_w7QteX{P zk&CXx`@c}>Jo^DjQe?`qBF7G67;qO;~I)eA* zdySj)EtN(Aq~N-@(6hu`#e@yJM909HkLX~AcAHF_or4{eVHG3PX7da%PT@`r@qj1Y zty{i#yJ*-xH`)OW>9uNr)M-?^EReEFNl^|b&F^KH2%=S748x?M=x(#Ick1SX@74YV}aNgcYdaexA>SAt{9a8n;!qJukCt*#=U+{Pw^!> z$smdgcXBC#)Mtwdc%K-Y93|Zukpqm%-p%Bkf$H2X<=Vvm_zQhan{XwKNG#XG3g@j! zK`~)>URpPXP$=XT*Pf=`4&rLQXZ`#`Km@5e3I8pBmy+ZZ_c7M_=l-;w?pw-#Di6gQ z6_bMN2poI$wl_ zwV?uS!zArO?K$T<u8GS^><0U*>O~PPsr9h|^ znpbb32Eq_VFYJ3JJYNMVkO??A^RWb5)LJzAo;NIk?Ycvb`dESglQ4Nv*o*&3mvnUMUOa-;w+T_q-;ig6?TDtb^fW063#Er`hUR8S zjpWLB(Vr`wfoy6mUmcu3xYM>e{EXZcbZFo0Tf;hME0pxX>nZBjKTdY^mRBMJ-|bSx zwT_9^$Y8F-kHMZGR?93IfdoMg?IAcAhH7vj7~{ELe$Ea+FovRZhO**~4JAZQbEtSg zUJEA5M^@_~Y7&uT_NF)4Dok40nmc{b<=zf(ZU2%x(>vk)ZF(Qtd}g|IlOJi)htk{S z*z|q*k1ngp;5FAjCm>D_-D{tVB*E$J zd8C*dG|c#TfsJOFxSonf2=GfEnJ;#NL|l8TCR^ZI24GTF2zWX@88PC`C^v)_D&k?ug`e zhGcFbF%gV4-V2X&qUXk8QDb>bcb(KIkLG6nEK#53>;D*{d4=7c>Ud7wi0IU1aa6PS zzC-R)*BJ@>C*Lt>PLf^`Do&SJm2P;cu;$z=fmr{Ta0g>9h;W%yoI8HW@7yfo>FzQU z2qoq3vr!-=ZPt!k6?@sKyw97 z7yECXO70vabv;}9>RJ~4%3RQ{;>zTk(eLknBxRn;n(G*FRV>5unL?jZ$UMLQ+Q=>- zk4OHS$s0||`Sn33%g*nNV)CUW%w9^V;)(o*&`C{jc14;xUhbBQ8 z54?&PPu97Vy0an@X8@c3O< zC@5o&GG-}6vx7LDS*HosvdjL_32736^nAN+lWay`T3HHObH%GOguV-DwY0RV1WE(A zz%4fietlw%IODEU7%eaV_v|Y38F_eBSg5VZWP$7>=9Ab#I#dPqSc|CD!KseoLsp}x z&EXNl{)hqev&`Ize!*YcO-9={}b2FSl|Bfv>Lv&>yH{@>%S zYuED5rA!?c*N+G@DDbk^z5|J2w4Fez2kE^LOUE_$J}Z2c!X4K+RU+v0eE zQS_L)j=w8--={;Tfhvc(goBN9zvU>KwfH*7)P92;cP;-`+fdR7JUB4v|NRA^CqZxy z7);K%I8=*!13|O^hLj{CqzhYTP%aDBnHc@Tmj`>0$p&Ifd3_C=3y?ObIAvBetl}46 zz=Sa;_hLgtdXpLrAVU<#H*!%Lmp*2}GuJRcu`eJF+(KWoMs6=r_SA3dOBU5N>>Erx zrLp|HTbVfR*ox`HHU;jF*)|8e-gvQ^K<#U(vRL_GzEW_Toj$^a=5{i9X9R0rSs`_;GulS?IxZ*)-h0UiGAR6B4XWl8^5h1OO?0Sk%7|G_RAoqv7Qimijs8c ztW7F8n?!(S3C?&EbN}8#s{6eEb9u4WH-XPMK9|?H(eS<=-+N)e{pc71{nD#Q+jX8j z1O0-OC@Nt&s!m{#05Bc8&fUJv;0fxXk(tFX6(8Dw4iHO!RkdXF*V+7yJ)DU}4_=L0 z*<{FHxwga;34ZeeF5C(js8}>+CJGVq%)HyL=1e*Lm1LEl)O4$ab`k5-iPsNi|D-$Q zRlq1?y8sQFaXxVmvNF!)g4#EZgq;d{k!huxraL>Lv+=-i5>UvZ0vGY3#Q)^odH-XJ zyHW4Izu27YZh;UJgx^=PJaB>V$uK9#$Z>87R0HVg8|i$Ll;7wWPb)rBIC&y4Bj0Pm z97z1rSyDYiEv^q?E=O1AWM1qV7~Hp_kTCxq%LYKt7>svh(bzBcvveN6mJDl6DF4H? zs!1Z$pUS5H=Gah=L+;P7{T*ott{zt;hk_RFP+X6eq7vQw{k#90dJCs$opIp(m6>a} zs|=6AqnBjU7gYguyd=WjK2zxs0e~ygt5$tt)vj``T`EwrAxAKfwg(OrU9m-=*Jc1s zi&i`mqdu5(rTpoR`m3e3cZZ1|R1@zFK5~jyKl4Y$fzau{nFLW^QYRfpu3%B4FgELr z+nX9TI0)hrK%+QOZ}Q+4UfG-HQe1T4B=dRRu6^vG`*`Dz{Sv_O+S$3LL=%Cd|KonZ z^$uIS>jquDQbFoJ^9FvSHir}g?y|Bi3}YCU5jQBaPB9*hq%zR_=R!b;1OEH;^86{{RxG7>1;KHT=Ph&_ga17kPq=n8x~y3 zKn*w!CeXn@Qb#z_SU7#sSp3wR{u+W>4NqfON1X>4(rItCo8u6|6>!lF#uGy3Q8|?j zxfv(j>Jx(Yc+89ET9!HUDp|Jl$AvglOm-5@y(^YSH@}9>uY}Wr(_DbhDCvn??OPZR zmJK))PeI|@FL%vCTcGGM!En=R45ndv&O_i{1uv6!7+rZdwgD(!+BU9=Y;(R4S}+F5 zzc{p~F~n$ADcJ0SHQxOC%N!rR{kRMdJ|zhJE&N;Y;rHeUt$&%ADUJ9PFWYZtiHtc3 zY5;heD~e*B8Q?aq4?>Q7P(0qa{6s^hHOFIYYecF7e=UbqxX2@}u8a3!r$nx=t#i_a zS54Yspq)jC^T6 zO$DI;GL-ypl<NbmfDNHC?LRI0YH~$>^mOu)}(gv4!MA1knfsMBkO^2JXra5cPbk z*5a!x^0QclwHWd>7-UeYf;a^2h8%xcmtzV15!hsP7lr`RoKcEqX)tQLm_0-35gd8v zx6N}Hf&3ohR(Q!>Oyl8@RE}HCAfS;SItrWrDvv;AYjAg1gK(AT^Ic1jhwb)`*|#0> zp{$#2S@t2*GVz3O6b2eOJC8TGVIl;9X-ntdpYpL+nvBWV4i`cL*-DKD3JBJiak%Q0 zXPZC!#I92VFayxI$2n^cy8Om|X9aQ(+=(?v8D7c(&AD^`MbWol_&3SKqsKl)k#4zw zn`f2Xlpx()4PbM_`HP@u4pF>RqrF92a)nJQjO8QUaGB0iz@i5CVGTo@=cK`2|I?># zQz%X#APy_!B%?`B!e2C3-}3}T+6_j6?kF$ai6Lq-W)U5ExuW~lT;F=RNj`}gqmKoF zBAA5v>hKJuK=hDX&HY-LVuEDKqHEezifJN(%Pa2pdIE$*8$HOT3J7y@i8u5%7p-KA zCAa2yF^+sRnyWRDDMktjoJx;|XAz1f|#pO$$d)?L9N` z{`&Vx!sk7GK`xpzAQg$kZ&A6QPRtg>!Q;1sp1rTro}2{;CL8WAhfRaDL4qv+A=q}@ z2Vvse-eU!%dxj5)OJmR$i0ly>G9bH4-X(n^G=+vS+`{5IDJ7jdGJmT>58{^+ph9(< z1$}~c59+(o&V?XNAnE|g1!T9;;Ft4axjk5H>ImHry6|jhaK6#Z#E*ezJank6h7QIlttKUmIEut=6l z#P_2C>{<90tGEC1eG%op8MlRcj=zXx8!?`Vqy{?wPHPfh-^ecn(QZ02*|L_nP{|O7 zptE0wpg2nYy%HBqrYzs~&*B;1#1lSPi@Y2K+I(%l51?rQG&4zDkNvu#R)5!3Q`Kj9 zs@SfiNqE|>+4KPgwIpt2yXim1r!=FUGZ{zrh0TIX8vHFJk4mTQ7{3}S4X;X}E^3W` zbGZu_@7#ss80z?^E3X26(1K}}NiR&B>P?0G54@)?o9tQiHh>#VnxA$!>Ni|8+BPw@ zpBos66g&d(U#+-3NpW`Z_4+K}dv)PIk!71>3|lgWNFb*1onwaxX;!mDFkQT(41dJb zD1KJH^a<+Dz2UB{c`QSmjK<7{YxBc&()+geV~;i)Bzw@?W9lXRFkoNX{`t1=#p*Le zP(FQsP}ToAsN&I4OrqXOY#nmP zm-WkTWotb}i|TrI|Lff8Hj?Q5NYXapl+8bci62jw9OCNaCQ?!`>O?tqI+1yX z=6&e5HvjBS!<3HGT~!9XOuA=EDPI>btvreD5fiqCX%M6Xut$uvhbSpr7i z#gI1<(JzMHU6ZxB*=QqnkwKQjO1RB$cyk}4#-YswNmOAO@Qb^`^taBB1!e$oIU0VA z>USDgh9BDBW+q-NT?^HdUZkhf zWs!pk!IY~cuj}8{KA?ST17jq+RJ$+y);#*cJ1Mzpf4UOJGdz%ABl=_j?2(uPi-7TH z3}YRqmUAnpdK1NaL*-7(t?{3}vJrkN7oatq7#fdI1sZt?B4A+Z+uz;dI!vN)_?`Hw zXh0Ry8I%Q2=Z`@wqIvr6p@zHZpFa!jj?f!EWa9@)RBJLt0gXb4J{hkFQv0yvr56s=jZB}RlaWlnQ@ z33`VUHq~CGHB#Ec@c5meCwq~hjUj&B2|(>|?pngT2v^R#1rzy-PHQ_x3utiR4-g3l zQ;m!Y?Ukv$uwi>vm#GYZW9+0zf@k$92}l|&;eyN+kNnb5`I9&1k52tb>5hLCL=cM% z4?9qH{n6)}^y@iTg+?0dZA5_04z)bW%DxkS;ZN|bId9~<5*(+HrES4;I$iKCC+SCtICi%W+$1wHmTu9(p{pGI-0cnCV2mJ|jL4Bu* zs@)WSZ2-zG!!IbmM5AXX=PL<1L7Ir@pGg)Z#up$7?4b8=2M`+fX6KiZ9%w=CF$fT& zL-Vf-{_n}pWNHmrsrSGoJ&;5ltJm##G3}VX94y&`rDa!^sCz<%R(r!vez4%`K>YnRO_1zy6)Kn@(d)=(ngdrSUbQVP0-!FLI zft-wW4((jB*AnH@(s=W?Noo81PZu@nq{T^^{VX_rFZQvDy6m66@6TrwGE@%kbAkC| zG~vUa?LmSlWzk0ic9t0Jo&R%u0on~#<1jmBnA;#2N`q8|AH!X7lnN7A*H#`EKsu*V z#MxyqMn9X+pg<1UhB3?+v+WA=0gxq3S)X^R|0iKm!q3irF#~}WS}6!f7>kd^Q$rrI zgvsK&C}lvP;uD;w&tllMDjl&&D5o>Ke$EK0VT_VS zVdUQ_W6)-X5EUC@pDB1dUmkg*pqKg7gqRzL=u{2!`TP_L!kz#9#S=%@L2#t=oMiEp zvBqfS9HtYU(XZ1Cj2;(+zQ_My7CZjtXGs|?Ji zVwGd`7ZzimKB!xRWbN0M*KcLM^>70EX(2tY!KQ|MpF3PST1Osj4sjTXlMzhb6n=-` zgo3|kFVb%sVTr^}P&h5^l?J(fdv*}YGh(1g6mFUwI#OIXe!=jCL!wYvTH_X@m<;1< zH6Rlal`4KvrwJ3o4f38JoB>=CJP>H;UcvT3$VsGj#fFbNG^9@uG?*Wgt22cE0>vHxu~64 zS@r2cu8?}vDYGo5TLnYX7_3YMa$1NqcPuu=TQ$9J3WBh^w^w>BSSft!Sm=U*pft?- z|7fkPtR3^0_8bCeZ`*o3UAj#}IbnUL4)Gh4ahl8{D6hjMaJ%3V-TAq>yD7WiV{B&d zr#BYu>7n++eF5iJYehq>k8f8@eWC}3EyO$`I5~=#uu)Tct&pW0V!yr@kp4|dhamX+UiLwvW6A6oqqG$uibn~+~Gvk z6bO1RWw7*WR2lVVgxY9~*7jT0cS*+^+1AgY%K=Ylhf3G6; zUj7{Rd4_yvbN3?jK9FVep+;xK|~;82Spi%ueyl?{kS z^Qz|^TgDHdkoi2+ah)W{nw2mZ&QGK39mlv@SCuuwm|wDTof~;?Ty;RkHRBI`<&-6z zN8LEJ^)ZQ=9fhD~0S12WdvuT-+$Z!c6@eHev-wC4c)1}!B#m2egYuP9j7wfM*D|N& ziV0>~I;pvOR&3I?ALJdMdFup6-%v?wrF}{peo0pl4>xXv=LVAC$bmYK1YX$Iqa+J} zrZ=03Pt9x&z8?3-^L zvOBAf8~ivZH#NuY^ttMjs@Gd+C(a7CQ>M*#8>H%aot-3C)33oH5n_noOvccwZB&y} zzF?Vadv`ggN-b!pvndz1Xe#6g6xt{t75gAezfeOTM2=K-%&IUa*isp8GEFs%08(Ax zZ<>7du6eRnbKGaoWg-C}K_F&#_*a|B2Z`vxMGHHidC{f?1v8ZueerC7sA5F|ohnaS zq=2Zh0F!xkVhue{yqIJT52chL3gnFS2Mh#RrC9w0_P=O)_Zg7;F<7CLdnto_c$Vfo z^~Grc#fV2FJMqEKw1Q}S^xNXwc7V8|?teqjWnQ=}&u+|t)>~SRt4F45^$cxH=K6@k z9bOakaBo8XH(k&jJY~NbML=PyB~2|+DO$0;#KgucHH`l>M5r1F`{30wf>U19gK>vR zMbDVI@l4-gw83gH2?`jLQKM)=dhA8*cB#2lUFsf4AJB^TXCvz{iCvA~91qYR5dpjs zyf!#(F-(GZ{}S5(@vF<%@m+%2-tZD#E09ZX`|IWY$hy*A@ULV6V4eq9QFv&|leXk% z-);51wNRt$ZO)y+pdRJrcmyJdrNMwA!33Ii#1CSm?pGMMA%P_QXNO3gF1>vw%#JT@ zhH653Oj9)Cg2@i3d|da#ZEcIv?p#-8%DK0&Gzuh(8RUw&_i<(oqOjoXtogKAlU1{?^ffjy&P2ujR??AI=Y(w67NAyN%)fo0F1}-2NDf z>c5&E%$5Wtv-$W??-XDf^>$TK_sB}h@Vvxg7`XDWhjaD_^MqTrzW3l0MSVhf=Ld^A z&KDw7by_+KW=Y%LgRCLHURz#N;(8Y$FGOfb0$W}$7?w%V&SNjwZcN_W3&n779jj2< zs7DTxMW2vk9T$ViOAwKQZi)NQgwq?-He0 zJfAJei7e|%4phM=a0nI*llUaH0suPo?%xOF{mok$ zpELjaP}PyKO{IXNvH~(|^04Ibu-IUWnsCs93VHG~x&tstP3PTV470C^sC%=mx%0e@ zBp#M_!wgSl4rEn7Hh#tc(ZPJ*-DEBo1Eqnf5YH*N8v8sqT|NUS-L|1OsOem>{}e>u zT~ffdyx*1v!lHC9$^nOqEmW3qFUgBU-w$Q!;bpFS&G8L1Qj+MzMn1$g=|53&F9p*g zoYh!^?!McV4TiN42Ugf*7RP*7#DPBm*g}KBt4SwZ;|%HFpp>ofs2~|8>5R$-#w7?X z3xQ1+nqor|cz-;?P+-cjBx>GM9%0nLAs>?!54rLMtTGE$!t=B; ziCI=~-`L#sBnns(_TZnbVRN@HccBANlwX^JK4x^=->mL6`0Y4&V3VqRlcrP~l4!^& z@`j{7N6wcrihLcW;0@s^Jso2iWVO)fZp!R#IptHC~UnHA}bJT3}_iZ(JJgS_qW9gr?#09pg&D+ z{nx7eJlD_6QibyEGJQ)Q2`j0F0)E`2GS!dp1Ss)0w=#)?ZV+<#sms`juHr}YyM7i| z^R57vLS{sLzFmC-O9NIf#?X1$N>kBt0A(x@Mn9V)ZgAsX4ira| zCc~?Jk6*5|ZA@Y5ePT1Urxu06CS4fLN<;_N=ErZb9hWw2$ac$MnKmODWVUh3jMCb_ ze9G*84Kf%9EwrFX#h9~NP@_BYcH_m91D3-Uv_0a~DUPDsNV?4N0`Xz8S1zD@IQF(c zwQ$bj?dyqvAo)8BpTOQYDF2|y#WwQR%unLsDs)VQ-qLnwY4l+8=H@u&1*Ftp*FKx2 zXk9u~Fr}k-c`j?$I0I7c zv9PR7J$5!BSDQqi!ia#|q-;fiJGrF-4(3PEK07zf+#rqw4J8{p!y6;poLr0oBU z+}ccOB=S_-04K2bn=c;?<5Itm*jf4{Ze*stW={g*WGQ4rwnq$7=t8>z^vfiODT!_! zM>!9m*Hxm^sD-@xp;vFY+{pQ8cREkt7R;vj3hE5To_@$S;HRG(s1NIUM|^D zrgmDb^TW{{-l&rtWdZqX1+3=cc=&+xCZ3<@f!NvKeR&4Lw7nI&N0;~G6;5b^ELfDXQA?mhrY!TrPNwf0B zWD{7{i6aIYZ=zIt=TuYbUyQ&1oy(^DVreDInFxusnADk;-bSjFtA?Z~HHPOfK=Gpi z8a-^K+rKf`BHcnRjH~uKyS$B2?&$sVs5KIFFu!!F z?au|B<-0LO_eYj&BOj9HzOTKSiJlhuHy2Pg9~ILh%l$@*d*S_G(#+pHs^T#%Zn7f! z;sxi-FbRB>g<3-Hz@tEN!QD&4cV_3-WDB;ad^e};`{!@kzKQ97$FMOP^YZ;n|A-@I z`QG{hL-b%~S+QUA+s83gCI24T6CpShC=1|lcD~yFFVUI%on;qw6OneE_|6YFm$0_H z2uu5W+szpLB&+UwGEzuy@#G0)v;2 zZgxYje6a`ixaV^i|BTkJ&BdQ7Uy5X+Af}sB3>$~J>hm)Lua;tu(#vC0oleryFNc+4kdTQtq3wJ*kHmQXelQ9GCB2{}F&^ zwHZXXM>8tEid(u5*XRB|37D}*(JBKrZ(Wy(20;j#=TEqR>d{jrZH-l%EK@Hp!mlo* z)D}{&{gsWmV0ejmaP{}$lOEQMd9}i!X7*pX4}WP8XP&&Ou66$0=-l-&8~_}e6IY4Q zNAi24D~94JIF+MetrdehRiYVfOJaQd=3O?eOr82JT5SA|a07hEB)yCjvBUeM1{}|h zyYgM_Php+~QUsg9C#dA=W-GK)In*A>)z4Q_LMbAtSsQTmR<#yHv)bew+jdjNFvj4D zZ0b106H}I87{G>F zscm;MPi)U>OU@V9P+BizM&w^?atJid$A z(9n0!)-~)x0ht3mx2#zl6!Q~og^6IA%HU5E2Es=I+de|kO7qEk26DG`cviM_?F7dZ z^-=$twV})wFm@nQ+&`GREA_QWuP3qe`MdF~GMl@(<}$~mylmku{VH?elZl5ppRMN~ z7uXqEB-d6HtQJ4ZK3{VD(@Q0UluX|QazHkHmVplksQsF7HeP_-c!aOZGY0XNK?a33 zmPx+MmJaY!ful}sx|>ZTO1ihoug9qs|HAd@ipwJc>T0*FhaZX?NNZj(J46QyHBRxM z{Q3^AQDK^UKRo*S0!i4yQ|fTxbN@(ZbRTXBpR)*6Af7XZgUl4-R;ee#;52GPdQqDsx?laQt-%5U%#+)1d3fusaQs2s)K(!L0 zFTvusVj%+4c$;tUp3kVeFN1LyOV)|6{|0ZRJXHL3lxg{Y?`q39FEGQ1ZrwNW~74i3!!ImNlcmJJS*rzjwtEL&E5*@9(UzsWRYa6gzxNhuLW z&289GXPyIt6K%<*M@$gCiLCpu+O#DZi%I{%U*M$o&#}V~)IvI%R@%K6nD{a1F|w`| zd(=`~d^IQi{_*!BG5D;(oBcCIRPv6N_5bOk<+wzR?G>yV3QHIu%MDR6=tm#*;+dCmcyt+OF+)3`!1MB0lSP7kd6>9ubD^6Be2*@=QzNBq$q z%!SZ6a2Bf9{y!YugwTpA=?5RmQ$k(SbDmu{Bs?sO#tDVOdJ zNd*K&QA9xmi+6wTA24%WGuJsYXXf1Z=iB>3qGz*aN#$kx(bv6@uQyK(2Mvc8;2Gpr zugWC8|2)f}K~azVniW`Ry;uK~J-}$fAGf68lJ#7297`JQ!R&S@d%XR~s?vj+IC>=^ zM&H~Txb9LedfX0n$U!YWh1u3e6S3m6H8P3Ly#phK%*=Qucg_OGuv@<_H)2Zl1#$ii zrgSUuS`6Wfd=#T54k40pmc!XWq_OcK?Q`+mRH&W}jXc_5MQn=Q0U&|dIY+-bjl`Nk zJJs^9e{RfR0RNhWtqBt^O~M%OQW+({?XY};dJg~zFq4nF-==zf$jEU)wd+LI@?nh1 z()nXmZLWn9kuA<~+GKK12EIuZFEN^STeX?)#L5|`hedDIb#y2;t9suxg{Wb* zOd&PJ;;mhmn<#Mbq3|Os0LoD!cxe+>>g=F}IigaHrH19HQl+?Q%<_M3$rE*7JHWVA zDC)3mgdVNkaxE!(=T6v{v48|{B5^IB2Ymwj&+BGQ2Nvy!#xb=P3P*xWSki>R9c+5d+;w0`r_U>@HcjHcI&@?Lhn5w}jWP za~UK2xn3S}5|UB9?QJt%uS=9yF*A>CIU`7XEU91}*lk}(Eu!R2$47)n%TeAeP1=jy z9p+mzr%Inr-icj&ek8H2{H^zvz1-JX;WwwB^RVPHmABv zIDwY!y>T5S!0Ez&eIiABG-3Vtko^QEQda2ALwa=qDp%~2_B{$Jg7{?N;FjDGpP7A}yQq z<%<_ubQOEBoge}&7hX|ldM5c;^DV>ci5BvxfH<7%TNtIY4&yKKI4@i9=EjCH+j}Yl z65ee#UBwBJ;{YtCW{rk=PxsCnM_jCoYbFa?TV;bLGwI@RZ-Zn?uk8_-HEe{nfN$3M zyKeyx>iu@qxSBlWe7uw3HtJtOt?|Em={2);LO(X@&E3;-|D$sSe}-aNC#BQ?f|Fvj zNrPIv8u`M9ZcJEx;w7AyUG>*5E*9Jj6TAXbeD;{X!30(Q#Yq)c2X6}XT^m{bU2=^{ z9--I>oIhyTM|95$Dob!;wQMaN6dF!ari-vkXh#?Qm#|D6wz`6Y^N&T)EW|rkTm}AW<_e{SI#| zMGd-EVoreh)#RY(=`skuZwF)*Qh2-X=X5J050a2!eZS!Y! z7afasjX{OVTkTV;9_yv$vLutc>+{sb6Fyc{ZYe;G>!lZk#kYQbZ?f6z{W)+J_mw?L ze+L;M)AYITneub%w=JM^+NCtVyGK(RZO(bkG@M+NB+*K1O83)bQvFG|IbR+P_yW~; z`62VajY2{cd@yE=4(|*OXo{Ke!K5w^u5BF1@Y$R~W&!{4T*Cn*R~?qBcu(!(HTzJ< zxZ)@$LB9TRemy^+9)U3tY51BVNWteLH)#$WDMDR-HEsFtVRG^BxBuF&YS@mv)$>k{ zSl%iW{MdP36mIzbwm`v6tXPhX?9#e5_t*4chlT~ZI=m}+etyY?kfElwEsm15s8M}? zkM;N(POXQ6;NmX?2HD)f&mPUXab~*fbwQUr>zFDosIWa?-%-PlYLDyPvwtV-(T!jSaNl?!Ze*a4 z{hnv`Ca65|u)6T!d!zczjSRY0{Sk$COGRz-)OAS4&Rwhs%29v+y>$G!FS}K}^1#VB z+vMv~pX}I**Mm3wmoNpw_q-1_lwLT$NpmzJPvy`EKU=>PSQUAoF$aAX zdEfYErU}XT(2@HJ7f=krp0L&N4B=9$m|FaiHuTrZ2hJ0r`*w%-Z-w_WIyl=04V=jO zDbjLCK#e@3;RUa?W=g-sx6`UD4-Z}=lEfmqo|X1q|Bz z1ziF>;)GgNg25Yz)RDA`d2RwV8T2CK&^&C z5Dl0TTGxZOMRV?6asz3NuPxvj-r0G|&tU?EFatC!XGu@*5~n<1|Yc*@)!$>GbDu>P>YAhv)csVE^FDL`Vlhsjg$N0R85|4hn+`2*ae!Gh4K?&Px@%SYd@ zOohUHSu5iI>Orl}o@#!~=qAPS;ZjZ~QU=3-oMwI_SCI`^Kb<4oaK4Wd0b+oMFotJp zo#isY({AfS?7T8XIkRwAX@&&g^*GRU2qIGGOOT7mz6$(s96nqFkev!qm`WC{&oI-GW_ecf&LEo6m8ybto&dO@w#PwZG!H4o9LQ*-VxHqXrKN&;ooo+fANb!k$ z9$<*z1dr;6`!I)2f3zyojgX&k`}4z1#}UGH7kZyNM+#r3=~ap=%z3%-G+BzIuLmG# z?e{_;_vmAxIExyD6O@UQQD7+-aD>Hs!|HL>N<}hvZ_cV^S)i`hq?*&94k2t2%Ad{g zQMR5h(a~M@uP{Vb2KtBlGS|L}FVJ=bQ%{H3PS@W2s2x(gXMYr7XNlN*>6n}5|siBZk;$CogQ+=e8r+8DU6$31@LM*|%L4^SJCV=B35J{g% zQ@6_G5N)nPH8h@$y1(F$76VJi+cI@AkEQ}^5OMTOFgaY)hpwBpLhV~i)0U9){B4gTfXZ|Mg=dxAiUA- zn?#1y7o`NSZ<*jrfh&oCf>tweDG0D>PN_B_m`a+X_B3wi4jW$Em5! zkj%x9(%v2}ec1A1-e4UT2>`d!8qVg2=Y8nBKUrg9(EF>-)ZCz%XeC=l;#1-OIW!ZW zJ2A#2d~4VjUN#}^APl4eV2Ol9kik=N?KsZo@)tbrezMd4bGZyHd7IuRWKQdd%3aB?4VM`8Q!coxn zBj{|qQ_c_~+ufokt%)qA>J{v$6+ zXcLkBGe7G?l-12rr&3hbzhAYr2KRpOO%1vN&$6L%j*vu0$o-0pyW}xj@UeI9>{aCd ziH8x6nB5SD09F7=Es;q^Qfv~XWIV#wmW(Jgr=rLCY})($#}hyGOKp#fVi0HH2!Z0( zmldrlXZ>Ti*h@Is?bL9p<8Dc%tlcFv}W zD6Yjrvc4Ts#j~-2lBJHbwRGgtOFUU0k}Mrbw$%iSXr75kSt1I}LH*TICrked5lsXT z=M-Es@`;1Ta@$mcO<~%fMtGXxyc0$_R3t>!ydN4i>Z2dh&eT4 z*GZ3FZw$EB4YO=2&lUWM+=SsaSC>i+Rmzx)r|F>prZZAC0>u%Uat8okprYI-BE60? z-L^wFf2QdSw+H{Mb>PU{Rmr?j+kKo=^aI_gi)7{$@MpLNiS1ks@A5D3mo~z?t9_Zg zCDri}p!4vejZ%b(VBF3CeD`6vl=!<>@3E=7ULs~*@9lsN_$i%=SDfCZBU?|Yen)Ev z5%0p=^E7({K5YOV;tGKO-hI1*r`X3+EO3rn*paoM`yEOsY)keATgWOG_g?z1_u<-? zD%v~z5zjbxnit8K+V(-;8W@?|WFv-cwxV8#9n5XFDt&5~ip<+8ef0Lms92igovuj4 z+>~j0sM>&8jv0Q+sv?8adh?b@A-M4)txY7;%;Ejdhvqx>RjQVs3t{_?l=tRVt?WPG z2ndINgkje4;XbmLdwW!AvoAS5q#`M5krb%}un$LnE$Rb!kd%^gJz}srP^=@O6vJQk zf$mAGAJuF;OONQ@L9A+1enQVK`&5N|*Q9=WEayj(KEN+aQ0`_1u?2>mP6&t!$U!lr&%|HEg)OqeFFZgEeXgZ zr(5uApwfcA&?k+IY4o}}Q-zG;-YRfz6_BwH`AbOUM4<2VQ4&Rf1^$R`kZ=m#i@K96Y)AxW+m@bG3Cv1mmZx>BgyLbUMzI4xGA^ybGd{s`wt2HPclhFU+q zx4v1?t%&)@$NFIjkH~&YK7jt#?9kt3dzN?an=l!bN?3!Jng7y|4(Xbxt>7ZpEqOmk z6V`LwBuDVBC30yr7GAG+H%H5vIw@N?qgZC@`a++Q#HdJaZgmJd5`T{-_+Us=4^#y; z6E+hxsTc+E=(M|LE(LqBSMuGRm2|8?tu>q9@;%yGJ9*F+IhxLAv;Ntt(`&8G&47V$ zTiU-as4*J|Z|DlU}fS#4xyw>4V~QBS6Iv6&@J(Y_JpZ$u@Vftuw7_BbBAh-%ELGg4&L zI?h3nW*GB0%oz8GjA-gl8@02rnVGL)K;IX9FUk}gp zs;R@GzC>=Suj;0qX^A$6r&`bmXi#_yypUm3@E}iEAHuc`+*fI$JWCcH_ z{*ezup=yJGD=+9LIU znze9)_W@;StiA$eDAW|h(}DrQL=2haQY6Z14mSA8Ynm|4?cQ=Kp4GeFTj$Gtp`KM^ z5o9!yRYFi2igVC|&Hx85Uq&zw&y8<|CsQnMk*}Z>u0m@K)hbK&V5Q|gxpw6FTWsXV zBk}Hcp^y$w?o!B5_?!D|bXR(z^KWhyUYw&9@Kmz3~ z)zz%Ma!Jz`@Y09z0IAMV+>Y<9~Q?Fk9oz$l?c2ja{v_{{gv_ z>l&pS_%L=L_Yf`vhY&G3z zHJN-}Ciq}3fz`XZy4b>`Z%KtlGbh>gRf9Yp^N@$FxaHmtOQykLiU92n)WMrzE}HBx zNT5+v(x1b{%-{R>Al%5|*;piRzSAktCI@qvHLO^5JS%7_l-#jsS?gI?pXL>ACta+V zOqY&}DEMXI7@8Twb|d;pql$W;|1BM*Z_bDjGs0D2r}IT!sr2JqEgN3G+85nZUfFMx z?@JGk4J;p~MOE(A^N?y449pFqDlu{Tu1At=FJp5RlHmr{QZsUY?vc{c58s4dLwQPC zQmhh_nbV}`P7A12CPYhF=oMPs>Q==7{y<*D3pqp8>Z0z+Ax@jgWb4FnsU3oj!pzc& zk8eBc#q$~TLU`kVzozK1XaTQ?tWejQTXspyJ?XkF@~HR>5)?0=6C_CM0hC(7^|&Cz zvJuU;@A`l{(UYNF!6e0WpUigFfwjK?ileNx)POh6rxwm;*ZGCS>}E+*MDpw5Y8k>_ z+ACbPBM1%ZH?g?SWFk_lY2}w@9mQh09wR2{jedb@;mn`V<=9oSWy!}ukzV$7ECNRH z41NdJ1#d`en0&cEB}N8mrI;-t_yG@S+k%fYi6fvSDpP-k2>v0xW06RYJRKZR_Z+cY z7!n-J^TWy!YGAp}Zqe@)fxXmO(KoVpVcpr-70;WP^THo6zuxeD@@0EvJ|a(CL-vc; z*O*2HJ9NBk>KC6M(Ic-Z3&QP#wE6-uERWd(7$8Rwf9wqPL3<#W<|>!EzXx+8`B)#V zKFydNOoO-&?cSxjK!}6Rd!#wRTKFjQBUL-y9$LZm|VvwVsBMg3`+p}(` ztY5wuxHw)XW<7RS2U0#_!tZ|ZX^$a4?3La2do1yiz2aYs$DNZ6gH7nnn_h!KO@nm* z$zW;Ks8yd)5-pZS#1oQxJr6fhv&P3pb6aFIpdik`qz60mQ}H4b5=swnv|EdsLf1Q1 zvt=^L9^=!WFBe_kkaE1%{TN*R(3@pcOkpX1Pf1e)4z*lsK={bgsHpbL`7ZaMdM+TBtRQVgDMXe>p zqbY?+2Q$Hq8P3n8?smT7zIAk>>;tEj_b>VjVmx8ZpQIv136oS0)BS3CHaq>SYP-ca zhQwE}%P=6vaD}%aQfbab)@++Yw~>*8CXokG^{e`h`OqB$G(=l3S`Qs(h8e)~v=!sA zl?uw8GpbuH%DezbcQh-JO006CQ+0uhM@3G&)P|y;9 z_`VZiGQ_O1_IWbdD1iioVX0`BU{&b~A9*xcU`17IDwq)JFV)zd5-uXvtI*o`t1$?Z z@R+GL5H0Zs$)Pg|yDZdH(AN?VQo6O8qVY%NE^jJlH1z549c#j!l@Sn+jE3mms2&0I zUn)^zEICAvC1-17MrvEqDdK2e(jY-LJNT{plPAK}StnymJVH0FAe|%Wk>S8<Y@*|{%g4_>K|ve2yx$trJ(9;?@@Je8M9+S#raMq zwoHjA#+E5$g{`-hs6KZEy6XN~jBdMm?HSRjm@*FDf6v zVl*v!d!?lck$*`eXm=Iw>j|3*zFNd}eJn$pfNhJBPo1aNG@+V_~8B7n9^slJzU)IhOm`&vjmTX>)$Lz_i6OdV(Ih_ff1 zcJG;I$>Jghr2>H5vG3}a$*Wc_MptEqbBAiVyo^NmAUhin#SSA2-^E>CgU*zmY8+s% zB&N4-k!-gOw$=CYvtAW;aOe3g{*%T9(^jvII8H>IVsN82cYT1czP_?yfs*d+`w}MS zl0ix}wx~ETkWNPsI!mOg@uEgkjkVZVoymKg-qXukaT>tIdxl1N%rwbTKoK;=5w+N| z1A$V>?D(Qd*--;Z2x|NoQqO?g=ziu_;SELU^CMR>iqv+GNlh9kV~}v1=LXbGq1+S0 zJGj{R0E{;};0Wt&c}Oa(?-O4k+$~A$nAs4}-GJ6@azryz^o7^VqQRWpRR&rLe`d4{ z{g=@Mh-l(+lrM8~lWA_i0AD{n4@MhFv9f)xAg(l{cK<$k*Ce77rE{_<9s3f={Axx+ zT|k<|4+(42pCZcOdfZ&|Y-u>ibYBB&>?R%A7DwT#qy-v0OhxxJ%S`7WPcN9`HOj=j zUu&JrJks~>jp3YQrK!30upX86WTv!bu6caPm;@=fYYT5ZKpc_!hc2HjUS+Z z^|NF#01EhWlF+a>5qATEkX$!8Ein34_R$qGj8jWD^>pu0Bgv4^e^#tmlhzqzndjcR zDvjY?>tenB>iCVgy^jLH50^u<E?_FrE_jA*t&C!2!$+N**X39~eJrY;Z%mhIj z-y}Qrl_mWZ>|gC{B_Rhf(SjAKyVUxN(U!jGd-*ao|3j(?mQ&pI1qO;GK*c76NrD8+ z+UXOV(6EOMr3T^IH@H-Rew0Ldt4(H?%`8%75f9ZXU>O(8hr+oyesORhO9V;PvC(nP ziJ(xU*XW1KYh=)K6Z)uFAZ-H(hC+$RqU~A5SruO34Ywq&jFzATiYrjArkzmu%<7T( zs*_!BzvT0R)tcX;6;-=zvRobPFtf?HIXe76;zFN4%NID~JND(whxR^Avr~>7sv4<} zsB$JI<4Ke$RspJZXnIRP&ctGzbJ+fJ)bv-o0cYfGfq{wK=WMVICqz%Ji0b0MAQ*JR z3HHS{Q#u*i@HRgTE_9YCKMBIDy-hhx7P@q3aoc50iIFK7`8Fz=5Mt<3%ibort$GBV zzS_;6tGU@9BMxKJ-RIlco&1WS&jRSk+|aN9&K!+v*mEo76gmc75f@7aC03K#CxQ$w z?El2XojzPH=R;o{IsJ&k@_Mcnc*ZDk9&D=|kZH%f4dyPvfus^4LU=4Z=fJLOOJuVz zMm7a$0%XIbXn^WfRN5ggEIYJehNRG1X5rHzDG?VUPs};%_{O`PpQ@cjE9d}~1r>)Ni~${uUWEDt?w3N>zCO8YVyD{BSu#~>i{NxdRA7YhrnZxJ_t6+b zN`n|)ei_TH+K|aZbOXgAQ0fdQhCI^HJo@`1`Co3H#pR2UDj=I)Ojf^Uxo|>|g4B&X zSD6RXyIpOl+a$~YJ6fXD>R-LuBMHk|Xa8V@Q>LZ^o4BjeqSc7# zRnC0ho@|c48S3F)ENw-lZBG9wk(c;=eBy2D)Br1Yw?(_nRj7Utw)Eh3$AqYXMaHJb z_opR#jD$o1GLwQfuC+xQ5K%pl^xrDx0w58mHIrjsGddoLj$tDJyEw#dsypnG#Ylqj zcJfoZyStv$-&0R_p8v<3HqfyBN`Wgd(LD+wLz3puP1c>}+B2YGI%RxdfvFgPPae=BKV7>6 z7A!vTEeFMmS`H3R2VM82iJ8K^O^sHIz%%)q~fpIsa*U6EGAbJpT40wU0N~>{-;vTev6xrZS3~5 zSJ#>Y0kF6CpdMVQ(?8W>uIn%YUvHbW#w2F&tass89#cAqjz4uNFgM7kA7aib62|Sj9D7xc; zBKYQyMa>e?A=um>R`&*1oH{LZf_yEZG`Ls*!T%b$r+EAFhTn#lSby!*6K0PL$YQwQ zii40Qow5}a`T6;V4PE+r++C)7oLheK-0pUn~D`tT=)IY$xJPiEA1v0E+^M1`YN@Ch(lgjPs~# z7QyaJ9H+cKSL@pAi#wfljK$2r+A2fa;B+PbVE&{~|DNBz_j=ZfFLHHNgKy0048Oh` zyt=S}<>!ZgskKK2Nxy9{`TdWb zOvJv|t!k~3!E|nZN2uH$)s639OklqAdsyP<6n}iB@!ZV1FE9-AH|cHCOf-dFG_PgS zaRVi?`^R&pzvkjk0Dh&W=)bf$2yo-Z4Uj19KkGCSPidnVw8LPWBKO5<#CNNc$P-se{QdmR7- z7|tP6k3JglSg1=&k;|;=@m*o?{!IGaRVI(WS}~SMthmUo!+uLN9U&lWIPAX_8z*Fm zuhfj=Gh(^R_^b|H&C%^mPn*|j(;EDj8wqeK;f|d`iIZWzrVvV-_E;d zdhTGtftWeP53yhpXhl+Pyw_<(%)D2Vs>`fQ)ARRRTE<2)^U??-1tZ=5zjds<+}~f= z_=$f6Q5s6dajzH+b54&goYPEBgSrAbM2Cz|+?rr*q zla=~R(u)rOc~;&pkMdw)*L(#|$wD`EPl1;L%tc;Op@nW*CEx|cqpLG3K)JpY%+U#$B4ZZTE9+>HS<$-SSe4CwHG!dA@It~^)F=0DQS zHfYe-u4KsY*JqpPQwtfIOcXjJ7_8DfKy4bxkB3$lxsI`HN`mO22zM4Ahr)@idj1aF zbE`s@uZuyH@(O~21S#i&n0ZC2rkWzV!7le@g$z^IC7JgP9gE&{d6SdX-k&W_6+XY` zWK-y{{dEvhdCY4ltMG*7lX101y^HypejJ>bH%ubZ+`jDH%zgKLuTR84+XF1MlP?}% zZJVqTnCDUy^_|Fix3oKp@vPs7&StBUVHCelR;SB3+7`DeLiszb%lSc{SSsG72DK?H z`B&qVStM&3s&1wEEH5vhs&vF9TCbc#o2|`ljT#8tmqCl#kMmO}&E9#L;<*jYhqQ`@ z4Z>{qdtI|ZD*A5$4x)Gz+*3$d!9j%8uV6-OV(0U$%mmLZc}u;(FU(t?8qwb4e}tSh zUjZX3jS<(w&d*;HHR~QoqG(oh&Pn_X;<|}wICtoKh#08M4S7&^U>;g1%6u* z4As_Y5{p*p&rqk2E&3NXTUy!=u3mYizwdQA<7OpK(pwK6lCaZ*GMk5U293hV4)zlT zrL0+Dsz-z-6OA5FtzY7#G~gOyNO;seH)1ZSdehLPhc_&`wS;( zyGc%ee?&&rfZ|+XLZO9>3opPux_C05=qYvwjqpVs2wqrOeu$lvyh zQ6dIAZbNe~kIj_{tq1LP=>3*Pu>xn0!@*NaKSWIXx=WYC=RCRniX@urIyQ1LB}uVa zJ1r~J?M~#Gt~GQmOaeR#R)e z|J@h-wKK)?M2Ovx*DND4xIqdGUpmzfCPw3>YBRUkYJ(8Y;Cu$b3|& zbRW&FI@iS9NIg)#XQgc~2xe|8CN*uT&MEnR;qXG{-PY%v+#7Aa6t=)doy!uD#tP=#x2&oja(3_Gy)XKD`}B$~YHqwaWo^+y0F&yRLf1Y$tv}2mCqVuDj zPJY@8{RYWslkdTa>9X}jbA<+Ml?^(XX@>WCL==S%!t{+}$W+`E6osF+)aEpbx>?H< zgmo&6OKu$N`0zgHO~&5 zv_@BLY_lQRD7U;|!F({fKtT07`tkM-M_2a%iJwGf�ByV>e2S-`%F--51{ytKS&C zO`GlJ3N3ta{08oM|I|kLfb;vSJFzRjvOVn9TKz z%a?u1XfB-Nd4Qug44~2LWIei;Jd$UG0PzYx7<{+8%+6kADo9^qawkaC;Dfc4(y zYW-9g;P|Lo`5ee2=x{xkPs{BhanSc=`P!+Vs`T0Qc=hS`lch10XNcn8saaV=U6Or6 z2>yuO^46cwj=ksGY${}rA6>nx%J$vj#ACw0g`-x4 z?yy!lwD!Y+nfJEH2B?3>Drv`(nwgW=72KLgMHNqynznp$$Yi*`1~D};-PjqBys?IP zbHY?{B*t9d6lO`IS-?c$H40@}x%X%3?bj|xZfptHS$VW8h;6Zg!p|Nk^)~4O#_I`Y zump|)D*4F4_T(etpPAxIN-KU?V5zOm*cP%|=d#%s%nny_^oxf~&?bw?zdz0~`eGP1 z2w=;6#;28t^|ybm=qBed%+c|lhZwO{PTqcvyXvFWNKoQrc2xtAjZU4PbZ9p*K}bbA zG%;uG^F3M$^ur&{Kh@*7{B*gC(gIbs--vAlraIDJEHYXG1!|%}wg*4<$`~*0fh`qG zdABCxxIINR>H4F^RzV_(!`!^(eRPf@d9f@F>MWM(^t>2RUI28KyUp?jC~OuBaUK;1 zz1uQ3q4i2oR)tomLwBFQsb(&@^F=Fg)``ACm)#P`>^aQ8fr3WSJ+b6LIP(aE9xz#y z%0C^Ks!^9iffSRY1@Y0|x!F}XEpZ$W&W82i1sFxcRLg)2$9ZyzIXXSCpR!A#JFA-? zd7#T?bQan}%(muiB>awXaI>LsB#IgbB&&(06b1Zo<8EXxlk?7N3TFVs)afLAA`iH=eG?rJ@16ef8L_{=?dO>3s7@U<=AEp~zK05|8HP=kyLvm1 zoAYbi@$0y~cb|5n&lwU=99GEFkoO(&Oy7MJr73<0f~x>++v|)>0hE@*Cp$;dj*0e^ zwc2M3ODbdE&R8C$n+n>`p6@bB8HR? zOHYSQXHaL?TJMTNxhzLV86HPV9VeK)kFj=-b-t;4$9&s^AHaMF;#rN3ztnhw6}V3r zA}ZjAISomssP%z#&6=#J?-}S{)lZ_)AHP{-8kIOlk57sLn2|#uDl#1wp>eEJmd?t- zkwbQ!O`JDS0vRo7_R*UeOw^P?`Qg{RQ5Fy>3<*PUA?Sc! z*ixgOa^?Qz;+NcYk_`ghm9OkFvn;w;_bIRCKcOjePdl2X%61Jg0ypy>hKlY(7vQA2 zszE!J201Q}_J&P(b$XX5h7$_p3{&Y1MaXlSqEl@x=K!unj?HT9S;NAy;$E^qKp_jCbrUa8F(Lwiwt7o*=;bAu?QglFJT-F^6Z(FZVei~I8Zo|w(tr0K4`#zH} zc>9H)O>;T@4KGs>gk=%g7G^>pp2fzgN{KoCZ9f1BA`{n)G9U6iBDxK(WXvhB#eg{neBKXA9d7W?hJm{A*lj<;r;+vNFly%44)8cm?C z0Kvw^nO55XE(c#M^19>pPrsk`{Azot=0)!qy*ijzg$MrNc=RWk7xG|oNpMfO^z@%f z+$}n6qbZ8|bE27+1~vK};6xN0^C&3!>lMHMwQ)VLRgs0h% z&uIqffHBF}=4$dAw9ydZ^V4`LUaT<@Mfd-Ta1pUC`0`~K>7My)CXtbH6`!pp1SMc7 z-xji{4BaB}@r?SyrhhB)jm_-QkugVQ#WjYivyCJSz!ZhCGYfFFz#!y(f%SX9uOGR7 ze6*mzZVx`B?s;&_U6Yb9^!uOxpE7mo#eIwZZ?DqQv*sivSPDOd3iRqGP0`*&`I9=# ze9a0hgfCh`NH1 zHdvH<;uggXC+!$*L)&SW9P$e#64y>J<^@iY1~SyQ9_oA;ExQE>JO2thnR$Qst1L+A zcc5*Xv=Ks7jpLh2bz%mWw63Gk9d<$gR!HQ7pZfVnbqQmQZKP(# zH?jOgCLCt&pa1?{nb*_NRK%Gwb#Ck})7r`|6?jbFT4-E!3KCOl`lGSvpHa= zVb98&`rH2jnGMHIce+sJVt?JLPc43sx3W0?*J0Fj&diHtDFDLv01OxYEN^|P<>XW^ zA4%T4IF5>;{X0HjJ{nkol#o70{5M3arNQm2A-n+~dlt+^J1^%z=lD*|Ao3h$p$+&)uA?m!(WifIC34 zLl;3$2|;VgkURBU84Cszqkbler}C_>>X(s1YRO zrtS&HSY6;SDCZcEe`X@6$qVUBHjquxZ87*QJ0`~wEux_95iN?r-qO3~&G%GbY|Drg zi!{BxH-x4BZIhWYf;@d~PVB@W!;@TLUI~GjMKQwQo{@;JWK;f(F8pquKeH{u*l}31 zJ+VK_)fxFAL#7a6ODxqMfNh7n*SxySQ$h!=*597k+v2J-U;i?CabM`!=JD=qba}kO%vU6s>mJ0bJBe=)# zh>mhrc|iV@_m=<>(18&!|M_HezB+5_h;XoxHMD_M#RSF00L|ZrRrN)=koeRTMbimL zd}jdC-JigpzwhwrPgFhyBY(ntF(5$zA3t#UW=>nDYs9_7-0kJ`h(hzr7y0s+QkFo< zMO6DUY0dLcyv~~rk$!;L5Dbq(3XY&{{$!GY$>^{d!m?#PSO!7D+YL+;Kal*-9N#ZL zAX#tMZORwb3vN^&Qy+xUlMYE8YCqOhir98Nbc&`rRsdUKZ#hPD6y1!XrC21jqDd4! z0sg}>;88RinA0cf48DYqH}b%rk&P6CAYv>Fr@)O(+Nsy^lEyQcugdBTze;P1)}NM(o?Fbcv-!#+zgIifV;$e87V3-Bnd zBw8Vh8c%?W4$&!gRym_~)yw3j&XEcK&I|m1rx;FjiVJ|AFslD|ij`ZIfbBcmqt56rCu6?6#-KdfnQd^hm785aM1KhoSHxm_k0*6yfD zL+wCN>x_I*sXY+M6MFIcvFl!@AiOv@oawn?A=o=2B$Zb1URAaLnI#OohIBVVwzW9NO0gm0L}LXmKoGZ;LDMggtJ{yKBT(v0~my<-WvFv;RJ@-qD- z4BhJm^cLq?pQ_EsV1-R({*SBsZffHF1Ad=Q3MKSV4ZTb6#n3y_I~Wk8_bP~n-XT@W z_}bz4g*le@*V#yx;M58p%+M~XFl?GGq*MdUYW?V#SI85%T3F$|?*yQok~?2a>Hbp; zwdriQK42zT`e?&!){WZwcg*v1Hr-TgvIBP@*&|Wf-{#1@?_{(2ZSFs4>}uk@1U8S< zpwh8qY3DzdE?zS8H5vC7CFgHcc}gs#6?u0gGFxm|oLuv*}lFrB2R57k=Z5LUCPBT67cN7XP4%C_?O)kD@f9U$uh9X<`316V$2 z&V5nwwpH_hv-a^QFV|Z8r&q;^(M2m%1OrC&zi~ks#xypm!Ja=)C5Id-$^K6zHj+6` znyHeEyD~}G@k^flVUv9M8r11Yt(EYluoiHdtu-GQ_AF5iOv9Fhs5}4BmNS$u3LPbv$rxLy<-~Ut1+(>4mM6LEN zfx-kcFEu8yRgpp9xI%=49zSOJjsuTij4GC(k&(P!GSbJ>TAt{z~;Wj!Vontco- z%B8g@h7#%ka(p(TJqQZTzm-$NlE7~Cu_cB0WP=`Dda4*;QKFT5yq4{MX-VbAB&e*>2jq`O-!hveDVK~@hLFS7rP~|2z`$Re#_$ZF zl2NKmN@AuU%QkJzgYh2?-9V_jG%(p@T$b>J#lk;CM5WmdP&kWc&K1%}H|y z14E%5S`jIrvqgQ+F-nHuqF!|I%77+T53c}Zt==%hW&)VcYW1(QVo6d+DtJSH$m0=^V zk0p;Eq739NeNT*!gDRw!j7oS;+?urW$r>=d>RK?uGMXmXtX5z0-ul`>Zi5R4@bN z(ka_>%Pp~(jv2)amvWTzv?Y5KuWuvD=3MsKVKlql;8-e+xbPc>?Gzv{`9QX;z+JUL zxp^~ncxy}L?X#sfgE^zpMn6z*5{LDM=A%r!0{7RLGxP3^g%-s~B~rNj_Vs<{jybYq zJdiFb0~OS3F+MBC3?XKGrTT5oZ+;greRmjwmMzx>s$%_M$(W@vy%;GEWV&6V#UbO} zf>+(MKZJGZ{Vcx9I^uTeFRj`m5HAX4KP}#|3$vb;l67r_3hQajDK9=0E;WBZ7u0VI z7gQAYs_`^8{B(k08$2pk1kzqy^<}90+p4I$uIiWYvm#p^+O-=zHH`(pD7ZptDkH5K zi}Pc9fP5g01h&Buh@y~E6^pxP&(~|52D)F5$^K~K6$s#Lt+KCDs;rXKa4?>INZ-`> zcV_%_SsV4e_JhLJ(Ixv5383Z{q35J2;9RV9gq8jzi1`x|%@GsaILci^s^-o0-|wNA!L z|6;x?Jd$=g+M>cpAbDy}AS`s5Y`Gm8N|U{196}_b!uQQXelOO~>@-{p=3x1_@_bc{ z){DiRF~4fD+hWf&XpyS%}zgg5862l53;=9 ze)q?*$i2bV-b~QViO;&152V7 z0rj1Y0vo|W=q(}D(r)%5v?Bn=uH@h35R#Upl}4_>duo^~Z0Wbuf3_k2ap!z>g#XpT z0YUkHGqyX+njYQOVLP|j+m56w>oUJNm&X?Qg3xY;Y1+Ogmlw*9_sRjlZ>Bmh%>hR7 zx5NVgxT_!u)9EjJgED9n+)kJZdQD>v$pJPT6rd_mAYn(HWV{&Gh|mJCBLFe&Ch1=? zU@=lKXe(!_C&%v_Q7U=26!LLw*#9B(ktW(EfZuvowdJH^#7Pk3Jf8^(fYEW}MCy2A zVf5JBRpz@gUVplDZ2&F4@4ffh1J9AOOk0S5I|$fqAZ(GiH+cCp()UHF=W?eH{jkn& z7!J+geO;X7RXc0nK$Wb6!5>`pXR>0Ot%0!Y01rr@Epb(~|0@j70horrmi%~$tS^XF z+x_o6hlaL2_iy;oiLYM2|Hp^5>2Y-;6D#N)ibc1tM{^4W5}XrCx&hR}$7|ufA6ObD z9kcyPMz&Mnf&idC4zz{^u>lyFYak!z*b>QJ=mJJnPYymRqvi->Bl>IIJpU7-jfK=5 zOTBgf$4A_mKnf*dp%#e;q_^c&bTz}GP&=>4_qSS+q6AR;bzq=KJ*^=;Ar$l>&_6BA z4LKJbs!gw@4S{Qe;MROdEB0LKr6-TQqMx9%9|_O{Kx|l8Su)3U?2?3blBG(26{mqxkA@PbT-;Q_Q^!$7_cy1;a>LZZgvXJ#$Fmr6Luk_|}C z2HSvF^`xSjnCR*j7#XNqA84SKq?CTKKTNt8tS%M+fH>rgXZZmGO)$R9s4Rlqj!HJEL_)Rc*WNcYL+I$$p1YwZ1LPT3D`t^*t5tQ`apJw zgnm4GX}(B9QCoIaUR9N1xR?Xp!h=CfzYpXEy8P(p0H7Q^cAh{q`wlpjH?aZ$t&RRb zY}EnS>`*h5lPIbXi)pXX9!&2m#vE&qBvpew%1W7H7zMD7!pSOAnJ*Wi(c35zTHrlC>L?Ug zrI6~0GZ9EPY3_8cmHkTYRO}#|vinMIr_pjp{!9TC&e_7}mW)obp!^>j`3GUGgEt%uMV1CP|0N>h!A%7!JWS4!e zo?RB+D7q%JJsSZ@LMdz0w*%VMO5X94*~>eVS^QyT3rHQYGjf!sDh^poK&T|rmXW+h zOT5LNx?ZyfRTTeMh5|M$T{$np+wRaj2blKhn*R4+1FyhqBnrS9BldM@zraH6}RKA@DkY4M@O}OqCkp>wdEiiuzw=Nznmg1Eg$kpDf;1rQU2a5 zEE0#h>->#1OkGfEI*V4TRL>PcbyhUw&Inf>4xb*u;i;jo_MT{%1^NgCW)=Xokf`XA zmWs5fZe_$D>yZ6u>HPNS{K!hcJF8G7#i(v)C5UglgNR_FfE~Na! zyX~=e3=X6qmpYQ)=YHS4NH<(i>sUt+MZZ^`NrjJfw=`Z=JNTVFjS?_9-4>)q@>0-A zQQMhjN=~?rxP6!mJMW}q+?uAjAkf1*Chc|MO*kf&L)kzbrfM8&izMm018%1RP%8vz zhrc)>Ba7tkp9BnLWiP`sSFc1#J7!H|nYQ-4uh?CzG`H&I5^P3fjCxYs>PszDZfoKT ze%D8BjyD!lXhLyzDI_?B(BGeAv>T>$1d&R^O#3Dw*QnQ}zb3jaAw#vT_XyrmxU3?4 z9v+{_PIA@k;aGhgqUb5nDwyM)nR7{?=pU>=6_`d9X3Caij{o;1e=8em6L2tbwj-}3KFmZpN#s7Mn7Hy-_=qc4RvMobebMNvt> zxsa%H7HXU2a7F5{xk))}cg5A7W16Kv_{agLAWRJ4fQd(Fij^3u;_t@yKKdcVKL=o7 zOsvlC<@hVKzl98xyjgAozf-*`D+r|hmqts_Eo`nn6@tl4{=TfurrhF*Q146;V=V;goFf~JE7{*Hj=fCxe-qe<@ z-r#%LQIA%<{%}&fcwA?}vpB?J)7hT4Wk`aXOKFBkmp7MW%ub>ffYz4;SM%}m#RDbP z>wdfocM=JS)z28>=&g4!l( z=mIoj^AdJxedio^=ox=>gsM3k6e=M9tnB^0K4c{V&?3MfRh03X@(VrtT+1LNbhJm6 zZuLm#$^}mkmrH@FmkXGTmP;t9{R#I4(N^QfMs*4-{?L6BY`Aw8Q5iaTF9dQzEVD0E@yqd1&I?+p#DOKxyVH6{Zn35!}nS6foNA znX*jt*ZwiQx@2eH)Q8r7izaxizFi9rb(^v@O{D?YzkVnj!wJH$HbO7Zbiu!p&tp_S z)7Qu(%x*Z0s`IS&oFzgA;1F(_+XULu3&@)QCnnHDQ^&yd@6NgT0Xl!6UIWk#PdIty zrIcHPv&$RR?AWd~-&>obwj3ky7b^ukt0iu$HdrX}9xdjL*OwjpPAatNFVq?LR)Dfx z;QjRK>xrR(F>?qhZt|Z7c((2cNH5bBLzTKDO z`!W!%=P3;_47}SRNq%C#H!d7?&VSpNZX?!I=B(B)Qz&DV15DvsZ{taCk9$>HmW1>M z#|Af=*{61|Rs+2X+pZV-iII?L12FC_sJr{>YFXHelXC7IAPWgrvH3}!_X15{uCFw4 z)cJTnhg#2FkXOBHUQ18K&~)KZ7U z9=OFiTE6!={|g{PtM6sn;qki-KPue08h)gOd`^HEk!Y!auUDy%quU3K)the<5Wn3$ z&i|-s0%-iPP~;sN@dwZq?gaKbuei=X!m)?zgTBI-W+FU&yQyEUUN{~U+64-uEAB_- zwI8NKn{PFt?pn~(t)<6X|J|i*mT!Lg&I3=QfQbOaQVBBZ{tw>sH;1rOvA24qUG#Yb z+F~qH=k4iD>S^U2wyHZnGAWxt{#1&PsWnu+WJc;51vGe@zQuwaX z#{Tie=T8*~nidKY3ITv3Ntb805b||1 zo~iQVgV!y7TM%0HuD~iiA=Y1vLdYsnhpUS3w^!)w)q_79U7qgg*<~)2;G#i=P3Q4c zfy>8NbcWFkJi2T8n`-^1$NWHUjEwp~T(w>%eOuU0F~{4yoBeU)@7U~GW_Y+hTwxUh zvDMo-TK%QDhg&p{VT() z5EbbC^bhlv|MlGEY*AEKF1%)#P4&5qJ~UV(8b& z7w5-9N2;U1Y!zWf$fmAasJ3&d#ymNRW-zA+{#otk45#Y#gVitg-mE6RWLySY@{_Cl zrrsU@E}!| z+P0&QF&wH5)98=uUd7@UlbTYXu1hFhfo7p~Jm$-^d@~N5&^Ez!z3xXIUEkV!iD1k3 zpQ3DiAbQMvuDSmKr|nmxwmF{7c*N@(j~F&?6;`%|#~1Q1tTDb3@18$C$h_Q~tQnfa$Ue$ftt`>|>pXvK z#AxN_Bkf#xPN}U|zbb;r40igAO6%^&qWcGJU*`1K>Arf8-VKud_U!VNsmJQJ3BRZ3 z1;~p3om_L=4tVoZ5XWj?oY-cApo@98&hsk+*1zkAx>ZYtN;t|QtLIG;Uv%Vs*O5<> z`9l}5(08APfu`|q)D#}np!<$3ZP1n#ov0nob(GTGsh{D=+Dw2na~>hyDrx-+l7!3{OKB0}7O~ zj{^Dz3YIRP3c-2`l-1%qL5HIHGb-kMv}YVmoK_;*CW7cxja`r@9zd@aUc!OoV`_Xo zp*&(Gf#l}pVTJ3$mY=(ISx;ecHq!F|*-!}nk*sVAAn~PeA#DSgz8H;koAG3W%Avi3 zGfmyCt+I?pEA=j~fat`-3nnE+(%|Gr-qsfhz@tPaZrN-b79;HP()*F4j9K^n0!jB< z*H9IqP&nzEfRlW^_TwLt6hej`ws6;DOU%3(mvSFA>=P;aEji~ORg&JRTCc_+ZC@rt zJMQd*7{hs%^&KDp2(_%68T|2p>Gd#-iwHv1$e0>JOltM`?ez0YiJY-X3<{RRw0UY^ zR?#RRJYL)A8X;MLibJyZk_t#iFoYx?8BwNdoK?O+cK3Vq`}$QY48i_}78b?00`Lqy z$k>qFW)vJS5{f=TH$eHDu2NrtVStNW!!D5Ve-v~enJ^}-1VY9pv+#1ID5rP;ua%9m zi+^GqF1Ko_Qsj4fnYBEZ*7blPmcq_P0!R@(o_d`odQ_RfL~#$GDxpEPexa)iJ9=cW zC?VtyYU3>@wOh!Mz?c`m0WHSUqe+3{jO5ivjO{{4pXD5*}@1GLFFM>R9kem$YU?L$M~No;@#iX(#m9MmE_w?AuPJHf)C zSLr`*|Evoi6KXqt4yRoEp+OLo`f{AbVd;!LI|Tv>VL1tBuAJ+!(`nbOp-9U_KGWVw zt}mgX^6Emu0l#wc)d+^Sxc0;tdO*q0Kp-6XNUFKFiq&5}ubkyAGNrdOyfma}Ip+f> zGxple8&0_Yhx@+$|K+~_{{OjeFoJMIB^%JC8K%)5Q-=|78nkZK|I2;r83CY^A~N~3 z8|_Tn1p?gKOB>T2^|SYJ>`bTMpwl2hz3jNy_Ea+tl~99!m~z>M*UgR{?oa}bnuw7d ztkK>9rc>%A{B*|nY?{}*L*Mc1F`f|I`effXkbn_D8pcQ*t8Vpn ze|-y8=EAshKHZldRlQrb{p&k3Qz&Fqj9UmsfCA%cQ<_Wq-0Xq-OUKPC>%gG@h)?Y=nmwHYs}o8^a7w~ z&J$JP_3Wp66Kt_zB!UiitS2E6Ob6eukB!qI7~C?w{eC#rL|nC$=34B@IEeeEjNVF3`qwMtMtAjBx+6>Dnt@AY@N@gh zpx$w3iB`x4&a$m#?b80Ba2#rkzu&%W0 zXavP3--$_Tp_4qt5g7qKjxRWCc-AWIaDq}vk`}S_d43*lb=fs z1)dm1;;`RA2Au;qNa(2f+yl)VG;9NzKc|b)SwG*@!w}?Yk2`3tZjNypeb*ehD0Iwt zKh?zYjO-RixE)?{O`$?yu0KdtPvc@K`j2bh#z`Q%s#|~S0va?UXvn7c;m>T4+o2du zIOOLRN`UtCD;Rbes^*l~!_>=Zr2Fu1`YcK(zp7VEO`&Hjpx&=ni1e*mke5<;Y5I^4K{WC22Xz7=#`ell2}@wOZi5o zPqmNjKQBF!+D34f1Le!|mTK6T3*e~-MJe9>6pr&>S5bjfI++Avv$uqyM9=o@>12T& zxu2!!VIs=MXLjW#k(T9yiH}}zUw1kCwam_MK>)YB!?9sB zFCkx-EO3cHruN?mowqaJ6&0Z1Q2~xE0DMY*P>ac#(+tYUzI{S)|Au_?>dW>Yy@1Wn zT9*P|E)1gEYC4;7)}Pi^Zd}b6u;vQ-6>B8CW#8R>XcE%8@N66QbAY(SAHHh1@H?;c z*^57rNNowX8?f$Yu+)cycW}-AE!i$Zo%+W&)L-bjqoY3PKgI)b+enww5zH%cn)1vx zef;St7Iw_zRlj=m*2vK5y?b_cChCO?Kg*7S+MqxBu6^u^dL{=8wTPG+1WqzK13KR& zicCV$dZI8JoQSoougLJh$ux(X^i=>Z9rbzf(Rof-_LDWUnGxv;x4N)gZ7#Rsn%EBD zWqkg6{bKD);`syJYHm11$H(KrVy4B+VbM=Xk7DDSLbfL#ZeJ-dX3QYH_zL}$>qGON zDZh8(#mgsmvwO9gJ->IRo!yYgHS-~_aDZZ8eQ!CP`EccHijiaWzRv?Ov~J(pobZWs z*2^;DVI%QdCWEk&u7RsK6>dR3fr?yV4&?ed>#41gL_zHrlZ ztGr)^E2S(($q}n@(5`!P7J!S_7VSUj>br+9JNh;Iv^DctfD5OY@4#obS)h-R>kdEm zXLH2)N|F_5;Td zM8^#fU6Jl{&oFc~9j*5brXd1tEsWDPyxmHHw1y_KOhFon$R=_kbrKjtj@zmW61GSG zE{X4+jGWmuyX<{O8-M4t+sr@h77y-<&Cx9mCPDiQxh)j=DBLm%3V(==#U+TU8L2Lrc(lqM*12Ear zr%oXxgAhl9uL3~PVrkpC>;bq?tSC2(m|i`cd?(h&qrfzE1r0!h)F==yG{W=tq8Aym=$mUohHSu5 zCX@n>Ul)2WoGeqArBZlzC8fzSZ@(e)BZljfuK_%mV& z&i6oGKd8_{LtFPN@~EK4ze)t0Xnj@hH)WPyyIEL8h%3XycXh|Lq7k_tBhr*&G=E+l zYmA$0yvBqFJCUmxVq<21na$q}ATt;LNP{ms!EG(&ov>hgELiYjMGOT z(KXm7+48$LiIwvlmA%O_Kg$(4gX|jJ2U0=y7tg;W4ssb^tL=Y34-dN$ioEd03!QoV z8*AG#?^mrASU(5tmLb7$j~t&v9>&K1j{&C?@ihc(2q$re)?N7Ha#&DMOw4ATe+aU^ z@zgzA$gDgCK2f2|?+*b zjrEpodvUct_8VUVn|>JQTAQHCMH6>ViWpX%BfIXo>GcM4F#cx%NO|%sd%_~J;`MJYm?6NP1g<)I_|K#9u7CUg zm~j$J>=R5l9{JJaelcflGsmOy^Pa>CDlJvGOk+BT4IaaXiEO2&Tvknr{uv~Lzi^+y zQoAH*d`w6a`PrLCvyWn(SX|F&)cMzx`2D2^e2KF^pI)vHEM{jzSe5K^c>4Es1-f`R zk%0oA;C^^y0}&Q#tOjtNMwAL3Y6Y9$ku+jhcIHo(IBP)y9zsl3V{@q{c~dzcRyoogiUjjD=Hc56n;^Au9jx$7AC9JL7xx@jrTZymD?M?+vKfgV z0{0DRb`Pn(sR}mibrPi@n#mW7!ARCEHZDnqTTo+bqS-39b9eH+u;d|BKZjZ9xXZ+t z3ynPmVTDIzp+|%zM=tE~X3LSeGh}oNtdBUdQQ1gE4c#h1D1JmHwEP+Cn`mq3@krR<) zp_r{d*#Prh7-25#F2^p+j^55H*&QuRhPj zRJOl&ZtJk*xuD4(P)i<=Q1kumxqyKjQul4t)X8)sStj+ZayzFnOuIiggs{}q$ki2Z@lYT&Cl$vMxyNzDMR;8hJNE{gZFTL#1++o9g!G-U*Pn)q1_S}O7(dtvO@+%rK`OlyZgwf ze#_eIR+wPmNP@(w?plH1G$Li=p}Q)ni9OO7!*yg_`%~=xdHE`c@%4HaBI;+5+T?7r z+YP(DwMSw1+BaK`tFzDn8jCogW(jdqYx>jR4it=+HBkVH$A=--taxE`Z}0uxGZ0cH0B z%=f5BVLPqo$;FRaJ8X1BA5~O?A`#{(iAOvh30Hnx4-;|5mV$mjuhOXQ> zTU@KdlWp$c7v|(8Oe<8M2o}ntTd}0S^pfs9apUrN@S97UDA~)%a83FP!JdewQ@#w_ z{b^VC0qOCoL2%g8HcUoafE(4F| zP_?g+*%WZ)+QH@i1Mstwg{cFa$tU4}Pd_*iPek5B^DcY~@E^&vRN>E~dGE1NP~|f2 zK#Q6Im2z-cdBv0T7}-N_x5GE?{Y@74Rn9FT^GAo!sClnRTbJ4luLZ`V*phwuzM+;!7oXz>{dm71_9Zn|*k?+%gN z{#a&YS$*c-(86QtW}#cHc;yJg?CIM8*yWi?;mY0PMo2y}ZWESU5I-A{e@yvj*05}10{ow2?V zkuce4qlaoRYqhKyE0(@iXSQcDeozJW7|#>R#!7-NxbGUFx#dHbp0G_2$>q%#xBi>| zeHr*P^|jF{v?XIZ&3uz$P3*bIAGSF(S~CW%)`(gakEP{Czx>@5@TSqVPpfH~?}%eK z^ksExct)?BzI`*ly=~E_;&TD{hwNXrc$jL93ZzV{HMaRp%q$ue{GM_6O*7pqP&xi1 z_F-|3jyvzU@w08_#d=G2uL3@S>^DpiOLsp$kFua`KOV2q?2B%7{qqZPwDCy_WU7J9Lqpyac>yE&taT#1qjyJwu(K-uE zOt-PH8fCaM5|WSLwvLtZzHZw!G)T7$auBY%SjMalwIep1hptl~BhO zTwQ)-PIPFrWGM}K3a`EPS4V8cqtaFhIYcbU%(>CszaUCqModb6)F0`e2yIvNSVvyS z=|BOtvJvsNDV}rGX5E0uTp zly^Ff@jIC%2z~ba*r`W)%pw)V3wchOR!S2-QsZ7lmy%o9o{M$Qe{;s%H!5!5j2zo4 zn&~-Iapd>VcJg?LaTC6g_|3^wH7PhX`Kw?LE{VRj5V#)H+v*S0t9kB^+!@eew`f`1 ztO$7AM}Kw`P)aV)<;9adIU_Kx>N>$pXJw2jQRVu7LY~J!@}#CtbH&!}#&2MQwAwFlLvMvMQA- z#w0Vs-atNA|9<)F{hc8pS9biW`tOp(ZNE&9{VHuT9qq zd#_A$-d?z(Dq|$gDF@Rx6W}hmX>c7Qz$fQCrKhU0a(VDUPRK5nhR=UYug;_0p_TtG zU82>tyWPY@=8|H2d75m&^w274;<|;jXO<+ z#~F(1ZNGx4W*Eg7l(+~Tl`^WKH4tV@n!jl8I=Gi9w*F-%{bCfo^W!Kd$?Q2xO5?mI zx3io;aD#O@Q~KrT2M^r(llUL2y_ByzRtd()a;~0A?AqH16meM9<}6m3ajZLfdD5N} zl=TI?gHkx$AH9;^0n_2zZ`K+e?F!rM&|CFK@Pu=IYdkFWx0R5A)@r|m4+kXkcbi;3 zainYc&uPnX+Ie~4#{=vvF@tl0l$NgpYgHZ)L-!ri+GD>M`j_oojy=v*eh%kLNBvY)FN4zjyfqP?nAp)n`Uln&kTPQQxry`YvUEr9u}-BOPE?xQSV5>-B z{8eOaF{<~UYMYgkRK~gR5{iA%p`LYBPU-qL)nTZ(B^44XK`~=K48%9qu>#d4WC%na@ZwcHQfm6O#%iX8=lFM*AAxtR6_U9SPB(T#&HUf{OItGz+bV## zIHo8W2K5NT+ReXTAVSX{@jaXzpW`V}^7Mtk0T1=Ju~^`%nP z)P5f{12JFHoB6}{R5K3bu8l!9HkArKwAM$*u>(<8o?XhKGe>^Blz(6TfaY;ea|-aw7d)_q&fq z`3h=lVR;dfZrT!{_K5uc5R1N^!N$V(53$exE9-i~r%G+Ne0YwH?#$N|-tbC{oTI92RY&FN{!t0{W5tz;e7{b*@Y?$exlH_f zkAeF-$|+&GU$?}CZEwycSO558KyxrV{|;K-ov^9^4`ZHs(m4H042Hm@VCphM1;F1f zK0dW9ETI+{^_}ZjAz(+wI{m|*JZ(=c@8m)6=Ds?8aPU3WP!$K6q(sGOyYBa=u}G{hAun58Oo z;$R~neM<<&D5;t_s@geO;5!mmO zbs5c(TQH|D_yBrgm0mL&MX^kHNKRC%7^rDvozwXaUW+jJ_-?8$jCtsLpLCBws1x4} z7bR0`yMZN2$@Z|3Wx~msLYE8tL zA;5NA&k7x=q8Uq|f!>spTWhqwnK8*Vb8@{>%;jMUS@-~fSf6^R>Y3Q$HQFXP@pvq$ ziUPX$XFoFq=qma`d>VvvHPwtX=#G4G?!Q5L-(mXhvq*oSUbLU_U`mlQcG5bO*>-`q zDzJF{MOnsNj_YZzi(I;%Y(^5ir6yb9W_&|}UhyrB^cR1I!hN3zj?!8pSXsc*1ZML@ ztW9-2+PoJ7cunt3Al%-I+vN@pNuqlPMbt zv{zv-OT!2w=}x%sgr-Y`r{63yPF69D=;=&I=8i9twlzV&kWjO8&dnk>2r!mzkYOvOatF0!{8{#BOvm6RtI-8QPq;s{n#!z=4itsM#b~1N zX4r)pokL!2)2B6HBkrhYV}OF=#7oE9i3S8~5k=UQ=BgDLVGJwV>8h}!?@NbNJ15P# z_0DS7*RS1D6W^V^KBprhpK>oNyD>DWEw}sz?e=r_1ulcJ^TTHqAHov-%#)d#r?EOL zfkp#>NZET4XiO$72$z~dml~J>OQfdV>+7@)G=pC(C6#C?+L|iV(ub@iRrYfX|bTX~W*Dvkgv zLB}paGTNOo`Qtpq!@*_`W{Mr}Z^|Oa$S^rGnfqgE02QXRGE$>y^`A!i!|!(?+prwj zG`}gBHyUPZ3DeUpSmBZj_9j;KD_f3sKYH11(g#C`rTSvPY^Rl$qG_IRC~uE*guJ6YU6Hw#4V`XZYqRz{GB#OWJH`) zpTF&)({7~mu-fuGqP8fwIER|U;$FAtFo(09j=vKpG2 z8Uk;8Ii{RA`Xre!epbVM(Fb+A0lkhU0c#2}rqV372hfamhvCx6FW`Cb%;QyIN%IxS zNAJ|?1cEExt8#k4qFi8DC0w1-2V9cJ`b>1S8eB& zQv~ugBn96F;Mlz6Uz^jz!Qxn@Tyq}=MoU%0o%+H6l(aCH24QRIufkT6>^SS&ZIfIJ*6xRCr1yBX%a3)LH@=$x zdNWAG^i8g*w%|=Xzvr)@PzF*kc4lk^=m<)6z@a{}9bh|0=PP~vycX1FEcvH=5mk6e zGQJeDOI88uKmsqHzUq}1c=*oyA_R{SCruV7A+T9h z5AFI8i6rL3^3Gbt!id(dinUDci$1pGjO-p#pI5;|G$~;x z=pd=I{?*davV!tRg#+N8L(|QhKBd@cu=JxZq)l8>TR_VAw?7b%Yk#~h@^vei2+9pu zhCDnn)6Z~T`GR|dD2JiiuY1QiXhK`MSHI6F9Fh>JnXEKISkq!NcBj8nZ#qXs2|*{b zy#HkD_0<&{>Vi>fT~p;z#O>%;z+y^}h1`3x-%`(#oB(r&?8o(gil+d%SPWQ%X*qS3 zKD~?k#%p(1pVMD1_O9Vh0%{54ckzIZ)18ktWIT}B@FZhSzuGko4W&ZA07^}@!FQ)_ zN8Ua>6>CE~7?z~}vnSlur-@J_HcQ;wcg#lY$y;T7s1W+j@?V~<%U9N9n|?=m!rN9V zct`LFzx&FPdAP{r2v7u+EV7pIllEZ#lfzA1fm#(QQ6}OhfF}NP)Q$T#)*%rZcjq)9 zNsEJX7xJgR*Qj?TnXFVl0Hnl0RlfSTU@BT@0z?rsm&rvF7oys`r52?J+qy5a(tLSM z&=epG)7t)Gr;&9xG5=OLlia!rL`>zU>-HzMgSxls_xLtn7ZHE%4j&=8^Z4I`Jy*DU zcD}1GkGd6{yM-9u@*vkV+|-zHuy0yYPqKlVJNcP|*{jDJ2W`>}v?0|X1sUQ!Re~h) zkmZ}b6go!8hbrr7n=$I8C*5eO#-wDW>I5-0B2{Nh0?IS$r1$pW+3-e^ z4`$yL8Ed^l+HhoWh>?vO=#NM)iN03SH?!|F6-x6jD4{X-E=SV3=Sbs?9P5$4$)83q zk~aRzbt zMi-O}C%aA+AQB&+r8Ej!{;B#}E*ny&680?x#wKdo>Qg3}WNcHLD`}Nk`NVk6u%JLI zsowX*%fzujT4J|mBrR2v9(e`n_|*83oHgGS!6zp!7(>Dw{# zwuh~Dn59>l6?eFf<{qV~G^{8FEp=R#QX5A~8D`mwSpOOm5K3!#uKj12u3{KFq_O{R z`{jZmyR1#7@Z;y3rk_V2zAH)Pp`$NF<6*oS)|3RfTas5Iimn6cYX#YTwies)AHVPR z*4}*iulr+1#Miax$V?Zw{HOCP5)Trb+;Z{|4r)n-17>Oqxb=doTjD8ZYLj{o#ytxq z6f;z&bB7s{sjj|r)Tya~(E7bYgR%oY$Ll(&uy0nq)gSuCz8=;@o|!Qb=Z$g>>k)X) znKgE%Vr8h|>PljpDZ~+(=D2T4)C5H0j9iUAb) z)^>^()3p8+ErC*$#U4d0#%z_G%(eBa98R5Ncmx<8Q*&n(yfgOzvfF2>uNK^fSDq^U z!X@V2tQtob!XKDIe>S4zji7sX{pmiPL4gx?6H$$^e1_Ahhba@60uUqDl8O7fP%cDW@e=oGLUuUOS#eX}3QpmBJGj zwS{#0p+g_4%OGhlJrMV}IuHBP)4DFvY_*jUwTgPxyTZ=qO-%t8{^p9{bYt4ugPEvv2=-Xk2UX@*Kc&dW@(DapDGx$?|gqcM6i(R)j zq5}%+8T_QMbwhzO+qzJ>X+hIxJ#+PMy}E+h6(^;I2?00W$w(+!m?~cvDWFSfA}}v_ zy_MN_zxy(-XwTvA%lKGX*VpQY3+{|6PYRle3pqU6I-Ksv+RT^t!SyO0_lECq=_EUO z{Y2Bn>2uX&Er8U9vV{5W4JWIbI{JRwn(j|5V_=Ta) zQl1$`A*^uy_86zj#<~97ioX3T?_dL`-E%C?WDO zr0UaAv(u~J`84aS{n}q>Z%WvMVO9&7f%W}hw+9aa`JqXQtO5*QnhbhTU{3whL)~lN zu}pF#i6d}Ta+8JI3bL;!Wdp#1I9?uxzlQQzH(z*gOpmXJS6rV6v{2=zb>{-wBV5IG zZHJ6Voc=R8kM2-w7{L~EYTcDI7xx|8zq;@L>(Klh%B0m-%*fpZWNhnO=UEjWqNM3%M_zoxw|~?@y2g0rOX2n>G;K!S;cRis&mvqI;F|dyEHOF^FGiqh zJ=t`x*(wUE7x*vQJKmyq2Wd?j=77G>Kz?BIAf`G^?7|$rVxjmE8{$eUE zV4wG|(#X5If2!!ZcHt;%amTx=7a&?O9Tv+Qav?wstPf)(P?<&t(ZkkafH1?uC-TYw_e-k!r(yfmT;9sZQ8Cg{SlOFANvYU5oAQglkr0qk!Bjedof&dDr;|xFVMT^?au+ zFo)y(@5jLtA`Ew$UTdxhTyA|(@qNJ$aOz0ONiCRIf}VS8(X3sa4B+frFGwN|3241v zK54IG8&ll%O1pnOLAPmaSUP+)1-oHsD+q5+N%mMnOty)6G`Fcpa+`yMq6*w?WnM-U({7UQfB)-(u;@ zndqEVEz&0Ap0T-M-u;oca)#>O`nRfeo4`ypQ(sVq@J|StmDdP&Bhvg4u)EP#TGW@-uXw4fdDe1`Fo}=`3B8|J4n)P~)$DUkE8ygOV65LI#(${Lz%$sF&lg#yNJJ99au3F&ybON9`~xtb?2+$qO4Dc(7W}> zN1A09yRaaRe31HlT$Bs^q~L4N7oYQ&C7}CHyU68?+bJ(Jq+P+VtgdPurUYi8-tH=s zjNRtDpJy1i7P}nUPBveBd>yVIORxS)sAQF-rt&s-@8zGXc*|SyB>QX2vaArKE z!xF+xFKzO+v*b{j{U|l{i1$|3>5|hdNp^#xKBhZaqYF3XUw`xV)YZi&Bt<*-zF!C9 zyE7-TzgbKXHY6Y8Mo-xJY1+-uVRU>(W5D3=JM?nZ%PkIe>8XRMXAWlHIhphy8uCyn zW;ti@CYaCKvoT%PUGLol#e%83z{e7wkH?2p>vdd464W;UmkKpx)P$|_60U~-%IlYG z)&JQ!*;|P7V^}CAOnTv$=_N~&m&|@YaoJ7fY~030Y^Et#54floe~c+vJSt`CSzrc{ zjincjYd#$SZ?Qgp4^qHU*_N@TWjTjaBmlL&KmrH?4J_%=j zDzFSDT`ZwP%u)O0b1{4j`^FRaOf`z3GlNhT(mkAcAQi}!_JpV`{a#)`pj-eU1E30D zxw-7HuKd_Q#IgJ+)LnJvjWga|C>sDbtpF&QAldtnJ_E?`q{Jusej%kl)v_i3GU>cp z>y0t|S&i~a)KQLJe)7p|OM-_Xt?*B`v7v>X@f7S zzq=GePocMeCmdO+qP4=BfBg_c;QbEd*JC-Y@jzY*zEInwCbzS2w)ClC#zI$3KKl9^ z+#g?K?A?q4PuR|#$4jiDmOU`{FJp~~tfi?W9Y+xxb~jy1VUwx;><~}o*iE~%O?%r5 zH;1B4hqUX5-!L$0qHxK&deW+baH@#&W51Fce&Wn7Srsot4GSSq&oo;XH@OvZ3I&S6wRuH~3P&h~#g@fbe2SqHyaF1g0I3Nu^_|8(2P* zzv;=j_H-rs{$0Tm99&fH7$z4FrVG1CkgeL?qz7$|5*5Tt3z43~k8NPCkpdU5+m*SV z$5S{ipQB#YNye_eIbhYh+f4Czr+^hs%2wk&nD+G3x;;7uIuDNfXo4ZPm zSXJSc*&7mHh(xM_i>NqJ0>k{dVrx=b2bUm( zk_(#GEm6zKkTso_i6Jt+4-!BWwZHycOKKMT)jq3g;GEFr_O(i3nG>fCZyK&Hx&NZ4 z{9TPcZ8<9NkceCIebbXIk^+W@!TN>A=p09Q)=)c~o{xSMg&g}f{ekYNRVRvWm^EP{ zb=DrB@oaj;GE!efSIM}xf2*ZmoP(e0IGA7D771Tc_yrI;Gz+Yfl!RqU-ote`!oq(g z3PwK^DInU9p)}ha`<0#NC3NdVdHzhVqM=*=!F8Kf*yP3Emm0lK-3tuE>9E)nrr5_h z{^#fSi|S#X>y#zsJb7o#J{vaWT#soFlce?78#bp84B%X9y{LP~3}-bPLoz+1MH%IM zr@m1VXrING+RAk%@afa?+L#JYDADCv6RwnHVBGTIHiO%6C|uN9931i#fX374fkgjj z^kdd7ch#)lA4%+R8f=r7F6p#AEkKu@2H*E)L3)=8XM0Hg=;y!L>z-khh+ zkJpRJ+F|$;*Cy;)-KUu{E137vqRjGLJvyx~X2ROc)~_|dm}9T^kZQ__Mv#xn-uGCa z(@~N}oA;cKB`6^H<-Cqe6H!LmB5mfLcO~S^F$0+;gv8zg)uX3HFq*VL(N_{XzA5={ z*!f*X_dwO8dkH(9#!Y}!FKW*!z!Bplu8Q2>?s{?AV*rG+0;xj00R`>=Jdkth(p<*O zsK^dD`VK~7pSaXIrSN{s8vA`!@F9$O zjSR%!@JjhG_65x_A2k10PBO*Z3UJHm61o%)bEe<0A|P z6ygRENVs94P%yVyAJUGZa~WyuAWNW3m}mP&Z-yyDDD>ih^~e@6G1P|sA%{VOGm{N# z@v%n3p+e=cRDBE0PqQzl9<)yMocIfE*pWbn#=kDO6 z{zk7~!#K8igp=YS@4d*7+p2V*Rg+t&t@hQ5Z(B5kfTXEtH~KX`f~01NnD7CW@B!QA zNmV^Pt}Flpnj-shi<3er0-mf|&s{5CKJWH(V^K210kL%Xq$8q40i2%4gxctcWc>Xk zNM78D>(osNFooAIJ%N2zlxtEnx;CJ~I-(Lk0^JA6WdM0rC|H{|3tAw12kPPYBEQ@M zc1D0fatw{0%I=V(x9@*#529x!FqzKWO24NZC2AEXHV`Qv=lmTq4z{Ui1B86<-qHE_ zLq{&;)aa=aDUoPW_rU$yMZ0s*&7{M3Fvq$6LFJ{j2BrrA6_0?wVFb28^bON>gzgM3 z%G1@~qtaH%I{CS^s*0m-I}@2G`5ffQ5v6HvT6YNIg!TzVL>jCEL~(|lYv1L63hjUS z#!X8&XJG?hlKtCl-yZ?h->bwe|LE7M3%V!}fB3~2K)ijs^^!hUC5MLo)S-D0u6qwS z#jf2Qp)zelU_Vr9I8$^^XW@m>DOCCcwd8$7@KF!?!SUgejEf`{MyVpvT^T|)uRek)m8kiBasy@Q`v`rYXA2;s>W5v$Iix=s+BOQ zCMm4VKBgjUq{Ey=*u?cSS|27xd1tLh<_WfQaCgp8hWJ8$#WkWi{~(0FgK`aGv@sys zrl$N8g@-3kJ?m?Ii+>OpsU&@XNJoB7azC-Si7!73&AwBPCL z?l%p(?l)R73u_x*b_4imyt*W-sWHH6jIAN9m101*|GU^50;nlUkM3_6|0UB;m6{9k z47Rxp#Gk&29iV4^lk?by;rYW`!+qloUQKv5r5CT_2{e~e{62q%|8shMEwxYdGQ5y^ zV*K4z=*OFnCC(^-$cB1vV@SxrtF(!AM&fb8*hNRe?*>eh8KW_`@BhPneY8`|Oeg(yl-$^1`hZ=87W14kXEY^1u~+w@mRP+y!uqNzl^&2l zMa!;aIQ9RyZ>11`+a>ocCWu*~`M=zE*a`@A?!3)7-{wSdbxCGDJ8s)%4#80bblFiK6g}VO7v>zM4f{DN z>8r0mwc|N2TN$sTMc7`n`kK{L7}(loA~n#WT|1P<=82x{6k9nvq0e_+OF9Dmb@(oOYHQ>_ zkVelYIv0U^FP8oz9i$+g=xW^NN`OUkhu}Zcvzm9TrD@7`LNp!W_%9s@R9Ai)hV*dP zo{*^UR#Yzo2#Ynwamqw9zkU@^RBPOQ+R7{=`7_A^!s&6IUI{h&_Hp{6{&~+Y0@!-( zoxtS{t8}PJeQKGd2H}lo5rT@uKkLs=#1S6eL=vc3lqG*NHS_eE;E6(+qn1Nev*EkN zwF^RW5}s@B1bW8kjiY+bR?KxyPjrl~st}FdjH<|qTZ^1nSpZW%^wGG9wk;b~D z+@$}svPERuc9a@oRa>l2&wrVVg{tyd1_E3#;s z-DPNCv}U&?$gwvGU<>Ig&rrob`#H;RMNL#&7+j<85OH`$T2J*%8WzskD`CeI1(Ei? zPu`(!Oly3=RVkLdmHc?{vx62E(HdT0bqcl}D1*Fmh0Zp z4S(4Fi|2p#g7yA7(PBNCGXRphv~;(*!1>vf5r%P=0W^s{$(zNb2Tv@6tfnm;I%A_1}AXJ zH0(fvnC~Y?v;aL_*g@O~)J}N?43W*;l)iOQgJ)3F7B1-f7T;X4M0Y<|pHMH4W@p|M zH%bM7N?7u0te;4J-hNp+9x6hQ1&HP{r}2x!O)(Wyd71)z}z{{rpZ?kId;paavvd4BgJa z3edOjjF4Rm&78dey&pQp1Gx=#E|6<4ii6iYE9iE%4NN3vvZ@f7BG=zkEf|SPWfADl z!X=E=j%T*F6G3Wd5@Rh&@KK6!MArhz{H2&M`yUFGi~P2sn-B*}&jFDCmkvAYN{<{X z4ts;-XZ_T8&cgAu#6DtE%GIG;(7G?hX|L98sz{pMUK<*;s z-Ed6Pol`d!wK8yr%q#?r*G8^=u^!ToP>a6(&0XN7aeeLW$4$cJ(h6}i~JndqIYEM9j_Wh9TW{w-o1aDg^`oSO2^1&(BES$;_>i?~W2?!o} zh*>o?cR%ts{`>g2BV4@jJU1t1LUakF2J7Xt< zfcK(aG2KaEpZ`hCrcWt5MjX+bI8PuDs38a%clCu|{THo=p)!#Y$Pfy#!uc6q{t=I) z4gq!vYETnq>!JlD8x1o#uE7lZ&!?h3l86g09+w>J*9NR1o+1J1RLF-^-`sMgg&ZfY zrV7{MNE7q}G)l-iBL(?RRi`qj4y8VE=a0(Lii7N}DIkJ%g#gt3z%| z1}|#}b!sV0`PJ;@n2aT z0;kesngEh}KjC!@iCKcpKt@v@`L#O~8Uap@+&t8^n#&yBCMD6jat&GJqibdMFEHdm z%UzVK^?$C*{*0_;ZOnD8ftCZ7``aa3ZrLUPFC4YHFoFG9$dG8JHr*f0?{)z8(sF#5jCx5vBRE9XT-^^Wh+d0G%| z-@E4J(zW1$Dc#iX@lnXd`}=8gC9S7@P5R%g$^iYhAVvK4csA=>r8FL8FKTW-C`%B_#aC?S9x>ZX`R7Kh80rJP^H}twn)s;1D4K7dYLf z{sRVCIkuFuTdw?9*INwfC{t9M76Ozre3P+hGYu`<24tH`<2&e#EXmAgHs%8JnWg4 zDG{_x2MGakC<$=z%J1j_g0uk0ag!kG{*Ow=&^QwO>y!&7lrxS96fToOQXr<&D(Jq~ zrns=msl8U_-_d#i9)0S|CJ3$>fpKPJNieW~|7h`uW(&e6fxh+SXyu9y=fU(RB%aCv z5B33~*nlDz&8Qa^Vjwzc=}c)Pg-Q>=kt4v#(<1Od0P?vWs)hMR%-#nDBGf~Lva>BB zhxu;6grhDUUKFjd0y1mW&64G4gwd@)=2d)-bW;wH9ROL#YE_pz{QLu29M zbb8|MBPSXy+FHj^MgE-6QFO=CFz2$Li3DVoCA0nTwF}&etkoKNuz!sjBc4##m(L!enBoWEIzt5u%Dz3A=)x5>9AU4;C)ERHXTB$!5Havvz&BptPY3 zvl;$(&YskL0cn1O80WOKD;Xwzq9D%#r5ysKG%7xDH_l0Tu5&{57%#O;W~ECl{1qlC z2XVDA|Y>FBZqARkIVlYtITV6UE1=~EO7R^SNLM!PCpr2}lk zO=K6}UH#iHcwD7+&#Eq5T*-_GYys@W9w=S>MWD>Ixn+|e%oXr}ODmZy&f3S83FIhT z)gH2hj~*F3D7)e-S#zpx`rNf&V~5U^J-fIL4r zwWqMu>M-K~S%=fGL1u{UFbjTF`>nk6gFds{7KU~H^wZlky%gvth|$h|q*9I?7Jx0w zRn*P3>*+Uc{Lc4tn#!`(#EBVU+Q-TYY=zE>5yfc3z9TaQ1Qk!s0*^&kXPLPX<{#lZ z&OpeDe!DU5#@q>A7FqRh7WxT`AicXG0s^8|j6N`eKLs1V8OJi7zCXk^9iCj$+HAaR zoILccDrPu^GU#`fovH(*`Jvgx>l}jzaC5mvHcxEE1oo=U2o#%A)>K2yj-p=?oU=~Z z@Y|DRA)+SSELi*Hcu;U*5SRyNM{9$Iuh^YE{V(6*Hzl35t<9ohrcd~kUd7C(euV=a ze11Nua+S^8m1%#Zd9OAHVLAC`iu8&d1ro+k3zHcZQMLm%Bw^ggSa(?eDIK7JdJ4cm z?FMJ}gZt&9aFHl{5X>0Gx5s7|sEp-*J9YTXF6v(6ml>^1Mw0Ow=UEdjbrmO;ci$R< z#P?AznLB>YHE?BuD9#C=u^{xV8mnqN-p)fW_1+nkKt&7LQ5&0@Kp6XIUafv^KXChjhkn4qsZv#yraoe7mC|aH)zx zj}j#UVBA;n0{34I$HJ_u8H6!0BIF=V0P`~(uso^^_k*sAtScf2f3^ZUR#qQw@VTb~ z;1LefwcrP@(CK01612H~KbPbGMlY_+ob08oc{=kvWWf+Yf}~?|B#N5YHY8)&+>(1|NXzNS=Xpv+V=?vuc@x@eu*w( zAfz#ARt0p-s;KA&ah@kht^lu)R3xma*>P|f4u09O0M(9BrGPABVq^drs<@aVK>iT` zS;(JR!y+CHH6rG#~Q_p`9m!%Imd{kptxKa58F8 zVmQbNg&rOCl8OvMnt$8YB+aROscx6rA}e#mLNiU%031!t7B>`+9y=H)&awGmrF&5H zdMgNF#gzcc2+wF4Us{>cxZ|@xR?hA%*?T_V9d6(qA*Es{WFfY&%^sVrb943ap z(8y<`RPh0TUQv-cVOl8!Cr~7psx3Ky6~4N1zLJK3b~3)44SxVk`FmsAWqPf4T)>qH z@Ii&agv;ob3dzgt*QgE1jV8v4D_s>sV|$NYjX=Ar@oc@TN(T4zcG1%d5lrcSi!M;I z8nElu-?`ob<+JEUizn0L!l%Q6wf7}FsO=zh?A9rSRSr;RayA^OEh4S7Siw7!NDP*h z1XPU91q`&M9#N4@i(%zSyYxE?248{em`n{JW4s1LL0^wDv1fLB#cA3z%TjJNjMcoJX@k1hPI z{A5ToC;vM>M$UidxxS2Bq7F0>qhfLF@QPcc84otU@nVL_PZ9|KvF-X*_$fScQ2e0_(z@nHa!Ab@$BlR2aApI!>;l!=GK`q*{=TK zgDil_^Bb}}&1FIeC1(@~FHYUkYt;x1K=mj30dvUbpG1q*@h{ds8nDBLT`wnFaZQqd z*EF~Xo%e_QV=1cmD(|kudcYsUGdP^*%^goHw_cMOa+FT9^RXr^6^f2*fz(-jZm-}5 z3VjPa!Yf^&+r{v|K71a5VcVDasIuBEguZIQrF)M8t42LJdIe7d5qs4hJDoXHlGGJ171~sl0Bb%$q z3@$fiRUA|#qVs}p!ozrL;VX2lQTgitaANnu9;xZUanp|FKVgBF+A;>uu+yV!Kz7P@ zzzUV#b|5R}qsoD*)j6F9icUK8fzj6}DYYtxvrjbUE{rG$7W3w|==3_TanZ-l`x>;K zVN@X)U{&XPXLt3l=brj*Dgh{Z%gDJcB5aq;a>L+L110J@nIT{$K+GkB4Fidu?_p0Y z(OXzoE;sfbS$=TiTAw(}zkRFxz6L(<>wiPoue!gV`F>_k<9&a8Q%Hj5y3d33ewd*O zT{UL!>W?|m7-0C{wPIGS2g`~(-Fk8fz0*NV7wQ5TTBI;eiWOf~+u?%`rb(((Xyo-y zPg?k#BpL3tBpY})vTQ-N7xTWjWBcCY{j=*#Jb(8&l7W|f2-d(8dz|l}^EJ~_`j8dZ zGz!%favS}Bs!X@M(5$)c-L0V^Te3UhUhgZ*5`|R%v!L(8lKvAy>;9Gu{_|;{%0`=w zSc&|W25tgC%=uyr*UY_Kkj!7pLjF_5d2Pj(&Y4`UbDsNW!@pG57WV#~#OO3ly`F5t zGZe0zSpeC;@v|>yoVwnUn%n&9e<67AXX3@@NT{IhleE&w&x{+2e-+*Se!SS^16(`0 zT3(5JcJK5bC5<*9y=?aAi^vZBG{Vk@rsBff5gDfoVj#W}1kl1%PY_Sm-`%nUlw;xP`n(!Si%reAVIugJS3Iz$+yf6(bc9ErwRpZ| z5%p#j$KHmFJ-R}7_^0!vYN`xuENwpkz6YeDDbl#J%SxE7v3`2qnWkJf-{AZ*_AhL{ z4nt&mTXZ!&lDya!U{@r329_O0b1Ug%aYCEKbXUO))3YZYZz+=2(a4#fbW=kat}G&s zYbJ@z%stYiw9cB@rV`D#fAp~cht^6H-GKDiKk z#Wjg5Xv8&{?`}s~v|XWrV9a)d7{=+_6VV(7gO$TX*p&urZE8!yX&ujhsSszJ)_K8@ zi*OzeWv&b8!!hzj;}a8$0`1s<+AiX=b@K@@H;tJ)Bjxr0J9n9foHY3^nHih}c+J(z;aU5QjVg zw_HZC1x1ciSRY85 z@q&*Xz|=UP*~K+2;OVGr`l3nYJPoTq<81a2LapN*RNox*8w6L0CrE`WUa|1$-0_$a zZn|fDy4^I~qq&nGz(yV1?V*s~=%`t);aw~j!2Oj4FzKj=Th(d@z+3bEw;Kx^-tOn_ z&zm$y9Z#eO_-^y&20#6+|IzkIV1Jk18_j}OGMs827Gwe&Pjd*J9BUDfdKcmpI+5d& z5jy3F0Xu2Bpv!31URKvdpT7n;dTI+dD5 z9y90j67kTi)9wn@-buG#9fQ?J&6ZQgrR%H~2E00~N4oD~zg}*8F7cINnEB$51{vk7 ziE(4eg1bO2*E=#t8+nYqYykJblCv+Pj2kK+{r=h}wkgjx4KdrUV1`-r0(!5$YoHnX z2`5k=_cMNZ&*U$XWS0{`w*%-K;<)b*$tMkdp3Eb?7W!}J_@8QTJ`H(?M%fU^?92pK z6W6Bwc$+}i@sK!Qa}cMA)T_7UkQ!*4#4-rJSr`A#wz?XeXeaOT)Oe%!f>{Rd-T!z7 z9!*539bVuSOI)dYpLWgdggAZk=P%D?O&-xsOVk@ngZ8>f%v6S?{6t*cl_DDF!ba}V=^h0zr3RfkMc`4cJQm<{tSIhzju(x;84z6xK-Nr zDk&%;8pKJzfRVJFPD|Jj2#Vx{j-XJW1R<>ghq8Lc&<2Qd-MdnK_5AgIcng>8Tqdw@9LiD0u&9rJVBF8{C(=RH|(1 z-4P5(!MQoDmUV;PVh5zz5muNwTP!fpkx&Tiqf7DAL9jPHx|N0~=$GEA(o$7Lui&8; z7e3ySHonQxwJk|w8QyF!7Dj23ERx+?MVJ)uCO6A5n(NZyws5S(ZOL32#dBJxU0W&+ zCB>wtAqm&zG;Zh(->!f=^D5JI>i!3E1qqLD%D(rR%5@1UquaFe(+Wvs)jKIyYS_{D zR2#Wx{JdiRiig%i6)2s~F&3d_jd->K$gK*mff$OLl*S68>rvoH6v?JBHm|5l`>D-_ z16&+nsJnS8%!^S>YHTlm5l5ch^2iBD2MRs6O~}*N1U=GE7NL2W5$0oXsg`z86ih z;plUm|99HfJhy7+sqyYnCR_D7cde=}_Cw=Y;PUU~-qEO@ ztlHE^;c3wDop+*YQ2!D1cgs zeKiR|%{eGBwXz>h3p6N;enWG2H!WAhh9isEsPH({oZs2?(P&3r>;sX=n2T@g*Okh9 z_4ufN!dq@NHnmkV`?>>qTC& z;+^9eqL;2WkM}H^47F-`t?*Vi_^vDaj#qq_*5{5^6}*K5_3ThgcN;gc0Y zGCPv2gv-&9rtrFYU#Xw!y&icr<|g-Uy`5g_;|#eHsnuCWsP zEyFe4)unNweevd^{WTdamzzLv28&$Fx$6i2f@Ewl;;&@S*!v%qk2LQz!w(!)d zbV*QXpihtbZv+MN-d!Ye(o@4PTjat>KoGw$g;_Z>2%xsOUR0ZFQaA))L|%bqB87z% zorCGU5H#6WLHwCmaq+Qlv?)NHP9!Vj?CQi9wSz9(@MjKXZ1*03Qp}h~m`GT)erAPF z-gkYW!*ks$P(CcdG)0MOfZi2Khv`pP69m%gQRL)Ps9*~Fr-SZbfa`0HksYcKY4RphwPgkrQrUl=zJtlKBd3AodHTxO^99 z(#Casy>lQZuFu0mfZPh1a5ugGXX6&+=vlCqt;T-yF#5v8hC53~ICsT->6&0McKdE8 z)6W-T@vFd7fwbevTjx~h&u8CyM}fG{(&`aGKWfYAIG;^YM8;~ds{Pqzud+lXfHG5r zyQ5FcvZbr*pL7#+v5a7U@=t?9?Y$r4Vc^J`3S}%|a1$Q&T5{$Na zIdq7c1zgvlq!2`+)h})!nl!bBd~J}R`ZV$82q&i{aRPzS{>9~>P4Z4jvNu##JtF*A zCk5L}a}WWp;xblhNp>BCn9J*PsO$_){_mHRtd@m@&o+OoJ-`f@k{W%D8l9Z(1`q+H zW<{f(M5WMFr#w_M=OCuCA(#LHXVhR?00|(i4&VoH0y%*I=mmg|mdCJ(+?N1FNIH)+ zl?^150MUTeGC_WlCuGguzFBbaKI;Gb`HaKb#KD1VAvL#ulxC7?VKJxGWgSQ#VWJe1 z0OK`gbuE!IWS8FVz^!EStFBTcYLB4*^Yi_{X&^KDM*04<>+7pVW|v5Qt&LRPxOLJs z%$k}4_2B%==##bU>!{> z2G{Py_8hY`2NIk(760O_tOHQtPMqtU_AZ`Vu3q-n>4b-t$?gt@oRMRg`7Y~fLdi@9Ja8rQ z>H{o%b~T3yb9kNpb|SJo>{jmSAcp`K&N01Kd8>~}H=3YJM+ICJWl|Y7(&vKi=#w+R zIr8o?%*NY&9O4Q|c10BBRNlIN?`=@j?{K$(==G9J3F(P_8 zfy3i+fat!aK9JKXLq59DbHm|cUd&4u#Vih@R$H+ud-Wx+y4(&wwOA=Q(VSa3C@8PT zXxN%GTd2~bPAq4g=g!;7;K7F;1H;Mq{1Qc6QBrjj>fj| z@v#y6mZHAyQW)YtUzD7DMoGZ>LC(@yBnEwtve`8qDIV=gxgWR?>Kk!f%Jc99UdSAS z_tYsDIT;>_kWc-jOO38*P+118E|DNiD>A>oMSo2Lb(@2pY3ka2A^@xCkOJ}4g9v_o zB(u_L$n5Zad^~l|t>1@7v+n;6F^nc(V-RHt%Y8pTC-CXen00ivEp9i;#&LX8UHSL> zz<&z7hun@G*i-%X>_R)rdAh_>KZWvB76qh3PT`AhFL0M|011hGkQ^%v=qU$;j%P9! zGg9!q_DknJ2_DaD_<4RltEctvDq~$SKV;!`k7Oqk=+GYzv$5~(E?Y@D`&hb+Xp7{Q45^Uqx)HsRuXq_^U}Ru z0RMV(KZC2O^i|MP-6aV>U6no^=+X<-m^bMz;Y?4G0BEq4 zRN{p)9HiKRTx>L zi(xZcqu|H!Ri7)3N|554MN}U|`B=iQD0)el4Gg;R818es&DagS)|Z$g}XF=cUoV;7Uuuc)geE+Yb}5Kc15r8hi{)9LH=GGe5nes7Uy|*QkAv!jAVBJkCniy9k#{ z;jP}(+p-_*+0AS0X^{FAqB+R~%5MT06>A%(SUww_AaxN-pN*tRjoP-iE{s2meDQW^ zg3CJdRUUxPzRtWo=Y4+jlZM#9mq~igC}#F26&49E?N%T!@^xQfT<>$w8U8Dyb@_JF z*f#|TRa;4l_0L%r)^sQ`Yk$d<*_8Ow1P{i}KHcg*jK4o>ds_RmJLHM~&GDD3J^QCU z*8}%>&OQPK;335^9lDFh7990 zY;wv2;&tH<9-8NoZd2voA8ZBzQH<(5P1qwJ4`z7?@AGbMwMR2 zdplXR&Lcd-pKZmh>CtVxs^tkHv!x}w(L|%b&sZM(EBxZc{p&;Cy~t!Al`SIopB4dZ zTl?4F5O@gXV=2>%!GZ2AiPEAr+UWz#*c}%-oMy+NXmbg~hun$g`MEzRimH@cB# zNJuw00VzQ@U@*E;NQoff=#iqJ(vlJ)0wQAa?)?kSIiK@6=RD{6-uHE>y}ri} z6~8Roo83T;v`JH_x&1!gwYd94ZQyvIx8RM?r-p^QPt85HH+MMTEN&p7!qIU6^xx4r zYU21)g42y5+RIO~AJ@ZpTgxdceL)mkAwO;s`j2a6<3``4{OEI9_}cogS>-nUJ=UkW z>#hSxJ_9ZgywdIT!NJRuYhQ1gUlpHutMqDfRff^gjBEz~=ws2LkEvKG2bazzF5k@h z_5S|q?FygbLVq)0tGEs!=esH?)^B@u$MR5+h<7S0r)$3vn z;#Uk>Wzorz7yPUJ@cV~*vgbEw*t~uh#ZFQH{V8IClM~d8Fcf&q!gbn(7nDneag+qi z>IE!nFQ8T>WZN*rv@75f`-9FMtZlJg=Ys1IE6Tace4_*KuZl;CBh~}^khB2!@y*}U zFrw&1Qq?_*l{zrQC~jLD_U?r*4?}Y02dZXFa%B-!12JJWDVUBuTt_7`*5Cp6oNq%! zWSa`k?rI+kJBMjAKU)sDvzE zpp*9_b1w0Dm-sBdlq0<;;V9>k`IL&wlu826Hwup0#dvp>=%=XYmc>-w6IdHZ%r+xs z4w3Q#mGxwg#taF&Sj_r&nFTOT{~MKVhDcm|LHUS31HK;}>Y#UjG>kS zn<0%%S=`4icV`Ig`B||74G_?80-67;GSAuBWb;!SyE7plGK+qghmx|$#P+Nc`1w_F zUN{LzhQUK}^8TT+lqj=*_+>#jV{}Q7N65%F0{CNLz*|4l9RsXG5}dUmY}^Ky7nO0} zE+tyz{;4vOmtWHcnah8c;$xgCg$ImKgpC_U1jD=_-oR5aJ|#{{(@IEdYf)<@#FT+D zhD6zl&P#~SQxVUP^e=A36yF!mZ`?>;*h5#=Q^t2^nQi26bm3Xe#{qsUC~ z7cC&Ga3U)QU1qgWHq%pN;wCX-4AGk_Q%x!Uzf=HGHRD(&HJ4>lQvNPEj-fmFw-L;G zE}O0)jGOFtkMgxvE8ygSnY^i>O)g!pD?L$uER=lz<8~>l9kX$?6Pu zW4bDWKLjtah2IwmiMkF<@q}a*hwUzfuth$&IC#*AqaeQh@6MGMB=rpHeZZAD9+j00 zq7bdMnM}2laAzVyZUOR@e^zB~z4zW*3CN7v;;JAr`C=1)Lp=13>+gP z$AK^R$!vQ(H$QEp2~L$Azta`0+z3c!hN-uP>8KFCmiRt!h|&;gcDwL)z}WmODa6Rd z7I2BJr&ij$Y+#6hD#k-mmRUJ-MS5sZePv^PYGXYbbUnM#y|k|7u(7_eO0W?kHTO)a zlB%neDu2Q^f&{5K2#D(P)wm9|MAt{`htVIPTMJbkF9a2#_U>Vg3kePScih-O zf4}LT)fY+|HDv9D1{F4xO0+D!1E{-^;q)yzM9|??49JK7**BACR@sg9ZZPE2j)udQ zsg!4KhafkTGS!1;QYXpT4Ka(#gw>?hy6fq^Vo(M0rcF^8*&M(cm@_TWww_eV$$|S% zsd*`%aQi~*XLOB-WP^uTlK51i`=+PVO1q5dEq6C)D!S!wOqCU;0~rXbpKHUlYc?*bZM&}g-=6%0}n<8PM6mciLc`1vpp02*GR8eLn@WnI-vJS>L#HRRGdRT{9LU4Z&0;H z+zrj=f^!9Sf1a!<_tK6>Y@LE+V`5^Hh)oyOPGy8;y{O*L{|U-N`-L7p_G^d4jIpQp zO-zlI79e!o!0MG$;nUQGC(|f?ST=%`&<9U+CS{XB<*o3CG{dX+sd2p>x}V`kzewb{ z=JFOv}xalzj&}|=3;2S00S^o0(7#Wf<%ZE1GIi)dTyF}$(gjQ$v{>M z$Y{-^6K5X&q3XS|oKOAStuFcO^ssyDDMURezX3_D99Ty-hg`Sp_t}7>v#FmE!I>xU z3%??jhP1nv!$i_+3f||{l6B6IAU z*~Ioc(J#jO97(sJ`T%elL;q|Oybu9<>r5qMzKENKXIoOeMlL?JB*jjTD>V0Owo<>l zPqntvo%nl}oFA4#mSIi1C8qlq(}t}O#X=JK1F9vzjk311ON~`uTJq0D8$(?C!ChK> zf60vw`^bdJx%opIdY5JfWTu^99~k(;OaH@&S#4yTBcB^o#}aC9*@SJkX<2qy*&7hU&OMuT4`H1Hd}j{J5(* z+RfJeO(N~~$^I%?xWKS2H?aMbNL75iEjKgs{{N9R_)#+~znr?m^01y^z~Tn=aWkxM zW9KH{Zu$vT`pMh2W0+F|TYEi6{hUaZY`(4hZ|zqL z%!41c+)E9hKgn!@Nv97bO@Z5w$5ULsKINwh;Ai+=T1U~=XoASPmAWx{e5#(-$@Xzq zauNvTjhks1?f+h#(bdbjE-R$-MQ*OfNq$fc@oi3YtK_g9egd{akNjDD)(QZ}l!HHI zAAdp9?N!p{W}fe&f9;-}*D@Teu2H9HeaD$?Z@2!Up{M+_{=IJl?unrOh&;?hP)kUW z$i9I9%Wj|lcAw8te;=69ckS-jxTsj`NC@oKDzCx>9`W9sJv#((Urp{l`H_t#y$-1d zmpeb$E%8lyb=Lk~$hOft>!F}iMtx>!5 zg%itfsc&AFk{7&Qo%;n`N;sIqD=)Qgo}=WLG&ArLgd-D+guIMSi_a9Vg;UOxT;<)SzxBWoy@tl&Q&i@L~JVL zmW^@cc`&(QO`f#)O zA%ZF;qO&+$LBP(*Kx?En$aj^tBzaoaa&7{L4e22 zm!BWRe|xFl=n)`Mb2gnfQ$7?X^xr>_BDK`>e7v5vD4Cz1APp(PLxw2j^3P@IXf=*> zC7b-F>{%T1xyMCqL^$inWPoxRh&?{+9^AO=7mwWzP*f-Z;BF(+a?OB43x z_NM*qmtcaT!<6+!t`hNYi^Z$*XW3M@dzGeL_NTnrwW_g+J-%I(^_)rvW#61D2VA_@ z>^7#bGsV+{0|7N@|va7N!-s?~S5NT?;T=HujtVFy7L?*Cyi4E;nB+0!SejOC3@g((U-- zQDAOxyW<|JD#GIOt@L3{ez%>jX#M>dk>tl*%U5+JA+2Rags}R+*Fv8Pb&L9+JTQrI z?ObYVY-r_~n8el5h3B^z(hCnY^sxFA%O7s$jvI#j26_p9Y4yOu^6xWq~oTRKT3$`aq6e+W-yC;I`FfctgZmTZhBrkxX)5drpA_vA%TnSf$Q>eA( z3~nnnaPqAhsEoiw42}ea)h0)!2Tn7bV}%^dC~-1eDNnzk4LSQZDC5raTQY^e2v2+J z(Gf(;?*ZGA=YG3Os5H4?=s2)U|GMlNl{6bn zyDj`?tOYIp3rB^?H{Rx2+Bbk)4c+yISPn`C4dNYY5=AwM@swsrP;!1X&jXs8cDTRM z0f%&%_`#ag%X1@H{VEzSypG7L{E1^*Yg#q3TiK`my4vW0dXT!v2jZvURK+Qw=YG57 z?x{@bSi4YHu}J@dTapu3K+(-a4`Pj&*#N6eEfcdddxIs=C+RLwVHYJYYcrOkorHOx z?|d_EQeuIFNc(&rD#>J==Rg$566MHM|IMK&s$F1=)4TbNzYSm43~|UlDi@k;#mT1+ z=0+c`QT9|**Bot$7)3i&Onwqg`UG%s8%{arn{3G#k$jL zx^D;PE?EE&SayTx=@ni*5FsGFOVpq@wfWQew)26Z>NAg%>^qx1+-QfMXSgDDl6Gtp zDPvC<=6mvZHnRg%VH-_rCTYPss}IvcSRQ7n^dc$V^_JxsWO z?TOsumu&g`_Ur}jfpi@bT&C*Kh*qn+BT~ifdi6$k-J_SLSX0D-dQuzI-~L|nmJTeT zO84u?J#F$b*jaj=IbB-D8I1MBm9h#OJ2rTasLWTw^-=CzU&JU%o%d!dY10zAp{XZz zV>-r%phz)Fn{X|Uirjp03&ore^Gxm$+m_Gjk>%?zW<@-0lobocwomD!SDPgK{ey$U z^rDbl1Lval6g*dccjUO0m&Vfx?LS5r|0$A_H2Eg=!1Q#iP`x=9){RxiR9YDI2Cj;X zqB$nQ^t-j4XcQ(icg3M+i+Kra4|F*NWok{#oa-KK2%Ef-oInoOmDwu$4%dpYr4JU? z_DbZp)Lyn_mFRc!e}&Xsh_{yyB`@|#MHfpd4Q)`N1O8g|Ov2_+JeCY#8=z{vYu!CR zs}6Vqv4=e!lglMl1(!ls&#*>^**bmbP_Pn?sGT1C5;2&j_0(Of+osJNU*D9Qzh(9b zKCa(4Iv5h4iNgBfk^p7eg)t$HnMuE_rnkzc!@ zXr#Y9HGD(IEo6{7Pj2T9Wo*?3*zkE=L)l5`1K<=b#mVqHRA6T>l~P8fv|3$&Pv(vr zjc4VA!ppYJ;2o{6lgsx7G8%RCGaJmsj0pwu%L)qGdgYufrNOTkgca}Vo^e}TJc*MD z*Dw05sp?MGah`c=&(?TMZ}3CTaHyCCdW-QU7DrUoF6uP`$~>-&%d`6hji=W9(NJ+_ z%6vtK)!3-=^!yL-RO^wq4WsIpMi8K^fS+WB%E z>8(SbA$#RB5428Tbo{dwyh8h-#PBSVJx1b7Mcp)Y|M>lx`zn3hUIxV?aaCC&@wkOR zoc%`Psj=3JIhF3kwB;4dO$M5QH!qtdRTCbyPjWG?fd__+>adbGlE`6M#~aLwtPALb zV15d=pxlfpg1m7idj1BNaF3`Jo6-SZ&m@IM?1kQEytYPOAnHFsDV+<2@`*>92Lf3N zgPPUVo!2y8nu3v)b45=psT2Ukx>h)QqkM>2|3X@#Fp0XmRh^~;`6?R&Ee6vB>0Tvl zBNOJe6kf)sU@{VKBdaFkNXI!6xp0__tU$`d_L9xL2@-xHr zt<$PBQkOr2ve2|1-jBi}DEYregje1xQOFClkjhs<32{Zeg~^oV)08hgR2{0guZ&IL z%|u%xoZjgWBpo6}1aVyI%O_HkMP~3$hKq@pm@r)xVU45&fMz#9Z>~v0SQ{9aqos&g zAOItC@gbhLTl)jtLAg2}Y^vPs`aC+}m(_iexC{-dy*Bt`cRG79x*((Rm`+3UbiBnM zy}JuH6sumHA(=y`@YTQjbf!}-E>p@?p$YQfB+aywXoww2Kh=!IH4$;;M)SOn-+;14 zixHjxEyjA;jx~E4*oTq1d%6M66Toljfq&!y_#1f4t0xk;5HZ&On8vNEnkyYg0+AGz ziTIEeRcUc%{)H}IOyVa5ywc1tcG@s#ar{3f!w*0EDkl1-gp9(%uGRMJqEDvVFu4EbMMER5ESX^f8Ch>Y52#f z$m6sJZK`jlXmtI+%$@;Sjii#wAN^(>zu*aEv&1=>;TDELSNfOw-8Ix*HKs3x$E4b^ zlgp+9ipCk*iFEieqVV8g_(V}6>jDFA)XZ@HE?qC!JjiX3Ew=H!)ktn2Q#Ss75CqRa6r2oSJ&C6U@I#aH#{EvO-DUQbAx_=(;V`f+XU4t}jVG zFT5!SiG}*_sBr5`>!+B0#fhXx39=~6tMoC&Mhkr4#86_+@E>siiekCZ@Md3HiMKZKzkzQz#dqL~oO5rd zQblfAuJ4$e?(1(hS#I&nQhi|+Ac2_ib8-uoHckdt^xmor`iZ_Q159>8tZlPEYTDf? zi%Jm2zz@cuMG=Ic2o)H)(P;JIr|yK=h|VOwm-$g*0KI{YHJx>8GMpleU?>O?uBRHG zx2iYSq(DOTQwi2hhrFlzegDE{?pT}fzvL5GQLM*69e2%dEn2g+Cf>e3WmYw1#t6E- zMk|1v7n!&0mzo&x;!$LHLydYbS!^>~IUmqx0|I2QNN2DX@GR`(l99<_Q4}G4|9z0d z>v`8NZJFrzb%vH?Ms6}2ZNP+W-;RHVeHWUskQUCTCY!hLA1&ecSYD(NbB)TN&Bf5- zgbLb6*61zO%`P>!NuXhpz@NFd^$DEO<&9Fz@Y*HHbr}cYp z+?cG}#AjhMO?`lt3;BhF)ovV*Jb5n)H1tj}oAA0$qE=~gFARM%D1Dc!!q4HJ<@E(U zWf4xDQH7qL+XE+M+9I1DXh5TB@OG!A)U#!r@@BWKB1{d-#3iW3rz!aT43&>2q?yqFQk88~#i0t`EjYQ~(%R9p-;w6!kS5Hz z#$hI7yo?LM3h4kdnF$gyfdPks?r$RYF$aILe}X=qh-}RvJZkZd?qR(NsuXe$^ zdv6)xVfk|s-#p}0bL7ff^RDOW8xm0~C#eSg<;Z;uMIqmBSFZWz^) zKy+*B4CUgaR1Ewi4S@&z)B$5fcLx=BZR|^UF#r9x^*;0js0x3Lmb!T_fP$<HAt!qXg{t48}xShxcJA^J!<|;Kta)RNz7u62+ z6%-NQnxu3~;WPMF2`dU3>=Jl?BWZ4;cYaz!Oc@@XO%_8WM^^fMmrhQ#ESyM4BtwOd zkx&<;4BA*RuSJqiV{!E2KTp3qVr_IzQFkI(ob1tG+cNZ+)CC-;p*8!1WMq z(JPv10MZA&=8Q_Vw&%D@KBw6h8MJ(r;ah0)8e8dHdA*!G3hDJmM%Ivj?`r;Hrc-JC zR_(im`)C0?nzHB%uob;L3tDN(R&K>ANn@InK}Z!)wqm?8{#l#uz^27r)@DXU1bD~i z`h5(AoNBza+eipC`>!~74B`0W#`~~Vimzo72^-2uc$h0J2nELlxhbYwW^xL1Z3`GR z|9PE;fJxMcR&Npx2e&w$RLj!WI|7oAEnz42@gCi@@vNF6^0JN#=BWL8=MtP)>pP`q z7Yh+#a(#;uq(#mL81<_Nu2~Q_fx&zNq^gLKg@=4gZ$RTRMk?94A}Pr4(w&fGt{(bHb>sK9SFZb$sB4DdqtXfqiJ4cI zJki3g8#rfR^4Uuq&nDdpDw-_DVI81#iK0XozGFPDZ{9d_YTuTgi7r=J-_qJ~3dil< zo1$U`EmZ_(j6RmCTzRV84Lw=6{vCh$3#2$_^Yn#1R|)Wn?JF$Q&m?Li>AF!uGLlaB zZI{KGUdJ;-OMQy@9QdUqMdeY~w#TJA2h8L4_dCWe2470Je2-j-_r+IL_j@vrfIsVU zgwd!gUdlH0h*&ctC$?^KMNQ#ul?3nWJipZ60=?IfaeVIizEre||4B^&%X1 z*ff<>{dz-(RWjpHaVV)Z6_+}cLV09MtH$WHc+w@oR?HyNRT_=o2h0;#dLk^pOfcJwq}z0^zQjHK`2F*{ z(7ov{@cnl@7)NsjH^t>e9J^@M5tF(2n(C#QY^{;eqJ4_APr6*PJId5E$J}ShyBFW> z=v$73E&J8t;wM9t8+528tXQh4m`fMoPI}$Y>nqxQygTF(2PFj!8v^AudUukx)hk>i z|9ppsnv7=vg^|K*&DQ*vT%ug)l=!R_H;7k8DqiKD^qPn1+6i111-dAki)iS3hm*4T zYqtB&taQ$yjK$_Ikpc;nQhn#|%-Bw z1O`n|9z7zR8qsRfR&HGSAnw}Oce4-9i}PR{{)+16bgPPXnPrQs{yq;EiJtWpXiB3+ zXAB=<+W)1VZgFC5)6k@Xqt>nBn&%5|WfM8thwykz>g9<~Rnl@v`ly&ysegSNDIO`? z!j*#-m|A9#?m4bIO?|Q4C?QR+54swDHb^B231yXv{+0*jK#aEw##VK7z<3afZ}ho? z6+y<5{fhI(HorTc>mRh~T=VX-d9U%U*d|HXFdt~hxvN}jAGeFX|NW)K8*rA^MVZhY zVpgclSM2Zxw~6xnId{qJtX~?N3jdUqX(iQm7!aN`U(aaC&7vE3Q#edp+QxVkgylbV zl%`Woz7*>a+?D!8khpGq8S}E$csV`H*g=MP^jh1OQ~JxgmR9hB(#arxX>~~VwdSg( z040Y$>J%dU>6RT`oX^K-CDa}f{7&r-7)6IcYw7-QiAa_=TmNU#VM4^4?AOcX>VFat zrqa!w*?OERb|teETbbN176}VB3omY5XoGCBD^34!yrBMb8h`hP z5N(4|SYtXX#Gs4OVj@TvIsGLyjGzq-v^G$qsAFW7LaZH_RT^pu?!}u-$|+-?8@~I?nC;MRE#ONrB(2nLnl&=0uprVOJyOks z=GW%xZc7#7ai^K@&T{yqSKnFumglCLAz5B;(hA2HEMr8ZO5g+ocM=EI^tLBr6mKTC z#j0khE3<$Z4cfsV`OBduyxNU#;E>EoP1^B%K-wcOW>%?cA0?YX`HX`Aj8x!K3ku0? z#v+~-Q&VDq@|_J=4=kSxxE|HCi<8ghuUJbp)Ld{^z4i$Mb0cbV@w;b6khZ15+czCB z__;*U@Tw12{96~OB`v)CUF4ppnE|&@>V&0_e0DMHPib+2-<&*p2jnjkT9qb-0rTWe zaY%Ut*qFhqAJ$_>Z(_k^*=;mzT+I9=+tH=?{Ukxwws?j{en`!Y4WID~??S z%aI@hjSw?=}stIe+7=6T|ZY=$9iEF7X@Ek++RxgGg+ zG3kmkGi`Ne2*~u>Z^~f-OUvnSM=Pkdq9R1~g+D4>X6LVr-t7k3A=q?lNzAAq+n__% z*>2JIGy^&#ll36{0y={>DObWX+4Zw z)fTEU+ZTt&zRxj7vqoLf=9o?m{75w27jo-$<%I+S$kjLrc)U}mZ>Y+Eyj2*P=z6WCx)5ru? zp-4{q|AskJHxm4g_JS9*#%)^N>8!>@26#TMtC9lwamkUSruTf2VG|$3e8GAHie-%7 zE(ks6XDqKWby)0~CEhdyJzAcY;_}CBxX`N3DsK@p&^43}JF$DaM?YVe>#tlbEl1?& zJ}b1cK!+%Z{pC$99M_n`ibi$nuB)MdP{M!*l_fv3j-~EOj8Q)qg_tCS+tPhZ;Llgl zKQiwKNsa!5%ut5amb-Sc?vypOt~>FY_v@+uw3pq+h9{l$T6Hwr%Y= zlqmD{PEllL;NL%c(-h?zkFWo-`URjwbZh@NP(Yy-UaBRw>=-mGkxi5r#vEC#apJXK z{bcwqY)d~_UOmE_bctF9PUhFH_2V6s71^EhbE}D?m_K&n(;59zjLhE9{5Lo*c%D$U zfoTP-cn2eV zuC2B(dBDMwrv~yYPbAdG=RUn94%pQjPpWH`228KPuL&QJ3P)7$LL~A15{|wFyh+`1f+%OWJVDGPwkc z=Z+Has$V^i84yUEc-3p~in*Y5fqNB#YuAAMqY4D9@D5UqW+SXEL#uE24v=5dErA0* z$evWiVPD{6`{5OkbiqI~lv9-Tw-}qQ8+*4>wP{V^Mm`V7WE4n6tEH=a0+KC`XA%dK z^NP&0x0QF|Nn)L*wdBB>vk99{JMO|&Cy01WGZ^}f2Kr$RDU5sgB z5(45N7v{4OW-fhZO>j37q)fxF)y>`a28`CKDTM<$lH5TkEEk9E%HnW6)JTAhv%i>2 zpp;8Nxmve*4GVap9I&13?P)rYyJnl<$^n;M+}X38eON`syH=?o!zU8L#`P25xm$h1 zny;0|ohfw-dBarOWNMFhl-dl;Ge?xD1o!o)9RTU=XTX3=FrC+szKk0Pu6@JmLvK0w z!V9Xvl;ljpHT1hLzuAx8} zk>kx6B^4F0UPRJlFm33@e8D-z# z${lw*&8S*6)DS0}h?;Z-l>vFo64Y7?7HMhvM~a-C83jazcr(HM={s3UjFLD9C6X5t zt|&?_TRGK%zr`peQO7i9wjt_qF=c`fU9m+&iJ!5LM9npCQLxV}r>6C~{u~X{3~V9_wxaik zmgI=_tP6t`r_RV5#uPZ82ZwvwAdKqH6_Pf8P`PvFD}e#)^Gt! z((A&49Gb3zKGu&Q{f~F!>X-_VezPNfqSpTE=DBpbbots`iNn1=3-!oQ{aaX+>p`jr zfDW&1Jd?bN@%LPSunJT!^&bw7mb=t7RGx_3w!Y5n58kf?xw`E=ib(PZ@lEq!t2z>Y z{3QPIBu@tDP}Jgy1!Z#Qgrk)`_cY)j_U&Hwjl-O+5$y;fLQj`7n{Nd`uf<5f4q@0u zF)vdC3{tV{9M!A&LmOp9cbTp{ic7^`ad`H--B#wfc3Xn+(Gb&cu#n2YTgg!`mG=$h zpBgGMm;CYdjr*16BdZ-DPrM9P=#$bVh?pm?pR+;MpI5Ix2njUj*@5A86>E^!`~qy7 z7_gVNSP}^|3r(&53WsfLOuxcb;3k`Wqi>!OJw!JzGxevsgbq`kepx} z(msR=bpwRNc-0q;Z3)8)cT37fD4b|GXPh?))epi)e?pb4eah=^hleWPo-v>gt0S^q5!%mtaV!6ovyZE7s;J15g$dITwyVHUP@>K@K;pa?Kjck`AjmqmWzc zFoH+^uqmwz%_+%0Tt*A76}A@q^(B@5 z9L-AuV0btPBVl=1P8o&d#Mfnx4Qk`@@tlYui6C8ZGPRh2p2JIrAcJsxOZ1V5KS??G z)mOUhaUz2#`__C~Y%pw25Dw?N7Gcn$8Vi=4wsTJK#_ zXT~UXma9o*&c=$Okr0kk;k|T`?U5RJCeg1Tp)w5TxwcRll1h&&q_kbuXQ#Y5G}eE? zb@Xak@=@EmqRC*6S1I2cbDiMb!!yPM&~O~#M@#Du$W!^^`0{_dsXQIJStVKF(%TKP zkU^v(vnc>@3hRR@-%ZWqMr}{B zH{eyx>+i?kTvm4wmmL?@E#?n&N1I&`y0$;0>OduE(|_`*G23wNK-ZJ}_V(2fWEihk zr~Si0?m0XU2iEXmIMeSts3Hqzp6fUN2u~7Myk~P&J1Cf7`>?ugXth~5&}WH}#tRtgch5jWJ|pOg z2ui#+yLjAHcrJsFr#6lUR9@WbRiq(?pSznRpGdlVP{J7)aDTulzaN>u1=2?il?H^I z&EU)pY~8`i6{R{Jk`V}Ysf8G!_9sIs>KAga-n0sueua*Bn=deZvJ`lac9f{QiEleD}ozhmrDTe{_kQuOz)BHg-n zvX$;gMP}uGq>lgHVM-Sne)IX*##G|BU4N8XxX}N#Bh*2dVhs z|D27|&Q(0ytBMDyjN;Q@UltU4b0KtGQ%;*o+F}hkZ%=bY(-uCJkLPlG%h|+MO^u~2 zD`a&8;=6Xv>R!uCv)-*PT?0HPw(z>{K;`%!*^ZyWBYzg&|C#Vt?C%q`r+Fi z*B@O2q#4#8FAq_kU~g^zjNhsgJ&iW_`7`qh)xYps2FfOH;Ld{5W}TDb5Cwd3U*q({ z=6@8P4P_U0ROmZV+2;0;Ka$N%5 zwzDek+Avsqp}auP!!yV{hXl#E0i@hm{RZ6vJe5(lzldIXDPsH&?wbleUlUVcV@VMV z>UX69-w~p$cEIA(G@lN~e92UrEP657p{W+6+uwHHe_d?m?9+^7x-@=B>_ly$sIp;6 zx$`SEw>?lCL0k&j@a^XoWqw|M&SPXQ$W8n>&VqOc&=Kj@`L zaZjuJQS>`aS>d*sWn$;?cG<{Vum2L>9?37pl7-btJN;s|j5osks!Ta$3$SmVMmi1w z7H$Z+H>{bf4`c&9h}QK9H)WE3m;}7xgTk?_=u8pRU~p33euu_Ea)e*Sjl(={084^Q z(|{cj_+{|M+SAWRALz-pkio@xX+?uKW94_%msDFmm4g!j|L5nk7!5)S-G@89(+Z^@ zDW`0)**g<5*q^zRvK?1Rj0FgHl9^+>H4cQs`Zl>~<92H>03d9kGn(1g;t@3J;`}G` z{!OrM3Y${QInuh;v_wMxgeAbX0S>o)9>W@F-voHF-~R6N6_>gyB@>6@{rCKi?NgIS zG0%&M2D zK~ch?{i%{KWY&W>OTXZDR90kMGf6x^8@8XD5~>K7*d}x5n2Ar4rl0U;3e=MKILa!- z8;qE)Num6JVYi+G!a_5Mk3%&W1|h6X%`adt)Hk{9V-9dUOzG70a=T2G#8kNmte%W# zOi$pWz6x<~u2=u4pcDeagD0v2XtyKH^984yPrf6jXs(zg2cn1rfE!{%6lUq<$3@nX zIeVgmUb)KWR0hf3Bw$c(^}*s1)(47P&7l5t%vSK#PB%HTEwz(yf``<(MrMg}xinlpe!0evO~k4&zzQ$(NwY`G`3()4 zafc>SYm1>XtdQ=x+4wQdVG7rFY)v7fsXH^%OO(5Ck!9><6}-S&tBFpYBNg6$L#Wrt z&>Ix@%+ffX1#nYePW#Nt=#i8=7M^~&mBuLpm9P<47XQj&jhGMvA-vfeNLdDRYfk|3;a}*J9wqhz3RVo#a+b z`G7y+&qjhsFI_8uTbc3^o2cMP*U<+vgVbON$8}o3z3tS390k~QBV7TrrQLTj-&yW4Ao z_w2DQPZw{tjuxVRlWL-{q4fHX=&%2Ydt_}d?j05X^f5BMkk(V|CbvjRnS5g#!*_&* zkj3w@X!+b6T(QoLa_YB$?hpM7Qv8&g)llhhguH11ZJeRiVUm0+Kr7KvhcOj_JI@y=xe(LkVNS2u5pz(xHirxYv}aM+ zFat%?v)LNN9{;4u9(q#QBrfr2a@ih*XJ7PSsU|?VAyFF7F+jRGPl%+?y`qpx5=R`o zj3LhxdaW{^z0lH&NqTT(f+tPT@@iyLCc<54U;mB(fnS$Vk@Q?T^i))&7|U*0oN8W{ zneMH)Z8=wLprnJ#kPHIy+%^E|R0K%t|1oI3w5IA6zQg5_y(CR92$3Ym>FkX>n0P1Z z4eR!}^YiPJYfuw#K``^9KbVUfl#`{?MA)s3k;`z*q-{%XL9_Fuq`NUjdDeiXx?5k! zOy6i1HONBQYtd{nm>O5-o;|_>fX<>}0`Nfy<#Uik+53?RO@-9HJW;)x2HyHXLk=mU zc-pejLE4xwfPy7b7=@7Ly^Wu>xb4&}JnVtoX<#170tIG1&%8Nh4(0VOdEaPddLfQp}`20Jjw+Hrj$m ztKH5Gjc=_Tf=DOtn5Ie%2$c`FcSt*Tt;H1}IpIE1}nw5#Wh<+ZvHk$o1)xrGk(`?egzOzIRT+J%isn zDOD46LSuOGNRMY9`dt8SdUa>2nYm*oSuzV#D<1<4x;y9M?`D0TktG7C=dFn}K16Bx zLe`gW3S@vcuBb7N*=)U@>a58epp*y4VbARNcPK;+Tu(3gStc>-Diu8p-d-qn0sF%C za5;~e6GAxk;(Ab*I_CG;^*{r-E~Hxttmt-O44^v+db_L+U;t9E@i|9)P9izH+rn&! zOamsI5(P;RIUb2DRVly0BptaC5w;Yg#y6-LA_a4UCGkRYZ-#0SNuh3ugbcM}X~mGh z+bFgQh0&@02h)>aN^#Rt{IEH6RR9Y)SJysEFmEf&-~LjfEF#_Bt8r z4LP0I42lZA^VLHgsLPM)RD4?jLLBbE27~91*iWE5?EABaQ(;&j1}kzI?S`?ZV=OY- zzxqrLTMDb{T5jsEOQ>?H>6d@j&B5d3Y;QWoPM#O4NppJpSugOC`@DLM2~GE&zM@_P zWEiu3em_(CUVQP>YPd@Wj&9rT9}Czlkv|Qn9__(738~>!ps^(qA*%3ErM78T>9D0L z))EO$!QXEt4*4kwJQ%SKCEtGoFO@!7IAz84CCs+4BB{O&+^_%H~; z$HGhY5p`y+!Tm6wZ+ok#1#G^UxOpP$Jp`nP;|*mz`?6n%YBelzLz)~SD>jm@1V^e! zXeH$}Julm8E&{5XiqvOU*Bj-;E<4B`#DKNEoxP;GhfelY$S_+sW+S7Tc zdlsKE%w{u~2`?wnxFMq$+Bqbtun)jLL39_o)MiA%;Ym3v-Z>d8BF+nNmwrby+&Lplq5)m<*oQ`==-o zB!F%VgXqF-n14pC&Mwm*!|X)i1T;Vs(3E)$FD4oj565G%=TGNML~*T1kDt?$fKD<| zW(yJy?2yiiPvXBO0EGRQ$f(ht#`>AMLIUd@Mwo`qqOM?cVjsab|gM9Bo9 z-?sSL$^ZVps^#m-doiLY~0N>$W^4yvm z*kQSd5jdNBE>1!L-jRS7G;FH3n7RN=h4D0F^K1wZ`#}h8<=qM63b}FuMOUTgfBwOt6t+YA?%qFVVm->(KfG zisCz$-Zmmg{uBFZV>L}&<%r+y8Ee)z(aoEv9txtU;+#k3N;i=PO2a9@kGg=4T@OeR zvITrK)TFAdLVZkh50Xxvn`4XUpFAbQ1+nyh}a1w6zZF;Pwd>|K&mD0>l}{1P#U^>x;ac-}f!6K$iGZh^#ykN8J}-Rv^7p z!XxD3IX{x@pFe3ABf*W>jlFW z07mk!EEHcMgXozBG*E05TDn3_upqz_gYqR^vy`u%@WFKGz}{Jy-#5MXnOSG8&d@al zpz_n=NRLTrPlnHrFH8F=)!i`bz8Y8ws+4wjmd8RC3@&z$-JT;1&8`wGb8YUk0-zXM z^<^-{^wK4Oen1zzAdjs%o~Q*+}ZfIR>Rl@)+^5 zXhZCc>mFdt>M}bPRYHEtLO~RCV?;^tc2dErJfh&I)4gjVp03a_JotJD^QUE~`zyPL ziw3cvKcZjzC2xJWj!@`sdc_n%Z%=t4vlA%ScR`* zWX5_PmVD8KP4qA5J$z%}!E)Su{RP1NO`E3x@G12H3ia(KgXNAb=NSGYE3js3&|CVt zp>p(ZB?3Ef-~izDdi{^rmoZOQ$%JH(*Y0aWaj{Ue3>Q<%5WZUrG z5%3Fh*CRY^l1|%OqbeOB1V=(C^IXpree>Kk<$nWxu@G%6eY6JTx=Z8^nKKrM;_1Ct zp%C>_N^Dk0*~5+7xX)I|apAYAp&ldYu(OZ6t zod^$&{O*t}VEDB;PJIX3b3%WCXa>Mfi~1(7Q4{wHqrb8R5yqq+)C#+i$E*UYU_s}&Z2#}Fz9MgPU4VCc$vx+D|%HQ?~>b2&Q%2RjxwVv zXrQrM9OA{CSmg%~`X79j?+nn?pamGxVMU%;)np1lU2&q8kw{l^VbwO22P2NVQ`E)= zuGD7S_T;D5CDpr&lCMvp!2XR-V) zW*I+rVAv(<3IJg+&;>jx#g#;dqZV0_=}~n#D)id`8dDspI7*xc0P-hQ*eHex55&F+ zzy8z~;^>mB9A(dfXqFm<6_h;WoQKv1%f-4px?S3G!%q9i3epMiSPU*50njZ_win1t zA6e2bnmUx|NYpkYuob|Nc?Pf*gL-i>9^*T>xf#>XIx^0XVfKv`t`%#$CfEKx5sdQk z49SQ;1>@ag`p@E(xe{0#1SR9IJL^o}Ms8l3uS+n=7+bRyTq9u=E~2L~Fs8QQrAbJpYf2hpx6PXhIjW;!buOv)%u z3V3X0$mlKC7?c_P8tG#pLoohmuJR~Y?O96SgG38vB|K+d#iSE3xVRe7XeKM-VgBWe z%ffEdyM4r+j9lo9c}qdT&j1(-{V@eJF!X}+FGx0eT$yK3pM|*-kzX^)l=y?Fllo@4B2s2=7gWcM9*rm*5Im|SW z8CyutMI7p8)EK^zUksNIw3W@iP@|vYdFdu{e}tRO&rUz{MZ#$9q@F0pD~2?a?csj~ zU^mrA7V%Cmf6o_MYv=QG`h-pIxf!?yH4D?X-Idh3bC$LTcp{Fc&K1#JXk$U>t&VP< zLHS{@B=&8$6G##Zs{i}CgBxs$UD9*HKluT?;V`G>7W3k7d@x6Ie#sQCoZNE`4hrY$ zjvA}2{m54EqkEh8jll9q%wZ2uIKp(BUF>l(4>3a7(0W?qwJDgEHR- z<^SF`Ie=P8<1^~wa`HPX|84xc#?x)1KU+97@p359rRww3xp_S3V)_%t9)ybBVn65g zz2EaRvE2EyJn9f|0K)+V@!40dfh@5zBClI{okaUQjxNp)7A*=zc2LzDFW=!myvs#_q-fDwoH-+K^Z==~_> z-|5kEplUrx{93Hy|GEu=aZrbGk^I5sJ{nSoSyBT|1r_jicymmMiU;73rj&YvM?X)P z!c(D7jgTpghj(i$p_k=&$6$+ zhFmtn1HdZurvfgC<++y?wM)!M*k=Wj7L|X#)o3G1q%Q7u%9)aq;vXs*ndUA|B_vhw zs-O$ey3j&R!ZsF9p+FO;f0^12r!R{GYX5icUcuJ}0HB4l;1yb^bN7qF5hz9Jjh>LB z_2I!VH$1~7KFL**!Rs+xQX=Cu53#^0Sk%wT7B?Y;)LmK$hYZmUS540{S^polW2yQ# zxidK!J1RobfZ~30b~yL=StbRCFOoQlQIWD*u=&g@-7&(}M22B|XTe>|MvEsZB3SF@ z9|x~y=#?^7S~ou5dvgC`t|t&M73<>5<)~C5JidGEGGnK-j|qoo>G|#GJ9nj%cxKH4utu_k9oc4HIJ^li;E%a`4UthB2#~ZMt4o- zS;)K#D{rXuQ(L$l3N5*8u!+0L$&7 zMjLojZL5IkuB4Tz9`6{FME)~qAICRq!JJLj-pwdguRf{wKRf#`oznyUVvWwRD~G+}J6k<= zz1R9DGyCdo{r$@EFRQxx{v;Ys;GXfY{SrIf>8qh$>z}71+e@c6$!{LVi42RNlxmUNB*98Ztq5Bpm~9n+mo$5xoW|4H}htDr0`tz3T; z%@08nFMTWMRr{Aai$;BXj9A;f@kwqMr7-=DA>cUa3M31-9nWw(^-T%vZ~>Q*v3@34 zJo=Ct8{^4*v!f|I_7YK5`e_T1P}`r%;3(C;sODO zOFIXC z2@t9(FyPryf-%TdAmVHRa7V<8>&_w%54t=scSURAzW9I!1Gr5BqVKCoxUoDsbNWcxR20xc#AS|98dvYhthUI3=oS;*`MH!F1kbQ(YK?3$(VH@Z5j=Mfc#db;?hi=AnblQpW!2~B0@m<4tq`cCg__Sf29DqUMh%tq3htRKTEIC_-40T4=Bb*kJ%$-rT%=Tv31| z#w5#T_t0#+`Sdph31Pvez6TC(J-bGLa}CTTWM)hBQzmT+9rhT{eb=>XNT9GThcJf1 zyiGum8$0vA%K3_8ShM)A~t>gI|j){CDA%=rP}dl#C*+oe|{J~a{jq3?gZs@(0Y@wEG6T!Y->|h zh-sadyzS2(0Qq5PJ0=w|KEAF9Qzx^-Z<4V*MQ?fbel1G&vK&`s7OtVxhnHf}N z2fsfhF)LL zPmKM^;0TDfLed$5K3!cDb(CY_{^!ol{aGIcubON=PB1zuof`22+Pso*Q?^N%$J)Y3 z!&nn(93D__QrEcr{BWqRbg?}<)DKX+A`)>%P&(D1D}vUL`tYoiFulnNHlD}N46vP=Ann1 z(7TwVFRE4dHSb$+zyCAEn>j-Ij6E%bOJl~!x3ayRZrg7pdMRhM4JBeB2~$$~DeV8D zPq>ZCw_~*NlK+HpS?|j}sIq*Dh&xLxWOg|azVU}_)q0fA9zAy5=)-){c*l_k^ROVCKja?5`X^dHn9_eTuhTSe`^8ZbUy5{lm9 zRpX-?r*JR!(^uSIS?ls0H)K;(clP{$PHU<`=#F2<#W9>yP;sY!|EV72FsQx`e|3C6 za*Sab3k`TOe3BJ+K4b6&G{aDNC_XYg8+vOFtzW+O_{xYavCVboO57Vh^5{t2t(e1W zF_hIi{W}%c;SF&&c&GdmPSx+l&Ur-dr^FsUbG;n^kw?d&rZ4a}e@95M2MdJXH?awo zI==H?uP@Nn3xJM-=tn{Ov~ZMITK$A?&mtht0tzwlf$Z=bB2FNq8Df-dQ$ z7E%z3>>$NsyXMm*2%6BQ6vCsJp@)WF-v?FqrS(r|)J&&9R)XRD;mc0cRAXmVzF)*8G2H59Hk6RNZn&?G_)g`#=X9nmI+4dob2BPCiHeICs7Bc|X4q`qa zXxirTMdscw$^Cbl^`Do=sQ!IxMPI3QdJb%!kar$!T3#aib+lbpq<-#cAD$F(|CT`{ z?Fxu~@6g%i-;fi1=1sdl&uZ_J9rF7lQ^HVLeWaKJLS;BN4wkX zdK9oBnnq+j>^FNn#M?vQPNdYaeb=ZNTT}%XRm|a1`k|@r{6H5Im6%u!a7QEBag}Do zN?V1(;V@^}-yn&00P{6vIUi+3!y2d23I@_6u^+6^bP@^=HpfB@Nf5u^@Q+j8&uHxQ zj_sK(G_FNeaM;%b9(UNbtIg;ez78-|~I^4O4g zZ2)c^&CBAV5OT%p&s22*i_OE9_h*2yQm32`o?;au0H2nFGXV%jukots4NjMVyPT}>(e9$dUlcG>geWn~z?^~|T;-9njus#M^x<)vj)m7y0*qT{#Q?N95i zd@G(g-1pJBUy9fK%=U2-?DoXy z`#8~BTk|l`D{D;zonbBhCbC{;oR-diWi!%PJ#d0SVG963GgBxl48A-|%qH$UW*>w3 z6KuJdMByQo>9(E+FpzKVPo3~9$#!GZW~=Q4=r*};v$VU=V-c-mB2!(i#Uxh8F5zx# zW33)&dkLqf&AH7eScy*nD|$6}g*vJvL*Xb%z*uBE!C*22N?KfEMx`n{WONmJ6zMoe zXt<+7Ywa7^)w@bLdCXQXCV5PFWPfi!stq_-k<~Y4AcgRafbqf%wj5C^JmFYnYU>>$ThEvzAbt& zY4m0Hg^3xF;)cp7O&Uu}QxGdlaiQlVA7D`vi33E zbs)~Y3*)OU)$8KxUawzHzXrk?;}cyJ_g2U>p%X}P7;^Im>YJ*l!KA<=MR=KQ%ZLFCh?}iVL;WFr|Wmg z*Hyp%cx-&*p9=Wa`F{!A7lVt6rhMO_`b2%@FZ5oA&TKt*lD-w*ig7>E;8=h@g%huU zm;^a#W_pr;_UD9h8QaYm3-_K*eu=$h#PP3{bnV^F*KjoD(h2_eAQXcHf&?kAcmTs- z=lCGYR7>#13lXZ1agwTAj_Z3zo?z4upgwmJ=#r}eLJ66^Z2QSf$E z_gKx-W9q&*pXFo59oVRJtXU?`-2t%^u9>`fD~o@>nE4#4#i>Bf3eMc3ODxoLJ7El3 zzXlQj8N9G}CJ_m0uFO)Vnw>i0Ae)J8ej$LWmOVD+3krP2s9vQYEjQo&{Nvc8o_4dd zo0wYT9qyc6d^H+l)}qY_Ebzcy@}Do-pV*-Z5hKzU9G9?a^D?dAfT8cc5%sGnjH>z< zJ^6%q|DZ%qxf-#Xb6>LAtCApnj|+qTj5U&AbXDU(0w^O!u-zvXJ;!rN6rBZ?^c@yjXuT@TcVS9Sv&%oIC zPlE5$A6v~c>nib^NdcS^Q_tQoH{}ldNQ+3UB{*8QAYY8jNtKTM{nJ`U%i7r9C)QlS zwp<@J(PRTSE~4qtC`u(Bx}h9a9bUb9)YpX%V9rfB6Ru3MaPn98>tFmZRot&9DX5Nc zHA?z%LWV0)BfWJmt*8qJK)I#xtSB4M?5{D7x%OnmOnd&?f?{0v|D3kX{Mx+l*|1NnTk~!9oWc@NOAVIY`aSQF?P$!nG!L(jo&ak3Vi2wK&8cvf z2|yyxP)7=~DrWCYepx9Jeflk$dDK-sqp$t>&+mq#voqXa6$W;h?++g9KL7Nbbx4Wl zO_@%HyGk1bkh4LCUT1uN%a+1iJyip@9`<2MjHuZ!KV&4_eZh8#t6vD(9yiW&lU+>*Bwdud~G8gXG%xs>1!vk4C z=U)^FI^XUk%V8<2Uw(RG6a_ee&FhvH`Qy6dVKfA z=z3=kyNq(XSPZzRckM`;ozIEWCOB0Nx1|{e?p1CNdz?`Ueno{aK2p9DUTiVzD5~^6 zarD1(iRs1P&3enKxjlRP&48)}T$hjAT zYCV#;r{I0%3UL-CxQ|^)I*4?s=4kd_6c`vP*c4$%~jZ;r?atWVO|i`m)> z-W2xflM7M0lbXg6>Pk=FqaAyI$I<=tu4 z6Cq$vYK%KMeMcW!j?X?2%?Q^EXDC6g{!agPitjv4Hzpz*i8&2`96UTWBqa(83kkQ; zR}%?geCB+>nx>Ovd|AdkeTjIREoj8kGxu5+m{H0?CTm4MJ%|t;IF(gRlP#c}SLXrz zFbz3MjXB`pI-EvG&mfEg!mEpO{+#A1Y~?9lG$60^=ga-c`wP!8-VZKoNBH&zhloU} zPy*8H1I9S00}F0COXhrq`ss4k=_0nwk#T5JZZZ>?^Fb~*B2s!US83n-j$#xxH9zVk zFL$9Rmy+jqkY`Mxox|s;&L9FKi=+CBulMKROHwpBqau3!cyKWW4L+4&sfi-Mw{LvX zXbPFoP@dP?42axu!CbSSa=pbkn`2!I89h!rxPy1{s;Er4@SW|#NOOFVcSCV*JER?5 z*7*mXb6mu_itIYb>ozFs{! zHq6n5NW)0dHx~4{9Y%F5t%%@9o)-#wqQ7+s?SOmQrMbUv@)?9Zsx7Te$z$lt_nQGx z5e_Pb(TPBvHb8PoNYMt!U(Pa+VcFP0QP<4lVNOI20M&hvuRV>|o&nP8XQ=*0@Zgx6 z3?70~ZoTeL<@WHQ9wHuBJyh%U>JbSNd=?RYth@i<(N%2vr3cX%AqUzV`TZ22?Int-b!ZQ>=X85B$^sa&|!a_lFdu97U_2bi*c~x~?L{fQamU zsH*soXCR!(RDHEU|8-iW0sGyPsR-#aUC{-$zbW2&)>ZszRT0na`P-{R9~AqhRhyx! zJJ%j-h*!sRRhwZUX@=GG7lt+Elxjm#y+LF3*n^DC;s9fE&5}3p9xg_+I9Rp!p^>uB zWglf1jL+k!$^#Ksh-ZZ4Kw&UTUDb3DBwmZ@SFU_%-9WlMzf6oVpxk!`gy*UU+0z;Z z)K5e;PY*QDq(2_|1E1n*(3WY@KCU+OslM{3xSWVAB}Xxdz}iL8$t6aQNe>^D`h_a` zsEGh|amps1Kx47mjynI|6ca!3drrrN0ndew9tHw2VDl+w%_Olt#js_L3t{yFbUvLD1PH7X zuJuxEeM|x?jCRg7w5o}KTreQ(c6FT}H4Q2c`Di?nMLc;ik3A9Xk0M^f<%PaM>)shifQC#Cc;dsFjlBgDwG z3~`i)HHhCd+L^xXqr0Tj?)~EYGkH=k0_azuD{f#vK$}-o-|l+v zYdgYMA=euy--AeiBB0LiDq1f?tBAXOUp3F9EStKkPjysnu_N_pB;yhE;_pbED*3N8$pX!cLxgAVPvXfB;U&{qH&uJwiqht9*q#z&=% zy6(f~)E+mbeEm;@*>AIKZr_*!!`IVefDc?jhW&u1E(QB>o;P4)64ISWqf867y`c0+ z;*mFI2ipFQ7&K4hWlk7uz_Z%nZ89@PvtYNuZulpvs4`$a+w%JqZ$mqpqtap&@VKRU z(7iqK`CVpXxu^;5aO054=)sC=>sxm>8m^GoO^@X#n!uXBh`0RIBDZV*TY&$*0kw%y_Elj%w3;#ij zAd=xk-@#lheq9@Q8kKBW3db z+uo?Dh9?`(RVh=Le^cus=u~JXVW;miySG%S;R4S~APZPO-uqf}SHcAqfj)-r+d^nD z5KSD2n+(}LpZ;Bjs>dN~aR^%(=#QbLOsWB5I{%9n(Ii86^WnT2c1A4#_3zU}qv~@8 zCo(9#_iyCvXnF86{PxRk5LdDM4Cu7~%^8Xe zh#sK*JKrYRGVm8JVV7NbXDBMSKrg9L!U)=8+@eicF}jdhW$`6)hgPP@2boVA%<(iy zgo7>6b#FMTt~ss6N3XSY16ZP`Q$MXyVU&u`Z+%E~dUOM}c$y|BWU~xiO*_(zm+pTw zj$>K`-?EANR?owUK{A;A-GH_vdE_B^*l6SKXE;~vvd;qita-lfK1iC}lbilHc(X{s zEGkN4h4%Lg_sq$+FE^JP2jAaZeaW3EL~Fjg=@rh?1d~B){e9&k_I^YEeVYzKYN5f} z6rw|Zt!WA|KrdwzQR^hSBFu;z2D(O}pq-JPt&~L~n0QRPVY-XiSM4=iP9-t0ToIolYwM%Q@oN|8YJ06}{Uykhy6{L_9LNd_ zs-a3IR8z#1zTh_frVO3b1?{fsw@u9V+^?TJ{deUVKHvPeBzft7FpqF)DBB|xl{cYn z`r&vVDbxxbB%MKcXzD0GgtNbN%l!O33wHcFpD{3)%e752)T8!ab-MVk*N32g?>?|J zkLG`wnm|2M87v_^eE_?F0tq-}%Z1}w>8{9^^Kw4ECMdQu0naPGxV~?A-=1}x+w+h?#^U_K+PmKicRp-&fEB}G-}}x zExe3QGOc*{Xx59LebWTcD?=#_ka3Gvs6z7F4j_^4xi<& zGU4!@R|I6?oTKusY2S%d#_AkmW~s~9;Klo989$EVJn~>xwM7AjjSWb-g-m89%LPW7 z4tw#Yc8FjityoCADN<~D71)B<88B)aKHrwOf&ejp${y>S7Pvaeb(uDSTcD{~cFw1H zQI02gX%WC+dFoQ+14L}HpO~|xzNq;s?R~!SJB%n_7FjvSXNjQ3OYs*>cm{SB} zf|hAXt}b`*OJhCf`#)*pIRPh_bSJicn(~@Q2{jy+>ACr|{2}8ShQ8~OFutg{(cK5x zV_QsRcY7-8EALD+PnK9&b2b|52H^xZEBq6J*_<>xZ0aobEk4Y7^Klgy9)Ec|Kb%P` ze>yCy<1!(td#5xl<@&l~feYUTZi!A?V!5wDNO&S(>`D0{$GEAUloiO_OrBB4x&e2B z2XB{j%Q)Oy{<%9Bz1%McLYlfjWldZ@7CP*QYO@D?qN{PX3|P1cSLz$xEx-H3??Qx! z_(&|}1r;?-WwrJ>FcEEkktFE*WKHlMTeV}U5PRBh8gJIUfwkH)bHJ~IVGRT{gz+y2 zqtNG(-$$=+kr{7nh$J`2S|S8`?9)?g)#haKj2^%0axXX`yInEYP&`TJ*cFXWXR_DU z*tM&xU-K*v-i-XUKr4z%7O9Nz*vB}S&p6jURs+N2`@EkSMy)f}v*;SGd6Mo9JRMa2 zn#?u$DHA>qKX%%G=}}x|vgW~_vKe}>aIfcJvgGqW+8@_PfGnvm9K#k00t*mnk&YO`JF+rdb0L^20^?fS#p%R76O+=kV4T5#L>=?I{OXT_ z27T8cER--gTM)M(okJ$B0J)aff6fxDI;wyVUaKD)^M<%a~%;$@iDSjAJdt+sm! zmkUHjy_n1fL}1EF21XHAABku0v3iJeUtwQ-oNnivIo^E9bg86g^kVZ?*&D(1G5of! zrkSsqCI1+Z`Lv)8F3O~R_JLagPzgseG3eToS?TRmCIw}oqIf(QlbE2Fuplciv?vt0 z{NycS8{tdcUUO!wz89?(ow-Voo)UpdmSEx67hIK-g0pvUmwD##+G3uZ>JI65eeZIW ziu?%{me}293$UM&=JS~>STf=qSWPRVDC9qN5()G>Ox#ZPetOUTd+eHnk2!PEP5Gy0 zE-_qnsM1aophk8O&t<0i)o&)qO5+5Z(=m2<;;q*n$5vSO1)*?BtY+9K_ z5G@uhM|pngzOK$E31ZUVVqkN%NaDd%+kZCYW9&6U^6R!;q=p}553K4f`noIV_owbF zPFJC#btc2JP3^sJx#X3TTU_Ku8P2&}m}L11OP9(W28O`(qy1NVy;0BQU+z9yffC(r z{Xtrs?OXMb^DV0n$sof!fG*E=NOCE-*%W=5g&f-YcGKS}ST2#176-UyJIVy&wovVV z)|R|1isB#{2K|{%+EdYF&G)1p0DgCdkn8+fOEN*z&^}Rwp&a4*Ve(b_%NB z6v7IAax?|^1kv$pcx?VV$rr0k9s*f>G z46bmcCa`|GzboB-`bei*gRz4#fi-P|5b~$QhvG^ zOf8qnw_Gn;=IDR{!k~#j@4Ds~?f@iU6igZpqciMDu;3sdbiEiDR7Cmc1IqwQSL>35 z9`at+a{BMogz4rP=w;T`W|@b#=*E1l*9adk>h!{bB6pz3R>kdD_5wz)!bSIe}>;7eiN5W$J) z`S4not-m{+JqNNJTf&lk<(D^052hZQUm0q@ZoDI8xW7;{+aSi<%%L59!qdQpPv*Qt zd7s`aoy{-90pY>Q`lLL}QBFKwDBy?TIIhrfU46eVUzKsfohWebpCC}L!Ta1uUr94I zYg~_kdk4V$^ILHic85|scsgYgzS#O@2jsE_c7251=821hWC(?t2!37p^W4NOZ{7VL zSFlm9T8(Npg|=Xj`=6JvyM7Kw zZbh@AB6Z~q4`Y+P=rM<><^eZkW@@s%=-+;$Pi$x=y{LIpR%TA3Ka5m41!5o%%Ad~+ z=NzEv9W&a_)F~+5*lX9BlL|kMcQE$@`Hrsk-XGl0Xu1lADJ(Q$BcQ%mm^32g3p2NF z0L186m17#{H_AQDRXL&6@aqZpeo3E`K$Q)?A>AG!k1p9XxLmY;Bbbt$jfcPYg2#Dh zr(pWiIEu}^uo@0zY@#|m1bab!PkJtpKFKL!(2x!=$k-SpZn%M{6>w#AJi0)Ras&|E zS7eTEV)@v$6O3mI8D(Fh-Om^`@VUWL58x7|37MYY?Sfm&DCnbdKI$ppQ$n!BT z#y7cw2xoW!bjA{{nkMd!$_{!%2N{d~^u-(wp+(!g&x5-mmf|_5LsuSjW=~M%O!;{I zG5)inB#hRz>Qo2FEQ}|gzKnjnJo~K=1JO1~L7AYPW>DH}pf+J3whH0J180+fkCs5Z zL@>uHKmuThh2+wR##a_}RB0RTIvCbw>eVHI!@W{?lt7C6G*2@hQ8m(4W@i2AWJhv7 z!8iHB$`ZaGk^IECp|zv!$je9`pY-c{szZq8z=LGJRijhGk-??z!6d#Rp423`u1g3! zsY`0qU2CkFFs?THR)yPoI%jH@9aL!`fXSm;E!GsR>pye@W{occ^;Yp&iv?6IB_UYu z`BG-0gi`LxR>zx=n~`#SYm(qSPIwR&_7jyN?Mk!2Otw1iw%SPcM9&=-w4tRI1(3!2 z5l}Y(hr~esTjZ?&_f-G-7eliqTstprXDaQ(Z>8XdA77jQUXC6AL_d*K{MnlY!cS^5 z1^sQlWrYLXTe@{IYrIMXvd(}w;WybNo>dy(EYUEv@*ah5X6k2-A_7u^Qw{ZH)GnGN zhlX4TNd;{VrLP_ACsV7gB*V>)9My#7l3BCH>_7E`1RK5t%yGY*`#iKbDWSFx&>evo zk0EA*81vQ4Zo!Az&Cnu^$LV#cNy1h%CKQMb8DzdQb1^Y1{xU(uc3BestnC$wLv^$& zn)ZQm?lPp}s*puwQW8Z5mXA~(TGG(k(g+n}A0ISIh8w7=8wF^HsXye}S{My5Tm0pc zbcv38&z5;~e>5Aj@ZFl$=z_8M6&afEsUJ1Q)<&uZHxbU~M3nieQMMCH|ODiuL zQ!9c#88q^J@WOc6if&a>G$Bw@5hT zH@e_Z-l_f4=yGZH6Js@|pKPb*sc!{1@@WSg9d)?=t;Wl+_-{@U9QDPG7F{>^()b^5 zR&XP$AAL_s`Y%9SGk&He3L@BHV`Xb^vTF14$4Z>lGTviZ@}EJwCZtkrRoj=Az?wwJlaPemnBs`KvsUe*iV1!Vcr~iBXTco(A8Tguvbd(O0 zNyMxB9w1YpJVA=hMOT7ApLs(ISn}Vko>i1~NdjnLoyAel;WHj?3%E#`EbRE4xu0lw zpQ0bjlKt(nKz=aapqL}F+bDVBE!t_4sl{1jL+x~*eIQLJi>H!6T1+CX@j7YZ$}OG> z_6JTrc9BiDJ4HTRCH&g&AKTbCx33l9D)^HMsxwW{gIoP|r#4z?uKN-o>npMUbT8!M zC8<&YaZ_^HoKf=ShP-L0<5T8-P*gg&j#hp>{^pixHm;^L+}1gOk@-WW!#-<++s!3s zX0xA+c8Al>Ne!1U3GgJADMG*vf%O-I=O$XpBU9JNoh*)Q&h&w1b_^Mek|f7L`>Y>VmLGY6)%y_YZIaj7{iLJs1K{w3MM zzA6+~o_u}gkGLCr1bEJQ-&5bAg}-lwqUi_MxVATvpK1#fRXP@%Cb)`1w}T*j5jpJ# zG8bEAcM^o9-fipQX@rF~YlLuD6)5WVb#hQW&U!qPC|+^O9Q!fjip?x7hdoSghYie^#^c3;#*VzFo_!-0VRsI9Z~rMZSdea^7;<8+JqgJTB1 z>G(S`u+aS%x^(k9m^l@{A?!64KPjy=@?ILpk{WRKqQaZ*Ee>fry)UXnGr81q1eca- zMOKr&q=nr83ZBAVG=;jPtHR(c36R7~km4IbMgKwtvb!~iZ?dEO(c!{^6<$Col3DyrA-|E$*H$Ob z;{7c?T@sz~SKFB%C*Au2ck^CwQ}ItJEKBcI7MdH^H21jv*&n&mPG>VmBPY3a)L zp}^YPeRo`-BVn~AkxD>-M1hK}0B^SE+fSt79D-4@3F^ss4*lzuZ1T5HKtG#Og8RBd zYPo!KVG$hgpI6n0&3Bq&KMr=h6V!DHI`FxWSIP&wala972;dk>#qM0Oy!$(2{|i=Y zAo2^=NZ%T=p7v!?ekR_L16%{AVJ>@rW>)eCgUL=qX6lkmb-d4;Z<&-3&y(U;LUFKG zz|DkR#UkKS%I+1oD$Bk%U2R>|!2jXuETf`&qrQD6nW3ZxhLr9Gky3|lq@@|UB}EX_ znPKQoX@+h|krIbeIs_3V98ek+6$R_h%loY7)ARLwIBVVOUgzBV?6ZH@MNsDb^oriY zSU>+sn#Z0{`hn(I=fJ3j>nspSpH8jkiLhE=U3VKbWX$_-g+AQU55K@LfP9 z$RIt-xSYF&M?rFeN>av!owpIxc1Bf%s!nPcO}3R z5{RPyUhA__Wq#uQyL+VcL^UIFTz3HJ#&;i9C-Pc)K?k3%KdauhuE|_7P<&@o>e8X? z`ibn3E1OtRx5zS5PP2saJEI|y@JE}e-ZuH%Dd;a3HrF)n)w7$TX><)~L6c=cKKV`p znSelW9=jGqYA!UIBhY~{SoVuFcLS(4f{JY~F0_qG@z!pmIo0`8V9?N%Hl4wcHP2Q_ zE85G(WlSaWLi>V-+hUol&ccWq<-3XoJGT$%oNo0O(s#U-&uoJ!S%eR_!%|l~D_uE@ zsN)*Rr={pBr6{+vR6^JB((6d%O*(6k@DKhQXNzO76$UWM?zM1v(7EWXESN2$fBa(^ zl1S&bou#8Y7%wP(k56qcUapnufunao6kJ&!@`20F`^{|H-!$>0PZw3neuF7~53cn! zFXF{OvW5}sU|qKY{;m<1t$$Eu1|_*zKdJ!#Dr=WX1nhQ032KHJUnusr z4hmReU>jBR{E*`F{4fRxS7Om-^|8C>rp_2Vpdz6z-6puO##oXnBa;5>$NXz-@n-Y> zoiL;2xJ|&l^z<+-J*TJiqAR$N3AnmwvX=^l@?OfsZ(V3hZ7!bC6Ov}6cB(!t-Vl;7=( zE}2ypq`&$-ndHk-L4HMT*Afn+kt|_Yp^l|Bgyq{>TuhPM8T*9tNz2-TMjUJq<}V?4 zU+1y8M9+MUW5ly}^SfsDp7E#3^xG^Ymsv2O&0N${`>Y( z3z>k&b~J)fJ9fht4m>Khx8A=a`Or}lgw3@uG~8;~OLqDP`t224iyZZ^-4>psg| zq!0e7IFXj1LaQR^v-;y3yUJ>SCBwD;(nb0X^TF7eD_VYUOjK5KKhP_!6-<;Uu~^5Z z%J&-I-BDN#*%da}3jDBsM||CPIw~r(3o-Oyc56}kDNevju7bFw&q5>7SYG!pgnAv9 z=U0+1T%He>*9Q5q3!n_8} zweb0TJDVw=Om%Z7u{YiB89`sh73LH)=QFjG-{2fL4b~Y91eHFWAa1HrRfKg1(cL$3 z%&W|+y8UQ|PJwn{Qd^5#@JFZ?)8J|2Qjp9GgtL*Mpwhe9tCL_VRJpaM9K>*UqnB@s3-cEr z|3E^RE5^sx55~BM*{dEze=rsMDWV*QPJh^KJ15aW! zFBLCnJW51&MMRXo^5d7I!i1S~MPCJk=5V`ESjn96zCXQA=7Ns#F+WF?<)ZGSCCy;( zgrIM;PSlyVuu^`)wfARm5<`AUkg}T@eAEzp^`#z72Vli2ZpJ$o)nGO67HeUEh3UoT zn%&RL%ED?e*+yvI%EM)M_EozoikZCxNQ}@14PXUV`=$iK^E0yk+74p|7mMo!Dog0p zElf&+(KmlbTu-h04LyPPF!6&H{aVZf7k1X9pg=ZGciy(_;MjzZXynfM1DX`@k)pco zsvR9UL=!Np$@U(gNDIG|osttOX{+ZwnCvyxZy0v3cGrDrT9agzYbjWGX1_q|BfWRXRrhN z$oz}Glk*bY*Xhx<(FcnX&K2-0iLPvZnF2Sz=yGe84__~EZwHn4vD8Rrnj1wmjwebS zr1Qa-P@IQhMlHeKKK#fYeK4yH-6Mt}!~WH@AI&go99KyiBUW@oL3@OA!y|>~IsFm4 zC@(-gkE2uO)#!L5?4_XgHMw7~yr_b;M9|u%^HUM0_cN)NZhfQ1e~Ntrklj7uyX1nm z%HjjtpQgAxwCL0+Lt?x(qCzZFNoYhTacfr^!5P)-!yiHlNn+ z)SC6V@(YDoiC)wA$1CG_LB}>akFT{ArrAC*o5Ar4Rv;>`anR+yRNJFF;YsNz`k#*z zZO^~$>(Bh4IBUc&O~Ji6_ttrI< z&qS7&d(s^Gx$JZACG>uwHnwzmeN})w{4qCY2(^VArpU#-v-P#ME1_O9xJ)(Ad#4cR zxVC=d6RG(JZ!18iAwpCGAoTjfNc9o_)Dm^YxmHlV%7rOmd_*l=ivx!TuVqP~yS}gBQ7ige0rcjh%xZ+mA(KSmOjG`JQrtjkh{m`uMc`y&sL_0D3iv4WnS}Yz z)bmJFLmi?91*Y?2eLbd@s`;^{TenGCGWA2$R@FLgg2-GDlC1I9X&I$E^K|dB9HFdB z$ac!54UmQq_sl=>k3wc9A-DE3yqJyUfuLv^NYx=?mrjr+K@QuQ`96zC|m%P8R& z|L@)HR1-BpB1bOhvSh3dH3r4NiDoE9oou7m*jS!v6<3Vxaxa7^Lp`l+;@C$np1wKH zRaQE!D^{^YUoFMpSk>GSg@Tb)t7XoPIyn_#vu|MY)Ez}7_s?I!4}!UCLcmh8LRLxE z_4Q6x@j7l++t(tDZ-1^G{wg43v-Sff5<;Krr~y{W98sWPfM$$X344)>xA-hXeZVu# zZA2+olRg*k?6o^-PL}r=W=DYNQ?-0oM)LQ{B}&g{@|#5l&$4k!?%gI;ib_;6^K=6w zXXPD{N4Bi2D9?wcu}XSUN*CcS`)+btVv zx?w=*I!#nlci%qaeruRVDChsLC3kiEwR>;GFJwU>7 zB)A$^WzVNN;OVGYCuZP>zd|(11kmB53`jioAQ+cwx+S+j+5(wn`ou(UH0sM=B|jA2X!T}7Lt zAG52b&Ta5ElTAmKnVJo+xDUrWtdWZqJEme^d*A2R$`_CQ*3BYMDl=!uSzZ3L&IALc z1q9^(joFiJmCw$%L~>D ztJ*Z2$og9OX{{%4U0r4!C^hfOS^uwbeJk(*dVZYn?!9ghWdluZBlP_W|24Nf+iG5g zwVeiHCTb~wq9~apMrrC&iXpF|6VGd!h zZ^AeAJn{1MF}L@#&mF^G#cGwUsRzdjA%-NCJ}ugNTu6IpeLn6ujhqYFhJHkD^stgX z$#Z=F{H*Px%-hXJEZ^Jgi3N&5JhzU$EYE zfYxXVwsAC1;}`?Ta9$17TNc8nlfnwZf|(dd0#|EAq1gNHtqm8k%~(`D*HU*!h8F>4 zOF)0b`9{%ciX;>Y>VkI+-gNslIqPvz&qhBu=6aH#e4%2&5(*Hp-_pIzz!K)E#|mLx z`polYd*(l!zpGYC8kJAVodxfcv0+&tT9%(77fKYPSzg`q9k zZCS3$dZ)cR@60JEcl__2vQI33+vgkaC63bZe+13F1~+{hSluEEZh6bbm|Aij*m+qb z$j&WyJB=1tjlAoYS|cbvHE$h@2=|tfuzV0u72G-w+@^baLTxJXgh|QH2Q)K030UFi z_5jnW@9rN;9fo8gO}ZmZbYE_X2)2RH)gZ0Zv?U;4IzGa}KUTUquNg4s2imaeCg09 z)IqPVrEoA%FQY5*P|qbuMi>f7R(sm8X>yRZ)#z56Tzg31G9Sxddkxwp{! zCi`(a0D zY*QVG8^&utiZhrww)s!HyyIfQrC71lw*60mi7u`24x-fF`V)e?;+HqyHjP< zn(J}&!8pb}SQjVe=9ftitmcz2C{jO4S-Y)+rA>P#)*=OjOjPUr{`BF~6tpeDk8?4v zwLf8k{jq6-TvBmiNl0^1OE*l&d&Z>jG-MSXrF2YCb`)FpiJV^#6y3Yn+vebev&!Qi zB|)v~r6&`rC9D)Ov++Rrh%uC?k*@Ve^|Gqeyj>wildfLlTyp_KdK=CPy?UYjX_mHn zKA>YkwsIH__k}2QIQu`#?|5hxuknBhnr=-A?CXPx)Rn zf4*l(Di0hOIA5Oudys{@Z!~g zvo%|S5Hvi|!ukwr-vbt{nZ!bqIOkuLMYS8?mX#fz@WKeJx*+_;>4M-TR zsNyk$n|2bzC9AGTMt7YXoGK9~XN(@>82~WPByyWg!a)SxB95ZxRtnvmEVKi~zsOPW zmY*=>1$@jZw36sef_1Zm0zbSk2~$l&3F=zbNl!*xaZqfwtGafF8hLJ^*y8r&)4Liv zDSPMIm7bWoZd%%OUp>=p@k4qT3hT;(-`DF!+KXkI1?4AnyGSwI=WZGzmzi!DDHBZx*WG(_C%{ND4 zg~zLXd@bD?;JF>*!L#?`)wWYGr(`%{-EqF6RVB^<6O(sPY1=ew`VWzlt->$ zN9y14+pN8jld^v#XAm#cENg6w&V)%SGFNuaX+i=O6O5zhaZ48dX~Wbi_e|JAI?N~N z6n+P5&?%VmR>T)4sxgjj8JjhV)fYvFG&WWDi}!O3^)c$T)i3Uxw|tE`VH}v=@(Yl1 zj=+yL_zWi9WEbAFgd2{$(|nOT$f__VH|66x)bYz!9}JfmZ5~m8v8h{LX#Bb|XOwP@ zm}%K)yT)E(^5NY?UMB-1Pg(v6ex^m|9!!eumZU65as)Lm=;{u+3358O$>Lubiaid>}%Z8oaIZtgiB&VzD+VPdtIEvT$r+~r}e1$@lZ;VHyrn_Oq#&NY8vQn+H+09q}uG$tV|(Q-?@dVD5Jl0UlS zQyR<1ey9|Srq>hd0WjK-Ns56c03GsQnirch^tSw9kLjnTma}@n0;!S8zptpVhxM8W zi5{y_C|vr5t-G7b=N0!<-9ZPBydN9=9{KL8FH*02@|4s=iMZITosv%2ns&pX;T{*$ zCI8l-wkdC0?ufJrCXah#0DSbO@3UACD;7(D z()mYnDs1>>)-i5Nr3iBRyuBKFoa)>|g2#~Zf57juTpl1WcH44&K!2rX;rCUUb{*{- zmG8Zix6R^#eILAWI!H1jLn~8KlsZCDO-Ta&e@5PAVsD{Am0R)#qToXHt2n@8h}wV* zW>-3frJ@80w4w7*x?l~3J~$AxLdoiGPu4Bry%>4a`lFx7&+H`-@J=-dgDkbq*V2_nU9YrU@lE>T%MU=bF|#MZfXfO-5I%~8 zO;b`_!^hcdRjA@Kzw)8F5F0)dR~^a%E&&v>>|n@sT}1(|9y=JPBPFR^zcO8f+EiG- zjYhp=82!X7NmMsW*(O&rW2(WtXEZNG-t3EZT6nb?kzvBM8YWe5wDsS{hcY0-0%LPr z`AVG`cS)3&sbD^Xh4olRwy^_nL5#pJV307fe13;IAoVrEC?Q*$-u(Nv(zr&te`Xci zh%taZ%QW_+<^>6k>nJ&clI*n?Su5LMA5y>4K9UxZwBMZi6_Ew!ngTlBp&!B0}qycEWrk*Gdmqjy`ruSosV=`l5@kp)hdMOxC zFB1C~Xngx59N!~g^o^wcGdjb+tlCbRkfI`((yT%9`CL@rW25#4XjJ+NM z`!(igli-bO`R@_Z<$epkVLHoEbCXjf3KkobLLYt1O7E?YyD1s-hWh-YsE4e@R=^O& zVoi87`Y)?MV{M8VRs+GpkbalF*ODXpGelW-Ot(7>1^a$>?WWpB zkB)BQbg|54I~ROGdrxs@oS@oDin8+pjpgYUNB_ER&k2^dAjIS2V4c#%GE&Dm-MPyF?>Eid#cAg74hh8$WHsES{HtV2)1 zfF&sOI%|Q|sd>WI16Un8$JkfHOJW6dKeNNBa!|fv>w!U+F45_m0n8R43Tz;o47+|; zU-KGu#MKW=Z^*h*K0wL6RnF@6>m#+_z+0A(0hK4VIvmZs&}u20%^0N!AQ_kJM9k33 z-%F7u@}(M;iC?ck#3>Il%Ib#E8A;9)s1aLVGhPP58Rs>{tuCZ6#2-)ES}2otWw*_n z&!bsB4Sv$$tXL`Of49*-3#B#wIt{-H*?HBhBgLBq?*Asc|E{JTfVR*bd=nKLn2#%s z%UXK8E7o;HsY?F*~Ta~6}%fxTBW zgD}K8Pf9tr3U=>w=KvX9Qo>c1oO&yh-u6)#!F5@SH@!`9`+L1k3=3F;;0b|aEfRveK zA_GXk^36QM3q%JN!jA>5$Ya(md94iRJ!WvX_{iwT}k8YF}O%=iprIYD; ziQb^qt0bMZ!I+}<5<~&2+AOKaO-@4{E_o0Bt8@HUGY*ev%TB~l&4v@|rg>ffl9hsb zjuT|#rL|drZ_0Ha1@W*A@!XoE@~?oOwO=l0R3>5$(uvWTM3i4OEtxd^SMY@w?Tdk_ zeo@kX^C#&DzQ4+5hm{uMPw11SA+S4S7CRZisRh&mId7hqdv`waAZUB%D+)8s8kxyx z+`^d7%N);yo(tG*gl5zWgmh@p1(SbwH_dSz&Uw({&k2=?7!30t{=fC|%vDVCelUzQ zB-!H&a@0JJ6$|-D`N-i$Z`>j15+Wq#^V#tgt9Qlwdvh5jBQU?u!fE`@>jl^NF#&LB@>QZ-fa35-omW@K}tjVt1K`M zM8wfDRArN6Ee&-J$(w(~KgcC3;4a8uH#$}UYRTtVxTBbY0h6Q<>B-VZdI_Rh1%Utc(P}7StDL69rR5MhFt2AgWNm;B)>awu7%(d@oVQw2jHsqZ;Vk)p8XRI=0jM^< zpAjXr6#{lsN2}3a%-?m=H|uTgBq#(k%i`U1rSOm(G87)xY3BO9mPx*G_NGdTzL3Ig zT7ZsWSVaKfu3?t6%wAlsHnfXX17TTpHCQ4*T;mi38Ka}2s13UW2fMS~7WS^xpj*o^ z=`~_X<{eD@lt2&-*f^v;AR)Z&Kzg9eSUzQ~3Uo3bi*S{4+@`$MW@DE{Ua|;ydI4cO zA?Orh*pNHPKxwuTws4}L&b2o=b16v0C+cdb_pq9B{cXN^-t7r=zv6`r*Nk z0wO3E3t)Qy7>A@gs97U$llt$3I7Z1-&17LDm90$u*FwxQ1vIMu)Zn~T`i?M9ePR_r5H-H!Ep`;vbpjYJ~euSX+Y@s zapnsP5(^}|bCVA~Im;frHWn^Jj4W8oBw4>11?FbbmG5AtP+q!WD2-->%m`99)@>!( zZ8O&*Tvh|LY*n%$i}C>>r_A)UK(;?V40c#}Yq_gFC;il~0z{d)A1*(U|4#E?1V8xJ z#YdQ16*<_O*{?URCwtEN`!Fr-V?@kLs$_~4`$W6aqwDwe#qNwzbp_V(kl|QduIVY~ zk?~=pDds}pV+AxO-to3;fNBm$Wbv|I221ALarLC}<<1Wl_{mxc+)H_C8S+XQuE4fL zg0F}$6Y6g;Jo3-+65yS?CqRShOYHY}9qns_{+xGk^>#~ zLy$VgGF(TVSb@GE0H~AnU$ZHC0h-(K^iKOU=|7mYDe^|{abK@KtODXa3oO6V;qU^? zL=qx$I6ehnuKeh0z2FCFg?R<(O5x_9QH43k_6b1y(Z3F-&xrQP zdtX;M!>+iu%uDY0`SDF@tcqPqe%WEIq>(*Jc@yGcUvtZzX~~P@y}yZPpXU%j)dnzg z2&g;_toytOP5z9tk*SyJ1K|1fG`tEaRCFAL5MFk*jJmQ|d_{Xy3I;(qJfq$FeT=?of`_@GnR-8UocjW8J#-x;@bEa`Mi!(? zZYX}|ZdjaZ!~tOOv}W(7fw?DNXPh^fq;q_UjZYJJQ;f_sK;x?W4>;YG-GK3hQXO8J zdR)t5R4S_*Ynol_#EPap9#-3TSuP+48C~Nd1qk8?`g`fIm|Og=5LMf{`>O-}Y4Y4r z5Dy$RC0b)NdGM2pz4@wUHGm@f#!E@MTZi>$v_1{tY(9TVWH!ud=ZKl`!ji7zAKll0 zzRMbBu3SVfcb)2vNQ{EbKveaA%Fm0Np7n$6>@82Uekx&MV@YGr>%q`Q`5PLOQBe?k zf2{x7&(vKz6Hefywso}{J&t+a`z|tJEg*UiGKeLo^pM?K1uXfH`CPe0YYIF-N~9hA zpzWj%ubmODK4|TMW$jeWkEypG8L^=IGZ#Je(*EldWETeH%xExSFWPu9{P6`{P$95Q zhMP@v6c0e##vj$hOm34={~T{09j9V+=by#c5lHBCU>xI%uX|H^E-Z8N0UD|BFT&v+~|?ec`pgjM1zsMk--NX9P z=VZ8gp8(?kLX?bq_iz3E-}P%e_2)Ov-10kL@!;gQu^&&JG>f^}2xSLGJ&JAsc$DdI z;(#Bs1DFBe#{gLR@^^)YN0$#$u@!|>SumMczVZ!A2oS!uT<4eMrN7kx2|a1;1OWzvI)o`?WtKXd%3i{X{DciM;%l6=(+9t z@6Xm21lO9rlLi8*Lo44F?^cn26534d^aHgfmd%um_6zb8szkNgDrwrpj zP#W~bj0K-t90MbdPt5!#Dih5Z+;tZ6Q9tLBWp^`DRdJ6o<2vHszGcI~>t+X;IO<~G zIGIbKHfC*NdE%yaa&{Kg?`Yet15u;X}csLXz3gas(>IN{K^8?D9aN0x|!uOY(m=nMIUK<2lS8b0_i=+ND-< z0rR(QAm#y2PlNL~GTl`h@#67|F~8|6Y#10y-Apfh!tB=iod-Y0hC+JAhn$dL{8NDc z3%kY!n71ThL;HwZ@gvCC4xL{^rkc8chGmtvtw2c2xSd|m&XahlsEmCoC*X{d$787<4dQew zlfEUEfeyLD$x&gsvek@<>b@3icZu^Fb!8F3ItIpN+EfoEKsdj~#>bO>O%2&{6jK<- zxMxeZ>X}f00s{vba?97Pwr~(smnc-wMv9}l)V$4Aa!Hh8~iZl3v>#CLk1C>5 ze3_APzkNZQ8R<)WR=Sn)g$1!@cCujTl70gALGmUUn;FrmT3AJ^6mz}I_4JbM`n#We zE;K@Pf<10Sn#G}fo9?H+3-}OM$u&FOG9mYv9Q<_BMH@?uazQT)k)k@JI;zTA;z8l-8^PFVQoYWkpw2lo}vmwkK^wfFhb71h{F9&}o_Jv}{5#HV|Gu9=@t}TpxjeiBvO;25m9RJXEcUK4G=m|mqW~WnYcKPAeXZbF z-L0ecLZgAWs_(?#0|VLeO9eZpUSG)QAl-_%B4sl5%tZN@@(+uDxTTtuan*EqO=IONHbguS~a6ulpIHxl079R&(6i+~) zUDM>7^fsbWaqABs`fl92xx4eux`@-F>#f;TrvZRTWqJ zd;3f7#px<5SpgqHN#nEJD4T{-L+!3M!{HQJf7=hPgBRkw1Hg_>Rp{aeW=H(r#v&w0AZU!3MEc^(F>S0gXztl2R)!IxEw~U5Q_-r1#gIrPn`+tM%ZM`hS%<= z$_0B5Zeixa1Oc=KCceyVA5&j(#fSD^4ZGr_+m3jcFhAqad0rZ5y8E$p@eg0ZQL6i>c6LTCZFtB`smq5)wxRPY)sN@ptXJduO;6dVi7K{z_q1TV#FmM>cB|?lM~~@kI54d-1%^3ABEbhgj_yV~n9v*W#Z!C!aj&Gk^FAzNdYX9M0L$alev%i-c<1BrH2TO zMZ0gm#qe%So<1D!t62Xm$enHVn#YMxW)tZ|ja`#>i2v?>aQ({VtXr0wwZTe?@R5a3 zFU0U*M2mI}^yd}U`OcMHa8T+62!C)LkZWr9$c$}aA9LPd1a1-U=}1u zU}EeyCU`7APyef!aV=2=S=_6;k-zd8W)h%yOLV6v@#YzkQI;x<6~aTpiza~V&h*4X z0OzwfDyI0K%My`iFmaLS`wekKuN z&JZtmPQ`;sB<_I{vz6s=P!kgVBEif-Nqk5Yht2cm=qKf^gamyH8xx5-vqAgdpa3GJ zGm*zlkbwq(N>S3JGU;#b!LA)A`JKXeD6r)>_f5@$$Hui9UWFM~q&^->HTju(dY1a) zA$vs%Y522hFMsUfoujj^95PC-hohau$3(IvRHcW z8F8~9lX@au++0sDDc9hG%S}*@oWX@GA}{A|P8~G#UR9FIF;wdRBLdSfV)%WA^K=(6 z{2?jxQ%^RIC~hQ{WWvspj?TLhl@nuY_$%H=q76)qgV@_4^Nzu;V))DK`B?V!!(%G1 zsC*x!$HaL4q;QVw-Hg9^Sz!%1;<6wq282gjUUcuHjRN}1ztS|=^VzWl2}uQC$Me%B z!h#AjLfFGq#26GPpgeYjS{tOOp|I>NxEPraod~bCGp=XK@SnI_@0-ymme$;mMe>5k znj^dHio2tVd&CN2_hE7S#m{{eW$Xx}b|o*8+{O#DY?B}k`z2k-Qal5qXQHs*t~4#O zbmaoU8uei9ZRv(@4y7xgY7`$g!HrM-Tj~$UmDl0)kiTh<=lFmz=M9XFM%3Zw6 z(MjdMg!y;J%R3E4=Q_e^WWLsxzxzo1+U6Jh3VlS%EyqdUZ_!U)z!ud za35sPfOP$LT3K76R4~br0%)pMi*l3<`^xIumopkh7})~~$52Ikh#IEG+OOso2SUw| zwBH7HDk_dPEO584?aM2WD5~}As|`4)g_wiHaS$cHx-3;hPEnoxJFvujVefv;9((0O z639cf{xrPS=bcdEfl$D`lG}!m8)h|fd<{8<4VUjV+&?%+78jN6<46V#P5qNi16S0v z`7&Bv8+!?j3p=$a4CF!#BTa6eIRINzH|74Wk)Tw8`XG+%>Ft@MiUapSziQnp&2F~M zOsW;Zjm@(M&36wfz>`%Q^@U3JnlQXYYaF-5e>bTyKHgG&e9Hdl&4tE>Ouw7_c;BxE zEZ+3l9ywVA-rGm+%eJ1_x6%??e>Fb%^RD)SeXoOqMD;a8jM`vRkEP6-9@;}_qMO($ zP=@}{4a4>c&-TBK7rP3HZ@URTY@g$3;8i0z*tg)#AXhTW$}st2O&vGAfvR^M+@~ED zh2@ZA;6hr%sfM_k@;HK{<*2V_AKRoB+|ZMJ-l3CnPqMfR^{3;-ZkL&VC#1O3hNj8B zv5>Bq9y!&3HOO}ax;O83xi@tgMYk^`=7Ei%{t`W63{AFwy6u|^W9{`bH{==#OAn+7$1a9E6QBPrUZ+CQm@!K}p3Mxiy+_UI> z1g`6s_yA8GSV9&tPBR!mZtj>GDETuGE!OAp7Rn2NZ_NYCMn!K^>Q@g#6xzT-(F2;!Q|Gwv>SXhul+NvxvO~W%s49qbE426ZkcfEq+FSC=x2(3mAUVmy z?fnD)sgZ0s5stlJp5vgNJnt*&)z6JeRJfuRR_Y}f5O*fKZ*h=zr}Cs^p+#3mu8fVw zCZ~EM$Gp2oF3dlc9HaNBOFxNcI%5o721Z?tTVa?NW`9{bD*$`h8l(A&x&6oQMGM{| zUMkn#3NwDmK;z*NW)3^4JA$Y#BubdPe1K+g&f(3AiK*#nPYetoZ(^~pP5P)U@o4@F3w^_mQjITfVt=4 zn_bhoa|(9dyjO=qd>QCI&2xUDf->lqyeOE9pO333dhuw1EA3Uq<^oo4fwkD}if^(U zU1x2$gIM5VWmcstbS9W_(bFbEsq@xVsU@Vh;?dVv>5_~0S4~URmrQ1|FESN+f$e`S z!0gX%)o(4?{VUdW5^p|tecfF7+O@?2id|xritsWrZ2zl|IYs;*eM~f0FGIXU`rg1qXWd*mCYDDK2d2x0fy?)-?m=I&%6q_v3k~!93S-T+ z4!T7DM;~*aUm53xPY_WO=GO?rNiuO#r)L&U)=HQ31=KDNBwz6|=DN_w@T9sYQf0U@ zOE?ciHZQ>Z-MdQHBIt``cs}Oyb#9BT4-{AA<2#>rjg#XU6`W`KevCupq^k_4WNY1iQ|?O)u`hyY^%^=G=U9 z72^PLc~!SNh-R&T zNI}tgEU`E4<+`U!+tQK?29N_K;PGfTpHn(H`~%Cf#H|Padh56IA?C|Av|;n2!s+f2 zZ+NgeG3J_?$k5X`JD!s^kL+;pCam<@2~Nv87-6M#pJzjFi^187eVvgR4F^+0&t7g< zy}6Gpx#vPu@j_aeX?zIu@uYjqdJ}W~3tp2}gHJx3qwQfP%%t^K!4wwR4^8T<8AX-~0PH zpgnvrns{fJ{^}`!F8$4uft56E4Q;7`cOBk91qO+Az;UBhP|ym<%yX8REYrlKw}sMG z8lOyBp!hiFJ!QvYifW+cGRc!b;l2*vO(zE^t>}*Xga15x*)^xNwv{_tp(aMnlwPC` z*nh$DDdaSk+bA%Axfc5zq6!B#Gb*j4v9no1XBAm?2fY>6{$F@gce3*Lb|FV|mjAHZ4n*txO>-#f*@Kbu(t953|&?~&4JyLOM z)rdP|WM%G~MmK_tse43K^$MUwC@{0GNMp5qkJp%ZZ1|1Qx=vox*#v0&ldBDH46c>G zuSZTnWz>Iu!Ix^2$5(sgsmv6xUg8VUlGjqE61Uyy{B{hq*i%X|_@xX9v|#L5{HpM^ z>wqu+^y}zX@2|I%%T?x{%U;y7!N=u_DVM!9%{{^W9z&bkr)~7zDv+M>nJ9$FvSkD* z>H5Roe}q?_?lh$5^5K6Z!i4w%0rHrF%RFqB$7EWHH;8>4{>Buzv5X2v>k8#!GEMj z0EElPkht?1!sF&42`~rmZs$BoF~f*7-*e!dKx&MptMzrAMB6DPe+cDi(N9l%Wq#+z z*Ji${1RXO#Aq!+ez)1L9(|II6O$nH~eT~S$5iRyXIO(tnN5{Mr4plC;opP~3By(yQ zeASIb6P1(E!a5Z=$xsvRH&HMg|DEOLScX9 zg3#{4m-%H3c8KX~sHq^Sw_F^6L}PJ?IKw+?L*Is;plM8KPcMb2u81sz_O6X5iWrO| zLJRq1J%)AF7vpPS8h;2W*c(<^sUFFThDO6QH<1Y|dj}E{blP4fmJm;d&v-eG{X(M1 zLK9Ok{St|AVDNlKt81CMU(obZ)-!lp?Kb5HOPT-REg|M4uaFP&1|yh=@W4(OMOrqd z6}LGU&EO^tTia}nzdi^=;DqR|o=dKrt35Sgr8oUD=iVn;*;?nsoJ<9B*(`Z0dsh7e zr9Lx9YfvH~e?MZc_*C&G68boBp7Tj8>{I{%TImlr=I{i{a#IyBb^{PvqsxQ?`t=oN zu6D0@$8|*_DxML#;X68L6{@#Z1!0bUfooPJ-`boa9$LLC4TM$Mh=mx88v18!WK@_S3Dr;BvzpVpoe^rI zDg-e zz^3|ox1V`icdIu;l5N8G&5)6hZ`yC%gcRu6aax0NHzRY`g0lTiK=|R=XwVItZNKpX zkIc;oOO}xYWBz6rhd_6$qF0=OnGn^-Gw7o%H<-gZhVJm@ZqhT!$DQ=Pck4C^E`seN zT8P<`3u!O=M&ZC(OthbBa$9Kd75nxX?PtD$=0?jT-(W&%`!KS-))A#;@yI-eP8|MO?$MAgBvfK(2 ztX7$QGvC-t)n*!N?i$?e#{9^=t$78C*6xp40C@{VJ4VOLlRXAbcn!;1*IgX?~6K&&Wv2tv{Lbq|UsT7OJCWfYC zU2E<`D+@1mO}z2H@7cp$ZnMxERd+x*BF1u!{w8Q9{acP9Vk!EEKwZ>^{K?tplQ%>$>}4Q5w~8|WT$^xKcX zZ)(&r>xWD~-*y&(DCgzCw^dH2(23LCoq zlYsOncsBt3lnej(SpXBaFId=ON5w)zTs=@8Ht%Pbfafu9;B7J-cHt{3?kB2~rIyBN zPXhoxrZRO^@&CQ}`t1@43*Z^?2xQI^O@8B(cOFVL0^A*j=-i;{aS)B0;3+J6qcZeh z7|n2lerF%TMCl$e;~cl>b$b~0^HA&1-~|~Q$#ehk+DM?6rKzkcYV2ot9#sUK6smL+ z@$4wrU<8;4h$I;SMo7j)_bjSek@HqlCPf%(Fh?qJDRu*m$GWEr(cbWA|0LXtVLU4&z-h9^=i?hAPV$C2v5W?>A;9TI5UasHu%CZ;_0)P>g}`|lJrLek+$ck zf_t0+M^G>WcTszj6ch8&C|&$E{ZciOUKNcU4u0wo`hZqjCDu-JC4|gVFN6F=zzc(O zai_18{t`m3UU-5PRGslI7TTzDTaG1VzqzO>l^YT359d%q`7GbOKSlpxRv z9UGHpi_7*Vpu90kM|mf|Q_GHRk63(}vp9@a`UzdE0>7pZV)w;cI7FdFAXPlcHA4B{M+xqg5}(n$Cbc&e z)cMX*Z>xje{^NOz9ZerU4t_ieoL&xuf@2e^SGvG zdq>Xz@}h$F2yEWo#x)xGuwaXoRo{eTvMy+gn`j9{e!)b>Kn2WYsU+E&o{{y;Zzc1} zns3Xbc*~G^W%W|Y<3XVT0mW+XfqLiVRqw-8#WP}lSTZte5i%=Ln;5Rqqy}P1G8}Rb zm%Z;eNias0W}g6K$0)2*%wK{s-%(I17IGiZ!+KT)!U@&o%W43T1)f#+t4k~iCPKYT zKDbQM1S1-UiMq>s8);PVZmFE%yj+i@;&Thogd>b9B?HywFlP%fp(|My^S1a^K?p2L zVmBRCsl3gyZ`;?Q0z7L}%a4LpRnrpi7gybvR{8~3`TeT(qaz3%Bj|<`4g%^z=rEUR z7(WxD$PW+=ET(Q0qV@~*E5{SYgXf_ZPefabB!TQ-IhRs9My~)T?No&P49@JMNJmQ; ze<54_z_rfNSxc#hw@zHnHZMJco8joTF@lboT6H0kK^-CxVIB6o>Rx6YiNj)1WzDo0 zzp+|Bc)jmEr6OP6q820FL1519wb2ID1mNib3N=+CxJ}jb^D_8M)djCOV=NObRqv~$ z62IU5Xn{V*s+=;>njSmGJZK)**A z>gK-JH>}}rw}f02@+>)Bu7*$Aw@0r9#r}S^QwmNRht%k_EXUU_)8F4UxSvT!_TBFm z!rvXmoh?}*Jv$n$#Q7anwJlw%t;srXqsJimIv?{<#pUe5+=R~vO{$|~tMveQAfk$B z9w5?RMFi623VDWC-n6XTl|$p8;j>f077>sHn&*=H|8O-a-@Rak{z2bZ`&-eIwFv*f5`5Yq~c} z%S*xq>8XJB+3{DvO2A{M?2Bp$KL9Lb*~foR@}LN~`LRl#AXyw(;;x`yWPKzn1Z1Bw za-R?nT@7h9!{Q^(vyUnA|fQ@Pl3x3WL)2rqnaR98W6c{urLFjhI}=l$wQ*x zP-tjqRaJrJpEmuWK>@(5Efy@}Iqsb}PK9_r*Ws{nT==j&NLFKlk)n3 z^W3GZKPXwJahjaIUvL}dcfVI454i{#`}Zfy@^7f)Ul6;gHWOv7KykgNId}xIs{c1%R>e4j9a43@f2{KaVWebw|TJw!Zgh(Yi6i3 z7M3t`j|gpDnyNBkXuWj|DkIZ?$ew~y z3i_o_VO%r)W}Ofj%SNiswdWrS47Fy?qO05fERMJ}dLot{F%Js1s<18rd;Lv#mohD+ zhL;oHt%d^bcN7xov-#zr3OacA4Y*3~cxnJ_4vHY9a5LKtdSBCb&$EOTKv#;l3>&s? zySM%z2KM(LyS84ZPL0<{6ronTO<_8K z`20NYJUk+Kpn}d9PD?zY6nIO@UP>tZOFh(@dH)`;Nl3)A!NKNdwoDtgOncxxUr+ud z?q4w;$YKdQXXc;&opdDbhw)X3IrpS8jAjXZx|y7>+6K`U9b#UO$&d^>Xbryqvl!vt z$ddx1+dPY7($=f4pmWno-L!Bsb2X8|6UOyA)(C|agP2gY_n&1%IDmuBmkJ9AYv&iS zdcrEtm1e>HusWEbCBZBfUV($BFkhH9oRHlSRp<~}Ol`#jRv$h%xa=kbY|fuN8BO}r zu~pk5$p|MRJe!j{OSof(7f*uylMYuc9tI_S-qfzv0WQgWgzPu$cyEBthNCf`a5ISG zWVz#qEtyvq-wLZeavP5GHwk3^fgWf;2j!v0I{2Rj&MO2#nwIA!+h3f8P8M7V;sE%V z6hws%obDB&*DJWi6if<0P=Q0N7hib4g8%J?m7(@o->$H~gGRslE_*%+Lic!ng>_i2 zRBd+%{|9$wzW*EWi!%l*+iTWn_jBzC+`5DGua@pPt z;%mK+&4YT^haJZj02mdB(Doea@pVpFe$UziB!nZVO(G}}B7{%>NN^)qO##oI6M=ev zPUC)72q9+gX8z6!Ay)2)R<;n+@)tP|PZQ2B?&_gGyXSMvzi*$8WQMGyee0W%J2>3h zO0INTcMr!p&<%R zX*&`aNOl}e$tP5oL*jjqKtir&R16<9d?{#=MUjh54l}ae7tBw_XPrJJF{nrl?p`)b+w04S z?EbpEV^!@?7SOXf82Cnxh~*BtQY|5ThA`*%_%*|#EKVZqUf0;qHX^a2RjL%!G#DfH z$Z4}~Wv6nA#>aX<5^$vgE`62?(lXh46AHM!{&s(l?*0P+J;S3wAA+r+3?ug^ZUshA zy^!XqCWZR8MYu9`M+63hFZO`||DF37sc?aJU#>mY>qlQa{m1ql6=8Sv>U|+v7qn8w znBa+Pfn#t2C%)Lgh@GmK|0svpGfkhPh*h(bgjAJ4$w=`vIhP31ak^PO#9W||%@}uv zkYg#g4*09)cGe3YsbiuVblDeKb+yiPoey6VNzKAyyYkP49&o|@O_HDd+;-WHDhn&U z`zEK73P0CXedrgSNNb-0il!}M?#I{8jDbWoO(|#yXc}3fsq}Spm0<81ZktCw_mB#M zt8=}W5XB_V#h@o$h;Cz7Sf;LsDRVEG@_?Z+hXixyo>i8P5RXsR3r(K^HGZFQH_}Hg zV68+IL6-q_f${yc=xxKYNh1F>yCq_oP36aui9;;`1Sbct72#i7f`QMU46`M3UP1rH zqUae=)0pB6=XPBcw#>lKNII7DSZXY*A^}G!jAH^nk|bB~rC!P4r&fMpGzcC+!d75n z)z-?GcR`mxZ+;6OE}*&R=-yc(Y6n%^@a8$`Rc*}{jRc>M4vOk8dhb!xJQu!GM5q`_ zX|4>@NG+Lp`Y|kxjbmHtsyPe&`VmZv_W7dkHv*UN(9k>#^XqpnVqew&`73BC2c9Ot z3;$1nVz$&h@Wv|UEdS;LaEG#u1lb4f#L&Ju56m)i&&A7R9}+<~uom@Q+lqL-$0rfzmR)4AG;3qT`C8ig-a0Iy)bmy-ag^VSx-C>7rm~4_dU6 z3!RIVat3!0?EShY?I=rhV~}NyYx5veXR;vuG27$wGT$}g4=mP4B^+Nf!nUaYC=+a- z!%jJ0wu6dc4%i>eHFEJbX1i%1DcJX6B0+9>U=j*UDa!&cc%dks7kvkR=m^BOR0DBo zM-fm^fyoVHNQf<>l1xU4?}zQ?QpA@;8!OHMYa`=}j{0yLc@6FJ&*2m=2 zcOL)1YBc;LMTC&Avf+FTB^1jTsPv33X@Vs&L>EA5IYVOWxypzA)OF-FfzOY^HSbb-uF~PH-}#?^;)lc-;+v zn~c7_>+yLe3nu|_TXMmPJpqsp&*Xj*lrs|$AQ@&X?-vtjW=9e{rc;HWj|Gu}M89N@ zN))KOP(=?E{GfbYMD(rn`%gw#IInO)Gn+$t&SUm9p)T>VCq6Ot715bzdb;Ki$^( zu216q6LamWizYs)@2cblN*kMKK8oZeViuH~w6~0=I%9cWG1Iymyi+gY8(`^p%tR5o z{rEXj+OsZ|Ov#TglZRE(ntBKo!L}v6bZ*Z^-*q=LD1pj_^2KPvvSy$XSQho*95y=k zINiCn)U7{XCK^S96QVN<5-ptR~^4R9g9kZ6C^*7#%i2$ERdjycGuC!QeM2QWnB>U_Er37_&P1$&%($s0Ap#0 zv;K2D0OZ{3se>m(T&Xu0+^Z+(%v9dR@tFA@o7 zV+HAxyiGsx2OUEm=z?g=g{CkHKp77#;LbpbksOU=t}R*Q)d`yez!-QJ$g3m)L^EHS zzXS0F&sTXEsx8^@=8b$p2j2~|HZg41F^JmSTKA{sc%qCa`c3l$5;|gX8did2KDM!K zVp>?CgmloB53##1NXPqx9H%m5~(()131yC+(g z%g8~*%q8kHU$BO^ZYmQzA77>LPE)Og38%}cRQ^G{{_pqrlV(rt_O*RvmtBO0=9=SnkY(ilJb_%dqv6JP ziDxQ2vabWre^rMI@S+N@U9|wT_p=hh_R8W z!8nWG>fvTnI5~-oB%S1$V-ErbK62^JmTb?#_MFViMY93$VMP7WJ&Q61gP+w8H1^0P0@j+d}c5|I|i6Xag{bn$6j3koL zv4>(EKnft_n-Qgs=*5fa+$-&+EANz_MQZxO0rDs=Zg425kEtBZwT&*>dB^%$VLA^w zrUT{=>}!++lhc56(S_d3_@*s=f5CKgR*@!rQj@BEc;wN9JNySb1u8;3E5T9d80ZO- zh1tGI%XIsr;I zAh4xmCs&89aXVN};)a6C=C}G$hA|^uf+knxG+vfl;Qs zA;OIM8KSYLdnzRCiIX~&q0JBDbcFv)2QhA=PG^8p%K#NfJVFP+cOTpv3FA)z*1nFt zyVrOcJ`G2V#=ara=mMkIP!LxXgy9DD*i+Uk*ThQ7nd^l?~++zU|=|q!QAc1Kk6o zFNvrg=+-4?NcEjY**hlu3y)yXY0gn-E`kpzlc>AV($VEUDkM!s!*s;l`0vPWr$73V zj{IUdgrG#Xqx8bGj~P&a8-O@>w9kFj{fKHpM2S7Kh@onN1$R?>3L!sD zc=t&B+tK*$nMXZG+(YLiAGb?by+_%{#Kce$eMX8TT}7-L@t(}lcM*$Xg^Q0FQ_cRe zxK4J#2Na$1<>$Ln$KtVLcC2FCy>#6ZF9_eSinS~*f< zB32LwfThgFjz91bn%2XhAKakuVE~4}sFk2-eLTGo489>plSxYEoduRuEQXLD8)0J? zp?6L=c!c+W7WNS(1$5)j<1e-LYjT8974b(pSq|CdLa(nzOjz(Miw(u_boe9qtyr4Z z$5Wd+y8Cl9-EHyga@*#|O52X>x6?rNM>G32AV0t1jlIcDvrmB)VOx-RaV&2^ic+ZZ zRDqD}&N4jt!gi&=f+gmDX{Bc6Go`HQLbiC4&(&jd<5Qoz~{IySi0XkMMN zXP$~Y=lMn2${9WSM2B&C8zJ{{gOV^+2SATSZ`Ps6B&`}IL2QmPu$=JM%IJs^ef)Od zVdy4zj0K%u^nFf}^5@R5g@H?%`d)vVIdVR9s)!pDZ38_;8q3q~1fIOz1%CoWiWw52G zQ3MMC^&}Rt)ov*Q(?_R+h?ln&7STRW^aUK{HZp*`+(57pifr429$OjYTy|I*Ct@wXxGUFNZt~954?B)U2@t2VrLS@#2tD7Sy znf!vKLUD>tVC3)B`21F7lVjDw)X#v-SCV*nlYipxy42jnvgBQ=g?4g8oD!!kBPPR% zV4R5)IG#Cfq&(GL^}Z$X=0kxQkdoYhiny+7(jK|tj`oZ8sNLaR)?z#v2WX*!-m<=90y zrBITMzT+AR}BU^xx8yy`dSt06j>qg0jFMq64@cTN>~m zQ(7Aisjl*n(s|fDXzW7HHCB5~O{Erg+weOUNB*fl z2ko2Xc`-6J4fX^YepGq&4N7J4Nxm6rXuBVUKA)iWN)_Kw{Rd`p{VUJ*m&N$_<3o`I zf{8@#+(_SI`PhLJ{m&GV&Q`L{$%@b6Z};$o!tTwp${6sz0RtVwR}6_! zOOnMJy3ilD*6HWoTN)jJ(lG2^c4*hj7;?GWkMA7vvhdp)KX~UbqBx#2ZO7~Fs7*Ax z5PyrvOC4|$Pw<9TkmibSb5G0i_i_m7W-nsWW|)1XM2Ow;Qik&RcH9v2`MJ42A zv_%KY^(O6h?y2N83-gwt%9`QMIHwqf3TBFke4i&M3~qctE)@siph=Rq`=S*X!Z{NG zeQLX8sI+FQM2iWReD7Q*2uusGN`H1M^KT z@YhD)&?Jo6^IO>w-O z=sJ4G`zY&<%@#6VQ{mdn31`YaP)l?(1kHRs@Yh8o&FXl6rb(KOGqiO6a?d7sjQO{$ zl5PH0t@Kp;1Ipm~)AzvZTYQFNyFcw0e^-)7J=AOF`e>JrLH}1{JoWg9qs^iU9lBjk zp)l7yXcXZy;(YmgaNBQf(RHm^k4)pq$q#+@xNAjP8)bPP*}S5zpv&z-)6fRv zclJwUSsF1UEFIo>2wqtlclz&cR9uGZZ91IlstHX_@+g!brqh?zWsQ#&|unZzcJ=_LVee^i+EdO+AEx*=Ak~9MKG{6jpd~uXS~i1b8s294mZz&q3>?l^B$r)EAl+ z`zN3jkob>c@;#ZW8J{U$9#!+|tZOU}tA^F7{hz0jPWiO?-NQqzwwCSUko$&H+S`ASD+ zUnE{INmaUH~vB60`1=`riz)f?L^PkMKD_m2kJrEac$J(a@nM zF_xboIX)KK7*ttBHS(U?t*h!KG=a1V?38X><<^ zjPb&&vfE4G&E6PaE|Z9^$T6fGNmC4zf<9nn)1E~(YcmB0u$*jE9%&(ky#OQ zug1(cUPA9Q_}BVA!C`3IT%IyjI|yo%04pZBvQc_K2G&-i>LQp8@kKr(^dbK`GNVn=COqBxKo!{&gn;Nd{<`l zLfLAU=qTn7JeJIBQL;Kwd%%|<%sqI_?mgR)tjqth+N?lM*3X1?11*2_-Te;$0WU$iFXRF*VDo+1yWfgu5i14vy-w}2;5;)Z>R?pFu@ ztqVl~@Fj_?EJ2h3t0Udq3K#_~A+57iOM!$`CL3&NYMrE-FHI^EXzu*9DhE$e6{dj6 zu+xTGBaak@c-o4`A_ezIzB&%as^a<-+H1{;&8f24U5oEvQomV9VjXA>FPgG@{_H+RI0mqjSJVStVQ+*HwqS|Ah9V=NPG%0py&){qdRG%3Fc?P7G9fvdako49Tqs~W` zFQul2NltI48Fm6ydP3_GCchC>uGY!0 zWlMj7BllmJr#kk7`j^srA7rXIe$Pxl--|8IUY2@Y`(%>dy1z3Rb(uCZ)mj zTG1ILp0U{0mK4Fc6wtUOzM=z8o18~Bb40(5fYUL|o<2o`EDgn4P>%s|Bdo3Tc~@tD z%sHZ$5v`R&{Him>4=67dCF*~aJEI@rE2sj9(?%LLyiZuWnUlmxt;^Yz{ltd4^}5pL z5rC*Nh6AHSsqJdgAVUY5Ya%uAQgoUgK#1#XHWq|vH7r{GT%U9r%YMyP9APrX^E{TD zpUI1|R==VYJHc%(+8fcDp=}p$S2t!cT%$WTC@8R7i1tGfcI^$q-`tL$`_h`s=>@i^ z_<*mzG^%*#0Et4eBfM`y+I~$^i8nR6-GQQhsYEbPvZ`^gDO3iQ+ta-d@!C`Ipz2HX z%-QW&hHa~0_>!znNy+(P%7UMS$j?cfxngX#m6pe_5}7Zbzi3#O@GY@Zbvvie4)#!D z;nl^9OdudMiRZlP+sL8RBdWgYv!CNo#jPZzqt z9V4{q-f-)rhfl%D7v;o{qRbGdGYYgTM&8=cA$UmPaBAYjyjp2$2236QsYy{zmcZiX zgQ#2H?*=4<#*&?@=DryWaXxS8@5XCH=Id}lRA`tSk`?M9PACwZ3bgh`!RJj|2I2TF z83xL&*J04tC?%ygzqNh^sThBcc_!PA2E%2Mhz+b)C$o2|L*TqwEwQ#or3t-1I+*3| zq_Mt=(9mr!m}aD1+rNbr5j$aPDZ~?*f9`}-?O{zz7)ci7uC#mhTAeSAcZiJ{ex*Ga z&{I{b{>&wSQo1?Lg2B<^*^7~qvAI+7BbE0>XV%oD#UmT%Spg-8P)8;5@$6fwNe65y zSS_%TURPFCro|z-BjjNFLTI?p2^Xc;QYr3XMlje-`_90jnfXP;GZ}rYo5&H}4|Jou zf;BQkDP|5bbh&DKSw!4-l1|yAiGj*x&i}~OYI@naW|{=Oy_Q}`_E}SdgY_E{rB_}Z z@m3e(jbv%-Zgi(uU@|U0@x>q3#sj8}w*X7^+t<`+^HUqH-?py@qG(>mJ6~8U0t^8J z@3VECU-W-oKSq1{q*&5|0u_k!lqMua%FS%~*J?u2zibtUi@Nhu0~kFLKJ2INDKWWl zM?~=anay`q0yEOH?V*m;h>s#S1u?xe325^tabLWi5!;5-6@(4hYM&xMwH8hpw1n|` z#?Pg$d~H;>>zF#h80S?O7ql|tkDwP~Q4or^=0~(2_6NVK<#a9NKlq-OeASy0_`G&- zmJ|Y@*#m6QD6J>n4QZz4+-wv+C_n>HXxfbMzZfm4y7`=h+1~>>pIMY>!lEQe$)(#B z|1BU4|31IVT;Gd?@aBYx+b->@MX+@f^vmn@(+r00MVoWrJ$fB({)D+mNl|o9o|qjE zg=HeWS~#HSw=7ITOcI~zP*fSQ!bQU2L&o{JWZ%pR7ir(ZPL+#E^SY!S+Q>g_yn;y- zr1wx-@t}ZY>Urv@As0-RGYf-60+JMl6UjjGuv>gEQ&L1leNNTzXaRc_B0g+SJK9>g z6te&(^L#qeH%7=CV*68cEw~dXA2~u88~Q{wY5SKId_~uEmnorR^MXfV%yPwa%+{m9AYri{M^djP^sdRDeO(S%Kh$DEEg+$J6Ky5Gf`SvsD6HDTe^y~^ISzcwq zy*?UtW!60O;ofe@69qn51qvKU9=c~zz--#WywF|z#vqHRCZBMqc+twd$W5NccjH{2 zefcl5rME^hj6nKRvZKxd?>QQfA}@D6y^}cfQ-`!~FkIRb%#ia6Gy@=Tt(?T!R_{zx z<=w4Ha4_xI6);}p$kb2%`Wxkmo7ds3&?C#$OZ_lUxnhxQBD(moJU7K}mD z+4dWPG<)^{57u{I02oblVxHy|A3@5G%I!>@!|Lja2@i5nx>WcR#eqqs_w$L%+`B50 zSo7eTDtinvWNKqwOY8O2;ig;v%EYv%d3>s-z3d)}k{$Qoug~xtAVKj~Qf4AL&YmVo zBS~x5F!RMvRg5QKWgopT;uP-63l@n`xW@_pFBzFZ^4H^EL|K?4SUnrEvkMiTI4cU4 zTL>!ki%#qserM39fT@O(jg*s|shWS<*GASb+w@wVcmm#Jsv<1R7tfRhFN$A54<5Kj zNqvH58oqixcYl~uLrQ1X6Ih!aRxKTaBrQO4-qSM~y_$6ZM0u}hPIyOwNf+*6I2>P* zSt+?g@u#d>#D~PVzVzlN}>F4zCs`j4Y&J*T;jgEOy zX!abS!c0^uMwf1dv9G$H=H9xeK$4dC*6joCTl4IbkS#TepUnyN5f-fNrz*d}1@OBc^kP_+bI zIuA2^&J(0i42wuOo1rEw*6HohOZwrM=j6auv%OAttoX%_N?(5S%h{_r=WaVFNlw2Q zpnkhZQR)f_fT3t|=%h4LC3AB|r5mIuYNRLnWn2{>$^ubLo*-Aj7Vq%q(l147Og>ZE z*Jg&xOfY&ka&Bvx&6#}p*E=t1S$4*2_sNi2z_-}B2_t>eViM#lXz@>GV zpd%)$kcpRB)c_0NbxgzQ>GLj3RaK^#iiE!*^&+adqgR~TSA5e)&yDIVe3WidexKj8 zmjr?P-!)kh{Frs1*r=unQ63(0i4=G%>x0B3Pel zMaLGC6diUo4$4sCd7VG)cMFo*l6Uy{1nURF%ML|rri1HGB50V-_E_Y%xUD! z?MTa;LKKF(w^AZ-QE4Q*nMhGW6r-t%@3d(SQGe`_RDZtaEX=P zSc{=#qxd2RjE{zt^j3+5f(`orVO3_H1a4W7x=K{u2K6xe-QTx4XRnP7W#hC>3Ne?iTX>Hlj>96dYPYJ zB`1F1+mx9*Def5`iNnDjm*NZ{-^4B19b=3!~~p zL(D3Cjl`}v>aI0vB@~2T-fDQnDxJzc0%aZ0|GVvLN`xXC3W%x%G6p@g8*ZsINOjC$ zmyQ5y*MZ7)aSnF@&v#Mc6DG;G{O{YKKSi$}lYCL0ahLfh4&xIjc_So~U8@(iAm~^o zq7ROKyS~)NB2usp$PyEv2#|XosoHXl779?55v^|UR^qDb8-v^YJ+fGnkEg&f@XOP@ z{s|=USG{z*Pp8oWh$PtW61NbsU3CCd6I#rwKlFt-?YLsCGQkZF{QF5bt!%GIO0@&H z9RNep2?;qXJBHmQFP$PwqSotU>-9U^SjcKvl3Zj?jwKw$fY<())=hFQ;euEk(SHKP zLqZIkKVNtI#qV1DXlU|%`IGEXo!`eKD#@I93V8x09P}nIP~w=xSQt>;Cs=o~isF<= z0iYHE!E2v?>Wk;hDN-56A5GbIWhl^UlH;9==75hxQcz@a+36GvFH3@YNO;dw{0u&J z{>n^$9;basLp zxKJcF^28H#1!&#KRJK!!r{l9!dg~H`zV~x2VfQ>e@g|JJ&~+51$2%7?n->GZUyCx0mJ)A zI}_9-us~D;j(30p_w${|+WQ|k#a+S67d*2460*9w*lUDyQ9 zSkGQYI*#^(zFL9!&vh9}nc5sW0SDOoC-l|IpZAB3KPuBotH_A@Do!N9A5N%=mgO5L zx`F&Sdgi-OE5NP5V?3|65utr8|8g5v{m1HV*^a@m{GiIF1)r}a!zmFEmy&T`$`oK$$X+JmAZ9&>Xm+$Fe= zG;*;8v#vU}CnPCOm8A?d-bX!+(ul{hwr4n_9o0L$#j9IR+$jwU;OeqvKWKcC&1-7D za~DO_%vF^qG=1Uy6?prt2RkHUr`_Z`yZ;fe@P(Y*gh-#TzD36>zWzR^>7wv)TOAaI z&_JE`KX}GIJ3#hAsc}%-pzJ>9op9WcUtGD;Kp`1djDkLP4#8)Qu|yL0`B;M(dojo#T1MyGuUlr}O?gQiM|4)ijb* z%KjwW&o>_ujobhbDl6->j|4B(gH}Fh%y#Qrq0{>ygCHm^FRHFz9g)R<_kvu4a&kV3 z03c6kHGo{q`5yOVF@cM$m<2z~GVz)*mN)OPl+D9@icC3TL`foD`GgfKhQu|jW|8chWCHLjQt}=sH6zvd&ehQMa&QeJDC9T)QrzmQR;w*nn z#T~L*GxJr0@lDWWCW&Cb5f&1~3az}_{y_ef=(Ov4GvC7rI0H#vObCPUxd|F7?s72) z`IVWZiryOfXzC6`Xqx%c+W(KS`)X^d>%s+`o{&%ydN&|VK$;3DsG&+HAYH^D2#EA9 zMG|@!klqYU>4siJ4821DMT%fRKt#}3P*i-``S!s+-hW^ntZQ9s&N=27&;3zGJ;tuO z4O8iMWY-)o{Wxku%;R3*?bCva!! zLc9}bT!All!}JVVfqLvve8Ov{?hLZz-z+Qs+{4ya+}byM>Z&h50s$**NU3|~ap&n7 z7lA8JKEjHV6gcM>Zyerg>duE!H3R2>gOsLfw(DumCd)C9j|1SdWM-gK{k=6ypOK_* zc)4KXzq4N{MCf&Vx|f9xU;B`<^mS&4{Szgj6*SMlh6qw2YA)6J=OMOP7X-7BiD7M_ zUjFhA9a(J8KPbE?{(VlH|ND5tLV|ObWsnXVK|RK#=_~vDsne(b=*$O3U)HQDuqz<-V^m4I|h{BOhSxBvw|| ztN+x8yQXcHwH_4E)AR3zIs0$xwjE(|?41Q}K~7Kc<00~P;&<}+N7XYbMjp$9ihLr; z_iKX7DkbIMd}$*JP9J;UiY;*3;p4Tdn8j`Zs-9{{Sr}+oNs#VLRGAj6Eg)*@~_OO=pKQ|$wluMlBIPr&$ z+ho>Ut{o-k4py$T?`f00_8-dxOz%3R7JWFgX3=8EqyBY(dsFy>+5MjD#>7u%VG|?f z6<^asIQP8dgFc*mmFni@m2d{@)eKt26QHM#sL0?WcU<>M=M-5b7pli5H}_`f>GV^( z*&3*j0ge05wo2vCura+EOom@hrSKX$R?>jdl9kQv#;tzW#%kr!h5v@qeM{U-o?R&W zir_%mj6J<#inr(T;DG)9LAs$$lCC;-<$GD2uUVaEb+s{`*SlX=x|KnML+HR@iZ&;u z&N>FOpSXUm+O210^>U^)zngW3HFmQj8Ys zouQVy4suP(f*Ucy4VxF|H7g%$MV4PoGst3w?F+ zMDXEF*L&qF!q5#h<1m=20f?)B91DGWQAJ1vrghq;8L6K%06mlR3rVHijkuNwQrOUA4;yH`kP@DuJ6Bmq1hq9m6@}cG zy);3Q+xAyACx?eXC^MN!569uFZtR)SCURbg>djhJ#)oD(21LaqiG^8eXsaw;RWzWk z2r0!RU1{+4DR!fMIPLG3DCXmjKCo&>#|uo*;Hq>Yo0lZ;lmswAASQ3#^-eaMJi0qromTt%Bsn|WnZ(=Y z=jG~4WQkhVh1jisJJlBn_NC+au}T$du<)GNKH>%RMBrmCHqL6ou(&0KRgj?t$d-xN zt#k^nP5sK_*%p6Rm$dXfAXU2N^pUyjgqZsq1<0Ju*$)IA0nOaWr_`#C77km9#xIp1eo-brFm4zUyglHzH*&A^zA+x zh;lGHMq!;*;=xlsaPQ@|I1ApcSVP1P?aF!erQz>PxxM=N-QL^H zpDsq4@P%z~Gx-Dwpch*CfQn_|$H)~K2-7N#PN>_TGiBdr_+Nb`4|B} zMVx6v2CqFcWd&69J+vFc6EGf$eA+;G9U0M|{R>71x8e9Ub%g?)S#@Q&S7OX2pilp+ zx_dMvXq%KhMuqhew)W-~KEYVH0gu+HDob-x!0$T&*#ed%0VLOO+wBl+xquI=5KT*? zSxmU2oZE&fVL*maiO=P^Bxi^aGZIYCnPlfImcK2KCN}OwlC!76+sFuE_6zAWa3pT3 z=JvDycCY4*;wwhvQ~E=HLa5w9*;ZmKf`gCa0tcD=4FQJ~2e47lY=2r5zwAgA2hy$p zFQFbKTQXUael}lLk(0fC(fx8!%7%c{_wO;|n&3&Kw${`GZSJ&kzMv=E;bI)#H0f7Z zHcB0$4|nxfAV67*YM0JuITA~&;8y}_vBqDe-8OFt68d%eizN{J*GyZ(AE=9i|73pa z1f5Ml0zBmVEt`f>o^3nKkwU0&kTb7Quv|-<5Lgdysl`n9 z-yS&MNh1Iyupk<@>Al1O;I@=ZUa70KlB<`u*7gI)KOW$CqQ_C zHE&6~KG+zO=v+hm>MZHaC)R&i4EO*q?pW%7@FTfJs{VimvqC|wT|&&eI2Bgil!C~A zRQ+$c2Ll6m*fOcNUIIXutgeRyL#~npvVmMf8!tLGKk#puiP+2+Ih()JYC=mFDDV>pF`{DpTri9kFF=n*eR=*&^)P5g}c6rFQ z;)&hsWx`>i8;_3S_N|vx1X_zVH6&?_1}e~E&&%Ukzegu`*j=?5acC2sCu*8%-vejg zvle&wp5*YfL!iTXzSmWnX5;zF$hgoMa;E@!e^e(h z9qIubYSd!oHf~n+he{v7<4!x67Xal>AcF#F461;*t#H^TPfP;Fb0gr?&r8gFy^eAi z>;kZaCrIblMK24v7A?M0yupu2^Cbh&z3JdVYe32w&Uw%^ox_{xDttCG%S_s=j-W)Agf%1r3TFk z84dm$HYrL4x6#ddK!p(9v*Ddu+;^6Q$N-y`y-&&yuNSGM1`qfx>KZdZsQLzZ0sg-!M`Q+cr$z~nKaxrDM7 zh5$f8lFJ^15-qfnMOd{r<5_aLvp9BAE^h()u%I+7$n*8B#Gl#qou)7Cr0)U+__g=~ z8SKN0b}TW%LuACn#SC!GrG$;#*Y)(NO4dz$S^GZl!Sw-1CMXWeG7|%pFm@J`Dw3PXS|MFS;^ReLvT&A+j(aoT926Unuqc-2y{Yr2Mtq$#BUKS4?|C4e^Og%f@Su zh)HH@LmwUOzsfx#!O}wC2jK>o0TB&2xT+S{aRtBrVJK!O>8=5itezq#8B@Bdlat?a zF1ClKQ`f-4LB+082*)E&;^W_Ncv;Nj@X+q0c%$u~QTzLXTxaImkzT!C#Ttj}YftNo zDE4jypk(fXuh921{;!?&Et@yMmhVSLCRmThL2NrCzp(HxO5(U#W2!|12a=#8RU8LL z;|4GE@Yvymcu95<_%#1{{?Crh4Kdl|FhRmWq%d%!=bcS2nmPCCi4* zlN!QWVa~kdyeU0r4<8cTk$S4IWg1*F*0huB@^Irvtzpn_S4puovCq>>B3#)7;IYuU z7a}(<{J{{MgPp{@q-`GxJG1=B z(mz*L^-4%U-6nmA2-#vq{W03Q=h*bC_kcj{v+vtJMMee*TZD%rydS)~44J(GK`kq1 zt6@P65$B37FF0>VpM0T7_la>w5;-E}-*=a`TWASq-hL}-Jh~>*^x{9X003r3eY6Ll zZHRQV5JQ|1usCwrvXkGtvXoO7brDXWOVrO=tX~dc0DS;&P6CgX0bmx*(BLn3vRif0_ER^~KjSkTxvm7su)QRR25Yx?x5oMPZ{UEja8{;@-a6) zivh4qK1Ssvl)BRXDYsFtCz6&af&G7cOs!=(3#Y5Bc1#=^X%?TURV{B-C9VYy`-fC* zSZa2ilwxI2jU-IG9&z8ND1Fu@*%0h%-v^fuy@+7rF8F?@KR-=Kj#o8Vy?Jst?bdvx z{JF8p8#&irAgiHM^V2075k7lA(lXCkogscLHz`!Ix_Skngwp8ndUp2_g)j+%7sLg8 zP^q~N7xRseOuhQ!?{E_2^erXc2R_*5AK>)*);N~m{z=y|WKvhEs}T6vt;u3OT8_3< z9Sh`@7?;rn*;9IbA*Jb8ssCEQyl7VvQYuUHE7k7>>2QJ z1U&6*t$zD&Df@u?uU$Axs0lH*u=)T}b9~M;GT*70H6vpt2BeO&RGX7gCljdy)`Y$ckVM_^Rj6{?kspJ0BpsxeK34oaKs96*KZ7*g{pV|4@afMhDfL%&2j%0wCxm)4yv$=l6cS z1H_^AWXfq5xjmAKNBy3pcm8H33s5iVe3wcbCO*u)@i|RcTppmRgZfr0u^UDg>p^%u z78Oa5shR01R~!595(q*Q`@7%%J}QFNJ!xekL!scn76Tk70)uz=!hRR_!-6OzB^d%3 znMBMSuxv6lc_{E&sBqk@;{`nUO9VZlkktrx)ILoW#n@B+%G>t6B z5@!|^VI-$8HaTWxX^Q%b=&M~=yD!Q^BuEYW0 zMu0eSXR(;jbU9xFy5(KHV`lskxDTuVn*<4Qa2OT5hgM|sY>rjn0`i1gUwJfyg`JTw zG{mDD9+C-2RF}3~=#$P19ho7%ah0FP0I9brxO4Y4XGJF$Mvv_pwF0_?;Y^{Le~FHQ zA_3ru+_;ZCmRw4)RT7f7>&2I_tmuh~$v=>C+!pks|JS^|J*a_l;mND9k- zl-J>CXi}7EY^7PAf9&e0w0b@kD$gh=@`ExtGZI~ijMO8NAca~6o@V|w&Jklv4cHjA zEu{9lk~aZE0;S9dzbX{L{n+HB``OSCwWRgYn!z(7Dc};d6j=X(_AP(#!CsKnNy#)A z6AdI3xa0H?uxt(-SO2dmUGCnsYe{$R<;5 zf7^2R5*$a)RX+RSF92^I0RkX@r$RPDRwm0t6RI9E5tQ7MMDXwK8rQ`xe zbrE9P_zX{56Ri7=hV)<58an#p*wdhQS@8ixe35P&)#y%zRbmZ)QWa|ZtpIhih!YTm zji&6La{6BP1~fyzZ@YyXL!7abml;q99v9r+LMO`3j&Pq;q~G zyJUE=$0d_qC~U2rD58;2cAVsljjYCs7NA2R+3-JY<*wBo<<8&teM)=3K{317<{|^A zlDu>B#sC0jh}*{u634_Z4yEXOfYqGw%bz^w%!R@Vg)_&2rz8CvYElOsh7DT3=kmED zaJ~n^RGFV6Hpp^7BBv(ymgsz_XCMnT@LwI6CB}r(MUC-;r$J-u?iuJ#`08gJv0QZJ zDX|~gi+^}G7Rim3l$5L&STdfu0U-rfc`yoy)D`y0PSWysKRS1%vmNy}An zadz7`?cgNgLs?Y_%(>qbe4HeOkeST;5vYQzC}*3Vg9lsN8eVB*TY&*}vA3&|&}qND zMz(*vKADdDDPPpz%k3PE>h!5G znvNHbKD`6HzkxtBFVyXAZgtcjw;1q}5=6AKp#1$H3=S+PzD5fF{i3b)7apvC^XSK{ z?)$7RmoHH#e=VWW@;4Owp&RK_;7MnAY_#wC5DWmj?Bzgqv>V$;yaEl`XzS_q8 zu$74M*E)v=4!^q98N&J!O#s8d(9U2T3Ha?KRESuDK(6ETSK_ie(148DO4s^^H+ayivn9xn0 z=NACu%|LIsh5Q&OJOMgk1(a=7C`vM9W?X3#K-zeCo~z*`0uztnuL~19w~(UVD#K0& zwk#z&Fo6&%Co4MsMQ3Va&FTGlO(?)XV4HP{8dHl-e(}WdXFF%^4}htQ;Q=Q`><7jG z?k^q3xuma_S^*SfC~k$hq3{qRioul&6Hlmi3 zVGFPVM*whMjFTcz>_~7Di2-~a%2h2aKD$v+tPS(~A6W%GmC1=alOt4EqH77VlYn0$ zgD2Z=R4hBrR)e5|Hzlhf?7)m3!(HN3 zv0;W7c=%OGO7e>VZ?0bSX6*quVx8tmFh?51cCXw@0A9ll-|bG6kS)#l4UxTs(q+K# zNm`ri;tOAbO)T6nXLQw;Akg@djii!cj0)!3A1LP@Chi;5 z)UQG0Qdz7(ae-j!>>g(%8XzOaaur)=;Roqb_gU#l^-^(J3zwd>x5Q*N8PGJv#A;j) z6RHfa7})X$5}u6}HHZlni_szfP4Gj}ln6hF0v(pY0M&I+%7FLSHHxO8_H8ZA-~Uwc zYyeLyfdsHET&O+m z+z|0?0YNn$n@y&Q|1$ThCj|VBy@(PqV46}iP&f(_711Deqa|jQA42E3pj78d29=<$ zrL0~{n{>=DZqK}dF`z>~;<`T)x+7OR#r{@TJ?AeI0vOgqR4E;{d>70kdTNCD>Yn#J zZEX$AY=0#5ymhtnmQeA(l;>$1wWp{s&jiYxl=#A2;1!1SZ%(4qc5kv{Ud?ewtCWc@E2a3 z`ce=CJHvpyOtn>Sd3n70lHI}_;01`tZU=ky?M6_Y=N+@UZHUEb3rcv zZ!>_4-rszW`Vseh|9RgnxtAJKgVhNwr-}}kP{80P8%|FWXZ+%$@x(qOm;?N zJM1+juhnxBz5Dba`SJE4Sm{M(D(pOZ zVy}0m(yQD7s~5F`mIO@jUq+mvy^1AI z3YkuyB`kb?+xLk=4c45eNOJu$;ng`ickTFf+#LEA6;8q~%=dCuy&Wl|jKSE(QIXFB z8*c}nePuWLn(J~$)Et`WPIaX%COJ-cnoj5XEhW8}o|#x`m*y&~dwrvEirD)G4V(}t zU9NsR66Za3mart!I2}y{re0n#eLjJIWZ?4Kb5!^R;@f%63HhwCvbDKrI=u7Zn%cNnNYoo@ddbR*H|KER z(F4%o0m%L4!t~|!rzJoo7Os!~a+Ukn?`(9)O`VJnuA$EZrq2-G{fb&V>pYRl3Na(g z0Q$<I%p&F*W26F`;>Xkyz0uf1(H z9>meW9`q}+Gf&>V-4y=4iQ*l*uL2e&PM)8clr0~7>^&_CkU#VJy~M<(?({ehk9~SQ z*6;;L5j&x3Hh7`8^VIbFQ!3m4A-C>NZ{$>MzxjxkWk3{}P~=V81^MS$;hp#lfaQZ7 zFNbZt$Zb0xii4{LrV+g&_M3C}a-x@v(8jEa^iy#_o67gGQ5&=`IKO zc;*I&KkN_ea%N2;DRbk>IGpj&;mzyq^_>swm_Uln+_InO+$YABaR>p>wJY`Wf%H)y zU&@}`7k0*m0{h?r3p{_|us*G*(z$0lG<* zp~c3Q;9`*?Mr|_v>i&Hukposz8E5h1IfV{8&eoN7t)6QWJmM+*aCWjiePbL`Xs$`N zPj&6*D!kz{QJQ*gH%kl)2wI!$RD45$-^Mx@g#bCv6M?h8V<1ng(p@_;3+pXZ2G5?q zdugq=`?S+bvQDa0GC*tdqAaicQOpSO(;FD)sQ!XoKZZlLuO{r%55&UhtD=tt%yRb_ z8-*7GI}Gq&c0bVma^i6KuO*+JJ-her^Q8vTu&mY82{29n7vJKWxh1Mt$36WbYaP%q?;jh6$fW+}R z5t25LBHDS&9O~GM{Yg3nG7A{V@HsHzYV+=PK4P5reSvbHz7*+Q`PVqtOP7vLd#y%k z<-sqT0ES8pc53f%gqzT|63^Y0x}L;ky*!tr^MeNFbNmM1sf@C)W&X_(x=?^{D|T%DQgfH;5bdG3(pFN=KPG4+D^LidKFm zZ#|D)&Io?}{*;^G`zHl?j5R`ERMyAP)bgjLC1Pia`a44(q;Aze`_EZ{?}co#7&@gw zNSnjftXl^5V;%)U9PSuDgR${{QncXc;{|tObZHR2gmNtcP|}J{8C2#a00eb*cN@}- z4(Y&q+Toe9*|;>u!B|uFji&CcGNFM9W~DYRX?Jf`kB{w@SL^ieZ-2kc$YSU>YtsdK zM`-tgh)UtgSN7!vMNKHwVac)O!BWw-c3eNE=F-68>EivvH>SsP0SMciDCi`A9J;lS zKdAr9w4a*Nx!Is%$cNXMAo8#E@Wd1H3ZIhdu^+Th_RhiZEt4o|v?w=IS=#?e@Pmox zoA}I$Gyp@oU5cZitG{P7&%HQ5%BBWE|G4pM56RPo<0`m?{ktEb)(jA2(=pcLwb%VC z-)c|-e{Yxh?qeAL4d1o6{^IC=2Ro(3H=pg6=dbI%c=Gr&aj&7($D!8ti+3DGWXkF1 z>!N2i*LYQzs1dv<>dO^AhWqiSV+{6c%mM7v%V7R|A;IpRpLM>;`>xUSw@YI-s`D1U z;kESwKU+f2-46D3zao@b@*{-AUgHMbeohr>A{QYV#8{c{3e!M<3M^3(c7qQ5_=1;P z=~&k6R3Z+4)H6Cwvp!cMw!>7GdMD2^lH?ybt%~mAO6F2yRG(wl9Cd`y6YQ8%=VSKu z!=TU$Gl>0GZT=ByAgbVNng{D3uHz?c`+{>q#|<2F+ux*A;GY!EMSqj92$T??3uG6* ziIwb9?AD{iSRTItN-cJM69c7w5PQ7;jnbm%C5w75x3oTyG-6hfm3|U&n&TO-kp`!C zlE~KT8QbJ*eTQF@+@9-TpQ*i2s4@eaHx!=rg#qD5^T2GQt(2OAt0+eR$0;k*-wdqA zi{aVqf}ES;M`1t~yYEFy$F4$WacxotSXRj&?*u>ZG8^qw9yUl6$-U{OwybTGzTqmx z=7$+~S}^kadVxR$_Qd2Q@@awXRw)MUZ=$Kx8k?jP!#W~8j*<|^v_2A1ZL~Kv^J(>X zTH*}RWQ=UFrI$oJD%G0pp1Ho`UmB6RuCdXryO(T+?U672`0YLz{+9fB)=-C)5C_q4 zQhqQuG-ynGgiZ}k z%;es5uJ*`%x{FWjDV_^(>uo!O#QVh-Z*reU6=<>0$cD?n+(_7Vh1OTUcvH)uTF%lM z2)j7&ZU$HSN2?F}f*Kl>?8BBjA_xatS#*0#Zll_yt)njy(6bJJB9^29Hj^uhJwMwi z>5X3Q#;YqQD@+YZ67ad=iJ&eWm@1u3S>0*`82Ke@X8R$Wfo z*&x5F7IB+2>X?3FUG^B-IPH;4>iXE)_LObsW;%#iHDsV=YasK5cO`+O9RQ5GN%Sq0 zBV~Q-tmQFnuskKWd;zb*kyN^-!BIpw@KNLV{8nDujd#66d(Q1cFZ64W)J;9J&qN} z9S6Wk#pR4ZQEiW{81}sW;0zA~4f@)ZXWYH!Gom6tx@SL{{D!gl0X(0jZG*VUAbSc( zrHTyONed)mI{+2_E9Wrxfz zo)ubWSpfI_(rkW5BbZR;`7eunFqi0oqAz_r(((Xb6S*79rLUUXewiM4zPaxkJN=Vs z6RdY#q_5Hy*edSn`#b^=kiD%j2vuyXvwJz4(AW{|O8?g|WAgiw|Awj$&XTfv<2mdSm6Ef=V4&&d<*GZ|hEOfG1a<-*eTsVgQO3s*%Yhbt$4$&_K94HZeWa zasBZU5n3|yH7oRZPl~Vm>E-c&{2Q&GloVT{IqLQb79v|Oi>iltCx0)-{8@Zw)72Ec zjs~Ekz~V$8t6i`5MUUGb1E@U+<~ZI(`G0#!CqqItqQMWPSJMbr_bn%DzF7ZV-7mPR z;b5Jc+LO z7^c?EXkFe{J*~Q({VcHVV9I2Q>-S956NyQu!lA3tqCXNf!|viyp*oegH}CZSo#2Ft zQ2AZ@ar`J$L7nky{jU={BNVo<_Uvy>Ad$rcp!u&};rPGMl68Qp{iK_#o0|8(4gxLF zMpISw%&^KksE4}y_4Uyxjn1ei(hs2iU^^yVO$CaCJusoLeC`a2{=oWGI@;s|tBgSe zsS_xSWjj)f?uLiiE^$T6Qs{bhFJkDh{+_+wAYM3X{eJ4b`k z+#`lRc*!K1rX2=gF2tR8k8>GTEBSB}!bdW>hj zsTfNonRqzIK5>4kXIoPpm}nz-l@Dlwg?=7|kav@RjV4bQAZzK&r=`s&C8!vrNGv^2 zP>=cZCL#cb7M2e7u+q2uh!ApVNqgl^Y}%;lgg(rGvj_I@Yp?FGUD^AYGyWm)d~%_OJn{=f1k7x4w67 zJR$(3Vc>T20{qdF>$b5W_aMztHj9@ZbQd}prsoT!m;ho~40B5S3X;YliQ_Czh)hcy zZ1{J{Y;yFHOgh=F^x;KeW5eX7Jj zZZl`L@`AO(hh+3f$7H1OkXu-GQ4~yCYO;p0+Kkw(O7Clxy zlg9T7pmm0P?Mx0lg{(ILlJ~2cHLT8JGE64`RKf(v>JQ=}x#~Axbru6*7haofRL$N~ zJ&36-uB%Ehsvg~_-2DwJ8wUz>`@44o9hN~B@h;}uhTc6-ek=lIq@-;Labgg^;7gU> z?oPGV#Sxw!h--k1f(Gm&fPK7tG%R|gJ5x9lS%O0?PJrqNRf%Q?VR7(-Ot-V5WT*I6o|HInoz?^=7O zn0BSyp2)d)lgB1Rs&dKwQmk7gL@ONew1GeM2K#a~7ExMDeNe}!S)E`>a431`+469u z284lHkRjjq8tKR;3ZX>l2J7$%y49H2^r)_eaY^_fyvc|H(bj0wnXJ9}r@=@dM#6|G zfd?}=sLJjqOG9{YJbbs!?3uQEQNA}u=#iR{$A@aC;R$Df8yyrL7*G}}a-(Iw2q~`7 zB5B;>yINDjXq2C9QH^L-7HU2BsZk!)q>Ju~sD~UPORu8Zw2a&IR$E;u&y0Q-%JyVz zh3W5k0L>%1n>|fgQg6Qxw3N9699w{F$9aQn^VyiZc{o}lw88aWM^h^BsVvli9wV08 zI5!3?W_0*P)QH!&fcslA=m-l&i_+iDXrb27;@(i9uF>MIM7d}01iN&}UB-Up!vZm7 z%cP7@eM`9Y9a*T>34rLvq@ie_9aQ^v0lr`Vie;|V2P;h+8WujJ^@HV64GIt+;s9#y z8QtsoZx!IHB<_rZVaVY2`jSq$&YtJg^g76dF*?n&HKe|mJF>H1sCPo{MMOlGn%oOr zK$EsH49_6HTYm5lNfbgu==B44H3snLdM21%S^H$#M(JJERktduaPY;Q2Z7HUNQz-miK zYCn%xe}*6E_C7)(vp+_t>Bk?0$bLUbu1%x9Z)t<-+0htJeLv`o9+Km^rKdNf7g>q;mC7u+nlv;p?;g%6fssTo zk_u^0jb>p%Ii<0*G(fB_bvjMej75N+QYPKfM)*p4Z$~1TTGLbVh%|ZRp5}%L#=(V`YEToGCVCo+XR)e~ ze`zpZG5|x*tiv_FM$Q=#X(8ke7P zBhC@0!GoGhqNY<%sUr%s5evV0<;mWZs9r0Rm^NuPhx@`0v2D73op+doQ|7dILpdq3 zLV(4ZSqr0Fa&e2(eBbb@!MpD?alB~=$K*ovBa{5yU)!d??$TrXrwJA%LuDEH2;^L_ z5K`W6k*P`9zg_f7XTcl{ms3XEXoz&cQdsF+c;lOB?=?>b^34g`Qmi-3hYlO=o%5D| zk($14k-0Sfw=u_Ipm?|TT>5(dCy-a~`p3&JR9=9O50=X>k5$^QC@PK3TI;9xt{90R zG|-5TZwDt`+jW0bh|tYybSkfx4%Jqhn|r+OIdIOQt)8O`sp4s35tA827N)hul%=jv z7E{OwpVHx3k+oL*k|u5~bPch7utu5&KPSF{XsxAF5or`eXw)0*<@JQi^U{nZ?)|Ol z`l{9B=otZ)i^U6kUNC8;sT)pHmr6mU2h0Dhje^-1j7;g*F3%X2(vR2ZiEm%oOlsP% zUURqJfc|Q~)gPrsOYKT;5P5I|Lid0Yg%lYOUqZpm$-iO0%uVaew^xWzMbY=k>}x%K z$Zqt~YSb1Jn$rCbS@z#YZL>99v#m@eHYVw`{%?(Fx*q;w?yz*}XVg0j!bsYSR+I4Z z)IF*KGyGd~U6Z&KLSE3;K#u~)2F1`{=ID6qzI!t($Ugd~g7>^a zdyZt{Z{53hbo`c zOGV`Y;CIQeIi)?=OGJs;UM7W6&Ca5ivG*o@>$1;M@6^`m%Ofst*YneRBZNkxO{X-8 zjMr;he@e?0(F@0>ZU0PR4KKhKGN(TZBUDb_z4LjX!-+d!2pO#%+Bb*vK!_U<>?1A> z5n+YTE%AU17=qaeuZRPy;$Y%`X*PH$H{c7Co09T7G^BUzXCTYTs6P+hxKI{X0E`p> zbN`ECd&U6uBiLUu>e0XIDGZ-k#N+=yUcU16xyjN%+SJR2W!ssSfygD1$0PhNwoCdD zr(Z6~a(o{oEeAJrUBH8lalf@SeiyuZM>87_;nu||0TUyoD>P=k^qjBUa!~E|(>XPf z>hYr~{s$C`_~*rY4hxm1*GSHQY;eHdXqYzRue~o+h;rBlcylWn$shHG$#dnA*;WWF z?%vQRXtsJhGVm(f;w*!G7O`}~)Tjvm0;2bx5gCXtAM46~(Wie!KkjEwJJ$4D;&&W5 zb#<+>51~nb|Gxa<&GAtXD_R%AE|EPzNRfo+zglX3KRlRt)}dDbGa{bJ%YRNa8NE3n zf)LZw_P~9BfpQQCGRyX0ShA-!}%0Ur9~?5i*P*~Hjc53aqXR~$*Jw@t-^X6Q}+Y8C3S@hNy2%fXK1>P zC0Ns*tWAB*w*?n1R;ajv~=Em`vUjwATy7JKcF z@+s3vc+kjogVS6B~O3{yjgOiwAsy$)nFlMHD3P>IL^ur7Z2nn z>Lp9N;YqBg{-(XB)faF{LCS?^j7XO>FW1@wi{pw%80UGv6rBdMtgOhjSnd`)7Ad z_siG+9rJ6l?U( zHC1h!Q?F?7r+Vfpo`jWo!LPb9QWygtKfzx;A1*V}IWEpBzvH=*-FMh*uA%7v*o6M3 z30F168$~9?z?1+SnHx}9v~ENW6(kg}6Y78~iGsD~LPe*}xR2>d&ER6(UC~017w8v- zSvW#-yadIL9VK<#nPW+qJF;Mh&kkJ(Cz1!BdhA@IYOK!W(v*jZ>rkAPRLUog~8uoo&)tRnJIOXT9DULq@77BkItk@PXrU&7g{IHc>kKI5ds zU$ePJPmyQ`#%XS(>xvB`XTF2^;(eZBb#>jl*Et zyE*TLQ*=i!t^+y3)U$iel_ ze2^e_X%Gg-HT=-kk>kC_gY;en`nLS z;M%gYbCD3Tv(mj*$V$j8E2&f}NvZt&{(^HJ=RD5&JU*ZI`~7-0nio7atyG%FJrPEO zQu^|IxbL}|d5qT-&O6$%<;gv(bYUv?@~O8JruRp^sPR7BjKM#Fi5doAkyHby!LAW!Tzi%9OM<`2 znd|HsbsWiM8dO!+>=&z~))W6!)d?S2b+!#78G)K;CjE%mwuw@5%A+`2U-Ptfx6h*m z8u#VCme;;CEW~SBJ@;1rZ`=m&e$~Cl&G?nrx6)M02Vm@{S<8yloT3?g{bGAiT%UdF z)xs*o&3*ZQd1FtX0%Zky3DT0@v<3S`D;VGa$cEd{d6r0a`S$gSv!#71+;H|0j9tWA z>?<5j&GcE>9Wf=zwy|fk#*6%wwH%X>s7_2o_u}>gf|0CK#XRaW7rBzl&27}1wK`Fs z?{nW-OcI|T;jnrbh=`Y;TT|MGAb=~KXwc*a&oxh3Vo*`R^VOZtL+mfuEm-T1=LHNH z1{cHzV!PRJ<|;=*JtsJ|T+J$PuNi9r8y97!m9$q^3c*4wKNQX(ex0VpH#$dYk53Cp|z zWE_4%DKsM3^XYe?z6w6&+CMtI?hvTYsFB36HD`Qn745C;FjXzdRsEjsWHEeMBGw^T zv#?X`@hIdA_Lu&}58QmiV%Hp}6bx|Uff}uT?6i_Y4NiUYL7{?AG}KiOy!@R)xme3r z12~dO7jk{wnCV190L*{*cMLcK%i1`b+0<73QnRl}F#!&9!6?;STZPzWVPTX?gV1Seduu)KY#@{4;$H8|H@j6#Upy zC>_T{kQhiCO2iCQ6*nu97xLvQ$6s?OBNXC zdNw0Ofhf4XJ^j6fUH;qCZRRqOFo{9yj<#H$Z;U^M9^0~`72NBS;GPX5mi>P4?@uX2uNx$f58Vq{h~xrv$A6Ziojm@lsb} zSXSHXQ@CumftUCsrnm0l7F*w9{-3QZLRML*LixRmPX_5dtG`e}A>u+BhT2i;yBIS%}|VNqlsmIz0`w+0;kubJ!#eE@rh~hXijWp4-b+BQlwThA`+hRJL@7+#*{QPvpkgQulHfA}W6<6PD)8s#ATn_>e z{#Yq(1Cx4~9WaAu)R{0WMD5=Iz9WF44$07xGNosBQZhJbZ|VM=?VM?8d@CytF@Y_| zBBYD@vdx0f`)uL;5SLtbc5i3)v1XeixN?wYPGk}dp&=?!=KB@QW8JCpX7p0#d7I%K zb;Ioz#)l=#F`r>EY=K0bVSof>Kc2$A2;k--efl`;-3~0QCi4_hbPLIlEd4B&DmxGJ zQ!YmF6k6YdL}41t_v-lDI)<3YpJ)R!6ElX@f&&d#4tRP%Z=%2+cimq(nq_huKqo!Zn#6!Xrx2eT(9( za^jZz6*)_Guj<%(E7(#$R7aVb{q;2*UbGxsm(66oe=|2@ZMk@D_wiUY7Rd#CJUcP< z2Rnn9gt!7eh&_Ed(VMlXf6s67N;K(e7q#V}Wtj=QJU6*CG|A}-G*n>{UI%&*(9cpu zKpKWuk@>5r)7kO_QXQ)fQJDq)N|OMRQ60j?w_6|Lvg{RT~hT(>Nxx#g%S1bjbp zTm<>8BKsFY=~G_L*EHVWj%=z$jJ;}PHRHor-L4SiWRO03;kUFlT~HP;^Ogma*WS(^ zuJHLe$neJmPu5IPgFRcvK&j{5GO4QagPALT^tsugf-C?*7AE1*5pC-ii2Fc809Yj) z=&_sF5JdGZ)YS4#Un*jjvZ08qy%quWJ{J4jBdNdp0J6sR}*OBab z^|8Uz9{fQ!T_HnLg|A4-)b*k{xPQ^Q@~>W)$k_ z?v%Sw!B||nmyTczlk~A*eyNSYzYkPv2bWUCB7f6%@mS(jKK=tYN)3gI(x%)i}hd08FQ+APX_UH-Ac z^YU#bulEg>Fpzz-7t%Y@mXz7BE;q3*WtvO&FznxUm9YEiBAc>z$l5PIm*b)7lvNkAi#g?Z z2{AOhDu396Ca8{V;T>gH%L2*n7C)HuBCZsy{#e8HEpMDVO(dmU6FI-#Lt?g^-0pbw z#N+OcGnXnH`f`w}VF|t#mlP$Ns5ayMn4QQ;2f7@2->BXE8dLr4QzGC7^+I6h7x^ra zVbIlGYB-Ti^#@yG#{9|L(yCRRo91U`c6^)EF*E2NwS>%80qofdmR1X0|9c%*^65=> z#DXbysGmJQsIA#8k6V(&Jv+n48M=1I0O)JgxFJU7HQ!hnUSqe{PpieIv6xRYO`>Wx zRkJAQSlTR&EFH%r`HLM%^Nabj{!$0>Is4-4Rxi2m<<&;)PIIz~ z3fZ9?yrKB^MAts6=c0eRkD)~QhyQ0Wn>a4m4p)iW*#ap9a8E{=FpQG(lvr<@C* za+ewF8Fz0bE)^TfzJJHd0n%Sv zOQgDowXi_C+`+pa9c5n274kSUdt|&Os7DH2kUrOICL0fEpl>p($IU_Gh)aKng0+xn zuAOVmo8hZW70g=ez(HB2yYocBeXpPyBWtT?5O0_y31 z**g+^fx3G>e>bHZKLbxe+WY^I3mIhY(5NE~@xM?iNg9y}j2Q(U?gOk?09NZ1^Ib@! ztSof(A=x$d%mUn13KP`q*;XNLG8M5#QwEGQqCM7S+8Mlyt ztw!oQ50SMXr>uLt*zHcP((i7%pZPQ~?9wx2gN=mOyX+FppM6N5*P7Ra&w@X9e*98{ zC4#+AZ|tcSQ8yWQ_BRJR6iT?-C|$m){Kx{Jtt zj&1*2E`-T482+nhYFfn$*@~hZ+5HR)%a4|>WLd&vBTA^mBG4w6EcWOl-@ngx926~` zOVNKPo-*5>y%bhn9ocWgD^{Bqy!cS*LD=QHNl|gknwDT5I!O>F%+ZGD)u90aS;rTQ-*By34MCVBsP1K&oo>0#*BpLz z%Z;rXG^M46&?gnJ3%bk zdz|0X06wo;sPMiA{mqR2ok0Z&gPVnABki*kv}$uWlE|z{Ddeb>%Gmf-vA@5!FjL=I zLq6$W`}yxf;?v!sVLzjXFFl`fP5hpaTByrn4gD;d<9k7VK{P1zDqk_FK<~By%akko z3JZrUiL8ymtHmW?&8;|)$6xFQWNywl{0r{r2L7mv`}sKqX20dd360B2>UkHJdG`Ia z@T6H)=-_pFlDzBu~vKq*KVn?`>D?+$ccJNEdJB0L(Kv>DU;Gctbn$iomCwX5)T*k37x z&UpGZ0aQe0ExT&}=UNT&8Ps&_OxsH#bqwdV3yEyy&oJ*?%GY_z?*Wq?SI6_&o;4x{ z5~leJ+%+dR2B{BajO$$^@@vltYOA?#zmTlTI&-f7`tVk@ka}Asm&4{a2PrkRF|-5E zTbXQW^=nfJ5@yz1B6_bwWP=WNnb~*>1ji&y%=zV=b|!RjKjcZbPl?}$)iJrUuZD+j1;!D}N=yy}Yx2|!l^~UZVEZ=~B*h?I55jF&9zPAV71tCn5B zHP*fL?t-k^t^T^O%d!rYmKjR{p0<9?rrlY;s|J1I30NV5OqKAKcKa| zGmJ?z8IVvE^jl2pZC4D3L6lpZxaaM%!Ab8MG;rnRFGzlYhMEua3z{3%E^e7?(N$H1 z)Q&bJ;dDe{%NWB7bCc_s%Rx&GI1i16_U`kr$`8vrU}ZCR7g!{-u-_+)ytNMO%_@^O z1$zb>eYT^j&;uq`^F>2mC6TZ5oDoW0T!}o{g|AZO8~4WEVI8G9F4N3JZQ$& z_&)*_P8a#&>ReI5f9Bmpz|Blrl(O#}=f2PI$x{y&!P9lSapNcW(Zei)L_-uKS773m zPR&QHS6RNOfP35tlaDHX6iVJvRFbOlAC>V)ed&4qcv{Lz4QjpI z5xHQiTo{vzGTM%FZ_j{y{q2_4Glldmus>h*QT@?dE?bTC?JRcXaa^S)TWvyXnxJ@$ z&Ee0ni1&ZHE!_R2q(YwV#9Hka_~i)2ydF}1eP{9BV;+@BsS}m!2~Wi#C_rM~2r4y_ zDVIFRdS8bPVHSm`GQQum**)VhWAt!_O%LnWQ$n+IqRB&ziy1Totx8m_3gxxK&6&F- z>DSik{8{a#>Kj4koYr+$+ zjoF-=!awwyAHAr#oc$#{*@PSyr233?wuOIIJtVs7M1s?3N>MzUJt6_bUu!9$82hy$ z)L|%f-01G_u0q3us}X6HxFLlufgG>Z0rt>vUQ`4xq%Zp{PvF6;e@xIb7JUAhLgA~r zcUrlr;^F75vgsf*F_40*5i|I7XRhqbxD_Dnw@9?u+s+o~$F?e6)3uOWoJoQuVskm9 zUnDva)C%x}qCeZvevU4izvOe5t-qvsA^ZcchS~Jq7H15jw#fcD7TWr6TywSol$lpe{!_+q3(BU=B zzw_E6cClwSL=Wwl`=jLGrDxC4)Sx$azGMEJY@Z!v{+`KWIIEbfx~AXENajPgo4-?` z$(;1G7EccPJs>COdg@B9eHt|%{8sC3%qm|1t5IC6b39q`cM7CzL7khuY zUONNHZ(ht&QhXrMz$O1Xbr~C_`|PSWLXtDm;p~mIYGm_Kgn%b%TH~VQBOjyi&5LN0))!zXc>OVCU3Z_jhpqb_1>@Qg1MwL+1{J$8XPapWF87_ zBB?4Wq!jyYi4Hy^7PH&extGTI>)LPCob>WXq;)S*wfysP!=^`5EQb=#UPU({c%-2^ z{V)EzZ1%2_Kk?ZRpTC@dPUL@5Gt82Hj~iD%h3*D@t)q_bRmy0j8%@8+z|3F}xnt{6 zZ#L|0`{k8l94t62aS)zuF^l`Kq-pnU2jG>3i_t~Z^(s2ZyN#_vL)rF56L>CP%%g!# zE(^^B+BvVZpw-)q<}w$~%|BzdLO`e36uZ;``gRf zZtC&1zHk{XWA0hNyO*Bks*v}c&F&}BMUm};ly@xe%gsjKZSs9Yace!}umL_Hq#w?t zxM;}4ac2l?RJt)7O88&a7%I9i-#C4U8ez0F`_Xru2wn$XRXnRvfw(<-~%T=6BdZy_e$J|Hnvynof4in8LZpce7Bt;MCR9ON& zvpo+S0}x4{@H> zaLhLTzBw>H+RPI#ZX09usfb@UGq_U+tE^+7U+OmD9FqAcW>Xa3eZ zZqMu3Nv6QK((p-^nrqZcb;!M53-NNgXw~(TRXwA?itBFf+FtD0pqd;UDJipX&(lgd*o+NNbxOPFC$9L(ZBhX5e)9NT;=&# zl#WCgf$RY=1Iqq;c{tkI3_p}$V~ zf4S4^B8W1(_Yl?YcOr=Dql~w(3dgMcXcVqd9F*$-^hhi>R9&Z_jdiy9boU^)Him1f zFX<W&!tUbbR>Yy45N zM{3@n)}EMl+yduR$>Cd&^8SEI-olS&qSC?0cPG;ru8XQq%tLBPefGS3O^b>*@q#+! z9C}J9){0|~8EFVZ{kE0b=0xpVVb>j8DxTG&ri4al!djWadxc|5;?cm&~XU)bsGbfY>363A|MFxeV23_9TSs3Pm0R@R6tt=CLVd~9nx3Qr?)^lJEKM=$f zC`B*&jxT657;K#=f861ypg1DW%`V?+*~oQ<)8R7KXgXrXBXOfr&2y3mPd?lS9er9^ zv&vZVOHwuF)%;42^?ZpwjdNKyw~wXe?V0DKlThgl7;*Ve_Yf+Q%#&r*fa1_`^cMVm zSyzuk?=VTX$g@$rh-F(){1=ThQ6(OORmOqOt(W5FUzrX=k_-k}Ese#9Y^}n6#s!w2 z8{yY=t99uNloWt{?~?8WYf{&e&3$t@4%-LKj!Td?c%oN8@|sT}r3t$j5h8K&U_(aiKHx+QHVE&R4L^MGhgm%)CNn$%N}L?h5pIVyo-R+qYeYoUo);yzatusag~cz(X@ zL4YSk*I+Qu2RASOB(V*kx7pY~&N~Tsyb252HYsiLO zflP)&J@Ahr@b6^O_4Rw}uF^V&XQS1o%#p)q(RMM`^q6J$>IS}vqPOqjuDEcW7^xSI zYNjv2mf+r8lOIVWscJ_0Zt7>Ewdd-D@c@Oj(Ov_=P}@EWYaqu-Bhv_SnS?-JvJ*+P zmQXP$bzewNgOI>uiWX!dv{Y-gucJKp2in?M<*ZYAMhT3)gmos=Tg6m$bgE3Le01nr2aQ)}51^u+SN=Oq(Z~aM=oX!k z4|FLVIM*YZ_e~PhVW!`F7vP8ch@MUee=n8I;@vlRdE`{6qN7-dfEl7-9;NuhdK2by zQ`X#!Q?g}><@b2j+V((XXoFPX4RBiTPSHJt?H@&zp2;(GIo^`pym^)wl#CFasCfT+Nh zD>3>t9ys#BX)efMT+%%#-A!dc^T4+~dnrC~$(t#d-BRIASmv0ecZ; zRa>sF?^x4?JA!hgi@2rMvnAxn)eWwN5GkC=d1e>bnsXudNl8H?v7KxriM;%g%XSi* z)28~+WMoih`z}|yQi)NqAl*ptz<$4Ov$#Ow#mu@d>z!^rLPF)kfbgr7z@6oc0xk5H zL}wGtncye#6s_8AYZq8#+;qP=FJDm7YF=%g=LcjnfNgX;5Oifg<_ZIGY28uy-|%uB zHK@K|D^q%0SI%rJnZ9*sfxO9xE#Cue2C-l%JM|NnqeDMPee8a5zg@{h65Z%in9N+) zl-S&4!UL6&p@YsCp|Xg@Fe4NfR4(=t2hXnWzt8fw7WPGVKe9|G7+v@lG^mukaOkyb zqxRy-2l8@#HO1JLuaQ&ZuaAb<{XFaz5}kdN`i1)bBp|F3B(!voKCw7tBpNjk_UHD% zpKnP_mRGj6A2B5`Ku%_G41nqA3)992mS&LFVxrl5$e7p&Q<9VR99<3BD2SBm7Acg9 znAJ}RG^hm^yOG*i0TA>ciiN=|OyZ)G5^5a-$l)v|Z+ZmpxLYFoy6wCBGZS=o`=lQc zV!pwlK}yAqORs~q(kWpYgnZl?$%ByyLcN_CSb5QDL0Ftesr1mE?QE@ad6v;(va(R) zqkl%;f5w%eIMuD!VL5WAi6?<@PX?bD;F_aSlQBuPf-?Q%%DL$GUSlS>=1~}t(Y}L` z>pLsO=X5vJ{^Ph=x)rytPCpUyYnqkMA2e^?=OFv_@b6z1uH`tCQzR?e z1c1Mby7x(#5CU9PMyr)(s>2K@Jdu>%fWZUog`8xP**mfvvV|IGEAMy5)`5+!maKFa zik2lEnGgK-$zQJ?h>Ro(OEmFa@pizZ^6NLb@eK=Xy%f-i5;j%OasT`l1V9*o_5M^{ zF0`)`8!;_g(JBP$yg^%Y=Sf*Pjupahb%yE=MaeX)LrQ@ha}lgW26r+;?s=fKk&MUp z8T{)yU9p<~iYcdog^LIcg-6wJ^)KK4)zMt;*aj~0SUn=#Z!|iaqWEn9iCzukSCtWq zz};<^N49X6v|HVU23$mE_G|npKk?Naci@+7b4xU0x=8}AzXV0o`It1{jte{7fdH}? z>U|LJJbR&Ibm8XGDY12i_`S&6{6n(!`EfJ+q?z6`ur~ZEHwyz*3WTxjw<($Mof>}C zB%Kn9URNUIn^|*f%qzPke0^Pa>qjH8A?sNQ1t`tvB=GX%$Cni-=7bA`fo&eX5LvEz zT#2!)!QoL*A=Za1pP;dj{>8~HHsIp?Hl$7E&g!L@`LnJ9TL(#y1S5W~WMH+H1O^k_ zdl-BJ;)Vt~vLR&Us_|W^uSCpsYDrQo09drohoG2RM8TM_cH{#fG^$zRC0MTk1e<69 zpuztq)^;y(gj4h;PAF#{UP{O}i9LT$|5P(Ar0D-?>#hveiQ{iI*o}Wsb6r9C#=U^E zLK*~)K^o~>;_IITAF}xj83&EU1-n|QljQfW`QOtB$OXm&+Q`qM|Ag)VB%_xh z1JBSwEOpedBe&SDN4F-_yTAra3sb+))3!Y4k{!=jeq;>?-yFwH|L{#0(9W0!n>`KX zD5QAd2Ic1fI?&dKXB3mj8Q4knp8gWOb`w0kL-&umg1;hbu__k0l05IO(!4k*?DI&4Hxoa|z+m4~>^8TFRAdmLGY;dpyw8^WGil-@is&6pDSs zW#DNdR|;V7(i>JDEv zpcrptl=fpT93$lUL|oNFeWrdk+Q+eXKLYpUg)3jD17_nr_z*K2bf9T zt45^-M}j#UVGEt=)J8%4X#P_7>=r^cubB*1Bj(_!Wvj+kczblI*@y$0f7UF7r45$} zEP@hd6NnWupfdgV&r3Hdxj zvl-7=X(w#eI8zbqJk=p3x>wQ;byu3a%C!HRf~Rm3UeK=Hic++@+hpHNsH==Q)*7(y zWtYIlWzhzcnALN};tZsrJM2PLZSad&(Vu9+q_D zrywp2i%z-QxbO&%K2#(`GHlve9Z4YS=e4%b`*NaY?j%1naSQz5AI4SbM zwPX||67WDi>D!V#d`_a9rd=CZH*#_BS>vSBsCh}5FB2LU z`}QY1+GOP_*$ekAe~YEm zG22nGd<~WYsiYeO8rjtzqAORGZdtjVIjHuWU`AGgAsdd2Yd%k{YE70e{^2L8U=!3! zgPR#tySTlUT)T&(_yp#sF0zSFqc+uII8C5_!J;v19&=CIcgJ{3A_qtbCkg6mG`b@e ztWQZ$t&tNbyUu?L(RxK*Uo}av$}KGkSd z^y`)n@>;(UL{7_bv&RlCvwG2r@rb`aMXpcD2cy9&3>hdgVYC{bbTV$r!qd7z-Q;@I zEmNAFvDEX{?UL7aeu$n-x9OBYf1mG!nn;~5<$D{*5R*L)CBXj zMd>>>f?Vwr&yN>H*k?b3~<#tTmc==8*xAH1GVJJ!K*jOITzb_XNilbD=xW| zxjthJ&2f?-vQ}-Tc}GZJqD(7}lwO7(aC&Ss97^UBx>>}k1C?{1(IHjeTgv3c5;;CM zwE_QsK-homwcn*_z=W8N1I&!1)!^a2D%0ntgD1MFI!}a$Yyi*0O|-{fWPXyiR{C}% z>drG<+ciVEyps#nUJqxcb}OqSP)O444pof|x&KB8Srqr3^MIxxVq@#PlJ^T$%{Uo< zxD!}XI8O3~sY<}+`mhQM8Fs4FYYV~6RE@u$9wz#TwV&9G8sAPVeZ9M*?UZBJo8>5!(lWvFS zH=tPo)E1NJ@Ig;ggIAjqZ_D2|`as;R0I-^tGm+uSI3}JMkDhl=OzxYBY}pT?{>);N zyez9xJd_13YW>v$A9L|z8R55GX%Rcd(S70hCqU=nWc_-4W@Vb&og6=yO)^(@zjcnJ zX%t&{sgn3_Pmu^Jq_l+xYEzs=0j18kAhS;M>}oN<+t;j}$QJoLBB=^V4h~mM!S;f~ z=IVXqCay$ZK8r$o5CM=98nRWrCTZg?<59q57I9fVqfUD99hMCOcwjXIR95jVny9XS zP}Gtri&1MwThX(K46=MoJ!%t~y#gNWWP;z~f3MODC90QFeVadS?>Vuy3c? z|J66#MK7B;wZL?BGFUllO}Iw^;O^OursYbS9iehu=!2&0%})=ttb5oqL!JIB*W1%* z0O+uWLn0Q%c3hb>WeZ}J+pZQtwMR}EY{=3L$8v}wj^147cFSByKV!Z=e8oNM$$(R3 z+SRc5Y&L^&S-++IaIJ7@j@Ow=h>k(BM1#AhG|h)U+UawM;qJ7L*{dt)<{TplAXq3b z5&*8naO0Xu5@H&CoB4vQVgQoP5TkF`R@v;;O5I=CVb6`x8r6lUjA|?xYHSIBG~lSA zg=vLRy7sES*aW(5&pQ8iV_3 z?B>rFBBeJaGqtMNj5xN-=Z|CzoA2n`s5PDZA@0ikE1Ky*wwkyX8U4DcW@rgNmQr7*vF^Dk zGYZKp9~XYkE1V)A%q)&|l#R`%jNjTS*Hm&bbo*58l+0uUwIvu|!GZG!O@oD%{ClS0_;3rSM1-o4{ zE0-4<9qf;C!3^)Nt9V{bA9Py6v{(Lk687lMh`IdncfEK#EcnTOq6`J(W1# z2DS-};Ih*~Lem|$agc(Z^63}i0=-{2+m;(aB3~#E9#JTtec;^<|zdWYRV= zd$;GmHJ7sP(zlzI7;hYd>5BbrzIr-f#t`s(`Z1a1!YfPN-?2HgDci#{#%WH-4Bk^G zkw1hulOeFqCNu+tzHTOZSzP@p{TKsHVE>g5Cc*}|sLxM+cTE~737UcnM*R6aE0mio zyCva3ijnDjEzqdEOOgZ+qMnp!4zKG*sl+GYv^p&xM5 zGm4`p?%@Cs4$yy^$|!4<$7(@OJ?{K60^ih1rto?K^|aR6rj%){Vbal`{@TlNY<~fL z2#fp73D6=T$wo-3k?=oxLFO5=cE+QT`@$|X<^mEk(&)b?hG?g4;h!zw3yGR$45%m* zbZG`;k_N(JxMK-FMW3`0Be>;y*e2I>z!&8y;xO+0f9P~>;xy+;hP;qG z)S@5HAIHcxl@zEX!Ut%9U?25&nCG7+{F zAO;!$e0|ONkDRogw9gE)Ool^wcRgz?)0YjM=9 zxPr2TWaN|376guiCy1!vx-;>ca(_QTerQv;M;!Va!+zxWZov+JGMXW+FeCl9lH(cS zP9?+X&%4(LiWZ^Y%>8WY`sJXaFs(QS_iZ|uE8;MHR`v{0L{%KI3_F&Rd)O@Bb5kWT znl69NLE*n71z#c?8V8nIm*K#nrR&iYhWMFC#rYhGjvZ7Fp3e>k`Ay{3lLm4o=zgM| zYIr6woOrRk+=Hz|NPeC61V(`~=t;vslE-&)=bF@=P zNYBsO$Egw)TRZ7A?(qsv*Bw+R^VGvX$w#cgKzdf6Z$+?O=%d3N*xlC4hXzj#l4c4IdmnNA8sW4h8d9V6;DDpphP@ zpo*st&{1hz3;}S&v&!Wet0Hvd9EDDEypEteb`_j1`2YHh?V4x^Q#>D%#_35^cGckU zLa4}|k_mt}$c>r3#*e$n10klF?)Tr^Y=w`iS|&zYq9TArp(>tvfLx;S!Mwa zR~i0p&+X03J^jtfEGMFUBw1YmmMWGL6*|O1+H`t{eW(qPS1Yjm%H`%WF2GVi7rcM#A@qUbi~0NdLIvYfpF*5j{)n z%8`;!8tNk6KP8h`BboUkcLKaKU^;YZ>P!%{b8HjfQUnJ%PT4#yKzpUYgmbiSvo>t{CXLn)UI56~BHt|LrM!jAdF#f`!t;a|iko%l9$Iy0k;Hbi57xX( zecih&^G*9d&Vv7Z1prD!?M5I`gx>_JBhiKr-ku9Vc9Bv9RFGo!-w$7-q9Sx|y?m7<1PXLA2AMi2d`XRY z{&5V~F&0{JmJs7of=oRdZ~P#R7}i?N4;3=qfLSj1brhP36dJo63dthF&G6}CIwh`* zfw^^rF$uo-fo+{P^G$y5&593uao6?>33)@*6P+uOJ9qv=2AZF?6CXCkf?RxwGOj;k zVn8|FttlrL@i|qCImhw=v+9EB_^X`^4i_=MUt;dLwSJ%Ad5qCexoXx?jDXMHYb1$} z%tx6%dM(D_M;gJ`iEz^{ui$vgGh%F~RMB$gr{&P!*O$Z$1qzFXsVTa8T0VcN$f8^n zs8fsCUhKc0KeMZT(UgeAa=*}zmRQ4P)w?DuT8-l4Kkxdqo zwwHWuABmd=q$C?xqXuZG*cXoU3T8jO7P)X06$WD9w4I6H^;Zvn2;N-FgCke4y<4C? z1V?bSfKg2)LaW4G*ST*?+29l<=@l`5AraK!*zl>ALPKJ_exz08$g0LFz8=6Vr7G0wF=QdEna2m!TWNDHy`ey7 zt^FO9zg;f|B8VCDNs%8uG|kE$>Hpd*Q=U$1T4xOx0ty2_2?mv^4@SLGP~M;B3pbDr z47@E?Sd3@f7VRl;bNo}1uw|a^vj@WMrO(GQo<9|ykV}{l9LttDp17es$<17Mt~Vk0 zS6hbK-)2^}*k{l^RS8ji$FI^3N*ws}jc3zR9D=MM4Bh7YPY#3#@FaSLW{BsNEJG1# zvt|?tUm4E~{CEj)m9Zwtxy{%h3C-eGc`D{6b>|tiEbF-F0q1b#!+87?b0iHO+c{~} z3kq0|Kvl4ay%6h5>y;qEYlf@?{%||d_<96qX^GJpe=(0C>`E5{QtvZ6UuQekSd5O8y-^ zD!W+z!n0#G{`D(hz{P$-u7{o4L?(yyM z*k=IeXF4pU?}f71_7@VWP#o1j`{pO55lgTThVcw|y*)8o?HYb2+Dzj_JfB)9+gVvt zUO-)n!=F>{eOGq%Xq~wG^H$v*!}qVgCbAF6D^x&WoYJ)v7>;yH$md}ZhP7rP3o?s6 zWynNXAx!|zCi>pA;U~ATEw3?@){9SX4EfNAa<>itSq&lnn-PcQkLvp3XK1KJ0KBkn zmG#X&1jB>C5n_x!y0blYl@$6WGJLVGKmil1a8Kl{F|hd>fX8~YJsRv($%lCw_3UoP zeR@A5cr#dnxnC@O)VcL32(5giVc26fR5D`gB)CNT*$%U)s9GqW(j@ z&$j?ZI*9rA@4swE#C34Q4BQZ{!@7DhDV0UB z%eP#XuVF6#VqaJU{`CUZfPoSiToJQitu`F?O+NC^ooC5;87{I=*NYlFBU>Sjeo>oRcJMo0Wrxb^@s%!OtLEdo8Z;k;{mf* z@8^k|%1}g8uXch|a1gffWM9Nd@FN4(K$MxMpjVBPrhh>XX9#_O`EsddP#oW!gK2$? zmF|~^%?oFP>3KBbK%rkj-RW?Xb#@K8jzzse=jEJFdTDyHM5pGx;52Mp9FLoR(iVe;>FX( zABvoU_bM z;!F?NK5H7=cI4M5XprUTcFm-Ql$& zm>hoSILGUX4>SsPKLUV3rt38J9rg5vISbS*-)MB1I2c_q#N|G7L8vFrjJi3kQfeo@;kf*uB_P2>ssm>>;yuEWk?qG95=Z{R zGCTx!p?TDHM|kIj7-uBXlL=58S%Nj!lK|3Mdl+iw6od+_NT(-o%Y4pFI32YOHW2Y zr{6i6FMS+xO{)xblaW`7OoO_(O7gJS2ZmRdc+coM-p>lLi3RtOY-BCFjxy;O0M z`_fF^RDB+gfTcoCcI5Ty{Ylb;uxe?x7iXL6*VdVtbPAP$IFz1nOlzs?uBbUt^dL(e zF_QN}+k1n%!9_}lbKVRQgdy`K=Qq&RKiUq+F@buR;D)XU^oVg=kGFgoxB}#=BMyO> zVw8#O4KG>u6Q8YbaJ2UkS^W09hXg}fGBQGxZ^{nZlE7NpQLZqb>(`kyD~|zGXTVC z(LLM287PLTu;wyWjy|`}u#vU3305YMqK@ifFCKGQTK%Fi`sqV?Xau%`b)x(wiZblx zC!?nCy8?O12`u`d#=vK!Jct61ln6&xRxB?5f>cI3O%z2<&=ptsnxvO9!8uGFO3GQM z57+aEeYC)x^P9Z!?2}D)cf&N8odPx;b)Mx*pm7<|*6&9G`zIKMYm>Si#oTGCFlyGsn)+^E_~v7 z68SHQUm3fjbzd8FL;Tb8Z2~0nckp9|S=QIEIFOX(GdW;Vo4Ha?UU_)<87d+$JbPA$ z!O?@AXz*2Pv@t#h z@Jb6<2>3a3-^{1`J%0Z)pdT@MkfR`lm@9r+d@ zl12nCjYO`F=mxxTx6BL=ZU;VIXDmDve3T`BEDUP-5H(=s13i)yUAK>G59Y!ebKydT zses!!bW1bCfn0qTQm`I#b;u8FTcm@!8Mu{;xgp|SAI6O#hKO$vvNMMX* z&l}DH8l(^dM`b|o;GyR+Dv?J~47h+F3N|0vgITFQSOl5%5XpxlC)@!f&vA!T+sKyl zyiz3Ubiilg1=G>cXW0M7tV<}2nK*Edtd;o!-yQkbYc{b~9ROh(@OcoS5CFC!fP`Cs zSPD|F4aiD}QyGegYmf7>G4@M<_i_bK<#LCjc`{juH|0)!)9&!(>I0$-(5ARsZ}k(p zunZ*_#!O7OqPc0Bhj^xqGS8^Ll?NnEmhzfK*y!qohv{4-B zZGdPA4)d?Re+})3K6HJGz?4|Jh3D~fbR>6ILj*n$2W(RGD3Qw}=HoWvlVSedu>lb! zBvuSu6&LY(2W3NKzyiQY)YJ|N_^z}56$=GnS|&eFK*EQJ-u5tkEOagwWPO;HDSH>} zlHT0`=fQ9Z>0cktsCH(lOC(N< zM`?8eSgAlekL&_k>~msjZbqs|u!{S4fZS}R<*!hy#IRJl$}G*{_GX&X-Fx{$x$t+; zGyu~O#w!htq5@>4@et+wEI&iG0G@}D!~Sxyq22C@VKuS!@eBr@$S7OLos3M+F91D! zUi{H*fv~U`%KhS(X-RO9wOBHn*fqokAWH%*vyKqrgceFL4t4;i2Xdc_6g2A>OerVs zv%|i*2%yHoOOB?pYH zj0->ou|R)~=9dKc$yz^pqjFlXxR{j{#wj|h;x3!^{8q#yI!VJ?@Qp#{xpIvqA<)kc z#ofrqy>G&7YjTe60<7D)u`xyec1y(qK!Ge!V?3nMD71m!IE3Ek5JY=Dj9rAG zH_IQ1RFg?C0RRXpbebM-gmJ2^ehz`Cqsu^Em0l_}IVgcj_``?Kj6|`)U}8XsZL0oa zeGoAf%?_)uxhROzn#qAK7C=AfR78_tXac%*ydrmwoLEpNcnjuYlv@H|F029cd9kT4 zl|4*yhz|+S$AF&C*Xv8b?@45037QFUFrCnVI~eedyoQu-S;q7CbrN`(19<4bvJZQY z*(k7PYNL@ynYXPte?{5+xhK0W^=G`E=*XuD>_n9)qYKtiPZAk~31CsQv0@%42ca1_ ztZ>!R8ThmUu@1N#!NVPZWZ!@6M+2v=SFclJlop!=y&tV{J+0U+^DL>iB*A))ZWkJr z|KZIP`F@&p14n(=WYh#wz4`UN{T_gu0%TEZ(%pAvn?+O+Tij}!GBZL{ez%zM6=3*U zmv$>}*VNxwj<7T=ZySL$BEbzVKHujw-xrWiw0Jy|foN}@th%Be7Z{gXyAfT3kpK-_ z&JFKs=UQlo{%Wt1JgYv$8N1JzCl0s5L6iBoZG|1PGE1e#o4F}%EXlx!%Tj<@#FdEL zk4uesd$J{?nyP=?v8Bc0EkLig<1|VfW4W`LuVE`cVA~Tu;(~lm`hWkENC;K|E#~ z=);d5XfOg_twvALuR~D$y^0RK%#%_80<0Uw90+7ypY83x-6vSs$E*I-*zO|P4dUAe zR3&))RXaP%0YuG$ohg8AaGN<1hu1J4-%yU8sxJcH~e zgL?JdRdfC1N1X)N1D`DB*Dsg=`6ERe+-BP4Lm}&-2i|(qR+}=hB1d>t-`9z z0mF(PA@>i#-X~pbG%z;<*GFFHRlu|0lcwNr?EYgZhD9S);}JezU~dynT@(0$ocK|H z0+4kUm;eCDNYj|%idiOOFfvGpFpzfwH=~XDbVF{<7VWSMYU2Aiea01=CNsDb>sQ7- zWNkt^f&R2`eh=UVKg<~e98jd1v(Z`^20$MnLd4-w2mD0$0AL+dg=efLqTEymZ<~x% zT*+AKp8BDhyYpDonw97 z9Rl>N2S=Xs$e2}zw=ov>xT&3o)1VHA@G*yhVV^m!)HwtZ+)RO#d<9=#PgfQ~5-5Jc zrs3QPBj;0l#5P}K3vts)Y;@L=V$r1Xlx8*#`3Mg-&p6f7TYvph8t?!I{;oeYwj62T z_`;~c(&ziE*##PA7GkdPa`XglwW_&Bfe~>K%?#+oY={cI1>z9QW-}k&Rn~QW*6ZM+ z$?E)pL&bf}8wd;NJ_Q)Es_6zmh0o3;SU?|OU!ia?V;Wp9wR>Fowr9ga^3=VH5JlEU zz#xs+*}jV~MP&9mRGG*&frnh7Eh|$XMnu1h&I`KrL2pB!)l9uO{W|*#_~yxl*9wlW zn|<-QUqCM>0ax%aH#&9-&87Pls9-+wxy#QoY{l!Z(RAAiC%B!Ki0h+u}$d0tJF^*gKU%*+57kxc;ruUdyap~LLZ z$gfY|DeAZ{c0a1oct4Q}3!eo$0U(CG%ycO1wZHF|hk0O_8_uab!d2xzvxQ&U_A!Q6Nd05Qj&?m9g3{@Qi(AJb;{&~CoYCfh8iXAKnRv}YEuS8Mk1 z#`vC@)|NR9to#Y2`3>Nk_VSym5n*i?@(FqYk6c^>6=yK-XH3dFeth@oF+4!dR0t_W z*i!z4D53&qm=C_MP&#DZKl?XpKx1BTLiS7_Bo&Xz{QIQCy^${ncz}mh9iqBX419;c z)9JA(sfXKB^OibHPV2~}-UC|H-dNE9RRqy{gy-K^)($*B{k(PmV~7s@8GPf;*9SX(0eY= zkH#jqBR@Yt05~4tKt2Hw%YR==&hW>l9|IbXeVB|x9)Estf2ZL&v#}t9S-`Kn&kr_> z#}#Isxa{{_gHzL!1 z*ghGcmV%_v2om*oS=7msna|sjpFTX<3n(53QT_la-pVfF3p3rcCqH~PfyIY^7mGiy zn4ve%GH@T-?4o$tU1c;6{l>t9t=`s8Ptgj~nPE+v)zc>vCV;)mw;94mzTf{X76Vy3`@hxCNLb%y^Z1GKg)R9vTVGK} zfftV==LlBOuzQDp-=6vR+zCy+TsP_e=4e4`NA5Qx-QoEZ483Dj3c7;-^6PZ}=JQPx zK?Zt+W`T{aHn#s9F3-Yd3087~%EZsVWWJfmyr!=nGTH8>@2ZvT2An-IdZcm#3)x-Y zmm+Q-OufHPg9g%0d<8dJd)d^HM|r3nrdy&OSjcet&cTH@pVf;dPd{Z;{JYmU-k$cA zxJHkB3a2wHdzm3YOf%eQ_|fReXThzA?LR}P|28|Do%MdVkHdmY58;Q5m`VR{MOuKp ztG~abeeHX!(!>rEnFal~iUxHCrB9xIH#hrjQTXH4KO^WGL<9g4p+U18?oFou`hU9u zPAln`6#EVpz=Ck=KpEZhlQSovKAyJ6e*@BM&j00N3eg@@bO^q7k8X#|@l4-%7I2^A z$Hn!?67GI!Zu;3K{n7MLVA@IUg>@G}PrBOy+ZO#c?FIh^{o}e5oc^EXCC~Is3f&Xb z*nDl^WOC*Xeaolm6Bx@0sCU}6|77y*7jv1`fXfH;$oI8Q75|HS=10cXi3P)v5_rd% zS&Gqk>_6iZy3YQ;Yl!y&{v5`D4Iq7l%?48kY1irWK^OtzC^4~FLPM|DEj=lL)s06_e6!+LH!(wwK5ex#X`W>Y}4 zbHKGaSGvXhzbi7Gv^-W!t&pOxL0HfLps{qadxPd%C0OAw?NAep`DSc!F zo20`imEOb*0*2-7IFDu~BfJ&Lm03zh(lI(o{D%J#(x4hUJkdJqXR?_u3i5zJl~aYv zxA#^&(K!Ayau@v;L+&#hjOF&$$t9L zH=HXx*kda~d4(&Fp!1yuu$hDiNL7qy`6w%}Q)T*Z{1HvKi#xn7d(HM~R^{)#lNHsrQV?4#m) zW-$!K_`}c7|4y&O(v&|qVEfh6%drDH z^Lttla@?FQL=Zz-^%k}939L~ScFshtRoZ%=xqseQN-vy7SE{%_`0;CxDf`~jshJQh z?6lY0`rFeQBY)9A2C&A6l|~Fp9Mt>!>8ci-#il*@rCGY&9>0Z%`5okqFu>pj&V(H} z*R4;B9q&#Oh%PCLU;R4C9XtnxD90B!!@QqICa% zeQ^H<<==0v1?HajT<${mIq!^KRBt!2Xo1s7%F&;sa+3hYS4kk-(r{EM0PMnH-_O2T#Px2P zfUfv}VvG<-e>56p>p^BV!uhi*iyX`+bYJ?3A)1bYwu+Pn&;C0=33WIM{ISv%sWc5P zo5){Yh$FSDtY@s>E=@sTH7~ij#n^V^?(`Cee#By3H!{=15-2APK!UOAe*!NRtdEa$^rs#1$tQ zA#tq3@2@Zxmde|_o~L~m8Q(F9P~Jn)ECYKO;RgrFw3F(LSR*G43)&I-{7`ffc?l(h{+MCA^3()4G3RqvM?>XM2;Yhc(uCeUcVuzTIlfe&cn#I ziGdIeM3O?*)_N_t2|pk!n(p_OR|h(LWnak(fgGfWQ76@#xz$dO?lE` z@DFZK7XaKN)@5zfD9P+*j-**@g`+!^goWn%zdkFP;PA-zLt7Mv3tNrhoa1Yzeq|cc z&tkhH9Eu<7 zA4$Gb`=~k_!-*}M@P3!b{3oY_-B&n@(@}-tL?ZiI$5Tym)2x`z`ZmaFx5+ zw?$66q+TOVz=ujwIeTyUQo=DzT84BL{kPz8-Y2oa)Gw9p->OXA9$Pa+ZZfjPbctO4 z-hDMH{y-zW==%`L(H@V1Idy z)b~ICynXa~^c!yd$6wyL=iA}#TZ_&)Hy1194&+e7e(#S8{#phu(b`M_ zK@ETi1NoqHz@`3%|=9j2!;JL1m@oF zp7$2rx_=5MhN9)|&siOQ_ZT^kmAmeO6pwsVWjC*crmLe06QOjF2)zbtNC9`uM)Tpr zJ7}aW_o&ABsK<0{)NE|MQZ$=&#P$fpgcd7u3=2Jq_CtiVC^_D{WPVMNY;cPlmPZzg zzfvG?B}tzwP4N7rXz9D<=9d!#!2>ub02>0*{4^ns4x(2*3|Gy7*cwE6Do1Z~#SwNG z`PUO0suBe~;yl8lZjJ)^XyHvCLc6S^Ij=|TwkMW?dnC(c!;ZeK|~dyEuR&SYIgHK0=&k*QlsaZX`LP9D*XC<9&x^A_KH!(gJX@V~UOb6SEXh$k$$RvH+;MP_xFf&2Ge=JR zQ3%vNFiU9N12dewzm;siovyR^u>N{B2Nmc_Lwa^(oBql`FQQmFbLNf{`2%ul0GWEJsSSHVIxPE*7 z>rvnfbmGcx#?0uW2i4$}(@tdJ`lEBB52|f#SZUF%H=Q%Y(uaSz+Lv>*7`nCJy$jz- zzNr+#v>=~YonS{pg7$LKc~S-Q^Ts=i`04O9p46)PQM$*FC}qJ5WGx|x$Tu2e>7Prqd3na!yQmVmnA=~`_` zTH_S<@bX%G`Shs-#gI3%cD*`z5#=RRomR^U;^i`-rSgtJ*a|B8S!zp{DhhZL1(S-U zI&+g>gFJs*5}`)I*RR=rR~lESQbSY~>se)0Rgn@rdkp|Jis*P{EhrXDPRg-RLBH@Q zH(4*TNvtqFy|On24S|6T@G-dL6tN0F!uy<=UG zUm&_?P1DyC{cgzWW;=Qf4?0%TJWm80ICU3jXmqC2cKjXZRTGuL))J}wi>QIbMC&mM znkT;n-@s|#uvpMkL}=VvYU=N75|}_XtmnDn8{h0Tot;4L7{SsH5t+os8{xJ7fPyC@ z?!~9CY8S6N`fgSx>DLKEbpELtt0g$H96l-Lpn~3ILG4|9xBP1>%5MJj)T(`o{FMi` zqZFX?rEv@n6Rn`|CPH1)D@jV`>{BBOgqqRj#lVnGg%}?qgzK^!4iP?dc9(a%P(-5| z6&%{t9@qpiFDQ9nQ(5I@le1+g_FGHY%A1}p0K}SK4|Yd41FQqo?))-ZP!!kOms1(5 z>&f#pS#J3UYjutT7+^EgmQbiM$g5}75As_%CtA7xv=Y?1-h?-~7j_L%+B%oJj4?&U zC%niSsQ)D_>Z z<8(J$O472W=+0vjBE_Eb*?`dn$RTuUuST@6Cchf>8kKpb4tZ?f)#Bas%C1YA)&>3_ zYHoxK^h` zO;S_+uG1S*X9`ep3NU)um1Wn~GPd1P-sR#!=fU&TNY+)T(w@IYF}yZnsG(P6@lF5u zXxvgXdesBwLqqTnu@tpg_|SAI5M3O^e0IqGW0zl7x6ty_;X)8sJtrOjwX-Y!;2FX3 zx`z(71I>X#)JH<@-Ct$EOY$4F-2|3znuaXdZZW9DsSlXq2TD$df|xezdaH>Jl>=%; z_VC#<3!_$Y4U~?cY{_T?3FQaTAao*I9=grUr-86P2IYsQ&5pyn+uYTLY*)H09VXgN zh6pP|L*Cu#*v2BluwU}<6kkQ9N7T*VhW==X1ps;x0KEW!W_ApR-7ybVM?`EqDAqOl z@J;K{^{Ux#%15%mxO)mktvGvjRp~btAD6AvbpULXr_n~R*-?-k1)xf4^_&1T+D8=; zQPucy5aW;yKePlt(eQEHy^uDPG1R^?TYqns`R`Dt6grGy(wH{H-2>s_@2Sp95*IHG z)$6}V1qXfsxgK_F1z4x?K|&npy?s-Q>L46mZRhk_l>lA`M;KAPFp!wyf8u7mAcD<= zrN~zhUt6DttOL_=VyHuy4h3+r3&2O5siw?i=A&MXg8rS%lrzo(AGK9eAl0}b*hhpI zmO*TNoONobo`25LXZ}{keA+q)egJ}f1cgM>p51GkSZ;G?80MOs6PyAbEHzGa4~zJA z)A?+U-H<6p==kL1MY>oGtybo*VflBMd}`^9>k29jFGHlKakCJCj5;vll_!Ub?jz#M zqq;J+v6fgE(O#^R1hJrjbl4h9d|q2mL0YJ<9a2#s79=4VNnM|5De5v0096H`ZUvyc z{?5Y>5N+zKw*pq*M1qzYR^d~tuTE1Zo=r|fO$~KAbZ-|t5*&SW{!yQw{aR{IyBc=! ztHxrE@1k$8bqFJbl|$G0P?=7eN|zT83x_&j=)3{dv>bJ;bJ7A^1DRqL!1VXd={cLYFxFMdNMu-?w)d zmqccj!oMw^HoSbVJ|IA|6}ooOoxJ`>nHPmfxv34fM}@Fq!C-v7WWe%O0@!lt`PH%N zS|X|h^B%tgwogThXufwmJ(#hZdJlD+SEslY8LQ@mEt`KJisOFUbgi7gcDKxQw8ggjv{aU` zyq63bF}ux_VfWZjWn?C)iIBGR_diTxhr;Nr=`)j+0pH^^Y8)DeKa+xj1`XT*KZ5O3#GXplA zd}vFiZ~WGG{}zMJtxkUR9f4@UST4W4K-|B$j&x>Lxw0V_pg@E-8qsRRpC_XoLC!ejh)bZ?ArFz*l>8JaT~ zoM(1jsDC0UuoN1??#U1Hi$C^y5y^*tp1=L!bn)cT^sejWpSjHYw@f!0ir!cjO%NH5 zbOCeV)3f?aJUFT;1(isS80(5Jk$rn9pr7r~lM&$6tD0mI$nun<{9WlP6`% zLmAKr2rC9Vx~>(2hqLu z>nCuW)uf7BxFTOpJy5y2H$Fs;=T%fUQ{l}@ekfs_yPje`FuH45mCUITd+oJkc~!C# z^vBriszS?KlSRVzmp<08c?zfmu?#h^cIa+O+I}@K%x2Shqnh+IW|CD{=2gL$v4Ke> zm+uy5`)UuUiwwUOsF5)zE&<3q%Fa7eb(2!EzmkJ^)Y~yb$clhE~p4 zKlNP!1b^OMT|V+(?+a!4ElU^%Y$)HFR4#?YC#4nHP|=1@UB#8H?Aq=j2gXCWGb`=i z)a+loO7Su)dFpCZC|ZCeP{uF$@>=OWEkt1t8 z9%S`SQTX|up|N8-9D?QISLw^NWW4R#Bn~m&hcua8lWii4m-#deSrAP0JF&(kaX2Rg zliXZE0tNgc+Q+3;=2_TyD@nHWw$Q2BI_Db^Y-%_3y;J=9zMje&JaUUPbN~7Lb(l z1^iDF=F&s#)jlu4l3XaM6D&&9hB(pSgtRPU$+f*CEz5r0uD719&Uj7abn+qau6;7Gq0@(v98o6)mT~y;d35IgPc7 zX%QVQ{VT5Ckr@D-aEs3`Z61(z` zDejoS1?NAQ;^Qy+(3rv8+H)MD8+yEpk^#Q_pU#NOOFATP8rxx*$~I^*_V%$=ts!F~U*tB$H~1zW z@Sgsq;gZxqbu!<|;aiZzaB8Ax3ZAWnUj*Bpqp3LLlH#F@KmK~kX`?I5T6H^F#43l( zzgZ<&YLHQHvDvjWWuz@ze*N>k5&66yDY6AZ#ZR@%>KPSC47y%UJ_YQGpi!8;v8ynE zQ45T##-XEam~(Ft$sDumNN(Y`2%VB-aT_hfS1-1cHMm%0?0eO;>a!QafM;_NB*+QF z6=jSK%I}qV`n!c;1xDpG$P!C5gX_A&xsZ|Tue39P1uI*UKbkB*3QMJ;=j^e;56_@( zSxQ+7owMs`e*0rmN36hELTgNozmhe+!-X*|SOHWf;SHJevig>$+q$c`e%I`&)5TD7 z%!OApwyQf%N7NRg7||Ja86V9XNhFJ8yi4}5OGNhGHf1}VoQPa?CK(2kQ2Q|;{%6Du zo;5v?L9ht_Hj$z_@nt%Q0Oos_0K)+DuV@98@i7jf%8Iqb0W3)z*=$e|$s85R$5IxH zT?*bH?peIusE#X3GK}FFV&J2+Y{i3#C$8cpMY0|_8fuxJgTwx6@jBZk3?3dM21M_fH5qB3;IEV<_0T{uDEH0V9TiYsdpbWp;1k~yu<0w8{felH{ z&x|v@;=Hf8Lt-AsuO3uLpVbw(f7v6KhjSYnJ9OPmD+gvbCD~kXfo0O9hj|> z>iH;VX}+}Cw4^s#Ec%e}a#{kr`) zuC}mtBYf=4IVF~$-%D+C!@!+9&Fr{u@pEj)rk4gD30(JZJY zqLhPBE1Fi3<%fB>Yig(LL=8Tb@1INc%kGDs#X^_?O&Yu>6)*(^jYFWs%kkb#E|oC7 zOHZ4U9q);-%jM1}IROMX zUi-UxI3{pSoFK1WYvO2)58_s zF~m^7@t3qY(UBeqlfK-)eilA?VMj3l9Q%k_U6XZRJdo&YY&8gU8$5qa^wmYK_KZ!1 z;s;FRol@>i@U)lOD-{_Ugo>=5dLas(n8*^C%bcLkJO4;W)}378~eTif2#+P zgMLbd^o7a)ImcC%M@R3S*2Fv)2aY(X^Ee29Nl+SCjIpx@Yri0CD|$HojwIIem7iH$ zolDa4^JqU5CaWVu*FkLhgCJC9Y=l@iYX4zGnfq`51p~YF9^3f7v8H*y4xGdCh9FON zh90G#Bu+h>aT8)St581*%N$FrqzCA<-^pIx*HC7NB?C11X~37H*iAmNEJf9_Gnraet$D~T1VPOw zYElTjJB7XV6WIqFny}s8VULuN<6bR$vbKCQbQE+!w?!fWcrk?}Tp*!JWI_Z0x(C#H zyyLtvJ)#q&)4q+%DHyT{fP4lG(K!ZQS%^*ZMp=2VCu?OacR`2Q2JP{!sFOzRAUpqw1d zTdgIxkgQ46e1cByH#jq_UBdoih<}IjVS@BMqgSM;_q_D57-R8zzIO9|rXrPytZQ$3 z*{>}gBXiRKlT36BV)Y0l=Bw(&0|1KMadZe#a2|{w0Z={>y!eZF1_98)kZosmD1;ab zEPrn_Y8k8&$*7WQKbVD%hra5Nr9}(yiEz*M1y&Ef@Q#Nrb;i^sIVrc@gH^A3%2OX&ooUaOSo>&PU%lA+vul)g<~oT?D}Q*I}SKHZ{;CD(iNxcF#8e^RL*Ui<)?l!Ze`aJre9*M8$fL%O*h;uH)dt{?i{3sXpZr zB76F^lU+`<@xT_i9|ov{yRr!|-m5pGN;iskJVujZ=3gpQtxMJ0&?2RARpPpi3()lC zB!%Ow-h0vf>#$BqlV9iJ-((s5aWxq^k(-)Br4>QtCt~4{_%R0P>54|Xa!KQ%Ubh9U z5>U;;kJhzif2mu-9Ig2pq7Sp}f0HtGAP-J0U7ey64+@*KGpw$sw`}PSS(^+cjOFZ0N61tf{C`ql0Uk}0=|~};Dz+@ zv@erTurmZ`J7}+*k!A?y4#<-2Cmr3Z>W5qm!ob;Du4>BhpI#Blpp1?<+H`YnX2Vz1 zFMYczuLeB*s3&Z~&Saz&lTW#x7l#yn#d7YNfwHNiy0+EghzHjKJqB^6l9m#H>=?6^45oz+b8jHgB10^=IzF5RGoX=n_$`7VWHAaU zMB0M48hGjOvLXT6b}!bs5Xx?qJoMN&$23@=ZeNhB2|sBjaL^0f0U^q~506jG@6`MG0b z=hcCo2+>X((0h_71NXSLJsCmNm%%A;Y7m!jq*Kc~yc^x5_eFwM0x?LNy4%(9w`pFnR93V!IqB%J_*-YPT=WF zo*U8w45uUsAa}{Ro{%@v`mU~`!T~9qHWDiz0j3ue%>HKL8-_)-fbcM*#SRi5fSBfs z0OY~$7IfaWd1_%mY8re^hrwa1r-h*t960PHadK-Ibo||-xLb_RLK1%h?A26UPyZP@ z{O@!1`P}Mx?+Y(AmPC37jJm>MH?ifX7TCD<6cl7J=`nY+w^Vbiw&C-Fr%zKcEvZgq z^W|F`Lpl6v)`pL$_S%apbg7?Q@+zrEfTTp5GWol#EuRYYm=o0ku+wa6=4`Gs&uta~ z$e5ln$EQvN@`S((;e)q(>e0NTr5Bc<_E;Dsm%SP=Y;EJ%ch|9M6e^v!nnRV8G64JK zshn5qn4fSgZ=eqoEhlNMHfp4=+H(wa4E5WHR}q~5*~BLDoD0u!YKfc$YE4m;Q;LIG zuF0|#Wlph)a~w`B3t-4xVPqCOUBLGS&G9XFz}!zg5+4qcS^*yRU5TX{{nm{?$*Jb$T=Mm;u&uzd>K^9ayN}vJ;!_Nl6TkOQwmZa5_u9upj zwm-I^+9-;TPJ0T*ta0FOr+hYkkM$TfF}*?0?TW>{7q8?UdY$@96j2Mg@lBDi?h z4!GxI%fGN9+i0dqBZ(14=Rh&&X$)2s9jXLfTydy?Y5& zVeCCjwv3Cm)aN*z;FS=b&m6_Q$6{}sucUr01Yay)5Z4Eu7XtkH>qhuF%#Ky|5#JWo ziFe1{vM>hji;!+rn(-Qta0?E+c=DD*ov3}CH?GZz+i5)~&xsi0fP)4ybL(M&XX!9F z<@g|F*Th|z;${~cBL>0hN@|3XpJp!)D4$Nc8*YCvy^ZSm?q#|r7X4|He2HC$#7>#u zHHIG$Udby zd(;hKekLpJc=s}cBoIE26G7S06-qe4*dNP-ZEiBImq&|pmz6!Ue~Mz1UrsW6xyZ!Q ziIV){v4PTXMH{5z4xcnPSbOSB zWVjQklsl;gI?q4}wZdFd%xjmfUY2TpT{5eOu&=kN{xj;jZ$;TJwvG@Os>PL_c$(mOZ7($kkvZK z;cCx^8$UnD<<0J8+Rq0}=3YIaV+JumKiW4jhIsz4=s9KpmOyq2kPAO!OgR$m zit|lavcOOJ;oFkTXmpgdg5I4w)h$VK`hMp0 zF6<8;b0oK{b!V)Kf;R)z*DPR|3zjK1`TY7R?bx4VfRrJk2R&o_GY%x-LAnV4mNpDl zCw%m*|EVw&QrKUhxBl4|>J{M;e@_#BH|$7k114{?UDyaT=(t@O4{yj0)p-I}KI>(= zuVeNmI4Sc^`o^@P+fCCEg+%ko-$kRYmJxmxSGC(lmTvMCG~BVgvXdmVoO&i=%#dc- zw$|yE-^Nt`8J1M^>Rl%#*)j@9xX&WE=iR*FU3eCF%Rj{ZG4|1Ag`eNMVU=i6y?1YVZ?<;&n(Pz3Q)hOkkM7k26WHJMvvl7=^Qi`Z*qJI6 zyXd5Tmvy(#+q#x9?+l?Afmml@sG;Z~@NcG)9Y_hn~Xa-3; zE|FbAb*($oC0{OEiBmrwDY6tD^GZO!`PL&l?RaLcLyX;_8|oAHGZqZ@<{zcQ_5S!X z@Yz&C$E|malDbEJPTg_nEyeOHJr2yQS6VzIgbj)3SXHw9MBYrhj^CDgv>b8wz^%in zb^DFv4@S?64=>(#61jq|#OoYo-G-63%6~8_ z323r$IowH9o^l9(m-Em`0yLixo7`zIFOjMOvUSx(vp`vl)IoZ;H2j8b(ZxMzh*wQ( zoE=>MX7 zX$7woAe__6rYV|dhH*1Xd$%T-S^aZ8dz$teAIov_rPV91FZ}^R*-ZWkS!a_*9lyQ0 z1d)stkNnXfoRq{-@NQJ%RuQW$uT#bA5|x!~)_0P37LOPcGd2TC?MruRr9_guS@V)Z z7M$~LrmcIFr5a0PsAxMkgPx>-VHo(-Dn zuwL3y(3y_-(QRp=^Fk~5iO$#A+ssOx2|_Ubn%wAAjh&NR{NwXI;2D*LJRJ{>1%$RXt%R@`~ptwvlsCz3g&L!`f>W1$)`zG2+|w6lF6#4KGdAoeN6AzV&)r z7pmv6KdV+Z`bNB~(x8P;tV341NsQZ`@nyQMHqZCjZwn%Deji#nw8(d=waxg!`L?#E zcUpxV`mUKn>^|*GN`Lxu9?V94cD78{IPlTA8XWOW;FLv=0c#loQ6yw*<)pc zQ$O?eD^sC`j#u)M!&%4N;$lV1S5>HAR7zvY_%{zRS{c#elfEeJdV-$Qrxyv1)C{f? z9F)O@t4qA-y>yfzL!w2tcKdfPyo+V09*X0{KBFOF&-)-gO+O ztlbB?p78)Wloxxz9a#5z3m1R)i_ndj<1X_zP zfnGTM7Um3najZ)Y?a=wfiPe{C_?&W(3=%SYLH(tY=Je$-b!}cjfTjZHdzD`%$TNK9 z|A@Npx1`?xf#ZiI0xnb(6&3eZoT*uXd+)6&u2OU0Dm5)|@3dT58ID|O;VMh>jeBI} zYG`ISGb=O8vgw!4Pv5_Qi|cT>?sMPg^?Z!aq)UG)wHVqoAE)6aj|)xBLysypTmDpt z|0VK<^Ge_YZ|ZokLJ-t5b~n!>I7pb?AW*YLpyaND)sFN%H#;{vWaWlxyEi%2x3uRk?8vk-gTGTm&}ek@)l{{ODUJLdLOa{K1r!!K74~WkYv* z(P7%U^kW(>MMyCXn)#UX)@(T=X9JU*JF4z$iSlNUOBsw%PoXc?Ohr8pBGlW@2-)J~ zs8=szW;=r$vXN6Hh4*KG3Fmdp!qjrLJ+Fs_U-q(9+jMO_S|+cHCd@CKYHkWx<&bJ8 zS;Q;ui&Nrrma)!vxAl1>Hdq|uUTKWBvzS(X1BD?Dx&JCZ)+_Ah2E#Xy_y5`}b zIg3P(e8ermf*cOsnGZq^d3D%yxm(J(8V(=!exA}tDZdO3ubNv;9n#{>0itzAe(EJ* zDyijy=8x+?*u_Ble+p4l8K7%IVS0BG)FN(&*?nKRcZ_P7?fePE8)N*g&>=GCu>YeJ zy1OhY-=E(W2 zY_BdN#Y9-6ph=lrlOJ&~(k}-N%vJp0S?yG=fohXOM?3Y6^I^RV!Q6uAKQf;*6Z85F zB7ZpMPrV52;cI_G`7PSW;2TOeJjjEa+56r&hkuB>Rg746-;-FbHl;l)%ZaZ~uFjaR z8?iJfzM!=^aA8(0!(=%NE`_1TPR9|OiYBxjGp=;wx@zdI9LfaESApxs+%3K#xykpO ze(zPFL;SX`KCvBMHLJmnFq|}27_OW8$HO+UL&NRl6MKtEu}PTouui zq0gB?({8NG_BUJ9jQo5;QniiN`5tb>YA?L@JPo%^%QfDXqM-l#`e1g(gU+AEZz5u8 z0L)f$h*Q{8bFZ_E*=Ip<4=-!J_rgpESvo-(DKn6E#(Pn4-e zc1HPVJfOY#B%$9hqQrZC{I+4%g&_RR5{PzA8gBP-J9Ewc#9hCK!@t7EVh{$J1q1Na zzg*V(s+PegoVvyH=Xy4av~K^-=`&fXH0SB4$zs;}VuzVfW$&W$!@G$F8dvt4QcZYg zCC+ZB23kUR&40z6w)p*|BqxKWvet_C>eWWPINMdNuBIBxtJ`VCrkIxIZU-IvVDiQg zz>^5S9@R-GJy<(hr~Ulh*5hgP7d1oc6|jS<@d=7T@6x+}ZlXhTxHUeAY>$+OIZeH- zu6*9%1+P_{dhw-CWL*8cA;x2)TWpD7al6!5A;iSwOPW?j8eywSnGJ(|1oO^&RQ}BK zZ|3KPm0XqMD46H-S|3!MvY+mr`Y3pEUf-$v3upI|-;EiO8(*q1f2+e?-|RL!d=c?? zlzOX8hb)AYS?QayUq%+I$%wPf*ncwgmTsa}3~+xN=SrkT$=J=w3Pr=7f1 zJtHU)jEZ2=Z%&XOKH^^0zsV!yZAPtBHk9N6U)~={_Y5%MnFiR|Ntfb`Xr~O%iIXvp zt|aIW>v*PNI7#Tz0VXs@=vRi8=m`JibbDO3%|{!v>no$sWpBQ5Q9}t}HV9PJH__*P!Ox^&te&D0&0KYzWXvqM- z=QTmcCp+(#cS2S(y2)C)E)PzEzFf6Y;va)fIW!s+F_YYkay@xlEMorJxlGg^%Saca z(qzAZVpTItztO*P;|88!kCf8*t`CR^l6WkO(*BIu;H)=GvpK{kV}gs_uS)fPgxkjZ zDt*h~d}5oO<2zyJ1=>qfFAg%O9ekW?rh+g}-Cu$25!H)F)RzWThl7H8fa66Z^*=Jl z*-%;EtrO-X(J471Qnnk0ccJakZg`K%tB^t4Q&J@| z!*!x;<%bdCvs}ktK*N3`$tpjdp}F(<`pkJb-1mK^0JSiQ<-KPKJUID^Jjp7ya$P*5l9!CfN3xf*ZHvAXo=VQ<}pPUX@ ze3zOv@%ztf$!@sSH1AhAzON7FsQdwL?KIh?)v?O4|3KFTkV}Ki)oVF4Ot3Ln6@uWh zwZ#q-`?4=yfBGb`DdBXZe1 ztXaGvy$a#k&IxVJeixh-B4s_OqEWJDj*V>X{kvp?}%KJM6x`l&^oV(LxxA+#;z zws^*Q!A#CKT=o>-UgBl3tiz$CC4Zl?^p$SZ6)D)QJkA}AB>J$h%c`qaVpzA1`fEuO-o(w>ZtOl*b_ z0T5lR^H-Lz4#e3T?*11VJrG=doX55M%C#w*BMkP0;Xn*7)3wj$DDgw^=#A*YV53S% znEd~gH>^?mg<`i@MTy#0SWC>ytk?=y{mZ`HWl>LToXa6?^CPMH5^W{pxA+w%3+o6t z1^FelO|{dWn?!}Ak#&q+P}fscN7Z9djpwQ*lqrKBo`kFS-D)>_HY-&rxL)1WN7|<= z*d{oHYYNzFy1=;(<)hgEnBwh#G$kimE^7SJYrEk$2d}#fpAI@U;8u8Rb#0H-1Bs;| z2i$`5sQVl$Z+d>Y5B^&wC&>-g?}@w zSYZX2#dt17qc?B$N(atu?LJlkC!d=`POQ5N8 z^~$VVO@`bWyfR zn4(2jzG*#Wx8~%VD?Rq@VOeCL31$4|P^(%tWew7OM$~vAe{u21aHx1~^ybFm8@*1Y zEpSYc@>_copVrGo{hwvNSBduVp(tRbfiLo=Y2w1}Vr!ZLj^>7^M+N_C;x8JPOA81m z9PYg1mj@H6(qkW|z+-wi)8!t7QQz=dF$Em(Ay|62uM~`+!o`e+eu=}ChE|n^qBQy; z^FDM=>m-PaDSGaNcYr21T(ln!@3cAZ%E7Mcgr<&xb6CAI=G ze8Z`X$Fo%(azE(eU!LeQK?o}7xiy$O!*u+CH4oI5(2J4mer#zIbhho=Kk>t{wMSh( zk4z0%m82$&+yWBxE7R3adE@HcGcqQdj~pEZgf<^sUoQk{gr+wM5gG@l8v=FRP!zE^ zA}|&s+tn^e07+z*fA@{@)Ry&XjJQ{7cdSk~n$E4)@lTIqJ?>9w*nOd! z=LF@ObvjA}b2DR2zRH_c3?C$HdccrI_sk!Ie=%i#%_f7V;q)hqo=3oahY?dzKLRdHAbNCb z3M#K%?{GF~D|l{WllR=+4Ju0oT|7VNya;#HavPAs5!AWfGA6N{po>3_U^!`;LNq=W zQ>QEM^@|5<+#7v?L3)E-<4JG7Th|@7eaiG#t_VvsNp;T7AIgbqZ{k0lJEqqdrCcbX zTAtad+*e^BEObiooS4c^j0LZRP1L1pAMg4(Kwa)fVv}C$1CEiD$RsO0z7h8}1n+UF zYVYim4yL^Sxb+xEE`9}#FJwD(r6=^vb?4QaR{m7JZDLToS%m^1Z2hemz)dsJ>%{TQ zp^Qu4vrhevdT~1&C>{#^EpnV|B#ATERIUO|zx#x37Hcae9UkPIfjs)4=k}{h-E~91 zcBvk=2s0{4`{*zEx*B9wZyZ+O1r;NRcClWqCD*P%=MDD@mIaWom z$&sFJtAhHsRDWyc>stt^!5Y&cBM73e127`-Fft>4`LyS+yLo*$`IS4q5@IJ0Jinj? z<0M(Kv9)QU=;w=bTtkSxe7#02Z#k;|r z4{6yp+A-c7`($M9 zbilobx6k!y;);w5>Rn4tiaU*UzYs_F4~1k8At*l|YagabYp%pC{PEa8P4757sHTNE zv+ED+zu$Hgm4x9OV6QZ1ZjVG*Ur6qHJfxUvKse7K2fgt)Uf{!n=RuE3)%IV!{M`Ha z)64X~UwGfu3MlADv~-eOnL{td8jS-6_}m~r4DP4BdHc8MN6&NM!oKAn4n<~)=)aYh zjkg7!iv_29Q-2uma%&hyCX8bnCY;Q6o%DeWQBg3o)$@6qPfy(L*31|FN&s|Ji6OY6M`UFG-?Q$X*56r+l%Txo4l$$#;tJw^wQ+>u8AkU1`+Q* zmJNjogz4W}i7&4b;tqFhS~%<09bUG5#ILU_;mLQ*VXLUFTX)o(7L;$3<4E3&bD6c< zl54X*8)#GJZ+xh#-#q)c-c5xWJWdFZhQ$O92J?NGmNJ9GCoaG3TcC(^a*Da|#GCJm z#D`8pEi3d=MRmh~;IpJ;y-+^GWYKrJDIU)xJ|=!;X+|W*oEwT8y1&6PDIR7UJd9&q zTfP!Q*U-GmyyR(~HxH7{ zY0~=_T^buZO2S)wV}EY8+#UbL-eo@v`fwW;%cr8k@oW~R)=hRAVe~97+Gsr5+g8C0 z8L!t9lz3cb2wKuo5oQ?ix>hY7)u9Lox+ACNuoGhX`%CA1hG1;>i)sX1ES@zGdVhIY z3MrAan)~!fa_#jFsjR06_~kVyzD6)&(!fGGr#{2da9jEE-ot`T5Tz=n+9~@;L~UyN%bXW42Ymbv1dat%MN90QC7d4UKrt z)KT#xn5w9`E(IFjdEhy&qW+5f^}{e9w@*yF<(_f@Vl26^Kx>k4h0ZOuxiw>fHxs+; zHRnFZ!5{SS0f+ec*8Cmu^YoOaBX3zr@1%1xR8C{QQWS5AM)O;~kj*RXmFNKJkSl5l#5i%7g4~@2)rk_aZ%g#$xo}KOhEzDj zh1R3njnwyDyYoo5G~7b3s$hEU*Hwnm4h1EMlac-V9^&hj9}6cUmhc6z4m#K?q#{!2 z{quhI%b};IM7G5X`n$8k&-bAf(WSYSyf%t-zDOr86 znt!o8EJ#APu{yhB!r(wwb29Jj4q^l!un!x1AXKVXdQ-p^d`FFw_J8uM-gEZ#{I0|4!Ya$w!mSVG= z9P=lx&6^~DZ_2(Q zWj#4y+b{3`esc-zjy2)24(O5Hc!%3^T++d#F;Ao@G;Un}I$mF>#A`!LsEY-&3qaaV zgG+GrC}pAt7bP(&_!uDFd6!m-HG|8 zZ5qF>ki3vr{UTWD##X#0PJzgaou$-MO4lNudR^(8kMEbCh|Pa9>7k$OggjkM<#nSI z!IPH7+M61M$14$zmt~1@gb?TWU~e642@@KaN9!%dq#4Q!9dDt*jY8i^oT8@(%5>3a9Iz=wsmhNLEiW=ijD zMAQj}DGnZrXldGozxZ4QvSEtY0@6wN92>^fL03;3 zy;BnEU~Z-zxQfeL_BfV5utgMAX3E%aYW24k3n+4_3YZEa-kSg38w>CFT`P* zqx^i-Y2LOPD)(+C!IG^i5GiRFGr$~gLEw7VZ}^_tLQrAdpwK8U?soSgZ=-wnXG;%* zg7j)ksWk4T<*WfQLM~CHQ_mQ;on0Y#{jKMF+!~%1bNlE0CXSC>?(E^05x&AhdF`Lh z{S9?j23nXcO;R)$z5H`yIONH7V^utAK|L09>KV77Ndq=OmcfExJxS=i(9e@XqR6i0 zGS9_LlIt=tBJ5+1S!EWc?zu>!Ni! ze^%6y46!iJ(WL6)^mK)0an#T9=;S=J@|M!)FBa^svhzeXoHZ{_*+zl$0C)+14!XkG z#5LzhjuW;w2!YE#rm=2t+T`eBA^qO9b1|Qu1q||+Gr>ZGZ@y6!2GpB#PNqa_q9}rO z{R*`xdGz^Lb}8b^(w@L0ZfXW0f(gb?-=E>5c$psl&T?WQ*J_=2Eiw;fP7wbvRCQJ7 z6>fCl3M-Yc_Ql12f{miWjCHF57t~n3r=>TivoP}2v7n`7O2(C3SJ~3SUtEf=WbqN{ zsjzm))e%>(W#sf>DE`RBwX}zh$#efj!c;1m-|uUHMchM$)#ip3k6M|v!AGOY#C-n zqi^D~Ao28{<4>QZZ8ACRyd2ri3Ja-&8f4eW*sQtg^8#Xat(A_Xu6heKWy?R?P=7s zW;`GFcoYwN>gobJiYCi*hYrc(0~IlJ001~n<*J$%8dE}kT`S9xE}903nSQFT9TUFK z;3!f7B_gDT9oJYPc8SV1yLZ<%%_K%iVzw)XhgHg;4m5ddw+c$+weV_ZbL3f?XWIxcMS1bH_=sW?M1Wkzul zFVGa$GD#KV4~)P?H{zmmOLLP8lqBX?xG@9Js>$Xqr;VO31s@6TS&rx~n&^Nu+>)2? z`3x~CfN#Yq_ACv)+P>JIf1@c9QO$yUivbQwR3~BqWjv~tjCYc{sb%>_pCe_g9vFQlqHdl`K$IjO942{qpM`C$V7i>G3Lfv%_8py+@_>?`%UCe5;^@YZ&;E= zjoak?)uM938zXEE8AJScO2+7uidSwU^MEIUHMlWapr2GLB})9kp3t4Z#|-`{Z1CMv zBw^$Xn#JNAbXI-rtp98eMW!#AZsGR_A8pkpm$j+>Y_6%ID9>7Mdvih6FSWILFUTlEH8D&jf9GQ>TvR>Te zk{ql&h{pYk*7?+^qv-%(nNZhGTsKHL7Ei-ZziR53)XCC&a7M3Lt@x?R<61fgg@x!R zs*XA9XLo|^WGP#48GrMU;0|4?3-@OYAl`w9m)lhN;jD zDmZKG1-~l^Mg`llNaBU)jsRm}kn%a2vSzT#L+5@*fkbnlkkLGv0&rQ+OFDF^O2vQ# zsXsis%(y2_s$6Qw0j7y&@ThO7>(LfTf;#%vmeEAZ+;{*CV6sTq(o(By^E1ETBaX3R z_ek@D1K9q&LFvMJJcuWcs&$EsnUWgWyPJF`LxDZR^p-NV?-ffNd8Vve)e?JX62Jg#aKYiZ3zAy<`y zY$=o8t(-nN-L|@eehnbhy>EN1VP0i!7pEh*&aPlOK&`b2V7m=5)o-2aA9|mg)+-*K)g-kIPv7y zFw^B)fsM-u&NXz0ea+@`O?4Bn5P*64G&G8M=D`bpF)9yBJ>mluHhE99G(NGc%L<-R zUrUN=9KfoZiJc7~R8$0Ht8g>v4ZcC54IxrFVfQ_`?^D@l6xsjt6UlVPoLDi;OT~RS zDv^18S5UdJ`_xJIxX?MG@1=!!8W(dfE?X~tVh=TrziR}4syIPl8DqQ$G^~fsBnD`b zBn^obGkj2%x(v9O6(0SA!*52%eE;pBJJ3as$hnz$Bgu@M>$Eh6D&WnflRW0u0&&Rz#FedPMKIMcYNYK>sR%ntmwok03 ziU%8(ebVB>R@-&j8|QEc;zCFDEzP(EX^$xir{ zG_sZj4<&Q_5{^H7$srwZ*Yfd<&5W?Mf^QvaGv5M-I0B@3kgC!&)FcO4Uncp`$C{aK8;T9WPIzI+wol`!ZV zq)-jwXIqC;%n6o;yIaSf*4^`iHDcBSY|@sFHmt!cjyxK)xpEgFf<7EsJsy=ZNuUn<_ z*jowN?1RS7maO>nzxz%8badj&`N;p_lQgt19uD*gF5zMJbo3OJ+no&iwrNz=Ga&wF z;Mo?4LcBZqa4^J6aLIe<1{b(}7G2Ad5T;k&czw~vS5*ZM!{GmuCLx^V8N4R#;w_^I zEQW*$QV-ua^V>pCUq>&`Ukn%r;Ui7}0vR6@B^+$%vk0X!`3%;!8*NP@aHL=z!?dn{m|l2)2qhQseR})tN17 zeq;(@mzLusLcSbhH`_T&>Gk5?f@g1_|C|)WQv|UjZcF?M=E90dwWJLhv`l4qDk3hE ztD-|R>42t|gs18dSm?$~=gHRwlOO+k}0{i=5NBzZ-=bQ%c`Lg&BOUH=m>P?lkd#61zbs zchCFX#q7TP`$(whaAMB8RkVgfR%%a9^5M;Ep=@K3%uFzk2St!UJCRw*S&(}2=&cpP z1$nOF<+Er2X8YfaNm-q2>N*JMym?kV&$lE*vSj9a=8RsKxant*^iubkSCbFuC1epS z;W1P{z7k(M4CPhv?#uZSNG-%2P5#3q3m2YF%FTAd*j6; zxxc^LUAq@CQxGYZ!|kIXENcms9%$5&%tHQ5^ln$JH4#k_J=J$Zvwr7|q=;ug4F4@f zcMboJG}&#;6Gd|DzZ9O-cQbV5T6j-|A3q=YSuZF-+K zU=jWP?(a(i5GWlP(2N^bNXrrbP7g*IA3RYP5H*yNnTt1Z3@yrGRCs`;yP4WA8Fv*og=z3HmfvFAIea;56xGiVd5Wom-k8ik{Kyy&gLZ z7h6Dz-_cG95WfR6Vu*_%xqMVB;)2mMu=f@n0(agbn;^pMZ6dqB2OMp@2jwI~)RME# zJgHtQ7xPN5%I&-}yc#^jnYlm=wAEhM7me=!-j}ZX;#bubbNP;OtrAnn+9}EaSdq@q z;?fu#myXaLmC1%X%OR~al zcSO)TcfBUC;7Ynu!&L34N_%bnAN9;-ei-*zi|ik5$sS}A{^(*Z{R$ZQ?$8QhcuH<9 zT#5>YUh+^e@GpI>1c+4rNODjfZh&zLRJc z;cG|h7|Oz0@-cEOi_@T;$$jEWa916dWiz z*Y_IH*)?{Y{lMx^m-R(D!c{zJ=SQ5^LHOx$b7Q9Wr#gtZ=x+a{6BYJ@4DLBtpO6Ko zV@th6m$(wFjqMb}JtJ9u^WQ^kI|F^KPI{^IQI}7~+~R*&>NuzN zQ-*PudX#Bky&4!=m06Xp2w?0F^M)=f@xxa7hIpghpT>FbrNVMeuTH(YMJJux| zA+7F)m1?BK3sez|UCH`_*lhxbN9cR~g;MQ9fC{`bJ#ENMxi`QP^t~}3ro82KH3A#d zUR+!`Cp*e%`Kng9?W=s~@Cqd>mGP_pb zvcv{T>=jf%=S%DTLCXF7x&`6w#c>r|+VwvRXYT!(rLH%``GA@r%Fddvj$vM0X=Xx0 z&N}5gW79EqXR79~11*Q%j2+Q(aXN8)<)I&g#&LD`#_1CC%yloioTF}?UI{AYo^f3lRLaIJ2=GpL7{X*CJR# zRv0q=U9`?1mn@wmj>TulQrM4!oKA0;($4~BdY(KLI*%&v`=GLzy&IJ1WRQK5_ zQTCKVs1lcx<)i?PU=m7lGXw0p`}G|qUeOi5?smK#gus*DKC;Vi@e%cHmSJrl*)qC^ zr~77n)&(r6`PK7NTu0`>m};@n_WwY+6@>F{t(+P}-G4D*yuo5&#GkI8E}ZL={K#eY zippP0g)rgE5cZLYYA8F2AuFLsS}B`;{*dO7Lu3a>iMOv-m#Z0wf4zFn=A@CvgY{Vw zE1hu#{t*>8SbtpPwuWfNSrYD)K%@S>&t{+M>>_(BAhPtxPq38T5wT;Z2sDpFxLI)| z7mKep6ZuRSp-)Ymdl~#OTM|Q6y@>}cy-W?ACGQ0Qas(KPc;RdU+VKo9g(Mv7>FWwVRr^C2 zf`_r=Sd}KI<5!ZK9Rr=9QVyNgo*Cy`2a&A=WF23IWjFE>ob-kxQ@55H5|^t?j95h%=nY z(Y;crh%i!aW`8PxqQioBA;@W*wgI_k55`8XiiJz1@t4G}2nOImr1vxvtI{uMhzl8F zbv5lAG2d5Oh4me|-Xl;We8>?>RTmw}pvwd=6jaur-ZD5PD^B0P%DuSD-TMG` zdw}ok&!dAAV!XS6BC6YnH%p3U0t7oLDe@huCgqHz~>S;#p zASVyYk&8j(aALSE5P10Oj2be}_9WRJ--W_4^@71}rjs`32GOFJEOQ!%^)HTS3WmUH zS`3E0K79+#sCgrke_9db_p9dLmPu5N!RIV_f-^=s>xr4?sl zar4QRW^0k+s1@KGx-2-nwtn%#Nk+93qoL(jLkYe3)2v?9(CGq4)WVk0Bnx6e7VASc z^^5Y8u~~6cj)o?=%p?hSWw^sOst5^T*Nq8em>1BdnNjK+-e&EUzwl7#wPE#Hsg^%6 z2-f0-HcHDhy^O`o9$~iB5KtxEcN$@lOZ(iDOmLvv-S38aG;ckuesuPtrgJ;s-vP2m zCY?Y)dZ>&%21ChBOa3{BL>^qYxVd}l5+B1Pa2vShk??l19pD2qfQ~aQWw%8S5kH=* zcZ4e*>&UrFM^(~cX86vBvPNl>Xx@Q#oK5PGsDz;y16Q1y)Z6MwW$!b<%zd<6r#Y;8 zyKFynUCRYKJvKRl7Y-4<|EUqFJlWm&v%$9!b$=J>*NuwQ!QEq^YKrgi_1ycB>=xCF zru^n@G#pDbHo)0 z*&B2^#{Q6_Q(j5sszODL2QD#^zJL_MpUQNZ=xK6vY4^>K>-^D~MsdO7QM zkwxt70~H`axc}Vy+j>6k@n=*ULRIxd{`+#Rbdgnp)aX#3A+oSuya84|WZDS%s286kaL|O-Kn%_5<(nqtdOZ9;`e7gJ{ zo8=*wDjonAkHX_9$NkI`oRj)vK)@w>ErU90$c2jC9Eyxbby7t-0iF|%P^W}pOJBDG z(bnx(!+8RhetVTC&fFsUK)+Pp`qD0EQqgx|L9 zUGq-n=}xNuB!EKFQ-n0pK?Re|wpKP%!#Ll(RZR>(`4E&IaZ8$tTCA@OjRpK!dAYve z1D_-~r8Z_2xDqjSF<{iEx%Mg-%9?VM(uK;O?x=C(E};VnR5T)UEUDmbYf61;0f*Nw zSPtL#CE-$=?I!7I4r^gHcnZAHmed;(cD520-7OtUnUbNGO{P?RXoeP1Y@h!|j+w@k zkYTS<(1?VwGq=Z{)=VDEj2TPmdq!kA;r{bjK}i#j^W2js)(bl!CfIo3LBTUqHuObh zPK#Mo{^mx?aH&$Bh}2B?dgmtNe0Yyp-D#COw0?RDJ6Nm$zF>;*pa0 zzcaD5AS?@NTlmc36DNf>F{V)PTxD#87&AykBI(Z;3x-cVnGA>&y!&UsoNt`;lLJSG z1W?A$qyn0bLPfYTMJhN_Ga*{~rH$RoD}B%hfJNz<#Ym)u?!n7JI_xp?!fV_9m8~as zLNf&Dc*h^arN1184=%x}94mid?gf%DfI=0w!g#N+)hB2L-{RO5#E63IBri^*c&zaq z3}Q?Q7U9MSMLn6;`}8D7?Zv$}H64AR{Hm;`Q|t=~V&i#xiNZ0A1;Dp`?9D>_3UKqy z(%5xyFYu;_Qss-{v0;=gJUPr(rQc(SXL1<6UX2`-n|rz$0O~$7^52`0I6lZH94NrC z7tIIuz`xy+d6pve(w+hLFSG=RPKS1PoZHw@&xVxo>?TKO?QIrzinXG)+*saZCA@^1 zUjD4OE>2hxp9UQlg!}&qpZEl|r-KxEtW0;2&yJx0_2*8&+Q*6PNj~JnxwV_OhHXBw zc%S+JM_0PftcP8I;dg|rd0difKz2J&M;aqS!KFWfQ_G&WvP?($Y{z|+<)deuSR(pO2!r(&^^8DHErw)Fbz4XjZ-EQ(*5c&6X zVCsd<@odT$c;|5|bpXN6dETcW6`1dxSdfpo{s(Sce#f_#e7CYLd~E8EF8I3bu(0my z$T54|st!Q3?~MY>4Jl7Q5Rj8KOt3qFkfG*Qr!I3VYUf?i&Qz2T_?+uNwyQMd&Be6x-P0F@I~$<&S)7mzb*V?fatg7+JJ>Q{r$ zZ;pUut)M&iy{2(`n-G3!K%$!z=+IYgdh9#zWR~hfi-^X zKB#|Kf?r?#^*Nor6K}^&BekDOqT2Dlt2F+~Vo=?VpPv0)lJ2ciUHqGN>`x3Ye`odG zP063*{|k&L9$Fjo`5Yn-<9`InPd9R&u)& zEW+HdsZa@cTJJR{{{&=^u(Q4pM+DJHnLKia^Gv6Dt1|Ut$;|gIO`P@ix3*p8=v z#Z~F=18c{0kMR5oiC<>F0L_V{1#}l2a4lOU}l*jU#&KO ztf~yMK%afXz&{|PE&IsY9gRq}K1wr}Zs|6l@Z$aMF+N@L7i-nd`Pp1Eb0_;;>22jS zE{QtJA+&{hASoY~mXdF&|6|t5c(pvZ#cG(3k|)Y@t9}-t(k&S8XbfV-mbBL%)Tm31 zQ`QA7qhr=G1o8q_EsnV5$ISsn-*g&fL7gs2M(8*sLZklMstKQ_;Ukl68B> z!Su3!0z`gXt^P=%PgGKfb7+?%E8kXkL$J@`1h?C~(-r0YX2sMXU45>t`Lp`C(1f89 zv-jZi0s(4j$Sdm!252GJ#oPVvskK|X3$?XnXBQzxyI0)OGhTo9AEz{p7b*(U^J&th zl_T6oEU)V1*+_=Id~@#e<@;XAHQg_%VKdV*H&RzVc&JcqHp9V367>TRqFXIPPFW(y zrOZ`it9$D6q949mD9ByxX?C93l@>34DW#}?(a!x>4PuHi1mk$yQune_p<8h7TAX_9 zJDKx$&aD+a+O6NJyFsa?-I|LUpBAu}TFv1NRL%v7CW|LJdphUh52N54|Lo7)c%V0X zrtX4z0)M*?UQEAp#{G9pCctE73WSFmP)lW#YPp0HJ)tK()%V48nLYw3l)*4HU|&?VZbR-Zj1w zJpn=^`fnjPY5sN1+o>0l{J&l}t1&cHSY%%QSS-9 za-R*+f2Q&2Oo5#@#6}H35T0>=Zn%`RPQ6B)E>?12d^cnDu*4CN$MGXmXNmATe8)n` zQ_(GrAkjremb5f;%SaKy-&2FWmnMcb2r-q_rDPI^o(NY_%1&f3(|GVy!CRJQ|2zfzVz@c{ddePHc=BCTV0HkN)&VggPq!H=TkqH@Fd8^^$ zzrLhWr}#vr9mhrPX_n*&qGcij`3dz}8rn@viGa%!H}EA_wsHr+Z1IMV5mVaRSEJ;R zOZ2GXDX0HhgM1Op=F=HKaPrA%SRkknR!EL%?52Bhr71%f0mE{Va8+J*6l-~nmEauJ z!e%>8ed^Wq;M2i7vrjWBwJ(Sm1IT(XkhnQ_sG>g8XuN*aF4=nH+F#jFlH}gA&@yZK zfliZls>oCy*Okg^wu=4GMaP2UJ90yP4UbeOZL>~wRdG<8M)dQhQC_8h6h=v3*vt7P zv!kwV@Fj>3Ut2zSrJj%)BAFT68%EP<{M9OL>)=h@*G1H;iYptT_^6jxOdAxtU9PxK z&Npmc0bpcihwNg-nZPRz-*8Uu+P~(*kY8_;&BC3z~*lm11^zP*AxFo)?I%!{lNbMU&83oDc#bYI=Yc&q_lttBa{*P+1N&dbc3TC=@NCL zO9TW&LMagt6crT}|4V5B*lC zvom=7iwe_#=yYgIpFRN0Mg%c!$qjKJ`9A($8Tz)FYLD5Oq24R(F}7Uv$+fr%FgcL= zdE#&*?GI;Wt1^jBjhnqZ$McZ?ULUM@8o?d!z0QodVYZNwq99X=0sLR95dVLyLhk=- z71I2FR-qoo^t@V-8+SD`a03nbf2~4VAX*~j2M5&qz#jj68smycjq z+S3P&0v41|(}DzWQigq%N!KLq<&S=5){P8%zcjI$sb!rkJ4`nISGu#9BdJ zGA2!Gk1)~0)H3{kc*@af^#8b_Z?Mx$| z^V2sHbo2r#DLnhjxCakc@9Adu{`}m4Dg>7XtCPjWQ3m7mfwLHL*6FP|1&J09?6a_21d>ji%`c`>MIku=e`gE!i-jn zP=E5dMtrlk+x3}ber%1wK^*-HklycGdQ1wjTcctOKMtx*tWP^Iv@AJ4J(Ku&1m_dk zN`9_@ROaFC*%vRU3pkNKPA3Z7BFF>`ghhq2*?YG29_Q|Lx?2*$xCe2e<7!`zW8rrh zE=T)JzAcX&N^-Z=&gAW<0n;B5wdjE8h;A#A-BAGaI&(<^%U! zF{7+W>(T_ez#9G0NYclujHkvX1%;xIzfe!R@AAsd$T7+EuF5pWe0wAEen|Nx+b~@e z7iwgaLL8#gx68Mrp9U|PdR@{gHb)9BfZ_N!xCcZ;+x7E`M`WuKl}eKCkG+>wcQg$d z(LD=FEir! zuW;)m-he6N9Vb8ie;QMfybr&AmAttf_WWg9#j1)|FU2Z!4P1Tuqd&SE3IN7)aJ_?y zo07k@3eoFR;H6GVrgY0^+!wm-c?gTlpe`(&tmHnQumV|1`HXfB+?cxf`TTJYeJqF# z`2zM;3hYD&ptObJF1e5xO&LHa^Dzmk1y@mU3Ncj$$>uhgCZ3K0bJa*<(I z>3zBOSMdGc8F7+jZc$%v4RJPoqK!_jqW{7^rnLyi$c=b2QikO^er34=1Tn*0$b<QU02`1c783r|EK}8f;QWZs)IXe})<>g2)Cm5L3 zv2QBaoD{`k

iHLW;^V$l2JLT9V~4Bo)V)a+M#^(MEG&VKkqA6ywJ6oqqBf+cV4 zcy5&hUScIY0n8&8Ag+f4ql{V7_s2v9H2+S`i-o>Q-BFg%z)=l_=S1F(=?C-A7td** zJMy2bVx(RGE^Fyb_XGy~ZO#IEJ41)CCq{e@3KL?I9poBwr*bb>13hlCHrrY0&L8n-3Qe||_f(knX9GPcehrVcA0|ElsD%4i`LTDZS9h zNRVdl;Q+NXSvT{Z1ZsUFI=;BK)O=Gmi2q%&T}MwIz^}YH*m-7cWpJexq5<&yjDHQi zG{w?~9ry{$VW`Ogl?*IJg8cA~1zO=9T3u+UD(8&*4Xx}x_Pmy7?bC14cPg_hUbNlQ z<<%@C_*FmrJ@zY)9Hml~%ei`TUAKrJ3@PkGH|*YxN!?g>`IhqM z`-l5b9WPocbVAbzrxW|^8*LS?&hpJR`~aO=HvKUb1OWhrD!ly`dp;s)d=+$R4z`CKnYJ-VHwM(NopNB=3UG=$uy%*afrpY1Ym!$3q`< zU1u6vJt{bxSeA{b$e#T$KONC+^$dkpEpwIT{XHMt^R>K_h>>yL0&dZ6ip;c(TJey_ zi~EBe9DQVlO+pxmHdSZ@RJ? z(M6>>G=OU)?#;`>QztZ1p5o)Jcy5k!HuR`)4|M=1} zQEvVDfpf@!xXR-jO0QUChz!D$3GG4|K0a+P(UWQvxX&X=CfF4s+zvt+2?7JxSJzgp z&+mJe?S}9oU!wPApv@Mc5wF+$dl;j1p;g;=b4MdV1a)>QO3VE^X2I!FGJ!0%Mb-+L zr&WMcU_%=eP4X5i#JPWtH8c3Oa8BjcgQ`)2TzIpS`;!>a#@3qwAH~D?pfEwqgux<7 zfkF|wNd5xw+fYMEg73%k5WFiNzRIY?fgh~`I>Y|a@cvhI!h(*Qi?;q5{3$BoYfsxe z_w*Ya-)5JYa|FMIw5vNS0BTeCdr2rlMMM&?Z`1&o5-5jq#e1aPtocl}{UW5he)AjZ z-QN0jW^zB6Z>#Rw{Z0Ff=sPb5=9vCH380oo53^QGfkqW}w4b39yS3?QS1}wdfJ183 zCZr%~0H$&?N!m{j5|IU_*Ae);;1+on0sngt{vftD?9rcPdfm&-n4#cjIJcEOPp$Ew zA2RFjv|^)(61tU{n73DJzBs{wtX_g)ZFIo>slo`k*YS>Cpa>!jY!bNefj*-B{`Sv% z5ektDuQBhOv5!uvh|!VCeX-i(zO!StoC@$}HWqlhxrH(MYPDaj5%m|78$-ALgM87< zgMclwAWmK&4Ok>H3o_Lg_E7|KNezZgLP|(LV^b_8Q5$|v!y1UU)`)!9_do59|K8*I z6e5wyv3&jR{F644igDeA2`7E8X_Gf|-(r*nSSh-mbp05U;> z7zPq7lJB#w;+Rb3l5@ZoY2;#&#NG7|k-gmuhKzYEt&hL8gI;IrY+8+8vd7%^h zaX{yJ=$x+|%r!qA^R4ICUPIOiwyUvm+)^#o(9g@klN#$9c?jGJzLhUbckQoglC;0r?!=#Z#ih zU}!n8iRj&MtlEv*e)Jb4wHiF>`(-k;jQB8C5?bnok1e7#Y@pF`$wD+Hl@PO@qqB_8 z?=iXLQD8*7dD_;jhyNs@T3&e!=ji|m!i@vUWL$yIVfJd&op7}Pr@I~;)WGnq6tf@9 zzONFv15!UB3zZ#n1CpTMxo9kH@^xtPn&3rEf_XMB_}@i&Bgq&;v+QT*g{AYkI-1$P zCxKyw={yH%$a5-(bLTKPmX}oQcz`cCELN^Jdp&Aa=aQlspygMP!d_@1*BE8Nk;{Of zZm9K6{b{n{8-J6MFnWt(;n6s_B*!+;+D-v21&gN5il)r6lTwP(rXY=3wBt1Szmm&r zi}P24lJkDi(5~jQ2jTx+YE(FBRP4u8_|TXOXu@AFBc*;t%PB*z7W-Lo=JwL~4;&f< zp95~fB5x zzY>f03M%11MBWeuhJUMQcCa~^$dNo%x+3O!RAeW^YINSvg4S}^ei7fr6kD5?amUsoOKN#iYxiAB%JC(qJvYV8 zwIp3_%%fbI@zhsNU2Z3a%hRUr!vYt+Jy4ECFXvW6Z6cVwpcErg20$kxm}e53XAw*^ zGAnyk+@RN3R(82XB*fOlCRaLWHYzI?YeZvnT=M*~DqD%Q6lSf0wh5_O!8PgNPjidY z3+OlPR-Ej`neSnz68!C##9xZe~w(Wy7>%MgUhuB)J zQ)gtL7IHNs|J;JvA*JLl@LhM^p@Rv$9pG#OS9xWA(*O<Dgj&XU+q#Nw-JNelsmwCzd_2CUDy6}iD*4GO!I0UDKXf$@l~oc>=u}%%ouQD1crPQU(Q5duu4j@)oe=`d* z6Vz+gl=Q%y&fNS-&Vriv8&`4yfo%nWNvyoz6~h>l z_xq~mmn3w{`d~|bJ^LvXd|cZ@gE^z-&H%Ji{mlSeK3$+UD_ zEfC5q0`CTyM`yyk9TMv{9MwXW9Gb8o4R0I`%geATwp4ltm9RP(iNGPUm+g}x^Pn)& zq^+3FHTuy=R*)Ho$@erdWW;C?NY}!oXCM}wGSO~B@9d_nqKq1wN`2A}Xl;i-o%~h* z{Noc^nep&68X3$?fF(KbqMomX9Ck52`H>vcLXIe#FwB~r(wT_A7+U=^vH1joY3Wkb z86nV{SJg}|4NdyBgXQNzT4Lsic`I*}ZL@*--&A?`c}U67RK{YR9ILD(!NAHA5CxEa ztPP+$rQ#<7hL37IHm2PysVY3R#m$iZYLU2=QY1o>ioY>Uk5F&ot~ zYmR`h{~e#^TQr=XRs1*{KimJ{qjMlsP7Dd_FT{>96S7h6M<8oG1gxmvg3 zG87f?g2&)&aSpjCDFm;FZ^_5v4XXI=UU8ak7bDr7QmzzDC~r|2ph2*dR@*Gkan^-*4K%5DuTevPg^!#{S-~^TlpXIcg4Q*Wz`a2%}cfnS0(J+e~*D|y*Ga;0| zXq$rdnktsf>e6}w7IFt?dVn{1VQLw#(&I-ySZG|ouY<5$DrpfD$1R!bD$M(qT6+ZA zJavk31<0Pl?$gqB13E!g9cDzR%T%unhIS0T;#@u-kwsesUt!ps8Ht+>y)uiszcE}! z9Jxy5L`k-z(FcrhbzXAm|Je?(bXV7xfPY8X2NuX%OD_#qpEX@5~LEQ(*ecE|- zWmCdyQzdjWu5~s+_JwBVu<}P|;x8(@!~V@H!$Nm9Kc2kE%Xm|Thks>&u%7Onw@!(D zdpE!H4#2-9zbYc)M46v~gkLH1!*Iw8LX(A{w>%(p?ZBnOCjxRUcdq93^R5hJ&_b}Z z=&Lh;>3M-RvJ8%qJ&IS1qi|yuRs?rGd5y3ckpiy0#0}2uWgE6+coB2)P4qe z$M9BJsA8sN0^4^|2=w8D(U$f7iWRA$?b9 z&D%FZ<7pG*4g$P(#6RuSqd<#KKV=HSGp>EYh3>p>`;=>asPbTUy6kPiGspwoRmrDa zuWwHzTpSiv%vvBI_q?c$pMj|sKt)$xE%ANP`bbleb=1Z$ld=eT^jGHJ-*>Sp)%__w z{fq$WOfcpe-57%Eh5}fb2ohBX|C>$a!c4PFlm zvQC~e5OppW0!ZLs#3zf-XYWHl?OPv6AP!F3s50hZkBL;Fh=W7ML%Gn+qtIQcxz|*W zcHhdd3LTH%|2ykvb2@blqLDvZJRWZNbcz6cVY%@lNB2wfC+P9E_US$jmo$g|k#rh$klh2e`YEF=hX9$<)iNuIC1bDY?uH0KI0FC2cMJWF3v;Y|Jr^?SCB#3Kd2wi zs`4)$=)zB)u0DJU#sc18w}!FvKPm4&5dPH>kGx5j^+y`*!2W^oZfv~@0+OjfXL}0f z2mBJd^-B#vH+BjJBf!|(y?5x~O-Nz_VVam@GpO&~Su=@;U-hF`bEuij5wqlG2&HGA zUTCqepG{X8p@4+B!46*oN0V(uR3Cdb)-={FSQTn|$OWt9CY5G~;uCf54ma4En0aXE z9}OF^HP|M@Z97Mgmc_Iuk8SitgBK-{^_h3IR*qNMEMUxot|KRI{h{EefeSuk5JBC3 z{ML-WJQY2hhdvaMMDm8fVDpOfq%Xdc*t9n>5jk#4UqixL&^HVqMwIsH@)#ST(;wr_*WKt!=h(7xf6`w*(yT-o@= zoY5Q3r$de9%%Z1T(MqoPoPnuIqlaxwF~SU#b&f`#r-OGx*i3}WlRP5SQt7(vG}0Iv zR=se^Y%C5o9D-qzrbO6k{~?2eFSbls{oQ=rF8ayq!s|5y9PO1A^fy z1;p;zJz&br)lL#E{46+SHgqz1n8q4dTHGS#*EtG-YjR7vtvP8 zj$k&R|AwCQrK4g_Wl$+K1v9@f?SH@G=Ah+6HVw|Ud`-(*Wv!m# z;For}_~wGm(Tv{HQtGF>LMthuFt9Etm)+^~sd`CBr>zKY?1@Kho?S5T2HV#t9;3N$ z8(U;|)rc)?F=dvD$KFb9CDN&^=!20usY9sAgck&I-&f>&Rw+^VDvze|Xu7{jDH5$bae!IiTG8FUmwP;)9KxVx$ zS~5Obj6Y@XGD$W>I+JoE2)|CA%J-LcwuLh*m=I_GCNa?YczxLVDmZi|NGWlE4psav z2dRkGj?E>GG**($;8j|qOcZ&}v!+-g*%*2~8N}=0TaqwO#Xh5C{e`ksuqPE3!{p-G zt75AvB_=8=F_kz#a>|a-6Xx;1I_5e^W{~mu!mT+uuFEq~o@JDt9buv;CS|F(RVEp&2yrp8V;U`^(<&f}jT-sU{dT7l71bgc z+8N+0_ZSTOi$>b5a~}#}XdP|9YNy*qRW4*&&jy0z5{8OmzI_g4rA5L-gD8pN^yw1- zLA8t+L(3c*we}PT5>?P-M-ETfYE}{w$mkNP zuq-=-aU1Z;BZpBa{f)SD{V+&po4StgJ%E0piu1l+v>Oq~^?-=4S*YWZ!5B&ARniIY zGnvh-Y;S8wRnb#`~t6f-Xo-h|R zM!@VBn>UjF z3MQ>uKfs{4#-O8NmMgg;S?|2}(mG)NhOJ5>o2>2Fe+-u*dCqz5xGQ|Y(x4LB+C`hj z28U@W)xAzM)bA}1QT-|4?+E)Rh4~*p*g@(Dy;562E@rtU;E$(|{e$l|D=h)2Ka7!m zEOwiL@gyT<8xkwM&;d`3A-VR8kDW-ZO6-hOZe62_iP==tw54I%+omuZyz zWE*rY()Eb-M!-#%nOFCw!B=2Jw&N}6`aQqc%VI31LQ~;Wxqc}t>rIU(^Z;CkU%3&U zo2Ldt9fBI65PdiY>oXcCBZ(SQ3*w0v2MiccvRd*^@$$2R0RHb-N}Ll|{1-8>oroT- zy}Pzg`IFSxz!P4w%xtNU;p!-eb?z z&Dcf%U={uglTS7pGTLSlQYEh$ep`&L%gl!jJ^o7bW41(3V}{@zgEx=fQvIaTL=&KA zs#J;!>Y%lFFg4NKk)fYVv&r9VO`E`w)(#a3@uq*Gm_RLo1o47^iA*hsmp9shfmCfE zrTKkoxg&K({vY8Er~sm{&!*6pulRBm=eIJVcMOaH)Iboaz0x z{ZFgAG4yV;d(R{`+HjFCd|4c-1zmD6;QYRHMlD`sT|fwjD3#9^!xUCE0FY z$u-QX3V5N(tz-dY8kSds$jn3VttBo%8%&c+N}wM71do0wwLKL_GK3CSQje7q;D*(h z@w^^R5E0T962u0r}e||eKQAvr)DG+ika7Zk<5&#>05C;f_>p6ftkfTN$(0*@xNLGqRk)a1yqv|th?r&8= z_p6Nx%_;}rzl|yRk}1aUvOq6Lo>#uataM4ywV?F+TU}hY%hY0*Imf@2XUSxG=^IP&7St1WGZaKk@bf^ucl8C5xe64e&!VF!M{1rxcYzQ4Mlp^DRCY=smkD9pEya7aHe5d_dOo#>FM zbR|;+qU$|*CQ(Sus6Y$VEXZK`OGJD^(-s(k7-b^9d@ihN~$=!_XPlbMG( zSf*c4nb%a9MOi}G!7K_nv!VlvaPS>8RixL<%E#84PLtnpRBLnsDt0e4ZE+ryxhNeV zYM$M*M&m+~wlO&&S5lBaxtb3Hi8-_?pP|{3VcpIv44_{OicdAK9BdjpTMyzrM_^4P&eSPE2xLRox|r$(dyx5t-k@r!Nrl1T%kw1s0z zeubz3irLINBk3+7wxM27-7@JyG~szV0!$$FzJU_@CqXZ$Oz~j)(OE?WULN}%hVQL4 z!HIYJ2Rv70xecow;e3nOTmJrqQ`Dn-#ZC8s zb3HJ-U5Bd>p|tPB-jH=*-~6CBLw+dUF1*_AYhJU`P+?J;|&)x_Iqs_w%&0{zmc%Dfq$jj_VgWQ(&Z1rZEf zQbvP_=BkbssuBH(<^(;e{^y2eaU^hzPE1b6- zh!Mz!GVR3k<(ry+K-hU_bV@%N^t!V0+CwuAXn3uIh;VloHd`Fev+OUbg8{AqD{{;8i3E zXup|A3OzflHJEl__9JNii3pY6BX~Z1I2^+suY! z<>EBmx~*6QCb7I0swFdT1Crg)ep5j(^YV37@bV*ciCF`h@wsh^;0)uI1MjG#yT&iu zaaosI715TD&jyP&PO7gqH(*~_J!XcN`(`X2?Ok2ySzOZGbXEie`@gOnql#*$MoZeq zDI_TYbT&@Z6;`(*{Ka@kSSNq5m4r_M?)xLI<99Lc_tk~7<>ghgY2g$%z zj|pT(DPS=YgOSaP zJ)Cals|(1u1QIJ52r+Hv#ck`6v6|rbRlT-vA8sxTTjJWuBxVa1E;u+8q3P;o7QB}D z=|0t-aJ4JU$J7RV<*etS;Bqd&I{*BI`WnG_m9Xk7Fz~Bxw0vjFeWPXZ(VnH65*jGG zvcn7m3!6y^&Q-&MXU*&@?-QX>yde6Df;b@F~0Nl{AscVji|DNRDh zX)lE>utD05%i)&-3Kahi$FrE@0jLKum=~3%IK#{M;9!CuVK9zHIJ=#$nxp4^qVkK@ z(*aqoi@ij(YJ)c3Q`6E*EumBodKTWh@A;4r=ggF14CF_Qk2}B1_E5?%O7NvZkSZXx zdOjy47X;sr67$_OQEk+9{I^0R z3D>-m=nE`(&YcF2x7a0dN=PhbcjmJKRl6FMTf0$_@}u4bDm5&`jYOIL#0xhjr;-$| z+TbEIUR{mN4WK-2sYb!6(i?698?3WmxqOOShF+`SNK*@w;qNEkKve;USr6X1e+o>k zEP7{o7_cPpxD%I+Oe2JAI4#^P-R~Vd*eL(B!MG&|lG|d^qAc}1k$x&#$ZY|!!QGKu z{hscN;<#039e8PLV}I=*pxM)&2ZVl=;E3MTP@I4BXwv1aJ%kmn}Cw@Lb&=>@;stAirF*0qd7?-Dy z=bNTnmU?Ao_YZ&9KuOZ=%gw%<8oLUU-}f=T^UU{wZVx=;1CQb2?d6N6I9XrHZHhg2JF%gdrnyY5S9eL*AnRKjgDF*&W$9{HepoTe>2XdpydyscXp$h3RsL<=bkA?s`Byf#-tfJrVI+Kw~aa!1d*yzb@=Th`U;9_L>#D;h{JBj-g4HjPR#Re1+1ij>$DK zA>YY&#hwo^u}iNR#9KOEa?MuVX(9|>edw1SQbx>YLfMifyk)dhng~ zAIA}Wx9A>yZ*u(T(igA|7x|QrRQxbgcq6V28pQl?wR5>h@!NcQ3EwMotH{~OXhu_T z(uc{Xk`rGNrs=+-c2BnrQ#kB(b|$|-^El;osAvYfYw&b*BP~O?4?6sXF#(J5jgcSN z9zphBJ-#Ub_;>O9I}TQOwx((7z02lc@8Y=Z88;w8#UQF9QmAt_l&D`{!6ZM|0NPopAzGhRye76olOIB}=fpB%VI zRkT*^_&#nB;$`Z2vv0~~dzQT(n)+RQ8kMOjp2ZWalCU8>@xJ|%FEUgIVjCrg>>g$G zLqnit;ra^+(V}Jw_GX-A(b$T^0eq6B&{C8MC;k~Vne7YEk*zwTz}DK%NvQU<=64%a zK}Y8|_Rfr=dnjw<*Lf(DT2`LFP-5_QyQ%z#d4J9pJ4e-J%`95<3$>p1VRPAWF8k?> z6kS%vjbDmrqpA@E=3ZTl%L zkLz+ftt0;6`I}+umh8{R}mG?gosDV>!5`z-ud9HQxEEuPnQbdhgZvwy2CJKj{c}v&}P?)WeJP ze3`EeeOh@ntH@pMkc#O(TX#*!<00YD+xEYaT{1H-eSZpOs}Y2f?n;Oz(iNGp z)NA0%KZqSn8SII23e4J~B1_`NZ=QC-=RFLfoWfJ>x3aaC8$6VZBf!aJGHSk7r}s$$Ap z(b4YAEhe|1vW%O&(T%=mHs}&!O`;0I|zZ;yPT(G)Tj3w$9=lUgn5i1y#_0 z_ijrJ9jnRf>@y29HclG-JE%i|<}e}vq>#2?9+Z&~o~gt3URY|%475f4Uk96gld$fN zH~5Mzc3HxRdzz)-_{t|qs64uoL9s@NL2ZLd>uoq=;`w{rl`ad9jSh<|a$EBhn_TGm0wI z?D@1oj;Rdd!7aXLfhHQlaaydQXHl(j`Pvn>jB#Zla?-UXhYo9*E_aU|>uXJdwN2Na z+njJ4D!tGjtmF!{30E;3NxTd#L{`61vNtu*w?kbY$#9ezw($MBIIz^7wkPMz-Wmv% zsrb087C_hJ*CfKZ9n*Ib`npvjd02#BFY&0~Ok^X*;JWPT%i+qOZ3H%CoLd6_IluX{ zZ!gNA+J(f$-wIVfbx-7=mYvz`Xnw&GI>%$-hpY()d?%O*eevTFx>xTF&Q50zg0)nG zy!UywNtP+O(530ED(pMClu0pN942?{CWeo?yq z#)G435o{HVP#`4PC|?e0X>lSQBDPmG4ULuH~v5LkLbtA(wif$Q^;HNnpuFCl%dya?6DW&-uzPecn8pZp6r@jX?ks*m8o%No@wHLy zzDxrk?DLqM)xu-PBSmSu9^cM5{!>4*Rjp`^TE2Z)8s2j))Aibq^@!r1Q?AjCD3rm- zf0_)ROZsO2yLzW;`?Nb)?#faGtf$_JwIk%SC++sdKKBNfj%bzMQCN`{TO|f68%PF4 z+)KId>yg<%=;w4P)~J&{pE6u5y)z*xkA>O7OY_4jz6o}3g-QRae~I&v7?PVK8veJ+ zkQI98Z@b>Q&&`r%alZwtr?d`yjvh$0;9L2NW3QruChnU!up={QPb!rv8$gB&P42rv znrBR#_0&c~ycN6}v`q(-xZUC(zI8f#0!9jHaVy4*FCL%tnQ zp#CdKU0W#{xfSRUQh@OY}4rXLMW3P#$rwBT>IaoI!=D<;iU~=-5vpB!_ zli22dgP!?QTyhEGmyFahxsi6fE&9D){ap@WX7i7Ln(# zV=>G;{DA$E?wu3^8Eaf?n|GiA74&#C zhqW>`hLV?`klgR!v%$tDd2lS$cx%;A&&)`VKl25Pm)G+slNexL`CdNE6XB`29`~2s z8nQw&mju<*pE!nk*o@Up;>?-f`A-?G1Z^%?G9InE=+-dm;tizW7P5Gp=Y_bX=*G zJcd+`#X_<*-Wo=Fa;Jd8?%X${bULbLpbCte735kme_rLoRY@Qp3CrSTm}iJJ4)mI1 zzO*(U!p4rh)lZ(#Pxb<{&z?L@0viegkv3AR1hEw(LXeNHj?;wbqp$ZTzf>~nu8tfI z8ECZV-)gC<$x8fJ-D|MG^S zc}@JtKtEY}J`aPhF|~#|xUb6iJVF*3sF3t{_DJ4~$-$%*8)nC#iz?+ers{c@BddDv z40W@=31-+_;a5;hyU-m8B|So=Z~yc5eb@t{(-`LJUd!Ps&O8~GolJCV-OywK8X^7j z3|-J;zK~%cT|0m;-k-mTznsm^rAka#X}&^3*i9ef_7>nST)r=(r{1t+&aCfI_Q79v z)YETCB4^hBj`>lZrDRU}1bu)=JCN~APua`TadgL?4dxIsU7lZ~lQ*J)1YOO>aK$?* zL+EbFum-e^cZp^skvU!%KJ4IPV1=@;Gw`?jQE}>n!n#dE0&pogLh73Q(q16CGo;g| zxcos~=n)r}kw2HFOY~-CI0rZ)0Kb~0Cu*o~)>F+igfQh}EQHbvuU*pI%XFcM_z=H= z00RK%PZLrAKB2sN`o%GO9jFe94O>2Eq)&jg&Q1Aw_%qb;wov>`gnY;%W++cT)ep1s zeh7O-U9bUOhJ|MVMB8ur3(_q#yi?Pd`RTYYPZUVxNvm$W87#ca8Ovj5w0lA0uj;g$ zl9)H%8kqKjOF~6LdM|-19SBHdXWAP!K&O?QGBtmF7%^Qf@EgFI1!N^A%#e3yv5=Qn z4hyA%x-_MRhp0u(4x=lI_xBPsw+KvAULL76y7R^5Skw4txZ3mi3Zu#R#d>oBj*h}- zE|E%qSSNAu7%T?WPF8(y9N|Kex&Jpz$yLMEZCY}MxNPzsIt;zb({XymZt`{qk*mY6 za(nwqjku?Z-$=L-ZrF7ezJrE(9I_N!1Egm|9bI{QmCONKYJyYd~$Y;Ti) zZF*=Fjj%4lF3en6`T1&N*0yzVijv3V0Nk*?e%P@r_tylahJ#dN&$K3eZc3a!nvOSt zFBe^*S=R*C(&s@;Ic5U+=9?HpiZ zxhD3|J=xdw(t47!f#H~CAn1d^=!=GeJg#IcOJL|h1cuQRsL|MR&?)oyN3d{J(!JhM z_J+{=8!~es1ef0kwVvq7v-$~B(Q1AM~^0kt8om`$BTznblNtWDcnmPt5$BAr8 zY2BmZwu_JDBuBP(9$yN{No(+jrZ#aQ^4Ix@+(k)(pHdm3DXtx$fLe8;Nf9XX{= zn=MVVee)v!b0AvCdMrSdqgHO|bE;2*>Yqn@s`YAJ2nx5zb=oS0WpC6P)|MtuRSjRE zgKKPeFoux!)f5gpL$+a;Uj<9wL!(GgUjT%!TmR7;qO1`&oo*h8^{yEC zND;mbF9p3xhfRGDPiy>93}k>{L~DS`&>1y=z?rn4>F?L^(<2%-pXtl7>`Ms7b|1%N z#%|s2AJXMS@z}A~mqAjxVJRC^+Tr7Xen5*t;&eN#DySk1gG?;JpgHDsE{mu$|7H z$JWmG?P8g1(*$C>XxA;grPGs>LLQBiz5-C~otGimxMse4h5saQ+3PwDI4+7$IXka} z!9H?gtLoYN)fU#-67{RVfW+|Qj|WwV^l{MR6V@4(ofIKkmfDn(z{a4XEoq!ol!kQC zaGiOGU07t~(PL?VI*Jme&;fuv?-EFA1H^of5Xg$W`9b&PD5ycs)j9e>(XevV{AU#? z;|}+MyHR<-r4nB7-3iaCHsYq{9)MvME?`quBRwAXq|_Z1B;z`5AUA-udJK<0qsIby zqpXdD#sVfMm1k!OpPV_Ky}KoqW_imyjkJGzT$7_jfUAjt@FC$5FK6Aqvwzu&>W9Nz ze820oLKJ1Rq}dE4*}yW%8mZB8tRV@t%D}V{jr8ZrI+ruicrxUwlxt^_r3~iAG1?W3 z(a1Z)AeJcAqMYXj*}i8++l%@-`6lxcRHSf844KSh$`m8@D3+XXodGj<+R}4y|!2 zpY_Ls`gf(kHqpBBvk7t-@U!b$HJ`OvAvzl22og9*v_aW9^0ziPVkUMXS|&cS@Hc1_ zGwQ5fax(m2pKx<%M8X)RCG)~pHDD!S%+ImF9c-GLWFT@%ro3)=@cWw#76<+7LxfA% znd^>UBTmZ7fComV&%ee+u?E=mm|?(=@{(nox{J!_U(cR#KB#>C;_NN7h4eL%Y^Pgi z%>LxYvdV1@Zt&f$dm`Kky3b6=RR)8jN-{k;SD#^Mx*%{ zVQ;5E@p|-@^uJj_w4W0Gb5Ki2cB4rl*mbw--?}5Y=0bPV+@pKsBLKnx1c`nLVw2VtX(=?%tV8V^CI=(M*9=MoE3}z4y~&AKjc<-$fnTjniGq$Ttt% zJK6ERTOeXG$VW*1+KW^~Ho1mxk?<)VLw4t%mcRUzzbO?43qw~M&~6R$4x46qkrQ@d znVh2<2v}smi&D)3E6J1G;sdSrxSCCnt4;T1JB_shuZvjJ-j-gjE^r}>mA`*H>s#Gzd zcj?jzRX|Wcx`Lq>0TBTK5knJ1QAF`$=jMCo-hbfyaAs$BX7_nNFP8s8qdUVV%I-1$ zHbS0*KrwBZ2E0mA)Eo;)n%8{Dhg+_WcV;ilmv7F@`ajGOyHxSKNc|S_;7N5Qe)z}mva?rF3+mDG z3*uAJnX!gK@@27kHR9)M7|OhS?Z!oTLyW@8LMDGMsO`5LE;}eB?7*{y=2V5*km8MC z2Bqn~R1((YU|`}yKn0CUa|R+w{1d-HI`9{U35z)3D&RL>6dR?f`f3{38g_FUi!Xe%3$yH z_h?zgZt*08&IQ(V5EW``$#8&B^bxCD+`#AEPVTOZn6JAjApU5{*0HDJ$!}x%sm|rf z#kpYfEU|eGAd@ZoAgMFry;F#B>Q-|0TI5lePO6af`S?WaV!K#5)=0JY@x1WjQO64d58%qiZc%H9nuQg3tfquPVMcX# z=n;X*&{XY^vE# zLYD5!jeQoi@Ex3+4++9aqo_rf*Ye~L69{@&bw3+{QyADt5%2|m5S|3eYa8Y!xE8F- zOk)isVAhM2tfm53dY|})w1aX}i_Mti6IK0tAzz+Y$I5xJBCp6+JUF@h><{%RH5fc23&3%;$C&NG9xh<2LELSQ@fUeah=ALE{ z3t0D+@5IhKo+(f1nv)y4S+LFH0gMn9m$CxFAbc^9YCRF1x-(jrg>o}e)DQCYDjS94 z_Yf13nhbFMPxHw`?4E##;N#Q72SuuuCW;{hjz(g;bkC%IVz;;;*rVQB(;`Dyz#VQF z`z6D(_?`5)_XSF@tBy4{?SPw$*ShdPvdyXcr%~Rso{-+NXLIp3fdD zbt=K!6M+gE&PaPXo0&S!ATq3~*-&_+cq#Qd$hnq-3cbln;xBojm^I{`zGkztXO5DX z!*DtAWVrqbi(g{fqzhKt72lH4y+6ru6S7j~O~L<0B=_NDnQ&B>}{f&HGvnD*s2 zLJlIMMFE$+dtYiM@s#$=R-{cwUst*!l1GGb6J6+q;8JWtEHEy;O&0U}d(Lyd_c=CS z=s&Ib0Llq^rMe&f&;#{)1&u7FdO|K}r)BwklxxKqf5Y;od1$^nRgz6lyjkcTKViN| z89|3E3$5T7)Jkhhd$Wo<&!DaH53ca7m2WHRNx&{e*+ZPc*4;yOtsD-Kdb=Op(*^@f z6l&uiwXdt{Ji>o+tid47)Z+WzES5M#Vv~*}KpbYm37kZFO)GtYs3Tqo*U%70&CO59 zQ5*t&A8XFH+#TTW1tV!0z;A5;{OzwFv8#Pjs{+n{LbUSJ)2I*$_Dd8>WbQd$mWle) zioG>oEiz4GTQG`L<7nVISH-R-7F8!?Wo30^jhr14<~DlYPG2|(fFnE8G$fe$VROVJ zMRzyeaqch8g$u8F_GlbR-K$v_MXLh_$GobGEpo~nJx&j{Po%Srakpb zBQ|*qIeen@Luesd{9kuZ;x>^u@kb@kl0Baau~tht?kH3y@q(_3#rJ$U+OnzbiSBy+ z29xWfxQ!E!QKRJ*+qMgR#? zajr_9P+{DQ;L{!Acvhr-OXxTb5un5_@wwzgr+sYS=jHSxdh#H>8hVxpLXCDm;D`)_ z@vIO~J0Bht7Um2{-<_M%8pi;U@Rx==(uwGqdjyEC! zpUn91Lov_Sk3&tiN8mB%g+qUTXC3%AONIBJz6%scTX<_B%$I3_(b`>si?k8r6~0+4 z*4*#Kv`}?aGX?o@ZzGxi_3enGnLmXSUmMg6vFgHDfa7bE! zVUw2G<&E;1yOCj3e^)kAuJYXx3`mh=fAFQgf9bR|e5Ou)NuFG!w(cUL_~nwLVZV{S z^wwUxn2+&uvAmdWOGpgc1NcjfrVlO4_|idEC*=0GbH8tv4)$o&>mASfG>~C}{$5*Y z|1raY=GzkbFjQpD;UlPO$@|P*ZJ5h}X)S z#HK@ySyM@i0VeaG9kShnS!J;+K%H4l(2q-pc-{JspNs`A{cW!Q`)lsAp6S2F=h#l+ zMZEwZZaO8Mf{p}P)z!F;){IYsy)Z|d>p*$8uS~y=3_dBN(&WB~`~3ncQh+||L~O2q6IR9R_TZNh{BRGBrNYxZZtLjsX|+pWJ=%~-e5H2+326RU zw}m#?^KWp08uM%T_=R{kSey^eh{p4Pthh#2Zo~_5Gu>!TAj^X}ARp&+GK8!k0*fx# zHoz%X{4}`;{&d7Wk@8vNKc3U8FHM)LXr!oZ!>RhHlyBV!lwkAA1%c(w-{xWoL z38FfWVWI-eUr;3G^Fl-Sv6jf|9BwzLU6&EAF*j~7|JUZica6r#5P!y2n`__`R$f@WQuy<}Klg6~j{1kj3t0li zFIdfhG0ekz4Y|Cx)5B<_rfDHATXCi$!*m?9e6k%on=9kb)YmvQoh>C(L}T=%Vcxe3 zpm0(eM<``tg(?|_ch9!M*sl1}JIwzh;FzU@Uk4_#Wx)jV^#v=$`FQ2|GB=@jwRcz zR6n#s{fUrb5?h{v?mO=%CW+@Mq}G~bIUyow`IwdQ{p*dq+W?8HJXN-8*mB$jo1SX% zL!N`7QJ{@XvYSGv9jl0>KAIL}_(40&tgY5e{4{7*5T3(Z8pZC*8ObcbCcuk&V@+?;HP^5iG>CL0d= zw`YkWs6C#75vMk7vq#TA{ZTM^UU2c$54*NV_`Um^U9tGxw|mq0Fag>Y`w;7?w4&sX zZ`!ODx=Ubee>fPj#4^kP4jrG|a%E&ESaNk)rm!&ykr?xmVFd)e14duUJ0^ccYnAZ# zH@_i|eP5%~nFDc#i8k7uLpC4euhhC=-9Hu+E^w>e4^2)`H3C?> z$$Z??S8Lr4w{BcZKA97mdf{)y^67?sNtb;^IInIB$c*H0ktO|yjiaz0mrlK-?q)Oh zk<6e^-}DQa0-6dc*is|NDMbOC1LquNFs!G_suFl@kFG0l__cp$!qr-90Fd}I#HUR5 z-vJ;NV5V;Ac=)?`NVDGopUVcjPF-Fo5BsN+{0RJ!|ME8PbTyH12{>g1(4$m0?eABa z%r4$uGHbeFCgghwWrMh;{Dr9O`8a|8rtjdCj|sGOd_$Pf*<}u|CWMW9^&GHIvtT#A z=;bTx-{q9zBB8Tq7>Gn@{jzLxx0SAlpMny?u1AGHb(9Kri7jwejxBCQVp<7H*KjI-c zJA4PHb9jU^e=Q`MeGm`H?X;G?2%ysej)m_LMXwTH`)i&~1B0hwgE@dzm+@BS*V7&#hubf=fv($K7gxV^h^ZZ|#KiReH<-MyU9 z3Mp}js?5UhB)uQb8|QRJmCQr{^_wz^7wieB%FT4d!-NqVk$$0LV0FUlwLFZvsv${H zF|L_87GO91k$9;$>db7QuIIn`P2S5>0Z}y{RG(qHH+hVx$aGT5a~dLq#_KyFXe+Po z4?%4j8QWe$L?9 zvqvO8SwZ^M1KHcfetpVlX(EWqdFQj?9S~LQG?*lKF_=49Fz4>oB)$W=P2B(y)?BtR z?xVb1uNsR=K_-!?w5R_u;!6~*f`4(g(rAL*uuo6DeRz*W*>F8+RmF-7H0@0qyTfYw z8=~?JZ6(C-L{cJ!4 z|8d*W$F+#aYKhLx(ss2nZ5ELNh~VNm(u0VAym$`vY!+To<2zv11wzo8J5Lai!&4~r zJhCV{;rTHf^`S%nvB+vf%DeQlz|uZM|0Oz!f)?4~G?0x(mtq-yac~MQ&%`tM%f!YJ zK_O~266#V(q3}T*MCAxXFH8dq`<_0xvdvSg(^gN=?_wJ|S329qyol#@{Z;B!Dj21s z7NSlXuIAxIYR!-@;>axJLRY@ZN6@WCv&>5(WN3FHU#XySzX!LU+nm5XGr?h%I34ux z^pRFp)o&h8eFldQBy`+OuK8cU8!9t3mtiiNeZF5ZO!=BH$Z4BbKcb{YqYawV4VX~C z4h82Y0VJk28v)4%{f=kRPB=jlN6yXeETBa}%q@MqYrjj!w6Vng_PZ*)3)>ARt>VYJ zTv^rII2ii`TcZn@)htuwMFNKjsLMLRSoY(HqRE!BxH++M;8V&DX2PA;=`06DVMlAohaqVlcGd#P{%jHBRvd}Hb ze+*ssA2z){!{2(5P?i8Orw>smv~#I5xKM9l5shRNp`HZyIWq9?rEuNSMZ zNfSfd>BE+BUe6r)BRQ=ax?D7)T*do0p;RDfi7@k`)_yVn!tVDQR+c952~cm^XpP*+ zBlR9jHF_eF;j}vqYZ^PM@3PH|j~?a_*erc<_0@}ZR>on{V-5nGohV1wd-1oRIXv>p zf1N)(dwIu0;Yk80o64HwGL=-lX!^I*n14z8MN}<_Jqokz)j#-kqyT=+{Si3h4nj+`iB?;Ud#paJr9439-{PUW3i9{7K1;d#@J|HG6M|=_ayZ{9(eI|0GbKl z{Yh6FL*=m$`3+j}b}yu~E7FcuYUo7waNpn6;*KZ3|M~Ylq)(8)Oz>-l*pJurLVY)-GLA^sWGOzSxEe0r zA?A;C%rfPSLC4`+EyW6@=O^Xp4Og9Y;PZ*VXVhP9y-&~|6g1;SpQlc$rnoO}sR$F2 zz~A?%O!^8w%}M}X$`F}2seT4mj5JO~@^Ie@pS&-re4jw(v~WIYR~rQBlu^l024)RA z3&(E%mnIiJEI+f$mRG{HhWwCrdl-Q2D|8S|pGD&Hie&Odj7iglQjp$QMumo%62((D z=H9eW(o7jhM1olDzAT}VWgw&O`;FsHz3&XR&mPyj*kp6xR*9ta0jp^L_@+!QEIFGA zWx}mW`cBA%8HhY#WOYx3p;!h-2_%(=*P+l~zeEY*ZM308#`o@1zy#i7I{AvQ!AH3r z;t=j?Xlzuma_|=GIn72jz9FZ_IJJ*U_ibgA{1*!jI0Iid8{EQa`|iY#rgJD-b^Q7J zxZ!AXBy?-NNrA*5FRe4X^~JZK@qJC6{BHa12ylP>vFV8~agOWg`cNSEW5Ca$)0tBb z@zwJ|5+3D>UCB7T@pkwR10QfbQ6f{#lgAxyV0$UPgr}~=YmKCA=2d&hnssW>v;;Oj zE4vfKA}o6}o)V~-1HEP{iX>c1m+W`Pn#(bAQWcf$3PnE3ojiP0a%j>fnQ62I)kT2qqVUcdE*cJ;O^D}a;Cln}OeXAo+n z#h)<{chSa#aPG;z)pJ9uV0dav#YK+D5Jr)2-yOkX0?iBQ>6~8WW(gN^^jRDCLri5~ z9QFzeXG#yV^AY{M-06d3R|t8gafM@W7fSo}`=J&tqxs)vhdk~^oh$*xzYf>9fWd#f z)EmylQ+7&)`sY^M0wfWF-j%b)_Xuxe^Dk9mT5uX3<^)mST-q(Ui6(oFHY%KDe$CfmQwC$eZGiE=e;v9GfS~=y zzqt6H{!%Bkjn+hc>=00R?VkWulA7yW%W0Tb9Q?7f}iOYBHQ&9?=^xRcJOc4N(TOIJtwfzu%;6|@|bXcjO(|_ zIaB>Q8MDvJc95R+kmpPeZ-jLnk7dPB>{-*#{a>1?zS^Nq&=RX6t%6eT+_%n4aw*S>NHU|I^< zL2LtT26!-AW&-q~n~#abmvT`|Uhq5jX}8Mh(qN_#B7}c42*hLtPG)aD5|K9BWclZQ zp^!volAu9)x+gAtzV%%HtOX!x!BS9fb6}vUnj{;xi4dJ9`6s5HUEKFlhv*R@NN=ar zUst+LBAH+;8Qh>459(_Ve^Fa1R65!)!=`R4fYS_f>LF>ZjY^hI;4NQPDSGw9D-pu? zikf`3Y7?H`OM^<_w2?DGU|zToCLu`stnUki7J_O4wllz4krKGK@WJZeDov>bxEW=b z#Xw_Bnw}l`Uct&B8B~*7vtOuY77Rf>t2%gcGXYLI#5jup{KJv$;Qefv7rOzkwF?uJ z(M|q_8QYgqeZ!sAU@lY|TqN@gI?&(k&I-a%MYSXAPK&EBmYn)_n1$J(g_y_a?S&N8 zHVzK3(y#cq14*YrENhP0vs2@R|D~BcpQRR7$BWty;>cpgB;V%8^{u!DQ-oRdO@O)t zx)n}(#F8H{5$5z*H}%O~=9686cwG+O?_kOhE+VHJ`>MUQXq< zO9fYZg$WSZgZoeRPf z?$@i$?hq!z*&JPC%4^w!#KACeHGA5VV#`W@?DkPw`tf1@^&p%!OX5+|zazUi(^8!l z5geIWnsmiz{COPAD1{Gk+EDWt8RTH^3UR=yW?lQfAJm%b@oX{|SDqWBlecH(M)91T zCCs)wbb0epy<32uVPv6V%nSe6Jda6kXMR?g55$7tW>CX4@#3)ro64d2V3rm%LJ6KH>`HfJIcCWCi@+~ZLD8;8{w zbS8d^q>fDU^>c-eXu5XENEJZ*yP@tvY?=v4@;g~(a24+T32#k24RPtNypAG-#V}+{ zo7aFFGWx19+?OKj^nR(6Q;DLz{J86+wB+t;<75(#$tjtkF@v$0r~}oJ4M~Xh0P+7& zp0epb zuavui-^M@3i?#gtCPSXuw0bCRZd<)A9i+#beFVB2>jEjaNRr%W16I1d`}a7UF`&1$ z5!953D3(*m_$z&)yIh5BD1bL$#Gy(^kZKCLniN_8U1P@LR@Q&0i6iCNVPlnu9TNFo=ZeFB7-2u4l7r>bU zD<`0u32-DSrZHU7`v~SuO0u^T2#|{ijerfkl0*cZMbM-9d!$=mOgn4Ovh7R3G17;6 zk@UtatoMz2&#Mza{6r3V>8_bbK2w|QDVV($cjNf$QymcN~G@~6l5!v(W(vT>k;|n0(D40oP6PUq7w0z^E5f~ zY9PH?am*{WzazQa(@`%RU|hWHMS_JRQ2Z;QO+fr?qd~ES3IjQ+V;tFHfoh>h)U+Y$ zz936oQJLaSg3D1kM$9`H*OeTI2oaocm+@`*g)$>^7A^p7!GJyjXbKQ|X9LTqsQw0=Ery8v>I%(%`W7eUL3*#j`#d}gP9`@ZOlLlOejACF$ zf!r?+Ae?j0xd~z=xc`x75GBA&8Iv)%nvs#>OR$%zr zRJdm==ezHG6wWPW3Cl~!)bzTQ`CqQTF{+V-9vG3X09kVjIdu_H>chz5<1F)gycs{j z-l^Qpv4HbS+Mh+%l>N9+tW*QC0NvmPicU=6N${(L963o)0Iv3>CrqfVMDw7wfhRXk zj__->v}mb{4jeve$|Vbi^{htXCX1Sm>hvdg>Z^IL_NO*~sn^Kkb(G{MbA-=YAblut z7gHNPbJZxw)fjnP`I@B9K*`{rKaGiKzJ~`O3jLzBeSnrj6$iw*uih3+0mdw}ZX`uQ zrc?4IO)xr!TRBXx*c-aXn~FoSx{2%=L{zwsUwshxAi}Guw4v!$xX@bjhOPxXN#E`T z38KaYO{?vjzWA_^({J-Wi$bH$n$M64;_nn|I2AnZkP;MrhF>(yuLL~-WIZr2-VEn8Y$i z!B7~vKMwZ#&8+Sg=)iguwh?zS-CN(d(=C+E^s!KKx1d%{DX>I`c!fNFHjZHHvHmBB7ujjG?J zQrd8`CHfm5OvkkM=l!R?b#xe1Zwo_RqoPEGnGHKpHS=M2isM&`nO+JpXA|JU!!j%% zUDJGIb#luq!B_S+oI+Ig38A5;#8X=aJ4dL(ZWD}H}X{PKEp;MI)bKD|4GO`oPo94*I-sarB{d!nsCl-`cw)Iv9G_MLC^{h;`0**b zJo5``mZ7Cup&KekBPtAw^f>Z+lqoJattuJ)Adn%#(#!`=7>j6|d^=u%TOYfAtRHMK zBqq(M+BWqpc6{#7jK(v@x@##fIybQ;a%iJqrCdE`K<>!-Elw9S8ZReRWW zcN}1RjAN#Io=Cu)^VSQkk{7%(A^)nMdA}eHq6b6UYn`wR!2n3yg22vkTI6(VIQ$5r z!N-l4c{z72g{+BHm(<(ruuV)J5Y9iKd6meKRj$Y(3#B z5uEcNXWVdbM)J?;C8xt=sa94)+QNB$*gWQ?=dI;Cl;wXKC~kvSMQ&m}lvc-nR6h-} z^Z3>7wP$f}jQRLiU@u7+U?Dkc#bNPT$ZJ^UCAsXw6)`hN9UA4~KQ4FaDJ6Ef?FjNH zO0VeHDxdFFU3F`h#Vf7YOoU`g5?-uljNx3QHsQ&eB`JP@ zodDJ&tUmiQGr`ZON`dzMX6k7}Js)^m^i{U|2uaH^79GxysW^SJ_D0Cca_He3i>q%) z1H9nPib8G@h?$1ZYTXEo95x3S{smDfh@SaJnPjB<{9eki>m$wmRxKNqz|;Md>(2>;Qp`b&cQ%%S!~sEIED{~__!Kmz00s|=~buCJUb9t0ky+wQl^eqgY$zqJW) z2OTDTDSZ|Mz8AFPmHGagsn(?{=s8cZ!0u0`!5f(rwP(MtZ~v9;e|)!(1rt(@9xkkSv zL7M*{tk*|D310pWU=c;C23byur&*m!7j#%uhb6gw(aQtUIb^Pn7F%u`fIymYP#&ut zqg;qtrCy2Eu1O*6+F&A&wI_XmDPUtX?JM?jR%ZxZoUII(4!Q;q}YlVJA!ekGIgOE;lo|=W@r0r|{;l>+d8hN|d2c^9J z!9L3G(S|NE{l-cz?pumwRoEn9?T@XYlxf1+n$hf40oSSiAURC=1AEIjod4q-7m>7Z zr>EV;SCuyk^8?-%nb`d|J2G%aTjNL8r>6^#5&cd^aa^%gd5`l^HJULEQe&CEMlTg{UMFj^c3!x^NaypDlYhSEJ^#g}n`@0@AD_R-cK>*s$;kJod6v^P zcE6VQh|=9eQ6ULW?S)R1D615A4t_FSvhGM{Kwj~NZi%|c$B{~%Ycppi%I9f%Quk|i zphk8>=$5OIy&f&%=<+$1vms~?MS+-gqL5&Mi2P-A?z-ueXvxf!F@^F3nJ97piTr$H z`j$4kEYIq0;dyg4L3Me?bR9;;rP#*evx70#I%+C^Q!hXLSkCxd^W=}rU=8Ld)I|Gg z5|VV0w|#fsfYWlj$l5clUHddhM^LId8L_}zZp2Q!(#&Wmd2{I-f$54(nUTzrjm^DS z=~Y*dw+p+h+-sApYnS^(&A?uQ;{Ay$U|TNHI1>J)iki%VbwNuO+Clu@mBI}_Ymz&M zQLl&lBS&@NBTlDjCVh(H64WbAY(1Q7Sq7b4QNq%MoW+k$~ZL|@p7)pE)y)wQ(BRh{0@bG2 z`|$=tA2ALZJSNz%5ZH=Lx_>tC{TBy7QO-W~7huw1%9+>=$ z>1L3&TqlJD(*#7O*%$Fk`&5dze91oh*4a)El)h3;-~yT+r^DZspx;ayl17yKej-n; zVqe0_i6Ts*4Fklj%sj_!UX6r!5UvPO$v!$Hr6-7FTDVk-k745OrXk4vWcHiDo)8Cd zF3GmBT8yV*E?vSh-QZJAUM%R0fn564usNozkiaGpln@Jo1IvlB&JDgAY0uN zeYFpu6#>A!aECRrE!A@7kmI|*4SVeTgZ@P_I$KrJDx(_7ze0n^WW6$V>z_LVN&&7g zd0anH@8c||+)LjgUr1<9{P6Q3;$rHs#6onuVWSSSBvIm;$5*RjE&8V0asSH0^ebVm zBqs97y7?sqos}hwFd7(P@ueXIo`9RO?RMaURC_l4la9~r_gB1QUU00O9=cy-I$%r3 z=Q@=Z3FT2hJg$9LUY)yAk1X`RF8)~h*&KTh^~GV}`Sf_+;?1rGLBI2Y5~Q7e8Z;2_ zx3Z@)@)1<}Lu*nca2GD|`u(}sq9pKZio z^z@0_BYZGzO9trO7@ z3&HmYV{tJ2vPR!1dT_1cY586?HfkY; z`87yu-~iyhyvQHl=4uz~YvNeCgktWhJsVJL^}KYs!1lQQ#(;�>{G1-|&tqR%Hmf zY-MaiDK&n}&*N0xzx!r)IVFJPE=XB>n~i+*C_vC<
*hG6ef0Jgo5?^SF`@ss%q z*B>pfH!d58yT8?V$f?Wz2-+J#l|ld)*okjnUT|X;oK~2Obflemi0c+L@GFBJ0Jh}F z@iH)QC6s4#Kk6ib1rn5XH+CB`+38OmI7r}&(Zj_sDI5RPWSjRm%wLN1p@5b z-w2nr_x9Ryu{*8M@8ErnjV!p?CE4rYQxTO{qOWQ~xQ~E^{Eg2ymw7CEKSeD&`iQ~A zwPEfL_d)aj*5AMQ(;2Z5z44YkUzZ1M8U3`G^#6s+I6ztzI1BLpKjHE(0&CPp8A?E~ zNnV?5s~$;#Y?BCEE{G9%3@jSh#MMsR!Re-BjXUa$b8z3#Lqo?Yrgvd-LLzRg)TuJn zP`YsWQji{#nM8;_N@}Q*_n?V;{9obHWD{4B9wu&?6C3?M;qv~~ix-_b)1J~Xva z!3y)7XM;sp#oh*u%TTZ$Just^jK5JdSVVNtP?CVadM_<}oj;dGyxZa`yI$cLN*FCXDwE{G6&@wsMGK zU2fPiBXD-0iCPyM3!k_L5{2?M7JeXaX7h1zL zQce?D%{5&c!nEjfkO++oa`2D&w<=c9#ds=tzxsGq(EEO9BuO_!GI8HKED@wkL!Q+=gmfNy%mtLFPF<5zWH92P?Xut!LfvEI(LWP=#w%*}le_%DN7 zT+rGNLxdpK^nAxmIug{0341Zt!Rw7bq(%!K!J=2swFEG3=kWzn-l%K7< z3V^*ewR?8*UrPT(hopQNM{wG;jeo5${QNWJ*J^*j$c9z$(FlXe#QKojKRUO0_80%q z6A|a?xWjK-pFTgGe)k}zbKuoQ3^-Kt%P1Ed;~W|=DmBC<1SE1k5kzzDQ(>~WfjPOh z(C2>faotx^r0wu1n_kM?;8FD%Mv;IHKC@LQxOZ?W@a8wGD e`GSG-aZVPie{2mH zeg_-^3KY=kuf2<>g+w?@q%P{z00W092a%0FQaNzF$zRB_3G(=O7TF(y!gaIhK73U_ z3X0TT1y`r-_&KauaDz|YY-UR7r9LHckMKP3cUBhR4vh1DA`m}of#M$GD_6;3CRvb; zMiYKbzak?HsPXb`I{%CJN-H1bK99N1RW?t?gk{Ihrcu8_y~Y)yLy{D3orSer^%PA@@1nKcLXWCVBSyCBA49-jWE7A68rG8>VK7c%N#@;%0; z4Owa^ZykltyHmanFH5g-i%OXKnDEqefI=NSDuDeFLU0>owpJ9vg_q^iBNg@6acNA1 zw@Dkl$bDgbPm62vbQB+y?H-4ALo5@{4LNmk@bO-NAWoB!YI^e0*gOUTVl(qs=`_l|2pS+3vYK6Zh*>@ zZ)80*qFi}Ijoab@TgtH0_4zX!X|I@neO z=8Mcv`}_7hd-Ey!zsJ=ccL~(*t%RYjF6T%HPaSpXoy!tJeo}|uJ!poEu(}nAa1UbH zq`Gn5?fI$y2?lPli&XxvuP)aA@&ySe_|u1_$is%jm|wG9zMN0E=h~8=#*o0hMO|;! z1XBCD011N29g8bsu}L^6Pba8(VBjJ0wg&O!#Sid5nZQg&|MhL=;)%YU_E3q(#6*+g zj{4CD4qcBo&uRReDp#Tc4cJ#mo19pV;$w)B|DsDnaZ$#MPR5AEIy27oDdjgQQ8RdU?U}UB`0g&cwVTQt zh9Zp0eZd8)mT62RPJX%L^M1Q!#hOh5kfhKboX^oK*FnP1f9U7>SN$pw_Ue! zcls9%2j3I6RPRUaKMJ)RJTB~6-^JhQGsgsNfLyOZ@!~o~O`0Tz#UVJPM~5XuQ~#%J z&});kkAu)Km7;4DAMkNErL-k)>)`#}kDj)QOA8NP5S z;~1p;ag4T+!0WSAlDa>E0iUB$k~MYpu~#+I>kYzN6&!i+_nW8Pr-{(fzhNwhjrFHh z>VkS3z7FrS=eX#`4wv+2Zk@PcnKO@9&UDy!^bCMeISE+tN+|co^65G*@F}|g28`Pu zhqhYm8xnmG#$EjOJEZ4UcBuL9wY`o1SdRt}AyqM|uWldx-f?r>GuG&id=_ExoZ;5s zxmzz)Flplsj-JrQlrXwjsXyr`!@xjqka8yE`S6 z4~Ge%-X5H|{YWL~%YTdz!^n3Jpj#di)o((P<7W`p{iHo=whWU4jOI| z9gc(AQV@3YLcxEk z1)PL}>kXDK+(;2e1b&L&lDkQ)@{PyuGEl~e0Vg@MyJVxD%wi&=s}G|cC9j#1b+(Vu zxQ$ViJGp#5t#T#b)h@pBN0Pi+{?A z39?2720SIX#u);81q*J43`@j0F_-hN0Q*&og8!_aKDrsOSGb!3bCW2_%|SNPq0OJU zx2K@Z__Ai8tXtx)`K%q7E}Ulm416S(X>i?i#XRb#&Qa>oLF_1r}q15Q8NK0 zO+fu-EPEu8-0gFB8<8yOQ=}MO)@|>oo>n)}m!FxI&`?aVk}PI-sL&=7metHEww-%- z3L@~<2z_~Vj!LH#307OouD$L_ZKWeTPHI}49=)<7F}6_|q0v=xyv0~tnVJbov$@Je z71Neh^!i7V%Va4jz0O4(7I!)Yy+MJbI~0rc1{;^;PewHrr#HzEuigl%mm$@MrV{?H z_+FnTxGz<^sy8%*A#Bnbe(GR!Bkj?RN(aWJ^;1CqmnbbNnBH+t0MMRU1)CX ziz*xaRhye$?D7MiXkV4ZoZxDz4<^oe@Q%+HQ5F zyRmD33C2R{p1a9U)~NP1py1w(QG^Er_2z~D=uh*oTq^hp64gjR86eBS>5Ws-Ww)Xl z_0x+G8fBcuWlEB@NmEdFOmU(F`&l23D(@I89J_@@70wjCR@(Z?p+odFc=Z?fZF;@3 zs@b(A(Dl*>@}id%PyMVtZ2bP!=*$^P9;Sn=-5Rts9){)I_%Hq8FLeNf0nS)J|M9kg zHL5VbYs02W*M783AzQoC8ktPX_<3qspFxSw7`gn~y@%Spq>^vlyY7|2xmMbwO>`AU z!OmOs+t-dbd);e~5F(>%@4AE#b?u!IQlV=`QPR@-`uY6_?{mlbe9r6rd_5mA(1XE; zMZR*Qd5V83iGLj1e^X&YgV(chvz_hN+oZ#ubX|PHkS`O#W}J<)NLnzHq?@-yHx{-t$yJ*?STG_M zcG(kTO#VEM*ed>(4jMprGt2?*`~Yj403aRUdV*l-gVXe_>kajq+pl%p4lUHxE7^Za zz4f6E&{VbcvFC>f%kdxB9pdx9Z=e5dYE89b`px?Eu{o1I_NlbOlW3bK-AzxaZ=U8i zILxSnumA|JC)RX97h-Is)nW2;KG=C$)rhb6Dyh;JetuiNYD<5}H2ir@#&a7Q#F`4BQJ?>L+XP0QioVZH#fPn$ zpIem<+t9%JIYX`vPgr}~Vr?$Oy=`GKEB1VIo_D2%XBMP_F&k{skfdoN6?L?@K`Le{ z_JduAjf!f{!ScNWE3p9OslM=0fDZPV=1F*=IXo{Yr0{DA+~7us(ceMr6o}tyXtI9% z2P@67cZj;uRB14AhdTVHq6X{-p*KpqW-47_gucWZ9x&Y4Z()Ed<~f!v4^UF~WSr$xhx{s( z{E0RBo6XSox4ApL<8N1TPvA5fV8Q`0V`DH;#Wq3hh1fR_*^~~Qik1J_LjLqlw1o3L z`2#YYn`raAh{?D!**+4vLJ#;mDa3%bIL+~SO?l!JuTLpXU3V|$>z*_4u>Lr}hXFhB z1GI3@u+4d=A|zO~DoT#VFeuSGv8D~`4Hf0QETX;maO1@e8;z*~@Jyol(XwWyhln;h08EM5FN!e=lV zv!cgy03}4AT3&+fsB;sxniIZLcWeMjO!MOZ+?DnRzzYheR%tH13icFM~LtpPyO>w9TlI$jp>qAzsDfw5rvZ^4@S9M}BZZhGOw^Nqv5H;!e) zURnH15%kA)BdJ0U5uVPR5pRQTE;)OFNwc7^>7|xU=<~mmguWGTJSzXFS1a#TXO&vf z;;Y+A9u$N5lAlbi6(GlxQzkN_evR#g=-&N~YcJoGu08uum)BdTNMw08^}5vHohkB- zjp9tT*PE)oA@hH*pZ^yA>s>Izy-~(7lo2!FY{nzIMVIM`ClPPGZqogy+MbG(DIK8AnHMYhzA}!3UDX4xY~xnT%>io{f$-VWJ6F(oDip-p zWAb;}^hS?%bJe?Mh>`bT#2DmI^xe_Fm$n=oc7}{>0?6?b%v5yoH#?(6bVeDm?RX26 zjb}i!84e5(Zkl0*Tn`poHz7S;>sbt2YvUAM7yY!ZNuOK|?YDO7Uu}JV!@K{Amkd-| zexy`QEMgV2=KlNS1MoB)V~yffGNer|Hx1LKd*Ls3m>WRiTQ+~EAx-eF<5>+kTh_`S z7%N-2r_0ZTCw|@p1bO3zxT>B7+*>)7$@$+V|t}&W=AtL`VVrts_ zN{3DRCsk$_ZD!ZyF#9C>&d};e;7W_aEJ$Hi6bpDYEFnLdXSY!1o_uT9(IVgymdOme zZ4IE+16YrnAj6DLB;COZBHRrJfm6ZFdv%9)Ti`$4>xv~--fUInYl_6@y}w`XwLnfL z-qGm04g~mVi}}N~?K;M`Q{+eJ!!Him9|JL8La|@GZh`QT43_Ne{|pxY3*X_ee~a(k zZ!}mJKFMAhc)0HM@9kXn({kKFpaJmh+KPXooP@#ZdbvA^Z4*Y1QzwEQFszRmunI=g zrx)C&UzpAutybV!+%ed;Vt6|Wv6sbi2l-syiZ!DJQi0v_NrQ(xU%ub>vZUp8jWVqQ z^TzkTFFc=_0txUy22;Y!&u*h5S->&*-3Oi-aOf;7{SnjkciYfsAEh5LX#Zwhm3Tq9 z`;XraTigCZ8GY5by`+zTm7lx~GDN5_Sn8jD4QGRV1bp)(OkGuMSNd=6R#xALWdNKC zc}!rnMm?K1~>Hv8xlM*}l3T{_}l^+%ralQ^E2fUllbLh-rL8KwExl{9cRqK#Ls>qsT@n+W}Ih7 zI6&Z1j<~cuX%?P5pXI~THgo;LY83ZyQU+Qsbicl}+G3P)<|^b(|Ch~itenfU`1OY2 zNj@H#=CAYQj8g&31kYfp=s&Lqp}?WI(+k~ds{-YKgataF9vo}{x*F#C&?_6C+y7;~ zpN&tw@(rG3J$@G`KSrb0So5{C)d$x^l}spmIahp3HVLrG)v!-!F!df@a~&-m;V#@8Tn z1!Pwv;N99y2MDyXF>51usoCpEB_W|o0=odD-v_4nn&^fRWhHzjmAl;V>q^X`{)#GI zY#O#)JQM_o`ONW=4Hts*?riI*NpZOP^b}!>GCd-=i8;d{N(yLtvmO*!2!?DGEci}x zaa(#^q;$NBCk(P_WAwSTC*!_O4{KCr+Uiia)6L*Y)u^iKydoRF$J6@+5^T?)=hM_j zkWWL+!JC+dq|d#u%f01OV0lB(+RNzk09X!Zqsmw+sMI}DHz@^u3wJ_4TmPR39n7~N zk7L19&zl&_>{bRidB{wKsd$_RRL#i+b;rGC_(ECE%2J5~55zl14VsoVdB#H3dACPZy| z#m6phw%vZZkU$V%KJSqjBBML3@F+uhLjQB!x5SOF?`q-4(Zn+!6k-aUmgyv>RwfwT zfzJS-kO#V5k7|+RjmdE8I&utD>5I{Y@|ojN-!s*DY=y{B0Y6@X#32DSloG_jBhL#>8Ly-SOVyt53Pn!zFpA{Un^tJN`@TlB8&w$wf6c zkB5_&p}wtcyBhLotJnpvdo@>Av#vhn_ix;*)te+Ua*mLUtLWQ6{uMMBlANB5R(v`< zs}_6=z@7`r(NRk0WIIgjSbn21aNd|BAX5Xw3kt|jq79@-0UrBaP?X5W?VLZ~Tg>cj zYux;v^9r$_JE9VpS5SM$MN%Xp|Ao&UgM2%}QrxsjcuKW5&P-i34d=_eRag~y{XNxY z{ra9o=%1-GZ#cG6&MbX1i~RnPX&^(U3&9EQn=Gm96^SIG&=tE~K8O9o@6W3r_ooMb zf&ZIjoJ|Dah{0I$pi)2fEZ)t7z|ea&z3)Vz5A0fAIMG`KvIjTWB-Z+N7LBeXtF<|T zXSl(YF5RgDuZcq%t`2bI4vklrQLNRbniZlE!Dsx<>!l}H5h=uC8<<)yNv{^!#7K!R zzb!YBazv=rpv0kbmFGt8$$YK2BfX#giq-K5^m8%n)_46O-cMJ-yi__+TM(WAI955! zp2=i}TTz&zrvRpiOv!**wrnCfd5*zc?=ipyr~yC=q{-#-2pK$zVv9rZ6r;+L4dhOH ziSazeiL5ddV|Bjy`XptFPiiVZyBnyLcZM3EbamM@B6Cxy23E;#15DfOuyCg*yiq8P zmEtWH_vq1`<`!!mmL{Z$=Po;1b@JLNpV-yu$-b5moY5Ik?*zcGyTc03{%p?12UIgxo zICnbZglZG&5;o*!e!wvDcr;@pp3X#hK_od81Gz#muO^j%$T}DVg|r}BQY*1Hd~DLB zJRCA^(PB)-ax8?NlB9ARPXaSp_T-`}GCcp)IJ?mM1)~5?_kJH~tfC^c2l}&4cOq&x zi;|UGe%tu`3f46Jz4uuDu86G9M~$b`uBKfzHFD|fQtxam;md@TO<{o>9)D9!debbL zC&o*!MQ@(cs;;eh9k#_DC`15>v9qvT$MNHIPP9G04#_lYvd=2P;0g$2d}J0YB{iE&Xf6;;3IZP|JK?tUXmj7T4<74iiMRLoK#I1w^*ZYU+%n%<9qn~(Q8{qLi{DL-P z(c$0A@<;lVPCeM^ynm^+IV{3ctLyJ}xb^1Wu5|mqUKh~6)D?ilTh{|h?lJi@$WrtZ zI&+oC1}Wv+$ecL5^x>mq+EC~hg zgW4(u=%h2jni32)bxSgzDwaQlpKq>LL#O2Zvcb#2N)LsHyn+-IPn&oN02K@>#i}in zi6XG33Y{#Y^@nJMbU7Xf){=xKs30wY0%-Cbx1tF!c;k8z00WUI1sczTpb3H8lCc9@U@;z{*ICzJ7{1>+|%re}LBlk9&zw(~(d<4Gqrl~0cqKw3pi z_ux8L1$7cjFbmx57G2^VAE2W0NkcqPdl7a&c{;-q8{|Ph2+7vKbWdQp9{F(17iCHJ z3{Ar{3nnF!4ppPO<-M+-c@<_XKkv#26Y042#0w7!cZ!JsC;l5wwvF8s;;jkG=9kdkDi9RhHK9&|0zb`T%j-Ar5lQe4_XR8;wXExMzE}mi; zPuUpbm&SBwxN*q}v-9bajBxko#xh^*vT5d6&ghWNO|_hOTyMM!IFoCcW{s%BJk9G7kkc>J9IIo2NOGx9@~*dX#Y3xgfm)|{C<=&y5pUm5vZw@}U`*a$ zl%m8Z3dI+3GQetGdLfXM%k=c{WoT2gb<UMpmoFa zSh7q4+aT0-_PKgW_;ItB2h@VjMQIvGdL#|`QIL%LPFSk@p>S1Oxou zck#JHJ{5Dpl+AI{EGjEmF)Mv4>l{V1!=0y)-jQ`UCT>$ztk0gu+gX7H7+6_RzshP0 zLNC@^-QQ0-wLn)^lD#oZrMCQPOd_(K12FdiQsBBY+%Z$=UyDA%b9+7VjmHot1Xz#K9z{rrqSnkO zBzwTPUD41tW(LnF5EF`yly1^R!F%8vy=Wa<7dKmoEpn1Zo=#5Q8rn!CT;Jh z^|q`KHPv3jG`M9^@hmY8Y4iErXOGEc@rE%Vg(U;4x6yVFE-L6Fl3s^1AtRCrsFX1J z|5elb`^iB7GkpN0){~@02X6XLtlFfa>w%Ke>PP~`lMZiMNxFd5S&quOP(N|;IN2Rm z@aH&L1?uF5IRAAa>9+~=#A`WecOl7LkgSFpoLg5E-~xN)%|vz4B6gitAwz?kGYNlZ zP$87Jm07$QZ0~jGWHggKgCf0~wT9=?9-EreDHpH6u}$Nqr_A^pbhOa-gkd6Agh^cV zMlMZB9$wjF7NGJn3qPe#nmi|1Fy|);05kv{@JSwBw6{ZcD?>~%UC9Kx-LocO)fRZ$ zbAB`9(IYuB9|p3sMV2PM@DeN!3!sG1D@qjaU!c!lp1w0I^lBLR(&UPh7q$S$fU0>R zKk$;Z!xVogl4BqekzHrcet#KRZ*^LTt zMV+k~ced@YJz-m%dOElB&u9pfFu|bQh{P+Qz=PQi*FI1g9l&p1rv+-d+rH?3 zvB}6Y$s6U0-*)gZWR5|&o*7OKLIJDHOadcZNp6Ce;AbBc^239(E{p-+y*^*mW5v*| ztn0Uqn&$kvk`!J);eKp!D*P&J=c?*xQyX4tPzUvTpIZ#Rx^?qyke~!nH0jlH(#X?0 ze=t}`hfYuo2ZrP(HkK>tA!a+hkTGmK<5roOl%1Vbix4Hj5U(|N0eMQ(OM`%dRTf9Z zJEn*7ufyz$3;NHp5QXcZuDeO1eN18pb7dX>XB*28UL%7CDm5oKPgz}@{Z5$C&RLA`{h$ZP@%l~G+(aEDnWF<#u!8^=Zw-?fEJ%?9q(Hle2AtYET zF^BIpm!U)P)5KD@xoNvPce^{YhFRcLxRo2l1DzCzN?H8p9Stbe&HxTRE`2GEKy7SI{(d~p~ zNJ(*{QkeMgir(Ut`$U{#+wr*P{kx0I7UQ!}z%K;Es-9GA=2fH^)L;z?7~#3u=_C5!x+tWni!4qtOm1*zl6+)n)3ebD-D zs282`98jZos&pPJT1d8Vf?LH4Hk9nj9fA$OH#!)E5f`zn)Kb1T!M!M>``fMN87@0R z>;fD&C9t83G;OL1*PQE`h z%JSh|w+A&Yy{I@lBpyJ5xY8#5yKR*0RaLfLpmEYO0N)vUrc?ZmPkP{>QkHCb-utnv z;OYRJ-E!_9j&l1=7TjvthQBk4%1D!=7E~AHU6uee!5pX;>1>s;p?i9ka$Yy;R3< zgpAS5|J1ysoiBm!-G=53f%7i*7CQ+}L5BHVb}|V*71KqwwL+dH|4sheewY5STq%yb za$_iKSqTMrEwc+);(wjr2U`9F@_Q=a7~?P-YX?F=OsUTumzhpP4;-4aSEFY`5rJD* z>B&ep`&KOzOnt9$+tverh2R>JY&}UeE__mW>Y~oxQkQkz!F)JAfH4h?0B~OQnXL$)H0AaYO#I;q6}Xy?wluCkwfgW|zj}I{4fr*bIPTG~B0W_Tm-G?Ax<4 z{jhnNMukEC!+sfYn*$j)^7sLujJhHN1K#*W;6DHrMi{@f=j>Mn7`p*A>!G5H?lC$k z(U{JJ+0gjIF+|7%&&ZuyiF`UBYz~BviQ>cd0?i;9=>Q}2Q;9Mmj8i)lD^cGX z_Ao;HD@UF~JT&@kfoo%cI66^-!4!^8xyoC~x@2>LR9h`>A01h0?=LIxB7h&gW>4NH z2llghsDdZ_#b#sz(jy?Vx29OO*xe<06eX0E-S6Imf!Ts0*f~k7M~D1d@-@kZ+6fK@ z{gMqha?lu_{nK0m>^tskiqP%VSEB1&$|)9>z&N+z%}uf-6)1kmG3AO6@)%}B?K!2} z#g<+Cj$^U@Nnf*f70M=qiYrTw16Y!!d#V*%=M2ELH(tMvO?zu32MBa{yeD9L8CT-j< z?oSe)rUg!qxeeI~^Z%Yq{p*Xnp1rE`?XwWYxc(|c%poTtW@+c=El!d?;0y85g9o$+ zGt=J;g#g^N=Y&J|Gi6t<2gf@-xZcef8;(lxCXi`6S8g#;B;81!w~Nj!C%rWM#kz?P z2Q1xvXGh##EZJJx?YooyDM}Cr(W%e%A_P^Qj~?>-I>>r6@^jLBLc{Hw!l{piZ1cx9 z=Wy&=vq=ha;> zfQ&qLi0TSGW6s>2awSDzJy{^OT*;>*V2Kj}c&=@asV8}ejBuucEV^EQ`0PIX(_zKn zTD&cP#ryLwy~H#H!GknPArQt-m_J;u30!;}RKu^_+|lUTKw%Ga@E?X(nk6@BJxmQ1+XzkhyI5->>`idLC_@T7Y1z@7foy$gcM(@%p znu5-&^hE#I@4J5CGwsq)%E3v&MJ|Tw7658oB5K`^=@VkPS*=8wtC!+2bS&D&DIb$SN36h zJ@w|HQ>n;n0}d0FX0Dx6R}9Zp8GQ)qagKhh|KihGGF&NLV{cwS={}PXmrUkuJ6tTE ztH+ha#S4CEF8t(_>ft4iC@UBM_iiYQ%MQDy6v*jINz!rCmLhT$OO?HzJ0}@_ z*eaBna}&VCUSXI#sLgBHbZFva-+^)w%;YZOt9BPHq9)=45(deoo!bo;VRRo3y@Pg1|K!i@ z(ejth{Dz)yGT{h3k(ZL2m1hxoTWZSr;zPah08cyUsSrwTA(6dFQQ(i{rNl+@ei&_< zDNTvf?iJ$hs@v+Mmizk=|D`vM7gl5DcbK+g14@dki+5`$MIAmH4X_CL8*Du6Ri2&9 zE7$36m7(5b+P-TE;w(*cuoiD7+)mf~i*~(eY@j;KuZ`+<7mA)}z3A$!cclB7N*3@D z^!PA3NfGUPgHI~s;gHhAGg)vP&?Pw!4k@QO?i;Yf$AM?UTP@Y!(^fvrHMGXr>sAVn zrz>@0m{}CK_W0+t*4=L3Tynqod^(y%S|hFplUB>GvY%m)^Xa2={3$A+bHM%KDX0f2PC`pkmk+_Yb z=mJtJkfduVIhY0A>-*A{Ltk_6=+z1I^EP3Yi9-RFhivh)`u)!bGW zr2(Hit_6{nqHs37F0SlazCFuV*TlZnFJ%z&Hxt%_Ep*0wh6#i_*H>pfA`|A=S5Esz z0{oJMW;$USzhq=Ss)GrYhek4%rf}Pw5^F}4iecmA`MBlr2M{#o4=>ySr{h2H*N=p8 zPA9SV(l=!+`p4aKjM0LkGU{pLPy$({(R8V?P+Dr8%fVgwkIj3JF}27XB4?-$^Fg?! zX+pc-iEt=>5Kd>Dj$cUZne|B_M{3q|47(`VYE858=lzKN5s83{^X;Ku%xyHm8LrLc z0)xv^pM5g)maj=fyy&pFQfXxudOWR&1adeN5?Ma=O3EVpAC>O!-3fieg8Oeb84C{} zTDXIR5Dl2R;~;jQ`gF;bN<+wH^DfTtz9DBrAMbI}AL}Pi|FHWGClYwOy=zqg~&V9g_KTu_TcSO@Q znq5irarne|p-DMOGb~c&`idVcvdv#JZDFH$M&p&v%sm;M@(o^tF>~cWE+~KdK$+u7 z&Iq@wL|#nGo@^lfea|O2y1&974Q1UGe^7}@Zt=n1*{~K9>nRw^O^OQWCdo)T>_m)32HqKKtm$S_!NS**{v`?z%nr8K{X0wv33_v_$WJ%~WqcxZniR6d z_rpyPAogG!lZD_A~?8hY&5n7tAdUf-uLBapqUh%E8ySdN!|y2@9pCyxJ##=JlII%5eMo&*IC4#wP&Fb zEoLbkf`Xj!Sj+{99(=l63B<1XGd~D6+YTI&`6lc= z7^uoT1I(R6WUq`*W;Tv@caXNj+?FfU&lb)OOHI$PPY{c${*L^hC^f!f1Iv5xIIKRw z&T~e?sX(#~Zc+4DOD@1nGVTi8>xK}2yP!IcL z44r@Kajktq^d-Ywxwbzm$ktDI2FL+A?d4Rnbx_vv#;A zK66+}Yq__TxomK8rJlFA(W%oh{Ko6hP>57*?mW_Vk9UvF{FH9Ua9+t}a}Xr6Ze4rP z0}nVKE-WQJCt4>eNLW2oW3X=2o-q(9#QqKphfZ$*I%e136(*8&C?V@w@)RsKxB5cJG!J~E6eGs4Q*nNkH?Y$WilNId@LdB;lsitDQfk!f3^Orll+1$PW4 z)i?sUx<)U$v%e(?T*EtlK?N$kV6Yi(cUvew|63CT|LrZ?kZozHlEFO)N06N())FRkcd(y#(g$2y<2qEv51P->&z#UF3|fzi!{^q= z>h0zC))m(?6@?bHXm1=zHg~rs9DD@wxK1P&TO7*|D0=8r|$7O`(CbDfp*V8q$nQan>-0c_)c2C#JD-`a@2lSBPhNe0&ynZm>A!ZS>^OKPHibpE$6wjCY6PPA`zbFG!(54 z4?rH%CTKGfH>SF%@2+S_iR7t7nQ3g^=(|)#iT}&A(04JN5~mdX7tg1jm_ z{VHp~YK*HN3933z;?pYPgL(QYo=ocNc+V-m8RJ88e;Es2L%b+utEurx<&)N3o2ryH zdyhBO23&y2m8uqSOxj8lM)Edmk{>GCsf|lUqKhwhEDEMMECr9d6$Tu|OUJo5{oq}l z^?LmnJ8;n?QFv_IGugz8gPE0(SX3jxLohi7CefKBFW0Sqh@BESXs;k!?`%-%ZY4CF z&eTidB}(}p75nSK18S?SEqJB5B!Mxt{yxUI;uqDLYk#HLouZbiJH(ru@23>F3O5#p z_Aem1c@2WCj$%v^LU;dkBZF>QhJa*U)(|QAf>K3fT~E`R%o&6KJff`@P4G_lGz9p* zOTPH$r%gD;2(9jg2bBe%NO&A1-aSfG-UYF#RbSiL)(;S2Z4R zYK{q1tR+EWwW|^|9nQ>vcYr59#o1_=q)Zf6$ zhfGZ|MFw3{dPXN=>=oiet>Vx0LWN&^44zi_7;YwMn;V)sflgZpG?auqlr-G87M^wG zVh{z<(y_63AKJZA52s8U){VR=k9yH)lw6Zrj=JY|PUEoAcwhc-n&SB(QId|5$82?w zHVX29vS^aoe>H-cq*KYS?;8-GXC^$wibRt*kxG8$a`&z2x5MeT>-RuumzXods9EOa zOb-S>%dbwpD3ofVPMzSo$)AcG zsg(~GW1{M&0$E`FLZ{p)1IrN~;QCrD5_@69(f3hS?zB)tZbHo~o!89DLt|=YpUV`l z$1i?XJxM%_t&F$uVyjKu^OlqKmt&<7+bR<;rIUnHfejN6+r*TFmL>dt$Ud>AOC*tA zHtrc)9V~!^{fa+!4`Ag8Ertt-&1rF$|919i>-Yr(m-w1idi`>CQL2xyq2lE*uR;0z ze)uer)s{<8hMlr=P}`QH=jzP?`6Pq`Kue8<(GKC3E_sU|JoFabEQZEDY`#KKzI#TR zQOLSC@FoPXl)tG)@3skgRlV$`=d)&RY}rEE>ucU}JgE}Qcsbd@^jV~XtC9ktPINWmkDK?@{t$0>> z(lW$1efmFI6v` z*?hXmI5|Q_Eti`WQGu6Bw~S1|Drw(RS$BI-gw#6JC`zeWxzk64{R2_7AxLVsMt=`0 zQ$xGexOdA)X#xJo)e??L9F~4fP-a-`z-DY3=D)&G-wP#u_7xlwiVOskx$2f|R3B}` zKDwiGbew=S}<^Q8=SOTXn}f)$WGia0NSqICO1<>$)1 z&yH$rte;&n!x9BQcQ=w${m0++=eG_uDPH?f8RC{|jRXY-+wgrkeLC*b3R7FeSxJ{4 z!2p8a`hQT`2*T5=fvT*cF}?HPM=)a$Dw@yoii^XdL&)UpbZci3^p@PA2s&YI_Om)GV0}ORxY>IZgkk{ zG$(#M1rMtM!^z}*7`0JIF_kSXdsy=zpDgHREQ5M1Wk3>M_WsU$!h&*q7$*UVAy70g zSYMHTO*1?+Q6$*tU}i!dp38ZqSp8Cw@|86^(nfb-P?!A=w10YrTO3 z{XXhzQ{%`rRp}y133kdh55xqdCe!XWDcR&8#dXE|tIA$sBLb2}b?_Opp@43<>yTZ}m zq%Xgd&Nw?D*`>~myn4G+u2V1K$xfFG<{;a2=gtKs*^Bue007wo&L2GZP+ppqG?w)H z=(PlOppBp7CgN{Pm?fVLyWKW!Lj0fR0M9;$U}}FI|lhkv+^PD9yQu($LLVq>Q2SUiORuEzN)H%`)rroYhF&m+X&P| z)YI_vpx<6m33Ye;;VC`!XMSd1Z*r+l5HuskT!u1L03ax0lS(jnsOJm~pfcN|>e-mw zlBrlRJJ{+YA}lse+BAOeGe^wteKU(2F;#fLri&eb?`KQp_fN-8zd{S$GOh7pdnr0` zWK%pSD5ws`CQBiWh227r{P7&KlXpORm5)qD`>trarNcQy54gO<6d;fX%yyK=chjTO zO+Tiy9=-PaT__LiA7mG52U*6&mRK7jGW8m+hTXBjLZ}IM&Mfm$0U+EBCS#arzPU^V zQ97nqt4Ll8JyLD>O+CBt853$UQ|z?CW>DzFj=jJSITAHBW02eoVqqAZ*}|GgZO9+r zD85)em!pCAe40`|sDme|o+aAXSPFeJo>%&v#%C<_m{AyRRw;1SxnLlx4Fx&d#S$3# zB|3=1fADHvpXaAPHFu)DeZ*ZS#kvE7hz{(i90cj0-zxD|;5-3#q)fb^bi zWZqqHH2|Ri5a;|RFxEX7!3Us7dvCPcZ6>pO^_`9?`>TE;)}BVcXG~{kpI{yc!!FrD4;?pz^ z$u}jzN64P&?~Lh8+0U;96$8>O;fIOw`2wpOIROd(Fn#OvHUh0$$VRJ)3F1|2%E~m zA1^8`ijKq*AXdsg;|XjIYB!H(Ke#0DJ*kSm!~RxFT_b*eY%W5?n`)6OWB4k&sNp|z*3hV zj7n=#>ar$LXkHv|herkjuVtR7jw#-qYMauC-fHs|1G2YUO3WEEbJ)IRWG##>1L1Pk z>RIg=McQ=d3Zj1#4ofg)B)?15f2p%oPxCL@VS_UpQ7kqrB|g%0-%H=`^4qJ*v2Uv@ z$2!3g#@~*dISsF^vDB4aeUo;c-6$S3nB+LY5>yhDpxb!12JM?Jb>t{NTMqHLf3ECG zx$3#hhf;s70ZhSoNp@j6$~X%N`pRk+J@Ko+EP85vq~$q8WRw~?p!#0O@;HxcM2KZF z>E3Aydb{Lu93^vfr0ZYd*yK>zl%>=--b6z;CI@UYPhDQ`cx}r{_EwJm2*_1<$Y{}K z?g4z7TAxR95Kof~7AHdQ2d>!JgAQ81>fM)GN-d9jW*X#-t-Hus{@OoJM=YD!T(%T! z_-2ITH@bQq5}>Y>boLm)hN!G%+8&dO55Auw=Ce3nks1)s4N$ZSw)8773eJIKN}P(B z*{VZhn#^8y6e(uSA(ND!qKPtqTHADUV&nEafL+*f<}1;@StZE*B!wxyYtN(%f1&Tz-sQ+R|Ur= zEI6FYl6XNSo+MTT*pW*je#Z|q0i=G3WgZURPJ}#MN3EyI&T=RIlNYQfljLdmkAoqe z8ceqZliJRPg~pa%=a)S$4BY=wgx*!Ud|eV0g#V&V5AgxJ68rC3nlcR;uUm^y??G)} z)?DAVvGp?nLL!OXQ^pKiW}-1Vzds{buu7!r?t~eLkMEUesPBp{v*QOK*Ifd|Pot^K z^t9xw!O~x1d5km>-tlV2Q-5)02V`rt1pqF3aL8FbC7hJhh*~wbSVj#8C%}%zt}Y(tt?^S z$a3c-XDdj;IC;(tm&lu+2)zeLLU~%*Alb;weY~}*-zO;pR{-#|Xn+E3HtA*RdKs@T zN^!z87F9B;&v0t|o+Bk8ms@6iM9D4Sor}@EZmDl=46-`T=FCAY;f~cGUvi{~*;rXk zJ658yrpPWjXcMkxoIR3G5;??3o-JxdgcOq=ns` zz}a#AWGCb|-kdAO5(S52P)DZADW#d*5_03`&~n_4%S70OyFC})in&y3P*yV-cvmel zzvCB50VQrY5Fg_ zPqS$Th!Ez_MQ8w~xIC8wo1sx}g_zIGj7OXo{n|ZizqJV-% zh?z$WCzGEGO`=JFlmrQiL#_nmFzvpkEAlZf}=@0r*E0MXzHV#$%Oz+8NG=?(dUyD-gr z2IQ1_95*_--e3BS>PPF5-!^r)Er;cJ3!yl*23|l?`ZjS!_XW>T_^rmL=0i2^Pabo} z=5O{6$TPp7^;dSaRWRu=z+P`tUp@Wg@(73kaZFH0Z~d;}ZCYksf}bc@iWT*!Lo`l&3p?4ws}ijTxV@r=O-bTb~^dU;dkpOZHS9aL=JXE{A$B zz_NmBkFT%?$Tdk#!1gMv8D>&=9AqZ2f39KrWo@W3(mdFJ3yG+|5510p?bS zuXTAzJQGm1*`PT&mXPmQ|LKG6lyEED#spfR(;Ce80{)Zb7?lPac7O3J>%l2~k^~oTA3?)Z%z5DrJ8~9JlnlLHG?#uDD@;zL&zWmEh>;K!?1`FIQP9cP?#u% zlB`pqRItsd_T)-+$aiO_McY*x7{*>buUa?W(QU&SeyZSxxOGY`&t}C1zmie7Uu@lG z#a$6y*I+FZN?K7LthsG;mf)TwWQn4vmtHJ)yYK`-Ell==Iqn;b4GY>|`8-(o52Bp& z-x|7U%tFucGWRVKeCrkwjQjm3zZ@J~H6*p1ANX0Moer~@?UG?A*aAd)Gl2*qJ5}P# z)AWknn0?ws8!<_L-!Wq9Zm+eBf1>nAM$kZpzR@EQPx@5?L&*LSvNRLvx}~RADIc1g zIwC)w&vtLer|SdI7cua|0A!>Lb?P!^Kfz;RFIvhemmdvml#URYVIMG4D0T*&i+i8f zp20l%DF+$qiGsJi$!=@A%))s1r+0>>Zw9~*Xg^f`Jj+?L@aUf+o?Tw~(kEg8jvW9| z0yG2olEt4?iVOetHJ|EV5;PI72c#06}24JoPR0OVv(df)3#sYCt z#LDx0oT&%AyL>Fl+(-rPY&tlQ&fm`|P=;Wa!rwi06uk$BEYhwlUxqBHuu0VkK1T@c zVTFRILeZgG-l-z_(#UWndHza?jYH?&MuY6;DSwmkTXNDwyD^;&hk*)_Q2JFg1rkL^ zFSmly#-0{gBQM>N>)sR%KHv_!^VBWz%n4bj)?$K?H$LJ>m-Hfh7YUMYw2O z8M|WF!;=yI!1ey|7yZa~W3EO#>TT2`BP?)?&V0Hv-i+n4U5|+J;olnBmr94J`l%J- zSrEZ$%IR$0bTHH7dH72f0V>qhw2DemeKn)%-Uc>daC~CGKQRO^rFQ}VfPFN#vXjUx zPNaO!)CgjKD@s25{b-nfoL!|LxMTy!t^!| zX7Te2cQLHdKrOq|(*sS$hun^;m+MmgBS%OAyz9`CuNFT)04ceXFCLjc@$ zQ?Z$D{gcC{qaCb#dLHbhZ&2_KC&2%sf)?GD#ZR5=E1XFZq1230YU;8ZL1ror8J!&_x#410Y71fhav33p@-8BZ{cyF44>wYHv|S#F z(IE*7+(n<2omwqXtZMw|KPW4f*_V=+zFV0dVJ_hx`(v3JHKgC3w|VjnbQHbtE#NRP z!wt+}v8~XZ#i>6w#vG@rCk-Q4NbXY=b(u}c;b~r6u_Z+I;`H!~=iBWWRlF-9^7lyW z)GyU%A!o9a?3o^5m_;$N62Ke`cA(1Nn(?y{SP7qW2ozI@XpbeC@!t8j`{+Oq<-a((5MSnjq|RS&Cc)O*GC@33plarQ+=bWZ0_AV%ls(vgo|1}(Vp<=Dssfw zpY@xNtri*=$3A+&E&Q?p;k`#}wEd+Yvga#rzWpeCKP_tR3N(tLQVvw;s5kf@S$F-` zf6ap7=*EE{jg%6C45U#UA<~RSK?Ou<91SC+r5W8ix&#N(UDD`4Kt$5S`f%@i z-1qa-^FLh2wPV+Lp6^#&qX%=#7i>!%PFLW62xl)t6m^d=!0bGLArA1HJOvdPff{4q zv(=eP8UTA}5&r&;#nWD&%KzQFZj|D0WUv(VM&&kuY5q-G{SGf_* zxs26z33q_LS%)!>ZtT8z55(m2vD9#g~uuR z3Vj5f9V%%2T8aW>zyQn6BRK9FrI@0Vpab_*hirxC?RO$XSl(!=;;r1CWH{?(^Z6D<3PKvz#b|%?2dyL_MEozvl9i&=!sNmxdVlftO>7#yG zUnG-cIwHmc+Z`F}XpChG#piimBgp_5nQ53NPo$KLB$piBMB9fmKz4~jnkY5`@NDxi zTh6kq`ytc(0*C_(o5sR60gxYGnQViMy4Y^W#b&k8B}6Pszy=OIA5_GQc5JWY{M9tn zQTa!!>iZ`5VcAw+V+ec6kNi$i1iP`@u&TcBXdU$@3!rU^4A&>HBiY44)^2BDoauZu zA=!P@k*68RG`vz*$x*+}m?(%W9h*c4kSW7VFQ4O3{TyXys+1yGq~{w-_c@@hhlX9Q z(RBbg*Z)5zfYdb__PQXauWDr=PqR8N&!?-+;X+jg?t<@@acM7pyb#p*0@e=t!g80F zWxNC~4{T$lF?s`7#vQW`x8k1Hpl7sq?d&)ysng^u&|3YfuMGFPM=*Nmtmi$ z>sJywjE3kTXL&9gyk13oG6r!FUj@H;rK8*}{;|c)Rx2OIFo|gT%==pB%Ii-yuS-v& z8yE%khm4Jn)pLzy+}geL`@Np{^3b#V)m}w`UE0^ax_vvY7h|@0Q+pvTuJ4Xx$4x?z z7;#iFvwwRWJWMV&=z^qCxmvwJlD|jT_?=KwAD9c;vz*VVd_dbWu z%3RwIqh@^i?BrgO<>{~$S8-Enbo19rHeVvTB5`!qhuw|KP4}bq<&3xfb}p1+wlyMJ zpU^|41@GVM&$FBKU1kvb@Vs^vJx-n~ehF*r?rQso=(a0kxC+u5USr0>IB3^iV?W4# z3{*-cxJdyZ6aFOXyOYrOc|AR)y_W)ft#m6F{^O@1uE~C5v}!8G1*@XLkyag!Ka+{R zrPWsU+E$53&B49e&E>X>5xld6o}S7M1N+A}-%0z>de1HfO-Xh#OYr<2#X*}xSI?~@ z&i&abpPqm69{`J`f9Q3%;js&b;Xa?!4y{Dui*XK1L96{=3wlOW%&eAD&}ZG;tsB>W z9PzXZPU$}3%;k%Dp2^#sz#BAFv!pe3ub4Bpck|(p-^CKh2W>WeGBRs|uEHOkNCLcw zi~@-z+x5&G8%Go5{k8aG)OiZ?RZ0?W$iGL4$Kj*+zZ->0gK?45v2NTUgs(%IylU_N zX%_VuWZkiF(SbjX|953CPsase$P3U~lf4gVO3HKFw`%uZwSa=s0f{-LDZV$%+A*st z0Y{U|P5v^%s$Pp6Kdf8CplBG-y7Pa+gtoPKHI*+&R2l%S`fayFS1mvp zNpgmn(}l}NNh>X%7ol=Y86vzF27k4Cy`OcwMU)|erGKt)_I;M!aD4llmxBST8Hwgv zaVYVbn^2gu)lG3Nk=|W)k8@35KGQ+?eq|I6EsFsQ=gT#YDkQ7V-Bj2hD3~gDZ&3%4 zlE<20t~5q>+ax*h*bB)}#%We56K%nHd=mco{Nv=mA79T<#-vz?W zt2u%JuO5T#?Sl}w&>x>#7&%@Y%UeFZ$8m*__aIDnLt)UeHQN;UmODUxstV$Zfo~@PHU|G;ayXdfhZxTT?gf z*5#2Jprrx3tA(83w5FxSI}#w|aGhKpLjOET%?=X5LJ(Qm^5on;%7{awC)1CdaK;!5 zt1DetwhIPE zL}lE)7+$yhV`nxEk2aUu8$CRp77l(`ppXwC{ze+n zHsF%$rT3-f{&SUd91n2g71Zq7XF*HGUo$hBQYqW$^K8uAgdsxea3H3TVareUKdyz^ z_LwdzM$&mUvNpalpLT?()Ya_oMM&=3y|L8<_%LAcwhdW_-EACpymLD5hu&PoM~OUO z`YK}owu*0j^wJxt27Vd!g@sk``$rqknWUaKk0R&xNv)RmU%% zQcN8J?%k1ubIJPqbO4Xuy`e&X*8pVMIG{B|#E12P2u{D{+``QIUj3=ax2R&}#yjmE z!ewlORnRkGj)p#0+;sG#kdZ_eWmcYxL!oNnKyKw;1b*h+)4E6NHE~M?XYoT%;@Trv za+b2%E|Y=izx?Yp9y;gSKRx8$zxDOisZPcL+HL7KmZ%@l)MqlxRbHhdZf}*Kd+ccc zcz-Q1OYXuS2#)2lHxS`L90KeztAy-3vzVX2v4QBvhO%22W`v~JK+O~Xs*4c5=_{?u zGwNufO-R{pEiFkLh`kUgpOIQ86XRRpz$YTkI#*#91`b}H8!W6aLF!)qz_U%aK)1w* z+z3B12nt49q=1yvTyDV85cKZ%4#&f?Z19o^v=Klr#BZ~Kzgn|}5TH?-O%t5Mn5d-oTfKgUdHMThMKgf%89@|RJRliC9L+L1yR|{%KzY>R|KJbVI z!FaQt;OYB_{QLUhsHGH8-2xH)fS@fMv=I}#q8Ae5>EB^b(mesaLJQ!sne5eaW1b zb3yvkGCnBQ^IeVfYKRdSOUruqizH*7Un=YsG?{O4fotKkS}YW4=(h2#f}d|sTu=E{ zFiBT%5j%7_o0RlGw&YwAWI#w2M^M`5@Dtq_-)ALK}snIc(ii`@k%C29*p z0&Aq%dXY#=971=Lze|u!k4q2?(xJTw>+(sZv(6MU?(qil^%rc80lrjWdT;0P$l@W`UmT=Ga3;R zVy+Y|jyf_F8UpONZSvyH3*w!Rd&vN$T}gf(nyD(jt&@?hGW2){>{!*V(MNr>D z*mhhC*QzTU*=V`+lmgo-38+yG2Fjz`cn_ zx`b(N%Qm$y2H4x2(b565-iHB^4AVGA%Yl1RV(n>lvWcc>_xLyKTW$os8%{aM1WPIW zNn`TRlKEOR*I(wN_aISa<0rEPd~71{ZN%0-P=z-!;N~SVOGWiZw3iLFTQewdyplULqeg-SJR$& zPkIjghYUA(GAC^l@rm%+txbpm;E?1Pw4>Zl$~X&bcz4*^_WD3x_l-g!bQwx~BDZy) zIdJ`=wZ1}Fn2@oC%DdKTJ(YPvw8Z#K9rTC4@e>;cNh+4*%r!s@>QMsXmkmeo1%O#* z_iK*(i#Po(0gzdRSQRP2BnJPf9t-eyeRH55A#!5-O|8PX7{pPGkMVCnf8csq=PGl~ zcGTg&FWE;)k&cYhjt|~(3m&bty!iL4#CB}HSgB*K?GubQO7>-TKYq;k^~i(s_^u23 z?H7-oBiNM5k?`^GK6E5*fVYEqX*?W>vJCDQB-XZ%txLZT`9VPakuwkmvI_tF(_$iX z+NW@3TW+T{DX;A`N8?>kyrh3hd`RG!L)c%1&H#+jSKy-h&@3~>a=Z4U@N7l0xYKlTzwbq##z z)rA0mj5&h~4%JL{3g-w2=Zv@uj}Y{5CX{h~7Qui`te!o2lt_6{0gTL8RCszCQ6v)A zO}hmU0jTNoT|14$aYZFs0u(SnRVvUF14DoGu5-F0Ms(zgVThBBzP$vyj}vH{jUI!Y zchcvad7@--5pau)bl;8ff=7gZh!JNv3z+|S-*+k0J;U(XLa0-JLLwfip_iEOC01P_ ztpD`U;xuFEF~l7Q1jWS3Z$u`0B;hPUC<>7G7*aDEMR9iY9*PgZ-@Jp1E~yf*@C9=( zIv#5R&c2EOQaCH!Tpv>*?p%z0804iNG2R{ltpSW;{*2TV4+WU?m8OW96!iZ01T~8X z85XEN{fXlqiSnlr{q30Y<3RTm#O=X{bCyYqVrdG~!3vbP=lZ5O0j2@CWU`BC?ejSR@j*rN?Bn{U8Mgx=2mU!6coJkMpo%4K>I+b7tq@U=Z^L1Cw6ixV-jT{H$=>0+g5%zm6sJi3Z zb!=hCvwAo(g}_!ky}j zy6(nyDX6fNip*5XwNi=f_i!i{fz=|CK7K95k+QVzB{hpazy0NDcObNzA>`Hy2YQbT z_I5%L%H0VdDROxy8O8HEgl{E0@iC(lPtKC=|CrRO>5EBb$R#Rz4pS(;RWU1A>2Fx+ zP=1!F@cWSp4)lGw^xE&zKY?ixzmv3upMOj(GgO75MyryM0GOaEONy#ll9H7!&cZ&U^RvpBMEY z>k{>=I4n2@NT$|tbw12GUK>?mIKad`*Bk=0ip-dOuXx_NejX7~l*{OgWuVKt*|Ifb zeUytxM3D}27(DaSJ(NgrPV)*%-K_C*PNK$7bsa)c>Cej3+?R%pFGpLVnP@NXc-H|X zIq}w%*S=1ZNcl!UJvy(NqqCSf!FMUB!6QIztV!zku=8??In9Yt7A{jtF1+Y@*645> zwSAAx)-yF>7G0YHn>x*X^}CW-6L;COsryQuOL!SQt%DrCLx49!$Ldm5rI2HkPBNqQ zZ~ytg3})UO_B=+9U4QAX?xFsVW-uxlN-Cl@jS@z!bjGyw82RxoN+vreJPoEtVf>EF z``KCKosgETTxVI*6u=JRBI5XV=mh1>Bx{Pl;IjZA!T$n8YMK&h)UK72LG*7g;wfRz zL(+ql!&IkXtnNkYyXteXGTDvxo~YuEj@=-(qAsz)6fLh~$ZbOB>2m9D?y?$5_KslA zXu~?pG;|vtg4zS5)2BOQU12DBHUQXq@3nPjcC6e%&4%g$?+BD3!wW9%n>FF|`eA&{kxTN-JHEUnuUu!+@ z#VW+t=IhzF2lsEOZQ^!+{WIb9FZx4j0CXXj58xU9<1G;PkI5(1F9%V%_5xNg{X`$* zR}@qNwees%whoY)>aQUD4Gl2^>rHDJ`S-YgdT7ZQb$6#nG8*t1{(8Utxw7nFr%gEa z0${v)FvP#w?)RW852L$sfnZR>7%x(&44p+7(o8h#B%W35iK|!{<-V`&U(nLpq|uZ0 zkS{_5nC9WcSFXu_hpp>u85BpnpZoNG0_5zAEJ9(0ri>IkBaKF}>kM}t4VgD=7$=X` zc_FgAhgQ6eUvas-#O4mf<)poVdk8aiVxZ}bem{T{Ki9|y&f~8JdmfExE71U#5$Bn_ zA*Zjp!YJ-zI9S#3NHKP7&N^cVhhnU6fQ&=3NY$OkqyAF;etc8!kCAs&!Z^o~&ri_Y zd*C?RDd&hO>6>}KUrj05l#Py8L5{~|)Srp!0|&oCS%B2)Os)6~cNrA)F42Bz6Y6mRBpkr$@aIWJz3^4Nb} zVJB-s@%PNH_C+)KbuUVhp@u2Vohd1qsjD9Y*$Q}Fp5J9`rE$l{Bfd#3JJ=1tV%B<#b%W;?Y-2C1%5M~rSIT!yA}DcmCFJf zIDW*r7ay3`l~b@P_`t$TL8vzT+dXk)7a1i*Cq3y2(y-18$reA8-kj0V0FRobjqTXV|T>M-YtV?UAo}!0j7`fJ%aXYyImhc zlE)P$){Zr|@$ZzZjL*OtDJu!dD;glQ#^!EH;oyMmPAay(jWTq7r=+WURk#aPOa#Zo zeH40E+Y!B2ZM@(-Lx#{G#LCnp3BoblgW0!soU_P^WP_IvK1?Ue9{B^C?8( ze$VQse`q5-r1S-S*F&%JaLdH!AnzbK;=kp^WKK(_Vgmiix0|S(*j>B1_+RjGDiO>s zvD74sdhd;5drC(u_q(Qd-pfwKzuI?pI(ks6H}zueDU*S_-2vd)K>;hlGKim+%!zpR z8CSnc>VaguKrJO!v%KHAFLRQpfXXq13COOUf7mmyzLkYO5KZ3PH#rCiwhy^=)()?FHo;2U!5Qzr3~sme(W0?j56_UHeS94q*~M;Zo7zKStHS^hz>qEut&HXS3dl#uEXFH#9P+4gJ^0m|}KJ$W`-SP|UY%*nEw9eogndSsYev z#_M3Lf|XpnaTgn2u$8?(s<>76 z%7N$CD!0ge4;wi2-M@cl3@J(*S6IDq;7A1-&E7O;@5+w?e#WYZYBR$|^?VNiV61g6 ziF!ky7{#tX-!Afen(8C`+-%=Ep*u>z!1J<51_sUkhw!PY)JfL~i#z{xU%LH_N!auv z^qF>@=9aQ~d|z4J8~pW)E%a_FWKy{|+f;Y0ynovMLzNCEcZ7%__fxD8DZ*{6;R1&m zK;9S-o!_JnPVF}n6=98}+}aV&m^7#;oW+5~E9WQkvRi*MrI{8wYNL~$n9PjLSlxlZVZ*#YB&sfam85q|wCTHtNOU3XTqgCY@ zrd)xprUFkkdbMZfC15-)gT9hT`C;OvmgEcslwF=<_r&~RsO{r+3-*xA%56V&MD_Fh z&SSh^%ZJ;wH=?{tv)r!*>!1xTOQgPVWsqkTZ1eMRi9esEFJ`W!bh>F1`ww+z%_m-R zQFdoM>HCybJd0vurL6Z)y8zA!NGwLsDvH@jG;`ia&lYZZ%}y%qM{Fd?=SbR4YuO~+ z^n94I6GT*?&MD!N48Y{E&2MFwR6QmvP;i#Z0-ecy*X6yzO|@R;8Dp;dgakf8FoXOO z$la~wfX9FZ8w%#RU7RGWYEYUvcG{7o^5U&HqkIU@%%K>?Df7(Q-U^a7)u@~0zS{+*&FWzp_-C#2GsHBFrP5?5k$5N{et}Py#lh95 zUVLHzJ*;B`mszy^Fpq7PUg_ZC2qP-^ndymk`>7wrTz=U7^BV4Z1)n$V@se|qI>Q4l z$MP&|4vim~PLDbUevW(yM#(g)hl+jt;wSt8(N^$`^>^`5d7)F?Pwc+yOK0Pelo+;l z9PG+;__-(o9sQt!UA7rjPH+60K)8$qrfhP~+9!5FyC5RD4q7fh`GUeK&aOBUJ}`<~Nq=6y*XC?qIpRhY42u_D-g<-+(32m%UVY zd-I78$yxeQz^ME!#6+`Jo7e`T>Bj9EVNEbyIRyLNbK#DzW-;8Wc?f~;DCd}K)>9nW z>ty-l1?7@V>p)VWTfJ>b__cW^K%59%JHc{p;RW19s zL6^l}F-yqyM(AsocsX6p6plKMk{*Y1)Zn8*J+y^3EyWjf!_kG9TibOF4R}?fb>Va+ z(M|cbYxvveJ+R>0;aH1??Bj3_Z!%E`epbu`{eBB1hL4tj7sK_aK*T5p`jQ#QQB6li z1*psVbV2HMS*@MX)$%zQfH8?6;Ta5kTX%wM?ZBJJ%zqWoV|X4WCgIZ^$BIKB)BEsasAa<}2&%yjUP|ViB(~+LbU!J`4?b1{THYzq8$Y6qZ%{%}QZfifEnSSJFTYTMQPq}>7 zABqEbW04gL5$q<~e78T_&c3fU0RH{O0VdJFdgEHYHBW%d0(1vfiaIu(ZtsXu+d;hT z6mOF`xNAUxi!5ldndz*V*RS!M(cz|ZwP5ZN8qd}FRkX~5=!@{Rf|&uH*=CM|w%+b_ zPzsTu6u;Tgpi0tVMbZI}=B>p`l-qE9h-^+kT zDc&Y=5gTy{XHFLardzah9TCXgnf@XA0yJMSEV&(e?uBiZ*t8StjP${`2l~G941C*} zx;WwNUnCQA{-wS2z{PK`Am`V`KDSec2CTpR+#^4M~P#|GwF@ zVUbT_I)1xdb=4EwfZqzx;<_UO;Gq%s&3o=;+SMWXrKnFY-1%_n)3sk2{TmE-se9%O zS6xRCTNP}8sxUc;u67lz>!X{U60}v@K)>W5& zMf@1Bn5Qu($MYv$?O!QQV^Io#Da2Z#hlmEG?PmtF$#1%TL3sX~su9Ens;VFhk&EmWDz#wqb3QcI9e z3vSMWXzoro>ic}XMx?)0tQnCSuPFIS>z}izbclw`exLs@ty$#te;0@Wf^V+My~%~= zOPIg8Tt~g)LR6|NR{j=WX+=?JdV|yM%OmoWK-!vY{S1-9*M$4-2X}o^*4EC@26$X& z`0diKt6i$Mm93xAZ~P5x=y&~UaXgjwX892Yp{Q`nd>{i)7GfDNdL{O0`1S3wfm`#K zy3o+hREyH$P}F(gjC6Dv%p~_ChgF1fH0;#|_;`@%fI+u; z-3;m*kEl2C#k#Oh>HEurzKlpP7m-11&{-|b+badGNmNxF3Ji(ItEE`@=v^BTfR+q} z?V}78i6D3fAfUx-tbaH~@2UAP8IJ`i1HxT0!C>U0_}=Jd{R09vR*LxPD#A2FeY#Z6GE3IK#`$!3P0P)>SKixq z$7`gia;gXyiHx=^O`Ivcf@t)yEUhq0*NZVMFl>={d%?vwYs7Fz%(%d&U|~(`2`c#l zmmEn%(qiWv-^01l%;2&YoV5XT4%KrSm|W*Q>{T7Sg-CjXoV;dmBYi&=>fzL{?2U!- z2%|W#ff12Xy3LB7J<_)RhpFuJb(n0LCiwj##kn*w68zEPe=e$Kq+2o&oN;cv_~g#9 z)j5Y9h=YLhWImTeN&w|#3-M)4pl0=$7}e(2tbCF2j9a7Z+wukb!C-G}SNETv0$~}B zW^S^+?_YlfS0=_ZE$=yOapnV0rHAre9rm99KyXWrWfyc<>N@jvI&-SGU9Pi%QTL1L z6*-C)D>1+BqVt{uDV35R_8YAXM!)@Z1swKE#r;FlYbXQ1+bt;!9|&g1p~pA-eHzSZ zEQ|ob1YEc>1$2X`Q2h%QcSQ{CQ+i>c%1dMrk5r5b87GoKC=FAp2;6!2ND99WlJK~a z6P{rZ1A}8NJsi`F2{cg{D_YP#n!|7e3Pamg@0Kv|o4m<#rL{U`JDKW=hu@oxtFC~N zi-}f>A#$PxkH5rJvIfOaKNdaR9H}V^lsStBmNr|A=%Kyyvw16@|HyU7q2`Wk@=-a& z)S616;vfZkR+Tbs{qlo?$ZLYPJ-B47Pp@yua2$9Ofo z&NP6s_bqfRGmoe|{{RG?T+DH;tT4P^wCJ=-?S+f(i?%b`ye)E6tjd1TnK63xQuh%o z*e9pwc8qo)s_HJ$Mc)z*dN>_HtcjjCwmEJ=3`r@(p%=%^_`22qls|-iTT>W#o`uti zK)5k_b#Xl!zsO?G7p`6L$aYYN^(hf>01A>JYL37T5nj~_%uQ2T~ znMwn(xn?bwon%cv7(CTk-2eG;5X@aTBKiJy!;xj*k>IzA+E*27M|XUzszZS{_uN|9q#z_ z2yP_vR}&)j58|2QX^+d!eNGGHDv5OrhkBa7@BMD;64U=+lE2<3qQ4>s>z2zLdWDnO zFXi7sdt2h^A(!7w*AZ3Y+TUXUAE6bkcZ1k5HDdGbVa6T6$3QG2eGvMssx9WT%5gZq zEI((bbAyznx4jjv;MdmRHFYbv=e(9yVWU6v9{(Xz_veLLh|ud_Z>M~Ivhr?A#WJ58 z2NHq8gsJ>WqLO|w)Uo{?^eiR-$iQ+E{?;>s!CX69)uk7vD;oh-Xa`)-rot^1>>zV@ zx`nR@2G4KyE#I(IezOjY#&{I-ylt0;TG;_zs=5*!ec1X16%RR8MLopYDC|<8&m(8rU95OT; z0@CU{Zq`~ajxMxzey{gVsE`7Kyk3yH9)~8ZE$W{7 z3HEKZ{FUdN!!_4L^I~6y`KCMa*SfXcw#Zp00v`WA4z({cPnGSXvfVEzbY2^Y2zjFt zd%7roHuZ`43J|F5P`iRs{-5Nc@O0Vs^UHxnYTFa17 zzrT2IpxVwy;{S@OS-6;`WI`*a_ZHi#tmU>4{oEHT9K!6V9c+5JJ?XNH^Hkj0&EJb1 z_gpr3%4@CmEEb#L#*~PgHflvJMqNydP)`=omYA`BV}`QbBuow_@i8pmZ3(8*R3Gc$RI?Cchvd6 z(Ml;mJ~M!#5P1%2}x)(+bR=V#~OG-$&PaBzk+c3T293%kP+!N?;GED;hK zs8Wy=OMSq4fF2qAP&kV#|^-V5zY4^%7ZP_{t$F+hx5c}^tO3Q{C`jP_BX1p?QItXsp zNn(h||J_slL_u&P(aNH!69wj`)Tww9hC+V~olgF=ef*E`mZO8oIOIB}FD3fA1`#-r zjN^KdjkWD*17|#W!XYdTmb6^kloyL&UXmP;$mKql!PGG<;{9H_=+D6CvqG<~^@%T* zW1a6Vw}`(m=sUvw`7`~P5`IpJ5E%(xqv^YCf*VtM9w@ECtg5uwh41_P4_D=Ie+d_! zhV_!xRxfa>RJF-q{uEx_{_WDSKj`(zm#9&{7yuijb-2Uxj>dH04LaAzFqyo z60|VYLp-(^j)etq)B(WEaRjgsJo2r^NqpVacPGW~I;-pweK%u5_nlvU9h(wRP~H9W zwMdEhI@n^XX_*S+%?|EG{|9)>q`JgQ(PHkyoQNa;+l+lrg$WZM4?a_?!aRNTf!X(q z*%;SXr}I_IDn+s_FZl&wm^lCU_Tlt@o=72j*uQQ%=;=AYN8V}R8DkwG!a!;Dhw&@r zAKYgM-KN(k8LfanlG5R~Zu~nrC@RzESmEPsAgz>vqVL5+>|o=;~vS z_zG|yHdr-n#N{4eoza_9GA#qlr@=-AjLlGKn$d5>YI} z2m?F>E^5rB?4d<~t|*1c0>BNiVTN}gyi_0`mcio`;gKD)&lxE+9nl#ZBe5HtF&NP4 z9~%%5t0@u^x$V&x?I86d@~}0eAU5jKRv`I#T-iVrW+&?0*)i0Yf-uz&sKy{kED_3f8qL8F@R;mZ)*hYfO}arwxY6xZEW?reQ_~-$eNl#5F@{djrwylw&Nk9R z+1MxTz_~YJ7(w6h1xpPN<-ElZh^0ncRotZ5oxddvx;sI!S6U-T(&3eIgQfj-0Q5%Xmm zhz&Wlx%9){=ZW%2fUMq*KcG&xObQck}+417rEKoeurYlnfIoHlfa)f5Z8hRFD18R@s= z!9k8S9C17uax`A{;3wS6(>3?8P`<7or8AtOL`fW1e#C(Fh}BJUAo^JmQ&)yT*@R>| zT1z^Pru(m{R7fg0)RK_QQ4KbrWff+pRv)LScaU-k>7Gj@Ppgj$jF{NQr<1{BlmAfywNJOr~aAi%$;Ga|W(=qLijHIurZ$@&sB_&nrIPbw-1f7GWl9Td}pRZ&i=^Si3A%{;ntx61Y1Cz}si>Xx3 zj){+P-({@L&ZZ-}v$W*eGk8vhL19v0q4IKo0V0KdNKk-KN4Wrxm;Eu#wudp9*SR#b z<8IdF$YQ7x5MW-TfnkY~M^2SBExPl|rO#Zx>~jbz(PuBWBtQ4nssX`{c= zWJZ88Dg|y!$ub7n>INl3h6SdywAv(rbiQv(aTt1|pOO6i$+Ty?4XUTG$W zK^({W&jfM-o*E10VQmPsAgP+D^E#NXR%-qNkOH=ZKc?Wr%=WqBL!g-q?*y+nVtM8f`#%doCgwt z%+SO@q^ChUPza7viV`*$yL{8(tufu|{B0Fw^DCE&DjK?Z)uzLF3Ld2O18^Hter~#Y z-)?v#Mir(Bl-H^mtTuJ!V~|@gXlh4}DF900?P?tByuREziEQ&WYCI0C;wKcjD@uC; zl!+J00&5xWP_ITLh;9CE)0b}=`Fu5c)fqyIVh9RP8soOccD#;94p5s%#WAjDzn?FT zKwcTPj%Rdr@c1FcdfAxGsReb$ij`~wRSe?Xa2(vVLeaeeSrLpA``cMD3 zXp2LQY*~SP0}ZG){y(i9T~ziKuj`7^{FvVP-vjLVK=X8oqp$KIC8Ch8qT5JoAunr3 z?&boXAz#Miiz$%wu4Y4AM>e4)|8v@vy8Ns$2!*FMZ>)IJpe1DgrN$X!ztcvthApcu zAL7|DJk@qY?^VC?-~Ou<@Tug0*?7ZLE)|Q?C*2-h{Hk=}ctD!M!-}i7mmQRHR+cVR z=G)htKq=g}wGN93&k-Byc|}hD+(*Y8vnfN()5VPvJ>cFqhr@4(b;xG&OZ!@6K4yYx zr92^jV&w)b6^F_28li=ZI5j}FY+0}3CbwRV?CrCeNKqk-Z9uhA#__J9tpQvLwO(z| z-{uvpSoG;JgZ^x97z;>2QV+T^)}uD01prI$lOxA#?Tt!mj`JFFNe8QMD26kUYQuw{ z$W=8H*!rZ@R}e$|tRVpP3_Git|u zr`@_|P=E3q?I=w_LpP0ju8cG0rXW2JW(3r0dw%8l6!fP8P<^3`+8C%depU=UnSNtd zfqzL(eQEmUq`2(5TmeYYZjMy24&ZBiTT}Y*j5_zWW)#Z{PwyUu0LPwAL&zWIZ_=QL z>)@N}(~u-FwY;&)+W?Ts3WNJfp&*C-$LZcQ=z0jL20Knq{r?Ukwb!ry zs#(paLb?xDmu*KV-isIQ)=UU%LpLXh>LV8?*5vCU(*>In#*n%7%>}!;yt;ML#CkPf z{neWo!LIe0P9BH-ch~-VxA*VE5qjDt@~Wy0{kNu^)U~DeWCe(a@JQ2m;*o~ba$Y9X z%4zZo!;ZfC)my0O>f^itwT({n;@$X-gmDmBb&W51^Zb81gLbo_-D_f#8&A3+)Bkp4 zXdrCiri}6WF5?H6W6;w2WQp2`)U%{6NkF3{brdYPrNu-as!e}$e(zoGdA+vXN6pV( z9&C9EbpfCp&=agl$YKC${_hO?gPG|Y9WRV$vVvoB$ys)GJFSNcoRgrw?hRk#$p?pU z>LEPj-A76L{m6eC!G|C^<0?w|_^@a5Y2l=-%&tkufHa2cg8AV6nLY*hz)Bfq#bRo2 z)PDwi(g+j&pxTb64rcXO+=vTDth-R&emZ{)OZObVJq8*eLtJDgN>LLti9_pMD-9B# zo9#ch{g7u zf+A@^BpFHHR4NguWl}wEKJ4RD37=3KPPdsgT5VpaBi-;mwo~89#$g^!9QPd@izdxJ z!>>J|!OlPY!u|D?8xbc_B1CYewrV;s6;n`~qwtAU| zALKQb=DWd{UoXw99C(k7X0Cs|X1o<{)Fhau!JIW+@EekU{KEu;Fr}Yd2q23wwBIt{ z*FH~QNFS2W`~z#2P7S23ufW2R2JDzeUU1oJ&Qd35xX?J06R z47qUhQ}Fzkh%=4T`KKo%Ob2u7OWi$?Ycw{g^EQhzzr<-DFXP{3pKnw;*I2jzL3b9M zV!Y*V@ji`y zZh_kkH5;idp10M5YMyKt>)yQ3Y}@6l{$`bZ%Ynqrcc_DC9!%kV3Y z2EiK%obe9xmQHOCNc>SY&Dr=sUld=4s7E1f;L*A1LY<$dZ=hhvJf;HY?Hx()$u_u7 zRoJcmI6GK|Fk-Ylys2P5L%#LV?cvlHPE`c)pW$GJ9DSEEF}&Ox7KcwFPv^Zs}Fd>OU6bagS6UhpLDpkKhz4>DbY`^DuqM6 zDULDRh0TI2q!2M7A~zeYtm0^wcd9FA(nyD$W67*fo$H2dFH-u;ngO#Gd+#~%lMK>X zpGJMno+L@}hTOI~m&8CH^JOl_GUg`imS1nfB*~lE^zwE_Y<0yRNuuMO6Ed@V6XX-$ zOU5$Gu{v;hHL#h|gH4>QT~fN-p3Tf~K6TF$MVb6vW)NEi&T)m;yXl9umm_N&S+py3 z7A()x=$mD0zYJ9|rbitj0oU-woew1OxNiI~*^$T{hKq(;yOAC_&`C1VwI3^`^HCB# zYg*l!s1`^0#L}y2?*?Jf_r*JJLvCNP zn&a~gP^pKRTz-?xm{Viq?l7{;y-SWBc)ZlFW-#tiDti65E`QGBzUBF{%%Hu+7p?zY z0XP4+Qp{Nb`1skT@2P95Sw=v3=eq@a!VUK3?A6$FFiaFoTKUKGht^^e?F73)!1A#~ z{syBKCE{F2N|a$Qj@gp7M75OdC_4S)xQs z9CPPNI4?tP+&3^Q+e`y^6T`g@49>%!UvLAq-odzYx>fZesrZU-69l+~cix|c$VmB) zn?R2=#D9<c1v2#^b)kY-GaYF2kMB zAtPg0i9uHRd%ehe5QvCGt>WZfA8RH1z&*QLxfDTMYAXi-dZxIQ&}7*!N!^K)CWhO2 zT^&y6poPm%V3mvGKurC=gxP5~g=je+!Jo=CNGEbqY#4$@G(n&Edj!dw63O&q@TIOH zMM`+zcDRlRHKI3QS);WTeF5>5j1som>0Qw#=24S0mZ%0#jD^KzcE(TpGTnwVFP>ny z`C%Jb*j{!=maj(n|H)_f`5DV4MN7@>4qHu`qCG3_=#&Y4Ct1yJGKA3vF1>SNb5sK| zExm2^Wujsf2^V@6xJe>3n*C`Bkb9@&QW>L;+J#;SV^j(P*`HYy&RB-ozX$4Cd5aXH z5icHYrHzR9rl!y$5Rg&pZmJ*>-(8(imd|;z~8wPtv+Z1>2UbaSe+5s zsI0MyT4k=+@+*qdK}-J@MjOI%ZbI+iI@WcGIdm&1JagxENu53iOG^ z>@}aF@}9PZAx~+&T7NVBi4BL&zBd`%_skX+^qUJ!s=jC7ya__#4K(rq*Rx0}OzCJ7 zNx+2Zln&7vEl|{i0D5=6qI_F9wZ zg+LT56Ql$2Deh-pdF-u3W69Fbmy_S>eK=MHPp-1k6h?X1vUV=YzK!YVsu~u1MqsjE z8J72$O}OOKt_D8CxZ~4b0L=OLpWtG6R^Pb)OBGWu-XKS3_cOSMtUe0A0?q&>IjRl* zv~n;e6<-?wRsX4b=Y&BNp5KKi&GfF*E&hBVRF`W2_)7&_@i0z?(8E8F+k|)TdWlTM zahR`3Yl@N>U^}oEV%qdlU%D<|OE2JcHyjz`kNQ^l!*ydF`9bcPN+5Ikjm9g&^yxeO zvXR)BPoRIudo{!+qQ{~a{5j1*IT80sMNOOv;v#X5s`;Jw2i1SPb&w>ysJ%*%QbH9HRHu|Fb_(uzdR1t1eA_em(tF?oEC&knV>I=M5%Hu)I)+a=jg-D613YGe(ZXpJOC;_aR z0O~{%>ujC_;ABw>k?}B9^;a_I5=i?Dzz>7EWBR|(z!YI3LJ1&`jaVrhQH)C55*5=o z1?|BZFCoSHT$DCrlpJxOZ%%4o(_584b?m$93R8h9RJGs@?Jr8opduO(9iC%Xr~|(3 zby!_%J{OM{kQvVY4-W6zyJQze%4rm^MY zvg#9Hd8q)5%!$^_stA8%*CqTFiFxY&Z-R)wV$71fVk8Jf0fr6`6RmZGuz7dN6cw=` zAtdk;5)2+7i5VMIdlQWau{0tvIw$O5y>(YjNEXJiF99_hfqixm8?KB$KTfJx zH$0z40e;ok3Gy&m(_u+h-n>A&rr;c|rxVk9X<9?TevKFrUX`+@+BoC9H`p7?twI6Hw@ zFlC#3?ml28j`g0`VK0b5ej%EPzE$lJlq~@fWdC5ypE4bi(vk!(yAx;@rpL z+-ul4+B4mkE~j-R7>^|;;_0*8Sdwu>uNi0!12oHxUQr5km6vkW3&2kRn;~K*e!qgU zD{t4wR{B_SWWwiLlcZn_!#A$->1On$TXLVVC>>dTZ7VV4F#|;(n5!Uh#L_bSQU1YEao%a33-LX(t0J$_&d@fzTrLVaE*(z){)P0BwSYXN(L z?f8zIX}ITX({i=PYW2dx(#^<(R7`&mo4txLSPo~RL%( zE4A;QV||9BDgo|_iVMQWc|@*uK99Q)ZX>91At9^RQE~n_s5dT_J(487N&+{SQ~nTG z{v}tP0oxVUII*PUE3<($ndZ*QNxH%<&D|H)sOy+h%0H39*HG@s*&|j_g#_pAtQWZK z-d9iSN1|5=^8@xvZ+#2|RGQRn6vk~)X(lmFiQw02DGcW|O;k}<+Xj@;iQQ<<%J?nD zTyCjM#=RA|)7!ED0u3g0Kb9a5U%fqPtJf!i3b~MMq4(d#-RN?C$V3~~MH5D)=^2jm zTcY`L_kEC5ECy}7I0$4~7^_MEDK3#DaV

?5N5tW-=}iY40#26%2Q(G@ruHWIH-p zzwdRLnuH2Askby+xFg&db}MuT>d4X{98(ua)RS#jZ28vQoDM@)Z94l*3Axu)F$JUq z2X`hgD2=7F?}4Fowp#*lje0%K=E35mlp!=*q|fxBy(5g`A^F1Nb58E&xYa{)x8jVW zwn$-_*58Igy5x$%YHYijixWTLLzhplA2v zuK!(DX`Ew&iVsiN4X<&Hz|bn)9#Tmoi%a$2ens``U6P4{ zzNzgt@81sDqj_W@%yHtK!X%WU!fcZD37p9f+L@Qn~0tDxv83 zUYh)Diwolm0>k-6)n>y6eO6BsT7Q(?RXTUPwv92jq5Z>0i!Iri z57)kYI1q4s6XN*1e(OIDfM%qtLrtvT*_OP+`|nk&;gRuo2(*;AUHnKK|CxHAr4R}Y z;>UWM;Pp{dpvaNP#Pg4~h@$I+YZ3Bq0$~fcEN4^SLEpblZUrou$&VM-b*CgQ*J&2Z zAd#4DZSWt;v3DB`EIhAJ^0BR?JZL*fw(tF|WENo%P@(IY)VhOTt@z%{YvU_!AQCHr z_%U`GZp@bB;eXJu{^y=Q07Lk!kRZ8H<3ioOyz8Y{y&BL#8+qaD=F>(K;x7czz0OmIQ6QQaDL%XL9TR!r2NS$`?va1es~it=W)FAQp0Z4 zBjZC}ScU-U@QPc^u7ba4ZQ$$MUijHSH_;~m96%NJxzphNtl#^9(xXz3&yfkVQGkGQ z37{~Xup;mF<_`d4j8zPQR4gP&A@~RvSS$`Ah=#`ReTH?g?Uo+5u0vIp_T5!V3~IV< zsid4XknZyJt8-ucQM6zGbF$DWd7Nq!CI6MYn@z97>0D-+BmwVS+GF^X9#drbWDM#)J|`551u{QJ3v5s38&!TMtNoe%zYo<`Idr z;E4^^h#fJZm}=BNT=^1GQ-7p-^L3D?p2|xbnJNo~D-H#gyt<>8OTMBxtU@bShO?%I zy}x<@x&9O68hx;?{L@7|_}ln{@clPhx+!lzDH@wZf|LlZ+LGP@X}bXrb}`(i7vGKX zeF%%=sqbCVP~VKSH}^XaB7+KqA5CoC0IDv5gw7b)S*{)5ANh7rUE9I->Pi_)OKer; zmk|?^L;R!jtH;0*nb`7)?<^v0ZZ|Ehac46UFQx3kPxBoRjSRf13<~)ptH5-_S{K!j z6i(0Dyr*Pt|M^k*PmyFZ)wk;s)$1bNf%^u;!1q=Sif#vHF%Pc1FZu6VcujnC!frGs zD9Y(`?UVRBXxd;Tks5JlRLh*d>F3CVv9clzb4Ijzt>{ zE;~A%$+?Yicjk{sbBty@Qbw*gZqyjg4-8&ENnP=FMZHYDHf|}z*+vN~`IM|E7Q+jG zi3FDCvsM^dJZ7h#M@6v4!ZJ9dk-FJ<>#a;)qDNrhENCo&(V{Q{=6OOtE-%x&=l|(M z90FtF9V?F77N06s2LeziB!(avfV_3X@Qajspy~9R8~Y2j&+i;n543WB7g!8Sb%T_b zeLFCtWKt2CkW)FAHX*?ArrtIf%ikUNW~HOSx$DMK^t_9AUd88?R$yCjF$DZAB#Dh-ZcbkXt~s~ovM~A zv4U?9AK6Yyd?VwU*jgL9L)Udhe~m38UHIZqk+DKC8^}6JoDbAJRF%o@45_~9-GP(n z7A0~E79k>llEq5HCfC7t_J`O3P{@%E&stlI1$wFYTiTUMdY3)>Kb}yQD@iA#djl49 zf6bYg(+t4FnJ`>!jB=Onn6q**()99DO0*@lnoXnT8iDCYp;yYAmUGibRnNzrl9~z~ z!u^{`660xg${k7#?Od*WEm|A9W1-ektR}J=eaEM5WsWeSm2)zo^gLhQ>9Vx;yoK8I!r$n6=@)V? zGdgC5tH~V&o^3qOMJu8J}arEP$pi_!o^x5 z3wJnwl{S@DjXWWk1Va2ZHNI^se89Y zk#y3Ey5Y0Q0fS%_ERDa3ULhM=ICb+%D&vTP9<|{>9!I)A z%riTVsjtM}o3WI@Lcqrb&yuxx0ML8bv^$4p(oWKEYEHuqZ8K6lnau1e8cC`A3j~%_ zb~B~`>$Ka&de*zfgY&pNuyoDz+8%i>czaED061-@ z_G0dY15pf~c$)x#NL5P*?a#g9Tvg3F4xLTj5e0xlju;KvD~di+Mm3k5SZa&GSN)Y2 z2G(^Rk%57jADTvLVd)^=VkqN%YMjQ0vgvRwJw_GufB-{c?xntRuFbQznllNCFU6|# z))K@HPFk3}m&!BKkBX-~Mv~qZOhrgU2ponod`*K zXDvbBw4pCsdEAE72Sqt=`G)5j4c+|ZC%Qb#%y=%{^1@xuOQF zamS4h7sbYc0j%GhrxC2oH&^H-LM|fC6NdDfax0SlU##;=Y9(jj$Nq9*hnJ9>O`er-*!kd8^m@K9;Bj{r3AIb9>vAgyLk>H|8&)k>Lo zb&)@ex=)^pGry3+tIBB3q;thm_#2GxF0ygYrOl_kBF;MTGO-ImhNVZOgVdXdH42wI zFY$Qkljy4Rkgd_<#ZHUs`=I5_mPT$ysnee?)2OT;WkVW1^9VWA)#{3SxB`V(-LCf&~DAGL)>q=Q+lc4d0j0bulM4Arh+%9X``eZdN8wSDx zt?$jXSF=oH%;>8WrO5vZ{@3yE!yPpA0oGYIdQ%}dY}EU}?dxx?fwbVpx){Dg38F8S zNdJGw)<6oxREmu;$S%M315HTIn98ZE;OI zQKKN3j&>N8MOv^44_(V`aG$o+M(RM??z8D#@m@D)XVZJ(C{J)A=WT= zvuwT|Y5M!VG4ej=U^Teg5Bv05Te$lCCTYIH4vUm)G zO@`rIWpbH(=wGSjU4zQ{V6_eQR+SPbru_Kgx0+RXqSiAia6#Fn;kbk{+IJ~N7E6*1 zWe0~z#>66oww-c0RvMNZkb|hbUjd3Pos$B}p&8gwz&8DjWR+J8ZTg{O`8PiycoqOW z$|5}Y^L|m?El!L`&zeUOPQ;-Z#}LiRm>)Ax&&jJW%;Zuwc1EWGAG1DG$JC9Y@$CL?c*D0C2m6(Vosb2u7F^oDv50xZ_t@06&Vh-inE?eSW_8@t_G@H4&WQo@d{y7|Nzcj1~^V6jp7kM?v^Uk*nTgf=5XLiIuFt}z0 z@MELD(D5rePv9){WJ{hc*trxF6s01-H{PehSEN#!p z$qc27pYpu8ZnP^+%XSj=(Uad9u<5Cmd1V)90NSh7wOiym?nAU?OYvN^4J!ND&Hy3C z{qtlZbk7B5ilH?x50n4s+?XoSLg6kT-Ce#=cQ`Y-Aeye(btt!Y8GBYwt_o z6BD26Qqs;1ic5k;V{%8{dwLJQnNY@h;Is2%J!(b;AmxpIN$;}bH7IsA;>X2ndnOyL z@M*q40@R5B3EWS)jnO`-_^h6#q;lQ-a8II;g%ck`t@-rlX!xb^?t-v+Pf*?~lz~)Q z*1alMVxXR8%BtCr*IVEXoaHc8Wwqy)p4r&)PPXmSqv7A}BGJuaMZfKt&j2e`Krw>N zUggLjk)zTVasCN7?PIg`PI~M4Che6$Y+M}g&VbInVzrCsv;eK#!ubt#-4E(EACf;2 zD$9$j3(vVayY#(yU^<~vATi|ZP?j#)nY_Q_;qj+k14&MF-d z?xe$8uY1tN7@+0GyDu#olJ2jyu8el^N0BPJEh!^uMCiUUV-@eAF7rJ%uZV_39*a3C zi|3i!fm4g>s&pDB2Yl)H#GXAqh+L{}Ipp5c{oNRcUiUKzo=9+%HT@K>ic}J z2k9cML2n;uryqwFT(rho#j_WEE5{t9+0p{pdcapA++S;hMf1<6r0NG$l{xepwsfIx zP6h{dZD27c5@&HgkDU%D2N7ZCwE4#0(z1e_X{b_d{AQQ2$~S0Qj3zcn6u-Ag;jNNQ z4NA(`wjc^h`ox{8nj~t|wP~5bwV0}>f?(r&q2)s+H74sX62UbTjNx0CFulL}tK~z! zJ-6z|Eq88JyQ1kDA5xd|ETGYuf!|94<&xfg?~Zvj1ttc9y_QG<^}3hgE48r3!Qw_2 z;HKsUAJ``kbwfeZsme9NUmAsh(JuZzL9pwW=xn!T7^_CAU>}9|b@T_tXOogID%cvJ zz{R>iQt9b#NY>#|7TN^vb8{{1Cap21f8X0An-W=bo?5g9U}x|F^Ya0mNb2>^9t@Os z_kXSblFZby{QVd??_OE&;;+?r`P}7NQ32=c6SIV6Aahf{3}X0k+oLiq6ojE7zu!vJ z986aXgdQ!s7xeEd$C$Y}CAAGTQfV4|iibZNQ%H6aS60N^WmyhMqY6s~u|XC-%2 zw_MS^45HtmL@W9=vt}a4-;f_JRBB^Om`HPB-z%V<-STgWeiig)nXZri`0Q_5FsoHZ5;opc-%| zpftB{D|M3BX&A7$lz!2WLrj*_SC-KRs9oEW=uy~?{?*(Kws zH_%AL&rE3*J|6QBR&7tNN8ETja1n>ubkbrtrRStW&$q_Pgd#nK(WtgTOjO(NLyBKD ziTuOHUKqp7#r;4N5Hq8JG|$VqWCU@doN=i=x@Je=i1AvPleUtcYUFFIGWqIw44zh}uVFSxsfV1f!Z= z2q!<5(+Nn2J9wBR9U@vMNT!KR^pmbX5KnBXZ-Xp7Si|<9k{Qh2Zk0vcU6*z4yd~Op zsy!gOSMB~M_q%TLJgnZ};Cuy^!eBz!KP&ty_r&+^p9WQGr^n&Rz4I1R?=NNvVt+sh zVBoIt{>|=x7FmKyzBhL6WsIwwlK2qmfW3}Aw)Km6M)#3WNWnZ|Y`;ECkJqVR5ind7 zLwup5E0%g@m8UQ4Byyia{(XwuCY~`;fsKw-uRofQFuQJ^F)A4_C{==p>#T zRGVHblo6SasG0E_I9u!5B&+Oi9@+D+xl_PufeCe{&{sAFt|diF;uC+$`R=IDYq`}% z8xAjqULWL0D)gu~_;IsI!j6d1B|!*)83G@9=3$VMy40Ggtby7w>tC(!BEE0$9Y6i$k?Bv9lE zHU@#K&*@V|4e-=N)dstj>;7g}wtsL1OB<_~f11tGOU+mCBJ{*&rv@wc&mwh_;?(jg zuxb1Tq2`blwpV7kQcg33N$cX0&c40D6y}IEv-0|c*dRd~ltaxs(q%zmbw6?0TD4#qA?tN z-e6PyN}{MACY!>lvVhWS9w|q9nT*NUinJOFZko5sT)iu-EL}O{6@yA?(utGfN}#l( za9OGCD_^=AlGh?`AiK~+C1$8uTcRI-f6Av_-arl0X^mP-(i5>LhotLRQeTCn7<9JT zQtaSx&YKdCp0gBB9xA#l7(FGN#2?n94ooQo9X-1Qpp~1!lq+sYRXkBFd}E(wsc57g z9@gabvO)21AEtun-;B|q!Wn4UvfDEtXs`O?1W9~N%nFNOB!xu(0!hr{u&%6Y3SqI0 zp;fXB)z2G|xD}>2F0y&p8mamE5US`gbCSx$(bOL&_qRkOPC*p5ox0>_`|Z4A1vSG2 zqTR`!NAn!^eH-=fqNC;OHSNhRj}z22*3|nn7_1TP5tbzN10C>8ENO%qz1L zm1`;sM={?1XZr)qqw+YyWy3%+YrmbFLPK}T#E0y@H|-3HB4ROfN;4GX;COUdx-Ko$ z2bPtj&VO}-aCsyfM@9}fZEvWszW~L=3h#a1+yFEUaCo!~jIQ|6Y=<}TGFvd6b6;r~> z{gpF1>7rF@$-nt;)eHb{&`aS6|3rq4crrOIF!;~E)!H5sK&S6t2C+?`6lqhOW@V~% z#6)w4LfKLy4uikO9k70BNFcy5CPm$X4(x>zMm0+K`Z z2nt3}W774gK(8aHVyq`wY|RaZe%r0qe56)!*OSpZKlKB7kl(D%$PmO?D!wx4e}rB@ z^=_wI4G&@1b+(LY*bMg3q4_BRexw;xaSxJm&a;ATyVF)t)g1S1 z|J~1ZJp7h9Sa$q`*s_6Qx@FhOl?=!b)}EPWf!G9*`F8;ONHWW3U8YoOat1Tv6-1`# zX3k%8u`SL-nNY*5A2tA9UG;G=5|<4;AV6)Rn#j#;v5Yac#S&HVTV3hg)qHV`CEtou zKI!D4ikMXdl+C>y$bzQ*9ua-5rTiB97pG#;Ehmvo)zwJhpAUC)_-zGc>GX@Ti`shV9aL0^h9J3f_}O@6~+Y-fDMwJ2gm0YB_L03 zu|pijbOFUWtUU>zQ9}x=AqzjG%@l%-(?RUY+Q*%8%^c=U){l zMnKE6zjp~~8|gGg`k4wLgh7zdeCMPa&2;`NM#F2^%XcjRbcLKBVp!qvur@mu$F9M0 zh2l+kMDU>O{rpe_1!kKPS>16j*@7oxaIs<3FDEH9mF zvgnzSr~pC!IjkS>B-aUY?SBwg3Y{FMVL6xXD0D^*~r zp9Fdu7I8tc;!D4kQWGejDh1XvPO9id-hBO(dv`R=>J_<0Is07-{|DHp>f%7I{SJju zqGsUUY~N>~9Tj}_=;lL#Zv|mS*|5FFz*03m@koCwfIR zPXECkPhkN7ilBr$-`o(BKXy(DZH`}^sp*B>tHK2y=P*9LeSaTf{ z#268+XL?S)8A85H8e;xM^SM8F+Ke9fJJ|d8)9K$x%v{T~e8)`ygbKk5cTjI~6MW*t zj-K zQ6niG@$oZYpWA^Nf-|Bb>3DiFU6ssUF(cpjg`-D-uzs~Lo0m0*IJ{SwmWoRTZGeq&k0?P*L_@&pX5l#; z-WO4KCq%y1&VuDv6H7c3JQT{XPX)6!KWh`e054fN`q{8LCQXfOuK+FbvzcRn3T3+W zogkV|7GW=_pVQrmYALFDNKNm7C&y~6lv>hJE)+=;07?NL}1!GbO|NtMgM zUjrR47)rzj|Ez*QD}ZK=m3=ReDs#+sKB9E0pzLz7FxRqQVXgE6FnLj8v}Feax0&hZ zem_8=T}%O)fO$Xb`E@V8-<2Xkabo4L!rRUH9yD6Ync6VjTIMZLWhl$}yp%+TFfAid z_JVz!1F$_9xdegpRr`Bm8)_ri7QH^(Mzi?_&K5U$2DIt0lBw_mTItTuKy!+KGr>ec z;UE{#F9HrxG&Msd3u!hVs@Ba^KC;+oq@A>hpvNVLAUo29=Se=BrTy}yF*?~Kk?#bJ z#fnb)=`CK8aEBar;n@QABJ#%jG$b?OK{cxTRTQ4Why<<-;d^<-J3BJ?*vt9UxBkk{ zN$1k|p~?k9eEH>oG*77$Q-MK-N|Q2FNIjA+_z{s`_AI}WD7783e&Nn$slIM(rJm3u z0qtQG$f$5jReeAbfHPYM?VW*k9Fi}tu#&^x!AOjmhKZiXhic7bjcQ8>TW)zf_=&U~ ziCz2|JIYw)AN5cPO!e0#OU;2%{=P0oo!IiFHCr7neNnd&+YA4(?ZVaThad>Dy0++}vkSgN)A#ocFEiDzu>{cvQ6^mr%rveexNCCrkRWZOmfIWRvFAIyR zF0;z>#`9Z(%5;%FsmF(GCjB=w*?cwc1!@(~Gq+Eqc$M=bJfR(lvYF=552`V_Thi-a zJgp**go{wgk)XeX(V&$9-y2)@wTj%Ti!tfP<+9rJ;z-1j@V0i{LbvMV6I? z&VDNj0EH6(!PJX1Y)}Nd9?{zdv;oYd=$*4$ZvKrx*~Mcfh^{vdz74&ckXJ3X=_#8 zt8A0pmEU*Tv-2}U7l$I~&@2&2wcLOd z`_NV*8M!V@wMFmv9H$%JKCz;f=R7pIFiI6@gTZCd<=Gqg?3qjQyF-7c;*ekB)^wPe zyz=G5j}%YxRt8OOp8gG#+6p@<D;Hyltdj8BZ7^Bqx3 z0N@Xdz;Z6gmIO}K8@y*SS=?w|JR)sH4di%uSYB-7I;mrmbUVK{9P^8M4g?s&u^ z@5!aoC|sQkeAc2ILsz@1SkavDHYST(F@U0Tl`cBg{^kcu%MClrJ=|UCen1yVkL9Oj zFd}}M^p-7(_cwFiMfqZ)Kcm}|7s>MVSFHqnJ3|~ z1DgYesY~Zlam9#FC$?acOQrG39XaiBBgc>pM){=&i%t|j0BxAPYd}{6&F)N?jeo>Q%6rw?7zH4_5-^j&pnE1NTtN1OC zOw#Qu3FUbqEe|E9?)J#3Cwj5;_WM6}0OXc2Itb(O9dS74MZ^&AtvN(5Yr}XHqwxk~ zy>jZW@jSXubVt_a@3^8asg?&|pxU+MZ$HRS@{}vBpK+d}s z4D1cPBy$$4i(=7!!w}$VECFOLUj8PsoPqKK_QWfZhaB|=to6HM_LO|(H85Qz#DvQ? zbsNyw2J>jHI&am93(0TrrXC8K!SL@DEhqVagChj4#o#l6t zT4RX__4<ScN$N(+rPSBa>84bgNPsYnxj;r^g4TVSyNb&abR8x^EveZnH_|E@ zFOW~aq7KoOj-MYHR0(t<#7HYDvtV(Mus1Z*x!`K`I) zx>wHw}-1SLmjtGC@=JlGz>-RFHswMEo zRLFZ*z*f$E%CNz}ft(m#ixKMU%pou~+DyK^=cKT~j6@Eq^bI=5c0aQNXcK4xZcV?+Yj{wZ zdrr}`a_Sqd__KWN_Yl}M!?*B$P^gK}67llMYnxb3YE;I&W3RNk`~m?2S&MjH8(m!% zT?l06?s|=4_Z=@|4FNFj)KRawD|a~7N))%{P(PA zpFndDgSHr5vG2RM%Zl~dkn8X1$zMFbBW@|SN?(K%7k%zcE#q(!c4HhI@^z_p7i4Q( zd)Mm)Mf4*ObW+j8`;w&i7ym>;X`es7z=&~IKPJB(b=mNB?+mhUfKDhyJ|D<)w%FzX zoBsCvd)Adah)x#>;KU4hn--03b~6dMHvg;gHQssbs(wV)pL89YUe%xMP?yDqN(fXzB|dK9n2vFMkn0-YaF9--*nEP)v8C4`hTAd1g!!J ztt3#-g@m3bUt42+Y}~TR>7!7T_|1x^lVgGsk+%uKc{l~=r1TKir)zEx|KkY|rgft> zj-^~x5L)zpN29&Xib!_6JSY>xR~gRAg z&Cw|E4ux`57`)D9@)}Cv)r?+1%daQ}uMHF^`+q4Mzp+`UvO3b>+M2U@?xfI?ACx!c zzB0tbSFPaM=08$;>tOMQJr8eY?i&KcWK!0+D*8$u*&QO6gikiy8H7H{q{B1vqf^k$Tf_0J=m(5EisV;Jd+@Fl z9;K2=rqexP08*I%#)CQJq)g`gfpp}v1pLKk9|;W4{)Z1;8Owh+@ryZ6k>5Ocx|&C5 zIdxUpP#yK<^w+m1L1p?zX>#rOS~2Yaq^D2YQ@h&h_IGcsay7b2TT7oIWSFjATKjeS zX6yN*m%(&=cV7Y4o54K)U78)>rr{rRA|)G)YF2X(w#WHnsgGh|cSE%upH9o`gMz>ZkV^BZkpxZk0+4$DPTwt2uN z%)Uq;8nF}<=#|W7j!kl8RsEb1kJtug&>6&(?%@ADRsGrnzxAK7AdRE;A?9;n9GH!k zw;ETHs)FF5hkHnE`f}V}6pqI+pL&*oU_|;viE@NblAN~2Z0KTWYijEJ1dXe5y7{(% z(TcK+d$rvaC2`q~8Xb_3KW2D5vP%Dhp=fF`7A%B|PPQ&`B;zj8p2p|EJfW6 z;KOWAqtnK2gW!$h2}sB-lXuL(8!OQ|hi_=A1+-4;tpB()lYVpL*aY?kiQkm{z_to+Vk2 zO#Had02!h07^l^6EiY2P4s@ncVjfDvk7H<^m*6yF)ZidS5+5Y^2ytc8GPq#5#1}wS zyn>S@MTatr;I#W2ob|@U2g)NbIB=md19OVhF~<8Od|(AD_9vnVz6iUj_*Pw zf$z-=)5{_~2T!_*5FNW~0aR+d;trfqn`@1RCWu4ay^Rav6b@5W_Tp@B0y9m)EZtNBvqC@Z z+}HMxVM-^$(D_6+()TzfoON((<$)NNm0_7H1foN$_u zo!|FLTAN1>Ut^^~bDQ{c@N+HQw8HOmc6FuAlOZ@!{`+IaXh#f)t)9v*y{9L{+Yhr& z&^28SG`u`RLv2htyzTBIMZbHyptVpT za=^Qew=RT6=x88jwn$dsW5C-CHqmF3cRiHOceP&r_nof~|3$4$MHO=i&H4dXAY@zpN$a=}hLQ)qVTKba)(7Ad(=&M;U`1b;w)pwilEQ zI$hrG?fq^Q~K;o5ta~?-mJ1i;wWeUNtK5Fa%uG`O|N_z zgfcGpmGy#jZhAd`w?e-De>B}?RMY?aKky~607f^CZkUvmIJ$92qu>yv1O!9@1>Ht> zH^}IQA&9girJaZf2s%PZ6-=xT|9yYw{O|0>Zta}+dGEZg*L7XbM_HFUhR^>A4VIUZ z;$Bb|H|t}1E8>Y~g1F+=oNIM`>iHk8x(C0pw_K>8?JmVXZ-1)(K0iiQ@N0NRDZCYkJ9Mn*z;0pMs?h^pihpDCUM3@JOs z0V46{jg_3L)W?szHc>Ct4%E*WvFdvqZt}E;yvTL&L+ZroCo&8ja$8vUQ$8)~5H< zwj>qrogF;?T1%SU;rl`|vOJenRzTu|dcC%0>a=_K+TVUfPl&{^NO&dt`feQi38lXF zotyOK%Sj3KoqX;P-nfy?nS*9uzwG0*#Px**g?p+m+N>W-w2wUam#u6#7tjzsGG9&t4UJ z^XgCZN_)`1^u+M(fI?|8ugTQQ^c&w>ZVoC@T)*BHdIi1cl28hJgjqxUw>0p1aD)A- zSllNz+}M+XEEhOy`Q_)hOUJQw5nI?5-)f6eT=F4%>(asJ5> zyag9Ah)1qCAo5?{U2%vwkcNLZ1Wj+Jm&84<^m@ zW)k5P0D?mkNvmfrX1>GP5OX^&j=hL*rZDaulM%`L(z`9L%MoD;&){#!_Xk5Fb|ND7 zWNvNH5Qh;=#aXcT@ftVIUhMus!c6*_7l!}49((!<;Jx?&LW$Mejm63$pN|quC*vOO z2v|*_l8d*8i!z@P7#cS5j)_V(i&P7WbtmEOj!!@u z1CgW>Uqz-%7NzI#urX}PG8d1Z6QmyJj1Q6g+6~N!udkNc#fEt$j_sr%6Qgs;&?a2w zU%$`+m!z@XsQ-%K&&as~^|>I|H0wKQ&;1ZBGT)Y@ zJe{#uT;_Lg-zXz!H$l}rr#tUd7f_IsnwXgJGZOj%XpPG}+lcJLn>A9!en;m1*O00+ zg#<(uJ_8`Blu!w0wJa9cvNsZwC~48lQk|8z)16m^&EDs|XBwaGxy*Bo0A?h*3TtOn zPUhF_-rJWI1E317$>sRHkJKvyAjtqsZ$ae|Yb7d;;Fl}ukfc3@jB3oCIzs4M5RFDy z&`IXWkaSv6QEhkLjx%X#GMIZRn7=W*XeC=zJMu%MSImSaGc&$IyF{Yc571!xh+h6q z4)Od03fn-Sj}m_Mq&{-ZT?#=y_Ai_QR76+w3T1G!CuDpjS&~_>48ZTcLsPc(q@Zn|?C~2Rp6gEGfhF(=Nu(kQrihDL z@Hwqmp&_4znfSPVp!(SNrNeChplXoW4ri#&!!`!fer(E23u#>OlgA3%B z2o$C?LNKx=zbifDAsAF$C9S|Q0e&Z(P~Vq2u>9~yprW;jPz0#wO@zhBiu40uZzyDK zDm)8DM*V8e=W6K2HGt%kZ=EX|u)LSPXk^V3c}u!AiP%`z;I$-Q!f{W@XD{$wuc^nr zY0yeR1uwiivQ6Id(csBLhLk!*4xNd${^?hJA+&-RWiB}hucF5@2h^Ox8UTXnss2Wq zHB74;4T$~(ntw<2O7T_y^2!dV*&l&7Zn8t$Vl=Czd5gL)ze(u)m zW`o1!35(UyCOV2e7-G@rf!XxVL^~FxHBsX%If0f7}LoQ=^_ayp{fsH@B`%wp7 zB%#}%5l<`68mxvzGq$K1sg3hr{hukcog_V+DUCYc+jdxj3`v1=d^qJ25mOsQ2ff3! z7+H`CuBS62(yL6(8I0!zn$(ATL%UY}R$W6s6DyYlpGuX53^msxeV;xJXL3QeE%3IX zOq+J6a^>M!;Ic=vS@5rdO^zQp5J=B@nRLw?o$yt4&27mlpSzX>aNgpuExi2k!IQ&# zT}w?s>9p~P&YY3}yc529L%wdKq-rTEwZCDYAoY=sVwBSlf0QSzfGjJc8durJHP*)> z>=&Wwjj#pjSGYO;_%VhPj!by-Kx}15vTQs#S`3Ub0GvdwgC-bGDPAwCHCa>Wkd(gC6$TyPz4C6|8wBmdX0;X%}(!nt|D5s@ZtYg-LS8$WSdGoo ztQ?!Bf^3A1KSa+*E9i(Jd-4NnolE99Yn)`uPXROZ@lqkEr_L1p$e$h(<>{Qs08c3> zsNGTQ+?C8G27U^to6r@P&fzi{?CZz2m~F4yq$$r<3iZ0p&%s|N;&nfl_53SfQ8L7=y~z_Qt;rca20Yq zYo*j?7Q4LYOZ1v-tH^%R6IiL3_&Js+o@im45*tj9d3&=%{cO}c;{gOE z5PI>S&!*q<9%96PU^#K1%SGv(h^6;a2MAfPZcd2~7G3|P_!9OX{ih=IxB8TdKB6BW zm9#BMi9xW>%^7LKJ5ewb`o@|2g8lAY27Ik&e=Ix5i`~Qfove#NC`xvJtQ_fJyxvPy z<*grqTg$BUaTLrgWObtn(V2zN4}P*CoNUoZOz7LVfMZ5K9D!E8*gfpJCDw>GdSB#O z>z46;>C&b!spn5Cz!E!kO>~`xTEG4ueI(@h1u`_}=Vs7<9~52>cG$G&R1!^F5mrYK ztN$J(gbkfJq%1Vf$lO2OT?GM_ui2q~z6W~H&nj=_yj^0rsu{HPjXt_J8E^qJ>#B>G zvTb3tX_;1QejKn-I%gsI+!exgV(5!u@d z{;=^o_GcOxj)J}Z*fSOUnJw`1)PIc)nB~vUc3#IRmvML-lb>Pal3B7bHJ9 zYK%^TdE+(D9G%(-3w*Vmf8)(r{@v`I_{y^OMT4RK-GFaj1G5kspICZ4zNx)EzN|o3 z4tfsaggYi2{!sqTD)I=M1are{$|1i(Ib=Ofzh6<~JNftGdrXMW1v{3Ig%s1r>NqC7 zBi6p71B~sl*QW)p3tJQhdy1aYXZ#MO0FC*dR#Aw?pwOzPKvD7zBJrg2%{AO~@lFqV znDutn1-k^yukWR>f_KdQfR9h#E-i`wL?}-UiqbQ&Of^@LmUOTsoka)uksbo-#4Z{s zPe`S}vqSc6JpN?f{R64^!%G)3|=p}J%Uzr8PU2nB4$A#03^X>#>JQ3TQWG*Dq)oU z2kR0w#M)S~{my(DQ}llj!EZZ2#`3(VNtVOj|2S0rS6q(!4o!}&9^)mqo1QCf-XbNl&{^ADJm@-Mw^$E)#h*r&W`yV*yz2)c|ctCpo{jmR_EoVy$w zcH9TpDf#?PwgCe@;FoteYwfm=!3(?V%shJ)l`tXtefLha)u03&sqrWBiycSSeC!crz;TKpOf`wl&TEY! zUe|WWQ%FE!1dVe#m_FUwK3cF4!kTuUo7QO!Iglf%>_yQ!)H61L6F z?U@$Zc1^sOqg^TlU9Id!(#tZp9Y?KU&~FO_F!_FJ0y#U0%4N9uc3GQT`QcBx4;$3<7K(`q4;cZd}iX6$RoaLp4QeNWxz|f&BQa_;a1x3 zsT^TzVRPTP+>3+r6`f^O6fYV9^qI67uBmjdckV^gVsA!BzCw!{UADHs_lwBa{6IQm znDr!h3Oe59cLO0P{Iw*ASL!|v;3&``WzP57kSLWS{=0_XB9)o&Q~r+b2gU2{PnmQB zvz>ibu5;No)bd7)ai}FaE3cdQp4^>(zw-{sgi{F$Wdv2#md@NbjiN`QX$OS zR_kNV+0Vb$34OvJdWGj_^6_EI;`#e6=GAm0*BDEE-jj$Z(ch+FANZc%{gAK# z^fl=O(iFQKWik}!JlS5p;A*&|KfY~ye|5t>BAWRr;tq}-+E4~i4Q1lj+Y-!*92ZA- zq_{aWafIG@tKdPba_u1!8n-wIA?l^Vweq&sm#ri-Fa}I9)Fk7)`B#glPq=UG2OKFi}?2ocXxXMQow9-fjTRvftsws{c|6DA98!kns z-a&E#_)|jSWY%67@TOg5%6?=pe`1hwNfN-L;A?U=&qyN;Z?ZZt*=XDP@H` zua1!Biq|-*2oQxlS2>LaPY!&blZkC8!teSvq*C2ICY)d9_bv`*=11cT#MVopHlXqV zX>y<(*Du(m*mrxiDz)al`AHNO?MNntsu7mU#$lIeU)SD5hNPVG?gf%t`=t#|L1*jA zRqvqgy+qYZB#W1&aFyYp0)ZGXep*uMK<|omfmWq-U#@JNL!O>vQ{v`aDoA18N^5Qayll~>iX%`I=uH`ZJ z-5hqmKOv_8JzzeN1HkEM=CjvLRA1h)?=ILBXr^#eHTRgvt65~ItJ_&zsEh-7#EhOg z#_oqsp3WarKxP?>q~IXXz+qnIW@hHzMH^6L3*OpDfN!JA-pSgnAZN#b=m zW!pCAn3Mf`m~-`5n}h%pv5Um%_A{Oal9N~_CD~IdSRA%tE=w_k(qL@2l3Ng>!*Q%} zp1|T)fz16)#r4SNeXk!Yv$&eBI(`E^ZX9gf>6SIpC>lm~zBhp13Y{M6E`%zg!ANe( zvOI>WpeWXinhd$pO=-KG9X}xvP9{J@xcfA+gSSdJTb|$7>`Ik1P#IA0gcWX9T$|n# z|L?W+x2m7KD*Ffb-jzZW9Ec#8>>TNXBUIr8oz8NeD0GNVoV?@&WYVXQO-p9>e0+wH z!AHJaFi*HukHFl~C%*GPFAzePuRdI>F|q?*Rics^PR?puIsg?{47{_W6GIsljALF?r^HEZk489qr_`H&WV?^m87W*8*QT{+}xs(ww@ zGC`Jl0#WDflxO-I4<{E(OVnChytXD}_O8qsWvIc>9Gz}!0#lzn--ws&`F`Wo1u0~5xK^w$n`M%d5oTqzn( zc%%U~xM(IM6)wcg-SD{8ZiFD-bMkbcu1T6PkL{V*RX$$FSx-z0yvV+yP)s2Drz&oA zWkir$)V8pXWBNq@k=Z00A6r3i5Yw+Zy_s1g;b6r;>#draqaPUqJ2s!ag)|if3eI z4boMilwt}{jE}w(8}&TWhNJ-Gy?}Wa{v|R_q@2L4+WpJhu_L)T;4wgr<<7W8)7gki zd&?$?f0*N~MogEhD*QXgr^@x=tPj@P0wg0d;wBdhCkM)|4r!)`&O=1VYMlXBuePl| zJg$6p{*!_PFYM1ziXA$aCu&EHop(4w|6F;S-!-cz9s1?Yb?8T}r5$sXc8*~JY#;S~ zb5?oIMb$aH{Zep_YCcbhx37udF6WDvHCGvZGFZitPHq;grh|nYPFbw-=b0bkz~Wk~ zP&Co1ncc-ENhZc~)!+Z}f(KES~6(1MH+Ztc@#;afq1D;G}uTGLmy%K1u)v>va;7T{UyTeFlvyNlKCrZ^crCNH;|E%$;dub zr4se0M=uz3s+~%XS>;t^9uMc58w-+wdSzo50+PXhjI7ni*>u=>B+Bl@W~KCN$^9y~ z&l_*{YjpG;SC{CPO&)jMHfg3QGdS;xnQ`z@auXoa!`QSLE#wL_y|P$dB|G7rH}M<; zkiTT|4Q49$C`*oG%>Ua&BZEMtlw4k%sKk%lG&aL)6Rui|r@S1z;wBtr^(+d)tNBfP zP78KHZ}_o&nPJVd2eZg5F+#u<KRk*}C{jO7sizo;4yP}By90)&7JEF^Df-aTAAuhyQrmPH7#t} z)$pR4DKzWYl_|r%?!pG8*z#55D^JtttTX)k)DIvH@4MT8WCe z;T!6)mqNzCm5b~!|J-d36-oPyMKz9&k8gT-ay@hF&XuV~RKz(DCkRCC$(`t^NAHjK zpk?gl75C8-W%FddNXiBf=Br-Ghd%wq2?m1HH8NX%(5e$%R=D)C#%-S7w*zQFe%OxI z&GJIW1Z2pB1p!9JjAhVqT*xh)Gd`A0hkw-fsxV#@R9+b(1`k!l7_(o|+AvNMP10C^ zfQSG>jAD0DHdre!dxGDq2FUCl%X5xSSe)yi+FXpTT*-JQbuKY<(k@YiQ>@Z+BOVvV z&&+ZqE@?R5nWR1jxxupuL0(3W7E`E%_kVwTQJ`;Xs}yNwywCZ@NM%N zZg1owRNhb6-Xj@RMY(p`2(0N6HJxJ*p_xkvdDBtb*$>0+QtPC+FSj)4it09npZ$9R z2}Rk~ZzR}r3O2W}`VoS_Yj+NUTIquEKI!=dp>c32NV9VGM0axw;Z`0N$|EJrNYyIZ z*LFwRKS}{5#_`H;K3*GXB0gccCG=@TX^-gh;CdDo#HL=;|7je=tJ~f$Jk#GX$V~14 z6y6q0-j8!60StsukZ4Aw!kyN@#4MAB8P)RI#@Y|@9vgEM7vQKgW4`p`3}~dD%AiOD zGVr!}V6ySUhjzc1`G6{@5gwJNfnQ%2ZYy>h0Rjz3pqmBQ9X><$bo?$lTGKY=<(kj1)uN#8h-W; z1&m;IAu)5&v0vUy-_$363HWn`|1AcDaKW>(bUg&M@{!~nr*w~-06dSf;#FpE1l{O- zvkqUt9{RW5LA#uJjj!wfS&Xy(Vzq${Fw_Qf(-B5!8$<#I?Bz&L;Mu);y7++z>}JgP zx{y()D%dfoIO-m68J;%{je@`Zn0#^DkeSpljbu@YNQy(K9pL8}&n`_}zo&tbm;)6O5xvPU&+avOytUTeD<&2L`DC2cWf+1Gx#Xv}rsKW7lE2@6%* zeFs==unCs_hzNyTL%~Q%24B8pL?ylFS^8lt(e;uAIlHCs(`8l{Vo!8#*b!;aIyG!N z`!!X@!9{(z_FR>tT4IRA^%sjhb2lGe%I7WGQIcV~cz)tiD1uCa6n2lHwkr#%v$3Kt z8=qhEz!Jv>jQI8iW>Ltv;<@OnPaghyTp}Gv_R$_W<%LyyxkuBKK!Bdkgzae-| zM#SF3tn_@sJ?x8KgHVj1-M2t?mvJ!1G44`cP8UNs^ygEUYW=eEt>tYM*f#r`@I&dm zdZ3=S-A)uR!VTAWXSUku`!W&gZNQ`%vg5GlX5H$e(TxAdSmlSmOeBBrSOXEfWvo`F z-F`eOnrrbnH?uN-_eW>034yR?>6XZb%SXjr*S;xdUKh-hDbhm{n~PeAI^F+DNgOmX z;JtjQV`Q<|C;rgOz-nz%@Mq8DT#H}+leq-W*50>=(pt5YTnEF&20kiStP=;3FsEkp z4DO4VL_&?jsVolVGS2OHU5MKSPmb2tht<(ebVF>4bpEFngi4uCX!rNqTE>G;T zu{IzgW7!Mv?jYXVXwxhM-hGNO3}syI%<}p7-Nv_XL^bP-AS{{i@STW}q?sPW$E7 zo!oZ{o8!NKRQza_6X~A4KG~)rk@LMVgIO5AyL2)EQ4UGJ*#p=&1fC{wCUrt6mz`mV zN;Xx$*ldHe4Qm^oX6yN*Topo=Tw>4k;Gk-O-Cqr5-QOKoyUmN9S$|+I6L_ZCW+bv3 zwmhIj3fZ5aFVgD(MI}Pqz%lQJW60ivdde_ej3U)}H|K@zqxcknh_eI8A zRX2C*!)p%;0Lt7_B|(8+f*0^Fd(*JI3$uqc2^)!38Mj2=%lQi7a13L^NN5!wAI7{? zCh%R@v15N**C#(Ij@s0JQ{?T)eo4po+U+WVatc0Tr7rtE3xI{}C0zAuVJ=29zJff> z61@R@6Ab_d3lljOUzA%N0>qh0_ciG`{Z1%@-WesZ0KdWW52xQgJ-k{P0Hce&{Ze#0BI58@_Pagb0r0IP6ZrXKf8NrvmJTr88B;((qzsky+ z!j;dkcECa_K9)659EO<$y+{@%_`bf%jKM<<@nEH$pgA+oZKjw7nHWwAp#poyS0+Y? zaC?E7xW?y;U5Zglyc?G2_uVl97JA=5{{8`9$j8EaN9O=Q+JmcP0HY`PJ^|54fX2U$ zn0xgA=M2%Iz<_>G69CbrFq(VfwkH}S?h6&76D)cN96bafG_d$d+)_l09gFvJVoc}< zkIz3WnG9}iMlee+T4&|o*YpbXS-#3d@RIAfr`!P3bAdR~89flNG$xc5AM1z*VWEE4%Cci8GMIr1I63i@`hYV=Ug2%{0oU$NI|3|SR0jd9FLZeu~ zE`$dU{G#AE2$xe*f***{(W0@WGZt!+my>vxlWb2&b|)~VZ*j#vzy^)vb=eG;lNjT? zfC`orauUm}pZd;Kw|s9iGPIQ1%$S=aGs~sI+swls)JL+D0d4qHCp@UP0nRX4LHxHb zIx`#MK`FSj2g|Y2A-+k@P+mC*D-2u;NVld!N-*i@(Kml{))>OzGz zQ9@yaH zzI(`dT0z=wfznhu?@_@`*FqgCu=p7;BH3;JS6OaS#x0-tMc48hG)Q7pxeeYV+4bUl z9%k6l-uX04mQidBtA!w6WsdqL7VbTmDuR0M!R@9%)v(e6=h6ZK^mj5;5tmx&pGA>l zF7_=fC0Ddjvb|Tb2Q1QsQR!!Xl`i}wA>lb8QDx7j%I?4l1*Qw1@0GofD|+RReW6w* zsZ&*TtLjbi#RD!Y{K*YgO0L>_C4Ri@dl=9tDif0R5N;M-+(_bNzRfiOaKuObwWu%+ zfHnHVELSTS&ArFV*^RX9mR=ZIjuqEbDm(>wDa(pj&F+I$hG7dmnraaNg;P^NFtJcX zFyo%4@1|d}1gbvFt;!Q!&&$UoE3e~JW9w0)d%@KS^SkPZ1*is>)`^m04XO4is^&PA zsd2 zr+`o8nCAgGl-2A@*up!#;ZxeE`s;N!;Dx3i>V^aABP^>XdtSmwfTUfyrBf^enU5kKJj*i7iX4?`WXHCR`XhVQlgIC- zdinN;ciU^++Fxqb_3xFUd)uwEn$g;kv4v$#;f3J5!hwLgIk}e5iOT1{j2dpYNR+fl z03e}F9e4Lz#vNKg!xzOuWZ$?|zmZp4fh#1hwkrH+ot19e?IS5fw&gdq0Z&g7fB$Mz z1mqv@*PdFmUzr9zv_vRk5ho?>UQO^?%cd9n6wpk2>^X|nGvLjv!pJB}#1w_KASjF* z;vodN#of&#R4*0Kf(_~RD+P)OT~6uMbz3yJ5~87E)Nn!j;fm$Mr0GY0ZvzO-od^D2 zsyDI^{Ij_Wp!}}E76Gu2@+FG&Y_H!HmR5B?EfIP5y0WdB3=}B+zq-7pftN6KtT!l) zl6_WYeT|YC2IO$O0@U+OA9repPinXCo0gPumnU2xh64G3(%&_zm6X%!NP4o?^kgy~ zK-g(;!~!4uNy!b!PBsH3M}$ihmNejy<@+_Zcbjci8%3sSMf`ieFpi7ZJxUqRv)Ze>h`**t{s!GzI?ZGE#c2#s;2W zFWAg_x4p@7R3)(Y+iJTtwW&^L6sI$)AzX4UZB%4sH05+{RE0Y9tDnnUcnaGxX1z9c zw@>4j%su`}O|SqKHorh^sf z6Tw%I18MMlp?vZ*3~pI)H*LiBZjDsc9T<)nFP({tgH`LY+f!;tgBCFglz zR+xpwz|p1X1-%Zi26awx5d3cTsmPWR{+cV(2Z7@*YgnDe=cSGS zHQmts=>b5@1QHAEDVphPfiRcTOi~AbrnFy|L-Bmq6-ILU_#B9g*&W=qj5-XzA<}ESj3Yx=i@T ze4+Sxs*)=U#b#Km@xXP3QnqNwn1?z&nka2u?aCVAb)Wqum|xo3RVz}<7#C|KtTwK% zm|8x&WVxh!y!vtg(y8Mr8mNHk-1_j5End5t)|POsfy-QXCj* zT7}yNjo7-)3d^mU3U0eA%~~I=o}8ciH}}SvvTfZ48AyMli=toBUtpTww)UXQVHV(Q zYwya&#>zWv*B}A_2p7HY;o+21*~SAhbDYicy!$v_JmIB?&yv#2LGq^D(59*tkTF

IvO*U7{HzV6NEtEPzjMIzaR;+E;)*S5q&c4x+fSuz2(h3y#&i}LI_N|hRiVHC_u>9Y@Mi{+Dns9I&v+g_u5y_4nBxAm4%%2p?qnK0IYR92)9RDBqAo0PWG4;>xJ$jCCX$Ap89AKNcDi z0G3pITfSb?aEgLkqDmC8pEO$Dddt1gZJXKl=(YPzD#4Tlw|qL72YtN1ZT`+{({}Fs zhdt#G(525T%7FcojL%J<_AA@=9UpwZ^Z*1@IdaJS483|J@$b#ek6>Lpus8YX*gAv* zaBOD%nj_<-@H?=;^AAxM4~ea<=u;I4`8jjlp-jf6+;hNHJXn)p(-8>H&Z0G)?=sc> zS~|DN-`X^3-6a`FOAFqzD~2yNz{=>0B|+bEhnBj_UbF;#En!2f1;23+W$aQg-wFAA z^56HKi{F3D@3#!?Up;fgAY_3m-$9>2|ALRKP_KI!FR%VW(1U{);N#YVA5lt&af3gf ze)=#nMAbQsVmT#&nxg@d>}f0MUp`z|fzz^Yk^$<}ldDw5^Vv~V{?*$8St^~`4z95v zLp|WACO_7iagcqbVFRv%oG!P0-;@qO;B?RYP-A<8Dn>&ZliDY8E(j8grOX(4)+B|B2sfri2!* z1A;KYPbwwLM&h;@AkMeF`jg12i}TuFOD&!@HuMD~iWD?>QYo{XHz1G30!|eS`lWGJ z!+nC`6qvH)VX7gw;$n!sEwdWgXi{}FaE#*&4m~dGGj*M}K=sn3X=d9tOM%%WO&r7{ zjs_RttUJcyn0;^ti4JLAt>}DASPsmmu*EzXS9HskL*f4bS3+ryrMwbQIwz0vQaMHE zWuyvRYLZ%|Bi}kHj$p_<@8_I7qB=REqxikvUHOz}KmYTv|K^4NnmB3A?QW4`8yq7c zCoRa5BSS?qg*y(H(xm1Pv5cKZDv(?GFx-2bAN<|O&O+n`Shc%Us?^;FxFh5qXcYz% zPN8lvt9odS#Hxs1#ydM04p$`snD|Q`OFxLcUYSsm*GI0hyL{?rsSwvtl_B1Z7fXrn zspU+~vE9D}!;Hpd#@}ACQ9H+vD|Tiz<#*lw)c1-%mT&0Qf4)g9*8nJ$QBWUupOyE# z?p3m;HRc&7qyri5BRms3U(&Xts-JlY(;2d6n@djG=qGVMqhxk2bx&FeNhgj9JfBU$ zc3Ni7e&X!@xNkh2cDB2$!14^8;FT723lGWZ6YIE;7?UVqS}OdT{feC0WTNb^Z1@9i z<_7ElH8h?du{}bIllI0daZwGR3O%6IP&P02&6yoV$y3#Z^iTE~FvorK>rG}_hJ5{z zseK|PZ)Es!ZU z9+y_>nBL@ND&R#2DBaXbMZ+A1&kRsWJU3{UHGd|~e|&$d670#MdtH^YYBnxk&Txj> zVaWG(ljm$WgtZnwu((G9%NGrEiHnWN=+))BvA_^%TS6p&jA?(K$8S6y)aqE7;-n5l zE_y3@yLp1cmW@00Mp53CHhLLaQ1-}CNFdYm{m@O8J1maO2@cT_6Q?4d#vMm zd`nKjEK2&k!^mPs+7)`yijtnZrRl&mUSssAklqoHiwzBe14LQH?Iffk0jlzmB;JS8 z8br*P_*q8mD;+`Yd7vkW}NCb024Ksz4VcRT{C2Pqea$%kmf$&PU+mw+% zVQAZ13AcE>%1z~F8A?XXnSz=4N2!`o8= zffDNr5VL^U%A9ZfQZNd3($wknQSR+4(kdxBmtNput)=6L&SQAy(hO3o8hCW+Ha_^kj7W`C@jDn2C@q%>meHw;8bYk{HB2bZgu3LDI%+E65TJ8KA_iQS;Ul4h!W zY&`?H9Z3Z{y-w7$9WC1wZg#EkT=JJ4w+X0yw=P)89XXVbciw}OL2z?4au@;rMpzl_AALWV1uOerKj;YZ906XBc>Lwxd&3^Rv9xT^q4 z?7~EFUIu@sg%H5TQ>a)#7)ZRI%=S z9ob3uF3|l2lJ{@-O1nd&0pYhqgVxW8?2^=)IL<@Jc_WnJJ&U8Azv6vZp$S0l;BFFx z3^0rS#;d{|e=5t{fl$Ntsh$CJBr#)S1+xsG4MG6^j3cn^^N~>ki^dJ&Ey4KZ99|2O zIBTZxrLyemS^TRR%Oc6Zyl?ft`0Fmfxj^u_cYfnqaQ2 zdU!yFe$%=Bh5O3uVs1Sd=7hxmJG(~A`pTI^Wup9?lHX0ZCC)d+J3!MN<|jNcI>%&} zDFUMX(oDM!b01;P65|73{H9=987@izCIU|YXHM`e`FkO-j1z->DjDFnC(ak>0z~KV z0(kz?{ii!#80vsa`Q^koopwKFG$)~|;bPyhyvmo_^C3Q=6Ov{4f)fXK=JMBKh>KJM z!Rga|_h86r|Ie?K+9(MF_zSB8~9>rhVFD%UQ3TxmU(~+2GCv z^N%-Pe=UC<{P`(u5W`Fk6oZQZ1SuQUom)rB`#uRgX_F`g{=Z2ZpIOAQQu)6~5-ucM z5mZeUte>Pl*H`|sCtIkaRul$xr$gQG#1;W*G3?-tDOPstL2|(Pnv`Cf<+%6zX- z)p&P8oJj*PFF@G9ycWHMAsE?TS}WC1B$t~jM2 zfGDK0%AsUVS_4SCav9tp5;@CQ%I?Je&p4a+VV817XM$w2bLzV>}iB7NK%I(ML=Xw84;E66hRT=z_;rE5RtTamS# zQDC4j#P33yxE^ENffEBhXFX(s2Lrc90f0E}6XJhX<$U*~G#Qgy%OE2FSd|vs?r+Cy(%EStR%>p<*I-e#-3s4ISOQGdz}+!XH8Yr0qWcx9G+U7bmHZtT<6_bZi-&`tQf;Xy;Gx}VhJ z^tDLrIG`$p1CES8jU+CV5ZQNYP8%5dE@vjKN^n10D3sL&%c3MWS+kGj$CI2;6;g(* z!lA60G!WnHWb2CdS1QScTT?+HK1@)--z)A+OQ}gu^|vM%IBcqIx0r8NKsMZ>CeTs^s3byl%wTjJT*>D&_jPTDtx zUcm{$Bd&82r0S!LvX+sjs=A0Kg%yZpoYvE!hI4DPHkrjB#D>lEHA}#}uI|+&&jsdwO241<6>XX_0k~8N^;+Kh|mrt1FuRqT@VUcoy zWsv20Is|j+`TvmdA6eq<`N3xz3aVF2n0I?m|4UAIXHSE=>oCm;iL$`Yg>;Ylt2D(< zVS)XJLb~nX%myt}5AM7{5aod-W9jOte~T&0ZV`77;M-RlzT3iVz5Oj$%FoD>uHyj~ zS#j~H>Iq;7qbiM8cqLi|RH6bg)D}y%s;|OTxMnTkNV({3wh&yt`y`X;B(P|Tsc5C2 z_%hyh)bV>u?ul##qO{UHgmpJ;;W93^!qC2zp~W6aKO))7&sf)%+8?{IpVK0qJuoS< zHdG~my^vY$UMfWx;Zn3i_@5zTM}&z01tn|Q6H8c2bFfI)wQO~W(*jt}O-m%1F&ZEi zD8fZ3ShxXr(FGW_M&iK%c_?VWDQG|@ z@|b7-`&+a8E5SYM%q`2IyTs9zUkP&Y3)PXAWMf>vmobo7Eu*;jD=`br;>378`L$95 zwUFwWaEV~09{(E(zX|nR=+4454%yviDLnX&R3{?HnQuAc(fZKGROcbXMS#7m@0gn3 ztn+Pq}zU};C|;fEfc+tc54H~{`WSFc(qBxXCJm>xme^(8L}-o zh2exc;-O9$CNJ6l39*j@Do^M@(_JuUBxxE0(U*V}x{_l_H zp8H=t&GZK_`(X${WoomQ7Je?e6zFBZl+P~XlkTy*<)nk0R_$z zRdMs|gdX(nfXII*SO3vocElvNzgksv zdi^=QQ+Y^+g7S*rREz#dg4}Y@_>}rH{c2#@yZc6FNw;E6P*4-)cpvn({*Nsmly@LD z@fJ4mhF?OE>~_%dj=m2>A17d>MVff^VhpkS4Na2haWOgpd{U45{LOnQ26|P)^HhUh z%4;_vWH$lQR`{z!$ccAV{uNa9z(C6Z9BmhSWp|@79CGGFN{mT*ZAMgqKi0!T(=;Tv z#_QTwouPnx*E9$+Y6O{b47#KYPPraC@j{>S&rMSn{OC_}K=+4{=?~v{EHjRM*3uMX zf&eExJGBFf;SjJUfBfsmTOKD~jDDzLurGEZp}TI!;B5ky$-D1|@3U&)*w!fUgaC2? zIR(vsFc!g_5T{=`YG9M{x-U4<6M}Y`AV2)H;x>5Qc(O!S|2brylUs}GE#(b^U-mE; zTWV^R2fh1x-KW2B%V?_XIo!XBvm+H~zy7A2*lM5NMR?oNbWKcy)-x0Xb&5=wP=-3;v zYc2BiZ3H%|$I4QTE#inzfOYb+AT0vqWpJEugJ!OA5}yYgr#bc8V(6)X3XR+5o_MV4 za)!EJ=;!xAS}1Orw0%Cn)&o+}W_Q50Q}CqQ7E{Ql7aYsGnw1ih#E7%Px*U)Sdy_+S1(P)pLoH=nB)YX#x1?&tfd& z<1cJ|H9s9KIL0%NvdxGDNW7##cQi+mWKDYoxHPB-Ya~aWJG03%pd@yr6V3PT?lk)O zk$<4+)fjt#jpJ^GVRxzNPN z68L5GdVv;z6iDFyF9ECTt+sS^A?7dK_5ToWa?;Hu+9xH2S|`Y~kU&wF=Bbo~8P0{G znECUWW(P?LJa9?UQ`;k6cT=QMAt5-wQ~AwE3FDbv%Y}nSe5RwbwsL|%SjIUGn^-JR z;cCmQ@YcS?o6_fUcDp_iUAFR9hOtK#K)u2S?zlhaAA(8m6UD;NN>|431K8c~LuS3A zeOt_}(k(vm0P#5bF!wuT|JjK94|Safg^@>~!gF4bN8riBB*=q676t#Ai1AynKj^M3 z`^itUF_}Cg;1K`@f!Nrc-kP}rJHvSHJ1Hl|d%6TG>@F&HyvVBma4VDKzpu~rzr|b& z98w@IrS>8dDqW22`m`d+UjcJc8baI%Z9Vc~(R}s@g;#?LYd~UWbY13e1y)ioMZb}$sCnZ@6i3!c0(ETriI)5VmT|GpEkG>#xNJ1P#Fn#{y@k0tCBisi%;-{VD7iw-j~hf9?zWc(Oa;C=|)^66`rA#?j0q zNe4dS5DTgv-QEw{SdXs2A7 zJag??K{+reC8$6!LA`KaC*DX9(D?(n}t;@4m)(tbahY zmO0hpBb~?5tfd`x&mzv@VaBr6{pfzwGA02SV+}F-)>7z#2%f{a<}1n;J%GDv0GO&>b1O{{tGIVZ-u}2 zx_4H0sCaxpH+w<6vpuZuq7{K*Xjj=;hdR{f0xC577#o0;wa+ z%8mx2naYja5DvW$Ui^D1SG$(NFc*?dXT>nuzKC z+SZ59v*eg8zF9y(@4zJCU~2!zr^loB!UQ{`Z1dvsR^6|^NW5s!*tPYc!V9g0VJq@@5dGB1^hyuzL% zqy%85JdIu!j_s5%+F7d3c4(2}<5axaJ;^ACec&I_72~LYh>45PizSP)9-#F=QGA^i zzRT!D`ny___lh$e`4N?*I5`LR^U-ixJ0u&D19K+R&N^QSf_DK3f`!C`fI{_Iu3y9# z|8h@2l;&}yBipgfnk^z8tthgsLABm6EV=Tm1?IU_FC}uHny+urnF&xd?sNX|jolJV zjh^2l8$j2QVyfKk{v@LBz1;0TPCb(eVq9)V*ZQ3cMhadM;-1+kaOhzin-`i?Xfln9 zR02fxYc|c>CmZAN&6(IO3HJ-$VR(24{II5C@G^pG(QL#rWoL4L;AScYhL?tCs4OGYmb!q%C18kX0B` zM78dej1kDc{17ZRGe;#hNLGxCG*Yac$S}>~L2iWIt2sMBC96%A%7^bLOw{ETi|~@C zD_|@EE6M*byyR(E4DK%KeY0knSoSq`5iE*|p&D->i{^~uRud@1LBF}9;|yJtC}PAE zWTa?#9bXk%vd2J(5azrwMXWAWCNvz*3v#q{#PSUOw3@9JQhrJ$$_- z10UPSo~27l^&GqUZ1W{qbK#NfA)HTe$XDu+rtD}+yKTUa! zU4F1g-XlKCI6DR&Nn4_$_k!?4soc5vwt{DOo0tHD_s3}px@(zpROk;O4;JFUG)yFL zQIQ9JsJUGl&s-o4fh7=|DNcKWEP9kA+To^J)9tVCl*2)L$GhoPeX#ujM2E^A7sm~E z1-~R7=I=U*`Cz%pJprGt@7_8G-Yx~W?yRhJhJ9WWALK)>TYCxi1U#1>{Mya+?vq8( zwuSaofXh$L1FM(Hu1^H5%uGx)Zk1CqnH6pI#+Vl!1-AexZ80GKtXPIsSa0c(VJJ5- zuZ01dAhz)1%~eJ^>E-WSgcuWn$2ci@<6~whW}%|1E+ck`&wOQ(CfiUp5AVvT+;fw( zom6!-nWO!RTsv3!ZJr7JnE{I$HO0RY;K_*6Htu@+z1y>950au5Rn>O$;ksqu)CJ+R zP_04=$Y-cr#KnJ9*J;-77CL|;!l2Cl*Q!+lX$4nelIou&(MW;@2Zrmoi=j`p1_w8U zZ;H4tCS zhx2>9TlnDIb5n!{j&yipWSnBd7WMPv{r)E{N$jl;FKc?uzKBuBb8S++hOXXhBM>?N z5}E$&k>8<_rUGabN@$`;Zmidg<@Eaj!bYv>RRGHB827{yZ;s1M5xJ{|s#iM_a%7ng z-VWu9t@o)CmtN@zdYysj47rCLgzA!$E~tD8D;yNCbv!BlYUkOBkcX5|;c@M)k)OAaEfLQ9D$yP_jZXmfyhU})1 zilU@hWnda^iKZAsI&LYhiY`fRjn_7$$fYv~#WOGf z?D2x8KTh^Cv8VBq@${%)*ozG?t@{d{S|~hWTDz*M!ou+Z_Rpvap~NiHKox`F2_}_W zARYR-_Pk?bPtWp`F-qxV<@weq+@T!gM=A?sR*!Zb?lu`ij&BPjS*Z+( zqoRHvf3ZR_2cIMBPbggOe*bpPEtbNytCGQLwB%P~g_84wn@89$%NroV4l}v4F8(4#jQ(?|QHrulq`V(@cTS zXZ!SOGL}XYQ?q4KVw72mwtaSk`ZePyvjl&w8a32p)y0@0uj?YDJay)sN#{_90B{m^ z+|H<);SfiKV<`lWvK{glCdL>xsX6AX)wjGUh__|3O@XlJ1-G+bl3uo{TLXDn}SxrIAvf?TN%J}0a8~RNm-ZI4(SIaz4Dkl?{*%9YozoqELTQTVEos*{A9rqnis&hU~ z*jn0COc?-W4yaK7f$Tm%6-HXe&=>uSl+n2Q9QnF<-hV3FG&2zz>oCmD{ynxr$d zVi~`HpnFgOT{SM+v83aDZF>4*uA2IRsNC?XT$rem(nvla$!w}@*>UGz%*2WqQb~n$ zu~f6>#AtvLdJw?jPb(56b%6er@&6_z@YAIzTtW}>Tu8Y6KO>cd@#M*@wwi3IqMQti zTY#ML)Wz5=M$T+-zD<*>(g=)FxKM4NFkyBoRnUDi=Fm~i*>&Sc9Y^Xq>Lg1DEUX6f zHKlpobLaIv{q<}vQO`g0MSmHuT!U%4rCxI4Rze=Aylv;lqHz5F{Q}}v{Oh6K)Ix1h zF!D8!=Nrj5a5BC6)}LX~jW5?s1E;5?ka!+s3@fFTV7s`mCe`lY`>}b=vB~3Y%K|gR zjooM*CowKkJOBbq%+)d5GPLYFucZRi+9q8=!MF=W2{O$VhW&!~mY>WBM~`h{cngQ9 zS*)3FTlax8f1Q5%1f)%!j|l&PC37kwno$DxA$Q;$OS${!i5Y6e>GlZIOVrrBWA39$ zWgBo*@c;ra64=n{+7{3n*fb^d*^Nt`{p#q>fOcQ#sp7EV}R3U+xIku&dOZXhg{7MEP%pw)X6ZVxOANZM-`4(pQ zq)B1KkZ*xm~F3Ftr#Vo$$y}mG@y{W^CRMq~wzsUEv6|&b7q8zus6Fp6ycUJ!n z_AU>o8Z4^CMlh&EeSbaGaxqA{s>J$n+uRdr4`~8%XHNTKHus+ui>!qPtcTDp07vvl z5VHWP!U62}GR(apg7dhnnljhm4B!)4M zIL$roVKX(o$&^7j!9fKSLa!s#CQ&aT`W$O#>#B(G&lPZeZCXC(d3ktbS+ip)R=i~G z;{B$!T&_8(TtneoEQ@Xux&bE;Ov;+4u86fv&moOKrx3&Z?N|%n)(tt_0g73Tks}8X z#&BKwYdK^V4&l=(q7*vT*0rs!&fWJT3U%?gbl3G@v9M7DG9uC(<_8j3U@!zimzhCH zgf5d&7yOqe0!g=EI2!9g>BIf*LqQeTSlZ;7PeG%c?UOzd@>r9$D#e6+j|WK~IaT{! z_=b7^Xmu;6Tb0dKzjZbcjEjKHLM{){;P|L39pBwThwTE2T9{cDZ{#0 zhK~`s1GEf4G(TWh54b>=z z0VIXtpqe8Lqla{-;$yX8vXWRuVx6DncdPeU%P&8ZmBZqmyWrn_GX2PAMOvd`e;AN> zT{uT2f9Ji1Z$+56ggWZbe0>*3o=AM^;V6Dsc#*!Y8N`u5pX9I;!dMyMp$of3M6+b! zc47vYHGOgm+%Y#A5vwyR&ugZs2pO#F4R;>(N6GfEVG7vJ z4Io*^wZjf^WJ|Lm2AwXPu_YRQ&|fbqxce_JUL$&{w7M<-W&IFbo$u-G9@8jy5%7)o zSgw3o;IVh*t0CCX{h>uI(}B_(he{u@&b%j6Hq94EbAiZoAX~25RwQ8iJ(_|6_m7!C3DBgK@(epM4U*6qM0!mr zq@HIb=kOYYo}e`LwX_9972dFX<=cT}isI4_zuxqC<_S@>2LrbBnTs4yXab5}<8CqB zwo~LAJpl(GnX&$r0vGHI`fqo-gqhmQy!QNXqC%hA+oI;)&UD3(i|hKuaPzGd>Byx` z-4GL(wCGrP4 z0&g?X#t$r!f1rLCD9!)O>sJav9RTqXp!b0B*Y%&oxC`G*a6pB_4qLGzO{IgALR5`C z(54qNu{wjTj^0V_?QQi~iOA^fms+qRmJ@LTl+Al|ew-rdy5#m1P6S7d9WTq}5+Cx( zGwtytYoE;#nrLn`)^)eqT^&H*eW2HL|Ljg9(YH^8@mNuXy7BYOM(dL3rkkV&L z0en0di{ef_rGnm5IiFG%Pe>8ric`&A_f~uJQ>B~w?Q)ZVn^(9}c4L6j}jUG<-98g8G=J`dWiKTwO{X@EVeay>N|f!U=qvfKWxr?Ft$ zD>{3&z!XM0jI^|jZt>6O-Dm6|#vBox}T~>Ng!nf|Z z^>boxCzW(8ZCz$2mnptOPo@3t;~2K6wg z=P1?Ja=|!t$JOjjrmoZyHV!v>l@wvM_{=&=L`7F#Fa7B%b4qN-|q10Rlg>%#bnECUO1c3d!Wz5<#NG_ z*Zd6xAUWMAqN~J$RnZB?dO|*&CHvFu!{!mk_#o7FnS=!@Cy{c6QiT{;@A5pX%}ED1 z7kxmEAZHcd`-%jY|6Y#KcTe%G%w*f>CVQgU&HP%#U!?JT5##J8y|Gv;;ZXK2-K{`~ z^$nT+z-I&dFfHy^PJ3dnc33h~JKKYjY4nwCwV;*E00|-*o;Se3lT*p_UPi!fPhjjv zpu+85N;2O$T~fB;EE?ZkBFmPNW1S8&K9bGqO1)pcM__avmYf9KRAC5~Y?b`_7qJSHSF^nmW#*=BZLLl7Jkd#w`Ie zsIIYz9)88rw6l<*GUlG3Jcv7AH($;_+Ka6p>!waMpG2Pppz)%k|8%k^&q%~Q0X-e3 zi^hZ1In%RPB`b$?rD7$pYR*5(h>R#)tb%L9ot#MoyIeB9+`|RA<6-q6U9!nL8Imad zo69M&aI(NjSE%;H_+9BirTr<^(&H=doU6>R8`36WyeGCYgJOg~b@^jK>SiTB{2mNs?rV0r(^myX0SY{&CNE4ex?=l zo&J{BtE!3LTz*B@TzRc6Bj(>~k3Q}?zq5fSqVa#ztUIMD+Lx<1KHSVG4mu_Bw=+qp zPXap{x-+~iJqvFHMgQg^;SCBtOI_F+>56`<#Lg`cv;8A$XG zfK00;maFfb#qF*&c`m$;=|Dgvu(=?W=h-zV6H#V?U8X+>7Ns|bS01H?p*0xo2pc0dzR&2Yh|yUX#9Mf#KD zBjcpi?y6{Q`6l^9F5NE2hH5_wKrKWIH9OIfKL`_}qszR3SdH-KO|9#nMQ$u(L4PzU z-y-;Jtk1H9L}yW6qtD$~Dc`D}dXBczBGqs{pEta;&kVkCYCMjNVjNs)w$$gQ+RIdb z!uaJwmh-wh+8Kf zyH0%@?GJ=+n=BOP;m z!Rx1yAcHYs6%E(>Elaf-Nn*e3xdtk)a21dk6Pbjb=gA}L1gTTls92riNZkg~o&?jv(QwlwzhkYq?cT!|@6!hEh=eO9O*Hkmz z_{nNh9X5uWDv#K9i}>$0H1JCu*Exj=4H@@sF%oCOpPA;5GUL2ngTU2h011(D`yTSR z`Jd01xcSkQ=b~1+ah6Oi@4q<@w)+D3s&s+d?lZk z(Mr+iS_0^B)FH9=^fZSeb!XKG$@5um(>-U%(n)YXS$+FB^0^bz5J+~6HatmI!eYm7 zWVV~2kx&$kdiigWLE}LTP->5V>fJ8#0Y&6Cnd3H@)E>H60@y%UE;ojriod-yh&N6f z*>zr5Nn3B{qD;wDw{?B!re&Ek>N9&PgnXAM@X~D)TX(pH42@?)4NzTkl2Y2E;!|D6 zm}aQssI+p+wPs?_qoO~z%ja(!(RPfp-|Vg1li5aZ{LHdnd|$~#O&Z<+$mJwy$m+Ou zlT~ldJ-Sg;y4mQHV+JeQuOcZFU^E~ezdRhn#A~`zIE^sYX%%bCkC>YcOO_x=ASj02 zqQUHvMxN^}*7n-krU~sllokv_5e)$~Bsl7M9IgIVL~11)0@O7qITPj$o>LddXthiK z%sN@dzVVg)-4@G@}Z$!w|dY@GszMjXGVf+M=2cd>eTw85ZZJckZKF5{9*Ze5Ni!ZqU z=6vgmot^qx05#+IM=3cm=26cD^sMA(f5qAyP{VVxs6CZ3H1sh(t5tc0u=CNs?UJVZ zN~UO@t^qA;^;CAx6-cuO7K)+ok^(EV(yIdCfoAd#FTS3;s4@T7d`b8lD-DbXz&rvF z0(2``7gJ14uG>DAe}spIYw{H|m5wNN>SGhF-)mpXfC#4NBD>|*7;4GE(dr%`-LhJZ zo0RS(o}sf$D)e015UP*M`L26joZ~F(;ggozCNsiI-nV;$ciuS#!_i#afOaz1r)Xtb z3apt3b+i0KX;JP4PB4nT1%LAj+*rRWG7Qtvv9iBj(p37&x>hAB)Vu3{Yr73f8kbP& zzge~3Ym*Fdd+TaDYS?U_76u0M{X~&R$*5)+2;S*t0A z@z)eExF`P7Vsg8(HbdlJn!1=K_ydXO_3dM^9Nn~@Exqg`o3MMS>1k?GzBEspFIZh= z--vP_U9i7aqijLbY2-O-FFL9a&94Krtf*LP3*WX(NydjuhOIw&>XvlKu?_)@=WYz9vb4J2l(ffed z51cOn^nu^cv!tEI)ZSJ$OCgxpGSzcE5~6%2uJ}4N>!f`=D{qu77c1A}cv-E?qz{8+ zo86q`UO2m_DR7?{##zI$PT>0WXd=y=iQ8j3@B@l2r4H5)c!;@?dsUo!qYD)i5iTd@ z@j4Jqs@6;O&0rw->pV3^jZFPTry&?el7sX57(7MeEmqXHVp*Y~^-b%$sU%Dq;Zoy~ znkykPC2ckTps7QaL|!a0g|gXKM|)bQb!H9~M?Hm+uCJnQ&7e`H?$9PBMzrxiOD&#s zVqIN?9-|D27UtoXut5M%D8@syiws(2K)diKG-%JT$&*?$Smz_unA2)2$I3$9i5eDy z`&P2xV;KmBf8Ms>8YU<$y;@CIZj^rbm`aRHGNQNkqK|B>;Q;hyNoA2JB^M{HNgDg^ zyS;xJC}|?%Re?@7bIOanLwTe zWT~80$QE^~DQlq=_Wmn>tzLJ1yp`fU!oI#03Tl~g8-A6uKj>#Az*eYrwjK9?sU+PX z5??dtX8J#JG|G!LwUQYTKhh#77&=V7r!ZpPAoao=GF3%l9+qI&?LGwfGb3*d)uPVo zd_>;{M0f=qqN0I>B=$Clgc^%i>;9CXVu$PFIm3|QJ^oTr>u=|^+gu@kd^~twdRR(e z6VA0%O^uWI#ls9T-Ip$zxX1KkKm-COrv`vW4T42erth*SxuijV%!XXu0}Kmi zNyS5!ti2}@nU91&n*xT?kiYsFfl+O>ETl_6tR$V!ScdVC%R=B}Fv|=^w}%rnRCd$rtn+5NGWkg@A`WgzPy`KdSY2`K zF~YCMnW3wbjXq&PV{~7Ki=2@^tAl=ZSmTn#i_m;RPL26bO=_eL=dCm**!u)ub-21B zFYBvp>tS783f>QGU19EudQZ*k3+eUl9I;rwgEkN;Cs#QOwjhBxHfzp|;5nxdkiC3b zt#&QLJduJD*vy|@9Kw_ZN0IF6|Iu{j_6urx5RyIi`o=r=OcJeO0g$tnJcGS#<1SgL zOfG*8OqrW1QTiFt$<*H1(l7r6J?x(QZkF=zioKTa0-{NZ;a$j`i6UJ9Apu8%iwElB zGOV^(;wPO_K6)2BEf7K&NjM(|$H@!WH`mZ*WfPiz9#!2mzSKr$Q~%C}qg%n4oa;~X zHBYbJP#LsUC5vSMQ^wfhJC_#F0=^4&7fOoPIp+3*Wu^(<1MfPH$Ja(|oSc}K5SC7? z3#glEH%cy6DGrS8YBDXVj7h1Y;{8A*@z;mJI_8LhvE`eRiiZEv(cn+=Ebf9RI}Ep` zI?wS=iOVkrcyHNu!7yV9upL)(`s7)jLR*q;IiFX^n)%ywTLTi+a)qOD_o%rsa9#K? zg2xD_I9;d~Cc9kAr0?W^a9)J@Gmwafh1+$XTs>1 z2H?jLgV}3S?@JSaEO0K&^nE}})sddsxYSK(BRw;F#;r>AqsVjZ*b;;5*cle{VPG4s6o< zYnNg%_E8(BPeo~;vdvZ+k$(2ZvThXDjasu+Uan-a$pqqmhHY-^OvHAW5()eW+8F0?B|`uuPHsybRZ&R9YD8$ zVgB=|vy%4%b0%B;B-PO3Om+ai9lu9nF<#umV(!%8RYfq+V&$_5iCS(w5glI6oG zv~cUbWXTHcbaE=h6&;^p8nbw2)K5Af2nrIh>xr7k!5J0-t`B8A&6~ z0H9_XE4Ts=p^~Z%yD?Vb^>V&*qc-dXzQ+q5_G4Nlav3kJTOAwyGOA@8R~sE`0(O|h z{9gI4Z9DezJ@o79+9)2`7=@c=B3D8mtv#?_|1fexrPG^;j z1^sF}&=%93y*eu^J6?ne_C)tfcKVRAQ%|L!&cT`BAf{jlEqV1>zI58hzKM&`GPc`s zWb9rtJpjEB9>%%Y<2tzjpXN+6gV6PMcc+)dkA0#We|6Yzys5I2_frT8I|z)_{`a!g z^eRKm^r?|$-x*h?bGqy$JmP*H39E2t@;ro1hln4&cE4$ngmU{3TLz&z2nKX=L&o8( zH=m`9T`F>=69?iBN0<1s<0RIxBR^d~7zHDxz|d*MA7;RLxSlz?f~z}J-1b2bW2A!( z*wV`Wne1MKr(TsscRLZAQcVuDdr$207ue?V*P$srAcqI@*A*@me{d=>Mt; z>1yf>6*oZxHDzR4UUgbLTBLA{F&c=t=i#KE@8KE5Xw|W5i)#A(2)q>b9^pbMzqb3M z#TLqSIc@IS^t!OE*Ba6&P?5}~&myCHu9hsvJxnvBxYkE=>mvu}A>fF$=Znwj%-0c; z`yxWz*dN;^&2OIlT0VVyM~xX9oa5tQPU6Uqj$y1t`*7qs7DY)lSyNs3j+hL1x|Q~l zu}u$ikryIX7tJd+Lj9O(-^tHuTBgR8i%9vxF^5sFW|SY}v1)ZG3IuW-Kq_uVY!(&l_rLUxRBG9bLGggaZMn3@gs?#xZCPY3<%j?byS+R@ zM02Meh&t2qTgUL!yGv`}$}mxf#wb%FnaP4PBR_rsfYwzEPPxamYnT1=hMotb%H;lw zyH%?I2JSCV3tSD|Cy58#G%D*oOcQkc3L58gRSZZ?XTgK!F8Mm(6|BQpjBIWhr9-kw zI6Z^C2WkLnxlqo~k0rgnbsGT~XKcX4D8#U=6CfrH=8&eqtnPG7olmR zQy`Gso=w9bcR+cJ`1iHh8PljS=@Vi~>=q90Cox2^-U6}wwrw?iW}pzwnCZ6*Ag4sQ zUQwn9Xo`7dub-4r|KJ_wBq4?r4DZs8k+t5-&+)hOK?$evQ~IA~AO`SS5?{h6jXB2i z-oBbQ%bG)rN1LRBS&h|RWs_>RY_qIcyU8D(Q<{9^B!78Up%po25V*c4w%l!?(9KDP zG*<&i^zq4cTWz@xi4GNtfp73m%q!rvVn}1cS{a4WRA-VPg z5sQbBq&uX-uu;3zIOb`60S^)LRKNH*q?4DM^pM)pf?qJ37eS33qR8c=zT0@1_L&L{=#L5Y*%;a}=_KWgx7gb=l^GY?&i)rJ2cf4_S zYSDl2fz(2Ac|&-y04+3YSv%Aqt#4z~v$!?m8GtA>FXmj>=j4{4Sy zHFXN3Hy4k*A8p8g?BPi2lALBWaw5k7elOB_TsXu%t0jUBti}@>MdEqa`NEj)wRJFX zyTASF`XARmW4ZB;R&)9)t@lr{=>{z*6Z5Ae2Gcj~8*cUosQ`biHojmyspEz1-J@NF zZp_)s9Fi~$nE5}uJH9?~w10;CIW<@Yvu+Yy!}Vk2Y>-piUlM7hAKb*;KVjPAuKMt9 zu2t^3BI6#eIn^r4^w$#eba3NKLskHQx{n3$X8Kb`h4cZD%MfBT5R~=TM`eWXYKba3 zRZ3HDgO4O)0<2`1nD^CVcz2FzvR&rZDd^OoqKi2V1w=X-a7m@Dc2>%D@H}pt_jfpb z`|s4Y0ca04MCbe4yZSUe>mIpt@bu$P72}rEjL+gs!S$1n1TnwtG`sa}#@&u!@#pZ< z_|*}Szxc@ke%J>OzYr~B!0D34t_Pm*auUYe6RKm? zxa?&!DY;ga2jPMKEB=x*Tz$}x&~Wdvvv}pT@<%j+qyhv$PIU1IXg_RdRu!0&wj-}#Ljv@iSQhwuu+sN^PB5mI_|poslj z!hM#C&e|9nn#ACg=ENhh&am`;(Wk1${l^?*JpjNIj;n>xX23yK#s;}GPwuC2)j7U5 z_dK*HDSF`YP1k?9d!M1#k+hV}!K`s##*E^+nLS$uKP?Jfse7_jiQfhk(^A)uM8W{# zK7U@<(65&`$DY&lsfZkhKbd}_Iv~NUx@^`I___J-EH5?DobiGH5srHmWVL@nO%+_` zB6B$%52A?2l0jwsj(T-m|9f;Dyv0ls{foH^*x=`4eIUz#3S4fLr&@@jHosRqc8#k; zo11|`uf7E?7X&VnM?{S3kHx7>a_J)v%^5E}(lD^lA5MqNz9=_a+_z|VyyXi%jWV~# zKOP4B?Rs3S9%n+1+vmY4T7va(6hL0%NV9uRHQ@}9AjfYZjA8c}k{{udLT``&`e7R$ zZYq*Rkd)=d-79G6(|SYCl%Uciqt)>w$KR`U_ieLbyM&fHAT4@ zh7^3Bjmd-CV4x)J{A}%Mg$Id}uuWbp*HzHoA|?7`1Y#wkY8Ik^0_lxe;t`q8f*xNb zW%AoVAm}73_at>dS}g!3Y2%Sk9{Qv9iKasGkA)|i0$EdltU6TI|L{{|bGMIy&VT2_{w0Je)r<|ly_+SQqHgNeVw7LH>jxvxPv#EjPkzOIQmTXJ#y;hBNf zfX}sYp2xIF?2EmLh8jlm0fekZ~B&(E_hR@p}zJlP;hXKMN}*ibBit zD$byO_=LPeROleI@GIyeQ*rrg#mbc8Pl3gI;c>p6QOedJ!?WUtp7#dvurff&e9e>2 zl+cGZCA~*ar_M?OvnX*z&_7`gBSl#aIA)glYoEFE(iOcFYTFdF`!hcY*mB*o=@k|! z(&t;RX%20Q501)y=>Y0kaE;xRP(1X%qQG_(81wZk2uOXI#*ffamwF#*VMitqUc+OZZ@;%X^ z{;}^-e&A9j1%~I6$GjZ?W2}VTmoJf2s$ftsziD9Ys|#11B+(h~#Og6P5c(Nkw7+QB0H;5|OmXGcw@EeAg zl0Q_SJ+91MuFW{E&4M_Z;6-gx>&g@~N{aI_tB;*0a|T1|i%?BFO7@ln5*nr_373y1 z0Wb~5NA3D01O;<6MPVSO`Ers{1sYU{xi=tGPz#7f?&t2iWApbb-=`qVe!^XLAuA+Y zOA(FuM5EPTRoLzTf4OpmyPu+4{myagBQ27DWK>^05+-p_4J}yxEY6UaB1yy_~8j)6CkX3;ccO_6n{?Dg$22mN{NNa%Vv}uhcLyc>bjT`#qCkXGM z@2$fjWPC)@9*H(u?Q87|#e(LeHpyQ%`2&R$*k+mE755Tejb}w*cKx&Rb&5PP-j6~c z??hY}psx6K-jQ~?o4mx-OqtNu@AUQM&_D~jdaFpX=si-dUWW_8r>~Vdfi|5$y_z4z zlyx|vI}qb>93{w2s^GvMsPn*qB9Yu(A=?Y#%mCFtBeho2{ghm1zgktw+A;VspY?ax zL1;Y%ro%m}LxSkfwBIvAW1Q>VsYa2dwo>Ar)_L`-SfnMYvXbdjK-wVD{}cMbqyTin z)-z)z-Trsas;Ts=-(4cwtvkBi3Etgu7mbz06m>#xGrYn1Sx%#D&~U_)Q~l1VcYW{e znx$TLCNSAp4_>=G2N{pRJk3(_?sVm)ul5k}ARV;oD}!ES{hKbk*4J#+KtgW|-`gSp zW@xe78jTuV^KXSXwE&s{B3ajnLei+_V&hj%AZ>UBJU@%zCP^t_bHmM0y_!v!ajR8( z=g{muK#d!4txIH!>OJ}VCIL3MRUNneOSZoRFdXt$K|~vy)t6&=iS|h;xUvV8D@7+ZeTXA_do1sY524+DNA|;v)YX*N3d;^?@9~_6Z!xudAO5r z6l21G$QGlc`pfBM3h5*$Rk+Yh3-aAo-Q4a@aM#J)@$$?UL$jbx%4MLFiShgopV`TZ zYuIM_i^2wqdK^^zZ}Fdcs8HlmDVi)B_ko6tDhY_9BXxX2;Yi9{G`=gW6_C*w#Y8&%R~Atg##lU=b_Tz}cB3;E7P*&SMbYk2ba16Euh(au^*(Rq1G%DK zxMVD58Leu=s5Z`@x8R`f8>>sFS7@r|y(UR)u^_pP70@F@kTa|xriIwiQuAlF6AL5a z!S?~n9jC+J$m5vG))I|E`q?|gLF>CrfkUcuVyYWNniYA`je^GN7NY2HgX`5&)i!JP zr>8>TduTEs2e?Yv@dY?<9l1c-mGBA=f}R0CPjBv0c56Ic`zo3gK%656cAMFiAIPnr z9M2Q6>(4|tO8?Hg{GA{9yd;tNVGRy*#RC*D^R!e{nJq!K0(Fdc^GqkF8Cb!#05Xn$ zTP&xRtF8h3(fQ=~<*y|!@{5CqtXonuE3*K&^yUiLqYv(zOJ%bw*|`5vq$AjMjoUCF zbBgZfYU9T2D43|$AyE4&D?kA*vkGp z-+~9T5$dsyvzbIlRn)<1)B!($ihp)BpPd4F2JZfGfOG6Mo4H;_p=3j_ey^%NZ#Y57wvIdiLc={`4lx^aBHQ zM}p;PDgJnA^BBdkT`IjjIClE?;PeyK7kT=58>{~${EqTBKmQ+Dclp-j8~+V_4I4GO zVRYjNVWgu`YIGx^5`t1HsT+*$PIU+fC@~rd9qFV&q(lj65D`(azTEr$9^A)$9QVI) zJvp!QbG|?CmoVqyvxw^fa%Nex+uM~&`QbXcEHCaCI7EgpN|fh_l$+1X#YIP@-uSy7>GnV7QCjWL+uYNORKfqjw(R}r7T_2?TC8Uo5X0isp<}sV|;oz0f(q&<& z(yt?ttBlw1;H)wEiK9cUh3VJsv&EF}SA#z<{`dNm#t-7;v9Iv0#Cn@XNx)bzWzsw9w?WBOTTBoe!J4;LOP)NqyG_ANAtjLFNwUi z+hd@MK_7elu{)NJbRvZSe0F{~2t7j3sMK!H8esNNH-XQ7f36Y=(&o&zzc~+a?-?Bp z-!|pD*dwl~xo+y2Up>8|Z+m9#)hsUVmM6#LaoET`^|g-qdW2yD&qr zvYglX1W;ZOWHVgf=C`d6C=G=P^0mIpbG0b@58+T>EU*NzvU`8;mXe=gAbZTIU!&_w z@Rsc1!E_@7A$%ra=o-&8(}Y^8e1yQmt!w+L3XVTYKJ4I*uEKz$dif3_TCv`RSa`1$MdFh{S@xyUnHwe~u~-i0p316R*zyWA~#| z4v!vFOe&=Haeh#Ha=po0$Ss#$hU*Nk&mcUAHed>yRUA9&`j#y_^%A0DuJl^G)m&vt zAkVPIax=A0bWysR!#MPpq%m)N7=3w~z*nZ`^Ra0R ztx8tyP)cOIb5&2aDD6kv?Ls$8jsDIh-4m83?{HgFYSNkbk0gl=km6K&suuw+_ayyD z;&Nq1;4(;YSXJfrg%KW$U^BDt&sFO2RYs=9H#Q60@4k?@e((B2`;U?DK+L!mdgxqZ zr4XB+gK#hokVO1(!cdNbZ4epdcy698<)a>5-T*y&cjOY7al&Sp+Qh{~U@N*Z^_=XY z0A+LCAd1uFSy}!nbaU9&`>gY|{NP4s+!%d1d-9N8+SLati=9sd?e~_bg*P-M&uf}> zQ}^q%4SK(_S}}3!G&w5_^EjmMJ>@@})O`^q6uQ3tt-yK28lxXS{Hr4B-hA}J$J2y_ z#Tz1F5z2Wlae4{7h|XIswVip(Jr?TU^8q7*CXZA=h5FxBn^af_(tV?po)!gl=X@)0 z9Nmv8nvOiaA9T-m>zg9?`+E70 zo=1=@X?w8V3CEepZ0%6wCW3+aH!jVEr;=l37bZS8oNOHU<=X1El^w-UP?e#V!}lle z>rYglOZWlr^RK@<5UNP{qj5u7#fkDKxhhU}iKq+~U$bH?R;UrUO)!~r0Nb9&mD2xXp6zEpDfg;u$1Am>sM4~5`d?)6^ib-2{c=H8At&N*iu#K`w`x| zMk?ve$&(7+*RnTBKPfe^&tKQv#m2>1sV2`~UAuo2+2H7DUM3Xjs zK7MqZTp7$vdwT{DE&jwNAkr-A?hPOL8N`byIM~#)lDA{}k&>fc|GB+iFsmcv;g61c z3~n>eJ!XeE#{wZ2lCzcWES)m(ii>wPZ4E4uJf|kk6wm5XH(SvC?V&-szl)xVZR!5EqOGpPa;|=QQ}RILT?t;X##-1T zt~(wrn!`VLhv%NYWWt1KjGOSx31^4~Nq{`@4iE68#7&b+ViNHj17y6WabUIl@bWRH z+F@4ndgPT5RI09IVsPLfDU35g;V5cc_N0w9pv&6;{Jx{D{G3#w7CMxfJ;cgICi%JG z089csY%qE+2KT;thFjsfqK8<7CcVLxH=~xV%+_tgazPO#%G9~;i*)ZJ-dS=hr7pHS zA+GE55c9(7)-u2>L zt}S=y-H^B-@;wE7kyOO_1UW4B;m=2(03_Q;#E1%NhQ5Efw&K>AN8e~y&c=V-Fe4`z z7=o?1u;vM8fSp_)djrh3O!u}rXq>z8f`j2I&tTRJ0y>G07dU;wU0-`ZHFn$ZF&5(s z|KM*u5uB>@MJ+r4lW<$#+szWNh=5EY5`NSGl>KH~&KV@*NEkAKKDwj+^2_<$yjdA3 z?r!AI71%GBdwoAx*_0pR|f@Dc3*Y&AK0c;XdCU)BUAc`H|DxGXpif(gdh_ z;Rj_nxKIX_lfX&1#o-)((+2;ICZF&-}$g)%UDo}w15;Ni^U7!m*4bBJxV9iB*`9ZqDoe@rrOd|Kb^O0P-85E`NMlJ@G ziD{UL*+g&BE(#CWZAKl?1`728KaISdIZPiwSx%$%d&_`bF+Zcl+m4C3;u8|WBtjO` zm$kSgy?g1M8uJ2*zaFx$0SnY8wp3Vdd%l0tRPm{9_k~AP)DmLf+LPYCPMjTmTyd-? zRF~)UFCgJ6)8}5g2S91kr|pof6Mu5T_W7!Xo@=`PY2*$e$Y}Mn@V&IlLSAhc=!>n@3DL{0$2C~(sV z#4{|!h;N9X$Wop?`UMm|1}dWp#dZhpq%*rdgWoG{kH~-Ramonh860&@q01&}0^(D} zP45PpydJAmsAx|(HLU^wg6cK3(~Xn;d*fB*9`dAS{-qYyw}Z}faswHo0;I6t42y=| z)E#S-*y*_k_I_ol^GAP%LWf zr8o;(1P=~wSGtC$!yEVXn)UwGeRXa8Ih-97F^WK$4~h%;_rAFIdthYFy#5y(q}Z%g zz8q1DC)&Q5P@O1V7F(A|r2!*v!zWz-!v8uC99TQN2k5$pfX^qxwUC}RnVE4edz6P2cU zviAExx+zldlK~(i$=puOsrm}je(S-onAu>epqWEOlJIr%Gkdvq&v_EojBSAR1a9`| zTE|}uwdMAz2lY{ z-dl~Vh{c$;W)wSM6 ze{}SW`TA2t5`%|yY6apj+kV))u$X?5|HS18Y$l8=`GWv^>5gCoUuYK%fyDqoFgu6K zThU*vQ#MlF?rI<<{JM%0d6h?tjqRm$^hlY3vS-5}24n;&6UK+8i!%=RnZRTff%3?+ z6vcz`nVtM=3y_{`cyLGLUhS=-AwnYPLZOTgo<&!05Ol9)PbLdqL==9& z?$!O2t>>GTl`B|UrtSN_NQ~y-Q#%f*;|aXh{giwtnJifLdL%lK95I=8?XDl{E2L(@ zKZ*8D^m*y(dBV+Z*0ZNP54K>sK2IYrPhtB&J6fjphhLo!e93N#S}cOog=Lgr+^ zy~keM@ky3|a_N59?X>;@)z=UTD@)eb_deJh>;U^!6ftCkKRQ63(^Twp2*GT%PWg>N zOuzfx$FWo+dQ@+qGz7W$tbgHZG!3k}STr#Wx;{=%2gh(&53w7`9~;48OhNZ%j17Jc ze~i9xZsJR=x>eM4M>=fBi$2+hbf>`Wp3aX?9kX6PHlf4KM#0zH+~a^WE%vneE_;Uh zqw)SdJxJ{!-J?0B@BsNWBfiBYf$fVz^66Mufe4DJK5N)jw}Fp# zc7UiI38Jp*N2ubG0sCSSt1-J^I1*HjN>K}xz47}{ETHzwt2~9jf9ZgD zLtdZkHNr543){jZtgmekp6J_xH$!~Yl{C&C&lqDAnY^o;;1OhS^sY5ZG`?2%69 zI8vM=ww#_lNxI<<@P1}|IbzG?m7)k1IOI&({_Pl-TX79Eo%(Sah9e+&j=iC7kLb<^ z07UilHNpq8CqES_L)s|C6jmp}*_Ldm7$pV4Nz6Oy=o)5CoyLVkEWu+t2b9&Yp$c}a zpqJP<#_XodJXy=5{U@ZWB7&u2@T=7YN%xj-KqPo8gFgoKE__Om$WDU<~Ej`G3jcTI% zTPc}lesaKgVGQB;lq-L?peH1%Q6{~mRXU!t&M*G5A_@ZTuTrfkxjgj2E8V@8P0e}{ z&yg7#__UV^VEhyS-9?9UQZ`uclRKb`K>+Q;b-*p&ZZ?t#=r*ak3K22axu^iot~`Qk2!2gPgt+d~uh>;gP&N|DLZYGbBJ z-J;)J0o3OnKSvi{{{G&CXR7z4qb+6esWtiGKPs#{6Y{PUJUZ5%XZ$z^Y`FEkI{A42 zgt9#4Ei{`F{KT8<3qDB;nb#0x@%iE>gmv2d_jXgA`aoZ^_si$YTx5f&K%h<37-+8} z?6&^H>k@cpxzanp@;-o2VcHu5#S_H2DoFHr8o2#Yubw%9UUDmHLFHv3b8}xq#A`E; z_iXsE?1xg?kv)T}%uGxSIIQl@pTsdCHrBCmP-wynw*wEydN)JJ{jU_m^JhOO@3(H< zdv()sF^)TQD}zjws&|Bt7P1Z|(9tS?7pdDVQn+k=-PVAs+H2|zcc^iU;@A}i`fH@( z!wVKo(^LN`c2ek>Wg&6h6C;shujK;K@m_y02>xHx*7o42pVam5%FcZ}LRh#c7A9e+ zKP1+17@L9L;NY(qp8xPfwPCDXZn5hX#xlr1a%G-f?dW_W*mB(<@$XuiETF{1;uwj^|9;~U7XbJ{sWYTXr}e2%%(j4)N`46Q zodux{cUb(lNlp#yuE3ZRwx@K8@BYQdB`YsJoP+>vP+*Szu?;RMHdZx~C}#u3Thfx7 z_2R>UvhnmJxqRohz7C3Q3x|6*<6P!~6U*!TjeMJDfN$2A?|Inw88DqY&yzix>Pr?D z9l+h7s}W#c!$5+^D~@90Y#`_L<1LTQ3Z`?8W6)D_FZ6U__N`?^&GVqoH+}f2AOE}6 z(EYi==1G*uF6Su#7I(|BGaA6+iB0`}6Z|4}<N* z_Bz_bRm*vQ*P)YY8<@bIjA3++xFg7Oe57uXi$MJg<>+6&S$^*Y^UY3u9vUgzTK4fY z{MDZ}_Bwy=3*zlaLd5D6X7njH5x|q?J6A1)2WZnS`9F0`Z3DqFL?=2#tpW7_2i=M; zN8D%_0O~*n8sUs;ita8uLev*x zA7>MMr9h9d_xtYNuYGMOM7{sHDERoNe}(ab>@YBkq%U_;bkFMtd<)TyKO~hs37RyP z69ASrj%<2*i)9VZPwS!a1UdRf1)%~n=V79rVIPYKyj?)tB4M+Jzy?V8e&hDRYwuLG z`+{WT?A^FoqJE2dv`-kgEmzv@TTuK$BB9z^DLDd&jxVSISV)8U*ASY1G_>_Wb4QE= z30#&<6JFJZB!M5;VRXfKXC!R(d?(fllVFRvFX#t+OtN478Czs}pDR1X*)M9rG46=l zzdFGscf{yDr>|^R>W9tCOlyf`sw4feHR^RVrN&E@-j6Dg+~paDUPI7iS_d5TRZ^OW zBh&~0HperdJ;MyTfCzNh7%WIg zCf@k@)G(QBDpsY%9uBQ54yuGiFi|i~JZWT18sSI43wpoKVlNRozdIyATrq;!b@y^M zq8ybzs-ARAYi7bhC6Cjz{Gf*P;Atlayf)Sz1tCy@rMTQhDlji1;V}y2`!gfgFU6$* z$%VekPx5n@PE9`NFxTAEDIGGp#&hYruQ3l&)NL>;2t(I)77wQ28zpnh-T-iLKQ#)Z zj+7k}kyB1W$Y(<&anOA3Y|h9Wr!@rsQhEX=!#=xEAC-$H!zKK47tdm)Wm0&~GTztv zS$6?dc{5jwtRDI0y?pBS@ST;GbFogH)(Ks{9$X_+B|jAmJXN8?JEVbLz#MM58BEl9b~_LX?vWBvBBLx{`4z2zMR5Q+CdTDX~T)^p-88qAsWFxUe)hmp?cc zyv`W9mWwM+v0F^xHNAQpmlx%nmq{&BgNIYXV?TVuGT9Yh4ljNLx%Qp=5+~=S%o1sN zJ2lw(@ht$YmE%Xj0cU~DQVCJIFo%S2c>_uXl-Ba**7KI4*Ge_J;?da-Pq9V z$N%;UCEh@!N=TuRxfI^=ySzmg;hC|Qua=ma_6-&7VBGv1VpBVGm`^K&Q*|uJFsIOq z-@3GJ|M0Qbm%9Xil%k){L(Vdm@#<19VJuE7tt+vV$v!B7@J8k|Qb5OVKx9w&fFH32wSBJpVvh`KXus{jdMgn zpL!1T4Zs;^X-BL=r+%wk;k{;kj^CAvKJj9%X)`WQB!k_<@NU@Ms2a)C z;vb8ErErOaD`-dkT07Coq$pP?;AUEPOkPoC)^fB4;&L8$t^*!Qq12V9!Yf^xDqRYW z>ku`gkOnNCdWQYj=i*{6%i&uosL3y_Ll?mvH1SHu-n zPj$X+ehnywY!TIJS@x+B(QFWPX}E_9uve~iY;8!~fG8d`D0QR%ojW#imK4$wNt%2y zxRTOR-rOSDrm}#h@1vl)>?Y?rM8k9&L>kJ-@cfr%JGktbLm7#Ata^c`xlXg$zSN3a ztKRQfvw+rBAuW(tVh5JoA@17pb{{KUR>MB`WJ$L5OHK`13n@`r@1KKlbxz`p_rP>Ao z41-qWHyETy&^XypxmG*<-Zy{fJfQmTBj3lslDGZeQbK5rf1 z>Qk?wuS`YMqN)s@A$pu&R+SW3jkO>4yr?TBpNzFX{?qi6f%50zIgk-*DNn&^QySAK zcIiFcaxJ{m6v1>ImhlF~v3@SMC&RA&9&1oa8c@W|i5@#p8kz2k?2`%X(kUzPMZR9> zY0alA5Zz0==*Ea~EBN#K#pi>juF;nkW-q=UFuI+0lb@Ci0mol~4u^1S?74w4xdPsW z+7t!Uo48ZZBe!9Ad5>83@ZD0N>tX*pK7D5!iF;`}{OL8K%i!yQBh#A_0J3X(>FWiC z*AeNBl%iJI@m3bH`d~-ZLl;J>d=>uiB_!=x>y=k^-Q&j^M-8Hdp!BYZDiroXjCdjLKb=T?`X5q*xy5_aQO(~ zI-rm@R3obIj=<}TD}9%qw`%{9M`WiLch{-8G18RY;_SBHE~Wo8C!Eq|2)z^I+7pn) z7mv!G8w6G#F;Gzx6RUqG%-7iO7{atrlbh#6-ryf+=W z+3R*Z8X-HT_Zg~#LI%=L$6Op}U##T_el4s0dakU*zVDqg37Qk^_b_14J7c^8k7&a( z9K);qKa7i~JUjk1bL-!{c6n1x_jv6xqPlx_rTp3YA-fqFlAr$SqTpMthm*>E;N*t4 z_J7~La2=6JllZ|ncA7pHh2;M;KIMkX$Mre>+KINK&0sU$Ia|DQ27q($aPOeOD>1yXzS|32_d@Ik&LqjV5BeZk=(pW!i|!R~lls6Hap2@W zFo6tK?^{g&yjWXbW704um_GLax72bjz)$Ofzy6mF6ap@5aD<|f*6@PRae%$Tvh#;% z5apxqabq!dhJ9jLEgkL~w4hgx=I^hx5nHXs4m-482Uj^iyf2$5-@GFhuz@CY5(u7WV zllh~qKhMDCYis3{1yXyd^{kRf_UW^HBq^BV$oL)(3r zJ$M8Axt{^oyZmp*ICgG5b{BoF`!O{h1OdE@bU;Er)E)(OfpB{`XWH)WDyK~DHP6kn zzB==dt3nO44rw!B1_oP?_jbSL?HlK-;rpKdtzA2w#c3YYj;?bYv2*F}^jbo=|2yFN zZ=wJGdY=%~8oxcj{9)$d&Rz`V0twprXJ>(FZ22>kcWomvbN8dpSgaOQ8t@L(oc~IG zFK@E7@cv%0&?*qU%C)ptft@L)tolx@w)NHh=A%A#rPgL5uIRQ0WRMoR_6_+DJS}1E zN9=!>5jxh-UOYPBd<3#y1NA-H?tQc!AhhGJi|oC1$od8Jdh)<*dONal=boX73waWY z*I~u>a>dkGOoLZ4c8kt+#vZIekZ5Ut`RRj;N7}l`iV1)o^Jy_nYJGXc;R%vIJ~|Ql z(ndK2-5$(M+xPl7?))7748ZW$vaQ_ZeFx%s(_|fF>X>;7t}`>}{lG7A`?%)_6nOr% zPj^S?{70x2B=8G;=Jb!itnGf!8B|Gm-9nCLnF!w>I1ZluQZ)1#5> zFOCixKW=$U>tEe7dUd3ahZf`J%@w~q@hGhzLCO#e&p)p*A25!aS5;^2yFU10jw}~A z{(chmgPnP$UFe4{D?IC%zW2hR8TMx+%TG2dh_&a>z^tDkw-3W;+UxP(K$d^ux4v?H zS$V+n`EksKwA{$b`RWG?cjUjr{+ENh>#5OJogqX(O!4H$e4*1Kt5c&X04YV8 zvq|O4ya`S{^?NfWVQ4cXzA*r06%D4PT3ACbbC^h3Vh~rT(iPH}6aeS)DRH9e%JrwU z&0^CG^%qbObqdg`9ih0R#Y`H}d<@*87DoS9@WZ zLQFUe9#F|BEq{Z8#p6dZgjFJr*9l(Zz(1BlV%B>u1fVXNak1avUxIett!DuUg1(oOI4WDaJ6i89TCdKgRXa4S{uya zJ=Py&$*_4DGyT*sJ@w$={R|`^CYR^edh*Sup+$x&mk7VZWpWv z0b)sb5cBvUd6*|&UYYR~4ojftI`d8(4_t#3cqa~Swk{f{HS*YT1>}gyt1V)a(qVtb zjg|w;=sWBf_cIa_^Qm7ojmVS%I$=#^o187O-w|dr)mF6b#4TArB|FAxlFg_-TO>_1 z_iU0;C;~9Ws6K8A&Xm^YHL&?ilskcWu#j8|7($`M_{hwlyvUFDxg%~n-0vCDV2f#?*dyXmGzEfe!^@=5u# z+N4HtG5A(tUI)EgF1#I_=BPUN(U;JzurF{QW6Q zi0ixPdIEHO&9fVY1)x*qV2lGm<@pGGptN6loTb5|!xSQh02Pq-1k8bZeS91wU3zv{6 z%=|O2Ew{cn>t@uV#l~zBYHg5VynM?wLwAcZotqt3+p^mncuDRSAqk{xeyhIF= z=;wD0_27D^pP~bpI#K)U$rN1JV9&Q~9orM-p6B zuBnzLI9{!r@*_wC#=DVd*(9S-+|>-#O|^ug_Jek<+oFZRU#jo_tG*Ddh+TVE*yFXshI*#wY0WH1|V&?x3i5E2bQ& zyV*dx%RF$?E7fu7u|PV>L5M6BM@;{$$X01RoO!>KHHDD~EnhS>!08R(3<=OBWj#(l zTd0VWm-weqOU}G(Vs$l9bkR1>2A>OiA5v!~Nd_^-OeYDTMdB zuoAV6zE^A+)M%Ud)lG?#)8Tl{fVkE*tVpreUy}yX86ovqQ}OZY5uPwUehOnST3zC7 z4KBR9#hMSui9;XUdt5;cGIshR}|#trf>%qO2J#j$2bd=h-?nW)*qdRxs4YNP*?pK(?&i7o<+k;*w6&6_u^@h(OC**yqt0#m@Wl)zhhc<+e{T`YMP{+ptv z*4@u^msI%tQp00h6o3Mdy5{Yi&?E_BDI5a&jCv_rKiY;)-*b*hr6N`rZXkAhy zb_`U-A`>HDcrlr6&}BKvU?^WR9F8`)8r&e_JUMC7@<2MZvw<`^BoNBOIpRVt2=Sth z@oMWa7`idd*g#6RXP=13@7m`o4Q)!^F6dcq*n)XdRP);X{9*n^;xW^$bcR~XoHzjg z5Y9?D&ACZ~;>ba@d#c>`g8X-x@QOnV#K734>-yEup+$5FO2?Wt zv6vv}-Vb1e&6X|=oaf&NId+cmdD>L`c_5Mk6VUEQ0#PzIqJBYGj%SO93$|!gn4dhB zu?VUNUv?3^l&=K^w-}m!-4O*V4&$uvPZaIGG1Mlq5ol-Uaap`gKFI$;KiCRI;9a|U zL#2uJmX#NxD>D13cDIz()^_SEuI@xbSuVN@wR%izpWqQ!=NZ2B*E@-)1Em5x6jQhF z4b$WB4=ycl@ZA6~W6j^YW_NX@^B4`@3rSVxsOWsz&^2O*jdv6-U>sJu&M}IQA4+m# zpek*oah$ZhFwzfDc(r}EN9$tggMxJQA|#_2$rf+Aeky+%)J72ce1XHO@jIi+Y#1Qv zX4#u7nZX8K>*oS@n#ATlYo>1a{Tl5JoIs2soC|jKH-#DP zq*Yx)r^c^KD`HYn^}4QY3;@b73+p2r^CdtPq&$uHMmA3I3l5@II!CE0MnIM z0~myva~yju&>*=7a9nLl4|PX_)oKYh(l7p(r?}k3CLc)?9MN*{Bhtf^vB9UAFjmbJJLF(>EG%BQnFF|p@ z+X4VICN7(LcLIj`Ym<9jJR7C;nDoQ&~ z@GqjoSd1PgaEvSaQ-6m8D;AqLs8eTaQ|DlQ-3BW4S#YO=Ho~;U{PmmhnCHW=*y*XE zw9d+D#5)-@4cJTu**~dsCpQ@F#$%B)gfSjkPg{Q_#^jp{z-4td6ay}+I09$aS zg`IGxKQU^ZU}?^7f_|&rogxv@AKI$&I^6c=_2EjSR%Z7&)LqN9URU$jykIEp@J}bU zkAu%MmEAO+9i7L40$zx@{DK{G1&X<9Q&BnoN(u$G5*(!R1Nb5crqjIh74Mv>&_&r- z?|Pw*I*2C#Iv0Buv*$LVMmFd9$iW+TfF=rB7eey~_^KA*m``P1g0@ zpzG%K7^K4x5ZhA=88)9p=+k46bes!f=K5he3-AiUd7zO%ErG)c=v$6t6SOwvw_jyz zTp0rLVHGpJmYX7NoNWk?M=PW#!2eWcr$uat1x+Wd`i7jw%cD?Yygjm2)r?)x1Orvp zfX)-3O5!XM6j0M|S*CFio1ay$%j4+KvR9x^RT2683`EJA*ig87+Tl!Uo2fvpX-Ty- zsJk|Z)=PWU#GLFQHoe`v*7%!86eAz^^UwA!>WdP5+%LNwPI-nsf zZ5B)%f2^^SE&jX^2eSSY|7c$Vivfu`xe~{q?Ku~$-b%6CnwBz(B-*>W2fH5HXW8QB zjY;oiSP>>DkT7y6lQRyl3S>jZQ|#k=y!b6u-HtJC+WJ`0_#|?I~!;IM7?)d_U<%|rsJ5bkiL}3wB2L zGCDVTV%z0Jni@3+KQ)4EJJX-Moe5f7Y9RdP_o6*|0JDhcmB zE8*h~4jwN=BhbXJS{eiT+sa|`X-zoULD>nU=0tGR(r%JK+;uK{H|OOb4ZRhSxMROq z;$m8A^S*e%04Wy7hl+dASEj5tVT(+ah}e+IG?Y;UVW%T2m{pe1Y6ONZ`vDx zC$!faDx?OB9+5jSlbBmch~1A5TG7W+fNH^`Qqw$@!EHS5y>k5oP7>jk0N|WvX8s6k zi2ne+h?58|lQES}@LhvB;HXAU6R3|+=aE6t278lWO%sYCVSkG~Id0y^q|#PDH~AFKZ9))zQZP-*rB4c4OuVrR^O@d>ZoFw+3&c_x4V(!7pjW=D zXgi3-3DZJ}i+0&*?GmWe_$>mz$A;}9)D)eVedJ|~1Gi83+2>v#(S;H}U7s7LWxlKk zq46GffscJmc&MefMnOFIz0aJ|kJa4z`Q$6e;FbIHWx;wwkmB zVOvyN!2Zpi(9gp#*e2GLU`+9iIZC|g2WzuD@K`*$(FF@UI|{?n1$G_Xkp6Nb`ygmH zF~})_v-ZOP%8sqjBI6fL?1t+uRxka-SIRS1xjbC_nBejdD&$GDyPqg@KS4r~1-J?o zS_|wQgL)WaM0FDGIP=#G7MYsH$&T{rwSk09!E);!OAh_BT=gruwuAX8jR!##XE68e zIH26{sEfGqNgN}&Djp7`2NOWdI}hF43a<@>LBVXn1Y?qZ%+tV5X1Z@`w>yPye;I*= zW9R}gUv8Y;>dZW`sRfz{S~ykG9u$ZfyzdY#yA6L*&TS*07lVl#etR?zSSXQbR#1kQ*6lv7ge-E#ezuhE0*6ZJ3K85R)lhd+Z|F4q!_$O&yXpe{5r6(1Vf z1q)sL{$(W5edkUfCMk*(`i1Mu)uNN2V1nY$lcU-f8W|OUaYZ3 z$5(rP8{Q@u@gyV&Bv_MVf_tFaub@-RpB+ao$G8v)vRRM1o_wz75)LLP%Pi?)vX`F* zapi}{Z;1U($x`n+HNPD z9S^Cbt0r{OGzk~`EALX$G4t)f2$)(eD14qrkH^}-hH&8wP|<#UgY)`rId<+dAY%hn z!t|T^1=?-qj;qt}YANGT-(d0k2_3xm5_$)gANh+)Gtc@fgqX~C$SkR{?pw(RaIA6{ zXPY+g5H3hk$I^zhIN-^-`enD$k?kYF+?j9;(4v`{f^Wi+B2= zSaRI5{)vk;^!s*1W)n2_2GlzHp7;&^a~6A3Y*AFS61e1}$2Sp3%_1R~YEC!J#~!Ik3l4R(|+j zxaJK&HkdX|)xbhCGGuS$Yi}ecNjtO$6hzGj@lTe&kNPTaKQ=Edq;2_dqd7T8+Bl6* zDQG`@#!x>aQ+aef-(Ofgmhb!e`p6`l+k2QzrtC=|hv@&J2Z^84xWwecyQYDrX>f%f zpuP7CW_g$542Z!S#58tB6xX@idJ6yyp?4Rxy#-iP-X1T#P)6KcY6SqruOxh0O1sf| zbJ3wm(j@buT6oLM!{(1@ZCf|9Gxv& zQl(LSRL}vJV)arh zcxD(mIKwsBjF`0M$Pl7gHqZzewseOZ8P&eFaFv(-2OW2UhBXh2NBi!uPmZ3k^R==U z$-E#5UPm`Ski3tv)zfMie^%SOyP1KPUK&i@>YfnG(mv&>g28jg&#DY0Ch)9x5)JQd z8OhDz1`!S}#6fu4T+6uyW~&(f$Z~akZbC(ycQ94DiT<63SW{Qgs!hgj=ji>86{*qt zf4_H{;$1apM}}fK(jo4;%>IDO#eC>Gb4Z_Fkvpp@!O=q?Do4*Vj#q8p%PrqYG_B6% z$HomPmA=~GqKzk1>}kk?Ii~3=k8AcNkpKH^W4=gn?H{DU2_98Scc6hV=8r((^m;ak zU*@G#5HAc}bacN*M2I#%4dujl);y&1^x8?+K+gdBX8cd9aWvm z->{V#8S>v*2uuCk*kj&bBy3~9H7$(S=6Gf=9I_AubNZ)T>gf`>F#VI>D|}jyK2CiG zGNi-9eC|}6_GfB%Q}Xo_d%a0}krGxOMQ*@l#w3tEa^N_)KrYlgJA5~S7v}Y}n{kx! zt}4IjPc#uSa-=LqSGgN)kKSn}6ibd>7W_sV{aTGTYP0B0vOj zhPx2h#N+y?@kHl~!q-b~Z;J4+e9o`^6O18Y5Zb6zJ>JL*9veNlx^40b8IHAO-PL31 zU4yFrK-r;27eN9GN}v`55LlJ$D-NWeuucjS=Na5_6Qj<2-50pPFCxmKF~GtMxvR;( zPCwPm7u+xal|z<>Faqgy#WTcEa1>)@bsSdJn--FvpL@yP9pc`=@wMfRic|k%Yk7(D zK=5py&7-b@=&!jc-SYX1NAKumCS~Lmr(F?x77ejQMe%XPRm> z9QIpCcHYWns*lD5fk4~UHDI<=Gj*SU2`-|m_Pvv+k;=-%)D_hJa!SUnEirZ9^R)1&_N(qqTujzz_lvF9>v{RDf3d3fFdh1)%B-KKSafk7yf<4w>OGKEgJq`HW zD2WgebJ1Jtt_&1EVE6bJW%#;obeY+(pNl4v zeT#BY4I_gQI!%(3f8epk)>6NAeJ`bbzJ6bTe;DvJR|ZlV_{%bQNwwZefh}~5Eda2r zJ~RcIDqrOk4O~_X7a8Co1*>n-6Bh3u0`jAC#UD`;Lm46bO?pY^At^Vrgl9&cW#s#Y z=q0agPCDh-x0_(*D6}r+Y!Qq!RPENMGD3N!zzQCcr>Pt-eP_fku@-2K$FS#rzu3oq z(FEi60`YiG^yU=Sk)--er)tPd#`pQC=*y%FKq!6n&s=XuA{&a3BEiH^nokskh)joAl-Xb&yn?5Y2?soA8Z&=rvAPq1sQg7JbGG1Yn~h&*Vm-_bGR@=%fD- zF>)uvuJnz7wp+rtfKYu0DjQpSHZ^9d`?DL){Y;tS!vb5eyx*TG4r->@rH#kd<(jT zddvxibs8=4dbyR){rSP>0!#8@y1BdeFRB#7P$WJ0vv7O_MY-)@G1O6FI!M{6s9GG_ z7C?n>h8{#_-fa_mrqrV(su$sZuY)J&jJq>`s({&|u^@WmQn}6#BIxdHq`-BK9KlomvfY%*7q&)5uAm1e?s=#=n8@FNq9a zF>N^EY}9%%=_-X=e9nE>L|Tug0GPS332?XneDV2uukddJL!OHHSRZzc(~s_k?~NZA z1K^l=&MqaE{#TWPFTLHH>x;9{mXNh z=!p*gBnQ@VZ4TbOz7j=gplorRT35+~MdJVA=&t{odjAHFZ-b3(3>ZB^7~Lsd(v37y z(p>@~EpBu(Qku~z-5{UQNJ$HbN(+bxh>FS0_x=aYPuF>z>w28){d&F*P?N>Sylyim zKbUTBTm7=?APZ%^fURl#r7aFhyA&$>K`0o~{_w3nhh{vDftih}K}8sOvmPD#!7|pq z8fWh@Zb+>_{SR+XU1$HdvuvnDw_)sq8yXX^k_gx?Lmg>8q8Y=j>O&^T4}f}eoG@HI z>Ua!AWM^LcBEQ9Um3_`Jt1d=}S%0nuETUk2g+UD1sb~Dp#7kF3fi$Gezbdh2h3DsAl*`h za3e@pHe1-i1K-Lnz#(9DI7!_;N;lX=3FwN3Huc$v;oEYs@vH zT+V;ezOcd~%~bBts63ocDR@{iun$ zKjRhDH5AxinICdznQ?gUnsV5YdE+bmx?<#$5)fHL?bQ>Hm3Y))56K{`X@M~)2bEh* zkmzcY#K-|pnB-l^(jr@457P+iW(XzccI>~wl(4xGY%|}ZQ+2+RA*Vh5BW&CAWfjbs{6NwEk*+0FiglD8K*AV<{rTPLFC`vxPa{G$$**DlF}a zN{g5}Wv?>%A0!7c-)1Y>x+P_?=e}kkk5=JpvFh6eSoK2HGkVbd!@vzdGN1(CqPHtpNkn1k0W9!j*WNrSG1jVSOpK&-&vbApLVuj zY4D5Ut+3lnzBOBC@5|%^IYYH%cyI1hJB>=B-=+-lF1)H!J6_Gq#Ud4ybz+|n`Y{!N zb%n8WZ*pjgtQMU;T^tV$nv*#r-t+53RXL}BXt6$qV&G!&P?Q`1E(0LO=e^U2&$olz zSBkw42O|7OKlZsUhB3dqVsxPS+q{11}?> z)2GR0gdrcpRToo475mBMrcRv@Lp1NEpyEBwpl9~;RMu?EN@?}=+73W`3x|Fsk0UY+ z8eRI%{YXa0LP>x+xOXvo9`oaBpa{^&`&pXZed1M$dfT-F;Uije(j`PI>T?RCjgwd5HovH;fO z>S4-Atj;U}QAeOtw!mx09^U~n1!;savVE@>VY-bw+`cuxUwm+D)A0+i*CzgTOvC8w z_*WT&$`Av}0OAcG;;MiT z^>GT>jn1bae;Lk8zZ&nN=midM2hP{0oc3?zwbe;$0U1wi$&eJ!OCFg0;aJUYuc0d8 zf6fAnR6)`MG;gs*1t5%b2U7){c?u-=dF0SQ6WWl2T47|$0h03)K(`h9x-Wb*Uq9&b zeNYD{U`_|i%k=DOB=o+L9 zHO*{&%RWnw&$$oeB}C;~E@0p}$}p5NY~hAL zK>+@ii~e;h;mSmd^n>sJ2J2mRPW`(=ef^?dESB#UZ=8)V5r~!+D8`9xn>J4PzDJzb zbg7%!GO@fzr(F6>&%&tbPgBp$S#+dI&saFvy)Pd_`qSkJnx29n@*~DjukWwt+(M)=NZ+PC7Nl>`n#b9C$uZ?uhq^iY$K94;(l@l`5#?8$YQ)@gXs871%8;38x zfSjTOonMJ{ajLi;Wfm(I_nvKrj#IvP@HKSQv93P~Ur=mI`W7fJLCV@Y{8i$Pfr6os z&xQe>zL(SH$e*O3O5CPMO`-}YSO22<$xnKmGHVqw73&Nq>r|NR6aLSZgg&>sN9 z9|A?Ih7G~JheKG53IfsZmH3aY&-v~QRe!-QYvDZ60LjVn(0#>+rA&Tx$u^rQl_-_j z9Y4b8SpAbW0%A@<2=YF3xMhI%tF~gD<>{2)ufBUN~ko`b-JMAa}sb&~$Nj_D5oy)ZauKh*hA!QJ!*OU4TzzaG@t#i$3#BaQT_ zQBSFnn!PCzZMzSp6<^NiM!S~+{brhsYeG4mohcxCB-6WI-V^s;o4_@7_!a*pMEqqF z6MB1hca5iC>80tI?*gdhKJz0E)nFpd6~cj~x~!+r#N!NJ&!@5s8jAe zwLSV_5(NVN$}qjlaAltfM=yZ9iCC~j_K+wRh$W(+Q9!qjMUz=iNkm?NCS&QSv1Y_s zY@>;k1~P6QRJ+MUAP${8&TRk~4vn=8#-3-9>!|`gmS~jORJhra1q&kFzuZv>zlxqt zkv6nj3j4Y%so0R?xmAr}k2obJrE|y(AEUj)cA?~IXkl9v`=uXZo;Kg=tTdIs2VL?Pm^zjbnSlKJnf`vI`uB(s^wk**2=4$8q~D58b? zJpkBmUS5WIcbi&Wm_tq*GDQBYC*v0XmdYVjYM6zLc=H;>7hkl^!zo9)>f~xmf-g54 zhaoVgi(+z$I|6kkOo9OoAx50F1-|`ZH5s&s06_qApe1;kk-@5(hIwE^ztdMq-olDy z&iF!$eXanKd+6b<#;Z7a&u3A_I0?Ux)zEP0o|aO!#T z6iu!{s;B&oW%I*E0zRc1ZWe*vRtK>q-r}(o^k_cUcINo;wvAD;x$idOI>*S1>Vw zPv-z@dT*HP&_&X%#}RbE=weZ$p34Ga5NAQrukU%7?^e-F4I5h^`?Y&5%+1QodmsME z<iNvz+TKa{nF>Y$=E@7%2_U+%p~wOaw@bP>wa?#slp8-1}=MZ9J1?!g{c zaU{|0kVBB?>e;vqfV4kAZ_RyN-xBEmnraKw=OH_is?YCB=}fHipskOXD~*11+UShP z0P(~FyT4FlCqdipm&|LtN&~NXFP>M(#?8F1Y%I&kknWy{rC`NS8W4;iGoq?A1nYMm zmld5A!wbx{0SWTTrla?x#B(YJ>G*0hi3B5oi7I9X$a*C9fyEf9GCq-B352!YG)ca{ z!UX`d_6!}2!S^f;WI)fKdk+RhiI;1Qxmf3#q?uw?QY#%Qvcy`>MFhl$Q>2m_?!UxL z6%}31+z@}EHb`FNQfI!LmFg*=f2}Zz=&yL?tVBq#S79%E2OyKxHeK~cf6h{6Ji>V$ z>BL62TfP~2C&4{RDqx1LpeD0H(BT)82<_}N7uwp&)>J%Mu~pn%P9O*5Y^^IL(;FFY z>De7N(#&yQ6Cm=q(}_Q&ZQQv;a`l12s@UIxh9{+-@y0x%yzyO`7|u=I@x&!rpF?oe zx-w65=dXN#LOCUmpoR>zpff6XBFj^V#OCcLY3%MfLrJkWxu7Fx5MD5QKh)solx*|aDaxiM%m{4$VrETJ<*5vP!%eDQ%r`fM%+PmI+cdfKzbt?bqhM2Z& zORG70lE}#&&@{LNcX&o>$@^(K1VYmV?_JbPEMU&wx#E7y>@WMi)~fO=6{m-DEC9>ByLlp(-DSR0Ztr>lcy~o0MDYH%h>^d zpwO+otUv4AALn8tE5yIS1IxGI(=Y5N>c8Wib zD;%PIDu`Hqe5I*6S{xQBJ2TUbJGrCLxqmYRFI3e*#|1@L1ou;i@Bm_=?ieENtz^q# z_PjF3bzf9-*TUkK1H9T*pJj*=`~%-2G=-f#us+xev| zFAq(wfCzSG0BQ;Sl}T|lD=U((=eG`H@kiT_rJO&!@P`Y6h>|0X3>9KRg69dqaTy)Q zs#i?@?Q4Gq{W)nUp+3s%TYJ!B@wUBT4fVGY)TScjYQLZHx>C^Gp)E$YbNsyuX^>(0 zAP{;}S(o2Jpv`3`kw6ZjuW|AAJL%#ZXT~zk#_7-D^A{OBROkJRUnk{0Gb|tNP;ewS zSFkz&4G0(Z0=wAzlfGB69)wz;@<*c|LQ48r`c5{cigG|LIZ*HOH-0@y?fXIVsvC9? zp_6os8w-vtQDZ|HP ziF;#yIKdig+ggOC6kqEHxEnUCes|~(T4Vq3; zpVmQs(Ic0fnFdvLPoI)s>>4exJD(AWUgJdWPZa(+%D73aM>1e3G>?#;6%fBkRQ#cJ zaY}C}E`O~7pEYhV_SxEU?q#ndqixJz<;B0rfqSw@Jr7M zAS?xM8=D0yYK0L#PKYb>MVvwy0RT-9aj7_6%;|FvV`h`D{B2Y~(go`k0TMoA&|lDS zZ@tpel<|DK@n$qA#BC$0Q(G!Q@yYx@8G7N zVuqv=)b~Oah{EU$5Um(*mQnGIG+qt@FAs=Ty5epGLZU2PB1Vv32umNTBH6e^_wX@e z>M*LJaU&ik7$X(~nZ$~Y34Yd+zDRK1<^`!_1&z(7$&s!nW`ng{!5j$fe|}sgrkVcA zWN0jr6VyK4Y7ZON%r-}w7$oRW%D=t*^jn~ zBwvV2j*2qDMYn5!^aJH2^zlN+6>Jp3`@%fZPpJ6>559}??rUHb{WwDUvYzsD$Ul_8(COwy+3H3!-TDyTl zh2o^Q*26Xcv5C^#j}9i(CgWJ`luqpo33_iT;!nV+qupxlEV3DKa!H(twX4dm*1DXY zvQC$|IJ8D?j6Nyp6vN|H$`-5yFd*6{@*tEdOZ@(~T+QjN)jix-IDYrLIP;~M?h+mn z6{F{bFmhjEnXEC`bphT4UL^(RRMFA$$DAggno6>DN%D1>yoh7!?J!qEg6vOJD}43@ z-E|L)gsLg)Pl-^J>14EZ<~>u@4bu(ZvqZ|qaKQ%_TszP)46X3!W>Yo^g|lUmh9tLu z;cqm!QyuAaYFO6A@__=>IVz{XPSlHGRV1?kD%#*L>8_(y&*HwXhS10EpiTIE-;rDvm6?c z794J0tB)P(QJH_#6TmuOpQ%9>_VGU-^g{vOBX zRHtd)z`1DmySe6LS?<)c*Y9`9rJs}B$^JcbI)~q92n3MK2P^^HQ2=KYGuk) z^@j8&E$Ev**(%P=pX7m6sfM+tD+d?O6_RY0_L^5Jg-bK*ls6=>B{Tljtne%0`(a2+ z22-ks{^HuoQn8q4-^k=B=%~aww8)naU4ASiS5sDxfrG}eLct+nJx4NRK&fDP41s6} z;|EXiV2_bP)tPI9aK@jN>( zZ%pXIXi~$|iL!;s;tr@5+cQU=! zLIMM~{1Yg*Fl5~r$gET5&8;$J`gG;*gEJ9ae!9HptDDv(K&iK6DP(Z$mG zoO=e7+W;)d(qkb=&qe}<%sPyI#eq^CnAd|PMAl|g80enjA=h{xrrzgI8ECKt%bRr2 zD>TGtn|zG43b1X@h%eANq5Wj3#0MZT0y5xKGPr0Fr|8-=;AC$n- z_M3-|YFxKxu{ufA@-LTpGEa3_=Zo_wDd-bPXk${o6j)aPsjjo{*`TN_L`ZUSDUi37 zxoujMBYh~IQXMN!lYF;3l$MbV%oz?L##RVyR=lOClobkniD5*d$#0tRNfUYnOv>p7 zg<<6zTAu(UqQlh>mg#K1o&aS3*1eG|ccU(kzvue>E#~~~>@bQ3x3I;g?`j#(*1_{% z%Z3z>DeS0Q>SuK!mMIlW>$Ot~5+?Ebl|k0p{iU8_+QD5j5fX}NdaOdG+G+5Jrx{O7 z^$U&kz&j1NGz)~MekqLRz>|zswhRCYW_VgZ#kU@>w^BqDe(PF~DP^ND9Ft!vT z$8>+VNzH6zaZ~)3%rya!092ZfF}YGd+^qX!5ekPbQt<(=&e=&p7eL{ z;7#{nV~FkBfU;!~H>(qQS|OXr`Jrc9cT3$EErCPKS&#WHrZRG^&yHyeBk2R#=sQ)I zPpN@FWtf5{Av_%69@|88^%N@(bg>bXwtcw_!y`HvNVj^d%;2b)MZYted;zmOH9Gb# zv;g+I%D^J_btCx{fQ{iT-Cv=X0g>NqJ0^cDqh^0=&!pXJJNN)8840&t;`nP#^%9Vx z;2DBU;#%ygEuUpzV+wYp_uHWxa&*ltcl{50J0(GB^f^}pOESF;JHf{?VoBH|De15z zr+8iVP2@h~#8md&gKFzqIVxavPItg6Q*e| zcP1BLw;WeVoPGAo2iI{n`8644I$)9%0|~Lt$Ar*UhW=sH>>t`dhZUW_bf=~a){G1d zDhy-5;TQb|48U-g639B5gwc`m>^Q{}fFux*ZrdUP;Sc~YxR$sHSA};(Z&oT)5H~_N_kSmT|Ki9*nVQD4xKhMY zB*g|T%3(h5%dnIy%4DkVRtz38|N8r(v79kTWi=(oKt)1bOXZE&AY^tM|LrOzrVWdYsyMaRk`Jp)cv(+=rIEPf_z}^i}`HX>TrU6%q14brhnefd2gP$z=vIoaJNv zS;iBV)%Fc-&!~^%cRqGm6_G{`cCfuA6J<=rGUY^xWO~1#K&>*qTp}}C2^m&;qQda& z-AN;m0c5vo_+Ks)3)P_Ao7^r)1p&N{hXnr=dG;UIfI8S|_=jZF+06P`_RZMM_{LY; z*cV6pwCIc$DxiVT1g-t0@B3dcqqjf?ozcG^Xv)4d->d1_xcAo_n(Hc3&bf#!-R{}E z`cGv#0efO|^Q}c(G7R`B1WO5UqTw{Iq;x+=Yk! zIabGDJ)W3HSH~?JYfZ)A#B0 z@g4}D>-MG>3D8e4myZn1mvNnr=UWEfeJycJd1;xh#*lZtP<1u;MitH} z1ZIJdz~ghpmdwj@E{67gF|4_Bquuc^G0Ruz~EDO++e)k51+r z#3vL>iQU&&lQ}Grw6J{b+f{5~FUyrKv-T?Sj##nut6FKtJni42Ke(-Z1yKle`5z^0_lvc=_1c0rS0~pGS;kkiDrPT%v zE1yI6a4K24)%9_ABK?~*qZw%(uT8A-bB7(Gt3}IgQ`?^QC0E+z=ct(YO3MPE6V%w^ zg#@Ojf=+sTFR$7SX2n95_4u5(jkJ2oKKJ>({#dbpm+kmaQ>#Mp>G0727dJryCF3w+ zmNK}XrODu5B{q?A#8vA>Q1kklh9i2HICMBQh?7?OL} z$`Ep!?Q>$(j3ANb4W$;&aoW^X)^$}vvGA$CwTjpB_u-43W+_u7heGT5%Lg0??&;+@ zZ^kYwIEBF+}X@T31n`)ALVh-wESGGaER>2ENpXN76;E?Gl`C<9}i$7K{LPXFD- z0Tll+kw}+{kpnbmF(eXpfIH4yHs<=tus;t0Ortc=Qn=%kGK4=%ORV3sRd110-(jUS zMN_|po=3g>22TIxC36!xQfzA(;cTk5v2`vbJNAk^EIOX$pFi$e0CY0}dd@lRfsL0% zJ4J?|ej$=kft6sPeL92<<(_Cy_&)99IE@ZABb5CZx;ZCP?8U|;W&hN;kewLZ#*8#> zMR#j=gpz#xr4KD1U~K;cnkApdnGrtd$ok}3>-MyRi@kCL#U}E#BkMCMQw+xylJdRT z%mutdyF#p6Q3Y&>2so9McaYL$9= z(w_EXDehvRqA`5>q?FlG6AIjqvR-8aMLP=cdH^s&N4}A_E%P#Y zzA49~Z|VP&Y_^Qf;CLLNLd-JZbhQZPPoac|&pXl2n2Q?2MjWiTEy_MLf_gYr-<`Nw zj*`D*4(XWQproK0yY8^3O~%>%SZH7@cVT}z33mQ@X3@QRw3}wGKhMj(FqZ)2au&7d zu^JqqgEzaz;Cw8t*qb97Z&BKL0)SV`sy%yE6qF9b%m4|a?+-2$v=B~g3papS(F*ed zvLlP@8p-0Epf+!F>v7zK`FJ0h=kuIlb_IFW*Gg4B(+&)6kNIFYKfoFrDU;?@mj zrLcrIA+GM${Y&|7j6^5?i|evAVn{R1;wRqrnG;%b-iN_H&c7FN-5b?c8*LnAwFt*` zy57+{;1UnM6=l+2t~l)&+F0BXTtu#1SzfCD7s^w|ka4E$x8L)Qt%_(Kr#X z*|kikwYnQ0cA_N?Lq{GqlWWXq>4c6n5~4lt#*6l=mX4WbCM#nf*W6HkkeQHu{~^6B zyg0F3>iOxOvtR%p*8WZ0G*RQe)exd@_61lVC;1EhDB{D2Pf*)3{dpNhafKR>oN=n( zF){ibc5U9NukGr}S^eQjyo!L%LGZW67TP^)dm&je`?A}#z}Grr`StOOibn|P))_^w z9}X;LJt^#9jnHbzLF6~l(lS@-{) zOiorwVpM+m8NMu5SsIrPZ0mV&>h#s|?(f6Td!_`CdEKg<;62!`A-IeHmo=3*4I64E z+Isj{LH2_hDdES^SEX}~W+HM+K%{)0%33_vSO~>L0%py@)Pm~fsf9ZkNj{u`K5Xf^ zjvyELvo7frBSDsqr_Y{{cKCzlmreaz-IER+^4n~Wq|KgU?$Ue@|3dO?pZ!^Q>ThFN;k-u2J3dLQ4|sB0)9`X7qnwH~%*UWe5DSw5;_((m z`zFu8deAjA(FMF`8!JE(%>&@sbB`u=L^47>h|3}FyU`TD2ssjSF-zW1_n2^LPr2S_ z9Gbv;9`{tyu{9Dl!^)&a&tr|&G4ons+;JGA5JV<4DKivd`O(7d3D>s((qF^yZUQvY z)C>Z&6!-}7b0Dehwf(1V26H62wMH3H$teUP7lNhy-J1k@sR#)V-mtm^VrAo}(A58r zPT4%pR;j!Ss>jDp(1*?SMnb0$i&F?3DlHTGl=lhBKStp}bl~(kSqmBtpMdr$GjtPJ z2Sk&rJ(8;y9Mm=7!4C2M>^$HLxEm7cfD{gtNoaczLMr*}cqC?&gb`b;qZ@Sg`xlZV)%m0i@_hG`EK@EDWCo0-8I zHcx`B_eU@=q`e{_Ug2{WQCRvhl$6Dd82YDf7n1xP049q}Z^Fk5Bp_R5;6fX$H6A3R zw5T3`&^-s}`>gCgp<2Pb5?AgCM0`1FNuH{Ba6W;(3rwo4>D#JI`a?8#G9iF+Dm6!o z6eXQ&?wM;{fEYrPl*y)bV)BJFOgq1ET{|M?kmQYc$aY z&J%I`{9xB3lmsLO&H1U7ALWsgtP|OZv!{JrK#`Bhf#p7M*O~vBxCkwL@Ux)o7*R+- zR4~9YmBk(eid9{46j4=YHfFVB)KK!#GFLK0_jC2ttg3IR_lUcriR@QQ-sPKS!xK50jB z_|8#qB9|GDPMM;lp|Me=79K=S$@Xi#OmR9J5KgUnQmcrK=yS)Pj}q%NRIT~zOt+Hm zBH{7ZiIlRLR94mFJZVI+`AHnDFvRV2YVr&|TZt?g*wT^bIb>GX(= zy?@8L@E&uGBVmTP%9iBXHaQ<9FQ!g-i)wfyI2_kbkZ9j-7x~n#Zwl50x*S*el>@?4 z$`R>&aSNz4U=e(YHxuRAI)rI0yshVoR#d6$R+@8eI>2w`<3t8<)0J)ufk;pq-nEic z5qd+)G(gNk+HTNQ8Lrzd=Ge|7P?b;3JO}9zDS`zE^gJ%Yg<6OKgWZ?w;n4ip3Ei}N zZ+jR#Tg#3MY#TcBaRNWYIT*oR(?l-Y3#PYP;-yEHI&J)iZLU_MW>)!bSMTnytIGcJ z?q`MVU|A>I84)5=YEQ+;A8d&qJFJq`lOmc6#wNTN64}e{y zZ|h~u5yqmVoQV#9JE8T~2*KNDVwzj}D?fR;ev#{s(pA!IdnVl29~c2~H_Ay&aaVx^ zQ`*>!0Lr_I2KojDUM&nrKM|{Rg(c&mdCG&v0$ucXo2Lf`#}4AQ3;T-XyQu?iUhZe7 zbOCX1_4<3^q5h5idjiDV{!Y^l(npPApKK86Rs$20#9vYd1_Vg-39!i&u_?B}O}z0a z!1lYW;f#Fr!|Opi)!QvKQE>#}F}+V2X+NV$%({RurlFk@(IF&Yx2G{=ac<6d*D!*X z7qypfcHCjXkW^Gq0wryA!Hm$~MKEg64H~h!g%l}00fk$bwTO}$6F@q+QTbFt#PR4e zs{Sa>vAq%MYCY`_zuP&w``sNt$)YGFI)-h3cWu7$&jPIvY|{)2%B`&H8jNbb&5SJ3 z7;cA5RC-MC0Q6pylHX#Mj}VhCpZfmx)+%qYDF#fc%~E6e>+(XX-*E)3PieMm!~kKxQGh%1WcwLGaV9!!dUSgAi9 zIGBAebvmJadOvGY&N2v1*8}+x!W9p$^Pl=C&~?@57cZ0B(Aq<2DjrVF+&D(OAb?tN zrp5r5eo@INtR|~WvP*BE+j=tCcur;;NNe;`ey}p~n5WjZz25fO4zsYj{``Br8Ns(9 z&)kjmi+e*Y5GF5ffBc{AIOcgOizgNYI zc%qsD-_w0PtpECI7G{DW(nU8X%eJ{Qa`SpFWD2-c*G=g96MwE){K)QecjeKf8?THJ z1e-SbB63wZcC5rT$Q+ORC*K_O_x|^KF|AMx^17p;HQ({hvbX^$x&ff)U*<^W(m^2d z5)}+dOLs*?FGPZjaVsm0>wDsCAuhuI;um{ft{1MZt0mlPZ+Zrq1i%TPoOi>;C$HI| z3;HE z-3Qp}Pv57!v{K)+8t92|I4ANfS5ckdReI+)f_nECk>Z`jJ7clA!$ z?cFP;+O>z<(d})}v%PIH(pza0ZX{Cn^c_{ygnQ~vc0`#{I$Y3y&K^IyIXf!b)BJgw zuwA^%|Nddx+%xt$iKZF$V*c7!OuSSAwYQ!tAbrz*X0EBX%)NL;5S_nUjgR#VQ%W)=?aq|F~R z-8(JLfko}@^&fi=9q0c2FO2-XiMLM1_D+@GvHuwe7lB+ng$leg&~F8{+&_vdZEmIi z&>i)uzwPML2nomT(Xe8WxiUl~&h(4RJJ04rW8CRB8CiJg_8#MAR~PX;BN1KEFX7EQ zx6M+OmlNIQYijR>w^`0)rO$#=r$5d+5&@op`|q8zzylfKu})tmhYsaRz6ADvTziqv zBhsdaA+p93t8`xwx9s3-k~i#ZI#YoYlXt%<%vq z`YNX2-jweZo@K|s`LJN<*j2c#Sn1=f!Ec48~mK?{_gw5ihg{&jN&BE_e+7@Mh5=R%HNGi`(N6O-*nOE zfsC~sYo@{r!-D9|**VxF(Sx3QpY}!{XJx1zzW=TAm5E@eO+z5zME_M9`nZ6(%uoMw zXYkL}>5oFY!wg&}pd3!uOfNms4=)TT=@Zr zbcxy^tTSpnE`@giLVg=C6GS zdZJAuG=Yl^CIU8oueCrQ=QZS|smPf#{l5M!ET-nUBL!uR7dE*F%1(Qz8m}Ph?soR> z;r7>!#^tg67Cpl8XzAi?Chv-hf41o)y<8O;uS6z^hC1tW3|=N9t2|zm9$#ad{RWNddoX~s{6-PX&Fsl_5`Ru2Ml>JK8xv0;)oGekw7nk`k@TXfI{o9#^XRME@QG3z_#8cV5-cH|_HoSi?&v(c6M znM3WSBJXR(HtluR=8+@)z~UiBJBigF9g{s27-5y9RfQ}(hnvaxC)~l`Dzp;#^zdm< z=fd8TS1t4nfoU`HB4(1hViS3<_4r&FCA2X^o}f6@gM-M-%gC4-Y6+=65q#@mZfmnE{ zO7=+I9^rU2wDMBOqAmK}Q~#qp=BPMLzxrH1Kv1l65+{Hn6o87VR%fpwWE$j*FtMY@ zkBwTR&6b?FMbrS~!ELv-sludK0EyKXr>NzRiJ$xK^sKC5JNnY_J)cw3HKNiL*M#_7u_GVo>~m2Yu5SDvrwwY=PK-H$~OQ-aIGs zl2s&i7=rUibk}u^bbisuV?=G;n}Kzj1o-N+m1UQ(HsMBrA`ms_@q#4;ab* zHSz@Ej*O1fBoVT}f%}Bq7u&)Xt!(%& z$ObsKHjqTZ!^CljAn!3PRA^9DLp|NXdud$6WcJ34e#_WGU71uxV(Bi|4gt<`4RA+vtUlEI z+Bg$23ZZiVq;$KGFSaj$m-{W&s6f?^zB$>BUYiKyI5NKJ)vVu|dZ4{>Q$g3LUCWEQ z(3LD^hu0cqGC3cy2lK7ROk_9KZCx_aDi9%Tt$`39MoyXnT}H zpIFwrsVyfhlMcFOI2*%_+P z*1DQWT(xP1aq;ceRE_k25(TkZ6NMVu9vSB9@M-}qN9QNu>616*F|lI00X45Jfn~~O1w>ozdSK3BJ#ob4O=PFbz%&r=0?huL4VXDH-se@w&BJFcgu(Zyh zzWcA);_ur&DcdpTTdOq{1gY+T!IOCnj-apmSf(){Kg<8loKSgI{msW6zjh?zmM=USo2^CBm-LAi@$J|>j_7T&2%mne;R;4(GsTckBXMD1m z*D912zt~)?u1S!&9ygq_7P_V$AO33g8J3dy=D{(beVQA!;fPHC4{LvVw%jBgM#;QO zvm@$#FWFRl=Q2;J`~b9gAUWOo>K9=V#8lKug4iZ?R4wzt4WxHQqb}YTS4b<>5;q&s z_VHggRo?MqqSv1tNbV{~20t^4K2QDz=I78e*0RJu7~TX$M)WP2_JrSBf&ijk`8hsr zp7jax@2xX`4o7`s19KVosax+%g*9bT<@wVyE9}U|77bH_GNT=(+rVm=aIQ*sm147p z=N2Rc0OEt)7%LkI*gbMDpzQusZOiAYx4J=HS-HLR{|%Q)_iL4&6D@u6B@sb^UYXy7 zi2e8e7lR^TMg`hz-ZawltE+F;%8_(ObLeRb*^u+iH|;;WkN!23@f5>LF)@rQ+av;^ zs+ARfcF4D5-`>y<=E@HuD;hP=hqitX8RNuIUa=*Qn~1WR<~U;B8Dsv${I_2O)L=_> zNudK=5zYVrYG?SSbMkWmWecQyYe$^%x~%0McFLO&z$7g%+79K6VZXi|3C1nW`E$QfY?NTbM801K$~X0tdKkcd1pW)H1Gz z$8mBS-F$qXxL0b z{hxe`dZdO1Cx!$!ZWTFJW7I(vDJwvTHnMy!P+ZxWB6H8S;s4mW>!>E*KW^Y_UC8#P8F(&Ffbi4r0)Qd&?@q$E^YQ4ukD_Iv(&&Uwz+U;Ar2 zyYI8>zOMJ@{qpf3a7TlB_>HdVrlptg1;(4Why%bmW5M~Otnnl_RiLsh2sL*hEm2fM zio!oxBdiJH(=_(CdmiOE`n)^u&aLr^pr)AS=d8UZuyMlGw;*My#LQJwb>f55;o{lQ z{9Bge`!@#FcbB=819Y_(~(FTkumQM;ZXS2Tel<1fr{3uqGHki^6})t)@n2^NQm z%0p&I&Xq!ctuH)Adr}kW5r{jglMR0uGD+jXWqqol=E9C+EQt(|v&)SfQ{=gNuoNK8 zbFznhIBzkqL`R`fFWy`LH$;XB<& z7)`cP!zP8rN3NtHMyf64l`OJ%E3?Up)A5$OkJ2U~R$;jeFHwdwy5eI-;vPzJiM>-$%IQi?TF%XyN9}I zliyNTgfDFyBp5`{FZ77VY2L(jw7na^F@nyv@Uo?9G0W_*;$CPflX%eF zh$dD9R&vqQUg;Z+Aer{|s>lY2Fx zSzhl-KAj+3yvm`v7GZ>^n<;x7`r?xoty_G9m3Yo_S;#0v!Ltmzw+T%8^y7G&ee3TB z243~y=S8ey0hWB4ftU0X;a8EGss9&w1?ei)6u?WbU+}rTCAz^Iq~usH3c8sD0l`Fk z0U&Nh3;-7|RU7Rfpfp_pV#Xpy-evgy;ojh;|5#rIge#EIHZ~l@v82cmq)*^V0v8{f zRG6!e0CSSmH6pVrwvyx;pp`2eG|lS8>o=!a^&bGH2`12eDk2l6rapK1=Bu7!$`bu7D^hg9M0RIz@PciCTVq*BoJspy0-*+qZ*WYSop% zUq2O$RFBUUeMrB097s-7r^>)m)X&kWl~2ZYMnI;vUq-pYrt8PrLQd!~5i-d7y+^ts zcjO*S?-vO^t_(;ufe7)$063nrC^jplAY%@eU$8t z_Q`$IK!&q|x#qsPkW?5OYfw|f2~1&Wq`St2D+ zu)=_Wp39cnTWT#;2mD!EcH{AneT%v$rj$E79a0=&6fkntv!NeFl4ph&*glFPp2Ok zeQF7#x9+8ZnS?m(lIW}tW`68B{C?n(1j1R6n8k^VQN9M$_Rl&kteh60$PbY zTC+MX;kqld4GCL;pnU8I&#hs7(5u*O4`4s+!%EkFQ`}QD#41VnAD>_natI`H^2sZG zn$LQNqjsNJ7a|Oo`EWcceD&w>B-jdF$cP(W9YGUN=;ybfQovg>RO*2fOO*Y$(!wz= zyrL>TUT_@qbDEnV8$D;W8@aGpzfpV9ax-ae&+8X@V-OibNfy~R;6ARy|9hJwDlY?M z9-%0)I~wP!hkfR^%*6}xNNiQ z0C3O-tKn^JsDcRM22q^jB6`By`AeRQTosoEy@`?nH8BWrP3jrNgnpcI2Wwd)@Yv`| zytIhrwPQ4GO-W^Vfy}T)jS!d)59NEzzkm0c;T>XZ~C- zG)$EHZSyM+4J6yqcxs&&dgUx8cu@Wd>_iS)|VuPif z3m!PPkgL&wgWhhOh6Y^+YG0G#YdcPEesG+`h~CyO)i$SJ#b>VNhsa#JZfyX9b%gWWF@M9jfp0To+Ba;9hHCufND35}^I0icYB;ZK zZ_He*{{o<{tp7UgqB6B&Q!Q4v_HoO( z+e+!bADvt0TpNt6(T0rG$O%(E&0Yp|1FroX=+XWyk+_6K1?*=KI#)pm%{=BEPMNNGDKo5{Cy(VAR4fu8az=F{W5A7YKGZ#tByb_8xa%5xC z_KxIQMy}f$Y$V@YZ*u&MLF%MOESLu+py%P_jGrAR8-KiJ6#5iYyx2^NY&rNF zp_O};K9K_@n#|;i295WlQE~}*ynk%7^2U?kAHRlnEH_`7^hbW)&DaQ!`#rw5*4ZiB zy8~;Eee^U+&7>ym!|i7)Yf5Cb7AAQw@4(vwr~f{!44~^SdREM?{_7mG$~0lTy3{97!1*`Z!+AZAD zeiOCZRLS}`Vg^<^4ZhL|8S+?01jKHtD;n@Oqi^ww#{-dcqA2y&FSUNF3qm)PAKvkZ zNKvKsr;L5KaGCwyav29yx)RLbp@;L-;G-X#mLAc`!LT^n?_8$Sp5IYOBx`trSXn~4 zZf2yybo%yevtysu{d>$Vly|3~hZ2PZXuV&E5$=w)pn5waV>8u;JTeaX7U_C(MW{xDNJW-R3UacKolfMM4v;D^FaSD(apxTL_{;q zex2^G`|z-DFgL-yN4xJ-_g$Yx%zxoO3~r9t-MOGQd+2!jqNh0^6Ou(#$42xEwkHepXQE}brVqD<9 z_tEC{@!3V8z#Lzu?gTg);4A`0Q5YHk$u#+OrYn?(NGt__BcI=8Ljob!pqWK?X~rx+ z1sI{2^^k`|CWZynr#$W=9R|hj?`E~sJE)&wkTAm^ue_U5(#NXOd(X1R)#woU33#cD zX_t(#q9hiaJwJ|dDF_@v^JS?FuERwRhm-$ngjUslE~ zYv+ss(v`Jelm&*}Q!xuxkGXenUZlSj<^QzK_+w(+YCMgWHNZg40GZCXOlLAc9hoBTTA)bI zi+2O4UDlGY=awA=YYlxXqO_ae zn#;d>C)ai&)GjR-EK)G_1Iquu005lE{u*FFiaGE`B!d|;laH8VXj&jirgsHoh6F<; zHwyeDAiZfN-DHNy3E)S~tX_esd6i+V*t~1*+wcz4+Av-BpA})uG1=Y z&AI=UKJV;ltU3k^Br%qf8K}~Q!!cR1(sW~KSxho6IB6Fc(0D%P9gP|mJsSSPd|CCuW{dy1?h0clqy-K z{)M``v6r)ADm_l<{=@J?ztDN+)W@0vvg;B)1SipJHsq1YebaDm6repR(*O=GBbPj( zf@s!k0S>xE54LHfF90A~sSKb}ILVblDuU2Af+M7vXyPoiwCSmK)}UD#8(-OwcC(sE z?G2ea0i8OoxkoR|%|daO5qvGNB%y_0b)xOwiIdRf5+N~?(DFWHBQ|>Le7U|&3u)7k zvn!Lqv{bAqlM#gh^DE{>VM~J3pr<`gEPq!Q96veNE;$LNkm~a+DGXgDd6si<$50C6 zGKEc?j`n3gxp(5#))8SLT5pYw?C_oDzVn1(S@%(g4)ce9{k`)!XdbPkXg({8oV zk^ryI5pxo)6jEqvSzCsvdOSW-Z$*e8AEZ6z-YdRm4%8(j>B~NGGzET1qiMHKEEqeg z84;BI^^V)cF2PO&x>=K*q&g zMnZchJbFhDpxzjyC%I^E{((K}F}|tgKM_6e4ZtN+g>tuy-1CrDV^`>VkAA0|r>6Ds zJ30+cSXh0-lgcSj_3tNgifxqi9@s$=NebF^Kxx4aJo2D;PEjz=YN;hnK~3O47WiJ- z-T@Cwnm4N!U>V-jJ2lnIv)ViRyB93l?XKDviw+)N(JXMH_M7U|m?0Txl4lXN?VHEI$pk}tC0A5c^-i$%-kQj>FVH#8k8}kb z3B?zc$AP5(z3d{f%ZE6C5kHa{NqSoC_;t~oGy zx>R*~X18ScV_d&(Pma*BgC1f)-3zhPJX^^-T1J^D)-Ci}nFX3Z^qkOjz)k zUa+Nb^r+grrm5flV?{G-pz}WP#)G$`Pv)2s7Gvb*$l>qCQsX~yS;w@()W&p-$SQ%jCN9-&ug`gn_-z{qxNf3AK7=$8Lu6lwD?k_fIKGMF75l*!*c~;>)`lQG9=-jp51hcf zt|qc=k+ZYeG9`OX9Yd1=Gb<3044|-OJowS3!3NNZp$zA#D!N$hL^GfV(}c%+DT`FNDty{9IvU z4?4{514~m5@3d|uE9}PhZzWpqO5=8vXSbg9zO~_i@&BPCU#heg8T!xtxkBkYbhGyz zNy3L0P%-`HmVOZjk!e6^k}qJsS9 zPwR(&3LW6fAAbof2_PGrnH#ToRv#iN+j> zf((&<_*L{GQvBWN9fhw`>tAAKckm+X8lQHf5X+)@Lc92HTAvpMW|p^N`w86UB0sE zkCD^L=S}n8l(Xx-%gvcV^rHJUtv{8f-y666EPe6w!9W!)@mp#0>))r(q$0RuE5w6^ z(S?S*LX>@m@QEtSmX0@l=X0QPu1s1D=EgZ2DK`8?^zS*O*`8+!8JnQQjN!cb{*>ks z-}!5krWXFQp6z~Dn1uBxREoV(3X{BfWjB^p0xnu@9w8(8a$#?pPb~}A-;Qn;&LtJl=d->!yPpe&DBmeg{B6SORbbLz}}% z?2MRcp5yHSr)F1pGMrt0x;Xfe>0)tmo-GBU$I)WTsh`N;)Dp0StQ>h|sm*QKXGcE2 z!i7pu6)?-Q6o23<*Aid+_0Dv$RjB!V-bfzG*ty+yq8&eKdnM4O+UN1_p847^qFkAjX)3$+rVxk22Tl&ew`gQrq06YHhM(&2q4?ymP*BxgbC za+h|0`?Y9aD8kJO_4eHB@A{R0#~Xm)0oYOnJaP;Sr7>u`A=qzJI<&v2VxCTYgXZ8W z-qbX*mv;i)Cn{%haB}5I4W($PZ=l)jbi~wNrG$7c);MY5KP-|W)%1zl?NSEm9+?t( zE`<^QG9~L2^|^YaeMG=ha<8x>2%)@BRoTH;JJd5nC&WMZHoo>hf1LKi01Hae`5si6 z+SWHGBOCRmoQ1>sZP9ds>olVm>ZqtWM;B&Gf1ma} zPbyMK_(f6cARoB)D`mFuSrNjjgNLXr7E!*eezMZZNcQ%xGXL`{LpQDOEXPD%zh zsZ-sO@ccy6;6JA@NebX*1qFiGx5e}BTB(c1+0|OVIvrPe2V zm%NnSObHu{=t8(`lM>A-xLE{Y|FjFaoY*JLZ$_o1QFja$O z%_LtYPdA1H43yomg1M5zfK``do>QsJ=tj}!7oVFH__@!Tjb^Y>aK(WfajZ{~;% zi>s%bkdf+gB?rZha3DTz2J-OfkfhbuhS2!1iR@D9xK#`*F5}&y1>k)^MbFyjvajE! zxSs$RwM~4u+Q!Ee0)Wh3@!S0Q9{xs}!E@U5G-I;}#{_aW;a|GvW3D;m#eEFUHqA3u zh|MK&ymjtsZO(EX-(B0cg^q`uoIet|A2ywVeJN0pBw~*tnAw98QMMJJD#0W6%DLXs zEl1*ZFx<}5qE<52z-r~$a@@(Qq`x9+4N<->E+dsz^^;Qohnf&4ekUoqx7p!Yq>;x0 zO3o(v-t2E?k}@W8Euw^<{S@tm5K(T z&pi#`#0~d@MY6{_Xo$X@;L)7cX6-K~{A@q};pJPbAkzv%>`!s0AH3X69!}d=*If}; zb_qQhG;1bsljzY)V9hvJl+^@Hq&aVFFgmYIT|KLOdhyARCRp`$>_ii23CdN;SWG0E zI?Hf*=0~+euEGEQem4&Hp+Y(dAb)x}_TnV)jX7YTSM(Hp_H7vB#)p?!KH5c}JuH0M z5cAS#ORa*Z>((SX{mrnW)OC?=;nY|^b<{U%HDFFI&cV zvRM8xh$=X35a$NiID2Ur!)ME&Ne1#P>EL*=83=Z~Kq$s2Jy#9FC_UZT$-8lsW8c}n zkrm2nBtnI?cX+-k=p$3Fasf;Jad8a;)9L0KxqP2AFkpNk%FDgW-KWs~#I`l* z4lB6)-^uU?0*=V-QWn=`D|q*q=$r^{d3*+Ix%AIkLgg*1zbn4Y;xA7>{qaW|*P*7I z7Krl327|_(+lTIcGE!ZYYNtubcb%4cI8nwhp=$}OQd1|`d+qmI4!=EZ2xn^=h=bV# zG4pPmi=?0wW|+e1pDk&~u{V@W$b^!7*=abnTzk#v^*6(V+ss@k8f4(DAmQI%t)2Q) zFDrW}l5*C5&Wc~$;yj)<&W&V+Cf=o9qyr&hg3;hv;Y~V!G+a}FHThFdQ$r62FCEt6b5)xIq`G18=koPh z`o!KS8h%b9BJFu8c?J@ugz|9^`n+*XU zaZASQUI^n5l>!gR_Il8p+*yX&QJ^Tsv0yFG&u{6x0PvMc8G*CQ0_4UukGjC%VP#E_ zB5@cPO)y16&j_3pxcEC*oAicdY}xHVenmxj93g*~sQWw9 zB?gim4ME`&<#U+X^QF}_g+8*5wmk;hHIsrXV)O7h%avEK$ z;M;AT2oQf_49soxTs7`z$H|C*#TiY8BkO3ktFvpn@di+3iEs@8Fx&v^VaF78bA;!h z5@evg2TmTG>Ods$9Yg+<;>9q<_uY6Msl8&FgbSJk?s{Ee+BOvxco&r>e#QZHwVcgI(LnI@M$%dIxPhd|yysoh6h1_Hp!jOW(L~5J z@j}r6?fsd@?aIm!6c%z(ww3o7ARVM|WeH>xWPV_7zuX{&U=w2CHnMuP(QamV&`7~V8e zqqVf|Wocc;ZQUseAWI!qpntmH3&(gJ707El@_hu@8Yv{Sl(m=pqI{C8jyRr{4_6&T zbspe%bO`c!>;NX)ocz&gRof?M!1)VD+b?mT)@{6lVsDmgyB7vxii4<7@hqB*SW+p_ z70LrL12{8mnmFa-a2=k-Em%kFs^NS|63_3%np*wGrJ$Dy8HKD@yhtApA zm4ZoOd$WOB_!@{Qe!4(nu1!*~A+Z@JN5xC!ykzGg$;@bcJ9J_$E#Y4v{c%laK)yOZ z#4D@4;u-FrmNQc`o=b~#xao^SEfMO8AR)k0iIvyaoxq9hjeW9Ww9UPrQ=_M`K;_*g zFe`*_*J{)qWG2xjMg{KYUr>rs5VB2_h)cGz;uFHv(W+Y5kxr-&78S=2s&Zdx?+bpw zbh+MNR8;W7-w4ju(JwrAbXJi!07bo?@pm}B z=lta!O!lNVu@zkORdkiu6|7uhlNVhK!#kl>@dLNIgd+6Su#hk% zc-Wqkzp_nx(_ka(>tBF}c~Ls~Oty6>+fORCo^oPEPICpSiLGnQSL&D9r3?*;&f|$z zk_cR};KeTyZ5qTk$|!VpG))U}ECVNT5|?+rE{l~Wdyc;uVNcd&dTQ(n$^O0Ub@s*~ z$6ZO+eO`?nOPaM~|A`BR|xbDmy>TRmNlwJgB@J z{mkF#bvqSzJUVTyVhcK}9d)vW;a*Nx-Ite2RNhFu_yqao<=ijX4oO5lkPH+!0}6DT zLyP9cj&UmQ8Go3k72Cc!-FhdX2!CT$Vw12I-{)?s2=fzZFY8OTo^iImq+CUxY^UaQ zg`Q@*bj82A_>kU+9Q-olUU{IFC2zj>zC~5D!eUef3n9J)0rIjd}|0ve4yY`H0)0#I~hf%HccpdbIWBs?zuld?tap$5! zX5lXx-A%-xe*uM#gbPJ(iaElxU+*^3QNwniWzFU8+QR;_*Od*t#6cp>#(oG*k1nTp}Tk|pT zvlIvAEf@D`VAP)E48B&@+n;%HIOyFpSdzl^Zji}0Z4A&VdNpsgmT0l{;t!5<+*!dN ztj^=;Z4J~2f|OVWIxD7l?i4K2c$i5^&NdKm7~*_zec5Sd*(=Fz7yCU9swL>^baWJNRbqE*{5BUm zH_;}wH;__l!#l0Kr)>&Zkbxj9XGN2BH!&_ z2e>968NE&uYEw>Ilij6~N5WG=sjxE>x?98>vhQFD11VU=Z|5rSQrI`Z(|wKPglc1n zj^ke!I5i3DZULMC6#=Pmc{BXjHvm8VH2VgSMHu>aG{Wd=h%`4;E*`3pa}$08vfjVb zcCTRl6L>wK-28I5O{-0!iQa|Dn}RQdgtEg^@79W*kWh3FpH>|lWyz=v9o$EJ=F8eQ`@Pzr%f z0M++kP{AAFv)g)#kRllXiz|UW8fy6Bm6KGm{dmOfD<@8-fpV7bxvud2H%beRmYXd7 zNcfzX@I%|Q;3nT^igLqdsVm_i%2Fusz#9DZC*~UJVdXjL^{1YddlD`V_XYO&uwdQM zC=UwMPYNnCkm7qG6-%F*r*Z20-;D?=4a`lArH@pk`*zm)lUA_DhQWc_ZmUG7&(jcq z)%0U~ELpgN7m)NDTz~W84+nt1+>Nl?*|7~5lbx_fCYO` z(hUvx(G2+eZLU3Tna+Z^FEv4$6`u~re!IM5FEsXb%d*7hwZ(jQIsc(| zyYO=A*njafdp3sn=MIG~j+$bx2^0X((`;7+Jtk)Zmjvfl4%5V>!1=B?>jI5-QKG4E zMg+}xy~1mw3ZW&(>c`UTI%1!f~W3D{feQ2 zXIJc+I$-0+#fJ;y%B~C4w``3dk${-q_LpRxM&lJ+l9!n@ZrV%J~P6 z>9WgvW4>%nB>wmmrKKcG6_BfU6${VA1Oe>7h-w(3FBeo(D^Nao-plp{5qn?VE*7iR zS$TB8*-q_rr;8rF@~WRdHhCI(XL}(dra`~W`BLs!2nXuxASnS~b@*12b)kJNeUs!F zu{LV#9jBk;f?@bInro1ubtaNT(lSZpTS*dgyVjiF&ZPD5=Ic$hvg_*0K{bO_%OPK; z!7qZ3G2jUv@wrnGteT`aF%!XH02Wr|A&6bM@Dw%t!h*F2-`{^HL&{hVR@l z(4d1iU#zKx*_JH=JV#BDs^N*Lw&>fH@seKB|0*v2M*b!J{dc)_HFnOGbWTO9xiO0j zvz2a~r9R0{&WtxJ@4w~@<=u7WzT-=+`ww}-S$`EG=P&gvL$qXkC4*3}cbo-Kl!xR?Ufl zgY+x(OZxoR`pT2CZ5-FmKiHUjnOi9G@rEqgy>h+}i+N#hVZ@~4YT?|8exisk3z?sA z?%w#P@u};^Jf6olsWa~TGY;3>#PRRTaTkMrdoSM@sQm81LOrQ(QBSX2jy%@-lyuJ! zt_Eo*WT!6@ZS^@l;vd1)jxiRIvr)9ilNZ=;850?Dgte#~qVir!XZY`#gAJR z#ba^7bImHwi|)^cUFGZhe|3u1t0|PzI@UbCKl<7=XR*%;8^d)RD8*~QWBe!85ZOr#PooU^5z&D z``WMk>z`z%7fDqd;W_iy1-{~4qft-=Y$9V$kzNW_25YKcEG44E{(G%WQdOz=-&v}l z-PsM+`&0J9uzIa;njfT`df+d3qB+$PlIbnF{g}q*Kw;MpSh!co2cVxlEWTt#(UG-J z=G{E#X;VNRnKoF828yCTdKWiv)EN1z3-G~G%Z)r();^kbFDm+=;Ll~8DUHWK0^~Mk zM257$WV(PmhcO#2a$J=lUZCLVez7M@g*}2R+eeYpiMd zsx1ONgivz@3J3XB>8pwR1-K^3Z@G}tk@qCht0t5lZpz;CsbdX^X3M`FksmZWU1zhG zXY*ttCEYViCe+uEW4HUh)LfvPKRU3p7o&e!ro}@v`hxEFq}*D49AMXgdg)6;5sNMx z0(8E_#1w={R(?~Cqidvu^vxx<&1m6xw3cTH;=r=eIjrw*;a3wGi& zBTtS6KG4%`N1#C_jR0SjrSV@8U?SfMkgbC@V(4xEs$kXerk1>0+g&y4)ekmI;T$ad zgYVf@t)OLah+s!;k7NrH&-6WJ(CHEBNz{--a4Y!WVEyZ0d!@x4XNRUUD%k)y2Vj0B zXRL)JG0kUm<-a#h{eGKgexTokQdtu8omuwkE!`>>X%T&Mi2x+uNrk|!Z5vWUOvBWF z77-?bm%ogw0@C}!geU}1vu%=G88%+^ctqA^z6^`q_B)N7P%@O;8oi&v+LA$b8n)sipY+!|GL*4??X~X_ z*Nhk2`hOktzF?GyGyJ)p(w|bP{zqAR@=J!(Nd?TN$PN%Bk`j?0ka~n`AD9#k^#4e$ z*3`VON1Oc@rr@BiR1h=BilCg|$@PlD8KBd=9HSLDl9j>`)i^A!hDPxX%QzR#sXW$O z!e1J2+Q_JCl;ryl`urjev!9c~(*e*z8z{UtZY38Q$`Hj&)yL7u4uov}mVg|eT`h=T zMyS6ff70P1OQ{QA*I!OzP-y9;#;{I4kdn`b4HITsWZ5hp1Jw$;BK6`NpLu({Fl=A( zxoU(6Oq1$^@WUptx#Acch(0A+~!m!Tv9NZdD0h@-6bbK<6g~7Ff!GsVNG) z+AMan@e~n$*Iy@N2aVEvY#^-c$(jA#PB0rPZMy4Sp=cYKeyJ_p>$$Bm-Hz>w4#h|M z6&dC@cU%2CNXJz)FNN}=w0`zZR_|lC&tZ!WJi}QSSR}nptbg2$*0O%MRRT%K?#^?i z89S1ICWy0Qd`x9}lUeJT-{A+v)ZEU^j)j*muxrR}q8ThL%A%Y8$N~H)$CyJ#B3^Z6E-E?U+TXO47tT5mnS1EnfqaKow#o6^y} zF(2z1V(a6>`-FNV_iqSYe46%eV(4T}$VTBt=>tL6dOsbyj~KfUw3FiCkl22|N#ui6ZSd& zUEaGLsr`CF)^Y7Kv45ZI&%%-`2*Io|O;4@8$yBCscGvBwH zt`mz)(kaA!H=7fVjBcw*;)r)_A5%fGOOR!;&thWjLfK49rf&Us9fi2OR2Et`rc;z> zdY`G`{mNUjhYLQ5Wx-cZXBd%uvsFx<%rql(VG!&HVBb2&@v08h1gCNIBbvTaBnWjn-a)mWcvd5ipY6`2@q(g)B&oj?J4h^kdfuy+Nv9LxpOsD_2+2tAd4 z2PM7q!L#W)uIc1^OCC9u2D@FIpL=4qf|@L()QssGRUYeC)=|h*4#cz?in#`3btYh+%YW&|8hRpkT z#r64ktN>3$nN|mtM;)j$%I+Dz2&J9mvH^ga=m(V155Sa`@63Xrd}IcY^khuOmMgti zV2~%{h<8i$wdWTvBhgPzuR1cNq$`5}tS@rU$BA+)d&a2C?v;#_&Q&yK`96OPb&s zW@+Lgo8@;xvL@*-q~dS%yp?pC^`Jg$JaBB9#7px%N^<$W;4XI3-8ri?*OL^W_fwjD zZ<$pg>@{b#&cL_+-ukP*M+T#9<9WJ352IawIslR{p=(H@Y}Apjk%)eD)?65$4;W+q zb~Op3pQ}fiZ=R&39Jxu9G4Nk9Md=KY#o_Ok5mzHVtp<5|7>2_%ihys>bYk7WKdaZg zOHfKNxmRBrb#m%MJuMk@X#^sW-*g9Md(X~TpUHLeM)2mJ7JuFxAoCxpg#up5d(jev zclM%{?u+aCpaY$&9#VZk@DCM50hQ5y_7U)UTVGQ2WN7F3fxJgtAI9iNh{f!M?$%uR z*MPJPv1>r*C)eQ4wbur9QTr{Km`6be46GOIh1J8r_zwVUQ|O;132FGIdJ%XzX6g1& z(x2|vs`WHw^5du@z=&3ID8KB%e4@{nGsvEgkDC?V^$g~i-eJ)l1jP@65OjC*@Z2WI zmnXTN{*thGClQ9AKrXV40UCoCvn>e#Ed)!J>D%jFL)6kggilKpRDDguV0`LhIal(( zl(lb?myQF1tKWP|E6t@8!<|tqivlaihjGS^!NjqS(e;c|12LjLv!a2MqCr-HZ}zX< z?@sSqkFODH_ywe>2v5YuF7Jyn06*ti$A-pt8mni`1)0-7h^^wxNGvahk&YWkBO8o8-a6AcQ1`}_ zjP0OZ3(=3~=}Wq9mr}^J-SpRpmRcBzo8dv|@ZDpd;;U|48uf+)(Y_aRiW!Ua;kv-! z(fp{9Y%gEPa)X!UE!M5+B&AU=)eM@+sUOXUo8Y77=?$`C8{kF|UiAI?NBS1~jc_s^ zC@xFu*yI)%Oz?CPGCrW8Slr|Wz)&*S|Ddyk5hJpjC?$nnYv3#*X#d%Et30rG4_WYn zpO8(&YrTynENe1Kr(;Y4qD>5f^S*iV>Uxf3Opd4*iQP2daIRfnIT3AFD!qhxpp%~| z748M!n4tq0h^P`2-_l++*^P~3=5$uKnxFfM%Vq(YbHW(%M<)2t5i~(m7bqMSPKKT@ z|4+P(rm`;_&U};uRkzN@Qdu$SPfjoBR5Y-YgF8cHyQQx8D9Q)F+8q95kEnhzzJrfuZVzr^Tp*je_r9CLj}xbI^acFsbA zQpPf~eZeNGVZzbbBJ@K+gZBB@46VbBAI7QI5W(BC>DR{dWm1+{w*W~EXrSk(iCF;i z0uCM&KC>Lw&IjNV37y>v+ecA>(?HspJHI7>?ztHY#^`W;;*jt95e?cs5ik2V+qJd) zY-x{|9*D>=bVmh>#F~q@rW`Y&ZtTmx>A@UqHqq5e(Q3|Wjs^1nE*g%Wuc}Y8lrCZ= z!ZGN8iz_3t2NL|R)%;JKVPXpa9w~^w+jE%(ct}gg=`Aazqqf$QwsX>w>Il6+Hws8g z@6-HC3Xo~(aL<||ibPBrF?m)J*7$Xb;Ud%H?US&h z<7;lDuXAsc4YfQCSoTAt=G9Jy!mzu#>Xs{}{$s-`Davw0e=bv#zQO~p-FL&B(0X*jj$q~B z3(K4VX$1aeoT$`@nd(qfQKNiDZiC7DaotEOTt?peizWdD^`yb^mm$D-eO@W!9~+M* zvc5rFDEpOox)HN;d4NvUp6Ed2k^MGP(bU6wEWzX}V<`?5lt|L8L3oR#E0;dL-eSxx zw-D7%VqP)s9{(b4DO-1aE_nZm-CEtT*iGMCLE=hR9+zKEd}8_oB%2c=Cs)+mji&hL zN+}NAI|Yi--@977)hlIYIl}VZ+ECRfkuL`@;Y{Veb>8{Q?jGX;KsXw}6b)c|uVlyn z-R=s`E1C*20;sg#qffVR{9Fy5(}#lrmvo4P@&IR#LFadhi#_#g&e_sdA8vX#o*0!< zd`1uk9FHoFqGRmimh5c#@}-?Iv!2 zhc~A5M7>%p^Qx+;Gx`wle##)m{^?Qq(c;B`-19D8fx*C=5T3ckHmTbRL-z41;i1N< zN(|C>pL_A&qoRQaJjBMZ;z148Cc0@V;q%Qz7p#EDAjnc*)V21&^WZ;UKuRH2O*`V! zii(6R0p&_i#~Qkkwo~Bm)2^%_i?8QDSSPigU4Ho0KdK$wZbjD<>S^KjVm<)je#?vd zhIU@dTWby`{BG31u70hvr6QqIdIT{?{k2xwG;qhrT-{olc_KRO>g-5WP3b+8#5PT9 zwWwu>VqQ-2ZM(Xd{Yo^#5|7{+)K2pZcztTU4gjuZT@^u>fBRJa?Wsf&IN~KZvh7Ua zvn^fh`0H89vGEH@2a#a1Asi-rsrM}cdj23(sxl3Y3cahQll3(_F6Dws_S<}7Ffpj8 zSUctikeTC~;hdAL^zC~iJ^%Dto4dGLSv*@D=+1Q~C^&|~GBmG0@KIIkBNr@!1N2yB zo0m)eiN*IP=gA%4PM?Lnc?AbPOg~c?9)5h2L|u?v*ke@B|9!LkS>@EmJv**z*Lq0A z-N#l+(op9*q@}(NN5#SKimTw*`J5d7Qj<4iDTPlmWdJ4F5qN&Vr0uJJu5_(_F)dRz zGS<4IhJ5GZ>ccyLVJ&0c_`&BFLdTm<+glwDKl;1X{IUKA1*%@ZvC=U8?WuabVLk5U zN*L+(!Jj+ZIi!EOEA_G_T?YY>f)`iLD_JBGNFV3OAsQ>D3vcB#jG63GEuESF3NYtp zW<31*`ZMX>OPm1?$jozl@NH@S<<^|qzvn3S_qC{rV-Cf^gw>r&o*+D=DrTKO3W3!R zd&cZCueCvUw+Gq(3beor=t7wu>8>gpG1cu($yXTu(A(;DhxL)u>uc!)-NW4~TJJLH z)N2xsyemXZ;_rO_I28mix)cXyC|3!hDXr0;DNzTDVJn^CHO|GGDt>4aLsk3tuA@?^ zB_dO?Va3^s;|CEH>th2*wr;q$%-b8D~ zdp)S|F3TN@TkDF0r@OGQI4bKyw-woP1_*q{RQa7Y$;k2j|l8hh6O5nmvN5h-UV zZGmSw9+3%Zg)g7}?k;kl%YUL(_P!sf?noBoT$z{(k3?+ml0;X+#0&iZzrEz|Yp+|G z$9IohWgJIYJ#BJpif~LJ>a(j|M6Z=mPQvT0m$tKw< zh&q}~>42grRypp>&H0YHDd!{mhAt%K!_IQXW-aM&t(m&~BrqAkBRMG)hRVAIp10O$ zAtv`eN7lc!D4L1}vY24FX&4QbY>K$wkNZX#2188|socyH43c?#9bR6ppTy(jj0a^< zZy_A~Orrj0xq2AGawhaCNwMA-o zQy!KjWCE{s$jE<_O_5nZH?XV4V{LvF_AHwOr#s&s<@Q;iB_QgQN|ysnaXBN^vYT+T z1oco>ltSZdzq^lO667u;ibL-y>x7iWZF|t*TZANW3LmjX@@7n{o6^2e5E(B+cW)z| zjAbZ;jCZh^IpQSV)cuvkI{#j~5tW*n3<-_QJYU8OUk8>~HpAO?ascs)(gbc`B3)Kx zm+jeESRc~iPK(h9NyYTN5j6tyP1B^Z`*1!8SH%iMkN$H$Nez)FrBIAdx%Y@PyA8AL zX2)2d0@-`WHlE}`fV|b(8$op$J-I1G@n~sX@p61cX=Vh?kq6n4vH_$mYPmHe>Qf|T zj-BJ4xP$7_Yb(5HyKb|v^2Kw-18I~qUNxsbo=fuc(5auT0hV(>7%6Bg^r!_$SP2>p zliGfOcwT^xxPIQcgy@Suq@r}q3)>(`42ZqpG;aF?#6m3<9}l~sXXH__sIK|E4X z2{)bgGRX!4QtxeHxFZx%S0B%iw_!5dU?v{c??uZ#Cj^v%z;)goa79?EKP zRIDraT(kIk1=zD|Jo@7$$s;xS!<G%L2^Hm^#jL&YPc}^tncLE^CU;pfW+wGXRb6Bfzktr?waHIzJiI-*r zIQ@DmO6+Fao9gMp(hdEKx{QK@LpM|Km}RS0J5Bzx+xWZ;5+qg*hmG6h(n9>yB7Ny3)00& zS%x`ejAc7zsGRT@kfNM8Db?YLvzDfOF9-(+l$ibLG;XkP3+LZEV~Bd{%*FiMtb0C7 zDaH6AxHX8>IT_(C=nJop*%k7sL8Wrgewr|hh=3-9(LRe^;thpNR|FiAaxn8^Xu8lTq{rl_m z2w_Xc?rK^ri7xAZU$q}z%a%p>8hzO9yM94=+=JRtf3^im3W%}MCJE@@;hvT9NGN?yLL-$8gt8;l z+Q{<~lEaqH`sIokJ3%7fx3#s)uC#h*c>Rn!Mi z4qNa9lU?x#Dh_V*idc{v8+D@7;zhf9>t&eCvU2-fUc8pZKX4vHm|% zwjWlK{_pVk*Q3arzfVbZc}mE}<6c8#&SEuX^e{9hhO%Fb5K$Rb)31KVibXd(O&*Ka ztBu?JKA2fU+PoXKhy}Bbek7I(7XjdlRB*$Lf|<%63eOQ#DYfw?WDX5|K6|=S5it-s zUj!hDo;^DP0rpV;{tk-l4bWt#!(NKR55x|ftBU!*As0s7f0Ij7X=oUHaW$oMr}*-l zCWfBJQI+@o-N>Y)Uy&DTph4qdjUeaHc!{`F>K9lq9UB~kS&&N*PsaI#pAmyZZE@d7 zR)-U5S%iL4RW!BDCXAw#n&p)G0raf*5zWpfJ zavs=d(+mx3$ZByi?SA4(Q+CIrnO@%+Q&g?-I^qNF>3}HJAW9=tu!R#g%29h5s>2CA zJ26+nlNnO*`*A9C4(_xF%}KgGGsUir%u(My{mc17i4_mbfdIY|*tVXD>`u`fMluZ9 zGn`4lwPy~_gwDI|w`E?XT@xwfngMSR@IF6Bzd>MIt$NLqL+*J~=cqVg$yU@O7Baq4 zvqw69D%vDCZFDAN9R1qaC8?!BIFQpS=n=J*z^Kg`k9`Z2t1+J$&pY~s_r~XpOs?_g z*KOLsEtWDb##jz`iQ$cF*@m$ZIV@9S<@;7nrbbP&`%qKB-xx%L@5)|e1j z(+hE!>8(Db!%10;1F~b~NH$3c0O;@6KPYZJYj+s=KFUYmPl-GgJ zyUDZ>rv`4vBetnq>IvexhAcxER{AW7@+R0zFXrSe?{psF9r0*iH%;+ZX=(>guOp>A zDKWF|uR6tLj;bWz)YbQ%F&nlr)mPNj3vwR1^DP3P(J1n0Q7-4K8AGpOz(Ub;T$QEDfI*C7hzH}BCSA{S%Q%ALBG?t&{QQ%ZsO@(&Ar4fl9ETQc7<>4&qfNg`NG6urlV>By|RY_vV_9E94r4>?^Eb>p-CCn_}3^|-6u@pU*VT7=?Khc1k zkl%&fofMZc)-nM^Wf+)+9twR=6;lr87?%+Z6_3^4o^_pjZ|O&Qk=i z7XB*7f!r?w%DM$28kY1C{8fI`rcJk2u;h*}u;j~Tf#NhKaOD6x00dXCSf+MQpMDyZ z)@ILW`s-=Z`PWQ32R0Mk0U%38%#CrBnxk*)jck;kQjDXrgMA2yW0t}QoN3Dcs-@W7 zGi|0`^p&xMkhalJCW|c}_fp09c39SP2Biz1rOjRXad0ZZ9I{DffMs9>KCCq3w%Z~? znr`N3uoKqIWy$TGnd+dKdw-<+)Nl9Coa@m5a$YlqA8n8JbIO1Hf@ym$YN;i=YqT0R zZ+w5X5uaV(_guzfkPSP)#tnIJS*scA(DzkHVCUp^Xd2@Too$9%S;Y@_OfCcBCrjU! z&#^y4nFAkv1mz{ck?05)FH;-5fWlWOC-IQNAAX(;Vo%Uu#%HVxzGA_-fUpkxAMwP; zCQ{=xpku-P_aaPNjJf^QL6v>9T)X@YXI4n{g|Wu+rA>KoxqaGVGT_ZgUuQJ$Pz%e* zd5jCGvJeAjF=kl9o_Z1Bd*7Zu%v*gJD4}Xz#)zR@!8;PL;7LMa;HL8g7JP|=xcW!D z>!gnQ0tMx;o@e?CLERJ->sUZ zWm}72IZEm4OpvMn;LsDbk?6?M89}GhZ#ngX^uCD~h0burjEg5Qfepjp%Yifm(q&_q zd?Of+=5EDAQrks9=K)aXP1rmhm!v{TVut8r%w>?Zh650a0A#m}>aBKX{!5|xyajgM z0J&3WL*MyG=Jgsw#*D}HuAmocB$X1Y2hq8w$Oflm<9TEi8FE7F>+u;RrJ0xrPzj>dt^Nu9f7ZD*LUP z$oK8#8FKj>-zaV}3CK1RrnZHr8#4FH^9xR&GPgviWjhgQ1R&_a7qbXSwIab$I@($GQADjdPV#F+a zvdZ%i8{S~ux@bhdsjt!ndpKv9k3D@0EtBC^NlXM|ynVLYA3_pvlFgps(M3OXfLU z0sa!Ekw4b*&x*QtYG!840Ng<6KY4}lvquxQaP_>vEV?m?!e5CtfvSJzt^fTau#A+* zA&I%K1Dj-WsJZ^;NaS>DH}0t{yfq1NdC0icI! z5x^RpRu&wyoc}N^5uil2yi>`Y(%>OW*Y5j&BQeao{WyvMd&a$s3ZuS%WB%$O0{bR`P+`ONvnBezT<~WOOMy?OATzuts8TMGxQG z&q^JOx*bjVXTDMDwm|r&G*OA;jMbgHEYUJw8y5@&N@lad4)WPI6)0|h0eqC#9zj~3!WA!W-|q~e zOr3}oXHiX<<2EQ95qHpt{3!3Y$m_8p{w!Lj0Ld>|sguPsOo<##%I(bmbfY+Knjlpv z`Is{UHmD}VFQS)+rBh($F|8>t^$lHJil;6&PoYn+dQg|M-0&voe7k!oheZhtXOvBn zY4}9yzSC)77+61`g}sN37Z9j^C57u65H~!hLyzqUzB4c)2LYlyB;B-n+z$yS^5fjFJ_g zg$p(dkUn0e} zb@lY}W!e_dvN-)KhtY0kRdIm@wQPE642i5WCiYh8(62lhGuMSL;n1`FjojJdD;`RV7-DFa2mD@9TZnaN@PI1lGh<-Z)k@|!&VzoE{;O9sp0b8S0JCFW&B00j? zi^wH^(W43f9qJWh`LQrUeH@adD_IT3pbwXA15WjBrdsJ+vDRTFp zBKa+$fiaJ{gHQ8hFs!1NOX_dGII)21)X~Pkf5p`U1gl&1jwD#*)`@skUZf7vg@75L zRl#wnQERf6f?2PP_HMua&pzkrlrxEtahnT-%XD+RE<|cvP@ywxQc~($eUvLbRe<4o z**1&pCep;OYnOQAwO<}T;5?UFB?MDhak~(&Hnnn7 z9e}bgsyX>lj1dY%pLz9RLw3f(=~dKVMZ(d}kZE~V^At^3tMn*qR^o0{W3u;nv}%p) zn{b(LsI7jB@>Rq8f|a^O8Y$mKgp!iy1NY06;pHMpn}$#bR_FOE2R7>}`rHqeQ>4v1 zQqfV^1P-8MMkI=J~5P8JPNYbf=gA|WK z+Jwpl?sriL<&~lS>!NY{l&AFK{i%~L#Rgl0eGAj~Ij>;+p`5oBRy7l%VPi4X?tdw3%hzbm_PGE)?QH z1T~HmoI&x=B3QaQwYWq_#B8GUu=l!n;tdZ4MSgnjn_fQ3ZwV9kJ{gw$EwbE-rlyd# zk5pqT1C#SJBw7|>Yi6QNE9mD$8MR%h-SHTi*7BF}2EO-TrdU~p0{~f$Pq~fl{7E93 zMEDXw?)WB}$BwBb`%;Zj@R`j$w=v_8PjfMZ^n;yi3#Fg`W%3&ukK2`+c3G0WNich6 zAmWVd_7zb{e8`BWYs?!ab*C;e;Q?i|e|i99ta=rjq0TGWoGevT`c%9rTHs_cOXfH_ z$m4~;WfN46;V^?3) zQ;{xnPB?OGu=+@no%zbvgvP(;Tk*|fG9WYuXHm?Yn+bXQf;eclBXa62=>{lo|8dTK z`$M+urr@ymsRKMg7@BJM*S&_%+5CC-V9oXCTeTGypa%tqE2DPJEs+>Nj6xue(|)<= z`^O`Vw}p&@!sTS@O)7y;)eBd#-vX&xc66)vHCCKvVrpw7LO$HxV138%cq%drVdR@= zyQadBIt#|d!Kt39_k%^725Af3pbDL(VU2jnTV(_&E9ODg;@c+ex@-9)vm5~Pw0j(8 z(*6z?FR<&C3LO?-k~RHaroJ?vCCZ3qmEGWNoXG~88-+9DwsGI80wmP)=)Uy%1E%iT zVd2!Di9{cCzO`x1FyEb%m*FNaJUOw2+yM1O@cu`z=ImKcx!?ma+JS+(^#Z@UMSD^{ zi-Vev0N}*UJjh(Ew1R|Fi(Tiv9D>D2%pV_ohrcEk`DylUYU!_J*gO0Ko^UF^C_`|t z3vbV6e&U-b@_2MKujVy`ma>2aGhNr5%|Q+`y+HSStw` z`1pslnNzD?g_8DWjnf13y&?Fmk&QBD#a7&gvmT(}wC|n!mNoZ{+wqczGTrC5I{uyH zcq(x$hCln+fE~Fi{|!Wz7O^gpZMnm)@gxk-FcW~|Q>9AJ4bjU`7t#Bg%s-5t6Y7?v zl& zyz+rnBc4G@SifC2^=sAL;nsLoZ<&b zcW)e;FF-3UU~(TPK^LLi5#WuBnKq2D$fM}nB)8y)M&CtBIRp~Now~iq(-CZZUm5P3?=F_4lvq-a(o?2IoIOw~gm(~f3M`z0!J##zE= zn&Wd5mxhjt^om*-j&m7}!tpaI%f@RP$E%Emw-7MzzHksbBk#b73m8!Gv?&@U!6O5G2jlXv3NS*uLs?obO~)0+UNb0V4Gu zFSKy>9ueTJLrJ}e;`boZc(Y__L+~@%G%83?t5=*OmQ)I1-!qo>?=lU@m5kO(S5Dw2 z3X)1E)?pu#-$D6sS#Wyo6vGc>-BY2Ge^AHf{3Ph7S8<$%bdvpEYkptFg*> zAG)|N$`;U|+^Dqc_^iXKDB+H*BcNx~h^4Y+vR0-J=@(7RoWC0llK#pQ=SMNZ7eQm0 zaIxvb2#YO2BqlS(e%|5WVv-H{@`BjyRoWplHGAB6qV@hfb~(qf2?48YPvZZObo4vv z*?XFM`Qd(+@wx+y!U)+quUqePOKMOYWr>oljV^PqPL!_`r;fECx6eWGUucOgCk##ioy!$ssNov~axdd@8LO1p+;UlFeDa4BB|(ztYPjkg z%TIf=L@Z1z2vLP9)s#?9J#m5mCLS@sP3drZbmfB}*T3_e+|)b_sA(7?Z?_QTRA@20CgXQ&yq9-FKXl#lWv-FOzHFkP_B*DDw5PS?IYdsu ziWdjI9`@wsY`eG=`JIoWDI}Ii6Il&Qc3hDh>WD6^BOl7b>Tb(JD5deNg+Q?Dp?&zn zZ!OmYVh*}w#8yDAV7hW`yW6YQG9Hi_qNDfCL!cQ2kC909q365W4(eAp^k_%PCPf3H zfm{gtZ7j8iK>A^%C-GC59`9pO1WeUS;6kTt?al+N278V*4b$(&hJ%8at6d&{+IibO zD^{)9GW8N1%kwY0F;9xNUcvPYtCJ7f91$?yM;#yJSbJtuxu6BPyrTBiAQ5!&1-y%R z=biP9>%~NGG!{_sEo)A!d-DnW*?_|+uRrv>PXn;Byfijl#4SvOi zrj`=Dy?1PA0NBAiW=0YM&A+(T7JM1oxuus-hl(#!$EqiqxsOz*dh?nuExr1;OHsq@ z5c~w>h_2b#W-;<&-R1Re#nxEqfe!zW6*U3Lv94Iw5$C%`%}+*(xd~1}im($)LFPv= zRCXV9DDIcYTaKtciMCslH=_l(q2Uvx5uaK8pO!Am9mr6c-~`H-jsWEHj7P^$opy1P zkXd98zKu{+K6G`|mYK`cCa0O2X-c0NaqnmXj2Q!FDz#=}%0R=jVV8ehEP99Q&|^em zbG&yzh-G$WjjPyu)=Cxjl2AZ?JmRH?fdk(7*LQDy8*jfH|7%miYs9J9taZW4-{4*( zh8?pa!2163@xQ#89|m~uWxg~5jBN>l;a=~AS!b^VM?Pm4DBNRo1&~F04LSt}SCc@L z33{6?(~0h!MikTUY&ehNW{jV9&`~USZUWU&;7$sD9e_t#=!_9QY#28kB@7l!UUoSi z_?o|N)mURl>-4`;PoC;~L=4F8P(37HUNV*WHm};sX@4KOJQA^P@5Ejw7s`d;1q;ggGVcl$)|(oD?bi&>(3qu{Kxq@ z(w^Zdbgkacgy66TcEk(-7d4-{Xc2GaF7D zm&em7s~b-HYt{~%r0k5r7$@|UJ(S!AP5s8dbDBkHtMPMK8r!g?$V^8)94$K2^Hxv| z$C-)%tKsLjBWE0JtF|U!btjN_1>1$T=$B;+qOYYxGwdb9be?bvh4OGFP0}R|TBb(%1tTG&?jB2Oe*(?1IIZCfpD+psf+QWLNq zI!MCj2(~u~!rL8hclQ1pZM1#QQcub(Jag6y(nSnMHOz1EE?+*~R-J}5puo11Yn6dF zl`lou6GaU|i~y;28Zf}zeYW`q3jVK8Cu#m2Xz8z~d2RT36y^RS6F_V^q9Glw9D^!|$Aq~480Pg+ z=OoOE7~erdEJ+CMS0tNJ`W3<4_GmaB!Qrz@B!?UH+FkSJIP&S);l0sJCQcDz_w9~w^8+ezUuQn=7ihNk(&&XD%jeL0T^BO&vov5QCI^nappOBFg6>)-Cpc0gQZDBZC~i)(1(6gNndN-N3l_*&-G z_s{%6FZcfo9x(bjktC*LGkJMB8tI7KMET6`4ksYr_pVG{eZk!nZ2BJ|*oGoA7HXni zD}9o$U8wH*@8)7gh=c^yL?8)N700ZHl;awtqEWz14~syaTuV`3$8P=_?@2ixRymA( zKh~(0E0I@+BW4)&r=~oO^UqdXJVIAkN`QXT9S0P2{!w+|N2XRif22#PT>fk4mJA@* z(OU>e87&C_SDPA&v`fmB$CGtP#AaBF4v7!e<_T%Rc;W#@@|57SEc4yI%g!4)BGIitYDyL0&l3+*hm#GsUxVY z{|eKd$RCyAlx(@1W9@A(ooixu?{N+-!PIAp_R*C1;7yO6Uh`C1i%G4#qWShhMIye* z-caS;3cBpVm{si#zXqe^d*b#&X=suryhKWR5Bh=Pc069%^9(`W}+Bhp=I_~tp4QmEr$0sDDf^gj_}E? zdFfV!hw|RC5GeudKTbNqc~?ZJRj<78sfE2`hB{*eh(?1sA}P+yzTxhMNx+!7K0_?K zRTJ{Nq7T>i@jE{=v{*S$#ZU9FDv5XL^Xvg}&xrpo#*5j$@0#YM*J;aB^?UG?7cCG#h5pMQ85chB#`hp-;MOlr_~3YwwLReB@$ zk3B3NIuW3K+r_a!yMc>)>O+I&hL29)0e(I=|7P0E>N9os!?U+}eTD$vOX2UE*w&@sR;@tsi?Cm(!4V2A#jY3 z%}zZuV}d{0TW^KHz)rYF<#&r$itOPBLHcM)#c@EFz)LqWf)c&t`_R*<(unaTyi^{5 zN)D?oVqu?DfO*6`w=&$jI7^lfHnejho0|dLK-&huu_zZBYXA7(89c1Kob(k%^z|n( z0N4ogI$;|i%Ie(49jfBf^O~!+h zjMS|f2!u1aY1x^z515#9t zc9=hR>fH1irk<8Nd}nuzxwBHnaN!W$Yd0KaD_j;A=r*)L&lIC3D5*-BT|vs0Fw}3e z$7#GmplxaD*Y|#%CG!!JsMZyQ%05eGmYRRCII814@8sAReVfhY5=D!R@Sl>Ue0On7^?lZ?qAa0&~7&`^pm z_r$9stw0c2-z>y%)llE>Nc!mhkT%T2YkB#lk6wZmoYE8WKlmXY*d6A#xS^iE+C%Ee zkC5U^PpEy;Neid5p&lzPKMOjAaB>azgXSZl$>Z8TriOg(&N;OebOVyj66@m5omm^l z+grGCu`1&I-@Ch0tk(1>jRV2dGpzQEp;85!MG5c=*WUH3o)cMlpz`AW-Ig#Pnmt9?)8 zMCdD)q2pNA+a8JUcuA=?ZS>uYWj`u^gtxxD=UIb5!4sp;8&7Q_H*ZfuS;!CnzQNB{<%80o&oao4VVA{YGOVTWd4d?bs_+6Q%??U5S5i5abl z6vLCL%6~`j&EAg}2xHtADgBo5b~0Dd}t% zP0R^56hCH~L=UNSn>rV&LPCn6X1m(}HUp=4%e6JKc-kN{AuPttZMCyGaEWS5zFb&YuanMVgSUN$B$cE11p+f}dnvmb>9sex3G&uqyT9P#2HrV$aB>Fa$X+Kr6 zEa}%fi)c7?cK-?*KywGvJyFqN+0RxaezucL+$%$=m69;xC`<{gM@V+ZySIrrB@n|A ztpfO%O^O#&O0?ihE`v($9J0Rs3>5IZ&Ow!WRR%rP#*;zyWU&={H4hjWfa3}Th5^C= z!is>~0EYjEf&NFvs?~(=k0PTLv>9tERgD8ED%NiqZV&!{3^WZT5p;roGL{kb*frbI z5|XN$EBxL|k*S4Dk1J${=J=8z_%A(cv z^C2{vz$ZJ_7Cl(yUeNkDDaSS`+l8rF*$W-2;xCxm<6o`BB-!#~j3cBA&aT%f-e1h_ zzR5qhSHCmr{Qh;!Ld$Uumu$P^$SDZMd`E%`g+`E0F)U~)&a!RG85GUDHbSAPq0vxL z_Mm`SY-h)h4VGY0^jS2h=#E3C(8Fn7UK1L)vtoV^ItC8*@0hg(T;nc&lxZg2Fo-Fn zx|8fsFG7GMq`4P_or&BTFp&-=M`mM`G?H&_9&tmVOo4OQO%fkQJSqShBJuf_HUCL8 z)LGoQ)c>Fq2cgkQ)*!@vor~>{=YF(_CjD7ivuzM8yVW1+Ba9Odp1bx0G+^W*!2Y;&0YZ{3#lbym{bE2Rm|zv zxsb=!&KiRh?oL6aK-hG16>$B^*`7jEFrS%5;s{n*!ee)E_$p@PM*cQ4yBgXNW-8ni zlb23hal(=Q^8(r4$xc6LekvJIUp*N)j-@CLyUPr(EtRmt++Evzf@gI0s_bZq{bS9_ zPH{REYAS0H%lLM0^Lx)DJ)KQj!AbGK>M_@Dm$b>>J$wHDvCA=cu}9|=xAR^f?7!NO zTmt~MH9}r=ksD@we+_>7?KPv*$T_G=kv_e#?|Gf&zXZ&&v4?rSE zO@j#CdMPccyjLXUGU*(#BWj*Dyb+pz>y2J+K07=>8vdDRd`B@4Apy0p9RWZj0wF)A zmQ{n(e6s z9$lFIQSj*UgKV0}m5KqysSoUa{WnqW9~yN?m};@!#ngFWBzPsX;lSy@u(`RZl)Wsran`Zu9BA9p%<-{t=uYU2^&7l`lxFcbe)1K(lQ| z!c4#fPME0rjH5|z4e5LE)ZjpT{PJXGCmyQ~w8tku-;()mM%@;Ecr~r5LK8{Qx?eaD zikFEIL*sQAzeZ9#k>w=o)Y19lkazQsL6nNR2?R$Bp54e^^!_1G2J;wV&bghNp_!?^ zOuLJ*-n6mexRa>Bu|c-)_+gRti0CgqY@j~Ez%m_-WPf#=f=I@*?49^4>=NGqexfyA za6lLGG^jRD+Tn`L03JjAZ_|%8_#WMg8Y^36oo&Lg1GX~Uz7oK^ff1rXb4lESTUTZ) z-3E63N$!iEDL!A0KxVg`{>$3I8+7uc&G2LnxM=o|hS9Kp66v&gX!5a>NP0aqP&0cK zz{`(OYf12RjwgWDPhzPpGBO#^YRqC?>Yu;7zE}8nm1LShRc3s)0CDLgV5=VIEie3{ z&eSN&kQc*RW6zw99i(-?8ifmQQi>5Bc2~m91pNvsa)^5mAa2pYCn-oW$r=GxvUsm( zQ<}9}QAHskuHpP9J(-+wj_=3jl#zD|s+(p1#dx3&+la)=XiGu^KnF}ip--WCvV*>{ zz`;W>z^i(o_c)^49%33PRVna0Q!etZuxY0CB&S-3i?(zaHHnEVQ)^$7kzu<;ku88v zR^3%6Gsm}rPrcU6YBq`^1mi*TH&S=WFt!!`1~6EmLXT`^tWfMv_d0h0LlBD{BxmF{ zj1ek4a_>cz79Vw~sF{cbf@_R{uIhDl%&nim5zgl=4@m(4)c%9U0^?RZWrMS(?x*>J z-)%Me4X)-BR#T7gFnceQ)l+#c*&D^u#`6#~aTue-M_?{3d{@XrbM!-3rF)@U6G5dk z5U3bJ?IEEu1g_DZiW5bVHx%;nt6P4I*%fVl_@C92sgIw|3NCuT>WjIsAo|!*m^_+# zRr=j+vr?*`!0utOd;g6;L>D*#*(_AK`4XUtM7ZQu%n=D(&vxVyp_|9q&4Z?l*Aa*Q61h#Bn#ZZ>GId zdpehyU4P0PBZ_)N*GdN%mR(~tyX~o>F5erbdb4XNqG?MkI-UbOykaIEi;^#yh>HTb zxB#GXxLN7l>1OH{)I%<<`I|1~-(}yoiNrju+zQ=k%6v^6$p6kTfCo#WImo6=Yrr(mA|gYuF>%2h zcL=$qwzQ%CI6#-l%u+dex!uFJ(O=)g9`4^b_*eRKtelI$C2nOThX79h>=LnQ|FM)^ zn)u}bXk2PEz4%&2nmqED$H#1z?0$grPp=3vL*R#Q-ixl&R}XDWinh1?w!3~@kpxT> zc4Z5nw0snHz00+|pm8Iv;&=NReE&b|%_S2ozDd>xTAiE`=tVGmZbML zrf!o&Xn$YZr@0k0$D;3>$dCa4D$^YHlo=?{hVHtpCzq=Hey#4|y26@3+x*WL+dxLb z!RZ8Gk<_;H78ZR|!+?!?Odk}vxuF1k=U>v+E!Pu&i3cTbK41TUftWc*fqvgQ|4CVL znF-a8{$L}kVJj=6?K={}@LOY+&&X%M#*)73 zunuN0g(MFnnG-i%jUyQ7Vqd&?R zQ~fkDx~Xvp=R(}R1XTG)eCi0b&P!k=^L=5FfaDA7c}!FRWB-SS5+d;yP*$?wTjJ(K zj?`@PdAWvmiH5f+!u9$CB%mfvQ44nijZ?mi3g?fG3{W4r#GsdLNvL&nwKy5~1jQ=i zZ9LXaRIyXp_Rz2gR41#eJ^dK|C z4hBGohyVT+#NZ!f!=K6t^WFLy!4nuHQwi_}kbZXt|39OY$Y~zq6fuTnuQ)RX1U0k*3pe4%79e@&+<@BL&mWwn1wdwiJaKH= zZ)dQ&A!u?r?QL#R;>SGVsQLIg>=RRdc3`%aTskf{-~0wiV#lqr_g=p^P#Ldn)aYIC z15;o_P{?W}J}&^~8ig(SIa~3e)#jN5mFms}Ad;&#mtc7`9>kob zf-Cwz6y1ee(_b3~@Fg9i2Mie9A>EGd?$Uv@fRsq-Z=<9^2@w!ShjdBGMz?@~qyhp0 zA|e8!qI>uL1>3cK<6P%F_x&--rlR4XG{QYYM~3tYLWHu5nR+OjBOg!sK^=UcOHU=dTJYW8fb@u!}M7c53kyJ7panC$R;-;Rn*j$Jn8& zxKv9U@tH;#YUgYSnLm^h2XGI55u#G9+g(6nN;&bSu~gZUM+HJ_xuTQR;vDyQJb_p- zG?qhihsns5S(E3SduI~5cc(CwqwuJ^JnMIj8KyAjw|jVY=u%j%3q=w_xu_@=TPOm% zJK^=hzpfpHBNYJJZ@qeguOwNm&1lM0G_=(p=IzRLk&Cpnps5E#=Wpc+#%%2?;4FcF#NQU zds#Ky@NpqWob~V8!h@8n9_+u`haAaRdUPG=PbG{ROcF^cikhj@pfj};=vNf^TU1U{ z5br67b#SLD9tcX!0ZsrHkhDI3T0)9QUxF;4s9xw*{acPQf!}fLsUaAe`MW#Ggc9=VSQ|I6EniF4)>g`|ebp+7(tW!0h`$#d9^jdJNOP?tY zPZir4G6h*cwqi{B-o9$(ihW@R$zF8vru6C;D(+|Bf{IP|XZ-2k`7^l1+3kvMd$taC z&3?1D*IoJN&F3!cnaRL&-vMSzXodgNs?S4hPOm1S@W9w!h$}uH4{}x`umtpZf5F50 z>KRQ5)B&Ar#e@egtq*$Yr2|ULHy(Li42I#r>;Id1b=rI(98@!bblt1p5 zR&UJyQX|&a7=7BNl{QqTK<*GxQA+$$VURvtB@DPoZNKD<`y)T@K1|b>TN1Eyo@rYN*JiBlK3!8^&@ruo zan9NyXSH32g)$~MYbM?je-&>bTD<)!3oum8%{aF{e7fITUkO5W>|562PEgAvZF(nr z`fKE?dJ3*3BzO(h*H|rZ$l#k;$A5Wu*eE&b-rj@wO00Il#Ht ziC7GqdaM1n7ftip0WpUZUn((MveRe{+Q2{hJo+nq&4CuuM>CI}nPNgNN5xJni8m@v zK?V4<^VMLt=F0EUI+F({`c904@H17t@5TBTV*20fsuvl!zS2fbd|J*463;hMQ;2CzFI-!gpfA~LKQ`#!RNVY_%EuMZ2FOWE95cq%a< zOZI}2gHm$~{CaA0BZI02N9Fo^b9=MSS8a9R&x-de%H6*$g_xEv4R4)j)=vI@5D@?P z!)>ka8l(oJxP18Wci@^n_j1pRF|UVh=BNGD6K$?C<1@$e{VyCc0w$b3Y_Vt#kJ8RM z^}MIMwY^Hy^Hk!Ig{7Y}2D~x@Qg3J$Xxyy9gBl9o+D?!7Q@4gv_oW+EBerPrAAT~; zp8NXugR;@bdqkO!LC2r8-+(iNKI;AhVPS`QB}7E8zUEZ}e*fsJb>P?OMf^oSSiuskBXy`2yq5Xs1S@lr ze{1(%{o&~JVI})e#w4^fXqqPj04{CXD>$mVH8H<=G{N3|0!q^C@ z7HZ8FTSV@YUjop)lQoYQ!14NWyEE=+%vizQy+ac~#GTBmyXSxZZGi^PLH`Xvh~v+FYZ#XoLzWFQt zGXF9>bM(&~_#8QGMqDr_o(oYy#Uf){}`m2Dx zG9@ycn9iGY+fJLF> z>o?fNz#@@-N2P_?Z{fKd9lKq3`eNT5eYzsq*$p()=cyO^EvLJF@+FZV_!Mdq0)_&cV`5j zJiwVdkph#cx?FaP)&_}sl#cnIYAW}NH&B9fit6`OJ}X;|7;?Mpqu=jmxALWti(Tzd zUg`d(bMnk{%Xd2QcN`=)VSe77!03x7tleD-FI~U;4)ZCIErFY;G|Os#ARQn60{@P3 z_+R8}3*^6wSC3IQ@DIL@3dLRpF3F~=b-)BWPxxDfNP~w@wFG# zBk*c=`2nj^LZabAs@~^j^1fhB2^92p0pSnmG?CU95<*{E5OnZ4JH>38U)2%?4@Z%) zlKhK&kwNg~MWT$%sR32MNT%ZsK3|?ZPGT#SQr|$8%vFY3Q3TX{G)GXi+@|Kq#X#$Z zfZi&4G9vsKM(;O*Wk$U!_6(r3(E~T?;()$mM(~K&W*Ff&a zA?Gwah2CjHu1c75jQGBKg`~kfNZO92*bdPbNPcf+3q)1Jz{)isi7@w zO#x=KW(SH!(y%y+4APKUV%SA6hKafhhR!Xm>Fv6F3LXoNq)u^Ob;hSp`p`OD(FAf! zY);9>Q|1pctw(*^Wr}#Nh3tqn{%a&vQ$;EJD1dy|N)o2lTv@!&I7|eL-__f&k;$uh z%)KE9fj7TrqE*nt`ifbN2RNnx^7YPGI_R8h7_yg@^Rp{5YndnR=x8%A2xbE{HA#wL z1r7t9#>qmj201UQl@XZj5-5&9pA5-yJfsjvFVADl$3YG3Et_Z_;&uN1)|%|cikNo! z-j~2x1$h(7(_Uc7{hOn>NCb-O6(?x%J zK*fzGmVcM}lNbc_cm`o9R6E#W(|Wj7@UTQIXW}r{Kcv0pX!MaK#J$^qipddUDJd7P zWGInoj3=;ND#Q!pq=f54c7c061K2VNfwFgZqu9|}1Df*GvcB;Y`bjHk+^j8%SA!lJ zb#cwvr8HIrrHe;7pegf_{68v|WXDgR0rnExAC#6brbV&6LE)RdTc`+f**Mg$f#_71pB)+wZVqjd zCXs*I%>A@8+MKGtJ}B8PmT}mjS~UtS{tlM9n1}r+s?~1vn@VgWt#C?)M+4^>nW_#w zc3xU>`iAu?ZXZ5c@n@X#EoZEtQ;yVS4!8Q|w&gPNrhi20`tLWl=|P6M({YF`Cg?LO z8tCqO5*8)=y}l7crW&E(#E;v37M}2uF2J>AoZ2X#O^dA22KC9ud*U4Q{So8!pwfD zIbN4ukke3_%Gxb0^!r5r*}b1{CvN47;=Lc8u!A_E(4G^l>Sk~AhaVc{gSmC$AlU;| z1N4pHf<(4nD7+8)QMOkv63R`Q*rM)$O}AJxiD>~6_>)r&RvHv)vBE1YHXImfJXTlr zCZU(kJXt=R58Q~75^o0;!KjE#R3+IU+SZ#g{(Vo_@qlwNz;31wFBp8TzVSSsn7-a5 zp8{$F$m~YpmHC^&&)fPeo4Mhj)hX1yR~q!Y+yGQA3_&1AYOR7^8t4>%C`@Gi(cn6s zfus20RFRX4>r4Gv8Z!KL!xum~pVP3z(pkzfG{fWSLYU>u_d`%?pCTI-gi0#<_05|n2< zp=31e9?R6W0wl(;KF^ICdo?lQjN$3Z-)Z6K9GAeI^HN^ZtA9_si8MehQVXdX08p5! zbNu~uW9481yxus56I$<@z_Ck`+(0@MVp^6Q94KXCmeSI z-|%a+4+f(+hy!U%E=;B^dRlsW%n@(87yw1$1jiFwip*L+VKFWcLtjmE=46X@n%49l zb{v)F3T(3oONor46JZ&?O z-BEoxN}Usv#b$^tF)1N(`PcrvTIf-h0j$>Epe=frTMIRup_J3Dbuq}*TP4TX7$^hf zl%ab+UKW+KUzZw*IDQNxV=|~MCXr+K{eLbA`pVd?_GaAgvEqkPGAlQD zJ`pG_0sPc!A%TlhrKv132@gd__+ixC8bC~tf*aJ-G-(!89VifbHR-QsDx z_**N`0>4IUVjPjRtLAY7KeAw@Bpj92U(c4!q)yXNQ0L;IFh}(5U;81Nv#Eifx%K83 z!06x>hY0xLl&;w>*781(aV!4Ciw*6O=R9~Uf8f zTwoTK7V|Zr9r5+tFPshM=4|HH;`fwVSk@cvn+_hku|?YD^TjK_t6}iPa>=AkE-ZCA zmiSE#@q<8pr=6&l^?|vZzD;V1Y?;o(^_-^Z96X zsxo_u%Y@G!sAD+A`PclBOPnr?IBG=t(lu_T94q+feWjN*P|*&{RqHnX9lC zFl&joa|C%tsOz1YP}s!YCN11ot^hW>@xs|AET@>Oz4(3`Y-ek|FaQ#V0I+Puj~!X@ zQ4G}dHrm7{a4E+LzS($i0YLa#uqAH_+r@EryyH-ZVxgov_73lTu;-&n8Fa zfcP^%1JheT3(Ql=1NYaipsQ>LflW#h185;h(gJ}z@(@jmgx_27?bFRR)>u|NnuwCo zG9Ytxcw2@TRAE9X8G5*8W2hP>DXY^7Y$@P1N7Q+V<}=6?jus zZOK<{(O0FaZhT75OS{P{G_P&xA!!+=*Z}EgV`n8ic;q94t8e$foZN@YbRDr60+njk zWd6N24oDbzn8>UK4e)|kVG=Y&zzGpj&8|Si!Lq|6DS)}H11CUBSx`$R!TfTUZ6%+F z)M2n6&l7CXkf_P^1H*dit8{96BPpSc6*|re)yL21i!3Q?-tk}dlWPXg?jI7*xNR*&MuuOR6v^PWD&&$|Cu zartoi#O=?4pVVJ0kFpIk2{yW>`V@Yj;BsY@M4`ik;4!h3sok`rh&dm&e;K5 zWZw^@5^o_x7=_81l)if(K-G9cnC~S81H$!@*rUdfQscp|iV1?;?@va*Kd1y6eY@T1 z4B~&BVCP5@InM>}Z3?}eDGah3tP1@zz8{d%`7a?SN0Tk+OK8~_kc>s3`~9!lH=I@@ ze2lvMH7&#TgMthX$QZxRdCI!Jm0=km4#(o4lCdy_* zCiKqJe(VZ&1$Os+F?bxFc$r{V5zbNrWW(F+>Ia$MK11NmMmq@8K}#Pb)5QKO{4Jtk zdoNA(n759>|2FOC+n{Xmt58{m;Kf`16n?>S235y-5F*Dxppx?0t^ZEEDK1g>$TIIG zdEJg+Hn?OocpMgd>1{xs^D!)dg52;F$h#7u``$x9%^8IYH~blb0JzQfH}W_>FuV8D z^md}41DM(&-h62;`t^f{58AAo&L-DN1x3Kh+oP~TjR_79i`2W zzj5PP05W*&eKsiUHMAZQ!oU`lP5(GcIK;~!Lc`!!*!Z6ZD={(SF}b&+4AJ0uY*f&< z4Mf{U$Uqbd2egS$(5V3`VG?#De&QZOI^VwYwTwpqtecnTtZ6TP3tezOQdCchRxF6- z;R_t1C~MP_Y5ecu$~U>2$XpQo&)1YIly8Dv@(Gc}2TJ0OZ^6zrgvr&VAKjJyt|1&1 z)BN}WjywuS9_je6Z!F30$~{mzHiYX{(Z@%I4OZDlV&~xo4pgB zoA3Xm`74j}4w}ec`1$i4Q3beT70v`c8paDo5%wVy;t}@?6@uvU5BBhC3)*NTUzHK3=&+ z5a-pD4p;szj{#fgwFZ6ttq_m}f;isz)aulhS8usL&7LFFy`}ho@f)Q@$z17K`e4ih zy7e}Mmw-xx|KFaa#aoe*Sfni#R_KL=>Ff9u~Eh zptOw-xubx(9Hh^&OJav<1S~r-L0J;AeP3!M10gkLwg3Zm|1PV5h8ZDUj>?31m!SIN zed}PtNUlxlF6<|t>LubaBIA4xoTYJrBT1b8TYyn=9@4Aki6x5+KEf!dQkzP+tA(^T zhiWyJv@7(nj}FlLksouiRGGvXbQ(-#xP7^&SK$7Kw`%1-6J`4?dZ@XglTT5|zFvGe zdv10Dxs`9J?yLLCBBhNp`2fm}1f5w$@g-|x>Fwr%9aE+5s~vNV319x|)5zcE8lQ1( z{7TscS|B=sdQ?0wkivQw5H}4VL(0zqMrj;0Dg~P4P6?x;?vsLEd3$c%R4%Vf<;>*2 z?g3u12NU*2Z$H{L;NjFgel1x<6easiFAZ15vPDEB`MiwD6xwEC1scx-5+~KZ1++A#=FF#wf(YU&xcD@8h)rzTs*#ngzj0_nRlVQ!Ix%2Dw3q{jb;GnY&MW_9MG@bD5pr{u@my*3XQrYmizqO%YZh%a?pA9#l;e>XcbqHH5gU*%|6|U8 zKWJ$ro;~JbiOpS?=IhEFc33osx_}Y_IR+`1t-Z5+jJ)V23+U?AbI7v22YSARPc|NT z-0!;zW_v9&UAt#<)VJjGdj63ib za5%lQC(h|_sIr_l!f}`Qq4lrys}IxORb+DK+mhb6w+E4O$pmf()F;hs!ESj?6#5)Dw9n;Um5MQ9Qhhu;LO198{Bea zI092}98qj8ReXTvM{I~d1uBLf3#$|C#R{|<_kSir)k`Uyt_I29oI+WyXFOFf33~R} zn?KZ#jQ^?e12&(M$>x^Q1Ss1amZ6^v!rUp-0kg%wNsoNF z-_jZf;yMiKsCfQdV5SDYb|>RIy!s;(*Vq8A<5@eYwXYMDU&>%q^2vsJlXvrY7yxiz z8BQ|GEgE|aSfJ2qg0+LfMlzRI*oR{BH9^u=GM7`*k3A=}zKlMghEV7HiET2#t27k)0lB_kNG~mXyMuaX+KaJi(CrS%+00fn_ znazVyaw)SnOboR!<0!kj9bDH);0x5#w8m-`Y_@|41=+CiatdOr{wIxlza}50^F02E zyk#XU6%}`5B@Z|7T|_r9nQnh1IC}1G6Z$h*zqR*5x#IAL%SAl1j=C1j{;8*0g!ZuW zXa(1ia_}$t-c_I2d~y%buZBv!HmwKu)V+3Z6Vb1@|3>3LP#Fxc=bi0uh`zLy;WY6c ztxXaK&9ko2%JfiTLF2y1R<|3AIG4n*R49oyMfJJ)3)HdYffJrno};w;wdQUcE2oyFVNV0MBGmt^zLtQR z_s(Zr{^&qxs6#;_2eW#xlm zG7tnih0<5ZMQHfW4NxAM(Y$z8f@+?Jw#67l$In>Q#|p1ccj5*gcOMlI*};0{Yx37G}&b`nv)CSX0bv-zc& zz_~;qC7rS*p_CyIAdlE44@d@amb|$yD^isqE~F#fRC2L7MgUWlA+W~|_rNgSD9LGl=8H?a*)St}=PWYMF@fH0o+epjDNW-zb;Y}69F`aI-mNW6G z%Gvn8k@@=Fyw~8fCpY<&#Eb&jVsCf{9Dw<+n4>I>@*E-C0Jph@#JQPicmM%Zybjbw zav%vzrv#E)$NEs~3j-Td6iL^^pYUQFc~J-yfK48#b**(8f@N}qkTKt0rQGm4Uct$~ zq_qar)yAt2gRM?q7;sHjkHcCsKB|RJhAqk_o4**vF9V{lz_=!i{j*HbJ7zW!LFd;bicq-8?_%KD1kf}FsEgy~ z#vhdeIn;rSmS`qkAjdFd>>9Cb)Y4x$Q=%dLI zqvw+vC29f%3>x5H1v*N|d0;n|tHxz(B~HY&T(W+UVzSZzz8@D%h#IiS z=unI3s)e$F<@C^>d7VEOo2?ByAsfjWB&oB3UHnZUHJAIP=UekRv!PgK>;(kY`m*M_ zES~^tW#GTzzs#WGqNE;AY=F~>tWg%zvUukw5j@L4#tvQ+@FjN2; zwg8N#gS=<^CsBexWdN@h-tMS;g{3+~A3`oz9V%4~5Ww8@(+N-7NvDCj#_@%oA2>%( zGGy*(kG#0Nk1#rcP+^I?!Q+r<&D`-0u*!K{RJd)dwr8VOm67qj%7O5W57y=r#cx)$ z`5|$CjWaxvBq39Jcp`m_Yt0gzD_ znL-+$tUF+q0HkGdK?+2KCTn)Uw5Z^MqaHn&p@u4+L^{sJ4tw~+HiT|=(wos=6i1T31jsiqm zu-!I3;wlgNETbK%?2Eg9Ct5cp*R}?b0;Js7W@f>H&^7D@nMd{XynO!ZVq(Az0G0ev zIazguKBUr_=nvYsD^!f7L{(>fpwK`F;5~$^k>u(k>lePMzukFi<{UoO96w~!!zY;`c7poDaRl%ZO-0&N3RvnqYh)Kk8LgJ{V>3NC)GlqA0rpMYx z-CKui{RZB0e_nUyH-BX(usOtCQ?dq&*42<2awZ)X$OPOFYmm#FDJ@+cEPMQ*w@fUluD{l?8Kj&Ul=0vX}K z46Wa@oQFkKy$Qj$A9UXM^OYlHWzWL&rGCi{$|`ju^(Cn|7%w6~Yg5g_2c`RzbWt|* z3A(Rv6?{W#WfwU`DSvXk2>6V@$1_bcSzwUADEjX#fbO7)`Ed%DWlOJH2y68Ts~YCZ zqY!x74S>4Lw-wyi{Vxy~tfHfjj`_!G`1yek9mxB4f6Z9N!-+pv&HT~szg~yeY=XRj{u-mSIHDieG*>Kel6Dj^E*T(JUCZA;s zH|B=xOx}I(yH@^=nja5IumVdpHUKIwaql~|akAEbdw1u2GtNSFs&6PI@MW(xKQTXl zK*eiOFMp%$oMn_}P~E`dfW<|T+>I^&-MN*W2T+@25H5gjhgaKkwyWD6Wm1k!i{fj(}&FGa|9 zm8iw){9-6Fga8<&c0SK;!L1tmmkmyww_tJB8u+>a_&wSOZNnjL+4gOeS(6C^AE`rb zqusJBAYqqoo(y(RFSsRi8OUFegeQkHzrd_G)-Q1OOsXym`%^6rf$w_~CW@IQFPtM{ z*t%Uv1)eTI8>J2#H7r#qHWv(VNrBkCKggp7V(&&lAN*)sjZYr>zK#7{Fl1P}JkD(1 zwdv*hhxY@;J=X>eC)xGpuo^LQ$9rh={AjH%seK<6@s$o<28$=q&IWCBwIHAjC8Kza z$XKliJ&RR`P^F2#deE{@pqWAw|LfAS;1OS6Up`7`3C= zoSQ0IzW6?}zr8QN_fLW_pQZX8WYi@d7Fs+U;G5RFCLUNi^4=%=7FyJy|DHk}J-m)` zmC5`yoYa&s_A+8t_Z7$T(Px%)8h4fV3x@Z>E6f({KIS~WXP+8TJiAY$gERm3On->^ zQ}MC(w&7@D!8poR;?Il^LXxr)hxz?@CCI{a%oeoq$8A+j_Y-j&Wf}E!EuX9|-&M>Cx;VMJdiY z#UeYqT(!3TY7*+WSv)4*ZVAwROBuv_txLt#Ds z3`J}T!?b(>-mXidi#^*d%t2i@q{tBou9;aJxKCOcdKFAiMs!23xsZOkMucE~{V_ik z;>}8{$&WX&M@bheF=DS&XLW7N6a;}_8Y;$YK_=z5GFl8KyF1wnYV3()ZzDlqW=k#J z-nqFjiCEa}ISwwE^u+c0@yEG2zt6-`hO{qw3g%9xhRFA>f5dFzv}cm~4<7Z_a5{N? zWvFz%=SG*!u^3rdtrx41Z{%SmtGHT_7dVm5!3xis@_k;YD0X8VjH3W{eqCNye8=~C zBkUcQ0oP+x`8guyOdBQ>%|uh*)F=^aa9drv@Ad55@ps#gn2S(T>zg3&+)Y|(yDsJ= zhas|d3zLT#i!AqYu69CYtGUdZG05T@q*Vxlj>r40rD5W_%5qyiBy%wA_)}ul~74WBN-N ziV#lj*rffE8&(<|H)Y$gjQSx@)LBzsFZ#yngE0JLukuL2fG5n5kUdPh8uxfKY(@03 zo^!rYt`)kP+7iz*dXLuLkE!q;gkQbzBpu^Rj>zxu3JcMBQlU{A# zUP?>2E0a;W`I2TguV-t@3K*a3&2j&ASiwx>^9kI42$sIE+;ZI+_`Ltz_dFJ@bcHI} zf??HnWhuE}&dpbbDa!f$Tz&;1!R+!?QRc`HTdEodX~FUe(I4;1Tt z`OlmHpg^Edya*W9ll?u2Jz0vpup9x6nh!YfE{cvExp``xjYXXIZY5fx`L7*(#<7_c zFEXTKt<&SB?o>AxgE=dSexm~Xqp&xXHBT+dk@PW<8D_t{^;uMAbW5uFpQmTh%fVM^ z?1Mo{*TZTLVXQfIHL?Ix6{)sT4EDi&8YqKISv?8^_Yt?j_2m8C828mnj(Px3X_%qZMw5!f00~ z&{1;Z3PQhh@MfOL1kp?b#%JTi<}L_AHV_Kt%Fl(EIB336uDks4==IWtgdTtIb8%lyA(zVnTrbQ@v?1hm5X@ zPjjgHNl^k*8IJVd?+TiF+c8d`rV*>>yaFi$E8E2Qub<8M!K6 z5hun6*|ciAfp0lHU-jB&-#JTvmj9qd=^q@z59bWPIR<8&JFHxf*gRSllz*b0p=BO< z`}9b~qr&V=7(c!(#Ei{Xli zKwAKf(5JknMX~PA!8}^=0|-ZFg3rIe#_ofONvMQ-oE*?zBEcL3+le~}NgopW$olhj zm~4iAOg*1QV|mhm|d9*hN=csR;l+|s z#`(10Dp#$jTY|{WEmKP2=@DZl(h=7adJN(q@I%xZ&jcGO%}KKx)kqmWN^7`|APik$Kwr8z87 zr0Yx=@i}DAHKPC@9{8b|TJD+;3rs?+y1}af%YE1RLp!N^(^iHKImMv6D zt(E`UGx%)IVqvA}?~#$Baiw?_`DK1%+)+~`LieadqV`BT$MtSz$>dnjK?if=r9YM> zb&uuNwqrzD$p3{vFxz4l<`_?Bj$F0f0^e*NMgf_Hu+M%!hPcsWD)IQ?a=BW5=^GWg!yU=a5S48iS=1@0aNKr&9Ad=!Pl%1gdz_KAbyS#5PMPlCzbUl|-U>Z!=HhRSGTY zukcs77>a|;E7AbbiQ+o>Evb<6w(>Uh~TBu!v*fNkJ-jI=qhA(6Q$2m6wE*M$!5KbE@j=B z7<1$=vAWZgHYnip zA??Uu8}(1=+CTsa+* z63N8lWNuM@QrcQ;mp1_E*QcFObtH;p3VP#hOy$JD2=`%#rDh8YVGSpc3Y;WGt=Yn# zI5@|BdxRmgMMKN*P*+M5U!1^CYnXWud)^cs(Pcrfc7}>{?gg3J-{N!Q3l$DCMzVgiU1dBQc9QA5&G`e?Eci)OJ_y@3k9hE#8Vbjp?w62&op2*Iz&8f z9Yeq3X-ZW{I?5R}pLWDDa6Fc^CR};wCHZ3*09Wk8NLQKJd9g=5LH_-{7@D3_pR1%LxaUZOG(s zMuS`QL;j(53s;hO#3wS3wB?UHx3qOSM!he*-_3J0C^6P^a*!#ReXrZ~-u9hS7iVeM+~bBmerD%*_*&e4$HVUe$b)fYXy(`LKfv=CG7y$l9mssyO6Tl*hJ9-dGQVmD*}< z=NLET+O^1w{A}w}&AE`e*XMh2|C(Ci#Uxh=FGm+auXW5!IBs6#8@p87JX%kP@q}5} zV|!)BEppjBX)Ubve@Lj*McyRd z^?8VmhL~aEImowEMo-~;`;FeoM2*cKMm#pg)wXsanRXrSY>q4kigKE_Iye{SbFSWL z4Sk`s(&h34b9M0wRmQf3y97 z4cyO0f(Aj%nzdE!-Iz5iwYM0pQ502GGxjFbrfsM_V{Z*=)1uUFLuu`*uP)Vk-1oVk zbDs13134%8<&*QduIv3`u3TVvBaKQfLF0hT@Eq(7pps`hx|DphMy9o&hr*(`vi;eh zKss7yD2NwoKQ7cgMAZzSH#Aa(n&`FgF=yfaV3R-3@vXWI6yV5eV0rZ~W(IWa>OS9a zwSlm=_0~G_GL;&)q3$=i%x`XYi5IW z?bgoB)|c}jPyoLIdovJwNl>Q0)9%Q@Is;jhe==|nxGNlWa<{?sZs$BVLDB+||4SSm ztt1a^?%5E(-cov`+W4N$qlDfq{XQ6>PlZ4>@xUhK4NA-{uCxa%2f-re^a~Z7Z~V6w zf5JIyGJ8%`=rs&=|8L~^2J)dx2o06nr*^-)n|>`?K9w3%-fuU!Sp!nG4H}P`z5Q7@ z2NdsU*tNA`@0>pLjDq4e7?KAVf^K-kS*G|Qtnz~#p5X54I-?ZD;mJ69@1H^23to*s zm<|>mM?N-3(7}v&zwnvGzMRL2yi+e>4Y_!=Xz&u~_QF|4El5V@zqm=U^;lo_5g&%> z!)p!TxY?fut~WT)B`jXk{>yoA{zYq^EY|)K@mCuhdmW0IW|2P?P}byRwVw<)UU=ZF zmK-5!fhX@557M4;bbLDkJ#e{rxA|P~tVVvNL0;^b=RPoHW(Qm@?fgwZ=3F<}z^*M} z+@HPQKgvxBuv{h~h424OnWk0;G9_%_3fMT4OmKJVVM%0#^9;YrPH4^vxe2vT;yJq98eKX6bw0V` zFT^i>-q0!rzms{@D&PT#ktdI#d4nTZgKf@KVlgXQOM}L|fW=yg*<6F!BZ|p9ib<7~ z<(~o^mj9`f|E_sOo=#NWJH=#EGF=>--p9`T0*#mq^VRGpq!Yzh|D%GEC+b5@7L{Fv zVvnUI%w)#%5@?h{>Yoq}&0ygT(pSEzfi2Z%l~`m7^sP7a1s-ehnsR3Iq6k2?6B`NR zjfiiH+8G;YYa5~`ZyyjvQj8N*Sm1N4@7fmOwqNnQCe`Ly&c z=^Dxsu>ja5d->uCj^R$F$&&O%W9v83mN4cnw?`pDO|5P=%3nmy8vSn@7_(dGC_Y)X zR9-Vu;Q?k}|6R3UTAgWDoe5O>`=rLE0BZrnH?7=b4PgZ`|7PJ$(;sLX?oRgeVbB{W z-C%wj|2r~SDV=5kta|qH>Ad&~2w?=2&a-9Hw&vh_s(#V^q<*=Pp}nXDeDe|emmp_Y zbrJ4iwE9&Qg9MFgUOSF{U}AVDi>rUQchmENvzEoszVEC=aCeO{2TRENUx{Se-8XdB zp(y*JS9c$OJ>bcK10ZJf9V)jvCYhN0$Q_Y(#&0yKvjEK5XPvi#yX?9PUAu9=yVtH2 zG({eDHz`%VkUeMrQ;<`_eo+H#E)Pta?Rox0gA*;oa%jVbJypDu-S^EZ*%(EH7LGC~ zr#NfS02Bk`zDcg*Q9p`M^Vo5@%LQScmj*-##J=7?Z=3#d^AO0SxPf3%ZQxJ^?g6Nz zfNWb2(bqVo#m*aBfNQ?NSwsFlf>+*5HmVn_CP)-yjpx4BS$bXTJoUYIYJpLGfrB|+ zWyb$}ujoKFq=8|c`dk3DFtF7iQSp3kjiP$@Mbe%#2}5PMxBcGf#( za{f9^1r=Mu9vjtik!B}xg{!9eZ%dp8y1i|dD#X2d$9XevrTV_TU5TyxgZ57%+^dzrtE^meP1fkcRmmHFhq8*_9a2nX zp1oQp+lb=Um)F-H^ovm(IyflWcS<@A)d~zNsmI8uO&Put8_rd(o-6-`!v8K({X^b= z)>MwFo>qO4$-60{9@)Xolo*8;<*t5Ey#G)>Qb;}WR_JK0E%8ea+8WPv`$NA2&1+dd z`vt-)haQI87~sVo5du>^^W*;V$g#tWH;1`6{cGRAf6rLsHTc}uKjsxZ8EW!|_80#R zxrA;%hBCf=4Ua@_JN_3ok?U)b>ZwXHw$<8 z*l^!?O4HHT2vjhUHW{-nV%-I}_zZoOuY|wH?+k63EW6AG;f{AQ)xY%D50-y8A1P?c zQ8~dbu{=3z*myS#UjI*SwIz-h?PvMd_^P|f&B%x62Z(O%|5(2pzW8fXKm#iL(bT;P z+??g-6AC`|m>)~yQjxS5Z`DekFTIm;K>1}lh#vuSs)U^G2$hXx3K-@JU;y}u9C0g0 z{N?378Yp{lf2G$`ChAR*^5e}qk!os$*-$b)Q>8?;X}N9zyH1U)ZL9yMQW0jWK+iev z*=GOmg~l9~FLi5~Ep#o574Ld$HCe#lbf|^?nmTeBs^ZAY7z>4alQ|x+4s?R=rm zf#rLRc->?!xK9bl3u#bQ7$5LvmkJn|K99L^M^Q5-F=9@j_=V276dIvUh^o3G9y`Yu zG$i{t+qA25sZ_)-KibvY+-8BF@On&V$}xtfCGW{tcEXlZXjfix)~NM=i`hx#(t>s2 zP$sAF?v=%>;y;0k1cbA)z^pJz;$&INm-Ov5EwTdUe(UjV4pW0p2Lyoa&d%KGi%5DZ z&I>S3mohITq@3Qy?T_ZW*_4O1-K%S_^RWZdN_iJKIJt-;M>NNt{`Qg0QQGQ5upxrU`mc%zo#!bXGHR2}W|C3l!ups#2a! z=hf&nq}@2gcGr}J`v1uZa(H}&#m4Q%-$ezZVc`<({D~gqokCw8`fx1~*~!jng{#NE zidFuj#USoXY3hF7boFhWvA}7BkR4cc%A{*M`n&B1$jy6UHt*s2hi01*Mr#eq1^F!t zcUALuiWpV55`}m4qj1R}1{c%RD5SGStf2-x5unCbM>dx0;eONXo^|MNLet{+nsp>$ z5cMw}q=Sz!ZRUOEjPz9XzmXBN8BJqO(ou0iFb~hS*PJgmM%0yZN&QNA?fUDk)Bu|H z3AUti@RESYRH;9TB1>d7vh1=O3V{? z(rKu~*&~Z6Ya$)q(yK#*X#!R*LbYsmA z5tDl3uFd==^lH{MR%@wLbf5;x5jP?eLg2sey{%`tnfTzG0(@8}2xr1VCCJWs>c>D9 z5-y4PJA?NDM+IFdy2qM}(FZkzV9JhVy%0&#*Mq=<_k=;!0`Ne459stLgGx$#! z0#DJK<0!zJsGES-Y#d({t-1pQb2{S~@3~Bdxkv&F6o=Si0a&~(5H=t?JTMa=>)lvNcAlz7Dz`FbR>5_6gzv-;jK(Y+OB_9PaFvAB_Cb=IH3RSI z$|)PCd~UGhYC}jES<>DLe#p@17i-NVeLKgJR1Dg9jrfI;DQsX2J%M1vtWFZKs=NTq z;r-7Cf)Fw5Qk^i=NbuGii*>4~d7AT_UfG@&U-uX8$Ic*~wr+uY0tPP-(jdO1eC^XB#0n)?1?>{iuvMZ`f0b1Y(q=Glp zPhvNd2KaNrq=jMfVl=zLrD4mHlT#Bt!G?nY6 z9D19$BFm6YJ%fj#uQJ$OnQ3pA>+^BguVK6`Ozargrs;%>;~~}>2>~{~!h{L?;kj+e zDZhA`{A||0OL1&QBrjcw0|#X2&z|wbhNmN|c|%n$MIFdt(aTq{W<0gYzQ=r8dx*5f zks#_n+h6Vdi&mf0p$G7cUM7jOReVG~lo37DAd(ihc}xPP&abpU%N!QJ|R&DXidOtysh zmLjTx#3o_B+h#1_b|w#|$d6kCMeVw=nCDLoXz^Qoh{7>iEWTt~>y@_3vQ3zT|(o^P880sV3hej$gua(#wA3 z%ZP7K%k-|#!#_+PS>&h`am#exIHsHh2$OB*(FAs+ms^@sgjSlNneld%8$O!qEN$O@ zzi_cH_o)FKc~C6SOCC;wh(;^iOcYa=zCf7_S9FCgryBg}UV45y++!S&nR32Ws26u_ zi*n+5^Rrbk_W8z$H9Q0Y<1mA#e+TO%eFnKdaA$BWRgp?kR*7 zlNOuOA5Gl4W7FYpG;{X@%!`qTe}TOSO7v$<@K?y?iOMgft009lLB)$PFvc<-A%g4Y zpU}5i5no#)m^A}WI(Py2z*8$6$`7V9qcXAR&&OAt|KY-KA6am2Uh%4%F69Awt8(YL0afOG_fUSh6O(jZa=1_N@Bl z{Wvj!5gVStpc>&pgGXN^GFxLZu(XOWMTzo6$z$pVB!HD-(oyCC+44rtjOl+vWx{ zJkSiiRHSJ}=ogJ?MHA8dr0z;UMTJYkxA?^|#AI7q&ZFc+$4>slx4>LIF#h+ZNB=83Mz zC)AA*=ynMo+wt4FuuNWL2A&4+6a`I6q$|l}F*g{7~2Qb%<7aNBF zldd+S;d0{_Zo|h{E!}PQnmjkho<5TghgT)oiDV~~KtfRb64EfMvTV9cS4Pw|uHTs> z)PelfX6Cz8(8Y}Y?@%}?$KI5+2bg<9Be{GG!g=gmpP%bhfafCvr7GbW$GH(LLau)B z5+&Wb9BJoL2y2;+iWG2%D(8+;C}Y;;C_6vKGsjv#{t*$7$)lRirfNLmcIP-h@s7WJ zP_D}E-D+x=EwtCANtnlrOeoyZ=76UoP6e5_s%c%Tn3u$O2;h972r z_rloM@0m@j4&@fC@n`lWxY)SMa820nvr^G3768mDpIq`>nHN!jDHSv*b;p6MNp8s3 zrKi=HA5UI5Xx@G5dH3z-7wd~~BflWWpa4@IDEt`ob{VcUK~wb@RNAF4A(x#&rZG>1 z)ajQnE9cBJQiWlj^Z93eQM$!zd+XX>`QKBMYku+A`O*+ZxPeqM->3Wx-Quhu|0zlU z0A$CJ5Ww#KSRN04OJm28NDSSirn})z5kk62l_^WveY7btr4h=A0pIm2x3&e?8r-5* zD0SK^|A(rOB9$Vyc#*Q)=`bc~FaID#7fu|TQcZ!9myMQas=h1Rn=Z)s(`Q=x7my4R zI98Nyj*@7(l$YdH!s8#BVZaEODd9dV8DJ>Q4XM6BS?3ZF6Mz@rY-p$2;s^foaJ(Gb z5eo8V;kiINEqKGA2iSC`7|6$CNGb!(rr_q`U7~akkicH{a??Gh!5Upr>$=f1CVK?O5-0)i6yep2%)4YQ+dIa(sP@bgg(Wp5y;5@3le<1WQ$(I~bXR2lyvnPQqa@DLae86!j;E!7zi z%}8BLZl5Ge7|P+UM@E5NGpy<3SXbs z4kR*`T(Wss%4lNqXa;7i9S)tNkS-7n>g+JPwc*tNpjrS3H>odhuJ5kBgh*|(r#K%0 zK~>^+wMRsCrl(*grS(bJ*ltZ!qRUti6$CVKQ5;h|`b4$r!3^j+0Gd=>tJOW(qDrhs z3}F&r+)^NZ0I1cS+)^?g7yu|f7|&~=z4WxxST_sRDP;C-?2&fR*i(Vqj`W7>gg!3Q6TR7%?^V_OU78f_CPn z22S$^H!_xF2!B?6Flww?rf*cWwKlOHR*UkP#Ukx6#$z3#Zypex8tr5}2yaH$fL3^r zK;M+GbC#L$LPzEtrDyI{6Iq?}qCH)Il(DveeA1FPKqEgrW2DT8`~%ukoz)8)b32B~ zA4B#y=eG{td_8}d=?!?g29l5h{ZgG{G@Wa|vk>R70ACx|&s)-DLTS*vdhn-Sw4&p# z@vCjsu`TafQzXRaaJ1sSd#M<4e`+}q1jQT=I;c`1q=4avi&jYRgz8A7`%;Tf76iZa zH*w)pi_%Rp$XqpB1JR((+0?;4OXsk>F8-$YuPNvRWP$_3kq~uJsHSn%k@pIvVC5Eh zB_i!DX*#aicy*&bwViIdU~F8Jjx&vmMm*USgLoEXKdHuL7qmW;YrHbiw-%oYmPf+& z#OdB0PWm{ks9DNDk1wFCe?a%A*Ad4nDK%Iz|Hb#{_LE`C*)LB)a6Gt&^Ap;5<-zeF zp9e*eFnJwIqkOc;N_dOqT2-Lkst;V)`D>>0!R`weAD1YNEEaZ83PB-liF{9AId6|! zvNZtAo^nx`xIT*Zm+7fiUHAJ~sy6%e;2AU`-?QPfvO4I#AJpZXz4gYI2JsG-> zogw{SaCopc`2zfrLLKuj-PvX5<|>B16{6zvQEPfSOTDT!>`iX}o5B1DK^(Za;d6K& zEOF)&6XTZv$GyNed({n>zhkK&A4CrOtc!@ar!zQYH-Ju+uF!@g`;MO7pS-@Xzg;&` zDgo^hg<_;qcNM_9#gwkzPwR*4J@@9`9U1(yKWs1C3+iu_vV(XMz+QfcF03YBljAY7RZofJD zs&q~0%?+E?a!ou~2@5A2!|5MbTAA;&6_^?zYqxz31P(BI84YOK?|EEbPv{%b-=1-n zo&5fAiGkvPi8B=X2*v`{|CY5r1WT$bKG=w8etvOgA^@OyONKXMHMMS@T5Av9YdbY^ z`f1ddS)T(kB!RR4oq`6lxjs%SDSuZc0#1X!bDlz(W_JJl`;0STl)m}n(WAY^{x2Sl zzj^lByqzF-0W^Jp(-tX2Ndck@St#)6**hDZz?-L%I7`dZ$|olofhgsCD6OFYjOpFC*2@+bJ!X-8x&xOBhI>6hWmLjbVcLhPC;tuN`$ zg);^iPshQI_rPhS7^r|OyqukZg9#?xghT%&1}Yd01bTmX zU10X*_H(uHO%zfV7-yuZC$(akGFxiZ$f6NFp+|RxyRyzv?a|<@WrJjCCxtz3%(~ey zH}$*0Ywu)~_LAhX1`LjhF%8^VA`zpt`k{R6$5K(7!z}#De&_kW$a76v=X$PVopq73$cYM`KgaX<;zLheLusCCcZ>QRv2cK+DyUUNWorYZeP|-{<%VqH3$SNH~@jahc-JQAoe&5~X8 z*(5*!^3J!1rO+DCn}NhI4F6~8)-*hMTbWq#;~wNtZ8kCaEnEicI($h*M(xSzRY=E( z%B9!QDQqBBx7+KZA4(at+Vi+1blLK1A<+G3TnXLZWa>1sBXul^fgm;e5@iwCWUR2R zngn3;EPGe^6NF9^emVbZcC?(Gh9vqS+1rf)l6BVc;vd-AZzS zT~|0jl2|~?&Iv4djLbCny*9B-!Rqcp@6-8O8OvwhoTB|Qbvy&<7k9j!b+UCTnrk}D zf^lh?H=$bt?R-9$d#8Zu8M--PGbx1RHj!YM99toSAEJk{4Kk%%I|ek#UIh~^9xb*V z2!P$K$I+aNv8#&RGUG?5} zyE%=5@KuS^n-cQCxJYN94f7nHn#4~D6mI4$=mK|`2O;7k_%hZaohNZr3Vg z4zi+#p)!L0m;y*@tygH|wy>=i--!*pOjXeKDKuu*YZKxKl|OE?rl{cxq;*x z6*ON8-FbHNYMucHEC-|6cn9<$P|93)!3A7uI>*L`Cd2I*~k@-qA(<;-;tYz>5|% zQR-mZ2<;mhaBf5QM}~;u_l&PlWs;KDv1HcMQIQ&(=@6hc?_#?Z`NzQ<$9p?E5~eLE z*EE;tb_%nYH81I=!;J4l%!?Rhbj{huWt_D1&Aib?uqfpGdYp;<0^r+g%^$&y)ZW%Q zwBc?;>KijG(sjf1;W;gC%OwiqMT}+f=)4^rx+IbvA8Ok}`fx)ZU~ZoQK;toti6toc z{RO(d9UZo_F|4xI3ft3MSuch=@Omx2{A`cGYj0+=gj_M$<0Uq=hLah-p zYvn8T(n=t3WUIO<(~S%i$Q*lB>oAwQ&qoHMNt1-N8D~fIqdJ*9< zs7o2-@lF|r+2vlGbmu^P z%;_vRvRz50eJ=1g1=00Oe~=LrNEGtP0R|>vn?$mO=zTm)CTLJFbB$+r6@gdg7qhJZ z2JR|`cR#Gnjr~ar)Y`hkWRO!h2d8B!p(Unj(RCU^bQ@?Tm+UQ-M2$WB?ou_$?%f%E z_o_VC!U5*7XExl0jSo4z=Ft33@@H`TSSA@-_j>6OB7f5br`7yY$dJt1nutiDKjKFQ6n*m{+cp%8$*dqh`_mb zBTSrblwxCii89qj8n(FKfvcI{c{!9Dz-d&bh@~ME@ zpmQ7KU89(gsk0dmVic(u*^1|MA!>lb3~aVv;E!%F=8C+x0x|zQtQ;v#mG1tC_Dt2+ zBv3VUx<-4Rc;L$)432;D+zgL;?PI9?y9~@;#=cWyPQMrBAd-8*v(K6&@3mj*Lb@~? z-&f;y3*h(mstaw|*@l{K@c{7N^>-{41wHHCnZ_Xf`E?bnt4oVI0Nb1e` z{AX}MV)aq^5I3nh_t*ff6%mzO$xg;TCiA^GlvC9&pyS{UC-*4{)M$fs{tslA z3cT^!OPd|nC0lkM2h?^A!}Y)e*8F2n-xu-tZm$Oo(HYa9ZcT{x)P2|S=P4P5m`UIs zvdEv$9KN}d^2dqoQMiVzmIq%w&wZ`;f1$xA(FcLFprnfg5FB3J@twlXa2!YFcpB>i zbpqt*(i5~LyS9|7{t9ylm>ZpbE`A(wqxjY+k0`Zwz`!+X9)NDqyN6fzLueyMxf3Yh z`UAj5r-C-XTTm^^7s@Pttc4<&aCdchrD_bGOx@hjfC>gms(sOQqCH_n_%Ucua|K@2 zq_(mj;KtRAZiIxJh24nT_a}T+hggrk3OKS$IU0c6BBn?&!?Sr|0`I6PvOIT`{BugE zgE$zEMezjhCk-Kcj9iQ?$f!%uFcjT8$R*#Y@gvqG3@P=Ivx1;bO(29h1YgB%jSj+Q zq9QId@l`0+K2SCV0q1!RsAQl^8i<0t-CqM;BvALVD`P{Ds_zQ^;@=;X= zCrAeBg?%z}qPdf=$=ptgyB^C+L{j*Zi1!~Vs1BlosA;yBJ@n)b*63IPszn1g(%-Gx zGb+Tv;PF6e=S~XO2}VaWhylbki2pU8pmxHr6&@D-k@b%@mGY^6syQEqHu)im9rP99 zHa0*%i~&huOF&OrdFxRWAcyc}c$}nBS0N;}=WLWgYYISK=B7jPsT#=_6;KaC%xEhgL_MfZ1VhfJR&$do=xR2wor`;mqQ4(P z;0t1GqIN-2UD!j= z{;I%hSy~o7X-|c)4^0w8@U_o;R2J4_y^`5+ZNr6_^WjZGr{c)3gKKVi`;>j<;O=MN zn+g}E*3XQrFLD@yV^FroFsVjf26pua)4uW4vAqvs@csat`Te`sUAn3y4w`Rulj2!3 zct9@P`!Np=aNJDB1NYywW>hA8R(NoPU?70l9Q{lLKiUlWY`e2ec|)|dm&1k8r(7U9 z;15vu%+}Kvr2~UIa<3IZm7FrMLTWf;4!d{HRs$@z)U7kST<{{P!$}XvL=* zD~we^ZIzvP@%hwdgohkoD)~4f{sB-cnjA9v*USE;U4b=twt*RhSCQ?WWmx)_e`p-= zfPQxA!$t9_f{X)R$@{2g1|f%v#zo=pqp#EqgZWr|{bGcQH*`r+v|;`DXMY}UqB`Wf zd6mZP8;w43DCmtcWhQf&L?VhkuC&*P^p1oL*RGjJe0tY)oRYrfKpuVwcW|pg% z3>Cg(%+IpbKEmkyKI=!;M+pF)E5YwckW{Sq7>xKKVe#}m>jl6#^6$u_7TK69wF?Zz zTnzNDhOW!4sl{Klca{d6y-A~(bQh_Ad3@!YM&6rkiJxNm;Z9>8q4c|TwMu{_1=Si1HQ5ziqiYf>sq5ovUxWKwr4u*H3ba-Lfc=9zI}$L$mJ0ciYD+OU^FtT5BeTl^rvERBNPnU0nG^qD;fsN# zR3Poo@Iclm^BH4nVc=3;xcyihn{dSZwRm=qkoos`R*3rg4@biUBf%x!-9=sp7y!u= z{x{pt=@{qoC^ED&RNW)yX+`7}Wa5ZkYRb=)$el8hU8EhS%^CJW^2p$SHbTbJ+w zbHJ~R0~qkRwT%|Y-=X8tE9=y=(FD=Qsq{866IH1xj~!r@fB+JW5dkvyD=|*U`w9Wd zM^5CxL3K!RF{9VyUIr`*f&j^oy9>$?pgbU?nc+_s9i04diB)oS7L_7cszc9 z`|{!>9|B0^0rBA=mDzZaj#TBu9F<=L3!9kJiWsshWSJUlIg=VdfS{A0mms5it|v4X zY6$>KQL-$hvM$j=t)GeU9)6A0Y1e<#*k2+QCE;Ogey@_AMl9pqgQ4ix$#shN6KwKl zL{bFDppj&#$c}V6O@S^2=S2212gE{vne-P*&&>)Vi>p0plhhc9;6ka~mo{1YWQY+S znoKP0t-1%bq`C$u3g7|x?&hu~I>3YieV^oAuXfWPi34X69ns0uD{2Z!#jIt;llmp@ z9!A!vXY7S~yqIUV3E4b*c8q`mAM&#msvL8+M7gCH)J*ACb*bp%n9$C9%8H&&B%t#X z+G=8^mOIFj0I4QJG6|5EzZ0{9Ty1zDm&UOaiRRyKE=j2nyaJOJ1d(XK0mn4KNkoH+ za284y?Fx~RT)y%%FEUAk3y-v#fug!geAz+ZZ}Gg!l^ueYllJU2HnZ4{7z;80g+;0^ zm7>U{QNl>e-4t2HmtH|RuP;2nMg%ya5MC_;(Imb2whS*u(v<2~cPgbDoE2WKUKSzK ztdbF>o=|@gpff%%fS6_*Ld2bwOBJ|%L07yQFPC$#i1gHOw=H2|2gPLS4J2m_)#RuA zrs^n{d*N5fhm{#%f{{lmEu`u%Q!0`nsbXF^1J*CUe{qdisZ_V7f|F=64azjJSyFgt zF&UD7X@L=`EpZ@CER`mq3=1!^#uX|PAj-$7%D9@|-&tFyFitY?0VNBzkwsPO)@1u| zN3o)_#;tor&1fEyrrX3aUt&)x{@9Wq^R4Of-06IY*M0`FpkJx4Peq_9u$(bo`joAv zSdYTg)8a#~U)Z*UDn6I*A;h8q5y`1na9|9)x>&0E<{rElP+dc)7RN)sd4aHq8f!eF zlK`>oq2Ziq{A)`}tpal%XF)mIoefD&JwU4a?Fhr#wq&9sdlRD=Fmf3Zpwba2*1_D` zG})D}Bht**({aE6iljh|k4uFAWISJj5xQKj;MID@O5fQ+W4c?mXfoARy405H`^IAA zx&g|7>IP!w$ys3ov9*TOT6~$gA!bSusq6k%Q$&lrFd`+s?MwvQkwB9`U60r~o_3fD z$!>x~ZHV;R&(hPaK;8#FO*4?K8r9#Qb zp5~sOnO{9yWu$H~=*f6bKcbgTtd~l(Hniq z@c@ojO9?40GGjv{!46T@(BCQ01^{hkO1H@r$U>Z)i63_1Y*+Rp+Z)|(wk5eu^|;xS z>QzaeDYYIcBi^*5z1~j(R7V48`yPoQAN355PK=J)XGiwr2PlvIjw}7B|2qG?e$Q?k zvD~km8k(j0JX*O0!jPFW2}t!$Ef(*#M$){T0%am;%8Z8d{U%QIVfB%YMreKRdCI2h8^ObujZex+7X^?i&v)iipyC;L^W-~D z9x9jGHu{4$*q@$1MsK&W+b-%z?Q8Simltldqqz#82ZR|6;kG3m1lhM>zrOIWcJ$i) z!E2nLgAK@h_3UL=--Z|ob8d+-0Pd+&frzQAoK@=LUD;uMy=+{cM3|eZf(p1IhK?wZ2a%<^6yTRNosZw_kZ#>7jVntD?t&q-lwoMXXrkeo;T+ z&mzNbz(m@dmR_oAqU%Kx^peRW0TBNtA%!#RoEOJra8wU2Ww~>|=d5ntZnDibdy z0j}|0V_;6m+L&7XczC@?VM}rG+KtJ6QKff{Pu?uiAxcvxX0Op*nOfdT>uIzl*>nT< z`aZ}ufWf>ZFkJ;W+(i13iCOrq~YhL_eVfSWR++KiqlxfMY}^~R1GPZ-r3 zC-f#{8m+B!t_9Wiv(UGN)%Wur622DA%=4tD6mBRlSM1 z5}!z^!;(i?k`3iM>y0zkpNt)LjC>|9F19}f6n}h9Twx*tm{DdLz8~=dqjqUqdXf~k z^{sgkWC(J*#{#JQt6$A~`k_Qu(E7Cc)T)c)29Eo)D|eO3!QAz}IrUBe2N7yZ$+E_G z_xo-xbA71+R8yr+xJ(U4+@7rGdD|lP;cqW+axY7>uSf1fW1R2g{d1Vw?b}a}b~pfr zNGeml1rUVSOsn7Ul2~=(dJpc;HzqAa)9%48hw&eVX#MuAed}x9%njG~hyMK<*0-kK zyGP-CBQrVn2nTf|yy^e9Z!mNGkh`o9J2LW*tS!-Q1YiwvT>jphIOAI>?btK#cu4Fs zWDFZ{pFDg@ugAetsC7%zPS8~PA_L5XJNokcs9Ej(-M>^{kD$K}`|d;lBB~OEd=~L) zYt8B#H6OO?|9uUaUNpS=3VL&TWT)^9@x|Y9b46kzQ+fGr9ZlHLvVlZ9!s&;NYR~jh zmZPY9ol%c$L~L9{d4licceNu766k|0*ZPw4fakv`9#h$iTW4Iep#G-2)A^vNkB)#n z2o~Uw7o&60LJ7SS=MZWm_Xk9%ELV|A!->7z5kFgbPA8Ww&wp~r zzuV1*yMZ5Lod(fmgL?gjOc&(A_Ha-2+^=ehUx&EHa~eO~_?nkwv>-_fg~+udt)$ijRneYqJPCK1lS9SV74S}5^BSsS0(tjll|9rNB2ZeS3` zWvXq!Cajaff|k0SKA$OF&Wz@hp9(X3cMnl4;dl_}Ih;((0Uw*M()bL$Q|e}Glutq> zvQ`=YJKta&q=D7({yRMeLB=50(STGzyY~k+t)2^f!lco|%OuSf3`r(8;JX5$^KJL@ z2A#-J7tfXcQ+QV(8V&t8y{d>`r%L~_QqQNI$Sf_6?TQGx_{o zG_Pf4=?O3dECKw%7gV0G>$YyC{=B0FJa%8>H{Ml7)A5C#W$XWEd|asXs2^if49|hW zBgFmpSv=EN9sSkgR$TY4)>_?A+?Xq?wW`XSe^cpn6|j2b_i18%Qt_)}|Cy-~$q3GQ zOzuC1tEf2{(>_$j3)$&wI zl&Glowx+G_>IFe73S%Bk%N6gc$xiR)Dm=pCuqC0J_Pj_xIi;*~Hd$Fzcmu)Vhul^A zRENcYGE~`{^@<${eB(;=iU2xwuly4$QUBv)k&|AjjFg(*-if684`Od=WM3Lj;?GY% zz18SjOMcqW-;FTBkZB>QQQh?CDfUW#)(oZPd9(MUL~%Ia(>I!C*)((oGqFs9SmzSv zYr^caL;-nBdc`|g#;TDhPmX{X1<}4LWj2F)Vl)?XuojS``FP2dUwH=uvc4I8yZeh< z{?KJ=U$GP>zl7afWRLI|5G$U1SyO`yalAhDvwOb;=$XQec%@eN?7l-E3PrvR_|2XN zRH;?Ju=0Y8KYOY%4)UAYz)m@Ljmtrfj$WM-+qvgojL{T?txye^o65Fk+V>-Jso>YU32_3O0>w*DG-dCl}QA3nQ$%#3B-upZrb6Yb6)bb{{%*xANVC0a-Q$qic4{D2L>UujFnx0nKnGM z&enjZs$aT5>KjxKi|1~uZlF$NHAGd-O!EIxo{N9ST#1|^!wzF)*Ww7C7rPF{07!md z+l>9*%F6rx4giNZPk>Cm26TlPPo<3q*JGigMqNX+)gTtuWIM4yBv2sr4%Mx#SodTp z@TvsB91!DTjN;=Eg&p}=3V^F=JBCxZWD3&3uIMIL2u&=nB?|#VrOFsjebL(V(5Mj1 zh#~@Jb#|$)dknzqPEl$#Z$zz~-0~^BUWY{-2>i*X(2xlyW~PBh#ECA zYt|W;O74GwU+3qZgv5(W?#Mqk`&MtWbfUi*pPxCFw$etgy{Q8ygKe=z$dZjjyDdJ} z7V6=^fszz#-LzALPm$=@aV*yU3e1^KITdqkLKxjwhPNCmT#(&?>B1yBoCG$idcjS>qVbIG?b988 zM?VO=>}jveaRm!VH#3dVpI4w{n}3WHCGqa-q&#)ZL+=w#Z}tIKgp_7j3My94ke9kp zj1*{#^%2d+ym>hG153VqqPgs@Qbvv~q*ccxn45<#?ZuKS5}G;<$T;ut4*UP1AH56T z^^j!A4{oF|O>MID;2``gO(`*2t}h>4-Y;`H{y!Amg+HIA&e`+a&-VkOUu16;ip256 z3up@cU8mep71y=b$bM%LKgk?5JUu?k&bAB?@E@=z#$gx)utXXY39nWnwqaVM3c7Hg zxJ&QAGk2x3g1Zsjm7@NpwAA=*OS}J#s{0&Xo%TN`jUwJXzY6eb$+*6wC8K)3aUsc= zh%_VXFStXml}v|dmfm$4`T*0tt|3(_{q9ITqnXbP_1O1akBH=fEsVMbN>m04AdClw z;{2vv(L>rEU8i*)8%=fU&oPMM+R7-G`5q9pDrj2e+Xof!0%a+n_W-8kSPW)crduAO zT(MW8SVexX6bktg`|$v)tVn47rP{zIwxJ=(;Fs2HuXZ0y9%!O$xBzu5f+9mn){)9O z^*}VB?L@ir9NZRd#`u3ka5k3LhIii%bZZ^VOn99eE%V-lb_tfvf&d9w5Xu58_*-IW zXJbDPsEiKP^F~4>*NCYUswA#~vSlLgGI04r$`uQq+uc6Lp%^?Xn7Yhe-~xQHIz&Y= zJ8-cci=mFo_}AnVBj)Br-sD(zi4k*) zTm~D0)t5qn`r>(0;(1)hyGY1ibHWv8a(6B&mIX%11sc$~95GS`veq{VAVvi_W0?pH zQq%pZUZZY2scvgT{bfq14WT>-ST-Fi2oMZDk5>++cCk%52aMfpObrql6EA*(`;RBW zcB~0bK&0wNy6H$P$L^QlkXtf`A$|6NaUB;ratg8Zv-CIJ0#m zAL5?p;YRusOk1F)krfP(o=c6d%S+Fe>%WwbsW$wXd>+n=72gK0e zCwzhI*m%Mfm43m>o~nASi6V3B7B?8tr`Fk^iR@3%vVlBsjbB$WRXZ*D8TW8UMizAm z(?@~@pHJ1#o7$hVzVpaVWoe{se}+y!otBJt@uCo({20 zHWSMz`eur_rDD2(8mvnXHc+PEhr|L5qeDXttQJJUXh@2pR&Yju#3j*qXo0Q_Y8(=G ze>y>n05M$$%0+@Sn05b2L4LaCYL@{MMVieu8pRQyKOa(9WChQ-wan6EM{Aq#Jh1`_ zKt4x^tnT!8?jhc+Tdt)H7M7!y{_pbFfXmVE?1;}bqDIFM$>`5wJNM#lc(2BX*GUW)+U76VJ`R`00}rYXWD9e#|CCQHVM4eP#Sm*# zK^#RN9z6P>woPQz1!9-&{h1+ZunBI%mBF%3WF_&>2O@KpuCdEt?m1x(Z>NI+)pWnr zQzi}@0&8<)AMZMhgvM>8-Tod5R*ro8^!chFF7=7~#~^hjshJ_{d`*M;WZOt8w0`-w zuKnkOkDu-l=mB7g$3&?XwVW`pw8^wNU<$Pk#+pnuBc(c-;yKwi#;bupl`S;Z<8GM5 z8a<4?F+SI=`Lrx~F*msRoDBqpy^ZAop)1wd!|l+ggi~BB%QErpUkeT|$OH3D?c~qY z0ft^_6R6o$VWW>i+Np{RvjP9DHc_neEsKhE$F3e}&`?-OXU{6Qm>yRumH_B>+YPAgJGXiEab>ta0(=M*em1DD&WrK%&g@djDc3l44Ma`*ytFA{3uG zmb$?y_quErECYkcU}KrFOLj3elr|t%!fjbEh=sAcg%x=E`E6E(j}PA26}vf#9DkPN zH3vaINYj21+jXb0nUzkNk#TaB6^m6GRgkEUrFaaKSpGu4{=P3JmbsoNm1T%tql*&N zGgE~=kOqI3jc*RxVg`KGRu#OK^>mHLjenqdP6;OWYYf9YO|WtD^I-1qIJK}oEt74_ z0Qa2u?FS!MV?~!0T`&%#Lr)_4rTsHym|YuTuF{V)ogML4E>^A*urmIv_*c6q2^%7l zjp4U#psWd)U=Hqsb~|RZI@&<6?hw{l68#R(M+4mxEs?jJH^=UAm;FE+Yk%c+`^t&| z#dyS{$BBKG?pAW(y5o%eJUt67s^#BA;v1I*#a)o>Y{WeGPi&^}?mq1LgM(I5ISv4k zvA4It=>-tIqACD|did$C+U^3%4PuXn_FeOS0tsdkWVuHNeWM3z>v0-?OM){t;7xmU zy?bT%9Z)vJZ6-+hC^6GxuSFyIAU)g_z8|yE4FB>C?` zzc&5f81yU(_K^;=Ci-KK19!=^DdLe{^2c3H9ZZ8a z#T?Fdyidp=(f4ckF(8gzUtO<0wU>wY%TE|h_UE8pwpN(x-HafH**K?O%Denedt+gN zN58w5$(sGIEkkQOq&Fen%`@;iZ^hsMz$G!uJzFucvoB~wFF8m4c zQsbcJGmLWaS$zCjk!mygW~dVOHbGhBhxHJM3 z{2EI2kc!G+fpYS^&Vf4h_*^kRK7$S-=LIpvC&=8okZS(!bn?^jBtqrtJN`~mhyr;i zEZi@WOcnz~VU0cRgySCkxGEz{xPGZn_KJ_``oT38ZnYCW5;HwIy~@{2JnojhO86Ke zZ~jwv_nmVDO(nP!fU~IhRb2Rx9){Cfk7MeNG}XO;y^Q!W8WKDZa+^Qg$vPldH#!&) z9_sZwgg_oC5$XIOu@w?W;`2-X8j!N&jjbo@wSzC~4t*b-Tp9=eWYT`i3(6*sIPI=s z86b*wVe?NmIqFM9#;#8;P*c`Ly-G5vA2w0mjp}cLR(K{H(2={mCUdzJ18)vdy!BtL z=kM4g^5|=W(2M-BPEz1FQBnZR%IjA!^Ly}9G#CbH4=_{)+}-eiFnqj3W4F=c;lHe= z{lcfu(l?1LN6Y)8R{;)6A7e8UoFcH(e>yH>R}z0l@)OmTPj~Mh%bY-Ap8s6~v4mT{ zVVN=b2frtuT!V*6Ap>NwHzQr&0vTGOXX*cFDg6~bK5?G|&<*`+>(@gApmyu`hy8@S*vh7!8&=z%ug=X&h z8ECoCAG>pLUztDkwS1j*?qkWYr;}5-Y^ei!B~}81sb`=2z8C;#$XF>1<1}VJ4usOe z#ITnVF5t?*tM2ty3I^_L08tX<9u=H1UGgq)XKgI4n9^mgQ zNp5nKLW(CbOWy1;O)K{J&H7*xqjttnve5gd3bbT3nSRVOxL=Der870RP895I} zKj^_@aEzI%zjx<@hA6Q(WCK>#LVQ+_KhM%y(bmy?DNvr*e61?PSaruc#VOi6;DwQi zp1RAGHf_wb$!$Eiem#Xft?`^je$CL8jLp7rAc-m#sW8MU{8rS=d_hsl-y+Rx`ljDF;7Lx zEbA0v4!c{a7qwd;&-z%Onw*xjm3v&FG}N zl91)Ww^!?(9`Y$N9cAQ21P%bb&?G^h$Iw@j zPuVI~hhVCa>m)zUyNi$szNB@)q(ZqOVXD}d13leuW)dgRnP+CuDlgAy+-4M|xc&An z!cnF}!~9Wxr==+`v&GxmRuCi|0D24R@0P87%GEy7Iq0g}oMztTZ-ME)1K zh1XIokEjT18yT)TLF&LQc=#AK;gAJSmUR9F10UKAwH>#G31s zdM8?|Q!5jU7x5HUWBGj!JDDFm4rZB?hf|%<-k|y(n=Z~KwM>F z#8AT=OlY!i<2;yxk^_+KzvfDLIs9ajyUi>mJsQf$MpWZC1ze?i4-lz-jLOSkI5lr# zXptF&cri0Ks1D2(IpZ~|K)|G{UTOf!)<^T!p&=oMXt~x2DW|#+h^RVkga zDXyRpA}Av!dLGANxYgnDRRqRyl%4g>O>p^pJbzl1!*SqP^kl1E{qQVWgp&7ysWa8` z8}9CmxivQnCzV#pW-_y?OAQOqfG_$neaB%OY8VDZivVbkKe#8aZv(Gqz#oo%12A9+ z0CyoqD8>db!SxlATbwN)ne8eUCuFgyyZPwGcnXi#Y!6uuo~Bdat7T=ah>)J3*FoM# z%;yx#Hm|Sxn!*NohqlaqjbjdT5^;!f=ZxTP4fg#jz%JjHRFfSeZd8^{{l|`2lQtCXMc%l|LnNIRLGt!3X^pC%bw zK+)Opm_5TjEAEB_jUc0Xi#l=<+qq~N7^a$QcKCj!&c{70OJwgErZ8XTKq0ts`I6sZ zhPc+%Ygrit-FB#e)5>brFx3&_y~xN?)LKY%49vIPMHpX9NMyI%NT^N}NO&RM{kHY^ zUIpVOfo$4CuARcmg95v5OGEg<14*uFG8A542+yT|Dg2D*av;N9ZS24`3IOawcB z9HugL)FBnA+w791e500Mu|;ET^Zc;lD6rwmKKtS3i+>kA3LSO=2Jm!@k~o!z*Rb$m z7D%}pSDjW(1LtL&;#@fIM=`|x7E6HS_Aa&Ro~onK_MZhSB;|X~{2l-SI&&FaQ+E+U z#%h?9cT`vgJU|1k3m})&bY*+`;Y||#N*%TOfeOdrN`%b|=TC2tY({#HHZxrLM@5k% zcO2TKF1|o61*C0RkLKffvyOA0Zm1ck>g?@-*0wPD7O5!daBZE*dzepGP@J zS*p59yvZ1ztjMinIy^n>7Qvm}1Yec7Xo;hergH-XIc6x7T8XrWMTpFgm=oXxs9&J$_Kj#Tmv(Nf=z0tFu(&!)elvQ7lyz0Yh#x{s)PQ>`Qy6`7W zR}eVA+AE$~1z3p$RFj48#`UxPmgA&XEU5nUqW{lFPKEX7_sElRG;-T19EVI0s@n>{ z00M~OFz@wWcg_*|ao@oE?IBZ<>U0WpncsQs|3ij8S_jiNl zoM*XR>=|nM?y6(5KT^SyR##g}FV=SESHp1h#cH(#GHD3{rsSBczK_%NulMkNL%??~ z*N-$9W^hi;dX@MvfcCZxfX?I#N_>}e=z05+DI5iI|7|T6G-lcCto_rS036(2r&3Lp zdlwQ<&OsFKnfg`AdltFfz^TTr)N`j?{dl9x#l655-BT7k-NH60`z?BqxXW^vV|3?L zfM7?wz_kvxKClNTqirGW7ZcfrbJ$K1^%G9cDJ8Fnqet7<+twtO0SoCsmcYVLIuWEeF0?9E|;HYG1!8cp0MdYuSL#@AT zKXY=(3D`#=81fIVOhZ)W+Zv4(cqY`JGKbV5{vK5*ml|A=5b_SJLO3$|ymAa|ltu+d zHE!R(LS(;Qk_y&-m%i%ULp(}gI!?!3w?^r*aL57RHL&pHKLA|}oT{=+YHoasP(TYI z$il~{)m*%dDn^5}RMyt5kw(gaYi*JY3B1l+QMaQIv{s=A`hqcD)Qp*evov;Nzhzhs zn{?TzF5mJlh20Lz$$Fjb{(7%Uok&0b94iJVL!A<-V-k@a&V4-_`y^)(qf}?b8t4z; zF=sJOlPKE;#8i`|_770aE)6OY7z2UZ-||2m7@qPP6H_eQFivH8T_tp+)xDbBz53^b z#=8I2Y)4deRHT+bY?ietb&~AVpOtIYp3*jN_7XNNJ%)ViS%5IBJAFJzD&O_U!+DWq~=u;TzKpA9Qr z*?U;f^%^P=Ub5iyA=Q3AFI%0C; z&L5JiW$0OVP%cHh-Qcp&tYuZRfHSkO{WszaP)C+xy=da89ai^=OgdqCI>bDkcN;P; zc(OLPCt2ex>^M$TH8SCgLNyH?g8Y`Y$8>iAv!;fL71zW)sA>oI4?%Yo33v0hD+sw3 zug&rbIj56_<=EEKO%CU6#_(-uww7Y3hG3(*U_7`gf7>=-V~aCWjB8QjIf#3}i54(O zoW_F63Bh#3wcFde=e*HI`t15O2#Otj4oxbWK}@MOZK<7$5Fc3<!HeLGJKOV~~gh&#YMTItF4kF$M86E6yw5!`o5!L;$lBVa<^x23%0~RRs~nx6;^4s> zy+eC{aRgUPme=m-Yg5<10{r-6`$2i4rY`LApWaY%_yyNdS>RaKhEy{gzL)er$66BichYJo?@lO z*gf=|;RZyo{HWif@z~QA3w;xm^qh{NiDR`XQBQt4>&#+T%!xH}8_T_xPL3X>sUM)~ zCLm$)Y^&w%YQ7y}Ul?(wolU!)y>3)6;L_g#5Yzsk^S})StbqiH6*3_2i0+{(>Z$hZ z6#~gawris+Jh`4{MSJu`-+1CORQPP+WiX$OuDx1n>5tAg9ERnJ?nyzmmeFW|BaF3G z8Ly2#tU21uj_Tn2&_#%O?lO?oAzH*$!neKL&m#u)RIx_q4BKh zdjpR(@FS349)h6$-n@Wb5A``8jk^1Mbnk1jsN9v6uAbjjVmoZiRqg-!vzW{0xRU&c zea>NGDrhe|E#K1UA>1mTy!hy-cPL1d)#iuk4L!ee!$ZD=oSx^gsBS&d0EZYmg>(G? z%lgs6-qFOq_ve42qR=M&UaSF2)A3)nO}^taCEOPlVDs))l-+R#6_BPVR*~kZYIs6+ z@Q%l7rAiCLwCxQ>Yf25Z7gSN-M;5$Dzu{1o#E~(-M zHU!Xre#W{@-loSH<-|DKLFtYfRlDcbdB=ZHSAr9!?svQ`BTw&K`Aj51t1z5T>0Gq< z^jj;uw`K7NYwsjJs+{BUslAr`9mkn1|G4-JZ?YkqpMh_~6ooJQjXc)o?a_%;3gdN0 z{)a|XzZ*q70Ra_CgVgOL*#aVHS!8ui*Wmh@NkRA}_pHZG4EDM}E{5;N3f==${y1mN zf-b$&V(PM3?55bGg2oDR_bk;ho9iv%fT(JTNVEltxfDbwe{lzXJH$6+Rq9w=;(bk=veFI65OOwZOa2qbF3tBu-X<+vwC3?73UABIl-FC7H z`S=Ye=X)V%&yD_XfMPyywG(cT22d=N9+4IL4LU!{Zb*U^H{GwT*j!9U_h zkGTS$R;UyP)603^%q0gcy>I`|F$!Wra-{@fjIr@g;=*vDm;Moz;_4e@iX%ylNKLxGs|p z--2AlAcpO-@25K^f_~I{i=Z_xvcsMMDzvurgVEq}Y+1F;(Cob97g3yzE0YKjGz@Sa zLqQO7E+LE`&m`nz!*BihcFW+0f`uHs&(k|G+{|DqYB6^+JMQIV$h!Lv!ISpgXoTe^ zzt96oCLgW){C-928Jk)oHvG5Dct%1*Gs8${yVyhz0V=6SI7}X=vkFOvBjUT6v|&Av ze(ig3lbftIkZsn_bwUOxgEr{Lxd?ZyNy_zFNx9h*xpceaI-1?>k7C%uuJ%uq7l-CF zIpqZQ`g@-U=7y`}%5@4{b^Z%T!DVLQILrpko?5AOcrM7DUj|5g4UZMRB)>iG=q(cA z%!7iZ)^2=%!mjTuDz6h%#!WhU_=z_uk*jxyrbmr$Ht*g{=bVo}PgQHc_**A$IoG z{%<5d(0JbH#_E1KqtYY>uL8l7Y_c^`C2@&Kw_RyzNO)^`qfdcCx)pDOBiN%}D1GhW zZ8=%U(Ggkz&ojuX&bCJvj(zs0jPCpL=lqLcp;*QN|9ysDt`SB#!(Qv0gcFb6Fy@C= zO3oipiyW6t#2c3q)K~0Jmpnei&_AmHV0aRNl_Yu*&&IJ&!d|-2_rEC{YpGj^mHWMS zvm;afM1$%tQ>krQ&L(?~z2#h%5W zf566e-^;ByZTkcOKKtX75cIU=UNHX;zf#a}ucg)LB1}kJi+Pj#Ps#n`?yZ<{e zBF((313au8c}_8S_h-hZ{>ZZ(c&Nag^1%c~ez{uDQ_N_@SA|uLq~kSQHu+J$%FpaC zW6?jfU$tAGIK0dkS3GV_q4j*>S?BZI&a&bEE2e=ieJo<7iXj^%vi=1Y-ivj*Lt$US z!@jmRtd$>$eDAzk6w<9mY>&^48>R9m(sYDPd8SZvnK~?QRFR3(zYI7mJw1?5r)IsG zg^`F^mH>`CM9O#lTJ`{2szWTgVvr#oGmoG=r~T6*AlqVHPbJsER4%Q8>6rxzdXAS5 z#cb!}E+wipQ~QvU?JL3DpN*h0GePNj~3K)eddi+}XZ6x4R^M=&HTz*EG^J0yZy>`-{du|66ZF&h8XwiFXu**N%icfw zBDxr7H+cVAATja3Z{{21fLkpMnQEu|aY?V34672EsqUUiQ2ym13{qLPx(umP8{v`H zkmga^f?2y8IxNsFrM3u`Q_q>~uohbWFe7)bl088 zNmC3rV5JZ9gkj=Y3WT?6S7{O^0JGLukjC~$zhX^R{|-||i-l42o^k#}?T*VrC|9i9 z^W>{an>(T23Y!GsFe|@t&atH(O$Mo&hY~D%b1 zRROn}a(-hsEz2AZh*Z!gw;JdAppdU4$C)XdubU*js?eL)(!;=Z!+GIyY}xIRf9;lb zVvgIBF1`IFy#MOXscUw$ZGE$kGqk>Z_?x$gR2?rW2^k*HKtNgr@}$ZW-wPW{4~G$P zJba4Sy}C!?za;^sdYfs_8VVr3b8f%Nd^s)R7R#!A`i*;b06!l2$GP~n%69>82wshK ziw0P7C+5~%PKNx~m40W3@zXNzK_riZ{h&<37Et7uUU>{NmBv z$Q=z)(BPtHD;O+qfV8O>%nsiMG;j`0>$E8QDkn;8nIz_DdYo}o?PlX-nm@~Y#E=D=jPR6AcWl^>2!$dqEtc2y+6OL|WNp z(2d28=e$`}Y243oMLuwSXvlfMDRxn^}G!L3uRAMB{gDOpZEHn6}(6n}tHYiaV zZ9k{4pg+#NvA899a%hunCvXMp*uL?)Xe;8KNmgmdd+x_8xO95QTKmeE?yLwb<)VDl$Q08*FEkcE zU;I4KGEDWXRg~+?hY$4ZZF=XX~OZHTO2P7fdS zh^%@W4k2oc=qbx;@x_PZ^&4}R-pr*t)zbp558`Gt{&kHTfh4W!g(h2um3TXpv<%dp z9a{5hc?BlT#8m>p;V;;zcvX54*;a#&x3Ur$VVt)(u4hW8BX5{6A;Wb>adF0zPxyp) zCf?{K@UF|c&seNX@=n}=4bCm81A~JukKyeOkK*)BSH)=!=MHRYp1W zbWNJkdMH49uQarI17jHtbrXaX;CFQXOZxQ7iAb(SyU%^W35&ykkcK5q<~NamU|lGm zh%+d`HF0Bgu~BY0ASgwr|7dlbtT`+ z<%W>U`-@$>X$-cudh>FTZ$c(B`&d+f`u1ZM)~~ZN(lR48=Zj5#KW4;HlGjefYNvvU zY~c*Lv*1_syCAu&4eFzGd@f0h*lMp1_k3;W)mU)5eDvcH!&lk!l~2BQORHZD=9JCK zgYn?zUs)5#E!kt+zfuM^BrUFYnfjgTucNl~tT;~#pO{hweB-iJe(~RSmDlU89CucY zr2wY9>i|cZ8nYRWv8a++VdEnQu?Q0P{k(SH*oR?u01P-zgT&DWVt%e2yc{?NnGsn! zaPUp7OOcw#&kirMnwKJJp~cNdko7`&gE>a@Z1?@JRN_e}xEY_@^OaNaA* zU>skEzwyGIr?Ug9MDgTIDg^rb0OCIo&TN3p1rYn{ctS3V#gN3XFAPxzzjwn$iZ~-8 ztB!U8eihw8B$6OC8&he{zgsquIh*=qPfk4!B5U=@xTga|Qf5kO0wDS`fz|pPUy-{> ze=tF6mjany6n&&{$S6j}s95M!++k&oR>g zCE(}j@lcqigwHxrBCB#VS}1#ijWv0i2@N-n@nfuVtRN~`rkC*bV<&AK5^9+@tG!K z5Jd1a(RC+H%UX8|{g{*OG3P*zK~HxzlgS*WhEueL2>+4ve~+tegTFe)!iZoP0_EMSvLdVw=QHxaOkW|bfFou;4x-sdZ*FlgQoUMe)kL9F3GhWlKG9%rf54TdfvALpNoU(GW^LI4SK z5)*jD4bJZj_2P!)e6Hu%U_A+tGwP{nY$F`NgOOGZY>N(t^q8`|!OIfp(NP<0uW)FV zR;;PHtfj;;tX0;20WO)r-d8PmCD!q*T1d_~N%vSF_Bk?@SFoECwUx1iG3}TQ7R_(R zMc}lq$U|8d@k+KEoX@3u13g&Ofy{XrCciZ0yK~}Dn2Nz29=$ddeo?+T3NMa!v3jkr zw4J_1-w76jjNJ>6l)1oPlbiRXfKnU2|ID$J7P6L%*Iy@YtQDOpB|>Uszs)DqxyfFv z{+B0vDspyU+F6w%ed;msXnYP{c0OeyA98Y+OtV{O?XtMv`Ol+Ct$0)KbrUfHafZ6fF0G$lp1Bov@%Dnl+1U~*;4 zq@)+3bq%2{uBRR{m`-TYzQVEkF)>bdI&dbRT9pgJWp$8)85+~UVXsg;q1Wq z&f$TTGRo6LWo7iErEF+=3oDpg*cv_aD zc`+HRIlQIPnY|0^Z|T9^Wev470e0eUSh#=hz*)nmZ8&XiNh-cOhr5Sht`@SFGNf*8 zSeabgW_iFMM(ZHY_X6!WTBi->#Q~Ahiy(0`);y9n`*%<8Dzm@m;>CC`#maAlJaa{6 zs!9SPg5YgC=3T+!bM~G5Ri)2!xr~4LYP@*gU#BHf_0mJ{@!|#$qak0jA*N+9|93x} zm%?Siok7-J?q%}u2Vv-U^MX1o%=s6R+E#bKFK{0MtXV@@X_ZLd}=bcoxDOe>yp?Q^q{K{g>I-RMzr2 z5n%`D}Ow1#YR(THN}dYl@Bt-A>ub;@^R=;QnL5^WJ!6Qd?IV~kNe7n(A}kw z6Zr=^OR2@{p?~GW3d2F>c!IUHly@bB!G`FWL}V9c?kYftI7hHHMcj+HJa1@I(Tp^7 zw$_S-H{dd9JN%6z-NnNdq4L(`NcfSJVzYpz@JNaODj)B}d>^dy?=ny*D>W}g30UnSAU#kWFA_BkuO6n3Xj_`Z9BF$6)n~}_H;FPsq@W0w%$pS8ABclXmIqP|Olbgsv_}h<3+1AK~|w{gCiqrb=%4^XkC)NAInzC0WfJC;2|DI9wDrUlF@LN;s$PMe!(0)t^}dib=>)lA~Us z3iNkq4-^Hx3@a|cg(^O)>hOM}@T$n!mm9?>5g#!kSNzeY#uO;ayi_xVvbMe(Wqv8S z^INg?S7W9W?xR)LJ!XH#4l92q78PWkv~}}OyLzKy@Gm>Z2fxe7AGJ{aK@CE!*(4r$a_O2joe*U zOC@*dC68a(YC8TlFzOEa{N7;iLvl#ofW`{nPGNVUJ&9VmBD;@SznS}WR!>=9enTWr zF&0(NR$v(c(vkJC{Yp{V(dQfS3~57u6$c!#1#~pX%-TH z4>1}iZx==@ii3)?2Lma{JrMw11>HxVR&f``t z>*aE>a!Jig)>6mc%Qwnp9m8Xq9TCa6FDaae7WO<@R>sSc)JMw593pb@Wl!0k1y#q7 zlpjdqYg5^B1+K_6$93Oh)^b@-Kj#Pp+Za-k{)3wdZbfnKx!z5mCwI1Z`fb%c@{6CTJI{fK7& zzl`G;Cq(65#r=(TCtN#+Y+1R0-tT?+oBNgvu)c_R#rub*D%JL%+s$qB6=4!fua1iC zkCw`RfX$B`%c)09z7=38HE&&Ni5E;@PD#rTg@IHV56JB>-qH7Gm~a2K7g`GGKzyP# ztGEv9-0o-~qghi%lfS(9`=1Q_6EVX8@&q)^RHE}-l1BC8%pyZ2>&?rzPhGYeTr+Ki}YXY*j5&es_}k}?9wK3jNd{?H5O zKDpTPd}!GF4;4$JLX%s5)%kDPN2`9Tk?z}2)&QH9xlyeJIYXP4mxJ-nRNB7ce0Cjl z3~Fgb1+u=BnTo~~E3IxGpj_S>5twxQ7^S7?);BN8>|{kpi~ep+*GgQY^8aJr2^=!Q z)`R`&m5&38<)eOIpTS~otkifYB&aU?Yq8#>Ov+k}07O95T7*8VvK+tfcAd!4ni6J0 z-*D^l&G2wwn2fsMIhz@fIK4v9;=pF4jZ3$vTtIF{BeN9g11m(~zxGyS* zB0=U3MzY$Ux3}X_z{|RB#)n#zmU&`TvnHiVgH}f#D2AnDjLHyMqQR88-6XXd+H-P@xZ8F{lMgI;ykljoG88elo zhUC>#-F#PC-_WF=&vSbgCX7@Nz=HE${p$@H)7!JT{+G-9kcv;`{zRb!?*mFEp-bRn zQT1q#hoU9H!3Sy5>rMqU-5XBfX&xmK*;F`<7ogRObeT)~U1c(kXqqVX(70!nTeVU)2lHZPL*$1<~HHrvTfC-;VJkFx=?-2W=^>CtP zVDQi>!O}iNVnt}wW;SoTF{B&x%a6Y_3poQ})az>*=Tb4b<`0>TyzI13KRS)kE!Vsgl=at)yu0Q^_{l5f?+tmO^f&7OVGhi!4)r!J6K!}Zjq~B z?-;t49{BhEQrOBiKW^`)dK#QHr;&S>%)l?xmdwVaD!M@#zHIuNTN%qaLebFvD(rRZ z*eAg1N|Rsjcp1{_v=1T_C^*dKWX6Djh+Ynm^ALb^jd&;mPjVCclHF$fgLfZCEkQoP z_y|;^z`~q}EH)T<)c;d8@SZw^>vH(b<`(k2Mv(ZJ0HyDT}we4|i zVtTI^vT#(`anwO~!6W`jo>YZB^(Rz2$@X57tO}Ra!YeGJ>w@Go9I#mC>tBSzk97BX zg=xIirRuZ<>84Mc>x=8CsXEg+!M_n(DHE!_pT+=kL&0?0UI665DP!Sdn=1Fj)x4*(A@~YID)HaO& zJ#{ApmoVn-Iq(~on8-zbQqS+3gl)rNO7GL1hx@>+?y;dO^h{*ZGv^%1cQ9^{2(~6O|Fs z>r>uAnuFj}|6>#P2`ssqTw7dRf;jmL9m}n)yJPVS9=5x-R|p1%#(L2s%aor*=BH{rb1i8gKssyghJ8EaxE=RA#A11L}09@&mwD z&(${D+Z0B9q5jOLsA}Wgsn!Jb`&)sSkev_l!bM{$=G_sDyx&dkZP>vD{O~~XEbsIO zQ=RKnKOdizj`Z&QN;eT80I5A%T#MBgd+s@dpCQ)7@1+#^1B0t9>Vhp*``%&8-xtU4 z2J7k^u3V=bqEcIit=FdFFRQ#k^3 zvXt)-Q<1`+J!_{xCYBQv^rpdy_(w_YAbKexKt1zTmR68}1~5UcBfILM+oqO|j!5z| zPl~t{>bs9K*Ny@TMDO|2v*k?113K&Vj*6|)Y~d0D?Wx?HJbxUA@1yp{>7v=p6`L1Q zdUiTr{zTi{P*!K%#3nGO-P=v)U9}F5Yr=AG9HRfZwZ*Kp3^f?`q=>aIII^7C4Sl2% zskD3d7!TBNdUme|9J9ttsXLXnpj6&PUG*FDX0#I^5TcNSQQ;#wva`!eMXh#xAk9)(9uc#w|L?8 zgbkdU74Pw=Jn5?RzphDz_^ErTDApm@V7l+-NNZ=(>)Yjb&(i67k8l`{C04 z<0P{xNj=f92j3YW`b=7P-#wW5`JmvdaXZFFVOEQrB5;z7?0*614;S!S5L*ujUJ>Xi zw-SEHv}xaiff-nPVI>7_C3qf!J`mDU7Ev$vBL!jb1#@tM{Pz+&7DWO0PD>zjGH7TG z^Z_)W17PM^4tOrAP!z?$Bd}0<;`f8C7lh@1@w@_(SQO#rl z8}J5UFa%K03XMWrwUvhzB2KS{KXYgS3xEd6C;xdQ!hAJhh?s%_fhAax@CA(+a9+3o z8&HO+cNmpe3kIe{vOV@yz1v#y! zGd4t0f|rf)^^j_HS02y;<0vE-c{(0ab?jy}bGQLbP>YcFj_?>turrUC@&;8DeP@@C zX?J~EpajiGkk~blL&0>W_XyLLkXEKlZna5kg-v$|k@&IzVX%rWCM4rnbyJgHjzK zm6(~Cn+X(X=$V5Cpn{*NjIKmc1KWtufwG#KNC~W`vq?vJFSr*3x(b_C69z!g0>a9uj!IiWFam;zB52SA zYmf&JfC60#tpkf9lt2Iopr(+StwJTL4C}Cu2!9v{8lJIk<9d-Om5TI=gs|qZ;u!>C zfP3OuvMn$K5dZ{^>i@MP>mlmMjyI+?XwU;0@COiZ0|KkF>qGzmZ~#BslF~JBi}gU; z`dq#O21me_Jp>w$&~)pzd+6w~P>Y11Z-uUg3!CkCxOQ2D zC2KX~2)U9=xsKYnZvc|Wx)Mmxxy@Q4qC2{FRsg0egQ%OjO7UC_AOu^`OPRwEMEbYq zTBN`FpuQWZ9Lu|pTe(@=0}J2*BQU&PI|5ulwzYu;|QFd52i5tEdA6?(4f`&;ofG0k=84Bj5p(Y5>X$ z1SRab0n4`iyH0ne!v8YB1YESlbA3P1O9H8e;`(ue`>S+WvW#mlz3U+(@CF(D0u$f? z9)Np<`N5C35(dDzC7cfTo3_o{!q2NtRs0(-ti@quC8|0&vWsyZh>lIWn!ansjhnu; z97uKa0hFf!dM(dc4h#6%oAHo$ioA%a;l^5hl&nb zxKInkXRNqsOs_l8#x@WELafAJ3xzgj0CQl!b_@g=a0SlV$AZj6fV?rLT*#}uF&`k7 zk+8r|`v0fyce}ak!{mF$ehLM=+NhMPKgwqS3sAztybjDu#isnn(3{GF%*w0m$`RYA z9xKKd+QYaCvR@0yYCN7V@B%ISwH!JE>A4d1JIp1#23N4Z{EN(_bY}o8sx#Qk&HMpR z0L@kxav-losKGNwML-abgdFd;05>Xxm?QE{B4CZUES8L zFaRFl0zgJWKmv@g3XHG|;5~mgj^j9f-Vr_;>g}iYMd85R#`#)`klNuYA5rmTC4=&;4y(kY+5os-Ql-$o! z@KH8U0tGPN`unMf;IX-p@JmBa&U5-Tz6(3W1Fx_MjKBzL0O_YNfRbM9^T&sT;s_E#5q)^!7+&7@)2J=*26A5N z9z6g*239A4J!OjE3ehR11-DXhi5|Qi^ z65+lbF44e?n;5>Fs=ro012b;3cWrGw!rSwFb!&8 z2E<#|FF$5*N$0=xkpA)A zP3)y_`tq{;58C{1!0k?rywXo+)UUGuaQy=e5Ca4b91y_ZLH_{)C{Q@l(1aB@Ii7VZ zCF+%%Q+7^l+-Qc!M;>n6m?3HA)J8`xh!9D!q{faNHI~49QM2X*Bxnrm-Okhz{s#`Bs zqj;FHQ+J~sHy}ZlMCm9B%b74?)_D1%1(cc!ko071An4I^5o3Pl`m(` z6uL0a?*q?_4|7XK|8#b{BZk7iD|P`R=t;S~8( z4BBDyjR&2E+o`ypj%)5f1QV=`fCm_;?m^G4ldvoXPU8*-I2Ng;7F$L!FFo}}8ATKl zM}f~a`ch;`KmBMjOgI4tB+x(wYqar3q@Jq~LLNnv@JF%?GL3@mx^siW4&hUeJrPH- z#THTA3&{@pR#I`r{b*`oh{a+gu)v~l6mv`j0WcuC9v=j9&4CW8kbx?yu)+*TI2`4@ z^_pz5#73x8DFrL*%MYeX3{$Lx7-fX4DCEd=^ij(I0H6dk)BKE0Oa;oS!YYc0s1y#} zTW?7{@1%0Yl~T=bra}#iAizXt3=>jXYpn_Z2LBnjF;iX%3ZOwak2rx9R%{XVy(LE_ z#f>UcwQo>DU%)9*o}L=2QCqXsb}2~_sKY^n6703tU*D_(2N%=}vDEdJ_4CRV1v6|2 zSYwqH+immB7XUq=lWw|k1HR56V5{hk1Q&QNeh5eA-b#K1oYmE&9?bcWDzDZUKm1!iWLpYsEl*Qc;gD9ODG|*LKeEs2IDjV zhca9^K_iY@R(G$i_6Qg8$RTVF_oQb?Ju{p77v{5(<#KZfbAdcx$~g zzZkl+C}8SMz0P0?{|1p-fMLBdngJ;77pjX|Qi9WTEJOHr}WAqj05Koefi zf(&3`4_kN;Hhs`BG{oBtjd(<*=p*olrQ0B{_BX`YZ48N1q~cN#Z~z!y%`sKvVi%WF KLoezqAOJhO#}3{A literal 0 HcmV?d00001 diff --git a/test/fixtures/image.png b/test/fixtures/image.png new file mode 100755 index 0000000000000000000000000000000000000000..e999e8800cf69e0c734a07a6c63b7adc49ad4783 GIT binary patch literal 104426 zcmZ6ybwHEf8$L`kV8DO@Bi-m`zz6{mMt4esjPC9d*a&G9q@_zjLP`W-gdkGV9iq~q zlpucIec$)}{quYNSUh{q*{SQkuXEqmd2XPmPD##8j)#Xwsi~o2goj6n!NVg+1Q6ox zoCE~Z;ogW`lysHw@LDn`{-TI+-|+*C)RA~ildSu=r|}GQOjL0J9P&=Vc*7vO61 z<@1o7G(t~PJtDw;VSdI`PrWGb<>+wV=H_~4;gML+-QC$`qM?LG8|xc=yaQ}ZjnF}!hWdKW_NYKF_u-+DC&o`^XXesU(t><_u>FH_ z4`s(bjfMMqDJ!eRMTV`fZca^3n;GgQ`B|+kFKei4*;w15>>R8uEDiLHlY?$=wN))uWiftU+>EFwDIOl2{QiB-%fT`8<#TvQgsYuJeC)GecgGi*FOuRDjWiTv zy{#RdsL4x7NOM0(dmiuU>g?j=s{BY!p7(*XmEOeYkc^nf{?9|CtfaIcuZ^*GVSXV} zLd4hJTvM16$;a;H@Ki?@p@R^3m6I3ZXig8NH&v3!&PWOOaW*%9s;wmdScEUe*QvLo z`E^lAgqw{72g|#r+GkPEye!mHmi`bp11sw!*Bit-uh8K#E2g`vy_MmEKHIbK%A zk2%33y=|82N{e3xB3+HcY_%~S#tvF4aWRSUcY>*BbOfK>usns)ZO50q}SV8Ri2mDR9R4x70b!ao|6zP$V^L5 zO+iIPO-V_GyFj>4)Ib^#HI$y3hKlOb-$XMU24n+`^o;TNWDVH`6^SXpkSr+;$7svp z)P|-k|0e+>O9yTZ`+47&=k&wgzuJK}PAwbkMMNa77j-SyFHAPgim6qp;o(8?G*y&L zLRXG@DFbIOm;ZbG-GYdTL%Bw0`Q*;@=d4ta#C?ZSkLaf}5N#`nS+A?5W*ACBc$L}l zaB{^_Qg`+V%T8P{_L;C3Q@ayA|Fsd-aYn?}UoT2}&->#*A-*-~W=`TG*B4jX|1AbZ z^=)zqCzam(4eQK)S0(>r_%8g`y2K~yP-5Z6qi^{CzAi1?)AdmQ)=!H@ zq!Qwn7k_;u#g)~mD3~wX3;cJDt5Vf%EodU&d4EI@oT1nC>YBB?OT_pa@5x$(h<1U$ zQ*;M^r{2!9Dr@W9eVfjshUEyoykMv3RymGYwcj6&MViLr&(ehRchbyuc?-dY@m=)( zel}8=)y|`d564<_>Ywx}KAA|LHQ-v)3X3Gc`wn$${&39*eSaTxs&sLkzAU@%AOrHj7oq(fk+YJO1c$v00TdPX=XoMtyQz z_o%T8$DoY9^T}7tx<87|p81oUCgn{qr>TLXDsDCf7#E#f|6c!lt_iaNGVb`V^Yd_!1?cL?Qys9myhH!wghIXY+eikxg!32IX$%EA^!Qz= zUdjJMFZgTrzI05rZej2@%9oQ4o)>dg zcZh;7lapWC@(YC0GL%P$gTnM~ZXe@gOBRogzkJF3`ju%3#td9tW3 zWlhTKwtaBrxx)z@4^16%vL11@9l-QMf$)DTrxp6)WbwbXKO<8QmMK8)w=PrctRNq@ zoX<<4aO}Qaob)7kxLL0zU4`S;swSPOt~Zbvi|pw z9dnk|2GO2;UCcmPXv|N<#YcoXjmE~Rd zaiejKUWxep<`%X47w6v(b*o8IryIm%Wd64zs_OsycHOwzDgWzi(B(Q@67A-;FQ5e9 z%p0W`1NeNHXq;6-Fq0<+diUCToLj^oOD0^-?mRx^GdaIQQr_6T>Ynl^eLOyd8(Gcm zA#^6VoNi&x^>)^|Mm-jJzA*O9iL(e%9BDvGhLQo(W+EGh?PdzzDLhp+o_$r&OYM?B zSO&Cf{`h$O=m!V~kS3o0{-G-}!LOq#t9j_4Ma4}Hvv7Nca7?<4TPiTZ^&2zl@hX>>En89~o$LRKy! z9yB*(5u%fi_)g+z&^R0aT$!GhSxhyMrhWBP9dP~nQQ~&(!<5wKDVLuW6}XY96O)co z)Fm$kMS%0@2%Np?REni_lt?&t(a_LRtqj#Cuwn>#y+ki46^S4R5yTrk7Uv`Jx*A&} z!$C=(&il{$;|%X-KYwQYjXWL1L+MPb>SX@z<~(7+O@^!&PcR8R`Ffc-f`J8ui4NG@ zC=f0!m`tR>HYn9?dNRx_^*Sx2wm5{wX5$v!3na<*6h5|L0AXj~bIzpWUVJygQvHHP zoSgH$?+}}5UHLf-{wR%+siE%N*&Pqt@NXa*V^Cq*)81#%R{cu?XXtXB;>j^C61Ry+ zJB(%H7~9N5Q7|FA)>ML=W+=&uk%0@Jwm%?$L-=&Mp-}B5OnHeKM9|gZ%;yJvc3k2wZ_(tj-mO>-72#xAU6%KpY4S#TZNR}uq)B_O>-oCeX4vl9!x^C%lXE2{Mj;7R z9BlIgm82DGc^HE5P(NNB`-}pe^S0|j$TkZ`MAwl*rwEuTQLMH&SXf#aSIO+s$-;3) z(Rd~aw^IK%9aIo}FPJl=l~nD;X%}qk=&-?UbCSGbiR0)20bqiOIVgYNXY-v-e;r_~ z%<9=8SP#ay$o?dIGU?AwchvCy0iAz7C;`Gy!1!=!fn-h%n}abr!4+{QK=(fANNr% zz=ZwN<}cG*5?w(wotkf@xm7_s=+;*8x1A%Kyi}BAqgzlZGF7ouG1n!p<{M9iUY3+f z@0SZZ0Tce~kNkulRBZ3O50#f~Z# z4*|z0#TbB;3EyPaQY2z&UJn0g+vCrf^Pptt8E?6(K5Y5{!GT%l<;oj$IaiXmvO{TW zYu|=5%7vtzL|CH)q3nro=y775+}Gu?(LN_-1epHWU-+tH_*ORYMp52BaG?m=RwJrqztZdtQEjQn&ak z4~I<7M&I|8l;Z%vE9QVAJbRYfhpysym}L5cEHx6C1N!^|n`l=;pS#j!p0YHNQp;1@7TO%Z|4p0 zb7SJuu$7TvffDhurVgUJz}gu!vHLOh=4mOky5SAeDrhZ#+??yEi?BNF7!ju%DG9H7>LU(uB+nYKd-}j2>8{NA)6R@5>jRCMz)XQk ztgJ3T20SPW)Sjmi`V9fTV!5%CW?W1v2a3zwGH_n~Zs^&(I_miGo&N39&E7u7cVu6& zMDa4?&f=hin?4p87x@6i>{mQ&sOQxYpE(T4S2?973Px@lXs{V34!Vm!Ntu#PE0NsY zks7JcRKi$>^>u)|eh* ze?$XS91QuH)2fF1$^F<&_!3w=kmjW{NLjWIu|S$W0QE+I=W>L!;*0Wh4MZ>8Fx>wAZ%2* z!_(7iUsu-A2i|UV)I`9g!s#|Ua4p@uOu+=!@IuKDL4gM|0<_c;nL<)viDj7r#o-JB z9GSkrLymCtl-*bT@ApWNCKHn1hCPjHJ>xFZ9GD?HAN>%k)#@Gl+*fL9&yg`ALImO2 z8z`A%#$mwMX+>s3899Mrhn9;Ah!P|j`34Zik;fsHB$FK2UZDB7*m!g}$Ie#?pQG!} zt76<`#{K>u52pDVO|7uEe`5PlSnlndQ>pEv_zGG1rb=aUe*U5FH*s7rbSXro(!5wx zKZB8u_~*aJp!6%exCb#z?DFQX zi(P`aEy0lV1Z24ghiEarAQ9l3#+K(TLvF1hgnI)I8yJ@f&fzyH1S*tVE$|m1MMS1C zOnMog4gzJ#lqk|MQth4ZI57QNoBwWV7O7w5GFo_9c3WiN*uuN}OhdqAZSp5`tx>H? zyLdcynnYpc%1o!{hPSmKQ)SydiM7wYnJE-Z!0G7@I;3HPB|*F{D6ON96!h;H{qg?e zVJ2un;`6wXZ>JJ$oM3096dRKE$Xc@ zNvx(4w{l*BSF#K;i7Jn38Xw)}Rx8Zz0N4o;7^M)FDlAJi9=%Lkbj%gB>s)0^Rq9=^ zuWM@Z_B=fK^Sk7~1kgW9*wL|YlaL6N`Gt3Tq$-^ugkXOzFs-9BSsdVihe}&Go z-x#y>54|1=XrRoIh$U+KT3YhP^Rh5}l+eQKV(aj&WA2I&$(eBBKqZ3(krsHTksj5M zL%tVM2O80w3AME5NKwJ9gce&uDW)oh^4b(vFZ^65*_zD5!tt$Ix#Qq7CAr|e%dYoW zJ6Ctte%A}aADB_7BPI;LgdyYituG6|7vr!*oOv->VytqKZWSMU3EniA*U`|0wJ@P& znLIvpfuH?TsHDJX=g87glSL7-$;VqLoVNVD##$!%WSXJA z{A8#iNag9kA7@@=qgV7JzURbx+pbagcWnP_B_BE`hlkVyldgwZx1saOm&zD}Yyk znF3{xrOf&hD58b?4i4M{u@#MtjiIlaJ43Ae#E^T`BzGVs{OdZha%QZ7Cil!Q$Y%)Ki>$o^QBnfb*TyCDsKsun>7NDl0ps0jP;++H&Q zT6q;&@Pb&tV%t+{D$Tpr-a#TWd&T-n&gJa;n)PO-M&OZfhzp~cY>{3CT>uiKQa+zn z>I_h`vKk1e77~E=YD>ElbB<87^P64( zdHj*s6PH>U^d-|u9nTEO7NUbHkKk*U5#JMM4Kig#cr~p``PertPqkKc(E8iz={PblAPZe2hsH?y^_D#GrV!(f=1IYUM({l7ja^Z}L*wz9VAX(+4`E8oTvb&lC!SPMGIFN4xR{?uPHVf>C`)Dr zRfjXFN9l=CIYaP-LXCE*#P()5uOj%@hs;BdxAi`<8X#s1xVt)MU^hX|Izsd_bSS(w zJ^6LsVg4X0MwF8i4Lv%2@Pa?pI0^xz9UP0vRx}xQOGl8wj-OU^?u$ub*(zRsoZ&Ms z8?$Q@1ncd9{i8Uc@<||jj?r}5mDquu4fHdGo1fI-mKjpgop&$-;upRlk6Ja(o^zn5 zi(=pmIp%K-sxxz3c2mV($;@*pYxFo9v~k1Ic`43IAL;og?vof^AZs{5TardiZ$GL% z{qJ@F-OC;`O$vJN>pwvS^d5v>PT65Hsink7V5o|F`gg8iZY$Vu#TgGnn)>%5cq*!n zHhm|WmtVoE%wP=PfebJR$GhQ5M|CH zxl@c84(o+fUR}NGK$uD2%%ftT*br6G=TnjpUS(Yo-& zF=c{y(R4N8Guc!Ld<_yyEw=;`mmN1lR+NLW1gg!5J*S-3V3cZ(m)DsVS`CXw6^Re4 z4hWRPcNUl<@i{S-rViXZ2_G~*UrH`ua9%NSf&di9SWfrDDfjy7>*U?St1BMi*Q=_4 zL0KL{Jir7Q2@TQ_PHF!cUvs){Kk_Z))szGoQa;VwC7ByqsX0T0>0*3bNtcC1e2^tk zpad6Okd)Me`GmgsnQVxCvs9RzxRjhE^BEfv6MLYzH`p+p=P)5MH4-s>c9r{s=k1uT zng%!HmLM(7_tNYfmn0;{7tT(s4o14SCmcbrPr^TGwXYG#iXded0;H+R7SpBEk5~syn>lidQI*0 zOJmu?S7RR(1}}r=E5Ckatw^y3i6ff_uty(ubQ{+L35^}v%Y@>rj-R}_FbA43C!Cj) z#eNny&+o>={KzgygOBp1&i=oyRmY(d!Vw>eR%NBtsDxK?ioW}4J^&2RI_+~Hd0_wT zwxAkgEO@@bn5=RftgaV~dI(>tR$M9-4j_z=Bmdorup>NjH_$NAm`ZH^_&_d+iOIQN z%=1+t<|sVx9fdN$cVs)U87!U*))G)d4Pn5tnMjYx^$@+Hp^41H!&(m?;bA!d4YFru zk8fgpQelcp(vVw6zC8TR=@*kEoDe^#xN#K13?9Cc*q+=a!kuE`Pbk6 z$Yv}b)rT2*J$Z%-dw~uWDA)Y0r#Y9ffWVjW?tq%AdUOz8`ZFJC25F(;IWBo+&F-!3$UW}CDuk9n;W+-!fmuO8ZE=JJO-P`T- z=n`-r)wTP&vEGi(wcidveOzGS}@s4pkT>)2CxVk4$NGd87@KJ&D-x}4E^Q>MEqzTL7y3Lm z`hY#%&KNH9if2?93zQlW)=>5*MliEgE;B3b@hVou;*%{tG8BCM9y6B36#TR-S?aMS zs&QgEF#mZ9{@0wB0X(zX-2pT`CGO}uN_7&FK2-AY8hs+NaWtTog+)- zmy12$(~29HYJJ?i8+;lT)LnB$pExwjB-fv`kQCrEp-B3^GTjkj2#;#xW4ciS7?tg# zA(4~HS_J2F%bvj6|iYy*yeN08D0Q27znb<<_e3>wz|8>(45uUh?`gETl z!|}t9Aj8tf#RV5iQy&9ZS+1P{O?#Eb+^aB z3}s#=R$4!$PAh(r5iuVrb)dI&ZaH1LXk|Rx*GA9exlRO>GLgp1j|#1p{vtA{ut~;* zCPIM|d;DgZk$lk7GcsbVx#h1bvJQ9f^}n4UH(2MC_te|fWAS{Qx!j?Wgz8-o@&Cs?#?%>H8SVkyZ zxFVC1Xb*x3l}jV$y8zEOnYWi;RUe9p?K+QM&M)T43F0Fez03#em{Q6bME87rym_VGB-;$13I_OXtf*Y0=$FtbaxNHwUQp~>=m@Q~M5I=K+GXlDD3=k42u z&YAB^RPVDvkfYyHk`jPe?2oJ9hIA>!O|McpXbL`~$pafIH*Cl?5(M!N)ss}b`0zZ? zH`7oI;rE=b$5_|-Tb7*Auv7xgdFNiVl7?}DACWzNI zy9XhS)L@@74+R^@7Jcd)KFQ_9C_aQ8jbD`0NOjuDkZ%&A)8_3k1Erqv1VI!|fP5OG zV{R?0f=RTm1~Umtr%%ypxr>c*KhV2Gn?=m+l4dPPqo&R}l+aBj4XCDZQd*a4Q8wW; z#s9^o*?0eI)#ITd-!FS)Yn0u6Sf=fXw+(NBL`!NEq}l*<@rJXt_)2SCkCTgBKMvG5 zvflLz{zWP!0m;uo{alF{TU*I$%S?r86@SyPW?E-YKvd*Sv4LNehB0{qf|L)~`z^;J z0h*jNlD6v<;)X^^oz=_M_!aH016b7*hWoS4rk*gc{V0y{zBzdF-%>}NxE(KvAPhD~ z=x*y{tnD#ASuE^|nGhDQbQ@W))N!z!oQG7K;>b0{HDrd;qTdIUm^q- ztUMGfr1`gXxuf+1t*72g&C#zg3bqX{4v667sX0?C?yF+j`L zI5+n45oq@9T@{Y1((niIHghR2KB+Y+xAK5*KOctJ<~J@{9i_)imCq~xr2v%^^FrU< z_;SA)v@q`^;3ES5cTXzK8UL-D#XpKT=#n}@P*Biqs#a`zOS&5$tK(zL3GbrwQFZ`I zN&dO-w|kmjHV^|Mxl@t-DyXc%Hh{1B!sRI~$i8hui0@CC$_*tt6EcS%7V7x8(l|vx zU}5M9s#EjOUk0ioi5I_Az36cnJ_1Do^dQZ%7hjN-AovF+q!If||0sH>fIff3T{?4A|e+nJCBl*TP%<(Ztr z+dgs!qe&d9w50!AN$#QC7e}z{qTPua^S2X^$qr~~(Mp|`Y(pc&MoWw{`P@oZhM+w!S)y%g=`%Y>an_F#0<`@kGv+h^2qt*{%l_@u@diBcH%{m>5s`DDK zzn@TnMmd2KPopug{g4>sYi9qb;fvy_pvmcB3xq&GDr1(!!Plnf#T!? zx}@J`{*M*_K&JFm^1~{xJL(v0eQ0OgVSUxua8=c4>CAVD zJ+Yk&=@=SyMLTk#M;@-LbEcbH*M%IRB5}~6)?^^+B9hkxdh~z{CJ*es zYrm-aba@jF8BS6=nJ}X(En#T zXE0V;Oc<(MeGh^!c-Y_=(B2(xr-zVU(F55FS5Ix4TdyrFsT_wtTmp&#xZQzNi6Gt% z?rkh+2X+fjAL#;?gUy`RjbKE)fvZJ5=aFItuKoFjYrWfT^P~iq9qyq@#99FjrXHwh z@8dV|Da{(U=u>C{U9-;Thr730u5;^Md(+#QbVyz2>W{@vnA6K?FIPK^WV9Wet|xIm zXSi^M`R^Q$;}b^DvoVmGdP0Rb=AMyU-4N9)YS-ze%FoO;0QLA&kL6L1MwKN7Z@ONR zSOdL(Z#P!u#K4TBqMWE~A;#HO6wb8<8ZdqzGv6p~gtz_c3h~6^B6#+t8)B)*_3)p| z)MF;}1a4y?X&VEVkl4GFo?~P*lOn*lD`pIr|4NTgl6g>pADm~qcS_26^q3l{Nqb3> zJ8n;|d1M~7(u@V#=ChIik^l4O&udoMC4A85Et+_!V#i?4% zE0mx7T2!Q!n^rxK$j5~~gx5db+2~W-EhTrBNlJ$q=I7_z+WA`9T1oc584QyQmh81I z%z6P3K)j&g!0>O^io@yjQ&b(w7wmuU2i*+UQL1!5qfrG6kW>5$iAYt1O^$V03z0Mm z2{!^kiO^8$2{WFg2PRBqH+D>;U8X1 z#i(6GM8wO^*~8}=z+usi-Ak}>7~}Hog5YKtV zAPD(KYH-v0;O~~Rz)Rb~hy?4W-ke7hlO2{R+Ju)&&!)IIhuH6Dic6iF2bi@;B{KzX z3s>KFdI@@aAc&R|cmoKq(|`12fLNIINR$GmC3B2mrWTi%dlp52w2XU8iz9nc(gv;* z1N8R@PQqz#2DE~Rbj}_l*I!} zrQYUx19@&9->C@dH{b2lZ|*nZ-4J@^tv*GC8Vgtdn6tsm)4nsS=m@u_<6@^B{ymW>H?2 zD4z~1FXlnj)p8`y2V&uoB7|%tY=2sj)tsJ#=A}o-z};y?ks717<4||pXRUnf(a|se z9ne3>!wad5Q6bScPLQuRz#Pqo@zzh(NPOaWn!{>03~@!FZqgve?4DmgO0AY!|v4ILmY#wtl^ZZJP$)o*H;$5-bu+|@Y*3kSRe zRwHY*6!}`>J%_gJXpvjm#{m{PvhqK*IeipSV7yeS`i!0KJ6{zKp?-3H16K#o4@ez5 z8vKfp9+trM<2g}T4!ogi;gRSI|0qq#fA779hr_~faF9wV!?&XOR~;;`4B+YNWrD0x zuqSad3FPB?^GeOmAPq#$4@$@$&od%0V#3}ia`0Rs@0tQYp~7Ya&H3-I3qJC9;440Gh*dm;mNSm0~Rg$ztGidRTVZJ;d zhE>HYYZ)b_#FCPdA!H}zpxri2t<5TeWweq-+oTly$~qYb7gy^+6q!hX#sGP-UJbn% zQ5OA_I4iGf z7sEXB1-iDX0{&VHMDl$q{bh)yP#(R?ctKZ?s0{g}zfI{XQo@o7KhFWbS92=Vkwppd z9N4^mPfRgQUL4GXtk2;?{4j4De_Gc#!QK1fj$DIBjKwwyOYd2f-2+?9)uC(JB*}91 zbBhWJav&rsmy{%8CayS^5lxnImGY3iK6!NK`_oo5yh?hhW~{%Sgjm)2PhnuRUQ#7x zv#`XF-A9#~S{2SJ!gB=wPJo*#>@zLWRB|{CaZaO`*JKp0qmZONM&4)_PvtoMt;OCw zPnq(TZR+vU9?pDKwG99dP*5sSrn2R~T-qn-;?EM9sm^9nU3dN$*GW#+F>79ZaL zn7;J)yn+*iO5rVB@_Eu z4z=DiYiJ-5#_);CVJm~3XMuFhAn@B*&vNUz5b*r2*{=t7oJ+7!jUD z3li7Wl`Xp+gVW3pcr*Y`-nl;lUf$gwA;u)mqvZ5N%Vo(IwF1lwcdW1D-V->-2R^Tx zfB6*PtdTQ~EnoXtLI5-*1BJjrDap2B+-9%&oW@0O@F*8^krf})Kny+vBrMFCN<$gm zLmNiMXmuV0D8wCcpzzl0#2AiuJ{;M%TZSOee4ULyNwRkk&h*5|UM)F`euVg?u-!EO zpHc!C+vEd$lny-|2MLQ_<_@rK);k1*iPtEbFHq+cZx?)R*-jwIs=}2;T-V+{^;Scr zYH?aqS&w6pkttPga&mGbK|!OD%!g8G>E!a(NzxtTK- zq=j;%kf;CZ{AmUU);)VhDXr2ZYU0qBHfuXv=v(81-dx@H`s9EP4ee~BBXtB}6}}Lh z1L(rb^@b?+l>qh$e?uYh;+U`SDn%KYA$!w57bl7uKZ6fxIV+z3Io=Bcy@5h?Gt@2= zI343NadG$HS73%8KN;v57{Z%*0pKR{_pbZK`i(}4CK`^|>%9v7`%Kj;&(=a5^HFvC zo9flu+baXGOdCI5_A1qtw3Stb6hsgsP4hI7Ny5p| zB-?fzORS{|6$p@SmVdOS>;vpY^J)xbgekOr9E1!_hA=pDV%h~6ge~6%!j@oKuq<1R zdecY5Zz*#BWwQ0w%qA?Jjd?eT@(kQs4vR}>OCT9F({szSA z@55tj_<$-AOO8`5s+bgHDLoj&a?&c-=|R%OZ%Ld0=cJX$q=zv17exFDv`G1n2v#hg zB1GG)?lL&(F+Vg&mbF2id?Cpuys}xo^Xg9x11w<__F~j%h`yf_+3gOqEmylOi@Z=k zCFZgF({?LtzWE}&`WYAOmjbH!nKv>?zd0r*x$~`{+ZeWbr8(fLtIM-u2id^$j49I4 zt3`puNhbJRh|gb#cTAFnv6w(vnF#=-q)q^fpg_FB-)Hx}fENA71X%NM*|^%-_wvLI zx~L$TR3cQgh(Vr}igzA`>CN0%RgVQB0}UJp1fr7o1-Z$F zSX%b|dBS>Av-3`Q0Nd*W16{2l*&-der!{uDiQ)%4v^}!IPSW;53}4@;5^I^dA_&ls z3?BZWP?Kt3ns2@^iydsuD-ox&vVTTTo?LQH>qp0d#evKD%0hE+@WT}Al5U%UigT(l0L+A#wP%OeWP@OpZ#W*K`QvI*{;xVIe72^#=u`BF%hT}cv;@h*2 zKVRbrCVPxQnJ-rIgVEq+ceYbMAR;{cJ&by2!%o7xb*Yb79GSK5|4J2Fz?2k|pA=$@ zkPP!1|6jXo$uTdE(EibR7~fFUAKzf9s_z&a)(MKB!b`_GNb|g>T*~GYY8qufpDKcL z1T2+7eeD(l8KA%C8K+A4ab&#N^;N9MrYRVwBj|((&kFirt@}469GS+aAJ+NBa(ICE| zz~@iA+9aF0fCY20#y$_`QdAGF0G68mvh&re-x4-mA=`XRNV?SsUYYOMQF&0 z{L1Y{1YmoktpL~-xn5%dci_`4QL_K@95JtA`%Rx$~Hrkg` zV*u#|Vf=!PSI&yyHba#L3DXWvpc6H~04Nr__TKV?Gz(tCtu{UFC%7XKZCs)BOL_wI z=70Y}M)B1NMr)S46d2R)MU!XKB%5-W;Zcux^c;9b;s``* zF%vL+hOpNYlbxV0**eKx)Le4;KtX_C#}Z2K0_IJfc~sWo>OW!mODGD_@)M^)FrlAW zE!x5ysk}^tto5?M*3!mM-s^EswCnqiK^>fhiG~`$69WEoK7%|v{n(5U-Yx}E&JSb` zhIY+45c%ZQ6Sw7FvkDL(Ixm(K5c`n?=T3HAe)74-Syj-eE9NDsivmy|5i+dEegpRT zk+#J1cYDoQvlL1iTH4wf2RbBjx=r|)9vbX=Pd+_1f@m8n>EpH0P5~9-UvB@?NR;R^ z26~mvD&u=wBgC7{uQUD0M|}5o4ROn0kIS9=cGor(uaaT=vcJ(V%WG_=euu0LsFCs` z=H6)>tUYAHHbiUgG2V&}Z6!H^U`3DQgvHqC%nB|!Nfsy3pk-Zs>h5+>1_uU|QBJYL zazwvC4`yI!b_Hw5MZMp>h<(9X_`Nn;?1o|KThoj5^z@Q{Cb1y+?yy0VXsLh%4djTJ zWb@FJ&$F5k9PN_{b(C{JDc&3!1ABi|gwv>nlk0eUFZ&F!td?UVam%R?}_3SmSR;!^?WmBp}Go~3qhY7)5hVPz%UVNmG zL4D-P2&Nt4!fXc#~T%W!h+AqDsSyT=Lse ze69miyb*N-`D15m^g)=2t4BBey?gPUo6$W*jK6-8EdCtYy6m?Lk$wnsXf9rt%Bss& z+h6g(=?3ztOO72ux9DV=of+)5X%eA#=)T2&cK>Y=7lGEZCe5eIQ(|TQSjY=V@6PTm zy|B(>3KpCVn>V~!I&v+rYi0Vqtk6y%uc(xe_fhVn_x6aHcJPzNW#C^nJeG!98DFR- zYj0CTC`E&z>b!%TbH0m^oQ);vA~JijbxX0DV?t_>r~&{ zAeY@9oCs3v6!69?S$Zh}ob7&dw8LNKa62SbUQ(YjQoYdL3A#k5!i&bLkzW)!ezBGs z_g;LX88VN&DZYL_iDDM%HmI9ZP=|rcbFGNNw&RE?4r(>?o;JIG!%uoF?XX={v8y?5CkE;U2#D#}HAn_^vSgzeg-)wPPIq^Z{*#N0x|4zpF#PMG;>}9^k+63tspod1; z8MEu}F1cD;++~J5qHu3*oebK+9VnB0qfzPCku^Uv^nwWmNmRbS|Lk&`?-jux9ef zM=_tThIl^s1BHj)Oq))_kXaY~y&>z9Xrrd7yaB__Cs0SdB#LPMuR!XaZ#sawyW9S= zW^MgHrE2_RNuK2w@&J6PBSVdQeoa`pi(YKz0HW|=8J8$GH#0qXqM3^b9tsEx1n+ED z;et@U^8pm()8xN@A8thE(1fzWDn+)lX#f5j6)8U(O{~#pm7AZRS0&3 z)G^JW9021*v>Bt5%Ga25;(aw@4Wy94YrcvtD)HExPl}L~g!W)+baQF*Nq25ZL__*R z)Owus(_@)vR+tJ2^-*}eyF@6=9QGTTq^@7|FsPNH$mc&(3zm)b7^IwhAcP2_5c(fs zk#f_NUWKnCf*7kS>^Uy=#6hLpz}A~uqd;=wAUtMzQ}bW0^)aFWRpQ^YSmgiM@(o?9 zOpr!CS=#VR02S9aBQ+F4Y>w?70GK826s`e5g+_(X!1C8W3a9491TjP{Zyf&k!3WcA z3Z)63`838#*MXw}=X~bd|CFtsDvIGf)i7F$4?mk5yQfz0W&D|WC^3^)`0sDe>y3@g z%Zmn5g2lI+I1x&iEx>0(w-R&qdSrEaR8Q0`X0-W(6{Ws-l@z%#fA%R<$MBUsMj8DX z!8|z{vrRelU2xXiL?EMC^ZZ>3GVgUdX+#ti3CbIVIvy8os|4{2SvE7>(UNLOnf10i z>ppohFG2+R2#Z$-3$A^9c9`(&@3#k{aGH1`m_g{T-LWR)Pk73>?14);+2-Bv(~irn z*jul|9%-Di`Kh%9b>_CEWV;^Xo0Md!?j&%+9>nBWfA)N`x%J3kBR&r^UGxsQ&{ab? zP~QDiWU2YpBh~U4S`U4^c+X|Jl`{W`_#r)`N^Ff#wEcRx^)(k1gOD)JJ>|EI`58gM zg!!XdFV&Y^l{ewz)nsXWx!~++h!EU#Y=pWTxAH|3rq)c3T`U z2k6KD{z-n&84Tjag>3%2`?=Zp^glVfOp(~JaR<;VV#6p|o4gMOeOI$K7Wf~Vj5M~P92+8!yVIqSS)9b_<^syex1HO>~a0iNp zi8_g)LoMxV+@;JXIV*Y!Gu5h1=EmqHadHCP^C)*V z3~{tlNWgu!;<}53Fm&7=u_5Jkuv^I6k>lpN-?7}#5NvNz{53y`GsExCkLtOw{NJ$D z8pXUOe=FZVdnfCmd3~TgW#Bo=n@zrH7!EE1kva#ruoKI|4oxCMZ!exZfHV5;u#X){ zsJ(Jn=+DH4nkmHOgMiVj`>{Pu+t!SM%rmDnL;OM!x zDa)iiEfx_o{ryWPbDEw$jg<#}v^i{#|s|06R$V0Tl}$i~Ip(b3VykymJ1p5&Be zo)0$wmkHIlbNpnCooQY*N-ME*<-piwZ#zDNTV%mFv+?JkvCmzOZuljZZE?CS`{{SP z7JpKd`KlE2#IeN*qFsIy+ksu4A`Vi=eWU=7T#+xrpKT1Sta5wow+kk?xtD67oI{iM z`?Oa`z0d^i_*Q!R`hRdk4N%{mH+ej7y5aNc`oq|W|D8awd7j!VT`1zY^eVU5i}*WZ zXlm>&PT=WDWPeFKNg(oqwT_t6Sebm-{38hdDl$Ub}w7+OV+Ds>k*Bh$_V*Ypg4{Mr{C) zak|>}mf-8)Y%Ogd@*(^BZBr2)I}dq2(}@d2956spSCA|l_G=*GVS;r@hmdj6PyUP0 zhIhHc4!9!@py_4LOI-3y8K-LH*pM9H17qJOEtE>;bG(N~K^s_0r;Bt)$~c<(p>%Ty z$&IM>`N4yvU*9x0Qi0#W#yjTF7dTNS=g=s4qXth>&w6ATQkT6HlLb_FsTojLc5fdm zmEISYVzi|{INucw{qsFHx9LqIF{EVa1BpMffa%e+p3(<+V(}4{#ec zM2s^sM9>_?XsDr=RI>E(Y1x_bkKsaq!!EzwIAyi&0Z92zTxvSuz3dRMMIFxlDdHI3%% zO`TF(>y4Qje;PEEihpp`k6X;~wT$B8AfMTI5jD&^f;@ii1Q4@_-u!@5u7VdD!%rsC zo`hZ!;dOPpb3$NgS#i|t3Lj2Gi9@&dXH)+l0MkG$ze9vdw!(Mc1?zhk2W1dK#BVD@ z5F}gSks}}Cu?swOv8QYQgZJ|BZmv(`gn2+-X{i$+H0GcU>eV6OO>}F0Hk&pAl*wfo z39Jtwbi3WeU1;Vqb5Sj-E`}?ypGH<=(x~o6(xjAMQM6}EbQy>JiE(qa(G9>d+ z5VF-6u^9XwLlLc3uh;tQVCwmGt2RFI#OBRaxL{^iRn@Ko2P%&5!_yLr!3ZlVQYcJ7 zxE~or`(s%l`^dX8g9sr+p=Un)*AY4dOouP_90m+|-;nDQYxJE?qtPD7DayAR9S*z8 zV$y{}QhY#ALs;iC;RS^91UHsp)RBl<#~2JHV$p{+XU{4bA@&`R!OUqh#!k4{^Kyn? zXJ!@6<6L;|!x`X#hf%N~LVAkXMMNaEJF4(upQ1F-7{35K=&j6Qr?pRS15IqRD2r z`HY^rH=lq!5c9#30|$V@T?pZ$`@jhIK~M_cfWnRwbf)(hWOx*HB7}Ibmmu7l>V#d4 zL7?#Tzy3uS0=&oZJU)2l19x!@xjtc12n^Z+o>dF1z+k{<(7Q#|Y!sNG$)rZqLh=EM z2!x_)U07xin-d!5gw!F-z=KTyVOIal8zxWq*k5=?rr9h2gsM~sVdQ6-x&zCM1 zj>7L*bs~lU03ZNKL_t&+LQ=#q9Z%WER1xrTY~DY&5zk9tNv5Nsq-xC*6$s&+!;9x& zVz`GWJkfFDi~`~Q{f9CC!+fxdg`-<#D`XJL6dr?s^j~is*>$?)bVmi|n2X`ZLTbn> zG+duVV`kZWKAZEoRaRFZ;M2N+G6rGVfFwqe%Pm5>h&urxV~|03PH7N^!(kjz%eZmU zgiH8!CrryQODPb>KN7;2ycFZ2PKXGy(-i6SqSIRp1{+x6%Wu848CN{vtjw;eUB~y$ z0}K}fe*5MvJ`7%XrsBkjiZh^Nr%s;i0sy-hg!1{`{acgKs65AgicyH8-(ZCmtkAP~ z?p%yXIfh)HK$C0+gUJx6eJm&7^64St3#-xz!r3vE6jBmEtc(VO?x33>43iCtY~AQN zdF6Hnj&f&Zox9`OOZ$bdy)CPsL6{gEjYbFLbG>o7ErDa)$xB5QCC6pxC=(8?rO6lq zheV=EZPIHkE@S?JMR;tYqNC&hm|jUq1wgob4@9H$7B9x26l&J2eT-|XpvSDcvv z{1}8?U8xWrJMkex2yrYhh>`6+z;N!9yh6kENg%Z7O_4I2r_O12S=_pCScowOaovQF z-14Mzn@mAdPz@B456Xw>Q|3iOgOa)bwkZ=X@fRL9{alu$52)iHz?b@>kUKxb46T)X1gjktD3Qr$- z>n+F$;mZ-j<4E<~LtA-j$aUGe_C|2Gh(6%42EYh`ImHNP&yGq$Sd@cN$OuiQvNDs~ z-KW#3)yiRdd0Oopj%rI%KZK%}ZUkd)%P^}#v3OizFa^Sak)4WJq*J1wDcI3 za!nS;?geYG9D|DvD~>Opv;26+fr>eE=gyl4!RXelWQAuC!ea;_@b@lR;r_0Z2w~UZ zL~Zol{U;SMCp>lrDLg_hN?wQ%E7PD27hpz!cX?8EQrN`(-o)RGK> z6(WTt)GVY$Z3y8!G{gJ9`t6Ew*IaYWRaaeo)zw#DJ!Z_+S6?*&G(M?u{HCfa453>W zQMJIUeoWpKKF$of<(QSmB39j^JjDJwWVYV0PY|<#XWYe)7-*ca8hX!gtk} zv7<&!o;dNAZ{Kv&O?Q%Ry6Ki%CQh6|y6!rB^MfDUbMJkqd+)mI_S<UUA^~;=_lqH?e#<2BQGsVnA>XQi#32 zQ?$DRn3Ewq)wO3IP`EV}Lc}n^;F%Lh;psD{C|f*?D--uEU;gN$%jYb9@~hXoA2)u& z)ni9pcm4I>{`O6Gm-pu7;W(qwXmor}sNS*@Lg-aa>VKf0@jD}=Hd9_8@Wbxq%3bif~j8b(}Cb03A zQ4=ov-<{&oi$jPue7O)pBt1J#6$(f6K9}8CzObaCqojjMCx^BkUOaF4@kaqeY$;%) z0(6Wqc&dv*xF2EcLU-Gj8jp4%d#6}khCxUaet4QJl+byg-2mbH&;8fq^PhR`rI%g<5ZB%h9CAPWp5*Z;ec!I`GX<%mSRy+U&6jH_sx#5#vRt(1hez)KL{d<1; z)BkyO0`dy!F=R=9ZS0R@`^ld+=ayPj}BY6fl`ro|l)MotIafN83UQ>287i zLQi2qUEP~=mOb+tY6)24TJS@@i0%_-g)_^vKD%}4qPzx8R!W0H=OzdRw*D7q$i&HY)pUM&M{uyfXoF%v#nj~e6A1aqknN+XR=*@u5Q5QZZLm&@nMfBElKyB?hf zm>t?Wckz>}AtHSgDV#TNPQ@QO9^JPG^Fllik$|v^tPq^>6k1^d!Y-iij6&fV3P%}* zX9&U#>_k3Ioz6u)zTtr{)g2b&0KL0V_uluw{qTR$qkpKXEzGH`Z>(-;1_oPO@k+d& z-rj?~w0pLATXt_Yuvea)4X=P}a_t^?x{`;G6bzt=paF*G zSqe1c06#!)?b@}=mOZ`t$$9^~@v#DHX?-II@1bno+0u>t^?(f?L7yY`+~`DCG+hFO zQA`RgE}P5x*x#$FHXk^C_|Rc2iefxk(ec;ipo)%HODbdt(Fhd?_n*We(v$lz9#yQ6 zdWXl($mb@`(6lK#eu2Z^$M+oC@a(he);$Yu2rNGP^siR0Uj3`5pZ?Y358U-dS3AM} z?!E74_fr*R$+D*(|LYUa)xC`;w|xx_&5doXEiF5DwjAy0Apl>0{q=*G683@<=H>MQ ze#9WED3{hq7P4>@Q1t9BfXwjkPtJb^1YU>&3SayOUU5XRZ7wi~hH6X%kG8fRJ^CI-p@012!9V``*S`h|55Cg7p2E=b@>hsL2uHKa zi^>r|s|Re*W3?iLsQ3TAcr74^A_x(~7w_lg(ofJUwD@c}&p(yjpf(S{^B11wA+=kL zm%-2zU&O;fVSI}jq7ENr&75*2W|b#*;#txb*J6?e` z(ZyJn!2?Vk9S1hk$)5##9*M0Z>>}SB=i|aryu7fCa^}PSyhz{uU!7DHb z5F&%E@8J#UAN=i)fBgUc&!7H?5bgj95x`dvL41=ZF}!R;nrgB5DvOrBQr!nu2v2#O*9IdLbr6saU{WaJ zay2|xC}B9N)6Kl$+AH#`8gr}WQXv#B6T)aH5;3`~1&_V?Y6ai~`5R^~?7Zxvq6C9f9feoyR#cW6jo2`xRSb?CtM%>O??3j$@?~q6 zQ7j4s!XFw^&-v@_{~5p3@zVeC;B^Z8qf}=htFSLn#j_&YMqgx8>?qTw}aOvpDlDJ=^5I4`m&q>z~$T#JoN329~qAdL7tb&tIa z5H3EXTsSy)-txazbl^>euRgJ>1DtNpJh~#gD+R(XIVn7~XWub`la3O05rk*hmA-rS zojGwP1;S&e_8f-15FlKO5H7(d;@bJ_`M7rNI(YcA&yd1#V1DR*554x%YxoMGAtMmu z;|;6lzFPOT9ivc}jTkf-nwpy0sVUL(0odT*{s<U7v0#vEfQ66pjA-+%6}Ps5+{MGSlK4^4mg7uP+@F}(EuLBI8_Nw@0# z4VAUemo}(rJVu~AP$!1j%o;(cB#5GzapR;bb!=|jjLu;Y4oHdaU=qT_b-kAfp)TUK z7z-9Wwy|Q*p+nThJ9LOaSb?XSc0GYcNSA{Shwxn--==u<)G2Bevg5omg=B>g#L~>E zBD`q3>+seME7z@kaqWCLIRYPCwrttjwT#ELKfCwd&*EPX!q2%>&hPm_R9e?6|2Qe53)HgOZ<4ReCu%#7*1sSZ!^d5Zu^&J?D0)wyY$i+%1dLgKg zQ3wD6fq{CL1IK6Vs6fD8>2MgG&bNWWWoseqeUbf1=>>do-Lv=K$1%M0q_E82&{)23 zM<8g%iA`Mfgr|1H6#rqXUZCMMc=DTp!7*3vS01$&dy#_*gwjRyu@J_FLnr`+T8KyM z-t0Jx7k_RbC&UhY2S9k>)y=yO90zg^%M8j}@KfT^J#3Ft7dy_2Kj!2f)}A=VGRXvn z?6!Ms7CwtX=n~lsmOYI%(v>SAGR4y5{B`#!y8VjSANBkIz-N%YU;dIc3NSZA0>G6w z99sN`MGIncTKa_`R0+C>39n0gvqITtzxDCC zz~KL4QKsaHjk`Mb;r+aHPxfJUY6;hGEA9IICxI=5@GwHS2b<_pl}*-EWV_^N$~= zmIb@-9#_(ASjoJPGQnT1e*E#rSO1D2eC?%|uz<*lh)W*&8R))yKk29!*xz0EJ@gRv z=U)2dFMa_4zC`0=@N>^+kua8p9{-=eFDR_6udfd{9QI0xCO3fq!^Xyj_V#9gu!s5J z>!9EM8VFqRTZAwh@3cZAEMg2=!3Il#z<@2_bUGZ03j%>Q5O8QWTCJX!=MshMWC+(P z@i<1Md?n;1rDoI1g2C$I+}uDgEDQ}uG&CB5kTeOQJjW?rSq8r~ZfajDgae-(!q^B1 zRRThYhnfEV*F)%n7>&+d3=IA^#G=Y;xbe7qn)EBw>eZ_mgv-zgL69y|u=v_btiS!* zLr5YXL%8H;DHcB={(R^)AnzB%9|;*`eY*J+iLU(B+~pe!9QA>ETYY^akOv7Jyxr7> z{dsW0cASwR2=QjhgFAlx{BKu0_0)*7cwNi{k0YYnzBS3Mj3&_R{ z6DbS?N-OQgg8x~$jA8iV+O;x+_&uhH>v&XpNma^O!AwISFT2vOHe(Vf>eM=j6GdSl z)d=y*-I>>3*xB)Ei8n9v=)Ix2#W#W z08nSEFSQecxT2jrkUa#G4A_kuA78eTLHOcY1w%P32d(4--j`4y@q7K%m8F%{L5&$Z z^6p?n#}YvXpA@G>_=0)r6<%dTyANqHXK-+EU|?Wq2q7H0@a$U3`*;vBIs(F23WQM= z4zA&7dI3QAEKqoe4mm&|3MTl(6L>QdrE%;Qv_o6z7K(omg))RVEV_>-zq?q-s!%AO z;@z|OFnFsxa6=Hn&$1e4W#|n!;p0y}z8V;O`stPI8A(ov1Th8R`8^x8uY zL68bG-Y)B|6yZCV{ULVn74Qwd|0R0>7}H4x8dt%J=nESbA9&8{vblhihU)sZ`ua8u zLYteb8>*{i2*C;g!tU0dZag`G7gJ_46(WX3MYWg{*6t{xjIa_JtcIUW4nYxZpN}xa zcY*DCmn;8&o<=8xq!@dXiWe#nu3NYAXLs>~haYE!-b_FK^LRB`{g4p`asQ}95K_xv zkP^jE=(cOGIR2d(Qb?u3oxwxWrHdd;6lF&C332@>Kp2kbEk*hl`%*@n6N?y;h7W&4{tcMhl;6;LHO#qNblUmjKIZ|6Ruv( z2G(T#3XKrcLsqj`OJ{#xVjd`i$PjvlT#;PuAxan@dWdCu$m>I>mwxe^VM_UW7K+NP z!FA7WnD<0(Wqor)b2AQxHnz01)B`5qe)tiJMjQP8hUzv*5L+Nl#k-k-M0{IXnwM9I z4CdC><`(4E)fE*M<}e?uw^0U24Ep45qYp`BF)3t*3;z1}O3H|d!32Kt``EDLMVgOc zVbZOccmqX)H}jks=!=w@)FEbm)Jm6gL-UOjuJo^bZM#Mg5W>NsA#72yjy!qeNcT&z zMb$+h#COx9A%R(;W5LFXLmRL;0SrD`QL=H((lr}*9jMs1htAh;ec@U85<;25q!r?@ z=rM$_iy#D&4XWB1JP?`=b1k0C62o^YQb)7o~8@ZG9$#McdbhtFa}~9aOWcmoOBK#}x=~xZ;a7 zCrr&W3sD6^fjT5IgzhWkqJ43L!xrI(j z!21MYgFhH711GFT1luYrOG_ypWqBXGn~kHPg}HS_`9(z@oKdR`z-Oq5-?;=xDHzsYuCw%AwY?O2lw-RbQh_RPPxsbHMn&;>d<4KP~Pw)(4}N- z6aJMgjWSK?#C=b3U~u3f5GE{9zBcrt5T+A^Dpd%q(3Shf< z@i}y`i6C6J4(}t}u;GOSgfAe3c&Y**L<%V$g;*0=CFdgmu~Rq~@SBS#2oK3W8_NZM zCBp~oA%18M^JOi0hBfl(%)v9{giDsZrgYjBC9(TO5=I3<89+<}pINdbVT0?Q#ZlE4 zw(cp}QCZ*E!Vug7;O%T_p(DG5V{2PWv%znG(6qXdQbnwp5{i|0Gc5KqN{e#H_6ee4;UZdpQBh_xA(;JuUzA%&lb5cC&>Ad5g*!;wTY zVo$>_yn61OimF$NA z9#|?U$S<@SOC63%>PN^isKKDs%C80`F4ZEC5R>M=I`7G+W#5P2mGWOt3WO9kKl{Q1 zJUjeI3hCS~Emvb>GVDSoGDPeVPMh#q{IWM_giuUH#TM1D)Nddfz0gSt7L9%!gwc>F zs6slmukg)R|98%uIm?$H|KF003u_l)dyu&o0JQa4d`bX?WP~ru6e5H`Ax^0=2#K@} zawU~akCkI^X&b>uGjWHoLjhUfvr4C$%`+rjBgvxLn{@lwp9G*MpzyJFW8y7ym4eKo}J9nb-ZQr?l=gyt~KYQ;V6m@>)`_}Ge z_wL?J_NKB)PIBtr-2L&_p1QkxZ%(qgg^V2syQ}HuM+0NSK*4Q|+R`)#w1vM4k)JBy zpfEbngJ2y%@Q5Oeifls$4qRcqX?k3AnA#EsXCj16C1z8UgBYCqyr1Xu`F5kua^p6#=E4Ph6YD4oO_sj{3M-LwCJb2*v zVT^0%pTYhii5?4J0=zF1|Qb@d| zrw2l6YFnK}i~h|gpM2*l>+(PQ)tK}^^vfVz4QGQSerwtlzZF7?M;(D>f-v*Y#6X?Z z>as4@O?e7(GOEU%j39P=N!<{~o#Mw}(0~w?8BPk{=fD*Z0yVkVglddfCn|>-F7E)s z5>*Km(u_z{K}i3Dr-e&i^JAg}LW4n_8nX0h3RwgrAXE(Ef1#+P(rHGVJH>8GpF;c)cDdgw~n+4l&yXNAxoiCLx|dp7DK0sNY!C` zo)D)Wz7nnk#_7xt@TqZ5Rzdkw{@%nNGf({e z(%=8)w;PvYH>aCp`8+7P6(KmTrAL4A?3?R#a_FnEp{Uh=9fVI_4&f`WM8Pzb;?cRx z8o#^AC`3pP7G^nIT~%tZR<{HU`^v6ndSA{4j+OP z9>DQf9#qRUg3+4P)Kq#?Lr;<-5qV+)e%il%%vrfc33XD)YgHvhs#JyIO%`$ay^X=r zmxr3BGmnoSwg_);M*W`hp2jMF(K=>p& zgoED8QI4eYgZ`GWpcN2$ChdwqblE8*JXKUg@^vbkA^eaqEK=oBN(b3vR99w5?N0gf zE*T*yD73*gan$zUl2ljm7szIPob0!z>8MljCvWg;1z}oR7{aqGe@X<`Gzf*kv*;wM zNo}s?#3>=n%C7X<7yLWXl^E%vfB3n6QJ!lmJya>-a9J5ah{eFJE8Kn06$sl>Qfg{Y zY)MIIAf}*&+m0XLfb_5uLJmg(8$*a6{8M8iy*1*~%-sEc7p7$kvs7A~rb{ydA103ZNK zL_t(63M(O`FbpA3tpsd8S3`L%OQMA zwdRfa8UsRnZ)f?umVueh{pIM+_q1QsPrE!9rCA6qyh03eJEDx&10^NQy&^L-4GlF7 z4G9f6HbO{ITv@(z4^bH3dFb%Ad_Ap(pp);B&?5vAgA8F3-kC}WXXYOESiF^4g=$1d zFE+;^`Yb`@?>kij1D@J>U6G%;wD$mCk+VJKy;I z_59!a^0&>=pZYGI^s^vT)J2Z1(G%@(M59$09Y{JH@9*ff+AS9QgQgOcVJ`7L z1#Y*TDmit@HroUSrFeH5)fp%upK1E#sFX*YsDEPq<&^x#IxV!x&<&}eWR=Qf=Jc96 z%xR+>6Bn-0gjMizxI?HCKP`YpYw)$#*3PIEhqs1{O1#0=gZs;CGbs@50d)f3EqdA+ zN%ZTvW#4xNoxyq;6U9Jiy(E#j#31P)F<4X6*tpbKgP1fkciZ8^#}CGLA{^!7C_~7K z$LG0N3>)zfit-CZ@Ai3{5s*fVkMf#7H-miHC9uINlK3F2C_B3(EBkxwmAJv-8VvvF z%U}Jotbb zB}9iq;!*lO%Th6?BF|t@AWREC#XPnh*_()fFgz#oTExPV6i0PNNGum+RnBieT+WUa zO8p2v`qeF#LB(Jnzq!H`vJUR!K~aWKg3%g4*Z>BX8u{=~LhYGthmRlXj6b;N@P1rW zX9!a`90h=l6^KR~@uRV#q5=rkBoV&}ndJvtgEn6Tg}Oaaq9H`$%%7;!MOoT|2Ooaw zdmHuA&!F*(_^kX-UyVt}`jW9Y6|HTZjCt*+5y_z3t&kHGYo@lf=_m%cLk=|SNebs` z4<9HUu!Ex#iVgLYT2oUc3E_tr-)>?7E7BpOK={x93@J1qr0*P_$aWKW&`^TV%XZtd zZ1=0HJ0*x{326Nn8c`^>$P|5PYTWFyDvh2!qAD-1h3C{%Ao`Y38098~jz-bp2Z=>K zXY0f)Q==*^}M;=-W3m6!D8HDs-U`e+!&t`-A z8IAi{RTgCeRhy%P(?bDUN4cljZpIKnX0KSsqes@rpDK#J6$zy76dHX({wvbrirm4( z`nHiCMci`?%CAwX>Fe%pBh|~LB(RIM5EKp%cU>VguXHyMeg=b(M0!V3N^btPcMt42 ze*7?Hh55>?G*cC3YErcZGK3~zNGyWFgxqb1;%5ddmD$-ObR}F2Wd^f2B}5-5`xN~n z>c=UekG>rAwV+>Tm26=6?^l!k#^&_Z<>;vBRfEEp<%SW}(ccE)lK>@!fdFRiOu2{r zz0SN-T(~SO!hDyH5CMFr)6$S6D&0~;E$G$*!e29lzZM89eNAwy@Y=lIS@F8p%|X#X zWQ5Q``WH1C_TuIktjKt>jBzz#5D{s(CS&v?-g+)34U>8HNaWO7adBK>iMMyx@Rhz1 zLJnc5A%z#)B__S7YBLm!BK_;)+0dQhpa%Oi>>74;_kcQvu%c1oQi3oucmLsc-#xtN zUGa57lOm!p6N%u`oXG?Xg<+!i%(esZGZvrTAK_*MaLeYfy%I5n4nZYTlCwxpkq|~35JoE<)DSNJ76@gFf|Ei(7;VZuzP)w9na3edR!Mdx zC3k$i<<#l8G?<_$2)UpVhVWk^AoRNPnh=Y6z23Y^{)Q=OlIA@tAba1Je5i#`-UsN5 z3211yU(omCxZo{5;4;(-K?z_iD2{FPg zN?3!OPzRz*b8~=@F%%{3t|fjCdc4_+G*0_C?({XulZVe{Hhn2n+k)pDPL*Ks3om4+ z-uwOrhW`%F?|=LCRW$3PBc7K-sBM2g4??NTR5*C}JYY)6KYU=jXTf4~Bmcl(Q6g;$|2~`; z^61uSErh)Lkal_P%(e-6@!YxMxn5Lf2S1@hv*$>MDE9*cl3w6Zr*%uLOOU#>RLo$rQ1y}kWv}@ z+YJi8_;~bd6ptFi;%gy%zAU=(TOq`cWpjlILii*qWJ*n_-F9I6%s|lTX3L2@9=SeM z#O9oGL4p&)IF%Ga3IF9^(4_d4hA^)w8;kO81HuxO2=XiWDV6@6W(ZZ=u?SMA`t%5N zIUbb_Cc!9z!H9TNa=#qR@sEqOhSxAUsY<;hw_?N6SSFB_8E=J!|389R8Wp5Ymsv zB?@S}Gtn<}QvRGL#sX@?S-PwboOWEt%FCnAC2J!`ljYZSv*hRgQt+yhU;Lx(6S zM0xZIS8B>mkQ(+h@H{qRQ;eYH!pacmvJsBv!#`McDY#dtqEV)hMUXIbm_!RPe_Gx- z=5kq`;<1AVpFZvl*_;-qn?942Un4{0fm@6NUUK7VR$g|N%+&wgM!({Ve!lcqG3iD< z23s31P^kFRMr%yr4~0X6!AP&CWnx+mRYXNOQfs&Uyq(!YY(UvCK4XaoT3-o2djX3Ur!FRM!i6j`}%E=Fy5!mXQR}sPmi_e|TA_PzmAX z%iMB!&G20N%tsko$mH5(wb3hU^>NwRmJ9V)dV0_z)J2(aWrih@Q5=!s(ZT8SOyO}{ zINL*EC|uXD-8+1Oi=|h(F+NIih{6ovSew6X|F*;1w!!QdextHe2rW#gVI@Q`N(@#g z1eZh*V`3;GP07s6k8c^9cX=xTU!@rCxG^nA3|jasf!AgeXLP6_f|ER(okSA5P#kD{ z@OK-#zhCh4ty{6k2_q^q0RzIPza7Hohu7F}ZCQ@RL`8)v7{ZSa#`{~Wc6z~e`%2`B zQjvI+$vDgDtSlZMJtYv1D+tG(2$R(7xge+^RI13E5dtAsXi8KXC|iSiqXKWlRYrUE zz6?TRgW|P_S?(jsR7NF*{I)nQ%X%=kySkyFT{Q3x9{PzfL0 z!+mXCWqbDQ*;iJ7ri%@q=;`Uc!iH@04q^;_`x+j9$;{1%$vqYd_v6hOW{?BY)Cyf1 zo#Vm`^QRzOic!NeXO8=sLXIEAd~TM45P=X2Vf0#P;|44eM4~d!ZNpp>KHD;bbn1J5 zyMf^s`TWjbkQA;)Kp1!d!sXTFmqWM-&@De%3!&n2(=tJ5PR$hv4<0NXa5=s1Y-kyp zQ*mmsy(|&lq$p0) zlQO(b&n$%}V0dIy)ArWqXd=6^ojsx}GiQs7)ACyOv{Cd}O;3Au^_@G9A8QD2MKE|B zo4tT=aIn9xZ5XpMgkUZYjPiq84El&&S18B zSw=&+B<(_y(%Ra?tpf`d8V88>i4I4H(4rs+e+DI-mDh6!p+J}=^p!;PAWn&N@8cXU?tjVw?CNmu_+x_PV>C30Z-LH z)#Nyj#dCN6(ng{5i+g@|xRFmkMF6-4!WHE%vm7xpV?g*ro*7*mj>>PIKnV%LZF_K6 zmN4v`33{`!%S#N#89RSKF)Q1b9SNZrT>K2?hTbNh(!s1O-GfIlhSyY$9VMiHar$1Z z+TG=~!H9`bc#H~!{6l-$bHEuvVMI|z!+7K@AY=kBrxj*ZdYuCo%G!Da!aEwmJ1Qt; z2(PmcUSpdJg7D@Du?8<0?nv;23|BPKS4hEJTWxK3rqD@QUs7gnE@8+7(v#19LfAT` zRwSh)VPKTgLe@Z>4>CC%h7!`-n$(1Z^3s9cF_(?_g9IuFy_kEqxGZ)%DjnghBDMvxk2FVWTkEh}EW){eF+9CFo=ogz#bQ#7i=0 zA76BhTiBQ&&xhy&12yPZ%uZ(P&dA6Znyg!N^4ZmFdTIP0a>Z)n`R{rD!xfV`0>VJR z2uLF#TzMIUPu31`YY0)Yp|@yPWab}cB|JcBVP~tW@{|m%rK!zZJ|BbvK{kfEKlp%i z!Uzc6eBPx}l#u-e(PGpg=xHg#i13{bTdT;3Hn$Wm7aPkHvQIA_+~EZZ0r5q%U&Htw ze)$YxT9(fi92=PF+*fvfxUc=zE#!m^VDMHoYNUupU){P@AiSs{eE9Gqg0QbIfZ4(~P zfCVaO$Ah|y(@ruN0bvtddFazx;=_`Pz4`53H%|U&=wBwsZSwif%Fg<~Hz@pqo}k+M`e@gl{MZLYcGXr7B_8rvJ&k`$UnRXPMRN+7=9cN zm)fQh?E<42B+f8ZidOOaP{Q{vDF{)R$(!}ga#G0ACntsBOi&48T5+237s}xY1)=oT z*>*+mPjF0n*6{p|7?D|n-&^5|jq)5#%bvA%oO|P)N7I9FlexHNTpOLiTU&3vN)WcA zRe$j!X`spp3BqgFMlM$K!=Y$QOl)i{S2IZnuZYhDcLFKd1A|;3rHpWYzP|nf6K*sU zDH^SqGsa~cDjIb#(!5czq)5!{Z0((2KhSq;#=FRxGl=zY&psLGkGC_1|$|<~lk$455@qqn7^-5I$KU2vY#zAqq$j z5`-U9UTE{34)6EHQ8?sdt@AaV`tX#7@B`e0;hfN2ndg1rb#qpDT9rp5w&m3?bPA}f zM#Y*pO?zZxmYMC>Qwa+>s#CJZKdbtU_Yp2B~+Ce;&J5St?D~5tb>3srlF>~F{ZJhM^>G3IUJRBCD>e0 zPPkuY)|f%Qx1Gs$YpE6B4?h?`Gar=|2$vcwmee3=V`EZz`~b=JJYh%NxfT~m1g+L_ zAgGnmTPZfla7)hi*a!e@<;m_Vffkq&l z&2wXJl;fk*YTPYyTTpuP;pkSUhjFS!QCP%=+;WUU$EXo4!XvL8d2XS}$O=UR`L{>T z7H7F#L&-ND5riLoG^nsrb{4FJD2d*?xAoq=ix>Mw7(&VlB_!pKzBbaXA#99^X{_$* zzEe$EWrIjzt@1RaCxyKa^YgU`mdo9jS~34kNm3Bbu>hKl$Dt>=RfQ%sDc`@aFaVPu z=wDr(b=+FF$jV3zy68cB9uP8y*}lq44~BLOKiYe{YHD%ZPM>lwa)AvBzc4BMU;1Or z@Mntt2x<^BgEa_C+qlc9 zA>=k7L72)ah$FoF^NBr{LUjx#MIcP&Xw;;VLWdY+hRh+RQ2u2tOce?V!k{Rj)w)<$ z=dw^@i0dFhB2%PLMWnvU+1b&8`ss7GhpOrptv0vYW|NG3qel7#bt(Q!Pb_SQSEHeX zAwvuQO-lG=d38D3k(9filo0h%#G{=bcY3^f#}L%;BCIXmG8XIc9~S00 zdz%w)oP6{MM|MRC!Id$y#=6NFP!br=G-*${)|xi={MLY_bT-_KXaqB4^%HgBpl z^WU2jio?uv; z#b+P$A3JvLE|l;-ln@AByT&WMx6m96GYBbE12cvc(hqtsgb;x!>tA(ydrwaf|GJy) z>>HA5;N7H(GTZj3l(1I#V-If9$)uFjIY|Z`p-?1)0SzH2jHSoaxI|i5+Ugk?6A0@j zrzS}W?VJ<>LJLn3`uKtlg`;j8vDs0!FZuS+&`=$E8cuvwC@1&+?Z)iP7t*D;I}&4# zW(Y$HLb(VU^>2c36%cOQw(anqe*}e{o!d)i2ArprKep6GA%y5AdoL*^tQtQRh7fa( z*d@%ujjy5-wFfK{YDL=UP?XTHr$=-O27zMOuuv`39|<#f#8{g@^86m5D%_mCT$okq z&huKPJjr|a?mhR;qx--3#r=;s#{*d-BkclV`^9UTx$D<28W0+4$dT)v81(ir?MD0& zgYBY+ygtEGG!>+BbD(hl;p6+uIT%HUFogsV&ZMao6s=askPJge400KbzhImeGK556 zEYz@KF6G^snbwwh90ak})lE`PXy;NXs3a-GW>Y0AA-x*9(aW$NE8CrXySZbMVI>H? z6r#BQ?*G`J@C%W`!8@@brZB+q=*x0KbO@h_@$W02`^bj@+bDBtZGL`k{^5V*U5bg8 zpv8+6Elq~iR66Lk;rroIlPF=8QbL>q8q1~_%*0Y)7CFw@N}H2 zl*-WdWxW*7%e*=+jdZ?OYfT!yw_a0C{I`x=F3zg72N%W$S~?1nlaqgR?wz|~B_s~7 zUqcCo`-3X{ynYSknCqIsdz!-QSTVfA45D4gPQeO7BG0;hRIT4s5EJw>Bu^2;R( z<%%gL)+&;cDpY3z@h4}5azlu|Vq7Q1-vA+uk;E|bz{JGN0E6eU1{V>7qFYG6MpDQW z`uLih50|CrJynNxBz6?so^)A)R*G9WBX@f@DEva6KltmBSVv$DgscA}APiKbP)<|6 z?H}L$xU;l%-j-dY>XxKysL53FgfYDcJ8hSmK41v{W%QH*ArE^z$m59_IHvHbxHis& zZ{}&EEvP1NAb>hOR8^Q_JtJ4F4!g+Ys3@R16RLbIBDxkwUOQXpa|S&Vet&WSF}U{} zG05@g^kBb&@VZ`Q+PXEI0^q<83p;-_VC5)B+eQJ69#Dpj4;;JagpGDde6pbPt z<;4lv{-rMjz6y5N#LlD1%^g*fbx0uXUM`GnQ1}HENdL4y2Hx4x>Bh{=zZycrpnGLG zI)LqZQo`fJV2d@cs8~b`3lv$r@J0~wI2A#7X$^$9PtTLaHgBbJ2+LBAePXDIp(}B4 z;-XA(I0VI$rr_i-RgB@)>}Z;@n2{>!*|WyV(we(4M=qyjRobi`e`4a^W5@O;|77pE zAHVSqFnpvalpvEKe0A$ZfsGLiQ+Q8Nc#U$$JC8*OyL%Lbn!+%I9A*-QNh#$R8O>FD zgn*C)vO=n&+?)t;HW=W$A8O7?I)-L*tRq%G^!FtlXr1xQ6LBt%LPZlT=-TsR2ZVU= zb+ADsC*$|sNbVS_nyQ*wumVyqSEx5A{6Y$(KkqTo7dBu(xcaYx@JaaD#1PIUW#(@? zeE3l3#DKl2DD5(zxn&{bjd?DOa>dR&3n_%hOc=sZhR`ib6j>z^3rvOT=pHt9)3BqY zPbO(YHMKdR`t^l8%O<&DTp@eRaN97#;NnPl%}F3E^x3Rc&565rAG>j5FDc>PACVZI zJ9p#llRK`S?>BlBTpiu2TJutbxgJ5Gq=po;GK6=kITqCrGKG{RirdqYh}_&#YD(_5 zo%?e$Rc|682~#o*A&DKm5g81Hlms$_p>W5L=!@MPD`Hr2+|%k=aJiK9Au4t8+>BFq z?DH7HCeF+um%Z`(b~A)klR*n=GhQ3|72n_3Z2AJE@Q<&=&?_t;4E*aMd=d%aCY(tl zA>4oX_|e@Riw{apBV=SkP9wC04zdzDxd<>zQh13VoCJjL|LRu;gnW!%2K#xJUY){( z8GRvALK)OnV>rde_C&EUBQAF{Wryi_@N|ssar|cuxu8EupYaU-K0PIWeqZC1f=-Ej1?O z)}N@aO~HYfT1f^gQd28rQcVGfAA#_kZ*)M9&Nx^JH!BP)_Rq}BjJXtr7@u*u)E)(Q z?TJFH75bVk!B&#zOc!?TK*zpnYLd+mylgk=-JtM`c)s-44Ra3MViO1h(f?KmA%#(a zR7waBly*#xHhsw51iV2_1`&{(ABsll+rnl8gde>Bs}~@2qB^Q9i%KXBEYbI9wYfHj zqH(8M1tkXuURy;VP-h2_vmXBO+13vFO2KYsTI;ZcqSv0MtM$zxN#JU~)34 zVorwNpBR7a#-r)!>4%0EwqJ})3ByIwdt9KocX8{hkLlrdMm3uPkI1l%?ig0{dJ{uP zED3~X2)|5XkP<;Y#8g3ljCeH=;IfPqu|q}`Ef8XY5rW3Xnu)^ApwP6GyM1C}jL~Bb zIW9#8?zBrlYGEIYrlw1I0-@7sn>xAUSo6@(^=APqpM|QkKVpXqfFCs7y$CkTH7qo*iGMQ#4Bsaf2mKmDOLH_YNl z6jf0tyDqo@q0=_|-lY!!;rmSrLLzX~X-BiZiDM@As4WpCM0Hdh#Kg93aa>`XI!+rW zXku)Xy$+Eu@*63Ys!fU`#z2hPD?FlpueJw^3$yb^r+#wookwM5W&8H+xN$5eF(W4@ zksvJfCmy?T^8VmMDb6TcnGwzsxkn+DQ{6Bm5_z!uRWYEs)lP9}Pmh>m@ET%ubz^m7 zV`I#ciQqA(n<*Ym>8kI_#6DAQZDvAaV^U28;YOt4j5=uJpB?7N;;1MgF3g%)QPcV0 zEXAXx9F8(^E{RA9LdMN9K2E=^lovQqXqSCod+W|UiOp40Q!cAb0mv_w8x*ep^ZS2M z9lIG)s5b1^K&XUp6DNB=eAz>>Cx0(E@Xdi$sFf%Z!lcYI7wVcmWD3=^Cr0*>3VLk{ zLTO()aZmfbU;Vm{Ae?0g$N8Iry)rA=a81ReB!h9nSdk=qL|LK8U!1zj$A6k7@v7b= zELOV}#))2Se0Vm(epJ0DEvwRNpByS62;VF_e}3QF$BrG_owFMpmiqk}h({HKGC@iZ zUSkO9(F|gm6iRs!quuuiLgmQTBb$X`2=Bx+#t?)QN8%tJ#gI!4xo5g+YwHi^qb`G# z5F4M$9zDPfLZ(i|EMW+dEOO@_eMFh-E-&?vqS-C7O@W{kFL|60ayaUg`Y63Dx_R}U z8x{U-M+=6krWRdxugxi1h{gQxZcw=HwV6NZj-eONHRhvXB@_lXy+jCE1~)xf4LRl< zCfRp0IYMk&V@k>_-sJ11`!{OH`> ztJBlxr%xW+yBiNhqVc4Nq=a{;2i5eN5qL6syv?iXqk3588fLpAAso@(7)l9aaH2V^ zgeHQpt1I`+&i%CsDG4>$q&Jy4>;!|LFl6ATd`VPJC|Cw?XdSzu=>%bBe5+^7qKHG6 zem+RAd3OCC3o0`#g_WEiI4MJS*{$*Qy9!!c#;h)z*KQXrLNn ziIX9FYJB@TgwL3i0ixHrezVmuCxsBUD}x#pj#4a&4U5=VKxlR>C6E$!?LU#5B5M=q zOQ`sQ;}o;b+M@%}`o61*LAYCi1d-uP51A{D`%67mu7#pqADo{LvM}0twa~)56arzT zs?DI2*n8;2(Tt8NtIO%O>qZ5FmJJHm{rQtCjTF)FmoMyls39~M-1NK%3WOwta}^0( zQ%^`pYBV_HBwo{G(*FCXVjfofCf{CnIq;K{(AjO-!LNCnN3q_Ir^OUX+<`ZGfRDL@)}Q z#A@C$6eV0jVUy)6A-C(ynf?3E>m!qMCs!)o4p{SyExlrX%WS3Zdx?Je=rB8K zYP-(VZ`*lze{MqKoU|r54GgjRp)Vl?8El`0Br8M?7~(&oP?Qn_MwTEn=Wj2a@VK zG{piTPqIbmpaCI%PAkg3w0K*#mwxe!yKkI3clS}*`TBiFFXR+7XWWpTCVrrXc*DGn zNU@Y5ys4Khv<=3qud1^Z^g|$&{ylro5QV&h#GQu5l(w$=oyQO7CZ#rFTGTYh`@6^$ zR>N_Myx|>+0CpHFt>PEdP$h^EVO7CA; z#+~}w%!CvLVMBNQ$>v|b|G_CmAxvetJLtt~x0SxqV*>-dy}bi11HB9Lyz0#m{>(`X zayYtZWhKOyf3~SfAmlU93>Dl;@q6trQ>gV%E`o^;%0WzH$fj7v=8Ac6hPxXP%Y(}D zUdG#q!b_u58FwE&dh`o|@SQi{@Kjb-c64`QbMsyULJmlU#hbF+#4W&!%K2B#&TyO> zzNvkSjoPq(fhUHPP+Am?h(}|&M^V$=b>_sr`V`c;*iMGCLNn)uPel#YWpn-o{Z=ZY zvWEr~qal%)C{5^`C~Y0HsBqLG1{XRd1cY`szrazV&VFnNQ09a43oX0O)og#4~2*qLyoV(mtbCM?x-*YBMgAHDPe zYaySv&gOfc=nN8c^9utlE%dL)gY|E8u$&KO3BqxPkd<)J#fzmFoXV4EG`ooV4<)L% zzC(ijT}rrCx@Rt1?B3LHM|%3R*1g^o7h{w#=CFtf@K; zCfB2dL7vzV&+g)gUEU+c+*^6!Q3JL-&>X`Zj4$ zm`Df}geZW5Li*}FU3sdHDhH6rb5^KJGXW{xq=!O|#yvCs?f#bec^4sO=SH9^Ov}^^ zrG4%^6`=5JDFHY(795*j*nVcu%sjeC6p%RKsn1gA3VwHk!gX#_d|iguL<*%-D0@k& zF!OQh2F7wVvqoA#qM`6 zn-N*;fDju@qeS88cwJo`Aauj%gtU+uB!MF(NvY}S*@3X5Yi5Sndwu3qRjG&^tCjDma73 zGq7Og31hqM!F%tIFWN^(Nj?GLyw%RF`liZR8=H@EgF;~AB8-kU3pq#3_Q|Da6@-eB z8!*h0u07`0PDk8rk{dDMsZsS72Vn5d;-c(JKMz7wPdD*hm}R06d5L*0 zDYLDuA!T3kM0|W{%jkRW;Z!WAgY;5Mk?25gOY6)8J^tpF1(!v}8j%f-FIw#5gdst= zun-goxoY6W*bMGiswfjm$T2A(%u?o=d6lA(awb|FO?}yg#-3B0^3Ol5HxDlxS1Hu# z(6hz~wadkEKIhOI|MkE8{G*RRAqnC6>6171QaGBN{NulWq}mgGH#r^^2!R}gux~^w zp-_15`n`J>F+Zx>6lhNfgDNYGVf`Zr)!^DvO+!j|W=c|pL#EH>#P1gkc@#)hi(U@c zJz07BbY&Hvb?z^z4q_;j&I~%18fy>76Nas0E?%uynW1)@VG3=kO%Dji2tv=qgol1Q zer6&F86*e^MyCu|P(Zp-oLOfn{8mkjDU{B`!cognQNICT^x&uGrne*B;FJE43`eZQ3?=H^r*6l6p@9%#&_z@gO zF+KC>?%TWK6Eg}5GH#r_`$#b43hChB!<#6H%C6wWYu613WyhXtqw0cMwYsQA&trh6 zu6!;bD#a$CKuAK^xJ1l_cz=m4WK;<>gu2YiQ{FY>0`|%>S4;zIPz>+_F#hJo+CAGR zW;|m|p^JCx`3JosTIn;7B^I7mtf@P(_>sTV#WNO-d*buAp2%-vegt1l_f3cSc9m0w#s=V#_j!FS25= zbi#u;2d}{MR;$JNK0&xxR|g8mgJS}rn*|NU8CxX>quhXy+Kf+CXAB6D7OE@Jq@Hee zELA4?vhQ0MJ{benii^)4F+A9qLDX-~iZ@~!L71@*5NZmE!IL|7+}OQ4qq%wa+i(28 zlo?JB4ibiggZK#X+UB(i>DF`G;@;M+qJuj8yc2$6wum2$xTJ{^ZpI>DV+}l>8chz~ z+6^doU+sO5cA>tO#YU7o&Suy)KgBg4JyFW%pRnBP>6JbO9G}#hZ*U%IAlGYTs7*20 zI^&-~>Dqs&d8%$4-J-fN-={&C|uvH@UM8Wkiwa0NFmV&>IA|~x*V$NqFA3; zd18d4;!jF1!={QF@h@uIm0Zv|gtbyOexBzqF)A_>{+#UuVe1$rBoyGFX+csr`paJ} z)=f^b6k1sc-5SD5_TS6q(q~DDR6eDDFU@&n=UvGc4J-2u2H66`fKcB_W8N6TV&%#$ z6Qz8{kk5$Hd*ZTfi?`n%?gNBi3?pohu9odPd34vY#Ectv-}rBDV4`OF;Z6SI`~UEZ zhmgOKi*gV~thX;-+=^pOOyJ|kF~)Nz=J8{^Lp+%n#8~=GOzdVcxu{7>!3ZwTzN|{^ zQx`~ikd%+sX$V&pgzC7f{K==EeoF6zKYrs<%0a(>rX@(UStJOx>TP?<0)rHTNL@xC z#Mg&D9L4K{IYX0+aL`{I3)*=XQKWF;yT7}U7Ov;>l|QQ{2oaAGg;CE#h=#-_HNmEm z#TOtn&($bL+lCW4$r-J^L98nQwE<}kPWb($+qaVxwz!;p8)0E=3_CWXzZ?aGEQQvE zc~?X@nkO`Ji4^V_aw(=#3u1{nYvE>K`Bb}`uZzlZJr8UvOH#R9Nc7Q9;{FEmiZ848 zr|EYU7iQZmReR5C2p_Qx{`7QN+0`98PQJb4(c9<#+usv~k8rAqKH#CQkY1GYggO{i zGorA#(Cr9*wmg<#G&aU$IHYlKYDO^M*qD@1Ba4KqD2IkrN+=O2cX2g@2u5X;RF4`y zivYr;{U;C`YODxN$Cp@gH$3}I4AN&-x68*&fjF!7mVQG;Cali z(R20WJMTPtghoEmDUJJwdT{3YwVQ^`g@$m;me>f`Vq&*Eju8kkC$o98+01{SAT;sO z-8l!(@UCz(Fv4*Zv)a+C%Z4#J_as7Q1Hx6k;Up_g4#!-=0e`8##buYxUhJ*lnGa$( zrgvUyWAqy&3*0&KZ!evpUu^Ge9#Rz2M?otsyar{Rr?hZ`!gYN9;6HWKw*?Y?f^eCX z5J9Id%t&wEc>82!d2L~4b$L}FOkoI9&Rl>g#7r+SC@-^~*47C^Fn;^?_);G4x40+> zVhUa33c|X@QKtnEI@to6A@s_DCN~t$hjl2ol1JY8Mf!-@G^?V?*HS#`!ME4pk$AD>;zHk|NeX zkvK88C^qi*Dwm7P+LNtNdj%7OSps2NTw%7?QdiY{W0)W$`V@qO;nlL?uHo}#WrXLI zvbS%%4K=(!ILPtnHRW=lAe5#&LAXUKpJIciDcmCOBLL~g<|XOcb7z4Q!-_eRv}-Y= z7A;vJ{!|=B18RO$W=R8#Cu<=F+E$~M@kaqp3S&)675SZ=@&19a0c@-U=dGlG3ly2m z&tsVdYt>R39gvKjzC_#6;h!iybm4YK)f7FGy}flRgOm^62uRoW`J+GWYQ*;77O+db59e`us3I{e6AIC->gCS~mTNApGbf>=^0} zy>SReCSx8mbrf`lDcnL3K6@4cVXQ!?Z+~J<+7t@t91q?F4g*3lby7P`0lv$mZSj#p zA|gR1X;w`}f{>t^Xd%^GSfEcgGQoMQa?%_6#LruqL5fBxTbR)h(tqGTaHybTsEQtN z$Pw(kG&(jar0f0s?tkotA#{KsNTEW~$V9kS$F=cB3?()=6F=VQt z<69MKq;LW zJa+X;U;kCK^6%gO=og?+(!mkAL4ll538CUJtc0=83<&W^T_)DVK_|2gX1`MJ5w$p+=RvNm8!~g*z0>YR^eb6itq~#@x<{nHkSQkSj3@K`UKS+hT@Q)rfM)}WwD8ugE;~%j6;!>p%mBd zxHytRi?y!m$8TR9?Cb0Ae>i>r=LF&4`SXy%{wqY`mEqy;>Ym}NB!%~R_mD5Ag%80< zNP6pzQG$t8C z2vRtjnsAtsycWs`7l0pfLeVu$PhemhUxQu^A$^sggal#yiCxVUkPZ!z98OKv@tzY? zNK&{Fkgo6ZJAc~N=)gE|^yfgR5L`h@7>$n(Pc>q2ibB$gin*nV)ZA?c{Vlz{Ev@+C z(v!$am^0I>PId8XFfZ8G{TdK1@=YKsUnKErkwXIL&EwdUSgcg2cA*X~R+$H41@D|_7UW*{VeHnzC%}VRc3c{xf zLQ3^S^BfUIzdT4Y$9F2ApL%3wRqr@q>=c#OgiMBz*^5B2D!@^L_oSh;W|p;fA~)+bC}k6X-=pex%the71U$`${bU&LN%)~ zNAH~D0pgjKfdTsJGJ`57EcGm)DCfewB7Ob2Hq$#fK57}aE>2D^x)?&HPy`PZQFk8q zAM&Ibk(Z|rDBuH`L(GyE@%H^128$JbEPaJMO)5V5fG}IEXy^@h2cd%edn^oR`SOTD z3dC-oJm1d{4h|v|Jzq9FTsA#O5H=8lSBC59UDNj;{etgl^HLMm>ZL}*5Z;LtLKI4& zgwLKmpA!;;a;R0A`G#cth2v2~q`Fa|->3#YOCg3ul_|;7XxXeVn*nG=V@*=#{(}^b zwhqioLKwuGdDWpH_6Ft^jULV!NC)v1A`G{m=z9Anw|_eHQ=)JR$vT4Bg?TGCI)1Q0 z;W`JT<*B?`xGeM8p8+9ir%!&kX?fM0nvm)U1=QvRlERR~F()t5Nju{wJf0Sh2q74x z*V!DuoC|`V3DL(8_V!LLj*gDIT$2MqS5QNU+)q02UKM=etqo3yZaJ!eiDYpotz?%O zx!9!SkWZs2OKx>yjWtgu*u<(vPPZ2pbC-}2B>b|O%13c|KXp0@ey0FMM8*pRAqz_5I%br0U>%6JTLQlx>iDm z62hlOR>&n%hl)hye2f%KO>m)s#}h&LbcH@TN`<2)ibX1FYEn{ikH=3?oaw>q9fh93 zUN-pQf*8i>DIS$ya`hSz@`R?JS?+4 zzLa7k7pH@$&jCUDCa9Vs2<_wc#i=@m(5@h?H1?UW-;3O}*@LD?4BANY(u||_g~nb6p+{P2__*caNOu-7O8<+ly2*}nSEr|^xlcGP zg_#rk$|x=D=LaR4D_6SC-+#o-iiZ!cHkC*w001BWNklRh05izND#W(T+yfHhL8c7Fh5_0nocls&Uo9LZy znds$>C6U1aY!7;f!d`s-IVJQ@_~{GO8LuErIgxSur&U!$9RwjI3JXGE(4cTb3fHqj z`WKBR)W9Pke6qZjL5@Z@;rt6_D|3yhJo6t4U2JmhY$BJvIn0@8 zMM(}b!$E0KEZ{J8)uPimYOz?S79x~T6=2*_fD!*Sab{Oz$JhwQ!R;paDwfDCd$9%% zLnyw7LKwS4@%aiCLKJ(rIHNDh(7R9sqIVUM5IX7qoQ~uhSMLKqFbL`>0zEN&rK<~l zd`b<8LUay!v~8LfD%5ofHaooY`0&@H{=mDFb6;5{*uj@~b36 zND=9_lry_;qe=18p{mKnMUg_L(27K2BOqPpmi?d2IZ*PBf&emf&+DK-xbkFqH3Soe zr3#p2IxzSRDO8DzIpnB0a}-C#po7>UnG+2!mh62;lXLN3;Ra;`p=h@J>tQ(>HC8>uZ>(} z2GzI>kE|IS#>S?n(E63Fu)7~!cq=ZP?@2hx21ILYOb1` zoI-5|H8aw}1#U3n3rAA8G0DB2&mVrPan8&TGImi>%SI5oEaJ$nzz9a8=Moa;#2?cn zX6$gp)YFdU)HBB~I>+_|r zS2&(i!Z3mQSy@?Kj*70xtWB6ROKuVp$9DD2f*0wE@;$raIUk&uX+_R4F#&5CmojFj z*W_MKO=c!K7O*)wI$k#xG$6F`wIG`uak9x(1o6?=meO|TgFMjZYq~@~oua4G>ut&| z$twNSMm3<3!{y%WU@7G|*zF4tZwd3o4oZOI`BuOc1%=p!7g@4rddbziCPYU@L* z5FJG1gu~PP+~+eDgEz(T7i;v`SlVLLW3(220tyK{5ka1$(NbtOtDI2x30Vq}8$Nlm zvZ@WYQN2;?_Ts+H@n=XGbnES2GZuy`5^8hH_aEQh+A@Z8kRF~_<60PA{aTsA7Pa6q zp&_Kap>uz2cUfXpT^&K#(J@63PE87hS_(G;()A5Uzw#Z^b2;G)4B~Vlz3f)x=GNA* zO|49OM62Z*iJRtfcOJb!sRqH<%9Du%qlc&R;*Wf^ta1wyMp=wx3a zCm*nsW`t82E!cH?;(?o!K~4%!(Ho*M4-G>&;`4Q;!a@aLp-v6uUzA|D?4ykl3$xTZ z269m>>Qgux?AX1d44K~G;Lni(-t6PM^Id&CJ#9FC%@B_C4Ra)ltwSDj8)>g*hwb+2 znAj~bF}gh%D_esC;p>~_v^D-wmpys0FkG0?V{6I{UF|Ie)PXcLE5m(ycC`S6+G<9; z^36*qjU{Df5{Ac1>C+Awl*%aA!juxWwu=8Gn~p>%;k)~DyHD&MLL5pE4%IEzO%a6) z3q0zJL}FnhAYJDQ>DMcwxjGsZrK+QAAry7oL=h6MP^7@8NM^1ADko8vw5D2u&_6Rl z{Iz;!Py~nBLeK>hU>+bIqhQFx?}rh}sC|49-zp3tc7C;It#QeTT~Wkq0l%ER)Z{yL ziiMCKSe)ivs`Qnpc(f=>pRXt~0MzGXu$RvxIKFJ-_jpeww?o9!#%q~ue!Gk#(ZQdi z|3KJ{0K@K{h6cWV-6u)m{YO{dL_i8H?7w-lJqF$P>gqdc98DnHqLAGDI-bqarHB#iaO(U}7REr8f64W#TZp>m7g? ziV&*8j3)v@X;3hQ2e;+drkvTu5Q-Gm;hcR0g&Vb*^?ts!B%8g=TUZMDw+h1L<(1W_ zKn+g8BoKw{grZ#9`TGHJlBssj(VSLZq3{T6GZYxjW4V-Kquz!20sa<1;h<$K1EmWlk#Z(eLA} z;JivX8kXm@RwbV-o5rrv;LqtzKM)-0F(B;e>0vD#e)Q<%qpO3`P3-Tx*iNj)z)Vez zYhz9=A|BmL7=l2~6gNw|VzXp~q>|C;>BimiXcdj32a7K4vKmN}o4m$EsUF}CaX6y% zkmt9TDwdW~0pa$E)&Z`FN>_GFgb*(1oEBns+b?w)DUEJFxIe$Prt4_);yA^jL$_}a zAueSKW$lHfaD&2ieg5Fj9AOBTKNG^$Kw~Y=F~LJxUX(S2avZ@_dnkT_1I|{qwxFkV zpf~8^g_?QFN?L?LdUwkhuhrLuA$0QD1nu{SJ$=K& zeLa2W%l4HGQ-+A`!~UBWZ#5d8qENwSN(i?=4DsG)M$29;Ii({!#pp}~gn_kdy1Ylf zECceYM`0}cYOh0wX->~`tMP49MPnmLVebA;e`^b{8{m>mFC!?kYONmm8q7>YLP#lL zdCF4mp@KTf5D3ENj>)>oDTBg!k;09Z{rbkEf7KX@jta+~%bx*Z^ju19W=cZ?Oi>)F zG$V~FcKtHd?(%o=SDObi&@`r$(CP{<%u{xv_U%0^ke=SU#l_K4LkVGi;Zhjd#V6CQ zl0utT&v2tlU!ov{&G0NByd?3czD1EGYRD4E5Grp{pcY|RBaHfV#WbrZ+ikZ_Hea|p zEq!|IG@&3ma&bfsoK-gviQQMa8>$=n`iFt_;I6&dgq&~=du2(rXAYFMayJ6u zDB~v&2cjPJLg+75`5?xd4xGuYF}3YUTyRD1;QUPt?LjK)SxAnLlaJ z@n|H88bUnWNse|TWp+2zG&D3Wan&x}kU}n#J8E|oc*JE*wwVaRF+z)n7w37E6gGRr zW@~Fp9pceNdZ8u=K_OdY>LWsgpq-oaq>&F~w}L2CO?rf*#Nez%qnD&*s9^JH80EK; z`0-m`wzwlI#~Ptjj1#3=>Lm(WkG**wOZA-Wq4#i0pL3DZX4PMaPwbFh-I06V8 zQFGZGQ5l5_#wvl_Lce&tWlO}C)9dM~jZac2CkV~YK^R^Z<5=IUcPS(q#qI^(C(Vk0 zn6xb|&52t^O6|6I5GX+KN~`POPEtr2*R2gKp09-R}f0yDquEc9`$$N29rz&148!Qw({%~ zB`26(WC&+wJaw=EwhDx7+RhU(YBa_;qF{G|!OEt*OB6UtRrHiVh`J0BSa~V0Nv^>t z2(uM`@WLSed>n8}G^*D1)y)}h7IKKnwbUXCNP|^-F|`I2yg9;dYJBq(cXpMBHg7-> zhA5RXgf~apV=)55689{Y{#7~QV-#j2O5LI!HB(9uexl}QKKb<1Pgj+B(+dbf3h~KR z5UOTINFanjqAn(0G(6I_w1hEwIGL6o_qR?UA{Fyj0gx|(pk~cw>+s+x;?X_j<#Xng zZ5LYX&hf>ms*dK4Du!@~enMdfeTw;ov5o1q^=%dM%~y<}eI|rhn=n@-q%^?eaLFWt zSOH^fBVcySQ8?O6Sw{=&AcnYG2QYj{KZ34c?*Pvb&-nTA)VW;a);fxo#)8Zon}hM4 zXIQq$VLjxEvw)}xYZaGR`6w-H5(*i@OP3I(Hi;j%_6+v<6m)q$pE7Z)l+kblLWy66 zUY?;zEAlyAy#+T;K0=SMPZ(tTCUtQaI*0-&iA_v(_Z42X=)c)Na*NbYL8zu-SpBr& znrsxtZc$RWnI~mlPshIup}veAzL~rxB3)jN4(Ej2j%DmZA$7pl*s|b`KDBm3BFE^O9Eji6h0;!a+oS|FA!eMGLFHk6s=>JJfx&z z42^pB7s6Mc{?HS&xW*UjpoHRP!mfO>32v3%JlA6$a44!C502Ks5>r;0@AAFx8Hn|Gre}Xyo>uvIx9pp%2$;rFJuV0 zZqqK;=nZEXNFWQJ@*RzN{8$U&Gh>>~P(pp4KKexnS0W(PcVhG?X-M6(H?LXxHHn>Y zZEo)VJ%>AIJT20g*P-Zynk7UiGEus{)F_U|AI`5er>CAdFcWkF!m8Upx&2f6i7ABb zOs{MMFKkHRdM1V6aUjFEqzqzr>))VSFbsgt$CgQ-3r*K7K;B zWY{=?AVe55h7}5_&$SjLCMIT-mU^rfn9b6Ad)dvz#kCuBm#s2ts%F{P+(IqWEATM2 zc8PwI2mZ7Ro7`%u6hj(@PpU2ePdsZXm1DlD%y8U_kd-$puvkG^p$o0T^QgyM#4%px zaAZW?bb*UUBj4MtuI}mX8XmsV-P7IO({o3o;bZ*Ek2tPr2sej6cQXAV zsomkgX*{As!TTXcg2R`D#>2M%q+NidJDlLP}=&wmm43de~IWql+;dgJR3f zFP(a=g$MJ`bjL1TfP(aEM@{%v+ZD5tLA%*MueC0c4fiOBs`t}OK zmFFNdr3!>Zq1j*%-!**x`O3aMdyeKbOWsemUPD2imFb{whKYX&4oyt~8A*!X7mpIb&DdH;g!u~TpEuWe^{us9e zrm9hxZPaDrNC@+smb#(jljr+2g!;k7-D+fneAbNh?M^k}*HGQi-GdnQjzIWqGce;| zl`)(-=&J0gv{JC z+YWU4r7eqMjHlIrP!&W=4Jq6nf4n@m!JOXMwP&Vx!Qz^#n(Ao&$xntDLJx-w4k}=P1Ehr%`&jjIlA->!~7k;o1 zo+1i4EhGlTFt}1uKH*I{l1eW^83`)}vjtS6Myn6?XokmFi1j7+! zq$bUHIp)G~CdZ~Rk|$E68WWz|Mn3o$R`_xXMm;eM;THPA5Uy$n`L;xK;APcOmjE!Du(y3zD4AC$|6xMv~l<4-_+zg;<6#8^+G+W;nRkfLHuYKN=v8${L!)X$S zDiC=<+i1w^l1tc9jZx%*7^78>hqW+Fp(>Gbw=n$^e9k`M4uv|i6pljISZmX}q5@`R z@uVgsq$?57{xoK72NgbIVM@w9+}RmlI-^UXttunjE>WmbLMhI4?kUf$ZA?#J%B{aJ z)f;rx5q!-B1-GlP)-==sEgWDB$5;wCjux(4Qus|XCxxPfQ5wP*zA4Nm1)+oQcX3h^ ztrk~Jjcq6P?bsEcfm72tIrPPz!8AW-g+$uI*!;qjr#T}hXE*)XL<>kXX)8oTi@Dc#FkJYW#l$*s0^~vm(o#_f3WjlXQ`Yjm$rnzv@}u)MGSdn ztu{AvDLvhkTYt2wcWkka;Jck%aC=A~?C1c6YW${`q;R7)vtAH>c z-xMK+kVm*38bVY_SqdB5>h~Spm7^dm-R{R$J-2zW*M?1|mS%rq&hFjxZQ#d12P~f% zy7>iey!gp%!X0@&n}tDOu=ENdZZ7*eZoo=tAg{Mc0Mv3*xYR7oZxC)8OX62llti4h6VcYiwXM4%>PY%p!%vW%8MqVVyn27^30 zvpM~BY#Dwc5Js!Y=!*d|MI#_wlAKVMnea`-`#7M`+}PH2V#ltWrzdar&Vwpm`z>-q7$j~=R2?Gm3m#WH;ilLfPS!u+ZmlS+?5ndQ9uZq=XR=0z*h45d6d-@I@iyfk1ds;tZroU(#0f z8G$gMccGMrsp{#Aja&J_&d%)~j z)7!jxI-m>(oq4E<8mXU<$N$=tfw%4jiWIU~vewB?g*tGrt%cc80|gxTyV)%B1D@oQ z=lgovb(gSR3tYE25+NR z)#}po7zWG%f)K3-JQYTDMwxIc2pzh8p-dFe*Ni3H(f)oo}YFjP^>z`%wSu4lWRZ~gF6O?ZTRErj^4a4d-q zMlgt&2uhglXy~dxvEu?^mdFtLJv{LwK2N7Z#ApE9D?bJkl9)!_moX1w3 zV~AiV0>bphwlil=9Ev9hbNEO$JZLcwW5o(ZtG|>HBnFS|-hC_sqNiV82Rsu6^o>%0 zp*OzZr87dIkg-xZpKe5Wz1ox8smz1D8ceTDr}=zJ_zY_qo+%YmVL{vNHS9FpPV3mf z%!RVHhU#iLvIP2cMtF-O(jIOW(*OTBqZ2FfDEyn!H>YjgujYZdge^VPGKMvuFUW_J!gpAIKo#X;qbvuOin11gVGlt zf$(5gN@fyF+z7(5eFtZz7{ZRd85Dv}4mBHE2ns!(7Q~~!yCH?^^L+I?Jh;K*GM@us z$YhcRg)nGH0z+tOXrqAiVElHjjh419@G!Q;HIG%o83p0)-4_7i-hzTwiE^;w)|#A1 znWVqjGtj$$o1tEJ#Mues2#i~utYF!*IRzhV04rneJn_p1hT+N#TKO1H^XX-JQB}>c zQzBpZ;8RfS-!;Ad{jD6UaIU2ycNx z+*d0 zJBWPr%$l5NegQ(|D8vm4E)JSZ;n!i*M^kdk^S2$kz*&dCWgdr@U6|b-fZHr*gz>vc z3F+CrH?f&sU+K$AU*Xo~3<_Zr{mrCJ^M3NkuwRCP}=gklDnK;8njg=NsD{>w^D zVV*Hkiv4+(Rj-m(r`p_S7V&?kXM&`#NAah0@S@l_K^75_@@YX{2jm@j_VrcyAh+vT z2_+$vXp|Yewe=RXkbWp7g{rhAE@uIVbtzYnK{H1`CY2q@H$W(4N~o=^&D{w{*-|tp z;1%kcSBGKgi=IKT=!JNOkT6VcZk4CGxgZ0Xq`!G+V8LqFai$TCs+3PkFwBj?4nyd) zsaVy>@O1g5QZF&NRiVZm5w<#=hN%r!spctU&N)=y*4?g>!FH{J?4>3VDIj!gmd$v< z4@MQ6)h3gIQ1|Hxyjxq*>*-eENxM1uj2Xd09M45LQ6{=uIjhOu()}xTx=!(9PzV`beG$y1Z zWbUVc6oaE<453v)h$R|-&Tawl4ZO)oo@j1vo+zLvBQbGzPEJO1%YYbitIIE51)(>b z1Uki&&2BOL5uIwt)GZ$YCcS!YM%oc_-hx9>iD)^R)n$KJTp0mPIO)AY1ikk z5tQomj-G0SqcQsIuHIfUI)w&={JhFH>>+~Baj3MACuS6ct1D|LM8B3l<52+$L@NLy z{Yb!5G3SU}s0e3-455)2q~kn6?eWg-e*ans{iXWX`kkFSPINm|i|NF^Lx*-1P!vks zCvyVQvwO$Z+`O|d_ye19Krx^u!Ynz_mU}sLY|sQ zN=hj|9v@Fa*uuM@t{}RAyka;pQ;^6Io;&x3M5GzX1c3C!5F{$`pNU2m(McJIFlf$f#K00gw z$d$CVsCx?_Z-bT=E_-8EXeQ&3=ZcL_2Yq>++P21p1g^0)L44k5ZxclSCMEr9hE$Ts9S! zBR=hUQZnaM5fAZML(bBwKmQDUGVMvz$12*!2t8uTL z7QE~4<2%40e#}Fu3wSLrPOjS#IOP+D{VvnBXCXS_x1b!r!_(E(65z(cxvP!K@h=q% zMwUFO<{%*#c(B2q7hg;%FEbt<>xvGd-%BNU=RcPb7{+3PAV9WMW&r#z0yA)D_qjLl z_?hn@8FeyoyUwrh{ylHwIma@Fgwlf=YrrCZT<8y{;*Epl1TF8LF86}>H*frTMQ7jX z+oj^jT}1owfZ?ra>(;!nm}Y3`a#%WS{TCG0f%~Em0L!c;JUR6!W^O;f((Dr|3gfoT zXY6SuZ*Nf*D4~(hr$F_bCXw$6webFW9A$X+h(S}(P%PN%A7d_J0M!&PYJ6N`#$_~6 zM=?UGf3h?Fnq9JGjn)`^#ViMdAxa$lrM&a+(cG`ES~mxmVUbru;i<2S4-eVr z&Axw^mMniI1Fw9|ipZ+VOjVzb9-Yu^_W~dw zmA(4Fu-ayPW~*A0lkQNviSTJXCu!kOSp|6Xxz;;=!vwIT%=49Ane^De-A6B<{iFlCB>~hg$mlpFM<8(Dr&Mh?{8D053&FOtepxgk5n?j`ppYF?&!<;$H55` zc0p}5L_);rG`~BEUKm*xsRI!ZE?r#j-pMi2W+`X#ZJ3CjJWGya`EOjDOV@1cM4USo z)to%J%{^Kcp*h`40V2JOqM~+zem?*ZpZV3i2r+E@S{zw`qO1A(a8GaeSbnZFIv>*2 z@rfK75d_L~3$&0V9E7&JP=3Gz<&~NRoGf|A8$GOccqu62(Skiz=H#0tM(CL_IOh&e zPMH5q&KzEJ^qXIk(@C!mC0I!dmwc3;jKPI_R#B|l;bKImz6pBF$Q!%Mz}l=xdOUcm zus@?^pLjmR!3}wb^LII=5!ZR9AE%OTT4)=Q9qf3t+2%i@7Rz3c_7QCZ; znH`DdG_*IHCCd~DVSgpXzZ1OuOw4+MI_&VV2eC%6hMMx_zV%aOKQ)zLhcHEB{P;G^ z5~h;l0xU#$Z~}>N0!eRMZZ}va3Woq{w6Lfr%ZBGExuQnSA6y5Vz7}x_Suct_zCP0ii@K`0$7uWwtX$6?smU7^lm|2=#M(T(z|^LFQKL#-AOC6Nl+~c zi=_HlSE%fArJ&qj)KDPu@A&J@X;;hGv~hrvS012ntT!we>6L!o>m*dNtDu}jq$=Jc0* zFDBGQRIxQHLzDPn%K8I+oFo7@{-C8rc=m?DCVy9Ghwz61pX2(mEm|nI&bQbBd2S@S z-qIdmmR}QuMkAMNklxApJC`*ANJB9kH>~N}E2OOj%(n!cOnvzDyUy~d+Y0L)F2L>2 zYQY{`NVL!6N}yKUnsb~foA2y*yE#{$b)T1|AA^Wd<{4h}J$$;x+_>+D5;>V!Rb=?8QcIU(yIlL>wU~E?BpphY=C3&g;MxoV? z8i&k%?dgY=`}&vG-+D~1JHk=<>06qoZ-p)4|IGQLL@dQR%Eee$@|Nd+SuOK04hwN_ z;Og0tL^q?a01_t9@>Cv%WVJEvlYbpry;FJ%?q?8U8z_m_DbSK=7~dks0Khg!wtz&s zo_PJxbPkpiB0XU_kz4*)f4@e$R~3?P`2Szx?Kx`b8M!?1lkV-`isO4~5+!LwUhN6CpDZnt@7Rb)6{Z((T&?SR`i66LqNmy zP*t+(A&YmHdws~=Dd$tP{{z|p+*F=3}fY&h+07noTZVgQj z<9SE1Q>&63NCk?h3QHUU7BqpC1G>F-@EDOfdFs&&>12#x(*fYo=QJY)B^Ha}8+I+3 z+Pc>q@gvT0uh;v==kxoeoRj$X+5R{$=R2e7sF0hlsRH-*LRJaI1~#ny+gGGw57-LB zAs8{tQJCvyrvzh96#I@A|0uxs)8FgX%>_TCT9e>$0$dIUb&cO%gS@W@z9KPXZD};F z^*=#?mX^Y^QH=74fIg^wc^U5EQCGmP@kmUMZ-GxoGaAlR?cS(-^8aSp6MMTEXBLG$ z+q6%$AGHGny>e%V<(?k@Jy_AFW8Tk=o4tEJUgzn(<6KK8Itn~gs`%JR7`CVQhXz`g zei5=gy1w@T@CWBpBt(OS1Z#l&y}N@VHJnJm{szX~Vo3rddYk^r&S&Ix67 zar~jNXiq9y_cY6o?-S3scBsx4Z9m%5VQFD(;aTjEGV&jR(}83M*Dee7mz|4KDnLe^ z&DyU)w!f+)E8W4^CPlN}Q%TJmIhc4-`o{(K?|Qg{brM=xY~erDJ2AI^g)fbV{=3fU z3Aqgm-wd^SQ$NRgDJ`e03IH_CJx;@EZb!0@teI}!5Xx-Rg(R$U@PK2nPlw{aT{p_( zf%IP;K1fIdn@LK#)<1Z~N=Dg>aLQ3|v*uAGP66kgKWY#9mSrr!kH753$v%CFT~Ba! z`7x?iGkw`_PB_Xrz{Wk!fZeg8+DWU+0Mk2|NT#Dv2l>pNA`jy?^*KJuD*v|>9q0R% z9?!ObREIAPO}A%!m*1Re@#}*OPp@4zxxmNaG^T~$maHTm zzvlD6j+ebjR#K83=pi$=q3Eb-f){FJUvZ{=*lbnobw%{5gdfA$RAg+E@;B*J6Zf_o zZV00$!6zb1tmeP8@2cMpVF;TYx&i@OY2IDO*vm<7YRlBPB)BF|#+Z=E#N4qjLn!3z z8{(yw`nWp%oM=(UBr!Ir`92QARiBgUOa!1{r~ctfHf|~dTm;Q-4JD-yG#tpskNNZ4 z<>(k;(NNMGX8YEg<(>SoC);}YXl=I4MK+UiXyZz&?h;#_Bj6cT`5o*sLk!4KFe}Vy(a=n?`qDMgY&%GcHv-wiKkf1lt7l*i$&6_d z5!v?~q=E!)4KFOb*i38qcWDNn-1djEu2)CKG)BUBR|6s!JMYgi?Bf1nJh{=hJre;( z8Lu^#S!P=o#X}psqxpNcwo_zS9Do1Ah^|5~0)n$o-Mncw{8%l-RYHDh?(-A#5tnE`|G6;F3vJl$N); z=-*NjtXI`(T}U%WKZ^*az_&ZHYtmJ3X^l;oyVMocl~tm{F_X0DG<5CJ+v)$CPVR2R z@i7kkrn*W-S$I1eG9J=YoGw>Jz{S|}j7 zDftwhF&!Z%#pqYTJ^b;RkD(@p&=ea(@ht)Sat(uOO0>S4t}Ww)hrkTBm14bG;W#CnrIp zNq)R@^{G4iIKmFA+(d;z-aM1xX^)Cl7r{gYcGMJjI4KB{VQ~PVAj~Rn+*UiZypzm$ z@wO49uwZTU^Ku%eHj%kVji|kvIpp#u#6N| z=|{<~O@4U@rHm$7vrxPwv@DX9etGuJ`b}L9xQ)9!ckaWd*Aqb%MTbxKtcxv=!~8wDy|%?t0BLZ z5|kD8AOmzzTwE-9ARS}HbR#r4st1zQm#TG6SpMM@aziAh$sx0S_oLEE4!7y(Sj{pe z{5^q5QGswxxMyrmSkNYe(Y-arP*Ha_e`KFFA0*4*ffg9A6-yVK#bo}g!F5ssTM-9& z*q|Wp(0bqU!43-cn6Fm4V_~ZLO`|{Lx`pzzV~i1wZjLI0HbUW#lF?nT*{Idr5*B z@ax?;ef~Y)Tf`e%(6XMKQ_}Lcr!>o%<=Q%-l@yCLL>FtZ^>rK|*|u4|O?ENhmX5M? z!59Y%fe)WF(E5rLGUX0Mf@m!Aw>bOBztT2}pBO40*%aSwv}&KB z#;wos2Y31m*`zQELV&?BE~osuNg@7Obt8JMOffD~hCJ*c_&?;m`VvhEwoj*nz^zOb zY7jP|@*8CnQ)5+A4 z*LwSS8n;55bwXk(uKaXb=dm85V#8Jj+tE2IPl?QyYN2rKit5&g)($XKF4JTA$4vgO ziTU1dW(I?uX?HD#1{y_|ei5f-#5|44Oz+)FD;LPs!uuAMC|Djz_3ifsAnEQP*y8hi zgE^SCj4#zL#GpC87N(&5Y2lA#C6w~&M_~jm)I6{w8dwAk%#8n0#TVlV>T&+2kb|G6 zLYd_19N}VYMnz+4mO=P(SM5p%Ar&{}=cZA)64ZeA2txzW28>#p2E-RI?94I_@Gf&i zy+0Rv_wG5xCRx?o!CT#<`h$nY$W`Wr#j2)vhoEji{&K&IO@e^A5rJFyMMu;VW_6Y~ zVPqL>Ep*K_l|QoG!|Lm}>05fk|+Z#Jlm^-!Z1p|J|G5$=E}+395U)cXIRN|fqSVS_%Kh3`_-#t)H1$J z^G*!FHN^(ENp*#;qAL1a?AtV5lMOXXs1q;5$p9Q>r(mY1=i)iJ4cDd3h3n;kRYeab zz7a!u(R7q)(&;Si(MDv@U}5a$fdG3Jz4v5tb7lfKVCwuZzgDI-P0i83C#bP5zK5NT zn79fS0@BR(eDsno{^NM1nOGFc<|$IO^}p^8?J7+!I(blQcZY7-Yf5S9zBdcJ9IZAp z7UqodKm*OMwRi+>qO5+=;F$R);;J9UTvb6z#4J9j5>D0LYp*bt0)8OWmP@*|(Ejs&oCWFfw)!fv-SLpPT0+^<5u^<7= z$b7fV$?B3)DufhGImqYp=^yRM?P=$TRN^RY#OJ=VGdWhdgYP6JvTP*HB-5>_4Cbwi zze%}2i#>1_05&sNwFWppv?ifw2@r}14cb&8_%o{f2b_2e!O@KlA$v`zl2c(g9)sI) zUwd&aGZ)8BkKd=B=unhR(407|C%l@bDT7_iy>6DD^VaFHRE}{B%v^a@x)Wvlfw~hE zQCfC4rPyRF$F$86hkK<$voqL2(4hRn$k3WGs6(fbS>WMvTq3|gD68hiqD9Zf!Cm{x zD|Jbw!@bb2IYUSS^qnoABUg5K*EXvmrCqGX%*@QT#Ch{tfwX#;$N#X1UXe4ymmi)4 z?go#{o7v1#DP9nkuNaZ0CCg%~seLljl_JC>i5z8>w^e|3mDSaSvauaFNn|2dhLp5$ z2^9~|N|cj-m5#MYHVbNpt%Bv_Egksp*`VRI=~< zZBFF0)kc+^DcvphDbVb^FW{v7G+iXW@e=PN~0*C~a%4u4aFw z`rxmVDNIvss4l-eqRbMaj|F10$G`$NjPnz;{cvD^^GAFvIfNLI{+1j<5&G>Md-J!L zPslR&txVXeJJ{GrXF+PxLM#=Teee>diHaDYfdh3r;!kvBU^u}=K?+&Fse$BXV&uGrsJ(7_-UMKc-L%i#Q)PiK1*eQ?NGPp)4ih-I#w(>5qz9(gJ1c9KuFJFG^SUj6bc`5slTa z1h^24Fq^b#7XGg_r&m)$DLhv09&Qm@Y(RX6g>v}-hvM9kU0=m2-2wpooTDuD1Na@! zAQ+N6$%33M$ps2%J}-c++98NAHZ}@8@6gl5|Jf z!fpAw(c`}+aZt>EO*%5WifKq~x@RGqm3%uqsY3VyMUY?|DC=9$iXf4w5oR zjf*`;67iKmNI(Np6PNtehhe!OJq9RXOzcgnSl8~$VD{Wu%?l9_`13v`e%|WrLj4nNG z(u2IW?E8)K*E#q#`ce=!bZ+NG^o0+gi!cawlSgs4{xa9bOXLd(rn1^|v6~f1p{o8B zBfES_r!&gv3ipL2PpHsxVQ|MjO^^6gmEaIi$OBCpz1R?OeH>cCC$8Z|f?L18B=qc> z<{cUObl}AH0kOjs&a0~BlfJnO7(XyU^1Y}(S&~xDt=U`X{-_h@cdc=bW*8ubs2Xbk z_fCDWlxwo$3Qn2Ki%?`2-#vVe;3WqdR^ZMX?1>793rI?0X{mk{lh248R=)}-Shs2o zyzqXPZ4(aiRZd6Fi$7qa4zPaMAPDzVrM*V+WJ9?a^&H3|C;Pq^bGUvQD`kq+b=Z>w z>c#xXpVDt6M%OJ<*Yv>5LU*>C%W!^pTLx#oTzf64YBlaV#pAe5u zrGcC&*ipqHK20N$j0kk;pU;xI5K((srwgp1p~K4nNY(t_l%GV!2iDU=lbmR=(HM3Z z(R%L$FkL5@K;GNwRYVWCO-TiSg@^^zsxbivJEUNtdX|h%!JZ-@$B&GqhgKH3}{LEE6OQ7()K8nA`Ylt9^{h znhFt{Ni_JCIckO{d_{hT%S<71=zSR4iz~w;!GwqeT6s|V&3ho;T7^;U0_IX95f;NM z0wATC<{Ga<@+b)_{I?o+XeZ-#w8@S8@Z{#}TvW}!jJoedQsXcq*{Gr%tHFFBw{)u^ z$MfZTYFx0LGX^v(8BtN*+-VJxB8kxZgH%;C4D@jw2)-A`UtGZNF;%S%);-bRLy{Uz zzZR*foNxec9@QMxBf8tO%%Y`AYf6gWM_@Q604CMpJ*S*MgzC6y?YmBtWNzDvhK@;S zn3x0x?d|r#M5Rd;;Oo31=GzgUoJXyXE-r3v$2zLUX@q=>c?Ca!!5`=d)Id^Mbi(RB z-rkucME~hMS(br%OTgx>tTM#}Dtw{&;{f%W6oiljr_Uwb*qy5HNH|~qxT+{7*gl^K zhPNd4oq^aB6PqcOd9TD46+8tNRy4R5inb~qdz^*bcT$OU+b0a@H54DBOj=9@$uVAH z2g5pzX`)_+5X@0immD2q@~wq4sJnE8+Wm9fUyjko0EhmeJ+hmVv*7X>+9L2SWV<4; zjhs801o=$kGJG%u9(k?gg9TX?f@u|Ol5NEDC$y^MT%udtznl^^XH&5Mlvff#A8k=n zEAW;g{A2v*h5U8f(5|YR%Ws)A48RhNLR&9)$Yh4umY2iMe#q*3R2Xn+`$P5*P~c;4vCo zJ?qfGHMBfoAX#D=0O|%n1h@Dbl`$tjll75R<0`&{#o$Y?Rw<1s+xeE(3@N5>k~GJ- z7I>q84Z3LU_9khcQdf!>A0(r|ZtiLWZB(DN-9Xn6UG%;H^vz<~K)Zj3VK7MK7z|eK zV^e6t&!HaG<&gg~ORAkUDRRkITv*~MjD1D5$J{VKR$4mHcc_aB-d$gn5k zyh3LtHMZ0fYfVp}>QqDnbUSe=qg`c9D+XN@# z;3i*kz`+~}<=zRlSQ}+IId!qa@Ms}2OegW*D21@O4%5-3+QGeXl57dVS#H46%O6SN zyF<^n!-B;$ryEElL?AZ?Y5@9ZC8)bN%)oh8I|D)#`!2j&Zl?t68x3yY!I^0Dzw^%R z6vxW_qY7oG{gTfe9sKKFg~6S&spXRCYrEuVjGXK?a$m+;8;00Vw(OF=K{~crizv= zn#s3Z0@w+TX4PBt+(st*g4YmJujY~_LA|6@@9w4e4-4$!JPnp*lL|K&h);=Ye-~Y@G+XVO7A_^xoyZ5XR zKQ|vtD)RL0LTFoh@xlT7;f(6<1af;=)U+48k@psR#mTdE^zxe77PE?E>b=#u(IND+UrgTwhLVVrqi0|E7~gNkEXLDuq$&*kEW{{(nwmD; zOmZx>H%GWY4ZKV;GEBHp0!4)qwIsc_!sMwBnVp6)IJgjZ7)cZ-_7>PaNtIO zk;5l{`}Z~JKNi*z&UvHKC`&;qP}f~Ou5oWi>H z02QC-#eA%OG9f(e=fMuj*Mq`5QVV5jYZr?1iV80g^5im0M3InFCl6C9y}&f~lY>kM zcyYt$K!n)fSy)x&_G}RM`O`OS2;uFz9k$2Xm&P2*9WPz-SnkYRI{Dj~Y=}|A=;wpi zsS=6qN-vMH_aH|vWO^02GHK+{ z$kELU?v!v55KHaJP9ryC}P;UkbhY%yp#K!G)-)@S6q@!Qgfg)mYD% zLxUKrQIBZMm4s|fWTY8A(c7d253{kbn>UUAn)+P4spC$}0vO7|JUAvcwJnWD#Jy2~ z%MNF=i}8*`HQf_w%UGNTzg${z9EO<#Z#8jYsjbdU8^`F&077Vu%MUHkycv95Z*f`)**^rBN;P5mxLx6 z%~_|UogmjUs*gSfCDqLV7xvF0F$l%hht9WT81=Fg6c5I1G|tB$fGt9WCBE_;bmha4833;98d>aiA$BZVMt%fqz6q!Oo4+7^7^rF(M6pW)Y=2 zs;CXf7jg7Y8?A%+(>%JIrh8ck1tU@z0wg~7&Abno2RlZtu#-4c@DTUl)`NDoaV(_veN(putid3U&K5cJ8~YoLaZ!YIa?oeiT!E@GZ3?7te_rbR zar*4=t6N7>yy3Mo)@bcVDgQ?<2FZW#Cq8;f2YLP-TiPz~gEPUg1TbI*uc^S6Dm*KJ zJ<)J2cM$850`@6>VIDaOr4$~h8}UYk_|*Zr#+=*h*D+~N3CYpV)#bbqNxGFS0)GGg zE&;*VBXr|Gc-TRpu`&4?#I{(r)rWg}iGx&)d^wVMql1QR%Z_s=yNJY&T#A+l81bcS z71wN&7;yTB1M@2+SABr#+QFFv1(XX`r6@56SL+@#qxDl!@t&u?Btd1zGZ8Q0CBy-8 zuh{`Es#$VxV^3EEdj#}=!DdNrv-91vAV+<^WABU9*OGHqUGXI_vU3G2=En^h@-?} ztP{gpQ*L!n)z)WFhatD@w?jg+ug?4()C72EUOp2)Pf?ILPSy>xE%Bi z_h+iFlaT~JhZxPXhQGDb?eh0miJO?7n_?k?y$+{TI{{OXuR=ce;QLFusI9DE>)tL1 z$;+!ba)0m>dhxS!Y4@yF!rNPh@|RSM20$pP`d(r>A;7MpveI#{4`a=wJAr*nfX%$g zdCBIT$RJALei*U3sxpbD3?WVoPn}Edz{Lfh%X?pQxhiszL%zve#T9#=PxbC332jkH<-p59%0I}^cIeJw$N`K6EWaVv>a9syn%bkyn(+M zv?-YR-g@q_jcnKsggHcOesmwitt>HRgG1Qi%AiLWg{mpD!x8UlG@p+jSrMQt#Ta!E zy1$Pm2Ii$OH(Ohu^=Y0sojtuk=Ef~)5ZpUdc9otDj66S*!XCAXNU%8%qR)2hNgU6( zG*gl^evYwX2kf1qME%n-|9~kZiNXGMoM1B|O34a;UhhhD$IXHHZ8su_Vb(t0TzR*u zuKxSjb*y|w-@s?rW~B^u05uG}i@_*XC7U>$JpAT6zEqZldO-NZl_dlNqULOX$;S6!9wE8})&>3)^R0!&EcBCuER`AZOz5)@FFO_Z<3IS_fsCBok!=5EzlddU2)f)srDr(9+a^K%1t!%k6*v;~52a z?kwH?R{1)40;-twPxl2~w@vT23tSd5X}n>3$fKrk&wvY_LQf3K`Q+lVy(KEiaoHY} z92L!*eyTk|VzX?Tv+m+u<{BwS@ptKJkx6OuthQFN zPd9M!{dt+JGOK{l@5PBiiRpHawW0}k9}r+_nvMmvf|RFay$3jB z916*`U*}|Q1|fUvuS3L`Vi|DBoBHVWv7($5Xam~Wne;zv|Jo*%pVIDg(x5Xc-#gbI z%%t%`9R%*Wps~Fz%WUlWvvU~MVmkii-hNH;R819o{|;t-e(VzPn+Ud$NkWBNB=at_ zJvDmTD(J~Ogq?wlic)6|j<5gyyhcFYu{-y78N-fW$xKbBx&_iGABvz5hmb3VRMiH* z@u&mGPu6D3`F>}K0|(gOVtN#b%4vf1sxo;EcyQrJ$yU0d|th$CAsNkzKOIPyYDu z&>^3Mp33t*UT&^W4M^7wVmNDVEZfROV)CseDL@?k^;jK)3pWvT|^bjeIQ8%XrKi`XSf2 zCHo_h6g1igh70u*!th*p2{su2p`iY!Lt>4ST&Ddlide}Q>lPJh_SP6@0R+&jyyfzD z0qFn|1iw<$P~e~ioHCMK4l@ikQbtT_ZKB9KSXQ;ouoyvxeFOd zQAn}$5MvOwxYt!lXfJi$P>w02BvOp#lYxU1wvjWdTxm!Me5OYwWsxBi<|=hNi#dLJ zV6hK@8=&sb|M(zvxj~Ff@uj4h0~E>7k7$qC7B7rdOg}%TNsOtdqOlR#6c$&pTCYDfi$hqvpDa74L>kxaQrgg17rS3#gHMU$ zQILK^ne7%(rovCVr0912tR06ASd5?puY`ogSkLza3|Ljt8|`x;J8J1oI^1mu7_($0 zdVAFu@-I3RM6fBvZq})iP_hugAw=;jL8=$dID+{XdW^XP(3S7f!I;R@xE+RyE8*4e zWvwQt@AlPZ%`!bT<55(CBhIM>q~Mg@k|d(y;_-QYrQv;$=jYW6=D{^wI0R#Jrmo2c z$fu{WqvWrVs1`Q7#ayeCqlj7IkbUQEX$;`Drtcx#a^1(9aY(+M=G~`#d*|` zat8xZKIKPpFzu&%d_WhYZF6(JsczvDLJNdFGfYpC^T|jOkr28nwm5EILPiSHqUhUJ z)wx9xl8k+Q6H~^Zf7EGDRuKIYWs}QApO#;&6myAem#0K15X`^<(A7VJO*}sa@Ca9^ zv_(XnuX?HJJ#zsZ6&&6YksgOaka0mmsNmO;N=!<8a(Ucuv=oU^=x^yytrleDfn*AU zhhi?4EK%`t!pbb7s&pVl_a+`*_b6?Ya$OlY22S>!`iBVpS>8_GXx*Q-{(aP*Uw-X5 z=ajP=qsx@0m>VMW@u1EQ>wHG*H;7tqcww>_^~Wtisn>3Z}&w$Zp}$KZ(xol(^jdxwMW2^ zV`a)8npeNvAMP_Jr}bno5tnR6dcgmV&A*~h=kaABy({S`=@?3FQ9(fxN!^4mZhnE| zS@ro?jb0|)6^)yWab($8^dJ&?C~lZI!M{P^+X-SKSl^tRLFYX*#BQ~UkHkWCK6@Db z4sSq-a=_d^r2-q)Sv@E*f}Bx|`_Jb|0*m5RAuNqsYdsDqMs5ihPDc5i!W*ZE_8*?u zuYpH*D{q0STe(Km;_;(3pUgh-zW|*`M{O`gG#dGyGy10Del=08nguqb4Sb5xW)4;% zA~w^Gcd#S(=DMw=pqqqFWey0E^*DJwV$2nYbA^rK?lxq;R^<<*Cy8cOQLos(QL*5* z#qA+zJ{f3JgB6U8f&)n%K$beC6jv7QFp5Ex~N zig;0wInF$^Bv+POg4m!^bN&84)p3JKfe%5ecdGH4B~Lq|F;72Uozx2d>PL4 zcr8|41`MZ6Lo|*Lnzf{7{P=;>j+7a{<5>Wpgr+9>O@Cd8cE^}U3b*$AD-kBk2369D zD9@y$PaoZqlU1Ctf$2yZVOu#W__-MqCFL`)Su3_ty#Wr}q886m$&YPXiP1dW){N`1 zPFwAJpi$wJ|3s0XB|A%%1Ue$tD^A34O;JZtcsejk5oHB|0i2zLi~tO3NGj*aS;zCK zqpqm4IwmP#!DPY4tSi@-X=b%!>>l%7?;dr!*bKcEl`tK!m~MRJLZ;q=T67@NiB~rh zi59^uS6ViHzh>`4G6*AAu*o^j)m%?LHo?qxv{OH|_ZB^oe3SGRyyLFMp8`F)p|h0% z;J~|}X`@8cz&(x-K_LT)s36LMfbTX2ir!>wFg-SIMu;-S*~6Mg-hZv|f%`XsWk#=; z@=-Ubm}K~*F%ej@v2)`$RmfsodLls2n?VWqL9y0$iy4HJ16>Q5vX#|QAwa+CU+ssV z3Pe0;cWh1_ys+weElX1N9a~jE@9g3n0vs#L$Hd-{fp+#3AKq6kE2Bm9JtlQwAz*j)KF{Bt1sG+Nt}bhtV2Rv^bF#t z62iWnV^Jb*?GCS7)HHKRIM~&t;HOhhyjl(#VmvBbtG%28w7_OBRY%St)pxhkIO=eE zIJ&YPvJjv8P37x|5MXU2LtOf=68fg87218P_1Mdbg}8A#(wSw`xoXQZS1iU2`jV)| zhUNzHp01wBzV)RvN^TJ;&*HFO(Hd6L-QIG}_W78iLQXrIEP#9>sTG=WonK||$omDa z-h~?uFz=!@v*)ATh%zs;F$UhANf9B|y1be?!cLF1=p^rU`j*0)B$!n>i>iM)?Qe%AT^mMS3f6;UyWNWM3H*I2jtSTEzA{Cvc8^IY0;}=)6$KJgd z6c(h5#}vvs-Zo7hPE0{Zn?(0{6TJMev^nSm58eS zqTIBMJ!F>^<>O-q=7U5lw8_=_xTsoOG5!Rf+Vj=DW~ClD%kcbHs-%+N*DLLX#Yx@K z4rJ<_nHEgQM;1;|vX$Q6pYPT6VDcS}So21;(8a~}dRFuq;pkb%S9tzZ41id9p^S^XDmTl}%r)jAQpP>hUD2n0fFDYe|L<{g>#M9Y|}k;G^JY!<cue^@2bs!R&*{ms` zcj-^}W4JbM^M0ckX+(=iWfC%L&nKxjZl3)$^BLHbXQT${!J5&syPZbEgmMA%X{gqb z+1^V{X{&>w&CNz{d1j%~j37Zh*cLG(Z-3>>h^*|w!tCMd;QBwT*gp9U=gn)>izI!Q z9i-ukTTJ=3AEkqpttv-umH!5JJ#yb%Q}t0i?K77*qH`2kH}q|+eSb{CMtXV{tIP); zZ>7b0*NNVz!LP|!%pHRxdb#05U~kN?o6fBs$jn0P>n()@BbkT2zWd9Z7!1Z;Mb(qkiGUTXinLaH7|;Pz(#) z$5Xd)CDOibzkyDj89lmR)ClgLVFj_jnPL~;t~8M^#pri9u=KDR8eA77MH=g^^HWn) zs6)vcG8$f~0zloBFl|=OgY5!=dZVY{K$8TI?EpF zPmbx}{AmRmpPlNMlX7t_4RoNU1KD_U4%4w<*XhRU!)0@G(wc0IprRF5N`sliUc=O{ z`jwdZ@zms!UTr+QCU-wuxg%W$6d)aj>==Q}QS2@3cG)wyGXm^ow>BTs zrH%=)k!w#sRv@gHkq#C$g4>i^3BbrO7D5AdZ)nhdB8x7+%$|=Gj_mJO6NVzSU)SXK zR**(um9`zi?xv>lHmoCnl>W5%2EcUue4u8^IL_w4U72>>P1K)S`Iw%z+AoE!QyhPe z%c`VpQZ%){F}NAK89H+X#g&~8q%oOd>-im;%8AQ$2rxB>3X9bP1axeh+nS~F$24uo zu$L(y@c&ir+9H?Up4M+sOw>nDbAPf5ZkJgbv&d}cs>1V?fGv5xs*rmtDJw5PSI?F*IE=b zgPE4;VE80F6x=}dZCs7DknQ*vg8JQ*&N6vWaP}gkg zGm)@h$3M3w%5<|EL;>0+79MEG-WVHak#2ku8T&^(fxe?N61CFq!NaAsclhL*!RVoE zbGKsk7sd48qv&Pi&-8!@RN@L&R)dc5*ko0p_4u76P*uIVt-E4J9<^sUBV8UH^B@wm zIzNOPuNPYfqvgN0)B(5%YGj4II$Cad2oDe6+vCAF8obn_sv=aMSt7`acLYGd)9LBV zj|+g0yl87GuOd|5AQ%|zuu0=@VR8Vtu=ej?J@|lyN9SKNjDZ-PeO)X5|H7^>dkIc| zHU>q=dzfxe?^6Her(+c~9#kqXSO=N0>id$Qc2xWiP3Pgy*8jf$QZypSo7gjI@4ZKb z+MC+7_f{>6nhCYH+KSMkR_z+C*n3t{D>k+F_RHt@czn-4kaJGXYhCwsU(b=?fYbS} z1>vd(>}$OQ4Qan*Vc?VLiIngKt&R>l@gygham$+)XDpuA@_PQOaDN1wHZtD;7pVpm zI*E;)!gP=>{+|~h_5F&Ou0MHE(f4U#AjH8Q>S^43{u*R&)vWhBg-&j7q1y`RaCqBp?T`IrXZm7J$fFmo{8l`{Q?M=Tk6cttx#cD*d zjFy$dChiitTPd?|Qi*&qm>I#th{SOY+|86wYFi~dF9yc6P$x{AC_j$eqPq$-72wCO z+EGCTC&`xxzH6Qk@LZIx9VH>k8(N_c`6UjF&hztOreEsdX_e&LvK87ozEQvQbm zBvKIJLIvW3>&^u%+4H{oVN2SfIn&HX2Y1;+va_?X4^pC7Pk=&p=_$JPk;!-!-w@P% zRY7Ywbd*Ro?OYX25h!>6$k5nwmPxJ&WuMU3)f9OsIVVavj%f@`%VdiM{FL-^SNql7 zc-{8m_n)AuC@u|8`&jzBC zL+0Z{OYe7DPZeQ!C3Yf3uorN?V?e?qSem6Wq+v#s#vNC&zQ~T#LGrHJlX30f} z&E9{|<5u9j+JCr@s&Lt^UoqI&^z$_=ANb3!s?Yqi@OhpzMm@_Q*$o$x2ZLCTH9x}m z;Ul`CC%9 zLfeJu_+j(Bt)3dHZ%C{aitth)@?L=acIr$2SB|vrsx|aRCytg99BZ`at_{Gu^a+k|1}~ zEMyQ%k1r4dACh{@zg#w$oTk40*2vHlCFqvO`yO2))^8yHvdh^gr9|bq`m*yc49)`SN+?C^+fsLifRYJ%SE! zwx4bo>&NioB;=whc7CT-jHr_S?7yjg0k0c^|MnJdjuLNmT73=wz=NMfI5beRO6R>l zYNasbd3gA=Bvd`d&JiaTKaRtg`2?s+sGxwAuMjuLi~L7t5tRX3#;;u6K7rr>0}wx zSM&+#?#W%=nRQxt&IY+MDSj=4Nols1Kg;^1{EhE}G4N);=`s43-z#-}4IT;ElHdEkfA4?UsZXZ2F&jYV zXEf$_;oj>1<7|DW^+7b!nNzg<2UHJ9$E4Z`0Q#|&;KP3<9mKk^dK=>{>n=dWQ||C@$iV2; zB}q{fJQiRTb|4DC?a3qyUhkxP&VW`g^laJAt8?tIXjw07w10T3vSZbTi@JJ&3w5@} zRI-RnG{#JT``fjCzZTVf7-_}6L4IFJ$PWDbuKXPc)Txckl55L&LC3pzU?KfaHN;^c zhQcBs`W{8fCV3;NmAjJHt^s8nW*a+26lQW-%1>m6Cn;DDBm(>VF2VFIj#$--O4hsHCJLO;oM{Uo#rP3?(@u zjQ9L@O(}}|P*ID!o4dSo^0RNn+}~3Cw-zb#f5bXobIsE>&!poftW^)b|-6(q{15sb$Xa8KuJpIWrIljpa5KT^T>&|Qs?o2I|- zq6J8}9}*P)IKVqnXKf|}m)1OC#ZpZE)ZrNz&_C(s66H5JPlV?P+rXiT>R1WI?U0&Y znwj$Pe;kO>;`vBE1ZhjIj26aOOGlwZ2sqFN!BQjeK@#|TVRhW}x-0ep3ecv7gU(zQG71)9$r_eJ6o)7VSaou_(@#f`<{ti8VfMT!wg8=z!chE^;pr% zk&xx`Fh|ro%?h}$VTrfRNU`R!2W^N|Kg6-0xuS``D`SFQTCuso3DM-E1ZZQ5{M7lz z)b#d2&LF#ae>#~jIsFUY9D2CY7c-G?`NCd&k|)3MbD<*e_yF;Ss^W-y1sOtCO@wTG zje1Hiw_OIcT9plXUh9@VjMeKR(O3Oj{qaq*HoaFyxKwJ;j;;7%?)3;?2G8Rc%u;aY z(rZNUlnky>_<}MsRJuSRzH$4Fzq^anHJli}c_w8EIL=eG@k0J+N33|CSR?@yKy|GW z9BGaIqp2N1J1MWYmRLc{(%!ee%9bqb7+>fPQ`g!+|IqLl4{;*OC0oUtpvjYmm@noG z52v3=pP8_$YdMU(V;FK1xF7NaUj2Kv=b0|9-X8sEqz;wB6#nyulHcyPQUOzX^i-y& z9~I(16wtBU*hy5*<`x29ER5pdabB#Fg@-8?&X!cJ!%{*%w&7CzuE{H#1iuhe9bmH3 zr;1)w?Z52&p<#;&7FVzNG=lC?eIi7vCu+Qb$LBd`p|L}5onT+T?-t?mD@@KZAv8}PA?_)yLy+Xvn z*Q=8uXxxhhF8R7VSPx@}A(&Mh2j=<7?db*xJ$t9Nt*^&-I@#w=>dG{v{^peHB(DuI zP!eF^kFSC0*Z$ys5OP;HRA2%E8MWW{(s;H-Q!D7qP7IJcBcADD4&Fvx|B55`=Xr)> zqU)sGY_Zzzu(7h6#Y>O2V1>&}_kW;4QD3sQWr45x_XyBe438?H-YCP%+&0ZzWC^8U za}EcR;@DB4u<&A>ifUOx!IS@GEr|QA5*U`1Xed2kYRpyT=$&r!=hdq`DCn^ z3KN%w%Dl(GbqV6DdFx=~;f3n0KvqZJ-G}Sv&=Z=NQD(#6i<35#-}evNJv$z7Y=d+M zmBjNU9?$tcNuTny|Hu%6cU(BNH7bk1w>i6ogHCXNYuRBuW3mNaL~up)S$FDu#_;r= zmLq%}x5e3%I+GH0aJgB*;qP%Rq)x$S*62ni5y{s+@uv@eDM78YhUw}5UPQ79C4Cf~ zZkKQ1e>WVB4xNk$@|6EZAmslcs=0voSt)T~ub!6| zWvekL#C;zJKdoIPFBg7a`lP7ksj|s;wOdH@NyRSL-O_#Q<$;)oYnxyEsF-J!dBc_E zes+WeH8H@EyQ2`_8pB9;KmqK$P~Yj_%L3RoU-T=u_WscjFY0GFQ~V5(g+X-kJi@%r zgC6h4WSfGng<>;!E!tdI@;=?18QPcfcWLTn7N7^T$Cxc9jg_i#>BF8SDNXn(4W7IN!_gmzqY-|FPlaV?g!jke z`PUu0Cn+Vxb+V}Sg)QQYpRYX^9M{Ec^9EB7@rW|pUim|yp;u2!-hN(T+5Q03zao7+ z`x0`@eG@NZ6%5#z92%3%&U3r)ZH{P%N`}?^-Sv4beM!k7j|;VUJFZ{|6QbSq34&_; z8fBX7nv%Jdx&g6Fv&T$0`G*_6x3&95iOu}0h2|$1`=asq89xM10%2`j86&^;XqQt2 z!Fl+sY^dO*Sd1O73|)###YRn(v1NF$=mURJpc({!x(|!$S?DLtJ3|JUV`!C}e9ra{ zKeEfHQ%;(6#7TF(;(Cl{Z2Jhj9n|uBo%eSG^c;|fL<}UsbW}Xh7qk28v|PwnyLXEsUs7LbLJkPh8N}z=YDUFxeGRiGJc8NiDedlID59>;g{F9!NhSU{yP6| zU%-ptzt0>o7e$1cHSc)_C3=l>{f#dGJ!cf4PMF+AL% z)LN0;2Joo$$;|9*N4TjQ*@?9&}YL z6b6IHMH5pM&_(dfm=Csq_Eb>q_2B9y%!yP4#O?l1qV4g*J>I$)>gDh@6;U(s2I9MV zQRee=qCAB)0Vt*pd36%0q{GIs(~b+(kylB>t#y8o0Sh9u|)Wt8tS6Cj|i zeEEMWXknH3(I((ghjGe>&p+dcL6sh^JJ;)SKihdJvke_oimj7keh)k+*dhG+GQ}C| zNNP05;frA}vpq8S2&1eJY|ebPQDUr@1^AzeD9c-;&N9ao8%$v0qEJola+|bcTL7Ee z#mQMvm7%(@7)kjW4*c-mwt`w9yQjji0}8=bXd-o0%B%5yZJo8DVGW74_Lop%?1e}` z;M|cG&)Dra&h)SN5ca`RtNS+?O)wLI)Is&ngpWpg6mN{_4Yo+F&u=_H^9?K0#@Q2V zJDxnDTN!=_}6SQHBjKD~PW$N=4tp(XYDXzolxihK=yuWusVw(G3#z5;ZXX zyM=}Mh#Qt~ra77Q5-zFgdZ)DzVQeY+%e}d^)gE}xrCTo)uvk&B8?rn1Qhj_Y@O8Y` z2rHoYzjZX!ylR$G)7t+Hv=wntB>@qHC&7xwh5yeQ7QT;noBLORuKp*8q&D-PCPbp!wpB_VYAmx!Y* z`w9!Ih_oi2FZPbM|FoE@y9diIr@JA}z@etnJ`c@=SYhb;47C({(D^GBOx38M-2bNT z?scoE(wEIBulY?c@jZKcdjX!Z^hou7KxvuEKymM*G^W?a5UYOSQWs?cT8*0zU3G%N zoV;#Zv^yR)mp){T!NqX1v1=!+jyiOlMkq}WsgI~+3nTTMSBjOpmsekoJyH@M41uz= zQ<#E9;f6p`l8>;b3K{Jj^bIm2XUA1KyjfvBp;?rep8EYPy+)o6M#E~4r7lj&NSZHw zr)g^aBbt17C-GuZHvtHg;v85){A16+wFx>KmHBOdrxr2rGQl|&W?s4+@bBE{Gn`-L z{vPo-{9d56g3BtGDmR<@G)%`bi4?Z)tEf&y8sXe)-dWEqV-vj&KP8oSnAnbkO++cZ zR@_l9xG~BfuOO!U9zkgwK-G}*2LOvqjMu7_etCN^12!k=}r%j$2?rf zW7jV3Ikuzx*J_F7VmLMIhEtfIAImIvJkdbaSkK#_c0iv@-tL+n3}$zm@)r zkn)$8G4f~?6@shbc5VA_x81)jh0b#twjE8<*d>)W?#izw%HrYq?Bk!izRtTKGhHKMG|_sCrE#JKQe4rS=zW4zBWZ8k7qsy`9;u`+0~ zjKL{Eq&{DCl+Y(Uxb`V(TMa zA4K^jvq$5|W#GJJn)P4KuL{^#x66+Y#D~=n=S2*+uTI`CBU zAmt7Gjl5A2Mm>tY$*M8Naqa;mYQ_c@4egwb{$KdnVcRxWqC-$X;(KZ9eB%7c>0l2D zkX{kS#>-9nB-HANz(Q|DjV(593evA{M}p8@r$`tfOojpQF;TGE@ACr-zgEOXnQNIa z(xzrm3u<1QP5HigHs$G8;cnaBp55s_`A9l>Id{xhC(GKuXHUY=zqcWvInD-OK4XUM ze?z#ICPA_?gRrTj10F~%n%_Ul`uJZ;@k3|~+Se9@#_n6c@4cKk8N3S&=Ud~A?>ZOYbS>58N2B9$HGdOaqoc*&wZ6C4t+`(3e{NJ zSU(u??tE5LaWgy|w#pP#PNaJd=&}eLjH?w?!N&mA%T|6-ScanbvR}6#+9ZXgIeFXo zMTHvq33gDm0?U}tRCciJn&;_u(4VxX!K+|A!9&AosQvpC3ck)gzo>0L@P2 zCz>1PY07ZZUD7X6;rGTU~kaZw=R5$JjD8e8z_`N2O#R}IW+oQ@$p* z*mfKE24i{e7ss7@WOL8fc%<}uCWCB_ZkE;AC#?q_<(Q6i+zdpe0kSDQ$RmU`xU4fB z&mYgV)uFmqD)Lu76dGuXPuZ`_LnS z>^BCRj5@k^?uZRL+E*KTh93ViEVCSb7VFl5rDuypnqOrW%SM)g_JdPaj?`oZ`&CQ~ zO#C%W-1h($Z39ifj1~Orlc%eJUIqB!7j+p%Qe#!F($qC<;a=-?9UQiFVSc37uIRp z+M4gk2>moQwUd>U$jOrFg!TTKj&szFQxh7E_y0i9w$Rd2Q-5Vw+>a`GrFtEzKmW{J z9iqjtvSWrxMqmR&KERe3?}ee?8yg%SlU@HDni#S!{;a+Pa9%W;RMbu!ghINCdft%N z7Dv(NZ7gsr%Nf^iKk^*f?MOK^ee|%A*uUtIjU0z1gG!)ML#~K~TWIj*Hf=w3LXAv+zeC;!4h4+_$udu0xFCMyn zD%R01yfQe(Q&y&`JyJQSHj2rsB{NH0dRyep+0LoubK!u?5iz+M`u@4{SJlab?T-(EA)&5) zQEjb{hq5DMZS=clWfYW@PBWfn&^R&1G^L3L+>*cfA z86+CJ`){SZ%^kebC=I{|6M~e!+}wK+U-n~ye6J_%HPAT})s}mj0m2_Yg9NU`3Tq_# z(sh%~QY^McRd~wg>2vb4EJ*bsb0sj9+^Eew&T(P~+VK;TQ7P2S%>A_A)U>NP`~3oOI^8;x zJVfg(DMg9l))n~|Wb%3dpwSy6eb1Oecnm5m7a)e0>d-7hb)D6cmDRI@_&i=Z#ewzO zA}Z}oaa|G!9B^_639bfrq_HT3%)MBLVjNHCqxH=7Z!;HDQU9nVJ7m27i*zbtX8p!u z8|wA9VNK{*@vq_&Wy6ms5!s$ZcBOnBiwIz+mbSL{53c&NbE7497Z=p$mC_kMi;(-g znNq*t(-Xdo`$M1eyOAW5@-J-o!`(FT=R&1F`@!Wapx*FYi}0uwwrcsw@78}bAtanq%~pCr2(dtO+XzrezD_8kWOTGl4) zdkLcPuYAhG#_E=gse7{E-V&$c`Ch)>TeAYOu?C1llB6$07Lv;g*$HWCYt%W4HTaI? z3Pqbz-W;!I>!wHNqb#!KmpiV8ePT1(+E4b$xGaLa2UbhY&Zjm`vt-h4ZcU7^5qS1In-=?C%7tCg!O_iz7zFQ3B6GLAWaIwQ-fVZRWX@2)3Y8~5MDo6J} zu~3j8KvgBrl!pT?D*lcDE~x*OwG@B&+o)6t5A|a0jN~6qy-wKFu8vij?Y*!Y$!=Kl zyx)5ab=;)5xASHl-pyavEbQH5I|eug>0c=P^q=Wx%9FaB8%Sm2lGbYKTf=1czl{Z! z+E=_jBh0kvtc=Lz0ukuz^)m{lS?8w@70|;lcKP(5LD7VhKe@hu^{&M1lO6p0N*fI} z9M|m~PB^=ar<2PYI=^3Yw@}v47I1G&~o;`CX`Pd(|Jx zYk}4|4q>NlGSciVi@U|(J(pvQ7+uC1Q#x>??S}IG@tp^cLxElGE0@X+_jSl@AjRj> z!?%x?Rrp1UI5;gIFAXtZjQvJO)=wx;T9?YFcvN;VL#DP?b-pIvTBF#7LX*F+IdEkD zbErv<;WuZM^!PDs_eBST%L#!XYvinVYwH@WrsgW=A6kFB)kva!96Jr_SO$a1c-ZlS zA&RYaNuC`Tib;zcL8&%0HtFW}S@thR7LGd#HpC-SM7`%&zHhAH)MwQ(T^26qPuBL6 z{QHvj;6|c;6Eo6Mf`TYz2J(#eCHHS#D>CEf^KlBLRUK#Q&QBa$^6UX<+2DEtUlJ(X zRR#x^Sd(tX-(E=a-Vh%^{?22`H>Iu;Ynj;y^b}^P$A{(nE)I9 zj#}#O2eO^NcQ4Sv+f-Kw2=oVmKv;y#x?BVy2 z?w*IahHQ6ly<>J7PRajZNBF;K;f`a+q8yzc0pIiIFPB3Q3?*Bw=tqx;9M?9YllXxx zx{l&4I=4bAR}J#9h>E>BV7iyu?Lx9765c)~y#6@XXn#_2Ox|EncdoXt@$8z3>Pdn^ z60Y6smv$U9oYHx14M!yz^(47pjx*@%#vWgYB2a>ZIRXO30STpLWvRt0rRU~;Q5`d4 z=b9>Cf7(Vu)IC68gv+;f6Ieil)Gt6(A5_G4%?JmhxtijrI=-vf^7D6bS>Kv0G24T_ zOE^AWFLJrkewum4-qv+3d-oNOJ2j|}gRR#?5STJapE|*Ey22S)J+HL6P1k4K5)E1M zrv7me88Mi2>!vJM{o-i6qNNFrEkKE|CSuswU6YuL^+U4Dt~`X1T*Svup!$l&W7+L$ zsh%NnNd$qng40=911u`gkJcS{8k6Oe=8u~Hw4zbq6j;HQPXWDMd?S^*{=RSUzu2iw zqiC|?Vy#W5z*`B~7YdRe!5;Sque85#{j0;eLro7<5f#t{+F~OX1fl=FzdsrUeDd_c z`Ig(-aWOD0~oK!68E{G-*iT=mY$iG#z|ZoL}0zQ_6uOjljZs zU`Hqx)NfDNt;j6UL#tmPa}FVbjoN8o|Uv8GMCBL?drC822YU zpt}AK3nmz{9>l^{?<4AJk^XbdgB8YyDUS-xcJS}v>?mB7 zKdt^!P@*lfVuCel@TFf-@3xiiz;(ru_dzY5n+$V&Q6>SiF!6`qo((sZ}T! z?zKn%_pa4kT#k`8GqcqjG?`TtgBO23Ee0#?;79dSP(}uEvo4jf_9oLU{4)^f+LS2- zii%<*nB*LDP7Cok^tN&P7*Y{h5Q{a8DWLkbRA!;a;P9ya28*qTUo@<;;+r~qnhzT* zD=RLCx#BD27|-Nw!WLIH3aiZBjR_ta`EGiiI&~VUzoM8GcX9l6cp%l$#A9`RK(p}j zCn7c@f(&NbFM850;62RHRPm{V{a~WW3@ygTxIoTkpG`?@c{jBalel7I|QL?+MK2{uQZlSB*IvlDUlw<_oc z*YgilgQbIRC2Co@pn_MNB_tfQ3DzJYVqziShkSkU-}V-*tuJI58+#Ho!@;t9C*@P= zk}uy&MRs2|56{$@VFo6sD#xYsqaVPSvCLfimz1aY4`0?1D)o}1?bmSwRhiGCVW43U zQY%GXnQkI4+E#A6LTsrlz-xBa=e5WUqRpuJPnJA6Mf|ccaw9XnftS^k?zzJMXTd=L*gg#y??$9`~*WU8RykTGKp6;{vfPKIJ zF3C9}`_>DR{*y->;jQ2g2DD01|52J0IKyc1jD``p;f?$C0VB=LEujxno@a^rhByGI~1ZGEfm9EiR)v`55D8~&^ z(J7ml8x>iy5fuCz+IjfkK>~;+|1r;k2(NE1s8uM~x?t8Pyf#PKWakCcG0DN}ouJmw zX03p&e3-0scK*^VxPbne@((Th*~JC^5iuxH+>eN0w&QlfyW{p)O3C`ZVaW#384U~P zPfmsTk{DJI;hUWWJz4Fp+a!BE7@FCrsUfVa?B3YiUH`pavY})iA60p`y=ycheZ@my z4PHX)TP94Zl!hXJ_+jXa1886bSx;&+&*?BGEQVTv-Z zonP`MR0Nvr%sjNr^oT!jQ|p$0H#2*j zt-HkL#-pL3AzmqzVOBntC)MY7Hu-TZSkv;v{tgj`Mfk9Vub=Frc0BqNRXImgdP zn>0pq^aXl?Ld>)73pTuMbRxkuS_qzkZ(HkTn=&1`lPQ?|I}Qd+PFVXRj-XA@pUw0L z8#}g0d{bS+}!7J>yHM}128X8T{Nnk^H+@*i=Q~Kzzmt2 zTrVp}xHWB3o98#ZIj!N;Fpm`Ah*p-zm&d5GOO%T@LkyN56vc*DiJJ&PA4}5WN;80s zx2Z~&vz>fJ{L+yO2X7)e7GlscI0X1-RF9~Y21SjrTCMv%GA_I*<0O~q@HHHo}O z+rwXP906srX<;f6hipdU{Gh4-P*=TP%YFX1c1d`lW*>zdO||mvXz2cf-K~9E-nZU* zQmmtT?rIJfE)*`Q2QHw}hm5L~07jnvTIj3e1v`~oYFPBhyku^s*O^l){gR!F`5U-> z$L%Er!#hVD&*(K9@Y=>;y`LD_We#J+ndQD;t;+(Z2ch>RS9>F#g=B||looX#2?D?I z*?!&^I%yJW0j6Y=L(RHOzVB^q&6)DXw1>hAU}QpZ(kIx#&mx)Z`~)y2B_xthi_Fa` z>E@XL@YvysZEa)fH!rJkNwtw|#t*f7{CMc4D1$)Eq zY9;Ht4nQwEe{9`mY5y*~b+6|-lr`J$eW0er)#ao>TXBFg+Y5kQH!~|su7_T+vWg~Y zE|IJ>{~%q#@4v`NOk)}o2LFb{$)u}ETaqX8KBte+q21e*0CwI8m5FCi+kyFnl6hA*Fp+Yd?fe)!k;X?2OVWLI`gc6LVm2{4z86zN(+%G|5N03oJ0Z7#!B-v`{ z4-Q6%x-H4%DFV1kYH_=Lg2`GAm9 zAY;Vd6Znbq7_0fpe+I)@$h9TLDjavW%%Y@tN;fxVfPnq>xj!UeZJ5d&;?seM7q<>q zfpjEBT#YswQGDS7rQ_nU_=TdvzYDJLW5xc-h~hR=qEx~{be!g+L<$_)h=_+uDs8|W zt<4Fa?AgFC%cNO2cq&Ifv-3GV&s%Xx<$8$OI$Po%)|>UFmZe7e(}Ha}=cR__f4DZJ z?8caVYLG*eOD0b?1BEy^uUQetd*e)#U9S+k2i5Q1X0PW}}cSg+MySGSHsML=#QzV2*NXWS%SOp+-7 zlGmQbQwAn`dsoOOZ+}D!8Y^)viQvv@Gmf1T8#Jljk1kQCjdUa5pQ+m#9OAhi91O?S zAk#y~@m7#94tMu-bXg_yVw|A5+d|bGLA9Fc2I91Ap6)#^!O=KIJ){x7(eK2emE8Mp zzZA`NGR9MUcpnl>;HIUwz=B{LZOq)m3_7{X5MW40F{8b|IBykM zRK`=dp;fqVvFfw0F2eh9jV<$q5%nZztp%DPQ>|k$Vx~QMx7#v;${Zr{CcujUElKe~ zdG?IRs}>3PtD|stK?gUl_t86+f8;LzlxU_&pyeAeT_&BHt*5$k=wO2t*x{lV+K^g7$B z{HXC!dGX!QaZcY;-K!_)SxR%OoGyZ(W(m&JMZ&;gsVQ5!q50<#gu^5oDP%ZnfunfN zysFm0L=Vy4lexK!)y{IbwI3n;AO((f?ID(DaHrh-r+{UnU3*@Z9jqaQ%m90PIpAKBOZI_r-IZ(Df5$48Xqj>5Qfe*o$Y@ciG*ZZ$=&o( zloAiX75M_v5K&UYNMH|d$3NkU}Ks$!#Ht6^}U4swq8eH4cz*` zW&VsTP!4FBYW%4ZRfMC7ugz3;-wjbPjg2W5N|y`P_uExy3Q{uRVNc)$fMxwY*koC- zHtXFJ{fpUQG2mJ6tyzM{KEJ7gSBe)yJ38m6?ai#6$O(mBOfZi8S+7fd`k0g|w9j7_ z+WYznM-dD0HXsz1A$q3`2NQe?g|$;7Yn~u$;Kg7qLwk8s7?2XF2)!#{jI?-xZqxWn z@JEa?MbC@hF4vr1h<0iaNaOwI*vkfH1EX%_e|7r6IHU!a-K=}>?VLO9(uX^jOEPbg zo2IT6C&}2|hRjiDwu}9s!IX;SFRHpH%$O!KaKu$qlUoAfFge^K>WFfkTTS&9SlNFSM2(nhCi$1GYGuz<6$H#Y0cOa?XxOL zMrNY-)nHqsa0a0>4okOX3+6Bc>ypomU~|g0)+=P7_2fhH(-J*BCJD5$4EIS;Erb!` zaU`r8*5=BLSP$U=3FLt-SRX^tO#B`nHVa>JUd?H}wt*7Dk|`Pm@`*G?1TDNp!srVXE7=NmKp}DEFXjKH}(=mfk}!VD!YROHTRe$Rloe8aEYQ(1YW6O-3lJCF~8 z{XE|q91!Tv2Y#;3q(mxxdAh(){gz>3qt{O0S$uTmKJXtX{5%g;0&AMf}QVXvsYF6l_{?JkLg^p(&}u zU#a|0qTcvrr)FcSM_0wn&F6`(BmE3#6MHY)*@VBpkOA~y&9nx=Xo%6T-{LD@dq~o# zb-%eB)dfV9_~tb8%Rd~Qtu$+2!HG){(g>oQ`piSox7<}v06tSR0+JYUE6wQ*yLf5@ zI;(S>4)I2d3}P&{ro86h8|*UyeD1tR&mNIA^uY1`ZcI2qr3 z6bjp-fah252{R-6qxAJiNJ;udXkP%r2H^GeQ;z)nK)fCa<++O)%|h)rVba)g8tK?@ zQ7$t-0N6B(#pRuG5eW9rsUqi67bk*&JAorjmYY`SDHt2ELCWsN2=Y$#6^XKuzR;>Zu)=*FmD@ee!%h7T$u?T`0oC{2aqFXj zTl#=q{U*L#s9c9vV9+n1YDr*}GH&OgRS`Hsa0-ZF*|rsZDEvxAR1U3GDfrqKUXW#} z@s#&XnFH%Hq)suqB&i-OC#hzTQ%t{42W)pPmdRt^J>Phn6w`_YD^5m^Cn@Wx02~}0 zxsp-C!r@*VI@@Bz%GLNYKfj=A$xqPT$l<-=`fhY)v-q_aOwV*NORdr*(bI~+Gwy+n zvUq}^;4Jtfr{+t5^S!9NQyvh8-w65f-e35NFxr4M*jVgP5fB3N{Da!|85!Z>;o11b z(3YODx@!|#XK6efpM_C?f(Qk^Vm*R`H;$+jko?+Y=U?S@X7$jY!BPiZX5u(#u@@?k z8DWt^$aiWzJAN*+tWTfv(pyN_L7jvhr{0^XeHB#c#v`)1#yVN)Mlaq8c?;lU<{rsB zy+Sb(IJfXk!PkhNXF;o;8x49Mq(gRhRU)6`8EG3d!^c_4Ti^S??V_sK1H+rDXJnAZFM8@c~H@i0j)}es4e{ zyODMbn273pbF@_LX#nC|iWDZCl#xK0$)VCb8qE8;(N0!t-C`=kA|pjm+B~y#a=q*c z3Oy4R)*U{qk*8MZ2+BB}VF#e+&b1SwtT<+iMQ3DQ{8Uyh(+DDg7aODYH^C2MdB(^3 z;a*_{>_sgL*AUx(?On7lfn^SnlO(iZEFhFp0!)v0V^dkT|NP1Z>T8^-f`i9lq!Ex` zD?aTe?2K7$UggTihzJ?z?SA%}3qpFK$F$i=Nl2pzNQFdN%G-t&kMP%4Q&I>`I6rhu zd^}K$ea>C??%x1gKRAJ*;FY&u4-OOqbsX*R*9bJ_6k^nHqRj*%_VC6h4a|Coxn529b(TLyWY2PS*8OiT5L|0*aQP0>d zsdq#$G$G_>{Yp3#3hhTGrC`>RCycP!PLpDDw@CS~i`%DPXF=yzcsTyLUF{)YF82NF z7$LP}SY2V6-WN{!r(#rN{CQLV=LK+W7Q$>EoD3gaKJ&wiy)1ZKNWRH@9UL6gP|@Jh zNnf`wnc%d2Ujz+NRtk_bE`DK65CO(ux%16$r&f&XnSPHt7=z&{$L_yI*S_?*3D%l9 z{zJ$!EY-?IlEj3ZjMM$>Kg#go@z123Y`$}WCpqD8tWSnh66|mPB3`2H30@A0H?6=0 zG(4b`RSLx}t|rkO-6vEXbK`a{9-@W@lE|d&y{VLss6D$B*b$Hl@&9PL>c1wxzfCiG z!06iOk`|EO=TPzwS8aKIeU| z_Z8;@^kL6sf3Vkrd8)y+O4-JlakE9n#@acF(QTsq)O9Mtbt*tlWk8W^_+|(2{y*6i zIX;zLCf0#ZLkoF|qMo0*K~>UW&PF4gNjlG6{6yf@cJjBGpgsU^fBAm2->76ksE(gR{jIJ0wezAXr#a-XG{S*E(R24 z#lL?2%8f*kup`bBP!lUTdCTol-@YAD@RmGFOeOm?SHU1c$~aIi;Pn>m_^}N7XUG9| zAO2jgPlxBMQeCw5bL}*CqM8zcGL>HIq4-q+{-}j(w~nH_DSau}AlXp2xIaO`h4#Xk zOrrP@!~Gl5yDxehj0-bE8oRM%l-WujNA@Upa>o>cyM+eUpvd=h#Tj@U`f3JdnIBU= zW||X#YF1l(u(=TD<+-mnDy28&*K$quQZmYhu*QLIb1DZQI_bBL7%^&)PPb1j@i*yi z5r6&78}2`c1iUh-ALY$R`cH?z?ud5ha3%NvdA3XCC4+(D8J&#uOQyT2!CC`5rA0Xm zuunwVsrV?e=>gU=*mpBrCQOt92K5`OC@kJeyswMcb7tLei=V8T9>mVxH< z1>4%3pa}4oK2Z1dFOl#~VRsiW;JL;Kiwg!UK6z7cWQ%X+AfE91pre73EH5`0`0rMa z1xK7CXajx%j!2Dj+7<<9b0hFR!W!dCQ=FViIfMwm$Dv9 z00oHG?3;&5tKolRvLpXj#N>cwOvlh2wWUFJ4xX9vG``n3xOo(rHM(Bx06td?6l9u= zfyLZH5Xkzjiidy)hgcbtlrY3qpRf^(NQ9-KMnnpQD0_j|2K*d=T}|DMoMF|ZhmGT| zh{xM9F0l-6CJG|Tp#$FY02Y~~5R>bMf-PDlj&{)A3re!mKE4xRNVRZvQGFUu80^c$ z3d9O{fwaEI0Qiukhi%FaGRQg~Fx*d;2b=TwFFJ_g6alBNF)4Y(a{MunISHdio5WLakP4*6#oi$9bH}*?Ax-Di zD01z7XFg)>Y0%P!k0^~|dT2-_H)nTz2@c^Lq++aW{8S3SS`vplPHL4Y7;c}WQ^Wrb>699U#=r@ zKGJ;skUslDRx*A`o#}n31PhAk2kv=^2vCtOfH|c+#jYlt-DP70ZL{Hcb9+82$%Dyn z_?KY#*G+=T!KZ=Yv7!G2{B@U=ckxoYhVzKg4hFa$Wb#(9NQ5ZvJaZ!Oh zVsxVx)jAbMm9y(qQ6LkOOpao9PIk-~K2tV0BO=_h7QtK_aXyMpZL;Kc98h zDVU7Rusv#pz}oJ>MGUXDXu;lUYp6OL%OSG$q_BNFlQm!oGFUW+&F-s=7~|B(Axot*v=PzdkfpcUR{=J z z?JFW`Z~9=-H;vE}|Mq$#F+2e2C3ZY7)vpdAK#PrhAc8N5cyM^yzigHOX=fOEI2h?g z9&D5HsQ0ksj1E2whP(qd3N1pBgI2<+sG$*dG~)Wq_jyrDI_$a>D1$V#flX#VJ@iBdoMyCGT0 zX4!>W8ijm}FRO;v|HVtDdwjI|7R7@GyP<#}wAU!QW4?_E$0$@OnmnW;Oy9>(A2hOb zOA61E$Q@s~tApd}s{ttx7GF}X#Cq)TUSq{UG&a8Z@c6kA+Wf;+01z{`g>H{NQl4&C zMnW4=f$O${2kV_zZ{TM#6-XCOkDq;f2B+%y1{B+rki^D*^9Sfh3K9m92FrA>qiq9?{JV9s%-F*JBkjS9ea@NR(jxa%w5lamRs-rB2w`jtGZ`!i=H>P8=R8sIS(+lDo1bH{>n|)DEox5AP4}XV%4qXr zdJdwMPq3b@u=7!gf%Wa0LuLGgOF~&NAX!@Tt~1O`U4Jz+pS#^}ACcXO8EVql^dI}j z5+T4Jyy75LaUKP9boX&SJN2V~cL&7k*{6*QwB=ttnM2BB(edh$LW{!sC6>W}%INyX zY({Z?PO`EuDOV9>;P09=;23C$_AOS8O ztA>FN2T{R7)xe_xq=WT5eliWirOPE7T*bu5Yz0MNr>Xf{%LdDCK*7q+!pVNwIthx0 zghM6MqzGZ$zFr)ls-*7}@NcS6wI}~3uoV~(7TKr|k_OM%O4z+*CfmT}{f)*snQ>C!glZjsd_oEQ5uvhg)~H?apV%cS_x7lNKOu}#-c;n z2NO?0ebLq;baNZULDG8|JXg0f$66>-+ZfvJvBIrjFud6$uTx15_5D3la~OSzpQus< zBLU`Ui5cU`!aNn`ZWWTVpLXQ#SWMqPtkc}_D{-|UquQD?G2@qDGPHxRwY-m-*Ab>EuO%% z!zWQ3HuM2beWU#lHRP0-+3$74Nr=GuH@zfk0BYFJO9x@SyFt#SfjE5(vf}V~__myK zd6tu4J;Sl2OfZLwg$z#+%o{N4L<$3<-r~c_Q&HwY|9EG38zHaXeFVx?0ql-CBqyNn zQiAhTKK+n@zoljhV~5xKAt;>5P`Im5>IB^R=j8C)1=HHekL8~sz3OqnQF>m9XJHh8 zRG11Ieet0!ATF5t>2}387||AMezW@1`j8fK5!}1NeBDD3-V$ z0w7+{$Pn2&9jUI>D|6!6L?I4%?jO$sK=cGNU%iFmG99eT*kNuTI-rF>nZvy!ox%EM zBkGV>c$zc3R4mz0z$EkNIDT^hO&!iESXj!6PDmq%jr=EG1hj|&p!Uqa7G5PZ{XWdd79RLA zI%MMLaH-`wqBa{_!uF&sk0cp7J z)mPLaoUg@?o>4;csW$b?{WG%t{mas`poAdm8p6_`WlvS4?Wmw61RZw}T73d7vHNl0xr1@W?AUQZvlPjNrUbcFGGV>Ra4q^LhK;ky%0V z13MCJqkbqm7CuQm2JY+8ad}Jsp%+YMM;bk0U-dY+-vM=5-zmp<&4A+td8&C%aa)+@0Ii*k=Q)3ppgGW>AtM5{k0 zQNOGnr+3E-q4e}Tgu#)YU^)a;uGJeOuM34zp|q6WS+nd#Ju?c|;XqQrhJ0Hs88sEj z$rB^Q2nqZPyc)4^{20Ozl}PyN)l{7k|4yOE7I2g6I%dM_c7glyLT8v(ImFL)4gw0? zV6~ClS22RZftEo&H{8uUV$G@0n-$&8=Qy@0Scu6;(hv|)Qx?c%E|r2a^Dn3dM%c0P z)%*BWe$Uh6;io4Yz+D2K{OZ$X$Sp@VI1uig`o71z);xT$&?#{Q)D+)mf^Lny{#{T# z``Jx3EHhcXcbbQBn+LR(`|z3tmRgdRjf?|7V(xJ31P}FhXt5(c5ThmvblMB>^=b7F zQ(*kLGwIM^seKo8{`V9wybibwE1u{_V><0B9`J53?B=++`7R+|&J&x1U;p)+DJb3t zMMZ#Jx4SMQ@iX-4$$W&Toeai^b2K&>Twp8~l6NUAYk>EvX+e0b`rG*Jknn#m!HJ`RQBZo9900^KLSzOL{{B5Ntk@g3Xd(<8nwop!cktJy z>*(Lr)rZHzrhgBYEZb?bm`yI{K!t_rE%`%ieA$;6fbY}YJPq|>$aHQ-66%)c@S86| zH&#Stl+tf^UlSLce^>|4Y{kmSe{R(M&4#$efk-88-@Sa;$EMXMl>J-+lm=+EgP3vg zUig9>iuuqi2H&Cwp{P$}kmxcU>yv|ne^>uiTPkBG14iPm11awL~iBLeS zp$RTF;sk3Wq01JMUE_&9fIa=2Z|ubGqodoOsej#@ukBc;dLg#@r*T%Lc zTegD)aaf0aJ%gee$Kja0#CDycQ_fmPNbMz$HBs%kk*0|zW0ZD|&f9&-n5+&Vlj~8X z-;BjTA-_x%VKMO8RJ_hdG>r@d`{GTDjwSd-Az{wI8%Q9FGBm|NEj8Czx5b<*3(Hs9 z5@W$j^Ybm9%0%v^{0j7I2X)dNq$!KMSmAS%w#`ha4wsBx-u&(_>ENM2%a3aX9_gzj z;ToEl_xIX3c4Q=fabm*)kK4ldMd9hzm+p1H$z)|k8?cY{`+bv@YkhPKBt6uNLcGO1 zE86IbH8(L}f8Y~DrED#ul=Wjp1$u&~)xoZh^i}4z_s4nVzwD!SRYjN+_uc_o;^pZen&{p?)%cFW#w~LvIu9ujQcAui^fbkzr z#LC!kNf#1T{;e;*Pi5yb);AiB`b8*qgug3*!(nN87Hlof`CS`6VNN+n#+W?TZIdb6 z7@|9%jvVyM2mj{Q!Y3K&2WZQE-OA671oq1Z1xjrbM#2nW>98dnPl#R|@zB!|6lS~1nvsTF>Cm_*PRy(g3xAQ=ASL+`UJDE-m#g%u&-_2H2Lq0-jb5mvcpLXK}&U6H9GGdc8mv1=tUSmPwt z_L)LCk1#u_T6H?uQKG=ZkKeN*gp)||Kl?tB$|KDFLH3fvy8G9hZaC0g?M4Z&xvLA} zNa}pA9q!)GzZ4*N6CW}Uvft;YgZ|y7flQ37{Pg1N%_h}BNr^zX&zl#bYAXt8`fA^o zk!Feb#hS)O>%*l0&p6qu0gy8+Q1s~agBWrTOcn3d{K4Be2g5 z^p0A6rdQe_!;05^p>gyp5j2+*Q=U4c1}X&D*`OMU8Go(=1GGFfVL^O$D@K9VFRGt;+W6MJ5TS;!};+SKbK zr#Si=EVyEv7A!ckN9mpg0;3_PP&^Cx!*5xsz z!+%p?!9{1bIlCu?!;#RN2VPH+<`jY`a^k7d*69+p4S=2`hD8e&vB7+q_lBFQK*W3E zsAm>9;HwipiHB~+cg!Nn8(U5{h9Sc=g@)xK?0sq;jBt}mQ8-1e5-;i7evAqmAqAK1 zOvD+lgo$fh!L=ISDkB?c`=^} zzw`M!>qWuPKmP7pvda;NbJYwIp3ALsORM*a)fKVQ#HhtDW!D4NA@8CmQh6F)%)Z&u zUf_MXozw>FD8oj=&3DGZ<_F|S!=G{pU`6N9$DwDVquaSoyq@ns_AYo^6jW5t*%9u5 z=V}nWEG1BqZKBc30d+_zk@a;)#O;7hTdUXg^;(P1&3_*6>S|YRev)N<#)q);-~icR z1*_xVoybUYco;lA`YPP!)L%k$A}EHJzeUYBQ+15QLIkFKlvHD#Cd@PA-5URLv zvFD*m#ey%_aC&`0=NAj=_`m|URGvOGb;_=%J-m~H*r|!-+wA@kDMg<&<;%R0%`KP^U3Mv^e?FuoMEJwQdXG!IAh*7r zNDX~%OGVL3nsxritrXpGA|@H*^3mRq5;jmg@hVzWF#Ns$QWk5wf92j{5B4#2X1;3d znM_z-@>S?pd3~2QedI(5)sSULd9Zz_6<)LmZ5jDeua74!GgZujhj@L~Il(F4<_<$p zWRLUq9e~wb5sBdL^=VMCnD?(KLA;^f7Ts;YfQKU|$%{j&Xo3Kv=xvwKXNOqZh7Itk zRSY2*;P3zN{Z3`F(QQ8X?yZxfqgl%$K*px07BD$I1wFwEu5uISnaO^yfL!3+fqXnW z27y1!VM z4Z@24sH<+szY9zr_;MB(=fflB1DeBvE7>uPZR_y+D-5V?wSA!$xDPNwJ^t&Iy(2ZE zarmw2wMmYHH;x}9*FnSK-K0AEE1TyH9&%Q{bJQYNfn^1VQVuveTVzN7(^I13nLW5z zsp{ijXQzH-i>?#0!WEE%W}UA&BP1gWYPp4E^0*xh%DppDqVFL2#qeHsIFRznJ)`5W z<5JKcscY8YyBp~$NzGPC#qaB=Zsymoku5;g4%DHQQM1G&B}SZlR^ARlh)yf*eZiSxCoaM-jbE z-LX2=`BtUtlWI9Py%6zQdyp@}gb1$!OGu0^w$2?-cO|=2R9oBsmHO*S34UC_rwMA0 z`J%JF`N!aGjew;{><;vl`*+nKVd%M8dEOFxR_T&lcJ~J7zNH3nm?*hjBLdNJWodk4 zP8h2T=qG`IViL_+jJ}Pc4K{ZU13SB^aeQ)la&lwqK7yo)FI6<}TC)>b0QWK-tjd#6 z{f&)oWRr>|QYah5$(A|#1&;!*u#w%`kU@;=z5heX&aU$FyH+(z>)a=tYod$65z9XE;uExrJ}fcysg zwGn!rQrRyRU*JFo2<)u14!%pM?B6bEVdqbPO9r$=GtxK3Kt&}jQo$;xSYIaiM9}OH zLc-O%~DMK$c05KamN(j+lMBN+@R0E|T*0^KtJb%y?4*gjdsV|2g-<};vD zh_egFKSJw*S;K`)U8Iw-;0`*#p_Xnfx4MEhXiK0%sEy0V%3pYR$3Oqpr@Z)+^AL4G zsA4BKn`)6`PV%}{Zq2}oS*!?KFqh*0xd2z(I*`jtLIChKAqDnK5}xVGh8H>V*`Jh< zM9TWr^g)RxwcvkR$dsf6s2Z$1Mpf%FKkQkkk>8v|my8sKkYkOW+o6g<$+aT4#|QHh zPY)0(#pKWk_#YZTp%$f(FqO(?V*(bc4>gKG;K6z*ZBcp_DnLhAXe5k0ulxgpgx7yd z4IS-_#8Ww!WVq|ZtD27W-&`PSAuc^;8cLqLeldDmxPJbp9 z@EDrko5qBVXCr_mK%PY6GcH0l)|W2*Z+r}uxisf~mWh6rsz&-=8Yp;^8`u0;Se&4V z@YxQ22)X5b2np-B44cK+2m+x_LkbHT_u1kYvC8Vs#XP_6LW)~lDy`)5^fLEPov!x2 zVg8C9(HBxt)o322!?ps8Ou2J$0fc?xfMec{c#w-L2wI9r0YPkRY(!3ykE%h`HeOeu z0Ui>I>ajY=h#R>ksCB{eX)5ESXY0>x&c)}Bj*gI_5VOq3yVIXx1-HpNG>!&akCD8$ zE0g-FrbuI{JcBGV6TKh5=BsHhh^XahVU|{}XBp{bP8g8$-u2o4`7M*@=wKHBQGc%* zqq0jUe)i7~4-eBY{wyb9z{ZYdRbJ?E5es02`>U&;sZtuCNy6Rz{Z!vC1;c_`jssO% zw-s!>yw-jpS!kmg*YJa6?h2lXVHMZmal2Fbs@gL#xG||~@Kuh8IL7`k4)yyJzi>An zZ4hiPHa8a!lMHxSBcxVaHtGU^c%_u?@^y3Zdlr~e#&gyNg@jVs7HusjKO20JvjL(l$MhhpE(-$%4z2lNM zGxT-7cS^sl{ld>F9a?7O=~p(9DC9`omQfZ3OwlgbrFsvS*WtC`nn&S7*19SI$NE!E0_ z?2^ok;oZaa8g|SEv+qXi`8htoO-eVJc)4g4G-ncIWo0~-tzoNIZ4|%EZPOKqn>nmS zg7o+zWTzwC(k*QzY)(+ol>*M&D2>3>4#OIsh~>VxPNohb?7(6&2$bT1R1+81sZ^Ty z8tmC~h!WYftu_@w9Gt_JstY@JkSwm`s8hF)oq>mA@;Ffb3#qgm4eKkPk`iOpL*5=t z47^#--&Dc)$sazfl0lZR*_d_st;Neucq6;86h(iua|}g^25ZYHw7f1YSQ9(I(lV%1 z$3~&0&s#c8Y$ zgGaQ-{r?hR!V*VDVBzKpDiyJU2HaSH2b@l57Qa})x3Sf4Bdx8aI@OC>=y&&btMzB9 zS^Kkk5`Fm~QPUVr`uM?(?IK519;s`qtgOAuA`kyw()j$u#qd=bQbiNU>+i{iNHD3} z-$ZZ7%mUWW=hF&TH|SL$_z=&7lFuM&&C8>aZAD^X4SFDOefzMvTQH5-;FvB-=$R;G z@x+(s(V*bl8~wh-Ng=xiN4ZJ%ysGb)*>?c3n=|0{4 z%*x6t(w01rg_ck6FDnruAYgdWw*?-wXxF> z*34TDiE(Zha@ae31`LeH(kFC_Lp6LG(W-h`sRzHqzX?VM4HCVSw~7GjSU%a>d>^#( zp@iIba-jkQIxuQSY1|&~%j6$!$0Poo?M+HW)u~uUqhkd<{K$B$+U>POe6Y)>$&-yn zd%_Ys=@rm|z0@qSr;i2sFWbYL!Y#as!-O67w)dZzt?wd0IlNMlJ*^E=a9}a89Y(H! zB$^#*pIKQmiMS7Zu#NEgQGrEw&x{ZX*6G-VJ;f&!pl@3cc13qpjrdL_Kj6jtU;h;a&9f5yDWu6!KPuT%o{RdA{`9S<_qE6{D z-r5fMS(Y3U#OJ=yP5P1|1Waj4sPM`=FK;e?n_@p zXJs+P5i z|C+%uSa?0*K}vRU{icNJO0Wo+@51+W&7-$Nf*8G1u z+x=(2Od zupH*(5XW$SQ4|LJlj)vMb55F{q$fKl@bAUjTgHY_U0?GTD`gGCE+%uMO;V zpN&2TBQo%;ITni+M;VH^?M_)ioj0e-9?H?t{RyMbyVtd&>YAE@bW|P?h53uQ#c&Bh z6EGZ)c$j+ytc?kiR2J<>B+6K|6m|~z)B%c5vwBHzF075*2lKdFN#_F7sNYa6!dL|L z{q)v%#-{z(NnOKJu#zUq4uCZtWbbP zIVZ7o4yq=@9k6R2#52SDl3UL1|^nR?Nr2U+S7RS$QEg?J>Zwf32ojsrcI*`bU2@ z-Jyv~{r^Sno-Nf20m1w}>^$63@xZrMquJYBFQ|Q`JFm`r3s34wG<{4u3(vL6Jd5PT zEpBc`!+bCN{Q!pn7HR;&zr-;iW5)%HY;kj34!9DBrFwibuEzPi7#Cz6``khvokg}iUASYBRo8O zVoIDWTqTyR#^&+`K|rIIEj6kWz^I)=Z;o;T4SpPJ5w--H#@Qp^J>O3SzQ4Wv87s`|;KU4} zFBSm9+o`8EO`b*TAq{wVJi30ZE%kw|C?uTHwV}ul3e5L6mS7_@sxptKO zd!l5uh^G=eyO*8eH7Urz=~a1$o}LX@TScLQ$~vk9Xo;NMaTHm6mc5wKIwc*jt~a6a za_sW@sc(L*{c+z@_E%v6B<@SJQ~D>j<#uLhqf_w&62WhbNnJ6N5zMOwD1!r!^>f*u zyVtC#yriYVCVZav+`=GABM`aedh|CsD(G!$<%mH_T{?lJlzpXRfKLd4~&r-vj77|LvOu94mVKy02*?1Oa&WNe&pT$ z594w5^Oo1oLSutUW6tb_7Ir(5D|_>!&s4r^0_1qS7%%~GwAv(@=?4>JurfOJuX=A9l7i&R{G9|BPdoLWH>KC_*oJ^|hY}7e3zWS6C@dJizdJ#dEb$gJ3d9 zZG4l2m2FBM*Z^vfm9E<-!oi#Il?|-}%7Du&HY^)v9E z8P4GCYA+fwYAtmD+F#~m&ZhEa)F>c@_>~2yEIHD_zhfBx8?ulHZ0T-WCy&(aq5z^8 zNfwHDwN?T?S`F~+1I*6uW%7ECWAT^X7FSl-R;vu73#>M?Q28NuPQpJfjd5QL2949k z9*huR5orSMhQBLq=`qs3dTZ)q7X;Nv=HlXmL(uOOPjWn&#(lc`MK-Z#*tCY`SbpJ) zDnObJz8D{GVVYZXNIA9)11jz?N-1c~jow;z`x?G6FSOzh!GOsp++Y1yxkU5+! zEX6J*b$uEG_rAq}PgpVhesiAY;zfUdZvh8#D`|qPdmZ`hbEiABQH>u=)6-)tJ+?F? zQ-2!Qq@7$48E_lXYpcfcO6yMR7Y-S2*Nv?vk*@95$qrDqXB!Zb`ZpIDw>d?RIa!s917McHy^2URlxE$n5p4(w{&LRA)_#0hfniIpfARZ%5XXjV1 zVsB*#VqnR?LfM1hHXXr8@G%saRBg5igNPvIr4a9I)Cq3kV8n|*EMbr21~)PaQpQ?% z=+EQd0=O1Bo~Yz$PX^9eweO#P)qOSrvq;Mvp@>O(UEGZ>dEfq3c^cpv2p+EizEp;2 zaWewH2h(u@CY9TpM@kYYQePr@_xC0+5KIGL-i_5{xqo}nHy68j`wzQoNsQ9Cz?Y{i z{Jbc;BEM-7fOVh~ICHG-HxBNr0ea)FjYgv%#9y1dwB5@KW=#h=WpEHT$G=L4G+;(U zYA$6iKG*_XgB%nT? zfq07O2TN$!=GKEvG@7ImEQjx9poeFLLL+B2Hm7pSP1A*@<-)wt`@x?s0l%h|i{E`h z!HU(G(z3MbvtHo>+(W|{D}+w-;0tQ+**7P`4@7$>n7kjQmUeCQ<>a{(`gMZamgjr&-MnPV z<*zRT0|PngKgy@T>lHycOh7=_d`kY4jHKv$sAO3U20S+5EzPN2-b8tqhH4}qJT|I+tmb>lumHO&(RnZHIIsogM#=Ne^?1{ z{_AFL9PGu`v^w?SKI_-AlTuc?77stWwt0FxZ&`4pinql;A3tpqctZWgS^Ik1(EDsU z1I=vgXbXq}9sp4Bgf#pNpZNvB2vc$9{xeEoAvW?d3<8|$K%@Y=EDTtNw!2?uYrNOVpVxT z8;5}XVQW(Xo6gYfAu15+v8nSjKEIRJoZ*vF_3+YhIFyvohg1k3B0TUO^6-$&*QwV# z$~Mf$&8NxD&#$G;}1R?7VJ8Tnhp!Bdt8sSFUnrzs*5O`yBvMH=3S^)@&-rgGnik0 za%~+hzm&_!h$5vxCAA+#MHTnLiyInxVYlxbBI%hlF=+QXmv3&Q{H z*VsJl%zK5u*(^$oiAjv+ItXwA?aF(7E33Tto9bZtt}EiLe}KOYKDwDt<6z-{^E2hTbzM#XurXdOcJIECgbY~h7cvr2f8+x&dMlsNoS^01wHu=3E5}sgq zS$M?nH>TIkYcIP-I*eoJ5y%7JfSZeG~m@kEXo8KYj`mLX)WviNipeyr+z6 z9CE(3kd5*_!`6T_G1Sp|zA=G198+O3Ebl zw&d>W14Hv2{$ap7X*1;W!w)Krq}7wm*DjqP6>LO21qG~X)g+ZzG~d(- z_%Fsr8RyqoEJX%|V$<0dwJ|MPPY)`xME-zZu}H8;QS;u}<)K%{sB)4yZurRJ_5 zhs~cN?yjyRFj3fQf8@VgA(%|EnN`yYcVqtl-N`iig65wap^46*iEp zSMg||#f5iBj+-{r)4q1MQk?cqcu-=?eM!CRlfw&iJy@^DuI z5%npVN%{((Fln{Z$HPYW06`}M^Fxj}rSnW#zbtod>?`-yQ>!3Mg8C7eE5ClTDmr9w zTmOZ4s}9af!{qC-gPipwel9;gOcNZ## zt(V%+ai*)XW^3YsH$s8XOZ;6?1Q;$kvpMXkPV*#yJSmTCkAvEi{v zdLE7e*KI3aoiAFt%AdTSzo;FUFPQPDY+&^$tV=?2X};T+5@7e{FK%Iq?yHx!#4ovd21OnB z@2&sY(JsE-dMhCkXEOgP>a6&he(yuRP}tEQ zvb6ZpdcgYP7LSd#D0YDD-ub#&B6!%12^hYn2)xP*s3cC>C8B0);@#@zy4e%+LkZJL z@samvL<#X_YZ?IVLqmTSitlhZXK;XO0OsEYoSTk}pe{Q7vqbH>fsuT?yN{Xkm@u=7 zB)?C@fjHg4A7+v8)elh$vCqs^=THc!36Fo7qvwWrd0R?DVhH$yVdep6T7_L08> z`kgH;Njx_8o9X*}-}EYuJPO^`5rAYX&#Jhlv;V=y$juoOt2Zl_kGo7PY8Jv$GQ6 z4qJ3T>BD1JQeNv+SY?22$O~v7C0OZSr!%nC=F|HE7g6Yq^Ew%6m=iHI$jAu^&B3+L zQkF7HOOLio6^p8?Yw&YSuv^)(Nm0e2zt;o!{C?YmsAM9B#fHQY@9axS#J1kA?Ee|6 zW{A%E!0qbRHfL$GX1Nw}f77!$Ljc#q5SvV zb|LMzvPEY**RtfE3y!Q8AHLomjbm&SJYI19w@$Z1%NooWjcY#RoSL3ngb5JUBy!l? zRH4wQ)X?RVams>1*$L3~T~&K!RRk8=#mmU974}-F1xnCi>w#_+S-x9;-ZFc2yjp*^ zKE{NuiUj6*cy>d|rRz!9ww2d3m&WJ7RVAkOAW?Kj z(z^B?*w*($G^}iaJ2Tmd4RJ=LP(G;4A(kg+Atmz7V@Yj)vbWdZrxxN22R5cU`s&Pw z*ub*mC#dg4HG1sXfAWC2tINx)OY$g16}C-@ndQ*%@>t`TEUg{FMw8D4H9V8QcYeRx z-9C|g84-Hjs;8@~E0Hwc9(n-yuF@P3U?Xoe<6Kd`@e$aL%4NV_{_#;4gOkTL?uvVx zhnLU1M@yVRBL^V>dCur6b}%$uVrnl1s!qz(9iYRC+Dso2E;d{1pL1MhG>HMThVAH8+uL!26KW$wPKO^pg z?=~JSYmcmG4r)GM3qGQ|G_$8&FWw?{h8V?AuUZB_)`>5#&5s^q$m{nxe?de%ii#{K ziDZrJ$m`?sI0%_nOzs_|eN{R8h_;|_XgF}WNtDYw8W})y0VuzzD?yE9=C*a<^1-1*K+LoB1?;(h$P~;q9d@raMPZI@#{+i*T0S0F&C6xj~f!P zNlen{h3LdGOhp;q)x0DUxM$k+G>c@Dbh$XQW#HXVw)YmLEj*FGP^7K9{XU)ol^g+S zJ3SyQtQgZj#TxTzG`?KH`Q6t`+z&=exLCqn@&{W^xgxSoUS5Sgxj zv#AbcZ~a+L@C)jeL&?GS5w>x`;|Un`-Kq_@o6Zp@RU59&kuv;CIDqsDgHkrtB9lrI z+r*^a?hVLMV&3E(MOGUbOhEt7Q**$huy&~>GYgJ8Ul%#mXULUE(R(RJ@$b^V1hHSIR1PY(WA3>7SZbKk7`UZKA!Mn&@4>^y+aK zO;}}1r_|xj!2X=d?gk~S9v-+WwSVuFwTXmqic&J?kNbwp?B?zMS8@KVf1aqh}YLsP6nsaeHUn}r`wVmfX8(tg7X^q&SC^ecCzoKTMYLA$$tu|0W$#Cz$@QUlh8H&nK`2}*?kl?1oEXUnG51abYS0L=pzpXa7KM6hBxcM68v%A11 z6-MZl4)CZcaZs$YzU2)3#mU<(etMK{C`Y!O4%ND-9R0ei7YdF{Z^4`6B{}k`l8yf!URby64Nb6(v zx}Z~c`4e=o$*>uK-?%;#BpGq?lDmGc`%RUB)baw-oaJE135N?>fQoW^6 zet1{)P50~WKd1^igp70bG=_?YU_tQs-0oEi*}Wl{6CE)OJh8}Usv{R1XR}W)(vXa7QAE=3rBH^+8*}>`0QQ}O(y>l+9d7RI1`b+HtNHY>yg!9!UesCl%UX5k^*mPWxp0c96;XUzr52jOHZ{ zFYRlb2A0Fw+%A|?v|9s~2@-$(w_;R~P(lz@l8B%dT8Puq_7URX%<|%P3gAxVyk5}YS6i1A~ST)*p9G1EHL-VD|3ap-ux{*Ta;6M%&T%a#gY_$CSfu2`2eYka-{ zKm5o>h@!k~m{u{VB;p$N?r)7a-sNpAV_(;hk2AS63uO%OQN(|;3cSZ08ayutzM@1y zff*#yzMgIn+{BCs1KaVm)6<`CC}(Wtt;OE`#Zih#c(34w(2&=C~Bvnr0Xss$n&4FM~AUg4$M$mz9Jiv<$*K(quK4w)e=6d zO23BRH4QQg<1`>*-rLIn%`jAs+hrqvwOIY5vr} zMYHEc`U5GyX3zvFIUpR$?+w`s76!rMN>Rg1L0Vev|h+lWTTAKTY&Q86N`_GT&`FoKl*NQ9-X~?{5 zS5DK`)|Or$cd;hyT63peK_#c(_-9^UA|)XILo8`k4o|7&fqI-`@0vC-O` z+GKx&{|9Jo!X4_VMhr_y`r|m6NsR6XiSK-8ot?#d-|eCu&db!wIXr)3!WPTjHf!Pt z@rj7m<^8lzjT+@KazR)!2I`@J-z88MP-vARpW@jJV=tC!;1wj@G+P=sA9%PK z68AnbviEk(vTBa1`Z}6FJ^#!+;L;PYYM*mnkfh#Sp=Uo)n|TNAt8qI7=U}UjVvI>= z`5v{DUOoO2F8$>elgK126gFkA!97jW`ZeGRpDm3M;ABLai&z|KO0_@ECayS6M1rm? zEh%pWxRXm73pZ}@oO1s@gfv0qmMdfuRuJp^C1;XIVQEbl5MisiTYGZeZ zlPy6OK&itSdGlT7Xi2ee7(zk%B3HgA3Mgk}_}L}lm@dJzHE?AudU*qb_#NbPXfhpO zU{aGq*!PqRw`mUA%N8MMc;&O7e<7KYOrN#cYF%m2mX{@LD~VmyNQFR0Ovl1(49UfH zuyB$6U`^-afxfjL7dzOoDOquGx!@I#T;OSk)LFQMpOarvL5-&}?DNUPuewi`63WYk zp3bwgvg0{jI9qqO2$S3S+qTKMouY4o%IFpbZ{oE7Dt`a?+QCLjRzL*y{&%?j8_R*L z{yHf6}J@54z{-+IHcH@S&)cP)B5IqZ5zP(pegcULlO9_@GD4!MCRNOXsv7s zburH1VY=|FX1gB4k+O5We4lK2Vf6%n?#OvxiNVmbu1S>YpES`~X}Fb}TRX*uF4d}c z+cpPdb$}%G_cS(!&0L8zft0kA)MsERDoPbu+j z;~z3zRzqUm=@&5+imDd1kfmo_NcWndJs3dp$!DB{PfJ9zknlOr5l&xLoX$jq`8&d_ zs8*vuza;J1_DMw0;31xGCB=E>8CHVsK?Ck@43bos-QVqEk{H?Y6sQ@ett0OXVg*>| zvNz8_8Dh2m9ec66*lo(lKq$+70jn!OGh8L7?LZ2~)wh<>Bz6c>Cb3&NLQTk&rso~S zb^~K?ZQM7`dANaUSukDzYeW0(t2z;Ujf-28UWgiz-d|U<5oy z8FlB+`f29?$f)pSZtp=+9Bf~WM*Hj3w^Cj;gAKx~Je;^2{M_+?#0|ol*(X} zFMAv)@Xa-$%8Wg@l=h20J7ujq*q%mOc*|O}W1?g7W&BP#L#hQYlVBngVTk}GG0qPK zbRbPk_AbbBvm~jzwgi7v%aav?ujFCRxnZf4xDa7%VU8wAg#D7SDH&u`UVK}u&IgN< z)WD>?#E7@BSvCGW+R@1!Q7}gJ0zt<{j5g;G*Exg8aABupT5!~B5p!Ulqdi*?@pK+6 zSC^lH>?L4%*hME-5X|jF`=PIjr3E*~77Yq9r~ktm`6<=UZ#m|ZjUExYNUzo%a5T8P z$nPWYRz%wfbxbTq76+bIOR`+N|2QheAd`3Lk9{~S5IjA zmmuL|o4!gAi%GFVD;GW=eU0a{HzYXOSE|s8KHmUdT|EYRPR09#Zf9cm2NB&QL zaP z9t541j+6=re~I58yat7s4LlNFNNOA%@=LBAtnhG@DAU7CeluY2D;X1wII9#?0;dt! zx-U?zEqD{UGtt);b=4lb{~mV2FKG!HR&EV4z2kbkoZHT(!o~8gXLY=|x=F@JyX|bs ziM+>ijWLEsSyFOtfq%p<>nR~(x#1&oU^BIpVS~-HC@eBk{9Dr5Z@Iv6f=SG7)f*tM zK*;E`VgcJJHJ*U_y#+$C9j(M=PJaK-A9DYIl;RkUb!iPMPhPI0Cqwl+&cV0m1{M`> zsDLA3f?`GP3XyLL?eP$EGsaeyv|^_lCjC!_=4Pr_i3*=*~IK z{l@gwE90~Z-9(xzc_Y`=TLo14>7c`~u6s%5MA;&3$PkdD10^G+M zF29JnB|XwLRln{@8;!IU85;Bg9~?OD;7iZSnyN4u3{wDsRz&r*qGgsPRSk~S!@rYL zuvhxo%Q7D@lRpjtN7h84`}4;8OALNIfKUpOuAy2oI(afMtxEjVKQW?C~X@kFfC(Q)Bv%Tq{f7d zG^fIpp!ZL{zFpQX{QX+{MrvzV+qDi+hihOHt4=5TTCW(G_q?S{;C_ZFT1DNB)IYhk7{ zpHfiHG3uE0wM4%=e@nH(T-uEd&bT??F;i)h`rb4Pf2{!ZtJp1;93#hZ4pJR4xML~r z@MEa@BP?Rzh|*^l$1+js=FAL2iX^R;vQNE%r&r`1!Wp(I!0GvwUVjo6+Pb!#ozP3a zw3D}%gdQa-Utp3O3i2(V6 Cachex.clear(:banned_urls_cache) end) end - test "it returns 404 when MediaProxy disabled", %{conn: conn} do - clear_config([:media_proxy, :enabled], false) - - assert %Conn{ - status: 404, - resp_body: "Not Found" - } = get(conn, "/proxy/hhgfh/eeeee") - - assert %Conn{ - status: 404, - resp_body: "Not Found" - } = get(conn, "/proxy/hhgfh/eeee/fff") - end - - describe "" do + describe "Media Proxy" do setup do clear_config([:media_proxy, :enabled], true) clear_config([Pleroma.Web.Endpoint, :secret_key_base], "00000000000") + [url: MediaProxy.encode_url("https://google.fn/test.png")] end + test "it returns 404 when disabled", %{conn: conn} do + clear_config([:media_proxy, :enabled], false) + + assert %Conn{ + status: 404, + resp_body: "Not Found" + } = get(conn, "/proxy/hhgfh/eeeee") + + assert %Conn{ + status: 404, + resp_body: "Not Found" + } = get(conn, "/proxy/hhgfh/eeee/fff") + end + test "it returns 403 for invalid signature", %{conn: conn, url: url} do Pleroma.Config.put([Pleroma.Web.Endpoint, :secret_key_base], "000") %{path: path} = URI.parse(url) @@ -55,7 +56,7 @@ test "it returns 403 for invalid signature", %{conn: conn, url: url} do } = get(conn, "/proxy/hhgfh/eeee/fff") end - test "redirects on valid url when filename is invalidated", %{conn: conn, url: url} do + test "redirects to valid url when filename is invalidated", %{conn: conn, url: url} do invalid_url = String.replace(url, "test.png", "test-file.png") response = get(conn, invalid_url) assert response.status == 302 @@ -78,4 +79,249 @@ test "it returns 404 when url is in banned_urls cache", %{conn: conn, url: url} end end end + + describe "Media Preview Proxy" do + setup do + clear_config([:media_proxy, :enabled], true) + clear_config([:media_preview_proxy, :enabled], true) + clear_config([Pleroma.Web.Endpoint, :secret_key_base], "00000000000") + + original_url = "https://google.fn/test.png" + + [ + url: MediaProxy.encode_preview_url(original_url), + media_proxy_url: MediaProxy.encode_url(original_url) + ] + end + + test "returns 404 when media proxy is disabled", %{conn: conn} do + clear_config([:media_proxy, :enabled], false) + + assert %Conn{ + status: 404, + resp_body: "Not Found" + } = get(conn, "/proxy/preview/hhgfh/eeeee") + + assert %Conn{ + status: 404, + resp_body: "Not Found" + } = get(conn, "/proxy/preview/hhgfh/fff") + end + + test "returns 404 when disabled", %{conn: conn} do + clear_config([:media_preview_proxy, :enabled], false) + + assert %Conn{ + status: 404, + resp_body: "Not Found" + } = get(conn, "/proxy/preview/hhgfh/eeeee") + + assert %Conn{ + status: 404, + resp_body: "Not Found" + } = get(conn, "/proxy/preview/hhgfh/fff") + end + + test "it returns 403 for invalid signature", %{conn: conn, url: url} do + Pleroma.Config.put([Pleroma.Web.Endpoint, :secret_key_base], "000") + %{path: path} = URI.parse(url) + + assert %Conn{ + status: 403, + resp_body: "Forbidden" + } = get(conn, path) + + assert %Conn{ + status: 403, + resp_body: "Forbidden" + } = get(conn, "/proxy/preview/hhgfh/eeee") + + assert %Conn{ + status: 403, + resp_body: "Forbidden" + } = get(conn, "/proxy/preview/hhgfh/eeee/fff") + end + + test "redirects to valid url when filename is invalidated", %{conn: conn, url: url} do + invalid_url = String.replace(url, "test.png", "test-file.png") + response = get(conn, invalid_url) + assert response.status == 302 + assert redirected_to(response) == url + end + + test "responds with 424 Failed Dependency if HEAD request to media proxy fails", %{ + conn: conn, + url: url, + media_proxy_url: media_proxy_url + } do + Tesla.Mock.mock(fn + %{method: "head", url: ^media_proxy_url} -> + %Tesla.Env{status: 500, body: ""} + end) + + response = get(conn, url) + assert response.status == 424 + assert response.resp_body == "Can't fetch HTTP headers (HTTP 500)." + end + + test "redirects to media proxy URI on unsupported content type", %{ + conn: conn, + url: url, + media_proxy_url: media_proxy_url + } do + Tesla.Mock.mock(fn + %{method: "head", url: ^media_proxy_url} -> + %Tesla.Env{status: 200, body: "", headers: [{"content-type", "application/pdf"}]} + end) + + response = get(conn, url) + assert response.status == 302 + assert redirected_to(response) == media_proxy_url + end + + test "with `static=true` and GIF image preview requested, responds with JPEG image", %{ + conn: conn, + url: url, + media_proxy_url: media_proxy_url + } do + # Setting a high :min_content_length to ensure this scenario is not affected by its logic + clear_config([:media_preview_proxy, :min_content_length], 1_000_000_000) + + Tesla.Mock.mock(fn + %{method: "head", url: ^media_proxy_url} -> + %Tesla.Env{ + status: 200, + body: "", + headers: [{"content-type", "image/gif"}, {"content-length", "1001718"}] + } + + %{method: :get, url: ^media_proxy_url} -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.gif")} + end) + + response = get(conn, url <> "?static=true") + + assert response.status == 200 + assert Conn.get_resp_header(response, "content-type") == ["image/jpeg"] + assert response.resp_body != "" + end + + test "with GIF image preview requested and no `static` param, redirects to media proxy URI", + %{ + conn: conn, + url: url, + media_proxy_url: media_proxy_url + } do + Tesla.Mock.mock(fn + %{method: "head", url: ^media_proxy_url} -> + %Tesla.Env{status: 200, body: "", headers: [{"content-type", "image/gif"}]} + end) + + response = get(conn, url) + + assert response.status == 302 + assert redirected_to(response) == media_proxy_url + end + + test "with `static` param and non-GIF image preview requested, " <> + "redirects to media preview proxy URI without `static` param", + %{ + conn: conn, + url: url, + media_proxy_url: media_proxy_url + } do + Tesla.Mock.mock(fn + %{method: "head", url: ^media_proxy_url} -> + %Tesla.Env{status: 200, body: "", headers: [{"content-type", "image/jpeg"}]} + end) + + response = get(conn, url <> "?static=true") + + assert response.status == 302 + assert redirected_to(response) == url + end + + test "with :min_content_length setting not matched by Content-Length header, " <> + "redirects to media proxy URI", + %{ + conn: conn, + url: url, + media_proxy_url: media_proxy_url + } do + clear_config([:media_preview_proxy, :min_content_length], 100_000) + + Tesla.Mock.mock(fn + %{method: "head", url: ^media_proxy_url} -> + %Tesla.Env{ + status: 200, + body: "", + headers: [{"content-type", "image/gif"}, {"content-length", "5000"}] + } + end) + + response = get(conn, url) + + assert response.status == 302 + assert redirected_to(response) == media_proxy_url + end + + test "thumbnails PNG images into PNG", %{ + conn: conn, + url: url, + media_proxy_url: media_proxy_url + } do + Tesla.Mock.mock(fn + %{method: "head", url: ^media_proxy_url} -> + %Tesla.Env{status: 200, body: "", headers: [{"content-type", "image/png"}]} + + %{method: :get, url: ^media_proxy_url} -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.png")} + end) + + response = get(conn, url) + + assert response.status == 200 + assert Conn.get_resp_header(response, "content-type") == ["image/png"] + assert response.resp_body != "" + end + + test "thumbnails JPEG images into JPEG", %{ + conn: conn, + url: url, + media_proxy_url: media_proxy_url + } do + Tesla.Mock.mock(fn + %{method: "head", url: ^media_proxy_url} -> + %Tesla.Env{status: 200, body: "", headers: [{"content-type", "image/jpeg"}]} + + %{method: :get, url: ^media_proxy_url} -> + %Tesla.Env{status: 200, body: File.read!("test/fixtures/image.jpg")} + end) + + response = get(conn, url) + + assert response.status == 200 + assert Conn.get_resp_header(response, "content-type") == ["image/jpeg"] + assert response.resp_body != "" + end + + test "redirects to media proxy URI in case of thumbnailing error", %{ + conn: conn, + url: url, + media_proxy_url: media_proxy_url + } do + Tesla.Mock.mock(fn + %{method: "head", url: ^media_proxy_url} -> + %Tesla.Env{status: 200, body: "", headers: [{"content-type", "image/jpeg"}]} + + %{method: :get, url: ^media_proxy_url} -> + %Tesla.Env{status: 200, body: "error"} + end) + + response = get(conn, url) + + assert response.status == 302 + assert redirected_to(response) == media_proxy_url + end + end end From f7e40f7ef134a3030aa61114daa39810efb5889d Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 17 Sep 2020 09:32:50 -0500 Subject: [PATCH 240/264] Deny ConfigDB migration when deprecated settings found --- lib/mix/tasks/pleroma/config.ex | 10 ++++- lib/pleroma/config/deprecation_warnings.ex | 43 ++++++++++++++++++---- test/tasks/config_test.exs | 13 +++++++ 3 files changed, 56 insertions(+), 10 deletions(-) diff --git a/lib/mix/tasks/pleroma/config.ex b/lib/mix/tasks/pleroma/config.ex index 904c5a74b..18f99318d 100644 --- a/lib/mix/tasks/pleroma/config.ex +++ b/lib/mix/tasks/pleroma/config.ex @@ -32,7 +32,8 @@ def run(["migrate_from_db" | options]) do @spec migrate_to_db(Path.t() | nil) :: any() def migrate_to_db(file_path \\ nil) do - if Pleroma.Config.get([:configurable_from_database]) do + with true <- Pleroma.Config.get([:configurable_from_database]), + :ok <- Pleroma.Config.DeprecationWarnings.warn() do config_file = if file_path do file_path @@ -46,7 +47,8 @@ def migrate_to_db(file_path \\ nil) do do_migrate_to_db(config_file) else - migration_error() + :error -> deprecation_error() + _ -> migration_error() end end @@ -120,6 +122,10 @@ defp migration_error do ) end + defp deprecation_error do + shell_error("Migration is not allowed until all deprecation warnings have been resolved.") + end + if Code.ensure_loaded?(Config.Reader) do defp config_header, do: "import Config\r\n\r\n" defp read_file(config_file), do: Config.Reader.read_imports!(config_file) diff --git a/lib/pleroma/config/deprecation_warnings.ex b/lib/pleroma/config/deprecation_warnings.ex index 412d55a77..98c4dc9c8 100644 --- a/lib/pleroma/config/deprecation_warnings.ex +++ b/lib/pleroma/config/deprecation_warnings.ex @@ -26,6 +26,10 @@ def check_hellthread_threshold do !!!DEPRECATION WARNING!!! You are using the old configuration mechanism for the hellthread filter. Please check config.md. """) + + :error + else + :ok end end @@ -47,17 +51,26 @@ def mrf_user_allowlist do config :pleroma, :mrf_user_allowlist, #{inspect(rewritten, pretty: true)} """) + + :error + else + :ok end end def warn do - check_hellthread_threshold() - mrf_user_allowlist() - check_old_mrf_config() - check_media_proxy_whitelist_config() - check_welcome_message_config() - check_gun_pool_options() - check_activity_expiration_config() + with :ok <- check_hellthread_threshold(), + :ok <- mrf_user_allowlist(), + :ok <- check_old_mrf_config(), + :ok <- check_media_proxy_whitelist_config(), + :ok <- check_welcome_message_config(), + :ok <- check_gun_pool_options(), + :ok <- check_activity_expiration_config() do + :ok + else + _ -> + :error + end end def check_welcome_message_config do @@ -74,6 +87,10 @@ def check_welcome_message_config do \n* `config :pleroma, :instance, welcome_user_nickname` is now `config :pleroma, :welcome, :direct_message, :sender_nickname` \n* `config :pleroma, :instance, welcome_message` is now `config :pleroma, :welcome, :direct_message, :message` """) + + :error + else + :ok end end @@ -101,8 +118,11 @@ def move_namespace_and_warn(config_map, warning_preface) do end end) - if warning != "" do + if warning == "" do + :ok + else Logger.warn(warning_preface <> warning) + :error end end @@ -115,6 +135,10 @@ def check_media_proxy_whitelist_config do !!!DEPRECATION WARNING!!! Your config is using old format (only domain) for MediaProxy whitelist option. Setting should work for now, but you are advised to change format to scheme with port to prevent possible issues later. """) + + :error + else + :ok end end @@ -157,6 +181,9 @@ def check_gun_pool_options do Logger.warn(Enum.join([warning_preface | pool_warnings])) Config.put(:pools, updated_config) + :error + else + :ok end end diff --git a/test/tasks/config_test.exs b/test/tasks/config_test.exs index fb12e7fb3..f36648829 100644 --- a/test/tasks/config_test.exs +++ b/test/tasks/config_test.exs @@ -40,6 +40,19 @@ test "error if file with custom settings doesn't exist" do on_exit(fn -> Application.put_env(:quack, :level, initial) end) end + @tag capture_log: true + test "config migration refused when deprecated settings are found" do + clear_config([:media_proxy, :whitelist], ["domain_without_scheme.com"]) + assert Repo.all(ConfigDB) == [] + + Mix.Tasks.Pleroma.Config.migrate_to_db("test/fixtures/config/temp.secret.exs") + + assert_received {:mix_shell, :error, [message]} + + assert message =~ + "Migration is not allowed until all deprecation warnings have been resolved." + end + test "filtered settings are migrated to db" do assert Repo.all(ConfigDB) == [] From 41939e3175cf31884cb84acd136c303a84c77f8c Mon Sep 17 00:00:00 2001 From: stwf Date: Mon, 14 Sep 2020 11:40:52 -0400 Subject: [PATCH 241/264] User search respect discoverable flag --- lib/pleroma/user/search.ex | 5 +++ .../tesla_mock/admin@mastdon.example.org.json | 44 +++++++++++-------- ...ps___osada.macgirvin.com_channel_mike.json | 3 +- test/support/factory.ex | 1 + test/web/admin_api/search_test.exs | 9 ++++ .../mastodon_api/views/account_view_test.exs | 4 +- 6 files changed, 45 insertions(+), 21 deletions(-) diff --git a/lib/pleroma/user/search.ex b/lib/pleroma/user/search.ex index 7babd47ea..b8c648672 100644 --- a/lib/pleroma/user/search.ex +++ b/lib/pleroma/user/search.ex @@ -52,6 +52,7 @@ defp search_query(query_string, for_user, following) do |> base_query(following) |> filter_blocked_user(for_user) |> filter_invisible_users() + |> filter_discoverable_users() |> filter_internal_users() |> filter_blocked_domains(for_user) |> fts_search(query_string) @@ -122,6 +123,10 @@ defp filter_invisible_users(query) do from(q in query, where: q.invisible == false) end + defp filter_discoverable_users(query) do + from(q in query, where: q.discoverable == true) + end + defp filter_internal_users(query) do from(q in query, where: q.actor_type != "Application") end diff --git a/test/fixtures/tesla_mock/admin@mastdon.example.org.json b/test/fixtures/tesla_mock/admin@mastdon.example.org.json index a911b979a..f961ccb36 100644 --- a/test/fixtures/tesla_mock/admin@mastdon.example.org.json +++ b/test/fixtures/tesla_mock/admin@mastdon.example.org.json @@ -1,20 +1,24 @@ { - "@context": ["https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1", { - "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", - "sensitive": "as:sensitive", - "movedTo": "as:movedTo", - "Hashtag": "as:Hashtag", - "ostatus": "http://ostatus.org#", - "atomUri": "ostatus:atomUri", - "inReplyToAtomUri": "ostatus:inReplyToAtomUri", - "conversation": "ostatus:conversation", - "toot": "http://joinmastodon.org/ns#", - "Emoji": "toot:Emoji", - "alsoKnownAs": { - "@id": "as:alsoKnownAs", - "@type": "@id" + "@context": [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + { + "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", + "sensitive": "as:sensitive", + "movedTo": "as:movedTo", + "Hashtag": "as:Hashtag", + "ostatus": "http://ostatus.org#", + "atomUri": "ostatus:atomUri", + "inReplyToAtomUri": "ostatus:inReplyToAtomUri", + "conversation": "ostatus:conversation", + "toot": "http://joinmastodon.org/ns#", + "Emoji": "toot:Emoji", + "alsoKnownAs": { + "@id": "as:alsoKnownAs", + "@type": "@id" + } } - }], + ], "id": "http://mastodon.example.org/users/admin", "type": "Person", "following": "http://mastodon.example.org/users/admin/following", @@ -23,6 +27,7 @@ "outbox": "http://mastodon.example.org/users/admin/outbox", "preferredUsername": "admin", "name": null, + "discoverable": "true", "summary": "\u003cp\u003e\u003c/p\u003e", "url": "http://mastodon.example.org/@admin", "manuallyApprovesFollowers": false, @@ -34,7 +39,8 @@ "owner": "http://mastodon.example.org/users/admin", "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtc4Tir+3ADhSNF6VKrtW\nOU32T01w7V0yshmQei38YyiVwVvFu8XOP6ACchkdxbJ+C9mZud8qWaRJKVbFTMUG\nNX4+6Q+FobyuKrwN7CEwhDALZtaN2IPbaPd6uG1B7QhWorrY+yFa8f2TBM3BxnUy\nI4T+bMIZIEYG7KtljCBoQXuTQmGtuffO0UwJksidg2ffCF5Q+K//JfQagJ3UzrR+\nZXbKMJdAw4bCVJYs4Z5EhHYBwQWiXCyMGTd7BGlmMkY6Av7ZqHKC/owp3/0EWDNz\nNqF09Wcpr3y3e8nA10X40MJqp/wR+1xtxp+YGbq/Cj5hZGBG7etFOmIpVBrDOhry\nBwIDAQAB\n-----END PUBLIC KEY-----\n" }, - "attachment": [{ + "attachment": [ + { "type": "PropertyValue", "name": "foo", "value": "bar" @@ -58,5 +64,7 @@ "mediaType": "image/png", "url": "https://cdn.niu.moe/accounts/headers/000/033/323/original/850b3448fa5fd477.png" }, - "alsoKnownAs": ["http://example.org/users/foo"] -} + "alsoKnownAs": [ + "http://example.org/users/foo" + ] +} \ No newline at end of file diff --git a/test/fixtures/tesla_mock/https___osada.macgirvin.com_channel_mike.json b/test/fixtures/tesla_mock/https___osada.macgirvin.com_channel_mike.json index c42f3a53c..ca76d6e17 100644 --- a/test/fixtures/tesla_mock/https___osada.macgirvin.com_channel_mike.json +++ b/test/fixtures/tesla_mock/https___osada.macgirvin.com_channel_mike.json @@ -8,6 +8,7 @@ "preferredUsername": "mike", "name": "Mike Macgirvin (Osada)", "updated": "2018-08-29T03:09:11Z", + "discoverable": "true", "icon": { "type": "Image", "mediaType": "image/jpeg", @@ -51,4 +52,4 @@ "created": "2018-10-17T07:16:28Z", "signatureValue": "WbfFVIPImkd3yNu6brz0CvZaeV242rwAbH0vy8DM4vfnXCxLr5Uv/Wj9gwP+tbooTxGaahAKBeqlGkQp8RLEo37LATrKMRLA/0V6DeeV+C5ORWR9B4WxyWiD3s/9Wf+KesFMtktNLAcMZ5PfnOS/xNYerhnpkp/gWPxtkglmLIWJv+w18A5zZ01JCxsO4QljHbhYaEUPHUfQ97abrkLECeam+FThVwdO6BFCtbjoNXHfzjpSZL/oKyBpi5/fpnqMqOLOQPs5WgBBZJvjEYYkQcoPTyxYI5NGpNbzIjGHPQNuACnOelH16A7L+q4swLWDIaEFeXQ2/5bmqVKZDZZ6usNP4QyTVszwd8jqo27qcDTNibXDUTsTdKpNQvM/3UncBuzuzmUV3FczhtGshIU1/pRVZiQycpVqPlGLvXhP/yZCe+1siyqDd+3uMaS2vkHTObSl5r+VYof+c+TcjrZXHSWnQTg8/X3zkoBWosrQ93VZcwjzMxQoARYv6rphbOoTz7RPmGAXYUt3/PDWkqDlmQDwCpLNNkJo1EidyefZBdD9HXQpCBO0ZU0NHb0JmPvg/+zU0krxlv70bm3RHA/maBETVjroIWzt7EwQEg5pL2hVnvSBG+1wF3BtRVe77etkPOHxLnYYIcAMLlVKCcgDd89DPIziQyruvkx1busHI08=" } -} +} \ No newline at end of file diff --git a/test/support/factory.ex b/test/support/factory.ex index 2fdfabbc5..fb82be0c4 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -31,6 +31,7 @@ def user_factory do nickname: sequence(:nickname, &"nick#{&1}"), password_hash: Pbkdf2.hash_pwd_salt("test"), bio: sequence(:bio, &"Tester Number #{&1}"), + discoverable: true, last_digest_emailed_at: NaiveDateTime.utc_now(), last_refreshed_at: NaiveDateTime.utc_now(), notification_settings: %Pleroma.User.NotificationSetting{}, diff --git a/test/web/admin_api/search_test.exs b/test/web/admin_api/search_test.exs index b974cedd5..d88867c52 100644 --- a/test/web/admin_api/search_test.exs +++ b/test/web/admin_api/search_test.exs @@ -177,5 +177,14 @@ test "it returns unapproved user" do assert total == 3 assert count == 1 end + + test "it returns non-discoverable users" do + insert(:user) + insert(:user, discoverable: false) + + {:ok, _results, total} = Search.user() + + assert total == 2 + end end end diff --git a/test/web/mastodon_api/views/account_view_test.exs b/test/web/mastodon_api/views/account_view_test.exs index c5f491d6b..a54b765ef 100644 --- a/test/web/mastodon_api/views/account_view_test.exs +++ b/test/web/mastodon_api/views/account_view_test.exs @@ -68,7 +68,7 @@ test "Represent a user account" do sensitive: false, pleroma: %{ actor_type: "Person", - discoverable: false + discoverable: true }, fields: [] }, @@ -166,7 +166,7 @@ test "Represent a Service(bot) account" do sensitive: false, pleroma: %{ actor_type: "Service", - discoverable: false + discoverable: true }, fields: [] }, From dfc621a5291a761f025670153bb58a2005fd0a73 Mon Sep 17 00:00:00 2001 From: stwf Date: Thu, 17 Sep 2020 10:13:56 -0400 Subject: [PATCH 242/264] add test and changelog entry --- CHANGELOG.md | 2 +- test/user_search_test.exs | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6072d4cbe..5d329fd55 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,8 +10,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Renamed `:await_up_timeout` in `:connections_pool` namespace to `:connect_timeout`, old name is deprecated. - Renamed `:timeout` in `pools` namespace to `:recv_timeout`, old name is deprecated. - The `discoverable` field in the `User` struct will now add a NOINDEX metatag to profile pages when false. +- Users with the `discoverable` field set to false will not show up in searches. - Minimum lifetime for ephmeral activities changed to 10 minutes and made configurable (`:min_lifetime` option). - ### Removed - **Breaking:** `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab` (moved to a simpler implementation). diff --git a/test/user_search_test.exs b/test/user_search_test.exs index 01976bf58..8529ce6db 100644 --- a/test/user_search_test.exs +++ b/test/user_search_test.exs @@ -25,6 +25,14 @@ test "excludes invisible users from results" do assert found_user.id == user.id end + test "excludes users when discoverable is false" do + insert(:user, %{nickname: "john 3000", discoverable: false}) + insert(:user, %{nickname: "john 3001"}) + + users = User.search("john") + assert Enum.count(users) == 1 + end + test "excludes service actors from results" do insert(:user, actor_type: "Application", nickname: "user1") service = insert(:user, actor_type: "Service", nickname: "user2") From 9d77f4abf80f75559456cef06da1a0d3b3b4f7e2 Mon Sep 17 00:00:00 2001 From: stwf Date: Thu, 17 Sep 2020 12:32:40 -0400 Subject: [PATCH 243/264] adapt to new user factory behavior --- test/web/metadata/metadata_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/web/metadata/metadata_test.exs b/test/web/metadata/metadata_test.exs index 054844597..ca6cbe67f 100644 --- a/test/web/metadata/metadata_test.exs +++ b/test/web/metadata/metadata_test.exs @@ -16,7 +16,7 @@ test "for remote user" do end test "for local user" do - user = insert(:user) + user = insert(:user, discoverable: false) assert Pleroma.Web.Metadata.build_tags(%{user: user}) =~ "" @@ -40,7 +40,7 @@ test "for local user set to discoverable" do test "search exclusion metadata is included" do clear_config([:instance, :public], false) - user = insert(:user, bio: "This is my secret fedi account bio") + user = insert(:user, bio: "This is my secret fedi account bio", discoverable: false) assert ~s() == Pleroma.Web.Metadata.build_tags(%{user: user}) From 3a0f99ed35a84145e713d4c640c50dc82c1b0dbb Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Mon, 14 Sep 2020 13:52:13 +0200 Subject: [PATCH 244/264] KeywordPolicy: Still match when fields are absent --- .../web/activity_pub/mrf/keyword_policy.ex | 61 +++++++++---------- 1 file changed, 29 insertions(+), 32 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/keyword_policy.ex b/lib/pleroma/web/activity_pub/mrf/keyword_policy.ex index 15e09dcf0..db66cfa3e 100644 --- a/lib/pleroma/web/activity_pub/mrf/keyword_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/keyword_policy.ex @@ -20,9 +20,17 @@ defp string_matches?(string, pattern) do String.match?(string, pattern) end - defp check_reject(%{"object" => %{"content" => content, "summary" => summary}} = message) do + defp object_payload(%{} = object) do + [object["content"], object["summary"], object["name"]] + |> Enum.filter(& &1) + |> Enum.join("\n") + end + + defp check_reject(%{"object" => %{} = object} = message) do + payload = object_payload(object) + if Enum.any?(Pleroma.Config.get([:mrf_keyword, :reject]), fn pattern -> - string_matches?(content, pattern) or string_matches?(summary, pattern) + string_matches?(payload, pattern) end) do {:reject, "[KeywordPolicy] Matches with rejected keyword"} else @@ -30,12 +38,12 @@ defp check_reject(%{"object" => %{"content" => content, "summary" => summary}} = end end - defp check_ftl_removal( - %{"to" => to, "object" => %{"content" => content, "summary" => summary}} = message - ) do + defp check_ftl_removal(%{"to" => to, "object" => %{} = object} = message) do + payload = object_payload(object) + if Pleroma.Constants.as_public() in to and Enum.any?(Pleroma.Config.get([:mrf_keyword, :federated_timeline_removal]), fn pattern -> - string_matches?(content, pattern) or string_matches?(summary, pattern) + string_matches?(payload, pattern) end) do to = List.delete(to, Pleroma.Constants.as_public()) cc = [Pleroma.Constants.as_public() | message["cc"] || []] @@ -51,35 +59,24 @@ defp check_ftl_removal( end end - defp check_replace(%{"object" => %{"content" => content, "summary" => summary}} = message) do - content = - if is_binary(content) do - content - else - "" - end + defp check_replace(%{"object" => %{} = object} = message) do + object = + ["content", "name", "summary"] + |> Enum.filter(fn field -> Map.has_key?(object, field) && object[field] end) + |> Enum.reduce(object, fn field, object -> + data = + Enum.reduce( + Pleroma.Config.get([:mrf_keyword, :replace]), + object[field], + fn {pat, repl}, acc -> String.replace(acc, pat, repl) end + ) - summary = - if is_binary(summary) do - summary - else - "" - end + Map.put(object, field, data) + end) - {content, summary} = - Enum.reduce( - Pleroma.Config.get([:mrf_keyword, :replace]), - {content, summary}, - fn {pattern, replacement}, {content_acc, summary_acc} -> - {String.replace(content_acc, pattern, replacement), - String.replace(summary_acc, pattern, replacement)} - end - ) + message = Map.put(message, "object", object) - {:ok, - message - |> put_in(["object", "content"], content) - |> put_in(["object", "summary"], summary)} + {:ok, message} end @impl true From abf25e5d5254edc88a65610bf5a0fd7e52f545c3 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sat, 12 Sep 2020 12:05:36 +0200 Subject: [PATCH 245/264] Create MRF.filter_pipeline to inject :object_data when present --- CHANGELOG.md | 6 +++++ lib/pleroma/web/activity_pub/mrf.ex | 24 ++++++++++++++++--- .../web/activity_pub/mrf/subchain_policy.ex | 3 +-- lib/pleroma/web/activity_pub/pipeline.ex | 8 +++++-- test/web/activity_pub/pipeline_test.exs | 16 ++++++------- .../controllers/chat_controller_test.exs | 17 +++++++++++++ 6 files changed, 59 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c25c60a3..de11dd7a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,12 @@ switched to a new configuration mechanism, however it was not officially removed - Welcome Chat messages preventing user registration with MRF Simple Policy applied to the local instance - Mastodon API: the public timeline returning an error when the `reply_visibility` parameter is set to `self` for an unauthenticated user +## Unreleased-patch + +### Security + +- Fix most MRF rules either crashing or not being applied to objects passed into the Common Pipeline (ChatMessage, Question, Answer, Audio, Event) + ## [2.1.1] - 2020-09-08 ### Security diff --git a/lib/pleroma/web/activity_pub/mrf.ex b/lib/pleroma/web/activity_pub/mrf.ex index 206d6af52..5e5361082 100644 --- a/lib/pleroma/web/activity_pub/mrf.ex +++ b/lib/pleroma/web/activity_pub/mrf.ex @@ -5,16 +5,34 @@ defmodule Pleroma.Web.ActivityPub.MRF do @callback filter(Map.t()) :: {:ok | :reject, Map.t()} - def filter(policies, %{} = object) do + def filter(policies, %{} = message) do policies - |> Enum.reduce({:ok, object}, fn - policy, {:ok, object} -> policy.filter(object) + |> Enum.reduce({:ok, message}, fn + policy, {:ok, message} -> policy.filter(message) _, error -> error end) end def filter(%{} = object), do: get_policies() |> filter(object) + def pipeline_filter(%{} = message, meta) do + object = meta[:object_data] + ap_id = message["object"] + + if object && ap_id do + with {:ok, message} <- filter(Map.put(message, "object", object)) do + meta = Keyword.put(meta, :object_data, message["object"]) + {:ok, Map.put(message, "object", ap_id), meta} + else + {err, message} -> {err, message, meta} + end + else + {err, message} = filter(message) + + {err, message, meta} + end + end + def get_policies do Pleroma.Config.get([:mrf, :policies], []) |> get_policies() end diff --git a/lib/pleroma/web/activity_pub/mrf/subchain_policy.ex b/lib/pleroma/web/activity_pub/mrf/subchain_policy.ex index c9f20571f..048052da6 100644 --- a/lib/pleroma/web/activity_pub/mrf/subchain_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/subchain_policy.ex @@ -28,8 +28,7 @@ def filter(%{"actor" => actor} = message) do }" ) - subchain - |> MRF.filter(message) + MRF.filter(subchain, message) else _e -> {:ok, message} end diff --git a/lib/pleroma/web/activity_pub/pipeline.ex b/lib/pleroma/web/activity_pub/pipeline.ex index 36e325c37..2db86f116 100644 --- a/lib/pleroma/web/activity_pub/pipeline.ex +++ b/lib/pleroma/web/activity_pub/pipeline.ex @@ -26,13 +26,17 @@ def common_pipeline(object, meta) do {:error, e} -> {:error, e} + + {:reject, e} -> + {:reject, e} end end def do_common_pipeline(object, meta) do with {_, {:ok, validated_object, meta}} <- {:validate_object, ObjectValidator.validate(object, meta)}, - {_, {:ok, mrfd_object}} <- {:mrf_object, MRF.filter(validated_object)}, + {_, {:ok, mrfd_object, meta}} <- + {:mrf_object, MRF.pipeline_filter(validated_object, meta)}, {_, {:ok, activity, meta}} <- {:persist_object, ActivityPub.persist(mrfd_object, meta)}, {_, {:ok, activity, meta}} <- @@ -40,7 +44,7 @@ def do_common_pipeline(object, meta) do {_, {:ok, _}} <- {:federation, maybe_federate(activity, meta)} do {:ok, activity, meta} else - {:mrf_object, {:reject, _}} -> {:ok, nil, meta} + {:mrf_object, {:reject, message, _}} -> {:reject, message} e -> {:error, e} end end diff --git a/test/web/activity_pub/pipeline_test.exs b/test/web/activity_pub/pipeline_test.exs index f2a231eaf..210a06563 100644 --- a/test/web/activity_pub/pipeline_test.exs +++ b/test/web/activity_pub/pipeline_test.exs @@ -26,7 +26,7 @@ test "when given an `object_data` in meta, Federation will receive a the origina { Pleroma.Web.ActivityPub.MRF, [], - [filter: fn o -> {:ok, o} end] + [pipeline_filter: fn o, m -> {:ok, o, m} end] }, { Pleroma.Web.ActivityPub.ActivityPub, @@ -51,7 +51,7 @@ test "when given an `object_data` in meta, Federation will receive a the origina Pleroma.Web.ActivityPub.Pipeline.common_pipeline(activity, meta) assert_called(Pleroma.Web.ActivityPub.ObjectValidator.validate(activity, meta)) - assert_called(Pleroma.Web.ActivityPub.MRF.filter(activity)) + assert_called(Pleroma.Web.ActivityPub.MRF.pipeline_filter(activity, meta)) assert_called(Pleroma.Web.ActivityPub.ActivityPub.persist(activity, meta)) assert_called(Pleroma.Web.ActivityPub.SideEffects.handle(activity, meta)) refute called(Pleroma.Web.Federator.publish(activity)) @@ -68,7 +68,7 @@ test "it goes through validation, filtering, persisting, side effects and federa { Pleroma.Web.ActivityPub.MRF, [], - [filter: fn o -> {:ok, o} end] + [pipeline_filter: fn o, m -> {:ok, o, m} end] }, { Pleroma.Web.ActivityPub.ActivityPub, @@ -93,7 +93,7 @@ test "it goes through validation, filtering, persisting, side effects and federa Pleroma.Web.ActivityPub.Pipeline.common_pipeline(activity, meta) assert_called(Pleroma.Web.ActivityPub.ObjectValidator.validate(activity, meta)) - assert_called(Pleroma.Web.ActivityPub.MRF.filter(activity)) + assert_called(Pleroma.Web.ActivityPub.MRF.pipeline_filter(activity, meta)) assert_called(Pleroma.Web.ActivityPub.ActivityPub.persist(activity, meta)) assert_called(Pleroma.Web.ActivityPub.SideEffects.handle(activity, meta)) assert_called(Pleroma.Web.Federator.publish(activity)) @@ -109,7 +109,7 @@ test "it goes through validation, filtering, persisting, side effects without fe { Pleroma.Web.ActivityPub.MRF, [], - [filter: fn o -> {:ok, o} end] + [pipeline_filter: fn o, m -> {:ok, o, m} end] }, { Pleroma.Web.ActivityPub.ActivityPub, @@ -131,7 +131,7 @@ test "it goes through validation, filtering, persisting, side effects without fe Pleroma.Web.ActivityPub.Pipeline.common_pipeline(activity, meta) assert_called(Pleroma.Web.ActivityPub.ObjectValidator.validate(activity, meta)) - assert_called(Pleroma.Web.ActivityPub.MRF.filter(activity)) + assert_called(Pleroma.Web.ActivityPub.MRF.pipeline_filter(activity, meta)) assert_called(Pleroma.Web.ActivityPub.ActivityPub.persist(activity, meta)) assert_called(Pleroma.Web.ActivityPub.SideEffects.handle(activity, meta)) end @@ -148,7 +148,7 @@ test "it goes through validation, filtering, persisting, side effects without fe { Pleroma.Web.ActivityPub.MRF, [], - [filter: fn o -> {:ok, o} end] + [pipeline_filter: fn o, m -> {:ok, o, m} end] }, { Pleroma.Web.ActivityPub.ActivityPub, @@ -170,7 +170,7 @@ test "it goes through validation, filtering, persisting, side effects without fe Pleroma.Web.ActivityPub.Pipeline.common_pipeline(activity, meta) assert_called(Pleroma.Web.ActivityPub.ObjectValidator.validate(activity, meta)) - assert_called(Pleroma.Web.ActivityPub.MRF.filter(activity)) + assert_called(Pleroma.Web.ActivityPub.MRF.pipeline_filter(activity, meta)) assert_called(Pleroma.Web.ActivityPub.ActivityPub.persist(activity, meta)) assert_called(Pleroma.Web.ActivityPub.SideEffects.handle(activity, meta)) end diff --git a/test/web/pleroma_api/controllers/chat_controller_test.exs b/test/web/pleroma_api/controllers/chat_controller_test.exs index 7be5fe09c..32c23e9d7 100644 --- a/test/web/pleroma_api/controllers/chat_controller_test.exs +++ b/test/web/pleroma_api/controllers/chat_controller_test.exs @@ -126,6 +126,23 @@ test "it works with an attachment", %{conn: conn, user: user} do assert result["attachment"] end + + test "gets MRF reason when rejected", %{conn: conn, user: user} do + clear_config([:mrf_keyword, :reject], ["GNO"]) + clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy]) + + other_user = insert(:user) + + {:ok, chat} = Chat.get_or_create(user.id, other_user.ap_id) + + result = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/pleroma/chats/#{chat.id}/messages", %{"content" => "GNO/Linux"}) + |> json_response_and_validate_schema(200) + + assert result == %{} + end end describe "DELETE /api/v1/pleroma/chats/:id/messages/:message_id" do From 7bf269fe836ded974d2187c6b36eba4ab185ff25 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Mon, 14 Sep 2020 14:07:22 +0200 Subject: [PATCH 246/264] Fix MRF reject for ChatMessage --- lib/pleroma/web/api_spec/operations/chat_operation.ex | 3 ++- .../web/api_spec/operations/status_operation.ex | 2 +- lib/pleroma/web/common_api/common_api.ex | 3 +++ .../web/pleroma_api/controllers/chat_controller.ex | 10 ++++++++++ test/web/common_api/common_api_test.exs | 11 +++++++++++ .../pleroma_api/controllers/chat_controller_test.exs | 6 +++--- 6 files changed, 30 insertions(+), 5 deletions(-) diff --git a/lib/pleroma/web/api_spec/operations/chat_operation.ex b/lib/pleroma/web/api_spec/operations/chat_operation.ex index b1a0d26ab..56554d5b4 100644 --- a/lib/pleroma/web/api_spec/operations/chat_operation.ex +++ b/lib/pleroma/web/api_spec/operations/chat_operation.ex @@ -184,7 +184,8 @@ def post_chat_message_operation do "application/json", ChatMessage ), - 400 => Operation.response("Bad Request", "application/json", ApiError) + 400 => Operation.response("Bad Request", "application/json", ApiError), + 422 => Operation.response("MRF Rejection", "application/json", ApiError) }, security: [ %{ diff --git a/lib/pleroma/web/api_spec/operations/status_operation.ex b/lib/pleroma/web/api_spec/operations/status_operation.ex index 5bd4619d5..d7ebde6f6 100644 --- a/lib/pleroma/web/api_spec/operations/status_operation.ex +++ b/lib/pleroma/web/api_spec/operations/status_operation.ex @@ -55,7 +55,7 @@ def create_operation do "application/json", %Schema{oneOf: [Status, ScheduledStatus]} ), - 422 => Operation.response("Bad Request", "application/json", ApiError) + 422 => Operation.response("Bad Request / MRF Rejection", "application/json", ApiError) } } end diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index a8c83bc8f..60a50b027 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -48,6 +48,9 @@ def post_chat_message(%User{} = user, %User{} = recipient, content, opts \\ []) local: true )} do {:ok, activity} + else + {:common_pipeline, {:reject, _} = e} -> e + e -> e end end diff --git a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex index 27c9a2e0f..867cff829 100644 --- a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex @@ -90,6 +90,16 @@ def post_chat_message( conn |> put_view(MessageReferenceView) |> render("show.json", chat_message_reference: cm_ref) + else + {:reject, message} -> + conn + |> put_status(:unprocessable_entity) + |> json(%{error: message}) + + {:error, message} -> + conn + |> put_status(:bad_request) + |> json(%{error: message}) end end diff --git a/test/web/common_api/common_api_test.exs b/test/web/common_api/common_api_test.exs index f5559f932..2eab64e8b 100644 --- a/test/web/common_api/common_api_test.exs +++ b/test/web/common_api/common_api_test.exs @@ -217,6 +217,17 @@ test "it reject messages over the local limit" do assert message == :content_too_long end + + test "it reject messages via MRF" do + clear_config([:mrf_keyword, :reject], ["GNO"]) + clear_config([:mrf, :policies], [Pleroma.Web.ActivityPub.MRF.KeywordPolicy]) + + author = insert(:user) + recipient = insert(:user) + + assert {:reject, "[KeywordPolicy] Matches with rejected keyword"} == + CommonAPI.post_chat_message(author, recipient, "GNO/Linux") + end end describe "unblocking" do diff --git a/test/web/pleroma_api/controllers/chat_controller_test.exs b/test/web/pleroma_api/controllers/chat_controller_test.exs index 32c23e9d7..44a78a738 100644 --- a/test/web/pleroma_api/controllers/chat_controller_test.exs +++ b/test/web/pleroma_api/controllers/chat_controller_test.exs @@ -100,7 +100,7 @@ test "it fails if there is no content", %{conn: conn, user: user} do |> post("/api/v1/pleroma/chats/#{chat.id}/messages") |> json_response_and_validate_schema(400) - assert result + assert %{"error" => "no_content"} == result end test "it works with an attachment", %{conn: conn, user: user} do @@ -139,9 +139,9 @@ test "gets MRF reason when rejected", %{conn: conn, user: user} do conn |> put_req_header("content-type", "application/json") |> post("/api/v1/pleroma/chats/#{chat.id}/messages", %{"content" => "GNO/Linux"}) - |> json_response_and_validate_schema(200) + |> json_response_and_validate_schema(422) - assert result == %{} + assert %{"error" => "[KeywordPolicy] Matches with rejected keyword"} == result end end From 226fa3e486e3ea9f82e8d3a7025244fdf11d14db Mon Sep 17 00:00:00 2001 From: Sergey Suprunenko Date: Thu, 17 Sep 2020 22:04:47 +0200 Subject: [PATCH 247/264] Make WebPushEncryption use Pleroma.HTTP as an HTTP adapter --- config/config.exs | 2 ++ test/web/push/impl_test.exs | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/config/config.exs b/config/config.exs index c204814d0..b8864fe08 100644 --- a/config/config.exs +++ b/config/config.exs @@ -787,6 +787,8 @@ config :ex_aws, http_client: Pleroma.HTTP.ExAws +config :web_push_encryption, http_client: Pleroma.HTTP + config :pleroma, :instances_favicons, enabled: false config :floki, :html_parser, Floki.HTMLParser.FastHtml diff --git a/test/web/push/impl_test.exs b/test/web/push/impl_test.exs index aeb5c1fbd..c7c17e156 100644 --- a/test/web/push/impl_test.exs +++ b/test/web/push/impl_test.exs @@ -12,7 +12,9 @@ defmodule Pleroma.Web.Push.ImplTest do alias Pleroma.Web.CommonAPI alias Pleroma.Web.Push.Impl alias Pleroma.Web.Push.Subscription + alias Pleroma.Web.WebPushHttpClientMock + import Mock import Pleroma.Factory setup do @@ -78,6 +80,22 @@ test "successful message sending" do assert Impl.push_message(@message, @sub, @api_key, %Subscription{}) == :ok end + test_with_mock "uses WebPushHttpClientMock as an HTTP client", WebPushHttpClientMock, + post: fn _, _, _ -> {:ok, %{status_code: 200}} end do + Impl.push_message(@message, @sub, @api_key, %Subscription{}) + assert_called(WebPushHttpClientMock.post("https://example.com/example/1234", :_, :_)) + end + + test_with_mock "uses Pleroma.HTTP as an HTTP client", Pleroma.HTTP, + post: fn _, _, _ -> {:ok, %{status_code: 200}} end do + client = Application.get_env(:web_push_encryption, :http_client) + on_exit(fn -> Application.put_env(:web_push_encryption, :http_client, client) end) + Application.put_env(:web_push_encryption, :http_client, Pleroma.HTTP) + + Impl.push_message(@message, @sub, @api_key, %Subscription{}) + assert_called(Pleroma.HTTP.post("https://example.com/example/1234", :_, :_)) + end + @tag capture_log: true test "fail message sending" do assert Impl.push_message( From 2159daa9af8967fe4b6d31e19c7048979b4cb165 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Fri, 18 Sep 2020 07:09:53 +0300 Subject: [PATCH 248/264] update changelog --- CHANGELOG.md | 4 ++++ docs/API/pleroma_api.md | 1 - 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1266d2dfe..5abafdf69 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - The `discoverable` field in the `User` struct will now add a NOINDEX metatag to profile pages when false. - Users with the `discoverable` field set to false will not show up in searches. - Minimum lifetime for ephmeral activities changed to 10 minutes and made configurable (`:min_lifetime` option). + ### Removed - **Breaking:** `Pleroma.Workers.Cron.StatsWorker` setting from Oban `:crontab` (moved to a simpler implementation). @@ -20,6 +21,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Removed `:managed_config` option. In practice, it was accidentally removed with 2.0.0 release when frontends were switched to a new configuration mechanism, however it was not officially removed until now. +### Added +- Pleroma API: Importing the mutes users from CSV files. + ## [2.1.2] - 2020-09-17 ### Security diff --git a/docs/API/pleroma_api.md b/docs/API/pleroma_api.md index 567ad5732..94b6a4fda 100644 --- a/docs/API/pleroma_api.md +++ b/docs/API/pleroma_api.md @@ -60,7 +60,6 @@ Request parameters can be passed via [query strings](https://en.wikipedia.org/wi * `list`: STRING or FILE containing a whitespace-separated list of accounts to mute * Response: HTTP 200 on success, 500 on error - ## `/api/pleroma/captcha` ### Get a new captcha * Method: `GET` From f2ef9735c52c648a03de4af41f19bb4ec857de03 Mon Sep 17 00:00:00 2001 From: Steven Fuchs Date: Fri, 18 Sep 2020 11:58:22 +0000 Subject: [PATCH 249/264] Federate data through persistent websocket connections --- CHANGELOG.md | 3 + config/config.exs | 12 ++ config/description.exs | 13 ++ config/test.exs | 5 + docs/configuration/cheatsheet.md | 10 + lib/pleroma/application.ex | 9 +- lib/pleroma/object/fetcher.ex | 66 +++++-- lib/pleroma/signature.ex | 6 +- lib/pleroma/user.ex | 10 +- lib/pleroma/web/activity_pub/activity_pub.ex | 14 +- lib/pleroma/web/activity_pub/publisher.ex | 34 ++-- .../web/activity_pub/transmogrifier.ex | 2 +- lib/pleroma/web/fed_sockets/fed_registry.ex | 185 ++++++++++++++++++ lib/pleroma/web/fed_sockets/fed_socket.ex | 137 +++++++++++++ lib/pleroma/web/fed_sockets/fed_sockets.ex | 182 +++++++++++++++++ lib/pleroma/web/fed_sockets/fetch_registry.ex | 151 ++++++++++++++ .../web/fed_sockets/incoming_handler.ex | 88 +++++++++ .../web/fed_sockets/ingester_worker.ex | 33 ++++ .../web/fed_sockets/outgoing_handler.ex | 146 ++++++++++++++ lib/pleroma/web/fed_sockets/socket_info.ex | 52 +++++ lib/pleroma/web/fed_sockets/supervisor.ex | 59 ++++++ mix.lock | 2 +- test/web/fed_sockets/fed_registry_test.exs | 124 ++++++++++++ test/web/fed_sockets/fetch_registry_test.exs | 67 +++++++ test/web/fed_sockets/socket_info_test.exs | 118 +++++++++++ 25 files changed, 1479 insertions(+), 49 deletions(-) create mode 100644 lib/pleroma/web/fed_sockets/fed_registry.ex create mode 100644 lib/pleroma/web/fed_sockets/fed_socket.ex create mode 100644 lib/pleroma/web/fed_sockets/fed_sockets.ex create mode 100644 lib/pleroma/web/fed_sockets/fetch_registry.ex create mode 100644 lib/pleroma/web/fed_sockets/incoming_handler.ex create mode 100644 lib/pleroma/web/fed_sockets/ingester_worker.ex create mode 100644 lib/pleroma/web/fed_sockets/outgoing_handler.ex create mode 100644 lib/pleroma/web/fed_sockets/socket_info.ex create mode 100644 lib/pleroma/web/fed_sockets/supervisor.ex create mode 100644 test/web/fed_sockets/fed_registry_test.exs create mode 100644 test/web/fed_sockets/fetch_registry_test.exs create mode 100644 test/web/fed_sockets/socket_info_test.exs diff --git a/CHANGELOG.md b/CHANGELOG.md index 1266d2dfe..5e4d06c82 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +### Added +- Experimental websocket-based federation between Pleroma instances. + ### Changed - Renamed `:await_up_timeout` in `:connections_pool` namespace to `:connect_timeout`, old name is deprecated. diff --git a/config/config.exs b/config/config.exs index c204814d0..104013b41 100644 --- a/config/config.exs +++ b/config/config.exs @@ -130,6 +130,7 @@ dispatch: [ {:_, [ + {"/api/fedsocket/v1", Pleroma.Web.FedSockets.IncomingHandler, []}, {"/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler, []}, {"/websocket", Phoenix.Endpoint.CowboyWebSocket, {Phoenix.Transports.WebSocket, @@ -148,6 +149,16 @@ "SameSite=Lax" ] +config :pleroma, :fed_sockets, + enabled: false, + connection_duration: :timer.hours(8), + rejection_duration: :timer.minutes(15), + fed_socket_fetches: [ + default: 12_000, + interval: 3_000, + lazy: false + ] + # Configures Elixir's Logger config :logger, :console, level: :debug, @@ -532,6 +543,7 @@ token_expiration: 5, federator_incoming: 50, federator_outgoing: 50, + ingestion_queue: 50, web_push: 50, mailer: 10, transmogrifier: 20, diff --git a/config/description.exs b/config/description.exs index 2b30f8148..6f3855918 100644 --- a/config/description.exs +++ b/config/description.exs @@ -270,6 +270,19 @@ } ] }, + %{ + group: :pleroma, + key: :fed_sockets, + type: :group, + description: "Websocket based federation", + children: [ + %{ + key: :enabled, + type: :boolean, + description: "Enable FedSockets" + } + ] + }, %{ group: :pleroma, key: Pleroma.Emails.Mailer, diff --git a/config/test.exs b/config/test.exs index 0ee6f1b7f..93a0e2a61 100644 --- a/config/test.exs +++ b/config/test.exs @@ -19,6 +19,11 @@ level: :warn, format: "\n[$level] $message\n" +config :pleroma, :fed_sockets, + enabled: false, + connection_duration: 5, + rejection_duration: 5 + config :pleroma, :auth, oauth_consumer_strategies: [] config :pleroma, Pleroma.Upload, diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index 054b8fe43..9a275294e 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -225,6 +225,16 @@ Enables the worker which processes posts scheduled for deletion. Pinned posts ar * `enabled`: whether expired activities will be sent to the job queue to be deleted +## FedSockets +FedSockets is an experimental feature allowing for Pleroma backends to federate using a persistant websocket connection as opposed to making each federation a seperate http connection. This feature is currently off by default. It is configurable throught he following options. + +### :fedsockets +* `enabled`: Enables FedSockets for this instance. `false` by default. +* `connection_duration`: Time an idle websocket is kept open. +* `rejection_duration`: Failures to connect via FedSockets will not be retried for this period of time. +* `fed_socket_fetches` and `fed_socket_rejections`: Settings passed to `cachex` for the fetch registry, and rejection stacks. See `Pleroma.Web.FedSockets` for more details. + + ## Frontends ### :frontend_configurations diff --git a/lib/pleroma/application.ex b/lib/pleroma/application.ex index c39e24919..00ec79a2a 100644 --- a/lib/pleroma/application.ex +++ b/lib/pleroma/application.ex @@ -99,7 +99,7 @@ def start(_type, _args) do {Oban, Config.get(Oban)} ] ++ task_children(@env) ++ - streamer_child(@env) ++ + dont_run_in_test(@env) ++ chat_child(@env, chat_enabled?()) ++ [ Pleroma.Web.Endpoint, @@ -188,16 +188,17 @@ def build_cachex(type, opts), defp chat_enabled?, do: Config.get([:chat, :enabled]) - defp streamer_child(env) when env in [:test, :benchmark], do: [] + defp dont_run_in_test(env) when env in [:test, :benchmark], do: [] - defp streamer_child(_) do + defp dont_run_in_test(_) do [ {Registry, [ name: Pleroma.Web.Streamer.registry(), keys: :duplicate, partitions: System.schedulers_online() - ]} + ]}, + Pleroma.Web.FedSockets.Supervisor ] end diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index 24dc7cb95..169298b34 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -12,6 +12,7 @@ defmodule Pleroma.Object.Fetcher do alias Pleroma.Web.ActivityPub.ObjectValidator alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.Federator + alias Pleroma.Web.FedSockets require Logger require Pleroma.Constants @@ -182,27 +183,20 @@ defp maybe_date_fetch(headers, date) do end end - def fetch_and_contain_remote_object_from_id(id) when is_binary(id) do + def fetch_and_contain_remote_object_from_id(prm, opts \\ []) + + def fetch_and_contain_remote_object_from_id(%{"id" => id}, opts), + do: fetch_and_contain_remote_object_from_id(id, opts) + + def fetch_and_contain_remote_object_from_id(id, opts) when is_binary(id) do Logger.debug("Fetching object #{id} via AP") - date = Pleroma.Signature.signed_date() - - headers = - [{"accept", "application/activity+json"}] - |> maybe_date_fetch(date) - |> sign_fetch(id, date) - - Logger.debug("Fetch headers: #{inspect(headers)}") - with {:scheme, true} <- {:scheme, String.starts_with?(id, "http")}, - {:ok, %{body: body, status: code}} when code in 200..299 <- HTTP.get(id, headers), - {:ok, data} <- Jason.decode(body), + {:ok, body} <- get_object(id, opts), + {:ok, data} <- safe_json_decode(body), :ok <- Containment.contain_origin_from_id(id, data) do {:ok, data} else - {:ok, %{status: code}} when code in [404, 410] -> - {:error, "Object has been deleted"} - {:scheme, _} -> {:error, "Unsupported URI scheme"} @@ -214,8 +208,44 @@ def fetch_and_contain_remote_object_from_id(id) when is_binary(id) do end end - def fetch_and_contain_remote_object_from_id(%{"id" => id}), - do: fetch_and_contain_remote_object_from_id(id) + def fetch_and_contain_remote_object_from_id(_id, _opts), + do: {:error, "id must be a string"} - def fetch_and_contain_remote_object_from_id(_id), do: {:error, "id must be a string"} + defp get_object(id, opts) do + with false <- Keyword.get(opts, :force_http, false), + {:ok, fedsocket} <- FedSockets.get_or_create_fed_socket(id) do + Logger.debug("fetching via fedsocket - #{inspect(id)}") + FedSockets.fetch(fedsocket, id) + else + _other -> + Logger.debug("fetching via http - #{inspect(id)}") + get_object_http(id) + end + end + + defp get_object_http(id) do + date = Pleroma.Signature.signed_date() + + headers = + [{"accept", "application/activity+json"}] + |> maybe_date_fetch(date) + |> sign_fetch(id, date) + + case HTTP.get(id, headers) do + {:ok, %{body: body, status: code}} when code in 200..299 -> + {:ok, body} + + {:ok, %{status: code}} when code in [404, 410] -> + {:error, "Object has been deleted"} + + {:error, e} -> + {:error, e} + + e -> + {:error, e} + end + end + + defp safe_json_decode(nil), do: {:ok, nil} + defp safe_json_decode(json), do: Jason.decode(json) end diff --git a/lib/pleroma/signature.ex b/lib/pleroma/signature.ex index 3aa6909d2..e388993b7 100644 --- a/lib/pleroma/signature.ex +++ b/lib/pleroma/signature.ex @@ -39,7 +39,7 @@ def key_id_to_actor_id(key_id) do def fetch_public_key(conn) do with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn), {:ok, actor_id} <- key_id_to_actor_id(kid), - {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do + {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id, force_http: true) do {:ok, public_key} else e -> @@ -50,8 +50,8 @@ def fetch_public_key(conn) do def refetch_public_key(conn) do with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn), {:ok, actor_id} <- key_id_to_actor_id(kid), - {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id), - {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id) do + {:ok, _user} <- ActivityPub.make_user_from_ap_id(actor_id, force_http: true), + {:ok, public_key} <- User.get_public_key_for_ap_id(actor_id, force_http: true) do {:ok, public_key} else e -> diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 1ffe60dfc..d92484a40 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1820,12 +1820,12 @@ def html_filter_policy(%User{no_rich_text: true}) do def html_filter_policy(_), do: Config.get([:markup, :scrub_policy]) - def fetch_by_ap_id(ap_id), do: ActivityPub.make_user_from_ap_id(ap_id) + def fetch_by_ap_id(ap_id, opts \\ []), do: ActivityPub.make_user_from_ap_id(ap_id, opts) - def get_or_fetch_by_ap_id(ap_id) do + def get_or_fetch_by_ap_id(ap_id, opts \\ []) do cached_user = get_cached_by_ap_id(ap_id) - maybe_fetched_user = needs_update?(cached_user) && fetch_by_ap_id(ap_id) + maybe_fetched_user = needs_update?(cached_user) && fetch_by_ap_id(ap_id, opts) case {cached_user, maybe_fetched_user} do {_, {:ok, %User{} = user}} -> @@ -1898,8 +1898,8 @@ def public_key(%{public_key: public_key_pem}) when is_binary(public_key_pem) do def public_key(_), do: {:error, "key not found"} - def get_public_key_for_ap_id(ap_id) do - with {:ok, %User{} = user} <- get_or_fetch_by_ap_id(ap_id), + def get_public_key_for_ap_id(ap_id, opts \\ []) do + with {:ok, %User{} = user} <- get_or_fetch_by_ap_id(ap_id, opts), {:ok, public_key} <- public_key(user) do {:ok, public_key} else diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 92fc1e422..06e8e1a7c 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -1270,10 +1270,12 @@ defp object_to_user_data(data) do def fetch_follow_information_for_user(user) do with {:ok, following_data} <- - Fetcher.fetch_and_contain_remote_object_from_id(user.following_address), + Fetcher.fetch_and_contain_remote_object_from_id(user.following_address, + force_http: true + ), {:ok, hide_follows} <- collection_private(following_data), {:ok, followers_data} <- - Fetcher.fetch_and_contain_remote_object_from_id(user.follower_address), + Fetcher.fetch_and_contain_remote_object_from_id(user.follower_address, force_http: true), {:ok, hide_followers} <- collection_private(followers_data) do {:ok, %{ @@ -1347,8 +1349,8 @@ def user_data_from_user_object(data) do end end - def fetch_and_prepare_user_from_ap_id(ap_id) do - with {:ok, data} <- Fetcher.fetch_and_contain_remote_object_from_id(ap_id), + def fetch_and_prepare_user_from_ap_id(ap_id, opts \\ []) do + with {:ok, data} <- Fetcher.fetch_and_contain_remote_object_from_id(ap_id, opts), {:ok, data} <- user_data_from_user_object(data) do {:ok, maybe_update_follow_information(data)} else @@ -1390,13 +1392,13 @@ def maybe_handle_clashing_nickname(data) do end end - def make_user_from_ap_id(ap_id) do + def make_user_from_ap_id(ap_id, opts \\ []) do user = User.get_cached_by_ap_id(ap_id) if user && !User.ap_enabled?(user) do Transmogrifier.upgrade_user_from_ap_id(ap_id) else - with {:ok, data} <- fetch_and_prepare_user_from_ap_id(ap_id) do + with {:ok, data} <- fetch_and_prepare_user_from_ap_id(ap_id, opts) do if user do user |> User.remote_user_changeset(data) diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index d88f7f3ee..9c3956683 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -13,6 +13,7 @@ defmodule Pleroma.Web.ActivityPub.Publisher do alias Pleroma.User alias Pleroma.Web.ActivityPub.Relay alias Pleroma.Web.ActivityPub.Transmogrifier + alias Pleroma.Web.FedSockets require Pleroma.Constants @@ -50,15 +51,35 @@ def is_representable?(%Activity{} = activity) do def publish_one(%{inbox: inbox, json: json, actor: %User{} = actor, id: id} = params) do Logger.debug("Federating #{id} to #{inbox}") - uri = URI.parse(inbox) + case FedSockets.get_or_create_fed_socket(inbox) do + {:ok, fedsocket} -> + Logger.debug("publishing via fedsockets - #{inspect(inbox)}") + FedSockets.publish(fedsocket, json) + _ -> + Logger.debug("publishing via http - #{inspect(inbox)}") + http_publish(inbox, actor, json, params) + end + end + + def publish_one(%{actor_id: actor_id} = params) do + actor = User.get_cached_by_id(actor_id) + + params + |> Map.delete(:actor_id) + |> Map.put(:actor, actor) + |> publish_one() + end + + defp http_publish(inbox, actor, json, params) do + uri = %{path: path} = URI.parse(inbox) digest = "SHA-256=" <> (:crypto.hash(:sha256, json) |> Base.encode64()) date = Pleroma.Signature.signed_date() signature = Pleroma.Signature.sign(actor, %{ - "(request-target)": "post #{uri.path}", + "(request-target)": "post #{path}", host: signature_host(uri), "content-length": byte_size(json), digest: digest, @@ -89,15 +110,6 @@ def publish_one(%{inbox: inbox, json: json, actor: %User{} = actor, id: id} = pa end end - def publish_one(%{actor_id: actor_id} = params) do - actor = User.get_cached_by_id(actor_id) - - params - |> Map.delete(:actor_id) - |> Map.put(:actor, actor) - |> publish_one() - end - defp signature_host(%URI{port: port, scheme: scheme, host: host}) do if port == URI.default_port(scheme) do host diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index fcca014f0..aa6a69463 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -1000,7 +1000,7 @@ def perform(:user_upgrade, user) do def upgrade_user_from_ap_id(ap_id) do with %User{local: false} = user <- User.get_cached_by_ap_id(ap_id), - {:ok, data} <- ActivityPub.fetch_and_prepare_user_from_ap_id(ap_id), + {:ok, data} <- ActivityPub.fetch_and_prepare_user_from_ap_id(ap_id, force_http: true), {:ok, user} <- update_user(user, data) do TransmogrifierWorker.enqueue("user_upgrade", %{"user_id" => user.id}) {:ok, user} diff --git a/lib/pleroma/web/fed_sockets/fed_registry.ex b/lib/pleroma/web/fed_sockets/fed_registry.ex new file mode 100644 index 000000000..e00ea69c0 --- /dev/null +++ b/lib/pleroma/web/fed_sockets/fed_registry.ex @@ -0,0 +1,185 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.FedRegistry do + @moduledoc """ + The FedRegistry stores the active FedSockets for quick retrieval. + + The storage and retrieval portion of the FedRegistry is done in process through + elixir's `Registry` module for speed and its ability to monitor for terminated processes. + + Dropped connections will be caught by `Registry` and deleted. Since the next + message will initiate a new connection there is no reason to try and reconnect at that point. + + Normally outside modules should have no need to call or use the FedRegistry themselves. + """ + + alias Pleroma.Web.FedSockets.FedSocket + alias Pleroma.Web.FedSockets.SocketInfo + + require Logger + + @default_rejection_duration 15 * 60 * 1000 + @rejections :fed_socket_rejections + + @doc """ + Retrieves a FedSocket from the Registry given it's origin. + + The origin is expected to be a string identifying the endpoint "example.com" or "example2.com:8080" + + Will return: + * {:ok, fed_socket} for working FedSockets + * {:error, :rejected} for origins that have been tried and refused within the rejection duration interval + * {:error, some_reason} usually :missing for unknown origins + """ + def get_fed_socket(origin) do + case get_registry_data(origin) do + {:error, reason} -> + {:error, reason} + + {:ok, %{state: :connected} = socket_info} -> + {:ok, socket_info} + end + end + + @doc """ + Adds a connected FedSocket to the Registry. + + Always returns {:ok, fed_socket} + """ + def add_fed_socket(origin, pid \\ nil) do + origin + |> SocketInfo.build(pid) + |> SocketInfo.connect() + |> add_socket_info + end + + defp add_socket_info(%{origin: origin, state: :connected} = socket_info) do + case Registry.register(FedSockets.Registry, origin, socket_info) do + {:ok, _owner} -> + clear_prior_rejection(origin) + Logger.debug("fedsocket added: #{inspect(origin)}") + + {:ok, socket_info} + + {:error, {:already_registered, _pid}} -> + FedSocket.close(socket_info) + existing_socket_info = Registry.lookup(FedSockets.Registry, origin) + + {:ok, existing_socket_info} + + _ -> + {:error, :error_adding_socket} + end + end + + @doc """ + Mark this origin as having rejected a connection attempt. + This will keep it from getting additional connection attempts + for a period of time specified in the config. + + Always returns {:ok, new_reg_data} + """ + def set_host_rejected(uri) do + new_reg_data = + uri + |> SocketInfo.origin() + |> get_or_create_registry_data() + |> set_to_rejected() + |> save_registry_data() + + {:ok, new_reg_data} + end + + @doc """ + Retrieves the FedRegistryData from the Registry given it's origin. + + The origin is expected to be a string identifying the endpoint "example.com" or "example2.com:8080" + + Will return: + * {:ok, fed_registry_data} for known origins + * {:error, :missing} for uniknown origins + * {:error, :cache_error} indicating some low level runtime issues + """ + def get_registry_data(origin) do + case Registry.lookup(FedSockets.Registry, origin) do + [] -> + if is_rejected?(origin) do + Logger.debug("previously rejected fedsocket requested") + {:error, :rejected} + else + {:error, :missing} + end + + [{_pid, %{state: :connected} = socket_info}] -> + {:ok, socket_info} + + _ -> + {:error, :cache_error} + end + end + + @doc """ + Retrieves a map of all sockets from the Registry. The keys are the origins and the values are the corresponding SocketInfo + """ + def list_all do + (list_all_connected() ++ list_all_rejected()) + |> Enum.into(%{}) + end + + defp list_all_connected do + FedSockets.Registry + |> Registry.select([{{:"$1", :_, :"$3"}, [], [{{:"$1", :"$3"}}]}]) + end + + defp list_all_rejected do + {:ok, keys} = Cachex.keys(@rejections) + + {:ok, registry_data} = + Cachex.execute(@rejections, fn worker -> + Enum.map(keys, fn k -> {k, Cachex.get!(worker, k)} end) + end) + + registry_data + end + + defp clear_prior_rejection(origin), + do: Cachex.del(@rejections, origin) + + defp is_rejected?(origin) do + case Cachex.get(@rejections, origin) do + {:ok, nil} -> + false + + {:ok, _} -> + true + end + end + + defp get_or_create_registry_data(origin) do + case get_registry_data(origin) do + {:error, :missing} -> + %SocketInfo{origin: origin} + + {:ok, socket_info} -> + socket_info + end + end + + defp save_registry_data(%SocketInfo{origin: origin, state: :connected} = socket_info) do + {:ok, true} = Registry.update_value(FedSockets.Registry, origin, fn _ -> socket_info end) + socket_info + end + + defp save_registry_data(%SocketInfo{origin: origin, state: :rejected} = socket_info) do + rejection_expiration = + Pleroma.Config.get([:fed_sockets, :rejection_duration], @default_rejection_duration) + + {:ok, true} = Cachex.put(@rejections, origin, socket_info, ttl: rejection_expiration) + socket_info + end + + defp set_to_rejected(%SocketInfo{} = socket_info), + do: %SocketInfo{socket_info | state: :rejected} +end diff --git a/lib/pleroma/web/fed_sockets/fed_socket.ex b/lib/pleroma/web/fed_sockets/fed_socket.ex new file mode 100644 index 000000000..98d64e65a --- /dev/null +++ b/lib/pleroma/web/fed_sockets/fed_socket.ex @@ -0,0 +1,137 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.FedSocket do + @moduledoc """ + The FedSocket module abstracts the actions to be taken taken on connections regardless of + whether the connection started as inbound or outbound. + + + Normally outside modules will have no need to call the FedSocket module directly. + """ + + alias Pleroma.Object + alias Pleroma.Object.Containment + alias Pleroma.User + alias Pleroma.Web.ActivityPub.ObjectView + alias Pleroma.Web.ActivityPub.UserView + alias Pleroma.Web.ActivityPub.Visibility + alias Pleroma.Web.FedSockets.FetchRegistry + alias Pleroma.Web.FedSockets.IngesterWorker + alias Pleroma.Web.FedSockets.OutgoingHandler + alias Pleroma.Web.FedSockets.SocketInfo + + require Logger + + @shake "61dd18f7-f1e6-49a4-939a-a749fcdc1103" + + def connect_to_host(uri) do + case OutgoingHandler.start_link(uri) do + {:ok, pid} -> + {:ok, pid} + + error -> + {:error, error} + end + end + + def close(%SocketInfo{pid: socket_pid}), + do: Process.send(socket_pid, :close, []) + + def publish(%SocketInfo{pid: socket_pid}, json) do + %{action: :publish, data: json} + |> Jason.encode!() + |> send_packet(socket_pid) + end + + def fetch(%SocketInfo{pid: socket_pid}, id) do + fetch_uuid = FetchRegistry.register_fetch(id) + + %{action: :fetch, data: id, uuid: fetch_uuid} + |> Jason.encode!() + |> send_packet(socket_pid) + + wait_for_fetch_to_return(fetch_uuid, 0) + end + + def receive_package(%SocketInfo{} = fed_socket, json) do + json + |> Jason.decode!() + |> process_package(fed_socket) + end + + defp wait_for_fetch_to_return(uuid, cntr) do + case FetchRegistry.check_fetch(uuid) do + {:error, :waiting} -> + Process.sleep(:math.pow(cntr, 3) |> Kernel.trunc()) + wait_for_fetch_to_return(uuid, cntr + 1) + + {:error, :missing} -> + Logger.error("FedSocket fetch timed out - #{inspect(uuid)}") + {:error, :timeout} + + {:ok, _fr} -> + FetchRegistry.pop_fetch(uuid) + end + end + + defp process_package(%{"action" => "publish", "data" => data}, %{origin: origin} = _fed_socket) do + if Containment.contain_origin(origin, data) do + IngesterWorker.enqueue("ingest", %{"object" => data}) + end + + {:reply, %{"action" => "publish_reply", "status" => "processed"}} + end + + defp process_package(%{"action" => "fetch_reply", "uuid" => uuid, "data" => data}, _fed_socket) do + FetchRegistry.register_fetch_received(uuid, data) + {:noreply, nil} + end + + defp process_package(%{"action" => "fetch", "uuid" => uuid, "data" => ap_id}, _fed_socket) do + {:ok, data} = render_fetched_data(ap_id, uuid) + {:reply, data} + end + + defp process_package(%{"action" => "publish_reply"}, _fed_socket) do + {:noreply, nil} + end + + defp process_package(other, _fed_socket) do + Logger.warn("unknown json packages received #{inspect(other)}") + {:noreply, nil} + end + + defp render_fetched_data(ap_id, uuid) do + {:ok, + %{ + "action" => "fetch_reply", + "status" => "processed", + "uuid" => uuid, + "data" => represent_item(ap_id) + }} + end + + defp represent_item(ap_id) do + case User.get_by_ap_id(ap_id) do + nil -> + object = Object.get_cached_by_ap_id(ap_id) + + if Visibility.is_public?(object) do + Phoenix.View.render_to_string(ObjectView, "object.json", object: object) + else + nil + end + + user -> + Phoenix.View.render_to_string(UserView, "user.json", user: user) + end + end + + defp send_packet(data, socket_pid) do + Process.send(socket_pid, {:send, data}, []) + end + + def shake, do: @shake +end diff --git a/lib/pleroma/web/fed_sockets/fed_sockets.ex b/lib/pleroma/web/fed_sockets/fed_sockets.ex new file mode 100644 index 000000000..035d54796 --- /dev/null +++ b/lib/pleroma/web/fed_sockets/fed_sockets.ex @@ -0,0 +1,182 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets do + @moduledoc """ + This documents the FedSockets framework. A framework for federating + ActivityPub objects between servers via persistant WebSocket connections. + + FedSockets allow servers to authenticate on first contact and maintain that + connection, eliminating the need to authenticate every time data needs to be shared. + + ## Protocol + FedSockets currently support 2 types of data transfer: + * `publish` method which doesn't require a response + * `fetch` method requires a response be sent + + ### Publish + The publish operation sends a json encoded map of the shape: + %{action: :publish, data: json} + and accepts (but does not require) a reply of form: + %{"action" => "publish_reply"} + + The outgoing params represent + * data: ActivityPub object encoded into json + + + ### Fetch + The fetch operation sends a json encoded map of the shape: + %{action: :fetch, data: id, uuid: fetch_uuid} + and requires a reply of form: + %{"action" => "fetch_reply", "uuid" => uuid, "data" => data} + + The outgoing params represent + * id: an ActivityPub object URI + * uuid: a unique uuid generated by the sender + + The reply params represent + * data: an ActivityPub object encoded into json + * uuid: the uuid sent along with the fetch request + + ## Examples + Clients of FedSocket transfers shouldn't need to use any of the functions outside of this module. + + A typical publish operation can be performed through the following code, and a fetch operation in a similar manner. + + case FedSockets.get_or_create_fed_socket(inbox) do + {:ok, fedsocket} -> + FedSockets.publish(fedsocket, json) + + _ -> + alternative_publish(inbox, actor, json, params) + end + + ## Configuration + FedSockets have the following config settings + + config :pleroma, :fed_sockets, + enabled: true, + ping_interval: :timer.seconds(15), + connection_duration: :timer.hours(1), + rejection_duration: :timer.hours(1), + fed_socket_fetches: [ + default: 12_000, + interval: 3_000, + lazy: false + ] + * enabled - turn FedSockets on or off with this flag. Can be toggled at runtime. + * connection_duration - How long a FedSocket can sit idle before it's culled. + * rejection_duration - After failing to make a FedSocket connection a host will be excluded + from further connections for this amount of time + * fed_socket_fetches - Use these parameters to pass options to the Cachex queue backing the FetchRegistry + * fed_socket_rejections - Use these parameters to pass options to the Cachex queue backing the FedRegistry + + Cachex options are + * default: the minimum amount of time a fetch can wait before it times out. + * interval: the interval between checks for timed out entries. This plus the default represent the maximum time allowed + * lazy: leave at false for consistant and fast lookups, set to true for stricter timeout enforcement + + """ + require Logger + + alias Pleroma.Web.FedSockets.FedRegistry + alias Pleroma.Web.FedSockets.FedSocket + alias Pleroma.Web.FedSockets.SocketInfo + + @doc """ + returns a FedSocket for the given origin. Will reuse an existing one or create a new one. + + address is expected to be a fully formed URL such as: + "http://www.example.com" or "http://www.example.com:8080" + + It can and usually does include additional path parameters, + but these are ignored as the FedSockets are organized by host and port info alone. + """ + def get_or_create_fed_socket(address) do + with {:cache, {:error, :missing}} <- {:cache, get_fed_socket(address)}, + {:connect, {:ok, _pid}} <- {:connect, FedSocket.connect_to_host(address)}, + {:cache, {:ok, fed_socket}} <- {:cache, get_fed_socket(address)} do + Logger.debug("fedsocket created for - #{inspect(address)}") + {:ok, fed_socket} + else + {:cache, {:ok, socket}} -> + Logger.debug("fedsocket found in cache - #{inspect(address)}") + {:ok, socket} + + {:connect, {:error, _host}} -> + Logger.debug("set host rejected for - #{inspect(address)}") + FedRegistry.set_host_rejected(address) + {:error, :rejected} + + {_, {:error, :disabled}} -> + {:error, :disabled} + + {_, {:error, reason}} -> + Logger.warn("get_or_create_fed_socket error - #{inspect(reason)}") + {:error, reason} + end + end + + @doc """ + returns a FedSocket for the given origin. Will not create a new FedSocket if one does not exist. + + address is expected to be a fully formed URL such as: + "http://www.example.com" or "http://www.example.com:8080" + """ + def get_fed_socket(address) do + origin = SocketInfo.origin(address) + + with {:config, true} <- {:config, Pleroma.Config.get([:fed_sockets, :enabled], false)}, + {:ok, socket} <- FedRegistry.get_fed_socket(origin) do + {:ok, socket} + else + {:config, _} -> + {:error, :disabled} + + {:error, :rejected} -> + Logger.debug("FedSocket previously rejected - #{inspect(origin)}") + {:error, :rejected} + + {:error, reason} -> + {:error, reason} + end + end + + @doc """ + Sends the supplied data via the publish protocol. + It will not block waiting for a reply. + Returns :ok but this is not an indication of a successful transfer. + + the data is expected to be JSON encoded binary data. + """ + def publish(%SocketInfo{} = fed_socket, json) do + FedSocket.publish(fed_socket, json) + end + + @doc """ + Sends the supplied data via the fetch protocol. + It will block waiting for a reply or timeout. + + Returns {:ok, object} where object is the requested object (or nil) + {:error, :timeout} in the event the message was not responded to + + the id is expected to be the URI of an ActivityPub object. + """ + def fetch(%SocketInfo{} = fed_socket, id) do + FedSocket.fetch(fed_socket, id) + end + + @doc """ + Disconnect all and restart FedSockets. + This is mainly used in development and testing but could be useful in production. + """ + def reset do + FedRegistry + |> Process.whereis() + |> Process.exit(:testing) + end + + def uri_for_origin(origin), + do: "ws://#{origin}/api/fedsocket/v1" +end diff --git a/lib/pleroma/web/fed_sockets/fetch_registry.ex b/lib/pleroma/web/fed_sockets/fetch_registry.ex new file mode 100644 index 000000000..7897f0fc6 --- /dev/null +++ b/lib/pleroma/web/fed_sockets/fetch_registry.ex @@ -0,0 +1,151 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.FetchRegistry do + @moduledoc """ + The FetchRegistry acts as a broker for fetch requests and return values. + This allows calling processes to block while waiting for a reply. + It doesn't impose it's own process instead using `Cachex` to handle fetches in process, allowing + multi threaded processes to avoid bottlenecking. + + Normally outside modules will have no need to call or use the FetchRegistry themselves. + + The `Cachex` parameters can be controlled from the config. Since exact timeout intervals + aren't necessary the following settings are used by default: + + config :pleroma, :fed_sockets, + fed_socket_fetches: [ + default: 12_000, + interval: 3_000, + lazy: false + ] + + """ + + defmodule FetchRegistryData do + defstruct uuid: nil, + sent_json: nil, + received_json: nil, + sent_at: nil, + received_at: nil + end + + alias Ecto.UUID + + require Logger + + @fetches :fed_socket_fetches + + @doc """ + Registers a json request wth the FetchRegistry and returns the identifying UUID. + """ + def register_fetch(json) do + %FetchRegistryData{uuid: uuid} = + json + |> new_registry_data + |> save_registry_data + + uuid + end + + @doc """ + Reports on the status of a Fetch given the identifying UUID. + + Will return + * {:ok, fetched_object} if a fetch has completed + * {:error, :waiting} if a fetch is still pending + * {:error, other_error} usually :missing to indicate a fetch that has timed out + """ + def check_fetch(uuid) do + case get_registry_data(uuid) do + {:ok, %FetchRegistryData{received_at: nil}} -> + {:error, :waiting} + + {:ok, %FetchRegistryData{} = reg_data} -> + {:ok, reg_data} + + e -> + e + end + end + + @doc """ + Retrieves the response to a fetch given the identifying UUID. + The completed fetch will be deleted from the FetchRegistry + + Will return + * {:ok, fetched_object} if a fetch has completed + * {:error, :waiting} if a fetch is still pending + * {:error, other_error} usually :missing to indicate a fetch that has timed out + """ + def pop_fetch(uuid) do + case check_fetch(uuid) do + {:ok, %FetchRegistryData{received_json: received_json}} -> + delete_registry_data(uuid) + {:ok, received_json} + + e -> + e + end + end + + @doc """ + This is called to register a fetch has returned. + It expects the result data along with the UUID that was sent in the request + + Will return the fetched object or :error + """ + def register_fetch_received(uuid, data) do + case get_registry_data(uuid) do + {:ok, %FetchRegistryData{received_at: nil} = reg_data} -> + reg_data + |> set_fetch_received(data) + |> save_registry_data() + + {:ok, %FetchRegistryData{} = reg_data} -> + Logger.warn("tried to add fetched data twice - #{uuid}") + reg_data + + {:error, _} -> + Logger.warn("Error adding fetch to registry - #{uuid}") + :error + end + end + + defp new_registry_data(json) do + %FetchRegistryData{ + uuid: UUID.generate(), + sent_json: json, + sent_at: :erlang.monotonic_time(:millisecond) + } + end + + defp get_registry_data(origin) do + case Cachex.get(@fetches, origin) do + {:ok, nil} -> + {:error, :missing} + + {:ok, reg_data} -> + {:ok, reg_data} + + _ -> + {:error, :cache_error} + end + end + + defp set_fetch_received(%FetchRegistryData{} = reg_data, data), + do: %FetchRegistryData{ + reg_data + | received_at: :erlang.monotonic_time(:millisecond), + received_json: data + } + + defp save_registry_data(%FetchRegistryData{uuid: uuid} = reg_data) do + {:ok, true} = Cachex.put(@fetches, uuid, reg_data) + reg_data + end + + defp delete_registry_data(origin), + do: {:ok, true} = Cachex.del(@fetches, origin) +end diff --git a/lib/pleroma/web/fed_sockets/incoming_handler.ex b/lib/pleroma/web/fed_sockets/incoming_handler.ex new file mode 100644 index 000000000..49d0d9d84 --- /dev/null +++ b/lib/pleroma/web/fed_sockets/incoming_handler.ex @@ -0,0 +1,88 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.IncomingHandler do + require Logger + + alias Pleroma.Web.FedSockets.FedRegistry + alias Pleroma.Web.FedSockets.FedSocket + alias Pleroma.Web.FedSockets.SocketInfo + + import HTTPSignatures, only: [validate_conn: 1, split_signature: 1] + + @behaviour :cowboy_websocket + + def init(req, state) do + shake = FedSocket.shake() + + with true <- Pleroma.Config.get([:fed_sockets, :enabled]), + sec_protocol <- :cowboy_req.header("sec-websocket-protocol", req, nil), + headers = %{"(request-target)" => ^shake} <- :cowboy_req.headers(req), + true <- validate_conn(%{req_headers: headers}), + %{"keyId" => origin} <- split_signature(headers["signature"]) do + req = + if is_nil(sec_protocol) do + req + else + :cowboy_req.set_resp_header("sec-websocket-protocol", sec_protocol, req) + end + + {:cowboy_websocket, req, %{origin: origin}, %{}} + else + _ -> + {:ok, req, state} + end + end + + def websocket_init(%{origin: origin}) do + case FedRegistry.add_fed_socket(origin) do + {:ok, socket_info} -> + {:ok, socket_info} + + e -> + Logger.error("FedSocket websocket_init failed - #{inspect(e)}") + {:error, inspect(e)} + end + end + + # Use the ping to check if the connection should be expired + def websocket_handle(:ping, socket_info) do + if SocketInfo.expired?(socket_info) do + {:stop, socket_info} + else + {:ok, socket_info, :hibernate} + end + end + + def websocket_handle({:text, data}, socket_info) do + socket_info = SocketInfo.touch(socket_info) + + case FedSocket.receive_package(socket_info, data) do + {:noreply, _} -> + {:ok, socket_info} + + {:reply, reply} -> + {:reply, {:text, Jason.encode!(reply)}, socket_info} + + {:error, reason} -> + Logger.error("incoming error - receive_package: #{inspect(reason)}") + {:ok, socket_info} + end + end + + def websocket_info({:send, message}, socket_info) do + socket_info = SocketInfo.touch(socket_info) + + {:reply, {:text, message}, socket_info} + end + + def websocket_info(:close, state) do + {:stop, state} + end + + def websocket_info(message, state) do + Logger.debug("#{__MODULE__} unknown message #{inspect(message)}") + {:ok, state} + end +end diff --git a/lib/pleroma/web/fed_sockets/ingester_worker.ex b/lib/pleroma/web/fed_sockets/ingester_worker.ex new file mode 100644 index 000000000..325f2a4ab --- /dev/null +++ b/lib/pleroma/web/fed_sockets/ingester_worker.ex @@ -0,0 +1,33 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.IngesterWorker do + use Pleroma.Workers.WorkerHelper, queue: "ingestion_queue" + require Logger + + alias Pleroma.Web.Federator + + @impl Oban.Worker + def perform(%Job{args: %{"op" => "ingest", "object" => ingestee}}) do + try do + ingestee + |> Jason.decode!() + |> do_ingestion() + rescue + e -> + Logger.error("IngesterWorker error - #{inspect(e)}") + e + end + end + + defp do_ingestion(params) do + case Federator.incoming_ap_doc(params) do + {:error, reason} -> + {:error, reason} + + {:ok, object} -> + {:ok, object} + end + end +end diff --git a/lib/pleroma/web/fed_sockets/outgoing_handler.ex b/lib/pleroma/web/fed_sockets/outgoing_handler.ex new file mode 100644 index 000000000..6ddef17fe --- /dev/null +++ b/lib/pleroma/web/fed_sockets/outgoing_handler.ex @@ -0,0 +1,146 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.OutgoingHandler do + use GenServer + + require Logger + + alias Pleroma.Web.ActivityPub.InternalFetchActor + alias Pleroma.Web.FedSockets + alias Pleroma.Web.FedSockets.FedRegistry + alias Pleroma.Web.FedSockets.FedSocket + alias Pleroma.Web.FedSockets.SocketInfo + + def start_link(uri) do + GenServer.start_link(__MODULE__, %{uri: uri}) + end + + def init(%{uri: uri}) do + case initiate_connection(uri) do + {:ok, ws_origin, conn_pid} -> + FedRegistry.add_fed_socket(ws_origin, conn_pid) + + {:error, reason} -> + Logger.debug("Outgoing connection failed - #{inspect(reason)}") + :ignore + end + end + + def handle_info({:gun_ws, conn_pid, _ref, {:text, data}}, socket_info) do + socket_info = SocketInfo.touch(socket_info) + + case FedSocket.receive_package(socket_info, data) do + {:noreply, _} -> + {:noreply, socket_info} + + {:reply, reply} -> + :gun.ws_send(conn_pid, {:text, Jason.encode!(reply)}) + {:noreply, socket_info} + + {:error, reason} -> + Logger.error("incoming error - receive_package: #{inspect(reason)}") + {:noreply, socket_info} + end + end + + def handle_info(:close, state) do + Logger.debug("Sending close frame !!!!!!!") + {:close, state} + end + + def handle_info({:gun_down, _pid, _prot, :closed, _}, state) do + {:stop, :normal, state} + end + + def handle_info({:send, data}, %{conn_pid: conn_pid} = socket_info) do + socket_info = SocketInfo.touch(socket_info) + :gun.ws_send(conn_pid, {:text, data}) + {:noreply, socket_info} + end + + def handle_info({:gun_ws, _, _, :pong}, state) do + {:noreply, state, :hibernate} + end + + def handle_info(msg, state) do + Logger.debug("#{__MODULE__} unhandled event #{inspect(msg)}") + {:noreply, state} + end + + def terminate(reason, state) do + Logger.debug( + "#{__MODULE__} terminating outgoing connection for #{inspect(state)} for #{inspect(reason)}" + ) + + {:ok, state} + end + + def initiate_connection(uri) do + ws_uri = + uri + |> SocketInfo.origin() + |> FedSockets.uri_for_origin() + + %{host: host, port: port, path: path} = URI.parse(ws_uri) + + with {:ok, conn_pid} <- :gun.open(to_charlist(host), port), + {:ok, _} <- :gun.await_up(conn_pid), + reference <- :gun.get(conn_pid, to_charlist(path)), + {:response, :fin, 204, _} <- :gun.await(conn_pid, reference), + headers <- build_headers(uri), + ref <- :gun.ws_upgrade(conn_pid, to_charlist(path), headers, %{silence_pings: false}) do + receive do + {:gun_upgrade, ^conn_pid, ^ref, [<<"websocket">>], _} -> + {:ok, ws_uri, conn_pid} + after + 15_000 -> + Logger.debug("Fedsocket timeout connecting to #{inspect(uri)}") + {:error, :timeout} + end + else + {:response, :nofin, 404, _} -> + {:error, :fedsockets_not_supported} + + e -> + Logger.debug("Fedsocket error connecting to #{inspect(uri)}") + {:error, e} + end + end + + defp build_headers(uri) do + host_for_sig = uri |> URI.parse() |> host_signature() + + shake = FedSocket.shake() + digest = "SHA-256=" <> (:crypto.hash(:sha256, shake) |> Base.encode64()) + date = Pleroma.Signature.signed_date() + shake_size = byte_size(shake) + + signature_opts = %{ + "(request-target)": shake, + "content-length": to_charlist("#{shake_size}"), + date: date, + digest: digest, + host: host_for_sig + } + + signature = Pleroma.Signature.sign(InternalFetchActor.get_actor(), signature_opts) + + [ + {'signature', to_charlist(signature)}, + {'date', date}, + {'digest', to_charlist(digest)}, + {'content-length', to_charlist("#{shake_size}")}, + {to_charlist("(request-target)"), to_charlist(shake)} + ] + end + + defp host_signature(%{host: host, scheme: scheme, port: port}) do + if port == URI.default_port(scheme) do + host + else + "#{host}:#{port}" + end + end +end diff --git a/lib/pleroma/web/fed_sockets/socket_info.ex b/lib/pleroma/web/fed_sockets/socket_info.ex new file mode 100644 index 000000000..d6fdffe1a --- /dev/null +++ b/lib/pleroma/web/fed_sockets/socket_info.ex @@ -0,0 +1,52 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.SocketInfo do + defstruct origin: nil, + pid: nil, + conn_pid: nil, + state: :default, + connected_until: nil + + alias Pleroma.Web.FedSockets.SocketInfo + @default_connection_duration 15 * 60 * 1000 + + def build(uri, conn_pid \\ nil) do + uri + |> build_origin() + |> build_pids(conn_pid) + |> touch() + end + + def touch(%SocketInfo{} = socket_info), + do: %{socket_info | connected_until: new_ttl()} + + def connect(%SocketInfo{} = socket_info), + do: %{socket_info | state: :connected} + + def expired?(%{connected_until: connected_until}), + do: connected_until < :erlang.monotonic_time(:millisecond) + + def origin(uri), + do: build_origin(uri).origin + + defp build_pids(socket_info, conn_pid), + do: struct(socket_info, pid: self(), conn_pid: conn_pid) + + defp build_origin(uri) when is_binary(uri), + do: uri |> URI.parse() |> build_origin + + defp build_origin(%{host: host, port: nil, scheme: scheme}), + do: build_origin(%{host: host, port: URI.default_port(scheme)}) + + defp build_origin(%{host: host, port: port}), + do: %SocketInfo{origin: "#{host}:#{port}"} + + defp new_ttl do + connection_duration = + Pleroma.Config.get([:fed_sockets, :connection_duration], @default_connection_duration) + + :erlang.monotonic_time(:millisecond) + connection_duration + end +end diff --git a/lib/pleroma/web/fed_sockets/supervisor.ex b/lib/pleroma/web/fed_sockets/supervisor.ex new file mode 100644 index 000000000..a5f4bebfb --- /dev/null +++ b/lib/pleroma/web/fed_sockets/supervisor.ex @@ -0,0 +1,59 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.Supervisor do + use Supervisor + import Cachex.Spec + + def start_link(opts) do + Supervisor.start_link(__MODULE__, opts, name: __MODULE__) + end + + def init(args) do + children = [ + build_cache(:fed_socket_fetches, args), + build_cache(:fed_socket_rejections, args), + {Registry, keys: :unique, name: FedSockets.Registry, meta: [rejected: %{}]} + ] + + opts = [strategy: :one_for_all, name: Pleroma.Web.Streamer.Supervisor] + Supervisor.init(children, opts) + end + + defp build_cache(name, args) do + opts = get_opts(name, args) + + %{ + id: String.to_atom("#{name}_cache"), + start: {Cachex, :start_link, [name, opts]}, + type: :worker + } + end + + defp get_opts(cache_name, args) + when cache_name in [:fed_socket_fetches, :fed_socket_rejections] do + default = get_opts_or_config(args, cache_name, :default, 15_000) + interval = get_opts_or_config(args, cache_name, :interval, 3_000) + lazy = get_opts_or_config(args, cache_name, :lazy, false) + + [expiration: expiration(default: default, interval: interval, lazy: lazy)] + end + + defp get_opts(name, args) do + Keyword.get(args, name, []) + end + + defp get_opts_or_config(args, name, key, default) do + args + |> Keyword.get(name, []) + |> Keyword.get(key) + |> case do + nil -> + Pleroma.Config.get([:fed_sockets, name, key], default) + + value -> + value + end + end +end diff --git a/mix.lock b/mix.lock index a28c47017..a17e8c0fc 100644 --- a/mix.lock +++ b/mix.lock @@ -118,5 +118,5 @@ "unicode_util_compat": {:hex, :unicode_util_compat, "0.4.1", "d869e4c68901dd9531385bb0c8c40444ebf624e60b6962d95952775cac5e90cd", [:rebar3], [], "hexpm", "1d1848c40487cdb0b30e8ed975e34e025860c02e419cb615d255849f3427439d"}, "unsafe": {:hex, :unsafe, "1.0.1", "a27e1874f72ee49312e0a9ec2e0b27924214a05e3ddac90e91727bc76f8613d8", [:mix], [], "hexpm", "6c7729a2d214806450d29766abc2afaa7a2cbecf415be64f36a6691afebb50e5"}, "web_push_encryption": {:hex, :web_push_encryption, "0.3.0", "598b5135e696fd1404dc8d0d7c0fa2c027244a4e5d5e5a98ba267f14fdeaabc8", [:mix], [{:httpoison, "~> 1.0", [hex: :httpoison, repo: "hexpm", optional: false]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}], "hexpm", "f10bdd1afe527ede694749fb77a2f22f146a51b054c7fa541c9fd920fba7c875"}, - "websocket_client": {:git, "https://github.com/jeremyong/websocket_client.git", "9a6f65d05ebf2725d62fb19262b21f1805a59fbf", []}, + "websocket_client": {:git, "https://github.com/jeremyong/websocket_client.git", "9a6f65d05ebf2725d62fb19262b21f1805a59fbf", []} } diff --git a/test/web/fed_sockets/fed_registry_test.exs b/test/web/fed_sockets/fed_registry_test.exs new file mode 100644 index 000000000..19ac874d6 --- /dev/null +++ b/test/web/fed_sockets/fed_registry_test.exs @@ -0,0 +1,124 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.FedRegistryTest do + use ExUnit.Case + + alias Pleroma.Web.FedSockets + alias Pleroma.Web.FedSockets.FedRegistry + alias Pleroma.Web.FedSockets.SocketInfo + + @good_domain "http://good.domain" + @good_domain_origin "good.domain:80" + + setup do + start_supervised({Pleroma.Web.FedSockets.Supervisor, []}) + build_test_socket(@good_domain) + Process.sleep(10) + + :ok + end + + describe "add_fed_socket/1 without conflicting sockets" do + test "can be added" do + Process.sleep(10) + assert {:ok, %SocketInfo{origin: origin}} = FedRegistry.get_fed_socket(@good_domain_origin) + assert origin == "good.domain:80" + end + + test "multiple origins can be added" do + build_test_socket("http://anothergood.domain") + Process.sleep(10) + + assert {:ok, %SocketInfo{origin: origin_1}} = + FedRegistry.get_fed_socket(@good_domain_origin) + + assert {:ok, %SocketInfo{origin: origin_2}} = + FedRegistry.get_fed_socket("anothergood.domain:80") + + assert origin_1 == "good.domain:80" + assert origin_2 == "anothergood.domain:80" + assert FedRegistry.list_all() |> Enum.count() == 2 + end + end + + describe "add_fed_socket/1 when duplicate sockets conflict" do + setup do + build_test_socket(@good_domain) + build_test_socket(@good_domain) + Process.sleep(10) + :ok + end + + test "will be ignored" do + assert {:ok, %SocketInfo{origin: origin, pid: pid_one}} = + FedRegistry.get_fed_socket(@good_domain_origin) + + assert origin == "good.domain:80" + + assert FedRegistry.list_all() |> Enum.count() == 1 + end + + test "the newer process will be closed" do + pid_two = build_test_socket(@good_domain) + + assert {:ok, %SocketInfo{origin: origin, pid: pid_one}} = + FedRegistry.get_fed_socket(@good_domain_origin) + + assert origin == "good.domain:80" + Process.sleep(10) + + refute Process.alive?(pid_two) + + assert FedRegistry.list_all() |> Enum.count() == 1 + end + end + + describe "get_fed_socket/1" do + test "returns missing for unknown hosts" do + assert {:error, :missing} = FedRegistry.get_fed_socket("not_a_dmoain") + end + + test "returns rejected for hosts previously rejected" do + "rejected.domain:80" + |> FedSockets.uri_for_origin() + |> FedRegistry.set_host_rejected() + + assert {:error, :rejected} = FedRegistry.get_fed_socket("rejected.domain:80") + end + + test "can retrieve a previously added SocketInfo" do + build_test_socket(@good_domain) + Process.sleep(10) + assert {:ok, %SocketInfo{origin: origin}} = FedRegistry.get_fed_socket(@good_domain_origin) + assert origin == "good.domain:80" + end + + test "removes references to SocketInfos when the process crashes" do + assert {:ok, %SocketInfo{origin: origin, pid: pid}} = + FedRegistry.get_fed_socket(@good_domain_origin) + + assert origin == "good.domain:80" + + Process.exit(pid, :testing) + Process.sleep(100) + assert {:error, :missing} = FedRegistry.get_fed_socket(@good_domain_origin) + end + end + + def build_test_socket(uri) do + Kernel.spawn(fn -> fed_socket_almost(uri) end) + end + + def fed_socket_almost(origin) do + FedRegistry.add_fed_socket(origin) + + receive do + :close -> + :ok + after + 5_000 -> :timeout + end + end +end diff --git a/test/web/fed_sockets/fetch_registry_test.exs b/test/web/fed_sockets/fetch_registry_test.exs new file mode 100644 index 000000000..7bd2d995a --- /dev/null +++ b/test/web/fed_sockets/fetch_registry_test.exs @@ -0,0 +1,67 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.FetchRegistryTest do + use ExUnit.Case + + alias Pleroma.Web.FedSockets.FetchRegistry + alias Pleroma.Web.FedSockets.FetchRegistry.FetchRegistryData + + @json_message "hello" + @json_reply "hello back" + + setup do + start_supervised( + {Pleroma.Web.FedSockets.Supervisor, + [ + ping_interval: 8, + connection_duration: 15, + rejection_duration: 5, + fed_socket_fetches: [default: 10, interval: 10] + ]} + ) + + :ok + end + + test "fetches can be stored" do + uuid = FetchRegistry.register_fetch(@json_message) + + assert {:error, :waiting} = FetchRegistry.check_fetch(uuid) + end + + test "fetches can return" do + uuid = FetchRegistry.register_fetch(@json_message) + task = Task.async(fn -> FetchRegistry.register_fetch_received(uuid, @json_reply) end) + + assert {:error, :waiting} = FetchRegistry.check_fetch(uuid) + Task.await(task) + + assert {:ok, %FetchRegistryData{received_json: received_json}} = + FetchRegistry.check_fetch(uuid) + + assert received_json == @json_reply + end + + test "fetches are deleted once popped from stack" do + uuid = FetchRegistry.register_fetch(@json_message) + task = Task.async(fn -> FetchRegistry.register_fetch_received(uuid, @json_reply) end) + Task.await(task) + + assert {:ok, %FetchRegistryData{received_json: received_json}} = + FetchRegistry.check_fetch(uuid) + + assert received_json == @json_reply + assert {:ok, @json_reply} = FetchRegistry.pop_fetch(uuid) + + assert {:error, :missing} = FetchRegistry.check_fetch(uuid) + end + + test "fetches can time out" do + uuid = FetchRegistry.register_fetch(@json_message) + assert {:error, :waiting} = FetchRegistry.check_fetch(uuid) + Process.sleep(500) + assert {:error, :missing} = FetchRegistry.check_fetch(uuid) + end +end diff --git a/test/web/fed_sockets/socket_info_test.exs b/test/web/fed_sockets/socket_info_test.exs new file mode 100644 index 000000000..db3d6edcd --- /dev/null +++ b/test/web/fed_sockets/socket_info_test.exs @@ -0,0 +1,118 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.FedSockets.SocketInfoTest do + use ExUnit.Case + + alias Pleroma.Web.FedSockets + alias Pleroma.Web.FedSockets.SocketInfo + + describe "uri_for_origin" do + test "provides the fed_socket URL given the origin information" do + endpoint = "example.com:4000" + assert FedSockets.uri_for_origin(endpoint) =~ "ws://" + assert FedSockets.uri_for_origin(endpoint) =~ endpoint + end + end + + describe "origin" do + test "will provide the origin field given a url" do + endpoint = "example.com:4000" + assert SocketInfo.origin("ws://#{endpoint}") == endpoint + assert SocketInfo.origin("http://#{endpoint}") == endpoint + assert SocketInfo.origin("https://#{endpoint}") == endpoint + end + + test "will proide the origin field given a uri" do + endpoint = "example.com:4000" + uri = URI.parse("http://#{endpoint}") + + assert SocketInfo.origin(uri) == endpoint + end + end + + describe "touch" do + test "will update the TTL" do + endpoint = "example.com:4000" + socket = SocketInfo.build("ws://#{endpoint}") + Process.sleep(2) + touched_socket = SocketInfo.touch(socket) + + assert socket.connected_until < touched_socket.connected_until + end + end + + describe "expired?" do + setup do + start_supervised( + {Pleroma.Web.FedSockets.Supervisor, + [ + ping_interval: 8, + connection_duration: 5, + rejection_duration: 5, + fed_socket_rejections: [lazy: true] + ]} + ) + + :ok + end + + test "tests if the TTL is exceeded" do + endpoint = "example.com:4000" + socket = SocketInfo.build("ws://#{endpoint}") + refute SocketInfo.expired?(socket) + Process.sleep(10) + + assert SocketInfo.expired?(socket) + end + end + + describe "creating outgoing connection records" do + test "can be passed a string" do + assert %{conn_pid: :pid, origin: _origin} = SocketInfo.build("example.com:4000", :pid) + end + + test "can be passed a URI" do + uri = URI.parse("http://example.com:4000") + assert %{conn_pid: :pid, origin: origin} = SocketInfo.build(uri, :pid) + assert origin =~ "example.com:4000" + end + + test "will include the port number" do + assert %{conn_pid: :pid, origin: origin} = SocketInfo.build("http://example.com:4000", :pid) + + assert origin =~ ":4000" + end + + test "will provide the port if missing" do + assert %{conn_pid: :pid, origin: "example.com:80"} = + SocketInfo.build("http://example.com", :pid) + + assert %{conn_pid: :pid, origin: "example.com:443"} = + SocketInfo.build("https://example.com", :pid) + end + end + + describe "creating incoming connection records" do + test "can be passed a string" do + assert %{pid: _, origin: _origin} = SocketInfo.build("example.com:4000") + end + + test "can be passed a URI" do + uri = URI.parse("example.com:4000") + assert %{pid: _, origin: _origin} = SocketInfo.build(uri) + end + + test "will include the port number" do + assert %{pid: _, origin: origin} = SocketInfo.build("http://example.com:4000") + + assert origin =~ ":4000" + end + + test "will provide the port if missing" do + assert %{pid: _, origin: "example.com:80"} = SocketInfo.build("http://example.com") + assert %{pid: _, origin: "example.com:443"} = SocketInfo.build("https://example.com") + end + end +end From 26c571df339ebfdadf760f75871b9343131a2d81 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 18 Sep 2020 16:09:37 +0300 Subject: [PATCH 250/264] FedSockets: fix log spam on cached rejects --- lib/pleroma/web/fed_sockets/fed_sockets.ex | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/pleroma/web/fed_sockets/fed_sockets.ex b/lib/pleroma/web/fed_sockets/fed_sockets.ex index 035d54796..1fd5899c8 100644 --- a/lib/pleroma/web/fed_sockets/fed_sockets.ex +++ b/lib/pleroma/web/fed_sockets/fed_sockets.ex @@ -104,6 +104,9 @@ def get_or_create_fed_socket(address) do Logger.debug("fedsocket found in cache - #{inspect(address)}") {:ok, socket} + {:cache, {:error, :rejected} = e} -> + e + {:connect, {:error, _host}} -> Logger.debug("set host rejected for - #{inspect(address)}") FedRegistry.set_host_rejected(address) From 26859c549c58901bbcc9dde009fd1cb81f6eb292 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 18 Sep 2020 17:49:15 -0500 Subject: [PATCH 251/264] Add user agent to fedsocket requests --- lib/pleroma/web/fed_sockets/outgoing_handler.ex | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/fed_sockets/outgoing_handler.ex b/lib/pleroma/web/fed_sockets/outgoing_handler.ex index 6ddef17fe..3ff4a85e3 100644 --- a/lib/pleroma/web/fed_sockets/outgoing_handler.ex +++ b/lib/pleroma/web/fed_sockets/outgoing_handler.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.FedSockets.OutgoingHandler do require Logger + alias Pleroma.Application alias Pleroma.Web.ActivityPub.InternalFetchActor alias Pleroma.Web.FedSockets alias Pleroma.Web.FedSockets.FedRegistry @@ -87,7 +88,10 @@ def initiate_connection(uri) do with {:ok, conn_pid} <- :gun.open(to_charlist(host), port), {:ok, _} <- :gun.await_up(conn_pid), - reference <- :gun.get(conn_pid, to_charlist(path)), + reference <- + :gun.get(conn_pid, to_charlist(path), [ + {'user-agent', to_charlist(Application.user_agent())} + ]), {:response, :fin, 204, _} <- :gun.await(conn_pid, reference), headers <- build_headers(uri), ref <- :gun.ws_upgrade(conn_pid, to_charlist(path), headers, %{silence_pings: false}) do @@ -132,7 +136,8 @@ defp build_headers(uri) do {'date', date}, {'digest', to_charlist(digest)}, {'content-length', to_charlist("#{shake_size}")}, - {to_charlist("(request-target)"), to_charlist(shake)} + {to_charlist("(request-target)"), to_charlist(shake)}, + {'user-agent', to_charlist(Application.user_agent())} ] end From 51116b539201eb99fa89cabc88a08f92c67bfeca Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sat, 19 Sep 2020 00:50:00 +0300 Subject: [PATCH 252/264] OpenAPI: fix various errors pointed out by editor.swagger.io --- lib/pleroma/web/api_spec/helpers.ex | 6 +++++- lib/pleroma/web/api_spec/operations/account_operation.ex | 7 +++++-- .../web/api_spec/operations/custom_emoji_operation.ex | 2 +- .../web/api_spec/operations/emoji_reaction_operation.ex | 2 +- lib/pleroma/web/api_spec/operations/list_operation.ex | 3 +-- lib/pleroma/web/api_spec/schemas/chat_message.ex | 3 ++- lib/pleroma/web/api_spec/schemas/scheduled_status.ex | 4 ++-- 7 files changed, 17 insertions(+), 10 deletions(-) diff --git a/lib/pleroma/web/api_spec/helpers.ex b/lib/pleroma/web/api_spec/helpers.ex index 2a7f1a706..34de2ed57 100644 --- a/lib/pleroma/web/api_spec/helpers.ex +++ b/lib/pleroma/web/api_spec/helpers.ex @@ -72,7 +72,11 @@ def empty_object_response do end def empty_array_response do - Operation.response("Empty array", "application/json", %Schema{type: :array, example: []}) + Operation.response("Empty array", "application/json", %Schema{ + type: :array, + items: %Schema{type: :object, example: %{}}, + example: [] + }) end def no_content_response do diff --git a/lib/pleroma/web/api_spec/operations/account_operation.ex b/lib/pleroma/web/api_spec/operations/account_operation.ex index aaebc9b5c..d90ddb787 100644 --- a/lib/pleroma/web/api_spec/operations/account_operation.ex +++ b/lib/pleroma/web/api_spec/operations/account_operation.ex @@ -372,6 +372,10 @@ def identity_proofs_operation do tags: ["accounts"], summary: "Identity proofs", operationId: "AccountController.identity_proofs", + # Validators complains about unused path params otherwise + parameters: [ + %Reference{"$ref": "#/components/parameters/accountIdOrNickname"} + ], description: "Not implemented", responses: %{ 200 => empty_array_response() @@ -469,7 +473,6 @@ defp create_response do identifier: %Schema{type: :string}, message: %Schema{type: :string} }, - required: [], # Note: example of successful registration with failed login response: # example: %{ # "identifier" => "missing_confirmed_email", @@ -530,7 +533,7 @@ defp update_credentials_request do nullable: true, oneOf: [ %Schema{type: :array, items: attribute_field()}, - %Schema{type: :object, additionalProperties: %Schema{type: attribute_field()}} + %Schema{type: :object, additionalProperties: attribute_field()} ] }, # NOTE: `source` field is not supported diff --git a/lib/pleroma/web/api_spec/operations/custom_emoji_operation.ex b/lib/pleroma/web/api_spec/operations/custom_emoji_operation.ex index 2f812ac77..5ff263ceb 100644 --- a/lib/pleroma/web/api_spec/operations/custom_emoji_operation.ex +++ b/lib/pleroma/web/api_spec/operations/custom_emoji_operation.ex @@ -69,7 +69,7 @@ defp custom_emoji do type: :object, properties: %{ category: %Schema{type: :string}, - tags: %Schema{type: :array} + tags: %Schema{type: :array, items: %Schema{type: :string}} } } ], diff --git a/lib/pleroma/web/api_spec/operations/emoji_reaction_operation.ex b/lib/pleroma/web/api_spec/operations/emoji_reaction_operation.ex index 1a49fece0..745d41f88 100644 --- a/lib/pleroma/web/api_spec/operations/emoji_reaction_operation.ex +++ b/lib/pleroma/web/api_spec/operations/emoji_reaction_operation.ex @@ -23,7 +23,7 @@ def index_operation do parameters: [ Operation.parameter(:id, :path, FlakeID, "Status ID", required: true), Operation.parameter(:emoji, :path, :string, "Filter by a single unicode emoji", - required: false + required: nil ) ], security: [%{"oAuth" => ["read:statuses"]}], diff --git a/lib/pleroma/web/api_spec/operations/list_operation.ex b/lib/pleroma/web/api_spec/operations/list_operation.ex index 15039052e..f6e73968a 100644 --- a/lib/pleroma/web/api_spec/operations/list_operation.ex +++ b/lib/pleroma/web/api_spec/operations/list_operation.ex @@ -187,8 +187,7 @@ defp add_remove_accounts_request(required) when is_boolean(required) do type: :object, properties: %{ account_ids: %Schema{type: :array, description: "Array of account IDs", items: FlakeID} - }, - required: required && [:account_ids] + } }, required: required ) diff --git a/lib/pleroma/web/api_spec/schemas/chat_message.ex b/lib/pleroma/web/api_spec/schemas/chat_message.ex index bbf2a4427..9d2799618 100644 --- a/lib/pleroma/web/api_spec/schemas/chat_message.ex +++ b/lib/pleroma/web/api_spec/schemas/chat_message.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.ApiSpec.Schemas.ChatMessage do alias OpenApiSpex.Schema + alias Pleroma.Web.ApiSpec.Schemas.Emoji require OpenApiSpex @@ -18,7 +19,7 @@ defmodule Pleroma.Web.ApiSpec.Schemas.ChatMessage do chat_id: %Schema{type: :string}, content: %Schema{type: :string, nullable: true}, created_at: %Schema{type: :string, format: :"date-time"}, - emojis: %Schema{type: :array}, + emojis: %Schema{type: :array, items: Emoji}, attachment: %Schema{type: :object, nullable: true}, card: %Schema{ type: :object, diff --git a/lib/pleroma/web/api_spec/schemas/scheduled_status.ex b/lib/pleroma/web/api_spec/schemas/scheduled_status.ex index 0520d0848..addefa9d3 100644 --- a/lib/pleroma/web/api_spec/schemas/scheduled_status.ex +++ b/lib/pleroma/web/api_spec/schemas/scheduled_status.ex @@ -27,9 +27,9 @@ defmodule Pleroma.Web.ApiSpec.Schemas.ScheduledStatus do media_ids: %Schema{type: :array, nullable: true, items: %Schema{type: :string}}, sensitive: %Schema{type: :boolean, nullable: true}, spoiler_text: %Schema{type: :string, nullable: true}, - visibility: %Schema{type: VisibilityScope, nullable: true}, + visibility: %Schema{allOf: [VisibilityScope], nullable: true}, scheduled_at: %Schema{type: :string, format: :"date-time", nullable: true}, - poll: %Schema{type: Poll, nullable: true}, + poll: %Schema{allOf: [Poll], nullable: true}, in_reply_to_id: %Schema{type: :string, nullable: true} } } From 4b12e071ac7ea87c91f6192cc0da90c32e846ca4 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Sat, 19 Sep 2020 00:50:38 +0300 Subject: [PATCH 253/264] OpenAPI: make it possible to generate a spec without starting the app Needed for api docs generation on pleroma.social that will come later --- lib/pleroma/web/api_spec.ex | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/api_spec.ex b/lib/pleroma/web/api_spec.ex index 79fd5f871..93a5273e3 100644 --- a/lib/pleroma/web/api_spec.ex +++ b/lib/pleroma/web/api_spec.ex @@ -13,10 +13,15 @@ defmodule Pleroma.Web.ApiSpec do @impl OpenApi def spec do %OpenApi{ - servers: [ - # Populate the Server info from a phoenix endpoint - OpenApiSpex.Server.from_endpoint(Endpoint) - ], + servers: + if Phoenix.Endpoint.server?(:pleroma, Endpoint) do + [ + # Populate the Server info from a phoenix endpoint + OpenApiSpex.Server.from_endpoint(Endpoint) + ] + else + [] + end, info: %OpenApiSpex.Info{ title: "Pleroma", description: Application.spec(:pleroma, :description) |> to_string(), From 60b025b782eb27b86a791451149b6690431371dc Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Sat, 19 Sep 2020 19:16:55 +0300 Subject: [PATCH 254/264] [#2074] OAuth scope checking in Streaming API. --- lib/pleroma/plugs/oauth_scopes_plug.ex | 2 +- .../web/mastodon_api/websocket_handler.ex | 10 +- lib/pleroma/web/streamer/streamer.ex | 70 ++- test/integration/mastodon_websocket_test.exs | 2 +- test/notification_test.exs | 8 +- test/support/data_case.ex | 15 + test/web/streamer/streamer_test.exs | 408 +++++++++++------- 7 files changed, 332 insertions(+), 183 deletions(-) diff --git a/lib/pleroma/plugs/oauth_scopes_plug.ex b/lib/pleroma/plugs/oauth_scopes_plug.ex index efc25b79f..b1a736d78 100644 --- a/lib/pleroma/plugs/oauth_scopes_plug.ex +++ b/lib/pleroma/plugs/oauth_scopes_plug.ex @@ -53,7 +53,7 @@ def drop_auth_info(conn) do |> assign(:token, nil) end - @doc "Filters descendants of supported scopes" + @doc "Keeps those of `scopes` which are descendants of `supported_scopes`" def filter_descendants(scopes, supported_scopes) do Enum.filter( scopes, diff --git a/lib/pleroma/web/mastodon_api/websocket_handler.ex b/lib/pleroma/web/mastodon_api/websocket_handler.ex index cf923ded8..439cdd716 100644 --- a/lib/pleroma/web/mastodon_api/websocket_handler.ex +++ b/lib/pleroma/web/mastodon_api/websocket_handler.ex @@ -23,8 +23,8 @@ def init(%{qs: qs} = req, state) do with params <- Enum.into(:cow_qs.parse_qs(qs), %{}), sec_websocket <- :cowboy_req.header("sec-websocket-protocol", req, nil), access_token <- Map.get(params, "access_token"), - {:ok, user} <- authenticate_request(access_token, sec_websocket), - {:ok, topic} <- Streamer.get_topic(Map.get(params, "stream"), user, params) do + {:ok, user, oauth_token} <- authenticate_request(access_token, sec_websocket), + {:ok, topic} <- Streamer.get_topic(params["stream"], user, oauth_token, params) do req = if sec_websocket do :cowboy_req.set_resp_header("sec-websocket-protocol", sec_websocket, req) @@ -117,7 +117,7 @@ def terminate(reason, _req, state) do # Public streams without authentication. defp authenticate_request(nil, nil) do - {:ok, nil} + {:ok, nil, nil} end # Authenticated streams. @@ -125,9 +125,9 @@ defp authenticate_request(access_token, sec_websocket) do token = access_token || sec_websocket with true <- is_bitstring(token), - %Token{user_id: user_id} <- Repo.get_by(Token, token: token), + oauth_token = %Token{user_id: user_id} <- Repo.get_by(Token, token: token), user = %User{} <- User.get_cached_by_id(user_id) do - {:ok, user} + {:ok, user, oauth_token} else _ -> {:error, :unauthorized} end diff --git a/lib/pleroma/web/streamer/streamer.ex b/lib/pleroma/web/streamer/streamer.ex index d1d70e556..5475f18a6 100644 --- a/lib/pleroma/web/streamer/streamer.ex +++ b/lib/pleroma/web/streamer/streamer.ex @@ -11,10 +11,12 @@ defmodule Pleroma.Web.Streamer do alias Pleroma.Conversation.Participation alias Pleroma.Notification alias Pleroma.Object + alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.Visibility alias Pleroma.Web.CommonAPI + alias Pleroma.Web.OAuth.Token alias Pleroma.Web.StreamerView @mix_env Mix.env() @@ -26,53 +28,87 @@ def registry, do: @registry @user_streams ["user", "user:notification", "direct", "user:pleroma_chat"] @doc "Expands and authorizes a stream, and registers the process for streaming." - @spec get_topic_and_add_socket(stream :: String.t(), User.t() | nil, Map.t() | nil) :: + @spec get_topic_and_add_socket( + stream :: String.t(), + User.t() | nil, + Token.t() | nil, + Map.t() | nil + ) :: {:ok, topic :: String.t()} | {:error, :bad_topic} | {:error, :unauthorized} - def get_topic_and_add_socket(stream, user, params \\ %{}) do - case get_topic(stream, user, params) do + def get_topic_and_add_socket(stream, user, oauth_token, params \\ %{}) do + case get_topic(stream, user, oauth_token, params) do {:ok, topic} -> add_socket(topic, user) error -> error end end @doc "Expand and authorizes a stream" - @spec get_topic(stream :: String.t(), User.t() | nil, Map.t()) :: + @spec get_topic(stream :: String.t(), User.t() | nil, Token.t() | nil, Map.t()) :: {:ok, topic :: String.t()} | {:error, :bad_topic} - def get_topic(stream, user, params \\ %{}) + def get_topic(stream, user, oauth_token, params \\ %{}) # Allow all public steams. - def get_topic(stream, _, _) when stream in @public_streams do + def get_topic(stream, _user, _oauth_token, _params) when stream in @public_streams do {:ok, stream} end # Allow all hashtags streams. - def get_topic("hashtag", _, %{"tag" => tag}) do + def get_topic("hashtag", _user, _oauth_token, %{"tag" => tag} = _params) do {:ok, "hashtag:" <> tag} end # Expand user streams. - def get_topic(stream, %User{} = user, _) when stream in @user_streams do - {:ok, stream <> ":" <> to_string(user.id)} + def get_topic( + stream, + %User{id: user_id} = user, + %Token{user_id: token_user_id} = oauth_token, + _params + ) + when stream in @user_streams and user_id == token_user_id do + # Note: "read" works for all user streams (not mentioning it since it's an ancestor scope) + required_scopes = + if stream == "user:notification" do + ["read:notifications"] + else + ["read:statuses"] + end + + if OAuthScopesPlug.filter_descendants(required_scopes, oauth_token.scopes) == [] do + {:error, :unauthorized} + else + {:ok, stream <> ":" <> to_string(user.id)} + end end - def get_topic(stream, _, _) when stream in @user_streams do + def get_topic(stream, _user, _oauth_token, _params) when stream in @user_streams do {:error, :unauthorized} end # List streams. - def get_topic("list", %User{} = user, %{"list" => id}) do - if Pleroma.List.get(id, user) do - {:ok, "list:" <> to_string(id)} - else - {:error, :bad_topic} + def get_topic( + "list", + %User{id: user_id} = user, + %Token{user_id: token_user_id} = oauth_token, + %{"list" => id} + ) + when user_id == token_user_id do + cond do + OAuthScopesPlug.filter_descendants(["read", "read:lists"], oauth_token.scopes) == [] -> + {:error, :unauthorized} + + Pleroma.List.get(id, user) -> + {:ok, "list:" <> to_string(id)} + + true -> + {:error, :bad_topic} end end - def get_topic("list", _, _) do + def get_topic("list", _user, _oauth_token, _params) do {:error, :unauthorized} end - def get_topic(_, _, _) do + def get_topic(_stream, _user, _oauth_token, _params) do {:error, :bad_topic} end diff --git a/test/integration/mastodon_websocket_test.exs b/test/integration/mastodon_websocket_test.exs index 76fbc8bda..0f2e6cc2b 100644 --- a/test/integration/mastodon_websocket_test.exs +++ b/test/integration/mastodon_websocket_test.exs @@ -78,7 +78,7 @@ test "receives well formatted events" do Pleroma.Repo.insert( OAuth.App.register_changeset(%OAuth.App{}, %{ client_name: "client", - scopes: ["scope"], + scopes: ["read"], redirect_uris: "url" }) ) diff --git a/test/notification_test.exs b/test/notification_test.exs index a09b08675..f2e0f0b0d 100644 --- a/test/notification_test.exs +++ b/test/notification_test.exs @@ -179,17 +179,19 @@ test "does not create a notification for subscribed users if status is a reply" describe "create_notification" do @tag needs_streamer: true test "it creates a notification for user and send to the 'user' and the 'user:notification' stream" do - user = insert(:user) + %{user: user, token: oauth_token} = oauth_access(["read"]) task = Task.async(fn -> - Streamer.get_topic_and_add_socket("user", user) + {:ok, _topic} = Streamer.get_topic_and_add_socket("user", user, oauth_token) assert_receive {:render_with_user, _, _, _}, 4_000 end) task_user_notification = Task.async(fn -> - Streamer.get_topic_and_add_socket("user:notification", user) + {:ok, _topic} = + Streamer.get_topic_and_add_socket("user:notification", user, oauth_token) + assert_receive {:render_with_user, _, _, _}, 4_000 end) diff --git a/test/support/data_case.ex b/test/support/data_case.ex index ba8848952..d5456521c 100644 --- a/test/support/data_case.ex +++ b/test/support/data_case.ex @@ -27,6 +27,21 @@ defmodule Pleroma.DataCase do import Ecto.Query import Pleroma.DataCase use Pleroma.Tests.Helpers + + # Sets up OAuth access with specified scopes + defp oauth_access(scopes, opts \\ []) do + user = + Keyword.get_lazy(opts, :user, fn -> + Pleroma.Factory.insert(:user) + end) + + token = + Keyword.get_lazy(opts, :oauth_token, fn -> + Pleroma.Factory.insert(:oauth_token, user: user, scopes: scopes) + end) + + %{user: user, token: token} + end end end diff --git a/test/web/streamer/streamer_test.exs b/test/web/streamer/streamer_test.exs index d56d74464..185724a9f 100644 --- a/test/web/streamer/streamer_test.exs +++ b/test/web/streamer/streamer_test.exs @@ -21,92 +21,148 @@ defmodule Pleroma.Web.StreamerTest do setup do: clear_config([:instance, :skip_thread_containment]) - describe "get_topic without an user" do + describe "get_topic/_ (unauthenticated)" do test "allows public" do - assert {:ok, "public"} = Streamer.get_topic("public", nil) - assert {:ok, "public:local"} = Streamer.get_topic("public:local", nil) - assert {:ok, "public:media"} = Streamer.get_topic("public:media", nil) - assert {:ok, "public:local:media"} = Streamer.get_topic("public:local:media", nil) + assert {:ok, "public"} = Streamer.get_topic("public", nil, nil) + assert {:ok, "public:local"} = Streamer.get_topic("public:local", nil, nil) + assert {:ok, "public:media"} = Streamer.get_topic("public:media", nil, nil) + assert {:ok, "public:local:media"} = Streamer.get_topic("public:local:media", nil, nil) end test "allows hashtag streams" do - assert {:ok, "hashtag:cofe"} = Streamer.get_topic("hashtag", nil, %{"tag" => "cofe"}) + assert {:ok, "hashtag:cofe"} = Streamer.get_topic("hashtag", nil, nil, %{"tag" => "cofe"}) end test "disallows user streams" do - assert {:error, _} = Streamer.get_topic("user", nil) - assert {:error, _} = Streamer.get_topic("user:notification", nil) - assert {:error, _} = Streamer.get_topic("direct", nil) + assert {:error, _} = Streamer.get_topic("user", nil, nil) + assert {:error, _} = Streamer.get_topic("user:notification", nil, nil) + assert {:error, _} = Streamer.get_topic("direct", nil, nil) end test "disallows list streams" do - assert {:error, _} = Streamer.get_topic("list", nil, %{"list" => 42}) + assert {:error, _} = Streamer.get_topic("list", nil, nil, %{"list" => 42}) end end - describe "get_topic with an user" do - setup do - user = insert(:user) - {:ok, %{user: user}} + describe "get_topic/_ (authenticated)" do + setup do: oauth_access(["read"]) + + test "allows public streams (regardless of OAuth token scopes)", %{ + user: user, + token: read_oauth_token + } do + with oauth_token <- [nil, read_oauth_token] do + assert {:ok, "public"} = Streamer.get_topic("public", user, oauth_token) + assert {:ok, "public:local"} = Streamer.get_topic("public:local", user, oauth_token) + assert {:ok, "public:media"} = Streamer.get_topic("public:media", user, oauth_token) + + assert {:ok, "public:local:media"} = + Streamer.get_topic("public:local:media", user, oauth_token) + end end - test "allows public streams", %{user: user} do - assert {:ok, "public"} = Streamer.get_topic("public", user) - assert {:ok, "public:local"} = Streamer.get_topic("public:local", user) - assert {:ok, "public:media"} = Streamer.get_topic("public:media", user) - assert {:ok, "public:local:media"} = Streamer.get_topic("public:local:media", user) - end + test "allows user streams (with proper OAuth token scopes)", %{ + user: user, + token: read_oauth_token + } do + %{token: read_notifications_token} = oauth_access(["read:notifications"], user: user) + %{token: read_statuses_token} = oauth_access(["read:statuses"], user: user) + %{token: badly_scoped_token} = oauth_access(["irrelevant:scope"], user: user) - test "allows user streams", %{user: user} do expected_user_topic = "user:#{user.id}" - expected_notif_topic = "user:notification:#{user.id}" + expected_notification_topic = "user:notification:#{user.id}" expected_direct_topic = "direct:#{user.id}" - assert {:ok, ^expected_user_topic} = Streamer.get_topic("user", user) - assert {:ok, ^expected_notif_topic} = Streamer.get_topic("user:notification", user) - assert {:ok, ^expected_direct_topic} = Streamer.get_topic("direct", user) + expected_pleroma_chat_topic = "user:pleroma_chat:#{user.id}" + + for valid_user_token <- [read_oauth_token, read_statuses_token] do + assert {:ok, ^expected_user_topic} = Streamer.get_topic("user", user, valid_user_token) + + assert {:ok, ^expected_direct_topic} = + Streamer.get_topic("direct", user, valid_user_token) + + assert {:ok, ^expected_pleroma_chat_topic} = + Streamer.get_topic("user:pleroma_chat", user, valid_user_token) + end + + for invalid_user_token <- [read_notifications_token, badly_scoped_token], + user_topic <- ["user", "direct", "user:pleroma_chat"] do + assert {:error, :unauthorized} = Streamer.get_topic(user_topic, user, invalid_user_token) + end + + for valid_notification_token <- [read_oauth_token, read_notifications_token] do + assert {:ok, ^expected_notification_topic} = + Streamer.get_topic("user:notification", user, valid_notification_token) + end + + for invalid_notification_token <- [read_statuses_token, badly_scoped_token] do + assert {:error, :unauthorized} = + Streamer.get_topic("user:notification", user, invalid_notification_token) + end end - test "allows hashtag streams", %{user: user} do - assert {:ok, "hashtag:cofe"} = Streamer.get_topic("hashtag", user, %{"tag" => "cofe"}) + test "allows hashtag streams (regardless of OAuth token scopes)", %{ + user: user, + token: read_oauth_token + } do + for oauth_token <- [nil, read_oauth_token] do + assert {:ok, "hashtag:cofe"} = + Streamer.get_topic("hashtag", user, oauth_token, %{"tag" => "cofe"}) + end end - test "disallows registering to an user stream", %{user: user} do + test "disallows registering to another user's stream", %{user: user, token: read_oauth_token} do another_user = insert(:user) - assert {:error, _} = Streamer.get_topic("user:#{another_user.id}", user) - assert {:error, _} = Streamer.get_topic("user:notification:#{another_user.id}", user) - assert {:error, _} = Streamer.get_topic("direct:#{another_user.id}", user) + assert {:error, _} = Streamer.get_topic("user:#{another_user.id}", user, read_oauth_token) + + assert {:error, _} = + Streamer.get_topic("user:notification:#{another_user.id}", user, read_oauth_token) + + assert {:error, _} = Streamer.get_topic("direct:#{another_user.id}", user, read_oauth_token) end - test "allows list stream that are owned by the user", %{user: user} do + test "allows list stream that are owned by the user (with `read` or `read:lists` scopes)", %{ + user: user, + token: read_oauth_token + } do + %{token: read_lists_token} = oauth_access(["read:lists"], user: user) + %{token: invalid_token} = oauth_access(["irrelevant:scope"], user: user) {:ok, list} = List.create("Test", user) - assert {:error, _} = Streamer.get_topic("list:#{list.id}", user) - assert {:ok, _} = Streamer.get_topic("list", user, %{"list" => list.id}) + + assert {:error, _} = Streamer.get_topic("list:#{list.id}", user, read_oauth_token) + + for valid_token <- [read_oauth_token, read_lists_token] do + assert {:ok, _} = Streamer.get_topic("list", user, valid_token, %{"list" => list.id}) + end + + assert {:error, _} = Streamer.get_topic("list", user, invalid_token, %{"list" => list.id}) end - test "disallows list stream that are not owned by the user", %{user: user} do + test "disallows list stream that are not owned by the user", %{user: user, token: oauth_token} do another_user = insert(:user) {:ok, list} = List.create("Test", another_user) - assert {:error, _} = Streamer.get_topic("list:#{list.id}", user) - assert {:error, _} = Streamer.get_topic("list", user, %{"list" => list.id}) + + assert {:error, _} = Streamer.get_topic("list:#{list.id}", user, oauth_token) + assert {:error, _} = Streamer.get_topic("list", user, oauth_token, %{"list" => list.id}) end end describe "user streams" do setup do - user = insert(:user) + %{user: user, token: token} = oauth_access(["read"]) notify = insert(:notification, user: user, activity: build(:note_activity)) - {:ok, %{user: user, notify: notify}} + {:ok, %{user: user, notify: notify, token: token}} end - test "it streams the user's post in the 'user' stream", %{user: user} do - Streamer.get_topic_and_add_socket("user", user) + test "it streams the user's post in the 'user' stream", %{user: user, token: oauth_token} do + Streamer.get_topic_and_add_socket("user", user, oauth_token) {:ok, activity} = CommonAPI.post(user, %{status: "hey"}) + assert_receive {:render_with_user, _, _, ^activity} refute Streamer.filtered_by_user?(user, activity) end - test "it streams boosts of the user in the 'user' stream", %{user: user} do - Streamer.get_topic_and_add_socket("user", user) + test "it streams boosts of the user in the 'user' stream", %{user: user, token: oauth_token} do + Streamer.get_topic_and_add_socket("user", user, oauth_token) other_user = insert(:user) {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"}) @@ -117,9 +173,10 @@ test "it streams boosts of the user in the 'user' stream", %{user: user} do end test "it does not stream announces of the user's own posts in the 'user' stream", %{ - user: user + user: user, + token: oauth_token } do - Streamer.get_topic_and_add_socket("user", user) + Streamer.get_topic_and_add_socket("user", user, oauth_token) other_user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{status: "hey"}) @@ -129,9 +186,10 @@ test "it does not stream announces of the user's own posts in the 'user' stream" end test "it does stream notifications announces of the user's own posts in the 'user' stream", %{ - user: user + user: user, + token: oauth_token } do - Streamer.get_topic_and_add_socket("user", user) + Streamer.get_topic_and_add_socket("user", user, oauth_token) other_user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{status: "hey"}) @@ -145,8 +203,11 @@ test "it does stream notifications announces of the user's own posts in the 'use refute Streamer.filtered_by_user?(user, notification) end - test "it streams boosts of mastodon user in the 'user' stream", %{user: user} do - Streamer.get_topic_and_add_socket("user", user) + test "it streams boosts of mastodon user in the 'user' stream", %{ + user: user, + token: oauth_token + } do + Streamer.get_topic_and_add_socket("user", user, oauth_token) other_user = insert(:user) {:ok, activity} = CommonAPI.post(other_user, %{status: "hey"}) @@ -164,21 +225,34 @@ test "it streams boosts of mastodon user in the 'user' stream", %{user: user} do refute Streamer.filtered_by_user?(user, announce) end - test "it sends notify to in the 'user' stream", %{user: user, notify: notify} do - Streamer.get_topic_and_add_socket("user", user) + test "it sends notify to in the 'user' stream", %{ + user: user, + token: oauth_token, + notify: notify + } do + Streamer.get_topic_and_add_socket("user", user, oauth_token) Streamer.stream("user", notify) + assert_receive {:render_with_user, _, _, ^notify} refute Streamer.filtered_by_user?(user, notify) end - test "it sends notify to in the 'user:notification' stream", %{user: user, notify: notify} do - Streamer.get_topic_and_add_socket("user:notification", user) + test "it sends notify to in the 'user:notification' stream", %{ + user: user, + token: oauth_token, + notify: notify + } do + Streamer.get_topic_and_add_socket("user:notification", user, oauth_token) Streamer.stream("user:notification", notify) + assert_receive {:render_with_user, _, _, ^notify} refute Streamer.filtered_by_user?(user, notify) end - test "it sends chat messages to the 'user:pleroma_chat' stream", %{user: user} do + test "it sends chat messages to the 'user:pleroma_chat' stream", %{ + user: user, + token: oauth_token + } do other_user = insert(:user) {:ok, create_activity} = CommonAPI.post_chat_message(other_user, user, "hey cirno") @@ -187,7 +261,7 @@ test "it sends chat messages to the 'user:pleroma_chat' stream", %{user: user} d cm_ref = MessageReference.for_chat_and_object(chat, object) cm_ref = %{cm_ref | chat: chat, object: object} - Streamer.get_topic_and_add_socket("user:pleroma_chat", user) + Streamer.get_topic_and_add_socket("user:pleroma_chat", user, oauth_token) Streamer.stream("user:pleroma_chat", {user, cm_ref}) text = StreamerView.render("chat_update.json", %{chat_message_reference: cm_ref}) @@ -196,7 +270,7 @@ test "it sends chat messages to the 'user:pleroma_chat' stream", %{user: user} d assert_receive {:text, ^text} end - test "it sends chat messages to the 'user' stream", %{user: user} do + test "it sends chat messages to the 'user' stream", %{user: user, token: oauth_token} do other_user = insert(:user) {:ok, create_activity} = CommonAPI.post_chat_message(other_user, user, "hey cirno") @@ -205,7 +279,7 @@ test "it sends chat messages to the 'user' stream", %{user: user} do cm_ref = MessageReference.for_chat_and_object(chat, object) cm_ref = %{cm_ref | chat: chat, object: object} - Streamer.get_topic_and_add_socket("user", user) + Streamer.get_topic_and_add_socket("user", user, oauth_token) Streamer.stream("user", {user, cm_ref}) text = StreamerView.render("chat_update.json", %{chat_message_reference: cm_ref}) @@ -214,7 +288,10 @@ test "it sends chat messages to the 'user' stream", %{user: user} do assert_receive {:text, ^text} end - test "it sends chat message notifications to the 'user:notification' stream", %{user: user} do + test "it sends chat message notifications to the 'user:notification' stream", %{ + user: user, + token: oauth_token + } do other_user = insert(:user) {:ok, create_activity} = CommonAPI.post_chat_message(other_user, user, "hey") @@ -223,19 +300,21 @@ test "it sends chat message notifications to the 'user:notification' stream", %{ Repo.get_by(Pleroma.Notification, user_id: user.id, activity_id: create_activity.id) |> Repo.preload(:activity) - Streamer.get_topic_and_add_socket("user:notification", user) + Streamer.get_topic_and_add_socket("user:notification", user, oauth_token) Streamer.stream("user:notification", notify) + assert_receive {:render_with_user, _, _, ^notify} refute Streamer.filtered_by_user?(user, notify) end test "it doesn't send notify to the 'user:notification' stream when a user is blocked", %{ - user: user + user: user, + token: oauth_token } do blocked = insert(:user) {:ok, _user_relationship} = User.block(user, blocked) - Streamer.get_topic_and_add_socket("user:notification", user) + Streamer.get_topic_and_add_socket("user:notification", user, oauth_token) {:ok, activity} = CommonAPI.post(user, %{status: ":("}) {:ok, _} = CommonAPI.favorite(blocked, activity.id) @@ -244,14 +323,15 @@ test "it doesn't send notify to the 'user:notification' stream when a user is bl end test "it doesn't send notify to the 'user:notification' stream when a thread is muted", %{ - user: user + user: user, + token: oauth_token } do user2 = insert(:user) {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"}) {:ok, _} = CommonAPI.add_mute(user, activity) - Streamer.get_topic_and_add_socket("user:notification", user) + Streamer.get_topic_and_add_socket("user:notification", user, oauth_token) {:ok, favorite_activity} = CommonAPI.favorite(user2, activity.id) @@ -260,12 +340,13 @@ test "it doesn't send notify to the 'user:notification' stream when a thread is end test "it sends favorite to 'user:notification' stream'", %{ - user: user + user: user, + token: oauth_token } do user2 = insert(:user, %{ap_id: "https://hecking-lewd-place.com/user/meanie"}) {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"}) - Streamer.get_topic_and_add_socket("user:notification", user) + Streamer.get_topic_and_add_socket("user:notification", user, oauth_token) {:ok, favorite_activity} = CommonAPI.favorite(user2, activity.id) assert_receive {:render_with_user, _, "notification.json", notif} @@ -274,13 +355,14 @@ test "it sends favorite to 'user:notification' stream'", %{ end test "it doesn't send the 'user:notification' stream' when a domain is blocked", %{ - user: user + user: user, + token: oauth_token } do user2 = insert(:user, %{ap_id: "https://hecking-lewd-place.com/user/meanie"}) {:ok, user} = User.block_domain(user, "hecking-lewd-place.com") {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"}) - Streamer.get_topic_and_add_socket("user:notification", user) + Streamer.get_topic_and_add_socket("user:notification", user, oauth_token) {:ok, favorite_activity} = CommonAPI.favorite(user2, activity.id) refute_receive _ @@ -288,7 +370,8 @@ test "it doesn't send the 'user:notification' stream' when a domain is blocked", end test "it sends follow activities to the 'user:notification' stream", %{ - user: user + user: user, + token: oauth_token } do user_url = user.ap_id user2 = insert(:user) @@ -303,7 +386,7 @@ test "it sends follow activities to the 'user:notification' stream", %{ %Tesla.Env{status: 200, body: body} end) - Streamer.get_topic_and_add_socket("user:notification", user) + Streamer.get_topic_and_add_socket("user:notification", user, oauth_token) {:ok, _follower, _followed, follow_activity} = CommonAPI.follow(user2, user) assert_receive {:render_with_user, _, "notification.json", notif} @@ -312,51 +395,53 @@ test "it sends follow activities to the 'user:notification' stream", %{ end end - test "it sends to public authenticated" do - user = insert(:user) - other_user = insert(:user) + describe "public streams" do + test "it sends to public (authenticated)" do + %{user: user, token: oauth_token} = oauth_access(["read"]) + other_user = insert(:user) - Streamer.get_topic_and_add_socket("public", other_user) + Streamer.get_topic_and_add_socket("public", user, oauth_token) - {:ok, activity} = CommonAPI.post(user, %{status: "Test"}) - assert_receive {:render_with_user, _, _, ^activity} - refute Streamer.filtered_by_user?(user, activity) + {:ok, activity} = CommonAPI.post(other_user, %{status: "Test"}) + assert_receive {:render_with_user, _, _, ^activity} + refute Streamer.filtered_by_user?(other_user, activity) + end + + test "it sends to public (unauthenticated)" do + user = insert(:user) + + Streamer.get_topic_and_add_socket("public", nil, nil) + + {:ok, activity} = CommonAPI.post(user, %{status: "Test"}) + activity_id = activity.id + assert_receive {:text, event} + assert %{"event" => "update", "payload" => payload} = Jason.decode!(event) + assert %{"id" => ^activity_id} = Jason.decode!(payload) + + {:ok, _} = CommonAPI.delete(activity.id, user) + assert_receive {:text, event} + assert %{"event" => "delete", "payload" => ^activity_id} = Jason.decode!(event) + end + + test "handles deletions" do + %{user: user, token: oauth_token} = oauth_access(["read"]) + other_user = insert(:user) + {:ok, activity} = CommonAPI.post(other_user, %{status: "Test"}) + + Streamer.get_topic_and_add_socket("public", user, oauth_token) + + {:ok, _} = CommonAPI.delete(activity.id, other_user) + activity_id = activity.id + assert_receive {:text, event} + assert %{"event" => "delete", "payload" => ^activity_id} = Jason.decode!(event) + end end - test "works for deletions" do - user = insert(:user) - other_user = insert(:user) - {:ok, activity} = CommonAPI.post(other_user, %{status: "Test"}) - - Streamer.get_topic_and_add_socket("public", user) - - {:ok, _} = CommonAPI.delete(activity.id, other_user) - activity_id = activity.id - assert_receive {:text, event} - assert %{"event" => "delete", "payload" => ^activity_id} = Jason.decode!(event) - end - - test "it sends to public unauthenticated" do - user = insert(:user) - - Streamer.get_topic_and_add_socket("public", nil) - - {:ok, activity} = CommonAPI.post(user, %{status: "Test"}) - activity_id = activity.id - assert_receive {:text, event} - assert %{"event" => "update", "payload" => payload} = Jason.decode!(event) - assert %{"id" => ^activity_id} = Jason.decode!(payload) - - {:ok, _} = CommonAPI.delete(activity.id, user) - assert_receive {:text, event} - assert %{"event" => "delete", "payload" => ^activity_id} = Jason.decode!(event) - end - - describe "thread_containment" do + describe "thread_containment/2" do test "it filters to user if recipients invalid and thread containment is enabled" do Pleroma.Config.put([:instance, :skip_thread_containment], false) author = insert(:user) - user = insert(:user) + %{user: user, token: oauth_token} = oauth_access(["read"]) User.follow(user, author, :follow_accept) activity = @@ -368,7 +453,7 @@ test "it filters to user if recipients invalid and thread containment is enabled ) ) - Streamer.get_topic_and_add_socket("public", user) + Streamer.get_topic_and_add_socket("public", user, oauth_token) Streamer.stream("public", activity) assert_receive {:render_with_user, _, _, ^activity} assert Streamer.filtered_by_user?(user, activity) @@ -377,7 +462,7 @@ test "it filters to user if recipients invalid and thread containment is enabled test "it sends message if recipients invalid and thread containment is disabled" do Pleroma.Config.put([:instance, :skip_thread_containment], true) author = insert(:user) - user = insert(:user) + %{user: user, token: oauth_token} = oauth_access(["read"]) User.follow(user, author, :follow_accept) activity = @@ -389,7 +474,7 @@ test "it sends message if recipients invalid and thread containment is disabled" ) ) - Streamer.get_topic_and_add_socket("public", user) + Streamer.get_topic_and_add_socket("public", user, oauth_token) Streamer.stream("public", activity) assert_receive {:render_with_user, _, _, ^activity} @@ -400,6 +485,7 @@ test "it sends message if recipients invalid and thread containment is enabled b Pleroma.Config.put([:instance, :skip_thread_containment], false) author = insert(:user) user = insert(:user, skip_thread_containment: true) + %{token: oauth_token} = oauth_access(["read"], user: user) User.follow(user, author, :follow_accept) activity = @@ -411,7 +497,7 @@ test "it sends message if recipients invalid and thread containment is enabled b ) ) - Streamer.get_topic_and_add_socket("public", user) + Streamer.get_topic_and_add_socket("public", user, oauth_token) Streamer.stream("public", activity) assert_receive {:render_with_user, _, _, ^activity} @@ -420,23 +506,26 @@ test "it sends message if recipients invalid and thread containment is enabled b end describe "blocks" do - test "it filters messages involving blocked users" do - user = insert(:user) + setup do: oauth_access(["read"]) + + test "it filters messages involving blocked users", %{user: user, token: oauth_token} do blocked_user = insert(:user) {:ok, _user_relationship} = User.block(user, blocked_user) - Streamer.get_topic_and_add_socket("public", user) + Streamer.get_topic_and_add_socket("public", user, oauth_token) {:ok, activity} = CommonAPI.post(blocked_user, %{status: "Test"}) assert_receive {:render_with_user, _, _, ^activity} assert Streamer.filtered_by_user?(user, activity) end - test "it filters messages transitively involving blocked users" do - blocker = insert(:user) + test "it filters messages transitively involving blocked users", %{ + user: blocker, + token: blocker_token + } do blockee = insert(:user) friend = insert(:user) - Streamer.get_topic_and_add_socket("public", blocker) + Streamer.get_topic_and_add_socket("public", blocker, blocker_token) {:ok, _user_relationship} = User.block(blocker, blockee) @@ -458,8 +547,9 @@ test "it filters messages transitively involving blocked users" do end describe "lists" do - test "it doesn't send unwanted DMs to list" do - user_a = insert(:user) + setup do: oauth_access(["read"]) + + test "it doesn't send unwanted DMs to list", %{user: user_a, token: user_a_token} do user_b = insert(:user) user_c = insert(:user) @@ -468,7 +558,7 @@ test "it doesn't send unwanted DMs to list" do {:ok, list} = List.create("Test", user_a) {:ok, list} = List.follow(list, user_b) - Streamer.get_topic_and_add_socket("list", user_a, %{"list" => list.id}) + Streamer.get_topic_and_add_socket("list", user_a, user_a_token, %{"list" => list.id}) {:ok, _activity} = CommonAPI.post(user_b, %{ @@ -479,14 +569,13 @@ test "it doesn't send unwanted DMs to list" do refute_receive _ end - test "it doesn't send unwanted private posts to list" do - user_a = insert(:user) + test "it doesn't send unwanted private posts to list", %{user: user_a, token: user_a_token} do user_b = insert(:user) {:ok, list} = List.create("Test", user_a) {:ok, list} = List.follow(list, user_b) - Streamer.get_topic_and_add_socket("list", user_a, %{"list" => list.id}) + Streamer.get_topic_and_add_socket("list", user_a, user_a_token, %{"list" => list.id}) {:ok, _activity} = CommonAPI.post(user_b, %{ @@ -497,8 +586,7 @@ test "it doesn't send unwanted private posts to list" do refute_receive _ end - test "it sends wanted private posts to list" do - user_a = insert(:user) + test "it sends wanted private posts to list", %{user: user_a, token: user_a_token} do user_b = insert(:user) {:ok, user_a} = User.follow(user_a, user_b) @@ -506,7 +594,7 @@ test "it sends wanted private posts to list" do {:ok, list} = List.create("Test", user_a) {:ok, list} = List.follow(list, user_b) - Streamer.get_topic_and_add_socket("list", user_a, %{"list" => list.id}) + Streamer.get_topic_and_add_socket("list", user_a, user_a_token, %{"list" => list.id}) {:ok, activity} = CommonAPI.post(user_b, %{ @@ -520,8 +608,9 @@ test "it sends wanted private posts to list" do end describe "muted reblogs" do - test "it filters muted reblogs" do - user1 = insert(:user) + setup do: oauth_access(["read"]) + + test "it filters muted reblogs", %{user: user1, token: user1_token} do user2 = insert(:user) user3 = insert(:user) CommonAPI.follow(user1, user2) @@ -529,34 +618,38 @@ test "it filters muted reblogs" do {:ok, create_activity} = CommonAPI.post(user3, %{status: "I'm kawen"}) - Streamer.get_topic_and_add_socket("user", user1) + Streamer.get_topic_and_add_socket("user", user1, user1_token) {:ok, announce_activity} = CommonAPI.repeat(create_activity.id, user2) assert_receive {:render_with_user, _, _, ^announce_activity} assert Streamer.filtered_by_user?(user1, announce_activity) end - test "it filters reblog notification for reblog-muted actors" do - user1 = insert(:user) + test "it filters reblog notification for reblog-muted actors", %{ + user: user1, + token: user1_token + } do user2 = insert(:user) CommonAPI.follow(user1, user2) CommonAPI.hide_reblogs(user1, user2) {:ok, create_activity} = CommonAPI.post(user1, %{status: "I'm kawen"}) - Streamer.get_topic_and_add_socket("user", user1) + Streamer.get_topic_and_add_socket("user", user1, user1_token) {:ok, _announce_activity} = CommonAPI.repeat(create_activity.id, user2) assert_receive {:render_with_user, _, "notification.json", notif} assert Streamer.filtered_by_user?(user1, notif) end - test "it send non-reblog notification for reblog-muted actors" do - user1 = insert(:user) + test "it send non-reblog notification for reblog-muted actors", %{ + user: user1, + token: user1_token + } do user2 = insert(:user) CommonAPI.follow(user1, user2) CommonAPI.hide_reblogs(user1, user2) {:ok, create_activity} = CommonAPI.post(user1, %{status: "I'm kawen"}) - Streamer.get_topic_and_add_socket("user", user1) + Streamer.get_topic_and_add_socket("user", user1, user1_token) {:ok, _favorite_activity} = CommonAPI.favorite(user2, create_activity.id) assert_receive {:render_with_user, _, "notification.json", notif} @@ -564,27 +657,28 @@ test "it send non-reblog notification for reblog-muted actors" do end end - test "it filters posts from muted threads" do - user = insert(:user) - user2 = insert(:user) - Streamer.get_topic_and_add_socket("user", user2) - {:ok, user2, user, _activity} = CommonAPI.follow(user2, user) - {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"}) - {:ok, _} = CommonAPI.add_mute(user2, activity) - assert_receive {:render_with_user, _, _, ^activity} - assert Streamer.filtered_by_user?(user2, activity) + describe "muted threads" do + test "it filters posts from muted threads" do + user = insert(:user) + %{user: user2, token: user2_token} = oauth_access(["read"]) + Streamer.get_topic_and_add_socket("user", user2, user2_token) + + {:ok, user2, user, _activity} = CommonAPI.follow(user2, user) + {:ok, activity} = CommonAPI.post(user, %{status: "super hot take"}) + {:ok, _} = CommonAPI.add_mute(user2, activity) + + assert_receive {:render_with_user, _, _, ^activity} + assert Streamer.filtered_by_user?(user2, activity) + end end describe "direct streams" do - setup do - :ok - end + setup do: oauth_access(["read"]) - test "it sends conversation update to the 'direct' stream", %{} do - user = insert(:user) + test "it sends conversation update to the 'direct' stream", %{user: user, token: oauth_token} do another_user = insert(:user) - Streamer.get_topic_and_add_socket("direct", user) + Streamer.get_topic_and_add_socket("direct", user, oauth_token) {:ok, _create_activity} = CommonAPI.post(another_user, %{ @@ -602,11 +696,11 @@ test "it sends conversation update to the 'direct' stream", %{} do assert last_status["pleroma"]["direct_conversation_id"] == participation.id end - test "it doesn't send conversation update to the 'direct' stream when the last message in the conversation is deleted" do - user = insert(:user) + test "it doesn't send conversation update to the 'direct' stream when the last message in the conversation is deleted", + %{user: user, token: oauth_token} do another_user = insert(:user) - Streamer.get_topic_and_add_socket("direct", user) + Streamer.get_topic_and_add_socket("direct", user, oauth_token) {:ok, create_activity} = CommonAPI.post(another_user, %{ @@ -629,10 +723,12 @@ test "it doesn't send conversation update to the 'direct' stream when the last m refute_receive _ end - test "it sends conversation update to the 'direct' stream when a message is deleted" do - user = insert(:user) + test "it sends conversation update to the 'direct' stream when a message is deleted", %{ + user: user, + token: oauth_token + } do another_user = insert(:user) - Streamer.get_topic_and_add_socket("direct", user) + Streamer.get_topic_and_add_socket("direct", user, oauth_token) {:ok, create_activity} = CommonAPI.post(another_user, %{ From d72970a1fc852c6a5c836ffd3983f65ddf4ca459 Mon Sep 17 00:00:00 2001 From: Kana Date: Sun, 20 Sep 2020 13:18:26 +0000 Subject: [PATCH 255/264] Added translation using Weblate (Chinese (Simplified)) --- priv/gettext/zh_Hans/LC_MESSAGES/errors.po | 578 +++++++++++++++++++++ 1 file changed, 578 insertions(+) create mode 100644 priv/gettext/zh_Hans/LC_MESSAGES/errors.po diff --git a/priv/gettext/zh_Hans/LC_MESSAGES/errors.po b/priv/gettext/zh_Hans/LC_MESSAGES/errors.po new file mode 100644 index 000000000..8383badc3 --- /dev/null +++ b/priv/gettext/zh_Hans/LC_MESSAGES/errors.po @@ -0,0 +1,578 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2020-09-20 13:18+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"Language: zh_Hans\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Translate Toolkit 2.5.1\n" + +## This file is a PO Template file. +## +## `msgid`s here are often extracted from source code. +## Add new translations manually only if they're dynamic +## translations that can't be statically extracted. +## +## Run `mix gettext.extract` to bring this file up to +## date. Leave `msgstr`s empty as changing them here as no +## effect: edit them in PO (`.po`) files instead. +## From Ecto.Changeset.cast/4 +msgid "can't be blank" +msgstr "" + +## From Ecto.Changeset.unique_constraint/3 +msgid "has already been taken" +msgstr "" + +## From Ecto.Changeset.put_change/3 +msgid "is invalid" +msgstr "" + +## From Ecto.Changeset.validate_format/3 +msgid "has invalid format" +msgstr "" + +## From Ecto.Changeset.validate_subset/3 +msgid "has an invalid entry" +msgstr "" + +## From Ecto.Changeset.validate_exclusion/3 +msgid "is reserved" +msgstr "" + +## From Ecto.Changeset.validate_confirmation/3 +msgid "does not match confirmation" +msgstr "" + +## From Ecto.Changeset.no_assoc_constraint/3 +msgid "is still associated with this entry" +msgstr "" + +msgid "are still associated with this entry" +msgstr "" + +## From Ecto.Changeset.validate_length/3 +msgid "should be %{count} character(s)" +msgid_plural "should be %{count} character(s)" +msgstr[0] "" + +msgid "should have %{count} item(s)" +msgid_plural "should have %{count} item(s)" +msgstr[0] "" + +msgid "should be at least %{count} character(s)" +msgid_plural "should be at least %{count} character(s)" +msgstr[0] "" + +msgid "should have at least %{count} item(s)" +msgid_plural "should have at least %{count} item(s)" +msgstr[0] "" + +msgid "should be at most %{count} character(s)" +msgid_plural "should be at most %{count} character(s)" +msgstr[0] "" + +msgid "should have at most %{count} item(s)" +msgid_plural "should have at most %{count} item(s)" +msgstr[0] "" + +## From Ecto.Changeset.validate_number/3 +msgid "must be less than %{number}" +msgstr "" + +msgid "must be greater than %{number}" +msgstr "" + +msgid "must be less than or equal to %{number}" +msgstr "" + +msgid "must be greater than or equal to %{number}" +msgstr "" + +msgid "must be equal to %{number}" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:505 +#, elixir-format +msgid "Account not found" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:339 +#, elixir-format +msgid "Already voted" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:359 +#, elixir-format +msgid "Bad request" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:426 +#, elixir-format +msgid "Can't delete object" +msgstr "" + +#: lib/pleroma/web/controller_helper.ex:105 +#: lib/pleroma/web/controller_helper.ex:111 +#, elixir-format +msgid "Can't display this activity" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:285 +#, elixir-format +msgid "Can't find user" +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/account_controller.ex:61 +#, elixir-format +msgid "Can't get favorites" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:438 +#, elixir-format +msgid "Can't like object" +msgstr "" + +#: lib/pleroma/web/common_api/utils.ex:563 +#, elixir-format +msgid "Cannot post an empty status without attachments" +msgstr "" + +#: lib/pleroma/web/common_api/utils.ex:511 +#, elixir-format +msgid "Comment must be up to %{max_size} characters" +msgstr "" + +#: lib/pleroma/config/config_db.ex:191 +#, elixir-format +msgid "Config with params %{params} not found" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:181 +#: lib/pleroma/web/common_api/common_api.ex:185 +#, elixir-format +msgid "Could not delete" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:231 +#, elixir-format +msgid "Could not favorite" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:453 +#, elixir-format +msgid "Could not pin" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:278 +#, elixir-format +msgid "Could not unfavorite" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:463 +#, elixir-format +msgid "Could not unpin" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:216 +#, elixir-format +msgid "Could not unrepeat" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:512 +#: lib/pleroma/web/common_api/common_api.ex:521 +#, elixir-format +msgid "Could not update state" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex:207 +#, elixir-format +msgid "Error." +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:106 +#, elixir-format +msgid "Invalid CAPTCHA" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:116 +#: lib/pleroma/web/oauth/oauth_controller.ex:568 +#, elixir-format +msgid "Invalid credentials" +msgstr "" + +#: lib/pleroma/plugs/ensure_authenticated_plug.ex:38 +#, elixir-format +msgid "Invalid credentials." +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:355 +#, elixir-format +msgid "Invalid indices" +msgstr "" + +#: lib/pleroma/web/admin_api/controllers/fallback_controller.ex:29 +#, elixir-format +msgid "Invalid parameters" +msgstr "" + +#: lib/pleroma/web/common_api/utils.ex:414 +#, elixir-format +msgid "Invalid password." +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:220 +#, elixir-format +msgid "Invalid request" +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:109 +#, elixir-format +msgid "Kocaptcha service unavailable" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:112 +#, elixir-format +msgid "Missing parameters" +msgstr "" + +#: lib/pleroma/web/common_api/utils.ex:547 +#, elixir-format +msgid "No such conversation" +msgstr "" + +#: lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:388 +#: lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:414 lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:456 +#, elixir-format +msgid "No such permission_group" +msgstr "" + +#: lib/pleroma/plugs/uploaded_media.ex:84 +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:486 lib/pleroma/web/admin_api/controllers/fallback_controller.ex:11 +#: lib/pleroma/web/feed/user_controller.ex:71 lib/pleroma/web/ostatus/ostatus_controller.ex:143 +#, elixir-format +msgid "Not found" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:331 +#, elixir-format +msgid "Poll's author can't vote" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex:20 +#: lib/pleroma/web/mastodon_api/controllers/poll_controller.ex:37 lib/pleroma/web/mastodon_api/controllers/poll_controller.ex:49 +#: lib/pleroma/web/mastodon_api/controllers/poll_controller.ex:50 lib/pleroma/web/mastodon_api/controllers/status_controller.ex:306 +#: lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex:71 +#, elixir-format +msgid "Record not found" +msgstr "" + +#: lib/pleroma/web/admin_api/controllers/fallback_controller.ex:35 +#: lib/pleroma/web/feed/user_controller.ex:77 lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex:36 +#: lib/pleroma/web/ostatus/ostatus_controller.ex:149 +#, elixir-format +msgid "Something went wrong" +msgstr "" + +#: lib/pleroma/web/common_api/activity_draft.ex:107 +#, elixir-format +msgid "The message visibility must be direct" +msgstr "" + +#: lib/pleroma/web/common_api/utils.ex:573 +#, elixir-format +msgid "The status is over the character limit" +msgstr "" + +#: lib/pleroma/plugs/ensure_public_or_authenticated_plug.ex:31 +#, elixir-format +msgid "This resource requires authentication." +msgstr "" + +#: lib/pleroma/plugs/rate_limiter/rate_limiter.ex:206 +#, elixir-format +msgid "Throttled" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:356 +#, elixir-format +msgid "Too many choices" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:443 +#, elixir-format +msgid "Unhandled activity type" +msgstr "" + +#: lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:485 +#, elixir-format +msgid "You can't revoke your own admin status." +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:221 +#: lib/pleroma/web/oauth/oauth_controller.ex:308 +#, elixir-format +msgid "Your account is currently disabled" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:183 +#: lib/pleroma/web/oauth/oauth_controller.ex:331 +#, elixir-format +msgid "Your login is missing a confirmed e-mail address" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:390 +#, elixir-format +msgid "can't read inbox of %{nickname} as %{as_nickname}" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:473 +#, elixir-format +msgid "can't update outbox of %{nickname} as %{as_nickname}" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:471 +#, elixir-format +msgid "conversation is already muted" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:314 +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:492 +#, elixir-format +msgid "error" +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex:32 +#, elixir-format +msgid "mascots can only be images" +msgstr "" + +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:62 +#, elixir-format +msgid "not found" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:394 +#, elixir-format +msgid "Bad OAuth request." +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:115 +#, elixir-format +msgid "CAPTCHA already used" +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:112 +#, elixir-format +msgid "CAPTCHA expired" +msgstr "" + +#: lib/pleroma/plugs/uploaded_media.ex:57 +#, elixir-format +msgid "Failed" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:410 +#, elixir-format +msgid "Failed to authenticate: %{message}." +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:441 +#, elixir-format +msgid "Failed to set up user account." +msgstr "" + +#: lib/pleroma/plugs/oauth_scopes_plug.ex:38 +#, elixir-format +msgid "Insufficient permissions: %{permissions}." +msgstr "" + +#: lib/pleroma/plugs/uploaded_media.ex:104 +#, elixir-format +msgid "Internal Error" +msgstr "" + +#: lib/pleroma/web/oauth/fallback_controller.ex:22 +#: lib/pleroma/web/oauth/fallback_controller.ex:29 +#, elixir-format +msgid "Invalid Username/Password" +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:118 +#, elixir-format +msgid "Invalid answer data" +msgstr "" + +#: lib/pleroma/web/nodeinfo/nodeinfo_controller.ex:33 +#, elixir-format +msgid "Nodeinfo schema version not handled" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:172 +#, elixir-format +msgid "This action is outside the authorized scopes" +msgstr "" + +#: lib/pleroma/web/oauth/fallback_controller.ex:14 +#, elixir-format +msgid "Unknown error, please check the details and try again." +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:119 +#: lib/pleroma/web/oauth/oauth_controller.ex:158 +#, elixir-format +msgid "Unlisted redirect_uri." +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:390 +#, elixir-format +msgid "Unsupported OAuth provider: %{provider}." +msgstr "" + +#: lib/pleroma/uploaders/uploader.ex:72 +#, elixir-format +msgid "Uploader callback timeout" +msgstr "" + +#: lib/pleroma/web/uploader_controller.ex:23 +#, elixir-format +msgid "bad request" +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:103 +#, elixir-format +msgid "CAPTCHA Error" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:290 +#, elixir-format +msgid "Could not add reaction emoji" +msgstr "" + +#: lib/pleroma/web/common_api/common_api.ex:301 +#, elixir-format +msgid "Could not remove reaction emoji" +msgstr "" + +#: lib/pleroma/web/twitter_api/twitter_api.ex:129 +#, elixir-format +msgid "Invalid CAPTCHA (Missing parameter: %{name})" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/list_controller.ex:92 +#, elixir-format +msgid "List not found" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:123 +#, elixir-format +msgid "Missing parameter: %{name}" +msgstr "" + +#: lib/pleroma/web/oauth/oauth_controller.ex:210 +#: lib/pleroma/web/oauth/oauth_controller.ex:321 +#, elixir-format +msgid "Password reset is required" +msgstr "" + +#: lib/pleroma/tests/auth_test_controller.ex:9 +#: lib/pleroma/web/activity_pub/activity_pub_controller.ex:6 lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:6 +#: lib/pleroma/web/admin_api/controllers/config_controller.ex:6 lib/pleroma/web/admin_api/controllers/fallback_controller.ex:6 +#: lib/pleroma/web/admin_api/controllers/invite_controller.ex:6 lib/pleroma/web/admin_api/controllers/media_proxy_cache_controller.ex:6 +#: lib/pleroma/web/admin_api/controllers/oauth_app_controller.ex:6 lib/pleroma/web/admin_api/controllers/relay_controller.ex:6 +#: lib/pleroma/web/admin_api/controllers/report_controller.ex:6 lib/pleroma/web/admin_api/controllers/status_controller.ex:6 +#: lib/pleroma/web/controller_helper.ex:6 lib/pleroma/web/embed_controller.ex:6 +#: lib/pleroma/web/fallback_redirect_controller.ex:6 lib/pleroma/web/feed/tag_controller.ex:6 +#: lib/pleroma/web/feed/user_controller.ex:6 lib/pleroma/web/mailer/subscription_controller.ex:2 +#: lib/pleroma/web/masto_fe_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/account_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/app_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/auth_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/conversation_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/custom_emoji_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/domain_block_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/filter_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/follow_request_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/instance_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/list_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/marker_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/mastodon_api_controller.ex:14 +#: lib/pleroma/web/mastodon_api/controllers/media_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/notification_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/poll_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/report_controller.ex:8 +#: lib/pleroma/web/mastodon_api/controllers/scheduled_activity_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/search_controller.ex:6 +#: lib/pleroma/web/mastodon_api/controllers/status_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex:7 +#: lib/pleroma/web/mastodon_api/controllers/suggestion_controller.ex:6 lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex:6 +#: lib/pleroma/web/media_proxy/media_proxy_controller.ex:6 lib/pleroma/web/mongooseim/mongoose_im_controller.ex:6 +#: lib/pleroma/web/nodeinfo/nodeinfo_controller.ex:6 lib/pleroma/web/oauth/fallback_controller.ex:6 +#: lib/pleroma/web/oauth/mfa_controller.ex:10 lib/pleroma/web/oauth/oauth_controller.ex:6 +#: lib/pleroma/web/ostatus/ostatus_controller.ex:6 lib/pleroma/web/pleroma_api/controllers/account_controller.ex:6 +#: lib/pleroma/web/pleroma_api/controllers/chat_controller.ex:5 lib/pleroma/web/pleroma_api/controllers/conversation_controller.ex:6 +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:2 lib/pleroma/web/pleroma_api/controllers/emoji_reaction_controller.ex:6 +#: lib/pleroma/web/pleroma_api/controllers/mascot_controller.ex:6 lib/pleroma/web/pleroma_api/controllers/notification_controller.ex:6 +#: lib/pleroma/web/pleroma_api/controllers/scrobble_controller.ex:6 +#: lib/pleroma/web/pleroma_api/controllers/two_factor_authentication_controller.ex:7 lib/pleroma/web/static_fe/static_fe_controller.ex:6 +#: lib/pleroma/web/twitter_api/controllers/password_controller.ex:10 lib/pleroma/web/twitter_api/controllers/remote_follow_controller.ex:6 +#: lib/pleroma/web/twitter_api/controllers/util_controller.ex:6 lib/pleroma/web/twitter_api/twitter_api_controller.ex:6 +#: lib/pleroma/web/uploader_controller.ex:6 lib/pleroma/web/web_finger/web_finger_controller.ex:6 +#, elixir-format +msgid "Security violation: OAuth scopes check was neither handled nor explicitly skipped." +msgstr "" + +#: lib/pleroma/plugs/ensure_authenticated_plug.ex:28 +#, elixir-format +msgid "Two-factor authentication enabled, you must use a access token." +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:210 +#, elixir-format +msgid "Unexpected error occurred while adding file to pack." +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:138 +#, elixir-format +msgid "Unexpected error occurred while creating pack." +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:278 +#, elixir-format +msgid "Unexpected error occurred while removing file from pack." +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:250 +#, elixir-format +msgid "Unexpected error occurred while updating file in pack." +msgstr "" + +#: lib/pleroma/web/pleroma_api/controllers/emoji_pack_controller.ex:179 +#, elixir-format +msgid "Unexpected error occurred while updating pack metadata." +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/subscription_controller.ex:61 +#, elixir-format +msgid "Web push subscription is disabled on this Pleroma instance" +msgstr "" + +#: lib/pleroma/web/admin_api/controllers/admin_api_controller.ex:451 +#, elixir-format +msgid "You can't revoke your own admin/moderator status." +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex:126 +#, elixir-format +msgid "authorization required for timeline view" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/fallback_controller.ex:24 +#, elixir-format +msgid "Access denied" +msgstr "" + +#: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:282 +#, elixir-format +msgid "This API requires an authenticated user" +msgstr "" + +#: lib/pleroma/plugs/user_is_admin_plug.ex:21 +#, elixir-format +msgid "User is not an admin." +msgstr "" From f3c62b246d6d0b2aab5e155e625118bd2a3d5e8a Mon Sep 17 00:00:00 2001 From: Kana Date: Sun, 20 Sep 2020 13:19:21 +0000 Subject: [PATCH 256/264] Translated using Weblate (Chinese (Simplified)) Currently translated at 24.5% (26 of 106 strings) Translation: Pleroma/Pleroma backend Translate-URL: https://translate.pleroma.social/projects/pleroma/pleroma/zh_Hans/ --- priv/gettext/zh_Hans/LC_MESSAGES/errors.po | 62 +++++++++++----------- 1 file changed, 32 insertions(+), 30 deletions(-) diff --git a/priv/gettext/zh_Hans/LC_MESSAGES/errors.po b/priv/gettext/zh_Hans/LC_MESSAGES/errors.po index 8383badc3..4f029d558 100644 --- a/priv/gettext/zh_Hans/LC_MESSAGES/errors.po +++ b/priv/gettext/zh_Hans/LC_MESSAGES/errors.po @@ -3,14 +3,16 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-09-20 13:18+0000\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: Automatically generated\n" -"Language-Team: none\n" +"PO-Revision-Date: 2020-09-20 14:48+0000\n" +"Last-Translator: Kana \n" +"Language-Team: Chinese (Simplified) \n" "Language: zh_Hans\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Translate Toolkit 2.5.1\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: Weblate 4.0.4\n" ## This file is a PO Template file. ## @@ -23,27 +25,27 @@ msgstr "" ## effect: edit them in PO (`.po`) files instead. ## From Ecto.Changeset.cast/4 msgid "can't be blank" -msgstr "" +msgstr "不能为空" ## From Ecto.Changeset.unique_constraint/3 msgid "has already been taken" -msgstr "" +msgstr "已被占用" ## From Ecto.Changeset.put_change/3 msgid "is invalid" -msgstr "" +msgstr "不合法" ## From Ecto.Changeset.validate_format/3 msgid "has invalid format" -msgstr "" +msgstr "的格式不合法" ## From Ecto.Changeset.validate_subset/3 msgid "has an invalid entry" -msgstr "" +msgstr "中存在不合法的项目" ## From Ecto.Changeset.validate_exclusion/3 msgid "is reserved" -msgstr "" +msgstr "是被保留的" ## From Ecto.Changeset.validate_confirmation/3 msgid "does not match confirmation" @@ -51,87 +53,87 @@ msgstr "" ## From Ecto.Changeset.no_assoc_constraint/3 msgid "is still associated with this entry" -msgstr "" +msgstr "仍与该项目相关联" msgid "are still associated with this entry" -msgstr "" +msgstr "仍与该项目相关联" ## From Ecto.Changeset.validate_length/3 msgid "should be %{count} character(s)" msgid_plural "should be %{count} character(s)" -msgstr[0] "" +msgstr[0] "应为 %{count} 个字符" msgid "should have %{count} item(s)" msgid_plural "should have %{count} item(s)" -msgstr[0] "" +msgstr[0] "应有 %{item} 项" msgid "should be at least %{count} character(s)" msgid_plural "should be at least %{count} character(s)" -msgstr[0] "" +msgstr[0] "应至少有 %{count} 个字符" msgid "should have at least %{count} item(s)" msgid_plural "should have at least %{count} item(s)" -msgstr[0] "" +msgstr[0] "应至少有 %{count} 项" msgid "should be at most %{count} character(s)" msgid_plural "should be at most %{count} character(s)" -msgstr[0] "" +msgstr[0] "应至多有 %{count} 个字符" msgid "should have at most %{count} item(s)" msgid_plural "should have at most %{count} item(s)" -msgstr[0] "" +msgstr[0] "应至多有 %{count} 项" ## From Ecto.Changeset.validate_number/3 msgid "must be less than %{number}" -msgstr "" +msgstr "必须小于 %{number}" msgid "must be greater than %{number}" -msgstr "" +msgstr "必须大于 %{number}" msgid "must be less than or equal to %{number}" -msgstr "" +msgstr "必须小于等于 %{number}" msgid "must be greater than or equal to %{number}" -msgstr "" +msgstr "必须大于等于 %{number}" msgid "must be equal to %{number}" -msgstr "" +msgstr "必须等于 %{number}" #: lib/pleroma/web/common_api/common_api.ex:505 #, elixir-format msgid "Account not found" -msgstr "" +msgstr "未找到账号" #: lib/pleroma/web/common_api/common_api.ex:339 #, elixir-format msgid "Already voted" -msgstr "" +msgstr "已经进行了投票" #: lib/pleroma/web/oauth/oauth_controller.ex:359 #, elixir-format msgid "Bad request" -msgstr "" +msgstr "不正确的请求" #: lib/pleroma/web/activity_pub/activity_pub_controller.ex:426 #, elixir-format msgid "Can't delete object" -msgstr "" +msgstr "不能删除对象" #: lib/pleroma/web/controller_helper.ex:105 #: lib/pleroma/web/controller_helper.ex:111 #, elixir-format msgid "Can't display this activity" -msgstr "" +msgstr "不能显示该活动" #: lib/pleroma/web/mastodon_api/controllers/account_controller.ex:285 #, elixir-format msgid "Can't find user" -msgstr "" +msgstr "找不到用户" #: lib/pleroma/web/pleroma_api/controllers/account_controller.ex:61 #, elixir-format msgid "Can't get favorites" -msgstr "" +msgstr "不能获取收藏" #: lib/pleroma/web/activity_pub/activity_pub_controller.ex:438 #, elixir-format From f2f0a0260f00e316f62d42e766787b20cc92601a Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 21 Sep 2020 16:08:38 +0200 Subject: [PATCH 257/264] ActivityPub: Don't block-filter your own posts We are filtering out replies to people you block, but that should not include your own posts. --- lib/pleroma/web/activity_pub/activity_pub.ex | 9 ++++++++- .../controllers/timeline_controller_test.exs | 12 ++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 06e8e1a7c..aacd58d03 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -841,7 +841,14 @@ defp restrict_blocked(query, %{blocking_user: %User{} = user} = opts) do from( [activity, object: o] in query, where: fragment("not (? = ANY(?))", activity.actor, ^blocked_ap_ids), - where: fragment("not (? && ?)", activity.recipients, ^blocked_ap_ids), + where: + fragment( + "((not (? && ?)) or ? = ?)", + activity.recipients, + ^blocked_ap_ids, + activity.actor, + ^user.ap_id + ), where: fragment( "recipients_contain_blocked_domains(?, ?) = false", diff --git a/test/web/mastodon_api/controllers/timeline_controller_test.exs b/test/web/mastodon_api/controllers/timeline_controller_test.exs index 517cabcff..c6e0268fd 100644 --- a/test/web/mastodon_api/controllers/timeline_controller_test.exs +++ b/test/web/mastodon_api/controllers/timeline_controller_test.exs @@ -114,8 +114,16 @@ test "doesn't return replies if follower is posting with blocked user" do {:ok, _reply_from_friend} = CommonAPI.post(friend, %{status: "status", in_reply_to_status_id: reply_from_blockee}) - res_conn = get(conn, "/api/v1/timelines/public") - [%{"id" => ^activity_id}] = json_response_and_validate_schema(res_conn, 200) + # Still shows replies from yourself + {:ok, %{id: reply_from_me}} = + CommonAPI.post(blocker, %{status: "status", in_reply_to_status_id: reply_from_blockee}) + + response = + get(conn, "/api/v1/timelines/public") + |> json_response_and_validate_schema(200) + + assert length(response) == 2 + [%{"id" => ^reply_from_me}, %{"id" => ^activity_id}] = response end test "doesn't return replies if follow is posting with users from blocked domain" do From 8afdbcdb1c012c37cde3a3d2bea147f95c5111b0 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 21 Sep 2020 10:13:41 -0500 Subject: [PATCH 258/264] Force HTTP for fedsockets --- lib/pleroma/web/fed_sockets/outgoing_handler.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/fed_sockets/outgoing_handler.ex b/lib/pleroma/web/fed_sockets/outgoing_handler.ex index 3ff4a85e3..e235a7c43 100644 --- a/lib/pleroma/web/fed_sockets/outgoing_handler.ex +++ b/lib/pleroma/web/fed_sockets/outgoing_handler.ex @@ -86,7 +86,7 @@ def initiate_connection(uri) do %{host: host, port: port, path: path} = URI.parse(ws_uri) - with {:ok, conn_pid} <- :gun.open(to_charlist(host), port), + with {:ok, conn_pid} <- :gun.open(to_charlist(host), port, %{protocols: [:http]}), {:ok, _} <- :gun.await_up(conn_pid), reference <- :gun.get(conn_pid, to_charlist(path), [ From 7b2bf381e9513450ac26826b11dfbb19ac75802f Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 21 Sep 2020 16:02:57 -0500 Subject: [PATCH 259/264] Chase the Autolinker rename from !2677 --- config/description.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/description.exs b/config/description.exs index 097e98633..ac3dfbb2b 100644 --- a/config/description.exs +++ b/config/description.exs @@ -2445,7 +2445,7 @@ %{ group: :pleroma, key: Pleroma.Formatter, - label: "Auto Linker", + label: "Linkify", type: :group, description: "Configuration for Pleroma's link formatter which parses mentions, hashtags, and URLs.", From 75f6e5e8b7e0408241a633daba7fde8b51dde8ca Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 21 Sep 2020 16:10:31 -0500 Subject: [PATCH 260/264] Add FedSockets config --- installation/pleroma.nginx | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index d301ca615..a3b3394f1 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -63,6 +63,7 @@ server { # the nginx default is 1m, not enough for large media uploads client_max_body_size 16m; + ignore_invalid_headers off; location / { proxy_http_version 1.1; @@ -91,4 +92,17 @@ server { chunked_transfer_encoding on; proxy_pass http://127.0.0.1:4000; } + + location /api/fedsocket/v1 { + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + # The Important Websocket Bits! + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_request_buffering off; + proxy_pass http://127.0.0.1:4000/api/fedsocket/v1; + } } From 2b553b8f8e7cf01d8530b905c48b97b815098cd9 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 21 Sep 2020 16:11:01 -0500 Subject: [PATCH 261/264] Remove duplicate setting --- installation/pleroma.nginx | 2 -- 1 file changed, 2 deletions(-) diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index a3b3394f1..ce74f46e1 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -75,8 +75,6 @@ server { # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # and `localhost.` resolves to [::0] on some systems: see issue #930 proxy_pass http://127.0.0.1:4000; - - client_max_body_size 16m; } location ~ ^/(media|proxy) { From ade7fede7134d0e05c91ef48d52e48e64fd6dd98 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 21 Sep 2020 16:13:45 -0500 Subject: [PATCH 262/264] Most proxy settings can be global --- installation/pleroma.nginx | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index ce74f46e1..5517e3fc3 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -65,13 +65,13 @@ server { client_max_body_size 16m; ignore_invalid_headers off; - location / { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + location / { # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # and `localhost.` resolves to [::0] on some systems: see issue #930 proxy_pass http://127.0.0.1:4000; @@ -82,7 +82,6 @@ server { slice 1m; proxy_cache_key $host$uri$is_args$args$slice_range; proxy_set_header Range $slice_range; - proxy_http_version 1.1; proxy_cache_valid 200 206 301 304 1h; proxy_cache_lock on; proxy_ignore_client_abort on; @@ -92,14 +91,6 @@ server { } location /api/fedsocket/v1 { - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - - # The Important Websocket Bits! - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; proxy_request_buffering off; proxy_pass http://127.0.0.1:4000/api/fedsocket/v1; } From 8906f30ba16bdd91ac51ab9d4568c19070c270d5 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 21 Sep 2020 16:19:08 -0500 Subject: [PATCH 263/264] Use an upstream for reverse proxy so future modifications are simplified --- installation/pleroma.nginx | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index 5517e3fc3..d613befd2 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -9,6 +9,12 @@ proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off; +# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only +# and `localhost.` resolves to [::0] on some systems: see issue #930 +upstream phoenix { + server 127.0.0.1:4000 max_fails=5 fail_timeout=60s; +} + server { server_name example.tld; @@ -72,9 +78,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { - # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only - # and `localhost.` resolves to [::0] on some systems: see issue #930 - proxy_pass http://127.0.0.1:4000; + proxy_pass http://phoenix; } location ~ ^/(media|proxy) { @@ -87,11 +91,11 @@ server { proxy_ignore_client_abort on; proxy_buffering on; chunked_transfer_encoding on; - proxy_pass http://127.0.0.1:4000; + proxy_pass http://phoenix; } location /api/fedsocket/v1 { proxy_request_buffering off; - proxy_pass http://127.0.0.1:4000/api/fedsocket/v1; + proxy_pass http://phoenix/api/fedsocket/v1; } } From 3174804f3cc2b2c4027331ed2f61d53564692b21 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Tue, 22 Sep 2020 07:26:31 -0500 Subject: [PATCH 264/264] Add FreeBSD and alpha sort --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6ca3118fb..7a05b9e48 100644 --- a/README.md +++ b/README.md @@ -18,15 +18,16 @@ If you are running Linux (glibc or musl) on x86/arm, the recommended way to inst ### From Source If your platform is not supported, or you just want to be able to edit the source code easily, you may install Pleroma from source. -- [Debian-based](https://docs-develop.pleroma.social/backend/installation/debian_based_en/) -- [Debian-based (jp)](https://docs-develop.pleroma.social/backend/installation/debian_based_jp/) - [Alpine Linux](https://docs-develop.pleroma.social/backend/installation/alpine_linux_en/) - [Arch Linux](https://docs-develop.pleroma.social/backend/installation/arch_linux_en/) +- [CentOS 7](https://docs-develop.pleroma.social/backend/installation/centos7_en/) +- [Debian-based](https://docs-develop.pleroma.social/backend/installation/debian_based_en/) +- [Debian-based (jp)](https://docs-develop.pleroma.social/backend/installation/debian_based_jp/) +- [FreeBSD](https://docs-develop.pleroma.social/backend/installation/freebsd_en/) - [Gentoo Linux](https://docs-develop.pleroma.social/backend/installation/gentoo_en/) - [NetBSD](https://docs-develop.pleroma.social/backend/installation/netbsd_en/) - [OpenBSD](https://docs-develop.pleroma.social/backend/installation/openbsd_en/) - [OpenBSD (fi)](https://docs-develop.pleroma.social/backend/installation/openbsd_fi/) -- [CentOS 7](https://docs-develop.pleroma.social/backend/installation/centos7_en/) ### OS/Distro packages Currently Pleroma is not packaged by any OS/Distros, but if you want to package it for one, we can guide you through the process on our [community channels](#community-channels). If you want to change default options in your Pleroma package, please **discuss it with us first**.